Check-in [891ab7abeb]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:update libressl to version 2.5.5
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 891ab7abeb10f85b5ccd86ba7ceaed0805be170d
User & Date: chw 2017-10-09 23:22:48.399
Context
2017-10-10
13:05
try to use orientation sensor in [AndroWish] VR demo check-in: e6cf453ca7 user: chw tags: trunk
2017-10-09
23:32
merge with trunk check-in: 29570b69b7 user: chw tags: wtf-8-experiment
23:22
update libressl to version 2.5.5 check-in: 891ab7abeb user: chw tags: trunk
23:00
fix building [undroidwish] on win64 check-in: 9417ef79f9 user: chw tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to jni/libressl/Android.mk.
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

30
31


32
33
34
35
36

37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240


241

242
243
244
245






246











247
248

249
250
251
252
253
254

255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416




417
418
419
420
421
422
423
424
425
426

427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444

445
446




































447
448
449
450
451
452
453
























































454





































































































































































455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488






















489


490




491


























492
493
494
495
496

497
498















































499


500
501


502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566

567
568
569

570
571
572
573
574
575
576
577


578
579
580
581
582
583
584
LOCAL_SHORT_COMMANDS := true

LOCAL_MODULE := libcrypto_tls

LOCAL_SHARED_LIBRARIES :=

LOCAL_SRC_FILES := \
	crypto/compat/arc4random_uniform.c \
	crypto/compat/explicit_bzero.c \
	crypto/compat/reallocarray.c \
	crypto/compat/timingsafe_memcmp.c \
	crypto/compat/timegm.c \
	crypto/aes/aes_cbc.c \
	crypto/aes/aes_core.c \
	crypto/camellia/camellia.c \
	crypto/camellia/cmll_cbc.c \

	crypto/rc4/rc4_enc.c \
	crypto/rc4/rc4_skey.c \


	crypto/whrlpool/wp_block.c \
	crypto/cpt_err.c \
	crypto/cryptlib.c \
	crypto/cversion.c \
	crypto/ex_data.c \

	crypto/malloc-wrapper.c \
	crypto/mem_clr.c \
	crypto/mem_dbg.c \
	crypto/o_init.c \
	crypto/o_str.c \
	crypto/o_time.c \
	crypto/aes/aes_cfb.c \
	crypto/aes/aes_ctr.c \
	crypto/aes/aes_ecb.c \
	crypto/aes/aes_ige.c \
	crypto/aes/aes_misc.c \
	crypto/aes/aes_ofb.c \
	crypto/aes/aes_wrap.c \
	crypto/asn1/a_bitstr.c \
	crypto/asn1/a_bool.c \
	crypto/asn1/a_bytes.c \
	crypto/asn1/a_d2i_fp.c \
	crypto/asn1/a_digest.c \
	crypto/asn1/a_dup.c \
	crypto/asn1/a_enum.c \
	crypto/asn1/a_i2d_fp.c \
	crypto/asn1/a_int.c \
	crypto/asn1/a_mbstr.c \
	crypto/asn1/a_object.c \
	crypto/asn1/a_octet.c \
	crypto/asn1/a_print.c \
	crypto/asn1/a_set.c \
	crypto/asn1/a_sign.c \
	crypto/asn1/a_strex.c \
	crypto/asn1/a_strnid.c \
	crypto/asn1/a_time.c \
	crypto/asn1/a_time_tm.c \
	crypto/asn1/a_type.c \
	crypto/asn1/a_utf8.c \
	crypto/asn1/a_verify.c \
	crypto/asn1/ameth_lib.c \
	crypto/asn1/asn1_err.c \
	crypto/asn1/asn1_gen.c \
	crypto/asn1/asn1_lib.c \
	crypto/asn1/asn1_par.c \
	crypto/asn1/asn_mime.c \
	crypto/asn1/asn_moid.c \
	crypto/asn1/asn_pack.c \
	crypto/asn1/bio_asn1.c \
	crypto/asn1/bio_ndef.c \
	crypto/asn1/d2i_pr.c \
	crypto/asn1/d2i_pu.c \
	crypto/asn1/evp_asn1.c \
	crypto/asn1/f_enum.c \
	crypto/asn1/f_int.c \
	crypto/asn1/f_string.c \
	crypto/asn1/i2d_pr.c \
	crypto/asn1/i2d_pu.c \
	crypto/asn1/n_pkey.c \
	crypto/asn1/nsseq.c \
	crypto/asn1/p5_pbe.c \
	crypto/asn1/p5_pbev2.c \
	crypto/asn1/p8_pkey.c \
	crypto/asn1/t_bitst.c \
	crypto/asn1/t_crl.c \
	crypto/asn1/t_pkey.c \
	crypto/asn1/t_req.c \
	crypto/asn1/t_spki.c \
	crypto/asn1/t_x509.c \
	crypto/asn1/t_x509a.c \
	crypto/asn1/tasn_dec.c \
	crypto/asn1/tasn_enc.c \
	crypto/asn1/tasn_fre.c \
	crypto/asn1/tasn_new.c \
	crypto/asn1/tasn_prn.c \
	crypto/asn1/tasn_typ.c \
	crypto/asn1/tasn_utl.c \
	crypto/asn1/x_algor.c \
	crypto/asn1/x_attrib.c \
	crypto/asn1/x_bignum.c \
	crypto/asn1/x_crl.c \
	crypto/asn1/x_exten.c \
	crypto/asn1/x_info.c \
	crypto/asn1/x_long.c \
	crypto/asn1/x_name.c \
	crypto/asn1/x_nx509.c \
	crypto/asn1/x_pkey.c \
	crypto/asn1/x_pubkey.c \
	crypto/asn1/x_req.c \
	crypto/asn1/x_sig.c \
	crypto/asn1/x_spki.c \
	crypto/asn1/x_val.c \
	crypto/asn1/x_x509.c \
	crypto/asn1/x_x509a.c \
	crypto/bf/bf_cfb64.c \
	crypto/bf/bf_ecb.c \
	crypto/bf/bf_enc.c \
	crypto/bf/bf_ofb64.c \
	crypto/bf/bf_skey.c \
	crypto/bio/b_dump.c \
	crypto/bio/b_posix.c \
	crypto/bio/b_print.c \
	crypto/bio/b_sock.c \
	crypto/bio/bf_buff.c \
	crypto/bio/bf_nbio.c \
	crypto/bio/bf_null.c \
	crypto/bio/bio_cb.c \
	crypto/bio/bio_err.c \
	crypto/bio/bio_lib.c \
	crypto/bio/bss_acpt.c \
	crypto/bio/bss_bio.c \
	crypto/bio/bss_conn.c \
	crypto/bio/bss_dgram.c \
	crypto/bio/bss_fd.c \
	crypto/bio/bss_file.c \
	crypto/bio/bss_log.c \
	crypto/bio/bss_mem.c \
	crypto/bio/bss_null.c \
	crypto/bio/bss_sock.c \
	crypto/bn/bn_add.c \
	crypto/bn/bn_asm.c \
	crypto/bn/bn_blind.c \
	crypto/bn/bn_const.c \
	crypto/bn/bn_ctx.c \
	crypto/bn/bn_depr.c \
	crypto/bn/bn_div.c \
	crypto/bn/bn_err.c \
	crypto/bn/bn_exp.c \
	crypto/bn/bn_exp2.c \
	crypto/bn/bn_gcd.c \
	crypto/bn/bn_gf2m.c \
	crypto/bn/bn_kron.c \
	crypto/bn/bn_lib.c \
	crypto/bn/bn_mod.c \
	crypto/bn/bn_mont.c \
	crypto/bn/bn_mpi.c \
	crypto/bn/bn_mul.c \
	crypto/bn/bn_nist.c \
	crypto/bn/bn_prime.c \
	crypto/bn/bn_print.c \
	crypto/bn/bn_rand.c \
	crypto/bn/bn_recp.c \
	crypto/bn/bn_shift.c \
	crypto/bn/bn_sqr.c \
	crypto/bn/bn_sqrt.c \
	crypto/bn/bn_word.c \
	crypto/bn/bn_x931p.c \
	crypto/buffer/buf_err.c \
	crypto/buffer/buf_str.c \
	crypto/buffer/buffer.c \
	crypto/camellia/cmll_cfb.c \
	crypto/camellia/cmll_ctr.c \
	crypto/camellia/cmll_ecb.c \
	crypto/camellia/cmll_misc.c \
	crypto/camellia/cmll_ofb.c \
	crypto/cast/c_cfb64.c \
	crypto/cast/c_ecb.c \
	crypto/cast/c_enc.c \
	crypto/cast/c_ofb64.c \
	crypto/cast/c_skey.c \
	crypto/chacha/chacha-merged.c \
	crypto/chacha/chacha.c \
	crypto/cmac/cm_ameth.c \
	crypto/cmac/cm_pmeth.c \
	crypto/cmac/cmac.c \
	crypto/comp/c_rle.c \
	crypto/comp/c_zlib.c \
	crypto/comp/comp_err.c \
	crypto/comp/comp_lib.c \
	crypto/conf/conf_api.c \
	crypto/conf/conf_def.c \
	crypto/conf/conf_err.c \
	crypto/conf/conf_lib.c \
	crypto/conf/conf_mall.c \
	crypto/conf/conf_mod.c \
	crypto/conf/conf_sap.c \
	crypto/des/cbc_cksm.c \
	crypto/des/cbc_enc.c \
	crypto/des/cfb64ede.c \
	crypto/des/cfb64enc.c \
	crypto/des/cfb_enc.c \
	crypto/des/des_enc.c \
	crypto/des/ecb3_enc.c \
	crypto/des/ecb_enc.c \
	crypto/des/ede_cbcm_enc.c \
	crypto/des/enc_read.c \
	crypto/des/enc_writ.c \
	crypto/des/fcrypt.c \
	crypto/des/fcrypt_b.c \
	crypto/des/ofb64ede.c \
	crypto/des/ofb64enc.c \
	crypto/des/ofb_enc.c \
	crypto/des/pcbc_enc.c \
	crypto/des/qud_cksm.c \
	crypto/des/rand_key.c \
	crypto/des/set_key.c \
	crypto/des/str2key.c \
	crypto/des/xcbc_enc.c \
	crypto/dh/dh_ameth.c \
	crypto/dh/dh_asn1.c \
	crypto/dh/dh_check.c \
	crypto/dh/dh_depr.c \
	crypto/dh/dh_err.c \
	crypto/dh/dh_gen.c \
	crypto/dh/dh_key.c \
	crypto/dh/dh_lib.c \
	crypto/dh/dh_pmeth.c \
	crypto/dh/dh_prn.c \
	crypto/dsa/dsa_ameth.c \


	crypto/dsa/dsa_asn1.c \

	crypto/dsa/dsa_depr.c \
	crypto/dsa/dsa_err.c \
	crypto/dsa/dsa_gen.c \
	crypto/dsa/dsa_key.c \






	crypto/dsa/dsa_lib.c \











	crypto/dsa/dsa_ossl.c \
	crypto/dsa/dsa_pmeth.c \

	crypto/dsa/dsa_prn.c \
	crypto/dsa/dsa_sign.c \
	crypto/dsa/dsa_vrf.c \
	crypto/dso/dso_dlfcn.c \
	crypto/dso/dso_err.c \
	crypto/dso/dso_lib.c \

	crypto/dso/dso_null.c \
	crypto/dso/dso_openssl.c \
	crypto/ec/ec2_mult.c \
	crypto/ec/ec2_oct.c \
	crypto/ec/ec2_smpl.c \
	crypto/ec/ec_ameth.c \
	crypto/ec/ec_asn1.c \
	crypto/ec/ec_check.c \
	crypto/ec/ec_curve.c \
	crypto/ec/ec_cvt.c \
	crypto/ec/ec_err.c \
	crypto/ec/ec_key.c \
	crypto/ec/ec_lib.c \
	crypto/ec/ec_mult.c \
	crypto/ec/ec_oct.c \
	crypto/ec/ec_pmeth.c \
	crypto/ec/ec_print.c \
	crypto/ec/eck_prn.c \
	crypto/ec/ecp_mont.c \
	crypto/ec/ecp_nist.c \
	crypto/ec/ecp_oct.c \
	crypto/ec/ecp_smpl.c \
	crypto/ecdh/ech_err.c \
	crypto/ecdh/ech_key.c \
	crypto/ecdh/ech_lib.c \
	crypto/ecdsa/ecs_asn1.c \
	crypto/ecdsa/ecs_err.c \
	crypto/ecdsa/ecs_lib.c \
	crypto/ecdsa/ecs_ossl.c \
	crypto/ecdsa/ecs_sign.c \
	crypto/ecdsa/ecs_vrf.c \
	crypto/engine/eng_all.c \
	crypto/engine/eng_cnf.c \
	crypto/engine/eng_ctrl.c \
	crypto/engine/eng_dyn.c \
	crypto/engine/eng_err.c \
	crypto/engine/eng_fat.c \
	crypto/engine/eng_init.c \
	crypto/engine/eng_lib.c \
	crypto/engine/eng_list.c \
	crypto/engine/eng_openssl.c \
	crypto/engine/eng_pkey.c \
	crypto/engine/eng_table.c \
	crypto/engine/tb_asnmth.c \
	crypto/engine/tb_cipher.c \
	crypto/engine/tb_dh.c \
	crypto/engine/tb_digest.c \
	crypto/engine/tb_dsa.c \
	crypto/engine/tb_ecdh.c \
	crypto/engine/tb_ecdsa.c \
	crypto/engine/tb_pkmeth.c \
	crypto/engine/tb_rand.c \
	crypto/engine/tb_rsa.c \
	crypto/engine/tb_store.c \
	crypto/err/err.c \
	crypto/err/err_all.c \
	crypto/err/err_prn.c \
	crypto/evp/bio_b64.c \
	crypto/evp/bio_enc.c \
	crypto/evp/bio_md.c \
	crypto/evp/c_all.c \
	crypto/evp/digest.c \
	crypto/evp/e_aes.c \
	crypto/evp/e_aes_cbc_hmac_sha1.c \
	crypto/evp/e_bf.c \
	crypto/evp/e_camellia.c \
	crypto/evp/e_cast.c \
	crypto/evp/e_chacha.c \
	crypto/evp/e_chacha20poly1305.c \
	crypto/evp/e_des.c \
	crypto/evp/e_des3.c \
	crypto/evp/e_gost2814789.c \
	crypto/evp/e_idea.c \
	crypto/evp/e_null.c \
	crypto/evp/e_old.c \
	crypto/evp/e_rc2.c \
	crypto/evp/e_rc4.c \
	crypto/evp/e_rc4_hmac_md5.c \
	crypto/evp/e_xcbc_d.c \
	crypto/evp/encode.c \
	crypto/evp/evp_aead.c \
	crypto/evp/evp_enc.c \
	crypto/evp/evp_err.c \
	crypto/evp/evp_key.c \
	crypto/evp/evp_lib.c \
	crypto/evp/evp_pbe.c \
	crypto/evp/evp_pkey.c \
	crypto/evp/m_dss.c \
	crypto/evp/m_dss1.c \
	crypto/evp/m_ecdsa.c \
	crypto/evp/m_gost2814789.c \
	crypto/evp/m_gostr341194.c \
	crypto/evp/m_md4.c \
	crypto/evp/m_md5.c \
	crypto/evp/m_null.c \
	crypto/evp/m_ripemd.c \
	crypto/evp/m_sha1.c \
	crypto/evp/m_sigver.c \
	crypto/evp/m_streebog.c \
	crypto/evp/m_wp.c \
	crypto/evp/names.c \
	crypto/evp/p5_crpt.c \
	crypto/evp/p5_crpt2.c \
	crypto/evp/p_dec.c \
	crypto/evp/p_enc.c \
	crypto/evp/p_lib.c \
	crypto/evp/p_open.c \
	crypto/evp/p_seal.c \
	crypto/evp/p_sign.c \
	crypto/evp/p_verify.c \
	crypto/evp/pmeth_fn.c \
	crypto/evp/pmeth_gn.c \
	crypto/evp/pmeth_lib.c \
	crypto/gost/gost2814789.c \
	crypto/gost/gost89_keywrap.c \
	crypto/gost/gost89_params.c \
	crypto/gost/gost89imit_ameth.c \
	crypto/gost/gost89imit_pmeth.c \
	crypto/gost/gost_asn1.c \
	crypto/gost/gost_err.c \
	crypto/gost/gostr341001.c \
	crypto/gost/gostr341001_ameth.c \
	crypto/gost/gostr341001_key.c \
	crypto/gost/gostr341001_params.c \
	crypto/gost/gostr341001_pmeth.c \
	crypto/gost/gostr341194.c \
	crypto/gost/streebog.c \
	crypto/hmac/hm_ameth.c \
	crypto/hmac/hm_pmeth.c \
	crypto/hmac/hmac.c \
	crypto/idea/i_cbc.c \
	crypto/idea/i_cfb64.c \
	crypto/idea/i_ecb.c \
	crypto/idea/i_ofb64.c \
	crypto/idea/i_skey.c \
	crypto/krb5/krb5_asn.c \
	crypto/lhash/lh_stats.c \
	crypto/lhash/lhash.c \
	crypto/md4/md4_dgst.c \
	crypto/md4/md4_one.c \
	crypto/md5/md5_dgst.c \
	crypto/md5/md5_one.c \
	crypto/modes/cbc128.c \
	crypto/modes/ccm128.c \
	crypto/modes/cfb128.c \
	crypto/modes/ctr128.c \
	crypto/modes/cts128.c \
	crypto/modes/gcm128.c \
	crypto/modes/ofb128.c \
	crypto/modes/xts128.c \
	crypto/objects/o_names.c \
	crypto/objects/obj_dat.c \
	crypto/objects/obj_err.c \
	crypto/objects/obj_lib.c \
	crypto/objects/obj_xref.c \
	crypto/ocsp/ocsp_asn.c \
	crypto/ocsp/ocsp_cl.c \
	crypto/ocsp/ocsp_err.c \
	crypto/ocsp/ocsp_ext.c \
	crypto/ocsp/ocsp_ht.c \
	crypto/ocsp/ocsp_lib.c \
	crypto/ocsp/ocsp_prn.c \




	crypto/ocsp/ocsp_srv.c \
	crypto/ocsp/ocsp_vfy.c \
	crypto/pem/pem_all.c \
	crypto/pem/pem_err.c \
	crypto/pem/pem_info.c \
	crypto/pem/pem_lib.c \
	crypto/pem/pem_oth.c \
	crypto/pem/pem_pk8.c \
	crypto/pem/pem_pkey.c \
	crypto/pem/pem_seal.c \

	crypto/pem/pem_sign.c \
	crypto/pem/pem_x509.c \
	crypto/pem/pem_xaux.c \
	crypto/pem/pvkfmt.c \
	crypto/pkcs12/p12_add.c \
	crypto/pkcs12/p12_asn.c \
	crypto/pkcs12/p12_attr.c \
	crypto/pkcs12/p12_crpt.c \
	crypto/pkcs12/p12_crt.c \
	crypto/pkcs12/p12_decr.c \
	crypto/pkcs12/p12_init.c \
	crypto/pkcs12/p12_key.c \
	crypto/pkcs12/p12_kiss.c \
	crypto/pkcs12/p12_mutl.c \
	crypto/pkcs12/p12_npas.c \
	crypto/pkcs12/p12_p8d.c \
	crypto/pkcs12/p12_p8e.c \
	crypto/pkcs12/p12_utl.c \

	crypto/pkcs12/pk12err.c \
	crypto/pkcs7/bio_pk7.c \




































	crypto/pkcs7/pk7_asn1.c \
	crypto/pkcs7/pk7_attr.c \
	crypto/pkcs7/pk7_doit.c \
	crypto/pkcs7/pk7_lib.c \
	crypto/pkcs7/pk7_mime.c \
	crypto/pkcs7/pk7_smime.c \
	crypto/pkcs7/pkcs7err.c \
























































	crypto/poly1305/poly1305.c \





































































































































































	crypto/rand/rand_err.c \
	crypto/rand/rand_lib.c \
	crypto/rand/randfile.c \
	crypto/rc2/rc2_cbc.c \
	crypto/rc2/rc2_ecb.c \
	crypto/rc2/rc2_skey.c \
	crypto/rc2/rc2cfb64.c \
	crypto/rc2/rc2ofb64.c \
	crypto/ripemd/rmd_dgst.c \
	crypto/ripemd/rmd_one.c \
	crypto/rsa/rsa_ameth.c \
	crypto/rsa/rsa_asn1.c \
	crypto/rsa/rsa_chk.c \
	crypto/rsa/rsa_crpt.c \
	crypto/rsa/rsa_depr.c \
	crypto/rsa/rsa_eay.c \
	crypto/rsa/rsa_err.c \
	crypto/rsa/rsa_gen.c \
	crypto/rsa/rsa_lib.c \
	crypto/rsa/rsa_none.c \
	crypto/rsa/rsa_oaep.c \
	crypto/rsa/rsa_pk1.c \
	crypto/rsa/rsa_pmeth.c \
	crypto/rsa/rsa_prn.c \
	crypto/rsa/rsa_pss.c \
	crypto/rsa/rsa_saos.c \
	crypto/rsa/rsa_sign.c \
	crypto/rsa/rsa_ssl.c \
	crypto/rsa/rsa_x931.c \
	crypto/sha/sha1_one.c \
	crypto/sha/sha1dgst.c \
	crypto/sha/sha256.c \
	crypto/sha/sha512.c \
	crypto/stack/stack.c \






















	crypto/ts/ts_asn1.c \


	crypto/ts/ts_conf.c \




	crypto/ts/ts_err.c \


























	crypto/ts/ts_lib.c \
	crypto/ts/ts_req_print.c \
	crypto/ts/ts_req_utils.c \
	crypto/ts/ts_rsp_print.c \
	crypto/ts/ts_rsp_sign.c \

	crypto/ts/ts_rsp_utils.c \
	crypto/ts/ts_rsp_verify.c \















































	crypto/ts/ts_verify_ctx.c \


	crypto/txt_db/txt_db.c \
	crypto/ui/ui_err.c \


	crypto/ui/ui_lib.c \
	crypto/ui/ui_openssl.c \
	crypto/ui/ui_util.c \
	crypto/whrlpool/wp_dgst.c \
	crypto/x509/by_dir.c \
	crypto/x509/by_file.c \
	crypto/x509/by_mem.c \
	crypto/x509/x509_att.c \
	crypto/x509/x509_cmp.c \
	crypto/x509/x509_d2.c \
	crypto/x509/x509_def.c \
	crypto/x509/x509_err.c \
	crypto/x509/x509_ext.c \
	crypto/x509/x509_lu.c \
	crypto/x509/x509_obj.c \
	crypto/x509/x509_r2x.c \
	crypto/x509/x509_req.c \
	crypto/x509/x509_set.c \
	crypto/x509/x509_trs.c \
	crypto/x509/x509_txt.c \
	crypto/x509/x509_v3.c \
	crypto/x509/x509_vfy.c \
	crypto/x509/x509_vpm.c \
	crypto/x509/x509cset.c \
	crypto/x509/x509name.c \
	crypto/x509/x509rset.c \
	crypto/x509/x509spki.c \
	crypto/x509/x509type.c \
	crypto/x509/x_all.c \
	crypto/x509v3/pcy_cache.c \
	crypto/x509v3/pcy_data.c \
	crypto/x509v3/pcy_lib.c \
	crypto/x509v3/pcy_map.c \
	crypto/x509v3/pcy_node.c \
	crypto/x509v3/pcy_tree.c \
	crypto/x509v3/v3_akey.c \
	crypto/x509v3/v3_akeya.c \
	crypto/x509v3/v3_alt.c \
	crypto/x509v3/v3_bcons.c \
	crypto/x509v3/v3_bitst.c \
	crypto/x509v3/v3_conf.c \
	crypto/x509v3/v3_cpols.c \
	crypto/x509v3/v3_crld.c \
	crypto/x509v3/v3_enum.c \
	crypto/x509v3/v3_extku.c \
	crypto/x509v3/v3_genn.c \
	crypto/x509v3/v3_ia5.c \
	crypto/x509v3/v3_info.c \
	crypto/x509v3/v3_int.c \
	crypto/x509v3/v3_lib.c \
	crypto/x509v3/v3_ncons.c \
	crypto/x509v3/v3_ocsp.c \
	crypto/x509v3/v3_pci.c \
	crypto/x509v3/v3_pcia.c \
	crypto/x509v3/v3_pcons.c \
	crypto/x509v3/v3_pku.c \
	crypto/x509v3/v3_pmaps.c \
	crypto/x509v3/v3_prn.c \
	crypto/x509v3/v3_purp.c \
	crypto/x509v3/v3_skey.c \
	crypto/x509v3/v3_sxnet.c \
	crypto/x509v3/v3_utl.c \
	crypto/x509v3/v3err.c

LOCAL_C_INCLUDES := $(LOCAL_PATH)/include \

	$(LOCAL_PATH)/crypto \
	$(LOCAL_PATH)/crypto/compat \
	$(LOCAL_PATH)/crypto/asn1 \

	$(LOCAL_PATH)/crypto/evp \
	$(LOCAL_PATH)/crypto/modes

LOCAL_CFLAGS := \
	-DLIBRESSL_INTERNAL \
	-DOPENSSL_NO_HW_PADLOCK \
	-DOPENSSL_NO_ASM \
	-DSIZE_MAX=UINT32_MAX \


	-O2

include $(BUILD_SHARED_LIBRARY)

####################################
#
# libssl_tls







|
|
|
|
|
|
|
|
|
>
|
|
>
>
|
|

|
|
>
|

<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
|
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<

|
|
|
|
|
|
|
|
|
|
>
>
|
>
|
|
|
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
|
>
|
|
|
|


>

<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
|
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



|
|
|
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|

|
|
|
|

|
|
|

>

|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|



>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|

|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>

|
>
>
|
|
|

|
|
|
|
|
|
<
<
<
|
|
|
|
|
<
<
|
|
<
<
<
<
<
<
|
<
<
<
<
|
<
|
|
|
|
<
|
|
<
<
<
<
|
<
|
|
<
<
|
<
<
|
<
|
|
<
<
<
|


>



>








>
>







14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

43
44

























































































































































45













46


47






48










49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96








97












































98









99




100





























101
102



















































103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416


























417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550



551
552
553
554
555


556
557






558




559

560
561
562
563

564
565




566

567
568


569


570

571
572



573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
LOCAL_SHORT_COMMANDS := true

LOCAL_MODULE := libcrypto_tls

LOCAL_SHARED_LIBRARIES :=

LOCAL_SRC_FILES := \
	crypto/mem_dbg.c \
	crypto/dsa/dsa_asn1.c \
	crypto/dsa/dsa_sign.c \
	crypto/dsa/dsa_lib.c \
	crypto/dsa/dsa_gen.c \
	crypto/dsa/dsa_vrf.c \
	crypto/dsa/dsa_err.c \
	crypto/dsa/dsa_key.c \
	crypto/dsa/dsa_depr.c \
	crypto/dsa/dsa_pmeth.c \
	crypto/dsa/dsa_ossl.c \
	crypto/dsa/dsa_prn.c \
	crypto/dsa/dsa_ameth.c \
	crypto/poly1305/poly1305.c \
	crypto/md4/md4_one.c \
	crypto/md4/md4_dgst.c \
	crypto/cryptlib.c \
	crypto/comp/comp_err.c \
	crypto/comp/c_rle.c \
	crypto/comp/comp_lib.c \
	crypto/comp/c_zlib.c \
	crypto/mem_clr.c \

	crypto/dh/dh_prn.c \
	crypto/dh/dh_key.c \

























































































































































	crypto/dh/dh_pmeth.c \













	crypto/dh/dh_asn1.c \


	crypto/dh/dh_depr.c \






	crypto/dh/dh_gen.c \










	crypto/dh/dh_ameth.c \
	crypto/dh/dh_check.c \
	crypto/dh/dh_lib.c \
	crypto/dh/dh_err.c \
	crypto/modes/ccm128.c \
	crypto/modes/cfb128.c \
	crypto/modes/xts128.c \
	crypto/modes/cts128.c \
	crypto/modes/ofb128.c \
	crypto/modes/cbc128.c \
	crypto/modes/ctr128.c \
	crypto/modes/gcm128.c \
	crypto/lhash/lh_stats.c \
	crypto/lhash/lhash.c \
	crypto/rc4/rc4_skey.c \
	crypto/rc4/rc4_enc.c \
	crypto/pem/pem_oth.c \
	crypto/pem/pem_lib.c \
	crypto/pem/pem_sign.c \
	crypto/pem/pem_err.c \
	crypto/pem/pem_xaux.c \
	crypto/pem/pem_all.c \
	crypto/pem/pem_x509.c \
	crypto/pem/pem_seal.c \
	crypto/pem/pem_pk8.c \
	crypto/pem/pvkfmt.c \
	crypto/pem/pem_info.c \
	crypto/pem/pem_pkey.c \
	crypto/ecdh/ech_lib.c \
	crypto/ecdh/ech_key.c \
	crypto/ecdh/ech_err.c \
	crypto/ts/ts_rsp_verify.c \
	crypto/ts/ts_rsp_print.c \
	crypto/ts/ts_verify_ctx.c \
	crypto/ts/ts_req_utils.c \
	crypto/ts/ts_rsp_utils.c \
	crypto/ts/ts_rsp_sign.c \
	crypto/ts/ts_asn1.c \
	crypto/ts/ts_conf.c \
	crypto/ts/ts_req_print.c \
	crypto/ts/ts_lib.c \
	crypto/ts/ts_err.c \
	crypto/ex_data.c \
	crypto/dso/dso_openssl.c \
	crypto/dso/dso_err.c \
	crypto/dso/dso_lib.c \
	crypto/dso/dso_dlfcn.c \
	crypto/dso/dso_null.c \








	crypto/rc2/rc2_skey.c \












































	crypto/rc2/rc2ofb64.c \









	crypto/rc2/rc2_cbc.c \




	crypto/rc2/rc2cfb64.c \





























	crypto/rc2/rc2_ecb.c \
	crypto/o_init.c \



















































	crypto/objects/obj_err.c \
	crypto/objects/obj_lib.c \
	crypto/objects/obj_xref.c \
	crypto/objects/o_names.c \
	crypto/objects/obj_dat.c \
	crypto/cversion.c \
	crypto/ec/ec2_mult.c \
	crypto/ec/ec_oct.c \
	crypto/ec/ec_lib.c \
	crypto/ec/ec_curve.c \
	crypto/ec/ecp_nistp521.c \
	crypto/ec/ec_check.c \
	crypto/ec/ecp_nistp224.c \
	crypto/ec/ecp_nistp256.c \
	crypto/ec/ec2_oct.c \
	crypto/ec/ec_err.c \
	crypto/ec/ec_mult.c \
	crypto/ec/eck_prn.c \
	crypto/ec/ec_ameth.c \
	crypto/ec/ecp_nist.c \
	crypto/ec/ec_print.c \
	crypto/ec/ec_pmeth.c \
	crypto/ec/ec_key.c \
	crypto/ec/ecp_oct.c \
	crypto/ec/ecp_nistputil.c \
	crypto/ec/ecp_smpl.c \
	crypto/ec/ecp_mont.c \
	crypto/ec/ec_asn1.c \
	crypto/ec/ec_cvt.c \
	crypto/ec/ec2_smpl.c \
	crypto/pkcs12/p12_p8d.c \
	crypto/pkcs12/p12_crpt.c \
	crypto/pkcs12/p12_kiss.c \
	crypto/pkcs12/p12_crt.c \
	crypto/pkcs12/p12_npas.c \
	crypto/pkcs12/p12_key.c \
	crypto/pkcs12/p12_p8e.c \
	crypto/pkcs12/p12_init.c \
	crypto/pkcs12/p12_mutl.c \
	crypto/pkcs12/p12_decr.c \
	crypto/pkcs12/p12_asn.c \
	crypto/pkcs12/p12_add.c \
	crypto/pkcs12/p12_utl.c \
	crypto/pkcs12/p12_attr.c \
	crypto/pkcs12/pk12err.c \
	crypto/bf/bf_enc.c \
	crypto/bf/bf_skey.c \
	crypto/bf/bf_ecb.c \
	crypto/bf/bf_cfb64.c \
	crypto/bf/bf_ofb64.c \
	crypto/x509/x509_v3.c \
	crypto/x509/x509_cmp.c \
	crypto/x509/x509_vpm.c \
	crypto/x509/by_file.c \
	crypto/x509/x509_lu.c \
	crypto/x509/x509_err.c \
	crypto/x509/x509_set.c \
	crypto/x509/x509_ext.c \
	crypto/x509/x509_vfy.c \
	crypto/x509/x509_def.c \
	crypto/x509/x509_d2.c \
	crypto/x509/x509_req.c \
	crypto/x509/x509_trs.c \
	crypto/x509/x509rset.c \
	crypto/x509/x509_r2x.c \
	crypto/x509/x509name.c \
	crypto/x509/by_mem.c \
	crypto/x509/x509_txt.c \
	crypto/x509/by_dir.c \
	crypto/x509/x_all.c \
	crypto/x509/x509cset.c \
	crypto/x509/x509_obj.c \
	crypto/x509/x509_att.c \
	crypto/x509/x509type.c \
	crypto/x509/x509spki.c \
	crypto/stack/stack.c \
	crypto/cast/c_ofb64.c \
	crypto/cast/c_skey.c \
	crypto/cast/c_enc.c \
	crypto/cast/c_cfb64.c \
	crypto/cast/c_ecb.c \
	crypto/malloc-wrapper.c \
	crypto/pkcs7/bio_pk7.c \
	crypto/pkcs7/pk7_doit.c \
	crypto/pkcs7/pk7_lib.c \
	crypto/pkcs7/pk7_asn1.c \
	crypto/pkcs7/pk7_mime.c \
	crypto/pkcs7/pk7_smime.c \
	crypto/pkcs7/pkcs7err.c \
	crypto/pkcs7/pk7_attr.c \
	crypto/evp/names.c \
	crypto/evp/m_dss1.c \
	crypto/evp/m_md5_sha1.c \
	crypto/evp/evp_aead.c \
	crypto/evp/p_sign.c \
	crypto/evp/m_wp.c \
	crypto/evp/evp_key.c \
	crypto/evp/pmeth_lib.c \
	crypto/evp/evp_pkey.c \
	crypto/evp/m_md5.c \
	crypto/evp/e_chacha.c \
	crypto/evp/e_old.c \
	crypto/evp/p_enc.c \
	crypto/evp/e_camellia.c \
	crypto/evp/m_gost2814789.c \
	crypto/evp/m_sigver.c \
	crypto/evp/e_null.c \
	crypto/evp/e_des.c \
	crypto/evp/e_rc4.c \
	crypto/evp/p_seal.c \
	crypto/evp/p_lib.c \
	crypto/evp/encode.c \
	crypto/evp/evp_enc.c \
	crypto/evp/m_ecdsa.c \
	crypto/evp/m_md4.c \
	crypto/evp/e_cast.c \
	crypto/evp/e_aes_cbc_hmac_sha1.c \
	crypto/evp/pmeth_gn.c \
	crypto/evp/e_gost2814789.c \
	crypto/evp/m_dss.c \
	crypto/evp/evp_pbe.c \
	crypto/evp/p5_crpt.c \
	crypto/evp/e_aes.c \
	crypto/evp/e_rc4_hmac_md5.c \
	crypto/evp/p_verify.c \
	crypto/evp/bio_enc.c \
	crypto/evp/e_bf.c \
	crypto/evp/m_gostr341194.c \
	crypto/evp/bio_b64.c \
	crypto/evp/p_dec.c \
	crypto/evp/m_sha1.c \
	crypto/evp/e_rc2.c \
	crypto/evp/m_ripemd.c \
	crypto/evp/c_all.c \
	crypto/evp/evp_lib.c \
	crypto/evp/digest.c \
	crypto/evp/bio_md.c \
	crypto/evp/e_xcbc_d.c \
	crypto/evp/e_idea.c \
	crypto/evp/p_open.c \
	crypto/evp/e_des3.c \
	crypto/evp/m_null.c \
	crypto/evp/p5_crpt2.c \
	crypto/evp/pmeth_fn.c \
	crypto/evp/m_streebog.c \
	crypto/evp/e_chacha20poly1305.c \
	crypto/evp/evp_err.c \
	crypto/aes/aes_ecb.c \
	crypto/aes/aes_cfb.c \
	crypto/aes/aes_misc.c \
	crypto/aes/aes_cbc.c \
	crypto/aes/aes_ofb.c \
	crypto/aes/aes_wrap.c \
	crypto/aes/aes_ctr.c \
	crypto/aes/aes_ige.c \
	crypto/aes/aes_core.c \
	crypto/bn/bn_div.c \
	crypto/bn/bn_kron.c \
	crypto/bn/bn_shift.c \
	crypto/bn/bn_mpi.c \
	crypto/bn/bn_asm.c \
	crypto/bn/bn_mul.c \
	crypto/bn/bn_err.c \
	crypto/bn/bn_const.c \
	crypto/bn/bn_depr.c \
	crypto/bn/bn_add.c \
	crypto/bn/bn_blind.c \
	crypto/bn/bn_exp2.c \
	crypto/bn/bn_mont.c \
	crypto/bn/bn_x931p.c \
	crypto/bn/bn_rand.c \
	crypto/bn/bn_print.c \
	crypto/bn/bn_exp.c \
	crypto/bn/bn_nist.c \
	crypto/bn/bn_ctx.c \
	crypto/bn/bn_mod.c \
	crypto/bn/bn_prime.c \
	crypto/bn/bn_sqrt.c \
	crypto/bn/bn_lib.c \
	crypto/bn/bn_gf2m.c \
	crypto/bn/bn_recp.c \
	crypto/bn/bn_sqr.c \
	crypto/bn/bn_gcd.c \
	crypto/bn/bn_word.c \
	crypto/chacha/chacha-merged.c \
	crypto/chacha/chacha.c \
	crypto/ui/ui_openssl.c \
	crypto/ui/ui_util.c \
	crypto/ui/ui_err.c \
	crypto/ui/ui_lib.c \
	crypto/x509v3/v3_skey.c \
	crypto/x509v3/v3_genn.c \
	crypto/x509v3/v3_pci.c \
	crypto/x509v3/v3_ia5.c \
	crypto/x509v3/v3_sxnet.c \
	crypto/x509v3/v3_utl.c \
	crypto/x509v3/pcy_cache.c \
	crypto/x509v3/v3_enum.c \
	crypto/x509v3/v3err.c \
	crypto/x509v3/v3_ncons.c \
	crypto/x509v3/v3_lib.c \
	crypto/x509v3/v3_conf.c \
	crypto/x509v3/v3_bcons.c \
	crypto/x509v3/v3_akeya.c \
	crypto/x509v3/v3_purp.c \
	crypto/x509v3/v3_pcons.c \
	crypto/x509v3/v3_ocsp.c \
	crypto/x509v3/v3_cpols.c \
	crypto/x509v3/v3_info.c \
	crypto/x509v3/v3_alt.c \
	crypto/x509v3/v3_crld.c \
	crypto/x509v3/pcy_lib.c \
	crypto/x509v3/pcy_map.c \
	crypto/x509v3/v3_pcia.c \
	crypto/x509v3/v3_extku.c \
	crypto/x509v3/v3_int.c \
	crypto/x509v3/v3_pku.c \
	crypto/x509v3/pcy_tree.c \
	crypto/x509v3/v3_pmaps.c \
	crypto/x509v3/v3_prn.c \
	crypto/x509v3/v3_bitst.c \
	crypto/x509v3/pcy_node.c \
	crypto/x509v3/v3_akey.c \
	crypto/x509v3/pcy_data.c \
	crypto/rsa/rsa_pk1.c \
	crypto/rsa/rsa_x931.c \
	crypto/rsa/rsa_ameth.c \
	crypto/rsa/rsa_gen.c \
	crypto/rsa/rsa_oaep.c \
	crypto/rsa/rsa_saos.c \
	crypto/rsa/rsa_pss.c \
	crypto/rsa/rsa_sign.c \
	crypto/rsa/rsa_lib.c \
	crypto/rsa/rsa_pmeth.c \
	crypto/rsa/rsa_depr.c \
	crypto/rsa/rsa_asn1.c \
	crypto/rsa/rsa_none.c \
	crypto/rsa/rsa_chk.c \
	crypto/rsa/rsa_prn.c \
	crypto/rsa/rsa_eay.c \
	crypto/rsa/rsa_err.c \
	crypto/rsa/rsa_ssl.c \
	crypto/rsa/rsa_crpt.c \
	crypto/engine/eng_dyn.c \
	crypto/engine/tb_cipher.c \
	crypto/engine/tb_dh.c \
	crypto/engine/tb_rsa.c \
	crypto/engine/tb_digest.c \
	crypto/engine/eng_err.c \
	crypto/engine/eng_table.c \
	crypto/engine/tb_rand.c \
	crypto/engine/tb_ecdsa.c \
	crypto/engine/eng_init.c \
	crypto/engine/eng_all.c \
	crypto/engine/eng_pkey.c \
	crypto/engine/eng_lib.c \
	crypto/engine/tb_dsa.c \
	crypto/engine/eng_fat.c \
	crypto/engine/tb_pkmeth.c \
	crypto/engine/eng_openssl.c \
	crypto/engine/tb_store.c \
	crypto/engine/eng_list.c \
	crypto/engine/eng_ctrl.c \
	crypto/engine/tb_asnmth.c \
	crypto/engine/eng_cnf.c \
	crypto/engine/tb_ecdh.c \
	crypto/bio/bss_log.c \
	crypto/bio/b_sock.c \
	crypto/bio/bio_err.c \
	crypto/bio/bio_lib.c \
	crypto/bio/bss_conn.c \
	crypto/bio/b_dump.c \
	crypto/bio/bss_null.c \
	crypto/bio/bss_dgram.c \
	crypto/bio/bio_cb.c \
	crypto/bio/bss_fd.c \
	crypto/bio/b_posix.c \
	crypto/bio/bss_sock.c \
	crypto/bio/bss_mem.c \
	crypto/bio/bss_file.c \
	crypto/bio/bss_acpt.c \
	crypto/bio/bss_bio.c \
	crypto/bio/bf_null.c \
	crypto/bio/bf_nbio.c \
	crypto/bio/b_print.c \
	crypto/bio/bf_buff.c \
	crypto/hmac/hm_pmeth.c \
	crypto/hmac/hmac.c \
	crypto/hmac/hm_ameth.c \
	crypto/md5/md5_dgst.c \
	crypto/md5/md5_one.c \
	crypto/ocsp/ocsp_vfy.c \
	crypto/ocsp/ocsp_prn.c \
	crypto/ocsp/ocsp_lib.c \
	crypto/ocsp/ocsp_ht.c \
	crypto/ocsp/ocsp_ext.c \
	crypto/ocsp/ocsp_cl.c \
	crypto/ocsp/ocsp_srv.c \
	crypto/ocsp/ocsp_asn.c \
	crypto/ocsp/ocsp_err.c \
	crypto/compat/timingsafe_memcmp.c \
	crypto/compat/reallocarray.c \
	crypto/compat/timingsafe_bcmp.c \
	crypto/compat/recallocarray.c \
	crypto/compat/arc4random_uniform.c \
	crypto/compat/bsd-asprintf.c \
	crypto/compat/explicit_bzero.c \
	crypto/compat/timegm.c \
	crypto/err/err_all.c \
	crypto/err/err.c \
	crypto/err/err_prn.c \
	crypto/rand/rand_err.c \
	crypto/rand/rand_lib.c \
	crypto/rand/randfile.c \


























	crypto/sha/sha1dgst.c \
	crypto/sha/sha256.c \
	crypto/sha/sha1_one.c \
	crypto/sha/sha512.c \
	crypto/cpt_err.c \
	crypto/camellia/cmll_cbc.c \
	crypto/camellia/cmll_ecb.c \
	crypto/camellia/camellia.c \
	crypto/camellia/cmll_misc.c \
	crypto/camellia/cmll_cfb.c \
	crypto/camellia/cmll_ofb.c \
	crypto/camellia/cmll_ctr.c \
	crypto/asn1/x_bignum.c \
	crypto/asn1/i2d_pu.c \
	crypto/asn1/a_bitstr.c \
	crypto/asn1/x_pubkey.c \
	crypto/asn1/x_req.c \
	crypto/asn1/x_val.c \
	crypto/asn1/a_time_tm.c \
	crypto/asn1/a_dup.c \
	crypto/asn1/p5_pbev2.c \
	crypto/asn1/asn1_lib.c \
	crypto/asn1/a_time.c \
	crypto/asn1/t_req.c \
	crypto/asn1/asn1_err.c \
	crypto/asn1/p5_pbe.c \
	crypto/asn1/x_attrib.c \
	crypto/asn1/bio_asn1.c \
	crypto/asn1/x_nx509.c \
	crypto/asn1/asn_moid.c \
	crypto/asn1/a_type.c \
	crypto/asn1/tasn_dec.c \
	crypto/asn1/tasn_new.c \
	crypto/asn1/i2d_pr.c \
	crypto/asn1/a_d2i_fp.c \
	crypto/asn1/x_crl.c \
	crypto/asn1/d2i_pu.c \
	crypto/asn1/f_int.c \
	crypto/asn1/p8_pkey.c \
	crypto/asn1/evp_asn1.c \
	crypto/asn1/f_string.c \
	crypto/asn1/x_spki.c \
	crypto/asn1/t_x509a.c \
	crypto/asn1/asn1_par.c \
	crypto/asn1/f_enum.c \
	crypto/asn1/n_pkey.c \
	crypto/asn1/x_sig.c \
	crypto/asn1/tasn_fre.c \
	crypto/asn1/x_pkey.c \
	crypto/asn1/a_print.c \
	crypto/asn1/asn_pack.c \
	crypto/asn1/a_bool.c \
	crypto/asn1/tasn_typ.c \
	crypto/asn1/a_object.c \
	crypto/asn1/a_strex.c \
	crypto/asn1/asn1_gen.c \
	crypto/asn1/a_octet.c \
	crypto/asn1/ameth_lib.c \
	crypto/asn1/t_bitst.c \
	crypto/asn1/tasn_enc.c \
	crypto/asn1/a_sign.c \
	crypto/asn1/a_int.c \
	crypto/asn1/x_exten.c \
	crypto/asn1/tasn_prn.c \
	crypto/asn1/x_info.c \
	crypto/asn1/bio_ndef.c \
	crypto/asn1/t_x509.c \
	crypto/asn1/a_i2d_fp.c \
	crypto/asn1/nsseq.c \
	crypto/asn1/a_verify.c \
	crypto/asn1/a_utf8.c \
	crypto/asn1/t_spki.c \
	crypto/asn1/tasn_utl.c \
	crypto/asn1/a_enum.c \
	crypto/asn1/x_long.c \
	crypto/asn1/asn_mime.c \
	crypto/asn1/t_crl.c \
	crypto/asn1/x_x509.c \
	crypto/asn1/a_strnid.c \
	crypto/asn1/a_mbstr.c \
	crypto/asn1/a_set.c \
	crypto/asn1/a_bytes.c \
	crypto/asn1/t_pkey.c \
	crypto/asn1/x_algor.c \
	crypto/asn1/x_name.c \
	crypto/asn1/a_digest.c \
	crypto/asn1/x_x509a.c \
	crypto/asn1/d2i_pr.c \
	crypto/ecdsa/ecs_ossl.c \
	crypto/ecdsa/ecs_vrf.c \
	crypto/ecdsa/ecs_asn1.c \
	crypto/ecdsa/ecs_err.c \
	crypto/ecdsa/ecs_sign.c \
	crypto/ecdsa/ecs_lib.c \
	crypto/conf/conf_mall.c \
	crypto/conf/conf_def.c \
	crypto/conf/conf_api.c \
	crypto/conf/conf_err.c \
	crypto/conf/conf_lib.c \
	crypto/conf/conf_sap.c \
	crypto/conf/conf_mod.c \
	crypto/gost/gost89_params.c \
	crypto/gost/gostr341194.c \
	crypto/gost/gostr341001_params.c \
	crypto/gost/gost_asn1.c \
	crypto/gost/gostr341001_pmeth.c \
	crypto/gost/gostr341001.c \
	crypto/gost/gost89_keywrap.c \
	crypto/gost/gost89imit_ameth.c \
	crypto/gost/streebog.c \
	crypto/gost/gostr341001_ameth.c \
	crypto/gost/gost2814789.c \
	crypto/gost/gost_err.c \
	crypto/gost/gost89imit_pmeth.c \
	crypto/gost/gostr341001_key.c \
	crypto/ripemd/rmd_dgst.c \
	crypto/ripemd/rmd_one.c \
	crypto/cmac/cmac.c \
	crypto/cmac/cm_pmeth.c \
	crypto/cmac/cm_ameth.c \
	crypto/txt_db/txt_db.c \
	crypto/o_str.c \
	crypto/idea/i_ofb64.c \
	crypto/idea/i_cfb64.c \
	crypto/idea/i_ecb.c \
	crypto/idea/i_cbc.c \
	crypto/idea/i_skey.c \
	crypto/whrlpool/wp_dgst.c \
	crypto/whrlpool/wp_block.c \
	crypto/buffer/buf_err.c \
	crypto/buffer/buf_str.c \
	crypto/buffer/buffer.c \
	crypto/o_time.c \
	crypto/curve25519/curve25519.c \



	crypto/curve25519/curve25519-generic.c \
	crypto/des/pcbc_enc.c \
	crypto/des/enc_writ.c \
	crypto/des/qud_cksm.c \
	crypto/des/ecb_enc.c \


	crypto/des/cbc_enc.c \
	crypto/des/xcbc_enc.c \






	crypto/des/str2key.c \




	crypto/des/cfb_enc.c \

	crypto/des/des_enc.c \
	crypto/des/cfb64enc.c \
	crypto/des/enc_read.c \
	crypto/des/ofb64enc.c \

	crypto/des/ofb_enc.c \
	crypto/des/rand_key.c \




	crypto/des/ecb3_enc.c \

	crypto/des/fcrypt.c \
	crypto/des/fcrypt_b.c \


	crypto/des/ede_cbcm_enc.c \


	crypto/des/cfb64ede.c \

	crypto/des/ofb64ede.c \
	crypto/des/set_key.c \



	crypto/des/cbc_cksm.c

LOCAL_C_INCLUDES := $(LOCAL_PATH)/include \
	$(LOCAL_PATH)/include/compat \
	$(LOCAL_PATH)/crypto \
	$(LOCAL_PATH)/crypto/compat \
	$(LOCAL_PATH)/crypto/asn1 \
	$(LOCAL_PATH)/crypto/bn \
	$(LOCAL_PATH)/crypto/evp \
	$(LOCAL_PATH)/crypto/modes

LOCAL_CFLAGS := \
	-DLIBRESSL_INTERNAL \
	-DOPENSSL_NO_HW_PADLOCK \
	-DOPENSSL_NO_ASM \
	-DSIZE_MAX=UINT32_MAX \
	-DHAVE_INET_NTOP=1 -DHAVE_INET_PTON=1 \
	-D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= \
	-O2

include $(BUILD_SHARED_LIBRARY)

####################################
#
# libssl_tls
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619

620
621
622
623
624


625
626

627
628

629
630

631
632
633
634
635
636

637
638
639
640

641


642
643
644
	ssl/d1_enc.c \
	ssl/d1_lib.c \
	ssl/d1_meth.c \
	ssl/d1_pkt.c \
	ssl/d1_srtp.c \
	ssl/d1_srvr.c \
	ssl/pqueue.c \
	ssl/s23_clnt.c \
	ssl/s23_lib.c \
	ssl/s23_pkt.c \
	ssl/s23_srvr.c \
	ssl/s3_both.c \
	ssl/s3_cbc.c \
	ssl/s3_clnt.c \
	ssl/s3_lib.c \
	ssl/s3_pkt.c \
	ssl/s3_srvr.c \
	ssl/ssl_algs.c \
	ssl/ssl_asn1.c \

	ssl/ssl_cert.c \
	ssl/ssl_ciph.c \
	ssl/ssl_err.c \
	ssl/ssl_err2.c \
	ssl/ssl_lib.c \


	ssl/ssl_rsa.c \
	ssl/ssl_sess.c \

	ssl/ssl_stat.c \
	ssl/ssl_txt.c \

	ssl/t1_clnt.c \
	ssl/t1_enc.c \

	ssl/t1_lib.c \
	ssl/t1_meth.c \
	ssl/t1_reneg.c \
	ssl/t1_srvr.c

LOCAL_C_INCLUDES := $(LOCAL_PATH)/include \

	$(LOCAL_PATH)/ssl \
	$(LOCAL_PATH)/crypto/compat

LOCAL_CFLAGS := \

	-DOPENSSLDIR="\"/system/lib/ssl\"" \


	-O2

include $(BUILD_SHARED_LIBRARY)







<
<
<
<
<

<

<
<


>


|
|

>
>


>


>


>






>




>

>
>



614
615
616
617
618
619
620





621

622


623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
	ssl/d1_enc.c \
	ssl/d1_lib.c \
	ssl/d1_meth.c \
	ssl/d1_pkt.c \
	ssl/d1_srtp.c \
	ssl/d1_srvr.c \
	ssl/pqueue.c \





	ssl/s3_cbc.c \

	ssl/s3_lib.c \


	ssl/ssl_algs.c \
	ssl/ssl_asn1.c \
	ssl/ssl_both.c \
	ssl/ssl_cert.c \
	ssl/ssl_ciph.c \
	ssl/ssl_clnt.c \
	ssl/ssl_err.c \
	ssl/ssl_lib.c \
	ssl/ssl_packet.c \
	ssl/ssl_pkt.c \
	ssl/ssl_rsa.c \
	ssl/ssl_sess.c \
	ssl/ssl_srvr.c \
	ssl/ssl_stat.c \
	ssl/ssl_txt.c \
	ssl/ssl_versions.c \
	ssl/t1_clnt.c \
	ssl/t1_enc.c \
	ssl/t1_hash.c \
	ssl/t1_lib.c \
	ssl/t1_meth.c \
	ssl/t1_reneg.c \
	ssl/t1_srvr.c

LOCAL_C_INCLUDES := $(LOCAL_PATH)/include \
	$(LOCAL_PATH)/include/compat \
	$(LOCAL_PATH)/ssl \
	$(LOCAL_PATH)/crypto/compat

LOCAL_CFLAGS := \
	-DLIBRESSL_INTERNAL \
	-DOPENSSLDIR="\"/system/lib/ssl\"" \
	-DHAVE_INET_NTOP=1 -DHAVE_INET_PTON=1 \
	-D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= \
	-O2

include $(BUILD_SHARED_LIBRARY)
Changes to jni/libressl/CMakeLists.txt.
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33
34
35
cmake_minimum_required (VERSION 2.8.8)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
include(CheckTypeSize)





project (LibreSSL C)

enable_testing()

file(READ ${CMAKE_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})

file(READ ${CMAKE_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})

file(READ ${CMAKE_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})

option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)

set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)

set(BUILD_NC true)

if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
	add_definitions(-fno-common)
endif()






>
>
>
>




|




|




|







>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
cmake_minimum_required (VERSION 2.8.8)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
include(CheckTypeSize)

set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
include(cmake_export_symbol)
include(GNUInstallDirs)

project (LibreSSL C)

enable_testing()

file(READ ${CMAKE_CURRENT_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})

file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})

file(READ ${CMAKE_CURRENT_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})

option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)

set(BUILD_NC true)

if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
	add_definitions(-fno-common)
endif()
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
	add_definitions(-D_GNU_SOURCE)
endif()

if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
	set(BUILD_NC false)
endif()

if(MSVC)
	set(BUILD_NC false)
endif()

if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
	if(CMAKE_C_COMPILER MATCHES "gcc")
		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")







|







50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
	add_definitions(-D_GNU_SOURCE)
endif()

if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
	set(BUILD_NC false)
endif()

if(WIN32)
	set(BUILD_NC false)
endif()

if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
	if(CMAKE_C_COMPILER MATCHES "gcc")
		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
69
70
71
72
73
74
75


76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91




92
93
94
95
96
97
98
99
100


101
102
103
104
105


















106
107

108
109
110
111
112
113
114
115
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
endif()

add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK)



set(CMAKE_POSITION_INDEPENDENT_CODE true)

if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
	add_definitions(-Wno-pointer-sign)
endif()

if(MSVC)
	add_definitions(-Dinline=__inline)
	add_definitions(-Drestrict)
	add_definitions(-D_CRT_SECURE_NO_WARNINGS)
	add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
	add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
	add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
	add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)






	set(MSVC_DISABLED_WARNINGS_LIST
		"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
		        # indirection to slightly different base types from 'char [2]'
		"C4100" # 'exarg' : unreferenced formal parameter
		"C4127" # conditional expression is constant
		"C4242" # 'function' : conversion from 'int' to 'uint8_t',
		        # possible loss of data
		"C4244" # 'function' : conversion from 'int' to 'uint8_t',
		        # possible loss of data


		"C4706" # assignment within conditional expression
		"C4820" # 'bytes' bytes padding added after construct 'member_name'
		"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
		        # use the ISO C++ conformant name: _read.
	)


















	string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
		${MSVC_DISABLED_WARNINGS_LIST})

	set(CMAKE_C_FLAGS  "-MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
endif()

check_function_exists(asprintf HAVE_ASPRINTF)
if(HAVE_ASPRINTF)
	add_definitions(-DHAVE_ASPRINTF)
endif()








>
>







|
<






>

>
>
>
>
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


>
|







74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
endif()

add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK)
add_definitions(-D__BEGIN_HIDDEN_DECLS=)
add_definitions(-D__END_HIDDEN_DECLS=)

set(CMAKE_POSITION_INDEPENDENT_CODE true)

if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
	add_definitions(-Wno-pointer-sign)
endif()

if(WIN32)

	add_definitions(-Drestrict)
	add_definitions(-D_CRT_SECURE_NO_WARNINGS)
	add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
	add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
	add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
	add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
endif()

if(MSVC)
	add_definitions(-Dinline=__inline)
	message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
	if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
		set(MSVC_DISABLED_WARNINGS_LIST
			"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
		        	# indirection to slightly different base types from 'char [2]'
			"C4100" # 'exarg' : unreferenced formal parameter
			"C4127" # conditional expression is constant
			"C4242" # 'function' : conversion from 'int' to 'uint8_t',
			        # possible loss of data
			"C4244" # 'function' : conversion from 'int' to 'uint8_t',
			        # possible loss of data
			"C4267" # conversion from 'size_t' to 'some type that is almost
				# certainly safe to convert a size_t to'.
			"C4706" # assignment within conditional expression
			"C4820" # 'bytes' bytes padding added after construct 'member_name'
			"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
			        # use the ISO C++ conformant name: _read.
		)
	elseif(CMAKE_C_COMPILER_ID MATCHES "Intel")
		add_definitions(-D_CRT_SUPPRESS_RESTRICT)
		set(MSVC_DISABLED_WARNINGS_LIST
			"C111"  # Unreachable statement
			"C128"  # Unreachable loop
			"C167"  # Unexplict casting unsigned to signed
			"C186"  # Pointless comparison of unsigned int with zero
			"C188"  # Enumerated type mixed with another type
			"C344"  # Redeclared type
			"C556"  # Unexplict casting signed to unsigned
			"C869"  # Unreferenced parameters
			"C1786" # Deprecated functions
			"C2545" # Empty else statement
			"C2557" # Comparing signed to unsigned
			"C2722" # List init syntax is c++11 feature
			"C3280" # Declaration hides variable
		)
	endif()
	string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
		${MSVC_DISABLED_WARNINGS_LIST})
	string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
endif()

check_function_exists(asprintf HAVE_ASPRINTF)
if(HAVE_ASPRINTF)
	add_definitions(-DHAVE_ASPRINTF)
endif()

139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
endif()

check_function_exists(strndup HAVE_STRNDUP)
if(HAVE_STRNDUP)
	add_definitions(-DHAVE_STRNDUP)
endif()

if(MSVC)
	set(HAVE_STRNLEN true)
	add_definitions(-DHAVE_STRNLEN)
else()
	check_function_exists(strnlen HAVE_STRNLEN)
	if(HAVE_STRNLEN)
		add_definitions(-DHAVE_STRNLEN)
	endif()







|







171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
endif()

check_function_exists(strndup HAVE_STRNDUP)
if(HAVE_STRNDUP)
	add_definitions(-DHAVE_STRNDUP)
endif()

if(WIN32)
	set(HAVE_STRNLEN true)
	add_definitions(-DHAVE_STRNLEN)
else()
	check_function_exists(strnlen HAVE_STRNLEN)
	if(HAVE_STRNLEN)
		add_definitions(-DHAVE_STRNLEN)
	endif()
183
184
185
186
187
188
189





190
191
192
193
194
195
196
	add_definitions(-DHAVE_GETAUXVAL)
endif()

check_function_exists(getentropy HAVE_GETENTROPY)
if(HAVE_GETENTROPY)
	add_definitions(-DHAVE_GETENTROPY)
endif()






check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
if(HAVE_TIMINGSAFE_BCMP)
	add_definitions(-DHAVE_TIMINGSAFE_BCMP)
endif()

check_function_exists(timingsafe_memcmp HAVE_TIMINGSAFE_MEMCMP)







>
>
>
>
>







215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
	add_definitions(-DHAVE_GETAUXVAL)
endif()

check_function_exists(getentropy HAVE_GETENTROPY)
if(HAVE_GETENTROPY)
	add_definitions(-DHAVE_GETENTROPY)
endif()

check_function_exists(getpagesize HAVE_GETPAGESIZE)
if(HAVE_GETPAGESIZE)
	add_definitions(-DHAVE_GETPAGESIZE)
endif()

check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
if(HAVE_TIMINGSAFE_BCMP)
	add_definitions(-DHAVE_TIMINGSAFE_BCMP)
endif()

check_function_exists(timingsafe_memcmp HAVE_TIMINGSAFE_MEMCMP)
216
217
218
219
220
221
222















223


224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258


259
260
261
262
263
264
265
266
267
268
			set(HOST_ASM_ELF_X86_64 true)
		endif()
	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
		set(HOST_ASM_MACOSX_X86_64 true)
	endif()
endif()
















set(OPENSSL_LIBS ssl crypto)


if(CMAKE_HOST_WIN32)
	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
	check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
	if (HAVE_CLOCK_GETTIME)
		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
	endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
endif()

if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|MINGW|CYGWIN)" OR MSVC))
	set(BUILD_SHARED true)
endif()

check_type_size(time_t SIZEOF_TIME_T)
if(SIZEOF_TIME_T STREQUAL "4")
	set(SMALL_TIME_T true)
	message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
	                " ** It will behave incorrectly when handling valid RFC5280 dates")
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})

add_subdirectory(crypto)
add_subdirectory(ssl)
add_subdirectory(apps)
add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
	add_subdirectory(man)


	add_subdirectory(tests)
endif()

configure_file(
	"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
	"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
	IMMEDIATE @ONLY)

add_custom_target(uninstall
	COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
















<
<
<
<















>
>










253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293




294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
			set(HOST_ASM_ELF_X86_64 true)
		endif()
	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
		set(HOST_ASM_MACOSX_X86_64 true)
	endif()
endif()

if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|CYGWIN)"))
	set(BUILD_SHARED true)
endif()

# USE_SHARED builds applications (e.g. openssl) using shared LibreSSL.
# By default, applications use LibreSSL static library to avoid dependencies.
# USE_SHARED isn't set by default; use -DUSE_SHARED=ON with CMake to enable.
# Can be helpful for debugging; don't use for public releases.
if(NOT BUILD_SHARED)
	set(USE_SHARED off)
endif()

if(USE_SHARED)
	set(OPENSSL_LIBS tls-shared ssl-shared crypto-shared)
else()
	set(OPENSSL_LIBS tls ssl crypto)
endif()

if(CMAKE_HOST_WIN32)
	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
	check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
	if (HAVE_CLOCK_GETTIME)
		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
	endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
endif()





check_type_size(time_t SIZEOF_TIME_T)
if(SIZEOF_TIME_T STREQUAL "4")
	set(SMALL_TIME_T true)
	message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
	                " ** It will behave incorrectly when handling valid RFC5280 dates")
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})

add_subdirectory(crypto)
add_subdirectory(ssl)
add_subdirectory(apps)
add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
	add_subdirectory(man)
endif()
if(NOT MSVC OR ENABLE_VSTEST)
	add_subdirectory(tests)
endif()

configure_file(
	"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
	"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
	IMMEDIATE @ONLY)

add_custom_target(uninstall
	COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
Changes to jni/libressl/ChangeLog.
24
25
26
27
28
29
30















31



















































































































32
33
34
35
36
37
38
39
40
41
42
43
44

45

46

47
48





49


50

51



52

53


54
55

56


57



58


59



60

61

62

63

64
65

66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.

	https://github.com/libressl-portable/portable

LibreSSL Portable Release Notes:
















2.4.5  - Security and compatibility fixes




















































































































	* Avoid a side-channel cache-timing attack that can leak the ECDSA
	  private keys when signing. This is due to BN_mod_inverse() being
	  used without the constant time flag being set.

	  This issue was reported by Cesar Pereida Garcia and Billy Brumley
	  (Tampere University of Technology). The fix was developed by Cesar
	  Pereida Garcia.

	* iOS and MacOS compatibility updates from Simone Basso and Jacob
	  Berkman.

2.4.4 - Reliability improvements



	* Avoid continual processing of an unlimited number of TLS records,

	  which can cause a denial-of-service condition.






	* In X509_cmp_time(), pass asn1_time_parse() the tag of the field


	  being parsed so that a malformed GeneralizedTime field is recognized as

	  an error instead of potentially being interpreted as if it was a valid



	  UTCTime.




	* Improve ticket validity checking when tlsext_ticket_key_cb()
	  callback chooses a different HMAC algorithm.




	* Check for packets with a truncated DTLS cookie.






	* Detect zero-length encrypted session data early, instead of when



	  malloc(0) fails or the HMAC check fails.



	* Check for and handle failure of HMAC_{Update,Final} or

	  EVP_DecryptUpdate()


2.4.3 - Bug fixes and reliability improvements


	* Reverted change that cleans up the EVP cipher context in
	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
	  previous behaviour.

	* Avoid unbounded memory growth in libssl, which can be triggered by a
	  TLS client repeatedly renegotiating and sending OCSP Status Request
	  TLS extensions.

	* Avoid falling back to a weak digest for (EC)DH when using SNI with
	  libssl.

2.4.2 - Bug fixes and improvements

	* Fixed loading default certificate locations with openssl s_client.

	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
	  RFC6960. Also added fixes for OCSP to work with intermediate
	  certificates provided in responses.

	* Improved behavior of arc4random on Windows to not appear to leak
	  memory in debug tools, reduced privileges of allocated memory.

	* Fixed incorrect results from BN_mod_word() when the modulus is too







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



|
<
|
|
<




|
>

>
|
>
|

>
>
>
>
>
|
>
>
|
>
|
>
>
>
|
>

>
>
|
|
>

>
>
|
>
>
>

>
>
|
>
>
>
|
>

>
|
>
|
>

|
>
















|







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

166
167

168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.

	https://github.com/libressl-portable/portable

LibreSSL Portable Release Notes:

2.5.5 - Bug fixes
	* Distinguish between self-issued certificates and self-signed
	  certificates. The certificate verification code has special cases
	  for self-signed certificates and without this change, self-issued
	  certificates (which it seems are common place with
	  openvpn/easyrsa) were also being included in this category.

	* Fix a bug caused by the return value being set early to signal
	  successful DTLS cookie validation. This can mask a later failure and
	  result in a positive return value being returned from
	  ssl3_get_client_hello(), when it should return a negative value to
	  propagate the error.

	* Added getpagesize fallback, needed for Android bionic libc.

2.5.4 - Security Updates

	* Revert a previous change that forced consistency between return
	  value and error code when specifing a certificate verification
	  callback, since this breaks the documented API. When a user supplied
	  callback always returns 1, and later code checks the error code to
	  potentially abort post verification, this will result in incorrect
	  successul certificate verification.

	* Switched Linux getrandom() usage to non-blocking mode, continuing to
	  use fallback mechanims if unsuccessful. This works around a design
	  flaw in Linux getrandom(2) where early boot usage in a library makes
	  it impossible to recover if getrandom(2) is not yet initialized.

	* Fixed a bug caused by the return value being set early to signal
	  successful DTLS cookie validation. This can mask a later failure and
	  result in a positive return value being returned from
	  ssl3_get_client_hello(), when it should return a negative value to
	  propagate the error.

	* Fixed a build error on non-x86/x86_64 systems running Solaris.

2.5.3 - OpenBSD 6.1 Release

	* Documentation updates

	* Improved ocspcheck(1) error handling

2.5.2 - Security features and bugfixes

	* Added the recallocarray(3) memory allocation function, and converted
	  various places in the library to use it, such as CBB and BUF_MEM_grow.
	  recallocarray(3) is similar to reallocarray. Newly allocated memory
	  is cleared similar to calloc(3). Memory that becomes unallocated
	  while shrinking or moving existing allocations is explicitly
	  discarded by unmapping or clearing to 0

	* Added new root CAs from SECOM Trust Systems / Security Communication
	  of Japan.

	* Added EVP interface for MD5+SHA1 hashes.

	* Fixed DTLS client failures when the server sends a certificate
	  request.

	* Correct handling of padding when upgrading an SSLv2 challenge into
	  an SSLv3/TLS connection.

	* Allow protocols and ciphers to be set on a TLS config object in
	  libtls.

	* Improved nc(1) TLS handshake CPU usage and server-side error
	  reporting.

2.5.1 - Bug and security fixes, new features, documentation updates

	* X509_cmp_time() now passes a malformed GeneralizedTime field as an
	  error. Reported by Theofilos Petsios.

	* Detect zero-length encrypted session data early, instead of when
	  malloc(0) fails or the HMAC check fails. Noted independently by
	  jsing@ and Kurt Cancemi.

	* Check for and handle failure of HMAC_{Update,Final} or
	  EVP_DecryptUpdate().

	* Massive update and normalization of manpages, conversion to
	  mandoc format. Many pages were rewritten for clarity and accuracy.
	  Portable doc links are up-to-date with a new conversion tool.

	* Curve25519 Key Exchange support.

	* Support for alternate chains for certificate verification.

	* Code cleanups, CBS conversions, further unification of DTLS/SSL
	  handshake code, further ASN1 macro expansion and removal.

	* Private symbol are now hidden in libssl and libcryto.

	* Friendly certificate verification error messages in libtls, peer
	  verification is now always enabled.

	* Added OCSP stapling support to libtls and netcat.

	* Added ocspcheck utility to validate a certificate against its OCSP
	  responder and save the reply for stapling

	* Enhanced regression tests and error handling for libtls.

	* Added explicit constant and non-constant time BN functions,
	  defaulting to constant time wherever possible.

	* Moved many leaked implementation details in public structs behind
	  opaque pointers.

	* Added ticket support to libtls.

	* Added support for setting the supported EC curves via
	  SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
	  SSL{_CTX}_set1_curves{_list} names. This also changes the default
	  list of curves to be X25519, P-256 and P-384. All other curves must
	  be manually enabled.

	* Added -groups option to openssl(1) s_client for specifying the curves
	  to be used in a colon-separated list.

	* Merged client/server version negotiation code paths into one,
	  reducing much duplicate code.

	* Removed error function codes from libssl and libcrypto.

	* Fixed an issue where a truncated packet could crash via an OOB read.

	* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
	  client-initiated renegotiation. This is the default for libtls
	  servers.

	* Avoid a side-channel cache-timing attack that can leak the ECDSA
	  private keys when signing. This is due to BN_mod_inverse() being
	  used without the constant time flag being set. Reported by Cesar

	  Pereida Garcia and Billy Brumley (Tampere University of Technology).
	  The fix was developed by Cesar Pereida Garcia.


	* iOS and MacOS compatibility updates from Simone Basso and Jacob
	  Berkman.


2.5.0 - New APIs, bug fixes and improvements

	* libtls now supports ALPN and SNI

	* libtls adds a new callback interface for integrating custom IO
	  functions. Thanks to Tobias Pape.

	* libtls now handles 4 cipher suite groups:
	    "secure" (TLSv1.2+AEAD+PFS)
	    "compat" (HIGH:!aNULL)
	    "legacy" (HIGH:MEDIUM:!aNULL)
	    "insecure" (ALL:!aNULL:!eNULL)

	    This allows for flexibility and finer grained control, rather than
	    having two extremes (an issue raised by Marko Kreen some time ago).

	* Tightened error handling for tls_config_set_ciphers().

	* libtls now always loads CA, key and certificate files at the time the
	  configuration function is called. This simplifies code and results in
	  a single memory based code path being used to provide data to libssl.

	* Add support for OCSP intermediate certificates.

	* Added functions used by stunnel and exim from BoringSSL - this
	  brings in X509_check_host, X509_check_email, X509_check_ip, and
	  X509_check_ip_asc.

	* Added initial support for iOS, thanks to Jacob Berkman.

	* Improved behavior of arc4random on Windows when using memory leak
	  analysis software.

	* Correctly handle an EOF that occurs prior to the TLS handshake
	  completing. Reported by Vasily Kolobkov, based on a diff from Marko
	  Kreen.

	* Limit the support of the "backward compatible" ssl2 handshake to
	  only be used if TLS 1.0 is enabled.

	* Fix incorrect results in certain cases on 64-bit systems when
	  BN_mod_word() can return incorrect results. BN_mod_word() now can
	  return an error condition. Thanks to Brian Smith.

	* Added constant-time updates to address CVE-2016-0702

	* Fixed undefined behavior in BN_GF2m_mod_arr()

	* Removed unused Cryptographic Message Support (CMS)

	* More conversions of long long idioms to time_t

	* Improved compatibility by avoiding printing NULL strings with
	  printf.

	* Reverted change that cleans up the EVP cipher context in
	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
	  previous behaviour.

	* Avoid unbounded memory growth in libssl, which can be triggered by a
	  TLS client repeatedly renegotiating and sending OCSP Status Request
	  TLS extensions.

	* Avoid falling back to a weak digest for (EC)DH when using SNI with
	  libssl.

2.4.2 - Bug fixes and improvements

	* Fixed loading default certificate locations with openssl s_client.

	* Ensured OCSP only uses and compares GENERALIZEDTIME values as per
	  RFC6960. Also added fixes for OCSP to work with intermediate
	  certificates provided in responses.

	* Improved behavior of arc4random on Windows to not appear to leak
	  memory in debug tools, reduced privileges of allocated memory.

	* Fixed incorrect results from BN_mod_word() when the modulus is too
Changes to jni/libressl/Makefile.am.
1
2
3
4
5
6
7
8
9
10
11
SUBDIRS = crypto ssl tls include apps tests man
ACLOCAL_AMFLAGS = -I m4

pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc

EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt cmake_uninstall.cmake.in

.PHONY: install_sw
install_sw: install







|



1
2
3
4
5
6
7
8
9
10
11
SUBDIRS = crypto ssl tls include apps tests man
ACLOCAL_AMFLAGS = -I m4

pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc

EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in

.PHONY: install_sw
install_sw: install
Changes to jni/libressl/Makefile.am.common.
1
2

AM_CFLAGS =
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL



>
1
2
3
AM_CFLAGS =
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL
AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
Changes to jni/libressl/Makefile.in.
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libcrypto.pc.in \
	$(srcdir)/libssl.pc.in $(srcdir)/libtls.pc.in \
	$(srcdir)/openssl.pc.in COPYING ChangeLog compile config.guess \
	config.sub depcomp install-sh ltmain.sh missing tap-driver.sh
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
  if test -d "$(distdir)"; then \
    find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
      && rm -rf "$(distdir)" \







|







190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libcrypto.pc.in \
	$(srcdir)/libssl.pc.in $(srcdir)/libtls.pc.in \
	$(srcdir)/openssl.pc.in COPYING ChangeLog compile config.guess \
	config.sub install-sh ltmain.sh missing tap-driver.sh
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
  if test -d "$(distdir)"; then \
    find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
      && rm -rf "$(distdir)" \
262
263
264
265
266
267
268

269
270
271
272
273
274
275
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
361
362
363
364
365
366
367
368

369
370
371
372
373
374
375
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = crypto ssl tls include apps tests man
ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
EXTRA_DIST = README.md README.windows VERSION config scripts \
	CMakeLists.txt cmake_uninstall.cmake.in

all: all-recursive

.SUFFIXES:
am--refresh: Makefile
	@:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
	@for dep in $?; do \







|
>







362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = crypto ssl tls include apps tests man
ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
EXTRA_DIST = README.md README.windows VERSION config scripts \
	CMakeLists.txt cmake_export_symbol.cmake \
	cmake_uninstall.cmake.in
all: all-recursive

.SUFFIXES:
am--refresh: Makefile
	@:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
	@for dep in $?; do \
Changes to jni/libressl/README.windows.
8
9
10
11
12
13
14

15
16
17
18
19
20
21
22
23



















24
25
26
27
28
29
30
building LibreSSL. Please try it with a recent toolchain if you encounter
troubles. Cygwin provides an easy method of installing the latest mingw-w64
cross compilers on Windows.

To configure and build LibreSSL for a 32-bit system, use the following
build steps:


 CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
 make
 make check

For 64-bit builds, use these instead:

 CC=x86_64-w64-mingw32-gcc ./configure --host=x86_64-w64-mingw32
 make
 make check




















# Using Libressl with Visual Studio

A script for generating ready-to-use .DLL and static .LIB files is included in
the source repository at
https://github.com/libressl-portable/portable/blob/master/dist-win.sh








>
|








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
building LibreSSL. Please try it with a recent toolchain if you encounter
troubles. Cygwin provides an easy method of installing the latest mingw-w64
cross compilers on Windows.

To configure and build LibreSSL for a 32-bit system, use the following
build steps:

 CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
 ./configure --host=i686-w64-mingw32
 make
 make check

For 64-bit builds, use these instead:

 CC=x86_64-w64-mingw32-gcc ./configure --host=x86_64-w64-mingw32
 make
 make check

# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?

An ABI change introduced with Microsoft Visual C++ 2005 (also known as
Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
is unable to represent times past 2038 (this is commonly known as the
Y2K38 problem).

If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
expiry date is set past 19 January 2038, it will be unable to tell if the
certificate has expired or not, and thus take the safe stance and reject it.

In order to avoid this, you need to build LibreSSL (and everything that links
with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
use the new ABI.

64-bit systems always have a 64-bit time_t and are not affected by this
problem.

# Using Libressl with Visual Studio

A script for generating ready-to-use .DLL and static .LIB files is included in
the source repository at
https://github.com/libressl-portable/portable/blob/master/dist-win.sh

Changes to jni/libressl/VERSION.
1
2
2.4.5

|

1
2
2.5.5

Changes to jni/libressl/apps/CMakeLists.txt.

1
2

add_subdirectory(openssl)
add_subdirectory(nc)
>


1
2
3
add_subdirectory(ocspcheck)
add_subdirectory(openssl)
add_subdirectory(nc)
Changes to jni/libressl/apps/Makefile.am.
1
2
3
4
5
include $(top_srcdir)/Makefile.am.common

SUBDIRS = openssl nc

EXTRA_DIST = CMakeLists.txt


|


1
2
3
4
5
include $(top_srcdir)/Makefile.am.common

SUBDIRS = ocspcheck openssl nc

EXTRA_DIST = CMakeLists.txt
Changes to jni/libressl/apps/Makefile.in.
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
        fi; \
        dir0="$$dir0"/"$$first"; \
      fi; \
    fi; \
    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
  done; \
  reldir="$$dir2"
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
        fi; \
        dir0="$$dir0"/"$$first"; \
      fi; \
    fi; \
    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
  done; \
  reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
210
211
212
213
214
215
216

217
218
219
220
221
222
223
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
305
306
307
308
309
310
311
312


313
314
315
316
317
318
319
320
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL


SUBDIRS = openssl nc
EXTRA_DIST = CMakeLists.txt
all: all-recursive

.SUFFIXES:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \







|
>
>
|







306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
SUBDIRS = ocspcheck openssl nc
EXTRA_DIST = CMakeLists.txt
all: all-recursive

.SUFFIXES:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
Changes to jni/libressl/apps/nc/CMakeLists.txt.
49
50
51
52
53
54
55
56
57
58
59
60
	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()

add_executable(nc ${NC_SRC})
target_link_libraries(nc tls ${OPENSSL_LIBS})

if(ENABLE_NC)
	install(TARGETS nc DESTINATION bin)
	install(FILES nc.1 DESTINATION share/man/man1)
endif()

endif()







|
|



49
50
51
52
53
54
55
56
57
58
59
60
	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()

add_executable(nc ${NC_SRC})
target_link_libraries(nc tls ${OPENSSL_LIBS})

if(ENABLE_NC)
	install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR})
	install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
endif()

endif()
Changes to jni/libressl/apps/nc/Makefile.am.
1
2
3
4
5
6

7
8
9
10
11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
include $(top_srcdir)/Makefile.am.common

if BUILD_NC

if ENABLE_NC
bin_PROGRAMS = nc

else
noinst_PROGRAMS = nc
endif

EXTRA_DIST = nc.1
EXTRA_DIST += CMakeLists.txt

nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
nc_LDADD += $(abs_top_builddir)/tls/libtls.la


AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
if OPENSSLDIR_DEFINED
AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
else
AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
endif

nc_SOURCES = atomicio.c
nc_SOURCES += netcat.c
nc_SOURCES += socks.c
noinst_HEADERS = atomicio.h
noinst_HEADERS += compat/sys/socket.h







>







<
|


>


<
<
<
<
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14

15
16
17
18
19
20





21
22
23
24
25
26
27
include $(top_srcdir)/Makefile.am.common

if BUILD_NC

if ENABLE_NC
bin_PROGRAMS = nc
dist_man_MANS = nc.1
else
noinst_PROGRAMS = nc
endif

EXTRA_DIST = nc.1
EXTRA_DIST += CMakeLists.txt


nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
nc_LDADD += $(abs_top_builddir)/tls/libtls.la
nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)

AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat






nc_SOURCES = atomicio.c
nc_SOURCES += netcat.c
nc_SOURCES += socks.c
noinst_HEADERS = atomicio.h
noinst_HEADERS += compat/sys/socket.h

Changes to jni/libressl/apps/nc/Makefile.in.
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@BUILD_NC_TRUE@@ENABLE_NC_TRUE@bin_PROGRAMS = nc$(EXEEXT)
@BUILD_NC_TRUE@@ENABLE_NC_FALSE@noinst_PROGRAMS = nc$(EXEEXT)
@BUILD_NC_TRUE@am__append_1 = -I$(top_srcdir)/apps/nc/compat
@BUILD_NC_TRUE@@OPENSSLDIR_DEFINED_TRUE@am__append_2 = -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
@BUILD_NC_TRUE@@OPENSSLDIR_DEFINED_FALSE@am__append_3 = -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
@BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@am__append_4 = compat/base64.c
@BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@am__append_5 = compat/accept4.c
@BUILD_NC_TRUE@@HAVE_READPASSPHRASE_FALSE@am__append_6 = compat/readpassphrase.c
@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@am__append_7 = compat/strtonum.c
subdir = apps/nc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
	$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__noinst_HEADERS_DIST) \
	$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)"
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
am__nc_SOURCES_DIST = atomicio.c netcat.c socks.c compat/socket.c \
	compat/base64.c compat/accept4.c compat/readpassphrase.c \
	compat/strtonum.c
am__dirstamp = $(am__leading_dot)dirstamp
@BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@am__objects_1 =  \
@BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@	compat/base64.$(OBJEXT)
@BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@am__objects_2 =  \
@BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@	compat/accept4.$(OBJEXT)
@BUILD_NC_TRUE@@HAVE_READPASSPHRASE_FALSE@am__objects_3 = compat/readpassphrase.$(OBJEXT)
@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@am__objects_4 =  \
@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@	compat/strtonum.$(OBJEXT)
@BUILD_NC_TRUE@am_nc_OBJECTS = atomicio.$(OBJEXT) netcat.$(OBJEXT) \
@BUILD_NC_TRUE@	socks.$(OBJEXT) compat/socket.$(OBJEXT) \
@BUILD_NC_TRUE@	$(am__objects_1) $(am__objects_2) \
@BUILD_NC_TRUE@	$(am__objects_3) $(am__objects_4)
nc_OBJECTS = $(am_nc_OBJECTS)
am__DEPENDENCIES_1 =
@BUILD_NC_TRUE@nc_DEPENDENCIES = $(am__DEPENDENCIES_1) \
@BUILD_NC_TRUE@	$(am__DEPENDENCIES_1) \
@BUILD_NC_TRUE@	$(abs_top_builddir)/crypto/libcrypto.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/ssl/libssl.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/tls/libtls.la

AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false







<
<
|
|
|
|
















|


















|
<


|
>







88
89
90
91
92
93
94


95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@BUILD_NC_TRUE@@ENABLE_NC_TRUE@bin_PROGRAMS = nc$(EXEEXT)
@BUILD_NC_TRUE@@ENABLE_NC_FALSE@noinst_PROGRAMS = nc$(EXEEXT)
@BUILD_NC_TRUE@am__append_1 = -I$(top_srcdir)/apps/nc/compat


@BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@am__append_2 = compat/base64.c
@BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@am__append_3 = compat/accept4.c
@BUILD_NC_TRUE@@HAVE_READPASSPHRASE_FALSE@am__append_4 = compat/readpassphrase.c
@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@am__append_5 = compat/strtonum.c
subdir = apps/nc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
	$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__noinst_HEADERS_DIST) \
	$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
am__nc_SOURCES_DIST = atomicio.c netcat.c socks.c compat/socket.c \
	compat/base64.c compat/accept4.c compat/readpassphrase.c \
	compat/strtonum.c
am__dirstamp = $(am__leading_dot)dirstamp
@BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@am__objects_1 =  \
@BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@	compat/base64.$(OBJEXT)
@BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@am__objects_2 =  \
@BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@	compat/accept4.$(OBJEXT)
@BUILD_NC_TRUE@@HAVE_READPASSPHRASE_FALSE@am__objects_3 = compat/readpassphrase.$(OBJEXT)
@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@am__objects_4 =  \
@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@	compat/strtonum.$(OBJEXT)
@BUILD_NC_TRUE@am_nc_OBJECTS = atomicio.$(OBJEXT) netcat.$(OBJEXT) \
@BUILD_NC_TRUE@	socks.$(OBJEXT) compat/socket.$(OBJEXT) \
@BUILD_NC_TRUE@	$(am__objects_1) $(am__objects_2) \
@BUILD_NC_TRUE@	$(am__objects_3) $(am__objects_4)
nc_OBJECTS = $(am_nc_OBJECTS)
am__DEPENDENCIES_1 =
@BUILD_NC_TRUE@nc_DEPENDENCIES =  \

@BUILD_NC_TRUE@	$(abs_top_builddir)/crypto/libcrypto.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/ssl/libssl.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/tls/libtls.la \
@BUILD_NC_TRUE@	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
179
180
181
182
183
184
185






























186
187
188
189
190
191
192
SOURCES = $(nc_SOURCES)
DIST_SOURCES = $(am__nc_SOURCES_DIST)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac






























am__noinst_HEADERS_DIST = atomicio.h compat/sys/socket.h
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates.  Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
SOURCES = $(nc_SOURCES)
DIST_SOURCES = $(am__nc_SOURCES_DIST)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
    *) f=$$p;; \
  esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
  for p in $$list; do echo "$$p $$p"; done | \
  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
    if (++n[$$2] == $(am__install_max)) \
      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
    END { for (dir in files) print dir, files[dir] }'
am__base_list = \
  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
  test -z "$$files" \
    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
man1dir = $(mandir)/man1
NROFF = nroff
MANS = $(dist_man_MANS)
am__noinst_HEADERS_DIST = atomicio.h compat/sys/socket.h
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates.  Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
am__define_uniq_tagged_files = \
  list='$(am__tagged_files)'; \
  unique=`for i in $$list; do \
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|


|



|
|
|







228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
am__define_uniq_tagged_files = \
  list='$(am__tagged_files)'; \
  unique=`for i in $$list; do \
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
232
233
234
235
236
237
238

239
240
241
242
243
244
245
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
328
329
330
331
332
333
334
335
336

337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL $(am__append_1) $(am__append_2) \
	$(am__append_3)

@BUILD_NC_TRUE@EXTRA_DIST = nc.1 CMakeLists.txt
@BUILD_NC_TRUE@nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) \
@BUILD_NC_TRUE@	$(abs_top_builddir)/crypto/libcrypto.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/ssl/libssl.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/tls/libtls.la
@BUILD_NC_TRUE@nc_SOURCES = atomicio.c netcat.c socks.c \
@BUILD_NC_TRUE@	compat/socket.c $(am__append_4) $(am__append_5) \
@BUILD_NC_TRUE@	$(am__append_6) $(am__append_7)
@BUILD_NC_TRUE@noinst_HEADERS = atomicio.h compat/sys/socket.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \







|
|
>

|
|
|
|

|
|







357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS= $(am__append_1)
@BUILD_NC_TRUE@@ENABLE_NC_TRUE@dist_man_MANS = nc.1
@BUILD_NC_TRUE@EXTRA_DIST = nc.1 CMakeLists.txt
@BUILD_NC_TRUE@nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/ssl/libssl.la \
@BUILD_NC_TRUE@	$(abs_top_builddir)/tls/libtls.la \
@BUILD_NC_TRUE@	$(PLATFORM_LDADD) $(PROG_LDADD)
@BUILD_NC_TRUE@nc_SOURCES = atomicio.c netcat.c socks.c \
@BUILD_NC_TRUE@	compat/socket.c $(am__append_2) $(am__append_3) \
@BUILD_NC_TRUE@	$(am__append_4) $(am__append_5)
@BUILD_NC_TRUE@noinst_HEADERS = atomicio.h compat/sys/socket.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
497
498
499
500
501
502
503











































504
505
506
507
508
509
510
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<

mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs












































ID: $(am__tagged_files)
	$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags

tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<

mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs
install-man1: $(dist_man_MANS)
	@$(NORMAL_INSTALL)
	@list1=''; \
	list2='$(dist_man_MANS)'; \
	test -n "$(man1dir)" \
	  && test -n "`echo $$list1$$list2`" \
	  || exit 0; \
	echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
	$(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
	{ for i in $$list1; do echo "$$i"; done;  \
	if test -n "$$list2"; then \
	  for i in $$list2; do echo "$$i"; done \
	    | sed -n '/\.1[a-z]*$$/p'; \
	fi; \
	} | while read p; do \
	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
	  echo "$$d$$p"; echo "$$p"; \
	done | \
	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
	sed 'N;N;s,\n, ,g' | { \
	list=; while read file base inst; do \
	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
	  fi; \
	done; \
	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
	while read files; do \
	  test -z "$$files" || { \
	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
	done; }

uninstall-man1:
	@$(NORMAL_UNINSTALL)
	@list=''; test -n "$(man1dir)" || exit 0; \
	files=`{ for i in $$list; do echo "$$i"; done; \
	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
	  sed -n '/\.1[a-z]*$$/p'; \
	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
	dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)

ID: $(am__tagged_files)
	$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags

tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
	    test -f "$(distdir)/$$file" \
	    || cp -p $$d/$$file "$(distdir)/$$file" \
	    || exit 1; \
	  fi; \
	done
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS) $(HEADERS)
installdirs:
	for dir in "$(DESTDIR)$(bindir)"; do \
	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
	done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am








|

|







655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
	    test -f "$(distdir)/$$file" \
	    || cp -p $$d/$$file "$(distdir)/$$file" \
	    || exit 1; \
	  fi; \
	done
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS) $(MANS) $(HEADERS)
installdirs:
	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
	done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am

642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672

html-am:

info: info-am

info-am:

install-data-am:

install-dvi: install-dvi-am

install-dvi-am:

install-exec-am: install-binPROGRAMS

install-html: install-html-am

install-html-am:

install-info: install-info-am

install-info-am:

install-man:

install-pdf: install-pdf-am

install-pdf-am:

install-ps: install-ps-am








|















|







715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745

html-am:

info: info-am

info-am:

install-data-am: install-man

install-dvi: install-dvi-am

install-dvi-am:

install-exec-am: install-binPROGRAMS

install-html: install-html-am

install-html-am:

install-info: install-info-am

install-info-am:

install-man: install-man1

install-pdf: install-pdf-am

install-pdf-am:

install-ps: install-ps-am

688
689
690
691
692
693
694
695


696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712

713
714
715
716
717
718
719

pdf-am:

ps: ps-am

ps-am:

uninstall-am: uninstall-binPROGRAMS



.MAKE: install-am install-strip

.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \
	clean-binPROGRAMS clean-generic clean-libtool \
	clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \
	distclean-compile distclean-generic distclean-libtool \
	distclean-tags distdir dvi dvi-am html html-am info info-am \
	install install-am install-binPROGRAMS install-data \
	install-data-am install-dvi install-dvi-am install-exec \
	install-exec-am install-html install-html-am install-info \
	install-info-am install-man install-pdf install-pdf-am \
	install-ps install-ps-am install-strip installcheck \
	installcheck-am installdirs maintainer-clean \
	maintainer-clean-generic mostlyclean mostlyclean-compile \
	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
	tags tags-am uninstall uninstall-am uninstall-binPROGRAMS


.PRECIOUS: Makefile


# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:







|
>
>











|
|
|


|
>







761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795

pdf-am:

ps: ps-am

ps-am:

uninstall-am: uninstall-binPROGRAMS uninstall-man

uninstall-man: uninstall-man1

.MAKE: install-am install-strip

.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \
	clean-binPROGRAMS clean-generic clean-libtool \
	clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \
	distclean-compile distclean-generic distclean-libtool \
	distclean-tags distdir dvi dvi-am html html-am info info-am \
	install install-am install-binPROGRAMS install-data \
	install-data-am install-dvi install-dvi-am install-exec \
	install-exec-am install-html install-html-am install-info \
	install-info-am install-man install-man1 install-pdf \
	install-pdf-am install-ps install-ps-am install-strip \
	installcheck installcheck-am installdirs maintainer-clean \
	maintainer-clean-generic mostlyclean mostlyclean-compile \
	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
	tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
	uninstall-man uninstall-man1

.PRECIOUS: Makefile


# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
Changes to jni/libressl/apps/nc/atomicio.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: atomicio.c,v 1.10 2011/01/08 00:47:19 jeremy Exp $ */
/*
 * Copyright (c) 2006 Damien Miller. All rights reserved.
 * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
 * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: atomicio.c,v 1.11 2012/12/04 02:24:47 deraadt Exp $ */
/*
 * Copyright (c) 2006 Damien Miller. All rights reserved.
 * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
 * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/apps/nc/atomicio.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: atomicio.h,v 1.1 2005/05/24 20:13:28 avsm Exp $ */

/*
 * Copyright (c) 2006 Damien Miller.  All rights reserved.
 * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: atomicio.h,v 1.2 2007/09/07 14:50:44 tobias Exp $ */

/*
 * Copyright (c) 2006 Damien Miller.  All rights reserved.
 * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/apps/nc/compat/strtonum.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strtonum.c,v 1.7 2013/04/17 18:40:58 tedu Exp $	*/

/*
 * Copyright (c) 2004 Ted Unangst and Todd Miller
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strtonum.c,v 1.8 2015/09/13 08:31:48 guenther Exp $	*/

/*
 * Copyright (c) 2004 Ted Unangst and Todd Miller
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
Changes to jni/libressl/apps/nc/nc.1.
1
2
3
4
5
6
7
8
.\"     $OpenBSD: nc.1,v 1.73 2016/06/28 17:35:14 jca Exp $
.\"
.\" Copyright (c) 1996 David Sacerdote
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
|







1
2
3
4
5
6
7
8
.\"     $OpenBSD: nc.1,v 1.82 2017/02/09 20:15:59 jca Exp $
.\"
.\" Copyright (c) 1996 David Sacerdote
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

46
47
48
49
50
51
52
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 28 2016 $
.Dt NC 1
.Os
.Sh NAME
.Nm nc
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
.Op Fl 46cDdFhklNnrStUuvz
.Op Fl C Ar certfile
.Op Fl e Ar name
.Op Fl H Ar hash
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl K Ar keyfile
.Op Fl M Ar ttl
.Op Fl m Ar minttl
.Op Fl O Ar length

.Op Fl P Ar proxy_username
.Op Fl p Ar source_port
.Op Fl R Ar CAfile
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
.Op Fl w Ar timeout







|

















>







21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: February 9 2017 $
.Dt NC 1
.Os
.Sh NAME
.Nm nc
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
.Op Fl 46cDdFhklNnrStUuvz
.Op Fl C Ar certfile
.Op Fl e Ar name
.Op Fl H Ar hash
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl K Ar keyfile
.Op Fl M Ar ttl
.Op Fl m Ar minttl
.Op Fl O Ar length
.Op Fl o Ar staplefile
.Op Fl P Ar proxy_username
.Op Fl p Ar source_port
.Op Fl R Ar CAfile
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
.Op Fl w Ar timeout
183
184
185
186
187
188
189






190
191
192
193
194
195
196
the network socket after EOF on the input.
Some servers require this to finish their work.
.It Fl n
Do not do any DNS or service lookups on any specified addresses,
hostnames or ports.
.It Fl O Ar length
Specifies the size of the TCP send buffer.






.It Fl P Ar proxy_username
Specifies a username to present to a proxy server that requires authentication.
If no username is specified then authentication will not be attempted.
Proxy authentication is only supported for HTTP CONNECT proxies at present.
.It Fl p Ar source_port
Specifies the source port
.Nm







>
>
>
>
>
>







184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
the network socket after EOF on the input.
Some servers require this to finish their work.
.It Fl n
Do not do any DNS or service lookups on any specified addresses,
hostnames or ports.
.It Fl O Ar length
Specifies the size of the TCP send buffer.
.It Fl o Ar staplefile
Specifies the filename from which to load data to be stapled
during the TLS handshake.
The file is expected to contain an OCSP response from an OCSP server in
DER format.
May only be used with TLS and when a certificate is being used.
.It Fl P Ar proxy_username
Specifies a username to present to a proxy server that requires authentication.
If no username is specified then authentication will not be attempted.
Proxy authentication is only supported for HTTP CONNECT proxies at present.
.It Fl p Ar source_port
Specifies the source port
.Nm
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234



235
236
237
238
239
240
241
.Fl l
option.
.It Fl T Ar keyword
Change IPv4 TOS value or TLS options.
For TLS options
.Ar keyword
may be one of
.Ar tlslegacy ,
which allows legacy TLS protocols;
.Ar noverify ,
which disables certificate verification;
.Ar noname ,
which disables certificate name checking; or
.Ar clientcert ,
which requires a client certificate on incoming connections.



It is illegal to specify TLS options if not using TLS.
.Pp
For IPv4 TOS value
.Ar keyword
may be one of
.Ar critical ,
.Ar inetcontrol ,







|
|
|


|

|
>
>
>







227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
.Fl l
option.
.It Fl T Ar keyword
Change IPv4 TOS value or TLS options.
For TLS options
.Ar keyword
may be one of
.Ar tlsall ;
which allows the use of all supported TLS protocols and ciphers,
.Ar noverify ;
which disables certificate verification;
.Ar noname ,
which disables certificate name checking;
.Ar clientcert ,
which requires a client certificate on incoming connections; or
.Ar muststaple ,
which requires the peer to provide a valid stapled OCSP response
with the handshake.
It is illegal to specify TLS options if not using TLS.
.Pp
For IPv4 TOS value
.Ar keyword
may be one of
.Ar critical ,
.Ar inetcontrol ,
313
314
315
316
317
318
319



320
321
322
323
324
325
326
.Ar proxy_address
and
.Ar port .
If
.Ar port
is not specified, the well-known port for the proxy protocol is used (1080
for SOCKS, 3128 for HTTPS).



.It Fl z
Specifies that
.Nm
should just scan for listening daemons, without sending any data to them.
It is an error to use this option in conjunction with the
.Fl l
option.







>
>
>







323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
.Ar proxy_address
and
.Ar port .
If
.Ar port
is not specified, the well-known port for the proxy protocol is used (1080
for SOCKS, 3128 for HTTPS).
An IPv6 address can be specified unambiguously by enclosing
.Ar proxy_address
in square brackets.
.It Fl z
Specifies that
.Nm
should just scan for listening daemons, without sending any data to them.
It is an error to use this option in conjunction with the
.Fl l
option.
Changes to jni/libressl/apps/nc/netcat.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: netcat.c,v 1.159 2016/07/07 14:09:44 jsing Exp $ */
/*
 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
 * Copyright (c) 2015 Bob Beck.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: netcat.c,v 1.178 2017/03/09 13:58:00 bluhm Exp $ */
/*
 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
 * Copyright (c) 2015 Bob Beck.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
65
66
67
68
69
70
71
72
73
74
75

76
77
78
79
80
81
82
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
#ifndef DEFAULT_CA_FILE
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
#endif

#define TLS_LEGACY	(1 << 1)
#define TLS_NOVERIFY	(1 << 2)
#define TLS_NONAME	(1 << 3)
#define TLS_CCERT	(1 << 4)


/* Command Line Options */
int	dflag;					/* detached, no stdin */
int	Fflag;					/* fdpass sock to stdout */
unsigned int iflag;				/* Interval Flag */
int	kflag;					/* More than one connect */
int	lflag;					/* Bind to local port */







|



>







65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
#ifndef DEFAULT_CA_FILE
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
#endif

#define TLS_ALL	(1 << 1)
#define TLS_NOVERIFY	(1 << 2)
#define TLS_NONAME	(1 << 3)
#define TLS_CCERT	(1 << 4)
#define TLS_MUSTSTAPLE	(1 << 5)

/* Command Line Options */
int	dflag;					/* detached, no stdin */
int	Fflag;					/* fdpass sock to stdout */
unsigned int iflag;				/* Interval Flag */
int	kflag;					/* More than one connect */
int	lflag;					/* Bind to local port */
101
102
103
104
105
106
107

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
#ifdef SO_RTABLE
int	rtableid = -1;
#endif

int	usetls;					/* use TLS */
char    *Cflag;					/* Public cert file */
char    *Kflag;					/* Private key file */

char    *Rflag = DEFAULT_CA_FILE;		/* Root CA file */
int	tls_cachanged;				/* Using non-default CA file */
int     TLSopt;					/* TLS options */
char	*tls_expectname;			/* required name in peer cert */
char	*tls_expecthash;			/* required hash of peer cert */
uint8_t *cacert;
size_t  cacertlen;
uint8_t *privkey;
size_t  privkeylen;
uint8_t *pubcert;
size_t  pubcertlen;

int timeout = -1;
int family = AF_UNSPEC;
char *portlist[PORT_MAX+1];
char *unix_dg_tmp_socket;
int ttl = -1;
int minttl = -1;

void	atelnet(int, unsigned char *, unsigned int);
void	build_ports(char *);
void	help(void);
int	local_listen(char *, char *, struct addrinfo);
void	readwrite(int, struct tls *);
void	fdpass(int nfd) __attribute__((noreturn));
int	remote_connect(const char *, const char *, struct addrinfo);

int	timeout_connect(int, const struct sockaddr *, socklen_t);
int	socks_connect(const char *, const char *, struct addrinfo,
	    const char *, const char *, struct addrinfo, int, const char *);
int	udptest(int);
int	unix_bind(char *, int);
int	unix_connect(char *);
int	unix_listen(char *);







>





<
<
<
<
<
<















>







102
103
104
105
106
107
108
109
110
111
112
113
114






115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#ifdef SO_RTABLE
int	rtableid = -1;
#endif

int	usetls;					/* use TLS */
char    *Cflag;					/* Public cert file */
char    *Kflag;					/* Private key file */
char    *oflag;					/* OCSP stapling file */
char    *Rflag = DEFAULT_CA_FILE;		/* Root CA file */
int	tls_cachanged;				/* Using non-default CA file */
int     TLSopt;					/* TLS options */
char	*tls_expectname;			/* required name in peer cert */
char	*tls_expecthash;			/* required hash of peer cert */







int timeout = -1;
int family = AF_UNSPEC;
char *portlist[PORT_MAX+1];
char *unix_dg_tmp_socket;
int ttl = -1;
int minttl = -1;

void	atelnet(int, unsigned char *, unsigned int);
void	build_ports(char *);
void	help(void);
int	local_listen(char *, char *, struct addrinfo);
void	readwrite(int, struct tls *);
void	fdpass(int nfd) __attribute__((noreturn));
int	remote_connect(const char *, const char *, struct addrinfo);
int	timeout_tls(int, struct tls *, int (*)(struct tls *));
int	timeout_connect(int, const struct sockaddr *, socklen_t);
int	socks_connect(const char *, const char *, struct addrinfo,
	    const char *, const char *, struct addrinfo, int, const char *);
int	udptest(int);
int	unix_bind(char *, int);
int	unix_connect(char *);
int	unix_listen(char *);
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
{
	int ch, s = -1, ret, socksv;
	char *host, *uport;
	struct addrinfo hints;
	struct servent *sv;
	socklen_t len;
	struct sockaddr_storage cliaddr;
	char *proxy = NULL;
	const char *errstr, *proxyhost = "", *proxyport = NULL;
	struct addrinfo proxyhints;
	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
	struct tls_config *tls_cfg = NULL;
	struct tls *tls_ctx = NULL;

	ret = 1;
	socksv = 5;
	host = NULL;
	uport = NULL;
	sv = NULL;

	signal(SIGPIPE, SIG_IGN);

	while ((ch = getopt(argc, argv,
	    "46C:cDde:FH:hI:i:K:klM:m:NnO:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
		switch (ch) {
		case '4':
			family = AF_INET;
			break;
		case '6':
			family = AF_INET6;
			break;







|
|














|







151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
{
	int ch, s = -1, ret, socksv;
	char *host, *uport;
	struct addrinfo hints;
	struct servent *sv;
	socklen_t len;
	struct sockaddr_storage cliaddr;
	char *proxy = NULL, *proxyport = NULL;
	const char *errstr;
	struct addrinfo proxyhints;
	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
	struct tls_config *tls_cfg = NULL;
	struct tls *tls_ctx = NULL;

	ret = 1;
	socksv = 5;
	host = NULL;
	uport = NULL;
	sv = NULL;

	signal(SIGPIPE, SIG_IGN);

	while ((ch = getopt(argc, argv,
	    "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
		switch (ch) {
		case '4':
			family = AF_INET;
			break;
		case '6':
			family = AF_INET6;
			break;
304
305
306
307
308
309
310



311
312
313
314
315
316
317
			break;
		case 'O':
			Oflag = strtonum(optarg, 1, 65536 << 14, &errstr);
			if (errstr != NULL)
				errx(1, "TCP send window %s: %s",
				    errstr, optarg);
			break;



#ifdef TCP_MD5SIG
		case 'S':
			Sflag = 1;
			break;
#endif
		case 'T':
			errstr = NULL;







>
>
>







301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
			break;
		case 'O':
			Oflag = strtonum(optarg, 1, 65536 << 14, &errstr);
			if (errstr != NULL)
				errx(1, "TCP send window %s: %s",
				    errstr, optarg);
			break;
		case 'o':
			oflag = optarg;
			break;
#ifdef TCP_MD5SIG
		case 'S':
			Sflag = 1;
			break;
#endif
		case 'T':
			errstr = NULL;
393
394
395
396
397
398
399


400
401
402
403
404
405
406
		errx(1, "cannot use -c and -F");
	if (TLSopt && !usetls)
		errx(1, "you must specify -c to use TLS options");
	if (Cflag && !usetls)
		errx(1, "you must specify -c to use -C");
	if (Kflag && !usetls)
		errx(1, "you must specify -c to use -K");


	if (tls_cachanged && !usetls)
		errx(1, "you must specify -c to use -R");
	if (tls_expecthash && !usetls)
		errx(1, "you must specify -c to use -H");
	if (tls_expectname && !usetls)
		errx(1, "you must specify -c to use -e");








>
>







393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
		errx(1, "cannot use -c and -F");
	if (TLSopt && !usetls)
		errx(1, "you must specify -c to use TLS options");
	if (Cflag && !usetls)
		errx(1, "you must specify -c to use -C");
	if (Kflag && !usetls)
		errx(1, "you must specify -c to use -K");
	if (oflag && !Cflag)
		errx(1, "you must specify -C to use -o");
	if (tls_cachanged && !usetls)
		errx(1, "you must specify -c to use -R");
	if (tls_expecthash && !usetls)
		errx(1, "you must specify -c to use -H");
	if (tls_expectname && !usetls)
		errx(1, "you must specify -c to use -e");

433
434
435
436
437
438
439
440
441
442
443
444












445
446
447
448



449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481


482
483


484

485
486
487
488
489
490
491
492
493
494
495

496
497
498





499
500
501
502
503
504
505

		if (lflag)
			errx(1, "no proxy support for listen");

		if (family == AF_UNIX)
			errx(1, "no proxy support for unix sockets");

		/* XXX IPv6 transport to proxy would probably work */
		if (family == AF_INET6)
			errx(1, "no proxy support for IPv6");

		if (sflag)












			errx(1, "no proxy support for local source address");

		proxyhost = strsep(&proxy, ":");
		proxyport = proxy;




		memset(&proxyhints, 0, sizeof(struct addrinfo));
		proxyhints.ai_family = family;
		proxyhints.ai_socktype = SOCK_STREAM;
		proxyhints.ai_protocol = IPPROTO_TCP;
		if (nflag)
			proxyhints.ai_flags |= AI_NUMERICHOST;
	}

	if (usetls) {
		if (Rflag && (cacert = tls_load_file(Rflag, &cacertlen, NULL)) == NULL)
			errx(1, "unable to load root CA file %s", Rflag);
		if (Cflag && (pubcert = tls_load_file(Cflag, &pubcertlen, NULL)) == NULL)
			errx(1, "unable to load TLS certificate file %s", Cflag);
		if (Kflag && (privkey = tls_load_file(Kflag, &privkeylen, NULL)) == NULL)
			errx(1, "unable to load TLS key file %s", Kflag);

		if (Pflag) {
			if (pledge("stdio inet dns tty", NULL) == -1)
				err(1, "pledge");
		} else if (pledge("stdio inet dns", NULL) == -1)
			err(1, "pledge");

		if (tls_init() == -1)
			errx(1, "unable to initialize TLS");
		if ((tls_cfg = tls_config_new()) == NULL)
			errx(1, "unable to allocate TLS config");
		if (Rflag && tls_config_set_ca_mem(tls_cfg, cacert, cacertlen) == -1)
			errx(1, "unable to set root CA file %s", Rflag);
		if (Cflag && tls_config_set_cert_mem(tls_cfg, pubcert, pubcertlen) == -1)
			errx(1, "unable to set TLS certificate file %s", Cflag);
		if (Kflag && tls_config_set_key_mem(tls_cfg, privkey, privkeylen) == -1)
			errx(1, "unable to set TLS key file %s", Kflag);


		if (TLSopt & TLS_LEGACY) {
			tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL);


			tls_config_set_ciphers(tls_cfg, "all");

		}
		if (!lflag && (TLSopt & TLS_CCERT))
			errx(1, "clientcert is only valid with -l");
		if (TLSopt & TLS_NONAME)
			tls_config_insecure_noverifyname(tls_cfg);
		if (TLSopt & TLS_NOVERIFY) {
			if (tls_expecthash != NULL)
				errx(1, "-H and -T noverify may not be used"
				    "together");
			tls_config_insecure_noverifycert(tls_cfg);
		} else {

                        if (Rflag && access(Rflag, R_OK) == -1)
                                errx(1, "unable to find root CA file %s", Rflag);
                }





	}
	if (lflag) {
		struct tls *tls_cctx = NULL;
		int connfd;
		ret = 0;

		if (family == AF_UNIX) {







<
|
|

|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
>
>
>










<
<
<
<
<
<
<

|

|






|
|
|
|
|
|
>
>
|
|
>
>
|
>










<
>
|
|
|
>
>
>
>
>







435
436
437
438
439
440
441

442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474







475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508

509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524

		if (lflag)
			errx(1, "no proxy support for listen");

		if (family == AF_UNIX)
			errx(1, "no proxy support for unix sockets");


		if (sflag)
			errx(1, "no proxy support for local source address");

		if (*proxy == '[') {
			++proxy;
			proxyport = strchr(proxy, ']');
			if (proxyport == NULL)
				errx(1, "missing closing bracket in proxy");
			*proxyport++ = '\0';
			if (*proxyport == '\0')
				/* Use default proxy port. */
				proxyport = NULL;
			else {
				if (*proxyport == ':')
					++proxyport;
				else
					errx(1, "garbage proxy port delimiter");
			}
		} else {
			proxyport = strrchr(proxy, ':');
			if (proxyport != NULL)
				*proxyport++ = '\0';
		}

		memset(&proxyhints, 0, sizeof(struct addrinfo));
		proxyhints.ai_family = family;
		proxyhints.ai_socktype = SOCK_STREAM;
		proxyhints.ai_protocol = IPPROTO_TCP;
		if (nflag)
			proxyhints.ai_flags |= AI_NUMERICHOST;
	}

	if (usetls) {







		if (Pflag) {
			if (pledge("stdio inet dns tty rpath", NULL) == -1)
				err(1, "pledge");
		} else if (pledge("stdio inet dns rpath", NULL) == -1)
			err(1, "pledge");

		if (tls_init() == -1)
			errx(1, "unable to initialize TLS");
		if ((tls_cfg = tls_config_new()) == NULL)
			errx(1, "unable to allocate TLS config");
		if (Rflag && tls_config_set_ca_file(tls_cfg, Rflag) == -1)
			errx(1, "%s", tls_config_error(tls_cfg));
		if (Cflag && tls_config_set_cert_file(tls_cfg, Cflag) == -1)
			errx(1, "%s", tls_config_error(tls_cfg));
		if (Kflag && tls_config_set_key_file(tls_cfg, Kflag) == -1)
			errx(1, "%s", tls_config_error(tls_cfg));
		if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1)
			errx(1, "%s", tls_config_error(tls_cfg));
		if (TLSopt & TLS_ALL) {
			if (tls_config_set_protocols(tls_cfg,
			    TLS_PROTOCOLS_ALL) != 0)
				errx(1, "%s", tls_config_error(tls_cfg));
			if (tls_config_set_ciphers(tls_cfg, "all") != 0)
				errx(1, "%s", tls_config_error(tls_cfg));
		}
		if (!lflag && (TLSopt & TLS_CCERT))
			errx(1, "clientcert is only valid with -l");
		if (TLSopt & TLS_NONAME)
			tls_config_insecure_noverifyname(tls_cfg);
		if (TLSopt & TLS_NOVERIFY) {
			if (tls_expecthash != NULL)
				errx(1, "-H and -T noverify may not be used"
				    "together");
			tls_config_insecure_noverifycert(tls_cfg);

		}
		if (TLSopt & TLS_MUSTSTAPLE)
			tls_config_ocsp_require_stapling(tls_cfg);

		if (Pflag) {
			if (pledge("stdio inet dns tty", NULL) == -1)
				err(1, "pledge");
		} else if (pledge("stdio inet dns", NULL) == -1)
			err(1, "pledge");
	}
	if (lflag) {
		struct tls *tls_cctx = NULL;
		int connfd;
		ret = 0;

		if (family == AF_UNIX) {
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598

599
600
601
602
603
604
605
606
					    family == AF_UNIX ? host : NULL);
				if ((usetls) &&
				    (tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
					readwrite(connfd, tls_cctx);
				if (!usetls)
					readwrite(connfd, NULL);
				if (tls_cctx) {
					int i;

					do {
						i = tls_close(tls_cctx);
					} while (i == TLS_WANT_POLLIN ||
					    i == TLS_WANT_POLLOUT);
					tls_free(tls_cctx);
					tls_cctx = NULL;
				}
				close(connfd);
			}
			if (family != AF_UNIX)
				close(s);
			else if (uflag) {
				if (connect(s, NULL, 0) < 0)
					err(1, "connect");
			}

			if (!kflag)
				break;
		}
	} else if (family == AF_UNIX) {
		ret = 0;

		if ((s = unix_connect(host)) > 0 && !zflag) {

			readwrite(s, NULL);
			close(s);
		} else
			ret = 1;

		if (uflag)
			unlink(unix_dg_tmp_socket);
		exit(ret);







<
|
<
<
<
<


















|
>
|







586
587
588
589
590
591
592

593




594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
					    family == AF_UNIX ? host : NULL);
				if ((usetls) &&
				    (tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
					readwrite(connfd, tls_cctx);
				if (!usetls)
					readwrite(connfd, NULL);
				if (tls_cctx) {

					timeout_tls(s, tls_cctx, tls_close);




					tls_free(tls_cctx);
					tls_cctx = NULL;
				}
				close(connfd);
			}
			if (family != AF_UNIX)
				close(s);
			else if (uflag) {
				if (connect(s, NULL, 0) < 0)
					err(1, "connect");
			}

			if (!kflag)
				break;
		}
	} else if (family == AF_UNIX) {
		ret = 0;

		if ((s = unix_connect(host)) > 0) {
			if (!zflag)
				readwrite(s, NULL);
			close(s);
		} else
			ret = 1;

		if (uflag)
			unlink(unix_dg_tmp_socket);
		exit(ret);
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
					errx(1, "tls client creation failed");
				if (tls_configure(tls_ctx, tls_cfg) == -1)
					errx(1, "tls configuration failed (%s)",
					    tls_error(tls_ctx));
			}
			if (xflag)
				s = socks_connect(host, portlist[i], hints,
				    proxyhost, proxyport, proxyhints, socksv,
				    Pflag);
			else
				s = remote_connect(host, portlist[i], hints);

			if (s == -1)
				continue;








|







636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
					errx(1, "tls client creation failed");
				if (tls_configure(tls_ctx, tls_cfg) == -1)
					errx(1, "tls configuration failed (%s)",
					    tls_error(tls_ctx));
			}
			if (xflag)
				s = socks_connect(host, portlist[i], hints,
				    proxy, proxyport, proxyhints, socksv,
				    Pflag);
			else
				s = remote_connect(host, portlist[i], hints);

			if (s == -1)
				continue;

662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
				fdpass(s);
			else {
				if (usetls)
					tls_setup_client(tls_ctx, s, host);
				if (!zflag)
					readwrite(s, tls_ctx);
				if (tls_ctx) {
					int j;

					do {
						j = tls_close(tls_ctx);
					} while (j == TLS_WANT_POLLIN ||
					    j == TLS_WANT_POLLOUT);
					tls_free(tls_ctx);
					tls_ctx = NULL;
				}
			}
		}
	}








<
<
<
|
<
<







677
678
679
680
681
682
683



684


685
686
687
688
689
690
691
				fdpass(s);
			else {
				if (usetls)
					tls_setup_client(tls_ctx, s, host);
				if (!zflag)
					readwrite(s, tls_ctx);
				if (tls_ctx) {



					timeout_tls(s, tls_ctx, tls_close);


					tls_free(tls_ctx);
					tls_ctx = NULL;
				}
			}
		}
	}

716
717
718
719
720
721
722



























723
724
725
726
727
728
729
730
731
732
733
734
735

736
737
738

739
740
741
742
743
744
745
746
747
748
749

750
751
752
753

754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
		save_errno = errno;
		close(s);
		errno = save_errno;
		return (-1);
	}
	return (s);
}




























void
tls_setup_client(struct tls *tls_ctx, int s, char *host)
{
	int i;

	if (tls_connect_socket(tls_ctx, s,
		tls_expectname ? tls_expectname : host) == -1) {
		errx(1, "tls connection failed (%s)",
		    tls_error(tls_ctx));
	}
	do {
		if ((i = tls_handshake(tls_ctx)) == -1)

			errx(1, "tls handshake failed (%s)",
			    tls_error(tls_ctx));
	} while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);

	if (vflag)
		report_tls(tls_ctx, host, tls_expectname);
	if (tls_expecthash && tls_peer_cert_hash(tls_ctx) &&
	    strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
		errx(1, "peer certificate is not %s", tls_expecthash);
}

struct tls *
tls_setup_server(struct tls *tls_ctx, int connfd, char *host)
{
	struct tls *tls_cctx;


	if (tls_accept_socket(tls_ctx, &tls_cctx,
		connfd) == -1) {
		warnx("tls accept failed (%s)",

		    tls_error(tls_ctx));
		tls_cctx = NULL;
	} else {
		int i;

		do {
			if ((i = tls_handshake(tls_cctx)) == -1)
				warnx("tls handshake failed (%s)",
				    tls_error(tls_cctx));
		} while(i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
	}
	if (tls_cctx) {
		int gotcert = tls_peer_cert_provided(tls_cctx);

		if (vflag && gotcert)
			report_tls(tls_cctx, host, tls_expectname);
		if ((TLSopt & TLS_CCERT) && !gotcert)
			warnx("No client certificate provided");
		else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash &&







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|






|
|
>
|
<
<
>











>

|
<
|
>
|
<
<
<
|
<
<
|
<
<
|
<







726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774


775
776
777
778
779
780
781
782
783
784
785
786
787
788
789

790
791
792



793


794


795

796
797
798
799
800
801
802
		save_errno = errno;
		close(s);
		errno = save_errno;
		return (-1);
	}
	return (s);
}

int
timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
{
	struct pollfd pfd;
	int ret;

	while ((ret = (*func)(tls_ctx)) != 0) {
		if (ret == TLS_WANT_POLLIN)
			pfd.events = POLLIN;
		else if (ret == TLS_WANT_POLLOUT)
			pfd.events = POLLOUT;
		else
			break;
		pfd.fd = s;
		if ((ret = poll(&pfd, 1, timeout)) == 1)
			continue;
		else if (ret == 0) {
			errno = ETIMEDOUT;
			ret = -1;
			break;
		} else
			err(1, "poll failed");
	}

	return (ret);
}

void
tls_setup_client(struct tls *tls_ctx, int s, char *host)
{
	const char *errstr;

	if (tls_connect_socket(tls_ctx, s,
		tls_expectname ? tls_expectname : host) == -1) {
		errx(1, "tls connection failed (%s)",
		    tls_error(tls_ctx));
	}
	if (timeout_tls(s, tls_ctx, tls_handshake) == -1) {
		if ((errstr = tls_error(tls_ctx)) == NULL)
			errstr = strerror(errno);
		errx(1, "tls handshake failed (%s)", errstr);


	}
	if (vflag)
		report_tls(tls_ctx, host, tls_expectname);
	if (tls_expecthash && tls_peer_cert_hash(tls_ctx) &&
	    strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
		errx(1, "peer certificate is not %s", tls_expecthash);
}

struct tls *
tls_setup_server(struct tls *tls_ctx, int connfd, char *host)
{
	struct tls *tls_cctx;
	const char *errstr;

	if (tls_accept_socket(tls_ctx, &tls_cctx, connfd) == -1) {

		warnx("tls accept failed (%s)", tls_error(tls_ctx));
	} else if (timeout_tls(connfd, tls_cctx, tls_handshake) == -1) {
		if ((errstr = tls_error(tls_cctx)) == NULL)



			errstr = strerror(errno);


		warnx("tls handshake failed (%s)", errstr);


	} else {

		int gotcert = tls_peer_cert_provided(tls_cctx);

		if (vflag && gotcert)
			report_tls(tls_cctx, host, tls_expectname);
		if ((TLSopt & TLS_CCERT) && !gotcert)
			warnx("No client certificate provided");
		else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash &&
843
844
845
846
847
848
849
850
851
852
853
854
855

856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899

900
901
902
903
904
905
906
907
 * Returns a socket connected to a remote host. Properly binds to a local
 * port or source address if needed. Returns -1 on failure.
 */
int
remote_connect(const char *host, const char *port, struct addrinfo hints)
{
	struct addrinfo *res, *res0;
	int s, error, save_errno;
#ifdef SO_BINDANY
	int on = 1;
#endif

	if ((error = getaddrinfo(host, port, &hints, &res)))

		errx(1, "getaddrinfo: %s", gai_strerror(error));

	res0 = res;
	do {
		if ((s = socket(res0->ai_family, res0->ai_socktype |
		    SOCK_NONBLOCK, res0->ai_protocol)) < 0)
			continue;

		/* Bind to a local port or source address if specified. */
		if (sflag || pflag) {
			struct addrinfo ahints, *ares;

#ifdef SO_BINDANY
			/* try SO_BINDANY, but don't insist */
			setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
#endif
			memset(&ahints, 0, sizeof(struct addrinfo));
			ahints.ai_family = res0->ai_family;
			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
			ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
			ahints.ai_flags = AI_PASSIVE;
			if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
				errx(1, "getaddrinfo: %s", gai_strerror(error));

			if (bind(s, (struct sockaddr *)ares->ai_addr,
			    ares->ai_addrlen) < 0)
				err(1, "bind failed");
			freeaddrinfo(ares);
		}

		set_common_sockopts(s, res0->ai_family);

		if (timeout_connect(s, res0->ai_addr, res0->ai_addrlen) == 0)
			break;
		if (vflag)
			warn("connect to %s port %s (%s) failed", host, port,
			    uflag ? "udp" : "tcp");

		save_errno = errno;
		close(s);
		errno = save_errno;
		s = -1;
	} while ((res0 = res0->ai_next) != NULL);


	freeaddrinfo(res);

	return (s);
}

int
timeout_connect(int s, const struct sockaddr *name, socklen_t namelen)
{







|




|
>
|

|
<
|
|











|












|

|









<
|
>
|







873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889

890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927

928
929
930
931
932
933
934
935
936
937
 * Returns a socket connected to a remote host. Properly binds to a local
 * port or source address if needed. Returns -1 on failure.
 */
int
remote_connect(const char *host, const char *port, struct addrinfo hints)
{
	struct addrinfo *res, *res0;
	int s = -1, error, save_errno;
#ifdef SO_BINDANY
	int on = 1;
#endif

	if ((error = getaddrinfo(host, port, &hints, &res0)))
		errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
		    port, gai_strerror(error));

	for (res = res0; res; res = res->ai_next) {

		if ((s = socket(res->ai_family, res->ai_socktype |
		    SOCK_NONBLOCK, res->ai_protocol)) < 0)
			continue;

		/* Bind to a local port or source address if specified. */
		if (sflag || pflag) {
			struct addrinfo ahints, *ares;

#ifdef SO_BINDANY
			/* try SO_BINDANY, but don't insist */
			setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
#endif
			memset(&ahints, 0, sizeof(struct addrinfo));
			ahints.ai_family = res->ai_family;
			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
			ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
			ahints.ai_flags = AI_PASSIVE;
			if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
				errx(1, "getaddrinfo: %s", gai_strerror(error));

			if (bind(s, (struct sockaddr *)ares->ai_addr,
			    ares->ai_addrlen) < 0)
				err(1, "bind failed");
			freeaddrinfo(ares);
		}

		set_common_sockopts(s, res->ai_family);

		if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0)
			break;
		if (vflag)
			warn("connect to %s port %s (%s) failed", host, port,
			    uflag ? "udp" : "tcp");

		save_errno = errno;
		close(s);
		errno = save_errno;
		s = -1;

	}

	freeaddrinfo(res0);

	return (s);
}

int
timeout_connect(int s, const struct sockaddr *name, socklen_t namelen)
{
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983

984
985
986
987
988
989
990
991
992
993
994
995
996
997
 * Returns a socket listening on a local port, binds to specified source
 * address. Returns -1 on failure.
 */
int
local_listen(char *host, char *port, struct addrinfo hints)
{
	struct addrinfo *res, *res0;
	int s, save_errno;
#ifdef SO_REUSEPORT
	int ret, x = 1;
#endif
	int error;

	/* Allow nodename to be null. */
	hints.ai_flags |= AI_PASSIVE;

	/*
	 * In the case of binding to a wildcard address
	 * default to binding to an ipv4 address.
	 */
	if (host == NULL && hints.ai_family == AF_UNSPEC)
		hints.ai_family = AF_INET;

	if ((error = getaddrinfo(host, port, &hints, &res)))
		errx(1, "getaddrinfo: %s", gai_strerror(error));

	res0 = res;
	do {
		if ((s = socket(res0->ai_family, res0->ai_socktype,
		    res0->ai_protocol)) < 0)
			continue;

#ifdef SO_REUSEPORT
		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
		if (ret == -1)
			err(1, NULL);
#endif

		set_common_sockopts(s, res0->ai_family);

		if (bind(s, (struct sockaddr *)res0->ai_addr,
		    res0->ai_addrlen) == 0)
			break;

		save_errno = errno;
		close(s);
		errno = save_errno;
		s = -1;
	} while ((res0 = res0->ai_next) != NULL);


	if (!uflag && s != -1) {
		if (listen(s, 1) < 0)
			err(1, "listen");
	}

	freeaddrinfo(res);

	return (s);
}

/*
 * readwrite()
 * Loop that polls on the network file descriptor and stdin.







|















|


|
<
|
|








|

|
|






<
>






|







965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991

992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011

1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
 * Returns a socket listening on a local port, binds to specified source
 * address. Returns -1 on failure.
 */
int
local_listen(char *host, char *port, struct addrinfo hints)
{
	struct addrinfo *res, *res0;
	int s = -1, save_errno;
#ifdef SO_REUSEPORT
	int ret, x = 1;
#endif
	int error;

	/* Allow nodename to be null. */
	hints.ai_flags |= AI_PASSIVE;

	/*
	 * In the case of binding to a wildcard address
	 * default to binding to an ipv4 address.
	 */
	if (host == NULL && hints.ai_family == AF_UNSPEC)
		hints.ai_family = AF_INET;

	if ((error = getaddrinfo(host, port, &hints, &res0)))
		errx(1, "getaddrinfo: %s", gai_strerror(error));

	for (res = res0; res; res = res->ai_next) {

		if ((s = socket(res->ai_family, res->ai_socktype,
		    res->ai_protocol)) < 0)
			continue;

#ifdef SO_REUSEPORT
		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
		if (ret == -1)
			err(1, NULL);
#endif

		set_common_sockopts(s, res->ai_family);

		if (bind(s, (struct sockaddr *)res->ai_addr,
		    res->ai_addrlen) == 0)
			break;

		save_errno = errno;
		close(s);
		errno = save_errno;
		s = -1;

	}

	if (!uflag && s != -1) {
		if (listen(s, 1) < 0)
			err(1, "listen");
	}

	freeaddrinfo(res0);

	return (s);
}

/*
 * readwrite()
 * Loop that polls on the network file descriptor and stdin.
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
	/* stdout */
	pfd[POLL_STDOUT].fd = stdout_fd;
	pfd[POLL_STDOUT].events = 0;

	while (1) {
		/* both inputs are gone, buffers are empty, we are done */
		if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
		    stdinbufpos == 0 && netinbufpos == 0) {
			close(net_fd);
			return;
		}
		/* both outputs are gone, we can't continue */
		if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) {
			close(net_fd);
			return;
		}
		/* listen and net in gone, queues empty, done */
		if (lflag && pfd[POLL_NETIN].fd == -1 &&
		    stdinbufpos == 0 && netinbufpos == 0) {
			close(net_fd);
			return;
		}

		/* help says -i is for "wait between lines sent". We read and
		 * write arbitrary amounts of data, and we don't want to start
		 * scanning for newlines, so this is as good as it gets */
		if (iflag)
			sleep(iflag);

		/* poll */
		num_fds = poll(pfd, 4, timeout);

		/* treat poll errors */
		if (num_fds == -1) {
			close(net_fd);
			err(1, "polling error");
		}

		/* timeout happened */
		if (num_fds == 0)
			return;

		/* treat socket error conditions */
		for (n = 0; n < 4; n++) {







|
<

<

|
<

<


|
<

<











|
<

<







1057
1058
1059
1060
1061
1062
1063
1064

1065

1066
1067

1068

1069
1070
1071

1072

1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084

1085

1086
1087
1088
1089
1090
1091
1092
	/* stdout */
	pfd[POLL_STDOUT].fd = stdout_fd;
	pfd[POLL_STDOUT].events = 0;

	while (1) {
		/* both inputs are gone, buffers are empty, we are done */
		if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
		    stdinbufpos == 0 && netinbufpos == 0)

			return;

		/* both outputs are gone, we can't continue */
		if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1)

			return;

		/* listen and net in gone, queues empty, done */
		if (lflag && pfd[POLL_NETIN].fd == -1 &&
		    stdinbufpos == 0 && netinbufpos == 0)

			return;


		/* help says -i is for "wait between lines sent". We read and
		 * write arbitrary amounts of data, and we don't want to start
		 * scanning for newlines, so this is as good as it gets */
		if (iflag)
			sleep(iflag);

		/* poll */
		num_fds = poll(pfd, 4, timeout);

		/* treat poll errors */
		if (num_fds == -1)

			err(1, "polling error");


		/* timeout happened */
		if (num_fds == 0)
			return;

		/* treat socket error conditions */
		for (n = 0; n < 4; n++) {
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544

1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560


1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577

































1578
1579
1580
1581
1582
1583
1584
int
map_tls(char *s, int *val)
{
	const struct tlskeywords {
		const char	*keyword;
		int		 val;
	} *t, tlskeywords[] = {
		{ "tlslegacy",		TLS_LEGACY },
		{ "noverify",		TLS_NOVERIFY },
		{ "noname",		TLS_NONAME },
		{ "clientcert",		TLS_CCERT},

		{ NULL,			-1 },
	};

	for (t = tlskeywords; t->keyword != NULL; t++) {
		if (strcmp(s, t->keyword) == 0) {
			*val |= t->val;
			return (1);
		}
	}
	return (0);
}

void
report_tls(struct tls * tls_ctx, char * host, char *tls_expectname)
{
	time_t t;


	fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n",
	    tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host);
	fprintf(stderr, "Peer name: %s\n",
	    tls_expectname ? tls_expectname : host);
	if (tls_peer_cert_subject(tls_ctx))
		fprintf(stderr, "Subject: %s\n",
		    tls_peer_cert_subject(tls_ctx));
	if (tls_peer_cert_issuer(tls_ctx))
		fprintf(stderr, "Issuer: %s\n",
		    tls_peer_cert_issuer(tls_ctx));
	if ((t = tls_peer_cert_notbefore(tls_ctx)) != -1)
		fprintf(stderr, "Valid From: %s", ctime(&t));
	if ((t = tls_peer_cert_notafter(tls_ctx)) != -1)
		fprintf(stderr, "Valid Until: %s", ctime(&t));
	if (tls_peer_cert_hash(tls_ctx))
		fprintf(stderr, "Cert Hash: %s\n",
		    tls_peer_cert_hash(tls_ctx));

































}

void
report_connect(const struct sockaddr *sa, socklen_t salen, char *path)
{
	char remote_host[NI_MAXHOST];
	char remote_port[NI_MAXSERV];







|



>
















>
>

















>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
int
map_tls(char *s, int *val)
{
	const struct tlskeywords {
		const char	*keyword;
		int		 val;
	} *t, tlskeywords[] = {
		{ "tlsall",		TLS_ALL },
		{ "noverify",		TLS_NOVERIFY },
		{ "noname",		TLS_NONAME },
		{ "clientcert",		TLS_CCERT},
		{ "muststaple",		TLS_MUSTSTAPLE},
		{ NULL,			-1 },
	};

	for (t = tlskeywords; t->keyword != NULL; t++) {
		if (strcmp(s, t->keyword) == 0) {
			*val |= t->val;
			return (1);
		}
	}
	return (0);
}

void
report_tls(struct tls * tls_ctx, char * host, char *tls_expectname)
{
	time_t t;
	const char *ocsp_url;

	fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n",
	    tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host);
	fprintf(stderr, "Peer name: %s\n",
	    tls_expectname ? tls_expectname : host);
	if (tls_peer_cert_subject(tls_ctx))
		fprintf(stderr, "Subject: %s\n",
		    tls_peer_cert_subject(tls_ctx));
	if (tls_peer_cert_issuer(tls_ctx))
		fprintf(stderr, "Issuer: %s\n",
		    tls_peer_cert_issuer(tls_ctx));
	if ((t = tls_peer_cert_notbefore(tls_ctx)) != -1)
		fprintf(stderr, "Valid From: %s", ctime(&t));
	if ((t = tls_peer_cert_notafter(tls_ctx)) != -1)
		fprintf(stderr, "Valid Until: %s", ctime(&t));
	if (tls_peer_cert_hash(tls_ctx))
		fprintf(stderr, "Cert Hash: %s\n",
		    tls_peer_cert_hash(tls_ctx));
	ocsp_url = tls_peer_ocsp_url(tls_ctx);
	if (ocsp_url != NULL)
		fprintf(stderr, "OCSP URL: %s\n", ocsp_url);
	switch (tls_peer_ocsp_response_status(tls_ctx)) {
	case TLS_OCSP_RESPONSE_SUCCESSFUL:
		fprintf(stderr, "OCSP Stapling: %s\n",
		    tls_peer_ocsp_result(tls_ctx) == NULL ?  "" :
		    tls_peer_ocsp_result(tls_ctx));
		fprintf(stderr,
		    "  response_status=%d cert_status=%d crl_reason=%d\n",
		    tls_peer_ocsp_response_status(tls_ctx),
		    tls_peer_ocsp_cert_status(tls_ctx),
		    tls_peer_ocsp_crl_reason(tls_ctx));
		t = tls_peer_ocsp_this_update(tls_ctx);
		fprintf(stderr, "  this update: %s",
		    t != -1 ? ctime(&t) : "\n");
		t =  tls_peer_ocsp_next_update(tls_ctx);
		fprintf(stderr, "  next update: %s",
		    t != -1 ? ctime(&t) : "\n");
		t =  tls_peer_ocsp_revocation_time(tls_ctx);
		fprintf(stderr, "  revocation: %s",
		    t != -1 ? ctime(&t) : "\n");
		break;
	case -1:
		break;
	default:
		fprintf(stderr, "OCSP Stapling:  failure - response_status %d (%s)\n",
		    tls_peer_ocsp_response_status(tls_ctx),
		    tls_peer_ocsp_result(tls_ctx) == NULL ?  "" :
		    tls_peer_ocsp_result(tls_ctx));
		break;

	}
}

void
report_connect(const struct sockaddr *sa, socklen_t salen, char *path)
{
	char remote_host[NI_MAXHOST];
	char remote_port[NI_MAXSERV];
1629
1630
1631
1632
1633
1634
1635

1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671

1672

1673
1674
1675
1676
	\t-k		Keep inbound sockets open for multiple connects\n\
	\t-l		Listen mode, for inbound connects\n\
	\t-M ttl		Outgoing TTL / Hop Limit\n\
	\t-m minttl	Minimum incoming TTL / Hop Limit\n\
	\t-N		Shutdown the network socket after EOF on stdin\n\
	\t-n		Suppress name/port resolutions\n\
	\t-O length	TCP send buffer length\n\

	\t-P proxyuser\tUsername for proxy authentication\n\
	\t-p port\t	Specify local port for remote connects\n\
	\t-R CAfile	CA bundle\n\
	\t-r		Randomize remote ports\n"
#ifdef TCP_MD5SIG
        "\
	\t-S		Enable the TCP MD5 signature option\n"
#endif
        "\
	\t-s source	Local source address\n\
	\t-T keyword	TOS value or TLS options\n\
	\t-t		Answer TELNET negotiation\n\
	\t-U		Use UNIX domain socket\n\
	\t-u		UDP mode\n"
#ifdef SO_RTABLE
        "\
	\t-V rtable	Specify alternate routing table\n"
#endif
        "\
	\t-v		Verbose\n\
	\t-w timeout	Timeout for connects and final net reads\n\
	\t-X proto	Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
	\t-x addr[:port]\tSpecify proxy address and port\n\
	\t-z		Zero-I/O mode [used for scanning]\n\
	Port numbers can be individual or ranges: lo-hi [inclusive]\n");
	exit(1);
}

void
usage(int ret)
{
	fprintf(stderr,
	    "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] "
	    "[-H hash] [-I length]\n"
	    "\t  [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n"
	    "\t  [-P proxy_username] [-p source_port] [-R CAfile] [-s source]\n"

	    "\t  [-T keyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n"

	    "\t  [-x proxy_address[:port]] [destination] [port]\n");
	if (ret)
		exit(1);
}







>





|


|






|


|
















|
>
|
>




1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
	\t-k		Keep inbound sockets open for multiple connects\n\
	\t-l		Listen mode, for inbound connects\n\
	\t-M ttl		Outgoing TTL / Hop Limit\n\
	\t-m minttl	Minimum incoming TTL / Hop Limit\n\
	\t-N		Shutdown the network socket after EOF on stdin\n\
	\t-n		Suppress name/port resolutions\n\
	\t-O length	TCP send buffer length\n\
	\t-o staplefile	Staple file\n\
	\t-P proxyuser\tUsername for proxy authentication\n\
	\t-p port\t	Specify local port for remote connects\n\
	\t-R CAfile	CA bundle\n\
	\t-r		Randomize remote ports\n"
#ifdef TCP_MD5SIG
	"\
	\t-S		Enable the TCP MD5 signature option\n"
#endif
	"\
	\t-s source	Local source address\n\
	\t-T keyword	TOS value or TLS options\n\
	\t-t		Answer TELNET negotiation\n\
	\t-U		Use UNIX domain socket\n\
	\t-u		UDP mode\n"
#ifdef SO_RTABLE
	"\
	\t-V rtable	Specify alternate routing table\n"
#endif
	"\
	\t-v		Verbose\n\
	\t-w timeout	Timeout for connects and final net reads\n\
	\t-X proto	Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
	\t-x addr[:port]\tSpecify proxy address and port\n\
	\t-z		Zero-I/O mode [used for scanning]\n\
	Port numbers can be individual or ranges: lo-hi [inclusive]\n");
	exit(1);
}

void
usage(int ret)
{
	fprintf(stderr,
	    "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] "
	    "[-H hash] [-I length]\n"
	    "\t  [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n"
	    "\t  [-o staplefile] [-P proxy_username] [-p source_port] "
	    "[-R CAfile]\n"
	    "\t  [-s source] [-T keyword] [-V rtable] [-w timeout] "
	    "[-X proxy_protocol]\n"
	    "\t  [-x proxy_address[:port]] [destination] [port]\n");
	if (ret)
		exit(1);
}
Changes to jni/libressl/apps/nc/socks.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: socks.c,v 1.23 2015/12/10 18:31:52 mmcc Exp $	*/

/*
 * Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
 * Copyright (c) 2004, 2005 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: socks.c,v 1.24 2016/06/27 14:43:04 deraadt Exp $	*/

/*
 * Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
 * Copyright (c) 2004, 2005 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
Added jni/libressl/apps/ocspcheck/CMakeLists.txt.




















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
if(NOT MSVC)

include_directories(
	.
	./compat
	../../include
	../../include/compat
)

set(
	OCSPCHECK_SRC
	http.c
	ocspcheck.c
)

check_function_exists(inet_ntop HAVE_INET_NTOP)
if(HAVE_INET_NTOP)
        add_definitions(-DHAVE_INET_NTOP)
else()
        set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/inet_ntop.c)
endif()

check_function_exists(inet_ntop HAVE_MEMMEM)
if(HAVE_MEMMEM)
        add_definitions(-DHAVE_MEMMEM)
else()
        set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c)
endif()

if(NOT "${OPENSSLDIR}" STREQUAL "")
	add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()

add_executable(ocspcheck ${OCSPCHECK_SRC})
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})

install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)

endif()
Added jni/libressl/apps/ocspcheck/Makefile.am.














































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
include $(top_srcdir)/Makefile.am.common

bin_PROGRAMS = ocspcheck

EXTRA_DIST = ocspcheck.8
EXTRA_DIST += CMakeLists.txt

ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la
ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la
ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)

ocspcheck_SOURCES = http.c
ocspcheck_SOURCES += ocspcheck.c
noinst_HEADERS = http.h

if !HAVE_INET_NTOP
ocspcheck_SOURCES += compat/inet_ntop.c
endif

if !HAVE_MEMMEM
ocspcheck_SOURCES += compat/memmem.c
endif
Added jni/libressl/apps/ocspcheck/Makefile.in.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@

# Copyright (C) 1994-2014 Free Software Foundation, Inc.

# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.

@SET_MAKE@


VPATH = @srcdir@
am__is_gnu_make = { \
  if test -z '$(MAKELEVEL)'; then \
    false; \
  elif test -n '$(MAKE_HOST)'; then \
    true; \
  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
    true; \
  else \
    false; \
  fi; \
}
am__make_running_with_option = \
  case $${target_option-} in \
      ?) ;; \
      *) echo "am__make_running_with_option: internal error: invalid" \
              "target option '$${target_option-}' specified" >&2; \
         exit 1;; \
  esac; \
  has_opt=no; \
  sane_makeflags=$$MAKEFLAGS; \
  if $(am__is_gnu_make); then \
    sane_makeflags=$$MFLAGS; \
  else \
    case $$MAKEFLAGS in \
      *\\[\ \	]*) \
        bs=\\; \
        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
    esac; \
  fi; \
  skip_next=no; \
  strip_trailopt () \
  { \
    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
  }; \
  for flg in $$sane_makeflags; do \
    test $$skip_next = yes && { skip_next=no; continue; }; \
    case $$flg in \
      *=*|--*) continue;; \
        -*I) strip_trailopt 'I'; skip_next=yes;; \
      -*I?*) strip_trailopt 'I';; \
        -*O) strip_trailopt 'O'; skip_next=yes;; \
      -*O?*) strip_trailopt 'O';; \
        -*l) strip_trailopt 'l'; skip_next=yes;; \
      -*l?*) strip_trailopt 'l';; \
      -[dEDm]) skip_next=yes;; \
      -[JT]) skip_next=yes;; \
    esac; \
    case $$flg in \
      *$$target_option*) has_opt=yes; break;; \
    esac; \
  done; \
  test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = ocspcheck$(EXEEXT)
@HAVE_INET_NTOP_FALSE@am__append_1 = compat/inet_ntop.c
@HAVE_MEMMEM_FALSE@am__append_2 = compat/memmem.c
subdir = apps/ocspcheck
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
	$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
	$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)"
PROGRAMS = $(bin_PROGRAMS)
am__ocspcheck_SOURCES_DIST = http.c ocspcheck.c compat/inet_ntop.c \
	compat/memmem.c
am__dirstamp = $(am__leading_dot)dirstamp
@HAVE_INET_NTOP_FALSE@am__objects_1 = compat/inet_ntop.$(OBJEXT)
@HAVE_MEMMEM_FALSE@am__objects_2 = compat/memmem.$(OBJEXT)
am_ocspcheck_OBJECTS = http.$(OBJEXT) ocspcheck.$(OBJEXT) \
	$(am__objects_1) $(am__objects_2)
ocspcheck_OBJECTS = $(am_ocspcheck_OBJECTS)
am__DEPENDENCIES_1 =
ocspcheck_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/tls/libtls.la $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo "  GEN     " $@;
am__v_GEN_1 = 
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 = 
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
	$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo "  CC      " $@;
am__v_CC_1 = 
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
	$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo "  CCLD    " $@;
am__v_CCLD_1 = 
SOURCES = $(ocspcheck_SOURCES)
DIST_SOURCES = $(am__ocspcheck_SOURCES_DIST)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates.  Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
  BEGIN { nonempty = 0; } \
  { items[$$0] = 1; nonempty = 1; } \
  END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique.  This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
  list='$(am__tagged_files)'; \
  unique=`for i in $$list; do \
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBCRYPTO_VERSION = @LIBCRYPTO_VERSION@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSSL_VERSION = @LIBSSL_VERSION@
LIBTLS_VERSION = @LIBTLS_VERSION@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENSSLDIR = @OPENSSLDIR@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PLATFORM_LDADD = @PLATFORM_LDADD@
PROG_LDADD = @PROG_LDADD@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
EXTRA_DIST = ocspcheck.8 CMakeLists.txt
ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/tls/libtls.la $(PLATFORM_LDADD) \
	$(PROG_LDADD)
ocspcheck_SOURCES = http.c ocspcheck.c $(am__append_1) $(am__append_2)
noinst_HEADERS = http.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
	    *$$dep*) \
	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
	        && { if test -f $@; then exit 0; else break; fi; }; \
	      exit 1;; \
	  esac; \
	done; \
	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign apps/ocspcheck/Makefile'; \
	$(am__cd) $(top_srcdir) && \
	  $(AUTOMAKE) --foreign apps/ocspcheck/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
	@case '$?' in \
	  *config.status*) \
	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
	  *) \
	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
	esac;
$(top_srcdir)/Makefile.am.common $(am__empty):

$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh

$(top_srcdir)/configure:  $(am__configure_deps)
	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
install-binPROGRAMS: $(bin_PROGRAMS)
	@$(NORMAL_INSTALL)
	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
	if test -n "$$list"; then \
	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
	fi; \
	for p in $$list; do echo "$$p $$p"; done | \
	sed 's/$(EXEEXT)$$//' | \
	while read p p1; do if test -f $$p \
	 || test -f $$p1 \
	  ; then echo "$$p"; echo "$$p"; else :; fi; \
	done | \
	sed -e 'p;s,.*/,,;n;h' \
	    -e 's|.*|.|' \
	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
	sed 'N;N;N;s,\n, ,g' | \
	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
	    else { print "f", $$3 "/" $$4, $$1; } } \
	  END { for (d in files) print "f", d, files[d] }' | \
	while read type dir files; do \
	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
	    test -z "$$files" || { \
	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
	    } \
	; done

uninstall-binPROGRAMS:
	@$(NORMAL_UNINSTALL)
	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
	files=`for p in $$list; do echo "$$p"; done | \
	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
	      -e 's/$$/$(EXEEXT)/' \
	`; \
	test -n "$$list" || exit 0; \
	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
	cd "$(DESTDIR)$(bindir)" && rm -f $$files

clean-binPROGRAMS:
	@list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
	echo " rm -f" $$list; \
	rm -f $$list || exit $$?; \
	test -n "$(EXEEXT)" || exit 0; \
	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
	echo " rm -f" $$list; \
	rm -f $$list
compat/$(am__dirstamp):
	@$(MKDIR_P) compat
	@: > compat/$(am__dirstamp)
compat/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) compat/$(DEPDIR)
	@: > compat/$(DEPDIR)/$(am__dirstamp)
compat/inet_ntop.$(OBJEXT): compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/memmem.$(OBJEXT): compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)

ocspcheck$(EXEEXT): $(ocspcheck_OBJECTS) $(ocspcheck_DEPENDENCIES) $(EXTRA_ocspcheck_DEPENDENCIES) 
	@rm -f ocspcheck$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(ocspcheck_OBJECTS) $(ocspcheck_LDADD) $(LIBS)

mostlyclean-compile:
	-rm -f *.$(OBJEXT)
	-rm -f compat/*.$(OBJEXT)

distclean-compile:
	-rm -f *.tab.c

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/http.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocspcheck.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/inet_ntop.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/memmem.Po@am__quote@

.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<

.c.obj:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`

.c.lo:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<

mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs

ID: $(am__tagged_files)
	$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags

tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
	set x; \
	here=`pwd`; \
	$(am__define_uniq_tagged_files); \
	shift; \
	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
	  test -n "$$unique" || unique=$$empty_fix; \
	  if test $$# -gt 0; then \
	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
	      "$$@" $$unique; \
	  else \
	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
	      $$unique; \
	  fi; \
	fi
ctags: ctags-am

CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
	$(am__define_uniq_tagged_files); \
	test -z "$(CTAGS_ARGS)$$unique" \
	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
	     $$unique

GTAGS:
	here=`$(am__cd) $(top_builddir) && pwd` \
	  && $(am__cd) $(top_srcdir) \
	  && gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-am

cscopelist-am: $(am__tagged_files)
	list='$(am__tagged_files)'; \
	case "$(srcdir)" in \
	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
	  *) sdir=$(subdir)/$(srcdir) ;; \
	esac; \
	for i in $$list; do \
	  if test -f "$$i"; then \
	    echo "$(subdir)/$$i"; \
	  else \
	    echo "$$sdir/$$i"; \
	  fi; \
	done >> $(top_builddir)/cscope.files

distclean-tags:
	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags

distdir: $(DISTFILES)
	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
	list='$(DISTFILES)'; \
	  dist_files=`for file in $$list; do echo $$file; done | \
	  sed -e "s|^$$srcdirstrip/||;t" \
	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
	case $$dist_files in \
	  */*) $(MKDIR_P) `echo "$$dist_files" | \
			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
			   sort -u` ;; \
	esac; \
	for file in $$dist_files; do \
	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
	  if test -d $$d/$$file; then \
	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
	    if test -d "$(distdir)/$$file"; then \
	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
	    fi; \
	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
	    fi; \
	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
	  else \
	    test -f "$(distdir)/$$file" \
	    || cp -p $$d/$$file "$(distdir)/$$file" \
	    || exit 1; \
	  fi; \
	done
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS) $(HEADERS)
installdirs:
	for dir in "$(DESTDIR)$(bindir)"; do \
	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
	done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am

install-am: all-am
	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

installcheck: installcheck-am
install-strip:
	if test -z '$(STRIP)'; then \
	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
	      install; \
	else \
	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
	fi
mostlyclean-generic:

clean-generic:

distclean-generic:
	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
	-rm -f compat/$(DEPDIR)/$(am__dirstamp)
	-rm -f compat/$(am__dirstamp)

maintainer-clean-generic:
	@echo "This command is intended for maintainers to use"
	@echo "it deletes files that may require special tools to rebuild."
clean: clean-am

clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am

distclean: distclean-am
	-rm -rf ./$(DEPDIR) compat/$(DEPDIR)
	-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
	distclean-tags

dvi: dvi-am

dvi-am:

html: html-am

html-am:

info: info-am

info-am:

install-data-am:

install-dvi: install-dvi-am

install-dvi-am:

install-exec-am: install-binPROGRAMS

install-html: install-html-am

install-html-am:

install-info: install-info-am

install-info-am:

install-man:

install-pdf: install-pdf-am

install-pdf-am:

install-ps: install-ps-am

install-ps-am:

installcheck-am:

maintainer-clean: maintainer-clean-am
	-rm -rf ./$(DEPDIR) compat/$(DEPDIR)
	-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic

mostlyclean: mostlyclean-am

mostlyclean-am: mostlyclean-compile mostlyclean-generic \
	mostlyclean-libtool

pdf: pdf-am

pdf-am:

ps: ps-am

ps-am:

uninstall-am: uninstall-binPROGRAMS

.MAKE: install-am install-strip

.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \
	clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \
	ctags ctags-am distclean distclean-compile distclean-generic \
	distclean-libtool distclean-tags distdir dvi dvi-am html \
	html-am info info-am install install-am install-binPROGRAMS \
	install-data install-data-am install-dvi install-dvi-am \
	install-exec install-exec-am install-html install-html-am \
	install-info install-info-am install-man install-pdf \
	install-pdf-am install-ps install-ps-am install-strip \
	installcheck installcheck-am installdirs maintainer-clean \
	maintainer-clean-generic mostlyclean mostlyclean-compile \
	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
	tags tags-am uninstall uninstall-am uninstall-binPROGRAMS

.PRECIOUS: Makefile


# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
Added jni/libressl/apps/ocspcheck/compat/inet_ntop.c.
























































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
/*	$OpenBSD: inet_ntop.c,v 1.13 2016/09/21 04:38:56 guenther Exp $	*/

/* Copyright (c) 1996 by Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 */

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>

/*
 * WARNING: Don't even consider trying to compile this on a system where
 * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
 */

static const char *inet_ntop4(const u_char *src, char *dst, size_t size);
static const char *inet_ntop6(const u_char *src, char *dst, size_t size);

/* const char *
 * inet_ntop(af, src, dst, size)
 *	convert a network format address to presentation format.
 * return:
 *	pointer to presentation format address (`dst'), or NULL (see errno).
 * author:
 *	Paul Vixie, 1996.
 */
const char *
inet_ntop(int af, const void *src, char *dst, socklen_t size)
{
	switch (af) {
	case AF_INET:
		return (inet_ntop4(src, dst, size));
	case AF_INET6:
		return (inet_ntop6(src, dst, size));
	default:
		errno = EAFNOSUPPORT;
		return (NULL);
	}
	/* NOTREACHED */
}

/* const char *
 * inet_ntop4(src, dst, size)
 *	format an IPv4 address, more or less like inet_ntoa()
 * return:
 *	`dst' (as a const)
 * notes:
 *	(1) uses no statics
 *	(2) takes a u_char* not an in_addr as input
 * author:
 *	Paul Vixie, 1996.
 */
static const char *
inet_ntop4(const u_char *src, char *dst, size_t size)
{
	char tmp[sizeof "255.255.255.255"];
	int l;

	l = snprintf(tmp, sizeof(tmp), "%u.%u.%u.%u",
	    src[0], src[1], src[2], src[3]);
	if (l <= 0 || l >= size) {
		errno = ENOSPC;
		return (NULL);
	}
	strlcpy(dst, tmp, size);
	return (dst);
}

/* const char *
 * inet_ntop6(src, dst, size)
 *	convert IPv6 binary address into presentation (printable) format
 * author:
 *	Paul Vixie, 1996.
 */
static const char *
inet_ntop6(const u_char *src, char *dst, size_t size)
{
	/*
	 * Note that int32_t and int16_t need only be "at least" large enough
	 * to contain a value of the specified size.  On some systems, like
	 * Crays, there is no such thing as an integer variable with 16 bits.
	 * Keep this in mind if you think this function should have been coded
	 * to use pointer overlays.  All the world's not a VAX.
	 */
	char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
	char *tp, *ep;
	struct { int base, len; } best, cur;
	u_int words[IN6ADDRSZ / INT16SZ];
	int i;
	int advance;

	/*
	 * Preprocess:
	 *	Copy the input (bytewise) array into a wordwise array.
	 *	Find the longest run of 0x00's in src[] for :: shorthanding.
	 */
	memset(words, '\0', sizeof words);
	for (i = 0; i < IN6ADDRSZ; i++)
		words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
	best.base = -1;
	cur.base = -1;
	for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
		if (words[i] == 0) {
			if (cur.base == -1)
				cur.base = i, cur.len = 1;
			else
				cur.len++;
		} else {
			if (cur.base != -1) {
				if (best.base == -1 || cur.len > best.len)
					best = cur;
				cur.base = -1;
			}
		}
	}
	if (cur.base != -1) {
		if (best.base == -1 || cur.len > best.len)
			best = cur;
	}
	if (best.base != -1 && best.len < 2)
		best.base = -1;

	/*
	 * Format the result.
	 */
	tp = tmp;
	ep = tmp + sizeof(tmp);
	for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) {
		/* Are we inside the best run of 0x00's? */
		if (best.base != -1 && i >= best.base &&
		    i < (best.base + best.len)) {
			if (i == best.base) {
				if (tp + 1 >= ep) {
					errno = ENOSPC;
					return (NULL);
				}
				*tp++ = ':';
			}
			continue;
		}
		/* Are we following an initial run of 0x00s or any real hex? */
		if (i != 0) {
			if (tp + 1 >= ep) {
				errno = ENOSPC;
				return (NULL);
			}
			*tp++ = ':';
		}
		/* Is this address an encapsulated IPv4? */
		if (i == 6 && best.base == 0 &&
		    (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
			if (!inet_ntop4(src+12, tp, ep - tp))
				return (NULL);
			tp += strlen(tp);
			break;
		}
		advance = snprintf(tp, ep - tp, "%x", words[i]);
		if (advance <= 0 || advance >= ep - tp) {
			errno = ENOSPC;
			return (NULL);
		}
		tp += advance;
	}
	/* Was it a trailing run of 0x00's? */
	if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) {
		if (tp + 1 >= ep) {
			errno = ENOSPC;
			return (NULL);
		}
		*tp++ = ':';
	}
	if (tp + 1 >= ep) {
		errno = ENOSPC;
		return (NULL);
	}
	*tp++ = '\0';

	/*
	 * Check for overflow, copy, and we're done.
	 */
	if ((size_t)(tp - tmp) > size) {
		errno = ENOSPC;
		return (NULL);
	}
	strlcpy(dst, tmp, size);
	return (dst);
}
Added jni/libressl/apps/ocspcheck/compat/memmem.c.






























































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*	$OpenBSD: memmem.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
/*-
 * Copyright (c) 2005 Pascal Gloor <pascal.gloor@spale.com>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <string.h>

/*
 * Find the first occurrence of the byte string s in byte string l.
 */

void *
memmem(const void *l, size_t l_len, const void *s, size_t s_len)
{
	const char *cur, *last;
	const char *cl = l;
	const char *cs = s;

	/* a zero length needle should just return the haystack */
	if (s_len == 0)
		return (void *)cl;

	/* "s" must be smaller or equal to "l" */
	if (l_len < s_len)
		return NULL;

	/* special case where s_len == 1 */
	if (s_len == 1)
		return memchr(l, *cs, l_len);

	/* the last position where its possible to find "s" in "l" */
	last = cl + l_len - s_len;

	for (cur = cl; cur <= last; cur++)
		if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0)
			return (void *)cur;

	return NULL;
}
Added jni/libressl/apps/ocspcheck/http.c.
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
/*	$Id: http.c,v 1.9 2017/03/26 18:41:02 deraadt Exp $ */
/*
 * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/socket.h>

#include <arpa/inet.h>
#include <netinet/in.h>

#include <ctype.h>
#include <err.h>
#include <limits.h>
#include <netdb.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <tls.h>
#include <unistd.h>

#include "http.h"
#include <tls.h>

#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"

/*
 * A buffer for transferring HTTP/S data.
 */
struct	httpxfer {
	char		*hbuf;    /* header transfer buffer */
	size_t		 hbufsz;  /* header buffer size */
	int		 headok;  /* header has been parsed */
	char		*bbuf;    /* body transfer buffer */
	size_t		 bbufsz;  /* body buffer size */
	int		 bodyok;  /* body has been parsed */
	char		*headbuf; /* lookaside buffer for headers */
	struct httphead	*head;    /* parsed headers */
	size_t		 headsz;  /* number of headers */
};

/*
 * An HTTP/S connection object.
 */
struct	http {
	int		   fd;     /* connected socket */
	short		   port;   /* port number */
	struct source	   src;    /* endpoint (raw) host */
	char		  *path;   /* path to request */
	char		  *host;   /* name of endpoint host */
	struct tls	  *ctx;    /* if TLS */
	writefp		   writer; /* write function */
	readfp		   reader; /* read function */
};

struct tls_config *tlscfg;

static ssize_t
dosysread(char *buf, size_t sz, const struct http *http)
{
	ssize_t	 rc;

	rc = read(http->fd, buf, sz);
	if (rc < 0)
		warn("%s: read", http->src.ip);
	return rc;
}

static ssize_t
dosyswrite(const void *buf, size_t sz, const struct http *http)
{
	ssize_t	 rc;

	rc = write(http->fd, buf, sz);
	if (rc < 0)
		warn("%s: write", http->src.ip);
	return rc;
}

static ssize_t
dotlsread(char *buf, size_t sz, const struct http *http)
{
	ssize_t	 rc;

	do {
		rc = tls_read(http->ctx, buf, sz);
	} while (rc == TLS_WANT_POLLIN || rc == TLS_WANT_POLLOUT);

	if (rc < 0)
		warnx("%s: tls_read: %s", http->src.ip,
		    tls_error(http->ctx));
	return rc;
}

static ssize_t
dotlswrite(const void *buf, size_t sz, const struct http *http)
{
	ssize_t	 rc;

	do {
		rc = tls_write(http->ctx, buf, sz);
	} while (rc == TLS_WANT_POLLIN || rc == TLS_WANT_POLLOUT);

	if (rc < 0)
		warnx("%s: tls_write: %s", http->src.ip,
		    tls_error(http->ctx));
	return rc;
}

int
http_init()
{
	if (tlscfg != NULL)
		return 0;

	if (tls_init() == -1) {
		warn("tls_init");
		goto err;
	}

	tlscfg = tls_config_new();
	if (tlscfg == NULL) {
		warn("tls_config_new");
		goto err;
	}

	if (tls_config_set_ca_file(tlscfg, DEFAULT_CA_FILE) == -1) {
		warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg));
		goto err;
	}

	return 0;

 err:
	tls_config_free(tlscfg);
	tlscfg = NULL;

	return -1;
}

static ssize_t
http_read(char *buf, size_t sz, const struct http *http)
{
	ssize_t	 ssz, xfer;

	xfer = 0;
	do {
		if ((ssz = http->reader(buf, sz, http)) < 0)
			return -1;
		if (ssz == 0)
			break;
		xfer += ssz;
		sz -= ssz;
		buf += ssz;
	} while (ssz > 0 && sz > 0);

	return xfer;
}

static int
http_write(const char *buf, size_t sz, const struct http *http)
{
	ssize_t	 ssz, xfer;

	xfer = sz;
	while (sz > 0) {
		if ((ssz = http->writer(buf, sz, http)) < 0)
			return -1;
		sz -= ssz;
		buf += (size_t)ssz;
	}
	return xfer;
}

void
http_disconnect(struct http *http)
{
	int rc;

	if (http->ctx != NULL) {
		/* TLS connection. */
		do {
			rc = tls_close(http->ctx);
		} while (rc == TLS_WANT_POLLIN || rc == TLS_WANT_POLLOUT);

		if (rc < 0)
			warnx("%s: tls_close: %s", http->src.ip,
			    tls_error(http->ctx));

		tls_free(http->ctx);
	}
	if (http->fd != -1) {
		if (close(http->fd) == -1)
			warn("%s: close", http->src.ip);
	}

	http->fd = -1;
	http->ctx = NULL;
}

void
http_free(struct http *http)
{

	if (http == NULL)
		return;
	http_disconnect(http);
	free(http->host);
	free(http->path);
	free(http->src.ip);
	free(http);
}

struct http *
http_alloc(const struct source *addrs, size_t addrsz,
    const char *host, short port, const char *path)
{
	struct sockaddr_storage ss;
	int		 family, fd, c;
	socklen_t	 len;
	size_t		 cur, i = 0;
	struct http	*http;

	/* Do this while we still have addresses to connect. */
again:
	if (i == addrsz)
		return NULL;
	cur = i++;

	/* Convert to PF_INET or PF_INET6 address from string. */

	memset(&ss, 0, sizeof(struct sockaddr_storage));

	if (addrs[cur].family == 4) {
		family = PF_INET;
		((struct sockaddr_in *)&ss)->sin_family = AF_INET;
		((struct sockaddr_in *)&ss)->sin_port = htons(port);
		c = inet_pton(AF_INET, addrs[cur].ip,
		    &((struct sockaddr_in *)&ss)->sin_addr);
		len = sizeof(struct sockaddr_in);
	} else if (addrs[cur].family == 6) {
		family = PF_INET6;
		((struct sockaddr_in6 *)&ss)->sin6_family = AF_INET6;
		((struct sockaddr_in6 *)&ss)->sin6_port = htons(port);
		c = inet_pton(AF_INET6, addrs[cur].ip,
		    &((struct sockaddr_in6 *)&ss)->sin6_addr);
		len = sizeof(struct sockaddr_in6);
	} else {
		warnx("%s: unknown family", addrs[cur].ip);
		goto again;
	}

	if (c < 0) {
		warn("%s: inet_ntop", addrs[cur].ip);
		goto again;
	} else if (c == 0) {
		warnx("%s: inet_ntop", addrs[cur].ip);
		goto again;
	}

	/* Create socket and connect. */

	fd = socket(family, SOCK_STREAM, 0);
	if (fd == -1) {
		warn("%s: socket", addrs[cur].ip);
		goto again;
	} else if (connect(fd, (struct sockaddr *)&ss, len) == -1) {
		warn("%s: connect", addrs[cur].ip);
		close(fd);
		goto again;
	}

	/* Allocate the communicator. */

	http = calloc(1, sizeof(struct http));
	if (http == NULL) {
		warn("calloc");
		close(fd);
		return NULL;
	}
	http->fd = fd;
	http->port = port;
	http->src.family = addrs[cur].family;
	http->src.ip = strdup(addrs[cur].ip);
	http->host = strdup(host);
	http->path = strdup(path);
	if (http->src.ip == NULL || http->host == NULL || http->path == NULL) {
		warn("strdup");
		goto err;
	}

	/* If necessary, do our TLS setup. */

	if (port != 443) {
		http->writer = dosyswrite;
		http->reader = dosysread;
		return http;
	}

	http->writer = dotlswrite;
	http->reader = dotlsread;

	if ((http->ctx = tls_client()) == NULL) {
		warn("tls_client");
		goto err;
	} else if (tls_configure(http->ctx, tlscfg) == -1) {
		warnx("%s: tls_configure: %s",
			http->src.ip, tls_error(http->ctx));
		goto err;
	}

	if (tls_connect_socket(http->ctx, http->fd, http->host) != 0) {
		warnx("%s: tls_connect_socket: %s, %s", http->src.ip,
		    http->host, tls_error(http->ctx));
		goto err;
	}

	return http;
err:
	http_free(http);
	return NULL;
}

struct httpxfer *
http_open(const struct http *http, const void *p, size_t psz)
{
	char		*req;
	int		 c;
	struct httpxfer	*trans;

	if (p == NULL) {
		c = asprintf(&req,
		    "GET %s HTTP/1.0\r\n"
		    "Host: %s\r\n"
		    "\r\n",
		    http->path, http->host);
	} else {
		c = asprintf(&req,
		    "POST %s HTTP/1.0\r\n"
		    "Host: %s\r\n"
		    "Content-Length: %zu\r\n"
		    "\r\n",
		    http->path, http->host, psz);
	}
	if (c == -1) {
		warn("asprintf");
		return NULL;
	} else if (!http_write(req, c, http)) {
		free(req);
		return NULL;
	} else if (p != NULL && !http_write(p, psz, http)) {
		free(req);
		return NULL;
	}

	free(req);

	trans = calloc(1, sizeof(struct httpxfer));
	if (trans == NULL)
		warn("calloc");
	return trans;
}

void
http_close(struct httpxfer *x)
{

	if (x == NULL)
		return;
	free(x->hbuf);
	free(x->bbuf);
	free(x->headbuf);
	free(x->head);
	free(x);
}

/*
 * Read the HTTP body from the wire.
 * If invoked multiple times, this will return the same pointer with the
 * same data (or NULL, if the original invocation returned NULL).
 * Returns NULL if read or allocation errors occur.
 * You must not free the returned pointer.
 */
char *
http_body_read(const struct http *http, struct httpxfer *trans, size_t *sz)
{
	char		 buf[BUFSIZ];
	ssize_t		 ssz;
	void		*pp;
	size_t		 szp;

	if (sz == NULL)
		sz = &szp;

	/* Have we already parsed this? */

	if (trans->bodyok > 0) {
		*sz = trans->bbufsz;
		return trans->bbuf;
	} else if (trans->bodyok < 0)
		return NULL;

	*sz = 0;
	trans->bodyok = -1;

	do {
		/* If less than sizeof(buf), at EOF. */
		if ((ssz = http_read(buf, sizeof(buf), http)) < 0)
			return NULL;
		else if (ssz == 0)
			break;

		pp = recallocarray(trans->bbuf,
		    trans->bbufsz, trans->bbufsz + ssz, 1);
		if (pp == NULL) {
			warn("recallocarray");
			return NULL;
		}
		trans->bbuf = pp;
		memcpy(trans->bbuf + trans->bbufsz, buf, ssz);
		trans->bbufsz += ssz;
	} while (ssz == sizeof(buf));

	trans->bodyok = 1;
	*sz = trans->bbufsz;
	return trans->bbuf;
}

struct httphead *
http_head_get(const char *v, struct httphead *h, size_t hsz)
{
	size_t	 i;

	for (i = 0; i < hsz; i++) {
		if (strcmp(h[i].key, v))
			continue;
		return &h[i];
	}
	return NULL;
}

/*
 * Look through the headers and determine our HTTP code.
 * This will return -1 on failure, otherwise the code.
 */
int
http_head_status(const struct http *http, struct httphead *h, size_t sz)
{
	int		 rc;
	unsigned int	 code;
	struct httphead *st;

	if ((st = http_head_get("Status", h, sz)) == NULL) {
		warnx("%s: no status header", http->src.ip);
		return -1;
	}

	rc = sscanf(st->val, "%*s %u %*s", &code);
	if (rc < 0) {
		warn("sscanf");
		return -1;
	} else if (rc != 1) {
		warnx("%s: cannot convert status header", http->src.ip);
		return -1;
	}
	return code;
}

/*
 * Parse headers from the transfer.
 * Malformed headers are skipped.
 * A special "Status" header is added for the HTTP status line.
 * This can only happen once http_head_read has been called with
 * success.
 * This can be invoked multiple times: it will only parse the headers
 * once and after that it will just return the cache.
 * You must not free the returned pointer.
 * If the original header parse failed, or if memory allocation fails
 * internally, this returns NULL.
 */
struct httphead *
http_head_parse(const struct http *http, struct httpxfer *trans, size_t *sz)
{
	size_t		 hsz, szp;
	struct httphead	*h;
	char		*cp, *ep, *ccp, *buf;

	if (sz == NULL)
		sz = &szp;

	/*
	 * If we've already parsed the headers, return the
	 * previously-parsed buffer now.
	 * If we have errors on the stream, return NULL now.
	 */

	if (trans->head != NULL) {
		*sz = trans->headsz;
		return trans->head;
	} else if (trans->headok <= 0)
		return NULL;

	if ((buf = strdup(trans->hbuf)) == NULL) {
		warn("strdup");
		return NULL;
	}
	hsz = 0;
	cp = buf;

	do {
		if ((cp = strstr(cp, "\r\n")) != NULL)
			cp += 2;
		hsz++;
	} while (cp != NULL);

	/*
	 * Allocate headers, then step through the data buffer, parsing
	 * out headers as we have them.
	 * We know at this point that the buffer is NUL-terminated in
	 * the usual way.
	 */

	h = calloc(hsz, sizeof(struct httphead));
	if (h == NULL) {
		warn("calloc");
		free(buf);
		return NULL;
	}

	*sz = hsz;
	hsz = 0;
	cp = buf;

	do {
		if ((ep = strstr(cp, "\r\n")) != NULL) {
			*ep = '\0';
			ep += 2;
		}
		if (hsz == 0) {
			h[hsz].key = "Status";
			h[hsz++].val = cp;
			continue;
		}

		/* Skip bad headers. */
		if ((ccp = strchr(cp, ':')) == NULL) {
			warnx("%s: header without separator", http->src.ip);
			continue;
		}

		*ccp++ = '\0';
		while (isspace((int)*ccp))
			ccp++;
		h[hsz].key = cp;
		h[hsz++].val = ccp;
	} while ((cp = ep) != NULL);

	trans->headbuf = buf;
	trans->head = h;
	trans->headsz = hsz;
	return h;
}

/*
 * Read the HTTP headers from the wire.
 * If invoked multiple times, this will return the same pointer with the
 * same data (or NULL, if the original invocation returned NULL).
 * Returns NULL if read or allocation errors occur.
 * You must not free the returned pointer.
 */
char *
http_head_read(const struct http *http, struct httpxfer *trans, size_t *sz)
{
	char		 buf[BUFSIZ];
	ssize_t		 ssz;
	char		*ep;
	void		*pp;
	size_t		 szp;

	if (sz == NULL)
		sz = &szp;

	/* Have we already parsed this? */

	if (trans->headok > 0) {
		*sz = trans->hbufsz;
		return trans->hbuf;
	} else if (trans->headok < 0)
		return NULL;

	*sz = 0;
	ep = NULL;
	trans->headok = -1;

	/*
	 * Begin by reading by BUFSIZ blocks until we reach the header
	 * termination marker (two CRLFs).
	 * We might read into our body, but that's ok: we'll copy out
	 * the body parts into our body buffer afterward.
	 */

	do {
		/* If less than sizeof(buf), at EOF. */
		if ((ssz = http_read(buf, sizeof(buf), http)) < 0)
			return NULL;
		else if (ssz == 0)
			break;
		pp = realloc(trans->hbuf, trans->hbufsz + ssz);
		if (pp == NULL) {
			warn("realloc");
			return NULL;
		}
		trans->hbuf = pp;
		memcpy(trans->hbuf + trans->hbufsz, buf, ssz);
		trans->hbufsz += ssz;
		/* Search for end of headers marker. */
		ep = memmem(trans->hbuf, trans->hbufsz, "\r\n\r\n", 4);
	} while (ep == NULL && ssz == sizeof(buf));

	if (ep == NULL) {
		warnx("%s: partial transfer", http->src.ip);
		return NULL;
	}
	*ep = '\0';

	/*
	 * The header data is invalid if it has any binary characters in
	 * it: check that now.
	 * This is important because we want to guarantee that all
	 * header keys and pairs are properly NUL-terminated.
	 */

	if (strlen(trans->hbuf) != (uintptr_t)(ep - trans->hbuf)) {
		warnx("%s: binary data in header", http->src.ip);
		return NULL;
	}

	/*
	 * Copy remaining buffer into body buffer.
	 */

	ep += 4;
	trans->bbufsz = (trans->hbuf + trans->hbufsz) - ep;
	trans->bbuf = malloc(trans->bbufsz);
	if (trans->bbuf == NULL) {
		warn("malloc");
		return NULL;
	}
	memcpy(trans->bbuf, ep, trans->bbufsz);

	trans->headok = 1;
	*sz = trans->hbufsz;
	return trans->hbuf;
}

void
http_get_free(struct httpget *g)
{

	if (g == NULL)
		return;
	http_close(g->xfer);
	http_free(g->http);
	free(g);
}

struct httpget *
http_get(const struct source *addrs, size_t addrsz, const char *domain,
    short port, const char *path, const void *post, size_t postsz)
{
	struct http	*h;
	struct httpxfer	*x;
	struct httpget	*g;
	struct httphead	*head;
	size_t		 headsz, bodsz, headrsz;
	int		 code;
	char		*bod, *headr;

	h = http_alloc(addrs, addrsz, domain, port, path);
	if (h == NULL)
		return NULL;

	if ((x = http_open(h, post, postsz)) == NULL) {
		http_free(h);
		return NULL;
	} else if ((headr = http_head_read(h, x, &headrsz)) == NULL) {
		http_close(x);
		http_free(h);
		return NULL;
	} else if ((bod = http_body_read(h, x, &bodsz)) == NULL) {
		http_close(x);
		http_free(h);
		return NULL;
	}

	http_disconnect(h);

	if ((head = http_head_parse(h, x, &headsz)) == NULL) {
		http_close(x);
		http_free(h);
		return NULL;
	} else if ((code = http_head_status(h, head, headsz)) < 0) {
		http_close(x);
		http_free(h);
		return NULL;
	}

	if ((g = calloc(1, sizeof(struct httpget))) == NULL) {
		warn("calloc");
		http_close(x);
		http_free(h);
		return NULL;
	}

	g->headpart = headr;
	g->headpartsz = headrsz;
	g->bodypart = bod;
	g->bodypartsz = bodsz;
	g->head = head;
	g->headsz = headsz;
	g->code = code;
	g->xfer = x;
	g->http = h;
	return g;
}

#if 0
int
main(void)
{
	struct httpget	*g;
	struct httphead	*httph;
	size_t		 i, httphsz;
	struct source	 addrs[2];
	size_t		 addrsz;

#if 0
	addrs[0].ip = "127.0.0.1";
	addrs[0].family = 4;
	addrsz = 1;
#else
	addrs[0].ip = "2a00:1450:400a:806::2004";
	addrs[0].family = 6;
	addrs[1].ip = "193.135.3.123";
	addrs[1].family = 4;
	addrsz = 2;
#endif

	if (http_init() == -1)
		errx(EXIT_FAILURE, "http_init");

#if 0
	g = http_get(addrs, addrsz, "localhost", 80, "/index.html");
#else
	g = http_get(addrs, addrsz, "www.google.ch", 80, "/index.html",
	    NULL, 0);
#endif

	if (g == NULL)
		errx(EXIT_FAILURE, "http_get");

	httph = http_head_parse(g->http, g->xfer, &httphsz);
	warnx("code: %d", g->code);

	for (i = 0; i < httphsz; i++)
		warnx("head: [%s]=[%s]", httph[i].key, httph[i].val);

	http_get_free(g);
	return (EXIT_SUCCESS);
}
#endif
Added jni/libressl/apps/ocspcheck/http.h.
























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*	$Id: http.h,v 1.3 2017/01/25 13:52:53 inoguchi Exp $ */
/*
 * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
#ifndef HTTP_H
#define HTTP_H

struct	source {
	int	 family; /* 4 (PF_INET) or 6 (PF_INET6) */
	char	*ip; /* IPV4 or IPV6 address */
};

struct	http;

/*
 * Write and read callbacks to allow HTTP and HTTPS.
 * Both of these return the number of bytes read (or written) or -1 on
 * failure.
 * 0 bytes read means that the connection has closed.
 */
typedef	ssize_t (*writefp)(const void *, size_t, const struct http *);
typedef	ssize_t (*readfp)(char *, size_t, const struct http *);

/*
 * HTTP/S header pair.
 * There's also a cooked-up pair, "Status", with the status code.
 * Both strings are NUL-terminated.
 */
struct	httphead {
	const char	*key;
	const char	*val;
};

/*
 * Grab all information from a transfer.
 * DO NOT free any parts of this, and editing the parts (e.g., changing
 * the underlying strings) will persist; so in short, don't.
 * All of these values will be set upon http_get() success.
 */
struct	httpget {
	struct httpxfer	*xfer; /* underlying transfer */
	struct http	*http; /* underlying connection */
	int		 code; /* return code */
	struct httphead	*head; /* headers */
	size_t		 headsz; /* number of headers */
	char		*headpart; /* header buffer */
	size_t		 headpartsz; /* size of headpart */
	char		*bodypart; /* body buffer */
	size_t		 bodypartsz; /* size of bodypart */
};

int		 http_init(void);

/* Convenience functions. */
struct httpget	*http_get(const struct source *, size_t,
			const char *, short, const char *,
			const void *, size_t);
void		 http_get_free(struct httpget *);

/* Allocation and release. */
struct http	*http_alloc(const struct source *, size_t,
			const char *, short, const char *);
void		 http_free(struct http *);
struct httpxfer	*http_open(const struct http *, const void *, size_t);
void		 http_close(struct httpxfer *);
void		 http_disconnect(struct http *);

/* Access. */
char		*http_head_read(const struct http *,
			struct httpxfer *, size_t *);
struct httphead	*http_head_parse(const struct http *,
			struct httpxfer *, size_t *);
char		*http_body_read(const struct http *,
			struct httpxfer *, size_t *);
int		 http_head_status(const struct http *,
			struct httphead *, size_t);
struct httphead	*http_head_get(const char *,
			struct httphead *, size_t);

#endif /* HTTP_H */
Added jni/libressl/apps/ocspcheck/ocspcheck.8.


































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
.\"	$OpenBSD: ocspcheck.8,v 1.6 2017/01/26 22:59:55 jmc Exp $
.\"
.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 26 2017 $
.Dt OCSPCHECK 8
.Os
.Sh NAME
.Nm ocspcheck
.Nd check a certificate for validity against its OCSP responder
.Sh SYNOPSIS
.Nm
.Op Fl Nv
.Op Fl C Ar CAfile
.Op Fl o Ar staplefile
.Ar file
.Sh DESCRIPTION
The
.Nm
utility validates a PEM format certificate against the OCSP responder
encoded in the certificate specified by the
.Ar file
argument.
Normally it should be used for checking server certificates
and maintaining saved OCSP responses to be used for OCSP stapling.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl C Ar CAfile
Specify a PEM format root certificate bundle to use for the validation of
requests.
By default no certificates are used beyond those in the
certificate chain provided by the
.Ar file
argument.
.It Fl N
Do not use a nonce value in the OCSP request, or validate that the
nonce was returned in the OCSP response.
By default a nonce is always used and validated.
The use of this flag is a security risk as it will allow OCSP
responses to be replayed.
It should not be used unless the OCSP server does not support the
use of OCSP nonces.
.It Fl o Ar staplefile
Specify an output filename where the DER encoded response from the
OCSP server will be written, if the OCSP response validates.
A filename
of
.Sq -
will write the response to standard output.
By default the response is not saved.
.It Fl v
Increase verbosity.
This flag may be specified multiple times to get more verbose output.
The default behaviour is to be silent unless something goes wrong.
.El
.Sh EXIT STATUS
The
.Nm
utility exits 0 if the OCSP response validates for the certificate in
.Ar file
and all output is successfully written out.
.Nm
exits >0 if an error occurs or the OCSP response fails to validate.
.Sh SEE ALSO
.Xr nc 1 ,
.Xr tls_config_set_ocsp_staple_file 3 ,
.Xr tls_config_set_ocsp_staple_mem 3 ,
.Xr httpd 8
.Sh AUTHORS
.Nm
was written by
.An Bob Beck .
.Sh CAVEATS
While
.Nm
could possibly be used in scripts to query responders for server
certificates seen on client connections, this is almost always a bad
idea.
God kills a kitten every time you make an OCSP query from the
client side of a TLS connection.
.Sh BUGS
.Nm
will create the output file if it does not exist.
On failure a newly created output file will not be removed.
Added jni/libressl/apps/ocspcheck/ocspcheck.c.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
/* $OpenBSD: ocspcheck.c,v 1.20 2017/03/27 23:59:08 deraadt Exp $ */

/*
 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/stat.h>

#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <netdb.h>
#include <poll.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>

#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/ssl.h>

#include "http.h"

#define MAXAGE_SEC (14*24*60*60)
#define JITTER_SEC (60)

typedef struct ocsp_request {
	STACK_OF(X509) *fullchain;
	OCSP_REQUEST *req;
	char *url;
	unsigned char *data;
	size_t size;
	int nonce;
} ocsp_request;

int verbose;
#define vspew(fmt, ...) \
	do { if (verbose >= 1) fprintf(stderr, fmt, __VA_ARGS__); } while (0)
#define dspew(fmt, ...) \
	do { if (verbose >= 2) fprintf(stderr, fmt, __VA_ARGS__); } while (0)

#define MAX_SERVERS_DNS 8

struct addr {
	int	 family; /* 4 for PF_INET, 6 for PF_INET6 */
	char	 ip[INET6_ADDRSTRLEN];
};

static ssize_t
host_dns(const char *s, struct addr vec[MAX_SERVERS_DNS])
{
	struct addrinfo		 hints, *res0, *res;
	int			 error;
	ssize_t			 vecsz;
	struct sockaddr		*sa;

	memset(&hints, 0, sizeof(hints));
	hints.ai_family = PF_UNSPEC;
	hints.ai_socktype = SOCK_DGRAM; /* DUMMY */

	error = getaddrinfo(s, NULL, &hints, &res0);

	if (error == EAI_AGAIN ||
#ifdef EAI_NODATA
	    error == EAI_NODATA ||
#endif
	    error == EAI_NONAME)
		return 0;

	if (error) {
		warnx("%s: parse error: %s", s, gai_strerror(error));
		return -1;
	}

	for (vecsz = 0, res = res0;
	    res != NULL && vecsz < MAX_SERVERS_DNS;
	    res = res->ai_next) {
		if (res->ai_family != AF_INET &&
		    res->ai_family != AF_INET6)
			continue;

		sa = res->ai_addr;

		if (res->ai_family == AF_INET) {
			vec[vecsz].family = 4;
			inet_ntop(AF_INET,
			    &(((struct sockaddr_in *)sa)->sin_addr),
				vec[vecsz].ip, INET6_ADDRSTRLEN);
		} else {
			vec[vecsz].family = 6;
			inet_ntop(AF_INET6,
			    &(((struct sockaddr_in6 *)sa)->sin6_addr),
			    vec[vecsz].ip, INET6_ADDRSTRLEN);
		}

		dspew("DNS returns %s for %s\n", vec[vecsz].ip, s);
		vecsz++;
		break;
	}

	freeaddrinfo(res0);
	return vecsz;
}

/*
 * Extract the domain and port from a URL.
 * The url must be formatted as schema://address[/stuff].
 * This returns NULL on failure.
 */
static char *
url2host(const char *host, short *port, char **path)
{
	char	*url, *ep;

	/* We only understand HTTP and HTTPS. */

	if (strncmp(host, "https://", 8) == 0) {
		*port = 443;
		if ((url = strdup(host + 8)) == NULL) {
			warn("strdup");
			return (NULL);
		}
	} else if (strncmp(host, "http://", 7) == 0) {
		*port = 80;
		if ((url = strdup(host + 7)) == NULL) {
			warn("strdup");
			return (NULL);
		}
	} else {
		warnx("%s: unknown schema", host);
		return (NULL);
	}

	/* Terminate path part. */

	if ((ep = strchr(url, '/')) != NULL) {
		*path = strdup(ep);
		*ep = '\0';
	} else
		*path = strdup("");

	if (*path == NULL) {
		warn("strdup");
		free(url);
		return (NULL);
	}

	return (url);
}

static time_t
parse_ocsp_time(ASN1_GENERALIZEDTIME *gt)
{
	struct tm tm;
	time_t rv = -1;

	if (gt == NULL)
		return -1;
	/* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
	if (ASN1_time_parse(gt->data, gt->length, &tm,
		V_ASN1_GENERALIZEDTIME) == -1)
		return -1;
	if ((rv = timegm(&tm)) == -1)
		return -1;
	return rv;
}

static X509_STORE *
read_cacerts(char *file)
{
	X509_STORE *store;
	X509_LOOKUP *lookup;

	if ((store = X509_STORE_new()) == NULL) {
		warnx("Malloc failed");
		goto end;
	}
	if ((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) ==
	    NULL) {
		warnx("Unable to load CA certs from file %s", file);
		goto end;
	}
	if (file) {
		if (!X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM)) {
			warnx("Unable to load CA certs from file %s", file);
			goto end;
		}
	} else
		X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);

	if ((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir())) ==
	    NULL) {
		warnx("Unable to load CA certs from file %s", file);
		goto end;
	}
	X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
	ERR_clear_error();
	return store;

end:
	X509_STORE_free(store);
	return NULL;
}

static STACK_OF(X509) *
read_fullchain(const char *file, int *count)
{
	int i;
	BIO *bio;
	STACK_OF(X509_INFO) *xis = NULL;
	X509_INFO *xi;
	STACK_OF(X509) *rv = NULL;

	*count = 0;

	if ((bio = BIO_new_file(file, "r")) == NULL) {
		warn("Unable to read a certificate from %s", file);
		return NULL;
	}
	if ((xis = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)) == NULL) {
		warnx("Unable to read PEM format from %s", file);
		return NULL;
	}
	BIO_free(bio);

	if (sk_X509_INFO_num(xis) <= 0) {
		warnx("No certificates in file %s", file);
		goto end;
	}
	if ((rv = sk_X509_new_null()) == NULL) {
		warnx("malloc failed");
		goto end;
	}

	for (i = 0; i < sk_X509_INFO_num(xis); i++) {
		xi = sk_X509_INFO_value(xis, i);
		if (xi->x509 == NULL)
			continue;
		if (!sk_X509_push(rv, xi->x509)) {
			warnx("unable to build x509 chain");
			sk_X509_pop_free(rv, X509_free);
			rv = NULL;
			goto end;
		}
		xi->x509 = NULL;
		(*count)++;
	}
end:
	sk_X509_INFO_pop_free(xis, X509_INFO_free);
	return rv;
}

static inline X509 *
cert_from_chain(STACK_OF(X509) *fullchain)
{
	return sk_X509_value(fullchain, 0);
}

static X509 *
issuer_from_chain(STACK_OF(X509) *fullchain)
{
	X509 *cert, *issuer;
	X509_NAME *issuer_name;

	cert = cert_from_chain(fullchain);
	if ((issuer_name = X509_get_issuer_name(cert)) == NULL)
		return NULL;

	issuer = X509_find_by_subject(fullchain, issuer_name);
	return issuer;
}

static ocsp_request *
ocsp_request_new_from_cert(char *file, int nonce)
{
	X509 *cert = NULL;
	int count = 0;
	OCSP_CERTID *id;
	ocsp_request *request;
	const EVP_MD *cert_id_md = NULL;
	X509 *issuer = NULL;
	STACK_OF(OPENSSL_STRING) *urls;

	if ((request = calloc(1, sizeof(ocsp_request))) == NULL) {
		warn("malloc");
		return NULL;
	}

	if ((request->req = OCSP_REQUEST_new()) == NULL)
		return NULL;

	request->fullchain = read_fullchain(file, &count);
	/* Drop rpath from pledge, we don't need to read anymore */
	if (pledge("stdio inet dns", NULL) == -1)
		err(1, "pledge");

	if (request->fullchain == NULL)
		return NULL;
	if (count <= 1) {
		warnx("File %s does not contain a cert chain", file);
		return NULL;
	}
	if ((cert = cert_from_chain(request->fullchain)) == NULL) {
		warnx("No certificate found in %s", file);
		return NULL;
	}
	if ((issuer = issuer_from_chain(request->fullchain)) == NULL) {
		warnx("Unable to find issuer for cert in %s", file);
		return NULL;
	}

	urls = X509_get1_ocsp(cert);
	if (urls == NULL || sk_OPENSSL_STRING_num(urls) <= 0) {
		warnx("Certificate in %s contains no OCSP url", file);
		return NULL;
	}
	if ((request->url = strdup(sk_OPENSSL_STRING_value(urls, 0))) == NULL)
		return NULL;
	X509_email_free(urls);

	cert_id_md = EVP_sha1(); /* XXX. This sucks but OCSP is poopy */
	if ((id = OCSP_cert_to_id(cert_id_md, cert, issuer)) == NULL) {
		warnx("Unable to get certificate id from cert in %s", file);
		return NULL;
	}
	if (OCSP_request_add0_id(request->req, id) == NULL) {
		warnx("Unable to add certificate id to request");
		return NULL;
	}

	request->nonce = nonce;
	if (request->nonce)
		OCSP_request_add1_nonce(request->req, NULL, -1);

	if ((request->size = i2d_OCSP_REQUEST(request->req,
	    &request->data)) <= 0) {
		warnx("Unable to encode ocsp request");
		return NULL;
	}
	if (request->data == NULL) {
		warnx("Unable to allocte memory");
		return NULL;
	}
	return (request);
}


int
validate_response(char *buf, size_t size, ocsp_request *request,
    X509_STORE *store, char *host, char *file)
{
	ASN1_GENERALIZEDTIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
	const unsigned char **p = (const unsigned char **)&buf;
	int status, cert_status=0, crl_reason=0;
	time_t now, rev_t = -1, this_t, next_t;
	OCSP_RESPONSE *resp;
	OCSP_BASICRESP *bresp;
	OCSP_CERTID *cid;
	X509 *cert, *issuer;

	if ((cert = cert_from_chain(request->fullchain)) == NULL) {
		warnx("No certificate found in %s", file);
		return 0;
	}
	if ((issuer = issuer_from_chain(request->fullchain)) == NULL) {
		warnx("Unable to find certificate issuer for cert in %s", file);
		return 0;
	}
	if ((cid = OCSP_cert_to_id(NULL, cert, issuer)) == NULL) {
		warnx("Unable to get issuer cert/CID in %s", file);
		return 0;
	}

	if ((resp = d2i_OCSP_RESPONSE(NULL, p, size)) == NULL) {
		warnx("OCSP response unserializable from host %s", host);
		return 0;
	}

	if ((bresp = OCSP_response_get1_basic(resp)) == NULL) {
		warnx("Failed to load OCSP response from %s", host);
		return 0;
	}

	if (OCSP_basic_verify(bresp, request->fullchain, store,
		OCSP_TRUSTOTHER) != 1) {
		warnx("OCSP verify failed from %s", host);
		return 0;
	}
	dspew("OCSP response signature validated from %s\n", host);

	status = OCSP_response_status(resp);
	if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
		warnx("OCSP Failure: code %d (%s) from host %s",
		    status, OCSP_response_status_str(status), host);
		return 0;
	}
	dspew("OCSP response status %d from host %s\n", status, host);

	/* Check the nonce if we sent one */

	if (request->nonce) {
		if (OCSP_check_nonce(request->req, bresp) <= 0) {
			warnx("No OCSP nonce, or mismatch, from host %s", host);
			return 0;
		}
	}

	if (OCSP_resp_find_status(bresp, cid, &cert_status, &crl_reason,
	    &revtime, &thisupd, &nextupd) != 1) {
		warnx("OCSP verify failed: no result for cert");
		return 0;
	}

	if (revtime && (rev_t = parse_ocsp_time(revtime)) == -1) {
		warnx("Unable to parse revocation time in OCSP reply");
		return 0;
	}
	/*
	 * Belt and suspenders, Treat it as revoked if there is either
	 * a revocation time, or status revoked.
	 */
	if (rev_t != -1 || cert_status == V_OCSP_CERTSTATUS_REVOKED) {
		warnx("Invalid OCSP reply: certificate is revoked");
		if (rev_t != -1)
			warnx("Certificate revoked at: %s", ctime(&rev_t));
		return 0;
	}
	if ((this_t = parse_ocsp_time(thisupd)) == -1) {
		warnx("unable to parse this update time in OCSP reply");
		return 0;
	}
	if ((next_t = parse_ocsp_time(nextupd)) == -1) {
		warnx("unable to parse next update time in OCSP reply");
		return 0;
	}

	/* Don't allow this update to precede next update */
	if (this_t >= next_t) {
		warnx("Invalid OCSP reply: this update >= next update");
		return 0;
	}

	now = time(NULL);
	/*
	 * Check that this update is not more than JITTER seconds
	 * in the future.
	 */
	if (this_t > now + JITTER_SEC) {
		warnx("Invalid OCSP reply: this update is in the future (%s)",
		    ctime(&this_t));
		return 0;
	}

	/*
	 * Check that this update is not more than MAXSEC
	 * in the past.
	 */
	if (this_t < now - MAXAGE_SEC) {
		warnx("Invalid OCSP reply: this update is too old (%s)",
		    ctime(&this_t));
		return 0;
	}

	/*
	 * Check that next update is still valid
	 */
	if (next_t < now - JITTER_SEC) {
		warnx("Invalid OCSP reply: reply has expired (%s)",
		    ctime(&next_t));
		return 0;
	}

	vspew("OCSP response validated from %s\n", host);
	vspew("	   This Update: %s", ctime(&this_t));
	vspew("	   Next Update: %s", ctime(&next_t));
	return 1;
}

static void
usage(void)
{
	fprintf(stderr,
	    "usage: ocspcheck [-Nv] [-C CAfile] [-o staplefile] file\n");
	exit(1);
}

int
main(int argc, char **argv)
{
	char *host = NULL, *path = "/", *certfile = NULL, *outfile = NULL,
	    *cafile = NULL;
	struct addr addrs[MAX_SERVERS_DNS] = {{0}};
	struct source sources[MAX_SERVERS_DNS];
	int i, ch, staplefd = -1, nonce = 1;
	ocsp_request *request = NULL;
	size_t rescount, httphsz;
	struct httphead	*httph;
	struct httpget *hget;
	X509_STORE *castore;
	ssize_t written, w;
	short port;

	while ((ch = getopt(argc, argv, "C:No:v")) != -1) {
		switch (ch) {
		case 'C':
			cafile = optarg;
			break;
		case 'N':
			nonce = 0;
			break;
		case 'o':
			outfile = optarg;
			break;
		case 'v':
			verbose++;
			break;
		default:
			usage();
		}
	}
	argc -= optind;
	argv += optind;

	if ((certfile = argv[0]) == NULL)
		usage();

	if (outfile != NULL) {
		if (strcmp(outfile, "-") == 0)
			staplefd = STDOUT_FILENO;
		else
			staplefd = open(outfile, O_WRONLY|O_CREAT,
			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);
		if (staplefd < 0)
			err(1, "Unable to open output file %s", outfile);
	}

	if (pledge("stdio inet rpath dns", NULL) == -1)
		err(1, "pledge");

	/*
	 * Load our certificate and keystore, and build up an
	 * OCSP request based on the full certificate chain
	 * we have been given to check.
	 */
	if ((castore = read_cacerts(cafile)) == NULL)
		exit(1);
	if ((request = ocsp_request_new_from_cert(certfile, nonce)) == NULL)
		exit(1);

	dspew("Built an %ld byte ocsp request\n", request->size);

	if ((host = url2host(request->url, &port, &path)) == NULL)
		errx(1, "Invalid OCSP url %s from %s", request->url,
		    certfile);
	if (*path == '\0')
		path = "/";
	vspew("Using %s to host %s, port %d, path %s\n",
	    port == 443 ? "https" : "http", host, port, path);

	rescount = host_dns(host, addrs);
	for (i = 0; i < rescount; i++) {
		sources[i].ip = addrs[i].ip;
		sources[i].family = addrs[i].family;
	}

	/*
	 * Do an HTTP post to send our request to the OCSP
	 * server, and hopefully get an answer back
	 */
	hget = http_get(sources, rescount, host, port, path,
	    request->data, request->size);
	if (hget == NULL)
		errx(1, "http_get");

	/*
	 * Pledge minimally before fiddling with libcrypto init
	 * routines and parsing untrusted input from someone's OCSP
	 * server.
	 */
	if (pledge("stdio", NULL) == -1)
		err(1, "pledge");

	httph = http_head_parse(hget->http, hget->xfer, &httphsz);
	dspew("Server at %s returns:\n", host);
	for (i = 0; i < httphsz; i++)
		dspew("	  [%s]=[%s]\n", httph[i].key, httph[i].val);
	dspew("	  [Body]=[%ld bytes]\n", hget->bodypartsz);
	if (hget->bodypartsz <= 0)
		errx(1, "No body in reply from %s", host);

	if (hget->code != 200)
		errx(1, "http reply code %d from %s", hget->code, host);

	/*
	 * Validate the OCSP response we got back
	 */
	OPENSSL_add_all_algorithms_noconf();
	if (!validate_response(hget->bodypart, hget->bodypartsz,
	    request, castore, host, certfile))
		exit(1);

	/*
	 * If we have been given a place to save a staple,
	 * write out the DER format response to the staplefd
	 */
	if (staplefd >= 0) {
		(void) ftruncate(staplefd, 0);
		w = 0;
		written = 0;
		while (written < hget->bodypartsz) {
			w = write(staplefd, hget->bodypart + written,
			    hget->bodypartsz - written);
			if (w == -1) {
				if (errno != EINTR && errno != EAGAIN)
					err(1, "Write of OCSP response failed");
			} else
				written += w;
		}
		close(staplefd);
	}
	exit(0);
}
Changes to jni/libressl/apps/openssl/CMakeLists.txt.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
include_directories(
	.
	../../include
	../../include/compat
)

set(
	OPENSSL_SRC
	apps.c
	asn1pars.c
	ca.c
	ciphers.c
	cms.c
	crl.c
	crl2p7.c
	dgst.c
	dh.c
	dhparam.c
	dsa.c
	dsaparam.c












<







1
2
3
4
5
6
7
8
9
10
11
12

13
14
15
16
17
18
19
include_directories(
	.
	../../include
	../../include/compat
)

set(
	OPENSSL_SRC
	apps.c
	asn1pars.c
	ca.c
	ciphers.c

	crl.c
	crl2p7.c
	dgst.c
	dh.c
	dhparam.c
	dsa.c
	dsaparam.c
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
else()
	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()

add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})

install(TARGETS openssl DESTINATION bin)
install(FILES openssl.1 DESTINATION share/man/man1)

if(NOT "${OPENSSLDIR}" STREQUAL "")
	set(CONF_DIR "${OPENSSLDIR}")
else()
	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
endif()
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
install(DIRECTORY DESTINATION ${CONF_DIR}/cert)







|
|








72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
else()
	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()

add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})

install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)

if(NOT "${OPENSSLDIR}" STREQUAL "")
	set(CONF_DIR "${OPENSSLDIR}")
else()
	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
endif()
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
install(DIRECTORY DESTINATION ${CONF_DIR}/cert)
Changes to jni/libressl/apps/openssl/Makefile.am.
1
2
3
4
5
6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
include $(top_srcdir)/Makefile.am.common

bin_PROGRAMS = openssl

dist_man_MANS = openssl.1

openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la


openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += cms.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c






<
|

>





<







1
2
3
4
5
6

7
8
9
10
11
12
13
14

15
16
17
18
19
20
21
include $(top_srcdir)/Makefile.am.common

bin_PROGRAMS = openssl

dist_man_MANS = openssl.1


openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)

openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c

openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt

install-exec-hook:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
	fi; \
	mkdir -p "$$OPENSSLDIR/certs"; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
		else \
			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
		fi \
	done

uninstall-local:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
	fi; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
			rm -f "$$OPENSSLDIR/$$i"; \
		fi \
	done







|

|












|

|






88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt

install-exec-hook:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
	fi; \
	mkdir -p "$$OPENSSLDIR/certs"; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
		else \
			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
		fi \
	done

uninstall-local:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
	fi; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
			rm -f "$$OPENSSLDIR/$$i"; \
		fi \
	done
Changes to jni/libressl/apps/openssl/Makefile.in.
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

156
157
158
159
160
161
162
DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
	$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
PROGRAMS = $(bin_PROGRAMS)
am__openssl_SOURCES_DIST = apps.c asn1pars.c ca.c ciphers.c cms.c \
	crl.c crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c \
	ecparam.c enc.c errstr.c gendh.c gendsa.c genpkey.c genrsa.c \
	nseq.c ocsp.c openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
	pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \
	rsautl.c s_cb.c s_client.c s_server.c s_socket.c s_time.c \
	sess_id.c smime.c speed.c spkac.c ts.c verify.c version.c \
	x509.c certhash.c certhash_win.c apps_win.c apps_posix.c \
	compat/poll_win.c compat/strtonum.c
@BUILD_CERTHASH_TRUE@am__objects_1 = certhash.$(OBJEXT)
@BUILD_CERTHASH_FALSE@am__objects_2 = certhash_win.$(OBJEXT)
@HOST_WIN_TRUE@am__objects_3 = apps_win.$(OBJEXT)
@HOST_WIN_FALSE@am__objects_4 = apps_posix.$(OBJEXT)
am__dirstamp = $(am__leading_dot)dirstamp
@HAVE_POLL_FALSE@@HOST_WIN_TRUE@am__objects_5 =  \
@HAVE_POLL_FALSE@@HOST_WIN_TRUE@	compat/poll_win.$(OBJEXT)
@HAVE_STRTONUM_FALSE@am__objects_6 = compat/strtonum.$(OBJEXT)
am_openssl_OBJECTS = apps.$(OBJEXT) asn1pars.$(OBJEXT) ca.$(OBJEXT) \
	ciphers.$(OBJEXT) cms.$(OBJEXT) crl.$(OBJEXT) crl2p7.$(OBJEXT) \
	dgst.$(OBJEXT) dh.$(OBJEXT) dhparam.$(OBJEXT) dsa.$(OBJEXT) \
	dsaparam.$(OBJEXT) ec.$(OBJEXT) ecparam.$(OBJEXT) \
	enc.$(OBJEXT) errstr.$(OBJEXT) gendh.$(OBJEXT) \
	gendsa.$(OBJEXT) genpkey.$(OBJEXT) genrsa.$(OBJEXT) \
	nseq.$(OBJEXT) ocsp.$(OBJEXT) openssl.$(OBJEXT) \
	passwd.$(OBJEXT) pkcs12.$(OBJEXT) pkcs7.$(OBJEXT) \
	pkcs8.$(OBJEXT) pkey.$(OBJEXT) pkeyparam.$(OBJEXT) \
	pkeyutl.$(OBJEXT) prime.$(OBJEXT) rand.$(OBJEXT) req.$(OBJEXT) \
	rsa.$(OBJEXT) rsautl.$(OBJEXT) s_cb.$(OBJEXT) \
	s_client.$(OBJEXT) s_server.$(OBJEXT) s_socket.$(OBJEXT) \
	s_time.$(OBJEXT) sess_id.$(OBJEXT) smime.$(OBJEXT) \
	speed.$(OBJEXT) spkac.$(OBJEXT) ts.$(OBJEXT) verify.$(OBJEXT) \
	version.$(OBJEXT) x509.$(OBJEXT) $(am__objects_1) \
	$(am__objects_2) $(am__objects_3) $(am__objects_4) \
	$(am__objects_5) $(am__objects_6)
openssl_OBJECTS = $(am_openssl_OBJECTS)
am__DEPENDENCIES_1 =
openssl_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la

AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false







|
|
|
|
|
|
|
|










|

















<
|
|
>







110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

153
154
155
156
157
158
159
160
161
162
DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
	$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
PROGRAMS = $(bin_PROGRAMS)
am__openssl_SOURCES_DIST = apps.c asn1pars.c ca.c ciphers.c crl.c \
	crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c \
	enc.c errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c \
	ocsp.c openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c \
	pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
	s_cb.c s_client.c s_server.c s_socket.c s_time.c sess_id.c \
	smime.c speed.c spkac.c ts.c verify.c version.c x509.c \
	certhash.c certhash_win.c apps_win.c apps_posix.c \
	compat/poll_win.c compat/strtonum.c
@BUILD_CERTHASH_TRUE@am__objects_1 = certhash.$(OBJEXT)
@BUILD_CERTHASH_FALSE@am__objects_2 = certhash_win.$(OBJEXT)
@HOST_WIN_TRUE@am__objects_3 = apps_win.$(OBJEXT)
@HOST_WIN_FALSE@am__objects_4 = apps_posix.$(OBJEXT)
am__dirstamp = $(am__leading_dot)dirstamp
@HAVE_POLL_FALSE@@HOST_WIN_TRUE@am__objects_5 =  \
@HAVE_POLL_FALSE@@HOST_WIN_TRUE@	compat/poll_win.$(OBJEXT)
@HAVE_STRTONUM_FALSE@am__objects_6 = compat/strtonum.$(OBJEXT)
am_openssl_OBJECTS = apps.$(OBJEXT) asn1pars.$(OBJEXT) ca.$(OBJEXT) \
	ciphers.$(OBJEXT) crl.$(OBJEXT) crl2p7.$(OBJEXT) \
	dgst.$(OBJEXT) dh.$(OBJEXT) dhparam.$(OBJEXT) dsa.$(OBJEXT) \
	dsaparam.$(OBJEXT) ec.$(OBJEXT) ecparam.$(OBJEXT) \
	enc.$(OBJEXT) errstr.$(OBJEXT) gendh.$(OBJEXT) \
	gendsa.$(OBJEXT) genpkey.$(OBJEXT) genrsa.$(OBJEXT) \
	nseq.$(OBJEXT) ocsp.$(OBJEXT) openssl.$(OBJEXT) \
	passwd.$(OBJEXT) pkcs12.$(OBJEXT) pkcs7.$(OBJEXT) \
	pkcs8.$(OBJEXT) pkey.$(OBJEXT) pkeyparam.$(OBJEXT) \
	pkeyutl.$(OBJEXT) prime.$(OBJEXT) rand.$(OBJEXT) req.$(OBJEXT) \
	rsa.$(OBJEXT) rsautl.$(OBJEXT) s_cb.$(OBJEXT) \
	s_client.$(OBJEXT) s_server.$(OBJEXT) s_socket.$(OBJEXT) \
	s_time.$(OBJEXT) sess_id.$(OBJEXT) smime.$(OBJEXT) \
	speed.$(OBJEXT) spkac.$(OBJEXT) ts.$(OBJEXT) verify.$(OBJEXT) \
	version.$(OBJEXT) x509.$(OBJEXT) $(am__objects_1) \
	$(am__objects_2) $(am__objects_3) $(am__objects_4) \
	$(am__objects_5) $(am__objects_6)
openssl_OBJECTS = $(am_openssl_OBJECTS)
am__DEPENDENCIES_1 =

openssl_DEPENDENCIES = $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
276
277
278
279
280
281
282

283
284
285
286
287
288
289
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
371
372
373
374
375
376
377
378


379
380
381
382

383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL


dist_man_MANS = openssl.1
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la

openssl_SOURCES = apps.c asn1pars.c ca.c ciphers.c cms.c crl.c \
	crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c \
	enc.c errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c \
	ocsp.c openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c \
	pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
	s_cb.c s_client.c s_server.c s_socket.c s_time.c sess_id.c \
	smime.c speed.c spkac.c ts.c verify.c version.c x509.c \
	$(am__append_1) $(am__append_2) $(am__append_3) \
	$(am__append_4) $(am__append_5) $(am__append_6)
noinst_HEADERS = apps.h progs.h s_apps.h testdsa.h testrsa.h \
	timeouts.h
EXTRA_DIST = cert.pem openssl.cnf x509v3.cnf CMakeLists.txt
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj







|
>
>

<
|
|
>
|
|
|
|
|
|
|
|
|







372
373
374
375
376
377
378
379
380
381
382

383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
dist_man_MANS = openssl.1

openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) \
	$(PROG_LDADD)
openssl_SOURCES = apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \
	dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \
	errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c \
	openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c \
	pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c \
	s_client.c s_server.c s_socket.c s_time.c sess_id.c smime.c \
	speed.c spkac.c ts.c verify.c version.c x509.c $(am__append_1) \
	$(am__append_2) $(am__append_3) $(am__append_4) \
	$(am__append_5) $(am__append_6)
noinst_HEADERS = apps.h progs.h s_apps.h testdsa.h testrsa.h \
	timeouts.h
EXTRA_DIST = cert.pem openssl.cnf x509v3.cnf CMakeLists.txt
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_posix.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_win.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1pars.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ca.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash_win.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cms.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl2p7.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dgst.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhparam.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsaparam.Po@am__quote@







<







504
505
506
507
508
509
510

511
512
513
514
515
516
517
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_posix.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_win.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1pars.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ca.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash_win.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Po@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl2p7.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dgst.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhparam.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsaparam.Po@am__quote@
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
	uninstall-man uninstall-man1

.PRECIOUS: Makefile


install-exec-hook:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
	fi; \
	mkdir -p "$$OPENSSLDIR/certs"; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
		else \
			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
		fi \
	done

uninstall-local:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
	fi; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
			rm -f "$$OPENSSLDIR/$$i"; \
		fi \
	done

# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:







|

|












|

|










840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
	uninstall-man uninstall-man1

.PRECIOUS: Makefile


install-exec-hook:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
	fi; \
	mkdir -p "$$OPENSSLDIR/certs"; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
		else \
			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
		fi \
	done

uninstall-local:
	@if [ "@OPENSSLDIR@x" != "x" ]; then \
		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
	else \
		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
	fi; \
	for i in cert.pem openssl.cnf x509v3.cnf; do \
		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
			rm -f "$$OPENSSLDIR/$$i"; \
		fi \
	done

# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
Changes to jni/libressl/apps/openssl/apps.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: apps.c,v 1.36 2015/09/13 12:41:01 bcook Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: apps.c,v 1.42 2017/01/21 09:29:09 deraadt Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
		}
	}

	if (format == FORMAT_ASN1)
		x = d2i_X509_bio(cert, NULL);
	else if (format == FORMAT_NETSCAPE) {
		NETSCAPE_X509 *nx;
		nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),
		    cert, NULL);
		if (nx == NULL)
			goto end;

		if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data,
		    nx->header->length) != 0)) {
			NETSCAPE_X509_free(nx);







|







615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
		}
	}

	if (format == FORMAT_ASN1)
		x = d2i_X509_bio(cert, NULL);
	else if (format == FORMAT_NETSCAPE) {
		NETSCAPE_X509 *nx;
		nx = ASN1_item_d2i_bio(&NETSCAPE_X509_it,
		    cert, NULL);
		if (nx == NULL)
			goto end;

		if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data,
		    nx->header->length) != 0)) {
			NETSCAPE_X509_free(nx);
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
}

static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)

#define BUFLEN 256

BIGNUM *
load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
{
	BIO *in = NULL;
	BIGNUM *ret = NULL;
	char buf[1024];
	ASN1_INTEGER *ai = NULL;







<
<







1265
1266
1267
1268
1269
1270
1271


1272
1273
1274
1275
1276
1277
1278
}

static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)



BIGNUM *
load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
{
	BIO *in = NULL;
	BIGNUM *ret = NULL;
	char buf[1024];
	ASN1_INTEGER *ai = NULL;
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
			goto err;
		} else {
			ret = BN_new();
			if (ret == NULL || !rand_serial(ret, ai))
				BIO_printf(bio_err, "Out of memory\n");
		}
	} else {
		if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
			BIO_printf(bio_err, "unable to load number from %s\n",
			    serialfile);
			goto err;
		}
		ret = ASN1_INTEGER_to_BN(ai, NULL);
		if (ret == NULL) {
			BIO_printf(bio_err,







|







1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
			goto err;
		} else {
			ret = BN_new();
			if (ret == NULL || !rand_serial(ret, ai))
				BIO_printf(bio_err, "Out of memory\n");
		}
	} else {
		if (!a2i_ASN1_INTEGER(in, ai, buf, sizeof buf)) {
			BIO_printf(bio_err, "unable to load number from %s\n",
			    serialfile);
			goto err;
		}
		ret = ASN1_INTEGER_to_BN(ai, NULL);
		if (ret == NULL) {
			BIO_printf(bio_err,
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
	return (ret);
}

int
save_serial(char *serialfile, char *suffix, BIGNUM *serial,
    ASN1_INTEGER **retai)
{
	char buf[1][BUFLEN];
	BIO *out = NULL;
	int ret = 0, n;
	ASN1_INTEGER *ai = NULL;
	int j;

	if (suffix == NULL)
		j = strlen(serialfile);
	else
		j = strlen(serialfile) + strlen(suffix) + 1;
	if (j >= BUFLEN) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}
	if (suffix == NULL)
		n = strlcpy(buf[0], serialfile, BUFLEN);
	else
		n = snprintf(buf[0], sizeof buf[0], "%s.%s",
		    serialfile, suffix);
	if (n == -1 || n >= sizeof(buf[0])) {
		BIO_printf(bio_err, "serial too long\n");
		goto err;
	}
	out = BIO_new(BIO_s_file());
	if (out == NULL) {
		ERR_print_errors(bio_err);
		goto err;
	}
	if (BIO_write_filename(out, buf[0]) <= 0) {
		perror(serialfile);
		goto err;
	}
	if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
		BIO_printf(bio_err,
		    "error converting serial to ASN.1 format\n");
		goto err;







|



<


<
<
<
<
<
<
<
<
|

|

|








|







1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331

1332
1333








1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
	return (ret);
}

int
save_serial(char *serialfile, char *suffix, BIGNUM *serial,
    ASN1_INTEGER **retai)
{
	char serialpath[PATH_MAX];
	BIO *out = NULL;
	int ret = 0, n;
	ASN1_INTEGER *ai = NULL;


	if (suffix == NULL)








		n = strlcpy(serialpath, serialfile, sizeof serialpath);
	else
		n = snprintf(serialpath, sizeof serialpath, "%s.%s",
		    serialfile, suffix);
	if (n == -1 || n >= sizeof(serialpath)) {
		BIO_printf(bio_err, "serial too long\n");
		goto err;
	}
	out = BIO_new(BIO_s_file());
	if (out == NULL) {
		ERR_print_errors(bio_err);
		goto err;
	}
	if (BIO_write_filename(out, serialpath) <= 0) {
		perror(serialfile);
		goto err;
	}
	if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
		BIO_printf(bio_err,
		    "error converting serial to ASN.1 format\n");
		goto err;
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390

1391

1392

1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
		ASN1_INTEGER_free(ai);
	return (ret);
}

int
rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
{
	char buf[5][BUFLEN];
	int i, j;

	i = strlen(serialfile) + strlen(old_suffix);
	j = strlen(serialfile) + strlen(new_suffix);

	if (i > j)

		j = i;

	if (j + 1 >= BUFLEN) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}
	snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
	snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);


	if (rename(serialfile, buf[1]) < 0 &&
	    errno != ENOENT && errno != ENOTDIR) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    serialfile, buf[1]);
		perror("reason");
		goto err;
	}


	if (rename(buf[0], serialfile) < 0) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    buf[0], serialfile);
		perror("reason");
		if (rename(buf[1], serialfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    buf[1], serialfile);
			perror("reason");
		}
		goto err;
	}
	return 1;

err:







|
<

|
|
>
|
>
|
>
|



<
<

<
|


|





|

|

|

|







1368
1369
1370
1371
1372
1373
1374
1375

1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387


1388

1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
		ASN1_INTEGER_free(ai);
	return (ret);
}

int
rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
{
	char opath[PATH_MAX], npath[PATH_MAX];


	if (snprintf(npath, sizeof npath, "%s.%s", serialfile,
	    new_suffix) >= sizeof npath) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}

	if (snprintf(opath, sizeof opath, "%s.%s", serialfile,
	    old_suffix) >= sizeof opath) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}




	if (rename(serialfile, opath) < 0 &&
	    errno != ENOENT && errno != ENOTDIR) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    serialfile, opath);
		perror("reason");
		goto err;
	}


	if (rename(npath, serialfile) < 0) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    npath, serialfile);
		perror("reason");
		if (rename(opath, serialfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    opath, serialfile);
			perror("reason");
		}
		goto err;
	}
	return 1;

err:
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477





1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
CA_DB *
load_index(char *dbfile, DB_ATTR *db_attr)
{
	CA_DB *retdb = NULL;
	TXT_DB *tmpdb = NULL;
	BIO *in = BIO_new(BIO_s_file());
	CONF *dbattr_conf = NULL;
	char buf[1][BUFLEN];
	long errorline = -1;

	if (in == NULL) {
		ERR_print_errors(bio_err);
		goto err;
	}
	if (BIO_read_filename(in, dbfile) <= 0) {
		perror(dbfile);
		BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
		goto err;
	}
	if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
		goto err;

	snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);





	dbattr_conf = NCONF_new(NULL);
	if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
		if (errorline > 0) {
			BIO_printf(bio_err,
			    "error on line %ld of db attribute file '%s'\n",
			    errorline, buf[0]);
			goto err;
		} else {
			NCONF_free(dbattr_conf);
			dbattr_conf = NULL;
		}
	}
	if ((retdb = malloc(sizeof(CA_DB))) == NULL) {







|














|
>
>
>
>
>

|



|







1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
CA_DB *
load_index(char *dbfile, DB_ATTR *db_attr)
{
	CA_DB *retdb = NULL;
	TXT_DB *tmpdb = NULL;
	BIO *in = BIO_new(BIO_s_file());
	CONF *dbattr_conf = NULL;
	char attrpath[PATH_MAX];
	long errorline = -1;

	if (in == NULL) {
		ERR_print_errors(bio_err);
		goto err;
	}
	if (BIO_read_filename(in, dbfile) <= 0) {
		perror(dbfile);
		BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
		goto err;
	}
	if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
		goto err;

	if (snprintf(attrpath, sizeof attrpath, "%s.attr", dbfile)
	    >= sizeof attrpath) {
		BIO_printf(bio_err, "attr filename too long\n");
		goto err;
	}

	dbattr_conf = NCONF_new(NULL);
	if (NCONF_load(dbattr_conf, attrpath, &errorline) <= 0) {
		if (errorline > 0) {
			BIO_printf(bio_err,
			    "error on line %ld of db attribute file '%s'\n",
			    errorline, attrpath);
			goto err;
		} else {
			NCONF_free(dbattr_conf);
			dbattr_conf = NULL;
		}
	}
	if ((retdb = malloc(sizeof(CA_DB))) == NULL) {
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549

1550



1551

1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607

1608




1609

1610
1611
1612
1613
1614
1615




1616
1617







1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
		    db->db->error, db->db->arg1, db->db->arg2);
		return 0;
	}
	return 1;
}

int
save_index(const char *dbfile, const char *suffix, CA_DB *db)
{
	char buf[3][BUFLEN];
	BIO *out = BIO_new(BIO_s_file());
	int j;

	if (out == NULL) {
		ERR_print_errors(bio_err);
		goto err;
	}

	j = strlen(dbfile) + strlen(suffix);



	if (j + 6 >= BUFLEN) {

		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}
	snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
	snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
	snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);


	if (BIO_write_filename(out, buf[0]) <= 0) {
		perror(dbfile);
		BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
		goto err;
	}
	j = TXT_DB_write(out, db->db);
	if (j <= 0)
		goto err;

	BIO_free(out);

	out = BIO_new(BIO_s_file());


	if (BIO_write_filename(out, buf[1]) <= 0) {
		perror(buf[2]);
		BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
		goto err;
	}
	BIO_printf(out, "unique_subject = %s\n",
	    db->attributes.unique_subject ? "yes" : "no");
	BIO_free(out);

	return 1;

err:
	return 0;
}

int
rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
{
	char buf[5][BUFLEN];
	int i, j;

	i = strlen(dbfile) + strlen(old_suffix);
	j = strlen(dbfile) + strlen(new_suffix);
	if (i > j)
		j = i;
	if (j + 6 >= BUFLEN) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}
	snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
	snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
	snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
	snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
	snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);








	if (rename(dbfile, buf[1]) < 0 && errno != ENOENT && errno != ENOTDIR) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    dbfile, buf[1]);
		perror("reason");
		goto err;
	}













	if (rename(buf[0], dbfile) < 0) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    buf[0], dbfile);
		perror("reason");
		if (rename(buf[1], dbfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    buf[1], dbfile);
			perror("reason");
		}
		goto err;
	}


	if (rename(buf[4], buf[3]) < 0 && errno != ENOENT && errno != ENOTDIR) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    buf[4], buf[3]);
		perror("reason");
		if (rename(dbfile, buf[0]) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    dbfile, buf[0]);
			perror("reason");
		}
		if (rename(buf[1], dbfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    buf[1], dbfile);
			perror("reason");
		}
		goto err;
	}


	if (rename(buf[2], buf[4]) < 0) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    buf[2], buf[4]);
		perror("reason");
		if (rename(buf[3], buf[4]) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    buf[3], buf[4]);
			perror("reason");
		}
		if (rename(dbfile, buf[0]) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    dbfile, buf[0]);
			perror("reason");
		}
		if (rename(buf[1], dbfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    buf[1], dbfile);
			perror("reason");
		}
		goto err;
	}
	return 1;

err:







|

|







>
|
>
>
>
|
>



<
<
<

<
|












<
|
|
|















|
|

<
<
|
<
|



<
|
|
|
<
>
|
>
>
>
>
|
>
|
|
<
<


>
>
>
>
|

>
>
>
>
>
>
>
|

|

|

|





<
|

|

|

|


|

|





|
<

|

|

|


|

|


|

|







1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552



1553

1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566

1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587


1588

1589
1590
1591
1592

1593
1594
1595

1596
1597
1598
1599
1600
1601
1602
1603
1604
1605


1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632

1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650

1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
		    db->db->error, db->db->arg1, db->db->arg2);
		return 0;
	}
	return 1;
}

int
save_index(const char *file, const char *suffix, CA_DB *db)
{
	char attrpath[PATH_MAX], dbfile[PATH_MAX];
	BIO *out = BIO_new(BIO_s_file());
	int j;

	if (out == NULL) {
		ERR_print_errors(bio_err);
		goto err;
	}
	if (snprintf(attrpath, sizeof attrpath, "%s.attr.%s",
	    file, suffix) >= sizeof attrpath) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}
	if (snprintf(dbfile, sizeof dbfile, "%s.%s",
	    file, suffix) >= sizeof dbfile) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}





	if (BIO_write_filename(out, dbfile) <= 0) {
		perror(dbfile);
		BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
		goto err;
	}
	j = TXT_DB_write(out, db->db);
	if (j <= 0)
		goto err;

	BIO_free(out);

	out = BIO_new(BIO_s_file());


	if (BIO_write_filename(out, attrpath) <= 0) {
		perror(attrpath);
		BIO_printf(bio_err, "unable to open '%s'\n", attrpath);
		goto err;
	}
	BIO_printf(out, "unique_subject = %s\n",
	    db->attributes.unique_subject ? "yes" : "no");
	BIO_free(out);

	return 1;

err:
	return 0;
}

int
rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
{
	char attrpath[PATH_MAX], nattrpath[PATH_MAX], oattrpath[PATH_MAX];
	char dbpath[PATH_MAX], odbpath[PATH_MAX];



	if (snprintf(attrpath, sizeof attrpath, "%s.attr",

	    dbfile) >= sizeof attrpath) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}

	if (snprintf(nattrpath, sizeof nattrpath, "%s.attr.%s",
	    dbfile, new_suffix) >= sizeof nattrpath) {
		BIO_printf(bio_err, "file name too long\n");

		goto err;
	}
	if (snprintf(oattrpath, sizeof oattrpath, "%s.attr.%s",
	    dbfile, old_suffix) >= sizeof oattrpath) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}
	if (snprintf(dbpath, sizeof dbpath, "%s.%s",
	    dbfile, new_suffix) >= sizeof dbpath) {
		BIO_printf(bio_err, "file name too long\n");


		goto err;
	}
	if (snprintf(odbpath, sizeof odbpath, "%s.%s",
	    dbfile, old_suffix) >= sizeof odbpath) {
		BIO_printf(bio_err, "file name too long\n");
		goto err;
	}

	if (rename(dbfile, odbpath) < 0 && errno != ENOENT && errno != ENOTDIR) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    dbfile, odbpath);
		perror("reason");
		goto err;
	}

	if (rename(dbpath, dbfile) < 0) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    dbpath, dbfile);
		perror("reason");
		if (rename(odbpath, dbfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    odbpath, dbfile);
			perror("reason");
		}
		goto err;
	}


	if (rename(attrpath, oattrpath) < 0 && errno != ENOENT && errno != ENOTDIR) {
		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    attrpath, oattrpath);
		perror("reason");
		if (rename(dbfile, dbpath) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    dbfile, dbpath);
			perror("reason");
		}
		if (rename(odbpath, dbfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    odbpath, dbfile);
			perror("reason");
		}
		goto err;
	}

	if (rename(nattrpath, attrpath) < 0) {

		BIO_printf(bio_err, "unable to rename %s to %s\n",
		    nattrpath, attrpath);
		perror("reason");
		if (rename(oattrpath, attrpath) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    oattrpath, attrpath);
			perror("reason");
		}
		if (rename(dbfile, dbpath) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    dbfile, dbpath);
			perror("reason");
		}
		if (rename(odbpath, dbfile) < 0) {
			BIO_printf(bio_err, "unable to rename %s to %s\n",
			    odbpath, dbfile);
			perror("reason");
		}
		goto err;
	}
	return 1;

err:
2213
2214
2215
2216
2217
2218
2219
2220

2221
2222
2223
2224
2225
2226
2227
		if (opt->name == NULL && opt->type == 0)
			goto unknown;

		if (opt->type == OPTION_ARG ||
		    opt->type == OPTION_ARG_FORMAT ||
		    opt->type == OPTION_ARG_FUNC ||
		    opt->type == OPTION_ARG_INT ||
		    opt->type == OPTION_ARG_LONG) {

			if (++i >= argc) {
				fprintf(stderr, "missing %s argument for -%s\n",
				    opt->argname, opt->name);
				return (1);
			}
		}








|
>







2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
		if (opt->name == NULL && opt->type == 0)
			goto unknown;

		if (opt->type == OPTION_ARG ||
		    opt->type == OPTION_ARG_FORMAT ||
		    opt->type == OPTION_ARG_FUNC ||
		    opt->type == OPTION_ARG_INT ||
		    opt->type == OPTION_ARG_LONG ||
		    opt->type == OPTION_ARG_TIME) {
			if (++i >= argc) {
				fprintf(stderr, "missing %s argument for -%s\n",
				    opt->argname, opt->name);
				return (1);
			}
		}

2266
2267
2268
2269
2270
2271
2272










2273
2274
2275
2276
2277
2278
2279
			if (errstr != NULL) {
				fprintf(stderr, "%s %s argument for -%s\n",
				    errstr, opt->argname, opt->name);
				return (1);
			}
			*opt->opt.lvalue = (long)val;
			break;











		case OPTION_DISCARD:
			break;

		case OPTION_FUNC:
			if (opt->opt.func() != 0)
				return (1);







>
>
>
>
>
>
>
>
>
>







2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
			if (errstr != NULL) {
				fprintf(stderr, "%s %s argument for -%s\n",
				    errstr, opt->argname, opt->name);
				return (1);
			}
			*opt->opt.lvalue = (long)val;
			break;

		case OPTION_ARG_TIME:
			val = strtonum(argv[i], 0, LLONG_MAX, &errstr);
			if (errstr != NULL) {
				fprintf(stderr, "%s %s argument for -%s\n",
				    errstr, opt->argname, opt->name);
				return (1);
			}
			*opt->opt.tvalue = val;
			break;

		case OPTION_DISCARD:
			break;

		case OPTION_FUNC:
			if (opt->opt.func() != 0)
				return (1);
Changes to jni/libressl/apps/openssl/apps.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: apps.h,v 1.16 2015/09/13 12:41:01 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: apps.h,v 1.19 2016/08/30 14:34:59 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
290
291
292
293
294
295
296

297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312

313
314
315
316
317
318
319
320
321
	enum {
		OPTION_ARG,
		OPTION_ARGV_FUNC,
		OPTION_ARG_FORMAT,
		OPTION_ARG_FUNC,
		OPTION_ARG_INT,
		OPTION_ARG_LONG,

		OPTION_DISCARD,
		OPTION_FUNC,
		OPTION_FLAG,
		OPTION_FLAG_ORD,
		OPTION_VALUE,
		OPTION_VALUE_AND,
		OPTION_VALUE_OR,
	} type;
	union {
		char **arg;
		int (*argfunc)(char *arg);
		int (*argvfunc)(int argc, char **argv, int *argsused);
		int *flag;
		int (*func)(void);
		long *lvalue;
		int *value;

	} opt;
	const int value;
};

void options_usage(struct option *opts);
int options_parse(int argc, char **argv, struct option *opts, char **unnamed,
    int *argsused);

#endif







>
















>









290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
	enum {
		OPTION_ARG,
		OPTION_ARGV_FUNC,
		OPTION_ARG_FORMAT,
		OPTION_ARG_FUNC,
		OPTION_ARG_INT,
		OPTION_ARG_LONG,
		OPTION_ARG_TIME,
		OPTION_DISCARD,
		OPTION_FUNC,
		OPTION_FLAG,
		OPTION_FLAG_ORD,
		OPTION_VALUE,
		OPTION_VALUE_AND,
		OPTION_VALUE_OR,
	} type;
	union {
		char **arg;
		int (*argfunc)(char *arg);
		int (*argvfunc)(int argc, char **argv, int *argsused);
		int *flag;
		int (*func)(void);
		long *lvalue;
		int *value;
		time_t *tvalue;
	} opt;
	const int value;
};

void options_usage(struct option *opts);
int options_parse(int argc, char **argv, struct option *opts, char **unnamed,
    int *argsused);

#endif
Changes to jni/libressl/apps/openssl/asn1pars.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1pars.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1pars.c,v 1.7 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
	const char *errstr = NULL;
	unsigned char *tmpbuf;
	const unsigned char *ctmpbuf;
	BUF_MEM *buf = NULL;
	ASN1_TYPE *at = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&asn1pars_config, 0, sizeof(asn1pars_config));








|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
	const char *errstr = NULL;
	unsigned char *tmpbuf;
	const unsigned char *ctmpbuf;
	BUF_MEM *buf = NULL;
	ASN1_TYPE *at = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&asn1pars_config, 0, sizeof(asn1pars_config));

Changes to jni/libressl/apps/openssl/ca.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ca.c,v 1.19 2015/10/17 15:00:11 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ca.c,v 1.23 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
	const char *p;
	char *const * pp;
	int i, j;
	const EVP_MD *dgst = NULL;
	STACK_OF(CONF_VALUE) * attribs = NULL;
	STACK_OF(X509) * cert_sk = NULL;
	STACK_OF(OPENSSL_STRING) * sigopts = NULL;
#define BUFLEN 256
	char buf[3][BUFLEN];
	char *tofree = NULL;
	const char *errstr = NULL;
	DB_ATTR db_attr;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	conf = NULL;
	key = NULL;







<
<





|







276
277
278
279
280
281
282


283
284
285
286
287
288
289
290
291
292
293
294
295
	const char *p;
	char *const * pp;
	int i, j;
	const EVP_MD *dgst = NULL;
	STACK_OF(CONF_VALUE) * attribs = NULL;
	STACK_OF(X509) * cert_sk = NULL;
	STACK_OF(OPENSSL_STRING) * sigopts = NULL;


	char *tofree = NULL;
	const char *errstr = NULL;
	DB_ATTR db_attr;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	conf = NULL;
	key = NULL;
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
			goto err;
		}
	} else
		ERR_clear_error();

	/*****************************************************************/
	/* lookup where to write new certificates */
	if ((outdir == NULL) && (req)) {

		if ((outdir = NCONF_get_string(conf, section,
		    ENV_NEW_CERTS_DIR)) == NULL) {
			BIO_printf(bio_err, "there needs to be defined a directory for new certificate to be placed in\n");
			goto err;
		}
		/*
		 * outdir is a directory spec, but access() for VMS demands a
		 * filename.  In any case, stat(), below, will catch the
		 * problem if outdir is not a directory spec, and the fopen()
		 * or open() will catch an error if there is no write access.
		 *
		 * Presumably, this problem could also be solved by using the
		 * DEC C routines to convert the directory syntax to Unixly,
		 * and give that to access().  However, time's too short to
		 * do that just now.
		 */
		if (access(outdir, R_OK | W_OK | X_OK) != 0) {
			BIO_printf(bio_err,
			    "I am unable to access the %s directory\n", outdir);
			perror(outdir);
			goto err;
		}
		if (app_isdir(outdir) <= 0) {
			BIO_printf(bio_err,
			    "%s need to be a directory\n", outdir);
			perror(outdir);
			goto err;
		}
	}
	/*****************************************************************/
	/* we need to load the database file */
	if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
		lookup_fail(section, ENV_DATABASE);







|
<


<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
|
<
<
<
<
<
<







698
699
700
701
702
703
704
705

706
707















708

709






710
711
712
713
714
715
716
			goto err;
		}
	} else
		ERR_clear_error();

	/*****************************************************************/
	/* lookup where to write new certificates */
	if (outdir == NULL && req) {

		if ((outdir = NCONF_get_string(conf, section,
		    ENV_NEW_CERTS_DIR)) == NULL) {















			BIO_printf(bio_err, "output directory %s not defined\n",

			    ENV_NEW_CERTS_DIR);






			goto err;
		}
	}
	/*****************************************************************/
	/* we need to load the database file */
	if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
		lookup_fail(section, ENV_DATABASE);
1075
1076
1077
1078
1079
1080
1081


1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109

1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
		/*
		 * we have a stack of newly certified certificates and a data
		 * base and serial number that need updating
		 */

		if (sk_X509_num(cert_sk) > 0) {
			if (!batch) {


				BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total);
				(void) BIO_flush(bio_err);
				buf[0][0] = '\0';
				if (!fgets(buf[0], 10, stdin)) {
					BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
					ret = 0;
					goto err;
				}
				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
					BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
					ret = 0;
					goto err;
				}
			}
			BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk));

			if (!save_serial(serialfile, "new", serial, NULL))
				goto err;

			if (!save_index(dbfile, "new", db))
				goto err;
		}
		if (verbose)
			BIO_printf(bio_err, "writing new certificates\n");
		for (i = 0; i < sk_X509_num(cert_sk); i++) {
			int k;
			char *serialstr;
			unsigned char *data;


			x = sk_X509_value(cert_sk, i);

			j = x->cert_info->serialNumber->length;
			data = (unsigned char *)x->cert_info->serialNumber->data;
			if (j > 0)
				serialstr = bin2hex(data, j);
			else
				serialstr = strdup("00");
			if (serialstr) {
				k = snprintf(buf[2], sizeof(buf[2]),
				    "%s/%s.pem", outdir, serialstr);
				free(serialstr);
				if (k == -1 || k >= sizeof(buf[2])) {
					BIO_printf(bio_err,
					    "certificate file name too long\n");
					goto err;
				}
			} else {
				BIO_printf(bio_err,
				    "memory allocation failed\n");
				goto err;
			}
			if (verbose)
				BIO_printf(bio_err, "writing %s\n", buf[2]);

			if (BIO_write_filename(Cout, buf[2]) <= 0) {
				perror(buf[2]);
				goto err;
			}
			write_new_certificate(Cout, x, 0, notext);
			write_new_certificate(Sout, x, output_der, notext);
		}

		if (sk_X509_num(cert_sk)) {







>
>


<
|




|



















>










|


|










|

|
|







1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060

1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
		/*
		 * we have a stack of newly certified certificates and a data
		 * base and serial number that need updating
		 */

		if (sk_X509_num(cert_sk) > 0) {
			if (!batch) {
				char answer[10];

				BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total);
				(void) BIO_flush(bio_err);

				if (!fgets(answer, sizeof answer - 1, stdin)) {
					BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
					ret = 0;
					goto err;
				}
				if ((answer[0] != 'y') && (answer[0] != 'Y')) {
					BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
					ret = 0;
					goto err;
				}
			}
			BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk));

			if (!save_serial(serialfile, "new", serial, NULL))
				goto err;

			if (!save_index(dbfile, "new", db))
				goto err;
		}
		if (verbose)
			BIO_printf(bio_err, "writing new certificates\n");
		for (i = 0; i < sk_X509_num(cert_sk); i++) {
			int k;
			char *serialstr;
			unsigned char *data;
			char pempath[PATH_MAX];

			x = sk_X509_value(cert_sk, i);

			j = x->cert_info->serialNumber->length;
			data = (unsigned char *)x->cert_info->serialNumber->data;
			if (j > 0)
				serialstr = bin2hex(data, j);
			else
				serialstr = strdup("00");
			if (serialstr) {
				k = snprintf(pempath, sizeof(pempath),
				    "%s/%s.pem", outdir, serialstr);
				free(serialstr);
				if (k == -1 || k >= sizeof(pempath)) {
					BIO_printf(bio_err,
					    "certificate file name too long\n");
					goto err;
				}
			} else {
				BIO_printf(bio_err,
				    "memory allocation failed\n");
				goto err;
			}
			if (verbose)
				BIO_printf(bio_err, "writing %s\n", pempath);

			if (BIO_write_filename(Cout, pempath) <= 0) {
				perror(pempath);
				goto err;
			}
			write_new_certificate(Cout, x, 0, notext);
			write_new_certificate(Sout, x, output_der, notext);
		}

		if (sk_X509_num(cert_sk)) {
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
	EVP_PKEY *pktmp;
	int ok = -1, i, j, last, nid;
	const char *p;
	CONF_VALUE *cv;
	OPENSSL_STRING row[DB_NUMBER];
	OPENSSL_STRING *irow = NULL;
	OPENSSL_STRING *rrow = NULL;
	char buf[25];

	tmptm = ASN1_UTCTIME_new();
	if (tmptm == NULL) {
		BIO_printf(bio_err, "malloc error\n");
		return (0);
	}
	for (i = 0; i < DB_NUMBER; i++)







<







1480
1481
1482
1483
1484
1485
1486

1487
1488
1489
1490
1491
1492
1493
	EVP_PKEY *pktmp;
	int ok = -1, i, j, last, nid;
	const char *p;
	CONF_VALUE *cv;
	OPENSSL_STRING row[DB_NUMBER];
	OPENSSL_STRING *irow = NULL;
	OPENSSL_STRING *rrow = NULL;


	tmptm = ASN1_UTCTIME_new();
	if (tmptm == NULL) {
		BIO_printf(bio_err, "malloc error\n");
		return (0);
	}
	for (i = 0; i < DB_NUMBER; i++)
1900
1901
1902
1903
1904
1905
1906

1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
	BIO_printf(bio_err, "Certificate is to be certified until ");
	ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
	if (days)
		BIO_printf(bio_err, " (%ld days)", days);
	BIO_printf(bio_err, "\n");

	if (!batch) {


		BIO_printf(bio_err, "Sign the certificate? [y/n]:");
		(void) BIO_flush(bio_err);
		buf[0] = '\0';
		if (!fgets(buf, sizeof(buf) - 1, stdin)) {
			BIO_printf(bio_err,
			    "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
			ok = 0;
			goto err;
		}
		if (!((buf[0] == 'y') || (buf[0] == 'Y'))) {
			BIO_printf(bio_err,
			    "CERTIFICATE WILL NOT BE CERTIFIED\n");
			ok = 0;
			goto err;
		}
	}
	pktmp = X509_get_pubkey(ret);







>



<
|





|







1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886

1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
	BIO_printf(bio_err, "Certificate is to be certified until ");
	ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
	if (days)
		BIO_printf(bio_err, " (%ld days)", days);
	BIO_printf(bio_err, "\n");

	if (!batch) {
		char answer[25];

		BIO_printf(bio_err, "Sign the certificate? [y/n]:");
		(void) BIO_flush(bio_err);

		if (!fgets(answer, sizeof(answer) - 1, stdin)) {
			BIO_printf(bio_err,
			    "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
			ok = 0;
			goto err;
		}
		if (!((answer[0] == 'y') || (answer[0] == 'Y'))) {
			BIO_printf(bio_err,
			    "CERTIFICATE WILL NOT BE CERTIFIED\n");
			ok = 0;
			goto err;
		}
	}
	pktmp = X509_get_pubkey(ret);
Changes to jni/libressl/apps/openssl/cert.pem.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# $OpenBSD: cert.pem,v 1.11 2016/02/17 13:06:54 sthen Exp $

### AddTrust AB

=== AddTrust Class 1 CA Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:38:31 2000 GMT
            Not After : May 30 10:38:31 2020 GMT
        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
                serial:01

SHA1 Fingerprint=CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
SHA256 Fingerprint=8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7
-----BEGIN CERTIFICATE-----
MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
-----END CERTIFICATE-----
=== AddTrust External CA Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:48:38 2000 GMT
|



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1
2
3
4



















5





























6
7
8
9
10
11
12
# $OpenBSD: cert.pem,v 1.15 2017/02/24 10:42:00 sthen Exp $

### AddTrust AB




















=== /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root





























Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:48:38 2000 GMT
95
96
97
98
99
100
101





















102



























103
104
105
106
107
108
109
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----





















=== AddTrust Public CA Root



























Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:41:50 2000 GMT







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
=== /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:38:31 2000 GMT
            Not After : May 30 10:38:31 2020 GMT
        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
                serial:01

SHA1 Fingerprint=CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
SHA256 Fingerprint=8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7
-----BEGIN CERTIFICATE-----
MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
-----END CERTIFICATE-----
=== /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:41:50 2000 GMT
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
-----END CERTIFICATE-----
=== AddTrust Qualified CA Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:44:50 2000 GMT







|







143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
-----END CERTIFICATE-----
=== /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 30 10:44:50 2000 GMT
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
xqE=
-----END CERTIFICATE-----

### Baltimore

=== Baltimore CyberTrust Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33554617 (0x20000b9)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 12 18:46:00 2000 GMT







|







195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
xqE=
-----END CERTIFICATE-----

### Baltimore

=== /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33554617 (0x20000b9)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 12 18:46:00 2000 GMT
238
239
240
241
242
243
244



























































































245
246
247
248
249
250
251
252
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----

### Certplus




























































































=== Class 2 Primary CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
    Signature Algorithm: sha1WithRSAEncryption
        Validity







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----

### Certplus

=== /C=FR/O=Certplus/CN=Certplus Root CA G1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11
    Signature Algorithm: sha512WithRSAEncryption
        Validity
            Not Before: May 26 00:00:00 2014 GMT
            Not After : Jan 15 00:00:00 2038 GMT
        Subject: C=FR, O=Certplus, CN=Certplus Root CA G1
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                A8:C1:C0:9B:91:A8:43:15:7C:5D:06:27:B4:2A:51:D8:97:0B:81:B1
            X509v3 Authority Key Identifier: 
                keyid:A8:C1:C0:9B:91:A8:43:15:7C:5D:06:27:B4:2A:51:D8:97:0B:81:B1

SHA1 Fingerprint=22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66
SHA256 Fingerprint=15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA
MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy
dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa
MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy
dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a
iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt
6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP
0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f
6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE
EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN
1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc
h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT
mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV
4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO
WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud
DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd
Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq
hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh
66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7
/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS
S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j
2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R
Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr
RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy
6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV
V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5
g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl
++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo=
-----END CERTIFICATE-----
=== /C=FR/O=Certplus/CN=Certplus Root CA G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: May 26 00:00:00 2014 GMT
            Not After : Jan 15 00:00:00 2038 GMT
        Subject: C=FR, O=Certplus, CN=Certplus Root CA G2
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                DA:83:63:02:79:8E:DA:4C:C6:3C:23:14:D8:8F:C3:20:AB:28:60:59
            X509v3 Authority Key Identifier: 
                keyid:DA:83:63:02:79:8E:DA:4C:C6:3C:23:14:D8:8F:C3:20:AB:28:60:59

SHA1 Fingerprint=4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A
SHA256 Fingerprint=6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17
-----BEGIN CERTIFICATE-----
MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x
CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs
dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x
CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs
dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat
93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x
Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P
AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj
FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG
SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch
p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal
U5ORGpOucGpnutee5WEaXw==
-----END CERTIFICATE-----
=== /C=FR/O=Certplus/CN=Class 2 Primary CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
    Signature Algorithm: sha1WithRSAEncryption
        Validity
288
289
290
291
292
293
294































































































































































295
296
297
298
299
300
301
302
303
304
yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
l7+ijrRU
-----END CERTIFICATE-----
































































































































































### COMODO CA Limited

=== COMODO Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d
    Signature Algorithm: sha1WithRSAEncryption
        Validity







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|







379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
l7+ijrRU
-----END CERTIFICATE-----

### Comodo CA Limited

=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jan  1 00:00:00 2004 GMT
            Not After : Dec 31 23:59:59 2028 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/AAACertificateServices.crl

                Full Name:
                  URI:http://crl.comodo.net/AAACertificateServices.crl

SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jan  1 00:00:00 2004 GMT
            Not After : Dec 31 23:59:59 2028 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                3C:D8:93:88:C2:C0:82:09:CC:01:99:06:93:20:E9:9E:70:09:63:4F
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/SecureCertificateServices.crl

                Full Name:
                  URI:http://crl.comodo.net/SecureCertificateServices.crl

SHA1 Fingerprint=4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
SHA256 Fingerprint=BD:81:CE:3B:4F:65:91:D1:1A:67:B5:FC:7A:47:FD:EF:25:52:1B:F9:AA:4E:18:B9:E3:DF:2E:34:A7:80:3B:E8
-----BEGIN CERTIFICATE-----
MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
-----END CERTIFICATE-----
=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jan  1 00:00:00 2004 GMT
            Not After : Dec 31 23:59:59 2028 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C5:7B:58:BD:ED:DA:25:69:D2:F7:59:16:A8:B3:32:C0:7B:27:5B:F4
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/TrustedCertificateServices.crl

                Full Name:
                  URI:http://crl.comodo.net/TrustedCertificateServices.crl

SHA1 Fingerprint=E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
SHA256 Fingerprint=3F:06:E5:56:81:D4:96:F5:BE:16:9E:B5:38:9F:9F:2B:8F:F6:1E:17:08:DF:68:81:72:48:49:CD:5D:27:CB:69
-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
-----END CERTIFICATE-----

### COMODO CA Limited

=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d
    Signature Algorithm: sha1WithRSAEncryption
        Validity
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
ZQ==
-----END CERTIFICATE-----
=== COMODO ECC Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a
    Signature Algorithm: ecdsa-with-SHA384
        Validity







|







590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
ZQ==
-----END CERTIFICATE-----
=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a
    Signature Algorithm: ecdsa-with-SHA384
        Validity
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
-----END CERTIFICATE-----
=== COMODO RSA Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
    Signature Algorithm: sha384WithRSAEncryption
        Validity







|







626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
-----END CERTIFICATE-----
=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
    Signature Algorithm: sha384WithRSAEncryption
        Validity
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----

### Comodo CA Limited

=== AAA Certificate Services
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jan  1 00:00:00 2004 GMT
            Not After : Dec 31 23:59:59 2028 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/AAACertificateServices.crl

                Full Name:
                  URI:http://crl.comodo.net/AAACertificateServices.crl

SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
=== Secure Certificate Services
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jan  1 00:00:00 2004 GMT
            Not After : Dec 31 23:59:59 2028 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                3C:D8:93:88:C2:C0:82:09:CC:01:99:06:93:20:E9:9E:70:09:63:4F
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/SecureCertificateServices.crl

                Full Name:
                  URI:http://crl.comodo.net/SecureCertificateServices.crl

SHA1 Fingerprint=4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
SHA256 Fingerprint=BD:81:CE:3B:4F:65:91:D1:1A:67:B5:FC:7A:47:FD:EF:25:52:1B:F9:AA:4E:18:B9:E3:DF:2E:34:A7:80:3B:E8
-----BEGIN CERTIFICATE-----
MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
-----END CERTIFICATE-----
=== Trusted Certificate Services
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jan  1 00:00:00 2004 GMT
            Not After : Dec 31 23:59:59 2028 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C5:7B:58:BD:ED:DA:25:69:D2:F7:59:16:A8:B3:32:C0:7B:27:5B:F4
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/TrustedCertificateServices.crl

                Full Name:
                  URI:http://crl.comodo.net/TrustedCertificateServices.crl

SHA1 Fingerprint=E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
SHA256 Fingerprint=3F:06:E5:56:81:D4:96:F5:BE:16:9E:B5:38:9F:9F:2B:8F:F6:1E:17:08:DF:68:81:72:48:49:CD:5D:27:CB:69
-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
-----END CERTIFICATE-----

### Deutsche Telekom AG

=== Deutsche Telekom Root CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 38 (0x26)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jul  9 12:11:00 1999 GMT







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


|







681
682
683
684
685
686
687































































































































































688
689
690
691
692
693
694
695
696
697
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----
































































































































































### Deutsche Telekom AG

=== /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 38 (0x26)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jul  9 12:11:00 1999 GMT
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
Cm26OWMohpLzGITY+9HPBVZkVw==
-----END CERTIFICATE-----

### DigiCert Inc

=== DigiCert Assured ID Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
Cm26OWMohpLzGITY+9HPBVZkVw==
-----END CERTIFICATE-----

### DigiCert Inc

=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
    Signature Algorithm: sha1WithRSAEncryption
        Validity
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
-----END CERTIFICATE-----
=== DigiCert Assured ID Root G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b
    Signature Algorithm: sha256WithRSAEncryption
        Validity







|







772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b
    Signature Algorithm: sha256WithRSAEncryption
        Validity
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni
lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9
B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv
ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
IhNzbM8m9Yop5w==
-----END CERTIFICATE-----
=== DigiCert Assured ID Root G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec
    Signature Algorithm: ecdsa-with-SHA384
        Validity







|







814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni
lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9
B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv
ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
IhNzbM8m9Yop5w==
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec
    Signature Algorithm: ecdsa-with-SHA384
        Validity
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD
AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY
JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv
6pZjamVFkpUBtA==
-----END CERTIFICATE-----
=== DigiCert Global Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD
AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY
JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv
6pZjamVFkpUBtA==
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
    Signature Algorithm: sha1WithRSAEncryption
        Validity
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
=== DigiCert Global Root G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
    Signature Algorithm: sha256WithRSAEncryption
        Validity







|







894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
    Signature Algorithm: sha256WithRSAEncryption
        Validity
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----
=== DigiCert Global Root G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
    Signature Algorithm: ecdsa-with-SHA384
        Validity







|







936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
    Signature Algorithm: ecdsa-with-SHA384
        Validity
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO
Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx
AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/
oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
sycX
-----END CERTIFICATE-----
=== DigiCert High Assurance EV Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO
Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx
AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/
oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
sycX
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
    Signature Algorithm: sha1WithRSAEncryption
        Validity
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
=== DigiCert Trusted Root G4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
    Signature Algorithm: sha384WithRSAEncryption
        Validity







|







1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
    Signature Algorithm: sha384WithRSAEncryption
        Validity
978
979
980
981
982
983
984
985





















































986
987
988
989
990
991
992
993
994
995
cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N
0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie
4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI
r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm
gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
-----END CERTIFICATE-----






















































### Digital Signature Trust Co.

=== DST Root CA X3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
    Signature Algorithm: sha1WithRSAEncryption
        Validity








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|







1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N
0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie
4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI
r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm
gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
-----END CERTIFICATE-----

### Digital Signature Trust

=== /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 20 21:19:58 2003 GMT
            Not After : Nov 20 21:19:58 2017 GMT
        Subject: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                email:pki-ops@trustdst.com
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.101.3.2.1.1.1
                  CPS: http://www.trustdst.com/certificates/policy/ACES-index.html

            X509v3 Subject Key Identifier: 
                09:72:06:4E:18:43:0F:E5:D6:CC:C3:6A:8B:31:7B:78:8F:A8:83:B8
SHA1 Fingerprint=40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
SHA256 Fingerprint=76:7C:95:5A:76:41:2C:89:AF:68:8E:90:A1:C7:0F:55:6C:FD:6B:60:25:DB:EA:10:41:6D:7E:B6:83:1F:8C:40
-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx
ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w
MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD
VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx
FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu
ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7
gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH
fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a
ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT
ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk
c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto
dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI
hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk
QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/
h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR
rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2
9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis=
-----END CERTIFICATE-----

### Digital Signature Trust Co.

=== /O=Digital Signature Trust Co./CN=DST Root CA X3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
    Signature Algorithm: sha1WithRSAEncryption
        Validity
1024
1025
1026
1027
1028
1029
1030


















































































1031
1032
1033
1034
1035
1036
1037
1038
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

### Entrust, Inc.



















































































=== Entrust Root Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1164660820 (0x456b5054)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 27 20:23:42 2006 GMT







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

### Entrust, Inc.

=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1246989352 (0x4a538c28)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Jul  7 17:25:54 2009 GMT
            Not After : Dec  7 17:55:54 2030 GMT
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB
SHA1 Fingerprint=8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
SHA256 Fingerprint=43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
-----BEGIN CERTIFICATE-----
MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----
=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - EC1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a6:8b:79:29:00:00:00:00:50:d0:91:f9
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Dec 18 15:25:36 2012 GMT
            Not After : Dec 18 15:55:36 2037 GMT
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49
SHA1 Fingerprint=20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
SHA256 Fingerprint=02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
-----BEGIN CERTIFICATE-----
MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq
RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy
MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD
VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g
Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
-----END CERTIFICATE-----
=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1164660820 (0x456b5054)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 27 20:23:42 2006 GMT
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
0vdXcDazv/wor3ElhVsT/h5/WrQ8
-----END CERTIFICATE-----
=== Entrust Root Certification Authority - EC1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a6:8b:79:29:00:00:00:00:50:d0:91:f9
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Dec 18 15:25:36 2012 GMT
            Not After : Dec 18 15:55:36 2037 GMT
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49
SHA1 Fingerprint=20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
SHA256 Fingerprint=02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
-----BEGIN CERTIFICATE-----
MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq
RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy
MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD
VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g
Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
-----END CERTIFICATE-----
=== Entrust Root Certification Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1246989352 (0x4a538c28)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Jul  7 17:25:54 2009 GMT
            Not After : Dec  7 17:55:54 2030 GMT
        Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB
SHA1 Fingerprint=8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
SHA256 Fingerprint=43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
-----BEGIN CERTIFICATE-----
MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----

### Entrust.net

=== Entrust.net Certification Authority (2048)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 946069240 (0x3863def8)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Dec 24 17:50:51 1999 GMT







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



|







1303
1304
1305
1306
1307
1308
1309


















































































1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
0vdXcDazv/wor3ElhVsT/h5/WrQ8
-----END CERTIFICATE-----



















































































### Entrust.net

=== /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 946069240 (0x3863def8)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Dec 24 17:50:51 1999 GMT
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
fF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----
=== Entrust.net Secure Server Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 927650371 (0x374ad243)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 25 16:09:40 1999 GMT
            Not After : May 25 16:39:40 2019 GMT
        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
        X509v3 extensions:
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            X509v3 CRL Distribution Points: 

                Full Name:
                  DirName: C = US, O = Entrust.net, OU = www.entrust.net/CPS incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Secure Server Certification Authority, CN = CRL1

                Full Name:
                  URI:http://www.entrust.net/CRL/net1.crl

            X509v3 Private Key Usage Period: 
                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier: 
                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A

            X509v3 Subject Key Identifier: 
                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
            X509v3 Basic Constraints: 
                CA:TRUE
            1.2.840.113533.7.65.0: 
                0
..V4.0....
SHA1 Fingerprint=99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
SHA256 Fingerprint=62:F2:40:27:8C:56:4C:4D:D8:BF:7D:9D:4F:6F:36:6E:A8:94:D2:2F:5F:34:D9:89:A9:83:AC:EC:2F:FF:ED:50
-----BEGIN CERTIFICATE-----
MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
-----END CERTIFICATE-----

### Equifax

=== Equifax Secure Certificate Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 903804111 (0x35def4cf)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Aug 22 16:41:51 1998 GMT
            Not After : Aug 22 16:41:51 2018 GMT
        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
        X509v3 extensions:
            X509v3 CRL Distribution Points: 

                Full Name:
                  DirName: C = US, O = Equifax, OU = Equifax Secure Certificate Authority, CN = CRL1

            X509v3 Private Key Usage Period: 
                Not After: Aug 22 16:41:51 2018 GMT
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier: 
                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4

            X509v3 Subject Key Identifier: 
                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
            X509v3 Basic Constraints: 
                CA:TRUE
            1.2.840.113533.7.65.0: 
                0...V3.0c....
SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
SHA256 Fingerprint=08:29:7A:40:47:DB:A2:36:80:C7:31:DB:6E:31:76:53:CA:78:48:E1:BE:BD:3A:0B:01:79:A7:07:F9:2C:F1:78
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

### Equifax Secure Inc.

=== Equifax Secure eBusiness CA-1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: md5WithRSAEncryption
        Validity
            Not Before: Jun 21 04:00:00 1999 GMT
            Not After : Jun 21 04:00:00 2020 GMT
        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
        X509v3 extensions:
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1

            X509v3 Subject Key Identifier: 
                4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
SHA1 Fingerprint=DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
SHA256 Fingerprint=CF:56:FF:46:A4:A1:86:10:9D:D9:65:84:B5:EE:B5:8A:51:0C:42:75:B0:E5:F9:4F:40:BB:AE:86:5E:19:F6:73
-----BEGIN CERTIFICATE-----
MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw
MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j
LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo
RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu
WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw
Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD
AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK
eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM
zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
-----END CERTIFICATE-----
=== Equifax Secure Global eBusiness CA-1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: md5WithRSAEncryption
        Validity
            Not Before: Jun 21 04:00:00 1999 GMT
            Not After : Jun 21 04:00:00 2020 GMT
        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
        X509v3 extensions:
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C

            X509v3 Subject Key Identifier: 
                BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
SHA1 Fingerprint=7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
SHA256 Fingerprint=5F:0B:62:EA:B5:E3:53:EA:65:21:65:16:58:FB:B6:53:59:F4:43:28:0A:4A:FB:D1:04:D7:7D:10:F9:F0:4C:07
-----BEGIN CERTIFICATE-----
MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
-----END CERTIFICATE-----

### GeoTrust Inc.

=== GeoTrust Global CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 144470 (0x23456)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 21 04:00:00 2002 GMT







<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


|







1350
1351
1352
1353
1354
1355
1356














1357























































































































































































1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
fF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----






































































































































































































### GeoTrust Inc.

=== /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 144470 (0x23456)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 21 04:00:00 2002 GMT
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
=== GeoTrust Global CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar  4 05:00:00 2004 GMT







|







1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
=== /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar  4 05:00:00 2004 GMT
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
4iIprn2DQKi6bA==
-----END CERTIFICATE-----
=== GeoTrust Primary Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
4iIprn2DQKi6bA==
-----END CERTIFICATE-----
=== /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
    Signature Algorithm: sha1WithRSAEncryption
        Validity
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
-----END CERTIFICATE-----
=== GeoTrust Primary Certification Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov  5 00:00:00 2007 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                15:5F:35:57:51:55:FB:25:B2:AD:03:69:FC:01:A3:FA:BE:11:55:D5
SHA1 Fingerprint=8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
SHA256 Fingerprint=5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66
-----BEGIN CERTIFICATE-----
MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
rD6ogRLQy7rQkgu2npaqBA+K
-----END CERTIFICATE-----
=== GeoTrust Primary Certification Authority - G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Apr  2 00:00:00 2008 GMT
            Not After : Dec  1 23:59:59 2037 GMT
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                C4:79:CA:8E:A1:4E:03:1D:1C:DC:6B:DB:31:5B:94:3E:3F:30:7F:2D
SHA1 Fingerprint=03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
SHA256 Fingerprint=B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
spki4cErx5z481+oghLrGREt
-----END CERTIFICATE-----
=== GeoTrust Universal CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar  4 05:00:00 2004 GMT







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|







1477
1478
1479
1480
1481
1482
1483

















































































1484
1485
1486
1487
1488
1489
1490
1491
KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
-----END CERTIFICATE-----

















































































=== /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar  4 05:00:00 2004 GMT
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
-----END CERTIFICATE-----
=== GeoTrust Universal CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar  4 05:00:00 2004 GMT







|







1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
-----END CERTIFICATE-----
=== /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar  4 05:00:00 2004 GMT
1717
1718
1719
1720
1721
1722
1723

















































































1724
1725
1726






















































































1727































1728
1729
1730
1731
1732
1733
1734
T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
-----END CERTIFICATE-----


















































































### GlobalSign























































































=== GlobalSign































Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:21:58:53:08:a2
    Signature Algorithm: sha256WithRSAEncryption
        Validity







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
-----END CERTIFICATE-----
=== /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov  5 00:00:00 2007 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                15:5F:35:57:51:55:FB:25:B2:AD:03:69:FC:01:A3:FA:BE:11:55:D5
SHA1 Fingerprint=8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
SHA256 Fingerprint=5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66
-----BEGIN CERTIFICATE-----
MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
rD6ogRLQy7rQkgu2npaqBA+K
-----END CERTIFICATE-----
=== /C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Apr  2 00:00:00 2008 GMT
            Not After : Dec  1 23:59:59 2037 GMT
        Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                C4:79:CA:8E:A1:4E:03:1D:1C:DC:6B:DB:31:5B:94:3E:3F:30:7F:2D
SHA1 Fingerprint=03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
SHA256 Fingerprint=B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
spki4cErx5z481+oghLrGREt
-----END CERTIFICATE-----

### GlobalSign

=== /OU=GlobalSign ECC Root CA - R4/O=GlobalSign/CN=GlobalSign
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02
    Signature Algorithm: ecdsa-with-SHA256
        Validity
            Not Before: Nov 13 00:00:00 2012 GMT
            Not After : Jan 19 03:14:07 2038 GMT
        Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5
SHA1 Fingerprint=69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
SHA256 Fingerprint=BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C
-----BEGIN CERTIFICATE-----
MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk
MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH
bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ
FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F
uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX
kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs
ewv4n4Q=
-----END CERTIFICATE-----
=== /OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov 13 00:00:00 2012 GMT
            Not After : Jan 19 03:14:07 2038 GMT
        Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59
SHA1 Fingerprint=1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA
SHA256 Fingerprint=17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24
-----BEGIN CERTIFICATE-----
MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk
MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH
bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc
8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke
hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI
KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg
515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO
xwy8p2Fp8fc74SrL+SvzZpA3
-----END CERTIFICATE-----
=== /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:0f:86:26:e6:0d
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Dec 15 08:00:00 2006 GMT
            Not After : Dec 15 08:00:00 2021 GMT
        Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.globalsign.net/root-r2.crl

            X509v3 Authority Key Identifier: 
                keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E

SHA1 Fingerprint=75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
SHA256 Fingerprint=CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----
=== /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:21:58:53:08:a2
    Signature Algorithm: sha256WithRSAEncryption
        Validity
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
WD9f
-----END CERTIFICATE-----

### GlobalSign nv-sa

=== GlobalSign Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:15:4b:5a:c3:94
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
WD9f
-----END CERTIFICATE-----

### GlobalSign nv-sa

=== /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:15:4b:5a:c3:94
    Signature Algorithm: sha1WithRSAEncryption
        Validity
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

### GoDaddy.com, Inc.

=== Go Daddy Root Certificate Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep  1 00:00:00 2009 GMT







|







1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

### GoDaddy.com, Inc.

=== /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep  1 00:00:00 2009 GMT
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864

1865
1866
1867
1868
1869







1870
1871
1872
1873
1874
1875
1876
1877
1878

1879
1880
1881
1882
1883
1884
1885
















1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
4uJEvlz36hz1
-----END CERTIFICATE-----

### GTE Corporation

=== GTE CyberTrust Global Root
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 421 (0x1a5)

    Signature Algorithm: md5WithRSAEncryption
        Validity
            Not Before: Aug 13 00:29:00 1998 GMT
            Not After : Aug 13 23:59:00 2018 GMT
        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root







SHA1 Fingerprint=97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
SHA256 Fingerprint=A5:31:25:18:8D:21:10:AA:96:4B:02:C7:B7:C6:DA:32:03:17:08:94:E5:FB:71:FF:FB:66:67:D5:E6:81:0A:36
-----BEGIN CERTIFICATE-----
MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds

b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
















-----END CERTIFICATE-----

### NetLock Kft.

=== NetLock Arany (Class Gold) F\U0151tan\FAs\EDtv\E1ny
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 80544274841616 (0x49412ce40010)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Dec 11 15:08:21 2008 GMT







|

|


|
|
>
|

|
|
|
>
>
>
>
>
>
>
|
|

|
|
|
|
<
|
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|







1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948

1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
4uJEvlz36hz1
-----END CERTIFICATE-----

### Internet Security Research Group

=== /C=US/O=Internet Security Research Group/CN=ISRG Root X1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Jun  4 11:04:38 2015 GMT
            Not After : Jun  4 11:04:38 2035 GMT
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
SHA1 Fingerprint=CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu

ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

### NetLock Kft.

=== /C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 80544274841616 (0x49412ce40010)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Dec 11 15:08:21 2008 GMT
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F
uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
-----END CERTIFICATE-----

### Network Solutions L.L.C.

=== Network Solutions Certificate Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F
uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
-----END CERTIFICATE-----

### Network Solutions L.L.C.

=== /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
    Signature Algorithm: sha1WithRSAEncryption
        Validity
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
-----END CERTIFICATE-----

### QuoVadis Limited

=== QuoVadis Root CA 1 G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93
    Signature Algorithm: sha256WithRSAEncryption
        Validity







|







2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
-----END CERTIFICATE-----

### QuoVadis Limited

=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93
    Signature Algorithm: sha256WithRSAEncryption
        Validity
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2
8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k
NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj
ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp
q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt
nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD
-----END CERTIFICATE-----
=== QuoVadis Root CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1289 (0x509)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 24 18:27:00 2006 GMT







|







2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2
8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k
NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj
ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp
q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt
nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD
-----END CERTIFICATE-----
=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1289 (0x509)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 24 18:27:00 2006 GMT
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
-----END CERTIFICATE-----
=== QuoVadis Root CA 2 G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28
    Signature Algorithm: sha256WithRSAEncryption
        Validity







|







2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
-----END CERTIFICATE-----
=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28
    Signature Algorithm: sha256WithRSAEncryption
        Validity
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV
csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd
dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg
KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM
HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4
WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M
-----END CERTIFICATE-----
=== QuoVadis Root CA 3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1478 (0x5c6)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 24 19:11:23 2006 GMT







|







2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV
csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd
dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg
KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM
HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4
WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M
-----END CERTIFICATE-----
=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1478 (0x5c6)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Nov 24 19:11:23 2006 GMT
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
4SVhM7JZG+Ju1zdXtg2pEto=
-----END CERTIFICATE-----
=== QuoVadis Root CA 3 G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Validity







|







2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
4SVhM7JZG+Ju1zdXtg2pEto=
-----END CERTIFICATE-----
=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Validity
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf
3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl
8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+
DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN
PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/
ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0
-----END CERTIFICATE-----
=== QuoVadis Root Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 985026699 (0x3ab6508b)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar 19 18:33:33 2001 GMT







|







2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf
3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl
8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+
DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN
PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/
ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0
-----END CERTIFICATE-----
=== /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 985026699 (0x3ab6508b)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Mar 19 18:33:33 2001 GMT
2325
2326
2327
2328
2329
2330
2331
2332





























































































































2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
SnQ2+Q==
-----END CERTIFICATE-----






























































































































### Starfield Technologies, Inc.

=== Starfield Class 2 Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 29 17:39:16 2004 GMT








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|







2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
SnQ2+Q==
-----END CERTIFICATE-----

### SECOM Trust Systems CO.,LTD.

=== /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun  6 02:12:32 2007 GMT
            Not After : Jun  6 02:12:32 2037 GMT
        Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                35:4A:F5:4D:AF:3F:D7:82:38:AC:AB:71:65:17:75:8C:9D:55:93:E6
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
SHA1 Fingerprint=FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
SHA256 Fingerprint=A2:2D:BA:68:1E:97:37:6E:2D:39:7D:72:8A:AE:3A:9B:62:96:B9:FD:BA:60:BC:2E:11:F6:47:F2:C6:75:FB:37
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl
MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh
U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz
MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N
IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11
bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE
RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO
zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5
bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF
MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1
VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC
OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW
tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ
q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb
EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+
Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O
VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
-----END CERTIFICATE-----
=== /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: May 29 05:00:39 2009 GMT
            Not After : May 29 05:00:39 2029 GMT
        Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
SHA1 Fingerprint=5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74
SHA256 Fingerprint=51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX
DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy
dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj
YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV
OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr
zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM
VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ
hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO
ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs
OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF
coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc
okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8
t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/
SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
-----END CERTIFICATE-----

### SECOM Trust.net

=== /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Sep 30 04:20:49 2003 GMT
            Not After : Sep 30 04:20:49 2023 GMT
        Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
SHA1 Fingerprint=36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
SHA256 Fingerprint=E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C
-----BEGIN CERTIFICATE-----
MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
-----END CERTIFICATE-----

### Starfield Technologies, Inc.

=== /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 29 17:39:16 2004 GMT
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
-----END CERTIFICATE-----
=== Starfield Root Certificate Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep  1 00:00:00 2009 GMT







|







2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
-----END CERTIFICATE-----
=== /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep  1 00:00:00 2009 GMT
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
-----END CERTIFICATE-----
=== Starfield Services Root Certificate Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep  1 00:00:00 2009 GMT







|







2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
-----END CERTIFICATE-----
=== /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep  1 00:00:00 2009 GMT
2462
2463
2464
2465
2466
2467
2468
2469


















































2470
2471
2472
2473
2474
2475
2476
iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
sSi6
-----END CERTIFICATE-----

### StartCom Ltd.

=== StartCom Certification Authority


















































Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45 (0x2d)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep 17 19:46:37 2006 GMT







|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
sSi6
-----END CERTIFICATE-----

### StartCom Ltd.

=== /C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 59 (0x3b)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Jan  1 01:00:01 2010 GMT
            Not After : Dec 31 23:59:01 2039 GMT
        Subject: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                4B:C5:B4:40:6B:AD:1C:B3:A5:1C:65:6E:46:36:89:87:05:0C:0E:B6
SHA1 Fingerprint=31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
SHA256 Fingerprint=C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95
-----BEGIN CERTIFICATE-----
MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1
OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG
A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ
JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD
vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo
D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/
Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW
RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK
HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN
nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM
0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i
UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9
Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg
TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL
BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K
2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX
UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl
6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK
9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ
HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI
wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY
XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l
IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo
hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr
so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI
-----END CERTIFICATE-----
=== /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45 (0x2d)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Sep 17 19:46:37 2006 GMT
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK
1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm
KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE
JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ
8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm
fyWl8kgAwKQB2j8=
-----END CERTIFICATE-----
=== StartCom Certification Authority G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 59 (0x3b)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Jan  1 01:00:01 2010 GMT
            Not After : Dec 31 23:59:01 2039 GMT
        Subject: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                4B:C5:B4:40:6B:AD:1C:B3:A5:1C:65:6E:46:36:89:87:05:0C:0E:B6
SHA1 Fingerprint=31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
SHA256 Fingerprint=C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95
-----BEGIN CERTIFICATE-----
MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1
OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG
A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ
JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD
vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo
D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/
Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW
RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK
HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN
nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM
0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i
UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9
Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg
TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL
BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K
2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX
UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl
6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK
9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ
HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI
wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY
XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l
IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo
hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr
so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI
-----END CERTIFICATE-----

### SwissSign AG

=== SwissSign Gold CA - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13492815561806991280 (0xbb401c43f55e4fb0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct 25 08:30:35 2006 GMT







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



|







2803
2804
2805
2806
2807
2808
2809


















































2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK
1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm
KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE
JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ
8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm
fyWl8kgAwKQB2j8=
-----END CERTIFICATE-----



















































### SwissSign AG

=== /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13492815561806991280 (0xbb401c43f55e4fb0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct 25 08:30:35 2006 GMT
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
-----END CERTIFICATE-----
=== SwissSign Platinum CA - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5670595323396054351 (0x4eb200670c035d4f)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct 25 08:36:00 2006 GMT
            Not After : Oct 25 08:36:00 2036 GMT
        Subject: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                50:AF:CC:07:87:15:47:6F:38:C5:B4:65:D1:DE:95:AA:E9:DF:9C:CC
            X509v3 Authority Key Identifier: 
                keyid:50:AF:CC:07:87:15:47:6F:38:C5:B4:65:D1:DE:95:AA:E9:DF:9C:CC

            X509v3 Certificate Policies: 
                Policy: 2.16.756.1.89.1.1.1.1
                  CPS: http://repository.swisssign.com/

SHA1 Fingerprint=56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
SHA256 Fingerprint=3B:22:2E:56:67:11:E9:92:30:0D:C0:B1:5A:B9:47:3D:AF:DE:F8:C8:4D:0C:EF:7D:33:17:B4:C1:82:1D:14:36
-----BEGIN CERTIFICATE-----
MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu
IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw
WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD
ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y
IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn
IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+
6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob
jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw
izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl
+zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY
zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP
pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF
KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB
AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0
ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW
IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA
A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0
uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+
FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7
jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/
u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D
YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1
puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa
icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG
DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x
kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
-----END CERTIFICATE-----
=== SwissSign Silver CA - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5700383053117599563 (0x4f1bd42f54bb2f4b)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct 25 08:32:46 2006 GMT







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







2865
2866
2867
2868
2869
2870
2871



















2872








































2873
2874
2875
2876
2877
2878
2879
77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
-----END CERTIFICATE-----



















=== /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2








































Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5700383053117599563 (0x4f1bd42f54bb2f4b)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct 25 08:32:46 2006 GMT
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
-----END CERTIFICATE-----

### T-Systems Enterprise Services GmbH

=== T-TeleSec GlobalRoot Class 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Oct  1 10:40:14 2008 GMT







|







2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
-----END CERTIFICATE-----

### T-Systems Enterprise Services GmbH

=== /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Oct  1 10:40:14 2008 GMT
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
BSeOE6Fuwg==
-----END CERTIFICATE-----
=== T-TeleSec GlobalRoot Class 3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Oct  1 10:29:56 2008 GMT







|







2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
BSeOE6Fuwg==
-----END CERTIFICATE-----
=== /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Validity
            Not Before: Oct  1 10:29:56 2008 GMT
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938




































2939
2940
2941
2942
2943
2944
2945
1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30
6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT
91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
TpPDpFQUWw==
-----END CERTIFICATE-----

### Thawte Consulting cc

=== Thawte Premium Server CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: md5WithRSAEncryption
        Validity
            Not Before: Aug  1 00:00:00 1996 GMT
            Not After : Dec 31 23:59:59 2020 GMT
        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
SHA1 Fingerprint=62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
SHA256 Fingerprint=AB:70:36:36:5C:71:54:AA:29:C2:C2:9F:5D:41:91:16:3B:16:2A:22:25:01:13:57:D5:6D:07:FF:A7:BC:1F:72
-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
-----END CERTIFICATE-----
=== Thawte Server CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: md5WithRSAEncryption
        Validity
            Not Before: Aug  1 00:00:00 1996 GMT
            Not After : Dec 31 23:59:59 2020 GMT
        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
SHA1 Fingerprint=23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
SHA256 Fingerprint=B4:41:0B:73:E2:E6:EA:CA:47:FB:C4:2F:8F:A4:01:8A:F4:38:1D:C5:4C:FA:A8:44:50:46:1E:ED:09:45:4D:E9
-----BEGIN CERTIFICATE-----
MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
-----END CERTIFICATE-----

### thawte, Inc.

=== thawte Primary Root CA




































Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
    Signature Algorithm: sha1WithRSAEncryption
        Validity







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







3012
3013
3014
3015
3016
3017
3018







































































3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30
6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT
91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
TpPDpFQUWw==
-----END CERTIFICATE-----








































































### thawte, Inc.

=== /C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov  5 00:00:00 2007 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                9A:D8:00:30:00:E7:6B:7F:85:18:EE:8B:B6:CE:8A:0C:F8:11:E1:BB
SHA1 Fingerprint=AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
SHA256 Fingerprint=A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57
-----BEGIN CERTIFICATE-----
MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
-----END CERTIFICATE-----
=== /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
    Signature Algorithm: sha1WithRSAEncryption
        Validity
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----
=== thawte Primary Root CA - G2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov  5 00:00:00 2007 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                9A:D8:00:30:00:E7:6B:7F:85:18:EE:8B:B6:CE:8A:0C:F8:11:E1:BB
SHA1 Fingerprint=AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
SHA256 Fingerprint=A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57
-----BEGIN CERTIFICATE-----
MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
-----END CERTIFICATE-----
=== thawte Primary Root CA - G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
    Signature Algorithm: sha256WithRSAEncryption
        Validity







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|







3095
3096
3097
3098
3099
3100
3101




































3102
3103
3104
3105
3106
3107
3108
3109
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----




































=== /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
    Signature Algorithm: sha256WithRSAEncryption
        Validity
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
MdRAGmI0Nj81Aa6sY6A=
-----END CERTIFICATE-----

### The Go Daddy Group, Inc.

=== Go Daddy Class 2 Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 29 17:06:20 2004 GMT







|







3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
MdRAGmI0Nj81Aa6sY6A=
-----END CERTIFICATE-----

### The Go Daddy Group, Inc.

=== /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 29 17:06:20 2004 GMT
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
ReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

### The USERTRUST Network

=== USERTrust ECC Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26
    Signature Algorithm: ecdsa-with-SHA384
        Validity







|







3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
ReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

### The USERTRUST Network

=== /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26
    Signature Algorithm: ecdsa-with-SHA384
        Validity
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng
o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G
A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB
zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW
RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
-----END CERTIFICATE-----
=== USERTrust RSA Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
    Signature Algorithm: sha384WithRSAEncryption
        Validity







|







3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng
o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G
A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB
zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW
RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
-----END CERTIFICATE-----
=== /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
    Signature Algorithm: sha384WithRSAEncryption
        Validity
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----
=== UTN-USERFirst-Hardware
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|







3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----
=== /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
    Signature Algorithm: sha1WithRSAEncryption
        Validity
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
-----END CERTIFICATE-----

### Unizeto Sp. z o.o.

=== Certum CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65568 (0x10020)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 11 10:46:39 2002 GMT







|







3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
-----END CERTIFICATE-----

### Unizeto Sp. z o.o.

=== /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65568 (0x10020)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 11 10:46:39 2002 GMT
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308







3309
3310










































3311
3312
3313
3314
3315
3316
3317
3318


3319
3320
3321


3322
3323
3324
3325
3326
3327
















3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
6GAqm4VKQPNriiTsBhYscw==
-----END CERTIFICATE-----

### ValiCert, Inc.

=== http://www.valicert.com/
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Jun 26 00:19:54 1999 GMT
            Not After : Jun 26 00:19:54 2019 GMT
        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com







SHA1 Fingerprint=31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
SHA256 Fingerprint=58:D0:17:27:9C:D4:DC:63:AB:DD:B1:96:A6:C9:90:6C:30:C4:E0:87:83:EA:E8:C1:60:99:54:D6:93:55:59:6B










































-----BEGIN CERTIFICATE-----
MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs


YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY


dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
















-----END CERTIFICATE-----

### VeriSign, Inc.

=== VeriSign Class 3 Public Primary Certification Authority - G3
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|

|


|
|


|
|
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
<
<
|
<
>
>
|
<
|
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|







3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446


3447

3448
3449
3450

3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
6GAqm4VKQPNriiTsBhYscw==
-----END CERTIFICATE-----

### Unizeto Technologies S.A.

=== /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 279744 (0x444c0)
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct 22 12:07:37 2008 GMT
            Not After : Dec 31 12:07:37 2029 GMT
        Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
SHA1 Fingerprint=07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
SHA256 Fingerprint=5C:58:46:8D:55:F5:8E:49:7E:74:39:82:D2:B5:00:10:B6:D1:65:37:4A:CF:83:A7:D4:A3:2D:B7:68:C4:40:8E
-----BEGIN CERTIFICATE-----
MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
-----END CERTIFICATE-----
=== /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
    Signature Algorithm: sha512WithRSAEncryption
        Validity
            Not Before: Oct  6 08:39:56 2011 GMT
            Not After : Oct  6 08:39:56 2046 GMT
        Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                B6:A1:54:39:02:C3:A0:3F:8E:8A:BC:FA:D4:F8:1C:A6:D1:3A:0E:FD
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
SHA1 Fingerprint=D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92
SHA256 Fingerprint=B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04
-----BEGIN CERTIFICATE-----
MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB
gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG


A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz

OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ
VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3

b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA
DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn
0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB
OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE
fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E
Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m
o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i
sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW
OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez
Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS
adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n
3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC
AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ
F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf
CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29
XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm
djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/
WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb
AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq
P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko
b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj
XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P
5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi
DrW5viSP
-----END CERTIFICATE-----

### VeriSign, Inc.

=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
    Signature Algorithm: sha1WithRSAEncryption
        Validity
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
-----END CERTIFICATE-----
=== VeriSign Class 3 Public Primary Certification Authority - G4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov  5 00:00:00 2007 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            1.3.6.1.5.5.7.1.12: 
                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
            X509v3 Subject Key Identifier: 
                B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5
SHA1 Fingerprint=22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
SHA256 Fingerprint=69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79
-----BEGIN CERTIFICATE-----
MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln
biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
-----END CERTIFICATE-----
=== VeriSign Class 3 Public Primary Certification Authority - G5
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
    Signature Algorithm: sha1WithRSAEncryption
        Validity







|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







3510
3511
3512
3513
3514
3515
3516
3517











































3518
3519
3520
3521
3522
3523
3524
imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
-----END CERTIFICATE-----
=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5











































Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
    Signature Algorithm: sha1WithRSAEncryption
        Validity
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513


3514
3515
3516


3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529










3530
3531
3532
3533
3534
3535
3536
3537
3538
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
=== VeriSign Class 4 Public Primary Certification Authority - G3
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: Oct  1 00:00:00 1999 GMT
            Not After : Jul 16 23:59:59 2036 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
SHA1 Fingerprint=C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
SHA256 Fingerprint=E3:89:36:0D:0F:DB:AE:B3:D2:50:58:4B:47:30:31:4E:22:2F:39:C1:56:A0:20:14:4E:8D:96:05:61:79:15:06
-----BEGIN CERTIFICATE-----
MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
-----END CERTIFICATE-----
=== VeriSign Trust Network
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
    Signature Algorithm: sha1WithRSAEncryption
        Validity
            Not Before: May 18 00:00:00 1998 GMT
            Not After : Aug  1 23:59:59 2028 GMT
        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
SHA1 Fingerprint=85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
SHA256 Fingerprint=83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B
-----BEGIN CERTIFICATE-----
MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ


BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp


emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
oJ2daZH9










-----END CERTIFICATE-----
=== VeriSign Universal Root Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d
    Signature Algorithm: sha256WithRSAEncryption
        Validity







|


|

|
|

|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
>
>
|
<
|
>
>
|
<
<
|
|
<
<
<
<
<
<
<
<
>
>
>
>
>
>
>
>
>
>

|







3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588




























3589

3590
3591
3592

3593
3594
3595
3596


3597
3598








3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3
    Signature Algorithm: ecdsa-with-SHA384
        Validity
            Not Before: Nov  5 00:00:00 2007 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            1.3.6.1.5.5.7.1.12: 
                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
            X509v3 Subject Key Identifier: 
                B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5
SHA1 Fingerprint=22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
SHA256 Fingerprint=69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79




























-----BEGIN CERTIFICATE-----

MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln

biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp


U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln








biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
-----END CERTIFICATE-----
=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d
    Signature Algorithm: sha256WithRSAEncryption
        Validity
Changes to jni/libressl/apps/openssl/certhash.c.
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
int
certhash_main(int argc, char **argv)
{
	int argsused;
	int i, cwdfd, ret = 0;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&certhash_config, 0, sizeof(certhash_config));








|







645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
int
certhash_main(int argc, char **argv)
{
	int argsused;
	int i, cwdfd, ret = 0;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&certhash_config, 0, sizeof(certhash_config));

Changes to jni/libressl/apps/openssl/ciphers.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ciphers.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ciphers.c,v 1.8 2015/10/17 15:00:11 doug Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Deleted jni/libressl/apps/openssl/cms.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
/* $OpenBSD: cms.c,v 1.5 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */

/* CMS utility function */

#include <stdio.h>
#include <string.h>

#include "apps.h"

#ifndef OPENSSL_NO_CMS

#include <openssl/cms.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>

static int save_certs(char *signerfile, STACK_OF(X509) * signers);
static int cms_cb(int ok, X509_STORE_CTX * ctx);
static void receipt_request_print(BIO * out, CMS_ContentInfo * cms);
static CMS_ReceiptRequest * make_receipt_request(
    STACK_OF(OPENSSL_STRING) * rr_to, int rr_allorfirst,
    STACK_OF(OPENSSL_STRING) * rr_from);

#define SMIME_OP	0x10
#define SMIME_IP	0x20
#define SMIME_SIGNERS	0x40
#define SMIME_ENCRYPT		(1 | SMIME_OP)
#define SMIME_DECRYPT		(2 | SMIME_IP)
#define SMIME_SIGN		(3 | SMIME_OP | SMIME_SIGNERS)
#define SMIME_VERIFY		(4 | SMIME_IP)
#define SMIME_CMSOUT		(5 | SMIME_IP | SMIME_OP)
#define SMIME_RESIGN		(6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
#define SMIME_DATAOUT		(7 | SMIME_IP)
#define SMIME_DATA_CREATE	(8 | SMIME_OP)
#define SMIME_DIGEST_VERIFY	(9 | SMIME_IP)
#define SMIME_DIGEST_CREATE	(10 | SMIME_OP)
#define SMIME_UNCOMPRESS	(11 | SMIME_IP)
#define SMIME_COMPRESS		(12 | SMIME_OP)
#define SMIME_ENCRYPTED_DECRYPT	(13 | SMIME_IP)
#define SMIME_ENCRYPTED_ENCRYPT	(14 | SMIME_OP)
#define SMIME_SIGN_RECEIPT	(15 | SMIME_IP | SMIME_OP)
#define SMIME_VERIFY_RECEIPT	(16 | SMIME_IP)

int verify_err = 0;

int
cms_main(int argc, char **argv)
{
	int operation = 0;
	int ret = 0;
	char **args;
	const char *inmode = "r", *outmode = "w";
	char *infile = NULL, *outfile = NULL, *rctfile = NULL;
	char *signerfile = NULL, *recipfile = NULL;
	STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
	char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
	char *certsoutfile = NULL;
	const EVP_CIPHER *cipher = NULL;
	CMS_ContentInfo *cms = NULL, *rcms = NULL;
	X509_STORE *store = NULL;
	X509 *cert = NULL, *recip = NULL, *signer = NULL;
	EVP_PKEY *key = NULL;
	STACK_OF(X509) * encerts = NULL, *other = NULL;
	BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
	int badarg = 0;
	int flags = CMS_DETACHED, noout = 0, print = 0;
	int verify_retcode = 0;
	int rr_print = 0, rr_allorfirst = -1;
	STACK_OF(OPENSSL_STRING) * rr_to = NULL, *rr_from = NULL;
	CMS_ReceiptRequest *rr = NULL;
	char *to = NULL, *from = NULL, *subject = NULL;
	char *CAfile = NULL, *CApath = NULL;
	char *passargin = NULL, *passin = NULL;
	const EVP_MD *sign_md = NULL;
	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
	int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
	unsigned char *secret_key = NULL, *secret_keyid = NULL;
	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
	size_t secret_keylen = 0, secret_keyidlen = 0;

	ASN1_OBJECT *econtent_type = NULL;

	X509_VERIFY_PARAM *vpm = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	args = argv + 1;
	ret = 1;

	while (!badarg && *args && *args[0] == '-') {
		if (!strcmp(*args, "-encrypt"))
			operation = SMIME_ENCRYPT;
		else if (!strcmp(*args, "-decrypt"))
			operation = SMIME_DECRYPT;
		else if (!strcmp(*args, "-sign"))
			operation = SMIME_SIGN;
		else if (!strcmp(*args, "-sign_receipt"))
			operation = SMIME_SIGN_RECEIPT;
		else if (!strcmp(*args, "-resign"))
			operation = SMIME_RESIGN;
		else if (!strcmp(*args, "-verify"))
			operation = SMIME_VERIFY;
		else if (!strcmp(*args, "-verify_retcode"))
			verify_retcode = 1;
		else if (!strcmp(*args, "-verify_receipt")) {
			operation = SMIME_VERIFY_RECEIPT;
			if (!args[1])
				goto argerr;
			args++;
			rctfile = *args;
		} else if (!strcmp(*args, "-cmsout"))
			operation = SMIME_CMSOUT;
		else if (!strcmp(*args, "-data_out"))
			operation = SMIME_DATAOUT;
		else if (!strcmp(*args, "-data_create"))
			operation = SMIME_DATA_CREATE;
		else if (!strcmp(*args, "-digest_verify"))
			operation = SMIME_DIGEST_VERIFY;
		else if (!strcmp(*args, "-digest_create"))
			operation = SMIME_DIGEST_CREATE;
		else if (!strcmp(*args, "-compress"))
			operation = SMIME_COMPRESS;
		else if (!strcmp(*args, "-uncompress"))
			operation = SMIME_UNCOMPRESS;
		else if (!strcmp(*args, "-EncryptedData_decrypt"))
			operation = SMIME_ENCRYPTED_DECRYPT;
		else if (!strcmp(*args, "-EncryptedData_encrypt"))
			operation = SMIME_ENCRYPTED_ENCRYPT;
#ifndef OPENSSL_NO_DES
		else if (!strcmp(*args, "-des3"))
			cipher = EVP_des_ede3_cbc();
		else if (!strcmp(*args, "-des"))
			cipher = EVP_des_cbc();
#endif
#ifndef OPENSSL_NO_RC2
		else if (!strcmp(*args, "-rc2-40"))
			cipher = EVP_rc2_40_cbc();
		else if (!strcmp(*args, "-rc2-128"))
			cipher = EVP_rc2_cbc();
		else if (!strcmp(*args, "-rc2-64"))
			cipher = EVP_rc2_64_cbc();
#endif
#ifndef OPENSSL_NO_AES
		else if (!strcmp(*args, "-aes128"))
			cipher = EVP_aes_128_cbc();
		else if (!strcmp(*args, "-aes192"))
			cipher = EVP_aes_192_cbc();
		else if (!strcmp(*args, "-aes256"))
			cipher = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
		else if (!strcmp(*args, "-camellia128"))
			cipher = EVP_camellia_128_cbc();
		else if (!strcmp(*args, "-camellia192"))
			cipher = EVP_camellia_192_cbc();
		else if (!strcmp(*args, "-camellia256"))
			cipher = EVP_camellia_256_cbc();
#endif
		else if (!strcmp(*args, "-debug_decrypt"))
			flags |= CMS_DEBUG_DECRYPT;
		else if (!strcmp(*args, "-text"))
			flags |= CMS_TEXT;
		else if (!strcmp(*args, "-nointern"))
			flags |= CMS_NOINTERN;
		else if (!strcmp(*args, "-noverify") ||
		    !strcmp(*args, "-no_signer_cert_verify"))
			flags |= CMS_NO_SIGNER_CERT_VERIFY;
		else if (!strcmp(*args, "-nocerts"))
			flags |= CMS_NOCERTS;
		else if (!strcmp(*args, "-noattr"))
			flags |= CMS_NOATTR;
		else if (!strcmp(*args, "-nodetach"))
			flags &= ~CMS_DETACHED;
		else if (!strcmp(*args, "-nosmimecap"))
			flags |= CMS_NOSMIMECAP;
		else if (!strcmp(*args, "-binary"))
			flags |= CMS_BINARY;
		else if (!strcmp(*args, "-keyid"))
			flags |= CMS_USE_KEYID;
		else if (!strcmp(*args, "-nosigs"))
			flags |= CMS_NOSIGS;
		else if (!strcmp(*args, "-no_content_verify"))
			flags |= CMS_NO_CONTENT_VERIFY;
		else if (!strcmp(*args, "-no_attr_verify"))
			flags |= CMS_NO_ATTR_VERIFY;
		else if (!strcmp(*args, "-stream"))
			flags |= CMS_STREAM;
		else if (!strcmp(*args, "-indef"))
			flags |= CMS_STREAM;
		else if (!strcmp(*args, "-noindef"))
			flags &= ~CMS_STREAM;
		else if (!strcmp(*args, "-nooldmime"))
			flags |= CMS_NOOLDMIMETYPE;
		else if (!strcmp(*args, "-crlfeol"))
			flags |= CMS_CRLFEOL;
		else if (!strcmp(*args, "-noout"))
			noout = 1;
		else if (!strcmp(*args, "-receipt_request_print"))
			rr_print = 1;
		else if (!strcmp(*args, "-receipt_request_all"))
			rr_allorfirst = 0;
		else if (!strcmp(*args, "-receipt_request_first"))
			rr_allorfirst = 1;
		else if (!strcmp(*args, "-receipt_request_from")) {
			if (!args[1])
				goto argerr;
			args++;
			if (!rr_from)
				rr_from = sk_OPENSSL_STRING_new_null();
			sk_OPENSSL_STRING_push(rr_from, *args);
		} else if (!strcmp(*args, "-receipt_request_to")) {
			if (!args[1])
				goto argerr;
			args++;
			if (!rr_to)
				rr_to = sk_OPENSSL_STRING_new_null();
			sk_OPENSSL_STRING_push(rr_to, *args);
		} else if (!strcmp(*args, "-print")) {
			noout = 1;
			print = 1;
		} else if (!strcmp(*args, "-secretkey")) {
			long ltmp;
			if (!args[1])
				goto argerr;
			args++;
			secret_key = string_to_hex(*args, &ltmp);
			if (!secret_key) {
				BIO_printf(bio_err, "Invalid key %s\n", *args);
				goto argerr;
			}
			secret_keylen = (size_t) ltmp;
		} else if (!strcmp(*args, "-secretkeyid")) {
			long ltmp;
			if (!args[1])
				goto argerr;
			args++;
			secret_keyid = string_to_hex(*args, &ltmp);
			if (!secret_keyid) {
				BIO_printf(bio_err, "Invalid id %s\n", *args);
				goto argerr;
			}
			secret_keyidlen = (size_t) ltmp;
		} else if (!strcmp(*args, "-pwri_password")) {
			if (!args[1])
				goto argerr;
			args++;
			pwri_pass = (unsigned char *) *args;
		} else if (!strcmp(*args, "-econtent_type")) {
			if (!args[1])
				goto argerr;
			args++;
			econtent_type = OBJ_txt2obj(*args, 0);
			if (!econtent_type) {
				BIO_printf(bio_err, "Invalid OID %s\n", *args);
				goto argerr;
			}
		}
		else if (!strcmp(*args, "-passin")) {
			if (!args[1])
				goto argerr;
			passargin = *++args;
		} else if (!strcmp(*args, "-to")) {
			if (!args[1])
				goto argerr;
			to = *++args;
		} else if (!strcmp(*args, "-from")) {
			if (!args[1])
				goto argerr;
			from = *++args;
		} else if (!strcmp(*args, "-subject")) {
			if (!args[1])
				goto argerr;
			subject = *++args;
		} else if (!strcmp(*args, "-signer")) {
			if (!args[1])
				goto argerr;
			/* If previous -signer argument add signer to list */

			if (signerfile) {
				if (!sksigners)
					sksigners =
					    sk_OPENSSL_STRING_new_null();
				sk_OPENSSL_STRING_push(sksigners, signerfile);
				if (!keyfile)
					keyfile = signerfile;
				if (!skkeys)
					skkeys = sk_OPENSSL_STRING_new_null();
				sk_OPENSSL_STRING_push(skkeys, keyfile);
				keyfile = NULL;
			}
			signerfile = *++args;
		} else if (!strcmp(*args, "-recip")) {
			if (!args[1])
				goto argerr;
			recipfile = *++args;
		} else if (!strcmp(*args, "-certsout")) {
			if (!args[1])
				goto argerr;
			certsoutfile = *++args;
		} else if (!strcmp(*args, "-md")) {
			if (!args[1])
				goto argerr;
			sign_md = EVP_get_digestbyname(*++args);
			if (sign_md == NULL) {
				BIO_printf(bio_err, "Unknown digest %s\n",
				    *args);
				goto argerr;
			}
		} else if (!strcmp(*args, "-inkey")) {
			if (!args[1])
				goto argerr;
			/* If previous -inkey arument add signer to list */
			if (keyfile) {
				if (!signerfile) {
					BIO_puts(bio_err,
					    "Illegal -inkey without -signer\n");
					goto argerr;
				}
				if (!sksigners)
					sksigners =
					    sk_OPENSSL_STRING_new_null();
				sk_OPENSSL_STRING_push(sksigners, signerfile);
				signerfile = NULL;
				if (!skkeys)
					skkeys = sk_OPENSSL_STRING_new_null();
				sk_OPENSSL_STRING_push(skkeys, keyfile);
			}
			keyfile = *++args;
		} else if (!strcmp(*args, "-keyform")) {
			if (!args[1])
				goto argerr;
			keyform = str2fmt(*++args);
		} else if (!strcmp(*args, "-rctform")) {
			if (!args[1])
				goto argerr;
			rctformat = str2fmt(*++args);
		} else if (!strcmp(*args, "-certfile")) {
			if (!args[1])
				goto argerr;
			certfile = *++args;
		} else if (!strcmp(*args, "-CAfile")) {
			if (!args[1])
				goto argerr;
			CAfile = *++args;
		} else if (!strcmp(*args, "-CApath")) {
			if (!args[1])
				goto argerr;
			CApath = *++args;
		} else if (!strcmp(*args, "-in")) {
			if (!args[1])
				goto argerr;
			infile = *++args;
		} else if (!strcmp(*args, "-inform")) {
			if (!args[1])
				goto argerr;
			informat = str2fmt(*++args);
		} else if (!strcmp(*args, "-outform")) {
			if (!args[1])
				goto argerr;
			outformat = str2fmt(*++args);
		} else if (!strcmp(*args, "-out")) {
			if (!args[1])
				goto argerr;
			outfile = *++args;
		} else if (!strcmp(*args, "-content")) {
			if (!args[1])
				goto argerr;
			contfile = *++args;
		} else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
			continue;
		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
			badarg = 1;
		args++;
	}

	if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
		BIO_puts(bio_err, "No Signed Receipts Recipients\n");
		goto argerr;
	}
	if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
		BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
		goto argerr;
	}
	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
		goto argerr;
	}
	if (operation & SMIME_SIGNERS) {
		if (keyfile && !signerfile) {
			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
			goto argerr;
		}
		/* Check to see if any final signer needs to be appended */
		if (signerfile) {
			if (!sksigners)
				sksigners = sk_OPENSSL_STRING_new_null();
			sk_OPENSSL_STRING_push(sksigners, signerfile);
			if (!skkeys)
				skkeys = sk_OPENSSL_STRING_new_null();
			if (!keyfile)
				keyfile = signerfile;
			sk_OPENSSL_STRING_push(skkeys, keyfile);
		}
		if (!sksigners) {
			BIO_printf(bio_err,
			    "No signer certificate specified\n");
			badarg = 1;
		}
		signerfile = NULL;
		keyfile = NULL;
	} else if (operation == SMIME_DECRYPT) {
		if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
			BIO_printf(bio_err,
			    "No recipient certificate or key specified\n");
			badarg = 1;
		}
	} else if (operation == SMIME_ENCRYPT) {
		if (!*args && !secret_key && !pwri_pass) {
			BIO_printf(bio_err,
			    "No recipient(s) certificate(s) specified\n");
			badarg = 1;
		}
	} else if (!operation)
		badarg = 1;

	if (badarg) {
argerr:
		BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n");
		BIO_printf(bio_err, "where options are\n");
		BIO_printf(bio_err, "-encrypt       encrypt message\n");
		BIO_printf(bio_err, "-decrypt       decrypt encrypted message\n");
		BIO_printf(bio_err, "-sign          sign message\n");
		BIO_printf(bio_err, "-verify        verify signed message\n");
		BIO_printf(bio_err, "-cmsout        output CMS structure\n");
#ifndef OPENSSL_NO_DES
		BIO_printf(bio_err, "-des3          encrypt with triple DES\n");
		BIO_printf(bio_err, "-des           encrypt with DES\n");
#endif
#ifndef OPENSSL_NO_RC2
		BIO_printf(bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
		BIO_printf(bio_err, "-rc2-64        encrypt with RC2-64\n");
		BIO_printf(bio_err, "-rc2-128       encrypt with RC2-128\n");
#endif
#ifndef OPENSSL_NO_AES
		BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
		BIO_printf(bio_err, "               encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
		BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
		BIO_printf(bio_err, "               encrypt PEM output with cbc camellia\n");
#endif
		BIO_printf(bio_err, "-nointern      don't search certificates in message for signer\n");
		BIO_printf(bio_err, "-nosigs        don't verify message signature\n");
		BIO_printf(bio_err, "-noverify      don't verify signers certificate\n");
		BIO_printf(bio_err, "-nocerts       don't include signers certificate when signing\n");
		BIO_printf(bio_err, "-nodetach      use opaque signing\n");
		BIO_printf(bio_err, "-noattr        don't include any signed attributes\n");
		BIO_printf(bio_err, "-binary        don't translate message to text\n");
		BIO_printf(bio_err, "-certfile file other certificates file\n");
		BIO_printf(bio_err, "-certsout file certificate output file\n");
		BIO_printf(bio_err, "-signer file   signer certificate file\n");
		BIO_printf(bio_err, "-recip  file   recipient certificate file for decryption\n");
		BIO_printf(bio_err, "-keyid         use subject key identifier\n");
		BIO_printf(bio_err, "-in file       input file\n");
		BIO_printf(bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
		BIO_printf(bio_err, "-inkey file    input private key (if not signer or recipient)\n");
		BIO_printf(bio_err, "-keyform arg   input private key format (PEM)\n");
		BIO_printf(bio_err, "-out file      output file\n");
		BIO_printf(bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
		BIO_printf(bio_err, "-content file  supply or override content for detached signature\n");
		BIO_printf(bio_err, "-to addr       to address\n");
		BIO_printf(bio_err, "-from ad       from address\n");
		BIO_printf(bio_err, "-subject s     subject\n");
		BIO_printf(bio_err, "-text          include or delete text MIME headers\n");
		BIO_printf(bio_err, "-CApath dir    trusted certificates directory\n");
		BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
		BIO_printf(bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
		BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
		BIO_printf(bio_err, "-passin arg    input file pass phrase source\n");
		BIO_printf(bio_err, "cert.pem       recipient certificate(s) for encryption\n");
		goto end;
	}

	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
		BIO_printf(bio_err, "Error getting password\n");
		goto end;
	}
	ret = 2;

	if (!(operation & SMIME_SIGNERS))
		flags &= ~CMS_DETACHED;

	if (operation & SMIME_OP) {
		if (outformat == FORMAT_ASN1)
			outmode = "wb";
	} else {
		if (flags & CMS_BINARY)
			outmode = "wb";
	}

	if (operation & SMIME_IP) {
		if (informat == FORMAT_ASN1)
			inmode = "rb";
	} else {
		if (flags & CMS_BINARY)
			inmode = "rb";
	}

	if (operation == SMIME_ENCRYPT) {
		if (!cipher) {
#ifndef OPENSSL_NO_DES
			cipher = EVP_des_ede3_cbc();
#else
			BIO_printf(bio_err, "No cipher selected\n");
			goto end;
#endif
		}
		if (secret_key && !secret_keyid) {
			BIO_printf(bio_err, "No secret key id\n");
			goto end;
		}
		if (*args)
			encerts = sk_X509_new_null();
		while (*args) {
			if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
			    NULL, e, "recipient certificate file")))
				goto end;
			sk_X509_push(encerts, cert);
			cert = NULL;
			args++;
		}
	}
	if (certfile) {
		if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
		    e, "certificate file"))) {
			ERR_print_errors(bio_err);
			goto end;
		}
	}
	if (recipfile && (operation == SMIME_DECRYPT)) {
		if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
		    e, "recipient certificate file"))) {
			ERR_print_errors(bio_err);
			goto end;
		}
	}
	if (operation == SMIME_SIGN_RECEIPT) {
		if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
		    e, "receipt signer certificate file"))) {
			ERR_print_errors(bio_err);
			goto end;
		}
	}
	if (operation == SMIME_DECRYPT) {
		if (!keyfile)
			keyfile = recipfile;
	} else if ((operation == SMIME_SIGN) ||
	    (operation == SMIME_SIGN_RECEIPT)) {
		if (!keyfile)
			keyfile = signerfile;
	} else
		keyfile = NULL;

	if (keyfile) {
		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
		    "signing key file");
		if (!key)
			goto end;
	}
	if (infile) {
		if (!(in = BIO_new_file(infile, inmode))) {
			BIO_printf(bio_err,
			    "Can't open input file %s\n", infile);
			goto end;
		}
	} else
		in = BIO_new_fp(stdin, BIO_NOCLOSE);

	if (operation & SMIME_IP) {
		if (informat == FORMAT_SMIME)
			cms = SMIME_read_CMS(in, &indata);
		else if (informat == FORMAT_PEM)
			cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
		else if (informat == FORMAT_ASN1)
			cms = d2i_CMS_bio(in, NULL);
		else {
			BIO_printf(bio_err, "Bad input format for CMS file\n");
			goto end;
		}

		if (!cms) {
			BIO_printf(bio_err, "Error reading S/MIME message\n");
			goto end;
		}
		if (contfile) {
			BIO_free(indata);
			if (!(indata = BIO_new_file(contfile, "rb"))) {
				BIO_printf(bio_err,
				    "Can't read content file %s\n", contfile);
				goto end;
			}
		}
		if (certsoutfile) {
			STACK_OF(X509) * allcerts;
			allcerts = CMS_get1_certs(cms);
			if (!save_certs(certsoutfile, allcerts)) {
				BIO_printf(bio_err,
				    "Error writing certs to %s\n",
				    certsoutfile);
				ret = 5;
				goto end;
			}
			sk_X509_pop_free(allcerts, X509_free);
		}
	}
	if (rctfile) {
		char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
		if (!(rctin = BIO_new_file(rctfile, rctmode))) {
			BIO_printf(bio_err,
			    "Can't open receipt file %s\n", rctfile);
			goto end;
		}
		if (rctformat == FORMAT_SMIME)
			rcms = SMIME_read_CMS(rctin, NULL);
		else if (rctformat == FORMAT_PEM)
			rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
		else if (rctformat == FORMAT_ASN1)
			rcms = d2i_CMS_bio(rctin, NULL);
		else {
			BIO_printf(bio_err, "Bad input format for receipt\n");
			goto end;
		}

		if (!rcms) {
			BIO_printf(bio_err, "Error reading receipt\n");
			goto end;
		}
	}
	if (outfile) {
		if (!(out = BIO_new_file(outfile, outmode))) {
			BIO_printf(bio_err,
			    "Can't open output file %s\n", outfile);
			goto end;
		}
	} else {
		out = BIO_new_fp(stdout, BIO_NOCLOSE);
	}

	if ((operation == SMIME_VERIFY) ||
	    (operation == SMIME_VERIFY_RECEIPT)) {
		if (!(store = setup_verify(bio_err, CAfile, CApath)))
			goto end;
		X509_STORE_set_verify_cb(store, cms_cb);
		if (vpm)
			X509_STORE_set1_param(store, vpm);
	}
	ret = 3;

	if (operation == SMIME_DATA_CREATE) {
		cms = CMS_data_create(in, flags);
	} else if (operation == SMIME_DIGEST_CREATE) {
		cms = CMS_digest_create(in, sign_md, flags);
	} else if (operation == SMIME_COMPRESS) {
		cms = CMS_compress(in, -1, flags);
	} else if (operation == SMIME_ENCRYPT) {
		flags |= CMS_PARTIAL;
		cms = CMS_encrypt(encerts, in, cipher, flags);
		if (!cms)
			goto end;
		if (secret_key) {
			if (!CMS_add0_recipient_key(cms, NID_undef, secret_key,
			    secret_keylen, secret_keyid, secret_keyidlen,
			    NULL, NULL, NULL))
				goto end;
			/* NULL these because call absorbs them */
			secret_key = NULL;
			secret_keyid = NULL;
		}
		if (pwri_pass) {
			pwri_tmp = strdup(pwri_pass);
			if (!pwri_tmp)
				goto end;
			if (!CMS_add0_recipient_password(cms, -1, NID_undef,
			    NID_undef, pwri_tmp, -1, NULL))
				goto end;
			pwri_tmp = NULL;
		}
		if (!(flags & CMS_STREAM)) {
			if (!CMS_final(cms, in, NULL, flags))
				goto end;
		}
	} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
		cms = CMS_EncryptedData_encrypt(in, cipher, secret_key,
		    secret_keylen, flags);

	} else if (operation == SMIME_SIGN_RECEIPT) {
		CMS_ContentInfo *srcms = NULL;
		STACK_OF(CMS_SignerInfo) * sis;
		CMS_SignerInfo *si;
		sis = CMS_get0_SignerInfos(cms);
		if (!sis)
			goto end;
		si = sk_CMS_SignerInfo_value(sis, 0);
		srcms = CMS_sign_receipt(si, signer, key, other, flags);
		if (!srcms)
			goto end;
		CMS_ContentInfo_free(cms);
		cms = srcms;
	} else if (operation & SMIME_SIGNERS) {
		int i;
		/*
		 * If detached data content we enable streaming if S/MIME
		 * output format.
		 */
		if (operation == SMIME_SIGN) {

			if (flags & CMS_DETACHED) {
				if (outformat == FORMAT_SMIME)
					flags |= CMS_STREAM;
			}
			flags |= CMS_PARTIAL;
			cms = CMS_sign(NULL, NULL, other, in, flags);
			if (!cms)
				goto end;
			if (econtent_type)
				CMS_set1_eContentType(cms, econtent_type);

			if (rr_to) {
				rr = make_receipt_request(rr_to, rr_allorfirst,
				    rr_from);
				if (!rr) {
					BIO_puts(bio_err,
					    "Signed Receipt Request Creation Error\n");
					goto end;
				}
			}
		} else
			flags |= CMS_REUSE_DIGEST;
		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
			CMS_SignerInfo *si;
			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
			signer = load_cert(bio_err, signerfile, FORMAT_PEM,
			    NULL, e, "signer certificate");
			if (!signer)
				goto end;
			key = load_key(bio_err, keyfile, keyform, 0, passin, e,
			    "signing key file");
			if (!key)
				goto end;
			si = CMS_add1_signer(cms, signer, key, sign_md, flags);
			if (!si)
				goto end;
			if (rr && !CMS_add1_ReceiptRequest(si, rr))
				goto end;
			X509_free(signer);
			signer = NULL;
			EVP_PKEY_free(key);
			key = NULL;
		}
		/* If not streaming or resigning finalize structure */
		if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
			if (!CMS_final(cms, in, NULL, flags))
				goto end;
		}
	}
	if (!cms) {
		BIO_printf(bio_err, "Error creating CMS structure\n");
		goto end;
	}
	ret = 4;
	if (operation == SMIME_DECRYPT) {
		if (flags & CMS_DEBUG_DECRYPT)
			CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);

		if (secret_key) {
			if (!CMS_decrypt_set1_key(cms, secret_key,
			    secret_keylen, secret_keyid, secret_keyidlen)) {
				BIO_puts(bio_err,
				    "Error decrypting CMS using secret key\n");
				goto end;
			}
		}
		if (key) {
			if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
				BIO_puts(bio_err,
				    "Error decrypting CMS using private key\n");
				goto end;
			}
		}
		if (pwri_pass) {
			if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
				BIO_puts(bio_err,
				    "Error decrypting CMS using password\n");
				goto end;
			}
		}
		if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
			BIO_printf(bio_err, "Error decrypting CMS structure\n");
			goto end;
		}
	} else if (operation == SMIME_DATAOUT) {
		if (!CMS_data(cms, out, flags))
			goto end;
	} else if (operation == SMIME_UNCOMPRESS) {
		if (!CMS_uncompress(cms, indata, out, flags))
			goto end;
	} else if (operation == SMIME_DIGEST_VERIFY) {
		if (CMS_digest_verify(cms, indata, out, flags) > 0)
			BIO_printf(bio_err, "Verification successful\n");
		else {
			BIO_printf(bio_err, "Verification failure\n");
			goto end;
		}
	} else if (operation == SMIME_ENCRYPTED_DECRYPT) {
		if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
		    indata, out, flags))
			goto end;
	} else if (operation == SMIME_VERIFY) {
		if (CMS_verify(cms, other, store, indata, out, flags) > 0)
			BIO_printf(bio_err, "Verification successful\n");
		else {
			BIO_printf(bio_err, "Verification failure\n");
			if (verify_retcode)
				ret = verify_err + 32;
			goto end;
		}
		if (signerfile) {
			STACK_OF(X509) * signers;
			signers = CMS_get0_signers(cms);
			if (!save_certs(signerfile, signers)) {
				BIO_printf(bio_err,
				    "Error writing signers to %s\n",
				    signerfile);
				ret = 5;
				goto end;
			}
			sk_X509_free(signers);
		}
		if (rr_print)
			receipt_request_print(bio_err, cms);

	} else if (operation == SMIME_VERIFY_RECEIPT) {
		if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
			BIO_printf(bio_err, "Verification successful\n");
		else {
			BIO_printf(bio_err, "Verification failure\n");
			goto end;
		}
	} else {
		if (noout) {
			if (print)
				CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
		} else if (outformat == FORMAT_SMIME) {
			if (to)
				BIO_printf(out, "To: %s\n", to);
			if (from)
				BIO_printf(out, "From: %s\n", from);
			if (subject)
				BIO_printf(out, "Subject: %s\n", subject);
			if (operation == SMIME_RESIGN)
				ret = SMIME_write_CMS(out, cms, indata, flags);
			else
				ret = SMIME_write_CMS(out, cms, in, flags);
		} else if (outformat == FORMAT_PEM)
			ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
		else if (outformat == FORMAT_ASN1)
			ret = i2d_CMS_bio_stream(out, cms, in, flags);
		else {
			BIO_printf(bio_err, "Bad output format for CMS file\n");
			goto end;
		}
		if (ret <= 0) {
			ret = 6;
			goto end;
		}
	}
	ret = 0;

end:
	if (ret)
		ERR_print_errors(bio_err);
	sk_X509_pop_free(encerts, X509_free);
	sk_X509_pop_free(other, X509_free);
	if (vpm)
		X509_VERIFY_PARAM_free(vpm);
	if (sksigners)
		sk_OPENSSL_STRING_free(sksigners);
	if (skkeys)
		sk_OPENSSL_STRING_free(skkeys);
	free(secret_key);
	free(secret_keyid);
	free(pwri_tmp);
	if (econtent_type)
		ASN1_OBJECT_free(econtent_type);
	if (rr)
		CMS_ReceiptRequest_free(rr);
	if (rr_to)
		sk_OPENSSL_STRING_free(rr_to);
	if (rr_from)
		sk_OPENSSL_STRING_free(rr_from);
	X509_STORE_free(store);
	X509_free(cert);
	X509_free(recip);
	X509_free(signer);
	EVP_PKEY_free(key);
	CMS_ContentInfo_free(cms);
	CMS_ContentInfo_free(rcms);
	BIO_free(rctin);
	BIO_free(in);
	BIO_free(indata);
	BIO_free_all(out);
	free(passin);
	return (ret);
}

static int
save_certs(char *signerfile, STACK_OF(X509) * signers)
{
	int i;
	BIO *tmp;

	if (!signerfile)
		return 1;
	tmp = BIO_new_file(signerfile, "w");
	if (!tmp)
		return 0;
	for (i = 0; i < sk_X509_num(signers); i++)
		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
	BIO_free(tmp);
	return 1;
}

/* Minimal callback just to output policy info (if any) */

static int
cms_cb(int ok, X509_STORE_CTX * ctx)
{
	int error;

	error = X509_STORE_CTX_get_error(ctx);

	verify_err = error;

	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) &&
	    ((error != X509_V_OK) || (ok != 2)))
		return ok;

	policies_print(NULL, ctx);

	return ok;
}

static void
gnames_stack_print(BIO * out, STACK_OF(GENERAL_NAMES) * gns)
{
	STACK_OF(GENERAL_NAME) * gens;
	GENERAL_NAME *gen;
	int i, j;

	for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
		gens = sk_GENERAL_NAMES_value(gns, i);
		for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
			gen = sk_GENERAL_NAME_value(gens, j);
			BIO_puts(out, "    ");
			GENERAL_NAME_print(out, gen);
			BIO_puts(out, "\n");
		}
	}
	return;
}

static void
receipt_request_print(BIO * out, CMS_ContentInfo * cms)
{
	STACK_OF(CMS_SignerInfo) * sis;
	CMS_SignerInfo *si;
	CMS_ReceiptRequest *rr;
	int allorfirst;
	STACK_OF(GENERAL_NAMES) * rto, *rlist;
	ASN1_STRING *scid;
	int i, rv;

	sis = CMS_get0_SignerInfos(cms);
	for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
		si = sk_CMS_SignerInfo_value(sis, i);
		rv = CMS_get1_ReceiptRequest(si, &rr);
		BIO_printf(bio_err, "Signer %d:\n", i + 1);
		if (rv == 0)
			BIO_puts(bio_err, "  No Receipt Request\n");
		else if (rv < 0) {
			BIO_puts(bio_err, "  Receipt Request Parse Error\n");
			ERR_print_errors(bio_err);
		} else {
			char *id;
			int idlen;
			CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
			    &rlist, &rto);
			BIO_puts(out, "  Signed Content ID:\n");
			idlen = ASN1_STRING_length(scid);
			id = (char *) ASN1_STRING_data(scid);
			BIO_dump_indent(out, id, idlen, 4);
			BIO_puts(out, "  Receipts From");
			if (rlist) {
				BIO_puts(out, " List:\n");
				gnames_stack_print(out, rlist);
			} else if (allorfirst == 1)
				BIO_puts(out, ": First Tier\n");
			else if (allorfirst == 0)
				BIO_puts(out, ": All\n");
			else
				BIO_printf(out, " Unknown (%d)\n", allorfirst);
			BIO_puts(out, "  Receipts To:\n");
			gnames_stack_print(out, rto);
		}
		if (rr)
			CMS_ReceiptRequest_free(rr);
	}
}

static STACK_OF(GENERAL_NAMES) *
make_names_stack(STACK_OF(OPENSSL_STRING) * ns)
{
	int i;
	STACK_OF(GENERAL_NAMES) * ret;
	GENERAL_NAMES *gens = NULL;
	GENERAL_NAME *gen = NULL;
	ret = sk_GENERAL_NAMES_new_null();
	if (!ret)
		goto err;
	for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
		char *str = sk_OPENSSL_STRING_value(ns, i);
		gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
		if (!gen)
			goto err;
		gens = GENERAL_NAMES_new();
		if (!gens)
			goto err;
		if (!sk_GENERAL_NAME_push(gens, gen))
			goto err;
		gen = NULL;
		if (!sk_GENERAL_NAMES_push(ret, gens))
			goto err;
		gens = NULL;
	}

	return ret;

err:
	if (ret)
		sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
	if (gens)
		GENERAL_NAMES_free(gens);
	if (gen)
		GENERAL_NAME_free(gen);
	return NULL;
}


static CMS_ReceiptRequest *
make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to, int rr_allorfirst,
    STACK_OF(OPENSSL_STRING) * rr_from)
{
	STACK_OF(GENERAL_NAMES) * rct_to, *rct_from;
	CMS_ReceiptRequest *rr;

	rct_to = make_names_stack(rr_to);
	if (!rct_to)
		goto err;
	if (rr_from) {
		rct_from = make_names_stack(rr_from);
		if (!rct_from)
			goto err;
	} else
		rct_from = NULL;
	rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
	    rct_to);
	return rr;

err:
	return NULL;
}

#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/apps/openssl/compat/strtonum.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strtonum.c,v 1.7 2013/04/17 18:40:58 tedu Exp $	*/

/*
 * Copyright (c) 2004 Ted Unangst and Todd Miller
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strtonum.c,v 1.8 2015/09/13 08:31:48 guenther Exp $	*/

/*
 * Copyright (c) 2004 Ted Unangst and Todd Miller
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
Changes to jni/libressl/apps/openssl/crl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: crl.c,v 1.8 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: crl.c,v 1.10 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
	X509_LOOKUP *lookup = NULL;
	X509_OBJECT xobj;
	EVP_PKEY *pkey;
	const EVP_MD *digest;
	char *digest_name = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	if (bio_out == NULL) {
		if ((bio_out = BIO_new(BIO_s_file())) != NULL) {







|







227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
	X509_LOOKUP *lookup = NULL;
	X509_OBJECT xobj;
	EVP_PKEY *pkey;
	const EVP_MD *digest;
	char *digest_name = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	if (bio_out == NULL) {
		if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
Changes to jni/libressl/apps/openssl/crl2p7.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: crl2p7.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: crl2p7.c,v 1.7 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
	PKCS7_SIGNED *p7s = NULL;
	X509_CRL *crl = NULL;
	STACK_OF(X509_CRL) *crl_stack = NULL;
	STACK_OF(X509) *cert_stack = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&crl2p7_config, 0, sizeof(crl2p7_config));








|







166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
	PKCS7_SIGNED *p7s = NULL;
	X509_CRL *crl = NULL;
	STACK_OF(X509_CRL) *crl_stack = NULL;
	STACK_OF(X509) *cert_stack = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&crl2p7_config, 0, sizeof(crl2p7_config));

Changes to jni/libressl/apps/openssl/dgst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dgst.c,v 1.8 2015/10/17 07:51:10 semarie Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dgst.c,v 1.10 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
	int siglen = 0;
	char *passargin = NULL, *passin = NULL;
	char *hmac_key = NULL;
	char *mac_name = NULL;
	STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	if ((buf = malloc(BUFSIZE)) == NULL) {
		BIO_printf(bio_err, "out of memory\n");







|







120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
	int siglen = 0;
	char *passargin = NULL, *passin = NULL;
	char *hmac_key = NULL;
	char *mac_name = NULL;
	STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	if ((buf = malloc(BUFSIZE)) == NULL) {
		BIO_printf(bio_err, "out of memory\n");
Changes to jni/libressl/apps/openssl/dh.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh.c,v 1.9 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
{
	DH *dh = NULL;
	int i;
	BIO *in = NULL, *out = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dh_config, 0, sizeof(dh_config));








|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
{
	DH *dh = NULL;
	int i;
	BIO *in = NULL, *out = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dh_config, 0, sizeof(dh_config));

Changes to jni/libressl/apps/openssl/dhparam.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dhparam.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dhparam.c,v 1.9 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
	char *num_bits = NULL;
	DH *dh = NULL;
	int num = 0;
	int ret = 1;
	int i;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dhparam_config, 0, sizeof(dhparam_config));








|







240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
	char *num_bits = NULL;
	DH *dh = NULL;
	int num = 0;
	int ret = 1;
	int i;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dhparam_config, 0, sizeof(dhparam_config));

Changes to jni/libressl/apps/openssl/dsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa.c,v 1.9 2017/01/20 08:57:11 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
	int ret = 1;
	DSA *dsa = NULL;
	int i;
	BIO *in = NULL, *out = NULL;
	char *passin = NULL, *passout = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dsa_config, 0, sizeof(dsa_config));








|







237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
	int ret = 1;
	DSA *dsa = NULL;
	int i;
	BIO *in = NULL, *out = NULL;
	char *passin = NULL, *passout = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dsa_config, 0, sizeof(dsa_config));

Changes to jni/libressl/apps/openssl/dsaparam.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsaparam.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsaparam.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	int i;
	BIO *in = NULL, *out = NULL;
	int ret = 1;
	int numbits = -1;
	char *strbits = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dsaparam_config, 0, sizeof(dsaparam_config));








|







165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	int i;
	BIO *in = NULL, *out = NULL;
	int ret = 1;
	int numbits = -1;
	char *strbits = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&dsaparam_config, 0, sizeof(dsaparam_config));

Changes to jni/libressl/apps/openssl/ec.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
	EC_KEY *eckey = NULL;
	const EC_GROUP *group;
	int i;
	BIO *in = NULL, *out = NULL;
	char *passin = NULL, *passout = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&ec_config, 0, sizeof(ec_config));








|







274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
	EC_KEY *eckey = NULL;
	const EC_GROUP *group;
	int i;
	BIO *in = NULL, *out = NULL;
	char *passin = NULL, *passout = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&ec_config, 0, sizeof(ec_config));

Changes to jni/libressl/apps/openssl/ecparam.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecparam.c,v 1.14 2015/10/10 22:28:51 doug Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecparam.c,v 1.16 2017/01/20 08:57:12 deraadt Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
	BIGNUM *ec_order = NULL, *ec_cofactor = NULL;
	EC_GROUP *group = NULL;
	unsigned char *buffer = NULL;
	BIO *in = NULL, *out = NULL;
	int i, ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&ecparam_config, 0, sizeof(ecparam_config));
	ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE;







|







256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
	BIGNUM *ec_order = NULL, *ec_cofactor = NULL;
	EC_GROUP *group = NULL;
	unsigned char *buffer = NULL;
	BIO *in = NULL, *out = NULL;
	int i, ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&ecparam_config, 0, sizeof(ecparam_config));
	ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE;
Changes to jni/libressl/apps/openssl/enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: enc.c,v 1.10 2015/10/17 15:00:11 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: enc.c,v 1.12 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
	BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL;
	BIO *rbio = NULL, *wbio = NULL;
#define PROG_NAME_SIZE  39
	char pname[PROG_NAME_SIZE + 1];
	int i;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&enc_config, 0, sizeof(enc_config));
	enc_config.enc = 1;







|







335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
	BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL;
	BIO *rbio = NULL, *wbio = NULL;
#define PROG_NAME_SIZE  39
	char pname[PROG_NAME_SIZE + 1];
	int i;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&enc_config, 0, sizeof(enc_config));
	enc_config.enc = 1;
Changes to jni/libressl/apps/openssl/errstr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: errstr.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: errstr.c,v 1.6 2015/10/17 15:00:11 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/apps/openssl/gendh.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gendh.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gendh.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
	BN_GENCB cb;
	DH *dh = NULL;
	int ret = 1, numbits = DEFBITS;
	BIO *out = NULL;
	char *strbits = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	BN_GENCB_set(&cb, dh_cb, bio_err);








|







131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
	BN_GENCB cb;
	DH *dh = NULL;
	int ret = 1, numbits = DEFBITS;
	BIO *out = NULL;
	char *strbits = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	BN_GENCB_set(&cb, dh_cb, bio_err);

Changes to jni/libressl/apps/openssl/gendsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gendsa.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gendsa.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
	char *outfile = NULL;
	char *dsaparams = NULL;
	char *passargout = NULL, *passout = NULL;
	BIO *out = NULL, *in = NULL;
	const EVP_CIPHER *enc = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	argv++;
	argc--;







|







82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
	char *outfile = NULL;
	char *dsaparams = NULL;
	char *passargout = NULL, *passout = NULL;
	BIO *out = NULL, *in = NULL;
	const EVP_CIPHER *enc = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	argv++;
	argc--;
Changes to jni/libressl/apps/openssl/genpkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: genpkey.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: genpkey.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
	char *pass = NULL;
	int badarg = 0;
	int ret = 1, rv;

	int do_param = 0;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	outformat = FORMAT_PEM;








|







83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
	char *pass = NULL;
	int badarg = 0;
	int ret = 1, rv;

	int do_param = 0;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	outformat = FORMAT_PEM;

Changes to jni/libressl/apps/openssl/genrsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: genrsa.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: genrsa.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
	char *outfile = NULL;
	char *passargout = NULL, *passout = NULL;
	BIO *out = NULL;
	BIGNUM *bn = BN_new();
	RSA *rsa = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	if (!bn)
		goto err;







|







97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
	char *outfile = NULL;
	char *passargout = NULL, *passout = NULL;
	BIO *out = NULL;
	BIGNUM *bn = BN_new();
	RSA *rsa = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	if (!bn)
		goto err;
Changes to jni/libressl/apps/openssl/nseq.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: nseq.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: nseq.c,v 1.7 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
{
	BIO *in = NULL, *out = NULL;
	X509 *x509 = NULL;
	NETSCAPE_CERT_SEQUENCE *seq = NULL;
	int i, ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&nseq_config, 0, sizeof(nseq_config));








|







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
{
	BIO *in = NULL, *out = NULL;
	X509 *x509 = NULL;
	NETSCAPE_CERT_SEQUENCE *seq = NULL;
	int i, ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&nseq_config, 0, sizeof(nseq_config));

Changes to jni/libressl/apps/openssl/ocsp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp.c,v 1.7 2015/10/17 15:00:11 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp.c,v 1.12 2017/01/21 09:29:09 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
	char *rca_filename = NULL;
	CA_DB *rdb = NULL;
	int nmin = 0, ndays = -1;
	const EVP_MD *cert_id_md = NULL;
	const char *errstr = NULL;

	if (single_execution) {
		if (pledge("stdio inet dns rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	args = argv + 1;
	reqnames = sk_OPENSSL_STRING_new_null();







|







143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
	char *rca_filename = NULL;
	CA_DB *rdb = NULL;
	int nmin = 0, ndays = -1;
	const EVP_MD *cert_id_md = NULL;
	const char *errstr = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	args = argv + 1;
	reqnames = sk_OPENSSL_STRING_new_null();
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
		BIO_printf(bio_err, "-port num		 port to run responder on\n");
		BIO_printf(bio_err, "-index file	 certificate status index file\n");
		BIO_printf(bio_err, "-CA file		 CA certificate\n");
		BIO_printf(bio_err, "-rsigner file	 responder certificate to sign responses with\n");
		BIO_printf(bio_err, "-rkey file	 responder key to sign responses with\n");
		BIO_printf(bio_err, "-rother file	 other certificates to include in response\n");
		BIO_printf(bio_err, "-resp_no_certs     don't include any certificates in response\n");
		BIO_printf(bio_err, "-nmin n	 	 number of minutes before next update\n");
		BIO_printf(bio_err, "-ndays n	 	 number of days before next update\n");
		BIO_printf(bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
		BIO_printf(bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
		BIO_printf(bio_err, "-<dgst alg>     use specified digest in the request\n");
		goto end;
	}
	if (outfile)
		out = BIO_new_file(outfile, "w");







|
|







492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
		BIO_printf(bio_err, "-port num		 port to run responder on\n");
		BIO_printf(bio_err, "-index file	 certificate status index file\n");
		BIO_printf(bio_err, "-CA file		 CA certificate\n");
		BIO_printf(bio_err, "-rsigner file	 responder certificate to sign responses with\n");
		BIO_printf(bio_err, "-rkey file	 responder key to sign responses with\n");
		BIO_printf(bio_err, "-rother file	 other certificates to include in response\n");
		BIO_printf(bio_err, "-resp_no_certs     don't include any certificates in response\n");
		BIO_printf(bio_err, "-nmin n		 number of minutes before next update\n");
		BIO_printf(bio_err, "-ndays n		 number of days before next update\n");
		BIO_printf(bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
		BIO_printf(bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
		BIO_printf(bio_err, "-<dgst alg>     use specified digest in the request\n");
		goto end;
	}
	if (outfile)
		out = BIO_new_file(outfile, "w");
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
		}
		i2d_OCSP_RESPONSE_bio(derbio, resp);
		BIO_free(derbio);
	}
	i = OCSP_response_status(resp);

	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
		BIO_printf(out, "Responder Error: %s (%d)\n",
		    OCSP_response_status_str(i), i);
		if (ignore_err)
			goto redo_accept;
		ret = 0;
		goto end;
	}
	if (resp_text)
		OCSP_RESPONSE_print(out, resp, 0);

	/* If running as responder don't verify our own response */
	if (cbio) {







|



|







660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
		}
		i2d_OCSP_RESPONSE_bio(derbio, resp);
		BIO_free(derbio);
	}
	i = OCSP_response_status(resp);

	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
		BIO_printf(bio_err, "Responder Error: %s (%d)\n",
		    OCSP_response_status_str(i), i);
		if (ignore_err)
			goto redo_accept;
		ret = 1;
		goto end;
	}
	if (resp_text)
		OCSP_RESPONSE_print(out, resp, 0);

	/* If running as responder don't verify our own response */
	if (cbio) {
Changes to jni/libressl/apps/openssl/openssl.1.
1
2
3
4
5
6
7
8
.\" $OpenBSD: openssl.1,v 1.39 2016/07/21 18:40:26 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
|







1
2
3
4
5
6
7
8
.\" $OpenBSD: openssl.1,v 1.84 2017/01/03 22:14:41 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
.\" The licence and distribution terms for any publically available version or
.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
.\" OPENSSL
.\"
.Dd $Mdocdate: July 21 2016 $
.Dt OPENSSL 1
.Os
.Sh NAME
.Nm openssl
.Nd OpenSSL command line tool
.Sh SYNOPSIS
.Nm







|







108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
.\" The licence and distribution terms for any publically available version or
.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
.\" OPENSSL
.\"
.Dd $Mdocdate: January 3 2017 $
.Dt OPENSSL 1
.Os
.Sh NAME
.Nm openssl
.Nd OpenSSL command line tool
.Sh SYNOPSIS
.Nm
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
or both, using the format described in
.Xr ASN1_generate_nconf 3 .
If only
.Ar file
is present then the string is obtained from the default section
using the name
.Dq asn1 .
The encoded data is passed through the ASN1 parser and printed out as
though it came from a file;
the contents can thus be examined and written to a file using the
.Fl out
option.
.It Fl i
Indent the output according to the
.Qq depth
of the structures.
.It Fl in Ar file
The input file; the default is standard input.
.It Fl inform Cm der | pem | txt
The input format.
.It Fl length Ar number
Number of bytes to parse; the default is until end of file.
.It Fl noout
Don't output the parsed version of the input file.
.It Fl offset Ar number
Starting offset to begin parsing; the default is start of file.
.It Fl oid Ar file
A file containing additional object identifiers
.Pq OIDs .
If an OID
.Pq object identifier







|









|





|







241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
or both, using the format described in
.Xr ASN1_generate_nconf 3 .
If only
.Ar file
is present then the string is obtained from the default section
using the name
.Dq asn1 .
The encoded data is passed through the ASN.1 parser and printed out as
though it came from a file;
the contents can thus be examined and written to a file using the
.Fl out
option.
.It Fl i
Indent the output according to the
.Qq depth
of the structures.
.It Fl in Ar file
The input file to read from, or standard input if not specified.
.It Fl inform Cm der | pem | txt
The input format.
.It Fl length Ar number
Number of bytes to parse; the default is until end of file.
.It Fl noout
Do not output the parsed version of the input file.
.It Fl offset Ar number
Starting offset to begin parsing; the default is start of file.
.It Fl oid Ar file
A file containing additional object identifiers
.Pq OIDs .
If an OID
.Pq object identifier
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
.Op Fl extensions Ar section
.Op Fl extfile Ar section
.Op Fl gencrl
.Op Fl in Ar file
.Op Fl infiles
.Op Fl key Ar keyfile
.Op Fl keyfile Ar arg
.Op Fl keyform Ar PEM
.Op Fl md Ar arg
.Op Fl msie_hack
.Op Fl name Ar section
.Op Fl noemailDN
.Op Fl notext
.Op Fl out Ar file
.Op Fl outdir Ar dir







|







314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
.Op Fl extensions Ar section
.Op Fl extfile Ar section
.Op Fl gencrl
.Op Fl in Ar file
.Op Fl infiles
.Op Fl key Ar keyfile
.Op Fl keyfile Ar arg
.Op Fl keyform Ar pem
.Op Fl md Ar arg
.Op Fl msie_hack
.Op Fl name Ar section
.Op Fl noemailDN
.Op Fl notext
.Op Fl out Ar file
.Op Fl outdir Ar dir
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
It can be used to sign certificate requests in a variety of forms
and generate certificate revocation lists (CRLs).
It also maintains a text database of issued certificates and their status.
.Pp
The options relevant to CAs are as follows:
.Bl -tag -width "XXXX"
.It Fl batch
This sets the batch mode.
In this mode no questions will be asked
and all certificates will be certified automatically.
.It Fl cert Ar file
The CA certificate file.
.It Fl config Ar file
Specifies the configuration file to use.
.It Fl days Ar arg
The number of days to certify the certificate for.
.It Fl enddate Ar date
This allows the expiry date to be explicitly set.
The format of the date is YYMMDDHHMMSSZ
.Pq the same as an ASN1 UTCTime structure .
.It Fl extensions Ar section
The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to
.Cm x509_extensions
unless the
.Fl extfile
option is used).







|





|



|

|







345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
It can be used to sign certificate requests in a variety of forms
and generate certificate revocation lists (CRLs).
It also maintains a text database of issued certificates and their status.
.Pp
The options relevant to CAs are as follows:
.Bl -tag -width "XXXX"
.It Fl batch
Batch mode.
In this mode no questions will be asked
and all certificates will be certified automatically.
.It Fl cert Ar file
The CA certificate file.
.It Fl config Ar file
Specify an alternative configuration file.
.It Fl days Ar arg
The number of days to certify the certificate for.
.It Fl enddate Ar date
Set the expiry date.
The format of the date is YYMMDDHHMMSSZ
.Pq the same as an ASN.1 UTCTime structure .
.It Fl extensions Ar section
The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to
.Cm x509_extensions
unless the
.Fl extfile
option is used).
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
are assumed to be the names of files containing certificate requests.
.It Fl key Ar keyfile
The password used to encrypt the private key.
Since on some systems the command line arguments are visible,
this option should be used with caution.
.It Fl keyfile Ar file
The private key to sign requests with.
.It Fl keyform Ar PEM
Private key file format.
.It Fl md Ar alg
The message digest to use.
Possible values include
.Ar md5
and
.Ar sha1 .







|







389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
are assumed to be the names of files containing certificate requests.
.It Fl key Ar keyfile
The password used to encrypt the private key.
Since on some systems the command line arguments are visible,
this option should be used with caution.
.It Fl keyfile Ar file
The private key to sign requests with.
.It Fl keyform Ar pem
Private key file format.
.It Fl md Ar alg
The message digest to use.
Possible values include
.Ar md5
and
.Ar sha1 .
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
The certificate will be written to a file consisting of the
serial number in hex with
.Qq .pem
appended.
.It Fl passin Ar arg
The key password source.
.It Fl policy Ar arg
This option defines the CA
.Qq policy
to use.
The policy section in the configuration file
consists of a set of variables corresponding to certificate DN fields.
The values may be one of
.Qq match
(the value must match the same field in the CA certificate),







|







445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
The certificate will be written to a file consisting of the
serial number in hex with
.Qq .pem
appended.
.It Fl passin Ar arg
The key password source.
.It Fl policy Ar arg
Define the CA
.Qq policy
to use.
The policy section in the configuration file
consists of a set of variables corresponding to certificate DN fields.
The values may be one of
.Qq match
(the value must match the same field in the CA certificate),
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
the SPKAC and also the required DN components as name value pairs.
If it's necessary to include the same component twice,
then it can be preceded by a number and a
.Sq \&. .
.It Fl ss_cert Ar file
A single self-signed certificate to be signed by the CA.
.It Fl startdate Ar date
This allows the start date to be explicitly set.
The format of the date is YYMMDDHHMMSSZ
.Pq the same as an ASN1 UTCTime structure .
.It Fl status Ar serial
Show the status of the certificate with serial number
.Ar serial .
.It Fl updatedb
Update database for expired certificates.
.It Fl verbose
This prints extra details about the operations being performed.
.El
.Pp
The options relevant to CRLs are as follows:
.Bl -tag -width "XXXX"
.It Fl crl_CA_compromise Ar time
This is the same as
.Fl crl_compromise ,
except the revocation reason is set to CACompromise.
.It Fl crl_compromise Ar time
This sets the revocation reason to keyCompromise and the compromise time to
.Ar time .
.Ar time
should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
.It Fl crl_hold Ar instruction
This sets the CRL revocation reason code to certificateHold and the hold
instruction to
.Ar instruction
which must be an OID.
Although any OID can be used, only holdInstructionNone
(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
holdInstructionReject will normally be used.
.It Fl crl_reason Ar reason







|

|






|









|




|







487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
the SPKAC and also the required DN components as name value pairs.
If it's necessary to include the same component twice,
then it can be preceded by a number and a
.Sq \&. .
.It Fl ss_cert Ar file
A single self-signed certificate to be signed by the CA.
.It Fl startdate Ar date
Set the start date.
The format of the date is YYMMDDHHMMSSZ
.Pq the same as an ASN.1 UTCTime structure .
.It Fl status Ar serial
Show the status of the certificate with serial number
.Ar serial .
.It Fl updatedb
Update database for expired certificates.
.It Fl verbose
Print extra details about the operations being performed.
.El
.Pp
The options relevant to CRLs are as follows:
.Bl -tag -width "XXXX"
.It Fl crl_CA_compromise Ar time
This is the same as
.Fl crl_compromise ,
except the revocation reason is set to CACompromise.
.It Fl crl_compromise Ar time
Set the revocation reason to keyCompromise and the compromise time to
.Ar time .
.Ar time
should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
.It Fl crl_hold Ar instruction
Set the CRL revocation reason code to certificateHold and the hold
instruction to
.Ar instruction
which must be an OID.
Although any OID can be used, only holdInstructionNone
(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
holdInstructionReject will normally be used.
.It Fl crl_reason Ar reason
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
field.
.It Fl crlexts Ar section
The
.Ar section
of the configuration file containing CRL extensions to include.
If no CRL extension section is present then a V1 CRL is created;
if the CRL extension section is present
.Pq even if it is empty
then a V2 CRL is created.
The CRL extensions specified are CRL extensions and
.Em not
CRL entry extensions.
It should be noted that some software
.Pq for example Netscape
can't handle V2 CRLs.
.It Fl crlhours Ar num
The number of hours before the next CRL is due.
.It Fl gencrl
This option generates a CRL based on information in the index file.
.It Fl revoke Ar file
A
.Ar file
containing a certificate to revoke.
.It Fl subj Ar arg
Supersedes the subject name given in the request.
The







|

|
<
<
|
<
<



|







541
542
543
544
545
546
547
548
549
550


551


552
553
554
555
556
557
558
559
560
561
562
field.
.It Fl crlexts Ar section
The
.Ar section
of the configuration file containing CRL extensions to include.
If no CRL extension section is present then a V1 CRL is created;
if the CRL extension section is present
(even if it is empty)
then a V2 CRL is created.
The CRL extensions specified are CRL extensions and not CRL entry extensions.


It should be noted that some software can't handle V2 CRLs.


.It Fl crlhours Ar num
The number of hours before the next CRL is due.
.It Fl gencrl
Generate a CRL based on information in the index file.
.It Fl revoke Ar file
A
.Ar file
containing a certificate to revoke.
.It Fl subj Ar arg
Supersedes the subject name given in the request.
The
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
For convenience, the value
.Cm ca_default
is accepted by both to produce a reasonable output.
.Pp
If neither option is present, the format used in earlier versions of
.Nm openssl
is used.
Use of the old format is
.Em strongly
discouraged because it only displays fields mentioned in the
.Cm policy
section,
mishandles multicharacter string types and does not display extensions.
.It Cm new_certs_dir
The same as the
.Fl outdir
command line option.







|
<
|







717
718
719
720
721
722
723
724

725
726
727
728
729
730
731
732
For convenience, the value
.Cm ca_default
is accepted by both to produce a reasonable output.
.Pp
If neither option is present, the format used in earlier versions of
.Nm openssl
is used.
Use of the old format is strongly discouraged

because it only displays fields mentioned in the
.Cm policy
section,
mishandles multicharacter string types and does not display extensions.
.It Cm new_certs_dir
The same as the
.Fl outdir
command line option.
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
.Op Ar cipherlist
.Pp
The
.Nm ciphers
command converts
.Nm openssl
cipher lists into ordered SSL cipher preference lists.
It can be used as a test tool to determine the appropriate cipherlist.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl h , \&?
Print a brief usage message.
.It Fl tls1
Only include TLS v1 ciphers.







|







784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
.Op Ar cipherlist
.Pp
The
.Nm ciphers
command converts
.Nm openssl
cipher lists into ordered SSL cipher preference lists.
It can be used as a way to determine the appropriate cipher list.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl h , \&?
Print a brief usage message.
.It Fl tls1
Only include TLS v1 ciphers.
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
.Op Fl outform Cm der | pem
.Op Fl text
.nr nS 0
.Pp
The
.Nm crl
command processes CRL files in DER or PEM format.
The PEM CRL format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN X509 CRL-----
-----END X509 CRL-----
.Ed
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl CAfile Ar file
Verify the signature on a CRL by looking up the issuing certificate in
.Ar file .
.It Fl CApath Ar directory







<
<
<
<
<







962
963
964
965
966
967
968





969
970
971
972
973
974
975
.Op Fl outform Cm der | pem
.Op Fl text
.nr nS 0
.Pp
The
.Nm crl
command processes CRL files in DER or PEM format.





.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl CAfile Ar file
Verify the signature on a CRL by looking up the issuing certificate in
.Ar file .
.It Fl CApath Ar directory
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
.Cm lastUpdate
field.
.It Fl nextupdate
Output the
.Cm nextUpdate
field.
.It Fl noout
Don't output the encoded version of the CRL.
.It Fl out Ar file
The output file to write to, or standard output if not specified.
.It Fl outform Cm der | pem
The output format.
.It Fl text
Print out the CRL in text form.
.El
.Sh CRL2PKCS7
.nr nS 1
.Nm "openssl crl2pkcs7"
.Op Fl certfile Ar file
.Op Fl in Ar file
.Op Fl inform Cm der | pem







|





|







995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
.Cm lastUpdate
field.
.It Fl nextupdate
Output the
.Cm nextUpdate
field.
.It Fl noout
Do not output the encoded version of the CRL.
.It Fl out Ar file
The output file to write to, or standard output if not specified.
.It Fl outform Cm der | pem
The output format.
.It Fl text
Print the CRL in plain text.
.El
.Sh CRL2PKCS7
.nr nS 1
.Nm "openssl crl2pkcs7"
.Op Fl certfile Ar file
.Op Fl in Ar file
.Op Fl inform Cm der | pem
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117













1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148

1149
1150
1151
1152
1153
1154
1155
1156
This option can be used more than once
to read certificates from multiple files.
.It Fl in Ar file
Read the CRL from
.Ar file ,
or standard input if not specified.
.It Fl inform Cm der | pem
Specify the CRL input format.
.It Fl nocrl
Normally, a CRL is included in the output file.
With this option, no CRL is
included in the output file and a CRL is not read from the input file.
.It Fl out Ar file
Write the PKCS#7 structure to
.Ar file ,
or standard output if not specified.
.It Fl outform Cm der | pem
Specify the PKCS#7 structure output format.
.El
.\"
.\" DGST
.\"
.Sh DGST
.nr nS 1
.Nm "openssl dgst"
.Bk -words
.Oo
.Fl gost-mac | streebog256 | streebog512 | md_gost94 |
.Fl md4 | md5 | ripemd160 | sha1 |
.Fl sha224 | sha256 | sha384 | sha512 | whirlpool
.Oc
.Op Fl binary
.Op Fl cd
.Op Fl hex
.Op Fl hmac Ar key
.Op Fl keyform Ar PEM
.Op Fl mac Ar algorithm
.Op Fl macopt Ar nm : Ns Ar v
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl prverify Ar file
.Op Fl sign Ar file
.Op Fl signature Ar file
.Op Fl sigopt Ar nm : Ns Ar v
.Op Fl verify Ar file
.Op Ar
.Ek
.nr nS 0
.Pp
.Nm openssl
.Cm gost-mac | streebog256 | streebog512 | md_gost94 |
.Cm md4 | md5 | ripemd160 | sha1 |
.Cm sha224 | sha256 | sha384 | sha512 | whirlpool
.Op Fl c
.Op Fl d
.Op Ar
.Pp
The digest functions output the message digest of a supplied
.Ar file
or
.Ar files
in hexadecimal form.
They can also be used for digital signing and verification.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl binary
Output the digest or signature in binary form.
.It Fl c
Print out the digest in two-digit groups separated by colons; only relevant if
.Em hex
format output is used.
.It Fl d
Print out BIO debugging information.













.It Fl hex
Digest is to be output as a hex dump.
This is the default case for a
.Qq normal
digest as opposed to a digital signature.
.It Fl hmac Ar key
Create a hashed MAC using
.Ar key .
.It Fl keyform Ar PEM
Specifies the key format to sign the digest with.
.It Fl mac Ar algorithm
Create a keyed Message Authentication Code (MAC).
The most popular MAC algorithm is HMAC (hash-based MAC),
but there are other MAC algorithms which are not based on hash.
MAC keys and other options should be set via the
.Fl macopt
parameter.
.It Fl macopt Ar nm : Ns Ar v
Passes options to the MAC algorithm, specified by
.Fl mac .
The following options are supported by HMAC:
.Bl -tag -width Ds
.It Ar key : Ns Ar string
Specifies the MAC key as an alphanumeric string
(use if the key contain printable characters only).
String length must conform to any restrictions of the MAC algorithm.
.It Ar hexkey : Ns Ar string
Specifies the MAC key in hexadecimal form (two hex digits per byte).
Key length must conform to any restrictions of the MAC algorithm.
.El
.It Fl out Ar file

The file to output to, or standard output by default.
.It Fl passin Ar arg
The key password source.
.It Fl prverify Ar file
Verify the signature using the private key in
.Ar file .
The output is either
.Qq Verification OK







|









|

<
<
<



<
|
<
<
<
<

|


|










<


<
<
<
<
<
<
<
<












|
<
<

|
>
>
>
>
>
>
>
>
>
>
>
>
>








|













|



|




>
|







1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052



1053
1054
1055

1056




1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071

1072
1073








1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086


1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
This option can be used more than once
to read certificates from multiple files.
.It Fl in Ar file
Read the CRL from
.Ar file ,
or standard input if not specified.
.It Fl inform Cm der | pem
The input format.
.It Fl nocrl
Normally, a CRL is included in the output file.
With this option, no CRL is
included in the output file and a CRL is not read from the input file.
.It Fl out Ar file
Write the PKCS#7 structure to
.Ar file ,
or standard output if not specified.
.It Fl outform Cm der | pem
The output format.
.El



.Sh DGST
.nr nS 1
.Nm "openssl dgst"

.Op Fl cd




.Op Fl binary
.Op Fl Ar digest
.Op Fl hex
.Op Fl hmac Ar key
.Op Fl keyform Cm pem
.Op Fl mac Ar algorithm
.Op Fl macopt Ar nm : Ns Ar v
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl prverify Ar file
.Op Fl sign Ar file
.Op Fl signature Ar file
.Op Fl sigopt Ar nm : Ns Ar v
.Op Fl verify Ar file
.Op Ar

.nr nS 0
.Pp








The digest functions output the message digest of a supplied
.Ar file
or
.Ar files
in hexadecimal form.
They can also be used for digital signing and verification.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl binary
Output the digest or signature in binary form.
.It Fl c
Print the digest in two-digit groups separated by colons.


.It Fl d
Print BIO debugging information.
.It Fl Ar digest
Use the specified message
.Ar digest .
The default is MD5.
The available digests can be displayed using
.Nm openssl
.Cm list-message-digest-commands .
The following are equivalent:
.Nm openssl dgst
.Fl md5
and
.Nm openssl
.Cm md5 .
.It Fl hex
Digest is to be output as a hex dump.
This is the default case for a
.Qq normal
digest as opposed to a digital signature.
.It Fl hmac Ar key
Create a hashed MAC using
.Ar key .
.It Fl keyform Cm pem
Specifies the key format to sign the digest with.
.It Fl mac Ar algorithm
Create a keyed Message Authentication Code (MAC).
The most popular MAC algorithm is HMAC (hash-based MAC),
but there are other MAC algorithms which are not based on hash.
MAC keys and other options should be set via the
.Fl macopt
parameter.
.It Fl macopt Ar nm : Ns Ar v
Passes options to the MAC algorithm, specified by
.Fl mac .
The following options are supported by HMAC:
.Bl -tag -width Ds
.It Cm key : Ns Ar string
Specifies the MAC key as an alphanumeric string
(use if the key contain printable characters only).
String length must conform to any restrictions of the MAC algorithm.
.It Cm hexkey : Ns Ar string
Specifies the MAC key in hexadecimal form (two hex digits per byte).
Key length must conform to any restrictions of the MAC algorithm.
.El
.It Fl out Ar file
The output file to write to,
or standard output if not specified.
.It Fl passin Ar arg
The key password source.
.It Fl prverify Ar file
Verify the signature using the private key in
.Ar file .
The output is either
.Qq Verification OK
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225


1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262

1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
.Qq Verification OK
or
.Qq Verification Failure .
.It Ar
File or files to digest.
If no files are specified then standard input is used.
.El
.Sh DGST NOTES
The digest of choice for all new applications is SHA1.
Other digests are, however, still widely used.
.Pp
If you wish to sign or verify data using the DSA algorithm, the dss1
digest must be used.
.Pp
A source of random numbers is required for certain signing algorithms, in
particular DSA.
.Pp
The signing and verify options should only be used if a single file is
being signed or verified.
.\"
.\" DH
.\"
.Sh DH
Diffie-Hellman Parameter Management.
The
.Nm dh
command has been replaced by
.Nm dhparam .
See
.Sx DHPARAM
below.
.\"
.\" DHPARAM
.\"
.Sh DHPARAM
.nr nS 1
.Nm "openssl dhparam"
.Bk -words
.Op Fl 2 | 5
.Op Fl C
.Op Fl check
.Op Fl dsaparam
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl text
.Op Ar numbits
.Ek
.nr nS 0
.Pp
The
.Nm dhparam
command is used to manipulate DH parameter files.


.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 2 , 5
The generator to use, either 2 or 5.
2 is the default.
If present, the input file is ignored and parameters are generated instead.
.It Fl C
This option converts the parameters into C code.
The parameters can then be loaded by calling the
.Cm get_dh Ns Ar numbits Ns Li ()
function.
.It Fl check
Check the DH parameters.
.It Fl dsaparam
If this option is used, DSA rather than DH parameters are read or created;
they are converted to DH format.
Otherwise,
.Qq strong
primes
.Pq such that (p-1)/2 is also prime
will be used for DH parameter generation.
.Pp
DH parameter generation with the
.Fl dsaparam
option is much faster,
and the recommended exponent length is shorter,
which makes DH key exchange more efficient.
Beware that with such DSA-style DH parameters,
a fresh DH key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
.It Fl in Ar file
This specifies the input
.Ar file
to read parameters from, or standard input if this option is not specified.
.It Fl inform Ar DER | PEM
This specifies the input format.

The argument
.Ar DER
uses an ASN1 DER-encoded form compatible with the PKCS#3 DHparameter
structure.
The
.Ar PEM
form is the default format:
it consists of the DER format base64-encoded with
additional header and footer lines.
.It Fl noout
This option inhibits the output of the encoded version of the parameters.
.It Ar numbits
This argument specifies that a parameter set should be generated of size
.Ar numbits .
It must be the last option.
If not present, a value of 2048 is used.
If this value is present, the input file is ignored and
parameters are generated instead.
.It Fl out Ar file
This specifies the output
.Ar file
to write parameters to.
Standard output is used if this option is not present.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl text
This option prints out the DH parameters in human readable form.
.El
.Sh DHPARAM WARNINGS
The program
.Nm dhparam
combines the functionality of the programs
.Nm dh
and
.Nm gendh
in previous versions of
.Nm OpenSSL
and
.Nm SSLeay .
The
.Nm dh
and
.Nm gendh
programs are retained for now, but may have different purposes in future
versions of
.Nm OpenSSL .
.Sh DHPARAM NOTES
PEM format DH parameters use the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
.Ed
.Pp
.Nm OpenSSL
currently only supports the older PKCS#3 DH,
not the newer X9.42 DH.
.Pp
This program manipulates DH parameters not keys.
.Sh DHPARAM BUGS
There should be a way to generate and manipulate DH keys.
.Sh DHPARAM HISTORY
The
.Nm dhparam
command was added in
.Nm OpenSSL
0.9.5.
The
.Fl dsaparam
option was added in
.Nm OpenSSL
0.9.6.
.\"
.\" DSA
.\"
.Sh DSA
.nr nS 1
.Nm "openssl dsa"
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl modulus
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text
.Ek
.nr nS 0
.Pp
The
.Nm dsa
command processes DSA keys.
They can be converted between various forms and their components printed out.
.Pp







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<





|


|


<





>
>




|



|

|




|
|















|
<
|
|
|
>
|
|
<
<
|
|
|
|
<
|
|

|





<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<





|



|





<







1156
1157
1158
1159
1160
1161
1162



























1163
1164
1165

1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176

1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216

1217
1218
1219
1220
1221
1222


1223
1224
1225
1226

1227
1228
1229
1230
1231
1232
1233
1234
1235














1236














































1237
1238
1239

1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254

1255
1256
1257
1258
1259
1260
1261
.Qq Verification OK
or
.Qq Verification Failure .
.It Ar
File or files to digest.
If no files are specified then standard input is used.
.El



























.Sh DHPARAM
.nr nS 1
.Nm "openssl dhparam"

.Op Fl 2 | 5
.Op Fl C
.Op Fl check
.Op Fl dsaparam
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl text
.Op Ar numbits

.nr nS 0
.Pp
The
.Nm dhparam
command is used to manipulate DH parameter files.
Only the older PKCS#3 DH is supported,
not the newer X9.42 DH.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 2 , 5
The generator to use;
2 is the default.
If present, the input file is ignored and parameters are generated instead.
.It Fl C
Convert the parameters into C code.
The parameters can then be loaded by calling the
.No get_dh Ns Ar numbits
function.
.It Fl check
Check the DH parameters.
.It Fl dsaparam
Read or create DSA parameters,
converted to DH format on output.
Otherwise,
.Qq strong
primes
.Pq such that (p-1)/2 is also prime
will be used for DH parameter generation.
.Pp
DH parameter generation with the
.Fl dsaparam
option is much faster,
and the recommended exponent length is shorter,
which makes DH key exchange more efficient.
Beware that with such DSA-style DH parameters,
a fresh DH key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
.It Fl inform Cm der | pem
The input format.
.It Fl noout
Do not output the encoded version of the parameters.
.It Fl out Ar file


The output file to write to,
or standard output if not specified.
.It Fl outform Cm der | pem
The output format.

.It Fl text
Print the DH parameters in plain text.
.It Ar numbits
Generate a parameter set of size
.Ar numbits .
It must be the last option.
If not present, a value of 2048 is used.
If this value is present, the input file is ignored and
parameters are generated instead.














.El














































.Sh DSA
.nr nS 1
.Nm "openssl dsa"

.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl modulus
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text

.nr nS 0
.Pp
The
.Nm dsa
command processes DSA keys.
They can be converted between various forms and their components printed out.
.Pp
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522

1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774


1775




1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941











1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962

1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049


2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc
These options encrypt the private key with the AES, DES, or the triple DES
ciphers, respectively, before outputting it.
A pass phrase is prompted for.
If none of these options is specified, the key is written in plain text.
This means that using the
.Nm dsa
utility to read in an encrypted key with no encryption option can be used to
remove the pass phrase from a key,
or by setting the encryption options it can be use to add or change
the pass phrase.
These options can only be used with PEM format output files.
.It Fl in Ar file
This specifies the input
.Ar file
to read a key from, or standard input if this option is not specified.
If the key is encrypted, a pass phrase will be prompted for.
.It Fl inform Ar DER | PEM
This specifies the input format.
The
.Ar DER
argument with a private key uses an ASN1 DER-encoded form of an ASN.1
SEQUENCE consisting of the values of version
.Pq currently zero ,
P, Q, G,
and the public and private key components, respectively, as ASN.1 INTEGERs.
When used with a public key it uses a
.Em SubjectPublicKeyInfo
structure: it is an error if the key is not DSA.
.Pp
The
.Ar PEM
form is the default format:
it consists of the DER format base64-encoded with additional header and footer
lines.
In the case of a private key, PKCS#8 format is also accepted.
.It Fl modulus
This option prints out the value of the public key component of the key.
.It Fl noout
This option prevents output of the encoded version of the key.
.It Fl out Ar file
This specifies the output
.Ar file
to write a key to, or standard output if not specified.
If any encryption options are set then a pass phrase will be
prompted for.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
By default, a private key is read from the input file.
With this option a public key is read instead.
.It Fl pubout
By default, a private key is output.
With this option a public key will be output instead.
This option is automatically set if the input is a public key.
.It Fl text
Prints out the public/private key components and parameters.
.El
.Sh DSA NOTES
The PEM private key format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN DSA PRIVATE KEY-----
-----END DSA PRIVATE KEY-----
.Ed
.Pp
The PEM public key format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
.Ed
.Sh DSA EXAMPLES
To remove the pass phrase on a DSA private key:
.Pp
.Dl $ openssl dsa -in key.pem -out keyout.pem
.Pp
To encrypt a private key using triple DES:
.Pp
.Dl $ openssl dsa -in key.pem -des3 -out keyout.pem
.Pp
To convert a private key from PEM to DER format:
.Pp
.Dl $ openssl dsa -in key.pem -outform DER -out keyout.der
.Pp
To print out the components of a private key to standard output:
.Pp
.Dl $ openssl dsa -in key.pem -text -noout
.Pp
To just output the public part of a private key:
.Pp
.Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem
.\"
.\" DSAPARAM
.\"
.Sh DSAPARAM
.nr nS 1
.Nm "openssl dsaparam"
.Bk -words
.Op Fl C
.Op Fl genkey
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl text
.Op Ar numbits
.Ek
.nr nS 0
.Pp
The
.Nm dsaparam
command is used to manipulate or generate DSA parameter files.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl C
This option converts the parameters into C code.
The parameters can then be loaded by calling the
.Cm get_dsa Ns Ar XXX Ns Li ()
function.
.It Fl genkey
This option will generate a DSA either using the specified or generated
parameters.
.It Fl in Ar file
This specifies the input
.Ar file
to read parameters from, or standard input if this option is not specified.
If the
.Ar numbits
parameter is included, then this option will be ignored.
.It Fl inform Ar DER | PEM
This specifies the input format.

The
.Ar DER
argument uses an ASN1 DER-encoded form compatible with RFC 2459
.Pq PKIX
DSS-Parms that is a SEQUENCE consisting of p, q and g, respectively.
The
.Ar PEM
form is the default format:
it consists of the DER format base64-encoded with additional header
and footer lines.
.It Fl noout
This option inhibits the output of the encoded version of the parameters.
.It Ar numbits
This option specifies that a parameter set should be generated of size
.Ar numbits .
If this option is included, the input file
.Pq if any
is ignored.
.It Fl out Ar file
This specifies the output
.Ar file
to write parameters to.
Standard output is used if this option is not present.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl text
This option prints out the DSA parameters in human readable form.
.El
.Sh DSAPARAM NOTES
PEM format DSA parameters use the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN DSA PARAMETERS-----
-----END DSA PARAMETERS-----
.Ed
.Pp
DSA parameter generation is a slow process and as a result the same set of
DSA parameters is often used to generate several distinct keys.
.\"
.\" EC
.\"
.Sh EC
.nr nS 1
.Nm "openssl ec"
.Bk -words
.Op Fl conv_form Ar arg
.Op Fl des
.Op Fl des3
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl param_enc Ar arg
.Op Fl param_out
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text
.Ek
.nr nS 0
.Pp
The
.Nm ec
command processes EC keys.
They can be converted between various
forms and their components printed out.
Note:
.Nm OpenSSL
uses the private key format specified in
.Dq SEC 1: Elliptic Curve Cryptography
.Pq Lk http://www.secg.org/ .
To convert an
.Nm OpenSSL
EC private key into the PKCS#8 private key format use the
.Nm pkcs8
command.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl conv_form Ar arg
This specifies how the points on the elliptic curve are converted
into octet strings.
Possible values are:
.Cm compressed
(the default value),
.Cm uncompressed ,
and
.Cm hybrid .
For more information regarding
the point conversion forms please read the X9.62 standard.
Note:
Due to patent issues the
.Cm compressed
option is disabled by default for binary curves
and can be enabled by defining the preprocessor macro
.Ar OPENSSL_EC_BIN_PT_COMP
at compile time.
.It Fl des | des3
These options encrypt the private key with the DES, triple DES, or
any other cipher supported by
.Nm OpenSSL
before outputting it.
A pass phrase is prompted for.
If none of these options is specified the key is written in plain text.
This means that using the
.Nm ec
utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key,
or by setting the encryption options
it can be use to add or change the pass phrase.
These options can only be used with PEM format output files.
.It Fl in Ar file
This specifies the input filename to read a key from,
or standard input if this option is not specified.
If the key is encrypted a pass phrase will be prompted for.
.It Fl inform Ar DER | PEM
This specifies the input format.
DER with a private key uses
an ASN.1 DER-encoded SEC1 private key.
When used with a public key it
uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
PEM is the default format:
it consists of the DER format base64
encoded with additional header and footer lines.
In the case of a private key
PKCS#8 format is also accepted.
.It Fl noout
Prevents output of the encoded version of the key.
.It Fl out Ar file
Specifies the output filename to write a key to,
or standard output if none is specified.
If any encryption options are set then a pass phrase will be prompted for.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
This specifies the output format.
The options have the same meaning as the
.Fl inform
option.
.It Fl param_enc Ar arg
This specifies how the elliptic curve parameters are encoded.
Possible value are:
.Cm named_curve ,
i.e. the EC parameters are specified by an OID; or
.Cm explicit ,
where the EC parameters are explicitly given
(see RFC 3279 for the definition of the EC parameter structures).
The default value is
.Cm named_curve .
Note: the
.Cm implicitlyCA
alternative,
as specified in RFC 3279,
is currently not implemented in
.Nm OpenSSL .
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
By default a private key is read from the input file;
with this option a public key is read instead.
.It Fl pubout
By default a private key is output;
with this option a public key is output instead.
This option is automatically set if the input is a public key.
.It Fl text
Prints out the public/private key components and parameters.
.El
.Sh EC NOTES
The PEM private key format uses the header and footer lines:
.Bd -literal -offset indent
-----BEGIN EC PRIVATE KEY-----
-----END EC PRIVATE KEY-----
.Ed
.Pp
The PEM public key format uses the header and footer lines:
.Bd -literal -offset indent
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
.Ed
.Sh EC EXAMPLES
To encrypt a private key using triple DES:
.Bd -literal -offset indent
$ openssl ec -in key.pem -des3 -out keyout.pem
.Ed
.Pp
To convert a private key from PEM to DER format:
.Bd -literal -offset indent
$ openssl ec -in key.pem -outform DER -out keyout.der
.Ed
.Pp
To print out the components of a private key to standard output:
.Bd -literal -offset indent
$ openssl ec -in key.pem -text -noout
.Ed
.Pp
To just output the public part of a private key:
.Bd -literal -offset indent
$ openssl ec -in key.pem -pubout -out pubkey.pem
.Ed
.Pp
To change the parameter encoding to
.Cm explicit :
.Bd -literal -offset indent
$ openssl ec -in key.pem -param_enc explicit -out keyout.pem
.Ed
.Pp
To change the point conversion form to
.Cm compressed :
.Bd -literal -offset indent
$ openssl ec -in key.pem -conv_form compressed -out keyout.pem
.Ed
.Sh EC HISTORY
The
.Nm ec
command was first introduced in
.Nm OpenSSL
0.9.8.
.Sh EC AUTHORS
.An Nils Larsch .
.\"
.\" ECPARAM
.\"
.Sh ECPARAM
.nr nS 1
.Nm "openssl ecparam"
.Bk -words
.Op Fl C
.Op Fl check
.Op Fl conv_form Ar arg
.Op Fl genkey
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl list_curves
.Op Fl name Ar arg
.Op Fl no_seed
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl param_enc Ar arg
.Op Fl text
.Ek
.nr nS 0
.Pp


This command is used to manipulate or generate EC parameter files.




.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl C
Convert the EC parameters into C code.
The parameters can then be loaded by calling the
.Fn get_ec_group_XXX
function.
.It Fl check
Validate the elliptic curve parameters.
.It Fl conv_form Ar arg
Specify how the points on the elliptic curve are converted
into octet strings.
Possible values are:
.Cm compressed
(the default value),
.Cm uncompressed ,
and
.Cm hybrid .
For more information regarding
the point conversion forms please read the X9.62 standard.
Note:
Due to patent issues the
.Cm compressed
option is disabled by default for binary curves
and can be enabled by defining the preprocessor macro
.Ar OPENSSL_EC_BIN_PT_COMP
at compile time.
.It Fl genkey
Generate an EC private key using the specified parameters.
.It Fl in Ar file
Specify the input filename to read parameters from or standard input if
this option is not specified.
.It Fl inform Ar DER | PEM
Specify the input format.
DER uses an ASN.1 DER-encoded
form compatible with RFC 3279 EcpkParameters.
PEM is the default format:
it consists of the DER format base64 encoded with additional
header and footer lines.
.It Fl list_curves
Print out a list of all
currently implemented EC parameter names and exit.
.It Fl name Ar arg
Use the EC parameters with the specified 'short' name.
Use
.Fl list_curves
to get a list of all currently implemented EC parameters.
.It Fl no_seed
Inhibit that the 'seed' for the parameter generation
is included in the ECParameters structure (see RFC 3279).
.It Fl noout
Inhibit the output of the encoded version of the parameters.
.It Fl out Ar file
Specify the output filename parameters are written to.
Standard output is used if this option is not present.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
Specify the output format;
the parameters have the same meaning as the
.Fl inform
option.
.It Fl param_enc Ar arg
This specifies how the elliptic curve parameters are encoded.
Possible value are:
.Cm named_curve ,
i.e. the EC parameters are specified by an OID, or
.Cm explicit ,
where the EC parameters are explicitly given
(see RFC 3279 for the definition of the EC parameter structures).
The default value is
.Cm named_curve .
Note: the
.Cm implicitlyCA
alternative, as specified in RFC 3279,
is currently not implemented in
.Nm OpenSSL .
.It Fl text
Print out the EC parameters in human readable form.
.El
.Sh ECPARAM NOTES
PEM format EC parameters use the header and footer lines:
.Bd -literal -offset indent
-----BEGIN EC PARAMETERS-----
-----END EC PARAMETERS-----
.Ed
.Pp
.Nm OpenSSL
is currently not able to generate new groups and therefore
.Nm ecparam
can only create EC parameters from known (named) curves.
.Sh ECPARAM EXAMPLES
To create EC parameters with the group 'prime192v1':
.Bd -literal -offset indent
$ openssl ecparam -out ec_param.pem -name prime192v1
.Ed
.Pp
To create EC parameters with explicit parameters:
.Bd -literal -offset indent
$ openssl ecparam -out ec_param.pem -name prime192v1 \e
	-param_enc explicit
.Ed
.Pp
To validate given EC parameters:
.Bd -literal -offset indent
$ openssl ecparam -in ec_param.pem -check
.Ed
.Pp
To create EC parameters and a private key:
.Bd -literal -offset indent
$ openssl ecparam -out ec_key.pem -name prime192v1 -genkey
.Ed
.Pp
To change the point encoding to 'compressed':
.Bd -literal -offset indent
$ openssl ecparam -in ec_in.pem -out ec_out.pem \e
	-conv_form compressed
.Ed
.Pp
To print out the EC parameters to standard output:
.Bd -literal -offset indent
$ openssl ecparam -in ec_param.pem -noout -text
.Ed
.Sh ECPARAM HISTORY
The
.Nm ecparam
command was first introduced in
.Nm OpenSSL
0.9.8.
.Sh ECPARAM AUTHORS
.An Nils Larsch .
.\"
.\" ENC
.\"
.Sh ENC
.nr nS 1
.Nm "openssl enc"
.Bk -words
.Fl ciphername
.Op Fl AadePp
.Op Fl base64
.Op Fl bufsize Ar number
.Op Fl debug
.Op Fl in Ar file
.Op Fl iv Ar IV
.Op Fl K Ar key
.Op Fl k Ar password
.Op Fl kfile Ar file
.Op Fl md Ar digest
.Op Fl none
.Op Fl nopad
.Op Fl nosalt
.Op Fl out Ar file
.Op Fl pass Ar arg
.Op Fl S Ar salt
.Op Fl salt
.Ek
.nr nS 0
.Pp
The symmetric cipher commands allow data to be encrypted or decrypted
using various block and stream ciphers using keys based on passwords
or explicitly provided.
Base64 encoding or decoding can also be performed either by itself
or in addition to the encryption or decryption.











.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl A
If the
.Fl a
option is set, then base64 process the data on one line.
.It Fl a , base64
Base64 process the data.
This means that if encryption is taking place, the data is base64-encoded
after encryption.
If decryption is set, the input data is base64 decoded before
being decrypted.
.It Fl bufsize Ar number
Set the buffer size for I/O.
.It Fl d
Decrypt the input data.
.It Fl debug
Debug the BIOs used for I/O.
.It Fl e
Encrypt the input data: this is the default.

.It Fl in Ar file
The input
.Ar file ;
standard input by default.
.It Fl iv Ar IV
The actual
.Ar IV
.Pq initialisation vector
to use:
this must be represented as a string comprised only of hex digits.
When only the
.Ar key
is specified using the
.Fl K
option, the
.Ar IV
must explicitly be defined.
When a password is being specified using one of the other options,
the
.Ar IV
is generated from this password.
.It Fl K Ar key
The actual
.Ar key
to use:
this must be represented as a string comprised only of hex digits.
If only the key is specified, the
.Ar IV
must be additionally specified using the
.Fl iv
option.
When both a
.Ar key
and a
.Ar password
are specified, the
.Ar key
given with the
.Fl K
option will be used and the
.Ar IV
generated from the password will be taken.
It probably does not make much sense to specify both
.Ar key
and
.Ar password .
.It Fl k Ar password
The
.Ar password
to derive the key from.
This is for compatibility with previous versions of
.Nm OpenSSL .
Superseded by the
.Fl pass
option.
.It Fl kfile Ar file
Read the password to derive the key from the first line of
.Ar file .
This is for compatibility with previous versions of
.Nm OpenSSL .
Superseded by the
.Fl pass
option.
.It Fl md Ar digest
Use
.Ar digest
to create a key from a pass phrase.
.Ar digest
may be one of
.Dq md5
or
.Dq sha1 .
.It Fl none
Use NULL cipher (no encryption or decryption of input).
.It Fl nopad
Disable standard block padding.
.It Fl nosalt
Don't use a
.Ar salt
in the key derivation routines.
This option should
.Em NEVER
be used unless compatibility with previous versions of
.Nm OpenSSL
or
.Nm SSLeay
is required.


.It Fl out Ar file
The output
.Ar file ,
standard output by default.
.It Fl P
Print out the
.Ar salt ,
.Ar key ,
and
.Ar IV
used, then immediately exit;
don't do any encryption or decryption.
.It Fl p
Print out the
.Ar salt ,
.Ar key ,
and
.Ar IV
used.
.It Fl pass Ar arg
The password source.
.It Fl S Ar salt
The actual
.Ar salt
to use:
this must be represented as a string comprised only of hex digits.
.It Fl salt
Use a
.Ar salt
in the key derivation routines.
This is the default.
.El
.Sh ENC NOTES
The program can be called either as
.Nm openssl ciphername
or
.Nm openssl enc -ciphername .
.Pp
A password will be prompted for to derive the
.Ar key
and
.Ar IV
if necessary.
.Pp
The
.Fl nosalt
option should
.Em NEVER
be used unless compatibility with previous versions of
.Nm OpenSSL
or
.Nm SSLeay
is required.
.Pp
With the
.Fl nosalt
option it is possible to perform efficient dictionary
attacks on the password and to attack stream cipher encrypted data.
The reason for this is that without the salt
the same password always generates the same encryption key.
When the salt
is being used the first eight bytes of the encrypted data are reserved
for the salt:
it is generated at random when encrypting a file and read from the
encrypted file when it is decrypted.
.Pp
Some of the ciphers do not have large keys and others have security
implications if not used correctly.
A beginner is advised to just use a strong block cipher in CBC mode
such as bf or des3.
.Pp
All the block ciphers normally use PKCS#5 padding also known as standard block
padding:
this allows a rudimentary integrity or password check to be performed.
However, since the chance of random data passing the test is
better than 1 in 256, it isn't a very good test.
.Pp
If padding is disabled, the input data must be a multiple of the cipher
block length.
.Pp
All RC2 ciphers have the same key and effective key length.
.Pp
Blowfish and RC5 algorithms use a 128-bit key.
.Sh ENC SUPPORTED CIPHERS
.Bd -unfilled -offset indent
aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode
aes-[128|192|256]	Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode
aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode
aes-[128|192|256]-ecb	128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb	128/192/256 bit AES in OFB mode

base64			Base 64

bf			Alias for bf-cbc
bf-cbc			Blowfish in CBC mode
bf-cfb			Blowfish in CFB mode
bf-ecb			Blowfish in ECB mode
bf-ofb			Blowfish in OFB mode

cast			Alias for cast-cbc
cast-cbc		CAST in CBC mode
cast5-cbc		CAST5 in CBC mode
cast5-cfb		CAST5 in CFB mode
cast5-ecb		CAST5 in ECB mode
cast5-ofb		CAST5 in OFB mode

des			Alias for des-cbc
des-cbc			DES in CBC mode
des-cfb			DES in CBC mode
des-ecb			DES in ECB mode
des-ofb			DES in OFB mode

des-ede			Two key triple DES EDE in ECB mode
des-ede-cbc		Two key triple DES EDE in CBC mode
des-ede-cfb		Two key triple DES EDE in CFB mode
des-ede-ofb		Two key triple DES EDE in OFB mode

des3			Alias for des-ede3-cbc
des-ede3		Three key triple DES EDE in ECB mode
des-ede3-cbc		Three key triple DES EDE in CBC mode
des-ede3-cfb		Three key triple DES EDE CFB mode
des-ede3-ofb		Three key triple DES EDE in OFB mode

desx			DESX algorithm

rc2			Alias for rc2-cbc
rc2-cbc			128-bit RC2 in CBC mode
rc2-cfb			128-bit RC2 in CFB mode
rc2-ecb			128-bit RC2 in ECB mode
rc2-ofb			128-bit RC2 in OFB mode
rc2-64-cbc		64-bit RC2 in CBC mode
rc2-40-cbc		40-bit RC2 in CBC mode

rc4			128-bit RC4
rc4-40			40-bit RC4
.Ed
.Sh ENC EXAMPLES
Just base64 encode a binary file:
.Pp
.Dl $ openssl base64 -in file.bin -out file.b64
.Pp
Decode the same file:
.Pp
.Dl $ openssl base64 -d -in file.b64 -out file.bin
.Pp
Encrypt a file using triple DES in CBC mode using a prompted password:
.Pp
.Dl $ openssl des3 -salt -in file.txt -out file.des3
.Pp
Decrypt a file using a supplied password:
.Pp
.Dl "$ openssl des3 -d -in file.des3 -out file.txt -k mypassword"
.Pp
Encrypt a file then base64 encode it
(so it can be sent via mail for example)
using Blowfish in CBC mode:
.Pp
.Dl $ openssl bf -a -salt -in file.txt -out file.bf
.Pp
Base64 decode a file then decrypt it:
.Pp
.Dl "$ openssl bf -d -a -in file.bf -out file.txt"
.Sh ENC BUGS
The
.Fl A
option when used with large files doesn't work properly.
.Pp
There should be an option to allow an iteration count to be included.
.Pp
The
.Nm enc
program only supports a fixed number of algorithms with certain parameters.
Therefore it is not possible to use RC2 with a 76-bit key
or RC4 with an 84-bit key with this program.
.\"
.\" ERRSTR
.\"
.Sh ERRSTR
.Nm openssl errstr
.Op Fl stats
.Ar errno ...
.Pp
The
.Nm errstr







|


|


|

|



|
<
|

|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|

|

|
<
|


<
<
<
|
|
<
<





<
|

<
|
|

|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<



|


|


<









|

|


|


|
<
|


|
|
|
>
|
|
<
<
<
|
|
|
<
|
|
|

|

|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
<
<
<
<
<
<
<
<
<
<



<




|


|







<







<
|




<







|



|




|





|


|

|
<







|


|
|

|
|
<
<
<
<
<
<
<
<
<

|

|
|

<
<
<
|
|
<
<
<

|












|
<





|
<

|
<
|

|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<





|





|


<


>
>
|
>
>
>
>






|








|




|





|




|
|
|
|
<
<
<
<
<

|


|
<
<
<

|
|

|

<
<
|
|
<
|
|
<
<
<

|











|
<

|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<


















<







>
>
>
>
>
>
>
>
>
>
>











|








|
>

|
<
|










|
<
|

<
<
|





|
<
|










|
<
<








<
<






<
<









|

|





<
<
|
|
<
<
<
<
<
<
>
>

|
<
|

<
<
<
<
<
|


|
<
<
<
<
<








<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288

1289
1290
1291
1292

















1293
1294
1295
1296
1297
1298

1299
1300
1301



1302
1303


1304
1305
1306
1307
1308

1309
1310

1311
1312
1313
1314
1315



































1316
1317
1318

1319
1320
1321
1322
1323
1324
1325
1326
1327

1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345

1346
1347
1348
1349
1350
1351
1352
1353
1354



1355
1356
1357

1358
1359
1360
1361
1362
1363
1364
















1365












1366
1367
1368

1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383

1384
1385
1386
1387
1388
1389
1390

1391
1392
1393
1394
1395

1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423

1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438









1439
1440
1441
1442
1443
1444



1445
1446



1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461

1462
1463
1464
1465
1466
1467

1468
1469

1470
1471
1472
1473























































1474
1475
1476

1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490

1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534





1535
1536
1537
1538
1539



1540
1541
1542
1543
1544
1545


1546
1547

1548
1549



1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563

1564
1565
1566






















































1567
1568
1569

1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587

1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629

1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641

1642
1643


1644
1645
1646
1647
1648
1649
1650

1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662


1663
1664
1665
1666
1667
1668
1669
1670


1671
1672
1673
1674
1675
1676


1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693


1694
1695






1696
1697
1698
1699

1700
1701





1702
1703
1704
1705





1706
1707
1708
1709
1710
1711
1712
1713


1714






























1715
1716

1717
1718








































































1719









































1720
1721
1722
1723
1724
1725
1726
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc
Encrypt the private key with the AES, DES, or the triple DES
ciphers, respectively, before outputting it.
A pass phrase is prompted for.
If none of these options are specified, the key is written in plain text.
This means that using the
.Nm dsa
utility to read an encrypted key with no encryption option can be used to
remove the pass phrase from a key,
or by setting the encryption options it can be used to add or change
the pass phrase.
These options can only be used with PEM format output files.
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
If the key is encrypted, a pass phrase will be prompted for.
.It Fl inform Cm der | pem
The input format.

















.It Fl modulus
Print the value of the public key component of the key.
.It Fl noout
Do not output the encoded version of the key.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.
If any encryption options are set then a pass phrase will be
prompted for.



.It Fl outform Cm der | pem
The output format.


.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin

Read in a public key, not a private key.
.It Fl pubout

Output a public key, not a private key.
Automatically set if the input is a public key.
.It Fl text
Print the public/private key in plain text.
.El



































.Sh DSAPARAM
.nr nS 1
.Nm "openssl dsaparam"

.Op Fl C
.Op Fl genkey
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl text
.Op Ar numbits

.nr nS 0
.Pp
The
.Nm dsaparam
command is used to manipulate or generate DSA parameter files.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl C
Convert the parameters into C code.
The parameters can then be loaded by calling the
.No get_dsa Ns Ar XXX
function.
.It Fl genkey
Generate a DSA key either using the specified or generated
parameters.
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
If the
.Ar numbits
parameter is included, then this option is ignored.
.It Fl inform Cm der | pem
The input format.
.It Fl noout
Do not output the encoded version of the parameters.
.It Fl out Ar file



The output file to write to,
or standard output if not specified.
.It Fl outform Cm der | pem

The output format.
.It Fl text
Print the DSA parameters in plain text.
.It Ar numbits
Generate a parameter set of size
.Ar numbits .
If this option is included, the input file is ignored.
















.El












.Sh EC
.nr nS 1
.Nm "openssl ec"

.Op Fl conv_form Ar arg
.Op Fl des
.Op Fl des3
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl param_enc Ar arg
.Op Fl param_out
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text

.nr nS 0
.Pp
The
.Nm ec
command processes EC keys.
They can be converted between various
forms and their components printed out.

.Nm openssl
uses the private key format specified in
.Dq SEC 1: Elliptic Curve Cryptography
.Pq Lk http://www.secg.org/ .
To convert an

EC private key into the PKCS#8 private key format use the
.Nm pkcs8
command.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl conv_form Ar arg
Specify how the points on the elliptic curve are converted
into octet strings.
Possible values are:
.Cm compressed
(the default),
.Cm uncompressed ,
and
.Cm hybrid .
For more information regarding
the point conversion forms see the X9.62 standard.
Note:
Due to patent issues the
.Cm compressed
option is disabled by default for binary curves
and can be enabled by defining the preprocessor macro
.Dv OPENSSL_EC_BIN_PT_COMP
at compile time.
.It Fl des | des3
Encrypt the private key with DES, triple DES, or
any other cipher supported by
.Nm openssl .

A pass phrase is prompted for.
If none of these options is specified the key is written in plain text.
This means that using the
.Nm ec
utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key,
or by setting the encryption options
it can be used to add or change the pass phrase.
These options can only be used with PEM format output files.
.It Fl in Ar file
The input file to read a key from,
or standard input if not specified.
If the key is encrypted a pass phrase will be prompted for.
.It Fl inform Cm der | pem
The input format.









.It Fl noout
Do not output the encoded version of the key.
.It Fl out Ar file
The output filename to write to,
or standard output if not specified.
If any encryption options are set then a pass phrase will be prompted for.



.It Fl outform Cm der | pem
The output format.



.It Fl param_enc Ar arg
Specify how the elliptic curve parameters are encoded.
Possible value are:
.Cm named_curve ,
i.e. the EC parameters are specified by an OID; or
.Cm explicit ,
where the EC parameters are explicitly given
(see RFC 3279 for the definition of the EC parameter structures).
The default value is
.Cm named_curve .
Note: the
.Cm implicitlyCA
alternative,
as specified in RFC 3279,
is currently not implemented.

.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
Read in a public key, not a private key.

.It Fl pubout
Output a public key, not a private key.

Automatically set if the input is a public key.
.It Fl text
Print the public/private key in plain text.
.El























































.Sh ECPARAM
.nr nS 1
.Nm "openssl ecparam"

.Op Fl C
.Op Fl check
.Op Fl conv_form Ar arg
.Op Fl genkey
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl list_curves
.Op Fl name Ar arg
.Op Fl no_seed
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl param_enc Ar arg
.Op Fl text

.nr nS 0
.Pp
The
.Nm ecparam
command is used to manipulate or generate EC parameter files.
.Nm openssl
is not able to generate new groups so
.Nm ecparam
can only create EC parameters from known (named) curves.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl C
Convert the EC parameters into C code.
The parameters can then be loaded by calling the
.No get_ec_group_ Ns Ar XXX
function.
.It Fl check
Validate the elliptic curve parameters.
.It Fl conv_form Ar arg
Specify how the points on the elliptic curve are converted
into octet strings.
Possible values are:
.Cm compressed
(the default),
.Cm uncompressed ,
and
.Cm hybrid .
For more information regarding
the point conversion forms see the X9.62 standard.
Note:
Due to patent issues the
.Cm compressed
option is disabled by default for binary curves
and can be enabled by defining the preprocessor macro
.Dv OPENSSL_EC_BIN_PT_COMP
at compile time.
.It Fl genkey
Generate an EC private key using the specified parameters.
.It Fl in Ar file
The input file to read from,
or standard input if not specified.
.It Fl inform Cm der | pem
The input format.





.It Fl list_curves
Print a list of all
currently implemented EC parameter names and exit.
.It Fl name Ar arg
Use the EC parameters with the specified "short" name.



.It Fl no_seed
Do not include the seed for the parameter generation
in the ECParameters structure (see RFC 3279).
.It Fl noout
Do not output the encoded version of the parameters.
.It Fl out Ar file


The output file to write to,
or standard output if not specified.

.It Fl outform Cm der | pem
The output format.



.It Fl param_enc Ar arg
Specify how the elliptic curve parameters are encoded.
Possible value are:
.Cm named_curve ,
i.e. the EC parameters are specified by an OID, or
.Cm explicit ,
where the EC parameters are explicitly given
(see RFC 3279 for the definition of the EC parameter structures).
The default value is
.Cm named_curve .
Note: the
.Cm implicitlyCA
alternative, as specified in RFC 3279,
is currently not implemented.

.It Fl text
Print the EC parameters in plain text.
.El






















































.Sh ENC
.nr nS 1
.Nm "openssl enc"

.Fl ciphername
.Op Fl AadePp
.Op Fl base64
.Op Fl bufsize Ar number
.Op Fl debug
.Op Fl in Ar file
.Op Fl iv Ar IV
.Op Fl K Ar key
.Op Fl k Ar password
.Op Fl kfile Ar file
.Op Fl md Ar digest
.Op Fl none
.Op Fl nopad
.Op Fl nosalt
.Op Fl out Ar file
.Op Fl pass Ar arg
.Op Fl S Ar salt
.Op Fl salt

.nr nS 0
.Pp
The symmetric cipher commands allow data to be encrypted or decrypted
using various block and stream ciphers using keys based on passwords
or explicitly provided.
Base64 encoding or decoding can also be performed either by itself
or in addition to the encryption or decryption.
The program can be called either as
.Nm openssl Ar ciphername
or
.Nm openssl enc - Ns Ar ciphername .
.Pp
Some of the ciphers do not have large keys and others have security
implications if not used correctly.
All the block ciphers normally use PKCS#5 padding,
also known as standard block padding.
If padding is disabled, the input data must be a multiple of the cipher
block length.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl A
If the
.Fl a
option is set, then base64 process the data on one line.
.It Fl a , base64
Base64 process the data.
This means that if encryption is taking place, the data is base64-encoded
after encryption.
If decryption is set, the input data is base64-decoded before
being decrypted.
.It Fl bufsize Ar number
Set the buffer size for I/O.
.It Fl d
Decrypt the input data.
.It Fl debug
Debug the BIOs used for I/O.
.It Fl e
Encrypt the input data.
This is the default.
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
.It Fl iv Ar IV
The actual
.Ar IV
.Pq initialisation vector
to use:
this must be represented as a string comprised only of hex digits.
When only the
.Ar key
is specified using the
.Fl K
option,

the IV must explicitly be defined.
When a password is being specified using one of the other options,


the IV is generated from this password.
.It Fl K Ar key
The actual
.Ar key
to use:
this must be represented as a string comprised only of hex digits.
If only the key is specified,

the IV must also be specified using the
.Fl iv
option.
When both a
.Ar key
and a
.Ar password
are specified, the
.Ar key
given with the
.Fl K
option will be used and the IV generated from the password will be taken.


It probably does not make much sense to specify both
.Ar key
and
.Ar password .
.It Fl k Ar password
The
.Ar password
to derive the key from.


Superseded by the
.Fl pass
option.
.It Fl kfile Ar file
Read the password to derive the key from the first line of
.Ar file .


Superseded by the
.Fl pass
option.
.It Fl md Ar digest
Use
.Ar digest
to create a key from a pass phrase.
.Ar digest
may be one of
.Cm md5
or
.Cm sha1 .
.It Fl none
Use NULL cipher (no encryption or decryption of input).
.It Fl nopad
Disable standard block padding.
.It Fl nosalt


Don't use a salt in the key derivation routines.
This option should never be used






since it makes it possible to perform efficient dictionary
attacks on the password and to attack stream cipher encrypted data.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.
.It Fl P





Print out the salt, key, and IV used, then immediately exit;
don't do any encryption or decryption.
.It Fl p
Print out the salt, key, and IV used.





.It Fl pass Ar arg
The password source.
.It Fl S Ar salt
The actual
.Ar salt
to use:
this must be represented as a string comprised only of hex digits.
.It Fl salt


Use a salt in the key derivation routines (the default).






























When the salt is being used
the first eight bytes of the encrypted data are reserved for the salt:

it is randomly generated when encrypting a file and read from the
encrypted file when it is decrypted.








































































.El









































.Sh ERRSTR
.Nm openssl errstr
.Op Fl stats
.Ar errno ...
.Pp
The
.Nm errstr
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302




2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506










2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568

2569

2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
are all ASCII text.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl stats
Print debugging statistics about various aspects of the hash table.
.El
.Sh ERRSTR EXAMPLES
The following error code:
.Pp
.Dl 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
.Pp
\&...can be displayed with:
.Pp
.Dl $ openssl errstr 2006D080
.Pp
\&...to produce the error message:
.Pp
.Dl error:2006D080:BIO routines:BIO_new_file:no such file
.\"
.\" GENDH
.\"
.Sh GENDH
Generation of Diffie-Hellman Parameters.
Replaced by
.Nm dhparam .
See
.Sx DHPARAM
above.
.\"
.\" GENDSA
.\"
.Sh GENDSA
.nr nS 1
.Nm "openssl gendsa"
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl out Ar file
.Op Ar paramfile
.Ek
.nr nS 0
.Pp
The
.Nm gendsa
command generates a DSA private key from a DSA parameter file
(which will typically be generated by the
.Nm openssl dsaparam
command).




.Pp
The options are as follows:
.Bl -tag -width Ds
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc
These options encrypt the private key with the AES, DES,
or the triple DES ciphers, respectively, before outputting it.
A pass phrase is prompted for.
If none of these options are specified, no encryption is used.
.It Fl out Ar file
The output
.Ar file .
If this argument is not specified, standard output is used.
.It Ar paramfile
This option specifies the DSA parameter file to use.
The parameters in this file determine the size of the private key.
DSA parameters can be generated and examined using the
.Nm openssl dsaparam
command.
.El
.Sh GENDSA NOTES
DSA key generation is little more than random number generation so it is
much quicker than RSA key generation, for example.
.\"
.\" GENPKEY
.\"
.Sh GENPKEY
.nr nS 1
.Nm "openssl genpkey"
.Bk -words
.Op Fl algorithm Ar alg
.Op Ar cipher
.Op Fl genparam
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl paramfile Ar file
.Op Fl pass Ar arg
.Op Fl pkeyopt Ar opt : Ns Ar value
.Op Fl text
.Ek
.nr nS 0
.Pp
The
.Nm genpkey
command generates private keys.
The use of this
program is encouraged over the algorithm specific utilities
because additional algorithm options can be used.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl algorithm Ar alg
The public key algorithm to use,
such as RSA, DSA, or DH.
If used this option must precede any
.Fl pkeyopt
options.
The options
.Fl paramfile
and
.Fl algorithm
are mutually exclusive.
.It Ar cipher
Encrypt the private key with the supplied cipher.
Any algorithm name accepted by
.Fn EVP_get_cipherbyname
is acceptable, such as
.Cm des3 .
.It Fl genparam
Generate a set of parameters instead of a private key.
If used this option must precede any
.Fl algorithm ,
.Fl paramfile ,
or
.Fl pkeyopt
options.
.It Fl out Ar file
The output filename.
If this argument is not specified then standard output is used.
.It Fl outform Ar DER | PEM
This specifies the output format, DER or PEM.
.It Fl paramfile Ar file
Some public key algorithms generate a private key based on a set of parameters.
They can be supplied using this option.
If this option is used the public key
algorithm used is determined by the parameters.
If used this option must precede any
.Fl pkeyopt
options.
The options
.Fl paramfile
and
.Fl algorithm
are mutually exclusive.
.It Fl pass Ar arg
The output file password source.
.It Fl pkeyopt Ar opt : Ns Ar value
Set the public key algorithm option
.Ar opt
to
.Ar value .
The precise set of options supported
depends on the public key algorithm used and its implementation.
See
.Sx GENPKEY KEY GENERATION OPTIONS
below for more details.
.It Fl text
Print an (unencrypted) text representation of private and public keys and
parameters along with the DER or PEM structure.
.El
.Sh GENPKEY KEY GENERATION OPTIONS
The options supported by each algorithm
and indeed each implementation of an algorithm can vary.
The options for the
.Nm OpenSSL
implementations are detailed below.
.Bl -tag -width Ds -offset indent
.It rsa_keygen_bits : Ns Ar numbits
(RSA)
The number of bits in the generated key.
If not specified 2048 is used.
.It rsa_keygen_pubexp : Ns Ar value
(RSA)
The RSA public exponent value.
This can be a large decimal or hexadecimal value if preceded by 0x.
The default value is 65537.
.It dsa_paramgen_bits : Ns Ar numbits
(DSA)
The number of bits in the generated parameters.
If not specified 1024 is used.
.It dh_paramgen_prime_len : Ns Ar numbits
(DH)
The number of bits in the prime parameter
.Ar p .
.It dh_paramgen_generator : Ns Ar value
(DH)
The value to use for the generator
.Ar g .
.It ec_paramgen_curve : Ns Ar curve
(EC)
The EC curve to use.
.El
.Sh GENPKEY EXAMPLES
Generate an RSA private key using default parameters:
.Bd -literal -offset indent
$ openssl genpkey -algorithm RSA -out key.pem
.Ed
.Pp
Encrypt and output a private key using 128-bit AES and the passphrase "hello":
.Bd -literal -offset indent
$ openssl genpkey -algorithm RSA -out key.pem \e
	-aes-128-cbc -pass pass:hello
.Ed
.Pp
Generate a 2048-bit RSA key using 3 as the public exponent:
.Bd -literal -offset indent
$ openssl genpkey -algorithm RSA -out key.pem \e
	-pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
.Ed
.Pp
Generate 1024-bit DSA parameters:
.Bd -literal -offset indent
$ openssl genpkey -genparam -algorithm DSA \e
	-out dsap.pem -pkeyopt dsa_paramgen_bits:1024
.Ed
.Pp
Generate a DSA key from parameters:
.Bd -literal -offset indent
$ openssl genpkey -paramfile dsap.pem -out dsakey.pem
.Ed
.Pp
Generate 1024-bit DH parameters:
.Bd -literal -offset indent
$ openssl genpkey -genparam -algorithm DH \e
	-out dhp.pem -pkeyopt dh_paramgen_prime_len:1024
.Ed
.Pp
Generate a DH key from parameters:
.Bd -literal -offset indent
$ openssl genpkey -paramfile dhp.pem -out dhkey.pem
.Ed
.\"
.\" GENRSA
.\"
.Sh GENRSA
.nr nS 1
.Nm "openssl genrsa"
.Bk -words
.Op Fl 3 | f4
.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl out Ar file
.Op Fl passout Ar arg
.Op Ar numbits
.Ek
.nr nS 0
.Pp
The
.Nm genrsa
command generates an RSA private key.










.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 3 | f4
The public exponent to use, either 3 or 65537.
The default is 65537.
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc
These options encrypt the private key with the AES, DES,
or the triple DES ciphers, respectively, before outputting it.
If none of these options are specified, no encryption is used.
If encryption is used, a pass phrase is prompted for,
if it is not supplied via the
.Fl passout
option.
.It Fl out Ar file
The output
.Ar file .
If this argument is not specified, standard output is used.
.It Fl passout Ar arg
The output file password source.
.It Ar numbits
The size of the private key to generate in bits.
This must be the last option specified.
The default is 2048.
.El
.Sh GENRSA NOTES
RSA private key generation essentially involves the generation of two prime
numbers.
When generating a private key, various symbols will be output to
indicate the progress of the generation.
A
.Sq \&.
represents each number which has passed an initial sieve test;
.Sq +
means a number has passed a single round of the Miller-Rabin primality test.
A newline means that the number has passed all the prime tests
.Pq the actual number depends on the key size .
.Pp
Because key generation is a random process,
the time taken to generate a key may vary somewhat.
.Sh GENRSA BUGS
A quirk of the prime generation algorithm is that it cannot generate small
primes.
Therefore the number of bits should not be less that 64.
For typical private keys this will not matter because for security reasons
they will be much larger
.Pq typically 2048 bits .
.\"
.\" NSEQ
.\"
.Sh NSEQ
.Nm openssl nseq
.Op Fl in Ar file
.Op Fl out Ar file
.Op Fl toseq
.Pp
The
.Nm nseq
command takes a file containing a Netscape certificate

sequence and prints out the certificates contained in it or takes a

file of certificates and converts it into a Netscape certificate
sequence.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl in Ar file
This specifies the input
.Ar file
to read, or standard input if this option is not specified.
.It Fl out Ar file
Specifies the output
.Ar file ,
or standard output by default.
.It Fl toseq
Normally, a Netscape certificate sequence will be input and the output
is the certificates contained in it.
With the
.Fl toseq
option the situation is reversed:
a Netscape certificate sequence is created from a file of certificates.
.El
.Sh NSEQ EXAMPLES
Output the certificates in a Netscape certificate sequence:
.Bd -literal -offset indent
$ openssl nseq -in nseq.pem -out certs.pem
.Ed
.Pp
Create a Netscape certificate sequence:
.Bd -literal -offset indent
$ openssl nseq -in certs.pem -toseq -out nseq.pem
.Ed
.Sh NSEQ NOTES
The PEM-encoded form uses the same headers and footers as a certificate:
.Bd -unfilled -offset indent
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
.Ed
.Pp
A Netscape certificate sequence is a Netscape specific form that can be sent
to browsers as an alternative to the standard PKCS#7 format when several
certificates are sent to the browser:
for example during certificate enrollment.
It is used by the Netscape certificate server, for example.
.Sh NSEQ BUGS
This program needs a few more options,
like allowing DER or PEM input and output files
and allowing multiple certificate files to be used.
.\"
.\" OCSP
.\"
.Sh OCSP
.nr nS 1
.Nm "openssl ocsp"
.Bk -words
.Op Fl CA Ar file
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl dgst Ar alg
.Oo
.Fl host
.Ar hostname : Ns Ar port
.Oc
.Op Fl index Ar indexfile
.Op Fl issuer Ar file
.Op Fl ndays Ar days
.Op Fl nmin Ar minutes
.Op Fl no_cert_checks
.Op Fl no_cert_verify
.Op Fl no_certs







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<






<





|


>
>
>
>







|




|
<
|

|

<
<
<

<
<
<
<
<
<



<




|




<














|










|
|
<


|






|
|
|
|

|
|


|













|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<




|




|



|












<
<
<
<
|
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<

<
|
<
<



<




|
>
>
>
>
>
>
>
>
>
>






<
|
<
<
|







|
<
|







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








|
>
|
>
|
<




|
<
|

|
<
|








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<





<
<
|
<







1743
1744
1745
1746
1747
1748
1749

























1750
1751
1752

1753
1754
1755
1756
1757
1758

1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783

1784
1785
1786
1787



1788






1789
1790
1791

1792
1793
1794
1795
1796
1797
1798
1799
1800

1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827

1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860












1861


1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887




1888

1889



1890































1891
1892
1893

1894

1895


1896
1897
1898

1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919

1920


1921
1922
1923
1924
1925
1926
1927
1928
1929

1930
1931
1932
1933
1934
1935
1936
1937

























1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950

1951
1952
1953
1954
1955

1956
1957
1958

1959
1960
1961
1962
1963
1964
1965
1966
1967





























1968
1969
1970

1971
1972
1973
1974
1975


1976

1977
1978
1979
1980
1981
1982
1983
are all ASCII text.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl stats
Print debugging statistics about various aspects of the hash table.
.El

























.Sh GENDSA
.nr nS 1
.Nm "openssl gendsa"

.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl out Ar file
.Op Ar paramfile

.nr nS 0
.Pp
The
.Nm gendsa
command generates a DSA private key from a DSA parameter file
(typically generated by the
.Nm openssl dsaparam
command).
DSA key generation is little more than random number generation so it is
much quicker than,
for example,
RSA key generation.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc
Encrypt the private key with the AES, DES,
or the triple DES ciphers, respectively, before outputting it.
A pass phrase is prompted for.
If none of these options are specified, no encryption is used.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.
.It Ar paramfile
Specify the DSA parameter file to use.
The parameters in this file determine the size of the private key.



.El






.Sh GENPKEY
.nr nS 1
.Nm "openssl genpkey"

.Op Fl algorithm Ar alg
.Op Ar cipher
.Op Fl genparam
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl paramfile Ar file
.Op Fl pass Ar arg
.Op Fl pkeyopt Ar opt : Ns Ar value
.Op Fl text

.nr nS 0
.Pp
The
.Nm genpkey
command generates private keys.
The use of this
program is encouraged over the algorithm specific utilities
because additional algorithm options can be used.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl algorithm Ar alg
The public key algorithm to use,
such as RSA, DSA, or DH.
This option must precede any
.Fl pkeyopt
options.
The options
.Fl paramfile
and
.Fl algorithm
are mutually exclusive.
.It Ar cipher
Encrypt the private key with the supplied cipher.
Any algorithm name accepted by
.Xr EVP_get_cipherbyname 3
is acceptable.

.It Fl genparam
Generate a set of parameters instead of a private key.
This option must precede any
.Fl algorithm ,
.Fl paramfile ,
or
.Fl pkeyopt
options.
.It Fl out Ar file
The output file to write to,
or standard output if not specified.
.It Fl outform Cm der | pem
The output format.
.It Fl paramfile Ar file
Some public key algorithms generate a private key based on a set of parameters,
which can be supplied using this option.
If this option is used the public key
algorithm used is determined by the parameters.
This option must precede any
.Fl pkeyopt
options.
The options
.Fl paramfile
and
.Fl algorithm
are mutually exclusive.
.It Fl pass Ar arg
The output file password source.
.It Fl pkeyopt Ar opt : Ns Ar value
Set the public key algorithm option
.Ar opt
to
.Ar value ,












as follows:


.Bl -tag -width Ds -offset indent
.It rsa_keygen_bits : Ns Ar numbits
(RSA)
The number of bits in the generated key.
The default is 2048.
.It rsa_keygen_pubexp : Ns Ar value
(RSA)
The RSA public exponent value.
This can be a large decimal or hexadecimal value if preceded by 0x.
The default is 65537.
.It dsa_paramgen_bits : Ns Ar numbits
(DSA)
The number of bits in the generated parameters.
The default is 1024.
.It dh_paramgen_prime_len : Ns Ar numbits
(DH)
The number of bits in the prime parameter
.Ar p .
.It dh_paramgen_generator : Ns Ar value
(DH)
The value to use for the generator
.Ar g .
.It ec_paramgen_curve : Ns Ar curve
(EC)
The EC curve to use.
.El




.It Fl text

Print the private/public key in plain text.



.El































.Sh GENRSA
.nr nS 1
.Nm "openssl genrsa"

.Op Fl 3 | f4

.Op Fl aes128 | aes192 | aes256 | des | des3


.Op Fl out Ar file
.Op Fl passout Ar arg
.Op Ar numbits

.nr nS 0
.Pp
The
.Nm genrsa
command generates an RSA private key,
which essentially involves the generation of two prime numbers.
When generating the key,
various symbols will be output to indicate the progress of the generation.
A
.Sq \&.
represents each number which has passed an initial sieve test;
.Sq +
means a number has passed a single round of the Miller-Rabin primality test.
A newline means that the number has passed all the prime tests
(the actual number depends on the key size).
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 3 | f4
The public exponent to use, either 3 or 65537.
The default is 65537.

.It Fl aes128 | aes192 | aes256 | des | des3


Encrypt the private key with the AES, DES,
or the triple DES ciphers, respectively, before outputting it.
If none of these options are specified, no encryption is used.
If encryption is used, a pass phrase is prompted for,
if it is not supplied via the
.Fl passout
option.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.
.It Fl passout Ar arg
The output file password source.
.It Ar numbits
The size of the private key to generate in bits.
This must be the last option specified.
The default is 2048.
.El

























.Sh NSEQ
.Nm openssl nseq
.Op Fl in Ar file
.Op Fl out Ar file
.Op Fl toseq
.Pp
The
.Nm nseq
command takes a file containing a Netscape certificate sequence
(an alternative to the standard PKCS#7 format)
and prints out the certificates contained in it,
or takes a file of certificates
and converts it into a Netscape certificate sequence.

.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.
.It Fl toseq
Normally, a Netscape certificate sequence will be input and the output
is the certificates contained in it.
With the
.Fl toseq
option the situation is reversed:
a Netscape certificate sequence is created from a file of certificates.
.El





























.Sh OCSP
.nr nS 1
.Nm "openssl ocsp"

.Op Fl CA Ar file
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl dgst Ar alg


.Op Fl host Ar hostname : Ns Ar port

.Op Fl index Ar indexfile
.Op Fl issuer Ar file
.Op Fl ndays Ar days
.Op Fl nmin Ar minutes
.Op Fl no_cert_checks
.Op Fl no_cert_verify
.Op Fl no_certs
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705

2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
.Op Fl status_age Ar age
.Op Fl text
.Op Fl trust_other
.Op Fl url Ar responder_url
.Op Fl VAfile Ar file
.Op Fl validity_period Ar nsec
.Op Fl verify_other Ar file
.Ek
.nr nS 0
.Pp
The Online Certificate Status Protocol
.Pq OCSP
enables applications to determine the
.Pq revocation
state of an identified certificate
.Pq RFC 2560 .
.Pp
The
.Nm ocsp
command performs many common OCSP tasks.
It can be used to print out requests and responses,
create requests and send queries to an OCSP responder,
and behave like a mini OCSP server itself.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl CAfile Ar file , Fl CApath Ar directory
.Ar file
or
.Ar path
containing trusted CA certificates.
These are used to verify the signature on the OCSP response.
.It Fl cert Ar file
Add the certificate
.Ar file
to the request.
The issuer certificate is taken from the previous
.Fl issuer
option, or an error occurs if no issuer certificate is specified.
.It Fl dgst Ar alg
Sets the digest algorithm to use for certificate identification

in the OCSP request.
By default SHA-1 is used.
.It Xo
.Fl host Ar hostname : Ns Ar port ,
.Fl path Ar path
.Xc
If the
.Fl host
option is present, then the OCSP request is sent to the host
.Ar hostname
on port
.Ar port .
.Fl path
specifies the HTTP path name to use, or
.Sq /
by default.
.It Fl issuer Ar file
This specifies the current issuer certificate.
This option can be used multiple times.
The certificate specified in
.Ar file
must be in PEM format.
This option
.Em must
come before any
.Fl cert
options.
.It Fl no_cert_checks
Don't perform any additional checks on the OCSP response signer's certificate.
That is, do not make any checks to see if the signer's certificate is
authorised to provide the necessary status information:
as a result this option should only be used for testing purposes.
.It Fl no_cert_verify
Don't verify the OCSP response signer's certificate at all.
Since this option allows the OCSP response to be signed by any certificate,
it should only be used for testing purposes.
.It Fl no_certs
Don't include any certificates in signed request.
.It Fl no_chain
Do not use certificates in the response as additional untrusted CA
certificates.
.It Fl no_intern
Ignore certificates contained in the OCSP response
when searching for the signer's certificate.
With this option, the signer's certificate must be specified with either the
.Fl verify_other
or
.Fl VAfile
options.
.It Fl no_signature_verify
Don't check the signature on the OCSP response.
Since this option tolerates invalid signatures on OCSP responses,
it will normally only be used for testing purposes.
.It Fl nonce , no_nonce
Add an OCSP
.Em nonce
extension to a request or disable an OCSP
.Em nonce
addition.
Normally, if an OCSP request is input using the
.Fl respin
option no
.Em nonce
is added:
using the
.Fl nonce
option will force addition of a
.Em nonce .
If an OCSP request is being created (using the
.Fl cert
and
.Fl serial
options)
a
.Em nonce
is automatically added; specifying
.Fl no_nonce
overrides this.
.It Fl noverify
Don't attempt to verify the OCSP response signature or the
.Em nonce
values.
This option will normally only be used for debugging
since it disables all verification of the responder's certificate.
.It Fl out Ar file
Specify output
.Ar file ;
default is standard output.
.It Fl req_text , resp_text , text
Print out the text form of the OCSP request, response, or both, respectively.
.It Fl reqin Ar file , Fl respin Ar file
Read an OCSP request or response file from
.Ar file .
These options are ignored
if an OCSP request or response creation is implied by other options







<


|
<
|
<
|
<











<
<
<
|
|








|
>
|





|
<
|

|



|


|
|
<
<
<
<
<
<












|






|









|
<
|
<
<


|
<
<


|
<





<
<
|



|
<
<
|


|
<
|







2009
2010
2011
2012
2013
2014
2015

2016
2017
2018

2019

2020

2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031



2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050

2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061






2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091

2092


2093
2094
2095


2096
2097
2098

2099
2100
2101
2102
2103


2104
2105
2106
2107
2108


2109
2110
2111
2112

2113
2114
2115
2116
2117
2118
2119
2120
.Op Fl status_age Ar age
.Op Fl text
.Op Fl trust_other
.Op Fl url Ar responder_url
.Op Fl VAfile Ar file
.Op Fl validity_period Ar nsec
.Op Fl verify_other Ar file

.nr nS 0
.Pp
The Online Certificate Status Protocol (OCSP)

enables applications to determine the (revocation) state

of an identified certificate (RFC 2560).

.Pp
The
.Nm ocsp
command performs many common OCSP tasks.
It can be used to print out requests and responses,
create requests and send queries to an OCSP responder,
and behave like a mini OCSP server itself.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl CAfile Ar file , Fl CApath Ar directory



A file or path containing trusted CA certificates,
used to verify the signature on the OCSP response.
.It Fl cert Ar file
Add the certificate
.Ar file
to the request.
The issuer certificate is taken from the previous
.Fl issuer
option, or an error occurs if no issuer certificate is specified.
.It Fl dgst Ar alg
Use the digest algorithm
.Ar alg
for certificate identification in the OCSP request.
By default SHA-1 is used.
.It Xo
.Fl host Ar hostname : Ns Ar port ,
.Fl path Ar path
.Xc
Send

the OCSP request to
.Ar hostname
on
.Ar port .
.Fl path
specifies the HTTP path name to use, or
.Pa /
by default.
.It Fl issuer Ar file
The current issuer certificate, in PEM format.
Can be used multiple times and must come before any






.Fl cert
options.
.It Fl no_cert_checks
Don't perform any additional checks on the OCSP response signer's certificate.
That is, do not make any checks to see if the signer's certificate is
authorised to provide the necessary status information:
as a result this option should only be used for testing purposes.
.It Fl no_cert_verify
Don't verify the OCSP response signer's certificate at all.
Since this option allows the OCSP response to be signed by any certificate,
it should only be used for testing purposes.
.It Fl no_certs
Don't include any certificates in the signed request.
.It Fl no_chain
Do not use certificates in the response as additional untrusted CA
certificates.
.It Fl no_intern
Ignore certificates contained in the OCSP response
when searching for the signer's certificate.
The signer's certificate must be specified with either the
.Fl verify_other
or
.Fl VAfile
options.
.It Fl no_signature_verify
Don't check the signature on the OCSP response.
Since this option tolerates invalid signatures on OCSP responses,
it will normally only be used for testing purposes.
.It Fl nonce , no_nonce
Add an OCSP nonce extension to a request,

or disable an OCSP nonce addition.


Normally, if an OCSP request is input using the
.Fl respin
option no nonce is added:


using the
.Fl nonce
option will force the addition of a nonce.

If an OCSP request is being created (using the
.Fl cert
and
.Fl serial
options)


a nonce is automatically added; specifying
.Fl no_nonce
overrides this.
.It Fl noverify
Don't attempt to verify the OCSP response signature or the nonce values.


This is normally only be used for debugging
since it disables all verification of the responder's certificate.
.It Fl out Ar file
Specify the output file to write to,

or standard output if not specified.
.It Fl req_text , resp_text , text
Print out the text form of the OCSP request, response, or both, respectively.
.It Fl reqin Ar file , Fl respin Ar file
Read an OCSP request or response file from
.Ar file .
These options are ignored
if an OCSP request or response creation is implied by other options
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
Same as the
.Fl cert
option except the certificate with serial number
.Ar num
is added to the request.
The serial number is interpreted as a decimal integer unless preceded by
.Sq 0x .
Negative integers can also be specified by preceding the value with a
.Sq -
sign.
.It Fl sign_other Ar file
Additional certificates to include in the signed request.
.It Fl signer Ar file , Fl signkey Ar file
Sign the OCSP request using the certificate specified in the
.Fl signer
option and the private key specified by the
.Fl signkey







|
<
|







2130
2131
2132
2133
2134
2135
2136
2137

2138
2139
2140
2141
2142
2143
2144
2145
Same as the
.Fl cert
option except the certificate with serial number
.Ar num
is added to the request.
The serial number is interpreted as a decimal integer unless preceded by
.Sq 0x .
Negative integers can also be specified

by preceding the value with a minus sign.
.It Fl sign_other Ar file
Additional certificates to include in the signed request.
.It Fl signer Ar file , Fl signkey Ar file
Sign the OCSP request using the certificate specified in the
.Fl signer
option and the private key specified by the
.Fl signkey
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886

2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004

3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139

3140
3141
3142

3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203

3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293



3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491


3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
or trusting a root CA is not appropriate.
.It Fl url Ar responder_url
Specify the responder URL.
Both HTTP and HTTPS
.Pq SSL/TLS
URLs can be specified.
.It Fl VAfile Ar file
.Ar file
containing explicitly trusted responder certificates.
Equivalent to the
.Fl verify_other
and
.Fl trust_other
options.
.It Fl validity_period Ar nsec , Fl status_age Ar age
These options specify the range of times, in seconds, which will be tolerated
in an OCSP response.
Each certificate status response includes a
.Em notBefore
time and an optional
.Em notAfter
time.
The current time should fall between these two values,
but the interval between the two times may be only a few seconds.
In practice the OCSP responder and clients' clocks may not be precisely
synchronised and so such a check may fail.
To avoid this the
.Fl validity_period
option can be used to specify an acceptable error range in seconds,
the default value is 5 minutes.
.Pp
If the
.Em notAfter
time is omitted from a response, then this means that new status
information is immediately available.
In this case the age of the
.Em notBefore
field is checked to see it is not older than
.Ar age
seconds old.
By default, this additional check is not performed.
.It Fl verify_other Ar file
.Ar file
containing additional certificates to search when attempting to locate
the OCSP response signing certificate.
Some responders omit the actual signer's certificate from the response;
this option can be used to supply the necessary certificate in such cases.
.El

.Sh OCSP SERVER OPTIONS
.Bl -tag -width "XXXX"
.It Fl CA Ar file
CA certificate corresponding to the revocation information in
.Ar indexfile .
.It Fl index Ar indexfile
.Ar indexfile
is a text index file in
.Nm ca
format containing certificate revocation information.
.Pp
If the
.Fl index
option is specified, the
.Nm ocsp
utility is in
.Em responder
mode, otherwise it is in
.Em client
mode.
The request(s) the responder processes can be either specified on
the command line (using the
.Fl issuer
and
.Fl serial
options), supplied in a file (using the
.Fl respin
option) or via external OCSP clients (if
.Ar port
or
.Ar url
is specified).
.Pp
If the
.Fl index
option is present, then the
.Fl CA
and
.Fl rsigner
options must also be present.
.It Fl nmin Ar minutes , Fl ndays Ar days
Number of
.Ar minutes
or
.Ar days
when fresh revocation information is available: used in the
.Ar nextUpdate
field.
If neither option is present, the
.Em nextUpdate
field is omitted, meaning fresh revocation information is immediately available.
.It Fl nrequest Ar number
The OCSP server will exit after receiving
.Ar number
requests, default unlimited.
.It Fl port Ar portnum
Port to listen for OCSP requests on.
The port may also be specified using the
.Fl url
option.
.It Fl resp_key_id
Identify the signer certificate using the key ID;
default is to use the subject name.
.It Fl resp_no_certs
Don't include any certificates in the OCSP response.
.It Fl rkey Ar file
The private key to sign OCSP responses with;
if not present, the file specified in the
.Fl rsigner
option is used.
.It Fl rother Ar file
Additional certificates to include in the OCSP response.
.It Fl rsigner Ar file
The certificate to sign OCSP responses with.
.El
.Sh OCSP RESPONSE VERIFICATION
OCSP Response follows the rules specified in RFC 2560.
.Pp
Initially the OCSP responder certificate is located and the signature on
the OCSP request checked using the responder certificate's public key.
.Pp
Then a normal certificate verify is performed on the OCSP responder certificate
building up a certificate chain in the process.
The locations of the trusted certificates used to build the chain can be
specified by the
.Fl CAfile
and
.Fl CApath
options or they will be looked for in the standard
.Nm OpenSSL
certificates
directory.
.Pp
If the initial verify fails, the OCSP verify process halts with an
error.
.Pp
Otherwise the issuing CA certificate in the request is compared to the OCSP
responder certificate: if there is a match then the OCSP verify succeeds.
.Pp
Otherwise the OCSP responder certificate's CA is checked against the issuing
CA certificate in the request.
If there is a match and the OCSPSigning extended key usage is present
in the OCSP responder certificate, then the OCSP verify succeeds.
.Pp
Otherwise the root CA of the OCSP responder's CA is checked to see if it
is trusted for OCSP signing.
If it is, the OCSP verify succeeds.
.Pp
If none of these checks is successful, the OCSP verify fails.
.Pp
What this effectively means is that if the OCSP responder certificate is
authorised directly by the CA it is issuing revocation information about
.Pq and it is correctly configured ,
then verification will succeed.
.Pp
If the OCSP responder is a
.Em global responder
which can give details about multiple CAs and has its own separate

certificate chain, then its root CA can be trusted for OCSP signing.
For example:
.Bd -literal -offset indent
$ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e
	-out trustedCA.pem
.Ed
.Pp
Alternatively, the responder certificate itself can be explicitly trusted
with the
.Fl VAfile
option.
.Sh OCSP NOTES
As noted, most of the verify options are for testing or debugging purposes.
Normally, only the
.Fl CApath , CAfile
and
.Pq if the responder is a `global VA'
.Fl VAfile
options need to be used.
.Pp
The OCSP server is only useful for test and demonstration purposes:
it is not really usable as a full OCSP responder.
It contains only a very simple HTTP request handling and can only handle
the POST form of OCSP queries.
It also handles requests serially, meaning it cannot respond to
new requests until it has processed the current one.
The text index file format of revocation is also inefficient for large
quantities of revocation data.
.Pp
It is possible to run the
.Nm ocsp
application in
.Em responder
mode via a CGI script using the
.Fl respin
and
.Fl respout
options.
.Sh OCSP EXAMPLES
Create an OCSP request and write it to a file:
.Bd -literal -offset indent
$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
	-reqout req.der
.Ed
.Pp
Send a query to an OCSP responder with URL
.Pa http://ocsp.myhost.com/ ,
save the response to a file and print it out in text form:
.Bd -literal -offset indent
$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
	-url http://ocsp.myhost.com/ -resp_text -respout resp.der
.Ed
.Pp
Read in an OCSP response and print out in text form:
.Pp
.Dl $ openssl ocsp -respin resp.der -text
.Pp
OCSP server on port 8888 using a standard
.Nm ca
configuration, and a separate responder certificate.
All requests and responses are printed to a file:
.Bd -literal -offset indent
$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
	rcert.pem -CA demoCA/cacert.pem -text -out log.txt
.Ed
.Pp
As above, but exit after processing one request:
.Bd -literal -offset indent
$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
	rcert.pem -CA demoCA/cacert.pem -nrequest 1
.Ed
.Pp
Query status information using internally generated request:
.Bd -literal -offset indent
$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
	demoCA/cacert.pem -issuer demoCA/cacert.pem -serial 1
.Ed
.Pp
Query status information using request read from a file and write
the response to a second file:
.Bd -literal -offset indent
$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
	demoCA/cacert.pem -reqin req.der -respout resp.der
.Ed
.\"
.\" PASSWD
.\"
.Sh PASSWD
.nr nS 1
.Nm "openssl passwd"
.Op Fl 1 | apr1 | crypt
.Op Fl in Ar file
.Op Fl noverify
.Op Fl quiet
.Op Fl reverse
.Op Fl salt Ar string
.Op Fl stdin
.Op Fl table
.Op Ar password
.nr nS 0
.Pp
The
.Nm passwd
command computes the hash of a password typed at run-time
or the hash of each password in a list.
The password list is taken from the named
.Ar file
for option
.Fl in ,
from stdin for option
.Fl stdin ,
or from the command line, or from the terminal otherwise.
The
.Ux
standard algorithm
.Em crypt
and the MD5-based
.Bx
password algorithm
.Em 1
and its Apache variant
.Em apr1
are available.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 1
Use the MD5 based
.Bx
password algorithm
.Em 1 .
.It Fl apr1
Use the
.Em apr1
algorithm

.Pq Apache variant of the
.Bx
algorithm.

.It Fl crypt
Use the
.Em crypt
algorithm
.Pq default .
.It Fl in Ar file
Read passwords from
.Ar file .
.It Fl noverify
Don't verify when reading a password from the terminal.
.It Fl quiet
Don't output warnings when passwords given on the command line are truncated.
.It Fl reverse
Switch table columns.
This only makes sense in conjunction with the
.Fl table
option.
.It Fl salt Ar string
Use the specified
.Ar salt .
When reading a password from the terminal, this implies
.Fl noverify .
.It Fl stdin
Read passwords from
.Em stdin .
.It Fl table
In the output list, prepend the cleartext password and a TAB character
to each password hash.
.El
.Sh PASSWD EXAMPLES
.Dl $ openssl passwd -crypt -salt xx password
prints
.Qq xxj31ZMTZzkVA .
.Pp
.Dl $ openssl passwd -1 -salt xxxxxxxx password
prints
.Qq $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. .
.Pp
.Dl $ openssl passwd -apr1 -salt xxxxxxxx password
prints
.Qq $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 .
.\"
.\" PKCS7
.\"
.Sh PKCS7
.nr nS 1
.Nm "openssl pkcs7"
.Bk -words
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl print_certs
.Op Fl text
.Ek
.nr nS 0
.Pp
The
.Nm pkcs7
command processes PKCS#7 files in DER or PEM format.

.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl in Ar file
This specifies the input
.Ar file
to read from, or standard input if this option is not specified.
.It Fl inform Ar DER | PEM
This specifies the input format.
.Ar DER
format is a DER-encoded PKCS#7 v1.5 structure.
.Ar PEM
.Pq the default
is a base64-encoded version of the DER form with header and footer lines.
.It Fl noout
Don't output the encoded version of the PKCS#7 structure
(or certificates if
.Fl print_certs
is set).
.It Fl out Ar file
Specifies the output
.Ar file
to write to, or standard output by default.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl print_certs
Prints out any certificates or CRLs contained in the file.
They are preceded by their subject and issuer names in a one-line format.
.It Fl text
Prints out certificate details in full rather than just subject and
issuer names.
.El
.Sh PKCS7 EXAMPLES
Convert a PKCS#7 file from PEM to DER:
.Pp
.Dl $ openssl pkcs7 -in file.pem -outform DER -out file.der
.Pp
Output all certificates in a file:
.Pp
.Dl $ openssl pkcs7 -in file.pem -print_certs -out certs.pem
.Sh PKCS7 NOTES
The PEM PKCS#7 format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN PKCS7-----
-----END PKCS7-----
.Ed
.Pp
For compatibility with some CAs it will also accept:
.Bd -unfilled -offset indent
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
.Ed
.Sh PKCS7 RESTRICTIONS
There is no option to print out all the fields of a PKCS#7 file.
.Pp
The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
They cannot currently parse, for example, the new CMS as described in RFC 2630.
.\"
.\" PKCS8
.\"
.Sh PKCS8
.nr nS 1
.Nm "openssl pkcs8"
.Bk -words
.Op Fl embed
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl nocrypt
.Op Fl noiter
.Op Fl nooct
.Op Fl nsdb
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl topk8
.Op Fl v1 Ar alg
.Op Fl v2 Ar alg
.Ek
.nr nS 0
.Pp
The
.Nm pkcs8
command processes private keys in PKCS#8 format.
It can handle both unencrypted PKCS#8 PrivateKeyInfo format
and EncryptedPrivateKeyInfo format with a variety of PKCS#5
.Pq v1.5 and v2.0
and PKCS#12 algorithms.



.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl embed
This option generates DSA keys in a broken format.
The DSA parameters are embedded inside the
.Em PrivateKey
structure.
In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of
two structures:
a SEQUENCE containing the parameters and an ASN1 INTEGER containing
the private key.
.It Fl in Ar file
This specifies the input
.Ar file
to read a key from, or standard input if this option is not specified.
If the key is encrypted, a pass phrase will be prompted for.
.It Fl inform Ar DER | PEM
This specifies the input format.
If a PKCS#8 format key is expected on input,
then either a
DER- or PEM-encoded version of a PKCS#8 key will be expected.
Otherwise the DER or PEM format of the traditional format private key is used.
.It Fl nocrypt
PKCS#8 keys generated or input are normally PKCS#8
.Em EncryptedPrivateKeyInfo
structures using an appropriate password-based encryption algorithm.
With this option, an unencrypted
.Em PrivateKeyInfo
structure is expected or output.
This option does not encrypt private keys at all and should only be used
when absolutely necessary.
Certain software such as some versions of Java code signing software use
unencrypted private keys.
.It Fl noiter
Use an iteration count of 1.
See the
.Sx PKCS12
section below for a detailed explanation of this option.
.It Fl nooct
This option generates RSA private keys in a broken format that some software
uses.
Specifically the private key should be enclosed in an OCTET STRING,
but some software just includes the structure itself without the
surrounding OCTET STRING.
.It Fl nsdb
This option generates DSA keys in a broken format compatible with Netscape
private key databases.
The
.Em PrivateKey
contains a SEQUENCE consisting of the public and private keys, respectively.
.It Fl out Ar file
This specifies the output
.Ar file
to write a key to, or standard output by default.
If any encryption options are set, a pass phrase will be prompted for.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl topk8
Normally, a PKCS#8 private key is expected on input and a traditional format
private key will be written.
With the
.Fl topk8
option the situation is reversed:
it reads a traditional format private key and writes a PKCS#8 format key.
.It Fl v1 Ar alg
This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use.
A complete list of possible algorithms is included below.
.It Fl v2 Ar alg
This option enables the use of PKCS#5 v2.0 algorithms.
Normally, PKCS#8 private keys are encrypted with the password-based
encryption algorithm called
.Em pbeWithMD5AndDES-CBC ;
this uses 56-bit DES encryption but it was the strongest encryption
algorithm supported in PKCS#5 v1.5.
Using the
.Fl v2
option PKCS#5 v2.0 algorithms are used which can use any
encryption algorithm such as 168-bit triple DES or 128-bit RC2, however
not many implementations support PKCS#5 v2.0 yet.
If using private keys with
.Nm OpenSSL
then this doesn't matter.
.Pp
The
.Ar alg
argument is the encryption algorithm to use; valid values include
.Ar des , des3 ,
and
.Ar rc2 .
It is recommended that
.Ar des3
is used.
.El
.Sh PKCS8 NOTES
The encrypted form of a PEM-encoded PKCS#8 file uses the following
headers and footers:
.Bd -unfilled -offset indent
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
.Ed
.Pp
The unencrypted form uses:
.Bd -unfilled -offset indent
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
.Ed
.Pp
Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
counts are more secure than those encrypted using the traditional
.Nm SSLeay
compatible formats.
So if additional security is considered important, the keys should be converted.
.Pp
The default encryption is only 56 bits because this is the encryption
that most current implementations of PKCS#8 support.
.Pp
Some software may use PKCS#12 password-based encryption algorithms
with PKCS#8 format private keys: these are handled automatically
but there is no option to produce them.
.Pp
It is possible to write out
DER-encoded encrypted private keys in PKCS#8 format because the encryption
details are included at an ASN1
level whereas the traditional format includes them at a PEM level.
.Sh PKCS#5 V1.5 AND PKCS#12 ALGORITHMS
Various algorithms can be used with the
.Fl v1
command line option, including PKCS#5 v1.5 and PKCS#12.
These are described in more detail below.
.Pp
.Bl -tag -width "XXXX" -compact
.It Ar PBE-MD5-DES
These algorithms were included in the original PKCS#5 v1.5 specification.
They only offer 56 bits of protection since they both use DES.
.Pp
.It Ar PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software.
They are mentioned in PKCS#5 v2.0.
They use either 64-bit RC2 or 56-bit DES.
.Pp
.It Ar PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES | PBE-SHA1-2DES
.It Ar PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
These algorithms use the PKCS#12 password-based encryption algorithm and
allow strong encryption algorithms like triple DES or 128-bit RC2 to be used.
.El
.Sh PKCS8 EXAMPLES
Convert a private key from traditional to PKCS#5 v2.0 format using triple DES:
.Pp
.Dl "$ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem"
.Pp
Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
.Pq DES :
.Pp
.Dl $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
.Pp
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
.Pq 3DES :
.Bd -literal -offset indent
$ openssl pkcs8 -in key.pem -topk8 -out enckey.pem \e
	-v1 PBE-SHA1-3DES
.Ed
.Pp
Read a DER-unencrypted PKCS#8 format private key:
.Pp
.Dl "$ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem"
.Pp
Convert a private key from any PKCS#8 format to traditional format:
.Pp
.Dl $ openssl pkcs8 -in pk8.pem -out key.pem
.Sh PKCS8 STANDARDS
Test vectors from this PKCS#5 v2.0 implementation were posted to the
pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts;
several people confirmed that they could decrypt the private
keys produced and therefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
.Pp
The format of PKCS#8 DSA
.Pq and other
private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9;
.Nm OpenSSL Ns Li 's
default DSA PKCS#8 private key format complies with this standard.
.Sh PKCS8 BUGS
There should be an option that prints out the encryption algorithm
in use and other details such as the iteration count.


.Pp
PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
key format; for
.Nm OpenSSL
compatibility, several of the utilities use the old format at present.
.\"
.\" PKCS12
.\"
.Sh PKCS12
.nr nS 1
.Nm "openssl pkcs12"
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl cacerts
.Op Fl CAfile Ar file
.Op Fl caname Ar name
.Op Fl CApath Ar directory
.Op Fl certfile Ar file
.Op Fl certpbe Ar alg
.Op Fl chain







<
|






|
<
|
<
|
<
<







|

<
<
|
|
|
<
|




<
|
|
|
|

>
|






|
<
|

<
<
|

<
<
|
<
<
|






|





<
<
|









|
|
<
|
|
|

|

|


|




|












<
<



<








|
|
<

|
<
<













<


|


|
<
|
>
|
<
<
<
<
<
<




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







|


|

>
|

|
>


|
|
<













|
|



|
<




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<

|


|


<





>




|
<
|
|
|
<
<
<
<
<






|
<
|
|
|
<
<

|
|

|
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<


|





|





<




|
|
|
<
|
>
>
>




|
|
<
<
|

|


|
<
|

|
|
<
<
<
<

<
<
<
<
|
<
|
|
<
<






|
<




|

<
|
|

|
<
|

<
<
<
|
|
<
<





<
<
<
<
<
|

|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|
<
|
<
|
<
<
<
<
|
<
|
|
|
|

|
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
|
<
|
<
|
<
<
<
<
<

<
|
<
<
<
<
<
|
<
>
>
|
<
<
<
<
<
<
<



<
<
|
<
<







2158
2159
2160
2161
2162
2163
2164

2165
2166
2167
2168
2169
2170
2171
2172

2173

2174


2175
2176
2177
2178
2179
2180
2181
2182
2183


2184
2185
2186

2187
2188
2189
2190
2191

2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205

2206
2207


2208
2209


2210


2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223


2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235

2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262


2263
2264
2265

2266
2267
2268
2269
2270
2271
2272
2273
2274
2275

2276
2277


2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290

2291
2292
2293
2294
2295
2296

2297
2298
2299






2300
2301
2302
2303












































































2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320



















2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341

2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360

2361
2362
2363
2364















2365
2366
2367

2368
2369
2370
2371
2372
2373
2374

2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385

2386
2387
2388





2389
2390
2391
2392
2393
2394
2395

2396
2397
2398


2399
2400
2401
2402
2403

2404




























2405
2406
2407

2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421

2422
2423
2424
2425
2426
2427
2428

2429
2430
2431
2432
2433
2434
2435
2436
2437
2438


2439
2440
2441
2442
2443
2444

2445
2446
2447
2448




2449




2450

2451
2452


2453
2454
2455
2456
2457
2458
2459

2460
2461
2462
2463
2464
2465

2466
2467
2468
2469

2470
2471



2472
2473


2474
2475
2476
2477
2478





2479
2480
2481
















2482















































2483
2484

2485

2486




2487

2488
2489
2490
2491
2492
2493
2494



2495











2496



2497

2498

2499





2500

2501





2502

2503
2504
2505







2506
2507
2508


2509


2510
2511
2512
2513
2514
2515
2516
or trusting a root CA is not appropriate.
.It Fl url Ar responder_url
Specify the responder URL.
Both HTTP and HTTPS
.Pq SSL/TLS
URLs can be specified.
.It Fl VAfile Ar file

A file containing explicitly trusted responder certificates.
Equivalent to the
.Fl verify_other
and
.Fl trust_other
options.
.It Fl validity_period Ar nsec , Fl status_age Ar age
The range of times, in seconds, which will be tolerated in an OCSP response.

Each certificate status response includes a notBefore time

and an optional notAfter time.


The current time should fall between these two values,
but the interval between the two times may be only a few seconds.
In practice the OCSP responder and clients' clocks may not be precisely
synchronised and so such a check may fail.
To avoid this the
.Fl validity_period
option can be used to specify an acceptable error range in seconds,
the default value being 5 minutes.
.Pp


If the notAfter time is omitted from a response,
it means that new status information is immediately available.
In this case the age of the notBefore field is checked

to see it is not older than
.Ar age
seconds old.
By default, this additional check is not performed.
.It Fl verify_other Ar file

A file containing additional certificates to search
when attempting to locate the OCSP response signing certificate.
Some responders omit the actual signer's certificate from the response,
so this can be used to supply the necessary certificate.
.El
.Pp
The options for the OCSP server are as follows:
.Bl -tag -width "XXXX"
.It Fl CA Ar file
CA certificate corresponding to the revocation information in
.Ar indexfile .
.It Fl index Ar indexfile
.Ar indexfile
is a text index file in ca format

containing certificate revocation information.
.Pp


If this option is specified,
.Nm ocsp


is in responder mode, otherwise it is in client mode.


The requests the responder processes can be either specified on
the command line (using the
.Fl issuer
and
.Fl serial
options), supplied in a file (using the
.Fl respin
option), or via external OCSP clients (if
.Ar port
or
.Ar url
is specified).
.Pp


If this option is present, then the
.Fl CA
and
.Fl rsigner
options must also be present.
.It Fl nmin Ar minutes , Fl ndays Ar days
Number of
.Ar minutes
or
.Ar days
when fresh revocation information is available:
used in the nextUpdate field.

If neither option is present,
the nextUpdate field is omitted,
meaning fresh revocation information is immediately available.
.It Fl nrequest Ar number
Exit after receiving
.Ar number
requests (the default is unlimited).
.It Fl port Ar portnum
Port to listen for OCSP requests on.
May also be specified using the
.Fl url
option.
.It Fl resp_key_id
Identify the signer certificate using the key ID;
the default is to use the subject name.
.It Fl resp_no_certs
Don't include any certificates in the OCSP response.
.It Fl rkey Ar file
The private key to sign OCSP responses with;
if not present, the file specified in the
.Fl rsigner
option is used.
.It Fl rother Ar file
Additional certificates to include in the OCSP response.
.It Fl rsigner Ar file
The certificate to sign OCSP responses with.
.El


.Pp
Initially the OCSP responder certificate is located and the signature on
the OCSP request checked using the responder certificate's public key.

Then a normal certificate verify is performed on the OCSP responder certificate
building up a certificate chain in the process.
The locations of the trusted certificates used to build the chain can be
specified by the
.Fl CAfile
and
.Fl CApath
options or they will be looked for in the standard
.Nm openssl
certificates directory.

.Pp
If the initial verify fails, the OCSP verify process halts with an error.


Otherwise the issuing CA certificate in the request is compared to the OCSP
responder certificate: if there is a match then the OCSP verify succeeds.
.Pp
Otherwise the OCSP responder certificate's CA is checked against the issuing
CA certificate in the request.
If there is a match and the OCSPSigning extended key usage is present
in the OCSP responder certificate, then the OCSP verify succeeds.
.Pp
Otherwise the root CA of the OCSP responder's CA is checked to see if it
is trusted for OCSP signing.
If it is, the OCSP verify succeeds.
.Pp
If none of these checks is successful, the OCSP verify fails.

What this effectively means is that if the OCSP responder certificate is
authorised directly by the CA it is issuing revocation information about
(and it is correctly configured),
then verification will succeed.
.Pp
If the OCSP responder is a global responder,

which can give details about multiple CAs
and has its own separate certificate chain,
then its root CA can be trusted for OCSP signing.






Alternatively, the responder certificate itself can be explicitly trusted
with the
.Fl VAfile
option.












































































.Sh PASSWD
.nr nS 1
.Nm "openssl passwd"
.Op Fl 1 | apr1 | crypt
.Op Fl in Ar file
.Op Fl noverify
.Op Fl quiet
.Op Fl reverse
.Op Fl salt Ar string
.Op Fl stdin
.Op Fl table
.Op Ar password
.nr nS 0
.Pp
The
.Nm passwd
command computes the hash of a password.



















.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 1
Use the MD5 based
.Bx
password algorithm
.Qq 1 .
.It Fl apr1
Use the
.Qq apr1
algorithm
.Po
Apache variant of the
.Bx
algorithm
.Pc .
.It Fl crypt
Use the
.Qq crypt
algorithm (the default).

.It Fl in Ar file
Read passwords from
.Ar file .
.It Fl noverify
Don't verify when reading a password from the terminal.
.It Fl quiet
Don't output warnings when passwords given on the command line are truncated.
.It Fl reverse
Switch table columns.
This only makes sense in conjunction with the
.Fl table
option.
.It Fl salt Ar string
Use the salt specified by
.Ar string .
When reading a password from the terminal, this implies
.Fl noverify .
.It Fl stdin
Read passwords from standard input.

.It Fl table
In the output list, prepend the cleartext password and a TAB character
to each password hash.
.El















.Sh PKCS7
.nr nS 1
.Nm "openssl pkcs7"

.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl print_certs
.Op Fl text

.nr nS 0
.Pp
The
.Nm pkcs7
command processes PKCS#7 files in DER or PEM format.
The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
.It Fl inform Cm der | pem
The input format.





.It Fl noout
Don't output the encoded version of the PKCS#7 structure
(or certificates if
.Fl print_certs
is set).
.It Fl out Ar file
The output to write to,

or standard output if not specified.
.It Fl outform Cm der | pem
The output format.


.It Fl print_certs
Print any certificates or CRLs contained in the file,
preceded by their subject and issuer names in a one-line format.
.It Fl text
Print certificate details in full rather than just subject and issuer names.

.El




























.Sh PKCS8
.nr nS 1
.Nm "openssl pkcs8"

.Op Fl embed
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl nocrypt
.Op Fl noiter
.Op Fl nooct
.Op Fl nsdb
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl topk8
.Op Fl v1 Ar alg
.Op Fl v2 Ar alg

.nr nS 0
.Pp
The
.Nm pkcs8
command processes private keys
(both encrypted and unencrypted)
in PKCS#8 format

with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
The default encryption is only 56 bits;
keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
are more secure.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl embed
Generate DSA keys in a broken format.
The DSA parameters are embedded inside the PrivateKey structure.


In this form the OCTET STRING contains an ASN.1 SEQUENCE consisting of
two structures:
a SEQUENCE containing the parameters and an ASN.1 INTEGER containing
the private key.
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
If the key is encrypted, a pass phrase will be prompted for.
.It Fl inform Cm der | pem
The input format.




.It Fl nocrypt




Generate an unencrypted PrivateKeyInfo structure.

This option does not encrypt private keys at all
and should only be used when absolutely necessary.


.It Fl noiter
Use an iteration count of 1.
See the
.Sx PKCS12
section below for a detailed explanation of this option.
.It Fl nooct
Generate RSA private keys in a broken format that some software uses.

Specifically the private key should be enclosed in an OCTET STRING,
but some software just includes the structure itself without the
surrounding OCTET STRING.
.It Fl nsdb
Generate DSA keys in a broken format compatible with Netscape
private key databases.

The PrivateKey contains a SEQUENCE
consisting of the public and private keys, respectively.
.It Fl out Ar file
The output file to write to,

or standard output if none is specified.
If any encryption options are set, a pass phrase will be prompted for.



.It Fl outform Cm der | pem
The output format.


.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl topk8





Read a traditional format private key and write a PKCS#8 format key.
.It Fl v1 Ar alg
Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
















.Pp















































.Bl -tag -width "XXXX" -compact
.It PBE-MD5-DES

56-bit DES.

.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES




64-bit RC2 or 56-bit DES.

.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
PKCS#12 password-based encryption algorithm,
which allow strong encryption algorithms like triple DES or 128-bit RC2.
.El
.It Fl v2 Ar alg
Use PKCS#5 v2.0 algorithms.



Supports algorithms such as 168-bit triple DES or 128-bit RC2,











however not many implementations support PKCS#5 v2.0 yet



(if using private keys with

.Nm openssl

this doesn't matter).





.Pp

.Ar alg





is the encryption algorithm to use;

valid values include des, des3, and rc2.
It is recommended that des3 is used.
.El







.Sh PKCS12
.nr nS 1
.Nm "openssl pkcs12"


.Op Fl aes128 | aes192 | aes256 | des | des3


.Op Fl cacerts
.Op Fl CAfile Ar file
.Op Fl caname Ar name
.Op Fl CApath Ar directory
.Op Fl certfile Ar file
.Op Fl certpbe Ar alg
.Op Fl chain
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563

3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605

3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689

3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
.Op Fl nomaciter
.Op Fl nomacver
.Op Fl noout
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl twopass
.Ek
.nr nS 0
.Pp
The
.Nm pkcs12
command allows PKCS#12 files
.Pq sometimes referred to as PFX files
to be created and parsed.
PKCS#12 files are used by several programs including Netscape, MSIE
and MS Outlook.
.Pp
There are a lot of options; the meaning of some depends on whether a
PKCS#12 file is being created or parsed.
By default, a PKCS#12 file is parsed;
a PKCS#12 file can be created by using the
.Fl export
option
.Pq see below .
.Sh PKCS12 PARSING OPTIONS
.Bl -tag -width "XXXX"
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc

Use AES, DES, or triple DES, respectively,
to encrypt private keys before outputting.
The default is triple DES.
.It Fl cacerts
Only output CA certificates
.Pq not client certificates .
.It Fl clcerts
Only output client certificates
.Pq not CA certificates .
.It Fl in Ar file
This specifies the
.Ar file
of the PKCS#12 file to be parsed.
Standard input is used by default.
.It Fl info
Output additional information about the PKCS#12 file structure,
algorithms used, and iteration counts.
.It Fl nocerts
No certificates at all will be output.
.It Fl nodes
Don't encrypt the private keys at all.
.It Fl nokeys
No private keys will be output.
.It Fl nomacver
Don't attempt to verify the integrity MAC before reading the file.
.It Fl noout
This option inhibits output of the keys and certificates to the output file
version of the PKCS#12 file.
.It Fl out Ar file
The
.Ar file
to write certificates and private keys to, standard output by default.
They are all written in PEM format.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl twopass
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
PKCS#12 files unreadable.
.El

.Sh PKCS12 FILE CREATION OPTIONS
.Bl -tag -width "XXXX"
.It Fl CAfile Ar file
CA storage as a file.
.It Fl CApath Ar directory
CA storage as a directory.
This directory must be a standard certificate directory:
that is, a hash of each subject name (using
.Cm x509 -hash )
should be linked to each certificate.
.It Fl caname Ar name
This specifies the
.Qq friendly name
for other certificates.
This option may be used multiple times to specify names for all certificates
in the order they appear.
Netscape ignores friendly names on other certificates,
whereas MSIE displays them.
.It Fl certfile Ar file
A file to read additional certificates from.
.It Fl certpbe Ar alg , Fl keypbe Ar alg
These options allow the algorithm used to encrypt the private key and
certificates to be selected.
Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used (see the
.Sx PKCS12 NOTES
section for more information).
If a cipher name
(as output by the
.Cm list-cipher-algorithms
command) is specified then it
is used with PKCS#5 v2.0.
For interoperability reasons it is advisable to only use PKCS#12 algorithms.
.It Fl chain
If this option is present, an attempt is made to include the entire
certificate chain of the user certificate.
The standard CA store is used for this search.
If the search fails, it is considered a fatal error.
.It Fl CSP Ar name
Write
.Ar name
as a Microsoft CSP name.
.It Fl descert
Encrypt the certificate using triple DES; this may render the PKCS#12
file unreadable by some
.Qq export grade
software.
By default, the private key is encrypted using triple DES and the
certificate using 40-bit RC2.
.It Fl export
This option specifies that a PKCS#12 file will be created rather than
parsed.
.It Fl in Ar file
The
.Ar file
to read certificates and private keys from, standard input by default.
They must all be in PEM format.
The order doesn't matter but one private key and its corresponding
certificate should be present.
If additional certificates are present, they will also be included
in the PKCS#12 file.
.It Fl inkey Ar file
File to read private key from.
If not present, a private key must be present in the input file.
.It Fl keyex | keysig
Specifies that the private key is to be used for key exchange or just signing.
This option is only interpreted by MSIE and similar MS software.
Normally,
.Qq export grade
software will only allow 512-bit RSA keys to be
used for encryption purposes, but arbitrary length keys for signing.
The
.Fl keysig
option marks the key for signing only.
Signing only keys can be used for S/MIME signing, authenticode
.Pq ActiveX control signing
and SSL client authentication;
however, due to a bug only MSIE 5.0 and later support
the use of signing only keys for SSL client authentication.
.It Fl macalg Ar alg
Specify the MAC digest algorithm.
If not included then SHA1 is used.
.It Fl maciter
This option is included for compatibility with previous versions; it used
to be needed to use MAC iterations counts but they are now used by default.

.It Fl name Ar name
This specifies the
.Qq friendly name
for the certificate and private key.
This name is typically displayed in list boxes by software importing the file.
.It Fl nomac
Don't attempt to provide the MAC integrity.
.It Fl nomaciter , noiter
These options affect the iteration counts on the MAC and key algorithms.
Unless you wish to produce files compatible with MSIE 4.0, you should leave
these options alone.
.Pp
To discourage attacks by using large dictionaries of common passwords,
the algorithm that derives keys from passwords can have an iteration count
applied to it: this causes a certain part of the algorithm to be repeated
and slows it down.
The MAC is used to check the file integrity but since it will normally
have the same password as the keys and certificates it could also be attacked.
By default, both MAC and encryption iteration counts are set to 2048;
using these options the MAC and encryption iteration counts can be set to 1.
Since this reduces the file security you should not use these options
unless you really have to.
Most software supports both MAC and key iteration counts.
MSIE 4.0 doesn't support MAC iteration counts, so it needs the
.Fl nomaciter
option.
.It Fl out Ar file
This specifies
.Ar file
to write the PKCS#12 file to.
Standard output is used by default.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.El
.Sh PKCS12 NOTES
Although there are a large number of options,
most of them are very rarely used.
For PKCS#12 file parsing, only
.Fl in
and
.Fl out
need to be used for PKCS#12 file creation.
.Fl export
and
.Fl name
are also used.
.Pp
If none of the
.Fl clcerts , cacerts ,
or
.Fl nocerts
options are present, then all certificates will be output in the order
they appear in the input PKCS#12 files.
There is no guarantee that the first certificate present is
the one corresponding to the private key.
Certain software which requires a private key and certificate and assumes
the first certificate in the file is the one corresponding to the private key:
this may not always be the case.
Using the
.Fl clcerts
option will solve this problem by only outputting the certificate
corresponding to the private key.
If the CA certificates are required, they can be output to a separate
file using the
.Fl nokeys
and
.Fl cacerts
options to just output CA certificates.
.Pp
The
.Fl keypbe
and
.Fl certpbe
algorithms allow the precise encryption algorithms for private keys
and certificates to be specified.
Normally, the defaults are fine but occasionally software can't handle
triple DES encrypted private keys;
then the option
.Fl keypbe Ar PBE-SHA1-RC2-40
can be used to reduce the private key encryption to 40-bit RC2.
A complete description of all algorithms is contained in the
.Sx PKCS8
section above.
.Sh PKCS12 EXAMPLES
Parse a PKCS#12 file and output it to a file:
.Pp
.Dl $ openssl pkcs12 -in file.p12 -out file.pem
.Pp
Output only client certificates to a file:
.Pp
.Dl $ openssl pkcs12 -in file.p12 -clcerts -out file.pem
.Pp
Don't encrypt the private key:
.Pp
.Dl $ openssl pkcs12 -in file.p12 -out file.pem -nodes
.Pp
Print some info about a PKCS#12 file:
.Pp
.Dl $ openssl pkcs12 -in file.p12 -info -noout
.Pp
Create a PKCS#12 file:
.Bd -literal -offset indent
$ openssl pkcs12 -export -in file.pem -out file.p12 \e
	-name "My Certificate"
.Ed
.Pp
Include some extra certificates:
.Bd -literal -offset indent
$ openssl pkcs12 -export -in file.pem -out file.p12 \e
	-name "My Certificate" -certfile othercerts.pem
.Ed
.Sh PKCS12 BUGS
Some would argue that the PKCS#12 standard is one big bug :\-)
.Pp
Versions of
.Nm OpenSSL
before 0.9.6a had a bug in the PKCS#12 key generation routines.
Under rare circumstances this could produce a PKCS#12 file encrypted
with an invalid key.
As a result some PKCS#12 files which triggered this bug
from other implementations
.Pq MSIE or Netscape
could not be decrypted by
.Nm OpenSSL
and similarly
.Nm OpenSSL
could produce PKCS#12 files which could not be decrypted by other
implementations.
The chances of producing such a file are relatively small: less than 1 in 256.
.Pp
A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
files can no longer be parsed by the fixed version.
Under such circumstances the
.Nm pkcs12
utility will report that the MAC is OK but fail with a decryption
error when extracting private keys.
.Pp
This problem can be resolved by extracting the private keys and certificates
from the PKCS#12 file using an older version of
.Nm OpenSSL
and recreating
the PKCS#12 file from the keys and certificates using a newer version of
.Nm OpenSSL .
For example:
.Bd -literal -offset indent
$ old-openssl -in bad.p12 -out keycerts.pem
$ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e
	-out fixed.p12
.Ed
.\"
.\" PKEY
.\"
.Sh PKEY
.nr nS 1
.Nm "openssl pkey"
.Bk -words
.Op Ar cipher
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text
.Op Fl text_pub
.Ek
.nr nS 0
.Pp
The
.Nm pkey
command processes public or private keys.
They can be converted between various forms
and their components printed out.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Ar cipher
These options encrypt the private key with the supplied cipher.
Any algorithm name accepted by
.Fn EVP_get_cipherbyname
is acceptable, such as
.Cm des3 .
.It Fl in Ar file
This specifies the input filename to read a key from,
or standard input if this option is not specified.
If the key is encrypted a pass phrase will be prompted for.
.It Fl inform Ar DER | PEM
This specifies the input format, DER or PEM.
.It Fl noout
Do not output the encoded version of the key.
.It Fl out Ar file
This specifies the output filename to write a key to,
or standard output if this option is not specified.
If any encryption options are set then a pass phrase
will be prompted for.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | PEM
This specifies the output format;
the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
By default a private key is read from the input file:
with this option a public key is read instead.
.It Fl pubout
By default a private key is output:
with this option a public key will be output instead.
This option is automatically set if
the input is a public key.
.It Fl text
Print out the various public or private key components in
plain text in addition to the encoded version.
.It Fl text_pub
Print out only public key components
even if a private key is being processed.
.El
.Sh PKEY EXAMPLES
To remove the pass phrase on an RSA private key:
.Bd -literal -offset indent
$ openssl pkey -in key.pem -out keyout.pem
.Ed
.Pp
To encrypt a private key using triple DES:
.Bd -literal -offset indent
$ openssl pkey -in key.pem -des3 -out keyout.pem
.Ed
.Pp
To convert a private key from PEM to DER format:
.Bd -literal -offset indent
$ openssl pkey -in key.pem -outform DER -out keyout.der
.Ed
.Pp
To print the components of a private key to standard output:
.Bd -literal -offset indent
$ openssl pkey -in key.pem -text -noout
.Ed
.Pp
To print the public components of a private key to standard output:
.Bd -literal -offset indent
$ openssl pkey -in key.pem -text_pub -noout
.Ed
.Pp
To just output the public part of a private key:
.Bd -literal -offset indent
$ openssl pkey -in key.pem -pubout -out pubkey.pem
.Ed
.\"
.\" PKEYPARAM
.\"
.Sh PKEYPARAM
.Cm openssl pkeyparam
.Op Fl in Ar file
.Op Fl noout
.Op Fl out Ar file
.Op Fl text
.Pp
The
.Nm pkey
command processes public or private keys.
They can be converted between various forms and their components printed out.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl in Ar file
This specifies the input filename to read parameters from,
or standard input if this option is not specified.
.It Fl noout
Do not output the encoded version of the parameters.
.It Fl out Ar file
This specifies the output filename to write parameters to,
or standard output if this option is not specified.
.It Fl text
Prints out the parameters in plain text in addition to the encoded version.
.El
.Sh PKEYPARAM EXAMPLES
Print out text version of parameters:
.Bd -literal -offset indent
$ openssl pkeyparam -in param.pem -text
.Ed
.Sh PKEYPARAM NOTES
There are no
.Fl inform
or
.Fl outform
options for this command because only PEM format is supported
because the key type is determined by the PEM headers.
.\"
.\" PKEYUTL
.\"
.Sh PKEYUTL
.nr nS 1
.Nm "openssl pkeyutl"
.Bk -words
.Op Fl asn1parse
.Op Fl certin
.Op Fl decrypt
.Op Fl derive
.Op Fl encrypt
.Op Fl hexdump
.Op Fl in Ar file
.Op Fl inkey Ar file
.Op Fl keyform Ar DER | PEM
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl peerform Ar DER | PEM
.Op Fl peerkey Ar file
.Op Fl pkeyopt Ar opt : Ns Ar value
.Op Fl pubin
.Op Fl rev
.Op Fl sigfile Ar file
.Op Fl sign
.Op Fl verify
.Op Fl verifyrecover
.Ek
.nr nS 0
.Pp
The
.Nm pkeyutl
command can be used to perform public key operations using
any supported algorithm.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl asn1parse
ASN1parse the output data.
This is useful when combined with the
.Fl verifyrecover
option when an ASN1 structure is signed.
.It Fl certin
The input is a certificate containing a public key.
.It Fl decrypt
Decrypt the input data using a private key.
.It Fl derive
Derive a shared secret using the peer key.
.It Fl encrypt
Encrypt the input data using a public key.
.It Fl hexdump
Hex dump the output data.
.It Fl in Ar file
Specify the input filename to read data from,
or standard input if this option is not specified.
.It Fl inkey Ar file
The input key file.
By default it should be a private key.
.It Fl keyform Ar DER | PEM
The key format DER or PEM.
.It Fl out Ar file
Specify the output filename to write to,
or standard output by default.
.It Fl passin Ar arg
The key password source.
.It Fl peerform Ar DER | PEM
The peer key format DER or PEM.
.It Fl peerkey Ar file
The peer key file, used by key derivation (agreement) operations.
.It Fl pkeyopt Ar opt : Ns Ar value
Public key options.
.It Fl pubin
The input file is a public key.
.It Fl rev
Reverse the order of the input buffer.
This is useful for some libraries (such as CryptoAPI)
which represent the buffer in little endian format.
.It Fl sigfile Ar file
Signature file (verify operation only).
.It Fl sign
Sign the input data and output the signed result.
This requires a private key.
.It Fl verify
Verify the input data against the signature file and indicate if the
verification succeeded or failed.
.It Fl verifyrecover
Verify the input data and output the recovered data.
.El
.Sh PKEYUTL NOTES
The operations and options supported vary according to the key algorithm
and its implementation.
The
.Nm OpenSSL
operations and options are indicated below.
.Pp
Unless otherwise mentioned all algorithms support the
.Ar digest : Ns Ar alg
option which specifies the digest in use
for sign, verify, and verifyrecover operations.
The value
.Ar alg
should represent a digest name as used in the
.Fn EVP_get_digestbyname
function, for example
.Cm sha1 .
.Ss RSA algorithm
The RSA algorithm supports the
encrypt, decrypt, sign, verify, and verifyrecover operations in general.
Some padding modes only support some of these
operations however.
.Bl -tag -width Ds
.It rsa_padding_mode : Ns Ar mode
This sets the RSA padding mode.







<







<
<
<
<
<



|
|
|

<
|
<
<
>
|
<








<
|
<
|




|

|

|

|

|


<
|
|
<









>
|





|

|


|


|

<
<



|

|
<
<







<
|














|
<

<
|
|
<





|


|
<








|
|
<
<


|

|
|
>

|






|
<
<












<
<
<

<
<
|
|





<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<


|


|






<











|

|



|
|

|
|



|
|


<
<
<
|
|
<
<
<





|
<

|
<
<
|

<
|




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








|

|




|
|



|
|

|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<








|


|








<










|


|











|
|



|
|

|
|


|
|



|
<
<
<
<
<
<
|
<
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|




|
|
|
<







2535
2536
2537
2538
2539
2540
2541

2542
2543
2544
2545
2546
2547
2548





2549
2550
2551
2552
2553
2554
2555

2556


2557
2558

2559
2560
2561
2562
2563
2564
2565
2566

2567

2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583

2584
2585

2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611


2612
2613
2614
2615
2616
2617


2618
2619
2620
2621
2622
2623
2624

2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640

2641

2642
2643

2644
2645
2646
2647
2648
2649
2650
2651
2652

2653
2654
2655
2656
2657
2658
2659
2660
2661
2662


2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678


2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690



2691


2692
2693
2694
2695
2696
2697
2698






















































































































2699
2700
2701

2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713

2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742



2743
2744



2745
2746
2747
2748
2749
2750

2751
2752


2753
2754

2755
2756
2757
2758
2759

































2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784















2785
2786
2787

2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807

2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850






2851

2852


2853












2854
2855
2856
2857
2858
2859
2860
2861
2862
2863

2864
2865
2866
2867
2868
2869
2870
.Op Fl nomaciter
.Op Fl nomacver
.Op Fl noout
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl twopass

.nr nS 0
.Pp
The
.Nm pkcs12
command allows PKCS#12 files
.Pq sometimes referred to as PFX files
to be created and parsed.





By default, a PKCS#12 file is parsed;
a PKCS#12 file can be created by using the
.Fl export
option.
.Pp
The options for parsing a PKCS12 file are as follows:
.Bl -tag -width "XXXX"

.It Fl aes128 | aes192 | aes256 | des | des3


Encrypt private keys
using AES, DES, or triple DES, respectively.

The default is triple DES.
.It Fl cacerts
Only output CA certificates
.Pq not client certificates .
.It Fl clcerts
Only output client certificates
.Pq not CA certificates .
.It Fl in Ar file

The input file to read from,

or standard input if not specified.
.It Fl info
Output additional information about the PKCS#12 file structure,
algorithms used, and iteration counts.
.It Fl nocerts
Do not output certificates.
.It Fl nodes
Do not encrypt private keys.
.It Fl nokeys
Do not output private keys.
.It Fl nomacver
Do not attempt to verify the integrity MAC before reading the file.
.It Fl noout
Do not output the keys and certificates to the output file
version of the PKCS#12 file.
.It Fl out Ar file

The output file to write to,
or standard output if not specified.

.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl twopass
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
PKCS#12 files unreadable.
.El
.Pp
The options for PKCS12 file creation are as follows:
.Bl -tag -width "XXXX"
.It Fl CAfile Ar file
CA storage as a file.
.It Fl CApath Ar directory
CA storage as a directory.
The directory must be a standard certificate directory:
that is, a hash of each subject name (using
.Nm x509 Fl hash )
should be linked to each certificate.
.It Fl caname Ar name
Specify the
.Qq friendly name
for other certificates.
May be used multiple times to specify names for all certificates
in the order they appear.


.It Fl certfile Ar file
A file to read additional certificates from.
.It Fl certpbe Ar alg , Fl keypbe Ar alg
Specify the algorithm used to encrypt the private key and
certificates to be selected.
Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.


If a cipher name
(as output by the
.Cm list-cipher-algorithms
command) is specified then it
is used with PKCS#5 v2.0.
For interoperability reasons it is advisable to only use PKCS#12 algorithms.
.It Fl chain

Include the entire certificate chain of the user certificate.
The standard CA store is used for this search.
If the search fails, it is considered a fatal error.
.It Fl CSP Ar name
Write
.Ar name
as a Microsoft CSP name.
.It Fl descert
Encrypt the certificate using triple DES; this may render the PKCS#12
file unreadable by some
.Qq export grade
software.
By default, the private key is encrypted using triple DES and the
certificate using 40-bit RC2.
.It Fl export
Create a PKCS#12 file (rather than parsing one).

.It Fl in Ar file

The input file to read from,
or standard input if not specified.

The order doesn't matter but one private key and its corresponding
certificate should be present.
If additional certificates are present, they will also be included
in the PKCS#12 file.
.It Fl inkey Ar file
File to read a private key from.
If not present, a private key must be present in the input file.
.It Fl keyex | keysig
Specify whether the private key is to be used for key exchange or just signing.

Normally,
.Qq export grade
software will only allow 512-bit RSA keys to be
used for encryption purposes, but arbitrary length keys for signing.
The
.Fl keysig
option marks the key for signing only.
Signing only keys can be used for S/MIME signing, authenticode
(ActiveX control signing)
and SSL client authentication.


.It Fl macalg Ar alg
Specify the MAC digest algorithm.
The default is SHA1.
.It Fl maciter
Included for compatibility only:
it used to be needed to use MAC iterations counts
but they are now used by default.
.It Fl name Ar name
Specify the
.Qq friendly name
for the certificate and private key.
This name is typically displayed in list boxes by software importing the file.
.It Fl nomac
Don't attempt to provide the MAC integrity.
.It Fl nomaciter , noiter
Affect the iteration counts on the MAC and key algorithms.


.Pp
To discourage attacks by using large dictionaries of common passwords,
the algorithm that derives keys from passwords can have an iteration count
applied to it: this causes a certain part of the algorithm to be repeated
and slows it down.
The MAC is used to check the file integrity but since it will normally
have the same password as the keys and certificates it could also be attacked.
By default, both MAC and encryption iteration counts are set to 2048;
using these options the MAC and encryption iteration counts can be set to 1.
Since this reduces the file security you should not use these options
unless you really have to.
Most software supports both MAC and key iteration counts.



.It Fl out Ar file


The output file to write to,
or standard output if not specified.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.El






















































































































.Sh PKEY
.nr nS 1
.Nm "openssl pkey"

.Op Ar cipher
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text
.Op Fl text_pub

.nr nS 0
.Pp
The
.Nm pkey
command processes public or private keys.
They can be converted between various forms
and their components printed out.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Ar cipher
Encrypt the private key with the specified cipher.
Any algorithm name accepted by
.Xr EVP_get_cipherbyname 3
is acceptable, such as
.Cm des3 .
.It Fl in Ar file
The input file to read from,
or standard input if not specified.
If the key is encrypted a pass phrase will be prompted for.
.It Fl inform Cm der | pem
The input format.
.It Fl noout
Do not output the encoded version of the key.
.It Fl out Ar file
The output file to write to,
or standard output if not specified.
If any encryption options are set then a pass phrase
will be prompted for.



.It Fl outform Cm der | pem
The output format.



.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
Read in a public key, not a private key.

.It Fl pubout
Output a public key, not a private key.


Automatically set if the input is a public key.
.It Fl text

Print the public/private key in plain text.
.It Fl text_pub
Print out only public key components
even if a private key is being processed.
.El

































.Sh PKEYPARAM
.Cm openssl pkeyparam
.Op Fl in Ar file
.Op Fl noout
.Op Fl out Ar file
.Op Fl text
.Pp
The
.Nm pkeyparam
command processes public or private keys.
The key type is determined by the PEM headers.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl in Ar file
The input file to read from,
or standard input if not specified.
.It Fl noout
Do not output the encoded version of the parameters.
.It Fl out Ar file
The output file to write to,
or standard output if not specified.
.It Fl text
Print the parameters in plain text.
.El















.Sh PKEYUTL
.nr nS 1
.Nm "openssl pkeyutl"

.Op Fl asn1parse
.Op Fl certin
.Op Fl decrypt
.Op Fl derive
.Op Fl encrypt
.Op Fl hexdump
.Op Fl in Ar file
.Op Fl inkey Ar file
.Op Fl keyform Cm der | pem
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl peerform Cm der | pem
.Op Fl peerkey Ar file
.Op Fl pkeyopt Ar opt : Ns Ar value
.Op Fl pubin
.Op Fl rev
.Op Fl sigfile Ar file
.Op Fl sign
.Op Fl verify
.Op Fl verifyrecover

.nr nS 0
.Pp
The
.Nm pkeyutl
command can be used to perform public key operations using
any supported algorithm.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl asn1parse
ASN.1 parse the output data.
This is useful when combined with the
.Fl verifyrecover
option when an ASN.1 structure is signed.
.It Fl certin
The input is a certificate containing a public key.
.It Fl decrypt
Decrypt the input data using a private key.
.It Fl derive
Derive a shared secret using the peer key.
.It Fl encrypt
Encrypt the input data using a public key.
.It Fl hexdump
Hex dump the output data.
.It Fl in Ar file
The input file to read from,
or standard input if not specified.
.It Fl inkey Ar file
The input key file.
By default it should be a private key.
.It Fl keyform Cm der | pem
The key format.
.It Fl out Ar file
The output file to write to,
or standard output if not specified.
.It Fl passin Ar arg
The key password source.
.It Fl peerform Cm der | pem
The peer key format.
.It Fl peerkey Ar file
The peer key file, used by key derivation (agreement) operations.
.It Fl pkeyopt Ar opt : Ns Ar value
Set the public key algorithm option






.Ar opt

to


.Ar value .












Unless otherwise mentioned, all algorithms support the format
.Ar digest : Ns Ar alg ,
which specifies the digest to use
for sign, verify, and verifyrecover operations.
The value
.Ar alg
should represent a digest name as used in the
.Xr EVP_get_digestbyname 3
function.
.Pp

The RSA algorithm supports the
encrypt, decrypt, sign, verify, and verifyrecover operations in general.
Some padding modes only support some of these
operations however.
.Bl -tag -width Ds
.It rsa_padding_mode : Ns Ar mode
This sets the RSA padding mode.
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156

4157
4158

4159


4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
for PSS.
.Pp
In PKCS#1 padding if the message digest is not set then the supplied data is
signed or verified directly instead of using a DigestInfo structure.
If a digest is set then a DigestInfo
structure is used and its length
must correspond to the digest type.
.Pp
For oeap mode only encryption and decryption is supported.
.Pp
For x931 if the digest type is set it is used to format the block data;
otherwise the first byte is used to specify the X9.31 digest ID.
Sign, verify, and verifyrecover can be performed in this mode.
.Pp
For pss mode only sign and verify are supported and the digest type must be
specified.
.It rsa_pss_saltlen : Ns Ar len
For pss
mode only this option specifies the salt length.
Two special values are supported:
-1 sets the salt length to the digest length.
When signing -2 sets the salt length to the maximum permissible value.
When verifying -2 causes the salt length to be automatically determined
based on the PSS block structure.
.El
.Ss DSA algorithm
The DSA algorithm supports the sign and verify operations.
Currently there are no additional options other than
.Ar digest .
Only the SHA1 digest can be used and this digest is assumed by default.
.Ss DH algorithm
The DH algorithm supports the derive operation
and no additional options.
.Ss EC algorithm
The EC algorithm supports the sign, verify, and derive operations.
The sign and verify operations use ECDSA and derive uses ECDH.
Currently there are no additional options other than
.Ar digest .
Only the SHA1 digest can be used and this digest is assumed by default.
.Sh PKEYUTL EXAMPLES
Sign some data using a private key:
.Bd -literal -offset indent
$ openssl pkeyutl -sign -in file -inkey key.pem -out sig
.Ed

.Pp
Recover the signed data (e.g. if an RSA key is used):

.Bd -literal -offset indent


$ openssl pkeyutl -verifyrecover -in sig -inkey key.pem
.Ed
.Pp
Verify the signature (e.g. a DSA key):
.Bd -literal -offset indent
$ openssl pkeyutl -verify -in file -sigfile sig \e
	-inkey key.pem
.Ed
.Pp
Sign data using a message digest value (this is currently only valid for RSA):
.Bd -literal -offset indent
$ openssl pkeyutl -sign -in file -inkey key.pem \e
	-out sig -pkeyopt digest:sha256
.Ed
.Pp
Derive a shared secret value:
.Bd -literal -offset indent
$ openssl pkeyutl -derive -inkey key.pem \e
	-peerkey pubkey.pem -out secret
.Ed
.\"
.\" PRIME
.\"
.Sh PRIME
.Cm openssl prime
.Op Fl bits Ar n
.Op Fl checks Ar n
.Op Fl generate
.Op Fl hex
.Op Fl safe







<

<



<











|




|


|





|
|
|
|
|
>
|
|
>
|
>
>
|
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







2884
2885
2886
2887
2888
2889
2890

2891

2892
2893
2894

2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932


2933



2934















2935
2936
2937
2938
2939
2940
2941
for PSS.
.Pp
In PKCS#1 padding if the message digest is not set then the supplied data is
signed or verified directly instead of using a DigestInfo structure.
If a digest is set then a DigestInfo
structure is used and its length
must correspond to the digest type.

For oeap mode only encryption and decryption is supported.

For x931 if the digest type is set it is used to format the block data;
otherwise the first byte is used to specify the X9.31 digest ID.
Sign, verify, and verifyrecover can be performed in this mode.

For pss mode only sign and verify are supported and the digest type must be
specified.
.It rsa_pss_saltlen : Ns Ar len
For pss
mode only this option specifies the salt length.
Two special values are supported:
-1 sets the salt length to the digest length.
When signing -2 sets the salt length to the maximum permissible value.
When verifying -2 causes the salt length to be automatically determined
based on the PSS block structure.
.El
.Pp
The DSA algorithm supports the sign and verify operations.
Currently there are no additional options other than
.Ar digest .
Only the SHA1 digest can be used and this digest is assumed by default.
.Pp
The DH algorithm supports the derive operation
and no additional options.
.Pp
The EC algorithm supports the sign, verify, and derive operations.
The sign and verify operations use ECDSA and derive uses ECDH.
Currently there are no additional options other than
.Ar digest .
Only the SHA1 digest can be used and this digest is assumed by default.
.It Fl pubin
The input file is a public key.
.It Fl rev
Reverse the order of the input buffer.
.It Fl sigfile Ar file
Signature file (verify operation only).
.It Fl sign
Sign the input data and output the signed result.
This requires a private key.
.It Fl verify
Verify the input data against the signature file and indicate if the
verification succeeded or failed.
.It Fl verifyrecover


Verify the input data and output the recovered data.



.El















.Sh PRIME
.Cm openssl prime
.Op Fl bits Ar n
.Op Fl checks Ar n
.Op Fl generate
.Op Fl hex
.Op Fl safe
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344



4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381

4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424

4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440

4441
4442
4443
4444
4445
4446
4447
4448
4449
4450

4451
4452
4453



4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090

5091

5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
prime numbers
(i.e. a prime p so that (p-1)/2 is also prime).
.It Ar p
Test if number
.Ar p
is prime.
.El
.\"
.\" RAND
.\"
.Sh RAND
.nr nS 1
.Nm "openssl rand"
.Op Fl base64
.Op Fl hex
.Op Fl out Ar file
.Ar num
.nr nS 0
.Pp
The
.Nm rand
command outputs
.Ar num
pseudo-random bytes.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl base64
Perform
.Em base64
encoding on the output.
.It Fl hex
Specify hexadecimal output.
.It Fl out Ar file
Write to
.Ar file
instead of standard output.
.El
.\"
.\" REQ
.\"
.Sh REQ
.nr nS 1
.Nm "openssl req"
.Bk -words
.Op Fl asn1-kludge
.Op Fl batch
.Op Fl config Ar file
.Op Fl days Ar n
.Op Fl extensions Ar section
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl key Ar keyfile
.Op Fl keyform Ar DER | PEM
.Op Fl keyout Ar file
.Op Fl md4 | md5 | sha1
.Op Fl modulus
.Op Fl nameopt Ar option
.Op Fl new
.Op Fl newhdr
.Op Fl newkey Ar arg
.Op Fl no-asn1-kludge
.Op Fl nodes
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubkey
.Op Fl reqexts Ar section
.Op Fl reqopt Ar option
.Op Fl set_serial Ar n
.Op Fl subj Ar arg
.Op Fl subject
.Op Fl text
.Op Fl utf8
.Op Fl verbose
.Op Fl verify
.Op Fl x509
.Ek
.nr nS 0
.Pp
The
.Nm req
command primarily creates and processes certificate requests
in PKCS#10 format.
It can additionally create self-signed certificates,
for use as root CAs, for example.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl asn1-kludge
By default, the
.Nm req
command outputs certificate requests containing
no attributes in the correct PKCS#10 format.
However certain CAs will only
accept requests containing no attributes in an invalid form: this
option produces this invalid format.
.Pp
More precisely, the
.Em Attributes
in a PKCS#10 certificate request are defined as a SET OF Attribute.
They are
.Em not
optional, so if no attributes are present then they should be encoded as an
empty SET OF.
The invalid form does not include the empty
SET OF, whereas the correct form does.
.Pp
It should be noted that very few CAs still require the use of this option.
.It Fl batch
Non-interactive mode.
.It Fl config Ar file
This allows an alternative configuration file to be specified;
this overrides the compile time filename or any specified in
the
.Ev OPENSSL_CONF
environment variable.
.It Fl days Ar n
When the
.Fl x509
option is being used, this specifies the number of
days to certify the certificate for.
The default is 30 days.



.It Fl extensions Ar section , Fl reqexts Ar section
These options specify alternative sections to include certificate
extensions (if the
.Fl x509
option is present) or certificate request extensions.
This allows several different sections to
be used in the same configuration file to specify requests for
a variety of purposes.
.It Fl in Ar file
This specifies the input
.Ar file
to read a request from, or standard input
if this option is not specified.
A request is only read if the creation options
.Fl new
and
.Fl newkey
are not specified.
.It Fl inform Ar DER | PEM
This specifies the input format.
The
.Ar DER
argument uses an ASN1 DER-encoded form compatible with the PKCS#10.
The
.Ar PEM
form is the default format:
it consists of the DER format base64-encoded with additional header and
footer lines.
.It Fl key Ar keyfile
This specifies the file to read the private key from.
It also accepts PKCS#8 format private keys for PEM format files.
.It Fl keyform Ar DER | PEM
The format of the private key file specified in the
.Fl key
argument.
.Ar PEM
is the default.

.It Fl keyout Ar file
This gives the
.Ar file
to write the newly created private key to.
If this option is not specified, the filename present in the
configuration file is used.
.It Fl md5 | sha1 | sha256
This specifies the message digest to sign the request with.
This overrides the digest algorithm specified in the configuration file.
.Pp
Some public key algorithms may override this choice.
For instance, DSA signatures always use SHA1.
.It Fl modulus
This option prints out the value of the modulus of the public key
contained in the request.
.It Fl nameopt Ar option , Fl reqopt Ar option
These options determine how the subject or issuer names are displayed.
The
.Ar option
argument can be a single option or multiple options separated by commas.
Alternatively, these options may be used more than once to set multiple options.
See the
.Sx X509
section below for details.
.It Fl new
This option generates a new certificate request.
It will prompt the user for the relevant field values.
The actual fields prompted for and their maximum and minimum sizes
are specified in the configuration file and any requested extensions.
.Pp
If the
.Fl key
option is not used, it will generate a new RSA private
key using information specified in the configuration file.
.It Fl newhdr
Adds the word NEW to the PEM file header and footer lines
on the outputed request.
Some software
.Pq Netscape certificate server
and some CAs need this.
.It Fl newkey Ar arg
This option creates a new certificate request and a new private key.
The argument takes one of several forms.

.Ar rsa : Ns Ar nbits ,
where
.Ar nbits
is the number of bits, generates an RSA key
.Ar nbits
in size.
If
.Ar nbits
is omitted, i.e.\&
.Cm -newkey rsa
specified,
the default key size, specified in the configuration file, is used.
.Pp
All other algorithms support the
.Ar alg : Ns Ar file
form,

where file may be an algorithm parameter file,
created by the
.Cm genpkey -genparam
command or an X.509 certificate for a key with appropriate algorithm.
.Pp
.Ar param : Ns Ar file
generates a key using the parameter file or certificate
.Ar file ;
the algorithm is determined by the parameters.
.Ar algname : Ns Ar file

use algorithm
.Ar algname
and parameter file



.Ar file :
the two algorithms must match or an error occurs.
.Ar algname
just uses algorithm
.Ar algname ,
and parameters, if necessary,
should be specified via the
.Fl pkeyopt
option.
.Pp
.Ar dsa : Ns Ar file
generates a DSA key using the parameters in the file
.Ar file .
.It Fl no-asn1-kludge
Reverses the effect of
.Fl asn1-kludge .
.It Fl nodes
If this option is specified and a private key is created, it
will not be encrypted.
.It Fl noout
This option prevents output of the encoded version of the request.
.It Fl out Ar file
This specifies the output
.Ar file
to write to, or standard output by default.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubkey
Outputs the public key.
.It Fl reqopt Ar option
Customise the output format used with
.Fl text .
The
.Ar option
argument can be a single option or multiple options separated by commas.
.Pp
See the discussion of the
.Fl certopt
option in the
.Nm x509
command.
.It Fl set_serial Ar n
Serial number to use when outputting a self-signed certificate.
This may be specified as a decimal value or a hex value if preceded by
.Sq 0x .
It is possible to use negative serial numbers but this is not recommended.
.It Fl subj Ar arg
Replaces subject field of input request with specified data and outputs
modified request.
The arg must be formatted as
.Em /type0=value0/type1=value1/type2=... ;
characters may be escaped by
.Sq \e
.Pq backslash ;
no spaces are skipped.
.It Fl subject
Prints out the request subject (or certificate subject if
.Fl x509
is specified.
.It Fl text
Prints out the certificate request in text form.
.It Fl utf8
This option causes field values to be interpreted as UTF8 strings;
by default they are interpreted as ASCII.
This means that the field values, whether prompted from a terminal or
obtained from a configuration file, must be valid UTF8 strings.
.It Fl verbose
Print extra details about the operations being performed.
.It Fl verify
Verifies the signature on the request.
.It Fl x509
This option outputs a self-signed certificate instead of a certificate
request.
This is typically used to generate a test certificate or
a self-signed root CA.
The extensions added to the certificate
.Pq if any
are specified in the configuration file.
Unless specified using the
.Fl set_serial
option, 0 will be used for the serial number.
.El
.Sh REQ CONFIGURATION FILE FORMAT
The configuration options are specified in the
.Em req
section of the configuration file.
As with all configuration files, if no value is specified in the specific
section (i.e.\&
.Em req )
then the initial unnamed or
.Em default
section is searched too.
.Pp
The options available are described in detail below.
.Bl -tag -width "XXXX"
.It Ar attributes
This specifies the section containing any request attributes: its format
is the same as
.Ar distinguished_name .
Typically these may contain the
.Em challengePassword
or
.Em unstructuredName
types.
They are currently ignored by
.Nm OpenSSL Ns Li 's
request signing utilities, but some CAs might want them.
.It Ar default_bits
This specifies the default key size in bits.
If not specified, 2048 is used.
It is used if the
.Fl new
option is used.
It can be overridden by using the
.Fl newkey
option.
.It Ar default_keyfile
This is the default file to write a private key to.
If not specified, the key is written to standard output.
This can be overridden by the
.Fl keyout
option.
.It Ar default_md
This option specifies the digest algorithm to use.
Possible values include
.Ar md5 ,
.Ar sha1
and
.Ar sha256 .
If not present, SHA256 is used.
This option can be overridden on the command line.
.It Ar distinguished_name
This specifies the section containing the distinguished name fields to
prompt for when generating a certificate or certificate request.
The format is described in the next section.
.It Ar encrypt_key
If this is set to
.Em no
and a private key is generated, it is
.Em not
encrypted.
This is equivalent to the
.Fl nodes
command line option.
For compatibility,
.Ar encrypt_rsa_key
is an equivalent option.
.It Ar input_password | output_password
The passwords for the input private key file
.Pq if present
and the output private key file
.Pq if one will be created .
The command line options
.Fl passin
and
.Fl passout
override the configuration file values.
.It Ar oid_file
This specifies a file containing additional OBJECT IDENTIFIERS.
Each line of the file should consist of the numerical form of the
object identifier, followed by whitespace, then the short name followed
by whitespace and finally the long name.
.It Ar oid_section
This specifies a section in the configuration file containing extra
object identifiers.
Each line should consist of the short name of the
object identifier followed by
.Sq =
and the numerical form.
The short and long names are the same when this option is used.
.It Ar prompt
If set to the value
.Em no ,
this disables prompting of certificate fields
and just takes values from the config file directly.
It also changes the expected format of the
.Em distinguished_name
and
.Em attributes
sections.
.It Ar req_extensions
This specifies the configuration file section containing a list of
extensions to add to the certificate request.
It can be overridden by the
.Fl reqexts
command line switch.
.It Ar string_mask
This option limits the string types for encoding certain
fields.
The following values may be used, limiting strings to the indicated types:
.Bl -tag -width "MASK:number"
.It Ar utf8only
.Em UTF8String.
This is the default, as recommended by PKIX in RFC 2459.
.It Ar default
.Em PrintableString , IA5String , T61String , BMPString , UTF8String .
.It Ar pkix
.Em PrintableString , IA5String , BMPString , UTF8String .
This was inspired by the PKIX recommendation in RFC 2459 for certificates
generated before 2004, but differs by also permitting
.Em IA5String .
.It Ar nombstr
.Em PrintableString , IA5String , T61String , UniversalString .
This was a workaround for some ancient software that had problems
with the variable-sized
.Em BMPString
and
.Em UTF8String
types.
.It Cm MASK : Ns Ar number
This is an explicit bitmask of permitted types, where
.Ar number
is a C-style hex, decimal, or octal number that's a bit-wise OR of
.Dv B_ASN1_*
values from
.In openssl/asn1.h .
.El
.It Ar utf8
If set to the value
.Em yes ,
then field values are interpreted as UTF8 strings;
by default they are interpreted as ASCII.
This means that the field values, whether prompted from a terminal or
obtained from a configuration file, must be valid UTF8 strings.
.It Ar x509_extensions
This specifies the configuration file section containing a list of
extensions to add to a certificate generated when the
.Fl x509
switch is used.
It can be overridden by the
.Fl extensions
command line switch.
.El
.Sh REQ DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
There are two separate formats for the distinguished name and attribute
sections.
If the
.Fl prompt
option is set to
.Em no ,
then these sections just consist of field names and values: for example,
.Bd -unfilled -offset indent
CN=My Name
OU=My Organization
emailAddress=someone@somewhere.org
.Ed
.Pp
This allows external programs
.Pq e.g. GUI based
to generate a template file with all the field names and values
and just pass it to
.Nm req .
An example of this kind of configuration file is contained in the
.Sx REQ EXAMPLES
section.
.Pp
Alternatively if the
.Fl prompt
option is absent or not set to
.Em no ,
then the file contains field prompting information.
It consists of lines of the form:
.Bd -unfilled -offset indent
fieldName="prompt"
fieldName_default="default field value"
fieldName_min= 2
fieldName_max= 4
.Ed
.Pp
.Qq fieldName
is the field name being used, for example
.Em commonName
.Pq or CN .
The
.Qq prompt
string is used to ask the user to enter the relevant details.
If the user enters nothing, the default value is used;
if no default value is present, the field is omitted.
A field can still be omitted if a default value is present,
if the user just enters the
.Sq \&.
character.
.Pp
The number of characters entered must be between the
.Em fieldName_min
and
.Em fieldName_max
limits:
there may be additional restrictions based on the field being used
(for example
.Em countryName
can only ever be two characters long and must fit in a
.Em PrintableString ) .
.Pp
Some fields (such as
.Em organizationName )
can be used more than once in a DN.
This presents a problem because configuration files will
not recognize the same name occurring twice.
To avoid this problem, if the
.Em fieldName
contains some characters followed by a full stop, they will be ignored.
So, for example, a second
.Em organizationName
can be input by calling it
.Qq 1.organizationName .
.Pp
The actual permitted field names are any object identifier short or
long names.
These are compiled into
.Nm OpenSSL
and include the usual values such as
.Em commonName , countryName , localityName , organizationName ,
.Em organizationUnitName , stateOrProvinceName .
Additionally,
.Em emailAddress
is included as well as
.Em name , surname , givenName initials
and
.Em dnQualifier .
.Pp
Additional object identifiers can be defined with the
.Ar oid_file
or
.Ar oid_section
options in the configuration file.
Any additional fields will be treated as though they were a
.Em DirectoryString .
.Sh REQ EXAMPLES
Examine and verify a certificate request:
.Pp
.Dl $ openssl req -in req.pem -text -verify -noout
.Pp
Create a private key and then generate a certificate request from it:
.Bd -literal -offset indent
$ openssl genrsa -out key.pem 2048
$ openssl req -new -key key.pem -out req.pem
.Ed
.Pp
The same but just using req:
.Pp
.Dl $ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
.Pp
Generate a self-signed root certificate:
.Pp
.Dl "$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem"
.Pp
Example of a file pointed to by the
.Ar oid_file
option:
.Bd -unfilled -offset indent
1.2.3.4        shortName       A longer Name
1.2.3.6        otherName       Other longer Name
.Ed
.Pp
Example of a section pointed to by
.Ar oid_section
making use of variable expansion:
.Bd -unfilled -offset indent
testoid1=1.2.3.5
testoid2=${testoid1}.6
.Ed
.Pp
Sample configuration file prompting for field values:
.Bd -literal
\& [ req ]
\& default_bits           = 1024
\& default_keyfile        = privkey.pem
\& distinguished_name     = req_distinguished_name
\& attributes             = req_attributes
\& x509_extensions        = v3_ca

\& dirstring_type = nobmp

\& [ req_distinguished_name ]
\& countryName                    = Country Name (2 letter code)
\& countryName_default            = AU
\& countryName_min                = 2
\& countryName_max                = 2

\& localityName                   = Locality Name (eg, city)

\& organizationalUnitName         = Organizational Unit Name (eg, section)

\& commonName                     = Common Name (eg, YOUR name)
\& commonName_max                 = 64

\& emailAddress                   = Email Address
\& emailAddress_max               = 40

\& [ req_attributes ]
\& challengePassword              = A challenge password
\& challengePassword_min          = 4
\& challengePassword_max          = 20

\& [ v3_ca ]

\& subjectKeyIdentifier=hash
\& authorityKeyIdentifier=keyid:always,issuer:always
\& basicConstraints = CA:true
.Ed
.Pp
Sample configuration containing all field values:
.Bd -literal

\& [ req ]
\& default_bits           = 1024
\& default_keyfile        = keyfile.pem
\& distinguished_name     = req_distinguished_name
\& attributes             = req_attributes
\& prompt                 = no
\& output_password        = mypass

\& [ req_distinguished_name ]
\& C                      = GB
\& ST                     = Test State or Province
\& L                      = Test Locality
\& O                      = Organization Name
\& OU                     = Organizational Unit Name
\& CN                     = Common Name
\& emailAddress           = test@email.address

\& [ req_attributes ]
\& challengePassword              = A challenge password
.Ed
.Sh REQ NOTES
The header and footer lines in the PEM format are normally:
.Bd -unfilled -offset indent
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
.Ed
.Pp
Some software
.Pq some versions of Netscape certificate server
instead needs:
.Bd -unfilled -offset indent
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
.Ed
.Pp
which is produced with the
.Fl newhdr
option but is otherwise compatible.
Either form is accepted transparently on input.
.Pp
The certificate requests generated by Xenroll with MSIE have extensions added.
It includes the
.Em keyUsage
extension which determines the type of key
.Pq signature only or general purpose
and any additional OIDs entered by the script in an
.Em extendedKeyUsage
extension.
.Sh REQ DIAGNOSTICS
The following messages are frequently asked about:
.Bd -unfilled -offset indent
Using configuration from /some/path/openssl.cnf
Unable to load config info
.Ed
.Pp
This is followed some time later by...
.Bd -unfilled -offset indent
unable to find 'distinguished_name' in config
problems making Certificate Request
.Ed
.Pp
The first error message is the clue: it can't find the configuration
file!
Certain operations
.Pq like examining a certificate request
don't need a configuration file so its use isn't enforced.
Generation of certificates or requests, however, do need a configuration file.
This could be regarded as a bug.
.Pp
Another puzzling message is this:
.Bd -unfilled -offset indent
Attributes:
    a0:00
.Ed
.Pp
This is displayed when no attributes are present and the request includes
the correct empty SET OF structure
.Pq the DER encoding of which is 0xa0 0x00 .
If you just see:
.Pp
.D1 Attributes:
.Pp
then the SET OF is missing and the encoding is technically invalid
.Pq but it is tolerated .
See the description of the command line option
.Fl asn1-kludge
for more information.
.Sh REQ ENVIRONMENT VARIABLES
The variable
.Ev OPENSSL_CONF ,
if defined, allows an alternative configuration
file location to be specified; it will be overridden by the
.Fl config
command line switch if it is present.
.Sh REQ BUGS
.Nm OpenSSL Ns Li 's
handling of T61Strings
.Pq aka TeletexStrings
is broken: it effectively treats them as ISO 8859-1
.Pq Latin 1 ;
Netscape and MSIE have similar behaviour.
This can cause problems if you need characters that aren't available in
.Em PrintableStrings
and you don't want to or can't use
.Em BMPStrings .
.Pp
As a consequence of the T61String handling, the only correct way to represent
accented characters in
.Nm OpenSSL
is to use a
.Em BMPString :
unfortunately Netscape currently chokes on these.
If you have to use accented characters with Netscape
and MSIE then you currently need to use the invalid T61String form.
.Pp
The current prompting is not very friendly.
It doesn't allow you to confirm what you've just entered.
Other things, like extensions in certificate requests, are
statically defined in the configuration file.
Some of these, like an email address in
.Em subjectAltName ,
should be input by the user.
.\"
.\" RSA
.\"
.Sh RSA
.nr nS 1
.Nm "openssl rsa"
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Oc
.Op Fl check
.Op Fl in Ar file
.Op Fl inform Ar DER | NET | PEM
.Op Fl modulus
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | NET | PEM
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl sgckey
.Op Fl text
.nr nS 0
.Ek
.Pp
The
.Nm rsa
command processes RSA keys.
They can be converted between various forms and their components printed out.
.Pp
.Sy Note :
this command uses the traditional
.Nm SSLeay
compatible format for private key encryption:
newer applications should use the more secure PKCS#8 format using the
.Nm pkcs8
utility.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Xo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
.Xc
These options encrypt the private key with the AES, DES,
or the triple DES ciphers, respectively, before outputting it.
A pass phrase is prompted for.
If none of these options are specified, the key is written in plain text.
This means that using the
.Nm rsa
utility to read in an encrypted key with no encryption option can be used
to remove the pass phrase from a key, or by setting the encryption options
it can be used to add or change the pass phrase.
These options can only be used with PEM format output files.
.It Fl check
This option checks the consistency of an RSA private key.
.It Fl in Ar file
This specifies the input
.Ar file
to read a key from, or standard input if this
option is not specified.
If the key is encrypted, a pass phrase will be prompted for.
.It Fl inform Ar DER | NET | PEM
This specifies the input format.
The
.Ar DER
argument
uses an ASN1 DER-encoded form compatible with the PKCS#1
RSAPrivateKey or SubjectPublicKeyInfo format.
The
.Ar PEM
form is the default format: it consists of the DER format base64-encoded with
additional header and footer lines.
On input PKCS#8 format private keys are also accepted.
The
.Ar NET
form is a format described in the
.Sx RSA NOTES
section.
.It Fl noout
This option prevents output of the encoded version of the key.
.It Fl modulus
This option prints out the value of the modulus of the key.
.It Fl out Ar file
This specifies the output
.Ar file
to write a key to, or standard output if this option is not specified.
If any encryption options are set, a pass phrase will be prompted for.
The output filename should
.Em not
be the same as the input filename.
.It Fl outform Ar DER | NET | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
By default, a private key is read from the input file; with this
option a public key is read instead.

.It Fl pubout

By default, a private key is output;
with this option a public key will be output instead.
This option is automatically set if the input is a public key.
.It Fl sgckey
Use the modified
.Em NET
algorithm used with some versions of Microsoft IIS and SGC keys.
.It Fl text
Prints out the various public or private key components in
plain text, in addition to the encoded version.
.El
.Sh RSA NOTES
The PEM private key format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
.Ed
.Pp
The PEM public key format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
.Ed
.Pp
The
.Em NET
form is a format compatible with older Netscape servers
and Microsoft IIS .key files; this uses unsalted RC4 for its encryption.
It is not very secure and so should only be used when necessary.
.Pp
Some newer version of IIS have additional data in the exported .key files.
To use these with the
.Nm rsa
utility, view the file with a binary editor
and look for the string
.Qq private-key ,
then trace back to the byte sequence 0x30, 0x82
.Pq this is an ASN1 SEQUENCE .
Copy all the data from this point onwards to another file and use that as
the input to the
.Nm rsa
utility with the
.Fl inform Ar NET
option.
If there is an error after entering the password, try the
.Fl sgckey
option.
.Sh RSA EXAMPLES
To remove the pass phrase on an RSA private key:
.Pp
.Dl $ openssl rsa -in key.pem -out keyout.pem
.Pp
To encrypt a private key using triple DES:
.Pp
.Dl $ openssl rsa -in key.pem -des3 -out keyout.pem
.Pp
To convert a private key from PEM to DER format:
.Pp
.Dl $ openssl rsa -in key.pem -outform DER -out keyout.der
.Pp
To print out the components of a private key to standard output:
.Pp
.Dl $ openssl rsa -in key.pem -text -noout
.Pp
To just output the public part of a private key:
.Pp
.Dl $ openssl rsa -in key.pem -pubout -out pubkey.pem
.Sh RSA BUGS
The command line password arguments don't currently work with
.Em NET
format.
.Pp
There should be an option that automatically handles .key files,
without having to manually edit them.
.\"
.\" RSAUTL
.\"
.Sh RSAUTL
.nr nS 1
.Nm "openssl rsautl"
.Bk -words
.Op Fl asn1parse
.Op Fl certin
.Op Fl decrypt
.Op Fl encrypt
.Op Fl hexdump
.Op Fl in Ar file
.Op Fl inkey Ar file
.Op Fl keyform Ar DER | PEM
.Op Fl oaep | pkcs | raw | ssl
.Op Fl out Ar file
.Op Fl pubin
.Op Fl sign
.Op Fl verify
.Ek
.nr nS 0
.Pp
The
.Nm rsautl
command can be used to sign, verify, encrypt and decrypt
data using the RSA algorithm.
.Pp







<
<
<


















<
<
|



|
<
|

<
<
<



<






|

|











|













<












<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
|



|
<
<
<
<

<
<
<
|

>
>
>

|
|
|
|
<
|
<

<
<
|
|





|
|
<
<
<
<
<
<
<
<

|

|



<
|
>

<
<
|
|
|

|





|
<

|
<

|





|
|








|

|
<
<

|

>
|
<
<
|




|
<
<
|

<
|
<
>
|
<
<
<

|
|
|
<
<
>
|
|
|
>
>
>
|
<
<
<
|
<
|


<
<
<
<

|


<
|

|

|
<
|
|
|
<
<





|






<
|

|








|
|
|
|


|


|

|

|

|
<
<
<



|

|
<
|
<
|
<



|

|

|

<
<
<
<
<
<
<
|

|
|

|
|
<
<
<
<
|
|

|
|
|


<
|


|
|
|
|


|
|

|
|

|
|
|
|
|

|
|
|
|
|
<
<
|

|

|

|
|
<
|
<





|
|



|
|






|
|
|
|


|

|

|
|



|
|
|
<


|
|

|
|
|
|
|
|
<
|
|
|
|
<
<
<
<

|






|
|
|
|
<
<
<
|
|







|





|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|


|
|
<









|
|











<
<
|
<


|

|


|




|


|






|

|
|

|

|

|


|

|


|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<
<
|
<
<


|



|







<





|
<
|








<
|
<
<
|










|

|
<
|
<

|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|

|

<
<
<
<
|
|
<
|
|
<
<





<
|
>

>
|
<
|

|
<
|

|
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<







|





<







2972
2973
2974
2975
2976
2977
2978



2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996


2997
2998
2999
3000
3001

3002
3003



3004
3005
3006

3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040

3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052





3053












3054
3055
3056
3057
3058




3059



3060
3061
3062
3063
3064
3065
3066
3067
3068
3069

3070

3071


3072
3073
3074
3075
3076
3077
3078
3079
3080








3081
3082
3083
3084
3085
3086
3087

3088
3089
3090


3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101

3102
3103

3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123


3124
3125
3126
3127
3128


3129
3130
3131
3132
3133
3134


3135
3136

3137

3138
3139



3140
3141
3142
3143


3144
3145
3146
3147
3148
3149
3150
3151



3152

3153
3154
3155




3156
3157
3158
3159

3160
3161
3162
3163
3164

3165
3166
3167


3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179

3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206



3207
3208
3209
3210
3211
3212

3213

3214

3215
3216
3217
3218
3219
3220
3221
3222
3223







3224
3225
3226
3227
3228
3229
3230




3231
3232
3233
3234
3235
3236
3237
3238

3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264


3265
3266
3267
3268
3269
3270
3271
3272

3273

3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309

3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320

3321
3322
3323
3324




3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336



3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353















3354
3355
3356
3357
3358

3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380


3381

3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421










































































































































































































3422
3423
3424


3425


3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439

3440
3441
3442
3443
3444
3445

3446
3447
3448
3449
3450
3451
3452
3453
3454

3455


3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469

3470

3471
3472
3473















3474
3475
3476
3477
3478




3479
3480

3481
3482


3483
3484
3485
3486
3487

3488
3489
3490
3491
3492

3493
3494
3495

3496
3497
3498

3499


































































3500
3501
3502

3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515

3516
3517
3518
3519
3520
3521
3522
prime numbers
(i.e. a prime p so that (p-1)/2 is also prime).
.It Ar p
Test if number
.Ar p
is prime.
.El



.Sh RAND
.nr nS 1
.Nm "openssl rand"
.Op Fl base64
.Op Fl hex
.Op Fl out Ar file
.Ar num
.nr nS 0
.Pp
The
.Nm rand
command outputs
.Ar num
pseudo-random bytes.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl base64


Perform base64 encoding on the output.
.It Fl hex
Specify hexadecimal output.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.
.El



.Sh REQ
.nr nS 1
.Nm "openssl req"

.Op Fl asn1-kludge
.Op Fl batch
.Op Fl config Ar file
.Op Fl days Ar n
.Op Fl extensions Ar section
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl key Ar keyfile
.Op Fl keyform Cm der | pem
.Op Fl keyout Ar file
.Op Fl md4 | md5 | sha1
.Op Fl modulus
.Op Fl nameopt Ar option
.Op Fl new
.Op Fl newhdr
.Op Fl newkey Ar arg
.Op Fl no-asn1-kludge
.Op Fl nodes
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubkey
.Op Fl reqexts Ar section
.Op Fl reqopt Ar option
.Op Fl set_serial Ar n
.Op Fl subj Ar arg
.Op Fl subject
.Op Fl text
.Op Fl utf8
.Op Fl verbose
.Op Fl verify
.Op Fl x509

.nr nS 0
.Pp
The
.Nm req
command primarily creates and processes certificate requests
in PKCS#10 format.
It can additionally create self-signed certificates,
for use as root CAs, for example.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl asn1-kludge





Produce requests in an invalid format for certain picky CAs.












Very few CAs still require the use of this option.
.It Fl batch
Non-interactive mode.
.It Fl config Ar file
Specify an alternative configuration file.




.It Fl days Ar n



Specify the number of days to certify the certificate for.
The default is 30 days.
Used with the
.Fl x509
option.
.It Fl extensions Ar section , Fl reqexts Ar section
Specify alternative sections to include certificate
extensions (with
.Fl x509 )
or certificate request extensions,

allowing several different sections to be used in the same configuration file.

.It Fl in Ar file


The input file to read a request from,
or standard input if not specified.
A request is only read if the creation options
.Fl new
and
.Fl newkey
are not specified.
.It Fl inform Cm der | pem
The input format.








.It Fl key Ar keyfile
The file to read the private key from.
It also accepts PKCS#8 format private keys for PEM format files.
.It Fl keyform Cm der | pem
The format of the private key file specified in the
.Fl key
argument.

The default is
.Cm pem .
.It Fl keyout Ar file


The file to write the newly created private key to.
If this option is not specified,
the filename present in the configuration file is used.
.It Fl md5 | sha1 | sha256
The message digest to sign the request with.
This overrides the digest algorithm specified in the configuration file.
.Pp
Some public key algorithms may override this choice.
For instance, DSA signatures always use SHA1.
.It Fl modulus
Print the value of the modulus of the public key contained in the request.

.It Fl nameopt Ar option , Fl reqopt Ar option
Determine how the subject or issuer names are displayed.

.Ar option
can be a single option or multiple options separated by commas.
Alternatively, these options may be used more than once to set multiple options.
See the
.Sx X509
section below for details.
.It Fl new
Generate a new certificate request.
The user is prompted for the relevant field values.
The actual fields prompted for and their maximum and minimum sizes
are specified in the configuration file and any requested extensions.
.Pp
If the
.Fl key
option is not used, it will generate a new RSA private
key using information specified in the configuration file.
.It Fl newhdr
Add the word NEW to the PEM file header and footer lines
on the outputed request.
Some software and CAs need this.


.It Fl newkey Ar arg
Create a new certificate request and a new private key.
The argument takes one of several forms.
.Pp
.No rsa : Ns Ar nbits


generates an RSA key
.Ar nbits
in size.
If
.Ar nbits
is omitted


the default key size is used.
.Pp

.No dsa : Ns Ar file

generates a DSA key using the parameters in
.Ar file .



.Pp
.No param : Ns Ar file
generates a key using the parameters or certificate in
.Ar file .


.Pp
All other algorithms support the form
.Ar algorithm : Ns Ar file ,
where file may be an algorithm parameter file,
created by the
.Cm genpkey -genparam
command or an X.509 certificate for a key with appropriate algorithm.
.Ar file



can be omitted,

in which case any parameters can be specified via the
.Fl pkeyopt
option.




.It Fl no-asn1-kludge
Reverse the effect of
.Fl asn1-kludge .
.It Fl nodes

Do not encrypt the private key.
.It Fl noout
Do not output the encoded version of the request.
.It Fl out Ar file
The output file to write to,

or standard output if not spceified.
.It Fl outform Cm der | pem
The output format.


.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubkey
Output the public key.
.It Fl reqopt Ar option
Customise the output format used with
.Fl text .
The
.Ar option
argument can be a single option or multiple options separated by commas.

See also the discussion of
.Fl certopt
in the
.Nm x509
command.
.It Fl set_serial Ar n
Serial number to use when outputting a self-signed certificate.
This may be specified as a decimal value or a hex value if preceded by
.Sq 0x .
It is possible to use negative serial numbers but this is not recommended.
.It Fl subj Ar arg
Replaces the subject field of an input request
with the specified data and output the modified request.
.Ar arg
must be formatted as /type0=value0/type1=value1/type2=...;
characters may be escaped by
.Sq \e
(backslash);
no spaces are skipped.
.It Fl subject
Print the request subject (or certificate subject if
.Fl x509
is specified).
.It Fl text
Print the certificate request in plain text.
.It Fl utf8
Interpret field values as UTF8 strings, not ASCII.



.It Fl verbose
Print extra details about the operations being performed.
.It Fl verify
Verify the signature on the request.
.It Fl x509
Output a self-signed certificate instead of a certificate request.

This is typically used to generate a test certificate or a self-signed root CA.

The extensions added to the certificate (if any)

are specified in the configuration file.
Unless specified using the
.Fl set_serial
option, 0 is used for the serial number.
.El
.Pp
The configuration options are specified in the
.Qq req
section of the configuration file.







The options available are as follows:
.Bl -tag -width "XXXX"
.It Cm attributes
The section containing any request attributes: its format
is the same as
.Cm distinguished_name .
Typically these may contain the challengePassword or unstructuredName types.




They are currently ignored by the
.Nm openssl
request signing utilities, but some CAs might want them.
.It Cm default_bits
The default key size, in bits.
The default is 2048.
It is used if the
.Fl new

option is used and can be overridden by using the
.Fl newkey
option.
.It Cm default_keyfile
The default file to write a private key to,
or standard output if not specified.
It can be overridden by the
.Fl keyout
option.
.It Cm default_md
The digest algorithm to use.
Possible values include
.Cm md5 ,
.Cm sha1
and
.Cm sha256
(the default).
It can be overridden on the command line.
.It Cm distinguished_name
The section containing the distinguished name fields to
prompt for when generating a certificate or certificate request.
The format is described below.
.It Cm encrypt_key
If set to
.Qq no
and a private key is generated, it is not encrypted.


It is equivalent to the
.Fl nodes
option.
For compatibility,
.Cm encrypt_rsa_key
is an equivalent option.
.It Cm input_password | output_password
The passwords for the input private key file (if present)

and the output private key file (if one will be created).

The command line options
.Fl passin
and
.Fl passout
override the configuration file values.
.It Cm oid_file
A file containing additional OBJECT IDENTIFIERS.
Each line of the file should consist of the numerical form of the
object identifier, followed by whitespace, then the short name followed
by whitespace and finally the long name.
.It Cm oid_section
Specify a section in the configuration file containing extra
object identifiers.
Each line should consist of the short name of the
object identifier followed by
.Sq =
and the numerical form.
The short and long names are the same when this option is used.
.It Cm prompt
If set to
.Qq no ,
it disables prompting of certificate fields
and just takes values from the config file directly.
It also changes the expected format of the
.Cm distinguished_name
and
.Cm attributes
sections.
.It Cm req_extensions
The configuration file section containing a list of
extensions to add to the certificate request.
It can be overridden by the
.Fl reqexts
option.
.It Cm string_mask
Limit the string types for encoding certain fields.

The following values may be used, limiting strings to the indicated types:
.Bl -tag -width "MASK:number"
.It Cm utf8only
UTF8String.
This is the default, as recommended by PKIX in RFC 2459.
.It Cm default
PrintableString, IA5String, T61String, BMPString, UTF8String.
.It Cm pkix
PrintableString, IA5String, BMPString, UTF8String.
Inspired by the PKIX recommendation in RFC 2459 for certificates
generated before 2004, but differs by also permitting IA5String.

.It Cm nombstr
PrintableString, IA5String, T61String, UniversalString.
A workaround for some ancient software that had problems
with the variable-sized BMPString and UTF8String types.




.It Cm MASK : Ns Ar number
An explicit bitmask of permitted types, where
.Ar number
is a C-style hex, decimal, or octal number that's a bit-wise OR of
.Dv B_ASN1_*
values from
.In openssl/asn1.h .
.El
.It Cm utf8
If set to
.Qq yes ,
field values are interpreted as UTF8 strings.



.It Cm x509_extensions
The configuration file section containing a list of
extensions to add to a certificate generated when the
.Fl x509
switch is used.
It can be overridden by the
.Fl extensions
command line switch.
.El
.Pp
There are two separate formats for the distinguished name and attribute
sections.
If the
.Fl prompt
option is set to
.Qq no ,
then these sections just consist of field names and values.















If the
.Fl prompt
option is absent or not set to
.Qq no ,
then the file contains field prompting information of the form:

.Bd -unfilled -offset indent
fieldName="prompt"
fieldName_default="default field value"
fieldName_min= 2
fieldName_max= 4
.Ed
.Pp
.Qq fieldName
is the field name being used, for example
.Cm commonName
(or CN).
The
.Qq prompt
string is used to ask the user to enter the relevant details.
If the user enters nothing, the default value is used;
if no default value is present, the field is omitted.
A field can still be omitted if a default value is present,
if the user just enters the
.Sq \&.
character.
.Pp
The number of characters entered must be between the


fieldName_min and fieldName_max limits:

there may be additional restrictions based on the field being used
(for example
.Cm countryName
can only ever be two characters long and must fit in a
.Cm PrintableString ) .
.Pp
Some fields (such as
.Cm organizationName )
can be used more than once in a DN.
This presents a problem because configuration files will
not recognize the same name occurring twice.
To avoid this problem, if the
.Cm fieldName
contains some characters followed by a full stop, they will be ignored.
So, for example, a second
.Cm organizationName
can be input by calling it
.Qq 1.organizationName .
.Pp
The actual permitted field names are any object identifier short or
long names.
These are compiled into
.Nm openssl
and include the usual values such as
.Cm commonName , countryName , localityName , organizationName ,
.Cm organizationUnitName , stateOrProvinceName .
Additionally,
.Cm emailAddress
is included as well as
.Cm name , surname , givenName , initials
and
.Cm dnQualifier .
.Pp
Additional object identifiers can be defined with the
.Cm oid_file
or
.Cm oid_section
options in the configuration file.
Any additional fields will be treated as though they were a
.Cm DirectoryString .










































































































































































































.Sh RSA
.nr nS 1
.Nm "openssl rsa"


.Op Fl aes128 | aes192 | aes256 | des | des3


.Op Fl check
.Op Fl in Ar file
.Op Fl inform Cm der | net | pem
.Op Fl modulus
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | net | pem
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl sgckey
.Op Fl text
.nr nS 0

.Pp
The
.Nm rsa
command processes RSA keys.
They can be converted between various forms and their components printed out.
.Nm rsa

uses the traditional
.Nm SSLeay
compatible format for private key encryption:
newer applications should use the more secure PKCS#8 format using the
.Nm pkcs8
utility.
.Pp
The options are as follows:
.Bl -tag -width Ds

.It Fl aes128 | aes192 | aes256 | des | des3


Encrypt the private key with the AES, DES,
or the triple DES ciphers, respectively, before outputting it.
A pass phrase is prompted for.
If none of these options are specified, the key is written in plain text.
This means that using the
.Nm rsa
utility to read in an encrypted key with no encryption option can be used
to remove the pass phrase from a key, or by setting the encryption options
it can be used to add or change the pass phrase.
These options can only be used with PEM format output files.
.It Fl check
Check the consistency of an RSA private key.
.It Fl in Ar file
The input file to read from,

or standard input if not specified.

If the key is encrypted, a pass phrase will be prompted for.
.It Fl inform Cm der | net | pem
The input format.















.It Fl noout
Do not output the encoded version of the key.
.It Fl modulus
Print the value of the modulus of the key.
.It Fl out Ar file




The output file to write to,
or standard output if not specified.

.It Fl outform Cm der | net | pem
The output format.


.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin

Read in a public key,
not a private key.
.It Fl pubout
Output a public key,
not a private key.

Automatically set if the input is a public key.
.It Fl sgckey
Use the modified NET algorithm used with some versions of Microsoft IIS

and SGC keys.
.It Fl text
Print the public/private key components in plain text.

.El


































































.Sh RSAUTL
.nr nS 1
.Nm "openssl rsautl"

.Op Fl asn1parse
.Op Fl certin
.Op Fl decrypt
.Op Fl encrypt
.Op Fl hexdump
.Op Fl in Ar file
.Op Fl inkey Ar file
.Op Fl keyform Cm der | pem
.Op Fl oaep | pkcs | raw | ssl
.Op Fl out Ar file
.Op Fl pubin
.Op Fl sign
.Op Fl verify

.nr nS 0
.Pp
The
.Nm rsautl
command can be used to sign, verify, encrypt and decrypt
data using the RSA algorithm.
.Pp
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
.It Fl decrypt
Decrypt the input data using an RSA private key.
.It Fl encrypt
Encrypt the input data using an RSA public key.
.It Fl hexdump
Hex dump the output data.
.It Fl in Ar file
This specifies the input
.Ar file
to read data from, or standard input
if this option is not specified.
.It Fl inkey Ar file
The input key file, by default it should be an RSA private key.
.It Fl keyform Ar DER | PEM
Private ket format.
Default is
.Ar PEM .
.It Fl oaep | pkcs | raw | ssl
The padding to use:
PKCS#1 OAEP, PKCS#1 v1.5
.Pq the default ,
or no padding, respectively.
For signatures, only
.Fl pkcs
and
.Fl raw
can be used.
.It Fl out Ar file
Specifies the output
.Ar file
to write to, or standard output by
default.
.It Fl pubin
The input file is an RSA public key.
.It Fl sign
Sign the input data and output the signed result.
This requires an RSA private key.
.It Fl verify
Verify the input data and output the recovered data.
.El
.Sh RSAUTL NOTES
.Nm rsautl ,
because it uses the RSA algorithm directly, can only be
used to sign or verify small pieces of data.
.Sh RSAUTL EXAMPLES
Sign some data using a private key:
.Pp
.Dl "$ openssl rsautl -sign -in file -inkey key.pem -out sig"
.Pp
Recover the signed data:
.Pp
.Dl $ openssl rsautl -verify -in sig -inkey key.pem
.Pp
Examine the raw signed data:
.Pp
.Li "\ \&$ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump"
.Bd -unfilled
\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
.Ed
.Pp
The PKCS#1 block formatting is evident from this.
If this was done using encrypt and decrypt, the block would have been of type 2
.Pq the second byte
and random padding data visible instead of the 0xff bytes.
.Pp
It is possible to analyse the signature of certificates using this
utility in conjunction with
.Nm asn1parse .
Consider the self-signed example in
.Pa certs/pca-cert.pem :
running
.Nm asn1parse
as follows yields:
.Pp
.Li "\ \&$ openssl asn1parse -in pca-cert.pem"
.Bd -unfilled
\&    0:d=0  hl=4 l= 742 cons: SEQUENCE
\&    4:d=1  hl=4 l= 591 cons:  SEQUENCE
\&    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
\&   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
\&   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
\&   16:d=2  hl=2 l=  13 cons:   SEQUENCE
\&   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
\&   29:d=3  hl=2 l=   0 prim:    NULL
\&   31:d=2  hl=2 l=  92 cons:   SEQUENCE
\&   33:d=3  hl=2 l=  11 cons:    SET
\&   35:d=4  hl=2 l=   9 cons:     SEQUENCE
\&   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
\&   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
\&  ....
\&  599:d=1  hl=2 l=  13 cons:  SEQUENCE
\&  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
\&  612:d=2  hl=2 l=   0 prim:   NULL
\&  614:d=1  hl=3 l= 129 prim:  BIT STRING
.Ed
.Pp
The final BIT STRING contains the actual signature.
It can be extracted with:
.Pp
.Dl "$ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614"
.Pp
The certificate public key can be extracted with:
.Pp
.Dl $ openssl x509 -in test/testx509.pem -pubkey -noout \*(Gtpubkey.pem
.Pp
The signature can be analysed with:
.Pp
.Li "\ \&$ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin"
.Bd -unfilled
\&    0:d=0  hl=2 l=  32 cons: SEQUENCE
\&    2:d=1  hl=2 l=  12 cons:  SEQUENCE
\&    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
\&   14:d=2  hl=2 l=   0 prim:   NULL
\&   16:d=1  hl=2 l=  16 prim:  OCTET STRING
\&   0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5  .F...Js.7...H%..
.Ed
.Pp
This is the parsed version of an ASN1
.Em DigestInfo
structure.
It can be seen that the digest used was MD5.
The actual part of the certificate that was signed can be extracted with:
.Pp
.Dl "$ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4"
.Pp
and its digest computed with:
.Pp
.Dl $ openssl md5 -c tbs
.D1 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
.Pp
which it can be seen agrees with the recovered value above.
.\"
.\" S_CLIENT
.\"
.Sh S_CLIENT
.nr nS 1
.Nm "openssl s_client"
.Bk -words
.Op Fl 4 | 6
.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl check_ss_sig
.Op Fl cipher Ar cipherlist
.Oo
.Fl connect Ar host : Ns Ar port |
.Ar host Ns / Ns Ar port
.Oc
.Op Fl crl_check
.Op Fl crl_check_all
.Op Fl crlf
.Op Fl debug
.Op Fl extended_crl
.Op Fl ign_eof
.Op Fl ignore_critical







|
<
|
<

|
|
|
|
|


|
<
<






|
<
|
<








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<







<
|
<
<







3531
3532
3533
3534
3535
3536
3537
3538

3539

3540
3541
3542
3543
3544
3545
3546
3547
3548


3549
3550
3551
3552
3553
3554
3555

3556

3557
3558
3559
3560
3561
3562
3563
3564





































































































3565
3566
3567

3568
3569
3570
3571
3572
3573
3574

3575


3576
3577
3578
3579
3580
3581
3582
.It Fl decrypt
Decrypt the input data using an RSA private key.
.It Fl encrypt
Encrypt the input data using an RSA public key.
.It Fl hexdump
Hex dump the output data.
.It Fl in Ar file
The input to read from,

or standard input if not specified.

.It Fl inkey Ar file
The input key file; by default an RSA private key.
.It Fl keyform Cm der | pem
The private ket format.
The default is
.Cm pem .
.It Fl oaep | pkcs | raw | ssl
The padding to use:
PKCS#1 OAEP, PKCS#1 v1.5 (the default), or no padding, respectively.


For signatures, only
.Fl pkcs
and
.Fl raw
can be used.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.

.It Fl pubin
The input file is an RSA public key.
.It Fl sign
Sign the input data and output the signed result.
This requires an RSA private key.
.It Fl verify
Verify the input data and output the recovered data.
.El





































































































.Sh S_CLIENT
.nr nS 1
.Nm "openssl s_client"

.Op Fl 4 | 6
.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl check_ss_sig
.Op Fl cipher Ar cipherlist

.Op Fl connect Ar host Ns Op : Ns Ar port


.Op Fl crl_check
.Op Fl crl_check_all
.Op Fl crlf
.Op Fl debug
.Op Fl extended_crl
.Op Fl ign_eof
.Op Fl ignore_critical
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399

5400

5401


5402






5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
.Op Fl tls1
.Op Fl tls1_1
.Op Fl tls1_2
.Op Fl tlsextdebug
.Op Fl verify Ar depth
.Op Fl x509_strict
.Op Fl xmpphost Ar host
.Ek
.nr nS 0
.Pp
The
.Nm s_client
command implements a generic SSL/TLS client which connects
to a remote host using SSL/TLS.

It is a

.Em very


useful diagnostic tool for SSL servers.






.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 4
Specify that
.Nm s_client
should attempt connections using IPv4 only.
.It Fl 6
Specify that
.Nm s_client
should attempt connections using IPv6 only.
.It Fl bugs
There are several known bugs in SSL and TLS implementations.
Adding this option enables various workarounds.
.It Fl CAfile Ar file
A
.Ar file
containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
.It Fl CApath Ar directory
The







<






>
|
>
|
>
>
|
>
>
>
>
>
>




<
<
|

<
<
|

<
|







3604
3605
3606
3607
3608
3609
3610

3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633


3634
3635


3636
3637

3638
3639
3640
3641
3642
3643
3644
3645
.Op Fl tls1
.Op Fl tls1_1
.Op Fl tls1_2
.Op Fl tlsextdebug
.Op Fl verify Ar depth
.Op Fl x509_strict
.Op Fl xmpphost Ar host

.nr nS 0
.Pp
The
.Nm s_client
command implements a generic SSL/TLS client which connects
to a remote host using SSL/TLS.
.Pp
If a connection is established with an SSL server, any data received
from the server is displayed and any key presses will be sent to the
server.
When used interactively (which means neither
.Fl quiet
nor
.Fl ign_eof
have been given), the session will be renegotiated if the line begins with an
.Cm R ;
if the line begins with a
.Cm Q
or if end of file is reached, the connection will be closed down.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 4


Attempt connections using IPv4 only.
.It Fl 6


Attempt connections using IPv6 only.
.It Fl bugs

Enable various workarounds for buggy implementations.
.It Fl CAfile Ar file
A
.Ar file
containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
.It Fl CApath Ar directory
The
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563

5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
.Fl ignore_critical ,
.Fl issuer_checks ,
.Fl policy_check ,
.Fl x509_strict
.Xc
Set various certificate chain validation options.
See the
.Nm VERIFY
command for details.
.It Fl cipher Ar cipherlist
This allows the cipher list sent by the client to be modified.
Although the server determines which cipher suite is used, it should take
the first supported cipher in the list sent by the client.
See the
.Sx CIPHERS
section above for more information.
.It Xo
.Fl connect Ar host : Ns Ar port |
.Ar host Ns / Ns Ar port
.Xc
This specifies the
.Ar host
and optional
.Ar port
to connect to.
If not specified, an attempt is made to connect to the local host
on port 4433.
Alternatively, the host and port pair may be separated using a forward-slash
character.
This form is useful for numeric IPv6 addresses.
.It Fl crlf
This option translates a line feed from the terminal into CR+LF as required
by some servers.
.It Fl debug
Print extensive debugging information including a hex dump of all traffic.
.It Fl ign_eof
Inhibit shutting down the connection when end of file is reached in the
input.
.It Fl key Ar keyfile
The private key to use.
If not specified, the certificate file will be used.
.It Fl msg
Show all protocol messages with hex dump.
.It Fl nbio
Turns on non-blocking I/O.
.It Fl nbio_test
Tests non-blocking I/O.
.It Fl no_tls1 | no_tls1_1 | no_tls1_2
By default, the initial handshake uses a method which should be compatible
with servers supporting any version of TLS.
These options disable the use of TLS1.0, 1.1, and 1.2, respectively.
.Pp
Unfortunately there are a lot of ancient and broken servers in use which
cannot handle this technique and will fail to connect.
.It Fl no_ticket
Disable RFC 4507 session ticket support.
.It Fl pause
Pauses 1 second between each read and write call.
.It Fl prexit
Print session information when the program exits.
This will always attempt
to print out information even if the connection fails.
Normally, information will only be printed out once if the connection succeeds.
This option is useful because the cipher in use may be renegotiated
or the connection may fail because a client certificate is required or is
requested only after an attempt is made to access a certain URL.
.Sy Note :
the output produced by this option is not always accurate because a
connection might never have been established.
.It Fl proxy Ar host : Ns Ar port
Use the HTTP proxy at
.Ar host
and
.Ar port .
The connection to the proxy is done in cleartext and the
.Fl connect
argument is given to the proxy.
If not specified, localhost is used as final destination.
After that, switch the connection through the proxy to the destination
to TLS.
.It Fl psk Ar key
Use the PSK key
.Ar key
when using a PSK cipher suite.
The key is given as a hexadecimal number without the leading 0x,
for example -psk 1a2b3c4d.
.It Fl psk_identity Ar identity
Use the PSK identity
.Ar identity
when using a PSK cipher suite.
.It Fl quiet
Inhibit printing of session and certificate information.
This implicitly turns on
.Fl ign_eof
as well.
.It Fl reconnect
Reconnects to the same server 5 times using the same session ID; this can
be used as a test that session caching is working.
.It Fl servername Ar name
Include the TLS Server Name Indication (SNI) extension in the ClientHello
message, using the specified server
.Ar name .
.It Fl showcerts
Display the whole server certificate chain: normally only the server
certificate itself is displayed.
.It Fl starttls Ar protocol
Send the protocol-specific message(s) to switch to TLS for communication.
.Ar protocol
is a keyword for the intended protocol.
Currently, the supported keywords are
.Qq ftp ,
.Qq imap ,
.Qq smtp ,
.Qq pop3 ,
and
.Qq xmpp .
.It Fl state
Prints out the SSL session states.
.It Fl tls1 | tls1_1 | tls1_2
Permit only TLS1.0, 1.1, or 1.2, respectively.
.It Fl tlsextdebug
Print out a hex dump of any TLS extensions received from the server.
.It Fl verify Ar depth
The verify

.Ar depth
to use.
This specifies the maximum length of the
server certificate chain and turns on server certificate verification.
Currently the verify operation continues after errors so all the problems
with a certificate chain can be seen.
As a side effect the connection will never fail due to a server
certificate verify failure.
.It Fl xmpphost Ar hostname
This option, when used with
.Fl starttls Ar xmpp ,
specifies the host for the "to" attribute of the stream element.
If this option is not specified then the host specified with
.Fl connect
will be used.
.El
.Sh S_CLIENT CONNECTED COMMANDS
If a connection is established with an SSL server, any data received
from the server is displayed and any key presses will be sent to the
server.
When used interactively (which means neither
.Fl quiet
nor
.Fl ign_eof
have been given), the session will be renegotiated if the line begins with an
.Em R ;
if the line begins with a
.Em Q
or if end of file is reached, the connection will be closed down.
.Sh S_CLIENT NOTES
.Nm s_client
can be used to debug SSL servers.
To connect to an SSL HTTP server the command:
.Pp
.Dl $ openssl s_client -connect servername:443
.Pp
would typically be used
.Pq HTTPS uses port 443 .
If the connection succeeds, an HTTP command can be given such as
.Qq GET
to retrieve a web page.
.Pp
If the handshake fails, there are several possible causes; if it is
nothing obvious like no client certificate, then the
.Fl bugs , tls1 , tls1_1, tls1_2 , no_tls1 , no_tls1_1 ,
and
.Fl no_tls1_2
options can be tried in case it is a buggy server.
.Pp
A frequent problem when attempting to get client certificates working
is that a web client complains it has no certificates or gives an empty
list to choose from.
This is normally because the server is not sending the client's certificate
authority in its
.Qq acceptable CA list
when it requests a certificate.
By using
.Nm s_client
the CA list can be viewed and checked.
However some servers only request client authentication
after a specific URL is requested.
To obtain the list in this case it is necessary to use the
.Fl prexit
option and send an HTTP request for an appropriate page.
.Pp
If a certificate is specified on the command line using the
.Fl cert
option, it will not be used unless the server specifically requests
a client certificate.
Therefore merely including a client certificate
on the command line is no guarantee that the certificate works.
.Pp
If there are problems verifying a server certificate, the
.Fl showcerts
option can be used to show the whole chain.
.Pp
Compression methods are only supported for
.Fl tls1 .
.Sh S_CLIENT BUGS
Because this program has a lot of options and also because some of
the techniques used are rather old, the C source of
.Nm s_client
is rather hard to read and not a model of how things should be done.
A typical SSL client program would be much simpler.
.Pp
The
.Fl verify
option should really exit if the server verification fails.
.Pp
The
.Fl prexit
option is a bit of a hack.
We should really report information whenever a session is renegotiated.
.\"
.\" S_SERVER
.\"
.Sh S_SERVER
.nr nS 1
.Nm "openssl s_server"
.Bk -words
.Op Fl accept Ar port
.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl cipher Ar cipherlist
.Op Fl context Ar id







|


|



|
|
<
|
<
<
|

|





|
|

|
|

|

|
<






|

|

<
<
|
<
<
<



|








<
|
|


















|








|









|










|



|

|
>
|
<
<
<





|

|




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<







3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677

3678


3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695

3696
3697
3698
3699
3700
3701
3702
3703
3704
3705


3706



3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718

3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777



3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
















































































3790
3791
3792

3793
3794
3795
3796
3797
3798
3799
.Fl ignore_critical ,
.Fl issuer_checks ,
.Fl policy_check ,
.Fl x509_strict
.Xc
Set various certificate chain validation options.
See the
.Nm verify
command for details.
.It Fl cipher Ar cipherlist
Modify the cipher list sent by the client.
Although the server determines which cipher suite is used, it should take
the first supported cipher in the list sent by the client.
See the
.Nm ciphers
command for more information.

.It Fl connect Ar host Ns Op : Ns Ar port


The
.Ar host
and
.Ar port
to connect to.
If not specified, an attempt is made to connect to the local host
on port 4433.
Alternatively, the host and port pair may be separated using a forward-slash
character,
which is useful for numeric IPv6 addresses.
.It Fl crlf
Translate a line feed from the terminal into CR+LF,
as required by some servers.
.It Fl debug
Print extensive debugging information, including a hex dump of all traffic.
.It Fl ign_eof
Inhibit shutting down the connection when end of file is reached in the input.

.It Fl key Ar keyfile
The private key to use.
If not specified, the certificate file will be used.
.It Fl msg
Show all protocol messages with hex dump.
.It Fl nbio
Turn on non-blocking I/O.
.It Fl nbio_test
Test non-blocking I/O.
.It Fl no_tls1 | no_tls1_1 | no_tls1_2


Disable the use of TLS1.0, 1.1, and 1.2, respectively.



.It Fl no_ticket
Disable RFC 4507 session ticket support.
.It Fl pause
Pause 1 second between each read and write call.
.It Fl prexit
Print session information when the program exits.
This will always attempt
to print out information even if the connection fails.
Normally, information will only be printed out once if the connection succeeds.
This option is useful because the cipher in use may be renegotiated
or the connection may fail because a client certificate is required or is
requested only after an attempt is made to access a certain URL.

Note that the output produced by this option is not always accurate
because a connection might never have been established.
.It Fl proxy Ar host : Ns Ar port
Use the HTTP proxy at
.Ar host
and
.Ar port .
The connection to the proxy is done in cleartext and the
.Fl connect
argument is given to the proxy.
If not specified, localhost is used as final destination.
After that, switch the connection through the proxy to the destination
to TLS.
.It Fl psk Ar key
Use the PSK key
.Ar key
when using a PSK cipher suite.
The key is given as a hexadecimal number without the leading 0x,
for example -psk 1a2b3c4d.
.It Fl psk_identity Ar identity
Use the PSK
.Ar identity
when using a PSK cipher suite.
.It Fl quiet
Inhibit printing of session and certificate information.
This implicitly turns on
.Fl ign_eof
as well.
.It Fl reconnect
Reconnect to the same server 5 times using the same session ID; this can
be used as a test that session caching is working.
.It Fl servername Ar name
Include the TLS Server Name Indication (SNI) extension in the ClientHello
message, using the specified server
.Ar name .
.It Fl showcerts
Display the whole server certificate chain: normally only the server
certificate itself is displayed.
.It Fl starttls Ar protocol
Send the protocol-specific messages to switch to TLS for communication.
.Ar protocol
is a keyword for the intended protocol.
Currently, the supported keywords are
.Qq ftp ,
.Qq imap ,
.Qq smtp ,
.Qq pop3 ,
and
.Qq xmpp .
.It Fl state
Print the SSL session states.
.It Fl tls1 | tls1_1 | tls1_2
Permit only TLS1.0, 1.1, or 1.2, respectively.
.It Fl tlsextdebug
Print a hex dump of any TLS extensions received from the server.
.It Fl verify Ar depth
Turn on server certificate verification,
with a maximum length of
.Ar depth .



Currently the verify operation continues after errors so all the problems
with a certificate chain can be seen.
As a side effect the connection will never fail due to a server
certificate verify failure.
.It Fl xmpphost Ar hostname
When used with
.Fl starttls Ar xmpp ,
specify the host for the "to" attribute of the stream element.
If this option is not specified then the host specified with
.Fl connect
will be used.
.El
















































































.Sh S_SERVER
.nr nS 1
.Nm "openssl s_server"

.Op Fl accept Ar port
.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl cipher Ar cipherlist
.Op Fl context Ar id
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709























5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721


5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745

5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873

5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989


5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043

6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054


6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214


6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321




6322




6323
6324
6325





6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
.Op Fl tls1
.Op Fl tls1_1
.Op Fl tls1_2
.Op Fl Verify Ar depth
.Op Fl verify Ar depth
.Op Fl WWW
.Op Fl www
.Ek
.nr nS 0
.Pp
The
.Nm s_server
command implements a generic SSL/TLS server which listens
for connections on a given port using SSL/TLS.























.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl accept Ar port
The TCP
.Ar port
to listen on for connections.
If not specified, 4433 is used.
.It Fl bugs
There are several known bugs in SSL and TLS implementations.
Adding this option enables various workarounds.
.It Fl CAfile Ar file


A file containing trusted certificates to use during client authentication
and to use when attempting to build the server certificate chain.
The list is also used in the list of acceptable client CAs passed to the
client when a certificate is requested.
.It Fl CApath Ar directory
The
.Ar directory
to use for client certificate verification.
This directory must be in
.Qq hash format ;
see
.Fl verify
for more information.
These are also used when building the server certificate chain.
.It Fl cert Ar file
The certificate to use; most server's cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
for example the DSS cipher suites require a certificate containing a DSS
.Pq DSA
key.
If not specified, the file
.Pa server.pem
will be used.
.It Fl cipher Ar cipherlist

This allows the cipher list used by the server to be modified.
When the client sends a list of supported ciphers, the first client cipher
also included in the server list is used.
Because the client specifies the preference order, the order of the server
cipherlist is irrelevant.
See the
.Sx CIPHERS
section for more information.
.It Fl context Ar id
Sets the SSL context ID.
It can be given any string value.
If this option is not present, a default value will be used.
.It Fl crl_check , crl_check_all
Check the peer certificate has not been revoked by its CA.
The CRLs are appended to the certificate file.
With the
.Fl crl_check_all
option, all CRLs of all CAs in the chain are checked.
.It Fl crlf
This option translates a line feed from the terminal into CR+LF.
.It Fl dcert Ar file , Fl dkey Ar file
Specify an additional certificate and private key; these behave in the
same manner as the
.Fl cert
and
.Fl key
options except there is no default if they are not specified
.Pq no additional certificate or key is used .
As noted above some cipher suites require a certificate containing a key of
a certain type.
Some cipher suites need a certificate carrying an RSA key
and some a DSS
.Pq DSA
key.
By using RSA and DSS certificates and keys,
a server can support clients which only support RSA or DSS cipher suites
by using an appropriate certificate.
.It Fl debug
Print extensive debugging information including a hex dump of all traffic.
.It Fl dhparam Ar file
The DH parameter file to use.
The ephemeral DH cipher suites generate keys
using a set of DH parameters.
If not specified, an attempt is made to
load the parameters from the server certificate file.
If this fails, a static set of parameters hard coded into the
.Nm s_server
program will be used.
.It Fl hack
This option enables a further workaround for some early Netscape
SSL code
.Pq \&? .
.It Fl HTTP
Emulates a simple web server.
Pages will be resolved relative to the current directory;
for example if the URL
.Pa https://myhost/page.html
is requested, the file
.Pa ./page.html
will be loaded.
The files loaded are assumed to contain a complete and correct HTTP
response (lines that are part of the HTTP response line and headers
must end with CRLF).
.It Fl id_prefix Ar arg
Generate SSL/TLS session IDs prefixed by
.Ar arg .
This is mostly useful for testing any SSL/TLS code
.Pq e.g. proxies
that wish to deal with multiple servers, when each of which might be
generating a unique range of session IDs
.Pq e.g. with a certain prefix .
.It Fl key Ar keyfile
The private key to use.
If not specified, the certificate file will be used.
.It Fl msg
Show all protocol messages with hex dump.
.It Fl nbio
Turns on non-blocking I/O.
.It Fl nbio_test
Tests non-blocking I/O.
.It Fl no_dhe
If this option is set, no DH parameters will be loaded, effectively
disabling the ephemeral DH cipher suites.
.It Fl no_tls1 | no_tls1_1 | no_tls1_2
By default, the initial handshake uses a method which should be compatible
with clients supporting any version of TLS.
These options disable the use of TLS1.0, 1.1, and 1.2, respectively.
.It Fl no_tmp_rsa
Certain export cipher suites sometimes use a temporary RSA key; this option
disables temporary RSA key generation.
.It Fl nocert
If this option is set, no certificate is used.
This restricts the cipher suites available to the anonymous ones
.Pq currently just anonymous DH .
.It Fl psk Ar key
Use the PSK key
.Ar key
when using a PSK cipher suite.
The key is given as a hexadecimal number without the leading 0x,
for example -psk 1a2b3c4d.
.It Fl psk_hint Ar hint
Use the PSK identity hint
.Ar hint
when using a PSK cipher suite.
.It Fl quiet
Inhibit printing of session and certificate information.
.It Fl serverpref
Use server's cipher preferences.
.It Fl state
Prints out the SSL session states.
.It Fl tls1 | tls1_1 | tls1_2
Permit only TLS1.0, 1.1, or 1.2, respectively.
.It Fl WWW
Emulates a simple web server.
Pages will be resolved relative to the current directory;
for example if the URL
.Pa https://myhost/page.html
is requested, the file
.Pa ./page.html
will be loaded.
.It Fl www
Sends a status message back to the client when it connects.
This includes lots of information about the ciphers used and various
session parameters.
The output is in HTML format so this option will normally be used with a
web browser.
.It Fl Verify Ar depth , Fl verify Ar depth
The verify

.Ar depth
to use.
This specifies the maximum length of the client certificate chain
and makes the server request a certificate from the client.
With the
.Fl Verify
option, the client must supply a certificate or an error occurs.
With the
.Fl verify
option, a certificate is requested but the client does not have to send one.
.El
.Sh S_SERVER CONNECTED COMMANDS
If a connection request is established with an SSL client and neither the
.Fl www
nor the
.Fl WWW
option has been used, then normally any data received
from the client is displayed and any key presses will be sent to the client.
.Pp
Certain single letter commands are also recognized which perform special
operations: these are listed below.
.Bl -tag -width "XXXX"
.It Ar P
Send some plain text down the underlying TCP connection: this should
cause the client to disconnect due to a protocol violation.
.It Ar Q
End the current SSL connection and exit.
.It Ar q
End the current SSL connection, but still accept new connections.
.It Ar R
Renegotiate the SSL session and request a client certificate.
.It Ar r
Renegotiate the SSL session.
.It Ar S
Print out some session cache status information.
.El
.Sh S_SERVER NOTES
.Nm s_server
can be used to debug SSL clients.
To accept connections from a web browser the command:
.Pp
.Dl $ openssl s_server -accept 443 -www
.Pp
can be used, for example.
.Pp
Most web browsers
.Pq in particular Netscape and MSIE
only support RSA cipher suites, so they cannot connect to servers
which don't use a certificate carrying an RSA key or a version of
.Nm OpenSSL
with RSA disabled.
.Pp
Although specifying an empty list of CAs when requesting a client certificate
is strictly speaking a protocol violation, some SSL
clients interpret this to mean any CA is acceptable.
This is useful for debugging purposes.
.Pp
The session parameters can printed out using the
.Nm sess_id
program.
.Sh S_SERVER BUGS
Because this program has a lot of options and also because some of
the techniques used are rather old, the C source of
.Nm s_server
is rather hard to read and not a model of how things should be done.
A typical SSL server program would be much simpler.
.Pp
The output of common ciphers is wrong: it just gives the list of ciphers that
.Nm OpenSSL
recognizes and the client supports.
.Pp
There should be a way for the
.Nm s_server
program to print out details of any
unknown cipher suites a client says it supports.
.\"
.\" S_TIME
.\"
.Sh S_TIME
.nr nS 1
.Nm "openssl s_time"
.Bk -words
.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl cipher Ar cipherlist
.Op Fl connect Ar host : Ns Ar port
.Op Fl key Ar keyfile
.Op Fl nbio
.Op Fl new
.Op Fl no_shutdown
.Op Fl reuse
.Op Fl time Ar seconds
.Op Fl verify Ar depth
.Op Fl www Ar page
.Ek
.nr nS 0
.Pp
The
.Nm s_client
command implements a generic SSL/TLS client which connects to a
remote host using SSL/TLS.
It can request a page from the server and includes
the time to transfer the payload data in its timing measurements.
It measures the number of connections within a given timeframe,
the amount of data transferred
.Pq if any ,
and calculates the average time spent for one connection.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl bugs
There are several known bugs in SSL and TLS implementations.
Adding this option enables various workarounds.
.It Fl CAfile Ar file


A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
.It Fl CApath Ar directory
The directory to use for server certificate verification.
This directory must be in
.Qq hash format ;
see
.Nm verify
for more information.
These are also used when building the client certificate chain.
.It Fl cert Ar file
The certificate to use, if one is requested by the server.
The default is not to use a certificate.
The file is in PEM format.
.It Fl cipher Ar cipherlist
This allows the cipher list sent by the client to be modified.
Although the server determines which cipher suite is used,
it should take the first supported cipher in the list sent by the client.
See the
.Nm ciphers
command for more information.
.It Fl connect Ar host : Ns Ar port
This specifies the host and optional port to connect to.
.It Fl key Ar keyfile
The private key to use.
If not specified, the certificate file will be used.
The file is in PEM format.
.It Fl nbio
Turns on non-blocking I/O.
.It Fl new
Performs the timing test using a new session ID for each connection.
If neither
.Fl new
nor
.Fl reuse
are specified,
they are both on by default and executed in sequence.
.It Fl no_shutdown
Shut down the connection without sending a
.Dq close notify
shutdown alert to the server.
.It Fl reuse
Performs the timing test using the same session ID;
this can be used as a test that session caching is working.
If neither
.Fl new
nor
.Fl reuse
are specified,
they are both on by default and executed in sequence.
.It Fl time Ar seconds
Specifies how long
.Pq in seconds
.Nm s_time

should establish connections and
optionally transfer payload data from a server.
The default is 30 seconds.
Server and client performance and the link speed
determine how many connections
.Nm s_time
can establish.
.It Fl verify Ar depth
The verify depth to use.
This specifies the maximum length of the server certificate chain
and turns on server certificate verification.


Currently the verify operation continues after errors, so all the problems
with a certificate chain can be seen.
As a side effect,
the connection will never fail due to a server certificate verify failure.
.It Fl www Ar page
This specifies the page to GET from the server.
A value of
.Sq /
gets the index.htm[l] page.
If this parameter is not specified,
.Nm s_time
will only perform the handshake to establish SSL connections
but not transfer any payload data.
.El
.Sh S_TIME NOTES
.Nm s_client
can be used to measure the performance of an SSL connection.
To connect to an SSL HTTP server and get the default page the command
.Bd -literal -offset indent
$ openssl s_time -connect servername:443 -www / -CApath yourdir \e
	-CAfile yourfile.pem -cipher commoncipher
.Ed
.Pp
would typically be used
.Pq HTTPS uses port 443 .
.Dq commoncipher
is a cipher to which both client and server can agree;
see the
.Nm ciphers
command for details.
.Pp
If the handshake fails, there are several possible causes:
if it is nothing obvious like no client certificate, the
.Fl bugs
option can be tried in case it is a buggy server.
.Pp
A frequent problem when attempting to get client certificates working
is that a web client complains it has no certificates or gives an empty
list to choose from.
This is normally because the server is not sending
the clients certificate authority in its
.Qq acceptable CA list
when it requests a certificate.
By using
.Nm s_client ,
the CA list can be viewed and checked.
However some servers only request client authentication
after a specific URL is requested.
To obtain the list in this case, it is necessary to use the
.Fl prexit
option of
.Nm s_client
and send an HTTP request for an appropriate page.
.Pp
If a certificate is specified on the command line using the
.Fl cert
option,
it will not be used unless the server specifically requests
a client certificate.
Therefore merely including a client certificate
on the command line is no guarantee that the certificate works.
.Sh S_TIME BUGS
Because this program does not have all the options of the
.Nm s_client
program to turn protocols on and off,
you may not be able to measure the performance
of all protocols with all servers.
.Pp
The
.Fl verify
option should really exit if the server verification fails.
.\"
.\" SESS_ID
.\"
.Sh SESS_ID
.nr nS 1
.Nm "openssl sess_id"
.Bk -words
.Op Fl cert
.Op Fl context Ar ID
.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl text
.Ek
.nr nS 0
.Pp
The
.Nm sess_id
program processes the encoded version of the SSL session structure and
optionally prints out SSL session details
.Pq for example the SSL session master key
in human readable format.
Since this is a diagnostic tool that needs some knowledge of the SSL
protocol to use properly, most users will not need to use it.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl cert
If a certificate is present in the session,
it will be output using this option;
if the
.Fl text
option is also present, then it will be printed out in text form.
.It Fl context Ar ID
This option can set the session ID so the output session information uses the
supplied
.Ar ID .
The
.Ar ID
can be any string of characters.
This option won't normally be used.
.It Fl in Ar file
This specifies the input
.Ar file
to read session information from, or standard input by default.
.It Fl inform Ar DER | PEM
This specifies the input format.
The
.Ar DER
argument uses an ASN1 DER-encoded
format containing session details.
The precise format can vary from one version to the next.
The
.Ar PEM
form is the default format: it consists of the DER
format base64-encoded with additional header and footer lines.
.It Fl noout
This option prevents output of the encoded version of the session.
.It Fl out Ar file
This specifies the output
.Ar file
to write session information to, or standard
output if this option is not specified.
.It Fl outform Ar DER | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl text
Prints out the various public or private key components in
plain text in addition to the encoded version.
.El
.Sh SESS_ID OUTPUT
Typical output:
.Bd -literal
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0016
    Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
    Session-ID-ctx: 01000000
    Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
    Key-Arg   : None
    Start Time: 948459261
    Timeout   : 300 (sec)
    Verify return code 0 (ok)
.Ed
.Pp
These are described below in more detail.


.Pp
.Bl -tag -width "Verify return code " -compact
.It Ar Protocol
This is the protocol in use.
.It Ar Cipher
The cipher used is the actual raw SSL or TLS cipher code;
see the SSL or TLS specifications for more information.
.It Ar Session-ID
The SSL session ID in hex format.
.It Ar Session-ID-ctx
The session ID context in hex format.
.It Ar Master-Key
This is the SSL session master key.
.It Ar Key-Arg
The key argument; this is only used in SSL v2.
.It Ar Start Time
This is the session start time, represented as an integer in standard
.Ux
format.
.It Ar Timeout
The timeout in seconds.
.It Ar Verify return code
This is the return code when an SSL client certificate is verified.
.El
.Sh SESS_ID NOTES
The PEM-encoded session format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN SSL SESSION PARAMETERS-----
-----END SSL SESSION PARAMETERS-----
.Ed
.Pp
Since the SSL session output contains the master key, it is possible to read
the contents of an encrypted session using this information.
Therefore appropriate security precautions
should be taken if the information is being output by a
.Qq real
application.
This is, however, strongly discouraged and should only be used for
debugging purposes.
.Sh SESS_ID BUGS
The cipher and start time should be printed out in human readable form.
.\"
.\" SMIME
.\"
.Sh SMIME
.nr nS 1
.Nm "openssl smime"
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | des |
.Fl des3 | rc2-40 | rc2-64 | rc2-128
.Oc
.Op Fl binary
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl certfile Ar file
.Op Fl check_ss_sig
.Op Fl content Ar file
.Op Fl crl_check
.Op Fl crl_check_all
.Op Fl decrypt
.Op Fl encrypt
.Op Fl extended_crl
.Op Fl from Ar addr
.Op Fl ignore_critical
.Op Fl in Ar file
.Op Fl indef
.Op Fl inform Ar DER | PEM | SMIME
.Op Fl inkey Ar file
.Op Fl issuer_checks
.Op Fl keyform Ar PEM
.Op Fl md Ar digest
.Op Fl noattr
.Op Fl nocerts
.Op Fl nochain
.Op Fl nodetach
.Op Fl noindef
.Op Fl nointern
.Op Fl nosigs
.Op Fl noverify
.Op Fl out Ar file
.Op Fl outform Ar DER | PEM | SMIME
.Op Fl passin Ar arg
.Op Fl pk7out
.Op Fl policy_check
.Op Fl recip Ar file
.Op Fl resign
.Op Fl sign
.Op Fl signer Ar file
.Op Fl stream
.Op Fl subject Ar s
.Op Fl text
.Op Fl to Ar addr
.Op Fl verify
.Op Fl x509_strict
.Op Ar cert.pem ...
.Ek
.nr nS 0
.Pp
The
.Nm smime
command handles
.Em S/MIME
mail.
It can encrypt, decrypt, sign, and verify
.Em S/MIME
messages.




.Pp




There are six operation options that set the type of operation to be performed.
The meaning of the other options varies according to the operation type.
.Pp





The six operation options are as follows:
.Bl -tag -width "XXXX"
.It Fl decrypt
Decrypt mail using the supplied certificate and private key.
Expects an encrypted mail message in
.Em MIME
format for the input file.
The decrypted mail is written to the output file.
.It Fl encrypt
Encrypt mail for the given recipient certificates.
Input file is the message to be encrypted.
The output file is the encrypted mail in
.Em MIME
format.
.It Fl pk7out
Takes an input message and writes out a PEM-encoded PKCS#7 structure.
.It Fl resign
Resign a message: take an existing message and one or more new signers.
.It Fl sign
Sign mail using the supplied certificate and private key.
Input file is the message to be signed.
The signed message in
.Em MIME
format is written to the output file.
.It Fl verify
Verify signed mail.
Expects a signed mail message on input and outputs the signed data.
Both clear text and opaque signing is supported.
.El
.Pp
The remaining options are as follows:
.Bl -tag -width "XXXX"
.It Xo
.Fl aes128 | aes192 | aes256 | des |
.Fl des3 | rc2-40 | rc2-64 | rc2-128
.Xc
The encryption algorithm to use.
128-, 192-, or 256-bit AES,
DES
.Pq 56 bits ,
triple DES
.Pq 168 bits ,
or 40-, 64-, or 128-bit RC2, respectively;
if not specified, 40-bit RC2 is
used.
Only used with
.Fl encrypt .
.It Fl binary
Normally, the input message is converted to
.Qq canonical
format which is effectively using CR and LF as end of line \-
as required by the
.Em S/MIME
specification.
When this option is present no translation occurs.
This is useful when handling binary data which may not be in
.Em MIME
format.
.It Fl CAfile Ar file
A
.Ar file
containing trusted CA certificates; only used with
.Fl verify .
.It Fl CApath Ar directory
A







<






>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|

|
|

<
|

>
>
|














|
|
|
<
|




>






|
|

|

<



<

|

|







|
<
<
<
<
<
<




|










|
<
<

|
|
|











<
|
|
<






|

|

<
|

<
<
|

<
|

|

|















|



|
|
|





|
|
<



|
>
|
<
<
<
|
|
|
|
|
|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<





|








<



|












<
|

>
>
|












<

|





|
|



<

|

|








|


|
<







<
|

>
|
<

<
<
<
<

<
<
|
>
>





|








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<



|


|

<






|
|
<
<










|
<

<
<
|
<

|
<
|
|
|
|
<
<
|

|
<
|


|

|
<
|
<
|
|
<
<

|
|

<
<
<
<
<
<
<
<
<
<
<
<
<
<

|
>
>

|
|
|
|
|
<
|
|
|
|
|
|
|

|
|


|
|
|
|

<
<
<
<
<
<









<
<
<
<
<



<



















|


|










|














<




|
<
<
|
|
|
>
>
>
>

>
>
>
>
|
<

>
>
>
>
>
|



|
<
<



|
|
<
<

|




|
|
<
<


|










|
<
<
<
<








|
|
<
<

|
<
<







3825
3826
3827
3828
3829
3830
3831

3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869

3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891

3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908

3909
3910
3911

3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923






3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939


3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954

3955
3956

3957
3958
3959
3960
3961
3962
3963
3964
3965
3966

3967
3968


3969
3970

3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004

4005
4006
4007
4008
4009
4010



4011
4012
4013
4014
4015
4016
4017



































































4018
4019
4020

4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034

4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050

4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067

4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079

4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095

4096
4097
4098
4099
4100
4101
4102

4103
4104
4105
4106

4107




4108


4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125




























































4126
4127
4128

4129
4130
4131
4132
4133
4134
4135
4136

4137
4138
4139
4140
4141
4142
4143
4144


4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155

4156


4157

4158
4159

4160
4161
4162
4163


4164
4165
4166

4167
4168
4169
4170
4171
4172

4173

4174
4175


4176
4177
4178
4179














4180
4181
4182
4183
4184
4185
4186
4187
4188
4189

4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206






4207
4208
4209
4210
4211
4212
4213
4214
4215





4216
4217
4218

4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266

4267
4268
4269
4270
4271


4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284

4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295


4296
4297
4298
4299
4300


4301
4302
4303
4304
4305
4306
4307
4308


4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322




4323
4324
4325
4326
4327
4328
4329
4330
4331
4332


4333
4334


4335
4336
4337
4338
4339
4340
4341
.Op Fl tls1
.Op Fl tls1_1
.Op Fl tls1_2
.Op Fl Verify Ar depth
.Op Fl verify Ar depth
.Op Fl WWW
.Op Fl www

.nr nS 0
.Pp
The
.Nm s_server
command implements a generic SSL/TLS server which listens
for connections on a given port using SSL/TLS.
.Pp
If a connection request is established with a client and neither the
.Fl www
nor the
.Fl WWW
option has been used, then any data received
from the client is displayed and any key presses are sent to the client.
Certain single letter commands perform special operations:
.Pp
.Bl -tag -width "XXXX" -compact
.It Ic P
Send plain text, which should cause the client to disconnect.
.It Ic Q
End the current SSL connection and exit.
.It Ic q
End the current SSL connection, but still accept new connections.
.It Ic R
Renegotiate the SSL session and request a client certificate.
.It Ic r
Renegotiate the SSL session.
.It Ic S
Print out some session cache status information.
.El
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl accept Ar port
Listen on TCP
.Ar port
for connections.
The default is port 4433.
.It Fl bugs

Enable various workarounds for buggy implementations.
.It Fl CAfile Ar file
A
.Ar file
containing trusted certificates to use during client authentication
and to use when attempting to build the server certificate chain.
The list is also used in the list of acceptable client CAs passed to the
client when a certificate is requested.
.It Fl CApath Ar directory
The
.Ar directory
to use for client certificate verification.
This directory must be in
.Qq hash format ;
see
.Fl verify
for more information.
These are also used when building the server certificate chain.
.It Fl cert Ar file
The certificate to use: most server's cipher suites require the use of a
certificate and some require a certificate with a certain public key type.
For example, the DSS cipher suites require a certificate containing a DSS

(DSA) key.
If not specified, the file
.Pa server.pem
will be used.
.It Fl cipher Ar cipherlist
Modify the cipher list used by the server.
This allows the cipher list used by the server to be modified.
When the client sends a list of supported ciphers, the first client cipher
also included in the server list is used.
Because the client specifies the preference order, the order of the server
cipherlist is irrelevant.
See the
.Nm ciphers
command for more information.
.It Fl context Ar id
Set the SSL context ID.
It can be given any string value.

.It Fl crl_check , crl_check_all
Check the peer certificate has not been revoked by its CA.
The CRLs are appended to the certificate file.

.Fl crl_check_all
checks all CRLs of all CAs in the chain.
.It Fl crlf
Translate a line feed from the terminal into CR+LF.
.It Fl dcert Ar file , Fl dkey Ar file
Specify an additional certificate and private key; these behave in the
same manner as the
.Fl cert
and
.Fl key
options except there is no default if they are not specified
(no additional certificate or key is used).






By using RSA and DSS certificates and keys,
a server can support clients which only support RSA or DSS cipher suites
by using an appropriate certificate.
.It Fl debug
Print extensive debugging information, including a hex dump of all traffic.
.It Fl dhparam Ar file
The DH parameter file to use.
The ephemeral DH cipher suites generate keys
using a set of DH parameters.
If not specified, an attempt is made to
load the parameters from the server certificate file.
If this fails, a static set of parameters hard coded into the
.Nm s_server
program will be used.
.It Fl hack
Enables a further workaround for some early Netscape SSL code.


.It Fl HTTP
Emulate a simple web server.
Pages are resolved relative to the current directory.
For example if the URL
.Pa https://myhost/page.html
is requested, the file
.Pa ./page.html
will be loaded.
The files loaded are assumed to contain a complete and correct HTTP
response (lines that are part of the HTTP response line and headers
must end with CRLF).
.It Fl id_prefix Ar arg
Generate SSL/TLS session IDs prefixed by
.Ar arg .
This is mostly useful for testing any SSL/TLS code

that wish to deal with multiple servers,
when each of which might be generating a unique range of session IDs.

.It Fl key Ar keyfile
The private key to use.
If not specified, the certificate file will be used.
.It Fl msg
Show all protocol messages with hex dump.
.It Fl nbio
Turn on non-blocking I/O.
.It Fl nbio_test
Test non-blocking I/O.
.It Fl no_dhe

Disable ephemeral DH cipher suites.
.It Fl no_tls1 | no_tls1_1 | no_tls1_2


Disable the use of TLS1.0, 1.1, and 1.2, respectively.
.It Fl no_tmp_rsa

Disable temporary RSA key generation.
.It Fl nocert
Do not use a certificate.
This restricts the cipher suites available to the anonymous ones
(currently just anonymous DH).
.It Fl psk Ar key
Use the PSK key
.Ar key
when using a PSK cipher suite.
The key is given as a hexadecimal number without the leading 0x,
for example -psk 1a2b3c4d.
.It Fl psk_hint Ar hint
Use the PSK identity hint
.Ar hint
when using a PSK cipher suite.
.It Fl quiet
Inhibit printing of session and certificate information.
.It Fl serverpref
Use server's cipher preferences.
.It Fl state
Print the SSL session states.
.It Fl tls1 | tls1_1 | tls1_2
Permit only TLS1.0, 1.1, or 1.2, respectively.
.It Fl WWW
Emulate a simple web server.
Pages are resolved relative to the current directory.
For example if the URL
.Pa https://myhost/page.html
is requested, the file
.Pa ./page.html
will be loaded.
.It Fl www
Send a status message to the client when it connects,
including information about the ciphers used and various session parameters.

The output is in HTML format so this option will normally be used with a
web browser.
.It Fl Verify Ar depth , Fl verify Ar depth
Request a certificate chain from the client,
with a maximum length of
.Ar depth .



With
.Fl Verify ,
the client must supply a certificate or an error occurs;
with
.Fl verify ,
a certificate is requested but the client does not have to send one.
.El



































































.Sh S_TIME
.nr nS 1
.Nm "openssl s_time"

.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl cert Ar file
.Op Fl cipher Ar cipherlist
.Op Fl connect Ar host Ns Op : Ns Ar port
.Op Fl key Ar keyfile
.Op Fl nbio
.Op Fl new
.Op Fl no_shutdown
.Op Fl reuse
.Op Fl time Ar seconds
.Op Fl verify Ar depth
.Op Fl www Ar page

.nr nS 0
.Pp
The
.Nm s_time
command implements a generic SSL/TLS client which connects to a
remote host using SSL/TLS.
It can request a page from the server and includes
the time to transfer the payload data in its timing measurements.
It measures the number of connections within a given timeframe,
the amount of data transferred
.Pq if any ,
and calculates the average time spent for one connection.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl bugs

Enable various workarounds for buggy implementations.
.It Fl CAfile Ar file
A
.Ar file
containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
.It Fl CApath Ar directory
The directory to use for server certificate verification.
This directory must be in
.Qq hash format ;
see
.Nm verify
for more information.
These are also used when building the client certificate chain.
.It Fl cert Ar file
The certificate to use, if one is requested by the server.
The default is not to use a certificate.

.It Fl cipher Ar cipherlist
Modify the cipher list sent by the client.
Although the server determines which cipher suite is used,
it should take the first supported cipher in the list sent by the client.
See the
.Nm ciphers
command for more information.
.It Fl connect Ar host Ns Op : Ns Ar port
The host and port to connect to.
.It Fl key Ar keyfile
The private key to use.
If not specified, the certificate file will be used.

.It Fl nbio
Turn on non-blocking I/O.
.It Fl new
Perform the timing test using a new session ID for each connection.
If neither
.Fl new
nor
.Fl reuse
are specified,
they are both on by default and executed in sequence.
.It Fl no_shutdown
Shut down the connection without sending a
.Qq close notify
shutdown alert to the server.
.It Fl reuse
Perform the timing test using the same session ID for each connection.

If neither
.Fl new
nor
.Fl reuse
are specified,
they are both on by default and executed in sequence.
.It Fl time Ar seconds

Limit
.Nm s_time
benchmarks to the number of
.Ar seconds .

The default is 30 seconds.




.It Fl verify Ar depth


Turn on server certificate verification,
with a maximum length of
.Ar depth .
Currently the verify operation continues after errors, so all the problems
with a certificate chain can be seen.
As a side effect,
the connection will never fail due to a server certificate verify failure.
.It Fl www Ar page
The page to GET from the server.
A value of
.Sq /
gets the index.htm[l] page.
If this parameter is not specified,
.Nm s_time
will only perform the handshake to establish SSL connections
but not transfer any payload data.
.El




























































.Sh SESS_ID
.nr nS 1
.Nm "openssl sess_id"

.Op Fl cert
.Op Fl context Ar ID
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl text

.nr nS 0
.Pp
The
.Nm sess_id
program processes the encoded version of the SSL session structure and
optionally prints out SSL session details
(for example the SSL session master key)
in human-readable format.


.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl cert
If a certificate is present in the session,
it will be output using this option;
if the
.Fl text
option is also present, then it will be printed out in text form.
.It Fl context Ar ID
Set the session

.Ar ID .


The ID can be any string of characters.

.It Fl in Ar file
The input file to read from,

or standard input if not specified.
.It Fl inform Cm der | pem
The input format.
.Cm der


uses an ASN.1 DER-encoded format containing session details.
The precise format can vary from one version to the next.
.Cm pem

is the default format: it consists of the DER
format base64-encoded with additional header and footer lines.
.It Fl noout
Do not output the encoded version of the session.
.It Fl out Ar file
The output file to write to,

or standard output if not specified.

.It Fl outform Cm der | pem
The output format.


.It Fl text
Print the various public or private key components in plain text,
in addition to the encoded version.
.El














.Pp
The output of
.Nm sess_id
is composed as follows:
.Pp
.Bl -tag -width "Verify return code " -offset 3n -compact
.It Protocol
The protocol in use.
.It Cipher
The actual raw SSL or TLS cipher code.

.It Session-ID
The SSL session ID, in hex format.
.It Session-ID-ctx
The session ID context, in hex format.
.It Master-Key
The SSL session master key.
.It Key-Arg
The key argument; this is only used in SSL v2.
.It Start Time
The session start time.
.Ux
format.
.It Timeout
The timeout, in seconds.
.It Verify return code
The return code when a certificate is verified.
.El






.Pp
Since the SSL session output contains the master key, it is possible to read
the contents of an encrypted session using this information.
Therefore appropriate security precautions
should be taken if the information is being output by a
.Qq real
application.
This is, however, strongly discouraged and should only be used for
debugging purposes.





.Sh SMIME
.nr nS 1
.Nm "openssl smime"

.Oo
.Fl aes128 | aes192 | aes256 | des |
.Fl des3 | rc2-40 | rc2-64 | rc2-128
.Oc
.Op Fl binary
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl certfile Ar file
.Op Fl check_ss_sig
.Op Fl content Ar file
.Op Fl crl_check
.Op Fl crl_check_all
.Op Fl decrypt
.Op Fl encrypt
.Op Fl extended_crl
.Op Fl from Ar addr
.Op Fl ignore_critical
.Op Fl in Ar file
.Op Fl indef
.Op Fl inform Cm der | pem | smime
.Op Fl inkey Ar file
.Op Fl issuer_checks
.Op Fl keyform Cm pem
.Op Fl md Ar digest
.Op Fl noattr
.Op Fl nocerts
.Op Fl nochain
.Op Fl nodetach
.Op Fl noindef
.Op Fl nointern
.Op Fl nosigs
.Op Fl noverify
.Op Fl out Ar file
.Op Fl outform Cm der | pem | smime
.Op Fl passin Ar arg
.Op Fl pk7out
.Op Fl policy_check
.Op Fl recip Ar file
.Op Fl resign
.Op Fl sign
.Op Fl signer Ar file
.Op Fl stream
.Op Fl subject Ar s
.Op Fl text
.Op Fl to Ar addr
.Op Fl verify
.Op Fl x509_strict
.Op Ar cert.pem ...

.nr nS 0
.Pp
The
.Nm smime
command handles S/MIME mail.


It can encrypt, decrypt, sign, and verify S/MIME messages.
.Pp
The MIME message must be sent without any blank lines between the
headers and the output.
Some mail programs will automatically add a blank line.
Piping the mail directly to an MTA is one way to
achieve the correct format.
.Pp
The supplied message to be signed or encrypted must include the necessary
MIME headers or many S/MIME clients won't display it properly (if at all).
Use the
.Fl text
option to automatically add plain text headers.

.Pp
A
.Qq signed and encrypted
message is one where a signed message is then encrypted.
This can be produced by encrypting an already signed message.
.Pp
There are a number of operations that can be performed, as follows:
.Bl -tag -width "XXXX"
.It Fl decrypt
Decrypt mail using the supplied certificate and private key.
The input file is an encrypted mail message in MIME format.


The decrypted mail is written to the output file.
.It Fl encrypt
Encrypt mail for the given recipient certificates.
The input is the message to be encrypted.
The output file is the encrypted mail, in MIME format.


.It Fl pk7out
Take an input message and write out a PEM-encoded PKCS#7 structure.
.It Fl resign
Resign a message: take an existing message and one or more new signers.
.It Fl sign
Sign mail using the supplied certificate and private key.
The input file is the message to be signed.
The signed message, in MIME format, is written to the output file.


.It Fl verify
Verify signed mail.
The input is a signed mail message and the output is the signed data.
Both clear text and opaque signing is supported.
.El
.Pp
The remaining options are as follows:
.Bl -tag -width "XXXX"
.It Xo
.Fl aes128 | aes192 | aes256 | des |
.Fl des3 | rc2-40 | rc2-64 | rc2-128
.Xc
The encryption algorithm to use.
128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),




or 40-, 64-, or 128-bit RC2, respectively;
if not specified, 40-bit RC2 is
used.
Only used with
.Fl encrypt .
.It Fl binary
Normally, the input message is converted to
.Qq canonical
format which uses CR/LF as end of line,
as required by the S/MIME specification.


When this option is present no translation occurs.
This is useful when handling binary data which may not be in MIME format.


.It Fl CAfile Ar file
A
.Ar file
containing trusted CA certificates; only used with
.Fl verify .
.It Fl CApath Ar directory
A
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
.Fl ignore_critical ,
.Fl issuer_checks ,
.Fl policy_check ,
.Fl x509_strict
.Xc
Set various certificate chain validation options.
See the
.Nm VERIFY
command for details.
.It Fl content Ar file
This specifies a file containing the detached content.
This is only useful with the
.Fl verify
command.
This is only usable if the PKCS#7 structure is using the detached
signature form where the content is not included.
This option will override any content if the input format is
.Em S/MIME
and it uses the multipart/signed
.Em MIME
content type.
.It Xo
.Fl from Ar addr ,
.Fl subject Ar s ,
.Fl to Ar addr
.Xc
The relevant mail headers.
These are included outside the signed
portion of a message so they may be included manually.
When signing, many
.Em S/MIME
mail clients check that the signer's certificate email
address matches the From: address.
.It Fl in Ar file
The input message to be encrypted or signed or the
.Em MIME
message to
be decrypted or verified.
.It Fl indef
Enable streaming I/O for encoding operations.
This permits single pass processing of data without
the need to hold the entire contents in memory,
potentially supporting very large files.
Streaming is automatically set for S/MIME signing with detached
data if the output format is SMIME;
it is currently off by default for all other operations.
.It Fl inform Ar DER | PEM | SMIME
This specifies the input format for the PKCS#7 structure.
The default is
.Em SMIME ,
which reads an
.Em S/MIME
format message.
.Ar PEM
and
.Ar DER
format change this to expect PEM and DER format PKCS#7 structures
instead.
This currently only affects the input format of the PKCS#7
structure; if no PKCS#7 structure is being input (for example with
.Fl encrypt
or
.Fl sign ) ,
this option has no effect.
.It Fl inkey Ar file
The private key to use when signing or decrypting.
This must match the corresponding certificate.
If this option is not specified, the private key must be included
in the certificate file specified with
the
.Fl recip
or
.Fl signer
file.
When signing,
this option can be used multiple times to specify successive keys.
.It Fl keyform Ar PEM
Input private key format.
.It Fl md Ar digest
The digest algorithm to use when signing or resigning.
If not present then the default digest algorithm for the signing key is used
(usually SHA1).
.It Fl noattr
Normally, when a message is signed a set of attributes are included which
include the signing time and supported symmetric algorithms.
With this option they are not included.
.It Fl nocerts
When signing a message, the signer's certificate is normally included;
with this option it is excluded.
This will reduce the size of the signed message but the verifier must
have a copy of the signer's certificate available locally (passed using the
.Fl certfile
option, for example).
.It Fl nochain
Do not do chain verification of signers' certificates: that is,
don't use the certificates in the signed message as untrusted CAs.
.It Fl nodetach
When signing a message use opaque signing: this form is more resistant
to translation by mail relays but it cannot be read by mail agents that
do not support
.Em S/MIME .
Without this option cleartext signing with the
.Em MIME
type multipart/signed is used.
.It Fl noindef
Disable streaming I/O where it would produce an encoding of indefinite length.
This option currently has no effect.
In future streaming will be enabled by default on all relevant operations
and this option will disable it.
.It Fl nointern
When verifying a message, normally certificates
.Pq if any
included in the message are searched for the signing certificate.
With this option, only the certificates specified in the
.Fl certfile
option are used.
The supplied certificates can still be used as untrusted CAs however.
.It Fl nosigs
Don't try to verify the signatures on the message.
.It Fl noverify
Do not verify the signer's certificate of a signed message.
.It Fl out Ar file
The message text that has been decrypted or verified, or the output
.Em MIME
format message that has been signed or verified.
.It Fl outform Ar DER | PEM | SMIME
This specifies the output format for the PKCS#7 structure.
The default is
.Em SMIME ,
which writes an
.Em S/MIME
format message.
.Ar PEM
and
.Ar DER
format change this to write PEM and DER format PKCS#7 structures
instead.
This currently only affects the output format of the PKCS#7
structure; if no PKCS#7 structure is being output (for example with
.Fl verify
or
.Fl decrypt )
this option has no effect.
.It Fl passin Ar arg







|


|


|
|

|
<
|
<
<








|
<



|
<
<
<








|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|
|









|






<
<
|

|
<










|
<
|
<
|

|
|
<
<

<
<
<
|
|
<
|

|



|
<
<
|
|
|
<
<
|
<
<

|
|
<







4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378

4379


4380
4381
4382
4383
4384
4385
4386
4387
4388

4389
4390
4391
4392



4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
















4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421


4422
4423
4424

4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435

4436

4437
4438
4439
4440


4441



4442
4443

4444
4445
4446
4447
4448
4449
4450


4451
4452
4453


4454


4455
4456
4457

4458
4459
4460
4461
4462
4463
4464
.Fl ignore_critical ,
.Fl issuer_checks ,
.Fl policy_check ,
.Fl x509_strict
.Xc
Set various certificate chain validation options.
See the
.Nm verify
command for details.
.It Fl content Ar file
A file containing the detached content.
This is only useful with the
.Fl verify
option,
and only usable if the PKCS#7 structure is using the detached
signature form where the content is not included.
This option will override any content if the input format is S/MIME

and it uses the multipart/signed MIME content type.


.It Xo
.Fl from Ar addr ,
.Fl subject Ar s ,
.Fl to Ar addr
.Xc
The relevant mail headers.
These are included outside the signed
portion of a message so they may be included manually.
When signing, many S/MIME

mail clients check that the signer's certificate email
address matches the From: address.
.It Fl in Ar file
The input file to read from.



.It Fl indef
Enable streaming I/O for encoding operations.
This permits single pass processing of data without
the need to hold the entire contents in memory,
potentially supporting very large files.
Streaming is automatically set for S/MIME signing with detached
data if the output format is SMIME;
it is currently off by default for all other operations.
.It Fl inform Cm der | pem | smime
The input format.
















.It Fl inkey Ar file
The private key to use when signing or decrypting,
which must match the corresponding certificate.
If this option is not specified, the private key must be included
in the certificate file specified with
the
.Fl recip
or
.Fl signer
file.
When signing,
this option can be used multiple times to specify successive keys.
.It Fl keyform Cm pem
Input private key format.
.It Fl md Ar digest
The digest algorithm to use when signing or resigning.
If not present then the default digest algorithm for the signing key is used
(usually SHA1).
.It Fl noattr


Do not include attributes.
.It Fl nocerts
Do not include the signer's certificate.

This will reduce the size of the signed message but the verifier must
have a copy of the signer's certificate available locally (passed using the
.Fl certfile
option, for example).
.It Fl nochain
Do not do chain verification of signers' certificates: that is,
don't use the certificates in the signed message as untrusted CAs.
.It Fl nodetach
When signing a message use opaque signing: this form is more resistant
to translation by mail relays but it cannot be read by mail agents that
do not support S/MIME.

Without this option cleartext signing with the MIME type

multipart/signed is used.
.It Fl noindef
Disable streaming I/O where it would produce an encoding of indefinite length
(currently has no effect).


.It Fl nointern



Only use certificates specified in the
.Fl certfile .

The supplied certificates can still be used as untrusted CAs.
.It Fl nosigs
Do not try to verify the signatures on the message.
.It Fl noverify
Do not verify the signer's certificate of a signed message.
.It Fl out Ar file
The output file to write to.


.It Fl outform Cm der | pem | smime
The output format.
The default is smime, which writes an S/MIME format message.


.Cm pem


and
.Cm der
change this to write PEM and DER format PKCS#7 structures instead.

This currently only affects the output format of the PKCS#7
structure; if no PKCS#7 structure is being output (for example with
.Fl verify
or
.Fl decrypt )
this option has no effect.
.It Fl passin Ar arg
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863

6864
6865
6866

6867
6868
6869
6870
6871
6872
6873
6874
6875














6876
6877




6878






































6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
this option can be used multiple times if more than one signer is required.
If a message is being verified, the signer's certificates will be
written to this file if the verification was successful.
.It Fl stream
The same as
.Fl indef .
.It Fl text
This option adds plain text
.Pq text/plain
.Em MIME
headers to the supplied message if encrypting or signing.
If decrypting or verifying, it strips off text headers:
if the decrypted or verified message is not of
.Em MIME
type text/plain then an error occurs.
.El
.Sh SMIME NOTES
The
.Em MIME
message must be sent without any blank lines between the
headers and the output.
Some mail programs will automatically add a blank line.
Piping the mail directly to an MTA is one way to
achieve the correct format.
.Pp
The supplied message to be signed or encrypted must include the
necessary
.Em MIME
headers or many
.Em S/MIME
clients won't display it properly
.Pq if at all .
You can use the
.Fl text
option to automatically add plain text headers.
.Pp
A
.Qq signed and encrypted
message is one where a signed message is then encrypted.
This can be produced by encrypting an already signed message:
see the
.Sx SMIME EXAMPLES
section.
.Pp
This version of the program only allows one signer per message, but it
will verify multiple signers on received messages.
Some
.Em S/MIME
clients choke if a message contains multiple signers.
It is possible to sign messages
.Qq in parallel
by signing an already signed message.
.Pp
The options
.Fl encrypt
and
.Fl decrypt
reflect common usage in
.Em S/MIME
clients.
Strictly speaking these process PKCS#7 enveloped data: PKCS#7
encrypted data is used for other purposes.
.Pp
The
.Fl resign
option uses an existing message digest when adding a new signer.
This means that attributes must be present in at least one existing
signer using the same message digest or this operation will fail.
.Pp
The
.Fl stream
and
.Fl indef
options enable experimental streaming I/O support.
As a result the encoding is BER using indefinite length constructed encoding
and no longer DER.
Streaming is supported for the
.Fl encrypt
and
.Fl sign
operations if the content is not detached.
.Pp
Streaming is always used for the
.Fl sign
operation with detached data
but since the content is no longer part of the PKCS#7 structure
the encoding remains DER.
.Sh SMIME EXIT CODES
.Bl -tag -width "XXXX"
.It Ar 0
The operation was completely successful.
.It Ar 1
An error occurred parsing the command options.
.It Ar 2
One of the input files could not be read.
.It Ar 3
An error occurred creating the PKCS#7 file or when reading the
.Em MIME
message.
.It Ar 4
An error occurred decrypting or verifying the message.
.It Ar 5
The message was verified correctly, but an error occurred writing out
the signer's certificates.
.El
.Sh SMIME EXAMPLES
Create a cleartext signed message:
.Bd -literal -offset indent
$ openssl smime -sign -in message.txt -text -out mail.msg \e
	-signer mycert.pem
.Ed
.Pp
Create an opaque signed message:
.Bd -literal -offset indent
$ openssl smime -sign -in message.txt -text -out mail.msg \e
	-nodetach -signer mycert.pem
.Ed
.Pp
Create a signed message, include some additional certificates and
read the private key from another file:
.Bd -literal -offset indent
$ openssl smime -sign -in in.txt -text -out mail.msg \e
	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
.Ed
.Pp
Create a signed message with two signers:
.Bd -literal -offset indent
openssl smime -sign -in message.txt -text -out mail.msg \e
	-signer mycert.pem -signer othercert.pem
.Ed
.Pp
Send a signed message under
.Ux
directly to
.Xr sendmail 8 ,
including headers:
.Bd -literal -offset indent
$ openssl smime -sign -in in.txt -text -signer mycert.pem \e
	-from steve@openssl.org -to someone@somewhere \e
	-subject "Signed message" | sendmail someone@somewhere
.Ed
.Pp
Verify a message and extract the signer's certificate if successful:
.Bd -literal -offset indent
$ openssl smime -verify -in mail.msg -signer user.pem \e
	-out signedtext.txt
.Ed
.Pp
Send encrypted mail using triple DES:
.Bd -literal -offset indent
$ openssl smime -encrypt -in in.txt -from steve@openssl.org \e
	-to someone@somewhere -subject "Encrypted message" \e
	-des3 -out mail.msg user.pem
.Ed
.Pp
Sign and encrypt mail:
.Bd -literal -offset indent
$ openssl smime -sign -in ml.txt -signer my.pem -text | \e
	openssl smime -encrypt -out mail.msg \e
	-from steve@openssl.org -to someone@somewhere \e
	-subject "Signed and Encrypted message" -des3 user.pem
.Ed
.Pp
.Sy Note :
The encryption command does not include the
.Fl text
option because the message being encrypted already has
.Em MIME
headers.
.Pp
Decrypt mail:
.Bd -literal -offset indent
$ openssl smime -decrypt -in mail.msg -recip mycert.pem \e
	-inkey key.pem"
.Ed
.Pp
The output from Netscape form signing is a PKCS#7 structure with the
detached signature format.
You can use this program to verify the signature by line wrapping the
base64-encoded structure and surrounding it with:
.Bd -unfilled -offset indent
-----BEGIN PKCS7-----
-----END PKCS7-----
.Ed
.Pp
and using the command:
.Bd -literal -offset indent
$ openssl smime -verify -inform PEM -in signature.pem \e
	-content content.txt
.Ed
.Pp
Alternatively, you can base64 decode the signature and use:
.Bd -literal -offset indent
$ openssl smime -verify -inform DER -in signature.der \e
	-content content.txt
.Ed
.Pp
Create an encrypted message using 128-bit AES:
.Bd -literal -offset indent
openssl smime -encrypt -in plain.txt -aes128 \e
	-out mail.msg cert.pem
.Ed
.Pp
Add a signer to an existing message:
.Bd -literal -offset indent
openssl smime -resign -in mail.msg -signer newsign.pem \e
	-out mail2.msg
.Ed
.Sh SMIME BUGS
The
.Em MIME
parser isn't very clever: it seems to handle most messages that I've thrown
at it, but it may choke on others.
.Pp
The code currently will only write out the signer's certificate to a file:
if the signer has a separate encryption certificate this must be manually
extracted.
There should be some heuristic that determines the correct encryption
certificate.
.Pp
Ideally, a database should be maintained of a certificate for each email
address.
.Pp
The code doesn't currently take note of the permitted symmetric encryption
algorithms as supplied in the
.Em SMIMECapabilities
signed attribute.
This means the user has to manually include the correct encryption algorithm.
It should store the list of permitted ciphers in a database and only use those.
.Pp
No revocation checking is done on the signer's certificate.
.Pp
The current code can only handle
.Em S/MIME
v2 messages; the more complex
.Em S/MIME
v3 structures may cause parsing errors.
.Sh SMIME HISTORY
The use of multiple
.Fl signer
options and the
.Fl resign
command were first added in
.Nm OpenSSL
1.0.0.
.\"
.\" SPEED
.\"
.Sh SPEED
.nr nS 1
.Nm "openssl speed"
.Bk -words
.Op Cm aes
.Op Cm aes-128-cbc
.Op Cm aes-192-cbc
.Op Cm aes-256-cbc
.Op Cm aes-128-gcm
.Op Cm aes-256-gcm
.Op Cm blowfish
.Op Cm bf-cbc
.Op Cm cast
.Op Cm cast-cbc
.Op Cm chacha20-poly1305
.Op Cm des
.Op Cm des-cbc
.Op Cm des-ede3
.Op Cm dsa
.Op Cm dsa512
.Op Cm dsa1024
.Op Cm dsa2048
.Op Cm hmac
.Op Cm md4
.Op Cm md5
.Op Cm rc2
.Op Cm rc2-cbc
.Op Cm rc4
.Op Cm rmd160
.Op Cm rsa
.Op Cm rsa512
.Op Cm rsa1024
.Op Cm rsa2048
.Op Cm rsa4096
.Op Cm sha1
.Op Fl decrypt
.Op Fl elapsed
.Op Fl evp Ar e
.Op Fl mr
.Op Fl multi Ar number
.Ek
.nr nS 0
.Pp
The
.Nm speed
command is used to test the performance of cryptographic algorithms.
.Bl -tag -width "XXXX"
.It Bq Cm zero or more test algorithms
If any options are given,
.Nm speed
tests those algorithms, otherwise all of the above are tested.
.It Fl decrypt
Time decryption instead of encryption
.Pq only EVP .

.It Fl elapsed
Measure time in real time instead of CPU user time.
.It Fl evp Ar e

Use EVP
.Ar e .
.It Fl mr
Produce machine readable output.
.It Fl multi Ar number
Run
.Ar number
benchmarks in parallel.
.El














.\"
.\" TS




.\"






































.Sh TS
.nr nS 1
.Nm "openssl ts"
.Bk -words
.Fl query
.Op Fl md4 | md5 | ripemd160 | sha1
.Op Fl cert
.Op Fl config Ar configfile
.Op Fl data Ar file_to_hash
.Op Fl digest Ar digest_bytes
.Op Fl in Ar request.tsq
.Op Fl no_nonce
.Op Fl out Ar request.tsq
.Op Fl policy Ar object_id
.Op Fl text
.Ek
.nr nS 0
.Pp
.nr nS 1
.Nm "openssl ts"
.Bk -words
.Fl reply
.Op Fl chain Ar certs_file.pem
.Op Fl config Ar configfile
.Op Fl in Ar response.tsr
.Op Fl inkey Ar private.pem
.Op Fl out Ar response.tsr
.Op Fl passin Ar arg
.Op Fl policy Ar object_id
.Op Fl queryfile Ar request.tsq
.Op Fl section Ar tsa_section
.Op Fl signer Ar tsa_cert.pem
.Op Fl text
.Op Fl token_in
.Op Fl token_out
.Ek
.nr nS 0
.Pp
.nr nS 1
.Nm "openssl ts"
.Bk -words
.Fl verify
.Op Fl CAfile Ar trusted_certs.pem
.Op Fl CApath Ar trusted_cert_path
.Op Fl data Ar file_to_hash
.Op Fl digest Ar digest_bytes
.Op Fl in Ar response.tsr
.Op Fl queryfile Ar request.tsq
.Op Fl token_in
.Op Fl untrusted Ar cert_file.pem
.Ek
.nr nS 0
.Pp
The
.Nm ts
command is a basic Time Stamping Authority (TSA) client and server
application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
A TSA can be part of a PKI deployment and its role is to provide long
term proof of the existence of a certain datum before a particular time.
Here is a brief description of the protocol:
.Bl -enum
.It
The TSA client computes a one-way hash value for a data file and sends
the hash to the TSA.
.It
The TSA attaches the current date and time to the received hash value,







|
<
<


|
<
|

<
<
<
<
<
<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
|
<
<
<
<
<
|
<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|

|

|

|
|
<
<
|

|
|
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


|


<






|
|
|
|

|
|
>


|
>
|
<







>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



<











<




<














<




<









<







|







4472
4473
4474
4475
4476
4477
4478
4479


4480
4481
4482

4483
4484








4485




























4486




4487





4488



4489



















4490
4491
4492
4493
4494
4495
4496
4497
4498


4499
4500
4501
4502

4503















































































































































4504
4505
4506

4507






























4508
4509
4510
4511
4512

4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531

4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600

4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611

4612
4613
4614
4615

4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629

4630
4631
4632
4633

4634
4635
4636
4637
4638
4639
4640
4641
4642

4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
this option can be used multiple times if more than one signer is required.
If a message is being verified, the signer's certificates will be
written to this file if the verification was successful.
.It Fl stream
The same as
.Fl indef .
.It Fl text
Add plain text (text/plain) MIME


headers to the supplied message if encrypting or signing.
If decrypting or verifying, it strips off text headers:
if the decrypted or verified message is not of MIME type text/plain

then an error occurs.
.El








.Pp




























The exit codes for




.Nm smime





are as follows:



.Pp



















.Bl -tag -width "XXXX"  -offset 3n -compact
.It 0
The operation was completely successful.
.It 1
An error occurred parsing the command options.
.It 2
One of the input files could not be read.
.It 3
An error occurred creating the file or when reading the message.


.It 4
An error occurred decrypting or verifying the message.
.It 5
An error occurred writing certificates.

.El















































































































































.Sh SPEED
.nr nS 1
.Nm "openssl speed"

.Op Ar algorithm






























.Op Fl decrypt
.Op Fl elapsed
.Op Fl evp Ar algorithm
.Op Fl mr
.Op Fl multi Ar number

.nr nS 0
.Pp
The
.Nm speed
command is used to test the performance of cryptographic algorithms.
.Bl -tag -width "XXXX"
.It Ar algorithm
Perform the test using
.Ar algorithm .
The default is to test all algorithms.
.It Fl decrypt
Time decryption instead of encryption;
must be used with
.Fl evp .
.It Fl elapsed
Measure time in real time instead of CPU user time.
.It Fl evp Ar algorithm
Perform the test using one of the algorithms accepted by
.Xr EVP_get_cipherbyname 3 .

.It Fl mr
Produce machine readable output.
.It Fl multi Ar number
Run
.Ar number
benchmarks in parallel.
.El
.Sh SPKAC
.nr nS 1
.Nm "openssl spkac"
.Op Fl challenge Ar string
.Op Fl in Ar file
.Op Fl key Ar keyfile
.Op Fl noout
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl pubkey
.Op Fl spkac Ar spkacname
.Op Fl spksect Ar section
.Op Fl verify
.nr nS 0
.Pp
The
.Nm spkac
command processes signed public key and challenge (SPKAC) files.
It can print out their contents, verify the signature,
and produce its own SPKACs from a supplied private key.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl challenge Ar string
The challenge string, if an SPKAC is being created.
.It Fl in Ar file
The input file to read from,
or standard input if not specified.
Ignored if the
.Fl key
option is used.
.It Fl key Ar keyfile
Create an SPKAC file using the private key in
.Ar keyfile .
The
.Fl in , noout , spksect ,
and
.Fl verify
options are ignored, if present.
.It Fl noout
Do not output the text version of the SPKAC.
.It Fl out Ar file
The output file to write to,
or standard output if not specified.
.It Fl passin Ar arg
The key password source.
.It Fl pubkey
Output the public key of an SPKAC.
.It Fl spkac Ar spkacname
An alternative name for the variable containing the SPKAC.
The default is "SPKAC".
This option affects both generated and input SPKAC files.
.It Fl spksect Ar section
An alternative name for the
.Ar section
containing the SPKAC.
.It Fl verify
Verify the digital signature on the supplied SPKAC.
.El
.Sh TS
.nr nS 1
.Nm "openssl ts"

.Fl query
.Op Fl md4 | md5 | ripemd160 | sha1
.Op Fl cert
.Op Fl config Ar configfile
.Op Fl data Ar file_to_hash
.Op Fl digest Ar digest_bytes
.Op Fl in Ar request.tsq
.Op Fl no_nonce
.Op Fl out Ar request.tsq
.Op Fl policy Ar object_id
.Op Fl text

.nr nS 0
.Pp
.nr nS 1
.Nm "openssl ts"

.Fl reply
.Op Fl chain Ar certs_file.pem
.Op Fl config Ar configfile
.Op Fl in Ar response.tsr
.Op Fl inkey Ar private.pem
.Op Fl out Ar response.tsr
.Op Fl passin Ar arg
.Op Fl policy Ar object_id
.Op Fl queryfile Ar request.tsq
.Op Fl section Ar tsa_section
.Op Fl signer Ar tsa_cert.pem
.Op Fl text
.Op Fl token_in
.Op Fl token_out

.nr nS 0
.Pp
.nr nS 1
.Nm "openssl ts"

.Fl verify
.Op Fl CAfile Ar trusted_certs.pem
.Op Fl CApath Ar trusted_cert_path
.Op Fl data Ar file_to_hash
.Op Fl digest Ar digest_bytes
.Op Fl in Ar response.tsr
.Op Fl queryfile Ar request.tsq
.Op Fl token_in
.Op Fl untrusted Ar cert_file.pem

.nr nS 0
.Pp
The
.Nm ts
command is a basic Time Stamping Authority (TSA) client and server
application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
A TSA can be part of a PKI deployment and its role is to provide long
term proof of the existence of specific data.
Here is a brief description of the protocol:
.Bl -enum
.It
The TSA client computes a one-way hash value for a data file and sends
the hash to the TSA.
.It
The TSA attaches the current date and time to the received hash value,
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095

7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
.Pp
The
.Fl query
switch can be used for creating and printing a time stamp
request with the following options:
.Bl -tag -width Ds
.It Fl cert
The TSA is expected to include its signing certificate in the
response.
.It Fl config Ar configfile
The configuration file to use.
This option overrides the
.Ev OPENSSL_CONF
environment variable.
Only the OID section of the config file is used with the
.Fl query
command.
.It Fl data Ar file_to_hash
The data file for which the time stamp request needs to be created.
stdin is the default if neither the
.Fl data
nor the
.Fl digest
option is specified.
.It Fl digest Ar digest_bytes
It is possible to specify the message imprint explicitly without the data
file.
The imprint must be specified in a hexadecimal format,
two characters per byte,
the bytes optionally separated by colons (e.g. 1A:F6:01:... or 1AF601...).
The number of bytes must match the message digest algorithm in use.
.It Fl in Ar request.tsq
This option specifies a previously created time stamp request in DER
format that will be printed into the output file.
Useful when you need to examine the content of a request in human-readable
format.
.It Fl md4|md5|ripemd160|sha|sha1
The message digest to apply to the data file.
It supports all the message digest algorithms that are supported by the
.Nm dgst
command.
The default is SHA-1.
.It Fl no_nonce
No nonce is specified in the request if this option is given.
Otherwise a 64-bit long pseudo-random none is
included in the request.
It is recommended to use nonce to protect against replay-attacks.
.It Fl out Ar request.tsq
Name of the output file to which the request will be written.
The default is stdout.
.It Fl policy Ar object_id
The policy that the client expects the TSA to use for creating the
time stamp token.
Either the dotted OID notation or OID names defined
in the config file can be used.
If no policy is requested the TSA will
use its own default policy.
.It Fl text
If this option is specified the output is in human-readable text format
instead of DER.
.El
.Pp
A time stamp response (TimeStampResp) consists of a response status
and the time stamp token itself (ContentInfo),
if the token generation was successful.
The
.Fl reply
command is for creating a time stamp
response or time stamp token based on a request and printing the
response/token in human-readable format.
If
.Fl token_out
is not specified the output is always a time stamp response (TimeStampResp),
otherwise it is a time stamp token (ContentInfo).
.Bl -tag -width Ds
.It Fl chain Ar certs_file.pem
The collection of certificates, in PEM format,
that will be included in the response
in addition to the signer certificate if the
.Fl cert
option was used for the request.
This file is supposed to contain the certificate chain
for the signer certificate from its issuer upwards.
The
.Fl reply
command does not build a certificate chain automatically.
.It Fl config Ar configfile
The configuration file to use.
This option overrides the
.Ev OPENSSL_CONF
environment variable.
See
.Sx TS CONFIGURATION FILE OPTIONS
for configurable variables.
.It Fl in Ar response.tsr
Specifies a previously created time stamp response or time stamp token, if
.Fl token_in
is also specified,
in DER format that will be written to the output file.
This option does not require a request;
it is useful, for example,
when you need to examine the content of a response or token
or you want to extract the time stamp token from a response.
If the input is a token and the output is a time stamp response a default
.Dq granted
status info is added to the token.
.It Fl inkey Ar private.pem
The signer private key of the TSA in PEM format.
Overrides the
.Cm signer_key
config file option.
.It Fl out Ar response.tsr
The response is written to this file.
The format and content of the file depends on other options (see
.Fl text
and
.Fl token_out ) .
The default is stdout.
.It Fl passin Ar arg
The key password source.
.It Fl policy Ar object_id
The default policy to use for the response unless the client
explicitly requires a particular TSA policy.
The OID can be specified either in dotted notation or with its name.
Overrides the
.Cm default_policy
config file option.

.It Fl queryfile Ar request.tsq
The name of the file containing a DER-encoded time stamp request.
.It Fl section Ar tsa_section
The name of the config file section containing the settings for the
response generation.
If not specified the default TSA section is used; see
.Sx TS CONFIGURATION FILE OPTIONS
for details.
.It Fl signer Ar tsa_cert.pem
The signer certificate of the TSA in PEM format.
The TSA signing certificate must have exactly one extended key usage
assigned to it: timeStamping.
The extended key usage must also be critical,
otherwise the certificate is going to be refused.
Overrides the
.Cm signer_cert
variable of the config file.
.It Fl text
If this option is specified the output is human-readable text format
instead of DER.
.It Fl token_in
This flag can be used together with the
.Fl in
option and indicates that the input is a DER-encoded time stamp token
(ContentInfo) instead of a time stamp response (TimeStampResp).
.It Fl token_out
The output is a time stamp token (ContentInfo) instead of time stamp
response (TimeStampResp).
.El
.Pp
The
.Fl verify
command is for verifying if a time stamp response or time stamp token
is valid and matches a particular time stamp request or data file.
The
.Fl verify
command does not use the configuration file.
.Bl -tag -width Ds
.It Fl CAfile Ar trusted_certs.pem
The name of the file containing a set of trusted self-signed CA
certificates in PEM format.
See the similar option of
.Nm verify
for additional details.
Either this option or
.Fl CApath
must be specified.
.It Fl CApath Ar trusted_cert_path
The name of the directory containing the trused CA certificates of the
client.
See the similar option of
.Nm verify
for additional details.
Either this option or
.Fl CAfile
must be specified.
.It Fl data Ar file_to_hash
The response or token must be verified against







|
<

|
<
<
<
|
<
<


|
<
<
<
<

|
<


|


|

|
<
|






|
|
<
|

|
|



|

|
<

|
<
















|










|
<
<
<
<
<
<

|

|



|
|

|
















|
<
|
<
<
|
>

|

|
<
<
<
<

|








<
|

<
<
|
|

|
|











|
<
|






|
<
|







4682
4683
4684
4685
4686
4687
4688
4689

4690
4691



4692


4693
4694
4695




4696
4697

4698
4699
4700
4701
4702
4703
4704
4705

4706
4707
4708
4709
4710
4711
4712
4713
4714

4715
4716
4717
4718
4719
4720
4721
4722
4723
4724

4725
4726

4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754






4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782

4783


4784
4785
4786
4787
4788
4789




4790
4791
4792
4793
4794
4795
4796
4797
4798
4799

4800
4801


4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818

4819
4820
4821
4822
4823
4824
4825
4826

4827
4828
4829
4830
4831
4832
4833
4834
.Pp
The
.Fl query
switch can be used for creating and printing a time stamp
request with the following options:
.Bl -tag -width Ds
.It Fl cert
Expect the TSA to include its signing certificate in the response.

.It Fl config Ar configfile
Specify an alternative configuration file.



Only the OID section is used.


.It Fl data Ar file_to_hash
The data file for which the time stamp request needs to be created.
The default is standard input.




.It Fl digest Ar digest_bytes
Specify the message imprint explicitly without the data file.

The imprint must be specified in a hexadecimal format,
two characters per byte,
the bytes optionally separated by colons.
The number of bytes must match the message digest algorithm in use.
.It Fl in Ar request.tsq
A previously created time stamp request in DER
format that will be printed into the output file.
Useful for examining the content of a request in human-readable format.

.It Fl md4 | md5 | ripemd160 | sha | sha1
The message digest to apply to the data file.
It supports all the message digest algorithms that are supported by the
.Nm dgst
command.
The default is SHA-1.
.It Fl no_nonce
Specify no nonce in the request.
The default, to include a 64-bit long pseudo-random nonce,

is recommended to protect against replay attacks.
.It Fl out Ar request.tsq
The output file to write to,
or standard output if not specified.
.It Fl policy Ar object_id
The policy that the client expects the TSA to use for creating the
time stamp token.
Either dotted OID notation or OID names defined
in the config file can be used.
If no policy is requested the TSA uses its own default policy.

.It Fl text
Output in human-readable text format instead of DER.

.El
.Pp
A time stamp response (TimeStampResp) consists of a response status
and the time stamp token itself (ContentInfo),
if the token generation was successful.
The
.Fl reply
command is for creating a time stamp
response or time stamp token based on a request and printing the
response/token in human-readable format.
If
.Fl token_out
is not specified the output is always a time stamp response (TimeStampResp),
otherwise it is a time stamp token (ContentInfo).
.Bl -tag -width Ds
.It Fl chain Ar certs_file.pem
The collection of PEM certificates
that will be included in the response
in addition to the signer certificate if the
.Fl cert
option was used for the request.
This file is supposed to contain the certificate chain
for the signer certificate from its issuer upwards.
The
.Fl reply
command does not build a certificate chain automatically.
.It Fl config Ar configfile
Specify an alternative configuration file.






.It Fl in Ar response.tsr
Specify a previously created time stamp response (or time stamp token, if
.Fl token_in
is also specified)
in DER format that will be written to the output file.
This option does not require a request;
it is useful, for example,
to examine the content of a response or token
or to extract the time stamp token from a response.
If the input is a token and the output is a time stamp response a default
.Qq granted
status info is added to the token.
.It Fl inkey Ar private.pem
The signer private key of the TSA in PEM format.
Overrides the
.Cm signer_key
config file option.
.It Fl out Ar response.tsr
The response is written to this file.
The format and content of the file depends on other options (see
.Fl text
and
.Fl token_out ) .
The default is stdout.
.It Fl passin Ar arg
The key password source.
.It Fl policy Ar object_id
The default policy to use for the response.

Either dotted OID notation or OID names defined


in the config file can be used.
If no policy is requested the TSA uses its own default policy.
.It Fl queryfile Ar request.tsq
The file containing a DER-encoded time stamp request.
.It Fl section Ar tsa_section
The config file section containing the settings for response generation.




.It Fl signer Ar tsa_cert.pem
The PEM signer certificate of the TSA.
The TSA signing certificate must have exactly one extended key usage
assigned to it: timeStamping.
The extended key usage must also be critical,
otherwise the certificate is going to be refused.
Overrides the
.Cm signer_cert
variable of the config file.
.It Fl text

Output in human-readable text format instead of DER.
.It Fl token_in


The input is a DER-encoded time stamp token (ContentInfo)
instead of a time stamp response (TimeStampResp).
.It Fl token_out
The output is a time stamp token (ContentInfo)
instead of a time stamp response (TimeStampResp).
.El
.Pp
The
.Fl verify
command is for verifying if a time stamp response or time stamp token
is valid and matches a particular time stamp request or data file.
The
.Fl verify
command does not use the configuration file.
.Bl -tag -width Ds
.It Fl CAfile Ar trusted_certs.pem
The file containing a set of trusted self-signed PEM CA certificates.

See
.Nm verify
for additional details.
Either this option or
.Fl CApath
must be specified.
.It Fl CApath Ar trusted_cert_path
The directory containing the trused CA certificates of the client.

See
.Nm verify
for additional details.
Either this option or
.Fl CAfile
must be specified.
.It Fl data Ar file_to_hash
The response or token must be verified against
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
The original time stamp request, in DER format.
The
.Fl data
and
.Fl digest
options must not be specified with this one.
.It Fl token_in
This flag can be used together with the
.Fl in
option and indicates that the input is a DER-encoded time stamp token
(ContentInfo) instead of a time stamp response (TimeStampResp).
.It Fl untrusted Ar cert_file.pem
Set of additional untrusted certificates in PEM format which may be
needed when building the certificate chain for the TSA's signing
certificate.
This file must contain the TSA signing certificate and
all intermediate CA certificates unless the response includes them.
.El
.Sh TS CONFIGURATION FILE OPTIONS
The
.Fl query
and
.Fl reply
options make use of a configuration file defined by the
.Ev OPENSSL_CONF
environment variable.
The
.Fl query
option uses only the symbolic OID names section
and it can work without it.
However, the
.Fl reply
option needs the config file for its operation.
.Pp
When there is a command line switch equivalent of a variable the
switch always overrides the settings in the config file.
.Bl -tag -width Ds
.It Cm tsa Ar section , Cm default_tsa
This is the main section and it specifies the name of another section
that contains all the options for the
.Fl reply
option.
This default section can be overridden with the
.Fl section
command line switch.
.It Cm oid_file
See
.Nm ca
for a description.
.It Cm oid_section
See
.Nm ca
for a description.
.It Cm serial
The name of the file containing the hexadecimal serial number of the
last time stamp response created.
This number is incremented by 1 for each response.
If the file does not exist at the time of response
generation a new file is created with serial number 1.
This parameter is mandatory.
.It Cm signer_cert
TSA signing certificate, in PEM format.
The same as the
.Fl signer
command line option.
.It Cm certs
A file containing a set of PEM-encoded certificates that need to be
included in the response.
The same as the
.Fl chain
command line option.
.It Cm signer_key
The private key of the TSA, in PEM format.
The same as the







<
<
|
|

|
|
<



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|
|






|











|


|
|







|







4856
4857
4858
4859
4860
4861
4862


4863
4864
4865
4866
4867

4868
4869
4870















4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
The original time stamp request, in DER format.
The
.Fl data
and
.Fl digest
options must not be specified with this one.
.It Fl token_in


The input is a DER-encoded time stamp token (ContentInfo)
instead of a time stamp response (TimeStampResp).
.It Fl untrusted Ar cert_file.pem
Additional untrusted PEM certificates which may be needed
when building the certificate chain for the TSA's signing certificate.

This file must contain the TSA signing certificate and
all intermediate CA certificates unless the response includes them.
.El















.Pp
Options specified on the command line always override
the settings in the config file:
.Bl -tag -width Ds
.It Cm tsa Ar section , Cm default_tsa
This is the main section and it specifies the name of another section
that contains all the options for the
.Fl reply
option.
This section can be overridden with the
.Fl section
command line switch.
.It Cm oid_file
See
.Nm ca
for a description.
.It Cm oid_section
See
.Nm ca
for a description.
.It Cm serial
The file containing the hexadecimal serial number of the
last time stamp response created.
This number is incremented by 1 for each response.
If the file does not exist at the time of response generation
a new file is created with serial number 1.
This parameter is mandatory.
.It Cm signer_cert
TSA signing certificate, in PEM format.
The same as the
.Fl signer
command line option.
.It Cm certs
A set of PEM-encoded certificates that need to be
included in the response.
The same as the
.Fl chain
command line option.
.It Cm signer_key
The private key of the TSA, in PEM format.
The same as the
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
.It Cm accuracy
The accuracy of the time source of the TSA in seconds, milliseconds
and microseconds.
For example, secs:1, millisecs:500, microsecs:100.
If any of the components is missing,
zero is assumed for that field.
.It Cm clock_precision_digits
Specifies the maximum number of digits, which represent the fraction of
seconds, that need to be included in the time field.
The trailing zeroes must be removed from the time,
so there might actually be fewer digits,
or no fraction of seconds at all.
The maximum value is 6;
the default is 0.
.It Cm ordering
If this option is yes,
the responses generated by this TSA can always be ordered,
even if the time difference between two responses is less







|
|

|







4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
.It Cm accuracy
The accuracy of the time source of the TSA in seconds, milliseconds
and microseconds.
For example, secs:1, millisecs:500, microsecs:100.
If any of the components is missing,
zero is assumed for that field.
.It Cm clock_precision_digits
The maximum number of digits, which represent the fraction of seconds,
that need to be included in the time field.
The trailing zeroes must be removed from the time,
so there might actually be fewer digits
or no fraction of seconds at all.
The maximum value is 6;
the default is 0.
.It Cm ordering
If this option is yes,
the responses generated by this TSA can always be ordered,
even if the time difference between two responses is less
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
.Fl chain
option is specified then the certificate identifiers of the chain will also
be included in the SigningCertificate signed attribute.
If this variable is set to no,
only the signing certificate identifier is included.
The default is no.
.El
.Sh TS ENVIRONMENT VARIABLES
.Ev OPENSSL_CONF
contains the path of the configuration file and can be
overridden by the
.Fl config
command line option.
.Sh TS EXAMPLES
All the examples below presume that
.Ev OPENSSL_CONF
is set to a proper configuration file,
e.g. the example configuration file
.Pa openssl/apps/openssl.cnf
will do.
.Pp
To create a time stamp request for design1.txt with SHA-1
without nonce and policy and no certificate is required in the response:
.Bd -literal -offset indent
$ openssl ts -query -data design1.txt -no_nonce \e
	-out design1.tsq
.Ed
.Pp
To create a similar time stamp request but specifying the message imprint
explicitly:
.Bd -literal -offset indent
$ openssl ts -query \e
	-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e
	-no_nonce -out design1.tsq
.Ed
.Pp
To print the content of the previous request in human readable format:
.Bd -literal -offset indent
$ openssl ts -query -in design1.tsq -text
.Ed
.Pp
To create a time stamp request which includes the MD5 digest
of design2.txt, requests the signer certificate and nonce,
specifies a policy ID
(assuming the tsa_policy1 name is defined in the
OID section of the config file):
.Bd -literal -offset indent
$ openssl ts -query -data design2.txt -md5 \e
	-policy tsa_policy1 -cert -out design2.tsq
.Ed
.Pp
Before generating a response,
a signing certificate must be created for the TSA that contains the
.Cm timeStamping
critical extended key usage extension
without any other key usage extensions.
You can add the
.Dq extendedKeyUsage = critical,timeStamping
line to the user certificate section
of the config file to generate a proper certificate.
See the
.Nm req ,
.Nm ca ,
and
.Nm x509
commands for instructions.
The examples below assume that cacert.pem contains the certificate of the CA,
tsacert.pem is the signing certificate issued by cacert.pem and
tsakey.pem is the private key of the TSA.
.Pp
To create a time stamp response for a request:
.Bd -literal -offset indent
$ openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \e
	-signer tsacert.pem -out design1.tsr
.Ed
.Pp
If you want to use the settings in the config file you could just write:
.Bd -literal -offset indent
$ openssl ts -reply -queryfile design1.tsq -out design1.tsr
.Ed
.Pp
To print a time stamp reply to stdout in human readable format:
.Bd -literal -offset indent
$ openssl ts -reply -in design1.tsr -text
.Ed
.Pp
To create a time stamp token instead of time stamp response:
.Bd -literal -offset indent
$ openssl ts -reply -queryfile design1.tsq \e
	-out design1_token.der -token_out
.Ed
.Pp
To print a time stamp token to stdout in human readable format:
.Bd -literal -offset indent
$ openssl ts -reply -in design1_token.der -token_in \e
	-text -token_out
.Ed
.Pp
To extract the time stamp token from a response:
.Bd -literal -offset indent
$ openssl ts -reply -in design1.tsr -out design1_token.der \e
	-token_out
.Ed
.Pp
To add
.Dq granted
status info to a time stamp token thereby creating a valid response:
.Bd -literal -offset indent
$ openssl ts -reply -in design1_token.der \e
	-token_in -out design1.tsr
.Ed
.Pp
To verify a time stamp reply against a request:
.Bd -literal -offset indent
$ openssl ts -verify -queryfile design1.tsq -in design1.tsr \e
	-CAfile cacert.pem -untrusted tsacert.pem
.Ed
.Pp
To verify a time stamp reply that includes the certificate chain:
.Bd -literal -offset indent
$ openssl ts -verify -queryfile design2.tsq -in design2.tsr \e
	-CAfile cacert.pem
.Ed
.Pp
To verify a time stamp token against the original data file:
.Bd -literal -offset indent
$ openssl ts -verify -data design2.txt -in design2.tsr \e
	-CAfile cacert.pem
.Ed
.Pp
To verify a time stamp token against a message imprint:
.Bd -literal -offset indent
$ openssl ts -verify \e
	-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e
	-in design2.tsr -CAfile cacert.pem
.Ed
.Sh TS BUGS
No support for time stamps over SMTP, though it is quite easy
to implement an automatic email-based TSA with
.Xr procmail
and
.Xr perl 1 .
Pure TCP/IP is not supported.
.Pp
The file containing the last serial number of the TSA is not
locked when being read or written.
This is a problem if more than one instance of
.Nm OpenSSL
is trying to create a time stamp
response at the same time.
.Pp
Look for the FIXME word in the source files.
.Pp
The source code should really be reviewed by somebody else, too.
.Pp
More testing is needed.
.Sh TS AUTHORS
.An Zoltan Glozik Aq Mt zglozik@opentsa.org ,
OpenTSA project
.Pq Lk http://www.opentsa.org .
.\"
.\" SPKAC
.\"
.Sh SPKAC
.nr nS 1
.Nm "openssl spkac"
.Bk -words
.Op Fl challenge Ar string
.Op Fl in Ar file
.Op Fl key Ar keyfile
.Op Fl noout
.Op Fl out Ar file
.Op Fl passin Ar arg
.Op Fl pubkey
.Op Fl spkac Ar spkacname
.Op Fl spksect Ar section
.Op Fl verify
.Ek
.nr nS 0
.Pp
The
.Nm spkac
command processes Netscape signed public key and challenge
.Pq SPKAC
files.
It can print out their contents, verify the signature,
and produce its own SPKACs from a supplied private key.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl challenge Ar string
Specifies the challenge string if an SPKAC is being created.
.It Fl in Ar file
This specifies the input
.Ar file
to read from, or standard input if this option is not specified.
Ignored if the
.Fl key
option is used.
.It Fl key Ar keyfile
Create an SPKAC file using the private key in
.Ar keyfile .
The
.Fl in , noout , spksect ,
and
.Fl verify
options are ignored if present.
.It Fl noout
Don't output the text version of the SPKAC
.Pq not used if an SPKAC is being created .
.It Fl out Ar file
Specifies the output
.Ar file
to write to, or standard output by default.
.It Fl passin Ar arg
The key password source.
.It Fl pubkey
Output the public key of an SPKAC
.Pq not used if an SPKAC is being created .
.It Fl spkac Ar spkacname
Allows an alternative name for the variable containing the SPKAC.
The default is "SPKAC".
This option affects both generated and input SPKAC files.
.It Fl spksect Ar section
Allows an alternative name for the
.Ar section
containing the SPKAC.
The default is the default section.
.It Fl verify
Verifies the digital signature on the supplied SPKAC.
.El
.Sh SPKAC EXAMPLES
Print out the contents of an SPKAC:
.Pp
.Dl $ openssl spkac -in spkac.cnf
.Pp
Verify the signature of an SPKAC:
.Pp
.Dl $ openssl spkac -in spkac.cnf -noout -verify
.Pp
Create an SPKAC using the challenge string
.Qq hello :
.Pp
.Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf
.Pp
Example of an SPKAC,
.Pq long lines split up for clarity :
.Bd -unfilled -offset indent
SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
4=
.Ed
.Sh SPKAC NOTES
A created SPKAC with suitable DN components appended can be fed into
the
.Nm ca
utility.
.Pp
SPKACs are typically generated by Netscape when a form is submitted
containing the
.Em KEYGEN
tag as part of the certificate enrollment process.
.Pp
The challenge string permits a primitive form of proof of possession
of private key.
By checking the SPKAC signature and a random challenge
string, some guarantee is given that the user knows the private key
corresponding to the public key being certified.
This is important in some applications.
Without this it is possible for a previous SPKAC
to be used in a
.Qq replay attack .
.\"
.\" VERIFY
.\"
.Sh VERIFY
.nr nS 1
.Nm "openssl verify"
.Bk -words
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl check_ss_sig
.Op Fl crl_check
.Op Fl crl_check_all
.Op Fl explicit_policy
.Op Fl extended_crl
.Op Fl help
.Op Fl ignore_critical
.Op Fl inhibit_any
.Op Fl inhibit_map
.Op Fl issuer_checks
.Op Fl policy_check
.Op Fl purpose Ar purpose
.Op Fl untrusted Ar file
.Op Fl verbose
.Op Fl x509_strict
.Op Fl
.Op Ar certificates
.Ek
.nr nS 0
.Pp
The
.Nm verify
command verifies certificate chains.
.Pp
The options are as follows:







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<

















<

<







4957
4958
4959
4960
4961
4962
4963














































































































































































































































































4964
4965
4966

4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983

4984

4985
4986
4987
4988
4989
4990
4991
.Fl chain
option is specified then the certificate identifiers of the chain will also
be included in the SigningCertificate signed attribute.
If this variable is set to no,
only the signing certificate identifier is included.
The default is no.
.El














































































































































































































































































.Sh VERIFY
.nr nS 1
.Nm "openssl verify"

.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl check_ss_sig
.Op Fl crl_check
.Op Fl crl_check_all
.Op Fl explicit_policy
.Op Fl extended_crl
.Op Fl help
.Op Fl ignore_critical
.Op Fl inhibit_any
.Op Fl inhibit_map
.Op Fl issuer_checks
.Op Fl policy_check
.Op Fl purpose Ar purpose
.Op Fl untrusted Ar file
.Op Fl verbose
.Op Fl x509_strict

.Op Ar certificates

.nr nS 0
.Pp
The
.Nm verify
command verifies certificate chains.
.Pp
The options are as follows:
7611
7612
7613
7614
7615
7616
7617

7618
7619

7620
7621

7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698

7699
7700

7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739

7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118





8119

















8120

8121





















8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160




8161
































8162




8163












8164















































































8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258











8259





























8260






























































8261







8262














8263
8264
8265
8266
8267
8268
8269
8270
8271
8272

8273
8274
8275
8276
8277
8278
8279
8280
8281

8282
8283
8284
8285
8286

8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305

8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
The
.Ar file
should contain multiple certificates in PEM format, concatenated together.
.It Fl CApath Ar directory
A
.Ar directory
of trusted certificates.

The certificates should have names of the form
.Em hash.0 ,

or have symbolic links to them of this form
("hash" is the hashed certificate subject name: see the

.Fl hash
option of the
.Nm x509
utility).
The
.Nm c_rehash
script distributed with OpenSSL
will automatically create symbolic links to a directory of certificates.
.It Fl crl_check
Checks end entity certificate validity by attempting to look up a valid CRL.
If a valid CRL cannot be found an error occurs.
.It Fl crl_check_all
Checks the validity of all certificates in the chain by attempting
to look up valid CRLs.
.It Fl explicit_policy
Set policy variable require-explicit-policy (see RFC 3280 et al).
.It Fl extended_crl
Enable extended CRL features such as indirect CRLs and alternate CRL
signing keys.
.It Fl help
Prints out a usage message.
.It Fl ignore_critical
Normally if an unhandled critical extension is present which is not
supported by
.Nm OpenSSL ,
the certificate is rejected (as required by RFC 3280 et al).
If this option is set, critical extensions are ignored.
.It Fl inhibit_any
Set policy variable inhibit-any-policy (see RFC 3280 et al).
.It Fl inhibit_map
Set policy variable inhibit-policy-mapping (see RFC 3280 et al).
.It Fl issuer_checks
Print out diagnostics relating to searches for the issuer certificate
of the current certificate.
This shows why each candidate issuer certificate was rejected.
However the presence of rejection messages
does not itself imply that anything is wrong: during the normal
verify process several rejections may take place.
.It Fl policy_check
Enables certificate policy processing.
.It Fl purpose Ar purpose
The intended use for the certificate.
Without this option no chain verification will be done.
Currently accepted uses are
.Ar sslclient , sslserver ,
.Ar nssslserver , smimesign ,
.Ar smimeencrypt , crlsign ,
.Ar any ,
and
.Ar ocsphelper .
See the
.Sx VERIFY OPERATION
section for more information.
.It Fl untrusted Ar file
A
.Ar file
of untrusted certificates.
The
.Ar file
should contain multiple certificates.
.It Fl verbose
Print extra information about the operations being performed.
.It Fl x509_strict
Disable workarounds for broken certificates which have to be disabled
for strict X.509 compliance.
.It Fl
Marks the last option.
All arguments following this are assumed to be certificate files.
This is useful if the first certificate filename begins with a
.Sq - .
.It Ar certificates
One or more
.Ar certificates
to verify.
If no certificate files are included, an attempt is made to read
a certificate from standard input.
They should all be in PEM format.

.El
.Sh VERIFY OPERATION

The
.Nm verify
program uses the same functions as the internal SSL and S/MIME verification,
therefore this description applies to these verify operations too.
.Pp
There is one crucial difference between the verify operations performed
by the
.Nm verify
program: wherever possible an attempt is made to continue
after an error, whereas normally the verify operation would halt on the
first error.
This allows all the problems with a certificate chain to be determined.
.Pp
The verify operation consists of a number of separate steps:
.Pp
Firstly a certificate chain is built up starting from the supplied certificate
and ending in the root CA.
It is an error if the whole chain cannot be built up.
The chain is built up by looking up the issuer's certificate of the current
certificate.
If a certificate is found which is its own issuer, it is assumed
to be the root CA.
.Pp
The process of
.Qq looking up the issuer's certificate
itself involves a number of steps.
In versions of
.Nm OpenSSL
before 0.9.5a the first certificate whose subject name matched the issuer
of the current certificate was assumed to be the issuer's certificate.
In
.Nm OpenSSL
0.9.6 and later all certificates whose subject name matches the issuer name
of the current certificate are subject to further tests.
The relevant authority key identifier components of the current certificate
.Pq if present
must match the subject key identifier
.Pq if present
and issuer and serial number of the candidate issuer; in addition the

.Em keyUsage
extension of the candidate issuer
.Pq if present
must permit certificate signing.
.Pp
The lookup first looks in the list of untrusted certificates and if no match
is found the remaining lookups are from the trusted certificates.
The root CA is always looked up in the trusted certificate list: if the
certificate to verify is a root certificate, then an exact match must be
found in the trusted list.
.Pp
The second operation is to check every untrusted certificate's extensions for
consistency with the supplied purpose.
If the
.Fl purpose
option is not included, then no checks are done.
The supplied or
.Qq leaf
certificate must have extensions compatible with the supplied purpose
and all other certificates must also be valid CA certificates.
The precise extensions required are described in more detail in
the
.Sx X.509 CERTIFICATE EXTENSIONS
section below.
.Pp
The third operation is to check the trust settings on the root CA.
The root CA should be trusted for the supplied purpose.
For compatibility with previous versions of
.Nm SSLeay
and
.Nm OpenSSL ,
a certificate with no trust settings is considered to be valid for
all purposes.
.Pp
The final operation is to check the validity of the certificate chain.
The validity period is checked against the current system time and the
.Em notBefore
and
.Em notAfter
dates in the certificate.
The certificate signatures are also checked at this point.
.Pp
If all operations complete successfully, the certificate is considered
valid.
If any operation fails then the certificate is not valid.
.Sh VERIFY DIAGNOSTICS
When a verify operation fails, the output messages can be somewhat cryptic.
The general form of the error message is:
.Bd -unfilled
\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
\& error 24 at 1 depth lookup:invalid CA certificate
.Ed
.Pp
The first line contains the name of the certificate being verified, followed by
the subject name of the certificate.
The second line contains the error number and the depth.
The depth is the number of the certificate being verified when a
problem was detected starting with zero for the certificate being verified
itself, then 1 for the CA that signed the certificate and so on.
Finally a text version of the error number is presented.
.Pp
An exhaustive list of the error codes and messages is shown below; this also
includes the name of the error code as defined in the header file
.In openssl/x509_vfy.h .
Some of the error codes are defined but never returned: these are described
as
.Qq unused .
.Bl -tag -width "XXXX"
.It Ar "0 X509_V_OK: ok"
The operation was successful.
.It Ar 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
The issuer certificate could not be found: this occurs if the issuer certificate
of an untrusted certificate cannot be found.
.It Ar 3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
The CRL of a certificate could not be found.
.It Ar 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
The certificate signature could not be decrypted.
This means that the actual signature value could not be determined rather
than it not matching the expected value.
This is only meaningful for RSA keys.
.It Ar 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
The CRL signature could not be decrypted: this means that the actual
signature value could not be determined rather than it not matching the
expected value.
Unused.
.It Ar 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
The public key in the certificate
.Em SubjectPublicKeyInfo
could not be read.
.It Ar 7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
The signature of the certificate is invalid.
.It Ar 8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
The signature of the certificate is invalid.
.It Ar 9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
The certificate is not yet valid: the
.Em notBefore
date is after the current time.
.It Ar 10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
The certificate has expired; that is, the
.Em notAfter
date is before the current time.
.It Ar 11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
The CRL is not yet valid.
.It Ar 12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
The CRL has expired.
.It Ar 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
The certificate
.Em notBefore
field contains an invalid time.
.It Ar 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
The certificate
.Em notAfter
field contains an invalid time.
.It Ar 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
The CRL
.Em lastUpdate
field contains an invalid time.
.It Ar 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
The CRL
.Em nextUpdate
field contains an invalid time.
.It Ar 17 X509_V_ERR_OUT_OF_MEM: out of memory
An error occurred trying to allocate memory.
This should never happen.
.It Ar 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
The passed certificate is self-signed and the same certificate cannot be
found in the list of trusted certificates.
.It Ar 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
The certificate chain could be built up using the untrusted certificates but
the root could not be found locally.
.It Ar 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
The issuer certificate of a locally looked up certificate could not be found.
This normally means the list of trusted certificates is not complete.
.It Ar 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
No signatures could be verified because the chain contains only one
certificate and it is not self-signed.
.It Ar 22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
The certificate chain length is greater than the supplied maximum depth.
Unused.
.It Ar 23 X509_V_ERR_CERT_REVOKED: certificate revoked
The certificate has been revoked.
.It Ar 24 X509_V_ERR_INVALID_CA: invalid CA certificate
A CA certificate is invalid.
Either it is not a CA or its extensions are not consistent
with the supplied purpose.
.It Ar 25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
The
.Em basicConstraints
pathlength parameter has been exceeded.
.It Ar 26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
The supplied certificate cannot be used for the specified purpose.
.It Ar 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
The root CA is not marked as trusted for the specified purpose.
.It Ar 28 X509_V_ERR_CERT_REJECTED: certificate rejected
The root CA is marked to reject the specified purpose.
.It Ar 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
The current candidate issuer certificate was rejected because its subject name
did not match the issuer name of the current certificate.
Only displayed when the
.Fl issuer_checks
option is set.
.It Ar 30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
The current candidate issuer certificate was rejected because its subject key
identifier was present and did not match the authority key identifier current
certificate.
Only displayed when the
.Fl issuer_checks
option is set.
.It Ar 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
The current candidate issuer certificate was rejected because its issuer name
and serial number were present and did not match the authority key identifier
of the current certificate.
Only displayed when the
.Fl issuer_checks
option is set.
.It Ar 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
The current candidate issuer certificate was rejected because its
.Em keyUsage
extension does not permit certificate signing.
.It Ar 50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
An application specific error.
Unused.
.El
.Sh VERIFY BUGS
Although the issuer checks are a considerable improvement over the old
technique, they still suffer from limitations in the underlying
X509_LOOKUP API.
One consequence of this is that trusted certificates with matching subject
name must either appear in a file (as specified by the
.Fl CAfile
option) or a directory (as specified by
.Fl CApath ) .
If they occur in both, only the certificates in the file will
be recognised.
.Pp
Previous versions of
.Nm OpenSSL
assumed certificates with matching subject name were identical and
mishandled them.
.\"
.\" VERSION
.\"
.Sh VERSION
.Nm openssl version
.Op Fl abdfopv
.Pp
The
.Nm version
command is used to print out version information about
.Nm OpenSSL .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a
All information: this is the same as setting all the other flags.
.It Fl b
The date the current version of
.Nm OpenSSL
was built.
.It Fl d
.Ev OPENSSLDIR
setting.
.It Fl f
Compilation flags.
.It Fl o
Option information: various options set when the library was built.
.It Fl p
Platform setting.
.It Fl v
The current
.Nm OpenSSL
version.
.El
.Sh VERSION NOTES
The output of
.Nm openssl version -a
would typically be used when sending in a bug report.
.Sh VERSION HISTORY
The
.Fl d
option was added in
.Nm OpenSSL
0.9.7.
.\"
.\" X509
.\"
.Sh X509
.nr nS 1
.Nm "openssl x509"
.Bk -words
.Op Fl C
.Op Fl addreject Ar arg
.Op Fl addtrust Ar arg
.Op Fl alias
.Op Fl CA Ar file
.Op Fl CAcreateserial
.Op Fl CAform Ar DER | PEM
.Op Fl CAkey Ar file
.Op Fl CAkeyform Ar DER | PEM
.Op Fl CAserial Ar file
.Op Fl certopt Ar option
.Op Fl checkend Ar arg
.Op Fl clrext
.Op Fl clrreject
.Op Fl clrtrust
.Op Fl dates
.Op Fl days Ar arg
.Op Fl email
.Op Fl enddate
.Op Fl extensions Ar section
.Op Fl extfile Ar file
.Op Fl fingerprint
.Op Fl hash
.Op Fl in Ar file
.Op Fl inform Ar DER | NET | PEM
.Op Fl issuer
.Op Fl issuer_hash
.Op Fl issuer_hash_old
.Op Fl keyform Ar DER | PEM
.Op Fl md5 | sha1
.Op Fl modulus
.Op Fl nameopt Ar option
.Op Fl noout
.Op Fl ocsp_uri
.Op Fl ocspid
.Op Fl out Ar file
.Op Fl outform Ar DER | NET | PEM
.Op Fl passin Ar arg
.Op Fl pubkey
.Op Fl purpose
.Op Fl req
.Op Fl serial
.Op Fl set_serial Ar n
.Op Fl setalias Ar arg
.Op Fl signkey Ar file
.Op Fl startdate
.Op Fl subject
.Op Fl subject_hash
.Op Fl subject_hash_old
.Op Fl text
.Op Fl trustout
.Op Fl x509toreq
.Ek
.nr nS 0
.Pp
The
.Nm x509
command is a multi-purpose certificate utility.
It can be used to display certificate information, convert certificates to
various forms, sign certificate requests like a
.Qq mini CA ,
or edit certificate trust settings.
.Pp
Since there are a large number of options, they are split up into
various sections.
.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS
.Bl -tag -width "XXXX"
.It Fl in Ar file
This specifies the input
.Ar file
to read a certificate from, or standard input if this option is not specified.
.It Fl inform Ar DER | NET | PEM
This specifies the input format.
Normally, the command will expect an X.509 certificate,
but this can change if other options such as
.Fl req
are present.
The
.Ar DER
format is the DER encoding of the certificate and
.Ar PEM
is the base64 encoding of the DER encoding with header and footer lines added.
The
.Ar NET
option is an obscure Netscape server format that is now
obsolete.
.It Fl md5 | sha1
The digest to use.
This affects any signing or display option that uses a message digest,
such as the
.Fl fingerprint , signkey ,
and
.Fl CA
options.
If not specified, MD5 is used.
If the key being used to sign with is a DSA key,
this option has no effect: SHA1 is always used with DSA keys.
.It Fl out Ar file
This specifies the output
.Ar file
to write to, or standard output by default.
.It Fl outform Ar DER | NET | PEM
This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
The key password source.
.El
.Sh X509 DISPLAY OPTIONS
.Sy Note :
The
.Fl alias
and
.Fl purpose
options are also display options but are described in the
.Sx X509 TRUST SETTINGS
section.
.Bl -tag -width "XXXX"
.It Fl C
This outputs the certificate in the form of a C source file.
.It Fl certopt Ar option
Customise the output format used with
.Fl text .
The
.Ar option
argument can be a single option or multiple options separated by commas.
The
.Fl certopt
switch may also be used more than once to set multiple options.





See the

















.Sx X509 TEXT OPTIONS

section for more information.





















.It Fl dates
Prints out the start and expiry dates of a certificate.
.It Fl email
Outputs the email address(es), if any.
.It Fl enddate
Prints out the expiry date of the certificate; that is, the
.Em notAfter
date.
.It Fl fingerprint
Prints out the digest of the DER-encoded version of the whole certificate
(see
.Sx DIGEST OPTIONS ) .
.It Fl hash
A synonym for
.Fl subject_hash ,
for backwards compatibility.
.It Fl issuer
Outputs the issuer name.
.It Fl issuer_hash
Outputs the
.Qq hash
of the certificate issuer name.
.It Fl issuer_hash_old
Outputs the
.Qq hash
of the certificate issuer name using the older algorithm
as used by
.Nm OpenSSL
versions before 1.0.0.
.It Fl modulus
This option prints out the value of the modulus of the public key
contained in the certificate.
.It Fl nameopt Ar option
Option which determines how the subject or issuer names are displayed.
The
.Ar option
argument can be a single option or multiple options separated by commas.
Alternatively, the
.Fl nameopt




switch may be used more than once to set multiple options.
































See the




.Sx X509 NAME OPTIONS












section for more information.















































































.It Fl noout
This option prevents output of the encoded version of the request.
.It Fl ocsp_uri
Outputs the OCSP responder addresses, if any.
.It Fl ocspid
Print OCSP hash values for the subject name and public key.
.It Fl pubkey
Output the public key.
.It Fl serial
Outputs the certificate serial number.
.It Fl startdate
Prints out the start date of the certificate; that is, the
.Em notBefore
date.
.It Fl subject
Outputs the subject name.
.It Fl subject_hash
Outputs the
.Qq hash
of the certificate subject name.
This is used in
.Nm OpenSSL
to form an index to allow certificates in a directory to be looked up
by subject name.
.It Fl subject_hash_old
Outputs the
.Qq hash
of the certificate subject name using the older algorithm
as used by
.Nm OpenSSL
versions before 1.0.0.
.It Fl text
Prints out the certificate in text form.
Full details are output including the public key, signature algorithms,
issuer and subject names, serial number, any extensions present,
and any trust settings.
.El
.Sh X509 TRUST SETTINGS
Please note these options are currently experimental and may well change.
.Pp
A
.Em trusted certificate
is an ordinary certificate which has several
additional pieces of information attached to it such as the permitted
and prohibited uses of the certificate and an
.Qq alias .
.Pp
Normally, when a certificate is being verified at least one certificate
must be
.Qq trusted .
By default, a trusted certificate must be stored
locally and must be a root CA: any certificate chain ending in this CA
is then usable for any purpose.
.Pp
Trust settings currently are only used with a root CA.
They allow a finer control over the purposes the root CA can be used for.
For example, a CA may be trusted for an SSL client but not for
SSL server use.
.Pp
See the description of the
.Nm verify
utility for more information on the meaning of trust settings.
.Pp
Future versions of
.Nm OpenSSL
will recognize trust settings on any certificate: not just root CAs.
.Bl -tag -width "XXXX"
.It Fl addreject Ar arg
Adds a prohibited use.
It accepts the same values as the
.Fl addtrust
option.
.It Fl addtrust Ar arg
Adds a trusted certificate use.
Any object name can be used here, but currently only
.Ar clientAuth
.Pq SSL client use ,
.Ar serverAuth
.Pq SSL server use ,
and
.Ar emailProtection
.Pq S/MIME email
are used.
Other
.Nm OpenSSL
applications may define additional uses.
.It Fl alias
Outputs the certificate alias, if any.
.It Fl clrreject
Clears all the prohibited or rejected uses of the certificate.
.It Fl clrtrust
Clears all the permitted or trusted uses of the certificate.
.It Fl purpose
This option performs tests on the certificate extensions and outputs











the results.





























For a more complete description, see the






























































.Sx X.509 CERTIFICATE EXTENSIONS







section.














.It Fl setalias Ar arg
Sets the alias of the certificate.
This will allow the certificate to be referred to using a nickname,
for example
.Qq Steve's Certificate .
.It Fl trustout
This causes
.Nm x509
to output a
.Em trusted certificate .

An ordinary or trusted certificate can be input, but by default an ordinary
certificate is output and any trust settings are discarded.
With the
.Fl trustout
option a trusted certificate is output.
A trusted certificate is automatically output if any trust settings
are modified.
.El
.Sh X509 SIGNING OPTIONS

The
.Nm x509
utility can be used to sign certificates and requests: it
can thus behave like a
.Qq mini CA .

.Bl -tag -width "XXXX"
.It Fl CA Ar file
Specifies the CA certificate to be used for signing.
When this option is present,
.Nm x509
behaves like a
.Qq mini CA .
The input file is signed by the CA using this option;
that is, its issuer name is set to the subject name of the CA and it is
digitally signed using the CA's private key.
.Pp
This option is normally combined with the
.Fl req
option.
Without the
.Fl req
option, the input is a certificate which must be self-signed.
.It Fl CAcreateserial
With this option the CA serial number file is created if it does not exist:

it will contain the serial number
.Sq 02
and the certificate being signed will have
.Sq 1
as its serial number.
Normally, if the
.Fl CA
option is specified and the serial number file does not exist, it is an error.
.It Fl CAform Ar DER | PEM
The format of the CA certificate file.
The default is
.Ar PEM .
.It Fl CAkey Ar file
Sets the CA private key to sign a certificate with.
If this option is not specified, it is assumed that the CA private key
is present in the CA certificate file.
.It Fl CAkeyform Ar DER | PEM
The format of the CA private key.
The default is
.Ar PEM .
.It Fl CAserial Ar file
Sets the CA serial number file to use.
.Pp
When the
.Fl CA
option is used to sign a certificate,
it uses a serial number specified in a file.
This file consists of one line containing an even number of hex digits
with the serial number to use.
After each use the serial number is incremented and written out
to the file again.
.Pp
The default filename consists of the CA certificate file base name with
.Pa .srl
appended.







>
|
|
>
|
|
>




<
<
<
<

|


|


|




|

<
<
<
<
|

|

|

|
|
|
|
|
|

|




|
|
|
|

|
<
<
<












<
<
<
<
<

|




|
>

<
>



<
<
|
<
<
|
|
<


|
<








<
<
<
<
<
<
<
<
<
|


<
|
<
|
>
|
|
<
<



|
|
|












|




<
<
<
<
|




|

|






<


|
|
|













|
<


|

|
<
|
|

|

|
|

|
|
|
|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|


|


|


|


|


|


|

|



|

|

|

|

|

|





|






|






|

|

|



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







|







|












|


<
<
<
<
<
<
<
<
<
<
<
<
<



<






|

|















|



|







|















<










|
<
<


|
<
|
|
|




<
<
<
<
<
<
<
<
<









<
|

|
<
|
|
|
<
<



<
|
<
<
<
<
|
<
<


|


|
<
<
|
<

|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|

|

|
|


|
<
<


|
<

|

<
<
|

<
<
|
|
|


|
<

|
<
<
|
<

>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|

|



|

|

|
|


|

<
<
|

|



<
<
|
|
|


|
<
<
<

<
<

<
|
<

|
<
<
|
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<


|
|



|

|
|
|
|

|
|
<
<
<
<

|

|

|

|
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|


<
<
<
|
>


<
<
<
<
<

<
>


|
|
<
>


|


|
<











|
>
|




<
<
<
|


|

|
|
|
|


|

|
|
<
<
|
<
|







5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018




5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032




5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056



5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068





5069
5070
5071
5072
5073
5074
5075
5076
5077

5078
5079
5080
5081


5082


5083
5084

5085
5086
5087

5088
5089
5090
5091
5092
5093
5094
5095









5096
5097
5098

5099

5100
5101
5102
5103


5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126




5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140

5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159

5160
5161
5162
5163
5164

5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275



















5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306













5307
5308
5309

5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361

5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372


5373
5374
5375

5376
5377
5378
5379
5380
5381
5382









5383
5384
5385
5386
5387
5388
5389
5390
5391

5392
5393
5394

5395
5396
5397


5398
5399
5400

5401




5402


5403
5404
5405
5406
5407
5408


5409

5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468


5469
5470
5471

5472
5473
5474


5475
5476


5477
5478
5479
5480
5481
5482

5483
5484


5485

5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638


5639
5640
5641
5642
5643
5644


5645
5646
5647
5648
5649
5650



5651


5652

5653

5654
5655


5656


5657



5658











5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674




5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815



5816
5817
5818
5819





5820

5821
5822
5823
5824
5825

5826
5827
5828
5829
5830
5831
5832

5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850



5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865


5866

5867
5868
5869
5870
5871
5872
5873
5874
The
.Ar file
should contain multiple certificates in PEM format, concatenated together.
.It Fl CApath Ar directory
A
.Ar directory
of trusted certificates.
The certificates, or symbolic links to them,
should have names of the form
.Ar hash Ns .0 ,
where
.Ar hash
is the hashed certificate subject name
(see the
.Fl hash
option of the
.Nm x509
utility).




.It Fl crl_check
Check end entity certificate validity by attempting to look up a valid CRL.
If a valid CRL cannot be found an error occurs.
.It Fl crl_check_all
Check the validity of all certificates in the chain by attempting
to look up valid CRLs.
.It Fl explicit_policy
Set policy variable require-explicit-policy (RFC 3280).
.It Fl extended_crl
Enable extended CRL features such as indirect CRLs and alternate CRL
signing keys.
.It Fl help
Print a usage message.
.It Fl ignore_critical




Ignore critical extensions instead of rejecting the certificate.
.It Fl inhibit_any
Set policy variable inhibit-any-policy (RFC 3280).
.It Fl inhibit_map
Set policy variable inhibit-policy-mapping (RFC 3280).
.It Fl issuer_checks
Print diagnostics relating to searches for the issuer certificate
of the current certificate
showing why each candidate issuer certificate was rejected.
The presence of rejection messages
does not itself imply that anything is wrong:
during the normal verify process several rejections may take place.
.It Fl policy_check
Enable certificate policy processing.
.It Fl purpose Ar purpose
The intended use for the certificate.
Without this option no chain verification will be done.
Currently accepted uses are
.Cm sslclient , sslserver ,
.Cm nssslserver , smimesign ,
.Cm smimeencrypt , crlsign ,
.Cm any ,
and
.Cm ocsphelper .



.It Fl untrusted Ar file
A
.Ar file
of untrusted certificates.
The
.Ar file
should contain multiple certificates.
.It Fl verbose
Print extra information about the operations being performed.
.It Fl x509_strict
Disable workarounds for broken certificates which have to be disabled
for strict X.509 compliance.





.It Ar certificates
One or more PEM
.Ar certificates
to verify.
If no certificate files are included, an attempt is made to read
a certificate from standard input.
If the first certificate filename begins with a dash,
use a lone dash to mark the last option.
.El

.Pp
The
.Nm verify
program uses the same functions as the internal SSL and S/MIME verification,


with one crucial difference:


wherever possible an attempt is made to continue after an error,
whereas normally the verify operation would halt on the first error.

This allows all the problems with a certificate chain to be determined.
.Pp
The verify operation consists of a number of separate steps.

Firstly a certificate chain is built up starting from the supplied certificate
and ending in the root CA.
It is an error if the whole chain cannot be built up.
The chain is built up by looking up the issuer's certificate of the current
certificate.
If a certificate is found which is its own issuer, it is assumed
to be the root CA.
.Pp









All certificates whose subject name matches the issuer name
of the current certificate are subject to further tests.
The relevant authority key identifier components of the current certificate

(if present) must match the subject key identifier (if present)

and issuer and serial number of the candidate issuer;
in addition the
.Cm keyUsage
extension of the candidate issuer (if present) must permit certificate signing.


.Pp
The lookup first looks in the list of untrusted certificates and if no match
is found the remaining lookups are from the trusted certificates.
The root CA is always looked up in the trusted certificate list:
if the certificate to verify is a root certificate,
then an exact match must be found in the trusted list.
.Pp
The second operation is to check every untrusted certificate's extensions for
consistency with the supplied purpose.
If the
.Fl purpose
option is not included, then no checks are done.
The supplied or
.Qq leaf
certificate must have extensions compatible with the supplied purpose
and all other certificates must also be valid CA certificates.
The precise extensions required are described in more detail in
the
.Nm X509
section below.
.Pp
The third operation is to check the trust settings on the root CA.
The root CA should be trusted for the supplied purpose.




A certificate with no trust settings is considered to be valid for
all purposes.
.Pp
The final operation is to check the validity of the certificate chain.
The validity period is checked against the current system time and the
.Cm notBefore
and
.Cm notAfter
dates in the certificate.
The certificate signatures are also checked at this point.
.Pp
If all operations complete successfully, the certificate is considered
valid.
If any operation fails then the certificate is not valid.

When a verify operation fails, the output messages can be somewhat cryptic.
The general form of the error message is:
.Bd -literal
server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
error 24 at 1 depth lookup:invalid CA certificate
.Ed
.Pp
The first line contains the name of the certificate being verified, followed by
the subject name of the certificate.
The second line contains the error number and the depth.
The depth is the number of the certificate being verified when a
problem was detected starting with zero for the certificate being verified
itself, then 1 for the CA that signed the certificate and so on.
Finally a text version of the error number is presented.
.Pp
An exhaustive list of the error codes and messages is shown below; this also
includes the name of the error code as defined in the header file
.In openssl/x509_vfy.h .
Some of the error codes are defined but never returned: these are described as

.Qq unused .
.Bl -tag -width "XXXX"
.It 0 X509_V_OK
The operation was successful.
.It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT

The issuer certificate of an untrusted certificate could not be found.
.It 3 X509_V_ERR_UNABLE_TO_GET_CRL
The CRL of a certificate could not be found.
.It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
The certificate signature could not be decrypted.
This means that the actual signature value could not be determined
rather than it not matching the expected value.
This is only meaningful for RSA keys.
.It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
The CRL signature could not be decrypted.
This means that the actual signature value could not be determined
rather than it not matching the expected value.
Unused.
.It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
The public key in the certificate
.Cm SubjectPublicKeyInfo
could not be read.
.It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
The signature of the certificate is invalid.
.It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
The signature of the certificate is invalid.
.It 9 X509_V_ERR_CERT_NOT_YET_VALID
The certificate is not yet valid: the
.Cm notBefore
date is after the current time.
.It 10 X509_V_ERR_CERT_HAS_EXPIRED
The certificate has expired; that is, the
.Cm notAfter
date is before the current time.
.It 11 X509_V_ERR_CRL_NOT_YET_VALID
The CRL is not yet valid.
.It 12 X509_V_ERR_CRL_HAS_EXPIRED
The CRL has expired.
.It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
The certificate
.Cm notBefore
field contains an invalid time.
.It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
The certificate
.Cm notAfter
field contains an invalid time.
.It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
The CRL
.Cm lastUpdate
field contains an invalid time.
.It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
The CRL
.Cm nextUpdate
field contains an invalid time.
.It 17 X509_V_ERR_OUT_OF_MEM
An error occurred trying to allocate memory.
This should never happen.
.It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
The passed certificate is self-signed and the same certificate cannot be
found in the list of trusted certificates.
.It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
The certificate chain could be built up using the untrusted certificates but
the root could not be found locally.
.It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
The issuer certificate of a locally looked up certificate could not be found.
This normally means the list of trusted certificates is not complete.
.It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
No signatures could be verified because the chain contains only one
certificate and it is not self-signed.
.It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
The certificate chain length is greater than the supplied maximum depth.
Unused.
.It 23 X509_V_ERR_CERT_REVOKED
The certificate has been revoked.
.It 24 X509_V_ERR_INVALID_CA
A CA certificate is invalid.
Either it is not a CA or its extensions are not consistent
with the supplied purpose.
.It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
The
.Cm basicConstraints
pathlength parameter has been exceeded.
.It 26 X509_V_ERR_INVALID_PURPOSE
The supplied certificate cannot be used for the specified purpose.
.It 27 X509_V_ERR_CERT_UNTRUSTED
The root CA is not marked as trusted for the specified purpose.
.It 28 X509_V_ERR_CERT_REJECTED
The root CA is marked to reject the specified purpose.
.It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
The current candidate issuer certificate was rejected because its subject name
did not match the issuer name of the current certificate.
Only displayed when the
.Fl issuer_checks
option is set.
.It 30 X509_V_ERR_AKID_SKID_MISMATCH
The current candidate issuer certificate was rejected because its subject key
identifier was present and did not match the authority key identifier current
certificate.
Only displayed when the
.Fl issuer_checks
option is set.
.It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
The current candidate issuer certificate was rejected because its issuer name
and serial number were present and did not match the authority key identifier
of the current certificate.
Only displayed when the
.Fl issuer_checks
option is set.
.It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
The current candidate issuer certificate was rejected because its
.Cm keyUsage
extension does not permit certificate signing.
.It 50 X509_V_ERR_APPLICATION_VERIFICATION
An application specific error.
Unused.
.El



















.Sh VERSION
.Nm openssl version
.Op Fl abdfopv
.Pp
The
.Nm version
command is used to print out version information about
.Nm openssl .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a
All information: this is the same as setting all the other flags.
.It Fl b
The date the current version of
.Nm openssl
was built.
.It Fl d
.Ev OPENSSLDIR
setting.
.It Fl f
Compilation flags.
.It Fl o
Option information: various options set when the library was built.
.It Fl p
Platform setting.
.It Fl v
The current
.Nm openssl
version.
.El













.Sh X509
.nr nS 1
.Nm "openssl x509"

.Op Fl C
.Op Fl addreject Ar arg
.Op Fl addtrust Ar arg
.Op Fl alias
.Op Fl CA Ar file
.Op Fl CAcreateserial
.Op Fl CAform Cm der | pem
.Op Fl CAkey Ar file
.Op Fl CAkeyform Cm der | pem
.Op Fl CAserial Ar file
.Op Fl certopt Ar option
.Op Fl checkend Ar arg
.Op Fl clrext
.Op Fl clrreject
.Op Fl clrtrust
.Op Fl dates
.Op Fl days Ar arg
.Op Fl email
.Op Fl enddate
.Op Fl extensions Ar section
.Op Fl extfile Ar file
.Op Fl fingerprint
.Op Fl hash
.Op Fl in Ar file
.Op Fl inform Cm der | net | pem
.Op Fl issuer
.Op Fl issuer_hash
.Op Fl issuer_hash_old
.Op Fl keyform Cm der | pem
.Op Fl md5 | sha1
.Op Fl modulus
.Op Fl nameopt Ar option
.Op Fl noout
.Op Fl ocsp_uri
.Op Fl ocspid
.Op Fl out Ar file
.Op Fl outform Cm der | net | pem
.Op Fl passin Ar arg
.Op Fl pubkey
.Op Fl purpose
.Op Fl req
.Op Fl serial
.Op Fl set_serial Ar n
.Op Fl setalias Ar arg
.Op Fl signkey Ar file
.Op Fl startdate
.Op Fl subject
.Op Fl subject_hash
.Op Fl subject_hash_old
.Op Fl text
.Op Fl trustout
.Op Fl x509toreq

.nr nS 0
.Pp
The
.Nm x509
command is a multi-purpose certificate utility.
It can be used to display certificate information, convert certificates to
various forms, sign certificate requests like a
.Qq mini CA ,
or edit certificate trust settings.
.Pp
The following are x509 input, output, and general purpose options:


.Bl -tag -width "XXXX"
.It Fl in Ar file
The input file to read from,

or standard input if not specified.
.It Fl inform Cm der | net | pem
The input format.
Normally, the command will expect an X.509 certificate,
but this can change if other options such as
.Fl req
are present.









.It Fl md5 | sha1
The digest to use.
This affects any signing or display option that uses a message digest,
such as the
.Fl fingerprint , signkey ,
and
.Fl CA
options.
If not specified, MD5 is used.

SHA1 is always used with DSA keys.
.It Fl out Ar file
The output file to write to,

or standard output if none is specified.
.It Fl outform Cm der | net | pem
The output format.


.It Fl passin Ar arg
The key password source.
.El

.Pp




The following are x509 display options:


.Bl -tag -width "XXXX"
.It Fl C
Output the certificate in the form of a C source file.
.It Fl certopt Ar option
Customise the output format used with
.Fl text ,


either using a list of comma-separated options or by specifying

.Fl certopt
multiple times.
The default behaviour is to print all fields.
The options are as follows:
.Pp
.Bl -tag -width "no_extensions" -offset indent -compact
.It Cm ca_default
Equivalent to
.Cm no_issuer , no_pubkey , no_header ,
.Cm no_version , no_sigdump ,
and
.Cm no_signame .
.It Cm compatible
Equivalent to no output options at all.
.It Cm ext_default
Print unsupported certificate extensions.
.It Cm ext_dump
Hex dump unsupported extensions.
.It Cm ext_error
Print an error message for unsupported certificate extensions.
.It Cm ext_parse
ASN.1 parse unsupported extensions.
.It Cm no_aux
Do not print certificate trust information.
.It Cm no_extensions
Do not print X509V3 extensions.
.It Cm no_header
Do not print header (Certificate and Data) information.
.It Cm no_issuer
Do not print the issuer name.
.It Cm no_pubkey
Do not print the public key.
.It Cm no_serial
Do not print the serial number.
.It Cm no_sigdump
Do not give a hexadecimal dump of the certificate signature.
.It Cm no_signame
Do not print the signature algorithm used.
.It Cm no_subject
Do not print the subject name.
.It Cm no_validity
Do not print the
.Cm notBefore
and
.Cm notAfter
(validity) fields.
.It Cm no_version
Do not print the version number.
.El
.It Fl dates
Print the start and expiry date of a certificate.
.It Fl email
Output the email addresses, if any.
.It Fl enddate
Print the expiry date of the certificate; that is, the
.Cm notAfter
date.
.It Fl fingerprint
Print the digest of the DER-encoded version of the whole certificate.


.It Fl hash
A synonym for
.Fl subject_hash .

.It Fl issuer
Print the issuer name.
.It Fl issuer_hash


Print the hash of the certificate issuer name.
.It Fl issuer_hash_old


Print the hash of the certificate issuer name
using the older algorithm as used by
.Nm openssl
versions before 1.0.0.
.It Fl modulus
Print the value of the modulus of the public key contained in the certificate.

.It Fl nameopt Ar option
Customise how the subject or issuer names are displayed,


either using a list of comma-separated options or by specifying

.Fl nameopt
multiple times.
The default behaviour is to use the
.Cm oneline
format.
The options,
which can be preceded by a dash to turn them off,
are as follows:
.Bl -tag -width "XXXX"
.It Cm align
Align field values for a more readable output.
Only usable with
.Ar sep_multiline .
.It Cm compat
Use the old format,
equivalent to specifying no options at all.
.It Cm dn_rev
Reverse the fields of the DN, as required by RFC 2253.
As a side effect, this also reverses the order of multiple AVAs.
.It Cm dump_all
Dump all fields.
When used with
.Ar dump_der ,
it allows the DER encoding of the structure to be unambiguously determined.
.It Cm dump_der
Any fields that need to be hexdumped are
dumped using the DER encoding of the field.
Otherwise just the content octets will be displayed.
Both options use the RFC 2253 #XXXX... format.
.It Cm dump_nostr
Dump non-character string types
(for example OCTET STRING);
usually, non-character string types are displayed
as though each content octet represents a single character.
.It Cm dump_unknown
Dump any field whose OID is not recognised by
.Nm openssl .
.It Cm esc_2253
Escape the
.Qq special
characters required by RFC 2253 in a field that is
.Dq \& ,+"<>; .
Additionally,
.Sq #
is escaped at the beginning of a string
and a space character at the beginning or end of a string.
.It Cm esc_ctrl
Escape control characters.
That is, those with ASCII values less than 0x20 (space)
and the delete (0x7f) character.
They are escaped using the RFC 2253 \eXX notation (where XX are two hex
digits representing the character value).
.It Cm esc_msb
Escape characters with the MSB set; that is, with ASCII values larger than
127.
.It Cm multiline
A multiline format.
Equivalent to
.Cm esc_ctrl , esc_msb , sep_multiline ,
.Cm space_eq , lname ,
and
.Cm align .
.It Cm no_type
Do not attempt to interpret multibyte characters.
That is, content octets are merely dumped as though one octet
represents each character.
This is useful for diagnostic purposes
but results in rather odd looking output.
.It Cm nofname , sname , lname , oid
Alter how the field name is displayed:
.Cm nofname
does not display the field at all;
.Cm sname
uses the short name form (CN for
.Cm commonName ,
for example);
.Cm lname
uses the long form.
.Cm oid
represents the OID in numerical form and is useful for diagnostic purpose.
.It Cm oneline
A one line format which is more readable than
.Cm RFC2253 .
Equivalent to
.Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
.Cm space_eq ,
and
.Cm sname .
.It Cm RFC2253
Displays names compatible with RFC 2253.
Equivalent to
.Cm esc_2253 , esc_ctrl ,
.Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
.Cm dump_der , sep_comma_plus , dn_rev ,
and
.Cm sname .
.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
Determine the field separators:
the first character is between RDNs and the second between multiple AVAs
(multiple AVAs are very rare and their use is discouraged).
The options ending in
.Qq space
additionally place a space after the separator to make it more readable.
.Cm sep_multiline
uses a linefeed character for the RDN separator and a spaced
.Sq +
for the AVA separator,
as well as indenting the fields by four characters.
.It Cm show_type
Show the type of the ASN.1 character string.
The type precedes the field contents.
For example
.Qq BMPSTRING: Hello World .
.It Cm space_eq
Place spaces round the
.Sq =
character which follows the field name.
.It Cm use_quote
Escape some characters by surrounding the whole string with
.Sq \&"
characters.
Without the option, all escaping is done with the
.Sq \e
character.
.It Cm utf8
Convert all strings to UTF8 format first, as required by RFC 2253.
On a UTF8 compatible terminal,
the use of this option (and not setting
.Cm esc_msb )
may result in the correct display of multibyte characters.
Usually, multibyte characters larger than 0xff
are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
for 32 bits,
and any UTF8Strings are converted to their character form first.
.El
.It Fl noout
Do not output the encoded version of the request.
.It Fl ocsp_uri
Print the OCSP responder addresses, if any.
.It Fl ocspid
Print OCSP hash values for the subject name and public key.
.It Fl pubkey
Print the public key.
.It Fl serial
Print the certificate serial number.
.It Fl startdate
Print the start date of the certificate; that is, the
.Cm notBefore
date.
.It Fl subject
Print the subject name.
.It Fl subject_hash


Print the hash of the certificate subject name.
This is used in
.Nm openssl
to form an index to allow certificates in a directory to be looked up
by subject name.
.It Fl subject_hash_old


Print the hash of the certificate subject name
using the older algorithm as used by
.Nm openssl
versions before 1.0.0.
.It Fl text
Print the full certificate in text form.



.El


.Pp

A trusted certificate is a certificate which has several

additional pieces of information attached to it such as the permitted
and prohibited uses of the certificate and an alias.


When a certificate is being verified at least one certificate must be trusted.


By default, a trusted certificate must be stored locally and be a root CA.



The following are x509 trust settings options:











.Bl -tag -width "XXXX"
.It Fl addreject Ar arg
Add a prohibited use.
Accepts the same values as the
.Fl addtrust
option.
.It Fl addtrust Ar arg
Add a trusted certificate use.
Any object name can be used here, but currently only
.Cm clientAuth
(SSL client use),
.Cm serverAuth
(SSL server use),
and
.Cm emailProtection
(S/MIME email) are used.




.It Fl alias
Output the certificate alias.
.It Fl clrreject
Clear all the prohibited or rejected uses of the certificate.
.It Fl clrtrust
Clear all the permitted or trusted uses of the certificate.
.It Fl purpose
Perform tests on the certificate extensions.
The same code is used when verifying untrusted certificates in chains,
so this section is useful if a chain is rejected by the verify code.
.Pp
The
.Cm basicConstraints
extension CA flag is used to determine whether the
certificate can be used as a CA.
If the CA flag is true, it is a CA;
if the CA flag is false, it is not a CA.
All CAs should have the CA flag set to true.
.Pp
If the
.Cm basicConstraints
extension is absent, then the certificate is
considered to be a possible CA;
other extensions are checked according to the intended use of the certificate.
A warning is given in this case because the certificate should really not
be regarded as a CA.
However it is allowed to be a CA to work around some broken software.
.Pp
If the certificate is a V1 certificate
(and thus has no extensions) and it is self-signed,
it is also assumed to be a CA but a warning is again given.
This is to work around the problem of Verisign roots
which are V1 self-signed certificates.
.Pp
If the
.Cm keyUsage
extension is present, then additional restraints are
made on the uses of the certificate.
A CA certificate must have the
.Cm keyCertSign
bit set if the
.Cm keyUsage
extension is present.
.Pp
The extended key usage extension places additional restrictions on the
certificate uses.
If this extension is present, whether critical or not,
the key can only be used for the purposes specified.
.Pp
A complete description of each test is given below.
The comments about
.Cm basicConstraints
and
.Cm keyUsage
and V1 certificates above apply to all CA certificates.
.Bl -tag -width "XXXX"
.It SSL Client
The extended key usage extension must be absent or include the
web client authentication OID.
.Cm keyUsage
must be absent or it must have the
.Cm digitalSignature
bit set.
The Netscape certificate type must be absent
or it must have the SSL client bit set.
.It SSL Client CA
The extended key usage extension must be absent or include the
web client authentication OID.
The Netscape certificate type must be absent
or it must have the SSL CA bit set:
this is used as a workaround if the
.Cm basicConstraints
extension is absent.
.It SSL Server
The extended key usage extension must be absent or include the
web server authentication and/or one of the SGC OIDs.
.Cm keyUsage
must be absent or it must have the
.Cm digitalSignature
set, the
.Cm keyEncipherment
set, or both bits set.
The Netscape certificate type must be absent or have the SSL server bit set.
.It SSL Server CA
The extended key usage extension must be absent or include the
web server authentication and/or one of the SGC OIDs.
The Netscape certificate type must be absent or the SSL CA bit must be set:
this is used as a workaround if the
.Cm basicConstraints
extension is absent.
.It Netscape SSL Server
For Netscape SSL clients to connect to an SSL server; it must have the
.Cm keyEncipherment
bit set if the
.Cm keyUsage
extension is present.
This isn't always valid because some cipher suites use the key for
digital signing.
Otherwise it is the same as a normal SSL server.
.It Common S/MIME Client Tests
The extended key usage extension must be absent or include the
email protection OID.
The Netscape certificate type must be absent or should have the S/MIME bit set.
If the S/MIME bit is not set in Netscape certificate type, then the SSL
client bit is tolerated as an alternative but a warning is shown:
this is because some Verisign certificates don't set the S/MIME bit.
.It S/MIME Signing
In addition to the common S/MIME client tests, the
.Cm digitalSignature
bit must be set if the
.Cm keyUsage
extension is present.
.It S/MIME Encryption
In addition to the common S/MIME tests, the
.Cm keyEncipherment
bit must be set if the
.Cm keyUsage
extension is present.
.It S/MIME CA
The extended key usage extension must be absent or include the
email protection OID.
The Netscape certificate type must be absent
or must have the S/MIME CA bit set:
this is used as a workaround if the
.Cm basicConstraints
extension is absent.
.It CRL Signing
The
.Cm keyUsage
extension must be absent or it must have the CRL signing bit set.
.It CRL Signing CA
The normal CA tests apply, except the
.Cm basicConstraints
extension must be present.
.El
.It Fl setalias Ar arg
Set the alias of the certificate,
allowing the certificate to be referred to using a nickname,
such as
.Qq Steve's Certificate .
.It Fl trustout



Output a trusted certificate
(the default if any trust settings are modified).
An ordinary or trusted certificate can be input, but by default an ordinary
certificate is output and any trust settings are discarded.





.El

.Pp
The
.Nm x509
utility can be used to sign certificates and requests:
it can thus behave like a mini CA.

The following are x509 signing options:
.Bl -tag -width "XXXX"
.It Fl CA Ar file
The CA certificate to be used for signing.
When this option is present,
.Nm x509
behaves like a mini CA.

The input file is signed by the CA using this option;
that is, its issuer name is set to the subject name of the CA and it is
digitally signed using the CA's private key.
.Pp
This option is normally combined with the
.Fl req
option.
Without the
.Fl req
option, the input is a certificate which must be self-signed.
.It Fl CAcreateserial
Create the CA serial number file if it does not exist
instead of generating an error.
The file will contain the serial number
.Sq 02
and the certificate being signed will have
.Sq 1
as its serial number.



.It Fl CAform Cm der | pem
The format of the CA certificate file.
The default is
.Cm pem .
.It Fl CAkey Ar file
Set the CA private key to sign a certificate with.
Otherwise it is assumed that the CA private key is present
in the CA certificate file.
.It Fl CAkeyform Cm der | pem
The format of the CA private key.
The default is
.Cm pem .
.It Fl CAserial Ar file
Use the serial number in
.Ar file


to sign a certificate.

The file should consist of one line containing an even number of hex digits
with the serial number to use.
After each use the serial number is incremented and written out
to the file again.
.Pp
The default filename consists of the CA certificate file base name with
.Pa .srl
appended.
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402

8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
8579
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
8605
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
8741
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
8818
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
certificate (for example with the
.Fl signkey
or the
.Fl CA
options).
Normally, all extensions are retained.
.It Fl days Ar arg
Specifies the number of days to make a certificate valid for.
The default is 30 days.
.It Fl extensions Ar section
The section to add certificate extensions from.
If this option is not specified, the extensions should either be
contained in the unnamed
.Pq default
section or the default section should contain a variable called
.Qq extensions
which contains the section to use.
.It Fl extfile Ar file
File containing certificate extensions to use.
If not specified, no extensions are added to the certificate.
.It Fl keyform Ar DER | PEM
Specifies the format
.Pq DER or PEM
of the private key file used in the
.Fl signkey
option.
.It Fl req
By default, a certificate is expected on input.
With this option a certificate request is expected instead.
.It Fl set_serial Ar n
Specifies the serial number to use.
This option can be used with either the
.Fl signkey
or
.Fl CA
options.
If used in conjunction with the
.Fl CA
option, the serial number file (as specified by the
.Fl CAserial
or
.Fl CAcreateserial
options) is not used.
.Pp
The serial number can be decimal or hex (if preceded by
.Sq 0x ) .
Negative serial numbers can also be specified but their use is not recommended.
.It Fl signkey Ar file
This option causes the input file to be self-signed using the supplied

private key.
.Pp
If the input file is a certificate, it sets the issuer name to the
subject name
.Pq i.e. makes it self-signed ,
changes the public key to the supplied value,
and changes the start and end dates.
The start date is set to the current time and the end date is set to
a value determined by the
.Fl days
option.
Any certificate extensions are retained unless the
.Fl clrext
option is supplied.
.Pp
If the input is a certificate request, a self-signed certificate
is created using the supplied private key using the subject name in
the request.
.It Fl x509toreq
Converts a certificate into a certificate request.
The
.Fl signkey
option is used to pass the required private key.
.El
.Sh X509 NAME OPTIONS
The
.Fl nameopt
command line switch determines how the subject and issuer
names are displayed.
If no
.Fl nameopt
switch is present, the default
.Qq oneline
format is used which is compatible with previous versions of
.Nm OpenSSL .
Each option is described in detail below; all options can be preceded by a
.Sq -
to turn the option off.
Only
.Ar compat ,
.Ar RFC2253 ,
.Ar oneline ,
and
.Ar multiline
will normally be used.
.Bl -tag -width "XXXX"
.It Ar align
Align field values for a more readable output.
Only usable with
.Ar sep_multiline .
.It Ar compat
Use the old format.
This is equivalent to specifying no name options at all.
.It Ar dn_rev
Reverse the fields of the DN.
This is required by RFC 2253.
As a side effect, this also reverses the order of multiple AVAs but this is
permissible.
.It Ar dump_all
Dump all fields.
This option, when used with
.Ar dump_der ,
allows the DER encoding of the structure to be unambiguously determined.
.It Ar dump_der
When this option is set, any fields that need to be hexdumped will
be dumped using the DER encoding of the field.
Otherwise just the content octets will be displayed.
Both options use the RFC 2253 #XXXX... format.
.It Ar dump_nostr
Dump non-character string types
.Pq for example OCTET STRING ;
if this option is not set, non-character string types will be displayed
as though each content octet represents a single character.
.It Ar dump_unknown
Dump any field whose OID is not recognised by
.Nm OpenSSL .
.It Ar esc_2253
Escape the
.Qq special
characters required by RFC 2253 in a field that is
.Dq \& ,+"\*(Lt\*(Gt; .
Additionally,
.Sq #
is escaped at the beginning of a string
and a space character at the beginning or end of a string.
.It Ar esc_ctrl
Escape control characters.
That is, those with ASCII values less than 0x20
.Pq space
and the delete
.Pq 0x7f
character.
They are escaped using the RFC 2253 \eXX notation (where XX are two hex
digits representing the character value).
.It Ar esc_msb
Escape characters with the MSB set; that is, with ASCII values larger than
127.
.It Ar multiline
A multiline format.
It is equivalent to
.Ar esc_ctrl , esc_msb , sep_multiline ,
.Ar space_eq , lname ,
and
.Ar align .
.It Ar no_type
This option does not attempt to interpret multibyte characters in any
way.
That is, their content octets are merely dumped as though one octet
represents each character.
This is useful for diagnostic purposes but will result in rather odd
looking output.
.It Ar nofname , sname , lname , oid
These options alter how the field name is displayed.
.Ar nofname
does not display the field at all.
.Ar sname
uses the
.Qq short name
form (CN for
.Ar commonName ,
for example).
.Ar lname
uses the long form.
.Ar oid
represents the OID in numerical form and is useful for diagnostic purpose.
.It Ar oneline
A oneline format which is more readable than
.Ar RFC2253 .
It is equivalent to specifying the
.Ar esc_2253 , esc_ctrl , esc_msb , utf8 ,
.Ar dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
.Ar space_eq ,
and
.Ar sname
options.
.It Ar RFC2253
Displays names compatible with RFC 2253; equivalent to
.Ar esc_2253 , esc_ctrl ,
.Ar esc_msb , utf8 , dump_nostr , dump_unknown ,
.Ar dump_der , sep_comma_plus , dn_rev ,
and
.Ar sname .
.It Ar sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
These options determine the field separators.
The first character is between RDNs and the second between multiple AVAs
(multiple AVAs are very rare and their use is discouraged).
The options ending in
.Qq space
additionally place a space after the separator to make it more readable.
The
.Ar sep_multiline
uses a linefeed character for the RDN separator and a spaced
.Sq +
for the AVA separator.
It also indents the fields by four characters.
.It Ar show_type
Show the type of the ASN1 character string.
The type precedes the field contents.
For example
.Qq BMPSTRING: Hello World .
.It Ar space_eq
Places spaces round the
.Sq =
character which follows the field name.
.It Ar use_quote
Escapes some characters by surrounding the whole string with
.Sq \&"
characters.
Without the option, all escaping is done with the
.Sq \e
character.
.It Ar utf8
Convert all strings to UTF8 format first.
This is required by RFC 2253.
If you are lucky enough to have a UTF8 compatible terminal,
the use of this option (and
.Em not
setting
.Ar esc_msb )
may result in the correct display of multibyte
.Pq international
characters.
If this option is not present, multibyte characters larger than 0xff
will be represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
for 32 bits.
Also, if this option is off, any UTF8Strings will be converted to their
character form first.
.El
.Sh X509 TEXT OPTIONS
As well as customising the name output format, it is also possible to
customise the actual fields printed using the
.Fl certopt
options when the
.Fl text
option is present.
The default behaviour is to print all fields.
.Bl -tag -width "XXXX"
.It Ar ca_default
The value used by the
.Nm ca
utility; equivalent to
.Ar no_issuer , no_pubkey , no_header ,
.Ar no_version , no_sigdump ,
and
.Ar no_signame .
.It Ar compatible
Use the old format.
This is equivalent to specifying no output options at all.
.It Ar ext_default
Retain default extension behaviour: attempt to print out unsupported
certificate extensions.
.It Ar ext_dump
Hex dump unsupported extensions.
.It Ar ext_error
Print an error message for unsupported certificate extensions.
.It Ar ext_parse
ASN1 parse unsupported extensions.
.It Ar no_aux
Don't print out certificate trust information.
.It Ar no_extensions
Don't print out any X509V3 extensions.
.It Ar no_header
Don't print header information: that is, the lines saying
.Qq Certificate
and
.Qq Data .
.It Ar no_issuer
Don't print out the issuer name.
.It Ar no_pubkey
Don't print out the public key.
.It Ar no_serial
Don't print out the serial number.
.It Ar no_sigdump
Don't give a hexadecimal dump of the certificate signature.
.It Ar no_signame
Don't print out the signature algorithm used.
.It Ar no_subject
Don't print out the subject name.
.It Ar no_validity
Don't print the validity; that is, the
.Em notBefore
and
.Em notAfter
fields.
.It Ar no_version
Don't print out the version number.
.El
.Sh X509 EXAMPLES
Display the contents of a certificate:
.Pp
.Dl $ openssl x509 -in cert.pem -noout -text
.Pp
Display the certificate serial number:
.Pp
.Dl $ openssl x509 -in cert.pem -noout -serial
.Pp
Display the certificate subject name:
.Pp
.Dl $ openssl x509 -in cert.pem -noout -subject
.Pp
Display the certificate subject name in RFC 2253 form:
.Pp
.Dl $ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
.Pp
Display the certificate subject name in oneline form on a terminal
supporting UTF8:
.Bd -literal -offset indent
$ openssl x509 -in cert.pem -noout -subject \e
	-nameopt oneline,-esc_msb
.Ed
.Pp
Display the certificate MD5 fingerprint:
.Pp
.Dl $ openssl x509 -in cert.pem -noout -fingerprint
.Pp
Display the certificate SHA1 fingerprint:
.Pp
.Dl $ openssl x509 -sha1 -in cert.pem -noout -fingerprint
.Pp
Convert a certificate from PEM to DER format:
.Pp
.Dl "$ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER"
.Pp
Convert a certificate to a certificate request:
.Bd -literal -offset indent
$ openssl x509 -x509toreq -in cert.pem -out req.pem \e
	-signkey key.pem
.Ed
.Pp
Convert a certificate request into a self-signed certificate using
extensions for a CA:
.Bd -literal -offset indent
$ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions \e
	v3_ca -signkey key.pem -out cacert.pem
.Ed
.Pp
Sign a certificate request using the CA certificate above and add user
certificate extensions:
.Bd -literal -offset indent
$ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions \e
	v3_usr -CA cacert.pem -CAkey key.pem -CAcreateserial
.Ed
.Pp
Set a certificate to be trusted for SSL
client use and set its alias to
.Qq Steve's Class 1 CA :
.Bd -literal -offset indent
$ openssl x509 -in cert.pem -addtrust clientAuth \e
	-setalias "Steve's Class 1 CA" -out trust.pem
.Ed
.Sh X509 NOTES
The PEM format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
.Ed
.Pp
It will also handle files containing:
.Bd -unfilled -offset indent
-----BEGIN X509 CERTIFICATE-----
-----END X509 CERTIFICATE-----
.Ed
.Pp
Trusted certificates have the lines:
.Bd -unfilled -offset indent
-----BEGIN TRUSTED CERTIFICATE-----
-----END TRUSTED CERTIFICATE-----
.Ed
.Pp
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO 8859-1 character set.
This is wrong, but Netscape and MSIE do this, as do many certificates.
So although this is incorrect
it is more likely to display the majority of certificates correctly.
.Pp
The
.Fl fingerprint
option takes the digest of the DER-encoded certificate.
This is commonly called a
.Qq fingerprint .
Because of the nature of message digests, the fingerprint of a certificate
is unique to that certificate and two certificates with the same fingerprint
can be considered to be the same.
.Pp
The Netscape fingerprint uses MD5, whereas MSIE uses SHA1.
.Pp
The
.Fl email
option searches the subject name and the subject alternative
name extension.
Only unique email addresses will be printed out: it will
not print the same address more than once.
.Sh X.509 CERTIFICATE EXTENSIONS
The
.Fl purpose
option checks the certificate extensions and determines
what the certificate can be used for.
The actual checks done are rather
complex and include various hacks and workarounds to handle broken
certificates and software.
.Pp
The same code is used when verifying untrusted certificates in chains,
so this section is useful if a chain is rejected by the verify code.
.Pp
The
.Em basicConstraints
extension CA flag is used to determine whether the
certificate can be used as a CA.
If the CA flag is true, it is a CA;
if the CA flag is false, it is not a CA.
.Em All
CAs should have the CA flag set to true.
.Pp
If the
.Em basicConstraints
extension is absent, then the certificate is
considered to be a
.Qq possible CA ;
other extensions are checked according to the intended use of the certificate.
A warning is given in this case because the certificate should really not
be regarded as a CA: however,
it is allowed to be a CA to work around some broken software.
.Pp
If the certificate is a V1 certificate
.Pq and thus has no extensions
and it is self-signed, it is also assumed to be a CA but a warning is again
given: this is to work around the problem of Verisign roots which are V1
self-signed certificates.
.Pp
If the
.Em keyUsage
extension is present, then additional restraints are
made on the uses of the certificate.
A CA certificate
.Em must
have the
.Em keyCertSign
bit set if the
.Em keyUsage
extension is present.
.Pp
The extended key usage extension places additional restrictions on the
certificate uses.
If this extension is present
.Pq whether critical or not ,
the key can only be used for the purposes specified.
.Pp
A complete description of each test is given below.
The comments about
.Em basicConstraints
and
.Em keyUsage
and V1 certificates above apply to
.Em all
CA certificates.
.Bl -tag -width "XXXX"
.It Ar SSL Client
The extended key usage extension must be absent or include the
.Qq web client authentication
OID.
.Ar keyUsage
must be absent or it must have the
.Em digitalSignature
bit set.
Netscape certificate type must be absent or it must have the SSL
client bit set.
.It Ar SSL Client CA
The extended key usage extension must be absent or include the
.Qq web client authentication
OID.
Netscape certificate type must be absent or it must have the SSL CA
bit set: this is used as a work around if the
.Em basicConstraints
extension is absent.
.It Ar SSL Server
The extended key usage extension must be absent or include the
.Qq web server authentication
and/or one of the SGC OIDs.
.Em keyUsage
must be absent or it must have the
.Em digitalSignature
set, the
.Em keyEncipherment
set, or both bits set.
Netscape certificate type must be absent or have the SSL server bit set.
.It Ar SSL Server CA
The extended key usage extension must be absent or include the
.Qq web server authentication
and/or one of the SGC OIDs.
Netscape certificate type must be absent or the SSL CA
bit must be set: this is used as a work around if the
.Em basicConstraints
extension is absent.
.It Ar Netscape SSL Server
For Netscape SSL clients to connect to an SSL server; it must have the
.Em keyEncipherment
bit set if the
.Em keyUsage
extension is present.
This isn't always valid because some cipher suites use the key for
digital signing.
Otherwise it is the same as a normal SSL server.
.It Ar Common S/MIME Client Tests
The extended key usage extension must be absent or include the
.Qq email protection
OID.
Netscape certificate type must be absent or should have the
.Em S/MIME
bit set.
If the
.Em S/MIME
bit is not set in Netscape certificate type, then the SSL
client bit is tolerated as an alternative but a warning is shown:
this is because some Verisign certificates don't set the
.Em S/MIME
bit.
.It Ar S/MIME Signing
In addition to the common
.Em S/MIME
client tests, the
.Em digitalSignature
bit must be set if the
.Em keyUsage
extension is present.
.It Ar S/MIME Encryption
In addition to the common
.Em S/MIME
tests, the
.Em keyEncipherment
bit must be set if the
.Em keyUsage
extension is present.
.It Ar S/MIME CA
The extended key usage extension must be absent or include the
.Qq email protection
OID.
Netscape certificate type must be absent or must have the
.Em S/MIME CA
bit set: this is used as a work around if the
.Em basicConstraints
extension is absent.
.It Ar CRL Signing
The
.Em keyUsage
extension must be absent or it must have the
.Em CRL
signing bit set.
.It Ar CRL Signing CA
The normal CA tests apply.
Except in this case the
.Em basicConstraints
extension must be present.
.El
.Sh X509 BUGS
Extensions in certificates are not transferred to certificate requests and
vice versa.
.Pp
It is possible to produce invalid certificates or requests by specifying the
wrong private key or using inconsistent options in some cases: these should
be checked.
.Pp
There should be options to explicitly set such things as start and end dates,
rather than an offset from the current time.
.Pp
The code to implement the verify behaviour described in the
.Sx X509 TRUST SETTINGS
is currently being developed.
It thus describes the intended behaviour rather than the current behaviour.
It is hoped that it will represent reality in
.Nm OpenSSL
0.9.5 and later.
.Sh X509 HISTORY
Before
.Nm OpenSSL
0.9.8,
the default digest for RSA keys was MD5.
.Pp
The hash algorithm used in the
.Fl subject_hash
and
.Fl issuer_hash
options before
.Nm OpenSSL
1.0.0 was based on the deprecated MD5 algorithm and the encoding
of the distinguished name.
In
.Nm OpenSSL
1.0.0 and later it is based on a canonical version of the DN using SHA1.
This means that any directories using the old form
must have their links rebuilt using
.Ar c_rehash
or similar.
.Sh COMMON NOTATION
Several commands share a common syntax,
as detailed below.
.Pp
Password arguments, typically specified using
.Fl passin
and







|




|
<
|





|
<
<
|



<
|

|

















|
>
|


|
<














|




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900

5901
5902
5903
5904
5905
5906
5907


5908
5909
5910
5911

5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937

5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
















































































































































































































































































































































































































































































































































5957
5958
5959
5960
5961
5962
5963
certificate (for example with the
.Fl signkey
or the
.Fl CA
options).
Normally, all extensions are retained.
.It Fl days Ar arg
The number of days to make a certificate valid for.
The default is 30 days.
.It Fl extensions Ar section
The section to add certificate extensions from.
If this option is not specified, the extensions should either be
contained in the unnamed (default) section

or the default section should contain a variable called
.Qq extensions
which contains the section to use.
.It Fl extfile Ar file
File containing certificate extensions to use.
If not specified, no extensions are added to the certificate.
.It Fl keyform Cm der | pem


The format of the private key file used in the
.Fl signkey
option.
.It Fl req

Expect a certificate request on input instead of a certificate.
.It Fl set_serial Ar n
The serial number to use.
This option can be used with either the
.Fl signkey
or
.Fl CA
options.
If used in conjunction with the
.Fl CA
option, the serial number file (as specified by the
.Fl CAserial
or
.Fl CAcreateserial
options) is not used.
.Pp
The serial number can be decimal or hex (if preceded by
.Sq 0x ) .
Negative serial numbers can also be specified but their use is not recommended.
.It Fl signkey Ar file
Self-sign
.Ar file
using the supplied private key.
.Pp
If the input file is a certificate, it sets the issuer name to the
subject name (i.e. makes it self-signed),

changes the public key to the supplied value,
and changes the start and end dates.
The start date is set to the current time and the end date is set to
a value determined by the
.Fl days
option.
Any certificate extensions are retained unless the
.Fl clrext
option is supplied.
.Pp
If the input is a certificate request, a self-signed certificate
is created using the supplied private key using the subject name in
the request.
.It Fl x509toreq
Convert a certificate into a certificate request.
The
.Fl signkey
option is used to pass the required private key.
.El
















































































































































































































































































































































































































































































































































.Sh COMMON NOTATION
Several commands share a common syntax,
as detailed below.
.Pp
Password arguments, typically specified using
.Fl passin
and
8996
8997
8998
8999
9000
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015


9016
9017
9018


9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052

9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
Read the password from the file descriptor
.Ar number .
This can be used to send the data via a pipe, for example.
.It Cm stdin
Read the password from standard input.
.El
.Pp
File formats,
typically specified using
.Fl inform
and
.Fl outform ,
indicate the type of file being read from
or the file format to write.
The argument is case insensitive.
.Pp
.Bl -tag -width Ds -offset indent -compact
.It Cm der
Distinguished Encoding Rules (DER)
is a binary format.


.It Cm pem
Privacy Enhanced Mail (PEM)
is base64-encoded.


.It Cm txt
Plain ASCII text.
.El
.Sh ENVIRONMENT
The following environment variables affect the execution of
.Nm openssl :
.Bl -tag -width "/etc/ssl/openssl.cnf"
.It Ev OPENSSL_CONF
The location of the master configuration file.
.El
.\"
.\" FILES
.\"
.Sh FILES
.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
.It Pa /etc/ssl/
Default config directory for
.Nm openssl .
.It Pa /etc/ssl/lib/
Unused.
.It Pa /etc/ssl/private/
Default private key directory.
.It Pa /etc/ssl/openssl.cnf
Default configuration file for
.Nm openssl .
.It Pa /etc/ssl/x509v3.cnf
Default configuration file for
.Nm x509
certificates.
.El
.\"
.\" SEE ALSO
.\"
.Sh SEE ALSO

.Xr nc 1 ,
.Xr ssl 8 ,
.Xr starttls 8
.Sh STANDARDS
.Rs
.%D February 1995
.%Q Netscape Communications Corp.
.%T The SSL Protocol
.Re
.Pp
.Rs
.%D November 1996
.%Q Netscape Communications Corp.
.%T The SSL 3.0 Protocol
.Re
.Pp
.Rs
.%A T. Dierks
.%A C. Allen
.%D January 1999
.%R RFC 2246
.%T The TLS Protocol Version 1.0
.Re







|




|
<






>
>



>
>










<
<
<

















<
<
<

>




<
<
<
<
<
<
<
<
<
<
<
<







5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010

6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033



6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050



6051
6052
6053
6054
6055
6056












6057
6058
6059
6060
6061
6062
6063
Read the password from the file descriptor
.Ar number .
This can be used to send the data via a pipe, for example.
.It Cm stdin
Read the password from standard input.
.El
.Pp
Input/output formats,
typically specified using
.Fl inform
and
.Fl outform ,
indicate the format being read from or written to.

The argument is case insensitive.
.Pp
.Bl -tag -width Ds -offset indent -compact
.It Cm der
Distinguished Encoding Rules (DER)
is a binary format.
.It Cm net
Insecure legacy format.
.It Cm pem
Privacy Enhanced Mail (PEM)
is base64-encoded.
.It Cm smime
An SMIME format message.
.It Cm txt
Plain ASCII text.
.El
.Sh ENVIRONMENT
The following environment variables affect the execution of
.Nm openssl :
.Bl -tag -width "/etc/ssl/openssl.cnf"
.It Ev OPENSSL_CONF
The location of the master configuration file.
.El



.Sh FILES
.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
.It Pa /etc/ssl/
Default config directory for
.Nm openssl .
.It Pa /etc/ssl/lib/
Unused.
.It Pa /etc/ssl/private/
Default private key directory.
.It Pa /etc/ssl/openssl.cnf
Default configuration file for
.Nm openssl .
.It Pa /etc/ssl/x509v3.cnf
Default configuration file for
.Nm x509
certificates.
.El



.Sh SEE ALSO
.Xr acme-client 1 ,
.Xr nc 1 ,
.Xr ssl 8 ,
.Xr starttls 8
.Sh STANDARDS












.Rs
.%A T. Dierks
.%A C. Allen
.%D January 1999
.%R RFC 2246
.%T The TLS Protocol Version 1.0
.Re
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
.Pp
.Rs
.%A P. Chown
.%D June 2002
.%R RFC 3268
.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
.Re
.\"
.\" OPENSSL HISTORY
.\"
.Sh HISTORY
The
.Xr openssl 1
document appeared in
.Nm OpenSSL
0.9.2.
The
.Cm list- Ns XXX Ns Cm -commands
pseudo-commands were added in
.Nm OpenSSL
0.9.3;
the
.Cm no- Ns XXX
pseudo-commands were added in
.Nm OpenSSL
0.9.5a;
the
.Cm list- Ns XXX Ns Cm -algorithms
pseudo-commands were added in
.Nm OpenSSL
1.0.0.







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
6108
6109
6110
6111
6112
6113
6114
























.Pp
.Rs
.%A P. Chown
.%D June 2002
.%R RFC 3268
.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
.Re
























Changes to jni/libressl/apps/openssl/openssl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: openssl.c,v 1.22 2015/12/01 01:24:47 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: openssl.c,v 1.25 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
FUNCTION functions[] = {

	/* General functions. */
	{ FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main },
	{ FUNC_TYPE_GENERAL, "ca", ca_main },
	{ FUNC_TYPE_GENERAL, "certhash", certhash_main },
	{ FUNC_TYPE_GENERAL, "ciphers", ciphers_main },
#ifndef OPENSSL_NO_CMS
	{ FUNC_TYPE_GENERAL, "cms", cms_main },
#endif
	{ FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main },
	{ FUNC_TYPE_GENERAL, "crl", crl_main },
	{ FUNC_TYPE_GENERAL, "dgst", dgst_main },
	{ FUNC_TYPE_GENERAL, "enc", enc_main },
	{ FUNC_TYPE_GENERAL, "errstr", errstr_main },
	{ FUNC_TYPE_GENERAL, "genpkey", genpkey_main },
	{ FUNC_TYPE_GENERAL, "nseq", nseq_main },







<
<
<







150
151
152
153
154
155
156



157
158
159
160
161
162
163
FUNCTION functions[] = {

	/* General functions. */
	{ FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main },
	{ FUNC_TYPE_GENERAL, "ca", ca_main },
	{ FUNC_TYPE_GENERAL, "certhash", certhash_main },
	{ FUNC_TYPE_GENERAL, "ciphers", ciphers_main },



	{ FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main },
	{ FUNC_TYPE_GENERAL, "crl", crl_main },
	{ FUNC_TYPE_GENERAL, "dgst", dgst_main },
	{ FUNC_TYPE_GENERAL, "enc", enc_main },
	{ FUNC_TYPE_GENERAL, "errstr", errstr_main },
	{ FUNC_TYPE_GENERAL, "genpkey", genpkey_main },
	{ FUNC_TYPE_GENERAL, "nseq", nseq_main },
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
	char *p;
	LHASH_OF(FUNCTION) * prog = NULL;
	long errline;

	arg.data = NULL;
	arg.count = 0;

	if (pledge("stdio inet dns rpath wpath cpath proc flock tty", NULL) == -1) {
		fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
		exit(1);
	}

	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
	if (bio_err == NULL) {
		fprintf(stderr, "openssl: failed to initialise bio_err\n");







|







433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
	char *p;
	LHASH_OF(FUNCTION) * prog = NULL;
	long errline;

	arg.data = NULL;
	arg.count = 0;

	if (pledge("stdio cpath wpath rpath inet dns proc flock tty", NULL) == -1) {
		fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
		exit(1);
	}

	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
	if (bio_err == NULL) {
		fprintf(stderr, "openssl: failed to initialise bio_err\n");
Changes to jni/libressl/apps/openssl/passwd.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: passwd.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */

#if defined OPENSSL_NO_MD5
#define NO_MD5CRYPT_1
#endif

#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)

|







1
2
3
4
5
6
7
8
/* $OpenBSD: passwd.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */

#if defined OPENSSL_NO_MD5
#define NO_MD5CRYPT_1
#endif

#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
	int badopt = 0;
	int passed_salt = 0;
	size_t pw_maxlen = 0;
	int argsused;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&passwd_config, 0, sizeof(passwd_config));








|







142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
	int badopt = 0;
	int passed_salt = 0;
	size_t pw_maxlen = 0;
	int argsused;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&passwd_config, 0, sizeof(passwd_config));

Changes to jni/libressl/apps/openssl/pkcs12.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs12.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs12.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
	char *cpass = NULL, *mpass = NULL;
	char *passargin = NULL, *passargout = NULL, *passarg = NULL;
	char *passin = NULL, *passout = NULL;
	char *macalg = NULL;
	char *CApath = NULL, *CAfile = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;








|







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
	char *cpass = NULL, *mpass = NULL;
	char *passargin = NULL, *passargout = NULL, *passarg = NULL;
	char *passin = NULL, *passout = NULL;
	char *macalg = NULL;
	char *CApath = NULL, *CAfile = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass,
    int passlen, int options, char *pempass)
{
	EVP_PKEY *pkey;
	PKCS8_PRIV_KEY_INFO *p8;
	X509 *x509;

	switch (M_PKCS12_bag_type(bag)) {
	case NID_keyBag:
		if (options & INFO)
			BIO_printf(bio_err, "Key bag\n");
		if (options & NOKEYS)
			return 1;
		print_attribs(out, bag->attrib, "Bag Attributes");
		p8 = bag->value.keybag;







|







663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass,
    int passlen, int options, char *pempass)
{
	EVP_PKEY *pkey;
	PKCS8_PRIV_KEY_INFO *p8;
	X509 *x509;

	switch (OBJ_obj2nid(bag->type)) {
	case NID_keyBag:
		if (options & INFO)
			BIO_printf(bio_err, "Key bag\n");
		if (options & NOKEYS)
			return 1;
		print_attribs(out, bag->attrib, "Bag Attributes");
		p8 = bag->value.keybag;
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
			return 1;
		if (PKCS12_get_attr(bag, NID_localKeyID)) {
			if (options & CACERTS)
				return 1;
		} else if (options & CLCERTS)
			return 1;
		print_attribs(out, bag->attrib, "Bag Attributes");
		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
			return 1;
		if (!(x509 = PKCS12_certbag2x509(bag)))
			return 0;
		dump_cert_text(out, x509);
		PEM_write_bio_X509(out, x509);
		X509_free(x509);
		break;







|







709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
			return 1;
		if (PKCS12_get_attr(bag, NID_localKeyID)) {
			if (options & CACERTS)
				return 1;
		} else if (options & CLCERTS)
			return 1;
		print_attribs(out, bag->attrib, "Bag Attributes");
		if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
			return 1;
		if (!(x509 = PKCS12_certbag2x509(bag)))
			return 0;
		dump_cert_text(out, x509);
		PEM_write_bio_X509(out, x509);
		X509_free(x509);
		break;
Changes to jni/libressl/apps/openssl/pkcs7.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs7.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs7.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
{
	PKCS7 *p7 = NULL;
	BIO *in = NULL, *out = NULL;
	int ret = 1;
	int i;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&pkcs7_config, 0, sizeof(pkcs7_config));








|







151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
{
	PKCS7 *p7 = NULL;
	BIO *in = NULL, *out = NULL;
	int ret = 1;
	int i;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&pkcs7_config, 0, sizeof(pkcs7_config));

Changes to jni/libressl/apps/openssl/pkcs8.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs8.c,v 1.8 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999-2004.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs8.c,v 1.10 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999-2004.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
	X509_SIG *p8 = NULL;
	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
	EVP_PKEY *pkey = NULL;
	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&pkcs8_config, 0, sizeof(pkcs8_config));








|







223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
	X509_SIG *p8 = NULL;
	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
	EVP_PKEY *pkey = NULL;
	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&pkcs8_config, 0, sizeof(pkcs8_config));

Changes to jni/libressl/apps/openssl/pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkey.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkey.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
	int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
	EVP_PKEY *pkey = NULL;
	char *passin = NULL, *passout = NULL;
	int badarg = 0;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	informat = FORMAT_PEM;
	outformat = FORMAT_PEM;







|







76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
	int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
	EVP_PKEY *pkey = NULL;
	char *passin = NULL, *passout = NULL;
	int badarg = 0;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	informat = FORMAT_PEM;
	outformat = FORMAT_PEM;
Changes to jni/libressl/apps/openssl/pkeyparam.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkeyparam.c,v 1.8 2015/10/10 22:28:51 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkeyparam.c,v 1.10 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
pkeyparam_main(int argc, char **argv)
{
	BIO *in = NULL, *out = NULL;
	EVP_PKEY *pkey = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&pkeyparam_config, 0, sizeof(pkeyparam_config));








|







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
pkeyparam_main(int argc, char **argv)
{
	BIO *in = NULL, *out = NULL;
	EVP_PKEY *pkey = NULL;
	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&pkeyparam_config, 0, sizeof(pkeyparam_config));

Changes to jni/libressl/apps/openssl/pkeyutl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkeyutl.c,v 1.9 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkeyutl.c,v 1.11 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
	unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
	size_t buf_outlen;
	int buf_inlen = 0, siglen = -1;

	int ret = 1, rv = -1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	argc--;
	argv++;







|







97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
	unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
	size_t buf_outlen;
	int buf_inlen = 0, siglen = -1;

	int ret = 1, rv = -1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	argc--;
	argv++;
Changes to jni/libressl/apps/openssl/prime.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: prime.c,v 1.9 2015/10/10 22:28:51 doug Exp $ */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: prime.c,v 1.10 2015/10/17 15:00:11 doug Exp $ */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/apps/openssl/progs.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/* $OpenBSD: progs.h,v 1.6 2015/08/22 16:36:05 jsing Exp $ */
/* Public domain */

int asn1parse_main(int argc, char **argv);
int ca_main(int argc, char **argv);
int certhash_main(int argc, char **argv);
int ciphers_main(int argc, char **argv);
int cms_main(int argc, char **argv);
int crl2pkcs7_main(int argc, char **argv);
int crl_main(int argc, char **argv);
int dgst_main(int argc, char **argv);
int dh_main(int argc, char **argv);
int dhparam_main(int argc, char **argv);
int dsa_main(int argc, char **argv);
int dsaparam_main(int argc, char **argv);
|






<







1
2
3
4
5
6
7

8
9
10
11
12
13
14
/* $OpenBSD: progs.h,v 1.8 2016/09/05 10:45:19 deraadt Exp $ */
/* Public domain */

int asn1parse_main(int argc, char **argv);
int ca_main(int argc, char **argv);
int certhash_main(int argc, char **argv);
int ciphers_main(int argc, char **argv);

int crl2pkcs7_main(int argc, char **argv);
int crl_main(int argc, char **argv);
int dgst_main(int argc, char **argv);
int dh_main(int argc, char **argv);
int dhparam_main(int argc, char **argv);
int dsa_main(int argc, char **argv);
int dsaparam_main(int argc, char **argv);
Changes to jni/libressl/apps/openssl/rand.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rand.c,v 1.9 2015/10/10 22:28:51 doug Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rand.c,v 1.11 2017/01/20 08:57:12 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
	int ret = 1;
	int badopt = 0;
	int num = -1;
	int i, r;
	BIO *out = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&rand_config, 0, sizeof(rand_config));








|







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
	int ret = 1;
	int badopt = 0;
	int num = -1;
	int i, r;
	BIO *out = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&rand_config, 0, sizeof(rand_config));

Changes to jni/libressl/apps/openssl/req.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: req.c,v 1.12 2015/10/17 15:00:11 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: req.c,v 1.14 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
	char *p;
	char *subj = NULL;
	int multirdn = 0;
	const EVP_MD *md_alg = NULL, *digest = NULL;
	unsigned long chtype = MBSTRING_ASC;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	req_conf = NULL;
	cipher = EVP_aes_256_cbc();







|







173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
	char *p;
	char *subj = NULL;
	int multirdn = 0;
	const EVP_MD *md_alg = NULL, *digest = NULL;
	unsigned long chtype = MBSTRING_ASC;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	req_conf = NULL;
	cipher = EVP_aes_256_cbc();
Changes to jni/libressl/apps/openssl/rsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
	int ret = 1;
	RSA *rsa = NULL;
	int i;
	BIO *out = NULL;
	char *passin = NULL, *passout = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&rsa_config, 0, sizeof(rsa_config));
	rsa_config.pvk_encr = 2;







|







265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
	int ret = 1;
	RSA *rsa = NULL;
	int i;
	BIO *out = NULL;
	char *passin = NULL, *passout = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&rsa_config, 0, sizeof(rsa_config));
	rsa_config.pvk_encr = 2;
Changes to jni/libressl/apps/openssl/rsautl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsautl.c,v 1.9 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsautl.c,v 1.11 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
	char *passargin = NULL, *passin = NULL;
	int rsa_inlen, rsa_outlen = 0;
	int keysize;

	int ret = 1;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	argc--;
	argv++;







|







95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
	char *passargin = NULL, *passin = NULL;
	int rsa_inlen, rsa_outlen = 0;
	int keysize;

	int ret = 1;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	argc--;
	argv++;
Changes to jni/libressl/apps/openssl/s_apps.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: s_apps.h,v 1.2 2015/04/14 12:56:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s_apps.h,v 1.4 2016/12/30 17:25:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
124
125
126
127
128
129
130

131
132
133
134
135
136
137
#ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif

int init_client(int *sock, char *server, char *port, int type, int af);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str, char **host_ptr, unsigned char *ip, char **p);

long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi,
    long argl, long ret);







>







124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, char *server, char *port, int type, int af);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str, char **host_ptr, unsigned char *ip, char **p);

long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi,
    long argl, long ret);
Changes to jni/libressl/apps/openssl/s_cb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s_cb.c,v 1.5 2015/09/10 06:36:45 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s_cb.c,v 1.7 2016/12/30 17:25:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
280
281
282
283
284
285
286





































287
288
289
290
291
292
293
	if (!SSL_CTX_check_private_key(ctx)) {
		BIO_printf(bio_err,
		    "Private key does not match the certificate public key\n");
		return 0;
	}
	return 1;
}






































long
bio_dump_callback(BIO * bio, int cmd, const char *argp,
    int argi, long argl, long ret)
{
	BIO *out;








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
	if (!SSL_CTX_check_private_key(ctx)) {
		BIO_printf(bio_err,
		    "Private key does not match the certificate public key\n");
		return 0;
	}
	return 1;
}

int
ssl_print_tmp_key(BIO *out, SSL *s)
{
	const char *cname;
	EVP_PKEY *pkey;
	EC_KEY *ec;
	int nid;

	if (!SSL_get_server_tmp_key(s, &pkey))
		return 0;

	BIO_puts(out, "Server Temp Key: ");
	switch (EVP_PKEY_id(pkey)) {
	case EVP_PKEY_DH:
		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
		break;

	case EVP_PKEY_EC:
		ec = EVP_PKEY_get1_EC_KEY(pkey);
		nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
		EC_KEY_free(ec);

		if ((cname = EC_curve_nid2nist(nid)) == NULL)
			cname = OBJ_nid2sn(nid);

		BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
		break;

	default:
		BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
		    EVP_PKEY_bits(pkey));
	}

	EVP_PKEY_free(pkey);
	return 1;
}

long
bio_dump_callback(BIO * bio, int cmd, const char *argp,
    int argi, long argl, long ret)
{
	BIO *out;

Changes to jni/libressl/apps/openssl/s_client.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s_client.c,v 1.27 2015/12/01 12:01:56 jca Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s_client.c,v 1.31 2017/01/24 09:07:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
241
242
243
244
245
246
247

248
249
250
251
252
253
254
	BIO_printf(bio_err, " -sess_in arg  - file to read SSL session from\n");
	BIO_printf(bio_err, " -servername host  - Set TLS extension servername in ClientHello\n");
	BIO_printf(bio_err, " -tlsextdebug      - hex dump of all TLS extensions received\n");
	BIO_printf(bio_err, " -status           - request certificate status from server\n");
	BIO_printf(bio_err, " -no_ticket        - disable use of RFC4507bis session tickets\n");
	BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
	BIO_printf(bio_err, " -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");

#ifndef OPENSSL_NO_SRTP
	BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
#endif
	BIO_printf(bio_err, " -keymatexport label   - Export keying material using label\n");
	BIO_printf(bio_err, " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
}








>







241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
	BIO_printf(bio_err, " -sess_in arg  - file to read SSL session from\n");
	BIO_printf(bio_err, " -servername host  - Set TLS extension servername in ClientHello\n");
	BIO_printf(bio_err, " -tlsextdebug      - hex dump of all TLS extensions received\n");
	BIO_printf(bio_err, " -status           - request certificate status from server\n");
	BIO_printf(bio_err, " -no_ticket        - disable use of RFC4507bis session tickets\n");
	BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
	BIO_printf(bio_err, " -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
	BIO_printf(bio_err, " -groups arg       - specify EC curve groups (colon-separated list)\n");
#ifndef OPENSSL_NO_SRTP
	BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
#endif
	BIO_printf(bio_err, " -keymatexport label   - Export keying material using label\n");
	BIO_printf(bio_err, " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
}

353
354
355
356
357
358
359

360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
	struct timeval timeout;
	const char *errstr = NULL;
	char *servername = NULL;
	tlsextctx tlsextcbp =
	{NULL, 0};
	const char *next_proto_neg_in = NULL;
	const char *alpn_in = NULL;

	char *sess_in = NULL;
	char *sess_out = NULL;
	struct sockaddr peer;
	int peerlen = sizeof(peer);
	int enable_timeouts = 0;
	long socket_mtu = 0;

	if (single_execution) {
		if (pledge("stdio inet dns rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	meth = SSLv23_client_method();








>








|







354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
	struct timeval timeout;
	const char *errstr = NULL;
	char *servername = NULL;
	tlsextctx tlsextcbp =
	{NULL, 0};
	const char *next_proto_neg_in = NULL;
	const char *alpn_in = NULL;
	const char *groups_in = NULL;
	char *sess_in = NULL;
	char *sess_out = NULL;
	struct sockaddr peer;
	int peerlen = sizeof(peer);
	int enable_timeouts = 0;
	long socket_mtu = 0;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	meth = SSLv23_client_method();

523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542




543
544
545
546
547
548
549
			off |= SSL_OP_NO_TLSv1;
		else if (strcmp(*argv, "-no_ssl3") == 0)
			off |= SSL_OP_NO_SSLv3;
		else if (strcmp(*argv, "-no_ssl2") == 0)
			off |= SSL_OP_NO_SSLv2;
		else if (strcmp(*argv, "-no_comp") == 0) {
			off |= SSL_OP_NO_COMPRESSION;
		}
		else if (strcmp(*argv, "-no_ticket") == 0) {
			off |= SSL_OP_NO_TICKET;
		}
		else if (strcmp(*argv, "-nextprotoneg") == 0) {
			if (--argc < 1)
				goto bad;
			next_proto_neg_in = *(++argv);
		}
		else if (strcmp(*argv, "-alpn") == 0) {
			if (--argc < 1)
				goto bad;
			alpn_in = *(++argv);




		} else if (strcmp(*argv, "-serverpref") == 0)
			off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
		else if (strcmp(*argv, "-legacy_renegotiation") == 0)
			; /* no-op */
		else if (strcmp(*argv, "-legacy_server_connect") == 0) {
			off |= SSL_OP_LEGACY_SERVER_CONNECT;
		} else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {







<
|

<
|



<
|



>
>
>
>







525
526
527
528
529
530
531

532
533

534
535
536
537

538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
			off |= SSL_OP_NO_TLSv1;
		else if (strcmp(*argv, "-no_ssl3") == 0)
			off |= SSL_OP_NO_SSLv3;
		else if (strcmp(*argv, "-no_ssl2") == 0)
			off |= SSL_OP_NO_SSLv2;
		else if (strcmp(*argv, "-no_comp") == 0) {
			off |= SSL_OP_NO_COMPRESSION;

		} else if (strcmp(*argv, "-no_ticket") == 0) {
			off |= SSL_OP_NO_TICKET;

		} else if (strcmp(*argv, "-nextprotoneg") == 0) {
			if (--argc < 1)
				goto bad;
			next_proto_neg_in = *(++argv);

		} else if (strcmp(*argv, "-alpn") == 0) {
			if (--argc < 1)
				goto bad;
			alpn_in = *(++argv);
		} else if (strcmp(*argv, "-groups") == 0) {
			if (--argc < 1)
				goto bad;
			groups_in = *(++argv);
		} else if (strcmp(*argv, "-serverpref") == 0)
			off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
		else if (strcmp(*argv, "-legacy_renegotiation") == 0)
			; /* no-op */
		else if (strcmp(*argv, "-legacy_server_connect") == 0) {
			off |= SSL_OP_LEGACY_SERVER_CONNECT;
		} else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
709
710
711
712
713
714
715







716
717
718
719
720
721
722

		if (alpn == NULL) {
			BIO_printf(bio_err, "Error parsing -alpn argument\n");
			goto end;
		}
		SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
		free(alpn);







	}

	if (state)
		SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
	if (cipher != NULL)
		if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
			BIO_printf(bio_err, "error setting cipher list\n");







>
>
>
>
>
>
>







712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732

		if (alpn == NULL) {
			BIO_printf(bio_err, "Error parsing -alpn argument\n");
			goto end;
		}
		SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
		free(alpn);
	}
	if (groups_in != NULL) {
		if (SSL_CTX_set1_groups_list(ctx, groups_in) != 1) {
			BIO_printf(bio_err, "Failed to set groups '%s'\n",
			    groups_in);
			goto end;
		}
	}

	if (state)
		SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
	if (cipher != NULL)
		if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
			BIO_printf(bio_err, "error setting cipher list\n");
1361
1362
1363
1364
1365
1366
1367



1368
1369
1370
1371
1372
1373
1374
					BIO_write(bio, p, 1);
					j++;
				}
				p++;
			}
			BIO_write(bio, "\n", 1);
		}



		BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
		    BIO_number_read(SSL_get_rbio(s)),
		    BIO_number_written(SSL_get_wbio(s)));
	}
	BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, "));
	c = SSL_get_current_cipher(s);
	BIO_printf(bio, "%s, Cipher is %s\n",







>
>
>







1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
					BIO_write(bio, p, 1);
					j++;
				}
				p++;
			}
			BIO_write(bio, "\n", 1);
		}

		ssl_print_tmp_key(bio, s);

		BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
		    BIO_number_read(SSL_get_rbio(s)),
		    BIO_number_written(SSL_get_wbio(s)));
	}
	BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, "));
	c = SSL_get_current_cipher(s);
	BIO_printf(bio, "%s, Cipher is %s\n",
Changes to jni/libressl/apps/openssl/s_server.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s_server.c,v 1.23 2015/12/01 12:04:51 jca Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s_server.c,v 1.25 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
	tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
	const char *next_proto_neg_in = NULL;
	tlsextnextprotoctx next_proto = { NULL, 0 };
	const char *alpn_in = NULL;
	tlsextalpnctx alpn_ctx = { NULL, 0 };

	if (single_execution) {
		if (pledge("stdio inet dns rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	meth = SSLv23_server_method();








|







601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
	tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
	const char *next_proto_neg_in = NULL;
	tlsextnextprotoctx next_proto = { NULL, 0 };
	const char *alpn_in = NULL;
	tlsextalpnctx alpn_ctx = { NULL, 0 };

	if (single_execution) {
		if (pledge("stdio rpath inet dns tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	meth = SSLv23_server_method();

Changes to jni/libressl/apps/openssl/s_socket.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s_socket.c,v 1.7 2015/07/20 03:22:25 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s_socket.c,v 1.8 2015/09/10 02:23:29 lteo Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/apps/openssl/s_time.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s_time.c,v 1.13 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s_time.c,v 1.17 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

#define SSL_CONNECT_NAME	"localhost:4433"

#define BUFSIZZ 1024*10

#define MYBUFSIZ 1024*8

#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
#define max(a,b) (((a) > (b)) ? (a) : (b))

#define SECONDS	30
extern int verify_depth;
extern int verify_error;

static void s_time_usage(void);
static SSL *doConnection(SSL * scon);

static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth = NULL;
static long bytes_read = 0;

struct {
	int bugs;
	char *CAfile;
	char *CApath;
	char *certfile;
	char *cipher;
	char *host;
	char *keyfile;
	int maxtime;
	int nbio;
	int no_shutdown;
	int perform;
	int verify;
	int verify_depth;
	char *www_path;
} s_time_config;







<
<
<
<
<



















|







82
83
84
85
86
87
88





89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

#define SSL_CONNECT_NAME	"localhost:4433"

#define BUFSIZZ 1024*10

#define MYBUFSIZ 1024*8






#define SECONDS	30
extern int verify_depth;
extern int verify_error;

static void s_time_usage(void);
static SSL *doConnection(SSL * scon);

static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth = NULL;
static long bytes_read = 0;

struct {
	int bugs;
	char *CAfile;
	char *CApath;
	char *certfile;
	char *cipher;
	char *host;
	char *keyfile;
	time_t maxtime;
	int nbio;
	int no_shutdown;
	int perform;
	int verify;
	int verify_depth;
	char *www_path;
} s_time_config;
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
		.opt.value = &s_time_config.perform,
		.value = 2,
	},
	{
		.name = "time",
		.argname = "seconds",
		.desc = "Duration to perform timing tests for (default 30)",
		.type = OPTION_ARG_INT,
		.opt.value = &s_time_config.maxtime,
	},
	{
		.name = "verify",
		.argname = "depth",
		.desc = "Enable peer certificate verification with given depth",
		.type = OPTION_ARG_INT,
		.opt.value = &s_time_config.verify_depth,







|
|







190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
		.opt.value = &s_time_config.perform,
		.value = 2,
	},
	{
		.name = "time",
		.argname = "seconds",
		.desc = "Duration to perform timing tests for (default 30)",
		.type = OPTION_ARG_TIME,
		.opt.tvalue = &s_time_config.maxtime,
	},
	{
		.name = "verify",
		.argname = "depth",
		.desc = "Enable peer certificate verification with given depth",
		.type = OPTION_ARG_INT,
		.opt.value = &s_time_config.verify_depth,
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
 */
int
s_time_main(int argc, char **argv)
{
	double totalTime = 0.0;
	int nConn = 0;
	SSL *scon = NULL;
	long finishtime = 0;
	int ret = 1, i;
	char buf[1024 * 8];
	int ver;

	if (single_execution) {
		if (pledge("stdio inet rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	s_time_meth = SSLv23_client_method();








|
|




|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
 */
int
s_time_main(int argc, char **argv)
{
	double totalTime = 0.0;
	int nConn = 0;
	SSL *scon = NULL;
	time_t finishtime;
	int ret = 1;
	char buf[1024 * 8];
	int ver;

	if (single_execution) {
		if (pledge("stdio rpath inet", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	s_time_meth = SSLv23_client_method();

325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
		 */
		ERR_print_errors(bio_err);
		/* goto end; */
	}

	if (!(s_time_config.perform & 1))
		goto next;
	printf("Collecting connection statistics for %d seconds\n",
	    s_time_config.maxtime);

	/* Loop and time how long it takes to make connections */

	bytes_read = 0;
	finishtime = (long) time(NULL) + s_time_config.maxtime;
	tm_Time_F(START);
	for (;;) {
		if (finishtime < (long) time(NULL))
			break;
		if ((scon = doConnection(NULL)) == NULL)
			goto end;

		if (s_time_config.www_path != NULL) {
			int retval = snprintf(buf, sizeof buf,
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
			if ((size_t)retval >= sizeof buf) {
				fprintf(stderr, "URL too long\n");
				goto end;
			}
			SSL_write(scon, buf, strlen(buf));
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)







|
|




|


|





|







320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
		 */
		ERR_print_errors(bio_err);
		/* goto end; */
	}

	if (!(s_time_config.perform & 1))
		goto next;
	printf("Collecting connection statistics for %lld seconds\n",
	    (long long)s_time_config.maxtime);

	/* Loop and time how long it takes to make connections */

	bytes_read = 0;
	finishtime = time(NULL) + s_time_config.maxtime;
	tm_Time_F(START);
	for (;;) {
		if (finishtime < time(NULL))
			break;
		if ((scon = doConnection(NULL)) == NULL)
			goto end;

		if (s_time_config.www_path != NULL) {
			int i, retval = snprintf(buf, sizeof buf,
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
			if ((size_t)retval >= sizeof buf) {
				fprintf(stderr, "URL too long\n");
				goto end;
			}
			SSL_write(scon, buf, strlen(buf));
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
380
381
382
383
384
385
386
387
388



389

390
391
392
393
394
395
396
		fflush(stdout);

		SSL_free(scon);
		scon = NULL;
	}
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */

	i = (int) ((long) time(NULL) - finishtime + s_time_config.maxtime);
	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);



	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);


	/*
	 * Now loop and time connections using the same session id over and
	 * over
	 */

next:







<
|
>
>
>
|
>







375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390
391
392
393
394
		fflush(stdout);

		SSL_free(scon);
		scon = NULL;
	}
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */


	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
	    nConn, totalTime, ((double) nConn / totalTime), bytes_read);
	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
	    nConn,
	    (long long)(time(NULL) - finishtime + s_time_config.maxtime),
	    bytes_read / nConn);

	/*
	 * Now loop and time connections using the same session id over and
	 * over
	 */

next:
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
		SSL_shutdown(scon);
	shutdown(SSL_get_fd(scon), SHUT_RDWR);
	close(SSL_get_fd(scon));

	nConn = 0;
	totalTime = 0.0;

	finishtime = (long) time(NULL) + s_time_config.maxtime;

	printf("starting\n");
	bytes_read = 0;
	tm_Time_F(START);

	for (;;) {
		if (finishtime < (long) time(NULL))
			break;
		if ((doConnection(scon)) == NULL)
			goto end;

		if (s_time_config.www_path) {
			int retval = snprintf(buf, sizeof buf,
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
			if ((size_t)retval >= sizeof buf) {
				fprintf(stderr, "URL too long\n");
				goto end;
			}
			SSL_write(scon, buf, strlen(buf));
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)







|






|





|







418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
		SSL_shutdown(scon);
	shutdown(SSL_get_fd(scon), SHUT_RDWR);
	close(SSL_get_fd(scon));

	nConn = 0;
	totalTime = 0.0;

	finishtime = time(NULL) + s_time_config.maxtime;

	printf("starting\n");
	bytes_read = 0;
	tm_Time_F(START);

	for (;;) {
		if (finishtime < time(NULL))
			break;
		if ((doConnection(scon)) == NULL)
			goto end;

		if (s_time_config.www_path) {
			int i, retval = snprintf(buf, sizeof buf,
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
			if ((size_t)retval >= sizeof buf) {
				fprintf(stderr, "URL too long\n");
				goto end;
			}
			SSL_write(scon, buf, strlen(buf));
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
470
471
472
473
474
475
476
477
478


479

480
481
482
483
484
485
486
				ver = '*';
		}
		fputc(ver, stdout);
		fflush(stdout);
	}
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */


	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);


	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);


	ret = 0;
end:
	if (scon != NULL)
		SSL_free(scon);

	if (tm_ctx != NULL) {







<

>
>
|
>







468
469
470
471
472
473
474

475
476
477
478
479
480
481
482
483
484
485
486
				ver = '*';
		}
		fputc(ver, stdout);
		fflush(stdout);
	}
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */


	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
	    nConn,
	    (long long)(time(NULL) - finishtime + s_time_config.maxtime),
	    bytes_read / nConn);

	ret = 0;
end:
	if (scon != NULL)
		SSL_free(scon);

	if (tm_ctx != NULL) {
Changes to jni/libressl/apps/openssl/sess_id.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: sess_id.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sess_id.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
{
	SSL_SESSION *x = NULL;
	X509 *peer = NULL;
	int ret = 1, i;
	BIO *out = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&sess_id_config, 0, sizeof(sess_id_config));








|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
{
	SSL_SESSION *x = NULL;
	X509 *peer = NULL;
	int ret = 1, i;
	BIO *out = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&sess_id_config, 0, sizeof(sess_id_config));

Changes to jni/libressl/apps/openssl/smime.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: smime.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: smime.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
	const EVP_MD *sign_md = NULL;
	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
	int keyform = FORMAT_PEM;

	X509_VERIFY_PARAM *vpm = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	args = argv + 1;
	ret = 1;







|







109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
	const EVP_MD *sign_md = NULL;
	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
	int keyform = FORMAT_PEM;

	X509_VERIFY_PARAM *vpm = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	args = argv + 1;
	ret = 1;
Changes to jni/libressl/apps/openssl/speed.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: speed.c,v 1.17 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: speed.c,v 1.19 2016/08/22 04:33:07 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#define SECONDS		3
#define RSA_SECONDS	10
#define DSA_SECONDS	10
#define ECDSA_SECONDS   10
#define ECDH_SECONDS    10

/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

#include <math.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <unistd.h>







<
<
<







75
76
77
78
79
80
81



82
83
84
85
86
87
88

#define SECONDS		3
#define RSA_SECONDS	10
#define DSA_SECONDS	10
#define ECDSA_SECONDS   10
#define ECDH_SECONDS    10




#include <math.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <unistd.h>
Changes to jni/libressl/apps/openssl/spkac.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: spkac.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999. Based on an original idea by Massimiliano Pala
 * (madwolf@openca.org).
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: spkac.c,v 1.9 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999. Based on an original idea by Massimiliano Pala
 * (madwolf@openca.org).
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
	char *passin = NULL;
	char *spkstr = NULL;
	CONF *conf = NULL;
	NETSCAPE_SPKI *spki = NULL;
	EVP_PKEY *pkey = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&spkac_config, 0, sizeof(spkac_config));
	spkac_config.spkac = "SPKAC";







|







178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
	char *passin = NULL;
	char *spkstr = NULL;
	CONF *conf = NULL;
	NETSCAPE_SPKI *spki = NULL;
	EVP_PKEY *pkey = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&spkac_config, 0, sizeof(spkac_config));
	spkac_config.spkac = "SPKAC";
Changes to jni/libressl/apps/openssl/testdsa.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: testdsa.h,v 1.7 2014/06/12 15:49:27 deraadt Exp $ */

DSA *get_dsa512(void);
DSA *get_dsa1024(void);
DSA *get_dsa2048(void);

static unsigned char dsa512_priv[] = {
	0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
|







1
2
3
4
5
6
7
8
/* $OpenBSD: testdsa.h,v 1.1 2014/08/26 17:47:25 jsing Exp $ */

DSA *get_dsa512(void);
DSA *get_dsa1024(void);
DSA *get_dsa2048(void);

static unsigned char dsa512_priv[] = {
	0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
Changes to jni/libressl/apps/openssl/testrsa.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: testrsa.h,v 1.4 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: testrsa.h,v 1.1 2014/08/26 17:47:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/apps/openssl/timeouts.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: timeouts.h,v 1.3 2014/06/12 15:49:27 deraadt Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: timeouts.h,v 1.1 2014/08/26 17:47:25 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
Changes to jni/libressl/apps/openssl/ts.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts.c,v 1.12 2015/10/17 07:51:10 semarie Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts.c,v 1.14 2017/01/20 08:57:12 deraadt Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
	char *untrusted = NULL;
	/* Input is ContentInfo instead of TimeStampResp. */
	int token_in = 0;
	/* Output is ContentInfo instead of TimeStampResp. */
	int token_out = 0;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	for (argc--, argv++; argc > 0; argc--, argv++) {
		if (strcmp(*argv, "-config") == 0) {







|







146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
	char *untrusted = NULL;
	/* Input is ContentInfo instead of TimeStampResp. */
	int token_in = 0;
	/* Output is ContentInfo instead of TimeStampResp. */
	int token_out = 0;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	for (argc--, argv++; argc > 0; argc--, argv++) {
		if (strcmp(*argv, "-config") == 0) {
Changes to jni/libressl/apps/openssl/verify.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: verify.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: verify.c,v 1.6 2015/10/17 15:00:11 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/apps/openssl/version.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: version.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: version.c,v 1.8 2015/10/17 15:00:11 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/apps/openssl/x509.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509.c,v 1.11 2015/10/17 07:51:10 semarie Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509.c,v 1.14 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
	CONF *extconf = NULL;
	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
	int checkend = 0, checkoffset = 0;
	unsigned long nmflag = 0, certflag = 0;
	const char *errstr = NULL;

	if (single_execution) {
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	reqfile = 0;








|







195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
	CONF *extconf = NULL;
	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
	int checkend = 0, checkoffset = 0;
	unsigned long nmflag = 0, certflag = 0;
	const char *errstr = NULL;

	if (single_execution) {
		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	reqfile = 0;

889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
		ASN1_OCTET_STRING hdr;

		hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
		hdr.length = strlen(NETSCAPE_CERT_HDR);
		nx.header = &hdr;
		nx.cert = x;

		i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
	} else {
		BIO_printf(bio_err, "bad output format specified for outfile\n");
		goto end;
	}
	if (!i) {
		BIO_printf(bio_err, "unable to write certificate\n");
		ERR_print_errors(bio_err);







|







889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
		ASN1_OCTET_STRING hdr;

		hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
		hdr.length = strlen(NETSCAPE_CERT_HDR);
		nx.header = &hdr;
		nx.cert = x;

		i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx);
	} else {
		BIO_printf(bio_err, "bad output format specified for outfile\n");
		goto end;
	}
	if (!i) {
		BIO_printf(bio_err, "unable to write certificate\n");
		ERR_print_errors(bio_err);
Added jni/libressl/cmake_export_symbol.cmake.
























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
macro(export_symbol TARGET FILENAME)

	set(FLAG "")

	if(WIN32)
		string(REPLACE ".sym" ".def" DEF_FILENAME ${FILENAME})
		file(WRITE ${DEF_FILENAME} "EXPORTS\n")
		file(READ ${FILENAME} SYMBOLS)
		file(APPEND ${DEF_FILENAME} "${SYMBOLS}")
		target_sources(${TARGET} PRIVATE ${DEF_FILENAME})

	elseif(APPLE)
		set(FLAG "-exported_symbols_list ${FILENAME}")
		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})

	elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
		file(READ ${FILENAME} SYMBOLS)
		string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
		string(REPLACE "\n" "\n+e " SYMBOLS ${SYMBOLS})
		string(REPLACE ".sym" ".opt" OPT_FILENAME ${FILENAME})
		file(WRITE ${OPT_FILENAME} "+e ${SYMBOLS}")
		set(FLAG "-Wl,-c,${OPT_FILENAME}")
		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})

	elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
		file(READ ${FILENAME} SYMBOLS)
		string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
		string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
		file(WRITE ${VER_FILENAME}
			"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
		set(FLAG "-Wl,-M${VER_FILENAME}")
		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})

	elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
		file(READ ${FILENAME} SYMBOLS)
		string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
		string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
		file(WRITE ${VER_FILENAME}
			"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
		set(FLAG "-Wl,--version-script,\"${VER_FILENAME}\"")
		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
	endif()

endmacro()
Changes to jni/libressl/configure.
1
2
3
4
5
6
7
8
9
10
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libressl 2.4.5.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.


|







1
2
3
4
5
6
7
8
9
10
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libressl 2.5.5.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
subdirs=
MFLAGS=
MAKEFLAGS=

# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
PACKAGE_VERSION='2.4.5'
PACKAGE_STRING='libressl 2.4.5'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H







|
|







583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
subdirs=
MFLAGS=
MAKEFLAGS=

# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
PACKAGE_VERSION='2.5.5'
PACKAGE_STRING='libressl 2.5.5'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
641
642
643
644
645
646
647

648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663


664
665
666
667


668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683


684
685
686
687
688
689
690
691




692
693
694
695
696
697
698
OPENSSL_NO_ASM_FALSE
OPENSSL_NO_ASM_TRUE
ENABLE_EXTRATESTS_FALSE
ENABLE_EXTRATESTS_TRUE
OPENSSLDIR_DEFINED_FALSE
OPENSSLDIR_DEFINED_TRUE
OPENSSLDIR

HAVE_B64_NTOP_FALSE
HAVE_B64_NTOP_TRUE
HAVE_TIMINGSAFE_MEMCMP_FALSE
HAVE_TIMINGSAFE_MEMCMP_TRUE
HAVE_TIMINGSAFE_BCMP_FALSE
HAVE_TIMINGSAFE_BCMP_TRUE
HAVE_GETENTROPY_FALSE
HAVE_GETENTROPY_TRUE
HAVE_EXPLICIT_BZERO_FALSE
HAVE_EXPLICIT_BZERO_TRUE
HAVE_ARC4RANDOM_UNIFORM_FALSE
HAVE_ARC4RANDOM_UNIFORM_TRUE
HAVE_ARC4RANDOM_BUF_FALSE
HAVE_ARC4RANDOM_BUF_TRUE
HAVE_ARC4RANDOM_FALSE
HAVE_ARC4RANDOM_TRUE


HAVE_POLL_FALSE
HAVE_POLL_TRUE
HAVE_PLEDGE_FALSE
HAVE_PLEDGE_TRUE


HAVE_ACCEPT4_FALSE
HAVE_ACCEPT4_TRUE
HAVE_TIMEGM_FALSE
HAVE_TIMEGM_TRUE
HAVE_STRTONUM_FALSE
HAVE_STRTONUM_TRUE
HAVE_STRSEP_FALSE
HAVE_STRSEP_TRUE
HAVE_STRNLEN_FALSE
HAVE_STRNLEN_TRUE
HAVE_STRNDUP_FALSE
HAVE_STRNDUP_TRUE
HAVE_STRLCPY_FALSE
HAVE_STRLCPY_TRUE
HAVE_STRLCAT_FALSE
HAVE_STRLCAT_TRUE


HAVE_REALLOCARRAY_FALSE
HAVE_REALLOCARRAY_TRUE
HAVE_READPASSPHRASE_FALSE
HAVE_READPASSPHRASE_TRUE
HAVE_MEMMEM_FALSE
HAVE_MEMMEM_TRUE
HAVE_INET_PTON_FALSE
HAVE_INET_PTON_TRUE




HAVE_ASPRINTF_FALSE
HAVE_ASPRINTF_TRUE
BUILD_CERTHASH_FALSE
BUILD_CERTHASH_TRUE
am__fastdepCCAS_FALSE
am__fastdepCCAS_TRUE
CCASDEPMODE







>
















>
>




>
>
















>
>








>
>
>
>







641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
OPENSSL_NO_ASM_FALSE
OPENSSL_NO_ASM_TRUE
ENABLE_EXTRATESTS_FALSE
ENABLE_EXTRATESTS_TRUE
OPENSSLDIR_DEFINED_FALSE
OPENSSLDIR_DEFINED_TRUE
OPENSSLDIR
HOSTARCH
HAVE_B64_NTOP_FALSE
HAVE_B64_NTOP_TRUE
HAVE_TIMINGSAFE_MEMCMP_FALSE
HAVE_TIMINGSAFE_MEMCMP_TRUE
HAVE_TIMINGSAFE_BCMP_FALSE
HAVE_TIMINGSAFE_BCMP_TRUE
HAVE_GETENTROPY_FALSE
HAVE_GETENTROPY_TRUE
HAVE_EXPLICIT_BZERO_FALSE
HAVE_EXPLICIT_BZERO_TRUE
HAVE_ARC4RANDOM_UNIFORM_FALSE
HAVE_ARC4RANDOM_UNIFORM_TRUE
HAVE_ARC4RANDOM_BUF_FALSE
HAVE_ARC4RANDOM_BUF_TRUE
HAVE_ARC4RANDOM_FALSE
HAVE_ARC4RANDOM_TRUE
HAVE_SOCKETPAIR_FALSE
HAVE_SOCKETPAIR_TRUE
HAVE_POLL_FALSE
HAVE_POLL_TRUE
HAVE_PLEDGE_FALSE
HAVE_PLEDGE_TRUE
HAVE_PIPE2_FALSE
HAVE_PIPE2_TRUE
HAVE_ACCEPT4_FALSE
HAVE_ACCEPT4_TRUE
HAVE_TIMEGM_FALSE
HAVE_TIMEGM_TRUE
HAVE_STRTONUM_FALSE
HAVE_STRTONUM_TRUE
HAVE_STRSEP_FALSE
HAVE_STRSEP_TRUE
HAVE_STRNLEN_FALSE
HAVE_STRNLEN_TRUE
HAVE_STRNDUP_FALSE
HAVE_STRNDUP_TRUE
HAVE_STRLCPY_FALSE
HAVE_STRLCPY_TRUE
HAVE_STRLCAT_FALSE
HAVE_STRLCAT_TRUE
HAVE_RECALLOCARRAY_FALSE
HAVE_RECALLOCARRAY_TRUE
HAVE_REALLOCARRAY_FALSE
HAVE_REALLOCARRAY_TRUE
HAVE_READPASSPHRASE_FALSE
HAVE_READPASSPHRASE_TRUE
HAVE_MEMMEM_FALSE
HAVE_MEMMEM_TRUE
HAVE_INET_PTON_FALSE
HAVE_INET_PTON_TRUE
HAVE_INET_NTOP_FALSE
HAVE_INET_NTOP_TRUE
HAVE_GETPAGESIZE_FALSE
HAVE_GETPAGESIZE_TRUE
HAVE_ASPRINTF_FALSE
HAVE_ASPRINTF_TRUE
BUILD_CERTHASH_FALSE
BUILD_CERTHASH_TRUE
am__fastdepCCAS_FALSE
am__fastdepCCAS_TRUE
CCASDEPMODE
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
\`configure' configures libressl 2.4.5 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.







|







1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
\`configure' configures libressl 2.5.5 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi

if test -n "$ac_init_help"; then
  case $ac_init_help in
     short | recursive ) echo "Configuration of libressl 2.4.5:";;
   esac
  cat <<\_ACEOF

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]







|







1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi

if test -n "$ac_init_help"; then
  case $ac_init_help in
     short | recursive ) echo "Configuration of libressl 2.5.5:";;
   esac
  cat <<\_ACEOF

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
    cd "$ac_pwd" || { ac_status=$?; break; }
  done
fi

test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
  cat <<\_ACEOF
libressl configure 2.4.5
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
  exit







|







1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
    cd "$ac_pwd" || { ac_status=$?; break; }
  done
fi

test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
  cat <<\_ACEOF
libressl configure 2.5.5
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
  exit
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
  as_fn_set_status $ac_retval

} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by libressl $as_me 2.4.5, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@

_ACEOF
exec 5>>config.log
{







|







2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
  as_fn_set_status $ac_retval

} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by libressl $as_me 2.5.5, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@

_ACEOF
exec 5>>config.log
{
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu


LIBCRYPTO_VERSION=38:0:0

LIBSSL_VERSION=39:0:0

LIBTLS_VERSION=11:0:0


ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
  if test -f "$ac_dir/install-sh"; then
    ac_aux_dir=$ac_dir
    ac_install_sh="$ac_aux_dir/install-sh -c"







|

|

|







2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu


LIBCRYPTO_VERSION=41:1:0

LIBSSL_VERSION=43:2:0

LIBTLS_VERSION=15:4:0


ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
  if test -f "$ac_dir/install-sh"; then
    ac_aux_dir=$ac_dir
    ac_install_sh="$ac_aux_dir/install-sh -c"
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
    CYGPATH_W=echo
  fi
fi


# Define the identity of the package.
 PACKAGE='libressl'
 VERSION='2.4.5'


cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF









|







3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
    CYGPATH_W=echo
  fi
fi


# Define the identity of the package.
 PACKAGE='libressl'
 VERSION='2.5.5'


cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF


12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
	*mingw*)
		HOST_OS=win
		BUILD_NC=no
		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
		CFLAGS="$CFLAGS -static-libgcc"
		LDFLAGS="$LDFLAGS -static-libgcc"
		PLATFORM_LDADD='-lws2_32'

		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"







<
<







12224
12225
12226
12227
12228
12229
12230


12231
12232
12233
12234
12235
12236
12237
	*mingw*)
		HOST_OS=win
		BUILD_NC=no
		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"


		PLATFORM_LDADD='-lws2_32'

		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
13019
13020
13021
13022
13023
13024
13025
13026












13027
13028
13029
13030
13031
13032
13033
_ACEOF

fi

done

# Check for general libc functions
for ac_func in asprintf inet_pton memmem readpassphrase reallocarray












do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF







|
>
>
>
>
>
>
>
>
>
>
>
>







13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
_ACEOF

fi

done

# Check for general libc functions
for ac_func in asprintf getpagesize inet_ntop inet_pton memmem readpassphrase
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF

fi
done

for ac_func in reallocarray recallocarray
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
13062
13063
13064
13065
13066
13067
13068
















13069
13070
13071
13072
13073
13074
13075
 if test "x$ac_cv_func_asprintf" = xyes; then
  HAVE_ASPRINTF_TRUE=
  HAVE_ASPRINTF_FALSE='#'
else
  HAVE_ASPRINTF_TRUE='#'
  HAVE_ASPRINTF_FALSE=
fi

















 if test "x$ac_cv_func_inet_pton" = xyes; then
  HAVE_INET_PTON_TRUE=
  HAVE_INET_PTON_FALSE='#'
else
  HAVE_INET_PTON_TRUE='#'
  HAVE_INET_PTON_FALSE=







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
 if test "x$ac_cv_func_asprintf" = xyes; then
  HAVE_ASPRINTF_TRUE=
  HAVE_ASPRINTF_FALSE='#'
else
  HAVE_ASPRINTF_TRUE='#'
  HAVE_ASPRINTF_FALSE=
fi

 if test "x$ac_cv_func_getpagesize" = xyes; then
  HAVE_GETPAGESIZE_TRUE=
  HAVE_GETPAGESIZE_FALSE='#'
else
  HAVE_GETPAGESIZE_TRUE='#'
  HAVE_GETPAGESIZE_FALSE=
fi

 if test "x$ac_cv_func_inet_ntop" = xyes; then
  HAVE_INET_NTOP_TRUE=
  HAVE_INET_NTOP_FALSE='#'
else
  HAVE_INET_NTOP_TRUE='#'
  HAVE_INET_NTOP_FALSE=
fi

 if test "x$ac_cv_func_inet_pton" = xyes; then
  HAVE_INET_PTON_TRUE=
  HAVE_INET_PTON_FALSE='#'
else
  HAVE_INET_PTON_TRUE='#'
  HAVE_INET_PTON_FALSE=
13094
13095
13096
13097
13098
13099
13100








13101
13102
13103
13104
13105
13106
13107
 if test "x$ac_cv_func_reallocarray" = xyes; then
  HAVE_REALLOCARRAY_TRUE=
  HAVE_REALLOCARRAY_FALSE='#'
else
  HAVE_REALLOCARRAY_TRUE='#'
  HAVE_REALLOCARRAY_FALSE=
fi









 if test "x$ac_cv_func_strlcat" = xyes; then
  HAVE_STRLCAT_TRUE=
  HAVE_STRLCAT_FALSE='#'
else
  HAVE_STRLCAT_TRUE='#'
  HAVE_STRLCAT_FALSE=







>
>
>
>
>
>
>
>







13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
 if test "x$ac_cv_func_reallocarray" = xyes; then
  HAVE_REALLOCARRAY_TRUE=
  HAVE_REALLOCARRAY_FALSE='#'
else
  HAVE_REALLOCARRAY_TRUE='#'
  HAVE_REALLOCARRAY_FALSE=
fi

 if test "x$ac_cv_func_recallocarray" = xyes; then
  HAVE_RECALLOCARRAY_TRUE=
  HAVE_RECALLOCARRAY_FALSE='#'
else
  HAVE_RECALLOCARRAY_TRUE='#'
  HAVE_RECALLOCARRAY_FALSE=
fi

 if test "x$ac_cv_func_strlcat" = xyes; then
  HAVE_STRLCAT_TRUE=
  HAVE_STRLCAT_FALSE='#'
else
  HAVE_STRLCAT_TRUE='#'
  HAVE_STRLCAT_FALSE=
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178








13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194








13195
13196
13197
13198
13199
13200
13201
else
  HAVE_TIMEGM_TRUE='#'
  HAVE_TIMEGM_FALSE=
fi



for ac_func in accept4 pledge poll
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF

fi
done

 if test "x$ac_cv_func_accept4" = xyes; then
  HAVE_ACCEPT4_TRUE=
  HAVE_ACCEPT4_FALSE='#'
else
  HAVE_ACCEPT4_TRUE='#'
  HAVE_ACCEPT4_FALSE=
fi









 if test "x$ac_cv_func_pledge" = xyes; then
  HAVE_PLEDGE_TRUE=
  HAVE_PLEDGE_FALSE='#'
else
  HAVE_PLEDGE_TRUE='#'
  HAVE_PLEDGE_FALSE=
fi

 if test "x$ac_cv_func_poll" = xyes; then
  HAVE_POLL_TRUE=
  HAVE_POLL_FALSE='#'
else
  HAVE_POLL_TRUE='#'
  HAVE_POLL_FALSE=
fi











# Check crypto-related libc functions and syscalls
for ac_func in arc4random arc4random_buf arc4random_uniform
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`







|


















>
>
>
>
>
>
>
>
















>
>
>
>
>
>
>
>







13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
else
  HAVE_TIMEGM_TRUE='#'
  HAVE_TIMEGM_FALSE=
fi



for ac_func in accept4 pipe2 pledge poll socketpair
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF

fi
done

 if test "x$ac_cv_func_accept4" = xyes; then
  HAVE_ACCEPT4_TRUE=
  HAVE_ACCEPT4_FALSE='#'
else
  HAVE_ACCEPT4_TRUE='#'
  HAVE_ACCEPT4_FALSE=
fi

 if test "x$ac_cv_func_pipe2" = xyes; then
  HAVE_PIPE2_TRUE=
  HAVE_PIPE2_FALSE='#'
else
  HAVE_PIPE2_TRUE='#'
  HAVE_PIPE2_FALSE=
fi

 if test "x$ac_cv_func_pledge" = xyes; then
  HAVE_PLEDGE_TRUE=
  HAVE_PLEDGE_FALSE='#'
else
  HAVE_PLEDGE_TRUE='#'
  HAVE_PLEDGE_FALSE=
fi

 if test "x$ac_cv_func_poll" = xyes; then
  HAVE_POLL_TRUE=
  HAVE_POLL_FALSE='#'
else
  HAVE_POLL_TRUE='#'
  HAVE_POLL_FALSE=
fi

 if test "x$ac_cv_func_socketpair" = xyes; then
  HAVE_SOCKETPAIR_TRUE=
  HAVE_SOCKETPAIR_FALSE='#'
else
  HAVE_SOCKETPAIR_TRUE='#'
  HAVE_SOCKETPAIR_FALSE=
fi



# Check crypto-related libc functions and syscalls
for ac_func in arc4random arc4random_buf arc4random_uniform
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
13728
13729
13730
13731
13732
13733
13734























































































13735
13736
13737
13738
13739
13740
13741
else
  HAVE_B64_NTOP_TRUE='#'
  HAVE_B64_NTOP_FALSE=
fi



























































































# Check whether --with-openssldir was given.
if test "${with_openssldir+set}" = set; then :
  withval=$with_openssldir; OPENSSLDIR="$withval"


fi







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
else
  HAVE_B64_NTOP_TRUE='#'
  HAVE_B64_NTOP_FALSE=
fi




case $host_cpu in #(
  i?86) :
    HOSTARCH=intel ;; #(
  x86_64) :
    HOSTARCH=intel ;; #(
  amd64) :
    HOSTARCH=intel ;; #(
  *) :
     ;;
esac

crypto_sym=$srcdir/crypto/crypto.sym
crypto_p_sym=./crypto/crypto_portable.sym
echo "generating $crypto_p_sym ..."
mkdir -p ./crypto
cp $crypto_sym $crypto_p_sym
chmod u+w $crypto_p_sym
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
	echo arc4random >> $crypto_p_sym
	echo arc4random_buf >> $crypto_p_sym
	echo arc4random_uniform >> $crypto_p_sym
	if test "x$ac_cv_func_getentropy" = "xno" ; then
		echo getentropy >> $crypto_p_sym
	fi
fi
if test "x$ac_cv_func_asprintf" = "xno" ; then
	echo asprintf >> $crypto_p_sym
	echo vasprintf >> $crypto_p_sym
fi
if test "x$ac_cv_func_explicit_bzero" = "xno" ; then
	echo explicit_bzero >> $crypto_p_sym
fi
if test "x$ac_cv_func_inet_pton" = "xno" ; then
	echo inet_pton >> $crypto_p_sym
fi
if test "x$ac_cv_func_reallocarray" = "xno" ; then
	echo reallocarray >> $crypto_p_sym
fi
if test "x$ac_cv_func_recallocarray" = "xno" ; then
	echo recallocarray >> $crypto_p_sym
fi
if test "x$ac_cv_func_strlcat" = "xno" ; then
	echo strlcat >> $crypto_p_sym
fi
if test "x$ac_cv_func_strlcpy" = "xno" ; then
	echo strlcpy >> $crypto_p_sym
fi
if test "x$ac_cv_func_strndup" = "xno" ; then
	echo strndup >> $crypto_p_sym
fi
if test "x$ac_cv_func_strnlen" = "xno" ; then
	echo strnlen >> $crypto_p_sym
fi
if test "x$ac_cv_func_strsep" = "xno" ; then
	echo strsep >> $crypto_p_sym
fi
if test "x$ac_cv_func_timegm" = "xno" ; then
	echo timegm >> $crypto_p_sym
fi
if test "x$ac_cv_func_timingsafe_bcmp" = "xno" ; then
	echo timingsafe_bcmp >> $crypto_p_sym
fi
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
	echo timingsafe_memcmp >> $crypto_p_sym
fi
if test "x$HOSTARCH" = "xintel" ; then
	echo OPENSSL_ia32cap_P >> $crypto_p_sym
fi
if test "x$HOST_OS" = "xwin" ; then
	echo posix_perror >> $crypto_p_sym
	echo posix_fopen >> $crypto_p_sym
	echo posix_fgets >> $crypto_p_sym
	echo posix_open >> $crypto_p_sym
	echo posix_rename >> $crypto_p_sym
	echo posix_connect >> $crypto_p_sym
	echo posix_close >> $crypto_p_sym
	echo posix_read >> $crypto_p_sym
	echo posix_write >> $crypto_p_sym
	echo posix_getsockopt >> $crypto_p_sym
	echo posix_setsockopt >> $crypto_p_sym

	grep -v BIO_s_log $crypto_p_sym > $crypto_p_sym.tmp
	mv $crypto_p_sym.tmp $crypto_p_sym
fi



# Check whether --with-openssldir was given.
if test "${with_openssldir+set}" = set; then :
  withval=$with_openssldir; OPENSSLDIR="$withval"


fi
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918






13919
13920
13921
13922
13923
13924
13925

cat >>confdefs.h <<_ACEOF
#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
_ACEOF



ac_config_files="$ac_config_files Makefile include/Makefile include/openssl/Makefile crypto/Makefile ssl/Makefile tls/Makefile tests/Makefile apps/Makefile apps/openssl/Makefile apps/nc/Makefile man/Makefile libcrypto.pc libssl.pc libtls.pc openssl.pc"


 if test "$ac_cv_sizeof_time_t" = "4"; then
  SMALL_TIME_T_TRUE=
  SMALL_TIME_T_FALSE='#'
else
  SMALL_TIME_T_TRUE='#'
  SMALL_TIME_T_FALSE=
fi

if test "$ac_cv_sizeof_time_t" = "4"; then
    echo " ** Warning, this system is unable to represent times past 2038"
    echo " ** It will behave incorrectly when handling valid RFC5280 dates"






fi



cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure







|













>
>
>
>
>
>







14046
14047
14048
14049
14050
14051
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079

cat >>confdefs.h <<_ACEOF
#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
_ACEOF



ac_config_files="$ac_config_files Makefile include/Makefile include/openssl/Makefile crypto/Makefile ssl/Makefile tls/Makefile tests/Makefile apps/Makefile apps/ocspcheck/Makefile apps/openssl/Makefile apps/nc/Makefile man/Makefile libcrypto.pc libssl.pc libtls.pc openssl.pc"


 if test "$ac_cv_sizeof_time_t" = "4"; then
  SMALL_TIME_T_TRUE=
  SMALL_TIME_T_FALSE='#'
else
  SMALL_TIME_T_TRUE='#'
  SMALL_TIME_T_FALSE=
fi

if test "$ac_cv_sizeof_time_t" = "4"; then
    echo " ** Warning, this system is unable to represent times past 2038"
    echo " ** It will behave incorrectly when handling valid RFC5280 dates"

    if test "$host_os" = "mingw32" ; then
        echo " **"
        echo " ** You can solve this by adjusting the build flags in your"
        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
    fi
fi



cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
14144
14145
14146
14147
14148
14149
14150








14151
14152
14153
14154
14155
14156
14157
14158
14159
14160
14161
14162
14163
14164
14165
14166




14167
14168
14169
14170
14171
14172
14173
if test -z "${BUILD_CERTHASH_TRUE}" && test -z "${BUILD_CERTHASH_FALSE}"; then
  as_fn_error $? "conditional \"BUILD_CERTHASH\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ASPRINTF_TRUE}" && test -z "${HAVE_ASPRINTF_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ASPRINTF\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5








fi
if test -z "${HAVE_INET_PTON_TRUE}" && test -z "${HAVE_INET_PTON_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_INET_PTON\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_MEMMEM_TRUE}" && test -z "${HAVE_MEMMEM_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_MEMMEM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_READPASSPHRASE_TRUE}" && test -z "${HAVE_READPASSPHRASE_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_READPASSPHRASE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_REALLOCARRAY_TRUE}" && test -z "${HAVE_REALLOCARRAY_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_REALLOCARRAY\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5




fi
if test -z "${HAVE_STRLCAT_TRUE}" && test -z "${HAVE_STRLCAT_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_STRLCAT\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_STRLCPY_TRUE}" && test -z "${HAVE_STRLCPY_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_STRLCPY\" was never defined.







>
>
>
>
>
>
>
>
















>
>
>
>







14298
14299
14300
14301
14302
14303
14304
14305
14306
14307
14308
14309
14310
14311
14312
14313
14314
14315
14316
14317
14318
14319
14320
14321
14322
14323
14324
14325
14326
14327
14328
14329
14330
14331
14332
14333
14334
14335
14336
14337
14338
14339
if test -z "${BUILD_CERTHASH_TRUE}" && test -z "${BUILD_CERTHASH_FALSE}"; then
  as_fn_error $? "conditional \"BUILD_CERTHASH\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ASPRINTF_TRUE}" && test -z "${HAVE_ASPRINTF_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ASPRINTF\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_GETPAGESIZE_TRUE}" && test -z "${HAVE_GETPAGESIZE_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_GETPAGESIZE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_INET_NTOP_TRUE}" && test -z "${HAVE_INET_NTOP_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_INET_NTOP\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_INET_PTON_TRUE}" && test -z "${HAVE_INET_PTON_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_INET_PTON\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_MEMMEM_TRUE}" && test -z "${HAVE_MEMMEM_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_MEMMEM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_READPASSPHRASE_TRUE}" && test -z "${HAVE_READPASSPHRASE_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_READPASSPHRASE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_REALLOCARRAY_TRUE}" && test -z "${HAVE_REALLOCARRAY_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_REALLOCARRAY\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_RECALLOCARRAY_TRUE}" && test -z "${HAVE_RECALLOCARRAY_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_RECALLOCARRAY\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_STRLCAT_TRUE}" && test -z "${HAVE_STRLCAT_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_STRLCAT\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_STRLCPY_TRUE}" && test -z "${HAVE_STRLCPY_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_STRLCPY\" was never defined.
14193
14194
14195
14196
14197
14198
14199




14200
14201
14202
14203
14204
14205
14206




14207
14208
14209
14210
14211
14212
14213
  as_fn_error $? "conditional \"HAVE_TIMEGM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ACCEPT4_TRUE}" && test -z "${HAVE_ACCEPT4_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ACCEPT4\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi




if test -z "${HAVE_PLEDGE_TRUE}" && test -z "${HAVE_PLEDGE_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_PLEDGE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_POLL_TRUE}" && test -z "${HAVE_POLL_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_POLL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5




fi
if test -z "${HAVE_ARC4RANDOM_TRUE}" && test -z "${HAVE_ARC4RANDOM_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ARC4RANDOM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ARC4RANDOM_BUF_TRUE}" && test -z "${HAVE_ARC4RANDOM_BUF_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ARC4RANDOM_BUF\" was never defined.







>
>
>
>







>
>
>
>







14359
14360
14361
14362
14363
14364
14365
14366
14367
14368
14369
14370
14371
14372
14373
14374
14375
14376
14377
14378
14379
14380
14381
14382
14383
14384
14385
14386
14387
  as_fn_error $? "conditional \"HAVE_TIMEGM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ACCEPT4_TRUE}" && test -z "${HAVE_ACCEPT4_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ACCEPT4\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_PIPE2_TRUE}" && test -z "${HAVE_PIPE2_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_PIPE2\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_PLEDGE_TRUE}" && test -z "${HAVE_PLEDGE_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_PLEDGE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_POLL_TRUE}" && test -z "${HAVE_POLL_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_POLL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_SOCKETPAIR_TRUE}" && test -z "${HAVE_SOCKETPAIR_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_SOCKETPAIR\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ARC4RANDOM_TRUE}" && test -z "${HAVE_ARC4RANDOM_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ARC4RANDOM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_ARC4RANDOM_BUF_TRUE}" && test -z "${HAVE_ARC4RANDOM_BUF_FALSE}"; then
  as_fn_error $? "conditional \"HAVE_ARC4RANDOM_BUF\" was never defined.
14658
14659
14660
14661
14662
14663
14664
14665
14666
14667
14668
14669
14670
14671
14672
test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1

cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libressl $as_me 2.4.5, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
  CONFIG_HEADERS  = $CONFIG_HEADERS
  CONFIG_LINKS    = $CONFIG_LINKS
  CONFIG_COMMANDS = $CONFIG_COMMANDS
  $ $0 $@







|







14832
14833
14834
14835
14836
14837
14838
14839
14840
14841
14842
14843
14844
14845
14846
test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1

cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libressl $as_me 2.5.5, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
  CONFIG_HEADERS  = $CONFIG_HEADERS
  CONFIG_LINKS    = $CONFIG_LINKS
  CONFIG_COMMANDS = $CONFIG_COMMANDS
  $ $0 $@
14715
14716
14717
14718
14719
14720
14721
14722
14723
14724
14725
14726
14727
14728
14729

Report bugs to the package provider."

_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libressl config.status 2.4.5
configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."








|







14889
14890
14891
14892
14893
14894
14895
14896
14897
14898
14899
14900
14901
14902
14903

Report bugs to the package provider."

_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libressl config.status 2.5.5
configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."

15120
15121
15122
15123
15124
15125
15126

15127
15128
15129
15130
15131
15132
15133
    "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
    "include/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES include/openssl/Makefile" ;;
    "crypto/Makefile") CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;;
    "ssl/Makefile") CONFIG_FILES="$CONFIG_FILES ssl/Makefile" ;;
    "tls/Makefile") CONFIG_FILES="$CONFIG_FILES tls/Makefile" ;;
    "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
    "apps/Makefile") CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;;

    "apps/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES apps/openssl/Makefile" ;;
    "apps/nc/Makefile") CONFIG_FILES="$CONFIG_FILES apps/nc/Makefile" ;;
    "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
    "libcrypto.pc") CONFIG_FILES="$CONFIG_FILES libcrypto.pc" ;;
    "libssl.pc") CONFIG_FILES="$CONFIG_FILES libssl.pc" ;;
    "libtls.pc") CONFIG_FILES="$CONFIG_FILES libtls.pc" ;;
    "openssl.pc") CONFIG_FILES="$CONFIG_FILES openssl.pc" ;;







>







15294
15295
15296
15297
15298
15299
15300
15301
15302
15303
15304
15305
15306
15307
15308
    "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
    "include/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES include/openssl/Makefile" ;;
    "crypto/Makefile") CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;;
    "ssl/Makefile") CONFIG_FILES="$CONFIG_FILES ssl/Makefile" ;;
    "tls/Makefile") CONFIG_FILES="$CONFIG_FILES tls/Makefile" ;;
    "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
    "apps/Makefile") CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;;
    "apps/ocspcheck/Makefile") CONFIG_FILES="$CONFIG_FILES apps/ocspcheck/Makefile" ;;
    "apps/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES apps/openssl/Makefile" ;;
    "apps/nc/Makefile") CONFIG_FILES="$CONFIG_FILES apps/nc/Makefile" ;;
    "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
    "libcrypto.pc") CONFIG_FILES="$CONFIG_FILES libcrypto.pc" ;;
    "libssl.pc") CONFIG_FILES="$CONFIG_FILES libssl.pc" ;;
    "libtls.pc") CONFIG_FILES="$CONFIG_FILES libtls.pc" ;;
    "openssl.pc") CONFIG_FILES="$CONFIG_FILES openssl.pc" ;;
Changes to jni/libressl/configure.ac.
50
51
52
53
54
55
56


57
58
59
60
61
62
63

CHECK_LIBC_COMPAT
CHECK_SYSCALL_COMPAT
CHECK_CRYPTO_COMPAT
CHECK_VA_COPY
CHECK_B64_NTOP



AC_ARG_WITH([openssldir],
	AS_HELP_STRING([--with-openssldir],
		       [Set the default openssl directory]),
	OPENSSLDIR="$withval"
	AC_SUBST(OPENSSLDIR)
)
AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])







>
>







50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

CHECK_LIBC_COMPAT
CHECK_SYSCALL_COMPAT
CHECK_CRYPTO_COMPAT
CHECK_VA_COPY
CHECK_B64_NTOP

GENERATE_CRYPTO_PORTABLE_SYM

AC_ARG_WITH([openssldir],
	AS_HELP_STRING([--with-openssldir],
		       [Set the default openssl directory]),
	OPENSSLDIR="$withval"
	AC_SUBST(OPENSSLDIR)
)
AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])
122
123
124
125
126
127
128

129
130
131
132
133
134
135
136
137
138
139
140
141






142
143
144
145
146
	include/Makefile
	include/openssl/Makefile
	crypto/Makefile
	ssl/Makefile
	tls/Makefile
	tests/Makefile
	apps/Makefile

	apps/openssl/Makefile
	apps/nc/Makefile
	man/Makefile
	libcrypto.pc
	libssl.pc
	libtls.pc
	openssl.pc
])

AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
if test "$ac_cv_sizeof_time_t" = "4"; then
    echo " ** Warning, this system is unable to represent times past 2038"
    echo " ** It will behave incorrectly when handling valid RFC5280 dates"






fi

AC_REQUIRE_AUX_FILE([tap-driver.sh])

AC_OUTPUT







>













>
>
>
>
>
>





124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
	include/Makefile
	include/openssl/Makefile
	crypto/Makefile
	ssl/Makefile
	tls/Makefile
	tests/Makefile
	apps/Makefile
	apps/ocspcheck/Makefile
	apps/openssl/Makefile
	apps/nc/Makefile
	man/Makefile
	libcrypto.pc
	libssl.pc
	libtls.pc
	openssl.pc
])

AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
if test "$ac_cv_sizeof_time_t" = "4"; then
    echo " ** Warning, this system is unable to represent times past 2038"
    echo " ** It will behave incorrectly when handling valid RFC5280 dates"

    if test "$host_os" = "mingw32" ; then
        echo " **"
        echo " ** You can solve this by adjusting the build flags in your"
        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
    fi
fi

AC_REQUIRE_AUX_FILE([tap-driver.sh])

AC_OUTPUT
Changes to jni/libressl/crypto/CMakeLists.txt.
1
2
3
4
5

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
include_directories(
	.
	../include
	../include/compat
	asn1

	dsa
	evp
	modes
)

if(HOST_ASM_ELF_X86_64)
	set(
		ASM_X86_64_ELF_SRC
		aes/aes-elf-x86_64.s
		aes/bsaes-elf-x86_64.s
		aes/vpaes-elf-x86_64.s
		aes/aesni-elf-x86_64.s
		aes/aesni-sha1-elf-x86_64.s
		bn/modexp512-elf-x86_64.s
		bn/mont-elf-x86_64.s
		bn/mont5-elf-x86_64.s
		bn/gf2m-elf-x86_64.s
		camellia/cmll-elf-x86_64.s
		md5/md5-elf-x86_64.s
		modes/ghash-elf-x86_64.s
		rc4/rc4-elf-x86_64.s
		rc4/rc4-md5-elf-x86_64.s
		sha/sha1-elf-x86_64.s
		sha/sha256-elf-x86_64.S
		sha/sha512-elf-x86_64.S
		whrlpool/wp-elf-x86_64.s
		cpuid-elf-x86_64.S
	)
	add_definitions(-DAES_ASM)
	add_definitions(-DBSAES_ASM)
	add_definitions(-DVPAES_ASM)
	add_definitions(-DOPENSSL_IA32_SSE2)
	add_definitions(-DOPENSSL_BN_ASM_MONT)





>








|
|
|
|
|
|
|
|
|
|
|
|
|
|
|


|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
include_directories(
	.
	../include
	../include/compat
	asn1
	bn
	dsa
	evp
	modes
)

if(HOST_ASM_ELF_X86_64)
	set(
		ASM_X86_64_ELF_SRC
		aes/aes-elf-x86_64.S
		aes/bsaes-elf-x86_64.S
		aes/vpaes-elf-x86_64.S
		aes/aesni-elf-x86_64.S
		aes/aesni-sha1-elf-x86_64.S
		bn/modexp512-elf-x86_64.S
		bn/mont-elf-x86_64.S
		bn/mont5-elf-x86_64.S
		bn/gf2m-elf-x86_64.S
		camellia/cmll-elf-x86_64.S
		md5/md5-elf-x86_64.S
		modes/ghash-elf-x86_64.S
		rc4/rc4-elf-x86_64.S
		rc4/rc4-md5-elf-x86_64.S
		sha/sha1-elf-x86_64.S
		sha/sha256-elf-x86_64.S
		sha/sha512-elf-x86_64.S
		whrlpool/wp-elf-x86_64.S
		cpuid-elf-x86_64.S
	)
	add_definitions(-DAES_ASM)
	add_definitions(-DBSAES_ASM)
	add_definitions(-DVPAES_ASM)
	add_definitions(-DOPENSSL_IA32_SSE2)
	add_definitions(-DOPENSSL_BN_ASM_MONT)
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
	set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
endif()

if(HOST_ASM_MACOSX_X86_64)
	set(
		ASM_X86_64_MACOSX_SRC
		aes/aes-macosx-x86_64.s
		aes/bsaes-macosx-x86_64.s
		aes/vpaes-macosx-x86_64.s
		aes/aesni-macosx-x86_64.s
		aes/aesni-sha1-macosx-x86_64.s
		bn/modexp512-macosx-x86_64.s
		bn/mont-macosx-x86_64.s
		bn/mont5-macosx-x86_64.s
		bn/gf2m-macosx-x86_64.s
		camellia/cmll-macosx-x86_64.s
		md5/md5-macosx-x86_64.s
		modes/ghash-macosx-x86_64.s
		rc4/rc4-macosx-x86_64.s
		rc4/rc4-md5-macosx-x86_64.s
		sha/sha1-macosx-x86_64.s
		sha/sha256-macosx-x86_64.S
		sha/sha512-macosx-x86_64.S
		whrlpool/wp-macosx-x86_64.s
		cpuid-macosx-x86_64.S
	)
	add_definitions(-DAES_ASM)
	add_definitions(-DBSAES_ASM)
	add_definitions(-DVPAES_ASM)
	add_definitions(-DOPENSSL_IA32_SSE2)
	add_definitions(-DOPENSSL_BN_ASM_MONT)







|
|
|
|
|
|
|
|
|
|
|
|
|
|
|


|







50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
	set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
endif()

if(HOST_ASM_MACOSX_X86_64)
	set(
		ASM_X86_64_MACOSX_SRC
		aes/aes-macosx-x86_64.S
		aes/bsaes-macosx-x86_64.S
		aes/vpaes-macosx-x86_64.S
		aes/aesni-macosx-x86_64.S
		aes/aesni-sha1-macosx-x86_64.S
		bn/modexp512-macosx-x86_64.S
		bn/mont-macosx-x86_64.S
		bn/mont5-macosx-x86_64.S
		bn/gf2m-macosx-x86_64.S
		camellia/cmll-macosx-x86_64.S
		md5/md5-macosx-x86_64.S
		modes/ghash-macosx-x86_64.S
		rc4/rc4-macosx-x86_64.S
		rc4/rc4-md5-macosx-x86_64.S
		sha/sha1-macosx-x86_64.S
		sha/sha256-macosx-x86_64.S
		sha/sha512-macosx-x86_64.S
		whrlpool/wp-macosx-x86_64.S
		cpuid-macosx-x86_64.S
	)
	add_definitions(-DAES_ASM)
	add_definitions(-DBSAES_ASM)
	add_definitions(-DVPAES_ASM)
	add_definitions(-DOPENSSL_IA32_SSE2)
	add_definitions(-DOPENSSL_BN_ASM_MONT)
277
278
279
280
281
282
283


284
285
286
287
288
289
290
	conf/conf_api.c
	conf/conf_def.c
	conf/conf_err.c
	conf/conf_lib.c
	conf/conf_mall.c
	conf/conf_mod.c
	conf/conf_sap.c


	des/cbc_cksm.c
	des/cbc_enc.c
	des/cfb64ede.c
	des/cfb64enc.c
	des/cfb_enc.c
	des/des_enc.c
	des/ecb3_enc.c







>
>







278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
	conf/conf_api.c
	conf/conf_def.c
	conf/conf_err.c
	conf/conf_lib.c
	conf/conf_mall.c
	conf/conf_mod.c
	conf/conf_sap.c
	curve25519/curve25519-generic.c
	curve25519/curve25519.c
	des/cbc_cksm.c
	des/cbc_enc.c
	des/cfb64ede.c
	des/cfb64enc.c
	des/cfb_enc.c
	des/des_enc.c
	des/ecb3_enc.c
345
346
347
348
349
350
351




352
353
354
355
356
357
358
	ec/ec_oct.c
	ec/ec_pmeth.c
	ec/ec_print.c
	ec/eck_prn.c
	ec/ecp_mont.c
	ec/ecp_nist.c
	ec/ecp_oct.c




	ec/ecp_smpl.c
	ecdh/ech_err.c
	ecdh/ech_key.c
	ecdh/ech_lib.c
	ecdsa/ecs_asn1.c
	ecdsa/ecs_err.c
	ecdsa/ecs_lib.c







>
>
>
>







348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
	ec/ec_oct.c
	ec/ec_pmeth.c
	ec/ec_print.c
	ec/eck_prn.c
	ec/ecp_mont.c
	ec/ecp_nist.c
	ec/ecp_oct.c
	ec/ecp_nistp224.c
	ec/ecp_nistp256.c
	ec/ecp_nistp521.c
	ec/ecp_nistputil.c
	ec/ecp_smpl.c
	ecdh/ech_err.c
	ecdh/ech_key.c
	ecdh/ech_lib.c
	ecdsa/ecs_asn1.c
	ecdsa/ecs_err.c
	ecdsa/ecs_lib.c
418
419
420
421
422
423
424

425
426
427
428
429
430
431
	evp/m_dss.c
	evp/m_dss1.c
	evp/m_ecdsa.c
	evp/m_gost2814789.c
	evp/m_gostr341194.c
	evp/m_md4.c
	evp/m_md5.c

	evp/m_null.c
	evp/m_ripemd.c
	evp/m_sha1.c
	evp/m_sigver.c
	evp/m_streebog.c
	evp/m_wp.c
	evp/names.c







>







425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
	evp/m_dss.c
	evp/m_dss1.c
	evp/m_ecdsa.c
	evp/m_gost2814789.c
	evp/m_gostr341194.c
	evp/m_md4.c
	evp/m_md5.c
	evp/m_md5_sha1.c
	evp/m_null.c
	evp/m_ripemd.c
	evp/m_sha1.c
	evp/m_sigver.c
	evp/m_streebog.c
	evp/m_wp.c
	evp/names.c
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
	hmac/hm_pmeth.c
	hmac/hmac.c
	idea/i_cbc.c
	idea/i_cfb64.c
	idea/i_ecb.c
	idea/i_ofb64.c
	idea/i_skey.c
	krb5/krb5_asn.c
	lhash/lh_stats.c
	lhash/lhash.c
	md4/md4_dgst.c
	md4/md4_one.c
	md5/md5_dgst.c
	md5/md5_one.c
	modes/cbc128.c







<







467
468
469
470
471
472
473

474
475
476
477
478
479
480
	hmac/hm_pmeth.c
	hmac/hmac.c
	idea/i_cbc.c
	idea/i_cfb64.c
	idea/i_ecb.c
	idea/i_ofb64.c
	idea/i_skey.c

	lhash/lh_stats.c
	lhash/lhash.c
	md4/md4_dgst.c
	md4/md4_one.c
	md5/md5_dgst.c
	md5/md5_one.c
	modes/cbc128.c
643
644
645
646
647
648
649

650
651
652
653
654













655
656
657
658






659
660
661
662

663
664
665
666






667
668
669
670

671
672
673
674

675
676
677
678

679
680
681
682

683
684

685
686





687
688
689

690
691
692
693
694
695
696
697
698

699
700
701
702




703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721

722
723
724
725
726
727
728
729
730

731
732
733
734

735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750











751
752

753
754

755
756

757
758


759
760
761
762
763
764
765
766
	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c)
	set(CRYPTO_SRC ${CRYPTO_SRC} bio/bss_log.c)
	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl.c)
endif()

if(CMAKE_HOST_WIN32)
	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)

	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
endif()

if(CMAKE_HOST_WIN32)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)













endif()

if(NOT HAVE_ASPRINTF)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)






endif()

if(NOT HAVE_INET_PTON)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)

endif()

if(NOT HAVE_REALLOCARRAY)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)






endif()

if(NOT HAVE_STRCASECMP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)

endif()

if(NOT HAVE_STRLCAT)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)

endif()

if(NOT HAVE_STRLCPY)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)

endif()

if(NOT HAVE_STRNDUP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)

	if(NOT HAVE_STRNLEN)
		set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)

	endif()
endif()






if(NOT HAVE_TIMEGM)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c)

endif()

if(NOT HAVE_EXPLICIT_BZERO)
	if(CMAKE_HOST_WIN32)
		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
	else()
		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
		set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
	endif()

endif()

if(NOT HAVE_ARC4RANDOM_BUF)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)





	if(NOT HAVE_GETENTROPY)
		if(CMAKE_HOST_WIN32)
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "AIX")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_darwin.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
		endif()

	endif()
endif()

if(NOT HAVE_ARC4RANDOM_UNIFORM)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
endif()

if(NOT HAVE_TIMINGSAFE_BCMP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)

endif()

if(NOT HAVE_TIMINGSAFE_MEMCMP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)

endif()

if(NOT ENABLE_ASM)
	add_definitions(-DOPENSSL_NO_ASM)
else()
	if(CMAKE_HOST_WIN32)
		add_definitions(-DOPENSSL_NO_ASM)
	endif()
endif()

if(NOT "${OPENSSLDIR}" STREQUAL "")
	add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
else()
	add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
endif()












if (BUILD_SHARED)
	add_library(crypto-objects OBJECT ${CRYPTO_SRC})

	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
	add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)

	if (MSVC)
		target_link_libraries(crypto-shared crypto Ws2_32.lib)

	endif()
	set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)


	set_target_properties(crypto-shared PROPERTIES VERSION
		${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
	install(TARGETS crypto crypto-shared DESTINATION lib)
else()
	add_library(crypto STATIC ${CRYPTO_SRC})
	install(TARGETS crypto DESTINATION lib)
endif()








>





>
>
>
>
>
>
>
>
>
>
>
>
>




>
>
>
>
>
>




>




>
>
>
>
>
>




>




>




>




>


>


>
>
>
>
>



>









>




>
>
>
>















|



>



<
<
<
<


>




>
















>
>
>
>
>
>
>
>
>
>
>
|
|
>


>
|
|
>

|
>
>


|


|


650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775




776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c)
	set(CRYPTO_SRC ${CRYPTO_SRC} bio/bss_log.c)
	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl.c)
endif()

if(CMAKE_HOST_WIN32)
	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
	set(CRYPTO_UNEXPORT ${CRYPTO_UNEXPORT} BIO_s_log)
	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
endif()

if(CMAKE_HOST_WIN32)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} gettimeofday)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_perror)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fopen)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fgets)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_open)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} sleep)
endif()

if(NOT HAVE_ASPRINTF)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} asprintf)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
endif()

if(NOT HAVE_GETPAGESIZE)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
endif()

if(NOT HAVE_INET_PTON)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} inet_pton)
endif()

if(NOT HAVE_REALLOCARRAY)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray)
endif()

if(NOT HAVE_RECALLOCARRAY)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/recallocarray.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} recallocarray)
endif()

if(NOT HAVE_STRCASECMP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} strcasecmp)
endif()

if(NOT HAVE_STRLCAT)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcat)
endif()

if(NOT HAVE_STRLCPY)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcpy)
endif()

if(NOT HAVE_STRNDUP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} strndup)
	if(NOT HAVE_STRNLEN)
		set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)
		set(EXTRA_EXPORT ${EXTRA_EXPORT} strnlen)
	endif()
endif()

if(NOT HAVE_STRSEP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strsep.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep)
endif()

if(NOT HAVE_TIMEGM)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} timegm)
endif()

if(NOT HAVE_EXPLICIT_BZERO)
	if(CMAKE_HOST_WIN32)
		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
	else()
		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
		set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
	endif()
	set(EXTRA_EXPORT ${EXTRA_EXPORT} explicit_bzero)
endif()

if(NOT HAVE_ARC4RANDOM_BUF)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_buf)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)

	if(NOT HAVE_GETENTROPY)
		if(CMAKE_HOST_WIN32)
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "AIX")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_osx.c)
		elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
		endif()
		set(EXTRA_EXPORT ${EXTRA_EXPORT} getentropy)
	endif()
endif()





if(NOT HAVE_TIMINGSAFE_BCMP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_bcmp)
endif()

if(NOT HAVE_TIMINGSAFE_MEMCMP)
	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
	set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp)
endif()

if(NOT ENABLE_ASM)
	add_definitions(-DOPENSSL_NO_ASM)
else()
	if(CMAKE_HOST_WIN32)
		add_definitions(-DOPENSSL_NO_ASM)
	endif()
endif()

if(NOT "${OPENSSLDIR}" STREQUAL "")
	add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
else()
	add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
endif()

file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto.sym SYMS)
foreach(SYM IN LISTS CRYPTO_UNEXPORT)
	string(REPLACE "${SYM}\n" "" SYMS ${SYMS})
endforeach()
file(WRITE ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym ${SYMS})
if(EXTRA_EXPORT)
	list(SORT EXTRA_EXPORT)
	foreach(SYM IN LISTS EXTRA_EXPORT)
		file(APPEND ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym "${SYM}\n")
	endforeach()
endif()

add_library(crypto-objects OBJECT ${CRYPTO_SRC})
if (BUILD_SHARED)
	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
	add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
	export_symbol(crypto-shared ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym)
	if (WIN32)
		target_link_libraries(crypto-shared Ws2_32.lib)
		set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
	endif()
	set_target_properties(crypto-shared PROPERTIES
		OUTPUT_NAME crypto${CRYPTO_POSTFIX}
		ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
	set_target_properties(crypto-shared PROPERTIES VERSION
		${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
	install(TARGETS crypto crypto-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
else()
	add_library(crypto STATIC ${CRYPTO_SRC})
	install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()

Changes to jni/libressl/crypto/Makefile.am.
1
2
3

4
5
6
7
8
9
10
11

12
13
14
15



16
17
18
19
20
21
22
23
include $(top_srcdir)/Makefile.am.common

AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1

AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto

lib_LTLIBRARIES = libcrypto.la

EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt


# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c




libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la
endif
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK



>








>




>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
include $(top_srcdir)/Makefile.am.common

AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I$(top_srcdir)/crypto/bn
AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto

lib_LTLIBRARIES = libcrypto.la

EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += crypto.sym

# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c

BUILT_SOURCES = crypto_portable.sym
CLEANFILES = crypto_portable.sym

libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la
endif
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
66
67
68
69
70
71
72




73
74
75
76




77
78
79
80
81
82
83
84
85
86
87
88




89
90
91
92
93
94
95
if !HAVE_STRNDUP
libcompat_la_SOURCES += compat/strndup.c
# the only user of strnlen is strndup, so only build it if needed
if !HAVE_STRNLEN
libcompat_la_SOURCES += compat/strnlen.c
endif
endif





if !HAVE_ASPRINTF
libcompat_la_SOURCES += compat/bsd-asprintf.c
endif





if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c
endif

if !HAVE_TIMEGM
libcompat_la_SOURCES += compat/timegm.c
endif

if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c
endif





if !HAVE_TIMINGSAFE_MEMCMP
libcompat_la_SOURCES += compat/timingsafe_memcmp.c
endif

if !HAVE_TIMINGSAFE_BCMP
libcompat_la_SOURCES += compat/timingsafe_bcmp.c







>
>
>
>




>
>
>
>












>
>
>
>







71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
if !HAVE_STRNDUP
libcompat_la_SOURCES += compat/strndup.c
# the only user of strnlen is strndup, so only build it if needed
if !HAVE_STRNLEN
libcompat_la_SOURCES += compat/strnlen.c
endif
endif

if !HAVE_STRSEP
libcompat_la_SOURCES += compat/strsep.c
endif

if !HAVE_ASPRINTF
libcompat_la_SOURCES += compat/bsd-asprintf.c
endif

if !HAVE_GETPAGESIZE
libcompat_la_SOURCES += compat/getpagesize.c
endif

if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c
endif

if !HAVE_TIMEGM
libcompat_la_SOURCES += compat/timegm.c
endif

if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c
endif

if !HAVE_RECALLOCARRAY
libcompat_la_SOURCES += compat/recallocarray.c
endif

if !HAVE_TIMINGSAFE_MEMCMP
libcompat_la_SOURCES += compat/timingsafe_memcmp.c
endif

if !HAVE_TIMINGSAFE_BCMP
libcompat_la_SOURCES += compat/timingsafe_bcmp.c
129
130
131
132
133
134
135

136
137
138
139
140
141
142
libcrypto_la_SOURCES += o_init.c
libcrypto_la_SOURCES += o_str.c
libcrypto_la_SOURCES += o_time.c
noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h


# aes
libcrypto_la_SOURCES += aes/aes_cfb.c
libcrypto_la_SOURCES += aes/aes_ctr.c
libcrypto_la_SOURCES += aes/aes_ecb.c
libcrypto_la_SOURCES += aes/aes_ige.c
libcrypto_la_SOURCES += aes/aes_misc.c







>







146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
libcrypto_la_SOURCES += o_init.c
libcrypto_la_SOURCES += o_str.c
libcrypto_la_SOURCES += o_time.c
noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h
noinst_HEADERS += x86_arch.h

# aes
libcrypto_la_SOURCES += aes/aes_cfb.c
libcrypto_la_SOURCES += aes/aes_ctr.c
libcrypto_la_SOURCES += aes/aes_ecb.c
libcrypto_la_SOURCES += aes/aes_ige.c
libcrypto_la_SOURCES += aes/aes_misc.c
337
338
339
340
341
342
343






344
345
346
347
348
349
350
libcrypto_la_SOURCES += conf/conf_def.c
libcrypto_la_SOURCES += conf/conf_err.c
libcrypto_la_SOURCES += conf/conf_lib.c
libcrypto_la_SOURCES += conf/conf_mall.c
libcrypto_la_SOURCES += conf/conf_mod.c
libcrypto_la_SOURCES += conf/conf_sap.c
noinst_HEADERS += conf/conf_def.h







# des
libcrypto_la_SOURCES += des/cbc_cksm.c
libcrypto_la_SOURCES += des/cbc_enc.c
libcrypto_la_SOURCES += des/cfb64ede.c
libcrypto_la_SOURCES += des/cfb64enc.c
libcrypto_la_SOURCES += des/cfb_enc.c







>
>
>
>
>
>







355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
libcrypto_la_SOURCES += conf/conf_def.c
libcrypto_la_SOURCES += conf/conf_err.c
libcrypto_la_SOURCES += conf/conf_lib.c
libcrypto_la_SOURCES += conf/conf_mall.c
libcrypto_la_SOURCES += conf/conf_mod.c
libcrypto_la_SOURCES += conf/conf_sap.c
noinst_HEADERS += conf/conf_def.h

# curve25519
libcrypto_la_SOURCES += curve25519/curve25519-generic.c
libcrypto_la_SOURCES += curve25519/curve25519.c
noinst_HEADERS += curve25519/curve25519_internal.h


# des
libcrypto_la_SOURCES += des/cbc_cksm.c
libcrypto_la_SOURCES += des/cbc_enc.c
libcrypto_la_SOURCES += des/cfb64ede.c
libcrypto_la_SOURCES += des/cfb64enc.c
libcrypto_la_SOURCES += des/cfb_enc.c
418
419
420
421
422
423
424




425
426
427
428
429
430
431
libcrypto_la_SOURCES += ec/ec_mult.c
libcrypto_la_SOURCES += ec/ec_oct.c
libcrypto_la_SOURCES += ec/ec_pmeth.c
libcrypto_la_SOURCES += ec/ec_print.c
libcrypto_la_SOURCES += ec/eck_prn.c
libcrypto_la_SOURCES += ec/ecp_mont.c
libcrypto_la_SOURCES += ec/ecp_nist.c




libcrypto_la_SOURCES += ec/ecp_oct.c
libcrypto_la_SOURCES += ec/ecp_smpl.c
noinst_HEADERS += ec/ec_lcl.h

# ecdh
libcrypto_la_SOURCES += ecdh/ech_err.c
libcrypto_la_SOURCES += ecdh/ech_key.c







>
>
>
>







442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
libcrypto_la_SOURCES += ec/ec_mult.c
libcrypto_la_SOURCES += ec/ec_oct.c
libcrypto_la_SOURCES += ec/ec_pmeth.c
libcrypto_la_SOURCES += ec/ec_print.c
libcrypto_la_SOURCES += ec/eck_prn.c
libcrypto_la_SOURCES += ec/ecp_mont.c
libcrypto_la_SOURCES += ec/ecp_nist.c
libcrypto_la_SOURCES += ec/ecp_nistp224.c
libcrypto_la_SOURCES += ec/ecp_nistp256.c
libcrypto_la_SOURCES += ec/ecp_nistp521.c
libcrypto_la_SOURCES += ec/ecp_nistputil.c
libcrypto_la_SOURCES += ec/ecp_oct.c
libcrypto_la_SOURCES += ec/ecp_smpl.c
noinst_HEADERS += ec/ec_lcl.h

# ecdh
libcrypto_la_SOURCES += ecdh/ech_err.c
libcrypto_la_SOURCES += ecdh/ech_key.c
506
507
508
509
510
511
512

513
514
515
516
517
518
519
libcrypto_la_SOURCES += evp/m_dss.c
libcrypto_la_SOURCES += evp/m_dss1.c
libcrypto_la_SOURCES += evp/m_ecdsa.c
libcrypto_la_SOURCES += evp/m_gost2814789.c
libcrypto_la_SOURCES += evp/m_gostr341194.c
libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c

libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha1.c
libcrypto_la_SOURCES += evp/m_sigver.c
libcrypto_la_SOURCES += evp/m_streebog.c
libcrypto_la_SOURCES += evp/m_wp.c
libcrypto_la_SOURCES += evp/names.c







>







534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
libcrypto_la_SOURCES += evp/m_dss.c
libcrypto_la_SOURCES += evp/m_dss1.c
libcrypto_la_SOURCES += evp/m_ecdsa.c
libcrypto_la_SOURCES += evp/m_gost2814789.c
libcrypto_la_SOURCES += evp/m_gostr341194.c
libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c
libcrypto_la_SOURCES += evp/m_md5_sha1.c
libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha1.c
libcrypto_la_SOURCES += evp/m_sigver.c
libcrypto_la_SOURCES += evp/m_streebog.c
libcrypto_la_SOURCES += evp/m_wp.c
libcrypto_la_SOURCES += evp/names.c
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
libcrypto_la_SOURCES += idea/i_cbc.c
libcrypto_la_SOURCES += idea/i_cfb64.c
libcrypto_la_SOURCES += idea/i_ecb.c
libcrypto_la_SOURCES += idea/i_ofb64.c
libcrypto_la_SOURCES += idea/i_skey.c
noinst_HEADERS += idea/idea_lcl.h

# krb5
libcrypto_la_SOURCES += krb5/krb5_asn.c

# lhash
libcrypto_la_SOURCES += lhash/lh_stats.c
libcrypto_la_SOURCES += lhash/lhash.c

# md4
libcrypto_la_SOURCES += md4/md4_dgst.c
libcrypto_la_SOURCES += md4/md4_one.c







<
<
<







588
589
590
591
592
593
594



595
596
597
598
599
600
601
libcrypto_la_SOURCES += idea/i_cbc.c
libcrypto_la_SOURCES += idea/i_cfb64.c
libcrypto_la_SOURCES += idea/i_ecb.c
libcrypto_la_SOURCES += idea/i_ofb64.c
libcrypto_la_SOURCES += idea/i_skey.c
noinst_HEADERS += idea/idea_lcl.h




# lhash
libcrypto_la_SOURCES += lhash/lh_stats.c
libcrypto_la_SOURCES += lhash/lhash.c

# md4
libcrypto_la_SOURCES += md4/md4_dgst.c
libcrypto_la_SOURCES += md4/md4_one.c
765
766
767
768
769
770
771

772
773
774
775
776
777
778
libcrypto_la_SOURCES += x509/x509cset.c
libcrypto_la_SOURCES += x509/x509name.c
libcrypto_la_SOURCES += x509/x509rset.c
libcrypto_la_SOURCES += x509/x509spki.c
libcrypto_la_SOURCES += x509/x509type.c
libcrypto_la_SOURCES += x509/x_all.c
noinst_HEADERS += x509/x509_lcl.h


# x509v3
libcrypto_la_SOURCES += x509v3/pcy_cache.c
libcrypto_la_SOURCES += x509v3/pcy_data.c
libcrypto_la_SOURCES += x509v3/pcy_lib.c
libcrypto_la_SOURCES += x509v3/pcy_map.c
libcrypto_la_SOURCES += x509v3/pcy_node.c







>







791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
libcrypto_la_SOURCES += x509/x509cset.c
libcrypto_la_SOURCES += x509/x509name.c
libcrypto_la_SOURCES += x509/x509rset.c
libcrypto_la_SOURCES += x509/x509spki.c
libcrypto_la_SOURCES += x509/x509type.c
libcrypto_la_SOURCES += x509/x_all.c
noinst_HEADERS += x509/x509_lcl.h
noinst_HEADERS += x509/vpm_int.h

# x509v3
libcrypto_la_SOURCES += x509v3/pcy_cache.c
libcrypto_la_SOURCES += x509v3/pcy_data.c
libcrypto_la_SOURCES += x509v3/pcy_lib.c
libcrypto_la_SOURCES += x509v3/pcy_map.c
libcrypto_la_SOURCES += x509v3/pcy_node.c
Changes to jni/libressl/crypto/Makefile.am.elf-x86_64.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

ASM_X86_64_ELF = aes/aes-elf-x86_64.s
ASM_X86_64_ELF += aes/bsaes-elf-x86_64.s
ASM_X86_64_ELF += aes/vpaes-elf-x86_64.s
ASM_X86_64_ELF += aes/aesni-elf-x86_64.s
ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.s
ASM_X86_64_ELF += bn/modexp512-elf-x86_64.s
ASM_X86_64_ELF += bn/mont-elf-x86_64.s
ASM_X86_64_ELF += bn/mont5-elf-x86_64.s
ASM_X86_64_ELF += bn/gf2m-elf-x86_64.s
ASM_X86_64_ELF += camellia/cmll-elf-x86_64.s
ASM_X86_64_ELF += md5/md5-elf-x86_64.s
ASM_X86_64_ELF += modes/ghash-elf-x86_64.s
ASM_X86_64_ELF += rc4/rc4-elf-x86_64.s
ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.s
ASM_X86_64_ELF += sha/sha1-elf-x86_64.s
ASM_X86_64_ELF += sha/sha256-elf-x86_64.S
ASM_X86_64_ELF += sha/sha512-elf-x86_64.S
ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.s
ASM_X86_64_ELF += cpuid-elf-x86_64.S

EXTRA_DIST += $(ASM_X86_64_ELF)

if HOST_ASM_ELF_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|


|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

ASM_X86_64_ELF = aes/aes-elf-x86_64.S
ASM_X86_64_ELF += aes/bsaes-elf-x86_64.S
ASM_X86_64_ELF += aes/vpaes-elf-x86_64.S
ASM_X86_64_ELF += aes/aesni-elf-x86_64.S
ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.S
ASM_X86_64_ELF += bn/modexp512-elf-x86_64.S
ASM_X86_64_ELF += bn/mont-elf-x86_64.S
ASM_X86_64_ELF += bn/mont5-elf-x86_64.S
ASM_X86_64_ELF += bn/gf2m-elf-x86_64.S
ASM_X86_64_ELF += camellia/cmll-elf-x86_64.S
ASM_X86_64_ELF += md5/md5-elf-x86_64.S
ASM_X86_64_ELF += modes/ghash-elf-x86_64.S
ASM_X86_64_ELF += rc4/rc4-elf-x86_64.S
ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.S
ASM_X86_64_ELF += sha/sha1-elf-x86_64.S
ASM_X86_64_ELF += sha/sha256-elf-x86_64.S
ASM_X86_64_ELF += sha/sha512-elf-x86_64.S
ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.S
ASM_X86_64_ELF += cpuid-elf-x86_64.S

EXTRA_DIST += $(ASM_X86_64_ELF)

if HOST_ASM_ELF_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM
Changes to jni/libressl/crypto/Makefile.am.macosx-x86_64.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.s
ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.s
ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.s
ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.s
ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.s
ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.s
ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.s
ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S
ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.s
ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S

EXTRA_DIST += $(ASM_X86_64_MACOSX)

if HOST_ASM_MACOSX_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|


|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.S
ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.S
ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.S
ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.S
ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.S
ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S
ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.S
ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S

EXTRA_DIST += $(ASM_X86_64_MACOSX)

if HOST_ASM_MACOSX_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM
Changes to jni/libressl/crypto/Makefile.in.
100
101
102
103
104
105
106

107

108
109
110

111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_TRUE@am__append_7 = compat/explicit_bzero_win.c
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_FALSE@am__append_8 = compat/explicit_bzero.c
@HAVE_STRLCAT_FALSE@am__append_9 = compat/strlcat.c
@HAVE_STRLCPY_FALSE@am__append_10 = compat/strlcpy.c
@HAVE_STRNDUP_FALSE@am__append_11 = compat/strndup.c
# the only user of strnlen is strndup, so only build it if needed
@HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@am__append_12 = compat/strnlen.c

@HAVE_ASPRINTF_FALSE@am__append_13 = compat/bsd-asprintf.c

@HAVE_INET_PTON_FALSE@am__append_14 = compat/inet_pton.c
@HAVE_TIMEGM_FALSE@am__append_15 = compat/timegm.c
@HAVE_REALLOCARRAY_FALSE@am__append_16 = compat/reallocarray.c

@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__append_17 = compat/timingsafe_memcmp.c
@HAVE_TIMINGSAFE_BCMP_FALSE@am__append_18 = compat/timingsafe_bcmp.c
@HOST_WIN_TRUE@am__append_19 = compat/posix_win.c
@HAVE_ARC4RANDOM_BUF_FALSE@am__append_20 = compat/arc4random.c \
@HAVE_ARC4RANDOM_BUF_FALSE@	compat/arc4random_uniform.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__append_21 = compat/getentropy_aix.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__append_22 = compat/getentropy_freebsd.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__append_23 = compat/getentropy_hpux.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__append_24 = compat/getentropy_linux.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__append_25 = compat/getentropy_netbsd.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__append_26 = compat/getentropy_osx.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__append_27 = compat/getentropy_solaris.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__append_28 = compat/getentropy_win.c
@HOST_ASM_ELF_X86_64_TRUE@am__append_29 = -DAES_ASM -DBSAES_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DVPAES_ASM -DOPENSSL_IA32_SSE2 \
@HOST_ASM_ELF_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT \
@HOST_ASM_ELF_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT5 \
@HOST_ASM_ELF_X86_64_TRUE@	-DOPENSSL_BN_ASM_GF2m -DMD5_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DGHASH_ASM -DRSA_ASM -DSHA1_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DSHA256_ASM -DSHA512_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ
@HOST_ASM_ELF_X86_64_TRUE@am__append_30 = $(ASM_X86_64_ELF)
@HOST_ASM_MACOSX_X86_64_TRUE@am__append_31 = -DAES_ASM -DBSAES_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DVPAES_ASM -DOPENSSL_IA32_SSE2 \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT5 \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_BN_ASM_GF2m -DMD5_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DGHASH_ASM -DRSA_ASM -DSHA1_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DSHA256_ASM -DSHA512_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DWHIRLPOOL_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_CPUID_OBJ
@HOST_ASM_MACOSX_X86_64_TRUE@am__append_32 = $(ASM_X86_64_MACOSX)
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@am__append_33 = aes/aes_cbc.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	aes/aes_core.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/camellia.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/cmll_cbc.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/rc4_enc.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/rc4_skey.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	whrlpool/wp_block.c
@HOST_WIN_FALSE@am__append_34 = bio/b_posix.c
@HOST_WIN_TRUE@am__append_35 = bio/b_win.c
@HOST_WIN_FALSE@am__append_36 = bio/bss_log.c
@HOST_WIN_FALSE@am__append_37 = ui/ui_openssl.c
@HOST_WIN_TRUE@am__append_38 = ui/ui_openssl_win.c
subdir = crypto
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \







>
|
>
|
|
|
>
|
|
|
|

|
|
|
|
|
|
|
|
|







|
|








|
|






|
|
|
|
|







100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_TRUE@am__append_7 = compat/explicit_bzero_win.c
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_FALSE@am__append_8 = compat/explicit_bzero.c
@HAVE_STRLCAT_FALSE@am__append_9 = compat/strlcat.c
@HAVE_STRLCPY_FALSE@am__append_10 = compat/strlcpy.c
@HAVE_STRNDUP_FALSE@am__append_11 = compat/strndup.c
# the only user of strnlen is strndup, so only build it if needed
@HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@am__append_12 = compat/strnlen.c
@HAVE_STRSEP_FALSE@am__append_13 = compat/strsep.c
@HAVE_ASPRINTF_FALSE@am__append_14 = compat/bsd-asprintf.c
@HAVE_GETPAGESIZE_FALSE@am__append_15 = compat/getpagesize.c
@HAVE_INET_PTON_FALSE@am__append_16 = compat/inet_pton.c
@HAVE_TIMEGM_FALSE@am__append_17 = compat/timegm.c
@HAVE_REALLOCARRAY_FALSE@am__append_18 = compat/reallocarray.c
@HAVE_RECALLOCARRAY_FALSE@am__append_19 = compat/recallocarray.c
@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__append_20 = compat/timingsafe_memcmp.c
@HAVE_TIMINGSAFE_BCMP_FALSE@am__append_21 = compat/timingsafe_bcmp.c
@HOST_WIN_TRUE@am__append_22 = compat/posix_win.c
@HAVE_ARC4RANDOM_BUF_FALSE@am__append_23 = compat/arc4random.c \
@HAVE_ARC4RANDOM_BUF_FALSE@	compat/arc4random_uniform.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__append_24 = compat/getentropy_aix.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__append_25 = compat/getentropy_freebsd.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__append_26 = compat/getentropy_hpux.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__append_27 = compat/getentropy_linux.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__append_28 = compat/getentropy_netbsd.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__append_29 = compat/getentropy_osx.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__append_30 = compat/getentropy_solaris.c
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__append_31 = compat/getentropy_win.c
@HOST_ASM_ELF_X86_64_TRUE@am__append_32 = -DAES_ASM -DBSAES_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DVPAES_ASM -DOPENSSL_IA32_SSE2 \
@HOST_ASM_ELF_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT \
@HOST_ASM_ELF_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT5 \
@HOST_ASM_ELF_X86_64_TRUE@	-DOPENSSL_BN_ASM_GF2m -DMD5_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DGHASH_ASM -DRSA_ASM -DSHA1_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DSHA256_ASM -DSHA512_ASM \
@HOST_ASM_ELF_X86_64_TRUE@	-DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ
@HOST_ASM_ELF_X86_64_TRUE@am__append_33 = $(ASM_X86_64_ELF)
@HOST_ASM_MACOSX_X86_64_TRUE@am__append_34 = -DAES_ASM -DBSAES_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DVPAES_ASM -DOPENSSL_IA32_SSE2 \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_BN_ASM_MONT5 \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_BN_ASM_GF2m -DMD5_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DGHASH_ASM -DRSA_ASM -DSHA1_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DSHA256_ASM -DSHA512_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DWHIRLPOOL_ASM \
@HOST_ASM_MACOSX_X86_64_TRUE@	-DOPENSSL_CPUID_OBJ
@HOST_ASM_MACOSX_X86_64_TRUE@am__append_35 = $(ASM_X86_64_MACOSX)
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@am__append_36 = aes/aes_cbc.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	aes/aes_core.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/camellia.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/cmll_cbc.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/rc4_enc.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/rc4_skey.c \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	whrlpool/wp_block.c
@HOST_WIN_FALSE@am__append_37 = bio/b_posix.c
@HOST_WIN_TRUE@am__append_38 = bio/b_win.c
@HOST_WIN_FALSE@am__append_39 = bio/bss_log.c
@HOST_WIN_FALSE@am__append_40 = ui/ui_openssl.c
@HOST_WIN_TRUE@am__append_41 = ui/ui_openssl_win.c
subdir = crypto
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
196
197
198
199
200
201
202
203

204
205
206
207
208
209
210
211
212
213
214
215
216
217

218

219
220
221

222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
am__DEPENDENCIES_1 =
libcompat_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
am__libcompat_la_SOURCES_DIST = compat/strlcat.c compat/strlcpy.c \
	compat/strndup.c compat/strnlen.c compat/bsd-asprintf.c \

	compat/inet_pton.c compat/timegm.c compat/reallocarray.c \
	compat/timingsafe_memcmp.c compat/timingsafe_bcmp.c \
	compat/posix_win.c compat/arc4random.c \
	compat/arc4random_uniform.c compat/getentropy_aix.c \
	compat/getentropy_freebsd.c compat/getentropy_hpux.c \
	compat/getentropy_linux.c compat/getentropy_netbsd.c \
	compat/getentropy_osx.c compat/getentropy_solaris.c \
	compat/getentropy_win.c
am__dirstamp = $(am__leading_dot)dirstamp
@HAVE_STRLCAT_FALSE@am__objects_1 = compat/strlcat.lo
@HAVE_STRLCPY_FALSE@am__objects_2 = compat/strlcpy.lo
@HAVE_STRNDUP_FALSE@am__objects_3 = compat/strndup.lo
@HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@am__objects_4 =  \
@HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@	compat/strnlen.lo

@HAVE_ASPRINTF_FALSE@am__objects_5 = compat/bsd-asprintf.lo

@HAVE_INET_PTON_FALSE@am__objects_6 = compat/inet_pton.lo
@HAVE_TIMEGM_FALSE@am__objects_7 = compat/timegm.lo
@HAVE_REALLOCARRAY_FALSE@am__objects_8 = compat/reallocarray.lo

@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__objects_9 =  \
@HAVE_TIMINGSAFE_MEMCMP_FALSE@	compat/timingsafe_memcmp.lo
@HAVE_TIMINGSAFE_BCMP_FALSE@am__objects_10 =  \
@HAVE_TIMINGSAFE_BCMP_FALSE@	compat/timingsafe_bcmp.lo
@HOST_WIN_TRUE@am__objects_11 = compat/posix_win.lo
@HAVE_ARC4RANDOM_BUF_FALSE@am__objects_12 = compat/arc4random.lo \
@HAVE_ARC4RANDOM_BUF_FALSE@	compat/arc4random_uniform.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__objects_13 = compat/getentropy_aix.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__objects_14 = compat/getentropy_freebsd.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__objects_15 = compat/getentropy_hpux.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__objects_16 = compat/getentropy_linux.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__objects_17 = compat/getentropy_netbsd.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__objects_18 = compat/getentropy_osx.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__objects_19 = compat/getentropy_solaris.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__objects_20 = compat/getentropy_win.lo
am_libcompat_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
	$(am__objects_3) $(am__objects_4) $(am__objects_5) \
	$(am__objects_6) $(am__objects_7) $(am__objects_8) \
	$(am__objects_9) $(am__objects_10) $(am__objects_11) \
	$(am__objects_12) $(am__objects_13) $(am__objects_14) \
	$(am__objects_15) $(am__objects_16) $(am__objects_17) \
	$(am__objects_18) $(am__objects_19) $(am__objects_20)

libcompat_la_OBJECTS = $(am_libcompat_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
libcompatnoopt_la_LIBADD =
am__libcompatnoopt_la_SOURCES_DIST = compat/explicit_bzero_win.c \
	compat/explicit_bzero.c
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_TRUE@am__objects_21 = compat/libcompatnoopt_la-explicit_bzero_win.lo
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_FALSE@am__objects_22 = compat/libcompatnoopt_la-explicit_bzero.lo
@HAVE_EXPLICIT_BZERO_FALSE@am_libcompatnoopt_la_OBJECTS =  \
@HAVE_EXPLICIT_BZERO_FALSE@	$(am__objects_21) $(am__objects_22)
libcompatnoopt_la_OBJECTS = $(am_libcompatnoopt_la_OBJECTS)
libcompatnoopt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
	$(libcompatnoopt_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \
	-o $@
@HAVE_EXPLICIT_BZERO_FALSE@am_libcompatnoopt_la_rpath =
libcrypto_la_DEPENDENCIES = libcompat.la $(am__append_1)
am__libcrypto_la_SOURCES_DIST = aes/aes-elf-x86_64.s \
	aes/bsaes-elf-x86_64.s aes/vpaes-elf-x86_64.s \
	aes/aesni-elf-x86_64.s aes/aesni-sha1-elf-x86_64.s \
	bn/modexp512-elf-x86_64.s bn/mont-elf-x86_64.s \
	bn/mont5-elf-x86_64.s bn/gf2m-elf-x86_64.s \
	camellia/cmll-elf-x86_64.s md5/md5-elf-x86_64.s \
	modes/ghash-elf-x86_64.s rc4/rc4-elf-x86_64.s \
	rc4/rc4-md5-elf-x86_64.s sha/sha1-elf-x86_64.s \
	sha/sha256-elf-x86_64.S sha/sha512-elf-x86_64.S \
	whrlpool/wp-elf-x86_64.s cpuid-elf-x86_64.S \
	aes/aes-macosx-x86_64.s aes/bsaes-macosx-x86_64.s \
	aes/vpaes-macosx-x86_64.s aes/aesni-macosx-x86_64.s \
	aes/aesni-sha1-macosx-x86_64.s bn/modexp512-macosx-x86_64.s \
	bn/mont-macosx-x86_64.s bn/mont5-macosx-x86_64.s \
	bn/gf2m-macosx-x86_64.s camellia/cmll-macosx-x86_64.s \
	md5/md5-macosx-x86_64.s modes/ghash-macosx-x86_64.s \
	rc4/rc4-macosx-x86_64.s rc4/rc4-md5-macosx-x86_64.s \
	sha/sha1-macosx-x86_64.s sha/sha256-macosx-x86_64.S \
	sha/sha512-macosx-x86_64.S whrlpool/wp-macosx-x86_64.s \
	cpuid-macosx-x86_64.S aes/aes_cbc.c aes/aes_core.c \
	camellia/camellia.c camellia/cmll_cbc.c rc4/rc4_enc.c \
	rc4/rc4_skey.c whrlpool/wp_block.c cpt_err.c cryptlib.c \
	cversion.c ex_data.c malloc-wrapper.c mem_clr.c mem_dbg.c \
	o_init.c o_str.c o_time.c aes/aes_cfb.c aes/aes_ctr.c \
	aes/aes_ecb.c aes/aes_ige.c aes/aes_misc.c aes/aes_ofb.c \
	aes/aes_wrap.c asn1/a_bitstr.c asn1/a_bool.c asn1/a_bytes.c \







|
>
|













>
|
>
|
|
|
>
|

|

|
|

|
|
|
|
|
|
|
|






|
>








|
|

|







|
|
|
|
|
|
|
|

|
|
|
|
|
|
|
|
|
|







199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
am__DEPENDENCIES_1 =
libcompat_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
am__libcompat_la_SOURCES_DIST = compat/strlcat.c compat/strlcpy.c \
	compat/strndup.c compat/strnlen.c compat/strsep.c \
	compat/bsd-asprintf.c compat/getpagesize.c compat/inet_pton.c \
	compat/timegm.c compat/reallocarray.c compat/recallocarray.c \
	compat/timingsafe_memcmp.c compat/timingsafe_bcmp.c \
	compat/posix_win.c compat/arc4random.c \
	compat/arc4random_uniform.c compat/getentropy_aix.c \
	compat/getentropy_freebsd.c compat/getentropy_hpux.c \
	compat/getentropy_linux.c compat/getentropy_netbsd.c \
	compat/getentropy_osx.c compat/getentropy_solaris.c \
	compat/getentropy_win.c
am__dirstamp = $(am__leading_dot)dirstamp
@HAVE_STRLCAT_FALSE@am__objects_1 = compat/strlcat.lo
@HAVE_STRLCPY_FALSE@am__objects_2 = compat/strlcpy.lo
@HAVE_STRNDUP_FALSE@am__objects_3 = compat/strndup.lo
@HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@am__objects_4 =  \
@HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@	compat/strnlen.lo
@HAVE_STRSEP_FALSE@am__objects_5 = compat/strsep.lo
@HAVE_ASPRINTF_FALSE@am__objects_6 = compat/bsd-asprintf.lo
@HAVE_GETPAGESIZE_FALSE@am__objects_7 = compat/getpagesize.lo
@HAVE_INET_PTON_FALSE@am__objects_8 = compat/inet_pton.lo
@HAVE_TIMEGM_FALSE@am__objects_9 = compat/timegm.lo
@HAVE_REALLOCARRAY_FALSE@am__objects_10 = compat/reallocarray.lo
@HAVE_RECALLOCARRAY_FALSE@am__objects_11 = compat/recallocarray.lo
@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__objects_12 =  \
@HAVE_TIMINGSAFE_MEMCMP_FALSE@	compat/timingsafe_memcmp.lo
@HAVE_TIMINGSAFE_BCMP_FALSE@am__objects_13 =  \
@HAVE_TIMINGSAFE_BCMP_FALSE@	compat/timingsafe_bcmp.lo
@HOST_WIN_TRUE@am__objects_14 = compat/posix_win.lo
@HAVE_ARC4RANDOM_BUF_FALSE@am__objects_15 = compat/arc4random.lo \
@HAVE_ARC4RANDOM_BUF_FALSE@	compat/arc4random_uniform.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__objects_16 = compat/getentropy_aix.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__objects_17 = compat/getentropy_freebsd.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__objects_18 = compat/getentropy_hpux.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__objects_19 = compat/getentropy_linux.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__objects_20 = compat/getentropy_netbsd.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__objects_21 = compat/getentropy_osx.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__objects_22 = compat/getentropy_solaris.lo
@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__objects_23 = compat/getentropy_win.lo
am_libcompat_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
	$(am__objects_3) $(am__objects_4) $(am__objects_5) \
	$(am__objects_6) $(am__objects_7) $(am__objects_8) \
	$(am__objects_9) $(am__objects_10) $(am__objects_11) \
	$(am__objects_12) $(am__objects_13) $(am__objects_14) \
	$(am__objects_15) $(am__objects_16) $(am__objects_17) \
	$(am__objects_18) $(am__objects_19) $(am__objects_20) \
	$(am__objects_21) $(am__objects_22) $(am__objects_23)
libcompat_la_OBJECTS = $(am_libcompat_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
libcompatnoopt_la_LIBADD =
am__libcompatnoopt_la_SOURCES_DIST = compat/explicit_bzero_win.c \
	compat/explicit_bzero.c
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_TRUE@am__objects_24 = compat/libcompatnoopt_la-explicit_bzero_win.lo
@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_FALSE@am__objects_25 = compat/libcompatnoopt_la-explicit_bzero.lo
@HAVE_EXPLICIT_BZERO_FALSE@am_libcompatnoopt_la_OBJECTS =  \
@HAVE_EXPLICIT_BZERO_FALSE@	$(am__objects_24) $(am__objects_25)
libcompatnoopt_la_OBJECTS = $(am_libcompatnoopt_la_OBJECTS)
libcompatnoopt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
	$(libcompatnoopt_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \
	-o $@
@HAVE_EXPLICIT_BZERO_FALSE@am_libcompatnoopt_la_rpath =
libcrypto_la_DEPENDENCIES = libcompat.la $(am__append_1)
am__libcrypto_la_SOURCES_DIST = aes/aes-elf-x86_64.S \
	aes/bsaes-elf-x86_64.S aes/vpaes-elf-x86_64.S \
	aes/aesni-elf-x86_64.S aes/aesni-sha1-elf-x86_64.S \
	bn/modexp512-elf-x86_64.S bn/mont-elf-x86_64.S \
	bn/mont5-elf-x86_64.S bn/gf2m-elf-x86_64.S \
	camellia/cmll-elf-x86_64.S md5/md5-elf-x86_64.S \
	modes/ghash-elf-x86_64.S rc4/rc4-elf-x86_64.S \
	rc4/rc4-md5-elf-x86_64.S sha/sha1-elf-x86_64.S \
	sha/sha256-elf-x86_64.S sha/sha512-elf-x86_64.S \
	whrlpool/wp-elf-x86_64.S cpuid-elf-x86_64.S \
	aes/aes-macosx-x86_64.S aes/bsaes-macosx-x86_64.S \
	aes/vpaes-macosx-x86_64.S aes/aesni-macosx-x86_64.S \
	aes/aesni-sha1-macosx-x86_64.S bn/modexp512-macosx-x86_64.S \
	bn/mont-macosx-x86_64.S bn/mont5-macosx-x86_64.S \
	bn/gf2m-macosx-x86_64.S camellia/cmll-macosx-x86_64.S \
	md5/md5-macosx-x86_64.S modes/ghash-macosx-x86_64.S \
	rc4/rc4-macosx-x86_64.S rc4/rc4-md5-macosx-x86_64.S \
	sha/sha1-macosx-x86_64.S sha/sha256-macosx-x86_64.S \
	sha/sha512-macosx-x86_64.S whrlpool/wp-macosx-x86_64.S \
	cpuid-macosx-x86_64.S aes/aes_cbc.c aes/aes_core.c \
	camellia/camellia.c camellia/cmll_cbc.c rc4/rc4_enc.c \
	rc4/rc4_skey.c whrlpool/wp_block.c cpt_err.c cryptlib.c \
	cversion.c ex_data.c malloc-wrapper.c mem_clr.c mem_dbg.c \
	o_init.c o_str.c o_time.c aes/aes_cfb.c aes/aes_ctr.c \
	aes/aes_ecb.c aes/aes_ige.c aes/aes_misc.c aes/aes_ofb.c \
	aes/aes_wrap.c asn1/a_bitstr.c asn1/a_bool.c asn1/a_bytes.c \
322
323
324
325
326
327
328

329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344


345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369

370
371
372
373
374
375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
	camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \
	camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \
	cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \
	chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \
	comp/c_rle.c comp/c_zlib.c comp/comp_err.c comp/comp_lib.c \
	conf/conf_api.c conf/conf_def.c conf/conf_err.c \
	conf/conf_lib.c conf/conf_mall.c conf/conf_mod.c \

	conf/conf_sap.c des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c \
	des/cfb64enc.c des/cfb_enc.c des/des_enc.c des/ecb3_enc.c \
	des/ecb_enc.c des/ede_cbcm_enc.c des/enc_read.c des/enc_writ.c \
	des/fcrypt.c des/fcrypt_b.c des/ofb64ede.c des/ofb64enc.c \
	des/ofb_enc.c des/pcbc_enc.c des/qud_cksm.c des/rand_key.c \
	des/set_key.c des/str2key.c des/xcbc_enc.c dh/dh_ameth.c \
	dh/dh_asn1.c dh/dh_check.c dh/dh_depr.c dh/dh_err.c \
	dh/dh_gen.c dh/dh_key.c dh/dh_lib.c dh/dh_pmeth.c dh/dh_prn.c \
	dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_depr.c dsa/dsa_err.c \
	dsa/dsa_gen.c dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_ossl.c \
	dsa/dsa_pmeth.c dsa/dsa_prn.c dsa/dsa_sign.c dsa/dsa_vrf.c \
	dso/dso_dlfcn.c dso/dso_err.c dso/dso_lib.c dso/dso_null.c \
	dso/dso_openssl.c ec/ec2_mult.c ec/ec2_oct.c ec/ec2_smpl.c \
	ec/ec_ameth.c ec/ec_asn1.c ec/ec_check.c ec/ec_curve.c \
	ec/ec_cvt.c ec/ec_err.c ec/ec_key.c ec/ec_lib.c ec/ec_mult.c \
	ec/ec_oct.c ec/ec_pmeth.c ec/ec_print.c ec/eck_prn.c \


	ec/ecp_mont.c ec/ecp_nist.c ec/ecp_oct.c ec/ecp_smpl.c \
	ecdh/ech_err.c ecdh/ech_key.c ecdh/ech_lib.c ecdsa/ecs_asn1.c \
	ecdsa/ecs_err.c ecdsa/ecs_lib.c ecdsa/ecs_ossl.c \
	ecdsa/ecs_sign.c ecdsa/ecs_vrf.c engine/eng_all.c \
	engine/eng_cnf.c engine/eng_ctrl.c engine/eng_dyn.c \
	engine/eng_err.c engine/eng_fat.c engine/eng_init.c \
	engine/eng_lib.c engine/eng_list.c engine/eng_openssl.c \
	engine/eng_pkey.c engine/eng_table.c engine/tb_asnmth.c \
	engine/tb_cipher.c engine/tb_dh.c engine/tb_digest.c \
	engine/tb_dsa.c engine/tb_ecdh.c engine/tb_ecdsa.c \
	engine/tb_pkmeth.c engine/tb_rand.c engine/tb_rsa.c \
	engine/tb_store.c err/err.c err/err_all.c err/err_prn.c \
	evp/bio_b64.c evp/bio_enc.c evp/bio_md.c evp/c_all.c \
	evp/digest.c evp/e_aes.c evp/e_aes_cbc_hmac_sha1.c evp/e_bf.c \
	evp/e_camellia.c evp/e_cast.c evp/e_chacha.c \
	evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c \
	evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_old.c \
	evp/e_rc2.c evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_xcbc_d.c \
	evp/encode.c evp/evp_aead.c evp/evp_enc.c evp/evp_err.c \
	evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c \
	evp/m_dss.c evp/m_dss1.c evp/m_ecdsa.c evp/m_gost2814789.c \
	evp/m_gostr341194.c evp/m_md4.c evp/m_md5.c evp/m_null.c \
	evp/m_ripemd.c evp/m_sha1.c evp/m_sigver.c evp/m_streebog.c \
	evp/m_wp.c evp/names.c evp/p5_crpt.c evp/p5_crpt2.c \
	evp/p_dec.c evp/p_enc.c evp/p_lib.c evp/p_open.c evp/p_seal.c \

	evp/p_sign.c evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c \
	evp/pmeth_lib.c gost/gost2814789.c gost/gost89_keywrap.c \
	gost/gost89_params.c gost/gost89imit_ameth.c \
	gost/gost89imit_pmeth.c gost/gost_asn1.c gost/gost_err.c \
	gost/gostr341001.c gost/gostr341001_ameth.c \
	gost/gostr341001_key.c gost/gostr341001_params.c \
	gost/gostr341001_pmeth.c gost/gostr341194.c gost/streebog.c \
	hmac/hm_ameth.c hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c \
	idea/i_cfb64.c idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c \
	krb5/krb5_asn.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c \
	md4/md4_one.c md5/md5_dgst.c md5/md5_one.c modes/cbc128.c \
	modes/ccm128.c modes/cfb128.c modes/ctr128.c modes/cts128.c \

	modes/gcm128.c modes/ofb128.c modes/xts128.c objects/o_names.c \
	objects/obj_dat.c objects/obj_err.c objects/obj_lib.c \
	objects/obj_xref.c ocsp/ocsp_asn.c ocsp/ocsp_cl.c \
	ocsp/ocsp_err.c ocsp/ocsp_ext.c ocsp/ocsp_ht.c ocsp/ocsp_lib.c \
	ocsp/ocsp_prn.c ocsp/ocsp_srv.c ocsp/ocsp_vfy.c pem/pem_all.c \
	pem/pem_err.c pem/pem_info.c pem/pem_lib.c pem/pem_oth.c \
	pem/pem_pk8.c pem/pem_pkey.c pem/pem_seal.c pem/pem_sign.c \
	pem/pem_x509.c pem/pem_xaux.c pem/pvkfmt.c pkcs12/p12_add.c \
	pkcs12/p12_asn.c pkcs12/p12_attr.c pkcs12/p12_crpt.c \
	pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c \
	pkcs12/p12_key.c pkcs12/p12_kiss.c pkcs12/p12_mutl.c \
	pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c \
	pkcs12/p12_utl.c pkcs12/pk12err.c pkcs7/bio_pk7.c \
	pkcs7/pk7_asn1.c pkcs7/pk7_attr.c pkcs7/pk7_doit.c \
	pkcs7/pk7_lib.c pkcs7/pk7_mime.c pkcs7/pk7_smime.c \
	pkcs7/pkcs7err.c poly1305/poly1305.c rand/rand_err.c \
	rand/rand_lib.c rand/randfile.c rc2/rc2_cbc.c rc2/rc2_ecb.c \
	rc2/rc2_skey.c rc2/rc2cfb64.c rc2/rc2ofb64.c ripemd/rmd_dgst.c \
	ripemd/rmd_one.c rsa/rsa_ameth.c rsa/rsa_asn1.c rsa/rsa_chk.c \
	rsa/rsa_crpt.c rsa/rsa_depr.c rsa/rsa_eay.c rsa/rsa_err.c \
	rsa/rsa_gen.c rsa/rsa_lib.c rsa/rsa_none.c rsa/rsa_oaep.c \
	rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c rsa/rsa_pss.c \
	rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_ssl.c rsa/rsa_x931.c \
	sha/sha1_one.c sha/sha1dgst.c sha/sha256.c sha/sha512.c \
	stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \







>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
<
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|







330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391

392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
	camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \
	camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \
	cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \
	chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \
	comp/c_rle.c comp/c_zlib.c comp/comp_err.c comp/comp_lib.c \
	conf/conf_api.c conf/conf_def.c conf/conf_err.c \
	conf/conf_lib.c conf/conf_mall.c conf/conf_mod.c \
	conf/conf_sap.c curve25519/curve25519-generic.c \
	curve25519/curve25519.c des/cbc_cksm.c des/cbc_enc.c \
	des/cfb64ede.c des/cfb64enc.c des/cfb_enc.c des/des_enc.c \
	des/ecb3_enc.c des/ecb_enc.c des/ede_cbcm_enc.c des/enc_read.c \
	des/enc_writ.c des/fcrypt.c des/fcrypt_b.c des/ofb64ede.c \
	des/ofb64enc.c des/ofb_enc.c des/pcbc_enc.c des/qud_cksm.c \
	des/rand_key.c des/set_key.c des/str2key.c des/xcbc_enc.c \
	dh/dh_ameth.c dh/dh_asn1.c dh/dh_check.c dh/dh_depr.c \
	dh/dh_err.c dh/dh_gen.c dh/dh_key.c dh/dh_lib.c dh/dh_pmeth.c \
	dh/dh_prn.c dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_depr.c \
	dsa/dsa_err.c dsa/dsa_gen.c dsa/dsa_key.c dsa/dsa_lib.c \
	dsa/dsa_ossl.c dsa/dsa_pmeth.c dsa/dsa_prn.c dsa/dsa_sign.c \
	dsa/dsa_vrf.c dso/dso_dlfcn.c dso/dso_err.c dso/dso_lib.c \
	dso/dso_null.c dso/dso_openssl.c ec/ec2_mult.c ec/ec2_oct.c \
	ec/ec2_smpl.c ec/ec_ameth.c ec/ec_asn1.c ec/ec_check.c \
	ec/ec_curve.c ec/ec_cvt.c ec/ec_err.c ec/ec_key.c ec/ec_lib.c \
	ec/ec_mult.c ec/ec_oct.c ec/ec_pmeth.c ec/ec_print.c \
	ec/eck_prn.c ec/ecp_mont.c ec/ecp_nist.c ec/ecp_nistp224.c \
	ec/ecp_nistp256.c ec/ecp_nistp521.c ec/ecp_nistputil.c \
	ec/ecp_oct.c ec/ecp_smpl.c ecdh/ech_err.c ecdh/ech_key.c \
	ecdh/ech_lib.c ecdsa/ecs_asn1.c ecdsa/ecs_err.c \
	ecdsa/ecs_lib.c ecdsa/ecs_ossl.c ecdsa/ecs_sign.c \
	ecdsa/ecs_vrf.c engine/eng_all.c engine/eng_cnf.c \
	engine/eng_ctrl.c engine/eng_dyn.c engine/eng_err.c \
	engine/eng_fat.c engine/eng_init.c engine/eng_lib.c \
	engine/eng_list.c engine/eng_openssl.c engine/eng_pkey.c \
	engine/eng_table.c engine/tb_asnmth.c engine/tb_cipher.c \
	engine/tb_dh.c engine/tb_digest.c engine/tb_dsa.c \
	engine/tb_ecdh.c engine/tb_ecdsa.c engine/tb_pkmeth.c \
	engine/tb_rand.c engine/tb_rsa.c engine/tb_store.c err/err.c \
	err/err_all.c err/err_prn.c evp/bio_b64.c evp/bio_enc.c \
	evp/bio_md.c evp/c_all.c evp/digest.c evp/e_aes.c \
	evp/e_aes_cbc_hmac_sha1.c evp/e_bf.c evp/e_camellia.c \
	evp/e_cast.c evp/e_chacha.c evp/e_chacha20poly1305.c \
	evp/e_des.c evp/e_des3.c evp/e_gost2814789.c evp/e_idea.c \
	evp/e_null.c evp/e_old.c evp/e_rc2.c evp/e_rc4.c \
	evp/e_rc4_hmac_md5.c evp/e_xcbc_d.c evp/encode.c \
	evp/evp_aead.c evp/evp_enc.c evp/evp_err.c evp/evp_key.c \
	evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c evp/m_dss.c \
	evp/m_dss1.c evp/m_ecdsa.c evp/m_gost2814789.c \
	evp/m_gostr341194.c evp/m_md4.c evp/m_md5.c evp/m_md5_sha1.c \
	evp/m_null.c evp/m_ripemd.c evp/m_sha1.c evp/m_sigver.c \
	evp/m_streebog.c evp/m_wp.c evp/names.c evp/p5_crpt.c \
	evp/p5_crpt2.c evp/p_dec.c evp/p_enc.c evp/p_lib.c \
	evp/p_open.c evp/p_seal.c evp/p_sign.c evp/p_verify.c \
	evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \
	gost/gost2814789.c gost/gost89_keywrap.c gost/gost89_params.c \
	gost/gost89imit_ameth.c gost/gost89imit_pmeth.c \
	gost/gost_asn1.c gost/gost_err.c gost/gostr341001.c \
	gost/gostr341001_ameth.c gost/gostr341001_key.c \
	gost/gostr341001_params.c gost/gostr341001_pmeth.c \
	gost/gostr341194.c gost/streebog.c hmac/hm_ameth.c \
	hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c idea/i_cfb64.c \
	idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c lhash/lh_stats.c \
	lhash/lhash.c md4/md4_dgst.c md4/md4_one.c md5/md5_dgst.c \

	md5/md5_one.c modes/cbc128.c modes/ccm128.c modes/cfb128.c \
	modes/ctr128.c modes/cts128.c modes/gcm128.c modes/ofb128.c \
	modes/xts128.c objects/o_names.c objects/obj_dat.c \
	objects/obj_err.c objects/obj_lib.c objects/obj_xref.c \
	ocsp/ocsp_asn.c ocsp/ocsp_cl.c ocsp/ocsp_err.c ocsp/ocsp_ext.c \
	ocsp/ocsp_ht.c ocsp/ocsp_lib.c ocsp/ocsp_prn.c ocsp/ocsp_srv.c \
	ocsp/ocsp_vfy.c pem/pem_all.c pem/pem_err.c pem/pem_info.c \
	pem/pem_lib.c pem/pem_oth.c pem/pem_pk8.c pem/pem_pkey.c \
	pem/pem_seal.c pem/pem_sign.c pem/pem_x509.c pem/pem_xaux.c \
	pem/pvkfmt.c pkcs12/p12_add.c pkcs12/p12_asn.c \
	pkcs12/p12_attr.c pkcs12/p12_crpt.c pkcs12/p12_crt.c \
	pkcs12/p12_decr.c pkcs12/p12_init.c pkcs12/p12_key.c \
	pkcs12/p12_kiss.c pkcs12/p12_mutl.c pkcs12/p12_npas.c \
	pkcs12/p12_p8d.c pkcs12/p12_p8e.c pkcs12/p12_utl.c \
	pkcs12/pk12err.c pkcs7/bio_pk7.c pkcs7/pk7_asn1.c \
	pkcs7/pk7_attr.c pkcs7/pk7_doit.c pkcs7/pk7_lib.c \
	pkcs7/pk7_mime.c pkcs7/pk7_smime.c pkcs7/pkcs7err.c \
	poly1305/poly1305.c rand/rand_err.c rand/rand_lib.c \
	rand/randfile.c rc2/rc2_cbc.c rc2/rc2_ecb.c rc2/rc2_skey.c \
	rc2/rc2cfb64.c rc2/rc2ofb64.c ripemd/rmd_dgst.c \
	ripemd/rmd_one.c rsa/rsa_ameth.c rsa/rsa_asn1.c rsa/rsa_chk.c \
	rsa/rsa_crpt.c rsa/rsa_depr.c rsa/rsa_eay.c rsa/rsa_err.c \
	rsa/rsa_gen.c rsa/rsa_lib.c rsa/rsa_none.c rsa/rsa_oaep.c \
	rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c rsa/rsa_pss.c \
	rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_ssl.c rsa/rsa_x931.c \
	sha/sha1_one.c sha/sha1dgst.c sha/sha256.c sha/sha512.c \
	stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \
423
424
425
426
427
428
429

430
431


432

433
434


435

436

437
438

439
440

441
442


443

444
445


446

447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
	x509v3/v3_crld.c x509v3/v3_enum.c x509v3/v3_extku.c \
	x509v3/v3_genn.c x509v3/v3_ia5.c x509v3/v3_info.c \
	x509v3/v3_int.c x509v3/v3_lib.c x509v3/v3_ncons.c \
	x509v3/v3_ocsp.c x509v3/v3_pci.c x509v3/v3_pcia.c \
	x509v3/v3_pcons.c x509v3/v3_pku.c x509v3/v3_pmaps.c \
	x509v3/v3_prn.c x509v3/v3_purp.c x509v3/v3_skey.c \
	x509v3/v3_sxnet.c x509v3/v3_utl.c x509v3/v3err.c

am__objects_23 = aes/aes-elf-x86_64.lo aes/bsaes-elf-x86_64.lo \
	aes/vpaes-elf-x86_64.lo aes/aesni-elf-x86_64.lo \


	aes/aesni-sha1-elf-x86_64.lo bn/modexp512-elf-x86_64.lo \

	bn/mont-elf-x86_64.lo bn/mont5-elf-x86_64.lo \
	bn/gf2m-elf-x86_64.lo camellia/cmll-elf-x86_64.lo \


	md5/md5-elf-x86_64.lo modes/ghash-elf-x86_64.lo \

	rc4/rc4-elf-x86_64.lo rc4/rc4-md5-elf-x86_64.lo \

	sha/sha1-elf-x86_64.lo sha/libcrypto_la-sha256-elf-x86_64.lo \
	sha/libcrypto_la-sha512-elf-x86_64.lo \

	whrlpool/wp-elf-x86_64.lo libcrypto_la-cpuid-elf-x86_64.lo
@HOST_ASM_ELF_X86_64_TRUE@am__objects_24 = $(am__objects_23)

am__objects_25 = aes/aes-macosx-x86_64.lo aes/bsaes-macosx-x86_64.lo \
	aes/vpaes-macosx-x86_64.lo aes/aesni-macosx-x86_64.lo \


	aes/aesni-sha1-macosx-x86_64.lo bn/modexp512-macosx-x86_64.lo \

	bn/mont-macosx-x86_64.lo bn/mont5-macosx-x86_64.lo \
	bn/gf2m-macosx-x86_64.lo camellia/cmll-macosx-x86_64.lo \


	md5/md5-macosx-x86_64.lo modes/ghash-macosx-x86_64.lo \

	rc4/rc4-macosx-x86_64.lo rc4/rc4-md5-macosx-x86_64.lo \
	sha/sha1-macosx-x86_64.lo \
	sha/libcrypto_la-sha256-macosx-x86_64.lo \
	sha/libcrypto_la-sha512-macosx-x86_64.lo \
	whrlpool/wp-macosx-x86_64.lo \
	libcrypto_la-cpuid-macosx-x86_64.lo
@HOST_ASM_MACOSX_X86_64_TRUE@am__objects_26 = $(am__objects_25)
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@am__objects_27 = aes/libcrypto_la-aes_cbc.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	aes/libcrypto_la-aes_core.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/libcrypto_la-camellia.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/libcrypto_la-cmll_cbc.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/libcrypto_la-rc4_enc.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/libcrypto_la-rc4_skey.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	whrlpool/libcrypto_la-wp_block.lo
@HOST_WIN_FALSE@am__objects_28 = bio/libcrypto_la-b_posix.lo
@HOST_WIN_TRUE@am__objects_29 = bio/libcrypto_la-b_win.lo
@HOST_WIN_FALSE@am__objects_30 = bio/libcrypto_la-bss_log.lo
@HOST_WIN_FALSE@am__objects_31 = ui/libcrypto_la-ui_openssl.lo
@HOST_WIN_TRUE@am__objects_32 = ui/libcrypto_la-ui_openssl_win.lo
am_libcrypto_la_OBJECTS = $(am__objects_24) $(am__objects_26) \
	$(am__objects_27) libcrypto_la-cpt_err.lo \
	libcrypto_la-cryptlib.lo libcrypto_la-cversion.lo \
	libcrypto_la-ex_data.lo libcrypto_la-malloc-wrapper.lo \
	libcrypto_la-mem_clr.lo libcrypto_la-mem_dbg.lo \
	libcrypto_la-o_init.lo libcrypto_la-o_str.lo \
	libcrypto_la-o_time.lo aes/libcrypto_la-aes_cfb.lo \
	aes/libcrypto_la-aes_ctr.lo aes/libcrypto_la-aes_ecb.lo \
	aes/libcrypto_la-aes_ige.lo aes/libcrypto_la-aes_misc.lo \







>
|
|
>
>
|
>
|
|
>
>
|
>
|
>
|

>
|
|
>
|
|
>
>
|
>
|
|
>
>
|
>
|
|


|

|
|






|
|
|
|
|
|
|







435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
	x509v3/v3_crld.c x509v3/v3_enum.c x509v3/v3_extku.c \
	x509v3/v3_genn.c x509v3/v3_ia5.c x509v3/v3_info.c \
	x509v3/v3_int.c x509v3/v3_lib.c x509v3/v3_ncons.c \
	x509v3/v3_ocsp.c x509v3/v3_pci.c x509v3/v3_pcia.c \
	x509v3/v3_pcons.c x509v3/v3_pku.c x509v3/v3_pmaps.c \
	x509v3/v3_prn.c x509v3/v3_purp.c x509v3/v3_skey.c \
	x509v3/v3_sxnet.c x509v3/v3_utl.c x509v3/v3err.c
am__objects_26 = aes/libcrypto_la-aes-elf-x86_64.lo \
	aes/libcrypto_la-bsaes-elf-x86_64.lo \
	aes/libcrypto_la-vpaes-elf-x86_64.lo \
	aes/libcrypto_la-aesni-elf-x86_64.lo \
	aes/libcrypto_la-aesni-sha1-elf-x86_64.lo \
	bn/libcrypto_la-modexp512-elf-x86_64.lo \
	bn/libcrypto_la-mont-elf-x86_64.lo \
	bn/libcrypto_la-mont5-elf-x86_64.lo \
	bn/libcrypto_la-gf2m-elf-x86_64.lo \
	camellia/libcrypto_la-cmll-elf-x86_64.lo \
	md5/libcrypto_la-md5-elf-x86_64.lo \
	modes/libcrypto_la-ghash-elf-x86_64.lo \
	rc4/libcrypto_la-rc4-elf-x86_64.lo \
	rc4/libcrypto_la-rc4-md5-elf-x86_64.lo \
	sha/libcrypto_la-sha1-elf-x86_64.lo \
	sha/libcrypto_la-sha256-elf-x86_64.lo \
	sha/libcrypto_la-sha512-elf-x86_64.lo \
	whrlpool/libcrypto_la-wp-elf-x86_64.lo \
	libcrypto_la-cpuid-elf-x86_64.lo
@HOST_ASM_ELF_X86_64_TRUE@am__objects_27 = $(am__objects_26)
am__objects_28 = aes/libcrypto_la-aes-macosx-x86_64.lo \
	aes/libcrypto_la-bsaes-macosx-x86_64.lo \
	aes/libcrypto_la-vpaes-macosx-x86_64.lo \
	aes/libcrypto_la-aesni-macosx-x86_64.lo \
	aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo \
	bn/libcrypto_la-modexp512-macosx-x86_64.lo \
	bn/libcrypto_la-mont-macosx-x86_64.lo \
	bn/libcrypto_la-mont5-macosx-x86_64.lo \
	bn/libcrypto_la-gf2m-macosx-x86_64.lo \
	camellia/libcrypto_la-cmll-macosx-x86_64.lo \
	md5/libcrypto_la-md5-macosx-x86_64.lo \
	modes/libcrypto_la-ghash-macosx-x86_64.lo \
	rc4/libcrypto_la-rc4-macosx-x86_64.lo \
	rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo \
	sha/libcrypto_la-sha1-macosx-x86_64.lo \
	sha/libcrypto_la-sha256-macosx-x86_64.lo \
	sha/libcrypto_la-sha512-macosx-x86_64.lo \
	whrlpool/libcrypto_la-wp-macosx-x86_64.lo \
	libcrypto_la-cpuid-macosx-x86_64.lo
@HOST_ASM_MACOSX_X86_64_TRUE@am__objects_29 = $(am__objects_28)
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@am__objects_30 = aes/libcrypto_la-aes_cbc.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	aes/libcrypto_la-aes_core.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/libcrypto_la-camellia.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	camellia/libcrypto_la-cmll_cbc.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/libcrypto_la-rc4_enc.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	rc4/libcrypto_la-rc4_skey.lo \
@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@	whrlpool/libcrypto_la-wp_block.lo
@HOST_WIN_FALSE@am__objects_31 = bio/libcrypto_la-b_posix.lo
@HOST_WIN_TRUE@am__objects_32 = bio/libcrypto_la-b_win.lo
@HOST_WIN_FALSE@am__objects_33 = bio/libcrypto_la-bss_log.lo
@HOST_WIN_FALSE@am__objects_34 = ui/libcrypto_la-ui_openssl.lo
@HOST_WIN_TRUE@am__objects_35 = ui/libcrypto_la-ui_openssl_win.lo
am_libcrypto_la_OBJECTS = $(am__objects_27) $(am__objects_29) \
	$(am__objects_30) libcrypto_la-cpt_err.lo \
	libcrypto_la-cryptlib.lo libcrypto_la-cversion.lo \
	libcrypto_la-ex_data.lo libcrypto_la-malloc-wrapper.lo \
	libcrypto_la-mem_clr.lo libcrypto_la-mem_dbg.lo \
	libcrypto_la-o_init.lo libcrypto_la-o_str.lo \
	libcrypto_la-o_time.lo aes/libcrypto_la-aes_cfb.lo \
	aes/libcrypto_la-aes_ctr.lo aes/libcrypto_la-aes_ecb.lo \
	aes/libcrypto_la-aes_ige.lo aes/libcrypto_la-aes_misc.lo \
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
	asn1/libcrypto_la-x_pkey.lo asn1/libcrypto_la-x_pubkey.lo \
	asn1/libcrypto_la-x_req.lo asn1/libcrypto_la-x_sig.lo \
	asn1/libcrypto_la-x_spki.lo asn1/libcrypto_la-x_val.lo \
	asn1/libcrypto_la-x_x509.lo asn1/libcrypto_la-x_x509a.lo \
	bf/libcrypto_la-bf_cfb64.lo bf/libcrypto_la-bf_ecb.lo \
	bf/libcrypto_la-bf_enc.lo bf/libcrypto_la-bf_ofb64.lo \
	bf/libcrypto_la-bf_skey.lo bio/libcrypto_la-b_dump.lo \
	$(am__objects_28) bio/libcrypto_la-b_print.lo \
	bio/libcrypto_la-b_sock.lo $(am__objects_29) \
	bio/libcrypto_la-bf_buff.lo bio/libcrypto_la-bf_nbio.lo \
	bio/libcrypto_la-bf_null.lo bio/libcrypto_la-bio_cb.lo \
	bio/libcrypto_la-bio_err.lo bio/libcrypto_la-bio_lib.lo \
	bio/libcrypto_la-bss_acpt.lo bio/libcrypto_la-bss_bio.lo \
	bio/libcrypto_la-bss_conn.lo bio/libcrypto_la-bss_dgram.lo \
	bio/libcrypto_la-bss_fd.lo bio/libcrypto_la-bss_file.lo \
	$(am__objects_30) bio/libcrypto_la-bss_mem.lo \
	bio/libcrypto_la-bss_null.lo bio/libcrypto_la-bss_sock.lo \
	bn/libcrypto_la-bn_add.lo bn/libcrypto_la-bn_asm.lo \
	bn/libcrypto_la-bn_blind.lo bn/libcrypto_la-bn_const.lo \
	bn/libcrypto_la-bn_ctx.lo bn/libcrypto_la-bn_depr.lo \
	bn/libcrypto_la-bn_div.lo bn/libcrypto_la-bn_err.lo \
	bn/libcrypto_la-bn_exp.lo bn/libcrypto_la-bn_exp2.lo \
	bn/libcrypto_la-bn_gcd.lo bn/libcrypto_la-bn_gf2m.lo \







|
|






|







538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
	asn1/libcrypto_la-x_pkey.lo asn1/libcrypto_la-x_pubkey.lo \
	asn1/libcrypto_la-x_req.lo asn1/libcrypto_la-x_sig.lo \
	asn1/libcrypto_la-x_spki.lo asn1/libcrypto_la-x_val.lo \
	asn1/libcrypto_la-x_x509.lo asn1/libcrypto_la-x_x509a.lo \
	bf/libcrypto_la-bf_cfb64.lo bf/libcrypto_la-bf_ecb.lo \
	bf/libcrypto_la-bf_enc.lo bf/libcrypto_la-bf_ofb64.lo \
	bf/libcrypto_la-bf_skey.lo bio/libcrypto_la-b_dump.lo \
	$(am__objects_31) bio/libcrypto_la-b_print.lo \
	bio/libcrypto_la-b_sock.lo $(am__objects_32) \
	bio/libcrypto_la-bf_buff.lo bio/libcrypto_la-bf_nbio.lo \
	bio/libcrypto_la-bf_null.lo bio/libcrypto_la-bio_cb.lo \
	bio/libcrypto_la-bio_err.lo bio/libcrypto_la-bio_lib.lo \
	bio/libcrypto_la-bss_acpt.lo bio/libcrypto_la-bss_bio.lo \
	bio/libcrypto_la-bss_conn.lo bio/libcrypto_la-bss_dgram.lo \
	bio/libcrypto_la-bss_fd.lo bio/libcrypto_la-bss_file.lo \
	$(am__objects_33) bio/libcrypto_la-bss_mem.lo \
	bio/libcrypto_la-bss_null.lo bio/libcrypto_la-bss_sock.lo \
	bn/libcrypto_la-bn_add.lo bn/libcrypto_la-bn_asm.lo \
	bn/libcrypto_la-bn_blind.lo bn/libcrypto_la-bn_const.lo \
	bn/libcrypto_la-bn_ctx.lo bn/libcrypto_la-bn_depr.lo \
	bn/libcrypto_la-bn_div.lo bn/libcrypto_la-bn_err.lo \
	bn/libcrypto_la-bn_exp.lo bn/libcrypto_la-bn_exp2.lo \
	bn/libcrypto_la-bn_gcd.lo bn/libcrypto_la-bn_gf2m.lo \
550
551
552
553
554
555
556
557



558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589

590
591

592

593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
	chacha/libcrypto_la-chacha.lo cmac/libcrypto_la-cm_ameth.lo \
	cmac/libcrypto_la-cm_pmeth.lo cmac/libcrypto_la-cmac.lo \
	comp/libcrypto_la-c_rle.lo comp/libcrypto_la-c_zlib.lo \
	comp/libcrypto_la-comp_err.lo comp/libcrypto_la-comp_lib.lo \
	conf/libcrypto_la-conf_api.lo conf/libcrypto_la-conf_def.lo \
	conf/libcrypto_la-conf_err.lo conf/libcrypto_la-conf_lib.lo \
	conf/libcrypto_la-conf_mall.lo conf/libcrypto_la-conf_mod.lo \
	conf/libcrypto_la-conf_sap.lo des/libcrypto_la-cbc_cksm.lo \



	des/libcrypto_la-cbc_enc.lo des/libcrypto_la-cfb64ede.lo \
	des/libcrypto_la-cfb64enc.lo des/libcrypto_la-cfb_enc.lo \
	des/libcrypto_la-des_enc.lo des/libcrypto_la-ecb3_enc.lo \
	des/libcrypto_la-ecb_enc.lo des/libcrypto_la-ede_cbcm_enc.lo \
	des/libcrypto_la-enc_read.lo des/libcrypto_la-enc_writ.lo \
	des/libcrypto_la-fcrypt.lo des/libcrypto_la-fcrypt_b.lo \
	des/libcrypto_la-ofb64ede.lo des/libcrypto_la-ofb64enc.lo \
	des/libcrypto_la-ofb_enc.lo des/libcrypto_la-pcbc_enc.lo \
	des/libcrypto_la-qud_cksm.lo des/libcrypto_la-rand_key.lo \
	des/libcrypto_la-set_key.lo des/libcrypto_la-str2key.lo \
	des/libcrypto_la-xcbc_enc.lo dh/libcrypto_la-dh_ameth.lo \
	dh/libcrypto_la-dh_asn1.lo dh/libcrypto_la-dh_check.lo \
	dh/libcrypto_la-dh_depr.lo dh/libcrypto_la-dh_err.lo \
	dh/libcrypto_la-dh_gen.lo dh/libcrypto_la-dh_key.lo \
	dh/libcrypto_la-dh_lib.lo dh/libcrypto_la-dh_pmeth.lo \
	dh/libcrypto_la-dh_prn.lo dsa/libcrypto_la-dsa_ameth.lo \
	dsa/libcrypto_la-dsa_asn1.lo dsa/libcrypto_la-dsa_depr.lo \
	dsa/libcrypto_la-dsa_err.lo dsa/libcrypto_la-dsa_gen.lo \
	dsa/libcrypto_la-dsa_key.lo dsa/libcrypto_la-dsa_lib.lo \
	dsa/libcrypto_la-dsa_ossl.lo dsa/libcrypto_la-dsa_pmeth.lo \
	dsa/libcrypto_la-dsa_prn.lo dsa/libcrypto_la-dsa_sign.lo \
	dsa/libcrypto_la-dsa_vrf.lo dso/libcrypto_la-dso_dlfcn.lo \
	dso/libcrypto_la-dso_err.lo dso/libcrypto_la-dso_lib.lo \
	dso/libcrypto_la-dso_null.lo dso/libcrypto_la-dso_openssl.lo \
	ec/libcrypto_la-ec2_mult.lo ec/libcrypto_la-ec2_oct.lo \
	ec/libcrypto_la-ec2_smpl.lo ec/libcrypto_la-ec_ameth.lo \
	ec/libcrypto_la-ec_asn1.lo ec/libcrypto_la-ec_check.lo \
	ec/libcrypto_la-ec_curve.lo ec/libcrypto_la-ec_cvt.lo \
	ec/libcrypto_la-ec_err.lo ec/libcrypto_la-ec_key.lo \
	ec/libcrypto_la-ec_lib.lo ec/libcrypto_la-ec_mult.lo \
	ec/libcrypto_la-ec_oct.lo ec/libcrypto_la-ec_pmeth.lo \
	ec/libcrypto_la-ec_print.lo ec/libcrypto_la-eck_prn.lo \

	ec/libcrypto_la-ecp_mont.lo ec/libcrypto_la-ecp_nist.lo \
	ec/libcrypto_la-ecp_oct.lo ec/libcrypto_la-ecp_smpl.lo \

	ecdh/libcrypto_la-ech_err.lo ecdh/libcrypto_la-ech_key.lo \

	ecdh/libcrypto_la-ech_lib.lo ecdsa/libcrypto_la-ecs_asn1.lo \
	ecdsa/libcrypto_la-ecs_err.lo ecdsa/libcrypto_la-ecs_lib.lo \
	ecdsa/libcrypto_la-ecs_ossl.lo ecdsa/libcrypto_la-ecs_sign.lo \
	ecdsa/libcrypto_la-ecs_vrf.lo engine/libcrypto_la-eng_all.lo \
	engine/libcrypto_la-eng_cnf.lo engine/libcrypto_la-eng_ctrl.lo \
	engine/libcrypto_la-eng_dyn.lo engine/libcrypto_la-eng_err.lo \
	engine/libcrypto_la-eng_fat.lo engine/libcrypto_la-eng_init.lo \
	engine/libcrypto_la-eng_lib.lo engine/libcrypto_la-eng_list.lo \
	engine/libcrypto_la-eng_openssl.lo \
	engine/libcrypto_la-eng_pkey.lo \
	engine/libcrypto_la-eng_table.lo \
	engine/libcrypto_la-tb_asnmth.lo \
	engine/libcrypto_la-tb_cipher.lo engine/libcrypto_la-tb_dh.lo \
	engine/libcrypto_la-tb_digest.lo engine/libcrypto_la-tb_dsa.lo \
	engine/libcrypto_la-tb_ecdh.lo engine/libcrypto_la-tb_ecdsa.lo \







|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
>
|
>
|
|
|
|
|
|
|
|







578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
	chacha/libcrypto_la-chacha.lo cmac/libcrypto_la-cm_ameth.lo \
	cmac/libcrypto_la-cm_pmeth.lo cmac/libcrypto_la-cmac.lo \
	comp/libcrypto_la-c_rle.lo comp/libcrypto_la-c_zlib.lo \
	comp/libcrypto_la-comp_err.lo comp/libcrypto_la-comp_lib.lo \
	conf/libcrypto_la-conf_api.lo conf/libcrypto_la-conf_def.lo \
	conf/libcrypto_la-conf_err.lo conf/libcrypto_la-conf_lib.lo \
	conf/libcrypto_la-conf_mall.lo conf/libcrypto_la-conf_mod.lo \
	conf/libcrypto_la-conf_sap.lo \
	curve25519/libcrypto_la-curve25519-generic.lo \
	curve25519/libcrypto_la-curve25519.lo \
	des/libcrypto_la-cbc_cksm.lo des/libcrypto_la-cbc_enc.lo \
	des/libcrypto_la-cfb64ede.lo des/libcrypto_la-cfb64enc.lo \
	des/libcrypto_la-cfb_enc.lo des/libcrypto_la-des_enc.lo \
	des/libcrypto_la-ecb3_enc.lo des/libcrypto_la-ecb_enc.lo \
	des/libcrypto_la-ede_cbcm_enc.lo des/libcrypto_la-enc_read.lo \
	des/libcrypto_la-enc_writ.lo des/libcrypto_la-fcrypt.lo \
	des/libcrypto_la-fcrypt_b.lo des/libcrypto_la-ofb64ede.lo \
	des/libcrypto_la-ofb64enc.lo des/libcrypto_la-ofb_enc.lo \
	des/libcrypto_la-pcbc_enc.lo des/libcrypto_la-qud_cksm.lo \
	des/libcrypto_la-rand_key.lo des/libcrypto_la-set_key.lo \
	des/libcrypto_la-str2key.lo des/libcrypto_la-xcbc_enc.lo \
	dh/libcrypto_la-dh_ameth.lo dh/libcrypto_la-dh_asn1.lo \
	dh/libcrypto_la-dh_check.lo dh/libcrypto_la-dh_depr.lo \
	dh/libcrypto_la-dh_err.lo dh/libcrypto_la-dh_gen.lo \
	dh/libcrypto_la-dh_key.lo dh/libcrypto_la-dh_lib.lo \
	dh/libcrypto_la-dh_pmeth.lo dh/libcrypto_la-dh_prn.lo \
	dsa/libcrypto_la-dsa_ameth.lo dsa/libcrypto_la-dsa_asn1.lo \
	dsa/libcrypto_la-dsa_depr.lo dsa/libcrypto_la-dsa_err.lo \
	dsa/libcrypto_la-dsa_gen.lo dsa/libcrypto_la-dsa_key.lo \
	dsa/libcrypto_la-dsa_lib.lo dsa/libcrypto_la-dsa_ossl.lo \
	dsa/libcrypto_la-dsa_pmeth.lo dsa/libcrypto_la-dsa_prn.lo \
	dsa/libcrypto_la-dsa_sign.lo dsa/libcrypto_la-dsa_vrf.lo \
	dso/libcrypto_la-dso_dlfcn.lo dso/libcrypto_la-dso_err.lo \
	dso/libcrypto_la-dso_lib.lo dso/libcrypto_la-dso_null.lo \
	dso/libcrypto_la-dso_openssl.lo ec/libcrypto_la-ec2_mult.lo \
	ec/libcrypto_la-ec2_oct.lo ec/libcrypto_la-ec2_smpl.lo \
	ec/libcrypto_la-ec_ameth.lo ec/libcrypto_la-ec_asn1.lo \
	ec/libcrypto_la-ec_check.lo ec/libcrypto_la-ec_curve.lo \
	ec/libcrypto_la-ec_cvt.lo ec/libcrypto_la-ec_err.lo \
	ec/libcrypto_la-ec_key.lo ec/libcrypto_la-ec_lib.lo \
	ec/libcrypto_la-ec_mult.lo ec/libcrypto_la-ec_oct.lo \
	ec/libcrypto_la-ec_pmeth.lo ec/libcrypto_la-ec_print.lo \
	ec/libcrypto_la-eck_prn.lo ec/libcrypto_la-ecp_mont.lo \
	ec/libcrypto_la-ecp_nist.lo ec/libcrypto_la-ecp_nistp224.lo \
	ec/libcrypto_la-ecp_nistp256.lo \
	ec/libcrypto_la-ecp_nistp521.lo \
	ec/libcrypto_la-ecp_nistputil.lo ec/libcrypto_la-ecp_oct.lo \
	ec/libcrypto_la-ecp_smpl.lo ecdh/libcrypto_la-ech_err.lo \
	ecdh/libcrypto_la-ech_key.lo ecdh/libcrypto_la-ech_lib.lo \
	ecdsa/libcrypto_la-ecs_asn1.lo ecdsa/libcrypto_la-ecs_err.lo \
	ecdsa/libcrypto_la-ecs_lib.lo ecdsa/libcrypto_la-ecs_ossl.lo \
	ecdsa/libcrypto_la-ecs_sign.lo ecdsa/libcrypto_la-ecs_vrf.lo \
	engine/libcrypto_la-eng_all.lo engine/libcrypto_la-eng_cnf.lo \
	engine/libcrypto_la-eng_ctrl.lo engine/libcrypto_la-eng_dyn.lo \
	engine/libcrypto_la-eng_err.lo engine/libcrypto_la-eng_fat.lo \
	engine/libcrypto_la-eng_init.lo engine/libcrypto_la-eng_lib.lo \
	engine/libcrypto_la-eng_list.lo \
	engine/libcrypto_la-eng_openssl.lo \
	engine/libcrypto_la-eng_pkey.lo \
	engine/libcrypto_la-eng_table.lo \
	engine/libcrypto_la-tb_asnmth.lo \
	engine/libcrypto_la-tb_cipher.lo engine/libcrypto_la-tb_dh.lo \
	engine/libcrypto_la-tb_digest.lo engine/libcrypto_la-tb_dsa.lo \
	engine/libcrypto_la-tb_ecdh.lo engine/libcrypto_la-tb_ecdsa.lo \
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
	evp/libcrypto_la-evp_aead.lo evp/libcrypto_la-evp_enc.lo \
	evp/libcrypto_la-evp_err.lo evp/libcrypto_la-evp_key.lo \
	evp/libcrypto_la-evp_lib.lo evp/libcrypto_la-evp_pbe.lo \
	evp/libcrypto_la-evp_pkey.lo evp/libcrypto_la-m_dss.lo \
	evp/libcrypto_la-m_dss1.lo evp/libcrypto_la-m_ecdsa.lo \
	evp/libcrypto_la-m_gost2814789.lo \
	evp/libcrypto_la-m_gostr341194.lo evp/libcrypto_la-m_md4.lo \
	evp/libcrypto_la-m_md5.lo evp/libcrypto_la-m_null.lo \
	evp/libcrypto_la-m_ripemd.lo evp/libcrypto_la-m_sha1.lo \
	evp/libcrypto_la-m_sigver.lo evp/libcrypto_la-m_streebog.lo \
	evp/libcrypto_la-m_wp.lo evp/libcrypto_la-names.lo \
	evp/libcrypto_la-p5_crpt.lo evp/libcrypto_la-p5_crpt2.lo \
	evp/libcrypto_la-p_dec.lo evp/libcrypto_la-p_enc.lo \
	evp/libcrypto_la-p_lib.lo evp/libcrypto_la-p_open.lo \
	evp/libcrypto_la-p_seal.lo evp/libcrypto_la-p_sign.lo \
	evp/libcrypto_la-p_verify.lo evp/libcrypto_la-pmeth_fn.lo \
	evp/libcrypto_la-pmeth_gn.lo evp/libcrypto_la-pmeth_lib.lo \
	gost/libcrypto_la-gost2814789.lo \
	gost/libcrypto_la-gost89_keywrap.lo \
	gost/libcrypto_la-gost89_params.lo \
	gost/libcrypto_la-gost89imit_ameth.lo \
	gost/libcrypto_la-gost89imit_pmeth.lo \
	gost/libcrypto_la-gost_asn1.lo gost/libcrypto_la-gost_err.lo \
	gost/libcrypto_la-gostr341001.lo \
	gost/libcrypto_la-gostr341001_ameth.lo \
	gost/libcrypto_la-gostr341001_key.lo \
	gost/libcrypto_la-gostr341001_params.lo \
	gost/libcrypto_la-gostr341001_pmeth.lo \
	gost/libcrypto_la-gostr341194.lo gost/libcrypto_la-streebog.lo \
	hmac/libcrypto_la-hm_ameth.lo hmac/libcrypto_la-hm_pmeth.lo \
	hmac/libcrypto_la-hmac.lo idea/libcrypto_la-i_cbc.lo \
	idea/libcrypto_la-i_cfb64.lo idea/libcrypto_la-i_ecb.lo \
	idea/libcrypto_la-i_ofb64.lo idea/libcrypto_la-i_skey.lo \
	krb5/libcrypto_la-krb5_asn.lo lhash/libcrypto_la-lh_stats.lo \
	lhash/libcrypto_la-lhash.lo md4/libcrypto_la-md4_dgst.lo \
	md4/libcrypto_la-md4_one.lo md5/libcrypto_la-md5_dgst.lo \
	md5/libcrypto_la-md5_one.lo modes/libcrypto_la-cbc128.lo \
	modes/libcrypto_la-ccm128.lo modes/libcrypto_la-cfb128.lo \
	modes/libcrypto_la-ctr128.lo modes/libcrypto_la-cts128.lo \
	modes/libcrypto_la-gcm128.lo modes/libcrypto_la-ofb128.lo \
	modes/libcrypto_la-xts128.lo objects/libcrypto_la-o_names.lo \
	objects/libcrypto_la-obj_dat.lo \
	objects/libcrypto_la-obj_err.lo \
	objects/libcrypto_la-obj_lib.lo \
	objects/libcrypto_la-obj_xref.lo ocsp/libcrypto_la-ocsp_asn.lo \
	ocsp/libcrypto_la-ocsp_cl.lo ocsp/libcrypto_la-ocsp_err.lo \
	ocsp/libcrypto_la-ocsp_ext.lo ocsp/libcrypto_la-ocsp_ht.lo \
	ocsp/libcrypto_la-ocsp_lib.lo ocsp/libcrypto_la-ocsp_prn.lo \







|
|
|
|
|
|
|
|
|
|
|















|
|
|
|
|
|
|
|







659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
	evp/libcrypto_la-evp_aead.lo evp/libcrypto_la-evp_enc.lo \
	evp/libcrypto_la-evp_err.lo evp/libcrypto_la-evp_key.lo \
	evp/libcrypto_la-evp_lib.lo evp/libcrypto_la-evp_pbe.lo \
	evp/libcrypto_la-evp_pkey.lo evp/libcrypto_la-m_dss.lo \
	evp/libcrypto_la-m_dss1.lo evp/libcrypto_la-m_ecdsa.lo \
	evp/libcrypto_la-m_gost2814789.lo \
	evp/libcrypto_la-m_gostr341194.lo evp/libcrypto_la-m_md4.lo \
	evp/libcrypto_la-m_md5.lo evp/libcrypto_la-m_md5_sha1.lo \
	evp/libcrypto_la-m_null.lo evp/libcrypto_la-m_ripemd.lo \
	evp/libcrypto_la-m_sha1.lo evp/libcrypto_la-m_sigver.lo \
	evp/libcrypto_la-m_streebog.lo evp/libcrypto_la-m_wp.lo \
	evp/libcrypto_la-names.lo evp/libcrypto_la-p5_crpt.lo \
	evp/libcrypto_la-p5_crpt2.lo evp/libcrypto_la-p_dec.lo \
	evp/libcrypto_la-p_enc.lo evp/libcrypto_la-p_lib.lo \
	evp/libcrypto_la-p_open.lo evp/libcrypto_la-p_seal.lo \
	evp/libcrypto_la-p_sign.lo evp/libcrypto_la-p_verify.lo \
	evp/libcrypto_la-pmeth_fn.lo evp/libcrypto_la-pmeth_gn.lo \
	evp/libcrypto_la-pmeth_lib.lo gost/libcrypto_la-gost2814789.lo \
	gost/libcrypto_la-gost89_keywrap.lo \
	gost/libcrypto_la-gost89_params.lo \
	gost/libcrypto_la-gost89imit_ameth.lo \
	gost/libcrypto_la-gost89imit_pmeth.lo \
	gost/libcrypto_la-gost_asn1.lo gost/libcrypto_la-gost_err.lo \
	gost/libcrypto_la-gostr341001.lo \
	gost/libcrypto_la-gostr341001_ameth.lo \
	gost/libcrypto_la-gostr341001_key.lo \
	gost/libcrypto_la-gostr341001_params.lo \
	gost/libcrypto_la-gostr341001_pmeth.lo \
	gost/libcrypto_la-gostr341194.lo gost/libcrypto_la-streebog.lo \
	hmac/libcrypto_la-hm_ameth.lo hmac/libcrypto_la-hm_pmeth.lo \
	hmac/libcrypto_la-hmac.lo idea/libcrypto_la-i_cbc.lo \
	idea/libcrypto_la-i_cfb64.lo idea/libcrypto_la-i_ecb.lo \
	idea/libcrypto_la-i_ofb64.lo idea/libcrypto_la-i_skey.lo \
	lhash/libcrypto_la-lh_stats.lo lhash/libcrypto_la-lhash.lo \
	md4/libcrypto_la-md4_dgst.lo md4/libcrypto_la-md4_one.lo \
	md5/libcrypto_la-md5_dgst.lo md5/libcrypto_la-md5_one.lo \
	modes/libcrypto_la-cbc128.lo modes/libcrypto_la-ccm128.lo \
	modes/libcrypto_la-cfb128.lo modes/libcrypto_la-ctr128.lo \
	modes/libcrypto_la-cts128.lo modes/libcrypto_la-gcm128.lo \
	modes/libcrypto_la-ofb128.lo modes/libcrypto_la-xts128.lo \
	objects/libcrypto_la-o_names.lo \
	objects/libcrypto_la-obj_dat.lo \
	objects/libcrypto_la-obj_err.lo \
	objects/libcrypto_la-obj_lib.lo \
	objects/libcrypto_la-obj_xref.lo ocsp/libcrypto_la-ocsp_asn.lo \
	ocsp/libcrypto_la-ocsp_cl.lo ocsp/libcrypto_la-ocsp_err.lo \
	ocsp/libcrypto_la-ocsp_ext.lo ocsp/libcrypto_la-ocsp_ht.lo \
	ocsp/libcrypto_la-ocsp_lib.lo ocsp/libcrypto_la-ocsp_prn.lo \
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
	ts/libcrypto_la-ts_req_print.lo \
	ts/libcrypto_la-ts_req_utils.lo \
	ts/libcrypto_la-ts_rsp_print.lo ts/libcrypto_la-ts_rsp_sign.lo \
	ts/libcrypto_la-ts_rsp_utils.lo \
	ts/libcrypto_la-ts_rsp_verify.lo \
	ts/libcrypto_la-ts_verify_ctx.lo txt_db/libcrypto_la-txt_db.lo \
	ui/libcrypto_la-ui_err.lo ui/libcrypto_la-ui_lib.lo \
	$(am__objects_31) $(am__objects_32) ui/libcrypto_la-ui_util.lo \
	whrlpool/libcrypto_la-wp_dgst.lo x509/libcrypto_la-by_dir.lo \
	x509/libcrypto_la-by_file.lo x509/libcrypto_la-by_mem.lo \
	x509/libcrypto_la-x509_att.lo x509/libcrypto_la-x509_cmp.lo \
	x509/libcrypto_la-x509_d2.lo x509/libcrypto_la-x509_def.lo \
	x509/libcrypto_la-x509_err.lo x509/libcrypto_la-x509_ext.lo \
	x509/libcrypto_la-x509_lu.lo x509/libcrypto_la-x509_obj.lo \
	x509/libcrypto_la-x509_r2x.lo x509/libcrypto_la-x509_req.lo \







|







748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
	ts/libcrypto_la-ts_req_print.lo \
	ts/libcrypto_la-ts_req_utils.lo \
	ts/libcrypto_la-ts_rsp_print.lo ts/libcrypto_la-ts_rsp_sign.lo \
	ts/libcrypto_la-ts_rsp_utils.lo \
	ts/libcrypto_la-ts_rsp_verify.lo \
	ts/libcrypto_la-ts_verify_ctx.lo txt_db/libcrypto_la-txt_db.lo \
	ui/libcrypto_la-ui_err.lo ui/libcrypto_la-ui_lib.lo \
	$(am__objects_34) $(am__objects_35) ui/libcrypto_la-ui_util.lo \
	whrlpool/libcrypto_la-wp_dgst.lo x509/libcrypto_la-by_dir.lo \
	x509/libcrypto_la-by_file.lo x509/libcrypto_la-by_mem.lo \
	x509/libcrypto_la-x509_att.lo x509/libcrypto_la-x509_cmp.lo \
	x509/libcrypto_la-x509_d2.lo x509/libcrypto_la-x509_def.lo \
	x509/libcrypto_la-x509_err.lo x509/libcrypto_la-x509_ext.lo \
	x509/libcrypto_la-x509_lu.lo x509/libcrypto_la-x509_obj.lo \
	x509/libcrypto_la-x509_r2x.lo x509/libcrypto_la-x509_req.lo \
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
	$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo "  CCLD    " $@;
am__v_CCLD_1 = 
CCASCOMPILE = $(CCAS) $(AM_CCASFLAGS) $(CCASFLAGS)
LTCCASCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=compile $(CCAS) $(AM_CCASFLAGS) \
	$(CCASFLAGS)
AM_V_CCAS = $(am__v_CCAS_@AM_V@)
am__v_CCAS_ = $(am__v_CCAS_@AM_DEFAULT_V@)
am__v_CCAS_0 = @echo "  CCAS    " $@;
am__v_CCAS_1 = 
SOURCES = $(libcompat_la_SOURCES) $(libcompatnoopt_la_SOURCES) \
	$(libcrypto_la_SOURCES) $(EXTRA_libcrypto_la_SOURCES)
DIST_SOURCES = $(am__libcompat_la_SOURCES_DIST) \
	$(am__libcompatnoopt_la_SOURCES_DIST) \
	$(am__libcrypto_la_SOURCES_DIST) $(EXTRA_libcrypto_la_SOURCES)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \







<
<
<
<
<
<
<
<







828
829
830
831
832
833
834








835
836
837
838
839
840
841
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
	$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo "  CCLD    " $@;
am__v_CCLD_1 = 








SOURCES = $(libcompat_la_SOURCES) $(libcompatnoopt_la_SOURCES) \
	$(libcrypto_la_SOURCES) $(EXTRA_libcrypto_la_SOURCES)
DIST_SOURCES = $(am__libcompat_la_SOURCES_DIST) \
	$(am__libcompatnoopt_la_SOURCES_DIST) \
	$(am__libcrypto_la_SOURCES_DIST) $(EXTRA_libcrypto_la_SOURCES)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.am.arc4random \
	$(srcdir)/Makefile.am.elf-x86_64 \
	$(srcdir)/Makefile.am.macosx-x86_64 $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.am.arc4random \
	$(srcdir)/Makefile.am.elf-x86_64 \
	$(srcdir)/Makefile.am.macosx-x86_64 $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
866
867
868
869
870
871
872

873
874
875
876
877
878
879
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
962
963
964
965
966
967
968

969
970
971
972
973
974
975
976


977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995

996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007

1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \

	-DLIBRESSL_INTERNAL -I$(top_srcdir)/crypto/asn1 \
	-I$(top_srcdir)/crypto/evp -I$(top_srcdir)/crypto/modes \
	-I$(top_srcdir)/crypto
lib_LTLIBRARIES = libcrypto.la

# needed for a CMake target
EXTRA_DIST = VERSION CMakeLists.txt compat/strcasecmp.c \
	$(ASM_X86_64_ELF) $(ASM_X86_64_MACOSX)


libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
libcrypto_la_LIBADD = libcompat.la $(am__append_1)
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \
	-DOPENSSL_NO_HW_PADLOCK $(am__append_2) $(am__append_3) \
	$(am__append_4) $(am__append_5) $(am__append_29) \
	$(am__append_31)
noinst_LTLIBRARIES = libcompat.la $(am__append_6)
@HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_CFLAGS = -O0
@HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_SOURCES =  \
@HAVE_EXPLICIT_BZERO_FALSE@	$(am__append_7) $(am__append_8)

# other compatibility functions
libcompat_la_SOURCES = $(am__append_9) $(am__append_10) \
	$(am__append_11) $(am__append_12) $(am__append_13) \
	$(am__append_14) $(am__append_15) $(am__append_16) \
	$(am__append_17) $(am__append_18) $(am__append_19) \
	$(am__append_20) $(am__append_21) $(am__append_22) \
	$(am__append_23) $(am__append_24) $(am__append_25) \
	$(am__append_26) $(am__append_27) $(am__append_28)

libcompat_la_LIBADD = $(PLATFORM_LDADD)

# rc4
noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \
	compat/arc4random_freebsd.h compat/arc4random_hpux.h \
	compat/arc4random_linux.h compat/arc4random_netbsd.h \
	compat/arc4random_osx.h compat/arc4random_solaris.h \
	compat/arc4random_win.h compat/chacha_private.h \
	constant_time_locl.h cryptlib.h md32_common.h o_time.h \
	aes/aes_locl.h asn1/asn1_locl.h asn1/charmap.h bf/bf_locl.h \
	bf/bf_pi.h bn/bn_lcl.h bn/bn_prime.h camellia/camellia.h \
	camellia/cmll_locl.h cast/cast_lcl.h cast/cast_s.h \

	conf/conf_def.h des/des_locl.h des/spr.h dsa/dsa_locl.h \
	ec/ec_lcl.h ecdh/ech_locl.h ecdsa/ecs_locl.h engine/eng_int.h \
	evp/evp_locl.h gost/gost.h gost/gost_asn1.h gost/gost_locl.h \
	idea/idea_lcl.h md4/md4_locl.h md5/md5_locl.h \
	modes/modes_lcl.h objects/obj_dat.h objects/obj_xref.h \
	rc2/rc2_locl.h rc4/rc4_locl.h ripemd/rmd_locl.h \
	ripemd/rmdconst.h rsa/rsa_locl.h sha/sha_locl.h ui/ui_locl.h \
	whrlpool/wp_locl.h x509/x509_lcl.h x509v3/ext_dat.h \
	x509v3/pcy_int.h

# aes

# asn1

# bf








>
|
|
|



|

>
>
|



|
|












|
>









|
|
|
>
|
|





|
|







989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS= -I$(top_srcdir)/crypto/asn1 \
	-I$(top_srcdir)/crypto/bn -I$(top_srcdir)/crypto/evp \
	-I$(top_srcdir)/crypto/modes -I$(top_srcdir)/crypto
lib_LTLIBRARIES = libcrypto.la

# needed for a CMake target
EXTRA_DIST = VERSION CMakeLists.txt crypto.sym compat/strcasecmp.c \
	$(ASM_X86_64_ELF) $(ASM_X86_64_MACOSX)
BUILT_SOURCES = crypto_portable.sym
CLEANFILES = crypto_portable.sym
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la $(am__append_1)
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \
	-DOPENSSL_NO_HW_PADLOCK $(am__append_2) $(am__append_3) \
	$(am__append_4) $(am__append_5) $(am__append_32) \
	$(am__append_34)
noinst_LTLIBRARIES = libcompat.la $(am__append_6)
@HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_CFLAGS = -O0
@HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_SOURCES =  \
@HAVE_EXPLICIT_BZERO_FALSE@	$(am__append_7) $(am__append_8)

# other compatibility functions
libcompat_la_SOURCES = $(am__append_9) $(am__append_10) \
	$(am__append_11) $(am__append_12) $(am__append_13) \
	$(am__append_14) $(am__append_15) $(am__append_16) \
	$(am__append_17) $(am__append_18) $(am__append_19) \
	$(am__append_20) $(am__append_21) $(am__append_22) \
	$(am__append_23) $(am__append_24) $(am__append_25) \
	$(am__append_26) $(am__append_27) $(am__append_28) \
	$(am__append_29) $(am__append_30) $(am__append_31)
libcompat_la_LIBADD = $(PLATFORM_LDADD)

# rc4
noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \
	compat/arc4random_freebsd.h compat/arc4random_hpux.h \
	compat/arc4random_linux.h compat/arc4random_netbsd.h \
	compat/arc4random_osx.h compat/arc4random_solaris.h \
	compat/arc4random_win.h compat/chacha_private.h \
	constant_time_locl.h cryptlib.h md32_common.h o_time.h \
	x86_arch.h aes/aes_locl.h asn1/asn1_locl.h asn1/charmap.h \
	bf/bf_locl.h bf/bf_pi.h bn/bn_lcl.h bn/bn_prime.h \
	camellia/camellia.h camellia/cmll_locl.h cast/cast_lcl.h \
	cast/cast_s.h conf/conf_def.h curve25519/curve25519_internal.h \
	des/des_locl.h des/spr.h dsa/dsa_locl.h ec/ec_lcl.h \
	ecdh/ech_locl.h ecdsa/ecs_locl.h engine/eng_int.h \
	evp/evp_locl.h gost/gost.h gost/gost_asn1.h gost/gost_locl.h \
	idea/idea_lcl.h md4/md4_locl.h md5/md5_locl.h \
	modes/modes_lcl.h objects/obj_dat.h objects/obj_xref.h \
	rc2/rc2_locl.h rc4/rc4_locl.h ripemd/rmd_locl.h \
	ripemd/rmdconst.h rsa/rsa_locl.h sha/sha_locl.h ui/ui_locl.h \
	whrlpool/wp_locl.h x509/x509_lcl.h x509/vpm_int.h \
	x509v3/ext_dat.h x509v3/pcy_int.h

# aes

# asn1

# bf

1032
1033
1034
1035
1036
1037
1038


1039
1040
1041
1042
1043
1044
1045
# cast

# cmac

# comp

# conf



# des

# dh

# dsa








>
>







1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
# cast

# cmac

# comp

# conf

# curve25519

# des

# dh

# dsa

1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074

# gost

# hmac

# idea

# krb5

# lhash

# md4

# md5

# modes







<
<







1093
1094
1095
1096
1097
1098
1099


1100
1101
1102
1103
1104
1105
1106

# gost

# hmac

# idea



# lhash

# md4

# md5

# modes
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
# ui

# whrlpool

# x509

# x509v3
libcrypto_la_SOURCES = $(am__append_30) $(am__append_32) \
	$(am__append_33) cpt_err.c cryptlib.c cversion.c ex_data.c \
	malloc-wrapper.c mem_clr.c mem_dbg.c o_init.c o_str.c o_time.c \
	aes/aes_cfb.c aes/aes_ctr.c aes/aes_ecb.c aes/aes_ige.c \
	aes/aes_misc.c aes/aes_ofb.c aes/aes_wrap.c asn1/a_bitstr.c \
	asn1/a_bool.c asn1/a_bytes.c asn1/a_d2i_fp.c asn1/a_digest.c \
	asn1/a_dup.c asn1/a_enum.c asn1/a_i2d_fp.c asn1/a_int.c \
	asn1/a_mbstr.c asn1/a_object.c asn1/a_octet.c asn1/a_print.c \
	asn1/a_set.c asn1/a_sign.c asn1/a_strex.c asn1/a_strnid.c \







|
|







1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
# ui

# whrlpool

# x509

# x509v3
libcrypto_la_SOURCES = $(am__append_33) $(am__append_35) \
	$(am__append_36) cpt_err.c cryptlib.c cversion.c ex_data.c \
	malloc-wrapper.c mem_clr.c mem_dbg.c o_init.c o_str.c o_time.c \
	aes/aes_cfb.c aes/aes_ctr.c aes/aes_ecb.c aes/aes_ige.c \
	aes/aes_misc.c aes/aes_ofb.c aes/aes_wrap.c asn1/a_bitstr.c \
	asn1/a_bool.c asn1/a_bytes.c asn1/a_d2i_fp.c asn1/a_digest.c \
	asn1/a_dup.c asn1/a_enum.c asn1/a_i2d_fp.c asn1/a_int.c \
	asn1/a_mbstr.c asn1/a_object.c asn1/a_octet.c asn1/a_print.c \
	asn1/a_set.c asn1/a_sign.c asn1/a_strex.c asn1/a_strnid.c \
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154

1155

1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170

1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194

1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
	asn1/tasn_fre.c asn1/tasn_new.c asn1/tasn_prn.c \
	asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c \
	asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c asn1/x_info.c \
	asn1/x_long.c asn1/x_name.c asn1/x_nx509.c asn1/x_pkey.c \
	asn1/x_pubkey.c asn1/x_req.c asn1/x_sig.c asn1/x_spki.c \
	asn1/x_val.c asn1/x_x509.c asn1/x_x509a.c bf/bf_cfb64.c \
	bf/bf_ecb.c bf/bf_enc.c bf/bf_ofb64.c bf/bf_skey.c \
	bio/b_dump.c $(am__append_34) bio/b_print.c bio/b_sock.c \
	$(am__append_35) bio/bf_buff.c bio/bf_nbio.c bio/bf_null.c \
	bio/bio_cb.c bio/bio_err.c bio/bio_lib.c bio/bss_acpt.c \
	bio/bss_bio.c bio/bss_conn.c bio/bss_dgram.c bio/bss_fd.c \
	bio/bss_file.c $(am__append_36) bio/bss_mem.c bio/bss_null.c \
	bio/bss_sock.c bn/bn_add.c bn/bn_asm.c bn/bn_blind.c \
	bn/bn_const.c bn/bn_ctx.c bn/bn_depr.c bn/bn_div.c bn/bn_err.c \
	bn/bn_exp.c bn/bn_exp2.c bn/bn_gcd.c bn/bn_gf2m.c bn/bn_kron.c \
	bn/bn_lib.c bn/bn_mod.c bn/bn_mont.c bn/bn_mpi.c bn/bn_mul.c \
	bn/bn_nist.c bn/bn_prime.c bn/bn_print.c bn/bn_rand.c \
	bn/bn_recp.c bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c \
	bn/bn_word.c bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \
	buffer/buffer.c camellia/cmll_cfb.c camellia/cmll_ctr.c \
	camellia/cmll_ecb.c camellia/cmll_misc.c camellia/cmll_ofb.c \
	cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c \
	cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c \
	cmac/cmac.c comp/c_rle.c comp/c_zlib.c comp/comp_err.c \
	comp/comp_lib.c conf/conf_api.c conf/conf_def.c \
	conf/conf_err.c conf/conf_lib.c conf/conf_mall.c \
	conf/conf_mod.c conf/conf_sap.c des/cbc_cksm.c des/cbc_enc.c \

	des/cfb64ede.c des/cfb64enc.c des/cfb_enc.c des/des_enc.c \

	des/ecb3_enc.c des/ecb_enc.c des/ede_cbcm_enc.c des/enc_read.c \
	des/enc_writ.c des/fcrypt.c des/fcrypt_b.c des/ofb64ede.c \
	des/ofb64enc.c des/ofb_enc.c des/pcbc_enc.c des/qud_cksm.c \
	des/rand_key.c des/set_key.c des/str2key.c des/xcbc_enc.c \
	dh/dh_ameth.c dh/dh_asn1.c dh/dh_check.c dh/dh_depr.c \
	dh/dh_err.c dh/dh_gen.c dh/dh_key.c dh/dh_lib.c dh/dh_pmeth.c \
	dh/dh_prn.c dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_depr.c \
	dsa/dsa_err.c dsa/dsa_gen.c dsa/dsa_key.c dsa/dsa_lib.c \
	dsa/dsa_ossl.c dsa/dsa_pmeth.c dsa/dsa_prn.c dsa/dsa_sign.c \
	dsa/dsa_vrf.c dso/dso_dlfcn.c dso/dso_err.c dso/dso_lib.c \
	dso/dso_null.c dso/dso_openssl.c ec/ec2_mult.c ec/ec2_oct.c \
	ec/ec2_smpl.c ec/ec_ameth.c ec/ec_asn1.c ec/ec_check.c \
	ec/ec_curve.c ec/ec_cvt.c ec/ec_err.c ec/ec_key.c ec/ec_lib.c \
	ec/ec_mult.c ec/ec_oct.c ec/ec_pmeth.c ec/ec_print.c \
	ec/eck_prn.c ec/ecp_mont.c ec/ecp_nist.c ec/ecp_oct.c \

	ec/ecp_smpl.c ecdh/ech_err.c ecdh/ech_key.c ecdh/ech_lib.c \
	ecdsa/ecs_asn1.c ecdsa/ecs_err.c ecdsa/ecs_lib.c \
	ecdsa/ecs_ossl.c ecdsa/ecs_sign.c ecdsa/ecs_vrf.c \
	engine/eng_all.c engine/eng_cnf.c engine/eng_ctrl.c \
	engine/eng_dyn.c engine/eng_err.c engine/eng_fat.c \
	engine/eng_init.c engine/eng_lib.c engine/eng_list.c \
	engine/eng_openssl.c engine/eng_pkey.c engine/eng_table.c \
	engine/tb_asnmth.c engine/tb_cipher.c engine/tb_dh.c \
	engine/tb_digest.c engine/tb_dsa.c engine/tb_ecdh.c \
	engine/tb_ecdsa.c engine/tb_pkmeth.c engine/tb_rand.c \
	engine/tb_rsa.c engine/tb_store.c err/err.c err/err_all.c \
	err/err_prn.c evp/bio_b64.c evp/bio_enc.c evp/bio_md.c \
	evp/c_all.c evp/digest.c evp/e_aes.c evp/e_aes_cbc_hmac_sha1.c \
	evp/e_bf.c evp/e_camellia.c evp/e_cast.c evp/e_chacha.c \
	evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c \
	evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_old.c \
	evp/e_rc2.c evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_xcbc_d.c \
	evp/encode.c evp/evp_aead.c evp/evp_enc.c evp/evp_err.c \
	evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c \
	evp/m_dss.c evp/m_dss1.c evp/m_ecdsa.c evp/m_gost2814789.c \
	evp/m_gostr341194.c evp/m_md4.c evp/m_md5.c evp/m_null.c \
	evp/m_ripemd.c evp/m_sha1.c evp/m_sigver.c evp/m_streebog.c \
	evp/m_wp.c evp/names.c evp/p5_crpt.c evp/p5_crpt2.c \
	evp/p_dec.c evp/p_enc.c evp/p_lib.c evp/p_open.c evp/p_seal.c \

	evp/p_sign.c evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c \
	evp/pmeth_lib.c gost/gost2814789.c gost/gost89_keywrap.c \
	gost/gost89_params.c gost/gost89imit_ameth.c \
	gost/gost89imit_pmeth.c gost/gost_asn1.c gost/gost_err.c \
	gost/gostr341001.c gost/gostr341001_ameth.c \
	gost/gostr341001_key.c gost/gostr341001_params.c \
	gost/gostr341001_pmeth.c gost/gostr341194.c gost/streebog.c \
	hmac/hm_ameth.c hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c \
	idea/i_cfb64.c idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c \
	krb5/krb5_asn.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c \
	md4/md4_one.c md5/md5_dgst.c md5/md5_one.c modes/cbc128.c \
	modes/ccm128.c modes/cfb128.c modes/ctr128.c modes/cts128.c \
	modes/gcm128.c modes/ofb128.c modes/xts128.c objects/o_names.c \
	objects/obj_dat.c objects/obj_err.c objects/obj_lib.c \
	objects/obj_xref.c ocsp/ocsp_asn.c ocsp/ocsp_cl.c \
	ocsp/ocsp_err.c ocsp/ocsp_ext.c ocsp/ocsp_ht.c ocsp/ocsp_lib.c \
	ocsp/ocsp_prn.c ocsp/ocsp_srv.c ocsp/ocsp_vfy.c pem/pem_all.c \
	pem/pem_err.c pem/pem_info.c pem/pem_lib.c pem/pem_oth.c \
	pem/pem_pk8.c pem/pem_pkey.c pem/pem_seal.c pem/pem_sign.c \
	pem/pem_x509.c pem/pem_xaux.c pem/pvkfmt.c pkcs12/p12_add.c \
	pkcs12/p12_asn.c pkcs12/p12_attr.c pkcs12/p12_crpt.c \
	pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c \
	pkcs12/p12_key.c pkcs12/p12_kiss.c pkcs12/p12_mutl.c \
	pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c \
	pkcs12/p12_utl.c pkcs12/pk12err.c pkcs7/bio_pk7.c \
	pkcs7/pk7_asn1.c pkcs7/pk7_attr.c pkcs7/pk7_doit.c \
	pkcs7/pk7_lib.c pkcs7/pk7_mime.c pkcs7/pk7_smime.c \
	pkcs7/pkcs7err.c poly1305/poly1305.c rand/rand_err.c \
	rand/rand_lib.c rand/randfile.c rc2/rc2_cbc.c rc2/rc2_ecb.c \
	rc2/rc2_skey.c rc2/rc2cfb64.c rc2/rc2ofb64.c ripemd/rmd_dgst.c \
	ripemd/rmd_one.c rsa/rsa_ameth.c rsa/rsa_asn1.c rsa/rsa_chk.c \
	rsa/rsa_crpt.c rsa/rsa_depr.c rsa/rsa_eay.c rsa/rsa_err.c \
	rsa/rsa_gen.c rsa/rsa_lib.c rsa/rsa_none.c rsa/rsa_oaep.c \
	rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c rsa/rsa_pss.c \
	rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_ssl.c rsa/rsa_x931.c \
	sha/sha1_one.c sha/sha1dgst.c sha/sha256.c sha/sha512.c \
	stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \
	ts/ts_lib.c ts/ts_req_print.c ts/ts_req_utils.c \
	ts/ts_rsp_print.c ts/ts_rsp_sign.c ts/ts_rsp_utils.c \
	ts/ts_rsp_verify.c ts/ts_verify_ctx.c txt_db/txt_db.c \
	ui/ui_err.c ui/ui_lib.c $(am__append_37) $(am__append_38) \
	ui/ui_util.c whrlpool/wp_dgst.c x509/by_dir.c x509/by_file.c \
	x509/by_mem.c x509/x509_att.c x509/x509_cmp.c x509/x509_d2.c \
	x509/x509_def.c x509/x509_err.c x509/x509_ext.c x509/x509_lu.c \
	x509/x509_obj.c x509/x509_r2x.c x509/x509_req.c \
	x509/x509_set.c x509/x509_trs.c x509/x509_txt.c x509/x509_v3.c \
	x509/x509_vfy.c x509/x509_vpm.c x509/x509cset.c \
	x509/x509name.c x509/x509rset.c x509/x509spki.c \







|
|


|














|
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>




















|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|










|







1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
	asn1/tasn_fre.c asn1/tasn_new.c asn1/tasn_prn.c \
	asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c \
	asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c asn1/x_info.c \
	asn1/x_long.c asn1/x_name.c asn1/x_nx509.c asn1/x_pkey.c \
	asn1/x_pubkey.c asn1/x_req.c asn1/x_sig.c asn1/x_spki.c \
	asn1/x_val.c asn1/x_x509.c asn1/x_x509a.c bf/bf_cfb64.c \
	bf/bf_ecb.c bf/bf_enc.c bf/bf_ofb64.c bf/bf_skey.c \
	bio/b_dump.c $(am__append_37) bio/b_print.c bio/b_sock.c \
	$(am__append_38) bio/bf_buff.c bio/bf_nbio.c bio/bf_null.c \
	bio/bio_cb.c bio/bio_err.c bio/bio_lib.c bio/bss_acpt.c \
	bio/bss_bio.c bio/bss_conn.c bio/bss_dgram.c bio/bss_fd.c \
	bio/bss_file.c $(am__append_39) bio/bss_mem.c bio/bss_null.c \
	bio/bss_sock.c bn/bn_add.c bn/bn_asm.c bn/bn_blind.c \
	bn/bn_const.c bn/bn_ctx.c bn/bn_depr.c bn/bn_div.c bn/bn_err.c \
	bn/bn_exp.c bn/bn_exp2.c bn/bn_gcd.c bn/bn_gf2m.c bn/bn_kron.c \
	bn/bn_lib.c bn/bn_mod.c bn/bn_mont.c bn/bn_mpi.c bn/bn_mul.c \
	bn/bn_nist.c bn/bn_prime.c bn/bn_print.c bn/bn_rand.c \
	bn/bn_recp.c bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c \
	bn/bn_word.c bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \
	buffer/buffer.c camellia/cmll_cfb.c camellia/cmll_ctr.c \
	camellia/cmll_ecb.c camellia/cmll_misc.c camellia/cmll_ofb.c \
	cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c \
	cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c \
	cmac/cmac.c comp/c_rle.c comp/c_zlib.c comp/comp_err.c \
	comp/comp_lib.c conf/conf_api.c conf/conf_def.c \
	conf/conf_err.c conf/conf_lib.c conf/conf_mall.c \
	conf/conf_mod.c conf/conf_sap.c \
	curve25519/curve25519-generic.c curve25519/curve25519.c \
	des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \
	des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \
	des/ede_cbcm_enc.c des/enc_read.c des/enc_writ.c des/fcrypt.c \
	des/fcrypt_b.c des/ofb64ede.c des/ofb64enc.c des/ofb_enc.c \
	des/pcbc_enc.c des/qud_cksm.c des/rand_key.c des/set_key.c \
	des/str2key.c des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c \
	dh/dh_check.c dh/dh_depr.c dh/dh_err.c dh/dh_gen.c dh/dh_key.c \
	dh/dh_lib.c dh/dh_pmeth.c dh/dh_prn.c dsa/dsa_ameth.c \
	dsa/dsa_asn1.c dsa/dsa_depr.c dsa/dsa_err.c dsa/dsa_gen.c \
	dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_ossl.c dsa/dsa_pmeth.c \
	dsa/dsa_prn.c dsa/dsa_sign.c dsa/dsa_vrf.c dso/dso_dlfcn.c \
	dso/dso_err.c dso/dso_lib.c dso/dso_null.c dso/dso_openssl.c \
	ec/ec2_mult.c ec/ec2_oct.c ec/ec2_smpl.c ec/ec_ameth.c \
	ec/ec_asn1.c ec/ec_check.c ec/ec_curve.c ec/ec_cvt.c \
	ec/ec_err.c ec/ec_key.c ec/ec_lib.c ec/ec_mult.c ec/ec_oct.c \
	ec/ec_pmeth.c ec/ec_print.c ec/eck_prn.c ec/ecp_mont.c \
	ec/ecp_nist.c ec/ecp_nistp224.c ec/ecp_nistp256.c \
	ec/ecp_nistp521.c ec/ecp_nistputil.c ec/ecp_oct.c \
	ec/ecp_smpl.c ecdh/ech_err.c ecdh/ech_key.c ecdh/ech_lib.c \
	ecdsa/ecs_asn1.c ecdsa/ecs_err.c ecdsa/ecs_lib.c \
	ecdsa/ecs_ossl.c ecdsa/ecs_sign.c ecdsa/ecs_vrf.c \
	engine/eng_all.c engine/eng_cnf.c engine/eng_ctrl.c \
	engine/eng_dyn.c engine/eng_err.c engine/eng_fat.c \
	engine/eng_init.c engine/eng_lib.c engine/eng_list.c \
	engine/eng_openssl.c engine/eng_pkey.c engine/eng_table.c \
	engine/tb_asnmth.c engine/tb_cipher.c engine/tb_dh.c \
	engine/tb_digest.c engine/tb_dsa.c engine/tb_ecdh.c \
	engine/tb_ecdsa.c engine/tb_pkmeth.c engine/tb_rand.c \
	engine/tb_rsa.c engine/tb_store.c err/err.c err/err_all.c \
	err/err_prn.c evp/bio_b64.c evp/bio_enc.c evp/bio_md.c \
	evp/c_all.c evp/digest.c evp/e_aes.c evp/e_aes_cbc_hmac_sha1.c \
	evp/e_bf.c evp/e_camellia.c evp/e_cast.c evp/e_chacha.c \
	evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c \
	evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_old.c \
	evp/e_rc2.c evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_xcbc_d.c \
	evp/encode.c evp/evp_aead.c evp/evp_enc.c evp/evp_err.c \
	evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c \
	evp/m_dss.c evp/m_dss1.c evp/m_ecdsa.c evp/m_gost2814789.c \
	evp/m_gostr341194.c evp/m_md4.c evp/m_md5.c evp/m_md5_sha1.c \
	evp/m_null.c evp/m_ripemd.c evp/m_sha1.c evp/m_sigver.c \
	evp/m_streebog.c evp/m_wp.c evp/names.c evp/p5_crpt.c \
	evp/p5_crpt2.c evp/p_dec.c evp/p_enc.c evp/p_lib.c \
	evp/p_open.c evp/p_seal.c evp/p_sign.c evp/p_verify.c \
	evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \
	gost/gost2814789.c gost/gost89_keywrap.c gost/gost89_params.c \
	gost/gost89imit_ameth.c gost/gost89imit_pmeth.c \
	gost/gost_asn1.c gost/gost_err.c gost/gostr341001.c \
	gost/gostr341001_ameth.c gost/gostr341001_key.c \
	gost/gostr341001_params.c gost/gostr341001_pmeth.c \
	gost/gostr341194.c gost/streebog.c hmac/hm_ameth.c \
	hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c idea/i_cfb64.c \
	idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c lhash/lh_stats.c \
	lhash/lhash.c md4/md4_dgst.c md4/md4_one.c md5/md5_dgst.c \
	md5/md5_one.c modes/cbc128.c modes/ccm128.c modes/cfb128.c \
	modes/ctr128.c modes/cts128.c modes/gcm128.c modes/ofb128.c \
	modes/xts128.c objects/o_names.c objects/obj_dat.c \
	objects/obj_err.c objects/obj_lib.c objects/obj_xref.c \
	ocsp/ocsp_asn.c ocsp/ocsp_cl.c ocsp/ocsp_err.c ocsp/ocsp_ext.c \
	ocsp/ocsp_ht.c ocsp/ocsp_lib.c ocsp/ocsp_prn.c ocsp/ocsp_srv.c \
	ocsp/ocsp_vfy.c pem/pem_all.c pem/pem_err.c pem/pem_info.c \
	pem/pem_lib.c pem/pem_oth.c pem/pem_pk8.c pem/pem_pkey.c \
	pem/pem_seal.c pem/pem_sign.c pem/pem_x509.c pem/pem_xaux.c \
	pem/pvkfmt.c pkcs12/p12_add.c pkcs12/p12_asn.c \
	pkcs12/p12_attr.c pkcs12/p12_crpt.c pkcs12/p12_crt.c \
	pkcs12/p12_decr.c pkcs12/p12_init.c pkcs12/p12_key.c \
	pkcs12/p12_kiss.c pkcs12/p12_mutl.c pkcs12/p12_npas.c \
	pkcs12/p12_p8d.c pkcs12/p12_p8e.c pkcs12/p12_utl.c \
	pkcs12/pk12err.c pkcs7/bio_pk7.c pkcs7/pk7_asn1.c \
	pkcs7/pk7_attr.c pkcs7/pk7_doit.c pkcs7/pk7_lib.c \
	pkcs7/pk7_mime.c pkcs7/pk7_smime.c pkcs7/pkcs7err.c \
	poly1305/poly1305.c rand/rand_err.c rand/rand_lib.c \
	rand/randfile.c rc2/rc2_cbc.c rc2/rc2_ecb.c rc2/rc2_skey.c \
	rc2/rc2cfb64.c rc2/rc2ofb64.c ripemd/rmd_dgst.c \
	ripemd/rmd_one.c rsa/rsa_ameth.c rsa/rsa_asn1.c rsa/rsa_chk.c \
	rsa/rsa_crpt.c rsa/rsa_depr.c rsa/rsa_eay.c rsa/rsa_err.c \
	rsa/rsa_gen.c rsa/rsa_lib.c rsa/rsa_none.c rsa/rsa_oaep.c \
	rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c rsa/rsa_pss.c \
	rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_ssl.c rsa/rsa_x931.c \
	sha/sha1_one.c sha/sha1dgst.c sha/sha256.c sha/sha512.c \
	stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \
	ts/ts_lib.c ts/ts_req_print.c ts/ts_req_utils.c \
	ts/ts_rsp_print.c ts/ts_rsp_sign.c ts/ts_rsp_utils.c \
	ts/ts_rsp_verify.c ts/ts_verify_ctx.c txt_db/txt_db.c \
	ui/ui_err.c ui/ui_lib.c $(am__append_40) $(am__append_41) \
	ui/ui_util.c whrlpool/wp_dgst.c x509/by_dir.c x509/by_file.c \
	x509/by_mem.c x509/x509_att.c x509/x509_cmp.c x509/x509_d2.c \
	x509/x509_def.c x509/x509_err.c x509/x509_ext.c x509/x509_lu.c \
	x509/x509_obj.c x509/x509_r2x.c x509/x509_req.c \
	x509/x509_set.c x509/x509_trs.c x509/x509_txt.c x509/x509_v3.c \
	x509/x509_vfy.c x509/x509_vpm.c x509/x509cset.c \
	x509/x509name.c x509/x509rset.c x509/x509spki.c \
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281

1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
	x509v3/v3_sxnet.c x509v3/v3_utl.c x509v3/v3err.c

# chacha

# poly1305
EXTRA_libcrypto_la_SOURCES = chacha/chacha-merged.c des/ncbc_enc.c \
	poly1305/poly1305-donna.c
ASM_X86_64_ELF = aes/aes-elf-x86_64.s aes/bsaes-elf-x86_64.s \
	aes/vpaes-elf-x86_64.s aes/aesni-elf-x86_64.s \
	aes/aesni-sha1-elf-x86_64.s bn/modexp512-elf-x86_64.s \
	bn/mont-elf-x86_64.s bn/mont5-elf-x86_64.s \
	bn/gf2m-elf-x86_64.s camellia/cmll-elf-x86_64.s \
	md5/md5-elf-x86_64.s modes/ghash-elf-x86_64.s \
	rc4/rc4-elf-x86_64.s rc4/rc4-md5-elf-x86_64.s \
	sha/sha1-elf-x86_64.s sha/sha256-elf-x86_64.S \
	sha/sha512-elf-x86_64.S whrlpool/wp-elf-x86_64.s \
	cpuid-elf-x86_64.S
ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.s aes/bsaes-macosx-x86_64.s \
	aes/vpaes-macosx-x86_64.s aes/aesni-macosx-x86_64.s \
	aes/aesni-sha1-macosx-x86_64.s bn/modexp512-macosx-x86_64.s \
	bn/mont-macosx-x86_64.s bn/mont5-macosx-x86_64.s \
	bn/gf2m-macosx-x86_64.s camellia/cmll-macosx-x86_64.s \
	md5/md5-macosx-x86_64.s modes/ghash-macosx-x86_64.s \
	rc4/rc4-macosx-x86_64.s rc4/rc4-md5-macosx-x86_64.s \
	sha/sha1-macosx-x86_64.s sha/sha256-macosx-x86_64.S \
	sha/sha512-macosx-x86_64.S whrlpool/wp-macosx-x86_64.s \
	cpuid-macosx-x86_64.S
all: all-am


.SUFFIXES:
.SUFFIXES: .S .c .lo .o .obj .s
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(srcdir)/Makefile.am.arc4random $(srcdir)/Makefile.am.elf-x86_64 $(srcdir)/Makefile.am.macosx-x86_64 $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
	    *$$dep*) \
	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
	        && { if test -f $@; then exit 0; else break; fi; }; \
	      exit 1;; \







|
|
|
|
|
|
|
|
|

|
|
|
|
|
|
|
|
|

|
>


|







1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
	x509v3/v3_sxnet.c x509v3/v3_utl.c x509v3/v3err.c

# chacha

# poly1305
EXTRA_libcrypto_la_SOURCES = chacha/chacha-merged.c des/ncbc_enc.c \
	poly1305/poly1305-donna.c
ASM_X86_64_ELF = aes/aes-elf-x86_64.S aes/bsaes-elf-x86_64.S \
	aes/vpaes-elf-x86_64.S aes/aesni-elf-x86_64.S \
	aes/aesni-sha1-elf-x86_64.S bn/modexp512-elf-x86_64.S \
	bn/mont-elf-x86_64.S bn/mont5-elf-x86_64.S \
	bn/gf2m-elf-x86_64.S camellia/cmll-elf-x86_64.S \
	md5/md5-elf-x86_64.S modes/ghash-elf-x86_64.S \
	rc4/rc4-elf-x86_64.S rc4/rc4-md5-elf-x86_64.S \
	sha/sha1-elf-x86_64.S sha/sha256-elf-x86_64.S \
	sha/sha512-elf-x86_64.S whrlpool/wp-elf-x86_64.S \
	cpuid-elf-x86_64.S
ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.S aes/bsaes-macosx-x86_64.S \
	aes/vpaes-macosx-x86_64.S aes/aesni-macosx-x86_64.S \
	aes/aesni-sha1-macosx-x86_64.S bn/modexp512-macosx-x86_64.S \
	bn/mont-macosx-x86_64.S bn/mont5-macosx-x86_64.S \
	bn/gf2m-macosx-x86_64.S camellia/cmll-macosx-x86_64.S \
	md5/md5-macosx-x86_64.S modes/ghash-macosx-x86_64.S \
	rc4/rc4-macosx-x86_64.S rc4/rc4-md5-macosx-x86_64.S \
	sha/sha1-macosx-x86_64.S sha/sha256-macosx-x86_64.S \
	sha/sha512-macosx-x86_64.S whrlpool/wp-macosx-x86_64.S \
	cpuid-macosx-x86_64.S
all: $(BUILT_SOURCES)
	$(MAKE) $(AM_MAKEFLAGS) all-am

.SUFFIXES:
.SUFFIXES: .S .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(srcdir)/Makefile.am.arc4random $(srcdir)/Makefile.am.elf-x86_64 $(srcdir)/Makefile.am.macosx-x86_64 $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
	    *$$dep*) \
	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
	        && { if test -f $@; then exit 0; else break; fi; }; \
	      exit 1;; \
1367
1368
1369
1370
1371
1372
1373
1374


1375


1376
1377
1378
1379
1380
1381


1382
1383
1384
1385
1386
1387
1388
compat/strlcat.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strlcpy.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strndup.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strnlen.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)


compat/bsd-asprintf.lo: compat/$(am__dirstamp) \


	compat/$(DEPDIR)/$(am__dirstamp)
compat/inet_pton.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/timegm.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/reallocarray.lo: compat/$(am__dirstamp) \


	compat/$(DEPDIR)/$(am__dirstamp)
compat/timingsafe_memcmp.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/timingsafe_bcmp.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/posix_win.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)








>
>

>
>






>
>







1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
compat/strlcat.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strlcpy.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strndup.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strnlen.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/strsep.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/bsd-asprintf.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/getpagesize.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/inet_pton.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/timegm.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/reallocarray.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/recallocarray.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/timingsafe_memcmp.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/timingsafe_bcmp.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
compat/posix_win.lo: compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443

1444
1445
1446

1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
	$(AM_V_CCLD)$(libcompatnoopt_la_LINK) $(am_libcompatnoopt_la_rpath) $(libcompatnoopt_la_OBJECTS) $(libcompatnoopt_la_LIBADD) $(LIBS)
aes/$(am__dirstamp):
	@$(MKDIR_P) aes
	@: > aes/$(am__dirstamp)
aes/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) aes/$(DEPDIR)
	@: > aes/$(DEPDIR)/$(am__dirstamp)
aes/aes-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/bsaes-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/vpaes-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/aesni-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/aesni-sha1-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
bn/$(am__dirstamp):
	@$(MKDIR_P) bn
	@: > bn/$(am__dirstamp)
bn/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) bn/$(DEPDIR)
	@: > bn/$(DEPDIR)/$(am__dirstamp)
bn/modexp512-elf-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/mont-elf-x86_64.lo: bn/$(am__dirstamp) bn/$(DEPDIR)/$(am__dirstamp)

bn/mont5-elf-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/gf2m-elf-x86_64.lo: bn/$(am__dirstamp) bn/$(DEPDIR)/$(am__dirstamp)

camellia/$(am__dirstamp):
	@$(MKDIR_P) camellia
	@: > camellia/$(am__dirstamp)
camellia/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) camellia/$(DEPDIR)
	@: > camellia/$(DEPDIR)/$(am__dirstamp)
camellia/cmll-elf-x86_64.lo: camellia/$(am__dirstamp) \
	camellia/$(DEPDIR)/$(am__dirstamp)
md5/$(am__dirstamp):
	@$(MKDIR_P) md5
	@: > md5/$(am__dirstamp)
md5/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) md5/$(DEPDIR)
	@: > md5/$(DEPDIR)/$(am__dirstamp)
md5/md5-elf-x86_64.lo: md5/$(am__dirstamp) \
	md5/$(DEPDIR)/$(am__dirstamp)
modes/$(am__dirstamp):
	@$(MKDIR_P) modes
	@: > modes/$(am__dirstamp)
modes/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) modes/$(DEPDIR)
	@: > modes/$(DEPDIR)/$(am__dirstamp)
modes/ghash-elf-x86_64.lo: modes/$(am__dirstamp) \
	modes/$(DEPDIR)/$(am__dirstamp)
rc4/$(am__dirstamp):
	@$(MKDIR_P) rc4
	@: > rc4/$(am__dirstamp)
rc4/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) rc4/$(DEPDIR)
	@: > rc4/$(DEPDIR)/$(am__dirstamp)
rc4/rc4-elf-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
rc4/rc4-md5-elf-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
sha/$(am__dirstamp):
	@$(MKDIR_P) sha
	@: > sha/$(am__dirstamp)
sha/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) sha/$(DEPDIR)
	@: > sha/$(DEPDIR)/$(am__dirstamp)
sha/sha1-elf-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha256-elf-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha512-elf-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
whrlpool/$(am__dirstamp):
	@$(MKDIR_P) whrlpool
	@: > whrlpool/$(am__dirstamp)
whrlpool/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) whrlpool/$(DEPDIR)
	@: > whrlpool/$(DEPDIR)/$(am__dirstamp)
whrlpool/wp-elf-x86_64.lo: whrlpool/$(am__dirstamp) \
	whrlpool/$(DEPDIR)/$(am__dirstamp)
aes/aes-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/bsaes-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/vpaes-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/aesni-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/aesni-sha1-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
bn/modexp512-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/mont-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/mont5-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/gf2m-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
camellia/cmll-macosx-x86_64.lo: camellia/$(am__dirstamp) \
	camellia/$(DEPDIR)/$(am__dirstamp)
md5/md5-macosx-x86_64.lo: md5/$(am__dirstamp) \
	md5/$(DEPDIR)/$(am__dirstamp)
modes/ghash-macosx-x86_64.lo: modes/$(am__dirstamp) \
	modes/$(DEPDIR)/$(am__dirstamp)
rc4/rc4-macosx-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
rc4/rc4-md5-macosx-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
sha/sha1-macosx-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha256-macosx-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha512-macosx-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
whrlpool/wp-macosx-x86_64.lo: whrlpool/$(am__dirstamp) \
	whrlpool/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aes_cbc.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aes_core.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
camellia/libcrypto_la-camellia.lo: camellia/$(am__dirstamp) \
	camellia/$(DEPDIR)/$(am__dirstamp)







|

|

|

|

|







|

|
>
|

|
>






|







|







|







|

|







|











|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|





|







1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
	$(AM_V_CCLD)$(libcompatnoopt_la_LINK) $(am_libcompatnoopt_la_rpath) $(libcompatnoopt_la_OBJECTS) $(libcompatnoopt_la_LIBADD) $(LIBS)
aes/$(am__dirstamp):
	@$(MKDIR_P) aes
	@: > aes/$(am__dirstamp)
aes/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) aes/$(DEPDIR)
	@: > aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aes-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-bsaes-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-vpaes-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aesni-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aesni-sha1-elf-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
bn/$(am__dirstamp):
	@$(MKDIR_P) bn
	@: > bn/$(am__dirstamp)
bn/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) bn/$(DEPDIR)
	@: > bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-modexp512-elf-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-mont-elf-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-mont5-elf-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-gf2m-elf-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
camellia/$(am__dirstamp):
	@$(MKDIR_P) camellia
	@: > camellia/$(am__dirstamp)
camellia/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) camellia/$(DEPDIR)
	@: > camellia/$(DEPDIR)/$(am__dirstamp)
camellia/libcrypto_la-cmll-elf-x86_64.lo: camellia/$(am__dirstamp) \
	camellia/$(DEPDIR)/$(am__dirstamp)
md5/$(am__dirstamp):
	@$(MKDIR_P) md5
	@: > md5/$(am__dirstamp)
md5/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) md5/$(DEPDIR)
	@: > md5/$(DEPDIR)/$(am__dirstamp)
md5/libcrypto_la-md5-elf-x86_64.lo: md5/$(am__dirstamp) \
	md5/$(DEPDIR)/$(am__dirstamp)
modes/$(am__dirstamp):
	@$(MKDIR_P) modes
	@: > modes/$(am__dirstamp)
modes/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) modes/$(DEPDIR)
	@: > modes/$(DEPDIR)/$(am__dirstamp)
modes/libcrypto_la-ghash-elf-x86_64.lo: modes/$(am__dirstamp) \
	modes/$(DEPDIR)/$(am__dirstamp)
rc4/$(am__dirstamp):
	@$(MKDIR_P) rc4
	@: > rc4/$(am__dirstamp)
rc4/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) rc4/$(DEPDIR)
	@: > rc4/$(DEPDIR)/$(am__dirstamp)
rc4/libcrypto_la-rc4-elf-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
rc4/libcrypto_la-rc4-md5-elf-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
sha/$(am__dirstamp):
	@$(MKDIR_P) sha
	@: > sha/$(am__dirstamp)
sha/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) sha/$(DEPDIR)
	@: > sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha1-elf-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha256-elf-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha512-elf-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
whrlpool/$(am__dirstamp):
	@$(MKDIR_P) whrlpool
	@: > whrlpool/$(am__dirstamp)
whrlpool/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) whrlpool/$(DEPDIR)
	@: > whrlpool/$(DEPDIR)/$(am__dirstamp)
whrlpool/libcrypto_la-wp-elf-x86_64.lo: whrlpool/$(am__dirstamp) \
	whrlpool/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aes-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-bsaes-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-vpaes-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aesni-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-modexp512-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-mont-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-mont5-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
bn/libcrypto_la-gf2m-macosx-x86_64.lo: bn/$(am__dirstamp) \
	bn/$(DEPDIR)/$(am__dirstamp)
camellia/libcrypto_la-cmll-macosx-x86_64.lo: camellia/$(am__dirstamp) \
	camellia/$(DEPDIR)/$(am__dirstamp)
md5/libcrypto_la-md5-macosx-x86_64.lo: md5/$(am__dirstamp) \
	md5/$(DEPDIR)/$(am__dirstamp)
modes/libcrypto_la-ghash-macosx-x86_64.lo: modes/$(am__dirstamp) \
	modes/$(DEPDIR)/$(am__dirstamp)
rc4/libcrypto_la-rc4-macosx-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo: rc4/$(am__dirstamp) \
	rc4/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha1-macosx-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha256-macosx-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
sha/libcrypto_la-sha512-macosx-x86_64.lo: sha/$(am__dirstamp) \
	sha/$(DEPDIR)/$(am__dirstamp)
whrlpool/libcrypto_la-wp-macosx-x86_64.lo: whrlpool/$(am__dirstamp) \
	whrlpool/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aes_cbc.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
aes/libcrypto_la-aes_core.lo: aes/$(am__dirstamp) \
	aes/$(DEPDIR)/$(am__dirstamp)
camellia/libcrypto_la-camellia.lo: camellia/$(am__dirstamp) \
	camellia/$(DEPDIR)/$(am__dirstamp)
1928
1929
1930
1931
1932
1933
1934











1935
1936
1937
1938
1939
1940
1941
	conf/$(DEPDIR)/$(am__dirstamp)
conf/libcrypto_la-conf_mall.lo: conf/$(am__dirstamp) \
	conf/$(DEPDIR)/$(am__dirstamp)
conf/libcrypto_la-conf_mod.lo: conf/$(am__dirstamp) \
	conf/$(DEPDIR)/$(am__dirstamp)
conf/libcrypto_la-conf_sap.lo: conf/$(am__dirstamp) \
	conf/$(DEPDIR)/$(am__dirstamp)











des/$(am__dirstamp):
	@$(MKDIR_P) des
	@: > des/$(am__dirstamp)
des/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) des/$(DEPDIR)
	@: > des/$(DEPDIR)/$(am__dirstamp)
des/libcrypto_la-cbc_cksm.lo: des/$(am__dirstamp) \







>
>
>
>
>
>
>
>
>
>
>







1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
	conf/$(DEPDIR)/$(am__dirstamp)
conf/libcrypto_la-conf_mall.lo: conf/$(am__dirstamp) \
	conf/$(DEPDIR)/$(am__dirstamp)
conf/libcrypto_la-conf_mod.lo: conf/$(am__dirstamp) \
	conf/$(DEPDIR)/$(am__dirstamp)
conf/libcrypto_la-conf_sap.lo: conf/$(am__dirstamp) \
	conf/$(DEPDIR)/$(am__dirstamp)
curve25519/$(am__dirstamp):
	@$(MKDIR_P) curve25519
	@: > curve25519/$(am__dirstamp)
curve25519/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) curve25519/$(DEPDIR)
	@: > curve25519/$(DEPDIR)/$(am__dirstamp)
curve25519/libcrypto_la-curve25519-generic.lo:  \
	curve25519/$(am__dirstamp) \
	curve25519/$(DEPDIR)/$(am__dirstamp)
curve25519/libcrypto_la-curve25519.lo: curve25519/$(am__dirstamp) \
	curve25519/$(DEPDIR)/$(am__dirstamp)
des/$(am__dirstamp):
	@$(MKDIR_P) des
	@: > des/$(am__dirstamp)
des/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) des/$(DEPDIR)
	@: > des/$(DEPDIR)/$(am__dirstamp)
des/libcrypto_la-cbc_cksm.lo: des/$(am__dirstamp) \
2092
2093
2094
2095
2096
2097
2098








2099
2100
2101
2102
2103
2104
2105
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-eck_prn.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_mont.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_nist.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)








ec/libcrypto_la-ecp_oct.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_smpl.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ecdh/$(am__dirstamp):
	@$(MKDIR_P) ecdh
	@: > ecdh/$(am__dirstamp)







>
>
>
>
>
>
>
>







2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-eck_prn.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_mont.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_nist.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_nistp224.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_nistp256.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_nistp521.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_nistputil.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_oct.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ec/libcrypto_la-ecp_smpl.lo: ec/$(am__dirstamp) \
	ec/$(DEPDIR)/$(am__dirstamp)
ecdh/$(am__dirstamp):
	@$(MKDIR_P) ecdh
	@: > ecdh/$(am__dirstamp)
2270
2271
2272
2273
2274
2275
2276


2277
2278
2279
2280
2281
2282
2283
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_gostr341194.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_md4.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_md5.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)


evp/libcrypto_la-m_null.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_ripemd.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_sha1.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_sigver.lo: evp/$(am__dirstamp) \







>
>







2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_gostr341194.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_md4.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_md5.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_md5_sha1.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_null.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_ripemd.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_sha1.lo: evp/$(am__dirstamp) \
	evp/$(DEPDIR)/$(am__dirstamp)
evp/libcrypto_la-m_sigver.lo: evp/$(am__dirstamp) \
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
	idea/$(DEPDIR)/$(am__dirstamp)
idea/libcrypto_la-i_ecb.lo: idea/$(am__dirstamp) \
	idea/$(DEPDIR)/$(am__dirstamp)
idea/libcrypto_la-i_ofb64.lo: idea/$(am__dirstamp) \
	idea/$(DEPDIR)/$(am__dirstamp)
idea/libcrypto_la-i_skey.lo: idea/$(am__dirstamp) \
	idea/$(DEPDIR)/$(am__dirstamp)
krb5/$(am__dirstamp):
	@$(MKDIR_P) krb5
	@: > krb5/$(am__dirstamp)
krb5/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) krb5/$(DEPDIR)
	@: > krb5/$(DEPDIR)/$(am__dirstamp)
krb5/libcrypto_la-krb5_asn.lo: krb5/$(am__dirstamp) \
	krb5/$(DEPDIR)/$(am__dirstamp)
lhash/$(am__dirstamp):
	@$(MKDIR_P) lhash
	@: > lhash/$(am__dirstamp)
lhash/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) lhash/$(DEPDIR)
	@: > lhash/$(DEPDIR)/$(am__dirstamp)
lhash/libcrypto_la-lh_stats.lo: lhash/$(am__dirstamp) \







<
<
<
<
<
<
<
<







2436
2437
2438
2439
2440
2441
2442








2443
2444
2445
2446
2447
2448
2449
	idea/$(DEPDIR)/$(am__dirstamp)
idea/libcrypto_la-i_ecb.lo: idea/$(am__dirstamp) \
	idea/$(DEPDIR)/$(am__dirstamp)
idea/libcrypto_la-i_ofb64.lo: idea/$(am__dirstamp) \
	idea/$(DEPDIR)/$(am__dirstamp)
idea/libcrypto_la-i_skey.lo: idea/$(am__dirstamp) \
	idea/$(DEPDIR)/$(am__dirstamp)








lhash/$(am__dirstamp):
	@$(MKDIR_P) lhash
	@: > lhash/$(am__dirstamp)
lhash/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) lhash/$(DEPDIR)
	@: > lhash/$(DEPDIR)/$(am__dirstamp)
lhash/libcrypto_la-lh_stats.lo: lhash/$(am__dirstamp) \
2874
2875
2876
2877
2878
2879
2880


2881
2882
2883
2884
2885
2886
2887
	-rm -f cmac/*.lo
	-rm -f comp/*.$(OBJEXT)
	-rm -f comp/*.lo
	-rm -f compat/*.$(OBJEXT)
	-rm -f compat/*.lo
	-rm -f conf/*.$(OBJEXT)
	-rm -f conf/*.lo


	-rm -f des/*.$(OBJEXT)
	-rm -f des/*.lo
	-rm -f dh/*.$(OBJEXT)
	-rm -f dh/*.lo
	-rm -f dsa/*.$(OBJEXT)
	-rm -f dsa/*.lo
	-rm -f dso/*.$(OBJEXT)







>
>







2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
	-rm -f cmac/*.lo
	-rm -f comp/*.$(OBJEXT)
	-rm -f comp/*.lo
	-rm -f compat/*.$(OBJEXT)
	-rm -f compat/*.lo
	-rm -f conf/*.$(OBJEXT)
	-rm -f conf/*.lo
	-rm -f curve25519/*.$(OBJEXT)
	-rm -f curve25519/*.lo
	-rm -f des/*.$(OBJEXT)
	-rm -f des/*.lo
	-rm -f dh/*.$(OBJEXT)
	-rm -f dh/*.lo
	-rm -f dsa/*.$(OBJEXT)
	-rm -f dsa/*.lo
	-rm -f dso/*.$(OBJEXT)
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
	-rm -f evp/*.lo
	-rm -f gost/*.$(OBJEXT)
	-rm -f gost/*.lo
	-rm -f hmac/*.$(OBJEXT)
	-rm -f hmac/*.lo
	-rm -f idea/*.$(OBJEXT)
	-rm -f idea/*.lo
	-rm -f krb5/*.$(OBJEXT)
	-rm -f krb5/*.lo
	-rm -f lhash/*.$(OBJEXT)
	-rm -f lhash/*.lo
	-rm -f md4/*.$(OBJEXT)
	-rm -f md4/*.lo
	-rm -f md5/*.$(OBJEXT)
	-rm -f md5/*.lo
	-rm -f modes/*.$(OBJEXT)







<
<







2960
2961
2962
2963
2964
2965
2966


2967
2968
2969
2970
2971
2972
2973
	-rm -f evp/*.lo
	-rm -f gost/*.$(OBJEXT)
	-rm -f gost/*.lo
	-rm -f hmac/*.$(OBJEXT)
	-rm -f hmac/*.lo
	-rm -f idea/*.$(OBJEXT)
	-rm -f idea/*.lo


	-rm -f lhash/*.$(OBJEXT)
	-rm -f lhash/*.lo
	-rm -f md4/*.$(OBJEXT)
	-rm -f md4/*.lo
	-rm -f md5/*.$(OBJEXT)
	-rm -f md5/*.lo
	-rm -f modes/*.$(OBJEXT)
2964
2965
2966
2967
2968
2969
2970


2971
2972
2973
2974
2975
2976
2977
2978
2979








2980
2981
2982
2983
2984
2985
2986
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-ex_data.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-malloc-wrapper.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-mem_clr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-mem_dbg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_init.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_str.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_time.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_cfb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_core.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ctr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ige.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_misc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ofb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_wrap.Plo@am__quote@








@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bitstr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bytes.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo@am__quote@







>
>









>
>
>
>
>
>
>
>







3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-ex_data.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-malloc-wrapper.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-mem_clr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-mem_dbg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_init.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_str.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_time.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_cfb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_core.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ctr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ige.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_misc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_ofb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aes_wrap.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aesni-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aesni-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aesni-sha1-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-aesni-sha1-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-bsaes-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-bsaes-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-vpaes-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-vpaes-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bitstr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bytes.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo@am__quote@
3103
3104
3105
3106
3107
3108
3109








3110
3111
3112
3113


3114
3115
3116
3117
3118
3119
3120
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_rand.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_recp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_shift.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_sqr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_sqrt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_word.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_x931p.Plo@am__quote@








@AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buf_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buf_str.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buffer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-camellia.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_cfb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_ctr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_misc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_ofb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@cast/$(DEPDIR)/libcrypto_la-c_cfb64.Plo@am__quote@







>
>
>
>
>
>
>
>




>
>







3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_rand.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_recp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_shift.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_sqr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_sqrt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_word.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_x931p.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-gf2m-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-gf2m-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-modexp512-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-modexp512-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-mont-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-mont-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-mont5-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-mont5-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buf_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buf_str.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buffer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-camellia.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_cfb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_ctr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_misc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll_ofb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@cast/$(DEPDIR)/libcrypto_la-c_cfb64.Plo@am__quote@
3138
3139
3140
3141
3142
3143
3144

3145
3146
3147
3148
3149

3150
3151
3152
3153

3154
3155
3156
3157
3158
3159
3160
3161
3162
3163


3164
3165
3166
3167
3168
3169
3170
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_freebsd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_hpux.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_linux.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_netbsd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_osx.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_solaris.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_win.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/inet_pton.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/libcompatnoopt_la-explicit_bzero_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/posix_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/reallocarray.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strlcat.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strlcpy.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strndup.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strnlen.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timegm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timingsafe_bcmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timingsafe_memcmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_api.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_def.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_mall.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_mod.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cbc_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cfb64ede.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cfb64enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cfb_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-des_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-ecb3_enc.Plo@am__quote@







>





>




>










>
>







3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_freebsd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_hpux.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_linux.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_netbsd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_osx.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_solaris.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getentropy_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/getpagesize.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/inet_pton.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/libcompatnoopt_la-explicit_bzero_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/posix_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/reallocarray.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/recallocarray.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strlcat.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strlcpy.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strndup.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strnlen.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strsep.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timegm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timingsafe_bcmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timingsafe_memcmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_api.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_def.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_mall.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_mod.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@curve25519/$(DEPDIR)/libcrypto_la-curve25519.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cbc_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cfb64ede.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cfb64enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cfb_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-des_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-ecb3_enc.Plo@am__quote@
3225
3226
3227
3228
3229
3230
3231




3232
3233
3234
3235
3236
3237
3238
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_mult.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_oct.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_pmeth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_print.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-eck_prn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_mont.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_nist.Plo@am__quote@




@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_oct.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_smpl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdh/$(DEPDIR)/libcrypto_la-ech_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdh/$(DEPDIR)/libcrypto_la-ech_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdh/$(DEPDIR)/libcrypto_la-ech_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdsa/$(DEPDIR)/libcrypto_la-ecs_asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdsa/$(DEPDIR)/libcrypto_la-ecs_err.Plo@am__quote@







>
>
>
>







3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_mult.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_oct.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_pmeth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ec_print.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-eck_prn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_mont.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_nist.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_nistp224.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_nistp256.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_nistp521.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_nistputil.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_oct.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ec/$(DEPDIR)/libcrypto_la-ecp_smpl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdh/$(DEPDIR)/libcrypto_la-ech_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdh/$(DEPDIR)/libcrypto_la-ech_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdh/$(DEPDIR)/libcrypto_la-ech_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdsa/$(DEPDIR)/libcrypto_la-ecs_asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ecdsa/$(DEPDIR)/libcrypto_la-ecs_err.Plo@am__quote@
3299
3300
3301
3302
3303
3304
3305

3306
3307
3308
3309
3310
3311
3312
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_dss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md4.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md5.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_null.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_ripemd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sha1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sigver.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_wp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-names.Plo@am__quote@







>







3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_dss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md4.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md5.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_null.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_ripemd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sha1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sigver.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_wp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-names.Plo@am__quote@
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351


3352
3353
3354
3355
3356
3357
3358
3359


3360
3361
3362
3363
3364
3365
3366
@AMDEP_TRUE@@am__include@ @am__quote@hmac/$(DEPDIR)/libcrypto_la-hm_pmeth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@hmac/$(DEPDIR)/libcrypto_la-hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_cfb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_ofb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_skey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/libcrypto_la-krb5_asn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lhash.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md4/$(DEPDIR)/libcrypto_la-md4_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md4/$(DEPDIR)/libcrypto_la-md4_one.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-cbc128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ccm128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-cfb128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ctr128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-cts128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-gcm128.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ofb128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-xts128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-o_names.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_xref.Plo@am__quote@







<




>
>








>
>







3428
3429
3430
3431
3432
3433
3434

3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
@AMDEP_TRUE@@am__include@ @am__quote@hmac/$(DEPDIR)/libcrypto_la-hm_pmeth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@hmac/$(DEPDIR)/libcrypto_la-hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_cfb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_ofb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_skey.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lhash.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md4/$(DEPDIR)/libcrypto_la-md4_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md4/$(DEPDIR)/libcrypto_la-md4_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-cbc128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ccm128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-cfb128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ctr128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-cts128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-gcm128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ghash-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ghash-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ofb128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-xts128.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-o_names.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_xref.Plo@am__quote@
3414
3415
3416
3417
3418
3419
3420




3421
3422
3423
3424
3425
3426
3427
@AMDEP_TRUE@@am__include@ @am__quote@rand/$(DEPDIR)/libcrypto_la-rand_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rand/$(DEPDIR)/libcrypto_la-randfile.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2_skey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2cfb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2ofb64.Plo@am__quote@




@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4_skey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ripemd/$(DEPDIR)/libcrypto_la-rmd_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ripemd/$(DEPDIR)/libcrypto_la-rmd_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_ameth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_chk.Plo@am__quote@







>
>
>
>







3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
@AMDEP_TRUE@@am__include@ @am__quote@rand/$(DEPDIR)/libcrypto_la-rand_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rand/$(DEPDIR)/libcrypto_la-randfile.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2_ecb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2_skey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2cfb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc2/$(DEPDIR)/libcrypto_la-rc2ofb64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4-md5-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4-md5-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rc4/$(DEPDIR)/libcrypto_la-rc4_skey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ripemd/$(DEPDIR)/libcrypto_la-rmd_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ripemd/$(DEPDIR)/libcrypto_la-rmd_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_ameth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_chk.Plo@am__quote@
3437
3438
3439
3440
3441
3442
3443


3444
3445
3446
3447
3448
3449
3450
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_pmeth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_prn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_pss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_saos.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_sign.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_ssl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_x931.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha1_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha1dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha256.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Plo@am__quote@







>
>







3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_pmeth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_prn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_pss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_saos.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_sign.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_ssl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@rsa/$(DEPDIR)/libcrypto_la-rsa_x931.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha1-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha1-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha1_one.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha1dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha256.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Plo@am__quote@
3463
3464
3465
3466
3467
3468
3469


3470
3471
3472
3473
3474
3475
3476
@AMDEP_TRUE@@am__include@ @am__quote@ts/$(DEPDIR)/libcrypto_la-ts_verify_ctx.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@txt_db/$(DEPDIR)/libcrypto_la-txt_db.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_openssl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_openssl_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_util.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@whrlpool/$(DEPDIR)/libcrypto_la-wp_block.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@whrlpool/$(DEPDIR)/libcrypto_la-wp_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-by_dir.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-by_file.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-by_mem.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-x509_att.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-x509_cmp.Plo@am__quote@







>
>







3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
@AMDEP_TRUE@@am__include@ @am__quote@ts/$(DEPDIR)/libcrypto_la-ts_verify_ctx.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@txt_db/$(DEPDIR)/libcrypto_la-txt_db.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_openssl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_openssl_win.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/libcrypto_la-ui_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@whrlpool/$(DEPDIR)/libcrypto_la-wp-elf-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@whrlpool/$(DEPDIR)/libcrypto_la-wp-macosx-x86_64.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@whrlpool/$(DEPDIR)/libcrypto_la-wp_block.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@whrlpool/$(DEPDIR)/libcrypto_la-wp_dgst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-by_dir.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-by_file.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-by_mem.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-x509_att.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@x509/$(DEPDIR)/libcrypto_la-x509_cmp.Plo@am__quote@
3549
3550
3551
3552
3553
3554
3555









































































































3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569







3570
3571
3572
3573
3574
3575
3576









































































































3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590







3591
3592
3593
3594
3595
3596
3597
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCCAS_TRUE@	$(LTCPPASCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCCAS_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LTCPPASCOMPILE) -c -o $@ $<










































































































sha/libcrypto_la-sha256-elf-x86_64.lo: sha/sha256-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha256-elf-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Tpo -c -o sha/libcrypto_la-sha256-elf-x86_64.lo `test -f 'sha/sha256-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha256-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha256-elf-x86_64.S' object='sha/libcrypto_la-sha256-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha256-elf-x86_64.lo `test -f 'sha/sha256-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha256-elf-x86_64.S

sha/libcrypto_la-sha512-elf-x86_64.lo: sha/sha512-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha512-elf-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Tpo -c -o sha/libcrypto_la-sha512-elf-x86_64.lo `test -f 'sha/sha512-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha512-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha512-elf-x86_64.S' object='sha/libcrypto_la-sha512-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha512-elf-x86_64.lo `test -f 'sha/sha512-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha512-elf-x86_64.S








libcrypto_la-cpuid-elf-x86_64.lo: cpuid-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT libcrypto_la-cpuid-elf-x86_64.lo -MD -MP -MF $(DEPDIR)/libcrypto_la-cpuid-elf-x86_64.Tpo -c -o libcrypto_la-cpuid-elf-x86_64.lo `test -f 'cpuid-elf-x86_64.S' || echo '$(srcdir)/'`cpuid-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_la-cpuid-elf-x86_64.Tpo $(DEPDIR)/libcrypto_la-cpuid-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='cpuid-elf-x86_64.S' object='libcrypto_la-cpuid-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o libcrypto_la-cpuid-elf-x86_64.lo `test -f 'cpuid-elf-x86_64.S' || echo '$(srcdir)/'`cpuid-elf-x86_64.S










































































































sha/libcrypto_la-sha256-macosx-x86_64.lo: sha/sha256-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha256-macosx-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Tpo -c -o sha/libcrypto_la-sha256-macosx-x86_64.lo `test -f 'sha/sha256-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha256-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha256-macosx-x86_64.S' object='sha/libcrypto_la-sha256-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha256-macosx-x86_64.lo `test -f 'sha/sha256-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha256-macosx-x86_64.S

sha/libcrypto_la-sha512-macosx-x86_64.lo: sha/sha512-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha512-macosx-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Tpo -c -o sha/libcrypto_la-sha512-macosx-x86_64.lo `test -f 'sha/sha512-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha512-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha512-macosx-x86_64.S' object='sha/libcrypto_la-sha512-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha512-macosx-x86_64.lo `test -f 'sha/sha512-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha512-macosx-x86_64.S








libcrypto_la-cpuid-macosx-x86_64.lo: cpuid-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT libcrypto_la-cpuid-macosx-x86_64.lo -MD -MP -MF $(DEPDIR)/libcrypto_la-cpuid-macosx-x86_64.Tpo -c -o libcrypto_la-cpuid-macosx-x86_64.lo `test -f 'cpuid-macosx-x86_64.S' || echo '$(srcdir)/'`cpuid-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_la-cpuid-macosx-x86_64.Tpo $(DEPDIR)/libcrypto_la-cpuid-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='cpuid-macosx-x86_64.S' object='libcrypto_la-cpuid-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o libcrypto_la-cpuid-macosx-x86_64.lo `test -f 'cpuid-macosx-x86_64.S' || echo '$(srcdir)/'`cpuid-macosx-x86_64.S








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>














>
>
>
>
>
>
>







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>














>
>
>
>
>
>
>







3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCCAS_TRUE@	$(LTCPPASCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCCAS_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LTCPPASCOMPILE) -c -o $@ $<

aes/libcrypto_la-aes-elf-x86_64.lo: aes/aes-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-aes-elf-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-aes-elf-x86_64.Tpo -c -o aes/libcrypto_la-aes-elf-x86_64.lo `test -f 'aes/aes-elf-x86_64.S' || echo '$(srcdir)/'`aes/aes-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-aes-elf-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-aes-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/aes-elf-x86_64.S' object='aes/libcrypto_la-aes-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-aes-elf-x86_64.lo `test -f 'aes/aes-elf-x86_64.S' || echo '$(srcdir)/'`aes/aes-elf-x86_64.S

aes/libcrypto_la-bsaes-elf-x86_64.lo: aes/bsaes-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-bsaes-elf-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-bsaes-elf-x86_64.Tpo -c -o aes/libcrypto_la-bsaes-elf-x86_64.lo `test -f 'aes/bsaes-elf-x86_64.S' || echo '$(srcdir)/'`aes/bsaes-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-bsaes-elf-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-bsaes-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/bsaes-elf-x86_64.S' object='aes/libcrypto_la-bsaes-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-bsaes-elf-x86_64.lo `test -f 'aes/bsaes-elf-x86_64.S' || echo '$(srcdir)/'`aes/bsaes-elf-x86_64.S

aes/libcrypto_la-vpaes-elf-x86_64.lo: aes/vpaes-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-vpaes-elf-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-vpaes-elf-x86_64.Tpo -c -o aes/libcrypto_la-vpaes-elf-x86_64.lo `test -f 'aes/vpaes-elf-x86_64.S' || echo '$(srcdir)/'`aes/vpaes-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-vpaes-elf-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-vpaes-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/vpaes-elf-x86_64.S' object='aes/libcrypto_la-vpaes-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-vpaes-elf-x86_64.lo `test -f 'aes/vpaes-elf-x86_64.S' || echo '$(srcdir)/'`aes/vpaes-elf-x86_64.S

aes/libcrypto_la-aesni-elf-x86_64.lo: aes/aesni-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-aesni-elf-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-aesni-elf-x86_64.Tpo -c -o aes/libcrypto_la-aesni-elf-x86_64.lo `test -f 'aes/aesni-elf-x86_64.S' || echo '$(srcdir)/'`aes/aesni-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-aesni-elf-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-aesni-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/aesni-elf-x86_64.S' object='aes/libcrypto_la-aesni-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-aesni-elf-x86_64.lo `test -f 'aes/aesni-elf-x86_64.S' || echo '$(srcdir)/'`aes/aesni-elf-x86_64.S

aes/libcrypto_la-aesni-sha1-elf-x86_64.lo: aes/aesni-sha1-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-aesni-sha1-elf-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-aesni-sha1-elf-x86_64.Tpo -c -o aes/libcrypto_la-aesni-sha1-elf-x86_64.lo `test -f 'aes/aesni-sha1-elf-x86_64.S' || echo '$(srcdir)/'`aes/aesni-sha1-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-aesni-sha1-elf-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-aesni-sha1-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/aesni-sha1-elf-x86_64.S' object='aes/libcrypto_la-aesni-sha1-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-aesni-sha1-elf-x86_64.lo `test -f 'aes/aesni-sha1-elf-x86_64.S' || echo '$(srcdir)/'`aes/aesni-sha1-elf-x86_64.S

bn/libcrypto_la-modexp512-elf-x86_64.lo: bn/modexp512-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-modexp512-elf-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-modexp512-elf-x86_64.Tpo -c -o bn/libcrypto_la-modexp512-elf-x86_64.lo `test -f 'bn/modexp512-elf-x86_64.S' || echo '$(srcdir)/'`bn/modexp512-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-modexp512-elf-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-modexp512-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/modexp512-elf-x86_64.S' object='bn/libcrypto_la-modexp512-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-modexp512-elf-x86_64.lo `test -f 'bn/modexp512-elf-x86_64.S' || echo '$(srcdir)/'`bn/modexp512-elf-x86_64.S

bn/libcrypto_la-mont-elf-x86_64.lo: bn/mont-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-mont-elf-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-mont-elf-x86_64.Tpo -c -o bn/libcrypto_la-mont-elf-x86_64.lo `test -f 'bn/mont-elf-x86_64.S' || echo '$(srcdir)/'`bn/mont-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-mont-elf-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-mont-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/mont-elf-x86_64.S' object='bn/libcrypto_la-mont-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-mont-elf-x86_64.lo `test -f 'bn/mont-elf-x86_64.S' || echo '$(srcdir)/'`bn/mont-elf-x86_64.S

bn/libcrypto_la-mont5-elf-x86_64.lo: bn/mont5-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-mont5-elf-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-mont5-elf-x86_64.Tpo -c -o bn/libcrypto_la-mont5-elf-x86_64.lo `test -f 'bn/mont5-elf-x86_64.S' || echo '$(srcdir)/'`bn/mont5-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-mont5-elf-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-mont5-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/mont5-elf-x86_64.S' object='bn/libcrypto_la-mont5-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-mont5-elf-x86_64.lo `test -f 'bn/mont5-elf-x86_64.S' || echo '$(srcdir)/'`bn/mont5-elf-x86_64.S

bn/libcrypto_la-gf2m-elf-x86_64.lo: bn/gf2m-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-gf2m-elf-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-gf2m-elf-x86_64.Tpo -c -o bn/libcrypto_la-gf2m-elf-x86_64.lo `test -f 'bn/gf2m-elf-x86_64.S' || echo '$(srcdir)/'`bn/gf2m-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-gf2m-elf-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-gf2m-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/gf2m-elf-x86_64.S' object='bn/libcrypto_la-gf2m-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-gf2m-elf-x86_64.lo `test -f 'bn/gf2m-elf-x86_64.S' || echo '$(srcdir)/'`bn/gf2m-elf-x86_64.S

camellia/libcrypto_la-cmll-elf-x86_64.lo: camellia/cmll-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT camellia/libcrypto_la-cmll-elf-x86_64.lo -MD -MP -MF camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Tpo -c -o camellia/libcrypto_la-cmll-elf-x86_64.lo `test -f 'camellia/cmll-elf-x86_64.S' || echo '$(srcdir)/'`camellia/cmll-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Tpo camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='camellia/cmll-elf-x86_64.S' object='camellia/libcrypto_la-cmll-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o camellia/libcrypto_la-cmll-elf-x86_64.lo `test -f 'camellia/cmll-elf-x86_64.S' || echo '$(srcdir)/'`camellia/cmll-elf-x86_64.S

md5/libcrypto_la-md5-elf-x86_64.lo: md5/md5-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT md5/libcrypto_la-md5-elf-x86_64.lo -MD -MP -MF md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Tpo -c -o md5/libcrypto_la-md5-elf-x86_64.lo `test -f 'md5/md5-elf-x86_64.S' || echo '$(srcdir)/'`md5/md5-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Tpo md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='md5/md5-elf-x86_64.S' object='md5/libcrypto_la-md5-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o md5/libcrypto_la-md5-elf-x86_64.lo `test -f 'md5/md5-elf-x86_64.S' || echo '$(srcdir)/'`md5/md5-elf-x86_64.S

modes/libcrypto_la-ghash-elf-x86_64.lo: modes/ghash-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT modes/libcrypto_la-ghash-elf-x86_64.lo -MD -MP -MF modes/$(DEPDIR)/libcrypto_la-ghash-elf-x86_64.Tpo -c -o modes/libcrypto_la-ghash-elf-x86_64.lo `test -f 'modes/ghash-elf-x86_64.S' || echo '$(srcdir)/'`modes/ghash-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) modes/$(DEPDIR)/libcrypto_la-ghash-elf-x86_64.Tpo modes/$(DEPDIR)/libcrypto_la-ghash-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='modes/ghash-elf-x86_64.S' object='modes/libcrypto_la-ghash-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o modes/libcrypto_la-ghash-elf-x86_64.lo `test -f 'modes/ghash-elf-x86_64.S' || echo '$(srcdir)/'`modes/ghash-elf-x86_64.S

rc4/libcrypto_la-rc4-elf-x86_64.lo: rc4/rc4-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT rc4/libcrypto_la-rc4-elf-x86_64.lo -MD -MP -MF rc4/$(DEPDIR)/libcrypto_la-rc4-elf-x86_64.Tpo -c -o rc4/libcrypto_la-rc4-elf-x86_64.lo `test -f 'rc4/rc4-elf-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) rc4/$(DEPDIR)/libcrypto_la-rc4-elf-x86_64.Tpo rc4/$(DEPDIR)/libcrypto_la-rc4-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='rc4/rc4-elf-x86_64.S' object='rc4/libcrypto_la-rc4-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o rc4/libcrypto_la-rc4-elf-x86_64.lo `test -f 'rc4/rc4-elf-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-elf-x86_64.S

rc4/libcrypto_la-rc4-md5-elf-x86_64.lo: rc4/rc4-md5-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT rc4/libcrypto_la-rc4-md5-elf-x86_64.lo -MD -MP -MF rc4/$(DEPDIR)/libcrypto_la-rc4-md5-elf-x86_64.Tpo -c -o rc4/libcrypto_la-rc4-md5-elf-x86_64.lo `test -f 'rc4/rc4-md5-elf-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-md5-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) rc4/$(DEPDIR)/libcrypto_la-rc4-md5-elf-x86_64.Tpo rc4/$(DEPDIR)/libcrypto_la-rc4-md5-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='rc4/rc4-md5-elf-x86_64.S' object='rc4/libcrypto_la-rc4-md5-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o rc4/libcrypto_la-rc4-md5-elf-x86_64.lo `test -f 'rc4/rc4-md5-elf-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-md5-elf-x86_64.S

sha/libcrypto_la-sha1-elf-x86_64.lo: sha/sha1-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha1-elf-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha1-elf-x86_64.Tpo -c -o sha/libcrypto_la-sha1-elf-x86_64.lo `test -f 'sha/sha1-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha1-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha1-elf-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha1-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha1-elf-x86_64.S' object='sha/libcrypto_la-sha1-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha1-elf-x86_64.lo `test -f 'sha/sha1-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha1-elf-x86_64.S

sha/libcrypto_la-sha256-elf-x86_64.lo: sha/sha256-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha256-elf-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Tpo -c -o sha/libcrypto_la-sha256-elf-x86_64.lo `test -f 'sha/sha256-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha256-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha256-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha256-elf-x86_64.S' object='sha/libcrypto_la-sha256-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha256-elf-x86_64.lo `test -f 'sha/sha256-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha256-elf-x86_64.S

sha/libcrypto_la-sha512-elf-x86_64.lo: sha/sha512-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha512-elf-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Tpo -c -o sha/libcrypto_la-sha512-elf-x86_64.lo `test -f 'sha/sha512-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha512-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha512-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha512-elf-x86_64.S' object='sha/libcrypto_la-sha512-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha512-elf-x86_64.lo `test -f 'sha/sha512-elf-x86_64.S' || echo '$(srcdir)/'`sha/sha512-elf-x86_64.S

whrlpool/libcrypto_la-wp-elf-x86_64.lo: whrlpool/wp-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT whrlpool/libcrypto_la-wp-elf-x86_64.lo -MD -MP -MF whrlpool/$(DEPDIR)/libcrypto_la-wp-elf-x86_64.Tpo -c -o whrlpool/libcrypto_la-wp-elf-x86_64.lo `test -f 'whrlpool/wp-elf-x86_64.S' || echo '$(srcdir)/'`whrlpool/wp-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) whrlpool/$(DEPDIR)/libcrypto_la-wp-elf-x86_64.Tpo whrlpool/$(DEPDIR)/libcrypto_la-wp-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='whrlpool/wp-elf-x86_64.S' object='whrlpool/libcrypto_la-wp-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o whrlpool/libcrypto_la-wp-elf-x86_64.lo `test -f 'whrlpool/wp-elf-x86_64.S' || echo '$(srcdir)/'`whrlpool/wp-elf-x86_64.S

libcrypto_la-cpuid-elf-x86_64.lo: cpuid-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT libcrypto_la-cpuid-elf-x86_64.lo -MD -MP -MF $(DEPDIR)/libcrypto_la-cpuid-elf-x86_64.Tpo -c -o libcrypto_la-cpuid-elf-x86_64.lo `test -f 'cpuid-elf-x86_64.S' || echo '$(srcdir)/'`cpuid-elf-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_la-cpuid-elf-x86_64.Tpo $(DEPDIR)/libcrypto_la-cpuid-elf-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='cpuid-elf-x86_64.S' object='libcrypto_la-cpuid-elf-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o libcrypto_la-cpuid-elf-x86_64.lo `test -f 'cpuid-elf-x86_64.S' || echo '$(srcdir)/'`cpuid-elf-x86_64.S

aes/libcrypto_la-aes-macosx-x86_64.lo: aes/aes-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-aes-macosx-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-aes-macosx-x86_64.Tpo -c -o aes/libcrypto_la-aes-macosx-x86_64.lo `test -f 'aes/aes-macosx-x86_64.S' || echo '$(srcdir)/'`aes/aes-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-aes-macosx-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-aes-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/aes-macosx-x86_64.S' object='aes/libcrypto_la-aes-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-aes-macosx-x86_64.lo `test -f 'aes/aes-macosx-x86_64.S' || echo '$(srcdir)/'`aes/aes-macosx-x86_64.S

aes/libcrypto_la-bsaes-macosx-x86_64.lo: aes/bsaes-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-bsaes-macosx-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-bsaes-macosx-x86_64.Tpo -c -o aes/libcrypto_la-bsaes-macosx-x86_64.lo `test -f 'aes/bsaes-macosx-x86_64.S' || echo '$(srcdir)/'`aes/bsaes-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-bsaes-macosx-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-bsaes-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/bsaes-macosx-x86_64.S' object='aes/libcrypto_la-bsaes-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-bsaes-macosx-x86_64.lo `test -f 'aes/bsaes-macosx-x86_64.S' || echo '$(srcdir)/'`aes/bsaes-macosx-x86_64.S

aes/libcrypto_la-vpaes-macosx-x86_64.lo: aes/vpaes-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-vpaes-macosx-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-vpaes-macosx-x86_64.Tpo -c -o aes/libcrypto_la-vpaes-macosx-x86_64.lo `test -f 'aes/vpaes-macosx-x86_64.S' || echo '$(srcdir)/'`aes/vpaes-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-vpaes-macosx-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-vpaes-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/vpaes-macosx-x86_64.S' object='aes/libcrypto_la-vpaes-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-vpaes-macosx-x86_64.lo `test -f 'aes/vpaes-macosx-x86_64.S' || echo '$(srcdir)/'`aes/vpaes-macosx-x86_64.S

aes/libcrypto_la-aesni-macosx-x86_64.lo: aes/aesni-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-aesni-macosx-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-aesni-macosx-x86_64.Tpo -c -o aes/libcrypto_la-aesni-macosx-x86_64.lo `test -f 'aes/aesni-macosx-x86_64.S' || echo '$(srcdir)/'`aes/aesni-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-aesni-macosx-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-aesni-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/aesni-macosx-x86_64.S' object='aes/libcrypto_la-aesni-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-aesni-macosx-x86_64.lo `test -f 'aes/aesni-macosx-x86_64.S' || echo '$(srcdir)/'`aes/aesni-macosx-x86_64.S

aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo: aes/aesni-sha1-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo -MD -MP -MF aes/$(DEPDIR)/libcrypto_la-aesni-sha1-macosx-x86_64.Tpo -c -o aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo `test -f 'aes/aesni-sha1-macosx-x86_64.S' || echo '$(srcdir)/'`aes/aesni-sha1-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) aes/$(DEPDIR)/libcrypto_la-aesni-sha1-macosx-x86_64.Tpo aes/$(DEPDIR)/libcrypto_la-aesni-sha1-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='aes/aesni-sha1-macosx-x86_64.S' object='aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o aes/libcrypto_la-aesni-sha1-macosx-x86_64.lo `test -f 'aes/aesni-sha1-macosx-x86_64.S' || echo '$(srcdir)/'`aes/aesni-sha1-macosx-x86_64.S

bn/libcrypto_la-modexp512-macosx-x86_64.lo: bn/modexp512-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-modexp512-macosx-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-modexp512-macosx-x86_64.Tpo -c -o bn/libcrypto_la-modexp512-macosx-x86_64.lo `test -f 'bn/modexp512-macosx-x86_64.S' || echo '$(srcdir)/'`bn/modexp512-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-modexp512-macosx-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-modexp512-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/modexp512-macosx-x86_64.S' object='bn/libcrypto_la-modexp512-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-modexp512-macosx-x86_64.lo `test -f 'bn/modexp512-macosx-x86_64.S' || echo '$(srcdir)/'`bn/modexp512-macosx-x86_64.S

bn/libcrypto_la-mont-macosx-x86_64.lo: bn/mont-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-mont-macosx-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-mont-macosx-x86_64.Tpo -c -o bn/libcrypto_la-mont-macosx-x86_64.lo `test -f 'bn/mont-macosx-x86_64.S' || echo '$(srcdir)/'`bn/mont-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-mont-macosx-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-mont-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/mont-macosx-x86_64.S' object='bn/libcrypto_la-mont-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-mont-macosx-x86_64.lo `test -f 'bn/mont-macosx-x86_64.S' || echo '$(srcdir)/'`bn/mont-macosx-x86_64.S

bn/libcrypto_la-mont5-macosx-x86_64.lo: bn/mont5-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-mont5-macosx-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-mont5-macosx-x86_64.Tpo -c -o bn/libcrypto_la-mont5-macosx-x86_64.lo `test -f 'bn/mont5-macosx-x86_64.S' || echo '$(srcdir)/'`bn/mont5-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-mont5-macosx-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-mont5-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/mont5-macosx-x86_64.S' object='bn/libcrypto_la-mont5-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-mont5-macosx-x86_64.lo `test -f 'bn/mont5-macosx-x86_64.S' || echo '$(srcdir)/'`bn/mont5-macosx-x86_64.S

bn/libcrypto_la-gf2m-macosx-x86_64.lo: bn/gf2m-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT bn/libcrypto_la-gf2m-macosx-x86_64.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-gf2m-macosx-x86_64.Tpo -c -o bn/libcrypto_la-gf2m-macosx-x86_64.lo `test -f 'bn/gf2m-macosx-x86_64.S' || echo '$(srcdir)/'`bn/gf2m-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-gf2m-macosx-x86_64.Tpo bn/$(DEPDIR)/libcrypto_la-gf2m-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='bn/gf2m-macosx-x86_64.S' object='bn/libcrypto_la-gf2m-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o bn/libcrypto_la-gf2m-macosx-x86_64.lo `test -f 'bn/gf2m-macosx-x86_64.S' || echo '$(srcdir)/'`bn/gf2m-macosx-x86_64.S

camellia/libcrypto_la-cmll-macosx-x86_64.lo: camellia/cmll-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT camellia/libcrypto_la-cmll-macosx-x86_64.lo -MD -MP -MF camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Tpo -c -o camellia/libcrypto_la-cmll-macosx-x86_64.lo `test -f 'camellia/cmll-macosx-x86_64.S' || echo '$(srcdir)/'`camellia/cmll-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Tpo camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='camellia/cmll-macosx-x86_64.S' object='camellia/libcrypto_la-cmll-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o camellia/libcrypto_la-cmll-macosx-x86_64.lo `test -f 'camellia/cmll-macosx-x86_64.S' || echo '$(srcdir)/'`camellia/cmll-macosx-x86_64.S

md5/libcrypto_la-md5-macosx-x86_64.lo: md5/md5-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT md5/libcrypto_la-md5-macosx-x86_64.lo -MD -MP -MF md5/$(DEPDIR)/libcrypto_la-md5-macosx-x86_64.Tpo -c -o md5/libcrypto_la-md5-macosx-x86_64.lo `test -f 'md5/md5-macosx-x86_64.S' || echo '$(srcdir)/'`md5/md5-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) md5/$(DEPDIR)/libcrypto_la-md5-macosx-x86_64.Tpo md5/$(DEPDIR)/libcrypto_la-md5-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='md5/md5-macosx-x86_64.S' object='md5/libcrypto_la-md5-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o md5/libcrypto_la-md5-macosx-x86_64.lo `test -f 'md5/md5-macosx-x86_64.S' || echo '$(srcdir)/'`md5/md5-macosx-x86_64.S

modes/libcrypto_la-ghash-macosx-x86_64.lo: modes/ghash-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT modes/libcrypto_la-ghash-macosx-x86_64.lo -MD -MP -MF modes/$(DEPDIR)/libcrypto_la-ghash-macosx-x86_64.Tpo -c -o modes/libcrypto_la-ghash-macosx-x86_64.lo `test -f 'modes/ghash-macosx-x86_64.S' || echo '$(srcdir)/'`modes/ghash-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) modes/$(DEPDIR)/libcrypto_la-ghash-macosx-x86_64.Tpo modes/$(DEPDIR)/libcrypto_la-ghash-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='modes/ghash-macosx-x86_64.S' object='modes/libcrypto_la-ghash-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o modes/libcrypto_la-ghash-macosx-x86_64.lo `test -f 'modes/ghash-macosx-x86_64.S' || echo '$(srcdir)/'`modes/ghash-macosx-x86_64.S

rc4/libcrypto_la-rc4-macosx-x86_64.lo: rc4/rc4-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT rc4/libcrypto_la-rc4-macosx-x86_64.lo -MD -MP -MF rc4/$(DEPDIR)/libcrypto_la-rc4-macosx-x86_64.Tpo -c -o rc4/libcrypto_la-rc4-macosx-x86_64.lo `test -f 'rc4/rc4-macosx-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) rc4/$(DEPDIR)/libcrypto_la-rc4-macosx-x86_64.Tpo rc4/$(DEPDIR)/libcrypto_la-rc4-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='rc4/rc4-macosx-x86_64.S' object='rc4/libcrypto_la-rc4-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o rc4/libcrypto_la-rc4-macosx-x86_64.lo `test -f 'rc4/rc4-macosx-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-macosx-x86_64.S

rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo: rc4/rc4-md5-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo -MD -MP -MF rc4/$(DEPDIR)/libcrypto_la-rc4-md5-macosx-x86_64.Tpo -c -o rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo `test -f 'rc4/rc4-md5-macosx-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-md5-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) rc4/$(DEPDIR)/libcrypto_la-rc4-md5-macosx-x86_64.Tpo rc4/$(DEPDIR)/libcrypto_la-rc4-md5-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='rc4/rc4-md5-macosx-x86_64.S' object='rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o rc4/libcrypto_la-rc4-md5-macosx-x86_64.lo `test -f 'rc4/rc4-md5-macosx-x86_64.S' || echo '$(srcdir)/'`rc4/rc4-md5-macosx-x86_64.S

sha/libcrypto_la-sha1-macosx-x86_64.lo: sha/sha1-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha1-macosx-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha1-macosx-x86_64.Tpo -c -o sha/libcrypto_la-sha1-macosx-x86_64.lo `test -f 'sha/sha1-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha1-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha1-macosx-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha1-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha1-macosx-x86_64.S' object='sha/libcrypto_la-sha1-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha1-macosx-x86_64.lo `test -f 'sha/sha1-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha1-macosx-x86_64.S

sha/libcrypto_la-sha256-macosx-x86_64.lo: sha/sha256-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha256-macosx-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Tpo -c -o sha/libcrypto_la-sha256-macosx-x86_64.lo `test -f 'sha/sha256-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha256-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha256-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha256-macosx-x86_64.S' object='sha/libcrypto_la-sha256-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha256-macosx-x86_64.lo `test -f 'sha/sha256-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha256-macosx-x86_64.S

sha/libcrypto_la-sha512-macosx-x86_64.lo: sha/sha512-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT sha/libcrypto_la-sha512-macosx-x86_64.lo -MD -MP -MF sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Tpo -c -o sha/libcrypto_la-sha512-macosx-x86_64.lo `test -f 'sha/sha512-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha512-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Tpo sha/$(DEPDIR)/libcrypto_la-sha512-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='sha/sha512-macosx-x86_64.S' object='sha/libcrypto_la-sha512-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o sha/libcrypto_la-sha512-macosx-x86_64.lo `test -f 'sha/sha512-macosx-x86_64.S' || echo '$(srcdir)/'`sha/sha512-macosx-x86_64.S

whrlpool/libcrypto_la-wp-macosx-x86_64.lo: whrlpool/wp-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT whrlpool/libcrypto_la-wp-macosx-x86_64.lo -MD -MP -MF whrlpool/$(DEPDIR)/libcrypto_la-wp-macosx-x86_64.Tpo -c -o whrlpool/libcrypto_la-wp-macosx-x86_64.lo `test -f 'whrlpool/wp-macosx-x86_64.S' || echo '$(srcdir)/'`whrlpool/wp-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) whrlpool/$(DEPDIR)/libcrypto_la-wp-macosx-x86_64.Tpo whrlpool/$(DEPDIR)/libcrypto_la-wp-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='whrlpool/wp-macosx-x86_64.S' object='whrlpool/libcrypto_la-wp-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o whrlpool/libcrypto_la-wp-macosx-x86_64.lo `test -f 'whrlpool/wp-macosx-x86_64.S' || echo '$(srcdir)/'`whrlpool/wp-macosx-x86_64.S

libcrypto_la-cpuid-macosx-x86_64.lo: cpuid-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_CPPAS)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -MT libcrypto_la-cpuid-macosx-x86_64.lo -MD -MP -MF $(DEPDIR)/libcrypto_la-cpuid-macosx-x86_64.Tpo -c -o libcrypto_la-cpuid-macosx-x86_64.lo `test -f 'cpuid-macosx-x86_64.S' || echo '$(srcdir)/'`cpuid-macosx-x86_64.S
@am__fastdepCCAS_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_la-cpuid-macosx-x86_64.Tpo $(DEPDIR)/libcrypto_la-cpuid-macosx-x86_64.Plo
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS)source='cpuid-macosx-x86_64.S' object='libcrypto_la-cpuid-macosx-x86_64.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCCAS_FALSE@	DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCCAS_FALSE@	$(AM_V_CPPAS@am__nodep@)$(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) -c -o libcrypto_la-cpuid-macosx-x86_64.lo `test -f 'cpuid-macosx-x86_64.S' || echo '$(srcdir)/'`cpuid-macosx-x86_64.S

4903
4904
4905
4906
4907
4908
4909














4910
4911
4912
4913
4914
4915
4916
conf/libcrypto_la-conf_sap.lo: conf/conf_sap.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT conf/libcrypto_la-conf_sap.lo -MD -MP -MF conf/$(DEPDIR)/libcrypto_la-conf_sap.Tpo -c -o conf/libcrypto_la-conf_sap.lo `test -f 'conf/conf_sap.c' || echo '$(srcdir)/'`conf/conf_sap.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) conf/$(DEPDIR)/libcrypto_la-conf_sap.Tpo conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='conf/conf_sap.c' object='conf/libcrypto_la-conf_sap.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o conf/libcrypto_la-conf_sap.lo `test -f 'conf/conf_sap.c' || echo '$(srcdir)/'`conf/conf_sap.c















des/libcrypto_la-cbc_cksm.lo: des/cbc_cksm.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des/libcrypto_la-cbc_cksm.lo -MD -MP -MF des/$(DEPDIR)/libcrypto_la-cbc_cksm.Tpo -c -o des/libcrypto_la-cbc_cksm.lo `test -f 'des/cbc_cksm.c' || echo '$(srcdir)/'`des/cbc_cksm.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) des/$(DEPDIR)/libcrypto_la-cbc_cksm.Tpo des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='des/cbc_cksm.c' object='des/libcrypto_la-cbc_cksm.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des/libcrypto_la-cbc_cksm.lo `test -f 'des/cbc_cksm.c' || echo '$(srcdir)/'`des/cbc_cksm.c








>
>
>
>
>
>
>
>
>
>
>
>
>
>







5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
conf/libcrypto_la-conf_sap.lo: conf/conf_sap.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT conf/libcrypto_la-conf_sap.lo -MD -MP -MF conf/$(DEPDIR)/libcrypto_la-conf_sap.Tpo -c -o conf/libcrypto_la-conf_sap.lo `test -f 'conf/conf_sap.c' || echo '$(srcdir)/'`conf/conf_sap.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) conf/$(DEPDIR)/libcrypto_la-conf_sap.Tpo conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='conf/conf_sap.c' object='conf/libcrypto_la-conf_sap.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o conf/libcrypto_la-conf_sap.lo `test -f 'conf/conf_sap.c' || echo '$(srcdir)/'`conf/conf_sap.c

curve25519/libcrypto_la-curve25519-generic.lo: curve25519/curve25519-generic.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT curve25519/libcrypto_la-curve25519-generic.lo -MD -MP -MF curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Tpo -c -o curve25519/libcrypto_la-curve25519-generic.lo `test -f 'curve25519/curve25519-generic.c' || echo '$(srcdir)/'`curve25519/curve25519-generic.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Tpo curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='curve25519/curve25519-generic.c' object='curve25519/libcrypto_la-curve25519-generic.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o curve25519/libcrypto_la-curve25519-generic.lo `test -f 'curve25519/curve25519-generic.c' || echo '$(srcdir)/'`curve25519/curve25519-generic.c

curve25519/libcrypto_la-curve25519.lo: curve25519/curve25519.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT curve25519/libcrypto_la-curve25519.lo -MD -MP -MF curve25519/$(DEPDIR)/libcrypto_la-curve25519.Tpo -c -o curve25519/libcrypto_la-curve25519.lo `test -f 'curve25519/curve25519.c' || echo '$(srcdir)/'`curve25519/curve25519.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) curve25519/$(DEPDIR)/libcrypto_la-curve25519.Tpo curve25519/$(DEPDIR)/libcrypto_la-curve25519.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='curve25519/curve25519.c' object='curve25519/libcrypto_la-curve25519.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o curve25519/libcrypto_la-curve25519.lo `test -f 'curve25519/curve25519.c' || echo '$(srcdir)/'`curve25519/curve25519.c

des/libcrypto_la-cbc_cksm.lo: des/cbc_cksm.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des/libcrypto_la-cbc_cksm.lo -MD -MP -MF des/$(DEPDIR)/libcrypto_la-cbc_cksm.Tpo -c -o des/libcrypto_la-cbc_cksm.lo `test -f 'des/cbc_cksm.c' || echo '$(srcdir)/'`des/cbc_cksm.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) des/$(DEPDIR)/libcrypto_la-cbc_cksm.Tpo des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='des/cbc_cksm.c' object='des/libcrypto_la-cbc_cksm.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des/libcrypto_la-cbc_cksm.lo `test -f 'des/cbc_cksm.c' || echo '$(srcdir)/'`des/cbc_cksm.c

5372
5373
5374
5375
5376
5377
5378




























5379
5380
5381
5382
5383
5384
5385
ec/libcrypto_la-ecp_nist.lo: ec/ecp_nist.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_nist.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_nist.Tpo -c -o ec/libcrypto_la-ecp_nist.lo `test -f 'ec/ecp_nist.c' || echo '$(srcdir)/'`ec/ecp_nist.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_nist.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_nist.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_nist.c' object='ec/libcrypto_la-ecp_nist.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_nist.lo `test -f 'ec/ecp_nist.c' || echo '$(srcdir)/'`ec/ecp_nist.c





























ec/libcrypto_la-ecp_oct.lo: ec/ecp_oct.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_oct.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_oct.Tpo -c -o ec/libcrypto_la-ecp_oct.lo `test -f 'ec/ecp_oct.c' || echo '$(srcdir)/'`ec/ecp_oct.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_oct.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_oct.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_oct.c' object='ec/libcrypto_la-ecp_oct.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_oct.lo `test -f 'ec/ecp_oct.c' || echo '$(srcdir)/'`ec/ecp_oct.c








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
ec/libcrypto_la-ecp_nist.lo: ec/ecp_nist.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_nist.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_nist.Tpo -c -o ec/libcrypto_la-ecp_nist.lo `test -f 'ec/ecp_nist.c' || echo '$(srcdir)/'`ec/ecp_nist.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_nist.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_nist.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_nist.c' object='ec/libcrypto_la-ecp_nist.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_nist.lo `test -f 'ec/ecp_nist.c' || echo '$(srcdir)/'`ec/ecp_nist.c

ec/libcrypto_la-ecp_nistp224.lo: ec/ecp_nistp224.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_nistp224.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_nistp224.Tpo -c -o ec/libcrypto_la-ecp_nistp224.lo `test -f 'ec/ecp_nistp224.c' || echo '$(srcdir)/'`ec/ecp_nistp224.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_nistp224.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_nistp224.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_nistp224.c' object='ec/libcrypto_la-ecp_nistp224.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_nistp224.lo `test -f 'ec/ecp_nistp224.c' || echo '$(srcdir)/'`ec/ecp_nistp224.c

ec/libcrypto_la-ecp_nistp256.lo: ec/ecp_nistp256.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_nistp256.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_nistp256.Tpo -c -o ec/libcrypto_la-ecp_nistp256.lo `test -f 'ec/ecp_nistp256.c' || echo '$(srcdir)/'`ec/ecp_nistp256.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_nistp256.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_nistp256.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_nistp256.c' object='ec/libcrypto_la-ecp_nistp256.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_nistp256.lo `test -f 'ec/ecp_nistp256.c' || echo '$(srcdir)/'`ec/ecp_nistp256.c

ec/libcrypto_la-ecp_nistp521.lo: ec/ecp_nistp521.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_nistp521.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_nistp521.Tpo -c -o ec/libcrypto_la-ecp_nistp521.lo `test -f 'ec/ecp_nistp521.c' || echo '$(srcdir)/'`ec/ecp_nistp521.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_nistp521.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_nistp521.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_nistp521.c' object='ec/libcrypto_la-ecp_nistp521.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_nistp521.lo `test -f 'ec/ecp_nistp521.c' || echo '$(srcdir)/'`ec/ecp_nistp521.c

ec/libcrypto_la-ecp_nistputil.lo: ec/ecp_nistputil.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_nistputil.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_nistputil.Tpo -c -o ec/libcrypto_la-ecp_nistputil.lo `test -f 'ec/ecp_nistputil.c' || echo '$(srcdir)/'`ec/ecp_nistputil.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_nistputil.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_nistputil.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_nistputil.c' object='ec/libcrypto_la-ecp_nistputil.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_nistputil.lo `test -f 'ec/ecp_nistputil.c' || echo '$(srcdir)/'`ec/ecp_nistputil.c

ec/libcrypto_la-ecp_oct.lo: ec/ecp_oct.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ec/libcrypto_la-ecp_oct.lo -MD -MP -MF ec/$(DEPDIR)/libcrypto_la-ecp_oct.Tpo -c -o ec/libcrypto_la-ecp_oct.lo `test -f 'ec/ecp_oct.c' || echo '$(srcdir)/'`ec/ecp_oct.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ec/$(DEPDIR)/libcrypto_la-ecp_oct.Tpo ec/$(DEPDIR)/libcrypto_la-ecp_oct.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ec/ecp_oct.c' object='ec/libcrypto_la-ecp_oct.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ec/libcrypto_la-ecp_oct.lo `test -f 'ec/ecp_oct.c' || echo '$(srcdir)/'`ec/ecp_oct.c

5890
5891
5892
5893
5894
5895
5896







5897
5898
5899
5900
5901
5902
5903
evp/libcrypto_la-m_md5.lo: evp/m_md5.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_md5.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_md5.Tpo -c -o evp/libcrypto_la-m_md5.lo `test -f 'evp/m_md5.c' || echo '$(srcdir)/'`evp/m_md5.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_md5.Tpo evp/$(DEPDIR)/libcrypto_la-m_md5.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='evp/m_md5.c' object='evp/libcrypto_la-m_md5.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_md5.lo `test -f 'evp/m_md5.c' || echo '$(srcdir)/'`evp/m_md5.c








evp/libcrypto_la-m_null.lo: evp/m_null.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_null.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_null.Tpo -c -o evp/libcrypto_la-m_null.lo `test -f 'evp/m_null.c' || echo '$(srcdir)/'`evp/m_null.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_null.Tpo evp/$(DEPDIR)/libcrypto_la-m_null.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='evp/m_null.c' object='evp/libcrypto_la-m_null.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_null.lo `test -f 'evp/m_null.c' || echo '$(srcdir)/'`evp/m_null.c








>
>
>
>
>
>
>







6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
evp/libcrypto_la-m_md5.lo: evp/m_md5.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_md5.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_md5.Tpo -c -o evp/libcrypto_la-m_md5.lo `test -f 'evp/m_md5.c' || echo '$(srcdir)/'`evp/m_md5.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_md5.Tpo evp/$(DEPDIR)/libcrypto_la-m_md5.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='evp/m_md5.c' object='evp/libcrypto_la-m_md5.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_md5.lo `test -f 'evp/m_md5.c' || echo '$(srcdir)/'`evp/m_md5.c

evp/libcrypto_la-m_md5_sha1.lo: evp/m_md5_sha1.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_md5_sha1.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Tpo -c -o evp/libcrypto_la-m_md5_sha1.lo `test -f 'evp/m_md5_sha1.c' || echo '$(srcdir)/'`evp/m_md5_sha1.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Tpo evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='evp/m_md5_sha1.c' object='evp/libcrypto_la-m_md5_sha1.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_md5_sha1.lo `test -f 'evp/m_md5_sha1.c' || echo '$(srcdir)/'`evp/m_md5_sha1.c

evp/libcrypto_la-m_null.lo: evp/m_null.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_null.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_null.Tpo -c -o evp/libcrypto_la-m_null.lo `test -f 'evp/m_null.c' || echo '$(srcdir)/'`evp/m_null.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_null.Tpo evp/$(DEPDIR)/libcrypto_la-m_null.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='evp/m_null.c' object='evp/libcrypto_la-m_null.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_null.lo `test -f 'evp/m_null.c' || echo '$(srcdir)/'`evp/m_null.c

6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
idea/libcrypto_la-i_skey.lo: idea/i_skey.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea/libcrypto_la-i_skey.lo -MD -MP -MF idea/$(DEPDIR)/libcrypto_la-i_skey.Tpo -c -o idea/libcrypto_la-i_skey.lo `test -f 'idea/i_skey.c' || echo '$(srcdir)/'`idea/i_skey.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) idea/$(DEPDIR)/libcrypto_la-i_skey.Tpo idea/$(DEPDIR)/libcrypto_la-i_skey.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='idea/i_skey.c' object='idea/libcrypto_la-i_skey.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea/libcrypto_la-i_skey.lo `test -f 'idea/i_skey.c' || echo '$(srcdir)/'`idea/i_skey.c

krb5/libcrypto_la-krb5_asn.lo: krb5/krb5_asn.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT krb5/libcrypto_la-krb5_asn.lo -MD -MP -MF krb5/$(DEPDIR)/libcrypto_la-krb5_asn.Tpo -c -o krb5/libcrypto_la-krb5_asn.lo `test -f 'krb5/krb5_asn.c' || echo '$(srcdir)/'`krb5/krb5_asn.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) krb5/$(DEPDIR)/libcrypto_la-krb5_asn.Tpo krb5/$(DEPDIR)/libcrypto_la-krb5_asn.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='krb5/krb5_asn.c' object='krb5/libcrypto_la-krb5_asn.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o krb5/libcrypto_la-krb5_asn.lo `test -f 'krb5/krb5_asn.c' || echo '$(srcdir)/'`krb5/krb5_asn.c

lhash/libcrypto_la-lh_stats.lo: lhash/lh_stats.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lhash/libcrypto_la-lh_stats.lo -MD -MP -MF lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='lhash/lh_stats.c' object='lhash/libcrypto_la-lh_stats.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c








<
<
<
<
<
<
<







6549
6550
6551
6552
6553
6554
6555







6556
6557
6558
6559
6560
6561
6562
idea/libcrypto_la-i_skey.lo: idea/i_skey.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea/libcrypto_la-i_skey.lo -MD -MP -MF idea/$(DEPDIR)/libcrypto_la-i_skey.Tpo -c -o idea/libcrypto_la-i_skey.lo `test -f 'idea/i_skey.c' || echo '$(srcdir)/'`idea/i_skey.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) idea/$(DEPDIR)/libcrypto_la-i_skey.Tpo idea/$(DEPDIR)/libcrypto_la-i_skey.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='idea/i_skey.c' object='idea/libcrypto_la-i_skey.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea/libcrypto_la-i_skey.lo `test -f 'idea/i_skey.c' || echo '$(srcdir)/'`idea/i_skey.c








lhash/libcrypto_la-lh_stats.lo: lhash/lh_stats.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lhash/libcrypto_la-lh_stats.lo -MD -MP -MF lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='lhash/lh_stats.c' object='lhash/libcrypto_la-lh_stats.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c

7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463

7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
poly1305/libcrypto_la-poly1305-donna.lo: poly1305/poly1305-donna.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT poly1305/libcrypto_la-poly1305-donna.lo -MD -MP -MF poly1305/$(DEPDIR)/libcrypto_la-poly1305-donna.Tpo -c -o poly1305/libcrypto_la-poly1305-donna.lo `test -f 'poly1305/poly1305-donna.c' || echo '$(srcdir)/'`poly1305/poly1305-donna.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) poly1305/$(DEPDIR)/libcrypto_la-poly1305-donna.Tpo poly1305/$(DEPDIR)/libcrypto_la-poly1305-donna.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='poly1305/poly1305-donna.c' object='poly1305/libcrypto_la-poly1305-donna.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o poly1305/libcrypto_la-poly1305-donna.lo `test -f 'poly1305/poly1305-donna.c' || echo '$(srcdir)/'`poly1305/poly1305-donna.c

.s.o:
	$(AM_V_CCAS)$(CCASCOMPILE) -c -o $@ $<

.s.obj:
	$(AM_V_CCAS)$(CCASCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`

.s.lo:
	$(AM_V_CCAS)$(LTCCASCOMPILE) -c -o $@ $<

mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs
	-rm -rf aes/.libs aes/_libs
	-rm -rf asn1/.libs asn1/_libs
	-rm -rf bf/.libs bf/_libs
	-rm -rf bio/.libs bio/_libs
	-rm -rf bn/.libs bn/_libs
	-rm -rf buffer/.libs buffer/_libs
	-rm -rf camellia/.libs camellia/_libs
	-rm -rf cast/.libs cast/_libs
	-rm -rf chacha/.libs chacha/_libs
	-rm -rf cmac/.libs cmac/_libs
	-rm -rf comp/.libs comp/_libs
	-rm -rf compat/.libs compat/_libs
	-rm -rf conf/.libs conf/_libs

	-rm -rf des/.libs des/_libs
	-rm -rf dh/.libs dh/_libs
	-rm -rf dsa/.libs dsa/_libs
	-rm -rf dso/.libs dso/_libs
	-rm -rf ec/.libs ec/_libs
	-rm -rf ecdh/.libs ecdh/_libs
	-rm -rf ecdsa/.libs ecdsa/_libs
	-rm -rf engine/.libs engine/_libs
	-rm -rf err/.libs err/_libs
	-rm -rf evp/.libs evp/_libs
	-rm -rf gost/.libs gost/_libs
	-rm -rf hmac/.libs hmac/_libs
	-rm -rf idea/.libs idea/_libs
	-rm -rf krb5/.libs krb5/_libs
	-rm -rf lhash/.libs lhash/_libs
	-rm -rf md4/.libs md4/_libs
	-rm -rf md5/.libs md5/_libs
	-rm -rf modes/.libs modes/_libs
	-rm -rf objects/.libs objects/_libs
	-rm -rf ocsp/.libs ocsp/_libs
	-rm -rf pem/.libs pem/_libs







<
<
<
<
<
<
<
<
<


















>













<







7795
7796
7797
7798
7799
7800
7801









7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833

7834
7835
7836
7837
7838
7839
7840
poly1305/libcrypto_la-poly1305-donna.lo: poly1305/poly1305-donna.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT poly1305/libcrypto_la-poly1305-donna.lo -MD -MP -MF poly1305/$(DEPDIR)/libcrypto_la-poly1305-donna.Tpo -c -o poly1305/libcrypto_la-poly1305-donna.lo `test -f 'poly1305/poly1305-donna.c' || echo '$(srcdir)/'`poly1305/poly1305-donna.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) poly1305/$(DEPDIR)/libcrypto_la-poly1305-donna.Tpo poly1305/$(DEPDIR)/libcrypto_la-poly1305-donna.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='poly1305/poly1305-donna.c' object='poly1305/libcrypto_la-poly1305-donna.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o poly1305/libcrypto_la-poly1305-donna.lo `test -f 'poly1305/poly1305-donna.c' || echo '$(srcdir)/'`poly1305/poly1305-donna.c










mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs
	-rm -rf aes/.libs aes/_libs
	-rm -rf asn1/.libs asn1/_libs
	-rm -rf bf/.libs bf/_libs
	-rm -rf bio/.libs bio/_libs
	-rm -rf bn/.libs bn/_libs
	-rm -rf buffer/.libs buffer/_libs
	-rm -rf camellia/.libs camellia/_libs
	-rm -rf cast/.libs cast/_libs
	-rm -rf chacha/.libs chacha/_libs
	-rm -rf cmac/.libs cmac/_libs
	-rm -rf comp/.libs comp/_libs
	-rm -rf compat/.libs compat/_libs
	-rm -rf conf/.libs conf/_libs
	-rm -rf curve25519/.libs curve25519/_libs
	-rm -rf des/.libs des/_libs
	-rm -rf dh/.libs dh/_libs
	-rm -rf dsa/.libs dsa/_libs
	-rm -rf dso/.libs dso/_libs
	-rm -rf ec/.libs ec/_libs
	-rm -rf ecdh/.libs ecdh/_libs
	-rm -rf ecdsa/.libs ecdsa/_libs
	-rm -rf engine/.libs engine/_libs
	-rm -rf err/.libs err/_libs
	-rm -rf evp/.libs evp/_libs
	-rm -rf gost/.libs gost/_libs
	-rm -rf hmac/.libs hmac/_libs
	-rm -rf idea/.libs idea/_libs

	-rm -rf lhash/.libs lhash/_libs
	-rm -rf md4/.libs md4/_libs
	-rm -rf md5/.libs md5/_libs
	-rm -rf modes/.libs modes/_libs
	-rm -rf objects/.libs objects/_libs
	-rm -rf ocsp/.libs ocsp/_libs
	-rm -rf pem/.libs pem/_libs
7578
7579
7580
7581
7582
7583
7584
7585

7586
7587
7588
7589
7590
7591

7592
7593
7594
7595
7596
7597
7598
	  else \
	    test -f "$(distdir)/$$file" \
	    || cp -p $$d/$$file "$(distdir)/$$file" \
	    || exit 1; \
	  fi; \
	done
check-am: all-am
check: check-am

all-am: Makefile $(LTLIBRARIES) $(HEADERS)
installdirs:
	for dir in "$(DESTDIR)$(libdir)"; do \
	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
	done
install: install-am

install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am

install-am: all-am
	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am








|
>





|
>







7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
	  else \
	    test -f "$(distdir)/$$file" \
	    || cp -p $$d/$$file "$(distdir)/$$file" \
	    || exit 1; \
	  fi; \
	done
check-am: all-am
check: $(BUILT_SOURCES)
	$(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(LTLIBRARIES) $(HEADERS)
installdirs:
	for dir in "$(DESTDIR)$(libdir)"; do \
	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
	done
install: $(BUILT_SOURCES)
	$(MAKE) $(AM_MAKEFLAGS) install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am

install-am: all-am
	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

7606
7607
7608
7609
7610
7611
7612

7613
7614
7615
7616
7617
7618
7619
	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
	fi
mostlyclean-generic:

clean-generic:


distclean-generic:
	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
	-rm -f aes/$(DEPDIR)/$(am__dirstamp)
	-rm -f aes/$(am__dirstamp)
	-rm -f asn1/$(DEPDIR)/$(am__dirstamp)







>







7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
	fi
mostlyclean-generic:

clean-generic:
	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)

distclean-generic:
	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
	-rm -f aes/$(DEPDIR)/$(am__dirstamp)
	-rm -f aes/$(am__dirstamp)
	-rm -f asn1/$(DEPDIR)/$(am__dirstamp)
7636
7637
7638
7639
7640
7641
7642


7643
7644
7645
7646
7647
7648
7649
	-rm -f cmac/$(am__dirstamp)
	-rm -f comp/$(DEPDIR)/$(am__dirstamp)
	-rm -f comp/$(am__dirstamp)
	-rm -f compat/$(DEPDIR)/$(am__dirstamp)
	-rm -f compat/$(am__dirstamp)
	-rm -f conf/$(DEPDIR)/$(am__dirstamp)
	-rm -f conf/$(am__dirstamp)


	-rm -f des/$(DEPDIR)/$(am__dirstamp)
	-rm -f des/$(am__dirstamp)
	-rm -f dh/$(DEPDIR)/$(am__dirstamp)
	-rm -f dh/$(am__dirstamp)
	-rm -f dsa/$(DEPDIR)/$(am__dirstamp)
	-rm -f dsa/$(am__dirstamp)
	-rm -f dso/$(DEPDIR)/$(am__dirstamp)







>
>







7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
	-rm -f cmac/$(am__dirstamp)
	-rm -f comp/$(DEPDIR)/$(am__dirstamp)
	-rm -f comp/$(am__dirstamp)
	-rm -f compat/$(DEPDIR)/$(am__dirstamp)
	-rm -f compat/$(am__dirstamp)
	-rm -f conf/$(DEPDIR)/$(am__dirstamp)
	-rm -f conf/$(am__dirstamp)
	-rm -f curve25519/$(DEPDIR)/$(am__dirstamp)
	-rm -f curve25519/$(am__dirstamp)
	-rm -f des/$(DEPDIR)/$(am__dirstamp)
	-rm -f des/$(am__dirstamp)
	-rm -f dh/$(DEPDIR)/$(am__dirstamp)
	-rm -f dh/$(am__dirstamp)
	-rm -f dsa/$(DEPDIR)/$(am__dirstamp)
	-rm -f dsa/$(am__dirstamp)
	-rm -f dso/$(DEPDIR)/$(am__dirstamp)
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
	-rm -f evp/$(am__dirstamp)
	-rm -f gost/$(DEPDIR)/$(am__dirstamp)
	-rm -f gost/$(am__dirstamp)
	-rm -f hmac/$(DEPDIR)/$(am__dirstamp)
	-rm -f hmac/$(am__dirstamp)
	-rm -f idea/$(DEPDIR)/$(am__dirstamp)
	-rm -f idea/$(am__dirstamp)
	-rm -f krb5/$(DEPDIR)/$(am__dirstamp)
	-rm -f krb5/$(am__dirstamp)
	-rm -f lhash/$(DEPDIR)/$(am__dirstamp)
	-rm -f lhash/$(am__dirstamp)
	-rm -f md4/$(DEPDIR)/$(am__dirstamp)
	-rm -f md4/$(am__dirstamp)
	-rm -f md5/$(DEPDIR)/$(am__dirstamp)
	-rm -f md5/$(am__dirstamp)
	-rm -f modes/$(DEPDIR)/$(am__dirstamp)







<
<







8023
8024
8025
8026
8027
8028
8029


8030
8031
8032
8033
8034
8035
8036
	-rm -f evp/$(am__dirstamp)
	-rm -f gost/$(DEPDIR)/$(am__dirstamp)
	-rm -f gost/$(am__dirstamp)
	-rm -f hmac/$(DEPDIR)/$(am__dirstamp)
	-rm -f hmac/$(am__dirstamp)
	-rm -f idea/$(DEPDIR)/$(am__dirstamp)
	-rm -f idea/$(am__dirstamp)


	-rm -f lhash/$(DEPDIR)/$(am__dirstamp)
	-rm -f lhash/$(am__dirstamp)
	-rm -f md4/$(DEPDIR)/$(am__dirstamp)
	-rm -f md4/$(am__dirstamp)
	-rm -f md5/$(DEPDIR)/$(am__dirstamp)
	-rm -f md5/$(am__dirstamp)
	-rm -f modes/$(DEPDIR)/$(am__dirstamp)
7714
7715
7716
7717
7718
7719
7720

7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
	-rm -f x509/$(am__dirstamp)
	-rm -f x509v3/$(DEPDIR)/$(am__dirstamp)
	-rm -f x509v3/$(am__dirstamp)

maintainer-clean-generic:
	@echo "This command is intended for maintainers to use"
	@echo "it deletes files that may require special tools to rebuild."

clean: clean-am

clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
	clean-noinstLTLIBRARIES mostlyclean-am

distclean: distclean-am
	-rm -rf ./$(DEPDIR) aes/$(DEPDIR) asn1/$(DEPDIR) bf/$(DEPDIR) bio/$(DEPDIR) bn/$(DEPDIR) buffer/$(DEPDIR) camellia/$(DEPDIR) cast/$(DEPDIR) chacha/$(DEPDIR) cmac/$(DEPDIR) comp/$(DEPDIR) compat/$(DEPDIR) conf/$(DEPDIR) des/$(DEPDIR) dh/$(DEPDIR) dsa/$(DEPDIR) dso/$(DEPDIR) ec/$(DEPDIR) ecdh/$(DEPDIR) ecdsa/$(DEPDIR) engine/$(DEPDIR) err/$(DEPDIR) evp/$(DEPDIR) gost/$(DEPDIR) hmac/$(DEPDIR) idea/$(DEPDIR) krb5/$(DEPDIR) lhash/$(DEPDIR) md4/$(DEPDIR) md5/$(DEPDIR) modes/$(DEPDIR) objects/$(DEPDIR) ocsp/$(DEPDIR) pem/$(DEPDIR) pkcs12/$(DEPDIR) pkcs7/$(DEPDIR) poly1305/$(DEPDIR) rand/$(DEPDIR) rc2/$(DEPDIR) rc4/$(DEPDIR) ripemd/$(DEPDIR) rsa/$(DEPDIR) sha/$(DEPDIR) stack/$(DEPDIR) ts/$(DEPDIR) txt_db/$(DEPDIR) ui/$(DEPDIR) whrlpool/$(DEPDIR) x509/$(DEPDIR) x509v3/$(DEPDIR)
	-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
	distclean-tags

dvi: dvi-am

dvi-am:







>






|







8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
	-rm -f x509/$(am__dirstamp)
	-rm -f x509v3/$(DEPDIR)/$(am__dirstamp)
	-rm -f x509v3/$(am__dirstamp)

maintainer-clean-generic:
	@echo "This command is intended for maintainers to use"
	@echo "it deletes files that may require special tools to rebuild."
	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am

clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
	clean-noinstLTLIBRARIES mostlyclean-am

distclean: distclean-am
	-rm -rf ./$(DEPDIR) aes/$(DEPDIR) asn1/$(DEPDIR) bf/$(DEPDIR) bio/$(DEPDIR) bn/$(DEPDIR) buffer/$(DEPDIR) camellia/$(DEPDIR) cast/$(DEPDIR) chacha/$(DEPDIR) cmac/$(DEPDIR) comp/$(DEPDIR) compat/$(DEPDIR) conf/$(DEPDIR) curve25519/$(DEPDIR) des/$(DEPDIR) dh/$(DEPDIR) dsa/$(DEPDIR) dso/$(DEPDIR) ec/$(DEPDIR) ecdh/$(DEPDIR) ecdsa/$(DEPDIR) engine/$(DEPDIR) err/$(DEPDIR) evp/$(DEPDIR) gost/$(DEPDIR) hmac/$(DEPDIR) idea/$(DEPDIR) lhash/$(DEPDIR) md4/$(DEPDIR) md5/$(DEPDIR) modes/$(DEPDIR) objects/$(DEPDIR) ocsp/$(DEPDIR) pem/$(DEPDIR) pkcs12/$(DEPDIR) pkcs7/$(DEPDIR) poly1305/$(DEPDIR) rand/$(DEPDIR) rc2/$(DEPDIR) rc4/$(DEPDIR) ripemd/$(DEPDIR) rsa/$(DEPDIR) sha/$(DEPDIR) stack/$(DEPDIR) ts/$(DEPDIR) txt_db/$(DEPDIR) ui/$(DEPDIR) whrlpool/$(DEPDIR) x509/$(DEPDIR) x509v3/$(DEPDIR)
	-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
	distclean-tags

dvi: dvi-am

dvi-am:
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
install-ps: install-ps-am

install-ps-am:

installcheck-am:

maintainer-clean: maintainer-clean-am
	-rm -rf ./$(DEPDIR) aes/$(DEPDIR) asn1/$(DEPDIR) bf/$(DEPDIR) bio/$(DEPDIR) bn/$(DEPDIR) buffer/$(DEPDIR) camellia/$(DEPDIR) cast/$(DEPDIR) chacha/$(DEPDIR) cmac/$(DEPDIR) comp/$(DEPDIR) compat/$(DEPDIR) conf/$(DEPDIR) des/$(DEPDIR) dh/$(DEPDIR) dsa/$(DEPDIR) dso/$(DEPDIR) ec/$(DEPDIR) ecdh/$(DEPDIR) ecdsa/$(DEPDIR) engine/$(DEPDIR) err/$(DEPDIR) evp/$(DEPDIR) gost/$(DEPDIR) hmac/$(DEPDIR) idea/$(DEPDIR) krb5/$(DEPDIR) lhash/$(DEPDIR) md4/$(DEPDIR) md5/$(DEPDIR) modes/$(DEPDIR) objects/$(DEPDIR) ocsp/$(DEPDIR) pem/$(DEPDIR) pkcs12/$(DEPDIR) pkcs7/$(DEPDIR) poly1305/$(DEPDIR) rand/$(DEPDIR) rc2/$(DEPDIR) rc4/$(DEPDIR) ripemd/$(DEPDIR) rsa/$(DEPDIR) sha/$(DEPDIR) stack/$(DEPDIR) ts/$(DEPDIR) txt_db/$(DEPDIR) ui/$(DEPDIR) whrlpool/$(DEPDIR) x509/$(DEPDIR) x509v3/$(DEPDIR)
	-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic

mostlyclean: mostlyclean-am

mostlyclean-am: mostlyclean-compile mostlyclean-generic \
	mostlyclean-libtool

pdf: pdf-am

pdf-am:

ps: ps-am

ps-am:

uninstall-am: uninstall-libLTLIBRARIES

.MAKE: install-am install-strip

.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
	clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
	cscopelist-am ctags ctags-am distclean distclean-compile \
	distclean-generic distclean-libtool distclean-tags distdir dvi \
	dvi-am html html-am info info-am install install-am \
	install-data install-data-am install-dvi install-dvi-am \







|


















|







8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
install-ps: install-ps-am

install-ps-am:

installcheck-am:

maintainer-clean: maintainer-clean-am
	-rm -rf ./$(DEPDIR) aes/$(DEPDIR) asn1/$(DEPDIR) bf/$(DEPDIR) bio/$(DEPDIR) bn/$(DEPDIR) buffer/$(DEPDIR) camellia/$(DEPDIR) cast/$(DEPDIR) chacha/$(DEPDIR) cmac/$(DEPDIR) comp/$(DEPDIR) compat/$(DEPDIR) conf/$(DEPDIR) curve25519/$(DEPDIR) des/$(DEPDIR) dh/$(DEPDIR) dsa/$(DEPDIR) dso/$(DEPDIR) ec/$(DEPDIR) ecdh/$(DEPDIR) ecdsa/$(DEPDIR) engine/$(DEPDIR) err/$(DEPDIR) evp/$(DEPDIR) gost/$(DEPDIR) hmac/$(DEPDIR) idea/$(DEPDIR) lhash/$(DEPDIR) md4/$(DEPDIR) md5/$(DEPDIR) modes/$(DEPDIR) objects/$(DEPDIR) ocsp/$(DEPDIR) pem/$(DEPDIR) pkcs12/$(DEPDIR) pkcs7/$(DEPDIR) poly1305/$(DEPDIR) rand/$(DEPDIR) rc2/$(DEPDIR) rc4/$(DEPDIR) ripemd/$(DEPDIR) rsa/$(DEPDIR) sha/$(DEPDIR) stack/$(DEPDIR) ts/$(DEPDIR) txt_db/$(DEPDIR) ui/$(DEPDIR) whrlpool/$(DEPDIR) x509/$(DEPDIR) x509v3/$(DEPDIR)
	-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic

mostlyclean: mostlyclean-am

mostlyclean-am: mostlyclean-compile mostlyclean-generic \
	mostlyclean-libtool

pdf: pdf-am

pdf-am:

ps: ps-am

ps-am:

uninstall-am: uninstall-libLTLIBRARIES

.MAKE: all check install install-am install-strip

.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
	clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
	cscopelist-am ctags ctags-am distclean distclean-compile \
	distclean-generic distclean-libtool distclean-tags distdir dvi \
	dvi-am html html-am info info-am install install-am \
	install-data install-data-am install-dvi install-dvi-am \
Changes to jni/libressl/crypto/VERSION.
1
38:0:0
|
1
41:1:0
Added jni/libressl/crypto/aes/aes-elf-x86_64.S.






































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
#include "x86_arch.h"

.text	
.type	_x86_64_AES_encrypt,@function
.align	16
_x86_64_AES_encrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	.Lenc_loop
.align	16
.Lenc_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	shrl	$16,%ecx
	movzbl	%ah,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movl	12(%r15),%edx
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movl	0(%r15),%eax
	xorl	1(%r14,%rdi,8),%r12d
	xorl	1(%r14,%rbp,8),%r8d

	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	.Lenc_loop
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	2(%r14,%rsi,8),%r10d
	movzbl	2(%r14,%rdi,8),%r11d
	movzbl	2(%r14,%rbp,8),%r12d

	movzbl	%dl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	2(%r14,%rsi,8),%r8d
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$65280,%edi
	andl	$65280,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%ecx

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	shrl	$16,%edx
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi

	andl	$65280,%esi
	andl	$65280,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$16711680,%edi
	andl	$16711680,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	2(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$4278190080,%edi
	andl	$4278190080,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movl	16+12(%r15),%edx
	movl	2(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	16+0(%r15),%eax

	andl	$4278190080,%esi
	andl	$4278190080,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
.type	_x86_64_AES_encrypt_compact,@function
.align	16
_x86_64_AES_encrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	.Lenc_loop_compact
.align	16
.Lenc_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%dh,%ebp
	movzbl	%ah,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%dh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ah,%edi
	shrl	$8,%ecx
	shrl	$8,%ebx
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rcx,1),%edx
	movzbl	(%r14,%rbx,1),%ecx
	shll	$16,%r9d
	shll	$16,%r13d
	shll	$16,%ebp
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%edi
	shll	$24,%edx
	xorl	%esi,%r10d
	shll	$24,%ecx
	xorl	%edi,%r11d
	movl	%r10d,%eax
	movl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	.Lenc_compact_done
	movl	%eax,%esi
	movl	%ebx,%edi
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	movl	%esi,%r10d
	movl	%edi,%r11d
	shrl	$7,%r10d
	leal	(%rax,%rax,1),%r8d
	shrl	$7,%r11d
	leal	(%rbx,%rbx,1),%r9d
	subl	%r10d,%esi
	subl	%r11d,%edi
	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%eax,%r10d
	movl	%ebx,%r11d
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%ecx,%esi
	movl	%edx,%edi
	roll	$24,%eax
	roll	$24,%ebx
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%esi,%r12d
	movl	%edi,%ebp
	rorl	$16,%r10d
	rorl	$16,%r11d
	shrl	$7,%r12d
	leal	(%rcx,%rcx,1),%r8d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	shrl	$7,%ebp
	leal	(%rdx,%rdx,1),%r9d
	rorl	$8,%r10d
	rorl	$8,%r11d
	subl	%r12d,%esi
	subl	%ebp,%edi
	xorl	%r10d,%eax
	xorl	%r11d,%ebx

	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%ecx,%r12d
	movl	%edx,%ebp
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	roll	$24,%ecx
	roll	$24,%edx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	movl	0(%r14),%esi
	rorl	$16,%r12d
	rorl	$16,%ebp
	movl	64(%r14),%edi
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	movl	128(%r14),%r8d
	rorl	$8,%r12d
	rorl	$8,%ebp
	movl	192(%r14),%r9d
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	jmp	.Lenc_loop_compact
.align	16
.Lenc_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
.globl	AES_encrypt
.type	AES_encrypt,@function
.align	16
.globl	asm_AES_encrypt
.hidden	asm_AES_encrypt
asm_AES_encrypt:
AES_encrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
.Lenc_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	.LAES_Te+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14

	call	_x86_64_AES_encrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lenc_epilogue:
	.byte	0xf3,0xc3
.size	AES_encrypt,.-AES_encrypt
.type	_x86_64_AES_decrypt,@function
.align	16
_x86_64_AES_decrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	.Ldec_loop
.align	16
.Ldec_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%bh,%esi
	shrl	$16,%eax
	movzbl	%ch,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	movl	12(%r15),%edx
	movzbl	%ah,%ebp
	xorl	1(%r14,%rsi,8),%r12d
	movl	0(%r15),%eax
	xorl	1(%r14,%rbp,8),%r8d

	xorl	%r10d,%eax
	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r12d,%ecx
	xorl	%r11d,%ebx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	.Ldec_loop
	leaq	2048(%r14),%r14
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	(%r14,%rsi,1),%r10d
	movzbl	(%r14,%rdi,1),%r11d
	movzbl	(%r14,%rbp,1),%r12d

	movzbl	%dl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movzbl	(%r14,%rsi,1),%r8d
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$8,%edi
	shll	$8,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%edx

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	shrl	$16,%eax
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi

	shll	$8,%esi
	shll	$8,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$16,%edi
	shll	$16,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$24,%edi
	shll	$24,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movl	16+12(%r15),%edx
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movl	16+0(%r15),%eax

	shll	$24,%esi
	shll	$24,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	leaq	-2048(%r14),%r14
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
.type	_x86_64_AES_decrypt_compact,@function
.align	16
_x86_64_AES_decrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	.Ldec_loop_compact

.align	16
.Ldec_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%bh,%ebp
	movzbl	%ch,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%bh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ch,%edi
	shll	$16,%r9d
	shll	$16,%r13d
	movzbl	(%r14,%rdi,1),%ebx
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d

	movzbl	%dh,%edi
	shrl	$8,%eax
	shll	$16,%ebp
	movzbl	(%r14,%rdi,1),%ecx
	movzbl	(%r14,%rax,1),%edx
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%ebx
	shll	$24,%ecx
	xorl	%esi,%r10d
	shll	$24,%edx
	xorl	%r11d,%ebx
	movl	%r10d,%eax
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	.Ldec_compact_done

	movq	256+0(%r14),%rsi
	shlq	$32,%rbx
	shlq	$32,%rdx
	movq	256+8(%r14),%rdi
	orq	%rbx,%rax
	orq	%rdx,%rcx
	movq	256+16(%r14),%rbp
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	0(%r14),%rsi
	shrq	$32,%r8
	shrq	$32,%r11
	movq	64(%r14),%rdi
	roll	$16,%r9d
	roll	$16,%r12d
	movq	128(%r14),%rbp
	roll	$16,%r8d
	roll	$16,%r11d
	movq	192(%r14),%r10
	xorl	%r9d,%eax
	xorl	%r12d,%ecx
	movq	256(%r14),%r13
	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	jmp	.Ldec_loop_compact
.align	16
.Ldec_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
.globl	AES_decrypt
.type	AES_decrypt,@function
.align	16
.globl	asm_AES_decrypt
.hidden	asm_AES_decrypt
asm_AES_decrypt:
AES_decrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
.Ldec_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	.LAES_Td+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14
	shrq	$3,%rbp
	addq	%rbp,%r14

	call	_x86_64_AES_decrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Ldec_epilogue:
	.byte	0xf3,0xc3
.size	AES_decrypt,.-AES_decrypt
.globl	AES_set_encrypt_key
.type	AES_set_encrypt_key,@function
.align	16
AES_set_encrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$8,%rsp
.Lenc_key_prologue:

	call	_x86_64_AES_set_encrypt_key

	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
.Lenc_key_epilogue:
	.byte	0xf3,0xc3
.size	AES_set_encrypt_key,.-AES_set_encrypt_key

.type	_x86_64_AES_set_encrypt_key,@function
.align	16
_x86_64_AES_set_encrypt_key:
	movl	%esi,%ecx
	movq	%rdi,%rsi
	movq	%rdx,%rdi

	testq	$-1,%rsi
	jz	.Lbadpointer
	testq	$-1,%rdi
	jz	.Lbadpointer

	leaq	.LAES_Te(%rip),%rbp
	leaq	2048+128(%rbp),%rbp


	movl	0-128(%rbp),%eax
	movl	32-128(%rbp),%ebx
	movl	64-128(%rbp),%r8d
	movl	96-128(%rbp),%edx
	movl	128-128(%rbp),%eax
	movl	160-128(%rbp),%ebx
	movl	192-128(%rbp),%r8d
	movl	224-128(%rbp),%edx

	cmpl	$128,%ecx
	je	.L10rounds
	cmpl	$192,%ecx
	je	.L12rounds
	cmpl	$256,%ecx
	je	.L14rounds
	movq	$-2,%rax
	jmp	.Lexit

.L10rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rdx,8(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	.L10shortcut
.align	4
.L10loop:
	movl	0(%rdi),%eax
	movl	12(%rdi),%edx
.L10shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,16(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,20(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,24(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,28(%rdi)
	addl	$1,%ecx
	leaq	16(%rdi),%rdi
	cmpl	$10,%ecx
	jl	.L10loop

	movl	$10,80(%rdi)
	xorq	%rax,%rax
	jmp	.Lexit

.L12rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rdx,16(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	.L12shortcut
.align	4
.L12loop:
	movl	0(%rdi),%eax
	movl	20(%rdi),%edx
.L12shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,24(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,28(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,32(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,36(%rdi)

	cmpl	$7,%ecx
	je	.L12break
	addl	$1,%ecx

	xorl	16(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,44(%rdi)

	leaq	24(%rdi),%rdi
	jmp	.L12loop
.L12break:
	movl	$12,72(%rdi)
	xorq	%rax,%rax
	jmp	.Lexit

.L14rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rcx
	movq	24(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,16(%rdi)
	movq	%rdx,24(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	.L14shortcut
.align	4
.L14loop:
	movl	0(%rdi),%eax
	movl	28(%rdi),%edx
.L14shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,32(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,36(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,44(%rdi)

	cmpl	$6,%ecx
	je	.L14break
	addl	$1,%ecx

	movl	%eax,%edx
	movl	16(%rdi),%eax
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	shll	$8,%ebx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$16,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$24,%ebx
	xorl	%ebx,%eax

	movl	%eax,48(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,52(%rdi)
	xorl	24(%rdi),%eax
	movl	%eax,56(%rdi)
	xorl	28(%rdi),%eax
	movl	%eax,60(%rdi)

	leaq	32(%rdi),%rdi
	jmp	.L14loop
.L14break:
	movl	$14,48(%rdi)
	xorq	%rax,%rax
	jmp	.Lexit

.Lbadpointer:
	movq	$-1,%rax
.Lexit:
.byte	0xf3,0xc3			
.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
.globl	AES_set_decrypt_key
.type	AES_set_decrypt_key,@function
.align	16
AES_set_decrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	pushq	%rdx
.Ldec_key_prologue:

	call	_x86_64_AES_set_encrypt_key
	movq	(%rsp),%r8
	cmpl	$0,%eax
	jne	.Labort

	movl	240(%r8),%r14d
	xorq	%rdi,%rdi
	leaq	(%rdi,%r14,4),%rcx
	movq	%r8,%rsi
	leaq	(%r8,%rcx,4),%rdi
.align	4
.Linvert:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	0(%rdi),%rcx
	movq	8(%rdi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,0(%rsi)
	movq	%rdx,8(%rsi)
	leaq	16(%rsi),%rsi
	leaq	-16(%rdi),%rdi
	cmpq	%rsi,%rdi
	jne	.Linvert

	leaq	.LAES_Te+2048+1024(%rip),%rax

	movq	40(%rax),%rsi
	movq	48(%rax),%rdi
	movq	56(%rax),%rbp

	movq	%r8,%r15
	subl	$1,%r14d
.align	4
.Lpermute:
	leaq	16(%r15),%r15
	movq	0(%r15),%rax
	movq	8(%r15),%rcx
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx


	shrq	$32,%r8
	shrq	$32,%r11

	roll	$16,%r9d
	roll	$16,%r12d

	roll	$16,%r8d
	roll	$16,%r11d

	xorl	%r9d,%eax
	xorl	%r12d,%ecx

	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	movl	%eax,0(%r15)
	movl	%ebx,4(%r15)
	movl	%ecx,8(%r15)
	movl	%edx,12(%r15)
	subl	$1,%r14d
	jnz	.Lpermute

	xorq	%rax,%rax
.Labort:
	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
.Ldec_key_epilogue:
	.byte	0xf3,0xc3
.size	AES_set_decrypt_key,.-AES_set_decrypt_key
.globl	AES_cbc_encrypt
.type	AES_cbc_encrypt,@function
.align	16

.hidden	OPENSSL_ia32cap_P
.globl	asm_AES_cbc_encrypt
.hidden	asm_AES_cbc_encrypt
asm_AES_cbc_encrypt:
AES_cbc_encrypt:
	cmpq	$0,%rdx
	je	.Lcbc_epilogue
	pushfq
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lcbc_prologue:

	cld
	movl	%r9d,%r9d

	leaq	.LAES_Te(%rip),%r14
	cmpq	$0,%r9
	jne	.Lcbc_picked_te
	leaq	.LAES_Td(%rip),%r14
.Lcbc_picked_te:

	movl	OPENSSL_ia32cap_P(%rip),%r10d
	cmpq	$512,%rdx
	jb	.Lcbc_slow_prologue
	testq	$15,%rdx
	jnz	.Lcbc_slow_prologue
	btl	$IA32CAP_BIT0_HT,%r10d
	jc	.Lcbc_slow_prologue


	leaq	-88-248(%rsp),%r15
	andq	$-64,%r15


	movq	%r14,%r10
	leaq	2304(%r14),%r11
	movq	%r15,%r12
	andq	$4095,%r10
	andq	$4095,%r11
	andq	$4095,%r12

	cmpq	%r11,%r12
	jb	.Lcbc_te_break_out
	subq	%r11,%r12
	subq	%r12,%r15
	jmp	.Lcbc_te_ok
.Lcbc_te_break_out:
	subq	%r10,%r12
	andq	$4095,%r12
	addq	$320,%r12
	subq	%r12,%r15
.align	4
.Lcbc_te_ok:

	xchgq	%rsp,%r15

	movq	%r15,16(%rsp)
.Lcbc_fast_body:
	movq	%rdi,24(%rsp)
	movq	%rsi,32(%rsp)
	movq	%rdx,40(%rsp)
	movq	%rcx,48(%rsp)
	movq	%r8,56(%rsp)
	movl	$0,80+240(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15

	movl	240(%r15),%eax

	movq	%r15,%r10
	subq	%r14,%r10
	andq	$4095,%r10
	cmpq	$2304,%r10
	jb	.Lcbc_do_ecopy
	cmpq	$4096-248,%r10
	jb	.Lcbc_skip_ecopy
.align	4
.Lcbc_do_ecopy:
	movq	%r15,%rsi
	leaq	80(%rsp),%rdi
	leaq	80(%rsp),%r15
	movl	$30,%ecx
.long	0x90A548F3	
	movl	%eax,(%rdi)
.Lcbc_skip_ecopy:
	movq	%r15,0(%rsp)

	movl	$18,%ecx
.align	4
.Lcbc_prefetch_te:
	movq	0(%r14),%r10
	movq	32(%r14),%r11
	movq	64(%r14),%r12
	movq	96(%r14),%r13
	leaq	128(%r14),%r14
	subl	$1,%ecx
	jnz	.Lcbc_prefetch_te
	leaq	-2304(%r14),%r14

	cmpq	$0,%rbx
	je	.LFAST_DECRYPT


	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx

.align	4
.Lcbc_fast_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_encrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	movq	%r10,40(%rsp)
	jnz	.Lcbc_fast_enc_loop
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	.Lcbc_fast_cleanup


.align	16
.LFAST_DECRYPT:
	cmpq	%r8,%r9
	je	.Lcbc_fast_dec_in_place

	movq	%rbp,64(%rsp)
.align	4
.Lcbc_fast_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	64(%rsp),%rbp
	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0(%rbp),%eax
	xorl	4(%rbp),%ebx
	xorl	8(%rbp),%ecx
	xorl	12(%rbp),%edx
	movq	%r8,%rbp

	subq	$16,%r10
	movq	%r10,40(%rsp)
	movq	%rbp,64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jnz	.Lcbc_fast_dec_loop
	movq	56(%rsp),%r12
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0(%r12)
	movq	%r11,8(%r12)
	jmp	.Lcbc_fast_cleanup

.align	16
.Lcbc_fast_dec_in_place:
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0+64(%rsp)
	movq	%r11,8+64(%rsp)
.align	4
.Lcbc_fast_dec_in_place_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jz	.Lcbc_fast_dec_in_place_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	movq	%r10,40(%rsp)
	jmp	.Lcbc_fast_dec_in_place_loop
.Lcbc_fast_dec_in_place_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

.align	4
.Lcbc_fast_cleanup:
	cmpl	$0,80+240(%rsp)
	leaq	80(%rsp),%rdi
	je	.Lcbc_exit
	movl	$30,%ecx
	xorq	%rax,%rax
.long	0x90AB48F3	

	jmp	.Lcbc_exit


.align	16
.Lcbc_slow_prologue:

	leaq	-88(%rsp),%rbp
	andq	$-64,%rbp

	leaq	-88-63(%rcx),%r10
	subq	%rbp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rbp

	xchgq	%rsp,%rbp

	movq	%rbp,16(%rsp)
.Lcbc_slow_body:




	movq	%r8,56(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15
	movq	%rdx,%r10

	movl	240(%r15),%eax
	movq	%r15,0(%rsp)
	shll	$4,%eax
	leaq	(%r15,%rax,1),%rax
	movq	%rax,8(%rsp)


	leaq	2048(%r14),%r14
	leaq	768-8(%rsp),%rax
	subq	%r14,%rax
	andq	$768,%rax
	leaq	(%r14,%rax,1),%r14

	cmpq	$0,%rbx
	je	.LSLOW_DECRYPT


	testq	$-16,%r10
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx
	jz	.Lcbc_slow_enc_tail	

.align	4
.Lcbc_slow_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_encrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	jnz	.Lcbc_slow_enc_loop
	testq	$15,%r10
	jnz	.Lcbc_slow_enc_tail
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	.Lcbc_exit

.align	4
.Lcbc_slow_enc_tail:
	movq	%rax,%r11
	movq	%rcx,%r12
	movq	%r10,%rcx
	movq	%r8,%rsi
	movq	%r9,%rdi
.long	0x9066A4F3		
	movq	$16,%rcx
	subq	%r10,%rcx
	xorq	%rax,%rax
.long	0x9066AAF3		
	movq	%r9,%r8
	movq	$16,%r10
	movq	%r11,%rax
	movq	%r12,%rcx
	jmp	.Lcbc_slow_enc_loop	

.align	16
.LSLOW_DECRYPT:
	shrq	$3,%rax
	addq	%rax,%r14

	movq	0(%rbp),%r11
	movq	8(%rbp),%r12
	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

.align	4
.Lcbc_slow_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_decrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jc	.Lcbc_slow_dec_partial
	jz	.Lcbc_slow_dec_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jmp	.Lcbc_slow_dec_loop
.Lcbc_slow_dec_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	jmp	.Lcbc_exit

.align	4
.Lcbc_slow_dec_partial:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0+64(%rsp)
	movl	%ebx,4+64(%rsp)
	movl	%ecx,8+64(%rsp)
	movl	%edx,12+64(%rsp)

	movq	%r9,%rdi
	leaq	64(%rsp),%rsi
	leaq	16(%r10),%rcx
.long	0x9066A4F3	
	jmp	.Lcbc_exit

.align	16
.Lcbc_exit:
	movq	16(%rsp),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lcbc_popfq:
	popfq
.Lcbc_epilogue:
	.byte	0xf3,0xc3
.size	AES_cbc_encrypt,.-AES_cbc_encrypt
.align	64
.LAES_Te:
.long	0xa56363c6,0xa56363c6
.long	0x847c7cf8,0x847c7cf8
.long	0x997777ee,0x997777ee
.long	0x8d7b7bf6,0x8d7b7bf6
.long	0x0df2f2ff,0x0df2f2ff
.long	0xbd6b6bd6,0xbd6b6bd6
.long	0xb16f6fde,0xb16f6fde
.long	0x54c5c591,0x54c5c591
.long	0x50303060,0x50303060
.long	0x03010102,0x03010102
.long	0xa96767ce,0xa96767ce
.long	0x7d2b2b56,0x7d2b2b56
.long	0x19fefee7,0x19fefee7
.long	0x62d7d7b5,0x62d7d7b5
.long	0xe6abab4d,0xe6abab4d
.long	0x9a7676ec,0x9a7676ec
.long	0x45caca8f,0x45caca8f
.long	0x9d82821f,0x9d82821f
.long	0x40c9c989,0x40c9c989
.long	0x877d7dfa,0x877d7dfa
.long	0x15fafaef,0x15fafaef
.long	0xeb5959b2,0xeb5959b2
.long	0xc947478e,0xc947478e
.long	0x0bf0f0fb,0x0bf0f0fb
.long	0xecadad41,0xecadad41
.long	0x67d4d4b3,0x67d4d4b3
.long	0xfda2a25f,0xfda2a25f
.long	0xeaafaf45,0xeaafaf45
.long	0xbf9c9c23,0xbf9c9c23
.long	0xf7a4a453,0xf7a4a453
.long	0x967272e4,0x967272e4
.long	0x5bc0c09b,0x5bc0c09b
.long	0xc2b7b775,0xc2b7b775
.long	0x1cfdfde1,0x1cfdfde1
.long	0xae93933d,0xae93933d
.long	0x6a26264c,0x6a26264c
.long	0x5a36366c,0x5a36366c
.long	0x413f3f7e,0x413f3f7e
.long	0x02f7f7f5,0x02f7f7f5
.long	0x4fcccc83,0x4fcccc83
.long	0x5c343468,0x5c343468
.long	0xf4a5a551,0xf4a5a551
.long	0x34e5e5d1,0x34e5e5d1
.long	0x08f1f1f9,0x08f1f1f9
.long	0x937171e2,0x937171e2
.long	0x73d8d8ab,0x73d8d8ab
.long	0x53313162,0x53313162
.long	0x3f15152a,0x3f15152a
.long	0x0c040408,0x0c040408
.long	0x52c7c795,0x52c7c795
.long	0x65232346,0x65232346
.long	0x5ec3c39d,0x5ec3c39d
.long	0x28181830,0x28181830
.long	0xa1969637,0xa1969637
.long	0x0f05050a,0x0f05050a
.long	0xb59a9a2f,0xb59a9a2f
.long	0x0907070e,0x0907070e
.long	0x36121224,0x36121224
.long	0x9b80801b,0x9b80801b
.long	0x3de2e2df,0x3de2e2df
.long	0x26ebebcd,0x26ebebcd
.long	0x6927274e,0x6927274e
.long	0xcdb2b27f,0xcdb2b27f
.long	0x9f7575ea,0x9f7575ea
.long	0x1b090912,0x1b090912
.long	0x9e83831d,0x9e83831d
.long	0x742c2c58,0x742c2c58
.long	0x2e1a1a34,0x2e1a1a34
.long	0x2d1b1b36,0x2d1b1b36
.long	0xb26e6edc,0xb26e6edc
.long	0xee5a5ab4,0xee5a5ab4
.long	0xfba0a05b,0xfba0a05b
.long	0xf65252a4,0xf65252a4
.long	0x4d3b3b76,0x4d3b3b76
.long	0x61d6d6b7,0x61d6d6b7
.long	0xceb3b37d,0xceb3b37d
.long	0x7b292952,0x7b292952
.long	0x3ee3e3dd,0x3ee3e3dd
.long	0x712f2f5e,0x712f2f5e
.long	0x97848413,0x97848413
.long	0xf55353a6,0xf55353a6
.long	0x68d1d1b9,0x68d1d1b9
.long	0x00000000,0x00000000
.long	0x2cededc1,0x2cededc1
.long	0x60202040,0x60202040
.long	0x1ffcfce3,0x1ffcfce3
.long	0xc8b1b179,0xc8b1b179
.long	0xed5b5bb6,0xed5b5bb6
.long	0xbe6a6ad4,0xbe6a6ad4
.long	0x46cbcb8d,0x46cbcb8d
.long	0xd9bebe67,0xd9bebe67
.long	0x4b393972,0x4b393972
.long	0xde4a4a94,0xde4a4a94
.long	0xd44c4c98,0xd44c4c98
.long	0xe85858b0,0xe85858b0
.long	0x4acfcf85,0x4acfcf85
.long	0x6bd0d0bb,0x6bd0d0bb
.long	0x2aefefc5,0x2aefefc5
.long	0xe5aaaa4f,0xe5aaaa4f
.long	0x16fbfbed,0x16fbfbed
.long	0xc5434386,0xc5434386
.long	0xd74d4d9a,0xd74d4d9a
.long	0x55333366,0x55333366
.long	0x94858511,0x94858511
.long	0xcf45458a,0xcf45458a
.long	0x10f9f9e9,0x10f9f9e9
.long	0x06020204,0x06020204
.long	0x817f7ffe,0x817f7ffe
.long	0xf05050a0,0xf05050a0
.long	0x443c3c78,0x443c3c78
.long	0xba9f9f25,0xba9f9f25
.long	0xe3a8a84b,0xe3a8a84b
.long	0xf35151a2,0xf35151a2
.long	0xfea3a35d,0xfea3a35d
.long	0xc0404080,0xc0404080
.long	0x8a8f8f05,0x8a8f8f05
.long	0xad92923f,0xad92923f
.long	0xbc9d9d21,0xbc9d9d21
.long	0x48383870,0x48383870
.long	0x04f5f5f1,0x04f5f5f1
.long	0xdfbcbc63,0xdfbcbc63
.long	0xc1b6b677,0xc1b6b677
.long	0x75dadaaf,0x75dadaaf
.long	0x63212142,0x63212142
.long	0x30101020,0x30101020
.long	0x1affffe5,0x1affffe5
.long	0x0ef3f3fd,0x0ef3f3fd
.long	0x6dd2d2bf,0x6dd2d2bf
.long	0x4ccdcd81,0x4ccdcd81
.long	0x140c0c18,0x140c0c18
.long	0x35131326,0x35131326
.long	0x2fececc3,0x2fececc3
.long	0xe15f5fbe,0xe15f5fbe
.long	0xa2979735,0xa2979735
.long	0xcc444488,0xcc444488
.long	0x3917172e,0x3917172e
.long	0x57c4c493,0x57c4c493
.long	0xf2a7a755,0xf2a7a755
.long	0x827e7efc,0x827e7efc
.long	0x473d3d7a,0x473d3d7a
.long	0xac6464c8,0xac6464c8
.long	0xe75d5dba,0xe75d5dba
.long	0x2b191932,0x2b191932
.long	0x957373e6,0x957373e6
.long	0xa06060c0,0xa06060c0
.long	0x98818119,0x98818119
.long	0xd14f4f9e,0xd14f4f9e
.long	0x7fdcdca3,0x7fdcdca3
.long	0x66222244,0x66222244
.long	0x7e2a2a54,0x7e2a2a54
.long	0xab90903b,0xab90903b
.long	0x8388880b,0x8388880b
.long	0xca46468c,0xca46468c
.long	0x29eeeec7,0x29eeeec7
.long	0xd3b8b86b,0xd3b8b86b
.long	0x3c141428,0x3c141428
.long	0x79dedea7,0x79dedea7
.long	0xe25e5ebc,0xe25e5ebc
.long	0x1d0b0b16,0x1d0b0b16
.long	0x76dbdbad,0x76dbdbad
.long	0x3be0e0db,0x3be0e0db
.long	0x56323264,0x56323264
.long	0x4e3a3a74,0x4e3a3a74
.long	0x1e0a0a14,0x1e0a0a14
.long	0xdb494992,0xdb494992
.long	0x0a06060c,0x0a06060c
.long	0x6c242448,0x6c242448
.long	0xe45c5cb8,0xe45c5cb8
.long	0x5dc2c29f,0x5dc2c29f
.long	0x6ed3d3bd,0x6ed3d3bd
.long	0xefacac43,0xefacac43
.long	0xa66262c4,0xa66262c4
.long	0xa8919139,0xa8919139
.long	0xa4959531,0xa4959531
.long	0x37e4e4d3,0x37e4e4d3
.long	0x8b7979f2,0x8b7979f2
.long	0x32e7e7d5,0x32e7e7d5
.long	0x43c8c88b,0x43c8c88b
.long	0x5937376e,0x5937376e
.long	0xb76d6dda,0xb76d6dda
.long	0x8c8d8d01,0x8c8d8d01
.long	0x64d5d5b1,0x64d5d5b1
.long	0xd24e4e9c,0xd24e4e9c
.long	0xe0a9a949,0xe0a9a949
.long	0xb46c6cd8,0xb46c6cd8
.long	0xfa5656ac,0xfa5656ac
.long	0x07f4f4f3,0x07f4f4f3
.long	0x25eaeacf,0x25eaeacf
.long	0xaf6565ca,0xaf6565ca
.long	0x8e7a7af4,0x8e7a7af4
.long	0xe9aeae47,0xe9aeae47
.long	0x18080810,0x18080810
.long	0xd5baba6f,0xd5baba6f
.long	0x887878f0,0x887878f0
.long	0x6f25254a,0x6f25254a
.long	0x722e2e5c,0x722e2e5c
.long	0x241c1c38,0x241c1c38
.long	0xf1a6a657,0xf1a6a657
.long	0xc7b4b473,0xc7b4b473
.long	0x51c6c697,0x51c6c697
.long	0x23e8e8cb,0x23e8e8cb
.long	0x7cdddda1,0x7cdddda1
.long	0x9c7474e8,0x9c7474e8
.long	0x211f1f3e,0x211f1f3e
.long	0xdd4b4b96,0xdd4b4b96
.long	0xdcbdbd61,0xdcbdbd61
.long	0x868b8b0d,0x868b8b0d
.long	0x858a8a0f,0x858a8a0f
.long	0x907070e0,0x907070e0
.long	0x423e3e7c,0x423e3e7c
.long	0xc4b5b571,0xc4b5b571
.long	0xaa6666cc,0xaa6666cc
.long	0xd8484890,0xd8484890
.long	0x05030306,0x05030306
.long	0x01f6f6f7,0x01f6f6f7
.long	0x120e0e1c,0x120e0e1c
.long	0xa36161c2,0xa36161c2
.long	0x5f35356a,0x5f35356a
.long	0xf95757ae,0xf95757ae
.long	0xd0b9b969,0xd0b9b969
.long	0x91868617,0x91868617
.long	0x58c1c199,0x58c1c199
.long	0x271d1d3a,0x271d1d3a
.long	0xb99e9e27,0xb99e9e27
.long	0x38e1e1d9,0x38e1e1d9
.long	0x13f8f8eb,0x13f8f8eb
.long	0xb398982b,0xb398982b
.long	0x33111122,0x33111122
.long	0xbb6969d2,0xbb6969d2
.long	0x70d9d9a9,0x70d9d9a9
.long	0x898e8e07,0x898e8e07
.long	0xa7949433,0xa7949433
.long	0xb69b9b2d,0xb69b9b2d
.long	0x221e1e3c,0x221e1e3c
.long	0x92878715,0x92878715
.long	0x20e9e9c9,0x20e9e9c9
.long	0x49cece87,0x49cece87
.long	0xff5555aa,0xff5555aa
.long	0x78282850,0x78282850
.long	0x7adfdfa5,0x7adfdfa5
.long	0x8f8c8c03,0x8f8c8c03
.long	0xf8a1a159,0xf8a1a159
.long	0x80898909,0x80898909
.long	0x170d0d1a,0x170d0d1a
.long	0xdabfbf65,0xdabfbf65
.long	0x31e6e6d7,0x31e6e6d7
.long	0xc6424284,0xc6424284
.long	0xb86868d0,0xb86868d0
.long	0xc3414182,0xc3414182
.long	0xb0999929,0xb0999929
.long	0x772d2d5a,0x772d2d5a
.long	0x110f0f1e,0x110f0f1e
.long	0xcbb0b07b,0xcbb0b07b
.long	0xfc5454a8,0xfc5454a8
.long	0xd6bbbb6d,0xd6bbbb6d
.long	0x3a16162c,0x3a16162c
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
.align	64
.LAES_Td:
.long	0x50a7f451,0x50a7f451
.long	0x5365417e,0x5365417e
.long	0xc3a4171a,0xc3a4171a
.long	0x965e273a,0x965e273a
.long	0xcb6bab3b,0xcb6bab3b
.long	0xf1459d1f,0xf1459d1f
.long	0xab58faac,0xab58faac
.long	0x9303e34b,0x9303e34b
.long	0x55fa3020,0x55fa3020
.long	0xf66d76ad,0xf66d76ad
.long	0x9176cc88,0x9176cc88
.long	0x254c02f5,0x254c02f5
.long	0xfcd7e54f,0xfcd7e54f
.long	0xd7cb2ac5,0xd7cb2ac5
.long	0x80443526,0x80443526
.long	0x8fa362b5,0x8fa362b5
.long	0x495ab1de,0x495ab1de
.long	0x671bba25,0x671bba25
.long	0x980eea45,0x980eea45
.long	0xe1c0fe5d,0xe1c0fe5d
.long	0x02752fc3,0x02752fc3
.long	0x12f04c81,0x12f04c81
.long	0xa397468d,0xa397468d
.long	0xc6f9d36b,0xc6f9d36b
.long	0xe75f8f03,0xe75f8f03
.long	0x959c9215,0x959c9215
.long	0xeb7a6dbf,0xeb7a6dbf
.long	0xda595295,0xda595295
.long	0x2d83bed4,0x2d83bed4
.long	0xd3217458,0xd3217458
.long	0x2969e049,0x2969e049
.long	0x44c8c98e,0x44c8c98e
.long	0x6a89c275,0x6a89c275
.long	0x78798ef4,0x78798ef4
.long	0x6b3e5899,0x6b3e5899
.long	0xdd71b927,0xdd71b927
.long	0xb64fe1be,0xb64fe1be
.long	0x17ad88f0,0x17ad88f0
.long	0x66ac20c9,0x66ac20c9
.long	0xb43ace7d,0xb43ace7d
.long	0x184adf63,0x184adf63
.long	0x82311ae5,0x82311ae5
.long	0x60335197,0x60335197
.long	0x457f5362,0x457f5362
.long	0xe07764b1,0xe07764b1
.long	0x84ae6bbb,0x84ae6bbb
.long	0x1ca081fe,0x1ca081fe
.long	0x942b08f9,0x942b08f9
.long	0x58684870,0x58684870
.long	0x19fd458f,0x19fd458f
.long	0x876cde94,0x876cde94
.long	0xb7f87b52,0xb7f87b52
.long	0x23d373ab,0x23d373ab
.long	0xe2024b72,0xe2024b72
.long	0x578f1fe3,0x578f1fe3
.long	0x2aab5566,0x2aab5566
.long	0x0728ebb2,0x0728ebb2
.long	0x03c2b52f,0x03c2b52f
.long	0x9a7bc586,0x9a7bc586
.long	0xa50837d3,0xa50837d3
.long	0xf2872830,0xf2872830
.long	0xb2a5bf23,0xb2a5bf23
.long	0xba6a0302,0xba6a0302
.long	0x5c8216ed,0x5c8216ed
.long	0x2b1ccf8a,0x2b1ccf8a
.long	0x92b479a7,0x92b479a7
.long	0xf0f207f3,0xf0f207f3
.long	0xa1e2694e,0xa1e2694e
.long	0xcdf4da65,0xcdf4da65
.long	0xd5be0506,0xd5be0506
.long	0x1f6234d1,0x1f6234d1
.long	0x8afea6c4,0x8afea6c4
.long	0x9d532e34,0x9d532e34
.long	0xa055f3a2,0xa055f3a2
.long	0x32e18a05,0x32e18a05
.long	0x75ebf6a4,0x75ebf6a4
.long	0x39ec830b,0x39ec830b
.long	0xaaef6040,0xaaef6040
.long	0x069f715e,0x069f715e
.long	0x51106ebd,0x51106ebd
.long	0xf98a213e,0xf98a213e
.long	0x3d06dd96,0x3d06dd96
.long	0xae053edd,0xae053edd
.long	0x46bde64d,0x46bde64d
.long	0xb58d5491,0xb58d5491
.long	0x055dc471,0x055dc471
.long	0x6fd40604,0x6fd40604
.long	0xff155060,0xff155060
.long	0x24fb9819,0x24fb9819
.long	0x97e9bdd6,0x97e9bdd6
.long	0xcc434089,0xcc434089
.long	0x779ed967,0x779ed967
.long	0xbd42e8b0,0xbd42e8b0
.long	0x888b8907,0x888b8907
.long	0x385b19e7,0x385b19e7
.long	0xdbeec879,0xdbeec879
.long	0x470a7ca1,0x470a7ca1
.long	0xe90f427c,0xe90f427c
.long	0xc91e84f8,0xc91e84f8
.long	0x00000000,0x00000000
.long	0x83868009,0x83868009
.long	0x48ed2b32,0x48ed2b32
.long	0xac70111e,0xac70111e
.long	0x4e725a6c,0x4e725a6c
.long	0xfbff0efd,0xfbff0efd
.long	0x5638850f,0x5638850f
.long	0x1ed5ae3d,0x1ed5ae3d
.long	0x27392d36,0x27392d36
.long	0x64d90f0a,0x64d90f0a
.long	0x21a65c68,0x21a65c68
.long	0xd1545b9b,0xd1545b9b
.long	0x3a2e3624,0x3a2e3624
.long	0xb1670a0c,0xb1670a0c
.long	0x0fe75793,0x0fe75793
.long	0xd296eeb4,0xd296eeb4
.long	0x9e919b1b,0x9e919b1b
.long	0x4fc5c080,0x4fc5c080
.long	0xa220dc61,0xa220dc61
.long	0x694b775a,0x694b775a
.long	0x161a121c,0x161a121c
.long	0x0aba93e2,0x0aba93e2
.long	0xe52aa0c0,0xe52aa0c0
.long	0x43e0223c,0x43e0223c
.long	0x1d171b12,0x1d171b12
.long	0x0b0d090e,0x0b0d090e
.long	0xadc78bf2,0xadc78bf2
.long	0xb9a8b62d,0xb9a8b62d
.long	0xc8a91e14,0xc8a91e14
.long	0x8519f157,0x8519f157
.long	0x4c0775af,0x4c0775af
.long	0xbbdd99ee,0xbbdd99ee
.long	0xfd607fa3,0xfd607fa3
.long	0x9f2601f7,0x9f2601f7
.long	0xbcf5725c,0xbcf5725c
.long	0xc53b6644,0xc53b6644
.long	0x347efb5b,0x347efb5b
.long	0x7629438b,0x7629438b
.long	0xdcc623cb,0xdcc623cb
.long	0x68fcedb6,0x68fcedb6
.long	0x63f1e4b8,0x63f1e4b8
.long	0xcadc31d7,0xcadc31d7
.long	0x10856342,0x10856342
.long	0x40229713,0x40229713
.long	0x2011c684,0x2011c684
.long	0x7d244a85,0x7d244a85
.long	0xf83dbbd2,0xf83dbbd2
.long	0x1132f9ae,0x1132f9ae
.long	0x6da129c7,0x6da129c7
.long	0x4b2f9e1d,0x4b2f9e1d
.long	0xf330b2dc,0xf330b2dc
.long	0xec52860d,0xec52860d
.long	0xd0e3c177,0xd0e3c177
.long	0x6c16b32b,0x6c16b32b
.long	0x99b970a9,0x99b970a9
.long	0xfa489411,0xfa489411
.long	0x2264e947,0x2264e947
.long	0xc48cfca8,0xc48cfca8
.long	0x1a3ff0a0,0x1a3ff0a0
.long	0xd82c7d56,0xd82c7d56
.long	0xef903322,0xef903322
.long	0xc74e4987,0xc74e4987
.long	0xc1d138d9,0xc1d138d9
.long	0xfea2ca8c,0xfea2ca8c
.long	0x360bd498,0x360bd498
.long	0xcf81f5a6,0xcf81f5a6
.long	0x28de7aa5,0x28de7aa5
.long	0x268eb7da,0x268eb7da
.long	0xa4bfad3f,0xa4bfad3f
.long	0xe49d3a2c,0xe49d3a2c
.long	0x0d927850,0x0d927850
.long	0x9bcc5f6a,0x9bcc5f6a
.long	0x62467e54,0x62467e54
.long	0xc2138df6,0xc2138df6
.long	0xe8b8d890,0xe8b8d890
.long	0x5ef7392e,0x5ef7392e
.long	0xf5afc382,0xf5afc382
.long	0xbe805d9f,0xbe805d9f
.long	0x7c93d069,0x7c93d069
.long	0xa92dd56f,0xa92dd56f
.long	0xb31225cf,0xb31225cf
.long	0x3b99acc8,0x3b99acc8
.long	0xa77d1810,0xa77d1810
.long	0x6e639ce8,0x6e639ce8
.long	0x7bbb3bdb,0x7bbb3bdb
.long	0x097826cd,0x097826cd
.long	0xf418596e,0xf418596e
.long	0x01b79aec,0x01b79aec
.long	0xa89a4f83,0xa89a4f83
.long	0x656e95e6,0x656e95e6
.long	0x7ee6ffaa,0x7ee6ffaa
.long	0x08cfbc21,0x08cfbc21
.long	0xe6e815ef,0xe6e815ef
.long	0xd99be7ba,0xd99be7ba
.long	0xce366f4a,0xce366f4a
.long	0xd4099fea,0xd4099fea
.long	0xd67cb029,0xd67cb029
.long	0xafb2a431,0xafb2a431
.long	0x31233f2a,0x31233f2a
.long	0x3094a5c6,0x3094a5c6
.long	0xc066a235,0xc066a235
.long	0x37bc4e74,0x37bc4e74
.long	0xa6ca82fc,0xa6ca82fc
.long	0xb0d090e0,0xb0d090e0
.long	0x15d8a733,0x15d8a733
.long	0x4a9804f1,0x4a9804f1
.long	0xf7daec41,0xf7daec41
.long	0x0e50cd7f,0x0e50cd7f
.long	0x2ff69117,0x2ff69117
.long	0x8dd64d76,0x8dd64d76
.long	0x4db0ef43,0x4db0ef43
.long	0x544daacc,0x544daacc
.long	0xdf0496e4,0xdf0496e4
.long	0xe3b5d19e,0xe3b5d19e
.long	0x1b886a4c,0x1b886a4c
.long	0xb81f2cc1,0xb81f2cc1
.long	0x7f516546,0x7f516546
.long	0x04ea5e9d,0x04ea5e9d
.long	0x5d358c01,0x5d358c01
.long	0x737487fa,0x737487fa
.long	0x2e410bfb,0x2e410bfb
.long	0x5a1d67b3,0x5a1d67b3
.long	0x52d2db92,0x52d2db92
.long	0x335610e9,0x335610e9
.long	0x1347d66d,0x1347d66d
.long	0x8c61d79a,0x8c61d79a
.long	0x7a0ca137,0x7a0ca137
.long	0x8e14f859,0x8e14f859
.long	0x893c13eb,0x893c13eb
.long	0xee27a9ce,0xee27a9ce
.long	0x35c961b7,0x35c961b7
.long	0xede51ce1,0xede51ce1
.long	0x3cb1477a,0x3cb1477a
.long	0x59dfd29c,0x59dfd29c
.long	0x3f73f255,0x3f73f255
.long	0x79ce1418,0x79ce1418
.long	0xbf37c773,0xbf37c773
.long	0xeacdf753,0xeacdf753
.long	0x5baafd5f,0x5baafd5f
.long	0x146f3ddf,0x146f3ddf
.long	0x86db4478,0x86db4478
.long	0x81f3afca,0x81f3afca
.long	0x3ec468b9,0x3ec468b9
.long	0x2c342438,0x2c342438
.long	0x5f40a3c2,0x5f40a3c2
.long	0x72c31d16,0x72c31d16
.long	0x0c25e2bc,0x0c25e2bc
.long	0x8b493c28,0x8b493c28
.long	0x41950dff,0x41950dff
.long	0x7101a839,0x7101a839
.long	0xdeb30c08,0xdeb30c08
.long	0x9ce4b4d8,0x9ce4b4d8
.long	0x90c15664,0x90c15664
.long	0x6184cb7b,0x6184cb7b
.long	0x70b632d5,0x70b632d5
.long	0x745c6c48,0x745c6c48
.long	0x4257b8d0,0x4257b8d0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/aes/aes-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
.text	
.type	_x86_64_AES_encrypt,@function
.align	16
_x86_64_AES_encrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	.Lenc_loop
.align	16
.Lenc_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	shrl	$16,%ecx
	movzbl	%ah,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movl	12(%r15),%edx
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movl	0(%r15),%eax
	xorl	1(%r14,%rdi,8),%r12d
	xorl	1(%r14,%rbp,8),%r8d

	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	.Lenc_loop
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	2(%r14,%rsi,8),%r10d
	movzbl	2(%r14,%rdi,8),%r11d
	movzbl	2(%r14,%rbp,8),%r12d

	movzbl	%dl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	2(%r14,%rsi,8),%r8d
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$65280,%edi
	andl	$65280,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%ecx

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	shrl	$16,%edx
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi

	andl	$65280,%esi
	andl	$65280,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$16711680,%edi
	andl	$16711680,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	2(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$4278190080,%edi
	andl	$4278190080,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movl	16+12(%r15),%edx
	movl	2(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	16+0(%r15),%eax

	andl	$4278190080,%esi
	andl	$4278190080,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
.type	_x86_64_AES_encrypt_compact,@function
.align	16
_x86_64_AES_encrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	.Lenc_loop_compact
.align	16
.Lenc_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%dh,%ebp
	movzbl	%ah,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%dh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ah,%edi
	shrl	$8,%ecx
	shrl	$8,%ebx
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rcx,1),%edx
	movzbl	(%r14,%rbx,1),%ecx
	shll	$16,%r9d
	shll	$16,%r13d
	shll	$16,%ebp
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%edi
	shll	$24,%edx
	xorl	%esi,%r10d
	shll	$24,%ecx
	xorl	%edi,%r11d
	movl	%r10d,%eax
	movl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	.Lenc_compact_done
	movl	%eax,%esi
	movl	%ebx,%edi
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	movl	%esi,%r10d
	movl	%edi,%r11d
	shrl	$7,%r10d
	leal	(%rax,%rax,1),%r8d
	shrl	$7,%r11d
	leal	(%rbx,%rbx,1),%r9d
	subl	%r10d,%esi
	subl	%r11d,%edi
	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%eax,%r10d
	movl	%ebx,%r11d
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%ecx,%esi
	movl	%edx,%edi
	roll	$24,%eax
	roll	$24,%ebx
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%esi,%r12d
	movl	%edi,%ebp
	rorl	$16,%r10d
	rorl	$16,%r11d
	shrl	$7,%r12d
	leal	(%rcx,%rcx,1),%r8d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	shrl	$7,%ebp
	leal	(%rdx,%rdx,1),%r9d
	rorl	$8,%r10d
	rorl	$8,%r11d
	subl	%r12d,%esi
	subl	%ebp,%edi
	xorl	%r10d,%eax
	xorl	%r11d,%ebx

	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%ecx,%r12d
	movl	%edx,%ebp
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	roll	$24,%ecx
	roll	$24,%edx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	movl	0(%r14),%esi
	rorl	$16,%r12d
	rorl	$16,%ebp
	movl	64(%r14),%edi
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	movl	128(%r14),%r8d
	rorl	$8,%r12d
	rorl	$8,%ebp
	movl	192(%r14),%r9d
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	jmp	.Lenc_loop_compact
.align	16
.Lenc_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
.globl	AES_encrypt
.type	AES_encrypt,@function
.align	16
.globl	asm_AES_encrypt
.hidden	asm_AES_encrypt
asm_AES_encrypt:
AES_encrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
.Lenc_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	.LAES_Te+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14

	call	_x86_64_AES_encrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lenc_epilogue:
	.byte	0xf3,0xc3
.size	AES_encrypt,.-AES_encrypt
.type	_x86_64_AES_decrypt,@function
.align	16
_x86_64_AES_decrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	.Ldec_loop
.align	16
.Ldec_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%bh,%esi
	shrl	$16,%eax
	movzbl	%ch,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	movl	12(%r15),%edx
	movzbl	%ah,%ebp
	xorl	1(%r14,%rsi,8),%r12d
	movl	0(%r15),%eax
	xorl	1(%r14,%rbp,8),%r8d

	xorl	%r10d,%eax
	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r12d,%ecx
	xorl	%r11d,%ebx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	.Ldec_loop
	leaq	2048(%r14),%r14
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	(%r14,%rsi,1),%r10d
	movzbl	(%r14,%rdi,1),%r11d
	movzbl	(%r14,%rbp,1),%r12d

	movzbl	%dl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movzbl	(%r14,%rsi,1),%r8d
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$8,%edi
	shll	$8,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%edx

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	shrl	$16,%eax
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi

	shll	$8,%esi
	shll	$8,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$16,%edi
	shll	$16,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$24,%edi
	shll	$24,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movl	16+12(%r15),%edx
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movl	16+0(%r15),%eax

	shll	$24,%esi
	shll	$24,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	leaq	-2048(%r14),%r14
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
.type	_x86_64_AES_decrypt_compact,@function
.align	16
_x86_64_AES_decrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	.Ldec_loop_compact

.align	16
.Ldec_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%bh,%ebp
	movzbl	%ch,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%bh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ch,%edi
	shll	$16,%r9d
	shll	$16,%r13d
	movzbl	(%r14,%rdi,1),%ebx
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d

	movzbl	%dh,%edi
	shrl	$8,%eax
	shll	$16,%ebp
	movzbl	(%r14,%rdi,1),%ecx
	movzbl	(%r14,%rax,1),%edx
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%ebx
	shll	$24,%ecx
	xorl	%esi,%r10d
	shll	$24,%edx
	xorl	%r11d,%ebx
	movl	%r10d,%eax
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	.Ldec_compact_done

	movq	256+0(%r14),%rsi
	shlq	$32,%rbx
	shlq	$32,%rdx
	movq	256+8(%r14),%rdi
	orq	%rbx,%rax
	orq	%rdx,%rcx
	movq	256+16(%r14),%rbp
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	0(%r14),%rsi
	shrq	$32,%r8
	shrq	$32,%r11
	movq	64(%r14),%rdi
	roll	$16,%r9d
	roll	$16,%r12d
	movq	128(%r14),%rbp
	roll	$16,%r8d
	roll	$16,%r11d
	movq	192(%r14),%r10
	xorl	%r9d,%eax
	xorl	%r12d,%ecx
	movq	256(%r14),%r13
	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	jmp	.Ldec_loop_compact
.align	16
.Ldec_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			
.size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
.globl	AES_decrypt
.type	AES_decrypt,@function
.align	16
.globl	asm_AES_decrypt
.hidden	asm_AES_decrypt
asm_AES_decrypt:
AES_decrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
.Ldec_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	.LAES_Td+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14
	shrq	$3,%rbp
	addq	%rbp,%r14

	call	_x86_64_AES_decrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Ldec_epilogue:
	.byte	0xf3,0xc3
.size	AES_decrypt,.-AES_decrypt
.globl	AES_set_encrypt_key
.type	AES_set_encrypt_key,@function
.align	16
AES_set_encrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$8,%rsp
.Lenc_key_prologue:

	call	_x86_64_AES_set_encrypt_key

	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
.Lenc_key_epilogue:
	.byte	0xf3,0xc3
.size	AES_set_encrypt_key,.-AES_set_encrypt_key

.type	_x86_64_AES_set_encrypt_key,@function
.align	16
_x86_64_AES_set_encrypt_key:
	movl	%esi,%ecx
	movq	%rdi,%rsi
	movq	%rdx,%rdi

	testq	$-1,%rsi
	jz	.Lbadpointer
	testq	$-1,%rdi
	jz	.Lbadpointer

	leaq	.LAES_Te(%rip),%rbp
	leaq	2048+128(%rbp),%rbp


	movl	0-128(%rbp),%eax
	movl	32-128(%rbp),%ebx
	movl	64-128(%rbp),%r8d
	movl	96-128(%rbp),%edx
	movl	128-128(%rbp),%eax
	movl	160-128(%rbp),%ebx
	movl	192-128(%rbp),%r8d
	movl	224-128(%rbp),%edx

	cmpl	$128,%ecx
	je	.L10rounds
	cmpl	$192,%ecx
	je	.L12rounds
	cmpl	$256,%ecx
	je	.L14rounds
	movq	$-2,%rax
	jmp	.Lexit

.L10rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rdx,8(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	.L10shortcut
.align	4
.L10loop:
	movl	0(%rdi),%eax
	movl	12(%rdi),%edx
.L10shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,16(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,20(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,24(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,28(%rdi)
	addl	$1,%ecx
	leaq	16(%rdi),%rdi
	cmpl	$10,%ecx
	jl	.L10loop

	movl	$10,80(%rdi)
	xorq	%rax,%rax
	jmp	.Lexit

.L12rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rdx,16(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	.L12shortcut
.align	4
.L12loop:
	movl	0(%rdi),%eax
	movl	20(%rdi),%edx
.L12shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,24(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,28(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,32(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,36(%rdi)

	cmpl	$7,%ecx
	je	.L12break
	addl	$1,%ecx

	xorl	16(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,44(%rdi)

	leaq	24(%rdi),%rdi
	jmp	.L12loop
.L12break:
	movl	$12,72(%rdi)
	xorq	%rax,%rax
	jmp	.Lexit

.L14rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rcx
	movq	24(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,16(%rdi)
	movq	%rdx,24(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	.L14shortcut
.align	4
.L14loop:
	movl	0(%rdi),%eax
	movl	28(%rdi),%edx
.L14shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,32(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,36(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,44(%rdi)

	cmpl	$6,%ecx
	je	.L14break
	addl	$1,%ecx

	movl	%eax,%edx
	movl	16(%rdi),%eax
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	shll	$8,%ebx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$16,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$24,%ebx
	xorl	%ebx,%eax

	movl	%eax,48(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,52(%rdi)
	xorl	24(%rdi),%eax
	movl	%eax,56(%rdi)
	xorl	28(%rdi),%eax
	movl	%eax,60(%rdi)

	leaq	32(%rdi),%rdi
	jmp	.L14loop
.L14break:
	movl	$14,48(%rdi)
	xorq	%rax,%rax
	jmp	.Lexit

.Lbadpointer:
	movq	$-1,%rax
.Lexit:
.byte	0xf3,0xc3			
.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
.globl	AES_set_decrypt_key
.type	AES_set_decrypt_key,@function
.align	16
AES_set_decrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	pushq	%rdx
.Ldec_key_prologue:

	call	_x86_64_AES_set_encrypt_key
	movq	(%rsp),%r8
	cmpl	$0,%eax
	jne	.Labort

	movl	240(%r8),%r14d
	xorq	%rdi,%rdi
	leaq	(%rdi,%r14,4),%rcx
	movq	%r8,%rsi
	leaq	(%r8,%rcx,4),%rdi
.align	4
.Linvert:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	0(%rdi),%rcx
	movq	8(%rdi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,0(%rsi)
	movq	%rdx,8(%rsi)
	leaq	16(%rsi),%rsi
	leaq	-16(%rdi),%rdi
	cmpq	%rsi,%rdi
	jne	.Linvert

	leaq	.LAES_Te+2048+1024(%rip),%rax

	movq	40(%rax),%rsi
	movq	48(%rax),%rdi
	movq	56(%rax),%rbp

	movq	%r8,%r15
	subl	$1,%r14d
.align	4
.Lpermute:
	leaq	16(%r15),%r15
	movq	0(%r15),%rax
	movq	8(%r15),%rcx
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx


	shrq	$32,%r8
	shrq	$32,%r11

	roll	$16,%r9d
	roll	$16,%r12d

	roll	$16,%r8d
	roll	$16,%r11d

	xorl	%r9d,%eax
	xorl	%r12d,%ecx

	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	movl	%eax,0(%r15)
	movl	%ebx,4(%r15)
	movl	%ecx,8(%r15)
	movl	%edx,12(%r15)
	subl	$1,%r14d
	jnz	.Lpermute

	xorq	%rax,%rax
.Labort:
	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
.Ldec_key_epilogue:
	.byte	0xf3,0xc3
.size	AES_set_decrypt_key,.-AES_set_decrypt_key
.globl	AES_cbc_encrypt
.type	AES_cbc_encrypt,@function
.align	16

.globl	asm_AES_cbc_encrypt
.hidden	asm_AES_cbc_encrypt
asm_AES_cbc_encrypt:
AES_cbc_encrypt:
	cmpq	$0,%rdx
	je	.Lcbc_epilogue
	pushfq
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lcbc_prologue:

	cld
	movl	%r9d,%r9d

	leaq	.LAES_Te(%rip),%r14
	cmpq	$0,%r9
	jne	.Lcbc_picked_te
	leaq	.LAES_Td(%rip),%r14
.Lcbc_picked_te:

	movl	OPENSSL_ia32cap_P(%rip),%r10d
	cmpq	$512,%rdx
	jb	.Lcbc_slow_prologue
	testq	$15,%rdx
	jnz	.Lcbc_slow_prologue
	btl	$28,%r10d
	jc	.Lcbc_slow_prologue


	leaq	-88-248(%rsp),%r15
	andq	$-64,%r15


	movq	%r14,%r10
	leaq	2304(%r14),%r11
	movq	%r15,%r12
	andq	$4095,%r10
	andq	$4095,%r11
	andq	$4095,%r12

	cmpq	%r11,%r12
	jb	.Lcbc_te_break_out
	subq	%r11,%r12
	subq	%r12,%r15
	jmp	.Lcbc_te_ok
.Lcbc_te_break_out:
	subq	%r10,%r12
	andq	$4095,%r12
	addq	$320,%r12
	subq	%r12,%r15
.align	4
.Lcbc_te_ok:

	xchgq	%rsp,%r15

	movq	%r15,16(%rsp)
.Lcbc_fast_body:
	movq	%rdi,24(%rsp)
	movq	%rsi,32(%rsp)
	movq	%rdx,40(%rsp)
	movq	%rcx,48(%rsp)
	movq	%r8,56(%rsp)
	movl	$0,80+240(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15

	movl	240(%r15),%eax

	movq	%r15,%r10
	subq	%r14,%r10
	andq	$4095,%r10
	cmpq	$2304,%r10
	jb	.Lcbc_do_ecopy
	cmpq	$4096-248,%r10
	jb	.Lcbc_skip_ecopy
.align	4
.Lcbc_do_ecopy:
	movq	%r15,%rsi
	leaq	80(%rsp),%rdi
	leaq	80(%rsp),%r15
	movl	$30,%ecx
.long	0x90A548F3	
	movl	%eax,(%rdi)
.Lcbc_skip_ecopy:
	movq	%r15,0(%rsp)

	movl	$18,%ecx
.align	4
.Lcbc_prefetch_te:
	movq	0(%r14),%r10
	movq	32(%r14),%r11
	movq	64(%r14),%r12
	movq	96(%r14),%r13
	leaq	128(%r14),%r14
	subl	$1,%ecx
	jnz	.Lcbc_prefetch_te
	leaq	-2304(%r14),%r14

	cmpq	$0,%rbx
	je	.LFAST_DECRYPT


	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx

.align	4
.Lcbc_fast_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_encrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	movq	%r10,40(%rsp)
	jnz	.Lcbc_fast_enc_loop
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	.Lcbc_fast_cleanup


.align	16
.LFAST_DECRYPT:
	cmpq	%r8,%r9
	je	.Lcbc_fast_dec_in_place

	movq	%rbp,64(%rsp)
.align	4
.Lcbc_fast_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	64(%rsp),%rbp
	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0(%rbp),%eax
	xorl	4(%rbp),%ebx
	xorl	8(%rbp),%ecx
	xorl	12(%rbp),%edx
	movq	%r8,%rbp

	subq	$16,%r10
	movq	%r10,40(%rsp)
	movq	%rbp,64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jnz	.Lcbc_fast_dec_loop
	movq	56(%rsp),%r12
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0(%r12)
	movq	%r11,8(%r12)
	jmp	.Lcbc_fast_cleanup

.align	16
.Lcbc_fast_dec_in_place:
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0+64(%rsp)
	movq	%r11,8+64(%rsp)
.align	4
.Lcbc_fast_dec_in_place_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jz	.Lcbc_fast_dec_in_place_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	movq	%r10,40(%rsp)
	jmp	.Lcbc_fast_dec_in_place_loop
.Lcbc_fast_dec_in_place_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

.align	4
.Lcbc_fast_cleanup:
	cmpl	$0,80+240(%rsp)
	leaq	80(%rsp),%rdi
	je	.Lcbc_exit
	movl	$30,%ecx
	xorq	%rax,%rax
.long	0x90AB48F3	

	jmp	.Lcbc_exit


.align	16
.Lcbc_slow_prologue:

	leaq	-88(%rsp),%rbp
	andq	$-64,%rbp

	leaq	-88-63(%rcx),%r10
	subq	%rbp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rbp

	xchgq	%rsp,%rbp

	movq	%rbp,16(%rsp)
.Lcbc_slow_body:




	movq	%r8,56(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15
	movq	%rdx,%r10

	movl	240(%r15),%eax
	movq	%r15,0(%rsp)
	shll	$4,%eax
	leaq	(%r15,%rax,1),%rax
	movq	%rax,8(%rsp)


	leaq	2048(%r14),%r14
	leaq	768-8(%rsp),%rax
	subq	%r14,%rax
	andq	$768,%rax
	leaq	(%r14,%rax,1),%r14

	cmpq	$0,%rbx
	je	.LSLOW_DECRYPT


	testq	$-16,%r10
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx
	jz	.Lcbc_slow_enc_tail	

.align	4
.Lcbc_slow_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_encrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	jnz	.Lcbc_slow_enc_loop
	testq	$15,%r10
	jnz	.Lcbc_slow_enc_tail
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	.Lcbc_exit

.align	4
.Lcbc_slow_enc_tail:
	movq	%rax,%r11
	movq	%rcx,%r12
	movq	%r10,%rcx
	movq	%r8,%rsi
	movq	%r9,%rdi
.long	0x9066A4F3		
	movq	$16,%rcx
	subq	%r10,%rcx
	xorq	%rax,%rax
.long	0x9066AAF3		
	movq	%r9,%r8
	movq	$16,%r10
	movq	%r11,%rax
	movq	%r12,%rcx
	jmp	.Lcbc_slow_enc_loop	

.align	16
.LSLOW_DECRYPT:
	shrq	$3,%rax
	addq	%rax,%r14

	movq	0(%rbp),%r11
	movq	8(%rbp),%r12
	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

.align	4
.Lcbc_slow_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_decrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jc	.Lcbc_slow_dec_partial
	jz	.Lcbc_slow_dec_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jmp	.Lcbc_slow_dec_loop
.Lcbc_slow_dec_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	jmp	.Lcbc_exit

.align	4
.Lcbc_slow_dec_partial:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0+64(%rsp)
	movl	%ebx,4+64(%rsp)
	movl	%ecx,8+64(%rsp)
	movl	%edx,12+64(%rsp)

	movq	%r9,%rdi
	leaq	64(%rsp),%rsi
	leaq	16(%r10),%rcx
.long	0x9066A4F3	
	jmp	.Lcbc_exit

.align	16
.Lcbc_exit:
	movq	16(%rsp),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lcbc_popfq:
	popfq
.Lcbc_epilogue:
	.byte	0xf3,0xc3
.size	AES_cbc_encrypt,.-AES_cbc_encrypt
.align	64
.LAES_Te:
.long	0xa56363c6,0xa56363c6
.long	0x847c7cf8,0x847c7cf8
.long	0x997777ee,0x997777ee
.long	0x8d7b7bf6,0x8d7b7bf6
.long	0x0df2f2ff,0x0df2f2ff
.long	0xbd6b6bd6,0xbd6b6bd6
.long	0xb16f6fde,0xb16f6fde
.long	0x54c5c591,0x54c5c591
.long	0x50303060,0x50303060
.long	0x03010102,0x03010102
.long	0xa96767ce,0xa96767ce
.long	0x7d2b2b56,0x7d2b2b56
.long	0x19fefee7,0x19fefee7
.long	0x62d7d7b5,0x62d7d7b5
.long	0xe6abab4d,0xe6abab4d
.long	0x9a7676ec,0x9a7676ec
.long	0x45caca8f,0x45caca8f
.long	0x9d82821f,0x9d82821f
.long	0x40c9c989,0x40c9c989
.long	0x877d7dfa,0x877d7dfa
.long	0x15fafaef,0x15fafaef
.long	0xeb5959b2,0xeb5959b2
.long	0xc947478e,0xc947478e
.long	0x0bf0f0fb,0x0bf0f0fb
.long	0xecadad41,0xecadad41
.long	0x67d4d4b3,0x67d4d4b3
.long	0xfda2a25f,0xfda2a25f
.long	0xeaafaf45,0xeaafaf45
.long	0xbf9c9c23,0xbf9c9c23
.long	0xf7a4a453,0xf7a4a453
.long	0x967272e4,0x967272e4
.long	0x5bc0c09b,0x5bc0c09b
.long	0xc2b7b775,0xc2b7b775
.long	0x1cfdfde1,0x1cfdfde1
.long	0xae93933d,0xae93933d
.long	0x6a26264c,0x6a26264c
.long	0x5a36366c,0x5a36366c
.long	0x413f3f7e,0x413f3f7e
.long	0x02f7f7f5,0x02f7f7f5
.long	0x4fcccc83,0x4fcccc83
.long	0x5c343468,0x5c343468
.long	0xf4a5a551,0xf4a5a551
.long	0x34e5e5d1,0x34e5e5d1
.long	0x08f1f1f9,0x08f1f1f9
.long	0x937171e2,0x937171e2
.long	0x73d8d8ab,0x73d8d8ab
.long	0x53313162,0x53313162
.long	0x3f15152a,0x3f15152a
.long	0x0c040408,0x0c040408
.long	0x52c7c795,0x52c7c795
.long	0x65232346,0x65232346
.long	0x5ec3c39d,0x5ec3c39d
.long	0x28181830,0x28181830
.long	0xa1969637,0xa1969637
.long	0x0f05050a,0x0f05050a
.long	0xb59a9a2f,0xb59a9a2f
.long	0x0907070e,0x0907070e
.long	0x36121224,0x36121224
.long	0x9b80801b,0x9b80801b
.long	0x3de2e2df,0x3de2e2df
.long	0x26ebebcd,0x26ebebcd
.long	0x6927274e,0x6927274e
.long	0xcdb2b27f,0xcdb2b27f
.long	0x9f7575ea,0x9f7575ea
.long	0x1b090912,0x1b090912
.long	0x9e83831d,0x9e83831d
.long	0x742c2c58,0x742c2c58
.long	0x2e1a1a34,0x2e1a1a34
.long	0x2d1b1b36,0x2d1b1b36
.long	0xb26e6edc,0xb26e6edc
.long	0xee5a5ab4,0xee5a5ab4
.long	0xfba0a05b,0xfba0a05b
.long	0xf65252a4,0xf65252a4
.long	0x4d3b3b76,0x4d3b3b76
.long	0x61d6d6b7,0x61d6d6b7
.long	0xceb3b37d,0xceb3b37d
.long	0x7b292952,0x7b292952
.long	0x3ee3e3dd,0x3ee3e3dd
.long	0x712f2f5e,0x712f2f5e
.long	0x97848413,0x97848413
.long	0xf55353a6,0xf55353a6
.long	0x68d1d1b9,0x68d1d1b9
.long	0x00000000,0x00000000
.long	0x2cededc1,0x2cededc1
.long	0x60202040,0x60202040
.long	0x1ffcfce3,0x1ffcfce3
.long	0xc8b1b179,0xc8b1b179
.long	0xed5b5bb6,0xed5b5bb6
.long	0xbe6a6ad4,0xbe6a6ad4
.long	0x46cbcb8d,0x46cbcb8d
.long	0xd9bebe67,0xd9bebe67
.long	0x4b393972,0x4b393972
.long	0xde4a4a94,0xde4a4a94
.long	0xd44c4c98,0xd44c4c98
.long	0xe85858b0,0xe85858b0
.long	0x4acfcf85,0x4acfcf85
.long	0x6bd0d0bb,0x6bd0d0bb
.long	0x2aefefc5,0x2aefefc5
.long	0xe5aaaa4f,0xe5aaaa4f
.long	0x16fbfbed,0x16fbfbed
.long	0xc5434386,0xc5434386
.long	0xd74d4d9a,0xd74d4d9a
.long	0x55333366,0x55333366
.long	0x94858511,0x94858511
.long	0xcf45458a,0xcf45458a
.long	0x10f9f9e9,0x10f9f9e9
.long	0x06020204,0x06020204
.long	0x817f7ffe,0x817f7ffe
.long	0xf05050a0,0xf05050a0
.long	0x443c3c78,0x443c3c78
.long	0xba9f9f25,0xba9f9f25
.long	0xe3a8a84b,0xe3a8a84b
.long	0xf35151a2,0xf35151a2
.long	0xfea3a35d,0xfea3a35d
.long	0xc0404080,0xc0404080
.long	0x8a8f8f05,0x8a8f8f05
.long	0xad92923f,0xad92923f
.long	0xbc9d9d21,0xbc9d9d21
.long	0x48383870,0x48383870
.long	0x04f5f5f1,0x04f5f5f1
.long	0xdfbcbc63,0xdfbcbc63
.long	0xc1b6b677,0xc1b6b677
.long	0x75dadaaf,0x75dadaaf
.long	0x63212142,0x63212142
.long	0x30101020,0x30101020
.long	0x1affffe5,0x1affffe5
.long	0x0ef3f3fd,0x0ef3f3fd
.long	0x6dd2d2bf,0x6dd2d2bf
.long	0x4ccdcd81,0x4ccdcd81
.long	0x140c0c18,0x140c0c18
.long	0x35131326,0x35131326
.long	0x2fececc3,0x2fececc3
.long	0xe15f5fbe,0xe15f5fbe
.long	0xa2979735,0xa2979735
.long	0xcc444488,0xcc444488
.long	0x3917172e,0x3917172e
.long	0x57c4c493,0x57c4c493
.long	0xf2a7a755,0xf2a7a755
.long	0x827e7efc,0x827e7efc
.long	0x473d3d7a,0x473d3d7a
.long	0xac6464c8,0xac6464c8
.long	0xe75d5dba,0xe75d5dba
.long	0x2b191932,0x2b191932
.long	0x957373e6,0x957373e6
.long	0xa06060c0,0xa06060c0
.long	0x98818119,0x98818119
.long	0xd14f4f9e,0xd14f4f9e
.long	0x7fdcdca3,0x7fdcdca3
.long	0x66222244,0x66222244
.long	0x7e2a2a54,0x7e2a2a54
.long	0xab90903b,0xab90903b
.long	0x8388880b,0x8388880b
.long	0xca46468c,0xca46468c
.long	0x29eeeec7,0x29eeeec7
.long	0xd3b8b86b,0xd3b8b86b
.long	0x3c141428,0x3c141428
.long	0x79dedea7,0x79dedea7
.long	0xe25e5ebc,0xe25e5ebc
.long	0x1d0b0b16,0x1d0b0b16
.long	0x76dbdbad,0x76dbdbad
.long	0x3be0e0db,0x3be0e0db
.long	0x56323264,0x56323264
.long	0x4e3a3a74,0x4e3a3a74
.long	0x1e0a0a14,0x1e0a0a14
.long	0xdb494992,0xdb494992
.long	0x0a06060c,0x0a06060c
.long	0x6c242448,0x6c242448
.long	0xe45c5cb8,0xe45c5cb8
.long	0x5dc2c29f,0x5dc2c29f
.long	0x6ed3d3bd,0x6ed3d3bd
.long	0xefacac43,0xefacac43
.long	0xa66262c4,0xa66262c4
.long	0xa8919139,0xa8919139
.long	0xa4959531,0xa4959531
.long	0x37e4e4d3,0x37e4e4d3
.long	0x8b7979f2,0x8b7979f2
.long	0x32e7e7d5,0x32e7e7d5
.long	0x43c8c88b,0x43c8c88b
.long	0x5937376e,0x5937376e
.long	0xb76d6dda,0xb76d6dda
.long	0x8c8d8d01,0x8c8d8d01
.long	0x64d5d5b1,0x64d5d5b1
.long	0xd24e4e9c,0xd24e4e9c
.long	0xe0a9a949,0xe0a9a949
.long	0xb46c6cd8,0xb46c6cd8
.long	0xfa5656ac,0xfa5656ac
.long	0x07f4f4f3,0x07f4f4f3
.long	0x25eaeacf,0x25eaeacf
.long	0xaf6565ca,0xaf6565ca
.long	0x8e7a7af4,0x8e7a7af4
.long	0xe9aeae47,0xe9aeae47
.long	0x18080810,0x18080810
.long	0xd5baba6f,0xd5baba6f
.long	0x887878f0,0x887878f0
.long	0x6f25254a,0x6f25254a
.long	0x722e2e5c,0x722e2e5c
.long	0x241c1c38,0x241c1c38
.long	0xf1a6a657,0xf1a6a657
.long	0xc7b4b473,0xc7b4b473
.long	0x51c6c697,0x51c6c697
.long	0x23e8e8cb,0x23e8e8cb
.long	0x7cdddda1,0x7cdddda1
.long	0x9c7474e8,0x9c7474e8
.long	0x211f1f3e,0x211f1f3e
.long	0xdd4b4b96,0xdd4b4b96
.long	0xdcbdbd61,0xdcbdbd61
.long	0x868b8b0d,0x868b8b0d
.long	0x858a8a0f,0x858a8a0f
.long	0x907070e0,0x907070e0
.long	0x423e3e7c,0x423e3e7c
.long	0xc4b5b571,0xc4b5b571
.long	0xaa6666cc,0xaa6666cc
.long	0xd8484890,0xd8484890
.long	0x05030306,0x05030306
.long	0x01f6f6f7,0x01f6f6f7
.long	0x120e0e1c,0x120e0e1c
.long	0xa36161c2,0xa36161c2
.long	0x5f35356a,0x5f35356a
.long	0xf95757ae,0xf95757ae
.long	0xd0b9b969,0xd0b9b969
.long	0x91868617,0x91868617
.long	0x58c1c199,0x58c1c199
.long	0x271d1d3a,0x271d1d3a
.long	0xb99e9e27,0xb99e9e27
.long	0x38e1e1d9,0x38e1e1d9
.long	0x13f8f8eb,0x13f8f8eb
.long	0xb398982b,0xb398982b
.long	0x33111122,0x33111122
.long	0xbb6969d2,0xbb6969d2
.long	0x70d9d9a9,0x70d9d9a9
.long	0x898e8e07,0x898e8e07
.long	0xa7949433,0xa7949433
.long	0xb69b9b2d,0xb69b9b2d
.long	0x221e1e3c,0x221e1e3c
.long	0x92878715,0x92878715
.long	0x20e9e9c9,0x20e9e9c9
.long	0x49cece87,0x49cece87
.long	0xff5555aa,0xff5555aa
.long	0x78282850,0x78282850
.long	0x7adfdfa5,0x7adfdfa5
.long	0x8f8c8c03,0x8f8c8c03
.long	0xf8a1a159,0xf8a1a159
.long	0x80898909,0x80898909
.long	0x170d0d1a,0x170d0d1a
.long	0xdabfbf65,0xdabfbf65
.long	0x31e6e6d7,0x31e6e6d7
.long	0xc6424284,0xc6424284
.long	0xb86868d0,0xb86868d0
.long	0xc3414182,0xc3414182
.long	0xb0999929,0xb0999929
.long	0x772d2d5a,0x772d2d5a
.long	0x110f0f1e,0x110f0f1e
.long	0xcbb0b07b,0xcbb0b07b
.long	0xfc5454a8,0xfc5454a8
.long	0xd6bbbb6d,0xd6bbbb6d
.long	0x3a16162c,0x3a16162c
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
.align	64
.LAES_Td:
.long	0x50a7f451,0x50a7f451
.long	0x5365417e,0x5365417e
.long	0xc3a4171a,0xc3a4171a
.long	0x965e273a,0x965e273a
.long	0xcb6bab3b,0xcb6bab3b
.long	0xf1459d1f,0xf1459d1f
.long	0xab58faac,0xab58faac
.long	0x9303e34b,0x9303e34b
.long	0x55fa3020,0x55fa3020
.long	0xf66d76ad,0xf66d76ad
.long	0x9176cc88,0x9176cc88
.long	0x254c02f5,0x254c02f5
.long	0xfcd7e54f,0xfcd7e54f
.long	0xd7cb2ac5,0xd7cb2ac5
.long	0x80443526,0x80443526
.long	0x8fa362b5,0x8fa362b5
.long	0x495ab1de,0x495ab1de
.long	0x671bba25,0x671bba25
.long	0x980eea45,0x980eea45
.long	0xe1c0fe5d,0xe1c0fe5d
.long	0x02752fc3,0x02752fc3
.long	0x12f04c81,0x12f04c81
.long	0xa397468d,0xa397468d
.long	0xc6f9d36b,0xc6f9d36b
.long	0xe75f8f03,0xe75f8f03
.long	0x959c9215,0x959c9215
.long	0xeb7a6dbf,0xeb7a6dbf
.long	0xda595295,0xda595295
.long	0x2d83bed4,0x2d83bed4
.long	0xd3217458,0xd3217458
.long	0x2969e049,0x2969e049
.long	0x44c8c98e,0x44c8c98e
.long	0x6a89c275,0x6a89c275
.long	0x78798ef4,0x78798ef4
.long	0x6b3e5899,0x6b3e5899
.long	0xdd71b927,0xdd71b927
.long	0xb64fe1be,0xb64fe1be
.long	0x17ad88f0,0x17ad88f0
.long	0x66ac20c9,0x66ac20c9
.long	0xb43ace7d,0xb43ace7d
.long	0x184adf63,0x184adf63
.long	0x82311ae5,0x82311ae5
.long	0x60335197,0x60335197
.long	0x457f5362,0x457f5362
.long	0xe07764b1,0xe07764b1
.long	0x84ae6bbb,0x84ae6bbb
.long	0x1ca081fe,0x1ca081fe
.long	0x942b08f9,0x942b08f9
.long	0x58684870,0x58684870
.long	0x19fd458f,0x19fd458f
.long	0x876cde94,0x876cde94
.long	0xb7f87b52,0xb7f87b52
.long	0x23d373ab,0x23d373ab
.long	0xe2024b72,0xe2024b72
.long	0x578f1fe3,0x578f1fe3
.long	0x2aab5566,0x2aab5566
.long	0x0728ebb2,0x0728ebb2
.long	0x03c2b52f,0x03c2b52f
.long	0x9a7bc586,0x9a7bc586
.long	0xa50837d3,0xa50837d3
.long	0xf2872830,0xf2872830
.long	0xb2a5bf23,0xb2a5bf23
.long	0xba6a0302,0xba6a0302
.long	0x5c8216ed,0x5c8216ed
.long	0x2b1ccf8a,0x2b1ccf8a
.long	0x92b479a7,0x92b479a7
.long	0xf0f207f3,0xf0f207f3
.long	0xa1e2694e,0xa1e2694e
.long	0xcdf4da65,0xcdf4da65
.long	0xd5be0506,0xd5be0506
.long	0x1f6234d1,0x1f6234d1
.long	0x8afea6c4,0x8afea6c4
.long	0x9d532e34,0x9d532e34
.long	0xa055f3a2,0xa055f3a2
.long	0x32e18a05,0x32e18a05
.long	0x75ebf6a4,0x75ebf6a4
.long	0x39ec830b,0x39ec830b
.long	0xaaef6040,0xaaef6040
.long	0x069f715e,0x069f715e
.long	0x51106ebd,0x51106ebd
.long	0xf98a213e,0xf98a213e
.long	0x3d06dd96,0x3d06dd96
.long	0xae053edd,0xae053edd
.long	0x46bde64d,0x46bde64d
.long	0xb58d5491,0xb58d5491
.long	0x055dc471,0x055dc471
.long	0x6fd40604,0x6fd40604
.long	0xff155060,0xff155060
.long	0x24fb9819,0x24fb9819
.long	0x97e9bdd6,0x97e9bdd6
.long	0xcc434089,0xcc434089
.long	0x779ed967,0x779ed967
.long	0xbd42e8b0,0xbd42e8b0
.long	0x888b8907,0x888b8907
.long	0x385b19e7,0x385b19e7
.long	0xdbeec879,0xdbeec879
.long	0x470a7ca1,0x470a7ca1
.long	0xe90f427c,0xe90f427c
.long	0xc91e84f8,0xc91e84f8
.long	0x00000000,0x00000000
.long	0x83868009,0x83868009
.long	0x48ed2b32,0x48ed2b32
.long	0xac70111e,0xac70111e
.long	0x4e725a6c,0x4e725a6c
.long	0xfbff0efd,0xfbff0efd
.long	0x5638850f,0x5638850f
.long	0x1ed5ae3d,0x1ed5ae3d
.long	0x27392d36,0x27392d36
.long	0x64d90f0a,0x64d90f0a
.long	0x21a65c68,0x21a65c68
.long	0xd1545b9b,0xd1545b9b
.long	0x3a2e3624,0x3a2e3624
.long	0xb1670a0c,0xb1670a0c
.long	0x0fe75793,0x0fe75793
.long	0xd296eeb4,0xd296eeb4
.long	0x9e919b1b,0x9e919b1b
.long	0x4fc5c080,0x4fc5c080
.long	0xa220dc61,0xa220dc61
.long	0x694b775a,0x694b775a
.long	0x161a121c,0x161a121c
.long	0x0aba93e2,0x0aba93e2
.long	0xe52aa0c0,0xe52aa0c0
.long	0x43e0223c,0x43e0223c
.long	0x1d171b12,0x1d171b12
.long	0x0b0d090e,0x0b0d090e
.long	0xadc78bf2,0xadc78bf2
.long	0xb9a8b62d,0xb9a8b62d
.long	0xc8a91e14,0xc8a91e14
.long	0x8519f157,0x8519f157
.long	0x4c0775af,0x4c0775af
.long	0xbbdd99ee,0xbbdd99ee
.long	0xfd607fa3,0xfd607fa3
.long	0x9f2601f7,0x9f2601f7
.long	0xbcf5725c,0xbcf5725c
.long	0xc53b6644,0xc53b6644
.long	0x347efb5b,0x347efb5b
.long	0x7629438b,0x7629438b
.long	0xdcc623cb,0xdcc623cb
.long	0x68fcedb6,0x68fcedb6
.long	0x63f1e4b8,0x63f1e4b8
.long	0xcadc31d7,0xcadc31d7
.long	0x10856342,0x10856342
.long	0x40229713,0x40229713
.long	0x2011c684,0x2011c684
.long	0x7d244a85,0x7d244a85
.long	0xf83dbbd2,0xf83dbbd2
.long	0x1132f9ae,0x1132f9ae
.long	0x6da129c7,0x6da129c7
.long	0x4b2f9e1d,0x4b2f9e1d
.long	0xf330b2dc,0xf330b2dc
.long	0xec52860d,0xec52860d
.long	0xd0e3c177,0xd0e3c177
.long	0x6c16b32b,0x6c16b32b
.long	0x99b970a9,0x99b970a9
.long	0xfa489411,0xfa489411
.long	0x2264e947,0x2264e947
.long	0xc48cfca8,0xc48cfca8
.long	0x1a3ff0a0,0x1a3ff0a0
.long	0xd82c7d56,0xd82c7d56
.long	0xef903322,0xef903322
.long	0xc74e4987,0xc74e4987
.long	0xc1d138d9,0xc1d138d9
.long	0xfea2ca8c,0xfea2ca8c
.long	0x360bd498,0x360bd498
.long	0xcf81f5a6,0xcf81f5a6
.long	0x28de7aa5,0x28de7aa5
.long	0x268eb7da,0x268eb7da
.long	0xa4bfad3f,0xa4bfad3f
.long	0xe49d3a2c,0xe49d3a2c
.long	0x0d927850,0x0d927850
.long	0x9bcc5f6a,0x9bcc5f6a
.long	0x62467e54,0x62467e54
.long	0xc2138df6,0xc2138df6
.long	0xe8b8d890,0xe8b8d890
.long	0x5ef7392e,0x5ef7392e
.long	0xf5afc382,0xf5afc382
.long	0xbe805d9f,0xbe805d9f
.long	0x7c93d069,0x7c93d069
.long	0xa92dd56f,0xa92dd56f
.long	0xb31225cf,0xb31225cf
.long	0x3b99acc8,0x3b99acc8
.long	0xa77d1810,0xa77d1810
.long	0x6e639ce8,0x6e639ce8
.long	0x7bbb3bdb,0x7bbb3bdb
.long	0x097826cd,0x097826cd
.long	0xf418596e,0xf418596e
.long	0x01b79aec,0x01b79aec
.long	0xa89a4f83,0xa89a4f83
.long	0x656e95e6,0x656e95e6
.long	0x7ee6ffaa,0x7ee6ffaa
.long	0x08cfbc21,0x08cfbc21
.long	0xe6e815ef,0xe6e815ef
.long	0xd99be7ba,0xd99be7ba
.long	0xce366f4a,0xce366f4a
.long	0xd4099fea,0xd4099fea
.long	0xd67cb029,0xd67cb029
.long	0xafb2a431,0xafb2a431
.long	0x31233f2a,0x31233f2a
.long	0x3094a5c6,0x3094a5c6
.long	0xc066a235,0xc066a235
.long	0x37bc4e74,0x37bc4e74
.long	0xa6ca82fc,0xa6ca82fc
.long	0xb0d090e0,0xb0d090e0
.long	0x15d8a733,0x15d8a733
.long	0x4a9804f1,0x4a9804f1
.long	0xf7daec41,0xf7daec41
.long	0x0e50cd7f,0x0e50cd7f
.long	0x2ff69117,0x2ff69117
.long	0x8dd64d76,0x8dd64d76
.long	0x4db0ef43,0x4db0ef43
.long	0x544daacc,0x544daacc
.long	0xdf0496e4,0xdf0496e4
.long	0xe3b5d19e,0xe3b5d19e
.long	0x1b886a4c,0x1b886a4c
.long	0xb81f2cc1,0xb81f2cc1
.long	0x7f516546,0x7f516546
.long	0x04ea5e9d,0x04ea5e9d
.long	0x5d358c01,0x5d358c01
.long	0x737487fa,0x737487fa
.long	0x2e410bfb,0x2e410bfb
.long	0x5a1d67b3,0x5a1d67b3
.long	0x52d2db92,0x52d2db92
.long	0x335610e9,0x335610e9
.long	0x1347d66d,0x1347d66d
.long	0x8c61d79a,0x8c61d79a
.long	0x7a0ca137,0x7a0ca137
.long	0x8e14f859,0x8e14f859
.long	0x893c13eb,0x893c13eb
.long	0xee27a9ce,0xee27a9ce
.long	0x35c961b7,0x35c961b7
.long	0xede51ce1,0xede51ce1
.long	0x3cb1477a,0x3cb1477a
.long	0x59dfd29c,0x59dfd29c
.long	0x3f73f255,0x3f73f255
.long	0x79ce1418,0x79ce1418
.long	0xbf37c773,0xbf37c773
.long	0xeacdf753,0xeacdf753
.long	0x5baafd5f,0x5baafd5f
.long	0x146f3ddf,0x146f3ddf
.long	0x86db4478,0x86db4478
.long	0x81f3afca,0x81f3afca
.long	0x3ec468b9,0x3ec468b9
.long	0x2c342438,0x2c342438
.long	0x5f40a3c2,0x5f40a3c2
.long	0x72c31d16,0x72c31d16
.long	0x0c25e2bc,0x0c25e2bc
.long	0x8b493c28,0x8b493c28
.long	0x41950dff,0x41950dff
.long	0x7101a839,0x7101a839
.long	0xdeb30c08,0xdeb30c08
.long	0x9ce4b4d8,0x9ce4b4d8
.long	0x90c15664,0x90c15664
.long	0x6184cb7b,0x6184cb7b
.long	0x70b632d5,0x70b632d5
.long	0x745c6c48,0x745c6c48
.long	0x4257b8d0,0x4257b8d0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/aes-macosx-x86_64.S.
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
#include "x86_arch.h"

.text	

.p2align	4
_x86_64_AES_encrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	L$enc_loop
.p2align	4
L$enc_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	shrl	$16,%ecx
	movzbl	%ah,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movl	12(%r15),%edx
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movl	0(%r15),%eax
	xorl	1(%r14,%rdi,8),%r12d
	xorl	1(%r14,%rbp,8),%r8d

	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	L$enc_loop
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	2(%r14,%rsi,8),%r10d
	movzbl	2(%r14,%rdi,8),%r11d
	movzbl	2(%r14,%rbp,8),%r12d

	movzbl	%dl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	2(%r14,%rsi,8),%r8d
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$65280,%edi
	andl	$65280,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%ecx

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	shrl	$16,%edx
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi

	andl	$65280,%esi
	andl	$65280,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$16711680,%edi
	andl	$16711680,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	2(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$4278190080,%edi
	andl	$4278190080,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movl	16+12(%r15),%edx
	movl	2(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	16+0(%r15),%eax

	andl	$4278190080,%esi
	andl	$4278190080,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			


.p2align	4
_x86_64_AES_encrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	L$enc_loop_compact
.p2align	4
L$enc_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%dh,%ebp
	movzbl	%ah,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%dh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ah,%edi
	shrl	$8,%ecx
	shrl	$8,%ebx
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rcx,1),%edx
	movzbl	(%r14,%rbx,1),%ecx
	shll	$16,%r9d
	shll	$16,%r13d
	shll	$16,%ebp
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%edi
	shll	$24,%edx
	xorl	%esi,%r10d
	shll	$24,%ecx
	xorl	%edi,%r11d
	movl	%r10d,%eax
	movl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	L$enc_compact_done
	movl	%eax,%esi
	movl	%ebx,%edi
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	movl	%esi,%r10d
	movl	%edi,%r11d
	shrl	$7,%r10d
	leal	(%rax,%rax,1),%r8d
	shrl	$7,%r11d
	leal	(%rbx,%rbx,1),%r9d
	subl	%r10d,%esi
	subl	%r11d,%edi
	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%eax,%r10d
	movl	%ebx,%r11d
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%ecx,%esi
	movl	%edx,%edi
	roll	$24,%eax
	roll	$24,%ebx
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%esi,%r12d
	movl	%edi,%ebp
	rorl	$16,%r10d
	rorl	$16,%r11d
	shrl	$7,%r12d
	leal	(%rcx,%rcx,1),%r8d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	shrl	$7,%ebp
	leal	(%rdx,%rdx,1),%r9d
	rorl	$8,%r10d
	rorl	$8,%r11d
	subl	%r12d,%esi
	subl	%ebp,%edi
	xorl	%r10d,%eax
	xorl	%r11d,%ebx

	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%ecx,%r12d
	movl	%edx,%ebp
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	roll	$24,%ecx
	roll	$24,%edx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	movl	0(%r14),%esi
	rorl	$16,%r12d
	rorl	$16,%ebp
	movl	64(%r14),%edi
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	movl	128(%r14),%r8d
	rorl	$8,%r12d
	rorl	$8,%ebp
	movl	192(%r14),%r9d
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	jmp	L$enc_loop_compact
.p2align	4
L$enc_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			

.globl	_AES_encrypt

.p2align	4
.globl	_asm_AES_encrypt
.private_extern	_asm_AES_encrypt
_asm_AES_encrypt:
_AES_encrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
L$enc_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	L$AES_Te+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14

	call	_x86_64_AES_encrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$enc_epilogue:
	.byte	0xf3,0xc3


.p2align	4
_x86_64_AES_decrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	L$dec_loop
.p2align	4
L$dec_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%bh,%esi
	shrl	$16,%eax
	movzbl	%ch,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	movl	12(%r15),%edx
	movzbl	%ah,%ebp
	xorl	1(%r14,%rsi,8),%r12d
	movl	0(%r15),%eax
	xorl	1(%r14,%rbp,8),%r8d

	xorl	%r10d,%eax
	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r12d,%ecx
	xorl	%r11d,%ebx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	L$dec_loop
	leaq	2048(%r14),%r14
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	(%r14,%rsi,1),%r10d
	movzbl	(%r14,%rdi,1),%r11d
	movzbl	(%r14,%rbp,1),%r12d

	movzbl	%dl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movzbl	(%r14,%rsi,1),%r8d
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$8,%edi
	shll	$8,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%edx

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	shrl	$16,%eax
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi

	shll	$8,%esi
	shll	$8,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$16,%edi
	shll	$16,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$24,%edi
	shll	$24,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movl	16+12(%r15),%edx
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movl	16+0(%r15),%eax

	shll	$24,%esi
	shll	$24,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	leaq	-2048(%r14),%r14
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			


.p2align	4
_x86_64_AES_decrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	L$dec_loop_compact

.p2align	4
L$dec_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%bh,%ebp
	movzbl	%ch,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%bh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ch,%edi
	shll	$16,%r9d
	shll	$16,%r13d
	movzbl	(%r14,%rdi,1),%ebx
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d

	movzbl	%dh,%edi
	shrl	$8,%eax
	shll	$16,%ebp
	movzbl	(%r14,%rdi,1),%ecx
	movzbl	(%r14,%rax,1),%edx
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%ebx
	shll	$24,%ecx
	xorl	%esi,%r10d
	shll	$24,%edx
	xorl	%r11d,%ebx
	movl	%r10d,%eax
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	L$dec_compact_done

	movq	256+0(%r14),%rsi
	shlq	$32,%rbx
	shlq	$32,%rdx
	movq	256+8(%r14),%rdi
	orq	%rbx,%rax
	orq	%rdx,%rcx
	movq	256+16(%r14),%rbp
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	0(%r14),%rsi
	shrq	$32,%r8
	shrq	$32,%r11
	movq	64(%r14),%rdi
	roll	$16,%r9d
	roll	$16,%r12d
	movq	128(%r14),%rbp
	roll	$16,%r8d
	roll	$16,%r11d
	movq	192(%r14),%r10
	xorl	%r9d,%eax
	xorl	%r12d,%ecx
	movq	256(%r14),%r13
	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	jmp	L$dec_loop_compact
.p2align	4
L$dec_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			

.globl	_AES_decrypt

.p2align	4
.globl	_asm_AES_decrypt
.private_extern	_asm_AES_decrypt
_asm_AES_decrypt:
_AES_decrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
L$dec_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	L$AES_Td+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14
	shrq	$3,%rbp
	addq	%rbp,%r14

	call	_x86_64_AES_decrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$dec_epilogue:
	.byte	0xf3,0xc3

.globl	_AES_set_encrypt_key

.p2align	4
_AES_set_encrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$8,%rsp
L$enc_key_prologue:

	call	_x86_64_AES_set_encrypt_key

	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
L$enc_key_epilogue:
	.byte	0xf3,0xc3



.p2align	4
_x86_64_AES_set_encrypt_key:
	movl	%esi,%ecx
	movq	%rdi,%rsi
	movq	%rdx,%rdi

	testq	$-1,%rsi
	jz	L$badpointer
	testq	$-1,%rdi
	jz	L$badpointer

	leaq	L$AES_Te(%rip),%rbp
	leaq	2048+128(%rbp),%rbp


	movl	0-128(%rbp),%eax
	movl	32-128(%rbp),%ebx
	movl	64-128(%rbp),%r8d
	movl	96-128(%rbp),%edx
	movl	128-128(%rbp),%eax
	movl	160-128(%rbp),%ebx
	movl	192-128(%rbp),%r8d
	movl	224-128(%rbp),%edx

	cmpl	$128,%ecx
	je	L$10rounds
	cmpl	$192,%ecx
	je	L$12rounds
	cmpl	$256,%ecx
	je	L$14rounds
	movq	$-2,%rax
	jmp	L$exit

L$10rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rdx,8(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	L$10shortcut
.p2align	2
L$10loop:
	movl	0(%rdi),%eax
	movl	12(%rdi),%edx
L$10shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,16(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,20(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,24(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,28(%rdi)
	addl	$1,%ecx
	leaq	16(%rdi),%rdi
	cmpl	$10,%ecx
	jl	L$10loop

	movl	$10,80(%rdi)
	xorq	%rax,%rax
	jmp	L$exit

L$12rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rdx,16(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	L$12shortcut
.p2align	2
L$12loop:
	movl	0(%rdi),%eax
	movl	20(%rdi),%edx
L$12shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,24(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,28(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,32(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,36(%rdi)

	cmpl	$7,%ecx
	je	L$12break
	addl	$1,%ecx

	xorl	16(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,44(%rdi)

	leaq	24(%rdi),%rdi
	jmp	L$12loop
L$12break:
	movl	$12,72(%rdi)
	xorq	%rax,%rax
	jmp	L$exit

L$14rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rcx
	movq	24(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,16(%rdi)
	movq	%rdx,24(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	L$14shortcut
.p2align	2
L$14loop:
	movl	0(%rdi),%eax
	movl	28(%rdi),%edx
L$14shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,32(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,36(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,44(%rdi)

	cmpl	$6,%ecx
	je	L$14break
	addl	$1,%ecx

	movl	%eax,%edx
	movl	16(%rdi),%eax
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	shll	$8,%ebx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$16,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$24,%ebx
	xorl	%ebx,%eax

	movl	%eax,48(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,52(%rdi)
	xorl	24(%rdi),%eax
	movl	%eax,56(%rdi)
	xorl	28(%rdi),%eax
	movl	%eax,60(%rdi)

	leaq	32(%rdi),%rdi
	jmp	L$14loop
L$14break:
	movl	$14,48(%rdi)
	xorq	%rax,%rax
	jmp	L$exit

L$badpointer:
	movq	$-1,%rax
L$exit:
.byte	0xf3,0xc3			

.globl	_AES_set_decrypt_key

.p2align	4
_AES_set_decrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	pushq	%rdx
L$dec_key_prologue:

	call	_x86_64_AES_set_encrypt_key
	movq	(%rsp),%r8
	cmpl	$0,%eax
	jne	L$abort

	movl	240(%r8),%r14d
	xorq	%rdi,%rdi
	leaq	(%rdi,%r14,4),%rcx
	movq	%r8,%rsi
	leaq	(%r8,%rcx,4),%rdi
.p2align	2
L$invert:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	0(%rdi),%rcx
	movq	8(%rdi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,0(%rsi)
	movq	%rdx,8(%rsi)
	leaq	16(%rsi),%rsi
	leaq	-16(%rdi),%rdi
	cmpq	%rsi,%rdi
	jne	L$invert

	leaq	L$AES_Te+2048+1024(%rip),%rax

	movq	40(%rax),%rsi
	movq	48(%rax),%rdi
	movq	56(%rax),%rbp

	movq	%r8,%r15
	subl	$1,%r14d
.p2align	2
L$permute:
	leaq	16(%r15),%r15
	movq	0(%r15),%rax
	movq	8(%r15),%rcx
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx


	shrq	$32,%r8
	shrq	$32,%r11

	roll	$16,%r9d
	roll	$16,%r12d

	roll	$16,%r8d
	roll	$16,%r11d

	xorl	%r9d,%eax
	xorl	%r12d,%ecx

	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	movl	%eax,0(%r15)
	movl	%ebx,4(%r15)
	movl	%ecx,8(%r15)
	movl	%edx,12(%r15)
	subl	$1,%r14d
	jnz	L$permute

	xorq	%rax,%rax
L$abort:
	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
L$dec_key_epilogue:
	.byte	0xf3,0xc3

.globl	_AES_cbc_encrypt

.p2align	4

.private_extern	_OPENSSL_ia32cap_P
.globl	_asm_AES_cbc_encrypt
.private_extern	_asm_AES_cbc_encrypt
_asm_AES_cbc_encrypt:
_AES_cbc_encrypt:
	cmpq	$0,%rdx
	je	L$cbc_epilogue
	pushfq
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$cbc_prologue:

	cld
	movl	%r9d,%r9d

	leaq	L$AES_Te(%rip),%r14
	cmpq	$0,%r9
	jne	L$cbc_picked_te
	leaq	L$AES_Td(%rip),%r14
L$cbc_picked_te:

	movl	_OPENSSL_ia32cap_P(%rip),%r10d
	cmpq	$512,%rdx
	jb	L$cbc_slow_prologue
	testq	$15,%rdx
	jnz	L$cbc_slow_prologue
	btl	$IA32CAP_BIT0_HT,%r10d
	jc	L$cbc_slow_prologue


	leaq	-88-248(%rsp),%r15
	andq	$-64,%r15


	movq	%r14,%r10
	leaq	2304(%r14),%r11
	movq	%r15,%r12
	andq	$4095,%r10
	andq	$4095,%r11
	andq	$4095,%r12

	cmpq	%r11,%r12
	jb	L$cbc_te_break_out
	subq	%r11,%r12
	subq	%r12,%r15
	jmp	L$cbc_te_ok
L$cbc_te_break_out:
	subq	%r10,%r12
	andq	$4095,%r12
	addq	$320,%r12
	subq	%r12,%r15
.p2align	2
L$cbc_te_ok:

	xchgq	%rsp,%r15

	movq	%r15,16(%rsp)
L$cbc_fast_body:
	movq	%rdi,24(%rsp)
	movq	%rsi,32(%rsp)
	movq	%rdx,40(%rsp)
	movq	%rcx,48(%rsp)
	movq	%r8,56(%rsp)
	movl	$0,80+240(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15

	movl	240(%r15),%eax

	movq	%r15,%r10
	subq	%r14,%r10
	andq	$4095,%r10
	cmpq	$2304,%r10
	jb	L$cbc_do_ecopy
	cmpq	$4096-248,%r10
	jb	L$cbc_skip_ecopy
.p2align	2
L$cbc_do_ecopy:
	movq	%r15,%rsi
	leaq	80(%rsp),%rdi
	leaq	80(%rsp),%r15
	movl	$30,%ecx
.long	0x90A548F3	
	movl	%eax,(%rdi)
L$cbc_skip_ecopy:
	movq	%r15,0(%rsp)

	movl	$18,%ecx
.p2align	2
L$cbc_prefetch_te:
	movq	0(%r14),%r10
	movq	32(%r14),%r11
	movq	64(%r14),%r12
	movq	96(%r14),%r13
	leaq	128(%r14),%r14
	subl	$1,%ecx
	jnz	L$cbc_prefetch_te
	leaq	-2304(%r14),%r14

	cmpq	$0,%rbx
	je	L$FAST_DECRYPT


	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx

.p2align	2
L$cbc_fast_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_encrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	movq	%r10,40(%rsp)
	jnz	L$cbc_fast_enc_loop
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	L$cbc_fast_cleanup


.p2align	4
L$FAST_DECRYPT:
	cmpq	%r8,%r9
	je	L$cbc_fast_dec_in_place

	movq	%rbp,64(%rsp)
.p2align	2
L$cbc_fast_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	64(%rsp),%rbp
	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0(%rbp),%eax
	xorl	4(%rbp),%ebx
	xorl	8(%rbp),%ecx
	xorl	12(%rbp),%edx
	movq	%r8,%rbp

	subq	$16,%r10
	movq	%r10,40(%rsp)
	movq	%rbp,64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jnz	L$cbc_fast_dec_loop
	movq	56(%rsp),%r12
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0(%r12)
	movq	%r11,8(%r12)
	jmp	L$cbc_fast_cleanup

.p2align	4
L$cbc_fast_dec_in_place:
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0+64(%rsp)
	movq	%r11,8+64(%rsp)
.p2align	2
L$cbc_fast_dec_in_place_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jz	L$cbc_fast_dec_in_place_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	movq	%r10,40(%rsp)
	jmp	L$cbc_fast_dec_in_place_loop
L$cbc_fast_dec_in_place_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

.p2align	2
L$cbc_fast_cleanup:
	cmpl	$0,80+240(%rsp)
	leaq	80(%rsp),%rdi
	je	L$cbc_exit
	movl	$30,%ecx
	xorq	%rax,%rax
.long	0x90AB48F3	

	jmp	L$cbc_exit


.p2align	4
L$cbc_slow_prologue:

	leaq	-88(%rsp),%rbp
	andq	$-64,%rbp

	leaq	-88-63(%rcx),%r10
	subq	%rbp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rbp

	xchgq	%rsp,%rbp

	movq	%rbp,16(%rsp)
L$cbc_slow_body:




	movq	%r8,56(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15
	movq	%rdx,%r10

	movl	240(%r15),%eax
	movq	%r15,0(%rsp)
	shll	$4,%eax
	leaq	(%r15,%rax,1),%rax
	movq	%rax,8(%rsp)


	leaq	2048(%r14),%r14
	leaq	768-8(%rsp),%rax
	subq	%r14,%rax
	andq	$768,%rax
	leaq	(%r14,%rax,1),%r14

	cmpq	$0,%rbx
	je	L$SLOW_DECRYPT


	testq	$-16,%r10
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx
	jz	L$cbc_slow_enc_tail	

.p2align	2
L$cbc_slow_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_encrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	jnz	L$cbc_slow_enc_loop
	testq	$15,%r10
	jnz	L$cbc_slow_enc_tail
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	L$cbc_exit

.p2align	2
L$cbc_slow_enc_tail:
	movq	%rax,%r11
	movq	%rcx,%r12
	movq	%r10,%rcx
	movq	%r8,%rsi
	movq	%r9,%rdi
.long	0x9066A4F3		
	movq	$16,%rcx
	subq	%r10,%rcx
	xorq	%rax,%rax
.long	0x9066AAF3		
	movq	%r9,%r8
	movq	$16,%r10
	movq	%r11,%rax
	movq	%r12,%rcx
	jmp	L$cbc_slow_enc_loop	

.p2align	4
L$SLOW_DECRYPT:
	shrq	$3,%rax
	addq	%rax,%r14

	movq	0(%rbp),%r11
	movq	8(%rbp),%r12
	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

.p2align	2
L$cbc_slow_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_decrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jc	L$cbc_slow_dec_partial
	jz	L$cbc_slow_dec_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jmp	L$cbc_slow_dec_loop
L$cbc_slow_dec_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	jmp	L$cbc_exit

.p2align	2
L$cbc_slow_dec_partial:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0+64(%rsp)
	movl	%ebx,4+64(%rsp)
	movl	%ecx,8+64(%rsp)
	movl	%edx,12+64(%rsp)

	movq	%r9,%rdi
	leaq	64(%rsp),%rsi
	leaq	16(%r10),%rcx
.long	0x9066A4F3	
	jmp	L$cbc_exit

.p2align	4
L$cbc_exit:
	movq	16(%rsp),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$cbc_popfq:
	popfq
L$cbc_epilogue:
	.byte	0xf3,0xc3

.p2align	6
L$AES_Te:
.long	0xa56363c6,0xa56363c6
.long	0x847c7cf8,0x847c7cf8
.long	0x997777ee,0x997777ee
.long	0x8d7b7bf6,0x8d7b7bf6
.long	0x0df2f2ff,0x0df2f2ff
.long	0xbd6b6bd6,0xbd6b6bd6
.long	0xb16f6fde,0xb16f6fde
.long	0x54c5c591,0x54c5c591
.long	0x50303060,0x50303060
.long	0x03010102,0x03010102
.long	0xa96767ce,0xa96767ce
.long	0x7d2b2b56,0x7d2b2b56
.long	0x19fefee7,0x19fefee7
.long	0x62d7d7b5,0x62d7d7b5
.long	0xe6abab4d,0xe6abab4d
.long	0x9a7676ec,0x9a7676ec
.long	0x45caca8f,0x45caca8f
.long	0x9d82821f,0x9d82821f
.long	0x40c9c989,0x40c9c989
.long	0x877d7dfa,0x877d7dfa
.long	0x15fafaef,0x15fafaef
.long	0xeb5959b2,0xeb5959b2
.long	0xc947478e,0xc947478e
.long	0x0bf0f0fb,0x0bf0f0fb
.long	0xecadad41,0xecadad41
.long	0x67d4d4b3,0x67d4d4b3
.long	0xfda2a25f,0xfda2a25f
.long	0xeaafaf45,0xeaafaf45
.long	0xbf9c9c23,0xbf9c9c23
.long	0xf7a4a453,0xf7a4a453
.long	0x967272e4,0x967272e4
.long	0x5bc0c09b,0x5bc0c09b
.long	0xc2b7b775,0xc2b7b775
.long	0x1cfdfde1,0x1cfdfde1
.long	0xae93933d,0xae93933d
.long	0x6a26264c,0x6a26264c
.long	0x5a36366c,0x5a36366c
.long	0x413f3f7e,0x413f3f7e
.long	0x02f7f7f5,0x02f7f7f5
.long	0x4fcccc83,0x4fcccc83
.long	0x5c343468,0x5c343468
.long	0xf4a5a551,0xf4a5a551
.long	0x34e5e5d1,0x34e5e5d1
.long	0x08f1f1f9,0x08f1f1f9
.long	0x937171e2,0x937171e2
.long	0x73d8d8ab,0x73d8d8ab
.long	0x53313162,0x53313162
.long	0x3f15152a,0x3f15152a
.long	0x0c040408,0x0c040408
.long	0x52c7c795,0x52c7c795
.long	0x65232346,0x65232346
.long	0x5ec3c39d,0x5ec3c39d
.long	0x28181830,0x28181830
.long	0xa1969637,0xa1969637
.long	0x0f05050a,0x0f05050a
.long	0xb59a9a2f,0xb59a9a2f
.long	0x0907070e,0x0907070e
.long	0x36121224,0x36121224
.long	0x9b80801b,0x9b80801b
.long	0x3de2e2df,0x3de2e2df
.long	0x26ebebcd,0x26ebebcd
.long	0x6927274e,0x6927274e
.long	0xcdb2b27f,0xcdb2b27f
.long	0x9f7575ea,0x9f7575ea
.long	0x1b090912,0x1b090912
.long	0x9e83831d,0x9e83831d
.long	0x742c2c58,0x742c2c58
.long	0x2e1a1a34,0x2e1a1a34
.long	0x2d1b1b36,0x2d1b1b36
.long	0xb26e6edc,0xb26e6edc
.long	0xee5a5ab4,0xee5a5ab4
.long	0xfba0a05b,0xfba0a05b
.long	0xf65252a4,0xf65252a4
.long	0x4d3b3b76,0x4d3b3b76
.long	0x61d6d6b7,0x61d6d6b7
.long	0xceb3b37d,0xceb3b37d
.long	0x7b292952,0x7b292952
.long	0x3ee3e3dd,0x3ee3e3dd
.long	0x712f2f5e,0x712f2f5e
.long	0x97848413,0x97848413
.long	0xf55353a6,0xf55353a6
.long	0x68d1d1b9,0x68d1d1b9
.long	0x00000000,0x00000000
.long	0x2cededc1,0x2cededc1
.long	0x60202040,0x60202040
.long	0x1ffcfce3,0x1ffcfce3
.long	0xc8b1b179,0xc8b1b179
.long	0xed5b5bb6,0xed5b5bb6
.long	0xbe6a6ad4,0xbe6a6ad4
.long	0x46cbcb8d,0x46cbcb8d
.long	0xd9bebe67,0xd9bebe67
.long	0x4b393972,0x4b393972
.long	0xde4a4a94,0xde4a4a94
.long	0xd44c4c98,0xd44c4c98
.long	0xe85858b0,0xe85858b0
.long	0x4acfcf85,0x4acfcf85
.long	0x6bd0d0bb,0x6bd0d0bb
.long	0x2aefefc5,0x2aefefc5
.long	0xe5aaaa4f,0xe5aaaa4f
.long	0x16fbfbed,0x16fbfbed
.long	0xc5434386,0xc5434386
.long	0xd74d4d9a,0xd74d4d9a
.long	0x55333366,0x55333366
.long	0x94858511,0x94858511
.long	0xcf45458a,0xcf45458a
.long	0x10f9f9e9,0x10f9f9e9
.long	0x06020204,0x06020204
.long	0x817f7ffe,0x817f7ffe
.long	0xf05050a0,0xf05050a0
.long	0x443c3c78,0x443c3c78
.long	0xba9f9f25,0xba9f9f25
.long	0xe3a8a84b,0xe3a8a84b
.long	0xf35151a2,0xf35151a2
.long	0xfea3a35d,0xfea3a35d
.long	0xc0404080,0xc0404080
.long	0x8a8f8f05,0x8a8f8f05
.long	0xad92923f,0xad92923f
.long	0xbc9d9d21,0xbc9d9d21
.long	0x48383870,0x48383870
.long	0x04f5f5f1,0x04f5f5f1
.long	0xdfbcbc63,0xdfbcbc63
.long	0xc1b6b677,0xc1b6b677
.long	0x75dadaaf,0x75dadaaf
.long	0x63212142,0x63212142
.long	0x30101020,0x30101020
.long	0x1affffe5,0x1affffe5
.long	0x0ef3f3fd,0x0ef3f3fd
.long	0x6dd2d2bf,0x6dd2d2bf
.long	0x4ccdcd81,0x4ccdcd81
.long	0x140c0c18,0x140c0c18
.long	0x35131326,0x35131326
.long	0x2fececc3,0x2fececc3
.long	0xe15f5fbe,0xe15f5fbe
.long	0xa2979735,0xa2979735
.long	0xcc444488,0xcc444488
.long	0x3917172e,0x3917172e
.long	0x57c4c493,0x57c4c493
.long	0xf2a7a755,0xf2a7a755
.long	0x827e7efc,0x827e7efc
.long	0x473d3d7a,0x473d3d7a
.long	0xac6464c8,0xac6464c8
.long	0xe75d5dba,0xe75d5dba
.long	0x2b191932,0x2b191932
.long	0x957373e6,0x957373e6
.long	0xa06060c0,0xa06060c0
.long	0x98818119,0x98818119
.long	0xd14f4f9e,0xd14f4f9e
.long	0x7fdcdca3,0x7fdcdca3
.long	0x66222244,0x66222244
.long	0x7e2a2a54,0x7e2a2a54
.long	0xab90903b,0xab90903b
.long	0x8388880b,0x8388880b
.long	0xca46468c,0xca46468c
.long	0x29eeeec7,0x29eeeec7
.long	0xd3b8b86b,0xd3b8b86b
.long	0x3c141428,0x3c141428
.long	0x79dedea7,0x79dedea7
.long	0xe25e5ebc,0xe25e5ebc
.long	0x1d0b0b16,0x1d0b0b16
.long	0x76dbdbad,0x76dbdbad
.long	0x3be0e0db,0x3be0e0db
.long	0x56323264,0x56323264
.long	0x4e3a3a74,0x4e3a3a74
.long	0x1e0a0a14,0x1e0a0a14
.long	0xdb494992,0xdb494992
.long	0x0a06060c,0x0a06060c
.long	0x6c242448,0x6c242448
.long	0xe45c5cb8,0xe45c5cb8
.long	0x5dc2c29f,0x5dc2c29f
.long	0x6ed3d3bd,0x6ed3d3bd
.long	0xefacac43,0xefacac43
.long	0xa66262c4,0xa66262c4
.long	0xa8919139,0xa8919139
.long	0xa4959531,0xa4959531
.long	0x37e4e4d3,0x37e4e4d3
.long	0x8b7979f2,0x8b7979f2
.long	0x32e7e7d5,0x32e7e7d5
.long	0x43c8c88b,0x43c8c88b
.long	0x5937376e,0x5937376e
.long	0xb76d6dda,0xb76d6dda
.long	0x8c8d8d01,0x8c8d8d01
.long	0x64d5d5b1,0x64d5d5b1
.long	0xd24e4e9c,0xd24e4e9c
.long	0xe0a9a949,0xe0a9a949
.long	0xb46c6cd8,0xb46c6cd8
.long	0xfa5656ac,0xfa5656ac
.long	0x07f4f4f3,0x07f4f4f3
.long	0x25eaeacf,0x25eaeacf
.long	0xaf6565ca,0xaf6565ca
.long	0x8e7a7af4,0x8e7a7af4
.long	0xe9aeae47,0xe9aeae47
.long	0x18080810,0x18080810
.long	0xd5baba6f,0xd5baba6f
.long	0x887878f0,0x887878f0
.long	0x6f25254a,0x6f25254a
.long	0x722e2e5c,0x722e2e5c
.long	0x241c1c38,0x241c1c38
.long	0xf1a6a657,0xf1a6a657
.long	0xc7b4b473,0xc7b4b473
.long	0x51c6c697,0x51c6c697
.long	0x23e8e8cb,0x23e8e8cb
.long	0x7cdddda1,0x7cdddda1
.long	0x9c7474e8,0x9c7474e8
.long	0x211f1f3e,0x211f1f3e
.long	0xdd4b4b96,0xdd4b4b96
.long	0xdcbdbd61,0xdcbdbd61
.long	0x868b8b0d,0x868b8b0d
.long	0x858a8a0f,0x858a8a0f
.long	0x907070e0,0x907070e0
.long	0x423e3e7c,0x423e3e7c
.long	0xc4b5b571,0xc4b5b571
.long	0xaa6666cc,0xaa6666cc
.long	0xd8484890,0xd8484890
.long	0x05030306,0x05030306
.long	0x01f6f6f7,0x01f6f6f7
.long	0x120e0e1c,0x120e0e1c
.long	0xa36161c2,0xa36161c2
.long	0x5f35356a,0x5f35356a
.long	0xf95757ae,0xf95757ae
.long	0xd0b9b969,0xd0b9b969
.long	0x91868617,0x91868617
.long	0x58c1c199,0x58c1c199
.long	0x271d1d3a,0x271d1d3a
.long	0xb99e9e27,0xb99e9e27
.long	0x38e1e1d9,0x38e1e1d9
.long	0x13f8f8eb,0x13f8f8eb
.long	0xb398982b,0xb398982b
.long	0x33111122,0x33111122
.long	0xbb6969d2,0xbb6969d2
.long	0x70d9d9a9,0x70d9d9a9
.long	0x898e8e07,0x898e8e07
.long	0xa7949433,0xa7949433
.long	0xb69b9b2d,0xb69b9b2d
.long	0x221e1e3c,0x221e1e3c
.long	0x92878715,0x92878715
.long	0x20e9e9c9,0x20e9e9c9
.long	0x49cece87,0x49cece87
.long	0xff5555aa,0xff5555aa
.long	0x78282850,0x78282850
.long	0x7adfdfa5,0x7adfdfa5
.long	0x8f8c8c03,0x8f8c8c03
.long	0xf8a1a159,0xf8a1a159
.long	0x80898909,0x80898909
.long	0x170d0d1a,0x170d0d1a
.long	0xdabfbf65,0xdabfbf65
.long	0x31e6e6d7,0x31e6e6d7
.long	0xc6424284,0xc6424284
.long	0xb86868d0,0xb86868d0
.long	0xc3414182,0xc3414182
.long	0xb0999929,0xb0999929
.long	0x772d2d5a,0x772d2d5a
.long	0x110f0f1e,0x110f0f1e
.long	0xcbb0b07b,0xcbb0b07b
.long	0xfc5454a8,0xfc5454a8
.long	0xd6bbbb6d,0xd6bbbb6d
.long	0x3a16162c,0x3a16162c
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
.p2align	6
L$AES_Td:
.long	0x50a7f451,0x50a7f451
.long	0x5365417e,0x5365417e
.long	0xc3a4171a,0xc3a4171a
.long	0x965e273a,0x965e273a
.long	0xcb6bab3b,0xcb6bab3b
.long	0xf1459d1f,0xf1459d1f
.long	0xab58faac,0xab58faac
.long	0x9303e34b,0x9303e34b
.long	0x55fa3020,0x55fa3020
.long	0xf66d76ad,0xf66d76ad
.long	0x9176cc88,0x9176cc88
.long	0x254c02f5,0x254c02f5
.long	0xfcd7e54f,0xfcd7e54f
.long	0xd7cb2ac5,0xd7cb2ac5
.long	0x80443526,0x80443526
.long	0x8fa362b5,0x8fa362b5
.long	0x495ab1de,0x495ab1de
.long	0x671bba25,0x671bba25
.long	0x980eea45,0x980eea45
.long	0xe1c0fe5d,0xe1c0fe5d
.long	0x02752fc3,0x02752fc3
.long	0x12f04c81,0x12f04c81
.long	0xa397468d,0xa397468d
.long	0xc6f9d36b,0xc6f9d36b
.long	0xe75f8f03,0xe75f8f03
.long	0x959c9215,0x959c9215
.long	0xeb7a6dbf,0xeb7a6dbf
.long	0xda595295,0xda595295
.long	0x2d83bed4,0x2d83bed4
.long	0xd3217458,0xd3217458
.long	0x2969e049,0x2969e049
.long	0x44c8c98e,0x44c8c98e
.long	0x6a89c275,0x6a89c275
.long	0x78798ef4,0x78798ef4
.long	0x6b3e5899,0x6b3e5899
.long	0xdd71b927,0xdd71b927
.long	0xb64fe1be,0xb64fe1be
.long	0x17ad88f0,0x17ad88f0
.long	0x66ac20c9,0x66ac20c9
.long	0xb43ace7d,0xb43ace7d
.long	0x184adf63,0x184adf63
.long	0x82311ae5,0x82311ae5
.long	0x60335197,0x60335197
.long	0x457f5362,0x457f5362
.long	0xe07764b1,0xe07764b1
.long	0x84ae6bbb,0x84ae6bbb
.long	0x1ca081fe,0x1ca081fe
.long	0x942b08f9,0x942b08f9
.long	0x58684870,0x58684870
.long	0x19fd458f,0x19fd458f
.long	0x876cde94,0x876cde94
.long	0xb7f87b52,0xb7f87b52
.long	0x23d373ab,0x23d373ab
.long	0xe2024b72,0xe2024b72
.long	0x578f1fe3,0x578f1fe3
.long	0x2aab5566,0x2aab5566
.long	0x0728ebb2,0x0728ebb2
.long	0x03c2b52f,0x03c2b52f
.long	0x9a7bc586,0x9a7bc586
.long	0xa50837d3,0xa50837d3
.long	0xf2872830,0xf2872830
.long	0xb2a5bf23,0xb2a5bf23
.long	0xba6a0302,0xba6a0302
.long	0x5c8216ed,0x5c8216ed
.long	0x2b1ccf8a,0x2b1ccf8a
.long	0x92b479a7,0x92b479a7
.long	0xf0f207f3,0xf0f207f3
.long	0xa1e2694e,0xa1e2694e
.long	0xcdf4da65,0xcdf4da65
.long	0xd5be0506,0xd5be0506
.long	0x1f6234d1,0x1f6234d1
.long	0x8afea6c4,0x8afea6c4
.long	0x9d532e34,0x9d532e34
.long	0xa055f3a2,0xa055f3a2
.long	0x32e18a05,0x32e18a05
.long	0x75ebf6a4,0x75ebf6a4
.long	0x39ec830b,0x39ec830b
.long	0xaaef6040,0xaaef6040
.long	0x069f715e,0x069f715e
.long	0x51106ebd,0x51106ebd
.long	0xf98a213e,0xf98a213e
.long	0x3d06dd96,0x3d06dd96
.long	0xae053edd,0xae053edd
.long	0x46bde64d,0x46bde64d
.long	0xb58d5491,0xb58d5491
.long	0x055dc471,0x055dc471
.long	0x6fd40604,0x6fd40604
.long	0xff155060,0xff155060
.long	0x24fb9819,0x24fb9819
.long	0x97e9bdd6,0x97e9bdd6
.long	0xcc434089,0xcc434089
.long	0x779ed967,0x779ed967
.long	0xbd42e8b0,0xbd42e8b0
.long	0x888b8907,0x888b8907
.long	0x385b19e7,0x385b19e7
.long	0xdbeec879,0xdbeec879
.long	0x470a7ca1,0x470a7ca1
.long	0xe90f427c,0xe90f427c
.long	0xc91e84f8,0xc91e84f8
.long	0x00000000,0x00000000
.long	0x83868009,0x83868009
.long	0x48ed2b32,0x48ed2b32
.long	0xac70111e,0xac70111e
.long	0x4e725a6c,0x4e725a6c
.long	0xfbff0efd,0xfbff0efd
.long	0x5638850f,0x5638850f
.long	0x1ed5ae3d,0x1ed5ae3d
.long	0x27392d36,0x27392d36
.long	0x64d90f0a,0x64d90f0a
.long	0x21a65c68,0x21a65c68
.long	0xd1545b9b,0xd1545b9b
.long	0x3a2e3624,0x3a2e3624
.long	0xb1670a0c,0xb1670a0c
.long	0x0fe75793,0x0fe75793
.long	0xd296eeb4,0xd296eeb4
.long	0x9e919b1b,0x9e919b1b
.long	0x4fc5c080,0x4fc5c080
.long	0xa220dc61,0xa220dc61
.long	0x694b775a,0x694b775a
.long	0x161a121c,0x161a121c
.long	0x0aba93e2,0x0aba93e2
.long	0xe52aa0c0,0xe52aa0c0
.long	0x43e0223c,0x43e0223c
.long	0x1d171b12,0x1d171b12
.long	0x0b0d090e,0x0b0d090e
.long	0xadc78bf2,0xadc78bf2
.long	0xb9a8b62d,0xb9a8b62d
.long	0xc8a91e14,0xc8a91e14
.long	0x8519f157,0x8519f157
.long	0x4c0775af,0x4c0775af
.long	0xbbdd99ee,0xbbdd99ee
.long	0xfd607fa3,0xfd607fa3
.long	0x9f2601f7,0x9f2601f7
.long	0xbcf5725c,0xbcf5725c
.long	0xc53b6644,0xc53b6644
.long	0x347efb5b,0x347efb5b
.long	0x7629438b,0x7629438b
.long	0xdcc623cb,0xdcc623cb
.long	0x68fcedb6,0x68fcedb6
.long	0x63f1e4b8,0x63f1e4b8
.long	0xcadc31d7,0xcadc31d7
.long	0x10856342,0x10856342
.long	0x40229713,0x40229713
.long	0x2011c684,0x2011c684
.long	0x7d244a85,0x7d244a85
.long	0xf83dbbd2,0xf83dbbd2
.long	0x1132f9ae,0x1132f9ae
.long	0x6da129c7,0x6da129c7
.long	0x4b2f9e1d,0x4b2f9e1d
.long	0xf330b2dc,0xf330b2dc
.long	0xec52860d,0xec52860d
.long	0xd0e3c177,0xd0e3c177
.long	0x6c16b32b,0x6c16b32b
.long	0x99b970a9,0x99b970a9
.long	0xfa489411,0xfa489411
.long	0x2264e947,0x2264e947
.long	0xc48cfca8,0xc48cfca8
.long	0x1a3ff0a0,0x1a3ff0a0
.long	0xd82c7d56,0xd82c7d56
.long	0xef903322,0xef903322
.long	0xc74e4987,0xc74e4987
.long	0xc1d138d9,0xc1d138d9
.long	0xfea2ca8c,0xfea2ca8c
.long	0x360bd498,0x360bd498
.long	0xcf81f5a6,0xcf81f5a6
.long	0x28de7aa5,0x28de7aa5
.long	0x268eb7da,0x268eb7da
.long	0xa4bfad3f,0xa4bfad3f
.long	0xe49d3a2c,0xe49d3a2c
.long	0x0d927850,0x0d927850
.long	0x9bcc5f6a,0x9bcc5f6a
.long	0x62467e54,0x62467e54
.long	0xc2138df6,0xc2138df6
.long	0xe8b8d890,0xe8b8d890
.long	0x5ef7392e,0x5ef7392e
.long	0xf5afc382,0xf5afc382
.long	0xbe805d9f,0xbe805d9f
.long	0x7c93d069,0x7c93d069
.long	0xa92dd56f,0xa92dd56f
.long	0xb31225cf,0xb31225cf
.long	0x3b99acc8,0x3b99acc8
.long	0xa77d1810,0xa77d1810
.long	0x6e639ce8,0x6e639ce8
.long	0x7bbb3bdb,0x7bbb3bdb
.long	0x097826cd,0x097826cd
.long	0xf418596e,0xf418596e
.long	0x01b79aec,0x01b79aec
.long	0xa89a4f83,0xa89a4f83
.long	0x656e95e6,0x656e95e6
.long	0x7ee6ffaa,0x7ee6ffaa
.long	0x08cfbc21,0x08cfbc21
.long	0xe6e815ef,0xe6e815ef
.long	0xd99be7ba,0xd99be7ba
.long	0xce366f4a,0xce366f4a
.long	0xd4099fea,0xd4099fea
.long	0xd67cb029,0xd67cb029
.long	0xafb2a431,0xafb2a431
.long	0x31233f2a,0x31233f2a
.long	0x3094a5c6,0x3094a5c6
.long	0xc066a235,0xc066a235
.long	0x37bc4e74,0x37bc4e74
.long	0xa6ca82fc,0xa6ca82fc
.long	0xb0d090e0,0xb0d090e0
.long	0x15d8a733,0x15d8a733
.long	0x4a9804f1,0x4a9804f1
.long	0xf7daec41,0xf7daec41
.long	0x0e50cd7f,0x0e50cd7f
.long	0x2ff69117,0x2ff69117
.long	0x8dd64d76,0x8dd64d76
.long	0x4db0ef43,0x4db0ef43
.long	0x544daacc,0x544daacc
.long	0xdf0496e4,0xdf0496e4
.long	0xe3b5d19e,0xe3b5d19e
.long	0x1b886a4c,0x1b886a4c
.long	0xb81f2cc1,0xb81f2cc1
.long	0x7f516546,0x7f516546
.long	0x04ea5e9d,0x04ea5e9d
.long	0x5d358c01,0x5d358c01
.long	0x737487fa,0x737487fa
.long	0x2e410bfb,0x2e410bfb
.long	0x5a1d67b3,0x5a1d67b3
.long	0x52d2db92,0x52d2db92
.long	0x335610e9,0x335610e9
.long	0x1347d66d,0x1347d66d
.long	0x8c61d79a,0x8c61d79a
.long	0x7a0ca137,0x7a0ca137
.long	0x8e14f859,0x8e14f859
.long	0x893c13eb,0x893c13eb
.long	0xee27a9ce,0xee27a9ce
.long	0x35c961b7,0x35c961b7
.long	0xede51ce1,0xede51ce1
.long	0x3cb1477a,0x3cb1477a
.long	0x59dfd29c,0x59dfd29c
.long	0x3f73f255,0x3f73f255
.long	0x79ce1418,0x79ce1418
.long	0xbf37c773,0xbf37c773
.long	0xeacdf753,0xeacdf753
.long	0x5baafd5f,0x5baafd5f
.long	0x146f3ddf,0x146f3ddf
.long	0x86db4478,0x86db4478
.long	0x81f3afca,0x81f3afca
.long	0x3ec468b9,0x3ec468b9
.long	0x2c342438,0x2c342438
.long	0x5f40a3c2,0x5f40a3c2
.long	0x72c31d16,0x72c31d16
.long	0x0c25e2bc,0x0c25e2bc
.long	0x8b493c28,0x8b493c28
.long	0x41950dff,0x41950dff
.long	0x7101a839,0x7101a839
.long	0xdeb30c08,0xdeb30c08
.long	0x9ce4b4d8,0x9ce4b4d8
.long	0x90c15664,0x90c15664
.long	0x6184cb7b,0x6184cb7b
.long	0x70b632d5,0x70b632d5
.long	0x745c6c48,0x745c6c48
.long	0x4257b8d0,0x4257b8d0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
Deleted jni/libressl/crypto/aes/aes-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
.text	

.p2align	4
_x86_64_AES_encrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	L$enc_loop
.p2align	4
L$enc_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	shrl	$16,%ecx
	movzbl	%ah,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movl	12(%r15),%edx
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movl	0(%r15),%eax
	xorl	1(%r14,%rdi,8),%r12d
	xorl	1(%r14,%rbp,8),%r8d

	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	L$enc_loop
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	2(%r14,%rsi,8),%r10d
	movzbl	2(%r14,%rdi,8),%r11d
	movzbl	2(%r14,%rbp,8),%r12d

	movzbl	%dl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	2(%r14,%rsi,8),%r8d
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$65280,%edi
	andl	$65280,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%ecx

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	shrl	$16,%edx
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi

	andl	$65280,%esi
	andl	$65280,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%eax

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	0(%r14,%rdi,8),%edi
	movl	0(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$16711680,%edi
	andl	$16711680,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movl	0(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	2(%r14,%rbp,8),%ebp

	andl	$16711680,%esi
	andl	$4278190080,%edi
	andl	$4278190080,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movl	16+12(%r15),%edx
	movl	2(%r14,%rsi,8),%esi
	movl	2(%r14,%rdi,8),%edi
	movl	16+0(%r15),%eax

	andl	$4278190080,%esi
	andl	$4278190080,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			


.p2align	4
_x86_64_AES_encrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	L$enc_loop_compact
.p2align	4
L$enc_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%dh,%ebp
	movzbl	%ah,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%dh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ah,%edi
	shrl	$8,%ecx
	shrl	$8,%ebx
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rcx,1),%edx
	movzbl	(%r14,%rbx,1),%ecx
	shll	$16,%r9d
	shll	$16,%r13d
	shll	$16,%ebp
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%edi
	shll	$24,%edx
	xorl	%esi,%r10d
	shll	$24,%ecx
	xorl	%edi,%r11d
	movl	%r10d,%eax
	movl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	L$enc_compact_done
	movl	%eax,%esi
	movl	%ebx,%edi
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	movl	%esi,%r10d
	movl	%edi,%r11d
	shrl	$7,%r10d
	leal	(%rax,%rax,1),%r8d
	shrl	$7,%r11d
	leal	(%rbx,%rbx,1),%r9d
	subl	%r10d,%esi
	subl	%r11d,%edi
	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%eax,%r10d
	movl	%ebx,%r11d
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%ecx,%esi
	movl	%edx,%edi
	roll	$24,%eax
	roll	$24,%ebx
	andl	$2155905152,%esi
	andl	$2155905152,%edi
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movl	%esi,%r12d
	movl	%edi,%ebp
	rorl	$16,%r10d
	rorl	$16,%r11d
	shrl	$7,%r12d
	leal	(%rcx,%rcx,1),%r8d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	shrl	$7,%ebp
	leal	(%rdx,%rdx,1),%r9d
	rorl	$8,%r10d
	rorl	$8,%r11d
	subl	%r12d,%esi
	subl	%ebp,%edi
	xorl	%r10d,%eax
	xorl	%r11d,%ebx

	andl	$4278124286,%r8d
	andl	$4278124286,%r9d
	andl	$454761243,%esi
	andl	$454761243,%edi
	movl	%ecx,%r12d
	movl	%edx,%ebp
	xorl	%esi,%r8d
	xorl	%edi,%r9d

	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	roll	$24,%ecx
	roll	$24,%edx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx
	movl	0(%r14),%esi
	rorl	$16,%r12d
	rorl	$16,%ebp
	movl	64(%r14),%edi
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	movl	128(%r14),%r8d
	rorl	$8,%r12d
	rorl	$8,%ebp
	movl	192(%r14),%r9d
	xorl	%r12d,%ecx
	xorl	%ebp,%edx
	jmp	L$enc_loop_compact
.p2align	4
L$enc_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			

.globl	_AES_encrypt

.p2align	4
.globl	_asm_AES_encrypt
.private_extern	_asm_AES_encrypt
_asm_AES_encrypt:
_AES_encrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
L$enc_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	L$AES_Te+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14

	call	_x86_64_AES_encrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$enc_epilogue:
	.byte	0xf3,0xc3


.p2align	4
_x86_64_AES_decrypt:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx

	movl	240(%r15),%r13d
	subl	$1,%r13d
	jmp	L$dec_loop
.p2align	4
L$dec_loop:

	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movl	0(%r14,%rsi,8),%r10d
	movl	0(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r12d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	%dl,%ebp
	xorl	3(%r14,%rsi,8),%r10d
	xorl	3(%r14,%rdi,8),%r11d
	movl	0(%r14,%rbp,8),%r8d

	movzbl	%bh,%esi
	shrl	$16,%eax
	movzbl	%ch,%ebp
	xorl	3(%r14,%rsi,8),%r12d
	shrl	$16,%edx
	xorl	3(%r14,%rbp,8),%r8d

	shrl	$16,%ebx
	leaq	16(%r15),%r15
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	xorl	2(%r14,%rsi,8),%r10d
	xorl	2(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r12d

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	movzbl	%bl,%ebp
	xorl	1(%r14,%rsi,8),%r10d
	xorl	1(%r14,%rdi,8),%r11d
	xorl	2(%r14,%rbp,8),%r8d

	movzbl	%dh,%esi
	movl	12(%r15),%edx
	movzbl	%ah,%ebp
	xorl	1(%r14,%rsi,8),%r12d
	movl	0(%r15),%eax
	xorl	1(%r14,%rbp,8),%r8d

	xorl	%r10d,%eax
	movl	4(%r15),%ebx
	movl	8(%r15),%ecx
	xorl	%r12d,%ecx
	xorl	%r11d,%ebx
	xorl	%r8d,%edx
	subl	$1,%r13d
	jnz	L$dec_loop
	leaq	2048(%r14),%r14
	movzbl	%al,%esi
	movzbl	%bl,%edi
	movzbl	%cl,%ebp
	movzbl	(%r14,%rsi,1),%r10d
	movzbl	(%r14,%rdi,1),%r11d
	movzbl	(%r14,%rbp,1),%r12d

	movzbl	%dl,%esi
	movzbl	%dh,%edi
	movzbl	%ah,%ebp
	movzbl	(%r14,%rsi,1),%r8d
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$8,%edi
	shll	$8,%ebp

	xorl	%edi,%r10d
	xorl	%ebp,%r11d
	shrl	$16,%edx

	movzbl	%bh,%esi
	movzbl	%ch,%edi
	shrl	$16,%eax
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi

	shll	$8,%esi
	shll	$8,%edi
	shrl	$16,%ebx
	xorl	%esi,%r12d
	xorl	%edi,%r8d
	shrl	$16,%ecx

	movzbl	%cl,%esi
	movzbl	%dl,%edi
	movzbl	%al,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$16,%edi
	shll	$16,%ebp

	xorl	%esi,%r10d
	xorl	%edi,%r11d
	xorl	%ebp,%r12d

	movzbl	%bl,%esi
	movzbl	%bh,%edi
	movzbl	%ch,%ebp
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movzbl	(%r14,%rbp,1),%ebp

	shll	$16,%esi
	shll	$24,%edi
	shll	$24,%ebp

	xorl	%esi,%r8d
	xorl	%edi,%r10d
	xorl	%ebp,%r11d

	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movl	16+12(%r15),%edx
	movzbl	(%r14,%rsi,1),%esi
	movzbl	(%r14,%rdi,1),%edi
	movl	16+0(%r15),%eax

	shll	$24,%esi
	shll	$24,%edi

	xorl	%esi,%r12d
	xorl	%edi,%r8d

	movl	16+4(%r15),%ebx
	movl	16+8(%r15),%ecx
	leaq	-2048(%r14),%r14
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
.byte	0xf3,0xc3			


.p2align	4
_x86_64_AES_decrypt_compact:
	leaq	128(%r14),%r8
	movl	0-128(%r8),%edi
	movl	32-128(%r8),%ebp
	movl	64-128(%r8),%r10d
	movl	96-128(%r8),%r11d
	movl	128-128(%r8),%edi
	movl	160-128(%r8),%ebp
	movl	192-128(%r8),%r10d
	movl	224-128(%r8),%r11d
	jmp	L$dec_loop_compact

.p2align	4
L$dec_loop_compact:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
	leaq	16(%r15),%r15
	movzbl	%al,%r10d
	movzbl	%bl,%r11d
	movzbl	%cl,%r12d
	movzbl	(%r14,%r10,1),%r10d
	movzbl	(%r14,%r11,1),%r11d
	movzbl	(%r14,%r12,1),%r12d

	movzbl	%dl,%r8d
	movzbl	%dh,%esi
	movzbl	%ah,%edi
	movzbl	(%r14,%r8,1),%r8d
	movzbl	(%r14,%rsi,1),%r9d
	movzbl	(%r14,%rdi,1),%r13d

	movzbl	%bh,%ebp
	movzbl	%ch,%esi
	shrl	$16,%ecx
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	shrl	$16,%edx

	movzbl	%cl,%edi
	shll	$8,%r9d
	shll	$8,%r13d
	movzbl	(%r14,%rdi,1),%edi
	xorl	%r9d,%r10d
	xorl	%r13d,%r11d

	movzbl	%dl,%r9d
	shrl	$16,%eax
	shrl	$16,%ebx
	movzbl	%al,%r13d
	shll	$8,%ebp
	shll	$8,%esi
	movzbl	(%r14,%r9,1),%r9d
	movzbl	(%r14,%r13,1),%r13d
	xorl	%ebp,%r12d
	xorl	%esi,%r8d

	movzbl	%bl,%ebp
	movzbl	%bh,%esi
	shll	$16,%edi
	movzbl	(%r14,%rbp,1),%ebp
	movzbl	(%r14,%rsi,1),%esi
	xorl	%edi,%r10d

	movzbl	%ch,%edi
	shll	$16,%r9d
	shll	$16,%r13d
	movzbl	(%r14,%rdi,1),%ebx
	xorl	%r9d,%r11d
	xorl	%r13d,%r12d

	movzbl	%dh,%edi
	shrl	$8,%eax
	shll	$16,%ebp
	movzbl	(%r14,%rdi,1),%ecx
	movzbl	(%r14,%rax,1),%edx
	xorl	%ebp,%r8d

	shll	$24,%esi
	shll	$24,%ebx
	shll	$24,%ecx
	xorl	%esi,%r10d
	shll	$24,%edx
	xorl	%r11d,%ebx
	movl	%r10d,%eax
	xorl	%r12d,%ecx
	xorl	%r8d,%edx
	cmpq	16(%rsp),%r15
	je	L$dec_compact_done

	movq	256+0(%r14),%rsi
	shlq	$32,%rbx
	shlq	$32,%rdx
	movq	256+8(%r14),%rdi
	orq	%rbx,%rax
	orq	%rdx,%rcx
	movq	256+16(%r14),%rbp
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	0(%r14),%rsi
	shrq	$32,%r8
	shrq	$32,%r11
	movq	64(%r14),%rdi
	roll	$16,%r9d
	roll	$16,%r12d
	movq	128(%r14),%rbp
	roll	$16,%r8d
	roll	$16,%r11d
	movq	192(%r14),%r10
	xorl	%r9d,%eax
	xorl	%r12d,%ecx
	movq	256(%r14),%r13
	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	jmp	L$dec_loop_compact
.p2align	4
L$dec_compact_done:
	xorl	0(%r15),%eax
	xorl	4(%r15),%ebx
	xorl	8(%r15),%ecx
	xorl	12(%r15),%edx
.byte	0xf3,0xc3			

.globl	_AES_decrypt

.p2align	4
.globl	_asm_AES_decrypt
.private_extern	_asm_AES_decrypt
_asm_AES_decrypt:
_AES_decrypt:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r10
	leaq	-63(%rdx),%rcx
	andq	$-64,%rsp
	subq	%rsp,%rcx
	negq	%rcx
	andq	$960,%rcx
	subq	%rcx,%rsp
	subq	$32,%rsp

	movq	%rsi,16(%rsp)
	movq	%r10,24(%rsp)
L$dec_prologue:

	movq	%rdx,%r15
	movl	240(%r15),%r13d

	movl	0(%rdi),%eax
	movl	4(%rdi),%ebx
	movl	8(%rdi),%ecx
	movl	12(%rdi),%edx

	shll	$4,%r13d
	leaq	(%r15,%r13,1),%rbp
	movq	%r15,(%rsp)
	movq	%rbp,8(%rsp)


	leaq	L$AES_Td+2048(%rip),%r14
	leaq	768(%rsp),%rbp
	subq	%r14,%rbp
	andq	$768,%rbp
	leaq	(%r14,%rbp,1),%r14
	shrq	$3,%rbp
	addq	%rbp,%r14

	call	_x86_64_AES_decrypt_compact

	movq	16(%rsp),%r9
	movq	24(%rsp),%rsi
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$dec_epilogue:
	.byte	0xf3,0xc3

.globl	_AES_set_encrypt_key

.p2align	4
_AES_set_encrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$8,%rsp
L$enc_key_prologue:

	call	_x86_64_AES_set_encrypt_key

	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
L$enc_key_epilogue:
	.byte	0xf3,0xc3



.p2align	4
_x86_64_AES_set_encrypt_key:
	movl	%esi,%ecx
	movq	%rdi,%rsi
	movq	%rdx,%rdi

	testq	$-1,%rsi
	jz	L$badpointer
	testq	$-1,%rdi
	jz	L$badpointer

	leaq	L$AES_Te(%rip),%rbp
	leaq	2048+128(%rbp),%rbp


	movl	0-128(%rbp),%eax
	movl	32-128(%rbp),%ebx
	movl	64-128(%rbp),%r8d
	movl	96-128(%rbp),%edx
	movl	128-128(%rbp),%eax
	movl	160-128(%rbp),%ebx
	movl	192-128(%rbp),%r8d
	movl	224-128(%rbp),%edx

	cmpl	$128,%ecx
	je	L$10rounds
	cmpl	$192,%ecx
	je	L$12rounds
	cmpl	$256,%ecx
	je	L$14rounds
	movq	$-2,%rax
	jmp	L$exit

L$10rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rdx,8(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	L$10shortcut
.p2align	2
L$10loop:
	movl	0(%rdi),%eax
	movl	12(%rdi),%edx
L$10shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,16(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,20(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,24(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,28(%rdi)
	addl	$1,%ecx
	leaq	16(%rdi),%rdi
	cmpl	$10,%ecx
	jl	L$10loop

	movl	$10,80(%rdi)
	xorq	%rax,%rax
	jmp	L$exit

L$12rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rdx,16(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	L$12shortcut
.p2align	2
L$12loop:
	movl	0(%rdi),%eax
	movl	20(%rdi),%edx
L$12shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,24(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,28(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,32(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,36(%rdi)

	cmpl	$7,%ecx
	je	L$12break
	addl	$1,%ecx

	xorl	16(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,44(%rdi)

	leaq	24(%rdi),%rdi
	jmp	L$12loop
L$12break:
	movl	$12,72(%rdi)
	xorq	%rax,%rax
	jmp	L$exit

L$14rounds:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rcx
	movq	24(%rsi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,16(%rdi)
	movq	%rdx,24(%rdi)

	shrq	$32,%rdx
	xorl	%ecx,%ecx
	jmp	L$14shortcut
.p2align	2
L$14loop:
	movl	0(%rdi),%eax
	movl	28(%rdi),%edx
L$14shortcut:
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$24,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$8,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$16,%ebx
	xorl	%ebx,%eax

	xorl	1024-128(%rbp,%rcx,4),%eax
	movl	%eax,32(%rdi)
	xorl	4(%rdi),%eax
	movl	%eax,36(%rdi)
	xorl	8(%rdi),%eax
	movl	%eax,40(%rdi)
	xorl	12(%rdi),%eax
	movl	%eax,44(%rdi)

	cmpl	$6,%ecx
	je	L$14break
	addl	$1,%ecx

	movl	%eax,%edx
	movl	16(%rdi),%eax
	movzbl	%dl,%esi
	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shrl	$16,%edx
	shll	$8,%ebx
	movzbl	%dl,%esi
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	movzbl	%dh,%esi
	shll	$16,%ebx
	xorl	%ebx,%eax

	movzbl	-128(%rbp,%rsi,1),%ebx
	shll	$24,%ebx
	xorl	%ebx,%eax

	movl	%eax,48(%rdi)
	xorl	20(%rdi),%eax
	movl	%eax,52(%rdi)
	xorl	24(%rdi),%eax
	movl	%eax,56(%rdi)
	xorl	28(%rdi),%eax
	movl	%eax,60(%rdi)

	leaq	32(%rdi),%rdi
	jmp	L$14loop
L$14break:
	movl	$14,48(%rdi)
	xorq	%rax,%rax
	jmp	L$exit

L$badpointer:
	movq	$-1,%rax
L$exit:
.byte	0xf3,0xc3			

.globl	_AES_set_decrypt_key

.p2align	4
_AES_set_decrypt_key:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	pushq	%rdx
L$dec_key_prologue:

	call	_x86_64_AES_set_encrypt_key
	movq	(%rsp),%r8
	cmpl	$0,%eax
	jne	L$abort

	movl	240(%r8),%r14d
	xorq	%rdi,%rdi
	leaq	(%rdi,%r14,4),%rcx
	movq	%r8,%rsi
	leaq	(%r8,%rcx,4),%rdi
.p2align	2
L$invert:
	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	0(%rdi),%rcx
	movq	8(%rdi),%rdx
	movq	%rax,0(%rdi)
	movq	%rbx,8(%rdi)
	movq	%rcx,0(%rsi)
	movq	%rdx,8(%rsi)
	leaq	16(%rsi),%rsi
	leaq	-16(%rdi),%rdi
	cmpq	%rsi,%rdi
	jne	L$invert

	leaq	L$AES_Te+2048+1024(%rip),%rax

	movq	40(%rax),%rsi
	movq	48(%rax),%rdi
	movq	56(%rax),%rbp

	movq	%r8,%r15
	subl	$1,%r14d
.p2align	2
L$permute:
	leaq	16(%r15),%r15
	movq	0(%r15),%rax
	movq	8(%r15),%rcx
	movq	%rax,%rbx
	movq	%rcx,%rdx
	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12
	shrq	$7,%r9
	leaq	(%rax,%rax,1),%r8
	shrq	$7,%r12
	leaq	(%rcx,%rcx,1),%r11
	subq	%r9,%rbx
	subq	%r12,%rdx
	andq	%rdi,%r8
	andq	%rdi,%r11
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r8,%rbx
	xorq	%r11,%rdx
	movq	%rbx,%r8
	movq	%rdx,%r11

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	leaq	(%r8,%r8,1),%r9
	shrq	$7,%r13
	leaq	(%r11,%r11,1),%r12
	subq	%r10,%rbx
	subq	%r13,%rdx
	andq	%rdi,%r9
	andq	%rdi,%r12
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%r9,%rbx
	xorq	%r12,%rdx
	movq	%rbx,%r9
	movq	%rdx,%r12

	andq	%rsi,%rbx
	andq	%rsi,%rdx
	movq	%rbx,%r10
	movq	%rdx,%r13
	shrq	$7,%r10
	xorq	%rax,%r8
	shrq	$7,%r13
	xorq	%rcx,%r11
	subq	%r10,%rbx
	subq	%r13,%rdx
	leaq	(%r9,%r9,1),%r10
	leaq	(%r12,%r12,1),%r13
	xorq	%rax,%r9
	xorq	%rcx,%r12
	andq	%rdi,%r10
	andq	%rdi,%r13
	andq	%rbp,%rbx
	andq	%rbp,%rdx
	xorq	%rbx,%r10
	xorq	%rdx,%r13

	xorq	%r10,%rax
	xorq	%r13,%rcx
	xorq	%r10,%r8
	xorq	%r13,%r11
	movq	%rax,%rbx
	movq	%rcx,%rdx
	xorq	%r10,%r9
	xorq	%r13,%r12
	shrq	$32,%rbx
	shrq	$32,%rdx
	xorq	%r8,%r10
	xorq	%r11,%r13
	roll	$8,%eax
	roll	$8,%ecx
	xorq	%r9,%r10
	xorq	%r12,%r13

	roll	$8,%ebx
	roll	$8,%edx
	xorl	%r10d,%eax
	xorl	%r13d,%ecx
	shrq	$32,%r10
	shrq	$32,%r13
	xorl	%r10d,%ebx
	xorl	%r13d,%edx

	movq	%r8,%r10
	movq	%r11,%r13
	shrq	$32,%r10
	shrq	$32,%r13
	roll	$24,%r8d
	roll	$24,%r11d
	roll	$24,%r10d
	roll	$24,%r13d
	xorl	%r8d,%eax
	xorl	%r11d,%ecx
	movq	%r9,%r8
	movq	%r12,%r11
	xorl	%r10d,%ebx
	xorl	%r13d,%edx


	shrq	$32,%r8
	shrq	$32,%r11

	roll	$16,%r9d
	roll	$16,%r12d

	roll	$16,%r8d
	roll	$16,%r11d

	xorl	%r9d,%eax
	xorl	%r12d,%ecx

	xorl	%r8d,%ebx
	xorl	%r11d,%edx
	movl	%eax,0(%r15)
	movl	%ebx,4(%r15)
	movl	%ecx,8(%r15)
	movl	%edx,12(%r15)
	subl	$1,%r14d
	jnz	L$permute

	xorq	%rax,%rax
L$abort:
	movq	8(%rsp),%r15
	movq	16(%rsp),%r14
	movq	24(%rsp),%r13
	movq	32(%rsp),%r12
	movq	40(%rsp),%rbp
	movq	48(%rsp),%rbx
	addq	$56,%rsp
L$dec_key_epilogue:
	.byte	0xf3,0xc3

.globl	_AES_cbc_encrypt

.p2align	4

.globl	_asm_AES_cbc_encrypt
.private_extern	_asm_AES_cbc_encrypt
_asm_AES_cbc_encrypt:
_AES_cbc_encrypt:
	cmpq	$0,%rdx
	je	L$cbc_epilogue
	pushfq
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$cbc_prologue:

	cld
	movl	%r9d,%r9d

	leaq	L$AES_Te(%rip),%r14
	cmpq	$0,%r9
	jne	L$cbc_picked_te
	leaq	L$AES_Td(%rip),%r14
L$cbc_picked_te:

	movl	_OPENSSL_ia32cap_P(%rip),%r10d
	cmpq	$512,%rdx
	jb	L$cbc_slow_prologue
	testq	$15,%rdx
	jnz	L$cbc_slow_prologue
	btl	$28,%r10d
	jc	L$cbc_slow_prologue


	leaq	-88-248(%rsp),%r15
	andq	$-64,%r15


	movq	%r14,%r10
	leaq	2304(%r14),%r11
	movq	%r15,%r12
	andq	$4095,%r10
	andq	$4095,%r11
	andq	$4095,%r12

	cmpq	%r11,%r12
	jb	L$cbc_te_break_out
	subq	%r11,%r12
	subq	%r12,%r15
	jmp	L$cbc_te_ok
L$cbc_te_break_out:
	subq	%r10,%r12
	andq	$4095,%r12
	addq	$320,%r12
	subq	%r12,%r15
.p2align	2
L$cbc_te_ok:

	xchgq	%rsp,%r15

	movq	%r15,16(%rsp)
L$cbc_fast_body:
	movq	%rdi,24(%rsp)
	movq	%rsi,32(%rsp)
	movq	%rdx,40(%rsp)
	movq	%rcx,48(%rsp)
	movq	%r8,56(%rsp)
	movl	$0,80+240(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15

	movl	240(%r15),%eax

	movq	%r15,%r10
	subq	%r14,%r10
	andq	$4095,%r10
	cmpq	$2304,%r10
	jb	L$cbc_do_ecopy
	cmpq	$4096-248,%r10
	jb	L$cbc_skip_ecopy
.p2align	2
L$cbc_do_ecopy:
	movq	%r15,%rsi
	leaq	80(%rsp),%rdi
	leaq	80(%rsp),%r15
	movl	$30,%ecx
.long	0x90A548F3	
	movl	%eax,(%rdi)
L$cbc_skip_ecopy:
	movq	%r15,0(%rsp)

	movl	$18,%ecx
.p2align	2
L$cbc_prefetch_te:
	movq	0(%r14),%r10
	movq	32(%r14),%r11
	movq	64(%r14),%r12
	movq	96(%r14),%r13
	leaq	128(%r14),%r14
	subl	$1,%ecx
	jnz	L$cbc_prefetch_te
	leaq	-2304(%r14),%r14

	cmpq	$0,%rbx
	je	L$FAST_DECRYPT


	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx

.p2align	2
L$cbc_fast_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_encrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	movq	%r10,40(%rsp)
	jnz	L$cbc_fast_enc_loop
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	L$cbc_fast_cleanup


.p2align	4
L$FAST_DECRYPT:
	cmpq	%r8,%r9
	je	L$cbc_fast_dec_in_place

	movq	%rbp,64(%rsp)
.p2align	2
L$cbc_fast_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	64(%rsp),%rbp
	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0(%rbp),%eax
	xorl	4(%rbp),%ebx
	xorl	8(%rbp),%ecx
	xorl	12(%rbp),%edx
	movq	%r8,%rbp

	subq	$16,%r10
	movq	%r10,40(%rsp)
	movq	%rbp,64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jnz	L$cbc_fast_dec_loop
	movq	56(%rsp),%r12
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0(%r12)
	movq	%r11,8(%r12)
	jmp	L$cbc_fast_cleanup

.p2align	4
L$cbc_fast_dec_in_place:
	movq	0(%rbp),%r10
	movq	8(%rbp),%r11
	movq	%r10,0+64(%rsp)
	movq	%r11,8+64(%rsp)
.p2align	2
L$cbc_fast_dec_in_place_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)

	call	_x86_64_AES_decrypt

	movq	24(%rsp),%r8
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jz	L$cbc_fast_dec_in_place_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	movq	%r10,40(%rsp)
	jmp	L$cbc_fast_dec_in_place_loop
L$cbc_fast_dec_in_place_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

.p2align	2
L$cbc_fast_cleanup:
	cmpl	$0,80+240(%rsp)
	leaq	80(%rsp),%rdi
	je	L$cbc_exit
	movl	$30,%ecx
	xorq	%rax,%rax
.long	0x90AB48F3	

	jmp	L$cbc_exit


.p2align	4
L$cbc_slow_prologue:

	leaq	-88(%rsp),%rbp
	andq	$-64,%rbp

	leaq	-88-63(%rcx),%r10
	subq	%rbp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rbp

	xchgq	%rsp,%rbp

	movq	%rbp,16(%rsp)
L$cbc_slow_body:




	movq	%r8,56(%rsp)
	movq	%r8,%rbp
	movq	%r9,%rbx
	movq	%rsi,%r9
	movq	%rdi,%r8
	movq	%rcx,%r15
	movq	%rdx,%r10

	movl	240(%r15),%eax
	movq	%r15,0(%rsp)
	shll	$4,%eax
	leaq	(%r15,%rax,1),%rax
	movq	%rax,8(%rsp)


	leaq	2048(%r14),%r14
	leaq	768-8(%rsp),%rax
	subq	%r14,%rax
	andq	$768,%rax
	leaq	(%r14,%rax,1),%r14

	cmpq	$0,%rbx
	je	L$SLOW_DECRYPT


	testq	$-16,%r10
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx
	jz	L$cbc_slow_enc_tail	

.p2align	2
L$cbc_slow_enc_loop:
	xorl	0(%r8),%eax
	xorl	4(%r8),%ebx
	xorl	8(%r8),%ecx
	xorl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_encrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	subq	$16,%r10
	testq	$-16,%r10
	jnz	L$cbc_slow_enc_loop
	testq	$15,%r10
	jnz	L$cbc_slow_enc_tail
	movq	56(%rsp),%rbp
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	jmp	L$cbc_exit

.p2align	2
L$cbc_slow_enc_tail:
	movq	%rax,%r11
	movq	%rcx,%r12
	movq	%r10,%rcx
	movq	%r8,%rsi
	movq	%r9,%rdi
.long	0x9066A4F3		
	movq	$16,%rcx
	subq	%r10,%rcx
	xorq	%rax,%rax
.long	0x9066AAF3		
	movq	%r9,%r8
	movq	$16,%r10
	movq	%r11,%rax
	movq	%r12,%rcx
	jmp	L$cbc_slow_enc_loop	

.p2align	4
L$SLOW_DECRYPT:
	shrq	$3,%rax
	addq	%rax,%r14

	movq	0(%rbp),%r11
	movq	8(%rbp),%r12
	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

.p2align	2
L$cbc_slow_dec_loop:
	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movq	0(%rsp),%r15
	movq	%r8,24(%rsp)
	movq	%r9,32(%rsp)
	movq	%r10,40(%rsp)

	call	_x86_64_AES_decrypt_compact

	movq	24(%rsp),%r8
	movq	32(%rsp),%r9
	movq	40(%rsp),%r10
	xorl	0+64(%rsp),%eax
	xorl	4+64(%rsp),%ebx
	xorl	8+64(%rsp),%ecx
	xorl	12+64(%rsp),%edx

	movq	0(%r8),%r11
	movq	8(%r8),%r12
	subq	$16,%r10
	jc	L$cbc_slow_dec_partial
	jz	L$cbc_slow_dec_done

	movq	%r11,0+64(%rsp)
	movq	%r12,8+64(%rsp)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	leaq	16(%r8),%r8
	leaq	16(%r9),%r9
	jmp	L$cbc_slow_dec_loop
L$cbc_slow_dec_done:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0(%r9)
	movl	%ebx,4(%r9)
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)

	jmp	L$cbc_exit

.p2align	2
L$cbc_slow_dec_partial:
	movq	56(%rsp),%rdi
	movq	%r11,0(%rdi)
	movq	%r12,8(%rdi)

	movl	%eax,0+64(%rsp)
	movl	%ebx,4+64(%rsp)
	movl	%ecx,8+64(%rsp)
	movl	%edx,12+64(%rsp)

	movq	%r9,%rdi
	leaq	64(%rsp),%rsi
	leaq	16(%r10),%rcx
.long	0x9066A4F3	
	jmp	L$cbc_exit

.p2align	4
L$cbc_exit:
	movq	16(%rsp),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$cbc_popfq:
	popfq
L$cbc_epilogue:
	.byte	0xf3,0xc3

.p2align	6
L$AES_Te:
.long	0xa56363c6,0xa56363c6
.long	0x847c7cf8,0x847c7cf8
.long	0x997777ee,0x997777ee
.long	0x8d7b7bf6,0x8d7b7bf6
.long	0x0df2f2ff,0x0df2f2ff
.long	0xbd6b6bd6,0xbd6b6bd6
.long	0xb16f6fde,0xb16f6fde
.long	0x54c5c591,0x54c5c591
.long	0x50303060,0x50303060
.long	0x03010102,0x03010102
.long	0xa96767ce,0xa96767ce
.long	0x7d2b2b56,0x7d2b2b56
.long	0x19fefee7,0x19fefee7
.long	0x62d7d7b5,0x62d7d7b5
.long	0xe6abab4d,0xe6abab4d
.long	0x9a7676ec,0x9a7676ec
.long	0x45caca8f,0x45caca8f
.long	0x9d82821f,0x9d82821f
.long	0x40c9c989,0x40c9c989
.long	0x877d7dfa,0x877d7dfa
.long	0x15fafaef,0x15fafaef
.long	0xeb5959b2,0xeb5959b2
.long	0xc947478e,0xc947478e
.long	0x0bf0f0fb,0x0bf0f0fb
.long	0xecadad41,0xecadad41
.long	0x67d4d4b3,0x67d4d4b3
.long	0xfda2a25f,0xfda2a25f
.long	0xeaafaf45,0xeaafaf45
.long	0xbf9c9c23,0xbf9c9c23
.long	0xf7a4a453,0xf7a4a453
.long	0x967272e4,0x967272e4
.long	0x5bc0c09b,0x5bc0c09b
.long	0xc2b7b775,0xc2b7b775
.long	0x1cfdfde1,0x1cfdfde1
.long	0xae93933d,0xae93933d
.long	0x6a26264c,0x6a26264c
.long	0x5a36366c,0x5a36366c
.long	0x413f3f7e,0x413f3f7e
.long	0x02f7f7f5,0x02f7f7f5
.long	0x4fcccc83,0x4fcccc83
.long	0x5c343468,0x5c343468
.long	0xf4a5a551,0xf4a5a551
.long	0x34e5e5d1,0x34e5e5d1
.long	0x08f1f1f9,0x08f1f1f9
.long	0x937171e2,0x937171e2
.long	0x73d8d8ab,0x73d8d8ab
.long	0x53313162,0x53313162
.long	0x3f15152a,0x3f15152a
.long	0x0c040408,0x0c040408
.long	0x52c7c795,0x52c7c795
.long	0x65232346,0x65232346
.long	0x5ec3c39d,0x5ec3c39d
.long	0x28181830,0x28181830
.long	0xa1969637,0xa1969637
.long	0x0f05050a,0x0f05050a
.long	0xb59a9a2f,0xb59a9a2f
.long	0x0907070e,0x0907070e
.long	0x36121224,0x36121224
.long	0x9b80801b,0x9b80801b
.long	0x3de2e2df,0x3de2e2df
.long	0x26ebebcd,0x26ebebcd
.long	0x6927274e,0x6927274e
.long	0xcdb2b27f,0xcdb2b27f
.long	0x9f7575ea,0x9f7575ea
.long	0x1b090912,0x1b090912
.long	0x9e83831d,0x9e83831d
.long	0x742c2c58,0x742c2c58
.long	0x2e1a1a34,0x2e1a1a34
.long	0x2d1b1b36,0x2d1b1b36
.long	0xb26e6edc,0xb26e6edc
.long	0xee5a5ab4,0xee5a5ab4
.long	0xfba0a05b,0xfba0a05b
.long	0xf65252a4,0xf65252a4
.long	0x4d3b3b76,0x4d3b3b76
.long	0x61d6d6b7,0x61d6d6b7
.long	0xceb3b37d,0xceb3b37d
.long	0x7b292952,0x7b292952
.long	0x3ee3e3dd,0x3ee3e3dd
.long	0x712f2f5e,0x712f2f5e
.long	0x97848413,0x97848413
.long	0xf55353a6,0xf55353a6
.long	0x68d1d1b9,0x68d1d1b9
.long	0x00000000,0x00000000
.long	0x2cededc1,0x2cededc1
.long	0x60202040,0x60202040
.long	0x1ffcfce3,0x1ffcfce3
.long	0xc8b1b179,0xc8b1b179
.long	0xed5b5bb6,0xed5b5bb6
.long	0xbe6a6ad4,0xbe6a6ad4
.long	0x46cbcb8d,0x46cbcb8d
.long	0xd9bebe67,0xd9bebe67
.long	0x4b393972,0x4b393972
.long	0xde4a4a94,0xde4a4a94
.long	0xd44c4c98,0xd44c4c98
.long	0xe85858b0,0xe85858b0
.long	0x4acfcf85,0x4acfcf85
.long	0x6bd0d0bb,0x6bd0d0bb
.long	0x2aefefc5,0x2aefefc5
.long	0xe5aaaa4f,0xe5aaaa4f
.long	0x16fbfbed,0x16fbfbed
.long	0xc5434386,0xc5434386
.long	0xd74d4d9a,0xd74d4d9a
.long	0x55333366,0x55333366
.long	0x94858511,0x94858511
.long	0xcf45458a,0xcf45458a
.long	0x10f9f9e9,0x10f9f9e9
.long	0x06020204,0x06020204
.long	0x817f7ffe,0x817f7ffe
.long	0xf05050a0,0xf05050a0
.long	0x443c3c78,0x443c3c78
.long	0xba9f9f25,0xba9f9f25
.long	0xe3a8a84b,0xe3a8a84b
.long	0xf35151a2,0xf35151a2
.long	0xfea3a35d,0xfea3a35d
.long	0xc0404080,0xc0404080
.long	0x8a8f8f05,0x8a8f8f05
.long	0xad92923f,0xad92923f
.long	0xbc9d9d21,0xbc9d9d21
.long	0x48383870,0x48383870
.long	0x04f5f5f1,0x04f5f5f1
.long	0xdfbcbc63,0xdfbcbc63
.long	0xc1b6b677,0xc1b6b677
.long	0x75dadaaf,0x75dadaaf
.long	0x63212142,0x63212142
.long	0x30101020,0x30101020
.long	0x1affffe5,0x1affffe5
.long	0x0ef3f3fd,0x0ef3f3fd
.long	0x6dd2d2bf,0x6dd2d2bf
.long	0x4ccdcd81,0x4ccdcd81
.long	0x140c0c18,0x140c0c18
.long	0x35131326,0x35131326
.long	0x2fececc3,0x2fececc3
.long	0xe15f5fbe,0xe15f5fbe
.long	0xa2979735,0xa2979735
.long	0xcc444488,0xcc444488
.long	0x3917172e,0x3917172e
.long	0x57c4c493,0x57c4c493
.long	0xf2a7a755,0xf2a7a755
.long	0x827e7efc,0x827e7efc
.long	0x473d3d7a,0x473d3d7a
.long	0xac6464c8,0xac6464c8
.long	0xe75d5dba,0xe75d5dba
.long	0x2b191932,0x2b191932
.long	0x957373e6,0x957373e6
.long	0xa06060c0,0xa06060c0
.long	0x98818119,0x98818119
.long	0xd14f4f9e,0xd14f4f9e
.long	0x7fdcdca3,0x7fdcdca3
.long	0x66222244,0x66222244
.long	0x7e2a2a54,0x7e2a2a54
.long	0xab90903b,0xab90903b
.long	0x8388880b,0x8388880b
.long	0xca46468c,0xca46468c
.long	0x29eeeec7,0x29eeeec7
.long	0xd3b8b86b,0xd3b8b86b
.long	0x3c141428,0x3c141428
.long	0x79dedea7,0x79dedea7
.long	0xe25e5ebc,0xe25e5ebc
.long	0x1d0b0b16,0x1d0b0b16
.long	0x76dbdbad,0x76dbdbad
.long	0x3be0e0db,0x3be0e0db
.long	0x56323264,0x56323264
.long	0x4e3a3a74,0x4e3a3a74
.long	0x1e0a0a14,0x1e0a0a14
.long	0xdb494992,0xdb494992
.long	0x0a06060c,0x0a06060c
.long	0x6c242448,0x6c242448
.long	0xe45c5cb8,0xe45c5cb8
.long	0x5dc2c29f,0x5dc2c29f
.long	0x6ed3d3bd,0x6ed3d3bd
.long	0xefacac43,0xefacac43
.long	0xa66262c4,0xa66262c4
.long	0xa8919139,0xa8919139
.long	0xa4959531,0xa4959531
.long	0x37e4e4d3,0x37e4e4d3
.long	0x8b7979f2,0x8b7979f2
.long	0x32e7e7d5,0x32e7e7d5
.long	0x43c8c88b,0x43c8c88b
.long	0x5937376e,0x5937376e
.long	0xb76d6dda,0xb76d6dda
.long	0x8c8d8d01,0x8c8d8d01
.long	0x64d5d5b1,0x64d5d5b1
.long	0xd24e4e9c,0xd24e4e9c
.long	0xe0a9a949,0xe0a9a949
.long	0xb46c6cd8,0xb46c6cd8
.long	0xfa5656ac,0xfa5656ac
.long	0x07f4f4f3,0x07f4f4f3
.long	0x25eaeacf,0x25eaeacf
.long	0xaf6565ca,0xaf6565ca
.long	0x8e7a7af4,0x8e7a7af4
.long	0xe9aeae47,0xe9aeae47
.long	0x18080810,0x18080810
.long	0xd5baba6f,0xd5baba6f
.long	0x887878f0,0x887878f0
.long	0x6f25254a,0x6f25254a
.long	0x722e2e5c,0x722e2e5c
.long	0x241c1c38,0x241c1c38
.long	0xf1a6a657,0xf1a6a657
.long	0xc7b4b473,0xc7b4b473
.long	0x51c6c697,0x51c6c697
.long	0x23e8e8cb,0x23e8e8cb
.long	0x7cdddda1,0x7cdddda1
.long	0x9c7474e8,0x9c7474e8
.long	0x211f1f3e,0x211f1f3e
.long	0xdd4b4b96,0xdd4b4b96
.long	0xdcbdbd61,0xdcbdbd61
.long	0x868b8b0d,0x868b8b0d
.long	0x858a8a0f,0x858a8a0f
.long	0x907070e0,0x907070e0
.long	0x423e3e7c,0x423e3e7c
.long	0xc4b5b571,0xc4b5b571
.long	0xaa6666cc,0xaa6666cc
.long	0xd8484890,0xd8484890
.long	0x05030306,0x05030306
.long	0x01f6f6f7,0x01f6f6f7
.long	0x120e0e1c,0x120e0e1c
.long	0xa36161c2,0xa36161c2
.long	0x5f35356a,0x5f35356a
.long	0xf95757ae,0xf95757ae
.long	0xd0b9b969,0xd0b9b969
.long	0x91868617,0x91868617
.long	0x58c1c199,0x58c1c199
.long	0x271d1d3a,0x271d1d3a
.long	0xb99e9e27,0xb99e9e27
.long	0x38e1e1d9,0x38e1e1d9
.long	0x13f8f8eb,0x13f8f8eb
.long	0xb398982b,0xb398982b
.long	0x33111122,0x33111122
.long	0xbb6969d2,0xbb6969d2
.long	0x70d9d9a9,0x70d9d9a9
.long	0x898e8e07,0x898e8e07
.long	0xa7949433,0xa7949433
.long	0xb69b9b2d,0xb69b9b2d
.long	0x221e1e3c,0x221e1e3c
.long	0x92878715,0x92878715
.long	0x20e9e9c9,0x20e9e9c9
.long	0x49cece87,0x49cece87
.long	0xff5555aa,0xff5555aa
.long	0x78282850,0x78282850
.long	0x7adfdfa5,0x7adfdfa5
.long	0x8f8c8c03,0x8f8c8c03
.long	0xf8a1a159,0xf8a1a159
.long	0x80898909,0x80898909
.long	0x170d0d1a,0x170d0d1a
.long	0xdabfbf65,0xdabfbf65
.long	0x31e6e6d7,0x31e6e6d7
.long	0xc6424284,0xc6424284
.long	0xb86868d0,0xb86868d0
.long	0xc3414182,0xc3414182
.long	0xb0999929,0xb0999929
.long	0x772d2d5a,0x772d2d5a
.long	0x110f0f1e,0x110f0f1e
.long	0xcbb0b07b,0xcbb0b07b
.long	0xfc5454a8,0xfc5454a8
.long	0xd6bbbb6d,0xd6bbbb6d
.long	0x3a16162c,0x3a16162c
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
.p2align	6
L$AES_Td:
.long	0x50a7f451,0x50a7f451
.long	0x5365417e,0x5365417e
.long	0xc3a4171a,0xc3a4171a
.long	0x965e273a,0x965e273a
.long	0xcb6bab3b,0xcb6bab3b
.long	0xf1459d1f,0xf1459d1f
.long	0xab58faac,0xab58faac
.long	0x9303e34b,0x9303e34b
.long	0x55fa3020,0x55fa3020
.long	0xf66d76ad,0xf66d76ad
.long	0x9176cc88,0x9176cc88
.long	0x254c02f5,0x254c02f5
.long	0xfcd7e54f,0xfcd7e54f
.long	0xd7cb2ac5,0xd7cb2ac5
.long	0x80443526,0x80443526
.long	0x8fa362b5,0x8fa362b5
.long	0x495ab1de,0x495ab1de
.long	0x671bba25,0x671bba25
.long	0x980eea45,0x980eea45
.long	0xe1c0fe5d,0xe1c0fe5d
.long	0x02752fc3,0x02752fc3
.long	0x12f04c81,0x12f04c81
.long	0xa397468d,0xa397468d
.long	0xc6f9d36b,0xc6f9d36b
.long	0xe75f8f03,0xe75f8f03
.long	0x959c9215,0x959c9215
.long	0xeb7a6dbf,0xeb7a6dbf
.long	0xda595295,0xda595295
.long	0x2d83bed4,0x2d83bed4
.long	0xd3217458,0xd3217458
.long	0x2969e049,0x2969e049
.long	0x44c8c98e,0x44c8c98e
.long	0x6a89c275,0x6a89c275
.long	0x78798ef4,0x78798ef4
.long	0x6b3e5899,0x6b3e5899
.long	0xdd71b927,0xdd71b927
.long	0xb64fe1be,0xb64fe1be
.long	0x17ad88f0,0x17ad88f0
.long	0x66ac20c9,0x66ac20c9
.long	0xb43ace7d,0xb43ace7d
.long	0x184adf63,0x184adf63
.long	0x82311ae5,0x82311ae5
.long	0x60335197,0x60335197
.long	0x457f5362,0x457f5362
.long	0xe07764b1,0xe07764b1
.long	0x84ae6bbb,0x84ae6bbb
.long	0x1ca081fe,0x1ca081fe
.long	0x942b08f9,0x942b08f9
.long	0x58684870,0x58684870
.long	0x19fd458f,0x19fd458f
.long	0x876cde94,0x876cde94
.long	0xb7f87b52,0xb7f87b52
.long	0x23d373ab,0x23d373ab
.long	0xe2024b72,0xe2024b72
.long	0x578f1fe3,0x578f1fe3
.long	0x2aab5566,0x2aab5566
.long	0x0728ebb2,0x0728ebb2
.long	0x03c2b52f,0x03c2b52f
.long	0x9a7bc586,0x9a7bc586
.long	0xa50837d3,0xa50837d3
.long	0xf2872830,0xf2872830
.long	0xb2a5bf23,0xb2a5bf23
.long	0xba6a0302,0xba6a0302
.long	0x5c8216ed,0x5c8216ed
.long	0x2b1ccf8a,0x2b1ccf8a
.long	0x92b479a7,0x92b479a7
.long	0xf0f207f3,0xf0f207f3
.long	0xa1e2694e,0xa1e2694e
.long	0xcdf4da65,0xcdf4da65
.long	0xd5be0506,0xd5be0506
.long	0x1f6234d1,0x1f6234d1
.long	0x8afea6c4,0x8afea6c4
.long	0x9d532e34,0x9d532e34
.long	0xa055f3a2,0xa055f3a2
.long	0x32e18a05,0x32e18a05
.long	0x75ebf6a4,0x75ebf6a4
.long	0x39ec830b,0x39ec830b
.long	0xaaef6040,0xaaef6040
.long	0x069f715e,0x069f715e
.long	0x51106ebd,0x51106ebd
.long	0xf98a213e,0xf98a213e
.long	0x3d06dd96,0x3d06dd96
.long	0xae053edd,0xae053edd
.long	0x46bde64d,0x46bde64d
.long	0xb58d5491,0xb58d5491
.long	0x055dc471,0x055dc471
.long	0x6fd40604,0x6fd40604
.long	0xff155060,0xff155060
.long	0x24fb9819,0x24fb9819
.long	0x97e9bdd6,0x97e9bdd6
.long	0xcc434089,0xcc434089
.long	0x779ed967,0x779ed967
.long	0xbd42e8b0,0xbd42e8b0
.long	0x888b8907,0x888b8907
.long	0x385b19e7,0x385b19e7
.long	0xdbeec879,0xdbeec879
.long	0x470a7ca1,0x470a7ca1
.long	0xe90f427c,0xe90f427c
.long	0xc91e84f8,0xc91e84f8
.long	0x00000000,0x00000000
.long	0x83868009,0x83868009
.long	0x48ed2b32,0x48ed2b32
.long	0xac70111e,0xac70111e
.long	0x4e725a6c,0x4e725a6c
.long	0xfbff0efd,0xfbff0efd
.long	0x5638850f,0x5638850f
.long	0x1ed5ae3d,0x1ed5ae3d
.long	0x27392d36,0x27392d36
.long	0x64d90f0a,0x64d90f0a
.long	0x21a65c68,0x21a65c68
.long	0xd1545b9b,0xd1545b9b
.long	0x3a2e3624,0x3a2e3624
.long	0xb1670a0c,0xb1670a0c
.long	0x0fe75793,0x0fe75793
.long	0xd296eeb4,0xd296eeb4
.long	0x9e919b1b,0x9e919b1b
.long	0x4fc5c080,0x4fc5c080
.long	0xa220dc61,0xa220dc61
.long	0x694b775a,0x694b775a
.long	0x161a121c,0x161a121c
.long	0x0aba93e2,0x0aba93e2
.long	0xe52aa0c0,0xe52aa0c0
.long	0x43e0223c,0x43e0223c
.long	0x1d171b12,0x1d171b12
.long	0x0b0d090e,0x0b0d090e
.long	0xadc78bf2,0xadc78bf2
.long	0xb9a8b62d,0xb9a8b62d
.long	0xc8a91e14,0xc8a91e14
.long	0x8519f157,0x8519f157
.long	0x4c0775af,0x4c0775af
.long	0xbbdd99ee,0xbbdd99ee
.long	0xfd607fa3,0xfd607fa3
.long	0x9f2601f7,0x9f2601f7
.long	0xbcf5725c,0xbcf5725c
.long	0xc53b6644,0xc53b6644
.long	0x347efb5b,0x347efb5b
.long	0x7629438b,0x7629438b
.long	0xdcc623cb,0xdcc623cb
.long	0x68fcedb6,0x68fcedb6
.long	0x63f1e4b8,0x63f1e4b8
.long	0xcadc31d7,0xcadc31d7
.long	0x10856342,0x10856342
.long	0x40229713,0x40229713
.long	0x2011c684,0x2011c684
.long	0x7d244a85,0x7d244a85
.long	0xf83dbbd2,0xf83dbbd2
.long	0x1132f9ae,0x1132f9ae
.long	0x6da129c7,0x6da129c7
.long	0x4b2f9e1d,0x4b2f9e1d
.long	0xf330b2dc,0xf330b2dc
.long	0xec52860d,0xec52860d
.long	0xd0e3c177,0xd0e3c177
.long	0x6c16b32b,0x6c16b32b
.long	0x99b970a9,0x99b970a9
.long	0xfa489411,0xfa489411
.long	0x2264e947,0x2264e947
.long	0xc48cfca8,0xc48cfca8
.long	0x1a3ff0a0,0x1a3ff0a0
.long	0xd82c7d56,0xd82c7d56
.long	0xef903322,0xef903322
.long	0xc74e4987,0xc74e4987
.long	0xc1d138d9,0xc1d138d9
.long	0xfea2ca8c,0xfea2ca8c
.long	0x360bd498,0x360bd498
.long	0xcf81f5a6,0xcf81f5a6
.long	0x28de7aa5,0x28de7aa5
.long	0x268eb7da,0x268eb7da
.long	0xa4bfad3f,0xa4bfad3f
.long	0xe49d3a2c,0xe49d3a2c
.long	0x0d927850,0x0d927850
.long	0x9bcc5f6a,0x9bcc5f6a
.long	0x62467e54,0x62467e54
.long	0xc2138df6,0xc2138df6
.long	0xe8b8d890,0xe8b8d890
.long	0x5ef7392e,0x5ef7392e
.long	0xf5afc382,0xf5afc382
.long	0xbe805d9f,0xbe805d9f
.long	0x7c93d069,0x7c93d069
.long	0xa92dd56f,0xa92dd56f
.long	0xb31225cf,0xb31225cf
.long	0x3b99acc8,0x3b99acc8
.long	0xa77d1810,0xa77d1810
.long	0x6e639ce8,0x6e639ce8
.long	0x7bbb3bdb,0x7bbb3bdb
.long	0x097826cd,0x097826cd
.long	0xf418596e,0xf418596e
.long	0x01b79aec,0x01b79aec
.long	0xa89a4f83,0xa89a4f83
.long	0x656e95e6,0x656e95e6
.long	0x7ee6ffaa,0x7ee6ffaa
.long	0x08cfbc21,0x08cfbc21
.long	0xe6e815ef,0xe6e815ef
.long	0xd99be7ba,0xd99be7ba
.long	0xce366f4a,0xce366f4a
.long	0xd4099fea,0xd4099fea
.long	0xd67cb029,0xd67cb029
.long	0xafb2a431,0xafb2a431
.long	0x31233f2a,0x31233f2a
.long	0x3094a5c6,0x3094a5c6
.long	0xc066a235,0xc066a235
.long	0x37bc4e74,0x37bc4e74
.long	0xa6ca82fc,0xa6ca82fc
.long	0xb0d090e0,0xb0d090e0
.long	0x15d8a733,0x15d8a733
.long	0x4a9804f1,0x4a9804f1
.long	0xf7daec41,0xf7daec41
.long	0x0e50cd7f,0x0e50cd7f
.long	0x2ff69117,0x2ff69117
.long	0x8dd64d76,0x8dd64d76
.long	0x4db0ef43,0x4db0ef43
.long	0x544daacc,0x544daacc
.long	0xdf0496e4,0xdf0496e4
.long	0xe3b5d19e,0xe3b5d19e
.long	0x1b886a4c,0x1b886a4c
.long	0xb81f2cc1,0xb81f2cc1
.long	0x7f516546,0x7f516546
.long	0x04ea5e9d,0x04ea5e9d
.long	0x5d358c01,0x5d358c01
.long	0x737487fa,0x737487fa
.long	0x2e410bfb,0x2e410bfb
.long	0x5a1d67b3,0x5a1d67b3
.long	0x52d2db92,0x52d2db92
.long	0x335610e9,0x335610e9
.long	0x1347d66d,0x1347d66d
.long	0x8c61d79a,0x8c61d79a
.long	0x7a0ca137,0x7a0ca137
.long	0x8e14f859,0x8e14f859
.long	0x893c13eb,0x893c13eb
.long	0xee27a9ce,0xee27a9ce
.long	0x35c961b7,0x35c961b7
.long	0xede51ce1,0xede51ce1
.long	0x3cb1477a,0x3cb1477a
.long	0x59dfd29c,0x59dfd29c
.long	0x3f73f255,0x3f73f255
.long	0x79ce1418,0x79ce1418
.long	0xbf37c773,0xbf37c773
.long	0xeacdf753,0xeacdf753
.long	0x5baafd5f,0x5baafd5f
.long	0x146f3ddf,0x146f3ddf
.long	0x86db4478,0x86db4478
.long	0x81f3afca,0x81f3afca
.long	0x3ec468b9,0x3ec468b9
.long	0x2c342438,0x2c342438
.long	0x5f40a3c2,0x5f40a3c2
.long	0x72c31d16,0x72c31d16
.long	0x0c25e2bc,0x0c25e2bc
.long	0x8b493c28,0x8b493c28
.long	0x41950dff,0x41950dff
.long	0x7101a839,0x7101a839
.long	0xdeb30c08,0xdeb30c08
.long	0x9ce4b4d8,0x9ce4b4d8
.long	0x90c15664,0x90c15664
.long	0x6184cb7b,0x6184cb7b
.long	0x70b632d5,0x70b632d5
.long	0x745c6c48,0x745c6c48
.long	0x4257b8d0,0x4257b8d0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/aes/aes_cbc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_cbc.c,v 1.12 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_cfb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_cfb.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_core.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: aes_core.c,v 1.12 2015/02/10 09:46:30 miod Exp $ */
/**
 * rijndael-alg-fst.c
 *
 * @version 3.0 (December 2000)
 *
 * Optimised ANSI C code for the Rijndael cipher (now AES)
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_core.c,v 1.13 2015/11/05 21:59:13 miod Exp $ */
/**
 * rijndael-alg-fst.c
 *
 * @version 3.0 (December 2000)
 *
 * Optimised ANSI C code for the Rijndael cipher (now AES)
 *
Changes to jni/libressl/crypto/aes/aes_ctr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_ctr.c,v 1.9 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_ecb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: aes_ecb.c,v 1.5 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_ecb.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_ige.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: aes_ige.c,v 1.6 2014/07/11 08:44:47 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_ige.c,v 1.7 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_locl.h,v 1.11 2016/12/21 15:49:29 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
57
58
59
60
61
62
63


64
65
66
67
68
69
70
71
72
73
74
75
76
77
78


79
#ifdef OPENSSL_NO_AES
#error AES is disabled.
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>



#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }

typedef unsigned int u32;
typedef unsigned short u16;
typedef unsigned char u8;

#define MAXKC   (256/32)
#define MAXKB   (256/8)
#define MAXNR   14

/* This controls loop-unrolling in aes_core.c */
#undef FULL_UNROLL



#endif /* !HEADER_AES_LOCL_H */







>
>















>
>

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#ifdef OPENSSL_NO_AES
#error AES is disabled.
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

__BEGIN_HIDDEN_DECLS

#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }

typedef unsigned int u32;
typedef unsigned short u16;
typedef unsigned char u8;

#define MAXKC   (256/32)
#define MAXKB   (256/8)
#define MAXNR   14

/* This controls loop-unrolling in aes_core.c */
#undef FULL_UNROLL

__END_HIDDEN_DECLS

#endif /* !HEADER_AES_LOCL_H */
Changes to jni/libressl/crypto/aes/aes_misc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: aes_misc.c,v 1.9 2014/07/09 09:10:07 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_misc.c,v 1.10 2014/07/09 11:10:50 bcook Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_ofb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_ofb.c,v 1.6 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/aes/aes_wrap.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: aes_wrap.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes_wrap.c,v 1.10 2015/09/10 15:56:24 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Added jni/libressl/crypto/aes/aesni-elf-x86_64.S.






















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
#include "x86_arch.h"
.text	
.globl	aesni_encrypt
.type	aesni_encrypt,@function
.align	16
aesni_encrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
.Loop_enc1_1:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	.Loop_enc1_1	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3
.size	aesni_encrypt,.-aesni_encrypt

.globl	aesni_decrypt
.type	aesni_decrypt,@function
.align	16
aesni_decrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
.Loop_dec1_2:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	.Loop_dec1_2	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3
.size	aesni_decrypt, .-aesni_decrypt
.type	_aesni_encrypt3,@function
.align	16
_aesni_encrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

.Lenc_loop3:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop3

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	.byte	0xf3,0xc3
.size	_aesni_encrypt3,.-_aesni_encrypt3
.type	_aesni_decrypt3,@function
.align	16
_aesni_decrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

.Ldec_loop3:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop3

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	.byte	0xf3,0xc3
.size	_aesni_decrypt3,.-_aesni_decrypt3
.type	_aesni_encrypt4,@function
.align	16
_aesni_encrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

.Lenc_loop4:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop4

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	.byte	0xf3,0xc3
.size	_aesni_encrypt4,.-_aesni_encrypt4
.type	_aesni_decrypt4,@function
.align	16
_aesni_decrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

.Ldec_loop4:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop4

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	.byte	0xf3,0xc3
.size	_aesni_decrypt4,.-_aesni_decrypt4
.type	_aesni_encrypt6,@function
.align	16
_aesni_encrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm7
	jmp	.Lenc_loop6_enter
.align	16
.Lenc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
.Lenc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop6

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	.byte	0xf3,0xc3
.size	_aesni_encrypt6,.-_aesni_encrypt6
.type	_aesni_decrypt6,@function
.align	16
_aesni_decrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm7
	jmp	.Ldec_loop6_enter
.align	16
.Ldec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
.Ldec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop6

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	.byte	0xf3,0xc3
.size	_aesni_decrypt6,.-_aesni_decrypt6
.type	_aesni_encrypt8,@function
.align	16
_aesni_encrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesenc	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	.Lenc_loop8_enter
.align	16
.Lenc_loop8:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
.Lenc_loop8_enter:
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	aesenc	%xmm0,%xmm8
	aesenc	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop8

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	aesenclast	%xmm0,%xmm8
	aesenclast	%xmm0,%xmm9
	.byte	0xf3,0xc3
.size	_aesni_encrypt8,.-_aesni_encrypt8
.type	_aesni_decrypt8,@function
.align	16
_aesni_decrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	.Ldec_loop8_enter
.align	16
.Ldec_loop8:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
.Ldec_loop8_enter:
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	aesdec	%xmm0,%xmm8
	aesdec	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop8

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	aesdeclast	%xmm0,%xmm8
	aesdeclast	%xmm0,%xmm9
	.byte	0xf3,0xc3
.size	_aesni_decrypt8,.-_aesni_decrypt8
.globl	aesni_ecb_encrypt
.type	aesni_ecb_encrypt,@function
.align	16
aesni_ecb_encrypt:
	andq	$-16,%rdx
	jz	.Lecb_ret

	movl	240(%rcx),%eax
	movups	(%rcx),%xmm0
	movq	%rcx,%r11
	movl	%eax,%r10d
	testl	%r8d,%r8d
	jz	.Lecb_decrypt

	cmpq	$128,%rdx
	jb	.Lecb_enc_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	.Lecb_enc_loop8_enter
.align	16
.Lecb_enc_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
.Lecb_enc_loop8_enter:

	call	_aesni_encrypt8

	subq	$128,%rdx
	jnc	.Lecb_enc_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	.Lecb_ret

.Lecb_enc_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	.Lecb_enc_one
	movups	16(%rdi),%xmm3
	je	.Lecb_enc_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	.Lecb_enc_three
	movups	48(%rdi),%xmm5
	je	.Lecb_enc_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	.Lecb_enc_five
	movups	80(%rdi),%xmm7
	je	.Lecb_enc_six
	movdqu	96(%rdi),%xmm8
	call	_aesni_encrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_3:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_3	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_three:
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_four:
	call	_aesni_encrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_five:
	xorps	%xmm7,%xmm7
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_six:
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	jmp	.Lecb_ret

.align	16
.Lecb_decrypt:
	cmpq	$128,%rdx
	jb	.Lecb_dec_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	.Lecb_dec_loop8_enter
.align	16
.Lecb_dec_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
.Lecb_dec_loop8_enter:

	call	_aesni_decrypt8

	movups	(%r11),%xmm0
	subq	$128,%rdx
	jnc	.Lecb_dec_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	.Lecb_ret

.Lecb_dec_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	.Lecb_dec_one
	movups	16(%rdi),%xmm3
	je	.Lecb_dec_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	.Lecb_dec_three
	movups	48(%rdi),%xmm5
	je	.Lecb_dec_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	.Lecb_dec_five
	movups	80(%rdi),%xmm7
	je	.Lecb_dec_six
	movups	96(%rdi),%xmm8
	movups	(%rcx),%xmm0
	call	_aesni_decrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_4:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_4	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_three:
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_four:
	call	_aesni_decrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_six:
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)

.Lecb_ret:
	.byte	0xf3,0xc3
.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
.globl	aesni_ccm64_encrypt_blocks
.type	aesni_ccm64_encrypt_blocks,@function
.align	16
aesni_ccm64_encrypt_blocks:
	movl	240(%rcx),%eax
	movdqu	(%r8),%xmm9
	movdqa	.Lincrement64(%rip),%xmm6
	movdqa	.Lbswap_mask(%rip),%xmm7

	shrl	$1,%eax
	leaq	0(%rcx),%r11
	movdqu	(%r9),%xmm3
	movdqa	%xmm9,%xmm2
	movl	%eax,%r10d
.byte	102,68,15,56,0,207
	jmp	.Lccm64_enc_outer
.align	16
.Lccm64_enc_outer:
	movups	(%r11),%xmm0
	movl	%r10d,%eax
	movups	(%rdi),%xmm8

	xorps	%xmm0,%xmm2
	movups	16(%r11),%xmm1
	xorps	%xmm8,%xmm0
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm3
	movups	(%rcx),%xmm0

.Lccm64_enc2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	.Lccm64_enc2_loop
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	paddq	%xmm6,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3

	decq	%rdx
	leaq	16(%rdi),%rdi
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215
	jnz	.Lccm64_enc_outer

	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3
.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
.globl	aesni_ccm64_decrypt_blocks
.type	aesni_ccm64_decrypt_blocks,@function
.align	16
aesni_ccm64_decrypt_blocks:
	movl	240(%rcx),%eax
	movups	(%r8),%xmm9
	movdqu	(%r9),%xmm3
	movdqa	.Lincrement64(%rip),%xmm6
	movdqa	.Lbswap_mask(%rip),%xmm7

	movaps	%xmm9,%xmm2
	movl	%eax,%r10d
	movq	%rcx,%r11
.byte	102,68,15,56,0,207
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_5:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_5	
	aesenclast	%xmm1,%xmm2
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	leaq	16(%rdi),%rdi
	jmp	.Lccm64_dec_outer
.align	16
.Lccm64_dec_outer:
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movl	%r10d,%eax
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215

	subq	$1,%rdx
	jz	.Lccm64_dec_break

	movups	(%r11),%xmm0
	shrl	$1,%eax
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm8,%xmm3
	movups	(%rcx),%xmm0

.Lccm64_dec2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	.Lccm64_dec2_loop
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	leaq	16(%rdi),%rdi
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	jmp	.Lccm64_dec_outer

.align	16
.Lccm64_dec_break:

	movups	(%r11),%xmm0
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%r11
	xorps	%xmm8,%xmm3
.Loop_enc1_6:
	aesenc	%xmm1,%xmm3
	decl	%eax
	movups	(%r11),%xmm1
	leaq	16(%r11),%r11
	jnz	.Loop_enc1_6	
	aesenclast	%xmm1,%xmm3
	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3
.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
.globl	aesni_ctr32_encrypt_blocks
.type	aesni_ctr32_encrypt_blocks,@function
.align	16
aesni_ctr32_encrypt_blocks:
	cmpq	$1,%rdx
	je	.Lctr32_one_shortcut

	movdqu	(%r8),%xmm14
	movdqa	.Lbswap_mask(%rip),%xmm15
	xorl	%eax,%eax
.byte	102,69,15,58,22,242,3
.byte	102,68,15,58,34,240,3

	movl	240(%rcx),%eax
	bswapl	%r10d
	pxor	%xmm12,%xmm12
	pxor	%xmm13,%xmm13
.byte	102,69,15,58,34,226,0
	leaq	3(%r10),%r11
.byte	102,69,15,58,34,235,0
	incl	%r10d
.byte	102,69,15,58,34,226,1
	incq	%r11
.byte	102,69,15,58,34,235,1
	incl	%r10d
.byte	102,69,15,58,34,226,2
	incq	%r11
.byte	102,69,15,58,34,235,2
	movdqa	%xmm12,-40(%rsp)
.byte	102,69,15,56,0,231
	movdqa	%xmm13,-24(%rsp)
.byte	102,69,15,56,0,239

	pshufd	$192,%xmm12,%xmm2
	pshufd	$128,%xmm12,%xmm3
	pshufd	$64,%xmm12,%xmm4
	cmpq	$6,%rdx
	jb	.Lctr32_tail
	shrl	$1,%eax
	movq	%rcx,%r11
	movl	%eax,%r10d
	subq	$6,%rdx
	jmp	.Lctr32_loop6

.align	16
.Lctr32_loop6:
	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm2
	movups	(%r11),%xmm0
	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm3
	movups	16(%r11),%xmm1
	pshufd	$64,%xmm13,%xmm7
	por	%xmm14,%xmm4
	por	%xmm14,%xmm5
	xorps	%xmm0,%xmm2
	por	%xmm14,%xmm6
	por	%xmm14,%xmm7




	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	movdqa	.Lincrement32(%rip),%xmm13
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	movdqa	-40(%rsp),%xmm12
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	jmp	.Lctr32_enc_loop6_enter
.align	16
.Lctr32_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
.Lctr32_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lctr32_enc_loop6

	aesenc	%xmm1,%xmm2
	paddd	%xmm13,%xmm12
	aesenc	%xmm1,%xmm3
	paddd	-24(%rsp),%xmm13
	aesenc	%xmm1,%xmm4
	movdqa	%xmm12,-40(%rsp)
	aesenc	%xmm1,%xmm5
	movdqa	%xmm13,-24(%rsp)
	aesenc	%xmm1,%xmm6
.byte	102,69,15,56,0,231
	aesenc	%xmm1,%xmm7
.byte	102,69,15,56,0,239

	aesenclast	%xmm0,%xmm2
	movups	(%rdi),%xmm8
	aesenclast	%xmm0,%xmm3
	movups	16(%rdi),%xmm9
	aesenclast	%xmm0,%xmm4
	movups	32(%rdi),%xmm10
	aesenclast	%xmm0,%xmm5
	movups	48(%rdi),%xmm11
	aesenclast	%xmm0,%xmm6
	movups	64(%rdi),%xmm1
	aesenclast	%xmm0,%xmm7
	movups	80(%rdi),%xmm0
	leaq	96(%rdi),%rdi

	xorps	%xmm2,%xmm8
	pshufd	$192,%xmm12,%xmm2
	xorps	%xmm3,%xmm9
	pshufd	$128,%xmm12,%xmm3
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	pshufd	$64,%xmm12,%xmm4
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	xorps	%xmm7,%xmm0
	movups	%xmm1,64(%rsi)
	movups	%xmm0,80(%rsi)
	leaq	96(%rsi),%rsi
	movl	%r10d,%eax
	subq	$6,%rdx
	jnc	.Lctr32_loop6

	addq	$6,%rdx
	jz	.Lctr32_done
	movq	%r11,%rcx
	leal	1(%rax,%rax,1),%eax

.Lctr32_tail:
	por	%xmm14,%xmm2
	movups	(%rdi),%xmm8
	cmpq	$2,%rdx
	jb	.Lctr32_one

	por	%xmm14,%xmm3
	movups	16(%rdi),%xmm9
	je	.Lctr32_two

	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm4
	movups	32(%rdi),%xmm10
	cmpq	$4,%rdx
	jb	.Lctr32_three

	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm5
	movups	48(%rdi),%xmm11
	je	.Lctr32_four

	por	%xmm14,%xmm6
	xorps	%xmm7,%xmm7

	call	_aesni_encrypt6

	movups	64(%rdi),%xmm1
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	movups	%xmm1,64(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_one_shortcut:
	movups	(%r8),%xmm2
	movups	(%rdi),%xmm8
	movl	240(%rcx),%eax
.Lctr32_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_7:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_7	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm2,%xmm8
	movups	%xmm8,(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	movups	%xmm9,16(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_three:
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	movups	%xmm10,32(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_four:
	call	_aesni_encrypt4
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	movups	%xmm11,48(%rsi)

.Lctr32_done:
	.byte	0xf3,0xc3
.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
.globl	aesni_xts_encrypt
.type	aesni_xts_encrypt,@function
.align	16
aesni_xts_encrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
.Loop_enc1_8:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	.Loop_enc1_8	
	aesenclast	%xmm1,%xmm15
	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	.Lxts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	.Lxts_enc_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	.Lxts_enc_grandloop

.align	16
.Lxts_enc_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesenc	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesenc	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	.Lxts_enc_loop6_enter

.align	16
.Lxts_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
.Lxts_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lxts_enc_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesenc	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesenclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	.Lxts_enc_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

.Lxts_enc_short:
	addq	$96,%rdx
	jz	.Lxts_enc_done

	cmpq	$32,%rdx
	jb	.Lxts_enc_one
	je	.Lxts_enc_two

	cmpq	$64,%rdx
	jb	.Lxts_enc_three
	je	.Lxts_enc_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_encrypt6

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	movdqu	%xmm5,48(%rsi)
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_9:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_9	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	leaq	16(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_four:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_encrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_done:
	andq	$15,%r9
	jz	.Lxts_enc_ret
	movq	%r9,%rdx

.Lxts_enc_steal:
	movzbl	(%rdi),%eax
	movzbl	-16(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,-16(%rsi)
	movb	%cl,0(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	.Lxts_enc_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	-16(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_10:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_10	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,-16(%rsi)

.Lxts_enc_ret:
	leaq	104(%rsp),%rsp
.Lxts_enc_epilogue:
	.byte	0xf3,0xc3
.size	aesni_xts_encrypt,.-aesni_xts_encrypt
.globl	aesni_xts_decrypt
.type	aesni_xts_decrypt,@function
.align	16
aesni_xts_decrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
.Loop_enc1_11:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	.Loop_enc1_11	
	aesenclast	%xmm1,%xmm15
	xorl	%eax,%eax
	testq	$15,%rdx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%rdx

	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	.Lxts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	.Lxts_dec_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	.Lxts_dec_grandloop

.align	16
.Lxts_dec_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesdec	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesdec	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesdec	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	.Lxts_dec_loop6_enter

.align	16
.Lxts_dec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
.Lxts_dec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lxts_dec_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesdec	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesdeclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdeclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdeclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	.Lxts_dec_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

.Lxts_dec_short:
	addq	$96,%rdx
	jz	.Lxts_dec_done

	cmpq	$32,%rdx
	jb	.Lxts_dec_one
	je	.Lxts_dec_two

	cmpq	$64,%rdx
	jb	.Lxts_dec_three
	je	.Lxts_dec_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_decrypt6

	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	pxor	%xmm14,%xmm14
	movdqu	%xmm5,48(%rsi)
	pcmpgtd	%xmm15,%xmm14
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	pshufd	$19,%xmm14,%xmm11
	andq	$15,%r9
	jz	.Lxts_dec_ret

	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm11
	pxor	%xmm15,%xmm11
	jmp	.Lxts_dec_done2

.align	16
.Lxts_dec_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_12:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_12	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	movdqa	%xmm12,%xmm11
	leaq	16(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm13,%xmm11
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_four:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movups	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movups	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_decrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm14,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_done:
	andq	$15,%r9
	jz	.Lxts_dec_ret
.Lxts_dec_done2:
	movq	%r9,%rdx
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rdi),%xmm2
	xorps	%xmm11,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_13:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_13	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm11,%xmm2
	movups	%xmm2,(%rsi)

.Lxts_dec_steal:
	movzbl	16(%rdi),%eax
	movzbl	(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,(%rsi)
	movb	%cl,16(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	.Lxts_dec_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_14:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_14	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,(%rsi)

.Lxts_dec_ret:
	leaq	104(%rsp),%rsp
.Lxts_dec_epilogue:
	.byte	0xf3,0xc3
.size	aesni_xts_decrypt,.-aesni_xts_decrypt
.globl	aesni_cbc_encrypt
.type	aesni_cbc_encrypt,@function
.align	16
aesni_cbc_encrypt:
	testq	%rdx,%rdx
	jz	.Lcbc_ret

	movl	240(%rcx),%r10d
	movq	%rcx,%r11
	testl	%r9d,%r9d
	jz	.Lcbc_decrypt

	movups	(%r8),%xmm2
	movl	%r10d,%eax
	cmpq	$16,%rdx
	jb	.Lcbc_enc_tail
	subq	$16,%rdx
	jmp	.Lcbc_enc_loop
.align	16
.Lcbc_enc_loop:
	movups	(%rdi),%xmm3
	leaq	16(%rdi),%rdi

	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	xorps	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	xorps	%xmm3,%xmm2
.Loop_enc1_15:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_15	
	aesenclast	%xmm1,%xmm2
	movl	%r10d,%eax
	movq	%r11,%rcx
	movups	%xmm2,0(%rsi)
	leaq	16(%rsi),%rsi
	subq	$16,%rdx
	jnc	.Lcbc_enc_loop
	addq	$16,%rdx
	jnz	.Lcbc_enc_tail
	movups	%xmm2,(%r8)
	jmp	.Lcbc_ret

.Lcbc_enc_tail:
	movq	%rdx,%rcx
	xchgq	%rdi,%rsi
.long	0x9066A4F3	
	movl	$16,%ecx
	subq	%rdx,%rcx
	xorl	%eax,%eax
.long	0x9066AAF3	
	leaq	-16(%rdi),%rdi
	movl	%r10d,%eax
	movq	%rdi,%rsi
	movq	%r11,%rcx
	xorq	%rdx,%rdx
	jmp	.Lcbc_enc_loop	

.align	16
.Lcbc_decrypt:
	movups	(%r8),%xmm9
	movl	%r10d,%eax
	cmpq	$112,%rdx
	jbe	.Lcbc_dec_tail
	shrl	$1,%r10d
	subq	$112,%rdx
	movl	%r10d,%eax
	movaps	%xmm9,-24(%rsp)
	jmp	.Lcbc_dec_loop8_enter
.align	16
.Lcbc_dec_loop8:
	movaps	%xmm0,-24(%rsp)
	movups	%xmm9,(%rsi)
	leaq	16(%rsi),%rsi
.Lcbc_dec_loop8_enter:
	movups	(%rcx),%xmm0
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	16(%rcx),%xmm1

	leaq	32(%rcx),%rcx
	movdqu	32(%rdi),%xmm4
	xorps	%xmm0,%xmm2
	movdqu	48(%rdi),%xmm5
	xorps	%xmm0,%xmm3
	movdqu	64(%rdi),%xmm6
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	movdqu	80(%rdi),%xmm7
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqu	96(%rdi),%xmm8
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqu	112(%rdi),%xmm9
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1

	call	.Ldec_loop8_enter

	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm1
	xorps	%xmm0,%xmm8
	movups	112(%rdi),%xmm0
	xorps	%xmm1,%xmm9
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movq	%r11,%rcx
	movups	%xmm7,80(%rsi)
	leaq	128(%rdi),%rdi
	movups	%xmm8,96(%rsi)
	leaq	112(%rsi),%rsi
	subq	$128,%rdx
	ja	.Lcbc_dec_loop8

	movaps	%xmm9,%xmm2
	movaps	%xmm0,%xmm9
	addq	$112,%rdx
	jle	.Lcbc_dec_tail_collected
	movups	%xmm2,(%rsi)
	leal	1(%r10,%r10,1),%eax
	leaq	16(%rsi),%rsi
.Lcbc_dec_tail:
	movups	(%rdi),%xmm2
	movaps	%xmm2,%xmm8
	cmpq	$16,%rdx
	jbe	.Lcbc_dec_one

	movups	16(%rdi),%xmm3
	movaps	%xmm3,%xmm7
	cmpq	$32,%rdx
	jbe	.Lcbc_dec_two

	movups	32(%rdi),%xmm4
	movaps	%xmm4,%xmm6
	cmpq	$48,%rdx
	jbe	.Lcbc_dec_three

	movups	48(%rdi),%xmm5
	cmpq	$64,%rdx
	jbe	.Lcbc_dec_four

	movups	64(%rdi),%xmm6
	cmpq	$80,%rdx
	jbe	.Lcbc_dec_five

	movups	80(%rdi),%xmm7
	cmpq	$96,%rdx
	jbe	.Lcbc_dec_six

	movups	96(%rdi),%xmm8
	movaps	%xmm9,-24(%rsp)
	call	_aesni_decrypt8
	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm9
	xorps	%xmm0,%xmm8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	movaps	%xmm8,%xmm2
	subq	$112,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_16:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_16	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm9,%xmm2
	movaps	%xmm8,%xmm9
	subq	$16,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	movaps	%xmm7,%xmm9
	movaps	%xmm3,%xmm2
	leaq	16(%rsi),%rsi
	subq	$32,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_three:
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	movaps	%xmm6,%xmm9
	movaps	%xmm4,%xmm2
	leaq	32(%rsi),%rsi
	subq	$48,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_four:
	call	_aesni_decrypt4
	xorps	%xmm9,%xmm2
	movups	48(%rdi),%xmm9
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	xorps	%xmm6,%xmm5
	movups	%xmm4,32(%rsi)
	movaps	%xmm5,%xmm2
	leaq	48(%rsi),%rsi
	subq	$64,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm9
	xorps	%xmm1,%xmm6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	movaps	%xmm6,%xmm2
	subq	$80,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_six:
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm0
	xorps	%xmm1,%xmm6
	movups	80(%rdi),%xmm9
	xorps	%xmm0,%xmm7
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	movaps	%xmm7,%xmm2
	subq	$96,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_tail_collected:
	andq	$15,%rdx
	movups	%xmm9,(%r8)
	jnz	.Lcbc_dec_tail_partial
	movups	%xmm2,(%rsi)
	jmp	.Lcbc_dec_ret
.align	16
.Lcbc_dec_tail_partial:
	movaps	%xmm2,-24(%rsp)
	movq	$16,%rcx
	movq	%rsi,%rdi
	subq	%rdx,%rcx
	leaq	-24(%rsp),%rsi
.long	0x9066A4F3	

.Lcbc_dec_ret:
.Lcbc_ret:
	.byte	0xf3,0xc3
.size	aesni_cbc_encrypt,.-aesni_cbc_encrypt
.globl	aesni_set_decrypt_key
.type	aesni_set_decrypt_key,@function
.align	16
aesni_set_decrypt_key:
	subq	$8,%rsp
	call	__aesni_set_encrypt_key
	shll	$4,%esi
	testl	%eax,%eax
	jnz	.Ldec_key_ret
	leaq	16(%rdx,%rsi,1),%rdi

	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	movups	%xmm0,(%rdi)
	movups	%xmm1,(%rdx)
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi

.Ldec_key_inverse:
	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	aesimc	%xmm0,%xmm0
	aesimc	%xmm1,%xmm1
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi
	movups	%xmm0,16(%rdi)
	movups	%xmm1,-16(%rdx)
	cmpq	%rdx,%rdi
	ja	.Ldec_key_inverse

	movups	(%rdx),%xmm0
	aesimc	%xmm0,%xmm0
	movups	%xmm0,(%rdi)
.Ldec_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
.LSEH_end_set_decrypt_key:
.size	aesni_set_decrypt_key,.-aesni_set_decrypt_key
.globl	aesni_set_encrypt_key
.type	aesni_set_encrypt_key,@function
.align	16
aesni_set_encrypt_key:
__aesni_set_encrypt_key:
	subq	$8,%rsp
	movq	$-1,%rax
	testq	%rdi,%rdi
	jz	.Lenc_key_ret
	testq	%rdx,%rdx
	jz	.Lenc_key_ret

	movups	(%rdi),%xmm0
	xorps	%xmm4,%xmm4
	leaq	16(%rdx),%rax
	cmpl	$256,%esi
	je	.L14rounds
	cmpl	$192,%esi
	je	.L12rounds
	cmpl	$128,%esi
	jne	.Lbad_keybits

.L10rounds:
	movl	$9,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm0,%xmm1
	call	.Lkey_expansion_128_cold
	aeskeygenassist	$2,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$4,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$8,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$16,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$32,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$64,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$128,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$27,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$54,%xmm0,%xmm1
	call	.Lkey_expansion_128
	movups	%xmm0,(%rax)
	movl	%esi,80(%rax)
	xorl	%eax,%eax
	jmp	.Lenc_key_ret

.align	16
.L12rounds:
	movq	16(%rdi),%xmm2
	movl	$11,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	.Lkey_expansion_192a_cold
	aeskeygenassist	$2,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	.Lkey_expansion_192a
	aeskeygenassist	$8,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	.Lkey_expansion_192a
	aeskeygenassist	$32,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	.Lkey_expansion_192a
	aeskeygenassist	$128,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	movups	%xmm0,(%rax)
	movl	%esi,48(%rax)
	xorq	%rax,%rax
	jmp	.Lenc_key_ret

.align	16
.L14rounds:
	movups	16(%rdi),%xmm2
	movl	$13,%esi
	leaq	16(%rax),%rax
	movups	%xmm0,(%rdx)
	movups	%xmm2,16(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	.Lkey_expansion_256a_cold
	aeskeygenassist	$1,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$2,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$2,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$4,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$8,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$8,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$16,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$32,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$32,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	movups	%xmm0,(%rax)
	movl	%esi,16(%rax)
	xorq	%rax,%rax
	jmp	.Lenc_key_ret

.align	16
.Lbad_keybits:
	movq	$-2,%rax
.Lenc_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
.LSEH_end_set_encrypt_key:

.align	16
.Lkey_expansion_128:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
.Lkey_expansion_128_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.align	16
.Lkey_expansion_192a:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
.Lkey_expansion_192a_cold:
	movaps	%xmm2,%xmm5
.Lkey_expansion_192b_warm:
	shufps	$16,%xmm0,%xmm4
	movdqa	%xmm2,%xmm3
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	pslldq	$4,%xmm3
	xorps	%xmm4,%xmm0
	pshufd	$85,%xmm1,%xmm1
	pxor	%xmm3,%xmm2
	pxor	%xmm1,%xmm0
	pshufd	$255,%xmm0,%xmm3
	pxor	%xmm3,%xmm2
	.byte	0xf3,0xc3

.align	16
.Lkey_expansion_192b:
	movaps	%xmm0,%xmm3
	shufps	$68,%xmm0,%xmm5
	movups	%xmm5,(%rax)
	shufps	$78,%xmm2,%xmm3
	movups	%xmm3,16(%rax)
	leaq	32(%rax),%rax
	jmp	.Lkey_expansion_192b_warm

.align	16
.Lkey_expansion_256a:
	movups	%xmm2,(%rax)
	leaq	16(%rax),%rax
.Lkey_expansion_256a_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.align	16
.Lkey_expansion_256b:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax

	shufps	$16,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$140,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$170,%xmm1,%xmm1
	xorps	%xmm1,%xmm2
	.byte	0xf3,0xc3
.size	aesni_set_encrypt_key,.-aesni_set_encrypt_key
.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
.align	64
.Lbswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
.Lincrement32:
.long	6,6,6,0
.Lincrement64:
.long	1,0,0,0
.Lxts_magic:
.long	0x87,0,1,0

.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/aes/aesni-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
.text	
.globl	aesni_encrypt
.type	aesni_encrypt,@function
.align	16
aesni_encrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
.Loop_enc1_1:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	.Loop_enc1_1	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3
.size	aesni_encrypt,.-aesni_encrypt

.globl	aesni_decrypt
.type	aesni_decrypt,@function
.align	16
aesni_decrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
.Loop_dec1_2:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	.Loop_dec1_2	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3
.size	aesni_decrypt, .-aesni_decrypt
.type	_aesni_encrypt3,@function
.align	16
_aesni_encrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

.Lenc_loop3:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop3

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	.byte	0xf3,0xc3
.size	_aesni_encrypt3,.-_aesni_encrypt3
.type	_aesni_decrypt3,@function
.align	16
_aesni_decrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

.Ldec_loop3:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop3

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	.byte	0xf3,0xc3
.size	_aesni_decrypt3,.-_aesni_decrypt3
.type	_aesni_encrypt4,@function
.align	16
_aesni_encrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

.Lenc_loop4:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop4

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	.byte	0xf3,0xc3
.size	_aesni_encrypt4,.-_aesni_encrypt4
.type	_aesni_decrypt4,@function
.align	16
_aesni_decrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

.Ldec_loop4:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop4

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	.byte	0xf3,0xc3
.size	_aesni_decrypt4,.-_aesni_decrypt4
.type	_aesni_encrypt6,@function
.align	16
_aesni_encrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm7
	jmp	.Lenc_loop6_enter
.align	16
.Lenc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
.Lenc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop6

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	.byte	0xf3,0xc3
.size	_aesni_encrypt6,.-_aesni_encrypt6
.type	_aesni_decrypt6,@function
.align	16
_aesni_decrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm7
	jmp	.Ldec_loop6_enter
.align	16
.Ldec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
.Ldec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop6

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	.byte	0xf3,0xc3
.size	_aesni_decrypt6,.-_aesni_decrypt6
.type	_aesni_encrypt8,@function
.align	16
_aesni_encrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesenc	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	.Lenc_loop8_enter
.align	16
.Lenc_loop8:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
.Lenc_loop8_enter:
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	aesenc	%xmm0,%xmm8
	aesenc	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	.Lenc_loop8

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	aesenclast	%xmm0,%xmm8
	aesenclast	%xmm0,%xmm9
	.byte	0xf3,0xc3
.size	_aesni_encrypt8,.-_aesni_encrypt8
.type	_aesni_decrypt8,@function
.align	16
_aesni_decrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	.Ldec_loop8_enter
.align	16
.Ldec_loop8:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
.Ldec_loop8_enter:
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	aesdec	%xmm0,%xmm8
	aesdec	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	.Ldec_loop8

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	aesdeclast	%xmm0,%xmm8
	aesdeclast	%xmm0,%xmm9
	.byte	0xf3,0xc3
.size	_aesni_decrypt8,.-_aesni_decrypt8
.globl	aesni_ecb_encrypt
.type	aesni_ecb_encrypt,@function
.align	16
aesni_ecb_encrypt:
	andq	$-16,%rdx
	jz	.Lecb_ret

	movl	240(%rcx),%eax
	movups	(%rcx),%xmm0
	movq	%rcx,%r11
	movl	%eax,%r10d
	testl	%r8d,%r8d
	jz	.Lecb_decrypt

	cmpq	$128,%rdx
	jb	.Lecb_enc_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	.Lecb_enc_loop8_enter
.align	16
.Lecb_enc_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
.Lecb_enc_loop8_enter:

	call	_aesni_encrypt8

	subq	$128,%rdx
	jnc	.Lecb_enc_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	.Lecb_ret

.Lecb_enc_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	.Lecb_enc_one
	movups	16(%rdi),%xmm3
	je	.Lecb_enc_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	.Lecb_enc_three
	movups	48(%rdi),%xmm5
	je	.Lecb_enc_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	.Lecb_enc_five
	movups	80(%rdi),%xmm7
	je	.Lecb_enc_six
	movdqu	96(%rdi),%xmm8
	call	_aesni_encrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_3:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_3	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_three:
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_four:
	call	_aesni_encrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_five:
	xorps	%xmm7,%xmm7
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_enc_six:
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	jmp	.Lecb_ret

.align	16
.Lecb_decrypt:
	cmpq	$128,%rdx
	jb	.Lecb_dec_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	.Lecb_dec_loop8_enter
.align	16
.Lecb_dec_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
.Lecb_dec_loop8_enter:

	call	_aesni_decrypt8

	movups	(%r11),%xmm0
	subq	$128,%rdx
	jnc	.Lecb_dec_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	.Lecb_ret

.Lecb_dec_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	.Lecb_dec_one
	movups	16(%rdi),%xmm3
	je	.Lecb_dec_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	.Lecb_dec_three
	movups	48(%rdi),%xmm5
	je	.Lecb_dec_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	.Lecb_dec_five
	movups	80(%rdi),%xmm7
	je	.Lecb_dec_six
	movups	96(%rdi),%xmm8
	movups	(%rcx),%xmm0
	call	_aesni_decrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_4:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_4	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_three:
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_four:
	call	_aesni_decrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	.Lecb_ret
.align	16
.Lecb_dec_six:
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)

.Lecb_ret:
	.byte	0xf3,0xc3
.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
.globl	aesni_ccm64_encrypt_blocks
.type	aesni_ccm64_encrypt_blocks,@function
.align	16
aesni_ccm64_encrypt_blocks:
	movl	240(%rcx),%eax
	movdqu	(%r8),%xmm9
	movdqa	.Lincrement64(%rip),%xmm6
	movdqa	.Lbswap_mask(%rip),%xmm7

	shrl	$1,%eax
	leaq	0(%rcx),%r11
	movdqu	(%r9),%xmm3
	movdqa	%xmm9,%xmm2
	movl	%eax,%r10d
.byte	102,68,15,56,0,207
	jmp	.Lccm64_enc_outer
.align	16
.Lccm64_enc_outer:
	movups	(%r11),%xmm0
	movl	%r10d,%eax
	movups	(%rdi),%xmm8

	xorps	%xmm0,%xmm2
	movups	16(%r11),%xmm1
	xorps	%xmm8,%xmm0
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm3
	movups	(%rcx),%xmm0

.Lccm64_enc2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	.Lccm64_enc2_loop
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	paddq	%xmm6,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3

	decq	%rdx
	leaq	16(%rdi),%rdi
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215
	jnz	.Lccm64_enc_outer

	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3
.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
.globl	aesni_ccm64_decrypt_blocks
.type	aesni_ccm64_decrypt_blocks,@function
.align	16
aesni_ccm64_decrypt_blocks:
	movl	240(%rcx),%eax
	movups	(%r8),%xmm9
	movdqu	(%r9),%xmm3
	movdqa	.Lincrement64(%rip),%xmm6
	movdqa	.Lbswap_mask(%rip),%xmm7

	movaps	%xmm9,%xmm2
	movl	%eax,%r10d
	movq	%rcx,%r11
.byte	102,68,15,56,0,207
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_5:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_5	
	aesenclast	%xmm1,%xmm2
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	leaq	16(%rdi),%rdi
	jmp	.Lccm64_dec_outer
.align	16
.Lccm64_dec_outer:
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movl	%r10d,%eax
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215

	subq	$1,%rdx
	jz	.Lccm64_dec_break

	movups	(%r11),%xmm0
	shrl	$1,%eax
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm8,%xmm3
	movups	(%rcx),%xmm0

.Lccm64_dec2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	.Lccm64_dec2_loop
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	leaq	16(%rdi),%rdi
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	jmp	.Lccm64_dec_outer

.align	16
.Lccm64_dec_break:

	movups	(%r11),%xmm0
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%r11
	xorps	%xmm8,%xmm3
.Loop_enc1_6:
	aesenc	%xmm1,%xmm3
	decl	%eax
	movups	(%r11),%xmm1
	leaq	16(%r11),%r11
	jnz	.Loop_enc1_6	
	aesenclast	%xmm1,%xmm3
	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3
.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
.globl	aesni_ctr32_encrypt_blocks
.type	aesni_ctr32_encrypt_blocks,@function
.align	16
aesni_ctr32_encrypt_blocks:
	cmpq	$1,%rdx
	je	.Lctr32_one_shortcut

	movdqu	(%r8),%xmm14
	movdqa	.Lbswap_mask(%rip),%xmm15
	xorl	%eax,%eax
.byte	102,69,15,58,22,242,3
.byte	102,68,15,58,34,240,3

	movl	240(%rcx),%eax
	bswapl	%r10d
	pxor	%xmm12,%xmm12
	pxor	%xmm13,%xmm13
.byte	102,69,15,58,34,226,0
	leaq	3(%r10),%r11
.byte	102,69,15,58,34,235,0
	incl	%r10d
.byte	102,69,15,58,34,226,1
	incq	%r11
.byte	102,69,15,58,34,235,1
	incl	%r10d
.byte	102,69,15,58,34,226,2
	incq	%r11
.byte	102,69,15,58,34,235,2
	movdqa	%xmm12,-40(%rsp)
.byte	102,69,15,56,0,231
	movdqa	%xmm13,-24(%rsp)
.byte	102,69,15,56,0,239

	pshufd	$192,%xmm12,%xmm2
	pshufd	$128,%xmm12,%xmm3
	pshufd	$64,%xmm12,%xmm4
	cmpq	$6,%rdx
	jb	.Lctr32_tail
	shrl	$1,%eax
	movq	%rcx,%r11
	movl	%eax,%r10d
	subq	$6,%rdx
	jmp	.Lctr32_loop6

.align	16
.Lctr32_loop6:
	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm2
	movups	(%r11),%xmm0
	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm3
	movups	16(%r11),%xmm1
	pshufd	$64,%xmm13,%xmm7
	por	%xmm14,%xmm4
	por	%xmm14,%xmm5
	xorps	%xmm0,%xmm2
	por	%xmm14,%xmm6
	por	%xmm14,%xmm7




	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	movdqa	.Lincrement32(%rip),%xmm13
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	movdqa	-40(%rsp),%xmm12
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	jmp	.Lctr32_enc_loop6_enter
.align	16
.Lctr32_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
.Lctr32_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lctr32_enc_loop6

	aesenc	%xmm1,%xmm2
	paddd	%xmm13,%xmm12
	aesenc	%xmm1,%xmm3
	paddd	-24(%rsp),%xmm13
	aesenc	%xmm1,%xmm4
	movdqa	%xmm12,-40(%rsp)
	aesenc	%xmm1,%xmm5
	movdqa	%xmm13,-24(%rsp)
	aesenc	%xmm1,%xmm6
.byte	102,69,15,56,0,231
	aesenc	%xmm1,%xmm7
.byte	102,69,15,56,0,239

	aesenclast	%xmm0,%xmm2
	movups	(%rdi),%xmm8
	aesenclast	%xmm0,%xmm3
	movups	16(%rdi),%xmm9
	aesenclast	%xmm0,%xmm4
	movups	32(%rdi),%xmm10
	aesenclast	%xmm0,%xmm5
	movups	48(%rdi),%xmm11
	aesenclast	%xmm0,%xmm6
	movups	64(%rdi),%xmm1
	aesenclast	%xmm0,%xmm7
	movups	80(%rdi),%xmm0
	leaq	96(%rdi),%rdi

	xorps	%xmm2,%xmm8
	pshufd	$192,%xmm12,%xmm2
	xorps	%xmm3,%xmm9
	pshufd	$128,%xmm12,%xmm3
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	pshufd	$64,%xmm12,%xmm4
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	xorps	%xmm7,%xmm0
	movups	%xmm1,64(%rsi)
	movups	%xmm0,80(%rsi)
	leaq	96(%rsi),%rsi
	movl	%r10d,%eax
	subq	$6,%rdx
	jnc	.Lctr32_loop6

	addq	$6,%rdx
	jz	.Lctr32_done
	movq	%r11,%rcx
	leal	1(%rax,%rax,1),%eax

.Lctr32_tail:
	por	%xmm14,%xmm2
	movups	(%rdi),%xmm8
	cmpq	$2,%rdx
	jb	.Lctr32_one

	por	%xmm14,%xmm3
	movups	16(%rdi),%xmm9
	je	.Lctr32_two

	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm4
	movups	32(%rdi),%xmm10
	cmpq	$4,%rdx
	jb	.Lctr32_three

	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm5
	movups	48(%rdi),%xmm11
	je	.Lctr32_four

	por	%xmm14,%xmm6
	xorps	%xmm7,%xmm7

	call	_aesni_encrypt6

	movups	64(%rdi),%xmm1
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	movups	%xmm1,64(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_one_shortcut:
	movups	(%r8),%xmm2
	movups	(%rdi),%xmm8
	movl	240(%rcx),%eax
.Lctr32_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_7:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_7	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm2,%xmm8
	movups	%xmm8,(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	movups	%xmm9,16(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_three:
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	movups	%xmm10,32(%rsi)
	jmp	.Lctr32_done

.align	16
.Lctr32_four:
	call	_aesni_encrypt4
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	movups	%xmm11,48(%rsi)

.Lctr32_done:
	.byte	0xf3,0xc3
.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
.globl	aesni_xts_encrypt
.type	aesni_xts_encrypt,@function
.align	16
aesni_xts_encrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
.Loop_enc1_8:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	.Loop_enc1_8	
	aesenclast	%xmm1,%xmm15
	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	.Lxts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	.Lxts_enc_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	.Lxts_enc_grandloop

.align	16
.Lxts_enc_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesenc	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesenc	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	.Lxts_enc_loop6_enter

.align	16
.Lxts_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
.Lxts_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lxts_enc_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesenc	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesenclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	.Lxts_enc_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

.Lxts_enc_short:
	addq	$96,%rdx
	jz	.Lxts_enc_done

	cmpq	$32,%rdx
	jb	.Lxts_enc_one
	je	.Lxts_enc_two

	cmpq	$64,%rdx
	jb	.Lxts_enc_three
	je	.Lxts_enc_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_encrypt6

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	movdqu	%xmm5,48(%rsi)
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_9:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_9	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	leaq	16(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_four:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_encrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	.Lxts_enc_done

.align	16
.Lxts_enc_done:
	andq	$15,%r9
	jz	.Lxts_enc_ret
	movq	%r9,%rdx

.Lxts_enc_steal:
	movzbl	(%rdi),%eax
	movzbl	-16(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,-16(%rsi)
	movb	%cl,0(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	.Lxts_enc_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	-16(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_enc1_10:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_10	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,-16(%rsi)

.Lxts_enc_ret:
	leaq	104(%rsp),%rsp
.Lxts_enc_epilogue:
	.byte	0xf3,0xc3
.size	aesni_xts_encrypt,.-aesni_xts_encrypt
.globl	aesni_xts_decrypt
.type	aesni_xts_decrypt,@function
.align	16
aesni_xts_decrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
.Loop_enc1_11:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	.Loop_enc1_11	
	aesenclast	%xmm1,%xmm15
	xorl	%eax,%eax
	testq	$15,%rdx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%rdx

	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	.Lxts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	.Lxts_dec_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	.Lxts_dec_grandloop

.align	16
.Lxts_dec_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesdec	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesdec	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesdec	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	.Lxts_dec_loop6_enter

.align	16
.Lxts_dec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
.Lxts_dec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	.Lxts_dec_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesdec	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesdeclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdeclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdeclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	.Lxts_dec_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

.Lxts_dec_short:
	addq	$96,%rdx
	jz	.Lxts_dec_done

	cmpq	$32,%rdx
	jb	.Lxts_dec_one
	je	.Lxts_dec_two

	cmpq	$64,%rdx
	jb	.Lxts_dec_three
	je	.Lxts_dec_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_decrypt6

	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	pxor	%xmm14,%xmm14
	movdqu	%xmm5,48(%rsi)
	pcmpgtd	%xmm15,%xmm14
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	pshufd	$19,%xmm14,%xmm11
	andq	$15,%r9
	jz	.Lxts_dec_ret

	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm11
	pxor	%xmm15,%xmm11
	jmp	.Lxts_dec_done2

.align	16
.Lxts_dec_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_12:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_12	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	movdqa	%xmm12,%xmm11
	leaq	16(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm13,%xmm11
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_four:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movups	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movups	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_decrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm14,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	.Lxts_dec_done

.align	16
.Lxts_dec_done:
	andq	$15,%r9
	jz	.Lxts_dec_ret
.Lxts_dec_done2:
	movq	%r9,%rdx
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rdi),%xmm2
	xorps	%xmm11,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_13:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_13	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm11,%xmm2
	movups	%xmm2,(%rsi)

.Lxts_dec_steal:
	movzbl	16(%rdi),%eax
	movzbl	(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,(%rsi)
	movb	%cl,16(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	.Lxts_dec_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_14:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_14	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,(%rsi)

.Lxts_dec_ret:
	leaq	104(%rsp),%rsp
.Lxts_dec_epilogue:
	.byte	0xf3,0xc3
.size	aesni_xts_decrypt,.-aesni_xts_decrypt
.globl	aesni_cbc_encrypt
.type	aesni_cbc_encrypt,@function
.align	16
aesni_cbc_encrypt:
	testq	%rdx,%rdx
	jz	.Lcbc_ret

	movl	240(%rcx),%r10d
	movq	%rcx,%r11
	testl	%r9d,%r9d
	jz	.Lcbc_decrypt

	movups	(%r8),%xmm2
	movl	%r10d,%eax
	cmpq	$16,%rdx
	jb	.Lcbc_enc_tail
	subq	$16,%rdx
	jmp	.Lcbc_enc_loop
.align	16
.Lcbc_enc_loop:
	movups	(%rdi),%xmm3
	leaq	16(%rdi),%rdi

	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	xorps	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	xorps	%xmm3,%xmm2
.Loop_enc1_15:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_enc1_15	
	aesenclast	%xmm1,%xmm2
	movl	%r10d,%eax
	movq	%r11,%rcx
	movups	%xmm2,0(%rsi)
	leaq	16(%rsi),%rsi
	subq	$16,%rdx
	jnc	.Lcbc_enc_loop
	addq	$16,%rdx
	jnz	.Lcbc_enc_tail
	movups	%xmm2,(%r8)
	jmp	.Lcbc_ret

.Lcbc_enc_tail:
	movq	%rdx,%rcx
	xchgq	%rdi,%rsi
.long	0x9066A4F3	
	movl	$16,%ecx
	subq	%rdx,%rcx
	xorl	%eax,%eax
.long	0x9066AAF3	
	leaq	-16(%rdi),%rdi
	movl	%r10d,%eax
	movq	%rdi,%rsi
	movq	%r11,%rcx
	xorq	%rdx,%rdx
	jmp	.Lcbc_enc_loop	

.align	16
.Lcbc_decrypt:
	movups	(%r8),%xmm9
	movl	%r10d,%eax
	cmpq	$112,%rdx
	jbe	.Lcbc_dec_tail
	shrl	$1,%r10d
	subq	$112,%rdx
	movl	%r10d,%eax
	movaps	%xmm9,-24(%rsp)
	jmp	.Lcbc_dec_loop8_enter
.align	16
.Lcbc_dec_loop8:
	movaps	%xmm0,-24(%rsp)
	movups	%xmm9,(%rsi)
	leaq	16(%rsi),%rsi
.Lcbc_dec_loop8_enter:
	movups	(%rcx),%xmm0
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	16(%rcx),%xmm1

	leaq	32(%rcx),%rcx
	movdqu	32(%rdi),%xmm4
	xorps	%xmm0,%xmm2
	movdqu	48(%rdi),%xmm5
	xorps	%xmm0,%xmm3
	movdqu	64(%rdi),%xmm6
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	movdqu	80(%rdi),%xmm7
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqu	96(%rdi),%xmm8
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqu	112(%rdi),%xmm9
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1

	call	.Ldec_loop8_enter

	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm1
	xorps	%xmm0,%xmm8
	movups	112(%rdi),%xmm0
	xorps	%xmm1,%xmm9
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movq	%r11,%rcx
	movups	%xmm7,80(%rsi)
	leaq	128(%rdi),%rdi
	movups	%xmm8,96(%rsi)
	leaq	112(%rsi),%rsi
	subq	$128,%rdx
	ja	.Lcbc_dec_loop8

	movaps	%xmm9,%xmm2
	movaps	%xmm0,%xmm9
	addq	$112,%rdx
	jle	.Lcbc_dec_tail_collected
	movups	%xmm2,(%rsi)
	leal	1(%r10,%r10,1),%eax
	leaq	16(%rsi),%rsi
.Lcbc_dec_tail:
	movups	(%rdi),%xmm2
	movaps	%xmm2,%xmm8
	cmpq	$16,%rdx
	jbe	.Lcbc_dec_one

	movups	16(%rdi),%xmm3
	movaps	%xmm3,%xmm7
	cmpq	$32,%rdx
	jbe	.Lcbc_dec_two

	movups	32(%rdi),%xmm4
	movaps	%xmm4,%xmm6
	cmpq	$48,%rdx
	jbe	.Lcbc_dec_three

	movups	48(%rdi),%xmm5
	cmpq	$64,%rdx
	jbe	.Lcbc_dec_four

	movups	64(%rdi),%xmm6
	cmpq	$80,%rdx
	jbe	.Lcbc_dec_five

	movups	80(%rdi),%xmm7
	cmpq	$96,%rdx
	jbe	.Lcbc_dec_six

	movups	96(%rdi),%xmm8
	movaps	%xmm9,-24(%rsp)
	call	_aesni_decrypt8
	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm9
	xorps	%xmm0,%xmm8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	movaps	%xmm8,%xmm2
	subq	$112,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
.Loop_dec1_16:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	.Loop_dec1_16	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm9,%xmm2
	movaps	%xmm8,%xmm9
	subq	$16,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	movaps	%xmm7,%xmm9
	movaps	%xmm3,%xmm2
	leaq	16(%rsi),%rsi
	subq	$32,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_three:
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	movaps	%xmm6,%xmm9
	movaps	%xmm4,%xmm2
	leaq	32(%rsi),%rsi
	subq	$48,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_four:
	call	_aesni_decrypt4
	xorps	%xmm9,%xmm2
	movups	48(%rdi),%xmm9
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	xorps	%xmm6,%xmm5
	movups	%xmm4,32(%rsi)
	movaps	%xmm5,%xmm2
	leaq	48(%rsi),%rsi
	subq	$64,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm9
	xorps	%xmm1,%xmm6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	movaps	%xmm6,%xmm2
	subq	$80,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_six:
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm0
	xorps	%xmm1,%xmm6
	movups	80(%rdi),%xmm9
	xorps	%xmm0,%xmm7
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	movaps	%xmm7,%xmm2
	subq	$96,%rdx
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_tail_collected:
	andq	$15,%rdx
	movups	%xmm9,(%r8)
	jnz	.Lcbc_dec_tail_partial
	movups	%xmm2,(%rsi)
	jmp	.Lcbc_dec_ret
.align	16
.Lcbc_dec_tail_partial:
	movaps	%xmm2,-24(%rsp)
	movq	$16,%rcx
	movq	%rsi,%rdi
	subq	%rdx,%rcx
	leaq	-24(%rsp),%rsi
.long	0x9066A4F3	

.Lcbc_dec_ret:
.Lcbc_ret:
	.byte	0xf3,0xc3
.size	aesni_cbc_encrypt,.-aesni_cbc_encrypt
.globl	aesni_set_decrypt_key
.type	aesni_set_decrypt_key,@function
.align	16
aesni_set_decrypt_key:
	subq	$8,%rsp
	call	__aesni_set_encrypt_key
	shll	$4,%esi
	testl	%eax,%eax
	jnz	.Ldec_key_ret
	leaq	16(%rdx,%rsi,1),%rdi

	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	movups	%xmm0,(%rdi)
	movups	%xmm1,(%rdx)
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi

.Ldec_key_inverse:
	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	aesimc	%xmm0,%xmm0
	aesimc	%xmm1,%xmm1
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi
	movups	%xmm0,16(%rdi)
	movups	%xmm1,-16(%rdx)
	cmpq	%rdx,%rdi
	ja	.Ldec_key_inverse

	movups	(%rdx),%xmm0
	aesimc	%xmm0,%xmm0
	movups	%xmm0,(%rdi)
.Ldec_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
.LSEH_end_set_decrypt_key:
.size	aesni_set_decrypt_key,.-aesni_set_decrypt_key
.globl	aesni_set_encrypt_key
.type	aesni_set_encrypt_key,@function
.align	16
aesni_set_encrypt_key:
__aesni_set_encrypt_key:
	subq	$8,%rsp
	movq	$-1,%rax
	testq	%rdi,%rdi
	jz	.Lenc_key_ret
	testq	%rdx,%rdx
	jz	.Lenc_key_ret

	movups	(%rdi),%xmm0
	xorps	%xmm4,%xmm4
	leaq	16(%rdx),%rax
	cmpl	$256,%esi
	je	.L14rounds
	cmpl	$192,%esi
	je	.L12rounds
	cmpl	$128,%esi
	jne	.Lbad_keybits

.L10rounds:
	movl	$9,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm0,%xmm1
	call	.Lkey_expansion_128_cold
	aeskeygenassist	$2,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$4,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$8,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$16,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$32,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$64,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$128,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$27,%xmm0,%xmm1
	call	.Lkey_expansion_128
	aeskeygenassist	$54,%xmm0,%xmm1
	call	.Lkey_expansion_128
	movups	%xmm0,(%rax)
	movl	%esi,80(%rax)
	xorl	%eax,%eax
	jmp	.Lenc_key_ret

.align	16
.L12rounds:
	movq	16(%rdi),%xmm2
	movl	$11,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	.Lkey_expansion_192a_cold
	aeskeygenassist	$2,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	.Lkey_expansion_192a
	aeskeygenassist	$8,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	.Lkey_expansion_192a
	aeskeygenassist	$32,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	.Lkey_expansion_192a
	aeskeygenassist	$128,%xmm2,%xmm1
	call	.Lkey_expansion_192b
	movups	%xmm0,(%rax)
	movl	%esi,48(%rax)
	xorq	%rax,%rax
	jmp	.Lenc_key_ret

.align	16
.L14rounds:
	movups	16(%rdi),%xmm2
	movl	$13,%esi
	leaq	16(%rax),%rax
	movups	%xmm0,(%rdx)
	movups	%xmm2,16(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	.Lkey_expansion_256a_cold
	aeskeygenassist	$1,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$2,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$2,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$4,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$8,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$8,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$16,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$32,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	aeskeygenassist	$32,%xmm0,%xmm1
	call	.Lkey_expansion_256b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	.Lkey_expansion_256a
	movups	%xmm0,(%rax)
	movl	%esi,16(%rax)
	xorq	%rax,%rax
	jmp	.Lenc_key_ret

.align	16
.Lbad_keybits:
	movq	$-2,%rax
.Lenc_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
.LSEH_end_set_encrypt_key:

.align	16
.Lkey_expansion_128:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
.Lkey_expansion_128_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.align	16
.Lkey_expansion_192a:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
.Lkey_expansion_192a_cold:
	movaps	%xmm2,%xmm5
.Lkey_expansion_192b_warm:
	shufps	$16,%xmm0,%xmm4
	movdqa	%xmm2,%xmm3
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	pslldq	$4,%xmm3
	xorps	%xmm4,%xmm0
	pshufd	$85,%xmm1,%xmm1
	pxor	%xmm3,%xmm2
	pxor	%xmm1,%xmm0
	pshufd	$255,%xmm0,%xmm3
	pxor	%xmm3,%xmm2
	.byte	0xf3,0xc3

.align	16
.Lkey_expansion_192b:
	movaps	%xmm0,%xmm3
	shufps	$68,%xmm0,%xmm5
	movups	%xmm5,(%rax)
	shufps	$78,%xmm2,%xmm3
	movups	%xmm3,16(%rax)
	leaq	32(%rax),%rax
	jmp	.Lkey_expansion_192b_warm

.align	16
.Lkey_expansion_256a:
	movups	%xmm2,(%rax)
	leaq	16(%rax),%rax
.Lkey_expansion_256a_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.align	16
.Lkey_expansion_256b:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax

	shufps	$16,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$140,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$170,%xmm1,%xmm1
	xorps	%xmm1,%xmm2
	.byte	0xf3,0xc3
.size	aesni_set_encrypt_key,.-aesni_set_encrypt_key
.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
.align	64
.Lbswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
.Lincrement32:
.long	6,6,6,0
.Lincrement64:
.long	1,0,0,0
.Lxts_magic:
.long	0x87,0,1,0

.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/aesni-macosx-x86_64.S.
















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
#include "x86_arch.h"
.text	
.globl	_aesni_encrypt

.p2align	4
_aesni_encrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
L$oop_enc1_1:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	L$oop_enc1_1	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3


.globl	_aesni_decrypt

.p2align	4
_aesni_decrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
L$oop_dec1_2:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	L$oop_dec1_2	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

L$enc_loop3:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	L$enc_loop3

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

L$dec_loop3:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	L$dec_loop3

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

L$enc_loop4:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	L$enc_loop4

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

L$dec_loop4:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	L$dec_loop4

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm7
	jmp	L$enc_loop6_enter
.p2align	4
L$enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
L$enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$enc_loop6

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm7
	jmp	L$dec_loop6_enter
.p2align	4
L$dec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
L$dec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$dec_loop6

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesenc	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	L$enc_loop8_enter
.p2align	4
L$enc_loop8:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
L$enc_loop8_enter:
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	aesenc	%xmm0,%xmm8
	aesenc	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	L$enc_loop8

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	aesenclast	%xmm0,%xmm8
	aesenclast	%xmm0,%xmm9
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	L$dec_loop8_enter
.p2align	4
L$dec_loop8:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
L$dec_loop8_enter:
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	aesdec	%xmm0,%xmm8
	aesdec	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	L$dec_loop8

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	aesdeclast	%xmm0,%xmm8
	aesdeclast	%xmm0,%xmm9
	.byte	0xf3,0xc3

.globl	_aesni_ecb_encrypt

.p2align	4
_aesni_ecb_encrypt:
	andq	$-16,%rdx
	jz	L$ecb_ret

	movl	240(%rcx),%eax
	movups	(%rcx),%xmm0
	movq	%rcx,%r11
	movl	%eax,%r10d
	testl	%r8d,%r8d
	jz	L$ecb_decrypt

	cmpq	$128,%rdx
	jb	L$ecb_enc_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	L$ecb_enc_loop8_enter
.p2align	4
L$ecb_enc_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
L$ecb_enc_loop8_enter:

	call	_aesni_encrypt8

	subq	$128,%rdx
	jnc	L$ecb_enc_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	L$ecb_ret

L$ecb_enc_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	L$ecb_enc_one
	movups	16(%rdi),%xmm3
	je	L$ecb_enc_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	L$ecb_enc_three
	movups	48(%rdi),%xmm5
	je	L$ecb_enc_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	L$ecb_enc_five
	movups	80(%rdi),%xmm7
	je	L$ecb_enc_six
	movdqu	96(%rdi),%xmm8
	call	_aesni_encrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_3:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_3	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_three:
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_four:
	call	_aesni_encrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_five:
	xorps	%xmm7,%xmm7
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_six:
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	jmp	L$ecb_ret

.p2align	4
L$ecb_decrypt:
	cmpq	$128,%rdx
	jb	L$ecb_dec_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	L$ecb_dec_loop8_enter
.p2align	4
L$ecb_dec_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
L$ecb_dec_loop8_enter:

	call	_aesni_decrypt8

	movups	(%r11),%xmm0
	subq	$128,%rdx
	jnc	L$ecb_dec_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	L$ecb_ret

L$ecb_dec_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	L$ecb_dec_one
	movups	16(%rdi),%xmm3
	je	L$ecb_dec_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	L$ecb_dec_three
	movups	48(%rdi),%xmm5
	je	L$ecb_dec_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	L$ecb_dec_five
	movups	80(%rdi),%xmm7
	je	L$ecb_dec_six
	movups	96(%rdi),%xmm8
	movups	(%rcx),%xmm0
	call	_aesni_decrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_4:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_4	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_three:
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_four:
	call	_aesni_decrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_six:
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)

L$ecb_ret:
	.byte	0xf3,0xc3

.globl	_aesni_ccm64_encrypt_blocks

.p2align	4
_aesni_ccm64_encrypt_blocks:
	movl	240(%rcx),%eax
	movdqu	(%r8),%xmm9
	movdqa	L$increment64(%rip),%xmm6
	movdqa	L$bswap_mask(%rip),%xmm7

	shrl	$1,%eax
	leaq	0(%rcx),%r11
	movdqu	(%r9),%xmm3
	movdqa	%xmm9,%xmm2
	movl	%eax,%r10d
.byte	102,68,15,56,0,207
	jmp	L$ccm64_enc_outer
.p2align	4
L$ccm64_enc_outer:
	movups	(%r11),%xmm0
	movl	%r10d,%eax
	movups	(%rdi),%xmm8

	xorps	%xmm0,%xmm2
	movups	16(%r11),%xmm1
	xorps	%xmm8,%xmm0
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm3
	movups	(%rcx),%xmm0

L$ccm64_enc2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	L$ccm64_enc2_loop
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	paddq	%xmm6,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3

	decq	%rdx
	leaq	16(%rdi),%rdi
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215
	jnz	L$ccm64_enc_outer

	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3

.globl	_aesni_ccm64_decrypt_blocks

.p2align	4
_aesni_ccm64_decrypt_blocks:
	movl	240(%rcx),%eax
	movups	(%r8),%xmm9
	movdqu	(%r9),%xmm3
	movdqa	L$increment64(%rip),%xmm6
	movdqa	L$bswap_mask(%rip),%xmm7

	movaps	%xmm9,%xmm2
	movl	%eax,%r10d
	movq	%rcx,%r11
.byte	102,68,15,56,0,207
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_5:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_5	
	aesenclast	%xmm1,%xmm2
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	leaq	16(%rdi),%rdi
	jmp	L$ccm64_dec_outer
.p2align	4
L$ccm64_dec_outer:
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movl	%r10d,%eax
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215

	subq	$1,%rdx
	jz	L$ccm64_dec_break

	movups	(%r11),%xmm0
	shrl	$1,%eax
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm8,%xmm3
	movups	(%rcx),%xmm0

L$ccm64_dec2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	L$ccm64_dec2_loop
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	leaq	16(%rdi),%rdi
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	jmp	L$ccm64_dec_outer

.p2align	4
L$ccm64_dec_break:

	movups	(%r11),%xmm0
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%r11
	xorps	%xmm8,%xmm3
L$oop_enc1_6:
	aesenc	%xmm1,%xmm3
	decl	%eax
	movups	(%r11),%xmm1
	leaq	16(%r11),%r11
	jnz	L$oop_enc1_6	
	aesenclast	%xmm1,%xmm3
	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3

.globl	_aesni_ctr32_encrypt_blocks

.p2align	4
_aesni_ctr32_encrypt_blocks:
	cmpq	$1,%rdx
	je	L$ctr32_one_shortcut

	movdqu	(%r8),%xmm14
	movdqa	L$bswap_mask(%rip),%xmm15
	xorl	%eax,%eax
.byte	102,69,15,58,22,242,3
.byte	102,68,15,58,34,240,3

	movl	240(%rcx),%eax
	bswapl	%r10d
	pxor	%xmm12,%xmm12
	pxor	%xmm13,%xmm13
.byte	102,69,15,58,34,226,0
	leaq	3(%r10),%r11
.byte	102,69,15,58,34,235,0
	incl	%r10d
.byte	102,69,15,58,34,226,1
	incq	%r11
.byte	102,69,15,58,34,235,1
	incl	%r10d
.byte	102,69,15,58,34,226,2
	incq	%r11
.byte	102,69,15,58,34,235,2
	movdqa	%xmm12,-40(%rsp)
.byte	102,69,15,56,0,231
	movdqa	%xmm13,-24(%rsp)
.byte	102,69,15,56,0,239

	pshufd	$192,%xmm12,%xmm2
	pshufd	$128,%xmm12,%xmm3
	pshufd	$64,%xmm12,%xmm4
	cmpq	$6,%rdx
	jb	L$ctr32_tail
	shrl	$1,%eax
	movq	%rcx,%r11
	movl	%eax,%r10d
	subq	$6,%rdx
	jmp	L$ctr32_loop6

.p2align	4
L$ctr32_loop6:
	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm2
	movups	(%r11),%xmm0
	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm3
	movups	16(%r11),%xmm1
	pshufd	$64,%xmm13,%xmm7
	por	%xmm14,%xmm4
	por	%xmm14,%xmm5
	xorps	%xmm0,%xmm2
	por	%xmm14,%xmm6
	por	%xmm14,%xmm7




	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	movdqa	L$increment32(%rip),%xmm13
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	movdqa	-40(%rsp),%xmm12
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	jmp	L$ctr32_enc_loop6_enter
.p2align	4
L$ctr32_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
L$ctr32_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$ctr32_enc_loop6

	aesenc	%xmm1,%xmm2
	paddd	%xmm13,%xmm12
	aesenc	%xmm1,%xmm3
	paddd	-24(%rsp),%xmm13
	aesenc	%xmm1,%xmm4
	movdqa	%xmm12,-40(%rsp)
	aesenc	%xmm1,%xmm5
	movdqa	%xmm13,-24(%rsp)
	aesenc	%xmm1,%xmm6
.byte	102,69,15,56,0,231
	aesenc	%xmm1,%xmm7
.byte	102,69,15,56,0,239

	aesenclast	%xmm0,%xmm2
	movups	(%rdi),%xmm8
	aesenclast	%xmm0,%xmm3
	movups	16(%rdi),%xmm9
	aesenclast	%xmm0,%xmm4
	movups	32(%rdi),%xmm10
	aesenclast	%xmm0,%xmm5
	movups	48(%rdi),%xmm11
	aesenclast	%xmm0,%xmm6
	movups	64(%rdi),%xmm1
	aesenclast	%xmm0,%xmm7
	movups	80(%rdi),%xmm0
	leaq	96(%rdi),%rdi

	xorps	%xmm2,%xmm8
	pshufd	$192,%xmm12,%xmm2
	xorps	%xmm3,%xmm9
	pshufd	$128,%xmm12,%xmm3
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	pshufd	$64,%xmm12,%xmm4
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	xorps	%xmm7,%xmm0
	movups	%xmm1,64(%rsi)
	movups	%xmm0,80(%rsi)
	leaq	96(%rsi),%rsi
	movl	%r10d,%eax
	subq	$6,%rdx
	jnc	L$ctr32_loop6

	addq	$6,%rdx
	jz	L$ctr32_done
	movq	%r11,%rcx
	leal	1(%rax,%rax,1),%eax

L$ctr32_tail:
	por	%xmm14,%xmm2
	movups	(%rdi),%xmm8
	cmpq	$2,%rdx
	jb	L$ctr32_one

	por	%xmm14,%xmm3
	movups	16(%rdi),%xmm9
	je	L$ctr32_two

	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm4
	movups	32(%rdi),%xmm10
	cmpq	$4,%rdx
	jb	L$ctr32_three

	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm5
	movups	48(%rdi),%xmm11
	je	L$ctr32_four

	por	%xmm14,%xmm6
	xorps	%xmm7,%xmm7

	call	_aesni_encrypt6

	movups	64(%rdi),%xmm1
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	movups	%xmm1,64(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_one_shortcut:
	movups	(%r8),%xmm2
	movups	(%rdi),%xmm8
	movl	240(%rcx),%eax
L$ctr32_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_7:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_7	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm2,%xmm8
	movups	%xmm8,(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	movups	%xmm9,16(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_three:
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	movups	%xmm10,32(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_four:
	call	_aesni_encrypt4
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	movups	%xmm11,48(%rsi)

L$ctr32_done:
	.byte	0xf3,0xc3

.globl	_aesni_xts_encrypt

.p2align	4
_aesni_xts_encrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
L$oop_enc1_8:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	L$oop_enc1_8	
	aesenclast	%xmm1,%xmm15
	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	L$xts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	L$xts_enc_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	L$xts_enc_grandloop

.p2align	4
L$xts_enc_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesenc	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesenc	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	L$xts_enc_loop6_enter

.p2align	4
L$xts_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
L$xts_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$xts_enc_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesenc	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesenclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	L$xts_enc_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

L$xts_enc_short:
	addq	$96,%rdx
	jz	L$xts_enc_done

	cmpq	$32,%rdx
	jb	L$xts_enc_one
	je	L$xts_enc_two

	cmpq	$64,%rdx
	jb	L$xts_enc_three
	je	L$xts_enc_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_encrypt6

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	movdqu	%xmm5,48(%rsi)
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_9:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_9	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	leaq	16(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_four:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_encrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_done:
	andq	$15,%r9
	jz	L$xts_enc_ret
	movq	%r9,%rdx

L$xts_enc_steal:
	movzbl	(%rdi),%eax
	movzbl	-16(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,-16(%rsi)
	movb	%cl,0(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	L$xts_enc_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	-16(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_10:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_10	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,-16(%rsi)

L$xts_enc_ret:
	leaq	104(%rsp),%rsp
L$xts_enc_epilogue:
	.byte	0xf3,0xc3

.globl	_aesni_xts_decrypt

.p2align	4
_aesni_xts_decrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
L$oop_enc1_11:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	L$oop_enc1_11	
	aesenclast	%xmm1,%xmm15
	xorl	%eax,%eax
	testq	$15,%rdx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%rdx

	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	L$xts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	L$xts_dec_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	L$xts_dec_grandloop

.p2align	4
L$xts_dec_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesdec	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesdec	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesdec	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	L$xts_dec_loop6_enter

.p2align	4
L$xts_dec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
L$xts_dec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$xts_dec_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesdec	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesdeclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdeclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdeclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	L$xts_dec_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

L$xts_dec_short:
	addq	$96,%rdx
	jz	L$xts_dec_done

	cmpq	$32,%rdx
	jb	L$xts_dec_one
	je	L$xts_dec_two

	cmpq	$64,%rdx
	jb	L$xts_dec_three
	je	L$xts_dec_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_decrypt6

	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	pxor	%xmm14,%xmm14
	movdqu	%xmm5,48(%rsi)
	pcmpgtd	%xmm15,%xmm14
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	pshufd	$19,%xmm14,%xmm11
	andq	$15,%r9
	jz	L$xts_dec_ret

	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm11
	pxor	%xmm15,%xmm11
	jmp	L$xts_dec_done2

.p2align	4
L$xts_dec_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_12:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_12	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	movdqa	%xmm12,%xmm11
	leaq	16(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm13,%xmm11
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_four:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movups	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movups	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_decrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm14,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_done:
	andq	$15,%r9
	jz	L$xts_dec_ret
L$xts_dec_done2:
	movq	%r9,%rdx
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rdi),%xmm2
	xorps	%xmm11,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_13:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_13	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm11,%xmm2
	movups	%xmm2,(%rsi)

L$xts_dec_steal:
	movzbl	16(%rdi),%eax
	movzbl	(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,(%rsi)
	movb	%cl,16(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	L$xts_dec_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_14:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_14	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,(%rsi)

L$xts_dec_ret:
	leaq	104(%rsp),%rsp
L$xts_dec_epilogue:
	.byte	0xf3,0xc3

.globl	_aesni_cbc_encrypt

.p2align	4
_aesni_cbc_encrypt:
	testq	%rdx,%rdx
	jz	L$cbc_ret

	movl	240(%rcx),%r10d
	movq	%rcx,%r11
	testl	%r9d,%r9d
	jz	L$cbc_decrypt

	movups	(%r8),%xmm2
	movl	%r10d,%eax
	cmpq	$16,%rdx
	jb	L$cbc_enc_tail
	subq	$16,%rdx
	jmp	L$cbc_enc_loop
.p2align	4
L$cbc_enc_loop:
	movups	(%rdi),%xmm3
	leaq	16(%rdi),%rdi

	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	xorps	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	xorps	%xmm3,%xmm2
L$oop_enc1_15:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_15	
	aesenclast	%xmm1,%xmm2
	movl	%r10d,%eax
	movq	%r11,%rcx
	movups	%xmm2,0(%rsi)
	leaq	16(%rsi),%rsi
	subq	$16,%rdx
	jnc	L$cbc_enc_loop
	addq	$16,%rdx
	jnz	L$cbc_enc_tail
	movups	%xmm2,(%r8)
	jmp	L$cbc_ret

L$cbc_enc_tail:
	movq	%rdx,%rcx
	xchgq	%rdi,%rsi
.long	0x9066A4F3	
	movl	$16,%ecx
	subq	%rdx,%rcx
	xorl	%eax,%eax
.long	0x9066AAF3	
	leaq	-16(%rdi),%rdi
	movl	%r10d,%eax
	movq	%rdi,%rsi
	movq	%r11,%rcx
	xorq	%rdx,%rdx
	jmp	L$cbc_enc_loop	

.p2align	4
L$cbc_decrypt:
	movups	(%r8),%xmm9
	movl	%r10d,%eax
	cmpq	$112,%rdx
	jbe	L$cbc_dec_tail
	shrl	$1,%r10d
	subq	$112,%rdx
	movl	%r10d,%eax
	movaps	%xmm9,-24(%rsp)
	jmp	L$cbc_dec_loop8_enter
.p2align	4
L$cbc_dec_loop8:
	movaps	%xmm0,-24(%rsp)
	movups	%xmm9,(%rsi)
	leaq	16(%rsi),%rsi
L$cbc_dec_loop8_enter:
	movups	(%rcx),%xmm0
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	16(%rcx),%xmm1

	leaq	32(%rcx),%rcx
	movdqu	32(%rdi),%xmm4
	xorps	%xmm0,%xmm2
	movdqu	48(%rdi),%xmm5
	xorps	%xmm0,%xmm3
	movdqu	64(%rdi),%xmm6
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	movdqu	80(%rdi),%xmm7
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqu	96(%rdi),%xmm8
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqu	112(%rdi),%xmm9
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1

	call	L$dec_loop8_enter

	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm1
	xorps	%xmm0,%xmm8
	movups	112(%rdi),%xmm0
	xorps	%xmm1,%xmm9
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movq	%r11,%rcx
	movups	%xmm7,80(%rsi)
	leaq	128(%rdi),%rdi
	movups	%xmm8,96(%rsi)
	leaq	112(%rsi),%rsi
	subq	$128,%rdx
	ja	L$cbc_dec_loop8

	movaps	%xmm9,%xmm2
	movaps	%xmm0,%xmm9
	addq	$112,%rdx
	jle	L$cbc_dec_tail_collected
	movups	%xmm2,(%rsi)
	leal	1(%r10,%r10,1),%eax
	leaq	16(%rsi),%rsi
L$cbc_dec_tail:
	movups	(%rdi),%xmm2
	movaps	%xmm2,%xmm8
	cmpq	$16,%rdx
	jbe	L$cbc_dec_one

	movups	16(%rdi),%xmm3
	movaps	%xmm3,%xmm7
	cmpq	$32,%rdx
	jbe	L$cbc_dec_two

	movups	32(%rdi),%xmm4
	movaps	%xmm4,%xmm6
	cmpq	$48,%rdx
	jbe	L$cbc_dec_three

	movups	48(%rdi),%xmm5
	cmpq	$64,%rdx
	jbe	L$cbc_dec_four

	movups	64(%rdi),%xmm6
	cmpq	$80,%rdx
	jbe	L$cbc_dec_five

	movups	80(%rdi),%xmm7
	cmpq	$96,%rdx
	jbe	L$cbc_dec_six

	movups	96(%rdi),%xmm8
	movaps	%xmm9,-24(%rsp)
	call	_aesni_decrypt8
	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm9
	xorps	%xmm0,%xmm8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	movaps	%xmm8,%xmm2
	subq	$112,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_16:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_16	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm9,%xmm2
	movaps	%xmm8,%xmm9
	subq	$16,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	movaps	%xmm7,%xmm9
	movaps	%xmm3,%xmm2
	leaq	16(%rsi),%rsi
	subq	$32,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_three:
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	movaps	%xmm6,%xmm9
	movaps	%xmm4,%xmm2
	leaq	32(%rsi),%rsi
	subq	$48,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_four:
	call	_aesni_decrypt4
	xorps	%xmm9,%xmm2
	movups	48(%rdi),%xmm9
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	xorps	%xmm6,%xmm5
	movups	%xmm4,32(%rsi)
	movaps	%xmm5,%xmm2
	leaq	48(%rsi),%rsi
	subq	$64,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm9
	xorps	%xmm1,%xmm6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	movaps	%xmm6,%xmm2
	subq	$80,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_six:
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm0
	xorps	%xmm1,%xmm6
	movups	80(%rdi),%xmm9
	xorps	%xmm0,%xmm7
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	movaps	%xmm7,%xmm2
	subq	$96,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_tail_collected:
	andq	$15,%rdx
	movups	%xmm9,(%r8)
	jnz	L$cbc_dec_tail_partial
	movups	%xmm2,(%rsi)
	jmp	L$cbc_dec_ret
.p2align	4
L$cbc_dec_tail_partial:
	movaps	%xmm2,-24(%rsp)
	movq	$16,%rcx
	movq	%rsi,%rdi
	subq	%rdx,%rcx
	leaq	-24(%rsp),%rsi
.long	0x9066A4F3	

L$cbc_dec_ret:
L$cbc_ret:
	.byte	0xf3,0xc3

.globl	_aesni_set_decrypt_key

.p2align	4
_aesni_set_decrypt_key:
	subq	$8,%rsp
	call	__aesni_set_encrypt_key
	shll	$4,%esi
	testl	%eax,%eax
	jnz	L$dec_key_ret
	leaq	16(%rdx,%rsi,1),%rdi

	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	movups	%xmm0,(%rdi)
	movups	%xmm1,(%rdx)
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi

L$dec_key_inverse:
	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	aesimc	%xmm0,%xmm0
	aesimc	%xmm1,%xmm1
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi
	movups	%xmm0,16(%rdi)
	movups	%xmm1,-16(%rdx)
	cmpq	%rdx,%rdi
	ja	L$dec_key_inverse

	movups	(%rdx),%xmm0
	aesimc	%xmm0,%xmm0
	movups	%xmm0,(%rdi)
L$dec_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
L$SEH_end_set_decrypt_key:

.globl	_aesni_set_encrypt_key

.p2align	4
_aesni_set_encrypt_key:
__aesni_set_encrypt_key:
	subq	$8,%rsp
	movq	$-1,%rax
	testq	%rdi,%rdi
	jz	L$enc_key_ret
	testq	%rdx,%rdx
	jz	L$enc_key_ret

	movups	(%rdi),%xmm0
	xorps	%xmm4,%xmm4
	leaq	16(%rdx),%rax
	cmpl	$256,%esi
	je	L$14rounds
	cmpl	$192,%esi
	je	L$12rounds
	cmpl	$128,%esi
	jne	L$bad_keybits

L$10rounds:
	movl	$9,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm0,%xmm1
	call	L$key_expansion_128_cold
	aeskeygenassist	$2,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$4,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$8,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$16,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$32,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$64,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$128,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$27,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$54,%xmm0,%xmm1
	call	L$key_expansion_128
	movups	%xmm0,(%rax)
	movl	%esi,80(%rax)
	xorl	%eax,%eax
	jmp	L$enc_key_ret

.p2align	4
L$12rounds:
	movq	16(%rdi),%xmm2
	movl	$11,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	L$key_expansion_192a_cold
	aeskeygenassist	$2,%xmm2,%xmm1
	call	L$key_expansion_192b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	L$key_expansion_192a
	aeskeygenassist	$8,%xmm2,%xmm1
	call	L$key_expansion_192b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	L$key_expansion_192a
	aeskeygenassist	$32,%xmm2,%xmm1
	call	L$key_expansion_192b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	L$key_expansion_192a
	aeskeygenassist	$128,%xmm2,%xmm1
	call	L$key_expansion_192b
	movups	%xmm0,(%rax)
	movl	%esi,48(%rax)
	xorq	%rax,%rax
	jmp	L$enc_key_ret

.p2align	4
L$14rounds:
	movups	16(%rdi),%xmm2
	movl	$13,%esi
	leaq	16(%rax),%rax
	movups	%xmm0,(%rdx)
	movups	%xmm2,16(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	L$key_expansion_256a_cold
	aeskeygenassist	$1,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$2,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$2,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$4,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$8,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$8,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$16,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$32,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$32,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	L$key_expansion_256a
	movups	%xmm0,(%rax)
	movl	%esi,16(%rax)
	xorq	%rax,%rax
	jmp	L$enc_key_ret

.p2align	4
L$bad_keybits:
	movq	$-2,%rax
L$enc_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
L$SEH_end_set_encrypt_key:

.p2align	4
L$key_expansion_128:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
L$key_expansion_128_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.p2align	4
L$key_expansion_192a:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
L$key_expansion_192a_cold:
	movaps	%xmm2,%xmm5
L$key_expansion_192b_warm:
	shufps	$16,%xmm0,%xmm4
	movdqa	%xmm2,%xmm3
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	pslldq	$4,%xmm3
	xorps	%xmm4,%xmm0
	pshufd	$85,%xmm1,%xmm1
	pxor	%xmm3,%xmm2
	pxor	%xmm1,%xmm0
	pshufd	$255,%xmm0,%xmm3
	pxor	%xmm3,%xmm2
	.byte	0xf3,0xc3

.p2align	4
L$key_expansion_192b:
	movaps	%xmm0,%xmm3
	shufps	$68,%xmm0,%xmm5
	movups	%xmm5,(%rax)
	shufps	$78,%xmm2,%xmm3
	movups	%xmm3,16(%rax)
	leaq	32(%rax),%rax
	jmp	L$key_expansion_192b_warm

.p2align	4
L$key_expansion_256a:
	movups	%xmm2,(%rax)
	leaq	16(%rax),%rax
L$key_expansion_256a_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.p2align	4
L$key_expansion_256b:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax

	shufps	$16,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$140,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$170,%xmm1,%xmm1
	xorps	%xmm1,%xmm2
	.byte	0xf3,0xc3


.p2align	6
L$bswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
L$increment32:
.long	6,6,6,0
L$increment64:
.long	1,0,0,0
L$xts_magic:
.long	0x87,0,1,0

.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
Deleted jni/libressl/crypto/aes/aesni-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
.text	
.globl	_aesni_encrypt

.p2align	4
_aesni_encrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
L$oop_enc1_1:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	L$oop_enc1_1	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3


.globl	_aesni_decrypt

.p2align	4
_aesni_decrypt:
	movups	(%rdi),%xmm2
	movl	240(%rdx),%eax
	movups	(%rdx),%xmm0
	movups	16(%rdx),%xmm1
	leaq	32(%rdx),%rdx
	xorps	%xmm0,%xmm2
L$oop_dec1_2:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rdx),%xmm1
	leaq	16(%rdx),%rdx
	jnz	L$oop_dec1_2	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

L$enc_loop3:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	L$enc_loop3

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt3:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	movups	(%rcx),%xmm0

L$dec_loop3:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	movups	(%rcx),%xmm0
	jnz	L$dec_loop3

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

L$enc_loop4:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	L$enc_loop4

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt4:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	xorps	%xmm0,%xmm4
	xorps	%xmm0,%xmm5
	movups	(%rcx),%xmm0

L$dec_loop4:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	movups	(%rcx),%xmm0
	jnz	L$dec_loop4

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm7
	jmp	L$enc_loop6_enter
.p2align	4
L$enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
L$enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$enc_loop6

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt6:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm7
	jmp	L$dec_loop6_enter
.p2align	4
L$dec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
L$dec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$dec_loop6

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	.byte	0xf3,0xc3


.p2align	4
_aesni_encrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesenc	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesenc	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	L$enc_loop8_enter
.p2align	4
L$enc_loop8:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
L$enc_loop8_enter:
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	aesenc	%xmm0,%xmm8
	aesenc	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	L$enc_loop8

	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	aesenc	%xmm1,%xmm8
	aesenc	%xmm1,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	aesenclast	%xmm0,%xmm4
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7
	aesenclast	%xmm0,%xmm8
	aesenclast	%xmm0,%xmm9
	.byte	0xf3,0xc3


.p2align	4
_aesni_decrypt8:
	movups	(%rcx),%xmm0
	shrl	$1,%eax
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm0,%xmm3
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
	jmp	L$dec_loop8_enter
.p2align	4
L$dec_loop8:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1
L$dec_loop8_enter:
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	aesdec	%xmm0,%xmm8
	aesdec	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	jnz	L$dec_loop8

	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	aesdeclast	%xmm0,%xmm2
	aesdeclast	%xmm0,%xmm3
	aesdeclast	%xmm0,%xmm4
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7
	aesdeclast	%xmm0,%xmm8
	aesdeclast	%xmm0,%xmm9
	.byte	0xf3,0xc3

.globl	_aesni_ecb_encrypt

.p2align	4
_aesni_ecb_encrypt:
	andq	$-16,%rdx
	jz	L$ecb_ret

	movl	240(%rcx),%eax
	movups	(%rcx),%xmm0
	movq	%rcx,%r11
	movl	%eax,%r10d
	testl	%r8d,%r8d
	jz	L$ecb_decrypt

	cmpq	$128,%rdx
	jb	L$ecb_enc_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	L$ecb_enc_loop8_enter
.p2align	4
L$ecb_enc_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
L$ecb_enc_loop8_enter:

	call	_aesni_encrypt8

	subq	$128,%rdx
	jnc	L$ecb_enc_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	L$ecb_ret

L$ecb_enc_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	L$ecb_enc_one
	movups	16(%rdi),%xmm3
	je	L$ecb_enc_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	L$ecb_enc_three
	movups	48(%rdi),%xmm5
	je	L$ecb_enc_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	L$ecb_enc_five
	movups	80(%rdi),%xmm7
	je	L$ecb_enc_six
	movdqu	96(%rdi),%xmm8
	call	_aesni_encrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_3:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_3	
	aesenclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_three:
	call	_aesni_encrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_four:
	call	_aesni_encrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_five:
	xorps	%xmm7,%xmm7
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_enc_six:
	call	_aesni_encrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	jmp	L$ecb_ret

.p2align	4
L$ecb_decrypt:
	cmpq	$128,%rdx
	jb	L$ecb_dec_tail

	movdqu	(%rdi),%xmm2
	movdqu	16(%rdi),%xmm3
	movdqu	32(%rdi),%xmm4
	movdqu	48(%rdi),%xmm5
	movdqu	64(%rdi),%xmm6
	movdqu	80(%rdi),%xmm7
	movdqu	96(%rdi),%xmm8
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
	subq	$128,%rdx
	jmp	L$ecb_dec_loop8_enter
.p2align	4
L$ecb_dec_loop8:
	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movdqu	(%rdi),%xmm2
	movl	%r10d,%eax
	movups	%xmm3,16(%rsi)
	movdqu	16(%rdi),%xmm3
	movups	%xmm4,32(%rsi)
	movdqu	32(%rdi),%xmm4
	movups	%xmm5,48(%rsi)
	movdqu	48(%rdi),%xmm5
	movups	%xmm6,64(%rsi)
	movdqu	64(%rdi),%xmm6
	movups	%xmm7,80(%rsi)
	movdqu	80(%rdi),%xmm7
	movups	%xmm8,96(%rsi)
	movdqu	96(%rdi),%xmm8
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	movdqu	112(%rdi),%xmm9
	leaq	128(%rdi),%rdi
L$ecb_dec_loop8_enter:

	call	_aesni_decrypt8

	movups	(%r11),%xmm0
	subq	$128,%rdx
	jnc	L$ecb_dec_loop8

	movups	%xmm2,(%rsi)
	movq	%r11,%rcx
	movups	%xmm3,16(%rsi)
	movl	%r10d,%eax
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	movups	%xmm9,112(%rsi)
	leaq	128(%rsi),%rsi
	addq	$128,%rdx
	jz	L$ecb_ret

L$ecb_dec_tail:
	movups	(%rdi),%xmm2
	cmpq	$32,%rdx
	jb	L$ecb_dec_one
	movups	16(%rdi),%xmm3
	je	L$ecb_dec_two
	movups	32(%rdi),%xmm4
	cmpq	$64,%rdx
	jb	L$ecb_dec_three
	movups	48(%rdi),%xmm5
	je	L$ecb_dec_four
	movups	64(%rdi),%xmm6
	cmpq	$96,%rdx
	jb	L$ecb_dec_five
	movups	80(%rdi),%xmm7
	je	L$ecb_dec_six
	movups	96(%rdi),%xmm8
	movups	(%rcx),%xmm0
	call	_aesni_decrypt8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	movups	%xmm8,96(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_4:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_4	
	aesdeclast	%xmm1,%xmm2
	movups	%xmm2,(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_three:
	call	_aesni_decrypt3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_four:
	call	_aesni_decrypt4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	jmp	L$ecb_ret
.p2align	4
L$ecb_dec_six:
	call	_aesni_decrypt6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)

L$ecb_ret:
	.byte	0xf3,0xc3

.globl	_aesni_ccm64_encrypt_blocks

.p2align	4
_aesni_ccm64_encrypt_blocks:
	movl	240(%rcx),%eax
	movdqu	(%r8),%xmm9
	movdqa	L$increment64(%rip),%xmm6
	movdqa	L$bswap_mask(%rip),%xmm7

	shrl	$1,%eax
	leaq	0(%rcx),%r11
	movdqu	(%r9),%xmm3
	movdqa	%xmm9,%xmm2
	movl	%eax,%r10d
.byte	102,68,15,56,0,207
	jmp	L$ccm64_enc_outer
.p2align	4
L$ccm64_enc_outer:
	movups	(%r11),%xmm0
	movl	%r10d,%eax
	movups	(%rdi),%xmm8

	xorps	%xmm0,%xmm2
	movups	16(%r11),%xmm1
	xorps	%xmm8,%xmm0
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm3
	movups	(%rcx),%xmm0

L$ccm64_enc2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	L$ccm64_enc2_loop
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	paddq	%xmm6,%xmm9
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3

	decq	%rdx
	leaq	16(%rdi),%rdi
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215
	jnz	L$ccm64_enc_outer

	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3

.globl	_aesni_ccm64_decrypt_blocks

.p2align	4
_aesni_ccm64_decrypt_blocks:
	movl	240(%rcx),%eax
	movups	(%r8),%xmm9
	movdqu	(%r9),%xmm3
	movdqa	L$increment64(%rip),%xmm6
	movdqa	L$bswap_mask(%rip),%xmm7

	movaps	%xmm9,%xmm2
	movl	%eax,%r10d
	movq	%rcx,%r11
.byte	102,68,15,56,0,207
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_5:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_5	
	aesenclast	%xmm1,%xmm2
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	leaq	16(%rdi),%rdi
	jmp	L$ccm64_dec_outer
.p2align	4
L$ccm64_dec_outer:
	xorps	%xmm2,%xmm8
	movdqa	%xmm9,%xmm2
	movl	%r10d,%eax
	movups	%xmm8,(%rsi)
	leaq	16(%rsi),%rsi
.byte	102,15,56,0,215

	subq	$1,%rdx
	jz	L$ccm64_dec_break

	movups	(%r11),%xmm0
	shrl	$1,%eax
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%rcx
	xorps	%xmm0,%xmm2
	xorps	%xmm8,%xmm3
	movups	(%rcx),%xmm0

L$ccm64_dec2_loop:
	aesenc	%xmm1,%xmm2
	decl	%eax
	aesenc	%xmm1,%xmm3
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm3
	movups	0(%rcx),%xmm0
	jnz	L$ccm64_dec2_loop
	movups	(%rdi),%xmm8
	paddq	%xmm6,%xmm9
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	leaq	16(%rdi),%rdi
	aesenclast	%xmm0,%xmm2
	aesenclast	%xmm0,%xmm3
	jmp	L$ccm64_dec_outer

.p2align	4
L$ccm64_dec_break:

	movups	(%r11),%xmm0
	movups	16(%r11),%xmm1
	xorps	%xmm0,%xmm8
	leaq	32(%r11),%r11
	xorps	%xmm8,%xmm3
L$oop_enc1_6:
	aesenc	%xmm1,%xmm3
	decl	%eax
	movups	(%r11),%xmm1
	leaq	16(%r11),%r11
	jnz	L$oop_enc1_6	
	aesenclast	%xmm1,%xmm3
	movups	%xmm3,(%r9)
	.byte	0xf3,0xc3

.globl	_aesni_ctr32_encrypt_blocks

.p2align	4
_aesni_ctr32_encrypt_blocks:
	cmpq	$1,%rdx
	je	L$ctr32_one_shortcut

	movdqu	(%r8),%xmm14
	movdqa	L$bswap_mask(%rip),%xmm15
	xorl	%eax,%eax
.byte	102,69,15,58,22,242,3
.byte	102,68,15,58,34,240,3

	movl	240(%rcx),%eax
	bswapl	%r10d
	pxor	%xmm12,%xmm12
	pxor	%xmm13,%xmm13
.byte	102,69,15,58,34,226,0
	leaq	3(%r10),%r11
.byte	102,69,15,58,34,235,0
	incl	%r10d
.byte	102,69,15,58,34,226,1
	incq	%r11
.byte	102,69,15,58,34,235,1
	incl	%r10d
.byte	102,69,15,58,34,226,2
	incq	%r11
.byte	102,69,15,58,34,235,2
	movdqa	%xmm12,-40(%rsp)
.byte	102,69,15,56,0,231
	movdqa	%xmm13,-24(%rsp)
.byte	102,69,15,56,0,239

	pshufd	$192,%xmm12,%xmm2
	pshufd	$128,%xmm12,%xmm3
	pshufd	$64,%xmm12,%xmm4
	cmpq	$6,%rdx
	jb	L$ctr32_tail
	shrl	$1,%eax
	movq	%rcx,%r11
	movl	%eax,%r10d
	subq	$6,%rdx
	jmp	L$ctr32_loop6

.p2align	4
L$ctr32_loop6:
	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm2
	movups	(%r11),%xmm0
	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm3
	movups	16(%r11),%xmm1
	pshufd	$64,%xmm13,%xmm7
	por	%xmm14,%xmm4
	por	%xmm14,%xmm5
	xorps	%xmm0,%xmm2
	por	%xmm14,%xmm6
	por	%xmm14,%xmm7




	pxor	%xmm0,%xmm3
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	aesenc	%xmm1,%xmm3
	movdqa	L$increment32(%rip),%xmm13
	pxor	%xmm0,%xmm5
	aesenc	%xmm1,%xmm4
	movdqa	-40(%rsp),%xmm12
	pxor	%xmm0,%xmm6
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	jmp	L$ctr32_enc_loop6_enter
.p2align	4
L$ctr32_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
L$ctr32_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$ctr32_enc_loop6

	aesenc	%xmm1,%xmm2
	paddd	%xmm13,%xmm12
	aesenc	%xmm1,%xmm3
	paddd	-24(%rsp),%xmm13
	aesenc	%xmm1,%xmm4
	movdqa	%xmm12,-40(%rsp)
	aesenc	%xmm1,%xmm5
	movdqa	%xmm13,-24(%rsp)
	aesenc	%xmm1,%xmm6
.byte	102,69,15,56,0,231
	aesenc	%xmm1,%xmm7
.byte	102,69,15,56,0,239

	aesenclast	%xmm0,%xmm2
	movups	(%rdi),%xmm8
	aesenclast	%xmm0,%xmm3
	movups	16(%rdi),%xmm9
	aesenclast	%xmm0,%xmm4
	movups	32(%rdi),%xmm10
	aesenclast	%xmm0,%xmm5
	movups	48(%rdi),%xmm11
	aesenclast	%xmm0,%xmm6
	movups	64(%rdi),%xmm1
	aesenclast	%xmm0,%xmm7
	movups	80(%rdi),%xmm0
	leaq	96(%rdi),%rdi

	xorps	%xmm2,%xmm8
	pshufd	$192,%xmm12,%xmm2
	xorps	%xmm3,%xmm9
	pshufd	$128,%xmm12,%xmm3
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	pshufd	$64,%xmm12,%xmm4
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	xorps	%xmm7,%xmm0
	movups	%xmm1,64(%rsi)
	movups	%xmm0,80(%rsi)
	leaq	96(%rsi),%rsi
	movl	%r10d,%eax
	subq	$6,%rdx
	jnc	L$ctr32_loop6

	addq	$6,%rdx
	jz	L$ctr32_done
	movq	%r11,%rcx
	leal	1(%rax,%rax,1),%eax

L$ctr32_tail:
	por	%xmm14,%xmm2
	movups	(%rdi),%xmm8
	cmpq	$2,%rdx
	jb	L$ctr32_one

	por	%xmm14,%xmm3
	movups	16(%rdi),%xmm9
	je	L$ctr32_two

	pshufd	$192,%xmm13,%xmm5
	por	%xmm14,%xmm4
	movups	32(%rdi),%xmm10
	cmpq	$4,%rdx
	jb	L$ctr32_three

	pshufd	$128,%xmm13,%xmm6
	por	%xmm14,%xmm5
	movups	48(%rdi),%xmm11
	je	L$ctr32_four

	por	%xmm14,%xmm6
	xorps	%xmm7,%xmm7

	call	_aesni_encrypt6

	movups	64(%rdi),%xmm1
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	xorps	%xmm6,%xmm1
	movups	%xmm11,48(%rsi)
	movups	%xmm1,64(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_one_shortcut:
	movups	(%r8),%xmm2
	movups	(%rdi),%xmm8
	movl	240(%rcx),%eax
L$ctr32_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_7:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_7	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm2,%xmm8
	movups	%xmm8,(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_two:
	xorps	%xmm4,%xmm4
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	movups	%xmm9,16(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_three:
	call	_aesni_encrypt3
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	movups	%xmm10,32(%rsi)
	jmp	L$ctr32_done

.p2align	4
L$ctr32_four:
	call	_aesni_encrypt4
	xorps	%xmm2,%xmm8
	xorps	%xmm3,%xmm9
	movups	%xmm8,(%rsi)
	xorps	%xmm4,%xmm10
	movups	%xmm9,16(%rsi)
	xorps	%xmm5,%xmm11
	movups	%xmm10,32(%rsi)
	movups	%xmm11,48(%rsi)

L$ctr32_done:
	.byte	0xf3,0xc3

.globl	_aesni_xts_encrypt

.p2align	4
_aesni_xts_encrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
L$oop_enc1_8:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	L$oop_enc1_8	
	aesenclast	%xmm1,%xmm15
	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	L$xts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	L$xts_enc_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	L$xts_enc_grandloop

.p2align	4
L$xts_enc_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesenc	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesenc	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesenc	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesenc	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesenc	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesenc	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	L$xts_enc_loop6_enter

.p2align	4
L$xts_enc_loop6:
	aesenc	%xmm1,%xmm2
	aesenc	%xmm1,%xmm3
	decl	%eax
	aesenc	%xmm1,%xmm4
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
L$xts_enc_loop6_enter:
	movups	16(%rcx),%xmm1
	aesenc	%xmm0,%xmm2
	aesenc	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesenc	%xmm0,%xmm4
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$xts_enc_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesenc	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm0,%xmm5
	aesenc	%xmm0,%xmm6
	aesenc	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesenc	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesenc	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenc	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesenc	%xmm1,%xmm5
	aesenc	%xmm1,%xmm6
	aesenc	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesenclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesenclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesenclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesenclast	%xmm0,%xmm5
	aesenclast	%xmm0,%xmm6
	aesenclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	L$xts_enc_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

L$xts_enc_short:
	addq	$96,%rdx
	jz	L$xts_enc_done

	cmpq	$32,%rdx
	jb	L$xts_enc_one
	je	L$xts_enc_two

	cmpq	$64,%rdx
	jb	L$xts_enc_three
	je	L$xts_enc_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_encrypt6

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	movdqu	%xmm5,48(%rsi)
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_9:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_9	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	leaq	16(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_encrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_four:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_encrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm15,%xmm10
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	L$xts_enc_done

.p2align	4
L$xts_enc_done:
	andq	$15,%r9
	jz	L$xts_enc_ret
	movq	%r9,%rdx

L$xts_enc_steal:
	movzbl	(%rdi),%eax
	movzbl	-16(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,-16(%rsi)
	movb	%cl,0(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	L$xts_enc_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	-16(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_enc1_10:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_10	
	aesenclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,-16(%rsi)

L$xts_enc_ret:
	leaq	104(%rsp),%rsp
L$xts_enc_epilogue:
	.byte	0xf3,0xc3

.globl	_aesni_xts_decrypt

.p2align	4
_aesni_xts_decrypt:
	leaq	-104(%rsp),%rsp
	movups	(%r9),%xmm15
	movl	240(%r8),%eax
	movl	240(%rcx),%r10d
	movups	(%r8),%xmm0
	movups	16(%r8),%xmm1
	leaq	32(%r8),%r8
	xorps	%xmm0,%xmm15
L$oop_enc1_11:
	aesenc	%xmm1,%xmm15
	decl	%eax
	movups	(%r8),%xmm1
	leaq	16(%r8),%r8
	jnz	L$oop_enc1_11	
	aesenclast	%xmm1,%xmm15
	xorl	%eax,%eax
	testq	$15,%rdx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%rdx

	movq	%rcx,%r11
	movl	%r10d,%eax
	movq	%rdx,%r9
	andq	$-16,%rdx

	movdqa	L$xts_magic(%rip),%xmm8
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm9
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15
	subq	$96,%rdx
	jc	L$xts_dec_short

	shrl	$1,%eax
	subl	$1,%eax
	movl	%eax,%r10d
	jmp	L$xts_dec_grandloop

.p2align	4
L$xts_dec_grandloop:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	0(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	pxor	%xmm12,%xmm4
	movdqu	80(%rdi),%xmm7
	leaq	96(%rdi),%rdi
	pxor	%xmm13,%xmm5
	movups	(%r11),%xmm0
	pxor	%xmm14,%xmm6
	pxor	%xmm15,%xmm7



	movups	16(%r11),%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm0,%xmm3
	movdqa	%xmm10,0(%rsp)
	aesdec	%xmm1,%xmm2
	leaq	32(%r11),%rcx
	pxor	%xmm0,%xmm4
	movdqa	%xmm11,16(%rsp)
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqa	%xmm12,32(%rsp)
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqa	%xmm13,48(%rsp)
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	decl	%eax
	movdqa	%xmm14,64(%rsp)
	aesdec	%xmm1,%xmm6
	movdqa	%xmm15,80(%rsp)
	aesdec	%xmm1,%xmm7
	pxor	%xmm14,%xmm14
	pcmpgtd	%xmm15,%xmm14
	jmp	L$xts_dec_loop6_enter

.p2align	4
L$xts_dec_loop6:
	aesdec	%xmm1,%xmm2
	aesdec	%xmm1,%xmm3
	decl	%eax
	aesdec	%xmm1,%xmm4
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
L$xts_dec_loop6_enter:
	movups	16(%rcx),%xmm1
	aesdec	%xmm0,%xmm2
	aesdec	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	aesdec	%xmm0,%xmm4
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	(%rcx),%xmm0
	jnz	L$xts_dec_loop6

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7
	movups	16(%rcx),%xmm1

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	aesdec	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm0,%xmm5
	aesdec	%xmm0,%xmm6
	aesdec	%xmm0,%xmm7
	movups	32(%rcx),%xmm0

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm11
	paddq	%xmm15,%xmm15
	aesdec	%xmm1,%xmm2
	pand	%xmm8,%xmm9
	aesdec	%xmm1,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdec	%xmm1,%xmm4
	pxor	%xmm9,%xmm15
	aesdec	%xmm1,%xmm5
	aesdec	%xmm1,%xmm6
	aesdec	%xmm1,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm12
	paddq	%xmm15,%xmm15
	aesdeclast	%xmm0,%xmm2
	pand	%xmm8,%xmm9
	aesdeclast	%xmm0,%xmm3
	pcmpgtd	%xmm15,%xmm14
	aesdeclast	%xmm0,%xmm4
	pxor	%xmm9,%xmm15
	aesdeclast	%xmm0,%xmm5
	aesdeclast	%xmm0,%xmm6
	aesdeclast	%xmm0,%xmm7

	pshufd	$19,%xmm14,%xmm9
	pxor	%xmm14,%xmm14
	movdqa	%xmm15,%xmm13
	paddq	%xmm15,%xmm15
	xorps	0(%rsp),%xmm2
	pand	%xmm8,%xmm9
	xorps	16(%rsp),%xmm3
	pcmpgtd	%xmm15,%xmm14
	pxor	%xmm9,%xmm15

	xorps	32(%rsp),%xmm4
	movups	%xmm2,0(%rsi)
	xorps	48(%rsp),%xmm5
	movups	%xmm3,16(%rsi)
	xorps	64(%rsp),%xmm6
	movups	%xmm4,32(%rsi)
	xorps	80(%rsp),%xmm7
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	subq	$96,%rdx
	jnc	L$xts_dec_grandloop

	leal	3(%rax,%rax,1),%eax
	movq	%r11,%rcx
	movl	%eax,%r10d

L$xts_dec_short:
	addq	$96,%rdx
	jz	L$xts_dec_done

	cmpq	$32,%rdx
	jb	L$xts_dec_one
	je	L$xts_dec_two

	cmpq	$64,%rdx
	jb	L$xts_dec_three
	je	L$xts_dec_four

	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movdqu	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movdqu	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movdqu	32(%rdi),%xmm4
	pxor	%xmm10,%xmm2
	movdqu	48(%rdi),%xmm5
	pxor	%xmm11,%xmm3
	movdqu	64(%rdi),%xmm6
	leaq	80(%rdi),%rdi
	pxor	%xmm12,%xmm4
	pxor	%xmm13,%xmm5
	pxor	%xmm14,%xmm6

	call	_aesni_decrypt6

	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	movdqu	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movdqu	%xmm3,16(%rsi)
	xorps	%xmm14,%xmm6
	movdqu	%xmm4,32(%rsi)
	pxor	%xmm14,%xmm14
	movdqu	%xmm5,48(%rsi)
	pcmpgtd	%xmm15,%xmm14
	movdqu	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	pshufd	$19,%xmm14,%xmm11
	andq	$15,%r9
	jz	L$xts_dec_ret

	movdqa	%xmm15,%xmm10
	paddq	%xmm15,%xmm15
	pand	%xmm8,%xmm11
	pxor	%xmm15,%xmm11
	jmp	L$xts_dec_done2

.p2align	4
L$xts_dec_one:
	movups	(%rdi),%xmm2
	leaq	16(%rdi),%rdi
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_12:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_12	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movdqa	%xmm11,%xmm10
	movups	%xmm2,(%rsi)
	movdqa	%xmm12,%xmm11
	leaq	16(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_two:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	leaq	32(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm12,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm13,%xmm11
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	leaq	32(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_three:
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	32(%rdi),%xmm4
	leaq	48(%rdi),%rdi
	xorps	%xmm10,%xmm2
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4

	call	_aesni_decrypt3

	xorps	%xmm10,%xmm2
	movdqa	%xmm13,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	leaq	48(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_four:
	pshufd	$19,%xmm14,%xmm9
	movdqa	%xmm15,%xmm14
	paddq	%xmm15,%xmm15
	movups	(%rdi),%xmm2
	pand	%xmm8,%xmm9
	movups	16(%rdi),%xmm3
	pxor	%xmm9,%xmm15

	movups	32(%rdi),%xmm4
	xorps	%xmm10,%xmm2
	movups	48(%rdi),%xmm5
	leaq	64(%rdi),%rdi
	xorps	%xmm11,%xmm3
	xorps	%xmm12,%xmm4
	xorps	%xmm13,%xmm5

	call	_aesni_decrypt4

	xorps	%xmm10,%xmm2
	movdqa	%xmm14,%xmm10
	xorps	%xmm11,%xmm3
	movdqa	%xmm15,%xmm11
	xorps	%xmm12,%xmm4
	movups	%xmm2,(%rsi)
	xorps	%xmm13,%xmm5
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	jmp	L$xts_dec_done

.p2align	4
L$xts_dec_done:
	andq	$15,%r9
	jz	L$xts_dec_ret
L$xts_dec_done2:
	movq	%r9,%rdx
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rdi),%xmm2
	xorps	%xmm11,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_13:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_13	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm11,%xmm2
	movups	%xmm2,(%rsi)

L$xts_dec_steal:
	movzbl	16(%rdi),%eax
	movzbl	(%rsi),%ecx
	leaq	1(%rdi),%rdi
	movb	%al,(%rsi)
	movb	%cl,16(%rsi)
	leaq	1(%rsi),%rsi
	subq	$1,%rdx
	jnz	L$xts_dec_steal

	subq	%r9,%rsi
	movq	%r11,%rcx
	movl	%r10d,%eax

	movups	(%rsi),%xmm2
	xorps	%xmm10,%xmm2
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_14:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_14	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm10,%xmm2
	movups	%xmm2,(%rsi)

L$xts_dec_ret:
	leaq	104(%rsp),%rsp
L$xts_dec_epilogue:
	.byte	0xf3,0xc3

.globl	_aesni_cbc_encrypt

.p2align	4
_aesni_cbc_encrypt:
	testq	%rdx,%rdx
	jz	L$cbc_ret

	movl	240(%rcx),%r10d
	movq	%rcx,%r11
	testl	%r9d,%r9d
	jz	L$cbc_decrypt

	movups	(%r8),%xmm2
	movl	%r10d,%eax
	cmpq	$16,%rdx
	jb	L$cbc_enc_tail
	subq	$16,%rdx
	jmp	L$cbc_enc_loop
.p2align	4
L$cbc_enc_loop:
	movups	(%rdi),%xmm3
	leaq	16(%rdi),%rdi

	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	xorps	%xmm0,%xmm3
	leaq	32(%rcx),%rcx
	xorps	%xmm3,%xmm2
L$oop_enc1_15:
	aesenc	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_enc1_15	
	aesenclast	%xmm1,%xmm2
	movl	%r10d,%eax
	movq	%r11,%rcx
	movups	%xmm2,0(%rsi)
	leaq	16(%rsi),%rsi
	subq	$16,%rdx
	jnc	L$cbc_enc_loop
	addq	$16,%rdx
	jnz	L$cbc_enc_tail
	movups	%xmm2,(%r8)
	jmp	L$cbc_ret

L$cbc_enc_tail:
	movq	%rdx,%rcx
	xchgq	%rdi,%rsi
.long	0x9066A4F3	
	movl	$16,%ecx
	subq	%rdx,%rcx
	xorl	%eax,%eax
.long	0x9066AAF3	
	leaq	-16(%rdi),%rdi
	movl	%r10d,%eax
	movq	%rdi,%rsi
	movq	%r11,%rcx
	xorq	%rdx,%rdx
	jmp	L$cbc_enc_loop	

.p2align	4
L$cbc_decrypt:
	movups	(%r8),%xmm9
	movl	%r10d,%eax
	cmpq	$112,%rdx
	jbe	L$cbc_dec_tail
	shrl	$1,%r10d
	subq	$112,%rdx
	movl	%r10d,%eax
	movaps	%xmm9,-24(%rsp)
	jmp	L$cbc_dec_loop8_enter
.p2align	4
L$cbc_dec_loop8:
	movaps	%xmm0,-24(%rsp)
	movups	%xmm9,(%rsi)
	leaq	16(%rsi),%rsi
L$cbc_dec_loop8_enter:
	movups	(%rcx),%xmm0
	movups	(%rdi),%xmm2
	movups	16(%rdi),%xmm3
	movups	16(%rcx),%xmm1

	leaq	32(%rcx),%rcx
	movdqu	32(%rdi),%xmm4
	xorps	%xmm0,%xmm2
	movdqu	48(%rdi),%xmm5
	xorps	%xmm0,%xmm3
	movdqu	64(%rdi),%xmm6
	aesdec	%xmm1,%xmm2
	pxor	%xmm0,%xmm4
	movdqu	80(%rdi),%xmm7
	aesdec	%xmm1,%xmm3
	pxor	%xmm0,%xmm5
	movdqu	96(%rdi),%xmm8
	aesdec	%xmm1,%xmm4
	pxor	%xmm0,%xmm6
	movdqu	112(%rdi),%xmm9
	aesdec	%xmm1,%xmm5
	pxor	%xmm0,%xmm7
	decl	%eax
	aesdec	%xmm1,%xmm6
	pxor	%xmm0,%xmm8
	aesdec	%xmm1,%xmm7
	pxor	%xmm0,%xmm9
	movups	(%rcx),%xmm0
	aesdec	%xmm1,%xmm8
	aesdec	%xmm1,%xmm9
	movups	16(%rcx),%xmm1

	call	L$dec_loop8_enter

	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm1
	xorps	%xmm0,%xmm8
	movups	112(%rdi),%xmm0
	xorps	%xmm1,%xmm9
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movl	%r10d,%eax
	movups	%xmm6,64(%rsi)
	movq	%r11,%rcx
	movups	%xmm7,80(%rsi)
	leaq	128(%rdi),%rdi
	movups	%xmm8,96(%rsi)
	leaq	112(%rsi),%rsi
	subq	$128,%rdx
	ja	L$cbc_dec_loop8

	movaps	%xmm9,%xmm2
	movaps	%xmm0,%xmm9
	addq	$112,%rdx
	jle	L$cbc_dec_tail_collected
	movups	%xmm2,(%rsi)
	leal	1(%r10,%r10,1),%eax
	leaq	16(%rsi),%rsi
L$cbc_dec_tail:
	movups	(%rdi),%xmm2
	movaps	%xmm2,%xmm8
	cmpq	$16,%rdx
	jbe	L$cbc_dec_one

	movups	16(%rdi),%xmm3
	movaps	%xmm3,%xmm7
	cmpq	$32,%rdx
	jbe	L$cbc_dec_two

	movups	32(%rdi),%xmm4
	movaps	%xmm4,%xmm6
	cmpq	$48,%rdx
	jbe	L$cbc_dec_three

	movups	48(%rdi),%xmm5
	cmpq	$64,%rdx
	jbe	L$cbc_dec_four

	movups	64(%rdi),%xmm6
	cmpq	$80,%rdx
	jbe	L$cbc_dec_five

	movups	80(%rdi),%xmm7
	cmpq	$96,%rdx
	jbe	L$cbc_dec_six

	movups	96(%rdi),%xmm8
	movaps	%xmm9,-24(%rsp)
	call	_aesni_decrypt8
	movups	(%rdi),%xmm1
	movups	16(%rdi),%xmm0
	xorps	-24(%rsp),%xmm2
	xorps	%xmm1,%xmm3
	movups	32(%rdi),%xmm1
	xorps	%xmm0,%xmm4
	movups	48(%rdi),%xmm0
	xorps	%xmm1,%xmm5
	movups	64(%rdi),%xmm1
	xorps	%xmm0,%xmm6
	movups	80(%rdi),%xmm0
	xorps	%xmm1,%xmm7
	movups	96(%rdi),%xmm9
	xorps	%xmm0,%xmm8
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	movups	%xmm7,80(%rsi)
	leaq	96(%rsi),%rsi
	movaps	%xmm8,%xmm2
	subq	$112,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_one:
	movups	(%rcx),%xmm0
	movups	16(%rcx),%xmm1
	leaq	32(%rcx),%rcx
	xorps	%xmm0,%xmm2
L$oop_dec1_16:
	aesdec	%xmm1,%xmm2
	decl	%eax
	movups	(%rcx),%xmm1
	leaq	16(%rcx),%rcx
	jnz	L$oop_dec1_16	
	aesdeclast	%xmm1,%xmm2
	xorps	%xmm9,%xmm2
	movaps	%xmm8,%xmm9
	subq	$16,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_two:
	xorps	%xmm4,%xmm4
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	movaps	%xmm7,%xmm9
	movaps	%xmm3,%xmm2
	leaq	16(%rsi),%rsi
	subq	$32,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_three:
	call	_aesni_decrypt3
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	movaps	%xmm6,%xmm9
	movaps	%xmm4,%xmm2
	leaq	32(%rsi),%rsi
	subq	$48,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_four:
	call	_aesni_decrypt4
	xorps	%xmm9,%xmm2
	movups	48(%rdi),%xmm9
	xorps	%xmm8,%xmm3
	movups	%xmm2,(%rsi)
	xorps	%xmm7,%xmm4
	movups	%xmm3,16(%rsi)
	xorps	%xmm6,%xmm5
	movups	%xmm4,32(%rsi)
	movaps	%xmm5,%xmm2
	leaq	48(%rsi),%rsi
	subq	$64,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_five:
	xorps	%xmm7,%xmm7
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm9
	xorps	%xmm1,%xmm6
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	leaq	64(%rsi),%rsi
	movaps	%xmm6,%xmm2
	subq	$80,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_six:
	call	_aesni_decrypt6
	movups	16(%rdi),%xmm1
	movups	32(%rdi),%xmm0
	xorps	%xmm9,%xmm2
	xorps	%xmm8,%xmm3
	xorps	%xmm1,%xmm4
	movups	48(%rdi),%xmm1
	xorps	%xmm0,%xmm5
	movups	64(%rdi),%xmm0
	xorps	%xmm1,%xmm6
	movups	80(%rdi),%xmm9
	xorps	%xmm0,%xmm7
	movups	%xmm2,(%rsi)
	movups	%xmm3,16(%rsi)
	movups	%xmm4,32(%rsi)
	movups	%xmm5,48(%rsi)
	movups	%xmm6,64(%rsi)
	leaq	80(%rsi),%rsi
	movaps	%xmm7,%xmm2
	subq	$96,%rdx
	jmp	L$cbc_dec_tail_collected
.p2align	4
L$cbc_dec_tail_collected:
	andq	$15,%rdx
	movups	%xmm9,(%r8)
	jnz	L$cbc_dec_tail_partial
	movups	%xmm2,(%rsi)
	jmp	L$cbc_dec_ret
.p2align	4
L$cbc_dec_tail_partial:
	movaps	%xmm2,-24(%rsp)
	movq	$16,%rcx
	movq	%rsi,%rdi
	subq	%rdx,%rcx
	leaq	-24(%rsp),%rsi
.long	0x9066A4F3	

L$cbc_dec_ret:
L$cbc_ret:
	.byte	0xf3,0xc3

.globl	_aesni_set_decrypt_key

.p2align	4
_aesni_set_decrypt_key:
	subq	$8,%rsp
	call	__aesni_set_encrypt_key
	shll	$4,%esi
	testl	%eax,%eax
	jnz	L$dec_key_ret
	leaq	16(%rdx,%rsi,1),%rdi

	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	movups	%xmm0,(%rdi)
	movups	%xmm1,(%rdx)
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi

L$dec_key_inverse:
	movups	(%rdx),%xmm0
	movups	(%rdi),%xmm1
	aesimc	%xmm0,%xmm0
	aesimc	%xmm1,%xmm1
	leaq	16(%rdx),%rdx
	leaq	-16(%rdi),%rdi
	movups	%xmm0,16(%rdi)
	movups	%xmm1,-16(%rdx)
	cmpq	%rdx,%rdi
	ja	L$dec_key_inverse

	movups	(%rdx),%xmm0
	aesimc	%xmm0,%xmm0
	movups	%xmm0,(%rdi)
L$dec_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
L$SEH_end_set_decrypt_key:

.globl	_aesni_set_encrypt_key

.p2align	4
_aesni_set_encrypt_key:
__aesni_set_encrypt_key:
	subq	$8,%rsp
	movq	$-1,%rax
	testq	%rdi,%rdi
	jz	L$enc_key_ret
	testq	%rdx,%rdx
	jz	L$enc_key_ret

	movups	(%rdi),%xmm0
	xorps	%xmm4,%xmm4
	leaq	16(%rdx),%rax
	cmpl	$256,%esi
	je	L$14rounds
	cmpl	$192,%esi
	je	L$12rounds
	cmpl	$128,%esi
	jne	L$bad_keybits

L$10rounds:
	movl	$9,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm0,%xmm1
	call	L$key_expansion_128_cold
	aeskeygenassist	$2,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$4,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$8,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$16,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$32,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$64,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$128,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$27,%xmm0,%xmm1
	call	L$key_expansion_128
	aeskeygenassist	$54,%xmm0,%xmm1
	call	L$key_expansion_128
	movups	%xmm0,(%rax)
	movl	%esi,80(%rax)
	xorl	%eax,%eax
	jmp	L$enc_key_ret

.p2align	4
L$12rounds:
	movq	16(%rdi),%xmm2
	movl	$11,%esi
	movups	%xmm0,(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	L$key_expansion_192a_cold
	aeskeygenassist	$2,%xmm2,%xmm1
	call	L$key_expansion_192b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	L$key_expansion_192a
	aeskeygenassist	$8,%xmm2,%xmm1
	call	L$key_expansion_192b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	L$key_expansion_192a
	aeskeygenassist	$32,%xmm2,%xmm1
	call	L$key_expansion_192b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	L$key_expansion_192a
	aeskeygenassist	$128,%xmm2,%xmm1
	call	L$key_expansion_192b
	movups	%xmm0,(%rax)
	movl	%esi,48(%rax)
	xorq	%rax,%rax
	jmp	L$enc_key_ret

.p2align	4
L$14rounds:
	movups	16(%rdi),%xmm2
	movl	$13,%esi
	leaq	16(%rax),%rax
	movups	%xmm0,(%rdx)
	movups	%xmm2,16(%rdx)
	aeskeygenassist	$1,%xmm2,%xmm1
	call	L$key_expansion_256a_cold
	aeskeygenassist	$1,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$2,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$2,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$4,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$4,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$8,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$8,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$16,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$16,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$32,%xmm2,%xmm1
	call	L$key_expansion_256a
	aeskeygenassist	$32,%xmm0,%xmm1
	call	L$key_expansion_256b
	aeskeygenassist	$64,%xmm2,%xmm1
	call	L$key_expansion_256a
	movups	%xmm0,(%rax)
	movl	%esi,16(%rax)
	xorq	%rax,%rax
	jmp	L$enc_key_ret

.p2align	4
L$bad_keybits:
	movq	$-2,%rax
L$enc_key_ret:
	addq	$8,%rsp
	.byte	0xf3,0xc3
L$SEH_end_set_encrypt_key:

.p2align	4
L$key_expansion_128:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
L$key_expansion_128_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.p2align	4
L$key_expansion_192a:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax
L$key_expansion_192a_cold:
	movaps	%xmm2,%xmm5
L$key_expansion_192b_warm:
	shufps	$16,%xmm0,%xmm4
	movdqa	%xmm2,%xmm3
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	pslldq	$4,%xmm3
	xorps	%xmm4,%xmm0
	pshufd	$85,%xmm1,%xmm1
	pxor	%xmm3,%xmm2
	pxor	%xmm1,%xmm0
	pshufd	$255,%xmm0,%xmm3
	pxor	%xmm3,%xmm2
	.byte	0xf3,0xc3

.p2align	4
L$key_expansion_192b:
	movaps	%xmm0,%xmm3
	shufps	$68,%xmm0,%xmm5
	movups	%xmm5,(%rax)
	shufps	$78,%xmm2,%xmm3
	movups	%xmm3,16(%rax)
	leaq	32(%rax),%rax
	jmp	L$key_expansion_192b_warm

.p2align	4
L$key_expansion_256a:
	movups	%xmm2,(%rax)
	leaq	16(%rax),%rax
L$key_expansion_256a_cold:
	shufps	$16,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$140,%xmm0,%xmm4
	xorps	%xmm4,%xmm0
	shufps	$255,%xmm1,%xmm1
	xorps	%xmm1,%xmm0
	.byte	0xf3,0xc3

.p2align	4
L$key_expansion_256b:
	movups	%xmm0,(%rax)
	leaq	16(%rax),%rax

	shufps	$16,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$140,%xmm2,%xmm4
	xorps	%xmm4,%xmm2
	shufps	$170,%xmm1,%xmm1
	xorps	%xmm1,%xmm2
	.byte	0xf3,0xc3


.p2align	6
L$bswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
L$increment32:
.long	6,6,6,0
L$increment64:
.long	1,0,0,0
L$xts_magic:
.long	0x87,0,1,0

.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/aesni-sha1-elf-x86_64.S.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
#include "x86_arch.h"
.text	

.hidden	OPENSSL_ia32cap_P

.globl	aesni_cbc_sha1_enc
.type	aesni_cbc_sha1_enc,@function
.align	16
aesni_cbc_sha1_enc:

	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
	movl	OPENSSL_ia32cap_P+4(%rip),%r11d
	jmp	aesni_cbc_sha1_enc_ssse3
	.byte	0xf3,0xc3
.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
.type	aesni_cbc_sha1_enc_ssse3,@function
.align	16
aesni_cbc_sha1_enc_ssse3:
	movq	8(%rsp),%r10


	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-104(%rsp),%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqu	(%r8),%xmm11
	movq	%r8,88(%rsp)
	shlq	$6,%r14
	subq	%r12,%r13
	movl	240(%r15),%r8d
	addq	%r10,%r14

	leaq	K_XX_XX(%rip),%r11
	movl	0(%r9),%eax
	movl	4(%r9),%ebx
	movl	8(%r9),%ecx
	movl	12(%r9),%edx
	movl	%ebx,%esi
	movl	16(%r9),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	movups	(%r15),%xmm13
	movups	16(%r15),%xmm14
	jmp	.Loop_ssse3
.align	16
.Loop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	movups	0(%r12),%xmm12
	xorps	%xmm13,%xmm12
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	cmpl	$11,%r8d
	jb	.Laesenclast1
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast1
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast1:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	movups	16(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,0(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	.Laesenclast2
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast2
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast2:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	movups	32(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,16(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	cmpl	$11,%r8d
	jb	.Laesenclast3
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast3
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast3:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	movups	48(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,32(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r14,%r10
	je	.Ldone_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	.Laesenclast4
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast4
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast4:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	leaq	64(%r12),%r12

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	addl	12(%r9),%edx
	movl	%eax,0(%r9)
	addl	16(%r9),%ebp
	movl	%esi,4(%r9)
	movl	%esi,%ebx
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	jmp	.Loop_ssse3

.align	16
.Ldone_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	.Laesenclast5
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast5
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast5:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	movq	88(%rsp),%r8

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	movl	%eax,0(%r9)
	addl	12(%r9),%edx
	movl	%esi,4(%r9)
	addl	16(%r9),%ebp
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	movups	%xmm11,(%r8)
	leaq	104(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lepilogue_ssse3:
	.byte	0xf3,0xc3
.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
.align	64
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	

.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/aes/aesni-sha1-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
.text	


.globl	aesni_cbc_sha1_enc
.type	aesni_cbc_sha1_enc,@function
.align	16
aesni_cbc_sha1_enc:

	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
	movl	OPENSSL_ia32cap_P+4(%rip),%r11d
	jmp	aesni_cbc_sha1_enc_ssse3
	.byte	0xf3,0xc3
.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
.type	aesni_cbc_sha1_enc_ssse3,@function
.align	16
aesni_cbc_sha1_enc_ssse3:
	movq	8(%rsp),%r10


	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-104(%rsp),%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqu	(%r8),%xmm11
	movq	%r8,88(%rsp)
	shlq	$6,%r14
	subq	%r12,%r13
	movl	240(%r15),%r8d
	addq	%r10,%r14

	leaq	K_XX_XX(%rip),%r11
	movl	0(%r9),%eax
	movl	4(%r9),%ebx
	movl	8(%r9),%ecx
	movl	12(%r9),%edx
	movl	%ebx,%esi
	movl	16(%r9),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	movups	(%r15),%xmm13
	movups	16(%r15),%xmm14
	jmp	.Loop_ssse3
.align	16
.Loop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	movups	0(%r12),%xmm12
	xorps	%xmm13,%xmm12
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	cmpl	$11,%r8d
	jb	.Laesenclast1
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast1
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast1:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	movups	16(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,0(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	.Laesenclast2
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast2
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast2:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	movups	32(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,16(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	cmpl	$11,%r8d
	jb	.Laesenclast3
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast3
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast3:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	movups	48(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,32(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r14,%r10
	je	.Ldone_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	.Laesenclast4
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast4
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast4:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	leaq	64(%r12),%r12

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	addl	12(%r9),%edx
	movl	%eax,0(%r9)
	addl	16(%r9),%ebp
	movl	%esi,4(%r9)
	movl	%esi,%ebx
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	jmp	.Loop_ssse3

.align	16
.Ldone_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	.Laesenclast5
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	.Laesenclast5
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
.Laesenclast5:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	movq	88(%rsp),%r8

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	movl	%eax,0(%r9)
	addl	12(%r9),%edx
	movl	%esi,4(%r9)
	addl	16(%r9),%ebp
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	movups	%xmm11,(%r8)
	leaq	104(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lepilogue_ssse3:
	.byte	0xf3,0xc3
.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
.align	64
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	

.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/aesni-sha1-macosx-x86_64.S.












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
#include "x86_arch.h"
.text	

.private_extern	_OPENSSL_ia32cap_P

.globl	_aesni_cbc_sha1_enc

.p2align	4
_aesni_cbc_sha1_enc:

	movl	_OPENSSL_ia32cap_P+0(%rip),%r10d
	movl	_OPENSSL_ia32cap_P+4(%rip),%r11d
	jmp	aesni_cbc_sha1_enc_ssse3
	.byte	0xf3,0xc3


.p2align	4
aesni_cbc_sha1_enc_ssse3:
	movq	8(%rsp),%r10


	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-104(%rsp),%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqu	(%r8),%xmm11
	movq	%r8,88(%rsp)
	shlq	$6,%r14
	subq	%r12,%r13
	movl	240(%r15),%r8d
	addq	%r10,%r14

	leaq	K_XX_XX(%rip),%r11
	movl	0(%r9),%eax
	movl	4(%r9),%ebx
	movl	8(%r9),%ecx
	movl	12(%r9),%edx
	movl	%ebx,%esi
	movl	16(%r9),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	movups	(%r15),%xmm13
	movups	16(%r15),%xmm14
	jmp	L$oop_ssse3
.p2align	4
L$oop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	movups	0(%r12),%xmm12
	xorps	%xmm13,%xmm12
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	cmpl	$11,%r8d
	jb	L$aesenclast1
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast1
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast1:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	movups	16(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,0(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	L$aesenclast2
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast2
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast2:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	movups	32(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,16(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	cmpl	$11,%r8d
	jb	L$aesenclast3
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast3
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast3:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	movups	48(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,32(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r14,%r10
	je	L$done_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	L$aesenclast4
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast4
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast4:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	leaq	64(%r12),%r12

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	addl	12(%r9),%edx
	movl	%eax,0(%r9)
	addl	16(%r9),%ebp
	movl	%esi,4(%r9)
	movl	%esi,%ebx
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	jmp	L$oop_ssse3

.p2align	4
L$done_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	L$aesenclast5
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast5
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast5:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	movq	88(%rsp),%r8

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	movl	%eax,0(%r9)
	addl	12(%r9),%edx
	movl	%esi,4(%r9)
	addl	16(%r9),%ebp
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	movups	%xmm11,(%r8)
	leaq	104(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$epilogue_ssse3:
	.byte	0xf3,0xc3

.p2align	6
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	

.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
Deleted jni/libressl/crypto/aes/aesni-sha1-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
.text	


.globl	_aesni_cbc_sha1_enc

.p2align	4
_aesni_cbc_sha1_enc:

	movl	_OPENSSL_ia32cap_P+0(%rip),%r10d
	movl	_OPENSSL_ia32cap_P+4(%rip),%r11d
	jmp	aesni_cbc_sha1_enc_ssse3
	.byte	0xf3,0xc3


.p2align	4
aesni_cbc_sha1_enc_ssse3:
	movq	8(%rsp),%r10


	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-104(%rsp),%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqu	(%r8),%xmm11
	movq	%r8,88(%rsp)
	shlq	$6,%r14
	subq	%r12,%r13
	movl	240(%r15),%r8d
	addq	%r10,%r14

	leaq	K_XX_XX(%rip),%r11
	movl	0(%r9),%eax
	movl	4(%r9),%ebx
	movl	8(%r9),%ecx
	movl	12(%r9),%edx
	movl	%ebx,%esi
	movl	16(%r9),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	movups	(%r15),%xmm13
	movups	16(%r15),%xmm14
	jmp	L$oop_ssse3
.p2align	4
L$oop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	movups	0(%r12),%xmm12
	xorps	%xmm13,%xmm12
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	cmpl	$11,%r8d
	jb	L$aesenclast1
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast1
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast1:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	movups	16(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,0(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	L$aesenclast2
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast2
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast2:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	movups	32(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,16(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	cmpl	$11,%r8d
	jb	L$aesenclast3
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast3
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast3:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	movups	48(%r12),%xmm12
	xorps	%xmm13,%xmm12
	movups	%xmm11,32(%r13,%r12,1)
	xorps	%xmm12,%xmm11
	aesenc	%xmm14,%xmm11
	movups	32(%r15),%xmm15
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	aesenc	%xmm15,%xmm11
	movups	48(%r15),%xmm14
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	64(%r15),%xmm15
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	80(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	96(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	aesenc	%xmm15,%xmm11
	movups	112(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r14,%r10
	je	L$done_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r10),%xmm0
	movdqu	16(%r10),%xmm1
	movdqu	32(%r10),%xmm2
	movdqu	48(%r10),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r10
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	L$aesenclast4
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast4
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast4:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	leaq	64(%r12),%r12

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	addl	12(%r9),%edx
	movl	%eax,0(%r9)
	addl	16(%r9),%ebp
	movl	%esi,4(%r9)
	movl	%esi,%ebx
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	jmp	L$oop_ssse3

.p2align	4
L$done_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	128(%r15),%xmm15
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	aesenc	%xmm15,%xmm11
	movups	144(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	aesenc	%xmm14,%xmm11
	movups	160(%r15),%xmm15
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	cmpl	$11,%r8d
	jb	L$aesenclast5
	movups	176(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	192(%r15),%xmm15
	aesenc	%xmm14,%xmm11
	je	L$aesenclast5
	movups	208(%r15),%xmm14
	aesenc	%xmm15,%xmm11
	movups	224(%r15),%xmm15
	aesenc	%xmm14,%xmm11
L$aesenclast5:
	aesenclast	%xmm15,%xmm11
	movups	16(%r15),%xmm14
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movups	%xmm11,48(%r13,%r12,1)
	movq	88(%rsp),%r8

	addl	0(%r9),%eax
	addl	4(%r9),%esi
	addl	8(%r9),%ecx
	movl	%eax,0(%r9)
	addl	12(%r9),%edx
	movl	%esi,4(%r9)
	addl	16(%r9),%ebp
	movl	%ecx,8(%r9)
	movl	%edx,12(%r9)
	movl	%ebp,16(%r9)
	movups	%xmm11,(%r8)
	leaq	104(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$epilogue_ssse3:
	.byte	0xf3,0xc3

.p2align	6
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	

.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/bsaes-elf-x86_64.S.












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
#include "x86_arch.h"
.text	




.type	_bsaes_encrypt8,@function
.align	64
_bsaes_encrypt8:
	leaq	.LBS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	80(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
_bsaes_encrypt8_bitslice:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	.Lenc_sbox
.align	16
.Lenc_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
.Lenc_sbox:
	pxor	%xmm5,%xmm4
	pxor	%xmm0,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm1,%xmm5
	pxor	%xmm15,%xmm4

	pxor	%xmm2,%xmm5
	pxor	%xmm6,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm3,%xmm2
	pxor	%xmm4,%xmm3
	pxor	%xmm0,%xmm2

	pxor	%xmm6,%xmm1
	pxor	%xmm4,%xmm0
	movdqa	%xmm6,%xmm10
	movdqa	%xmm0,%xmm9
	movdqa	%xmm4,%xmm8
	movdqa	%xmm1,%xmm12
	movdqa	%xmm5,%xmm11

	pxor	%xmm3,%xmm10
	pxor	%xmm1,%xmm9
	pxor	%xmm2,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm3,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm15,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm2,%xmm11
	pxor	%xmm15,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm6,%xmm12
	movdqa	%xmm4,%xmm11
	pxor	%xmm0,%xmm12
	pxor	%xmm5,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm1,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm3,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm0,%xmm13
	pand	%xmm2,%xmm11
	movdqa	%xmm6,%xmm14
	pand	%xmm15,%xmm12
	pand	%xmm4,%xmm13
	por	%xmm5,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm5,%xmm11
	movdqa	%xmm4,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm5,%xmm9
	pxor	%xmm4,%xmm5
	pand	%xmm14,%xmm4
	pand	%xmm13,%xmm5
	pxor	%xmm4,%xmm5
	pxor	%xmm9,%xmm4
	pxor	%xmm15,%xmm11
	pxor	%xmm2,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm2,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm2
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm2,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm2
	pxor	%xmm11,%xmm5
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm2

	movdqa	%xmm6,%xmm11
	movdqa	%xmm0,%xmm7
	pxor	%xmm3,%xmm11
	pxor	%xmm1,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm3,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm1,%xmm3
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm1
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm3
	pxor	%xmm11,%xmm7
	pxor	%xmm1,%xmm3
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm1
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm6,%xmm10
	pxor	%xmm0,%xmm6
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm6
	pxor	%xmm0,%xmm6
	pxor	%xmm10,%xmm0
	pxor	%xmm11,%xmm6
	pxor	%xmm11,%xmm3
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm1
	pxor	%xmm15,%xmm6
	pxor	%xmm5,%xmm0
	pxor	%xmm6,%xmm3
	pxor	%xmm15,%xmm5
	pxor	%xmm0,%xmm15

	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	pxor	%xmm2,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm4,%xmm3

	pxor	%xmm2,%xmm5
	decl	%r10d
	jl	.Lenc_done
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm3,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm5,%xmm10
	pxor	%xmm9,%xmm3
	pshufd	$147,%xmm2,%xmm11
	pxor	%xmm10,%xmm5
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm2
	pshufd	$147,%xmm1,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm1
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm2,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm5,%xmm11
	pshufd	$78,%xmm2,%xmm7
	pxor	%xmm1,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm3,%xmm10
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm1,%xmm5
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm12,%xmm8
	pxor	%xmm10,%xmm2
	pxor	%xmm14,%xmm6
	pxor	%xmm13,%xmm5
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm1
	movdqa	%xmm8,%xmm4
	movdqa	48(%r11),%xmm7
	jnz	.Lenc_loop
	movdqa	64(%r11),%xmm7
	jmp	.Lenc_loop
.align	16
.Lenc_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm2,%xmm10
	psrlq	$1,%xmm2
	pxor	%xmm4,%xmm1
	pxor	%xmm6,%xmm2
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm2
	pxor	%xmm1,%xmm4
	psllq	$1,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$1,%xmm2
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm2
	movdqa	%xmm3,%xmm9
	psrlq	$1,%xmm3
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm5,%xmm3
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm15
	pxor	%xmm3,%xmm5
	psllq	$1,%xmm3
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm2,%xmm10
	psrlq	$2,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm1,%xmm2
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm2
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm2,%xmm1
	psllq	$2,%xmm2
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm2
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm5,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm5
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm5,%xmm9
	psrlq	$4,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$4,%xmm3
	pxor	%xmm4,%xmm5
	pxor	%xmm1,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm4
	psllq	$4,%xmm5
	pxor	%xmm3,%xmm1
	psllq	$4,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm2,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm2
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3
.size	_bsaes_encrypt8,.-_bsaes_encrypt8

.type	_bsaes_decrypt8,@function
.align	64
_bsaes_decrypt8:
	leaq	.LBS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	-48(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	.Ldec_sbox
.align	16
.Ldec_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
.Ldec_sbox:
	pxor	%xmm3,%xmm2

	pxor	%xmm6,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm3,%xmm5
	pxor	%xmm5,%xmm6
	pxor	%xmm6,%xmm0

	pxor	%xmm0,%xmm15
	pxor	%xmm4,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm15,%xmm4
	pxor	%xmm2,%xmm0
	movdqa	%xmm2,%xmm10
	movdqa	%xmm6,%xmm9
	movdqa	%xmm0,%xmm8
	movdqa	%xmm3,%xmm12
	movdqa	%xmm4,%xmm11

	pxor	%xmm15,%xmm10
	pxor	%xmm3,%xmm9
	pxor	%xmm5,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm15,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm1,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm5,%xmm11
	pxor	%xmm1,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm2,%xmm12
	movdqa	%xmm0,%xmm11
	pxor	%xmm6,%xmm12
	pxor	%xmm4,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm3,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm15,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm6,%xmm13
	pand	%xmm5,%xmm11
	movdqa	%xmm2,%xmm14
	pand	%xmm1,%xmm12
	pand	%xmm0,%xmm13
	por	%xmm4,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm4,%xmm11
	movdqa	%xmm0,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm4,%xmm9
	pxor	%xmm0,%xmm4
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm4
	pxor	%xmm0,%xmm4
	pxor	%xmm9,%xmm0
	pxor	%xmm1,%xmm11
	pxor	%xmm5,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm1,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm5,%xmm1
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm5
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm1
	pxor	%xmm11,%xmm7
	pxor	%xmm5,%xmm1
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm5
	pxor	%xmm11,%xmm4
	pxor	%xmm11,%xmm1
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm5

	movdqa	%xmm2,%xmm11
	movdqa	%xmm6,%xmm7
	pxor	%xmm15,%xmm11
	pxor	%xmm3,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm3,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm3
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm3,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm3
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm2,%xmm10
	pxor	%xmm6,%xmm2
	pand	%xmm14,%xmm6
	pand	%xmm13,%xmm2
	pxor	%xmm6,%xmm2
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm4,%xmm5

	pxor	%xmm0,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm6,%xmm4
	pxor	%xmm1,%xmm3
	pxor	%xmm15,%xmm6
	pxor	%xmm4,%xmm3
	pxor	%xmm5,%xmm2
	pxor	%xmm0,%xmm5
	pxor	%xmm3,%xmm2

	pxor	%xmm15,%xmm3
	pxor	%xmm2,%xmm6
	decl	%r10d
	jl	.Ldec_done

	pshufd	$78,%xmm15,%xmm7
	pshufd	$78,%xmm2,%xmm13
	pxor	%xmm15,%xmm7
	pshufd	$78,%xmm4,%xmm14
	pxor	%xmm2,%xmm13
	pshufd	$78,%xmm0,%xmm8
	pxor	%xmm4,%xmm14
	pshufd	$78,%xmm5,%xmm9
	pxor	%xmm0,%xmm8
	pshufd	$78,%xmm3,%xmm10
	pxor	%xmm5,%xmm9
	pxor	%xmm13,%xmm15
	pxor	%xmm13,%xmm0
	pshufd	$78,%xmm1,%xmm11
	pxor	%xmm3,%xmm10
	pxor	%xmm7,%xmm5
	pxor	%xmm8,%xmm3
	pshufd	$78,%xmm6,%xmm12
	pxor	%xmm1,%xmm11
	pxor	%xmm14,%xmm0
	pxor	%xmm9,%xmm1
	pxor	%xmm6,%xmm12

	pxor	%xmm14,%xmm5
	pxor	%xmm13,%xmm3
	pxor	%xmm13,%xmm1
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm14,%xmm1
	pxor	%xmm14,%xmm6
	pxor	%xmm12,%xmm4
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm5,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm3,%xmm10
	pxor	%xmm9,%xmm5
	pshufd	$147,%xmm1,%xmm11
	pxor	%xmm10,%xmm3
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm1
	pshufd	$147,%xmm2,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm2
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm1,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm3,%xmm11
	pshufd	$78,%xmm1,%xmm7
	pxor	%xmm2,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm5,%xmm10
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm2,%xmm3
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm12,%xmm8
	pxor	%xmm1,%xmm10
	pxor	%xmm14,%xmm6
	pxor	%xmm3,%xmm13
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm2
	movdqa	%xmm13,%xmm5
	movdqa	%xmm8,%xmm4
	movdqa	%xmm2,%xmm1
	movdqa	%xmm10,%xmm2
	movdqa	-16(%r11),%xmm7
	jnz	.Ldec_loop
	movdqa	-32(%r11),%xmm7
	jmp	.Ldec_loop
.align	16
.Ldec_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm2,%xmm9
	psrlq	$1,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$1,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm6,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm4
	psllq	$1,%xmm2
	pxor	%xmm1,%xmm6
	psllq	$1,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm3,%xmm5
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm15
	pxor	%xmm5,%xmm3
	psllq	$1,%xmm5
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm1,%xmm10
	psrlq	$2,%xmm1
	pxor	%xmm4,%xmm6
	pxor	%xmm2,%xmm1
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm1
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm1,%xmm2
	psllq	$2,%xmm1
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm3,%xmm0
	pxor	%xmm5,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm3
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm5
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm3,%xmm9
	psrlq	$4,%xmm3
	movdqa	%xmm5,%xmm10
	psrlq	$4,%xmm5
	pxor	%xmm4,%xmm3
	pxor	%xmm2,%xmm5
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$4,%xmm3
	pxor	%xmm5,%xmm2
	psllq	$4,%xmm5
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm5
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3
.size	_bsaes_decrypt8,.-_bsaes_decrypt8
.type	_bsaes_key_convert,@function
.align	16
_bsaes_key_convert:
	leaq	.Lmasks(%rip),%r11
	movdqu	(%rcx),%xmm7
	leaq	16(%rcx),%rcx
	movdqa	0(%r11),%xmm0
	movdqa	16(%r11),%xmm1
	movdqa	32(%r11),%xmm2
	movdqa	48(%r11),%xmm3
	movdqa	64(%r11),%xmm4
	pcmpeqd	%xmm5,%xmm5

	movdqu	(%rcx),%xmm6
	movdqa	%xmm7,(%rax)
	leaq	16(%rax),%rax
	decl	%r10d
	jmp	.Lkey_loop
.align	16
.Lkey_loop:
.byte	102,15,56,0,244

	movdqa	%xmm0,%xmm8
	movdqa	%xmm1,%xmm9

	pand	%xmm6,%xmm8
	pand	%xmm6,%xmm9
	movdqa	%xmm2,%xmm10
	pcmpeqb	%xmm0,%xmm8
	psllq	$4,%xmm0
	movdqa	%xmm3,%xmm11
	pcmpeqb	%xmm1,%xmm9
	psllq	$4,%xmm1

	pand	%xmm6,%xmm10
	pand	%xmm6,%xmm11
	movdqa	%xmm0,%xmm12
	pcmpeqb	%xmm2,%xmm10
	psllq	$4,%xmm2
	movdqa	%xmm1,%xmm13
	pcmpeqb	%xmm3,%xmm11
	psllq	$4,%xmm3

	movdqa	%xmm2,%xmm14
	movdqa	%xmm3,%xmm15
	pxor	%xmm5,%xmm8
	pxor	%xmm5,%xmm9

	pand	%xmm6,%xmm12
	pand	%xmm6,%xmm13
	movdqa	%xmm8,0(%rax)
	pcmpeqb	%xmm0,%xmm12
	psrlq	$4,%xmm0
	movdqa	%xmm9,16(%rax)
	pcmpeqb	%xmm1,%xmm13
	psrlq	$4,%xmm1
	leaq	16(%rcx),%rcx

	pand	%xmm6,%xmm14
	pand	%xmm6,%xmm15
	movdqa	%xmm10,32(%rax)
	pcmpeqb	%xmm2,%xmm14
	psrlq	$4,%xmm2
	movdqa	%xmm11,48(%rax)
	pcmpeqb	%xmm3,%xmm15
	psrlq	$4,%xmm3
	movdqu	(%rcx),%xmm6

	pxor	%xmm5,%xmm13
	pxor	%xmm5,%xmm14
	movdqa	%xmm12,64(%rax)
	movdqa	%xmm13,80(%rax)
	movdqa	%xmm14,96(%rax)
	movdqa	%xmm15,112(%rax)
	leaq	128(%rax),%rax
	decl	%r10d
	jnz	.Lkey_loop

	movdqa	80(%r11),%xmm7

	.byte	0xf3,0xc3
.size	_bsaes_key_convert,.-_bsaes_key_convert

.globl	bsaes_cbc_encrypt
.type	bsaes_cbc_encrypt,@function
.align	16
bsaes_cbc_encrypt:
	cmpl	$0,%r9d
	jne	asm_AES_cbc_encrypt
	cmpq	$128,%rdx
	jb	asm_AES_cbc_encrypt

	movq	%rsp,%rax
.Lcbc_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movq	%r8,%rbx
	shrq	$4,%r14

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	movdqu	(%rbx),%xmm14
	subq	$8,%r14
.Lcbc_dec_loop:
	movdqu	0(%r12),%xmm15
	movdqu	16(%r12),%xmm0
	movdqu	32(%r12),%xmm1
	movdqu	48(%r12),%xmm2
	movdqu	64(%r12),%xmm3
	movdqu	80(%r12),%xmm4
	movq	%rsp,%rax
	movdqu	96(%r12),%xmm5
	movl	%edx,%r10d
	movdqu	112(%r12),%xmm6
	movdqa	%xmm14,32(%rbp)

	call	_bsaes_decrypt8

	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm2
	movdqu	112(%r12),%xmm14
	pxor	%xmm13,%xmm4
	movdqu	%xmm15,0(%r13)
	leaq	128(%r12),%r12
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	subq	$8,%r14
	jnc	.Lcbc_dec_loop

	addq	$8,%r14
	jz	.Lcbc_dec_done

	movdqu	0(%r12),%xmm15
	movq	%rsp,%rax
	movl	%edx,%r10d
	cmpq	$2,%r14
	jb	.Lcbc_dec_one
	movdqu	16(%r12),%xmm0
	je	.Lcbc_dec_two
	movdqu	32(%r12),%xmm1
	cmpq	$4,%r14
	jb	.Lcbc_dec_three
	movdqu	48(%r12),%xmm2
	je	.Lcbc_dec_four
	movdqu	64(%r12),%xmm3
	cmpq	$6,%r14
	jb	.Lcbc_dec_five
	movdqu	80(%r12),%xmm4
	je	.Lcbc_dec_six
	movdqu	96(%r12),%xmm5
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm14
	pxor	%xmm12,%xmm2
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_six:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm14
	pxor	%xmm11,%xmm6
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_five:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm14
	pxor	%xmm10,%xmm1
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_four:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm14
	pxor	%xmm9,%xmm3
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_three:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm14
	pxor	%xmm8,%xmm5
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_two:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm14
	pxor	%xmm7,%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_one:
	leaq	(%r12),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm14
	movdqu	%xmm14,(%r13)
	movdqa	%xmm15,%xmm14

.Lcbc_dec_done:
	movdqu	%xmm14,(%rbx)
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lcbc_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lcbc_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lcbc_dec_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt

.globl	bsaes_ctr32_encrypt_blocks
.type	bsaes_ctr32_encrypt_blocks,@function
.align	16
bsaes_ctr32_encrypt_blocks:
	movq	%rsp,%rax
.Lctr_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movdqu	(%r8),%xmm0
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqa	%xmm0,32(%rbp)
	cmpq	$8,%rdx
	jb	.Lctr_enc_short

	movl	%eax,%ebx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%ebx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	movdqa	(%rsp),%xmm8
	leaq	.LADD1(%rip),%r11
	movdqa	32(%rbp),%xmm15
	movdqa	-32(%r11),%xmm7
.byte	102,68,15,56,0,199
.byte	102,68,15,56,0,255
	movdqa	%xmm8,(%rsp)
	jmp	.Lctr_enc_loop
.align	16
.Lctr_enc_loop:
	movdqa	%xmm15,32(%rbp)
	movdqa	%xmm15,%xmm0
	movdqa	%xmm15,%xmm1
	paddd	0(%r11),%xmm0
	movdqa	%xmm15,%xmm2
	paddd	16(%r11),%xmm1
	movdqa	%xmm15,%xmm3
	paddd	32(%r11),%xmm2
	movdqa	%xmm15,%xmm4
	paddd	48(%r11),%xmm3
	movdqa	%xmm15,%xmm5
	paddd	64(%r11),%xmm4
	movdqa	%xmm15,%xmm6
	paddd	80(%r11),%xmm5
	paddd	96(%r11),%xmm6



	movdqa	(%rsp),%xmm8
	leaq	16(%rsp),%rax
	movdqa	-16(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
	leaq	.LBS0(%rip),%r11
.byte	102,15,56,0,247
	movl	%ebx,%r10d

	call	_bsaes_encrypt8_bitslice

	subq	$8,%r14
	jc	.Lctr_enc_loop_done

	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	movdqu	32(%r12),%xmm9
	movdqu	48(%r12),%xmm10
	movdqu	64(%r12),%xmm11
	movdqu	80(%r12),%xmm12
	movdqu	96(%r12),%xmm13
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	pxor	%xmm15,%xmm7
	movdqa	32(%rbp),%xmm15
	pxor	%xmm8,%xmm0
	movdqu	%xmm7,0(%r13)
	pxor	%xmm9,%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	%xmm10,%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	%xmm11,%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	%xmm12,%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	%xmm13,%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	%xmm14,%xmm4
	movdqu	%xmm1,96(%r13)
	leaq	.LADD1(%rip),%r11
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	paddd	112(%r11),%xmm15
	jnz	.Lctr_enc_loop

	jmp	.Lctr_enc_done
.align	16
.Lctr_enc_loop_done:
	addq	$8,%r14
	movdqu	0(%r12),%xmm7
	pxor	%xmm7,%xmm15
	movdqu	%xmm15,0(%r13)
	cmpq	$2,%r14
	jb	.Lctr_enc_done
	movdqu	16(%r12),%xmm8
	pxor	%xmm8,%xmm0
	movdqu	%xmm0,16(%r13)
	je	.Lctr_enc_done
	movdqu	32(%r12),%xmm9
	pxor	%xmm9,%xmm3
	movdqu	%xmm3,32(%r13)
	cmpq	$4,%r14
	jb	.Lctr_enc_done
	movdqu	48(%r12),%xmm10
	pxor	%xmm10,%xmm5
	movdqu	%xmm5,48(%r13)
	je	.Lctr_enc_done
	movdqu	64(%r12),%xmm11
	pxor	%xmm11,%xmm2
	movdqu	%xmm2,64(%r13)
	cmpq	$6,%r14
	jb	.Lctr_enc_done
	movdqu	80(%r12),%xmm12
	pxor	%xmm12,%xmm6
	movdqu	%xmm6,80(%r13)
	je	.Lctr_enc_done
	movdqu	96(%r12),%xmm13
	pxor	%xmm13,%xmm1
	movdqu	%xmm1,96(%r13)
	jmp	.Lctr_enc_done

.align	16
.Lctr_enc_short:
	leaq	32(%rbp),%rdi
	leaq	48(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_encrypt
	movdqu	(%r12),%xmm0
	leaq	16(%r12),%r12
	movl	44(%rbp),%eax
	bswapl	%eax
	pxor	48(%rbp),%xmm0
	incl	%eax
	movdqu	%xmm0,(%r13)
	bswapl	%eax
	leaq	16(%r13),%r13
	movl	%eax,44(%rsp)
	decq	%r14
	jnz	.Lctr_enc_short

.Lctr_enc_done:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lctr_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lctr_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lctr_enc_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
.globl	bsaes_xts_encrypt
.type	bsaes_xts_encrypt,@function
.align	16
bsaes_xts_encrypt:
	movq	%rsp,%rax
.Lxts_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	andq	$-16,%r14
	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	.Lxts_enc_short
	jmp	.Lxts_enc_loop

.align	16
.Lxts_enc_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm1,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	.Lxts_enc_loop

.Lxts_enc_short:
	addq	$128,%r14
	jz	.Lxts_enc_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	.Lxts_enc_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	.Lxts_enc_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	.Lxts_enc_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	.Lxts_enc_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	.Lxts_enc_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	.Lxts_enc_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm1,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	movdqu	%xmm2,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	movdqu	%xmm5,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm3,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_encrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

.Lxts_enc_done:
	andl	$15,%ebx
	jz	.Lxts_enc_ret
	movq	%r13,%rdx

.Lxts_enc_steal:
	movzbl	(%r12),%eax
	movzbl	-16(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,-16(%rdx)
	movb	%cl,0(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	.Lxts_enc_steal

	movdqu	-16(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	asm_AES_encrypt		
	pxor	32(%rbp),%xmm6
	movdqu	%xmm6,-16(%r13)

.Lxts_enc_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lxts_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lxts_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lxts_enc_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt

.globl	bsaes_xts_decrypt
.type	bsaes_xts_decrypt,@function
.align	16
bsaes_xts_decrypt:
	movq	%rsp,%rax
.Lxts_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	xorl	%eax,%eax
	andq	$-16,%r14
	testl	$15,%ebx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%r14

	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	.Lxts_dec_short
	jmp	.Lxts_dec_loop

.align	16
.Lxts_dec_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	.Lxts_dec_loop

.Lxts_dec_short:
	addq	$128,%r14
	jz	.Lxts_dec_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	.Lxts_dec_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	.Lxts_dec_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	.Lxts_dec_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	.Lxts_dec_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	.Lxts_dec_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	.Lxts_dec_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

.Lxts_dec_done:
	andl	$15,%ebx
	jz	.Lxts_dec_ret

	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	movdqa	%xmm6,%xmm5
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	movdqu	(%r12),%xmm15
	pxor	%xmm13,%xmm6

	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm6
	movq	%r13,%rdx
	movdqu	%xmm6,(%r13)

.Lxts_dec_steal:
	movzbl	16(%r12),%eax
	movzbl	(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,(%rdx)
	movb	%cl,16(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	.Lxts_dec_steal

	movdqu	(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm5,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm5
	movdqu	%xmm5,(%r13)

.Lxts_dec_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lxts_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lxts_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lxts_dec_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
.type	_bsaes_const,@object
.align	64
_bsaes_const:
.LM0ISR:
.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
.LISRM0:
.quad	0x01040b0e0205080f, 0x0306090c00070a0d
.LISR:
.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
.LBS0:
.quad	0x5555555555555555, 0x5555555555555555
.LBS1:
.quad	0x3333333333333333, 0x3333333333333333
.LBS2:
.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
.LSR:
.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
.LSRM0:
.quad	0x0304090e00050a0f, 0x01060b0c0207080d
.LM0SR:
.quad	0x0a0e02060f03070b, 0x0004080c05090d01
.LSWPUP:
.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
.LSWPUPM0SR:
.quad	0x0a0d02060c03070b, 0x0004080f05090e01
.LADD1:
.quad	0x0000000000000000, 0x0000000100000000
.LADD2:
.quad	0x0000000000000000, 0x0000000200000000
.LADD3:
.quad	0x0000000000000000, 0x0000000300000000
.LADD4:
.quad	0x0000000000000000, 0x0000000400000000
.LADD5:
.quad	0x0000000000000000, 0x0000000500000000
.LADD6:
.quad	0x0000000000000000, 0x0000000600000000
.LADD7:
.quad	0x0000000000000000, 0x0000000700000000
.LADD8:
.quad	0x0000000000000000, 0x0000000800000000
.Lxts_magic:
.long	0x87,0,1,0
.Lmasks:
.quad	0x0101010101010101, 0x0101010101010101
.quad	0x0202020202020202, 0x0202020202020202
.quad	0x0404040404040404, 0x0404040404040404
.quad	0x0808080808080808, 0x0808080808080808
.LM0:
.quad	0x02060a0e03070b0f, 0x0004080c0105090d
.L63:
.quad	0x6363636363636363, 0x6363636363636363
.byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
.align	64
.size	_bsaes_const,.-_bsaes_const
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/aes/bsaes-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
.text	




.type	_bsaes_encrypt8,@function
.align	64
_bsaes_encrypt8:
	leaq	.LBS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	80(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
_bsaes_encrypt8_bitslice:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	.Lenc_sbox
.align	16
.Lenc_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
.Lenc_sbox:
	pxor	%xmm5,%xmm4
	pxor	%xmm0,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm1,%xmm5
	pxor	%xmm15,%xmm4

	pxor	%xmm2,%xmm5
	pxor	%xmm6,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm3,%xmm2
	pxor	%xmm4,%xmm3
	pxor	%xmm0,%xmm2

	pxor	%xmm6,%xmm1
	pxor	%xmm4,%xmm0
	movdqa	%xmm6,%xmm10
	movdqa	%xmm0,%xmm9
	movdqa	%xmm4,%xmm8
	movdqa	%xmm1,%xmm12
	movdqa	%xmm5,%xmm11

	pxor	%xmm3,%xmm10
	pxor	%xmm1,%xmm9
	pxor	%xmm2,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm3,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm15,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm2,%xmm11
	pxor	%xmm15,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm6,%xmm12
	movdqa	%xmm4,%xmm11
	pxor	%xmm0,%xmm12
	pxor	%xmm5,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm1,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm3,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm0,%xmm13
	pand	%xmm2,%xmm11
	movdqa	%xmm6,%xmm14
	pand	%xmm15,%xmm12
	pand	%xmm4,%xmm13
	por	%xmm5,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm5,%xmm11
	movdqa	%xmm4,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm5,%xmm9
	pxor	%xmm4,%xmm5
	pand	%xmm14,%xmm4
	pand	%xmm13,%xmm5
	pxor	%xmm4,%xmm5
	pxor	%xmm9,%xmm4
	pxor	%xmm15,%xmm11
	pxor	%xmm2,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm2,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm2
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm2,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm2
	pxor	%xmm11,%xmm5
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm2

	movdqa	%xmm6,%xmm11
	movdqa	%xmm0,%xmm7
	pxor	%xmm3,%xmm11
	pxor	%xmm1,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm3,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm1,%xmm3
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm1
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm3
	pxor	%xmm11,%xmm7
	pxor	%xmm1,%xmm3
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm1
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm6,%xmm10
	pxor	%xmm0,%xmm6
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm6
	pxor	%xmm0,%xmm6
	pxor	%xmm10,%xmm0
	pxor	%xmm11,%xmm6
	pxor	%xmm11,%xmm3
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm1
	pxor	%xmm15,%xmm6
	pxor	%xmm5,%xmm0
	pxor	%xmm6,%xmm3
	pxor	%xmm15,%xmm5
	pxor	%xmm0,%xmm15

	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	pxor	%xmm2,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm4,%xmm3

	pxor	%xmm2,%xmm5
	decl	%r10d
	jl	.Lenc_done
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm3,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm5,%xmm10
	pxor	%xmm9,%xmm3
	pshufd	$147,%xmm2,%xmm11
	pxor	%xmm10,%xmm5
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm2
	pshufd	$147,%xmm1,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm1
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm2,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm5,%xmm11
	pshufd	$78,%xmm2,%xmm7
	pxor	%xmm1,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm3,%xmm10
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm1,%xmm5
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm12,%xmm8
	pxor	%xmm10,%xmm2
	pxor	%xmm14,%xmm6
	pxor	%xmm13,%xmm5
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm1
	movdqa	%xmm8,%xmm4
	movdqa	48(%r11),%xmm7
	jnz	.Lenc_loop
	movdqa	64(%r11),%xmm7
	jmp	.Lenc_loop
.align	16
.Lenc_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm2,%xmm10
	psrlq	$1,%xmm2
	pxor	%xmm4,%xmm1
	pxor	%xmm6,%xmm2
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm2
	pxor	%xmm1,%xmm4
	psllq	$1,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$1,%xmm2
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm2
	movdqa	%xmm3,%xmm9
	psrlq	$1,%xmm3
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm5,%xmm3
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm15
	pxor	%xmm3,%xmm5
	psllq	$1,%xmm3
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm2,%xmm10
	psrlq	$2,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm1,%xmm2
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm2
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm2,%xmm1
	psllq	$2,%xmm2
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm2
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm5,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm5
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm5,%xmm9
	psrlq	$4,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$4,%xmm3
	pxor	%xmm4,%xmm5
	pxor	%xmm1,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm4
	psllq	$4,%xmm5
	pxor	%xmm3,%xmm1
	psllq	$4,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm2,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm2
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3
.size	_bsaes_encrypt8,.-_bsaes_encrypt8

.type	_bsaes_decrypt8,@function
.align	64
_bsaes_decrypt8:
	leaq	.LBS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	-48(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	.Ldec_sbox
.align	16
.Ldec_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
.Ldec_sbox:
	pxor	%xmm3,%xmm2

	pxor	%xmm6,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm3,%xmm5
	pxor	%xmm5,%xmm6
	pxor	%xmm6,%xmm0

	pxor	%xmm0,%xmm15
	pxor	%xmm4,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm15,%xmm4
	pxor	%xmm2,%xmm0
	movdqa	%xmm2,%xmm10
	movdqa	%xmm6,%xmm9
	movdqa	%xmm0,%xmm8
	movdqa	%xmm3,%xmm12
	movdqa	%xmm4,%xmm11

	pxor	%xmm15,%xmm10
	pxor	%xmm3,%xmm9
	pxor	%xmm5,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm15,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm1,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm5,%xmm11
	pxor	%xmm1,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm2,%xmm12
	movdqa	%xmm0,%xmm11
	pxor	%xmm6,%xmm12
	pxor	%xmm4,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm3,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm15,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm6,%xmm13
	pand	%xmm5,%xmm11
	movdqa	%xmm2,%xmm14
	pand	%xmm1,%xmm12
	pand	%xmm0,%xmm13
	por	%xmm4,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm4,%xmm11
	movdqa	%xmm0,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm4,%xmm9
	pxor	%xmm0,%xmm4
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm4
	pxor	%xmm0,%xmm4
	pxor	%xmm9,%xmm0
	pxor	%xmm1,%xmm11
	pxor	%xmm5,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm1,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm5,%xmm1
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm5
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm1
	pxor	%xmm11,%xmm7
	pxor	%xmm5,%xmm1
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm5
	pxor	%xmm11,%xmm4
	pxor	%xmm11,%xmm1
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm5

	movdqa	%xmm2,%xmm11
	movdqa	%xmm6,%xmm7
	pxor	%xmm15,%xmm11
	pxor	%xmm3,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm3,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm3
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm3,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm3
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm2,%xmm10
	pxor	%xmm6,%xmm2
	pand	%xmm14,%xmm6
	pand	%xmm13,%xmm2
	pxor	%xmm6,%xmm2
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm4,%xmm5

	pxor	%xmm0,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm6,%xmm4
	pxor	%xmm1,%xmm3
	pxor	%xmm15,%xmm6
	pxor	%xmm4,%xmm3
	pxor	%xmm5,%xmm2
	pxor	%xmm0,%xmm5
	pxor	%xmm3,%xmm2

	pxor	%xmm15,%xmm3
	pxor	%xmm2,%xmm6
	decl	%r10d
	jl	.Ldec_done

	pshufd	$78,%xmm15,%xmm7
	pshufd	$78,%xmm2,%xmm13
	pxor	%xmm15,%xmm7
	pshufd	$78,%xmm4,%xmm14
	pxor	%xmm2,%xmm13
	pshufd	$78,%xmm0,%xmm8
	pxor	%xmm4,%xmm14
	pshufd	$78,%xmm5,%xmm9
	pxor	%xmm0,%xmm8
	pshufd	$78,%xmm3,%xmm10
	pxor	%xmm5,%xmm9
	pxor	%xmm13,%xmm15
	pxor	%xmm13,%xmm0
	pshufd	$78,%xmm1,%xmm11
	pxor	%xmm3,%xmm10
	pxor	%xmm7,%xmm5
	pxor	%xmm8,%xmm3
	pshufd	$78,%xmm6,%xmm12
	pxor	%xmm1,%xmm11
	pxor	%xmm14,%xmm0
	pxor	%xmm9,%xmm1
	pxor	%xmm6,%xmm12

	pxor	%xmm14,%xmm5
	pxor	%xmm13,%xmm3
	pxor	%xmm13,%xmm1
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm14,%xmm1
	pxor	%xmm14,%xmm6
	pxor	%xmm12,%xmm4
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm5,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm3,%xmm10
	pxor	%xmm9,%xmm5
	pshufd	$147,%xmm1,%xmm11
	pxor	%xmm10,%xmm3
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm1
	pshufd	$147,%xmm2,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm2
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm1,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm3,%xmm11
	pshufd	$78,%xmm1,%xmm7
	pxor	%xmm2,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm5,%xmm10
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm2,%xmm3
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm12,%xmm8
	pxor	%xmm1,%xmm10
	pxor	%xmm14,%xmm6
	pxor	%xmm3,%xmm13
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm2
	movdqa	%xmm13,%xmm5
	movdqa	%xmm8,%xmm4
	movdqa	%xmm2,%xmm1
	movdqa	%xmm10,%xmm2
	movdqa	-16(%r11),%xmm7
	jnz	.Ldec_loop
	movdqa	-32(%r11),%xmm7
	jmp	.Ldec_loop
.align	16
.Ldec_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm2,%xmm9
	psrlq	$1,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$1,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm6,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm4
	psllq	$1,%xmm2
	pxor	%xmm1,%xmm6
	psllq	$1,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm3,%xmm5
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm15
	pxor	%xmm5,%xmm3
	psllq	$1,%xmm5
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm1,%xmm10
	psrlq	$2,%xmm1
	pxor	%xmm4,%xmm6
	pxor	%xmm2,%xmm1
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm1
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm1,%xmm2
	psllq	$2,%xmm1
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm3,%xmm0
	pxor	%xmm5,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm3
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm5
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm3,%xmm9
	psrlq	$4,%xmm3
	movdqa	%xmm5,%xmm10
	psrlq	$4,%xmm5
	pxor	%xmm4,%xmm3
	pxor	%xmm2,%xmm5
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$4,%xmm3
	pxor	%xmm5,%xmm2
	psllq	$4,%xmm5
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm5
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3
.size	_bsaes_decrypt8,.-_bsaes_decrypt8
.type	_bsaes_key_convert,@function
.align	16
_bsaes_key_convert:
	leaq	.Lmasks(%rip),%r11
	movdqu	(%rcx),%xmm7
	leaq	16(%rcx),%rcx
	movdqa	0(%r11),%xmm0
	movdqa	16(%r11),%xmm1
	movdqa	32(%r11),%xmm2
	movdqa	48(%r11),%xmm3
	movdqa	64(%r11),%xmm4
	pcmpeqd	%xmm5,%xmm5

	movdqu	(%rcx),%xmm6
	movdqa	%xmm7,(%rax)
	leaq	16(%rax),%rax
	decl	%r10d
	jmp	.Lkey_loop
.align	16
.Lkey_loop:
.byte	102,15,56,0,244

	movdqa	%xmm0,%xmm8
	movdqa	%xmm1,%xmm9

	pand	%xmm6,%xmm8
	pand	%xmm6,%xmm9
	movdqa	%xmm2,%xmm10
	pcmpeqb	%xmm0,%xmm8
	psllq	$4,%xmm0
	movdqa	%xmm3,%xmm11
	pcmpeqb	%xmm1,%xmm9
	psllq	$4,%xmm1

	pand	%xmm6,%xmm10
	pand	%xmm6,%xmm11
	movdqa	%xmm0,%xmm12
	pcmpeqb	%xmm2,%xmm10
	psllq	$4,%xmm2
	movdqa	%xmm1,%xmm13
	pcmpeqb	%xmm3,%xmm11
	psllq	$4,%xmm3

	movdqa	%xmm2,%xmm14
	movdqa	%xmm3,%xmm15
	pxor	%xmm5,%xmm8
	pxor	%xmm5,%xmm9

	pand	%xmm6,%xmm12
	pand	%xmm6,%xmm13
	movdqa	%xmm8,0(%rax)
	pcmpeqb	%xmm0,%xmm12
	psrlq	$4,%xmm0
	movdqa	%xmm9,16(%rax)
	pcmpeqb	%xmm1,%xmm13
	psrlq	$4,%xmm1
	leaq	16(%rcx),%rcx

	pand	%xmm6,%xmm14
	pand	%xmm6,%xmm15
	movdqa	%xmm10,32(%rax)
	pcmpeqb	%xmm2,%xmm14
	psrlq	$4,%xmm2
	movdqa	%xmm11,48(%rax)
	pcmpeqb	%xmm3,%xmm15
	psrlq	$4,%xmm3
	movdqu	(%rcx),%xmm6

	pxor	%xmm5,%xmm13
	pxor	%xmm5,%xmm14
	movdqa	%xmm12,64(%rax)
	movdqa	%xmm13,80(%rax)
	movdqa	%xmm14,96(%rax)
	movdqa	%xmm15,112(%rax)
	leaq	128(%rax),%rax
	decl	%r10d
	jnz	.Lkey_loop

	movdqa	80(%r11),%xmm7

	.byte	0xf3,0xc3
.size	_bsaes_key_convert,.-_bsaes_key_convert

.globl	bsaes_cbc_encrypt
.type	bsaes_cbc_encrypt,@function
.align	16
bsaes_cbc_encrypt:
	cmpl	$0,%r9d
	jne	asm_AES_cbc_encrypt
	cmpq	$128,%rdx
	jb	asm_AES_cbc_encrypt

	movq	%rsp,%rax
.Lcbc_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movq	%r8,%rbx
	shrq	$4,%r14

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	movdqu	(%rbx),%xmm14
	subq	$8,%r14
.Lcbc_dec_loop:
	movdqu	0(%r12),%xmm15
	movdqu	16(%r12),%xmm0
	movdqu	32(%r12),%xmm1
	movdqu	48(%r12),%xmm2
	movdqu	64(%r12),%xmm3
	movdqu	80(%r12),%xmm4
	movq	%rsp,%rax
	movdqu	96(%r12),%xmm5
	movl	%edx,%r10d
	movdqu	112(%r12),%xmm6
	movdqa	%xmm14,32(%rbp)

	call	_bsaes_decrypt8

	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm2
	movdqu	112(%r12),%xmm14
	pxor	%xmm13,%xmm4
	movdqu	%xmm15,0(%r13)
	leaq	128(%r12),%r12
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	subq	$8,%r14
	jnc	.Lcbc_dec_loop

	addq	$8,%r14
	jz	.Lcbc_dec_done

	movdqu	0(%r12),%xmm15
	movq	%rsp,%rax
	movl	%edx,%r10d
	cmpq	$2,%r14
	jb	.Lcbc_dec_one
	movdqu	16(%r12),%xmm0
	je	.Lcbc_dec_two
	movdqu	32(%r12),%xmm1
	cmpq	$4,%r14
	jb	.Lcbc_dec_three
	movdqu	48(%r12),%xmm2
	je	.Lcbc_dec_four
	movdqu	64(%r12),%xmm3
	cmpq	$6,%r14
	jb	.Lcbc_dec_five
	movdqu	80(%r12),%xmm4
	je	.Lcbc_dec_six
	movdqu	96(%r12),%xmm5
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm14
	pxor	%xmm12,%xmm2
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_six:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm14
	pxor	%xmm11,%xmm6
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_five:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm14
	pxor	%xmm10,%xmm1
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_four:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm14
	pxor	%xmm9,%xmm3
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_three:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm14
	pxor	%xmm8,%xmm5
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_two:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm14
	pxor	%xmm7,%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	jmp	.Lcbc_dec_done
.align	16
.Lcbc_dec_one:
	leaq	(%r12),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm14
	movdqu	%xmm14,(%r13)
	movdqa	%xmm15,%xmm14

.Lcbc_dec_done:
	movdqu	%xmm14,(%rbx)
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lcbc_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lcbc_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lcbc_dec_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt

.globl	bsaes_ctr32_encrypt_blocks
.type	bsaes_ctr32_encrypt_blocks,@function
.align	16
bsaes_ctr32_encrypt_blocks:
	movq	%rsp,%rax
.Lctr_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movdqu	(%r8),%xmm0
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqa	%xmm0,32(%rbp)
	cmpq	$8,%rdx
	jb	.Lctr_enc_short

	movl	%eax,%ebx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%ebx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	movdqa	(%rsp),%xmm8
	leaq	.LADD1(%rip),%r11
	movdqa	32(%rbp),%xmm15
	movdqa	-32(%r11),%xmm7
.byte	102,68,15,56,0,199
.byte	102,68,15,56,0,255
	movdqa	%xmm8,(%rsp)
	jmp	.Lctr_enc_loop
.align	16
.Lctr_enc_loop:
	movdqa	%xmm15,32(%rbp)
	movdqa	%xmm15,%xmm0
	movdqa	%xmm15,%xmm1
	paddd	0(%r11),%xmm0
	movdqa	%xmm15,%xmm2
	paddd	16(%r11),%xmm1
	movdqa	%xmm15,%xmm3
	paddd	32(%r11),%xmm2
	movdqa	%xmm15,%xmm4
	paddd	48(%r11),%xmm3
	movdqa	%xmm15,%xmm5
	paddd	64(%r11),%xmm4
	movdqa	%xmm15,%xmm6
	paddd	80(%r11),%xmm5
	paddd	96(%r11),%xmm6



	movdqa	(%rsp),%xmm8
	leaq	16(%rsp),%rax
	movdqa	-16(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
	leaq	.LBS0(%rip),%r11
.byte	102,15,56,0,247
	movl	%ebx,%r10d

	call	_bsaes_encrypt8_bitslice

	subq	$8,%r14
	jc	.Lctr_enc_loop_done

	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	movdqu	32(%r12),%xmm9
	movdqu	48(%r12),%xmm10
	movdqu	64(%r12),%xmm11
	movdqu	80(%r12),%xmm12
	movdqu	96(%r12),%xmm13
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	pxor	%xmm15,%xmm7
	movdqa	32(%rbp),%xmm15
	pxor	%xmm8,%xmm0
	movdqu	%xmm7,0(%r13)
	pxor	%xmm9,%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	%xmm10,%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	%xmm11,%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	%xmm12,%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	%xmm13,%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	%xmm14,%xmm4
	movdqu	%xmm1,96(%r13)
	leaq	.LADD1(%rip),%r11
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	paddd	112(%r11),%xmm15
	jnz	.Lctr_enc_loop

	jmp	.Lctr_enc_done
.align	16
.Lctr_enc_loop_done:
	addq	$8,%r14
	movdqu	0(%r12),%xmm7
	pxor	%xmm7,%xmm15
	movdqu	%xmm15,0(%r13)
	cmpq	$2,%r14
	jb	.Lctr_enc_done
	movdqu	16(%r12),%xmm8
	pxor	%xmm8,%xmm0
	movdqu	%xmm0,16(%r13)
	je	.Lctr_enc_done
	movdqu	32(%r12),%xmm9
	pxor	%xmm9,%xmm3
	movdqu	%xmm3,32(%r13)
	cmpq	$4,%r14
	jb	.Lctr_enc_done
	movdqu	48(%r12),%xmm10
	pxor	%xmm10,%xmm5
	movdqu	%xmm5,48(%r13)
	je	.Lctr_enc_done
	movdqu	64(%r12),%xmm11
	pxor	%xmm11,%xmm2
	movdqu	%xmm2,64(%r13)
	cmpq	$6,%r14
	jb	.Lctr_enc_done
	movdqu	80(%r12),%xmm12
	pxor	%xmm12,%xmm6
	movdqu	%xmm6,80(%r13)
	je	.Lctr_enc_done
	movdqu	96(%r12),%xmm13
	pxor	%xmm13,%xmm1
	movdqu	%xmm1,96(%r13)
	jmp	.Lctr_enc_done

.align	16
.Lctr_enc_short:
	leaq	32(%rbp),%rdi
	leaq	48(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_encrypt
	movdqu	(%r12),%xmm0
	leaq	16(%r12),%r12
	movl	44(%rbp),%eax
	bswapl	%eax
	pxor	48(%rbp),%xmm0
	incl	%eax
	movdqu	%xmm0,(%r13)
	bswapl	%eax
	leaq	16(%r13),%r13
	movl	%eax,44(%rsp)
	decq	%r14
	jnz	.Lctr_enc_short

.Lctr_enc_done:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lctr_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lctr_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lctr_enc_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
.globl	bsaes_xts_encrypt
.type	bsaes_xts_encrypt,@function
.align	16
bsaes_xts_encrypt:
	movq	%rsp,%rax
.Lxts_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	andq	$-16,%r14
	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	.Lxts_enc_short
	jmp	.Lxts_enc_loop

.align	16
.Lxts_enc_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm1,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	.Lxts_enc_loop

.Lxts_enc_short:
	addq	$128,%r14
	jz	.Lxts_enc_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	.Lxts_enc_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	.Lxts_enc_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	.Lxts_enc_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	.Lxts_enc_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	.Lxts_enc_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	.Lxts_enc_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm1,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	movdqu	%xmm2,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	movdqu	%xmm5,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm3,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	.Lxts_enc_done
.align	16
.Lxts_enc_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_encrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

.Lxts_enc_done:
	andl	$15,%ebx
	jz	.Lxts_enc_ret
	movq	%r13,%rdx

.Lxts_enc_steal:
	movzbl	(%r12),%eax
	movzbl	-16(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,-16(%rdx)
	movb	%cl,0(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	.Lxts_enc_steal

	movdqu	-16(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	asm_AES_encrypt		
	pxor	32(%rbp),%xmm6
	movdqu	%xmm6,-16(%r13)

.Lxts_enc_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lxts_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lxts_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lxts_enc_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt

.globl	bsaes_xts_decrypt
.type	bsaes_xts_decrypt,@function
.align	16
bsaes_xts_decrypt:
	movq	%rsp,%rax
.Lxts_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	xorl	%eax,%eax
	andq	$-16,%r14
	testl	$15,%ebx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%r14

	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	.Lxts_dec_short
	jmp	.Lxts_dec_loop

.align	16
.Lxts_dec_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	.Lxts_dec_loop

.Lxts_dec_short:
	addq	$128,%r14
	jz	.Lxts_dec_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	.Lxts_dec_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	.Lxts_dec_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	.Lxts_dec_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	.Lxts_dec_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	.Lxts_dec_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	.Lxts_dec_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	.Lxts_dec_done
.align	16
.Lxts_dec_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

.Lxts_dec_done:
	andl	$15,%ebx
	jz	.Lxts_dec_ret

	pxor	%xmm14,%xmm14
	movdqa	.Lxts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	movdqa	%xmm6,%xmm5
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	movdqu	(%r12),%xmm15
	pxor	%xmm13,%xmm6

	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm6
	movq	%r13,%rdx
	movdqu	%xmm6,(%r13)

.Lxts_dec_steal:
	movzbl	16(%r12),%eax
	movzbl	(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,(%rdx)
	movb	%cl,16(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	.Lxts_dec_steal

	movdqu	(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm5,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	asm_AES_decrypt		
	pxor	32(%rbp),%xmm5
	movdqu	%xmm5,(%r13)

.Lxts_dec_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
.Lxts_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	.Lxts_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
.Lxts_dec_epilogue:
	.byte	0xf3,0xc3
.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
.type	_bsaes_const,@object
.align	64
_bsaes_const:
.LM0ISR:
.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
.LISRM0:
.quad	0x01040b0e0205080f, 0x0306090c00070a0d
.LISR:
.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
.LBS0:
.quad	0x5555555555555555, 0x5555555555555555
.LBS1:
.quad	0x3333333333333333, 0x3333333333333333
.LBS2:
.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
.LSR:
.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
.LSRM0:
.quad	0x0304090e00050a0f, 0x01060b0c0207080d
.LM0SR:
.quad	0x0a0e02060f03070b, 0x0004080c05090d01
.LSWPUP:
.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
.LSWPUPM0SR:
.quad	0x0a0d02060c03070b, 0x0004080f05090e01
.LADD1:
.quad	0x0000000000000000, 0x0000000100000000
.LADD2:
.quad	0x0000000000000000, 0x0000000200000000
.LADD3:
.quad	0x0000000000000000, 0x0000000300000000
.LADD4:
.quad	0x0000000000000000, 0x0000000400000000
.LADD5:
.quad	0x0000000000000000, 0x0000000500000000
.LADD6:
.quad	0x0000000000000000, 0x0000000600000000
.LADD7:
.quad	0x0000000000000000, 0x0000000700000000
.LADD8:
.quad	0x0000000000000000, 0x0000000800000000
.Lxts_magic:
.long	0x87,0,1,0
.Lmasks:
.quad	0x0101010101010101, 0x0101010101010101
.quad	0x0202020202020202, 0x0202020202020202
.quad	0x0404040404040404, 0x0404040404040404
.quad	0x0808080808080808, 0x0808080808080808
.LM0:
.quad	0x02060a0e03070b0f, 0x0004080c0105090d
.L63:
.quad	0x6363636363636363, 0x6363636363636363
.byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
.align	64
.size	_bsaes_const,.-_bsaes_const
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<










































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/bsaes-macosx-x86_64.S.






































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
#include "x86_arch.h"
.text	





.p2align	6
_bsaes_encrypt8:
	leaq	L$BS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	80(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
_bsaes_encrypt8_bitslice:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	L$enc_sbox
.p2align	4
L$enc_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
L$enc_sbox:
	pxor	%xmm5,%xmm4
	pxor	%xmm0,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm1,%xmm5
	pxor	%xmm15,%xmm4

	pxor	%xmm2,%xmm5
	pxor	%xmm6,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm3,%xmm2
	pxor	%xmm4,%xmm3
	pxor	%xmm0,%xmm2

	pxor	%xmm6,%xmm1
	pxor	%xmm4,%xmm0
	movdqa	%xmm6,%xmm10
	movdqa	%xmm0,%xmm9
	movdqa	%xmm4,%xmm8
	movdqa	%xmm1,%xmm12
	movdqa	%xmm5,%xmm11

	pxor	%xmm3,%xmm10
	pxor	%xmm1,%xmm9
	pxor	%xmm2,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm3,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm15,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm2,%xmm11
	pxor	%xmm15,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm6,%xmm12
	movdqa	%xmm4,%xmm11
	pxor	%xmm0,%xmm12
	pxor	%xmm5,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm1,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm3,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm0,%xmm13
	pand	%xmm2,%xmm11
	movdqa	%xmm6,%xmm14
	pand	%xmm15,%xmm12
	pand	%xmm4,%xmm13
	por	%xmm5,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm5,%xmm11
	movdqa	%xmm4,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm5,%xmm9
	pxor	%xmm4,%xmm5
	pand	%xmm14,%xmm4
	pand	%xmm13,%xmm5
	pxor	%xmm4,%xmm5
	pxor	%xmm9,%xmm4
	pxor	%xmm15,%xmm11
	pxor	%xmm2,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm2,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm2
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm2,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm2
	pxor	%xmm11,%xmm5
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm2

	movdqa	%xmm6,%xmm11
	movdqa	%xmm0,%xmm7
	pxor	%xmm3,%xmm11
	pxor	%xmm1,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm3,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm1,%xmm3
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm1
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm3
	pxor	%xmm11,%xmm7
	pxor	%xmm1,%xmm3
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm1
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm6,%xmm10
	pxor	%xmm0,%xmm6
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm6
	pxor	%xmm0,%xmm6
	pxor	%xmm10,%xmm0
	pxor	%xmm11,%xmm6
	pxor	%xmm11,%xmm3
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm1
	pxor	%xmm15,%xmm6
	pxor	%xmm5,%xmm0
	pxor	%xmm6,%xmm3
	pxor	%xmm15,%xmm5
	pxor	%xmm0,%xmm15

	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	pxor	%xmm2,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm4,%xmm3

	pxor	%xmm2,%xmm5
	decl	%r10d
	jl	L$enc_done
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm3,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm5,%xmm10
	pxor	%xmm9,%xmm3
	pshufd	$147,%xmm2,%xmm11
	pxor	%xmm10,%xmm5
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm2
	pshufd	$147,%xmm1,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm1
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm2,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm5,%xmm11
	pshufd	$78,%xmm2,%xmm7
	pxor	%xmm1,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm3,%xmm10
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm1,%xmm5
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm12,%xmm8
	pxor	%xmm10,%xmm2
	pxor	%xmm14,%xmm6
	pxor	%xmm13,%xmm5
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm1
	movdqa	%xmm8,%xmm4
	movdqa	48(%r11),%xmm7
	jnz	L$enc_loop
	movdqa	64(%r11),%xmm7
	jmp	L$enc_loop
.p2align	4
L$enc_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm2,%xmm10
	psrlq	$1,%xmm2
	pxor	%xmm4,%xmm1
	pxor	%xmm6,%xmm2
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm2
	pxor	%xmm1,%xmm4
	psllq	$1,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$1,%xmm2
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm2
	movdqa	%xmm3,%xmm9
	psrlq	$1,%xmm3
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm5,%xmm3
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm15
	pxor	%xmm3,%xmm5
	psllq	$1,%xmm3
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm2,%xmm10
	psrlq	$2,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm1,%xmm2
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm2
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm2,%xmm1
	psllq	$2,%xmm2
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm2
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm5,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm5
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm5,%xmm9
	psrlq	$4,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$4,%xmm3
	pxor	%xmm4,%xmm5
	pxor	%xmm1,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm4
	psllq	$4,%xmm5
	pxor	%xmm3,%xmm1
	psllq	$4,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm2,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm2
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3



.p2align	6
_bsaes_decrypt8:
	leaq	L$BS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	-48(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	L$dec_sbox
.p2align	4
L$dec_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
L$dec_sbox:
	pxor	%xmm3,%xmm2

	pxor	%xmm6,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm3,%xmm5
	pxor	%xmm5,%xmm6
	pxor	%xmm6,%xmm0

	pxor	%xmm0,%xmm15
	pxor	%xmm4,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm15,%xmm4
	pxor	%xmm2,%xmm0
	movdqa	%xmm2,%xmm10
	movdqa	%xmm6,%xmm9
	movdqa	%xmm0,%xmm8
	movdqa	%xmm3,%xmm12
	movdqa	%xmm4,%xmm11

	pxor	%xmm15,%xmm10
	pxor	%xmm3,%xmm9
	pxor	%xmm5,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm15,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm1,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm5,%xmm11
	pxor	%xmm1,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm2,%xmm12
	movdqa	%xmm0,%xmm11
	pxor	%xmm6,%xmm12
	pxor	%xmm4,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm3,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm15,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm6,%xmm13
	pand	%xmm5,%xmm11
	movdqa	%xmm2,%xmm14
	pand	%xmm1,%xmm12
	pand	%xmm0,%xmm13
	por	%xmm4,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm4,%xmm11
	movdqa	%xmm0,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm4,%xmm9
	pxor	%xmm0,%xmm4
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm4
	pxor	%xmm0,%xmm4
	pxor	%xmm9,%xmm0
	pxor	%xmm1,%xmm11
	pxor	%xmm5,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm1,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm5,%xmm1
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm5
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm1
	pxor	%xmm11,%xmm7
	pxor	%xmm5,%xmm1
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm5
	pxor	%xmm11,%xmm4
	pxor	%xmm11,%xmm1
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm5

	movdqa	%xmm2,%xmm11
	movdqa	%xmm6,%xmm7
	pxor	%xmm15,%xmm11
	pxor	%xmm3,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm3,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm3
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm3,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm3
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm2,%xmm10
	pxor	%xmm6,%xmm2
	pand	%xmm14,%xmm6
	pand	%xmm13,%xmm2
	pxor	%xmm6,%xmm2
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm4,%xmm5

	pxor	%xmm0,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm6,%xmm4
	pxor	%xmm1,%xmm3
	pxor	%xmm15,%xmm6
	pxor	%xmm4,%xmm3
	pxor	%xmm5,%xmm2
	pxor	%xmm0,%xmm5
	pxor	%xmm3,%xmm2

	pxor	%xmm15,%xmm3
	pxor	%xmm2,%xmm6
	decl	%r10d
	jl	L$dec_done

	pshufd	$78,%xmm15,%xmm7
	pshufd	$78,%xmm2,%xmm13
	pxor	%xmm15,%xmm7
	pshufd	$78,%xmm4,%xmm14
	pxor	%xmm2,%xmm13
	pshufd	$78,%xmm0,%xmm8
	pxor	%xmm4,%xmm14
	pshufd	$78,%xmm5,%xmm9
	pxor	%xmm0,%xmm8
	pshufd	$78,%xmm3,%xmm10
	pxor	%xmm5,%xmm9
	pxor	%xmm13,%xmm15
	pxor	%xmm13,%xmm0
	pshufd	$78,%xmm1,%xmm11
	pxor	%xmm3,%xmm10
	pxor	%xmm7,%xmm5
	pxor	%xmm8,%xmm3
	pshufd	$78,%xmm6,%xmm12
	pxor	%xmm1,%xmm11
	pxor	%xmm14,%xmm0
	pxor	%xmm9,%xmm1
	pxor	%xmm6,%xmm12

	pxor	%xmm14,%xmm5
	pxor	%xmm13,%xmm3
	pxor	%xmm13,%xmm1
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm14,%xmm1
	pxor	%xmm14,%xmm6
	pxor	%xmm12,%xmm4
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm5,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm3,%xmm10
	pxor	%xmm9,%xmm5
	pshufd	$147,%xmm1,%xmm11
	pxor	%xmm10,%xmm3
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm1
	pshufd	$147,%xmm2,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm2
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm1,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm3,%xmm11
	pshufd	$78,%xmm1,%xmm7
	pxor	%xmm2,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm5,%xmm10
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm2,%xmm3
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm12,%xmm8
	pxor	%xmm1,%xmm10
	pxor	%xmm14,%xmm6
	pxor	%xmm3,%xmm13
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm2
	movdqa	%xmm13,%xmm5
	movdqa	%xmm8,%xmm4
	movdqa	%xmm2,%xmm1
	movdqa	%xmm10,%xmm2
	movdqa	-16(%r11),%xmm7
	jnz	L$dec_loop
	movdqa	-32(%r11),%xmm7
	jmp	L$dec_loop
.p2align	4
L$dec_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm2,%xmm9
	psrlq	$1,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$1,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm6,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm4
	psllq	$1,%xmm2
	pxor	%xmm1,%xmm6
	psllq	$1,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm3,%xmm5
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm15
	pxor	%xmm5,%xmm3
	psllq	$1,%xmm5
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm1,%xmm10
	psrlq	$2,%xmm1
	pxor	%xmm4,%xmm6
	pxor	%xmm2,%xmm1
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm1
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm1,%xmm2
	psllq	$2,%xmm1
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm3,%xmm0
	pxor	%xmm5,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm3
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm5
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm3,%xmm9
	psrlq	$4,%xmm3
	movdqa	%xmm5,%xmm10
	psrlq	$4,%xmm5
	pxor	%xmm4,%xmm3
	pxor	%xmm2,%xmm5
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$4,%xmm3
	pxor	%xmm5,%xmm2
	psllq	$4,%xmm5
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm5
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3


.p2align	4
_bsaes_key_convert:
	leaq	L$masks(%rip),%r11
	movdqu	(%rcx),%xmm7
	leaq	16(%rcx),%rcx
	movdqa	0(%r11),%xmm0
	movdqa	16(%r11),%xmm1
	movdqa	32(%r11),%xmm2
	movdqa	48(%r11),%xmm3
	movdqa	64(%r11),%xmm4
	pcmpeqd	%xmm5,%xmm5

	movdqu	(%rcx),%xmm6
	movdqa	%xmm7,(%rax)
	leaq	16(%rax),%rax
	decl	%r10d
	jmp	L$key_loop
.p2align	4
L$key_loop:
.byte	102,15,56,0,244

	movdqa	%xmm0,%xmm8
	movdqa	%xmm1,%xmm9

	pand	%xmm6,%xmm8
	pand	%xmm6,%xmm9
	movdqa	%xmm2,%xmm10
	pcmpeqb	%xmm0,%xmm8
	psllq	$4,%xmm0
	movdqa	%xmm3,%xmm11
	pcmpeqb	%xmm1,%xmm9
	psllq	$4,%xmm1

	pand	%xmm6,%xmm10
	pand	%xmm6,%xmm11
	movdqa	%xmm0,%xmm12
	pcmpeqb	%xmm2,%xmm10
	psllq	$4,%xmm2
	movdqa	%xmm1,%xmm13
	pcmpeqb	%xmm3,%xmm11
	psllq	$4,%xmm3

	movdqa	%xmm2,%xmm14
	movdqa	%xmm3,%xmm15
	pxor	%xmm5,%xmm8
	pxor	%xmm5,%xmm9

	pand	%xmm6,%xmm12
	pand	%xmm6,%xmm13
	movdqa	%xmm8,0(%rax)
	pcmpeqb	%xmm0,%xmm12
	psrlq	$4,%xmm0
	movdqa	%xmm9,16(%rax)
	pcmpeqb	%xmm1,%xmm13
	psrlq	$4,%xmm1
	leaq	16(%rcx),%rcx

	pand	%xmm6,%xmm14
	pand	%xmm6,%xmm15
	movdqa	%xmm10,32(%rax)
	pcmpeqb	%xmm2,%xmm14
	psrlq	$4,%xmm2
	movdqa	%xmm11,48(%rax)
	pcmpeqb	%xmm3,%xmm15
	psrlq	$4,%xmm3
	movdqu	(%rcx),%xmm6

	pxor	%xmm5,%xmm13
	pxor	%xmm5,%xmm14
	movdqa	%xmm12,64(%rax)
	movdqa	%xmm13,80(%rax)
	movdqa	%xmm14,96(%rax)
	movdqa	%xmm15,112(%rax)
	leaq	128(%rax),%rax
	decl	%r10d
	jnz	L$key_loop

	movdqa	80(%r11),%xmm7

	.byte	0xf3,0xc3


.globl	_bsaes_cbc_encrypt

.p2align	4
_bsaes_cbc_encrypt:
	cmpl	$0,%r9d
	jne	_asm_AES_cbc_encrypt
	cmpq	$128,%rdx
	jb	_asm_AES_cbc_encrypt

	movq	%rsp,%rax
L$cbc_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movq	%r8,%rbx
	shrq	$4,%r14

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	movdqu	(%rbx),%xmm14
	subq	$8,%r14
L$cbc_dec_loop:
	movdqu	0(%r12),%xmm15
	movdqu	16(%r12),%xmm0
	movdqu	32(%r12),%xmm1
	movdqu	48(%r12),%xmm2
	movdqu	64(%r12),%xmm3
	movdqu	80(%r12),%xmm4
	movq	%rsp,%rax
	movdqu	96(%r12),%xmm5
	movl	%edx,%r10d
	movdqu	112(%r12),%xmm6
	movdqa	%xmm14,32(%rbp)

	call	_bsaes_decrypt8

	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm2
	movdqu	112(%r12),%xmm14
	pxor	%xmm13,%xmm4
	movdqu	%xmm15,0(%r13)
	leaq	128(%r12),%r12
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	subq	$8,%r14
	jnc	L$cbc_dec_loop

	addq	$8,%r14
	jz	L$cbc_dec_done

	movdqu	0(%r12),%xmm15
	movq	%rsp,%rax
	movl	%edx,%r10d
	cmpq	$2,%r14
	jb	L$cbc_dec_one
	movdqu	16(%r12),%xmm0
	je	L$cbc_dec_two
	movdqu	32(%r12),%xmm1
	cmpq	$4,%r14
	jb	L$cbc_dec_three
	movdqu	48(%r12),%xmm2
	je	L$cbc_dec_four
	movdqu	64(%r12),%xmm3
	cmpq	$6,%r14
	jb	L$cbc_dec_five
	movdqu	80(%r12),%xmm4
	je	L$cbc_dec_six
	movdqu	96(%r12),%xmm5
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm14
	pxor	%xmm12,%xmm2
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_six:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm14
	pxor	%xmm11,%xmm6
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_five:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm14
	pxor	%xmm10,%xmm1
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_four:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm14
	pxor	%xmm9,%xmm3
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_three:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm14
	pxor	%xmm8,%xmm5
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_two:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm14
	pxor	%xmm7,%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_one:
	leaq	(%r12),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm14
	movdqu	%xmm14,(%r13)
	movdqa	%xmm15,%xmm14

L$cbc_dec_done:
	movdqu	%xmm14,(%rbx)
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$cbc_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$cbc_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$cbc_dec_epilogue:
	.byte	0xf3,0xc3


.globl	_bsaes_ctr32_encrypt_blocks

.p2align	4
_bsaes_ctr32_encrypt_blocks:
	movq	%rsp,%rax
L$ctr_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movdqu	(%r8),%xmm0
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqa	%xmm0,32(%rbp)
	cmpq	$8,%rdx
	jb	L$ctr_enc_short

	movl	%eax,%ebx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%ebx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	movdqa	(%rsp),%xmm8
	leaq	L$ADD1(%rip),%r11
	movdqa	32(%rbp),%xmm15
	movdqa	-32(%r11),%xmm7
.byte	102,68,15,56,0,199
.byte	102,68,15,56,0,255
	movdqa	%xmm8,(%rsp)
	jmp	L$ctr_enc_loop
.p2align	4
L$ctr_enc_loop:
	movdqa	%xmm15,32(%rbp)
	movdqa	%xmm15,%xmm0
	movdqa	%xmm15,%xmm1
	paddd	0(%r11),%xmm0
	movdqa	%xmm15,%xmm2
	paddd	16(%r11),%xmm1
	movdqa	%xmm15,%xmm3
	paddd	32(%r11),%xmm2
	movdqa	%xmm15,%xmm4
	paddd	48(%r11),%xmm3
	movdqa	%xmm15,%xmm5
	paddd	64(%r11),%xmm4
	movdqa	%xmm15,%xmm6
	paddd	80(%r11),%xmm5
	paddd	96(%r11),%xmm6



	movdqa	(%rsp),%xmm8
	leaq	16(%rsp),%rax
	movdqa	-16(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
	leaq	L$BS0(%rip),%r11
.byte	102,15,56,0,247
	movl	%ebx,%r10d

	call	_bsaes_encrypt8_bitslice

	subq	$8,%r14
	jc	L$ctr_enc_loop_done

	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	movdqu	32(%r12),%xmm9
	movdqu	48(%r12),%xmm10
	movdqu	64(%r12),%xmm11
	movdqu	80(%r12),%xmm12
	movdqu	96(%r12),%xmm13
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	pxor	%xmm15,%xmm7
	movdqa	32(%rbp),%xmm15
	pxor	%xmm8,%xmm0
	movdqu	%xmm7,0(%r13)
	pxor	%xmm9,%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	%xmm10,%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	%xmm11,%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	%xmm12,%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	%xmm13,%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	%xmm14,%xmm4
	movdqu	%xmm1,96(%r13)
	leaq	L$ADD1(%rip),%r11
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	paddd	112(%r11),%xmm15
	jnz	L$ctr_enc_loop

	jmp	L$ctr_enc_done
.p2align	4
L$ctr_enc_loop_done:
	addq	$8,%r14
	movdqu	0(%r12),%xmm7
	pxor	%xmm7,%xmm15
	movdqu	%xmm15,0(%r13)
	cmpq	$2,%r14
	jb	L$ctr_enc_done
	movdqu	16(%r12),%xmm8
	pxor	%xmm8,%xmm0
	movdqu	%xmm0,16(%r13)
	je	L$ctr_enc_done
	movdqu	32(%r12),%xmm9
	pxor	%xmm9,%xmm3
	movdqu	%xmm3,32(%r13)
	cmpq	$4,%r14
	jb	L$ctr_enc_done
	movdqu	48(%r12),%xmm10
	pxor	%xmm10,%xmm5
	movdqu	%xmm5,48(%r13)
	je	L$ctr_enc_done
	movdqu	64(%r12),%xmm11
	pxor	%xmm11,%xmm2
	movdqu	%xmm2,64(%r13)
	cmpq	$6,%r14
	jb	L$ctr_enc_done
	movdqu	80(%r12),%xmm12
	pxor	%xmm12,%xmm6
	movdqu	%xmm6,80(%r13)
	je	L$ctr_enc_done
	movdqu	96(%r12),%xmm13
	pxor	%xmm13,%xmm1
	movdqu	%xmm1,96(%r13)
	jmp	L$ctr_enc_done

.p2align	4
L$ctr_enc_short:
	leaq	32(%rbp),%rdi
	leaq	48(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_encrypt
	movdqu	(%r12),%xmm0
	leaq	16(%r12),%r12
	movl	44(%rbp),%eax
	bswapl	%eax
	pxor	48(%rbp),%xmm0
	incl	%eax
	movdqu	%xmm0,(%r13)
	bswapl	%eax
	leaq	16(%r13),%r13
	movl	%eax,44(%rsp)
	decq	%r14
	jnz	L$ctr_enc_short

L$ctr_enc_done:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$ctr_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$ctr_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$ctr_enc_epilogue:
	.byte	0xf3,0xc3

.globl	_bsaes_xts_encrypt

.p2align	4
_bsaes_xts_encrypt:
	movq	%rsp,%rax
L$xts_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	_asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	andq	$-16,%r14
	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	L$xts_enc_short
	jmp	L$xts_enc_loop

.p2align	4
L$xts_enc_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm1,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	L$xts_enc_loop

L$xts_enc_short:
	addq	$128,%r14
	jz	L$xts_enc_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	L$xts_enc_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	L$xts_enc_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	L$xts_enc_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	L$xts_enc_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	L$xts_enc_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	L$xts_enc_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm1,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	movdqu	%xmm2,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	movdqu	%xmm5,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm3,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_encrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

L$xts_enc_done:
	andl	$15,%ebx
	jz	L$xts_enc_ret
	movq	%r13,%rdx

L$xts_enc_steal:
	movzbl	(%r12),%eax
	movzbl	-16(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,-16(%rdx)
	movb	%cl,0(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	L$xts_enc_steal

	movdqu	-16(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	_asm_AES_encrypt		
	pxor	32(%rbp),%xmm6
	movdqu	%xmm6,-16(%r13)

L$xts_enc_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$xts_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$xts_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$xts_enc_epilogue:
	.byte	0xf3,0xc3


.globl	_bsaes_xts_decrypt

.p2align	4
_bsaes_xts_decrypt:
	movq	%rsp,%rax
L$xts_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	_asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	xorl	%eax,%eax
	andq	$-16,%r14
	testl	$15,%ebx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%r14

	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	L$xts_dec_short
	jmp	L$xts_dec_loop

.p2align	4
L$xts_dec_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	L$xts_dec_loop

L$xts_dec_short:
	addq	$128,%r14
	jz	L$xts_dec_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	L$xts_dec_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	L$xts_dec_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	L$xts_dec_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	L$xts_dec_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	L$xts_dec_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	L$xts_dec_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

L$xts_dec_done:
	andl	$15,%ebx
	jz	L$xts_dec_ret

	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	movdqa	%xmm6,%xmm5
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	movdqu	(%r12),%xmm15
	pxor	%xmm13,%xmm6

	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm6
	movq	%r13,%rdx
	movdqu	%xmm6,(%r13)

L$xts_dec_steal:
	movzbl	16(%r12),%eax
	movzbl	(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,(%rdx)
	movb	%cl,16(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	L$xts_dec_steal

	movdqu	(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm5,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm5
	movdqu	%xmm5,(%r13)

L$xts_dec_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$xts_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$xts_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$xts_dec_epilogue:
	.byte	0xf3,0xc3


.p2align	6
_bsaes_const:
L$M0ISR:
.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
L$ISRM0:
.quad	0x01040b0e0205080f, 0x0306090c00070a0d
L$ISR:
.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
L$BS0:
.quad	0x5555555555555555, 0x5555555555555555
L$BS1:
.quad	0x3333333333333333, 0x3333333333333333
L$BS2:
.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
L$SR:
.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
L$SRM0:
.quad	0x0304090e00050a0f, 0x01060b0c0207080d
L$M0SR:
.quad	0x0a0e02060f03070b, 0x0004080c05090d01
L$SWPUP:
.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
L$SWPUPM0SR:
.quad	0x0a0d02060c03070b, 0x0004080f05090e01
L$ADD1:
.quad	0x0000000000000000, 0x0000000100000000
L$ADD2:
.quad	0x0000000000000000, 0x0000000200000000
L$ADD3:
.quad	0x0000000000000000, 0x0000000300000000
L$ADD4:
.quad	0x0000000000000000, 0x0000000400000000
L$ADD5:
.quad	0x0000000000000000, 0x0000000500000000
L$ADD6:
.quad	0x0000000000000000, 0x0000000600000000
L$ADD7:
.quad	0x0000000000000000, 0x0000000700000000
L$ADD8:
.quad	0x0000000000000000, 0x0000000800000000
L$xts_magic:
.long	0x87,0,1,0
L$masks:
.quad	0x0101010101010101, 0x0101010101010101
.quad	0x0202020202020202, 0x0202020202020202
.quad	0x0404040404040404, 0x0404040404040404
.quad	0x0808080808080808, 0x0808080808080808
L$M0:
.quad	0x02060a0e03070b0f, 0x0004080c0105090d
L$63:
.quad	0x6363636363636363, 0x6363636363636363
.byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
.p2align	6

Deleted jni/libressl/crypto/aes/bsaes-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
.text	





.p2align	6
_bsaes_encrypt8:
	leaq	L$BS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	80(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
_bsaes_encrypt8_bitslice:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	L$enc_sbox
.p2align	4
L$enc_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
L$enc_sbox:
	pxor	%xmm5,%xmm4
	pxor	%xmm0,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm1,%xmm5
	pxor	%xmm15,%xmm4

	pxor	%xmm2,%xmm5
	pxor	%xmm6,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm3,%xmm2
	pxor	%xmm4,%xmm3
	pxor	%xmm0,%xmm2

	pxor	%xmm6,%xmm1
	pxor	%xmm4,%xmm0
	movdqa	%xmm6,%xmm10
	movdqa	%xmm0,%xmm9
	movdqa	%xmm4,%xmm8
	movdqa	%xmm1,%xmm12
	movdqa	%xmm5,%xmm11

	pxor	%xmm3,%xmm10
	pxor	%xmm1,%xmm9
	pxor	%xmm2,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm3,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm15,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm2,%xmm11
	pxor	%xmm15,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm6,%xmm12
	movdqa	%xmm4,%xmm11
	pxor	%xmm0,%xmm12
	pxor	%xmm5,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm1,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm3,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm0,%xmm13
	pand	%xmm2,%xmm11
	movdqa	%xmm6,%xmm14
	pand	%xmm15,%xmm12
	pand	%xmm4,%xmm13
	por	%xmm5,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm5,%xmm11
	movdqa	%xmm4,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm5,%xmm9
	pxor	%xmm4,%xmm5
	pand	%xmm14,%xmm4
	pand	%xmm13,%xmm5
	pxor	%xmm4,%xmm5
	pxor	%xmm9,%xmm4
	pxor	%xmm15,%xmm11
	pxor	%xmm2,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm2,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm2
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm2,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm2
	pxor	%xmm11,%xmm5
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm2

	movdqa	%xmm6,%xmm11
	movdqa	%xmm0,%xmm7
	pxor	%xmm3,%xmm11
	pxor	%xmm1,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm3,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm1,%xmm3
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm1
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm3
	pxor	%xmm11,%xmm7
	pxor	%xmm1,%xmm3
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm1
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm6,%xmm10
	pxor	%xmm0,%xmm6
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm6
	pxor	%xmm0,%xmm6
	pxor	%xmm10,%xmm0
	pxor	%xmm11,%xmm6
	pxor	%xmm11,%xmm3
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm1
	pxor	%xmm15,%xmm6
	pxor	%xmm5,%xmm0
	pxor	%xmm6,%xmm3
	pxor	%xmm15,%xmm5
	pxor	%xmm0,%xmm15

	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	pxor	%xmm2,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm4,%xmm3

	pxor	%xmm2,%xmm5
	decl	%r10d
	jl	L$enc_done
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm3,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm5,%xmm10
	pxor	%xmm9,%xmm3
	pshufd	$147,%xmm2,%xmm11
	pxor	%xmm10,%xmm5
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm2
	pshufd	$147,%xmm1,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm1
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm2,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm5,%xmm11
	pshufd	$78,%xmm2,%xmm7
	pxor	%xmm1,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm3,%xmm10
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm1,%xmm5
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm12,%xmm8
	pxor	%xmm10,%xmm2
	pxor	%xmm14,%xmm6
	pxor	%xmm13,%xmm5
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm1
	movdqa	%xmm8,%xmm4
	movdqa	48(%r11),%xmm7
	jnz	L$enc_loop
	movdqa	64(%r11),%xmm7
	jmp	L$enc_loop
.p2align	4
L$enc_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm2,%xmm10
	psrlq	$1,%xmm2
	pxor	%xmm4,%xmm1
	pxor	%xmm6,%xmm2
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm2
	pxor	%xmm1,%xmm4
	psllq	$1,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$1,%xmm2
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm2
	movdqa	%xmm3,%xmm9
	psrlq	$1,%xmm3
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm5,%xmm3
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm15
	pxor	%xmm3,%xmm5
	psllq	$1,%xmm3
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm2,%xmm10
	psrlq	$2,%xmm2
	pxor	%xmm4,%xmm6
	pxor	%xmm1,%xmm2
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm2
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm2,%xmm1
	psllq	$2,%xmm2
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm2
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm5,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm5
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm5,%xmm9
	psrlq	$4,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$4,%xmm3
	pxor	%xmm4,%xmm5
	pxor	%xmm1,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm4
	psllq	$4,%xmm5
	pxor	%xmm3,%xmm1
	psllq	$4,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm2,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm2
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3



.p2align	6
_bsaes_decrypt8:
	leaq	L$BS0(%rip),%r11

	movdqa	(%rax),%xmm8
	leaq	16(%rax),%rax
	movdqa	-48(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
.byte	102,15,56,0,247
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm3,%xmm10
	psrlq	$1,%xmm3
	pxor	%xmm6,%xmm5
	pxor	%xmm4,%xmm3
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm3
	pxor	%xmm5,%xmm6
	psllq	$1,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$1,%xmm3
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm3
	movdqa	%xmm1,%xmm9
	psrlq	$1,%xmm1
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm2,%xmm1
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm1
	pand	%xmm7,%xmm15
	pxor	%xmm1,%xmm2
	psllq	$1,%xmm1
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm1
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm4,%xmm9
	psrlq	$2,%xmm4
	movdqa	%xmm3,%xmm10
	psrlq	$2,%xmm3
	pxor	%xmm6,%xmm4
	pxor	%xmm5,%xmm3
	pand	%xmm8,%xmm4
	pand	%xmm8,%xmm3
	pxor	%xmm4,%xmm6
	psllq	$2,%xmm4
	pxor	%xmm3,%xmm5
	psllq	$2,%xmm3
	pxor	%xmm9,%xmm4
	pxor	%xmm10,%xmm3
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm2,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm2
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm2,%xmm9
	psrlq	$4,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$4,%xmm1
	pxor	%xmm6,%xmm2
	pxor	%xmm5,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm6
	psllq	$4,%xmm2
	pxor	%xmm1,%xmm5
	psllq	$4,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm4,%xmm0
	pxor	%xmm3,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm4
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm3
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	decl	%r10d
	jmp	L$dec_sbox
.p2align	4
L$dec_loop:
	pxor	0(%rax),%xmm15
	pxor	16(%rax),%xmm0
.byte	102,68,15,56,0,255
	pxor	32(%rax),%xmm1
.byte	102,15,56,0,199
	pxor	48(%rax),%xmm2
.byte	102,15,56,0,207
	pxor	64(%rax),%xmm3
.byte	102,15,56,0,215
	pxor	80(%rax),%xmm4
.byte	102,15,56,0,223
	pxor	96(%rax),%xmm5
.byte	102,15,56,0,231
	pxor	112(%rax),%xmm6
.byte	102,15,56,0,239
	leaq	128(%rax),%rax
.byte	102,15,56,0,247
L$dec_sbox:
	pxor	%xmm3,%xmm2

	pxor	%xmm6,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm3,%xmm5
	pxor	%xmm5,%xmm6
	pxor	%xmm6,%xmm0

	pxor	%xmm0,%xmm15
	pxor	%xmm4,%xmm1
	pxor	%xmm15,%xmm2
	pxor	%xmm15,%xmm4
	pxor	%xmm2,%xmm0
	movdqa	%xmm2,%xmm10
	movdqa	%xmm6,%xmm9
	movdqa	%xmm0,%xmm8
	movdqa	%xmm3,%xmm12
	movdqa	%xmm4,%xmm11

	pxor	%xmm15,%xmm10
	pxor	%xmm3,%xmm9
	pxor	%xmm5,%xmm8
	movdqa	%xmm10,%xmm13
	pxor	%xmm15,%xmm12
	movdqa	%xmm9,%xmm7
	pxor	%xmm1,%xmm11
	movdqa	%xmm10,%xmm14

	por	%xmm8,%xmm9
	por	%xmm11,%xmm10
	pxor	%xmm7,%xmm14
	pand	%xmm11,%xmm13
	pxor	%xmm8,%xmm11
	pand	%xmm8,%xmm7
	pand	%xmm11,%xmm14
	movdqa	%xmm5,%xmm11
	pxor	%xmm1,%xmm11
	pand	%xmm11,%xmm12
	pxor	%xmm12,%xmm10
	pxor	%xmm12,%xmm9
	movdqa	%xmm2,%xmm12
	movdqa	%xmm0,%xmm11
	pxor	%xmm6,%xmm12
	pxor	%xmm4,%xmm11
	movdqa	%xmm12,%xmm8
	pand	%xmm11,%xmm12
	por	%xmm11,%xmm8
	pxor	%xmm12,%xmm7
	pxor	%xmm14,%xmm10
	pxor	%xmm13,%xmm9
	pxor	%xmm14,%xmm8
	movdqa	%xmm3,%xmm11
	pxor	%xmm13,%xmm7
	movdqa	%xmm15,%xmm12
	pxor	%xmm13,%xmm8
	movdqa	%xmm6,%xmm13
	pand	%xmm5,%xmm11
	movdqa	%xmm2,%xmm14
	pand	%xmm1,%xmm12
	pand	%xmm0,%xmm13
	por	%xmm4,%xmm14
	pxor	%xmm11,%xmm10
	pxor	%xmm12,%xmm9
	pxor	%xmm13,%xmm8
	pxor	%xmm14,%xmm7





	movdqa	%xmm10,%xmm11
	pand	%xmm8,%xmm10
	pxor	%xmm9,%xmm11

	movdqa	%xmm7,%xmm13
	movdqa	%xmm11,%xmm14
	pxor	%xmm10,%xmm13
	pand	%xmm13,%xmm14

	movdqa	%xmm8,%xmm12
	pxor	%xmm9,%xmm14
	pxor	%xmm7,%xmm12

	pxor	%xmm9,%xmm10

	pand	%xmm10,%xmm12

	movdqa	%xmm13,%xmm9
	pxor	%xmm7,%xmm12

	pxor	%xmm12,%xmm9
	pxor	%xmm12,%xmm8

	pand	%xmm7,%xmm9

	pxor	%xmm9,%xmm13
	pxor	%xmm9,%xmm8

	pand	%xmm14,%xmm13

	pxor	%xmm11,%xmm13
	movdqa	%xmm4,%xmm11
	movdqa	%xmm0,%xmm7
	movdqa	%xmm14,%xmm9
	pxor	%xmm13,%xmm9
	pand	%xmm4,%xmm9
	pxor	%xmm0,%xmm4
	pand	%xmm14,%xmm0
	pand	%xmm13,%xmm4
	pxor	%xmm0,%xmm4
	pxor	%xmm9,%xmm0
	pxor	%xmm1,%xmm11
	pxor	%xmm5,%xmm7
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm1,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm5,%xmm1
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm5
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm1
	pxor	%xmm11,%xmm7
	pxor	%xmm5,%xmm1
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm5
	pxor	%xmm11,%xmm4
	pxor	%xmm11,%xmm1
	pxor	%xmm7,%xmm0
	pxor	%xmm7,%xmm5

	movdqa	%xmm2,%xmm11
	movdqa	%xmm6,%xmm7
	pxor	%xmm15,%xmm11
	pxor	%xmm3,%xmm7
	movdqa	%xmm14,%xmm10
	movdqa	%xmm12,%xmm9
	pxor	%xmm13,%xmm10
	pxor	%xmm8,%xmm9
	pand	%xmm11,%xmm10
	pand	%xmm15,%xmm9
	pxor	%xmm7,%xmm11
	pxor	%xmm3,%xmm15
	pand	%xmm14,%xmm7
	pand	%xmm12,%xmm3
	pand	%xmm13,%xmm11
	pand	%xmm8,%xmm15
	pxor	%xmm11,%xmm7
	pxor	%xmm3,%xmm15
	pxor	%xmm10,%xmm11
	pxor	%xmm9,%xmm3
	pxor	%xmm12,%xmm14
	pxor	%xmm8,%xmm13
	movdqa	%xmm14,%xmm10
	pxor	%xmm13,%xmm10
	pand	%xmm2,%xmm10
	pxor	%xmm6,%xmm2
	pand	%xmm14,%xmm6
	pand	%xmm13,%xmm2
	pxor	%xmm6,%xmm2
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm11,%xmm15
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm4,%xmm5

	pxor	%xmm0,%xmm3
	pxor	%xmm6,%xmm1
	pxor	%xmm6,%xmm4
	pxor	%xmm1,%xmm3
	pxor	%xmm15,%xmm6
	pxor	%xmm4,%xmm3
	pxor	%xmm5,%xmm2
	pxor	%xmm0,%xmm5
	pxor	%xmm3,%xmm2

	pxor	%xmm15,%xmm3
	pxor	%xmm2,%xmm6
	decl	%r10d
	jl	L$dec_done

	pshufd	$78,%xmm15,%xmm7
	pshufd	$78,%xmm2,%xmm13
	pxor	%xmm15,%xmm7
	pshufd	$78,%xmm4,%xmm14
	pxor	%xmm2,%xmm13
	pshufd	$78,%xmm0,%xmm8
	pxor	%xmm4,%xmm14
	pshufd	$78,%xmm5,%xmm9
	pxor	%xmm0,%xmm8
	pshufd	$78,%xmm3,%xmm10
	pxor	%xmm5,%xmm9
	pxor	%xmm13,%xmm15
	pxor	%xmm13,%xmm0
	pshufd	$78,%xmm1,%xmm11
	pxor	%xmm3,%xmm10
	pxor	%xmm7,%xmm5
	pxor	%xmm8,%xmm3
	pshufd	$78,%xmm6,%xmm12
	pxor	%xmm1,%xmm11
	pxor	%xmm14,%xmm0
	pxor	%xmm9,%xmm1
	pxor	%xmm6,%xmm12

	pxor	%xmm14,%xmm5
	pxor	%xmm13,%xmm3
	pxor	%xmm13,%xmm1
	pxor	%xmm10,%xmm6
	pxor	%xmm11,%xmm2
	pxor	%xmm14,%xmm1
	pxor	%xmm14,%xmm6
	pxor	%xmm12,%xmm4
	pshufd	$147,%xmm15,%xmm7
	pshufd	$147,%xmm0,%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$147,%xmm5,%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$147,%xmm3,%xmm10
	pxor	%xmm9,%xmm5
	pshufd	$147,%xmm1,%xmm11
	pxor	%xmm10,%xmm3
	pshufd	$147,%xmm6,%xmm12
	pxor	%xmm11,%xmm1
	pshufd	$147,%xmm2,%xmm13
	pxor	%xmm12,%xmm6
	pshufd	$147,%xmm4,%xmm14
	pxor	%xmm13,%xmm2
	pxor	%xmm14,%xmm4

	pxor	%xmm15,%xmm8
	pxor	%xmm4,%xmm7
	pxor	%xmm4,%xmm8
	pshufd	$78,%xmm15,%xmm15
	pxor	%xmm0,%xmm9
	pshufd	$78,%xmm0,%xmm0
	pxor	%xmm1,%xmm12
	pxor	%xmm7,%xmm15
	pxor	%xmm6,%xmm13
	pxor	%xmm8,%xmm0
	pxor	%xmm3,%xmm11
	pshufd	$78,%xmm1,%xmm7
	pxor	%xmm2,%xmm14
	pshufd	$78,%xmm6,%xmm8
	pxor	%xmm5,%xmm10
	pshufd	$78,%xmm3,%xmm1
	pxor	%xmm4,%xmm10
	pshufd	$78,%xmm4,%xmm6
	pxor	%xmm4,%xmm11
	pshufd	$78,%xmm2,%xmm3
	pxor	%xmm11,%xmm7
	pshufd	$78,%xmm5,%xmm2
	pxor	%xmm12,%xmm8
	pxor	%xmm1,%xmm10
	pxor	%xmm14,%xmm6
	pxor	%xmm3,%xmm13
	movdqa	%xmm7,%xmm3
	pxor	%xmm9,%xmm2
	movdqa	%xmm13,%xmm5
	movdqa	%xmm8,%xmm4
	movdqa	%xmm2,%xmm1
	movdqa	%xmm10,%xmm2
	movdqa	-16(%r11),%xmm7
	jnz	L$dec_loop
	movdqa	-32(%r11),%xmm7
	jmp	L$dec_loop
.p2align	4
L$dec_done:
	movdqa	0(%r11),%xmm7
	movdqa	16(%r11),%xmm8
	movdqa	%xmm2,%xmm9
	psrlq	$1,%xmm2
	movdqa	%xmm1,%xmm10
	psrlq	$1,%xmm1
	pxor	%xmm4,%xmm2
	pxor	%xmm6,%xmm1
	pand	%xmm7,%xmm2
	pand	%xmm7,%xmm1
	pxor	%xmm2,%xmm4
	psllq	$1,%xmm2
	pxor	%xmm1,%xmm6
	psllq	$1,%xmm1
	pxor	%xmm9,%xmm2
	pxor	%xmm10,%xmm1
	movdqa	%xmm5,%xmm9
	psrlq	$1,%xmm5
	movdqa	%xmm15,%xmm10
	psrlq	$1,%xmm15
	pxor	%xmm3,%xmm5
	pxor	%xmm0,%xmm15
	pand	%xmm7,%xmm5
	pand	%xmm7,%xmm15
	pxor	%xmm5,%xmm3
	psllq	$1,%xmm5
	pxor	%xmm15,%xmm0
	psllq	$1,%xmm15
	pxor	%xmm9,%xmm5
	pxor	%xmm10,%xmm15
	movdqa	32(%r11),%xmm7
	movdqa	%xmm6,%xmm9
	psrlq	$2,%xmm6
	movdqa	%xmm1,%xmm10
	psrlq	$2,%xmm1
	pxor	%xmm4,%xmm6
	pxor	%xmm2,%xmm1
	pand	%xmm8,%xmm6
	pand	%xmm8,%xmm1
	pxor	%xmm6,%xmm4
	psllq	$2,%xmm6
	pxor	%xmm1,%xmm2
	psllq	$2,%xmm1
	pxor	%xmm9,%xmm6
	pxor	%xmm10,%xmm1
	movdqa	%xmm0,%xmm9
	psrlq	$2,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$2,%xmm15
	pxor	%xmm3,%xmm0
	pxor	%xmm5,%xmm15
	pand	%xmm8,%xmm0
	pand	%xmm8,%xmm15
	pxor	%xmm0,%xmm3
	psllq	$2,%xmm0
	pxor	%xmm15,%xmm5
	psllq	$2,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	%xmm3,%xmm9
	psrlq	$4,%xmm3
	movdqa	%xmm5,%xmm10
	psrlq	$4,%xmm5
	pxor	%xmm4,%xmm3
	pxor	%xmm2,%xmm5
	pand	%xmm7,%xmm3
	pand	%xmm7,%xmm5
	pxor	%xmm3,%xmm4
	psllq	$4,%xmm3
	pxor	%xmm5,%xmm2
	psllq	$4,%xmm5
	pxor	%xmm9,%xmm3
	pxor	%xmm10,%xmm5
	movdqa	%xmm0,%xmm9
	psrlq	$4,%xmm0
	movdqa	%xmm15,%xmm10
	psrlq	$4,%xmm15
	pxor	%xmm6,%xmm0
	pxor	%xmm1,%xmm15
	pand	%xmm7,%xmm0
	pand	%xmm7,%xmm15
	pxor	%xmm0,%xmm6
	psllq	$4,%xmm0
	pxor	%xmm15,%xmm1
	psllq	$4,%xmm15
	pxor	%xmm9,%xmm0
	pxor	%xmm10,%xmm15
	movdqa	(%rax),%xmm7
	pxor	%xmm7,%xmm5
	pxor	%xmm7,%xmm3
	pxor	%xmm7,%xmm1
	pxor	%xmm7,%xmm6
	pxor	%xmm7,%xmm2
	pxor	%xmm7,%xmm4
	pxor	%xmm7,%xmm15
	pxor	%xmm7,%xmm0
	.byte	0xf3,0xc3


.p2align	4
_bsaes_key_convert:
	leaq	L$masks(%rip),%r11
	movdqu	(%rcx),%xmm7
	leaq	16(%rcx),%rcx
	movdqa	0(%r11),%xmm0
	movdqa	16(%r11),%xmm1
	movdqa	32(%r11),%xmm2
	movdqa	48(%r11),%xmm3
	movdqa	64(%r11),%xmm4
	pcmpeqd	%xmm5,%xmm5

	movdqu	(%rcx),%xmm6
	movdqa	%xmm7,(%rax)
	leaq	16(%rax),%rax
	decl	%r10d
	jmp	L$key_loop
.p2align	4
L$key_loop:
.byte	102,15,56,0,244

	movdqa	%xmm0,%xmm8
	movdqa	%xmm1,%xmm9

	pand	%xmm6,%xmm8
	pand	%xmm6,%xmm9
	movdqa	%xmm2,%xmm10
	pcmpeqb	%xmm0,%xmm8
	psllq	$4,%xmm0
	movdqa	%xmm3,%xmm11
	pcmpeqb	%xmm1,%xmm9
	psllq	$4,%xmm1

	pand	%xmm6,%xmm10
	pand	%xmm6,%xmm11
	movdqa	%xmm0,%xmm12
	pcmpeqb	%xmm2,%xmm10
	psllq	$4,%xmm2
	movdqa	%xmm1,%xmm13
	pcmpeqb	%xmm3,%xmm11
	psllq	$4,%xmm3

	movdqa	%xmm2,%xmm14
	movdqa	%xmm3,%xmm15
	pxor	%xmm5,%xmm8
	pxor	%xmm5,%xmm9

	pand	%xmm6,%xmm12
	pand	%xmm6,%xmm13
	movdqa	%xmm8,0(%rax)
	pcmpeqb	%xmm0,%xmm12
	psrlq	$4,%xmm0
	movdqa	%xmm9,16(%rax)
	pcmpeqb	%xmm1,%xmm13
	psrlq	$4,%xmm1
	leaq	16(%rcx),%rcx

	pand	%xmm6,%xmm14
	pand	%xmm6,%xmm15
	movdqa	%xmm10,32(%rax)
	pcmpeqb	%xmm2,%xmm14
	psrlq	$4,%xmm2
	movdqa	%xmm11,48(%rax)
	pcmpeqb	%xmm3,%xmm15
	psrlq	$4,%xmm3
	movdqu	(%rcx),%xmm6

	pxor	%xmm5,%xmm13
	pxor	%xmm5,%xmm14
	movdqa	%xmm12,64(%rax)
	movdqa	%xmm13,80(%rax)
	movdqa	%xmm14,96(%rax)
	movdqa	%xmm15,112(%rax)
	leaq	128(%rax),%rax
	decl	%r10d
	jnz	L$key_loop

	movdqa	80(%r11),%xmm7

	.byte	0xf3,0xc3


.globl	_bsaes_cbc_encrypt

.p2align	4
_bsaes_cbc_encrypt:
	cmpl	$0,%r9d
	jne	_asm_AES_cbc_encrypt
	cmpq	$128,%rdx
	jb	_asm_AES_cbc_encrypt

	movq	%rsp,%rax
L$cbc_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movq	%r8,%rbx
	shrq	$4,%r14

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	movdqu	(%rbx),%xmm14
	subq	$8,%r14
L$cbc_dec_loop:
	movdqu	0(%r12),%xmm15
	movdqu	16(%r12),%xmm0
	movdqu	32(%r12),%xmm1
	movdqu	48(%r12),%xmm2
	movdqu	64(%r12),%xmm3
	movdqu	80(%r12),%xmm4
	movq	%rsp,%rax
	movdqu	96(%r12),%xmm5
	movl	%edx,%r10d
	movdqu	112(%r12),%xmm6
	movdqa	%xmm14,32(%rbp)

	call	_bsaes_decrypt8

	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm2
	movdqu	112(%r12),%xmm14
	pxor	%xmm13,%xmm4
	movdqu	%xmm15,0(%r13)
	leaq	128(%r12),%r12
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	subq	$8,%r14
	jnc	L$cbc_dec_loop

	addq	$8,%r14
	jz	L$cbc_dec_done

	movdqu	0(%r12),%xmm15
	movq	%rsp,%rax
	movl	%edx,%r10d
	cmpq	$2,%r14
	jb	L$cbc_dec_one
	movdqu	16(%r12),%xmm0
	je	L$cbc_dec_two
	movdqu	32(%r12),%xmm1
	cmpq	$4,%r14
	jb	L$cbc_dec_three
	movdqu	48(%r12),%xmm2
	je	L$cbc_dec_four
	movdqu	64(%r12),%xmm3
	cmpq	$6,%r14
	jb	L$cbc_dec_five
	movdqu	80(%r12),%xmm4
	je	L$cbc_dec_six
	movdqu	96(%r12),%xmm5
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm6
	movdqu	96(%r12),%xmm14
	pxor	%xmm12,%xmm2
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_six:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm1
	movdqu	80(%r12),%xmm14
	pxor	%xmm11,%xmm6
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_five:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm3
	movdqu	64(%r12),%xmm14
	pxor	%xmm10,%xmm1
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_four:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm5
	movdqu	48(%r12),%xmm14
	pxor	%xmm9,%xmm3
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_three:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm0
	movdqu	32(%r12),%xmm14
	pxor	%xmm8,%xmm5
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_two:
	movdqa	%xmm14,32(%rbp)
	call	_bsaes_decrypt8
	pxor	32(%rbp),%xmm15
	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm14
	pxor	%xmm7,%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	jmp	L$cbc_dec_done
.p2align	4
L$cbc_dec_one:
	leaq	(%r12),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm14
	movdqu	%xmm14,(%r13)
	movdqa	%xmm15,%xmm14

L$cbc_dec_done:
	movdqu	%xmm14,(%rbx)
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$cbc_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$cbc_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$cbc_dec_epilogue:
	.byte	0xf3,0xc3


.globl	_bsaes_ctr32_encrypt_blocks

.p2align	4
_bsaes_ctr32_encrypt_blocks:
	movq	%rsp,%rax
L$ctr_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movdqu	(%r8),%xmm0
	movl	240(%rcx),%eax
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15
	movdqa	%xmm0,32(%rbp)
	cmpq	$8,%rdx
	jb	L$ctr_enc_short

	movl	%eax,%ebx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%ebx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	movdqa	(%rsp),%xmm8
	leaq	L$ADD1(%rip),%r11
	movdqa	32(%rbp),%xmm15
	movdqa	-32(%r11),%xmm7
.byte	102,68,15,56,0,199
.byte	102,68,15,56,0,255
	movdqa	%xmm8,(%rsp)
	jmp	L$ctr_enc_loop
.p2align	4
L$ctr_enc_loop:
	movdqa	%xmm15,32(%rbp)
	movdqa	%xmm15,%xmm0
	movdqa	%xmm15,%xmm1
	paddd	0(%r11),%xmm0
	movdqa	%xmm15,%xmm2
	paddd	16(%r11),%xmm1
	movdqa	%xmm15,%xmm3
	paddd	32(%r11),%xmm2
	movdqa	%xmm15,%xmm4
	paddd	48(%r11),%xmm3
	movdqa	%xmm15,%xmm5
	paddd	64(%r11),%xmm4
	movdqa	%xmm15,%xmm6
	paddd	80(%r11),%xmm5
	paddd	96(%r11),%xmm6



	movdqa	(%rsp),%xmm8
	leaq	16(%rsp),%rax
	movdqa	-16(%r11),%xmm7
	pxor	%xmm8,%xmm15
	pxor	%xmm8,%xmm0
.byte	102,68,15,56,0,255
	pxor	%xmm8,%xmm1
.byte	102,15,56,0,199
	pxor	%xmm8,%xmm2
.byte	102,15,56,0,207
	pxor	%xmm8,%xmm3
.byte	102,15,56,0,215
	pxor	%xmm8,%xmm4
.byte	102,15,56,0,223
	pxor	%xmm8,%xmm5
.byte	102,15,56,0,231
	pxor	%xmm8,%xmm6
.byte	102,15,56,0,239
	leaq	L$BS0(%rip),%r11
.byte	102,15,56,0,247
	movl	%ebx,%r10d

	call	_bsaes_encrypt8_bitslice

	subq	$8,%r14
	jc	L$ctr_enc_loop_done

	movdqu	0(%r12),%xmm7
	movdqu	16(%r12),%xmm8
	movdqu	32(%r12),%xmm9
	movdqu	48(%r12),%xmm10
	movdqu	64(%r12),%xmm11
	movdqu	80(%r12),%xmm12
	movdqu	96(%r12),%xmm13
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	pxor	%xmm15,%xmm7
	movdqa	32(%rbp),%xmm15
	pxor	%xmm8,%xmm0
	movdqu	%xmm7,0(%r13)
	pxor	%xmm9,%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	%xmm10,%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	%xmm11,%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	%xmm12,%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	%xmm13,%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	%xmm14,%xmm4
	movdqu	%xmm1,96(%r13)
	leaq	L$ADD1(%rip),%r11
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13
	paddd	112(%r11),%xmm15
	jnz	L$ctr_enc_loop

	jmp	L$ctr_enc_done
.p2align	4
L$ctr_enc_loop_done:
	addq	$8,%r14
	movdqu	0(%r12),%xmm7
	pxor	%xmm7,%xmm15
	movdqu	%xmm15,0(%r13)
	cmpq	$2,%r14
	jb	L$ctr_enc_done
	movdqu	16(%r12),%xmm8
	pxor	%xmm8,%xmm0
	movdqu	%xmm0,16(%r13)
	je	L$ctr_enc_done
	movdqu	32(%r12),%xmm9
	pxor	%xmm9,%xmm3
	movdqu	%xmm3,32(%r13)
	cmpq	$4,%r14
	jb	L$ctr_enc_done
	movdqu	48(%r12),%xmm10
	pxor	%xmm10,%xmm5
	movdqu	%xmm5,48(%r13)
	je	L$ctr_enc_done
	movdqu	64(%r12),%xmm11
	pxor	%xmm11,%xmm2
	movdqu	%xmm2,64(%r13)
	cmpq	$6,%r14
	jb	L$ctr_enc_done
	movdqu	80(%r12),%xmm12
	pxor	%xmm12,%xmm6
	movdqu	%xmm6,80(%r13)
	je	L$ctr_enc_done
	movdqu	96(%r12),%xmm13
	pxor	%xmm13,%xmm1
	movdqu	%xmm1,96(%r13)
	jmp	L$ctr_enc_done

.p2align	4
L$ctr_enc_short:
	leaq	32(%rbp),%rdi
	leaq	48(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_encrypt
	movdqu	(%r12),%xmm0
	leaq	16(%r12),%r12
	movl	44(%rbp),%eax
	bswapl	%eax
	pxor	48(%rbp),%xmm0
	incl	%eax
	movdqu	%xmm0,(%r13)
	bswapl	%eax
	leaq	16(%r13),%r13
	movl	%eax,44(%rsp)
	decq	%r14
	jnz	L$ctr_enc_short

L$ctr_enc_done:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$ctr_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$ctr_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$ctr_enc_epilogue:
	.byte	0xf3,0xc3

.globl	_bsaes_xts_encrypt

.p2align	4
_bsaes_xts_encrypt:
	movq	%rsp,%rax
L$xts_enc_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	_asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	%xmm6,%xmm7
	movdqa	%xmm7,(%rax)

	andq	$-16,%r14
	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	L$xts_enc_short
	jmp	L$xts_enc_loop

.p2align	4
L$xts_enc_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm1,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	L$xts_enc_loop

L$xts_enc_short:
	addq	$128,%r14
	jz	L$xts_enc_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	L$xts_enc_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	L$xts_enc_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	L$xts_enc_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	L$xts_enc_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	L$xts_enc_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	L$xts_enc_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	pxor	96(%rsp),%xmm1
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm1,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm2,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	pxor	64(%rsp),%xmm2
	movdqu	%xmm5,48(%r13)
	movdqu	%xmm2,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm5
	movdqu	%xmm3,32(%r13)
	movdqu	%xmm5,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm3
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm3,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_encrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	L$xts_enc_done
.p2align	4
L$xts_enc_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_encrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

L$xts_enc_done:
	andl	$15,%ebx
	jz	L$xts_enc_ret
	movq	%r13,%rdx

L$xts_enc_steal:
	movzbl	(%r12),%eax
	movzbl	-16(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,-16(%rdx)
	movb	%cl,0(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	L$xts_enc_steal

	movdqu	-16(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	_asm_AES_encrypt		
	pxor	32(%rbp),%xmm6
	movdqu	%xmm6,-16(%r13)

L$xts_enc_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$xts_enc_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$xts_enc_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$xts_enc_epilogue:
	.byte	0xf3,0xc3


.globl	_bsaes_xts_decrypt

.p2align	4
_bsaes_xts_decrypt:
	movq	%rsp,%rax
L$xts_dec_prologue:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	leaq	-72(%rsp),%rsp
	movq	%rsp,%rbp
	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%rcx,%r15

	leaq	(%r9),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r8),%rdx
	call	_asm_AES_encrypt		

	movl	240(%r15),%eax
	movq	%r14,%rbx

	movl	%eax,%edx
	shlq	$7,%rax
	subq	$96,%rax
	subq	%rax,%rsp

	movq	%rsp,%rax
	movq	%r15,%rcx
	movl	%edx,%r10d
	call	_bsaes_key_convert
	pxor	(%rsp),%xmm7
	movdqa	%xmm6,(%rax)
	movdqa	%xmm7,(%rsp)

	xorl	%eax,%eax
	andq	$-16,%r14
	testl	$15,%ebx
	setnz	%al
	shlq	$4,%rax
	subq	%rax,%r14

	subq	$128,%rsp
	movdqa	32(%rbp),%xmm6

	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14

	subq	$128,%r14
	jc	L$xts_dec_short
	jmp	L$xts_dec_loop

.p2align	4
L$xts_dec_loop:
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqu	112(%r12),%xmm14
	leaq	128(%r12),%r12
	movdqa	%xmm6,112(%rsp)
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	pxor	%xmm14,%xmm6
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	pxor	112(%rsp),%xmm4
	movdqu	%xmm2,96(%r13)
	movdqu	%xmm4,112(%r13)
	leaq	128(%r13),%r13

	movdqa	112(%rsp),%xmm6
	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6

	subq	$128,%r14
	jnc	L$xts_dec_loop

L$xts_dec_short:
	addq	$128,%r14
	jz	L$xts_dec_done
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm15
	movdqa	%xmm6,0(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm0
	movdqa	%xmm6,16(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	0(%r12),%xmm7
	cmpq	$16,%r14
	je	L$xts_dec_1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm1
	movdqa	%xmm6,32(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	16(%r12),%xmm8
	cmpq	$32,%r14
	je	L$xts_dec_2
	pxor	%xmm7,%xmm15
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm2
	movdqa	%xmm6,48(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	32(%r12),%xmm9
	cmpq	$48,%r14
	je	L$xts_dec_3
	pxor	%xmm8,%xmm0
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm3
	movdqa	%xmm6,64(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	48(%r12),%xmm10
	cmpq	$64,%r14
	je	L$xts_dec_4
	pxor	%xmm9,%xmm1
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm4
	movdqa	%xmm6,80(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	64(%r12),%xmm11
	cmpq	$80,%r14
	je	L$xts_dec_5
	pxor	%xmm10,%xmm2
	pshufd	$19,%xmm14,%xmm13
	pxor	%xmm14,%xmm14
	movdqa	%xmm6,%xmm5
	movdqa	%xmm6,96(%rsp)
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	pcmpgtd	%xmm6,%xmm14
	pxor	%xmm13,%xmm6
	movdqu	80(%r12),%xmm12
	cmpq	$96,%r14
	je	L$xts_dec_6
	pxor	%xmm11,%xmm3
	movdqu	96(%r12),%xmm13
	pxor	%xmm12,%xmm4
	movdqa	%xmm6,112(%rsp)
	leaq	112(%r12),%r12
	pxor	%xmm13,%xmm5
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	pxor	96(%rsp),%xmm2
	movdqu	%xmm6,80(%r13)
	movdqu	%xmm2,96(%r13)
	leaq	112(%r13),%r13

	movdqa	112(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_6:
	pxor	%xmm11,%xmm3
	leaq	96(%r12),%r12
	pxor	%xmm12,%xmm4
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	pxor	80(%rsp),%xmm6
	movdqu	%xmm1,64(%r13)
	movdqu	%xmm6,80(%r13)
	leaq	96(%r13),%r13

	movdqa	96(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_5:
	pxor	%xmm10,%xmm2
	leaq	80(%r12),%r12
	pxor	%xmm11,%xmm3
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	pxor	64(%rsp),%xmm1
	movdqu	%xmm3,48(%r13)
	movdqu	%xmm1,64(%r13)
	leaq	80(%r13),%r13

	movdqa	80(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_4:
	pxor	%xmm9,%xmm1
	leaq	64(%r12),%r12
	pxor	%xmm10,%xmm2
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	pxor	48(%rsp),%xmm3
	movdqu	%xmm5,32(%r13)
	movdqu	%xmm3,48(%r13)
	leaq	64(%r13),%r13

	movdqa	64(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_3:
	pxor	%xmm8,%xmm0
	leaq	48(%r12),%r12
	pxor	%xmm9,%xmm1
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	pxor	32(%rsp),%xmm5
	movdqu	%xmm0,16(%r13)
	movdqu	%xmm5,32(%r13)
	leaq	48(%r13),%r13

	movdqa	48(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_2:
	pxor	%xmm7,%xmm15
	leaq	32(%r12),%r12
	pxor	%xmm8,%xmm0
	leaq	128(%rsp),%rax
	movl	%edx,%r10d

	call	_bsaes_decrypt8

	pxor	0(%rsp),%xmm15
	pxor	16(%rsp),%xmm0
	movdqu	%xmm15,0(%r13)
	movdqu	%xmm0,16(%r13)
	leaq	32(%r13),%r13

	movdqa	32(%rsp),%xmm6
	jmp	L$xts_dec_done
.p2align	4
L$xts_dec_1:
	pxor	%xmm15,%xmm7
	leaq	16(%r12),%r12
	movdqa	%xmm7,32(%rbp)
	leaq	32(%rbp),%rdi
	leaq	32(%rbp),%rsi
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm15





	movdqu	%xmm15,0(%r13)
	leaq	16(%r13),%r13

	movdqa	16(%rsp),%xmm6

L$xts_dec_done:
	andl	$15,%ebx
	jz	L$xts_dec_ret

	pxor	%xmm14,%xmm14
	movdqa	L$xts_magic(%rip),%xmm12
	pcmpgtd	%xmm6,%xmm14
	pshufd	$19,%xmm14,%xmm13
	movdqa	%xmm6,%xmm5
	paddq	%xmm6,%xmm6
	pand	%xmm12,%xmm13
	movdqu	(%r12),%xmm15
	pxor	%xmm13,%xmm6

	leaq	32(%rbp),%rdi
	pxor	%xmm6,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm6
	movq	%r13,%rdx
	movdqu	%xmm6,(%r13)

L$xts_dec_steal:
	movzbl	16(%r12),%eax
	movzbl	(%rdx),%ecx
	leaq	1(%r12),%r12
	movb	%al,(%rdx)
	movb	%cl,16(%rdx)
	leaq	1(%rdx),%rdx
	subl	$1,%ebx
	jnz	L$xts_dec_steal

	movdqu	(%r13),%xmm15
	leaq	32(%rbp),%rdi
	pxor	%xmm5,%xmm15
	leaq	32(%rbp),%rsi
	movdqa	%xmm15,32(%rbp)
	leaq	(%r15),%rdx
	call	_asm_AES_decrypt		
	pxor	32(%rbp),%xmm5
	movdqu	%xmm5,(%r13)

L$xts_dec_ret:
	leaq	(%rsp),%rax
	pxor	%xmm0,%xmm0
L$xts_dec_bzero:
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm0,16(%rax)
	leaq	32(%rax),%rax
	cmpq	%rax,%rbp
	ja	L$xts_dec_bzero

	leaq	(%rbp),%rsp
	movq	72(%rsp),%r15
	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbx
	movq	112(%rsp),%rax
	leaq	120(%rsp),%rsp
	movq	%rax,%rbp
L$xts_dec_epilogue:
	.byte	0xf3,0xc3


.p2align	6
_bsaes_const:
L$M0ISR:
.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
L$ISRM0:
.quad	0x01040b0e0205080f, 0x0306090c00070a0d
L$ISR:
.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
L$BS0:
.quad	0x5555555555555555, 0x5555555555555555
L$BS1:
.quad	0x3333333333333333, 0x3333333333333333
L$BS2:
.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
L$SR:
.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
L$SRM0:
.quad	0x0304090e00050a0f, 0x01060b0c0207080d
L$M0SR:
.quad	0x0a0e02060f03070b, 0x0004080c05090d01
L$SWPUP:
.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
L$SWPUPM0SR:
.quad	0x0a0d02060c03070b, 0x0004080f05090e01
L$ADD1:
.quad	0x0000000000000000, 0x0000000100000000
L$ADD2:
.quad	0x0000000000000000, 0x0000000200000000
L$ADD3:
.quad	0x0000000000000000, 0x0000000300000000
L$ADD4:
.quad	0x0000000000000000, 0x0000000400000000
L$ADD5:
.quad	0x0000000000000000, 0x0000000500000000
L$ADD6:
.quad	0x0000000000000000, 0x0000000600000000
L$ADD7:
.quad	0x0000000000000000, 0x0000000700000000
L$ADD8:
.quad	0x0000000000000000, 0x0000000800000000
L$xts_magic:
.long	0x87,0,1,0
L$masks:
.quad	0x0101010101010101, 0x0101010101010101
.quad	0x0202020202020202, 0x0202020202020202
.quad	0x0404040404040404, 0x0404040404040404
.quad	0x0808080808080808, 0x0808080808080808
L$M0:
.quad	0x02060a0e03070b0f, 0x0004080c0105090d
L$63:
.quad	0x6363636363636363, 0x6363636363636363
.byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
.p2align	6

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/vpaes-elf-x86_64.S.
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
#include "x86_arch.h"
.text	
















.type	_vpaes_encrypt_core,@function
.align	16
_vpaes_encrypt_core:
	movq	%rdx,%r9
	movq	$16,%r11
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	.Lk_ipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movdqu	(%r9),%xmm5
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	.Lk_ipt+16(%rip),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm5,%xmm2
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	leaq	.Lk_mc_backward(%rip),%r10
	jmp	.Lenc_entry

.align	16
.Lenc_loop:

	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	movdqa	%xmm15,%xmm5
.byte	102,15,56,0,234
	movdqa	-64(%r11,%r10,1),%xmm1
	movdqa	%xmm14,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm5,%xmm2
	movdqa	(%r11,%r10,1),%xmm4
	movdqa	%xmm0,%xmm3
.byte	102,15,56,0,193
	addq	$16,%r9
	pxor	%xmm2,%xmm0
.byte	102,15,56,0,220
	addq	$16,%r11
	pxor	%xmm0,%xmm3
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm3,%xmm0
	subq	$1,%rax

.Lenc_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm5
.byte	102,15,56,0,232
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm5,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm5,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
	movdqu	(%r9),%xmm5
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	jnz	.Lenc_loop


	movdqa	-96(%r10),%xmm4
	movdqa	-80(%r10),%xmm0
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
.byte	102,15,56,0,195
	movdqa	64(%r11,%r10,1),%xmm1
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,193
	.byte	0xf3,0xc3
.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core






.type	_vpaes_decrypt_core,@function
.align	16
_vpaes_decrypt_core:
	movq	%rdx,%r9
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	.Lk_dipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movq	%rax,%r11
	psrld	$4,%xmm1
	movdqu	(%r9),%xmm5
	shlq	$4,%r11
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	.Lk_dipt+16(%rip),%xmm0
	xorq	$48,%r11
	leaq	.Lk_dsbd(%rip),%r10
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm5,%xmm2
	movdqa	.Lk_mc_forward+48(%rip),%xmm5
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	addq	%r10,%r11
	jmp	.Ldec_entry

.align	16
.Ldec_loop:



	movdqa	-32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	-16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	addq	$16,%r9

.byte	102,15,56,0,197
	movdqa	0(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	subq	$1,%rax

.byte	102,15,56,0,197
	movdqa	32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	48(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,56,0,197
	movdqa	64(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	80(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,58,15,237,12

.Ldec_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqu	(%r9),%xmm0
	jnz	.Ldec_loop


	movdqa	96(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	112(%r10),%xmm0
	movdqa	-352(%r11),%xmm2
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,194
	.byte	0xf3,0xc3
.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core






.type	_vpaes_schedule_core,@function
.align	16
_vpaes_schedule_core:





	call	_vpaes_preheat		
	movdqa	.Lk_rcon(%rip),%xmm8
	movdqu	(%rdi),%xmm0


	movdqa	%xmm0,%xmm3
	leaq	.Lk_ipt(%rip),%r11
	call	_vpaes_schedule_transform
	movdqa	%xmm0,%xmm7

	leaq	.Lk_sr(%rip),%r10
	testq	%rcx,%rcx
	jnz	.Lschedule_am_decrypting


	movdqu	%xmm0,(%rdx)
	jmp	.Lschedule_go

.Lschedule_am_decrypting:

	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	movdqu	%xmm3,(%rdx)
	xorq	$48,%r8

.Lschedule_go:
	cmpl	$192,%esi
	ja	.Lschedule_256
	je	.Lschedule_192










.Lschedule_128:
	movl	$10,%esi

.Loop_schedule_128:
	call	_vpaes_schedule_round
	decq	%rsi
	jz	.Lschedule_mangle_last
	call	_vpaes_schedule_mangle	
	jmp	.Loop_schedule_128
















.align	16
.Lschedule_192:
	movdqu	8(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movdqa	%xmm0,%xmm6
	pxor	%xmm4,%xmm4
	movhlps	%xmm4,%xmm6
	movl	$4,%esi

.Loop_schedule_192:
	call	_vpaes_schedule_round
.byte	102,15,58,15,198,8
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_round
	decq	%rsi
	jz	.Lschedule_mangle_last
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	jmp	.Loop_schedule_192











.align	16
.Lschedule_256:
	movdqu	16(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movl	$7,%esi

.Loop_schedule_256:
	call	_vpaes_schedule_mangle	
	movdqa	%xmm0,%xmm6


	call	_vpaes_schedule_round
	decq	%rsi
	jz	.Lschedule_mangle_last
	call	_vpaes_schedule_mangle	


	pshufd	$255,%xmm0,%xmm0
	movdqa	%xmm7,%xmm5
	movdqa	%xmm6,%xmm7
	call	_vpaes_schedule_low_round
	movdqa	%xmm5,%xmm7

	jmp	.Loop_schedule_256












.align	16
.Lschedule_mangle_last:

	leaq	.Lk_deskew(%rip),%r11
	testq	%rcx,%rcx
	jnz	.Lschedule_mangle_last_dec


	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,193
	leaq	.Lk_opt(%rip),%r11
	addq	$32,%rdx

.Lschedule_mangle_last_dec:
	addq	$-16,%rdx
	pxor	.Lk_s63(%rip),%xmm0
	call	_vpaes_schedule_transform 
	movdqu	%xmm0,(%rdx)


	pxor	%xmm0,%xmm0
	pxor	%xmm1,%xmm1
	pxor	%xmm2,%xmm2
	pxor	%xmm3,%xmm3
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	pxor	%xmm6,%xmm6
	pxor	%xmm7,%xmm7
	.byte	0xf3,0xc3
.size	_vpaes_schedule_core,.-_vpaes_schedule_core















.type	_vpaes_schedule_192_smear,@function
.align	16
_vpaes_schedule_192_smear:
	pshufd	$128,%xmm6,%xmm0
	pxor	%xmm0,%xmm6
	pshufd	$254,%xmm7,%xmm0
	pxor	%xmm0,%xmm6
	movdqa	%xmm6,%xmm0
	pxor	%xmm1,%xmm1
	movhlps	%xmm1,%xmm6
	.byte	0xf3,0xc3
.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear



















.type	_vpaes_schedule_round,@function
.align	16
_vpaes_schedule_round:

	pxor	%xmm1,%xmm1
.byte	102,65,15,58,15,200,15
.byte	102,69,15,58,15,192,15
	pxor	%xmm1,%xmm7


	pshufd	$255,%xmm0,%xmm0
.byte	102,15,58,15,192,1




_vpaes_schedule_low_round:

	movdqa	%xmm7,%xmm1
	pslldq	$4,%xmm7
	pxor	%xmm1,%xmm7
	movdqa	%xmm7,%xmm1
	pslldq	$8,%xmm7
	pxor	%xmm1,%xmm7
	pxor	.Lk_s63(%rip),%xmm7


	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0


	pxor	%xmm7,%xmm0
	movdqa	%xmm0,%xmm7
	.byte	0xf3,0xc3
.size	_vpaes_schedule_round,.-_vpaes_schedule_round










.type	_vpaes_schedule_transform,@function
.align	16
_vpaes_schedule_transform:
	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	(%r11),%xmm2
.byte	102,15,56,0,208
	movdqa	16(%r11),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm2,%xmm0
	.byte	0xf3,0xc3
.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
























.type	_vpaes_schedule_mangle,@function
.align	16
_vpaes_schedule_mangle:
	movdqa	%xmm0,%xmm4
	movdqa	.Lk_mc_forward(%rip),%xmm5
	testq	%rcx,%rcx
	jnz	.Lschedule_mangle_dec


	addq	$16,%rdx
	pxor	.Lk_s63(%rip),%xmm4
.byte	102,15,56,0,229
	movdqa	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3

	jmp	.Lschedule_mangle_both
.align	16
.Lschedule_mangle_dec:

	leaq	.Lk_dksd(%rip),%r11
	movdqa	%xmm9,%xmm1
	pandn	%xmm4,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm4

	movdqa	0(%r11),%xmm2
.byte	102,15,56,0,212
	movdqa	16(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	32(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	48(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	64(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	80(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	96(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	112(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3

	addq	$-16,%rdx

.Lschedule_mangle_both:
	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	addq	$-16,%r8
	andq	$48,%r8
	movdqu	%xmm3,(%rdx)
	.byte	0xf3,0xc3
.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle




.globl	vpaes_set_encrypt_key
.type	vpaes_set_encrypt_key,@function
.align	16
vpaes_set_encrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)

	movl	$0,%ecx
	movl	$48,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3
.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key

.globl	vpaes_set_decrypt_key
.type	vpaes_set_decrypt_key,@function
.align	16
vpaes_set_decrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)
	shll	$4,%eax
	leaq	16(%rdx,%rax,1),%rdx

	movl	$1,%ecx
	movl	%esi,%r8d
	shrl	$1,%r8d
	andl	$32,%r8d
	xorl	$32,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3
.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key

.globl	vpaes_encrypt
.type	vpaes_encrypt,@function
.align	16
vpaes_encrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_encrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3
.size	vpaes_encrypt,.-vpaes_encrypt

.globl	vpaes_decrypt
.type	vpaes_decrypt,@function
.align	16
vpaes_decrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_decrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3
.size	vpaes_decrypt,.-vpaes_decrypt
.globl	vpaes_cbc_encrypt
.type	vpaes_cbc_encrypt,@function
.align	16
vpaes_cbc_encrypt:
	xchgq	%rcx,%rdx
	subq	$16,%rcx
	jc	.Lcbc_abort
	movdqu	(%r8),%xmm6
	subq	%rdi,%rsi
	call	_vpaes_preheat
	cmpl	$0,%r9d
	je	.Lcbc_dec_loop
	jmp	.Lcbc_enc_loop
.align	16
.Lcbc_enc_loop:
	movdqu	(%rdi),%xmm0
	pxor	%xmm6,%xmm0
	call	_vpaes_encrypt_core
	movdqa	%xmm0,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	.Lcbc_enc_loop
	jmp	.Lcbc_done
.align	16
.Lcbc_dec_loop:
	movdqu	(%rdi),%xmm0
	movdqa	%xmm0,%xmm7
	call	_vpaes_decrypt_core
	pxor	%xmm6,%xmm0
	movdqa	%xmm7,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	.Lcbc_dec_loop
.Lcbc_done:
	movdqu	%xmm6,(%r8)
.Lcbc_abort:
	.byte	0xf3,0xc3
.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt






.type	_vpaes_preheat,@function
.align	16
_vpaes_preheat:
	leaq	.Lk_s0F(%rip),%r10
	movdqa	-32(%r10),%xmm10
	movdqa	-16(%r10),%xmm11
	movdqa	0(%r10),%xmm9
	movdqa	48(%r10),%xmm13
	movdqa	64(%r10),%xmm12
	movdqa	80(%r10),%xmm15
	movdqa	96(%r10),%xmm14
	.byte	0xf3,0xc3
.size	_vpaes_preheat,.-_vpaes_preheat





.type	_vpaes_consts,@object
.align	64
_vpaes_consts:
.Lk_inv:
.quad	0x0E05060F0D080180, 0x040703090A0B0C02
.quad	0x01040A060F0B0780, 0x030D0E0C02050809

.Lk_s0F:
.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F

.Lk_ipt:
.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81

.Lk_sb1:
.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
.Lk_sb2:
.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
.Lk_sbo:
.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA

.Lk_mc_forward:
.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
.quad	0x080B0A0904070605, 0x000302010C0F0E0D
.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
.quad	0x000302010C0F0E0D, 0x080B0A0904070605

.Lk_mc_backward:
.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
.quad	0x020100030E0D0C0F, 0x0A09080B06050407
.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
.quad	0x0A09080B06050407, 0x020100030E0D0C0F

.Lk_sr:
.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
.quad	0x030E09040F0A0500, 0x0B06010C07020D08
.quad	0x0F060D040B020900, 0x070E050C030A0108
.quad	0x0B0E0104070A0D00, 0x0306090C0F020508

.Lk_rcon:
.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81

.Lk_s63:
.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B

.Lk_opt:
.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0

.Lk_deskew:
.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77





.Lk_dksd:
.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
.Lk_dksb:
.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
.Lk_dkse:
.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
.Lk_dks9:
.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE





.Lk_dipt:
.quad	0x0F505B040B545F00, 0x154A411E114E451A
.quad	0x86E383E660056500, 0x12771772F491F194

.Lk_dsb9:
.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
.Lk_dsbd:
.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
.Lk_dsbb:
.quad	0xD022649296B44200, 0x602646F6B0F2D404
.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
.Lk_dsbe:
.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
.Lk_dsbo:
.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
.align	64
.size	_vpaes_consts,.-_vpaes_consts
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/aes/vpaes-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
.text	
















.type	_vpaes_encrypt_core,@function
.align	16
_vpaes_encrypt_core:
	movq	%rdx,%r9
	movq	$16,%r11
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	.Lk_ipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movdqu	(%r9),%xmm5
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	.Lk_ipt+16(%rip),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm5,%xmm2
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	leaq	.Lk_mc_backward(%rip),%r10
	jmp	.Lenc_entry

.align	16
.Lenc_loop:

	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	movdqa	%xmm15,%xmm5
.byte	102,15,56,0,234
	movdqa	-64(%r11,%r10,1),%xmm1
	movdqa	%xmm14,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm5,%xmm2
	movdqa	(%r11,%r10,1),%xmm4
	movdqa	%xmm0,%xmm3
.byte	102,15,56,0,193
	addq	$16,%r9
	pxor	%xmm2,%xmm0
.byte	102,15,56,0,220
	addq	$16,%r11
	pxor	%xmm0,%xmm3
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm3,%xmm0
	subq	$1,%rax

.Lenc_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm5
.byte	102,15,56,0,232
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm5,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm5,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
	movdqu	(%r9),%xmm5
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	jnz	.Lenc_loop


	movdqa	-96(%r10),%xmm4
	movdqa	-80(%r10),%xmm0
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
.byte	102,15,56,0,195
	movdqa	64(%r11,%r10,1),%xmm1
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,193
	.byte	0xf3,0xc3
.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core






.type	_vpaes_decrypt_core,@function
.align	16
_vpaes_decrypt_core:
	movq	%rdx,%r9
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	.Lk_dipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movq	%rax,%r11
	psrld	$4,%xmm1
	movdqu	(%r9),%xmm5
	shlq	$4,%r11
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	.Lk_dipt+16(%rip),%xmm0
	xorq	$48,%r11
	leaq	.Lk_dsbd(%rip),%r10
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm5,%xmm2
	movdqa	.Lk_mc_forward+48(%rip),%xmm5
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	addq	%r10,%r11
	jmp	.Ldec_entry

.align	16
.Ldec_loop:



	movdqa	-32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	-16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	addq	$16,%r9

.byte	102,15,56,0,197
	movdqa	0(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	subq	$1,%rax

.byte	102,15,56,0,197
	movdqa	32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	48(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,56,0,197
	movdqa	64(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	80(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,58,15,237,12

.Ldec_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqu	(%r9),%xmm0
	jnz	.Ldec_loop


	movdqa	96(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	112(%r10),%xmm0
	movdqa	-352(%r11),%xmm2
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,194
	.byte	0xf3,0xc3
.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core






.type	_vpaes_schedule_core,@function
.align	16
_vpaes_schedule_core:





	call	_vpaes_preheat		
	movdqa	.Lk_rcon(%rip),%xmm8
	movdqu	(%rdi),%xmm0


	movdqa	%xmm0,%xmm3
	leaq	.Lk_ipt(%rip),%r11
	call	_vpaes_schedule_transform
	movdqa	%xmm0,%xmm7

	leaq	.Lk_sr(%rip),%r10
	testq	%rcx,%rcx
	jnz	.Lschedule_am_decrypting


	movdqu	%xmm0,(%rdx)
	jmp	.Lschedule_go

.Lschedule_am_decrypting:

	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	movdqu	%xmm3,(%rdx)
	xorq	$48,%r8

.Lschedule_go:
	cmpl	$192,%esi
	ja	.Lschedule_256
	je	.Lschedule_192










.Lschedule_128:
	movl	$10,%esi

.Loop_schedule_128:
	call	_vpaes_schedule_round
	decq	%rsi
	jz	.Lschedule_mangle_last
	call	_vpaes_schedule_mangle	
	jmp	.Loop_schedule_128
















.align	16
.Lschedule_192:
	movdqu	8(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movdqa	%xmm0,%xmm6
	pxor	%xmm4,%xmm4
	movhlps	%xmm4,%xmm6
	movl	$4,%esi

.Loop_schedule_192:
	call	_vpaes_schedule_round
.byte	102,15,58,15,198,8
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_round
	decq	%rsi
	jz	.Lschedule_mangle_last
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	jmp	.Loop_schedule_192











.align	16
.Lschedule_256:
	movdqu	16(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movl	$7,%esi

.Loop_schedule_256:
	call	_vpaes_schedule_mangle	
	movdqa	%xmm0,%xmm6


	call	_vpaes_schedule_round
	decq	%rsi
	jz	.Lschedule_mangle_last
	call	_vpaes_schedule_mangle	


	pshufd	$255,%xmm0,%xmm0
	movdqa	%xmm7,%xmm5
	movdqa	%xmm6,%xmm7
	call	_vpaes_schedule_low_round
	movdqa	%xmm5,%xmm7

	jmp	.Loop_schedule_256












.align	16
.Lschedule_mangle_last:

	leaq	.Lk_deskew(%rip),%r11
	testq	%rcx,%rcx
	jnz	.Lschedule_mangle_last_dec


	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,193
	leaq	.Lk_opt(%rip),%r11
	addq	$32,%rdx

.Lschedule_mangle_last_dec:
	addq	$-16,%rdx
	pxor	.Lk_s63(%rip),%xmm0
	call	_vpaes_schedule_transform 
	movdqu	%xmm0,(%rdx)


	pxor	%xmm0,%xmm0
	pxor	%xmm1,%xmm1
	pxor	%xmm2,%xmm2
	pxor	%xmm3,%xmm3
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	pxor	%xmm6,%xmm6
	pxor	%xmm7,%xmm7
	.byte	0xf3,0xc3
.size	_vpaes_schedule_core,.-_vpaes_schedule_core















.type	_vpaes_schedule_192_smear,@function
.align	16
_vpaes_schedule_192_smear:
	pshufd	$128,%xmm6,%xmm0
	pxor	%xmm0,%xmm6
	pshufd	$254,%xmm7,%xmm0
	pxor	%xmm0,%xmm6
	movdqa	%xmm6,%xmm0
	pxor	%xmm1,%xmm1
	movhlps	%xmm1,%xmm6
	.byte	0xf3,0xc3
.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear



















.type	_vpaes_schedule_round,@function
.align	16
_vpaes_schedule_round:

	pxor	%xmm1,%xmm1
.byte	102,65,15,58,15,200,15
.byte	102,69,15,58,15,192,15
	pxor	%xmm1,%xmm7


	pshufd	$255,%xmm0,%xmm0
.byte	102,15,58,15,192,1




_vpaes_schedule_low_round:

	movdqa	%xmm7,%xmm1
	pslldq	$4,%xmm7
	pxor	%xmm1,%xmm7
	movdqa	%xmm7,%xmm1
	pslldq	$8,%xmm7
	pxor	%xmm1,%xmm7
	pxor	.Lk_s63(%rip),%xmm7


	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0


	pxor	%xmm7,%xmm0
	movdqa	%xmm0,%xmm7
	.byte	0xf3,0xc3
.size	_vpaes_schedule_round,.-_vpaes_schedule_round










.type	_vpaes_schedule_transform,@function
.align	16
_vpaes_schedule_transform:
	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	(%r11),%xmm2
.byte	102,15,56,0,208
	movdqa	16(%r11),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm2,%xmm0
	.byte	0xf3,0xc3
.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
























.type	_vpaes_schedule_mangle,@function
.align	16
_vpaes_schedule_mangle:
	movdqa	%xmm0,%xmm4
	movdqa	.Lk_mc_forward(%rip),%xmm5
	testq	%rcx,%rcx
	jnz	.Lschedule_mangle_dec


	addq	$16,%rdx
	pxor	.Lk_s63(%rip),%xmm4
.byte	102,15,56,0,229
	movdqa	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3

	jmp	.Lschedule_mangle_both
.align	16
.Lschedule_mangle_dec:

	leaq	.Lk_dksd(%rip),%r11
	movdqa	%xmm9,%xmm1
	pandn	%xmm4,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm4

	movdqa	0(%r11),%xmm2
.byte	102,15,56,0,212
	movdqa	16(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	32(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	48(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	64(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	80(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	96(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	112(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3

	addq	$-16,%rdx

.Lschedule_mangle_both:
	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	addq	$-16,%r8
	andq	$48,%r8
	movdqu	%xmm3,(%rdx)
	.byte	0xf3,0xc3
.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle




.globl	vpaes_set_encrypt_key
.type	vpaes_set_encrypt_key,@function
.align	16
vpaes_set_encrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)

	movl	$0,%ecx
	movl	$48,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3
.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key

.globl	vpaes_set_decrypt_key
.type	vpaes_set_decrypt_key,@function
.align	16
vpaes_set_decrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)
	shll	$4,%eax
	leaq	16(%rdx,%rax,1),%rdx

	movl	$1,%ecx
	movl	%esi,%r8d
	shrl	$1,%r8d
	andl	$32,%r8d
	xorl	$32,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3
.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key

.globl	vpaes_encrypt
.type	vpaes_encrypt,@function
.align	16
vpaes_encrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_encrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3
.size	vpaes_encrypt,.-vpaes_encrypt

.globl	vpaes_decrypt
.type	vpaes_decrypt,@function
.align	16
vpaes_decrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_decrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3
.size	vpaes_decrypt,.-vpaes_decrypt
.globl	vpaes_cbc_encrypt
.type	vpaes_cbc_encrypt,@function
.align	16
vpaes_cbc_encrypt:
	xchgq	%rcx,%rdx
	subq	$16,%rcx
	jc	.Lcbc_abort
	movdqu	(%r8),%xmm6
	subq	%rdi,%rsi
	call	_vpaes_preheat
	cmpl	$0,%r9d
	je	.Lcbc_dec_loop
	jmp	.Lcbc_enc_loop
.align	16
.Lcbc_enc_loop:
	movdqu	(%rdi),%xmm0
	pxor	%xmm6,%xmm0
	call	_vpaes_encrypt_core
	movdqa	%xmm0,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	.Lcbc_enc_loop
	jmp	.Lcbc_done
.align	16
.Lcbc_dec_loop:
	movdqu	(%rdi),%xmm0
	movdqa	%xmm0,%xmm7
	call	_vpaes_decrypt_core
	pxor	%xmm6,%xmm0
	movdqa	%xmm7,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	.Lcbc_dec_loop
.Lcbc_done:
	movdqu	%xmm6,(%r8)
.Lcbc_abort:
	.byte	0xf3,0xc3
.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt






.type	_vpaes_preheat,@function
.align	16
_vpaes_preheat:
	leaq	.Lk_s0F(%rip),%r10
	movdqa	-32(%r10),%xmm10
	movdqa	-16(%r10),%xmm11
	movdqa	0(%r10),%xmm9
	movdqa	48(%r10),%xmm13
	movdqa	64(%r10),%xmm12
	movdqa	80(%r10),%xmm15
	movdqa	96(%r10),%xmm14
	.byte	0xf3,0xc3
.size	_vpaes_preheat,.-_vpaes_preheat





.type	_vpaes_consts,@object
.align	64
_vpaes_consts:
.Lk_inv:
.quad	0x0E05060F0D080180, 0x040703090A0B0C02
.quad	0x01040A060F0B0780, 0x030D0E0C02050809

.Lk_s0F:
.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F

.Lk_ipt:
.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81

.Lk_sb1:
.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
.Lk_sb2:
.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
.Lk_sbo:
.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA

.Lk_mc_forward:
.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
.quad	0x080B0A0904070605, 0x000302010C0F0E0D
.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
.quad	0x000302010C0F0E0D, 0x080B0A0904070605

.Lk_mc_backward:
.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
.quad	0x020100030E0D0C0F, 0x0A09080B06050407
.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
.quad	0x0A09080B06050407, 0x020100030E0D0C0F

.Lk_sr:
.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
.quad	0x030E09040F0A0500, 0x0B06010C07020D08
.quad	0x0F060D040B020900, 0x070E050C030A0108
.quad	0x0B0E0104070A0D00, 0x0306090C0F020508

.Lk_rcon:
.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81

.Lk_s63:
.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B

.Lk_opt:
.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0

.Lk_deskew:
.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77





.Lk_dksd:
.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
.Lk_dksb:
.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
.Lk_dkse:
.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
.Lk_dks9:
.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE





.Lk_dipt:
.quad	0x0F505B040B545F00, 0x154A411E114E451A
.quad	0x86E383E660056500, 0x12771772F491F194

.Lk_dsb9:
.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
.Lk_dsbd:
.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
.Lk_dsbb:
.quad	0xD022649296B44200, 0x602646F6B0F2D404
.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
.Lk_dsbe:
.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
.Lk_dsbo:
.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
.align	64
.size	_vpaes_consts,.-_vpaes_consts
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/aes/vpaes-macosx-x86_64.S.


























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
#include "x86_arch.h"
.text	

















.p2align	4
_vpaes_encrypt_core:
	movq	%rdx,%r9
	movq	$16,%r11
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	L$k_ipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movdqu	(%r9),%xmm5
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	L$k_ipt+16(%rip),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm5,%xmm2
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	leaq	L$k_mc_backward(%rip),%r10
	jmp	L$enc_entry

.p2align	4
L$enc_loop:

	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	movdqa	%xmm15,%xmm5
.byte	102,15,56,0,234
	movdqa	-64(%r11,%r10,1),%xmm1
	movdqa	%xmm14,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm5,%xmm2
	movdqa	(%r11,%r10,1),%xmm4
	movdqa	%xmm0,%xmm3
.byte	102,15,56,0,193
	addq	$16,%r9
	pxor	%xmm2,%xmm0
.byte	102,15,56,0,220
	addq	$16,%r11
	pxor	%xmm0,%xmm3
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm3,%xmm0
	subq	$1,%rax

L$enc_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm5
.byte	102,15,56,0,232
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm5,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm5,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
	movdqu	(%r9),%xmm5
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	jnz	L$enc_loop


	movdqa	-96(%r10),%xmm4
	movdqa	-80(%r10),%xmm0
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
.byte	102,15,56,0,195
	movdqa	64(%r11,%r10,1),%xmm1
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,193
	.byte	0xf3,0xc3








.p2align	4
_vpaes_decrypt_core:
	movq	%rdx,%r9
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	L$k_dipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movq	%rax,%r11
	psrld	$4,%xmm1
	movdqu	(%r9),%xmm5
	shlq	$4,%r11
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	L$k_dipt+16(%rip),%xmm0
	xorq	$48,%r11
	leaq	L$k_dsbd(%rip),%r10
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm5,%xmm2
	movdqa	L$k_mc_forward+48(%rip),%xmm5
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	addq	%r10,%r11
	jmp	L$dec_entry

.p2align	4
L$dec_loop:



	movdqa	-32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	-16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	addq	$16,%r9

.byte	102,15,56,0,197
	movdqa	0(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	subq	$1,%rax

.byte	102,15,56,0,197
	movdqa	32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	48(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,56,0,197
	movdqa	64(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	80(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,58,15,237,12

L$dec_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqu	(%r9),%xmm0
	jnz	L$dec_loop


	movdqa	96(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	112(%r10),%xmm0
	movdqa	-352(%r11),%xmm2
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,194
	.byte	0xf3,0xc3








.p2align	4
_vpaes_schedule_core:





	call	_vpaes_preheat		
	movdqa	L$k_rcon(%rip),%xmm8
	movdqu	(%rdi),%xmm0


	movdqa	%xmm0,%xmm3
	leaq	L$k_ipt(%rip),%r11
	call	_vpaes_schedule_transform
	movdqa	%xmm0,%xmm7

	leaq	L$k_sr(%rip),%r10
	testq	%rcx,%rcx
	jnz	L$schedule_am_decrypting


	movdqu	%xmm0,(%rdx)
	jmp	L$schedule_go

L$schedule_am_decrypting:

	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	movdqu	%xmm3,(%rdx)
	xorq	$48,%r8

L$schedule_go:
	cmpl	$192,%esi
	ja	L$schedule_256
	je	L$schedule_192










L$schedule_128:
	movl	$10,%esi

L$oop_schedule_128:
	call	_vpaes_schedule_round
	decq	%rsi
	jz	L$schedule_mangle_last
	call	_vpaes_schedule_mangle	
	jmp	L$oop_schedule_128
















.p2align	4
L$schedule_192:
	movdqu	8(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movdqa	%xmm0,%xmm6
	pxor	%xmm4,%xmm4
	movhlps	%xmm4,%xmm6
	movl	$4,%esi

L$oop_schedule_192:
	call	_vpaes_schedule_round
.byte	102,15,58,15,198,8
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_round
	decq	%rsi
	jz	L$schedule_mangle_last
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	jmp	L$oop_schedule_192











.p2align	4
L$schedule_256:
	movdqu	16(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movl	$7,%esi

L$oop_schedule_256:
	call	_vpaes_schedule_mangle	
	movdqa	%xmm0,%xmm6


	call	_vpaes_schedule_round
	decq	%rsi
	jz	L$schedule_mangle_last
	call	_vpaes_schedule_mangle	


	pshufd	$255,%xmm0,%xmm0
	movdqa	%xmm7,%xmm5
	movdqa	%xmm6,%xmm7
	call	_vpaes_schedule_low_round
	movdqa	%xmm5,%xmm7

	jmp	L$oop_schedule_256












.p2align	4
L$schedule_mangle_last:

	leaq	L$k_deskew(%rip),%r11
	testq	%rcx,%rcx
	jnz	L$schedule_mangle_last_dec


	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,193
	leaq	L$k_opt(%rip),%r11
	addq	$32,%rdx

L$schedule_mangle_last_dec:
	addq	$-16,%rdx
	pxor	L$k_s63(%rip),%xmm0
	call	_vpaes_schedule_transform 
	movdqu	%xmm0,(%rdx)


	pxor	%xmm0,%xmm0
	pxor	%xmm1,%xmm1
	pxor	%xmm2,%xmm2
	pxor	%xmm3,%xmm3
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	pxor	%xmm6,%xmm6
	pxor	%xmm7,%xmm7
	.byte	0xf3,0xc3

















.p2align	4
_vpaes_schedule_192_smear:
	pshufd	$128,%xmm6,%xmm0
	pxor	%xmm0,%xmm6
	pshufd	$254,%xmm7,%xmm0
	pxor	%xmm0,%xmm6
	movdqa	%xmm6,%xmm0
	pxor	%xmm1,%xmm1
	movhlps	%xmm1,%xmm6
	.byte	0xf3,0xc3





















.p2align	4
_vpaes_schedule_round:

	pxor	%xmm1,%xmm1
.byte	102,65,15,58,15,200,15
.byte	102,69,15,58,15,192,15
	pxor	%xmm1,%xmm7


	pshufd	$255,%xmm0,%xmm0
.byte	102,15,58,15,192,1




_vpaes_schedule_low_round:

	movdqa	%xmm7,%xmm1
	pslldq	$4,%xmm7
	pxor	%xmm1,%xmm7
	movdqa	%xmm7,%xmm1
	pslldq	$8,%xmm7
	pxor	%xmm1,%xmm7
	pxor	L$k_s63(%rip),%xmm7


	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0


	pxor	%xmm7,%xmm0
	movdqa	%xmm0,%xmm7
	.byte	0xf3,0xc3












.p2align	4
_vpaes_schedule_transform:
	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	(%r11),%xmm2
.byte	102,15,56,0,208
	movdqa	16(%r11),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm2,%xmm0
	.byte	0xf3,0xc3


























.p2align	4
_vpaes_schedule_mangle:
	movdqa	%xmm0,%xmm4
	movdqa	L$k_mc_forward(%rip),%xmm5
	testq	%rcx,%rcx
	jnz	L$schedule_mangle_dec


	addq	$16,%rdx
	pxor	L$k_s63(%rip),%xmm4
.byte	102,15,56,0,229
	movdqa	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3

	jmp	L$schedule_mangle_both
.p2align	4
L$schedule_mangle_dec:

	leaq	L$k_dksd(%rip),%r11
	movdqa	%xmm9,%xmm1
	pandn	%xmm4,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm4

	movdqa	0(%r11),%xmm2
.byte	102,15,56,0,212
	movdqa	16(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	32(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	48(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	64(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	80(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	96(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	112(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3

	addq	$-16,%rdx

L$schedule_mangle_both:
	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	addq	$-16,%r8
	andq	$48,%r8
	movdqu	%xmm3,(%rdx)
	.byte	0xf3,0xc3





.globl	_vpaes_set_encrypt_key

.p2align	4
_vpaes_set_encrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)

	movl	$0,%ecx
	movl	$48,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3


.globl	_vpaes_set_decrypt_key

.p2align	4
_vpaes_set_decrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)
	shll	$4,%eax
	leaq	16(%rdx,%rax,1),%rdx

	movl	$1,%ecx
	movl	%esi,%r8d
	shrl	$1,%r8d
	andl	$32,%r8d
	xorl	$32,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3


.globl	_vpaes_encrypt

.p2align	4
_vpaes_encrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_encrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3


.globl	_vpaes_decrypt

.p2align	4
_vpaes_decrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_decrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3

.globl	_vpaes_cbc_encrypt

.p2align	4
_vpaes_cbc_encrypt:
	xchgq	%rcx,%rdx
	subq	$16,%rcx
	jc	L$cbc_abort
	movdqu	(%r8),%xmm6
	subq	%rdi,%rsi
	call	_vpaes_preheat
	cmpl	$0,%r9d
	je	L$cbc_dec_loop
	jmp	L$cbc_enc_loop
.p2align	4
L$cbc_enc_loop:
	movdqu	(%rdi),%xmm0
	pxor	%xmm6,%xmm0
	call	_vpaes_encrypt_core
	movdqa	%xmm0,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	L$cbc_enc_loop
	jmp	L$cbc_done
.p2align	4
L$cbc_dec_loop:
	movdqu	(%rdi),%xmm0
	movdqa	%xmm0,%xmm7
	call	_vpaes_decrypt_core
	pxor	%xmm6,%xmm0
	movdqa	%xmm7,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	L$cbc_dec_loop
L$cbc_done:
	movdqu	%xmm6,(%r8)
L$cbc_abort:
	.byte	0xf3,0xc3








.p2align	4
_vpaes_preheat:
	leaq	L$k_s0F(%rip),%r10
	movdqa	-32(%r10),%xmm10
	movdqa	-16(%r10),%xmm11
	movdqa	0(%r10),%xmm9
	movdqa	48(%r10),%xmm13
	movdqa	64(%r10),%xmm12
	movdqa	80(%r10),%xmm15
	movdqa	96(%r10),%xmm14
	.byte	0xf3,0xc3







.p2align	6
_vpaes_consts:
L$k_inv:
.quad	0x0E05060F0D080180, 0x040703090A0B0C02
.quad	0x01040A060F0B0780, 0x030D0E0C02050809

L$k_s0F:
.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F

L$k_ipt:
.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81

L$k_sb1:
.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
L$k_sb2:
.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
L$k_sbo:
.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA

L$k_mc_forward:
.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
.quad	0x080B0A0904070605, 0x000302010C0F0E0D
.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
.quad	0x000302010C0F0E0D, 0x080B0A0904070605

L$k_mc_backward:
.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
.quad	0x020100030E0D0C0F, 0x0A09080B06050407
.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
.quad	0x0A09080B06050407, 0x020100030E0D0C0F

L$k_sr:
.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
.quad	0x030E09040F0A0500, 0x0B06010C07020D08
.quad	0x0F060D040B020900, 0x070E050C030A0108
.quad	0x0B0E0104070A0D00, 0x0306090C0F020508

L$k_rcon:
.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81

L$k_s63:
.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B

L$k_opt:
.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0

L$k_deskew:
.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77





L$k_dksd:
.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
L$k_dksb:
.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
L$k_dkse:
.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
L$k_dks9:
.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE





L$k_dipt:
.quad	0x0F505B040B545F00, 0x154A411E114E451A
.quad	0x86E383E660056500, 0x12771772F491F194

L$k_dsb9:
.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
L$k_dsbd:
.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
L$k_dsbb:
.quad	0xD022649296B44200, 0x602646F6B0F2D404
.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
L$k_dsbe:
.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
L$k_dsbo:
.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
.p2align	6

Deleted jni/libressl/crypto/aes/vpaes-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
.text	

















.p2align	4
_vpaes_encrypt_core:
	movq	%rdx,%r9
	movq	$16,%r11
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	L$k_ipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movdqu	(%r9),%xmm5
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	L$k_ipt+16(%rip),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm5,%xmm2
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	leaq	L$k_mc_backward(%rip),%r10
	jmp	L$enc_entry

.p2align	4
L$enc_loop:

	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	movdqa	%xmm15,%xmm5
.byte	102,15,56,0,234
	movdqa	-64(%r11,%r10,1),%xmm1
	movdqa	%xmm14,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm5,%xmm2
	movdqa	(%r11,%r10,1),%xmm4
	movdqa	%xmm0,%xmm3
.byte	102,15,56,0,193
	addq	$16,%r9
	pxor	%xmm2,%xmm0
.byte	102,15,56,0,220
	addq	$16,%r11
	pxor	%xmm0,%xmm3
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm3,%xmm0
	subq	$1,%rax

L$enc_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm5
.byte	102,15,56,0,232
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm5,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm5,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
	movdqu	(%r9),%xmm5
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	jnz	L$enc_loop


	movdqa	-96(%r10),%xmm4
	movdqa	-80(%r10),%xmm0
.byte	102,15,56,0,226
	pxor	%xmm5,%xmm4
.byte	102,15,56,0,195
	movdqa	64(%r11,%r10,1),%xmm1
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,193
	.byte	0xf3,0xc3








.p2align	4
_vpaes_decrypt_core:
	movq	%rdx,%r9
	movl	240(%rdx),%eax
	movdqa	%xmm9,%xmm1
	movdqa	L$k_dipt(%rip),%xmm2
	pandn	%xmm0,%xmm1
	movq	%rax,%r11
	psrld	$4,%xmm1
	movdqu	(%r9),%xmm5
	shlq	$4,%r11
	pand	%xmm9,%xmm0
.byte	102,15,56,0,208
	movdqa	L$k_dipt+16(%rip),%xmm0
	xorq	$48,%r11
	leaq	L$k_dsbd(%rip),%r10
.byte	102,15,56,0,193
	andq	$48,%r11
	pxor	%xmm5,%xmm2
	movdqa	L$k_mc_forward+48(%rip),%xmm5
	pxor	%xmm2,%xmm0
	addq	$16,%r9
	addq	%r10,%r11
	jmp	L$dec_entry

.p2align	4
L$dec_loop:



	movdqa	-32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	-16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	addq	$16,%r9

.byte	102,15,56,0,197
	movdqa	0(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	16(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
	subq	$1,%rax

.byte	102,15,56,0,197
	movdqa	32(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	48(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,56,0,197
	movdqa	64(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	80(%r10),%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0

.byte	102,15,58,15,237,12

L$dec_entry:

	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqu	(%r9),%xmm0
	jnz	L$dec_loop


	movdqa	96(%r10),%xmm4
.byte	102,15,56,0,226
	pxor	%xmm0,%xmm4
	movdqa	112(%r10),%xmm0
	movdqa	-352(%r11),%xmm2
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,194
	.byte	0xf3,0xc3








.p2align	4
_vpaes_schedule_core:





	call	_vpaes_preheat		
	movdqa	L$k_rcon(%rip),%xmm8
	movdqu	(%rdi),%xmm0


	movdqa	%xmm0,%xmm3
	leaq	L$k_ipt(%rip),%r11
	call	_vpaes_schedule_transform
	movdqa	%xmm0,%xmm7

	leaq	L$k_sr(%rip),%r10
	testq	%rcx,%rcx
	jnz	L$schedule_am_decrypting


	movdqu	%xmm0,(%rdx)
	jmp	L$schedule_go

L$schedule_am_decrypting:

	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	movdqu	%xmm3,(%rdx)
	xorq	$48,%r8

L$schedule_go:
	cmpl	$192,%esi
	ja	L$schedule_256
	je	L$schedule_192










L$schedule_128:
	movl	$10,%esi

L$oop_schedule_128:
	call	_vpaes_schedule_round
	decq	%rsi
	jz	L$schedule_mangle_last
	call	_vpaes_schedule_mangle	
	jmp	L$oop_schedule_128
















.p2align	4
L$schedule_192:
	movdqu	8(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movdqa	%xmm0,%xmm6
	pxor	%xmm4,%xmm4
	movhlps	%xmm4,%xmm6
	movl	$4,%esi

L$oop_schedule_192:
	call	_vpaes_schedule_round
.byte	102,15,58,15,198,8
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_round
	decq	%rsi
	jz	L$schedule_mangle_last
	call	_vpaes_schedule_mangle	
	call	_vpaes_schedule_192_smear
	jmp	L$oop_schedule_192











.p2align	4
L$schedule_256:
	movdqu	16(%rdi),%xmm0
	call	_vpaes_schedule_transform	
	movl	$7,%esi

L$oop_schedule_256:
	call	_vpaes_schedule_mangle	
	movdqa	%xmm0,%xmm6


	call	_vpaes_schedule_round
	decq	%rsi
	jz	L$schedule_mangle_last
	call	_vpaes_schedule_mangle	


	pshufd	$255,%xmm0,%xmm0
	movdqa	%xmm7,%xmm5
	movdqa	%xmm6,%xmm7
	call	_vpaes_schedule_low_round
	movdqa	%xmm5,%xmm7

	jmp	L$oop_schedule_256












.p2align	4
L$schedule_mangle_last:

	leaq	L$k_deskew(%rip),%r11
	testq	%rcx,%rcx
	jnz	L$schedule_mangle_last_dec


	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,193
	leaq	L$k_opt(%rip),%r11
	addq	$32,%rdx

L$schedule_mangle_last_dec:
	addq	$-16,%rdx
	pxor	L$k_s63(%rip),%xmm0
	call	_vpaes_schedule_transform 
	movdqu	%xmm0,(%rdx)


	pxor	%xmm0,%xmm0
	pxor	%xmm1,%xmm1
	pxor	%xmm2,%xmm2
	pxor	%xmm3,%xmm3
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	pxor	%xmm6,%xmm6
	pxor	%xmm7,%xmm7
	.byte	0xf3,0xc3

















.p2align	4
_vpaes_schedule_192_smear:
	pshufd	$128,%xmm6,%xmm0
	pxor	%xmm0,%xmm6
	pshufd	$254,%xmm7,%xmm0
	pxor	%xmm0,%xmm6
	movdqa	%xmm6,%xmm0
	pxor	%xmm1,%xmm1
	movhlps	%xmm1,%xmm6
	.byte	0xf3,0xc3





















.p2align	4
_vpaes_schedule_round:

	pxor	%xmm1,%xmm1
.byte	102,65,15,58,15,200,15
.byte	102,69,15,58,15,192,15
	pxor	%xmm1,%xmm7


	pshufd	$255,%xmm0,%xmm0
.byte	102,15,58,15,192,1




_vpaes_schedule_low_round:

	movdqa	%xmm7,%xmm1
	pslldq	$4,%xmm7
	pxor	%xmm1,%xmm7
	movdqa	%xmm7,%xmm1
	pslldq	$8,%xmm7
	pxor	%xmm1,%xmm7
	pxor	L$k_s63(%rip),%xmm7


	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	%xmm11,%xmm2
.byte	102,15,56,0,208
	pxor	%xmm1,%xmm0
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
	movdqa	%xmm10,%xmm4
.byte	102,15,56,0,224
	pxor	%xmm2,%xmm4
	movdqa	%xmm10,%xmm2
.byte	102,15,56,0,211
	pxor	%xmm0,%xmm2
	movdqa	%xmm10,%xmm3
.byte	102,15,56,0,220
	pxor	%xmm1,%xmm3
	movdqa	%xmm13,%xmm4
.byte	102,15,56,0,226
	movdqa	%xmm12,%xmm0
.byte	102,15,56,0,195
	pxor	%xmm4,%xmm0


	pxor	%xmm7,%xmm0
	movdqa	%xmm0,%xmm7
	.byte	0xf3,0xc3












.p2align	4
_vpaes_schedule_transform:
	movdqa	%xmm9,%xmm1
	pandn	%xmm0,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm0
	movdqa	(%r11),%xmm2
.byte	102,15,56,0,208
	movdqa	16(%r11),%xmm0
.byte	102,15,56,0,193
	pxor	%xmm2,%xmm0
	.byte	0xf3,0xc3


























.p2align	4
_vpaes_schedule_mangle:
	movdqa	%xmm0,%xmm4
	movdqa	L$k_mc_forward(%rip),%xmm5
	testq	%rcx,%rcx
	jnz	L$schedule_mangle_dec


	addq	$16,%rdx
	pxor	L$k_s63(%rip),%xmm4
.byte	102,15,56,0,229
	movdqa	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3
.byte	102,15,56,0,229
	pxor	%xmm4,%xmm3

	jmp	L$schedule_mangle_both
.p2align	4
L$schedule_mangle_dec:

	leaq	L$k_dksd(%rip),%r11
	movdqa	%xmm9,%xmm1
	pandn	%xmm4,%xmm1
	psrld	$4,%xmm1
	pand	%xmm9,%xmm4

	movdqa	0(%r11),%xmm2
.byte	102,15,56,0,212
	movdqa	16(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	32(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	48(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	64(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	80(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3
.byte	102,15,56,0,221

	movdqa	96(%r11),%xmm2
.byte	102,15,56,0,212
	pxor	%xmm3,%xmm2
	movdqa	112(%r11),%xmm3
.byte	102,15,56,0,217
	pxor	%xmm2,%xmm3

	addq	$-16,%rdx

L$schedule_mangle_both:
	movdqa	(%r8,%r10,1),%xmm1
.byte	102,15,56,0,217
	addq	$-16,%r8
	andq	$48,%r8
	movdqu	%xmm3,(%rdx)
	.byte	0xf3,0xc3





.globl	_vpaes_set_encrypt_key

.p2align	4
_vpaes_set_encrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)

	movl	$0,%ecx
	movl	$48,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3


.globl	_vpaes_set_decrypt_key

.p2align	4
_vpaes_set_decrypt_key:
	movl	%esi,%eax
	shrl	$5,%eax
	addl	$5,%eax
	movl	%eax,240(%rdx)
	shll	$4,%eax
	leaq	16(%rdx,%rax,1),%rdx

	movl	$1,%ecx
	movl	%esi,%r8d
	shrl	$1,%r8d
	andl	$32,%r8d
	xorl	$32,%r8d
	call	_vpaes_schedule_core
	xorl	%eax,%eax
	.byte	0xf3,0xc3


.globl	_vpaes_encrypt

.p2align	4
_vpaes_encrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_encrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3


.globl	_vpaes_decrypt

.p2align	4
_vpaes_decrypt:
	movdqu	(%rdi),%xmm0
	call	_vpaes_preheat
	call	_vpaes_decrypt_core
	movdqu	%xmm0,(%rsi)
	.byte	0xf3,0xc3

.globl	_vpaes_cbc_encrypt

.p2align	4
_vpaes_cbc_encrypt:
	xchgq	%rcx,%rdx
	subq	$16,%rcx
	jc	L$cbc_abort
	movdqu	(%r8),%xmm6
	subq	%rdi,%rsi
	call	_vpaes_preheat
	cmpl	$0,%r9d
	je	L$cbc_dec_loop
	jmp	L$cbc_enc_loop
.p2align	4
L$cbc_enc_loop:
	movdqu	(%rdi),%xmm0
	pxor	%xmm6,%xmm0
	call	_vpaes_encrypt_core
	movdqa	%xmm0,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	L$cbc_enc_loop
	jmp	L$cbc_done
.p2align	4
L$cbc_dec_loop:
	movdqu	(%rdi),%xmm0
	movdqa	%xmm0,%xmm7
	call	_vpaes_decrypt_core
	pxor	%xmm6,%xmm0
	movdqa	%xmm7,%xmm6
	movdqu	%xmm0,(%rsi,%rdi,1)
	leaq	16(%rdi),%rdi
	subq	$16,%rcx
	jnc	L$cbc_dec_loop
L$cbc_done:
	movdqu	%xmm6,(%r8)
L$cbc_abort:
	.byte	0xf3,0xc3








.p2align	4
_vpaes_preheat:
	leaq	L$k_s0F(%rip),%r10
	movdqa	-32(%r10),%xmm10
	movdqa	-16(%r10),%xmm11
	movdqa	0(%r10),%xmm9
	movdqa	48(%r10),%xmm13
	movdqa	64(%r10),%xmm12
	movdqa	80(%r10),%xmm15
	movdqa	96(%r10),%xmm14
	.byte	0xf3,0xc3







.p2align	6
_vpaes_consts:
L$k_inv:
.quad	0x0E05060F0D080180, 0x040703090A0B0C02
.quad	0x01040A060F0B0780, 0x030D0E0C02050809

L$k_s0F:
.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F

L$k_ipt:
.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81

L$k_sb1:
.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
L$k_sb2:
.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
L$k_sbo:
.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA

L$k_mc_forward:
.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
.quad	0x080B0A0904070605, 0x000302010C0F0E0D
.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
.quad	0x000302010C0F0E0D, 0x080B0A0904070605

L$k_mc_backward:
.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
.quad	0x020100030E0D0C0F, 0x0A09080B06050407
.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
.quad	0x0A09080B06050407, 0x020100030E0D0C0F

L$k_sr:
.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
.quad	0x030E09040F0A0500, 0x0B06010C07020D08
.quad	0x0F060D040B020900, 0x070E050C030A0108
.quad	0x0B0E0104070A0D00, 0x0306090C0F020508

L$k_rcon:
.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81

L$k_s63:
.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B

L$k_opt:
.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0

L$k_deskew:
.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77





L$k_dksd:
.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
L$k_dksb:
.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
L$k_dkse:
.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
L$k_dks9:
.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE





L$k_dipt:
.quad	0x0F505B040B545F00, 0x154A411E114E451A
.quad	0x86E383E660056500, 0x12771772F491F194

L$k_dsb9:
.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
L$k_dsbd:
.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
L$k_dsbb:
.quad	0xD022649296B44200, 0x602646F6B0F2D404
.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
L$k_dsbe:
.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
L$k_dsbo:
.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
.p2align	6

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/asn1/a_bitstr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_bitstr.c,v 1.22 2015/07/29 14:58:34 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_bitstr.c,v 1.24 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
	ret->type = V_ASN1_BIT_STRING;
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
		ASN1_BIT_STRING_free(ret);
	return (NULL);
}

/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
 */







|







172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
	ret->type = V_ASN1_BIT_STRING;
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1error(i);
	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
		ASN1_BIT_STRING_free(ret);
	return (NULL);
}

/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
 */
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
	a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */

	if ((a->length < (w + 1)) || (a->data == NULL)) {
		if (!value)
			return(1); /* Don't need to set */
		c = OPENSSL_realloc_clean(a->data, a->length, w + 1);
		if (c == NULL) {
			ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (w + 1 - a->length > 0)
			memset(c + a->length, 0, w + 1 - a->length);
		a->data = c;
		a->length = w + 1;
	}







|







202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
	a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */

	if ((a->length < (w + 1)) || (a->data == NULL)) {
		if (!value)
			return(1); /* Don't need to set */
		c = OPENSSL_realloc_clean(a->data, a->length, w + 1);
		if (c == NULL) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (w + 1 - a->length > 0)
			memset(c + a->length, 0, w + 1 - a->length);
		a->data = c;
		a->length = w + 1;
	}
Changes to jni/libressl/crypto/asn1/a_bool.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_bool.c,v 1.6 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_bool.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
106
107
108
109
110
111
112
113
114
115
	ret = (int)*(p++);
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
	return (ret);
}







|


106
107
108
109
110
111
112
113
114
115
	ret = (int)*(p++);
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1error(i);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/a_bytes.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_bytes.c,v 1.17 2014/07/10 13:58:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_bytes.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
	ret->type = tag;
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
	if (a == NULL || *a != ret)
		ASN1_STRING_free(ret);
	return (NULL);
}

int
i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)







|







119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
	ret->type = tag;
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1error(i);
	if (a == NULL || *a != ret)
		ASN1_STRING_free(ret);
	return (NULL);
}

int
i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	if (a == NULL || *a != ret)
		ASN1_STRING_free(ret);
	ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
	return (NULL);
}


/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
 * them into the one structure that is then returned */
/* There have been a few bug fixes for this function from







|







231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	if (a == NULL || *a != ret)
		ASN1_STRING_free(ret);
	ASN1error(i);
	return (NULL);
}


/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
 * them into the one structure that is then returned */
/* There have been a few bug fixes for this function from
295
296
297
298
299
300
301
302
303
304
305
306
	a->length = num;
	free(a->data);
	a->data = (unsigned char *)b.data;
	ASN1_STRING_free(os);
	return (1);

err:
	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
	ASN1_STRING_free(os);
	free(b.data);
	return (0);
}







|




295
296
297
298
299
300
301
302
303
304
305
306
	a->length = num;
	free(a->data);
	a->data = (unsigned char *)b.data;
	ASN1_STRING_free(os);
	return (1);

err:
	ASN1error(c->error);
	ASN1_STRING_free(os);
	free(b.data);
	return (0);
}
Changes to jni/libressl/crypto/asn1/a_d2i_fp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_d2i_fp.c,v 1.14 2016/05/04 14:58:09 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_d2i_fp.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
void *
ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
{
	BIO *b;
	void *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
		return (NULL);
	}
	BIO_set_fp(b, in, BIO_NOCLOSE);
	ret = ASN1_d2i_bio(xnew, d2i, b, x);
	BIO_free(b);
	return (ret);
}







|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
void *
ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
{
	BIO *b;
	void *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1error(ERR_R_BUF_LIB);
		return (NULL);
	}
	BIO_set_fp(b, in, BIO_NOCLOSE);
	ret = ASN1_d2i_bio(xnew, d2i, b, x);
	BIO_free(b);
	return (ret);
}
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
void *
ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
{
	BIO *b;
	char *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
		return (NULL);
	}
	BIO_set_fp(b, in, BIO_NOCLOSE);
	ret = ASN1_item_d2i_bio(it, b, x);
	BIO_free(b);
	return (ret);
}







|







130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
void *
ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
{
	BIO *b;
	char *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1error(ERR_R_BUF_LIB);
		return (NULL);
	}
	BIO_set_fp(b, in, BIO_NOCLOSE);
	ret = ASN1_item_d2i_bio(it, b, x);
	BIO_free(b);
	return (ret);
}
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
	size_t want = HEADER_SIZE;
	int eos = 0;
	size_t off = 0;
	size_t len = 0;

	b = BUF_MEM_new();
	if (b == NULL) {
		ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
		return -1;
	}

	ERR_clear_error();
	for (;;) {
		if (want >= (len - off)) {
			want -= (len - off);

			if (len + want < len ||
			    !BUF_MEM_grow_clean(b, len + want)) {
				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			i = BIO_read(in, &(b->data[len]), want);
			if ((i < 0) && ((len - off) == 0)) {
				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
				    ASN1_R_NOT_ENOUGH_DATA);
				goto err;
			}
			if (i > 0) {
				if (len + i < len) {
					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
					    ASN1_R_TOO_LONG);
					goto err;
				}
				len += i;
			}
		}
		/* else data already loaded */








|










<
|




<
|




<
|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

173
174
175
176
177

178
179
180
181
182

183
184
185
186
187
188
189
190
	size_t want = HEADER_SIZE;
	int eos = 0;
	size_t off = 0;
	size_t len = 0;

	b = BUF_MEM_new();
	if (b == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return -1;
	}

	ERR_clear_error();
	for (;;) {
		if (want >= (len - off)) {
			want -= (len - off);

			if (len + want < len ||
			    !BUF_MEM_grow_clean(b, len + want)) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			i = BIO_read(in, &(b->data[len]), want);
			if ((i < 0) && ((len - off) == 0)) {

				ASN1error(ASN1_R_NOT_ENOUGH_DATA);
				goto err;
			}
			if (i > 0) {
				if (len + i < len) {

					ASN1error(ASN1_R_TOO_LONG);
					goto err;
				}
				len += i;
			}
		}
		/* else data already loaded */

207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
		i = c.p - p;	/* header length */
		off += i;	/* end of data */

		if (c.inf & 1) {
			/* no data body so go round again */
			eos++;
			if (eos < 0) {
				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
				    ASN1_R_HEADER_TOO_LONG);
				goto err;
			}
			want = HEADER_SIZE;
		} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
			/* eos value, so go back and read another header */
			eos--;
			if (eos <= 0)
				break;
			else
				want = HEADER_SIZE;
		} else {
			/* suck in c.slen bytes of data */
			want = c.slen;
			if (want > (len - off)) {
				size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;

				want -= (len - off);
				if (want > INT_MAX /* BIO_read takes an int length */ ||
				    len+want < len) {
					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
					    ASN1_R_TOO_LONG);
					goto err;
				}
				while (want > 0) {
					/*
					 * Read content in chunks of increasing size
					 * so we can return an error for EOF without
					 * having to allocate the entire content length
					 * in one go.
					 */
					size_t chunk = want > chunk_max ? chunk_max : want;

					if (!BUF_MEM_grow_clean(b, len + chunk)) {
						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
						    ERR_R_MALLOC_FAILURE);
						goto err;
					}
					want -= chunk;
					while (chunk > 0) {
						i = BIO_read(in, &(b->data[len]), chunk);
						if (i <= 0) {
							ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
							    ASN1_R_NOT_ENOUGH_DATA);
							goto err;
						}
						/*
						 * This can't overflow because |len+want|
						 * didn't overflow.
						 */
						len += i;
						chunk -= i;
					}
					if (chunk_max < INT_MAX/2)
						chunk_max *= 2;
				}
			}
			if (off + c.slen < off) {
				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
				goto err;
			}
			off += c.slen;
			if (eos <= 0) {
				break;
			} else
				want = HEADER_SIZE;
		}
	}

	if (off > INT_MAX) {
		ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
		goto err;
	}

	*pb = b;
	return off;

err:
	if (b != NULL)
		BUF_MEM_free(b);
	return -1;
}







<
|



















<
|












<
|






<
|














|











|











204
205
206
207
208
209
210

211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

231
232
233
234
235
236
237
238
239
240
241
242
243

244
245
246
247
248
249
250

251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
		i = c.p - p;	/* header length */
		off += i;	/* end of data */

		if (c.inf & 1) {
			/* no data body so go round again */
			eos++;
			if (eos < 0) {

				ASN1error(ASN1_R_HEADER_TOO_LONG);
				goto err;
			}
			want = HEADER_SIZE;
		} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
			/* eos value, so go back and read another header */
			eos--;
			if (eos <= 0)
				break;
			else
				want = HEADER_SIZE;
		} else {
			/* suck in c.slen bytes of data */
			want = c.slen;
			if (want > (len - off)) {
				size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;

				want -= (len - off);
				if (want > INT_MAX /* BIO_read takes an int length */ ||
				    len+want < len) {

					ASN1error(ASN1_R_TOO_LONG);
					goto err;
				}
				while (want > 0) {
					/*
					 * Read content in chunks of increasing size
					 * so we can return an error for EOF without
					 * having to allocate the entire content length
					 * in one go.
					 */
					size_t chunk = want > chunk_max ? chunk_max : want;

					if (!BUF_MEM_grow_clean(b, len + chunk)) {

						ASN1error(ERR_R_MALLOC_FAILURE);
						goto err;
					}
					want -= chunk;
					while (chunk > 0) {
						i = BIO_read(in, &(b->data[len]), chunk);
						if (i <= 0) {

							ASN1error(ASN1_R_NOT_ENOUGH_DATA);
							goto err;
						}
						/*
						 * This can't overflow because |len+want|
						 * didn't overflow.
						 */
						len += i;
						chunk -= i;
					}
					if (chunk_max < INT_MAX/2)
						chunk_max *= 2;
				}
			}
			if (off + c.slen < off) {
				ASN1error(ASN1_R_TOO_LONG);
				goto err;
			}
			off += c.slen;
			if (eos <= 0) {
				break;
			} else
				want = HEADER_SIZE;
		}
	}

	if (off > INT_MAX) {
		ASN1error(ASN1_R_TOO_LONG);
		goto err;
	}

	*pb = b;
	return off;

err:
	if (b != NULL)
		BUF_MEM_free(b);
	return -1;
}
Changes to jni/libressl/crypto/asn1/a_digest.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_digest.c,v 1.14 2014/06/24 19:37:58 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_digest.c,v 1.15 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/a_dup.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_dup.c,v 1.12 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_dup.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

	if (x == NULL)
		return (NULL);

	i = i2d(x, NULL);
	b = malloc(i + 10);
	if (b == NULL) {
		ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	p = b;
	i = i2d(x, &p);
	p2 = b;
	ret = d2i(NULL, &p2, i);
	free(b);







|







73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

	if (x == NULL)
		return (NULL);

	i = i2d(x, NULL);
	b = malloc(i + 10);
	if (b == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	p = b;
	i = i2d(x, &p);
	p2 = b;
	ret = d2i(NULL, &p2, i);
	free(b);
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
	void *ret;

	if (x == NULL)
		return (NULL);

	i = ASN1_item_i2d(x, &b, it);
	if (b == NULL) {
		ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	p = b;
	ret = ASN1_item_d2i(NULL, &p, i, it);
	free(b);
	return (ret);
}







|







104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
	void *ret;

	if (x == NULL)
		return (NULL);

	i = ASN1_item_i2d(x, &b, it);
	if (b == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	p = b;
	ret = ASN1_item_d2i(NULL, &p, i, it);
	free(b);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/a_enum.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_enum.c,v 1.16 2014/09/21 12:17:42 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_enum.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

	a->type = V_ASN1_ENUMERATED;
	if (a->length < (int)(sizeof(long) + 1)) {
		free(a->data);
		a->data = calloc(1, sizeof(long) + 1);
	}
	if (a->data == NULL) {
		ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	d = v;
	if (d < 0) {
		d = -d;
		a->type = V_ASN1_NEG_ENUMERATED;
	}







|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

	a->type = V_ASN1_ENUMERATED;
	if (a->length < (int)(sizeof(long) + 1)) {
		free(a->data);
		a->data = calloc(1, sizeof(long) + 1);
	}
	if (a->data == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	d = v;
	if (d < 0) {
		d = -d;
		a->type = V_ASN1_NEG_ENUMERATED;
	}
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
	int len, j;

	if (ai == NULL)
		ret = ASN1_ENUMERATED_new();
	else
		ret = ai;
	if (ret == NULL) {
		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	if (BN_is_negative(bn))
		ret->type = V_ASN1_NEG_ENUMERATED;
	else
		ret->type = V_ASN1_ENUMERATED;
	j = BN_num_bits(bn);
	len = ((j == 0) ? 0 : ((j / 8) + 1));
	if (ret->length < len + 4) {
		unsigned char *new_data = realloc(ret->data, len + 4);
		if (!new_data) {
			ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ret->data = new_data;
	}
	ret->length = BN_bn2bin(bn, ret->data);

	/* Correct zero case */







|











|







140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
	int len, j;

	if (ai == NULL)
		ret = ASN1_ENUMERATED_new();
	else
		ret = ai;
	if (ret == NULL) {
		ASN1error(ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	if (BN_is_negative(bn))
		ret->type = V_ASN1_NEG_ENUMERATED;
	else
		ret->type = V_ASN1_ENUMERATED;
	j = BN_num_bits(bn);
	len = ((j == 0) ? 0 : ((j / 8) + 1));
	if (ret->length < len + 4) {
		unsigned char *new_data = realloc(ret->data, len + 4);
		if (!new_data) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ret->data = new_data;
	}
	ret->length = BN_bn2bin(bn, ret->data);

	/* Correct zero case */
178
179
180
181
182
183
184
185
186
187
188
189

BIGNUM *
ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
{
	BIGNUM *ret;

	if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
	else if (ai->type == V_ASN1_NEG_ENUMERATED)
		BN_set_negative(ret, 1);
	return (ret);
}







|




178
179
180
181
182
183
184
185
186
187
188
189

BIGNUM *
ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
{
	BIGNUM *ret;

	if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
		ASN1error(ASN1_R_BN_LIB);
	else if (ai->type == V_ASN1_NEG_ENUMERATED)
		BN_set_negative(ret, 1);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/a_i2d_fp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_i2d_fp.c,v 1.13 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_i2d_fp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
int
ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, out, BIO_NOCLOSE);
	ret = ASN1_i2d_bio(i2d, b, x);
	BIO_free(b);
	return (ret);
}

int
ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
{
	char *b;
	unsigned char *p;
	int i, j = 0, n, ret = 1;

	n = i2d(x, NULL);
	b = malloc(n);
	if (b == NULL) {
		ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
		return (0);
	}

	p = (unsigned char *)b;
	i2d(x, &p);

	for (;;) {







|


















|







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
int
ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1error(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, out, BIO_NOCLOSE);
	ret = ASN1_i2d_bio(i2d, b, x);
	BIO_free(b);
	return (ret);
}

int
ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
{
	char *b;
	unsigned char *p;
	int i, j = 0, n, ret = 1;

	n = i2d(x, NULL);
	b = malloc(n);
	if (b == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (0);
	}

	p = (unsigned char *)b;
	i2d(x, &p);

	for (;;) {
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
int
ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, out, BIO_NOCLOSE);
	ret = ASN1_item_i2d_bio(it, b, x);
	BIO_free(b);
	return (ret);
}

int
ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
{
	unsigned char *b = NULL;
	int i, j = 0, n, ret = 1;

	n = ASN1_item_i2d(x, &b, it);
	if (b == NULL) {
		ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
		return (0);
	}

	for (;;) {
		i = BIO_write(out, &(b[j]), n);
		if (i == n)
			break;







|
















|







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
int
ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ASN1error(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, out, BIO_NOCLOSE);
	ret = ASN1_item_i2d_bio(it, b, x);
	BIO_free(b);
	return (ret);
}

int
ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
{
	unsigned char *b = NULL;
	int i, j = 0, n, ret = 1;

	n = ASN1_item_i2d(x, &b, it);
	if (b == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (0);
	}

	for (;;) {
		i = BIO_write(out, &(b[j]), n);
		if (i == n)
			break;
Changes to jni/libressl/crypto/asn1/a_int.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_int.c,v 1.28 2015/07/29 14:58:34 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_int.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
	ret->length = (int)len;
	if (a != NULL)
		(*a) = ret;
	*pp = pend;
	return (ret);

err:
	ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
	if (a == NULL || *a != ret)
		ASN1_INTEGER_free(ret);
	return (NULL);
}


/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of







|







262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
	ret->length = (int)len;
	if (a != NULL)
		(*a) = ret;
	*pp = pend;
	return (ret);

err:
	ASN1error(i);
	if (a == NULL || *a != ret)
		ASN1_INTEGER_free(ret);
	return (NULL);
}


/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
	ret->length = (int)len;
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
	if (a == NULL || *a != ret)
		ASN1_INTEGER_free(ret);
	return (NULL);
}

int
ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
{
	int j, k;
	unsigned int i;
	unsigned char buf[sizeof(long) + 1];
	long d;

	a->type = V_ASN1_INTEGER;
	/* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */
	if (a->length < (int)(sizeof(long) + 1)) {
		free(a->data);
		a->data = calloc(1, sizeof(long) + 1);
	}
	if (a->data == NULL) {
		ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	d = v;
	if (d < 0) {
		d = -d;
		a->type = V_ASN1_NEG_INTEGER;
	}







|




















|







328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
	ret->length = (int)len;
	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1error(i);
	if (a == NULL || *a != ret)
		ASN1_INTEGER_free(ret);
	return (NULL);
}

int
ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
{
	int j, k;
	unsigned int i;
	unsigned char buf[sizeof(long) + 1];
	long d;

	a->type = V_ASN1_INTEGER;
	/* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */
	if (a->length < (int)(sizeof(long) + 1)) {
		free(a->data);
		a->data = calloc(1, sizeof(long) + 1);
	}
	if (a->data == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	d = v;
	if (d < 0) {
		d = -d;
		a->type = V_ASN1_NEG_INTEGER;
	}
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
	int len, j;

	if (ai == NULL)
		ret = ASN1_INTEGER_new();
	else
		ret = ai;
	if (ret == NULL) {
		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	if (BN_is_negative(bn))
		ret->type = V_ASN1_NEG_INTEGER;
	else
		ret->type = V_ASN1_INTEGER;
	j = BN_num_bits(bn);
	len = ((j == 0) ? 0 : ((j / 8) + 1));
	if (ret->length < len + 4) {
		unsigned char *new_data = realloc(ret->data, len + 4);
		if (!new_data) {
			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ret->data = new_data;
	}
	ret->length = BN_bn2bin(bn, ret->data);

	/* Correct zero case */







|











|







412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
	int len, j;

	if (ai == NULL)
		ret = ASN1_INTEGER_new();
	else
		ret = ai;
	if (ret == NULL) {
		ASN1error(ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	if (BN_is_negative(bn))
		ret->type = V_ASN1_NEG_INTEGER;
	else
		ret->type = V_ASN1_INTEGER;
	j = BN_num_bits(bn);
	len = ((j == 0) ? 0 : ((j / 8) + 1));
	if (ret->length < len + 4) {
		unsigned char *new_data = realloc(ret->data, len + 4);
		if (!new_data) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ret->data = new_data;
	}
	ret->length = BN_bn2bin(bn, ret->data);

	/* Correct zero case */
450
451
452
453
454
455
456
457
458
459
460
461

BIGNUM *
ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
{
	BIGNUM *ret;

	if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
	else if (ai->type == V_ASN1_NEG_INTEGER)
		BN_set_negative(ret, 1);
	return (ret);
}







|




450
451
452
453
454
455
456
457
458
459
460
461

BIGNUM *
ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
{
	BIGNUM *ret;

	if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
		ASN1error(ASN1_R_BN_LIB);
	else if (ai->type == V_ASN1_NEG_INTEGER)
		BN_set_negative(ret, 1);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/a_mbstr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_mbstr.c,v 1.21 2014/10/12 20:47:12 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_mbstr.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
	if (!mask)
		mask = DIRSTRING_TYPE;

	/* First do a string check and work out the number of characters */
	switch (inform) {
	case MBSTRING_BMP:
		if (len & 1) {
			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
			    ASN1_R_INVALID_BMPSTRING_LENGTH);
			return -1;
		}
		nchar = len >> 1;
		break;

	case MBSTRING_UNIV:
		if (len & 3) {
			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
			    ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
			return -1;
		}
		nchar = len >> 2;
		break;

	case MBSTRING_UTF8:
		nchar = 0;
		/* This counts the characters and does utf8 syntax checking */
		ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
		if (ret < 0) {
			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
			    ASN1_R_INVALID_UTF8STRING);
			return -1;
		}
		break;

	case MBSTRING_ASC:
		nchar = len;
		break;

	default:
		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
		return -1;
	}

	if ((minsize > 0) && (nchar < minsize)) {
		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
		ERR_asprintf_error_data("minsize=%ld", minsize);
		return -1;
	}

	if ((maxsize > 0) && (nchar > maxsize)) {
		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
		ERR_asprintf_error_data("maxsize=%ld", maxsize);
		return -1;
	}

	/* Now work out minimal type (if any) */
	if (traverse_string(in, len, inform, type_str, &mask) < 0) {
		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
		return -1;
	}


	/* Now work out output format and string type */
	outform = MBSTRING_ASC;
	if (mask & B_ASN1_PRINTABLESTRING)







<
|







<
|










<
|









|




|





|






|







109
110
111
112
113
114
115

116
117
118
119
120
121
122
123

124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
	if (!mask)
		mask = DIRSTRING_TYPE;

	/* First do a string check and work out the number of characters */
	switch (inform) {
	case MBSTRING_BMP:
		if (len & 1) {

			ASN1error(ASN1_R_INVALID_BMPSTRING_LENGTH);
			return -1;
		}
		nchar = len >> 1;
		break;

	case MBSTRING_UNIV:
		if (len & 3) {

			ASN1error(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
			return -1;
		}
		nchar = len >> 2;
		break;

	case MBSTRING_UTF8:
		nchar = 0;
		/* This counts the characters and does utf8 syntax checking */
		ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
		if (ret < 0) {

			ASN1error(ASN1_R_INVALID_UTF8STRING);
			return -1;
		}
		break;

	case MBSTRING_ASC:
		nchar = len;
		break;

	default:
		ASN1error(ASN1_R_UNKNOWN_FORMAT);
		return -1;
	}

	if ((minsize > 0) && (nchar < minsize)) {
		ASN1error(ASN1_R_STRING_TOO_SHORT);
		ERR_asprintf_error_data("minsize=%ld", minsize);
		return -1;
	}

	if ((maxsize > 0) && (nchar > maxsize)) {
		ASN1error(ASN1_R_STRING_TOO_LONG);
		ERR_asprintf_error_data("maxsize=%ld", maxsize);
		return -1;
	}

	/* Now work out minimal type (if any) */
	if (traverse_string(in, len, inform, type_str, &mask) < 0) {
		ASN1error(ASN1_R_ILLEGAL_CHARACTERS);
		return -1;
	}


	/* Now work out output format and string type */
	outform = MBSTRING_ASC;
	if (mask & B_ASN1_PRINTABLESTRING)
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
			dest->data = NULL;
		}
		dest->type = str_type;
	} else {
		free_out = 1;
		dest = ASN1_STRING_type_new(str_type);
		if (!dest) {
			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
			    ERR_R_MALLOC_FAILURE);
			return -1;
		}
		*out = dest;
	}
	/* If both the same type just copy across */
	if (inform == outform) {
		if (!ASN1_STRING_set(dest, in, len)) {
			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		return str_type;
	}

	/* Work out how much space the destination will need */
	switch (outform) {







<
|







<
|







194
195
196
197
198
199
200

201
202
203
204
205
206
207
208

209
210
211
212
213
214
215
216
			dest->data = NULL;
		}
		dest->type = str_type;
	} else {
		free_out = 1;
		dest = ASN1_STRING_type_new(str_type);
		if (!dest) {

			ASN1error(ERR_R_MALLOC_FAILURE);
			return -1;
		}
		*out = dest;
	}
	/* If both the same type just copy across */
	if (inform == outform) {
		if (!ASN1_STRING_set(dest, in, len)) {

			ASN1error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		return str_type;
	}

	/* Work out how much space the destination will need */
	switch (outform) {
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
		outlen = nchar << 2;
		cpyfunc = cpy_univ;
		break;

	case MBSTRING_UTF8:
		outlen = 0;
		if (traverse_string(in, len, inform, out_utf8, &outlen) < 0) {
			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
			    ASN1_R_ILLEGAL_CHARACTERS);
			goto err;
		}
		cpyfunc = cpy_utf8;
		break;
	}
	if (!(p = malloc(outlen + 1))) {
		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	dest->length = outlen;
	dest->data = p;
	p[outlen] = 0;
	traverse_string(in, len, inform, cpyfunc, &p);
	return str_type;







<
|






|







228
229
230
231
232
233
234

235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
		outlen = nchar << 2;
		cpyfunc = cpy_univ;
		break;

	case MBSTRING_UTF8:
		outlen = 0;
		if (traverse_string(in, len, inform, out_utf8, &outlen) < 0) {

			ASN1error(ASN1_R_ILLEGAL_CHARACTERS);
			goto err;
		}
		cpyfunc = cpy_utf8;
		break;
	}
	if (!(p = malloc(outlen + 1))) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	dest->length = outlen;
	dest->data = p;
	p[outlen] = 0;
	traverse_string(in, len, inform, cpyfunc, &p);
	return str_type;
Changes to jni/libressl/crypto/asn1/a_object.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_object.c,v 1.25 2016/03/06 18:05:00 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_object.c,v 1.29 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

	p = buf;
	c = *(p++);
	num--;
	if ((c >= '0') && (c <= '2')) {
		first= c-'0';
	} else {
		ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
		goto err;
	}

	if (num <= 0) {
		ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
		goto err;
	}
	c = *(p++);
	num--;
	for (;;) {
		if (num <= 0)
			break;
		if ((c != '.') && (c != ' ')) {
			ASN1err(ASN1_F_A2D_ASN1_OBJECT,
			    ASN1_R_INVALID_SEPARATOR);
			goto err;
		}
		l = 0;
		use_bn = 0;
		for (;;) {
			if (num <= 0)
				break;
			num--;
			c = *(p++);
			if ((c == ' ') || (c == '.'))
				break;
			if ((c < '0') || (c > '9')) {
				ASN1err(ASN1_F_A2D_ASN1_OBJECT,
				    ASN1_R_INVALID_DIGIT);
				goto err;
			}
			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
				use_bn = 1;
				if (!bl)
					bl = BN_new();
				if (!bl || !BN_set_word(bl, l))
					goto err;
			}
			if (use_bn) {
				if (!BN_mul_word(bl, 10L) ||
				    !BN_add_word(bl, c-'0'))
					goto err;
			} else
				l = l * 10L + (long)(c - '0');
		}
		if (len == 0) {
			if ((first < 2) && (l >= 40)) {
				ASN1err(ASN1_F_A2D_ASN1_OBJECT,
				    ASN1_R_SECOND_NUMBER_TOO_LARGE);
				goto err;
			}
			if (use_bn) {
				if (!BN_add_word(bl, first * 40))
					goto err;
			} else
				l += (long)first * 40;







|




|








<
|












<
|


















<
|







105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

126
127
128
129
130
131
132
133
134
135
136
137
138

139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

158
159
160
161
162
163
164
165

	p = buf;
	c = *(p++);
	num--;
	if ((c >= '0') && (c <= '2')) {
		first= c-'0';
	} else {
		ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE);
		goto err;
	}

	if (num <= 0) {
		ASN1error(ASN1_R_MISSING_SECOND_NUMBER);
		goto err;
	}
	c = *(p++);
	num--;
	for (;;) {
		if (num <= 0)
			break;
		if ((c != '.') && (c != ' ')) {

			ASN1error(ASN1_R_INVALID_SEPARATOR);
			goto err;
		}
		l = 0;
		use_bn = 0;
		for (;;) {
			if (num <= 0)
				break;
			num--;
			c = *(p++);
			if ((c == ' ') || (c == '.'))
				break;
			if ((c < '0') || (c > '9')) {

				ASN1error(ASN1_R_INVALID_DIGIT);
				goto err;
			}
			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
				use_bn = 1;
				if (!bl)
					bl = BN_new();
				if (!bl || !BN_set_word(bl, l))
					goto err;
			}
			if (use_bn) {
				if (!BN_mul_word(bl, 10L) ||
				    !BN_add_word(bl, c-'0'))
					goto err;
			} else
				l = l * 10L + (long)(c - '0');
		}
		if (len == 0) {
			if ((first < 2) && (l >= 40)) {

				ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE);
				goto err;
			}
			if (use_bn) {
				if (!BN_add_word(bl, first * 40))
					goto err;
			} else
				l += (long)first * 40;
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
				if (l == 0L)
					break;
			}

		}
		if (out != NULL) {
			if (len + i > olen) {
				ASN1err(ASN1_F_A2D_ASN1_OBJECT,
				    ASN1_R_BUFFER_TOO_SMALL);
				goto err;
			}
			while (--i > 0)
				out[len++] = tmp[i]|0x80;
			out[len++] = tmp[0];
		} else
			len += i;







<
|







187
188
189
190
191
192
193

194
195
196
197
198
199
200
201
				if (l == 0L)
					break;
			}

		}
		if (out != NULL) {
			if (len + i > olen) {

				ASN1error(ASN1_R_BUFFER_TOO_SMALL);
				goto err;
			}
			while (--i > 0)
				out[len++] = tmp[i]|0x80;
			out[len++] = tmp[0];
		} else
			len += i;
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323

324
325
326
327
328

329
330
331
332
333
334
335

336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
	}
	ret = c2i_ASN1_OBJECT(a, &p, len);
	if (ret)
		*pp = p;
	return ret;

err:
	ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
	return (NULL);
}

ASN1_OBJECT *
c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
{
	ASN1_OBJECT *ret = NULL;
	const unsigned char *p;
	unsigned char *data;
	int i, length;

	/*
	 * Sanity check OID encoding:
	 * - need at least one content octet
	 * - MSB must be clear in the last octet
	 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
	 */
	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
	    p[len - 1] & 0x80) {
		ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
		return (NULL);
	}

	/* Now 0 < len <= INT_MAX, so the cast is safe. */
	length = (int)len;
	for (i = 0; i < length; i++, p++) {
		if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
			ASN1err(ASN1_F_C2I_ASN1_OBJECT,
			    ASN1_R_INVALID_OBJECT_ENCODING);
			return NULL;
		}
	}

	/* only the ASN1_OBJECTs from the 'table' will have values
	 * for ->sn or ->ln */
	if ((a == NULL) || ((*a) == NULL) ||
	    !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
		if ((ret = ASN1_OBJECT_new()) == NULL)
			return (NULL);
	} else
		ret = (*a);

	p = *pp;

	/* detach data from object */
	data = (unsigned char *)ret->data;
	if (data != NULL)
		explicit_bzero(data, ret->length);
	free(data);

	data = malloc(length);
	if (data == NULL) {
		i = ERR_R_MALLOC_FAILURE;
		goto err;
	}
	ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
	memcpy(data, p, length);

	/* reattach data to object, after which it remains const */
	ret->data = data;
	ret->length = length;
	ret->sn = NULL;
	ret->ln = NULL;
	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
	p += length;

	if (a != NULL)
		(*a) = ret;
	*pp = p;
	return (ret);

err:
	ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
		ASN1_OBJECT_free(ret);
	return (NULL);
}

ASN1_OBJECT *
ASN1_OBJECT_new(void)
{
	ASN1_OBJECT *ret;

	ret = malloc(sizeof(ASN1_OBJECT));
	if (ret == NULL) {
		ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->length = 0;
	ret->data = NULL;
	ret->nid = 0;
	ret->sn = NULL;
	ret->ln = NULL;







|






|












|







<
|
|










|


>





>


|


|

>





|



|




<
|











|







269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303

304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347

348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
	}
	ret = c2i_ASN1_OBJECT(a, &p, len);
	if (ret)
		*pp = p;
	return ret;

err:
	ASN1error(i);
	return (NULL);
}

ASN1_OBJECT *
c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
{
	ASN1_OBJECT *ret;
	const unsigned char *p;
	unsigned char *data;
	int i, length;

	/*
	 * Sanity check OID encoding:
	 * - need at least one content octet
	 * - MSB must be clear in the last octet
	 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
	 */
	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
	    p[len - 1] & 0x80) {
		ASN1error(ASN1_R_INVALID_OBJECT_ENCODING);
		return (NULL);
	}

	/* Now 0 < len <= INT_MAX, so the cast is safe. */
	length = (int)len;
	for (i = 0; i < length; i++, p++) {
		if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {

			ASN1error(ASN1_R_INVALID_OBJECT_ENCODING);
			return (NULL);
		}
	}

	/* only the ASN1_OBJECTs from the 'table' will have values
	 * for ->sn or ->ln */
	if ((a == NULL) || ((*a) == NULL) ||
	    !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
		if ((ret = ASN1_OBJECT_new()) == NULL)
			return (NULL);
	} else
		ret = *a;

	p = *pp;

	/* detach data from object */
	data = (unsigned char *)ret->data;
	if (data != NULL)
		explicit_bzero(data, ret->length);
	free(data);

	data = malloc(length);
	if (data == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	memcpy(data, p, length);

	/* reattach data to object, after which it remains const */
	ret->data = data;
	ret->length = length;
	ret->sn = NULL;
	ret->ln = NULL;
	ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
	p += length;

	if (a != NULL)
		*a = ret;
	*pp = p;
	return (ret);

err:

	if (a == NULL || ret != *a)
		ASN1_OBJECT_free(ret);
	return (NULL);
}

ASN1_OBJECT *
ASN1_OBJECT_new(void)
{
	ASN1_OBJECT *ret;

	ret = malloc(sizeof(ASN1_OBJECT));
	if (ret == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->length = 0;
	ret->data = NULL;
	ret->nid = 0;
	ret->sn = NULL;
	ret->ln = NULL;
Changes to jni/libressl/crypto/asn1/a_octet.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_octet.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_octet.c,v 1.10 2015/07/29 14:58:34 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/a_print.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_print.c,v 1.10 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_print.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/a_set.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_set.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_set.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/asn1_mac.h>
#include <openssl/err.h>

#ifndef NO_ASN1_OLD

typedef struct {







<
<
<







54
55
56
57
58
59
60



61
62
63
64
65
66
67
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>




#include <openssl/asn1_mac.h>
#include <openssl/err.h>

#ifndef NO_ASN1_OLD

typedef struct {
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
		return r;
	}

	pStart  = p;	/* Catch the beg of Setblobs*/
	/* In this array we will store the SET blobs */
	rgSetBlob = reallocarray(NULL, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB));
	if (rgSetBlob == NULL) {
		ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
		rgSetBlob[i].pbData = p;	/* catch each set encode blob */
		i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
		/* Length of this SetBlob */
		rgSetBlob[i].cbData = p - rgSetBlob[i].pbData;
	}
	*pp = p;
	totSize = p - pStart;	/* This is the total size of all set blobs */

	/* Now we have to sort the blobs. I am using a simple algo.
	 * Sort ptrs
	 * Copy to temp-mem
	 * Copy from temp-mem to user-mem
	 */
	qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
	if ((pTempMem = malloc(totSize)) == NULL) {
		free(rgSetBlob);
		ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	/* Copy to temp mem */
	p = pTempMem;
	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
		memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);







|




















|







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
		return r;
	}

	pStart  = p;	/* Catch the beg of Setblobs*/
	/* In this array we will store the SET blobs */
	rgSetBlob = reallocarray(NULL, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB));
	if (rgSetBlob == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
		rgSetBlob[i].pbData = p;	/* catch each set encode blob */
		i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
		/* Length of this SetBlob */
		rgSetBlob[i].cbData = p - rgSetBlob[i].pbData;
	}
	*pp = p;
	totSize = p - pStart;	/* This is the total size of all set blobs */

	/* Now we have to sort the blobs. I am using a simple algo.
	 * Sort ptrs
	 * Copy to temp-mem
	 * Copy from temp-mem to user-mem
	 */
	qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
	if ((pTempMem = malloc(totSize)) == NULL) {
		free(rgSetBlob);
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	/* Copy to temp mem */
	p = pTempMem;
	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
		memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
    int ex_class)
{
	ASN1_const_CTX c;
	STACK_OF(OPENSSL_BLOCK) *ret = NULL;

	if (a == NULL || (*a) == NULL) {
		if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
			ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	} else
		ret = *a;

	c.p = *pp;
	c.max = (length == 0) ? 0 : (c.p + length);

	c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
	if (c.inf & 0x80)
		goto err;
	if (ex_class != c.xclass) {
		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
		goto err;
	}
	if (ex_tag != c.tag) {
		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
		goto err;
	}
	if (c.slen + c.p > c.max) {
		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
		goto err;
	}
	/* check for infinite constructed - it can be as long
	 * as the amount of data passed to us */
	if (c.inf == (V_ASN1_CONSTRUCTED + 1))
		c.slen = length + *pp - c.p;
	c.max = c.p + c.slen;

	while (c.p < c.max) {
		char *s;

		if (M_ASN1_D2I_end_sequence())
			break;
		if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
			ASN1err(ASN1_F_D2I_ASN1_SET,
			    ASN1_R_ERROR_PARSING_SET_ELEMENT);
			asn1_add_error(*pp, (int)(c.p - *pp));
			goto err;
		}
		if (!sk_OPENSSL_BLOCK_push(ret, s))
			goto err;
	}
	if (a != NULL)







|












|



|



|














<
|







171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

214
215
216
217
218
219
220
221
    int ex_class)
{
	ASN1_const_CTX c;
	STACK_OF(OPENSSL_BLOCK) *ret = NULL;

	if (a == NULL || (*a) == NULL) {
		if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	} else
		ret = *a;

	c.p = *pp;
	c.max = (length == 0) ? 0 : (c.p + length);

	c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
	if (c.inf & 0x80)
		goto err;
	if (ex_class != c.xclass) {
		ASN1error(ASN1_R_BAD_CLASS);
		goto err;
	}
	if (ex_tag != c.tag) {
		ASN1error(ASN1_R_BAD_TAG);
		goto err;
	}
	if (c.slen + c.p > c.max) {
		ASN1error(ASN1_R_LENGTH_ERROR);
		goto err;
	}
	/* check for infinite constructed - it can be as long
	 * as the amount of data passed to us */
	if (c.inf == (V_ASN1_CONSTRUCTED + 1))
		c.slen = length + *pp - c.p;
	c.max = c.p + c.slen;

	while (c.p < c.max) {
		char *s;

		if (M_ASN1_D2I_end_sequence())
			break;
		if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {

			ASN1error(ASN1_R_ERROR_PARSING_SET_ELEMENT);
			asn1_add_error(*pp, (int)(c.p - *pp));
			goto err;
		}
		if (!sk_OPENSSL_BLOCK_push(ret, s))
			goto err;
	}
	if (a != NULL)
Changes to jni/libressl/crypto/asn1/a_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_sign.c,v 1.20 2015/07/19 18:29:31 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_sign.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
	int signid, paramtype;
	int rv;

	type = EVP_MD_CTX_md(ctx);
	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);

	if (!type || !pkey) {
		ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
		    ASN1_R_CONTEXT_NOT_INITIALISED);
		return 0;
	}

	if (pkey->ameth->item_sign) {
		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
		    signature);
		if (rv == 1)
			outl = signature->length;
		/* Return value meanings:
		 * <=0: error.
		 *   1: method does everything.
		 *   2: carry on as normal.
		 *   3: ASN1 method sets algorithm identifiers: just sign.
		 */
		if (rv <= 0)
			ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
		if (rv <= 1)
			goto err;
	} else
		rv = 2;

	if (rv == 2) {
		if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
			if (!pkey->ameth ||
			    !OBJ_find_sigid_by_algs(&signid,
				EVP_MD_nid(type), pkey->ameth->pkey_id)) {
				ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
				    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
				return 0;
			}
		} else
			signid = type->pkey_type;

		if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
			paramtype = V_ASN1_NULL;







<
|















|










<
|







149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

183
184
185
186
187
188
189
190
	int signid, paramtype;
	int rv;

	type = EVP_MD_CTX_md(ctx);
	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);

	if (!type || !pkey) {

		ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
		return 0;
	}

	if (pkey->ameth->item_sign) {
		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
		    signature);
		if (rv == 1)
			outl = signature->length;
		/* Return value meanings:
		 * <=0: error.
		 *   1: method does everything.
		 *   2: carry on as normal.
		 *   3: ASN1 method sets algorithm identifiers: just sign.
		 */
		if (rv <= 0)
			ASN1error(ERR_R_EVP_LIB);
		if (rv <= 1)
			goto err;
	} else
		rv = 2;

	if (rv == 2) {
		if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
			if (!pkey->ameth ||
			    !OBJ_find_sigid_by_algs(&signid,
				EVP_MD_nid(type), pkey->ameth->pkey_id)) {

				ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
				return 0;
			}
		} else
			signid = type->pkey_type;

		if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
			paramtype = V_ASN1_NULL;
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
	}

	inl = ASN1_item_i2d(asn, &buf_in, it);
	outll = outl = EVP_PKEY_size(pkey);
	buf_out = malloc(outl);
	if ((buf_in == NULL) || (buf_out == NULL)) {
		outl = 0;
		ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ||
	    !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
		outl = 0;
		ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
		goto err;
	}
	free(signature->data);
	signature->data = buf_out;
	buf_out = NULL;
	signature->length = outl;
	/* In the interests of compatibility, I'll make sure that







|






|







201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
	}

	inl = ASN1_item_i2d(asn, &buf_in, it);
	outll = outl = EVP_PKEY_size(pkey);
	buf_out = malloc(outl);
	if ((buf_in == NULL) || (buf_out == NULL)) {
		outl = 0;
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ||
	    !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
		outl = 0;
		ASN1error(ERR_R_EVP_LIB);
		goto err;
	}
	free(signature->data);
	signature->data = buf_out;
	buf_out = NULL;
	signature->length = outl;
	/* In the interests of compatibility, I'll make sure that
Changes to jni/libressl/crypto/asn1/a_strex.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_strex.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_strex.c,v 1.25 2015/02/07 13:19:15 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/a_strnid.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_strnid.c,v 1.18 2014/10/28 05:46:55 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_strnid.c,v 1.21 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
197
198
199
200
201
202
203

204

205
206
207
208
209
210
211









212





213
214
215
216
217
218
219
static int
sk_table_cmp(const ASN1_STRING_TABLE * const *a,
    const ASN1_STRING_TABLE * const *b)
{
	return (*a)->nid - (*b)->nid;
}


DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);


static int
table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
{
	return a->nid - b->nid;
}










IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);






ASN1_STRING_TABLE *
ASN1_STRING_TABLE_get(int nid)
{
	int idx;
	ASN1_STRING_TABLE *ttmp;
	ASN1_STRING_TABLE fnd;







>
|
>







>
>
>
>
>
>
>
>
>
|
>
>
>
>
>







197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
static int
sk_table_cmp(const ASN1_STRING_TABLE * const *a,
    const ASN1_STRING_TABLE * const *b)
{
	return (*a)->nid - (*b)->nid;
}

static int table_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int table_cmp(ASN1_STRING_TABLE const *, ASN1_STRING_TABLE const *);
static ASN1_STRING_TABLE *OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num);

static int
table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
{
	return a->nid - b->nid;
}


static int
table_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	ASN1_STRING_TABLE const *a = a_;
	ASN1_STRING_TABLE const *b = b_;
	return table_cmp(a, b);
}

static ASN1_STRING_TABLE *
OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num)
{
	return (ASN1_STRING_TABLE *)OBJ_bsearch_(key, base, num, sizeof(ASN1_STRING_TABLE),
	    table_cmp_BSEARCH_CMP_FN);
}

ASN1_STRING_TABLE *
ASN1_STRING_TABLE_get(int nid)
{
	int idx;
	ASN1_STRING_TABLE *ttmp;
	ASN1_STRING_TABLE fnd;
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
	ASN1_STRING_TABLE *tmp;
	char new_nid = 0;

	flags &= ~STABLE_FLAGS_MALLOC;
	if (!stable)
		stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
	if (!stable) {
		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
		tmp = malloc(sizeof(ASN1_STRING_TABLE));
		if (!tmp) {
			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		tmp->flags = flags | STABLE_FLAGS_MALLOC;
		tmp->nid = nid;
		new_nid = 1;
	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
		if (minsize != -1)
		tmp->minsize = minsize;
	if (maxsize != -1)
		tmp->maxsize = maxsize;
	tmp->mask = mask;
	if (new_nid) {
		if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) {
			free(tmp);
			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	return 1;
}

void







|





<
|














<
|







254
255
256
257
258
259
260
261
262
263
264
265
266

267
268
269
270
271
272
273
274
275
276
277
278
279
280
281

282
283
284
285
286
287
288
289
	ASN1_STRING_TABLE *tmp;
	char new_nid = 0;

	flags &= ~STABLE_FLAGS_MALLOC;
	if (!stable)
		stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
	if (!stable) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
		tmp = malloc(sizeof(ASN1_STRING_TABLE));
		if (!tmp) {

			ASN1error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		tmp->flags = flags | STABLE_FLAGS_MALLOC;
		tmp->nid = nid;
		new_nid = 1;
	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
		if (minsize != -1)
		tmp->minsize = minsize;
	if (maxsize != -1)
		tmp->maxsize = maxsize;
	tmp->mask = mask;
	if (new_nid) {
		if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) {
			free(tmp);

			ASN1error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	return 1;
}

void
Changes to jni/libressl/crypto/asn1/a_time.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_time.c,v 1.26 2015/10/02 15:04:45 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_time.c,v 1.27 2015/10/19 16:32:37 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/asn1/a_time_tm.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_time_tm.c,v 1.8 2015/10/22 15:38:05 jsing Exp $ */
/*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_time_tm.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include "o_time.h"

#define RFC5280 0
#define GENTIME_LENGTH 15
#define UTCTIME_LENGTH 13

int
asn1_tm_cmp(struct tm *tm1, struct tm *tm2) {
	if (tm1->tm_year < tm2->tm_year)
		return (-1);
	if (tm1->tm_year > tm2->tm_year)
		return (1);
	if (tm1->tm_mon < tm2->tm_mon)
		return (-1);
	if (tm1->tm_mon > tm2->tm_mon)







|







26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include "o_time.h"

#define RFC5280 0
#define GENTIME_LENGTH 15
#define UTCTIME_LENGTH 13

int
ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) {
	if (tm1->tm_year < tm2->tm_year)
		return (-1);
	if (tm1->tm_year > tm2->tm_year)
		return (1);
	if (tm1->tm_mon < tm2->tm_mon)
		return (-1);
	if (tm1->tm_mon > tm2->tm_mon)
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
	return (ret);
}

/*
 * Parse an RFC 5280 format ASN.1 time string.
 *
 * mode must be:
 * 0 if we expect to parse a time as specified in RFC 5280 from an X509 object.
 * V_ASN1_UTCTIME if we wish to parse on RFC5280 format UTC time.
 * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time.
 *
 * Returns:
 * -1 if the string was invalid.
 * V_ASN1_UTCTIME if the string validated as a UTC time string.
 * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string.
 *
 * Fills in *tm with the corresponding time if tm is non NULL.
 */
#define	ATOI2(ar)	((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0'))
int
asn1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
{
	size_t i;
	int type = 0;
	struct tm ltm;
	struct tm *lt;
	const char *p;








|
|











|







113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
	return (ret);
}

/*
 * Parse an RFC 5280 format ASN.1 time string.
 *
 * mode must be:
 * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object.
 * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time.
 * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time.
 *
 * Returns:
 * -1 if the string was invalid.
 * V_ASN1_UTCTIME if the string validated as a UTC time string.
 * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string.
 *
 * Fills in *tm with the corresponding time if tm is non NULL.
 */
#define	ATOI2(ar)	((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0'))
int
ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
{
	size_t i;
	int type = 0;
	struct tm ltm;
	struct tm *lt;
	const char *p;

214
215
216
217
218
219
220
221
222
223
224
225
226
227
228

static int
ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
{
	int type;
	char *tmp;

	if ((type = asn1_time_parse(str, strlen(str), NULL, mode)) == -1)
		return (0);
	if (mode != 0 && mode != type)
		return (0);

	if (s == NULL)
		return (1);








|







214
215
216
217
218
219
220
221
222
223
224
225
226
227
228

static int
ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
{
	int type;
	char *tmp;

	if ((type = ASN1_time_parse(str, strlen(str), NULL, mode)) == -1)
		return (0);
	if (mode != 0 && mode != type)
		return (0);

	if (s == NULL)
		return (1);

263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
	case RFC5280:
		p = rfc5280_string_from_tm(&tm);
		break;
	default:
		return (NULL);
	}
	if (p == NULL) {
		ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
		    ASN1_R_ILLEGAL_TIME_VALUE);
		return (NULL);
	}

	if (s == NULL) {
		if ((s = ASN1_TIME_new()) == NULL)
			return (NULL);
		allocated = 1;







<
|







263
264
265
266
267
268
269

270
271
272
273
274
275
276
277
	case RFC5280:
		p = rfc5280_string_from_tm(&tm);
		break;
	default:
		return (NULL);
	}
	if (p == NULL) {

		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
		return (NULL);
	}

	if (s == NULL) {
		if ((s = ASN1_TIME_new()) == NULL)
			return (NULL);
		allocated = 1;
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
}

int
ASN1_TIME_check(ASN1_TIME *t)
{
	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
		return (0);
	return (t->type == asn1_time_parse(t->data, t->length, NULL, t->type));
}

ASN1_GENERALIZEDTIME *
ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
{
	ASN1_GENERALIZEDTIME *tmp = NULL;
	struct tm tm;
	char *str;

	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
		return (NULL);

	memset(&tm, 0, sizeof(tm));
	if (t->type != asn1_time_parse(t->data, t->length, &tm, t->type))
		return (NULL);
	if ((str = gentime_string_from_tm(&tm)) == NULL)
		return (NULL);

	if (out != NULL)
		tmp = *out;
	if (tmp == NULL && (tmp = ASN1_GENERALIZEDTIME_new()) == NULL) {







|













|







310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
}

int
ASN1_TIME_check(ASN1_TIME *t)
{
	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
		return (0);
	return (t->type == ASN1_time_parse(t->data, t->length, NULL, t->type));
}

ASN1_GENERALIZEDTIME *
ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
{
	ASN1_GENERALIZEDTIME *tmp = NULL;
	struct tm tm;
	char *str;

	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
		return (NULL);

	memset(&tm, 0, sizeof(tm));
	if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type))
		return (NULL);
	if ((str = gentime_string_from_tm(&tm)) == NULL)
		return (NULL);

	if (out != NULL)
		tmp = *out;
	if (tmp == NULL && (tmp = ASN1_GENERALIZEDTIME_new()) == NULL) {
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
 */

int
ASN1_UTCTIME_check(ASN1_UTCTIME *d)
{
	if (d->type != V_ASN1_UTCTIME)
		return (0);
	return (d->type == asn1_time_parse(d->data, d->length, NULL, d->type));
}

int
ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
{
	if (s != NULL && s->type != V_ASN1_UTCTIME)
		return (0);







|







359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
 */

int
ASN1_UTCTIME_check(ASN1_UTCTIME *d)
{
	if (d->type != V_ASN1_UTCTIME)
		return (0);
	return (d->type == ASN1_time_parse(d->data, d->length, NULL, d->type));
}

int
ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
{
	if (s != NULL && s->type != V_ASN1_UTCTIME)
		return (0);
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
	 * and should be deprecated. The OpenSSL version used to
	 * simply follow NULL pointers on failure. BoringSSL and
	 * OpenSSL now make it return -2 on failure.
	 *
	 * The danger is that users of this function will not
	 * differentiate the -2 failure case from t1 < t2.
	 */
	if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
		return (-2); /* XXX */

	if (gmtime_r(&t2, &tm2) == NULL)
		return (-2); /* XXX */

	return asn1_tm_cmp(&tm1, &tm2);
}

/*
 * ASN1_GENERALIZEDTIME wrappers
 */

int
ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
{
	if (d->type != V_ASN1_GENERALIZEDTIME)
		return (0);
	return (d->type == asn1_time_parse(d->data, d->length, NULL, d->type));
}

int
ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
{
	if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME)
		return (0);







|





|











|







397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
	 * and should be deprecated. The OpenSSL version used to
	 * simply follow NULL pointers on failure. BoringSSL and
	 * OpenSSL now make it return -2 on failure.
	 *
	 * The danger is that users of this function will not
	 * differentiate the -2 failure case from t1 < t2.
	 */
	if (ASN1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
		return (-2); /* XXX */

	if (gmtime_r(&t2, &tm2) == NULL)
		return (-2); /* XXX */

	return ASN1_time_tm_cmp(&tm1, &tm2);
}

/*
 * ASN1_GENERALIZEDTIME wrappers
 */

int
ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
{
	if (d->type != V_ASN1_GENERALIZEDTIME)
		return (0);
	return (d->type == ASN1_time_parse(d->data, d->length, NULL, d->type));
}

int
ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
{
	if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME)
		return (0);
Changes to jni/libressl/crypto/asn1/a_type.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_type.c,v 1.18 2016/05/04 14:53:29 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_type.c,v 1.19 2016/05/04 15:00:24 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/a_utf8.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_utf8.c,v 1.7 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_utf8.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/a_verify.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: a_verify.c,v 1.21 2015/01/28 04:14:31 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: a_verify.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
	EVP_MD_CTX ctx;
	unsigned char *buf_in = NULL;
	int ret = -1, inl;

	int mdnid, pknid;

	if (!pkey) {
		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
		return -1;
	}

	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
	{
		ASN1err(ASN1_F_ASN1_VERIFY,
		    ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
		return -1;
	}

	EVP_MD_CTX_init(&ctx);

	/* Convert signature OID into digest and public key OIDs */
	if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
		    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
		goto err;
	}
	if (mdnid == NID_undef) {
		if (!pkey->ameth || !pkey->ameth->item_verify) {
			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
			    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
			goto err;
		}
		ret = pkey->ameth->item_verify(&ctx, it, asn, a,
		    signature, pkey);
		/* Return value of 2 means carry on, anything else means we
		 * exit straight away: either a fatal error of the underlying
		 * verification routine handles all verification.
		 */
		if (ret != 2)
			goto err;
		ret = -1;
	} else {
		const EVP_MD *type;
		type = EVP_get_digestbynid(mdnid);
		if (type == NULL) {
			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
			    ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
			goto err;
		}

		/* Check public key OID matches public key type */
		if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
			    ASN1_R_WRONG_PUBLIC_KEY_TYPE);
			goto err;
		}

		if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
			ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
			ret = 0;
			goto err;
		}

	}

	inl = ASN1_item_i2d(asn, &buf_in, it);

	if (buf_in == NULL) {
		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
		ret = 0;
		goto err;
	}

	explicit_bzero(buf_in, (unsigned int)inl);
	free(buf_in);

	if (EVP_DigestVerifyFinal(&ctx, signature->data,
	    (size_t)signature->length) <= 0) {
		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
		ret = 0;
		goto err;
	}
	/* we don't need to zero the 'ctx' because we just checked
	 * public information */
	/* memset(&ctx,0,sizeof(ctx)); */
	ret = 1;

err:
	EVP_MD_CTX_cleanup(&ctx);
	return (ret);
}







|





<
|







<
|




<
|















<
|





<
|




|









|




|









|












78
79
80
81
82
83
84
85
86
87
88
89
90

91
92
93
94
95
96
97
98

99
100
101
102
103

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120
121
122
123
124
125

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
	EVP_MD_CTX ctx;
	unsigned char *buf_in = NULL;
	int ret = -1, inl;

	int mdnid, pknid;

	if (!pkey) {
		ASN1error(ERR_R_PASSED_NULL_PARAMETER);
		return -1;
	}

	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
	{

		ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
		return -1;
	}

	EVP_MD_CTX_init(&ctx);

	/* Convert signature OID into digest and public key OIDs */
	if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {

		ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
		goto err;
	}
	if (mdnid == NID_undef) {
		if (!pkey->ameth || !pkey->ameth->item_verify) {

			ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
			goto err;
		}
		ret = pkey->ameth->item_verify(&ctx, it, asn, a,
		    signature, pkey);
		/* Return value of 2 means carry on, anything else means we
		 * exit straight away: either a fatal error of the underlying
		 * verification routine handles all verification.
		 */
		if (ret != 2)
			goto err;
		ret = -1;
	} else {
		const EVP_MD *type;
		type = EVP_get_digestbynid(mdnid);
		if (type == NULL) {

			ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
			goto err;
		}

		/* Check public key OID matches public key type */
		if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {

			ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE);
			goto err;
		}

		if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
			ASN1error(ERR_R_EVP_LIB);
			ret = 0;
			goto err;
		}

	}

	inl = ASN1_item_i2d(asn, &buf_in, it);

	if (buf_in == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
		ASN1error(ERR_R_EVP_LIB);
		ret = 0;
		goto err;
	}

	explicit_bzero(buf_in, (unsigned int)inl);
	free(buf_in);

	if (EVP_DigestVerifyFinal(&ctx, signature->data,
	    (size_t)signature->length) <= 0) {
		ASN1error(ERR_R_EVP_LIB);
		ret = 0;
		goto err;
	}
	/* we don't need to zero the 'ctx' because we just checked
	 * public information */
	/* memset(&ctx,0,sizeof(ctx)); */
	ret = 1;

err:
	EVP_MD_CTX_cleanup(&ctx);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/ameth_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ameth_lib.c,v 1.14 2014/07/13 16:03:09 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ameth_lib.c,v 1.16 2017/01/21 04:31:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
110
111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
126




127
128









129
130
131
132
133
134
135
#endif
};

typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;

DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
    const EVP_PKEY_ASN1_METHOD *, ameth);


static int
ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
    const EVP_PKEY_ASN1_METHOD * const *b)
{
	return ((*a)->pkey_id - (*b)->pkey_id);
}





IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
    const EVP_PKEY_ASN1_METHOD *, ameth);










int
EVP_PKEY_asn1_get_count(void)
{
	int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *);
	if (app_methods)
		num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);







|
|
>








>
>
>
>
|
|
>
>
>
>
>
>
>
>
>







110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#endif
};

typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;

static int ameth_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *, const EVP_PKEY_ASN1_METHOD * const *);
static const EVP_PKEY_ASN1_METHOD * *OBJ_bsearch_ameth(const EVP_PKEY_ASN1_METHOD * *key, const EVP_PKEY_ASN1_METHOD * const *base, int num);

static int
ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
    const EVP_PKEY_ASN1_METHOD * const *b)
{
	return ((*a)->pkey_id - (*b)->pkey_id);
}


static int
ameth_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const EVP_PKEY_ASN1_METHOD * const *a = a_;
	const EVP_PKEY_ASN1_METHOD * const *b = b_;
	return ameth_cmp(a, b);
}

static const EVP_PKEY_ASN1_METHOD * *
OBJ_bsearch_ameth(const EVP_PKEY_ASN1_METHOD * *key, const EVP_PKEY_ASN1_METHOD * const *base, int num)
{
	return (const EVP_PKEY_ASN1_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const EVP_PKEY_ASN1_METHOD *),
	    ameth_cmp_BSEARCH_CMP_FN);
}

int
EVP_PKEY_asn1_get_count(void)
{
	int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *);
	if (app_methods)
		num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
Changes to jni/libressl/crypto/asn1/asn1_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_err.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)

static ERR_STRING_DATA ASN1_str_functs[] = {
	{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
	{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
	{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
	{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
	{ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
	{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
	{ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
	{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
	{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
	{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
	{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
	{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
	{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
	{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
	{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
	{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
	{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
	{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
	{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
	{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
	{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
	{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
	{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
	{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
	{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"},
	{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
	{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
	{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
	{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
	{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
	{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
	{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
	{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
	{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
	{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"},
	{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
	{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
	{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
	{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
	{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
	{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
	{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
	{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
	{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
	{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
	{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
	{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
	{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
	{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
	{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
	{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
	{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
	{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
	{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
	{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
	{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
	{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
	{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
	{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
	{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
	{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
	{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
	{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
	{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
	{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
	{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
	{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
	{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
	{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
	{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
	{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
	{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
	{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
	{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
	{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
	{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
	{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
	{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
	{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
	{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
	{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
	{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
	{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
	{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
	{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
	{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
	{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
	{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
	{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
	{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
	{ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
	{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
	{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
	{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
	{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
	{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
	{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
	{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
	{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
	{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
	{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
	{0, NULL}
};

static ERR_STRING_DATA ASN1_str_reasons[] = {
	{ERR_REASON(ASN1_R_ADDING_OBJECT)        , "adding object"},
	{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     , "asn1 parse error"},
	{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) , "asn1 sig parse error"},







<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74






75


















































































































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)

static ERR_STRING_DATA ASN1_str_functs[] = {






	{ERR_FUNC(0xfff), "CRYPTO_internal"},


















































































































	{0, NULL}
};

static ERR_STRING_DATA ASN1_str_reasons[] = {
	{ERR_REASON(ASN1_R_ADDING_OBJECT)        , "adding object"},
	{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     , "asn1 parse error"},
	{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) , "asn1 sig parse error"},
Changes to jni/libressl/crypto/asn1/asn1_gen.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_gen.c,v 1.14 2015/07/18 14:40:59 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
	asn1_tags.exp_count = 0;
	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
		return NULL;

	if ((asn1_tags.utype == V_ASN1_SEQUENCE) ||
	    (asn1_tags.utype == V_ASN1_SET)) {
		if (!cnf) {
			ASN1err(ASN1_F_ASN1_GENERATE_V3,
			    ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
			return NULL;
		}
		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
	} else
		ret = asn1_str2type(asn1_tags.str, asn1_tags.format,
		    asn1_tags.utype);








<
|







156
157
158
159
160
161
162

163
164
165
166
167
168
169
170
	asn1_tags.exp_count = 0;
	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
		return NULL;

	if ((asn1_tags.utype == V_ASN1_SEQUENCE) ||
	    (asn1_tags.utype == V_ASN1_SET)) {
		if (!cnf) {

			ASN1error(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
			return NULL;
		}
		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
	} else
		ret = asn1_str2type(asn1_tags.str, asn1_tags.format,
		    asn1_tags.utype);

286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
			break;
		}
	}

	utype = asn1_str2tag(elem, len);

	if (utype == -1) {
		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
		ERR_asprintf_error_data("tag=%s", elem);
		return -1;
	}

	/* If this is not a modifier mark end of string and exit */
	if (!(utype & ASN1_GEN_FLAG)) {
		arg->utype = utype;
		arg->str = vstart;
		/* If no value and not end of string, error */
		if (!vstart && elem[len]) {
			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
			return -1;
		}
		return 0;
	}

	switch (utype) {

	case ASN1_GEN_FLAG_IMP:
		/* Check for illegal multiple IMPLICIT tagging */
		if (arg->imp_tag != -1) {
			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
			return -1;
		}
		if (!parse_tagging(vstart, vlen, &arg->imp_tag,
		    &arg->imp_class))
			return -1;
		break;








|










|










|







285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
			break;
		}
	}

	utype = asn1_str2tag(elem, len);

	if (utype == -1) {
		ASN1error(ASN1_R_UNKNOWN_TAG);
		ERR_asprintf_error_data("tag=%s", elem);
		return -1;
	}

	/* If this is not a modifier mark end of string and exit */
	if (!(utype & ASN1_GEN_FLAG)) {
		arg->utype = utype;
		arg->str = vstart;
		/* If no value and not end of string, error */
		if (!vstart && elem[len]) {
			ASN1error(ASN1_R_MISSING_VALUE);
			return -1;
		}
		return 0;
	}

	switch (utype) {

	case ASN1_GEN_FLAG_IMP:
		/* Check for illegal multiple IMPLICIT tagging */
		if (arg->imp_tag != -1) {
			ASN1error(ASN1_R_ILLEGAL_NESTED_TAGGING);
			return -1;
		}
		if (!parse_tagging(vstart, vlen, &arg->imp_tag,
		    &arg->imp_class))
			return -1;
		break;

345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
	case ASN1_GEN_FLAG_OCTWRAP:
		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
			return -1;
		break;

	case ASN1_GEN_FLAG_FORMAT:
		if (vstart == NULL) {
			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_FORMAT);
			return -1;
		}
		if (!strncmp(vstart, "ASCII", 5))
			arg->format = ASN1_GEN_FORMAT_ASCII;
		else if (!strncmp(vstart, "UTF8", 4))
			arg->format = ASN1_GEN_FORMAT_UTF8;
		else if (!strncmp(vstart, "HEX", 3))
			arg->format = ASN1_GEN_FORMAT_HEX;
		else if (!strncmp(vstart, "BITLIST", 7))
			arg->format = ASN1_GEN_FORMAT_BITLIST;
		else {
			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
			return -1;
		}
		break;

	}

	return 1;







|











|







344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
	case ASN1_GEN_FLAG_OCTWRAP:
		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
			return -1;
		break;

	case ASN1_GEN_FLAG_FORMAT:
		if (vstart == NULL) {
			ASN1error(ASN1_R_ILLEGAL_FORMAT);
			return -1;
		}
		if (!strncmp(vstart, "ASCII", 5))
			arg->format = ASN1_GEN_FORMAT_ASCII;
		else if (!strncmp(vstart, "UTF8", 4))
			arg->format = ASN1_GEN_FORMAT_UTF8;
		else if (!strncmp(vstart, "HEX", 3))
			arg->format = ASN1_GEN_FORMAT_HEX;
		else if (!strncmp(vstart, "BITLIST", 7))
			arg->format = ASN1_GEN_FORMAT_BITLIST;
		else {
			ASN1error(ASN1_R_UNKOWN_FORMAT);
			return -1;
		}
		break;

	}

	return 1;
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
	if (!vstart)
		return 0;
	tag_num = strtoul(vstart, &eptr, 10);
	/* Check we haven't gone past max length: should be impossible */
	if (eptr && *eptr && (eptr > vstart + vlen))
		return 0;
	if (tag_num < 0) {
		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
		return 0;
	}
	*ptag = tag_num;
	/* If we have non numeric characters, parse them */
	if (eptr)
		vlen -= eptr - vstart;
	else







|







379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
	if (!vstart)
		return 0;
	tag_num = strtoul(vstart, &eptr, 10);
	/* Check we haven't gone past max length: should be impossible */
	if (eptr && *eptr && (eptr > vstart + vlen))
		return 0;
	if (tag_num < 0) {
		ASN1error(ASN1_R_INVALID_NUMBER);
		return 0;
	}
	*ptag = tag_num;
	/* If we have non numeric characters, parse them */
	if (eptr)
		vlen -= eptr - vstart;
	else
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
			break;

		case 'C':
			*pclass = V_ASN1_CONTEXT_SPECIFIC;
			break;

		default:
			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
			ERR_asprintf_error_data("Char=%c", *eptr);
			return 0;
			break;

		}
	} else
		*pclass = V_ASN1_CONTEXT_SPECIFIC;







|







408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
			break;

		case 'C':
			*pclass = V_ASN1_CONTEXT_SPECIFIC;
			break;

		default:
			ASN1error(ASN1_R_INVALID_MODIFIER);
			ERR_asprintf_error_data("Char=%c", *eptr);
			return 0;
			break;

		}
	} else
		*pclass = V_ASN1_CONTEXT_SPECIFIC;
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed,
    int exp_pad, int imp_ok)
{
	tag_exp_type *exp_tmp;

	/* Can only have IMPLICIT if permitted */
	if ((arg->imp_tag != -1) && !imp_ok) {
		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
		return 0;
	}

	if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
		return 0;
	}

	exp_tmp = &arg->exp_list[arg->exp_count++];

	/* If IMPLICIT set tag to implicit value then
	 * reset implicit tag since it has been used.







|




|







492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed,
    int exp_pad, int imp_ok)
{
	tag_exp_type *exp_tmp;

	/* Can only have IMPLICIT if permitted */
	if ((arg->imp_tag != -1) && !imp_ok) {
		ASN1error(ASN1_R_ILLEGAL_IMPLICIT_TAG);
		return 0;
	}

	if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
		ASN1error(ASN1_R_DEPTH_EXCEEDED);
		return 0;
	}

	exp_tmp = &arg->exp_list[arg->exp_count++];

	/* If IMPLICIT set tag to implicit value then
	 * reset implicit tag since it has been used.
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
	ASN1_TYPE *atmp = NULL;
	CONF_VALUE vtmp;
	unsigned char *rdata;
	long rdlen;
	int no_unused = 1;

	if (!(atmp = ASN1_TYPE_new())) {
		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!str)
		str = "";

	switch (utype) {

	case V_ASN1_NULL:
		if (str && *str) {
			ASN1err(ASN1_F_ASN1_STR2TYPE,
			    ASN1_R_ILLEGAL_NULL_VALUE);
			goto bad_form;
		}
		break;

	case V_ASN1_BOOLEAN:
		if (format != ASN1_GEN_FORMAT_ASCII) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		vtmp.name = NULL;
		vtmp.section = NULL;
		vtmp.value = (char *)str;
		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
			goto bad_str;
		}
		break;

	case V_ASN1_INTEGER:
	case V_ASN1_ENUMERATED:
		if (format != ASN1_GEN_FORMAT_ASCII) {
			ASN1err(ASN1_F_ASN1_STR2TYPE,
			    ASN1_R_INTEGER_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		if (!(atmp->value.integer =
		    s2i_ASN1_INTEGER(NULL, (char *)str))) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
			goto bad_str;
		}
		break;

	case V_ASN1_OBJECT:
		if (format != ASN1_GEN_FORMAT_ASCII) {
			ASN1err(ASN1_F_ASN1_STR2TYPE,
			    ASN1_R_OBJECT_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
			goto bad_str;
		}
		break;

	case V_ASN1_UTCTIME:
	case V_ASN1_GENERALIZEDTIME:
		if (format != ASN1_GEN_FORMAT_ASCII) {
			ASN1err(ASN1_F_ASN1_STR2TYPE,
			    ASN1_R_TIME_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
			goto bad_str;
		}
		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
			goto bad_str;
		}
		atmp->value.asn1_string->type = utype;
		if (!ASN1_TIME_check(atmp->value.asn1_string)) {
			ASN1err(ASN1_F_ASN1_STR2TYPE,
			    ASN1_R_ILLEGAL_TIME_VALUE);
			goto bad_str;
		}
		break;

	case V_ASN1_BMPSTRING:
	case V_ASN1_PRINTABLESTRING:
	case V_ASN1_IA5STRING:
	case V_ASN1_T61STRING:
	case V_ASN1_UTF8STRING:
	case V_ASN1_VISIBLESTRING:
	case V_ASN1_UNIVERSALSTRING:
	case V_ASN1_GENERALSTRING:
	case V_ASN1_NUMERICSTRING:

		if (format == ASN1_GEN_FORMAT_ASCII)
			format = MBSTRING_ASC;
		else if (format == ASN1_GEN_FORMAT_UTF8)
			format = MBSTRING_UTF8;
		else {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
			goto bad_form;
		}

		if (ASN1_mbstring_copy(&atmp->value.asn1_string,
		    (unsigned char *)str, -1, format,
		    ASN1_tag2bit(utype)) <= 0) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
			goto bad_str;
		}
		break;

	case V_ASN1_BIT_STRING:
	case V_ASN1_OCTET_STRING:
		if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
			goto bad_form;
		}

		if (format == ASN1_GEN_FORMAT_HEX) {

			if (!(rdata = string_to_hex((char *)str, &rdlen))) {
				ASN1err(ASN1_F_ASN1_STR2TYPE,
				    ASN1_R_ILLEGAL_HEX);
				goto bad_str;
			}

			atmp->value.asn1_string->data = rdata;
			atmp->value.asn1_string->length = rdlen;
			atmp->value.asn1_string->type = utype;

		} else if (format == ASN1_GEN_FORMAT_ASCII) {
			if (ASN1_STRING_set(atmp->value.asn1_string, str,
			    -1) == 0) {
				ASN1err(ASN1_F_ASN1_STR2TYPE,
				    ERR_R_MALLOC_FAILURE);
				goto bad_str;
			}
		} else if ((format == ASN1_GEN_FORMAT_BITLIST) &&
		    (utype == V_ASN1_BIT_STRING)) {
			if (!CONF_parse_list(str, ',', 1, bitstr_cb,
			    atmp->value.bit_string)) {
				ASN1err(ASN1_F_ASN1_STR2TYPE,
				    ASN1_R_LIST_ERROR);
				goto bad_str;
			}
			no_unused = 0;

		} else {
			ASN1err(ASN1_F_ASN1_STR2TYPE,
			    ASN1_R_ILLEGAL_BITSTRING_FORMAT);
			goto bad_form;
		}

		if ((utype == V_ASN1_BIT_STRING) && no_unused) {
			atmp->value.asn1_string->flags &=
			    ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
			atmp->value.asn1_string->flags |=
			    ASN1_STRING_FLAG_BITS_LEFT;
		}

		break;

	default:
		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
		goto bad_str;
		break;
	}

	atmp->type = utype;
	return atmp;








|










<
|






|






|







<
|




|






<
|



|







<
|



|



|




<
|



















|






|







|






<
|










<
|






<
|





<
|













|







609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626

627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648

649
650
651
652
653
654
655
656
657
658
659
660

661
662
663
664
665
666
667
668
669
670
671
672

673
674
675
676
677
678
679
680
681
682
683
684
685

686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727

728
729
730
731
732
733
734
735
736
737
738

739
740
741
742
743
744
745

746
747
748
749
750
751

752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
	ASN1_TYPE *atmp = NULL;
	CONF_VALUE vtmp;
	unsigned char *rdata;
	long rdlen;
	int no_unused = 1;

	if (!(atmp = ASN1_TYPE_new())) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!str)
		str = "";

	switch (utype) {

	case V_ASN1_NULL:
		if (str && *str) {

			ASN1error(ASN1_R_ILLEGAL_NULL_VALUE);
			goto bad_form;
		}
		break;

	case V_ASN1_BOOLEAN:
		if (format != ASN1_GEN_FORMAT_ASCII) {
			ASN1error(ASN1_R_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		vtmp.name = NULL;
		vtmp.section = NULL;
		vtmp.value = (char *)str;
		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
			ASN1error(ASN1_R_ILLEGAL_BOOLEAN);
			goto bad_str;
		}
		break;

	case V_ASN1_INTEGER:
	case V_ASN1_ENUMERATED:
		if (format != ASN1_GEN_FORMAT_ASCII) {

			ASN1error(ASN1_R_INTEGER_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		if (!(atmp->value.integer =
		    s2i_ASN1_INTEGER(NULL, (char *)str))) {
			ASN1error(ASN1_R_ILLEGAL_INTEGER);
			goto bad_str;
		}
		break;

	case V_ASN1_OBJECT:
		if (format != ASN1_GEN_FORMAT_ASCII) {

			ASN1error(ASN1_R_OBJECT_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
			ASN1error(ASN1_R_ILLEGAL_OBJECT);
			goto bad_str;
		}
		break;

	case V_ASN1_UTCTIME:
	case V_ASN1_GENERALIZEDTIME:
		if (format != ASN1_GEN_FORMAT_ASCII) {

			ASN1error(ASN1_R_TIME_NOT_ASCII_FORMAT);
			goto bad_form;
		}
		if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto bad_str;
		}
		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto bad_str;
		}
		atmp->value.asn1_string->type = utype;
		if (!ASN1_TIME_check(atmp->value.asn1_string)) {

			ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
			goto bad_str;
		}
		break;

	case V_ASN1_BMPSTRING:
	case V_ASN1_PRINTABLESTRING:
	case V_ASN1_IA5STRING:
	case V_ASN1_T61STRING:
	case V_ASN1_UTF8STRING:
	case V_ASN1_VISIBLESTRING:
	case V_ASN1_UNIVERSALSTRING:
	case V_ASN1_GENERALSTRING:
	case V_ASN1_NUMERICSTRING:

		if (format == ASN1_GEN_FORMAT_ASCII)
			format = MBSTRING_ASC;
		else if (format == ASN1_GEN_FORMAT_UTF8)
			format = MBSTRING_UTF8;
		else {
			ASN1error(ASN1_R_ILLEGAL_FORMAT);
			goto bad_form;
		}

		if (ASN1_mbstring_copy(&atmp->value.asn1_string,
		    (unsigned char *)str, -1, format,
		    ASN1_tag2bit(utype)) <= 0) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto bad_str;
		}
		break;

	case V_ASN1_BIT_STRING:
	case V_ASN1_OCTET_STRING:
		if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto bad_form;
		}

		if (format == ASN1_GEN_FORMAT_HEX) {

			if (!(rdata = string_to_hex((char *)str, &rdlen))) {

				ASN1error(ASN1_R_ILLEGAL_HEX);
				goto bad_str;
			}

			atmp->value.asn1_string->data = rdata;
			atmp->value.asn1_string->length = rdlen;
			atmp->value.asn1_string->type = utype;

		} else if (format == ASN1_GEN_FORMAT_ASCII) {
			if (ASN1_STRING_set(atmp->value.asn1_string, str,
			    -1) == 0) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto bad_str;
			}
		} else if ((format == ASN1_GEN_FORMAT_BITLIST) &&
		    (utype == V_ASN1_BIT_STRING)) {
			if (!CONF_parse_list(str, ',', 1, bitstr_cb,
			    atmp->value.bit_string)) {

				ASN1error(ASN1_R_LIST_ERROR);
				goto bad_str;
			}
			no_unused = 0;

		} else {

			ASN1error(ASN1_R_ILLEGAL_BITSTRING_FORMAT);
			goto bad_form;
		}

		if ((utype == V_ASN1_BIT_STRING) && no_unused) {
			atmp->value.asn1_string->flags &=
			    ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
			atmp->value.asn1_string->flags |=
			    ASN1_STRING_FLAG_BITS_LEFT;
		}

		break;

	default:
		ASN1error(ASN1_R_UNSUPPORTED_TYPE);
		goto bad_str;
		break;
	}

	atmp->type = utype;
	return atmp;

796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811

	if (!elem)
		return 0;
	bitnum = strtoul(elem, &eptr, 10);
	if (eptr && *eptr && (eptr != elem + len))
		return 0;
	if (bitnum < 0) {
		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
		return 0;
	}
	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}







|



|




786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801

	if (!elem)
		return 0;
	bitnum = strtoul(elem, &eptr, 10);
	if (eptr && *eptr && (eptr != elem + len))
		return 0;
	if (bitnum < 0) {
		ASN1error(ASN1_R_INVALID_NUMBER);
		return 0;
	}
	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}
Changes to jni/libressl/crypto/asn1/asn1_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_lib.c,v 1.36 2015/07/29 14:53:20 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_lib.c,v 1.38 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
	if (!asn1_get_length(&p, &inf, plength, (int)max))
		goto err;

	if (inf && !(ret & V_ASN1_CONSTRUCTED))
		goto err;

	if (*plength > (omax - (p - *pp))) {
		ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
		/* Set this so that even if things are not long enough
		 * the values are set correctly */
		ret |= 0x80;
	}
	*pp = p;
	return (ret | inf);

err:
	ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
	return (0x80);
}

static int
asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
{
	const unsigned char *p= *pp;







|








|







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
	if (!asn1_get_length(&p, &inf, plength, (int)max))
		goto err;

	if (inf && !(ret & V_ASN1_CONSTRUCTED))
		goto err;

	if (*plength > (omax - (p - *pp))) {
		ASN1error(ASN1_R_TOO_LONG);
		/* Set this so that even if things are not long enough
		 * the values are set correctly */
		ret |= 0x80;
	}
	*pp = p;
	return (ret | inf);

err:
	ASN1error(ASN1_R_HEADER_TOO_LONG);
	return (0x80);
}

static int
asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
{
	const unsigned char *p= *pp;
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
		else
			len = strlen(data);
	}
	if ((str->length < len) || (str->data == NULL)) {
		unsigned char *tmp;
		tmp = realloc(str->data, len + 1);
		if (tmp == NULL) {
			ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
			return (0);
		}
		str->data = tmp;
	}
	str->length = len;
	if (data != NULL) {
		memmove(str->data, data, len);







|







381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
		else
			len = strlen(data);
	}
	if ((str->length < len) || (str->data == NULL)) {
		unsigned char *tmp;
		tmp = realloc(str->data, len + 1);
		if (tmp == NULL) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			return (0);
		}
		str->data = tmp;
	}
	str->length = len;
	if (data != NULL) {
		memmove(str->data, data, len);
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
ASN1_STRING *
ASN1_STRING_type_new(int type)
{
	ASN1_STRING *ret;

	ret = malloc(sizeof(ASN1_STRING));
	if (ret == NULL) {
		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->length = 0;
	ret->type = type;
	ret->data = NULL;
	ret->flags = 0;
	return (ret);







|







417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
ASN1_STRING *
ASN1_STRING_type_new(int type)
{
	ASN1_STRING *ret;

	ret = malloc(sizeof(ASN1_STRING));
	if (ret == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->length = 0;
	ret->type = type;
	ret->data = NULL;
	ret->flags = 0;
	return (ret);
Changes to jni/libressl/crypto/asn1/asn1_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_locl.h,v 1.6 2015/10/02 15:04:45 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_locl.h,v 1.8 2016/12/21 15:49:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
51
52
53
54
55
56
57


58
59
60
61
62
63
64
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */



/* Internal ASN1 structures and functions: not for application use */

/* ASN1 print context structure */

struct asn1_pctx_st {
	unsigned long flags;







>
>







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

__BEGIN_HIDDEN_DECLS

/* Internal ASN1 structures and functions: not for application use */

/* ASN1 print context structure */

struct asn1_pctx_st {
	unsigned long flags;
145
146
147
148
149
150
151


#define	UNICODE_SURROGATE_MAX	0x00DFFF

#define	UNICODE_IS_SURROGATE(x) \
	((x) >= UNICODE_SURROGATE_MIN && (x) <= UNICODE_SURROGATE_MAX)

int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
int UTF8_putc(unsigned char *str, int len, unsigned long value);









>
>
147
148
149
150
151
152
153
154
155
#define	UNICODE_SURROGATE_MAX	0x00DFFF

#define	UNICODE_IS_SURROGATE(x) \
	((x) >= UNICODE_SURROGATE_MIN && (x) <= UNICODE_SURROGATE_MAX)

int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
int UTF8_putc(unsigned char *str, int len, unsigned long value);

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/asn1/asn1_par.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_par.c,v 1.24 2015/09/30 18:41:06 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_par.c,v 1.25 2015/09/30 19:01:14 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/asn_mime.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn_mime.c,v 1.25 2015/02/10 11:22:21 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn_mime.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
    const ASN1_ITEM *it)
{
	/* If streaming create stream BIO and copy all content through it */
	if (flags & SMIME_STREAM) {
		BIO *bio, *tbio;
		bio = BIO_new_NDEF(out, val, it);
		if (!bio) {
			ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		SMIME_crlf_copy(in, bio, flags);
		(void)BIO_flush(bio);
		/* Free up successive BIOs until we hit the old output BIO */
		do {
			tbio = BIO_pop(bio);







<
|







118
119
120
121
122
123
124

125
126
127
128
129
130
131
132
    const ASN1_ITEM *it)
{
	/* If streaming create stream BIO and copy all content through it */
	if (flags & SMIME_STREAM) {
		BIO *bio, *tbio;
		bio = BIO_new_NDEF(out, val, it);
		if (!bio) {

			ASN1error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		SMIME_crlf_copy(in, bio, flags);
		(void)BIO_flush(bio);
		/* Free up successive BIOs until we hit the old output BIO */
		do {
			tbio = BIO_pop(bio);
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
    const ASN1_ITEM *it)
{
	BIO *b64;
	int r;

	b64 = BIO_new(BIO_f_base64());
	if (!b64) {
		ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	/* prepend the b64 BIO so all data is base64 encoded.
	 */
	out = BIO_push(b64, out);
	r = i2d_ASN1_bio_stream(out, val, in, flags, it);
	(void)BIO_flush(out);







|







149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
    const ASN1_ITEM *it)
{
	BIO *b64;
	int r;

	b64 = BIO_new(BIO_f_base64());
	if (!b64) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	/* prepend the b64 BIO so all data is base64 encoded.
	 */
	out = BIO_push(b64, out);
	r = i2d_ASN1_bio_stream(out, val, in, flags, it);
	(void)BIO_flush(out);
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203

static ASN1_VALUE *
b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
{
	BIO *b64;
	ASN1_VALUE *val;
	if (!(b64 = BIO_new(BIO_f_base64()))) {
		ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	bio = BIO_push(b64, bio);
	val = ASN1_item_d2i_bio(it, bio, NULL);
	if (!val)
		ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
	(void)BIO_flush(bio);
	bio = BIO_pop(bio);
	BIO_free(b64);
	return val;
}

/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */







|





|







182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202

static ASN1_VALUE *
b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
{
	BIO *b64;
	ASN1_VALUE *val;
	if (!(b64 = BIO_new(BIO_f_base64()))) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	bio = BIO_push(b64, bio);
	val = ASN1_item_d2i_bio(it, bio, NULL);
	if (!val)
		ASN1error(ASN1_R_DECODE_ERROR);
	(void)BIO_flush(bio);
	bio = BIO_pop(bio);
	BIO_free(b64);
	return val;
}

/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
	 */
	if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
		SMIME_crlf_copy(data, out, flags);
		return 1;
	}

	if (!aux || !aux->asn1_cb) {
		ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
		    ASN1_R_STREAMING_NOT_SUPPORTED);
		return 0;
	}

	sarg.out = out;
	sarg.ndef_bio = NULL;
	sarg.boundary = NULL;








<
|







383
384
385
386
387
388
389

390
391
392
393
394
395
396
397
	 */
	if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
		SMIME_crlf_copy(data, out, flags);
		return 1;
	}

	if (!aux || !aux->asn1_cb) {

		ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
		return 0;
	}

	sarg.out = out;
	sarg.ndef_bio = NULL;
	sarg.boundary = NULL;

436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
	ASN1_VALUE *val;
	int ret;

	if (bcont)
		*bcont = NULL;

	if (!(headers = mime_parse_hdr(bio))) {
		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
		return NULL;
	}

	if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
		return NULL;
	}

	/* Handle multipart/signed */

	if (!strcmp(hdr->value, "multipart/signed")) {
		/* Split into two parts */
		prm = mime_param_find(hdr, "boundary");
		if (!prm || !prm->param_value) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			ASN1err(ASN1_F_SMIME_READ_ASN1,
			    ASN1_R_NO_MULTIPART_BOUNDARY);
			return NULL;
		}
		ret = multi_split(bio, prm->param_value, &parts);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		if (!ret || (sk_BIO_num(parts) != 2) ) {
			ASN1err(ASN1_F_SMIME_READ_ASN1,
			    ASN1_R_NO_MULTIPART_BODY_FAILURE);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		/* Parse the signature piece */
		asnin = sk_BIO_value(parts, 1);

		if (!(headers = mime_parse_hdr(asnin))) {
			ASN1err(ASN1_F_SMIME_READ_ASN1,
			    ASN1_R_MIME_SIG_PARSE_ERROR);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		/* Get content type */

		if (!(hdr = mime_hdr_find(headers, "content-type")) ||
		    !hdr->value) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			sk_BIO_pop_free(parts, BIO_vfree);
			ASN1err(ASN1_F_SMIME_READ_ASN1,
			    ASN1_R_NO_SIG_CONTENT_TYPE);
			return NULL;
		}

		if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
		    strcmp(hdr->value, "application/pkcs7-signature")) {
			ASN1err(ASN1_F_SMIME_READ_ASN1,
			    ASN1_R_SIG_INVALID_MIME_TYPE);
			ERR_asprintf_error_data("type: %s", hdr->value);
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		/* Read in ASN1 */
		if (!(val = b64_read_asn1(asnin, it))) {
			ASN1err(ASN1_F_SMIME_READ_ASN1,
			    ASN1_R_ASN1_SIG_PARSE_ERROR);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		if (bcont) {
			*bcont = sk_BIO_value(parts, 0);
			BIO_free(asnin);
			sk_BIO_free(parts);
		} else sk_BIO_pop_free(parts, BIO_vfree);
			return val;
	}

	/* OK, if not multipart/signed try opaque signature */

	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
	    strcmp (hdr->value, "application/pkcs7-mime")) {
		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
		ERR_asprintf_error_data("type: %s", hdr->value);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		return NULL;
	}

	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

	if (!(val = b64_read_asn1(bio, it))) {
		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
		return NULL;
	}
	return val;
}

/* Copy text from one BIO to another making the output CRLF at EOL */
int







|





|










<
|





<
|








<
|










<
|





<
|








<
|
















|








|







434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457

458
459
460
461
462
463

464
465
466
467
468
469
470
471
472

473
474
475
476
477
478
479
480
481
482
483

484
485
486
487
488
489

490
491
492
493
494
495
496
497
498

499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
	ASN1_VALUE *val;
	int ret;

	if (bcont)
		*bcont = NULL;

	if (!(headers = mime_parse_hdr(bio))) {
		ASN1error(ASN1_R_MIME_PARSE_ERROR);
		return NULL;
	}

	if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		ASN1error(ASN1_R_NO_CONTENT_TYPE);
		return NULL;
	}

	/* Handle multipart/signed */

	if (!strcmp(hdr->value, "multipart/signed")) {
		/* Split into two parts */
		prm = mime_param_find(hdr, "boundary");
		if (!prm || !prm->param_value) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

			ASN1error(ASN1_R_NO_MULTIPART_BOUNDARY);
			return NULL;
		}
		ret = multi_split(bio, prm->param_value, &parts);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		if (!ret || (sk_BIO_num(parts) != 2) ) {

			ASN1error(ASN1_R_NO_MULTIPART_BODY_FAILURE);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		/* Parse the signature piece */
		asnin = sk_BIO_value(parts, 1);

		if (!(headers = mime_parse_hdr(asnin))) {

			ASN1error(ASN1_R_MIME_SIG_PARSE_ERROR);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		/* Get content type */

		if (!(hdr = mime_hdr_find(headers, "content-type")) ||
		    !hdr->value) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			sk_BIO_pop_free(parts, BIO_vfree);

			ASN1error(ASN1_R_NO_SIG_CONTENT_TYPE);
			return NULL;
		}

		if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
		    strcmp(hdr->value, "application/pkcs7-signature")) {

			ASN1error(ASN1_R_SIG_INVALID_MIME_TYPE);
			ERR_asprintf_error_data("type: %s", hdr->value);
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		/* Read in ASN1 */
		if (!(val = b64_read_asn1(asnin, it))) {

			ASN1error(ASN1_R_ASN1_SIG_PARSE_ERROR);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		if (bcont) {
			*bcont = sk_BIO_value(parts, 0);
			BIO_free(asnin);
			sk_BIO_free(parts);
		} else sk_BIO_pop_free(parts, BIO_vfree);
			return val;
	}

	/* OK, if not multipart/signed try opaque signature */

	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
	    strcmp (hdr->value, "application/pkcs7-mime")) {
		ASN1error(ASN1_R_INVALID_MIME_TYPE);
		ERR_asprintf_error_data("type: %s", hdr->value);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		return NULL;
	}

	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

	if (!(val = b64_read_asn1(bio, it))) {
		ASN1error(ASN1_R_ASN1_PARSE_ERROR);
		return NULL;
	}
	return val;
}

/* Copy text from one BIO to another making the output CRLF at EOL */
int
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
{
	char iobuf[4096];
	int len;
	STACK_OF(MIME_HEADER) *headers;
	MIME_HEADER *hdr;

	if (!(headers = mime_parse_hdr(in))) {
		ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
		return 0;
	}
	if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
		ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		return 0;
	}
	if (strcmp (hdr->value, "text/plain")) {
		ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
		ERR_asprintf_error_data("type: %s", hdr->value);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		return 0;
	}
	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
		BIO_write(out, iobuf, len);







|



|




|







571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
{
	char iobuf[4096];
	int len;
	STACK_OF(MIME_HEADER) *headers;
	MIME_HEADER *hdr;

	if (!(headers = mime_parse_hdr(in))) {
		ASN1error(ASN1_R_MIME_PARSE_ERROR);
		return 0;
	}
	if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
		ASN1error(ASN1_R_MIME_NO_CONTENT_TYPE);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		return 0;
	}
	if (strcmp (hdr->value, "text/plain")) {
		ASN1error(ASN1_R_INVALID_MIME_TYPE);
		ERR_asprintf_error_data("type: %s", hdr->value);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		return 0;
	}
	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
		BIO_write(out, iobuf, len);
Changes to jni/libressl/crypto/asn1/asn_moid.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn_moid.c,v 1.11 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn_moid.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
	int i;
	const char *oid_section;
	STACK_OF(CONF_VALUE) *sktmp;
	CONF_VALUE *oval;

	oid_section = CONF_imodule_get_value(md);
	if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
		return 0;
	}
	for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
		oval = sk_CONF_VALUE_value(sktmp, i);
		if (!do_create(oval->value, oval->name)) {
			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
			return 0;
		}
	}
	return 1;
}

static void







|





|







75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
	int i;
	const char *oid_section;
	STACK_OF(CONF_VALUE) *sktmp;
	CONF_VALUE *oval;

	oid_section = CONF_imodule_get_value(md);
	if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
		ASN1error(ASN1_R_ERROR_LOADING_SECTION);
		return 0;
	}
	for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
		oval = sk_CONF_VALUE_value(sktmp, i);
		if (!do_create(oval->value, oval->name)) {
			ASN1error(ASN1_R_ADDING_OBJECT);
			return 0;
		}
	}
	return 1;
}

static void
Changes to jni/libressl/crypto/asn1/asn_pack.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn_pack.c,v 1.14 2014/07/11 13:41:59 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn_pack.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{
	STACK_OF(OPENSSL_BLOCK) *sk;
	const unsigned char *pbuf;

	pbuf = buf;
	if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
		ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
	return sk;
}

/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
 * OPENSSL_malloc'ed buffer
 */

unsigned char *
ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
    unsigned char **buf, int *len)
{
	int safelen;
	unsigned char *safe, *p;

	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
		return NULL;
	}
	if (!(safe = malloc(safelen))) {
		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	p = safe;
	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
								 IS_SEQUENCE);
	if (len)
		*len = safelen;







|
















|



|







73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{
	STACK_OF(OPENSSL_BLOCK) *sk;
	const unsigned char *pbuf;

	pbuf = buf;
	if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
		ASN1error(ASN1_R_DECODE_ERROR);
	return sk;
}

/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
 * OPENSSL_malloc'ed buffer
 */

unsigned char *
ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
    unsigned char **buf, int *len)
{
	int safelen;
	unsigned char *safe, *p;

	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
		ASN1error(ASN1_R_ENCODE_ERROR);
		return NULL;
	}
	if (!(safe = malloc(safelen))) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	p = safe;
	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
								 IS_SEQUENCE);
	if (len)
		*len = safelen;
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
{
	const unsigned char *p;
	char *ret;

	p = oct->data;
	if (!(ret = d2i(NULL, &p, oct->length)))
		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
	return ret;
}

/* Pack an ASN1 object into an ASN1_STRING */

ASN1_STRING *
ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
{
	unsigned char *p;
	ASN1_STRING *octmp;

	if (!oct || !*oct) {
		if (!(octmp = ASN1_STRING_new())) {
			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else
		octmp = *oct;
		
	if (!(octmp->length = i2d(obj, NULL))) {
		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
		goto err;
	}
	if (!(p = malloc (octmp->length))) {
		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	octmp->data = p;
	i2d (obj, &p);
	if (oct)
		*oct = octmp;
	return octmp;







|













|






|



|







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
{
	const unsigned char *p;
	char *ret;

	p = oct->data;
	if (!(ret = d2i(NULL, &p, oct->length)))
		ASN1error(ASN1_R_DECODE_ERROR);
	return ret;
}

/* Pack an ASN1 object into an ASN1_STRING */

ASN1_STRING *
ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
{
	unsigned char *p;
	ASN1_STRING *octmp;

	if (!oct || !*oct) {
		if (!(octmp = ASN1_STRING_new())) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else
		octmp = *oct;
		
	if (!(octmp->length = i2d(obj, NULL))) {
		ASN1error(ASN1_R_ENCODE_ERROR);
		goto err;
	}
	if (!(p = malloc (octmp->length))) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	octmp->data = p;
	i2d (obj, &p);
	if (oct)
		*oct = octmp;
	return octmp;
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
ASN1_STRING *
ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
{
	ASN1_STRING *octmp;

	if (!oct || !*oct) {
		if (!(octmp = ASN1_STRING_new ())) {
			ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else
		octmp = *oct;

	free(octmp->data);
	octmp->data = NULL;

	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
		ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
		goto err;
	}
	if (!octmp->data) {
		ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (oct)
		*oct = octmp;
	return octmp;
err:
	if (!oct || octmp != *oct)







|









|



|







170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
ASN1_STRING *
ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
{
	ASN1_STRING *octmp;

	if (!oct || !*oct) {
		if (!(octmp = ASN1_STRING_new ())) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else
		octmp = *oct;

	free(octmp->data);
	octmp->data = NULL;

	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
		ASN1error(ASN1_R_ENCODE_ERROR);
		goto err;
	}
	if (!octmp->data) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (oct)
		*oct = octmp;
	return octmp;
err:
	if (!oct || octmp != *oct)
206
207
208
209
210
211
212
213
214
215
ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
{
	const unsigned char *p;
	void *ret;

	p = oct->data;
	if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
		ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
	return ret;
}







|


206
207
208
209
210
211
212
213
214
215
ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
{
	const unsigned char *p;
	void *ret;

	p = oct->data;
	if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
		ASN1error(ASN1_R_DECODE_ERROR);
	return ret;
}
Changes to jni/libressl/crypto/asn1/bio_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_asn1.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_asn1.c,v 1.12 2015/12/23 01:46:33 mmcc Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/bio_ndef.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_ndef.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_ndef.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
{
	NDEF_SUPPORT *ndef_aux = NULL;
	BIO *asn_bio = NULL;
	const ASN1_AUX *aux = it->funcs;
	ASN1_STREAM_ARG sarg;

	if (!aux || !aux->asn1_cb) {
		ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
		return NULL;
	}
	ndef_aux = malloc(sizeof(NDEF_SUPPORT));
	asn_bio = BIO_new(BIO_f_asn1());

	/* ASN1 bio needs to be next to output BIO */








|







102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
{
	NDEF_SUPPORT *ndef_aux = NULL;
	BIO *asn_bio = NULL;
	const ASN1_AUX *aux = it->funcs;
	ASN1_STREAM_ARG sarg;

	if (!aux || !aux->asn1_cb) {
		ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
		return NULL;
	}
	ndef_aux = malloc(sizeof(NDEF_SUPPORT));
	asn_bio = BIO_new(BIO_f_asn1());

	/* ASN1 bio needs to be next to output BIO */

Changes to jni/libressl/crypto/asn1/charmap.h.
1
2
3
4


5
6
7
8
9
10
11
12
13
14
15


/* $OpenBSD$ */
/* Auto generated with chartype.pl script.
 * Mask of various character properties
 */



static const unsigned char char_type[] = {
	2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
	16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
	0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
	16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
	0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
	16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};


|



>
>











>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/* $OpenBSD: charmap.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */
/* Auto generated with chartype.pl script.
 * Mask of various character properties
 */

__BEGIN_HIDDEN_DECLS

static const unsigned char char_type[] = {
	2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
	16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
	0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
	16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
	0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
	16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/asn1/d2i_pr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d2i_pr.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d2i_pr.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
EVP_PKEY *
d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
{
	EVP_PKEY *ret;

	if ((a == NULL) || (*a == NULL)) {
		if ((ret = EVP_PKEY_new()) == NULL) {
			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
			return (NULL);
		}
	} else {
		ret = *a;
#ifndef OPENSSL_NO_ENGINE
		if (ret->engine) {
			ENGINE_finish(ret->engine);
			ret->engine = NULL;
		}
#endif
	}

	if (!EVP_PKEY_set_type(ret, type)) {
		ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
		goto err;
	}

	if (!ret->ameth->old_priv_decode ||
	    !ret->ameth->old_priv_decode(ret, pp, length)) {
		if (ret->ameth->priv_decode) {
			PKCS8_PRIV_KEY_INFO *p8 = NULL;
			p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
			if (!p8)
				goto err;
			EVP_PKEY_free(ret);
			ret = EVP_PKCS82PKEY(p8);
			PKCS8_PRIV_KEY_INFO_free(p8);
		} else {
			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
			goto err;
		}
	}
	if (a != NULL)
		(*a) = ret;
	return (ret);








|













|














|







76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
EVP_PKEY *
d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
{
	EVP_PKEY *ret;

	if ((a == NULL) || (*a == NULL)) {
		if ((ret = EVP_PKEY_new()) == NULL) {
			ASN1error(ERR_R_EVP_LIB);
			return (NULL);
		}
	} else {
		ret = *a;
#ifndef OPENSSL_NO_ENGINE
		if (ret->engine) {
			ENGINE_finish(ret->engine);
			ret->engine = NULL;
		}
#endif
	}

	if (!EVP_PKEY_set_type(ret, type)) {
		ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
		goto err;
	}

	if (!ret->ameth->old_priv_decode ||
	    !ret->ameth->old_priv_decode(ret, pp, length)) {
		if (ret->ameth->priv_decode) {
			PKCS8_PRIV_KEY_INFO *p8 = NULL;
			p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
			if (!p8)
				goto err;
			EVP_PKEY_free(ret);
			ret = EVP_PKCS82PKEY(p8);
			PKCS8_PRIV_KEY_INFO_free(p8);
		} else {
			ASN1error(ERR_R_ASN1_LIB);
			goto err;
		}
	}
	if (a != NULL)
		(*a) = ret;
	return (ret);

149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
		/* This seems to be PKCS8, not traditional format */
		PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(
		    NULL, pp, length);
		EVP_PKEY *ret;

		sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
		if (!p8) {
			ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
			    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
			return NULL;
		}
		ret = EVP_PKCS82PKEY(p8);
		PKCS8_PRIV_KEY_INFO_free(p8);
		if (a) {
			*a = ret;
		}
		return ret;
	} else
		keytype = EVP_PKEY_RSA;
	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
	return d2i_PrivateKey(keytype, a, pp, length);
}







<
|













149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
		/* This seems to be PKCS8, not traditional format */
		PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(
		    NULL, pp, length);
		EVP_PKEY *ret;

		sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
		if (!p8) {

			ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
			return NULL;
		}
		ret = EVP_PKCS82PKEY(p8);
		PKCS8_PRIV_KEY_INFO_free(p8);
		if (a) {
			*a = ret;
		}
		return ret;
	} else
		keytype = EVP_PKEY_RSA;
	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
	return d2i_PrivateKey(keytype, a, pp, length);
}
Changes to jni/libressl/crypto/asn1/d2i_pu.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d2i_pu.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d2i_pu.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
EVP_PKEY *
d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
{
	EVP_PKEY *ret;

	if ((a == NULL) || (*a == NULL)) {
		if ((ret = EVP_PKEY_new()) == NULL) {
			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
			return (NULL);
		}
	} else
		ret = *a;

	if (!EVP_PKEY_set_type(ret, type)) {
		ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
		goto err;
	}

	switch (EVP_PKEY_id(ret)) {
#ifndef OPENSSL_NO_RSA
	case EVP_PKEY_RSA:
		if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) ==
		    NULL) {
			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
			goto err;
		}
		break;
#endif
#ifndef OPENSSL_NO_DSA
	case EVP_PKEY_DSA:
		if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) {
			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
			goto err;
		}
		break;
#endif
#ifndef OPENSSL_NO_EC
	case EVP_PKEY_EC:
		if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) {
			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
			goto err;
		}
		break;
#endif
	default:
		ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
		goto err;
		/* break; */
	}
	if (a != NULL)
		(*a) = ret;
	return (ret);

err:
	if (a == NULL || *a != ret)
		EVP_PKEY_free(ret);
	return (NULL);
}







|






|








|







|







|





|












79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
EVP_PKEY *
d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
{
	EVP_PKEY *ret;

	if ((a == NULL) || (*a == NULL)) {
		if ((ret = EVP_PKEY_new()) == NULL) {
			ASN1error(ERR_R_EVP_LIB);
			return (NULL);
		}
	} else
		ret = *a;

	if (!EVP_PKEY_set_type(ret, type)) {
		ASN1error(ERR_R_EVP_LIB);
		goto err;
	}

	switch (EVP_PKEY_id(ret)) {
#ifndef OPENSSL_NO_RSA
	case EVP_PKEY_RSA:
		if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) ==
		    NULL) {
			ASN1error(ERR_R_ASN1_LIB);
			goto err;
		}
		break;
#endif
#ifndef OPENSSL_NO_DSA
	case EVP_PKEY_DSA:
		if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) {
			ASN1error(ERR_R_ASN1_LIB);
			goto err;
		}
		break;
#endif
#ifndef OPENSSL_NO_EC
	case EVP_PKEY_EC:
		if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) {
			ASN1error(ERR_R_ASN1_LIB);
			goto err;
		}
		break;
#endif
	default:
		ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
		goto err;
		/* break; */
	}
	if (a != NULL)
		(*a) = ret;
	return (ret);

err:
	if (a == NULL || *a != ret)
		EVP_PKEY_free(ret);
	return (NULL);
}
Changes to jni/libressl/crypto/asn1/evp_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_asn1.c,v 1.17 2015/09/30 18:41:06 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_asn1.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
{
	int ret, num;
	unsigned char *p;

	if ((a->type != V_ASN1_OCTET_STRING) ||
	    (a->value.octet_string == NULL)) {
		ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
		return (-1);
	}
	p = ASN1_STRING_data(a->value.octet_string);
	ret = ASN1_STRING_length(a->value.octet_string);
	if (ret < max_len)
		num = ret;
	else







|







83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
{
	int ret, num;
	unsigned char *p;

	if ((a->type != V_ASN1_OCTET_STRING) ||
	    (a->value.octet_string == NULL)) {
		ASN1error(ASN1_R_DATA_IS_WRONG);
		return (-1);
	}
	p = ASN1_STRING_data(a->value.octet_string);
	ret = ASN1_STRING_length(a->value.octet_string);
	if (ret < max_len)
		num = ret;
	else
188
189
190
191
192
193
194
195
196
197
198
199
200
201
	else
		n = max_len;

	if (data != NULL)
		memcpy(data, ASN1_STRING_data(os), n);
	if (0) {
err:
		ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,
		    ASN1_R_DATA_IS_WRONG);
	}
	ASN1_OCTET_STRING_free(os);
	ASN1_INTEGER_free(ai);
	return (ret);
}







<
|





188
189
190
191
192
193
194

195
196
197
198
199
200
	else
		n = max_len;

	if (data != NULL)
		memcpy(data, ASN1_STRING_data(os), n);
	if (0) {
err:

		ASN1error(ASN1_R_DATA_IS_WRONG);
	}
	ASN1_OCTET_STRING_free(os);
	ASN1_INTEGER_free(ai);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/f_enum.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: f_enum.c,v 1.13 2014/07/10 21:58:08 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: f_enum.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
				bufp += 2;
				i -= 2;
			}
		}
		k = 0;
		i -= again;
		if (i % 2 != 0) {
			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
			    ASN1_R_ODD_NUMBER_OF_CHARS);
			goto err;
		}
		i /= 2;
		if (num + i > slen) {
			sp = realloc(s, num + i);
			if (sp == NULL) {
				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			s = sp;
			slen = num + i;
		}
		for (j = 0; j < i; j++, k += 2) {
			for (n = 0; n < 2; n++) {
				m = bufp[k + n];
				if ((m >= '0') && (m <= '9'))
					m -= '0';
				else if ((m >= 'a') && (m <= 'f'))
					m = m - 'a' + 10;
				else if ((m >= 'A') && (m <= 'F'))
					m = m - 'A' + 10;
				else {
					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
					    ASN1_R_NON_HEX_CHARACTERS);
					goto err;
				}
				s[num + j] <<= 4;
				s[num + j] |= m;
			}
		}
		num += i;
		if (again)
			bufsize = BIO_gets(bp, buf, size);
		else
			break;
	}
	bs->length = num;
	bs->data = s;
	return (1);

err_sl:
	ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
err:
	free(s);
	return (ret);
}







<
|






<
|















<
|

















|




146
147
148
149
150
151
152

153
154
155
156
157
158
159

160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
				bufp += 2;
				i -= 2;
			}
		}
		k = 0;
		i -= again;
		if (i % 2 != 0) {

			ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
			goto err;
		}
		i /= 2;
		if (num + i > slen) {
			sp = realloc(s, num + i);
			if (sp == NULL) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			s = sp;
			slen = num + i;
		}
		for (j = 0; j < i; j++, k += 2) {
			for (n = 0; n < 2; n++) {
				m = bufp[k + n];
				if ((m >= '0') && (m <= '9'))
					m -= '0';
				else if ((m >= 'a') && (m <= 'f'))
					m = m - 'a' + 10;
				else if ((m >= 'A') && (m <= 'F'))
					m = m - 'A' + 10;
				else {

					ASN1error(ASN1_R_NON_HEX_CHARACTERS);
					goto err;
				}
				s[num + j] <<= 4;
				s[num + j] |= m;
			}
		}
		num += i;
		if (again)
			bufsize = BIO_gets(bp, buf, size);
		else
			break;
	}
	bs->length = num;
	bs->data = s;
	return (1);

err_sl:
	ASN1error(ASN1_R_SHORT_LINE);
err:
	free(s);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/f_int.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: f_int.c,v 1.16 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: f_int.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
				bufp += 2;
				i -= 2;
			}
		}
		k = 0;
		i -= again;
		if (i % 2 != 0) {
			ASN1err(ASN1_F_A2I_ASN1_INTEGER,
			    ASN1_R_ODD_NUMBER_OF_CHARS);
			goto err;
		}
		i /= 2;
		if (num + i > slen) {
			sp = OPENSSL_realloc_clean(s, slen, num + i);
			if (sp == NULL) {
				ASN1err(ASN1_F_A2I_ASN1_INTEGER,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			s = sp;
			slen = num + i;
		}
		for (j = 0; j < i; j++, k += 2) {
			for (n = 0; n < 2; n++) {
				m = bufp[k + n];
				if ((m >= '0') && (m <= '9'))
					m -= '0';
				else if ((m >= 'a') && (m <= 'f'))
					m = m - 'a' + 10;
				else if ((m >= 'A') && (m <= 'F'))
					m = m - 'A' + 10;
				else {
					ASN1err(ASN1_F_A2I_ASN1_INTEGER,
					    ASN1_R_NON_HEX_CHARACTERS);
					goto err;
				}
				s[num + j] <<= 4;
				s[num + j] |= m;
			}
		}
		num += i;
		if (again)
			bufsize = BIO_gets(bp, buf, size);
		else
			break;
	}
	bs->length = num;
	bs->data = s;
	return (1);

err_sl:
	ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
err:
	free(s);
	return (ret);
}







<
|






<
|















<
|

















|




149
150
151
152
153
154
155

156
157
158
159
160
161
162

163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
				bufp += 2;
				i -= 2;
			}
		}
		k = 0;
		i -= again;
		if (i % 2 != 0) {

			ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
			goto err;
		}
		i /= 2;
		if (num + i > slen) {
			sp = OPENSSL_realloc_clean(s, slen, num + i);
			if (sp == NULL) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			s = sp;
			slen = num + i;
		}
		for (j = 0; j < i; j++, k += 2) {
			for (n = 0; n < 2; n++) {
				m = bufp[k + n];
				if ((m >= '0') && (m <= '9'))
					m -= '0';
				else if ((m >= 'a') && (m <= 'f'))
					m = m - 'a' + 10;
				else if ((m >= 'A') && (m <= 'F'))
					m = m - 'A' + 10;
				else {

					ASN1error(ASN1_R_NON_HEX_CHARACTERS);
					goto err;
				}
				s[num + j] <<= 4;
				s[num + j] |= m;
			}
		}
		num += i;
		if (again)
			bufsize = BIO_gets(bp, buf, size);
		else
			break;
	}
	bs->length = num;
	bs->data = s;
	return (1);

err_sl:
	ASN1error(ASN1_R_SHORT_LINE);
err:
	free(s);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/f_string.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: f_string.c,v 1.15 2014/07/10 21:58:08 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: f_string.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
			goto err_sl;

		bufp = (unsigned char *)buf;

		k = 0;
		i -= again;
		if (i % 2 != 0) {
			ASN1err(ASN1_F_A2I_ASN1_STRING,
			    ASN1_R_ODD_NUMBER_OF_CHARS);
			goto err;
		}
		i /= 2;
		if (num + i > slen) {
			sp = realloc(s, num + i);
			if (sp == NULL) {
				ASN1err(ASN1_F_A2I_ASN1_STRING,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			s = sp;
			slen = num + i;
		}
		for (j = 0; j < i; j++, k += 2) {
			for (n = 0; n < 2; n++) {
				m = bufp[k + n];
				if ((m >= '0') && (m <= '9'))
					m -= '0';
				else if ((m >= 'a') && (m <= 'f'))
					m = m - 'a' + 10;
				else if ((m >= 'A') && (m <= 'F'))
					m = m - 'A' + 10;
				else {
					ASN1err(ASN1_F_A2I_ASN1_STRING,
					    ASN1_R_NON_HEX_CHARACTERS);
					goto err;
				}
				s[num + j] <<= 4;
				s[num + j] |= m;
			}
		}
		num += i;
		if (again)
			bufsize = BIO_gets(bp, buf, size);
		else
			break;
	}
	bs->length = num;
	bs->data = s;
	return (1);

err_sl:
	ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
err:
	free(s);
	return (ret);
}







<
|






<
|















<
|

















|




142
143
144
145
146
147
148

149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
			goto err_sl;

		bufp = (unsigned char *)buf;

		k = 0;
		i -= again;
		if (i % 2 != 0) {

			ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
			goto err;
		}
		i /= 2;
		if (num + i > slen) {
			sp = realloc(s, num + i);
			if (sp == NULL) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			s = sp;
			slen = num + i;
		}
		for (j = 0; j < i; j++, k += 2) {
			for (n = 0; n < 2; n++) {
				m = bufp[k + n];
				if ((m >= '0') && (m <= '9'))
					m -= '0';
				else if ((m >= 'a') && (m <= 'f'))
					m = m - 'a' + 10;
				else if ((m >= 'A') && (m <= 'F'))
					m = m - 'A' + 10;
				else {

					ASN1error(ASN1_R_NON_HEX_CHARACTERS);
					goto err;
				}
				s[num + j] <<= 4;
				s[num + j] |= m;
			}
		}
		num += i;
		if (again)
			bufsize = BIO_gets(bp, buf, size);
		else
			break;
	}
	bs->length = num;
	bs->data = s;
	return (1);

err_sl:
	ASN1error(ASN1_R_SHORT_LINE);
err:
	free(s);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/i2d_pr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i2d_pr.c,v 1.9 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i2d_pr.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
72
73
74
75
76
77
78
79
80
81
	}
	if (a->ameth && a->ameth->priv_encode) {
		PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
		int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
		PKCS8_PRIV_KEY_INFO_free(p8);
		return ret;
	}
	ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
	return (-1);
}







|


72
73
74
75
76
77
78
79
80
81
	}
	if (a->ameth && a->ameth->priv_encode) {
		PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
		int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
		PKCS8_PRIV_KEY_INFO_free(p8);
		return ret;
	}
	ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
	return (-1);
}
Changes to jni/libressl/crypto/asn1/i2d_pu.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i2d_pu.c,v 1.9 2014/07/10 22:45:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i2d_pu.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
88
89
90
91
92
93
94
95
96
97
98
		return (i2d_DSAPublicKey(a->pkey.dsa, pp));
#endif
#ifndef OPENSSL_NO_EC
	case EVP_PKEY_EC:
		return (i2o_ECPublicKey(a->pkey.ec, pp));
#endif
	default:
		ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
		return (-1);
	}
}







|



88
89
90
91
92
93
94
95
96
97
98
		return (i2d_DSAPublicKey(a->pkey.dsa, pp));
#endif
#ifndef OPENSSL_NO_EC
	case EVP_PKEY_EC:
		return (i2o_ECPublicKey(a->pkey.ec, pp));
#endif
	default:
		ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
		return (-1);
	}
}
Changes to jni/libressl/crypto/asn1/n_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: n_pkey.c,v 1.29 2015/10/16 15:12:30 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: n_pkey.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
		NETSCAPE_PKEY_free(pkey);
		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		return olen;
	}

	/* Since its RC4 encrypted length is actual length */
	if ((zz = malloc(rsalen)) == NULL) {
		ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	pkey->private_key->data = zz;
	/* Write out private key encoding */
	i2d_RSAPrivateKey(a, &zz);

	if ((zz = malloc(pkeylen)) == NULL) {
		ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
		ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	enckey->enckey->digest->data = zz;
	i2d_NETSCAPE_PKEY(pkey, &zz);

	/* Wipe the private key encoding */
	explicit_bzero(pkey->private_key->data, rsalen);

	if (cb == NULL)
		cb = EVP_read_pw_string;
	i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1);
	if (i != 0) {
		ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
		goto err;
	}
	i = strlen((char *)buf);
	/* If the key is used for SGC the algorithm is modified a little. */
	if (sgckey) {
		if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
			goto err;







|








|




|












|







256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
		NETSCAPE_PKEY_free(pkey);
		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		return olen;
	}

	/* Since its RC4 encrypted length is actual length */
	if ((zz = malloc(rsalen)) == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	pkey->private_key->data = zz;
	/* Write out private key encoding */
	i2d_RSAPrivateKey(a, &zz);

	if ((zz = malloc(pkeylen)) == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	enckey->enckey->digest->data = zz;
	i2d_NETSCAPE_PKEY(pkey, &zz);

	/* Wipe the private key encoding */
	explicit_bzero(pkey->private_key->data, rsalen);

	if (cb == NULL)
		cb = EVP_read_pw_string;
	i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1);
	if (i != 0) {
		ASN1error(ASN1_R_BAD_PASSWORD_READ);
		goto err;
	}
	i = strlen((char *)buf);
	/* If the key is used for SGC the algorithm is modified a little. */
	if (sgckey) {
		if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
			goto err;
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
	const unsigned char *p;
	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;

	p = *pp;

	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
	if (!enckey) {
		ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
		return NULL;
	}

	/* XXX 11 == strlen("private-key") */
	if (enckey->os->length != 11 ||
	    memcmp("private-key", enckey->os->data, 11) != 0) {
		ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
		goto err;
	}
	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
		ASN1err(ASN1_F_D2I_RSA_NET,
		    ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
		goto err;
	}
	if (cb == NULL)
		cb = EVP_read_pw_string;
	if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
	    sgckey)) == NULL)
		goto err;







|






|



<
|







336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353

354
355
356
357
358
359
360
361
	const unsigned char *p;
	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;

	p = *pp;

	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
	if (!enckey) {
		ASN1error(ASN1_R_DECODING_ERROR);
		return NULL;
	}

	/* XXX 11 == strlen("private-key") */
	if (enckey->os->length != 11 ||
	    memcmp("private-key", enckey->os->data, 11) != 0) {
		ASN1error(ASN1_R_PRIVATE_KEY_HEADER_MISSING);
		goto err;
	}
	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {

		ASN1error(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
		goto err;
	}
	if (cb == NULL)
		cb = EVP_read_pw_string;
	if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
	    sgckey)) == NULL)
		goto err;
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
	const unsigned char *zz;
	unsigned char key[EVP_MAX_KEY_LENGTH];
	EVP_CIPHER_CTX ctx;
	EVP_CIPHER_CTX_init(&ctx);

	i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0);
	if (i != 0) {
		ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
		goto err;
	}

	i = strlen((char *)buf);
	if (sgckey){
		if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
			goto err;







|







379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
	const unsigned char *zz;
	unsigned char key[EVP_MAX_KEY_LENGTH];
	EVP_CIPHER_CTX ctx;
	EVP_CIPHER_CTX_init(&ctx);

	i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0);
	if (i != 0) {
		ASN1error(ASN1_R_BAD_PASSWORD_READ);
		goto err;
	}

	i = strlen((char *)buf);
	if (sgckey){
		if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
			goto err;
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
	if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
		goto err;
	os->length = i + j;

	zz = os->data;

	if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
		ASN1err(ASN1_F_D2I_RSA_NET_2,
		    ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
		goto err;
	}

	zz = pkey->private_key->data;
	if ((ret = d2i_RSAPrivateKey(a, &zz,
	    pkey->private_key->length)) == NULL) {
		ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
		goto err;
	}

err:
	EVP_CIPHER_CTX_cleanup(&ctx);
	NETSCAPE_PKEY_free(pkey);
	return (ret);
}

#endif /* OPENSSL_NO_RC4 */

#endif







<
|






|












406
407
408
409
410
411
412

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
	if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
		goto err;
	os->length = i + j;

	zz = os->data;

	if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {

		ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
		goto err;
	}

	zz = pkey->private_key->data;
	if ((ret = d2i_RSAPrivateKey(a, &zz,
	    pkey->private_key->length)) == NULL) {
		ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
		goto err;
	}

err:
	EVP_CIPHER_CTX_cleanup(&ctx);
	NETSCAPE_PKEY_free(pkey);
	return (ret);
}

#endif /* OPENSSL_NO_RC4 */

#endif
Changes to jni/libressl/crypto/asn1/nsseq.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: nsseq.c,v 1.9 2015/02/11 03:39:51 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: nsseq.c,v 1.10 2015/02/11 04:00:39 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/p5_pbe.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p5_pbe.c,v 1.19 2015/02/11 03:39:51 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p5_pbe.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
	PBEPARAM *pbe = NULL;
	ASN1_STRING *pbe_str = NULL;
	unsigned char *sstr;

	pbe = PBEPARAM_new();
	if (!pbe) {
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (iter <= 0)
		iter = PKCS5_DEFAULT_ITER;
	if (!ASN1_INTEGER_set(pbe->iter, iter)) {
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!saltlen)
		saltlen = PKCS5_SALT_LEN;
	if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	sstr = ASN1_STRING_data(pbe->salt);
	if (salt)
		memcpy(sstr, salt, saltlen);
	else
		arc4random_buf(sstr, saltlen);

	if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	PBEPARAM_free(pbe);
	pbe = NULL;

	if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))







|





|





|








|
|







123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
	PBEPARAM *pbe = NULL;
	ASN1_STRING *pbe_str = NULL;
	unsigned char *sstr;

	pbe = PBEPARAM_new();
	if (!pbe) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (iter <= 0)
		iter = PKCS5_DEFAULT_ITER;
	if (!ASN1_INTEGER_set(pbe->iter, iter)) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!saltlen)
		saltlen = PKCS5_SALT_LEN;
	if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	sstr = ASN1_STRING_data(pbe->salt);
	if (salt)
		memcpy(sstr, salt, saltlen);
	else
		arc4random_buf(sstr, saltlen);

	if (!ASN1_item_pack(pbe, &PBEPARAM_it, &pbe_str)) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	PBEPARAM_free(pbe);
	pbe = NULL;

	if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

X509_ALGOR *
PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
{
	X509_ALGOR *ret;
	ret = X509_ALGOR_new();
	if (!ret) {
		ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
		return ret;

	X509_ALGOR_free(ret);
	return NULL;
}







|









170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

X509_ALGOR *
PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
{
	X509_ALGOR *ret;
	ret = X509_ALGOR_new();
	if (!ret) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
		return ret;

	X509_ALGOR_free(ret);
	return NULL;
}
Changes to jni/libressl/crypto/asn1/p5_pbev2.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p5_pbev2.c,v 1.22 2015/09/30 17:30:15 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999-2004.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p5_pbev2.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999-2004.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
	EVP_CIPHER_CTX ctx;
	unsigned char iv[EVP_MAX_IV_LENGTH];
	PBE2PARAM *pbe2 = NULL;
	ASN1_OBJECT *obj;

	alg_nid = EVP_CIPHER_type(cipher);
	if (alg_nid == NID_undef) {
		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
		ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
		goto err;
	}
	obj = OBJ_nid2obj(alg_nid);

	if (!(pbe2 = PBE2PARAM_new()))
		goto merr;








<
|







189
190
191
192
193
194
195

196
197
198
199
200
201
202
203
	EVP_CIPHER_CTX ctx;
	unsigned char iv[EVP_MAX_IV_LENGTH];
	PBE2PARAM *pbe2 = NULL;
	ASN1_OBJECT *obj;

	alg_nid = EVP_CIPHER_type(cipher);
	if (alg_nid == NID_undef) {

		ASN1error(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
		goto err;
	}
	obj = OBJ_nid2obj(alg_nid);

	if (!(pbe2 = PBE2PARAM_new()))
		goto merr;

219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234

	EVP_CIPHER_CTX_init(&ctx);

	/* Dummy cipherinit to just setup the IV, and PRF */
	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
		goto err;
	if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
		ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
		EVP_CIPHER_CTX_cleanup(&ctx);
		goto err;
	}
	/* If prf NID unspecified see if cipher has a preference.
	 * An error is OK here: just means use default PRF.
	 */
	if ((prf_nid == -1) &&







<
|







218
219
220
221
222
223
224

225
226
227
228
229
230
231
232

	EVP_CIPHER_CTX_init(&ctx);

	/* Dummy cipherinit to just setup the IV, and PRF */
	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
		goto err;
	if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {

		ASN1error(ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
		EVP_CIPHER_CTX_cleanup(&ctx);
		goto err;
	}
	/* If prf NID unspecified see if cipher has a preference.
	 * An error is OK here: just means use default PRF.
	 */
	if ((prf_nid == -1) &&
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
	if (!(ret->parameter = ASN1_TYPE_new()))
		goto merr;

	ret->algorithm = OBJ_nid2obj(NID_pbes2);

	/* Encode PBE2PARAM into parameter */

	if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
		&ret->parameter->value.sequence)) goto merr;
	ret->parameter->type = V_ASN1_SEQUENCE;

	PBE2PARAM_free(pbe2);
	pbe2 = NULL;

	return ret;

merr:
	ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);

err:
	PBE2PARAM_free(pbe2);
	/* Note 'scheme' is freed as part of pbe2 */
	X509_ALGOR_free(kalg);
	X509_ALGOR_free(ret);








|









|







259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
	if (!(ret->parameter = ASN1_TYPE_new()))
		goto merr;

	ret->algorithm = OBJ_nid2obj(NID_pbes2);

	/* Encode PBE2PARAM into parameter */

	if (!ASN1_item_pack(pbe2, &PBE2PARAM_it,
		&ret->parameter->value.sequence)) goto merr;
	ret->parameter->type = V_ASN1_SEQUENCE;

	PBE2PARAM_free(pbe2);
	pbe2 = NULL;

	return ret;

merr:
	ASN1error(ERR_R_MALLOC_FAILURE);

err:
	PBE2PARAM_free(pbe2);
	/* Note 'scheme' is freed as part of pbe2 */
	X509_ALGOR_free(kalg);
	X509_ALGOR_free(ret);

354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
	keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);

	/* Encode PBKDF2PARAM into parameter of pbe2 */

	if (!(keyfunc->parameter = ASN1_TYPE_new()))
		goto merr;

	if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
		&keyfunc->parameter->value.sequence))
		goto merr;
	keyfunc->parameter->type = V_ASN1_SEQUENCE;

	PBKDF2PARAM_free(kdf);
	return keyfunc;

merr:
	ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
	PBKDF2PARAM_free(kdf);
	X509_ALGOR_free(keyfunc);
	return NULL;
}







|








|




352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
	keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);

	/* Encode PBKDF2PARAM into parameter of pbe2 */

	if (!(keyfunc->parameter = ASN1_TYPE_new()))
		goto merr;

	if (!ASN1_item_pack(kdf, &PBKDF2PARAM_it,
		&keyfunc->parameter->value.sequence))
		goto merr;
	keyfunc->parameter->type = V_ASN1_SEQUENCE;

	PBKDF2PARAM_free(kdf);
	return keyfunc;

merr:
	ASN1error(ERR_R_MALLOC_FAILURE);
	PBKDF2PARAM_free(kdf);
	X509_ALGOR_free(keyfunc);
	return NULL;
}
Changes to jni/libressl/crypto/asn1/p8_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/t_bitst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_bitst.c,v 1.6 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_bitst.c,v 1.7 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/t_crl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_crl.c,v 1.15 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_crl.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
int
X509_CRL_print_fp(FILE *fp, X509_CRL *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = X509_CRL_print(b, x);
	BIO_free(b);
	return (ret);
}







|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
int
X509_CRL_print_fp(FILE *fp, X509_CRL *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		X509error(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = X509_CRL_print(b, x);
	BIO_free(b);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/t_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_pkey.c,v 1.15 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_pkey.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/t_req.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_req.c,v 1.17 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_req.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
int
X509_REQ_print_fp(FILE *fp, X509_REQ *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = X509_REQ_print(b, x);
	BIO_free(b);
	return (ret);
}







|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
int
X509_REQ_print_fp(FILE *fp, X509_REQ *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		X509error(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = X509_REQ_print(b, x);
	BIO_free(b);
	return (ret);
}
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
		if (!X509_signature_print(bp, x->sig_alg, x->signature))
			goto err;
	}

	return (1);

err:
	X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
	return (0);
}

int
X509_REQ_print(BIO *bp, X509_REQ *x)
{
	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
}







|








252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
		if (!X509_signature_print(bp, x->sig_alg, x->signature))
			goto err;
	}

	return (1);

err:
	X509error(ERR_R_BUF_LIB);
	return (0);
}

int
X509_REQ_print(BIO *bp, X509_REQ *x)
{
	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
}
Changes to jni/libressl/crypto/asn1/t_spki.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_spki.c,v 1.10 2014/07/10 22:45:56 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_spki.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/t_x509.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_x509.c,v 1.25 2014/07/12 16:33:25 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_x509.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
int
X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = X509_print_ex(b, x, nmflag, cflag);
	BIO_free(b);
	return (ret);
}







|







88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
int
X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		X509error(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = X509_print_ex(b, x, nmflag, cflag);
	BIO_free(b);
	return (ret);
}
526
527
528
529
530
531
532
533
534
535
536
537
		s++;
		l--;
	}

	ret = 1;
	if (0) {
err:
		X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
	}
	free(b);
	return (ret);
}







|




526
527
528
529
530
531
532
533
534
535
536
537
		s++;
		l--;
	}

	ret = 1;
	if (0) {
err:
		X509error(ERR_R_BUF_LIB);
	}
	free(b);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/t_x509a.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t_x509a.c,v 1.7 2014/06/12 15:49:27 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t_x509a.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/tasn_dec.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_dec.c,v 1.31 2016/05/04 14:53:29 tedu Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_dec.c,v 1.34 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
			/* tagging or OPTIONAL is currently illegal on an item
			 * template because the flags can't get passed down.
			 * In practice this isn't a problem: we include the
			 * relevant flags from the item template in the
			 * template itself.
			 */
			if ((tag != -1) || opt) {
				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
				    ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
				goto err;
			}
			return asn1_template_ex_d2i(pval, in, len,
			    it->templates, opt, ctx);
		}
		return asn1_d2i_ex_primitive(pval, in, len, it,
		    tag, aclass, opt, ctx);
		break;

	case ASN1_ITYPE_MSTRING:
		p = *in;
		/* Just read in tag and class */
		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
		    &p, len, -1, 0, 1, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}

		/* Must be UNIVERSAL class */
		if (oclass != V_ASN1_UNIVERSAL) {
			/* If OPTIONAL, assume this is OK */
			if (opt)
				return -1;
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ASN1_R_MSTRING_NOT_UNIVERSAL);
			goto err;
		}
		/* Check tag matches bit map */
		if (!(ASN1_tag2bit(otag) & it->utype)) {
			/* If OPTIONAL, assume this is OK */
			if (opt)
				return -1;
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ASN1_R_MSTRING_WRONG_TAG);
			goto err;
		}
		return asn1_d2i_ex_primitive(pval, in, len,
		    it, otag, 0, 0, ctx);

	case ASN1_ITYPE_EXTERN:
		/* Use new style d2i */







<
|















<
|








<
|







<
|







185
186
187
188
189
190
191

192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

208
209
210
211
212
213
214
215
216

217
218
219
220
221
222
223
224

225
226
227
228
229
230
231
232
			/* tagging or OPTIONAL is currently illegal on an item
			 * template because the flags can't get passed down.
			 * In practice this isn't a problem: we include the
			 * relevant flags from the item template in the
			 * template itself.
			 */
			if ((tag != -1) || opt) {

				ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
				goto err;
			}
			return asn1_template_ex_d2i(pval, in, len,
			    it->templates, opt, ctx);
		}
		return asn1_d2i_ex_primitive(pval, in, len, it,
		    tag, aclass, opt, ctx);
		break;

	case ASN1_ITYPE_MSTRING:
		p = *in;
		/* Just read in tag and class */
		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
		    &p, len, -1, 0, 1, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}

		/* Must be UNIVERSAL class */
		if (oclass != V_ASN1_UNIVERSAL) {
			/* If OPTIONAL, assume this is OK */
			if (opt)
				return -1;

			ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL);
			goto err;
		}
		/* Check tag matches bit map */
		if (!(ASN1_tag2bit(otag) & it->utype)) {
			/* If OPTIONAL, assume this is OK */
			if (opt)
				return -1;

			ASN1error(ASN1_R_MSTRING_WRONG_TAG);
			goto err;
		}
		return asn1_d2i_ex_primitive(pval, in, len,
		    it, otag, 0, 0, ctx);

	case ASN1_ITYPE_EXTERN:
		/* Use new style d2i */
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
			if ((i >= 0) && (i < it->tcount)) {
				tt = it->templates + i;
				pchptr = asn1_get_field_ptr(pval, tt);
				ASN1_template_free(pchptr, tt);
				asn1_set_choice_selector(pval, -1, it);
			}
		} else if (!ASN1_item_ex_new(pval, it)) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		/* CHOICE type, try each possibility in turn */
		p = *in;
		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
			pchptr = asn1_get_field_ptr(pval, tt);
			/* We mark field as OPTIONAL so its absence
			 * can be recognised.
			 */
			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
			/* If field not present, try the next one */
			if (ret == -1)
				continue;
			/* If positive return, read OK, break loop */
			if (ret > 0)
				break;
			/* Otherwise must be an ASN1 parsing error */
			errtt = tt;
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}

		/* Did we fall off the end without reading anything? */
		if (i == it->tcount) {
			/* If OPTIONAL, this is OK */
			if (opt) {
				/* Free and zero it */
				ASN1_item_ex_free(pval, it);
				return -1;
			}
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ASN1_R_NO_MATCHING_CHOICE_TYPE);
			goto err;
		}

		asn1_set_choice_selector(pval, i, it);
		*in = p;
		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
			goto auxerr;







<
|


















<
|











<
|







244
245
246
247
248
249
250

251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269

270
271
272
273
274
275
276
277
278
279
280
281

282
283
284
285
286
287
288
289
			if ((i >= 0) && (i < it->tcount)) {
				tt = it->templates + i;
				pchptr = asn1_get_field_ptr(pval, tt);
				ASN1_template_free(pchptr, tt);
				asn1_set_choice_selector(pval, -1, it);
			}
		} else if (!ASN1_item_ex_new(pval, it)) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		/* CHOICE type, try each possibility in turn */
		p = *in;
		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
			pchptr = asn1_get_field_ptr(pval, tt);
			/* We mark field as OPTIONAL so its absence
			 * can be recognised.
			 */
			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
			/* If field not present, try the next one */
			if (ret == -1)
				continue;
			/* If positive return, read OK, break loop */
			if (ret > 0)
				break;
			/* Otherwise must be an ASN1 parsing error */
			errtt = tt;

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}

		/* Did we fall off the end without reading anything? */
		if (i == it->tcount) {
			/* If OPTIONAL, this is OK */
			if (opt) {
				/* Free and zero it */
				ASN1_item_ex_free(pval, it);
				return -1;
			}

			ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE);
			goto err;
		}

		asn1_set_choice_selector(pval, i, it);
		*in = p;
		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
			goto auxerr;
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
			tag = V_ASN1_SEQUENCE;
			aclass = V_ASN1_UNIVERSAL;
		}
		/* Get SEQUENCE length and update len, p */
		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
		    &p, len, tag, aclass, opt, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		} else if (ret == -1)
			return -1;
		if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
			len = tmplen - (p - *in);
			seq_nolen = 1;
		}
		/* If indefinite we don't do a length check */
		else
			seq_nolen = seq_eoc;
		if (!cst) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
			goto err;
		}

		if (!*pval && !ASN1_item_ex_new(pval, it)) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}

		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
			goto auxerr;

		/* Free up and zero any ADB found */







<
|











<
|




<
|







299
300
301
302
303
304
305

306
307
308
309
310
311
312
313
314
315
316
317

318
319
320
321
322

323
324
325
326
327
328
329
330
			tag = V_ASN1_SEQUENCE;
			aclass = V_ASN1_UNIVERSAL;
		}
		/* Get SEQUENCE length and update len, p */
		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
		    &p, len, tag, aclass, opt, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		} else if (ret == -1)
			return -1;
		if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
			len = tmplen - (p - *in);
			seq_nolen = 1;
		}
		/* If indefinite we don't do a length check */
		else
			seq_nolen = seq_eoc;
		if (!cst) {

			ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
			goto err;
		}

		if (!*pval && !ASN1_item_ex_new(pval, it)) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}

		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
			goto auxerr;

		/* Free up and zero any ADB found */
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
			pseqval = asn1_get_field_ptr(pval, seqtt);
			/* Have we ran out of data? */
			if (!len)
				break;
			q = p;
			if (asn1_check_eoc(&p, len)) {
				if (!seq_eoc) {
					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
					    ASN1_R_UNEXPECTED_EOC);
					goto err;
				}
				len -= p - q;
				seq_eoc = 0;
				q = p;
				break;
			}







<
|







350
351
352
353
354
355
356

357
358
359
360
361
362
363
364
			pseqval = asn1_get_field_ptr(pval, seqtt);
			/* Have we ran out of data? */
			if (!len)
				break;
			q = p;
			if (asn1_check_eoc(&p, len)) {
				if (!seq_eoc) {

					ASN1error(ASN1_R_UNEXPECTED_EOC);
					goto err;
				}
				len -= p - q;
				seq_eoc = 0;
				q = p;
				break;
			}
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
			}
			/* Update length */
			len -= p - q;
		}

		/* Check for EOC if expecting one */
		if (seq_eoc && !asn1_check_eoc(&p, len)) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
			goto err;
		}
		/* Check all data read */
		if (!seq_nolen && len) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
			    ASN1_R_SEQUENCE_LENGTH_MISMATCH);
			goto err;
		}

		/* If we get here we've got no more data in the SEQUENCE,
		 * however we may not have read all fields so check all
		 * remaining are OPTIONAL and clear any that are.
		 */
		for (; i < it->tcount; tt++, i++) {
			const ASN1_TEMPLATE *seqtt;
			seqtt = asn1_do_adb(pval, tt, 1);
			if (!seqtt)
				goto err;
			if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
				ASN1_VALUE **pseqval;
				pseqval = asn1_get_field_ptr(pval, seqtt);
				ASN1_template_free(pseqval, seqtt);
			} else {
				errtt = seqtt;
				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
				    ASN1_R_FIELD_MISSING);
				goto err;
			}
		}
		/* Save encoding */
		if (!asn1_enc_save(pval, *in, p - *in, it)) {
			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_MALLOC_FAILURE);
			goto auxerr;
		}
		*in = p;
		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
			goto auxerr;
		return 1;

	default:
		return 0;
	}

auxerr:
	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
err:
	if (combine == 0)
		ASN1_item_ex_free(pval, it);
	if (errtt)
		ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
		    it->sname);
	else







|




<
|


















<
|





|












|







389
390
391
392
393
394
395
396
397
398
399
400

401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419

420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
			}
			/* Update length */
			len -= p - q;
		}

		/* Check for EOC if expecting one */
		if (seq_eoc && !asn1_check_eoc(&p, len)) {
			ASN1error(ASN1_R_MISSING_EOC);
			goto err;
		}
		/* Check all data read */
		if (!seq_nolen && len) {

			ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH);
			goto err;
		}

		/* If we get here we've got no more data in the SEQUENCE,
		 * however we may not have read all fields so check all
		 * remaining are OPTIONAL and clear any that are.
		 */
		for (; i < it->tcount; tt++, i++) {
			const ASN1_TEMPLATE *seqtt;
			seqtt = asn1_do_adb(pval, tt, 1);
			if (!seqtt)
				goto err;
			if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
				ASN1_VALUE **pseqval;
				pseqval = asn1_get_field_ptr(pval, seqtt);
				ASN1_template_free(pseqval, seqtt);
			} else {
				errtt = seqtt;

				ASN1error(ASN1_R_FIELD_MISSING);
				goto err;
			}
		}
		/* Save encoding */
		if (!asn1_enc_save(pval, *in, p - *in, it)) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			goto auxerr;
		}
		*in = p;
		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
			goto auxerr;
		return 1;

	default:
		return 0;
	}

auxerr:
	ASN1error(ASN1_R_AUX_ERROR);
err:
	if (combine == 0)
		ASN1_item_ex_free(pval, it);
	if (errtt)
		ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
		    it->sname);
	else
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
		 * content and where it starts: so read in EXPLICIT header to
		 * get the info.
		 */
		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
		    &p, inlen, tt->tag, aclass, opt, ctx);
		q = p;
		if (!ret) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			return 0;
		} else if (ret == -1)
			return -1;
		if (!cst) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
			    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
			return 0;
		}
		/* We've found the field so it can't be OPTIONAL now */
		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}
		/* We read the field in OK so update length */
		len -= p - q;
		if (exp_eoc) {
			/* If NDEF we must have an EOC here */
			if (!asn1_check_eoc(&p, len)) {
				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
				    ASN1_R_MISSING_EOC);
				goto err;
			}
		} else {
			/* Otherwise we must hit the EXPLICIT tag end or its
			 * an error */
			if (len) {
				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
				    ASN1_R_EXPLICIT_LENGTH_MISMATCH);
				goto err;
			}
		}
	} else
		return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);

	*in = p;







<
|




<
|





<
|







<
|






<
|







476
477
478
479
480
481
482

483
484
485
486
487

488
489
490
491
492
493

494
495
496
497
498
499
500
501

502
503
504
505
506
507
508

509
510
511
512
513
514
515
516
		 * content and where it starts: so read in EXPLICIT header to
		 * get the info.
		 */
		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
		    &p, inlen, tt->tag, aclass, opt, ctx);
		q = p;
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			return 0;
		} else if (ret == -1)
			return -1;
		if (!cst) {

			ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
			return 0;
		}
		/* We've found the field so it can't be OPTIONAL now */
		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}
		/* We read the field in OK so update length */
		len -= p - q;
		if (exp_eoc) {
			/* If NDEF we must have an EOC here */
			if (!asn1_check_eoc(&p, len)) {

				ASN1error(ASN1_R_MISSING_EOC);
				goto err;
			}
		} else {
			/* Otherwise we must hit the EXPLICIT tag end or its
			 * an error */
			if (len) {

				ASN1error(ASN1_R_EXPLICIT_LENGTH_MISMATCH);
				goto err;
			}
		}
	} else
		return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);

	*in = p;
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
			else
				sktag = V_ASN1_SEQUENCE;
		}
		/* Get the tag */
		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
		    &p, len, sktag, skaclass, opt, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			return 0;
		} else if (ret == -1)
			return -1;
		if (!*val)
			*val = (ASN1_VALUE *)sk_new_null();
		else {
			/* We've got a valid STACK: free up any items present */
			STACK_OF(ASN1_VALUE) *sktmp =
			    (STACK_OF(ASN1_VALUE) *)*val;
			ASN1_VALUE *vtmp;
			while (sk_ASN1_VALUE_num(sktmp) > 0) {
				vtmp = sk_ASN1_VALUE_pop(sktmp);
				ASN1_item_ex_free(&vtmp,
				    ASN1_ITEM_ptr(tt->item));
			}
		}

		if (!*val) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}

		/* Read as many items as we can */
		while (len > 0) {
			ASN1_VALUE *skfield;
			q = p;
			/* See if EOC found */
			if (asn1_check_eoc(&p, len)) {
				if (!sk_eoc) {
					ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
					    ASN1_R_UNEXPECTED_EOC);
					goto err;
				}
				len -= p - q;
				sk_eoc = 0;
				break;
			}
			skfield = NULL;
			if (!ASN1_item_ex_d2i(&skfield, &p, len,
			    ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
				    ERR_R_NESTED_ASN1_ERROR);
				goto err;
			}
			len -= p - q;
			if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
			    skfield)) {
				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
		if (sk_eoc) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
			    ASN1_R_MISSING_EOC);
			goto err;
		}
	} else if (flags & ASN1_TFLG_IMPTAG) {
		/* IMPLICIT tagging */
		ret = ASN1_item_ex_d2i(val, &p, len,
		    ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		} else if (ret == -1)
			return -1;
	} else {
		/* Nothing special */
		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
		    -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
			    ERR_R_NESTED_ASN1_ERROR);
			goto err;
		} else if (ret == -1)
			return -1;
	}

	*in = p;
	return 1;







<
|













|




<
|










<
|








|
<
|





<
|




<
|





|

<
|





|


<
|







552
553
554
555
556
557
558

559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577

578
579
580
581
582
583
584
585
586
587
588

589
590
591
592
593
594
595
596
597
598

599
600
601
602
603
604

605
606
607
608
609

610
611
612
613
614
615
616
617

618
619
620
621
622
623
624
625
626

627
628
629
630
631
632
633
634
			else
				sktag = V_ASN1_SEQUENCE;
		}
		/* Get the tag */
		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
		    &p, len, sktag, skaclass, opt, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			return 0;
		} else if (ret == -1)
			return -1;
		if (!*val)
			*val = (ASN1_VALUE *)sk_new_null();
		else {
			/* We've got a valid STACK: free up any items present */
			STACK_OF(ASN1_VALUE) *sktmp =
			    (STACK_OF(ASN1_VALUE) *)*val;
			ASN1_VALUE *vtmp;
			while (sk_ASN1_VALUE_num(sktmp) > 0) {
				vtmp = sk_ASN1_VALUE_pop(sktmp);
				ASN1_item_ex_free(&vtmp,
				    tt->item);
			}
		}

		if (!*val) {

			ASN1error(ERR_R_MALLOC_FAILURE);
			goto err;
		}

		/* Read as many items as we can */
		while (len > 0) {
			ASN1_VALUE *skfield;
			q = p;
			/* See if EOC found */
			if (asn1_check_eoc(&p, len)) {
				if (!sk_eoc) {

					ASN1error(ASN1_R_UNEXPECTED_EOC);
					goto err;
				}
				len -= p - q;
				sk_eoc = 0;
				break;
			}
			skfield = NULL;
			if (!ASN1_item_ex_d2i(&skfield, &p, len,
			    tt->item, -1, 0, 0, ctx)) {

				ASN1error(ERR_R_NESTED_ASN1_ERROR);
				goto err;
			}
			len -= p - q;
			if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
			    skfield)) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
		if (sk_eoc) {

			ASN1error(ASN1_R_MISSING_EOC);
			goto err;
		}
	} else if (flags & ASN1_TFLG_IMPTAG) {
		/* IMPLICIT tagging */
		ret = ASN1_item_ex_d2i(val, &p, len,
		    tt->item, tt->tag, aclass, opt, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		} else if (ret == -1)
			return -1;
	} else {
		/* Nothing special */
		ret = ASN1_item_ex_d2i(val, &p, len, tt->item,
		    -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			goto err;
		} else if (ret == -1)
			return -1;
	}

	*in = p;
	return 1;
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
	long len;

	buf.length = 0;
	buf.max = 0;
	buf.data = NULL;

	if (!pval) {
		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
		return 0; /* Should never happen */
	}

	if (it->itype == ASN1_ITYPE_MSTRING) {
		utype = tag;
		tag = -1;
	} else
		utype = it->utype;

	if (utype == V_ASN1_ANY) {
		/* If type is ANY need to figure out type from tag */
		unsigned char oclass;
		if (tag >= 0) {
			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
			    ASN1_R_ILLEGAL_TAGGED_ANY);
			return 0;
		}
		if (opt) {
			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
			    ASN1_R_ILLEGAL_OPTIONAL_ANY);
			return 0;
		}
		p = *in;
		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
		    &p, inlen, -1, 0, 0, ctx);
		if (!ret) {
			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
			    ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}
		if (oclass != V_ASN1_UNIVERSAL)
			utype = V_ASN1_OTHER;
	}
	if (tag == -1) {
		tag = utype;
		aclass = V_ASN1_UNIVERSAL;
	}
	p = *in;
	/* Check header */
	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
	    &p, inlen, tag, aclass, opt, ctx);
	if (!ret) {
		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
		return 0;
	} else if (ret == -1)
		return -1;
	ret = 0;
	/* SEQUENCE, SET and "OTHER" are left in encoded form */
	if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
	    (utype == V_ASN1_OTHER)) {
		/* Clear context cache for type OTHER because the auto clear
		 * when we have a exact match wont work
		 */
		if (utype == V_ASN1_OTHER) {
			asn1_tlc_clear(ctx);
		}
		/* SEQUENCE and SET must be constructed */
		else if (!cst) {
			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
			    ASN1_R_TYPE_NOT_CONSTRUCTED);
			return 0;
		}

		cont = *in;
		/* If indefinite length constructed find the real end */
		if (inf) {
			if (!asn1_find_end(&p, plen, inf))







|













<
|



<
|






<
|














|















<
|







651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671

672
673
674
675

676
677
678
679
680
681
682

683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713

714
715
716
717
718
719
720
721
	long len;

	buf.length = 0;
	buf.max = 0;
	buf.data = NULL;

	if (!pval) {
		ASN1error(ASN1_R_ILLEGAL_NULL);
		return 0; /* Should never happen */
	}

	if (it->itype == ASN1_ITYPE_MSTRING) {
		utype = tag;
		tag = -1;
	} else
		utype = it->utype;

	if (utype == V_ASN1_ANY) {
		/* If type is ANY need to figure out type from tag */
		unsigned char oclass;
		if (tag >= 0) {

			ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY);
			return 0;
		}
		if (opt) {

			ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY);
			return 0;
		}
		p = *in;
		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
		    &p, inlen, -1, 0, 0, ctx);
		if (!ret) {

			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}
		if (oclass != V_ASN1_UNIVERSAL)
			utype = V_ASN1_OTHER;
	}
	if (tag == -1) {
		tag = utype;
		aclass = V_ASN1_UNIVERSAL;
	}
	p = *in;
	/* Check header */
	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
	    &p, inlen, tag, aclass, opt, ctx);
	if (!ret) {
		ASN1error(ERR_R_NESTED_ASN1_ERROR);
		return 0;
	} else if (ret == -1)
		return -1;
	ret = 0;
	/* SEQUENCE, SET and "OTHER" are left in encoded form */
	if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
	    (utype == V_ASN1_OTHER)) {
		/* Clear context cache for type OTHER because the auto clear
		 * when we have a exact match wont work
		 */
		if (utype == V_ASN1_OTHER) {
			asn1_tlc_clear(ctx);
		}
		/* SEQUENCE and SET must be constructed */
		else if (!cst) {

			ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED);
			return 0;
		}

		cont = *in;
		/* If indefinite length constructed find the real end */
		if (inf) {
			if (!asn1_find_end(&p, plen, inf))
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
			free_cont = 1;
			goto err;
		}
		len = buf.length;
		/* Append a final null to string */
		if (!BUF_MEM_grow_clean(&buf, len + 1)) {
			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		buf.data[len] = 0;
		cont = (const unsigned char *)buf.data;
		free_cont = 1;
	} else {
		cont = p;







<
|







736
737
738
739
740
741
742

743
744
745
746
747
748
749
750
		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
			free_cont = 1;
			goto err;
		}
		len = buf.length;
		/* Append a final null to string */
		if (!BUF_MEM_grow_clean(&buf, len + 1)) {

			ASN1error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		buf.data[len] = 0;
		cont = (const unsigned char *)buf.data;
		free_cont = 1;
	} else {
		cont = p;
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
	case V_ASN1_OBJECT:
		if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
			goto err;
		break;

	case V_ASN1_NULL:
		if (len) {
			ASN1err(ASN1_F_ASN1_EX_C2I,
			    ASN1_R_NULL_IS_WRONG_LENGTH);
			goto err;
		}
		*pval = (ASN1_VALUE *)1;
		break;

	case V_ASN1_BOOLEAN:
		if (len != 1) {
			ASN1err(ASN1_F_ASN1_EX_C2I,
			    ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
			goto err;
		} else {
			ASN1_BOOLEAN *tbool;
			tbool = (ASN1_BOOLEAN *)pval;
			*tbool = *cont;
		}
		break;







<
|







<
|







801
802
803
804
805
806
807

808
809
810
811
812
813
814
815

816
817
818
819
820
821
822
823
	case V_ASN1_OBJECT:
		if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
			goto err;
		break;

	case V_ASN1_NULL:
		if (len) {

			ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH);
			goto err;
		}
		*pval = (ASN1_VALUE *)1;
		break;

	case V_ASN1_BOOLEAN:
		if (len != 1) {

			ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
			goto err;
		} else {
			ASN1_BOOLEAN *tbool;
			tbool = (ASN1_BOOLEAN *)pval;
			*tbool = *cont;
		}
		break;
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
	case V_ASN1_BMPSTRING:
	case V_ASN1_UTF8STRING:
	case V_ASN1_OTHER:
	case V_ASN1_SET:
	case V_ASN1_SEQUENCE:
	default:
		if (utype == V_ASN1_BMPSTRING && (len & 1)) {
			ASN1err(ASN1_F_ASN1_EX_C2I,
			    ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
			goto err;
		}
		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
			ASN1err(ASN1_F_ASN1_EX_C2I,
			    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
			goto err;
		}
		/* All based on ASN1_STRING and handled the same */
		if (!*pval) {
			stmp = ASN1_STRING_type_new(utype);
			if (!stmp) {
				ASN1err(ASN1_F_ASN1_EX_C2I,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			*pval = (ASN1_VALUE *)stmp;
		} else {
			stmp = (ASN1_STRING *)*pval;
			stmp->type = utype;
		}
		/* If we've already allocated a buffer use it */
		if (*free_cont) {
			free(stmp->data);
			stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
			stmp->length = len;
			*free_cont = 0;
		} else {
			if (!ASN1_STRING_set(stmp, cont, len)) {
				ASN1err(ASN1_F_ASN1_EX_C2I,
				    ERR_R_MALLOC_FAILURE);
				ASN1_STRING_free(stmp);
				*pval = NULL;
				goto err;
			}
		}
		break;
	}







<
|



<
|






<
|















<
|







851
852
853
854
855
856
857

858
859
860
861

862
863
864
865
866
867
868

869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884

885
886
887
888
889
890
891
892
	case V_ASN1_BMPSTRING:
	case V_ASN1_UTF8STRING:
	case V_ASN1_OTHER:
	case V_ASN1_SET:
	case V_ASN1_SEQUENCE:
	default:
		if (utype == V_ASN1_BMPSTRING && (len & 1)) {

			ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
			goto err;
		}
		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {

			ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
			goto err;
		}
		/* All based on ASN1_STRING and handled the same */
		if (!*pval) {
			stmp = ASN1_STRING_type_new(utype);
			if (!stmp) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			*pval = (ASN1_VALUE *)stmp;
		} else {
			stmp = (ASN1_STRING *)*pval;
			stmp->type = utype;
		}
		/* If we've already allocated a buffer use it */
		if (*free_cont) {
			free(stmp->data);
			stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
			stmp->length = len;
			*free_cont = 0;
		} else {
			if (!ASN1_STRING_set(stmp, cont, len)) {

				ASN1error(ERR_R_MALLOC_FAILURE);
				ASN1_STRING_free(stmp);
				*pval = NULL;
				goto err;
			}
		}
		break;
	}
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
			len -= 2;
			continue;
		}
		q = p;
		/* Just read in a header: only care about the length */
		if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
		    -1, 0, 0, NULL)) {
			ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}
		if (inf)
			expected_eoc++;
		else
			p += plen;
		len -= p - q;
	}
	if (expected_eoc) {
		ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
		return 0;
	}
	*in = p;
	return 1;
}
/* This function collects the asn1 data from a constructred string
 * type into a buffer. The values of 'in' and 'len' should refer







|









|







938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
			len -= 2;
			continue;
		}
		q = p;
		/* Just read in a header: only care about the length */
		if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
		    -1, 0, 0, NULL)) {
			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}
		if (inf)
			expected_eoc++;
		else
			p += plen;
		len -= p - q;
	}
	if (expected_eoc) {
		ASN1error(ASN1_R_MISSING_EOC);
		return 0;
	}
	*in = p;
	return 1;
}
/* This function collects the asn1 data from a constructred string
 * type into a buffer. The values of 'in' and 'len' should refer
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
	while (len > 0) {
		q = p;
		/* Check for EOC */
		if (asn1_check_eoc(&p, len)) {
			/* EOC is illegal outside indefinite length
			 * constructed form */
			if (!inf) {
				ASN1err(ASN1_F_ASN1_COLLECT,
				    ASN1_R_UNEXPECTED_EOC);
				return 0;
			}
			inf = 0;
			break;
		}

		if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
		    len, tag, aclass, 0, NULL)) {
			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}

		/* If indefinite length constructed update max length */
		if (cst) {
			if (depth >= ASN1_MAX_STRING_NEST) {
				ASN1err(ASN1_F_ASN1_COLLECT,
				    ASN1_R_NESTED_ASN1_STRING);
				return 0;
			}
			if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
			    depth + 1))
				return 0;
		} else if (plen && !collect_data(buf, &p, plen))
			return 0;
		len -= p - q;
	}
	if (inf) {
		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
		return 0;
	}
	*in = p;
	return 1;
}

static int
collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
{
	int len;
	if (buf) {
		len = buf->length;
		if (!BUF_MEM_grow_clean(buf, len + plen)) {
			ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		memcpy(buf->data + len, *p, plen);
	}
	*p += plen;
	return 1;
}







<
|








|






<
|










|













|







992
993
994
995
996
997
998

999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014

1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
	while (len > 0) {
		q = p;
		/* Check for EOC */
		if (asn1_check_eoc(&p, len)) {
			/* EOC is illegal outside indefinite length
			 * constructed form */
			if (!inf) {

				ASN1error(ASN1_R_UNEXPECTED_EOC);
				return 0;
			}
			inf = 0;
			break;
		}

		if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
		    len, tag, aclass, 0, NULL)) {
			ASN1error(ERR_R_NESTED_ASN1_ERROR);
			return 0;
		}

		/* If indefinite length constructed update max length */
		if (cst) {
			if (depth >= ASN1_MAX_STRING_NEST) {

				ASN1error(ASN1_R_NESTED_ASN1_STRING);
				return 0;
			}
			if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
			    depth + 1))
				return 0;
		} else if (plen && !collect_data(buf, &p, plen))
			return 0;
		len -= p - q;
	}
	if (inf) {
		ASN1error(ASN1_R_MISSING_EOC);
		return 0;
	}
	*in = p;
	return 1;
}

static int
collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
{
	int len;
	if (buf) {
		len = buf->length;
		if (!BUF_MEM_grow_clean(buf, len + plen)) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		memcpy(buf->data + len, *p, plen);
	}
	*p += plen;
	return 1;
}
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
			ctx->ptag = ptag;
			ctx->hdrlen = p - q;
			ctx->valid = 1;
			/* If definite length, and no error, length +
			 * header can't exceed total amount of data available.
			 */
			if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
				ASN1err(ASN1_F_ASN1_CHECK_TLEN,
				    ASN1_R_TOO_LONG);
				asn1_tlc_clear(ctx);
				return 0;
			}
		}
	}

	if (i & 0x80) {
		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
		asn1_tlc_clear(ctx);
		return 0;
	}
	if (exptag >= 0) {
		if ((exptag != ptag) || (expclass != pclass)) {
			/* If type is OPTIONAL, not an error:
			 * indicate missing type.
			 */
			if (opt)
				return -1;
			asn1_tlc_clear(ctx);
			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
			return 0;
		}
		/* We have a tag and class match:
		 * assume we are going to do something with it */
		asn1_tlc_clear(ctx);
	}








<
|







|











|







1098
1099
1100
1101
1102
1103
1104

1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
			ctx->ptag = ptag;
			ctx->hdrlen = p - q;
			ctx->valid = 1;
			/* If definite length, and no error, length +
			 * header can't exceed total amount of data available.
			 */
			if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {

				ASN1error(ASN1_R_TOO_LONG);
				asn1_tlc_clear(ctx);
				return 0;
			}
		}
	}

	if (i & 0x80) {
		ASN1error(ASN1_R_BAD_OBJECT_HEADER);
		asn1_tlc_clear(ctx);
		return 0;
	}
	if (exptag >= 0) {
		if ((exptag != ptag) || (expclass != pclass)) {
			/* If type is OPTIONAL, not an error:
			 * indicate missing type.
			 */
			if (opt)
				return -1;
			asn1_tlc_clear(ctx);
			ASN1error(ASN1_R_WRONG_TAG);
			return 0;
		}
		/* We have a tag and class match:
		 * assume we are going to do something with it */
		asn1_tlc_clear(ctx);
	}

Changes to jni/libressl/crypto/asn1/tasn_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_enc.c,v 1.19 2016/05/04 14:53:29 tedu Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_enc.c,v 1.21 2016/12/30 16:04:34 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stddef.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>

static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
    const ASN1_ITEM *it, int tag, int aclass);







<
<
<







54
55
56
57
58
59
60



61
62
63
64
65
66
67
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stddef.h>
#include <string.h>




#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>

static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
    const ASN1_ITEM *it, int tag, int aclass);
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
		}

		/* Determine total length of items */
		skcontlen = 0;
		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
			skitem = sk_ASN1_VALUE_value(sk, i);
			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
			    ASN1_ITEM_ptr(tt->item), -1, iclass);
		}
		sklen = ASN1_object_size(ndef, skcontlen, sktag);
		/* If EXPLICIT need length of surrounding tag */
		if (flags & ASN1_TFLG_EXPTAG)
			ret = ASN1_object_size(ndef, sklen, ttag);
		else
			ret = sklen;

		if (!out)
			return ret;

		/* Now encode this lot... */
		/* EXPLICIT tag */
		if (flags & ASN1_TFLG_EXPTAG)
			ASN1_put_object(out, ndef, sklen, ttag, tclass);
		/* SET or SEQUENCE and IMPLICIT tag */
		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
		/* And the stuff itself */
		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
		    isset, iclass);
		if (ndef == 2) {
			ASN1_put_eoc(out);
			if (flags & ASN1_TFLG_EXPTAG)
				ASN1_put_eoc(out);
		}

		return ret;
	}

	if (flags & ASN1_TFLG_EXPTAG) {
		/* EXPLICIT tagging */
		/* Find length of tagged item */
		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
		    -1, iclass);
		if (!i)
			return 0;
		/* Find length of EXPLICIT tag */
		ret = ASN1_object_size(ndef, i, ttag);
		if (out) {
			/* Output tag and item */
			ASN1_put_object(out, ndef, i, ttag, tclass);
			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
			    -1, iclass);
			if (ndef == 2)
				ASN1_put_eoc(out);
		}
		return ret;
	}

	/* Either normal or IMPLICIT tagging: combine class and flags */
	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
	    ttag, tclass | iclass);
}

/* Temporary structure used to hold DER encoding of items for SET OF */

typedef	struct {
	unsigned char *data;







|


















|













|








|








|







326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
		}

		/* Determine total length of items */
		skcontlen = 0;
		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
			skitem = sk_ASN1_VALUE_value(sk, i);
			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
			    tt->item, -1, iclass);
		}
		sklen = ASN1_object_size(ndef, skcontlen, sktag);
		/* If EXPLICIT need length of surrounding tag */
		if (flags & ASN1_TFLG_EXPTAG)
			ret = ASN1_object_size(ndef, sklen, ttag);
		else
			ret = sklen;

		if (!out)
			return ret;

		/* Now encode this lot... */
		/* EXPLICIT tag */
		if (flags & ASN1_TFLG_EXPTAG)
			ASN1_put_object(out, ndef, sklen, ttag, tclass);
		/* SET or SEQUENCE and IMPLICIT tag */
		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
		/* And the stuff itself */
		asn1_set_seq_out(sk, out, skcontlen, tt->item,
		    isset, iclass);
		if (ndef == 2) {
			ASN1_put_eoc(out);
			if (flags & ASN1_TFLG_EXPTAG)
				ASN1_put_eoc(out);
		}

		return ret;
	}

	if (flags & ASN1_TFLG_EXPTAG) {
		/* EXPLICIT tagging */
		/* Find length of tagged item */
		i = ASN1_item_ex_i2d(pval, NULL, tt->item,
		    -1, iclass);
		if (!i)
			return 0;
		/* Find length of EXPLICIT tag */
		ret = ASN1_object_size(ndef, i, ttag);
		if (out) {
			/* Output tag and item */
			ASN1_put_object(out, ndef, i, ttag, tclass);
			ASN1_item_ex_i2d(pval, out, tt->item,
			    -1, iclass);
			if (ndef == 2)
				ASN1_put_eoc(out);
		}
		return ret;
	}

	/* Either normal or IMPLICIT tagging: combine class and flags */
	return ASN1_item_ex_i2d(pval, out, tt->item,
	    ttag, tclass | iclass);
}

/* Temporary structure used to hold DER encoding of items for SET OF */

typedef	struct {
	unsigned char *data;
Changes to jni/libressl/crypto/asn1/tasn_fre.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_fre.c,v 1.13 2015/02/14 13:32:46 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_fre.c,v 1.15 2016/12/30 16:04:34 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
{
	int i;
	if (tt->flags & ASN1_TFLG_SK_MASK) {
		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
			ASN1_VALUE *vtmp;
			vtmp = sk_ASN1_VALUE_value(sk, i);
			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
			    0);
		}
		sk_ASN1_VALUE_free(sk);
		*pval = NULL;
	} else
		asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
		    tt->flags & ASN1_TFLG_COMBINE);
}

void
ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
	int utype;







|





|







172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
{
	int i;
	if (tt->flags & ASN1_TFLG_SK_MASK) {
		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
			ASN1_VALUE *vtmp;
			vtmp = sk_ASN1_VALUE_value(sk, i);
			asn1_item_combine_free(&vtmp, tt->item,
			    0);
		}
		sk_ASN1_VALUE_free(sk);
		*pval = NULL;
	} else
		asn1_item_combine_free(pval, tt->item,
		    tt->flags & ASN1_TFLG_COMBINE);
}

void
ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
	int utype;
Changes to jni/libressl/crypto/asn1/tasn_new.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_new.c,v 1.14 2015/02/14 15:23:57 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_new.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
#ifdef CRYPTO_MDEBUG
	if (it->sname)
		CRYPTO_pop_info();
#endif
	return 1;

memerr:
	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
	if (it->sname)
		CRYPTO_pop_info();
#endif
	return 0;

auxerr:
	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
	ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG
	if (it->sname)
		CRYPTO_pop_info();
#endif
	return 0;








|







|







186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
#ifdef CRYPTO_MDEBUG
	if (it->sname)
		CRYPTO_pop_info();
#endif
	return 1;

memerr:
	ASN1error(ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
	if (it->sname)
		CRYPTO_pop_info();
#endif
	return 0;

auxerr:
	ASN1error(ASN1_R_AUX_ERROR);
	ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG
	if (it->sname)
		CRYPTO_pop_info();
#endif
	return 0;

240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
		break;
	}
}

int
ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
	int ret;

	if (tt->flags & ASN1_TFLG_OPTIONAL) {
		asn1_template_clear(pval, tt);
		return 1;
	}
	/* If ANY DEFINED BY nothing to do */







|







240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
		break;
	}
}

int
ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
	const ASN1_ITEM *it = tt->item;
	int ret;

	if (tt->flags & ASN1_TFLG_OPTIONAL) {
		asn1_template_clear(pval, tt);
		return 1;
	}
	/* If ANY DEFINED BY nothing to do */
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
		CRYPTO_push_info(tt->field_name);
#endif
	/* If SET OF or SEQUENCE OF, its a STACK */
	if (tt->flags & ASN1_TFLG_SK_MASK) {
		STACK_OF(ASN1_VALUE) *skval;
		skval = sk_ASN1_VALUE_new_null();
		if (!skval) {
			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
			ret = 0;
			goto done;
		}
		*pval = (ASN1_VALUE *)skval;
		ret = 1;
		goto done;
	}







|







262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
		CRYPTO_push_info(tt->field_name);
#endif
	/* If SET OF or SEQUENCE OF, its a STACK */
	if (tt->flags & ASN1_TFLG_SK_MASK) {
		STACK_OF(ASN1_VALUE) *skval;
		skval = sk_ASN1_VALUE_new_null();
		if (!skval) {
			ASN1error(ERR_R_MALLOC_FAILURE);
			ret = 0;
			goto done;
		}
		*pval = (ASN1_VALUE *)skval;
		ret = 1;
		goto done;
	}
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
static void
asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
	/* If ADB or STACK just NULL the field */
	if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK))
		*pval = NULL;
	else
		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
}


/* NB: could probably combine most of the real XXX_new() behaviour and junk
 * all the old functions.
 */








|







287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
static void
asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
	/* If ADB or STACK just NULL the field */
	if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK))
		*pval = NULL;
	else
		asn1_item_clear(pval, tt->item);
}


/* NB: could probably combine most of the real XXX_new() behaviour and junk
 * all the old functions.
 */

Changes to jni/libressl/crypto/asn1/tasn_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_prn.c,v 1.13 2015/02/14 15:15:27 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_prn.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

ASN1_PCTX *
ASN1_PCTX_new(void)
{
	ASN1_PCTX *ret;
	ret = malloc(sizeof(ASN1_PCTX));
	if (ret == NULL) {
		ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->flags = 0;
	ret->nm_flags = 0;
	ret->cert_flags = 0;
	ret->oid_flags = 0;
	ret->str_flags = 0;







|







83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

ASN1_PCTX *
ASN1_PCTX_new(void)
{
	ASN1_PCTX *ret;
	ret = malloc(sizeof(ASN1_PCTX));
	if (ret == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->flags = 0;
	ret->nm_flags = 0;
	ret->cert_flags = 0;
	ret->oid_flags = 0;
	ret->str_flags = 0;
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
    const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
{
	int i, flags;
	const char *sname, *fname;

	flags = tt->flags;
	if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
		sname = ASN1_ITEM_ptr(tt->item)->sname;
	else
		sname = NULL;
	if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
		fname = NULL;
	else
		fname = tt->field_name;
	if (flags & ASN1_TFLG_SK_MASK) {







|







335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
    const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
{
	int i, flags;
	const char *sname, *fname;

	flags = tt->flags;
	if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
		sname = tt->item->sname;
	else
		sname = NULL;
	if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
		fname = NULL;
	else
		fname = tt->field_name;
	if (flags & ASN1_TFLG_SK_MASK) {
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
		}
		stack = (STACK_OF(ASN1_VALUE) *)*fld;
		for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
			if ((i > 0) && (BIO_puts(out, "\n") <= 0))
				return 0;
			skitem = sk_ASN1_VALUE_value(stack, i);
			if (!asn1_item_print_ctx(out, &skitem, indent + 2,
			    ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx))
				return 0;
		}
		if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
			return 0;
		if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
			if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
				return 0;
		}
		return 1;
	}
	return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
	    fname, sname, 0, pctx);
}

static int
asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname,
    const ASN1_PCTX *pctx)
{







|










|







367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
		}
		stack = (STACK_OF(ASN1_VALUE) *)*fld;
		for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
			if ((i > 0) && (BIO_puts(out, "\n") <= 0))
				return 0;
			skitem = sk_ASN1_VALUE_value(stack, i);
			if (!asn1_item_print_ctx(out, &skitem, indent + 2,
			    tt->item, NULL, NULL, 1, pctx))
				return 0;
		}
		if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
			return 0;
		if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
			if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
				return 0;
		}
		return 1;
	}
	return asn1_item_print_ctx(out, fld, indent, tt->item,
	    fname, sname, 0, pctx);
}

static int
asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname,
    const ASN1_PCTX *pctx)
{
Changes to jni/libressl/crypto/asn1/tasn_typ.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_typ.c,v 1.12 2015/07/24 13:49:58 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_typ.c,v 1.13 2015/07/24 15:09:52 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/tasn_utl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_utl.c,v 1.10 2014/06/12 15:49:27 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tasn_utl.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
271
272
273
274
275
276
277
278
279
280
281
	if (!adb->default_tt)
		goto err;
	return adb->default_tt;

err:
	/* FIXME: should log the value or OID of unsupported type */
	if (nullerr)
		ASN1err(ASN1_F_ASN1_DO_ADB,
		    ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
	return NULL;
}







<
|


271
272
273
274
275
276
277

278
279
280
	if (!adb->default_tt)
		goto err;
	return adb->default_tt;

err:
	/* FIXME: should log the value or OID of unsupported type */
	if (nullerr)

		ASN1error(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
	return NULL;
}
Changes to jni/libressl/crypto/asn1/x_algor.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_algor.c,v 1.20 2015/02/11 04:00:39 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_algor.c,v 1.21 2015/07/24 15:09:52 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/x_attrib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_attrib.c,v 1.12 2015/02/10 05:25:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_attrib.c,v 1.13 2015/02/14 14:56:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/x_bignum.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_bignum.c,v 1.7 2014/07/12 16:42:47 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_bignum.c,v 1.8 2015/07/25 17:07:17 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/x_crl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_crl.c,v 1.24 2015/02/11 04:00:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_crl.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
{
	X509_CRL_INFO *inf;

	inf = crl->crl;
	if (!inf->revoked)
		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
	if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	inf->enc.modified = 1;
	return 1;
}

int







|







531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
{
	X509_CRL_INFO *inf;

	inf = crl->crl;
	if (!inf->revoked)
		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
	if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	inf->enc.modified = 1;
	return 1;
}

int
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
		    X509_get_serialNumber(x), X509_get_issuer_name(x));
	return 0;
}

static int
def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
{
	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
	    crl->sig_alg, crl->signature, crl->crl, r));
}

static int
crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
{
	int i;







|







567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
		    X509_get_serialNumber(x), X509_get_issuer_name(x));
	return 0;
}

static int
def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
{
	return(ASN1_item_verify(&X509_CRL_INFO_it,
	    crl->sig_alg, crl->signature, crl->crl, r));
}

static int
crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
{
	int i;
Changes to jni/libressl/crypto/asn1/x_exten.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_exten.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_exten.c,v 1.16 2015/07/24 15:09:52 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/x_info.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_info.c,v 1.15 2015/02/10 11:22:21 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_info.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
X509_INFO *
X509_INFO_new(void)
{
	X509_INFO *ret = NULL;

	ret = malloc(sizeof(X509_INFO));
	if (ret == NULL) {
		ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ret->enc_cipher.cipher = NULL;
	ret->enc_len = 0;
	ret->enc_data = NULL;








|







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
X509_INFO *
X509_INFO_new(void)
{
	X509_INFO *ret = NULL;

	ret = malloc(sizeof(X509_INFO));
	if (ret == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ret->enc_cipher.cipher = NULL;
	ret->enc_len = 0;
	ret->enc_data = NULL;

Changes to jni/libressl/crypto/asn1/x_long.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_long.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_long.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
    char *free_cont, const ASN1_ITEM *it)
{
	int neg, i;
	long ltmp;
	unsigned long utmp = 0;
	char *cp = (char *)pval;
	if (len > (int)sizeof(long)) {
		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
		return 0;
	}
	/* Is it negative? */
	if (len && (cont[0] & 0x80))
		neg = 1;
	else
		neg = 0;







|







169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
    char *free_cont, const ASN1_ITEM *it)
{
	int neg, i;
	long ltmp;
	unsigned long utmp = 0;
	char *cp = (char *)pval;
	if (len > (int)sizeof(long)) {
		ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
		return 0;
	}
	/* Is it negative? */
	if (len && (cont[0] & 0x80))
		neg = 1;
	else
		neg = 0;
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
	}
	ltmp = (long)utmp;
	if (neg) {
		ltmp++;
		ltmp = -ltmp;
	}
	if (ltmp == it->size) {
		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
		return 0;
	}
	memcpy(cp, &ltmp, sizeof(long));
	return 1;
}

static int
long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
    const ASN1_PCTX *pctx)
{
	return BIO_printf(out, "%ld\n", *(long *)pval);
}







|












191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
	}
	ltmp = (long)utmp;
	if (neg) {
		ltmp++;
		ltmp = -ltmp;
	}
	if (ltmp == it->size) {
		ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
		return 0;
	}
	memcpy(cp, &ltmp, sizeof(long));
	return 1;
}

static int
long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
    const ASN1_PCTX *pctx)
{
	return BIO_printf(out, "%ld\n", *(long *)pval);
}
Changes to jni/libressl/crypto/asn1/x_name.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_name.c,v 1.30 2015/07/15 17:41:56 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_name.c,v 1.33 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
	ret->canon_enc = NULL;
	ret->canon_enclen = 0;
	ret->modified = 1;
	*val = (ASN1_VALUE *)ret;
	return 1;

memerr:
	ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
	if (ret) {
		if (ret->entries)
			sk_X509_NAME_ENTRY_free(ret->entries);
		free(ret);
	}
	return 0;
}







|







253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
	ret->canon_enc = NULL;
	ret->canon_enclen = 0;
	ret->modified = 1;
	*val = (ASN1_VALUE *)ret;
	return 1;

memerr:
	ASN1error(ERR_R_MALLOC_FAILURE);
	if (ret) {
		if (ret->entries)
			sk_X509_NAME_ENTRY_free(ret->entries);
		free(ret);
	}
	return 0;
}
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
	int i, j, ret;
	STACK_OF(X509_NAME_ENTRY) *entries;
	X509_NAME_ENTRY *entry;
	q = p;

	/* Get internal representation of Name */
	ret = ASN1_item_ex_d2i(&intname.a, &p, len,
	    ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx);

	if (ret <= 0)
		return ret;

	if (*val)
		x509_name_ex_free(val, NULL);
	if (!x509_name_ex_new(&nm.a, NULL))







|







298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
	int i, j, ret;
	STACK_OF(X509_NAME_ENTRY) *entries;
	X509_NAME_ENTRY *entry;
	q = p;

	/* Get internal representation of Name */
	ret = ASN1_item_ex_d2i(&intname.a, &p, len,
	    &X509_NAME_INTERNAL_it, tag, aclass, opt, ctx);

	if (ret <= 0)
		return ret;

	if (*val)
		x509_name_ex_free(val, NULL);
	if (!x509_name_ex_new(&nm.a, NULL))
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
	*val = nm.a;
	*in = p;
	return ret;

err:
	if (nm.x != NULL)
		X509_NAME_free(nm.x);
	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
	return 0;
}

static int
x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
    int tag, int aclass)
{







|







335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
	*val = nm.a;
	*in = p;
	return ret;

err:
	if (nm.x != NULL)
		X509_NAME_free(nm.x);
	ASN1error(ERR_R_NESTED_ASN1_ERROR);
	return 0;
}

static int
x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
    int tag, int aclass)
{
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
			set = entry->set;
		}
		if (entries == NULL /* if entry->set is bogusly -1 */ ||
		    !sk_X509_NAME_ENTRY_push(entries, entry))
			goto memerr;
	}
	len = ASN1_item_ex_i2d(&intname.a, NULL,
	    ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
	if (!BUF_MEM_grow(a->bytes, len))
		goto memerr;
	p = (unsigned char *)a->bytes->data;
	ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
	    -1, -1);
	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
	    local_sk_X509_NAME_ENTRY_free);
	a->modified = 0;
	return len;

memerr:
	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
	    local_sk_X509_NAME_ENTRY_free);
	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
	return -1;
}

static int
x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
    const ASN1_PCTX *pctx)
{







|



|









|







406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
			set = entry->set;
		}
		if (entries == NULL /* if entry->set is bogusly -1 */ ||
		    !sk_X509_NAME_ENTRY_push(entries, entry))
			goto memerr;
	}
	len = ASN1_item_ex_i2d(&intname.a, NULL,
	    &X509_NAME_INTERNAL_it, -1, -1);
	if (!BUF_MEM_grow(a->bytes, len))
		goto memerr;
	p = (unsigned char *)a->bytes->data;
	ASN1_item_ex_i2d(&intname.a, &p, &X509_NAME_INTERNAL_it,
	    -1, -1);
	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
	    local_sk_X509_NAME_ENTRY_free);
	a->modified = 0;
	return len;

memerr:
	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
	    local_sk_X509_NAME_ENTRY_free);
	ASN1error(ERR_R_MALLOC_FAILURE);
	return -1;
}

static int
x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
    const ASN1_PCTX *pctx)
{
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
	ASN1_VALUE *v;
	STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;

	len = 0;
	for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
		v = sk_ASN1_VALUE_value(intname, i);
		ltmp = ASN1_item_ex_i2d(&v, in,
		    ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
		if (ltmp < 0)
			return ltmp;
		len += ltmp;
	}
	return len;
}








|







611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
	ASN1_VALUE *v;
	STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;

	len = 0;
	for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
		v = sk_ASN1_VALUE_value(intname, i);
		ltmp = ASN1_item_ex_i2d(&v, in,
		    &X509_NAME_ENTRIES_it, -1, -1);
		if (ltmp < 0)
			return ltmp;
		len += ltmp;
	}
	return len;
}

Changes to jni/libressl/crypto/asn1/x_nx509.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_nx509.c,v 1.5 2015/02/11 03:39:51 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_nx509.c,v 1.6 2015/02/11 04:00:39 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/asn1/x_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_pkey.c,v 1.18 2015/07/27 12:53:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_pkey.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

X509_PKEY *
X509_PKEY_new(void)
{
	X509_PKEY *ret = NULL;

	if ((ret = malloc(sizeof(X509_PKEY))) == NULL) {
		ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ret->version = 0;
	if ((ret->enc_algor = X509_ALGOR_new()) == NULL) {
		ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) {
		ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ret->dec_pkey = NULL;
	ret->key_length = 0;
	ret->key_data = NULL;
	ret->key_free = 0;
	ret->cipher.cipher = NULL;







|




|



|







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

X509_PKEY *
X509_PKEY_new(void)
{
	X509_PKEY *ret = NULL;

	if ((ret = malloc(sizeof(X509_PKEY))) == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ret->version = 0;
	if ((ret->enc_algor = X509_ALGOR_new()) == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ret->dec_pkey = NULL;
	ret->key_length = 0;
	ret->key_data = NULL;
	ret->key_free = 0;
	ret->cipher.cipher = NULL;
Changes to jni/libressl/crypto/asn1/x_pubkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_pubkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_pubkey.c,v 1.26 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
		return (0);
	if ((pk = X509_PUBKEY_new()) == NULL)
		goto error;

	if (pkey->ameth) {
		if (pkey->ameth->pub_encode) {
			if (!pkey->ameth->pub_encode(pk, pkey)) {
				X509err(X509_F_X509_PUBKEY_SET,
				    X509_R_PUBLIC_KEY_ENCODE_ERROR);
				goto error;
			}
		} else {
			X509err(X509_F_X509_PUBKEY_SET,
			    X509_R_METHOD_NOT_SUPPORTED);
			goto error;
		}
	} else {
		X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
		goto error;
	}

	if (*x != NULL)
		X509_PUBKEY_free(*x);

	*x = pk;







<
|



<
|



|







145
146
147
148
149
150
151

152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
		return (0);
	if ((pk = X509_PUBKEY_new()) == NULL)
		goto error;

	if (pkey->ameth) {
		if (pkey->ameth->pub_encode) {
			if (!pkey->ameth->pub_encode(pk, pkey)) {

				X509error(X509_R_PUBLIC_KEY_ENCODE_ERROR);
				goto error;
			}
		} else {

			X509error(X509_R_METHOD_NOT_SUPPORTED);
			goto error;
		}
	} else {
		X509error(X509_R_UNSUPPORTED_ALGORITHM);
		goto error;
	}

	if (*x != NULL)
		X509_PUBKEY_free(*x);

	*x = pk;
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
		return key->pkey;
	}

	if (key->public_key == NULL)
		goto error;

	if ((ret = EVP_PKEY_new()) == NULL) {
		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
		goto error;
	}

	if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
		X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
		goto error;
	}

	if (ret->ameth->pub_decode) {
		if (!ret->ameth->pub_decode(ret, key)) {
			X509err(X509_F_X509_PUBKEY_GET,
			    X509_R_PUBLIC_KEY_DECODE_ERROR);
			goto error;
		}
	} else {
		X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
		goto error;
	}

	/* Check to see if another thread set key->pkey first */
	CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
	if (key->pkey) {
		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);







|




|





<
|



|







187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

205
206
207
208
209
210
211
212
213
214
215
216
		return key->pkey;
	}

	if (key->public_key == NULL)
		goto error;

	if ((ret = EVP_PKEY_new()) == NULL) {
		X509error(ERR_R_MALLOC_FAILURE);
		goto error;
	}

	if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
		X509error(X509_R_UNSUPPORTED_ALGORITHM);
		goto error;
	}

	if (ret->ameth->pub_decode) {
		if (!ret->ameth->pub_decode(ret, key)) {

			X509error(X509_R_PUBLIC_KEY_DECODE_ERROR);
			goto error;
		}
	} else {
		X509error(X509_R_METHOD_NOT_SUPPORTED);
		goto error;
	}

	/* Check to see if another thread set key->pkey first */
	CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
	if (key->pkey) {
		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)
		return 0;
	pktmp = EVP_PKEY_new();
	if (!pktmp) {
		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	EVP_PKEY_set1_RSA(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return ret;
}







|







297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)
		return 0;
	pktmp = EVP_PKEY_new();
	if (!pktmp) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	EVP_PKEY_set1_RSA(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return ret;
}
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)
		return 0;
	pktmp = EVP_PKEY_new();
	if (!pktmp) {
		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	EVP_PKEY_set1_DSA(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return ret;
}







|







339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)
		return 0;
	pktmp = EVP_PKEY_new();
	if (!pktmp) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	EVP_PKEY_set1_DSA(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return ret;
}
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)
		return (0);
	if ((pktmp = EVP_PKEY_new()) == NULL) {
		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	EVP_PKEY_set1_EC_KEY(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return (ret);
}







|







380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)
		return (0);
	if ((pktmp = EVP_PKEY_new()) == NULL) {
		ASN1error(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	EVP_PKEY_set1_EC_KEY(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return (ret);
}
Changes to jni/libressl/crypto/asn1/x_req.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_req.c,v 1.14 2015/02/11 03:39:51 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_req.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/x_sig.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_sig.c,v 1.10 2015/02/11 03:39:51 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_sig.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/x_spki.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_spki.c,v 1.10 2015/02/11 03:39:51 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_spki.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/x_val.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_val.c,v 1.10 2015/02/11 03:39:51 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_val.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/x_x509.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_x509.c,v 1.23 2015/02/11 04:00:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_x509.c,v 1.24 2015/03/19 14:00:22 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/asn1/x_x509a.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_x509a.c,v 1.13 2015/02/11 04:00:39 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_x509a.c,v 1.14 2015/02/14 15:28:39 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/bf/bf_cfb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_cfb64.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_cfb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bf/bf_ecb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_ecb.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_ecb.c,v 1.6 2014/07/09 11:10:50 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bf/bf_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_enc.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bf/bf_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_locl.h,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bf/bf_ofb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_ofb64.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_ofb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bf/bf_pi.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_pi.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
51
52
53
54
55
56
57


58
59
60
61
62
63
64
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */



static const BF_KEY bf_init= {
	{
	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,







>
>







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

__BEGIN_HIDDEN_DECLS

static const BF_KEY bf_init= {
	{
	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
319
320
321
322
323
324
325

	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
	}
	};









>
321
322
323
324
325
326
327
328
	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
	}
	};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/bf/bf_skey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_skey.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bio/b_dump.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: b_dump.c,v 1.20 2014/11/11 19:26:12 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: b_dump.c,v 1.21 2015/04/23 06:11:19 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bio/b_posix.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: b_sock.c,v 1.58 2014/10/13 02:49:53 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: b_posix.c,v 1.1 2014/12/03 22:14:38 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bio/b_print.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: b_print.c,v 1.24 2014/06/11 15:40:52 jsing Exp $ */

/* Theo de Raadt places this file in the public domain. */

#include <openssl/bio.h>

int
BIO_printf(BIO *bio, const char *format, ...)
|







1
2
3
4
5
6
7
8
/* $OpenBSD: b_print.c,v 1.25 2014/06/12 15:49:28 deraadt Exp $ */

/* Theo de Raadt places this file in the public domain. */

#include <openssl/bio.h>

int
BIO_printf(BIO *bio, const char *format, ...)
Changes to jni/libressl/crypto/bio/b_sock.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: b_sock.c,v 1.60 2014/12/03 21:55:51 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: b_sock.c,v 1.63 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
	if (inet_pton(AF_INET, str, ip) == 1)
		return (1);

	/* do a gethostbyname */
	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
	he = BIO_gethostbyname(str);
	if (he == NULL) {
		BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP);
		goto err;
	}

	if (he->h_addrtype != AF_INET) {
		BIOerr(BIO_F_BIO_GET_HOST_IP,
		    BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
		goto err;
	}
	for (i = 0; i < 4; i++)
		ip[i] = he->h_addr_list[0][i];
	err = 0;

err:







|




<
|







85
86
87
88
89
90
91
92
93
94
95
96

97
98
99
100
101
102
103
104
	if (inet_pton(AF_INET, str, ip) == 1)
		return (1);

	/* do a gethostbyname */
	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
	he = BIO_gethostbyname(str);
	if (he == NULL) {
		BIOerror(BIO_R_BAD_HOSTNAME_LOOKUP);
		goto err;
	}

	if (he->h_addrtype != AF_INET) {

		BIOerror(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
		goto err;
	}
	for (i = 0; i < 4; i++)
		ip[i] = he->h_addr_list[0][i];
	err = 0;

err:
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

167
168
169
170
171
172
173
174
175
176
177
178
179
180
{
	struct addrinfo *res = NULL;
	struct addrinfo hints = {
		.ai_family = AF_UNSPEC,
		.ai_socktype = SOCK_STREAM,
		.ai_flags = AI_PASSIVE,
	};
	long port;
	char *ep;

	if (str == NULL) {
		BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_SPECIFIED);
		return (0);
	}

	errno = 0;
	port = strtol(str, &ep, 10);
	if (str[0] != '\0' && *ep == '\0') {
		if (errno == ERANGE && (port == LONG_MAX || port == LONG_MIN)) {
			BIOerr(BIO_F_BIO_GET_PORT, BIO_R_INVALID_PORT_NUMBER);
			return (0);
		}
		if (port < 0 || port > 65535) {
			BIOerr(BIO_F_BIO_GET_PORT, BIO_R_INVALID_PORT_NUMBER);
			return (0);
		}
		goto done;
	}

	if (getaddrinfo(NULL, str, &hints, &res) == 0) {
		port = ntohs(((struct sockaddr_in *)(res->ai_addr))->sin_port);
		goto done;
	}

	if (strcmp(str, "http") == 0)
		port = 80;
	else if (strcmp(str, "telnet") == 0)
		port = 23;
	else if (strcmp(str, "socks") == 0)
		port = 1080;
	else if (strcmp(str, "https") == 0)
		port = 443;
	else if (strcmp(str, "ssl") == 0)
		port = 443;
	else if (strcmp(str, "ftp") == 0)
		port = 21;
	else if (strcmp(str, "gopher") == 0)
		port = 70;
	else {
		SYSerr(SYS_F_GETSERVBYNAME, errno);
		ERR_asprintf_error_data("service='%s'", str);

		return (0);
	}

done:
	if (res)
		freeaddrinfo(res);
	*port_ptr = (unsigned short)port;
	return (1);
}

int
BIO_sock_error(int sock)
{
	socklen_t len;







|
<


|



<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
>


|
<
<
|
<







115
116
117
118
119
120
121
122

123
124
125
126
127
128














129




















130
131
132
133
134


135

136
137
138
139
140
141
142
{
	struct addrinfo *res = NULL;
	struct addrinfo hints = {
		.ai_family = AF_UNSPEC,
		.ai_socktype = SOCK_STREAM,
		.ai_flags = AI_PASSIVE,
	};
	int error;


	if (str == NULL) {
		BIOerror(BIO_R_NO_PORT_SPECIFIED);
		return (0);
	}















	if ((error = getaddrinfo(NULL, str, &hints, &res)) != 0) {




















		ERR_asprintf_error_data("getaddrinfo: service='%s' : %s'", str,
		    gai_strerror(error));
		return (0);
	}
	*port_ptr = ntohs(((struct sockaddr_in *)(res->ai_addr))->sin_port);


	freeaddrinfo(res);

	return (1);
}

int
BIO_sock_error(int sock)
{
	socklen_t len;
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
int
BIO_socket_ioctl(int fd, long type, void *arg)
{
	int ret;

	ret = ioctl(fd, type, arg);
	if (ret < 0)
		SYSerr(SYS_F_IOCTLSOCKET, errno);
	return (ret);
}

int
BIO_get_accept_socket(char *host, int bind_mode)
{
	int ret = 0;







|







157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
int
BIO_socket_ioctl(int fd, long type, void *arg)
{
	int ret;

	ret = ioctl(fd, type, arg);
	if (ret < 0)
		SYSerror(errno);
	return (ret);
}

int
BIO_get_accept_socket(char *host, int bind_mode)
{
	int ret = 0;
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
		    ((unsigned long)ip[3]);
		server.sa_in.sin_addr.s_addr = htonl(l);
	}

again:
	s = socket(server.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
	if (s == -1) {
		SYSerr(SYS_F_SOCKET, errno);
		ERR_asprintf_error_data("port='%s'", host);
		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,
		    BIO_R_UNABLE_TO_CREATE_SOCKET);
		goto err;
	}

	if (bind_mode == BIO_BIND_REUSEADDR) {
		int i = 1;

		ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));







|

<
|







253
254
255
256
257
258
259
260
261

262
263
264
265
266
267
268
269
		    ((unsigned long)ip[3]);
		server.sa_in.sin_addr.s_addr = htonl(l);
	}

again:
	s = socket(server.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
	if (s == -1) {
		SYSerror(errno);
		ERR_asprintf_error_data("port='%s'", host);

		BIOerror(BIO_R_UNABLE_TO_CREATE_SOCKET);
		goto err;
	}

	if (bind_mode == BIO_BIND_REUSEADDR) {
		int i = 1;

		ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
					close(s);
					goto again;
				}
				/* else error */
			}
			/* else error */
		}
		SYSerr(SYS_F_BIND, err_num);
		ERR_asprintf_error_data("port='%s'", host);
		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,
		    BIO_R_UNABLE_TO_BIND_SOCKET);
		goto err;
	}
	if (listen(s, SOMAXCONN) == -1) {
		SYSerr(SYS_F_BIND, errno);
		ERR_asprintf_error_data("port='%s'", host);
		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,
		    BIO_R_UNABLE_TO_LISTEN_SOCKET);
		goto err;
	}
	ret = 1;
err:
	free(str);
	if ((ret == 0) && (s != -1)) {
		close(s);







|

<
|



|

<
|







295
296
297
298
299
300
301
302
303

304
305
306
307
308
309

310
311
312
313
314
315
316
317
					close(s);
					goto again;
				}
				/* else error */
			}
			/* else error */
		}
		SYSerror(err_num);
		ERR_asprintf_error_data("port='%s'", host);

		BIOerror(BIO_R_UNABLE_TO_BIND_SOCKET);
		goto err;
	}
	if (listen(s, SOMAXCONN) == -1) {
		SYSerror(errno);
		ERR_asprintf_error_data("port='%s'", host);

		BIOerror(BIO_R_UNABLE_TO_LISTEN_SOCKET);
		goto err;
	}
	ret = 1;
err:
	free(str);
	if ((ret == 0) && (s != -1)) {
		close(s);
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395

	sa.len = sizeof(sa.from);
	memset(&sa.from, 0, sizeof(sa.from));
	ret = accept(sock, &sa.from.sa, &sa.len);
	if (ret == -1) {
		if (BIO_sock_should_retry(ret))
			return -2;
		SYSerr(SYS_F_ACCEPT, errno);
		BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
		goto end;
	}

	if (addr == NULL)
		goto end;

	do {







|
|







339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354

	sa.len = sizeof(sa.from);
	memset(&sa.from, 0, sizeof(sa.from));
	ret = accept(sock, &sa.from.sa, &sa.len);
	if (ret == -1) {
		if (BIO_sock_should_retry(ret))
			return -2;
		SYSerror(errno);
		BIOerror(BIO_R_ACCEPT_ERROR);
		goto end;
	}

	if (addr == NULL)
		goto end;

	do {
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
		if (p)
			*p = '\0';
		if (!(tmp = realloc(p, nl))) {
			close(ret);
			ret = -1;
			free(p);
			*addr = NULL;
			BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
			goto end;
		}
		p = tmp;
		*addr = p;
		snprintf(*addr, nl, "%s:%s", h, s);
		goto end;
	} while (0);
	if (sa.from.sa.sa_family != AF_INET)
		goto end;
	l = ntohl(sa.from.sa_in.sin_addr.s_addr);
	port = ntohs(sa.from.sa_in.sin_port);
	if (*addr == NULL) {
		if ((p = malloc(24)) == NULL) {
			close(ret);
			ret = -1;
			BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
			goto end;
		}
		*addr = p;
	}
	snprintf(*addr, 24, "%d.%d.%d.%d:%d",
	    (unsigned char)(l >> 24L) & 0xff, (unsigned char)(l >> 16L) & 0xff,
	    (unsigned char)(l >> 8L) & 0xff, (unsigned char)(l) & 0xff, port);







|















|







363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
		if (p)
			*p = '\0';
		if (!(tmp = realloc(p, nl))) {
			close(ret);
			ret = -1;
			free(p);
			*addr = NULL;
			BIOerror(ERR_R_MALLOC_FAILURE);
			goto end;
		}
		p = tmp;
		*addr = p;
		snprintf(*addr, nl, "%s:%s", h, s);
		goto end;
	} while (0);
	if (sa.from.sa.sa_family != AF_INET)
		goto end;
	l = ntohl(sa.from.sa_in.sin_addr.s_addr);
	port = ntohs(sa.from.sa_in.sin_port);
	if (*addr == NULL) {
		if ((p = malloc(24)) == NULL) {
			close(ret);
			ret = -1;
			BIOerror(ERR_R_MALLOC_FAILURE);
			goto end;
		}
		*addr = p;
	}
	snprintf(*addr, 24, "%d.%d.%d.%d:%d",
	    (unsigned char)(l >> 24L) & 0xff, (unsigned char)(l >> 16L) & 0xff,
	    (unsigned char)(l >> 8L) & 0xff, (unsigned char)(l) & 0xff, port);
Changes to jni/libressl/crypto/bio/b_win.c.
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
	 */
	static struct WSAData wsa_state = {0};
	WORD version_requested = MAKEWORD(2, 2);
	static int wsa_init_done = 0;
	if (!wsa_init_done) {
		if (WSAStartup(version_requested, &wsa_state) != 0) {
			int err = WSAGetLastError();
			SYSerr(SYS_F_WSASTARTUP, err);
			BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
			return (-1);
		}
		wsa_init_done = 1;
	}
 	return (1);
}








|
|







19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
	 */
	static struct WSAData wsa_state = {0};
	WORD version_requested = MAKEWORD(2, 2);
	static int wsa_init_done = 0;
	if (!wsa_init_done) {
		if (WSAStartup(version_requested, &wsa_state) != 0) {
			int err = WSAGetLastError();
			SYSerror(err);
			BIOerror(BIO_R_WSASTARTUP);
			return (-1);
		}
		wsa_init_done = 1;
	}
 	return (1);
}

Changes to jni/libressl/crypto/bio/bf_buff.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_buff.c,v 1.22 2015/07/19 01:18:17 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_buff.c,v 1.24 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
		if (b->next_bio == NULL)
			return (0);
		ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
		break;
	}
	return (ret);
malloc_error:
	BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
	return (0);
}

static long
buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
{
	long ret = 1;







|







441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
		if (b->next_bio == NULL)
			return (0);
		ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
		break;
	}
	return (ret);
malloc_error:
	BIOerror(ERR_R_MALLOC_FAILURE);
	return (0);
}

static long
buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
{
	long ret = 1;
Changes to jni/libressl/crypto/bio/bf_nbio.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_nbio.c,v 1.18 2014/10/22 13:02:03 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_nbio.c,v 1.19 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bio/bf_null.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bf_null.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bf_null.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bio/bio_cb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_cb.c,v 1.15 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_cb.c,v 1.16 2014/12/08 03:54:19 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bio/bio_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_err.c,v 1.15 2014/06/22 14:41:10 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_err.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)

static ERR_STRING_DATA BIO_str_functs[] = {
	{ERR_FUNC(BIO_F_ACPT_STATE),	"ACPT_STATE"},
	{ERR_FUNC(BIO_F_BIO_ACCEPT),	"BIO_accept"},
	{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),	"BIO_BER_GET_HEADER"},
	{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL),	"BIO_callback_ctrl"},
	{ERR_FUNC(BIO_F_BIO_CTRL),	"BIO_ctrl"},
	{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),	"BIO_gethostbyname"},
	{ERR_FUNC(BIO_F_BIO_GETS),	"BIO_gets"},
	{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET),	"BIO_get_accept_socket"},
	{ERR_FUNC(BIO_F_BIO_GET_HOST_IP),	"BIO_get_host_ip"},
	{ERR_FUNC(BIO_F_BIO_GET_PORT),	"BIO_get_port"},
	{ERR_FUNC(BIO_F_BIO_MAKE_PAIR),	"BIO_MAKE_PAIR"},
	{ERR_FUNC(BIO_F_BIO_NEW),	"BIO_new"},
	{ERR_FUNC(BIO_F_BIO_NEW_FILE),	"BIO_new_file"},
	{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF),	"BIO_new_mem_buf"},
	{ERR_FUNC(BIO_F_BIO_NREAD),	"BIO_nread"},
	{ERR_FUNC(BIO_F_BIO_NREAD0),	"BIO_nread0"},
	{ERR_FUNC(BIO_F_BIO_NWRITE),	"BIO_nwrite"},
	{ERR_FUNC(BIO_F_BIO_NWRITE0),	"BIO_nwrite0"},
	{ERR_FUNC(BIO_F_BIO_PUTS),	"BIO_puts"},
	{ERR_FUNC(BIO_F_BIO_READ),	"BIO_read"},
	{ERR_FUNC(BIO_F_BIO_SOCK_INIT),	"BIO_sock_init"},
	{ERR_FUNC(BIO_F_BIO_WRITE),	"BIO_write"},
	{ERR_FUNC(BIO_F_BUFFER_CTRL),	"BUFFER_CTRL"},
	{ERR_FUNC(BIO_F_CONN_CTRL),	"CONN_CTRL"},
	{ERR_FUNC(BIO_F_CONN_STATE),	"CONN_STATE"},
	{ERR_FUNC(BIO_F_DGRAM_SCTP_READ),	"DGRAM_SCTP_READ"},
	{ERR_FUNC(BIO_F_FILE_CTRL),	"FILE_CTRL"},
	{ERR_FUNC(BIO_F_FILE_READ),	"FILE_READ"},
	{ERR_FUNC(BIO_F_LINEBUFFER_CTRL),	"LINEBUFFER_CTRL"},
	{ERR_FUNC(BIO_F_MEM_READ),	"MEM_READ"},
	{ERR_FUNC(BIO_F_MEM_WRITE),	"MEM_WRITE"},
	{ERR_FUNC(BIO_F_SSL_NEW),	"SSL_new"},
	{ERR_FUNC(BIO_F_WSASTARTUP),	"WSASTARTUP"},
	{0, NULL}
};

static ERR_STRING_DATA BIO_str_reasons[] = {
	{ERR_REASON(BIO_R_ACCEPT_ERROR)          , "accept error"},
	{ERR_REASON(BIO_R_BAD_FOPEN_MODE)        , "bad fopen mode"},
	{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP)   , "bad hostname lookup"},







<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74











75





















76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)

static ERR_STRING_DATA BIO_str_functs[] = {











	{ERR_FUNC(0xfff), "CRYPTO_internal"},





















	{0, NULL}
};

static ERR_STRING_DATA BIO_str_reasons[] = {
	{ERR_REASON(BIO_R_ACCEPT_ERROR)          , "accept error"},
	{ERR_REASON(BIO_R_BAD_FOPEN_MODE)        , "bad fopen mode"},
	{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP)   , "bad hostname lookup"},
Changes to jni/libressl/crypto/bio/bio_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_lib.c,v 1.21 2014/07/25 06:05:32 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_lib.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
BIO *
BIO_new(BIO_METHOD *method)
{
	BIO *ret = NULL;

	ret = malloc(sizeof(BIO));
	if (ret == NULL) {
		BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if (!BIO_set(ret, method)) {
		free(ret);
		ret = NULL;
	}
	return (ret);







|







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
BIO *
BIO_new(BIO_METHOD *method)
{
	BIO *ret = NULL;

	ret = malloc(sizeof(BIO));
	if (ret == NULL) {
		BIOerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if (!BIO_set(ret, method)) {
		free(ret);
		ret = NULL;
	}
	return (ret);
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
int
BIO_read(BIO *b, void *out, int outl)
{
	int i;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
		BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;
	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bread(b, out, outl);

	if (i > 0)
		b->num_read += (unsigned long)i;







|









|







196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
int
BIO_read(BIO *b, void *out, int outl)
{
	int i;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
		BIOerror(BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;
	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bread(b, out, outl);

	if (i > 0)
		b->num_read += (unsigned long)i;
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
	long (*cb)(BIO *, int, const char *, int, long, long);

	if (b == NULL)
		return (0);

	cb = b->callback;
	if ((b->method == NULL) || (b->method->bwrite == NULL)) {
		BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bwrite(b, in, inl);

	if (i > 0)
		b->num_write += (unsigned long)i;







|








|







232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
	long (*cb)(BIO *, int, const char *, int, long, long);

	if (b == NULL)
		return (0);

	cb = b->callback;
	if ((b->method == NULL) || (b->method->bwrite == NULL)) {
		BIOerror(BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bwrite(b, in, inl);

	if (i > 0)
		b->num_write += (unsigned long)i;
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
int
BIO_puts(BIO *b, const char *in)
{
	int i;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
		BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bputs(b, in);

	if (i > 0)
		b->num_write += (unsigned long)i;

	if (cb != NULL)
		i = (int)cb(b, BIO_CB_PUTS|BIO_CB_RETURN, in, 0, 0L, (long)i);
	return (i);
}

int
BIO_gets(BIO *b, char *in, int inl)
{
	int i;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
		BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bgets(b, in, inl);

	if (cb != NULL)
		i = (int)cb(b, BIO_CB_GETS|BIO_CB_RETURN, in, inl, 0L, (long)i);







|










|




















|










|







263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
int
BIO_puts(BIO *b, const char *in)
{
	int i;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
		BIOerror(BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bputs(b, in);

	if (i > 0)
		b->num_write += (unsigned long)i;

	if (cb != NULL)
		i = (int)cb(b, BIO_CB_PUTS|BIO_CB_RETURN, in, 0, 0L, (long)i);
	return (i);
}

int
BIO_gets(BIO *b, char *in, int inl)
{
	int i;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
		BIOerror(BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
		return (i);

	if (!b->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return (-2);
	}

	i = b->method->bgets(b, in, inl);

	if (cb != NULL)
		i = (int)cb(b, BIO_CB_GETS|BIO_CB_RETURN, in, inl, 0L, (long)i);
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
	long ret;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if (b == NULL)
		return (0);

	if ((b->method == NULL) || (b->method->ctrl == NULL)) {
		BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))







|







360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
	long ret;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if (b == NULL)
		return (0);

	if ((b->method == NULL) || (b->method->ctrl == NULL)) {
		BIOerror(BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
	long ret;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if (b == NULL)
		return (0);

	if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
		BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))







|







388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
	long ret;
	long (*cb)(BIO *, int, const char *, int, long, long);

	if (b == NULL)
		return (0);

	if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
		BIOerror(BIO_R_UNSUPPORTED_METHOD);
		return (-2);
	}

	cb = b->callback;

	if ((cb != NULL) &&
	    ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))
Changes to jni/libressl/crypto/bio/bss_acpt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_acpt.c,v 1.25 2014/07/25 06:05:32 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_acpt.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
	int s = -1;
	int i;

again:
	switch (c->state) {
	case ACPT_S_BEFORE:
		if (c->param_addr == NULL) {
			BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED);
			return (-1);
		}
		s = BIO_get_accept_socket(c->param_addr, c->bind_mode);
		if (s == -1)
			return (-1);

		if (c->accept_nbio) {
			if (!BIO_socket_nbio(s, 1)) {
				close(s);
				BIOerr(BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
				return (-1);
			}
		}
		c->accept_sock = s;
		b->num = s;
		c->state = ACPT_S_GET_ACCEPT_SOCKET;
		return (1);







|









|







197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
	int s = -1;
	int i;

again:
	switch (c->state) {
	case ACPT_S_BEFORE:
		if (c->param_addr == NULL) {
			BIOerror(BIO_R_NO_ACCEPT_PORT_SPECIFIED);
			return (-1);
		}
		s = BIO_get_accept_socket(c->param_addr, c->bind_mode);
		if (s == -1)
			return (-1);

		if (c->accept_nbio) {
			if (!BIO_socket_nbio(s, 1)) {
				close(s);
				BIOerror(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
				return (-1);
			}
		}
		c->accept_sock = s;
		b->num = s;
		c->state = ACPT_S_GET_ACCEPT_SOCKET;
		return (1);
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
			goto err;

		BIO_set_callback(bio, BIO_get_callback(b));
		BIO_set_callback_arg(bio, BIO_get_callback_arg(b));

		if (c->nbio) {
			if (!BIO_socket_nbio(i, 1)) {
				BIOerr(BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
				goto err;
			}
		}

		/* If the accept BIO has an bio_chain, we dup it and
		 * put the new socket at the end. */
		if (c->bio_chain != NULL) {







|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
			goto err;

		BIO_set_callback(bio, BIO_get_callback(b));
		BIO_set_callback_arg(bio, BIO_get_callback_arg(b));

		if (c->nbio) {
			if (!BIO_socket_nbio(i, 1)) {
				BIOerror(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
				goto err;
			}
		}

		/* If the accept BIO has an bio_chain, we dup it and
		 * put the new socket at the end. */
		if (c->bio_chain != NULL) {
Changes to jni/libressl/crypto/bio/bss_bio.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_bio.c,v 1.21 2015/10/30 15:45:57 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_bio.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
	assert(b != NULL);
	assert(b->peer != NULL);
	assert(b->buf != NULL);

	b->request = 0;
	if (b->closed) {
		/* we already closed */
		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
		return -1;
	}

	assert(b->len <= b->size);

	if (b->len == b->size) {
		BIO_set_retry_write(bio); /* buffer is full */







|







344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
	assert(b != NULL);
	assert(b->peer != NULL);
	assert(b->buf != NULL);

	b->request = 0;
	if (b->closed) {
		/* we already closed */
		BIOerror(BIO_R_BROKEN_PIPE);
		return -1;
	}

	assert(b->len <= b->size);

	if (b->len == b->size) {
		BIO_set_retry_write(bio); /* buffer is full */
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435

	assert(b != NULL);
	assert(b->peer != NULL);
	assert(b->buf != NULL);

	b->request = 0;
	if (b->closed) {
		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
		return -1;
	}

	assert(b->len <= b->size);

	if (b->len == b->size) {
		BIO_set_retry_write(bio);







|







421
422
423
424
425
426
427
428
429
430
431
432
433
434
435

	assert(b != NULL);
	assert(b->peer != NULL);
	assert(b->buf != NULL);

	b->request = 0;
	if (b->closed) {
		BIOerror(BIO_R_BROKEN_PIPE);
		return -1;
	}

	assert(b->len <= b->size);

	if (b->len == b->size) {
		BIO_set_retry_write(bio);
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
	assert(b != NULL);

	switch (cmd) {
		/* specific CTRL codes */

	case BIO_C_SET_WRITE_BUF_SIZE:
		if (b->peer) {
			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
			ret = 0;
		} else if (num == 0) {
			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
			ret = 0;
		} else {
			size_t new_size = num;

			if (b->size != new_size) {
				free(b->buf);
				b->buf = NULL;







|


|







487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
	assert(b != NULL);

	switch (cmd) {
		/* specific CTRL codes */

	case BIO_C_SET_WRITE_BUF_SIZE:
		if (b->peer) {
			BIOerror(BIO_R_IN_USE);
			ret = 0;
		} else if (num == 0) {
			BIOerror(BIO_R_INVALID_ARGUMENT);
			ret = 0;
		} else {
			size_t new_size = num;

			if (b->size != new_size) {
				free(b->buf);
				b->buf = NULL;
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
	assert(bio1 != NULL);
	assert(bio2 != NULL);

	b1 = bio1->ptr;
	b2 = bio2->ptr;

	if (b1->peer != NULL || b2->peer != NULL) {
		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
		return 0;
	}

	if (b1->buf == NULL) {
		b1->buf = malloc(b1->size);
		if (b1->buf == NULL) {
			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		b1->len = 0;
		b1->offset = 0;
	}

	if (b2->buf == NULL) {
		b2->buf = malloc(b2->size);
		if (b2->buf == NULL) {
			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		b2->len = 0;
		b2->offset = 0;
	}

	b1->peer = bio2;







|






|









|







675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
	assert(bio1 != NULL);
	assert(bio2 != NULL);

	b1 = bio1->ptr;
	b2 = bio2->ptr;

	if (b1->peer != NULL || b2->peer != NULL) {
		BIOerror(BIO_R_IN_USE);
		return 0;
	}

	if (b1->buf == NULL) {
		b1->buf = malloc(b1->size);
		if (b1->buf == NULL) {
			BIOerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		b1->len = 0;
		b1->offset = 0;
	}

	if (b2->buf == NULL) {
		b2->buf = malloc(b2->size);
		if (b2->buf == NULL) {
			BIOerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		b2->len = 0;
		b2->offset = 0;
	}

	b1->peer = bio2;
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
 */
int
BIO_nread0(BIO *bio, char **buf)
{
	long ret;

	if (!bio->init) {
		BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
	if (ret > INT_MAX)
		return INT_MAX;
	else
		return (int) ret;
}

int
BIO_nread(BIO *bio, char **buf, int num)
{
	int ret;

	if (!bio->init) {
		BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
	if (ret > 0)
		bio->num_read += ret;
	return ret;
}

int
BIO_nwrite0(BIO *bio, char **buf)
{
	long ret;

	if (!bio->init) {
		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
	if (ret > INT_MAX)
		return INT_MAX;
	else
		return (int) ret;
}

int
BIO_nwrite(BIO *bio, char **buf, int num)
{
	int ret;

	if (!bio->init) {
		BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
	if (ret > 0)
		bio->num_write += ret;
	return ret;
}







|
















|















|
















|








818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
 */
int
BIO_nread0(BIO *bio, char **buf)
{
	long ret;

	if (!bio->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
	if (ret > INT_MAX)
		return INT_MAX;
	else
		return (int) ret;
}

int
BIO_nread(BIO *bio, char **buf, int num)
{
	int ret;

	if (!bio->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
	if (ret > 0)
		bio->num_read += ret;
	return ret;
}

int
BIO_nwrite0(BIO *bio, char **buf)
{
	long ret;

	if (!bio->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
	if (ret > INT_MAX)
		return INT_MAX;
	else
		return (int) ret;
}

int
BIO_nwrite(BIO *bio, char **buf, int num)
{
	int ret;

	if (!bio->init) {
		BIOerror(BIO_R_UNINITIALIZED);
		return -2;
	}

	ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
	if (ret > 0)
		bio->num_write += ret;
	return ret;
}
Changes to jni/libressl/crypto/bio/bss_conn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_conn.c,v 1.31 2014/11/21 18:15:40 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_conn.c,v 1.33 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
		cb = c->info_callback;

	for (;;) {
		switch (c->state) {
		case BIO_CONN_S_BEFORE:
			p = c->param_hostname;
			if (p == NULL) {
				BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED);
				goto exit_loop;
			}
			for (; *p != '\0'; p++) {
				if ((*p == ':') || (*p == '/'))
				break;
			}








|







130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
		cb = c->info_callback;

	for (;;) {
		switch (c->state) {
		case BIO_CONN_S_BEFORE:
			p = c->param_hostname;
			if (p == NULL) {
				BIOerror(BIO_R_NO_HOSTNAME_SPECIFIED);
				goto exit_loop;
			}
			for (; *p != '\0'; p++) {
				if ((*p == ':') || (*p == '/'))
				break;
			}

153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
						}
					free(c->param_port);
					c->param_port = strdup(p);
				}
			}

			if (c->param_port == NULL) {
				BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED);
				ERR_asprintf_error_data("host=%s",
				    c->param_hostname);
				goto exit_loop;
			}
			c->state = BIO_CONN_S_GET_IP;
			break;








|







153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
						}
					free(c->param_port);
					c->param_port = strdup(p);
				}
			}

			if (c->param_port == NULL) {
				BIOerror(BIO_R_NO_PORT_SPECIFIED);
				ERR_asprintf_error_data("host=%s",
				    c->param_hostname);
				goto exit_loop;
			}
			c->state = BIO_CONN_S_GET_IP;
			break;

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
			    ((unsigned long)c->ip[2] << 8L)|
			    ((unsigned long)c->ip[3]);
			c->them.sin_addr.s_addr = htonl(l);
			c->state = BIO_CONN_S_CREATE_SOCKET;

			ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
			if (ret == -1) {
				SYSerr(SYS_F_SOCKET, errno);
				ERR_asprintf_error_data("host=%s:%s",
				    c->param_hostname, c->param_port);
				BIOerr(BIO_F_CONN_STATE,
				    BIO_R_UNABLE_TO_CREATE_SOCKET);
				goto exit_loop;
			}
			b->num = ret;
			c->state = BIO_CONN_S_NBIO;
			break;

		case BIO_CONN_S_NBIO:
			if (c->nbio) {
				if (!BIO_socket_nbio(b->num, 1)) {
					BIOerr(BIO_F_CONN_STATE,
					    BIO_R_ERROR_SETTING_NBIO);
					ERR_asprintf_error_data("host=%s:%s",
					    c->param_hostname, c->param_port);
					goto exit_loop;
				}
			}
			c->state = BIO_CONN_S_CONNECT;

#if defined(SO_KEEPALIVE)
			i = 1;
			i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, &i, sizeof(i));
			if (i < 0) {
				SYSerr(SYS_F_SOCKET, errno);
				ERR_asprintf_error_data("host=%s:%s",
				    c->param_hostname, c->param_port);
				BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE);
				goto exit_loop;
			}
#endif
			break;

		case BIO_CONN_S_CONNECT:
			BIO_clear_retry_flags(b);
			ret = connect(b->num,
			(struct sockaddr *)&c->them,
			sizeof(c->them));
			b->retry_reason = 0;
			if (ret < 0) {
				if (BIO_sock_should_retry(ret)) {
					BIO_set_retry_special(b);
					c->state = BIO_CONN_S_BLOCKED_CONNECT;
					b->retry_reason = BIO_RR_CONNECT;
				} else {
					SYSerr(SYS_F_CONNECT, errno);
					ERR_asprintf_error_data("host=%s:%s",
					    c->param_hostname, c->param_port);
					BIOerr(BIO_F_CONN_STATE,
					    BIO_R_CONNECT_ERROR);
				}
				goto exit_loop;
			} else
				c->state = BIO_CONN_S_OK;
			break;

		case BIO_CONN_S_BLOCKED_CONNECT:
			i = BIO_sock_error(b->num);
			if (i) {
				BIO_clear_retry_flags(b);
				SYSerr(SYS_F_CONNECT, i);
				ERR_asprintf_error_data("host=%s:%s",
				    c->param_hostname, c->param_port);
				BIOerr(BIO_F_CONN_STATE,
				    BIO_R_NBIO_CONNECT_ERROR);
				ret = 0;
				goto exit_loop;
			} else
				c->state = BIO_CONN_S_OK;
			break;

		case BIO_CONN_S_OK:







|


<
|









<
|











|


|

















|


<
|










|


<
|







191
192
193
194
195
196
197
198
199
200

201
202
203
204
205
206
207
208
209
210

211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246

247
248
249
250
251
252
253
254
255
256
257
258
259
260

261
262
263
264
265
266
267
268
			    ((unsigned long)c->ip[2] << 8L)|
			    ((unsigned long)c->ip[3]);
			c->them.sin_addr.s_addr = htonl(l);
			c->state = BIO_CONN_S_CREATE_SOCKET;

			ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
			if (ret == -1) {
				SYSerror(errno);
				ERR_asprintf_error_data("host=%s:%s",
				    c->param_hostname, c->param_port);

				BIOerror(BIO_R_UNABLE_TO_CREATE_SOCKET);
				goto exit_loop;
			}
			b->num = ret;
			c->state = BIO_CONN_S_NBIO;
			break;

		case BIO_CONN_S_NBIO:
			if (c->nbio) {
				if (!BIO_socket_nbio(b->num, 1)) {

					BIOerror(BIO_R_ERROR_SETTING_NBIO);
					ERR_asprintf_error_data("host=%s:%s",
					    c->param_hostname, c->param_port);
					goto exit_loop;
				}
			}
			c->state = BIO_CONN_S_CONNECT;

#if defined(SO_KEEPALIVE)
			i = 1;
			i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, &i, sizeof(i));
			if (i < 0) {
				SYSerror(errno);
				ERR_asprintf_error_data("host=%s:%s",
				    c->param_hostname, c->param_port);
				BIOerror(BIO_R_KEEPALIVE);
				goto exit_loop;
			}
#endif
			break;

		case BIO_CONN_S_CONNECT:
			BIO_clear_retry_flags(b);
			ret = connect(b->num,
			(struct sockaddr *)&c->them,
			sizeof(c->them));
			b->retry_reason = 0;
			if (ret < 0) {
				if (BIO_sock_should_retry(ret)) {
					BIO_set_retry_special(b);
					c->state = BIO_CONN_S_BLOCKED_CONNECT;
					b->retry_reason = BIO_RR_CONNECT;
				} else {
					SYSerror(errno);
					ERR_asprintf_error_data("host=%s:%s",
					    c->param_hostname, c->param_port);

					BIOerror(BIO_R_CONNECT_ERROR);
				}
				goto exit_loop;
			} else
				c->state = BIO_CONN_S_OK;
			break;

		case BIO_CONN_S_BLOCKED_CONNECT:
			i = BIO_sock_error(b->num);
			if (i) {
				BIO_clear_retry_flags(b);
				SYSerror(i);
				ERR_asprintf_error_data("host=%s:%s",
				    c->param_hostname, c->param_port);

				BIOerror(BIO_R_NBIO_CONNECT_ERROR);
				ret = 0;
				goto exit_loop;
			} else
				c->state = BIO_CONN_S_OK;
			break;

		case BIO_CONN_S_OK:
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
			(void)BIO_set_info_callback(dbio,
			    (bio_info_cb *)data->info_callback);
		}
		break;
	case BIO_CTRL_SET_CALLBACK:
		{
#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
			BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			ret = -1;
#else
			ret = 0;
#endif
		}
		break;
	case BIO_CTRL_GET_CALLBACK:







|







525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
			(void)BIO_set_info_callback(dbio,
			    (bio_info_cb *)data->info_callback);
		}
		break;
	case BIO_CTRL_SET_CALLBACK:
		{
#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
			BIOerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			ret = -1;
#else
			ret = 0;
#endif
		}
		break;
	case BIO_CTRL_GET_CALLBACK:
Changes to jni/libressl/crypto/bio/bss_dgram.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_dgram.c,v 1.40 2015/02/09 10:55:33 jsing Exp $ */
/* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_dgram.c,v 1.41 2015/07/20 23:15:28 doug Exp $ */
/* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
Changes to jni/libressl/crypto/bio/bss_fd.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_fd.c,v 1.17 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_fd.c,v 1.18 2015/02/12 03:54:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bio/bss_file.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_file.c,v 1.30 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_file.c,v 1.32 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
{
	BIO  *ret;
	FILE *file = NULL;

	file = fopen(filename, mode);

	if (file == NULL) {
		SYSerr(SYS_F_FOPEN, errno);
		ERR_asprintf_error_data("fopen('%s', '%s')", filename, mode);
		if (errno == ENOENT)
			BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
		else
			BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
		return (NULL);
	}
	if ((ret = BIO_new(BIO_s_file())) == NULL) {
		fclose(file);
		return (NULL);
	}








|


|

|







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
{
	BIO  *ret;
	FILE *file = NULL;

	file = fopen(filename, mode);

	if (file == NULL) {
		SYSerror(errno);
		ERR_asprintf_error_data("fopen('%s', '%s')", filename, mode);
		if (errno == ENOENT)
			BIOerror(BIO_R_NO_SUCH_FILE);
		else
			BIOerror(ERR_R_SYS_LIB);
		return (NULL);
	}
	if ((ret = BIO_new(BIO_s_file())) == NULL) {
		fclose(file);
		return (NULL);
	}

184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
file_read(BIO *b, char *out, int outl)
{
	int ret = 0;

	if (b->init && out != NULL) {
		ret = fread(out, 1, outl, (FILE *)b->ptr);
		if (ret == 0 && ferror((FILE *)b->ptr)) {
			SYSerr(SYS_F_FREAD, errno);
			BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
			ret = -1;
		}
	}
	return (ret);
}

static int







|
|







184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
file_read(BIO *b, char *out, int outl)
{
	int ret = 0;

	if (b->init && out != NULL) {
		ret = fread(out, 1, outl, (FILE *)b->ptr);
		if (ret == 0 && ferror((FILE *)b->ptr)) {
			SYSerror(errno);
			BIOerror(ERR_R_SYS_LIB);
			ret = -1;
		}
	}
	return (ret);
}

static int
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
		} else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
			strlcpy(p, "r+", sizeof p);
		else if (num & BIO_FP_WRITE)
			strlcpy(p, "w", sizeof p);
		else if (num & BIO_FP_READ)
			strlcpy(p, "r", sizeof p);
		else {
			BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
			ret = 0;
			break;
		}
		fp = fopen(ptr, p);
		if (fp == NULL) {
			SYSerr(SYS_F_FOPEN, errno);
			ERR_asprintf_error_data("fopen('%s', '%s')", ptr, p);
			BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
			ret = 0;
			break;
		}
		b->ptr = fp;
		b->init = 1;
		break;
	case BIO_C_GET_FILE_PTR:







|





|

|







242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
		} else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
			strlcpy(p, "r+", sizeof p);
		else if (num & BIO_FP_WRITE)
			strlcpy(p, "w", sizeof p);
		else if (num & BIO_FP_READ)
			strlcpy(p, "r", sizeof p);
		else {
			BIOerror(BIO_R_BAD_FOPEN_MODE);
			ret = 0;
			break;
		}
		fp = fopen(ptr, p);
		if (fp == NULL) {
			SYSerror(errno);
			ERR_asprintf_error_data("fopen('%s', '%s')", ptr, p);
			BIOerror(ERR_R_SYS_LIB);
			ret = 0;
			break;
		}
		b->ptr = fp;
		b->init = 1;
		break;
	case BIO_C_GET_FILE_PTR:
Changes to jni/libressl/crypto/bio/bss_log.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_log.c,v 1.20 2014/07/10 13:58:22 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_log.c,v 1.21 2014/07/11 08:44:47 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/bio/bss_mem.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_mem.c,v 1.13 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_mem.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
BIO_new_mem_buf(void *buf, int len)
{
	BIO *ret;
	BUF_MEM *b;
	size_t sz;

	if (!buf) {
		BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
		return NULL;
	}
	sz = (len < 0) ? strlen(buf) : (size_t)len;
	if (!(ret = BIO_new(BIO_s_mem())))
		return NULL;
	b = (BUF_MEM *)ret->ptr;
	b->data = buf;







|







97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
BIO_new_mem_buf(void *buf, int len)
{
	BIO *ret;
	BUF_MEM *b;
	size_t sz;

	if (!buf) {
		BIOerror(BIO_R_NULL_PARAMETER);
		return NULL;
	}
	sz = (len < 0) ? strlen(buf) : (size_t)len;
	if (!(ret = BIO_new(BIO_s_mem())))
		return NULL;
	b = (BUF_MEM *)ret->ptr;
	b->data = buf;
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
{
	int ret = -1;
	int blen;
	BUF_MEM *bm;

	bm = (BUF_MEM *)b->ptr;
	if (in == NULL) {
		BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
		goto end;
	}

	if (b->flags & BIO_FLAGS_MEM_RDONLY) {
		BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
		goto end;
	}

	BIO_clear_retry_flags(b);
	blen = bm->length;
	if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
		goto end;







|




|







179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
{
	int ret = -1;
	int blen;
	BUF_MEM *bm;

	bm = (BUF_MEM *)b->ptr;
	if (in == NULL) {
		BIOerror(BIO_R_NULL_PARAMETER);
		goto end;
	}

	if (b->flags & BIO_FLAGS_MEM_RDONLY) {
		BIOerror(BIO_R_WRITE_TO_READ_ONLY_BIO);
		goto end;
	}

	BIO_clear_retry_flags(b);
	blen = bm->length;
	if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
		goto end;
Changes to jni/libressl/crypto/bio/bss_null.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_null.c,v 1.9 2014/07/10 13:58:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_null.c,v 1.10 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bio/bss_sock.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bss_sock.c,v 1.22 2014/07/10 13:58:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bss_sock.c,v 1.23 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/bn/bn_add.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_add.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_add.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

	max = a->top;
	min = b->top;
	dif = max - min;

	if (dif < 0)	/* hmm... should not be happening */
	{
		BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
		return (0);
	}

	if (bn_wexpand(r, max) == NULL)
		return (0);

	ap = a->d;







|







178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

	max = a->top;
	min = b->top;
	dif = max - min;

	if (dif < 0)	/* hmm... should not be happening */
	{
		BNerror(BN_R_ARG2_LT_ARG3);
		return (0);
	}

	if (bn_wexpand(r, max) == NULL)
		return (0);

	ap = a->d;
Changes to jni/libressl/crypto/bn/bn_asm.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_asm.c,v 1.13 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_asm.c,v 1.14 2015/02/25 15:39:49 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bn/bn_blind.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_blind.c,v 1.13 2014/07/11 08:44:47 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_blind.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
	BN_BLINDING *ret = NULL;

	bn_check_top(mod);

	if ((ret = calloc(1, sizeof(BN_BLINDING))) == NULL) {
		BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if (A != NULL) {
		if ((ret->A = BN_dup(A))  == NULL)
			goto err;
	}
	if (Ai != NULL) {







|







140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
	BN_BLINDING *ret = NULL;

	bn_check_top(mod);

	if ((ret = calloc(1, sizeof(BN_BLINDING))) == NULL) {
		BNerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if (A != NULL) {
		if ((ret->A = BN_dup(A))  == NULL)
			goto err;
	}
	if (Ai != NULL) {
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

int
BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
{
	int ret = 0;

	if ((b->A == NULL) || (b->Ai == NULL)) {
		BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
		goto err;
	}

	if (b->counter == -1)
		b->counter = 0;

	if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&







|







190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

int
BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
{
	int ret = 0;

	if ((b->A == NULL) || (b->Ai == NULL)) {
		BNerror(BN_R_NOT_INITIALIZED);
		goto err;
	}

	if (b->counter == -1)
		b->counter = 0;

	if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
{
	int ret = 1;

	bn_check_top(n);

	if ((b->A == NULL) || (b->Ai == NULL)) {
		BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
		return (0);
	}

	if (b->counter == -1)
		/* Fresh blinding, doesn't need updating. */
		b->counter = 0;
	else if (!BN_BLINDING_update(b, ctx))







|







231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
{
	int ret = 1;

	bn_check_top(n);

	if ((b->A == NULL) || (b->Ai == NULL)) {
		BNerror(BN_R_NOT_INITIALIZED);
		return (0);
	}

	if (b->counter == -1)
		/* Fresh blinding, doesn't need updating. */
		b->counter = 0;
	else if (!BN_BLINDING_update(b, ctx))
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283

	bn_check_top(n);

	if (r != NULL)
		ret = BN_mod_mul(n, n, r, b->mod, ctx);
	else {
		if (b->Ai == NULL) {
			BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
			return (0);
		}
		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
	}

	bn_check_top(n);
	return (ret);







|







269
270
271
272
273
274
275
276
277
278
279
280
281
282
283

	bn_check_top(n);

	if (r != NULL)
		ret = BN_mod_mul(n, n, r, b->mod, ctx);
	else {
		if (b->Ai == NULL) {
			BNerror(BN_R_NOT_INITIALIZED);
			return (0);
		}
		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
	}

	bn_check_top(n);
	return (ret);
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
		ret->bn_mod_exp = bn_mod_exp;
	if (m_ctx != NULL)
		ret->m_ctx = m_ctx;

	do {
		if (!BN_rand_range(ret->A, ret->mod))
			goto err;
		if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
			/* this should almost never happen for good RSA keys */
			unsigned long error = ERR_peek_last_error();
			if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
				if (retry_counter-- == 0) {
					BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
					    BN_R_TOO_MANY_ITERATIONS);
					goto err;
				}
				ERR_clear_error();
			} else
				goto err;
		} else
			break;
	} while (1);

	if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
		if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod,
		    ctx, ret->m_ctx))
			goto err;
	} else {
		if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
			goto err;
	}

	return ret;

err:
	if (b == NULL && ret != NULL) {
		BN_BLINDING_free(ret);
		ret = NULL;
	}

	return ret;
}







|




<
|














|













347
348
349
350
351
352
353
354
355
356
357
358

359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
		ret->bn_mod_exp = bn_mod_exp;
	if (m_ctx != NULL)
		ret->m_ctx = m_ctx;

	do {
		if (!BN_rand_range(ret->A, ret->mod))
			goto err;
		if (BN_mod_inverse_ct(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
			/* this should almost never happen for good RSA keys */
			unsigned long error = ERR_peek_last_error();
			if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
				if (retry_counter-- == 0) {

					BNerror(BN_R_TOO_MANY_ITERATIONS);
					goto err;
				}
				ERR_clear_error();
			} else
				goto err;
		} else
			break;
	} while (1);

	if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
		if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod,
		    ctx, ret->m_ctx))
			goto err;
	} else {
		if (!BN_mod_exp_ct(ret->A, ret->A, ret->e, ret->mod, ctx))
			goto err;
	}

	return ret;

err:
	if (b == NULL && ret != NULL) {
		BN_BLINDING_free(ret);
		ret = NULL;
	}

	return ret;
}
Changes to jni/libressl/crypto/bn/bn_const.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Insert boilerplate */

#include <openssl/bn.h>

/* "First Oakley Default Group" from RFC2409, section 6.1.
 *
 * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_const.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* Insert boilerplate */

#include <openssl/bn.h>

/* "First Oakley Default Group" from RFC2409, section 6.1.
 *
 * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
Changes to jni/libressl/crypto/bn/bn_ctx.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_ctx.c,v 1.13 2014/07/11 08:44:47 jsing Exp $ */
/* Written by Ulf Moeller for the OpenSSL project. */
/* ====================================================================
 * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_ctx.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Written by Ulf Moeller for the OpenSSL project. */
/* ====================================================================
 * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#ifndef NDEBUG
#define NDEBUG
#endif
#endif

#include <stdio.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"








<
<
<







58
59
60
61
62
63
64



65
66
67
68
69
70
71
#ifndef NDEBUG
#define NDEBUG
#endif
#endif

#include <stdio.h>
#include <string.h>




#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"

224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
#endif

BN_CTX *
BN_CTX_new(void)
{
	BN_CTX *ret = malloc(sizeof(BN_CTX));
	if (!ret) {
		BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	/* Initialise the structure */
	BN_POOL_init(&ret->pool);
	BN_STACK_init(&ret->stack);
	ret->used = 0;







|







221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
#endif

BN_CTX *
BN_CTX_new(void)
{
	BN_CTX *ret = malloc(sizeof(BN_CTX));
	if (!ret) {
		BNerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	/* Initialise the structure */
	BN_POOL_init(&ret->pool);
	BN_STACK_init(&ret->stack);
	ret->used = 0;
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
	CTXDBG_ENTRY("BN_CTX_start", ctx);

	/* If we're already overflowing ... */
	if (ctx->err_stack || ctx->too_many)
		ctx->err_stack++;
	/* (Try to) get a new frame pointer */
	else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
		BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
		ctx->err_stack++;
	}
	CTXDBG_EXIT(ctx);
}

void
BN_CTX_end(BN_CTX *ctx)







|







270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
	CTXDBG_ENTRY("BN_CTX_start", ctx);

	/* If we're already overflowing ... */
	if (ctx->err_stack || ctx->too_many)
		ctx->err_stack++;
	/* (Try to) get a new frame pointer */
	else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
		BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
		ctx->err_stack++;
	}
	CTXDBG_EXIT(ctx);
}

void
BN_CTX_end(BN_CTX *ctx)
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325

	if (ctx->err_stack || ctx->too_many)
		return NULL;
	if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
		/* Setting too_many prevents repeated "get" attempts from
		 * cluttering the error stack. */
		ctx->too_many = 1;
		BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
		return NULL;
	}
	/* OK, make sure the returned bignum is "zero" */
	BN_zero(ret);
	ctx->used++;
	CTXDBG_RET(ctx, ret);
	return ret;







|







308
309
310
311
312
313
314
315
316
317
318
319
320
321
322

	if (ctx->err_stack || ctx->too_many)
		return NULL;
	if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
		/* Setting too_many prevents repeated "get" attempts from
		 * cluttering the error stack. */
		ctx->too_many = 1;
		BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
		return NULL;
	}
	/* OK, make sure the returned bignum is "zero" */
	BN_zero(ret);
	ctx->used++;
	CTXDBG_RET(ctx, ret);
	return ret;
Changes to jni/libressl/crypto/bn/bn_depr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_depr.c,v 1.6 2014/07/11 08:44:47 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_depr.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/bn/bn_div.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_div.c,v 1.22 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_div.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/* BN_div computes  dv := num / divisor,  rounding towards
 * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
 * Thus:
 *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
 *     rm->neg == num->neg                 (unless the remainder is zero)
 * If 'dv' or 'rm' is NULL, the respective value is not returned.
 */
int
BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
    BN_CTX *ctx)
{
	int norm_shift, i, loop;
	BIGNUM *tmp, wnum, *snum, *sdiv, *res;
	BN_ULONG *resp, *wnump;
	BN_ULONG d0, d1;
	int num_n, div_n;
	int no_branch = 0;

	/* Invalid zero-padding would have particularly bad consequences
	 * in the case of 'num', so don't just rely on bn_check_top() for this one
	 * (bn_check_top() works only for BN_DEBUG builds) */
	if (num->top > 0 && num->d[num->top - 1] == 0) {
		BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
		return 0;
	}

	bn_check_top(num);

	if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
	    (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
		no_branch = 1;
	}

	bn_check_top(dv);
	bn_check_top(rm);
	/* bn_check_top(num); */ /* 'num' has been checked already */
	bn_check_top(divisor);

	if (BN_is_zero(divisor)) {
		BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
		return (0);
	}

	if (!no_branch && BN_ucmp(num, divisor) < 0) {
		if (rm != NULL) {
			if (BN_copy(rm, num) == NULL)
				return (0);







|
|
|












|





|
<

<







|







112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
/* BN_div computes  dv := num / divisor,  rounding towards
 * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
 * Thus:
 *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
 *     rm->neg == num->neg                 (unless the remainder is zero)
 * If 'dv' or 'rm' is NULL, the respective value is not returned.
 */
static int
BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
    BN_CTX *ctx, int ct)
{
	int norm_shift, i, loop;
	BIGNUM *tmp, wnum, *snum, *sdiv, *res;
	BN_ULONG *resp, *wnump;
	BN_ULONG d0, d1;
	int num_n, div_n;
	int no_branch = 0;

	/* Invalid zero-padding would have particularly bad consequences
	 * in the case of 'num', so don't just rely on bn_check_top() for this one
	 * (bn_check_top() works only for BN_DEBUG builds) */
	if (num->top > 0 && num->d[num->top - 1] == 0) {
		BNerror(BN_R_NOT_INITIALIZED);
		return 0;
	}

	bn_check_top(num);

	if (ct)

		no_branch = 1;


	bn_check_top(dv);
	bn_check_top(rm);
	/* bn_check_top(num); */ /* 'num' has been checked already */
	bn_check_top(divisor);

	if (BN_is_zero(divisor)) {
		BNerror(BN_R_DIV_BY_ZERO);
		return (0);
	}

	if (!no_branch && BN_ucmp(num, divisor) < 0) {
		if (rm != NULL) {
			if (BN_copy(rm, num) == NULL)
				return (0);
375
376
377
378
379
380
381
























	return (1);

err:
	bn_check_top(rm);
	BN_CTX_end(ctx);
	return (0);
}































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
	return (1);

err:
	bn_check_top(rm);
	BN_CTX_end(ctx);
	return (0);
}

int
BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
    BN_CTX *ctx)
{
	int ct = ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
	    (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0));

	return BN_div_internal(dv, rm, num, divisor, ctx, ct);
}

int
BN_div_nonct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
    BN_CTX *ctx)
{
	return BN_div_internal(dv, rm, num, divisor, ctx, 0);
}

int
BN_div_ct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
    BN_CTX *ctx)
{
	return BN_div_internal(dv, rm, num, divisor, ctx, 1);
}
Changes to jni/libressl/crypto/bn/bn_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_err.c,v 1.12 2014/07/10 22:45:56 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_err.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)

static ERR_STRING_DATA BN_str_functs[]= {
	{ERR_FUNC(BN_F_BNRAND),	"BNRAND"},
	{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX),	"BN_BLINDING_convert_ex"},
	{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM),	"BN_BLINDING_create_param"},
	{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX),	"BN_BLINDING_invert_ex"},
	{ERR_FUNC(BN_F_BN_BLINDING_NEW),	"BN_BLINDING_new"},
	{ERR_FUNC(BN_F_BN_BLINDING_UPDATE),	"BN_BLINDING_update"},
	{ERR_FUNC(BN_F_BN_BN2DEC),	"BN_bn2dec"},
	{ERR_FUNC(BN_F_BN_BN2HEX),	"BN_bn2hex"},
	{ERR_FUNC(BN_F_BN_CTX_GET),	"BN_CTX_get"},
	{ERR_FUNC(BN_F_BN_CTX_NEW),	"BN_CTX_new"},
	{ERR_FUNC(BN_F_BN_CTX_START),	"BN_CTX_start"},
	{ERR_FUNC(BN_F_BN_DIV),	"BN_div"},
	{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH),	"BN_div_no_branch"},
	{ERR_FUNC(BN_F_BN_DIV_RECP),	"BN_div_recp"},
	{ERR_FUNC(BN_F_BN_EXP),	"BN_exp"},
	{ERR_FUNC(BN_F_BN_EXPAND2),	"bn_expand2"},
	{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),	"BN_EXPAND_INTERNAL"},
	{ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX),	"BN_generate_prime_ex"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD),	"BN_GF2m_mod"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),	"BN_GF2m_mod_exp"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),	"BN_GF2m_mod_mul"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD),	"BN_GF2m_mod_solve_quad"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR),	"BN_GF2m_mod_solve_quad_arr"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR),	"BN_GF2m_mod_sqr"},
	{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT),	"BN_GF2m_mod_sqrt"},
	{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),	"BN_mod_exp2_mont"},
	{ERR_FUNC(BN_F_BN_MOD_EXP_MONT),	"BN_mod_exp_mont"},
	{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),	"BN_mod_exp_mont_consttime"},
	{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD),	"BN_mod_exp_mont_word"},
	{ERR_FUNC(BN_F_BN_MOD_EXP_RECP),	"BN_mod_exp_recp"},
	{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),	"BN_mod_exp_simple"},
	{ERR_FUNC(BN_F_BN_MOD_INVERSE),	"BN_mod_inverse"},
	{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH),	"BN_mod_inverse_no_branch"},
	{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),	"BN_mod_lshift_quick"},
	{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),	"BN_mod_mul_reciprocal"},
	{ERR_FUNC(BN_F_BN_MOD_SQRT),	"BN_mod_sqrt"},
	{ERR_FUNC(BN_F_BN_MPI2BN),	"BN_mpi2bn"},
	{ERR_FUNC(BN_F_BN_NEW),	"BN_new"},
	{ERR_FUNC(BN_F_BN_RAND),	"BN_rand"},
	{ERR_FUNC(BN_F_BN_RAND_RANGE),	"BN_rand_range"},
	{ERR_FUNC(BN_F_BN_USUB),	"BN_usub"},
	{0, NULL}
};

static ERR_STRING_DATA BN_str_reasons[]= {
	{ERR_REASON(BN_R_ARG2_LT_ARG3)           , "arg2 lt arg3"},
	{ERR_REASON(BN_R_BAD_RECIPROCAL)         , "bad reciprocal"},
	{ERR_REASON(BN_R_BIGNUM_TOO_LONG)        , "bignum too long"},







|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74
75








































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)

static ERR_STRING_DATA BN_str_functs[]= {
	{ERR_FUNC(0xfff), "CRYPTO_internal"},








































	{0, NULL}
};

static ERR_STRING_DATA BN_str_reasons[]= {
	{ERR_REASON(BN_R_ARG2_LT_ARG3)           , "arg2 lt arg3"},
	{ERR_REASON(BN_R_BAD_RECIPROCAL)         , "bad reciprocal"},
	{ERR_REASON(BN_R_BIGNUM_TOO_LONG)        , "bignum too long"},
Changes to jni/libressl/crypto/bn/bn_exp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_exp.c,v 1.22 2015/03/21 08:05:20 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_exp.c,v 1.30 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
111
112
113
114
115
116
117

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

#include <stdlib.h>
#include <string.h>

#include <openssl/err.h>

#include "bn_lcl.h"


/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE	32

/* this one works - simple but works */
int
BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
	int i, bits, ret = 0;
	BIGNUM *v, *rr;

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
		BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	BN_CTX_start(ctx);
	if ((r == a) || (r == p))
		rr = BN_CTX_get(ctx);
	else







>













|







111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

#include <stdlib.h>
#include <string.h>

#include <openssl/err.h>

#include "bn_lcl.h"
#include "constant_time_locl.h"

/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE	32

/* this one works - simple but works */
int
BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
	int i, bits, ret = 0;
	BIGNUM *v, *rr;

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
		BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	BN_CTX_start(ctx);
	if ((r == a) || (r == p))
		rr = BN_CTX_get(ctx);
	else
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
	if (r != rr && rr != NULL)
		BN_copy(r, rr);
	BN_CTX_end(ctx);
	bn_check_top(r);
	return (ret);
}

int
BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	int ret;

	bn_check_top(a);
	bn_check_top(p);
	bn_check_top(m);








|
|
|







168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
	if (r != rr && rr != NULL)
		BN_copy(r, rr);
	BN_CTX_end(ctx);
	bn_check_top(r);
	return (ret);
}

static int
BN_mod_exp_internal(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx, int ct)
{
	int ret;

	bn_check_top(a);
	bn_check_top(p);
	bn_check_top(m);

207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
























249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269





270
271
272
273
274
275
276
277
	 * slower even than the standard algorithm!
	 *
	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
	 * should be obtained when the new Montgomery reduction code
	 * has been integrated into OpenSSL.)
	 */

#define MONT_MUL_MOD
#define MONT_EXP_WORD
#define RECP_MUL_MOD

#ifdef MONT_MUL_MOD
	/* I have finally been able to take out this pre-condition of
	 * the top bit being set.  It was caused by an error in BN_div
	 * with negatives.  There was also another problem when for a^b%m
	 * a >= m.  eay 07-May-97 */
/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */

	if (BN_is_odd(m)) {
#  ifdef MONT_EXP_WORD
		if (a->top == 1 && !a->neg &&
		    (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
			BN_ULONG A = a->d[0];
			ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL);
		} else
#  endif
			ret = BN_mod_exp_mont(r, a,p, m,ctx, NULL);
	} else
#endif
#ifdef RECP_MUL_MOD
	{
		ret = BN_mod_exp_recp(r, a,p, m, ctx);
	}
#else
	{
		ret = BN_mod_exp_simple(r, a,p, m, ctx);
	}
#endif

	bn_check_top(r);
	return (ret);
}

























int
BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	int i, j, bits, ret = 0, wstart, wend, window, wvalue;
	int start = 1;
	BIGNUM *aa;
	/* Table of variables obtained from 'ctx' */
	BIGNUM *val[TABLE_SIZE];
	BN_RECP_CTX recp;

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
		BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	bits = BN_num_bits(p);

	if (bits == 0) {





		ret = BN_one(r);
		return ret;
	}

	BN_CTX_start(ctx);
	if ((aa = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((val[0] = BN_CTX_get(ctx)) == NULL)







<
<
<
<
<
<
<
<
<
<
<

<
|
<



<
|
|
<
<
<


<
<
<
<
<




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>














|




<

>
>
>
>
>
|







208
209
210
211
212
213
214











215

216

217
218
219

220
221



222
223





224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270

271
272
273
274
275
276
277
278
279
280
281
282
283
284
	 * slower even than the standard algorithm!
	 *
	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
	 * should be obtained when the new Montgomery reduction code
	 * has been integrated into OpenSSL.)
	 */












	if (BN_is_odd(m)) {

		if (a->top == 1 && !a->neg && !ct) {

			BN_ULONG A = a->d[0];
			ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL);
		} else

			ret = BN_mod_exp_mont_ct(r, a,p, m,ctx, NULL);
	} else	{



		ret = BN_mod_exp_recp(r, a,p, m, ctx);
	}






	bn_check_top(r);
	return (ret);
}

int
BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	return BN_mod_exp_internal(r, a, p, m, ctx,
	    (BN_get_flags(p, BN_FLG_CONSTTIME) != 0));
}

int
BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	return BN_mod_exp_internal(r, a, p, m, ctx, 1);
}


int
BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	return BN_mod_exp_internal(r, a, p, m, ctx, 0);
}


int
BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	int i, j, bits, ret = 0, wstart, wend, window, wvalue;
	int start = 1;
	BIGNUM *aa;
	/* Table of variables obtained from 'ctx' */
	BIGNUM *val[TABLE_SIZE];
	BN_RECP_CTX recp;

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
		BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	bits = BN_num_bits(p);

	if (bits == 0) {
		/* x**0 mod 1 is still zero. */
		if (BN_is_one(m)) {
			ret = 1;
			BN_zero(r);
		} else
			ret = BN_one(r);
		return ret;
	}

	BN_CTX_start(ctx);
	if ((aa = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((val[0] = BN_CTX_get(ctx)) == NULL)
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403

404
405





406
407
408
409
410
411
412
413
err:
	BN_CTX_end(ctx);
	BN_RECP_CTX_free(&recp);
	bn_check_top(r);
	return (ret);
}

int
BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
	int i, j, bits, ret = 0, wstart, wend, window, wvalue;
	int start = 1;
	BIGNUM *d, *r;
	const BIGNUM *aa;
	/* Table of variables obtained from 'ctx' */
	BIGNUM *val[TABLE_SIZE];
	BN_MONT_CTX *mont = NULL;

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
	}

	bn_check_top(a);
	bn_check_top(p);
	bn_check_top(m);

	if (!BN_is_odd(m)) {
		BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}

	bits = BN_num_bits(p);
	if (bits == 0) {





		ret = BN_one(rr);
		return ret;
	}

	BN_CTX_start(ctx);
	if ((d = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((r = BN_CTX_get(ctx)) == NULL)







|
|
|









|








|


>


>
>
>
>
>
|







380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
err:
	BN_CTX_end(ctx);
	BN_RECP_CTX_free(&recp);
	bn_check_top(r);
	return (ret);
}

static int
BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *in_mont, int ct)
{
	int i, j, bits, ret = 0, wstart, wend, window, wvalue;
	int start = 1;
	BIGNUM *d, *r;
	const BIGNUM *aa;
	/* Table of variables obtained from 'ctx' */
	BIGNUM *val[TABLE_SIZE];
	BN_MONT_CTX *mont = NULL;

	if (ct) {
		return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
	}

	bn_check_top(a);
	bn_check_top(p);
	bn_check_top(m);

	if (!BN_is_odd(m)) {
		BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}

	bits = BN_num_bits(p);
	if (bits == 0) {
		/* x**0 mod 1 is still zero. */
		if (BN_is_one(m)) {
			ret = 1;
			BN_zero(rr);
		} else
			ret = BN_one(rr);
		return ret;
	}

	BN_CTX_start(ctx);
	if ((d = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((r = BN_CTX_get(ctx)) == NULL)
519
520
521
522
523
524
525





















526
527
528
529
530
531
532
533
534
535
536


537
538
539

540
541
542
543
544
545
546
547
548
549
550
551


552
553
554
555



556




557

558



559






















560
561
562
563
564
565
566
	if ((in_mont == NULL) && (mont != NULL))
		BN_MONT_CTX_free(mont);
	BN_CTX_end(ctx);
	bn_check_top(rr);
	return (ret);
}























/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
 * so that accessing any of these table values shows the same access pattern as far
 * as cache lines are concerned.  The following functions are used to transfer a BIGNUM
 * from/to that table. */

static int
MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf,
    int idx, int width)
{
	size_t i, j;



	if (top > b->top)
		top = b->top; /* this works because 'buf' is explicitly zeroed */

	for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
		buf[j] = ((unsigned char*)b->d)[i];
	}

	return 1;
}

static int
MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx,
    int width)
{
	size_t i, j;



	if (bn_wexpand(b, top) == NULL)
		return 0;




	for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {




		((unsigned char*)b->d)[i] = buf[j];

	}


























	b->top = top;
	bn_correct_top(b);
	return 1;
}

/* Given a pointer value, compute the next address that is a cache line multiple. */
#define MOD_EXP_CTIME_ALIGN(x_) \







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








|

|
>
>



>
|
|







|

|
>
>




>
>
>
|
>
>
>
>
|
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
	if ((in_mont == NULL) && (mont != NULL))
		BN_MONT_CTX_free(mont);
	BN_CTX_end(ctx);
	bn_check_top(rr);
	return (ret);
}

int
BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
	return BN_mod_exp_mont_internal(rr, a, p, m, ctx, in_mont,
	    (BN_get_flags(p, BN_FLG_CONSTTIME) != 0));
}

int
BN_mod_exp_mont_ct(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
	return BN_mod_exp_mont_internal(rr, a, p, m, ctx, in_mont, 1);
}

int
BN_mod_exp_mont_nonct(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
	return BN_mod_exp_mont_internal(rr, a, p, m, ctx, in_mont, 0);
}

/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
 * so that accessing any of these table values shows the same access pattern as far
 * as cache lines are concerned.  The following functions are used to transfer a BIGNUM
 * from/to that table. */

static int
MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf,
    int idx, int window)
{
	int i, j;
	int width = 1 << window;
	BN_ULONG *table = (BN_ULONG *)buf;

	if (top > b->top)
		top = b->top; /* this works because 'buf' is explicitly zeroed */

	for (i = 0, j = idx; i < top; i++, j += width) {
		table[j] = b->d[i];
	}

	return 1;
}

static int
MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx,
    int window)
{
	int i, j;
	int width = 1 << window;
	volatile BN_ULONG *table = (volatile BN_ULONG *)buf;

	if (bn_wexpand(b, top) == NULL)
		return 0;

	if (window <= 3) {
		for (i = 0; i < top; i++, table += width) {
		    BN_ULONG acc = 0;

		    for (j = 0; j < width; j++) {
			acc |= table[j] &
			       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
		    }

		    b->d[i] = acc;
		}
	} else {
		int xstride = 1 << (window - 2);
		BN_ULONG y0, y1, y2, y3;

		i = idx >> (window - 2);        /* equivalent of idx / xstride */
		idx &= xstride - 1;             /* equivalent of idx % xstride */

		y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
		y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
		y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
		y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);

		for (i = 0; i < top; i++, table += width) {
		    BN_ULONG acc = 0;

		    for (j = 0; j < xstride; j++) {
			acc |= ( (table[j + 0 * xstride] & y0) |
				 (table[j + 1 * xstride] & y1) |
				 (table[j + 2 * xstride] & y2) |
				 (table[j + 3 * xstride] & y3) )
			       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
		    }

		    b->d[i] = acc;
		}
	}
	b->top = top;
	bn_correct_top(b);
	return 1;
}

/* Given a pointer value, compute the next address that is a cache line multiple. */
#define MOD_EXP_CTIME_ALIGN(x_) \
585
586
587
588
589
590
591
592
593
594
595
596
597
598



599
600





601
602
603
604
605
606
607
608
	unsigned char *powerbuf = NULL;
	BIGNUM tmp, am;

	bn_check_top(a);
	bn_check_top(p);
	bn_check_top(m);

	top = m->top;

	if (!(m->d[0] & 1)) {
		BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,
		    BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}



	bits = BN_num_bits(p);
	if (bits == 0) {





		ret = BN_one(rr);
		return ret;
	}

	BN_CTX_start(ctx);

	/* Allocate a montgomery context if it was not supplied by the caller.
	 * If this is not done, things will break in the montgomery part.







<
|
<
<
|


>
>
>


>
>
>
>
>
|







657
658
659
660
661
662
663

664


665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
	unsigned char *powerbuf = NULL;
	BIGNUM tmp, am;

	bn_check_top(a);
	bn_check_top(p);
	bn_check_top(m);


	if (!BN_is_odd(m)) {


		BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}

	top = m->top;

	bits = BN_num_bits(p);
	if (bits == 0) {
		/* x**0 mod 1 is still zero. */
		if (BN_is_one(m)) {
			ret = 1;
			BN_zero(rr);
		} else
			ret = BN_one(rr);
		return ret;
	}

	BN_CTX_start(ctx);

	/* Allocate a montgomery context if it was not supplied by the caller.
	 * If this is not done, things will break in the montgomery part.
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
	for (i = 1; i < top; i++)
		tmp.d[i] = (~m->d[i]) & BN_MASK2;
	tmp.top = top;
#endif

	/* prepare a^1 in Montgomery domain */
	if (a->neg || BN_ucmp(a, m) >= 0) {
		if (!BN_mod(&am, a,m, ctx))
			goto err;
		if (!BN_to_montgomery(&am, &am, mont, ctx))
			goto err;
	} else if (!BN_to_montgomery(&am, a,mont, ctx))
		goto err;

#if defined(OPENSSL_BN_ASM_MONT5)







|







730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
	for (i = 1; i < top; i++)
		tmp.d[i] = (~m->d[i]) & BN_MASK2;
	tmp.top = top;
#endif

	/* prepare a^1 in Montgomery domain */
	if (a->neg || BN_ucmp(a, m) >= 0) {
		if (!BN_mod_ct(&am, a,m, ctx))
			goto err;
		if (!BN_to_montgomery(&am, &am, mont, ctx))
			goto err;
	} else if (!BN_to_montgomery(&am, a,mont, ctx))
		goto err;

#if defined(OPENSSL_BN_ASM_MONT5)
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817

		tmp.top = top;
		bn_correct_top(&tmp);
	} else
#endif
	{
		if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0,
		    numPowers))
			goto err;
		if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am,  top, powerbuf, 1,
		    numPowers))
			goto err;

		/* If the window size is greater than 1, then calculate
		 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
		 * (even powers could instead be computed as (a^(i/2))^2
		 * to use the slight performance advantage of sqr over mul).
		 */
		if (window > 1) {
			if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
				goto err;
			if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf,
			    2, numPowers))
				goto err;
			for (i = 3; i < numPowers; i++) {
				/* Calculate a^i = a^(i-1) * a */
				if (!BN_mod_mul_montgomery(&tmp, &am, &tmp,
				    mont, ctx))
					goto err;
				if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top,
				    powerbuf, i, numPowers))
					goto err;
			}
		}

		bits--;
		for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
			wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
		if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf,
		    wvalue, numPowers))
			goto err;

		/* Scan the exponent one window at a time starting from the most
		 * significant bits.
		 */
		while (bits >= 0) {
			wvalue = 0; /* The 'value' of the window */

			/* Scan the window, squaring the result as we go */
			for (i = 0; i < window; i++, bits--) {
				if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp,
				    mont, ctx))
					goto err;
				wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
			}

			/* Fetch the appropriate pre-computed value from the pre-buf */
			if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf,
			    wvalue, numPowers))
				goto err;

			/* Multiply the result into the intermediate result */
			if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
				goto err;
		}
	}







|


|











|







|








|


















|







829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894

		tmp.top = top;
		bn_correct_top(&tmp);
	} else
#endif
	{
		if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0,
		    window))
			goto err;
		if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am,  top, powerbuf, 1,
		    window))
			goto err;

		/* If the window size is greater than 1, then calculate
		 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
		 * (even powers could instead be computed as (a^(i/2))^2
		 * to use the slight performance advantage of sqr over mul).
		 */
		if (window > 1) {
			if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
				goto err;
			if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf,
			    2, window))
				goto err;
			for (i = 3; i < numPowers; i++) {
				/* Calculate a^i = a^(i-1) * a */
				if (!BN_mod_mul_montgomery(&tmp, &am, &tmp,
				    mont, ctx))
					goto err;
				if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top,
				    powerbuf, i, window))
					goto err;
			}
		}

		bits--;
		for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
			wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
		if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf,
		    wvalue, window))
			goto err;

		/* Scan the exponent one window at a time starting from the most
		 * significant bits.
		 */
		while (bits >= 0) {
			wvalue = 0; /* The 'value' of the window */

			/* Scan the window, squaring the result as we go */
			for (i = 0; i < window; i++, bits--) {
				if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp,
				    mont, ctx))
					goto err;
				wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
			}

			/* Fetch the appropriate pre-computed value from the pre-buf */
			if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf,
			    wvalue, window))
				goto err;

			/* Multiply the result into the intermediate result */
			if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
				goto err;
		}
	}
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879





880
881
882
883
884
885
886
887
	BN_ULONG w, next_w;
	BIGNUM *d, *r, *t;
	BIGNUM *swap_tmp;

#define BN_MOD_MUL_WORD(r, w, m) \
		(BN_mul_word(r, (w)) && \
		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
			(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
		/* BN_MOD_MUL_WORD is only used with 'w' large,
		 * so the BN_ucmp test is probably more overhead
		 * than always using BN_mod (which uses BN_copy if
		 * a similar test returns true). */
		/* We can use BN_mod and do not need BN_nnmod because our
		 * accumulator is never negative (the result of BN_mod does
		 * not depend on the sign of the modulus).
		 */
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,
		    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	bn_check_top(p);
	bn_check_top(m);

	if (!BN_is_odd(m)) {
		BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}
	if (m->top == 1)
		a %= m->d[0]; /* make sure that 'a' is reduced */

	bits = BN_num_bits(p);
	if (bits == 0) {





		ret = BN_one(rr);
		return ret;
	}
	if (a == 0) {
		BN_zero(rr);
		ret = 1;
		return ret;
	}







|













<
|







|







>
>
>
>
>
|







919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939

940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
	BN_ULONG w, next_w;
	BIGNUM *d, *r, *t;
	BIGNUM *swap_tmp;

#define BN_MOD_MUL_WORD(r, w, m) \
		(BN_mul_word(r, (w)) && \
		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
			(BN_mod_ct(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
		/* BN_MOD_MUL_WORD is only used with 'w' large,
		 * so the BN_ucmp test is probably more overhead
		 * than always using BN_mod (which uses BN_copy if
		 * a similar test returns true). */
		/* We can use BN_mod and do not need BN_nnmod because our
		 * accumulator is never negative (the result of BN_mod does
		 * not depend on the sign of the modulus).
		 */
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

		BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	bn_check_top(p);
	bn_check_top(m);

	if (!BN_is_odd(m)) {
		BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}
	if (m->top == 1)
		a %= m->d[0]; /* make sure that 'a' is reduced */

	bits = BN_num_bits(p);
	if (bits == 0) {
		/* x**0 mod 1 is still zero. */
		if (BN_is_one(m)) {
			ret = 1;
			BN_zero(rr);
		} else
			ret = BN_one(rr);
		return ret;
	}
	if (a == 0) {
		BN_zero(rr);
		ret = 1;
		return ret;
	}
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003





1004
1005
1006
1007
1008
1009
1010
1011


/* The old fallback, simple version :-) */
int
BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	int i, j,bits, ret = 0, wstart, wend, window, wvalue;
	int start = 1;
	BIGNUM *d;
	/* Table of variables obtained from 'ctx' */
	BIGNUM *val[TABLE_SIZE];

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
		BNerr(BN_F_BN_MOD_EXP_SIMPLE,
		    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	bits = BN_num_bits(p);

	if (bits == 0) {





		ret = BN_one(r);
		return ret;
	}

	BN_CTX_start(ctx);
	if ((d = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((val[0] = BN_CTX_get(ctx)) == NULL)







|







<
|




<

>
>
>
>
>
|







1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076

1077
1078
1079
1080
1081

1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095


/* The old fallback, simple version :-) */
int
BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    BN_CTX *ctx)
{
	int i, j, bits, ret = 0, wstart, wend, window, wvalue;
	int start = 1;
	BIGNUM *d;
	/* Table of variables obtained from 'ctx' */
	BIGNUM *val[TABLE_SIZE];

	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

		BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}

	bits = BN_num_bits(p);

	if (bits == 0) {
		/* x**0 mod 1 is still zero. */
		if (BN_is_one(m)) {
			ret = 1;
			BN_zero(r);
		} else
			ret = BN_one(r);
		return ret;
	}

	BN_CTX_start(ctx);
	if ((d = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((val[0] = BN_CTX_get(ctx)) == NULL)
Changes to jni/libressl/crypto/bn/bn_exp2.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_exp2.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_exp2.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
	bn_check_top(a1);
	bn_check_top(p1);
	bn_check_top(a2);
	bn_check_top(p2);
	bn_check_top(m);

	if (!(m->d[0] & 1)) {
		BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}
	bits1 = BN_num_bits(p1);
	bits2 = BN_num_bits(p2);
	if ((bits1 == 0) && (bits2 == 0)) {
		ret = BN_one(rr);
		return ret;







|







133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
	bn_check_top(a1);
	bn_check_top(p1);
	bn_check_top(a2);
	bn_check_top(p2);
	bn_check_top(m);

	if (!(m->d[0] & 1)) {
		BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
		return (0);
	}
	bits1 = BN_num_bits(p1);
	bits2 = BN_num_bits(p2);
	if ((bits1 == 0) && (bits2 == 0)) {
		ret = BN_one(rr);
		return ret;
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
	window1 = BN_window_bits_for_exponent_size(bits1);
	window2 = BN_window_bits_for_exponent_size(bits2);

	/*
	 * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
	 */
	if (a1->neg || BN_ucmp(a1, m) >= 0) {
		if (!BN_mod(val1[0], a1, m, ctx))
			goto err;
		a_mod_m = val1[0];
	} else
		a_mod_m = a1;
	if (BN_is_zero(a_mod_m)) {
		BN_zero(rr);
		ret = 1;







|







171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
	window1 = BN_window_bits_for_exponent_size(bits1);
	window2 = BN_window_bits_for_exponent_size(bits2);

	/*
	 * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
	 */
	if (a1->neg || BN_ucmp(a1, m) >= 0) {
		if (!BN_mod_ct(val1[0], a1, m, ctx))
			goto err;
		a_mod_m = val1[0];
	} else
		a_mod_m = a1;
	if (BN_is_zero(a_mod_m)) {
		BN_zero(rr);
		ret = 1;
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
	}


	/*
	 * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
	 */
	if (a2->neg || BN_ucmp(a2, m) >= 0) {
		if (!BN_mod(val2[0], a2, m, ctx))
			goto err;
		a_mod_m = val2[0];
	} else
		a_mod_m = a2;
	if (BN_is_zero(a_mod_m)) {
		BN_zero(rr);
		ret = 1;







|







202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
	}


	/*
	 * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
	 */
	if (a2->neg || BN_ucmp(a2, m) >= 0) {
		if (!BN_mod_ct(val2[0], a2, m, ctx))
			goto err;
		a_mod_m = val2[0];
	} else
		a_mod_m = a2;
	if (BN_is_zero(a_mod_m)) {
		BN_zero(rr);
		ret = 1;
Changes to jni/libressl/crypto/bn/bn_gcd.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_gcd.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_gcd.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
110
111
112
113
114
115
116


117
118
119
120
121
122
123
 */

#include <openssl/err.h>

#include "bn_lcl.h"

static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);



int
BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
{
	BIGNUM *a, *b, *t;
	int ret = 0;








>
>







110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 */

#include <openssl/err.h>

#include "bn_lcl.h"

static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
static BIGNUM *BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
    BN_CTX *ctx);

int
BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
{
	BIGNUM *a, *b, *t;
	int ret = 0;

151
152
153
154
155
156
157















158
159
160
161
162
163
164
	ret = 1;

err:
	BN_CTX_end(ctx);
	bn_check_top(r);
	return (ret);
}
















static BIGNUM *
euclid(BIGNUM *a, BIGNUM *b)
{
	BIGNUM *t;
	int shifts = 0;








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
	ret = 1;

err:
	BN_CTX_end(ctx);
	bn_check_top(r);
	return (ret);
}

int
BN_gcd_ct(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
{
	if (BN_gcd_no_branch(r, in_a, in_b, ctx) == NULL)
		return 0;
	return 1;
}

int
BN_gcd_nonct(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
{
	return BN_gcd(r, in_a, in_b, ctx);
}


static BIGNUM *
euclid(BIGNUM *a, BIGNUM *b)
{
	BIGNUM *t;
	int shifts = 0;

227
228
229
230
231
232
233
234
235

236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
}


/* solves ax == 1 (mod n) */
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a,
    const BIGNUM *n, BN_CTX *ctx);

BIGNUM *
BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)

{
	BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
	BIGNUM *ret = NULL;
	int sign;

	if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) ||
	    (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
		return BN_mod_inverse_no_branch(in, a, n, ctx);
	}

	bn_check_top(a);
	bn_check_top(n);

	BN_CTX_start(ctx);
	if ((A = BN_CTX_get(ctx)) == NULL)
		goto err;







|
|
>





|
<

<







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259

260

261
262
263
264
265
266
267
}


/* solves ax == 1 (mod n) */
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a,
    const BIGNUM *n, BN_CTX *ctx);

static BIGNUM *
BN_mod_inverse_internal(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
    int ct)
{
	BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
	BIGNUM *ret = NULL;
	int sign;

	if (ct)

		return BN_mod_inverse_no_branch(in, a, n, ctx);


	bn_check_top(a);
	bn_check_top(n);

	BN_CTX_start(ctx);
	if ((A = BN_CTX_get(ctx)) == NULL)
		goto err;
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
							goto err;
						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
						if (!BN_sub(M, M, B))
							goto err;
					}
				}
			} else {
				if (!BN_div(D, M, A, B, ctx))
					goto err;
			}

			/* Now
			 *      A = D*B + M;
			 * thus we have
			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).







|







433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
							goto err;
						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
						if (!BN_sub(M, M, B))
							goto err;
					}
				}
			} else {
				if (!BN_div_nonct(D, M, A, B, ctx))
					goto err;
			}

			/* Now
			 *      A = D*B + M;
			 * thus we have
			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526



















527
528
529
530
531
532
533
			if (!BN_copy(R, Y))
				goto err;
		} else {
			if (!BN_nnmod(R, Y,n, ctx))
				goto err;
		}
	} else {
		BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
		goto err;
	}
	ret = R;

err:
	if ((ret == NULL) && (in == NULL))
		BN_free(R);
	BN_CTX_end(ctx);
	bn_check_top(ret);
	return (ret);
}





















/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
 * It does not contain branches that may leak sensitive information.
 */
static BIGNUM *
BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
    BN_CTX *ctx)







|












>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
			if (!BN_copy(R, Y))
				goto err;
		} else {
			if (!BN_nnmod(R, Y,n, ctx))
				goto err;
		}
	} else {
		BNerror(BN_R_NO_INVERSE);
		goto err;
	}
	ret = R;

err:
	if ((ret == NULL) && (in == NULL))
		BN_free(R);
	BN_CTX_end(ctx);
	bn_check_top(ret);
	return (ret);
}

BIGNUM *
BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
	int ct = ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) ||
	    (BN_get_flags(n, BN_FLG_CONSTTIME) != 0));
	return BN_mod_inverse_internal(in, a, n, ctx, ct);
}

BIGNUM *
BN_mod_inverse_nonct(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
	return BN_mod_inverse_internal(in, a, n, ctx, 0);
}

BIGNUM *
BN_mod_inverse_ct(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
	return BN_mod_inverse_internal(in, a, n, ctx, 1);
}

/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
 * It does not contain branches that may leak sensitive information.
 */
static BIGNUM *
BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
    BN_CTX *ctx)
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
	 	 * BN_div_no_branch will be called eventually.
	 	 */
		pA = &local_A;
		BN_with_flags(pA, A, BN_FLG_CONSTTIME);

		/* (D, M) := (A/B, A%B) ... */
		if (!BN_div(D, M, pA, B, ctx))
			goto err;

		/* Now
		 *      A = D*B + M;
		 * thus we have
		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
		 */







|







636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
	 	 * BN_div_no_branch will be called eventually.
	 	 */
		pA = &local_A;
		BN_with_flags(pA, A, BN_FLG_CONSTTIME);

		/* (D, M) := (A/B, A%B) ... */
		if (!BN_div_ct(D, M, pA, B, ctx))
			goto err;

		/* Now
		 *      A = D*B + M;
		 * thus we have
		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
		 */
670
671
672
673
674
675
676
677
678
679
680
681











































































































































682
683
684
685
686
687
688
			if (!BN_copy(R, Y))
				goto err;
		} else {
			if (!BN_nnmod(R, Y, n, ctx))
				goto err;
		}
	} else {
		BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
		goto err;
	}
	ret = R;












































































































































err:
	if ((ret == NULL) && (in == NULL))
		BN_free(R);
	BN_CTX_end(ctx);
	bn_check_top(ret);
	return (ret);
}







|




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
			if (!BN_copy(R, Y))
				goto err;
		} else {
			if (!BN_nnmod(R, Y, n, ctx))
				goto err;
		}
	} else {
		BNerror(BN_R_NO_INVERSE);
		goto err;
	}
	ret = R;

err:
	if ((ret == NULL) && (in == NULL))
		BN_free(R);
	BN_CTX_end(ctx);
	bn_check_top(ret);
	return (ret);
}

/*
 * BN_gcd_no_branch is a special version of BN_mod_inverse_no_branch.
 * that returns the GCD.
 */
static BIGNUM *
BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
    BN_CTX *ctx)
{
	BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
	BIGNUM local_A, local_B;
	BIGNUM *pA, *pB;
	BIGNUM *ret = NULL;
	int sign;

	if (in == NULL)
		goto err;
	R = in;

	bn_check_top(a);
	bn_check_top(n);

	BN_CTX_start(ctx);
	if ((A = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((B = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((X = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((D = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((M = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((Y = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((T = BN_CTX_get(ctx)) == NULL)
		goto err;

	BN_one(X);
	BN_zero(Y);
	if (BN_copy(B, a) == NULL)
		goto err;
	if (BN_copy(A, n) == NULL)
		goto err;
	A->neg = 0;

	if (B->neg || (BN_ucmp(B, A) >= 0)) {
		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
	 	 * BN_div_no_branch will be called eventually.
	 	 */
		pB = &local_B;
		BN_with_flags(pB, B, BN_FLG_CONSTTIME);
		if (!BN_nnmod(B, pB, A, ctx))
			goto err;
	}
	sign = -1;
	/* From  B = a mod |n|,  A = |n|  it follows that
	 *
	 *      0 <= B < A,
	 *     -sign*X*a  ==  B   (mod |n|),
	 *      sign*Y*a  ==  A   (mod |n|).
	 */

	while (!BN_is_zero(B)) {
		BIGNUM *tmp;

		/*
		 *      0 < B < A,
		 * (*) -sign*X*a  ==  B   (mod |n|),
		 *      sign*Y*a  ==  A   (mod |n|)
		 */

		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
	 	 * BN_div_no_branch will be called eventually.
	 	 */
		pA = &local_A;
		BN_with_flags(pA, A, BN_FLG_CONSTTIME);

		/* (D, M) := (A/B, A%B) ... */
		if (!BN_div_ct(D, M, pA, B, ctx))
			goto err;

		/* Now
		 *      A = D*B + M;
		 * thus we have
		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
		 */
		tmp = A; /* keep the BIGNUM object, the value does not matter */

		/* (A, B) := (B, A mod B) ... */
		A = B;
		B = M;
		/* ... so we have  0 <= B < A  again */

		/* Since the former  M  is now  B  and the former  B  is now  A,
		 * (**) translates into
		 *       sign*Y*a  ==  D*A + B    (mod |n|),
		 * i.e.
		 *       sign*Y*a - D*A  ==  B    (mod |n|).
		 * Similarly, (*) translates into
		 *      -sign*X*a  ==  A          (mod |n|).
		 *
		 * Thus,
		 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
		 * i.e.
		 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
		 *
		 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
		 *      -sign*X*a  ==  B   (mod |n|),
		 *       sign*Y*a  ==  A   (mod |n|).
		 * Note that  X  and  Y  stay non-negative all the time.
		 */

		if (!BN_mul(tmp, D, X, ctx))
			goto err;
		if (!BN_add(tmp, tmp, Y))
			goto err;

		M = Y; /* keep the BIGNUM object, the value does not matter */
		Y = X;
		X = tmp;
		sign = -sign;
	}

	/*
	 * The while loop (Euclid's algorithm) ends when
	 *      A == gcd(a,n);
	 */

	if (!BN_copy(R, A))
		goto err;
	ret = R;
err:
	if ((ret == NULL) && (in == NULL))
		BN_free(R);
	BN_CTX_end(ctx);
	bn_check_top(ret);
	return (ret);
}
Changes to jni/libressl/crypto/bn/bn_gf2m.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_gf2m.c,v 1.20 2015/06/11 15:55:28 jsing Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_gf2m.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <limits.h>
#include <stdio.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"








<
<
<







86
87
88
89
90
91
92



93
94
95
96
97
98
99
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <limits.h>
#include <stdio.h>




#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"

442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
			BN_ULONG tmp_ulong;

			/* reducing component t^p[k]*/
			n = p[k] / BN_BITS2;
			d0 = p[k] % BN_BITS2;
			d1 = BN_BITS2 - d0;
			z[n] ^= (zz << d0);
			tmp_ulong = zz >> d1;
			if (d0 && tmp_ulong)
				z[n + 1] ^= tmp_ulong;
		}


	}

	bn_correct_top(r);







|
<







439
440
441
442
443
444
445
446

447
448
449
450
451
452
453
			BN_ULONG tmp_ulong;

			/* reducing component t^p[k]*/
			n = p[k] / BN_BITS2;
			d0 = p[k] % BN_BITS2;
			d1 = BN_BITS2 - d0;
			z[n] ^= (zz << d0);
			if (d0 && (tmp_ulong = zz >> d1))

				z[n + 1] ^= tmp_ulong;
		}


	}

	bn_correct_top(r);
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
	int ret = 0;
	int arr[6];

	bn_check_top(a);
	bn_check_top(p);
	ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
	if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
		BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
		return 0;
	}
	ret = BN_GF2m_mod_arr(r, a, arr);
	bn_check_top(r);
	return ret;
}








|







466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
	int ret = 0;
	int arr[6];

	bn_check_top(a);
	bn_check_top(p);
	ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
	if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
		BNerror(BN_R_INVALID_LENGTH);
		return 0;
	}
	ret = BN_GF2m_mod_arr(r, a, arr);
	bn_check_top(r);
	return ret;
}

553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
	bn_check_top(a);
	bn_check_top(b);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
	bn_check_top(r);

err:
	free(arr);







|







549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
	bn_check_top(a);
	bn_check_top(b);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerror(BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
	bn_check_top(r);

err:
	free(arr);
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629

	bn_check_top(a);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
	bn_check_top(r);

err:
	free(arr);







|







611
612
613
614
615
616
617
618
619
620
621
622
623
624
625

	bn_check_top(a);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerror(BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
	bn_check_top(r);

err:
	free(arr);
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
	bn_check_top(a);
	bn_check_top(b);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
	bn_check_top(r);

err:
	free(arr);







|







1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
	bn_check_top(a);
	bn_check_top(b);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerror(BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
	bn_check_top(r);

err:
	free(arr);
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
	int *arr = NULL;
	bn_check_top(a);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
	bn_check_top(r);

err:
	free(arr);







|







1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
	int *arr = NULL;
	bn_check_top(a);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerror(BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
	bn_check_top(r);

err:
	free(arr);
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
					goto err;
				if (!BN_GF2m_add(w, w2, rho))
					goto err;
			}
			count++;
		} while (BN_is_zero(w) && (count < MAX_ITERATIONS));
		if (BN_is_zero(w)) {
			BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,
			    BN_R_TOO_MANY_ITERATIONS);
			goto err;
		}
	}

	if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
		goto err;
	if (!BN_GF2m_add(w, z, w))
		goto err;
	if (BN_GF2m_cmp(w, a)) {
		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
		goto err;
	}

	if (!BN_copy(r, z))
		goto err;
	bn_check_top(r);








<
|









|







1202
1203
1204
1205
1206
1207
1208

1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
					goto err;
				if (!BN_GF2m_add(w, w2, rho))
					goto err;
			}
			count++;
		} while (BN_is_zero(w) && (count < MAX_ITERATIONS));
		if (BN_is_zero(w)) {

			BNerror(BN_R_TOO_MANY_ITERATIONS);
			goto err;
		}
	}

	if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
		goto err;
	if (!BN_GF2m_add(w, z, w))
		goto err;
	if (BN_GF2m_cmp(w, a)) {
		BNerror(BN_R_NO_SOLUTION);
		goto err;
	}

	if (!BN_copy(r, z))
		goto err;
	bn_check_top(r);

1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265

	bn_check_top(a);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
	bn_check_top(r);

err:
	free(arr);







|







1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260

	bn_check_top(a);
	bn_check_top(p);
	if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
		goto err;
	ret = BN_GF2m_poly2arr(p, arr, max);
	if (!ret || ret > max) {
		BNerror(BN_R_INVALID_LENGTH);
		goto err;
	}
	ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
	bn_check_top(r);

err:
	free(arr);
Changes to jni/libressl/crypto/bn/bn_kron.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_kron.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_kron.c,v 1.6 2015/02/09 15:49:22 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/bn/bn_lcl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_lcl.h,v 1.21 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_lcl.h,v 1.27 2017/01/25 06:15:44 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#ifndef HEADER_BN_LCL_H
#define HEADER_BN_LCL_H

#include <openssl/opensslconf.h>

#include <openssl/bn.h>

#ifdef  __cplusplus
extern "C" {
#endif


/*
 * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
 *
 *
 * For window size 'w' (w >= 2) and a random 'b' bits exponent,
 * the number of multiplications is a constant plus on average







<
<
<
|







112
113
114
115
116
117
118



119
120
121
122
123
124
125
126
#ifndef HEADER_BN_LCL_H
#define HEADER_BN_LCL_H

#include <openssl/opensslconf.h>

#include <openssl/bn.h>




__BEGIN_HIDDEN_DECLS

/*
 * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
 *
 *
 * For window size 'w' (w >= 2) and a random 'b' bits exponent,
 * the number of multiplications is a constant plus on average
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
	/* non-multiply part */ \
	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
	(c)=h&BN_MASK2; \
	(r)=l&BN_MASK2; \
	}
#endif /* !BN_LLONG */

	void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,







|







445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
	/* non-multiply part */ \
	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
	(c)=h&BN_MASK2; \
	(r)=l&BN_MASK2; \
	}
#endif /* !BN_LLONG */

void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
473
474
475
476
477
478
479


































480
481





















482
483



























484














































    BN_ULONG *t);
BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
    int cl, int dl);
BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
    int cl, int dl);
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);



































#ifdef  __cplusplus
}





















#endif




























#endif





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
    BN_ULONG *t);
BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
    int cl, int dl);
BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
    int cl, int dl);
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);

#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
BIGNUM *bn_expand(BIGNUM *a, int bits);

BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */

/* Bignum consistency macros
 * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
 * bignum data after direct manipulations on the data. There is also an
 * "internal" macro, bn_check_top(), for verifying that there are no leading
 * zeroes. Unfortunately, some auditing is required due to the fact that
 * bn_fix_top() has become an overabused duct-tape because bignum data is
 * occasionally passed around in an inconsistent state. So the following
 * changes have been made to sort this out;
 * - bn_fix_top()s implementation has been moved to bn_correct_top()
 * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
 *   bn_check_top() is as before.
 * - if BN_DEBUG *is* defined;
 *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
 *     consistent. (ed: only if BN_DEBUG_RAND is defined)
 *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
 * The idea is to have debug builds flag up inconsistent bignums when they
 * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
 * the use of bn_fix_top() was appropriate (ie. it follows directly after code
 * that manipulates the bignum) it is converted to bn_correct_top(), and if it
 * was not appropriate, we convert it permanently to bn_check_top() and track
 * down the cause of the bug. Eventually, no internal code should be using the
 * bn_fix_top() macro. External applications and libraries should try this with
 * their own code too, both in terms of building against the openssl headers
 * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
 * defined. This not only improves external code, it provides more test
 * coverage for openssl's own code.
 */

#ifdef BN_DEBUG

/* We only need assert() when debugging */
#include <assert.h>

#ifdef BN_DEBUG_RAND
#define bn_pollute(a) \
	do { \
		const BIGNUM *_bnum1 = (a); \
		if(_bnum1->top < _bnum1->dmax) { \
			unsigned char _tmp_char; \
			/* We cast away const without the compiler knowing, any \
			 * *genuinely* constant variables that aren't mutable \
			 * wouldn't be constructed with top!=dmax. */ \
			BN_ULONG *_not_const; \
			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
			arc4random_buf(&_tmp_char, 1); \
			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
		} \
	} while(0)
#else
#define bn_pollute(a)
#endif

#define bn_check_top(a) \
	do { \
		const BIGNUM *_bnum2 = (a); \
		if (_bnum2 != NULL) { \
			assert((_bnum2->top == 0) || \
				(_bnum2->d[_bnum2->top - 1] != 0)); \
			bn_pollute(_bnum2); \
		} \
	} while(0)

#define bn_fix_top(a)		bn_check_top(a)

#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
#define bn_wcheck_size(bn, words) \
	do { \
		const BIGNUM *_bnum2 = (bn); \
		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
	} while(0)

#else /* !BN_DEBUG */

#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a)		bn_correct_top(a)
#define bn_check_size(bn, bits)
#define bn_wcheck_size(bn, words)

#endif

#define bn_correct_top(a) \
        { \
        BN_ULONG *ftl; \
	int tmp_top = (a)->top; \
	if (tmp_top > 0) \
		{ \
		for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
			if (*(ftl--)) break; \
		(a)->top = tmp_top; \
		} \
	bn_pollute(a); \
	}

BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);

int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);

/* Explicitly const time / non-const time versions for internal use */
int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_div_nonct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
    BN_CTX *ctx);
int BN_div_ct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
    BN_CTX *ctx);
#define BN_mod_ct(rem,m,d,ctx) BN_div_ct(NULL,(rem),(m),(d),(ctx))
#define BN_mod_nonct(rem,m,d,ctx) BN_div_nonct(NULL,(rem),(m),(d),(ctx))
BIGNUM *BN_mod_inverse_ct(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,
    BN_CTX *ctx);
BIGNUM *BN_mod_inverse_nonct(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,
    BN_CTX *ctx);
int	BN_gcd_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
int	BN_gcd_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
__END_HIDDEN_DECLS
#endif
Changes to jni/libressl/crypto/bn/bn_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_lib.c,v 1.35 2016/03/04 16:23:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_lib.c,v 1.37 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# define NDEBUG
#endif

#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"








<
<
<







61
62
63
64
65
66
67



68
69
70
71
72
73
74
# define NDEBUG
#endif

#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include <string.h>




#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"

248
249
250
251
252
253
254
255
256
257
258
259
260
261
262

BIGNUM *
BN_new(void)
{
	BIGNUM *ret;

	if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
		BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->flags = BN_FLG_MALLOCED;
	ret->top = 0;
	ret->neg = 0;
	ret->dmax = 0;
	ret->d = NULL;







|







245
246
247
248
249
250
251
252
253
254
255
256
257
258
259

BIGNUM *
BN_new(void)
{
	BIGNUM *ret;

	if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
		BNerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->flags = BN_FLG_MALLOCED;
	ret->top = 0;
	ret->neg = 0;
	ret->dmax = 0;
	ret->d = NULL;
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
	BN_ULONG *A, *a = NULL;
	const BN_ULONG *B;
	int i;

	bn_check_top(b);

	if (words > (INT_MAX/(4*BN_BITS2))) {
		BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
		return NULL;
	}
	if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
		BNerr(BN_F_BN_EXPAND_INTERNAL,
		    BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
		return (NULL);
	}
	a = A = reallocarray(NULL, words, sizeof(BN_ULONG));
	if (A == NULL) {
		BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
#if 1
	B = b->d;
	/* Check if the previous number needs to be copied */
	if (B != NULL) {
		for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {







|



<
|




|







269
270
271
272
273
274
275
276
277
278
279

280
281
282
283
284
285
286
287
288
289
290
291
292
	BN_ULONG *A, *a = NULL;
	const BN_ULONG *B;
	int i;

	bn_check_top(b);

	if (words > (INT_MAX/(4*BN_BITS2))) {
		BNerror(BN_R_BIGNUM_TOO_LONG);
		return NULL;
	}
	if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {

		BNerror(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
		return (NULL);
	}
	a = A = reallocarray(NULL, words, sizeof(BN_ULONG));
	if (A == NULL) {
		BNerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
#if 1
	B = b->d;
	/* Check if the previous number needs to be copied */
	if (B != NULL) {
		for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
Changes to jni/libressl/crypto/bn/bn_mod.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mod.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project. */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mod.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project. */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
117
118
119
120
121
122
123
124
125
126
127
128
129



130
131
132
133
134
135
136

int
BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
{
	/* like BN_mod, but returns non-negative remainder
	 * (i.e.,  0 <= r < |d|  always holds) */

	if (!(BN_mod(r, m,d, ctx)))
		return 0;
	if (!r->neg)
		return 1;
	/* now   -|d| < r < 0,  so we have to set  r := r + |d| */
	return (d->neg ? BN_sub : BN_add)(r, r, d);



}

int
BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
    BN_CTX *ctx)
{
	if (!BN_add(r, a, b))







|



|
|
>
>
>







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

int
BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
{
	/* like BN_mod, but returns non-negative remainder
	 * (i.e.,  0 <= r < |d|  always holds) */

	if (!(BN_mod_ct(r, m,d, ctx)))
		return 0;
	if (!r->neg)
		return 1;
	/* now -|d| < r < 0,  so we have to set  r := r + |d| */
	if (d->neg)
		return BN_sub(r, r, d);
	else
		return BN_add(r, r, d);
}

int
BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
    BN_CTX *ctx)
{
	if (!BN_add(r, a, b))
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219

int
BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
{
	if (!BN_sqr(r, a, ctx))
		return 0;
	/* r->neg == 0,  thus we don't need BN_nnmod */
	return BN_mod(r, r, m, ctx);
}

int
BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
{
	if (!BN_lshift1(r, a))
		return 0;







|







208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

int
BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
{
	if (!BN_sqr(r, a, ctx))
		return 0;
	/* r->neg == 0,  thus we don't need BN_nnmod */
	return BN_mod_ct(r, r, m, ctx);
}

int
BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
{
	if (!BN_lshift1(r, a))
		return 0;
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
		int max_shift;

		/* 0 < r < m */
		max_shift = BN_num_bits(m) - BN_num_bits(r);
		/* max_shift >= 0 */

		if (max_shift < 0) {
			BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
			return 0;
		}

		if (max_shift > n)
			max_shift = n;

		if (max_shift) {







|







274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
		int max_shift;

		/* 0 < r < m */
		max_shift = BN_num_bits(m) - BN_num_bits(r);
		/* max_shift >= 0 */

		if (max_shift < 0) {
			BNerror(BN_R_INPUT_NOT_REDUCED);
			return 0;
		}

		if (max_shift > n)
			max_shift = n;

		if (max_shift) {
Changes to jni/libressl/crypto/bn/bn_mont.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mont.c,v 1.23 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mont.c,v 1.26 2017/01/21 11:00:46 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487

		tmod.top = 0;
		if ((buf[0] = mod->d[0]))
			tmod.top = 1;
		if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
			tmod.top = 2;

		if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
			goto err;
		if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
			goto err; /* R*Ri */
		if (!BN_is_zero(Ri)) {
			if (!BN_sub_word(Ri, 1))
				goto err;
		}
		else /* if N mod word size == 1 */
		{
			if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
				goto err;
			/* Ri-- (mod double word size) */
			Ri->neg = 0;
			Ri->d[0] = BN_MASK2;
			Ri->d[1] = BN_MASK2;
			Ri->top = 2;
		}
		if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
			goto err;
		/* Ni = (R*Ri-1)/N,
		 * keep only couple of least significant words: */
		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
		mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
#else
		BN_zero(R);
		if (!(BN_set_bit(R, BN_BITS2)))
			goto err;	/* R */

		buf[0] = mod->d[0]; /* tmod = N mod word size */
		buf[1] = 0;
		tmod.top = buf[0] != 0 ? 1 : 0;
		/* Ri = R^-1 mod N*/
		if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
			goto err;
		if (!BN_lshift(Ri, Ri, BN_BITS2))
			goto err; /* R*Ri */
		if (!BN_is_zero(Ri)) {
			if (!BN_sub_word(Ri, 1))
				goto err;
		}
		else /* if N mod word size == 1 */
		{
			if (!BN_set_word(Ri, BN_MASK2))
				goto err;  /* Ri-- (mod word size) */
		}
		if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
			goto err;
		/* Ni = (R*Ri-1)/N,
		 * keep only least significant word: */
		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
		mont->n0[1] = 0;
#endif
	}
#else /* !MONT_WORD */
	{ /* bignum version */
		mont->ri = BN_num_bits(&mont->N);
		BN_zero(R);
		if (!BN_set_bit(R, mont->ri))
			goto err;  /* R = 2^ri */
		/* Ri = R^-1 mod N*/
		if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
			goto err;
		if (!BN_lshift(Ri, Ri, mont->ri))
			goto err; /* R*Ri */
		if (!BN_sub_word(Ri, 1))
			goto err;
		/* Ni = (R*Ri-1) / N */
		if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
			goto err;
	}
#endif

	/* setup RR for conversions */
	BN_zero(&(mont->RR));
	if (!BN_set_bit(&(mont->RR), mont->ri*2))
		goto err;
	if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
		goto err;

	ret = 1;

err:
	BN_CTX_end(ctx);
	return ret;







|

















|














|












|














|






|








|







396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487

		tmod.top = 0;
		if ((buf[0] = mod->d[0]))
			tmod.top = 1;
		if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
			tmod.top = 2;

		if ((BN_mod_inverse_ct(Ri, R, &tmod, ctx)) == NULL)
			goto err;
		if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
			goto err; /* R*Ri */
		if (!BN_is_zero(Ri)) {
			if (!BN_sub_word(Ri, 1))
				goto err;
		}
		else /* if N mod word size == 1 */
		{
			if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
				goto err;
			/* Ri-- (mod double word size) */
			Ri->neg = 0;
			Ri->d[0] = BN_MASK2;
			Ri->d[1] = BN_MASK2;
			Ri->top = 2;
		}
		if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx))
			goto err;
		/* Ni = (R*Ri-1)/N,
		 * keep only couple of least significant words: */
		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
		mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
#else
		BN_zero(R);
		if (!(BN_set_bit(R, BN_BITS2)))
			goto err;	/* R */

		buf[0] = mod->d[0]; /* tmod = N mod word size */
		buf[1] = 0;
		tmod.top = buf[0] != 0 ? 1 : 0;
		/* Ri = R^-1 mod N*/
		if ((BN_mod_inverse_ct(Ri, R, &tmod, ctx)) == NULL)
			goto err;
		if (!BN_lshift(Ri, Ri, BN_BITS2))
			goto err; /* R*Ri */
		if (!BN_is_zero(Ri)) {
			if (!BN_sub_word(Ri, 1))
				goto err;
		}
		else /* if N mod word size == 1 */
		{
			if (!BN_set_word(Ri, BN_MASK2))
				goto err;  /* Ri-- (mod word size) */
		}
		if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx))
			goto err;
		/* Ni = (R*Ri-1)/N,
		 * keep only least significant word: */
		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
		mont->n0[1] = 0;
#endif
	}
#else /* !MONT_WORD */
	{ /* bignum version */
		mont->ri = BN_num_bits(&mont->N);
		BN_zero(R);
		if (!BN_set_bit(R, mont->ri))
			goto err;  /* R = 2^ri */
		/* Ri = R^-1 mod N*/
		if ((BN_mod_inverse_ct(Ri, R, &mont->N, ctx)) == NULL)
			goto err;
		if (!BN_lshift(Ri, Ri, mont->ri))
			goto err; /* R*Ri */
		if (!BN_sub_word(Ri, 1))
			goto err;
		/* Ni = (R*Ri-1) / N */
		if (!BN_div_ct(&(mont->Ni), NULL, Ri, &mont->N, ctx))
			goto err;
	}
#endif

	/* setup RR for conversions */
	BN_zero(&(mont->RR));
	if (!BN_set_bit(&(mont->RR), mont->ri*2))
		goto err;
	if (!BN_mod_ct(&(mont->RR), &(mont->RR), &(mont->N), ctx))
		goto err;

	ret = 1;

err:
	BN_CTX_end(ctx);
	return ret;
Changes to jni/libressl/crypto/bn/bn_mpi.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mpi.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mpi.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
BIGNUM *
BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
{
	long len;
	int neg = 0;

	if (n < 4) {
		BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
		return (NULL);
	}
	len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
	    (int)d[3];
	if ((len + 4) != n) {
		BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
		return (NULL);
	}

	if (a == NULL)
		a = BN_new();
	if (a == NULL)
		return (NULL);







|





|







94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
BIGNUM *
BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
{
	long len;
	int neg = 0;

	if (n < 4) {
		BNerror(BN_R_INVALID_LENGTH);
		return (NULL);
	}
	len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
	    (int)d[3];
	if ((len + 4) != n) {
		BNerror(BN_R_ENCODING_ERROR);
		return (NULL);
	}

	if (a == NULL)
		a = BN_new();
	if (a == NULL)
		return (NULL);
Changes to jni/libressl/crypto/bn/bn_mul.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mul.c,v 1.19 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_mul.c,v 1.20 2015/02/09 15:49:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bn/bn_nist.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_nist.c,v 1.17 2016/07/17 22:01:01 bcook Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_nist.c,v 1.18 2016/07/18 01:04:52 bcook Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/bn/bn_prime.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_prime.c,v 1.14 2015/10/21 19:02:22 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_prime.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
	int checks;

	if (bits < 2 || (bits == 2 && safe)) {
		/*
		 * There are no prime numbers smaller than 2, and the smallest
		 * safe prime (7) spans three bits.
		 */
		BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
		return 0;
	}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;
	BN_CTX_start(ctx);







|







169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
	int checks;

	if (bits < 2 || (bits == 2 && safe)) {
		/*
		 * There are no prime numbers smaller than 2, and the smallest
		 * safe prime (7) spans three bits.
		 */
		BNerror(BN_R_BITS_TOO_SMALL);
		return 0;
	}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;
	BN_CTX_start(ctx);
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
	return (ret);
}

static int
witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd,
    int k, BN_CTX *ctx, BN_MONT_CTX *mont)
{
	if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont))
		/* w := w^a1_odd mod a */
		return -1;
	if (BN_is_one(w))
		return 0; /* probably prime */
	if (BN_cmp(w, a1) == 0)
		return 0; /* w == -1 (mod a),  'a' is probably prime */
	while (--k) {







|







365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
	return (ret);
}

static int
witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd,
    int k, BN_CTX *ctx, BN_MONT_CTX *mont)
{
	if (!BN_mod_exp_mont_ct(w, w, a1_odd, a, ctx, mont))
		/* w := w^a1_odd mod a */
		return -1;
	if (BN_is_one(w))
		return 0; /* probably prime */
	if (BN_cmp(w, a1) == 0)
		return 0; /* w == -1 (mod a),  'a' is probably prime */
	while (--k) {
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
		goto err;

	if (!BN_rand(rnd, bits, 0, 1))
		goto err;

	/* we need ((rnd-rem) % add) == 0 */

	if (!BN_mod(t1, rnd, add, ctx))
		goto err;
	if (!BN_sub(rnd, rnd, t1))
		goto err;
	if (rem == NULL) {
		if (!BN_add_word(rnd, 1))
			goto err;
	} else {







|







439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
		goto err;

	if (!BN_rand(rnd, bits, 0, 1))
		goto err;

	/* we need ((rnd-rem) % add) == 0 */

	if (!BN_mod_ct(t1, rnd, add, ctx))
		goto err;
	if (!BN_sub(rnd, rnd, t1))
		goto err;
	if (rem == NULL) {
		if (!BN_add_word(rnd, 1))
			goto err;
	} else {
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
	if (!BN_rshift1(qadd, padd))
		goto err;

	if (!BN_rand(q, bits, 0, 1))
		goto err;

	/* we need ((rnd-rem) % add) == 0 */
	if (!BN_mod(t1, q,qadd, ctx))
		goto err;
	if (!BN_sub(q, q, t1))
		goto err;
	if (rem == NULL) {
		if (!BN_add_word(q, 1))
			goto err;
	} else {







|







496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
	if (!BN_rshift1(qadd, padd))
		goto err;

	if (!BN_rand(q, bits, 0, 1))
		goto err;

	/* we need ((rnd-rem) % add) == 0 */
	if (!BN_mod_ct(t1, q,qadd, ctx))
		goto err;
	if (!BN_sub(q, q, t1))
		goto err;
	if (rem == NULL) {
		if (!BN_add_word(q, 1))
			goto err;
	} else {
Changes to jni/libressl/crypto/bn/bn_prime.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Auto generated by bn_prime.pl */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_prime.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */
/* Auto generated by bn_prime.pl */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
52
53
54
55
56
57
58


59
60
61
62
63
64
65
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */



#define NUMPRIMES 2048
typedef unsigned short prime_t;
static const prime_t primes[NUMPRIMES] = {
	2,   3,   5,   7,  11,  13,  17,  19,
	23,  29,  31,  37,  41,  43,  47,  53,
	59,  61,  67,  71,  73,  79,  83,  89,







>
>







52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

__BEGIN_HIDDEN_DECLS

#define NUMPRIMES 2048
typedef unsigned short prime_t;
static const prime_t primes[NUMPRIMES] = {
	2,   3,   5,   7,  11,  13,  17,  19,
	23,  29,  31,  37,  41,  43,  47,  53,
	59,  61,  67,  71,  73,  79,  83,  89,
313
314
315
316
317
318
319


	17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
	17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
	17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
	17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
	17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
	17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
};









>
>
315
316
317
318
319
320
321
322
323
	17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
	17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
	17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
	17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
	17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
	17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/bn/bn_print.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_print.c,v 1.28 2015/09/28 18:58:33 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_print.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <ctype.h>
#include <limits.h>
#include <stdio.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/err.h>








<
<
<







55
56
57
58
59
60
61



62
63
64
65
66
67
68
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <ctype.h>
#include <limits.h>
#include <stdio.h>




#include <openssl/opensslconf.h>

#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/err.h>

79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
{
	int i, j, v, z = 0;
	char *buf;
	char *p;

	buf = malloc(BN_is_negative(a) + a->top * BN_BYTES * 2 + 2);
	if (buf == NULL) {
		BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = buf;
	if (BN_is_negative(a))
		*p++ = '-';
	if (BN_is_zero(a))
		*p++ = '0';







|







76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
{
	int i, j, v, z = 0;
	char *buf;
	char *p;

	buf = malloc(BN_is_negative(a) + a->top * BN_BYTES * 2 + 2);
	if (buf == NULL) {
		BNerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = buf;
	if (BN_is_negative(a))
		*p++ = '-';
	if (BN_is_zero(a))
		*p++ = '0';
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158


159


160
161
162
163
164
165
166
	return (buf);
}

/* Must 'free' the returned data */
char *
BN_bn2dec(const BIGNUM *a)
{
	int i = 0, num, ok = 0;
	char *buf = NULL;
	char *p;
	BIGNUM *t = NULL;
	BN_ULONG *bn_data = NULL, *lp;

	if (BN_is_zero(a)) {
		buf = malloc(BN_is_negative(a) + 2);
		if (buf == NULL) {
			BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		p = buf;
		if (BN_is_negative(a))
			*p++ = '-';
		*p++ = '0';
		*p++ = '\0';
		return (buf);
	}

	/* get an upper bound for the length of the decimal integer
	 * num <= (BN_num_bits(a) + 1) * log(2)
	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
	 */
	i = BN_num_bits(a) * 3;
	num = (i / 10 + i / 1000 + 1) + 1;

	bn_data = reallocarray(NULL, num / BN_DEC_NUM + 1, sizeof(BN_ULONG));
	buf = malloc(num + 3);
	if ((buf == NULL) || (bn_data == NULL)) {
		BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((t = BN_dup(a)) == NULL)
		goto err;

#define BUF_REMAIN (num+3 - (size_t)(p - buf))
	p = buf;
	lp = bn_data;
	if (BN_is_negative(t))
		*p++ = '-';

	i = 0;
	while (!BN_is_zero(t)) {


		*lp = BN_div_word(t, BN_DEC_CONV);


		lp++;
	}
	lp--;
	/* We now have a series of blocks, BN_DEC_NUM chars
	 * in length, where the last one needs truncation.
	 * The blocks need to be reversed in order. */
	snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);







|








|

















>
|


|











<

>
>

>
>







105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
162
163
164
165
166
167
	return (buf);
}

/* Must 'free' the returned data */
char *
BN_bn2dec(const BIGNUM *a)
{
	int i = 0, num, bn_data_num, ok = 0;
	char *buf = NULL;
	char *p;
	BIGNUM *t = NULL;
	BN_ULONG *bn_data = NULL, *lp;

	if (BN_is_zero(a)) {
		buf = malloc(BN_is_negative(a) + 2);
		if (buf == NULL) {
			BNerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		p = buf;
		if (BN_is_negative(a))
			*p++ = '-';
		*p++ = '0';
		*p++ = '\0';
		return (buf);
	}

	/* get an upper bound for the length of the decimal integer
	 * num <= (BN_num_bits(a) + 1) * log(2)
	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
	 */
	i = BN_num_bits(a) * 3;
	num = (i / 10 + i / 1000 + 1) + 1;
	bn_data_num = num / BN_DEC_NUM + 1;
	bn_data = reallocarray(NULL, bn_data_num, sizeof(BN_ULONG));
	buf = malloc(num + 3);
	if ((buf == NULL) || (bn_data == NULL)) {
		BNerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((t = BN_dup(a)) == NULL)
		goto err;

#define BUF_REMAIN (num+3 - (size_t)(p - buf))
	p = buf;
	lp = bn_data;
	if (BN_is_negative(t))
		*p++ = '-';


	while (!BN_is_zero(t)) {
		if (lp - bn_data >= bn_data_num)
			goto err;
		*lp = BN_div_word(t, BN_DEC_CONV);
		if (*lp == (BN_ULONG)-1)
			goto err;
		lp++;
	}
	lp--;
	/* We now have a series of blocks, BN_DEC_NUM chars
	 * in length, where the last one needs truncation.
	 * The blocks need to be reversed in order. */
	snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
Changes to jni/libressl/crypto/bn/bn_rand.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_rand.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
static int
bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
{
	unsigned char *buf = NULL;
	int ret = 0, bit, bytes, mask;

	if (rnd == NULL) {
		BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}

	if (bits == 0) {
		BN_zero(rnd);
		return (1);
	}

	bytes = (bits + 7) / 8;
	bit = (bits - 1) % 8;
	mask = 0xff << (bit + 1);

	buf = malloc(bytes);
	if (buf == NULL) {
		BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* make a random number and set the top and bottom bits */
	arc4random_buf(buf, bytes);

#if 1







|














|







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
static int
bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
{
	unsigned char *buf = NULL;
	int ret = 0, bit, bytes, mask;

	if (rnd == NULL) {
		BNerror(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}

	if (bits == 0) {
		BN_zero(rnd);
		return (1);
	}

	bytes = (bits + 7) / 8;
	bit = (bits - 1) % 8;
	mask = 0xff << (bit + 1);

	buf = malloc(bytes);
	if (buf == NULL) {
		BNerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* make a random number and set the top and bottom bits */
	arc4random_buf(buf, bytes);

#if 1
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
{
	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
	int n;
	int count = 100;

	if (range->neg || BN_is_zero(range)) {
		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
		return 0;
	}

	n = BN_num_bits(range); /* n > 0 */

	/* BN_is_bit_set(range, n - 1) always holds */








|







220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
{
	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
	int n;
	int count = 100;

	if (range->neg || BN_is_zero(range)) {
		BNerror(BN_R_INVALID_RANGE);
		return 0;
	}

	n = BN_num_bits(range); /* n > 0 */

	/* BN_is_bit_set(range, n - 1) always holds */

250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
					return 0;
				if (BN_cmp(r, range) >= 0)
					if (!BN_sub(r, r, range))
						return 0;
			}

			if (!--count) {
				BNerr(BN_F_BN_RAND_RANGE,
				    BN_R_TOO_MANY_ITERATIONS);
				return 0;
			}

		} while (BN_cmp(r, range) >= 0);
	} else {
		do {
			/* range = 11..._2  or  range = 101..._2 */
			if (!bn_rand(r, n, -1, 0))
				return 0;

			if (!--count) {
				BNerr(BN_F_BN_RAND_RANGE,
				    BN_R_TOO_MANY_ITERATIONS);
				return 0;
			}
		} while (BN_cmp(r, range) >= 0);
	}

	bn_check_top(r);
	return 1;







<
|











<
|







250
251
252
253
254
255
256

257
258
259
260
261
262
263
264
265
266
267
268

269
270
271
272
273
274
275
276
					return 0;
				if (BN_cmp(r, range) >= 0)
					if (!BN_sub(r, r, range))
						return 0;
			}

			if (!--count) {

				BNerror(BN_R_TOO_MANY_ITERATIONS);
				return 0;
			}

		} while (BN_cmp(r, range) >= 0);
	} else {
		do {
			/* range = 11..._2  or  range = 101..._2 */
			if (!bn_rand(r, n, -1, 0))
				return 0;

			if (!--count) {

				BNerror(BN_R_TOO_MANY_ITERATIONS);
				return 0;
			}
		} while (BN_cmp(r, range) >= 0);
	}

	bn_check_top(r);
	return 1;
Changes to jni/libressl/crypto/bn/bn_recp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_recp.c,v 1.12 2015/03/21 08:05:20 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_recp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
		goto err;
	r->neg = 0;

#if 1
	j = 0;
	while (BN_ucmp(r, &(recp->N)) >= 0) {
		if (j++ > 2) {
			BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
			goto err;
		}
		if (!BN_usub(r, r, &(recp->N)))
			goto err;
		if (!BN_add_word(d, 1))
			goto err;
	}







|







208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
		goto err;
	r->neg = 0;

#if 1
	j = 0;
	while (BN_ucmp(r, &(recp->N)) >= 0) {
		if (j++ > 2) {
			BNerror(BN_R_BAD_RECIPROCAL);
			goto err;
		}
		if (!BN_usub(r, r, &(recp->N)))
			goto err;
		if (!BN_add_word(d, 1))
			goto err;
	}
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
	BN_CTX_start(ctx);
	if ((t = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!BN_set_bit(t, len))
		goto err;

	if (!BN_div(r, NULL, t,m, ctx))
		goto err;

	ret = len;

err:
	bn_check_top(r);
	BN_CTX_end(ctx);
	return (ret);
}







|









247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
	BN_CTX_start(ctx);
	if ((t = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!BN_set_bit(t, len))
		goto err;

	if (!BN_div_ct(r, NULL, t,m, ctx))
		goto err;

	ret = len;

err:
	bn_check_top(r);
	BN_CTX_end(ctx);
	return (ret);
}
Changes to jni/libressl/crypto/bn/bn_shift.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_shift.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_shift.c,v 1.13 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bn/bn_sqr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_sqr.c,v 1.11 2014/07/11 13:26:31 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_sqr.c,v 1.12 2015/02/09 15:49:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bn/bn_sqrt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_sqrt.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * and Bodo Moeller for the OpenSSL project. */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_sqrt.c,v 1.9 2017/01/29 17:49:22 beck Exp $ */
/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * and Bodo Moeller for the OpenSSL project. */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
					BN_free(ret);
				return NULL;
			}
			bn_check_top(ret);
			return ret;
		}

		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
		return (NULL);
	}

	if (BN_is_zero(a) || BN_is_one(a)) {
		if (ret == NULL)
			ret = BN_new();
		if (ret == NULL)







|







85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
					BN_free(ret);
				return NULL;
			}
			bn_check_top(ret);
			return ret;
		}

		BNerror(BN_R_P_IS_NOT_PRIME);
		return (NULL);
	}

	if (BN_is_zero(a) || BN_is_one(a)) {
		if (ret == NULL)
			ret = BN_new();
		if (ret == NULL)
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
		 */
		if (!BN_rshift(q, p, 2))
			goto end;
		q->neg = 0;
		if (!BN_add_word(q, 1))
			goto end;
		if (!BN_mod_exp(ret, A, q, p, ctx))
			goto end;
		err = 0;
		goto vrfy;
	}

	if (e == 2) {
		/* |p| == 5  (mod 8)







|







145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
		 */
		if (!BN_rshift(q, p, 2))
			goto end;
		q->neg = 0;
		if (!BN_add_word(q, 1))
			goto end;
		if (!BN_mod_exp_ct(ret, A, q, p, ctx))
			goto end;
		err = 0;
		goto vrfy;
	}

	if (e == 2) {
		/* |p| == 5  (mod 8)
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
		if (!BN_mod_lshift1_quick(t, A, p))
			goto end;

		/* b := (2*a)^((|p|-5)/8) */
		if (!BN_rshift(q, p, 3))
			goto end;
		q->neg = 0;
		if (!BN_mod_exp(b, t, q, p, ctx))
			goto end;

		/* y := b^2 */
		if (!BN_mod_sqr(y, b, p, ctx))
			goto end;

		/* t := (2*a)*b^2 - 1*/







|







186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
		if (!BN_mod_lshift1_quick(t, A, p))
			goto end;

		/* b := (2*a)^((|p|-5)/8) */
		if (!BN_rshift(q, p, 3))
			goto end;
		q->neg = 0;
		if (!BN_mod_exp_ct(b, t, q, p, ctx))
			goto end;

		/* y := b^2 */
		if (!BN_mod_sqr(y, b, p, ctx))
			goto end;

		/* t := (2*a)*b^2 - 1*/
227
228
229
230
231
232
233

234
235




236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
		if (i < 22) {
			if (!BN_set_word(y, i))
				goto end;
		} else {
			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
				goto end;
			if (BN_ucmp(y, p) >= 0) {

				if (!(p->neg ? BN_add : BN_sub)(y, y, p))
					goto end;




			}
			/* now 0 <= y < |p| */
			if (BN_is_zero(y))
				if (!BN_set_word(y, i))
					goto end;
		}

		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
		if (r < -1)
			goto end;
		if (r == 0) {
			/* m divides p */
			BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
			goto end;
		}
	}
	while (r == 1 && ++i < 82);

		if (r != -1) {
		/* Many rounds and still no non-square -- this is more likely
		 * a bug than just bad luck.
		 * Even if  p  is not prime, we should have found some  y
		 * such that r == -1.
		 */
		BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
		goto end;
	}

	/* Here's our actual 'q': */
	if (!BN_rshift(q, q, e))
		goto end;

	/* Now that we have some non-square, we can find an element
	 * of order  2^e  by computing its q'th power. */
	if (!BN_mod_exp(y, y, q, p, ctx))
		goto end;
	if (BN_is_one(y)) {
		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
		goto end;
	}

	/* Now we know that (if  p  is indeed prime) there is an integer
	 * k,  0 <= k < 2^e,  such that
	 *
	 *      a^q * y^k == 1   (mod p).







>
|
|
>
>
>
>












|











|









|


|







227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
		if (i < 22) {
			if (!BN_set_word(y, i))
				goto end;
		} else {
			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
				goto end;
			if (BN_ucmp(y, p) >= 0) {
				if (p->neg) {
					if (!BN_add(y, y, p))
						goto end;
				} else {
					if (!BN_sub(y, y, p))
						goto end;
				}
			}
			/* now 0 <= y < |p| */
			if (BN_is_zero(y))
				if (!BN_set_word(y, i))
					goto end;
		}

		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
		if (r < -1)
			goto end;
		if (r == 0) {
			/* m divides p */
			BNerror(BN_R_P_IS_NOT_PRIME);
			goto end;
		}
	}
	while (r == 1 && ++i < 82);

		if (r != -1) {
		/* Many rounds and still no non-square -- this is more likely
		 * a bug than just bad luck.
		 * Even if  p  is not prime, we should have found some  y
		 * such that r == -1.
		 */
		BNerror(BN_R_TOO_MANY_ITERATIONS);
		goto end;
	}

	/* Here's our actual 'q': */
	if (!BN_rshift(q, q, e))
		goto end;

	/* Now that we have some non-square, we can find an element
	 * of order  2^e  by computing its q'th power. */
	if (!BN_mod_exp_ct(y, y, q, p, ctx))
		goto end;
	if (BN_is_one(y)) {
		BNerror(BN_R_P_IS_NOT_PRIME);
		goto end;
	}

	/* Now we know that (if  p  is indeed prime) there is an integer
	 * k,  0 <= k < 2^e,  such that
	 *
	 *      a^q * y^k == 1   (mod p).
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
			/* special case: a == 0  (mod p) */
			BN_zero(ret);
			err = 0;
			goto end;
		} else if (!BN_one(x))
			goto end;
	} else {
		if (!BN_mod_exp(x, A, t, p, ctx))
			goto end;
		if (BN_is_zero(x)) {
			/* special case: a == 0  (mod p) */
			BN_zero(ret);
			err = 0;
			goto end;
		}







|







310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
			/* special case: a == 0  (mod p) */
			BN_zero(ret);
			err = 0;
			goto end;
		} else if (!BN_one(x))
			goto end;
	} else {
		if (!BN_mod_exp_ct(x, A, t, p, ctx))
			goto end;
		if (BN_is_zero(x)) {
			/* special case: a == 0  (mod p) */
			BN_zero(ret);
			err = 0;
			goto end;
		}
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
		/* find smallest  i  such that  b^(2^i) = 1 */
		i = 1;
		if (!BN_mod_sqr(t, b, p, ctx))
			goto end;
		while (!BN_is_one(t)) {
			i++;
			if (i == e) {
				BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
				goto end;
			}
			if (!BN_mod_mul(t, t, t, p, ctx))
				goto end;
		}









|







355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
		/* find smallest  i  such that  b^(2^i) = 1 */
		i = 1;
		if (!BN_mod_sqr(t, b, p, ctx))
			goto end;
		while (!BN_is_one(t)) {
			i++;
			if (i == e) {
				BNerror(BN_R_NOT_A_SQUARE);
				goto end;
			}
			if (!BN_mod_mul(t, t, t, p, ctx))
				goto end;
		}


383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
		/* verify the result -- the input might have been not a square
		 * (test added in 0.9.8) */

		if (!BN_mod_sqr(x, ret, p, ctx))
			err = 1;

		if (!err && 0 != BN_cmp(x, A)) {
			BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
			err = 1;
		}
	}

end:
	if (err) {
		if (ret != NULL && ret != in) {







|







388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
		/* verify the result -- the input might have been not a square
		 * (test added in 0.9.8) */

		if (!BN_mod_sqr(x, ret, p, ctx))
			err = 1;

		if (!err && 0 != BN_cmp(x, A)) {
			BNerror(BN_R_NOT_A_SQUARE);
			err = 1;
		}
	}

end:
	if (err) {
		if (ret != NULL && ret != in) {
Changes to jni/libressl/crypto/bn/bn_word.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_word.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_word.c,v 1.13 2016/07/05 02:54:35 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/bn/bn_x931p.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn_x931p.c,v 1.7 2015/02/14 15:07:54 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
54
55
56
57
58
59
60


61
62
63
64
65
66
67
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <openssl/bn.h>



/* X9.31 routines for prime derivation */

/* X9.31 prime derivation. This is used to generate the primes pi
 * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
 * integers.
 */







>
>







54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <openssl/bn.h>

#include "bn_lcl.h"

/* X9.31 routines for prime derivation */

/* X9.31 prime derivation. This is used to generate the primes pi
 * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
 * integers.
 */
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
		goto err;

	if (!BN_mul(p1p2, p1, p2, ctx))
		goto err;

	/* First set p to value of Rp */

	if (!BN_mod_inverse(p, p2, p1, ctx))
		goto err;

	if (!BN_mul(p, p, p2, ctx))
		goto err;

	if (!BN_mod_inverse(t, p1, p2, ctx))
		goto err;

	if (!BN_mul(t, t, p1, ctx))
		goto err;

	if (!BN_sub(p, p, t))
		goto err;







|





|







132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
		goto err;

	if (!BN_mul(p1p2, p1, p2, ctx))
		goto err;

	/* First set p to value of Rp */

	if (!BN_mod_inverse_ct(p, p2, p1, ctx))
		goto err;

	if (!BN_mul(p, p, p2, ctx))
		goto err;

	if (!BN_mod_inverse_ct(t, p1, p2, ctx))
		goto err;

	if (!BN_mul(t, t, p1, ctx))
		goto err;

	if (!BN_sub(p, p, t))
		goto err;
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	for (;;) {
		int i = 1;
		BN_GENCB_call(cb, 0, i++);
		if (!BN_copy(pm1, p))
			goto err;
		if (!BN_sub_word(pm1, 1))
			goto err;
		if (!BN_gcd(t, pm1, e, ctx))
			goto err;
		if (BN_is_one(t)
		/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
		 * offering similar or better guarantees 50 MR is considerably
		 * better.
		 */
		    && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))







|







167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
	for (;;) {
		int i = 1;
		BN_GENCB_call(cb, 0, i++);
		if (!BN_copy(pm1, p))
			goto err;
		if (!BN_sub_word(pm1, 1))
			goto err;
		if (!BN_gcd_ct(t, pm1, e, ctx))
			goto err;
		if (BN_is_one(t)
		/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
		 * offering similar or better guarantees 50 MR is considerably
		 * better.
		 */
		    && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
Added jni/libressl/crypto/bn/gf2m-elf-x86_64.S.
















































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
#include "x86_arch.h"
.text	

.type	_mul_1x1,@function
.align	16
_mul_1x1:
	subq	$128+8,%rsp
	movq	$-1,%r9
	leaq	(%rax,%rax,1),%rsi
	shrq	$3,%r9
	leaq	(,%rax,4),%rdi
	andq	%rax,%r9
	leaq	(,%rax,8),%r12
	sarq	$63,%rax
	leaq	(%r9,%r9,1),%r10
	sarq	$63,%rsi
	leaq	(,%r9,4),%r11
	andq	%rbp,%rax
	sarq	$63,%rdi
	movq	%rax,%rdx
	shlq	$63,%rax
	andq	%rbp,%rsi
	shrq	$1,%rdx
	movq	%rsi,%rcx
	shlq	$62,%rsi
	andq	%rbp,%rdi
	shrq	$2,%rcx
	xorq	%rsi,%rax
	movq	%rdi,%rbx
	shlq	$61,%rdi
	xorq	%rcx,%rdx
	shrq	$3,%rbx
	xorq	%rdi,%rax
	xorq	%rbx,%rdx

	movq	%r9,%r13
	movq	$0,0(%rsp)
	xorq	%r10,%r13
	movq	%r9,8(%rsp)
	movq	%r11,%r14
	movq	%r10,16(%rsp)
	xorq	%r12,%r14
	movq	%r13,24(%rsp)

	xorq	%r11,%r9
	movq	%r11,32(%rsp)
	xorq	%r11,%r10
	movq	%r9,40(%rsp)
	xorq	%r11,%r13
	movq	%r10,48(%rsp)
	xorq	%r14,%r9
	movq	%r13,56(%rsp)
	xorq	%r14,%r10

	movq	%r12,64(%rsp)
	xorq	%r14,%r13
	movq	%r9,72(%rsp)
	xorq	%r11,%r9
	movq	%r10,80(%rsp)
	xorq	%r11,%r10
	movq	%r13,88(%rsp)

	xorq	%r11,%r13
	movq	%r14,96(%rsp)
	movq	%r8,%rsi
	movq	%r9,104(%rsp)
	andq	%rbp,%rsi
	movq	%r10,112(%rsp)
	shrq	$4,%rbp
	movq	%r13,120(%rsp)
	movq	%r8,%rdi
	andq	%rbp,%rdi
	shrq	$4,%rbp

	movq	(%rsp,%rsi,8),%xmm0
	movq	%r8,%rsi
	andq	%rbp,%rsi
	shrq	$4,%rbp
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$4,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$60,%rbx
	xorq	%rcx,%rax
	pslldq	$1,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$12,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$52,%rbx
	xorq	%rcx,%rax
	pslldq	$2,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$20,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$44,%rbx
	xorq	%rcx,%rax
	pslldq	$3,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$28,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$36,%rbx
	xorq	%rcx,%rax
	pslldq	$4,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$36,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$28,%rbx
	xorq	%rcx,%rax
	pslldq	$5,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$44,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$20,%rbx
	xorq	%rcx,%rax
	pslldq	$6,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$52,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$12,%rbx
	xorq	%rcx,%rax
	pslldq	$7,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%rcx,%rbx
	shlq	$60,%rcx
	movd	%xmm0,%rsi
	shrq	$4,%rbx
	xorq	%rcx,%rax
	psrldq	$8,%xmm0
	xorq	%rbx,%rdx
	movd	%xmm0,%rdi
	xorq	%rsi,%rax
	xorq	%rdi,%rdx

	addq	$128+8,%rsp
	.byte	0xf3,0xc3
.Lend_mul_1x1:
.size	_mul_1x1,.-_mul_1x1

.hidden	OPENSSL_ia32cap_P
.globl	bn_GF2m_mul_2x2
.type	bn_GF2m_mul_2x2,@function
.align	16
bn_GF2m_mul_2x2:
	movl	OPENSSL_ia32cap_P+4(%rip),%eax
	btl	$IA32CAP_BIT1_PCLMUL,%eax
	jnc	.Lvanilla_mul_2x2

	movd	%rsi,%xmm0
	movd	%rcx,%xmm1
	movd	%rdx,%xmm2
	movd	%r8,%xmm3
	movdqa	%xmm0,%xmm4
	movdqa	%xmm1,%xmm5
.byte	102,15,58,68,193,0
	pxor	%xmm2,%xmm4
	pxor	%xmm3,%xmm5
.byte	102,15,58,68,211,0
.byte	102,15,58,68,229,0
	xorps	%xmm0,%xmm4
	xorps	%xmm2,%xmm4
	movdqa	%xmm4,%xmm5
	pslldq	$8,%xmm4
	psrldq	$8,%xmm5
	pxor	%xmm4,%xmm2
	pxor	%xmm5,%xmm0
	movdqu	%xmm2,0(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3

.align	16
.Lvanilla_mul_2x2:
	leaq	-136(%rsp),%rsp
	movq	%r14,80(%rsp)
	movq	%r13,88(%rsp)
	movq	%r12,96(%rsp)
	movq	%rbp,104(%rsp)
	movq	%rbx,112(%rsp)
.Lbody_mul_2x2:
	movq	%rdi,32(%rsp)
	movq	%rsi,40(%rsp)
	movq	%rdx,48(%rsp)
	movq	%rcx,56(%rsp)
	movq	%r8,64(%rsp)

	movq	$15,%r8
	movq	%rsi,%rax
	movq	%rcx,%rbp
	call	_mul_1x1		
	movq	%rax,16(%rsp)
	movq	%rdx,24(%rsp)

	movq	48(%rsp),%rax
	movq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	%rax,0(%rsp)
	movq	%rdx,8(%rsp)

	movq	40(%rsp),%rax
	movq	56(%rsp),%rbp
	xorq	48(%rsp),%rax
	xorq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	0(%rsp),%rbx
	movq	8(%rsp),%rcx
	movq	16(%rsp),%rdi
	movq	24(%rsp),%rsi
	movq	32(%rsp),%rbp

	xorq	%rdx,%rax
	xorq	%rcx,%rdx
	xorq	%rbx,%rax
	movq	%rbx,0(%rbp)
	xorq	%rdi,%rdx
	movq	%rsi,24(%rbp)
	xorq	%rsi,%rax
	xorq	%rsi,%rdx
	xorq	%rdx,%rax
	movq	%rdx,16(%rbp)
	movq	%rax,8(%rbp)

	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbp
	movq	112(%rsp),%rbx
	leaq	136(%rsp),%rsp
	.byte	0xf3,0xc3
.Lend_mul_2x2:
.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	16
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/bn/gf2m-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
.text	

.type	_mul_1x1,@function
.align	16
_mul_1x1:
	subq	$128+8,%rsp
	movq	$-1,%r9
	leaq	(%rax,%rax,1),%rsi
	shrq	$3,%r9
	leaq	(,%rax,4),%rdi
	andq	%rax,%r9
	leaq	(,%rax,8),%r12
	sarq	$63,%rax
	leaq	(%r9,%r9,1),%r10
	sarq	$63,%rsi
	leaq	(,%r9,4),%r11
	andq	%rbp,%rax
	sarq	$63,%rdi
	movq	%rax,%rdx
	shlq	$63,%rax
	andq	%rbp,%rsi
	shrq	$1,%rdx
	movq	%rsi,%rcx
	shlq	$62,%rsi
	andq	%rbp,%rdi
	shrq	$2,%rcx
	xorq	%rsi,%rax
	movq	%rdi,%rbx
	shlq	$61,%rdi
	xorq	%rcx,%rdx
	shrq	$3,%rbx
	xorq	%rdi,%rax
	xorq	%rbx,%rdx

	movq	%r9,%r13
	movq	$0,0(%rsp)
	xorq	%r10,%r13
	movq	%r9,8(%rsp)
	movq	%r11,%r14
	movq	%r10,16(%rsp)
	xorq	%r12,%r14
	movq	%r13,24(%rsp)

	xorq	%r11,%r9
	movq	%r11,32(%rsp)
	xorq	%r11,%r10
	movq	%r9,40(%rsp)
	xorq	%r11,%r13
	movq	%r10,48(%rsp)
	xorq	%r14,%r9
	movq	%r13,56(%rsp)
	xorq	%r14,%r10

	movq	%r12,64(%rsp)
	xorq	%r14,%r13
	movq	%r9,72(%rsp)
	xorq	%r11,%r9
	movq	%r10,80(%rsp)
	xorq	%r11,%r10
	movq	%r13,88(%rsp)

	xorq	%r11,%r13
	movq	%r14,96(%rsp)
	movq	%r8,%rsi
	movq	%r9,104(%rsp)
	andq	%rbp,%rsi
	movq	%r10,112(%rsp)
	shrq	$4,%rbp
	movq	%r13,120(%rsp)
	movq	%r8,%rdi
	andq	%rbp,%rdi
	shrq	$4,%rbp

	movq	(%rsp,%rsi,8),%xmm0
	movq	%r8,%rsi
	andq	%rbp,%rsi
	shrq	$4,%rbp
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$4,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$60,%rbx
	xorq	%rcx,%rax
	pslldq	$1,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$12,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$52,%rbx
	xorq	%rcx,%rax
	pslldq	$2,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$20,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$44,%rbx
	xorq	%rcx,%rax
	pslldq	$3,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$28,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$36,%rbx
	xorq	%rcx,%rax
	pslldq	$4,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$36,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$28,%rbx
	xorq	%rcx,%rax
	pslldq	$5,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$44,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$20,%rbx
	xorq	%rcx,%rax
	pslldq	$6,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$52,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$12,%rbx
	xorq	%rcx,%rax
	pslldq	$7,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%rcx,%rbx
	shlq	$60,%rcx
	movd	%xmm0,%rsi
	shrq	$4,%rbx
	xorq	%rcx,%rax
	psrldq	$8,%xmm0
	xorq	%rbx,%rdx
	movd	%xmm0,%rdi
	xorq	%rsi,%rax
	xorq	%rdi,%rdx

	addq	$128+8,%rsp
	.byte	0xf3,0xc3
.Lend_mul_1x1:
.size	_mul_1x1,.-_mul_1x1

.globl	bn_GF2m_mul_2x2
.type	bn_GF2m_mul_2x2,@function
.align	16
bn_GF2m_mul_2x2:
	movq	OPENSSL_ia32cap_P(%rip),%rax
	btq	$33,%rax
	jnc	.Lvanilla_mul_2x2

	movd	%rsi,%xmm0
	movd	%rcx,%xmm1
	movd	%rdx,%xmm2
	movd	%r8,%xmm3
	movdqa	%xmm0,%xmm4
	movdqa	%xmm1,%xmm5
.byte	102,15,58,68,193,0
	pxor	%xmm2,%xmm4
	pxor	%xmm3,%xmm5
.byte	102,15,58,68,211,0
.byte	102,15,58,68,229,0
	xorps	%xmm0,%xmm4
	xorps	%xmm2,%xmm4
	movdqa	%xmm4,%xmm5
	pslldq	$8,%xmm4
	psrldq	$8,%xmm5
	pxor	%xmm4,%xmm2
	pxor	%xmm5,%xmm0
	movdqu	%xmm2,0(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3

.align	16
.Lvanilla_mul_2x2:
	leaq	-136(%rsp),%rsp
	movq	%r14,80(%rsp)
	movq	%r13,88(%rsp)
	movq	%r12,96(%rsp)
	movq	%rbp,104(%rsp)
	movq	%rbx,112(%rsp)
.Lbody_mul_2x2:
	movq	%rdi,32(%rsp)
	movq	%rsi,40(%rsp)
	movq	%rdx,48(%rsp)
	movq	%rcx,56(%rsp)
	movq	%r8,64(%rsp)

	movq	$15,%r8
	movq	%rsi,%rax
	movq	%rcx,%rbp
	call	_mul_1x1		
	movq	%rax,16(%rsp)
	movq	%rdx,24(%rsp)

	movq	48(%rsp),%rax
	movq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	%rax,0(%rsp)
	movq	%rdx,8(%rsp)

	movq	40(%rsp),%rax
	movq	56(%rsp),%rbp
	xorq	48(%rsp),%rax
	xorq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	0(%rsp),%rbx
	movq	8(%rsp),%rcx
	movq	16(%rsp),%rdi
	movq	24(%rsp),%rsi
	movq	32(%rsp),%rbp

	xorq	%rdx,%rax
	xorq	%rcx,%rdx
	xorq	%rbx,%rax
	movq	%rbx,0(%rbp)
	xorq	%rdi,%rdx
	movq	%rsi,24(%rbp)
	xorq	%rsi,%rax
	xorq	%rsi,%rdx
	xorq	%rdx,%rax
	movq	%rdx,16(%rbp)
	movq	%rax,8(%rbp)

	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbp
	movq	112(%rsp),%rbx
	leaq	136(%rsp),%rsp
	.byte	0xf3,0xc3
.Lend_mul_2x2:
.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	16
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/gf2m-macosx-x86_64.S.










































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
#include "x86_arch.h"
.text	


.p2align	4
_mul_1x1:
	subq	$128+8,%rsp
	movq	$-1,%r9
	leaq	(%rax,%rax,1),%rsi
	shrq	$3,%r9
	leaq	(,%rax,4),%rdi
	andq	%rax,%r9
	leaq	(,%rax,8),%r12
	sarq	$63,%rax
	leaq	(%r9,%r9,1),%r10
	sarq	$63,%rsi
	leaq	(,%r9,4),%r11
	andq	%rbp,%rax
	sarq	$63,%rdi
	movq	%rax,%rdx
	shlq	$63,%rax
	andq	%rbp,%rsi
	shrq	$1,%rdx
	movq	%rsi,%rcx
	shlq	$62,%rsi
	andq	%rbp,%rdi
	shrq	$2,%rcx
	xorq	%rsi,%rax
	movq	%rdi,%rbx
	shlq	$61,%rdi
	xorq	%rcx,%rdx
	shrq	$3,%rbx
	xorq	%rdi,%rax
	xorq	%rbx,%rdx

	movq	%r9,%r13
	movq	$0,0(%rsp)
	xorq	%r10,%r13
	movq	%r9,8(%rsp)
	movq	%r11,%r14
	movq	%r10,16(%rsp)
	xorq	%r12,%r14
	movq	%r13,24(%rsp)

	xorq	%r11,%r9
	movq	%r11,32(%rsp)
	xorq	%r11,%r10
	movq	%r9,40(%rsp)
	xorq	%r11,%r13
	movq	%r10,48(%rsp)
	xorq	%r14,%r9
	movq	%r13,56(%rsp)
	xorq	%r14,%r10

	movq	%r12,64(%rsp)
	xorq	%r14,%r13
	movq	%r9,72(%rsp)
	xorq	%r11,%r9
	movq	%r10,80(%rsp)
	xorq	%r11,%r10
	movq	%r13,88(%rsp)

	xorq	%r11,%r13
	movq	%r14,96(%rsp)
	movq	%r8,%rsi
	movq	%r9,104(%rsp)
	andq	%rbp,%rsi
	movq	%r10,112(%rsp)
	shrq	$4,%rbp
	movq	%r13,120(%rsp)
	movq	%r8,%rdi
	andq	%rbp,%rdi
	shrq	$4,%rbp

	movq	(%rsp,%rsi,8),%xmm0
	movq	%r8,%rsi
	andq	%rbp,%rsi
	shrq	$4,%rbp
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$4,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$60,%rbx
	xorq	%rcx,%rax
	pslldq	$1,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$12,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$52,%rbx
	xorq	%rcx,%rax
	pslldq	$2,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$20,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$44,%rbx
	xorq	%rcx,%rax
	pslldq	$3,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$28,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$36,%rbx
	xorq	%rcx,%rax
	pslldq	$4,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$36,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$28,%rbx
	xorq	%rcx,%rax
	pslldq	$5,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$44,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$20,%rbx
	xorq	%rcx,%rax
	pslldq	$6,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$52,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$12,%rbx
	xorq	%rcx,%rax
	pslldq	$7,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%rcx,%rbx
	shlq	$60,%rcx
	movd	%xmm0,%rsi
	shrq	$4,%rbx
	xorq	%rcx,%rax
	psrldq	$8,%xmm0
	xorq	%rbx,%rdx
	movd	%xmm0,%rdi
	xorq	%rsi,%rax
	xorq	%rdi,%rdx

	addq	$128+8,%rsp
	.byte	0xf3,0xc3
L$end_mul_1x1:


.private_extern	_OPENSSL_ia32cap_P
.globl	_bn_GF2m_mul_2x2

.p2align	4
_bn_GF2m_mul_2x2:
	movl	_OPENSSL_ia32cap_P+4(%rip),%eax
	btl	$IA32CAP_BIT1_PCLMUL,%eax
	jnc	L$vanilla_mul_2x2

	movd	%rsi,%xmm0
	movd	%rcx,%xmm1
	movd	%rdx,%xmm2
	movd	%r8,%xmm3
	movdqa	%xmm0,%xmm4
	movdqa	%xmm1,%xmm5
.byte	102,15,58,68,193,0
	pxor	%xmm2,%xmm4
	pxor	%xmm3,%xmm5
.byte	102,15,58,68,211,0
.byte	102,15,58,68,229,0
	xorps	%xmm0,%xmm4
	xorps	%xmm2,%xmm4
	movdqa	%xmm4,%xmm5
	pslldq	$8,%xmm4
	psrldq	$8,%xmm5
	pxor	%xmm4,%xmm2
	pxor	%xmm5,%xmm0
	movdqu	%xmm2,0(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3

.p2align	4
L$vanilla_mul_2x2:
	leaq	-136(%rsp),%rsp
	movq	%r14,80(%rsp)
	movq	%r13,88(%rsp)
	movq	%r12,96(%rsp)
	movq	%rbp,104(%rsp)
	movq	%rbx,112(%rsp)
L$body_mul_2x2:
	movq	%rdi,32(%rsp)
	movq	%rsi,40(%rsp)
	movq	%rdx,48(%rsp)
	movq	%rcx,56(%rsp)
	movq	%r8,64(%rsp)

	movq	$15,%r8
	movq	%rsi,%rax
	movq	%rcx,%rbp
	call	_mul_1x1		
	movq	%rax,16(%rsp)
	movq	%rdx,24(%rsp)

	movq	48(%rsp),%rax
	movq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	%rax,0(%rsp)
	movq	%rdx,8(%rsp)

	movq	40(%rsp),%rax
	movq	56(%rsp),%rbp
	xorq	48(%rsp),%rax
	xorq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	0(%rsp),%rbx
	movq	8(%rsp),%rcx
	movq	16(%rsp),%rdi
	movq	24(%rsp),%rsi
	movq	32(%rsp),%rbp

	xorq	%rdx,%rax
	xorq	%rcx,%rdx
	xorq	%rbx,%rax
	movq	%rbx,0(%rbp)
	xorq	%rdi,%rdx
	movq	%rsi,24(%rbp)
	xorq	%rsi,%rax
	xorq	%rsi,%rdx
	xorq	%rdx,%rax
	movq	%rdx,16(%rbp)
	movq	%rax,8(%rbp)

	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbp
	movq	112(%rsp),%rbx
	leaq	136(%rsp),%rsp
	.byte	0xf3,0xc3
L$end_mul_2x2:

.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	4
Deleted jni/libressl/crypto/bn/gf2m-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
.text	


.p2align	4
_mul_1x1:
	subq	$128+8,%rsp
	movq	$-1,%r9
	leaq	(%rax,%rax,1),%rsi
	shrq	$3,%r9
	leaq	(,%rax,4),%rdi
	andq	%rax,%r9
	leaq	(,%rax,8),%r12
	sarq	$63,%rax
	leaq	(%r9,%r9,1),%r10
	sarq	$63,%rsi
	leaq	(,%r9,4),%r11
	andq	%rbp,%rax
	sarq	$63,%rdi
	movq	%rax,%rdx
	shlq	$63,%rax
	andq	%rbp,%rsi
	shrq	$1,%rdx
	movq	%rsi,%rcx
	shlq	$62,%rsi
	andq	%rbp,%rdi
	shrq	$2,%rcx
	xorq	%rsi,%rax
	movq	%rdi,%rbx
	shlq	$61,%rdi
	xorq	%rcx,%rdx
	shrq	$3,%rbx
	xorq	%rdi,%rax
	xorq	%rbx,%rdx

	movq	%r9,%r13
	movq	$0,0(%rsp)
	xorq	%r10,%r13
	movq	%r9,8(%rsp)
	movq	%r11,%r14
	movq	%r10,16(%rsp)
	xorq	%r12,%r14
	movq	%r13,24(%rsp)

	xorq	%r11,%r9
	movq	%r11,32(%rsp)
	xorq	%r11,%r10
	movq	%r9,40(%rsp)
	xorq	%r11,%r13
	movq	%r10,48(%rsp)
	xorq	%r14,%r9
	movq	%r13,56(%rsp)
	xorq	%r14,%r10

	movq	%r12,64(%rsp)
	xorq	%r14,%r13
	movq	%r9,72(%rsp)
	xorq	%r11,%r9
	movq	%r10,80(%rsp)
	xorq	%r11,%r10
	movq	%r13,88(%rsp)

	xorq	%r11,%r13
	movq	%r14,96(%rsp)
	movq	%r8,%rsi
	movq	%r9,104(%rsp)
	andq	%rbp,%rsi
	movq	%r10,112(%rsp)
	shrq	$4,%rbp
	movq	%r13,120(%rsp)
	movq	%r8,%rdi
	andq	%rbp,%rdi
	shrq	$4,%rbp

	movq	(%rsp,%rsi,8),%xmm0
	movq	%r8,%rsi
	andq	%rbp,%rsi
	shrq	$4,%rbp
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$4,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$60,%rbx
	xorq	%rcx,%rax
	pslldq	$1,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$12,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$52,%rbx
	xorq	%rcx,%rax
	pslldq	$2,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$20,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$44,%rbx
	xorq	%rcx,%rax
	pslldq	$3,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$28,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$36,%rbx
	xorq	%rcx,%rax
	pslldq	$4,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$36,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$28,%rbx
	xorq	%rcx,%rax
	pslldq	$5,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$44,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$20,%rbx
	xorq	%rcx,%rax
	pslldq	$6,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%r8,%rdi
	movq	%rcx,%rbx
	shlq	$52,%rcx
	andq	%rbp,%rdi
	movq	(%rsp,%rsi,8),%xmm1
	shrq	$12,%rbx
	xorq	%rcx,%rax
	pslldq	$7,%xmm1
	movq	%r8,%rsi
	shrq	$4,%rbp
	xorq	%rbx,%rdx
	andq	%rbp,%rsi
	shrq	$4,%rbp
	pxor	%xmm1,%xmm0
	movq	(%rsp,%rdi,8),%rcx
	movq	%rcx,%rbx
	shlq	$60,%rcx
	movd	%xmm0,%rsi
	shrq	$4,%rbx
	xorq	%rcx,%rax
	psrldq	$8,%xmm0
	xorq	%rbx,%rdx
	movd	%xmm0,%rdi
	xorq	%rsi,%rax
	xorq	%rdi,%rdx

	addq	$128+8,%rsp
	.byte	0xf3,0xc3
L$end_mul_1x1:


.globl	_bn_GF2m_mul_2x2

.p2align	4
_bn_GF2m_mul_2x2:
	movq	_OPENSSL_ia32cap_P(%rip),%rax
	btq	$33,%rax
	jnc	L$vanilla_mul_2x2

	movd	%rsi,%xmm0
	movd	%rcx,%xmm1
	movd	%rdx,%xmm2
	movd	%r8,%xmm3
	movdqa	%xmm0,%xmm4
	movdqa	%xmm1,%xmm5
.byte	102,15,58,68,193,0
	pxor	%xmm2,%xmm4
	pxor	%xmm3,%xmm5
.byte	102,15,58,68,211,0
.byte	102,15,58,68,229,0
	xorps	%xmm0,%xmm4
	xorps	%xmm2,%xmm4
	movdqa	%xmm4,%xmm5
	pslldq	$8,%xmm4
	psrldq	$8,%xmm5
	pxor	%xmm4,%xmm2
	pxor	%xmm5,%xmm0
	movdqu	%xmm2,0(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3

.p2align	4
L$vanilla_mul_2x2:
	leaq	-136(%rsp),%rsp
	movq	%r14,80(%rsp)
	movq	%r13,88(%rsp)
	movq	%r12,96(%rsp)
	movq	%rbp,104(%rsp)
	movq	%rbx,112(%rsp)
L$body_mul_2x2:
	movq	%rdi,32(%rsp)
	movq	%rsi,40(%rsp)
	movq	%rdx,48(%rsp)
	movq	%rcx,56(%rsp)
	movq	%r8,64(%rsp)

	movq	$15,%r8
	movq	%rsi,%rax
	movq	%rcx,%rbp
	call	_mul_1x1		
	movq	%rax,16(%rsp)
	movq	%rdx,24(%rsp)

	movq	48(%rsp),%rax
	movq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	%rax,0(%rsp)
	movq	%rdx,8(%rsp)

	movq	40(%rsp),%rax
	movq	56(%rsp),%rbp
	xorq	48(%rsp),%rax
	xorq	64(%rsp),%rbp
	call	_mul_1x1		
	movq	0(%rsp),%rbx
	movq	8(%rsp),%rcx
	movq	16(%rsp),%rdi
	movq	24(%rsp),%rsi
	movq	32(%rsp),%rbp

	xorq	%rdx,%rax
	xorq	%rcx,%rdx
	xorq	%rbx,%rax
	movq	%rbx,0(%rbp)
	xorq	%rdi,%rdx
	movq	%rsi,24(%rbp)
	xorq	%rsi,%rax
	xorq	%rsi,%rdx
	xorq	%rdx,%rax
	movq	%rdx,16(%rbp)
	movq	%rax,8(%rbp)

	movq	80(%rsp),%r14
	movq	88(%rsp),%r13
	movq	96(%rsp),%r12
	movq	104(%rsp),%rbp
	movq	112(%rsp),%rbx
	leaq	136(%rsp),%rsp
	.byte	0xf3,0xc3
L$end_mul_2x2:

.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	4
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/modexp512-elf-x86_64.S.


































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
#include "x86_arch.h"
.text	

.type	MULADD_128x512,@function
.align	16
MULADD_128x512:
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	.byte	0xf3,0xc3
.size	MULADD_128x512,.-MULADD_128x512
.type	mont_reduce,@function
.align	16
mont_reduce:
	leaq	192(%rsp),%rdi
	movq	32(%rsp),%rsi
	addq	$576,%rsi
	leaq	520(%rsp),%rcx

	movq	96(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	movq	(%rcx),%r8
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	movq	8(%rcx),%r9
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	movq	16(%rcx),%r10
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	movq	24(%rcx),%r11
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	movq	32(%rcx),%r12
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	movq	40(%rcx),%r13
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	movq	48(%rcx),%r14
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	movq	56(%rcx),%r15
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	104(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	112(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,16(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	120(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,24(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	xorq	%rax,%rax

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9
	adcq	80(%rcx),%r10
	adcq	88(%rcx),%r11
	adcq	$0,%rax




	movq	%r8,64(%rdi)
	movq	%r9,72(%rdi)
	movq	%r10,%rbp
	movq	%r11,88(%rdi)

	movq	%rax,384(%rsp)

	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11








	addq	$80,%rdi

	addq	$64,%rsi
	leaq	296(%rsp),%rcx

	call	MULADD_128x512			

	movq	384(%rsp),%rax


	addq	-16(%rdi),%r8
	adcq	-8(%rdi),%r9
	movq	%r8,64(%rcx)
	movq	%r9,72(%rcx)

	adcq	%rax,%rax
	movq	%rax,384(%rsp)

	leaq	192(%rsp),%rdi
	addq	$64,%rsi





	movq	(%rsi),%r8
	movq	8(%rsi),%rbx

	movq	(%rcx),%rax
	mulq	%r8
	movq	%rax,%rbp
	movq	%rdx,%r9

	movq	8(%rcx),%rax
	mulq	%r8
	addq	%rax,%r9

	movq	(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r9

	movq	%r9,8(%rdi)


	subq	$192,%rsi

	movq	(%rcx),%r8
	movq	8(%rcx),%r9

	call	MULADD_128x512			




	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdi
	movq	24(%rsi),%rdx


	movq	384(%rsp),%rbp

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9


	adcq	%rbp,%rbp



	shlq	$3,%rbp
	movq	32(%rsp),%rcx
	addq	%rcx,%rbp


	xorq	%rsi,%rsi

	addq	0(%rbp),%r10
	adcq	64(%rbp),%r11
	adcq	128(%rbp),%r12
	adcq	192(%rbp),%r13
	adcq	256(%rbp),%r14
	adcq	320(%rbp),%r15
	adcq	384(%rbp),%r8
	adcq	448(%rbp),%r9



	sbbq	$0,%rsi


	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx

	movq	$1,%rbp
	subq	%rax,%r10
	sbbq	%rbx,%r11
	sbbq	%rdi,%r12
	sbbq	%rdx,%r13




	sbbq	$0,%rbp



	addq	$512,%rcx
	movq	32(%rcx),%rax
	movq	40(%rcx),%rbx
	movq	48(%rcx),%rdi
	movq	56(%rcx),%rdx



	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx



	subq	$1,%rbp

	sbbq	%rax,%r14
	sbbq	%rbx,%r15
	sbbq	%rdi,%r8
	sbbq	%rdx,%r9



	movq	144(%rsp),%rsi
	movq	%r10,0(%rsi)
	movq	%r11,8(%rsi)
	movq	%r12,16(%rsi)
	movq	%r13,24(%rsi)
	movq	%r14,32(%rsi)
	movq	%r15,40(%rsi)
	movq	%r8,48(%rsi)
	movq	%r9,56(%rsi)

	.byte	0xf3,0xc3
.size	mont_reduce,.-mont_reduce
.type	mont_mul_a3b,@function
.align	16
mont_mul_a3b:




	movq	0(%rdi),%rbp

	movq	%r10,%rax
	mulq	%rbp
	movq	%rax,520(%rsp)
	movq	%rdx,%r10
	movq	%r11,%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r12,%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r13,%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r14,%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r15,%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r8,%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,528(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	16(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,536(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	24(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,544(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	32(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,552(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	40(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%r14,560(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	48(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,568(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	56(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,576(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,584(%rsp)
	movq	%r10,592(%rsp)
	movq	%r11,600(%rsp)
	movq	%r12,608(%rsp)
	movq	%r13,616(%rsp)
	movq	%r14,624(%rsp)
	movq	%r15,632(%rsp)
	movq	%r8,640(%rsp)





	jmp	mont_reduce


.size	mont_mul_a3b,.-mont_mul_a3b
.type	sqr_reduce,@function
.align	16
sqr_reduce:
	movq	16(%rsp),%rcx



	movq	%r10,%rbx

	movq	%r11,%rax
	mulq	%rbx
	movq	%rax,528(%rsp)
	movq	%rdx,%r10
	movq	%r12,%rax
	mulq	%rbx
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r13,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r14,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r15,%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%rsi

	movq	%r10,536(%rsp)





	movq	8(%rcx),%rbx

	movq	16(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,544(%rsp)

	movq	%rdx,%r10
	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,552(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	16(%rcx),%rbx

	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,560(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx
	movq	%r14,568(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r12





	movq	24(%rcx),%rbx

	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,576(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx
	movq	%rsi,584(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx

	movq	%rdx,%r15




	movq	32(%rcx),%rbx

	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,592(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,600(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	40(%rcx),%rbx

	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,608(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx
	movq	%r11,616(%rsp)

	movq	%rdx,%r12




	movq	%r8,%rbx

	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,624(%rsp)

	movq	%rdx,632(%rsp)


	movq	528(%rsp),%r10
	movq	536(%rsp),%r11
	movq	544(%rsp),%r12
	movq	552(%rsp),%r13
	movq	560(%rsp),%r14
	movq	568(%rsp),%r15

	movq	24(%rcx),%rax
	mulq	%rax
	movq	%rax,%rdi
	movq	%rdx,%r8

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	$0,%r8

	movq	0(%rcx),%rax
	mulq	%rax
	movq	%rax,520(%rsp)
	movq	%rdx,%rbx

	movq	8(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbx
	movq	%r10,528(%rsp)
	movq	%r11,536(%rsp)

	movq	16(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbx

	movq	%r12,544(%rsp)
	movq	%r13,552(%rsp)

	xorq	%rbp,%rbp
	addq	%rbx,%r14
	adcq	%rdi,%r15
	adcq	$0,%rbp

	movq	%r14,560(%rsp)
	movq	%r15,568(%rsp)




	movq	576(%rsp),%r10
	movq	584(%rsp),%r11
	movq	592(%rsp),%r12
	movq	600(%rsp),%r13
	movq	608(%rsp),%r14
	movq	616(%rsp),%r15
	movq	624(%rsp),%rdi
	movq	632(%rsp),%rsi

	movq	%r9,%rax
	mulq	%rax
	movq	%rax,%r9
	movq	%rdx,%rbx

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	%rdi,%rdi
	adcq	%rsi,%rsi
	adcq	$0,%rbx

	addq	%rbp,%r10

	movq	32(%rcx),%rax
	mulq	%rax

	addq	%r8,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r10,576(%rsp)
	movq	%r11,584(%rsp)

	movq	40(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r12,592(%rsp)
	movq	%r13,600(%rsp)

	movq	48(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r14
	adcq	%rax,%r15
	adcq	$0,%rdx

	movq	%r14,608(%rsp)
	movq	%r15,616(%rsp)

	addq	%rdx,%rdi
	adcq	%r9,%rsi
	adcq	$0,%rbx

	movq	%rdi,624(%rsp)
	movq	%rsi,632(%rsp)
	movq	%rbx,640(%rsp)

	jmp	mont_reduce


.size	sqr_reduce,.-sqr_reduce
.globl	mod_exp_512
.type	mod_exp_512,@function
mod_exp_512:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r8
	subq	$2688,%rsp
	andq	$-64,%rsp


	movq	%r8,0(%rsp)
	movq	%rdi,8(%rsp)
	movq	%rsi,16(%rsp)
	movq	%rcx,24(%rsp)
.Lbody:



	pxor	%xmm4,%xmm4
	movdqu	0(%rsi),%xmm0
	movdqu	16(%rsi),%xmm1
	movdqu	32(%rsi),%xmm2
	movdqu	48(%rsi),%xmm3
	movdqa	%xmm4,512(%rsp)
	movdqa	%xmm4,528(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,544(%rsp)
	movdqa	%xmm1,560(%rsp)
	movdqa	%xmm2,576(%rsp)
	movdqa	%xmm3,592(%rsp)


	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3

	leaq	384(%rsp),%rbx
	movq	%rbx,136(%rsp)
	call	mont_reduce


	leaq	448(%rsp),%rcx
	xorq	%rax,%rax
	movq	%rax,0(%rcx)
	movq	%rax,8(%rcx)
	movq	%rax,24(%rcx)
	movq	%rax,32(%rcx)
	movq	%rax,40(%rcx)
	movq	%rax,48(%rcx)
	movq	%rax,56(%rcx)
	movq	%rax,128(%rsp)
	movq	$1,16(%rcx)

	leaq	640(%rsp),%rbp
	movq	%rcx,%rsi
	movq	%rbp,%rdi
	movq	$8,%rax
loop_0:
	movq	(%rcx),%rbx
	movw	%bx,(%rdi)
	shrq	$16,%rbx
	movw	%bx,64(%rdi)
	shrq	$16,%rbx
	movw	%bx,128(%rdi)
	shrq	$16,%rbx
	movw	%bx,192(%rdi)
	leaq	8(%rcx),%rcx
	leaq	256(%rdi),%rdi
	decq	%rax
	jnz	loop_0
	movq	$31,%rax
	movq	%rax,32(%rsp)
	movq	%rbp,40(%rsp)

	movq	%rsi,136(%rsp)
	movq	0(%rsi),%r10
	movq	8(%rsi),%r11
	movq	16(%rsi),%r12
	movq	24(%rsi),%r13
	movq	32(%rsi),%r14
	movq	40(%rsi),%r15
	movq	48(%rsi),%r8
	movq	56(%rsi),%r9
init_loop:
	leaq	384(%rsp),%rdi
	call	mont_mul_a3b
	leaq	448(%rsp),%rsi
	movq	40(%rsp),%rbp
	addq	$2,%rbp
	movq	%rbp,40(%rsp)
	movq	%rsi,%rcx
	movq	$8,%rax
loop_1:
	movq	(%rcx),%rbx
	movw	%bx,(%rbp)
	shrq	$16,%rbx
	movw	%bx,64(%rbp)
	shrq	$16,%rbx
	movw	%bx,128(%rbp)
	shrq	$16,%rbx
	movw	%bx,192(%rbp)
	leaq	8(%rcx),%rcx
	leaq	256(%rbp),%rbp
	decq	%rax
	jnz	loop_1
	movq	32(%rsp),%rax
	subq	$1,%rax
	movq	%rax,32(%rsp)
	jne	init_loop



	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm1,80(%rsp)
	movdqa	%xmm2,96(%rsp)
	movdqa	%xmm3,112(%rsp)





	movl	126(%rsp),%eax
	movq	%rax,%rdx
	shrq	$11,%rax
	andl	$2047,%edx
	movl	%edx,126(%rsp)
	leaq	640(%rsp,%rax,2),%rsi
	movq	8(%rsp),%rdx
	movq	$4,%rbp
loop_2:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_2
	movq	$505,48(%rsp)

	movq	8(%rsp),%rcx
	movq	%rcx,136(%rsp)
	movq	0(%rcx),%r10
	movq	8(%rcx),%r11
	movq	16(%rcx),%r12
	movq	24(%rcx),%r13
	movq	32(%rcx),%r14
	movq	40(%rcx),%r15
	movq	48(%rcx),%r8
	movq	56(%rcx),%r9
	jmp	sqr_2

main_loop_a3b:
	call	sqr_reduce
	call	sqr_reduce
	call	sqr_reduce
sqr_2:
	call	sqr_reduce
	call	sqr_reduce



	movq	48(%rsp),%rcx
	movq	%rcx,%rax
	shrq	$4,%rax
	movl	64(%rsp,%rax,2),%edx
	andq	$15,%rcx
	shrq	%cl,%rdx
	andq	$31,%rdx

	leaq	640(%rsp,%rdx,2),%rsi
	leaq	448(%rsp),%rdx
	movq	%rdx,%rdi
	movq	$4,%rbp
loop_3:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_3
	movq	8(%rsp),%rsi
	call	mont_mul_a3b



	movq	48(%rsp),%rcx
	subq	$5,%rcx
	movq	%rcx,48(%rsp)
	jge	main_loop_a3b



end_main_loop_a3b:


	movq	8(%rsp),%rdx
	pxor	%xmm4,%xmm4
	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3
	movdqa	%xmm4,576(%rsp)
	movdqa	%xmm4,592(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,512(%rsp)
	movdqa	%xmm1,528(%rsp)
	movdqa	%xmm2,544(%rsp)
	movdqa	%xmm3,560(%rsp)
	call	mont_reduce



	movq	8(%rsp),%rax
	movq	0(%rax),%r8
	movq	8(%rax),%r9
	movq	16(%rax),%r10
	movq	24(%rax),%r11
	movq	32(%rax),%r12
	movq	40(%rax),%r13
	movq	48(%rax),%r14
	movq	56(%rax),%r15


	movq	24(%rsp),%rbx
	addq	$512,%rbx

	subq	0(%rbx),%r8
	sbbq	8(%rbx),%r9
	sbbq	16(%rbx),%r10
	sbbq	24(%rbx),%r11
	sbbq	32(%rbx),%r12
	sbbq	40(%rbx),%r13
	sbbq	48(%rbx),%r14
	sbbq	56(%rbx),%r15


	movq	0(%rax),%rsi
	movq	8(%rax),%rdi
	movq	16(%rax),%rcx
	movq	24(%rax),%rdx
	cmovncq	%r8,%rsi
	cmovncq	%r9,%rdi
	cmovncq	%r10,%rcx
	cmovncq	%r11,%rdx
	movq	%rsi,0(%rax)
	movq	%rdi,8(%rax)
	movq	%rcx,16(%rax)
	movq	%rdx,24(%rax)

	movq	32(%rax),%rsi
	movq	40(%rax),%rdi
	movq	48(%rax),%rcx
	movq	56(%rax),%rdx
	cmovncq	%r12,%rsi
	cmovncq	%r13,%rdi
	cmovncq	%r14,%rcx
	cmovncq	%r15,%rdx
	movq	%rsi,32(%rax)
	movq	%rdi,40(%rax)
	movq	%rcx,48(%rax)
	movq	%rdx,56(%rax)

	movq	0(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbx
	movq	40(%rsi),%rbp
	leaq	48(%rsi),%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	mod_exp_512, . - mod_exp_512
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/bn/modexp512-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
.text	

.type	MULADD_128x512,@function
.align	16
MULADD_128x512:
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	.byte	0xf3,0xc3
.size	MULADD_128x512,.-MULADD_128x512
.type	mont_reduce,@function
.align	16
mont_reduce:
	leaq	192(%rsp),%rdi
	movq	32(%rsp),%rsi
	addq	$576,%rsi
	leaq	520(%rsp),%rcx

	movq	96(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	movq	(%rcx),%r8
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	movq	8(%rcx),%r9
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	movq	16(%rcx),%r10
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	movq	24(%rcx),%r11
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	movq	32(%rcx),%r12
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	movq	40(%rcx),%r13
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	movq	48(%rcx),%r14
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	movq	56(%rcx),%r15
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	104(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	112(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,16(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	120(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,24(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	xorq	%rax,%rax

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9
	adcq	80(%rcx),%r10
	adcq	88(%rcx),%r11
	adcq	$0,%rax




	movq	%r8,64(%rdi)
	movq	%r9,72(%rdi)
	movq	%r10,%rbp
	movq	%r11,88(%rdi)

	movq	%rax,384(%rsp)

	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11








	addq	$80,%rdi

	addq	$64,%rsi
	leaq	296(%rsp),%rcx

	call	MULADD_128x512			

	movq	384(%rsp),%rax


	addq	-16(%rdi),%r8
	adcq	-8(%rdi),%r9
	movq	%r8,64(%rcx)
	movq	%r9,72(%rcx)

	adcq	%rax,%rax
	movq	%rax,384(%rsp)

	leaq	192(%rsp),%rdi
	addq	$64,%rsi





	movq	(%rsi),%r8
	movq	8(%rsi),%rbx

	movq	(%rcx),%rax
	mulq	%r8
	movq	%rax,%rbp
	movq	%rdx,%r9

	movq	8(%rcx),%rax
	mulq	%r8
	addq	%rax,%r9

	movq	(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r9

	movq	%r9,8(%rdi)


	subq	$192,%rsi

	movq	(%rcx),%r8
	movq	8(%rcx),%r9

	call	MULADD_128x512			




	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdi
	movq	24(%rsi),%rdx


	movq	384(%rsp),%rbp

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9


	adcq	%rbp,%rbp



	shlq	$3,%rbp
	movq	32(%rsp),%rcx
	addq	%rcx,%rbp


	xorq	%rsi,%rsi

	addq	0(%rbp),%r10
	adcq	64(%rbp),%r11
	adcq	128(%rbp),%r12
	adcq	192(%rbp),%r13
	adcq	256(%rbp),%r14
	adcq	320(%rbp),%r15
	adcq	384(%rbp),%r8
	adcq	448(%rbp),%r9



	sbbq	$0,%rsi


	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx

	movq	$1,%rbp
	subq	%rax,%r10
	sbbq	%rbx,%r11
	sbbq	%rdi,%r12
	sbbq	%rdx,%r13




	sbbq	$0,%rbp



	addq	$512,%rcx
	movq	32(%rcx),%rax
	movq	40(%rcx),%rbx
	movq	48(%rcx),%rdi
	movq	56(%rcx),%rdx



	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx



	subq	$1,%rbp

	sbbq	%rax,%r14
	sbbq	%rbx,%r15
	sbbq	%rdi,%r8
	sbbq	%rdx,%r9



	movq	144(%rsp),%rsi
	movq	%r10,0(%rsi)
	movq	%r11,8(%rsi)
	movq	%r12,16(%rsi)
	movq	%r13,24(%rsi)
	movq	%r14,32(%rsi)
	movq	%r15,40(%rsi)
	movq	%r8,48(%rsi)
	movq	%r9,56(%rsi)

	.byte	0xf3,0xc3
.size	mont_reduce,.-mont_reduce
.type	mont_mul_a3b,@function
.align	16
mont_mul_a3b:




	movq	0(%rdi),%rbp

	movq	%r10,%rax
	mulq	%rbp
	movq	%rax,520(%rsp)
	movq	%rdx,%r10
	movq	%r11,%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r12,%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r13,%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r14,%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r15,%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r8,%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,528(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	16(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,536(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	24(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,544(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	32(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,552(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	40(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%r14,560(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	48(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,568(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	56(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,576(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,584(%rsp)
	movq	%r10,592(%rsp)
	movq	%r11,600(%rsp)
	movq	%r12,608(%rsp)
	movq	%r13,616(%rsp)
	movq	%r14,624(%rsp)
	movq	%r15,632(%rsp)
	movq	%r8,640(%rsp)





	jmp	mont_reduce


.size	mont_mul_a3b,.-mont_mul_a3b
.type	sqr_reduce,@function
.align	16
sqr_reduce:
	movq	16(%rsp),%rcx



	movq	%r10,%rbx

	movq	%r11,%rax
	mulq	%rbx
	movq	%rax,528(%rsp)
	movq	%rdx,%r10
	movq	%r12,%rax
	mulq	%rbx
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r13,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r14,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r15,%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%rsi

	movq	%r10,536(%rsp)





	movq	8(%rcx),%rbx

	movq	16(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,544(%rsp)

	movq	%rdx,%r10
	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,552(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	16(%rcx),%rbx

	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,560(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx
	movq	%r14,568(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r12





	movq	24(%rcx),%rbx

	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,576(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx
	movq	%rsi,584(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx

	movq	%rdx,%r15




	movq	32(%rcx),%rbx

	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,592(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,600(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	40(%rcx),%rbx

	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,608(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx
	movq	%r11,616(%rsp)

	movq	%rdx,%r12




	movq	%r8,%rbx

	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,624(%rsp)

	movq	%rdx,632(%rsp)


	movq	528(%rsp),%r10
	movq	536(%rsp),%r11
	movq	544(%rsp),%r12
	movq	552(%rsp),%r13
	movq	560(%rsp),%r14
	movq	568(%rsp),%r15

	movq	24(%rcx),%rax
	mulq	%rax
	movq	%rax,%rdi
	movq	%rdx,%r8

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	$0,%r8

	movq	0(%rcx),%rax
	mulq	%rax
	movq	%rax,520(%rsp)
	movq	%rdx,%rbx

	movq	8(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbx
	movq	%r10,528(%rsp)
	movq	%r11,536(%rsp)

	movq	16(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbx

	movq	%r12,544(%rsp)
	movq	%r13,552(%rsp)

	xorq	%rbp,%rbp
	addq	%rbx,%r14
	adcq	%rdi,%r15
	adcq	$0,%rbp

	movq	%r14,560(%rsp)
	movq	%r15,568(%rsp)




	movq	576(%rsp),%r10
	movq	584(%rsp),%r11
	movq	592(%rsp),%r12
	movq	600(%rsp),%r13
	movq	608(%rsp),%r14
	movq	616(%rsp),%r15
	movq	624(%rsp),%rdi
	movq	632(%rsp),%rsi

	movq	%r9,%rax
	mulq	%rax
	movq	%rax,%r9
	movq	%rdx,%rbx

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	%rdi,%rdi
	adcq	%rsi,%rsi
	adcq	$0,%rbx

	addq	%rbp,%r10

	movq	32(%rcx),%rax
	mulq	%rax

	addq	%r8,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r10,576(%rsp)
	movq	%r11,584(%rsp)

	movq	40(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r12,592(%rsp)
	movq	%r13,600(%rsp)

	movq	48(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r14
	adcq	%rax,%r15
	adcq	$0,%rdx

	movq	%r14,608(%rsp)
	movq	%r15,616(%rsp)

	addq	%rdx,%rdi
	adcq	%r9,%rsi
	adcq	$0,%rbx

	movq	%rdi,624(%rsp)
	movq	%rsi,632(%rsp)
	movq	%rbx,640(%rsp)

	jmp	mont_reduce


.size	sqr_reduce,.-sqr_reduce
.globl	mod_exp_512
.type	mod_exp_512,@function
mod_exp_512:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r8
	subq	$2688,%rsp
	andq	$-64,%rsp


	movq	%r8,0(%rsp)
	movq	%rdi,8(%rsp)
	movq	%rsi,16(%rsp)
	movq	%rcx,24(%rsp)
.Lbody:



	pxor	%xmm4,%xmm4
	movdqu	0(%rsi),%xmm0
	movdqu	16(%rsi),%xmm1
	movdqu	32(%rsi),%xmm2
	movdqu	48(%rsi),%xmm3
	movdqa	%xmm4,512(%rsp)
	movdqa	%xmm4,528(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,544(%rsp)
	movdqa	%xmm1,560(%rsp)
	movdqa	%xmm2,576(%rsp)
	movdqa	%xmm3,592(%rsp)


	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3

	leaq	384(%rsp),%rbx
	movq	%rbx,136(%rsp)
	call	mont_reduce


	leaq	448(%rsp),%rcx
	xorq	%rax,%rax
	movq	%rax,0(%rcx)
	movq	%rax,8(%rcx)
	movq	%rax,24(%rcx)
	movq	%rax,32(%rcx)
	movq	%rax,40(%rcx)
	movq	%rax,48(%rcx)
	movq	%rax,56(%rcx)
	movq	%rax,128(%rsp)
	movq	$1,16(%rcx)

	leaq	640(%rsp),%rbp
	movq	%rcx,%rsi
	movq	%rbp,%rdi
	movq	$8,%rax
loop_0:
	movq	(%rcx),%rbx
	movw	%bx,(%rdi)
	shrq	$16,%rbx
	movw	%bx,64(%rdi)
	shrq	$16,%rbx
	movw	%bx,128(%rdi)
	shrq	$16,%rbx
	movw	%bx,192(%rdi)
	leaq	8(%rcx),%rcx
	leaq	256(%rdi),%rdi
	decq	%rax
	jnz	loop_0
	movq	$31,%rax
	movq	%rax,32(%rsp)
	movq	%rbp,40(%rsp)

	movq	%rsi,136(%rsp)
	movq	0(%rsi),%r10
	movq	8(%rsi),%r11
	movq	16(%rsi),%r12
	movq	24(%rsi),%r13
	movq	32(%rsi),%r14
	movq	40(%rsi),%r15
	movq	48(%rsi),%r8
	movq	56(%rsi),%r9
init_loop:
	leaq	384(%rsp),%rdi
	call	mont_mul_a3b
	leaq	448(%rsp),%rsi
	movq	40(%rsp),%rbp
	addq	$2,%rbp
	movq	%rbp,40(%rsp)
	movq	%rsi,%rcx
	movq	$8,%rax
loop_1:
	movq	(%rcx),%rbx
	movw	%bx,(%rbp)
	shrq	$16,%rbx
	movw	%bx,64(%rbp)
	shrq	$16,%rbx
	movw	%bx,128(%rbp)
	shrq	$16,%rbx
	movw	%bx,192(%rbp)
	leaq	8(%rcx),%rcx
	leaq	256(%rbp),%rbp
	decq	%rax
	jnz	loop_1
	movq	32(%rsp),%rax
	subq	$1,%rax
	movq	%rax,32(%rsp)
	jne	init_loop



	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm1,80(%rsp)
	movdqa	%xmm2,96(%rsp)
	movdqa	%xmm3,112(%rsp)





	movl	126(%rsp),%eax
	movq	%rax,%rdx
	shrq	$11,%rax
	andl	$2047,%edx
	movl	%edx,126(%rsp)
	leaq	640(%rsp,%rax,2),%rsi
	movq	8(%rsp),%rdx
	movq	$4,%rbp
loop_2:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_2
	movq	$505,48(%rsp)

	movq	8(%rsp),%rcx
	movq	%rcx,136(%rsp)
	movq	0(%rcx),%r10
	movq	8(%rcx),%r11
	movq	16(%rcx),%r12
	movq	24(%rcx),%r13
	movq	32(%rcx),%r14
	movq	40(%rcx),%r15
	movq	48(%rcx),%r8
	movq	56(%rcx),%r9
	jmp	sqr_2

main_loop_a3b:
	call	sqr_reduce
	call	sqr_reduce
	call	sqr_reduce
sqr_2:
	call	sqr_reduce
	call	sqr_reduce



	movq	48(%rsp),%rcx
	movq	%rcx,%rax
	shrq	$4,%rax
	movl	64(%rsp,%rax,2),%edx
	andq	$15,%rcx
	shrq	%cl,%rdx
	andq	$31,%rdx

	leaq	640(%rsp,%rdx,2),%rsi
	leaq	448(%rsp),%rdx
	movq	%rdx,%rdi
	movq	$4,%rbp
loop_3:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_3
	movq	8(%rsp),%rsi
	call	mont_mul_a3b



	movq	48(%rsp),%rcx
	subq	$5,%rcx
	movq	%rcx,48(%rsp)
	jge	main_loop_a3b



end_main_loop_a3b:


	movq	8(%rsp),%rdx
	pxor	%xmm4,%xmm4
	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3
	movdqa	%xmm4,576(%rsp)
	movdqa	%xmm4,592(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,512(%rsp)
	movdqa	%xmm1,528(%rsp)
	movdqa	%xmm2,544(%rsp)
	movdqa	%xmm3,560(%rsp)
	call	mont_reduce



	movq	8(%rsp),%rax
	movq	0(%rax),%r8
	movq	8(%rax),%r9
	movq	16(%rax),%r10
	movq	24(%rax),%r11
	movq	32(%rax),%r12
	movq	40(%rax),%r13
	movq	48(%rax),%r14
	movq	56(%rax),%r15


	movq	24(%rsp),%rbx
	addq	$512,%rbx

	subq	0(%rbx),%r8
	sbbq	8(%rbx),%r9
	sbbq	16(%rbx),%r10
	sbbq	24(%rbx),%r11
	sbbq	32(%rbx),%r12
	sbbq	40(%rbx),%r13
	sbbq	48(%rbx),%r14
	sbbq	56(%rbx),%r15


	movq	0(%rax),%rsi
	movq	8(%rax),%rdi
	movq	16(%rax),%rcx
	movq	24(%rax),%rdx
	cmovncq	%r8,%rsi
	cmovncq	%r9,%rdi
	cmovncq	%r10,%rcx
	cmovncq	%r11,%rdx
	movq	%rsi,0(%rax)
	movq	%rdi,8(%rax)
	movq	%rcx,16(%rax)
	movq	%rdx,24(%rax)

	movq	32(%rax),%rsi
	movq	40(%rax),%rdi
	movq	48(%rax),%rcx
	movq	56(%rax),%rdx
	cmovncq	%r12,%rsi
	cmovncq	%r13,%rdi
	cmovncq	%r14,%rcx
	cmovncq	%r15,%rdx
	movq	%rsi,32(%rax)
	movq	%rdi,40(%rax)
	movq	%rcx,48(%rax)
	movq	%rdx,56(%rax)

	movq	0(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbx
	movq	40(%rsi),%rbp
	leaq	48(%rsi),%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	mod_exp_512, . - mod_exp_512
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/modexp512-macosx-x86_64.S.




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
#include "x86_arch.h"
.text	


.p2align	4
MULADD_128x512:
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	.byte	0xf3,0xc3


.p2align	4
mont_reduce:
	leaq	192(%rsp),%rdi
	movq	32(%rsp),%rsi
	addq	$576,%rsi
	leaq	520(%rsp),%rcx

	movq	96(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	movq	(%rcx),%r8
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	movq	8(%rcx),%r9
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	movq	16(%rcx),%r10
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	movq	24(%rcx),%r11
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	movq	32(%rcx),%r12
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	movq	40(%rcx),%r13
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	movq	48(%rcx),%r14
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	movq	56(%rcx),%r15
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	104(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	112(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,16(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	120(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,24(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	xorq	%rax,%rax

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9
	adcq	80(%rcx),%r10
	adcq	88(%rcx),%r11
	adcq	$0,%rax




	movq	%r8,64(%rdi)
	movq	%r9,72(%rdi)
	movq	%r10,%rbp
	movq	%r11,88(%rdi)

	movq	%rax,384(%rsp)

	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11








	addq	$80,%rdi

	addq	$64,%rsi
	leaq	296(%rsp),%rcx

	call	MULADD_128x512			

	movq	384(%rsp),%rax


	addq	-16(%rdi),%r8
	adcq	-8(%rdi),%r9
	movq	%r8,64(%rcx)
	movq	%r9,72(%rcx)

	adcq	%rax,%rax
	movq	%rax,384(%rsp)

	leaq	192(%rsp),%rdi
	addq	$64,%rsi





	movq	(%rsi),%r8
	movq	8(%rsi),%rbx

	movq	(%rcx),%rax
	mulq	%r8
	movq	%rax,%rbp
	movq	%rdx,%r9

	movq	8(%rcx),%rax
	mulq	%r8
	addq	%rax,%r9

	movq	(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r9

	movq	%r9,8(%rdi)


	subq	$192,%rsi

	movq	(%rcx),%r8
	movq	8(%rcx),%r9

	call	MULADD_128x512			




	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdi
	movq	24(%rsi),%rdx


	movq	384(%rsp),%rbp

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9


	adcq	%rbp,%rbp



	shlq	$3,%rbp
	movq	32(%rsp),%rcx
	addq	%rcx,%rbp


	xorq	%rsi,%rsi

	addq	0(%rbp),%r10
	adcq	64(%rbp),%r11
	adcq	128(%rbp),%r12
	adcq	192(%rbp),%r13
	adcq	256(%rbp),%r14
	adcq	320(%rbp),%r15
	adcq	384(%rbp),%r8
	adcq	448(%rbp),%r9



	sbbq	$0,%rsi


	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx

	movq	$1,%rbp
	subq	%rax,%r10
	sbbq	%rbx,%r11
	sbbq	%rdi,%r12
	sbbq	%rdx,%r13




	sbbq	$0,%rbp



	addq	$512,%rcx
	movq	32(%rcx),%rax
	movq	40(%rcx),%rbx
	movq	48(%rcx),%rdi
	movq	56(%rcx),%rdx



	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx



	subq	$1,%rbp

	sbbq	%rax,%r14
	sbbq	%rbx,%r15
	sbbq	%rdi,%r8
	sbbq	%rdx,%r9



	movq	144(%rsp),%rsi
	movq	%r10,0(%rsi)
	movq	%r11,8(%rsi)
	movq	%r12,16(%rsi)
	movq	%r13,24(%rsi)
	movq	%r14,32(%rsi)
	movq	%r15,40(%rsi)
	movq	%r8,48(%rsi)
	movq	%r9,56(%rsi)

	.byte	0xf3,0xc3


.p2align	4
mont_mul_a3b:




	movq	0(%rdi),%rbp

	movq	%r10,%rax
	mulq	%rbp
	movq	%rax,520(%rsp)
	movq	%rdx,%r10
	movq	%r11,%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r12,%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r13,%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r14,%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r15,%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r8,%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,528(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	16(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,536(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	24(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,544(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	32(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,552(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	40(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%r14,560(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	48(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,568(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	56(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,576(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,584(%rsp)
	movq	%r10,592(%rsp)
	movq	%r11,600(%rsp)
	movq	%r12,608(%rsp)
	movq	%r13,616(%rsp)
	movq	%r14,624(%rsp)
	movq	%r15,632(%rsp)
	movq	%r8,640(%rsp)





	jmp	mont_reduce




.p2align	4
sqr_reduce:
	movq	16(%rsp),%rcx



	movq	%r10,%rbx

	movq	%r11,%rax
	mulq	%rbx
	movq	%rax,528(%rsp)
	movq	%rdx,%r10
	movq	%r12,%rax
	mulq	%rbx
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r13,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r14,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r15,%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%rsi

	movq	%r10,536(%rsp)





	movq	8(%rcx),%rbx

	movq	16(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,544(%rsp)

	movq	%rdx,%r10
	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,552(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	16(%rcx),%rbx

	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,560(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx
	movq	%r14,568(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r12





	movq	24(%rcx),%rbx

	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,576(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx
	movq	%rsi,584(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx

	movq	%rdx,%r15




	movq	32(%rcx),%rbx

	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,592(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,600(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	40(%rcx),%rbx

	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,608(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx
	movq	%r11,616(%rsp)

	movq	%rdx,%r12




	movq	%r8,%rbx

	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,624(%rsp)

	movq	%rdx,632(%rsp)


	movq	528(%rsp),%r10
	movq	536(%rsp),%r11
	movq	544(%rsp),%r12
	movq	552(%rsp),%r13
	movq	560(%rsp),%r14
	movq	568(%rsp),%r15

	movq	24(%rcx),%rax
	mulq	%rax
	movq	%rax,%rdi
	movq	%rdx,%r8

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	$0,%r8

	movq	0(%rcx),%rax
	mulq	%rax
	movq	%rax,520(%rsp)
	movq	%rdx,%rbx

	movq	8(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbx
	movq	%r10,528(%rsp)
	movq	%r11,536(%rsp)

	movq	16(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbx

	movq	%r12,544(%rsp)
	movq	%r13,552(%rsp)

	xorq	%rbp,%rbp
	addq	%rbx,%r14
	adcq	%rdi,%r15
	adcq	$0,%rbp

	movq	%r14,560(%rsp)
	movq	%r15,568(%rsp)




	movq	576(%rsp),%r10
	movq	584(%rsp),%r11
	movq	592(%rsp),%r12
	movq	600(%rsp),%r13
	movq	608(%rsp),%r14
	movq	616(%rsp),%r15
	movq	624(%rsp),%rdi
	movq	632(%rsp),%rsi

	movq	%r9,%rax
	mulq	%rax
	movq	%rax,%r9
	movq	%rdx,%rbx

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	%rdi,%rdi
	adcq	%rsi,%rsi
	adcq	$0,%rbx

	addq	%rbp,%r10

	movq	32(%rcx),%rax
	mulq	%rax

	addq	%r8,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r10,576(%rsp)
	movq	%r11,584(%rsp)

	movq	40(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r12,592(%rsp)
	movq	%r13,600(%rsp)

	movq	48(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r14
	adcq	%rax,%r15
	adcq	$0,%rdx

	movq	%r14,608(%rsp)
	movq	%r15,616(%rsp)

	addq	%rdx,%rdi
	adcq	%r9,%rsi
	adcq	$0,%rbx

	movq	%rdi,624(%rsp)
	movq	%rsi,632(%rsp)
	movq	%rbx,640(%rsp)

	jmp	mont_reduce



.globl	_mod_exp_512

_mod_exp_512:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r8
	subq	$2688,%rsp
	andq	$-64,%rsp


	movq	%r8,0(%rsp)
	movq	%rdi,8(%rsp)
	movq	%rsi,16(%rsp)
	movq	%rcx,24(%rsp)
L$body:



	pxor	%xmm4,%xmm4
	movdqu	0(%rsi),%xmm0
	movdqu	16(%rsi),%xmm1
	movdqu	32(%rsi),%xmm2
	movdqu	48(%rsi),%xmm3
	movdqa	%xmm4,512(%rsp)
	movdqa	%xmm4,528(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,544(%rsp)
	movdqa	%xmm1,560(%rsp)
	movdqa	%xmm2,576(%rsp)
	movdqa	%xmm3,592(%rsp)


	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3

	leaq	384(%rsp),%rbx
	movq	%rbx,136(%rsp)
	call	mont_reduce


	leaq	448(%rsp),%rcx
	xorq	%rax,%rax
	movq	%rax,0(%rcx)
	movq	%rax,8(%rcx)
	movq	%rax,24(%rcx)
	movq	%rax,32(%rcx)
	movq	%rax,40(%rcx)
	movq	%rax,48(%rcx)
	movq	%rax,56(%rcx)
	movq	%rax,128(%rsp)
	movq	$1,16(%rcx)

	leaq	640(%rsp),%rbp
	movq	%rcx,%rsi
	movq	%rbp,%rdi
	movq	$8,%rax
loop_0:
	movq	(%rcx),%rbx
	movw	%bx,(%rdi)
	shrq	$16,%rbx
	movw	%bx,64(%rdi)
	shrq	$16,%rbx
	movw	%bx,128(%rdi)
	shrq	$16,%rbx
	movw	%bx,192(%rdi)
	leaq	8(%rcx),%rcx
	leaq	256(%rdi),%rdi
	decq	%rax
	jnz	loop_0
	movq	$31,%rax
	movq	%rax,32(%rsp)
	movq	%rbp,40(%rsp)

	movq	%rsi,136(%rsp)
	movq	0(%rsi),%r10
	movq	8(%rsi),%r11
	movq	16(%rsi),%r12
	movq	24(%rsi),%r13
	movq	32(%rsi),%r14
	movq	40(%rsi),%r15
	movq	48(%rsi),%r8
	movq	56(%rsi),%r9
init_loop:
	leaq	384(%rsp),%rdi
	call	mont_mul_a3b
	leaq	448(%rsp),%rsi
	movq	40(%rsp),%rbp
	addq	$2,%rbp
	movq	%rbp,40(%rsp)
	movq	%rsi,%rcx
	movq	$8,%rax
loop_1:
	movq	(%rcx),%rbx
	movw	%bx,(%rbp)
	shrq	$16,%rbx
	movw	%bx,64(%rbp)
	shrq	$16,%rbx
	movw	%bx,128(%rbp)
	shrq	$16,%rbx
	movw	%bx,192(%rbp)
	leaq	8(%rcx),%rcx
	leaq	256(%rbp),%rbp
	decq	%rax
	jnz	loop_1
	movq	32(%rsp),%rax
	subq	$1,%rax
	movq	%rax,32(%rsp)
	jne	init_loop



	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm1,80(%rsp)
	movdqa	%xmm2,96(%rsp)
	movdqa	%xmm3,112(%rsp)





	movl	126(%rsp),%eax
	movq	%rax,%rdx
	shrq	$11,%rax
	andl	$2047,%edx
	movl	%edx,126(%rsp)
	leaq	640(%rsp,%rax,2),%rsi
	movq	8(%rsp),%rdx
	movq	$4,%rbp
loop_2:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_2
	movq	$505,48(%rsp)

	movq	8(%rsp),%rcx
	movq	%rcx,136(%rsp)
	movq	0(%rcx),%r10
	movq	8(%rcx),%r11
	movq	16(%rcx),%r12
	movq	24(%rcx),%r13
	movq	32(%rcx),%r14
	movq	40(%rcx),%r15
	movq	48(%rcx),%r8
	movq	56(%rcx),%r9
	jmp	sqr_2

main_loop_a3b:
	call	sqr_reduce
	call	sqr_reduce
	call	sqr_reduce
sqr_2:
	call	sqr_reduce
	call	sqr_reduce



	movq	48(%rsp),%rcx
	movq	%rcx,%rax
	shrq	$4,%rax
	movl	64(%rsp,%rax,2),%edx
	andq	$15,%rcx
	shrq	%cl,%rdx
	andq	$31,%rdx

	leaq	640(%rsp,%rdx,2),%rsi
	leaq	448(%rsp),%rdx
	movq	%rdx,%rdi
	movq	$4,%rbp
loop_3:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_3
	movq	8(%rsp),%rsi
	call	mont_mul_a3b



	movq	48(%rsp),%rcx
	subq	$5,%rcx
	movq	%rcx,48(%rsp)
	jge	main_loop_a3b



end_main_loop_a3b:


	movq	8(%rsp),%rdx
	pxor	%xmm4,%xmm4
	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3
	movdqa	%xmm4,576(%rsp)
	movdqa	%xmm4,592(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,512(%rsp)
	movdqa	%xmm1,528(%rsp)
	movdqa	%xmm2,544(%rsp)
	movdqa	%xmm3,560(%rsp)
	call	mont_reduce



	movq	8(%rsp),%rax
	movq	0(%rax),%r8
	movq	8(%rax),%r9
	movq	16(%rax),%r10
	movq	24(%rax),%r11
	movq	32(%rax),%r12
	movq	40(%rax),%r13
	movq	48(%rax),%r14
	movq	56(%rax),%r15


	movq	24(%rsp),%rbx
	addq	$512,%rbx

	subq	0(%rbx),%r8
	sbbq	8(%rbx),%r9
	sbbq	16(%rbx),%r10
	sbbq	24(%rbx),%r11
	sbbq	32(%rbx),%r12
	sbbq	40(%rbx),%r13
	sbbq	48(%rbx),%r14
	sbbq	56(%rbx),%r15


	movq	0(%rax),%rsi
	movq	8(%rax),%rdi
	movq	16(%rax),%rcx
	movq	24(%rax),%rdx
	cmovncq	%r8,%rsi
	cmovncq	%r9,%rdi
	cmovncq	%r10,%rcx
	cmovncq	%r11,%rdx
	movq	%rsi,0(%rax)
	movq	%rdi,8(%rax)
	movq	%rcx,16(%rax)
	movq	%rdx,24(%rax)

	movq	32(%rax),%rsi
	movq	40(%rax),%rdi
	movq	48(%rax),%rcx
	movq	56(%rax),%rdx
	cmovncq	%r12,%rsi
	cmovncq	%r13,%rdi
	cmovncq	%r14,%rcx
	cmovncq	%r15,%rdx
	movq	%rsi,32(%rax)
	movq	%rdi,40(%rax)
	movq	%rcx,48(%rax)
	movq	%rdx,56(%rax)

	movq	0(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbx
	movq	40(%rsi),%rbp
	leaq	48(%rsi),%rsp
L$epilogue:
	.byte	0xf3,0xc3

Deleted jni/libressl/crypto/bn/modexp512-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
.text	


.p2align	4
MULADD_128x512:
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rcx)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	.byte	0xf3,0xc3


.p2align	4
mont_reduce:
	leaq	192(%rsp),%rdi
	movq	32(%rsp),%rsi
	addq	$576,%rsi
	leaq	520(%rsp),%rcx

	movq	96(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	movq	(%rcx),%r8
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,0(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	movq	8(%rcx),%r9
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	movq	16(%rcx),%r10
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	movq	24(%rcx),%r11
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	movq	32(%rcx),%r12
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	movq	40(%rcx),%r13
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	movq	48(%rcx),%r14
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	movq	56(%rcx),%r15
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	104(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	movq	%r9,8(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	112(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,16(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	120(%rcx),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,24(%rdi)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	xorq	%rax,%rax

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9
	adcq	80(%rcx),%r10
	adcq	88(%rcx),%r11
	adcq	$0,%rax




	movq	%r8,64(%rdi)
	movq	%r9,72(%rdi)
	movq	%r10,%rbp
	movq	%r11,88(%rdi)

	movq	%rax,384(%rsp)

	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11








	addq	$80,%rdi

	addq	$64,%rsi
	leaq	296(%rsp),%rcx

	call	MULADD_128x512			

	movq	384(%rsp),%rax


	addq	-16(%rdi),%r8
	adcq	-8(%rdi),%r9
	movq	%r8,64(%rcx)
	movq	%r9,72(%rcx)

	adcq	%rax,%rax
	movq	%rax,384(%rsp)

	leaq	192(%rsp),%rdi
	addq	$64,%rsi





	movq	(%rsi),%r8
	movq	8(%rsi),%rbx

	movq	(%rcx),%rax
	mulq	%r8
	movq	%rax,%rbp
	movq	%rdx,%r9

	movq	8(%rcx),%rax
	mulq	%r8
	addq	%rax,%r9

	movq	(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r9

	movq	%r9,8(%rdi)


	subq	$192,%rsi

	movq	(%rcx),%r8
	movq	8(%rcx),%r9

	call	MULADD_128x512			




	movq	0(%rsi),%rax
	movq	8(%rsi),%rbx
	movq	16(%rsi),%rdi
	movq	24(%rsi),%rdx


	movq	384(%rsp),%rbp

	addq	64(%rcx),%r8
	adcq	72(%rcx),%r9


	adcq	%rbp,%rbp



	shlq	$3,%rbp
	movq	32(%rsp),%rcx
	addq	%rcx,%rbp


	xorq	%rsi,%rsi

	addq	0(%rbp),%r10
	adcq	64(%rbp),%r11
	adcq	128(%rbp),%r12
	adcq	192(%rbp),%r13
	adcq	256(%rbp),%r14
	adcq	320(%rbp),%r15
	adcq	384(%rbp),%r8
	adcq	448(%rbp),%r9



	sbbq	$0,%rsi


	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx

	movq	$1,%rbp
	subq	%rax,%r10
	sbbq	%rbx,%r11
	sbbq	%rdi,%r12
	sbbq	%rdx,%r13




	sbbq	$0,%rbp



	addq	$512,%rcx
	movq	32(%rcx),%rax
	movq	40(%rcx),%rbx
	movq	48(%rcx),%rdi
	movq	56(%rcx),%rdx



	andq	%rsi,%rax
	andq	%rsi,%rbx
	andq	%rsi,%rdi
	andq	%rsi,%rdx



	subq	$1,%rbp

	sbbq	%rax,%r14
	sbbq	%rbx,%r15
	sbbq	%rdi,%r8
	sbbq	%rdx,%r9



	movq	144(%rsp),%rsi
	movq	%r10,0(%rsi)
	movq	%r11,8(%rsi)
	movq	%r12,16(%rsi)
	movq	%r13,24(%rsi)
	movq	%r14,32(%rsi)
	movq	%r15,40(%rsi)
	movq	%r8,48(%rsi)
	movq	%r9,56(%rsi)

	.byte	0xf3,0xc3


.p2align	4
mont_mul_a3b:




	movq	0(%rdi),%rbp

	movq	%r10,%rax
	mulq	%rbp
	movq	%rax,520(%rsp)
	movq	%rdx,%r10
	movq	%r11,%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r12,%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r13,%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r14,%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r15,%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r8,%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%rdx,%r9
	movq	8(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%r10,528(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%r10
	movq	16(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,536(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	24(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,544(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	32(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,552(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	40(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%r14,560(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	48(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,568(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	addq	%rbx,%r8
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	56(%rdi),%rbp
	movq	0(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r8
	adcq	$0,%rdx
	movq	%r8,576(%rsp)
	movq	%rdx,%rbx

	movq	8(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r9
	adcq	$0,%rdx
	addq	%rbx,%r9
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	16(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r10
	adcq	$0,%rdx
	addq	%rbx,%r10
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	24(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%rbx,%r11
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	32(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%rbx,%r12
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	40(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%rbx,%r13
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	48(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%rbx,%r14
	adcq	$0,%rdx
	movq	%rdx,%rbx

	movq	56(%rsi),%rax
	mulq	%rbp
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%rbx,%r15
	adcq	$0,%rdx
	movq	%rdx,%r8
	movq	%r9,584(%rsp)
	movq	%r10,592(%rsp)
	movq	%r11,600(%rsp)
	movq	%r12,608(%rsp)
	movq	%r13,616(%rsp)
	movq	%r14,624(%rsp)
	movq	%r15,632(%rsp)
	movq	%r8,640(%rsp)





	jmp	mont_reduce




.p2align	4
sqr_reduce:
	movq	16(%rsp),%rcx



	movq	%r10,%rbx

	movq	%r11,%rax
	mulq	%rbx
	movq	%rax,528(%rsp)
	movq	%rdx,%r10
	movq	%r12,%rax
	mulq	%rbx
	addq	%rax,%r10
	adcq	$0,%rdx
	movq	%rdx,%r11
	movq	%r13,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%rdx,%r12
	movq	%r14,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%rdx,%r13
	movq	%r15,%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%rdx,%r14
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	movq	%rdx,%r15
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%rdx,%rsi

	movq	%r10,536(%rsp)





	movq	8(%rcx),%rbx

	movq	16(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,544(%rsp)

	movq	%rdx,%r10
	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,552(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	16(%rcx),%rbx

	movq	24(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r13
	adcq	$0,%rdx
	movq	%r13,560(%rsp)

	movq	%rdx,%r10
	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r14
	adcq	$0,%rdx
	addq	%r10,%r14
	adcq	$0,%rdx
	movq	%r14,568(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r12





	movq	24(%rcx),%rbx

	movq	32(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,576(%rsp)

	movq	%rdx,%r10
	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%rsi
	adcq	$0,%rdx
	addq	%r10,%rsi
	adcq	$0,%rdx
	movq	%rsi,584(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx

	movq	%rdx,%r15




	movq	32(%rcx),%rbx

	movq	40(%rcx),%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	movq	%r11,592(%rsp)

	movq	%rdx,%r10
	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	addq	%r10,%r12
	adcq	$0,%rdx
	movq	%r12,600(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	addq	%r10,%r15
	adcq	$0,%rdx

	movq	%rdx,%r11




	movq	40(%rcx),%rbx

	movq	%r8,%rax
	mulq	%rbx
	addq	%rax,%r15
	adcq	$0,%rdx
	movq	%r15,608(%rsp)

	movq	%rdx,%r10
	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r11
	adcq	$0,%rdx
	addq	%r10,%r11
	adcq	$0,%rdx
	movq	%r11,616(%rsp)

	movq	%rdx,%r12




	movq	%r8,%rbx

	movq	%r9,%rax
	mulq	%rbx
	addq	%rax,%r12
	adcq	$0,%rdx
	movq	%r12,624(%rsp)

	movq	%rdx,632(%rsp)


	movq	528(%rsp),%r10
	movq	536(%rsp),%r11
	movq	544(%rsp),%r12
	movq	552(%rsp),%r13
	movq	560(%rsp),%r14
	movq	568(%rsp),%r15

	movq	24(%rcx),%rax
	mulq	%rax
	movq	%rax,%rdi
	movq	%rdx,%r8

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	$0,%r8

	movq	0(%rcx),%rax
	mulq	%rax
	movq	%rax,520(%rsp)
	movq	%rdx,%rbx

	movq	8(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbx
	movq	%r10,528(%rsp)
	movq	%r11,536(%rsp)

	movq	16(%rcx),%rax
	mulq	%rax

	addq	%rbx,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbx

	movq	%r12,544(%rsp)
	movq	%r13,552(%rsp)

	xorq	%rbp,%rbp
	addq	%rbx,%r14
	adcq	%rdi,%r15
	adcq	$0,%rbp

	movq	%r14,560(%rsp)
	movq	%r15,568(%rsp)




	movq	576(%rsp),%r10
	movq	584(%rsp),%r11
	movq	592(%rsp),%r12
	movq	600(%rsp),%r13
	movq	608(%rsp),%r14
	movq	616(%rsp),%r15
	movq	624(%rsp),%rdi
	movq	632(%rsp),%rsi

	movq	%r9,%rax
	mulq	%rax
	movq	%rax,%r9
	movq	%rdx,%rbx

	addq	%r10,%r10
	adcq	%r11,%r11
	adcq	%r12,%r12
	adcq	%r13,%r13
	adcq	%r14,%r14
	adcq	%r15,%r15
	adcq	%rdi,%rdi
	adcq	%rsi,%rsi
	adcq	$0,%rbx

	addq	%rbp,%r10

	movq	32(%rcx),%rax
	mulq	%rax

	addq	%r8,%r10
	adcq	%rax,%r11
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r10,576(%rsp)
	movq	%r11,584(%rsp)

	movq	40(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r12
	adcq	%rax,%r13
	adcq	$0,%rdx

	movq	%rdx,%rbp

	movq	%r12,592(%rsp)
	movq	%r13,600(%rsp)

	movq	48(%rcx),%rax
	mulq	%rax

	addq	%rbp,%r14
	adcq	%rax,%r15
	adcq	$0,%rdx

	movq	%r14,608(%rsp)
	movq	%r15,616(%rsp)

	addq	%rdx,%rdi
	adcq	%r9,%rsi
	adcq	$0,%rbx

	movq	%rdi,624(%rsp)
	movq	%rsi,632(%rsp)
	movq	%rbx,640(%rsp)

	jmp	mont_reduce



.globl	_mod_exp_512

_mod_exp_512:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15


	movq	%rsp,%r8
	subq	$2688,%rsp
	andq	$-64,%rsp


	movq	%r8,0(%rsp)
	movq	%rdi,8(%rsp)
	movq	%rsi,16(%rsp)
	movq	%rcx,24(%rsp)
L$body:



	pxor	%xmm4,%xmm4
	movdqu	0(%rsi),%xmm0
	movdqu	16(%rsi),%xmm1
	movdqu	32(%rsi),%xmm2
	movdqu	48(%rsi),%xmm3
	movdqa	%xmm4,512(%rsp)
	movdqa	%xmm4,528(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,544(%rsp)
	movdqa	%xmm1,560(%rsp)
	movdqa	%xmm2,576(%rsp)
	movdqa	%xmm3,592(%rsp)


	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3

	leaq	384(%rsp),%rbx
	movq	%rbx,136(%rsp)
	call	mont_reduce


	leaq	448(%rsp),%rcx
	xorq	%rax,%rax
	movq	%rax,0(%rcx)
	movq	%rax,8(%rcx)
	movq	%rax,24(%rcx)
	movq	%rax,32(%rcx)
	movq	%rax,40(%rcx)
	movq	%rax,48(%rcx)
	movq	%rax,56(%rcx)
	movq	%rax,128(%rsp)
	movq	$1,16(%rcx)

	leaq	640(%rsp),%rbp
	movq	%rcx,%rsi
	movq	%rbp,%rdi
	movq	$8,%rax
loop_0:
	movq	(%rcx),%rbx
	movw	%bx,(%rdi)
	shrq	$16,%rbx
	movw	%bx,64(%rdi)
	shrq	$16,%rbx
	movw	%bx,128(%rdi)
	shrq	$16,%rbx
	movw	%bx,192(%rdi)
	leaq	8(%rcx),%rcx
	leaq	256(%rdi),%rdi
	decq	%rax
	jnz	loop_0
	movq	$31,%rax
	movq	%rax,32(%rsp)
	movq	%rbp,40(%rsp)

	movq	%rsi,136(%rsp)
	movq	0(%rsi),%r10
	movq	8(%rsi),%r11
	movq	16(%rsi),%r12
	movq	24(%rsi),%r13
	movq	32(%rsi),%r14
	movq	40(%rsi),%r15
	movq	48(%rsi),%r8
	movq	56(%rsi),%r9
init_loop:
	leaq	384(%rsp),%rdi
	call	mont_mul_a3b
	leaq	448(%rsp),%rsi
	movq	40(%rsp),%rbp
	addq	$2,%rbp
	movq	%rbp,40(%rsp)
	movq	%rsi,%rcx
	movq	$8,%rax
loop_1:
	movq	(%rcx),%rbx
	movw	%bx,(%rbp)
	shrq	$16,%rbx
	movw	%bx,64(%rbp)
	shrq	$16,%rbx
	movw	%bx,128(%rbp)
	shrq	$16,%rbx
	movw	%bx,192(%rbp)
	leaq	8(%rcx),%rcx
	leaq	256(%rbp),%rbp
	decq	%rax
	jnz	loop_1
	movq	32(%rsp),%rax
	subq	$1,%rax
	movq	%rax,32(%rsp)
	jne	init_loop



	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm1,80(%rsp)
	movdqa	%xmm2,96(%rsp)
	movdqa	%xmm3,112(%rsp)





	movl	126(%rsp),%eax
	movq	%rax,%rdx
	shrq	$11,%rax
	andl	$2047,%edx
	movl	%edx,126(%rsp)
	leaq	640(%rsp,%rax,2),%rsi
	movq	8(%rsp),%rdx
	movq	$4,%rbp
loop_2:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_2
	movq	$505,48(%rsp)

	movq	8(%rsp),%rcx
	movq	%rcx,136(%rsp)
	movq	0(%rcx),%r10
	movq	8(%rcx),%r11
	movq	16(%rcx),%r12
	movq	24(%rcx),%r13
	movq	32(%rcx),%r14
	movq	40(%rcx),%r15
	movq	48(%rcx),%r8
	movq	56(%rcx),%r9
	jmp	sqr_2

main_loop_a3b:
	call	sqr_reduce
	call	sqr_reduce
	call	sqr_reduce
sqr_2:
	call	sqr_reduce
	call	sqr_reduce



	movq	48(%rsp),%rcx
	movq	%rcx,%rax
	shrq	$4,%rax
	movl	64(%rsp,%rax,2),%edx
	andq	$15,%rcx
	shrq	%cl,%rdx
	andq	$31,%rdx

	leaq	640(%rsp,%rdx,2),%rsi
	leaq	448(%rsp),%rdx
	movq	%rdx,%rdi
	movq	$4,%rbp
loop_3:
	movzwq	192(%rsi),%rbx
	movzwq	448(%rsi),%rax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	128(%rsi),%bx
	movw	384(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	64(%rsi),%bx
	movw	320(%rsi),%ax
	shlq	$16,%rbx
	shlq	$16,%rax
	movw	0(%rsi),%bx
	movw	256(%rsi),%ax
	movq	%rbx,0(%rdx)
	movq	%rax,8(%rdx)
	leaq	512(%rsi),%rsi
	leaq	16(%rdx),%rdx
	subq	$1,%rbp
	jnz	loop_3
	movq	8(%rsp),%rsi
	call	mont_mul_a3b



	movq	48(%rsp),%rcx
	subq	$5,%rcx
	movq	%rcx,48(%rsp)
	jge	main_loop_a3b



end_main_loop_a3b:


	movq	8(%rsp),%rdx
	pxor	%xmm4,%xmm4
	movdqu	0(%rdx),%xmm0
	movdqu	16(%rdx),%xmm1
	movdqu	32(%rdx),%xmm2
	movdqu	48(%rdx),%xmm3
	movdqa	%xmm4,576(%rsp)
	movdqa	%xmm4,592(%rsp)
	movdqa	%xmm4,608(%rsp)
	movdqa	%xmm4,624(%rsp)
	movdqa	%xmm0,512(%rsp)
	movdqa	%xmm1,528(%rsp)
	movdqa	%xmm2,544(%rsp)
	movdqa	%xmm3,560(%rsp)
	call	mont_reduce



	movq	8(%rsp),%rax
	movq	0(%rax),%r8
	movq	8(%rax),%r9
	movq	16(%rax),%r10
	movq	24(%rax),%r11
	movq	32(%rax),%r12
	movq	40(%rax),%r13
	movq	48(%rax),%r14
	movq	56(%rax),%r15


	movq	24(%rsp),%rbx
	addq	$512,%rbx

	subq	0(%rbx),%r8
	sbbq	8(%rbx),%r9
	sbbq	16(%rbx),%r10
	sbbq	24(%rbx),%r11
	sbbq	32(%rbx),%r12
	sbbq	40(%rbx),%r13
	sbbq	48(%rbx),%r14
	sbbq	56(%rbx),%r15


	movq	0(%rax),%rsi
	movq	8(%rax),%rdi
	movq	16(%rax),%rcx
	movq	24(%rax),%rdx
	cmovncq	%r8,%rsi
	cmovncq	%r9,%rdi
	cmovncq	%r10,%rcx
	cmovncq	%r11,%rdx
	movq	%rsi,0(%rax)
	movq	%rdi,8(%rax)
	movq	%rcx,16(%rax)
	movq	%rdx,24(%rax)

	movq	32(%rax),%rsi
	movq	40(%rax),%rdi
	movq	48(%rax),%rcx
	movq	56(%rax),%rdx
	cmovncq	%r12,%rsi
	cmovncq	%r13,%rdi
	cmovncq	%r14,%rcx
	cmovncq	%r15,%rdx
	movq	%rsi,32(%rax)
	movq	%rdi,40(%rax)
	movq	%rcx,48(%rax)
	movq	%rdx,56(%rax)

	movq	0(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbx
	movq	40(%rsi),%rbp
	leaq	48(%rsi),%rsp
L$epilogue:
	.byte	0xf3,0xc3

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/mont-elf-x86_64.S.




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
#include "x86_arch.h"
.text	

.globl	bn_mul_mont
.type	bn_mul_mont,@function
.align	16
bn_mul_mont:
	testl	$3,%r9d
	jnz	.Lmul_enter
	cmpl	$8,%r9d
	jb	.Lmul_enter
	cmpq	%rsi,%rdx
	jne	.Lmul4x_enter
	jmp	.Lsqr4x_enter

.align	16
.Lmul_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	2(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
.Lmul_body:
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.L1st_enter

.align	16
.L1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.L1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.L1st

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	.Louter
.align	16
.Louter:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.Linner_enter

.align	16
.Linner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.Linner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.Linner

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	.Louter

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	.Lsub
.align	16
.Lsub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	.Lsub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.align	16
.Lcopy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	.Lcopy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul_mont,.-bn_mul_mont
.type	bn_mul4x_mont,@function
.align	16
bn_mul4x_mont:
.Lmul4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	4(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
.Lmul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	.L1st4x
.align	16
.L1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.L1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.align	4
.Louter4x:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	.Linner4x
.align	16
.Linner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.Linner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	.Louter4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	.Lsub4x
.align	16
.Lsub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	.Lsub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	.Lcopy4x
.align	16
.Lcopy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	.Lcopy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul4x_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul4x_mont,.-bn_mul4x_mont
.type	bn_sqr4x_mont,@function
.align	16
bn_sqr4x_mont:
.Lsqr4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	shll	$3,%r9d
	xorq	%r10,%r10
	movq	%rsp,%r11
	subq	%r9,%r10
	movq	(%r8),%r8
	leaq	-72(%rsp,%r10,2),%rsp
	andq	$-1024,%rsp











	movq	%rdi,32(%rsp)
	movq	%rcx,40(%rsp)
	movq	%r8,48(%rsp)
	movq	%r11,56(%rsp)
.Lsqr4x_body:







	leaq	32(%r10),%rbp
	leaq	(%rsi,%r9,1),%rsi

	movq	%r9,%rcx


	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	mulq	%r14
	movq	%rax,%r10
	movq	%rbx,%rax
	movq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx


	movq	8(%rsi,%rcx,1),%rbx
	mulq	%r15
	movq	%rax,%r12
	movq	%rbx,%rax
	movq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)
	jmp	.Lsqr4x_1st

.align	16
.Lsqr4x_1st:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,16(%rdi,%rcx,1)


	movq	24(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	32(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	.Lsqr4x_1st

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	leaq	16(%rbp),%rbp
	movq	%r12,8(%rdi)
	jmp	.Lsqr4x_outer

.align	16
.Lsqr4x_outer:
	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	movq	-24(%rdi,%rbp,1),%r10
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	addq	-16(%rdi,%rbp,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx
	xorq	%r12,%r12


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	leaq	16(%rcx),%rcx
	jmp	.Lsqr4x_inner

.align	16
.Lsqr4x_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	addq	(%rdi,%rcx,1),%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)

	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	.Lsqr4x_inner

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	addq	$16,%rbp
	jnz	.Lsqr4x_outer


	movq	-32(%rsi),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi),%rbx
	movq	%rax,%r15

	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi)

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi)

	movq	-8(%rsi),%rbx
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	$0,%rdx

	xorq	%r11,%r11
	addq	%r12,%r10
	movq	%rdx,%r13
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi)

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	-16(%rsi),%rax
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	mulq	%rbx
	addq	$16,%rbp
	xorq	%r14,%r14
	subq	%r9,%rbp
	xorq	%r15,%r15

	addq	%r12,%rax
	adcq	$0,%rdx
	movq	%rax,8(%rdi)
	movq	%rdx,16(%rdi)
	movq	%r15,24(%rdi)

	movq	-16(%rsi,%rbp,1),%rax
	leaq	64(%rsp,%r9,2),%rdi
	xorq	%r10,%r10
	movq	-24(%rdi,%rbp,2),%r11

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	leaq	16(%rbp),%rbp
	movq	%r8,-40(%rdi,%rbp,2)
	sbbq	%r15,%r15
	jmp	.Lsqr4x_shift_n_add

.align	16
.Lsqr4x_shift_n_add:
	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8

	leaq	(%r14,%r10,2),%r12
	movq	%r8,-8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	24(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	8(%rsi,%rbp,1),%rax
	movq	%r12,0(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	32(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	40(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	16(%rsi,%rbp,1),%rax
	movq	%rbx,16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	movq	%r8,24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	addq	$32,%rbp
	jnz	.Lsqr4x_shift_n_add

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi),%r11
	adcq	%rax,%r12
	movq	-8(%rsi),%rax
	movq	%r12,-32(%rdi)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	mulq	%rax
	negq	%r15
	adcq	%rax,%rbx
	adcq	%rdx,%r8
	movq	%rbx,-16(%rdi)
	movq	%r8,-8(%rdi)
	movq	40(%rsp),%rsi
	movq	48(%rsp),%r8
	xorq	%rcx,%rcx
	movq	%r9,0(%rsp)
	subq	%r9,%rcx
	movq	64(%rsp),%r10
	movq	%r8,%r14
	leaq	64(%rsp,%r9,2),%rax
	leaq	64(%rsp,%r9,1),%rdi
	movq	%rax,8(%rsp)
	leaq	(%rsi,%r9,1),%rsi
	xorq	%rbp,%rbp

	movq	0(%rsi,%rcx,1),%rax
	movq	8(%rsi,%rcx,1),%r9
	imulq	%r10,%r14
	movq	%rax,%rbx
	jmp	.Lsqr4x_mont_outer

.align	16
.Lsqr4x_mont_outer:
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11
	movq	%r8,%r15

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10

	imulq	%r11,%r15

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	jmp	.Lsqr4x_mont_inner

.align	16
.Lsqr4x_mont_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	8(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10


	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	cmpq	$0,%rcx
	jne	.Lsqr4x_mont_inner

	subq	0(%rsp),%rcx
	movq	%r8,%r14

	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%r9,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi)

	xorq	%r11,%r11
	addq	(%rdi),%r10
	adcq	$0,%r11
	movq	0(%rsi,%rcx,1),%rbx
	addq	%rbp,%r10
	adcq	$0,%r11

	imulq	16(%rdi,%rcx,1),%r14
	xorq	%r12,%r12
	movq	8(%rsi,%rcx,1),%r9
	addq	%r10,%r13
	movq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi)

	xorq	%rbp,%rbp
	addq	8(%rdi),%r12
	adcq	%rbp,%rbp
	addq	%r11,%r12
	leaq	16(%rdi),%rdi
	adcq	$0,%rbp
	movq	%r12,-8(%rdi)
	cmpq	8(%rsp),%rdi
	jb	.Lsqr4x_mont_outer

	movq	0(%rsp),%r9
	movq	%rbp,(%rdi)
	movq	64(%rsp,%r9,1),%rax
	leaq	64(%rsp,%r9,1),%rbx
	movq	40(%rsp),%rsi
	shrq	$5,%r9
	movq	8(%rbx),%rdx
	xorq	%rbp,%rbp

	movq	32(%rsp),%rdi
	subq	0(%rsi),%rax
	movq	16(%rbx),%r10
	movq	24(%rbx),%r11
	sbbq	8(%rsi),%rdx
	leaq	-1(%r9),%rcx
	jmp	.Lsqr4x_sub
.align	16
.Lsqr4x_sub:
	movq	%rax,0(%rdi,%rbp,8)
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	16(%rsi,%rbp,8),%r10
	movq	32(%rbx,%rbp,8),%rax
	movq	40(%rbx,%rbp,8),%rdx
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)
	movq	%r11,24(%rdi,%rbp,8)
	sbbq	32(%rsi,%rbp,8),%rax
	movq	48(%rbx,%rbp,8),%r10
	movq	56(%rbx,%rbp,8),%r11
	sbbq	40(%rsi,%rbp,8),%rdx
	leaq	4(%rbp),%rbp
	decq	%rcx
	jnz	.Lsqr4x_sub

	movq	%rax,0(%rdi,%rbp,8)
	movq	32(%rbx,%rbp,8),%rax
	sbbq	16(%rsi,%rbp,8),%r10
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)

	sbbq	$0,%rax
	movq	%r11,24(%rdi,%rbp,8)
	xorq	%rbp,%rbp
	andq	%rax,%rbx
	notq	%rax
	movq	%rdi,%rsi
	andq	%rax,%rsi
	leaq	-1(%r9),%rcx
	orq	%rsi,%rbx

	pxor	%xmm0,%xmm0
	leaq	64(%rsp,%r9,8),%rsi
	movdqu	(%rbx),%xmm1
	leaq	(%rsi,%r9,8),%rsi
	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm0,(%rsi)
	movdqu	%xmm1,(%rdi)
	jmp	.Lsqr4x_copy
.align	16
.Lsqr4x_copy:
	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqu	32(%rbx,%rbp,1),%xmm1
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,96(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqa	%xmm0,32(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movdqu	%xmm1,32(%rdi,%rbp,1)
	leaq	32(%rbp),%rbp
	decq	%rcx
	jnz	.Lsqr4x_copy

	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movq	56(%rsp),%rsi
	movq	$1,%rax
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lsqr4x_epilogue:
	.byte	0xf3,0xc3
.size	bn_sqr4x_mont,.-bn_sqr4x_mont
.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	16
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/bn/mont-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
.text	

.globl	bn_mul_mont
.type	bn_mul_mont,@function
.align	16
bn_mul_mont:
	testl	$3,%r9d
	jnz	.Lmul_enter
	cmpl	$8,%r9d
	jb	.Lmul_enter
	cmpq	%rsi,%rdx
	jne	.Lmul4x_enter
	jmp	.Lsqr4x_enter

.align	16
.Lmul_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	2(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
.Lmul_body:
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.L1st_enter

.align	16
.L1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.L1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.L1st

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	.Louter
.align	16
.Louter:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.Linner_enter

.align	16
.Linner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.Linner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.Linner

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	.Louter

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	.Lsub
.align	16
.Lsub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	.Lsub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.align	16
.Lcopy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	.Lcopy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul_mont,.-bn_mul_mont
.type	bn_mul4x_mont,@function
.align	16
bn_mul4x_mont:
.Lmul4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	4(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
.Lmul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	.L1st4x
.align	16
.L1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.L1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.align	4
.Louter4x:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	.Linner4x
.align	16
.Linner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.Linner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	.Louter4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	.Lsub4x
.align	16
.Lsub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	.Lsub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	.Lcopy4x
.align	16
.Lcopy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	.Lcopy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul4x_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul4x_mont,.-bn_mul4x_mont
.type	bn_sqr4x_mont,@function
.align	16
bn_sqr4x_mont:
.Lsqr4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	shll	$3,%r9d
	xorq	%r10,%r10
	movq	%rsp,%r11
	subq	%r9,%r10
	movq	(%r8),%r8
	leaq	-72(%rsp,%r10,2),%rsp
	andq	$-1024,%rsp











	movq	%rdi,32(%rsp)
	movq	%rcx,40(%rsp)
	movq	%r8,48(%rsp)
	movq	%r11,56(%rsp)
.Lsqr4x_body:







	leaq	32(%r10),%rbp
	leaq	(%rsi,%r9,1),%rsi

	movq	%r9,%rcx


	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	mulq	%r14
	movq	%rax,%r10
	movq	%rbx,%rax
	movq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx


	movq	8(%rsi,%rcx,1),%rbx
	mulq	%r15
	movq	%rax,%r12
	movq	%rbx,%rax
	movq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)
	jmp	.Lsqr4x_1st

.align	16
.Lsqr4x_1st:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,16(%rdi,%rcx,1)


	movq	24(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	32(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	.Lsqr4x_1st

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	leaq	16(%rbp),%rbp
	movq	%r12,8(%rdi)
	jmp	.Lsqr4x_outer

.align	16
.Lsqr4x_outer:
	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	movq	-24(%rdi,%rbp,1),%r10
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	addq	-16(%rdi,%rbp,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx
	xorq	%r12,%r12


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	leaq	16(%rcx),%rcx
	jmp	.Lsqr4x_inner

.align	16
.Lsqr4x_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	addq	(%rdi,%rcx,1),%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)

	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	.Lsqr4x_inner

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	addq	$16,%rbp
	jnz	.Lsqr4x_outer


	movq	-32(%rsi),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi),%rbx
	movq	%rax,%r15

	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi)

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi)

	movq	-8(%rsi),%rbx
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	$0,%rdx

	xorq	%r11,%r11
	addq	%r12,%r10
	movq	%rdx,%r13
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi)

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	-16(%rsi),%rax
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	mulq	%rbx
	addq	$16,%rbp
	xorq	%r14,%r14
	subq	%r9,%rbp
	xorq	%r15,%r15

	addq	%r12,%rax
	adcq	$0,%rdx
	movq	%rax,8(%rdi)
	movq	%rdx,16(%rdi)
	movq	%r15,24(%rdi)

	movq	-16(%rsi,%rbp,1),%rax
	leaq	64(%rsp,%r9,2),%rdi
	xorq	%r10,%r10
	movq	-24(%rdi,%rbp,2),%r11

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	leaq	16(%rbp),%rbp
	movq	%r8,-40(%rdi,%rbp,2)
	sbbq	%r15,%r15
	jmp	.Lsqr4x_shift_n_add

.align	16
.Lsqr4x_shift_n_add:
	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8

	leaq	(%r14,%r10,2),%r12
	movq	%r8,-8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	24(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	8(%rsi,%rbp,1),%rax
	movq	%r12,0(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	32(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	40(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	16(%rsi,%rbp,1),%rax
	movq	%rbx,16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	movq	%r8,24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	addq	$32,%rbp
	jnz	.Lsqr4x_shift_n_add

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi),%r11
	adcq	%rax,%r12
	movq	-8(%rsi),%rax
	movq	%r12,-32(%rdi)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	mulq	%rax
	negq	%r15
	adcq	%rax,%rbx
	adcq	%rdx,%r8
	movq	%rbx,-16(%rdi)
	movq	%r8,-8(%rdi)
	movq	40(%rsp),%rsi
	movq	48(%rsp),%r8
	xorq	%rcx,%rcx
	movq	%r9,0(%rsp)
	subq	%r9,%rcx
	movq	64(%rsp),%r10
	movq	%r8,%r14
	leaq	64(%rsp,%r9,2),%rax
	leaq	64(%rsp,%r9,1),%rdi
	movq	%rax,8(%rsp)
	leaq	(%rsi,%r9,1),%rsi
	xorq	%rbp,%rbp

	movq	0(%rsi,%rcx,1),%rax
	movq	8(%rsi,%rcx,1),%r9
	imulq	%r10,%r14
	movq	%rax,%rbx
	jmp	.Lsqr4x_mont_outer

.align	16
.Lsqr4x_mont_outer:
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11
	movq	%r8,%r15

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10

	imulq	%r11,%r15

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	jmp	.Lsqr4x_mont_inner

.align	16
.Lsqr4x_mont_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	8(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10


	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	cmpq	$0,%rcx
	jne	.Lsqr4x_mont_inner

	subq	0(%rsp),%rcx
	movq	%r8,%r14

	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%r9,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi)

	xorq	%r11,%r11
	addq	(%rdi),%r10
	adcq	$0,%r11
	movq	0(%rsi,%rcx,1),%rbx
	addq	%rbp,%r10
	adcq	$0,%r11

	imulq	16(%rdi,%rcx,1),%r14
	xorq	%r12,%r12
	movq	8(%rsi,%rcx,1),%r9
	addq	%r10,%r13
	movq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi)

	xorq	%rbp,%rbp
	addq	8(%rdi),%r12
	adcq	%rbp,%rbp
	addq	%r11,%r12
	leaq	16(%rdi),%rdi
	adcq	$0,%rbp
	movq	%r12,-8(%rdi)
	cmpq	8(%rsp),%rdi
	jb	.Lsqr4x_mont_outer

	movq	0(%rsp),%r9
	movq	%rbp,(%rdi)
	movq	64(%rsp,%r9,1),%rax
	leaq	64(%rsp,%r9,1),%rbx
	movq	40(%rsp),%rsi
	shrq	$5,%r9
	movq	8(%rbx),%rdx
	xorq	%rbp,%rbp

	movq	32(%rsp),%rdi
	subq	0(%rsi),%rax
	movq	16(%rbx),%r10
	movq	24(%rbx),%r11
	sbbq	8(%rsi),%rdx
	leaq	-1(%r9),%rcx
	jmp	.Lsqr4x_sub
.align	16
.Lsqr4x_sub:
	movq	%rax,0(%rdi,%rbp,8)
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	16(%rsi,%rbp,8),%r10
	movq	32(%rbx,%rbp,8),%rax
	movq	40(%rbx,%rbp,8),%rdx
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)
	movq	%r11,24(%rdi,%rbp,8)
	sbbq	32(%rsi,%rbp,8),%rax
	movq	48(%rbx,%rbp,8),%r10
	movq	56(%rbx,%rbp,8),%r11
	sbbq	40(%rsi,%rbp,8),%rdx
	leaq	4(%rbp),%rbp
	decq	%rcx
	jnz	.Lsqr4x_sub

	movq	%rax,0(%rdi,%rbp,8)
	movq	32(%rbx,%rbp,8),%rax
	sbbq	16(%rsi,%rbp,8),%r10
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)

	sbbq	$0,%rax
	movq	%r11,24(%rdi,%rbp,8)
	xorq	%rbp,%rbp
	andq	%rax,%rbx
	notq	%rax
	movq	%rdi,%rsi
	andq	%rax,%rsi
	leaq	-1(%r9),%rcx
	orq	%rsi,%rbx

	pxor	%xmm0,%xmm0
	leaq	64(%rsp,%r9,8),%rsi
	movdqu	(%rbx),%xmm1
	leaq	(%rsi,%r9,8),%rsi
	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm0,(%rsi)
	movdqu	%xmm1,(%rdi)
	jmp	.Lsqr4x_copy
.align	16
.Lsqr4x_copy:
	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqu	32(%rbx,%rbp,1),%xmm1
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,96(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqa	%xmm0,32(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movdqu	%xmm1,32(%rdi,%rbp,1)
	leaq	32(%rbp),%rbp
	decq	%rcx
	jnz	.Lsqr4x_copy

	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movq	56(%rsp),%rsi
	movq	$1,%rax
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lsqr4x_epilogue:
	.byte	0xf3,0xc3
.size	bn_sqr4x_mont,.-bn_sqr4x_mont
.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	16
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/mont-macosx-x86_64.S.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
#include "x86_arch.h"
.text	

.globl	_bn_mul_mont

.p2align	4
_bn_mul_mont:
	testl	$3,%r9d
	jnz	L$mul_enter
	cmpl	$8,%r9d
	jb	L$mul_enter
	cmpq	%rsi,%rdx
	jne	L$mul4x_enter
	jmp	L$sqr4x_enter

.p2align	4
L$mul_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	2(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
L$mul_body:
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$1st_enter

.p2align	4
L$1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$1st

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	L$outer
.p2align	4
L$outer:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$inner_enter

.p2align	4
L$inner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$inner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$inner

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	L$outer

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	L$sub
.p2align	4
L$sub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	L$sub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.p2align	4
L$copy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	L$copy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul_epilogue:
	.byte	0xf3,0xc3


.p2align	4
bn_mul4x_mont:
L$mul4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	4(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
L$mul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	L$1st4x
.p2align	4
L$1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.p2align	2
L$outer4x:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	L$inner4x
.p2align	4
L$inner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$inner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	L$outer4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	L$sub4x
.p2align	4
L$sub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	L$sub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	L$copy4x
.p2align	4
L$copy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	L$copy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul4x_epilogue:
	.byte	0xf3,0xc3


.p2align	4
bn_sqr4x_mont:
L$sqr4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	shll	$3,%r9d
	xorq	%r10,%r10
	movq	%rsp,%r11
	subq	%r9,%r10
	movq	(%r8),%r8
	leaq	-72(%rsp,%r10,2),%rsp
	andq	$-1024,%rsp











	movq	%rdi,32(%rsp)
	movq	%rcx,40(%rsp)
	movq	%r8,48(%rsp)
	movq	%r11,56(%rsp)
L$sqr4x_body:







	leaq	32(%r10),%rbp
	leaq	(%rsi,%r9,1),%rsi

	movq	%r9,%rcx


	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	mulq	%r14
	movq	%rax,%r10
	movq	%rbx,%rax
	movq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx


	movq	8(%rsi,%rcx,1),%rbx
	mulq	%r15
	movq	%rax,%r12
	movq	%rbx,%rax
	movq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)
	jmp	L$sqr4x_1st

.p2align	4
L$sqr4x_1st:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,16(%rdi,%rcx,1)


	movq	24(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	32(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	L$sqr4x_1st

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	leaq	16(%rbp),%rbp
	movq	%r12,8(%rdi)
	jmp	L$sqr4x_outer

.p2align	4
L$sqr4x_outer:
	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	movq	-24(%rdi,%rbp,1),%r10
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	addq	-16(%rdi,%rbp,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx
	xorq	%r12,%r12


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	leaq	16(%rcx),%rcx
	jmp	L$sqr4x_inner

.p2align	4
L$sqr4x_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	addq	(%rdi,%rcx,1),%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)

	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	L$sqr4x_inner

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	addq	$16,%rbp
	jnz	L$sqr4x_outer


	movq	-32(%rsi),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi),%rbx
	movq	%rax,%r15

	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi)

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi)

	movq	-8(%rsi),%rbx
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	$0,%rdx

	xorq	%r11,%r11
	addq	%r12,%r10
	movq	%rdx,%r13
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi)

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	-16(%rsi),%rax
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	mulq	%rbx
	addq	$16,%rbp
	xorq	%r14,%r14
	subq	%r9,%rbp
	xorq	%r15,%r15

	addq	%r12,%rax
	adcq	$0,%rdx
	movq	%rax,8(%rdi)
	movq	%rdx,16(%rdi)
	movq	%r15,24(%rdi)

	movq	-16(%rsi,%rbp,1),%rax
	leaq	64(%rsp,%r9,2),%rdi
	xorq	%r10,%r10
	movq	-24(%rdi,%rbp,2),%r11

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	leaq	16(%rbp),%rbp
	movq	%r8,-40(%rdi,%rbp,2)
	sbbq	%r15,%r15
	jmp	L$sqr4x_shift_n_add

.p2align	4
L$sqr4x_shift_n_add:
	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8

	leaq	(%r14,%r10,2),%r12
	movq	%r8,-8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	24(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	8(%rsi,%rbp,1),%rax
	movq	%r12,0(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	32(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	40(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	16(%rsi,%rbp,1),%rax
	movq	%rbx,16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	movq	%r8,24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	addq	$32,%rbp
	jnz	L$sqr4x_shift_n_add

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi),%r11
	adcq	%rax,%r12
	movq	-8(%rsi),%rax
	movq	%r12,-32(%rdi)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	mulq	%rax
	negq	%r15
	adcq	%rax,%rbx
	adcq	%rdx,%r8
	movq	%rbx,-16(%rdi)
	movq	%r8,-8(%rdi)
	movq	40(%rsp),%rsi
	movq	48(%rsp),%r8
	xorq	%rcx,%rcx
	movq	%r9,0(%rsp)
	subq	%r9,%rcx
	movq	64(%rsp),%r10
	movq	%r8,%r14
	leaq	64(%rsp,%r9,2),%rax
	leaq	64(%rsp,%r9,1),%rdi
	movq	%rax,8(%rsp)
	leaq	(%rsi,%r9,1),%rsi
	xorq	%rbp,%rbp

	movq	0(%rsi,%rcx,1),%rax
	movq	8(%rsi,%rcx,1),%r9
	imulq	%r10,%r14
	movq	%rax,%rbx
	jmp	L$sqr4x_mont_outer

.p2align	4
L$sqr4x_mont_outer:
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11
	movq	%r8,%r15

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10

	imulq	%r11,%r15

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	jmp	L$sqr4x_mont_inner

.p2align	4
L$sqr4x_mont_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	8(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10


	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	cmpq	$0,%rcx
	jne	L$sqr4x_mont_inner

	subq	0(%rsp),%rcx
	movq	%r8,%r14

	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%r9,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi)

	xorq	%r11,%r11
	addq	(%rdi),%r10
	adcq	$0,%r11
	movq	0(%rsi,%rcx,1),%rbx
	addq	%rbp,%r10
	adcq	$0,%r11

	imulq	16(%rdi,%rcx,1),%r14
	xorq	%r12,%r12
	movq	8(%rsi,%rcx,1),%r9
	addq	%r10,%r13
	movq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi)

	xorq	%rbp,%rbp
	addq	8(%rdi),%r12
	adcq	%rbp,%rbp
	addq	%r11,%r12
	leaq	16(%rdi),%rdi
	adcq	$0,%rbp
	movq	%r12,-8(%rdi)
	cmpq	8(%rsp),%rdi
	jb	L$sqr4x_mont_outer

	movq	0(%rsp),%r9
	movq	%rbp,(%rdi)
	movq	64(%rsp,%r9,1),%rax
	leaq	64(%rsp,%r9,1),%rbx
	movq	40(%rsp),%rsi
	shrq	$5,%r9
	movq	8(%rbx),%rdx
	xorq	%rbp,%rbp

	movq	32(%rsp),%rdi
	subq	0(%rsi),%rax
	movq	16(%rbx),%r10
	movq	24(%rbx),%r11
	sbbq	8(%rsi),%rdx
	leaq	-1(%r9),%rcx
	jmp	L$sqr4x_sub
.p2align	4
L$sqr4x_sub:
	movq	%rax,0(%rdi,%rbp,8)
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	16(%rsi,%rbp,8),%r10
	movq	32(%rbx,%rbp,8),%rax
	movq	40(%rbx,%rbp,8),%rdx
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)
	movq	%r11,24(%rdi,%rbp,8)
	sbbq	32(%rsi,%rbp,8),%rax
	movq	48(%rbx,%rbp,8),%r10
	movq	56(%rbx,%rbp,8),%r11
	sbbq	40(%rsi,%rbp,8),%rdx
	leaq	4(%rbp),%rbp
	decq	%rcx
	jnz	L$sqr4x_sub

	movq	%rax,0(%rdi,%rbp,8)
	movq	32(%rbx,%rbp,8),%rax
	sbbq	16(%rsi,%rbp,8),%r10
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)

	sbbq	$0,%rax
	movq	%r11,24(%rdi,%rbp,8)
	xorq	%rbp,%rbp
	andq	%rax,%rbx
	notq	%rax
	movq	%rdi,%rsi
	andq	%rax,%rsi
	leaq	-1(%r9),%rcx
	orq	%rsi,%rbx

	pxor	%xmm0,%xmm0
	leaq	64(%rsp,%r9,8),%rsi
	movdqu	(%rbx),%xmm1
	leaq	(%rsi,%r9,8),%rsi
	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm0,(%rsi)
	movdqu	%xmm1,(%rdi)
	jmp	L$sqr4x_copy
.p2align	4
L$sqr4x_copy:
	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqu	32(%rbx,%rbp,1),%xmm1
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,96(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqa	%xmm0,32(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movdqu	%xmm1,32(%rdi,%rbp,1)
	leaq	32(%rbp),%rbp
	decq	%rcx
	jnz	L$sqr4x_copy

	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movq	56(%rsp),%rsi
	movq	$1,%rax
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$sqr4x_epilogue:
	.byte	0xf3,0xc3

.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	4
Deleted jni/libressl/crypto/bn/mont-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
.text	

.globl	_bn_mul_mont

.p2align	4
_bn_mul_mont:
	testl	$3,%r9d
	jnz	L$mul_enter
	cmpl	$8,%r9d
	jb	L$mul_enter
	cmpq	%rsi,%rdx
	jne	L$mul4x_enter
	jmp	L$sqr4x_enter

.p2align	4
L$mul_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	2(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
L$mul_body:
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$1st_enter

.p2align	4
L$1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$1st

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	L$outer
.p2align	4
L$outer:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$inner_enter

.p2align	4
L$inner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$inner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$inner

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	L$outer

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	L$sub
.p2align	4
L$sub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	L$sub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.p2align	4
L$copy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	L$copy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul_epilogue:
	.byte	0xf3,0xc3


.p2align	4
bn_mul4x_mont:
L$mul4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movl	%r9d,%r9d
	leaq	4(%r9),%r10
	movq	%rsp,%r11
	negq	%r10
	leaq	(%rsp,%r10,8),%rsp
	andq	$-1024,%rsp

	movq	%r11,8(%rsp,%r9,8)
L$mul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	movq	%rdx,%r12
	movq	(%r8),%r8
	movq	(%r12),%rbx
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	L$1st4x
.p2align	4
L$1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.p2align	2
L$outer4x:
	movq	(%r12,%r14,8),%rbx
	xorq	%r15,%r15
	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	L$inner4x
.p2align	4
L$inner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$inner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	L$outer4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	L$sub4x
.p2align	4
L$sub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	L$sub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	L$copy4x
.p2align	4
L$copy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	L$copy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul4x_epilogue:
	.byte	0xf3,0xc3


.p2align	4
bn_sqr4x_mont:
L$sqr4x_enter:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	shll	$3,%r9d
	xorq	%r10,%r10
	movq	%rsp,%r11
	subq	%r9,%r10
	movq	(%r8),%r8
	leaq	-72(%rsp,%r10,2),%rsp
	andq	$-1024,%rsp











	movq	%rdi,32(%rsp)
	movq	%rcx,40(%rsp)
	movq	%r8,48(%rsp)
	movq	%r11,56(%rsp)
L$sqr4x_body:







	leaq	32(%r10),%rbp
	leaq	(%rsi,%r9,1),%rsi

	movq	%r9,%rcx


	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	mulq	%r14
	movq	%rax,%r10
	movq	%rbx,%rax
	movq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx


	movq	8(%rsi,%rcx,1),%rbx
	mulq	%r15
	movq	%rax,%r12
	movq	%rbx,%rax
	movq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)
	jmp	L$sqr4x_1st

.p2align	4
L$sqr4x_1st:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,16(%rdi,%rcx,1)


	movq	24(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	32(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	L$sqr4x_1st

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	leaq	16(%rbp),%rbp
	movq	%r12,8(%rdi)
	jmp	L$sqr4x_outer

.p2align	4
L$sqr4x_outer:
	movq	-32(%rsi,%rbp,1),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi,%rbp,1),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi,%rbp,1),%rbx
	movq	%rax,%r15

	movq	-24(%rdi,%rbp,1),%r10
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi,%rbp,1)

	xorq	%r10,%r10
	addq	-16(%rdi,%rbp,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi,%rbp,1)

	leaq	-16(%rbp),%rcx
	xorq	%r12,%r12


	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,8(%rdi,%rcx,1)

	leaq	16(%rcx),%rcx
	jmp	L$sqr4x_inner

.p2align	4
L$sqr4x_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r12,%r12
	addq	(%rdi,%rcx,1),%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,(%rdi,%rcx,1)

	movq	8(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	8(%rdi,%rcx,1),%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13

	xorq	%r11,%r11
	addq	%r12,%r10
	leaq	16(%rcx),%rcx
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi,%rcx,1)

	cmpq	$0,%rcx
	jne	L$sqr4x_inner

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	addq	$16,%rbp
	jnz	L$sqr4x_outer


	movq	-32(%rsi),%r14
	leaq	64(%rsp,%r9,2),%rdi
	movq	-24(%rsi),%rax
	leaq	-32(%rdi,%rbp,1),%rdi
	movq	-16(%rsi),%rbx
	movq	%rax,%r15

	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-24(%rdi)

	xorq	%r10,%r10
	addq	%r13,%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	movq	%r11,-16(%rdi)

	movq	-8(%rsi),%rbx
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	$0,%rdx

	xorq	%r11,%r11
	addq	%r12,%r10
	movq	%rdx,%r13
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%rbx,%rax
	adcq	%rdx,%r11
	movq	%r10,-8(%rdi)

	xorq	%r12,%r12
	addq	%r11,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	-16(%rsi),%rax
	adcq	%rdx,%r12

	movq	%r13,(%rdi)
	movq	%r12,8(%rdi)

	mulq	%rbx
	addq	$16,%rbp
	xorq	%r14,%r14
	subq	%r9,%rbp
	xorq	%r15,%r15

	addq	%r12,%rax
	adcq	$0,%rdx
	movq	%rax,8(%rdi)
	movq	%rdx,16(%rdi)
	movq	%r15,24(%rdi)

	movq	-16(%rsi,%rbp,1),%rax
	leaq	64(%rsp,%r9,2),%rdi
	xorq	%r10,%r10
	movq	-24(%rdi,%rbp,2),%r11

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	leaq	16(%rbp),%rbp
	movq	%r8,-40(%rdi,%rbp,2)
	sbbq	%r15,%r15
	jmp	L$sqr4x_shift_n_add

.p2align	4
L$sqr4x_shift_n_add:
	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	-8(%rsi,%rbp,1),%rax
	movq	%r12,-32(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	0(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	8(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	0(%rsi,%rbp,1),%rax
	movq	%rbx,-16(%rdi,%rbp,2)
	adcq	%rdx,%r8

	leaq	(%r14,%r10,2),%r12
	movq	%r8,-8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	16(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	24(%rdi,%rbp,2),%r11
	adcq	%rax,%r12
	movq	8(%rsi,%rbp,1),%rax
	movq	%r12,0(%rdi,%rbp,2)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,8(%rdi,%rbp,2)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	movq	32(%rdi,%rbp,2),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	40(%rdi,%rbp,2),%r11
	adcq	%rax,%rbx
	movq	16(%rsi,%rbp,1),%rax
	movq	%rbx,16(%rdi,%rbp,2)
	adcq	%rdx,%r8
	movq	%r8,24(%rdi,%rbp,2)
	sbbq	%r15,%r15
	addq	$32,%rbp
	jnz	L$sqr4x_shift_n_add

	leaq	(%r14,%r10,2),%r12
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r13
	shrq	$63,%r11
	orq	%r10,%r13
	movq	-16(%rdi),%r10
	movq	%r11,%r14
	mulq	%rax
	negq	%r15
	movq	-8(%rdi),%r11
	adcq	%rax,%r12
	movq	-8(%rsi),%rax
	movq	%r12,-32(%rdi)
	adcq	%rdx,%r13

	leaq	(%r14,%r10,2),%rbx
	movq	%r13,-24(%rdi)
	sbbq	%r15,%r15
	shrq	$63,%r10
	leaq	(%rcx,%r11,2),%r8
	shrq	$63,%r11
	orq	%r10,%r8
	mulq	%rax
	negq	%r15
	adcq	%rax,%rbx
	adcq	%rdx,%r8
	movq	%rbx,-16(%rdi)
	movq	%r8,-8(%rdi)
	movq	40(%rsp),%rsi
	movq	48(%rsp),%r8
	xorq	%rcx,%rcx
	movq	%r9,0(%rsp)
	subq	%r9,%rcx
	movq	64(%rsp),%r10
	movq	%r8,%r14
	leaq	64(%rsp,%r9,2),%rax
	leaq	64(%rsp,%r9,1),%rdi
	movq	%rax,8(%rsp)
	leaq	(%rsi,%r9,1),%rsi
	xorq	%rbp,%rbp

	movq	0(%rsi,%rcx,1),%rax
	movq	8(%rsi,%rcx,1),%r9
	imulq	%r10,%r14
	movq	%rax,%rbx
	jmp	L$sqr4x_mont_outer

.p2align	4
L$sqr4x_mont_outer:
	xorq	%r11,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11
	movq	%r8,%r15

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10

	imulq	%r11,%r15

	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	jmp	L$sqr4x_mont_inner

.p2align	4
L$sqr4x_mont_inner:
	movq	(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	8(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	8(%rdi,%rcx,1),%r11
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10


	movq	16(%rsi,%rcx,1),%rbx
	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%rbx,%rax
	adcq	%rdx,%r13
	movq	%r12,8(%rdi,%rcx,1)

	xorq	%r11,%r11
	addq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r11
	mulq	%r14
	addq	%rax,%r10
	movq	%r9,%rax
	adcq	%rdx,%r11

	movq	24(%rsi,%rcx,1),%r9
	xorq	%r12,%r12
	addq	%r10,%r13
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%r9,%rax
	adcq	%rdx,%r12
	movq	%r13,16(%rdi,%rcx,1)

	xorq	%r10,%r10
	addq	24(%rdi,%rcx,1),%r11
	leaq	32(%rcx),%rcx
	adcq	$0,%r10
	mulq	%r14
	addq	%rax,%r11
	movq	%rbx,%rax
	adcq	%rdx,%r10
	cmpq	$0,%rcx
	jne	L$sqr4x_mont_inner

	subq	0(%rsp),%rcx
	movq	%r8,%r14

	xorq	%r13,%r13
	addq	%r11,%r12
	adcq	$0,%r13
	mulq	%r15
	addq	%rax,%r12
	movq	%r9,%rax
	adcq	%rdx,%r13
	movq	%r12,-8(%rdi)

	xorq	%r11,%r11
	addq	(%rdi),%r10
	adcq	$0,%r11
	movq	0(%rsi,%rcx,1),%rbx
	addq	%rbp,%r10
	adcq	$0,%r11

	imulq	16(%rdi,%rcx,1),%r14
	xorq	%r12,%r12
	movq	8(%rsi,%rcx,1),%r9
	addq	%r10,%r13
	movq	16(%rdi,%rcx,1),%r10
	adcq	$0,%r12
	mulq	%r15
	addq	%rax,%r13
	movq	%rbx,%rax
	adcq	%rdx,%r12
	movq	%r13,(%rdi)

	xorq	%rbp,%rbp
	addq	8(%rdi),%r12
	adcq	%rbp,%rbp
	addq	%r11,%r12
	leaq	16(%rdi),%rdi
	adcq	$0,%rbp
	movq	%r12,-8(%rdi)
	cmpq	8(%rsp),%rdi
	jb	L$sqr4x_mont_outer

	movq	0(%rsp),%r9
	movq	%rbp,(%rdi)
	movq	64(%rsp,%r9,1),%rax
	leaq	64(%rsp,%r9,1),%rbx
	movq	40(%rsp),%rsi
	shrq	$5,%r9
	movq	8(%rbx),%rdx
	xorq	%rbp,%rbp

	movq	32(%rsp),%rdi
	subq	0(%rsi),%rax
	movq	16(%rbx),%r10
	movq	24(%rbx),%r11
	sbbq	8(%rsi),%rdx
	leaq	-1(%r9),%rcx
	jmp	L$sqr4x_sub
.p2align	4
L$sqr4x_sub:
	movq	%rax,0(%rdi,%rbp,8)
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	16(%rsi,%rbp,8),%r10
	movq	32(%rbx,%rbp,8),%rax
	movq	40(%rbx,%rbp,8),%rdx
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)
	movq	%r11,24(%rdi,%rbp,8)
	sbbq	32(%rsi,%rbp,8),%rax
	movq	48(%rbx,%rbp,8),%r10
	movq	56(%rbx,%rbp,8),%r11
	sbbq	40(%rsi,%rbp,8),%rdx
	leaq	4(%rbp),%rbp
	decq	%rcx
	jnz	L$sqr4x_sub

	movq	%rax,0(%rdi,%rbp,8)
	movq	32(%rbx,%rbp,8),%rax
	sbbq	16(%rsi,%rbp,8),%r10
	movq	%rdx,8(%rdi,%rbp,8)
	sbbq	24(%rsi,%rbp,8),%r11
	movq	%r10,16(%rdi,%rbp,8)

	sbbq	$0,%rax
	movq	%r11,24(%rdi,%rbp,8)
	xorq	%rbp,%rbp
	andq	%rax,%rbx
	notq	%rax
	movq	%rdi,%rsi
	andq	%rax,%rsi
	leaq	-1(%r9),%rcx
	orq	%rsi,%rbx

	pxor	%xmm0,%xmm0
	leaq	64(%rsp,%r9,8),%rsi
	movdqu	(%rbx),%xmm1
	leaq	(%rsi,%r9,8),%rsi
	movdqa	%xmm0,64(%rsp)
	movdqa	%xmm0,(%rsi)
	movdqu	%xmm1,(%rdi)
	jmp	L$sqr4x_copy
.p2align	4
L$sqr4x_copy:
	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqu	32(%rbx,%rbp,1),%xmm1
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,96(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqa	%xmm0,32(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movdqu	%xmm1,32(%rdi,%rbp,1)
	leaq	32(%rbp),%rbp
	decq	%rcx
	jnz	L$sqr4x_copy

	movdqu	16(%rbx,%rbp,1),%xmm2
	movdqa	%xmm0,80(%rsp,%rbp,1)
	movdqa	%xmm0,16(%rsi,%rbp,1)
	movdqu	%xmm2,16(%rdi,%rbp,1)
	movq	56(%rsp),%rsi
	movq	$1,%rax
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$sqr4x_epilogue:
	.byte	0xf3,0xc3

.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	4
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/mont5-elf-x86_64.S.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
#include "x86_arch.h"
.text	

.globl	bn_mul_mont_gather5
.type	bn_mul_mont_gather5,@function
.align	64
bn_mul_mont_gather5:
	testl	$3,%r9d
	jnz	.Lmul_enter
	cmpl	$8,%r9d
	jb	.Lmul_enter
	jmp	.Lmul4x_enter

.align	16
.Lmul_enter:
	movl	%r9d,%r9d
	movd	8(%rsp),%xmm5
	leaq	.Linc(%rip),%r10
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

.Lmul_alloca:
	movq	%rsp,%rax
	leaq	2(%r9),%r11
	negq	%r11
	leaq	-264(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
.Lmul_body:
	leaq	128(%rdx),%r12
	movdqa	0(%r10),%xmm0
	movdqa	16(%r10),%xmm1
	leaq	24-112(%rsp,%r9,8),%r10
	andq	$-16,%r10

	pshufd	$0,%xmm5,%xmm5
	movdqa	%xmm1,%xmm4
	movdqa	%xmm1,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
.byte	0x67
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,112(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,128(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,144(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,160(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,176(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,192(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,208(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,224(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,240(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,256(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,272(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,288(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,304(%r10)

	paddd	%xmm2,%xmm3
.byte	0x67
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,320(%r10)

	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,336(%r10)
	pand	64(%r12),%xmm0

	pand	80(%r12),%xmm1
	pand	96(%r12),%xmm2
	movdqa	%xmm3,352(%r10)
	pand	112(%r12),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-128(%r12),%xmm4
	movdqa	-112(%r12),%xmm5
	movdqa	-96(%r12),%xmm2
	pand	112(%r10),%xmm4
	movdqa	-80(%r12),%xmm3
	pand	128(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	144(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	160(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-64(%r12),%xmm4
	movdqa	-48(%r12),%xmm5
	movdqa	-32(%r12),%xmm2
	pand	176(%r10),%xmm4
	movdqa	-16(%r12),%xmm3
	pand	192(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	208(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	224(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	0(%r12),%xmm4
	movdqa	16(%r12),%xmm5
	movdqa	32(%r12),%xmm2
	pand	240(%r10),%xmm4
	movdqa	48(%r12),%xmm3
	pand	256(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	272(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	288(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	por	%xmm1,%xmm0
	pshufd	$78,%xmm0,%xmm1
	por	%xmm1,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.L1st_enter

.align	16
.L1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.L1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.L1st

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	.Louter
.align	16
.Louter:
	leaq	24+128(%rsp,%r9,8),%rdx
	andq	$-16,%rdx
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	movdqa	-128(%r12),%xmm0
	movdqa	-112(%r12),%xmm1
	movdqa	-96(%r12),%xmm2
	movdqa	-80(%r12),%xmm3
	pand	-128(%rdx),%xmm0
	pand	-112(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-80(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	-64(%r12),%xmm0
	movdqa	-48(%r12),%xmm1
	movdqa	-32(%r12),%xmm2
	movdqa	-16(%r12),%xmm3
	pand	-64(%rdx),%xmm0
	pand	-48(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-16(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	0(%r12),%xmm0
	movdqa	16(%r12),%xmm1
	movdqa	32(%r12),%xmm2
	movdqa	48(%r12),%xmm3
	pand	0(%rdx),%xmm0
	pand	16(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	48(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	64(%r12),%xmm0
	movdqa	80(%r12),%xmm1
	movdqa	96(%r12),%xmm2
	movdqa	112(%r12),%xmm3
	pand	64(%rdx),%xmm0
	pand	80(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	112(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	por	%xmm5,%xmm4
	pshufd	$78,%xmm4,%xmm0
	por	%xmm4,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.Linner_enter

.align	16
.Linner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.Linner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.Linner

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	.Louter

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	.Lsub
.align	16
.Lsub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	.Lsub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.align	16
.Lcopy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	.Lcopy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
.type	bn_mul4x_mont_gather5,@function
.align	16
bn_mul4x_mont_gather5:
.Lmul4x_enter:
	movl	%r9d,%r9d
	movd	8(%rsp),%xmm5
	leaq	.Linc(%rip),%r10
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

.Lmul4x_alloca:
	movq	%rsp,%rax
	leaq	4(%r9),%r11
	negq	%r11
	leaq	-256(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
.Lmul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	leaq	128(%rdx),%r12
	movdqa	0(%r10),%xmm0
	movdqa	16(%r10),%xmm1
	leaq	32-112(%rsp,%r9,8),%r10

	pshufd	$0,%xmm5,%xmm5
	movdqa	%xmm1,%xmm4
.byte	0x67,0x67
	movdqa	%xmm1,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
.byte	0x67
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,112(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,128(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,144(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,160(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,176(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,192(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,208(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,224(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,240(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,256(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,272(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,288(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,304(%r10)

	paddd	%xmm2,%xmm3
.byte	0x67
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,320(%r10)

	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,336(%r10)
	pand	64(%r12),%xmm0

	pand	80(%r12),%xmm1
	pand	96(%r12),%xmm2
	movdqa	%xmm3,352(%r10)
	pand	112(%r12),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-128(%r12),%xmm4
	movdqa	-112(%r12),%xmm5
	movdqa	-96(%r12),%xmm2
	pand	112(%r10),%xmm4
	movdqa	-80(%r12),%xmm3
	pand	128(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	144(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	160(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-64(%r12),%xmm4
	movdqa	-48(%r12),%xmm5
	movdqa	-32(%r12),%xmm2
	pand	176(%r10),%xmm4
	movdqa	-16(%r12),%xmm3
	pand	192(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	208(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	224(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	0(%r12),%xmm4
	movdqa	16(%r12),%xmm5
	movdqa	32(%r12),%xmm2
	pand	240(%r10),%xmm4
	movdqa	48(%r12),%xmm3
	pand	256(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	272(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	288(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	por	%xmm1,%xmm0
	pshufd	$78,%xmm0,%xmm1
	por	%xmm1,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	.L1st4x
.align	16
.L1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.L1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.align	4
.Louter4x:
	leaq	32+128(%rsp,%r9,8),%rdx
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	movdqa	-128(%r12),%xmm0
	movdqa	-112(%r12),%xmm1
	movdqa	-96(%r12),%xmm2
	movdqa	-80(%r12),%xmm3
	pand	-128(%rdx),%xmm0
	pand	-112(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-80(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	-64(%r12),%xmm0
	movdqa	-48(%r12),%xmm1
	movdqa	-32(%r12),%xmm2
	movdqa	-16(%r12),%xmm3
	pand	-64(%rdx),%xmm0
	pand	-48(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-16(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	0(%r12),%xmm0
	movdqa	16(%r12),%xmm1
	movdqa	32(%r12),%xmm2
	movdqa	48(%r12),%xmm3
	pand	0(%rdx),%xmm0
	pand	16(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	48(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	64(%r12),%xmm0
	movdqa	80(%r12),%xmm1
	movdqa	96(%r12),%xmm2
	movdqa	112(%r12),%xmm3
	pand	64(%rdx),%xmm0
	pand	80(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	112(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	por	%xmm5,%xmm4
	pshufd	$78,%xmm4,%xmm0
	por	%xmm4,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	xorq	%r15,%r15

	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdx,%r13
	jmp	.Linner4x
.align	16
.Linner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-40(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.Linner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	movq	%rdi,-16(%rsp,%r15,8)

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	.Louter4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	.Lsub4x
.align	16
.Lsub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	.Lsub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	.Lcopy4x
.align	16
.Lcopy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	.Lcopy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul4x_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
.globl	bn_scatter5
.type	bn_scatter5,@function
.align	16
bn_scatter5:
	cmpq	$0,%rsi
	jz	.Lscatter_epilogue
	leaq	(%rdx,%rcx,8),%rdx
.Lscatter:
	movq	(%rdi),%rax
	leaq	8(%rdi),%rdi
	movq	%rax,(%rdx)
	leaq	256(%rdx),%rdx
	subq	$1,%rsi
	jnz	.Lscatter
.Lscatter_epilogue:
	.byte	0xf3,0xc3
.size	bn_scatter5,.-bn_scatter5

.globl	bn_gather5
.type	bn_gather5,@function
.align	16
bn_gather5:
.LSEH_begin_bn_gather5:

.byte	0x4c,0x8d,0x14,0x24			
.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	
	leaq	.Linc(%rip),%rax
	andq	$-16,%rsp

	movd	%ecx,%xmm5
	movdqa	0(%rax),%xmm0
	movdqa	16(%rax),%xmm1
	leaq	128(%rdx),%r11
	leaq	128(%rsp),%rax

	pshufd	$0,%xmm5,%xmm5
	movdqa	%xmm1,%xmm4
	movdqa	%xmm1,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,-128(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,-112(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,-96(%rax)
	movdqa	%xmm4,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,-80(%rax)
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,-64(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,-48(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,-32(%rax)
	movdqa	%xmm4,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,-16(%rax)
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,16(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,32(%rax)
	movdqa	%xmm4,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,48(%rax)
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,64(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,80(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,96(%rax)
	movdqa	%xmm4,%xmm2
	movdqa	%xmm3,112(%rax)
	jmp	.Lgather

.align	32
.Lgather:
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	movdqa	-128(%r11),%xmm0
	movdqa	-112(%r11),%xmm1
	movdqa	-96(%r11),%xmm2
	pand	-128(%rax),%xmm0
	movdqa	-80(%r11),%xmm3
	pand	-112(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	-96(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	-80(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	-64(%r11),%xmm0
	movdqa	-48(%r11),%xmm1
	movdqa	-32(%r11),%xmm2
	pand	-64(%rax),%xmm0
	movdqa	-16(%r11),%xmm3
	pand	-48(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	-32(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	-16(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	0(%r11),%xmm0
	movdqa	16(%r11),%xmm1
	movdqa	32(%r11),%xmm2
	pand	0(%rax),%xmm0
	movdqa	48(%r11),%xmm3
	pand	16(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	32(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	48(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	64(%r11),%xmm0
	movdqa	80(%r11),%xmm1
	movdqa	96(%r11),%xmm2
	pand	64(%rax),%xmm0
	movdqa	112(%r11),%xmm3
	pand	80(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	96(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	112(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	por	%xmm5,%xmm4
	leaq	256(%r11),%r11
	pshufd	$78,%xmm4,%xmm0
	por	%xmm4,%xmm0
	movq	%xmm0,(%rdi)
	leaq	8(%rdi),%rdi
	subq	$1,%rsi
	jnz	.Lgather

	leaq	(%r10),%rsp
	.byte	0xf3,0xc3
.LSEH_end_bn_gather5:
.size	bn_gather5,.-bn_gather5
.align	64
.Linc:
.long	0,0, 1,1
.long	2,2, 2,2
.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/bn/mont5-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
.text	

.globl	bn_mul_mont_gather5
.type	bn_mul_mont_gather5,@function
.align	64
bn_mul_mont_gather5:
	testl	$3,%r9d
	jnz	.Lmul_enter
	cmpl	$8,%r9d
	jb	.Lmul_enter
	jmp	.Lmul4x_enter

.align	16
.Lmul_enter:
	movl	%r9d,%r9d
	movl	8(%rsp),%r10d
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	movq	%rsp,%rax
	leaq	2(%r9),%r11
	negq	%r11
	leaq	(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
.Lmul_body:
	movq	%rdx,%r12
	movq	%r10,%r11
	shrq	$3,%r10
	andq	$7,%r11
	notq	%r10
	leaq	.Lmagic_masks(%rip),%rax
	andq	$3,%r10
	leaq	96(%r12,%r11,8),%r12
	movq	0(%rax,%r10,8),%xmm4
	movq	8(%rax,%r10,8),%xmm5
	movq	16(%rax,%r10,8),%xmm6
	movq	24(%rax,%r10,8),%xmm7

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1
	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3
	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	movd	%xmm0,%rbx

	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.L1st_enter

.align	16
.L1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.L1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.L1st

	movd	%xmm0,%rbx

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	.Louter
.align	16
.Louter:
	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	.Linner_enter

.align	16
.Linner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

.Linner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	.Linner

	movd	%xmm0,%rbx

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	.Louter

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	.Lsub
.align	16
.Lsub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	.Lsub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.align	16
.Lcopy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	.Lcopy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
.type	bn_mul4x_mont_gather5,@function
.align	16
bn_mul4x_mont_gather5:
.Lmul4x_enter:
	movl	%r9d,%r9d
	movl	8(%rsp),%r10d
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	movq	%rsp,%rax
	leaq	4(%r9),%r11
	negq	%r11
	leaq	(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
.Lmul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	movq	%rdx,%r12
	movq	%r10,%r11
	shrq	$3,%r10
	andq	$7,%r11
	notq	%r10
	leaq	.Lmagic_masks(%rip),%rax
	andq	$3,%r10
	leaq	96(%r12,%r11,8),%r12
	movq	0(%rax,%r10,8),%xmm4
	movq	8(%rax,%r10,8),%xmm5
	movq	16(%rax,%r10,8),%xmm6
	movq	24(%rax,%r10,8),%xmm7

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1
	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3
	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	movd	%xmm0,%rbx
	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	.L1st4x
.align	16
.L1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.L1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	movd	%xmm0,%rbx

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.align	4
.Louter4x:
	xorq	%r15,%r15
	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdx,%r13
	jmp	.Linner4x
.align	16
.Linner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-40(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	.Linner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	movd	%xmm0,%rbx
	movq	%rdi,-16(%rsp,%r15,8)

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	.Louter4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	.Lsub4x
.align	16
.Lsub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	.Lsub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	.Lcopy4x
.align	16
.Lcopy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	.Lcopy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lmul4x_epilogue:
	.byte	0xf3,0xc3
.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
.globl	bn_scatter5
.type	bn_scatter5,@function
.align	16
bn_scatter5:
	cmpq	$0,%rsi
	jz	.Lscatter_epilogue
	leaq	(%rdx,%rcx,8),%rdx
.Lscatter:
	movq	(%rdi),%rax
	leaq	8(%rdi),%rdi
	movq	%rax,(%rdx)
	leaq	256(%rdx),%rdx
	subq	$1,%rsi
	jnz	.Lscatter
.Lscatter_epilogue:
	.byte	0xf3,0xc3
.size	bn_scatter5,.-bn_scatter5

.globl	bn_gather5
.type	bn_gather5,@function
.align	16
bn_gather5:
	movq	%rcx,%r11
	shrq	$3,%rcx
	andq	$7,%r11
	notq	%rcx
	leaq	.Lmagic_masks(%rip),%rax
	andq	$3,%rcx
	leaq	96(%rdx,%r11,8),%rdx
	movq	0(%rax,%rcx,8),%xmm4
	movq	8(%rax,%rcx,8),%xmm5
	movq	16(%rax,%rcx,8),%xmm6
	movq	24(%rax,%rcx,8),%xmm7
	jmp	.Lgather
.align	16
.Lgather:
	movq	-96(%rdx),%xmm0
	movq	-32(%rdx),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%rdx),%xmm2
	pand	%xmm5,%xmm1
	movq	96(%rdx),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3
	por	%xmm2,%xmm0
	leaq	256(%rdx),%rdx
	por	%xmm3,%xmm0

	movq	%xmm0,(%rdi)
	leaq	8(%rdi),%rdi
	subq	$1,%rsi
	jnz	.Lgather
	.byte	0xf3,0xc3
.LSEH_end_bn_gather5:
.size	bn_gather5,.-bn_gather5
.align	64
.Lmagic_masks:
.long	0,0, 0,0, 0,0, -1,-1
.long	0,0, 0,0, 0,0,  0,0
.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/bn/mont5-macosx-x86_64.S.












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
#include "x86_arch.h"
.text	

.globl	_bn_mul_mont_gather5

.p2align	6
_bn_mul_mont_gather5:
	testl	$3,%r9d
	jnz	L$mul_enter
	cmpl	$8,%r9d
	jb	L$mul_enter
	jmp	L$mul4x_enter

.p2align	4
L$mul_enter:
	movl	%r9d,%r9d
	movd	8(%rsp),%xmm5
	leaq	L$inc(%rip),%r10
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

L$mul_alloca:
	movq	%rsp,%rax
	leaq	2(%r9),%r11
	negq	%r11
	leaq	-264(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
L$mul_body:
	leaq	128(%rdx),%r12
	movdqa	0(%r10),%xmm0
	movdqa	16(%r10),%xmm1
	leaq	24-112(%rsp,%r9,8),%r10
	andq	$-16,%r10

	pshufd	$0,%xmm5,%xmm5
	movdqa	%xmm1,%xmm4
	movdqa	%xmm1,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
.byte	0x67
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,112(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,128(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,144(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,160(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,176(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,192(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,208(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,224(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,240(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,256(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,272(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,288(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,304(%r10)

	paddd	%xmm2,%xmm3
.byte	0x67
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,320(%r10)

	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,336(%r10)
	pand	64(%r12),%xmm0

	pand	80(%r12),%xmm1
	pand	96(%r12),%xmm2
	movdqa	%xmm3,352(%r10)
	pand	112(%r12),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-128(%r12),%xmm4
	movdqa	-112(%r12),%xmm5
	movdqa	-96(%r12),%xmm2
	pand	112(%r10),%xmm4
	movdqa	-80(%r12),%xmm3
	pand	128(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	144(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	160(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-64(%r12),%xmm4
	movdqa	-48(%r12),%xmm5
	movdqa	-32(%r12),%xmm2
	pand	176(%r10),%xmm4
	movdqa	-16(%r12),%xmm3
	pand	192(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	208(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	224(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	0(%r12),%xmm4
	movdqa	16(%r12),%xmm5
	movdqa	32(%r12),%xmm2
	pand	240(%r10),%xmm4
	movdqa	48(%r12),%xmm3
	pand	256(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	272(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	288(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	por	%xmm1,%xmm0
	pshufd	$78,%xmm0,%xmm1
	por	%xmm1,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$1st_enter

.p2align	4
L$1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$1st

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	L$outer
.p2align	4
L$outer:
	leaq	24+128(%rsp,%r9,8),%rdx
	andq	$-16,%rdx
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	movdqa	-128(%r12),%xmm0
	movdqa	-112(%r12),%xmm1
	movdqa	-96(%r12),%xmm2
	movdqa	-80(%r12),%xmm3
	pand	-128(%rdx),%xmm0
	pand	-112(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-80(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	-64(%r12),%xmm0
	movdqa	-48(%r12),%xmm1
	movdqa	-32(%r12),%xmm2
	movdqa	-16(%r12),%xmm3
	pand	-64(%rdx),%xmm0
	pand	-48(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-16(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	0(%r12),%xmm0
	movdqa	16(%r12),%xmm1
	movdqa	32(%r12),%xmm2
	movdqa	48(%r12),%xmm3
	pand	0(%rdx),%xmm0
	pand	16(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	48(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	64(%r12),%xmm0
	movdqa	80(%r12),%xmm1
	movdqa	96(%r12),%xmm2
	movdqa	112(%r12),%xmm3
	pand	64(%rdx),%xmm0
	pand	80(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	112(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	por	%xmm5,%xmm4
	pshufd	$78,%xmm4,%xmm0
	por	%xmm4,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$inner_enter

.p2align	4
L$inner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$inner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$inner

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	L$outer

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	L$sub
.p2align	4
L$sub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	L$sub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.p2align	4
L$copy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	L$copy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul_epilogue:
	.byte	0xf3,0xc3


.p2align	4
bn_mul4x_mont_gather5:
L$mul4x_enter:
	movl	%r9d,%r9d
	movd	8(%rsp),%xmm5
	leaq	L$inc(%rip),%r10
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

L$mul4x_alloca:
	movq	%rsp,%rax
	leaq	4(%r9),%r11
	negq	%r11
	leaq	-256(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
L$mul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	leaq	128(%rdx),%r12
	movdqa	0(%r10),%xmm0
	movdqa	16(%r10),%xmm1
	leaq	32-112(%rsp,%r9,8),%r10

	pshufd	$0,%xmm5,%xmm5
	movdqa	%xmm1,%xmm4
.byte	0x67,0x67
	movdqa	%xmm1,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
.byte	0x67
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,112(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,128(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,144(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,160(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,176(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,192(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,208(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,224(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,240(%r10)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,256(%r10)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,272(%r10)
	movdqa	%xmm4,%xmm2

	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,288(%r10)
	movdqa	%xmm4,%xmm3
	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,304(%r10)

	paddd	%xmm2,%xmm3
.byte	0x67
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,320(%r10)

	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,336(%r10)
	pand	64(%r12),%xmm0

	pand	80(%r12),%xmm1
	pand	96(%r12),%xmm2
	movdqa	%xmm3,352(%r10)
	pand	112(%r12),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-128(%r12),%xmm4
	movdqa	-112(%r12),%xmm5
	movdqa	-96(%r12),%xmm2
	pand	112(%r10),%xmm4
	movdqa	-80(%r12),%xmm3
	pand	128(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	144(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	160(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	-64(%r12),%xmm4
	movdqa	-48(%r12),%xmm5
	movdqa	-32(%r12),%xmm2
	pand	176(%r10),%xmm4
	movdqa	-16(%r12),%xmm3
	pand	192(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	208(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	224(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	movdqa	0(%r12),%xmm4
	movdqa	16(%r12),%xmm5
	movdqa	32(%r12),%xmm2
	pand	240(%r10),%xmm4
	movdqa	48(%r12),%xmm3
	pand	256(%r10),%xmm5
	por	%xmm4,%xmm0
	pand	272(%r10),%xmm2
	por	%xmm5,%xmm1
	pand	288(%r10),%xmm3
	por	%xmm2,%xmm0
	por	%xmm3,%xmm1
	por	%xmm1,%xmm0
	pshufd	$78,%xmm0,%xmm1
	por	%xmm1,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	L$1st4x
.p2align	4
L$1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.p2align	2
L$outer4x:
	leaq	32+128(%rsp,%r9,8),%rdx
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	movdqa	-128(%r12),%xmm0
	movdqa	-112(%r12),%xmm1
	movdqa	-96(%r12),%xmm2
	movdqa	-80(%r12),%xmm3
	pand	-128(%rdx),%xmm0
	pand	-112(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-80(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	-64(%r12),%xmm0
	movdqa	-48(%r12),%xmm1
	movdqa	-32(%r12),%xmm2
	movdqa	-16(%r12),%xmm3
	pand	-64(%rdx),%xmm0
	pand	-48(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	-32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	-16(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	0(%r12),%xmm0
	movdqa	16(%r12),%xmm1
	movdqa	32(%r12),%xmm2
	movdqa	48(%r12),%xmm3
	pand	0(%rdx),%xmm0
	pand	16(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	32(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	48(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	64(%r12),%xmm0
	movdqa	80(%r12),%xmm1
	movdqa	96(%r12),%xmm2
	movdqa	112(%r12),%xmm3
	pand	64(%rdx),%xmm0
	pand	80(%rdx),%xmm1
	por	%xmm0,%xmm4
	pand	96(%rdx),%xmm2
	por	%xmm1,%xmm5
	pand	112(%rdx),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	por	%xmm5,%xmm4
	pshufd	$78,%xmm4,%xmm0
	por	%xmm4,%xmm0
	leaq	256(%r12),%r12
	movd	%xmm0,%rbx

	xorq	%r15,%r15

	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	imulq	%r10,%rbp
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdx,%r13
	jmp	L$inner4x
.p2align	4
L$inner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-40(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$inner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	movq	%rdi,-16(%rsp,%r15,8)

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	L$outer4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	L$sub4x
.p2align	4
L$sub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	L$sub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	L$copy4x
.p2align	4
L$copy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	L$copy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax

	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul4x_epilogue:
	.byte	0xf3,0xc3

.globl	_bn_scatter5

.p2align	4
_bn_scatter5:
	cmpq	$0,%rsi
	jz	L$scatter_epilogue
	leaq	(%rdx,%rcx,8),%rdx
L$scatter:
	movq	(%rdi),%rax
	leaq	8(%rdi),%rdi
	movq	%rax,(%rdx)
	leaq	256(%rdx),%rdx
	subq	$1,%rsi
	jnz	L$scatter
L$scatter_epilogue:
	.byte	0xf3,0xc3


.globl	_bn_gather5

.p2align	4
_bn_gather5:
L$SEH_begin_bn_gather5:

.byte	0x4c,0x8d,0x14,0x24			
.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	
	leaq	L$inc(%rip),%rax
	andq	$-16,%rsp

	movd	%ecx,%xmm5
	movdqa	0(%rax),%xmm0
	movdqa	16(%rax),%xmm1
	leaq	128(%rdx),%r11
	leaq	128(%rsp),%rax

	pshufd	$0,%xmm5,%xmm5
	movdqa	%xmm1,%xmm4
	movdqa	%xmm1,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,-128(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,-112(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,-96(%rax)
	movdqa	%xmm4,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,-80(%rax)
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,-64(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,-48(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,-32(%rax)
	movdqa	%xmm4,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,-16(%rax)
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,0(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,16(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,32(%rax)
	movdqa	%xmm4,%xmm2
	paddd	%xmm0,%xmm1
	pcmpeqd	%xmm5,%xmm0
	movdqa	%xmm3,48(%rax)
	movdqa	%xmm4,%xmm3

	paddd	%xmm1,%xmm2
	pcmpeqd	%xmm5,%xmm1
	movdqa	%xmm0,64(%rax)
	movdqa	%xmm4,%xmm0

	paddd	%xmm2,%xmm3
	pcmpeqd	%xmm5,%xmm2
	movdqa	%xmm1,80(%rax)
	movdqa	%xmm4,%xmm1

	paddd	%xmm3,%xmm0
	pcmpeqd	%xmm5,%xmm3
	movdqa	%xmm2,96(%rax)
	movdqa	%xmm4,%xmm2
	movdqa	%xmm3,112(%rax)
	jmp	L$gather

.p2align	5
L$gather:
	pxor	%xmm4,%xmm4
	pxor	%xmm5,%xmm5
	movdqa	-128(%r11),%xmm0
	movdqa	-112(%r11),%xmm1
	movdqa	-96(%r11),%xmm2
	pand	-128(%rax),%xmm0
	movdqa	-80(%r11),%xmm3
	pand	-112(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	-96(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	-80(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	-64(%r11),%xmm0
	movdqa	-48(%r11),%xmm1
	movdqa	-32(%r11),%xmm2
	pand	-64(%rax),%xmm0
	movdqa	-16(%r11),%xmm3
	pand	-48(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	-32(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	-16(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	0(%r11),%xmm0
	movdqa	16(%r11),%xmm1
	movdqa	32(%r11),%xmm2
	pand	0(%rax),%xmm0
	movdqa	48(%r11),%xmm3
	pand	16(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	32(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	48(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	movdqa	64(%r11),%xmm0
	movdqa	80(%r11),%xmm1
	movdqa	96(%r11),%xmm2
	pand	64(%rax),%xmm0
	movdqa	112(%r11),%xmm3
	pand	80(%rax),%xmm1
	por	%xmm0,%xmm4
	pand	96(%rax),%xmm2
	por	%xmm1,%xmm5
	pand	112(%rax),%xmm3
	por	%xmm2,%xmm4
	por	%xmm3,%xmm5
	por	%xmm5,%xmm4
	leaq	256(%r11),%r11
	pshufd	$78,%xmm4,%xmm0
	por	%xmm4,%xmm0
	movq	%xmm0,(%rdi)
	leaq	8(%rdi),%rdi
	subq	$1,%rsi
	jnz	L$gather

	leaq	(%r10),%rsp
	.byte	0xf3,0xc3
L$SEH_end_bn_gather5:

.p2align	6
L$inc:
.long	0,0, 1,1
.long	2,2, 2,2
.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
Deleted jni/libressl/crypto/bn/mont5-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
.text	

.globl	_bn_mul_mont_gather5

.p2align	6
_bn_mul_mont_gather5:
	testl	$3,%r9d
	jnz	L$mul_enter
	cmpl	$8,%r9d
	jb	L$mul_enter
	jmp	L$mul4x_enter

.p2align	4
L$mul_enter:
	movl	%r9d,%r9d
	movl	8(%rsp),%r10d
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	movq	%rsp,%rax
	leaq	2(%r9),%r11
	negq	%r11
	leaq	(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
L$mul_body:
	movq	%rdx,%r12
	movq	%r10,%r11
	shrq	$3,%r10
	andq	$7,%r11
	notq	%r10
	leaq	L$magic_masks(%rip),%rax
	andq	$3,%r10
	leaq	96(%r12,%r11,8),%r12
	movq	0(%rax,%r10,8),%xmm4
	movq	8(%rax,%r10,8),%xmm5
	movq	16(%rax,%r10,8),%xmm6
	movq	24(%rax,%r10,8),%xmm7

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1
	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3
	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	movd	%xmm0,%rbx

	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$1st_enter

.p2align	4
L$1st:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	movq	%r10,%r11
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$1st_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	1(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$1st

	movd	%xmm0,%rbx

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13
	movq	%r10,%r11

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	jmp	L$outer
.p2align	4
L$outer:
	xorq	%r15,%r15
	movq	%r8,%rbp
	movq	(%rsp),%r10

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	8(%rsp),%r10
	movq	%rdx,%r13

	leaq	1(%r15),%r15
	jmp	L$inner_enter

.p2align	4
L$inner:
	addq	%rax,%r13
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

L$inner_enter:
	mulq	%rbx
	addq	%rax,%r11
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%r10
	movq	%rdx,%r11
	adcq	$0,%r11
	leaq	1(%r15),%r15

	mulq	%rbp
	cmpq	%r9,%r15
	jl	L$inner

	movd	%xmm0,%rbx

	addq	%rax,%r13
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	movq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%r13,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	xorq	%rdx,%rdx
	addq	%r11,%r13
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r9,8)
	movq	%rdx,(%rsp,%r9,8)

	leaq	1(%r14),%r14
	cmpq	%r9,%r14
	jl	L$outer

	xorq	%r14,%r14
	movq	(%rsp),%rax
	leaq	(%rsp),%rsi
	movq	%r9,%r15
	jmp	L$sub
.p2align	4
L$sub:	sbbq	(%rcx,%r14,8),%rax
	movq	%rax,(%rdi,%r14,8)
	movq	8(%rsi,%r14,8),%rax
	leaq	1(%r14),%r14
	decq	%r15
	jnz	L$sub

	sbbq	$0,%rax
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	movq	%r9,%r15
	orq	%rcx,%rsi
.p2align	4
L$copy:
	movq	(%rsi,%r14,8),%rax
	movq	%r14,(%rsp,%r14,8)
	movq	%rax,(%rdi,%r14,8)
	leaq	1(%r14),%r14
	subq	$1,%r15
	jnz	L$copy

	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul_epilogue:
	.byte	0xf3,0xc3


.p2align	4
bn_mul4x_mont_gather5:
L$mul4x_enter:
	movl	%r9d,%r9d
	movl	8(%rsp),%r10d
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	movq	%rsp,%rax
	leaq	4(%r9),%r11
	negq	%r11
	leaq	(%rsp,%r11,8),%rsp
	andq	$-1024,%rsp

	movq	%rax,8(%rsp,%r9,8)
L$mul4x_body:
	movq	%rdi,16(%rsp,%r9,8)
	movq	%rdx,%r12
	movq	%r10,%r11
	shrq	$3,%r10
	andq	$7,%r11
	notq	%r10
	leaq	L$magic_masks(%rip),%rax
	andq	$3,%r10
	leaq	96(%r12,%r11,8),%r12
	movq	0(%rax,%r10,8),%xmm4
	movq	8(%rax,%r10,8),%xmm5
	movq	16(%rax,%r10,8),%xmm6
	movq	24(%rax,%r10,8),%xmm7

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1
	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3
	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	movd	%xmm0,%rbx
	movq	(%r8),%r8
	movq	(%rsi),%rax

	xorq	%r14,%r14
	xorq	%r15,%r15

	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	movq	%r8,%rbp
	mulq	%rbx
	movq	%rax,%r10
	movq	(%rcx),%rax

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdi,(%rsp)
	movq	%rdx,%r13
	jmp	L$1st4x
.p2align	4
L$1st4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$1st4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%r13

	movd	%xmm0,%rbx

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	leaq	1(%r14),%r14
.p2align	2
L$outer4x:
	xorq	%r15,%r15
	movq	-96(%r12),%xmm0
	movq	-32(%r12),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%r12),%xmm2
	pand	%xmm5,%xmm1

	movq	(%rsp),%r10
	movq	%r8,%rbp
	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx),%rax
	adcq	$0,%rdx

	movq	96(%r12),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3

	imulq	%r10,%rbp
	movq	%rdx,%r11

	por	%xmm2,%xmm0
	leaq	256(%r12),%r12
	por	%xmm3,%xmm0

	mulq	%rbp
	addq	%rax,%r10
	movq	8(%rsi),%rax
	adcq	$0,%rdx
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx),%rax
	adcq	$0,%rdx
	addq	8(%rsp),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	16(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	leaq	4(%r15),%r15
	adcq	$0,%rdx
	movq	%rdx,%r13
	jmp	L$inner4x
.p2align	4
L$inner4x:
	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	mulq	%rbx
	addq	%rax,%r10
	movq	(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-16(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	4(%r15),%r15
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	-16(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-40(%rsp,%r15,8)
	movq	%rdx,%r13
	cmpq	%r9,%r15
	jl	L$inner4x

	mulq	%rbx
	addq	%rax,%r10
	movq	-16(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-16(%rsp,%r15,8),%r10
	adcq	$0,%rdx
	movq	%rdx,%r11

	mulq	%rbp
	addq	%rax,%r13
	movq	-8(%rsi,%r15,8),%rax
	adcq	$0,%rdx
	addq	%r10,%r13
	adcq	$0,%rdx
	movq	%rdi,-32(%rsp,%r15,8)
	movq	%rdx,%rdi

	mulq	%rbx
	addq	%rax,%r11
	movq	-8(%rcx,%r15,8),%rax
	adcq	$0,%rdx
	addq	-8(%rsp,%r15,8),%r11
	adcq	$0,%rdx
	leaq	1(%r14),%r14
	movq	%rdx,%r10

	mulq	%rbp
	addq	%rax,%rdi
	movq	(%rsi),%rax
	adcq	$0,%rdx
	addq	%r11,%rdi
	adcq	$0,%rdx
	movq	%r13,-24(%rsp,%r15,8)
	movq	%rdx,%r13

	movd	%xmm0,%rbx
	movq	%rdi,-16(%rsp,%r15,8)

	xorq	%rdi,%rdi
	addq	%r10,%r13
	adcq	$0,%rdi
	addq	(%rsp,%r9,8),%r13
	adcq	$0,%rdi
	movq	%r13,-8(%rsp,%r15,8)
	movq	%rdi,(%rsp,%r15,8)

	cmpq	%r9,%r14
	jl	L$outer4x
	movq	16(%rsp,%r9,8),%rdi
	movq	0(%rsp),%rax
	pxor	%xmm0,%xmm0
	movq	8(%rsp),%rdx
	shrq	$2,%r9
	leaq	(%rsp),%rsi
	xorq	%r14,%r14

	subq	0(%rcx),%rax
	movq	16(%rsi),%rbx
	movq	24(%rsi),%rbp
	sbbq	8(%rcx),%rdx
	leaq	-1(%r9),%r15
	jmp	L$sub4x
.p2align	4
L$sub4x:
	movq	%rax,0(%rdi,%r14,8)
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	16(%rcx,%r14,8),%rbx
	movq	32(%rsi,%r14,8),%rax
	movq	40(%rsi,%r14,8),%rdx
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)
	movq	%rbp,24(%rdi,%r14,8)
	sbbq	32(%rcx,%r14,8),%rax
	movq	48(%rsi,%r14,8),%rbx
	movq	56(%rsi,%r14,8),%rbp
	sbbq	40(%rcx,%r14,8),%rdx
	leaq	4(%r14),%r14
	decq	%r15
	jnz	L$sub4x

	movq	%rax,0(%rdi,%r14,8)
	movq	32(%rsi,%r14,8),%rax
	sbbq	16(%rcx,%r14,8),%rbx
	movq	%rdx,8(%rdi,%r14,8)
	sbbq	24(%rcx,%r14,8),%rbp
	movq	%rbx,16(%rdi,%r14,8)

	sbbq	$0,%rax
	movq	%rbp,24(%rdi,%r14,8)
	xorq	%r14,%r14
	andq	%rax,%rsi
	notq	%rax
	movq	%rdi,%rcx
	andq	%rax,%rcx
	leaq	-1(%r9),%r15
	orq	%rcx,%rsi

	movdqu	(%rsi),%xmm1
	movdqa	%xmm0,(%rsp)
	movdqu	%xmm1,(%rdi)
	jmp	L$copy4x
.p2align	4
L$copy4x:
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqu	32(%rsi,%r14,1),%xmm1
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movdqa	%xmm0,32(%rsp,%r14,1)
	movdqu	%xmm1,32(%rdi,%r14,1)
	leaq	32(%r14),%r14
	decq	%r15
	jnz	L$copy4x

	shlq	$2,%r9
	movdqu	16(%rsi,%r14,1),%xmm2
	movdqa	%xmm0,16(%rsp,%r14,1)
	movdqu	%xmm2,16(%rdi,%r14,1)
	movq	8(%rsp,%r9,8),%rsi
	movq	$1,%rax
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$mul4x_epilogue:
	.byte	0xf3,0xc3

.globl	_bn_scatter5

.p2align	4
_bn_scatter5:
	cmpq	$0,%rsi
	jz	L$scatter_epilogue
	leaq	(%rdx,%rcx,8),%rdx
L$scatter:
	movq	(%rdi),%rax
	leaq	8(%rdi),%rdi
	movq	%rax,(%rdx)
	leaq	256(%rdx),%rdx
	subq	$1,%rsi
	jnz	L$scatter
L$scatter_epilogue:
	.byte	0xf3,0xc3


.globl	_bn_gather5

.p2align	4
_bn_gather5:
	movq	%rcx,%r11
	shrq	$3,%rcx
	andq	$7,%r11
	notq	%rcx
	leaq	L$magic_masks(%rip),%rax
	andq	$3,%rcx
	leaq	96(%rdx,%r11,8),%rdx
	movq	0(%rax,%rcx,8),%xmm4
	movq	8(%rax,%rcx,8),%xmm5
	movq	16(%rax,%rcx,8),%xmm6
	movq	24(%rax,%rcx,8),%xmm7
	jmp	L$gather
.p2align	4
L$gather:
	movq	-96(%rdx),%xmm0
	movq	-32(%rdx),%xmm1
	pand	%xmm4,%xmm0
	movq	32(%rdx),%xmm2
	pand	%xmm5,%xmm1
	movq	96(%rdx),%xmm3
	pand	%xmm6,%xmm2
	por	%xmm1,%xmm0
	pand	%xmm7,%xmm3
	por	%xmm2,%xmm0
	leaq	256(%rdx),%rdx
	por	%xmm3,%xmm0

	movq	%xmm0,(%rdi)
	leaq	8(%rdi),%rdi
	subq	$1,%rsi
	jnz	L$gather
	.byte	0xf3,0xc3
L$SEH_end_bn_gather5:

.p2align	6
L$magic_masks:
.long	0,0, 0,0, 0,0, -1,-1
.long	0,0, 0,0, 0,0,  0,0
.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/buffer/buf_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: buf_err.c,v 1.9 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: buf_err.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)

static ERR_STRING_DATA BUF_str_functs[] = {
	{ERR_FUNC(BUF_F_BUF_MEMDUP),	"BUF_memdup"},
	{ERR_FUNC(BUF_F_BUF_MEM_GROW),	"BUF_MEM_grow"},
	{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN),	"BUF_MEM_grow_clean"},
	{ERR_FUNC(BUF_F_BUF_MEM_NEW),	"BUF_MEM_new"},
	{ERR_FUNC(BUF_F_BUF_STRDUP),	"BUF_strdup"},
	{ERR_FUNC(BUF_F_BUF_STRNDUP),	"BUF_strndup"},
	{0, NULL}
};

static ERR_STRING_DATA BUF_str_reasons[] = {
	{0, NULL}
};








|
<
<
<
<
<







68
69
70
71
72
73
74
75





76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)

static ERR_STRING_DATA BUF_str_functs[] = {
	{ERR_FUNC(0xfff), "CRYPTO_internal"},





	{0, NULL}
};

static ERR_STRING_DATA BUF_str_reasons[] = {
	{0, NULL}
};

Changes to jni/libressl/crypto/buffer/buf_str.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: buf_str.c,v 1.8 2014/04/26 13:07:16 jsing Exp $ */
/*
 * Copyright (c) 2014 Bob Beck
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: buf_str.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
/*
 * Copyright (c) 2014 Bob Beck
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
char *
BUF_strdup(const char *str)
{
	char *ret = NULL;

	if (str != NULL) {
		if (!(ret = strdup(str)))
			BUFerr(BUF_F_BUF_STRDUP, ERR_R_MALLOC_FAILURE);
	}
	return ret;
}

char *
BUF_strndup(const char *str, size_t siz)
{
	char *ret = NULL;

	if (str != NULL) {
		if (!(ret = strndup(str, siz)))
			BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
	}
	return ret;
}

void *
BUF_memdup(const void *data, size_t siz)
{
	void *ret = NULL;

	if (data != NULL) {
		if (!(ret = malloc(siz)))
			BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
		else
			(void) memcpy(ret, data, siz);
	}
	return ret;
}

size_t







|











|











|







31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
char *
BUF_strdup(const char *str)
{
	char *ret = NULL;

	if (str != NULL) {
		if (!(ret = strdup(str)))
			BUFerror(ERR_R_MALLOC_FAILURE);
	}
	return ret;
}

char *
BUF_strndup(const char *str, size_t siz)
{
	char *ret = NULL;

	if (str != NULL) {
		if (!(ret = strndup(str, siz)))
			BUFerror(ERR_R_MALLOC_FAILURE);
	}
	return ret;
}

void *
BUF_memdup(const void *data, size_t siz)
{
	void *ret = NULL;

	if (data != NULL) {
		if (!(ret = malloc(siz)))
			BUFerror(ERR_R_MALLOC_FAILURE);
		else
			(void) memcpy(ret, data, siz);
	}
	return ret;
}

size_t
Changes to jni/libressl/crypto/buffer/buffer.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: buffer.c,v 1.20 2014/07/10 13:58:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: buffer.c,v 1.24 2017/03/16 13:29:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#define LIMIT_BEFORE_EXPANSION 0x5ffffffc

BUF_MEM *
BUF_MEM_new(void)
{
	BUF_MEM *ret;

	ret = malloc(sizeof(BUF_MEM));
	if (ret == NULL) {
		BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->length = 0;
	ret->max = 0;
	ret->data = NULL;
	return (ret);
}

void
BUF_MEM_free(BUF_MEM *a)
{
	if (a == NULL)







|
<
|


|
<
<







69
70
71
72
73
74
75
76

77
78
79
80


81
82
83
84
85
86
87
#define LIMIT_BEFORE_EXPANSION 0x5ffffffc

BUF_MEM *
BUF_MEM_new(void)
{
	BUF_MEM *ret;

	if ((ret = calloc(1, sizeof(BUF_MEM))) == NULL) {

		BUFerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}



	return (ret);
}

void
BUF_MEM_free(BUF_MEM *a)
{
	if (a == NULL)
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	size_t n;

	if (str->length >= len) {
		str->length = len;
		return (len);
	}
	if (str->max >= len) {
		memset(&str->data[str->length], 0, len - str->length);
		str->length = len;
		return (len);
	}
	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
	if (len > LIMIT_BEFORE_EXPANSION) {
		BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	n = (len + 3) / 3 * 4;
	ret = realloc(str->data, n);
	if (ret == NULL) {
		BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
		len = 0;
	} else {
		str->data = ret;
		str->max = n;
		memset(&str->data[str->length], 0, len - str->length);
		str->length = len;
	}
	return (len);
}

int
BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
{
	char *ret;
	size_t n;

	if (str->length >= len) {
		memset(&str->data[len], 0, str->length - len);
		str->length = len;
		return (len);
	}
	if (str->max >= len) {
		memset(&str->data[str->length], 0, len - str->length);
		str->length = len;
		return (len);
	}
	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
	if (len > LIMIT_BEFORE_EXPANSION) {
		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	n = (len + 3) / 3 * 4;
	ret = malloc(n);
	/* we're not shrinking - that case returns above */
	if ((ret != NULL)  && (str->data != NULL)) {
		memcpy(ret, str->data, str->max);
		explicit_bzero(str->data, str->max);
		free(str->data);
	}
	if (ret == NULL) {
		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
		len = 0;
	} else {
		str->data = ret;
		str->max = n;
		memset(&str->data[str->length], 0, len - str->length);
		str->length = len;
	}
	return (len);
}

void
BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)







<





|



|

|




<

















<





|



<
<
<
<
|
<
<

|




<







101
102
103
104
105
106
107

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148
149




150


151
152
153
154
155
156

157
158
159
160
161
162
163
	size_t n;

	if (str->length >= len) {
		str->length = len;
		return (len);
	}
	if (str->max >= len) {

		str->length = len;
		return (len);
	}
	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
	if (len > LIMIT_BEFORE_EXPANSION) {
		BUFerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	n = (len + 3) / 3 * 4;
	ret = recallocarray(str->data, str->max, n, 1);
	if (ret == NULL) {
		BUFerror(ERR_R_MALLOC_FAILURE);
		len = 0;
	} else {
		str->data = ret;
		str->max = n;

		str->length = len;
	}
	return (len);
}

int
BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
{
	char *ret;
	size_t n;

	if (str->length >= len) {
		memset(&str->data[len], 0, str->length - len);
		str->length = len;
		return (len);
	}
	if (str->max >= len) {

		str->length = len;
		return (len);
	}
	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
	if (len > LIMIT_BEFORE_EXPANSION) {
		BUFerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	n = (len + 3) / 3 * 4;




	ret = recallocarray(str->data, str->max, n, 1);


	if (ret == NULL) {
		BUFerror(ERR_R_MALLOC_FAILURE);
		len = 0;
	} else {
		str->data = ret;
		str->max = n;

		str->length = len;
	}
	return (len);
}

void
BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
Changes to jni/libressl/crypto/camellia/camellia.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: camellia.c,v 1.9 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
 * ALL RIGHTS RESERVED.
 *
 * Intellectual Property information for Camellia:
 *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: camellia.c,v 1.11 2016/09/04 14:31:29 jsing Exp $ */
/* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
 * ALL RIGHTS RESERVED.
 *
 * Intellectual Property information for Camellia:
 *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 *
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
#   define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
#   define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
#   define RightRotate(x,s) LeftRotate(x,(32-s))
#  elif defined(__s390x__)
#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
#   define RightRotate(x,s) LeftRotate(x,(32-s))
#   define GETU32(p)   (*(u32 *)(p))
#   define PUTU32(p,v) (*(u32 *)(p)=(v))
#  endif
# endif
#endif

#if !defined(RightRotate) && !defined(LeftRotate)
# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )







<
<
<
<
<







97
98
99
100
101
102
103





104
105
106
107
108
109
110
#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
#   define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
#   define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
#   define RightRotate(x,s) LeftRotate(x,(32-s))





#  endif
# endif
#endif

#if !defined(RightRotate) && !defined(LeftRotate)
# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
Changes to jni/libressl/crypto/camellia/camellia.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: camellia.h,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: camellia.h,v 1.5 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Added jni/libressl/crypto/camellia/cmll-elf-x86_64.S.




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
#include "x86_arch.h"
.text	


.globl	Camellia_EncryptBlock
.type	Camellia_EncryptBlock,@function
.align	16
Camellia_EncryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	.Lenc_rounds
.size	Camellia_EncryptBlock,.-Camellia_EncryptBlock

.globl	Camellia_EncryptBlock_Rounds
.type	Camellia_EncryptBlock_Rounds,@function
.align	16
.Lenc_rounds:
Camellia_EncryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lenc_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r14

	shll	$6,%edi
	leaq	.LCamellia_SBOX(%rip),%rbp
	leaq	(%r14,%rdi,1),%r15

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
.Lenc_epilogue:
	.byte	0xf3,0xc3
.size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds

.type	_x86_64_Camellia_encrypt,@function
.align	16
_x86_64_Camellia_encrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.align	16
.Leloop:
	movl	16(%r14),%ebx
	movl	20(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	56(%r14),%ebx
	movl	60(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	64(%r14),%ebx
	movl	68(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	64(%r14),%r14
	cmpq	%r15,%r14
	movl	8(%r14),%edx
	movl	12(%r14),%ecx
	je	.Ledone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d
	jmp	.Leloop

.align	16
.Ledone:
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx

	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r10d
	movl	%edx,%r11d

.byte	0xf3,0xc3		
.size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt


.globl	Camellia_DecryptBlock
.type	Camellia_DecryptBlock,@function
.align	16
Camellia_DecryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	.Ldec_rounds
.size	Camellia_DecryptBlock,.-Camellia_DecryptBlock

.globl	Camellia_DecryptBlock_Rounds
.type	Camellia_DecryptBlock_Rounds,@function
.align	16
.Ldec_rounds:
Camellia_DecryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Ldec_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r15

	shll	$6,%edi
	leaq	.LCamellia_SBOX(%rip),%rbp
	leaq	(%r15,%rdi,1),%r14

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
.Ldec_epilogue:
	.byte	0xf3,0xc3
.size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds

.type	_x86_64_Camellia_decrypt,@function
.align	16
_x86_64_Camellia_decrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.align	16
.Ldloop:
	movl	-8(%r14),%ebx
	movl	-4(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-16(%r14),%ebx
	movl	-12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-24(%r14),%ebx
	movl	-20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-32(%r14),%ebx
	movl	-28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-40(%r14),%ebx
	movl	-36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-48(%r14),%ebx
	movl	-44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-56(%r14),%ebx
	movl	-52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	-64(%r14),%r14
	cmpq	%r15,%r14
	movl	0(%r14),%edx
	movl	4(%r14),%ecx
	je	.Lddone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d

	jmp	.Ldloop

.align	16
.Lddone:
	xorl	%r10d,%ecx
	xorl	%r11d,%edx
	xorl	%r8d,%eax
	xorl	%r9d,%ebx

	movl	%ecx,%r8d
	movl	%edx,%r9d
	movl	%eax,%r10d
	movl	%ebx,%r11d

.byte	0xf3,0xc3		
.size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
.globl	Camellia_Ekeygen
.type	Camellia_Ekeygen,@function
.align	16
Camellia_Ekeygen:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lkey_prologue:

	movq	%rdi,%r15
	movq	%rdx,%r13

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	movl	12(%rsi),%r11d

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,0(%r13)
	movl	%r8d,4(%r13)
	movl	%r11d,8(%r13)
	movl	%r10d,12(%r13)
	cmpq	$128,%r15
	je	.L1st128

	movl	16(%rsi),%r8d
	movl	20(%rsi),%r9d
	cmpq	$192,%r15
	je	.L1st192
	movl	24(%rsi),%r10d
	movl	28(%rsi),%r11d
	jmp	.L1st256
.L1st192:
	movl	%r8d,%r10d
	movl	%r9d,%r11d
	notl	%r10d
	notl	%r11d
.L1st256:
	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,32(%r13)
	movl	%r8d,36(%r13)
	movl	%r11d,40(%r13)
	movl	%r10d,44(%r13)
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d

.L1st128:
	leaq	.LCamellia_SIGMA(%rip),%r14
	leaq	.LCamellia_SBOX(%rip),%rbp

	movl	0(%r14),%ebx
	movl	4(%r14),%eax
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	8(%r14),%ebx
	movl	12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	16(%r14),%ebx
	movl	20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	cmpq	$128,%r15
	jne	.L2nd256

	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	-128(%r13),%rax
	movq	-120(%r13),%rbx
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,-96(%r13)
	movq	%rbx,-88(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-80(%r13)
	movq	%r10,-72(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-64(%r13)
	movq	%r10,-56(%r13)
	movq	%rax,%r11
	shlq	$30,%rax
	movq	%rbx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rax
	shlq	$30,%rbx
	orq	%r11,%rbx
	movq	%rax,-48(%r13)
	movq	%rbx,-40(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-32(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rbx,-24(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-16(%r13)
	movq	%r10,-8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,16(%r13)
	movq	%rbx,24(%r13)
	movq	%r8,%r11
	shlq	$34,%r8
	movq	%r10,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%r8
	shlq	$34,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r8,%r11
	shlq	$17,%r8
	movq	%r10,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r8
	shlq	$17,%r10
	orq	%r11,%r10
	movq	%r8,64(%r13)
	movq	%r10,72(%r13)
	movl	$3,%eax
	jmp	.Ldone
.align	16
.L2nd256:
	movl	%r9d,48(%r13)
	movl	%r8d,52(%r13)
	movl	%r11d,56(%r13)
	movl	%r10d,60(%r13)
	xorl	32(%r13),%r9d
	xorl	36(%r13),%r8d
	xorl	40(%r13),%r11d
	xorl	44(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	movq	0(%r13),%rax
	movq	8(%r13),%rbx
	movq	32(%r13),%rcx
	movq	40(%r13),%rdx
	movq	48(%r13),%r14
	movq	56(%r13),%r15
	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-96(%r13)
	movq	%rdx,-88(%r13)
	movq	%r14,%r11
	shlq	$15,%r14
	movq	%r15,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r14
	shlq	$15,%r15
	orq	%r11,%r15
	movq	%r14,-80(%r13)
	movq	%r15,-72(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-64(%r13)
	movq	%rdx,-56(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,-48(%r13)
	movq	%r10,-40(%r13)
	movq	%rax,%r11
	shlq	$45,%rax
	movq	%rbx,%r9
	shrq	$19,%r9
	shrq	$19,%r11
	orq	%r9,%rax
	shlq	$45,%rbx
	orq	%r11,%rbx
	movq	%rax,-32(%r13)
	movq	%rbx,-24(%r13)
	movq	%r14,%r11
	shlq	$30,%r14
	movq	%r15,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r14
	shlq	$30,%r15
	orq	%r11,%r15
	movq	%r14,-16(%r13)
	movq	%r15,-8(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rcx,%r11
	shlq	$30,%rcx
	movq	%rdx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rcx
	shlq	$30,%rdx
	orq	%r11,%rdx
	movq	%rcx,16(%r13)
	movq	%rdx,24(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r14,%r11
	shlq	$32,%r14
	movq	%r15,%r9
	shrq	$32,%r9
	shrq	$32,%r11
	orq	%r9,%r14
	shlq	$32,%r15
	orq	%r11,%r15
	movq	%r14,64(%r13)
	movq	%r15,72(%r13)
	movq	%rcx,%r11
	shlq	$34,%rcx
	movq	%rdx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rcx
	shlq	$34,%rdx
	orq	%r11,%rdx
	movq	%rcx,80(%r13)
	movq	%rdx,88(%r13)
	movq	%r14,%r11
	shlq	$17,%r14
	movq	%r15,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r14
	shlq	$17,%r15
	orq	%r11,%r15
	movq	%r14,96(%r13)
	movq	%r15,104(%r13)
	movq	%rax,%r11
	shlq	$34,%rax
	movq	%rbx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rax
	shlq	$34,%rbx
	orq	%r11,%rbx
	movq	%rax,112(%r13)
	movq	%rbx,120(%r13)
	movq	%r8,%r11
	shlq	$51,%r8
	movq	%r10,%r9
	shrq	$13,%r9
	shrq	$13,%r11
	orq	%r9,%r8
	shlq	$51,%r10
	orq	%r11,%r10
	movq	%r8,128(%r13)
	movq	%r10,136(%r13)
	movl	$4,%eax
.Ldone:
	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
.Lkey_epilogue:
	.byte	0xf3,0xc3
.size	Camellia_Ekeygen,.-Camellia_Ekeygen
.align	64
.LCamellia_SIGMA:
.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
.long	0,          0,          0,          0
.LCamellia_SBOX:
.long	0x70707000,0x70700070
.long	0x82828200,0x2c2c002c
.long	0x2c2c2c00,0xb3b300b3
.long	0xececec00,0xc0c000c0
.long	0xb3b3b300,0xe4e400e4
.long	0x27272700,0x57570057
.long	0xc0c0c000,0xeaea00ea
.long	0xe5e5e500,0xaeae00ae
.long	0xe4e4e400,0x23230023
.long	0x85858500,0x6b6b006b
.long	0x57575700,0x45450045
.long	0x35353500,0xa5a500a5
.long	0xeaeaea00,0xeded00ed
.long	0x0c0c0c00,0x4f4f004f
.long	0xaeaeae00,0x1d1d001d
.long	0x41414100,0x92920092
.long	0x23232300,0x86860086
.long	0xefefef00,0xafaf00af
.long	0x6b6b6b00,0x7c7c007c
.long	0x93939300,0x1f1f001f
.long	0x45454500,0x3e3e003e
.long	0x19191900,0xdcdc00dc
.long	0xa5a5a500,0x5e5e005e
.long	0x21212100,0x0b0b000b
.long	0xededed00,0xa6a600a6
.long	0x0e0e0e00,0x39390039
.long	0x4f4f4f00,0xd5d500d5
.long	0x4e4e4e00,0x5d5d005d
.long	0x1d1d1d00,0xd9d900d9
.long	0x65656500,0x5a5a005a
.long	0x92929200,0x51510051
.long	0xbdbdbd00,0x6c6c006c
.long	0x86868600,0x8b8b008b
.long	0xb8b8b800,0x9a9a009a
.long	0xafafaf00,0xfbfb00fb
.long	0x8f8f8f00,0xb0b000b0
.long	0x7c7c7c00,0x74740074
.long	0xebebeb00,0x2b2b002b
.long	0x1f1f1f00,0xf0f000f0
.long	0xcecece00,0x84840084
.long	0x3e3e3e00,0xdfdf00df
.long	0x30303000,0xcbcb00cb
.long	0xdcdcdc00,0x34340034
.long	0x5f5f5f00,0x76760076
.long	0x5e5e5e00,0x6d6d006d
.long	0xc5c5c500,0xa9a900a9
.long	0x0b0b0b00,0xd1d100d1
.long	0x1a1a1a00,0x04040004
.long	0xa6a6a600,0x14140014
.long	0xe1e1e100,0x3a3a003a
.long	0x39393900,0xdede00de
.long	0xcacaca00,0x11110011
.long	0xd5d5d500,0x32320032
.long	0x47474700,0x9c9c009c
.long	0x5d5d5d00,0x53530053
.long	0x3d3d3d00,0xf2f200f2
.long	0xd9d9d900,0xfefe00fe
.long	0x01010100,0xcfcf00cf
.long	0x5a5a5a00,0xc3c300c3
.long	0xd6d6d600,0x7a7a007a
.long	0x51515100,0x24240024
.long	0x56565600,0xe8e800e8
.long	0x6c6c6c00,0x60600060
.long	0x4d4d4d00,0x69690069
.long	0x8b8b8b00,0xaaaa00aa
.long	0x0d0d0d00,0xa0a000a0
.long	0x9a9a9a00,0xa1a100a1
.long	0x66666600,0x62620062
.long	0xfbfbfb00,0x54540054
.long	0xcccccc00,0x1e1e001e
.long	0xb0b0b000,0xe0e000e0
.long	0x2d2d2d00,0x64640064
.long	0x74747400,0x10100010
.long	0x12121200,0x00000000
.long	0x2b2b2b00,0xa3a300a3
.long	0x20202000,0x75750075
.long	0xf0f0f000,0x8a8a008a
.long	0xb1b1b100,0xe6e600e6
.long	0x84848400,0x09090009
.long	0x99999900,0xdddd00dd
.long	0xdfdfdf00,0x87870087
.long	0x4c4c4c00,0x83830083
.long	0xcbcbcb00,0xcdcd00cd
.long	0xc2c2c200,0x90900090
.long	0x34343400,0x73730073
.long	0x7e7e7e00,0xf6f600f6
.long	0x76767600,0x9d9d009d
.long	0x05050500,0xbfbf00bf
.long	0x6d6d6d00,0x52520052
.long	0xb7b7b700,0xd8d800d8
.long	0xa9a9a900,0xc8c800c8
.long	0x31313100,0xc6c600c6
.long	0xd1d1d100,0x81810081
.long	0x17171700,0x6f6f006f
.long	0x04040400,0x13130013
.long	0xd7d7d700,0x63630063
.long	0x14141400,0xe9e900e9
.long	0x58585800,0xa7a700a7
.long	0x3a3a3a00,0x9f9f009f
.long	0x61616100,0xbcbc00bc
.long	0xdedede00,0x29290029
.long	0x1b1b1b00,0xf9f900f9
.long	0x11111100,0x2f2f002f
.long	0x1c1c1c00,0xb4b400b4
.long	0x32323200,0x78780078
.long	0x0f0f0f00,0x06060006
.long	0x9c9c9c00,0xe7e700e7
.long	0x16161600,0x71710071
.long	0x53535300,0xd4d400d4
.long	0x18181800,0xabab00ab
.long	0xf2f2f200,0x88880088
.long	0x22222200,0x8d8d008d
.long	0xfefefe00,0x72720072
.long	0x44444400,0xb9b900b9
.long	0xcfcfcf00,0xf8f800f8
.long	0xb2b2b200,0xacac00ac
.long	0xc3c3c300,0x36360036
.long	0xb5b5b500,0x2a2a002a
.long	0x7a7a7a00,0x3c3c003c
.long	0x91919100,0xf1f100f1
.long	0x24242400,0x40400040
.long	0x08080800,0xd3d300d3
.long	0xe8e8e800,0xbbbb00bb
.long	0xa8a8a800,0x43430043
.long	0x60606000,0x15150015
.long	0xfcfcfc00,0xadad00ad
.long	0x69696900,0x77770077
.long	0x50505000,0x80800080
.long	0xaaaaaa00,0x82820082
.long	0xd0d0d000,0xecec00ec
.long	0xa0a0a000,0x27270027
.long	0x7d7d7d00,0xe5e500e5
.long	0xa1a1a100,0x85850085
.long	0x89898900,0x35350035
.long	0x62626200,0x0c0c000c
.long	0x97979700,0x41410041
.long	0x54545400,0xefef00ef
.long	0x5b5b5b00,0x93930093
.long	0x1e1e1e00,0x19190019
.long	0x95959500,0x21210021
.long	0xe0e0e000,0x0e0e000e
.long	0xffffff00,0x4e4e004e
.long	0x64646400,0x65650065
.long	0xd2d2d200,0xbdbd00bd
.long	0x10101000,0xb8b800b8
.long	0xc4c4c400,0x8f8f008f
.long	0x00000000,0xebeb00eb
.long	0x48484800,0xcece00ce
.long	0xa3a3a300,0x30300030
.long	0xf7f7f700,0x5f5f005f
.long	0x75757500,0xc5c500c5
.long	0xdbdbdb00,0x1a1a001a
.long	0x8a8a8a00,0xe1e100e1
.long	0x03030300,0xcaca00ca
.long	0xe6e6e600,0x47470047
.long	0xdadada00,0x3d3d003d
.long	0x09090900,0x01010001
.long	0x3f3f3f00,0xd6d600d6
.long	0xdddddd00,0x56560056
.long	0x94949400,0x4d4d004d
.long	0x87878700,0x0d0d000d
.long	0x5c5c5c00,0x66660066
.long	0x83838300,0xcccc00cc
.long	0x02020200,0x2d2d002d
.long	0xcdcdcd00,0x12120012
.long	0x4a4a4a00,0x20200020
.long	0x90909000,0xb1b100b1
.long	0x33333300,0x99990099
.long	0x73737300,0x4c4c004c
.long	0x67676700,0xc2c200c2
.long	0xf6f6f600,0x7e7e007e
.long	0xf3f3f300,0x05050005
.long	0x9d9d9d00,0xb7b700b7
.long	0x7f7f7f00,0x31310031
.long	0xbfbfbf00,0x17170017
.long	0xe2e2e200,0xd7d700d7
.long	0x52525200,0x58580058
.long	0x9b9b9b00,0x61610061
.long	0xd8d8d800,0x1b1b001b
.long	0x26262600,0x1c1c001c
.long	0xc8c8c800,0x0f0f000f
.long	0x37373700,0x16160016
.long	0xc6c6c600,0x18180018
.long	0x3b3b3b00,0x22220022
.long	0x81818100,0x44440044
.long	0x96969600,0xb2b200b2
.long	0x6f6f6f00,0xb5b500b5
.long	0x4b4b4b00,0x91910091
.long	0x13131300,0x08080008
.long	0xbebebe00,0xa8a800a8
.long	0x63636300,0xfcfc00fc
.long	0x2e2e2e00,0x50500050
.long	0xe9e9e900,0xd0d000d0
.long	0x79797900,0x7d7d007d
.long	0xa7a7a700,0x89890089
.long	0x8c8c8c00,0x97970097
.long	0x9f9f9f00,0x5b5b005b
.long	0x6e6e6e00,0x95950095
.long	0xbcbcbc00,0xffff00ff
.long	0x8e8e8e00,0xd2d200d2
.long	0x29292900,0xc4c400c4
.long	0xf5f5f500,0x48480048
.long	0xf9f9f900,0xf7f700f7
.long	0xb6b6b600,0xdbdb00db
.long	0x2f2f2f00,0x03030003
.long	0xfdfdfd00,0xdada00da
.long	0xb4b4b400,0x3f3f003f
.long	0x59595900,0x94940094
.long	0x78787800,0x5c5c005c
.long	0x98989800,0x02020002
.long	0x06060600,0x4a4a004a
.long	0x6a6a6a00,0x33330033
.long	0xe7e7e700,0x67670067
.long	0x46464600,0xf3f300f3
.long	0x71717100,0x7f7f007f
.long	0xbababa00,0xe2e200e2
.long	0xd4d4d400,0x9b9b009b
.long	0x25252500,0x26260026
.long	0xababab00,0x37370037
.long	0x42424200,0x3b3b003b
.long	0x88888800,0x96960096
.long	0xa2a2a200,0x4b4b004b
.long	0x8d8d8d00,0xbebe00be
.long	0xfafafa00,0x2e2e002e
.long	0x72727200,0x79790079
.long	0x07070700,0x8c8c008c
.long	0xb9b9b900,0x6e6e006e
.long	0x55555500,0x8e8e008e
.long	0xf8f8f800,0xf5f500f5
.long	0xeeeeee00,0xb6b600b6
.long	0xacacac00,0xfdfd00fd
.long	0x0a0a0a00,0x59590059
.long	0x36363600,0x98980098
.long	0x49494900,0x6a6a006a
.long	0x2a2a2a00,0x46460046
.long	0x68686800,0xbaba00ba
.long	0x3c3c3c00,0x25250025
.long	0x38383800,0x42420042
.long	0xf1f1f100,0xa2a200a2
.long	0xa4a4a400,0xfafa00fa
.long	0x40404000,0x07070007
.long	0x28282800,0x55550055
.long	0xd3d3d300,0xeeee00ee
.long	0x7b7b7b00,0x0a0a000a
.long	0xbbbbbb00,0x49490049
.long	0xc9c9c900,0x68680068
.long	0x43434300,0x38380038
.long	0xc1c1c100,0xa4a400a4
.long	0x15151500,0x28280028
.long	0xe3e3e300,0x7b7b007b
.long	0xadadad00,0xc9c900c9
.long	0xf4f4f400,0xc1c100c1
.long	0x77777700,0xe3e300e3
.long	0xc7c7c700,0xf4f400f4
.long	0x80808000,0xc7c700c7
.long	0x9e9e9e00,0x9e9e009e
.long	0x00e0e0e0,0x38003838
.long	0x00050505,0x41004141
.long	0x00585858,0x16001616
.long	0x00d9d9d9,0x76007676
.long	0x00676767,0xd900d9d9
.long	0x004e4e4e,0x93009393
.long	0x00818181,0x60006060
.long	0x00cbcbcb,0xf200f2f2
.long	0x00c9c9c9,0x72007272
.long	0x000b0b0b,0xc200c2c2
.long	0x00aeaeae,0xab00abab
.long	0x006a6a6a,0x9a009a9a
.long	0x00d5d5d5,0x75007575
.long	0x00181818,0x06000606
.long	0x005d5d5d,0x57005757
.long	0x00828282,0xa000a0a0
.long	0x00464646,0x91009191
.long	0x00dfdfdf,0xf700f7f7
.long	0x00d6d6d6,0xb500b5b5
.long	0x00272727,0xc900c9c9
.long	0x008a8a8a,0xa200a2a2
.long	0x00323232,0x8c008c8c
.long	0x004b4b4b,0xd200d2d2
.long	0x00424242,0x90009090
.long	0x00dbdbdb,0xf600f6f6
.long	0x001c1c1c,0x07000707
.long	0x009e9e9e,0xa700a7a7
.long	0x009c9c9c,0x27002727
.long	0x003a3a3a,0x8e008e8e
.long	0x00cacaca,0xb200b2b2
.long	0x00252525,0x49004949
.long	0x007b7b7b,0xde00dede
.long	0x000d0d0d,0x43004343
.long	0x00717171,0x5c005c5c
.long	0x005f5f5f,0xd700d7d7
.long	0x001f1f1f,0xc700c7c7
.long	0x00f8f8f8,0x3e003e3e
.long	0x00d7d7d7,0xf500f5f5
.long	0x003e3e3e,0x8f008f8f
.long	0x009d9d9d,0x67006767
.long	0x007c7c7c,0x1f001f1f
.long	0x00606060,0x18001818
.long	0x00b9b9b9,0x6e006e6e
.long	0x00bebebe,0xaf00afaf
.long	0x00bcbcbc,0x2f002f2f
.long	0x008b8b8b,0xe200e2e2
.long	0x00161616,0x85008585
.long	0x00343434,0x0d000d0d
.long	0x004d4d4d,0x53005353
.long	0x00c3c3c3,0xf000f0f0
.long	0x00727272,0x9c009c9c
.long	0x00959595,0x65006565
.long	0x00ababab,0xea00eaea
.long	0x008e8e8e,0xa300a3a3
.long	0x00bababa,0xae00aeae
.long	0x007a7a7a,0x9e009e9e
.long	0x00b3b3b3,0xec00ecec
.long	0x00020202,0x80008080
.long	0x00b4b4b4,0x2d002d2d
.long	0x00adadad,0x6b006b6b
.long	0x00a2a2a2,0xa800a8a8
.long	0x00acacac,0x2b002b2b
.long	0x00d8d8d8,0x36003636
.long	0x009a9a9a,0xa600a6a6
.long	0x00171717,0xc500c5c5
.long	0x001a1a1a,0x86008686
.long	0x00353535,0x4d004d4d
.long	0x00cccccc,0x33003333
.long	0x00f7f7f7,0xfd00fdfd
.long	0x00999999,0x66006666
.long	0x00616161,0x58005858
.long	0x005a5a5a,0x96009696
.long	0x00e8e8e8,0x3a003a3a
.long	0x00242424,0x09000909
.long	0x00565656,0x95009595
.long	0x00404040,0x10001010
.long	0x00e1e1e1,0x78007878
.long	0x00636363,0xd800d8d8
.long	0x00090909,0x42004242
.long	0x00333333,0xcc00cccc
.long	0x00bfbfbf,0xef00efef
.long	0x00989898,0x26002626
.long	0x00979797,0xe500e5e5
.long	0x00858585,0x61006161
.long	0x00686868,0x1a001a1a
.long	0x00fcfcfc,0x3f003f3f
.long	0x00ececec,0x3b003b3b
.long	0x000a0a0a,0x82008282
.long	0x00dadada,0xb600b6b6
.long	0x006f6f6f,0xdb00dbdb
.long	0x00535353,0xd400d4d4
.long	0x00626262,0x98009898
.long	0x00a3a3a3,0xe800e8e8
.long	0x002e2e2e,0x8b008b8b
.long	0x00080808,0x02000202
.long	0x00afafaf,0xeb00ebeb
.long	0x00282828,0x0a000a0a
.long	0x00b0b0b0,0x2c002c2c
.long	0x00747474,0x1d001d1d
.long	0x00c2c2c2,0xb000b0b0
.long	0x00bdbdbd,0x6f006f6f
.long	0x00363636,0x8d008d8d
.long	0x00222222,0x88008888
.long	0x00383838,0x0e000e0e
.long	0x00646464,0x19001919
.long	0x001e1e1e,0x87008787
.long	0x00393939,0x4e004e4e
.long	0x002c2c2c,0x0b000b0b
.long	0x00a6a6a6,0xa900a9a9
.long	0x00303030,0x0c000c0c
.long	0x00e5e5e5,0x79007979
.long	0x00444444,0x11001111
.long	0x00fdfdfd,0x7f007f7f
.long	0x00888888,0x22002222
.long	0x009f9f9f,0xe700e7e7
.long	0x00656565,0x59005959
.long	0x00878787,0xe100e1e1
.long	0x006b6b6b,0xda00dada
.long	0x00f4f4f4,0x3d003d3d
.long	0x00232323,0xc800c8c8
.long	0x00484848,0x12001212
.long	0x00101010,0x04000404
.long	0x00d1d1d1,0x74007474
.long	0x00515151,0x54005454
.long	0x00c0c0c0,0x30003030
.long	0x00f9f9f9,0x7e007e7e
.long	0x00d2d2d2,0xb400b4b4
.long	0x00a0a0a0,0x28002828
.long	0x00555555,0x55005555
.long	0x00a1a1a1,0x68006868
.long	0x00414141,0x50005050
.long	0x00fafafa,0xbe00bebe
.long	0x00434343,0xd000d0d0
.long	0x00131313,0xc400c4c4
.long	0x00c4c4c4,0x31003131
.long	0x002f2f2f,0xcb00cbcb
.long	0x00a8a8a8,0x2a002a2a
.long	0x00b6b6b6,0xad00adad
.long	0x003c3c3c,0x0f000f0f
.long	0x002b2b2b,0xca00caca
.long	0x00c1c1c1,0x70007070
.long	0x00ffffff,0xff00ffff
.long	0x00c8c8c8,0x32003232
.long	0x00a5a5a5,0x69006969
.long	0x00202020,0x08000808
.long	0x00898989,0x62006262
.long	0x00000000,0x00000000
.long	0x00909090,0x24002424
.long	0x00474747,0xd100d1d1
.long	0x00efefef,0xfb00fbfb
.long	0x00eaeaea,0xba00baba
.long	0x00b7b7b7,0xed00eded
.long	0x00151515,0x45004545
.long	0x00060606,0x81008181
.long	0x00cdcdcd,0x73007373
.long	0x00b5b5b5,0x6d006d6d
.long	0x00121212,0x84008484
.long	0x007e7e7e,0x9f009f9f
.long	0x00bbbbbb,0xee00eeee
.long	0x00292929,0x4a004a4a
.long	0x000f0f0f,0xc300c3c3
.long	0x00b8b8b8,0x2e002e2e
.long	0x00070707,0xc100c1c1
.long	0x00040404,0x01000101
.long	0x009b9b9b,0xe600e6e6
.long	0x00949494,0x25002525
.long	0x00212121,0x48004848
.long	0x00666666,0x99009999
.long	0x00e6e6e6,0xb900b9b9
.long	0x00cecece,0xb300b3b3
.long	0x00ededed,0x7b007b7b
.long	0x00e7e7e7,0xf900f9f9
.long	0x003b3b3b,0xce00cece
.long	0x00fefefe,0xbf00bfbf
.long	0x007f7f7f,0xdf00dfdf
.long	0x00c5c5c5,0x71007171
.long	0x00a4a4a4,0x29002929
.long	0x00373737,0xcd00cdcd
.long	0x00b1b1b1,0x6c006c6c
.long	0x004c4c4c,0x13001313
.long	0x00919191,0x64006464
.long	0x006e6e6e,0x9b009b9b
.long	0x008d8d8d,0x63006363
.long	0x00767676,0x9d009d9d
.long	0x00030303,0xc000c0c0
.long	0x002d2d2d,0x4b004b4b
.long	0x00dedede,0xb700b7b7
.long	0x00969696,0xa500a5a5
.long	0x00262626,0x89008989
.long	0x007d7d7d,0x5f005f5f
.long	0x00c6c6c6,0xb100b1b1
.long	0x005c5c5c,0x17001717
.long	0x00d3d3d3,0xf400f4f4
.long	0x00f2f2f2,0xbc00bcbc
.long	0x004f4f4f,0xd300d3d3
.long	0x00191919,0x46004646
.long	0x003f3f3f,0xcf00cfcf
.long	0x00dcdcdc,0x37003737
.long	0x00797979,0x5e005e5e
.long	0x001d1d1d,0x47004747
.long	0x00525252,0x94009494
.long	0x00ebebeb,0xfa00fafa
.long	0x00f3f3f3,0xfc00fcfc
.long	0x006d6d6d,0x5b005b5b
.long	0x005e5e5e,0x97009797
.long	0x00fbfbfb,0xfe00fefe
.long	0x00696969,0x5a005a5a
.long	0x00b2b2b2,0xac00acac
.long	0x00f0f0f0,0x3c003c3c
.long	0x00313131,0x4c004c4c
.long	0x000c0c0c,0x03000303
.long	0x00d4d4d4,0x35003535
.long	0x00cfcfcf,0xf300f3f3
.long	0x008c8c8c,0x23002323
.long	0x00e2e2e2,0xb800b8b8
.long	0x00757575,0x5d005d5d
.long	0x00a9a9a9,0x6a006a6a
.long	0x004a4a4a,0x92009292
.long	0x00575757,0xd500d5d5
.long	0x00848484,0x21002121
.long	0x00111111,0x44004444
.long	0x00454545,0x51005151
.long	0x001b1b1b,0xc600c6c6
.long	0x00f5f5f5,0x7d007d7d
.long	0x00e4e4e4,0x39003939
.long	0x000e0e0e,0x83008383
.long	0x00737373,0xdc00dcdc
.long	0x00aaaaaa,0xaa00aaaa
.long	0x00f1f1f1,0x7c007c7c
.long	0x00dddddd,0x77007777
.long	0x00595959,0x56005656
.long	0x00141414,0x05000505
.long	0x006c6c6c,0x1b001b1b
.long	0x00929292,0xa400a4a4
.long	0x00545454,0x15001515
.long	0x00d0d0d0,0x34003434
.long	0x00787878,0x1e001e1e
.long	0x00707070,0x1c001c1c
.long	0x00e3e3e3,0xf800f8f8
.long	0x00494949,0x52005252
.long	0x00808080,0x20002020
.long	0x00505050,0x14001414
.long	0x00a7a7a7,0xe900e9e9
.long	0x00f6f6f6,0xbd00bdbd
.long	0x00777777,0xdd00dddd
.long	0x00939393,0xe400e4e4
.long	0x00868686,0xa100a1a1
.long	0x00838383,0xe000e0e0
.long	0x002a2a2a,0x8a008a8a
.long	0x00c7c7c7,0xf100f1f1
.long	0x005b5b5b,0xd600d6d6
.long	0x00e9e9e9,0x7a007a7a
.long	0x00eeeeee,0xbb00bbbb
.long	0x008f8f8f,0xe300e3e3
.long	0x00010101,0x40004040
.long	0x003d3d3d,0x4f004f4f
.globl	Camellia_cbc_encrypt
.type	Camellia_cbc_encrypt,@function
.align	16
Camellia_cbc_encrypt:
	cmpq	$0,%rdx
	je	.Lcbc_abort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lcbc_prologue:

	movq	%rsp,%rbp
	subq	$64,%rsp
	andq	$-64,%rsp



	leaq	-64-63(%rcx),%r10
	subq	%rsp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%r8,%rbx
	movq	%rcx,%r14
	movl	272(%rcx),%r15d

	movq	%r8,40(%rsp)
	movq	%rbp,48(%rsp)

.Lcbc_body:
	leaq	.LCamellia_SBOX(%rip),%rbp

	movl	$32,%ecx
.align	4
.Lcbc_prefetch_sbox:
	movq	0(%rbp),%rax
	movq	32(%rbp),%rsi
	movq	64(%rbp),%rdi
	movq	96(%rbp),%r11
	leaq	128(%rbp),%rbp
	loop	.Lcbc_prefetch_sbox
	subq	$4096,%rbp
	shlq	$6,%r15
	movq	%rdx,%rcx
	leaq	(%r14,%r15,1),%r15

	cmpl	$0,%r9d
	je	.LCBC_DECRYPT

	andq	$-16,%rdx
	andq	$15,%rcx
	leaq	(%r12,%rdx,1),%rdx
	movq	%r14,0(%rsp)
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	cmpq	%r12,%rdx
	movl	0(%rbx),%r8d
	movl	4(%rbx),%r9d
	movl	8(%rbx),%r10d
	movl	12(%rbx),%r11d
	je	.Lcbc_enc_tail
	jmp	.Lcbc_eloop

.align	16
.Lcbc_eloop:
	xorl	0(%r12),%r8d
	xorl	4(%r12),%r9d
	xorl	8(%r12),%r10d
	bswapl	%r8d
	xorl	12(%r12),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	movq	0(%rsp),%r14
	bswapl	%r8d
	movq	8(%rsp),%rdx
	bswapl	%r9d
	movq	16(%rsp),%rcx
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	leaq	16(%r12),%r12
	movl	%r11d,12(%r13)
	cmpq	%rdx,%r12
	leaq	16(%r13),%r13
	jne	.Lcbc_eloop

	cmpq	$0,%rcx
	jne	.Lcbc_enc_tail

	movq	40(%rsp),%r13
	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)
	jmp	.Lcbc_done

.align	16
.Lcbc_enc_tail:
	xorq	%rax,%rax
	movq	%rax,0+24(%rsp)
	movq	%rax,8+24(%rsp)
	movq	%rax,16(%rsp)

.Lcbc_enc_pushf:
	pushfq
	cld
	movq	%r12,%rsi
	leaq	8+24(%rsp),%rdi
.long	0x9066A4F3		
	popfq
.Lcbc_enc_popf:

	leaq	24(%rsp),%r12
	leaq	16+24(%rsp),%rax
	movq	%rax,8(%rsp)
	jmp	.Lcbc_eloop		

.align	16
.LCBC_DECRYPT:
	xchgq	%r14,%r15
	addq	$15,%rdx
	andq	$15,%rcx
	andq	$-16,%rdx
	movq	%r14,0(%rsp)
	leaq	(%r12,%rdx,1),%rdx
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	movq	(%rbx),%rax
	movq	8(%rbx),%rbx
	jmp	.Lcbc_dloop
.align	16
.Lcbc_dloop:
	movl	0(%r12),%r8d
	movl	4(%r12),%r9d
	movl	8(%r12),%r10d
	bswapl	%r8d
	movl	12(%r12),%r11d
	bswapl	%r9d
	movq	%rax,0+24(%rsp)
	bswapl	%r10d
	movq	%rbx,8+24(%rsp)
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	movq	0(%rsp),%r14
	movq	8(%rsp),%rdx
	movq	16(%rsp),%rcx

	bswapl	%r8d
	movq	(%r12),%rax
	bswapl	%r9d
	movq	8(%r12),%rbx
	bswapl	%r10d
	xorl	0+24(%rsp),%r8d
	bswapl	%r11d
	xorl	4+24(%rsp),%r9d
	xorl	8+24(%rsp),%r10d
	leaq	16(%r12),%r12
	xorl	12+24(%rsp),%r11d
	cmpq	%rdx,%r12
	je	.Lcbc_ddone

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	leaq	16(%r13),%r13
	jmp	.Lcbc_dloop

.align	16
.Lcbc_ddone:
	movq	40(%rsp),%rdx
	cmpq	$0,%rcx
	jne	.Lcbc_dec_tail

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	.Lcbc_done
.align	16
.Lcbc_dec_tail:
	movl	%r8d,0+24(%rsp)
	movl	%r9d,4+24(%rsp)
	movl	%r10d,8+24(%rsp)
	movl	%r11d,12+24(%rsp)

.Lcbc_dec_pushf:
	pushfq
	cld
	leaq	8+24(%rsp),%rsi
	leaq	(%r13),%rdi
.long	0x9066A4F3		
	popfq
.Lcbc_dec_popf:

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	.Lcbc_done

.align	16
.Lcbc_done:
	movq	48(%rsp),%rcx
	movq	0(%rcx),%r15
	movq	8(%rcx),%r14
	movq	16(%rcx),%r13
	movq	24(%rcx),%r12
	movq	32(%rcx),%rbp
	movq	40(%rcx),%rbx
	leaq	48(%rcx),%rsp
.Lcbc_abort:
	.byte	0xf3,0xc3
.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt

.byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/camellia/cmll-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
.text	


.globl	Camellia_EncryptBlock
.type	Camellia_EncryptBlock,@function
.align	16
Camellia_EncryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	.Lenc_rounds
.size	Camellia_EncryptBlock,.-Camellia_EncryptBlock

.globl	Camellia_EncryptBlock_Rounds
.type	Camellia_EncryptBlock_Rounds,@function
.align	16
.Lenc_rounds:
Camellia_EncryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lenc_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r14

	shll	$6,%edi
	leaq	.LCamellia_SBOX(%rip),%rbp
	leaq	(%r14,%rdi,1),%r15

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
.Lenc_epilogue:
	.byte	0xf3,0xc3
.size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds

.type	_x86_64_Camellia_encrypt,@function
.align	16
_x86_64_Camellia_encrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.align	16
.Leloop:
	movl	16(%r14),%ebx
	movl	20(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	56(%r14),%ebx
	movl	60(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	64(%r14),%ebx
	movl	68(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	64(%r14),%r14
	cmpq	%r15,%r14
	movl	8(%r14),%edx
	movl	12(%r14),%ecx
	je	.Ledone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d
	jmp	.Leloop

.align	16
.Ledone:
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx

	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r10d
	movl	%edx,%r11d

.byte	0xf3,0xc3		
.size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt


.globl	Camellia_DecryptBlock
.type	Camellia_DecryptBlock,@function
.align	16
Camellia_DecryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	.Ldec_rounds
.size	Camellia_DecryptBlock,.-Camellia_DecryptBlock

.globl	Camellia_DecryptBlock_Rounds
.type	Camellia_DecryptBlock_Rounds,@function
.align	16
.Ldec_rounds:
Camellia_DecryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Ldec_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r15

	shll	$6,%edi
	leaq	.LCamellia_SBOX(%rip),%rbp
	leaq	(%r15,%rdi,1),%r14

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
.Ldec_epilogue:
	.byte	0xf3,0xc3
.size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds

.type	_x86_64_Camellia_decrypt,@function
.align	16
_x86_64_Camellia_decrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.align	16
.Ldloop:
	movl	-8(%r14),%ebx
	movl	-4(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-16(%r14),%ebx
	movl	-12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-24(%r14),%ebx
	movl	-20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-32(%r14),%ebx
	movl	-28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-40(%r14),%ebx
	movl	-36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-48(%r14),%ebx
	movl	-44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-56(%r14),%ebx
	movl	-52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	-64(%r14),%r14
	cmpq	%r15,%r14
	movl	0(%r14),%edx
	movl	4(%r14),%ecx
	je	.Lddone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d

	jmp	.Ldloop

.align	16
.Lddone:
	xorl	%r10d,%ecx
	xorl	%r11d,%edx
	xorl	%r8d,%eax
	xorl	%r9d,%ebx

	movl	%ecx,%r8d
	movl	%edx,%r9d
	movl	%eax,%r10d
	movl	%ebx,%r11d

.byte	0xf3,0xc3		
.size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
.globl	Camellia_Ekeygen
.type	Camellia_Ekeygen,@function
.align	16
Camellia_Ekeygen:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lkey_prologue:

	movq	%rdi,%r15
	movq	%rdx,%r13

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	movl	12(%rsi),%r11d

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,0(%r13)
	movl	%r8d,4(%r13)
	movl	%r11d,8(%r13)
	movl	%r10d,12(%r13)
	cmpq	$128,%r15
	je	.L1st128

	movl	16(%rsi),%r8d
	movl	20(%rsi),%r9d
	cmpq	$192,%r15
	je	.L1st192
	movl	24(%rsi),%r10d
	movl	28(%rsi),%r11d
	jmp	.L1st256
.L1st192:
	movl	%r8d,%r10d
	movl	%r9d,%r11d
	notl	%r10d
	notl	%r11d
.L1st256:
	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,32(%r13)
	movl	%r8d,36(%r13)
	movl	%r11d,40(%r13)
	movl	%r10d,44(%r13)
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d

.L1st128:
	leaq	.LCamellia_SIGMA(%rip),%r14
	leaq	.LCamellia_SBOX(%rip),%rbp

	movl	0(%r14),%ebx
	movl	4(%r14),%eax
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	8(%r14),%ebx
	movl	12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	16(%r14),%ebx
	movl	20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	cmpq	$128,%r15
	jne	.L2nd256

	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	-128(%r13),%rax
	movq	-120(%r13),%rbx
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,-96(%r13)
	movq	%rbx,-88(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-80(%r13)
	movq	%r10,-72(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-64(%r13)
	movq	%r10,-56(%r13)
	movq	%rax,%r11
	shlq	$30,%rax
	movq	%rbx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rax
	shlq	$30,%rbx
	orq	%r11,%rbx
	movq	%rax,-48(%r13)
	movq	%rbx,-40(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-32(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rbx,-24(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-16(%r13)
	movq	%r10,-8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,16(%r13)
	movq	%rbx,24(%r13)
	movq	%r8,%r11
	shlq	$34,%r8
	movq	%r10,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%r8
	shlq	$34,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r8,%r11
	shlq	$17,%r8
	movq	%r10,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r8
	shlq	$17,%r10
	orq	%r11,%r10
	movq	%r8,64(%r13)
	movq	%r10,72(%r13)
	movl	$3,%eax
	jmp	.Ldone
.align	16
.L2nd256:
	movl	%r9d,48(%r13)
	movl	%r8d,52(%r13)
	movl	%r11d,56(%r13)
	movl	%r10d,60(%r13)
	xorl	32(%r13),%r9d
	xorl	36(%r13),%r8d
	xorl	40(%r13),%r11d
	xorl	44(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	movq	0(%r13),%rax
	movq	8(%r13),%rbx
	movq	32(%r13),%rcx
	movq	40(%r13),%rdx
	movq	48(%r13),%r14
	movq	56(%r13),%r15
	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-96(%r13)
	movq	%rdx,-88(%r13)
	movq	%r14,%r11
	shlq	$15,%r14
	movq	%r15,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r14
	shlq	$15,%r15
	orq	%r11,%r15
	movq	%r14,-80(%r13)
	movq	%r15,-72(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-64(%r13)
	movq	%rdx,-56(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,-48(%r13)
	movq	%r10,-40(%r13)
	movq	%rax,%r11
	shlq	$45,%rax
	movq	%rbx,%r9
	shrq	$19,%r9
	shrq	$19,%r11
	orq	%r9,%rax
	shlq	$45,%rbx
	orq	%r11,%rbx
	movq	%rax,-32(%r13)
	movq	%rbx,-24(%r13)
	movq	%r14,%r11
	shlq	$30,%r14
	movq	%r15,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r14
	shlq	$30,%r15
	orq	%r11,%r15
	movq	%r14,-16(%r13)
	movq	%r15,-8(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rcx,%r11
	shlq	$30,%rcx
	movq	%rdx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rcx
	shlq	$30,%rdx
	orq	%r11,%rdx
	movq	%rcx,16(%r13)
	movq	%rdx,24(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r14,%r11
	shlq	$32,%r14
	movq	%r15,%r9
	shrq	$32,%r9
	shrq	$32,%r11
	orq	%r9,%r14
	shlq	$32,%r15
	orq	%r11,%r15
	movq	%r14,64(%r13)
	movq	%r15,72(%r13)
	movq	%rcx,%r11
	shlq	$34,%rcx
	movq	%rdx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rcx
	shlq	$34,%rdx
	orq	%r11,%rdx
	movq	%rcx,80(%r13)
	movq	%rdx,88(%r13)
	movq	%r14,%r11
	shlq	$17,%r14
	movq	%r15,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r14
	shlq	$17,%r15
	orq	%r11,%r15
	movq	%r14,96(%r13)
	movq	%r15,104(%r13)
	movq	%rax,%r11
	shlq	$34,%rax
	movq	%rbx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rax
	shlq	$34,%rbx
	orq	%r11,%rbx
	movq	%rax,112(%r13)
	movq	%rbx,120(%r13)
	movq	%r8,%r11
	shlq	$51,%r8
	movq	%r10,%r9
	shrq	$13,%r9
	shrq	$13,%r11
	orq	%r9,%r8
	shlq	$51,%r10
	orq	%r11,%r10
	movq	%r8,128(%r13)
	movq	%r10,136(%r13)
	movl	$4,%eax
.Ldone:
	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
.Lkey_epilogue:
	.byte	0xf3,0xc3
.size	Camellia_Ekeygen,.-Camellia_Ekeygen
.align	64
.LCamellia_SIGMA:
.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
.long	0,          0,          0,          0
.LCamellia_SBOX:
.long	0x70707000,0x70700070
.long	0x82828200,0x2c2c002c
.long	0x2c2c2c00,0xb3b300b3
.long	0xececec00,0xc0c000c0
.long	0xb3b3b300,0xe4e400e4
.long	0x27272700,0x57570057
.long	0xc0c0c000,0xeaea00ea
.long	0xe5e5e500,0xaeae00ae
.long	0xe4e4e400,0x23230023
.long	0x85858500,0x6b6b006b
.long	0x57575700,0x45450045
.long	0x35353500,0xa5a500a5
.long	0xeaeaea00,0xeded00ed
.long	0x0c0c0c00,0x4f4f004f
.long	0xaeaeae00,0x1d1d001d
.long	0x41414100,0x92920092
.long	0x23232300,0x86860086
.long	0xefefef00,0xafaf00af
.long	0x6b6b6b00,0x7c7c007c
.long	0x93939300,0x1f1f001f
.long	0x45454500,0x3e3e003e
.long	0x19191900,0xdcdc00dc
.long	0xa5a5a500,0x5e5e005e
.long	0x21212100,0x0b0b000b
.long	0xededed00,0xa6a600a6
.long	0x0e0e0e00,0x39390039
.long	0x4f4f4f00,0xd5d500d5
.long	0x4e4e4e00,0x5d5d005d
.long	0x1d1d1d00,0xd9d900d9
.long	0x65656500,0x5a5a005a
.long	0x92929200,0x51510051
.long	0xbdbdbd00,0x6c6c006c
.long	0x86868600,0x8b8b008b
.long	0xb8b8b800,0x9a9a009a
.long	0xafafaf00,0xfbfb00fb
.long	0x8f8f8f00,0xb0b000b0
.long	0x7c7c7c00,0x74740074
.long	0xebebeb00,0x2b2b002b
.long	0x1f1f1f00,0xf0f000f0
.long	0xcecece00,0x84840084
.long	0x3e3e3e00,0xdfdf00df
.long	0x30303000,0xcbcb00cb
.long	0xdcdcdc00,0x34340034
.long	0x5f5f5f00,0x76760076
.long	0x5e5e5e00,0x6d6d006d
.long	0xc5c5c500,0xa9a900a9
.long	0x0b0b0b00,0xd1d100d1
.long	0x1a1a1a00,0x04040004
.long	0xa6a6a600,0x14140014
.long	0xe1e1e100,0x3a3a003a
.long	0x39393900,0xdede00de
.long	0xcacaca00,0x11110011
.long	0xd5d5d500,0x32320032
.long	0x47474700,0x9c9c009c
.long	0x5d5d5d00,0x53530053
.long	0x3d3d3d00,0xf2f200f2
.long	0xd9d9d900,0xfefe00fe
.long	0x01010100,0xcfcf00cf
.long	0x5a5a5a00,0xc3c300c3
.long	0xd6d6d600,0x7a7a007a
.long	0x51515100,0x24240024
.long	0x56565600,0xe8e800e8
.long	0x6c6c6c00,0x60600060
.long	0x4d4d4d00,0x69690069
.long	0x8b8b8b00,0xaaaa00aa
.long	0x0d0d0d00,0xa0a000a0
.long	0x9a9a9a00,0xa1a100a1
.long	0x66666600,0x62620062
.long	0xfbfbfb00,0x54540054
.long	0xcccccc00,0x1e1e001e
.long	0xb0b0b000,0xe0e000e0
.long	0x2d2d2d00,0x64640064
.long	0x74747400,0x10100010
.long	0x12121200,0x00000000
.long	0x2b2b2b00,0xa3a300a3
.long	0x20202000,0x75750075
.long	0xf0f0f000,0x8a8a008a
.long	0xb1b1b100,0xe6e600e6
.long	0x84848400,0x09090009
.long	0x99999900,0xdddd00dd
.long	0xdfdfdf00,0x87870087
.long	0x4c4c4c00,0x83830083
.long	0xcbcbcb00,0xcdcd00cd
.long	0xc2c2c200,0x90900090
.long	0x34343400,0x73730073
.long	0x7e7e7e00,0xf6f600f6
.long	0x76767600,0x9d9d009d
.long	0x05050500,0xbfbf00bf
.long	0x6d6d6d00,0x52520052
.long	0xb7b7b700,0xd8d800d8
.long	0xa9a9a900,0xc8c800c8
.long	0x31313100,0xc6c600c6
.long	0xd1d1d100,0x81810081
.long	0x17171700,0x6f6f006f
.long	0x04040400,0x13130013
.long	0xd7d7d700,0x63630063
.long	0x14141400,0xe9e900e9
.long	0x58585800,0xa7a700a7
.long	0x3a3a3a00,0x9f9f009f
.long	0x61616100,0xbcbc00bc
.long	0xdedede00,0x29290029
.long	0x1b1b1b00,0xf9f900f9
.long	0x11111100,0x2f2f002f
.long	0x1c1c1c00,0xb4b400b4
.long	0x32323200,0x78780078
.long	0x0f0f0f00,0x06060006
.long	0x9c9c9c00,0xe7e700e7
.long	0x16161600,0x71710071
.long	0x53535300,0xd4d400d4
.long	0x18181800,0xabab00ab
.long	0xf2f2f200,0x88880088
.long	0x22222200,0x8d8d008d
.long	0xfefefe00,0x72720072
.long	0x44444400,0xb9b900b9
.long	0xcfcfcf00,0xf8f800f8
.long	0xb2b2b200,0xacac00ac
.long	0xc3c3c300,0x36360036
.long	0xb5b5b500,0x2a2a002a
.long	0x7a7a7a00,0x3c3c003c
.long	0x91919100,0xf1f100f1
.long	0x24242400,0x40400040
.long	0x08080800,0xd3d300d3
.long	0xe8e8e800,0xbbbb00bb
.long	0xa8a8a800,0x43430043
.long	0x60606000,0x15150015
.long	0xfcfcfc00,0xadad00ad
.long	0x69696900,0x77770077
.long	0x50505000,0x80800080
.long	0xaaaaaa00,0x82820082
.long	0xd0d0d000,0xecec00ec
.long	0xa0a0a000,0x27270027
.long	0x7d7d7d00,0xe5e500e5
.long	0xa1a1a100,0x85850085
.long	0x89898900,0x35350035
.long	0x62626200,0x0c0c000c
.long	0x97979700,0x41410041
.long	0x54545400,0xefef00ef
.long	0x5b5b5b00,0x93930093
.long	0x1e1e1e00,0x19190019
.long	0x95959500,0x21210021
.long	0xe0e0e000,0x0e0e000e
.long	0xffffff00,0x4e4e004e
.long	0x64646400,0x65650065
.long	0xd2d2d200,0xbdbd00bd
.long	0x10101000,0xb8b800b8
.long	0xc4c4c400,0x8f8f008f
.long	0x00000000,0xebeb00eb
.long	0x48484800,0xcece00ce
.long	0xa3a3a300,0x30300030
.long	0xf7f7f700,0x5f5f005f
.long	0x75757500,0xc5c500c5
.long	0xdbdbdb00,0x1a1a001a
.long	0x8a8a8a00,0xe1e100e1
.long	0x03030300,0xcaca00ca
.long	0xe6e6e600,0x47470047
.long	0xdadada00,0x3d3d003d
.long	0x09090900,0x01010001
.long	0x3f3f3f00,0xd6d600d6
.long	0xdddddd00,0x56560056
.long	0x94949400,0x4d4d004d
.long	0x87878700,0x0d0d000d
.long	0x5c5c5c00,0x66660066
.long	0x83838300,0xcccc00cc
.long	0x02020200,0x2d2d002d
.long	0xcdcdcd00,0x12120012
.long	0x4a4a4a00,0x20200020
.long	0x90909000,0xb1b100b1
.long	0x33333300,0x99990099
.long	0x73737300,0x4c4c004c
.long	0x67676700,0xc2c200c2
.long	0xf6f6f600,0x7e7e007e
.long	0xf3f3f300,0x05050005
.long	0x9d9d9d00,0xb7b700b7
.long	0x7f7f7f00,0x31310031
.long	0xbfbfbf00,0x17170017
.long	0xe2e2e200,0xd7d700d7
.long	0x52525200,0x58580058
.long	0x9b9b9b00,0x61610061
.long	0xd8d8d800,0x1b1b001b
.long	0x26262600,0x1c1c001c
.long	0xc8c8c800,0x0f0f000f
.long	0x37373700,0x16160016
.long	0xc6c6c600,0x18180018
.long	0x3b3b3b00,0x22220022
.long	0x81818100,0x44440044
.long	0x96969600,0xb2b200b2
.long	0x6f6f6f00,0xb5b500b5
.long	0x4b4b4b00,0x91910091
.long	0x13131300,0x08080008
.long	0xbebebe00,0xa8a800a8
.long	0x63636300,0xfcfc00fc
.long	0x2e2e2e00,0x50500050
.long	0xe9e9e900,0xd0d000d0
.long	0x79797900,0x7d7d007d
.long	0xa7a7a700,0x89890089
.long	0x8c8c8c00,0x97970097
.long	0x9f9f9f00,0x5b5b005b
.long	0x6e6e6e00,0x95950095
.long	0xbcbcbc00,0xffff00ff
.long	0x8e8e8e00,0xd2d200d2
.long	0x29292900,0xc4c400c4
.long	0xf5f5f500,0x48480048
.long	0xf9f9f900,0xf7f700f7
.long	0xb6b6b600,0xdbdb00db
.long	0x2f2f2f00,0x03030003
.long	0xfdfdfd00,0xdada00da
.long	0xb4b4b400,0x3f3f003f
.long	0x59595900,0x94940094
.long	0x78787800,0x5c5c005c
.long	0x98989800,0x02020002
.long	0x06060600,0x4a4a004a
.long	0x6a6a6a00,0x33330033
.long	0xe7e7e700,0x67670067
.long	0x46464600,0xf3f300f3
.long	0x71717100,0x7f7f007f
.long	0xbababa00,0xe2e200e2
.long	0xd4d4d400,0x9b9b009b
.long	0x25252500,0x26260026
.long	0xababab00,0x37370037
.long	0x42424200,0x3b3b003b
.long	0x88888800,0x96960096
.long	0xa2a2a200,0x4b4b004b
.long	0x8d8d8d00,0xbebe00be
.long	0xfafafa00,0x2e2e002e
.long	0x72727200,0x79790079
.long	0x07070700,0x8c8c008c
.long	0xb9b9b900,0x6e6e006e
.long	0x55555500,0x8e8e008e
.long	0xf8f8f800,0xf5f500f5
.long	0xeeeeee00,0xb6b600b6
.long	0xacacac00,0xfdfd00fd
.long	0x0a0a0a00,0x59590059
.long	0x36363600,0x98980098
.long	0x49494900,0x6a6a006a
.long	0x2a2a2a00,0x46460046
.long	0x68686800,0xbaba00ba
.long	0x3c3c3c00,0x25250025
.long	0x38383800,0x42420042
.long	0xf1f1f100,0xa2a200a2
.long	0xa4a4a400,0xfafa00fa
.long	0x40404000,0x07070007
.long	0x28282800,0x55550055
.long	0xd3d3d300,0xeeee00ee
.long	0x7b7b7b00,0x0a0a000a
.long	0xbbbbbb00,0x49490049
.long	0xc9c9c900,0x68680068
.long	0x43434300,0x38380038
.long	0xc1c1c100,0xa4a400a4
.long	0x15151500,0x28280028
.long	0xe3e3e300,0x7b7b007b
.long	0xadadad00,0xc9c900c9
.long	0xf4f4f400,0xc1c100c1
.long	0x77777700,0xe3e300e3
.long	0xc7c7c700,0xf4f400f4
.long	0x80808000,0xc7c700c7
.long	0x9e9e9e00,0x9e9e009e
.long	0x00e0e0e0,0x38003838
.long	0x00050505,0x41004141
.long	0x00585858,0x16001616
.long	0x00d9d9d9,0x76007676
.long	0x00676767,0xd900d9d9
.long	0x004e4e4e,0x93009393
.long	0x00818181,0x60006060
.long	0x00cbcbcb,0xf200f2f2
.long	0x00c9c9c9,0x72007272
.long	0x000b0b0b,0xc200c2c2
.long	0x00aeaeae,0xab00abab
.long	0x006a6a6a,0x9a009a9a
.long	0x00d5d5d5,0x75007575
.long	0x00181818,0x06000606
.long	0x005d5d5d,0x57005757
.long	0x00828282,0xa000a0a0
.long	0x00464646,0x91009191
.long	0x00dfdfdf,0xf700f7f7
.long	0x00d6d6d6,0xb500b5b5
.long	0x00272727,0xc900c9c9
.long	0x008a8a8a,0xa200a2a2
.long	0x00323232,0x8c008c8c
.long	0x004b4b4b,0xd200d2d2
.long	0x00424242,0x90009090
.long	0x00dbdbdb,0xf600f6f6
.long	0x001c1c1c,0x07000707
.long	0x009e9e9e,0xa700a7a7
.long	0x009c9c9c,0x27002727
.long	0x003a3a3a,0x8e008e8e
.long	0x00cacaca,0xb200b2b2
.long	0x00252525,0x49004949
.long	0x007b7b7b,0xde00dede
.long	0x000d0d0d,0x43004343
.long	0x00717171,0x5c005c5c
.long	0x005f5f5f,0xd700d7d7
.long	0x001f1f1f,0xc700c7c7
.long	0x00f8f8f8,0x3e003e3e
.long	0x00d7d7d7,0xf500f5f5
.long	0x003e3e3e,0x8f008f8f
.long	0x009d9d9d,0x67006767
.long	0x007c7c7c,0x1f001f1f
.long	0x00606060,0x18001818
.long	0x00b9b9b9,0x6e006e6e
.long	0x00bebebe,0xaf00afaf
.long	0x00bcbcbc,0x2f002f2f
.long	0x008b8b8b,0xe200e2e2
.long	0x00161616,0x85008585
.long	0x00343434,0x0d000d0d
.long	0x004d4d4d,0x53005353
.long	0x00c3c3c3,0xf000f0f0
.long	0x00727272,0x9c009c9c
.long	0x00959595,0x65006565
.long	0x00ababab,0xea00eaea
.long	0x008e8e8e,0xa300a3a3
.long	0x00bababa,0xae00aeae
.long	0x007a7a7a,0x9e009e9e
.long	0x00b3b3b3,0xec00ecec
.long	0x00020202,0x80008080
.long	0x00b4b4b4,0x2d002d2d
.long	0x00adadad,0x6b006b6b
.long	0x00a2a2a2,0xa800a8a8
.long	0x00acacac,0x2b002b2b
.long	0x00d8d8d8,0x36003636
.long	0x009a9a9a,0xa600a6a6
.long	0x00171717,0xc500c5c5
.long	0x001a1a1a,0x86008686
.long	0x00353535,0x4d004d4d
.long	0x00cccccc,0x33003333
.long	0x00f7f7f7,0xfd00fdfd
.long	0x00999999,0x66006666
.long	0x00616161,0x58005858
.long	0x005a5a5a,0x96009696
.long	0x00e8e8e8,0x3a003a3a
.long	0x00242424,0x09000909
.long	0x00565656,0x95009595
.long	0x00404040,0x10001010
.long	0x00e1e1e1,0x78007878
.long	0x00636363,0xd800d8d8
.long	0x00090909,0x42004242
.long	0x00333333,0xcc00cccc
.long	0x00bfbfbf,0xef00efef
.long	0x00989898,0x26002626
.long	0x00979797,0xe500e5e5
.long	0x00858585,0x61006161
.long	0x00686868,0x1a001a1a
.long	0x00fcfcfc,0x3f003f3f
.long	0x00ececec,0x3b003b3b
.long	0x000a0a0a,0x82008282
.long	0x00dadada,0xb600b6b6
.long	0x006f6f6f,0xdb00dbdb
.long	0x00535353,0xd400d4d4
.long	0x00626262,0x98009898
.long	0x00a3a3a3,0xe800e8e8
.long	0x002e2e2e,0x8b008b8b
.long	0x00080808,0x02000202
.long	0x00afafaf,0xeb00ebeb
.long	0x00282828,0x0a000a0a
.long	0x00b0b0b0,0x2c002c2c
.long	0x00747474,0x1d001d1d
.long	0x00c2c2c2,0xb000b0b0
.long	0x00bdbdbd,0x6f006f6f
.long	0x00363636,0x8d008d8d
.long	0x00222222,0x88008888
.long	0x00383838,0x0e000e0e
.long	0x00646464,0x19001919
.long	0x001e1e1e,0x87008787
.long	0x00393939,0x4e004e4e
.long	0x002c2c2c,0x0b000b0b
.long	0x00a6a6a6,0xa900a9a9
.long	0x00303030,0x0c000c0c
.long	0x00e5e5e5,0x79007979
.long	0x00444444,0x11001111
.long	0x00fdfdfd,0x7f007f7f
.long	0x00888888,0x22002222
.long	0x009f9f9f,0xe700e7e7
.long	0x00656565,0x59005959
.long	0x00878787,0xe100e1e1
.long	0x006b6b6b,0xda00dada
.long	0x00f4f4f4,0x3d003d3d
.long	0x00232323,0xc800c8c8
.long	0x00484848,0x12001212
.long	0x00101010,0x04000404
.long	0x00d1d1d1,0x74007474
.long	0x00515151,0x54005454
.long	0x00c0c0c0,0x30003030
.long	0x00f9f9f9,0x7e007e7e
.long	0x00d2d2d2,0xb400b4b4
.long	0x00a0a0a0,0x28002828
.long	0x00555555,0x55005555
.long	0x00a1a1a1,0x68006868
.long	0x00414141,0x50005050
.long	0x00fafafa,0xbe00bebe
.long	0x00434343,0xd000d0d0
.long	0x00131313,0xc400c4c4
.long	0x00c4c4c4,0x31003131
.long	0x002f2f2f,0xcb00cbcb
.long	0x00a8a8a8,0x2a002a2a
.long	0x00b6b6b6,0xad00adad
.long	0x003c3c3c,0x0f000f0f
.long	0x002b2b2b,0xca00caca
.long	0x00c1c1c1,0x70007070
.long	0x00ffffff,0xff00ffff
.long	0x00c8c8c8,0x32003232
.long	0x00a5a5a5,0x69006969
.long	0x00202020,0x08000808
.long	0x00898989,0x62006262
.long	0x00000000,0x00000000
.long	0x00909090,0x24002424
.long	0x00474747,0xd100d1d1
.long	0x00efefef,0xfb00fbfb
.long	0x00eaeaea,0xba00baba
.long	0x00b7b7b7,0xed00eded
.long	0x00151515,0x45004545
.long	0x00060606,0x81008181
.long	0x00cdcdcd,0x73007373
.long	0x00b5b5b5,0x6d006d6d
.long	0x00121212,0x84008484
.long	0x007e7e7e,0x9f009f9f
.long	0x00bbbbbb,0xee00eeee
.long	0x00292929,0x4a004a4a
.long	0x000f0f0f,0xc300c3c3
.long	0x00b8b8b8,0x2e002e2e
.long	0x00070707,0xc100c1c1
.long	0x00040404,0x01000101
.long	0x009b9b9b,0xe600e6e6
.long	0x00949494,0x25002525
.long	0x00212121,0x48004848
.long	0x00666666,0x99009999
.long	0x00e6e6e6,0xb900b9b9
.long	0x00cecece,0xb300b3b3
.long	0x00ededed,0x7b007b7b
.long	0x00e7e7e7,0xf900f9f9
.long	0x003b3b3b,0xce00cece
.long	0x00fefefe,0xbf00bfbf
.long	0x007f7f7f,0xdf00dfdf
.long	0x00c5c5c5,0x71007171
.long	0x00a4a4a4,0x29002929
.long	0x00373737,0xcd00cdcd
.long	0x00b1b1b1,0x6c006c6c
.long	0x004c4c4c,0x13001313
.long	0x00919191,0x64006464
.long	0x006e6e6e,0x9b009b9b
.long	0x008d8d8d,0x63006363
.long	0x00767676,0x9d009d9d
.long	0x00030303,0xc000c0c0
.long	0x002d2d2d,0x4b004b4b
.long	0x00dedede,0xb700b7b7
.long	0x00969696,0xa500a5a5
.long	0x00262626,0x89008989
.long	0x007d7d7d,0x5f005f5f
.long	0x00c6c6c6,0xb100b1b1
.long	0x005c5c5c,0x17001717
.long	0x00d3d3d3,0xf400f4f4
.long	0x00f2f2f2,0xbc00bcbc
.long	0x004f4f4f,0xd300d3d3
.long	0x00191919,0x46004646
.long	0x003f3f3f,0xcf00cfcf
.long	0x00dcdcdc,0x37003737
.long	0x00797979,0x5e005e5e
.long	0x001d1d1d,0x47004747
.long	0x00525252,0x94009494
.long	0x00ebebeb,0xfa00fafa
.long	0x00f3f3f3,0xfc00fcfc
.long	0x006d6d6d,0x5b005b5b
.long	0x005e5e5e,0x97009797
.long	0x00fbfbfb,0xfe00fefe
.long	0x00696969,0x5a005a5a
.long	0x00b2b2b2,0xac00acac
.long	0x00f0f0f0,0x3c003c3c
.long	0x00313131,0x4c004c4c
.long	0x000c0c0c,0x03000303
.long	0x00d4d4d4,0x35003535
.long	0x00cfcfcf,0xf300f3f3
.long	0x008c8c8c,0x23002323
.long	0x00e2e2e2,0xb800b8b8
.long	0x00757575,0x5d005d5d
.long	0x00a9a9a9,0x6a006a6a
.long	0x004a4a4a,0x92009292
.long	0x00575757,0xd500d5d5
.long	0x00848484,0x21002121
.long	0x00111111,0x44004444
.long	0x00454545,0x51005151
.long	0x001b1b1b,0xc600c6c6
.long	0x00f5f5f5,0x7d007d7d
.long	0x00e4e4e4,0x39003939
.long	0x000e0e0e,0x83008383
.long	0x00737373,0xdc00dcdc
.long	0x00aaaaaa,0xaa00aaaa
.long	0x00f1f1f1,0x7c007c7c
.long	0x00dddddd,0x77007777
.long	0x00595959,0x56005656
.long	0x00141414,0x05000505
.long	0x006c6c6c,0x1b001b1b
.long	0x00929292,0xa400a4a4
.long	0x00545454,0x15001515
.long	0x00d0d0d0,0x34003434
.long	0x00787878,0x1e001e1e
.long	0x00707070,0x1c001c1c
.long	0x00e3e3e3,0xf800f8f8
.long	0x00494949,0x52005252
.long	0x00808080,0x20002020
.long	0x00505050,0x14001414
.long	0x00a7a7a7,0xe900e9e9
.long	0x00f6f6f6,0xbd00bdbd
.long	0x00777777,0xdd00dddd
.long	0x00939393,0xe400e4e4
.long	0x00868686,0xa100a1a1
.long	0x00838383,0xe000e0e0
.long	0x002a2a2a,0x8a008a8a
.long	0x00c7c7c7,0xf100f1f1
.long	0x005b5b5b,0xd600d6d6
.long	0x00e9e9e9,0x7a007a7a
.long	0x00eeeeee,0xbb00bbbb
.long	0x008f8f8f,0xe300e3e3
.long	0x00010101,0x40004040
.long	0x003d3d3d,0x4f004f4f
.globl	Camellia_cbc_encrypt
.type	Camellia_cbc_encrypt,@function
.align	16
Camellia_cbc_encrypt:
	cmpq	$0,%rdx
	je	.Lcbc_abort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
.Lcbc_prologue:

	movq	%rsp,%rbp
	subq	$64,%rsp
	andq	$-64,%rsp



	leaq	-64-63(%rcx),%r10
	subq	%rsp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%r8,%rbx
	movq	%rcx,%r14
	movl	272(%rcx),%r15d

	movq	%r8,40(%rsp)
	movq	%rbp,48(%rsp)

.Lcbc_body:
	leaq	.LCamellia_SBOX(%rip),%rbp

	movl	$32,%ecx
.align	4
.Lcbc_prefetch_sbox:
	movq	0(%rbp),%rax
	movq	32(%rbp),%rsi
	movq	64(%rbp),%rdi
	movq	96(%rbp),%r11
	leaq	128(%rbp),%rbp
	loop	.Lcbc_prefetch_sbox
	subq	$4096,%rbp
	shlq	$6,%r15
	movq	%rdx,%rcx
	leaq	(%r14,%r15,1),%r15

	cmpl	$0,%r9d
	je	.LCBC_DECRYPT

	andq	$-16,%rdx
	andq	$15,%rcx
	leaq	(%r12,%rdx,1),%rdx
	movq	%r14,0(%rsp)
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	cmpq	%r12,%rdx
	movl	0(%rbx),%r8d
	movl	4(%rbx),%r9d
	movl	8(%rbx),%r10d
	movl	12(%rbx),%r11d
	je	.Lcbc_enc_tail
	jmp	.Lcbc_eloop

.align	16
.Lcbc_eloop:
	xorl	0(%r12),%r8d
	xorl	4(%r12),%r9d
	xorl	8(%r12),%r10d
	bswapl	%r8d
	xorl	12(%r12),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	movq	0(%rsp),%r14
	bswapl	%r8d
	movq	8(%rsp),%rdx
	bswapl	%r9d
	movq	16(%rsp),%rcx
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	leaq	16(%r12),%r12
	movl	%r11d,12(%r13)
	cmpq	%rdx,%r12
	leaq	16(%r13),%r13
	jne	.Lcbc_eloop

	cmpq	$0,%rcx
	jne	.Lcbc_enc_tail

	movq	40(%rsp),%r13
	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)
	jmp	.Lcbc_done

.align	16
.Lcbc_enc_tail:
	xorq	%rax,%rax
	movq	%rax,0+24(%rsp)
	movq	%rax,8+24(%rsp)
	movq	%rax,16(%rsp)

.Lcbc_enc_pushf:
	pushfq
	cld
	movq	%r12,%rsi
	leaq	8+24(%rsp),%rdi
.long	0x9066A4F3		
	popfq
.Lcbc_enc_popf:

	leaq	24(%rsp),%r12
	leaq	16+24(%rsp),%rax
	movq	%rax,8(%rsp)
	jmp	.Lcbc_eloop		

.align	16
.LCBC_DECRYPT:
	xchgq	%r14,%r15
	addq	$15,%rdx
	andq	$15,%rcx
	andq	$-16,%rdx
	movq	%r14,0(%rsp)
	leaq	(%r12,%rdx,1),%rdx
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	movq	(%rbx),%rax
	movq	8(%rbx),%rbx
	jmp	.Lcbc_dloop
.align	16
.Lcbc_dloop:
	movl	0(%r12),%r8d
	movl	4(%r12),%r9d
	movl	8(%r12),%r10d
	bswapl	%r8d
	movl	12(%r12),%r11d
	bswapl	%r9d
	movq	%rax,0+24(%rsp)
	bswapl	%r10d
	movq	%rbx,8+24(%rsp)
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	movq	0(%rsp),%r14
	movq	8(%rsp),%rdx
	movq	16(%rsp),%rcx

	bswapl	%r8d
	movq	(%r12),%rax
	bswapl	%r9d
	movq	8(%r12),%rbx
	bswapl	%r10d
	xorl	0+24(%rsp),%r8d
	bswapl	%r11d
	xorl	4+24(%rsp),%r9d
	xorl	8+24(%rsp),%r10d
	leaq	16(%r12),%r12
	xorl	12+24(%rsp),%r11d
	cmpq	%rdx,%r12
	je	.Lcbc_ddone

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	leaq	16(%r13),%r13
	jmp	.Lcbc_dloop

.align	16
.Lcbc_ddone:
	movq	40(%rsp),%rdx
	cmpq	$0,%rcx
	jne	.Lcbc_dec_tail

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	.Lcbc_done
.align	16
.Lcbc_dec_tail:
	movl	%r8d,0+24(%rsp)
	movl	%r9d,4+24(%rsp)
	movl	%r10d,8+24(%rsp)
	movl	%r11d,12+24(%rsp)

.Lcbc_dec_pushf:
	pushfq
	cld
	leaq	8+24(%rsp),%rsi
	leaq	(%r13),%rdi
.long	0x9066A4F3		
	popfq
.Lcbc_dec_popf:

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	.Lcbc_done

.align	16
.Lcbc_done:
	movq	48(%rsp),%rcx
	movq	0(%rcx),%r15
	movq	8(%rcx),%r14
	movq	16(%rcx),%r13
	movq	24(%rcx),%r12
	movq	32(%rcx),%rbp
	movq	40(%rcx),%rbx
	leaq	48(%rcx),%rsp
.Lcbc_abort:
	.byte	0xf3,0xc3
.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt

.byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/camellia/cmll-macosx-x86_64.S.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
#include "x86_arch.h"
.text	


.globl	_Camellia_EncryptBlock

.p2align	4
_Camellia_EncryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	L$enc_rounds


.globl	_Camellia_EncryptBlock_Rounds

.p2align	4
L$enc_rounds:
_Camellia_EncryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$enc_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r14

	shll	$6,%edi
	leaq	L$Camellia_SBOX(%rip),%rbp
	leaq	(%r14,%rdi,1),%r15

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
L$enc_epilogue:
	.byte	0xf3,0xc3



.p2align	4
_x86_64_Camellia_encrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.p2align	4
L$eloop:
	movl	16(%r14),%ebx
	movl	20(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	56(%r14),%ebx
	movl	60(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	64(%r14),%ebx
	movl	68(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	64(%r14),%r14
	cmpq	%r15,%r14
	movl	8(%r14),%edx
	movl	12(%r14),%ecx
	je	L$edone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d
	jmp	L$eloop

.p2align	4
L$edone:
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx

	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r10d
	movl	%edx,%r11d

.byte	0xf3,0xc3		



.globl	_Camellia_DecryptBlock

.p2align	4
_Camellia_DecryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	L$dec_rounds


.globl	_Camellia_DecryptBlock_Rounds

.p2align	4
L$dec_rounds:
_Camellia_DecryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$dec_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r15

	shll	$6,%edi
	leaq	L$Camellia_SBOX(%rip),%rbp
	leaq	(%r15,%rdi,1),%r14

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
L$dec_epilogue:
	.byte	0xf3,0xc3



.p2align	4
_x86_64_Camellia_decrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.p2align	4
L$dloop:
	movl	-8(%r14),%ebx
	movl	-4(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-16(%r14),%ebx
	movl	-12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-24(%r14),%ebx
	movl	-20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-32(%r14),%ebx
	movl	-28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-40(%r14),%ebx
	movl	-36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-48(%r14),%ebx
	movl	-44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-56(%r14),%ebx
	movl	-52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	-64(%r14),%r14
	cmpq	%r15,%r14
	movl	0(%r14),%edx
	movl	4(%r14),%ecx
	je	L$ddone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d

	jmp	L$dloop

.p2align	4
L$ddone:
	xorl	%r10d,%ecx
	xorl	%r11d,%edx
	xorl	%r8d,%eax
	xorl	%r9d,%ebx

	movl	%ecx,%r8d
	movl	%edx,%r9d
	movl	%eax,%r10d
	movl	%ebx,%r11d

.byte	0xf3,0xc3		

.globl	_Camellia_Ekeygen

.p2align	4
_Camellia_Ekeygen:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$key_prologue:

	movq	%rdi,%r15
	movq	%rdx,%r13

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	movl	12(%rsi),%r11d

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,0(%r13)
	movl	%r8d,4(%r13)
	movl	%r11d,8(%r13)
	movl	%r10d,12(%r13)
	cmpq	$128,%r15
	je	L$1st128

	movl	16(%rsi),%r8d
	movl	20(%rsi),%r9d
	cmpq	$192,%r15
	je	L$1st192
	movl	24(%rsi),%r10d
	movl	28(%rsi),%r11d
	jmp	L$1st256
L$1st192:
	movl	%r8d,%r10d
	movl	%r9d,%r11d
	notl	%r10d
	notl	%r11d
L$1st256:
	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,32(%r13)
	movl	%r8d,36(%r13)
	movl	%r11d,40(%r13)
	movl	%r10d,44(%r13)
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d

L$1st128:
	leaq	L$Camellia_SIGMA(%rip),%r14
	leaq	L$Camellia_SBOX(%rip),%rbp

	movl	0(%r14),%ebx
	movl	4(%r14),%eax
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	8(%r14),%ebx
	movl	12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	16(%r14),%ebx
	movl	20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	cmpq	$128,%r15
	jne	L$2nd256

	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	-128(%r13),%rax
	movq	-120(%r13),%rbx
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,-96(%r13)
	movq	%rbx,-88(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-80(%r13)
	movq	%r10,-72(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-64(%r13)
	movq	%r10,-56(%r13)
	movq	%rax,%r11
	shlq	$30,%rax
	movq	%rbx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rax
	shlq	$30,%rbx
	orq	%r11,%rbx
	movq	%rax,-48(%r13)
	movq	%rbx,-40(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-32(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rbx,-24(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-16(%r13)
	movq	%r10,-8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,16(%r13)
	movq	%rbx,24(%r13)
	movq	%r8,%r11
	shlq	$34,%r8
	movq	%r10,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%r8
	shlq	$34,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r8,%r11
	shlq	$17,%r8
	movq	%r10,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r8
	shlq	$17,%r10
	orq	%r11,%r10
	movq	%r8,64(%r13)
	movq	%r10,72(%r13)
	movl	$3,%eax
	jmp	L$done
.p2align	4
L$2nd256:
	movl	%r9d,48(%r13)
	movl	%r8d,52(%r13)
	movl	%r11d,56(%r13)
	movl	%r10d,60(%r13)
	xorl	32(%r13),%r9d
	xorl	36(%r13),%r8d
	xorl	40(%r13),%r11d
	xorl	44(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	movq	0(%r13),%rax
	movq	8(%r13),%rbx
	movq	32(%r13),%rcx
	movq	40(%r13),%rdx
	movq	48(%r13),%r14
	movq	56(%r13),%r15
	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-96(%r13)
	movq	%rdx,-88(%r13)
	movq	%r14,%r11
	shlq	$15,%r14
	movq	%r15,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r14
	shlq	$15,%r15
	orq	%r11,%r15
	movq	%r14,-80(%r13)
	movq	%r15,-72(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-64(%r13)
	movq	%rdx,-56(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,-48(%r13)
	movq	%r10,-40(%r13)
	movq	%rax,%r11
	shlq	$45,%rax
	movq	%rbx,%r9
	shrq	$19,%r9
	shrq	$19,%r11
	orq	%r9,%rax
	shlq	$45,%rbx
	orq	%r11,%rbx
	movq	%rax,-32(%r13)
	movq	%rbx,-24(%r13)
	movq	%r14,%r11
	shlq	$30,%r14
	movq	%r15,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r14
	shlq	$30,%r15
	orq	%r11,%r15
	movq	%r14,-16(%r13)
	movq	%r15,-8(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rcx,%r11
	shlq	$30,%rcx
	movq	%rdx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rcx
	shlq	$30,%rdx
	orq	%r11,%rdx
	movq	%rcx,16(%r13)
	movq	%rdx,24(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r14,%r11
	shlq	$32,%r14
	movq	%r15,%r9
	shrq	$32,%r9
	shrq	$32,%r11
	orq	%r9,%r14
	shlq	$32,%r15
	orq	%r11,%r15
	movq	%r14,64(%r13)
	movq	%r15,72(%r13)
	movq	%rcx,%r11
	shlq	$34,%rcx
	movq	%rdx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rcx
	shlq	$34,%rdx
	orq	%r11,%rdx
	movq	%rcx,80(%r13)
	movq	%rdx,88(%r13)
	movq	%r14,%r11
	shlq	$17,%r14
	movq	%r15,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r14
	shlq	$17,%r15
	orq	%r11,%r15
	movq	%r14,96(%r13)
	movq	%r15,104(%r13)
	movq	%rax,%r11
	shlq	$34,%rax
	movq	%rbx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rax
	shlq	$34,%rbx
	orq	%r11,%rbx
	movq	%rax,112(%r13)
	movq	%rbx,120(%r13)
	movq	%r8,%r11
	shlq	$51,%r8
	movq	%r10,%r9
	shrq	$13,%r9
	shrq	$13,%r11
	orq	%r9,%r8
	shlq	$51,%r10
	orq	%r11,%r10
	movq	%r8,128(%r13)
	movq	%r10,136(%r13)
	movl	$4,%eax
L$done:
	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
L$key_epilogue:
	.byte	0xf3,0xc3

.p2align	6
L$Camellia_SIGMA:
.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
.long	0,          0,          0,          0
L$Camellia_SBOX:
.long	0x70707000,0x70700070
.long	0x82828200,0x2c2c002c
.long	0x2c2c2c00,0xb3b300b3
.long	0xececec00,0xc0c000c0
.long	0xb3b3b300,0xe4e400e4
.long	0x27272700,0x57570057
.long	0xc0c0c000,0xeaea00ea
.long	0xe5e5e500,0xaeae00ae
.long	0xe4e4e400,0x23230023
.long	0x85858500,0x6b6b006b
.long	0x57575700,0x45450045
.long	0x35353500,0xa5a500a5
.long	0xeaeaea00,0xeded00ed
.long	0x0c0c0c00,0x4f4f004f
.long	0xaeaeae00,0x1d1d001d
.long	0x41414100,0x92920092
.long	0x23232300,0x86860086
.long	0xefefef00,0xafaf00af
.long	0x6b6b6b00,0x7c7c007c
.long	0x93939300,0x1f1f001f
.long	0x45454500,0x3e3e003e
.long	0x19191900,0xdcdc00dc
.long	0xa5a5a500,0x5e5e005e
.long	0x21212100,0x0b0b000b
.long	0xededed00,0xa6a600a6
.long	0x0e0e0e00,0x39390039
.long	0x4f4f4f00,0xd5d500d5
.long	0x4e4e4e00,0x5d5d005d
.long	0x1d1d1d00,0xd9d900d9
.long	0x65656500,0x5a5a005a
.long	0x92929200,0x51510051
.long	0xbdbdbd00,0x6c6c006c
.long	0x86868600,0x8b8b008b
.long	0xb8b8b800,0x9a9a009a
.long	0xafafaf00,0xfbfb00fb
.long	0x8f8f8f00,0xb0b000b0
.long	0x7c7c7c00,0x74740074
.long	0xebebeb00,0x2b2b002b
.long	0x1f1f1f00,0xf0f000f0
.long	0xcecece00,0x84840084
.long	0x3e3e3e00,0xdfdf00df
.long	0x30303000,0xcbcb00cb
.long	0xdcdcdc00,0x34340034
.long	0x5f5f5f00,0x76760076
.long	0x5e5e5e00,0x6d6d006d
.long	0xc5c5c500,0xa9a900a9
.long	0x0b0b0b00,0xd1d100d1
.long	0x1a1a1a00,0x04040004
.long	0xa6a6a600,0x14140014
.long	0xe1e1e100,0x3a3a003a
.long	0x39393900,0xdede00de
.long	0xcacaca00,0x11110011
.long	0xd5d5d500,0x32320032
.long	0x47474700,0x9c9c009c
.long	0x5d5d5d00,0x53530053
.long	0x3d3d3d00,0xf2f200f2
.long	0xd9d9d900,0xfefe00fe
.long	0x01010100,0xcfcf00cf
.long	0x5a5a5a00,0xc3c300c3
.long	0xd6d6d600,0x7a7a007a
.long	0x51515100,0x24240024
.long	0x56565600,0xe8e800e8
.long	0x6c6c6c00,0x60600060
.long	0x4d4d4d00,0x69690069
.long	0x8b8b8b00,0xaaaa00aa
.long	0x0d0d0d00,0xa0a000a0
.long	0x9a9a9a00,0xa1a100a1
.long	0x66666600,0x62620062
.long	0xfbfbfb00,0x54540054
.long	0xcccccc00,0x1e1e001e
.long	0xb0b0b000,0xe0e000e0
.long	0x2d2d2d00,0x64640064
.long	0x74747400,0x10100010
.long	0x12121200,0x00000000
.long	0x2b2b2b00,0xa3a300a3
.long	0x20202000,0x75750075
.long	0xf0f0f000,0x8a8a008a
.long	0xb1b1b100,0xe6e600e6
.long	0x84848400,0x09090009
.long	0x99999900,0xdddd00dd
.long	0xdfdfdf00,0x87870087
.long	0x4c4c4c00,0x83830083
.long	0xcbcbcb00,0xcdcd00cd
.long	0xc2c2c200,0x90900090
.long	0x34343400,0x73730073
.long	0x7e7e7e00,0xf6f600f6
.long	0x76767600,0x9d9d009d
.long	0x05050500,0xbfbf00bf
.long	0x6d6d6d00,0x52520052
.long	0xb7b7b700,0xd8d800d8
.long	0xa9a9a900,0xc8c800c8
.long	0x31313100,0xc6c600c6
.long	0xd1d1d100,0x81810081
.long	0x17171700,0x6f6f006f
.long	0x04040400,0x13130013
.long	0xd7d7d700,0x63630063
.long	0x14141400,0xe9e900e9
.long	0x58585800,0xa7a700a7
.long	0x3a3a3a00,0x9f9f009f
.long	0x61616100,0xbcbc00bc
.long	0xdedede00,0x29290029
.long	0x1b1b1b00,0xf9f900f9
.long	0x11111100,0x2f2f002f
.long	0x1c1c1c00,0xb4b400b4
.long	0x32323200,0x78780078
.long	0x0f0f0f00,0x06060006
.long	0x9c9c9c00,0xe7e700e7
.long	0x16161600,0x71710071
.long	0x53535300,0xd4d400d4
.long	0x18181800,0xabab00ab
.long	0xf2f2f200,0x88880088
.long	0x22222200,0x8d8d008d
.long	0xfefefe00,0x72720072
.long	0x44444400,0xb9b900b9
.long	0xcfcfcf00,0xf8f800f8
.long	0xb2b2b200,0xacac00ac
.long	0xc3c3c300,0x36360036
.long	0xb5b5b500,0x2a2a002a
.long	0x7a7a7a00,0x3c3c003c
.long	0x91919100,0xf1f100f1
.long	0x24242400,0x40400040
.long	0x08080800,0xd3d300d3
.long	0xe8e8e800,0xbbbb00bb
.long	0xa8a8a800,0x43430043
.long	0x60606000,0x15150015
.long	0xfcfcfc00,0xadad00ad
.long	0x69696900,0x77770077
.long	0x50505000,0x80800080
.long	0xaaaaaa00,0x82820082
.long	0xd0d0d000,0xecec00ec
.long	0xa0a0a000,0x27270027
.long	0x7d7d7d00,0xe5e500e5
.long	0xa1a1a100,0x85850085
.long	0x89898900,0x35350035
.long	0x62626200,0x0c0c000c
.long	0x97979700,0x41410041
.long	0x54545400,0xefef00ef
.long	0x5b5b5b00,0x93930093
.long	0x1e1e1e00,0x19190019
.long	0x95959500,0x21210021
.long	0xe0e0e000,0x0e0e000e
.long	0xffffff00,0x4e4e004e
.long	0x64646400,0x65650065
.long	0xd2d2d200,0xbdbd00bd
.long	0x10101000,0xb8b800b8
.long	0xc4c4c400,0x8f8f008f
.long	0x00000000,0xebeb00eb
.long	0x48484800,0xcece00ce
.long	0xa3a3a300,0x30300030
.long	0xf7f7f700,0x5f5f005f
.long	0x75757500,0xc5c500c5
.long	0xdbdbdb00,0x1a1a001a
.long	0x8a8a8a00,0xe1e100e1
.long	0x03030300,0xcaca00ca
.long	0xe6e6e600,0x47470047
.long	0xdadada00,0x3d3d003d
.long	0x09090900,0x01010001
.long	0x3f3f3f00,0xd6d600d6
.long	0xdddddd00,0x56560056
.long	0x94949400,0x4d4d004d
.long	0x87878700,0x0d0d000d
.long	0x5c5c5c00,0x66660066
.long	0x83838300,0xcccc00cc
.long	0x02020200,0x2d2d002d
.long	0xcdcdcd00,0x12120012
.long	0x4a4a4a00,0x20200020
.long	0x90909000,0xb1b100b1
.long	0x33333300,0x99990099
.long	0x73737300,0x4c4c004c
.long	0x67676700,0xc2c200c2
.long	0xf6f6f600,0x7e7e007e
.long	0xf3f3f300,0x05050005
.long	0x9d9d9d00,0xb7b700b7
.long	0x7f7f7f00,0x31310031
.long	0xbfbfbf00,0x17170017
.long	0xe2e2e200,0xd7d700d7
.long	0x52525200,0x58580058
.long	0x9b9b9b00,0x61610061
.long	0xd8d8d800,0x1b1b001b
.long	0x26262600,0x1c1c001c
.long	0xc8c8c800,0x0f0f000f
.long	0x37373700,0x16160016
.long	0xc6c6c600,0x18180018
.long	0x3b3b3b00,0x22220022
.long	0x81818100,0x44440044
.long	0x96969600,0xb2b200b2
.long	0x6f6f6f00,0xb5b500b5
.long	0x4b4b4b00,0x91910091
.long	0x13131300,0x08080008
.long	0xbebebe00,0xa8a800a8
.long	0x63636300,0xfcfc00fc
.long	0x2e2e2e00,0x50500050
.long	0xe9e9e900,0xd0d000d0
.long	0x79797900,0x7d7d007d
.long	0xa7a7a700,0x89890089
.long	0x8c8c8c00,0x97970097
.long	0x9f9f9f00,0x5b5b005b
.long	0x6e6e6e00,0x95950095
.long	0xbcbcbc00,0xffff00ff
.long	0x8e8e8e00,0xd2d200d2
.long	0x29292900,0xc4c400c4
.long	0xf5f5f500,0x48480048
.long	0xf9f9f900,0xf7f700f7
.long	0xb6b6b600,0xdbdb00db
.long	0x2f2f2f00,0x03030003
.long	0xfdfdfd00,0xdada00da
.long	0xb4b4b400,0x3f3f003f
.long	0x59595900,0x94940094
.long	0x78787800,0x5c5c005c
.long	0x98989800,0x02020002
.long	0x06060600,0x4a4a004a
.long	0x6a6a6a00,0x33330033
.long	0xe7e7e700,0x67670067
.long	0x46464600,0xf3f300f3
.long	0x71717100,0x7f7f007f
.long	0xbababa00,0xe2e200e2
.long	0xd4d4d400,0x9b9b009b
.long	0x25252500,0x26260026
.long	0xababab00,0x37370037
.long	0x42424200,0x3b3b003b
.long	0x88888800,0x96960096
.long	0xa2a2a200,0x4b4b004b
.long	0x8d8d8d00,0xbebe00be
.long	0xfafafa00,0x2e2e002e
.long	0x72727200,0x79790079
.long	0x07070700,0x8c8c008c
.long	0xb9b9b900,0x6e6e006e
.long	0x55555500,0x8e8e008e
.long	0xf8f8f800,0xf5f500f5
.long	0xeeeeee00,0xb6b600b6
.long	0xacacac00,0xfdfd00fd
.long	0x0a0a0a00,0x59590059
.long	0x36363600,0x98980098
.long	0x49494900,0x6a6a006a
.long	0x2a2a2a00,0x46460046
.long	0x68686800,0xbaba00ba
.long	0x3c3c3c00,0x25250025
.long	0x38383800,0x42420042
.long	0xf1f1f100,0xa2a200a2
.long	0xa4a4a400,0xfafa00fa
.long	0x40404000,0x07070007
.long	0x28282800,0x55550055
.long	0xd3d3d300,0xeeee00ee
.long	0x7b7b7b00,0x0a0a000a
.long	0xbbbbbb00,0x49490049
.long	0xc9c9c900,0x68680068
.long	0x43434300,0x38380038
.long	0xc1c1c100,0xa4a400a4
.long	0x15151500,0x28280028
.long	0xe3e3e300,0x7b7b007b
.long	0xadadad00,0xc9c900c9
.long	0xf4f4f400,0xc1c100c1
.long	0x77777700,0xe3e300e3
.long	0xc7c7c700,0xf4f400f4
.long	0x80808000,0xc7c700c7
.long	0x9e9e9e00,0x9e9e009e
.long	0x00e0e0e0,0x38003838
.long	0x00050505,0x41004141
.long	0x00585858,0x16001616
.long	0x00d9d9d9,0x76007676
.long	0x00676767,0xd900d9d9
.long	0x004e4e4e,0x93009393
.long	0x00818181,0x60006060
.long	0x00cbcbcb,0xf200f2f2
.long	0x00c9c9c9,0x72007272
.long	0x000b0b0b,0xc200c2c2
.long	0x00aeaeae,0xab00abab
.long	0x006a6a6a,0x9a009a9a
.long	0x00d5d5d5,0x75007575
.long	0x00181818,0x06000606
.long	0x005d5d5d,0x57005757
.long	0x00828282,0xa000a0a0
.long	0x00464646,0x91009191
.long	0x00dfdfdf,0xf700f7f7
.long	0x00d6d6d6,0xb500b5b5
.long	0x00272727,0xc900c9c9
.long	0x008a8a8a,0xa200a2a2
.long	0x00323232,0x8c008c8c
.long	0x004b4b4b,0xd200d2d2
.long	0x00424242,0x90009090
.long	0x00dbdbdb,0xf600f6f6
.long	0x001c1c1c,0x07000707
.long	0x009e9e9e,0xa700a7a7
.long	0x009c9c9c,0x27002727
.long	0x003a3a3a,0x8e008e8e
.long	0x00cacaca,0xb200b2b2
.long	0x00252525,0x49004949
.long	0x007b7b7b,0xde00dede
.long	0x000d0d0d,0x43004343
.long	0x00717171,0x5c005c5c
.long	0x005f5f5f,0xd700d7d7
.long	0x001f1f1f,0xc700c7c7
.long	0x00f8f8f8,0x3e003e3e
.long	0x00d7d7d7,0xf500f5f5
.long	0x003e3e3e,0x8f008f8f
.long	0x009d9d9d,0x67006767
.long	0x007c7c7c,0x1f001f1f
.long	0x00606060,0x18001818
.long	0x00b9b9b9,0x6e006e6e
.long	0x00bebebe,0xaf00afaf
.long	0x00bcbcbc,0x2f002f2f
.long	0x008b8b8b,0xe200e2e2
.long	0x00161616,0x85008585
.long	0x00343434,0x0d000d0d
.long	0x004d4d4d,0x53005353
.long	0x00c3c3c3,0xf000f0f0
.long	0x00727272,0x9c009c9c
.long	0x00959595,0x65006565
.long	0x00ababab,0xea00eaea
.long	0x008e8e8e,0xa300a3a3
.long	0x00bababa,0xae00aeae
.long	0x007a7a7a,0x9e009e9e
.long	0x00b3b3b3,0xec00ecec
.long	0x00020202,0x80008080
.long	0x00b4b4b4,0x2d002d2d
.long	0x00adadad,0x6b006b6b
.long	0x00a2a2a2,0xa800a8a8
.long	0x00acacac,0x2b002b2b
.long	0x00d8d8d8,0x36003636
.long	0x009a9a9a,0xa600a6a6
.long	0x00171717,0xc500c5c5
.long	0x001a1a1a,0x86008686
.long	0x00353535,0x4d004d4d
.long	0x00cccccc,0x33003333
.long	0x00f7f7f7,0xfd00fdfd
.long	0x00999999,0x66006666
.long	0x00616161,0x58005858
.long	0x005a5a5a,0x96009696
.long	0x00e8e8e8,0x3a003a3a
.long	0x00242424,0x09000909
.long	0x00565656,0x95009595
.long	0x00404040,0x10001010
.long	0x00e1e1e1,0x78007878
.long	0x00636363,0xd800d8d8
.long	0x00090909,0x42004242
.long	0x00333333,0xcc00cccc
.long	0x00bfbfbf,0xef00efef
.long	0x00989898,0x26002626
.long	0x00979797,0xe500e5e5
.long	0x00858585,0x61006161
.long	0x00686868,0x1a001a1a
.long	0x00fcfcfc,0x3f003f3f
.long	0x00ececec,0x3b003b3b
.long	0x000a0a0a,0x82008282
.long	0x00dadada,0xb600b6b6
.long	0x006f6f6f,0xdb00dbdb
.long	0x00535353,0xd400d4d4
.long	0x00626262,0x98009898
.long	0x00a3a3a3,0xe800e8e8
.long	0x002e2e2e,0x8b008b8b
.long	0x00080808,0x02000202
.long	0x00afafaf,0xeb00ebeb
.long	0x00282828,0x0a000a0a
.long	0x00b0b0b0,0x2c002c2c
.long	0x00747474,0x1d001d1d
.long	0x00c2c2c2,0xb000b0b0
.long	0x00bdbdbd,0x6f006f6f
.long	0x00363636,0x8d008d8d
.long	0x00222222,0x88008888
.long	0x00383838,0x0e000e0e
.long	0x00646464,0x19001919
.long	0x001e1e1e,0x87008787
.long	0x00393939,0x4e004e4e
.long	0x002c2c2c,0x0b000b0b
.long	0x00a6a6a6,0xa900a9a9
.long	0x00303030,0x0c000c0c
.long	0x00e5e5e5,0x79007979
.long	0x00444444,0x11001111
.long	0x00fdfdfd,0x7f007f7f
.long	0x00888888,0x22002222
.long	0x009f9f9f,0xe700e7e7
.long	0x00656565,0x59005959
.long	0x00878787,0xe100e1e1
.long	0x006b6b6b,0xda00dada
.long	0x00f4f4f4,0x3d003d3d
.long	0x00232323,0xc800c8c8
.long	0x00484848,0x12001212
.long	0x00101010,0x04000404
.long	0x00d1d1d1,0x74007474
.long	0x00515151,0x54005454
.long	0x00c0c0c0,0x30003030
.long	0x00f9f9f9,0x7e007e7e
.long	0x00d2d2d2,0xb400b4b4
.long	0x00a0a0a0,0x28002828
.long	0x00555555,0x55005555
.long	0x00a1a1a1,0x68006868
.long	0x00414141,0x50005050
.long	0x00fafafa,0xbe00bebe
.long	0x00434343,0xd000d0d0
.long	0x00131313,0xc400c4c4
.long	0x00c4c4c4,0x31003131
.long	0x002f2f2f,0xcb00cbcb
.long	0x00a8a8a8,0x2a002a2a
.long	0x00b6b6b6,0xad00adad
.long	0x003c3c3c,0x0f000f0f
.long	0x002b2b2b,0xca00caca
.long	0x00c1c1c1,0x70007070
.long	0x00ffffff,0xff00ffff
.long	0x00c8c8c8,0x32003232
.long	0x00a5a5a5,0x69006969
.long	0x00202020,0x08000808
.long	0x00898989,0x62006262
.long	0x00000000,0x00000000
.long	0x00909090,0x24002424
.long	0x00474747,0xd100d1d1
.long	0x00efefef,0xfb00fbfb
.long	0x00eaeaea,0xba00baba
.long	0x00b7b7b7,0xed00eded
.long	0x00151515,0x45004545
.long	0x00060606,0x81008181
.long	0x00cdcdcd,0x73007373
.long	0x00b5b5b5,0x6d006d6d
.long	0x00121212,0x84008484
.long	0x007e7e7e,0x9f009f9f
.long	0x00bbbbbb,0xee00eeee
.long	0x00292929,0x4a004a4a
.long	0x000f0f0f,0xc300c3c3
.long	0x00b8b8b8,0x2e002e2e
.long	0x00070707,0xc100c1c1
.long	0x00040404,0x01000101
.long	0x009b9b9b,0xe600e6e6
.long	0x00949494,0x25002525
.long	0x00212121,0x48004848
.long	0x00666666,0x99009999
.long	0x00e6e6e6,0xb900b9b9
.long	0x00cecece,0xb300b3b3
.long	0x00ededed,0x7b007b7b
.long	0x00e7e7e7,0xf900f9f9
.long	0x003b3b3b,0xce00cece
.long	0x00fefefe,0xbf00bfbf
.long	0x007f7f7f,0xdf00dfdf
.long	0x00c5c5c5,0x71007171
.long	0x00a4a4a4,0x29002929
.long	0x00373737,0xcd00cdcd
.long	0x00b1b1b1,0x6c006c6c
.long	0x004c4c4c,0x13001313
.long	0x00919191,0x64006464
.long	0x006e6e6e,0x9b009b9b
.long	0x008d8d8d,0x63006363
.long	0x00767676,0x9d009d9d
.long	0x00030303,0xc000c0c0
.long	0x002d2d2d,0x4b004b4b
.long	0x00dedede,0xb700b7b7
.long	0x00969696,0xa500a5a5
.long	0x00262626,0x89008989
.long	0x007d7d7d,0x5f005f5f
.long	0x00c6c6c6,0xb100b1b1
.long	0x005c5c5c,0x17001717
.long	0x00d3d3d3,0xf400f4f4
.long	0x00f2f2f2,0xbc00bcbc
.long	0x004f4f4f,0xd300d3d3
.long	0x00191919,0x46004646
.long	0x003f3f3f,0xcf00cfcf
.long	0x00dcdcdc,0x37003737
.long	0x00797979,0x5e005e5e
.long	0x001d1d1d,0x47004747
.long	0x00525252,0x94009494
.long	0x00ebebeb,0xfa00fafa
.long	0x00f3f3f3,0xfc00fcfc
.long	0x006d6d6d,0x5b005b5b
.long	0x005e5e5e,0x97009797
.long	0x00fbfbfb,0xfe00fefe
.long	0x00696969,0x5a005a5a
.long	0x00b2b2b2,0xac00acac
.long	0x00f0f0f0,0x3c003c3c
.long	0x00313131,0x4c004c4c
.long	0x000c0c0c,0x03000303
.long	0x00d4d4d4,0x35003535
.long	0x00cfcfcf,0xf300f3f3
.long	0x008c8c8c,0x23002323
.long	0x00e2e2e2,0xb800b8b8
.long	0x00757575,0x5d005d5d
.long	0x00a9a9a9,0x6a006a6a
.long	0x004a4a4a,0x92009292
.long	0x00575757,0xd500d5d5
.long	0x00848484,0x21002121
.long	0x00111111,0x44004444
.long	0x00454545,0x51005151
.long	0x001b1b1b,0xc600c6c6
.long	0x00f5f5f5,0x7d007d7d
.long	0x00e4e4e4,0x39003939
.long	0x000e0e0e,0x83008383
.long	0x00737373,0xdc00dcdc
.long	0x00aaaaaa,0xaa00aaaa
.long	0x00f1f1f1,0x7c007c7c
.long	0x00dddddd,0x77007777
.long	0x00595959,0x56005656
.long	0x00141414,0x05000505
.long	0x006c6c6c,0x1b001b1b
.long	0x00929292,0xa400a4a4
.long	0x00545454,0x15001515
.long	0x00d0d0d0,0x34003434
.long	0x00787878,0x1e001e1e
.long	0x00707070,0x1c001c1c
.long	0x00e3e3e3,0xf800f8f8
.long	0x00494949,0x52005252
.long	0x00808080,0x20002020
.long	0x00505050,0x14001414
.long	0x00a7a7a7,0xe900e9e9
.long	0x00f6f6f6,0xbd00bdbd
.long	0x00777777,0xdd00dddd
.long	0x00939393,0xe400e4e4
.long	0x00868686,0xa100a1a1
.long	0x00838383,0xe000e0e0
.long	0x002a2a2a,0x8a008a8a
.long	0x00c7c7c7,0xf100f1f1
.long	0x005b5b5b,0xd600d6d6
.long	0x00e9e9e9,0x7a007a7a
.long	0x00eeeeee,0xbb00bbbb
.long	0x008f8f8f,0xe300e3e3
.long	0x00010101,0x40004040
.long	0x003d3d3d,0x4f004f4f
.globl	_Camellia_cbc_encrypt

.p2align	4
_Camellia_cbc_encrypt:
	cmpq	$0,%rdx
	je	L$cbc_abort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$cbc_prologue:

	movq	%rsp,%rbp
	subq	$64,%rsp
	andq	$-64,%rsp



	leaq	-64-63(%rcx),%r10
	subq	%rsp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%r8,%rbx
	movq	%rcx,%r14
	movl	272(%rcx),%r15d

	movq	%r8,40(%rsp)
	movq	%rbp,48(%rsp)

L$cbc_body:
	leaq	L$Camellia_SBOX(%rip),%rbp

	movl	$32,%ecx
.p2align	2
L$cbc_prefetch_sbox:
	movq	0(%rbp),%rax
	movq	32(%rbp),%rsi
	movq	64(%rbp),%rdi
	movq	96(%rbp),%r11
	leaq	128(%rbp),%rbp
	loop	L$cbc_prefetch_sbox
	subq	$4096,%rbp
	shlq	$6,%r15
	movq	%rdx,%rcx
	leaq	(%r14,%r15,1),%r15

	cmpl	$0,%r9d
	je	L$CBC_DECRYPT

	andq	$-16,%rdx
	andq	$15,%rcx
	leaq	(%r12,%rdx,1),%rdx
	movq	%r14,0(%rsp)
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	cmpq	%r12,%rdx
	movl	0(%rbx),%r8d
	movl	4(%rbx),%r9d
	movl	8(%rbx),%r10d
	movl	12(%rbx),%r11d
	je	L$cbc_enc_tail
	jmp	L$cbc_eloop

.p2align	4
L$cbc_eloop:
	xorl	0(%r12),%r8d
	xorl	4(%r12),%r9d
	xorl	8(%r12),%r10d
	bswapl	%r8d
	xorl	12(%r12),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	movq	0(%rsp),%r14
	bswapl	%r8d
	movq	8(%rsp),%rdx
	bswapl	%r9d
	movq	16(%rsp),%rcx
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	leaq	16(%r12),%r12
	movl	%r11d,12(%r13)
	cmpq	%rdx,%r12
	leaq	16(%r13),%r13
	jne	L$cbc_eloop

	cmpq	$0,%rcx
	jne	L$cbc_enc_tail

	movq	40(%rsp),%r13
	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)
	jmp	L$cbc_done

.p2align	4
L$cbc_enc_tail:
	xorq	%rax,%rax
	movq	%rax,0+24(%rsp)
	movq	%rax,8+24(%rsp)
	movq	%rax,16(%rsp)

L$cbc_enc_pushf:
	pushfq
	cld
	movq	%r12,%rsi
	leaq	8+24(%rsp),%rdi
.long	0x9066A4F3		
	popfq
L$cbc_enc_popf:

	leaq	24(%rsp),%r12
	leaq	16+24(%rsp),%rax
	movq	%rax,8(%rsp)
	jmp	L$cbc_eloop		

.p2align	4
L$CBC_DECRYPT:
	xchgq	%r14,%r15
	addq	$15,%rdx
	andq	$15,%rcx
	andq	$-16,%rdx
	movq	%r14,0(%rsp)
	leaq	(%r12,%rdx,1),%rdx
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	movq	(%rbx),%rax
	movq	8(%rbx),%rbx
	jmp	L$cbc_dloop
.p2align	4
L$cbc_dloop:
	movl	0(%r12),%r8d
	movl	4(%r12),%r9d
	movl	8(%r12),%r10d
	bswapl	%r8d
	movl	12(%r12),%r11d
	bswapl	%r9d
	movq	%rax,0+24(%rsp)
	bswapl	%r10d
	movq	%rbx,8+24(%rsp)
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	movq	0(%rsp),%r14
	movq	8(%rsp),%rdx
	movq	16(%rsp),%rcx

	bswapl	%r8d
	movq	(%r12),%rax
	bswapl	%r9d
	movq	8(%r12),%rbx
	bswapl	%r10d
	xorl	0+24(%rsp),%r8d
	bswapl	%r11d
	xorl	4+24(%rsp),%r9d
	xorl	8+24(%rsp),%r10d
	leaq	16(%r12),%r12
	xorl	12+24(%rsp),%r11d
	cmpq	%rdx,%r12
	je	L$cbc_ddone

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	leaq	16(%r13),%r13
	jmp	L$cbc_dloop

.p2align	4
L$cbc_ddone:
	movq	40(%rsp),%rdx
	cmpq	$0,%rcx
	jne	L$cbc_dec_tail

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	L$cbc_done
.p2align	4
L$cbc_dec_tail:
	movl	%r8d,0+24(%rsp)
	movl	%r9d,4+24(%rsp)
	movl	%r10d,8+24(%rsp)
	movl	%r11d,12+24(%rsp)

L$cbc_dec_pushf:
	pushfq
	cld
	leaq	8+24(%rsp),%rsi
	leaq	(%r13),%rdi
.long	0x9066A4F3		
	popfq
L$cbc_dec_popf:

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	L$cbc_done

.p2align	4
L$cbc_done:
	movq	48(%rsp),%rcx
	movq	0(%rcx),%r15
	movq	8(%rcx),%r14
	movq	16(%rcx),%r13
	movq	24(%rcx),%r12
	movq	32(%rcx),%rbp
	movq	40(%rcx),%rbx
	leaq	48(%rcx),%rsp
L$cbc_abort:
	.byte	0xf3,0xc3


.byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
Deleted jni/libressl/crypto/camellia/cmll-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
.text	


.globl	_Camellia_EncryptBlock

.p2align	4
_Camellia_EncryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	L$enc_rounds


.globl	_Camellia_EncryptBlock_Rounds

.p2align	4
L$enc_rounds:
_Camellia_EncryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$enc_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r14

	shll	$6,%edi
	leaq	L$Camellia_SBOX(%rip),%rbp
	leaq	(%r14,%rdi,1),%r15

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
L$enc_epilogue:
	.byte	0xf3,0xc3



.p2align	4
_x86_64_Camellia_encrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.p2align	4
L$eloop:
	movl	16(%r14),%ebx
	movl	20(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	56(%r14),%ebx
	movl	60(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	64(%r14),%ebx
	movl	68(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	64(%r14),%r14
	cmpq	%r15,%r14
	movl	8(%r14),%edx
	movl	12(%r14),%ecx
	je	L$edone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d
	jmp	L$eloop

.p2align	4
L$edone:
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	xorl	%r8d,%ecx
	xorl	%r9d,%edx

	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r10d
	movl	%edx,%r11d

.byte	0xf3,0xc3		



.globl	_Camellia_DecryptBlock

.p2align	4
_Camellia_DecryptBlock:
	movl	$128,%eax
	subl	%edi,%eax
	movl	$3,%edi
	adcl	$0,%edi
	jmp	L$dec_rounds


.globl	_Camellia_DecryptBlock_Rounds

.p2align	4
L$dec_rounds:
_Camellia_DecryptBlock_Rounds:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$dec_prologue:


	movq	%rcx,%r13
	movq	%rdx,%r15

	shll	$6,%edi
	leaq	L$Camellia_SBOX(%rip),%rbp
	leaq	(%r15,%rdi,1),%r14

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	bswapl	%r8d
	movl	12(%rsi),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
L$dec_epilogue:
	.byte	0xf3,0xc3



.p2align	4
_x86_64_Camellia_decrypt:
	xorl	0(%r14),%r9d
	xorl	4(%r14),%r8d
	xorl	8(%r14),%r11d
	xorl	12(%r14),%r10d
.p2align	4
L$dloop:
	movl	-8(%r14),%ebx
	movl	-4(%r14),%eax

	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-16(%r14),%ebx
	movl	-12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-24(%r14),%ebx
	movl	-20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-32(%r14),%ebx
	movl	-28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-40(%r14),%ebx
	movl	-36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-48(%r14),%ebx
	movl	-44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	-56(%r14),%ebx
	movl	-52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	leaq	-64(%r14),%r14
	cmpq	%r15,%r14
	movl	0(%r14),%edx
	movl	4(%r14),%ecx
	je	L$ddone

	andl	%r8d,%eax
	orl	%r11d,%edx
	roll	$1,%eax
	xorl	%edx,%r10d
	xorl	%eax,%r9d
	andl	%r10d,%ecx
	orl	%r9d,%ebx
	roll	$1,%ecx
	xorl	%ebx,%r8d
	xorl	%ecx,%r11d

	jmp	L$dloop

.p2align	4
L$ddone:
	xorl	%r10d,%ecx
	xorl	%r11d,%edx
	xorl	%r8d,%eax
	xorl	%r9d,%ebx

	movl	%ecx,%r8d
	movl	%edx,%r9d
	movl	%eax,%r10d
	movl	%ebx,%r11d

.byte	0xf3,0xc3		

.globl	_Camellia_Ekeygen

.p2align	4
_Camellia_Ekeygen:
	pushq	%rbx
	pushq	%rbp
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$key_prologue:

	movq	%rdi,%r15
	movq	%rdx,%r13

	movl	0(%rsi),%r8d
	movl	4(%rsi),%r9d
	movl	8(%rsi),%r10d
	movl	12(%rsi),%r11d

	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,0(%r13)
	movl	%r8d,4(%r13)
	movl	%r11d,8(%r13)
	movl	%r10d,12(%r13)
	cmpq	$128,%r15
	je	L$1st128

	movl	16(%rsi),%r8d
	movl	20(%rsi),%r9d
	cmpq	$192,%r15
	je	L$1st192
	movl	24(%rsi),%r10d
	movl	28(%rsi),%r11d
	jmp	L$1st256
L$1st192:
	movl	%r8d,%r10d
	movl	%r9d,%r11d
	notl	%r10d
	notl	%r11d
L$1st256:
	bswapl	%r8d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d
	movl	%r9d,32(%r13)
	movl	%r8d,36(%r13)
	movl	%r11d,40(%r13)
	movl	%r10d,44(%r13)
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d

L$1st128:
	leaq	L$Camellia_SIGMA(%rip),%r14
	leaq	L$Camellia_SBOX(%rip),%rbp

	movl	0(%r14),%ebx
	movl	4(%r14),%eax
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	8(%r14),%ebx
	movl	12(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	16(%r14),%ebx
	movl	20(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	xorl	0(%r13),%r9d
	xorl	4(%r13),%r8d
	xorl	8(%r13),%r11d
	xorl	12(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	24(%r14),%ebx
	movl	28(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	32(%r14),%ebx
	movl	36(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	cmpq	$128,%r15
	jne	L$2nd256

	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	-128(%r13),%rax
	movq	-120(%r13),%rbx
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,-96(%r13)
	movq	%rbx,-88(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-80(%r13)
	movq	%r10,-72(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-64(%r13)
	movq	%r10,-56(%r13)
	movq	%rax,%r11
	shlq	$30,%rax
	movq	%rbx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rax
	shlq	$30,%rbx
	orq	%r11,%rbx
	movq	%rax,-48(%r13)
	movq	%rbx,-40(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-32(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rbx,-24(%r13)
	movq	%r8,%r11
	shlq	$15,%r8
	movq	%r10,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r8
	shlq	$15,%r10
	orq	%r11,%r10
	movq	%r8,-16(%r13)
	movq	%r10,-8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,16(%r13)
	movq	%rbx,24(%r13)
	movq	%r8,%r11
	shlq	$34,%r8
	movq	%r10,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%r8
	shlq	$34,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r8,%r11
	shlq	$17,%r8
	movq	%r10,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r8
	shlq	$17,%r10
	orq	%r11,%r10
	movq	%r8,64(%r13)
	movq	%r10,72(%r13)
	movl	$3,%eax
	jmp	L$done
.p2align	4
L$2nd256:
	movl	%r9d,48(%r13)
	movl	%r8d,52(%r13)
	movl	%r11d,56(%r13)
	movl	%r10d,60(%r13)
	xorl	32(%r13),%r9d
	xorl	36(%r13),%r8d
	xorl	40(%r13),%r11d
	xorl	44(%r13),%r10d
	xorl	%r8d,%eax
	xorl	%r9d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	40(%r14),%ebx
	movl	44(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r10d
	xorl	%ecx,%r11d
	xorl	%edx,%r11d
	xorl	%r10d,%eax
	xorl	%r11d,%ebx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	movl	2052(%rbp,%rsi,8),%edx
	movl	0(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	shrl	$16,%eax
	movzbl	%bh,%edi
	xorl	4(%rbp,%rsi,8),%edx
	shrl	$16,%ebx
	xorl	4(%rbp,%rdi,8),%ecx
	movzbl	%ah,%esi
	movzbl	%bl,%edi
	xorl	0(%rbp,%rsi,8),%edx
	xorl	2052(%rbp,%rdi,8),%ecx
	movzbl	%al,%esi
	movzbl	%bh,%edi
	xorl	2048(%rbp,%rsi,8),%edx
	xorl	2048(%rbp,%rdi,8),%ecx
	movl	48(%r14),%ebx
	movl	52(%r14),%eax
	xorl	%edx,%ecx
	rorl	$8,%edx
	xorl	%ecx,%r8d
	xorl	%ecx,%r9d
	xorl	%edx,%r9d
	movq	0(%r13),%rax
	movq	8(%r13),%rbx
	movq	32(%r13),%rcx
	movq	40(%r13),%rdx
	movq	48(%r13),%r14
	movq	56(%r13),%r15
	leaq	128(%r13),%r13
	shlq	$32,%r8
	shlq	$32,%r10
	orq	%r9,%r8
	orq	%r11,%r10
	movq	%r8,-112(%r13)
	movq	%r10,-104(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-96(%r13)
	movq	%rdx,-88(%r13)
	movq	%r14,%r11
	shlq	$15,%r14
	movq	%r15,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%r14
	shlq	$15,%r15
	orq	%r11,%r15
	movq	%r14,-80(%r13)
	movq	%r15,-72(%r13)
	movq	%rcx,%r11
	shlq	$15,%rcx
	movq	%rdx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rcx
	shlq	$15,%rdx
	orq	%r11,%rdx
	movq	%rcx,-64(%r13)
	movq	%rdx,-56(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,-48(%r13)
	movq	%r10,-40(%r13)
	movq	%rax,%r11
	shlq	$45,%rax
	movq	%rbx,%r9
	shrq	$19,%r9
	shrq	$19,%r11
	orq	%r9,%rax
	shlq	$45,%rbx
	orq	%r11,%rbx
	movq	%rax,-32(%r13)
	movq	%rbx,-24(%r13)
	movq	%r14,%r11
	shlq	$30,%r14
	movq	%r15,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r14
	shlq	$30,%r15
	orq	%r11,%r15
	movq	%r14,-16(%r13)
	movq	%r15,-8(%r13)
	movq	%rax,%r11
	shlq	$15,%rax
	movq	%rbx,%r9
	shrq	$49,%r9
	shrq	$49,%r11
	orq	%r9,%rax
	shlq	$15,%rbx
	orq	%r11,%rbx
	movq	%rax,0(%r13)
	movq	%rbx,8(%r13)
	movq	%rcx,%r11
	shlq	$30,%rcx
	movq	%rdx,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%rcx
	shlq	$30,%rdx
	orq	%r11,%rdx
	movq	%rcx,16(%r13)
	movq	%rdx,24(%r13)
	movq	%r8,%r11
	shlq	$30,%r8
	movq	%r10,%r9
	shrq	$34,%r9
	shrq	$34,%r11
	orq	%r9,%r8
	shlq	$30,%r10
	orq	%r11,%r10
	movq	%r8,32(%r13)
	movq	%r10,40(%r13)
	movq	%rax,%r11
	shlq	$17,%rax
	movq	%rbx,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%rax
	shlq	$17,%rbx
	orq	%r11,%rbx
	movq	%rax,48(%r13)
	movq	%rbx,56(%r13)
	movq	%r14,%r11
	shlq	$32,%r14
	movq	%r15,%r9
	shrq	$32,%r9
	shrq	$32,%r11
	orq	%r9,%r14
	shlq	$32,%r15
	orq	%r11,%r15
	movq	%r14,64(%r13)
	movq	%r15,72(%r13)
	movq	%rcx,%r11
	shlq	$34,%rcx
	movq	%rdx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rcx
	shlq	$34,%rdx
	orq	%r11,%rdx
	movq	%rcx,80(%r13)
	movq	%rdx,88(%r13)
	movq	%r14,%r11
	shlq	$17,%r14
	movq	%r15,%r9
	shrq	$47,%r9
	shrq	$47,%r11
	orq	%r9,%r14
	shlq	$17,%r15
	orq	%r11,%r15
	movq	%r14,96(%r13)
	movq	%r15,104(%r13)
	movq	%rax,%r11
	shlq	$34,%rax
	movq	%rbx,%r9
	shrq	$30,%r9
	shrq	$30,%r11
	orq	%r9,%rax
	shlq	$34,%rbx
	orq	%r11,%rbx
	movq	%rax,112(%r13)
	movq	%rbx,120(%r13)
	movq	%r8,%r11
	shlq	$51,%r8
	movq	%r10,%r9
	shrq	$13,%r9
	shrq	$13,%r11
	orq	%r9,%r8
	shlq	$51,%r10
	orq	%r11,%r10
	movq	%r8,128(%r13)
	movq	%r10,136(%r13)
	movl	$4,%eax
L$done:
	movq	0(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r13
	movq	24(%rsp),%rbp
	movq	32(%rsp),%rbx
	leaq	40(%rsp),%rsp
L$key_epilogue:
	.byte	0xf3,0xc3

.p2align	6
L$Camellia_SIGMA:
.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
.long	0,          0,          0,          0
L$Camellia_SBOX:
.long	0x70707000,0x70700070
.long	0x82828200,0x2c2c002c
.long	0x2c2c2c00,0xb3b300b3
.long	0xececec00,0xc0c000c0
.long	0xb3b3b300,0xe4e400e4
.long	0x27272700,0x57570057
.long	0xc0c0c000,0xeaea00ea
.long	0xe5e5e500,0xaeae00ae
.long	0xe4e4e400,0x23230023
.long	0x85858500,0x6b6b006b
.long	0x57575700,0x45450045
.long	0x35353500,0xa5a500a5
.long	0xeaeaea00,0xeded00ed
.long	0x0c0c0c00,0x4f4f004f
.long	0xaeaeae00,0x1d1d001d
.long	0x41414100,0x92920092
.long	0x23232300,0x86860086
.long	0xefefef00,0xafaf00af
.long	0x6b6b6b00,0x7c7c007c
.long	0x93939300,0x1f1f001f
.long	0x45454500,0x3e3e003e
.long	0x19191900,0xdcdc00dc
.long	0xa5a5a500,0x5e5e005e
.long	0x21212100,0x0b0b000b
.long	0xededed00,0xa6a600a6
.long	0x0e0e0e00,0x39390039
.long	0x4f4f4f00,0xd5d500d5
.long	0x4e4e4e00,0x5d5d005d
.long	0x1d1d1d00,0xd9d900d9
.long	0x65656500,0x5a5a005a
.long	0x92929200,0x51510051
.long	0xbdbdbd00,0x6c6c006c
.long	0x86868600,0x8b8b008b
.long	0xb8b8b800,0x9a9a009a
.long	0xafafaf00,0xfbfb00fb
.long	0x8f8f8f00,0xb0b000b0
.long	0x7c7c7c00,0x74740074
.long	0xebebeb00,0x2b2b002b
.long	0x1f1f1f00,0xf0f000f0
.long	0xcecece00,0x84840084
.long	0x3e3e3e00,0xdfdf00df
.long	0x30303000,0xcbcb00cb
.long	0xdcdcdc00,0x34340034
.long	0x5f5f5f00,0x76760076
.long	0x5e5e5e00,0x6d6d006d
.long	0xc5c5c500,0xa9a900a9
.long	0x0b0b0b00,0xd1d100d1
.long	0x1a1a1a00,0x04040004
.long	0xa6a6a600,0x14140014
.long	0xe1e1e100,0x3a3a003a
.long	0x39393900,0xdede00de
.long	0xcacaca00,0x11110011
.long	0xd5d5d500,0x32320032
.long	0x47474700,0x9c9c009c
.long	0x5d5d5d00,0x53530053
.long	0x3d3d3d00,0xf2f200f2
.long	0xd9d9d900,0xfefe00fe
.long	0x01010100,0xcfcf00cf
.long	0x5a5a5a00,0xc3c300c3
.long	0xd6d6d600,0x7a7a007a
.long	0x51515100,0x24240024
.long	0x56565600,0xe8e800e8
.long	0x6c6c6c00,0x60600060
.long	0x4d4d4d00,0x69690069
.long	0x8b8b8b00,0xaaaa00aa
.long	0x0d0d0d00,0xa0a000a0
.long	0x9a9a9a00,0xa1a100a1
.long	0x66666600,0x62620062
.long	0xfbfbfb00,0x54540054
.long	0xcccccc00,0x1e1e001e
.long	0xb0b0b000,0xe0e000e0
.long	0x2d2d2d00,0x64640064
.long	0x74747400,0x10100010
.long	0x12121200,0x00000000
.long	0x2b2b2b00,0xa3a300a3
.long	0x20202000,0x75750075
.long	0xf0f0f000,0x8a8a008a
.long	0xb1b1b100,0xe6e600e6
.long	0x84848400,0x09090009
.long	0x99999900,0xdddd00dd
.long	0xdfdfdf00,0x87870087
.long	0x4c4c4c00,0x83830083
.long	0xcbcbcb00,0xcdcd00cd
.long	0xc2c2c200,0x90900090
.long	0x34343400,0x73730073
.long	0x7e7e7e00,0xf6f600f6
.long	0x76767600,0x9d9d009d
.long	0x05050500,0xbfbf00bf
.long	0x6d6d6d00,0x52520052
.long	0xb7b7b700,0xd8d800d8
.long	0xa9a9a900,0xc8c800c8
.long	0x31313100,0xc6c600c6
.long	0xd1d1d100,0x81810081
.long	0x17171700,0x6f6f006f
.long	0x04040400,0x13130013
.long	0xd7d7d700,0x63630063
.long	0x14141400,0xe9e900e9
.long	0x58585800,0xa7a700a7
.long	0x3a3a3a00,0x9f9f009f
.long	0x61616100,0xbcbc00bc
.long	0xdedede00,0x29290029
.long	0x1b1b1b00,0xf9f900f9
.long	0x11111100,0x2f2f002f
.long	0x1c1c1c00,0xb4b400b4
.long	0x32323200,0x78780078
.long	0x0f0f0f00,0x06060006
.long	0x9c9c9c00,0xe7e700e7
.long	0x16161600,0x71710071
.long	0x53535300,0xd4d400d4
.long	0x18181800,0xabab00ab
.long	0xf2f2f200,0x88880088
.long	0x22222200,0x8d8d008d
.long	0xfefefe00,0x72720072
.long	0x44444400,0xb9b900b9
.long	0xcfcfcf00,0xf8f800f8
.long	0xb2b2b200,0xacac00ac
.long	0xc3c3c300,0x36360036
.long	0xb5b5b500,0x2a2a002a
.long	0x7a7a7a00,0x3c3c003c
.long	0x91919100,0xf1f100f1
.long	0x24242400,0x40400040
.long	0x08080800,0xd3d300d3
.long	0xe8e8e800,0xbbbb00bb
.long	0xa8a8a800,0x43430043
.long	0x60606000,0x15150015
.long	0xfcfcfc00,0xadad00ad
.long	0x69696900,0x77770077
.long	0x50505000,0x80800080
.long	0xaaaaaa00,0x82820082
.long	0xd0d0d000,0xecec00ec
.long	0xa0a0a000,0x27270027
.long	0x7d7d7d00,0xe5e500e5
.long	0xa1a1a100,0x85850085
.long	0x89898900,0x35350035
.long	0x62626200,0x0c0c000c
.long	0x97979700,0x41410041
.long	0x54545400,0xefef00ef
.long	0x5b5b5b00,0x93930093
.long	0x1e1e1e00,0x19190019
.long	0x95959500,0x21210021
.long	0xe0e0e000,0x0e0e000e
.long	0xffffff00,0x4e4e004e
.long	0x64646400,0x65650065
.long	0xd2d2d200,0xbdbd00bd
.long	0x10101000,0xb8b800b8
.long	0xc4c4c400,0x8f8f008f
.long	0x00000000,0xebeb00eb
.long	0x48484800,0xcece00ce
.long	0xa3a3a300,0x30300030
.long	0xf7f7f700,0x5f5f005f
.long	0x75757500,0xc5c500c5
.long	0xdbdbdb00,0x1a1a001a
.long	0x8a8a8a00,0xe1e100e1
.long	0x03030300,0xcaca00ca
.long	0xe6e6e600,0x47470047
.long	0xdadada00,0x3d3d003d
.long	0x09090900,0x01010001
.long	0x3f3f3f00,0xd6d600d6
.long	0xdddddd00,0x56560056
.long	0x94949400,0x4d4d004d
.long	0x87878700,0x0d0d000d
.long	0x5c5c5c00,0x66660066
.long	0x83838300,0xcccc00cc
.long	0x02020200,0x2d2d002d
.long	0xcdcdcd00,0x12120012
.long	0x4a4a4a00,0x20200020
.long	0x90909000,0xb1b100b1
.long	0x33333300,0x99990099
.long	0x73737300,0x4c4c004c
.long	0x67676700,0xc2c200c2
.long	0xf6f6f600,0x7e7e007e
.long	0xf3f3f300,0x05050005
.long	0x9d9d9d00,0xb7b700b7
.long	0x7f7f7f00,0x31310031
.long	0xbfbfbf00,0x17170017
.long	0xe2e2e200,0xd7d700d7
.long	0x52525200,0x58580058
.long	0x9b9b9b00,0x61610061
.long	0xd8d8d800,0x1b1b001b
.long	0x26262600,0x1c1c001c
.long	0xc8c8c800,0x0f0f000f
.long	0x37373700,0x16160016
.long	0xc6c6c600,0x18180018
.long	0x3b3b3b00,0x22220022
.long	0x81818100,0x44440044
.long	0x96969600,0xb2b200b2
.long	0x6f6f6f00,0xb5b500b5
.long	0x4b4b4b00,0x91910091
.long	0x13131300,0x08080008
.long	0xbebebe00,0xa8a800a8
.long	0x63636300,0xfcfc00fc
.long	0x2e2e2e00,0x50500050
.long	0xe9e9e900,0xd0d000d0
.long	0x79797900,0x7d7d007d
.long	0xa7a7a700,0x89890089
.long	0x8c8c8c00,0x97970097
.long	0x9f9f9f00,0x5b5b005b
.long	0x6e6e6e00,0x95950095
.long	0xbcbcbc00,0xffff00ff
.long	0x8e8e8e00,0xd2d200d2
.long	0x29292900,0xc4c400c4
.long	0xf5f5f500,0x48480048
.long	0xf9f9f900,0xf7f700f7
.long	0xb6b6b600,0xdbdb00db
.long	0x2f2f2f00,0x03030003
.long	0xfdfdfd00,0xdada00da
.long	0xb4b4b400,0x3f3f003f
.long	0x59595900,0x94940094
.long	0x78787800,0x5c5c005c
.long	0x98989800,0x02020002
.long	0x06060600,0x4a4a004a
.long	0x6a6a6a00,0x33330033
.long	0xe7e7e700,0x67670067
.long	0x46464600,0xf3f300f3
.long	0x71717100,0x7f7f007f
.long	0xbababa00,0xe2e200e2
.long	0xd4d4d400,0x9b9b009b
.long	0x25252500,0x26260026
.long	0xababab00,0x37370037
.long	0x42424200,0x3b3b003b
.long	0x88888800,0x96960096
.long	0xa2a2a200,0x4b4b004b
.long	0x8d8d8d00,0xbebe00be
.long	0xfafafa00,0x2e2e002e
.long	0x72727200,0x79790079
.long	0x07070700,0x8c8c008c
.long	0xb9b9b900,0x6e6e006e
.long	0x55555500,0x8e8e008e
.long	0xf8f8f800,0xf5f500f5
.long	0xeeeeee00,0xb6b600b6
.long	0xacacac00,0xfdfd00fd
.long	0x0a0a0a00,0x59590059
.long	0x36363600,0x98980098
.long	0x49494900,0x6a6a006a
.long	0x2a2a2a00,0x46460046
.long	0x68686800,0xbaba00ba
.long	0x3c3c3c00,0x25250025
.long	0x38383800,0x42420042
.long	0xf1f1f100,0xa2a200a2
.long	0xa4a4a400,0xfafa00fa
.long	0x40404000,0x07070007
.long	0x28282800,0x55550055
.long	0xd3d3d300,0xeeee00ee
.long	0x7b7b7b00,0x0a0a000a
.long	0xbbbbbb00,0x49490049
.long	0xc9c9c900,0x68680068
.long	0x43434300,0x38380038
.long	0xc1c1c100,0xa4a400a4
.long	0x15151500,0x28280028
.long	0xe3e3e300,0x7b7b007b
.long	0xadadad00,0xc9c900c9
.long	0xf4f4f400,0xc1c100c1
.long	0x77777700,0xe3e300e3
.long	0xc7c7c700,0xf4f400f4
.long	0x80808000,0xc7c700c7
.long	0x9e9e9e00,0x9e9e009e
.long	0x00e0e0e0,0x38003838
.long	0x00050505,0x41004141
.long	0x00585858,0x16001616
.long	0x00d9d9d9,0x76007676
.long	0x00676767,0xd900d9d9
.long	0x004e4e4e,0x93009393
.long	0x00818181,0x60006060
.long	0x00cbcbcb,0xf200f2f2
.long	0x00c9c9c9,0x72007272
.long	0x000b0b0b,0xc200c2c2
.long	0x00aeaeae,0xab00abab
.long	0x006a6a6a,0x9a009a9a
.long	0x00d5d5d5,0x75007575
.long	0x00181818,0x06000606
.long	0x005d5d5d,0x57005757
.long	0x00828282,0xa000a0a0
.long	0x00464646,0x91009191
.long	0x00dfdfdf,0xf700f7f7
.long	0x00d6d6d6,0xb500b5b5
.long	0x00272727,0xc900c9c9
.long	0x008a8a8a,0xa200a2a2
.long	0x00323232,0x8c008c8c
.long	0x004b4b4b,0xd200d2d2
.long	0x00424242,0x90009090
.long	0x00dbdbdb,0xf600f6f6
.long	0x001c1c1c,0x07000707
.long	0x009e9e9e,0xa700a7a7
.long	0x009c9c9c,0x27002727
.long	0x003a3a3a,0x8e008e8e
.long	0x00cacaca,0xb200b2b2
.long	0x00252525,0x49004949
.long	0x007b7b7b,0xde00dede
.long	0x000d0d0d,0x43004343
.long	0x00717171,0x5c005c5c
.long	0x005f5f5f,0xd700d7d7
.long	0x001f1f1f,0xc700c7c7
.long	0x00f8f8f8,0x3e003e3e
.long	0x00d7d7d7,0xf500f5f5
.long	0x003e3e3e,0x8f008f8f
.long	0x009d9d9d,0x67006767
.long	0x007c7c7c,0x1f001f1f
.long	0x00606060,0x18001818
.long	0x00b9b9b9,0x6e006e6e
.long	0x00bebebe,0xaf00afaf
.long	0x00bcbcbc,0x2f002f2f
.long	0x008b8b8b,0xe200e2e2
.long	0x00161616,0x85008585
.long	0x00343434,0x0d000d0d
.long	0x004d4d4d,0x53005353
.long	0x00c3c3c3,0xf000f0f0
.long	0x00727272,0x9c009c9c
.long	0x00959595,0x65006565
.long	0x00ababab,0xea00eaea
.long	0x008e8e8e,0xa300a3a3
.long	0x00bababa,0xae00aeae
.long	0x007a7a7a,0x9e009e9e
.long	0x00b3b3b3,0xec00ecec
.long	0x00020202,0x80008080
.long	0x00b4b4b4,0x2d002d2d
.long	0x00adadad,0x6b006b6b
.long	0x00a2a2a2,0xa800a8a8
.long	0x00acacac,0x2b002b2b
.long	0x00d8d8d8,0x36003636
.long	0x009a9a9a,0xa600a6a6
.long	0x00171717,0xc500c5c5
.long	0x001a1a1a,0x86008686
.long	0x00353535,0x4d004d4d
.long	0x00cccccc,0x33003333
.long	0x00f7f7f7,0xfd00fdfd
.long	0x00999999,0x66006666
.long	0x00616161,0x58005858
.long	0x005a5a5a,0x96009696
.long	0x00e8e8e8,0x3a003a3a
.long	0x00242424,0x09000909
.long	0x00565656,0x95009595
.long	0x00404040,0x10001010
.long	0x00e1e1e1,0x78007878
.long	0x00636363,0xd800d8d8
.long	0x00090909,0x42004242
.long	0x00333333,0xcc00cccc
.long	0x00bfbfbf,0xef00efef
.long	0x00989898,0x26002626
.long	0x00979797,0xe500e5e5
.long	0x00858585,0x61006161
.long	0x00686868,0x1a001a1a
.long	0x00fcfcfc,0x3f003f3f
.long	0x00ececec,0x3b003b3b
.long	0x000a0a0a,0x82008282
.long	0x00dadada,0xb600b6b6
.long	0x006f6f6f,0xdb00dbdb
.long	0x00535353,0xd400d4d4
.long	0x00626262,0x98009898
.long	0x00a3a3a3,0xe800e8e8
.long	0x002e2e2e,0x8b008b8b
.long	0x00080808,0x02000202
.long	0x00afafaf,0xeb00ebeb
.long	0x00282828,0x0a000a0a
.long	0x00b0b0b0,0x2c002c2c
.long	0x00747474,0x1d001d1d
.long	0x00c2c2c2,0xb000b0b0
.long	0x00bdbdbd,0x6f006f6f
.long	0x00363636,0x8d008d8d
.long	0x00222222,0x88008888
.long	0x00383838,0x0e000e0e
.long	0x00646464,0x19001919
.long	0x001e1e1e,0x87008787
.long	0x00393939,0x4e004e4e
.long	0x002c2c2c,0x0b000b0b
.long	0x00a6a6a6,0xa900a9a9
.long	0x00303030,0x0c000c0c
.long	0x00e5e5e5,0x79007979
.long	0x00444444,0x11001111
.long	0x00fdfdfd,0x7f007f7f
.long	0x00888888,0x22002222
.long	0x009f9f9f,0xe700e7e7
.long	0x00656565,0x59005959
.long	0x00878787,0xe100e1e1
.long	0x006b6b6b,0xda00dada
.long	0x00f4f4f4,0x3d003d3d
.long	0x00232323,0xc800c8c8
.long	0x00484848,0x12001212
.long	0x00101010,0x04000404
.long	0x00d1d1d1,0x74007474
.long	0x00515151,0x54005454
.long	0x00c0c0c0,0x30003030
.long	0x00f9f9f9,0x7e007e7e
.long	0x00d2d2d2,0xb400b4b4
.long	0x00a0a0a0,0x28002828
.long	0x00555555,0x55005555
.long	0x00a1a1a1,0x68006868
.long	0x00414141,0x50005050
.long	0x00fafafa,0xbe00bebe
.long	0x00434343,0xd000d0d0
.long	0x00131313,0xc400c4c4
.long	0x00c4c4c4,0x31003131
.long	0x002f2f2f,0xcb00cbcb
.long	0x00a8a8a8,0x2a002a2a
.long	0x00b6b6b6,0xad00adad
.long	0x003c3c3c,0x0f000f0f
.long	0x002b2b2b,0xca00caca
.long	0x00c1c1c1,0x70007070
.long	0x00ffffff,0xff00ffff
.long	0x00c8c8c8,0x32003232
.long	0x00a5a5a5,0x69006969
.long	0x00202020,0x08000808
.long	0x00898989,0x62006262
.long	0x00000000,0x00000000
.long	0x00909090,0x24002424
.long	0x00474747,0xd100d1d1
.long	0x00efefef,0xfb00fbfb
.long	0x00eaeaea,0xba00baba
.long	0x00b7b7b7,0xed00eded
.long	0x00151515,0x45004545
.long	0x00060606,0x81008181
.long	0x00cdcdcd,0x73007373
.long	0x00b5b5b5,0x6d006d6d
.long	0x00121212,0x84008484
.long	0x007e7e7e,0x9f009f9f
.long	0x00bbbbbb,0xee00eeee
.long	0x00292929,0x4a004a4a
.long	0x000f0f0f,0xc300c3c3
.long	0x00b8b8b8,0x2e002e2e
.long	0x00070707,0xc100c1c1
.long	0x00040404,0x01000101
.long	0x009b9b9b,0xe600e6e6
.long	0x00949494,0x25002525
.long	0x00212121,0x48004848
.long	0x00666666,0x99009999
.long	0x00e6e6e6,0xb900b9b9
.long	0x00cecece,0xb300b3b3
.long	0x00ededed,0x7b007b7b
.long	0x00e7e7e7,0xf900f9f9
.long	0x003b3b3b,0xce00cece
.long	0x00fefefe,0xbf00bfbf
.long	0x007f7f7f,0xdf00dfdf
.long	0x00c5c5c5,0x71007171
.long	0x00a4a4a4,0x29002929
.long	0x00373737,0xcd00cdcd
.long	0x00b1b1b1,0x6c006c6c
.long	0x004c4c4c,0x13001313
.long	0x00919191,0x64006464
.long	0x006e6e6e,0x9b009b9b
.long	0x008d8d8d,0x63006363
.long	0x00767676,0x9d009d9d
.long	0x00030303,0xc000c0c0
.long	0x002d2d2d,0x4b004b4b
.long	0x00dedede,0xb700b7b7
.long	0x00969696,0xa500a5a5
.long	0x00262626,0x89008989
.long	0x007d7d7d,0x5f005f5f
.long	0x00c6c6c6,0xb100b1b1
.long	0x005c5c5c,0x17001717
.long	0x00d3d3d3,0xf400f4f4
.long	0x00f2f2f2,0xbc00bcbc
.long	0x004f4f4f,0xd300d3d3
.long	0x00191919,0x46004646
.long	0x003f3f3f,0xcf00cfcf
.long	0x00dcdcdc,0x37003737
.long	0x00797979,0x5e005e5e
.long	0x001d1d1d,0x47004747
.long	0x00525252,0x94009494
.long	0x00ebebeb,0xfa00fafa
.long	0x00f3f3f3,0xfc00fcfc
.long	0x006d6d6d,0x5b005b5b
.long	0x005e5e5e,0x97009797
.long	0x00fbfbfb,0xfe00fefe
.long	0x00696969,0x5a005a5a
.long	0x00b2b2b2,0xac00acac
.long	0x00f0f0f0,0x3c003c3c
.long	0x00313131,0x4c004c4c
.long	0x000c0c0c,0x03000303
.long	0x00d4d4d4,0x35003535
.long	0x00cfcfcf,0xf300f3f3
.long	0x008c8c8c,0x23002323
.long	0x00e2e2e2,0xb800b8b8
.long	0x00757575,0x5d005d5d
.long	0x00a9a9a9,0x6a006a6a
.long	0x004a4a4a,0x92009292
.long	0x00575757,0xd500d5d5
.long	0x00848484,0x21002121
.long	0x00111111,0x44004444
.long	0x00454545,0x51005151
.long	0x001b1b1b,0xc600c6c6
.long	0x00f5f5f5,0x7d007d7d
.long	0x00e4e4e4,0x39003939
.long	0x000e0e0e,0x83008383
.long	0x00737373,0xdc00dcdc
.long	0x00aaaaaa,0xaa00aaaa
.long	0x00f1f1f1,0x7c007c7c
.long	0x00dddddd,0x77007777
.long	0x00595959,0x56005656
.long	0x00141414,0x05000505
.long	0x006c6c6c,0x1b001b1b
.long	0x00929292,0xa400a4a4
.long	0x00545454,0x15001515
.long	0x00d0d0d0,0x34003434
.long	0x00787878,0x1e001e1e
.long	0x00707070,0x1c001c1c
.long	0x00e3e3e3,0xf800f8f8
.long	0x00494949,0x52005252
.long	0x00808080,0x20002020
.long	0x00505050,0x14001414
.long	0x00a7a7a7,0xe900e9e9
.long	0x00f6f6f6,0xbd00bdbd
.long	0x00777777,0xdd00dddd
.long	0x00939393,0xe400e4e4
.long	0x00868686,0xa100a1a1
.long	0x00838383,0xe000e0e0
.long	0x002a2a2a,0x8a008a8a
.long	0x00c7c7c7,0xf100f1f1
.long	0x005b5b5b,0xd600d6d6
.long	0x00e9e9e9,0x7a007a7a
.long	0x00eeeeee,0xbb00bbbb
.long	0x008f8f8f,0xe300e3e3
.long	0x00010101,0x40004040
.long	0x003d3d3d,0x4f004f4f
.globl	_Camellia_cbc_encrypt

.p2align	4
_Camellia_cbc_encrypt:
	cmpq	$0,%rdx
	je	L$cbc_abort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
L$cbc_prologue:

	movq	%rsp,%rbp
	subq	$64,%rsp
	andq	$-64,%rsp



	leaq	-64-63(%rcx),%r10
	subq	%rsp,%r10
	negq	%r10
	andq	$960,%r10
	subq	%r10,%rsp


	movq	%rdi,%r12
	movq	%rsi,%r13
	movq	%r8,%rbx
	movq	%rcx,%r14
	movl	272(%rcx),%r15d

	movq	%r8,40(%rsp)
	movq	%rbp,48(%rsp)

L$cbc_body:
	leaq	L$Camellia_SBOX(%rip),%rbp

	movl	$32,%ecx
.p2align	2
L$cbc_prefetch_sbox:
	movq	0(%rbp),%rax
	movq	32(%rbp),%rsi
	movq	64(%rbp),%rdi
	movq	96(%rbp),%r11
	leaq	128(%rbp),%rbp
	loop	L$cbc_prefetch_sbox
	subq	$4096,%rbp
	shlq	$6,%r15
	movq	%rdx,%rcx
	leaq	(%r14,%r15,1),%r15

	cmpl	$0,%r9d
	je	L$CBC_DECRYPT

	andq	$-16,%rdx
	andq	$15,%rcx
	leaq	(%r12,%rdx,1),%rdx
	movq	%r14,0(%rsp)
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	cmpq	%r12,%rdx
	movl	0(%rbx),%r8d
	movl	4(%rbx),%r9d
	movl	8(%rbx),%r10d
	movl	12(%rbx),%r11d
	je	L$cbc_enc_tail
	jmp	L$cbc_eloop

.p2align	4
L$cbc_eloop:
	xorl	0(%r12),%r8d
	xorl	4(%r12),%r9d
	xorl	8(%r12),%r10d
	bswapl	%r8d
	xorl	12(%r12),%r11d
	bswapl	%r9d
	bswapl	%r10d
	bswapl	%r11d

	call	_x86_64_Camellia_encrypt

	movq	0(%rsp),%r14
	bswapl	%r8d
	movq	8(%rsp),%rdx
	bswapl	%r9d
	movq	16(%rsp),%rcx
	bswapl	%r10d
	movl	%r8d,0(%r13)
	bswapl	%r11d
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	leaq	16(%r12),%r12
	movl	%r11d,12(%r13)
	cmpq	%rdx,%r12
	leaq	16(%r13),%r13
	jne	L$cbc_eloop

	cmpq	$0,%rcx
	jne	L$cbc_enc_tail

	movq	40(%rsp),%r13
	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)
	jmp	L$cbc_done

.p2align	4
L$cbc_enc_tail:
	xorq	%rax,%rax
	movq	%rax,0+24(%rsp)
	movq	%rax,8+24(%rsp)
	movq	%rax,16(%rsp)

L$cbc_enc_pushf:
	pushfq
	cld
	movq	%r12,%rsi
	leaq	8+24(%rsp),%rdi
.long	0x9066A4F3		
	popfq
L$cbc_enc_popf:

	leaq	24(%rsp),%r12
	leaq	16+24(%rsp),%rax
	movq	%rax,8(%rsp)
	jmp	L$cbc_eloop		

.p2align	4
L$CBC_DECRYPT:
	xchgq	%r14,%r15
	addq	$15,%rdx
	andq	$15,%rcx
	andq	$-16,%rdx
	movq	%r14,0(%rsp)
	leaq	(%r12,%rdx,1),%rdx
	movq	%rdx,8(%rsp)
	movq	%rcx,16(%rsp)

	movq	(%rbx),%rax
	movq	8(%rbx),%rbx
	jmp	L$cbc_dloop
.p2align	4
L$cbc_dloop:
	movl	0(%r12),%r8d
	movl	4(%r12),%r9d
	movl	8(%r12),%r10d
	bswapl	%r8d
	movl	12(%r12),%r11d
	bswapl	%r9d
	movq	%rax,0+24(%rsp)
	bswapl	%r10d
	movq	%rbx,8+24(%rsp)
	bswapl	%r11d

	call	_x86_64_Camellia_decrypt

	movq	0(%rsp),%r14
	movq	8(%rsp),%rdx
	movq	16(%rsp),%rcx

	bswapl	%r8d
	movq	(%r12),%rax
	bswapl	%r9d
	movq	8(%r12),%rbx
	bswapl	%r10d
	xorl	0+24(%rsp),%r8d
	bswapl	%r11d
	xorl	4+24(%rsp),%r9d
	xorl	8+24(%rsp),%r10d
	leaq	16(%r12),%r12
	xorl	12+24(%rsp),%r11d
	cmpq	%rdx,%r12
	je	L$cbc_ddone

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	leaq	16(%r13),%r13
	jmp	L$cbc_dloop

.p2align	4
L$cbc_ddone:
	movq	40(%rsp),%rdx
	cmpq	$0,%rcx
	jne	L$cbc_dec_tail

	movl	%r8d,0(%r13)
	movl	%r9d,4(%r13)
	movl	%r10d,8(%r13)
	movl	%r11d,12(%r13)

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	L$cbc_done
.p2align	4
L$cbc_dec_tail:
	movl	%r8d,0+24(%rsp)
	movl	%r9d,4+24(%rsp)
	movl	%r10d,8+24(%rsp)
	movl	%r11d,12+24(%rsp)

L$cbc_dec_pushf:
	pushfq
	cld
	leaq	8+24(%rsp),%rsi
	leaq	(%r13),%rdi
.long	0x9066A4F3		
	popfq
L$cbc_dec_popf:

	movq	%rax,(%rdx)
	movq	%rbx,8(%rdx)
	jmp	L$cbc_done

.p2align	4
L$cbc_done:
	movq	48(%rsp),%rcx
	movq	0(%rcx),%r15
	movq	8(%rcx),%r14
	movq	16(%rcx),%r13
	movq	24(%rcx),%r12
	movq	32(%rcx),%rbp
	movq	40(%rcx),%rbx
	leaq	48(%rcx),%rsp
L$cbc_abort:
	.byte	0xf3,0xc3


.byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/camellia/cmll_cbc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_cbc.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_cbc.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/camellia/cmll_cfb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_cfb.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_cfb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/camellia/cmll_ctr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_ctr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_ctr.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/camellia/cmll_ecb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_ecb.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_ecb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/camellia/cmll_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_locl.h,v 1.4 2014/07/12 20:11:45 miod Exp $ */
/* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
 * ALL RIGHTS RESERVED.
 *
 * Intellectual Property information for Camellia:
 *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_locl.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */
/* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
 * ALL RIGHTS RESERVED.
 *
 * Intellectual Property information for Camellia:
 *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 *
63
64
65
66
67
68
69


70
71
72
73
74
75
76
77
78
79
80
81
82
83
84


85
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */

#ifndef HEADER_CAMELLIA_LOCL_H
#define HEADER_CAMELLIA_LOCL_H



typedef unsigned int  u32;
typedef unsigned char u8;

int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
	    KEY_TABLE_TYPE keyTable);
void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
	    const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
	    const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
	    const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
	    const KEY_TABLE_TYPE keyTable, u8 plaintext[]);



#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */







>
>















>
>

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */

#ifndef HEADER_CAMELLIA_LOCL_H
#define HEADER_CAMELLIA_LOCL_H

__BEGIN_HIDDEN_DECLS

typedef unsigned int  u32;
typedef unsigned char u8;

int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
	    KEY_TABLE_TYPE keyTable);
void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
	    const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
	    const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
	    const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
	    const KEY_TABLE_TYPE keyTable, u8 plaintext[]);

__END_HIDDEN_DECLS

#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
Changes to jni/libressl/crypto/camellia/cmll_misc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_misc.c,v 1.5 2014/07/12 20:11:45 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_misc.c,v 1.6 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/camellia/cmll_ofb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_ofb.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmll_ofb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/cast/c_cfb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_cfb64.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_cfb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/cast/c_ecb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_ecb.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_ecb.c,v 1.7 2014/07/09 11:10:50 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/cast/c_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_enc.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_enc.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/cast/c_ofb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_ofb64.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_ofb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/cast/c_skey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_skey.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/cast/cast_lcl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: cast_lcl.h,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cast_lcl.h,v 1.11 2015/11/05 21:46:51 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/cast/cast_s.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cast_s.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
51
52
53
54
55
56
57



58
59
60
61
62
63
64
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */



const CAST_LONG CAST_S_table0[256]={
	0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
	0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
	0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
	0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
	0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
	0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,







>
>
>







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

__BEGIN_HIDDEN_DECLS

const CAST_LONG CAST_S_table0[256]={
	0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
	0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
	0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
	0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
	0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
	0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,
579
580
581
582
583
584
585


	0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
	0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
	0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
	0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
	0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
	0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
	};









>
>
582
583
584
585
586
587
588
589
590
	0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
	0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
	0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
	0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
	0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
	0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
	};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/chacha/chacha-merged.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: chacha-merged.c,v 1.6 2014/06/24 18:12:09 jsing Exp $ */
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/

#include <sys/types.h>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: chacha-merged.c,v 1.7 2014/07/11 08:47:47 bcook Exp $ */
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/

#include <sys/types.h>
Changes to jni/libressl/crypto/chacha/chacha.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: chacha.c,v 1.6 2014/07/08 14:30:23 bcook Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: chacha.c,v 1.7 2015/12/09 14:07:55 bcook Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/cmac/cm_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cm_ameth.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2010.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cm_ameth.c,v 1.7 2014/07/12 16:03:37 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2010.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/cmac/cm_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cm_pmeth.c,v 1.7 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2010.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cm_pmeth.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2010.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/cmac/cmac.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmac.c,v 1.9 2014/07/12 14:58:32 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmac.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/comp/c_rle.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_rle.c,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/comp.h>

static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_rle.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/comp.h>

static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
Changes to jni/libressl/crypto/comp/c_zlib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_zlib.c,v 1.17 2014/11/03 16:58:28 tedu Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/comp.h>
#include <openssl/err.h>

|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_zlib.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/comp.h>
#include <openssl/err.h>

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
static int
bio_zlib_new(BIO *bi)
{
	BIO_ZLIB_CTX *ctx;

	ctx = malloc(sizeof(BIO_ZLIB_CTX));
	if (!ctx) {
		COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ctx->ibuf = NULL;
	ctx->obuf = NULL;
	ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
	ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
	ctx->zin.zalloc = Z_NULL;







|







253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
static int
bio_zlib_new(BIO *bi)
{
	BIO_ZLIB_CTX *ctx;

	ctx = malloc(sizeof(BIO_ZLIB_CTX));
	if (!ctx) {
		COMPerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ctx->ibuf = NULL;
	ctx->obuf = NULL;
	ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
	ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
	ctx->zin.zalloc = Z_NULL;
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
		return 0;
	ctx = (BIO_ZLIB_CTX *)b->ptr;
	zin = &ctx->zin;
	BIO_clear_retry_flags(b);
	if (!ctx->ibuf) {
		ctx->ibuf = malloc(ctx->ibufsize);
		if (!ctx->ibuf) {
			COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		inflateInit(zin);
		zin->next_in = ctx->ibuf;
		zin->avail_in = 0;
	}

	/* Copy output data directly to supplied buffer */
	zin->next_out = (unsigned char *)out;
	zin->avail_out = (unsigned int)outl;
	for (;;) {
		/* Decompress while data available */
		while (zin->avail_in) {
			ret = inflate(zin, 0);
			if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
				COMPerr(COMP_F_BIO_ZLIB_READ,
				    COMP_R_ZLIB_INFLATE_ERROR);
				ERR_asprintf_error_data("zlib error:%s",
				    zError(ret));
				return 0;
			}
			/* If EOF or we've read everything then return */
			if ((ret == Z_STREAM_END) || !zin->avail_out)
				return outl - zin->avail_out;







|















<
|







320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342

343
344
345
346
347
348
349
350
		return 0;
	ctx = (BIO_ZLIB_CTX *)b->ptr;
	zin = &ctx->zin;
	BIO_clear_retry_flags(b);
	if (!ctx->ibuf) {
		ctx->ibuf = malloc(ctx->ibufsize);
		if (!ctx->ibuf) {
			COMPerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		inflateInit(zin);
		zin->next_in = ctx->ibuf;
		zin->avail_in = 0;
	}

	/* Copy output data directly to supplied buffer */
	zin->next_out = (unsigned char *)out;
	zin->avail_out = (unsigned int)outl;
	for (;;) {
		/* Decompress while data available */
		while (zin->avail_in) {
			ret = inflate(zin, 0);
			if ((ret != Z_OK) && (ret != Z_STREAM_END)) {

				COMPerror(COMP_R_ZLIB_INFLATE_ERROR);
				ERR_asprintf_error_data("zlib error:%s",
				    zError(ret));
				return 0;
			}
			/* If EOF or we've read everything then return */
			if ((ret == Z_STREAM_END) || !zin->avail_out)
				return outl - zin->avail_out;
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
		return 0;
	zout = &ctx->zout;
	BIO_clear_retry_flags(b);
	if (!ctx->obuf) {
		ctx->obuf = malloc(ctx->obufsize);
		/* Need error here */
		if (!ctx->obuf) {
			COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		ctx->optr = ctx->obuf;
		ctx->ocount = 0;
		deflateInit(zout, ctx->comp_level);
		zout->next_out = ctx->obuf;
		zout->avail_out = ctx->obufsize;







|







381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
		return 0;
	zout = &ctx->zout;
	BIO_clear_retry_flags(b);
	if (!ctx->obuf) {
		ctx->obuf = malloc(ctx->obufsize);
		/* Need error here */
		if (!ctx->obuf) {
			COMPerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		ctx->optr = ctx->obuf;
		ctx->ocount = 0;
		deflateInit(zout, ctx->comp_level);
		zout->next_out = ctx->obuf;
		zout->avail_out = ctx->obufsize;
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
		/* Reset buffer */
		ctx->optr = ctx->obuf;
		zout->next_out = ctx->obuf;
		zout->avail_out = ctx->obufsize;
		/* Compress some more */
		ret = deflate(zout, 0);
		if (ret != Z_OK) {
			COMPerr(COMP_F_BIO_ZLIB_WRITE,
			    COMP_R_ZLIB_DEFLATE_ERROR);
			ERR_asprintf_error_data("zlib error:%s", zError(ret));
			return 0;
		}
		ctx->ocount = ctx->obufsize - zout->avail_out;
	}
}








<
|







422
423
424
425
426
427
428

429
430
431
432
433
434
435
436
		/* Reset buffer */
		ctx->optr = ctx->obuf;
		zout->next_out = ctx->obuf;
		zout->avail_out = ctx->obufsize;
		/* Compress some more */
		ret = deflate(zout, 0);
		if (ret != Z_OK) {

			COMPerror(COMP_R_ZLIB_DEFLATE_ERROR);
			ERR_asprintf_error_data("zlib error:%s", zError(ret));
			return 0;
		}
		ctx->ocount = ctx->obufsize - zout->avail_out;
	}
}

473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
		zout->next_out = ctx->obuf;
		zout->avail_out = ctx->obufsize;
		/* Compress some more */
		ret = deflate(zout, Z_FINISH);
		if (ret == Z_STREAM_END)
			ctx->odone = 1;
		else if (ret != Z_OK) {
			COMPerr(COMP_F_BIO_ZLIB_FLUSH,
			    COMP_R_ZLIB_DEFLATE_ERROR);
			ERR_asprintf_error_data("zlib error:%s", zError(ret));
			return 0;
		}
		ctx->ocount = ctx->obufsize - zout->avail_out;
	}
}








<
|







471
472
473
474
475
476
477

478
479
480
481
482
483
484
485
		zout->next_out = ctx->obuf;
		zout->avail_out = ctx->obufsize;
		/* Compress some more */
		ret = deflate(zout, Z_FINISH);
		if (ret == Z_STREAM_END)
			ctx->odone = 1;
		else if (ret != Z_OK) {

			COMPerror(COMP_R_ZLIB_DEFLATE_ERROR);
			ERR_asprintf_error_data("zlib error:%s", zError(ret));
			return 0;
		}
		ctx->ocount = ctx->obufsize - zout->avail_out;
	}
}

Changes to jni/libressl/crypto/comp/comp_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: comp_err.c,v 1.8 2014/07/10 22:45:56 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: comp_err.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)

static ERR_STRING_DATA COMP_str_functs[] = {
	{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH),	"BIO_ZLIB_FLUSH"},
	{ERR_FUNC(COMP_F_BIO_ZLIB_NEW),	"BIO_ZLIB_NEW"},
	{ERR_FUNC(COMP_F_BIO_ZLIB_READ),	"BIO_ZLIB_READ"},
	{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE),	"BIO_ZLIB_WRITE"},
	{0, NULL}
};

static ERR_STRING_DATA COMP_str_reasons[] = {
	{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR)   , "zlib deflate error"},
	{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR)   , "zlib inflate error"},
	{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED)   , "zlib not supported"},







<
|
<
<







63
64
65
66
67
68
69

70


71
72
73
74
75
76
77
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)

static ERR_STRING_DATA COMP_str_functs[] = {

	{ERR_FUNC(0xfff), "CRYPTO_internal"},


	{0, NULL}
};

static ERR_STRING_DATA COMP_str_reasons[] = {
	{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR)   , "zlib deflate error"},
	{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR)   , "zlib inflate error"},
	{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED)   , "zlib not supported"},
Changes to jni/libressl/crypto/comp/comp_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: comp_lib.c,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/comp.h>

COMP_CTX *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: comp_lib.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/comp.h>

COMP_CTX *
Changes to jni/libressl/crypto/compat/arc4random.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random.c,v 1.53 2015/09/10 18:53:50 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random.c,v 1.54 2015/09/13 08:31:47 guenther Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_aix.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_aix.h,v 1.1 2015/03/30 11:29:48 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_freebsd.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_freebsd.h,v 1.3 2015/09/11 11:52:55 deraadt Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_hpux.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_hpux.h,v 1.2 2015/01/15 06:57:18 deraadt Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_linux.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_linux.h,v 1.10 2016/01/04 02:04:56 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_linux.h,v 1.11 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_netbsd.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_netbsd.h,v 1.2 2015/09/11 11:52:55 deraadt Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_osx.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_osx.h,v 1.10 2015/09/11 11:52:55 deraadt Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_solaris.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_solaris.h,v 1.9 2015/01/15 06:57:18 deraadt Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/arc4random_uniform.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_uniform.c,v 1.1 2014/07/12 13:24:54 deraadt Exp $	*/

/*
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_uniform.c,v 1.2 2015/09/13 08:31:47 guenther Exp $	*/

/*
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Changes to jni/libressl/crypto/compat/arc4random_win.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_win.h,v 1.4 2014/07/20 20:51:13 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $	*/

/*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
 *
Changes to jni/libressl/crypto/compat/chacha_private.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/

/* $OpenBSD$ */

typedef unsigned char u8;
typedef unsigned int u32;

typedef struct
{
  u32 input[16]; /* could be compressed */






|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/

/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */

typedef unsigned char u8;
typedef unsigned int u32;

typedef struct
{
  u32 input[16]; /* could be compressed */
Changes to jni/libressl/crypto/compat/explicit_bzero.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
/*
 * Public domain.
 * Written by Matthew Dempsky.
 */

#include <string.h>

|







1
2
3
4
5
6
7
8
/*	$OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
/*
 * Public domain.
 * Written by Matthew Dempsky.
 */

#include <string.h>

Changes to jni/libressl/crypto/compat/getentropy_aix.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/*	$OpenBSD: getentropy_aix.c,v 1.3 2015/08/25 17:26:43 deraadt Exp $	*/

/*
 * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */
/*
 * -lperfstat is needed for the psuedo entropy data
 */

#include <sys/mman.h>
#include <sys/procfs.h>
|



















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/*	$OpenBSD: getentropy_aix.c,v 1.5 2016/08/07 03:27:21 tb Exp $	*/

/*
 * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */
/*
 * -lperfstat is needed for the psuedo entropy data
 */

#include <sys/mman.h>
#include <sys/procfs.h>
Changes to jni/libressl/crypto/compat/getentropy_freebsd.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_freebsd.c,v 1.1 2014/11/03 06:23:30 bcook Exp $	*/

/*
 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */

#include <sys/types.h>
#include <sys/sysctl.h>

#include <errno.h>
#include <stddef.h>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/

/*
 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#include <sys/types.h>
#include <sys/sysctl.h>

#include <errno.h>
#include <stddef.h>
Changes to jni/libressl/crypto/compat/getentropy_hpux.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_hpux.c,v 1.3 2015/08/25 17:26:43 deraadt Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/syscall.h>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_hpux.c,v 1.5 2016/08/07 03:27:21 tb Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/syscall.h>
Changes to jni/libressl/crypto/compat/getentropy_linux.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_linux.c,v 1.41 2015/09/11 11:52:55 deraadt Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */

#define	_POSIX_C_SOURCE	199309L
#define	_GNU_SOURCE	1
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_linux.c,v 1.43.4.1 2017/04/29 18:57:00 beck Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#define	_POSIX_C_SOURCE	199309L
#define	_GNU_SOURCE	1
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
92
93
94
95
96
97
98
99





100
101
102
103
104
105
106
107
108
109
110
111
112
	if (len > 256) {
		errno = EIO;
		return (-1);
	}

#ifdef SYS_getrandom
	/*
	 * Try descriptor-less getrandom()





	 */
	ret = getentropy_getrandom(buf, len);
	if (ret != -1)
		return (ret);
	if (errno != ENOSYS)
		return (-1);
#endif

	/*
	 * Try to get entropy with /dev/urandom
	 *
	 * This can fail if the process is inside a chroot or if file
	 * descriptors are exhausted.







|
>
>
>
>
>




<
<







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108


109
110
111
112
113
114
115
	if (len > 256) {
		errno = EIO;
		return (-1);
	}

#ifdef SYS_getrandom
	/*
	 * Try descriptor-less getrandom(), in non-blocking mode.
	 *
	 * The design of Linux getrandom is broken.  It has an
	 * uninitialized phase coupled with blocking behaviour, which
	 * is unacceptable from within a library at boot time without
	 * possible recovery. See http://bugs.python.org/issue26839#msg267745
	 */
	ret = getentropy_getrandom(buf, len);
	if (ret != -1)
		return (ret);


#endif

	/*
	 * Try to get entropy with /dev/urandom
	 *
	 * This can fail if the process is inside a chroot or if file
	 * descriptors are exhausted.
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
	 *	 corefiles.
	 *     - Could raise(SIGKILL) resulting in silent program termination.
	 *     - Return EIO, to hint that arc4random's stir function
	 *       should raise(SIGKILL)
	 *     - Do the best under the circumstances....
	 *
	 * This code path exists to bring light to the issue that Linux
	 * does not provide a failsafe API for entropy collection.
	 *
	 * We hope this demonstrates that Linux should either retain their
	 * sysctl ABI, or consider providing a new failsafe API which
	 * works in a chroot or when file descriptors are exhausted.
	 */
#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK







|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
	 *	 corefiles.
	 *     - Could raise(SIGKILL) resulting in silent program termination.
	 *     - Return EIO, to hint that arc4random's stir function
	 *       should raise(SIGKILL)
	 *     - Do the best under the circumstances....
	 *
	 * This code path exists to bring light to the issue that Linux
	 * still does not provide a failsafe API for entropy collection.
	 *
	 * We hope this demonstrates that Linux should either retain their
	 * sysctl ABI, or consider providing a new failsafe API which
	 * works in a chroot or when file descriptors are exhausted.
	 */
#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
getentropy_getrandom(void *buf, size_t len)
{
	int pre_errno = errno;
	int ret;
	if (len > 256)
		return (-1);
	do {
		ret = syscall(SYS_getrandom, buf, len, 0);
	} while (ret == -1 && errno == EINTR);

	if (ret != len)
		return (-1);
	errno = pre_errno;
	return (0);
}







|







198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
getentropy_getrandom(void *buf, size_t len)
{
	int pre_errno = errno;
	int ret;
	if (len > 256)
		return (-1);
	do {
		ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
	} while (ret == -1 && errno == EINTR);

	if (ret != len)
		return (-1);
	errno = pre_errno;
	return (0);
}
Changes to jni/libressl/crypto/compat/getentropy_netbsd.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_netbsd.c,v 1.1 2015/01/19 20:21:40 bcook Exp $	*/

/*
 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */

#include <sys/types.h>
#include <sys/sysctl.h>

#include <errno.h>
#include <stddef.h>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/

/*
 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#include <sys/types.h>
#include <sys/sysctl.h>

#include <errno.h>
#include <stddef.h>
Changes to jni/libressl/crypto/compat/getentropy_osx.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

23
24
25
26
27
28
29
/*	$OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */


#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/syscall.h>
#include <sys/sysctl.h>
#include <sys/statvfs.h>
|


















|


>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/*	$OpenBSD: getentropy_osx.c,v 1.11 2016/09/03 15:24:09 bcook Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#include <TargetConditionals.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/syscall.h>
#include <sys/sysctl.h>
#include <sys/statvfs.h>
41
42
43
44
45
46
47

48
49

50
51

52
53
54
55

56
57
58
59
60
61
62
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <time.h>
#include <mach/mach_time.h>
#include <mach/mach_host.h>
#include <mach/host_info.h>

#include <sys/socketvar.h>
#include <sys/vmmeter.h>

#include <netinet/in.h>
#include <netinet/tcp.h>

#include <netinet/udp.h>
#include <netinet/ip_var.h>
#include <netinet/tcp_var.h>
#include <netinet/udp_var.h>

#include <CommonCrypto/CommonDigest.h>
#define SHA512_Update(a, b, c)	(CC_SHA512_Update((a), (b), (c)))
#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
#define SHA512_CTX CC_SHA512_CTX
#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH








>


>


>




>







42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <time.h>
#include <mach/mach_time.h>
#include <mach/mach_host.h>
#include <mach/host_info.h>
#if TARGET_OS_OSX
#include <sys/socketvar.h>
#include <sys/vmmeter.h>
#endif
#include <netinet/in.h>
#include <netinet/tcp.h>
#if TARGET_OS_OSX
#include <netinet/udp.h>
#include <netinet/ip_var.h>
#include <netinet/tcp_var.h>
#include <netinet/udp_var.h>
#endif
#include <CommonCrypto/CommonDigest.h>
#define SHA512_Update(a, b, c)	(CC_SHA512_Update((a), (b), (c)))
#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
#define SHA512_CTX CC_SHA512_CTX
#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH

203
204
205
206
207
208
209

210
211
212

213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

232
233
234

235
236
237
238
239
240
241
		return (0);		/* satisfied */
	}
nodevrandom:
	errno = EIO;
	return (-1);
}


static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };

static int kmib[] = { CTL_KERN, KERN_USRSTACK };
static int hwmib[] = { CTL_HW, HW_USERMEM };

static int
getentropy_fallback(void *buf, size_t len)
{
	uint8_t results[SHA512_DIGEST_LENGTH];
	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
	static int cnt;
	struct timespec ts;
	struct timeval tv;
	struct rusage ru;
	sigset_t sigset;
	struct stat st;
	SHA512_CTX ctx;
	static pid_t lastpid;
	pid_t pid;
	size_t i, ii, m;
	char *p;

	struct tcpstat tcpstat;
	struct udpstat udpstat;
	struct ipstat ipstat;

	u_int64_t mach_time;
	unsigned int idata;
	void *addr;

	pid = getpid();
	if (lastpid == pid) {
		faster = 1;







>



>



















>



>







208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
		return (0);		/* satisfied */
	}
nodevrandom:
	errno = EIO;
	return (-1);
}

#if TARGET_OS_OSX
static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
#endif
static int kmib[] = { CTL_KERN, KERN_USRSTACK };
static int hwmib[] = { CTL_HW, HW_USERMEM };

static int
getentropy_fallback(void *buf, size_t len)
{
	uint8_t results[SHA512_DIGEST_LENGTH];
	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
	static int cnt;
	struct timespec ts;
	struct timeval tv;
	struct rusage ru;
	sigset_t sigset;
	struct stat st;
	SHA512_CTX ctx;
	static pid_t lastpid;
	pid_t pid;
	size_t i, ii, m;
	char *p;
#if TARGET_OS_OSX
	struct tcpstat tcpstat;
	struct udpstat udpstat;
	struct ipstat ipstat;
#endif
	u_int64_t mach_time;
	unsigned int idata;
	void *addr;

	pid = getpid();
	if (lastpid == pid) {
		faster = 1;
262
263
264
265
266
267
268

269
270
271
272
273
274
275
276
277
278
279

280
281
282
283
284
285
286
			HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
			    &addr, &ii, NULL, 0) == -1, addr);

			ii = sizeof(idata);
			HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
			    &idata, &ii, NULL, 0) == -1, idata);


			ii = sizeof(tcpstat);
			HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
			    &tcpstat, &ii, NULL, 0) == -1, tcpstat);

			ii = sizeof(udpstat);
			HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
			    &udpstat, &ii, NULL, 0) == -1, udpstat);

			ii = sizeof(ipstat);
			HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
			    &ipstat, &ii, NULL, 0) == -1, ipstat);


			HX((pid = getpid()) == -1, pid);
			HX((pid = getsid(pid)) == -1, pid);
			HX((pid = getppid()) == -1, pid);
			HX((pid = getpgid(0)) == -1, pid);
			HX((e = getpriority(0, 0)) == -1, e);








>











>







271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
			HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
			    &addr, &ii, NULL, 0) == -1, addr);

			ii = sizeof(idata);
			HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
			    &idata, &ii, NULL, 0) == -1, idata);

#if TARGET_OS_OSX
			ii = sizeof(tcpstat);
			HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
			    &tcpstat, &ii, NULL, 0) == -1, tcpstat);

			ii = sizeof(udpstat);
			HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
			    &udpstat, &ii, NULL, 0) == -1, udpstat);

			ii = sizeof(ipstat);
			HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
			    &ipstat, &ii, NULL, 0) == -1, ipstat);
#endif

			HX((pid = getpid()) == -1, pid);
			HX((pid = getsid(pid)) == -1, pid);
			HX((pid = getppid()) == -1, pid);
			HX((pid = getpgid(0)) == -1, pid);
			HX((e = getpriority(0, 0)) == -1, e);

Changes to jni/libressl/crypto/compat/getentropy_solaris.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_solaris.c,v 1.10 2015/08/25 17:26:43 deraadt Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/syscall.h>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_solaris.c,v 1.12 2016/08/07 03:27:21 tb Exp $	*/

/*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/syscall.h>
Changes to jni/libressl/crypto/compat/getentropy_win.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_win.c,v 1.3 2014/11/11 13:54:33 bcook Exp $	*/

/*
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> 
 * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
 */

#include <windows.h>
#include <errno.h>
#include <stdint.h>
#include <sys/types.h>
#include <wincrypt.h>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*	$OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $	*/

/*
 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> 
 * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * Emulation of getentropy(2) as documented at:
 * http://man.openbsd.org/getentropy.2
 */

#include <windows.h>
#include <errno.h>
#include <stdint.h>
#include <sys/types.h>
#include <wincrypt.h>
Added jni/libressl/crypto/compat/getpagesize.c.




































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
/* $OpenBSD$ */

#include <unistd.h>

#ifdef _MSC_VER
#include <windows.h>
#endif

int
getpagesize(void) {
#ifdef _MSC_VER
	SYSTEM_INFO system_info;
	GetSystemInfo(&system_info);
	return system_info.dwPageSize;
#else
	return sysconf(_SC_PAGESIZE);
#endif
}
Changes to jni/libressl/crypto/compat/inet_pton.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: inet_pton.c,v 1.9 2015/01/16 16:48:51 deraadt Exp $	*/

/* Copyright (c) 1996 by Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: inet_pton.c,v 1.10 2015/09/13 21:36:08 guenther Exp $	*/

/* Copyright (c) 1996 by Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/compat/posix_win.c.
8
9
10
11
12
13
14

15
16
17
18
19
20
21

#define NO_REDEF_POSIX_FUNCTIONS

#include <windows.h>
#include <ws2tcpip.h>

#include <errno.h>

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

void







>







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

#define NO_REDEF_POSIX_FUNCTIONS

#include <windows.h>
#include <ws2tcpip.h>

#include <errno.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

void
34
35
36
37
38
39
40






















41
42
43
44
45
46
47
		FILE *f = fopen(path, bin_mode);
		free(bin_mode);
		return f;
	}

	return fopen(path, mode);
}























char *
posix_fgets(char *s, int size, FILE *stream)
{
	char *ret = fgets(s, size, stream);
	if (ret != NULL) {
		size_t end = strlen(ret);







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
		FILE *f = fopen(path, bin_mode);
		free(bin_mode);
		return f;
	}

	return fopen(path, mode);
}

int
posix_open(const char *path, ...)
{
	va_list ap;
	int mode = 0;
	int flags;

	va_start(ap, path);
	flags = va_arg(ap, int);
	if (flags & O_CREAT)
		mode = va_arg(ap, int);
	va_end(ap);

	flags |= O_BINARY;
	if (flags & O_CLOEXEC) {
		flags &= ~O_CLOEXEC;
		flags |= O_NOINHERIT;
	}
	flags &= ~O_NONBLOCK;
	return open(path, flags, mode);
}

char *
posix_fgets(char *s, int size, FILE *stream)
{
	char *ret = fgets(s, size, stream);
	if (ret != NULL) {
		size_t end = strlen(ret);
105
106
107
108
109
110
111



112
113
114
115
116
117
118
		break;
	case WSAECONNREFUSED:
		errno = ECONNREFUSED;
		break;
	case WSAEAFNOSUPPORT:
		errno = EAFNOSUPPORT;
		break;



	case WSAENETRESET:
	case WSAENOTCONN:
	case WSAECONNABORTED:
	case WSAECONNRESET:
	case WSAESHUTDOWN:
	case WSAETIMEDOUT:
		errno = EPIPE;







>
>
>







128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
		break;
	case WSAECONNREFUSED:
		errno = ECONNREFUSED;
		break;
	case WSAEAFNOSUPPORT:
		errno = EAFNOSUPPORT;
		break;
	case WSAEBADF:
		errno = EBADF;
		break;
	case WSAENETRESET:
	case WSAENOTCONN:
	case WSAECONNABORTED:
	case WSAECONNRESET:
	case WSAESHUTDOWN:
	case WSAETIMEDOUT:
		errno = EPIPE;
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
}

int
posix_close(int fd)
{
	if (closesocket(fd) == SOCKET_ERROR) {
		int err = WSAGetLastError();
		return err == WSAENOTSOCK ?
			close(fd) : wsa_errno(err);
	}
	return 0;
}

ssize_t
posix_read(int fd, void *buf, size_t count)
{
	ssize_t rc = recv(fd, buf, count, 0);
	if (rc == SOCKET_ERROR) {
		int err = WSAGetLastError();
		return err == WSAENOTSOCK ?
			read(fd, buf, count) : wsa_errno(err);
	}
	return rc;
}

ssize_t
posix_write(int fd, const void *buf, size_t count)
{
	ssize_t rc = send(fd, buf, count, 0);
	if (rc == SOCKET_ERROR) {
		int err = WSAGetLastError();
		return err == WSAENOTSOCK ?
			write(fd, buf, count) : wsa_errno(err);
	}
	return rc;
}

int
posix_getsockopt(int sockfd, int level, int optname,







|











|











|







157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
}

int
posix_close(int fd)
{
	if (closesocket(fd) == SOCKET_ERROR) {
		int err = WSAGetLastError();
		return (err == WSAENOTSOCK || err == WSAEBADF) ?
			close(fd) : wsa_errno(err);
	}
	return 0;
}

ssize_t
posix_read(int fd, void *buf, size_t count)
{
	ssize_t rc = recv(fd, buf, count, 0);
	if (rc == SOCKET_ERROR) {
		int err = WSAGetLastError();
		return (err == WSAENOTSOCK || err == WSAEBADF) ?
			read(fd, buf, count) : wsa_errno(err);
	}
	return rc;
}

ssize_t
posix_write(int fd, const void *buf, size_t count)
{
	ssize_t rc = send(fd, buf, count, 0);
	if (rc == SOCKET_ERROR) {
		int err = WSAGetLastError();
		return (err == WSAENOTSOCK || err == WSAEBADF) ?
			write(fd, buf, count) : wsa_errno(err);
	}
	return rc;
}

int
posix_getsockopt(int sockfd, int level, int optname,
Changes to jni/libressl/crypto/compat/reallocarray.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $	*/
/*
 * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: reallocarray.c,v 1.3 2015/09/13 08:31:47 guenther Exp $	*/
/*
 * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Added jni/libressl/crypto/compat/recallocarray.c.
































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/*	$OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $	*/
/*
 * Copyright (c) 2008, 2017 Otto Moerbeek <otto@drijf.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <errno.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>

/*
 * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
 * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
 */
#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))

void *
recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
{
	size_t oldsize, newsize;
	void *newptr;

	if (ptr == NULL)
		return calloc(newnmemb, size);

	if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
	    newnmemb > 0 && SIZE_MAX / newnmemb < size) {
		errno = ENOMEM;
		return NULL;
	}
	newsize = newnmemb * size;

	if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
	    oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
		errno = EINVAL;
		return NULL;
	}
	oldsize = oldnmemb * size;
	
	/*
	 * Don't bother too much if we're shrinking just a bit,
	 * we do not shrink for series of small steps, oh well.
	 */
	if (newsize <= oldsize) {
		size_t d = oldsize - newsize;

		if (d < oldsize / 2 && d < getpagesize()) {
			memset((char *)ptr + newsize, 0, d);
			return ptr;
		}
	}

	newptr = malloc(newsize);
	if (newptr == NULL)
		return NULL;

	if (newsize > oldsize) {
		memcpy(newptr, ptr, oldsize);
		memset((char *)newptr + oldsize, 0, newsize - oldsize);
	} else
		memcpy(newptr, ptr, newsize);

	explicit_bzero(ptr, oldsize);
	free(ptr);

	return newptr;
}
Changes to jni/libressl/crypto/compat/strcasecmp.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strcasecmp.c,v 1.6 2005/08/08 08:05:37 espie Exp $	*/

/*
 * Copyright (c) 1987, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strcasecmp.c,v 1.7 2015/08/31 02:53:57 guenther Exp $	*/

/*
 * Copyright (c) 1987, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
Changes to jni/libressl/crypto/compat/strlcat.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strlcat.c,v 1.15 2015/03/02 21:41:08 millert Exp $	*/

/*
 * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strlcat.c,v 1.18 2016/10/16 17:37:39 dtucker Exp $	*/

/*
 * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Changes to jni/libressl/crypto/compat/strlcpy.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strlcpy.c,v 1.12 2015/01/15 03:54:12 millert Exp $	*/

/*
 * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strlcpy.c,v 1.15 2016/10/16 17:37:39 dtucker Exp $	*/

/*
 * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Changes to jni/libressl/crypto/compat/strndup.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strndup.c,v 1.1 2010/05/18 22:24:55 tedu Exp $	*/

/*
 * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strndup.c,v 1.2 2015/08/31 02:53:57 guenther Exp $	*/

/*
 * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Changes to jni/libressl/crypto/compat/strnlen.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: strnlen.c,v 1.5 2014/06/10 04:17:37 deraadt Exp $	*/

/*
 * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: strnlen.c,v 1.8 2016/10/16 17:37:39 dtucker Exp $	*/

/*
 * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Added jni/libressl/crypto/compat/strsep.c.












































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/*	$OpenBSD: strsep.c,v 1.8 2015/08/31 02:53:57 guenther Exp $	*/

/*-
 * Copyright (c) 1990, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <string.h>

/*
 * Get next token from string *stringp, where tokens are possibly-empty
 * strings separated by characters from delim.  
 *
 * Writes NULs into the string at *stringp to end tokens.
 * delim need not remain constant from call to call.
 * On return, *stringp points past the last NUL written (if there might
 * be further tokens), or is NULL (if there are definitely no more tokens).
 *
 * If *stringp is NULL, strsep returns NULL.
 */
char *
strsep(char **stringp, const char *delim)
{
	char *s;
	const char *spanp;
	int c, sc;
	char *tok;

	if ((s = *stringp) == NULL)
		return (NULL);
	for (tok = s;;) {
		c = *s++;
		spanp = delim;
		do {
			if ((sc = *spanp++) == c) {
				if (c == 0)
					s = NULL;
				else
					s[-1] = 0;
				*stringp = s;
				return (tok);
			}
		} while (sc != 0);
	}
	/* NOTREACHED */
}
Changes to jni/libressl/crypto/compat/timingsafe_bcmp.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: timingsafe_bcmp.c,v 1.2 2014/06/10 04:17:37 deraadt Exp $	*/
/*
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: timingsafe_bcmp.c,v 1.3 2015/08/31 02:53:57 guenther Exp $	*/
/*
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/compat/timingsafe_memcmp.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: timingsafe_memcmp.c,v 1.1 2014/06/13 02:12:17 matthew Exp $	*/
/*
 * Copyright (c) 2014 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $	*/
/*
 * Copyright (c) 2014 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/conf/conf_api.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_api.c,v 1.14 2015/02/10 11:22:21 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_api.c,v 1.15 2015/04/11 16:03:21 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/conf/conf_def.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_def.c,v 1.30 2015/04/30 15:28:03 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_def.c,v 1.32 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
{
	int ret;
	BIO *in = NULL;

	in = BIO_new_file(name, "rb");
	if (in == NULL) {
		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
			CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
		else
			CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
		return 0;
	}

	ret = def_load_bio(conf, in, line);
	BIO_free(in);

	return ret;







|

|







191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
{
	int ret;
	BIO *in = NULL;

	in = BIO_new_file(name, "rb");
	if (in == NULL) {
		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
			CONFerror(CONF_R_NO_SUCH_FILE);
		else
			CONFerror(ERR_R_SYS_LIB);
		return 0;
	}

	ret = def_load_bio(conf, in, line);
	BIO_free(in);

	return ret;
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
	CONF_VALUE *v = NULL, *tv;
	CONF_VALUE *sv = NULL;
	char *section = NULL, *buf;
	char *start, *psection, *pname;
	void *h = (void *)(conf->data);

	if ((buff = BUF_MEM_new()) == NULL) {
		CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
		goto err;
	}

	section = strdup("default");
	if (section == NULL) {
		CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (_CONF_new_data(conf) == 0) {
		CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	sv = _CONF_new_section(conf, section);
	if (sv == NULL) {
		CONFerr(CONF_F_DEF_LOAD_BIO,
		    CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
		goto err;
	}

	bufnum = 0;
	again = 0;
	for (;;) {
		if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
			CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
			goto err;
		}
		p = &(buff->data[bufnum]);
		*p = '\0';
		BIO_gets(in, p, CONFBUFSIZE - 1);
		p[CONFBUFSIZE - 1] = '\0';
		ii = i = strlen(p);







|





|




|





<
|







|







220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
	CONF_VALUE *v = NULL, *tv;
	CONF_VALUE *sv = NULL;
	char *section = NULL, *buf;
	char *start, *psection, *pname;
	void *h = (void *)(conf->data);

	if ((buff = BUF_MEM_new()) == NULL) {
		CONFerror(ERR_R_BUF_LIB);
		goto err;
	}

	section = strdup("default");
	if (section == NULL) {
		CONFerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (_CONF_new_data(conf) == 0) {
		CONFerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	sv = _CONF_new_section(conf, section);
	if (sv == NULL) {

		CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
		goto err;
	}

	bufnum = 0;
	again = 0;
	for (;;) {
		if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
			CONFerror(ERR_R_BUF_LIB);
			goto err;
		}
		p = &(buff->data[bufnum]);
		*p = '\0';
		BIO_gets(in, p, CONFBUFSIZE - 1);
		p[CONFBUFSIZE - 1] = '\0';
		ii = i = strlen(p);
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
			end = eat_alpha_numeric(conf, ss);
			p = eat_ws(conf, end);
			if (*p != ']') {
				if (*p != '\0' && ss != p) {
					ss = p;
					goto again;
				}
				CONFerr(CONF_F_DEF_LOAD_BIO,
				    CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
				goto err;
			}
			*end = '\0';
			if (!str_copy(conf, NULL, &section, start))
				goto err;
			if ((sv = _CONF_get_section(conf, section)) == NULL)
				sv = _CONF_new_section(conf, section);
			if (sv == NULL) {
				CONFerr(CONF_F_DEF_LOAD_BIO,
				    CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
				goto err;
			}
			continue;
		} else {
			pname = s;
			psection = NULL;
			end = eat_alpha_numeric(conf, s);
			if ((end[0] == ':') && (end[1] == ':')) {
				*end = '\0';
				end += 2;
				psection = pname;
				pname = end;
				end = eat_alpha_numeric(conf, end);
			}
			p = eat_ws(conf, end);
			if (*p != '=') {
				CONFerr(CONF_F_DEF_LOAD_BIO,
				    CONF_R_MISSING_EQUAL_SIGN);
				goto err;
			}
			*end = '\0';
			p++;
			start = eat_ws(conf, p);
			while (!IS_EOF(conf, *p))
				p++;
			p--;
			while ((p != start) && (IS_WS(conf, *p)))
				p--;
			p++;
			*p = '\0';

			if (!(v = malloc(sizeof(CONF_VALUE)))) {
				CONFerr(CONF_F_DEF_LOAD_BIO,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (psection == NULL)
				psection = section;
			v->name = strdup(pname);
			v->value = NULL;
			if (v->name == NULL) {
				CONFerr(CONF_F_DEF_LOAD_BIO,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (!str_copy(conf, psection, &(v->value), start))
				goto err;

			if (strcmp(psection, section) != 0) {
				if ((tv = _CONF_get_section(conf, psection))
					== NULL)
					tv = _CONF_new_section(conf, psection);
				if (tv == NULL) {
					CONFerr(CONF_F_DEF_LOAD_BIO,
					    CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
					goto err;
				}
			} else
				tv = sv;

			if (_CONF_add_string(conf, tv, v) == 0) {
				CONFerr(CONF_F_DEF_LOAD_BIO,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			v = NULL;
		}
	}
	if (buff != NULL)
		BUF_MEM_free(buff);







<
|








<
|
















<
|














<
|







<
|










<
|






<
|







311
312
313
314
315
316
317

318
319
320
321
322
323
324
325
326

327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

344
345
346
347
348
349
350
351
352
353
354
355
356
357
358

359
360
361
362
363
364
365
366

367
368
369
370
371
372
373
374
375
376
377

378
379
380
381
382
383
384

385
386
387
388
389
390
391
392
			end = eat_alpha_numeric(conf, ss);
			p = eat_ws(conf, end);
			if (*p != ']') {
				if (*p != '\0' && ss != p) {
					ss = p;
					goto again;
				}

				CONFerror(CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
				goto err;
			}
			*end = '\0';
			if (!str_copy(conf, NULL, &section, start))
				goto err;
			if ((sv = _CONF_get_section(conf, section)) == NULL)
				sv = _CONF_new_section(conf, section);
			if (sv == NULL) {

				CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
				goto err;
			}
			continue;
		} else {
			pname = s;
			psection = NULL;
			end = eat_alpha_numeric(conf, s);
			if ((end[0] == ':') && (end[1] == ':')) {
				*end = '\0';
				end += 2;
				psection = pname;
				pname = end;
				end = eat_alpha_numeric(conf, end);
			}
			p = eat_ws(conf, end);
			if (*p != '=') {

				CONFerror(CONF_R_MISSING_EQUAL_SIGN);
				goto err;
			}
			*end = '\0';
			p++;
			start = eat_ws(conf, p);
			while (!IS_EOF(conf, *p))
				p++;
			p--;
			while ((p != start) && (IS_WS(conf, *p)))
				p--;
			p++;
			*p = '\0';

			if (!(v = malloc(sizeof(CONF_VALUE)))) {

				CONFerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (psection == NULL)
				psection = section;
			v->name = strdup(pname);
			v->value = NULL;
			if (v->name == NULL) {

				CONFerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (!str_copy(conf, psection, &(v->value), start))
				goto err;

			if (strcmp(psection, section) != 0) {
				if ((tv = _CONF_get_section(conf, psection))
					== NULL)
					tv = _CONF_new_section(conf, psection);
				if (tv == NULL) {

					CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
					goto err;
				}
			} else
				tv = sv;

			if (_CONF_add_string(conf, tv, v) == 0) {

				CONFerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			v = NULL;
		}
	}
	if (buff != NULL)
		BUF_MEM_free(buff);
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
					e++;
			}
			r = *e;
			*e = '\0';
			rp = e;
			if (q) {
				if (r != q) {
					CONFerr(CONF_F_STR_COPY,
					    CONF_R_NO_CLOSE_BRACE);
					goto err;
				}
				e++;
			}
			/* So at this point we have
			 * np which is the start of the name string which is
			 *   '\0' terminated.
			 * cp which is the start of the section string which is
			 *   '\0' terminated.
			 * e is the 'next point after'.
			 * r and rr are the chars replaced by the '\0'
			 * rp and rrp is where 'r' and 'rr' came from.
			 */
			p = _CONF_get_string(conf, cp, np);
			if (rrp != NULL)
				*rrp = rr;
			*rp = r;
			if (p == NULL) {
				CONFerr(CONF_F_STR_COPY,
				    CONF_R_VARIABLE_HAS_NO_VALUE);
				goto err;
			}
			if (!BUF_MEM_grow_clean(buf,
				(strlen(p) + buf->length - (e - from)))) {
				CONFerr(CONF_F_STR_COPY,
				    CONF_R_MODULE_INITIALIZATION_ERROR);
				goto err;
			}
			while (*p)
				buf->data[to++] = *(p++);

			/* Since we change the pointer 'from', we also have
			   to change the perceived length of the string it







<
|


















<
|




<
|







537
538
539
540
541
542
543

544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562

563
564
565
566
567

568
569
570
571
572
573
574
575
					e++;
			}
			r = *e;
			*e = '\0';
			rp = e;
			if (q) {
				if (r != q) {

					CONFerror(CONF_R_NO_CLOSE_BRACE);
					goto err;
				}
				e++;
			}
			/* So at this point we have
			 * np which is the start of the name string which is
			 *   '\0' terminated.
			 * cp which is the start of the section string which is
			 *   '\0' terminated.
			 * e is the 'next point after'.
			 * r and rr are the chars replaced by the '\0'
			 * rp and rrp is where 'r' and 'rr' came from.
			 */
			p = _CONF_get_string(conf, cp, np);
			if (rrp != NULL)
				*rrp = rr;
			*rp = r;
			if (p == NULL) {

				CONFerror(CONF_R_VARIABLE_HAS_NO_VALUE);
				goto err;
			}
			if (!BUF_MEM_grow_clean(buf,
				(strlen(p) + buf->length - (e - from)))) {

				CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR);
				goto err;
			}
			while (*p)
				buf->data[to++] = *(p++);

			/* Since we change the pointer 'from', we also have
			   to change the perceived length of the string it
Changes to jni/libressl/crypto/conf/conf_def.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_def.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
54
55
56
57
58
59
60


61
62
63
64
65
66
67
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

/* THIS FILE WAS AUTOMAGICALLY GENERATED!
   Please modify and use keysets.pl to regenerate it. */



#define CONF_NUMBER		1
#define CONF_UPPER		2
#define CONF_LOWER		4
#define CONF_UNDER		256
#define CONF_PUNCTUATION	512
#define CONF_WS			16







>
>







54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

/* THIS FILE WAS AUTOMAGICALLY GENERATED!
   Please modify and use keysets.pl to regenerate it. */

__BEGIN_HIDDEN_DECLS

#define CONF_NUMBER		1
#define CONF_UPPER		2
#define CONF_LOWER		4
#define CONF_UNDER		256
#define CONF_PUNCTUATION	512
#define CONF_WS			16
156
157
158
159
160
161
162


	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
};









>
>
158
159
160
161
162
163
164
165
166
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
	0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/conf/conf_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_err.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_err.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)

static ERR_STRING_DATA CONF_str_functs[]= {
	{ERR_FUNC(CONF_F_CONF_DUMP_FP),	"CONF_dump_fp"},
	{ERR_FUNC(CONF_F_CONF_LOAD),	"CONF_load"},
	{ERR_FUNC(CONF_F_CONF_LOAD_BIO),	"CONF_load_bio"},
	{ERR_FUNC(CONF_F_CONF_LOAD_FP),	"CONF_load_fp"},
	{ERR_FUNC(CONF_F_CONF_MODULES_LOAD),	"CONF_modules_load"},
	{ERR_FUNC(CONF_F_CONF_PARSE_LIST),	"CONF_parse_list"},
	{ERR_FUNC(CONF_F_DEF_LOAD),	"DEF_LOAD"},
	{ERR_FUNC(CONF_F_DEF_LOAD_BIO),	"DEF_LOAD_BIO"},
	{ERR_FUNC(CONF_F_MODULE_INIT),	"MODULE_INIT"},
	{ERR_FUNC(CONF_F_MODULE_LOAD_DSO),	"MODULE_LOAD_DSO"},
	{ERR_FUNC(CONF_F_MODULE_RUN),	"MODULE_RUN"},
	{ERR_FUNC(CONF_F_NCONF_DUMP_BIO),	"NCONF_dump_bio"},
	{ERR_FUNC(CONF_F_NCONF_DUMP_FP),	"NCONF_dump_fp"},
	{ERR_FUNC(CONF_F_NCONF_GET_NUMBER),	"NCONF_get_number"},
	{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E),	"NCONF_get_number_e"},
	{ERR_FUNC(CONF_F_NCONF_GET_SECTION),	"NCONF_get_section"},
	{ERR_FUNC(CONF_F_NCONF_GET_STRING),	"NCONF_get_string"},
	{ERR_FUNC(CONF_F_NCONF_LOAD),	"NCONF_load"},
	{ERR_FUNC(CONF_F_NCONF_LOAD_BIO),	"NCONF_load_bio"},
	{ERR_FUNC(CONF_F_NCONF_LOAD_FP),	"NCONF_load_fp"},
	{ERR_FUNC(CONF_F_NCONF_NEW),	"NCONF_new"},
	{ERR_FUNC(CONF_F_STR_COPY),	"STR_COPY"},
	{0, NULL}
};

static ERR_STRING_DATA CONF_str_reasons[]= {
	{ERR_REASON(CONF_R_ERROR_LOADING_DSO)    , "error loading dso"},
	{ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL)  , "list cannot be null"},
	{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), "missing close square bracket"},







<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74

75




















76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)

static ERR_STRING_DATA CONF_str_functs[]= {

	{ERR_FUNC(0xfff), "CRYPTO_internal"},




















	{0, NULL}
};

static ERR_STRING_DATA CONF_str_reasons[]= {
	{ERR_REASON(CONF_R_ERROR_LOADING_DSO)    , "error loading dso"},
	{ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL)  , "list cannot be null"},
	{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), "missing close square bracket"},
Changes to jni/libressl/crypto/conf/conf_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_lib.c,v 1.12 2014/07/09 11:10:50 bcook Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_lib.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
    long *eline)
{
	LHASH_OF(CONF_VALUE) *ltmp;
	BIO *in = NULL;

	in = BIO_new_file(file, "rb");
	if (in == NULL) {
		CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
		return NULL;
	}

	ltmp = CONF_load_bio(conf, in, eline);
	BIO_free(in);

	return ltmp;
}

LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
    long *eline)
{
	BIO *btmp;
	LHASH_OF(CONF_VALUE) *ltmp;

	if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
		return NULL;
	}
	ltmp = CONF_load_bio(conf, btmp, eline);
	BIO_free(btmp);
	return ltmp;
}








|
















|







90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
    long *eline)
{
	LHASH_OF(CONF_VALUE) *ltmp;
	BIO *in = NULL;

	in = BIO_new_file(file, "rb");
	if (in == NULL) {
		CONFerror(ERR_R_SYS_LIB);
		return NULL;
	}

	ltmp = CONF_load_bio(conf, in, eline);
	BIO_free(in);

	return ltmp;
}

LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
    long *eline)
{
	BIO *btmp;
	LHASH_OF(CONF_VALUE) *ltmp;

	if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		CONFerror(ERR_R_BUF_LIB);
		return NULL;
	}
	ltmp = CONF_load_bio(conf, btmp, eline);
	BIO_free(btmp);
	return ltmp;
}

192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
int
CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
{
	BIO *btmp;
	int ret;

	if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
		CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
		return 0;
	}
	ret = CONF_dump_bio(conf, btmp);
	BIO_free(btmp);
	return ret;
}








|







192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
int
CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
{
	BIO *btmp;
	int ret;

	if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
		CONFerror(ERR_R_BUF_LIB);
		return 0;
	}
	ret = CONF_dump_bio(conf, btmp);
	BIO_free(btmp);
	return ret;
}

225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
	CONF *ret;

	if (meth == NULL)
		meth = NCONF_default();

	ret = meth->create(meth);
	if (ret == NULL) {
		CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	return ret;
}

void







|







225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
	CONF *ret;

	if (meth == NULL)
		meth = NCONF_default();

	ret = meth->create(meth);
	if (ret == NULL) {
		CONFerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	return ret;
}

void
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324

325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
	conf->meth->destroy_data(conf);
}

int
NCONF_load(CONF *conf, const char *file, long *eline)
{
	if (conf == NULL) {
		CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
		return 0;
	}

	return conf->meth->load(conf, file, eline);
}

int
NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
{
	BIO *btmp;
	int ret;

	if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
		return 0;
	}
	ret = NCONF_load_bio(conf, btmp, eline);
	BIO_free(btmp);
	return ret;
}

int
NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
{
	if (conf == NULL) {
		CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
		return 0;
	}

	return conf->meth->load_bio(conf, bp, eline);
}

STACK_OF(CONF_VALUE) *
NCONF_get_section(const CONF *conf, const char *section)
{
	if (conf == NULL) {
		CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
		return NULL;
	}

	if (section == NULL) {
		CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
		return NULL;
	}

	return _CONF_get_section_values(conf, section);
}

char *
NCONF_get_string(const CONF *conf, const char *group, const char *name)
{
	char *s = _CONF_get_string(conf, group, name);

        /* Since we may get a value from an environment variable even
           if conf is NULL, let's check the value first */
	if (s)
		return s;

	if (conf == NULL) {
		CONFerr(CONF_F_NCONF_GET_STRING,
		    CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
		return NULL;
	}
	CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
	ERR_asprintf_error_data("group=%s name=%s", group, name);

	return NULL;
}

int
NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
    long *result)
{
	char *str;

	if (result == NULL) {
		CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}

	str = NCONF_get_string(conf, group, name);

	if (str == NULL)
		return 0;







|













|











|










|




|

















<
|


|
|
>










|







252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
	conf->meth->destroy_data(conf);
}

int
NCONF_load(CONF *conf, const char *file, long *eline)
{
	if (conf == NULL) {
		CONFerror(CONF_R_NO_CONF);
		return 0;
	}

	return conf->meth->load(conf, file, eline);
}

int
NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
{
	BIO *btmp;
	int ret;

	if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		CONFerror(ERR_R_BUF_LIB);
		return 0;
	}
	ret = NCONF_load_bio(conf, btmp, eline);
	BIO_free(btmp);
	return ret;
}

int
NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
{
	if (conf == NULL) {
		CONFerror(CONF_R_NO_CONF);
		return 0;
	}

	return conf->meth->load_bio(conf, bp, eline);
}

STACK_OF(CONF_VALUE) *
NCONF_get_section(const CONF *conf, const char *section)
{
	if (conf == NULL) {
		CONFerror(CONF_R_NO_CONF);
		return NULL;
	}

	if (section == NULL) {
		CONFerror(CONF_R_NO_SECTION);
		return NULL;
	}

	return _CONF_get_section_values(conf, section);
}

char *
NCONF_get_string(const CONF *conf, const char *group, const char *name)
{
	char *s = _CONF_get_string(conf, group, name);

        /* Since we may get a value from an environment variable even
           if conf is NULL, let's check the value first */
	if (s)
		return s;

	if (conf == NULL) {

		CONFerror(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
		return NULL;
	}
	CONFerror(CONF_R_NO_VALUE);
	ERR_asprintf_error_data("group=%s name=%s",
	    group ? group : "", name);
	return NULL;
}

int
NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
    long *result)
{
	char *str;

	if (result == NULL) {
		CONFerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}

	str = NCONF_get_string(conf, group, name);

	if (str == NULL)
		return 0;
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375

int
NCONF_dump_fp(const CONF *conf, FILE *out)
{
	BIO *btmp;
	int ret;
	if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
		CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
		return 0;
	}
	ret = NCONF_dump_bio(conf, btmp);
	BIO_free(btmp);
	return ret;
}

int
NCONF_dump_bio(const CONF *conf, BIO *out)
{
	if (conf == NULL) {
		CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
		return 0;
	}

	return conf->meth->dump(conf, out);
}







|











|





351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375

int
NCONF_dump_fp(const CONF *conf, FILE *out)
{
	BIO *btmp;
	int ret;
	if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
		CONFerror(ERR_R_BUF_LIB);
		return 0;
	}
	ret = NCONF_dump_bio(conf, btmp);
	BIO_free(btmp);
	return ret;
}

int
NCONF_dump_bio(const CONF *conf, BIO *out)
{
	if (conf == NULL) {
		CONFerror(CONF_R_NO_CONF);
		return 0;
	}

	return conf->meth->dump(conf, out);
}
Changes to jni/libressl/crypto/conf/conf_mall.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_mall.c,v 1.8 2014/07/10 22:45:56 jsing Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/conf/conf_mod.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_mod.c,v 1.25 2014/07/22 02:21:20 beck Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_mod.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232

	/* Module not found: try to load DSO */
	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
		md = module_load_dso(cnf, name, value, flags);

	if (!md) {
		if (!(flags & CONF_MFLAGS_SILENT)) {
			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
			ERR_asprintf_error_data("module=%s", name);
		}
		return -1;
	}

	ret = module_init(md, name, value, cnf);

	if (ret <= 0) {
		if (!(flags & CONF_MFLAGS_SILENT)) {
			CONFerr(CONF_F_MODULE_RUN,
			    CONF_R_MODULE_INITIALIZATION_ERROR);
			ERR_asprintf_error_data
			    ("module=%s, value=%s, retcode=%-8d",
			    name, value, ret);
		}
	}

	return ret;







|









<
|







207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

224
225
226
227
228
229
230
231

	/* Module not found: try to load DSO */
	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
		md = module_load_dso(cnf, name, value, flags);

	if (!md) {
		if (!(flags & CONF_MFLAGS_SILENT)) {
			CONFerror(CONF_R_UNKNOWN_MODULE_NAME);
			ERR_asprintf_error_data("module=%s", name);
		}
		return -1;
	}

	ret = module_init(md, name, value, cnf);

	if (ret <= 0) {
		if (!(flags & CONF_MFLAGS_SILENT)) {

			CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR);
			ERR_asprintf_error_data
			    ("module=%s, value=%s, retcode=%-8d",
			    name, value, ret);
		}
	}

	return ret;
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
		goto err;

	return md;

err:
	if (dso)
		DSO_free(dso);
	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
	ERR_asprintf_error_data("module=%s, path=%s", name, path);
	return NULL;
}

/* add module to list */
static CONF_MODULE *
module_add(DSO *dso, const char *name, conf_init_func *ifunc,







|







266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
		goto err;

	return md;

err:
	if (dso)
		DSO_free(dso);
	CONFerror(errcode);
	ERR_asprintf_error_data("module=%s, path=%s", name, path);
	return NULL;
}

/* add module to list */
static CONF_MODULE *
module_add(DSO *dso, const char *name, conf_init_func *ifunc,
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
		if (ret <= 0)
			goto err;
	}

	if (initialized_modules == NULL) {
		initialized_modules = sk_CONF_IMODULE_new_null();
		if (!initialized_modules) {
			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}

	if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	pmod->links++;

	return ret;








|





|







363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
		if (ret <= 0)
			goto err;
	}

	if (initialized_modules == NULL) {
		initialized_modules = sk_CONF_IMODULE_new_null();
		if (!initialized_modules) {
			CONFerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}

	if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
		CONFerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	pmod->links++;

	return ret;

562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
CONF_parse_list(const char *list_, int sep, int nospc,
    int (*list_cb)(const char *elem, int len, void *usr), void *arg)
{
	int ret;
	const char *lstart, *tmpend, *p;

	if (list_ == NULL) {
		CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
		return 0;
	}

	lstart = list_;
	for (;;) {
		if (nospc) {
			while (*lstart && isspace((unsigned char)*lstart))







|







561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
CONF_parse_list(const char *list_, int sep, int nospc,
    int (*list_cb)(const char *elem, int len, void *usr), void *arg)
{
	int ret;
	const char *lstart, *tmpend, *p;

	if (list_ == NULL) {
		CONFerror(CONF_R_LIST_CANNOT_BE_NULL);
		return 0;
	}

	lstart = list_;
	for (;;) {
		if (nospc) {
			while (*lstart && isspace((unsigned char)*lstart))
Changes to jni/libressl/crypto/conf/conf_sap.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf_sap.c,v 1.10 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_sap.c,v 1.11 2015/02/11 03:19:37 doug Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/constant_time_locl.h.
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#ifndef HEADER_CONSTANT_TIME_LOCL_H
# define HEADER_CONSTANT_TIME_LOCL_H

#ifdef __cplusplus
extern "C" {
#endif

/*-
 * The boolean methods return a bitmask of all ones (0xff...f) for true
 * and 0 for false. This is useful for choosing a value based on the result
 * of a conditional in constant time. For example,
 *
 * if (a < b) {







|
<
<







43
44
45
46
47
48
49
50


51
52
53
54
55
56
57
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#ifndef HEADER_CONSTANT_TIME_LOCL_H
# define HEADER_CONSTANT_TIME_LOCL_H

__BEGIN_HIDDEN_DECLS



/*-
 * The boolean methods return a bitmask of all ones (0xff...f) for true
 * and 0 for false. This is useful for choosing a value based on the result
 * of a conditional in constant time. For example,
 *
 * if (a < b) {
198
199
200
201
202
203
204
205
206
207
208
209
}

static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
    return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}

#ifdef __cplusplus
}
#endif

#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */







|
|
<
<

196
197
198
199
200
201
202
203
204


205
}

static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
    return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}

__END_HIDDEN_DECLS



#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
Changes to jni/libressl/crypto/cpt_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cpt_err.c,v 1.12 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cpt_err.c,v 1.13 2014/07/10 22:45:56 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/cpuid-elf-x86_64.S.

1
2
3
4
5

6
7
8
9
10
11
12
13
14


.hidden	OPENSSL_cpuid_setup
.section	.init
	call	OPENSSL_cpuid_setup


.hidden	OPENSSL_ia32cap_P
.comm	OPENSSL_ia32cap_P,8,4

.text	

.globl	OPENSSL_atomic_add
.type	OPENSSL_atomic_add,@function
.align	16
OPENSSL_atomic_add:
>





>

<







1
2
3
4
5
6
7
8

9
10
11
12
13
14
15
#include "x86_arch.h"

.hidden	OPENSSL_cpuid_setup
.section	.init
	call	OPENSSL_cpuid_setup


.hidden	OPENSSL_ia32cap_P


.text	

.globl	OPENSSL_atomic_add
.type	OPENSSL_atomic_add,@function
.align	16
OPENSSL_atomic_add:
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103
104
105

106
107
108
109

110
111
112
113
114
115
116
117
118
119
120

121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
	movl	$2147483648,%eax
	cpuid
	cmpl	$2147483649,%eax
	jb	.Lintel
	movl	%eax,%r10d
	movl	$2147483649,%eax
	cpuid
	orl	%ecx,%r9d
	andl	$2049,%r9d

	cmpl	$2147483656,%r10d
	jb	.Lintel

	movl	$2147483656,%eax
	cpuid
	movzbq	%cl,%r10
	incq	%r10

	movl	$1,%eax
	cpuid
	btl	$28,%edx
	jnc	.Lgeneric
	shrl	$16,%ebx
	cmpb	%r10b,%bl
	ja	.Lgeneric
	andl	$4026531839,%edx
	jmp	.Lgeneric

.Lintel:
	cmpl	$4,%r11d
	movl	$-1,%r10d
	jb	.Lnocacheinfo

	movl	$4,%eax
	movl	$0,%ecx
	cpuid
	movl	%eax,%r10d
	shrl	$14,%r10d
	andl	$4095,%r10d

.Lnocacheinfo:
	movl	$1,%eax
	cpuid
	andl	$3220176895,%edx

	cmpl	$0,%r9d
	jne	.Lnotintel
	orl	$1073741824,%edx

	andb	$15,%ah
	cmpb	$15,%ah
	jne	.Lnotintel
	orl	$1048576,%edx

.Lnotintel:
	btl	$28,%edx
	jnc	.Lgeneric
	andl	$4026531839,%edx
	cmpl	$0,%r10d
	je	.Lgeneric

	orl	$268435456,%edx
	shrl	$16,%ebx
	cmpb	$1,%bl
	ja	.Lgeneric

	andl	$4026531839,%edx
.Lgeneric:
	andl	$2048,%r9d
	andl	$4294965247,%ecx
	orl	%ecx,%r9d

	movl	%edx,%r10d
	btl	$27,%r9d
	jnc	.Lclear_avx
	xorl	%ecx,%ecx
.byte	0x0f,0x01,0xd0		
	andl	$6,%eax
	cmpl	$6,%eax
	je	.Ldone
.Lclear_avx:
	movl	$4026525695,%eax
	andl	%eax,%r9d
.Ldone:
	shlq	$32,%r9
	movl	%r10d,%eax
	movq	%r8,%rbx
	orq	%r9,%rax
	.byte	0xf3,0xc3







|
|











|




|

















|
>


|
>



|
>

|

|



|



>
|

|
|



|







|







60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
	movl	$2147483648,%eax
	cpuid
	cmpl	$2147483649,%eax
	jb	.Lintel
	movl	%eax,%r10d
	movl	$2147483649,%eax
	cpuid
	andl	$IA32CAP_MASK1_AMD_XOP,%r9d
	orl	$1,%r9d

	cmpl	$2147483656,%r10d
	jb	.Lintel

	movl	$2147483656,%eax
	cpuid
	movzbq	%cl,%r10
	incq	%r10

	movl	$1,%eax
	cpuid
	btl	$IA32CAP_BIT0_HT,%edx
	jnc	.Lgeneric
	shrl	$16,%ebx
	cmpb	%r10b,%bl
	ja	.Lgeneric
	xorl	$IA32CAP_MASK0_HT,%edx
	jmp	.Lgeneric

.Lintel:
	cmpl	$4,%r11d
	movl	$-1,%r10d
	jb	.Lnocacheinfo

	movl	$4,%eax
	movl	$0,%ecx
	cpuid
	movl	%eax,%r10d
	shrl	$14,%r10d
	andl	$4095,%r10d

.Lnocacheinfo:
	movl	$1,%eax
	cpuid

	andl	$(~(IA32CAP_MASK0_INTELP4 | IA32CAP_MASK0_INTEL)),%edx
	cmpl	$0,%r9d
	jne	.Lnotintel

	orl	$IA32CAP_MASK0_INTEL,%edx
	andb	$15,%ah
	cmpb	$15,%ah
	jne	.Lnotintel

	orl	$IA32CAP_MASK0_INTELP4,%edx
.Lnotintel:
	btl	$IA32CAP_BIT0_HT,%edx
	jnc	.Lgeneric
	xorl	$IA32CAP_MASK0_HT,%edx
	cmpl	$0,%r10d
	je	.Lgeneric

	orl	$IA32CAP_MASK0_HT,%edx
	shrl	$16,%ebx
	cmpb	$1,%bl
	ja	.Lgeneric
	xorl	$IA32CAP_MASK0_HT,%edx

.Lgeneric:
	andl	$IA32CAP_MASK1_AMD_XOP,%r9d
	andl	$(~IA32CAP_MASK1_AMD_XOP),%ecx
	orl	%ecx,%r9d

	movl	%edx,%r10d
	btl	$IA32CAP_BIT1_OSXSAVE,%r9d
	jnc	.Lclear_avx
	xorl	%ecx,%ecx
.byte	0x0f,0x01,0xd0		
	andl	$6,%eax
	cmpl	$6,%eax
	je	.Ldone
.Lclear_avx:
	movl	$(~(IA32CAP_MASK1_AVX | IA32CAP_MASK1_FMA3 | IA32CAP_MASK1_AMD_XOP)),%eax
	andl	%eax,%r9d
.Ldone:
	shlq	$32,%r9
	movl	%r10d,%eax
	movq	%r8,%rbx
	orq	%r9,%rax
	.byte	0xf3,0xc3
Changes to jni/libressl/crypto/cpuid-macosx-x86_64.S.

1
2
3
4
5
6

7
8
9
10
11
12
13
14
15


.private_extern	_OPENSSL_cpuid_setup
.mod_init_func
	.p2align	3
	.quad	_OPENSSL_cpuid_setup


.private_extern	_OPENSSL_ia32cap_P
.comm	_OPENSSL_ia32cap_P,8,2

.text	

.globl	_OPENSSL_atomic_add

.p2align	4
_OPENSSL_atomic_add:
>






>

<







1
2
3
4
5
6
7
8
9

10
11
12
13
14
15
16
#include "x86_arch.h"

.private_extern	_OPENSSL_cpuid_setup
.mod_init_func
	.p2align	3
	.quad	_OPENSSL_cpuid_setup


.private_extern	_OPENSSL_ia32cap_P


.text	

.globl	_OPENSSL_atomic_add

.p2align	4
_OPENSSL_atomic_add:
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

104
105
106

107
108
109
110

111
112
113
114
115
116
117
118
119
120
121

122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
	movl	$2147483648,%eax
	cpuid
	cmpl	$2147483649,%eax
	jb	L$intel
	movl	%eax,%r10d
	movl	$2147483649,%eax
	cpuid
	orl	%ecx,%r9d
	andl	$2049,%r9d

	cmpl	$2147483656,%r10d
	jb	L$intel

	movl	$2147483656,%eax
	cpuid
	movzbq	%cl,%r10
	incq	%r10

	movl	$1,%eax
	cpuid
	btl	$28,%edx
	jnc	L$generic
	shrl	$16,%ebx
	cmpb	%r10b,%bl
	ja	L$generic
	andl	$4026531839,%edx
	jmp	L$generic

L$intel:
	cmpl	$4,%r11d
	movl	$-1,%r10d
	jb	L$nocacheinfo

	movl	$4,%eax
	movl	$0,%ecx
	cpuid
	movl	%eax,%r10d
	shrl	$14,%r10d
	andl	$4095,%r10d

L$nocacheinfo:
	movl	$1,%eax
	cpuid
	andl	$3220176895,%edx

	cmpl	$0,%r9d
	jne	L$notintel
	orl	$1073741824,%edx

	andb	$15,%ah
	cmpb	$15,%ah
	jne	L$notintel
	orl	$1048576,%edx

L$notintel:
	btl	$28,%edx
	jnc	L$generic
	andl	$4026531839,%edx
	cmpl	$0,%r10d
	je	L$generic

	orl	$268435456,%edx
	shrl	$16,%ebx
	cmpb	$1,%bl
	ja	L$generic

	andl	$4026531839,%edx
L$generic:
	andl	$2048,%r9d
	andl	$4294965247,%ecx
	orl	%ecx,%r9d

	movl	%edx,%r10d
	btl	$27,%r9d
	jnc	L$clear_avx
	xorl	%ecx,%ecx
.byte	0x0f,0x01,0xd0		
	andl	$6,%eax
	cmpl	$6,%eax
	je	L$done
L$clear_avx:
	movl	$4026525695,%eax
	andl	%eax,%r9d
L$done:
	shlq	$32,%r9
	movl	%r10d,%eax
	movq	%r8,%rbx
	orq	%r9,%rax
	.byte	0xf3,0xc3







|
|











|




|

















|
>


|
>



|
>

|

|



|



>
|

|
|



|







|







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
	movl	$2147483648,%eax
	cpuid
	cmpl	$2147483649,%eax
	jb	L$intel
	movl	%eax,%r10d
	movl	$2147483649,%eax
	cpuid
	andl	$IA32CAP_MASK1_AMD_XOP,%r9d
	orl	$1,%r9d

	cmpl	$2147483656,%r10d
	jb	L$intel

	movl	$2147483656,%eax
	cpuid
	movzbq	%cl,%r10
	incq	%r10

	movl	$1,%eax
	cpuid
	btl	$IA32CAP_BIT0_HT,%edx
	jnc	L$generic
	shrl	$16,%ebx
	cmpb	%r10b,%bl
	ja	L$generic
	xorl	$IA32CAP_MASK0_HT,%edx
	jmp	L$generic

L$intel:
	cmpl	$4,%r11d
	movl	$-1,%r10d
	jb	L$nocacheinfo

	movl	$4,%eax
	movl	$0,%ecx
	cpuid
	movl	%eax,%r10d
	shrl	$14,%r10d
	andl	$4095,%r10d

L$nocacheinfo:
	movl	$1,%eax
	cpuid

	andl	$(~(IA32CAP_MASK0_INTELP4 | IA32CAP_MASK0_INTEL)),%edx
	cmpl	$0,%r9d
	jne	L$notintel

	orl	$IA32CAP_MASK0_INTEL,%edx
	andb	$15,%ah
	cmpb	$15,%ah
	jne	L$notintel

	orl	$IA32CAP_MASK0_INTELP4,%edx
L$notintel:
	btl	$IA32CAP_BIT0_HT,%edx
	jnc	L$generic
	xorl	$IA32CAP_MASK0_HT,%edx
	cmpl	$0,%r10d
	je	L$generic

	orl	$IA32CAP_MASK0_HT,%edx
	shrl	$16,%ebx
	cmpb	$1,%bl
	ja	L$generic
	xorl	$IA32CAP_MASK0_HT,%edx

L$generic:
	andl	$IA32CAP_MASK1_AMD_XOP,%r9d
	andl	$(~IA32CAP_MASK1_AMD_XOP),%ecx
	orl	%ecx,%r9d

	movl	%edx,%r10d
	btl	$IA32CAP_BIT1_OSXSAVE,%r9d
	jnc	L$clear_avx
	xorl	%ecx,%ecx
.byte	0x0f,0x01,0xd0		
	andl	$6,%eax
	cmpl	$6,%eax
	je	L$done
L$clear_avx:
	movl	$(~(IA32CAP_MASK1_AVX | IA32CAP_MASK1_FMA3 | IA32CAP_MASK1_AMD_XOP)),%eax
	andl	%eax,%r9d
L$done:
	shlq	$32,%r9
	movl	%r10d,%eax
	movq	%r8,%rbx
	orq	%r9,%rax
	.byte	0xf3,0xc3
Changes to jni/libressl/crypto/cryptlib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cryptlib.c,v 1.36 2015/09/13 10:02:49 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cryptlib.c,v 1.40 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
CRYPTO_get_new_lockid(char *name)
{
	char *str;
	int i;

	if ((app_locks == NULL) &&
	    ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) {
		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	if (name == NULL || (str = strdup(name)) == NULL) {
		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	i = sk_OPENSSL_STRING_push(app_locks, str);
	if (!i)
		free(str);
	else
		i += CRYPTO_NUM_LOCKS; /* gap of one :-) */







|



|







206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
CRYPTO_get_new_lockid(char *name)
{
	char *str;
	int i;

	if ((app_locks == NULL) &&
	    ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) {
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	if (name == NULL || (str = strdup(name)) == NULL) {
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	i = sk_OPENSSL_STRING_push(app_locks, str);
	if (!i)
		free(str);
	else
		i += CRYPTO_NUM_LOCKS; /* gap of one :-) */
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
int
CRYPTO_get_new_dynlockid(void)
{
	int i = 0;
	CRYPTO_dynlock *pointer = NULL;

	if (dynlock_create_callback == NULL) {
		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
		    CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
		return (0);
	}
	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
	if ((dyn_locks == NULL) &&
	    ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) {
		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
		    ERR_R_MALLOC_FAILURE);
		return (0);
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

	pointer = malloc(sizeof(CRYPTO_dynlock));
	if (pointer == NULL) {
		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
		    ERR_R_MALLOC_FAILURE);
		return (0);
	}
	pointer->references = 1;
	pointer->data = dynlock_create_callback(__FILE__, __LINE__);
	if (pointer->data == NULL) {
		free(pointer);
		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
		    ERR_R_MALLOC_FAILURE);
		return (0);
	}

	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
	/* First, try to find an existing empty slot */
	i = sk_CRYPTO_dynlock_find(dyn_locks, NULL);
	/* If there was none, push, thereby creating a new one */







<
|






<
|






<
|






<
|







234
235
236
237
238
239
240

241
242
243
244
245
246
247

248
249
250
251
252
253
254

255
256
257
258
259
260
261

262
263
264
265
266
267
268
269
int
CRYPTO_get_new_dynlockid(void)
{
	int i = 0;
	CRYPTO_dynlock *pointer = NULL;

	if (dynlock_create_callback == NULL) {

		CRYPTOerror(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
		return (0);
	}
	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
	if ((dyn_locks == NULL) &&
	    ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) {
		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

	pointer = malloc(sizeof(CRYPTO_dynlock));
	if (pointer == NULL) {

		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	pointer->references = 1;
	pointer->data = dynlock_create_callback(__FILE__, __LINE__);
	if (pointer->data == NULL) {
		free(pointer);

		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}

	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
	/* First, try to find an existing empty slot */
	i = sk_CRYPTO_dynlock_find(dyn_locks, NULL);
	/* If there was none, push, thereby creating a new one */
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
		    type - CRYPTO_NUM_LOCKS));
}

#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
	defined(__INTEL__) || \
	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)

unsigned int  OPENSSL_ia32cap_P[2];

uint64_t
OPENSSL_cpu_caps(void)
{
	return *(uint64_t *)OPENSSL_ia32cap_P;
}

#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
#define OPENSSL_CPUID_SETUP
typedef unsigned long long IA32CAP;
void
OPENSSL_cpuid_setup(void)
{
	static int trigger = 0;
	IA32CAP OPENSSL_ia32_cpuid(void);
	IA32CAP vec;

	if (trigger)
		return;
	trigger = 1;

	vec = OPENSSL_ia32_cpuid();

	/*
	 * |(1<<10) sets a reserved bit to signal that variable
	 * was initialized already... This is to avoid interference
	 * with cpuid snippets in ELF .init segment.
	 */
	OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10);
	OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32);
}
#endif

#else
unsigned long *
OPENSSL_ia32cap_loc(void)
{
	return NULL;
}

uint64_t
OPENSSL_cpu_caps(void)
{
	return 0;
}
#endif








|




|


|

<




|
<




<
|
<
<
<
<
<
<
<
<




<
<
<
<
<
<







619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635

636
637
638
639
640

641
642
643
644

645








646
647
648
649






650
651
652
653
654
655
656
		    type - CRYPTO_NUM_LOCKS));
}

#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
	defined(__INTEL__) || \
	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)

uint64_t OPENSSL_ia32cap_P;

uint64_t
OPENSSL_cpu_caps(void)
{
	return OPENSSL_ia32cap_P;
}

#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
#define OPENSSL_CPUID_SETUP

void
OPENSSL_cpuid_setup(void)
{
	static int trigger = 0;
	uint64_t OPENSSL_ia32_cpuid(void);


	if (trigger)
		return;
	trigger = 1;

	OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid();








}
#endif

#else






uint64_t
OPENSSL_cpu_caps(void)
{
	return 0;
}
#endif

Changes to jni/libressl/crypto/cryptlib.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: cryptlib.h,v 1.23 2014/07/10 22:13:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cryptlib.h,v 1.25 2016/11/04 17:30:30 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#define X509_CERT_DIR		OPENSSLDIR "/certs"
#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
#define X509_PRIVATE_DIR	OPENSSLDIR "/private"
#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"

void OPENSSL_cpuid_setup(void);
extern unsigned int OPENSSL_ia32cap_P[];

#ifdef  __cplusplus
}
#endif

#endif







<






69
70
71
72
73
74
75

76
77
78
79
80
81
#define X509_CERT_DIR		OPENSSLDIR "/certs"
#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
#define X509_PRIVATE_DIR	OPENSSLDIR "/private"
#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"

void OPENSSL_cpuid_setup(void);


#ifdef  __cplusplus
}
#endif

#endif
Added jni/libressl/crypto/crypto.sym.








































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_time_parse
ASN1_time_tm_cmp
ASN1_unpack_string
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_CONNECT_free
BIO_CONNECT_new
BIO_accept
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_log
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_consttime_swap
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_reverse
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
CMAC_CTX_cleanup
CMAC_CTX_copy
CMAC_CTX_free
CMAC_CTX_get0_cipher_ctx
CMAC_CTX_new
CMAC_Final
CMAC_Init
CMAC_Update
CMAC_resume
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
COMP_zlib_cleanup
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number
CONF_get_section
CONF_get_string
CONF_imodule_get_flags
CONF_imodule_get_module
CONF_imodule_get_name
CONF_imodule_get_usr_data
CONF_imodule_get_value
CONF_imodule_set_flags
CONF_imodule_set_usr_data
CONF_load
CONF_load_bio
CONF_load_fp
CONF_module_add
CONF_module_get_usr_data
CONF_module_set_usr_data
CONF_modules_finish
CONF_modules_free
CONF_modules_load
CONF_modules_load_file
CONF_modules_unload
CONF_parse_list
CONF_set_default_method
CONF_set_nconf
CRL_DIST_POINTS_free
CRL_DIST_POINTS_it
CRL_DIST_POINTS_new
CRYPTO_THREADID_cmp
CRYPTO_THREADID_cpy
CRYPTO_THREADID_current
CRYPTO_THREADID_get_callback
CRYPTO_THREADID_hash
CRYPTO_THREADID_set_callback
CRYPTO_THREADID_set_numeric
CRYPTO_THREADID_set_pointer
CRYPTO_add_lock
CRYPTO_cbc128_decrypt
CRYPTO_cbc128_encrypt
CRYPTO_ccm128_aad
CRYPTO_ccm128_decrypt
CRYPTO_ccm128_decrypt_ccm64
CRYPTO_ccm128_encrypt
CRYPTO_ccm128_encrypt_ccm64
CRYPTO_ccm128_init
CRYPTO_ccm128_setiv
CRYPTO_ccm128_tag
CRYPTO_cfb128_1_encrypt
CRYPTO_cfb128_8_encrypt
CRYPTO_cfb128_encrypt
CRYPTO_chacha_20
CRYPTO_cleanup_all_ex_data
CRYPTO_ctr128_encrypt
CRYPTO_ctr128_encrypt_ctr32
CRYPTO_cts128_decrypt
CRYPTO_cts128_decrypt_block
CRYPTO_cts128_encrypt
CRYPTO_cts128_encrypt_block
CRYPTO_dbg_free
CRYPTO_dbg_get_options
CRYPTO_dbg_malloc
CRYPTO_dbg_realloc
CRYPTO_dbg_set_options
CRYPTO_destroy_dynlockid
CRYPTO_dup_ex_data
CRYPTO_ex_data_new_class
CRYPTO_free
CRYPTO_free_ex_data
CRYPTO_free_locked
CRYPTO_gcm128_aad
CRYPTO_gcm128_decrypt
CRYPTO_gcm128_decrypt_ctr32
CRYPTO_gcm128_encrypt
CRYPTO_gcm128_encrypt_ctr32
CRYPTO_gcm128_finish
CRYPTO_gcm128_init
CRYPTO_gcm128_new
CRYPTO_gcm128_release
CRYPTO_gcm128_setiv
CRYPTO_gcm128_tag
CRYPTO_get_add_lock_callback
CRYPTO_get_dynlock_create_callback
CRYPTO_get_dynlock_destroy_callback
CRYPTO_get_dynlock_lock_callback
CRYPTO_get_dynlock_value
CRYPTO_get_ex_data
CRYPTO_get_ex_data_implementation
CRYPTO_get_ex_new_index
CRYPTO_get_id_callback
CRYPTO_get_lock_name
CRYPTO_get_locked_mem_ex_functions
CRYPTO_get_locked_mem_functions
CRYPTO_get_locking_callback
CRYPTO_get_mem_debug_functions
CRYPTO_get_mem_debug_options
CRYPTO_get_mem_ex_functions
CRYPTO_get_mem_functions
CRYPTO_get_new_dynlockid
CRYPTO_get_new_lockid
CRYPTO_is_mem_check_on
CRYPTO_lock
CRYPTO_malloc
CRYPTO_malloc_locked
CRYPTO_mem_ctrl
CRYPTO_mem_leaks
CRYPTO_mem_leaks_cb
CRYPTO_mem_leaks_fp
CRYPTO_memcmp
CRYPTO_new_ex_data
CRYPTO_nistcts128_decrypt
CRYPTO_nistcts128_decrypt_block
CRYPTO_nistcts128_encrypt
CRYPTO_nistcts128_encrypt_block
CRYPTO_num_locks
CRYPTO_ofb128_encrypt
CRYPTO_poly1305_finish
CRYPTO_poly1305_init
CRYPTO_poly1305_update
CRYPTO_pop_info
CRYPTO_push_info_
CRYPTO_realloc
CRYPTO_realloc_clean
CRYPTO_remalloc
CRYPTO_remove_all_info
CRYPTO_set_add_lock_callback
CRYPTO_set_dynlock_create_callback
CRYPTO_set_dynlock_destroy_callback
CRYPTO_set_dynlock_lock_callback
CRYPTO_set_ex_data
CRYPTO_set_ex_data_implementation
CRYPTO_set_id_callback
CRYPTO_set_locked_mem_ex_functions
CRYPTO_set_locked_mem_functions
CRYPTO_set_locking_callback
CRYPTO_set_mem_debug_functions
CRYPTO_set_mem_debug_options
CRYPTO_set_mem_ex_functions
CRYPTO_set_mem_functions
CRYPTO_strdup
CRYPTO_thread_id
CRYPTO_xts128_encrypt
Camellia_cbc_encrypt
Camellia_cfb128_encrypt
Camellia_cfb1_encrypt
Camellia_cfb8_encrypt
Camellia_ctr128_encrypt
Camellia_decrypt
Camellia_ecb_encrypt
Camellia_encrypt
Camellia_ofb128_encrypt
Camellia_set_key
ChaCha
ChaCha_set_iv
ChaCha_set_key
DES_cbc_cksum
DES_cbc_encrypt
DES_cfb64_encrypt
DES_cfb_encrypt
DES_check_key
DES_check_key_parity
DES_crypt
DES_decrypt3
DES_ecb3_encrypt
DES_ecb_encrypt
DES_ede3_cbc_encrypt
DES_ede3_cbcm_encrypt
DES_ede3_cfb64_encrypt
DES_ede3_cfb_encrypt
DES_ede3_ofb64_encrypt
DES_enc_read
DES_enc_write
DES_encrypt1
DES_encrypt2
DES_encrypt3
DES_fcrypt
DES_is_weak_key
DES_key_sched
DES_ncbc_encrypt
DES_ofb64_encrypt
DES_ofb_encrypt
DES_options
DES_pcbc_encrypt
DES_quad_cksum
DES_random_key
DES_rw_mode
DES_set_key
DES_set_key_checked
DES_set_key_unchecked
DES_set_odd_parity
DES_string_to_2keys
DES_string_to_key
DES_xcbc_encrypt
DH_OpenSSL
DH_check
DH_check_pub_key
DH_compute_key
DH_free
DH_generate_key
DH_generate_parameters
DH_generate_parameters_ex
DH_get_default_method
DH_get_ex_data
DH_get_ex_new_index
DH_new
DH_new_method
DH_set_default_method
DH_set_ex_data
DH_set_method
DH_size
DH_up_ref
DHparams_dup
DHparams_it
DHparams_print
DHparams_print_fp
DIRECTORYSTRING_free
DIRECTORYSTRING_it
DIRECTORYSTRING_new
DISPLAYTEXT_free
DISPLAYTEXT_it
DISPLAYTEXT_new
DIST_POINT_NAME_free
DIST_POINT_NAME_it
DIST_POINT_NAME_new
DIST_POINT_free
DIST_POINT_it
DIST_POINT_new
DIST_POINT_set_dpname
DSAPrivateKey_it
DSAPublicKey_it
DSA_OpenSSL
DSA_SIG_free
DSA_SIG_it
DSA_SIG_new
DSA_do_sign
DSA_do_verify
DSA_dup_DH
DSA_free
DSA_generate_key
DSA_generate_parameters
DSA_generate_parameters_ex
DSA_get_default_method
DSA_get_ex_data
DSA_get_ex_new_index
DSA_new
DSA_new_method
DSA_print
DSA_print_fp
DSA_set_default_method
DSA_set_ex_data
DSA_set_method
DSA_sign
DSA_sign_setup
DSA_size
DSA_up_ref
DSA_verify
DSAparams_dup
DSAparams_it
DSAparams_print
DSAparams_print_fp
DSO_METHOD_dlfcn
DSO_METHOD_null
DSO_METHOD_openssl
DSO_bind_func
DSO_bind_var
DSO_convert_filename
DSO_ctrl
DSO_flags
DSO_free
DSO_get_default_method
DSO_get_filename
DSO_get_loaded_filename
DSO_get_method
DSO_global_lookup
DSO_load
DSO_merge
DSO_new
DSO_new_method
DSO_pathbyaddr
DSO_set_default_method
DSO_set_filename
DSO_set_method
DSO_set_name_converter
DSO_up_ref
ECDH_OpenSSL
ECDH_compute_key
ECDH_get_default_method
ECDH_get_ex_data
ECDH_get_ex_new_index
ECDH_set_default_method
ECDH_set_ex_data
ECDH_set_method
ECDH_size
ECDSA_OpenSSL
ECDSA_SIG_free
ECDSA_SIG_it
ECDSA_SIG_new
ECDSA_do_sign
ECDSA_do_sign_ex
ECDSA_do_verify
ECDSA_get_default_method
ECDSA_get_ex_data
ECDSA_get_ex_new_index
ECDSA_set_default_method
ECDSA_set_ex_data
ECDSA_set_method
ECDSA_sign
ECDSA_sign_ex
ECDSA_sign_setup
ECDSA_size
ECDSA_verify
ECPARAMETERS_free
ECPARAMETERS_it
ECPARAMETERS_new
ECPKPARAMETERS_free
ECPKPARAMETERS_it
ECPKPARAMETERS_new
ECPKParameters_print
ECPKParameters_print_fp
ECParameters_dup
ECParameters_print
ECParameters_print_fp
EC_GF2m_simple_method
EC_GFp_mont_method
EC_GFp_nist_method
EC_GFp_simple_method
EC_GROUP_check
EC_GROUP_check_discriminant
EC_GROUP_clear_free
EC_GROUP_cmp
EC_GROUP_copy
EC_GROUP_dup
EC_GROUP_free
EC_GROUP_get0_generator
EC_GROUP_get0_seed
EC_GROUP_get_asn1_flag
EC_GROUP_get_basis_type
EC_GROUP_get_cofactor
EC_GROUP_get_curve_GF2m
EC_GROUP_get_curve_GFp
EC_GROUP_get_curve_name
EC_GROUP_get_degree
EC_GROUP_get_order
EC_GROUP_get_pentanomial_basis
EC_GROUP_get_point_conversion_form
EC_GROUP_get_seed_len
EC_GROUP_get_trinomial_basis
EC_GROUP_have_precompute_mult
EC_GROUP_method_of
EC_GROUP_new
EC_GROUP_new_by_curve_name
EC_GROUP_new_curve_GF2m
EC_GROUP_new_curve_GFp
EC_GROUP_precompute_mult
EC_GROUP_set_asn1_flag
EC_GROUP_set_curve_GF2m
EC_GROUP_set_curve_GFp
EC_GROUP_set_curve_name
EC_GROUP_set_generator
EC_GROUP_set_point_conversion_form
EC_GROUP_set_seed
EC_KEY_check_key
EC_KEY_clear_flags
EC_KEY_copy
EC_KEY_dup
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_get0_public_key
EC_KEY_get_conv_form
EC_KEY_get_enc_flags
EC_KEY_get_flags
EC_KEY_get_key_method_data
EC_KEY_insert_key_method_data
EC_KEY_new
EC_KEY_new_by_curve_name
EC_KEY_precompute_mult
EC_KEY_print
EC_KEY_print_fp
EC_KEY_set_asn1_flag
EC_KEY_set_conv_form
EC_KEY_set_enc_flags
EC_KEY_set_flags
EC_KEY_set_group
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_KEY_set_public_key_affine_coordinates
EC_KEY_up_ref
EC_METHOD_get_field_type
EC_POINT_add
EC_POINT_bn2point
EC_POINT_clear_free
EC_POINT_cmp
EC_POINT_copy
EC_POINT_dbl
EC_POINT_dup
EC_POINT_free
EC_POINT_get_Jprojective_coordinates_GFp
EC_POINT_get_affine_coordinates_GF2m
EC_POINT_get_affine_coordinates_GFp
EC_POINT_hex2point
EC_POINT_invert
EC_POINT_is_at_infinity
EC_POINT_is_on_curve
EC_POINT_make_affine
EC_POINT_method_of
EC_POINT_mul
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2bn
EC_POINT_point2hex
EC_POINT_point2oct
EC_POINT_set_Jprojective_coordinates_GFp
EC_POINT_set_affine_coordinates_GF2m
EC_POINT_set_affine_coordinates_GFp
EC_POINT_set_compressed_coordinates_GF2m
EC_POINT_set_compressed_coordinates_GFp
EC_POINT_set_to_infinity
EC_POINTs_make_affine
EC_POINTs_mul
EC_PRIVATEKEY_free
EC_PRIVATEKEY_it
EC_PRIVATEKEY_new
EC_curve_nid2nist
EC_curve_nist2nid
EC_get_builtin_curves
EDIPARTYNAME_free
EDIPARTYNAME_it
EDIPARTYNAME_new
ENGINE_add
ENGINE_add_conf_module
ENGINE_by_id
ENGINE_cleanup
ENGINE_cmd_is_executable
ENGINE_ctrl
ENGINE_ctrl_cmd
ENGINE_ctrl_cmd_string
ENGINE_finish
ENGINE_free
ENGINE_get_DH
ENGINE_get_DSA
ENGINE_get_ECDH
ENGINE_get_ECDSA
ENGINE_get_RAND
ENGINE_get_RSA
ENGINE_get_STORE
ENGINE_get_cipher
ENGINE_get_cipher_engine
ENGINE_get_ciphers
ENGINE_get_cmd_defns
ENGINE_get_ctrl_function
ENGINE_get_default_DH
ENGINE_get_default_DSA
ENGINE_get_default_ECDH
ENGINE_get_default_ECDSA
ENGINE_get_default_RAND
ENGINE_get_default_RSA
ENGINE_get_destroy_function
ENGINE_get_digest
ENGINE_get_digest_engine
ENGINE_get_digests
ENGINE_get_ex_data
ENGINE_get_ex_new_index
ENGINE_get_finish_function
ENGINE_get_first
ENGINE_get_flags
ENGINE_get_id
ENGINE_get_init_function
ENGINE_get_last
ENGINE_get_load_privkey_function
ENGINE_get_load_pubkey_function
ENGINE_get_name
ENGINE_get_next
ENGINE_get_pkey_asn1_meth
ENGINE_get_pkey_asn1_meth_engine
ENGINE_get_pkey_asn1_meth_str
ENGINE_get_pkey_asn1_meths
ENGINE_get_pkey_meth
ENGINE_get_pkey_meth_engine
ENGINE_get_pkey_meths
ENGINE_get_prev
ENGINE_get_ssl_client_cert_function
ENGINE_get_static_state
ENGINE_get_table_flags
ENGINE_init
ENGINE_load_builtin_engines
ENGINE_load_dynamic
ENGINE_load_openssl
ENGINE_load_private_key
ENGINE_load_public_key
ENGINE_load_ssl_client_cert
ENGINE_new
ENGINE_pkey_asn1_find_str
ENGINE_register_DH
ENGINE_register_DSA
ENGINE_register_ECDH
ENGINE_register_ECDSA
ENGINE_register_RAND
ENGINE_register_RSA
ENGINE_register_STORE
ENGINE_register_all_DH
ENGINE_register_all_DSA
ENGINE_register_all_ECDH
ENGINE_register_all_ECDSA
ENGINE_register_all_RAND
ENGINE_register_all_RSA
ENGINE_register_all_STORE
ENGINE_register_all_ciphers
ENGINE_register_all_complete
ENGINE_register_all_digests
ENGINE_register_all_pkey_asn1_meths
ENGINE_register_all_pkey_meths
ENGINE_register_ciphers
ENGINE_register_complete
ENGINE_register_digests
ENGINE_register_pkey_asn1_meths
ENGINE_register_pkey_meths
ENGINE_remove
ENGINE_set_DH
ENGINE_set_DSA
ENGINE_set_ECDH
ENGINE_set_ECDSA
ENGINE_set_RAND
ENGINE_set_RSA
ENGINE_set_STORE
ENGINE_set_ciphers
ENGINE_set_cmd_defns
ENGINE_set_ctrl_function
ENGINE_set_default
ENGINE_set_default_DH
ENGINE_set_default_DSA
ENGINE_set_default_ECDH
ENGINE_set_default_ECDSA
ENGINE_set_default_RAND
ENGINE_set_default_RSA
ENGINE_set_default_ciphers
ENGINE_set_default_digests
ENGINE_set_default_pkey_asn1_meths
ENGINE_set_default_pkey_meths
ENGINE_set_default_string
ENGINE_set_destroy_function
ENGINE_set_digests
ENGINE_set_ex_data
ENGINE_set_finish_function
ENGINE_set_flags
ENGINE_set_id
ENGINE_set_init_function
ENGINE_set_load_privkey_function
ENGINE_set_load_pubkey_function
ENGINE_set_load_ssl_client_cert_function
ENGINE_set_name
ENGINE_set_pkey_asn1_meths
ENGINE_set_pkey_meths
ENGINE_set_table_flags
ENGINE_unregister_DH
ENGINE_unregister_DSA
ENGINE_unregister_ECDH
ENGINE_unregister_ECDSA
ENGINE_unregister_RAND
ENGINE_unregister_RSA
ENGINE_unregister_STORE
ENGINE_unregister_ciphers
ENGINE_unregister_digests
ENGINE_unregister_pkey_asn1_meths
ENGINE_unregister_pkey_meths
ENGINE_up_ref
ERR_add_error_data
ERR_add_error_vdata
ERR_asprintf_error_data
ERR_clear_error
ERR_error_string
ERR_error_string_n
ERR_free_strings
ERR_func_error_string
ERR_get_err_state_table
ERR_get_error
ERR_get_error_line
ERR_get_error_line_data
ERR_get_implementation
ERR_get_next_error_library
ERR_get_state
ERR_get_string_table
ERR_lib_error_string
ERR_load_ASN1_strings
ERR_load_BIO_strings
ERR_load_BN_strings
ERR_load_BUF_strings
ERR_load_COMP_strings
ERR_load_CONF_strings
ERR_load_CRYPTO_strings
ERR_load_DH_strings
ERR_load_DSA_strings
ERR_load_DSO_strings
ERR_load_ECDH_strings
ERR_load_ECDSA_strings
ERR_load_EC_strings
ERR_load_ENGINE_strings
ERR_load_ERR_strings
ERR_load_EVP_strings
ERR_load_GOST_strings
ERR_load_OBJ_strings
ERR_load_OCSP_strings
ERR_load_PEM_strings
ERR_load_PKCS12_strings
ERR_load_PKCS7_strings
ERR_load_RAND_strings
ERR_load_RSA_strings
ERR_load_TS_strings
ERR_load_UI_strings
ERR_load_X509V3_strings
ERR_load_X509_strings
ERR_load_crypto_strings
ERR_load_strings
ERR_peek_error
ERR_peek_error_line
ERR_peek_error_line_data
ERR_peek_last_error
ERR_peek_last_error_line
ERR_peek_last_error_line_data
ERR_pop_to_mark
ERR_print_errors
ERR_print_errors_cb
ERR_print_errors_fp
ERR_put_error
ERR_reason_error_string
ERR_release_err_state_table
ERR_remove_state
ERR_remove_thread_state
ERR_set_error_data
ERR_set_implementation
ERR_set_mark
ERR_unload_strings
ESS_CERT_ID_dup
ESS_CERT_ID_free
ESS_CERT_ID_it
ESS_CERT_ID_new
ESS_ISSUER_SERIAL_dup
ESS_ISSUER_SERIAL_free
ESS_ISSUER_SERIAL_it
ESS_ISSUER_SERIAL_new
ESS_SIGNING_CERT_dup
ESS_SIGNING_CERT_free
ESS_SIGNING_CERT_it
ESS_SIGNING_CERT_new
EVP_AEAD_CTX_cleanup
EVP_AEAD_CTX_init
EVP_AEAD_CTX_open
EVP_AEAD_CTX_seal
EVP_AEAD_key_length
EVP_AEAD_max_overhead
EVP_AEAD_max_tag_len
EVP_AEAD_nonce_length
EVP_BytesToKey
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_cipher
EVP_CIPHER_CTX_cleanup
EVP_CIPHER_CTX_clear_flags
EVP_CIPHER_CTX_copy
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_flags
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_get_app_data
EVP_CIPHER_CTX_init
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_nid
EVP_CIPHER_CTX_rand_key
EVP_CIPHER_CTX_set_app_data
EVP_CIPHER_CTX_set_flags
EVP_CIPHER_CTX_set_key_length
EVP_CIPHER_CTX_set_padding
EVP_CIPHER_CTX_test_flags
EVP_CIPHER_asn1_to_param
EVP_CIPHER_block_size
EVP_CIPHER_do_all
EVP_CIPHER_do_all_sorted
EVP_CIPHER_flags
EVP_CIPHER_get_asn1_iv
EVP_CIPHER_iv_length
EVP_CIPHER_key_length
EVP_CIPHER_nid
EVP_CIPHER_param_to_asn1
EVP_CIPHER_set_asn1_iv
EVP_CIPHER_type
EVP_Cipher
EVP_CipherFinal
EVP_CipherFinal_ex
EVP_CipherInit
EVP_CipherInit_ex
EVP_CipherUpdate
EVP_DecodeBlock
EVP_DecodeFinal
EVP_DecodeInit
EVP_DecodeUpdate
EVP_DecryptFinal
EVP_DecryptFinal_ex
EVP_DecryptInit
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_Digest
EVP_DigestFinal
EVP_DigestFinal_ex
EVP_DigestInit
EVP_DigestInit_ex
EVP_DigestSignFinal
EVP_DigestSignInit
EVP_DigestUpdate
EVP_DigestVerifyFinal
EVP_DigestVerifyInit
EVP_EncodeBlock
EVP_EncodeFinal
EVP_EncodeInit
EVP_EncodeUpdate
EVP_EncryptFinal
EVP_EncryptFinal_ex
EVP_EncryptInit
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_MD_CTX_cleanup
EVP_MD_CTX_clear_flags
EVP_MD_CTX_copy
EVP_MD_CTX_copy_ex
EVP_MD_CTX_create
EVP_MD_CTX_ctrl
EVP_MD_CTX_destroy
EVP_MD_CTX_init
EVP_MD_CTX_md
EVP_MD_CTX_set_flags
EVP_MD_CTX_test_flags
EVP_MD_block_size
EVP_MD_do_all
EVP_MD_do_all_sorted
EVP_MD_flags
EVP_MD_pkey_type
EVP_MD_size
EVP_MD_type
EVP_OpenFinal
EVP_OpenInit
EVP_PBE_CipherInit
EVP_PBE_alg_add
EVP_PBE_alg_add_type
EVP_PBE_cleanup
EVP_PBE_find
EVP_PKCS82PKEY
EVP_PKEY2PKCS8
EVP_PKEY2PKCS8_broken
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_free
EVP_PKEY_CTX_get0_peerkey
EVP_PKEY_CTX_get0_pkey
EVP_PKEY_CTX_get_app_data
EVP_PKEY_CTX_get_cb
EVP_PKEY_CTX_get_data
EVP_PKEY_CTX_get_keygen_info
EVP_PKEY_CTX_get_operation
EVP_PKEY_CTX_new
EVP_PKEY_CTX_new_id
EVP_PKEY_CTX_set0_keygen_info
EVP_PKEY_CTX_set_app_data
EVP_PKEY_CTX_set_cb
EVP_PKEY_CTX_set_data
EVP_PKEY_add1_attr
EVP_PKEY_add1_attr_by_NID
EVP_PKEY_add1_attr_by_OBJ
EVP_PKEY_add1_attr_by_txt
EVP_PKEY_asn1_add0
EVP_PKEY_asn1_add_alias
EVP_PKEY_asn1_copy
EVP_PKEY_asn1_find
EVP_PKEY_asn1_find_str
EVP_PKEY_asn1_free
EVP_PKEY_asn1_get0
EVP_PKEY_asn1_get0_info
EVP_PKEY_asn1_get_count
EVP_PKEY_asn1_new
EVP_PKEY_asn1_set_ctrl
EVP_PKEY_asn1_set_free
EVP_PKEY_asn1_set_param
EVP_PKEY_asn1_set_private
EVP_PKEY_asn1_set_public
EVP_PKEY_assign
EVP_PKEY_base_id
EVP_PKEY_bits
EVP_PKEY_cmp
EVP_PKEY_cmp_parameters
EVP_PKEY_copy_parameters
EVP_PKEY_decrypt
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt_old
EVP_PKEY_delete_attr
EVP_PKEY_derive
EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_encrypt
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt_old
EVP_PKEY_free
EVP_PKEY_get0
EVP_PKEY_get0_asn1
EVP_PKEY_get1_DH
EVP_PKEY_get1_DSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_RSA
EVP_PKEY_get_attr
EVP_PKEY_get_attr_by_NID
EVP_PKEY_get_attr_by_OBJ
EVP_PKEY_get_attr_count
EVP_PKEY_get_default_digest_nid
EVP_PKEY_id
EVP_PKEY_keygen
EVP_PKEY_keygen_init
EVP_PKEY_meth_add0
EVP_PKEY_meth_copy
EVP_PKEY_meth_find
EVP_PKEY_meth_free
EVP_PKEY_meth_get0_info
EVP_PKEY_meth_new
EVP_PKEY_meth_set_cleanup
EVP_PKEY_meth_set_copy
EVP_PKEY_meth_set_ctrl
EVP_PKEY_meth_set_decrypt
EVP_PKEY_meth_set_derive
EVP_PKEY_meth_set_encrypt
EVP_PKEY_meth_set_init
EVP_PKEY_meth_set_keygen
EVP_PKEY_meth_set_paramgen
EVP_PKEY_meth_set_sign
EVP_PKEY_meth_set_signctx
EVP_PKEY_meth_set_verify
EVP_PKEY_meth_set_verify_recover
EVP_PKEY_meth_set_verifyctx
EVP_PKEY_missing_parameters
EVP_PKEY_new
EVP_PKEY_new_mac_key
EVP_PKEY_paramgen
EVP_PKEY_paramgen_init
EVP_PKEY_print_params
EVP_PKEY_print_private
EVP_PKEY_print_public
EVP_PKEY_save_parameters
EVP_PKEY_set1_DH
EVP_PKEY_set1_DSA
EVP_PKEY_set1_EC_KEY
EVP_PKEY_set1_RSA
EVP_PKEY_set_type
EVP_PKEY_set_type_str
EVP_PKEY_sign
EVP_PKEY_sign_init
EVP_PKEY_size
EVP_PKEY_type
EVP_PKEY_verify
EVP_PKEY_verify_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_recover_init
EVP_SealFinal
EVP_SealInit
EVP_SignFinal
EVP_VerifyFinal
EVP_add_cipher
EVP_add_digest
EVP_aead_aes_128_gcm
EVP_aead_aes_256_gcm
EVP_aead_chacha20_poly1305
EVP_aead_chacha20_poly1305_old
EVP_aes_128_cbc
EVP_aes_128_cbc_hmac_sha1
EVP_aes_128_ccm
EVP_aes_128_cfb
EVP_aes_128_cfb1
EVP_aes_128_cfb128
EVP_aes_128_cfb8
EVP_aes_128_ctr
EVP_aes_128_ecb
EVP_aes_128_gcm
EVP_aes_128_ofb
EVP_aes_128_xts
EVP_aes_192_cbc
EVP_aes_192_ccm
EVP_aes_192_cfb
EVP_aes_192_cfb1
EVP_aes_192_cfb128
EVP_aes_192_cfb8
EVP_aes_192_ctr
EVP_aes_192_ecb
EVP_aes_192_gcm
EVP_aes_192_ofb
EVP_aes_256_cbc
EVP_aes_256_cbc_hmac_sha1
EVP_aes_256_ccm
EVP_aes_256_cfb
EVP_aes_256_cfb1
EVP_aes_256_cfb128
EVP_aes_256_cfb8
EVP_aes_256_ctr
EVP_aes_256_ecb
EVP_aes_256_gcm
EVP_aes_256_ofb
EVP_aes_256_xts
EVP_bf_cbc
EVP_bf_cfb
EVP_bf_cfb64
EVP_bf_ecb
EVP_bf_ofb
EVP_camellia_128_cbc
EVP_camellia_128_cfb1
EVP_camellia_128_cfb128
EVP_camellia_128_cfb8
EVP_camellia_128_ecb
EVP_camellia_128_ofb
EVP_camellia_192_cbc
EVP_camellia_192_cfb1
EVP_camellia_192_cfb128
EVP_camellia_192_cfb8
EVP_camellia_192_ecb
EVP_camellia_192_ofb
EVP_camellia_256_cbc
EVP_camellia_256_cfb1
EVP_camellia_256_cfb128
EVP_camellia_256_cfb8
EVP_camellia_256_ecb
EVP_camellia_256_ofb
EVP_cast5_cbc
EVP_cast5_cfb
EVP_cast5_cfb64
EVP_cast5_ecb
EVP_cast5_ofb
EVP_chacha20
EVP_cleanup
EVP_des_cbc
EVP_des_cfb
EVP_des_cfb1
EVP_des_cfb64
EVP_des_cfb8
EVP_des_ecb
EVP_des_ede
EVP_des_ede3
EVP_des_ede3_cbc
EVP_des_ede3_cfb
EVP_des_ede3_cfb1
EVP_des_ede3_cfb64
EVP_des_ede3_cfb8
EVP_des_ede3_ecb
EVP_des_ede3_ofb
EVP_des_ede_cbc
EVP_des_ede_cfb
EVP_des_ede_cfb64
EVP_des_ede_ecb
EVP_des_ede_ofb
EVP_des_ofb
EVP_desx_cbc
EVP_dss
EVP_dss1
EVP_ecdsa
EVP_enc_null
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_get_pw_prompt
EVP_gost2814789_cfb64
EVP_gost2814789_cnt
EVP_gost2814789_ecb
EVP_gost2814789imit
EVP_gostr341194
EVP_idea_cbc
EVP_idea_cfb
EVP_idea_cfb64
EVP_idea_ecb
EVP_idea_ofb
EVP_md4
EVP_md5
EVP_md5_sha1
EVP_md_null
EVP_rc2_40_cbc
EVP_rc2_64_cbc
EVP_rc2_cbc
EVP_rc2_cfb
EVP_rc2_cfb64
EVP_rc2_ecb
EVP_rc2_ofb
EVP_rc4
EVP_rc4_40
EVP_rc4_hmac_md5
EVP_read_pw_string
EVP_read_pw_string_min
EVP_ripemd160
EVP_set_pw_prompt
EVP_sha1
EVP_sha224
EVP_sha256
EVP_sha384
EVP_sha512
EVP_streebog256
EVP_streebog512
EVP_whirlpool
EXTENDED_KEY_USAGE_free
EXTENDED_KEY_USAGE_it
EXTENDED_KEY_USAGE_new
GENERAL_NAMES_free
GENERAL_NAMES_it
GENERAL_NAMES_new
GENERAL_NAME_cmp
GENERAL_NAME_dup
GENERAL_NAME_free
GENERAL_NAME_get0_otherName
GENERAL_NAME_get0_value
GENERAL_NAME_it
GENERAL_NAME_new
GENERAL_NAME_print
GENERAL_NAME_set0_othername
GENERAL_NAME_set0_value
GENERAL_SUBTREE_free
GENERAL_SUBTREE_it
GENERAL_SUBTREE_new
GOST2814789IMIT
GOST2814789IMIT_Final
GOST2814789IMIT_Init
GOST2814789IMIT_Transform
GOST2814789IMIT_Update
GOSTR341194
GOSTR341194_Final
GOSTR341194_Init
GOSTR341194_Transform
GOSTR341194_Update
GOST_CIPHER_PARAMS_free
GOST_CIPHER_PARAMS_it
GOST_CIPHER_PARAMS_new
GOST_KEY_check_key
GOST_KEY_free
GOST_KEY_get0_group
GOST_KEY_get0_private_key
GOST_KEY_get0_public_key
GOST_KEY_get_digest
GOST_KEY_get_size
GOST_KEY_new
GOST_KEY_set_digest
GOST_KEY_set_group
GOST_KEY_set_private_key
GOST_KEY_set_public_key
GOST_KEY_set_public_key_affine_coordinates
Gost2814789_cfb64_encrypt
Gost2814789_cnt_encrypt
Gost2814789_ecb_encrypt
Gost2814789_set_key
Gost2814789_set_sbox
Gost28147_TestParamSet
HMAC
HMAC_CTX_cleanup
HMAC_CTX_copy
HMAC_CTX_init
HMAC_CTX_set_flags
HMAC_Final
HMAC_Init
HMAC_Init_ex
HMAC_Update
ISSUING_DIST_POINT_free
ISSUING_DIST_POINT_it
ISSUING_DIST_POINT_new
LONG_it
MD4
MD4_Final
MD4_Init
MD4_Transform
MD4_Update
MD5
MD5_Final
MD5_Init
MD5_Transform
MD5_Update
NAME_CONSTRAINTS_check
NAME_CONSTRAINTS_free
NAME_CONSTRAINTS_it
NAME_CONSTRAINTS_new
NCONF_WIN32
NCONF_default
NCONF_dump_bio
NCONF_dump_fp
NCONF_free
NCONF_free_data
NCONF_get_number_e
NCONF_get_section
NCONF_get_string
NCONF_load
NCONF_load_bio
NCONF_load_fp
NCONF_new
NETSCAPE_CERT_SEQUENCE_free
NETSCAPE_CERT_SEQUENCE_it
NETSCAPE_CERT_SEQUENCE_new
NETSCAPE_ENCRYPTED_PKEY_free
NETSCAPE_ENCRYPTED_PKEY_it
NETSCAPE_ENCRYPTED_PKEY_new
NETSCAPE_PKEY_free
NETSCAPE_PKEY_it
NETSCAPE_PKEY_new
NETSCAPE_SPKAC_free
NETSCAPE_SPKAC_it
NETSCAPE_SPKAC_new
NETSCAPE_SPKI_b64_decode
NETSCAPE_SPKI_b64_encode
NETSCAPE_SPKI_free
NETSCAPE_SPKI_get_pubkey
NETSCAPE_SPKI_it
NETSCAPE_SPKI_new
NETSCAPE_SPKI_print
NETSCAPE_SPKI_set_pubkey
NETSCAPE_SPKI_sign
NETSCAPE_SPKI_verify
NETSCAPE_X509_free
NETSCAPE_X509_it
NETSCAPE_X509_new
NOTICEREF_free
NOTICEREF_it
NOTICEREF_new
OBJ_NAME_add
OBJ_NAME_cleanup
OBJ_NAME_do_all
OBJ_NAME_do_all_sorted
OBJ_NAME_get
OBJ_NAME_init
OBJ_NAME_new_index
OBJ_NAME_remove
OBJ_add_object
OBJ_add_sigid
OBJ_bsearch_
OBJ_bsearch_ex_
OBJ_cleanup
OBJ_cmp
OBJ_create
OBJ_create_objects
OBJ_dup
OBJ_find_sigid_algs
OBJ_find_sigid_by_algs
OBJ_ln2nid
OBJ_new_nid
OBJ_nid2ln
OBJ_nid2obj
OBJ_nid2sn
OBJ_obj2nid
OBJ_obj2txt
OBJ_sigid_free
OBJ_sn2nid
OBJ_txt2nid
OBJ_txt2obj
OCSP_BASICRESP_add1_ext_i2d
OCSP_BASICRESP_add_ext
OCSP_BASICRESP_delete_ext
OCSP_BASICRESP_free
OCSP_BASICRESP_get1_ext_d2i
OCSP_BASICRESP_get_ext
OCSP_BASICRESP_get_ext_by_NID
OCSP_BASICRESP_get_ext_by_OBJ
OCSP_BASICRESP_get_ext_by_critical
OCSP_BASICRESP_get_ext_count
OCSP_BASICRESP_it
OCSP_BASICRESP_new
OCSP_CERTID_dup
OCSP_CERTID_free
OCSP_CERTID_it
OCSP_CERTID_new
OCSP_CERTSTATUS_free
OCSP_CERTSTATUS_it
OCSP_CERTSTATUS_new
OCSP_CRLID_free
OCSP_CRLID_it
OCSP_CRLID_new
OCSP_ONEREQ_add1_ext_i2d
OCSP_ONEREQ_add_ext
OCSP_ONEREQ_delete_ext
OCSP_ONEREQ_free
OCSP_ONEREQ_get1_ext_d2i
OCSP_ONEREQ_get_ext
OCSP_ONEREQ_get_ext_by_NID
OCSP_ONEREQ_get_ext_by_OBJ
OCSP_ONEREQ_get_ext_by_critical
OCSP_ONEREQ_get_ext_count
OCSP_ONEREQ_it
OCSP_ONEREQ_new
OCSP_REQINFO_free
OCSP_REQINFO_it
OCSP_REQINFO_new
OCSP_REQUEST_add1_ext_i2d
OCSP_REQUEST_add_ext
OCSP_REQUEST_delete_ext
OCSP_REQUEST_free
OCSP_REQUEST_get1_ext_d2i
OCSP_REQUEST_get_ext
OCSP_REQUEST_get_ext_by_NID
OCSP_REQUEST_get_ext_by_OBJ
OCSP_REQUEST_get_ext_by_critical
OCSP_REQUEST_get_ext_count
OCSP_REQUEST_it
OCSP_REQUEST_new
OCSP_REQUEST_print
OCSP_REQ_CTX_add1_header
OCSP_REQ_CTX_free
OCSP_REQ_CTX_set1_req
OCSP_RESPBYTES_free
OCSP_RESPBYTES_it
OCSP_RESPBYTES_new
OCSP_RESPDATA_free
OCSP_RESPDATA_it
OCSP_RESPDATA_new
OCSP_RESPID_free
OCSP_RESPID_it
OCSP_RESPID_new
OCSP_RESPONSE_free
OCSP_RESPONSE_it
OCSP_RESPONSE_new
OCSP_RESPONSE_print
OCSP_REVOKEDINFO_free
OCSP_REVOKEDINFO_it
OCSP_REVOKEDINFO_new
OCSP_SERVICELOC_free
OCSP_SERVICELOC_it
OCSP_SERVICELOC_new
OCSP_SIGNATURE_free
OCSP_SIGNATURE_it
OCSP_SIGNATURE_new
OCSP_SINGLERESP_add1_ext_i2d
OCSP_SINGLERESP_add_ext
OCSP_SINGLERESP_delete_ext
OCSP_SINGLERESP_free
OCSP_SINGLERESP_get1_ext_d2i
OCSP_SINGLERESP_get_ext
OCSP_SINGLERESP_get_ext_by_NID
OCSP_SINGLERESP_get_ext_by_OBJ
OCSP_SINGLERESP_get_ext_by_critical
OCSP_SINGLERESP_get_ext_count
OCSP_SINGLERESP_it
OCSP_SINGLERESP_new
OCSP_accept_responses_new
OCSP_archive_cutoff_new
OCSP_basic_add1_cert
OCSP_basic_add1_nonce
OCSP_basic_add1_status
OCSP_basic_sign
OCSP_basic_verify
OCSP_cert_id_new
OCSP_cert_status_str
OCSP_cert_to_id
OCSP_check_nonce
OCSP_check_validity
OCSP_copy_nonce
OCSP_crlID_new
OCSP_crl_reason_str
OCSP_id_cmp
OCSP_id_get0_info
OCSP_id_issuer_cmp
OCSP_onereq_get0_id
OCSP_parse_url
OCSP_request_add0_id
OCSP_request_add1_cert
OCSP_request_add1_nonce
OCSP_request_is_signed
OCSP_request_onereq_count
OCSP_request_onereq_get0
OCSP_request_set1_name
OCSP_request_sign
OCSP_request_verify
OCSP_resp_count
OCSP_resp_find
OCSP_resp_find_status
OCSP_resp_get0
OCSP_response_create
OCSP_response_get1_basic
OCSP_response_status
OCSP_response_status_str
OCSP_sendreq_bio
OCSP_sendreq_nbio
OCSP_sendreq_new
OCSP_single_get0_status
OCSP_url_svcloc_new
OPENSSL_add_all_algorithms_conf
OPENSSL_add_all_algorithms_noconf
OPENSSL_asc2uni
OPENSSL_cleanse
OPENSSL_config
OPENSSL_cpu_caps
OPENSSL_cpuid_setup
OPENSSL_init
OPENSSL_load_builtin_modules
OPENSSL_no_config
OPENSSL_strcasecmp
OPENSSL_strncasecmp
OPENSSL_uni2asc
OTHERNAME_cmp
OTHERNAME_free
OTHERNAME_it
OTHERNAME_new
OpenSSLDie
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
PBE2PARAM_free
PBE2PARAM_it
PBE2PARAM_new
PBEPARAM_free
PBEPARAM_it
PBEPARAM_new
PBKDF2PARAM_free
PBKDF2PARAM_it
PBKDF2PARAM_new
PEM_ASN1_read
PEM_ASN1_read_bio
PEM_ASN1_write
PEM_ASN1_write_bio
PEM_SealFinal
PEM_SealInit
PEM_SealUpdate
PEM_SignFinal
PEM_SignInit
PEM_SignUpdate
PEM_X509_INFO_read
PEM_X509_INFO_read_bio
PEM_X509_INFO_write_bio
PEM_bytes_read_bio
PEM_def_callback
PEM_dek_info
PEM_do_header
PEM_get_EVP_CIPHER_INFO
PEM_proc_type
PEM_read
PEM_read_DHparams
PEM_read_DSAPrivateKey
PEM_read_DSA_PUBKEY
PEM_read_DSAparams
PEM_read_ECPKParameters
PEM_read_ECPrivateKey
PEM_read_EC_PUBKEY
PEM_read_NETSCAPE_CERT_SEQUENCE
PEM_read_PKCS7
PEM_read_PKCS8
PEM_read_PKCS8_PRIV_KEY_INFO
PEM_read_PUBKEY
PEM_read_PrivateKey
PEM_read_RSAPrivateKey
PEM_read_RSAPublicKey
PEM_read_RSA_PUBKEY
PEM_read_X509
PEM_read_X509_AUX
PEM_read_X509_CERT_PAIR
PEM_read_X509_CRL
PEM_read_X509_REQ
PEM_read_bio
PEM_read_bio_DHparams
PEM_read_bio_DSAPrivateKey
PEM_read_bio_DSA_PUBKEY
PEM_read_bio_DSAparams
PEM_read_bio_ECPKParameters
PEM_read_bio_ECPrivateKey
PEM_read_bio_EC_PUBKEY
PEM_read_bio_NETSCAPE_CERT_SEQUENCE
PEM_read_bio_PKCS7
PEM_read_bio_PKCS8
PEM_read_bio_PKCS8_PRIV_KEY_INFO
PEM_read_bio_PUBKEY
PEM_read_bio_Parameters
PEM_read_bio_PrivateKey
PEM_read_bio_RSAPrivateKey
PEM_read_bio_RSAPublicKey
PEM_read_bio_RSA_PUBKEY
PEM_read_bio_X509
PEM_read_bio_X509_AUX
PEM_read_bio_X509_CERT_PAIR
PEM_read_bio_X509_CRL
PEM_read_bio_X509_REQ
PEM_write
PEM_write_DHparams
PEM_write_DSAPrivateKey
PEM_write_DSA_PUBKEY
PEM_write_DSAparams
PEM_write_ECPKParameters
PEM_write_ECPrivateKey
PEM_write_EC_PUBKEY
PEM_write_NETSCAPE_CERT_SEQUENCE
PEM_write_PKCS7
PEM_write_PKCS8
PEM_write_PKCS8PrivateKey
PEM_write_PKCS8PrivateKey_nid
PEM_write_PKCS8_PRIV_KEY_INFO
PEM_write_PUBKEY
PEM_write_PrivateKey
PEM_write_RSAPrivateKey
PEM_write_RSAPublicKey
PEM_write_RSA_PUBKEY
PEM_write_X509
PEM_write_X509_AUX
PEM_write_X509_CERT_PAIR
PEM_write_X509_CRL
PEM_write_X509_REQ
PEM_write_X509_REQ_NEW
PEM_write_bio
PEM_write_bio_ASN1_stream
PEM_write_bio_DHparams
PEM_write_bio_DSAPrivateKey
PEM_write_bio_DSA_PUBKEY
PEM_write_bio_DSAparams
PEM_write_bio_ECPKParameters
PEM_write_bio_ECPrivateKey
PEM_write_bio_EC_PUBKEY
PEM_write_bio_NETSCAPE_CERT_SEQUENCE
PEM_write_bio_PKCS7
PEM_write_bio_PKCS7_stream
PEM_write_bio_PKCS8
PEM_write_bio_PKCS8PrivateKey
PEM_write_bio_PKCS8PrivateKey_nid
PEM_write_bio_PKCS8_PRIV_KEY_INFO
PEM_write_bio_PUBKEY
PEM_write_bio_Parameters
PEM_write_bio_PrivateKey
PEM_write_bio_RSAPrivateKey
PEM_write_bio_RSAPublicKey
PEM_write_bio_RSA_PUBKEY
PEM_write_bio_X509
PEM_write_bio_X509_AUX
PEM_write_bio_X509_CERT_PAIR
PEM_write_bio_X509_CRL
PEM_write_bio_X509_REQ
PEM_write_bio_X509_REQ_NEW
PKCS12_AUTHSAFES_it
PKCS12_BAGS_free
PKCS12_BAGS_it
PKCS12_BAGS_new
PKCS12_MAC_DATA_free
PKCS12_MAC_DATA_it
PKCS12_MAC_DATA_new
PKCS12_MAKE_KEYBAG
PKCS12_MAKE_SHKEYBAG
PKCS12_PBE_add
PKCS12_PBE_keyivgen
PKCS12_SAFEBAGS_it
PKCS12_SAFEBAG_free
PKCS12_SAFEBAG_it
PKCS12_SAFEBAG_new
PKCS12_add_CSPName_asc
PKCS12_add_cert
PKCS12_add_friendlyname_asc
PKCS12_add_friendlyname_uni
PKCS12_add_key
PKCS12_add_localkeyid
PKCS12_add_safe
PKCS12_add_safes
PKCS12_certbag2x509
PKCS12_certbag2x509crl
PKCS12_create
PKCS12_decrypt_skey
PKCS12_free
PKCS12_gen_mac
PKCS12_get_attr_gen
PKCS12_get_friendlyname
PKCS12_init
PKCS12_it
PKCS12_item_decrypt_d2i
PKCS12_item_i2d_encrypt
PKCS12_item_pack_safebag
PKCS12_key_gen_asc
PKCS12_key_gen_uni
PKCS12_new
PKCS12_newpass
PKCS12_pack_authsafes
PKCS12_pack_p7data
PKCS12_pack_p7encdata
PKCS12_parse
PKCS12_pbe_crypt
PKCS12_set_mac
PKCS12_setup_mac
PKCS12_unpack_authsafes
PKCS12_unpack_p7data
PKCS12_unpack_p7encdata
PKCS12_verify_mac
PKCS12_x5092certbag
PKCS12_x509crl2certbag
PKCS1_MGF1
PKCS5_PBE_add
PKCS5_PBE_keyivgen
PKCS5_PBKDF2_HMAC
PKCS5_PBKDF2_HMAC_SHA1
PKCS5_pbe2_set
PKCS5_pbe2_set_iv
PKCS5_pbe_set
PKCS5_pbe_set0_algor
PKCS5_pbkdf2_set
PKCS5_v2_PBE_keyivgen
PKCS7_ATTR_SIGN_it
PKCS7_ATTR_VERIFY_it
PKCS7_DIGEST_free
PKCS7_DIGEST_it
PKCS7_DIGEST_new
PKCS7_ENCRYPT_free
PKCS7_ENCRYPT_it
PKCS7_ENCRYPT_new
PKCS7_ENC_CONTENT_free
PKCS7_ENC_CONTENT_it
PKCS7_ENC_CONTENT_new
PKCS7_ENVELOPE_free
PKCS7_ENVELOPE_it
PKCS7_ENVELOPE_new
PKCS7_ISSUER_AND_SERIAL_digest
PKCS7_ISSUER_AND_SERIAL_free
PKCS7_ISSUER_AND_SERIAL_it
PKCS7_ISSUER_AND_SERIAL_new
PKCS7_RECIP_INFO_free
PKCS7_RECIP_INFO_get0_alg
PKCS7_RECIP_INFO_it
PKCS7_RECIP_INFO_new
PKCS7_RECIP_INFO_set
PKCS7_SIGNED_free
PKCS7_SIGNED_it
PKCS7_SIGNED_new
PKCS7_SIGNER_INFO_free
PKCS7_SIGNER_INFO_get0_algs
PKCS7_SIGNER_INFO_it
PKCS7_SIGNER_INFO_new
PKCS7_SIGNER_INFO_set
PKCS7_SIGNER_INFO_sign
PKCS7_SIGN_ENVELOPE_free
PKCS7_SIGN_ENVELOPE_it
PKCS7_SIGN_ENVELOPE_new
PKCS7_add0_attrib_signing_time
PKCS7_add1_attrib_digest
PKCS7_add_attrib_content_type
PKCS7_add_attrib_smimecap
PKCS7_add_attribute
PKCS7_add_certificate
PKCS7_add_crl
PKCS7_add_recipient
PKCS7_add_recipient_info
PKCS7_add_signature
PKCS7_add_signed_attribute
PKCS7_add_signer
PKCS7_cert_from_signer_info
PKCS7_content_new
PKCS7_ctrl
PKCS7_dataDecode
PKCS7_dataFinal
PKCS7_dataInit
PKCS7_dataVerify
PKCS7_decrypt
PKCS7_digest_from_attributes
PKCS7_dup
PKCS7_encrypt
PKCS7_final
PKCS7_free
PKCS7_get0_signers
PKCS7_get_attribute
PKCS7_get_issuer_and_serial
PKCS7_get_signed_attribute
PKCS7_get_signer_info
PKCS7_get_smimecap
PKCS7_it
PKCS7_new
PKCS7_print_ctx
PKCS7_set0_type_other
PKCS7_set_attributes
PKCS7_set_cipher
PKCS7_set_content
PKCS7_set_digest
PKCS7_set_signed_attributes
PKCS7_set_type
PKCS7_sign
PKCS7_sign_add_signer
PKCS7_signatureVerify
PKCS7_simple_smimecap
PKCS7_stream
PKCS7_to_TS_TST_INFO
PKCS7_verify
PKCS8_PRIV_KEY_INFO_free
PKCS8_PRIV_KEY_INFO_it
PKCS8_PRIV_KEY_INFO_new
PKCS8_add_keyusage
PKCS8_decrypt
PKCS8_encrypt
PKCS8_pkey_get0
PKCS8_pkey_set0
PKCS8_set_broken
PKEY_USAGE_PERIOD_free
PKEY_USAGE_PERIOD_it
PKEY_USAGE_PERIOD_new
POLICYINFO_free
POLICYINFO_it
POLICYINFO_new
POLICYQUALINFO_free
POLICYQUALINFO_it
POLICYQUALINFO_new
POLICY_CONSTRAINTS_free
POLICY_CONSTRAINTS_it
POLICY_CONSTRAINTS_new
POLICY_MAPPINGS_it
POLICY_MAPPING_free
POLICY_MAPPING_it
POLICY_MAPPING_new
PROXY_CERT_INFO_EXTENSION_free
PROXY_CERT_INFO_EXTENSION_it
PROXY_CERT_INFO_EXTENSION_new
PROXY_POLICY_free
PROXY_POLICY_it
PROXY_POLICY_new
RAND_SSLeay
RAND_add
RAND_bytes
RAND_cleanup
RAND_file_name
RAND_get_rand_method
RAND_load_file
RAND_poll
RAND_pseudo_bytes
RAND_seed
RAND_set_rand_engine
RAND_set_rand_method
RAND_status
RAND_write_file
RC2_cbc_encrypt
RC2_cfb64_encrypt
RC2_decrypt
RC2_ecb_encrypt
RC2_encrypt
RC2_ofb64_encrypt
RC2_set_key
RC4
RC4_options
RC4_set_key
RIPEMD160
RIPEMD160_Final
RIPEMD160_Init
RIPEMD160_Transform
RIPEMD160_Update
RSAPrivateKey_dup
RSAPrivateKey_it
RSAPublicKey_dup
RSAPublicKey_it
RSA_PKCS1_SSLeay
RSA_PSS_PARAMS_free
RSA_PSS_PARAMS_it
RSA_PSS_PARAMS_new
RSA_X931_hash_id
RSA_blinding_off
RSA_blinding_on
RSA_check_key
RSA_flags
RSA_free
RSA_generate_key
RSA_generate_key_ex
RSA_get_default_method
RSA_get_ex_data
RSA_get_ex_new_index
RSA_get_method
RSA_new
RSA_new_method
RSA_padding_add_PKCS1_OAEP
RSA_padding_add_PKCS1_PSS
RSA_padding_add_PKCS1_PSS_mgf1
RSA_padding_add_PKCS1_type_1
RSA_padding_add_PKCS1_type_2
RSA_padding_add_SSLv23
RSA_padding_add_X931
RSA_padding_add_none
RSA_padding_check_PKCS1_OAEP
RSA_padding_check_PKCS1_type_1
RSA_padding_check_PKCS1_type_2
RSA_padding_check_SSLv23
RSA_padding_check_X931
RSA_padding_check_none
RSA_print
RSA_print_fp
RSA_private_decrypt
RSA_private_encrypt
RSA_public_decrypt
RSA_public_encrypt
RSA_set_default_method
RSA_set_ex_data
RSA_set_method
RSA_setup_blinding
RSA_sign
RSA_sign_ASN1_OCTET_STRING
RSA_size
RSA_up_ref
RSA_verify
RSA_verify_ASN1_OCTET_STRING
RSA_verify_PKCS1_PSS
RSA_verify_PKCS1_PSS_mgf1
SHA1
SHA1_Final
SHA1_Init
SHA1_Transform
SHA1_Update
SHA224
SHA224_Final
SHA224_Init
SHA224_Update
SHA256
SHA256_Final
SHA256_Init
SHA256_Transform
SHA256_Update
SHA384
SHA384_Final
SHA384_Init
SHA384_Update
SHA512
SHA512_Final
SHA512_Init
SHA512_Transform
SHA512_Update
SMIME_crlf_copy
SMIME_read_ASN1
SMIME_read_PKCS7
SMIME_text
SMIME_write_ASN1
SMIME_write_PKCS7
SSLeay
SSLeay_version
STREEBOG256
STREEBOG256_Final
STREEBOG256_Init
STREEBOG256_Update
STREEBOG512
STREEBOG512_Final
STREEBOG512_Init
STREEBOG512_Transform
STREEBOG512_Update
SXNETID_free
SXNETID_it
SXNETID_new
SXNET_add_id_INTEGER
SXNET_add_id_asc
SXNET_add_id_ulong
SXNET_free
SXNET_get_id_INTEGER
SXNET_get_id_asc
SXNET_get_id_ulong
SXNET_it
SXNET_new
TS_ACCURACY_dup
TS_ACCURACY_free
TS_ACCURACY_get_micros
TS_ACCURACY_get_millis
TS_ACCURACY_get_seconds
TS_ACCURACY_it
TS_ACCURACY_new
TS_ACCURACY_set_micros
TS_ACCURACY_set_millis
TS_ACCURACY_set_seconds
TS_ASN1_INTEGER_print_bio
TS_CONF_get_tsa_section
TS_CONF_load_cert
TS_CONF_load_certs
TS_CONF_load_key
TS_CONF_set_accuracy
TS_CONF_set_certs
TS_CONF_set_clock_precision_digits
TS_CONF_set_crypto_device
TS_CONF_set_def_policy
TS_CONF_set_default_engine
TS_CONF_set_digests
TS_CONF_set_ess_cert_id_chain
TS_CONF_set_ordering
TS_CONF_set_policies
TS_CONF_set_serial
TS_CONF_set_signer_cert
TS_CONF_set_signer_key
TS_CONF_set_tsa_name
TS_MSG_IMPRINT_dup
TS_MSG_IMPRINT_free
TS_MSG_IMPRINT_get_algo
TS_MSG_IMPRINT_get_msg
TS_MSG_IMPRINT_it
TS_MSG_IMPRINT_new
TS_MSG_IMPRINT_print_bio
TS_MSG_IMPRINT_set_algo
TS_MSG_IMPRINT_set_msg
TS_OBJ_print_bio
TS_REQ_add_ext
TS_REQ_delete_ext
TS_REQ_dup
TS_REQ_ext_free
TS_REQ_free
TS_REQ_get_cert_req
TS_REQ_get_ext
TS_REQ_get_ext_by_NID
TS_REQ_get_ext_by_OBJ
TS_REQ_get_ext_by_critical
TS_REQ_get_ext_count
TS_REQ_get_ext_d2i
TS_REQ_get_exts
TS_REQ_get_msg_imprint
TS_REQ_get_nonce
TS_REQ_get_policy_id
TS_REQ_get_version
TS_REQ_it
TS_REQ_new
TS_REQ_print_bio
TS_REQ_set_cert_req
TS_REQ_set_msg_imprint
TS_REQ_set_nonce
TS_REQ_set_policy_id
TS_REQ_set_version
TS_REQ_to_TS_VERIFY_CTX
TS_RESP_CTX_add_failure_info
TS_RESP_CTX_add_flags
TS_RESP_CTX_add_md
TS_RESP_CTX_add_policy
TS_RESP_CTX_free
TS_RESP_CTX_get_request
TS_RESP_CTX_get_tst_info
TS_RESP_CTX_new
TS_RESP_CTX_set_accuracy
TS_RESP_CTX_set_certs
TS_RESP_CTX_set_clock_precision_digits
TS_RESP_CTX_set_def_policy
TS_RESP_CTX_set_extension_cb
TS_RESP_CTX_set_serial_cb
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_signer_key
TS_RESP_CTX_set_status_info
TS_RESP_CTX_set_status_info_cond
TS_RESP_create_response
TS_RESP_dup
TS_RESP_free
TS_RESP_get_status_info
TS_RESP_get_token
TS_RESP_get_tst_info
TS_RESP_it
TS_RESP_new
TS_RESP_print_bio
TS_RESP_set_status_info
TS_RESP_set_tst_info
TS_RESP_verify_response
TS_RESP_verify_signature
TS_RESP_verify_token
TS_STATUS_INFO_dup
TS_STATUS_INFO_free
TS_STATUS_INFO_it
TS_STATUS_INFO_new
TS_STATUS_INFO_print_bio
TS_TST_INFO_add_ext
TS_TST_INFO_delete_ext
TS_TST_INFO_dup
TS_TST_INFO_ext_free
TS_TST_INFO_free
TS_TST_INFO_get_accuracy
TS_TST_INFO_get_ext
TS_TST_INFO_get_ext_by_NID
TS_TST_INFO_get_ext_by_OBJ
TS_TST_INFO_get_ext_by_critical
TS_TST_INFO_get_ext_count
TS_TST_INFO_get_ext_d2i
TS_TST_INFO_get_exts
TS_TST_INFO_get_msg_imprint
TS_TST_INFO_get_nonce
TS_TST_INFO_get_ordering
TS_TST_INFO_get_policy_id
TS_TST_INFO_get_serial
TS_TST_INFO_get_time
TS_TST_INFO_get_tsa
TS_TST_INFO_get_version
TS_TST_INFO_it
TS_TST_INFO_new
TS_TST_INFO_print_bio
TS_TST_INFO_set_accuracy
TS_TST_INFO_set_msg_imprint
TS_TST_INFO_set_nonce
TS_TST_INFO_set_ordering
TS_TST_INFO_set_policy_id
TS_TST_INFO_set_serial
TS_TST_INFO_set_time
TS_TST_INFO_set_tsa
TS_TST_INFO_set_version
TS_VERIFY_CTX_cleanup
TS_VERIFY_CTX_free
TS_VERIFY_CTX_init
TS_VERIFY_CTX_new
TS_X509_ALGOR_print_bio
TS_ext_print_bio
TXT_DB_create_index
TXT_DB_free
TXT_DB_get_by_index
TXT_DB_insert
TXT_DB_read
TXT_DB_write
UI_OpenSSL
UI_UTIL_read_pw
UI_UTIL_read_pw_string
UI_add_error_string
UI_add_info_string
UI_add_input_boolean
UI_add_input_string
UI_add_user_data
UI_add_verify_string
UI_construct_prompt
UI_create_method
UI_ctrl
UI_destroy_method
UI_dup_error_string
UI_dup_info_string
UI_dup_input_boolean
UI_dup_input_string
UI_dup_verify_string
UI_free
UI_get0_action_string
UI_get0_output_string
UI_get0_result
UI_get0_result_string
UI_get0_test_string
UI_get0_user_data
UI_get_default_method
UI_get_ex_data
UI_get_ex_new_index
UI_get_input_flags
UI_get_method
UI_get_result_maxsize
UI_get_result_minsize
UI_get_string_type
UI_method_get_closer
UI_method_get_flusher
UI_method_get_opener
UI_method_get_prompt_constructor
UI_method_get_reader
UI_method_get_writer
UI_method_set_closer
UI_method_set_flusher
UI_method_set_opener
UI_method_set_prompt_constructor
UI_method_set_reader
UI_method_set_writer
UI_new
UI_new_method
UI_process
UI_set_default_method
UI_set_ex_data
UI_set_method
UI_set_result
USERNOTICE_free
USERNOTICE_it
USERNOTICE_new
WHIRLPOOL
WHIRLPOOL_BitUpdate
WHIRLPOOL_Final
WHIRLPOOL_Init
WHIRLPOOL_Update
X25519
X25519_keypair
X509V3_EXT_CRL_add_conf
X509V3_EXT_CRL_add_nconf
X509V3_EXT_REQ_add_conf
X509V3_EXT_REQ_add_nconf
X509V3_EXT_add
X509V3_EXT_add_alias
X509V3_EXT_add_conf
X509V3_EXT_add_list
X509V3_EXT_add_nconf
X509V3_EXT_add_nconf_sk
X509V3_EXT_cleanup
X509V3_EXT_conf
X509V3_EXT_conf_nid
X509V3_EXT_d2i
X509V3_EXT_get
X509V3_EXT_get_nid
X509V3_EXT_i2d
X509V3_EXT_nconf
X509V3_EXT_nconf_nid
X509V3_EXT_print
X509V3_EXT_print_fp
X509V3_EXT_val_prn
X509V3_NAME_from_section
X509V3_add1_i2d
X509V3_add_standard_extensions
X509V3_add_value
X509V3_add_value_bool
X509V3_add_value_bool_nf
X509V3_add_value_int
X509V3_add_value_uchar
X509V3_conf_free
X509V3_extensions_print
X509V3_get_d2i
X509V3_get_section
X509V3_get_string
X509V3_get_value_bool
X509V3_get_value_int
X509V3_parse_list
X509V3_section_free
X509V3_set_conf_lhash
X509V3_set_ctx
X509V3_set_nconf
X509V3_string_free
X509_ALGORS_it
X509_ALGOR_cmp
X509_ALGOR_dup
X509_ALGOR_free
X509_ALGOR_get0
X509_ALGOR_it
X509_ALGOR_new
X509_ALGOR_set0
X509_ALGOR_set_md
X509_ATTRIBUTE_SET_it
X509_ATTRIBUTE_count
X509_ATTRIBUTE_create
X509_ATTRIBUTE_create_by_NID
X509_ATTRIBUTE_create_by_OBJ
X509_ATTRIBUTE_create_by_txt
X509_ATTRIBUTE_dup
X509_ATTRIBUTE_free
X509_ATTRIBUTE_get0_data
X509_ATTRIBUTE_get0_object
X509_ATTRIBUTE_get0_type
X509_ATTRIBUTE_it
X509_ATTRIBUTE_new
X509_ATTRIBUTE_set1_data
X509_ATTRIBUTE_set1_object
X509_CERT_AUX_free
X509_CERT_AUX_it
X509_CERT_AUX_new
X509_CERT_AUX_print
X509_CERT_PAIR_free
X509_CERT_PAIR_it
X509_CERT_PAIR_new
X509_CINF_free
X509_CINF_it
X509_CINF_new
X509_CRL_INFO_free
X509_CRL_INFO_it
X509_CRL_INFO_new
X509_CRL_METHOD_free
X509_CRL_METHOD_new
X509_CRL_add0_revoked
X509_CRL_add1_ext_i2d
X509_CRL_add_ext
X509_CRL_cmp
X509_CRL_delete_ext
X509_CRL_digest
X509_CRL_dup
X509_CRL_free
X509_CRL_get0_by_cert
X509_CRL_get0_by_serial
X509_CRL_get_ext
X509_CRL_get_ext_by_NID
X509_CRL_get_ext_by_OBJ
X509_CRL_get_ext_by_critical
X509_CRL_get_ext_count
X509_CRL_get_ext_d2i
X509_CRL_get_meth_data
X509_CRL_it
X509_CRL_match
X509_CRL_new
X509_CRL_print
X509_CRL_print_fp
X509_CRL_set_default_method
X509_CRL_set_issuer_name
X509_CRL_set_lastUpdate
X509_CRL_set_meth_data
X509_CRL_set_nextUpdate
X509_CRL_set_version
X509_CRL_sign
X509_CRL_sign_ctx
X509_CRL_sort
X509_CRL_verify
X509_EXTENSIONS_it
X509_EXTENSION_create_by_NID
X509_EXTENSION_create_by_OBJ
X509_EXTENSION_dup
X509_EXTENSION_free
X509_EXTENSION_get_critical
X509_EXTENSION_get_data
X509_EXTENSION_get_object
X509_EXTENSION_it
X509_EXTENSION_new
X509_EXTENSION_set_critical
X509_EXTENSION_set_data
X509_EXTENSION_set_object
X509_INFO_free
X509_INFO_new
X509_LOOKUP_by_alias
X509_LOOKUP_by_fingerprint
X509_LOOKUP_by_issuer_serial
X509_LOOKUP_by_subject
X509_LOOKUP_ctrl
X509_LOOKUP_file
X509_LOOKUP_free
X509_LOOKUP_hash_dir
X509_LOOKUP_init
X509_LOOKUP_mem
X509_LOOKUP_new
X509_LOOKUP_shutdown
X509_NAME_ENTRIES_it
X509_NAME_ENTRY_create_by_NID
X509_NAME_ENTRY_create_by_OBJ
X509_NAME_ENTRY_create_by_txt
X509_NAME_ENTRY_dup
X509_NAME_ENTRY_free
X509_NAME_ENTRY_get_data
X509_NAME_ENTRY_get_object
X509_NAME_ENTRY_it
X509_NAME_ENTRY_new
X509_NAME_ENTRY_set_data
X509_NAME_ENTRY_set_object
X509_NAME_INTERNAL_it
X509_NAME_add_entry
X509_NAME_add_entry_by_NID
X509_NAME_add_entry_by_OBJ
X509_NAME_add_entry_by_txt
X509_NAME_cmp
X509_NAME_delete_entry
X509_NAME_digest
X509_NAME_dup
X509_NAME_entry_count
X509_NAME_free
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_get_index_by_OBJ
X509_NAME_get_text_by_NID
X509_NAME_get_text_by_OBJ
X509_NAME_hash
X509_NAME_hash_old
X509_NAME_it
X509_NAME_new
X509_NAME_oneline
X509_NAME_print
X509_NAME_print_ex
X509_NAME_print_ex_fp
X509_NAME_set
X509_OBJECT_free_contents
X509_OBJECT_idx_by_subject
X509_OBJECT_retrieve_by_subject
X509_OBJECT_retrieve_match
X509_OBJECT_up_ref_count
X509_PKEY_free
X509_PKEY_new
X509_POLICY_NODE_print
X509_PUBKEY_free
X509_PUBKEY_get
X509_PUBKEY_get0_param
X509_PUBKEY_it
X509_PUBKEY_new
X509_PUBKEY_set
X509_PUBKEY_set0_param
X509_PURPOSE_add
X509_PURPOSE_cleanup
X509_PURPOSE_get0
X509_PURPOSE_get0_name
X509_PURPOSE_get0_sname
X509_PURPOSE_get_by_id
X509_PURPOSE_get_by_sname
X509_PURPOSE_get_count
X509_PURPOSE_get_id
X509_PURPOSE_get_trust
X509_PURPOSE_set
X509_REQ_INFO_free
X509_REQ_INFO_it
X509_REQ_INFO_new
X509_REQ_add1_attr
X509_REQ_add1_attr_by_NID
X509_REQ_add1_attr_by_OBJ
X509_REQ_add1_attr_by_txt
X509_REQ_add_extensions
X509_REQ_add_extensions_nid
X509_REQ_check_private_key
X509_REQ_delete_attr
X509_REQ_digest
X509_REQ_dup
X509_REQ_extension_nid
X509_REQ_free
X509_REQ_get1_email
X509_REQ_get_attr
X509_REQ_get_attr_by_NID
X509_REQ_get_attr_by_OBJ
X509_REQ_get_attr_count
X509_REQ_get_extension_nids
X509_REQ_get_extensions
X509_REQ_get_pubkey
X509_REQ_it
X509_REQ_new
X509_REQ_print
X509_REQ_print_ex
X509_REQ_print_fp
X509_REQ_set_extension_nids
X509_REQ_set_pubkey
X509_REQ_set_subject_name
X509_REQ_set_version
X509_REQ_sign
X509_REQ_sign_ctx
X509_REQ_to_X509
X509_REQ_verify
X509_REVOKED_add1_ext_i2d
X509_REVOKED_add_ext
X509_REVOKED_delete_ext
X509_REVOKED_free
X509_REVOKED_get_ext
X509_REVOKED_get_ext_by_NID
X509_REVOKED_get_ext_by_OBJ
X509_REVOKED_get_ext_by_critical
X509_REVOKED_get_ext_count
X509_REVOKED_get_ext_d2i
X509_REVOKED_it
X509_REVOKED_new
X509_REVOKED_set_revocationDate
X509_REVOKED_set_serialNumber
X509_SIG_free
X509_SIG_it
X509_SIG_new
X509_STORE_CTX_cleanup
X509_STORE_CTX_free
X509_STORE_CTX_get0_current_crl
X509_STORE_CTX_get0_current_issuer
X509_STORE_CTX_get0_param
X509_STORE_CTX_get0_parent_ctx
X509_STORE_CTX_get0_policy_tree
X509_STORE_CTX_get1_chain
X509_STORE_CTX_get1_issuer
X509_STORE_CTX_get_chain
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_ex_data
X509_STORE_CTX_get_ex_new_index
X509_STORE_CTX_get_explicit_policy
X509_STORE_CTX_init
X509_STORE_CTX_new
X509_STORE_CTX_purpose_inherit
X509_STORE_CTX_set0_crls
X509_STORE_CTX_set0_param
X509_STORE_CTX_set_cert
X509_STORE_CTX_set_chain
X509_STORE_CTX_set_default
X509_STORE_CTX_set_depth
X509_STORE_CTX_set_error
X509_STORE_CTX_set_ex_data
X509_STORE_CTX_set_flags
X509_STORE_CTX_set_purpose
X509_STORE_CTX_set_time
X509_STORE_CTX_set_trust
X509_STORE_CTX_set_verify_cb
X509_STORE_CTX_trusted_stack
X509_STORE_add_cert
X509_STORE_add_crl
X509_STORE_add_lookup
X509_STORE_free
X509_STORE_get1_certs
X509_STORE_get1_crls
X509_STORE_get_by_subject
X509_STORE_load_locations
X509_STORE_load_mem
X509_STORE_new
X509_STORE_set1_param
X509_STORE_set_default_paths
X509_STORE_set_depth
X509_STORE_set_flags
X509_STORE_set_purpose
X509_STORE_set_trust
X509_STORE_set_verify_cb
X509_TRUST_add
X509_TRUST_cleanup
X509_TRUST_get0
X509_TRUST_get0_name
X509_TRUST_get_by_id
X509_TRUST_get_count
X509_TRUST_get_flags
X509_TRUST_get_trust
X509_TRUST_set
X509_TRUST_set_default
X509_VAL_free
X509_VAL_it
X509_VAL_new
X509_VERIFY_PARAM_add0_policy
X509_VERIFY_PARAM_add0_table
X509_VERIFY_PARAM_clear_flags
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_get_depth
X509_VERIFY_PARAM_get_flags
X509_VERIFY_PARAM_inherit
X509_VERIFY_PARAM_lookup
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_set1
X509_VERIFY_PARAM_set1_name
X509_VERIFY_PARAM_set1_policies
X509_VERIFY_PARAM_set_depth
X509_VERIFY_PARAM_set_flags
X509_VERIFY_PARAM_set_purpose
X509_VERIFY_PARAM_set_time
X509_VERIFY_PARAM_set_trust
X509_VERIFY_PARAM_table_cleanup
X509_add1_ext_i2d
X509_add1_reject_object
X509_add1_trust_object
X509_add_ext
X509_alias_get0
X509_alias_set1
X509_certificate_type
X509_check_akid
X509_check_ca
X509_check_email
X509_check_host
X509_check_ip
X509_check_ip_asc
X509_check_issued
X509_check_private_key
X509_check_purpose
X509_check_trust
X509_cmp
X509_cmp_current_time
X509_cmp_time
X509_delete_ext
X509_digest
X509_dup
X509_email_free
X509_find_by_issuer_and_serial
X509_find_by_subject
X509_free
X509_get0_pubkey_bitstr
X509_get1_email
X509_get1_ocsp
X509_get_default_cert_area
X509_get_default_cert_dir
X509_get_default_cert_dir_env
X509_get_default_cert_file
X509_get_default_cert_file_env
X509_get_default_private_dir
X509_get_ex_data
X509_get_ex_new_index
X509_get_ext
X509_get_ext_by_NID
X509_get_ext_by_OBJ
X509_get_ext_by_critical
X509_get_ext_count
X509_get_ext_d2i
X509_get_issuer_name
X509_get_pubkey
X509_get_pubkey_parameters
X509_get_serialNumber
X509_get_subject_name
X509_gmtime_adj
X509_issuer_and_serial_cmp
X509_issuer_and_serial_hash
X509_issuer_name_cmp
X509_issuer_name_hash
X509_issuer_name_hash_old
X509_it
X509_keyid_get0
X509_keyid_set1
X509_load_cert_crl_file
X509_load_cert_file
X509_load_crl_file
X509_new
X509_ocspid_print
X509_policy_check
X509_policy_level_get0_node
X509_policy_level_node_count
X509_policy_node_get0_parent
X509_policy_node_get0_policy
X509_policy_node_get0_qualifiers
X509_policy_tree_free
X509_policy_tree_get0_level
X509_policy_tree_get0_policies
X509_policy_tree_get0_user_policies
X509_policy_tree_level_count
X509_print
X509_print_ex
X509_print_ex_fp
X509_print_fp
X509_pubkey_digest
X509_reject_clear
X509_set_ex_data
X509_set_issuer_name
X509_set_notAfter
X509_set_notBefore
X509_set_pubkey
X509_set_serialNumber
X509_set_subject_name
X509_set_version
X509_sign
X509_sign_ctx
X509_signature_dump
X509_signature_print
X509_subject_name_cmp
X509_subject_name_hash
X509_subject_name_hash_old
X509_supported_extension
X509_time_adj
X509_time_adj_ex
X509_to_X509_REQ
X509_trust_clear
X509_up_ref
X509_verify
X509_verify_cert
X509_verify_cert_error_string
X509at_add1_attr
X509at_add1_attr_by_NID
X509at_add1_attr_by_OBJ
X509at_add1_attr_by_txt
X509at_delete_attr
X509at_get0_data_by_OBJ
X509at_get_attr
X509at_get_attr_by_NID
X509at_get_attr_by_OBJ
X509at_get_attr_count
X509v3_add_ext
X509v3_delete_ext
X509v3_get_ext
X509v3_get_ext_by_NID
X509v3_get_ext_by_OBJ
X509v3_get_ext_by_critical
X509v3_get_ext_count
X9_62_CHARACTERISTIC_TWO_free
X9_62_CHARACTERISTIC_TWO_it
X9_62_CHARACTERISTIC_TWO_new
X9_62_CURVE_it
X9_62_FIELDID_it
X9_62_PENTANOMIAL_free
X9_62_PENTANOMIAL_it
X9_62_PENTANOMIAL_new
ZLONG_it
a2d_ASN1_OBJECT
a2i_ASN1_ENUMERATED
a2i_ASN1_INTEGER
a2i_ASN1_STRING
a2i_GENERAL_NAME
a2i_IPADDRESS
a2i_IPADDRESS_NC
a2i_ipadd
asn1_Finish
asn1_GetSequence
asn1_add_error
asn1_const_Finish
asn1_do_adb
asn1_do_lock
asn1_enc_free
asn1_enc_init
asn1_enc_restore
asn1_enc_save
asn1_ex_c2i
asn1_get_choice_selector
asn1_get_field_ptr
asn1_set_choice_selector
b2i_PVK_bio
b2i_PrivateKey
b2i_PrivateKey_bio
b2i_PublicKey
b2i_PublicKey_bio
c2i_ASN1_BIT_STRING
c2i_ASN1_INTEGER
c2i_ASN1_OBJECT
check_defer
d2i_ACCESS_DESCRIPTION
d2i_ASN1_BIT_STRING
d2i_ASN1_BMPSTRING
d2i_ASN1_BOOLEAN
d2i_ASN1_ENUMERATED
d2i_ASN1_GENERALIZEDTIME
d2i_ASN1_GENERALSTRING
d2i_ASN1_IA5STRING
d2i_ASN1_INTEGER
d2i_ASN1_NULL
d2i_ASN1_OBJECT
d2i_ASN1_OCTET_STRING
d2i_ASN1_PRINTABLE
d2i_ASN1_PRINTABLESTRING
d2i_ASN1_SEQUENCE_ANY
d2i_ASN1_SET
d2i_ASN1_SET_ANY
d2i_ASN1_T61STRING
d2i_ASN1_TIME
d2i_ASN1_TYPE
d2i_ASN1_UINTEGER
d2i_ASN1_UNIVERSALSTRING
d2i_ASN1_UTCTIME
d2i_ASN1_UTF8STRING
d2i_ASN1_VISIBLESTRING
d2i_ASN1_bytes
d2i_ASN1_type_bytes
d2i_AUTHORITY_INFO_ACCESS
d2i_AUTHORITY_KEYID
d2i_AutoPrivateKey
d2i_BASIC_CONSTRAINTS
d2i_CERTIFICATEPOLICIES
d2i_CRL_DIST_POINTS
d2i_DHparams
d2i_DHparams_bio
d2i_DHparams_fp
d2i_DIRECTORYSTRING
d2i_DISPLAYTEXT
d2i_DIST_POINT
d2i_DIST_POINT_NAME
d2i_DSAPrivateKey
d2i_DSAPrivateKey_bio
d2i_DSAPrivateKey_fp
d2i_DSAPublicKey
d2i_DSA_PUBKEY
d2i_DSA_PUBKEY_bio
d2i_DSA_PUBKEY_fp
d2i_DSA_SIG
d2i_DSAparams
d2i_DSAparams_bio
d2i_DSAparams_fp
d2i_ECDSA_SIG
d2i_ECPKPARAMETERS
d2i_ECPKParameters
d2i_ECParameters
d2i_ECPrivateKey
d2i_ECPrivateKey_bio
d2i_ECPrivateKey_fp
d2i_EC_PRIVATEKEY
d2i_EC_PUBKEY
d2i_EC_PUBKEY_bio
d2i_EC_PUBKEY_fp
d2i_EDIPARTYNAME
d2i_ESS_CERT_ID
d2i_ESS_ISSUER_SERIAL
d2i_ESS_SIGNING_CERT
d2i_EXTENDED_KEY_USAGE
d2i_GENERAL_NAME
d2i_GENERAL_NAMES
d2i_GOST_CIPHER_PARAMS
d2i_ISSUING_DIST_POINT
d2i_NETSCAPE_CERT_SEQUENCE
d2i_NETSCAPE_ENCRYPTED_PKEY
d2i_NETSCAPE_PKEY
d2i_NETSCAPE_SPKAC
d2i_NETSCAPE_SPKI
d2i_NETSCAPE_X509
d2i_NOTICEREF
d2i_Netscape_RSA
d2i_OCSP_BASICRESP
d2i_OCSP_CERTID
d2i_OCSP_CERTSTATUS
d2i_OCSP_CRLID
d2i_OCSP_ONEREQ
d2i_OCSP_REQINFO
d2i_OCSP_REQUEST
d2i_OCSP_REQUEST_bio
d2i_OCSP_RESPBYTES
d2i_OCSP_RESPDATA
d2i_OCSP_RESPID
d2i_OCSP_RESPONSE
d2i_OCSP_RESPONSE_bio
d2i_OCSP_REVOKEDINFO
d2i_OCSP_SERVICELOC
d2i_OCSP_SIGNATURE
d2i_OCSP_SINGLERESP
d2i_OTHERNAME
d2i_PBE2PARAM
d2i_PBEPARAM
d2i_PBKDF2PARAM
d2i_PKCS12
d2i_PKCS12_BAGS
d2i_PKCS12_MAC_DATA
d2i_PKCS12_SAFEBAG
d2i_PKCS12_bio
d2i_PKCS12_fp
d2i_PKCS7
d2i_PKCS7_DIGEST
d2i_PKCS7_ENCRYPT
d2i_PKCS7_ENC_CONTENT
d2i_PKCS7_ENVELOPE
d2i_PKCS7_ISSUER_AND_SERIAL
d2i_PKCS7_RECIP_INFO
d2i_PKCS7_SIGNED
d2i_PKCS7_SIGNER_INFO
d2i_PKCS7_SIGN_ENVELOPE
d2i_PKCS7_bio
d2i_PKCS7_fp
d2i_PKCS8PrivateKey_bio
d2i_PKCS8PrivateKey_fp
d2i_PKCS8_PRIV_KEY_INFO
d2i_PKCS8_PRIV_KEY_INFO_bio
d2i_PKCS8_PRIV_KEY_INFO_fp
d2i_PKCS8_bio
d2i_PKCS8_fp
d2i_PKEY_USAGE_PERIOD
d2i_POLICYINFO
d2i_POLICYQUALINFO
d2i_PROXY_CERT_INFO_EXTENSION
d2i_PROXY_POLICY
d2i_PUBKEY
d2i_PUBKEY_bio
d2i_PUBKEY_fp
d2i_PrivateKey
d2i_PrivateKey_bio
d2i_PrivateKey_fp
d2i_PublicKey
d2i_RSAPrivateKey
d2i_RSAPrivateKey_bio
d2i_RSAPrivateKey_fp
d2i_RSAPublicKey
d2i_RSAPublicKey_bio
d2i_RSAPublicKey_fp
d2i_RSA_NET
d2i_RSA_PSS_PARAMS
d2i_RSA_PUBKEY
d2i_RSA_PUBKEY_bio
d2i_RSA_PUBKEY_fp
d2i_SXNET
d2i_SXNETID
d2i_TS_ACCURACY
d2i_TS_MSG_IMPRINT
d2i_TS_MSG_IMPRINT_bio
d2i_TS_MSG_IMPRINT_fp
d2i_TS_REQ
d2i_TS_REQ_bio
d2i_TS_REQ_fp
d2i_TS_RESP
d2i_TS_RESP_bio
d2i_TS_RESP_fp
d2i_TS_STATUS_INFO
d2i_TS_TST_INFO
d2i_TS_TST_INFO_bio
d2i_TS_TST_INFO_fp
d2i_USERNOTICE
d2i_X509
d2i_X509_ALGOR
d2i_X509_ALGORS
d2i_X509_ATTRIBUTE
d2i_X509_AUX
d2i_X509_CERT_AUX
d2i_X509_CERT_PAIR
d2i_X509_CINF
d2i_X509_CRL
d2i_X509_CRL_INFO
d2i_X509_CRL_bio
d2i_X509_CRL_fp
d2i_X509_EXTENSION
d2i_X509_EXTENSIONS
d2i_X509_NAME
d2i_X509_NAME_ENTRY
d2i_X509_PUBKEY
d2i_X509_REQ
d2i_X509_REQ_INFO
d2i_X509_REQ_bio
d2i_X509_REQ_fp
d2i_X509_REVOKED
d2i_X509_SIG
d2i_X509_VAL
d2i_X509_bio
d2i_X509_fp
get_rfc2409_prime_1024
get_rfc2409_prime_768
get_rfc3526_prime_1536
get_rfc3526_prime_2048
get_rfc3526_prime_3072
get_rfc3526_prime_4096
get_rfc3526_prime_6144
get_rfc3526_prime_8192
hex_to_string
i2a_ACCESS_DESCRIPTION
i2a_ASN1_ENUMERATED
i2a_ASN1_INTEGER
i2a_ASN1_OBJECT
i2a_ASN1_STRING
i2b_PVK_bio
i2b_PrivateKey_bio
i2b_PublicKey_bio
i2c_ASN1_BIT_STRING
i2c_ASN1_INTEGER
i2d_ACCESS_DESCRIPTION
i2d_ASN1_BIT_STRING
i2d_ASN1_BMPSTRING
i2d_ASN1_BOOLEAN
i2d_ASN1_ENUMERATED
i2d_ASN1_GENERALIZEDTIME
i2d_ASN1_GENERALSTRING
i2d_ASN1_IA5STRING
i2d_ASN1_INTEGER
i2d_ASN1_NULL
i2d_ASN1_OBJECT
i2d_ASN1_OCTET_STRING
i2d_ASN1_PRINTABLE
i2d_ASN1_PRINTABLESTRING
i2d_ASN1_SEQUENCE_ANY
i2d_ASN1_SET
i2d_ASN1_SET_ANY
i2d_ASN1_T61STRING
i2d_ASN1_TIME
i2d_ASN1_TYPE
i2d_ASN1_UNIVERSALSTRING
i2d_ASN1_UTCTIME
i2d_ASN1_UTF8STRING
i2d_ASN1_VISIBLESTRING
i2d_ASN1_bio_stream
i2d_ASN1_bytes
i2d_AUTHORITY_INFO_ACCESS
i2d_AUTHORITY_KEYID
i2d_BASIC_CONSTRAINTS
i2d_CERTIFICATEPOLICIES
i2d_CRL_DIST_POINTS
i2d_DHparams
i2d_DHparams_bio
i2d_DHparams_fp
i2d_DIRECTORYSTRING
i2d_DISPLAYTEXT
i2d_DIST_POINT
i2d_DIST_POINT_NAME
i2d_DSAPrivateKey
i2d_DSAPrivateKey_bio
i2d_DSAPrivateKey_fp
i2d_DSAPublicKey
i2d_DSA_PUBKEY
i2d_DSA_PUBKEY_bio
i2d_DSA_PUBKEY_fp
i2d_DSA_SIG
i2d_DSAparams
i2d_DSAparams_bio
i2d_DSAparams_fp
i2d_ECDSA_SIG
i2d_ECPKPARAMETERS
i2d_ECPKParameters
i2d_ECParameters
i2d_ECPrivateKey
i2d_ECPrivateKey_bio
i2d_ECPrivateKey_fp
i2d_EC_PRIVATEKEY
i2d_EC_PUBKEY
i2d_EC_PUBKEY_bio
i2d_EC_PUBKEY_fp
i2d_EDIPARTYNAME
i2d_ESS_CERT_ID
i2d_ESS_ISSUER_SERIAL
i2d_ESS_SIGNING_CERT
i2d_EXTENDED_KEY_USAGE
i2d_GENERAL_NAME
i2d_GENERAL_NAMES
i2d_GOST_CIPHER_PARAMS
i2d_ISSUING_DIST_POINT
i2d_NETSCAPE_CERT_SEQUENCE
i2d_NETSCAPE_ENCRYPTED_PKEY
i2d_NETSCAPE_PKEY
i2d_NETSCAPE_SPKAC
i2d_NETSCAPE_SPKI
i2d_NETSCAPE_X509
i2d_NOTICEREF
i2d_Netscape_RSA
i2d_OCSP_BASICRESP
i2d_OCSP_CERTID
i2d_OCSP_CERTSTATUS
i2d_OCSP_CRLID
i2d_OCSP_ONEREQ
i2d_OCSP_REQINFO
i2d_OCSP_REQUEST
i2d_OCSP_REQUEST_bio
i2d_OCSP_RESPBYTES
i2d_OCSP_RESPDATA
i2d_OCSP_RESPID
i2d_OCSP_RESPONSE
i2d_OCSP_RESPONSE_bio
i2d_OCSP_REVOKEDINFO
i2d_OCSP_SERVICELOC
i2d_OCSP_SIGNATURE
i2d_OCSP_SINGLERESP
i2d_OTHERNAME
i2d_PBE2PARAM
i2d_PBEPARAM
i2d_PBKDF2PARAM
i2d_PKCS12
i2d_PKCS12_BAGS
i2d_PKCS12_MAC_DATA
i2d_PKCS12_SAFEBAG
i2d_PKCS12_bio
i2d_PKCS12_fp
i2d_PKCS7
i2d_PKCS7_DIGEST
i2d_PKCS7_ENCRYPT
i2d_PKCS7_ENC_CONTENT
i2d_PKCS7_ENVELOPE
i2d_PKCS7_ISSUER_AND_SERIAL
i2d_PKCS7_NDEF
i2d_PKCS7_RECIP_INFO
i2d_PKCS7_SIGNED
i2d_PKCS7_SIGNER_INFO
i2d_PKCS7_SIGN_ENVELOPE
i2d_PKCS7_bio
i2d_PKCS7_bio_stream
i2d_PKCS7_fp
i2d_PKCS8PrivateKeyInfo_bio
i2d_PKCS8PrivateKeyInfo_fp
i2d_PKCS8PrivateKey_bio
i2d_PKCS8PrivateKey_fp
i2d_PKCS8PrivateKey_nid_bio
i2d_PKCS8PrivateKey_nid_fp
i2d_PKCS8_PRIV_KEY_INFO
i2d_PKCS8_PRIV_KEY_INFO_bio
i2d_PKCS8_PRIV_KEY_INFO_fp
i2d_PKCS8_bio
i2d_PKCS8_fp
i2d_PKEY_USAGE_PERIOD
i2d_POLICYINFO
i2d_POLICYQUALINFO
i2d_PROXY_CERT_INFO_EXTENSION
i2d_PROXY_POLICY
i2d_PUBKEY
i2d_PUBKEY_bio
i2d_PUBKEY_fp
i2d_PrivateKey
i2d_PrivateKey_bio
i2d_PrivateKey_fp
i2d_PublicKey
i2d_RSAPrivateKey
i2d_RSAPrivateKey_bio
i2d_RSAPrivateKey_fp
i2d_RSAPublicKey
i2d_RSAPublicKey_bio
i2d_RSAPublicKey_fp
i2d_RSA_NET
i2d_RSA_PSS_PARAMS
i2d_RSA_PUBKEY
i2d_RSA_PUBKEY_bio
i2d_RSA_PUBKEY_fp
i2d_SXNET
i2d_SXNETID
i2d_TS_ACCURACY
i2d_TS_MSG_IMPRINT
i2d_TS_MSG_IMPRINT_bio
i2d_TS_MSG_IMPRINT_fp
i2d_TS_REQ
i2d_TS_REQ_bio
i2d_TS_REQ_fp
i2d_TS_RESP
i2d_TS_RESP_bio
i2d_TS_RESP_fp
i2d_TS_STATUS_INFO
i2d_TS_TST_INFO
i2d_TS_TST_INFO_bio
i2d_TS_TST_INFO_fp
i2d_USERNOTICE
i2d_X509
i2d_X509_ALGOR
i2d_X509_ALGORS
i2d_X509_ATTRIBUTE
i2d_X509_AUX
i2d_X509_CERT_AUX
i2d_X509_CERT_PAIR
i2d_X509_CINF
i2d_X509_CRL
i2d_X509_CRL_INFO
i2d_X509_CRL_bio
i2d_X509_CRL_fp
i2d_X509_EXTENSION
i2d_X509_EXTENSIONS
i2d_X509_NAME
i2d_X509_NAME_ENTRY
i2d_X509_PUBKEY
i2d_X509_REQ
i2d_X509_REQ_INFO
i2d_X509_REQ_bio
i2d_X509_REQ_fp
i2d_X509_REVOKED
i2d_X509_SIG
i2d_X509_VAL
i2d_X509_bio
i2d_X509_fp
i2o_ECPublicKey
i2s_ASN1_ENUMERATED
i2s_ASN1_ENUMERATED_TABLE
i2s_ASN1_INTEGER
i2s_ASN1_OCTET_STRING
i2t_ASN1_OBJECT
i2v_ASN1_BIT_STRING
i2v_GENERAL_NAME
i2v_GENERAL_NAMES
idea_cbc_encrypt
idea_cfb64_encrypt
idea_ecb_encrypt
idea_encrypt
idea_ofb64_encrypt
idea_options
idea_set_decrypt_key
idea_set_encrypt_key
lh_delete
lh_doall
lh_doall_arg
lh_free
lh_insert
lh_new
lh_node_stats
lh_node_stats_bio
lh_node_usage_stats
lh_node_usage_stats_bio
lh_num_items
lh_retrieve
lh_stats
lh_stats_bio
lh_strhash
name_cmp
o2i_ECPublicKey
obj_cleanup_defer
s2i_ASN1_INTEGER
s2i_ASN1_OCTET_STRING
sk_delete
sk_delete_ptr
sk_dup
sk_find
sk_find_ex
sk_free
sk_insert
sk_is_sorted
sk_new
sk_new_null
sk_num
sk_pop
sk_pop_free
sk_push
sk_set
sk_set_cmp_func
sk_shift
sk_sort
sk_unshift
sk_value
sk_zero
string_to_hex
v2i_ASN1_BIT_STRING
v2i_GENERAL_NAME
v2i_GENERAL_NAMES
v2i_GENERAL_NAME_ex
Added jni/libressl/crypto/curve25519/curve25519-generic.c.


































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/*
 * Copyright (c) 2015, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
 * 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as
 * public domain but this file has the ISC license just to keep licencing
 * simple.
 *
 * The field functions are shared by Ed25519 and X25519 where possible.
 */

#include "curve25519_internal.h"

void
x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
    const uint8_t point[32])
{
	x25519_scalar_mult_generic(out, scalar, point);
}
Added jni/libressl/crypto/curve25519/curve25519.c.












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
/*
 * Copyright (c) 2015, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
 * 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as
 * public domain but this file has the ISC license just to keep licencing
 * simple.
 *
 * The field functions are shared by Ed25519 and X25519 where possible.
 */

#include <stdlib.h>
#include <string.h>

#include <openssl/curve25519.h>

#ifdef ED25519
#include <openssl/sha.h>
#endif

#include "curve25519_internal.h"

static const int64_t kBottom25Bits = 0x1ffffffLL;
static const int64_t kBottom26Bits = 0x3ffffffLL;
static const int64_t kTop39Bits = 0xfffffffffe000000LL;
static const int64_t kTop38Bits = 0xfffffffffc000000LL;

static uint64_t load_3(const uint8_t *in) {
  uint64_t result;
  result = (uint64_t)in[0];
  result |= ((uint64_t)in[1]) << 8;
  result |= ((uint64_t)in[2]) << 16;
  return result;
}

static uint64_t load_4(const uint8_t *in) {
  uint64_t result;
  result = (uint64_t)in[0];
  result |= ((uint64_t)in[1]) << 8;
  result |= ((uint64_t)in[2]) << 16;
  result |= ((uint64_t)in[3]) << 24;
  return result;
}

static void fe_frombytes(fe h, const uint8_t *s) {
  /* Ignores top bit of h. */
  int64_t h0 = load_4(s);
  int64_t h1 = load_3(s + 4) << 6;
  int64_t h2 = load_3(s + 7) << 5;
  int64_t h3 = load_3(s + 10) << 3;
  int64_t h4 = load_3(s + 13) << 2;
  int64_t h5 = load_4(s + 16);
  int64_t h6 = load_3(s + 20) << 7;
  int64_t h7 = load_3(s + 23) << 5;
  int64_t h8 = load_3(s + 26) << 4;
  int64_t h9 = (load_3(s + 29) & 8388607) << 2;
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;

  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;

  h[0] = h0;
  h[1] = h1;
  h[2] = h2;
  h[3] = h3;
  h[4] = h4;
  h[5] = h5;
  h[6] = h6;
  h[7] = h7;
  h[8] = h8;
  h[9] = h9;
}

/* Preconditions:
 *  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 *
 * Write p=2^255-19; q=floor(h/p).
 * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
 *
 * Proof:
 *   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
 *   Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
 *
 *   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
 *   Then 0<y<1.
 *
 *   Write r=h-pq.
 *   Have 0<=r<=p-1=2^255-20.
 *   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
 *
 *   Write x=r+19(2^-255)r+y.
 *   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
 *
 *   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
 *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. */
static void fe_tobytes(uint8_t *s, const fe h) {
  int32_t h0 = h[0];
  int32_t h1 = h[1];
  int32_t h2 = h[2];
  int32_t h3 = h[3];
  int32_t h4 = h[4];
  int32_t h5 = h[5];
  int32_t h6 = h[6];
  int32_t h7 = h[7];
  int32_t h8 = h[8];
  int32_t h9 = h[9];
  int32_t q;

  q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
  q = (h0 + q) >> 26;
  q = (h1 + q) >> 25;
  q = (h2 + q) >> 26;
  q = (h3 + q) >> 25;
  q = (h4 + q) >> 26;
  q = (h5 + q) >> 25;
  q = (h6 + q) >> 26;
  q = (h7 + q) >> 25;
  q = (h8 + q) >> 26;
  q = (h9 + q) >> 25;

  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
  h0 += 19 * q;
  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */

  h1 += h0 >> 26; h0 &= kBottom26Bits;
  h2 += h1 >> 25; h1 &= kBottom25Bits;
  h3 += h2 >> 26; h2 &= kBottom26Bits;
  h4 += h3 >> 25; h3 &= kBottom25Bits;
  h5 += h4 >> 26; h4 &= kBottom26Bits;
  h6 += h5 >> 25; h5 &= kBottom25Bits;
  h7 += h6 >> 26; h6 &= kBottom26Bits;
  h8 += h7 >> 25; h7 &= kBottom25Bits;
  h9 += h8 >> 26; h8 &= kBottom26Bits;
                  h9 &= kBottom25Bits;
                  /* h10 = carry9 */

  /* Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
   * Have h0+...+2^230 h9 between 0 and 2^255-1;
   * evidently 2^255 h10-2^255 q = 0.
   * Goal: Output h0+...+2^230 h9.  */

  s[0] = h0 >> 0;
  s[1] = h0 >> 8;
  s[2] = h0 >> 16;
  s[3] = (h0 >> 24) | ((uint32_t)(h1) << 2);
  s[4] = h1 >> 6;
  s[5] = h1 >> 14;
  s[6] = (h1 >> 22) | ((uint32_t)(h2) << 3);
  s[7] = h2 >> 5;
  s[8] = h2 >> 13;
  s[9] = (h2 >> 21) | ((uint32_t)(h3) << 5);
  s[10] = h3 >> 3;
  s[11] = h3 >> 11;
  s[12] = (h3 >> 19) | ((uint32_t)(h4) << 6);
  s[13] = h4 >> 2;
  s[14] = h4 >> 10;
  s[15] = h4 >> 18;
  s[16] = h5 >> 0;
  s[17] = h5 >> 8;
  s[18] = h5 >> 16;
  s[19] = (h5 >> 24) | ((uint32_t)(h6) << 1);
  s[20] = h6 >> 7;
  s[21] = h6 >> 15;
  s[22] = (h6 >> 23) | ((uint32_t)(h7) << 3);
  s[23] = h7 >> 5;
  s[24] = h7 >> 13;
  s[25] = (h7 >> 21) | ((uint32_t)(h8) << 4);
  s[26] = h8 >> 4;
  s[27] = h8 >> 12;
  s[28] = (h8 >> 20) | ((uint32_t)(h9) << 6);
  s[29] = h9 >> 2;
  s[30] = h9 >> 10;
  s[31] = h9 >> 18;
}

/* h = f */
static void fe_copy(fe h, const fe f) {
  memmove(h, f, sizeof(int32_t) * 10);
}

/* h = 0 */
static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); }

/* h = 1 */
static void fe_1(fe h) {
  memset(h, 0, sizeof(int32_t) * 10);
  h[0] = 1;
}

/* h = f + g
 * Can overlap h with f or g.
 *
 * Preconditions:
 *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
static void fe_add(fe h, const fe f, const fe g) {
  unsigned i;
  for (i = 0; i < 10; i++) {
    h[i] = f[i] + g[i];
  }
}

/* h = f - g
 * Can overlap h with f or g.
 *
 * Preconditions:
 *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
static void fe_sub(fe h, const fe f, const fe g) {
  unsigned i;
  for (i = 0; i < 10; i++) {
    h[i] = f[i] - g[i];
  }
}

/* h = f * g
 * Can overlap h with f or g.
 *
 * Preconditions:
 *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
 *    |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
 *
 * Notes on implementation strategy:
 *
 * Using schoolbook multiplication.
 * Karatsuba would save a little in some cost models.
 *
 * Most multiplications by 2 and 19 are 32-bit precomputations;
 * cheaper than 64-bit postcomputations.
 *
 * There is one remaining multiplication by 19 in the carry chain;
 * one *19 precomputation can be merged into this,
 * but the resulting data flow is considerably less clean.
 *
 * There are 12 carries below.
 * 10 of them are 2-way parallelizable and vectorizable.
 * Can get away with 11 carries, but then data flow is much deeper.
 *
 * With tighter constraints on inputs can squeeze carries into int32. */
static void fe_mul(fe h, const fe f, const fe g) {
  int32_t f0 = f[0];
  int32_t f1 = f[1];
  int32_t f2 = f[2];
  int32_t f3 = f[3];
  int32_t f4 = f[4];
  int32_t f5 = f[5];
  int32_t f6 = f[6];
  int32_t f7 = f[7];
  int32_t f8 = f[8];
  int32_t f9 = f[9];
  int32_t g0 = g[0];
  int32_t g1 = g[1];
  int32_t g2 = g[2];
  int32_t g3 = g[3];
  int32_t g4 = g[4];
  int32_t g5 = g[5];
  int32_t g6 = g[6];
  int32_t g7 = g[7];
  int32_t g8 = g[8];
  int32_t g9 = g[9];
  int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
  int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
  int32_t g3_19 = 19 * g3;
  int32_t g4_19 = 19 * g4;
  int32_t g5_19 = 19 * g5;
  int32_t g6_19 = 19 * g6;
  int32_t g7_19 = 19 * g7;
  int32_t g8_19 = 19 * g8;
  int32_t g9_19 = 19 * g9;
  int32_t f1_2 = 2 * f1;
  int32_t f3_2 = 2 * f3;
  int32_t f5_2 = 2 * f5;
  int32_t f7_2 = 2 * f7;
  int32_t f9_2 = 2 * f9;
  int64_t f0g0    = f0   * (int64_t) g0;
  int64_t f0g1    = f0   * (int64_t) g1;
  int64_t f0g2    = f0   * (int64_t) g2;
  int64_t f0g3    = f0   * (int64_t) g3;
  int64_t f0g4    = f0   * (int64_t) g4;
  int64_t f0g5    = f0   * (int64_t) g5;
  int64_t f0g6    = f0   * (int64_t) g6;
  int64_t f0g7    = f0   * (int64_t) g7;
  int64_t f0g8    = f0   * (int64_t) g8;
  int64_t f0g9    = f0   * (int64_t) g9;
  int64_t f1g0    = f1   * (int64_t) g0;
  int64_t f1g1_2  = f1_2 * (int64_t) g1;
  int64_t f1g2    = f1   * (int64_t) g2;
  int64_t f1g3_2  = f1_2 * (int64_t) g3;
  int64_t f1g4    = f1   * (int64_t) g4;
  int64_t f1g5_2  = f1_2 * (int64_t) g5;
  int64_t f1g6    = f1   * (int64_t) g6;
  int64_t f1g7_2  = f1_2 * (int64_t) g7;
  int64_t f1g8    = f1   * (int64_t) g8;
  int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
  int64_t f2g0    = f2   * (int64_t) g0;
  int64_t f2g1    = f2   * (int64_t) g1;
  int64_t f2g2    = f2   * (int64_t) g2;
  int64_t f2g3    = f2   * (int64_t) g3;
  int64_t f2g4    = f2   * (int64_t) g4;
  int64_t f2g5    = f2   * (int64_t) g5;
  int64_t f2g6    = f2   * (int64_t) g6;
  int64_t f2g7    = f2   * (int64_t) g7;
  int64_t f2g8_19 = f2   * (int64_t) g8_19;
  int64_t f2g9_19 = f2   * (int64_t) g9_19;
  int64_t f3g0    = f3   * (int64_t) g0;
  int64_t f3g1_2  = f3_2 * (int64_t) g1;
  int64_t f3g2    = f3   * (int64_t) g2;
  int64_t f3g3_2  = f3_2 * (int64_t) g3;
  int64_t f3g4    = f3   * (int64_t) g4;
  int64_t f3g5_2  = f3_2 * (int64_t) g5;
  int64_t f3g6    = f3   * (int64_t) g6;
  int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
  int64_t f3g8_19 = f3   * (int64_t) g8_19;
  int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
  int64_t f4g0    = f4   * (int64_t) g0;
  int64_t f4g1    = f4   * (int64_t) g1;
  int64_t f4g2    = f4   * (int64_t) g2;
  int64_t f4g3    = f4   * (int64_t) g3;
  int64_t f4g4    = f4   * (int64_t) g4;
  int64_t f4g5    = f4   * (int64_t) g5;
  int64_t f4g6_19 = f4   * (int64_t) g6_19;
  int64_t f4g7_19 = f4   * (int64_t) g7_19;
  int64_t f4g8_19 = f4   * (int64_t) g8_19;
  int64_t f4g9_19 = f4   * (int64_t) g9_19;
  int64_t f5g0    = f5   * (int64_t) g0;
  int64_t f5g1_2  = f5_2 * (int64_t) g1;
  int64_t f5g2    = f5   * (int64_t) g2;
  int64_t f5g3_2  = f5_2 * (int64_t) g3;
  int64_t f5g4    = f5   * (int64_t) g4;
  int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
  int64_t f5g6_19 = f5   * (int64_t) g6_19;
  int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
  int64_t f5g8_19 = f5   * (int64_t) g8_19;
  int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
  int64_t f6g0    = f6   * (int64_t) g0;
  int64_t f6g1    = f6   * (int64_t) g1;
  int64_t f6g2    = f6   * (int64_t) g2;
  int64_t f6g3    = f6   * (int64_t) g3;
  int64_t f6g4_19 = f6   * (int64_t) g4_19;
  int64_t f6g5_19 = f6   * (int64_t) g5_19;
  int64_t f6g6_19 = f6   * (int64_t) g6_19;
  int64_t f6g7_19 = f6   * (int64_t) g7_19;
  int64_t f6g8_19 = f6   * (int64_t) g8_19;
  int64_t f6g9_19 = f6   * (int64_t) g9_19;
  int64_t f7g0    = f7   * (int64_t) g0;
  int64_t f7g1_2  = f7_2 * (int64_t) g1;
  int64_t f7g2    = f7   * (int64_t) g2;
  int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
  int64_t f7g4_19 = f7   * (int64_t) g4_19;
  int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
  int64_t f7g6_19 = f7   * (int64_t) g6_19;
  int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
  int64_t f7g8_19 = f7   * (int64_t) g8_19;
  int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
  int64_t f8g0    = f8   * (int64_t) g0;
  int64_t f8g1    = f8   * (int64_t) g1;
  int64_t f8g2_19 = f8   * (int64_t) g2_19;
  int64_t f8g3_19 = f8   * (int64_t) g3_19;
  int64_t f8g4_19 = f8   * (int64_t) g4_19;
  int64_t f8g5_19 = f8   * (int64_t) g5_19;
  int64_t f8g6_19 = f8   * (int64_t) g6_19;
  int64_t f8g7_19 = f8   * (int64_t) g7_19;
  int64_t f8g8_19 = f8   * (int64_t) g8_19;
  int64_t f8g9_19 = f8   * (int64_t) g9_19;
  int64_t f9g0    = f9   * (int64_t) g0;
  int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
  int64_t f9g2_19 = f9   * (int64_t) g2_19;
  int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
  int64_t f9g4_19 = f9   * (int64_t) g4_19;
  int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
  int64_t f9g6_19 = f9   * (int64_t) g6_19;
  int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
  int64_t f9g8_19 = f9   * (int64_t) g8_19;
  int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
  int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
  int64_t h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
  int64_t h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
  int64_t h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
  int64_t h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
  int64_t h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
  int64_t h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
  int64_t h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
  int64_t h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
  int64_t h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;

  /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
   *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
   * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
   *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
  /* |h0| <= 2^25 */
  /* |h4| <= 2^25 */
  /* |h1| <= 1.71*2^59 */
  /* |h5| <= 1.71*2^59 */

  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
  /* |h1| <= 2^24; from now on fits into int32 */
  /* |h5| <= 2^24; from now on fits into int32 */
  /* |h2| <= 1.41*2^60 */
  /* |h6| <= 1.41*2^60 */

  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
  /* |h2| <= 2^25; from now on fits into int32 unchanged */
  /* |h6| <= 2^25; from now on fits into int32 unchanged */
  /* |h3| <= 1.71*2^59 */
  /* |h7| <= 1.71*2^59 */

  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
  /* |h3| <= 2^24; from now on fits into int32 unchanged */
  /* |h7| <= 2^24; from now on fits into int32 unchanged */
  /* |h4| <= 1.72*2^34 */
  /* |h8| <= 1.41*2^60 */

  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
  /* |h4| <= 2^25; from now on fits into int32 unchanged */
  /* |h8| <= 2^25; from now on fits into int32 unchanged */
  /* |h5| <= 1.01*2^24 */
  /* |h9| <= 1.71*2^59 */

  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
  /* |h9| <= 2^24; from now on fits into int32 unchanged */
  /* |h0| <= 1.1*2^39 */

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
  /* |h0| <= 2^25; from now on fits into int32 unchanged */
  /* |h1| <= 1.01*2^24 */

  h[0] = h0;
  h[1] = h1;
  h[2] = h2;
  h[3] = h3;
  h[4] = h4;
  h[5] = h5;
  h[6] = h6;
  h[7] = h7;
  h[8] = h8;
  h[9] = h9;
}

/* h = f * f
 * Can overlap h with f.
 *
 * Preconditions:
 *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
 *
 * See fe_mul.c for discussion of implementation strategy. */
static void fe_sq(fe h, const fe f) {
  int32_t f0 = f[0];
  int32_t f1 = f[1];
  int32_t f2 = f[2];
  int32_t f3 = f[3];
  int32_t f4 = f[4];
  int32_t f5 = f[5];
  int32_t f6 = f[6];
  int32_t f7 = f[7];
  int32_t f8 = f[8];
  int32_t f9 = f[9];
  int32_t f0_2 = 2 * f0;
  int32_t f1_2 = 2 * f1;
  int32_t f2_2 = 2 * f2;
  int32_t f3_2 = 2 * f3;
  int32_t f4_2 = 2 * f4;
  int32_t f5_2 = 2 * f5;
  int32_t f6_2 = 2 * f6;
  int32_t f7_2 = 2 * f7;
  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
  int64_t f0f0    = f0   * (int64_t) f0;
  int64_t f0f1_2  = f0_2 * (int64_t) f1;
  int64_t f0f2_2  = f0_2 * (int64_t) f2;
  int64_t f0f3_2  = f0_2 * (int64_t) f3;
  int64_t f0f4_2  = f0_2 * (int64_t) f4;
  int64_t f0f5_2  = f0_2 * (int64_t) f5;
  int64_t f0f6_2  = f0_2 * (int64_t) f6;
  int64_t f0f7_2  = f0_2 * (int64_t) f7;
  int64_t f0f8_2  = f0_2 * (int64_t) f8;
  int64_t f0f9_2  = f0_2 * (int64_t) f9;
  int64_t f1f1_2  = f1_2 * (int64_t) f1;
  int64_t f1f2_2  = f1_2 * (int64_t) f2;
  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
  int64_t f1f4_2  = f1_2 * (int64_t) f4;
  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
  int64_t f1f6_2  = f1_2 * (int64_t) f6;
  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
  int64_t f1f8_2  = f1_2 * (int64_t) f8;
  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
  int64_t f2f2    = f2   * (int64_t) f2;
  int64_t f2f3_2  = f2_2 * (int64_t) f3;
  int64_t f2f4_2  = f2_2 * (int64_t) f4;
  int64_t f2f5_2  = f2_2 * (int64_t) f5;
  int64_t f2f6_2  = f2_2 * (int64_t) f6;
  int64_t f2f7_2  = f2_2 * (int64_t) f7;
  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
  int64_t f2f9_38 = f2   * (int64_t) f9_38;
  int64_t f3f3_2  = f3_2 * (int64_t) f3;
  int64_t f3f4_2  = f3_2 * (int64_t) f4;
  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
  int64_t f3f6_2  = f3_2 * (int64_t) f6;
  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
  int64_t f4f4    = f4   * (int64_t) f4;
  int64_t f4f5_2  = f4_2 * (int64_t) f5;
  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
  int64_t f4f7_38 = f4   * (int64_t) f7_38;
  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
  int64_t f4f9_38 = f4   * (int64_t) f9_38;
  int64_t f5f5_38 = f5   * (int64_t) f5_38;
  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
  int64_t f6f6_19 = f6   * (int64_t) f6_19;
  int64_t f6f7_38 = f6   * (int64_t) f7_38;
  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
  int64_t f6f9_38 = f6   * (int64_t) f9_38;
  int64_t f7f7_38 = f7   * (int64_t) f7_38;
  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
  int64_t f8f8_19 = f8   * (int64_t) f8_19;
  int64_t f8f9_38 = f8   * (int64_t) f9_38;
  int64_t f9f9_38 = f9   * (int64_t) f9_38;
  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;

  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;

  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;

  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;

  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;

  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;

  h[0] = h0;
  h[1] = h1;
  h[2] = h2;
  h[3] = h3;
  h[4] = h4;
  h[5] = h5;
  h[6] = h6;
  h[7] = h7;
  h[8] = h8;
  h[9] = h9;
}

static void fe_invert(fe out, const fe z) {
  fe t0;
  fe t1;
  fe t2;
  fe t3;
  int i;

  fe_sq(t0, z);
  for (i = 1; i < 1; ++i) {
    fe_sq(t0, t0);
  }
  fe_sq(t1, t0);
  for (i = 1; i < 2; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t1, z, t1);
  fe_mul(t0, t0, t1);
  fe_sq(t2, t0);
  for (i = 1; i < 1; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t1, t1, t2);
  fe_sq(t2, t1);
  for (i = 1; i < 5; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t1, t2, t1);
  fe_sq(t2, t1);
  for (i = 1; i < 10; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t2, t2, t1);
  fe_sq(t3, t2);
  for (i = 1; i < 20; ++i) {
    fe_sq(t3, t3);
  }
  fe_mul(t2, t3, t2);
  fe_sq(t2, t2);
  for (i = 1; i < 10; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t1, t2, t1);
  fe_sq(t2, t1);
  for (i = 1; i < 50; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t2, t2, t1);
  fe_sq(t3, t2);
  for (i = 1; i < 100; ++i) {
    fe_sq(t3, t3);
  }
  fe_mul(t2, t3, t2);
  fe_sq(t2, t2);
  for (i = 1; i < 50; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t1, t2, t1);
  fe_sq(t1, t1);
  for (i = 1; i < 5; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(out, t1, t0);
}

/* h = -f
 *
 * Preconditions:
 *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
static void fe_neg(fe h, const fe f) {
  unsigned i;
  for (i = 0; i < 10; i++) {
    h[i] = -f[i];
  }
}

/* Replace (f,g) with (g,g) if b == 1;
 * replace (f,g) with (f,g) if b == 0.
 *
 * Preconditions: b in {0,1}. */
static void fe_cmov(fe f, const fe g, unsigned b) {
  b = 0-b;
  unsigned i;
  for (i = 0; i < 10; i++) {
    int32_t x = f[i] ^ g[i];
    x &= b;
    f[i] ^= x;
  }
}

/* return 0 if f == 0
 * return 1 if f != 0
 *
 * Preconditions:
 *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
static int fe_isnonzero(const fe f) {
  uint8_t s[32];
  fe_tobytes(s, f);

  static const uint8_t zero[32] = {0};
  return timingsafe_memcmp(s, zero, sizeof(zero)) != 0;
}

/* return 1 if f is in {1,3,5,...,q-2}
 * return 0 if f is in {0,2,4,...,q-1}
 *
 * Preconditions:
 *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
static int fe_isnegative(const fe f) {
  uint8_t s[32];
  fe_tobytes(s, f);
  return s[0] & 1;
}

/* h = 2 * f * f
 * Can overlap h with f.
 *
 * Preconditions:
 *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
 *
 * See fe_mul.c for discussion of implementation strategy. */
static void fe_sq2(fe h, const fe f) {
  int32_t f0 = f[0];
  int32_t f1 = f[1];
  int32_t f2 = f[2];
  int32_t f3 = f[3];
  int32_t f4 = f[4];
  int32_t f5 = f[5];
  int32_t f6 = f[6];
  int32_t f7 = f[7];
  int32_t f8 = f[8];
  int32_t f9 = f[9];
  int32_t f0_2 = 2 * f0;
  int32_t f1_2 = 2 * f1;
  int32_t f2_2 = 2 * f2;
  int32_t f3_2 = 2 * f3;
  int32_t f4_2 = 2 * f4;
  int32_t f5_2 = 2 * f5;
  int32_t f6_2 = 2 * f6;
  int32_t f7_2 = 2 * f7;
  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
  int64_t f0f0    = f0   * (int64_t) f0;
  int64_t f0f1_2  = f0_2 * (int64_t) f1;
  int64_t f0f2_2  = f0_2 * (int64_t) f2;
  int64_t f0f3_2  = f0_2 * (int64_t) f3;
  int64_t f0f4_2  = f0_2 * (int64_t) f4;
  int64_t f0f5_2  = f0_2 * (int64_t) f5;
  int64_t f0f6_2  = f0_2 * (int64_t) f6;
  int64_t f0f7_2  = f0_2 * (int64_t) f7;
  int64_t f0f8_2  = f0_2 * (int64_t) f8;
  int64_t f0f9_2  = f0_2 * (int64_t) f9;
  int64_t f1f1_2  = f1_2 * (int64_t) f1;
  int64_t f1f2_2  = f1_2 * (int64_t) f2;
  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
  int64_t f1f4_2  = f1_2 * (int64_t) f4;
  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
  int64_t f1f6_2  = f1_2 * (int64_t) f6;
  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
  int64_t f1f8_2  = f1_2 * (int64_t) f8;
  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
  int64_t f2f2    = f2   * (int64_t) f2;
  int64_t f2f3_2  = f2_2 * (int64_t) f3;
  int64_t f2f4_2  = f2_2 * (int64_t) f4;
  int64_t f2f5_2  = f2_2 * (int64_t) f5;
  int64_t f2f6_2  = f2_2 * (int64_t) f6;
  int64_t f2f7_2  = f2_2 * (int64_t) f7;
  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
  int64_t f2f9_38 = f2   * (int64_t) f9_38;
  int64_t f3f3_2  = f3_2 * (int64_t) f3;
  int64_t f3f4_2  = f3_2 * (int64_t) f4;
  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
  int64_t f3f6_2  = f3_2 * (int64_t) f6;
  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
  int64_t f4f4    = f4   * (int64_t) f4;
  int64_t f4f5_2  = f4_2 * (int64_t) f5;
  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
  int64_t f4f7_38 = f4   * (int64_t) f7_38;
  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
  int64_t f4f9_38 = f4   * (int64_t) f9_38;
  int64_t f5f5_38 = f5   * (int64_t) f5_38;
  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
  int64_t f6f6_19 = f6   * (int64_t) f6_19;
  int64_t f6f7_38 = f6   * (int64_t) f7_38;
  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
  int64_t f6f9_38 = f6   * (int64_t) f9_38;
  int64_t f7f7_38 = f7   * (int64_t) f7_38;
  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
  int64_t f8f8_19 = f8   * (int64_t) f8_19;
  int64_t f8f9_38 = f8   * (int64_t) f9_38;
  int64_t f9f9_38 = f9   * (int64_t) f9_38;
  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;

  h0 += h0;
  h1 += h1;
  h2 += h2;
  h3 += h3;
  h4 += h4;
  h5 += h5;
  h6 += h6;
  h7 += h7;
  h8 += h8;
  h9 += h9;

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;

  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;

  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;

  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;

  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;

  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;

  h[0] = h0;
  h[1] = h1;
  h[2] = h2;
  h[3] = h3;
  h[4] = h4;
  h[5] = h5;
  h[6] = h6;
  h[7] = h7;
  h[8] = h8;
  h[9] = h9;
}

static void fe_pow22523(fe out, const fe z) {
  fe t0;
  fe t1;
  fe t2;
  int i;

  fe_sq(t0, z);
  for (i = 1; i < 1; ++i) {
    fe_sq(t0, t0);
  }
  fe_sq(t1, t0);
  for (i = 1; i < 2; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t1, z, t1);
  fe_mul(t0, t0, t1);
  fe_sq(t0, t0);
  for (i = 1; i < 1; ++i) {
    fe_sq(t0, t0);
  }
  fe_mul(t0, t1, t0);
  fe_sq(t1, t0);
  for (i = 1; i < 5; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t0, t1, t0);
  fe_sq(t1, t0);
  for (i = 1; i < 10; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t1, t1, t0);
  fe_sq(t2, t1);
  for (i = 1; i < 20; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t1, t2, t1);
  fe_sq(t1, t1);
  for (i = 1; i < 10; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t0, t1, t0);
  fe_sq(t1, t0);
  for (i = 1; i < 50; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t1, t1, t0);
  fe_sq(t2, t1);
  for (i = 1; i < 100; ++i) {
    fe_sq(t2, t2);
  }
  fe_mul(t1, t2, t1);
  fe_sq(t1, t1);
  for (i = 1; i < 50; ++i) {
    fe_sq(t1, t1);
  }
  fe_mul(t0, t1, t0);
  fe_sq(t0, t0);
  for (i = 1; i < 2; ++i) {
    fe_sq(t0, t0);
  }
  fe_mul(out, t0, z);
}

void x25519_ge_tobytes(uint8_t *s, const ge_p2 *h) {
  fe recip;
  fe x;
  fe y;

  fe_invert(recip, h->Z);
  fe_mul(x, h->X, recip);
  fe_mul(y, h->Y, recip);
  fe_tobytes(s, y);
  s[31] ^= fe_isnegative(x) << 7;
}

#ifdef ED25519
static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) {
  fe recip;
  fe x;
  fe y;

  fe_invert(recip, h->Z);
  fe_mul(x, h->X, recip);
  fe_mul(y, h->Y, recip);
  fe_tobytes(s, y);
  s[31] ^= fe_isnegative(x) << 7;
}
#endif

static const fe d = {-10913610, 13857413, -15372611, 6949391,   114729,
                     -8787816,  -6275908, -3247719,  -18696448, -12055116};

static const fe sqrtm1 = {-32595792, -7943725,  9377950,  3500415, 12389472,
                          -272473,   -25146209, -2005654, 326686,  11406482};

int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) {
  fe u;
  fe v;
  fe v3;
  fe vxx;
  fe check;

  fe_frombytes(h->Y, s);
  fe_1(h->Z);
  fe_sq(u, h->Y);
  fe_mul(v, u, d);
  fe_sub(u, u, h->Z); /* u = y^2-1 */
  fe_add(v, v, h->Z); /* v = dy^2+1 */

  fe_sq(v3, v);
  fe_mul(v3, v3, v); /* v3 = v^3 */
  fe_sq(h->X, v3);
  fe_mul(h->X, h->X, v);
  fe_mul(h->X, h->X, u); /* x = uv^7 */

  fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
  fe_mul(h->X, h->X, v3);
  fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */

  fe_sq(vxx, h->X);
  fe_mul(vxx, vxx, v);
  fe_sub(check, vxx, u); /* vx^2-u */
  if (fe_isnonzero(check)) {
    fe_add(check, vxx, u); /* vx^2+u */
    if (fe_isnonzero(check)) {
      return -1;
    }
    fe_mul(h->X, h->X, sqrtm1);
  }

  if (fe_isnegative(h->X) != (s[31] >> 7)) {
    fe_neg(h->X, h->X);
  }

  fe_mul(h->T, h->X, h->Y);
  return 0;
}

static void ge_p2_0(ge_p2 *h) {
  fe_0(h->X);
  fe_1(h->Y);
  fe_1(h->Z);
}

static void ge_p3_0(ge_p3 *h) {
  fe_0(h->X);
  fe_1(h->Y);
  fe_1(h->Z);
  fe_0(h->T);
}

static void ge_cached_0(ge_cached *h) {
  fe_1(h->YplusX);
  fe_1(h->YminusX);
  fe_1(h->Z);
  fe_0(h->T2d);
}

static void ge_precomp_0(ge_precomp *h) {
  fe_1(h->yplusx);
  fe_1(h->yminusx);
  fe_0(h->xy2d);
}

/* r = p */
static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
  fe_copy(r->X, p->X);
  fe_copy(r->Y, p->Y);
  fe_copy(r->Z, p->Z);
}

static const fe d2 = {-21827239, -5839606,  -30745221, 13898782, 229458,
                      15978800,  -12551817, -6495438,  29715968, 9444199};

/* r = p */
void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
  fe_add(r->YplusX, p->Y, p->X);
  fe_sub(r->YminusX, p->Y, p->X);
  fe_copy(r->Z, p->Z);
  fe_mul(r->T2d, p->T, d2);
}

/* r = p */
void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
  fe_mul(r->X, p->X, p->T);
  fe_mul(r->Y, p->Y, p->Z);
  fe_mul(r->Z, p->Z, p->T);
}

/* r = p */
void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
  fe_mul(r->X, p->X, p->T);
  fe_mul(r->Y, p->Y, p->Z);
  fe_mul(r->Z, p->Z, p->T);
  fe_mul(r->T, p->X, p->Y);
}

/* r = p */
static void ge_p1p1_to_cached(ge_cached *r, const ge_p1p1 *p) {
  ge_p3 t;
  x25519_ge_p1p1_to_p3(&t, p);
  x25519_ge_p3_to_cached(r, &t);
}

/* r = 2 * p */
static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
  fe t0;

  fe_sq(r->X, p->X);
  fe_sq(r->Z, p->Y);
  fe_sq2(r->T, p->Z);
  fe_add(r->Y, p->X, p->Y);
  fe_sq(t0, r->Y);
  fe_add(r->Y, r->Z, r->X);
  fe_sub(r->Z, r->Z, r->X);
  fe_sub(r->X, t0, r->Y);
  fe_sub(r->T, r->T, r->Z);
}

/* r = 2 * p */
static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
  ge_p2 q;
  ge_p3_to_p2(&q, p);
  ge_p2_dbl(r, &q);
}

/* r = p + q */
static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
  fe t0;

  fe_add(r->X, p->Y, p->X);
  fe_sub(r->Y, p->Y, p->X);
  fe_mul(r->Z, r->X, q->yplusx);
  fe_mul(r->Y, r->Y, q->yminusx);
  fe_mul(r->T, q->xy2d, p->T);
  fe_add(t0, p->Z, p->Z);
  fe_sub(r->X, r->Z, r->Y);
  fe_add(r->Y, r->Z, r->Y);
  fe_add(r->Z, t0, r->T);
  fe_sub(r->T, t0, r->T);
}

#ifdef ED25519
/* r = p - q */
static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
  fe t0;

  fe_add(r->X, p->Y, p->X);
  fe_sub(r->Y, p->Y, p->X);
  fe_mul(r->Z, r->X, q->yminusx);
  fe_mul(r->Y, r->Y, q->yplusx);
  fe_mul(r->T, q->xy2d, p->T);
  fe_add(t0, p->Z, p->Z);
  fe_sub(r->X, r->Z, r->Y);
  fe_add(r->Y, r->Z, r->Y);
  fe_sub(r->Z, t0, r->T);
  fe_add(r->T, t0, r->T);
}
#endif

/* r = p + q */
void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
  fe t0;

  fe_add(r->X, p->Y, p->X);
  fe_sub(r->Y, p->Y, p->X);
  fe_mul(r->Z, r->X, q->YplusX);
  fe_mul(r->Y, r->Y, q->YminusX);
  fe_mul(r->T, q->T2d, p->T);
  fe_mul(r->X, p->Z, q->Z);
  fe_add(t0, r->X, r->X);
  fe_sub(r->X, r->Z, r->Y);
  fe_add(r->Y, r->Z, r->Y);
  fe_add(r->Z, t0, r->T);
  fe_sub(r->T, t0, r->T);
}

/* r = p - q */
void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
  fe t0;

  fe_add(r->X, p->Y, p->X);
  fe_sub(r->Y, p->Y, p->X);
  fe_mul(r->Z, r->X, q->YminusX);
  fe_mul(r->Y, r->Y, q->YplusX);
  fe_mul(r->T, q->T2d, p->T);
  fe_mul(r->X, p->Z, q->Z);
  fe_add(t0, r->X, r->X);
  fe_sub(r->X, r->Z, r->Y);
  fe_add(r->Y, r->Z, r->Y);
  fe_sub(r->Z, t0, r->T);
  fe_add(r->T, t0, r->T);
}

static uint8_t equal(signed char b, signed char c) {
  uint8_t ub = b;
  uint8_t uc = c;
  uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
  uint32_t y = x;      /* 0: yes; 1..255: no */
  y -= 1;              /* 4294967295: yes; 0..254: no */
  y >>= 31;            /* 1: yes; 0: no */
  return y;
}

static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
  fe_cmov(t->yplusx, u->yplusx, b);
  fe_cmov(t->yminusx, u->yminusx, b);
  fe_cmov(t->xy2d, u->xy2d, b);
}

void x25519_ge_scalarmult_small_precomp(
    ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]) {
  /* precomp_table is first expanded into matching |ge_precomp|
   * elements. */
  ge_precomp multiples[15];

  unsigned i;
  for (i = 0; i < 15; i++) {
    const uint8_t *bytes = &precomp_table[i*(2 * 32)];
    fe x, y;
    fe_frombytes(x, bytes);
    fe_frombytes(y, bytes + 32);

    ge_precomp *out = &multiples[i];
    fe_add(out->yplusx, y, x);
    fe_sub(out->yminusx, y, x);
    fe_mul(out->xy2d, x, y);
    fe_mul(out->xy2d, out->xy2d, d2);
  }

  /* See the comment above |k25519SmallPrecomp| about the structure of the
   * precomputed elements. This loop does 64 additions and 64 doublings to
   * calculate the result. */
  ge_p3_0(h);

  for (i = 63; i < 64; i--) {
    unsigned j;
    signed char index = 0;

    for (j = 0; j < 4; j++) {
      const uint8_t bit = 1 & (a[(8 * j) + (i / 8)] >> (i & 7));
      index |= (bit << j);
    }

    ge_precomp e;
    ge_precomp_0(&e);

    for (j = 1; j < 16; j++) {
      cmov(&e, &multiples[j-1], equal(index, j));
    }

    ge_cached cached;
    ge_p1p1 r;
    x25519_ge_p3_to_cached(&cached, h);
    x25519_ge_add(&r, h, &cached);
    x25519_ge_p1p1_to_p3(h, &r);

    ge_madd(&r, h, &e);
    x25519_ge_p1p1_to_p3(h, &r);
  }
}

#if defined(OPENSSL_SMALL)

/* This block of code replaces the standard base-point table with a much smaller
 * one. The standard table is 30,720 bytes while this one is just 960.
 *
 * This table contains 15 pairs of group elements, (x, y), where each field
 * element is serialised with |fe_tobytes|. If |i| is the index of the group
 * element then consider i+1 as a four-bit number: (iâ‚€, iâ‚, iâ‚‚, i₃) (where iâ‚€
 * is the most significant bit). The value of the group element is then:
 * (i₀×2^192 + iâ‚×2^128 + i₂×2^64 + i₃)G, where G is the generator. */
static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = {
    0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95,
    0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
    0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21, 0x58, 0x66, 0x66, 0x66,
    0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
    0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
    0x66, 0x66, 0x66, 0x66, 0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e,
    0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4,
    0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62,
    0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba,
    0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd,
    0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03, 0xa2, 0xfb, 0xcc, 0x61,
    0x67, 0x06, 0x70, 0x1a, 0xc4, 0x78, 0x3a, 0xff, 0x32, 0x62, 0xdd, 0x2c,
    0xab, 0x50, 0x19, 0x3b, 0xf2, 0x9b, 0x7d, 0xb8, 0xfd, 0x4f, 0x29, 0x9c,
    0xa7, 0x91, 0xba, 0x0e, 0x46, 0x5e, 0x51, 0xfe, 0x1d, 0xbf, 0xe5, 0xe5,
    0x9b, 0x95, 0x0d, 0x67, 0xf8, 0xd1, 0xb5, 0x5a, 0xa1, 0x93, 0x2c, 0xc3,
    0xde, 0x0e, 0x97, 0x85, 0x2d, 0x7f, 0xea, 0xab, 0x3e, 0x47, 0x30, 0x18,
    0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2,
    0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95,
    0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c, 0x6b, 0xa6, 0xf5, 0x4b,
    0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90,
    0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52,
    0xe6, 0x99, 0x2c, 0x5f, 0x9a, 0x96, 0x0c, 0x68, 0x29, 0xfd, 0xe2, 0xfb,
    0xe6, 0xbc, 0xec, 0x31, 0x08, 0xec, 0xe6, 0xb0, 0x53, 0x60, 0xc3, 0x8c,
    0xbe, 0xc1, 0xb3, 0x8a, 0x8f, 0xe4, 0x88, 0x2b, 0x55, 0xe5, 0x64, 0x6e,
    0x9b, 0xd0, 0xaf, 0x7b, 0x64, 0x2a, 0x35, 0x25, 0x10, 0x52, 0xc5, 0x9e,
    0x58, 0x11, 0x39, 0x36, 0x45, 0x51, 0xb8, 0x39, 0x93, 0xfc, 0x9d, 0x6a,
    0xbe, 0x58, 0xcb, 0xa4, 0x0f, 0x51, 0x3c, 0x38, 0x05, 0xca, 0xab, 0x43,
    0x63, 0x0e, 0xf3, 0x8b, 0x41, 0xa6, 0xf8, 0x9b, 0x53, 0x70, 0x80, 0x53,
    0x86, 0x5e, 0x8f, 0xe3, 0xc3, 0x0d, 0x18, 0xc8, 0x4b, 0x34, 0x1f, 0xd8,
    0x1d, 0xbc, 0xf2, 0x6d, 0x34, 0x3a, 0xbe, 0xdf, 0xd9, 0xf6, 0xf3, 0x89,
    0xa1, 0xe1, 0x94, 0x9f, 0x5d, 0x4c, 0x5d, 0xe9, 0xa1, 0x49, 0x92, 0xef,
    0x0e, 0x53, 0x81, 0x89, 0x58, 0x87, 0xa6, 0x37, 0xf1, 0xdd, 0x62, 0x60,
    0x63, 0x5a, 0x9d, 0x1b, 0x8c, 0xc6, 0x7d, 0x52, 0xea, 0x70, 0x09, 0x6a,
    0xe1, 0x32, 0xf3, 0x73, 0x21, 0x1f, 0x07, 0x7b, 0x7c, 0x9b, 0x49, 0xd8,
    0xc0, 0xf3, 0x25, 0x72, 0x6f, 0x9d, 0xed, 0x31, 0x67, 0x36, 0x36, 0x54,
    0x40, 0x92, 0x71, 0xe6, 0x11, 0x28, 0x11, 0xad, 0x93, 0x32, 0x85, 0x7b,
    0x3e, 0xb7, 0x3b, 0x49, 0x13, 0x1c, 0x07, 0xb0, 0x2e, 0x93, 0xaa, 0xfd,
    0xfd, 0x28, 0x47, 0x3d, 0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb,
    0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c,
    0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b,
    0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63,
    0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a,
    0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61, 0x38, 0x68, 0xb0, 0x07,
    0xa3, 0xfc, 0xcc, 0x85, 0x10, 0x7f, 0x4c, 0x65, 0x65, 0xb3, 0xfa, 0xfa,
    0xa5, 0x53, 0x6f, 0xdb, 0x74, 0x4c, 0x56, 0x46, 0x03, 0xe2, 0xd5, 0x7a,
    0x29, 0x1c, 0xc6, 0x02, 0xbc, 0x59, 0xf2, 0x04, 0x75, 0x63, 0xc0, 0x84,
    0x2f, 0x60, 0x1c, 0x67, 0x76, 0xfd, 0x63, 0x86, 0xf3, 0xfa, 0xbf, 0xdc,
    0xd2, 0x2d, 0x90, 0x91, 0xbd, 0x33, 0xa9, 0xe5, 0x66, 0x0c, 0xda, 0x42,
    0x27, 0xca, 0xf4, 0x66, 0xc2, 0xec, 0x92, 0x14, 0x57, 0x06, 0x63, 0xd0,
    0x4d, 0x15, 0x06, 0xeb, 0x69, 0x58, 0x4f, 0x77, 0xc5, 0x8b, 0xc7, 0xf0,
    0x8e, 0xed, 0x64, 0xa0, 0xb3, 0x3c, 0x66, 0x71, 0xc6, 0x2d, 0xda, 0x0a,
    0x0d, 0xfe, 0x70, 0x27, 0x64, 0xf8, 0x27, 0xfa, 0xf6, 0x5f, 0x30, 0xa5,
    0x0d, 0x6c, 0xda, 0xf2, 0x62, 0x5e, 0x78, 0x47, 0xd3, 0x66, 0x00, 0x1c,
    0xfd, 0x56, 0x1f, 0x5d, 0x3f, 0x6f, 0xf4, 0x4c, 0xd8, 0xfd, 0x0e, 0x27,
    0xc9, 0x5c, 0x2b, 0xbc, 0xc0, 0xa4, 0xe7, 0x23, 0x29, 0x02, 0x9f, 0x31,
    0xd6, 0xe9, 0xd7, 0x96, 0xf4, 0xe0, 0x5e, 0x0b, 0x0e, 0x13, 0xee, 0x3c,
    0x09, 0xed, 0xf2, 0x3d, 0x76, 0x91, 0xc3, 0xa4, 0x97, 0xae, 0xd4, 0x87,
    0xd0, 0x5d, 0xf6, 0x18, 0x47, 0x1f, 0x1d, 0x67, 0xf2, 0xcf, 0x63, 0xa0,
    0x91, 0x27, 0xf8, 0x93, 0x45, 0x75, 0x23, 0x3f, 0xd1, 0xf1, 0xad, 0x23,
    0xdd, 0x64, 0x93, 0x96, 0x41, 0x70, 0x7f, 0xf7, 0xf5, 0xa9, 0x89, 0xa2,
    0x34, 0xb0, 0x8d, 0x1b, 0xae, 0x19, 0x15, 0x49, 0x58, 0x23, 0x6d, 0x87,
    0x15, 0x4f, 0x81, 0x76, 0xfb, 0x23, 0xb5, 0xea, 0xcf, 0xac, 0x54, 0x8d,
    0x4e, 0x42, 0x2f, 0xeb, 0x0f, 0x63, 0xdb, 0x68, 0x37, 0xa8, 0xcf, 0x8b,
    0xab, 0xf5, 0xa4, 0x6e, 0x96, 0x2a, 0xb2, 0xd6, 0xbe, 0x9e, 0xbd, 0x0d,
    0xb4, 0x42, 0xa9, 0xcf, 0x01, 0x83, 0x8a, 0x17, 0x47, 0x76, 0xc4, 0xc6,
    0x83, 0x04, 0x95, 0x0b, 0xfc, 0x11, 0xc9, 0x62, 0xb8, 0x0c, 0x76, 0x84,
    0xd9, 0xb9, 0x37, 0xfa, 0xfc, 0x7c, 0xc2, 0x6d, 0x58, 0x3e, 0xb3, 0x04,
    0xbb, 0x8c, 0x8f, 0x48, 0xbc, 0x91, 0x27, 0xcc, 0xf9, 0xb7, 0x22, 0x19,
    0x83, 0x2e, 0x09, 0xb5, 0x72, 0xd9, 0x54, 0x1c, 0x4d, 0xa1, 0xea, 0x0b,
    0xf1, 0xc6, 0x08, 0x72, 0x46, 0x87, 0x7a, 0x6e, 0x80, 0x56, 0x0a, 0x8a,
    0xc0, 0xdd, 0x11, 0x6b, 0xd6, 0xdd, 0x47, 0xdf, 0x10, 0xd9, 0xd8, 0xea,
    0x7c, 0xb0, 0x8f, 0x03, 0x00, 0x2e, 0xc1, 0x8f, 0x44, 0xa8, 0xd3, 0x30,
    0x06, 0x89, 0xa2, 0xf9, 0x34, 0xad, 0xdc, 0x03, 0x85, 0xed, 0x51, 0xa7,
    0x82, 0x9c, 0xe7, 0x5d, 0x52, 0x93, 0x0c, 0x32, 0x9a, 0x5b, 0xe1, 0xaa,
    0xca, 0xb8, 0x02, 0x6d, 0x3a, 0xd4, 0xb1, 0x3a, 0xf0, 0x5f, 0xbe, 0xb5,
    0x0d, 0x10, 0x6b, 0x38, 0x32, 0xac, 0x76, 0x80, 0xbd, 0xca, 0x94, 0x71,
    0x7a, 0xf2, 0xc9, 0x35, 0x2a, 0xde, 0x9f, 0x42, 0x49, 0x18, 0x01, 0xab,
    0xbc, 0xef, 0x7c, 0x64, 0x3f, 0x58, 0x3d, 0x92, 0x59, 0xdb, 0x13, 0xdb,
    0x58, 0x6e, 0x0a, 0xe0, 0xb7, 0x91, 0x4a, 0x08, 0x20, 0xd6, 0x2e, 0x3c,
    0x45, 0xc9, 0x8b, 0x17, 0x79, 0xe7, 0xc7, 0x90, 0x99, 0x3a, 0x18, 0x25,
};

void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
  x25519_ge_scalarmult_small_precomp(h, a, k25519SmallPrecomp);
}

#else

/* k25519Precomp[i][j] = (j+1)*256^i*B */
static const ge_precomp k25519Precomp[32][8] = {
    {
        {
            {25967493, -14356035, 29566456, 3660896, -12694345, 4014787,
             27544626, -11754271, -6079156, 2047605},
            {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
             5043384, 19500929, -15469378},
            {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380,
             29287919, 11864899, -24514362, -4438546},
        },
        {
            {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717,
             -11717903, -3814571, -358445, -10211303},
            {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005,
             -15616551, 11189268, -26829678, -5319081},
            {26966642, 11152617, 32442495, 15396054, 14353839, -12752335,
             -3128826, -9541118, -15472047, -4166697},
        },
        {
            {15636291, -9688557, 24204773, -7912398, 616977, -16685262,
             27787600, -14772189, 28944400, -1550024},
            {16568933, 4717097, -11556148, -1102322, 15682896, -11807043,
             16354577, -11775962, 7689662, 11199574},
            {30464156, -5976125, -11779434, -15670865, 23220365, 15915852,
             7512774, 10017326, -17749093, -9920357},
        },
        {
            {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379,
             -28926210, 15006023, 3284568, -6276540},
            {23599295, -8306047, -11193664, -7687416, 13236774, 10506355,
             7464579, 9656445, 13059162, 10374397},
            {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664,
             -3839045, -641708, -101325},
        },
        {
            {10861363, 11473154, 27284546, 1981175, -30064349, 12577861,
             32867885, 14515107, -15438304, 10819380},
            {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
             12483688, -12668491, 5581306},
            {19563160, 16186464, -29386857, 4097519, 10237984, -4348115,
             28542350, 13850243, -23678021, -15815942},
        },
        {
            {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511,
             -19188627, -15224819, -9818940, -12085777},
            {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240,
             -15689887, 1762328, 14866737},
            {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101,
             -28236412, 3959421, 27914454, 4383652},
        },
        {
            {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
             5230134, -23952439, -15175766},
            {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722,
             20654025, 16520125, 30598449, 7715701},
            {28881845, 14381568, 9657904, 3680757, -20181635, 7843316,
             -31400660, 1370708, 29794553, -1409300},
        },
        {
            {14499471, -2729599, -33191113, -4254652, 28494862, 14271267,
             30290735, 10876454, -33154098, 2381726},
            {-7195431, -2655363, -14730155, 462251, -27724326, 3941372,
             -6236617, 3696005, -32300832, 15351955},
            {27431194, 8222322, 16448760, -3907995, -18707002, 11938355,
             -32961401, -2970515, 29551813, 10109425},
        },
    },
    {
        {
            {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384,
             -2378284, -1627556, 10092783, -4764171},
            {27939166, 14210322, 4677035, 16277044, -22964462, -12398139,
             -32508754, 12005538, -17810127, 12803510},
            {17228999, -15661624, -1233527, 300140, -1224870, -11714777,
             30364213, -9038194, 18016357, 4397660},
        },
        {
            {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212,
             -26619106, 14544525, -17477504, 982639},
            {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899,
             -4120128, -21047696, 9934963},
            {5793303, 16271923, -24131614, -10116404, 29188560, 1206517,
             -14747930, 4559895, -30123922, -10897950},
        },
        {
            {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264,
             24191034, 4541697, -13338309, 5500568},
            {12650548, -1497113, 9052871, 11355358, -17680037, -8400164,
             -17430592, 12264343, 10874051, 13524335},
            {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038,
             5080568, -22528059, 5376628},
        },
        {
            {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897,
             -22321305, -9447443, 4535768, 1569007},
            {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819,
             -30494562, 3044290, 31848280, 12543772},
            {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203,
             -27377195, -2062731, 7718482, 14474653},
        },
        {
            {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965,
             -7236665, 24316168, -5253567},
            {13741529, 10911568, -33233417, -8603737, -20177830, -1033297,
             33040651, -13424532, -20729456, 8321686},
            {21060490, -2212744, 15712757, -4336099, 1639040, 10656336,
             23845965, -11874838, -9984458, 608372},
        },
        {
            {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547,
             1123968, -6780577, 27229399, 23887},
            {-23244140, -294205, -11744728, 14712571, -29465699, -2029617,
             12797024, -6440308, -1633405, 16678954},
            {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805,
             -1508144, -4795045, -17169265, 4904953},
        },
        {
            {24059557, 14617003, 19037157, -15039908, 19766093, -14906429,
             5169211, 16191880, 2128236, -4326833},
            {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247,
             -29806336, 916033, -6882542, -2986532},
            {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175,
             285431, 2763829, 15736322, 4143876},
        },
        {
            {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801,
             -14594663, 23527084, -16458268},
            {33431127, -11130478, -17838966, -15626900, 8909499, 8376530,
             -32625340, 4087881, -15188911, -14416214},
            {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055,
             4357868, -4774191, -16323038},
        },
    },
    {
        {
            {6721966, 13833823, -23523388, -1551314, 26354293, -11863321,
             23365147, -3949732, 7390890, 2759800},
            {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353,
             -4264057, 1244380, -12919645},
            {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413,
             9208236, 15886429, 16489664},
        },
        {
            {1996075, 10375649, 14346367, 13311202, -6874135, -16438411,
             -13693198, 398369, -30606455, -712933},
            {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363,
             13348553, 12076947, -30836462, 5113182},
            {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344,
             -30341101, -7336386, 13847711, 5387222},
        },
        {
            {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611,
             8763061, 3617786, -19600662, 10370991},
            {20246567, -14369378, 22358229, -543712, 18507283, -10413996,
             14554437, -8746092, 32232924, 16763880},
            {9648505, 10094563, 26416693, 14745928, -30374318, -6472621,
             11094161, 15689506, 3140038, -16510092},
        },
        {
            {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685,
             -27224800, 9448613, -28774454, 366295},
            {19153450, 11523972, -11096490, -6503142, -24647631, 5420647,
             28344573, 8041113, 719605, 11671788},
            {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916,
             -15266516, 27000813, -10195553},
        },
        {
            {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065,
             5336097, 6750977, -14521026},
            {11836410, -3979488, 26297894, 16080799, 23455045, 15735944,
             1695823, -8819122, 8169720, 16220347},
            {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763,
             -11144307, -2627664, -5990708, -14166033},
        },
        {
            {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004,
             27884329, 2847284, 2655861, 1738395},
            {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821,
             21651608, -3239336, -19087449, -11005278},
            {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092,
             5821408, 10478196, 8544890},
        },
        {
            {32173121, -16129311, 24896207, 3921497, 22579056, -3410854,
             19270449, 12217473, 17789017, -3395995},
            {-30552961, -2228401, -15578829, -10147201, 13243889, 517024,
             15479401, -3853233, 30460520, 1052596},
            {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687,
             27491595, -4612359, 3179268, -9478891},
        },
        {
            {31947069, -14366651, -4640583, -15339921, -15125977, -6039709,
             -14756777, -16411740, 19072640, -9511060},
            {11685058, 11822410, 3158003, -13952594, 33402194, -4165066,
             5977896, -5215017, 473099, 5040608},
            {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760,
             28326862, 1721092, -19558642, -3131606},
        },
    },
    {
        {
            {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786,
             8076149, -27868496, 11538389},
            {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211,
             8754525, 7446702, -5676054, 5797016},
            {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199,
             2014099, -9050574, -2369172, -5877341},
        },
        {
            {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559,
             1192730, -3714199, 15123619, 10811505},
            {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363,
             15776356, -28886779, -11974553},
            {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569,
             -20654173, -16484855, 4714547, -9600655},
        },
        {
            {15200332, 8368572, 19679101, 15970074, -31872674, 1959451,
             24611599, -4543832, -11745876, 12340220},
            {12876937, -10480056, 33134381, 6590940, -6307776, 14872440,
             9613953, 8241152, 15370987, 9608631},
            {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868,
             15866074, -28210621, -8814099},
        },
        {
            {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233,
             858697, 20571223, 8420556},
            {14620715, 13067227, -15447274, 8264467, 14106269, 15080814,
             33531827, 12516406, -21574435, -12476749},
            {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519,
             7256740, 8791136, 15069930},
        },
        {
            {1276410, -9371918, 22949635, -16322807, -23493039, -5702186,
             14711875, 4874229, -30663140, -2331391},
            {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175,
             -7912378, -33069337, 9234253},
            {20590503, -9018988, 31529744, -7352666, -2706834, 10650548,
             31559055, -11609587, 18979186, 13396066},
        },
        {
            {24474287, 4968103, 22267082, 4407354, 24063882, -8325180,
             -18816887, 13594782, 33514650, 7021958},
            {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421,
             -25948728, -3916677, -21480480, 12868082},
            {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208,
             -21446107, 2244500, -12455797, -8089383},
        },
        {
            {-30595528, 13793479, -5852820, 319136, -25723172, -6263899,
             33086546, 8957937, -15233648, 5540521},
            {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908,
             -23710744, -1568984, -16128528, -14962807},
            {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819,
             892185, -11513277, -15205948},
        },
        {
            {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819,
             4763127, -19179614, 5867134},
            {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500,
             27846559, 5931263, -29749703, -16108455},
            {27461885, -2977536, 22380810, 1815854, -23033753, -3031938,
             7283490, -15148073, -19526700, 7734629},
        },
    },
    {
        {
            {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885,
             7585295, -3176626, 18549497, 15302069},
            {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381,
             10458790, -6418461, -8872242, 8424746},
            {24687205, 8613276, -30667046, -3233545, 1863892, -1830544,
             19206234, 7134917, -11284482, -828919},
        },
        {
            {11334899, -9218022, 8025293, 12707519, 17523892, -10476071,
             10243738, -14685461, -5066034, 16498837},
            {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925,
             -14124238, 6536641, 10543906},
            {-28946384, 15479763, -17466835, 568876, -1497683, 11223454,
             -2669190, -16625574, -27235709, 8876771},
        },
        {
            {-25742899, -12566864, -15649966, -846607, -33026686, -796288,
             -33481822, 15824474, -604426, -9039817},
            {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697,
             -4890037, 1657394, 3084098},
            {10477963, -7470260, 12119566, -13250805, 29016247, -5365589,
             31280319, 14396151, -30233575, 15272409},
        },
        {
            {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466,
             -25173957, -12636138, -25014757, 1950504},
            {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630,
             -8384306, -8767532, 15341279, 8373727},
            {28685821, 7759505, -14378516, -12002860, -31971820, 4079242,
             298136, -10232602, -2878207, 15190420},
        },
        {
            {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928,
             8669718, 2742393, -26033313, -6875003},
            {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854,
             9291594, -16247779, -12154742, 6048605},
            {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163,
             13934231, 5128323, 11213262, 9168384},
        },
        {
            {-26280513, 11007847, 19408960, -940758, -18592965, -4328580,
             -5088060, -11105150, 20470157, -16398701},
            {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560,
             -22783952, 14461608, 14042978, 5230683},
            {29969567, -2741594, -16711867, -8552442, 9175486, -2468974,
             21556951, 3506042, -5933891, -12449708},
        },
        {
            {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683,
             -21284170, 8971513, -28539189, 15326563},
            {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669,
             -15523050, 15300988, -20514118, 9168260},
            {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939,
             -28948358, 9601605, 33087103, -9011387},
        },
        {
            {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461,
             -27444329, -15000531, -5996870, 15664672},
            {23294591, -16632613, -22650781, -8470978, 27844204, 11461195,
             13099750, -2460356, 18151676, 13417686},
            {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065,
             1661597, -12551441, 15271676, -15452665},
        },
    },
    {
        {
            {11433042, -13228665, 8239631, -5279517, -1985436, -725718,
             -18698764, 2167544, -6921301, -13440182},
            {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379,
             -9917708, -8638997, 12215110, 12028277},
            {14098400, 6555944, 23007258, 5757252, -15427832, -12950502,
             30123440, 4617780, -16900089, -655628},
        },
        {
            {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385,
             -15819999, 10154009, 23973261, -12684474},
            {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355,
             18341390, -11419951, 32013174, -10103539},
            {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104,
             21911214, 6354752, 4425632, -837822},
        },
        {
            {-10433389, -14612966, 22229858, -3091047, -13191166, 776729,
             -17415375, -12020462, 4725005, 14044970},
            {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390,
             -1411784, -19522291, -16109756},
            {-24864089, 12986008, -10898878, -5558584, -11312371, -148526,
             19541418, 8180106, 9282262, 10282508},
        },
        {
            {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257,
             15522535, 8372215, 5542595, -10702683},
            {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360,
             -2781891, 6993761, -18093885, 10114655},
            {-20107055, -929418, 31422704, 10427861, -7110749, 6150669,
             -29091755, -11529146, 25953725, -106158},
        },
        {
            {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294,
             19390020, 6094296, -3315279, 12831125},
            {-15998678, 7578152, 5310217, 14408357, -33548620, -224739,
             31575954, 6326196, 7381791, -2421839},
            {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640,
             6295303, 8082724, -15362489, 12339664},
        },
        {
            {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414,
             15768922, 25091167, 14856294},
            {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300,
             -12695493, -22182473, -9012899},
            {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039,
             -27260765, 13866390, 30146206, 9142070},
        },
        {
            {3924129, -15307516, -13817122, -10054960, 12291820, -668366,
             -27702774, 9326384, -8237858, 4171294},
            {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944,
             26396185, 3731949, 345228, -5462949},
            {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387,
             2031539, -12391231, -16253183, -13582083},
        },
        {
            {31016211, -16722429, 26371392, -14451233, -5027349, 14854137,
             17477601, 3842657, 28012650, -16405420},
            {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560,
             -9189873, 16292057, -8867157, 3507940},
            {29439664, 3537914, 23333589, 6997794, -17555561, -11018068,
             -15209202, -15051267, -9164929, 6580396},
        },
    },
    {
        {
            {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611,
             17860444, -9273846, -2095802, 9304567},
            {20714564, -4336911, 29088195, 7406487, 11426967, -5095705,
             14792667, -14608617, 5289421, -477127},
            {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462,
             17271490, 12349094, 26939669, -3752294},
        },
        {
            {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525,
             -27283495, -12348559, -3698806, 117887},
            {22263325, -6560050, 3984570, -11174646, -15114008, -566785,
             28311253, 5358056, -23319780, 541964},
            {16259219, 3261970, 2309254, -15534474, -16885711, -4581916,
             24134070, -16705829, -13337066, -13552195},
        },
        {
            {9378160, -13140186, -22845982, -12745264, 28198281, -7244098,
             -2399684, -717351, 690426, 14876244},
            {24977353, -314384, -8223969, -13465086, 28432343, -1176353,
             -13068804, -12297348, -22380984, 6618999},
            {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193,
             8044829, -13817328, 32239829, -5652762},
        },
        {
            {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647,
             -10350059, 32779359, 5095274},
            {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423,
             -24601656, 14506724, 21639561, -2630236},
            {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318,
             -1289502, -6863535, 17874574, 558605},
        },
        {
            {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700,
             33499487, 5080151, 2085892, 5119761},
            {-22205145, -2519528, -16381601, 414691, -25019550, 2170430,
             30634760, -8363614, -31999993, -5759884},
            {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256,
             27534430, -7192145, -22351378, 12961482},
        },
        {
            {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287,
             16533930, 8206996, -30194652, -5159638},
            {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630,
             7031275, 7589640, 8945490},
            {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393,
             7251489, -11182180, 24099109, -14456170},
        },
        {
            {5019558, -7907470, 4244127, -14714356, -26933272, 6453165,
             -19118182, -13289025, -6231896, -10280736},
            {10853594, 10721687, 26480089, 5861829, -22995819, 1972175,
             -1866647, -10557898, -3363451, -6441124},
            {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661,
             -2008168, -13866408, 7421392},
        },
        {
            {8139927, -6546497, 32257646, -5890546, 30375719, 1886181,
             -21175108, 15441252, 28826358, -4123029},
            {6267086, 9695052, 7709135, -16603597, -32869068, -1886135,
             14795160, -7840124, 13746021, -1742048},
            {28584902, 7787108, -6732942, -15050729, 22846041, -7571236,
             -3181936, -363524, 4771362, -8419958},
        },
    },
    {
        {
            {24949256, 6376279, -27466481, -8174608, -18646154, -9930606,
             33543569, -12141695, 3569627, 11342593},
            {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886,
             4608608, 7325975, -14801071},
            {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312,
             -27400540, 10258390, -17646694, -8186692},
        },
        {
            {11431204, 15823007, 26570245, 14329124, 18029990, 4796082,
             -31446179, 15580664, 9280358, -3973687},
            {-160783, -10326257, -22855316, -4304997, -20861367, -13621002,
             -32810901, -11181622, -15545091, 4387441},
            {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370,
             -24513992, 8548137, 20617071, -7482001},
        },
        {
            {-938825, -3930586, -8714311, 16124718, 24603125, -6225393,
             -13775352, -11875822, 24345683, 10325460},
            {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528,
             16318175, -1010689, 4766743, 3552007},
            {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514,
             14481909, 10988822, -3994762},
        },
        {
            {15564307, -14311570, 3101243, 5684148, 30446780, -8051356,
             12677127, -6505343, -8295852, 13296005},
            {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379,
             31521204, 9614054, -30000824, 12074674},
            {4771191, -135239, 14290749, -13089852, 27992298, 14998318,
             -1413936, -1556716, 29832613, -16391035},
        },
        {
            {7064884, -7541174, -19161962, -5067537, -18891269, -2912736,
             25825242, 5293297, -27122660, 13101590},
            {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445,
             32512469, -5317593, -30356070, -4190957},
            {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044,
             14413974, 9515896, 19568978, 9628812},
        },
        {
            {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894,
             -6106839, -6291786, 3437740},
            {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290,
             -22961733, 70104, 7463304, 4176122},
            {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117,
             -32719404, -5322751, 24216882, 5944158},
        },
        {
            {8894125, 7450974, -2664149, -9765752, -28080517, -12389115,
             19345746, 14680796, 11632993, 5847885},
            {26942781, -2315317, 9129564, -4906607, 26024105, 11769399,
             -11518837, 6367194, -9727230, 4782140},
            {19916461, -4828410, -22910704, -11414391, 25606324, -5972441,
             33253853, 8220911, 6358847, -1873857},
        },
        {
            {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388,
             -4480480, -13538503, 1387155},
            {19646058, 5720633, -11416706, 12814209, 11607948, 12749789,
             14147075, 15156355, -21866831, 11835260},
            {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523,
             15467869, -26560550, 5052483},
        },
    },
    {
        {
            {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123,
             -12618185, 12228557, -7003677},
            {32944382, 14922211, -22844894, 5188528, 21913450, -8719943,
             4001465, 13238564, -6114803, 8653815},
            {22865569, -4652735, 27603668, -12545395, 14348958, 8234005,
             24808405, 5719875, 28483275, 2841751},
        },
        {
            {-16420968, -1113305, -327719, -12107856, 21886282, -15552774,
             -1887966, -315658, 19932058, -12739203},
            {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912,
             3999228, 13239134, -4777469, -13910208},
            {1382174, -11694719, 17266790, 9194690, -13324356, 9720081,
             20403944, 11284705, -14013818, 3093230},
        },
        {
            {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424,
             16271225, -24049421, -6691850},
            {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293,
             24123614, 15193618, -21652117, -16739389},
            {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484,
             31870908, 14690798, 17361620, 11864968},
        },
        {
            {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200,
             -12331205, -7486601, -25578460, -16240689},
            {14668462, -12270235, 26039039, 15305210, 25515617, 4542480,
             10453892, 6577524, 9145645, -6443880},
            {5974874, 3053895, -9433049, -10385191, -31865124, 3225009,
             -7972642, 3936128, -5652273, -3050304},
        },
        {
            {30625386, -4729400, -25555961, -12792866, -20484575, 7695099,
             17097188, -16303496, -27999779, 1803632},
            {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700,
             14911344, 12196514, -21405489, 7047412},
            {20093277, 9920966, -11138194, -5343857, 13161587, 12044805,
             -32856851, 4124601, -32343828, -10257566},
        },
        {
            {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605,
             4752377, -8714640, -21679658, 2288038},
            {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457,
             29457502, 14625692, -24819617, 12570232},
            {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109,
             -21159943, -3498680, -11974704, 4724943},
        },
        {
            {17960970, -11775534, -4140968, -9702530, -8876562, -1410617,
             -12907383, -8659932, -29576300, 1903856},
            {23134274, -14279132, -10681997, -1611936, 20684485, 15770816,
             -12989750, 3190296, 26955097, 14109738},
            {15308788, 5320727, -30113809, -14318877, 22902008, 7767164,
             29425325, -11277562, 31960942, 11934971},
        },
        {
            {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669,
             20638173, 4875028, 10491392, 1379718},
            {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801,
             33518459, 16176658, 21432314, 12180697},
            {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205,
             1465425, 12689540, -10301319, -13872883},
        },
    },
    {
        {
            {5414091, -15386041, -21007664, 9643570, 12834970, 1186149,
             -2622916, -1342231, 26128231, 6032912},
            {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156,
             3604025, 8316894, -25875034, -10437358},
            {3296484, 6223048, 24680646, -12246460, -23052020, 5903205,
             -8862297, -4639164, 12376617, 3188849},
        },
        {
            {29190488, -14659046, 27549113, -1183516, 3520066, -10697301,
             32049515, -7309113, -16109234, -9852307},
            {-14744486, -9309156, 735818, -598978, -20407687, -5057904,
             25246078, -15795669, 18640741, -960977},
            {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252,
             -31638386, -494430, 10530747, 1053335},
        },
        {
            {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384,
             -31462369, -2948985, 24018831, 15026644},
            {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631,
             25310643, 13003497, -2314791, -15145616},
            {-27419985, -603321, -8043984, -1669117, -26092265, 13987819,
             -27297622, 187899, -23166419, -2531735},
        },
        {
            {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473,
             9716667, 16266922, -5070217, 726099},
            {29370922, -6053998, 7334071, -15342259, 9385287, 2247707,
             -13661962, -4839461, 30007388, -15823341},
            {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109,
             730663, 9835848, 4555336},
        },
        {
            {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977,
             17693930, 544696, -11985298, 12422646},
            {31117226, -12215734, -13502838, 6561947, -9876867, -12757670,
             -5118685, -4096706, 29120153, 13924425},
            {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820,
             -9383939, -11317700, 7240931, -237388},
        },
        {
            {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771,
             1222336, 4389483, 3293637, -15551743},
            {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533,
             -24319580, 7733547, 12796905, -6335822},
            {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811,
             -28253339, 3647836, 3222231, -11160462},
        },
        {
            {18606113, 1693100, -25448386, -15170272, 4112353, 10045021,
             23603893, -2048234, -7550776, 2484985},
            {9255317, -3131197, -12156162, -1004256, 13098013, -9214866,
             16377220, -2102812, -19802075, -3034702},
            {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502,
             -31718148, 9936966, -30097688, -10618797},
        },
        {
            {21878590, -5001297, 4338336, 13643897, -3036865, 13160960,
             19708896, 5415497, -7360503, -4109293},
            {27736861, 10103576, 12500508, 8502413, -3413016, -9633558,
             10436918, -1550276, -23659143, -8132100},
            {19492550, -12104365, -29681976, -852630, -3208171, 12403437,
             30066266, 8367329, 13243957, 8709688},
        },
    },
    {
        {
            {12015105, 2801261, 28198131, 10151021, 24818120, -4743133,
             -11194191, -5645734, 5150968, 7274186},
            {2831366, -12492146, 1478975, 6122054, 23825128, -12733586,
             31097299, 6083058, 31021603, -9793610},
            {-2529932, -2229646, 445613, 10720828, -13849527, -11505937,
             -23507731, 16354465, 15067285, -14147707},
        },
        {
            {7840942, 14037873, -33364863, 15934016, -728213, -3642706,
             21403988, 1057586, -19379462, -12403220},
            {915865, -16469274, 15608285, -8789130, -24357026, 6060030,
             -17371319, 8410997, -7220461, 16527025},
            {32922597, -556987, 20336074, -16184568, 10903705, -5384487,
             16957574, 52992, 23834301, 6588044},
        },
        {
            {32752030, 11232950, 3381995, -8714866, 22652988, -10744103,
             17159699, 16689107, -20314580, -1305992},
            {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943,
             7924251, -2752281, 1976123, -7249027},
            {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041,
             -3371252, 12331345, -8237197},
        },
        {
            {8651614, -4477032, -16085636, -4996994, 13002507, 2950805,
             29054427, -5106970, 10008136, -4667901},
            {31486080, 15114593, -14261250, 12951354, 14369431, -7387845,
             16347321, -13662089, 8684155, -10532952},
            {19443825, 11385320, 24468943, -9659068, -23919258, 2187569,
             -26263207, -6086921, 31316348, 14219878},
        },
        {
            {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801,
             27146014, 6992409, 29126555, 9207390},
            {32382935, 1110093, 18477781, 11028262, -27411763, -7548111,
             -4980517, 10843782, -7957600, -14435730},
            {2814918, 7836403, 27519878, -7868156, -20894015, -11553689,
             -21494559, 8550130, 28346258, 1994730},
        },
        {
            {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307,
             -19516951, 7174894, 22628102, 8115180},
            {-30405132, 955511, -11133838, -15078069, -32447087, -13278079,
             -25651578, 3317160, -9943017, 930272},
            {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177,
             24091212, -1388970, -22765376, -10650715},
        },
        {
            {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053,
             -14839018, -16554220, -1867018, 8398970},
            {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670,
             22981545, -6291273, 18009408, -15772772},
            {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469,
             29551787, -3727419, 19288549, 1325865},
        },
        {
            {15100157, -15835752, -23923978, -1005098, -26450192, 15509408,
             12376730, -3479146, 33166107, -8042750},
            {20909231, 13023121, -9209752, 16251778, -5778415, -8094914,
             12412151, 10018715, 2213263, -13878373},
            {32529814, -11074689, 30361439, -16689753, -9135940, 1513226,
             22922121, 6382134, -5766928, 8371348},
        },
    },
    {
        {
            {9923462, 11271500, 12616794, 3544722, -29998368, -1721626,
             12891687, -8193132, -26442943, 10486144},
            {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726,
             2610596, -23921530, -11455195},
            {5408411, -1136691, -4969122, 10561668, 24145918, 14240566,
             31319731, -4235541, 19985175, -3436086},
        },
        {
            {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976,
             -17577068, 8849297, 65030, 8370684},
            {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277,
             -19442942, 6922164, 12743482, -9800518},
            {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717,
             23783145, 11038569, 18800704, 255233},
        },
        {
            {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847,
             9066957, 19258688, -14753793},
            {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541,
             -31934921, 2209390, -1524053, 2055794},
            {580882, 16705327, 5468415, -2683018, -30926419, -14696000,
             -7203346, -8994389, -30021019, 7394435},
        },
        {
            {23838809, 1822728, -15738443, 15242727, 8318092, -3733104,
             -21672180, -3492205, -4821741, 14799921},
            {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804,
             13496856, -9056018, 7402518},
            {2286874, -4435931, -20042458, -2008336, -13696227, 5038122,
             11006906, -15760352, 8205061, 1607563},
        },
        {
            {14414086, -8002132, 3331830, -3208217, 22249151, -5594188,
             18364661, -2906958, 30019587, -9029278},
            {-27688051, 1585953, -10775053, 931069, -29120221, -11002319,
             -14410829, 12029093, 9944378, 8024},
            {4368715, -3709630, 29874200, -15022983, -20230386, -11410704,
             -16114594, -999085, -8142388, 5640030},
        },
        {
            {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887,
             -16694564, 15219798, -14327783},
            {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605,
             -1173195, -18342183, 9742717},
            {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614,
             7406442, 12420155, 1994844},
        },
        {
            {14012521, -5024720, -18384453, -9578469, -26485342, -3936439,
             -13033478, -10909803, 24319929, -6446333},
            {16412690, -4507367, 10772641, 15929391, -17068788, -4658621,
             10555945, -10484049, -30102368, -4739048},
            {22397382, -7767684, -9293161, -12792868, 17166287, -9755136,
             -27333065, 6199366, 21880021, -12250760},
        },
        {
            {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128,
             16557151, 8890729, 8840445, 4957760},
            {-15447727, 709327, -6919446, -10870178, -29777922, 6522332,
             -21720181, 12130072, -14796503, 5005757},
            {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752,
             10183197, -13239326, -16395286, -2176112},
        },
    },
    {
        {
            {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537,
             -32013908, -3057104, 22208662, 2000468},
            {3065073, -1412761, -25598674, -361432, -17683065, -5703415,
             -8164212, 11248527, -3691214, -7414184},
            {10379208, -6045554, 8877319, 1473647, -29291284, -12507580,
             16690915, 2553332, -3132688, 16400289},
        },
        {
            {15716668, 1254266, -18472690, 7446274, -8448918, 6344164,
             -22097271, -7285580, 26894937, 9132066},
            {24158887, 12938817, 11085297, -8177598, -28063478, -4457083,
             -30576463, 64452, -6817084, -2692882},
            {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710,
             -3418511, -4688006, 2364226},
        },
        {
            {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024,
             -11697457, 15445875, -7798101},
            {29004207, -7867081, 28661402, -640412, -12794003, -7943086,
             31863255, -4135540, -278050, -15759279},
            {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829,
             10343412, -6976290, -29828287, -10815811},
        },
        {
            {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636,
             15372179, 17293797, 960709},
            {20263915, 11434237, -5765435, 11236810, 13505955, -10857102,
             -16111345, 6493122, -19384511, 7639714},
            {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699,
             18006287, -16043750, 29994677, -15808121},
        },
        {
            {9769828, 5202651, -24157398, -13631392, -28051003, -11561624,
             -24613141, -13860782, -31184575, 709464},
            {12286395, 13076066, -21775189, -1176622, -25003198, 4057652,
             -32018128, -8890874, 16102007, 13205847},
            {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170,
             8525972, 10151379, 10394400},
        },
        {
            {4024660, -16137551, 22436262, 12276534, -9099015, -2686099,
             19698229, 11743039, -33302334, 8934414},
            {-15879800, -4525240, -8580747, -2934061, 14634845, -698278,
             -9449077, 3137094, -11536886, 11721158},
            {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229,
             8835153, -9205489, -1280045},
        },
        {
            {-461409, -7830014, 20614118, 16688288, -7514766, -4807119,
             22300304, 505429, 6108462, -6183415},
            {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642,
             29880583, -13483331, -26898490, -7867459},
            {-31975283, 5726539, 26934134, 10237677, -3173717, -605053,
             24199304, 3795095, 7592688, -14992079},
        },
        {
            {21594432, -14964228, 17466408, -4077222, 32537084, 2739898,
             6407723, 12018833, -28256052, 4298412},
            {-20650503, -11961496, -27236275, 570498, 3767144, -1717540,
             13891942, -1569194, 13717174, 10805743},
            {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568,
             -796431, 14860609, -26938930, -5863836},
        },
    },
    {
        {
            {12962541, 5311799, -10060768, 11658280, 18855286, -7954201,
             13286263, -12808704, -4381056, 9882022},
            {18512079, 11319350, -20123124, 15090309, 18818594, 5271736,
             -22727904, 3666879, -23967430, -3299429},
            {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114,
             -10084880, -6661110, -2403099, 5276065},
        },
        {
            {30169808, -5317648, 26306206, -11750859, 27814964, 7069267,
             7152851, 3684982, 1449224, 13082861},
            {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382,
             15056736, -21016438, -8202000},
            {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665,
             -26171976, 6482814, -10300080, -11060101},
        },
        {
            {32869458, -5408545, 25609743, 15678670, -10687769, -15471071,
             26112421, 2521008, -22664288, 6904815},
            {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737,
             3841096, -29003639, -6657642},
            {10340844, -6630377, -18656632, -2278430, 12621151, -13339055,
             30878497, -11824370, -25584551, 5181966},
        },
        {
            {25940115, -12658025, 17324188, -10307374, -8671468, 15029094,
             24396252, -16450922, -2322852, -12388574},
            {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390,
             12641087, 20603771, -6561742},
            {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874,
             1925523, 11914390, 4662781, 7820689},
        },
        {
            {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456,
             12172924, 16136752, 15264020},
            {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780,
             10658213, 6671822, 19012087, 3772772},
            {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732,
             -15762884, 20527771, 12988982},
        },
        {
            {-14822485, -5797269, -3707987, 12689773, -898983, -10914866,
             -24183046, -10564943, 3299665, -12424953},
            {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197,
             6461331, -25583147, 8991218},
            {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991,
             -32948145, 7417950, -30242287, 1507265},
        },
        {
            {29692663, 6829891, -10498800, 4334896, 20945975, -11906496,
             -28887608, 8209391, 14606362, -10647073},
            {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695,
             9761487, 4170404, -2085325},
            {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046,
             22186522, 16002000, -14276837, -8400798},
        },
        {
            {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047,
             -7113572, -9620092, 13240845, 10965870},
            {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166,
             4498947, 14147411, 29514390, 4302863},
            {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368,
             -5061276, -2144373, 17846988, -13971927},
        },
    },
    {
        {
            {-2244452, -754728, -4597030, -1066309, -6247172, 1455299,
             -21647728, -9214789, -5222701, 12650267},
            {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813,
             13770293, -19134326, 10958663},
            {22470984, 12369526, 23446014, -5441109, -21520802, -9698723,
             -11772496, -11574455, -25083830, 4271862},
        },
        {
            {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192,
             75375, -4278529, -32526221, 8469673},
            {15854970, 4148314, -8893890, 7259002, 11666551, 13824734,
             -30531198, 2697372, 24154791, -9460943},
            {15446137, -15806644, 29759747, 14019369, 30811221, -9610191,
             -31582008, 12840104, 24913809, 9815020},
        },
        {
            {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414,
             -9103676, 13438769, 18735128, 9466238},
            {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821,
             -10896103, -22728655, 16199064},
            {14576810, 379472, -26786533, -8317236, -29426508, -10812974,
             -102766, 1876699, 30801119, 2164795},
        },
        {
            {15995086, 3199873, 13672555, 13712240, -19378835, -4647646,
             -13081610, -15496269, -13492807, 1268052},
            {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475,
             -3470338, -12600221, -17055369, 3565904},
            {29210088, -9419337, -5919792, -4952785, 10834811, -13327726,
             -16512102, -10820713, -27162222, -14030531},
        },
        {
            {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123,
             -29183421, -3769423, 2244111, -14001979},
            {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434,
             -25673088, -16180800, 13491506, 4641841},
            {10813417, 643330, -19188515, -728916, 30292062, -16600078,
             27548447, -7721242, 14476989, -12767431},
        },
        {
            {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937,
             -1644259, -27912810, 12651324},
            {-31185513, -813383, 22271204, 11835308, 10201545, 15351028,
             17099662, 3988035, 21721536, -3148940},
            {10202177, -6545839, -31373232, -9574638, -32150642, -8119683,
             -12906320, 3852694, 13216206, 14842320},
        },
        {
            {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778,
             -31500847, 13765824, -27434397, 9900184},
            {14465505, -13833331, -32133984, -14738873, -27443187, 12990492,
             33046193, 15796406, -7051866, -8040114},
            {30924417, -8279620, 6359016, -12816335, 16508377, 9071735,
             -25488601, 15413635, 9524356, -7018878},
        },
        {
            {12274201, -13175547, 32627641, -1785326, 6736625, 13267305,
             5237659, -5109483, 15663516, 4035784},
            {-2951309, 8903985, 17349946, 601635, -16432815, -4612556,
             -13732739, -15889334, -22258478, 4659091},
            {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498,
             5736189, 15026997, -2178256, -13455585},
        },
    },
    {
        {
            {-8858980, -2219056, 28571666, -10155518, -474467, -10105698,
             -3801496, 278095, 23440562, -290208},
            {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275,
             11551483, -16571960, -7442864},
            {17932739, -12437276, -24039557, 10749060, 11316803, 7535897,
             22503767, 5561594, -3646624, 3898661},
        },
        {
            {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531,
             7152530, 21831162, 1245233},
            {26958459, -14658026, 4314586, 8346991, -5677764, 11960072,
             -32589295, -620035, -30402091, -16716212},
            {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535,
             6280834, 14587357, -22338025, 13987525},
        },
        {
            {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778,
             -4300898, -5124639, -7469781, -2858068},
            {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781,
             6439245, -14581012, 4091397},
            {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623,
             -19622683, 12092163, 29077877, -14741988},
        },
        {
            {5269168, -6859726, -13230211, -8020715, 25932563, 1763552,
             -5606110, -5505881, -20017847, 2357889},
            {32264008, -15407652, -5387735, -1160093, -2091322, -3946900,
             23104804, -12869908, 5727338, 189038},
            {14609123, -8954470, -6000566, -16622781, -14577387, -7743898,
             -26745169, 10942115, -25888931, -14884697},
        },
        {
            {20513500, 5557931, -15604613, 7829531, 26413943, -2019404,
             -21378968, 7471781, 13913677, -5137875},
            {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227,
             -8940970, 14059180, 12878652, 8511905},
            {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908,
             -30223418, 6812974, 5568676, -3127656},
        },
        {
            {11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
             -17408753, -13504373, -14395196, 8070818},
            {27117696, -10007378, -31282771, -5570088, 1127282, 12772488,
             -29845906, 10483306, -11552749, -1028714},
            {10637467, -5688064, 5674781, 1072708, -26343588, -6982302,
             -1683975, 9177853, -27493162, 15431203},
        },
        {
            {20525145, 10892566, -12742472, 12779443, -29493034, 16150075,
             -28240519, 14943142, -15056790, -7935931},
            {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767,
             -3239766, -3356550, 9594024},
            {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683,
             -6492290, 13352335, -10977084},
        },
        {
            {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091,
             -29783850, -7752482, -13215537, -319204},
            {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742,
             15077870, -22750759, 14523817},
            {27406042, -6041657, 27423596, -4497394, 4996214, 10002360,
             -28842031, -4545494, -30172742, -4805667},
        },
    },
    {
        {
            {11374242, 12660715, 17861383, -12540833, 10935568, 1099227,
             -13886076, -9091740, -27727044, 11358504},
            {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702,
             32676003, 11149336, -26123651, 4985768},
            {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043,
             13794114, -19414307, -15621255},
        },
        {
            {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603,
             6970005, -1691065, -9004790},
            {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622,
             -5475723, -16796596, -5031438},
            {-22273315, -13524424, -64685, -4334223, -18605636, -10921968,
             -20571065, -7007978, -99853, -10237333},
        },
        {
            {17747465, 10039260, 19368299, -4050591, -20630635, -16041286,
             31992683, -15857976, -29260363, -5511971},
            {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999,
             -3744247, 4882242, -10626905},
            {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198,
             3272828, -5190932, -4162409},
        },
        {
            {12501286, 4044383, -8612957, -13392385, -32430052, 5136599,
             -19230378, -3529697, 330070, -3659409},
            {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522,
             -8573892, -271295, 12071499},
            {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927,
             -32769618, 1936675, -5159697, 3829363},
        },
        {
            {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550,
             -6567787, 26333140, 14267664},
            {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312,
             10004786, -8709488, -21761224, 8930324},
            {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919,
             1541940, 4757911, -26491501, -16408940},
        },
        {
            {13537262, -7759490, -20604840, 10961927, -5922820, -13218065,
             -13156584, 6217254, -15943699, 13814990},
            {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681,
             9257833, -1956526, -1776914},
            {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556,
             -29171540, 12361135, -18685978, 4578290},
        },
        {
            {24579768, 3711570, 1342322, -11180126, -27005135, 14124956,
             -22544529, 14074919, 21964432, 8235257},
            {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420,
             -2981514, -1669206, 13006806, 2355433},
            {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083,
             27202044, 1719366, 1141648, -12796236},
        },
        {
            {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894,
             13475066, -3133972, 32674895, 13715045},
            {11423335, -5468059, 32344216, 8962751, 24989809, 9241752,
             -13265253, 16086212, -28740881, -15642093},
            {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160,
             -11709148, 7791794, -27245943, 4383347},
        },
    },
    {
        {
            {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599,
             -4862407, -4906449, 27193557, 6245191},
            {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898,
             3260492, 22510453, 8577507},
            {-12632451, 11257346, -32692994, 13548177, -721004, 10879011,
             31168030, 13952092, -29571492, -3635906},
        },
        {
            {3877321, -9572739, 32416692, 5405324, -11004407, -13656635,
             3759769, 11935320, 5611860, 8164018},
            {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718,
             32003002, -8832289, 5773085, -8422109},
            {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725,
             12376320, 31632953, 190926},
        },
        {
            {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328,
             -8288749, 4508564, -25341555, -3627528},
            {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941,
             -14786005, -1672488, 827625},
            {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080,
             -1800575, -14108036, -24878478, 1541286},
        },
        {
            {2901347, -1117687, 3880376, -10059388, -17620940, -3612781,
             -21802117, -3567481, 20456845, -1885033},
            {27019610, 12299467, -13658288, -1603234, -12861660, -4861471,
             -19540150, -5016058, 29439641, 15138866},
            {21536104, -6626420, -32447818, -10690208, -22408077, 5175814,
             -5420040, -16361163, 7779328, 109896},
        },
        {
            {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390,
             12180118, 23177719, -554075},
            {26572847, 3405927, -31701700, 12890905, -19265668, 5335866,
             -6493768, 2378492, 4439158, -13279347},
            {-22716706, 3489070, -9225266, -332753, 18875722, -1140095,
             14819434, -12731527, -17717757, -5461437},
        },
        {
            {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060,
             -820954, 2177225, 8550082, -15114165},
            {-18473302, 16596775, -381660, 15663611, 22860960, 15585581,
             -27844109, -3582739, -23260460, -8428588},
            {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815,
             -22725137, 15860482, -21902570, 1494193},
        },
        {
            {-19562091, -14087393, -25583872, -9299552, 13127842, 759709,
             21923482, 16529112, 8742704, 12967017},
            {-28464899, 1553205, 32536856, -10473729, -24691605, -406174,
             -8914625, -2933896, -29903758, 15553883},
            {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572,
             14513274, 19375923, -12647961},
        },
        {
            {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818,
             -6222716, 2862653, 9455043},
            {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124,
             -2990080, 15511449, 4789663},
            {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736,
             -5754762, 108893, 23513200, 16652362},
        },
    },
    {
        {
            {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542,
             -6650416, -12936300, -18319198, 10212860},
            {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801,
             2600940, -9988298, -12506466},
            {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657,
             11344424, 864440, -2499677, -16710063},
        },
        {
            {-26432803, 6148329, -17184412, -14474154, 18782929, -275997,
             -22561534, 211300, 2719757, 4940997},
            {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207,
             21690126, 8518463, 26699843, 5276295},
            {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586,
             149635, -15452774, 7159369},
        },
        {
            {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009,
             8312176, 22477218, -8403385},
            {18155857, -16504990, 19744716, 9006923, 15154154, -10538976,
             24256460, -4864995, -22548173, 9334109},
            {2986088, -4911893, 10776628, -3473844, 10620590, -7083203,
             -21413845, 14253545, -22587149, 536906},
        },
        {
            {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551,
             10589625, 10838060, -15420424},
            {-19342404, 867880, 9277171, -3218459, -14431572, -1986443,
             19295826, -15796950, 6378260, 699185},
            {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039,
             15693155, -5045064, -13373962},
        },
        {
            {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616,
             31730678, -10962840, -3918636, -9669325},
            {10188286, -15770834, -7336361, 13427543, 22223443, 14896287,
             30743455, 7116568, -21786507, 5427593},
            {696102, 13206899, 27047647, -10632082, 15285305, -9853179,
             10798490, -4578720, 19236243, 12477404},
        },
        {
            {-11229439, 11243796, -17054270, -8040865, -788228, -8167967,
             -3897669, 11180504, -23169516, 7733644},
            {17800790, -14036179, -27000429, -11766671, 23887827, 3149671,
             23466177, -10538171, 10322027, 15313801},
            {26246234, 11968874, 32263343, -5468728, 6830755, -13323031,
             -15794704, -101982, -24449242, 10890804},
        },
        {
            {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544,
             -14982212, 16484931, 25180797, -5334884},
            {-586574, 10376444, -32586414, -11286356, 19801893, 10997610,
             2276632, 9482883, 316878, 13820577},
            {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996,
             30756178, -7515054, 30696930, -3712849},
        },
        {
            {32988917, -9603412, 12499366, 7910787, -10617257, -11931514,
             -7342816, -9985397, -32349517, 7392473},
            {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781,
             -30409476, -9134995, 25112947, -2926644},
            {-2504044, -436966, 25621774, -5678772, 15085042, -5479877,
             -24884878, -13526194, 5537438, -13914319},
        },
    },
    {
        {
            {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648,
             -14876251, -1729667, 31234590, 6090599},
            {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721,
             15878753, -6970405, -9034768},
            {-27757857, 247744, -15194774, -9002551, 23288161, -10011936,
             -23869595, 6503646, 20650474, 1804084},
        },
        {
            {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995,
             -10329713, 27842616, -202328},
            {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656,
             5031932, -11375082, 12714369},
            {20807691, -7270825, 29286141, 11421711, -27876523, -13868230,
             -21227475, 1035546, -19733229, 12796920},
        },
        {
            {12076899, -14301286, -8785001, -11848922, -25012791, 16400684,
             -17591495, -12899438, 3480665, -15182815},
            {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545,
             -24363064, -15921875, -33374054, 2771025},
            {-21389266, 421932, 26597266, 6860826, 22486084, -6737172,
             -17137485, -4210226, -24552282, 15673397},
        },
        {
            {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893,
             -20271184, 4733254, 3727144, -12934448},
            {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594,
             7975683, 31123697, -10958981},
            {30069250, -11435332, 30434654, 2958439, 18399564, -976289,
             12296869, 9204260, -16432438, 9648165},
        },
        {
            {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266,
             5248604, -26008332, -11377501},
            {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711,
             15298639, 2662509, -16297073},
            {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326,
             32087529, -1222777, 32247248, -14389861},
        },
        {
            {14312628, 1221556, 17395390, -8700143, -4945741, -8684635,
             -28197744, -9637817, -16027623, -13378845},
            {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502,
             9803137, 17597934, 2346211},
            {18510800, 15337574, 26171504, 981392, -22241552, 7827556,
             -23491134, -11323352, 3059833, -11782870},
        },
        {
            {10141598, 6082907, 17829293, -1947643, 9830092, 13613136,
             -25556636, -5544586, -33502212, 3592096},
            {33114168, -15889352, -26525686, -13343397, 33076705, 8716171,
             1151462, 1521897, -982665, -6837803},
            {-32939165, -4255815, 23947181, -324178, -33072974, -12305637,
             -16637686, 3891704, 26353178, 693168},
        },
        {
            {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294,
             -400668, 31375464, 14369965},
            {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728,
             32732230, -13108839, 17901441, 16011505},
            {18171223, -11934626, -12500402, 15197122, -11038147, -15230035,
             -19172240, -16046376, 8764035, 12309598},
        },
    },
    {
        {
            {5975908, -5243188, -19459362, -9681747, -11541277, 14015782,
             -23665757, 1228319, 17544096, -10593782},
            {5811932, -1715293, 3442887, -2269310, -18367348, -8359541,
             -18044043, -15410127, -5565381, 12348900},
            {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274,
             -24849353, 8141295, -10632534, -585479},
        },
        {
            {-12675304, 694026, -5076145, 13300344, 14015258, -14451394,
             -9698672, -11329050, 30944593, 1130208},
            {8247766, -6710942, -26562381, -7709309, -14401939, -14648910,
             4652152, 2488540, 23550156, -271232},
            {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737,
             -5908146, -408818, -137719},
        },
        {
            {16091085, -16253926, 18599252, 7340678, 2137637, -1221657,
             -3364161, 14550936, 3260525, -7166271},
            {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596,
             -23028869, -13204905, -12748722, 2701326},
            {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432,
             -10018363, 9276971, 11329923, 1862132},
        },
        {
            {14763076, -15903608, -30918270, 3689867, 3511892, 10313526,
             -21951088, 12219231, -9037963, -940300},
            {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216,
             -2909717, -15438168, 11595570},
            {15214962, 3537601, -26238722, -14058872, 4418657, -15230761,
             13947276, 10730794, -13489462, -4363670},
        },
        {
            {-2538306, 7682793, 32759013, 263109, -29984731, -7955452,
             -22332124, -10188635, 977108, 699994},
            {-12466472, 4195084, -9211532, 550904, -15565337, 12917920,
             19118110, -439841, -30534533, -14337913},
            {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237,
             -10051775, 12493932, -5409317},
        },
        {
            {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087,
             27218280, 2607121, 29375955, 6024730},
            {842132, -2794693, -4763381, -8722815, 26332018, -12405641,
             11831880, 6985184, -9940361, 2854096},
            {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645,
             960770, 12121869, 16648078},
        },
        {
            {-15218652, 14667096, -13336229, 2013717, 30598287, -464137,
             -31504922, -7882064, 20237806, 2838411},
            {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604,
             12544294, -13470457, 1068881, -12499905},
            {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596,
             -8486907, -2630053, 12521378, 4845654},
        },
        {
            {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600,
             3409348, -873400, -6482306, -12885870},
            {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172,
             10477734, -1240216, -3113227, 13974498},
            {12966261, 15550616, -32038948, -1615346, 21025980, -629444,
             5642325, 7188737, 18895762, 12629579},
        },
    },
    {
        {
            {14741879, -14946887, 22177208, -11721237, 1279741, 8058600,
             11758140, 789443, 32195181, 3895677},
            {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575,
             -3566119, -8982069, 4429647},
            {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220,
             -7135870, -11642895, 18047436, -15281743},
        },
        {
            {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455,
             10993114, -12850837, -17620701, -9408468},
            {21987233, 700364, -24505048, 14972008, -7774265, -5718395,
             32155026, 2581431, -29958985, 8773375},
            {-25568350, 454463, -13211935, 16126715, 25240068, 8594567,
             20656846, 12017935, -7874389, -13920155},
        },
        {
            {6028182, 6263078, -31011806, -11301710, -818919, 2461772,
             -31841174, -5468042, -1721788, -2776725},
            {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845,
             -4166698, 28408820, 6816612},
            {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817,
             20613181, 13982702, -10339570, 5067943},
        },
        {
            {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951,
             -19719286, 12746132, 5331210, -10105944},
            {30528811, 3601899, -1957090, 4619785, -27361822, -15436388,
             24180793, -12570394, 27679908, -1648928},
            {9402404, -13957065, 32834043, 10838634, -26580150, -13237195,
             26653274, -8685565, 22611444, -12715406},
        },
        {
            {22190590, 1118029, 22736441, 15130463, -30460692, -5991321,
             19189625, -4648942, 4854859, 6622139},
            {-8310738, -2953450, -8262579, -3388049, -10401731, -271929,
             13424426, -3567227, 26404409, 13001963},
            {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670,
             -26064365, -11621720, -15405155, 11020693},
        },
        {
            {1866042, -7949489, -7898649, -10301010, 12483315, 13477547,
             3175636, -12424163, 28761762, 1406734},
            {-448555, -1777666, 13018551, 3194501, -9580420, -11161737,
             24760585, -4347088, 25577411, -13378680},
            {-24290378, 4759345, -690653, -1852816, 2066747, 10693769,
             -29595790, 9884936, -9368926, 4745410},
        },
        {
            {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276,
             -15462008, -11311852, 10931924, -11931931},
            {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606,
             -22853429, 10856641, -20470770, 13434654},
            {22759489, -10073434, -16766264, -1871422, 13637442, -10168091,
             1765144, -12654326, 28445307, -5364710},
        },
        {
            {29875063, 12493613, 2795536, -3786330, 1710620, 15181182,
             -10195717, -8788675, 9074234, 1167180},
            {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294,
             -18716888, -9535498, 3843903, 9367684},
            {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123,
             8601684, -139197, 4242895},
        },
    },
    {
        {
            {22092954, -13191123, -2042793, -11968512, 32186753, -11517388,
             -6574341, 2470660, -27417366, 16625501},
            {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857,
             2602725, -27351616, 14247413},
            {6314175, -10264892, -32772502, 15957557, -10157730, 168750,
             -8618807, 14290061, 27108877, -1180880},
        },
        {
            {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596,
             33547976, -11058889, -27148451, 981874},
            {22833440, 9293594, -32649448, -13618667, -9136966, 14756819,
             -22928859, -13970780, -10479804, -16197962},
            {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060,
             22680049, 13906969, -15933690, 3797899},
        },
        {
            {21721356, -4212746, -12206123, 9310182, -3882239, -13653110,
             23740224, -2709232, 20491983, -8042152},
            {9209270, -15135055, -13256557, -6167798, -731016, 15289673,
             25947805, 15286587, 30997318, -6703063},
            {7392032, 16618386, 23946583, -8039892, -13265164, -1533858,
             -14197445, -2321576, 17649998, -250080},
        },
        {
            {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752,
             -15241566, -9525724, -2233253, 7662146},
            {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295,
             7335080, -8472199, -3174674, 3440183},
            {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957,
             40450, -4431835, 4862400, 1133},
        },
        {
            {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142,
             7258061, 311861, -30594991, -7379421},
            {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763,
             16527196, 18278453, 15405622},
            {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970,
             -13313598, 843523, -21875062, 13626197},
        },
        {
            {2281448, -13487055, -10915418, -2609910, 1879358, 16164207,
             -10783882, 3953792, 13340839, 15928663},
            {31727126, -7179855, -18437503, -8283652, 2875793, -16390330,
             -25269894, -7014826, -23452306, 5964753},
            {4100420, -5959452, -17179337, 6017714, -18705837, 12227141,
             -26684835, 11344144, 2538215, -7570755},
        },
        {
            {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241,
             -20474983, 1485421, -629256, -15958862},
            {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492,
             -20205425, -13191288, 11659922, -11115118},
            {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568,
             -10170080, 33100372, -1306171},
        },
        {
            {15121113, -5201871, -10389905, 15427821, -27509937, -15992507,
             21670947, 4486675, -5931810, -14466380},
            {16166486, -9483733, -11104130, 6023908, -31926798, -1364923,
             2340060, -16254968, -10735770, -10039824},
            {28042865, -3557089, -12126526, 12259706, -3717498, -6945899,
             6766453, -8689599, 18036436, 5803270},
        },
    },
    {
        {
            {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391,
             4598332, -6159431, -14117438},
            {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183,
             696309, 50292, -20095739, 11763584},
            {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117,
             -12613632, -19773211, -10713562},
        },
        {
            {30464590, -11262872, -4127476, -12734478, 19835327, -7105613,
             -24396175, 2075773, -17020157, 992471},
            {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841,
             8080033, -11574335, -10601610},
            {19598397, 10334610, 12555054, 2555664, 18821899, -10339780,
             21873263, 16014234, 26224780, 16452269},
        },
        {
            {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804,
             -7618186, -20533829, 3698650},
            {14187449, 3448569, -10636236, -10810935, -22663880, -3433596,
             7268410, -10890444, 27394301, 12015369},
            {19695761, 16087646, 28032085, 12999827, 6817792, 11427614,
             20244189, -1312777, -13259127, -3402461},
        },
        {
            {30860103, 12735208, -1888245, -4699734, -16974906, 2256940,
             -8166013, 12298312, -8550524, -10393462},
            {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760,
             -5789354, -15118654, -4976164, 12651793},
            {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089,
             -13118820, -16517902, 9768698, -2533218},
        },
        {
            {-24719459, 1894651, -287698, -4704085, 15348719, -8156530,
             32767513, 12765450, 4940095, 10678226},
            {18860224, 15980149, -18987240, -1562570, -26233012, -11071856,
             -7843882, 13944024, -24372348, 16582019},
            {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756,
             -11704054, 15444560, -11003761, 7989037},
        },
        {
            {31490452, 5568061, -2412803, 2182383, -32336847, 4531686,
             -32078269, 6200206, -19686113, -14800171},
            {-17308668, -15879940, -31522777, -2831, -32887382, 16375549,
             8680158, -16371713, 28550068, -6857132},
            {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016,
             -30039981, 4364038, 1155602, 5988841},
        },
        {
            {21890435, -13272907, -12624011, 12154349, -7831873, 15300496,
             23148983, -4470481, 24618407, 8283181},
            {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536,
             3070187, -7025928, 1466169, 10740210},
            {-1509399, -15488185, -13503385, -10655916, 32799044, 909394,
             -13938903, -5779719, -32164649, -15327040},
        },
        {
            {3960823, -14267803, -28026090, -15918051, -19404858, 13146868,
             15567327, 951507, -3260321, -573935},
            {24740841, 5052253, -30094131, 8961361, 25877428, 6165135,
             -24368180, 14397372, -7380369, -6144105},
            {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454,
             -15441463, -14453128, -1625486, -6494814},
        },
    },
    {
        {
            {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843,
             -4885251, -9906200, -621852},
            {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374,
             1468826, -6171428, -15186581},
            {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288,
             -30404353, -9871238, -1558923, -9863646},
        },
        {
            {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958,
             14783338, -30581476, -15757844},
            {10566929, 12612572, -31944212, 11118703, -12633376, 12362879,
             21752402, 8822496, 24003793, 14264025},
            {27713862, -7355973, -11008240, 9227530, 27050101, 2504721,
             23886875, -13117525, 13958495, -5732453},
        },
        {
            {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291,
             -31889399, -10041781, 7340521, -15410068},
            {4646514, -8011124, -22766023, -11532654, 23184553, 8566613,
             31366726, -1381061, -15066784, -10375192},
            {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576,
             27584817, 3093888, -8843694, 3849921},
        },
        {
            {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958,
             32477045, -9017955, 5002294, -15550259},
            {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708,
             16489530, 13378448, -25845716, 12741426},
            {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677,
             24306472, 15852464, 28834118, -7646072},
        },
        {
            {-17335748, -9107057, -24531279, 9434953, -8472084, -583362,
             -13090771, 455841, 20461858, 5491305},
            {13669248, -16095482, -12481974, -10203039, -14569770, -11893198,
             -24995986, 11293807, -28588204, -9421832},
            {28497928, 6272777, -33022994, 14470570, 8906179, -1225630,
             18504674, -14165166, 29867745, -8795943},
        },
        {
            {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891,
             -6367600, -13175392, 22853429, -4012011},
            {24191378, 16712145, -13931797, 15217831, 14542237, 1646131,
             18603514, -11037887, 12876623, -2112447},
            {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753,
             608397, 16031844, 3723494},
        },
        {
            {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745,
             17558842, -7872890, 23896954, -4314245},
            {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064,
             7229064, -9919646, -8826859},
            {28816045, 298879, -28165016, -15920938, 19000928, -1665890,
             -12680833, -2949325, -18051778, -2082915},
        },
        {
            {16000882, -344896, 3493092, -11447198, -29504595, -13159789,
             12577740, 16041268, -19715240, 7847707},
            {10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
             -32855931, -6519018, -10020567, 3852848},
            {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598,
             16514493, -15932110, 29330899, -15076224},
        },
    },
    {
        {
            {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784,
             3303702, 15490, -27548796, 12314391},
            {15683520, -6003043, 18109120, -9980648, 15337968, -5997823,
             -16717435, 15921866, 16103996, -3731215},
            {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929,
             -19273607, 5402699, -29815713, -9841101},
        },
        {
            {23190676, 2384583, -32714340, 3462154, -29903655, -1529132,
             -11266856, 8911517, -25205859, 2739713},
            {21374101, -3554250, -33524649, 9874411, 15377179, 11831242,
             -33529904, 6134907, 4931255, 11987849},
            {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539,
             13861388, -30076310, 10117930},
        },
        {
            {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643,
             -6325503, 6704079, 12890019, 15728940},
            {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376,
             -10428139, 12885167, 8311031},
            {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191,
             26423267, 4384730, 1888765, -5435404},
        },
        {
            {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729,
             -32251644, -12707869, -19464434, -3340243},
            {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245,
             14845197, 17151279, -9854116},
            {-24830458, -12733720, -15165978, 10367250, -29530908, -265356,
             22825805, -7087279, -16866484, 16176525},
        },
        {
            {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182,
             -10363426, -28746253, -10197509},
            {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229,
             23632037, -1940610, 32808310, 1099883},
            {15030977, 5768825, -27451236, -2887299, -6427378, -15361371,
             -15277896, -6809350, 2051441, -15225865},
        },
        {
            {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398,
             -14154188, -22686354, 16633660},
            {4577086, -16752288, 13249841, -15304328, 19958763, -14537274,
             18559670, -10759549, 8402478, -9864273},
            {-28406330, -1051581, -26790155, -907698, -17212414, -11030789,
             9453451, -14980072, 17983010, 9967138},
        },
        {
            {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990,
             7806337, 17507396, 3651560},
            {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010,
             26556809, -5574557, -18553322, -11357135},
            {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121,
             8459447, -5605463, -7621941},
        },
        {
            {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813,
             -849066, 17258084, -7977739},
            {18164541, -10595176, -17154882, -1542417, 19237078, -9745295,
             23357533, -15217008, 26908270, 12150756},
            {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168,
             -5537701, -32302074, 16215819},
        },
    },
    {
        {
            {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835,
             32574489, 12532905, -7503072, -8675347},
            {-27343522, -16515468, -27151524, -10722951, 946346, 16291093,
             254968, 7168080, 21676107, -1943028},
            {21260961, -8424752, -16831886, -11920822, -23677961, 3968121,
             -3651949, -6215466, -3556191, -7913075},
        },
        {
            {16544754, 13250366, -16804428, 15546242, -4583003, 12757258,
             -2462308, -8680336, -18907032, -9662799},
            {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564,
             26820651, 16690659, 25459437, -4564609},
            {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224,
             9142795, -2391602, -6432418, -1644817},
        },
        {
            {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437,
             -27457225, -16344658, 6335692, 7249989},
            {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693,
             -30272269, 2682242, 25993170, -12478523},
            {4364628, 5930691, 32304656, -10044554, -8054781, 15091131,
             22857016, -10598955, 31820368, 15075278},
        },
        {
            {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788,
             -9650886, -17970238, 12833045},
            {19073683, 14851414, -24403169, -11860168, 7625278, 11091125,
             -19619190, 2074449, -9413939, 14905377},
            {24483667, -11935567, -2518866, -11547418, -1553130, 15355506,
             -25282080, 9253129, 27628530, -7555480},
        },
        {
            {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324,
             -9157582, -14110875, 15297016},
            {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417,
             -11864220, 8683221, 2921426},
            {18606791, 11874196, 27155355, -5281482, -24031742, 6265446,
             -25178240, -1278924, 4674690, 13890525},
        },
        {
            {13609624, 13069022, -27372361, -13055908, 24360586, 9592974,
             14977157, 9835105, 4389687, 288396},
            {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062,
             8317628, 23388070, 16052080},
            {12720016, 11937594, -31970060, -5028689, 26900120, 8561328,
             -20155687, -11632979, -14754271, -10812892},
        },
        {
            {15961858, 14150409, 26716931, -665832, -22794328, 13603569,
             11829573, 7467844, -28822128, 929275},
            {11038231, -11582396, -27310482, -7316562, -10498527, -16307831,
             -23479533, -9371869, -21393143, 2465074},
            {20017163, -4323226, 27915242, 1529148, 12396362, 15675764,
             13817261, -9658066, 2463391, -4622140},
        },
        {
            {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572,
             9583558, 12851107, 4003896, 12673717},
            {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325,
             14741514, -9103726, 7903886, 2348101},
            {24536016, -16515207, 12715592, -3862155, 1511293, 10047386,
             -3842346, -7129159, -28377538, 10048127},
        },
    },
    {
        {
            {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840,
             18873298, -7297090, -32297756, 15221632},
            {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409,
             -21343950, 2095755, 29769758, 6593415},
            {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345,
             -6118678, 30958054, 8292160},
        },
        {
            {31429822, -13959116, 29173532, 15632448, 12174511, -2760094,
             32808831, 3977186, 26143136, -3148876},
            {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633,
             -1674433, -3758243, -2304625},
            {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029,
             -1612713, -1535569, -16664475, 8194478},
        },
        {
            {27338066, -7507420, -7414224, 10140405, -19026427, -6589889,
             27277191, 8855376, 28572286, 3005164},
            {26287124, 4821776, 25476601, -4145903, -3764513, -15788984,
             -18008582, 1182479, -26094821, -13079595},
            {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192,
             -21876275, -13982627, 32208683, -1198248},
        },
        {
            {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505,
             -27315504, -10497842, -27672585, -11539858},
            {15941029, -9405932, -21367050, 8062055, 31876073, -238629,
             -15278393, -1444429, 15397331, -4130193},
            {8934485, -13485467, -23286397, -13423241, -32446090, 14047986,
             31170398, -1441021, -27505566, 15087184},
        },
        {
            {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776,
             -15502406, 11461896, 16788528, -5868942},
            {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433,
             -3770287, -10323320, 31322514, -11615635},
            {21426655, -5650218, -13648287, -5347537, -28812189, -4920970,
             -18275391, -14621414, 13040862, -12112948},
        },
        {
            {11293895, 12478086, -27136401, 15083750, -29307421, 14748872,
             14555558, -13417103, 1613711, 4896935},
            {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460,
             2825960, -4897045, -23971776, -11267415},
            {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618,
             20615400, 12405433, -23753030, -8436416},
        },
        {
            {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801,
             4378436, 2432030, 23097949, -566018},
            {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264,
             10103221, -18512313, 2424778},
            {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678,
             1344109, -3642553, 12412659},
        },
        {
            {-24001791, 7690286, 14929416, -168257, -32210835, -13412986,
             24162697, -15326504, -3141501, 11179385},
            {18289522, -14724954, 8056945, 16430056, -21729724, 7842514,
             -6001441, -1486897, -18684645, -11443503},
            {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959,
             13403813, 11052904, 5219329},
        },
    },
    {
        {
            {20678546, -8375738, -32671898, 8849123, -5009758, 14574752,
             31186971, -3973730, 9014762, -8579056},
            {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600,
             -33102500, 9160280, 8473550, -3256838},
            {24900749, 14435722, 17209120, -15292541, -22592275, 9878983,
             -7689309, -16335821, -24568481, 11788948},
        },
        {
            {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904,
             -20037437, 10410733, -24568470, -1458691},
            {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911,
             11871841, -12505194, -18513325, 8464118},
            {-23400612, 8348507, -14585951, -861714, -3950205, -6373419,
             14325289, 8628612, 33313881, -8370517},
        },
        {
            {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838,
             -24805667, -10236854, -8940735, -5818269},
            {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245,
             15989197, -12838188, 28358192, -4253904},
            {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267,
             -16637684, 4072016, -5351664, 5596589},
        },
        {
            {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565,
             29266239, 2557221, 1768301, 15373193},
            {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902,
             -4504991, -24660491, 3442910},
            {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093,
             22597931, 7176455, -18585478, 13365930},
        },
        {
            {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107,
             -8570186, -9689599, -3031667},
            {25008904, -10771599, -4305031, -9638010, 16265036, 15721635,
             683793, -11823784, 15723479, -15163481},
            {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514,
             11879682, 5400171, 519526, -1235876},
        },
        {
            {22258397, -16332233, -7869817, 14613016, -22520255, -2950923,
             -20353881, 7315967, 16648397, 7605640},
            {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212,
             23994942, -5281555, -9468848, 4763278},
            {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390,
             31088447, -7764523, -11356529, 728112},
        },
        {
            {26047220, -11751471, -6900323, -16521798, 24092068, 9158119,
             -4273545, -12555558, -29365436, -5498272},
            {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007,
             12327945, 10750447, 10014012},
            {-10312768, 3936952, 9156313, -8897683, 16498692, -994647,
             -27481051, -666732, 3424691, 7540221},
        },
        {
            {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422,
             -16317219, -9244265, 15258046},
            {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406,
             2711395, 1062915, -5136345},
            {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411,
             -6066489, 12194497, 32960380, 1459310},
        },
    },
    {
        {
            {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197,
             -6101885, 18638003, -11174937},
            {31395534, 15098109, 26581030, 8030562, -16527914, -5007134,
             9012486, -7584354, -6643087, -5442636},
            {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222,
             9677543, -32294889, -6456008},
        },
        {
            {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579,
             -7839692, -7852844, -8138429},
            {-15236356, -15433509, 7766470, 746860, 26346930, -10221762,
             -27333451, 10754588, -9431476, 5203576},
            {31834314, 14135496, -770007, 5159118, 20917671, -16768096,
             -7467973, -7337524, 31809243, 7347066},
        },
        {
            {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881,
             19797970, -12211255, 15192876, -2087490},
            {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091,
             10609330, 12694420, 33473243, -13382104},
            {33184999, 11180355, 15832085, -11385430, -1633671, 225884,
             15089336, -11023903, -6135662, 14480053},
        },
        {
            {31308717, -5619998, 31030840, -1897099, 15674547, -6582883,
             5496208, 13685227, 27595050, 8737275},
            {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022,
             -31008351, -12610604, 26498114, 66511},
            {22644454, -8761729, -16671776, 4884562, -3105614, -13559366,
             30540766, -4286747, -13327787, -7515095},
        },
        {
            {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506,
             8205540, 13585437, -17127465, 15115439},
            {23711543, -672915, 31206561, -8362711, 6164647, -9709987,
             -33535882, -1426096, 8236921, 16492939},
            {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270,
             19574902, 10071562, 6708380, -6222424},
        },
        {
            {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017,
             9328700, 29955601, -11678310},
            {3096359, 9271816, -21620864, -15521844, -14847996, -7592937,
             -25892142, -12635595, -9917575, 6216608},
            {-32615849, 338663, -25195611, 2510422, -29213566, -13820213,
             24822830, -6146567, -26767480, 7525079},
        },
        {
            {-23066649, -13985623, 16133487, -7896178, -3389565, 778788,
             -910336, -2782495, -19386633, 11994101},
            {21691500, -13624626, -641331, -14367021, 3285881, -3483596,
             -25064666, 9718258, -7477437, 13381418},
            {18445390, -4202236, 14979846, 11622458, -1727110, -3582980,
             23111648, -6375247, 28535282, 15779576},
        },
        {
            {30098053, 3089662, -9234387, 16662135, -21306940, 11308411,
             -14068454, 12021730, 9955285, -16303356},
            {9734894, -14576830, -7473633, -9138735, 2060392, 11313496,
             -18426029, 9924399, 20194861, 13380996},
            {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792,
             -1984914, 15707771, 26342023, 10146099},
        },
    },
    {
        {
            {-26016874, -219943, 21339191, -41388, 19745256, -2878700,
             -29637280, 2227040, 21612326, -545728},
            {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714,
             25764461, 12243797, -20856566, 11649658},
            {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944,
             6114064, 33514190, 2333242},
        },
        {
            {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134,
             -6679750, -12670638, 24350578, -13450001},
            {-4116307, -11271533, -23886186, 4843615, -30088339, 690623,
             -31536088, -10406836, 8317860, 12352766},
            {18200138, -14475911, -33087759, -2696619, -23702521, -9102511,
             -23552096, -2287550, 20712163, 6719373},
        },
        {
            {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530,
             -3763210, 26224235, -3297458},
            {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420,
             21728352, 9493610, 18620611, -16428628},
            {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965,
             -5269471, -9725556, -30701573, -16479657},
        },
        {
            {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940,
             12248509, -5240639, 13735342, 1934062},
            {25089769, 6742589, 17081145, -13406266, 21909293, -16067981,
             -15136294, -3765346, -21277997, 5473616},
            {31883677, -7961101, 1083432, -11572403, 22828471, 13290673,
             -7125085, 12469656, 29111212, -5451014},
        },
        {
            {24244947, -15050407, -26262976, 2791540, -14997599, 16666678,
             24367466, 6388839, -10295587, 452383},
            {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269,
             -24236251, -5915248, 15766062, 8407814},
            {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495,
             -8917023, -4388953, -8067909, 2276718},
        },
        {
            {30157918, 12924066, -17712050, 9245753, 19895028, 3368142,
             -23827587, 5096219, 22740376, -7303417},
            {2041139, -14256350, 7783687, 13876377, -25946985, -13352459,
             24051124, 13742383, -15637599, 13295222},
            {33338237, -8505733, 12532113, 7977527, 9106186, -1715251,
             -17720195, -4612972, -4451357, -14669444},
        },
        {
            {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651,
             -2469266, -4141880, 7770569, 9620597},
            {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528,
             -1694323, -33502340, -14767970},
            {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801,
             1220118, 30494170, -11440799},
        },
        {
            {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666,
             -26739026, 926050, -1684339, -13333647},
            {13908495, -3549272, 30919928, -6273825, -21521863, 7989039,
             9021034, 9078865, 3353509, 4033511},
            {-29663431, -15113610, 32259991, -344482, 24295849, -12912123,
             23161163, 8839127, 27485041, 7356032},
        },
    },
    {
        {
            {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142,
             2625015, 28431036, -16771834},
            {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183,
             -22545972, 14150565, 15970762, 4099461},
            {29262576, 16756590, 26350592, -8793563, 8529671, -11208050,
             13617293, -9937143, 11465739, 8317062},
        },
        {
            {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222,
             14898637, 3848455, 20969334, -5157516},
            {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114,
             -21610826, -3649888, 11177095, 14989547},
            {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771,
             13515641, 2581286, -28487508, 9930240},
        },
        {
            {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081,
             18345767, -13403753, 16291481, -5314038},
            {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774,
             6957617, 4368891, 9788741},
            {16660756, 7281060, -10830758, 12911820, 20108584, -8101676,
             -21722536, -8613148, 16250552, -11111103},
        },
        {
            {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584,
             10604807, -30190403, 4782747},
            {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590,
             -9981571, 4383045, 22546403, 437323},
            {31665577, -12180464, -16186830, 1491339, -18368625, 3294682,
             27343084, 2786261, -30633590, -14097016},
        },
        {
            {-14467279, -683715, -33374107, 7448552, 19294360, 14334329,
             -19690631, 2355319, -19284671, -6114373},
            {15121312, -15796162, 6377020, -6031361, -10798111, -12957845,
             18952177, 15496498, -29380133, 11754228},
            {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493,
             7141596, 11724556, 22761615, -10134141},
        },
        {
            {16918416, 11729663, -18083579, 3022987, -31015732, -13339659,
             -28741185, -12227393, 32851222, 11717399},
            {11166634, 7338049, -6722523, 4531520, -29468672, -7302055,
             31474879, 3483633, -1193175, -4030831},
            {-185635, 9921305, 31456609, -13536438, -12013818, 13348923,
             33142652, 6546660, -19985279, -3948376},
        },
        {
            {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903,
             -8537131, -12833048, -30772034, -15486313},
            {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425,
             -31135347, -16049879, 10928917, 3011958},
            {-6957757, -15594337, 31696059, 334240, 29576716, 14796075,
             -30831056, -12805180, 18008031, 10258577},
        },
        {
            {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591,
             -1853465, 1367120, 25127874, 6671743},
            {29701166, -14373934, -10878120, 9279288, -17568, 13127210,
             21382910, 11042292, 25838796, 4642684},
            {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470,
             30468147, -13900640, 18423289, 4177476},
        },
    },
};

static uint8_t negative(signed char b) {
  uint32_t x = b;
  x >>= 31; /* 1: yes; 0: no */
  return x;
}

static void table_select(ge_precomp *t, int pos, signed char b) {
  ge_precomp minust;
  uint8_t bnegative = negative(b);
  uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);

  ge_precomp_0(t);
  cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
  cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
  cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
  cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
  cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
  cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
  cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
  cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
  fe_copy(minust.yplusx, t->yminusx);
  fe_copy(minust.yminusx, t->yplusx);
  fe_neg(minust.xy2d, t->xy2d);
  cmov(t, &minust, bnegative);
}

/* h = a * B
 * where a = a[0]+256*a[1]+...+256^31 a[31]
 * B is the Ed25519 base point (x,4/5) with x positive.
 *
 * Preconditions:
 *   a[31] <= 127 */
void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
  signed char e[64];
  signed char carry;
  ge_p1p1 r;
  ge_p2 s;
  ge_precomp t;
  int i;

  for (i = 0; i < 32; ++i) {
    e[2 * i + 0] = (a[i] >> 0) & 15;
    e[2 * i + 1] = (a[i] >> 4) & 15;
  }
  /* each e[i] is between 0 and 15 */
  /* e[63] is between 0 and 7 */

  carry = 0;
  for (i = 0; i < 63; ++i) {
    e[i] += carry;
    carry = e[i] + 8;
    carry >>= 4;
    e[i] -= carry << 4;
  }
  e[63] += carry;
  /* each e[i] is between -8 and 8 */

  ge_p3_0(h);
  for (i = 1; i < 64; i += 2) {
    table_select(&t, i / 2, e[i]);
    ge_madd(&r, h, &t);
    x25519_ge_p1p1_to_p3(h, &r);
  }

  ge_p3_dbl(&r, h);
  x25519_ge_p1p1_to_p2(&s, &r);
  ge_p2_dbl(&r, &s);
  x25519_ge_p1p1_to_p2(&s, &r);
  ge_p2_dbl(&r, &s);
  x25519_ge_p1p1_to_p2(&s, &r);
  ge_p2_dbl(&r, &s);
  x25519_ge_p1p1_to_p3(h, &r);

  for (i = 0; i < 64; i += 2) {
    table_select(&t, i / 2, e[i]);
    ge_madd(&r, h, &t);
    x25519_ge_p1p1_to_p3(h, &r);
  }
}

#endif

static void cmov_cached(ge_cached *t, ge_cached *u, uint8_t b) {
  fe_cmov(t->YplusX, u->YplusX, b);
  fe_cmov(t->YminusX, u->YminusX, b);
  fe_cmov(t->Z, u->Z, b);
  fe_cmov(t->T2d, u->T2d, b);
}

/* r = scalar * A.
 * where a = a[0]+256*a[1]+...+256^31 a[31]. */
void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) {
  ge_p2 Ai_p2[8];
  ge_cached Ai[16];
  ge_p1p1 t;

  ge_cached_0(&Ai[0]);
  x25519_ge_p3_to_cached(&Ai[1], A);
  ge_p3_to_p2(&Ai_p2[1], A);

  unsigned i;
  for (i = 2; i < 16; i += 2) {
    ge_p2_dbl(&t, &Ai_p2[i / 2]);
    ge_p1p1_to_cached(&Ai[i], &t);
    if (i < 8) {
      x25519_ge_p1p1_to_p2(&Ai_p2[i], &t);
    }
    x25519_ge_add(&t, A, &Ai[i]);
    ge_p1p1_to_cached(&Ai[i + 1], &t);
    if (i < 7) {
      x25519_ge_p1p1_to_p2(&Ai_p2[i + 1], &t);
    }
  }

  ge_p2_0(r);
  ge_p3 u;

  for (i = 0; i < 256; i += 4) {
    ge_p2_dbl(&t, r);
    x25519_ge_p1p1_to_p2(r, &t);
    ge_p2_dbl(&t, r);
    x25519_ge_p1p1_to_p2(r, &t);
    ge_p2_dbl(&t, r);
    x25519_ge_p1p1_to_p2(r, &t);
    ge_p2_dbl(&t, r);
    x25519_ge_p1p1_to_p3(&u, &t);

    uint8_t index = scalar[31 - i/8];
    index >>= 4 - (i & 4);
    index &= 0xf;

    unsigned j;
    ge_cached selected;
    ge_cached_0(&selected);
    for (j = 0; j < 16; j++) {
      cmov_cached(&selected, &Ai[j], equal(j, index));
    }

    x25519_ge_add(&t, &u, &selected);
    x25519_ge_p1p1_to_p2(r, &t);
  }
}

#ifdef ED25519
static void slide(signed char *r, const uint8_t *a) {
  int i;
  int b;
  int k;

  for (i = 0; i < 256; ++i) {
    r[i] = 1 & (a[i >> 3] >> (i & 7));
  }

  for (i = 0; i < 256; ++i) {
    if (r[i]) {
      for (b = 1; b <= 6 && i + b < 256; ++b) {
        if (r[i + b]) {
          if (r[i] + (r[i + b] << b) <= 15) {
            r[i] += r[i + b] << b;
            r[i + b] = 0;
          } else if (r[i] - (r[i + b] << b) >= -15) {
            r[i] -= r[i + b] << b;
            for (k = i + b; k < 256; ++k) {
              if (!r[k]) {
                r[k] = 1;
                break;
              }
              r[k] = 0;
            }
          } else {
            break;
          }
        }
      }
    }
  }
}

static const ge_precomp Bi[8] = {
    {
        {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626,
         -11754271, -6079156, 2047605},
        {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
         5043384, 19500929, -15469378},
        {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919,
         11864899, -24514362, -4438546},
    },
    {
        {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600,
         -14772189, 28944400, -1550024},
        {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577,
         -11775962, 7689662, 11199574},
        {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774,
         10017326, -17749093, -9920357},
    },
    {
        {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885,
         14515107, -15438304, 10819380},
        {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
         12483688, -12668491, 5581306},
        {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350,
         13850243, -23678021, -15815942},
    },
    {
        {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
         5230134, -23952439, -15175766},
        {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025,
         16520125, 30598449, 7715701},
        {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660,
         1370708, 29794553, -1409300},
    },
    {
        {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211,
         -1361450, -13062696, 13821877},
        {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028,
         -7212327, 18853322, -14220951},
        {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358,
         -10431137, 2207753, -3209784},
    },
    {
        {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364,
         -663000, -31111463, -16132436},
        {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789,
         15725684, 171356, 6466918},
        {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339,
         -14088058, -30714912, 16193877},
    },
    {
        {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398,
         4729455, -18074513, 9256800},
        {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405,
         9761698, -19827198, 630305},
        {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551,
         -15960994, -2449256, -14291300},
    },
    {
        {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575,
         15033784, 25105118, -7894876},
        {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925,
         1573892, -2625887, 2198790, -15804619},
        {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022,
         -16236442, -32461234, -12290683},
    },
};

/* r = a * A + b * B
 * where a = a[0]+256*a[1]+...+256^31 a[31].
 * and b = b[0]+256*b[1]+...+256^31 b[31].
 * B is the Ed25519 base point (x,4/5) with x positive. */
static void
ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
    const ge_p3 *A, const uint8_t *b) {
  signed char aslide[256];
  signed char bslide[256];
  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
  ge_p1p1 t;
  ge_p3 u;
  ge_p3 A2;
  int i;

  slide(aslide, a);
  slide(bslide, b);

  x25519_ge_p3_to_cached(&Ai[0], A);
  ge_p3_dbl(&t, A);
  x25519_ge_p1p1_to_p3(&A2, &t);
  x25519_ge_add(&t, &A2, &Ai[0]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[1], &u);
  x25519_ge_add(&t, &A2, &Ai[1]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[2], &u);
  x25519_ge_add(&t, &A2, &Ai[2]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[3], &u);
  x25519_ge_add(&t, &A2, &Ai[3]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[4], &u);
  x25519_ge_add(&t, &A2, &Ai[4]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[5], &u);
  x25519_ge_add(&t, &A2, &Ai[5]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[6], &u);
  x25519_ge_add(&t, &A2, &Ai[6]);
  x25519_ge_p1p1_to_p3(&u, &t);
  x25519_ge_p3_to_cached(&Ai[7], &u);

  ge_p2_0(r);

  for (i = 255; i >= 0; --i) {
    if (aslide[i] || bslide[i]) {
      break;
    }
  }

  for (; i >= 0; --i) {
    ge_p2_dbl(&t, r);

    if (aslide[i] > 0) {
      x25519_ge_p1p1_to_p3(&u, &t);
      x25519_ge_add(&t, &u, &Ai[aslide[i] / 2]);
    } else if (aslide[i] < 0) {
      x25519_ge_p1p1_to_p3(&u, &t);
      x25519_ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
    }

    if (bslide[i] > 0) {
      x25519_ge_p1p1_to_p3(&u, &t);
      ge_madd(&t, &u, &Bi[bslide[i] / 2]);
    } else if (bslide[i] < 0) {
      x25519_ge_p1p1_to_p3(&u, &t);
      ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
    }

    x25519_ge_p1p1_to_p2(r, &t);
  }
}
#endif

/* The set of scalars is \Z/l
 * where l = 2^252 + 27742317777372353535851937790883648493. */

/* Input:
 *   s[0]+256*s[1]+...+256^63*s[63] = s
 *
 * Output:
 *   s[0]+256*s[1]+...+256^31*s[31] = s mod l
 *   where l = 2^252 + 27742317777372353535851937790883648493.
 *   Overwrites s in place. */
void
x25519_sc_reduce(uint8_t *s) {
  int64_t s0 = 2097151 & load_3(s);
  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
  int64_t s8 = 2097151 & load_3(s + 21);
  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
  int64_t s16 = 2097151 & load_3(s + 42);
  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
  int64_t s23 = (load_4(s + 60) >> 3);
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;
  int64_t carry10;
  int64_t carry11;
  int64_t carry12;
  int64_t carry13;
  int64_t carry14;
  int64_t carry15;
  int64_t carry16;

  s11 += s23 * 666643;
  s12 += s23 * 470296;
  s13 += s23 * 654183;
  s14 -= s23 * 997805;
  s15 += s23 * 136657;
  s16 -= s23 * 683901;
  s23 = 0;

  s10 += s22 * 666643;
  s11 += s22 * 470296;
  s12 += s22 * 654183;
  s13 -= s22 * 997805;
  s14 += s22 * 136657;
  s15 -= s22 * 683901;
  s22 = 0;

  s9 += s21 * 666643;
  s10 += s21 * 470296;
  s11 += s21 * 654183;
  s12 -= s21 * 997805;
  s13 += s21 * 136657;
  s14 -= s21 * 683901;
  s21 = 0;

  s8 += s20 * 666643;
  s9 += s20 * 470296;
  s10 += s20 * 654183;
  s11 -= s20 * 997805;
  s12 += s20 * 136657;
  s13 -= s20 * 683901;
  s20 = 0;

  s7 += s19 * 666643;
  s8 += s19 * 470296;
  s9 += s19 * 654183;
  s10 -= s19 * 997805;
  s11 += s19 * 136657;
  s12 -= s19 * 683901;
  s19 = 0;

  s6 += s18 * 666643;
  s7 += s18 * 470296;
  s8 += s18 * 654183;
  s9 -= s18 * 997805;
  s10 += s18 * 136657;
  s11 -= s18 * 683901;
  s18 = 0;

  carry6 = (s6 + (1 << 20)) >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry8 = (s8 + (1 << 20)) >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry10 = (s10 + (1 << 20)) >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;
  carry12 = (s12 + (1 << 20)) >> 21;
  s13 += carry12;
  s12 -= carry12 << 21;
  carry14 = (s14 + (1 << 20)) >> 21;
  s15 += carry14;
  s14 -= carry14 << 21;
  carry16 = (s16 + (1 << 20)) >> 21;
  s17 += carry16;
  s16 -= carry16 << 21;

  carry7 = (s7 + (1 << 20)) >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry9 = (s9 + (1 << 20)) >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry11 = (s11 + (1 << 20)) >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;
  carry13 = (s13 + (1 << 20)) >> 21;
  s14 += carry13;
  s13 -= carry13 << 21;
  carry15 = (s15 + (1 << 20)) >> 21;
  s16 += carry15;
  s15 -= carry15 << 21;

  s5 += s17 * 666643;
  s6 += s17 * 470296;
  s7 += s17 * 654183;
  s8 -= s17 * 997805;
  s9 += s17 * 136657;
  s10 -= s17 * 683901;
  s17 = 0;

  s4 += s16 * 666643;
  s5 += s16 * 470296;
  s6 += s16 * 654183;
  s7 -= s16 * 997805;
  s8 += s16 * 136657;
  s9 -= s16 * 683901;
  s16 = 0;

  s3 += s15 * 666643;
  s4 += s15 * 470296;
  s5 += s15 * 654183;
  s6 -= s15 * 997805;
  s7 += s15 * 136657;
  s8 -= s15 * 683901;
  s15 = 0;

  s2 += s14 * 666643;
  s3 += s14 * 470296;
  s4 += s14 * 654183;
  s5 -= s14 * 997805;
  s6 += s14 * 136657;
  s7 -= s14 * 683901;
  s14 = 0;

  s1 += s13 * 666643;
  s2 += s13 * 470296;
  s3 += s13 * 654183;
  s4 -= s13 * 997805;
  s5 += s13 * 136657;
  s6 -= s13 * 683901;
  s13 = 0;

  s0 += s12 * 666643;
  s1 += s12 * 470296;
  s2 += s12 * 654183;
  s3 -= s12 * 997805;
  s4 += s12 * 136657;
  s5 -= s12 * 683901;
  s12 = 0;

  carry0 = (s0 + (1 << 20)) >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry2 = (s2 + (1 << 20)) >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry4 = (s4 + (1 << 20)) >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry6 = (s6 + (1 << 20)) >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry8 = (s8 + (1 << 20)) >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry10 = (s10 + (1 << 20)) >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;

  carry1 = (s1 + (1 << 20)) >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry3 = (s3 + (1 << 20)) >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry5 = (s5 + (1 << 20)) >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry7 = (s7 + (1 << 20)) >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry9 = (s9 + (1 << 20)) >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry11 = (s11 + (1 << 20)) >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;

  s0 += s12 * 666643;
  s1 += s12 * 470296;
  s2 += s12 * 654183;
  s3 -= s12 * 997805;
  s4 += s12 * 136657;
  s5 -= s12 * 683901;
  s12 = 0;

  carry0 = s0 >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry1 = s1 >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry2 = s2 >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry3 = s3 >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry4 = s4 >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry5 = s5 >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry6 = s6 >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry7 = s7 >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry8 = s8 >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry9 = s9 >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry10 = s10 >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;
  carry11 = s11 >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;

  s0 += s12 * 666643;
  s1 += s12 * 470296;
  s2 += s12 * 654183;
  s3 -= s12 * 997805;
  s4 += s12 * 136657;
  s5 -= s12 * 683901;
  s12 = 0;

  carry0 = s0 >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry1 = s1 >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry2 = s2 >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry3 = s3 >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry4 = s4 >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry5 = s5 >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry6 = s6 >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry7 = s7 >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry8 = s8 >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry9 = s9 >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry10 = s10 >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;

  s[0] = s0 >> 0;
  s[1] = s0 >> 8;
  s[2] = (s0 >> 16) | (s1 << 5);
  s[3] = s1 >> 3;
  s[4] = s1 >> 11;
  s[5] = (s1 >> 19) | (s2 << 2);
  s[6] = s2 >> 6;
  s[7] = (s2 >> 14) | (s3 << 7);
  s[8] = s3 >> 1;
  s[9] = s3 >> 9;
  s[10] = (s3 >> 17) | (s4 << 4);
  s[11] = s4 >> 4;
  s[12] = s4 >> 12;
  s[13] = (s4 >> 20) | (s5 << 1);
  s[14] = s5 >> 7;
  s[15] = (s5 >> 15) | (s6 << 6);
  s[16] = s6 >> 2;
  s[17] = s6 >> 10;
  s[18] = (s6 >> 18) | (s7 << 3);
  s[19] = s7 >> 5;
  s[20] = s7 >> 13;
  s[21] = s8 >> 0;
  s[22] = s8 >> 8;
  s[23] = (s8 >> 16) | (s9 << 5);
  s[24] = s9 >> 3;
  s[25] = s9 >> 11;
  s[26] = (s9 >> 19) | (s10 << 2);
  s[27] = s10 >> 6;
  s[28] = (s10 >> 14) | (s11 << 7);
  s[29] = s11 >> 1;
  s[30] = s11 >> 9;
  s[31] = s11 >> 17;
}

#ifdef ED25519
/* Input:
 *   a[0]+256*a[1]+...+256^31*a[31] = a
 *   b[0]+256*b[1]+...+256^31*b[31] = b
 *   c[0]+256*c[1]+...+256^31*c[31] = c
 *
 * Output:
 *   s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
 *   where l = 2^252 + 27742317777372353535851937790883648493. */
static void
sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
    const uint8_t *c)
{
  int64_t a0 = 2097151 & load_3(a);
  int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
  int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
  int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
  int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
  int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
  int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
  int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
  int64_t a8 = 2097151 & load_3(a + 21);
  int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
  int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
  int64_t a11 = (load_4(a + 28) >> 7);
  int64_t b0 = 2097151 & load_3(b);
  int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
  int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
  int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
  int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
  int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
  int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
  int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
  int64_t b8 = 2097151 & load_3(b + 21);
  int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
  int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
  int64_t b11 = (load_4(b + 28) >> 7);
  int64_t c0 = 2097151 & load_3(c);
  int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
  int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
  int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
  int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
  int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
  int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
  int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
  int64_t c8 = 2097151 & load_3(c + 21);
  int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
  int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
  int64_t c11 = (load_4(c + 28) >> 7);
  int64_t s0;
  int64_t s1;
  int64_t s2;
  int64_t s3;
  int64_t s4;
  int64_t s5;
  int64_t s6;
  int64_t s7;
  int64_t s8;
  int64_t s9;
  int64_t s10;
  int64_t s11;
  int64_t s12;
  int64_t s13;
  int64_t s14;
  int64_t s15;
  int64_t s16;
  int64_t s17;
  int64_t s18;
  int64_t s19;
  int64_t s20;
  int64_t s21;
  int64_t s22;
  int64_t s23;
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;
  int64_t carry10;
  int64_t carry11;
  int64_t carry12;
  int64_t carry13;
  int64_t carry14;
  int64_t carry15;
  int64_t carry16;
  int64_t carry17;
  int64_t carry18;
  int64_t carry19;
  int64_t carry20;
  int64_t carry21;
  int64_t carry22;

  s0 = c0 + a0 * b0;
  s1 = c1 + a0 * b1 + a1 * b0;
  s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
  s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
  s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
  s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
  s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
  s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
       a6 * b1 + a7 * b0;
  s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
       a6 * b2 + a7 * b1 + a8 * b0;
  s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
       a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
  s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
        a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
  s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
        a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
  s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 +
        a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
  s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 +
        a9 * b4 + a10 * b3 + a11 * b2;
  s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 +
        a10 * b4 + a11 * b3;
  s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 +
        a11 * b4;
  s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
  s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
  s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
  s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
  s20 = a9 * b11 + a10 * b10 + a11 * b9;
  s21 = a10 * b11 + a11 * b10;
  s22 = a11 * b11;
  s23 = 0;

  carry0 = (s0 + (1 << 20)) >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry2 = (s2 + (1 << 20)) >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry4 = (s4 + (1 << 20)) >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry6 = (s6 + (1 << 20)) >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry8 = (s8 + (1 << 20)) >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry10 = (s10 + (1 << 20)) >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;
  carry12 = (s12 + (1 << 20)) >> 21;
  s13 += carry12;
  s12 -= carry12 << 21;
  carry14 = (s14 + (1 << 20)) >> 21;
  s15 += carry14;
  s14 -= carry14 << 21;
  carry16 = (s16 + (1 << 20)) >> 21;
  s17 += carry16;
  s16 -= carry16 << 21;
  carry18 = (s18 + (1 << 20)) >> 21;
  s19 += carry18;
  s18 -= carry18 << 21;
  carry20 = (s20 + (1 << 20)) >> 21;
  s21 += carry20;
  s20 -= carry20 << 21;
  carry22 = (s22 + (1 << 20)) >> 21;
  s23 += carry22;
  s22 -= carry22 << 21;

  carry1 = (s1 + (1 << 20)) >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry3 = (s3 + (1 << 20)) >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry5 = (s5 + (1 << 20)) >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry7 = (s7 + (1 << 20)) >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry9 = (s9 + (1 << 20)) >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry11 = (s11 + (1 << 20)) >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;
  carry13 = (s13 + (1 << 20)) >> 21;
  s14 += carry13;
  s13 -= carry13 << 21;
  carry15 = (s15 + (1 << 20)) >> 21;
  s16 += carry15;
  s15 -= carry15 << 21;
  carry17 = (s17 + (1 << 20)) >> 21;
  s18 += carry17;
  s17 -= carry17 << 21;
  carry19 = (s19 + (1 << 20)) >> 21;
  s20 += carry19;
  s19 -= carry19 << 21;
  carry21 = (s21 + (1 << 20)) >> 21;
  s22 += carry21;
  s21 -= carry21 << 21;

  s11 += s23 * 666643;
  s12 += s23 * 470296;
  s13 += s23 * 654183;
  s14 -= s23 * 997805;
  s15 += s23 * 136657;
  s16 -= s23 * 683901;
  s23 = 0;

  s10 += s22 * 666643;
  s11 += s22 * 470296;
  s12 += s22 * 654183;
  s13 -= s22 * 997805;
  s14 += s22 * 136657;
  s15 -= s22 * 683901;
  s22 = 0;

  s9 += s21 * 666643;
  s10 += s21 * 470296;
  s11 += s21 * 654183;
  s12 -= s21 * 997805;
  s13 += s21 * 136657;
  s14 -= s21 * 683901;
  s21 = 0;

  s8 += s20 * 666643;
  s9 += s20 * 470296;
  s10 += s20 * 654183;
  s11 -= s20 * 997805;
  s12 += s20 * 136657;
  s13 -= s20 * 683901;
  s20 = 0;

  s7 += s19 * 666643;
  s8 += s19 * 470296;
  s9 += s19 * 654183;
  s10 -= s19 * 997805;
  s11 += s19 * 136657;
  s12 -= s19 * 683901;
  s19 = 0;

  s6 += s18 * 666643;
  s7 += s18 * 470296;
  s8 += s18 * 654183;
  s9 -= s18 * 997805;
  s10 += s18 * 136657;
  s11 -= s18 * 683901;
  s18 = 0;

  carry6 = (s6 + (1 << 20)) >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry8 = (s8 + (1 << 20)) >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry10 = (s10 + (1 << 20)) >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;
  carry12 = (s12 + (1 << 20)) >> 21;
  s13 += carry12;
  s12 -= carry12 << 21;
  carry14 = (s14 + (1 << 20)) >> 21;
  s15 += carry14;
  s14 -= carry14 << 21;
  carry16 = (s16 + (1 << 20)) >> 21;
  s17 += carry16;
  s16 -= carry16 << 21;

  carry7 = (s7 + (1 << 20)) >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry9 = (s9 + (1 << 20)) >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry11 = (s11 + (1 << 20)) >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;
  carry13 = (s13 + (1 << 20)) >> 21;
  s14 += carry13;
  s13 -= carry13 << 21;
  carry15 = (s15 + (1 << 20)) >> 21;
  s16 += carry15;
  s15 -= carry15 << 21;

  s5 += s17 * 666643;
  s6 += s17 * 470296;
  s7 += s17 * 654183;
  s8 -= s17 * 997805;
  s9 += s17 * 136657;
  s10 -= s17 * 683901;
  s17 = 0;

  s4 += s16 * 666643;
  s5 += s16 * 470296;
  s6 += s16 * 654183;
  s7 -= s16 * 997805;
  s8 += s16 * 136657;
  s9 -= s16 * 683901;
  s16 = 0;

  s3 += s15 * 666643;
  s4 += s15 * 470296;
  s5 += s15 * 654183;
  s6 -= s15 * 997805;
  s7 += s15 * 136657;
  s8 -= s15 * 683901;
  s15 = 0;

  s2 += s14 * 666643;
  s3 += s14 * 470296;
  s4 += s14 * 654183;
  s5 -= s14 * 997805;
  s6 += s14 * 136657;
  s7 -= s14 * 683901;
  s14 = 0;

  s1 += s13 * 666643;
  s2 += s13 * 470296;
  s3 += s13 * 654183;
  s4 -= s13 * 997805;
  s5 += s13 * 136657;
  s6 -= s13 * 683901;
  s13 = 0;

  s0 += s12 * 666643;
  s1 += s12 * 470296;
  s2 += s12 * 654183;
  s3 -= s12 * 997805;
  s4 += s12 * 136657;
  s5 -= s12 * 683901;
  s12 = 0;

  carry0 = (s0 + (1 << 20)) >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry2 = (s2 + (1 << 20)) >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry4 = (s4 + (1 << 20)) >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry6 = (s6 + (1 << 20)) >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry8 = (s8 + (1 << 20)) >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry10 = (s10 + (1 << 20)) >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;

  carry1 = (s1 + (1 << 20)) >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry3 = (s3 + (1 << 20)) >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry5 = (s5 + (1 << 20)) >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry7 = (s7 + (1 << 20)) >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry9 = (s9 + (1 << 20)) >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry11 = (s11 + (1 << 20)) >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;

  s0 += s12 * 666643;
  s1 += s12 * 470296;
  s2 += s12 * 654183;
  s3 -= s12 * 997805;
  s4 += s12 * 136657;
  s5 -= s12 * 683901;
  s12 = 0;

  carry0 = s0 >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry1 = s1 >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry2 = s2 >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry3 = s3 >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry4 = s4 >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry5 = s5 >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry6 = s6 >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry7 = s7 >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry8 = s8 >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry9 = s9 >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry10 = s10 >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;
  carry11 = s11 >> 21;
  s12 += carry11;
  s11 -= carry11 << 21;

  s0 += s12 * 666643;
  s1 += s12 * 470296;
  s2 += s12 * 654183;
  s3 -= s12 * 997805;
  s4 += s12 * 136657;
  s5 -= s12 * 683901;
  s12 = 0;

  carry0 = s0 >> 21;
  s1 += carry0;
  s0 -= carry0 << 21;
  carry1 = s1 >> 21;
  s2 += carry1;
  s1 -= carry1 << 21;
  carry2 = s2 >> 21;
  s3 += carry2;
  s2 -= carry2 << 21;
  carry3 = s3 >> 21;
  s4 += carry3;
  s3 -= carry3 << 21;
  carry4 = s4 >> 21;
  s5 += carry4;
  s4 -= carry4 << 21;
  carry5 = s5 >> 21;
  s6 += carry5;
  s5 -= carry5 << 21;
  carry6 = s6 >> 21;
  s7 += carry6;
  s6 -= carry6 << 21;
  carry7 = s7 >> 21;
  s8 += carry7;
  s7 -= carry7 << 21;
  carry8 = s8 >> 21;
  s9 += carry8;
  s8 -= carry8 << 21;
  carry9 = s9 >> 21;
  s10 += carry9;
  s9 -= carry9 << 21;
  carry10 = s10 >> 21;
  s11 += carry10;
  s10 -= carry10 << 21;

  s[0] = s0 >> 0;
  s[1] = s0 >> 8;
  s[2] = (s0 >> 16) | (s1 << 5);
  s[3] = s1 >> 3;
  s[4] = s1 >> 11;
  s[5] = (s1 >> 19) | (s2 << 2);
  s[6] = s2 >> 6;
  s[7] = (s2 >> 14) | (s3 << 7);
  s[8] = s3 >> 1;
  s[9] = s3 >> 9;
  s[10] = (s3 >> 17) | (s4 << 4);
  s[11] = s4 >> 4;
  s[12] = s4 >> 12;
  s[13] = (s4 >> 20) | (s5 << 1);
  s[14] = s5 >> 7;
  s[15] = (s5 >> 15) | (s6 << 6);
  s[16] = s6 >> 2;
  s[17] = s6 >> 10;
  s[18] = (s6 >> 18) | (s7 << 3);
  s[19] = s7 >> 5;
  s[20] = s7 >> 13;
  s[21] = s8 >> 0;
  s[22] = s8 >> 8;
  s[23] = (s8 >> 16) | (s9 << 5);
  s[24] = s9 >> 3;
  s[25] = s9 >> 11;
  s[26] = (s9 >> 19) | (s10 << 2);
  s[27] = s10 >> 6;
  s[28] = (s10 >> 14) | (s11 << 7);
  s[29] = s11 >> 1;
  s[30] = s11 >> 9;
  s[31] = s11 >> 17;
}
#endif

#ifdef ED25519
void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]) {
  uint8_t seed[32];
  arc4random_buf(seed, 32);

  uint8_t az[SHA512_DIGEST_LENGTH];
  SHA512(seed, 32, az);

  az[0] &= 248;
  az[31] &= 63;
  az[31] |= 64;

  ge_p3 A;
  x25519_ge_scalarmult_base(&A, az);
  ge_p3_tobytes(out_public_key, &A);

  memcpy(out_private_key, seed, 32);
  memmove(out_private_key + 32, out_public_key, 32);
}

int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
                 const uint8_t private_key[64]) {
  uint8_t az[SHA512_DIGEST_LENGTH];
  SHA512(private_key, 32, az);

  az[0] &= 248;
  az[31] &= 63;
  az[31] |= 64;

  SHA512_CTX hash_ctx;
  SHA512_Init(&hash_ctx);
  SHA512_Update(&hash_ctx, az + 32, 32);
  SHA512_Update(&hash_ctx, message, message_len);
  uint8_t nonce[SHA512_DIGEST_LENGTH];
  SHA512_Final(nonce, &hash_ctx);

  x25519_sc_reduce(nonce);
  ge_p3 R;
  x25519_ge_scalarmult_base(&R, nonce);
  ge_p3_tobytes(out_sig, &R);

  SHA512_Init(&hash_ctx);
  SHA512_Update(&hash_ctx, out_sig, 32);
  SHA512_Update(&hash_ctx, private_key + 32, 32);
  SHA512_Update(&hash_ctx, message, message_len);
  uint8_t hram[SHA512_DIGEST_LENGTH];
  SHA512_Final(hram, &hash_ctx);

  x25519_sc_reduce(hram);
  sc_muladd(out_sig + 32, hram, az, nonce);

  return 1;
}

int ED25519_verify(const uint8_t *message, size_t message_len,
                   const uint8_t signature[64], const uint8_t public_key[32]) {
  ge_p3 A;
  if ((signature[63] & 224) != 0 ||
      x25519_ge_frombytes_vartime(&A, public_key) != 0) {
    return 0;
  }

  fe_neg(A.X, A.X);
  fe_neg(A.T, A.T);

  uint8_t pkcopy[32];
  memcpy(pkcopy, public_key, 32);
  uint8_t rcopy[32];
  memcpy(rcopy, signature, 32);
  uint8_t scopy[32];
  memcpy(scopy, signature + 32, 32);

  SHA512_CTX hash_ctx;
  SHA512_Init(&hash_ctx);
  SHA512_Update(&hash_ctx, signature, 32);
  SHA512_Update(&hash_ctx, public_key, 32);
  SHA512_Update(&hash_ctx, message, message_len);
  uint8_t h[SHA512_DIGEST_LENGTH];
  SHA512_Final(h, &hash_ctx);

  x25519_sc_reduce(h);

  ge_p2 R;
  ge_double_scalarmult_vartime(&R, h, &A, scopy);

  uint8_t rcheck[32];
  x25519_ge_tobytes(rcheck, &R);

  return timingsafe_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0;
}
#endif

/* Replace (f,g) with (g,f) if b == 1;
 * replace (f,g) with (f,g) if b == 0.
 *
 * Preconditions: b in {0,1}. */
static void fe_cswap(fe f, fe g, unsigned int b) {
  b = 0-b;
  unsigned i;
  for (i = 0; i < 10; i++) {
    int32_t x = f[i] ^ g[i];
    x &= b;
    f[i] ^= x;
    g[i] ^= x;
  }
}

/* h = f * 121666
 * Can overlap h with f.
 *
 * Preconditions:
 *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 *
 * Postconditions:
 *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
static void fe_mul121666(fe h, fe f) {
  int32_t f0 = f[0];
  int32_t f1 = f[1];
  int32_t f2 = f[2];
  int32_t f3 = f[3];
  int32_t f4 = f[4];
  int32_t f5 = f[5];
  int32_t f6 = f[6];
  int32_t f7 = f[7];
  int32_t f8 = f[8];
  int32_t f9 = f[9];
  int64_t h0 = f0 * (int64_t) 121666;
  int64_t h1 = f1 * (int64_t) 121666;
  int64_t h2 = f2 * (int64_t) 121666;
  int64_t h3 = f3 * (int64_t) 121666;
  int64_t h4 = f4 * (int64_t) 121666;
  int64_t h5 = f5 * (int64_t) 121666;
  int64_t h6 = f6 * (int64_t) 121666;
  int64_t h7 = f7 * (int64_t) 121666;
  int64_t h8 = f8 * (int64_t) 121666;
  int64_t h9 = f9 * (int64_t) 121666;
  int64_t carry0;
  int64_t carry1;
  int64_t carry2;
  int64_t carry3;
  int64_t carry4;
  int64_t carry5;
  int64_t carry6;
  int64_t carry7;
  int64_t carry8;
  int64_t carry9;

  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;

  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;

  h[0] = h0;
  h[1] = h1;
  h[2] = h2;
  h[3] = h3;
  h[4] = h4;
  h[5] = h5;
  h[6] = h6;
  h[7] = h7;
  h[8] = h8;
  h[9] = h9;
}

void
x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32],
    const uint8_t point[32]) {
  fe x1, x2, z2, x3, z3, tmp0, tmp1;

  uint8_t e[32];
  memcpy(e, scalar, 32);
  e[0] &= 248;
  e[31] &= 127;
  e[31] |= 64;
  fe_frombytes(x1, point);
  fe_1(x2);
  fe_0(z2);
  fe_copy(x3, x1);
  fe_1(z3);

  unsigned swap = 0;
  int pos;
  for (pos = 254; pos >= 0; --pos) {
    unsigned b = 1 & (e[pos / 8] >> (pos & 7));
    swap ^= b;
    fe_cswap(x2, x3, swap);
    fe_cswap(z2, z3, swap);
    swap = b;
    fe_sub(tmp0, x3, z3);
    fe_sub(tmp1, x2, z2);
    fe_add(x2, x2, z2);
    fe_add(z2, x3, z3);
    fe_mul(z3, tmp0, x2);
    fe_mul(z2, z2, tmp1);
    fe_sq(tmp0, tmp1);
    fe_sq(tmp1, x2);
    fe_add(x3, z3, z2);
    fe_sub(z2, z3, z2);
    fe_mul(x2, tmp1, tmp0);
    fe_sub(tmp1, tmp1, tmp0);
    fe_sq(z2, z2);
    fe_mul121666(z3, tmp1);
    fe_sq(x3, x3);
    fe_add(tmp0, tmp0, z3);
    fe_mul(z3, x1, z2);
    fe_mul(z2, tmp1, tmp0);
  }
  fe_cswap(x2, x3, swap);
  fe_cswap(z2, z3, swap);

  fe_invert(z2, z2);
  fe_mul(x2, x2, z2);
  fe_tobytes(out, x2);
}

#ifdef unused
void
x25519_public_from_private_generic(uint8_t out_public_value[32],
    const uint8_t private_key[32])
{
  uint8_t e[32];

  memcpy(e, private_key, 32);
  e[0] &= 248;
  e[31] &= 127;
  e[31] |= 64;

  ge_p3 A;
  x25519_ge_scalarmult_base(&A, e);

  /* We only need the u-coordinate of the curve25519 point. The map is
   * u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). */
  fe zplusy, zminusy, zminusy_inv;
  fe_add(zplusy, A.Z, A.Y);
  fe_sub(zminusy, A.Z, A.Y);
  fe_invert(zminusy_inv, zminusy);
  fe_mul(zplusy, zplusy, zminusy_inv);
  fe_tobytes(out_public_value, zplusy);
}
#endif

void
x25519_public_from_private(uint8_t out_public_value[32],
    const uint8_t private_key[32])
{
  static const uint8_t kMongomeryBasePoint[32] = {9};

  x25519_scalar_mult(out_public_value, private_key, kMongomeryBasePoint);
}

void
X25519_keypair(uint8_t out_public_value[X25519_KEY_LENGTH],
    uint8_t out_private_key[X25519_KEY_LENGTH])
{
  /* All X25519 implementations should decode scalars correctly (see
   * https://tools.ietf.org/html/rfc7748#section-5). However, if an
   * implementation doesn't then it might interoperate with random keys a
   * fraction of the time because they'll, randomly, happen to be correctly
   * formed.
   *
   * Thus we do the opposite of the masking here to make sure that our private
   * keys are never correctly masked and so, hopefully, any incorrect
   * implementations are deterministically broken.
   *
   * This does not affect security because, although we're throwing away
   * entropy, a valid implementation of scalarmult should throw away the exact
   * same bits anyway. */
  arc4random_buf(out_private_key, 32);

  out_private_key[0] |= 7;
  out_private_key[31] &= 63;
  out_private_key[31] |= 128;

  x25519_public_from_private(out_public_value, out_private_key);
}

int
X25519(uint8_t out_shared_key[X25519_KEY_LENGTH],
    const uint8_t private_key[X25519_KEY_LENGTH],
    const uint8_t peer_public_value[X25519_KEY_LENGTH])
{
  static const uint8_t kZeros[32] = {0};

  x25519_scalar_mult(out_shared_key, private_key, peer_public_value);

  /* The all-zero output results when the input is a point of small order. */
  return timingsafe_memcmp(kZeros, out_shared_key, 32) != 0;
}
Added jni/libressl/crypto/curve25519/curve25519_internal.h.




































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
 * Copyright (c) 2015, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef HEADER_CURVE25519_INTERNAL_H
#define HEADER_CURVE25519_INTERNAL_H

#include <stdint.h>

__BEGIN_HIDDEN_DECLS

/* fe means field element. Here the field is \Z/(2^255-19). An element t,
 * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
 * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
 * context.  */
typedef int32_t fe[10];

/* ge means group element.

 * Here the group is the set of pairs (x,y) of field elements (see fe.h)
 * satisfying -x^2 + y^2 = 1 + d x^2y^2
 * where d = -121665/121666.
 *
 * Representations:
 *   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
 *   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
 *   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
 *   ge_precomp (Duif): (y+x,y-x,2dxy) */

typedef struct {
  fe X;
  fe Y;
  fe Z;
} ge_p2;

typedef struct {
  fe X;
  fe Y;
  fe Z;
  fe T;
} ge_p3;

typedef struct {
  fe X;
  fe Y;
  fe Z;
  fe T;
} ge_p1p1;

typedef struct {
  fe yplusx;
  fe yminusx;
  fe xy2d;
} ge_precomp;

typedef struct {
  fe YplusX;
  fe YminusX;
  fe Z;
  fe T2d;
} ge_cached;

void x25519_ge_tobytes(uint8_t *s, const ge_p2 *h);
int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s);
void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p);
void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
void x25519_ge_scalarmult_small_precomp(ge_p3 *h, const uint8_t a[32],
    const uint8_t precomp_table[15 * 2 * 32]);
void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]);
void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A);
void x25519_sc_reduce(uint8_t *s);

void x25519_public_from_private(uint8_t out_public_value[32],
    const uint8_t private_key[32]);

void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
    const uint8_t point[32]);
void x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32],
    const uint8_t point[32]);

__END_HIDDEN_DECLS

#endif  /* HEADER_CURVE25519_INTERNAL_H */
Changes to jni/libressl/crypto/cversion.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cversion.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cversion.c,v 1.15 2014/07/11 11:42:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/des/cbc_cksm.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cbc_cksm.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cbc_cksm.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/cbc_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cbc_enc.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/cfb64ede.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cfb64ede.c,v 1.8 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cfb64ede.c,v 1.9 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/cfb64enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cfb64enc.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cfb64enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/cfb_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cfb_enc.c,v 1.12 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cfb_enc.c,v 1.13 2015/02/10 09:46:30 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/des_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: des_enc.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: des_enc.c,v 1.12 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/des_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: des_locl.h,v 1.17 2014/08/18 19:15:34 bcook Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: des_locl.h,v 1.19 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
65
66
67
68
69
70
71


72
73
74
75
76
77
78
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include <openssl/opensslconf.h>

#include <openssl/des.h>



#define ITERATIONS 16
#define HALF_ITERATIONS 8

/* used in des_read and des_write */
#define MAXWRITE	(1024*16)
#define BSIZE		(MAXWRITE+4)







>
>







65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include <openssl/opensslconf.h>

#include <openssl/des.h>

__BEGIN_HIDDEN_DECLS

#define ITERATIONS 16
#define HALF_ITERATIONS 8

/* used in des_read and des_write */
#define MAXWRITE	(1024*16)
#define BSIZE		(MAXWRITE+4)
385
386
387
388
389
390
391



392

void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
		 DES_LONG Eswap0, DES_LONG Eswap1);

#ifdef OPENSSL_SMALL_FOOTPRINT
#undef DES_UNROLL
#endif



#endif







>
>
>

387
388
389
390
391
392
393
394
395
396
397

void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
		 DES_LONG Eswap0, DES_LONG Eswap1);

#ifdef OPENSSL_SMALL_FOOTPRINT
#undef DES_UNROLL
#endif

__END_HIDDEN_DECLS

#endif
Changes to jni/libressl/crypto/des/ecb3_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecb3_enc.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecb3_enc.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/ecb_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecb_enc.c,v 1.15 2014/07/09 11:10:50 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecb_enc.c,v 1.16 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/ede_cbcm_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ede_cbcm_enc.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
 * project 13 Feb 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ede_cbcm_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
 * project 13 Feb 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/des/enc_read.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: enc_read.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: enc_read.c,v 1.15 2015/02/12 03:54:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/enc_writ.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: enc_writ.c,v 1.13 2014/10/22 13:02:04 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: enc_writ.c,v 1.14 2015/02/12 03:54:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/fcrypt.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
/* $OpenBSD$ */

#include <stdio.h>

/* This version of crypt has been developed from my MIT compatible
 * DES library.
 * Eric Young (eay@cryptsoft.com)
 */

/* Modification by Jens Kupferschmidt (Cu)
 * I have included directive PARA for shared memory computers.
 * I have included a directive LONGCRYPT to using this routine to cipher
 * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
 * definition is the maximum of length of password and can changed. I have
 * defined 24.
 */

#include "des_locl.h"

/* Added more values to handle illegal salt values the way normal
|











|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
/* $OpenBSD: fcrypt.c,v 1.12 2016/12/26 21:30:10 jca Exp $ */

#include <stdio.h>

/* This version of crypt has been developed from my MIT compatible
 * DES library.
 * Eric Young (eay@cryptsoft.com)
 */

/* Modification by Jens Kupferschmidt (Cu)
 * I have included directive PARA for shared memory computers.
 * I have included a directive LONGCRYPT to using this routine to cipher
 * passwords with more than 8 bytes like HP-UX 10.x it used. The MAXPLEN
 * definition is the maximum of length of password and can changed. I have
 * defined 24.
 */

#include "des_locl.h"

/* Added more values to handle illegal salt values the way normal
Changes to jni/libressl/crypto/des/fcrypt_b.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: fcrypt_b.c,v 1.8 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: fcrypt_b.c,v 1.9 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/ncbc_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ncbc_enc.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
/*
 * #included by:
 *    cbc_enc.c  (DES_cbc_encrypt)
 *    des_enc.c  (DES_ncbc_encrypt)
 */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ncbc_enc.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */
/*
 * #included by:
 *    cbc_enc.c  (DES_cbc_encrypt)
 *    des_enc.c  (DES_ncbc_encrypt)
 */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
Changes to jni/libressl/crypto/des/ofb64ede.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ofb64ede.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ofb64ede.c,v 1.6 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/ofb64enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ofb64enc.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ofb64enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/ofb_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ofb_enc.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ofb_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/pcbc_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcbc_enc.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcbc_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/qud_cksm.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: qud_cksm.c,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/rand_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rand_key.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/des/set_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: set_key.c,v 1.18 2014/10/12 20:48:58 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: set_key.c,v 1.20 2017/02/09 03:43:05 dtucker Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
		{
		if ((*key)[i] != odd_parity[(*key)[i]])
			return(0);
		}
	return(1);
	}

/* Weak and semi week keys as take from
 * %A D.W. Davies
 * %A W.L. Price
 * %T Security for Computer Networks
 * %I John Wiley & Sons
 * %D 1984
 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
 * (and actual cblock values).







|







102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
		{
		if ((*key)[i] != odd_parity[(*key)[i]])
			return(0);
		}
	return(1);
	}

/* Weak and semi weak keys as taken from
 * %A D.W. Davies
 * %A W.L. Price
 * %T Security for Computer Networks
 * %I John Wiley & Sons
 * %D 1984
 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
 * (and actual cblock values).
Changes to jni/libressl/crypto/des/spr.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: spr.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
51
52
53
54
55
56
57


58
59
60
61
62
63
64
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */



const DES_LONG DES_SPtrans[8][64]={
{
/* nibble 0 */
0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,







>
>







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

__BEGIN_HIDDEN_DECLS

const DES_LONG DES_SPtrans[8][64]={
{
/* nibble 0 */
0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
198
199
200
201
202
203
204


0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
}};









>
>
200
201
202
203
204
205
206
207
208
0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
}};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/des/str2key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: str2key.c,v 1.9 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: str2key.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/des/xcbc_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: xcbc_enc.c,v 1.8 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: xcbc_enc.c,v 1.9 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/dh/dh_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_ameth.c,v 1.12 2014/07/12 16:03:37 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_ameth.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
	DH *dh = NULL;

	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
		return 0;
	X509_ALGOR_get0(NULL, &ptype, &pval, palg);

	if (ptype != V_ASN1_SEQUENCE) {
		DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
		goto err;
	}

	pstr = pval;	
	pm = pstr->data;
	pmlen = pstr->length;

	if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
		DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
		goto err;
	}

	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
		DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
		goto err;
	}

	/* We have parameters now set public key */
	if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
		DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
		goto err;
	}

	ASN1_INTEGER_free(public_key);
	EVP_PKEY_assign_DH(pkey, dh);
	return 1;








|








|




|





|







85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
	DH *dh = NULL;

	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
		return 0;
	X509_ALGOR_get0(NULL, &ptype, &pval, palg);

	if (ptype != V_ASN1_SEQUENCE) {
		DHerror(DH_R_PARAMETER_ENCODING_ERROR);
		goto err;
	}

	pstr = pval;	
	pm = pstr->data;
	pmlen = pstr->length;

	if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
		DHerror(DH_R_DECODE_ERROR);
		goto err;
	}

	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
		DHerror(DH_R_DECODE_ERROR);
		goto err;
	}

	/* We have parameters now set public key */
	if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
		DHerror(DH_R_BN_DECODE_ERROR);
		goto err;
	}

	ASN1_INTEGER_free(public_key);
	EVP_PKEY_assign_DH(pkey, dh);
	return 1;

134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
	ASN1_STRING *str;
	ASN1_INTEGER *pub_key = NULL;

	dh=pkey->pkey.dh;

	str = ASN1_STRING_new();
	if (str == NULL) {
		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	str->length = i2d_DHparams(dh, &str->data);
	if (str->length <= 0) {
		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ptype = V_ASN1_SEQUENCE;

	pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
	if (!pub_key)
		goto err;

	penclen = i2d_ASN1_INTEGER(pub_key, &penc);

	ASN1_INTEGER_free(pub_key);

	if (penclen <= 0) {
		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
		}

	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
	    (void *)str, penc, penclen))
		return 1;








|





|













|







134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
	ASN1_STRING *str;
	ASN1_INTEGER *pub_key = NULL;

	dh=pkey->pkey.dh;

	str = ASN1_STRING_new();
	if (str == NULL) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	str->length = i2d_DHparams(dh, &str->data);
	if (str->length <= 0) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ptype = V_ASN1_SEQUENCE;

	pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
	if (!pub_key)
		goto err;

	penclen = i2d_ASN1_INTEGER(pub_key, &penc);

	ASN1_INTEGER_free(pub_key);

	if (penclen <= 0) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
		}

	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
	    (void *)str, penc, penclen))
		return 1;

205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
	pstr = pval;	
	pm = pstr->data;
	pmlen = pstr->length;
	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
		goto decerr;
	/* We have parameters now set private key */
	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
		DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
		goto dherr;
	}
	/* Calculate public key */
	if (!DH_generate_key(dh))
		goto dherr;

	EVP_PKEY_assign_DH(pkey, dh);

	ASN1_INTEGER_free(privkey);

	return 1;

decerr:
	DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
dherr:
	DH_free(dh);
	return 0;
}

static int
dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
	ASN1_STRING *params = NULL;
	ASN1_INTEGER *prkey = NULL;
	unsigned char *dp = NULL;
	int dplen;

	params = ASN1_STRING_new();

	if (!params) {
		DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
	if (params->length <= 0) {
		DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;

	/* Get private key into integer */
	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);

	if (!prkey) {
		DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
		goto err;
	}

	dplen = i2d_ASN1_INTEGER(prkey, &dp);

	ASN1_INTEGER_free(prkey);
	prkey = NULL;







|













|
















|





|








|







205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
	pstr = pval;	
	pm = pstr->data;
	pmlen = pstr->length;
	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
		goto decerr;
	/* We have parameters now set private key */
	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
		DHerror(DH_R_BN_ERROR);
		goto dherr;
	}
	/* Calculate public key */
	if (!DH_generate_key(dh))
		goto dherr;

	EVP_PKEY_assign_DH(pkey, dh);

	ASN1_INTEGER_free(privkey);

	return 1;

decerr:
	DHerror(EVP_R_DECODE_ERROR);
dherr:
	DH_free(dh);
	return 0;
}

static int
dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
	ASN1_STRING *params = NULL;
	ASN1_INTEGER *prkey = NULL;
	unsigned char *dp = NULL;
	int dplen;

	params = ASN1_STRING_new();

	if (!params) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
	if (params->length <= 0) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;

	/* Get private key into integer */
	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);

	if (!prkey) {
		DHerror(DH_R_BN_ERROR);
		goto err;
	}

	dplen = i2d_ASN1_INTEGER(prkey, &dp);

	ASN1_INTEGER_free(prkey);
	prkey = NULL;
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

static int
dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DH *dh;

	if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
		DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
		return 0;
	}
	EVP_PKEY_assign_DH(pkey, dh);
	return 1;
}

static int







|







290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

static int
dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DH *dh;

	if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
		DHerror(ERR_R_DH_LIB);
		return 0;
	}
	EVP_PKEY_assign_DH(pkey, dh);
	return 1;
}

static int
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
		    (int)x->length) <= 0)
			goto err;
	}

	ret = 1;
	if (0) {
err:
		DHerr(DH_F_DO_DH_PRINT,reason);
	}
	free(m);
	return(ret);
}

static int
int_dh_size(const EVP_PKEY *pkey)







|







370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
		    (int)x->length) <= 0)
			goto err;
	}

	ret = 1;
	if (0) {
err:
		DHerror(reason);
	}
	free(m);
	return(ret);
}

static int
int_dh_size(const EVP_PKEY *pkey)
Changes to jni/libressl/crypto/dh/dh_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_asn1.c,v 1.7 2015/02/10 05:12:23 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_asn1.c,v 1.10 2016/12/30 15:26:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
131
132
133
134
135
136
137
























138
139
140
141
142
143
}

int
i2d_DHparams(const DH *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DHparams_it);
}

























DH *
DHparams_dup(DH *dh)
{
	return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
}

int
i2d_DHparams(const DH *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DHparams_it);
}

DH *
d2i_DHparams_bio(BIO *bp, DH **a)
{
	return ASN1_item_d2i_bio(&DHparams_it, bp, a);
}

int
i2d_DHparams_bio(BIO *bp, DH *a)
{
	return ASN1_item_i2d_bio(&DHparams_it, bp, a);
}

DH *
d2i_DHparams_fp(FILE *fp, DH **a)
{
	return ASN1_item_d2i_fp(&DHparams_it, fp, a);
}

int
i2d_DHparams_fp(FILE *fp, DH *a)
{
	return ASN1_item_i2d_fp(&DHparams_it, fp, a);
}

DH *
DHparams_dup(DH *dh)
{
	return ASN1_item_dup(&DHparams_it, dh);
}
Changes to jni/libressl/crypto/dh/dh_check.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_check.c,v 1.15 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/dh/dh_depr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_depr.c,v 1.5 2014/07/10 22:45:56 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/dh/dh_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_err.c,v 1.14 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_err.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)

static ERR_STRING_DATA DH_str_functs[]=
	{
{ERR_FUNC(DH_F_COMPUTE_KEY),	"COMPUTE_KEY"},
{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),	"DHparams_print_fp"},
{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
{ERR_FUNC(DH_F_DH_COMPUTE_KEY),	"DH_compute_key"},
{ERR_FUNC(DH_F_DH_GENERATE_KEY),	"DH_generate_key"},
{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX),	"DH_generate_parameters_ex"},
{ERR_FUNC(DH_F_DH_NEW_METHOD),	"DH_new_method"},
{ERR_FUNC(DH_F_DH_PARAM_DECODE),	"DH_PARAM_DECODE"},
{ERR_FUNC(DH_F_DH_PRIV_DECODE),	"DH_PRIV_DECODE"},
{ERR_FUNC(DH_F_DH_PRIV_ENCODE),	"DH_PRIV_ENCODE"},
{ERR_FUNC(DH_F_DH_PUB_DECODE),	"DH_PUB_DECODE"},
{ERR_FUNC(DH_F_DH_PUB_ENCODE),	"DH_PUB_ENCODE"},
{ERR_FUNC(DH_F_DO_DH_PRINT),	"DO_DH_PRINT"},
{ERR_FUNC(DH_F_GENERATE_KEY),	"GENERATE_KEY"},
{ERR_FUNC(DH_F_GENERATE_PARAMETERS),	"GENERATE_PARAMETERS"},
{ERR_FUNC(DH_F_PKEY_DH_DERIVE),	"PKEY_DH_DERIVE"},
{ERR_FUNC(DH_F_PKEY_DH_KEYGEN),	"PKEY_DH_KEYGEN"},
{0,NULL}
	};

static ERR_STRING_DATA DH_str_reasons[]=
	{
{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},







|
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|







67
68
69
70
71
72
73
74

75
















76
77
78
79
80
81
82
83
84

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)

static ERR_STRING_DATA DH_str_functs[]=	{

	{ERR_FUNC(0xfff), "CRYPTO_internal"},
















	{0, NULL}
};

static ERR_STRING_DATA DH_str_reasons[]=
	{
{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
Changes to jni/libressl/crypto/dh/dh_gen.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_gen.c,v 1.14 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	/* Make sure 'ret' has the necessary elements */
	if (!ret->p && ((ret->p = BN_new()) == NULL))
		goto err;
	if (!ret->g && ((ret->g = BN_new()) == NULL))
		goto err;
	
	if (generator <= 1) {
		DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
		goto err;
	}
	if (generator == DH_GENERATOR_2) {
		if (!BN_set_word(t1, 24))
			goto err;
		if (!BN_set_word(t2, 11))
			goto err;







|







123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	/* Make sure 'ret' has the necessary elements */
	if (!ret->p && ((ret->p = BN_new()) == NULL))
		goto err;
	if (!ret->g && ((ret->g = BN_new()) == NULL))
		goto err;
	
	if (generator <= 1) {
		DHerror(DH_R_BAD_GENERATOR);
		goto err;
	}
	if (generator == DH_GENERATOR_2) {
		if (!BN_set_word(t1, 24))
			goto err;
		if (!BN_set_word(t2, 11))
			goto err;
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	if (!BN_GENCB_call(cb, 3, 0))
		goto err;
	if (!BN_set_word(ret->g, g))
		goto err;
	ok = 1;
err:
	if (ok == -1) {
		DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
		ok = 0;
	}

	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	return ok;
}







|









163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	if (!BN_GENCB_call(cb, 3, 0))
		goto err;
	if (!BN_set_word(ret->g, g))
		goto err;
	ok = 1;
err:
	if (ok == -1) {
		DHerror(ERR_R_BN_LIB);
		ok = 0;
	}

	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	return ok;
}
Changes to jni/libressl/crypto/dh/dh_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_key.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
57
58
59
60
61
62
63


64
65
66
67
68
69
70
 */

#include <stdio.h>

#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/err.h>



static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
	    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int dh_init(DH *dh);
static int dh_finish(DH *dh);







>
>







57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 */

#include <stdio.h>

#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/err.h>

#include "bn_lcl.h"

static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
	    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int dh_init(DH *dh);
static int dh_finish(DH *dh);
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
	}

	dh->pub_key = pub_key;
	dh->priv_key = priv_key;
	ok = 1;
err:
	if (ok != 1)
		DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);

	if (pub_key != NULL && dh->pub_key == NULL)
		BN_free(pub_key);
	if (priv_key != NULL && dh->priv_key == NULL)
		BN_free(priv_key);
	BN_CTX_free(ctx);
	return ok;
}

static int
compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
	BN_CTX *ctx = NULL;
	BN_MONT_CTX *mont = NULL;
	BIGNUM *tmp;
	int ret = -1;
        int check_result;

	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
		DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
		goto err;
	}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;
	BN_CTX_start(ctx);
	if ((tmp = BN_CTX_get(ctx)) == NULL)
		goto err;
	
	if (dh->priv_key == NULL) {
		DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
		goto err;
	}

	if (dh->flags & DH_FLAG_CACHE_MONT_P) {
		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
		    CRYPTO_LOCK_DH, dh->p, ctx);

		BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);

		if (!mont)
			goto err;
	}

        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
		DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
		goto err;
	}

	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
	    mont)) {
		DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
		goto err;
	}

	ret = BN_bn2bin(tmp, key);
err:
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	return ret;
}

static int
dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
}

static int
dh_init(DH *dh)
{
	dh->flags |= DH_FLAG_CACHE_MONT_P;
	return 1;







|



















|











|














|





|
















|







161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
	}

	dh->pub_key = pub_key;
	dh->priv_key = priv_key;
	ok = 1;
err:
	if (ok != 1)
		DHerror(ERR_R_BN_LIB);

	if (pub_key != NULL && dh->pub_key == NULL)
		BN_free(pub_key);
	if (priv_key != NULL && dh->priv_key == NULL)
		BN_free(priv_key);
	BN_CTX_free(ctx);
	return ok;
}

static int
compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
	BN_CTX *ctx = NULL;
	BN_MONT_CTX *mont = NULL;
	BIGNUM *tmp;
	int ret = -1;
        int check_result;

	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
		DHerror(DH_R_MODULUS_TOO_LARGE);
		goto err;
	}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;
	BN_CTX_start(ctx);
	if ((tmp = BN_CTX_get(ctx)) == NULL)
		goto err;
	
	if (dh->priv_key == NULL) {
		DHerror(DH_R_NO_PRIVATE_VALUE);
		goto err;
	}

	if (dh->flags & DH_FLAG_CACHE_MONT_P) {
		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
		    CRYPTO_LOCK_DH, dh->p, ctx);

		BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);

		if (!mont)
			goto err;
	}

        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
		DHerror(DH_R_INVALID_PUBKEY);
		goto err;
	}

	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
	    mont)) {
		DHerror(ERR_R_BN_LIB);
		goto err;
	}

	ret = BN_bn2bin(tmp, key);
err:
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	return ret;
}

static int
dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
	return BN_mod_exp_mont_ct(r, a, p, m, ctx, m_ctx);
}

static int
dh_init(DH *dh)
{
	dh->flags |= DH_FLAG_CACHE_MONT_P;
	return 1;
Changes to jni/libressl/crypto/dh/dh_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_lib.c,v 1.20 2014/07/12 16:03:37 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_lib.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
DH *
DH_new_method(ENGINE *engine)
{
	DH *ret;

	ret = malloc(sizeof(DH));
	if (ret == NULL) {
		DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	ret->meth = DH_get_default_method();
#ifndef OPENSSL_NO_ENGINE
	if (engine) {
		if (!ENGINE_init(engine)) {
			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
			free(ret);
			return NULL;
		}
		ret->engine = engine;
	} else
		ret->engine = ENGINE_get_default_DH();
	if(ret->engine) {
		ret->meth = ENGINE_get_DH(ret->engine);
		if (!ret->meth) {
			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif








|







|









|







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
DH *
DH_new_method(ENGINE *engine)
{
	DH *ret;

	ret = malloc(sizeof(DH));
	if (ret == NULL) {
		DHerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	ret->meth = DH_get_default_method();
#ifndef OPENSSL_NO_ENGINE
	if (engine) {
		if (!ENGINE_init(engine)) {
			DHerror(ERR_R_ENGINE_LIB);
			free(ret);
			return NULL;
		}
		ret->engine = engine;
	} else
		ret->engine = ENGINE_get_default_DH();
	if(ret->engine) {
		ret->meth = ENGINE_get_DH(ret->engine);
		if (!ret->meth) {
			DHerror(ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif

Changes to jni/libressl/crypto/dh/dh_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_pmeth.c,v 1.8 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_pmeth.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

static int
pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
	DH *dh = NULL;

	if (ctx->pkey == NULL) {
		DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
		return 0;
	}
	dh = DH_new();
	if (!dh)
		return 0;
	EVP_PKEY_assign_DH(pkey, dh);
	/* Note: if error return, pkey is freed by parent routine */
	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
		return 0;
	return DH_generate_key(pkey->pkey.dh);
}

static int
pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
	int ret;

	if (!ctx->pkey || !ctx->peerkey) {
		DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
		return 0;
	}
	ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
	    ctx->pkey->pkey.dh);
	if (ret < 0)
		return ret;
	*keylen = ret;







|


















|







211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

static int
pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
	DH *dh = NULL;

	if (ctx->pkey == NULL) {
		DHerror(DH_R_NO_PARAMETERS_SET);
		return 0;
	}
	dh = DH_new();
	if (!dh)
		return 0;
	EVP_PKEY_assign_DH(pkey, dh);
	/* Note: if error return, pkey is freed by parent routine */
	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
		return 0;
	return DH_generate_key(pkey->pkey.dh);
}

static int
pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
	int ret;

	if (!ctx->pkey || !ctx->peerkey) {
		DHerror(DH_R_KEYS_NOT_SET);
		return 0;
	}
	ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
	    ctx->pkey->pkey.dh);
	if (ret < 0)
		return ret;
	*keylen = ret;
Changes to jni/libressl/crypto/dh/dh_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh_prn.c,v 1.4 2014/07/09 13:26:47 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
int
DHparams_print_fp(FILE *fp, const DH *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b,fp,BIO_NOCLOSE);
	ret = DHparams_print(b, x);
	BIO_free(b);
	return ret;
}







|







65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
int
DHparams_print_fp(FILE *fp, const DH *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		DHerror(ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b,fp,BIO_NOCLOSE);
	ret = DHparams_print(b, x);
	BIO_free(b);
	return ret;
}
Changes to jni/libressl/crypto/dsa/dsa_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_ameth.c,v 1.18 2015/09/10 18:12:55 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_ameth.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/x509.h>

#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif

#include "asn1_locl.h"

static int
dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
	const unsigned char *p, *pm;
	int pklen, pmlen;
	int ptype;







<
|
<
<
|







62
63
64
65
66
67
68

69


70
71
72
73
74
75
76
77

#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/x509.h>


#include "asn1_locl.h"


#include "bn_lcl.h"

static int
dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
	const unsigned char *p, *pm;
	int pklen, pmlen;
	int ptype;
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

	if (ptype == V_ASN1_SEQUENCE) {
		pstr = pval;	
		pm = pstr->data;
		pmlen = pstr->length;

		if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
			DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
			goto err;
		}
	} else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
		if (!(dsa = DSA_new())) {
			DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
			goto err;
			}
	} else {
		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
		goto err;
	}

	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
		goto err;
	}

	if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
		goto err;
	}

	ASN1_INTEGER_free(public_key);
	EVP_PKEY_assign_DSA(pkey, dsa);
	return 1;








|




|



|




|




|







88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

	if (ptype == V_ASN1_SEQUENCE) {
		pstr = pval;	
		pm = pstr->data;
		pmlen = pstr->length;

		if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
			DSAerror(DSA_R_DECODE_ERROR);
			goto err;
		}
	} else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
		if (!(dsa = DSA_new())) {
			DSAerror(ERR_R_MALLOC_FAILURE);
			goto err;
			}
	} else {
		DSAerror(DSA_R_PARAMETER_ENCODING_ERROR);
		goto err;
	}

	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
		DSAerror(DSA_R_DECODE_ERROR);
		goto err;
	}

	if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
		DSAerror(DSA_R_BN_DECODE_ERROR);
		goto err;
	}

	ASN1_INTEGER_free(public_key);
	EVP_PKEY_assign_DSA(pkey, dsa);
	return 1;

140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

	dsa = pkey->pkey.dsa;
	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
		ASN1_STRING *str;

		str = ASN1_STRING_new();
		if (str == NULL) {
			DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		str->length = i2d_DSAparams(dsa, &str->data);
		if (str->length <= 0) {
			DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
			ASN1_STRING_free(str);
			goto err;
		}
		pval = str;
		ptype = V_ASN1_SEQUENCE;
	} else
		ptype = V_ASN1_UNDEF;

	dsa->write_params = 0;

	penclen = i2d_DSAPublicKey(dsa, &penc);

	if (penclen <= 0) {
		DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,
	    penc, penclen))
		return 1;








|




|













|







137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

	dsa = pkey->pkey.dsa;
	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
		ASN1_STRING *str;

		str = ASN1_STRING_new();
		if (str == NULL) {
			DSAerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		str->length = i2d_DSAparams(dsa, &str->data);
		if (str->length <= 0) {
			DSAerror(ERR_R_MALLOC_FAILURE);
			ASN1_STRING_free(str);
			goto err;
		}
		pval = str;
		ptype = V_ASN1_SEQUENCE;
	} else
		ptype = V_ASN1_UNDEF;

	dsa->write_params = 0;

	penclen = i2d_DSAPublicKey(dsa, &penc);

	if (penclen <= 0) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,
	    penc, penclen))
		return 1;

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
	pstr = pval;
	pm = pstr->data;
	pmlen = pstr->length;
	if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
		goto decerr;
	/* We have parameters now set private key */
	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
		DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
		goto dsaerr;
	}
	/* Calculate public key */
	if (!(dsa->pub_key = BN_new())) {
		DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
		goto dsaerr;
	}
	if (!(ctx = BN_CTX_new())) {
		DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
		goto dsaerr;
	}

	if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
		DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
		goto dsaerr;
	}

	if (!EVP_PKEY_assign_DSA(pkey, dsa))
		goto decerr;

	ret = 1;
	goto done;

decerr:
	DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
dsaerr:
	DSA_free(dsa);
done:
	BN_CTX_free(ctx);
	ASN1_INTEGER_free(privkey);
	return ret;
}

static int
dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
	ASN1_STRING *params = NULL;
	ASN1_INTEGER *prkey = NULL;
	unsigned char *dp = NULL;
	int dplen;

	params = ASN1_STRING_new();
	if (!params) {
		DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
	if (params->length <= 0) {
		DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;

	/* Get private key into integer */
	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
	if (!prkey) {
		DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
		goto err;
	}

	dplen = i2d_ASN1_INTEGER(prkey, &dp);

	ASN1_INTEGER_free(prkey);
	prkey = NULL;







|




|



|



|
|










|


















|





|







|







207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
	pstr = pval;
	pm = pstr->data;
	pmlen = pstr->length;
	if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
		goto decerr;
	/* We have parameters now set private key */
	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
		DSAerror(DSA_R_BN_ERROR);
		goto dsaerr;
	}
	/* Calculate public key */
	if (!(dsa->pub_key = BN_new())) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		goto dsaerr;
	}
	if (!(ctx = BN_CTX_new())) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		goto dsaerr;
	}

	if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
		DSAerror(DSA_R_BN_ERROR);
		goto dsaerr;
	}

	if (!EVP_PKEY_assign_DSA(pkey, dsa))
		goto decerr;

	ret = 1;
	goto done;

decerr:
	DSAerror(DSA_R_DECODE_ERROR);
dsaerr:
	DSA_free(dsa);
done:
	BN_CTX_free(ctx);
	ASN1_INTEGER_free(privkey);
	return ret;
}

static int
dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
	ASN1_STRING *params = NULL;
	ASN1_INTEGER *prkey = NULL;
	unsigned char *dp = NULL;
	int dplen;

	params = ASN1_STRING_new();
	if (!params) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
	if (params->length <= 0) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;

	/* Get private key into integer */
	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
	if (!prkey) {
		DSAerror(DSA_R_BN_ERROR);
		goto err;
	}

	dplen = i2d_ASN1_INTEGER(prkey, &dp);

	ASN1_INTEGER_free(prkey);
	prkey = NULL;
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
	update_buflen(x->q, &buf_len);
	update_buflen(x->g, &buf_len);
	update_buflen(priv_key, &buf_len);
	update_buflen(pub_key, &buf_len);

	m = malloc(buf_len + 10);
	if (m == NULL) {
		DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (priv_key) {
		if (!BIO_indent(bp, off, 128))
			goto err;
		if (BIO_printf(bp, "%s: (%d bit)\n", ktype,







|







403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
	update_buflen(x->q, &buf_len);
	update_buflen(x->g, &buf_len);
	update_buflen(priv_key, &buf_len);
	update_buflen(pub_key, &buf_len);

	m = malloc(buf_len + 10);
	if (m == NULL) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (priv_key) {
		if (!BIO_indent(bp, off, 128))
			goto err;
		if (BIO_printf(bp, "%s: (%d bit)\n", ktype,
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454

static int
dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DSA *dsa;

	if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
		DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
		return 0;
	}
	EVP_PKEY_assign_DSA(pkey, dsa);
	return 1;
}

static int







|







437
438
439
440
441
442
443
444
445
446
447
448
449
450
451

static int
dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DSA *dsa;

	if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
		DSAerror(ERR_R_DSA_LIB);
		return 0;
	}
	EVP_PKEY_assign_DSA(pkey, dsa);
	return 1;
}

static int
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DSA *dsa;
	BN_CTX *ctx = NULL;
	BIGNUM *j, *p1, *newp1;

	if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
		DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
		return 0;
	}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;

	/*
	 * Check that p and q are consistent with each other.
	 */

	j = BN_CTX_get(ctx);
	p1 = BN_CTX_get(ctx);
	newp1 = BN_CTX_get(ctx);
	if (j == NULL || p1 == NULL || newp1 == NULL)
		goto err;
	/* p1 = p - 1 */
	if (BN_sub(p1, dsa->p, BN_value_one()) == 0)
		goto err;
	/* j = (p - 1) / q */
	if (BN_div(j, NULL, p1, dsa->q, ctx) == 0)
		goto err;
	/* q * j should == p - 1 */
	if (BN_mul(newp1, dsa->q, j, ctx) == 0)
		goto err;
	if (BN_cmp(newp1, p1) != 0) {
		DSAerr(DSA_F_DSA_PARAM_DECODE, DSA_R_BAD_Q_VALUE);
		goto err;
	}

	/*
	 * Check that q is not a composite number.
	 */

	if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) {
		DSAerr(DSA_F_DSA_PARAM_DECODE, DSA_R_BAD_Q_VALUE);
		goto err;
	}

	BN_CTX_free(ctx);

	EVP_PKEY_assign_DSA(pkey, dsa);
	return 1;







|




















|





|








|







476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DSA *dsa;
	BN_CTX *ctx = NULL;
	BIGNUM *j, *p1, *newp1;

	if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
		DSAerror(ERR_R_DSA_LIB);
		return 0;
	}

	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;

	/*
	 * Check that p and q are consistent with each other.
	 */

	j = BN_CTX_get(ctx);
	p1 = BN_CTX_get(ctx);
	newp1 = BN_CTX_get(ctx);
	if (j == NULL || p1 == NULL || newp1 == NULL)
		goto err;
	/* p1 = p - 1 */
	if (BN_sub(p1, dsa->p, BN_value_one()) == 0)
		goto err;
	/* j = (p - 1) / q */
	if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0)
		goto err;
	/* q * j should == p - 1 */
	if (BN_mul(newp1, dsa->q, j, ctx) == 0)
		goto err;
	if (BN_cmp(newp1, p1) != 0) {
		DSAerror(DSA_R_BAD_Q_VALUE);
		goto err;
	}

	/*
	 * Check that q is not a composite number.
	 */

	if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) {
		DSAerror(DSA_R_BAD_Q_VALUE);
		goto err;
	}

	BN_CTX_free(ctx);

	EVP_PKEY_assign_DSA(pkey, dsa);
	return 1;
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
		size_t buf_len = 0;
		unsigned char *m = NULL;

		update_buflen(dsa_sig->r, &buf_len);
		update_buflen(dsa_sig->s, &buf_len);
		m = malloc(buf_len + 10);
		if (m == NULL) {
			DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (BIO_write(bp, "\n", 1) != 1)
			goto err;

		if (!ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent))







|







557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
		size_t buf_len = 0;
		unsigned char *m = NULL;

		update_buflen(dsa_sig->r, &buf_len);
		update_buflen(dsa_sig->s, &buf_len);
		m = malloc(buf_len + 10);
		if (m == NULL) {
			DSAerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (BIO_write(bp, "\n", 1) != 1)
			goto err;

		if (!ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent))
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
			if (!OBJ_find_sigid_by_algs(&snid, hnid,
			    EVP_PKEY_id(pkey)))
				return -1; 
			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
			    0);
		}
		return 1;
#ifndef OPENSSL_NO_CMS
	case ASN1_PKEY_CTRL_CMS_SIGN:
		if (arg1 == 0) {
			int snid, hnid;
			X509_ALGOR *alg1, *alg2;

			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
			if (alg1 == NULL || alg1->algorithm == NULL)
				return -1;
			hnid = OBJ_obj2nid(alg1->algorithm);
			if (hnid == NID_undef)
				return -1;
			if (!OBJ_find_sigid_by_algs(&snid, hnid,
			    EVP_PKEY_id(pkey)))
				return -1; 
			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
			    0);
		}
		return 1;
#endif

	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *)arg2 = NID_sha1;
		return 2;

	default:
		return -2;







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







599
600
601
602
603
604
605




















606
607
608
609
610
611
612
			if (!OBJ_find_sigid_by_algs(&snid, hnid,
			    EVP_PKEY_id(pkey)))
				return -1; 
			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
			    0);
		}
		return 1;





















	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *)arg2 = NID_sha1;
		return 2;

	default:
		return -2;
Changes to jni/libressl/crypto/dsa/dsa_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_asn1.c,v 1.15 2015/02/10 05:12:23 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_asn1.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
	if (operation == ASN1_OP_NEW_PRE) {
		DSA_SIG *sig;

		sig = malloc(sizeof(DSA_SIG));
		if (!sig) {
			DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		sig->r = NULL;
		sig->s = NULL;
		*pval = (ASN1_VALUE *)sig;
		return 2;
	}







|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
	if (operation == ASN1_OP_NEW_PRE) {
		DSA_SIG *sig;

		sig = malloc(sizeof(DSA_SIG));
		if (!sig) {
			DSAerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		sig->r = NULL;
		sig->s = NULL;
		*pval = (ASN1_VALUE *)sig;
		return 2;
	}
278
279
280
281
282
283
284
























285
286
287
288
289
290
291
}

int
i2d_DSAparams(const DSA *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAparams_it);
}

























/*
 * DSA public key is a bit trickier... its effectively a CHOICE type
 * decided by a field called write_params which can either write out
 * just the public key as an INTEGER or the parameters and public key
 * in a SEQUENCE
 */







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
}

int
i2d_DSAparams(const DSA *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAparams_it);
}

DSA *
d2i_DSAparams_bio(BIO *bp, DSA **a)
{
	return ASN1_item_d2i_bio(&DSAparams_it, bp, a);
}

int
i2d_DSAparams_bio(BIO *bp, DSA *a)
{
	return ASN1_item_i2d_bio(&DSAparams_it, bp, a);
}

DSA *
d2i_DSAparams_fp(FILE *fp, DSA **a)
{
	return ASN1_item_d2i_fp(&DSAparams_it, fp, a);
}

int
i2d_DSAparams_fp(FILE *fp, DSA *a)
{
	return ASN1_item_i2d_fp(&DSAparams_it, fp, a);
}

/*
 * DSA public key is a bit trickier... its effectively a CHOICE type
 * decided by a field called write_params which can either write out
 * just the public key as an INTEGER or the parameters and public key
 * in a SEQUENCE
 */
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAPublicKey_it);
}

DSA *
DSAparams_dup(DSA *dsa)
{
	return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
}

int
DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
    unsigned int *siglen, DSA *dsa)
{
	DSA_SIG *s;







|







403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAPublicKey_it);
}

DSA *
DSAparams_dup(DSA *dsa)
{
	return ASN1_item_dup(&DSAparams_it, dsa);
}

int
DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
    unsigned int *siglen, DSA *dsa)
{
	DSA_SIG *s;
Changes to jni/libressl/crypto/dsa/dsa_depr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_depr.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/dsa/dsa_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_err.c,v 1.13 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_err.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)

static ERR_STRING_DATA DSA_str_functs[]=
	{
{ERR_FUNC(DSA_F_D2I_DSA_SIG),	"d2i_DSA_SIG"},
{ERR_FUNC(DSA_F_DO_DSA_PRINT),	"DO_DSA_PRINT"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},
{ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},
{ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},
{ERR_FUNC(DSA_F_DSA_GENERATE_KEY),	"DSA_generate_key"},
{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX),	"DSA_generate_parameters_ex"},
{ERR_FUNC(DSA_F_DSA_NEW_METHOD),	"DSA_new_method"},
{ERR_FUNC(DSA_F_DSA_PARAM_DECODE),	"DSA_PARAM_DECODE"},
{ERR_FUNC(DSA_F_DSA_PRINT_FP),	"DSA_print_fp"},
{ERR_FUNC(DSA_F_DSA_PRIV_DECODE),	"DSA_PRIV_DECODE"},
{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE),	"DSA_PRIV_ENCODE"},
{ERR_FUNC(DSA_F_DSA_PUB_DECODE),	"DSA_PUB_DECODE"},
{ERR_FUNC(DSA_F_DSA_PUB_ENCODE),	"DSA_PUB_ENCODE"},
{ERR_FUNC(DSA_F_DSA_SIGN),	"DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),	"DSA_sign_setup"},
{ERR_FUNC(DSA_F_DSA_SIG_NEW),	"DSA_SIG_new"},
{ERR_FUNC(DSA_F_DSA_SIG_PRINT),	"DSA_SIG_PRINT"},
{ERR_FUNC(DSA_F_DSA_VERIFY),	"DSA_verify"},
{ERR_FUNC(DSA_F_I2D_DSA_SIG),	"i2d_DSA_SIG"},
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE),	"OLD_DSA_PRIV_DECODE"},
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL),	"PKEY_DSA_CTRL"},
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN),	"PKEY_DSA_KEYGEN"},
{ERR_FUNC(DSA_F_SIG_CB),	"SIG_CB"},
{0,NULL}
	};

static ERR_STRING_DATA DSA_str_reasons[]=
	{
{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},







|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|







67
68
69
70
71
72
73
74

























75
76
77
78
79
80
81
82
83
84

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)

static ERR_STRING_DATA DSA_str_functs[]= {

























	{ERR_FUNC(0xfff), "CRYPTO_internal"},
	{0, NULL}
};

static ERR_STRING_DATA DSA_str_reasons[]=
	{
{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
Changes to jni/libressl/crypto/dsa/dsa_gen.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_gen.c,v 1.21 2015/07/15 16:32:29 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_gen.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
64
65
66
67
68
69
70

71
72
73
74
75
76
77
#include <stdlib.h>
#include <string.h>

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/sha.h>


#include "dsa_locl.h"

int
DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
    int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
{
	if (ret->meth->dsa_paramgen)







>







64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#include <stdlib.h>
#include <string.h>

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/sha.h>

#include "bn_lcl.h"
#include "dsa_locl.h"

int
DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
    int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
{
	if (ret->meth->dsa_paramgen)
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
				goto err;
			if (!BN_add(X, X, test))
				goto err;

			/* step 9 */
			if (!BN_lshift1(r0, q))
				goto err;
			if (!BN_mod(c, X, r0, ctx))
				goto err;
			if (!BN_sub(r0, c, BN_value_one()))
				goto err;
			if (!BN_sub(p, X, r0))
				goto err;

			/* step 10 */







|







267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
				goto err;
			if (!BN_add(X, X, test))
				goto err;

			/* step 9 */
			if (!BN_lshift1(r0, q))
				goto err;
			if (!BN_mod_ct(c, X, r0, ctx))
				goto err;
			if (!BN_sub(r0, c, BN_value_one()))
				goto err;
			if (!BN_sub(p, X, r0))
				goto err;

			/* step 10 */
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
	if (!BN_GENCB_call(cb, 2, 1))
		goto err;

	/* We now need to generate g */
	/* Set r0=(p-1)/q */
	if (!BN_sub(test, p, BN_value_one()))
		goto err;
	if (!BN_div(r0, NULL, test, q, ctx))
		goto err;

	if (!BN_set_word(test, h))
		goto err;
	if (!BN_MONT_CTX_set(mont, p, ctx))
		goto err;

	for (;;) {
		/* g=test^r0%p */
		if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
			goto err;
		if (!BN_is_one(g))
			break;
		if (!BN_add(test, test, BN_value_one()))
			goto err;
		h++;
	}







|









|







302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
	if (!BN_GENCB_call(cb, 2, 1))
		goto err;

	/* We now need to generate g */
	/* Set r0=(p-1)/q */
	if (!BN_sub(test, p, BN_value_one()))
		goto err;
	if (!BN_div_ct(r0, NULL, test, q, ctx))
		goto err;

	if (!BN_set_word(test, h))
		goto err;
	if (!BN_MONT_CTX_set(mont, p, ctx))
		goto err;

	for (;;) {
		/* g=test^r0%p */
		if (!BN_mod_exp_mont_ct(g, test, r0, p, ctx, mont))
			goto err;
		if (!BN_is_one(g))
			break;
		if (!BN_add(test, test, BN_value_one()))
			goto err;
		h++;
	}
Changes to jni/libressl/crypto/dsa/dsa_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_key.c,v 1.21 2016/06/21 04:16:53 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_key.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
61
62
63
64
65
66
67

68
69
70
71
72
73
74

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_SHA

#include <openssl/bn.h>
#include <openssl/dsa.h>


static int dsa_builtin_keygen(DSA *dsa);

int
DSA_generate_key(DSA *dsa)
{
	if (dsa->meth->dsa_keygen)







>







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_SHA

#include <openssl/bn.h>
#include <openssl/dsa.h>
#include "bn_lcl.h"

static int dsa_builtin_keygen(DSA *dsa);

int
DSA_generate_key(DSA *dsa)
{
	if (dsa->meth->dsa_keygen)
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
		pub_key=dsa->pub_key;
	
	{
		BIGNUM prk;

		BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);

		if (!BN_mod_exp(pub_key, dsa->g, &prk, dsa->p, ctx))
			goto err;
	}

	dsa->priv_key = priv_key;
	dsa->pub_key = pub_key;
	ok = 1;








|







105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
		pub_key=dsa->pub_key;
	
	{
		BIGNUM prk;

		BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);

		if (!BN_mod_exp_ct(pub_key, dsa->g, &prk, dsa->p, ctx))
			goto err;
	}

	dsa->priv_key = priv_key;
	dsa->pub_key = pub_key;
	ok = 1;

Changes to jni/libressl/crypto/dsa/dsa_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_lib.c,v 1.21 2014/07/12 16:03:37 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_lib.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
DSA *
DSA_new_method(ENGINE *engine)
{
	DSA *ret;

	ret = malloc(sizeof(DSA));
	if (ret == NULL) {
		DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->meth = DSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
	if (engine) {
		if (!ENGINE_init(engine)) {
			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
			free(ret);
			return NULL;
		}
		ret->engine = engine;
	} else
		ret->engine = ENGINE_get_default_DSA();
	if (ret->engine) {
		ret->meth = ENGINE_get_DSA(ret->engine);
		if (!ret->meth) {
			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif








|






|









|







122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
DSA *
DSA_new_method(ENGINE *engine)
{
	DSA *ret;

	ret = malloc(sizeof(DSA));
	if (ret == NULL) {
		DSAerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->meth = DSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
	if (engine) {
		if (!ENGINE_init(engine)) {
			DSAerror(ERR_R_ENGINE_LIB);
			free(ret);
			return NULL;
		}
		ret->engine = engine;
	} else
		ret->engine = ENGINE_get_default_DSA();
	if (ret->engine) {
		ret->meth = ENGINE_get_DSA(ret->engine);
		if (!ret->meth) {
			DSAerror(ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif

Changes to jni/libressl/crypto/dsa/dsa_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_locl.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
50
51
52
53
54
55
56


57
58
59
60
61


 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/dsa.h>



int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
	unsigned char *seed_out,
	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);









>
>





>
>
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/dsa.h>

__BEGIN_HIDDEN_DECLS

int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
	unsigned char *seed_out,
	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/dsa/dsa_ossl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_ossl.c,v 1.25 2016/06/06 23:37:37 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_ossl.c,v 1.30 2017/01/29 17:49:22 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
61
62
63
64
65
66
67


68
69
70
71
72
73
74
#include <stdio.h>

#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/sha.h>



static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
	    BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
	    DSA *dsa);
static int dsa_init(DSA *dsa);







>
>







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#include <stdio.h>

#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/sha.h>

#include "bn_lcl.h"

static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
	    BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
	    DSA *dsa);
static int dsa_init(DSA *dsa);
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
		goto redo;
	}
	ret->r = r;
	ret->s = s;
	
err:
	if (!ret) {
		DSAerr(DSA_F_DSA_DO_SIGN, reason);
		BN_free(r);
		BN_free(s);
	}
	BN_CTX_free(ctx);
	BN_clear_free(&m);
	BN_clear_free(&xr);
	BN_clear_free(kinv);
	return ret;
}

static int
dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
	BN_CTX *ctx;
	BIGNUM k, *kinv = NULL, *r = NULL;
	int ret = 0;

	if (!dsa->p || !dsa->q || !dsa->g) {
		DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
		return 0;
	}

	BN_init(&k);

	if (ctx_in == NULL) {
		if ((ctx = BN_CTX_new()) == NULL)







|


















|







165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
		goto redo;
	}
	ret->r = r;
	ret->s = s;
	
err:
	if (!ret) {
		DSAerror(reason);
		BN_free(r);
		BN_free(s);
	}
	BN_CTX_free(ctx);
	BN_clear_free(&m);
	BN_clear_free(&xr);
	BN_clear_free(kinv);
	return ret;
}

static int
dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
	BN_CTX *ctx;
	BIGNUM k, *kinv = NULL, *r = NULL;
	int ret = 0;

	if (!dsa->p || !dsa->q || !dsa->g) {
		DSAerror(DSA_R_MISSING_PARAMETERS);
		return 0;
	}

	BN_init(&k);

	if (ctx_in == NULL) {
		if ((ctx = BN_CTX_new()) == NULL)
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
	}

	if (dsa->meth->bn_mod_exp != NULL) {
		if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, &k, dsa->p, ctx,
					dsa->method_mont_p))
			goto err;
	} else {
		if (!BN_mod_exp_mont(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))
			goto err;
	}

	if (!BN_mod(r,r,dsa->q,ctx))
		goto err;

	/* Compute  part of 's = inv(k) (m + xr) mod q' */
	if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
		goto err;

	BN_clear_free(*kinvp);
	*kinvp = kinv;
	kinv = NULL;
	BN_clear_free(*rp);
	*rp = r;
	ret = 1;
err:
	if (!ret) {
		DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
		BN_clear_free(r);
	}
	if (ctx_in == NULL)
		BN_CTX_free(ctx);
	BN_clear_free(&k);
	return ret;
}

static int
dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
{
	BN_CTX *ctx;
	BIGNUM u1, u2, t1;
	BN_MONT_CTX *mont = NULL;
	int ret = -1, i;

	if (!dsa->p || !dsa->q || !dsa->g) {
		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
		return -1;
	}

	i = BN_num_bits(dsa->q);
	/* fips 186-3 allows only different sizes for q */
	if (i != 160 && i != 224 && i != 256) {
		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
		return -1;
	}

	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
		return -1;
	}
	BN_init(&u1);
	BN_init(&u2);
	BN_init(&t1);

	if ((ctx = BN_CTX_new()) == NULL)







|



|



|










|

















|






|




|







236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
	}

	if (dsa->meth->bn_mod_exp != NULL) {
		if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, &k, dsa->p, ctx,
					dsa->method_mont_p))
			goto err;
	} else {
		if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))
			goto err;
	}

	if (!BN_mod_ct(r,r,dsa->q,ctx))
		goto err;

	/* Compute  part of 's = inv(k) (m + xr) mod q' */
	if ((kinv = BN_mod_inverse_ct(NULL, &k, dsa->q, ctx)) == NULL)
		goto err;

	BN_clear_free(*kinvp);
	*kinvp = kinv;
	kinv = NULL;
	BN_clear_free(*rp);
	*rp = r;
	ret = 1;
err:
	if (!ret) {
		DSAerror(ERR_R_BN_LIB);
		BN_clear_free(r);
	}
	if (ctx_in == NULL)
		BN_CTX_free(ctx);
	BN_clear_free(&k);
	return ret;
}

static int
dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
{
	BN_CTX *ctx;
	BIGNUM u1, u2, t1;
	BN_MONT_CTX *mont = NULL;
	int ret = -1, i;

	if (!dsa->p || !dsa->q || !dsa->g) {
		DSAerror(DSA_R_MISSING_PARAMETERS);
		return -1;
	}

	i = BN_num_bits(dsa->q);
	/* fips 186-3 allows only different sizes for q */
	if (i != 160 && i != 224 && i != 256) {
		DSAerror(DSA_R_BAD_Q_VALUE);
		return -1;
	}

	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
		DSAerror(DSA_R_MODULUS_TOO_LARGE);
		return -1;
	}
	BN_init(&u1);
	BN_init(&u2);
	BN_init(&t1);

	if ((ctx = BN_CTX_new()) == NULL)
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
	    BN_ucmp(sig->s, dsa->q) >= 0) {
		ret = 0;
		goto err;
	}

	/* Calculate W = inv(S) mod Q
	 * save W in u2 */
	if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
		goto err;

	/* save M in u1 */
	/*
	 * If the digest length is greater than the size of q use the
	 * BN_num_bits(dsa->q) leftmost bits of the digest, see
	 * fips 186-3, 4.2







|







308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
	    BN_ucmp(sig->s, dsa->q) >= 0) {
		ret = 0;
		goto err;
	}

	/* Calculate W = inv(S) mod Q
	 * save W in u2 */
	if ((BN_mod_inverse_ct(&u2, sig->s, dsa->q, ctx)) == NULL)
		goto err;

	/* save M in u1 */
	/*
	 * If the digest length is greater than the size of q use the
	 * BN_num_bits(dsa->q) leftmost bits of the digest, see
	 * fips 186-3, 4.2
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
						dsa->p, ctx, mont))
			goto err;
	} else {
		if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
						mont))
			goto err;
	}
		
	/* BN_copy(&u1,&t1); */
	/* let u1 = u1 mod q */
	if (!BN_mod(&u1, &t1, dsa->q, ctx))
		goto err;

	/* V is now in u1.  If the signature is correct, it will be
	 * equal to R. */
	ret = BN_ucmp(&u1, sig->r) == 0;

err:
	if (ret < 0)
		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
	BN_CTX_free(ctx);
	BN_free(&u1);
	BN_free(&u2);
	BN_free(&t1);
	return ret;
}








|


|








|







347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
						dsa->p, ctx, mont))
			goto err;
	} else {
		if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
						mont))
			goto err;
	}

	/* BN_copy(&u1,&t1); */
	/* let u1 = u1 mod q */
	if (!BN_mod_ct(&u1, &t1, dsa->q, ctx))
		goto err;

	/* V is now in u1.  If the signature is correct, it will be
	 * equal to R. */
	ret = BN_ucmp(&u1, sig->r) == 0;

err:
	if (ret < 0)
		DSAerror(ERR_R_BN_LIB);
	BN_CTX_free(ctx);
	BN_free(&u1);
	BN_free(&u2);
	BN_free(&t1);
	return ret;
}

Changes to jni/libressl/crypto/dsa/dsa_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_pmeth.c,v 1.9 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_pmeth.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
	case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
		switch (EVP_MD_type((const EVP_MD *)p2)) {
		case NID_sha1:
		case NID_sha224:
		case NID_sha256:
			break;
		default:
			DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		dctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_MD:
		switch (EVP_MD_type((const EVP_MD *)p2)) {
		case NID_sha1:
		case NID_dsa:
		case NID_dsaWithSHA:
		case NID_sha224:
		case NID_sha256:
		case NID_sha384:
		case NID_sha512:
			break;
		default:
			DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		dctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_DIGESTINIT:
	case EVP_PKEY_CTRL_PKCS7_SIGN:
	case EVP_PKEY_CTRL_CMS_SIGN:
		return 1;
		
	case EVP_PKEY_CTRL_PEER_KEY:
		DSAerr(DSA_F_PKEY_DSA_CTRL,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;	
	default:
		return -2;
	}
}
			
static int







|
















|











<
|







187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

223
224
225
226
227
228
229
230
	case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
		switch (EVP_MD_type((const EVP_MD *)p2)) {
		case NID_sha1:
		case NID_sha224:
		case NID_sha256:
			break;
		default:
			DSAerror(DSA_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		dctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_MD:
		switch (EVP_MD_type((const EVP_MD *)p2)) {
		case NID_sha1:
		case NID_dsa:
		case NID_dsaWithSHA:
		case NID_sha224:
		case NID_sha256:
		case NID_sha384:
		case NID_sha512:
			break;
		default:
			DSAerror(DSA_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		dctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_DIGESTINIT:
	case EVP_PKEY_CTRL_PKCS7_SIGN:
	case EVP_PKEY_CTRL_CMS_SIGN:
		return 1;
		
	case EVP_PKEY_CTRL_PEER_KEY:

		DSAerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;	
	default:
		return -2;
	}
}
			
static int
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

static int
pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
	DSA *dsa = NULL;

	if (ctx->pkey == NULL) {
		DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
		return 0;
	}
	dsa = DSA_new();
	if (!dsa)
		return 0;
	EVP_PKEY_assign_DSA(pkey, dsa);
	/* Note: if error return, pkey is freed by parent routine */







|







298
299
300
301
302
303
304
305
306
307
308
309
310
311
312

static int
pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
	DSA *dsa = NULL;

	if (ctx->pkey == NULL) {
		DSAerror(DSA_R_NO_PARAMETERS_SET);
		return 0;
	}
	dsa = DSA_new();
	if (!dsa)
		return 0;
	EVP_PKEY_assign_DSA(pkey, dsa);
	/* Note: if error return, pkey is freed by parent routine */
Changes to jni/libressl/crypto/dsa/dsa_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_prn.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
int
DSA_print_fp(FILE *fp, const DSA *x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = DSA_print(b, x, off);
	BIO_free(b);
	return ret;
}

int
DSAparams_print_fp(FILE *fp, const DSA *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = DSAparams_print(b, x);
	BIO_free(b);
	return ret;
}







|















|







65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
int
DSA_print_fp(FILE *fp, const DSA *x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		DSAerror(ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = DSA_print(b, x, off);
	BIO_free(b);
	return ret;
}

int
DSAparams_print_fp(FILE *fp, const DSA *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		DSAerror(ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = DSAparams_print(b, x);
	BIO_free(b);
	return ret;
}
Changes to jni/libressl/crypto/dsa/dsa_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_sign.c,v 1.18 2014/07/12 16:03:37 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_sign.c,v 1.19 2014/10/18 17:20:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/dsa/dsa_vrf.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_vrf.c,v 1.15 2014/07/09 10:16:24 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa_vrf.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/dso/dso_dlfcn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dso_dlfcn.c,v 1.27 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dso_dlfcn.c,v 1.29 2017/01/29 17:49:23 beck Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
{
	void *ptr = NULL;
	/* See applicable comments in dso_dl.c */
	char *filename = DSO_convert_filename(dso, NULL);
	int flags = RTLD_LAZY;

	if (filename == NULL) {
		DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
		goto err;
	}

	if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
		flags |= RTLD_GLOBAL;
	ptr = dlopen(filename, flags);
	if (ptr == NULL) {
		DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
		ERR_asprintf_error_data("filename(%s): %s", filename,
		    dlerror());
		goto err;
	}
	if (!sk_void_push(dso->meth_data, (char *)ptr)) {
		DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
		goto err;
	}
	/* Success */
	dso->loaded_filename = filename;
	return (1);

err:
	/* Cleanup! */
	free(filename);
	if (ptr != NULL)
		dlclose(ptr);
	return (0);
}

static int
dlfcn_unload(DSO *dso)
{
	void *ptr;
	if (dso == NULL) {
		DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (sk_void_num(dso->meth_data) < 1)
		return (1);
	ptr = sk_void_pop(dso->meth_data);
	if (ptr == NULL) {
		DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
		/* Should push the value back onto the stack in
		 * case of a retry. */
		sk_void_push(dso->meth_data, ptr);
		return (0);
	}
	/* For now I'm not aware of any errors associated with dlclose() */
	dlclose(ptr);
	return (1);
}

static void *
dlfcn_bind_var(DSO *dso, const char *symname)
{
	void *ptr, *sym;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (sk_void_num(dso->meth_data) < 1) {
		DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
		return (NULL);
	}
	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
	if (ptr == NULL) {
		DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
		return (NULL);
	}
	sym = dlsym(ptr, symname);
	if (sym == NULL) {
		DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
		ERR_asprintf_error_data("symname(%s): %s", symname, dlerror());
		return (NULL);
	}
	return (sym);
}

static DSO_FUNC_TYPE
dlfcn_bind_func(DSO *dso, const char *symname)
{
	void *ptr;
	union {
		DSO_FUNC_TYPE sym;
		void *dlret;
	} u;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (sk_void_num(dso->meth_data) < 1) {
		DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
		return (NULL);
	}
	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
	if (ptr == NULL) {
		DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
		return (NULL);
	}
	u.dlret = dlsym(ptr, symname);
	if (u.dlret == NULL) {
		DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
		ERR_asprintf_error_data("symname(%s): %s", symname, dlerror());
		return (NULL);
	}
	return u.sym;
}

static char *
dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2)
{
	char *merged;

	if (!filespec1 && !filespec2) {
		DSOerr(DSO_F_DLFCN_MERGER,
		    ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	/* If the first file specification is a rooted path, it rules.
	   same goes if the second file specification is missing. */
	if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
		merged = strdup(filespec1);
		if (!merged) {
			DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	}
	/* If the first file specification is missing, the second one rules. */
	else if (!filespec1) {
		merged = strdup(filespec2);
		if (!merged) {
			DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	} else
		/* This part isn't as trivial as it looks.  It assumes that
		   the second file specification really is a directory, and
		   makes no checks whatsoever.  Therefore, the result becomes
		   the concatenation of filespec2 followed by a slash followed
		   by filespec1. */
	{
		size_t spec2len, len;

		spec2len = strlen(filespec2);
		len = spec2len + (filespec1 ? strlen(filespec1) : 0);

		if (filespec2 && filespec2[spec2len - 1] == '/') {
			spec2len--;
			len--;
		}
		merged = malloc(len + 2);
		if (!merged) {
			DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
		strlcpy(merged, filespec2, len + 2);
		merged[spec2len] = '/';
		strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len);
	}
	return (merged);







|







|





|



















|






|
















|



|




|




|
















|



|




|




|












<
|







|







|




















|







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
{
	void *ptr = NULL;
	/* See applicable comments in dso_dl.c */
	char *filename = DSO_convert_filename(dso, NULL);
	int flags = RTLD_LAZY;

	if (filename == NULL) {
		DSOerror(DSO_R_NO_FILENAME);
		goto err;
	}

	if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
		flags |= RTLD_GLOBAL;
	ptr = dlopen(filename, flags);
	if (ptr == NULL) {
		DSOerror(DSO_R_LOAD_FAILED);
		ERR_asprintf_error_data("filename(%s): %s", filename,
		    dlerror());
		goto err;
	}
	if (!sk_void_push(dso->meth_data, (char *)ptr)) {
		DSOerror(DSO_R_STACK_ERROR);
		goto err;
	}
	/* Success */
	dso->loaded_filename = filename;
	return (1);

err:
	/* Cleanup! */
	free(filename);
	if (ptr != NULL)
		dlclose(ptr);
	return (0);
}

static int
dlfcn_unload(DSO *dso)
{
	void *ptr;
	if (dso == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (sk_void_num(dso->meth_data) < 1)
		return (1);
	ptr = sk_void_pop(dso->meth_data);
	if (ptr == NULL) {
		DSOerror(DSO_R_NULL_HANDLE);
		/* Should push the value back onto the stack in
		 * case of a retry. */
		sk_void_push(dso->meth_data, ptr);
		return (0);
	}
	/* For now I'm not aware of any errors associated with dlclose() */
	dlclose(ptr);
	return (1);
}

static void *
dlfcn_bind_var(DSO *dso, const char *symname)
{
	void *ptr, *sym;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (sk_void_num(dso->meth_data) < 1) {
		DSOerror(DSO_R_STACK_ERROR);
		return (NULL);
	}
	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
	if (ptr == NULL) {
		DSOerror(DSO_R_NULL_HANDLE);
		return (NULL);
	}
	sym = dlsym(ptr, symname);
	if (sym == NULL) {
		DSOerror(DSO_R_SYM_FAILURE);
		ERR_asprintf_error_data("symname(%s): %s", symname, dlerror());
		return (NULL);
	}
	return (sym);
}

static DSO_FUNC_TYPE
dlfcn_bind_func(DSO *dso, const char *symname)
{
	void *ptr;
	union {
		DSO_FUNC_TYPE sym;
		void *dlret;
	} u;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (sk_void_num(dso->meth_data) < 1) {
		DSOerror(DSO_R_STACK_ERROR);
		return (NULL);
	}
	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
	if (ptr == NULL) {
		DSOerror(DSO_R_NULL_HANDLE);
		return (NULL);
	}
	u.dlret = dlsym(ptr, symname);
	if (u.dlret == NULL) {
		DSOerror(DSO_R_SYM_FAILURE);
		ERR_asprintf_error_data("symname(%s): %s", symname, dlerror());
		return (NULL);
	}
	return u.sym;
}

static char *
dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2)
{
	char *merged;

	if (!filespec1 && !filespec2) {

		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	/* If the first file specification is a rooted path, it rules.
	   same goes if the second file specification is missing. */
	if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
		merged = strdup(filespec1);
		if (!merged) {
			DSOerror(ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	}
	/* If the first file specification is missing, the second one rules. */
	else if (!filespec1) {
		merged = strdup(filespec2);
		if (!merged) {
			DSOerror(ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	} else
		/* This part isn't as trivial as it looks.  It assumes that
		   the second file specification really is a directory, and
		   makes no checks whatsoever.  Therefore, the result becomes
		   the concatenation of filespec2 followed by a slash followed
		   by filespec1. */
	{
		size_t spec2len, len;

		spec2len = strlen(filespec2);
		len = spec2len + (filespec1 ? strlen(filespec1) : 0);

		if (filespec2 && filespec2[spec2len - 1] == '/') {
			spec2len--;
			len--;
		}
		merged = malloc(len + 2);
		if (!merged) {
			DSOerror(ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
		strlcpy(merged, filespec2, len + 2);
		merged[spec2len] = '/';
		strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len);
	}
	return (merged);
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
			translated = NULL;
	} else {
		/* Full path, so just duplicate it */
		translated = strdup(filename);
	}

	if (translated == NULL)
		DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
		    DSO_R_NAME_TRANSLATION_FAILED);
	return (translated);
}

static int
dlfcn_pathbyaddr(void *addr, char *path, int sz)
{
	Dl_info dli;







<
|







301
302
303
304
305
306
307

308
309
310
311
312
313
314
315
			translated = NULL;
	} else {
		/* Full path, so just duplicate it */
		translated = strdup(filename);
	}

	if (translated == NULL)

		DSOerror(DSO_R_NAME_TRANSLATION_FAILED);
	return (translated);
}

static int
dlfcn_pathbyaddr(void *addr, char *path, int sz)
{
	Dl_info dli;
Changes to jni/libressl/crypto/dso/dso_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dso_err.c,v 1.7 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dso_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)

static ERR_STRING_DATA DSO_str_functs[]= {
	{ERR_FUNC(DSO_F_BEOS_BIND_FUNC),	"BEOS_BIND_FUNC"},
	{ERR_FUNC(DSO_F_BEOS_BIND_VAR),	"BEOS_BIND_VAR"},
	{ERR_FUNC(DSO_F_BEOS_LOAD),	"BEOS_LOAD"},
	{ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER),	"BEOS_NAME_CONVERTER"},
	{ERR_FUNC(DSO_F_BEOS_UNLOAD),	"BEOS_UNLOAD"},
	{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),	"DLFCN_BIND_FUNC"},
	{ERR_FUNC(DSO_F_DLFCN_BIND_VAR),	"DLFCN_BIND_VAR"},
	{ERR_FUNC(DSO_F_DLFCN_LOAD),	"DLFCN_LOAD"},
	{ERR_FUNC(DSO_F_DLFCN_MERGER),	"DLFCN_MERGER"},
	{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),	"DLFCN_NAME_CONVERTER"},
	{ERR_FUNC(DSO_F_DLFCN_UNLOAD),	"DLFCN_UNLOAD"},
	{ERR_FUNC(DSO_F_DL_BIND_FUNC),	"DL_BIND_FUNC"},
	{ERR_FUNC(DSO_F_DL_BIND_VAR),	"DL_BIND_VAR"},
	{ERR_FUNC(DSO_F_DL_LOAD),	"DL_LOAD"},
	{ERR_FUNC(DSO_F_DL_MERGER),	"DL_MERGER"},
	{ERR_FUNC(DSO_F_DL_NAME_CONVERTER),	"DL_NAME_CONVERTER"},
	{ERR_FUNC(DSO_F_DL_UNLOAD),	"DL_UNLOAD"},
	{ERR_FUNC(DSO_F_DSO_BIND_FUNC),	"DSO_bind_func"},
	{ERR_FUNC(DSO_F_DSO_BIND_VAR),	"DSO_bind_var"},
	{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME),	"DSO_convert_filename"},
	{ERR_FUNC(DSO_F_DSO_CTRL),	"DSO_ctrl"},
	{ERR_FUNC(DSO_F_DSO_FREE),	"DSO_free"},
	{ERR_FUNC(DSO_F_DSO_GET_FILENAME),	"DSO_get_filename"},
	{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),	"DSO_get_loaded_filename"},
	{ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP),	"DSO_global_lookup"},
	{ERR_FUNC(DSO_F_DSO_LOAD),	"DSO_load"},
	{ERR_FUNC(DSO_F_DSO_MERGE),	"DSO_merge"},
	{ERR_FUNC(DSO_F_DSO_NEW_METHOD),	"DSO_new_method"},
	{ERR_FUNC(DSO_F_DSO_PATHBYADDR),	"DSO_pathbyaddr"},
	{ERR_FUNC(DSO_F_DSO_SET_FILENAME),	"DSO_set_filename"},
	{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),	"DSO_set_name_converter"},
	{ERR_FUNC(DSO_F_DSO_UP_REF),	"DSO_up_ref"},
	{ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC),	"GLOBAL_LOOKUP_FUNC"},
	{ERR_FUNC(DSO_F_PATHBYADDR),	"PATHBYADDR"},
	{ERR_FUNC(DSO_F_VMS_BIND_SYM),	"VMS_BIND_SYM"},
	{ERR_FUNC(DSO_F_VMS_LOAD),	"VMS_LOAD"},
	{ERR_FUNC(DSO_F_VMS_MERGER),	"VMS_MERGER"},
	{ERR_FUNC(DSO_F_VMS_UNLOAD),	"VMS_UNLOAD"},
	{ERR_FUNC(DSO_F_WIN32_BIND_FUNC),	"WIN32_BIND_FUNC"},
	{ERR_FUNC(DSO_F_WIN32_BIND_VAR),	"WIN32_BIND_VAR"},
	{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP),	"WIN32_GLOBALLOOKUP"},
	{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC),	"WIN32_GLOBALLOOKUP_FUNC"},
	{ERR_FUNC(DSO_F_WIN32_JOINER),	"WIN32_JOINER"},
	{ERR_FUNC(DSO_F_WIN32_LOAD),	"WIN32_LOAD"},
	{ERR_FUNC(DSO_F_WIN32_MERGER),	"WIN32_MERGER"},
	{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),	"WIN32_NAME_CONVERTER"},
	{ERR_FUNC(DSO_F_WIN32_PATHBYADDR),	"WIN32_PATHBYADDR"},
	{ERR_FUNC(DSO_F_WIN32_SPLITTER),	"WIN32_SPLITTER"},
	{ERR_FUNC(DSO_F_WIN32_UNLOAD),	"WIN32_UNLOAD"},
	{0, NULL}
};

static ERR_STRING_DATA DSO_str_reasons[]= {
	{ERR_REASON(DSO_R_CTRL_FAILED)           , "control command failed"},
	{ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    , "dso already loaded"},
	{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE)  , "empty file structure"},







<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74













75



































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)

static ERR_STRING_DATA DSO_str_functs[]= {













	{ERR_FUNC(0xfff), "CRYPTO_internal"},



































	{0, NULL}
};

static ERR_STRING_DATA DSO_str_reasons[]= {
	{ERR_REASON(DSO_R_CTRL_FAILED)           , "control command failed"},
	{ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    , "dso already loaded"},
	{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE)  , "empty file structure"},
Changes to jni/libressl/crypto/dso/dso_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dso_lib.c,v 1.17 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dso_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
	if (default_DSO_meth == NULL)
		/* We default to DSO_METH_openssl() which in turn defaults
		 * to stealing the "best available" method. Will fallback
		 * to DSO_METH_null() in the worst case. */
		default_DSO_meth = DSO_METHOD_openssl();
	ret = calloc(1, sizeof(DSO));
	if (ret == NULL) {
		DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->meth_data = sk_void_new_null();
	if (ret->meth_data == NULL) {
		/* sk_new doesn't generate any errors so we do */
		DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		free(ret);
		return (NULL);
	}
	if (meth == NULL)
		ret->meth = default_DSO_meth;
	else
		ret->meth = meth;







|





|







107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
	if (default_DSO_meth == NULL)
		/* We default to DSO_METH_openssl() which in turn defaults
		 * to stealing the "best available" method. Will fallback
		 * to DSO_METH_null() in the worst case. */
		default_DSO_meth = DSO_METHOD_openssl();
	ret = calloc(1, sizeof(DSO));
	if (ret == NULL) {
		DSOerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->meth_data = sk_void_new_null();
	if (ret->meth_data == NULL) {
		/* sk_new doesn't generate any errors so we do */
		DSOerror(ERR_R_MALLOC_FAILURE);
		free(ret);
		return (NULL);
	}
	if (meth == NULL)
		ret->meth = default_DSO_meth;
	else
		ret->meth = meth;
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

int
DSO_free(DSO *dso)
{
	int i;

	if (dso == NULL) {
		DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}

	i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
	if (i > 0)
		return (1);

	if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
		DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
		return (0);
	}

	if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
		DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
		return (0);
	}

	sk_void_free(dso->meth_data);
	free(dso->filename);
	free(dso->loaded_filename);
	free(dso);







|








|




|







135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

int
DSO_free(DSO *dso)
{
	int i;

	if (dso == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}

	i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
	if (i > 0)
		return (1);

	if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
		DSOerror(DSO_R_UNLOAD_FAILED);
		return (0);
	}

	if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
		DSOerror(DSO_R_FINISH_FAILED);
		return (0);
	}

	sk_void_free(dso->meth_data);
	free(dso->filename);
	free(dso->loaded_filename);
	free(dso);
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
}


int
DSO_up_ref(DSO *dso)
{
	if (dso == NULL) {
		DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}

	CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
	return (1);
}

DSO *
DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
{
	DSO *ret;
	int allocated = 0;

	if (dso == NULL) {
		ret = DSO_new_method(meth);
		if (ret == NULL) {
			DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		allocated = 1;
		/* Pass the provided flags to the new DSO object */
		if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
			DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
			goto err;
		}
	} else
		ret = dso;
	/* Don't load if we're currently already loaded */
	if (ret->filename != NULL) {
		DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
		goto err;
	}
	/* filename can only be NULL if we were passed a dso that already has
	 * one set. */
	if (filename != NULL)
		if (!DSO_set_filename(ret, filename)) {
		DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
		goto err;
	}
	filename = ret->filename;
	if (filename == NULL) {
		DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
		goto err;
	}
	if (ret->meth->dso_load == NULL) {
		DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
		goto err;
	}
	if (!ret->meth->dso_load(ret)) {
		DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
		goto err;
	}
	/* Load succeeded */
	return (ret);

err:
	if (allocated)
		DSO_free(ret);
	return (NULL);
}

void *
DSO_bind_var(DSO *dso, const char *symname)
{
	void *ret = NULL;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (dso->meth->dso_bind_var == NULL) {
		DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
		return (NULL);
	}
	if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
		DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
		return (NULL);
	}
	/* Success */
	return (ret);
}

DSO_FUNC_TYPE
DSO_bind_func(DSO *dso, const char *symname)
{
	DSO_FUNC_TYPE ret = NULL;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (dso->meth->dso_bind_func == NULL) {
		DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
		return (NULL);
	}
	if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
		DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
		return (NULL);
	}
	/* Success */
	return (ret);
}

/* I don't really like these *_ctrl functions very much to be perfectly
 * honest. For one thing, I think I have to return a negative value for
 * any error because possible DSO_ctrl() commands may return values
 * such as "size"s that can legitimately be zero (making the standard
 * "if(DSO_cmd(...))" form that works almost everywhere else fail at
 * odd times. I'd prefer "output" values to be passed by reference and
 * the return value as success/failure like usual ... but we conform
 * when we must... :-) */
long
DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
{
	if (dso == NULL) {
		DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
		return (-1);
	}
	/* We should intercept certain generic commands and only pass control
	 * to the method-specific ctrl() function if it's something we don't
	 * handle. */
	switch (cmd) {
	case DSO_CTRL_GET_FLAGS:
		return dso->flags;
	case DSO_CTRL_SET_FLAGS:
		dso->flags = (int)larg;
		return (0);
	case DSO_CTRL_OR_FLAGS:
		dso->flags |= (int)larg;
		return (0);
	default:
		break;
	}
	if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
		DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
		return (-1);
	}
	return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
}

int
DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
    DSO_NAME_CONVERTER_FUNC *oldcb)
{
	if (dso == NULL) {
		DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
		    ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (oldcb)
		*oldcb = dso->name_converter;
	dso->name_converter = cb;
	return (1);
}

const char *
DSO_get_filename(DSO *dso)
{
	if (dso == NULL) {
		DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	return (dso->filename);
}

int
DSO_set_filename(DSO *dso, const char *filename)
{
	char *copied;

	if ((dso == NULL) || (filename == NULL)) {
		DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (dso->loaded_filename) {
		DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
		return (0);
	}
	/* We'll duplicate filename */
	copied = strdup(filename);
	if (copied == NULL) {
		DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	free(dso->filename);
	dso->filename = copied;
	return (1);
}

char *
DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
{
	char *result = NULL;

	if (dso == NULL || filespec1 == NULL) {
		DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
		if (dso->merger != NULL)
			result = dso->merger(dso, filespec1, filespec2);
		else if (dso->meth->dso_merger != NULL)
			result = dso->meth->dso_merger(dso,
			    filespec1, filespec2);
	}
	return (result);
}

char *
DSO_convert_filename(DSO *dso, const char *filename)
{
	char *result = NULL;

	if (dso == NULL) {
		DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (filename == NULL)
		filename = dso->filename;
	if (filename == NULL) {
		DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
		return (NULL);
	}
	if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
		if (dso->name_converter != NULL)
			result = dso->name_converter(dso, filename);
		else if (dso->meth->dso_name_converter != NULL)
			result = dso->meth->dso_name_converter(dso, filename);
	}
	if (result == NULL) {
		result = strdup(filename);
		if (result == NULL) {
			DSOerr(DSO_F_DSO_CONVERT_FILENAME,
			    ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	}
	return (result);
}

const char *
DSO_get_loaded_filename(DSO *dso)
{
	if (dso == NULL) {
		DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
		    ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	return (dso->loaded_filename);
}

int
DSO_pathbyaddr(void *addr, char *path, int sz)
{
	DSO_METHOD *meth = default_DSO_meth;
	if (meth == NULL)
		meth = DSO_METHOD_openssl();
	if (meth->pathbyaddr == NULL) {
		DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
		return -1;
	}
	return (*meth->pathbyaddr)(addr, path, sz);
}

void *
DSO_global_lookup(const char *name)
{
	DSO_METHOD *meth = default_DSO_meth;
	if (meth == NULL)
		meth = DSO_METHOD_openssl();
	if (meth->globallookup == NULL) {
		DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
		return NULL;
	}
	return (*meth->globallookup)(name);
}







|
















|





|






|






|




|



|



|

















|



|



|












|



|



|


















|


















|










<
|












|











|



|





|













|


















|





|











<
|










<
|












|












|




171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323

324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409

410
411
412
413
414
415
416
417
418
419
420

421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
}


int
DSO_up_ref(DSO *dso)
{
	if (dso == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}

	CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
	return (1);
}

DSO *
DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
{
	DSO *ret;
	int allocated = 0;

	if (dso == NULL) {
		ret = DSO_new_method(meth);
		if (ret == NULL) {
			DSOerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		allocated = 1;
		/* Pass the provided flags to the new DSO object */
		if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
			DSOerror(DSO_R_CTRL_FAILED);
			goto err;
		}
	} else
		ret = dso;
	/* Don't load if we're currently already loaded */
	if (ret->filename != NULL) {
		DSOerror(DSO_R_DSO_ALREADY_LOADED);
		goto err;
	}
	/* filename can only be NULL if we were passed a dso that already has
	 * one set. */
	if (filename != NULL)
		if (!DSO_set_filename(ret, filename)) {
		DSOerror(DSO_R_SET_FILENAME_FAILED);
		goto err;
	}
	filename = ret->filename;
	if (filename == NULL) {
		DSOerror(DSO_R_NO_FILENAME);
		goto err;
	}
	if (ret->meth->dso_load == NULL) {
		DSOerror(DSO_R_UNSUPPORTED);
		goto err;
	}
	if (!ret->meth->dso_load(ret)) {
		DSOerror(DSO_R_LOAD_FAILED);
		goto err;
	}
	/* Load succeeded */
	return (ret);

err:
	if (allocated)
		DSO_free(ret);
	return (NULL);
}

void *
DSO_bind_var(DSO *dso, const char *symname)
{
	void *ret = NULL;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (dso->meth->dso_bind_var == NULL) {
		DSOerror(DSO_R_UNSUPPORTED);
		return (NULL);
	}
	if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
		DSOerror(DSO_R_SYM_FAILURE);
		return (NULL);
	}
	/* Success */
	return (ret);
}

DSO_FUNC_TYPE
DSO_bind_func(DSO *dso, const char *symname)
{
	DSO_FUNC_TYPE ret = NULL;

	if ((dso == NULL) || (symname == NULL)) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (dso->meth->dso_bind_func == NULL) {
		DSOerror(DSO_R_UNSUPPORTED);
		return (NULL);
	}
	if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
		DSOerror(DSO_R_SYM_FAILURE);
		return (NULL);
	}
	/* Success */
	return (ret);
}

/* I don't really like these *_ctrl functions very much to be perfectly
 * honest. For one thing, I think I have to return a negative value for
 * any error because possible DSO_ctrl() commands may return values
 * such as "size"s that can legitimately be zero (making the standard
 * "if(DSO_cmd(...))" form that works almost everywhere else fail at
 * odd times. I'd prefer "output" values to be passed by reference and
 * the return value as success/failure like usual ... but we conform
 * when we must... :-) */
long
DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
{
	if (dso == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (-1);
	}
	/* We should intercept certain generic commands and only pass control
	 * to the method-specific ctrl() function if it's something we don't
	 * handle. */
	switch (cmd) {
	case DSO_CTRL_GET_FLAGS:
		return dso->flags;
	case DSO_CTRL_SET_FLAGS:
		dso->flags = (int)larg;
		return (0);
	case DSO_CTRL_OR_FLAGS:
		dso->flags |= (int)larg;
		return (0);
	default:
		break;
	}
	if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
		DSOerror(DSO_R_UNSUPPORTED);
		return (-1);
	}
	return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
}

int
DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
    DSO_NAME_CONVERTER_FUNC *oldcb)
{
	if (dso == NULL) {

		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (oldcb)
		*oldcb = dso->name_converter;
	dso->name_converter = cb;
	return (1);
}

const char *
DSO_get_filename(DSO *dso)
{
	if (dso == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	return (dso->filename);
}

int
DSO_set_filename(DSO *dso, const char *filename)
{
	char *copied;

	if ((dso == NULL) || (filename == NULL)) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (dso->loaded_filename) {
		DSOerror(DSO_R_DSO_ALREADY_LOADED);
		return (0);
	}
	/* We'll duplicate filename */
	copied = strdup(filename);
	if (copied == NULL) {
		DSOerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	free(dso->filename);
	dso->filename = copied;
	return (1);
}

char *
DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
{
	char *result = NULL;

	if (dso == NULL || filespec1 == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
		if (dso->merger != NULL)
			result = dso->merger(dso, filespec1, filespec2);
		else if (dso->meth->dso_merger != NULL)
			result = dso->meth->dso_merger(dso,
			    filespec1, filespec2);
	}
	return (result);
}

char *
DSO_convert_filename(DSO *dso, const char *filename)
{
	char *result = NULL;

	if (dso == NULL) {
		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	if (filename == NULL)
		filename = dso->filename;
	if (filename == NULL) {
		DSOerror(DSO_R_NO_FILENAME);
		return (NULL);
	}
	if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
		if (dso->name_converter != NULL)
			result = dso->name_converter(dso, filename);
		else if (dso->meth->dso_name_converter != NULL)
			result = dso->meth->dso_name_converter(dso, filename);
	}
	if (result == NULL) {
		result = strdup(filename);
		if (result == NULL) {

			DSOerror(ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	}
	return (result);
}

const char *
DSO_get_loaded_filename(DSO *dso)
{
	if (dso == NULL) {

		DSOerror(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}
	return (dso->loaded_filename);
}

int
DSO_pathbyaddr(void *addr, char *path, int sz)
{
	DSO_METHOD *meth = default_DSO_meth;
	if (meth == NULL)
		meth = DSO_METHOD_openssl();
	if (meth->pathbyaddr == NULL) {
		DSOerror(DSO_R_UNSUPPORTED);
		return -1;
	}
	return (*meth->pathbyaddr)(addr, path, sz);
}

void *
DSO_global_lookup(const char *name)
{
	DSO_METHOD *meth = default_DSO_meth;
	if (meth == NULL)
		meth = DSO_METHOD_openssl();
	if (meth->globallookup == NULL) {
		DSOerror(DSO_R_UNSUPPORTED);
		return NULL;
	}
	return (*meth->globallookup)(name);
}
Changes to jni/libressl/crypto/dso/dso_null.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dso_null.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dso_null.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/dso/dso_openssl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: dso_openssl.c,v 1.5 2014/06/12 15:49:29 deraadt Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dso_openssl.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/ec/ec2_mult.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec2_mult.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec2_mult.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
    const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx)
{
	BIGNUM *x1, *x2, *z1, *z2;
	int ret = 0, i;
	BN_ULONG mask, word;

	if (r == point) {
		ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
		return 0;
	}
	/* if result should be point at infinity */
	if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
	    EC_POINT_is_at_infinity(group, point) > 0) {
		return EC_POINT_set_to_infinity(group, r);
	}







|







263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
    const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx)
{
	BIGNUM *x1, *x2, *z1, *z2;
	int ret = 0, i;
	BN_ULONG mask, word;

	if (r == point) {
		ECerror(EC_R_INVALID_ARGUMENT);
		return 0;
	}
	/* if result should be point at infinity */
	if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
	    EC_POINT_is_at_infinity(group, point) > 0) {
		return EC_POINT_set_to_infinity(group, r);
	}
Changes to jni/libressl/crypto/ec/ec2_oct.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec2_oct.c,v 1.6 2015/02/08 22:25:03 miod Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec2_oct.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
			goto err;
		if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
			unsigned long err = ERR_peek_last_error();

			if (ERR_GET_LIB(err) == ERR_LIB_BN &&
			    ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
				ERR_clear_error();
				ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
			} else
				ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
			goto err;
		}
		z0 = (BN_is_odd(z)) ? 1 : 0;
		if (!group->meth->field_mul(group, y, x, z, ctx))
			goto err;
		if (z0 != y_bit) {
			if (!BN_GF2m_add(y, y, x))







|

|







134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
			goto err;
		if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
			unsigned long err = ERR_peek_last_error();

			if (ERR_GET_LIB(err) == ERR_LIB_BN &&
			    ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
				ERR_clear_error();
				ECerror(EC_R_INVALID_COMPRESSED_POINT);
			} else
				ECerror(ERR_R_BN_LIB);
			goto err;
		}
		z0 = (BN_is_odd(z)) ? 1 : 0;
		if (!group->meth->field_mul(group, y, x, z, ctx))
			goto err;
		if (z0 != y_bit) {
			if (!BN_GF2m_add(y, y, x))
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
	int used_ctx = 0;
	BIGNUM *x, *y, *yxi;
	size_t field_len, i, skip;

	if ((form != POINT_CONVERSION_COMPRESSED)
	    && (form != POINT_CONVERSION_UNCOMPRESSED)
	    && (form != POINT_CONVERSION_HYBRID)) {
		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
		goto err;
	}
	if (EC_POINT_is_at_infinity(group, point) > 0) {
		/* encodes to a single 0 octet */
		if (buf != NULL) {
			if (len < 1) {
				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
				return 0;
			}
			buf[0] = 0;
		}
		return 1;
	}
	/* ret := required output buffer length */
	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
	    1 + 2 * field_len;

	/* if 'buf' is NULL, just return required length */
	if (buf != NULL) {
		if (len < ret) {
			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
			goto err;
		}
		if (ctx == NULL) {
			ctx = new_ctx = BN_CTX_new();
			if (ctx == NULL)
				return 0;
		}







|






|














|







178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
	int used_ctx = 0;
	BIGNUM *x, *y, *yxi;
	size_t field_len, i, skip;

	if ((form != POINT_CONVERSION_COMPRESSED)
	    && (form != POINT_CONVERSION_UNCOMPRESSED)
	    && (form != POINT_CONVERSION_HYBRID)) {
		ECerror(EC_R_INVALID_FORM);
		goto err;
	}
	if (EC_POINT_is_at_infinity(group, point) > 0) {
		/* encodes to a single 0 octet */
		if (buf != NULL) {
			if (len < 1) {
				ECerror(EC_R_BUFFER_TOO_SMALL);
				return 0;
			}
			buf[0] = 0;
		}
		return 1;
	}
	/* ret := required output buffer length */
	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
	    1 + 2 * field_len;

	/* if 'buf' is NULL, just return required length */
	if (buf != NULL) {
		if (len < ret) {
			ECerror(EC_R_BUFFER_TOO_SMALL);
			goto err;
		}
		if (ctx == NULL) {
			ctx = new_ctx = BN_CTX_new();
			if (ctx == NULL)
				return 0;
		}
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
			if (BN_is_odd(yxi))
				buf[0]++;
		}
		i = 1;

		skip = field_len - BN_num_bytes(x);
		if (skip > field_len) {
			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
			goto err;
		}
		while (skip > 0) {
			buf[i++] = 0;
			skip--;
		}
		skip = BN_bn2bin(x, buf + i);
		i += skip;
		if (i != 1 + field_len) {
			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
			goto err;
		}
		if (form == POINT_CONVERSION_UNCOMPRESSED ||
		    form == POINT_CONVERSION_HYBRID) {
			skip = field_len - BN_num_bytes(y);
			if (skip > field_len) {
				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			while (skip > 0) {
				buf[i++] = 0;
				skip--;
			}
			skip = BN_bn2bin(y, buf + i);
			i += skip;
		}
		if (i != ret) {
			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}
	if (used_ctx)
		BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;







|









|






|










|







231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
			if (BN_is_odd(yxi))
				buf[0]++;
		}
		i = 1;

		skip = field_len - BN_num_bytes(x);
		if (skip > field_len) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
		while (skip > 0) {
			buf[i++] = 0;
			skip--;
		}
		skip = BN_bn2bin(x, buf + i);
		i += skip;
		if (i != 1 + field_len) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
		if (form == POINT_CONVERSION_UNCOMPRESSED ||
		    form == POINT_CONVERSION_HYBRID) {
			skip = field_len - BN_num_bytes(y);
			if (skip > field_len) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
			while (skip > 0) {
				buf[i++] = 0;
				skip--;
			}
			skip = BN_bn2bin(y, buf + i);
			i += skip;
		}
		if (i != ret) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}
	if (used_ctx)
		BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
	int y_bit;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y, *yxi;
	size_t field_len, enc_len;
	int ret = 0;

	if (len == 0) {
		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	form = buf[0];
	y_bit = form & 1;
	form = form & ~1U;
	if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
	    (form != POINT_CONVERSION_UNCOMPRESSED) &&
	    (form != POINT_CONVERSION_HYBRID)) {
		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		return 0;
	}
	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		return 0;
	}
	if (form == 0) {
		if (len != 1) {
			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
			return 0;
		}
		return EC_POINT_set_to_infinity(group, point);
	}
	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
	    1 + 2 * field_len;

	if (len != enc_len) {
		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}
	BN_CTX_start(ctx);
	if ((x = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((y = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((yxi = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!BN_bin2bn(buf + 1, field_len, x))
		goto err;
	if (BN_ucmp(x, &group->field) >= 0) {
		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		goto err;
	}
	if (form == POINT_CONVERSION_COMPRESSED) {
		if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx))
			goto err;
	} else {
		if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
			goto err;
		if (BN_ucmp(y, &group->field) >= 0) {
			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
			goto err;
		}
		if (form == POINT_CONVERSION_HYBRID) {
			if (!group->meth->field_div(group, yxi, y, x, ctx))
				goto err;
			if (y_bit != BN_is_odd(yxi)) {
				ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
				goto err;
			}
		}
		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
			goto err;
	}

	/* test required by X9.62 */
	if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	ret = 1;

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}
#endif







|








|



|




|









|


















|









|






|









|










291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
	int y_bit;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y, *yxi;
	size_t field_len, enc_len;
	int ret = 0;

	if (len == 0) {
		ECerror(EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	form = buf[0];
	y_bit = form & 1;
	form = form & ~1U;
	if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
	    (form != POINT_CONVERSION_UNCOMPRESSED) &&
	    (form != POINT_CONVERSION_HYBRID)) {
		ECerror(EC_R_INVALID_ENCODING);
		return 0;
	}
	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
		ECerror(EC_R_INVALID_ENCODING);
		return 0;
	}
	if (form == 0) {
		if (len != 1) {
			ECerror(EC_R_INVALID_ENCODING);
			return 0;
		}
		return EC_POINT_set_to_infinity(group, point);
	}
	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
	    1 + 2 * field_len;

	if (len != enc_len) {
		ECerror(EC_R_INVALID_ENCODING);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}
	BN_CTX_start(ctx);
	if ((x = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((y = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((yxi = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!BN_bin2bn(buf + 1, field_len, x))
		goto err;
	if (BN_ucmp(x, &group->field) >= 0) {
		ECerror(EC_R_INVALID_ENCODING);
		goto err;
	}
	if (form == POINT_CONVERSION_COMPRESSED) {
		if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx))
			goto err;
	} else {
		if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
			goto err;
		if (BN_ucmp(y, &group->field) >= 0) {
			ECerror(EC_R_INVALID_ENCODING);
			goto err;
		}
		if (form == POINT_CONVERSION_HYBRID) {
			if (!group->meth->field_div(group, yxi, y, x, ctx))
				goto err;
			if (y_bit != BN_is_odd(yxi)) {
				ECerror(EC_R_INVALID_ENCODING);
				goto err;
			}
		}
		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
			goto err;
	}

	/* test required by X9.62 */
	if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
		ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	ret = 1;

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}
#endif
Changes to jni/libressl/crypto/ec/ec2_smpl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec2_smpl.c,v 1.13 2015/02/08 22:25:03 miod Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec2_smpl.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
	int ret = 0, i;

	/* group->field */
	if (!BN_copy(&group->field, p))
		goto err;
	i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
	if ((i != 5) && (i != 3)) {
		ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
		goto err;
	}
	/* group->a */
	if (!BN_GF2m_mod_arr(&group->a, a, group->poly))
		goto err;
	if (bn_wexpand(&group->a, (int) (group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
		goto err;







|







208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
	int ret = 0, i;

	/* group->field */
	if (!BN_copy(&group->field, p))
		goto err;
	i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
	if ((i != 5) && (i != 3)) {
		ECerror(EC_R_UNSUPPORTED_FIELD);
		goto err;
	}
	/* group->a */
	if (!BN_GF2m_mod_arr(&group->a, a, group->poly))
		goto err;
	if (bn_wexpand(&group->a, (int) (group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
		goto err;
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
	int ret = 0;
	BIGNUM *b;
	BN_CTX *new_ctx = NULL;

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL) {
			ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	BN_CTX_start(ctx);
	if ((b = BN_CTX_get(ctx)) == NULL)
		goto err;








|







282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
	int ret = 0;
	BIGNUM *b;
	BN_CTX *new_ctx = NULL;

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	BN_CTX_start(ctx);
	if ((b = BN_CTX_get(ctx)) == NULL)
		goto err;

379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
 */
int 
ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx)
{
	int ret = 0;
	if (x == NULL || y == NULL) {
		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (!BN_copy(&point->X, x))
		goto err;
	BN_set_negative(&point->X, 0);
	if (!BN_copy(&point->Y, y))
		goto err;







|







379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
 */
int 
ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx)
{
	int ret = 0;
	if (x == NULL || y == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (!BN_copy(&point->X, x))
		goto err;
	BN_set_negative(&point->X, 0);
	if (!BN_copy(&point->Y, y))
		goto err;
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
int 
ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
    const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
	int ret = 0;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if (BN_cmp(&point->Z, BN_value_one())) {
		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (x != NULL) {
		if (!BN_copy(x, &point->X))
			goto err;
		BN_set_negative(x, 0);
	}







|



|







409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
int 
ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
    const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
	int ret = 0;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerror(EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if (BN_cmp(&point->Z, BN_value_one())) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (x != NULL) {
		if (!BN_copy(x, &point->X))
			goto err;
		BN_set_negative(x, 0);
	}
Changes to jni/libressl/crypto/ec/ec_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#include <openssl/opensslconf.h>

#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/x509.h>

#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif

#include "asn1_locl.h"

static int 
eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
{
	const EC_GROUP *group;
	int nid;
	if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
		ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
		return 0;
	}
	if (EC_GROUP_get_asn1_flag(group) &&
	    (nid = EC_GROUP_get_curve_name(group))) {
		/* we have a 'named curve' => just set the OID */
		*ppval = OBJ_nid2obj(nid);
		*pptype = V_ASN1_OBJECT;
	} else {
		/* explicit parameters */
		ASN1_STRING *pstr = NULL;
		pstr = ASN1_STRING_new();
		if (!pstr)
			return 0;
		pstr->length = i2d_ECParameters(ec_key, &pstr->data);
		if (pstr->length <= 0) {
			ASN1_STRING_free(pstr);
			ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
			return 0;
		}
		*ppval = pstr;
		*pptype = V_ASN1_SEQUENCE;
	}
	return 1;
}

static int 
eckey_pub_encode(X509_PUBKEY * pk, const EVP_PKEY * pkey)
{
	EC_KEY *ec_key = pkey->pkey.ec;
	void *pval = NULL;
	int ptype;
	unsigned char *penc = NULL, *p;
	int penclen;

	if (!eckey_param2type(&ptype, &pval, ec_key)) {
		ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
		return 0;
	}
	penclen = i2o_ECPublicKey(ec_key, NULL);
	if (penclen <= 0)
		goto err;
	penc = malloc(penclen);
	if (!penc)







<
<
<









|
















|


















|







61
62
63
64
65
66
67



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#include <openssl/opensslconf.h>

#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/x509.h>





#include "asn1_locl.h"

static int 
eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
{
	const EC_GROUP *group;
	int nid;
	if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
		ECerror(EC_R_MISSING_PARAMETERS);
		return 0;
	}
	if (EC_GROUP_get_asn1_flag(group) &&
	    (nid = EC_GROUP_get_curve_name(group))) {
		/* we have a 'named curve' => just set the OID */
		*ppval = OBJ_nid2obj(nid);
		*pptype = V_ASN1_OBJECT;
	} else {
		/* explicit parameters */
		ASN1_STRING *pstr = NULL;
		pstr = ASN1_STRING_new();
		if (!pstr)
			return 0;
		pstr->length = i2d_ECParameters(ec_key, &pstr->data);
		if (pstr->length <= 0) {
			ASN1_STRING_free(pstr);
			ECerror(ERR_R_EC_LIB);
			return 0;
		}
		*ppval = pstr;
		*pptype = V_ASN1_SEQUENCE;
	}
	return 1;
}

static int 
eckey_pub_encode(X509_PUBKEY * pk, const EVP_PKEY * pkey)
{
	EC_KEY *ec_key = pkey->pkey.ec;
	void *pval = NULL;
	int ptype;
	unsigned char *penc = NULL, *p;
	int penclen;

	if (!eckey_param2type(&ptype, &pval, ec_key)) {
		ECerror(ERR_R_EC_LIB);
		return 0;
	}
	penclen = i2o_ECPublicKey(ec_key, NULL);
	if (penclen <= 0)
		goto err;
	penc = malloc(penclen);
	if (!penc)
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
		ASN1_STRING *pstr = pval;
		const unsigned char *pm = NULL;
		int pmlen;

		pm = pstr->data;
		pmlen = pstr->length;
		if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
			ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
			goto ecerr;
		}
	} else if (ptype == V_ASN1_OBJECT) {
		ASN1_OBJECT *poid = pval;
		EC_GROUP *group;

		/*
		 * type == V_ASN1_OBJECT => the parameters are given by an
		 * asn1 OID
		 */
		if ((eckey = EC_KEY_new()) == NULL) {
			ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
			goto ecerr;
		}
		group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
		if (group == NULL)
			goto ecerr;
		EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
		if (EC_KEY_set_group(eckey, group) == 0)
			goto ecerr;
		EC_GROUP_free(group);
	} else {
		ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
		goto ecerr;
	}

	return eckey;

ecerr:
	if (eckey)







|











|










|







144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
		ASN1_STRING *pstr = pval;
		const unsigned char *pm = NULL;
		int pmlen;

		pm = pstr->data;
		pmlen = pstr->length;
		if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
			ECerror(EC_R_DECODE_ERROR);
			goto ecerr;
		}
	} else if (ptype == V_ASN1_OBJECT) {
		ASN1_OBJECT *poid = pval;
		EC_GROUP *group;

		/*
		 * type == V_ASN1_OBJECT => the parameters are given by an
		 * asn1 OID
		 */
		if ((eckey = EC_KEY_new()) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto ecerr;
		}
		group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
		if (group == NULL)
			goto ecerr;
		EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
		if (EC_KEY_set_group(eckey, group) == 0)
			goto ecerr;
		EC_GROUP_free(group);
	} else {
		ECerror(EC_R_DECODE_ERROR);
		goto ecerr;
	}

	return eckey;

ecerr:
	if (eckey)
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
		return 0;
	X509_ALGOR_get0(NULL, &ptype, &pval, palg);

	eckey = eckey_type2param(ptype, pval);

	if (!eckey) {
		ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
		return 0;
	}
	/* We have parameters now set public key */
	if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
		ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
		goto ecerr;
	}
	EVP_PKEY_assign_EC_KEY(pkey, eckey);
	return 1;

ecerr:
	if (eckey)







|




|







195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
		return 0;
	X509_ALGOR_get0(NULL, &ptype, &pval, palg);

	eckey = eckey_type2param(ptype, pval);

	if (!eckey) {
		ECerror(ERR_R_EC_LIB);
		return 0;
	}
	/* We have parameters now set public key */
	if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
		ECerror(EC_R_DECODE_ERROR);
		goto ecerr;
	}
	EVP_PKEY_assign_EC_KEY(pkey, eckey);
	return 1;

ecerr:
	if (eckey)
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
	eckey = eckey_type2param(ptype, pval);

	if (!eckey)
		goto ecliberr;

	/* We have parameters now set private key */
	if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
		ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
		goto ecerr;
	}
	/* calculate public key (if necessary) */
	if (EC_KEY_get0_public_key(eckey) == NULL) {
		const BIGNUM *priv_key;
		const EC_GROUP *group;
		EC_POINT *pub_key;
		/*
		 * the public key was not included in the SEC1 private key =>
		 * calculate the public key
		 */
		group = EC_KEY_get0_group(eckey);
		pub_key = EC_POINT_new(group);
		if (pub_key == NULL) {
			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
			goto ecliberr;
		}
		if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
			EC_POINT_free(pub_key);
			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
			goto ecliberr;
		}
		priv_key = EC_KEY_get0_private_key(eckey);
		if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
			EC_POINT_free(pub_key);
			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
			goto ecliberr;
		}
		if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
			EC_POINT_free(pub_key);
			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
			goto ecliberr;
		}
		EC_POINT_free(pub_key);
	}
	EVP_PKEY_assign_EC_KEY(pkey, eckey);
	return 1;

ecliberr:
	ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
ecerr:
	if (eckey)
		EC_KEY_free(eckey);
	return 0;
}

static int 
eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey)
{
	EC_KEY *ec_key;
	unsigned char *ep, *p;
	int eplen, ptype;
	void *pval;
	unsigned int tmp_flags, old_flags;

	ec_key = pkey->pkey.ec;

	if (!eckey_param2type(&ptype, &pval, ec_key)) {
		ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
		return 0;
	}
	/* set the private key */

	/*
	 * do not include the parameters in the SEC1 private key see PKCS#11
	 * 12.11
	 */
	old_flags = EC_KEY_get_enc_flags(ec_key);
	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
	EC_KEY_set_enc_flags(ec_key, tmp_flags);
	eplen = i2d_ECPrivateKey(ec_key, NULL);
	if (!eplen) {
		EC_KEY_set_enc_flags(ec_key, old_flags);
		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
		return 0;
	}
	ep = malloc(eplen);
	if (!ep) {
		EC_KEY_set_enc_flags(ec_key, old_flags);
		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p = ep;
	if (!i2d_ECPrivateKey(ec_key, &p)) {
		EC_KEY_set_enc_flags(ec_key, old_flags);
		free(ep);
		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
		return 0;
	}
	/* restore old encoding flags */
	EC_KEY_set_enc_flags(ec_key, old_flags);

	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
		ptype, pval, ep, eplen))







|














|




|





|




|








|


















|














|





|






|







247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
	eckey = eckey_type2param(ptype, pval);

	if (!eckey)
		goto ecliberr;

	/* We have parameters now set private key */
	if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
		ECerror(EC_R_DECODE_ERROR);
		goto ecerr;
	}
	/* calculate public key (if necessary) */
	if (EC_KEY_get0_public_key(eckey) == NULL) {
		const BIGNUM *priv_key;
		const EC_GROUP *group;
		EC_POINT *pub_key;
		/*
		 * the public key was not included in the SEC1 private key =>
		 * calculate the public key
		 */
		group = EC_KEY_get0_group(eckey);
		pub_key = EC_POINT_new(group);
		if (pub_key == NULL) {
			ECerror(ERR_R_EC_LIB);
			goto ecliberr;
		}
		if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
			EC_POINT_free(pub_key);
			ECerror(ERR_R_EC_LIB);
			goto ecliberr;
		}
		priv_key = EC_KEY_get0_private_key(eckey);
		if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
			EC_POINT_free(pub_key);
			ECerror(ERR_R_EC_LIB);
			goto ecliberr;
		}
		if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
			EC_POINT_free(pub_key);
			ECerror(ERR_R_EC_LIB);
			goto ecliberr;
		}
		EC_POINT_free(pub_key);
	}
	EVP_PKEY_assign_EC_KEY(pkey, eckey);
	return 1;

ecliberr:
	ECerror(ERR_R_EC_LIB);
ecerr:
	if (eckey)
		EC_KEY_free(eckey);
	return 0;
}

static int 
eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey)
{
	EC_KEY *ec_key;
	unsigned char *ep, *p;
	int eplen, ptype;
	void *pval;
	unsigned int tmp_flags, old_flags;

	ec_key = pkey->pkey.ec;

	if (!eckey_param2type(&ptype, &pval, ec_key)) {
		ECerror(EC_R_DECODE_ERROR);
		return 0;
	}
	/* set the private key */

	/*
	 * do not include the parameters in the SEC1 private key see PKCS#11
	 * 12.11
	 */
	old_flags = EC_KEY_get_enc_flags(ec_key);
	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
	EC_KEY_set_enc_flags(ec_key, tmp_flags);
	eplen = i2d_ECPrivateKey(ec_key, NULL);
	if (!eplen) {
		EC_KEY_set_enc_flags(ec_key, old_flags);
		ECerror(ERR_R_EC_LIB);
		return 0;
	}
	ep = malloc(eplen);
	if (!ep) {
		EC_KEY_set_enc_flags(ec_key, old_flags);
		ECerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p = ep;
	if (!i2d_ECPrivateKey(ec_key, &p)) {
		EC_KEY_set_enc_flags(ec_key, old_flags);
		free(ep);
		ECerror(ERR_R_EC_LIB);
		return 0;
	}
	/* restore old encoding flags */
	EC_KEY_set_enc_flags(ec_key, old_flags);

	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
		ptype, pval, ep, eplen))
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
		buffer, off))
		goto err;
	if (!ECPKParameters_print(bp, group, off))
		goto err;
	ret = 1;
err:
	if (!ret)
		ECerr(EC_F_DO_EC_KEY_PRINT, reason);
	BN_free(pub_key);
	BN_free(order);
	BN_CTX_free(ctx);
	free(buffer);
	return (ret);
}

static int 
eckey_param_decode(EVP_PKEY * pkey,
    const unsigned char **pder, int derlen)
{
	EC_KEY *eckey;
	if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
		ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
		return 0;
	}
	EVP_PKEY_assign_EC_KEY(pkey, eckey);
	return 1;
}

static int 







|













|







479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
		buffer, off))
		goto err;
	if (!ECPKParameters_print(bp, group, off))
		goto err;
	ret = 1;
err:
	if (!ret)
		ECerror(reason);
	BN_free(pub_key);
	BN_free(order);
	BN_CTX_free(ctx);
	free(buffer);
	return (ret);
}

static int 
eckey_param_decode(EVP_PKEY * pkey,
    const unsigned char **pder, int derlen)
{
	EC_KEY *eckey;
	if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
		ECerror(ERR_R_EC_LIB);
		return 0;
	}
	EVP_PKEY_assign_EC_KEY(pkey, eckey);
	return 1;
}

static int 
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551

static int 
old_ec_priv_decode(EVP_PKEY * pkey,
    const unsigned char **pder, int derlen)
{
	EC_KEY *ec;
	if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
		ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
		return 0;
	}
	EVP_PKEY_assign_EC_KEY(pkey, ec);
	return 1;
}

static int 







|







534
535
536
537
538
539
540
541
542
543
544
545
546
547
548

static int 
old_ec_priv_decode(EVP_PKEY * pkey,
    const unsigned char **pder, int derlen)
{
	EC_KEY *ec;
	if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
		ECerror(EC_R_DECODE_ERROR);
		return 0;
	}
	EVP_PKEY_assign_EC_KEY(pkey, ec);
	return 1;
}

static int 
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
			if (hnid == NID_undef)
				return -1;
			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
				return -1;
			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
		}
		return 1;
#ifndef OPENSSL_NO_CMS
	case ASN1_PKEY_CTRL_CMS_SIGN:
		if (arg1 == 0) {
			int snid, hnid;
			X509_ALGOR *alg1, *alg2;
			CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
			    &alg1, &alg2);
			if (alg1 == NULL || alg1->algorithm == NULL)
				return -1;
			hnid = OBJ_obj2nid(alg1->algorithm);
			if (hnid == NID_undef)
				return -1;
			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
				return -1;
			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
		}
		return 1;
#endif

	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *) arg2 = NID_sha1;
		return 2;

	default:
		return -2;







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







566
567
568
569
570
571
572


















573
574
575
576
577
578
579
			if (hnid == NID_undef)
				return -1;
			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
				return -1;
			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
		}
		return 1;



















	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *) arg2 = NID_sha1;
		return 2;

	default:
		return -2;
Changes to jni/libressl/crypto/ec/ec_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_asn1.c,v 1.21 2015/10/16 15:15:39 jsing Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_asn1.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
{
	if (group == NULL)
		return 0;

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
	    NID_X9_62_characteristic_two_field
	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
		ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (k)
		*k = group->poly[1];

	return 1;
}
int 
EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
    unsigned int *k2, unsigned int *k3)
{
	if (group == NULL)
		return 0;

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
	    NID_X9_62_characteristic_two_field
	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
		ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (k1)
		*k1 = group->poly[3];
	if (k2)
		*k2 = group->poly[2];
	if (k3)







|

















|







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
{
	if (group == NULL)
		return 0;

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
	    NID_X9_62_characteristic_two_field
	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (k)
		*k = group->poly[1];

	return 1;
}
int 
EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
    unsigned int *k2, unsigned int *k3)
{
	if (group == NULL)
		return 0;

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
	    NID_X9_62_characteristic_two_field
	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (k1)
		*k1 = group->poly[3];
	if (k2)
		*k2 = group->poly[2];
	if (k3)
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
		ASN1_OBJECT_free(field->fieldType);
	if (field->p.other != NULL)
		ASN1_TYPE_free(field->p.other);

	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
	/* set OID for the field */
	if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
		goto err;
	}
	if (nid == NID_X9_62_prime_field) {
		if ((tmp = BN_new()) == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/* the parameters are specified by the prime number p */
		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
			goto err;
		}
		/* set the prime number */
		field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
		if (field->p.prime == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
			goto err;
		}
	} else			/* nid == NID_X9_62_characteristic_two_field */
#ifdef OPENSSL_NO_EC2M
	{
		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
		goto err;
	}
#else
	{
		int field_type;
		X9_62_CHARACTERISTIC_TWO *char_two;

		field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
		char_two = field->p.char_two;

		if (char_two == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		char_two->m = (long) EC_GROUP_get_degree(group);

		field_type = EC_GROUP_get_basis_type(group);

		if (field_type == 0) {
			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
			goto err;
		}
		/* set base type OID */
		if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
			goto err;
		}
		if (field_type == NID_X9_62_tpBasis) {
			unsigned int k;

			if (!EC_GROUP_get_trinomial_basis(group, &k))
				goto err;

			char_two->p.tpBasis = ASN1_INTEGER_new();
			if (!char_two->p.tpBasis) {
				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
				ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
				    ERR_R_ASN1_LIB);
				goto err;
			}
		} else if (field_type == NID_X9_62_ppBasis) {
			unsigned int k1, k2, k3;

			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
				goto err;

			char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
			if (!char_two->p.ppBasis) {
				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
				goto err;
			}
			/* set k? values */
			char_two->p.ppBasis->k1 = (long) k1;
			char_two->p.ppBasis->k2 = (long) k2;
			char_two->p.ppBasis->k3 = (long) k3;
		} else {	/* field_type == NID_X9_62_onBasis */
			/* for ONB the parameters are (asn1) NULL */
			char_two->p.onBasis = ASN1_NULL_new();
			if (!char_two->p.onBasis) {
				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
	}
#endif

	ok = 1;







|




|




|





|





|











|







|




|










|



<
|










|










|







692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760

761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
		ASN1_OBJECT_free(field->fieldType);
	if (field->p.other != NULL)
		ASN1_TYPE_free(field->p.other);

	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
	/* set OID for the field */
	if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
		ECerror(ERR_R_OBJ_LIB);
		goto err;
	}
	if (nid == NID_X9_62_prime_field) {
		if ((tmp = BN_new()) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/* the parameters are specified by the prime number p */
		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
		/* set the prime number */
		field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
		if (field->p.prime == NULL) {
			ECerror(ERR_R_ASN1_LIB);
			goto err;
		}
	} else			/* nid == NID_X9_62_characteristic_two_field */
#ifdef OPENSSL_NO_EC2M
	{
		ECerror(EC_R_GF2M_NOT_SUPPORTED);
		goto err;
	}
#else
	{
		int field_type;
		X9_62_CHARACTERISTIC_TWO *char_two;

		field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
		char_two = field->p.char_two;

		if (char_two == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		char_two->m = (long) EC_GROUP_get_degree(group);

		field_type = EC_GROUP_get_basis_type(group);

		if (field_type == 0) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
		/* set base type OID */
		if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
			ECerror(ERR_R_OBJ_LIB);
			goto err;
		}
		if (field_type == NID_X9_62_tpBasis) {
			unsigned int k;

			if (!EC_GROUP_get_trinomial_basis(group, &k))
				goto err;

			char_two->p.tpBasis = ASN1_INTEGER_new();
			if (!char_two->p.tpBasis) {
				ECerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {

				ECerror(ERR_R_ASN1_LIB);
				goto err;
			}
		} else if (field_type == NID_X9_62_ppBasis) {
			unsigned int k1, k2, k3;

			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
				goto err;

			char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
			if (!char_two->p.ppBasis) {
				ECerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			/* set k? values */
			char_two->p.ppBasis->k1 = (long) k1;
			char_two->p.ppBasis->k2 = (long) k2;
			char_two->p.ppBasis->k3 = (long) k3;
		} else {	/* field_type == NID_X9_62_onBasis */
			/* for ONB the parameters are (asn1) NULL */
			char_two->p.onBasis = ASN1_NULL_new();
			if (!char_two->p.onBasis) {
				ECerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
	}
#endif

	ok = 1;
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
	size_t len_1, len_2;
	unsigned char char_zero = 0;

	if (!group || !curve || !curve->a || !curve->b)
		return 0;

	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));

	/* get a and b */
	if (nid == NID_X9_62_prime_field) {
		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else {			/* nid == NID_X9_62_characteristic_two_field */
		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
			goto err;
		}
	}
#endif
	len_1 = (size_t) BN_num_bytes(tmp_1);
	len_2 = (size_t) BN_num_bytes(tmp_2);

	if (len_1 == 0) {
		/* len_1 == 0 => a == 0 */
		a_buf = &char_zero;
		len_1 = 1;
	} else {
		if ((buffer_1 = malloc(len_1)) == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
			goto err;
		}
		a_buf = buffer_1;
	}

	if (len_2 == 0) {
		/* len_2 == 0 => b == 0 */
		b_buf = &char_zero;
		len_2 = 1;
	} else {
		if ((buffer_2 = malloc(len_2)) == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
			goto err;
		}
		b_buf = buffer_2;
	}

	/* set a and b */
	if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
	    !ASN1_STRING_set(curve->b, b_buf, len_2)) {
		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the seed (optional) */
	if (group->seed) {
		if (!curve->seed)
			if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
				ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
				goto err;
			}
		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
		if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
			(int) group->seed_len)) {
			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
			goto err;
		}
	} else {
		if (curve->seed) {
			ASN1_BIT_STRING_free(curve->seed);
			curve->seed = NULL;
		}







|







|






|













<
|



|











<
|



|








|






|






|







804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839

840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855

856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
	size_t len_1, len_2;
	unsigned char char_zero = 0;

	if (!group || !curve || !curve->a || !curve->b)
		return 0;

	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));

	/* get a and b */
	if (nid == NID_X9_62_prime_field) {
		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else {			/* nid == NID_X9_62_characteristic_two_field */
		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}
#endif
	len_1 = (size_t) BN_num_bytes(tmp_1);
	len_2 = (size_t) BN_num_bytes(tmp_2);

	if (len_1 == 0) {
		/* len_1 == 0 => a == 0 */
		a_buf = &char_zero;
		len_1 = 1;
	} else {
		if ((buffer_1 = malloc(len_1)) == NULL) {

			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
		a_buf = buffer_1;
	}

	if (len_2 == 0) {
		/* len_2 == 0 => b == 0 */
		b_buf = &char_zero;
		len_2 = 1;
	} else {
		if ((buffer_2 = malloc(len_2)) == NULL) {

			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
		b_buf = buffer_2;
	}

	/* set a and b */
	if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
	    !ASN1_STRING_set(curve->b, b_buf, len_2)) {
		ECerror(ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the seed (optional) */
	if (group->seed) {
		if (!curve->seed)
			if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
				ECerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
		if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
			(int) group->seed_len)) {
			ECerror(ERR_R_ASN1_LIB);
			goto err;
		}
	} else {
		if (curve->seed) {
			ASN1_BIT_STRING_free(curve->seed);
			curve->seed = NULL;
		}
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
	ECPARAMETERS *ret = NULL;
	BIGNUM *tmp = NULL;
	unsigned char *buffer = NULL;
	const EC_POINT *point = NULL;
	point_conversion_form_t form;

	if ((tmp = BN_new()) == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (param == NULL) {
		if ((ret = ECPARAMETERS_new()) == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
	} else
		ret = param;

	/* set the version (always one) */
	ret->version = (long) 0x1;

	/* set the fieldID */
	if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
		goto err;
	}
	/* set the curve */
	if (!ec_asn1_group2curve(group, ret->curve)) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
		goto err;
	}
	/* set the base point */
	if ((point = EC_GROUP_get0_generator(group)) == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
		goto err;
	}
	form = EC_GROUP_get_point_conversion_form(group);

	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
	if (len == 0) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
		goto err;
	}
	if ((buffer = malloc(len)) == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
		goto err;
	}
	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the order */
	if (!EC_GROUP_get_order(group, tmp, NULL)) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
		goto err;
	}
	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
	if (ret->order == NULL) {
		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the cofactor (optional) */
	if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
		if (ret->cofactor == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
			goto err;
		}
	}
	ok = 1;

err:	if (!ok) {
		if (ret && !param)







|




<
|










|




|




|






|



|



|



|



|




|




|






|







908
909
910
911
912
913
914
915
916
917
918
919

920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
	ECPARAMETERS *ret = NULL;
	BIGNUM *tmp = NULL;
	unsigned char *buffer = NULL;
	const EC_POINT *point = NULL;
	point_conversion_form_t form;

	if ((tmp = BN_new()) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (param == NULL) {
		if ((ret = ECPARAMETERS_new()) == NULL) {

			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	} else
		ret = param;

	/* set the version (always one) */
	ret->version = (long) 0x1;

	/* set the fieldID */
	if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	/* set the curve */
	if (!ec_asn1_group2curve(group, ret->curve)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	/* set the base point */
	if ((point = EC_GROUP_get0_generator(group)) == NULL) {
		ECerror(EC_R_UNDEFINED_GENERATOR);
		goto err;
	}
	form = EC_GROUP_get_point_conversion_form(group);

	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
	if (len == 0) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	if ((buffer = malloc(len)) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
		ECerror(ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the order */
	if (!EC_GROUP_get_order(group, tmp, NULL)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
	if (ret->order == NULL) {
		ECerror(ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the cofactor (optional) */
	if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
		if (ret->cofactor == NULL) {
			ECerror(ERR_R_ASN1_LIB);
			goto err;
		}
	}
	ok = 1;

err:	if (!ok) {
		if (ret && !param)
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
{
	int ok = 1, tmp;
	ECPKPARAMETERS *ret = params;

	if (ret == NULL) {
		if ((ret = ECPKPARAMETERS_new()) == NULL) {
			ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,
			    ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else {
		if (ret->type == 0 && ret->value.named_curve)
			ASN1_OBJECT_free(ret->value.named_curve);
		else if (ret->type == 1 && ret->value.parameters)
			ECPARAMETERS_free(ret->value.parameters);







<
|







998
999
1000
1001
1002
1003
1004

1005
1006
1007
1008
1009
1010
1011
1012
ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
{
	int ok = 1, tmp;
	ECPKPARAMETERS *ret = params;

	if (ret == NULL) {
		if ((ret = ECPKPARAMETERS_new()) == NULL) {

			ECerror(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else {
		if (ret->type == 0 && ret->value.named_curve)
			ASN1_OBJECT_free(ret->value.named_curve);
		else if (ret->type == 1 && ret->value.parameters)
			ECPARAMETERS_free(ret->value.parameters);
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
	EC_GROUP *ret = NULL;
	BIGNUM *p = NULL, *a = NULL, *b = NULL;
	EC_POINT *point = NULL;
	long field_bits;

	if (!params->fieldID || !params->fieldID->fieldType ||
	    !params->fieldID->p.ptr) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
		goto err;
	}
	/* now extract the curve parameters a and b */
	if (!params->curve || !params->curve->a ||
	    !params->curve->a->data || !params->curve->b ||
	    !params->curve->b->data) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
		goto err;
	}
	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
	if (a == NULL) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
		goto err;
	}
	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
	if (b == NULL) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
		goto err;
	}
	/* get the field parameters */
	tmp = OBJ_obj2nid(params->fieldID->fieldType);
	if (tmp == NID_X9_62_characteristic_two_field)
#ifdef OPENSSL_NO_EC2M
	{
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
		goto err;
	}
#else
	{
		X9_62_CHARACTERISTIC_TWO *char_two;

		char_two = params->fieldID->p.char_two;

		field_bits = char_two->m;
		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
			goto err;
		}
		if ((p = BN_new()) == NULL) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/* get the base type */
		tmp = OBJ_obj2nid(char_two->type);

		if (tmp == NID_X9_62_tpBasis) {
			long tmp_long;

			if (!char_two->p.tpBasis) {
				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
				goto err;
			}
			tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);

			if (!(char_two->m > tmp_long && tmp_long > 0)) {
				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
				goto err;
			}
			/* create the polynomial */
			if (!BN_set_bit(p, (int) char_two->m))
				goto err;
			if (!BN_set_bit(p, (int) tmp_long))
				goto err;
			if (!BN_set_bit(p, 0))
				goto err;
		} else if (tmp == NID_X9_62_ppBasis) {
			X9_62_PENTANOMIAL *penta;

			penta = char_two->p.ppBasis;
			if (!penta) {
				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
				goto err;
			}
			if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
				goto err;
			}
			/* create the polynomial */
			if (!BN_set_bit(p, (int) char_two->m))
				goto err;
			if (!BN_set_bit(p, (int) penta->k1))
				goto err;
			if (!BN_set_bit(p, (int) penta->k2))
				goto err;
			if (!BN_set_bit(p, (int) penta->k3))
				goto err;
			if (!BN_set_bit(p, 0))
				goto err;
		} else if (tmp == NID_X9_62_onBasis) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
			goto err;
		} else {	/* error */
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
			goto err;
		}

		/* create the EC_GROUP structure */
		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
	}
#endif
	else if (tmp == NID_X9_62_prime_field) {
		/* we have a curve over a prime field */
		/* extract the prime number */
		if (!params->fieldID->p.prime) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
			goto err;
		}
		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
		if (p == NULL) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
			goto err;
		}
		if (BN_is_negative(p) || BN_is_zero(p)) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
			goto err;
		}
		field_bits = BN_num_bits(p);
		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
			goto err;
		}
		/* create the EC_GROUP structure */
		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
	} else {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
		goto err;
	}

	if (ret == NULL) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
		goto err;
	}
	/* extract seed (optional) */
	if (params->curve->seed != NULL) {
		free(ret->seed);
		if (!(ret->seed = malloc(params->curve->seed->length))) {
			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		memcpy(ret->seed, params->curve->seed->data,
		    params->curve->seed->length);
		ret->seed_len = params->curve->seed->length;
	}
	if (!params->order || !params->base || !params->base->data) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
		goto err;
	}
	if ((point = EC_POINT_new(ret)) == NULL)
		goto err;

	/* set the point conversion form */
	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
	    (params->base->data[0] & ~0x01));

	/* extract the ec point */
	if (!EC_POINT_oct2point(ret, point, params->base->data,
		params->base->length, NULL)) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
		goto err;
	}
	/* extract the order */
	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
		goto err;
	}
	if (BN_is_negative(a) || BN_is_zero(a)) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	if (BN_num_bits(a) > (int) field_bits + 1) {	/* Hasse bound */
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	/* extract the cofactor (optional) */
	if (params->cofactor == NULL) {
		BN_free(b);
		b = NULL;
	} else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the generator, order and cofactor (if present) */
	if (!EC_GROUP_set_generator(ret, point, a, b)) {
		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
		goto err;
	}
	ok = 1;

err:	if (!ok) {
		EC_GROUP_clear_free(ret);
		ret = NULL;







|






|




|




|







|










|



|









|





|














|



|














|


|











|




|



|




|





|




|






<
|







|












|




|



|



|







|




|







1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190

1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
	EC_GROUP *ret = NULL;
	BIGNUM *p = NULL, *a = NULL, *b = NULL;
	EC_POINT *point = NULL;
	long field_bits;

	if (!params->fieldID || !params->fieldID->fieldType ||
	    !params->fieldID->p.ptr) {
		ECerror(EC_R_ASN1_ERROR);
		goto err;
	}
	/* now extract the curve parameters a and b */
	if (!params->curve || !params->curve->a ||
	    !params->curve->a->data || !params->curve->b ||
	    !params->curve->b->data) {
		ECerror(EC_R_ASN1_ERROR);
		goto err;
	}
	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
	if (a == NULL) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
	if (b == NULL) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	/* get the field parameters */
	tmp = OBJ_obj2nid(params->fieldID->fieldType);
	if (tmp == NID_X9_62_characteristic_two_field)
#ifdef OPENSSL_NO_EC2M
	{
		ECerror(EC_R_GF2M_NOT_SUPPORTED);
		goto err;
	}
#else
	{
		X9_62_CHARACTERISTIC_TWO *char_two;

		char_two = params->fieldID->p.char_two;

		field_bits = char_two->m;
		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
			ECerror(EC_R_FIELD_TOO_LARGE);
			goto err;
		}
		if ((p = BN_new()) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/* get the base type */
		tmp = OBJ_obj2nid(char_two->type);

		if (tmp == NID_X9_62_tpBasis) {
			long tmp_long;

			if (!char_two->p.tpBasis) {
				ECerror(EC_R_ASN1_ERROR);
				goto err;
			}
			tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);

			if (!(char_two->m > tmp_long && tmp_long > 0)) {
				ECerror(EC_R_INVALID_TRINOMIAL_BASIS);
				goto err;
			}
			/* create the polynomial */
			if (!BN_set_bit(p, (int) char_two->m))
				goto err;
			if (!BN_set_bit(p, (int) tmp_long))
				goto err;
			if (!BN_set_bit(p, 0))
				goto err;
		} else if (tmp == NID_X9_62_ppBasis) {
			X9_62_PENTANOMIAL *penta;

			penta = char_two->p.ppBasis;
			if (!penta) {
				ECerror(EC_R_ASN1_ERROR);
				goto err;
			}
			if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
				ECerror(EC_R_INVALID_PENTANOMIAL_BASIS);
				goto err;
			}
			/* create the polynomial */
			if (!BN_set_bit(p, (int) char_two->m))
				goto err;
			if (!BN_set_bit(p, (int) penta->k1))
				goto err;
			if (!BN_set_bit(p, (int) penta->k2))
				goto err;
			if (!BN_set_bit(p, (int) penta->k3))
				goto err;
			if (!BN_set_bit(p, 0))
				goto err;
		} else if (tmp == NID_X9_62_onBasis) {
			ECerror(EC_R_NOT_IMPLEMENTED);
			goto err;
		} else {	/* error */
			ECerror(EC_R_ASN1_ERROR);
			goto err;
		}

		/* create the EC_GROUP structure */
		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
	}
#endif
	else if (tmp == NID_X9_62_prime_field) {
		/* we have a curve over a prime field */
		/* extract the prime number */
		if (!params->fieldID->p.prime) {
			ECerror(EC_R_ASN1_ERROR);
			goto err;
		}
		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
		if (p == NULL) {
			ECerror(ERR_R_ASN1_LIB);
			goto err;
		}
		if (BN_is_negative(p) || BN_is_zero(p)) {
			ECerror(EC_R_INVALID_FIELD);
			goto err;
		}
		field_bits = BN_num_bits(p);
		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
			ECerror(EC_R_FIELD_TOO_LARGE);
			goto err;
		}
		/* create the EC_GROUP structure */
		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
	} else {
		ECerror(EC_R_INVALID_FIELD);
		goto err;
	}

	if (ret == NULL) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	/* extract seed (optional) */
	if (params->curve->seed != NULL) {
		free(ret->seed);
		if (!(ret->seed = malloc(params->curve->seed->length))) {

			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		memcpy(ret->seed, params->curve->seed->data,
		    params->curve->seed->length);
		ret->seed_len = params->curve->seed->length;
	}
	if (!params->order || !params->base || !params->base->data) {
		ECerror(EC_R_ASN1_ERROR);
		goto err;
	}
	if ((point = EC_POINT_new(ret)) == NULL)
		goto err;

	/* set the point conversion form */
	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
	    (params->base->data[0] & ~0x01));

	/* extract the ec point */
	if (!EC_POINT_oct2point(ret, point, params->base->data,
		params->base->length, NULL)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	/* extract the order */
	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
		ECerror(ERR_R_ASN1_LIB);
		goto err;
	}
	if (BN_is_negative(a) || BN_is_zero(a)) {
		ECerror(EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	if (BN_num_bits(a) > (int) field_bits + 1) {	/* Hasse bound */
		ECerror(EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	/* extract the cofactor (optional) */
	if (params->cofactor == NULL) {
		BN_free(b);
		b = NULL;
	} else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
		ECerror(ERR_R_ASN1_LIB);
		goto err;
	}
	/* set the generator, order and cofactor (if present) */
	if (!EC_GROUP_set_generator(ret, point, a, b)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	ok = 1;

err:	if (!ok) {
		EC_GROUP_clear_free(ret);
		ret = NULL;
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
EC_GROUP *
ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
{
	EC_GROUP *ret = NULL;
	int tmp = 0;

	if (params == NULL) {
		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
		    EC_R_MISSING_PARAMETERS);
		return NULL;
	}
	if (params->type == 0) {/* the curve is given by an OID */
		tmp = OBJ_obj2nid(params->value.named_curve);
		if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
			    EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
			return NULL;
		}
		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
	} else if (params->type == 1) {	/* the parameters are given by a
					 * ECPARAMETERS structure */
		ret = ec_asn1_parameters2group(params->value.parameters);
		if (!ret) {
			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
			return NULL;
		}
		EC_GROUP_set_asn1_flag(ret, 0x0);
	} else if (params->type == 2) {	/* implicitlyCA */
		return NULL;
	} else {
		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
		return NULL;
	}

	return ret;
}

/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */

EC_GROUP *
d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
{
	EC_GROUP *group = NULL;
	ECPKPARAMETERS *params = NULL;

	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
		goto err;
	}
	if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
		goto err;
	}

	if (a != NULL) {
		EC_GROUP_clear_free(*a);
		*a = group;
	}

err:
	ECPKPARAMETERS_free(params);
	return (group);
}

int 
i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
{
	int ret = 0;
	ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
	if (tmp == NULL) {
		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
		return 0;
	}
	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
		ECPKPARAMETERS_free(tmp);
		return 0;
	}
	ECPKPARAMETERS_free(tmp);
	return (ret);
}

/* some EC_KEY functions */

EC_KEY *
d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
{
	EC_KEY *ret = NULL;
	EC_PRIVATEKEY *priv_key = NULL;

	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
		EC_PRIVATEKEY_free(priv_key);
		return NULL;
	}
	if (a == NULL || *a == NULL) {
		if ((ret = EC_KEY_new()) == NULL) {
			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	} else
		ret = *a;

	if (priv_key->parameters) {
		EC_GROUP_clear_free(ret->group);
		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
	}
	if (ret->group == NULL) {
		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
		goto err;
	}
	ret->version = priv_key->version;

	if (priv_key->privateKey) {
		ret->priv_key = BN_bin2bn(
		    ASN1_STRING_data(priv_key->privateKey),
		    ASN1_STRING_length(priv_key->privateKey),
		    ret->priv_key);
		if (ret->priv_key == NULL) {
			ECerr(EC_F_D2I_ECPRIVATEKEY,
			    ERR_R_BN_LIB);
			goto err;
		}
	} else {
		ECerr(EC_F_D2I_ECPRIVATEKEY,
		    EC_R_MISSING_PRIVATE_KEY);
		goto err;
	}

	if (priv_key->publicKey) {
		const unsigned char *pub_oct;
		size_t pub_oct_len;

		EC_POINT_clear_free(ret->pub_key);
		ret->pub_key = EC_POINT_new(ret->group);
		if (ret->pub_key == NULL) {
			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
			goto err;
		}
		pub_oct = ASN1_STRING_data(priv_key->publicKey);
		pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
		/* save the point conversion form */
		ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
			pub_oct, pub_oct_len, NULL)) {
			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
			goto err;
		}
	}

	EC_PRIVATEKEY_free(priv_key);
	if (a != NULL)
		*a = ret;







<
|





<
|







|






|















|



|



















|



|
















|



|





|










|










<
|



<
|










|








|







1254
1255
1256
1257
1258
1259
1260

1261
1262
1263
1264
1265
1266

1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374

1375
1376
1377
1378

1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
EC_GROUP *
ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
{
	EC_GROUP *ret = NULL;
	int tmp = 0;

	if (params == NULL) {

		ECerror(EC_R_MISSING_PARAMETERS);
		return NULL;
	}
	if (params->type == 0) {/* the curve is given by an OID */
		tmp = OBJ_obj2nid(params->value.named_curve);
		if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {

			ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
			return NULL;
		}
		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
	} else if (params->type == 1) {	/* the parameters are given by a
					 * ECPARAMETERS structure */
		ret = ec_asn1_parameters2group(params->value.parameters);
		if (!ret) {
			ECerror(ERR_R_EC_LIB);
			return NULL;
		}
		EC_GROUP_set_asn1_flag(ret, 0x0);
	} else if (params->type == 2) {	/* implicitlyCA */
		return NULL;
	} else {
		ECerror(EC_R_ASN1_ERROR);
		return NULL;
	}

	return ret;
}

/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */

EC_GROUP *
d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
{
	EC_GROUP *group = NULL;
	ECPKPARAMETERS *params = NULL;

	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
		ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE);
		goto err;
	}
	if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
		ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE);
		goto err;
	}

	if (a != NULL) {
		EC_GROUP_clear_free(*a);
		*a = group;
	}

err:
	ECPKPARAMETERS_free(params);
	return (group);
}

int 
i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
{
	int ret = 0;
	ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
	if (tmp == NULL) {
		ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE);
		return 0;
	}
	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
		ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE);
		ECPKPARAMETERS_free(tmp);
		return 0;
	}
	ECPKPARAMETERS_free(tmp);
	return (ret);
}

/* some EC_KEY functions */

EC_KEY *
d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
{
	EC_KEY *ret = NULL;
	EC_PRIVATEKEY *priv_key = NULL;

	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
		ECerror(ERR_R_EC_LIB);
		EC_PRIVATEKEY_free(priv_key);
		return NULL;
	}
	if (a == NULL || *a == NULL) {
		if ((ret = EC_KEY_new()) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	} else
		ret = *a;

	if (priv_key->parameters) {
		EC_GROUP_clear_free(ret->group);
		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
	}
	if (ret->group == NULL) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	ret->version = priv_key->version;

	if (priv_key->privateKey) {
		ret->priv_key = BN_bin2bn(
		    ASN1_STRING_data(priv_key->privateKey),
		    ASN1_STRING_length(priv_key->privateKey),
		    ret->priv_key);
		if (ret->priv_key == NULL) {

			ECerror(ERR_R_BN_LIB);
			goto err;
		}
	} else {

		ECerror(EC_R_MISSING_PRIVATE_KEY);
		goto err;
	}

	if (priv_key->publicKey) {
		const unsigned char *pub_oct;
		size_t pub_oct_len;

		EC_POINT_clear_free(ret->pub_key);
		ret->pub_key = EC_POINT_new(ret->group);
		if (ret->pub_key == NULL) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
		pub_oct = ASN1_STRING_data(priv_key->publicKey);
		pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
		/* save the point conversion form */
		ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
			pub_oct, pub_oct_len, NULL)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}

	EC_PRIVATEKEY_free(priv_key);
	if (a != NULL)
		*a = ret;
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
{
	int ret = 0, ok = 0;
	unsigned char *buffer = NULL;
	size_t buf_len = 0, tmp_len;
	EC_PRIVATEKEY *priv_key = NULL;

	if (a == NULL || a->group == NULL || a->priv_key == NULL) {
		ECerr(EC_F_I2D_ECPRIVATEKEY,
		    ERR_R_PASSED_NULL_PARAMETER);
		goto err;
	}
	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
		ECerr(EC_F_I2D_ECPRIVATEKEY,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}
	priv_key->version = a->version;

	buf_len = (size_t) BN_num_bytes(a->priv_key);
	buffer = malloc(buf_len);
	if (buffer == NULL) {
		ECerr(EC_F_I2D_ECPRIVATEKEY,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!BN_bn2bin(a->priv_key, buffer)) {
		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
		goto err;
	}
	if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
		goto err;
	}
	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
		if ((priv_key->parameters = ec_asn1_group2pkparameters(
			    a->group, priv_key->parameters)) == NULL) {
			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
			goto err;
		}
	}
	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
		priv_key->publicKey = ASN1_BIT_STRING_new();
		if (priv_key->publicKey == NULL) {
			ECerr(EC_F_I2D_ECPRIVATEKEY,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
		    a->conv_form, NULL, 0, NULL);

		if (tmp_len > buf_len) {
			unsigned char *tmp_buffer = realloc(buffer, tmp_len);
			if (!tmp_buffer) {
				ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
				goto err;
			}
			buffer = tmp_buffer;
			buf_len = tmp_len;
		}
		if (!EC_POINT_point2oct(a->group, a->pub_key,
			a->conv_form, buffer, buf_len, NULL)) {
			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
			goto err;
		}
		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
		if (!ASN1_STRING_set(priv_key->publicKey, buffer,
			buf_len)) {
			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
			goto err;
		}
	}
	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
		goto err;
	}
	ok = 1;
err:
	free(buffer);
	if (priv_key)
		EC_PRIVATEKEY_free(priv_key);
	return (ok ? ret : 0);
}

int 
i2d_ECParameters(EC_KEY * a, unsigned char **out)
{
	if (a == NULL) {
		ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	return i2d_ECPKParameters(a->group, out);
}

EC_KEY *
d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
{
	EC_KEY *ret;

	if (in == NULL || *in == NULL) {
		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	if (a == NULL || *a == NULL) {
		if ((ret = EC_KEY_new()) == NULL) {
			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else
		ret = *a;

	if (!d2i_ECPKParameters(&ret->group, in, len)) {
		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
		if (a == NULL || *a != ret)
			EC_KEY_free(ret);
		return NULL;
	}

	if (a != NULL)
		*a = ret;
	return ret;
}

EC_KEY *
o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
{
	EC_KEY *ret = NULL;

	if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
		/*
		 * sorry, but a EC_GROUP-structur is necessary to set the
		 * public key
		 */
		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	ret = *a;
	if (ret->pub_key == NULL &&
	    (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
		return 0;
	}
	/* save the point conversion form */
	ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
	*in += len;
	return ret;
}

int 
i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
{
	size_t buf_len = 0;
	int new_buffer = 0;

	if (a == NULL) {
		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	buf_len = EC_POINT_point2oct(a->group, a->pub_key,
	    a->conv_form, NULL, 0, NULL);

	if (out == NULL || buf_len == 0)
		/* out == NULL => just return the length of the octet string */
		return buf_len;

	if (*out == NULL) {
		if ((*out = malloc(buf_len)) == NULL) {
			ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		new_buffer = 1;
	}
	if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
		*out, buf_len, NULL)) {
		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
		if (new_buffer) {
			free(*out);
			*out = NULL;
		}
		return 0;
	}
	if (!new_buffer)
		*out += buf_len;
	return buf_len;
}







<
|



<
|







<
|



|



|





|






<
|








|







|






|




|














|











|




|






|




















|





|



|















|











|






|










1420
1421
1422
1423
1424
1425
1426

1427
1428
1429
1430

1431
1432
1433
1434
1435
1436
1437
1438

1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459

1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
{
	int ret = 0, ok = 0;
	unsigned char *buffer = NULL;
	size_t buf_len = 0, tmp_len;
	EC_PRIVATEKEY *priv_key = NULL;

	if (a == NULL || a->group == NULL || a->priv_key == NULL) {

		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		goto err;
	}
	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {

		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	priv_key->version = a->version;

	buf_len = (size_t) BN_num_bytes(a->priv_key);
	buffer = malloc(buf_len);
	if (buffer == NULL) {

		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!BN_bn2bin(a->priv_key, buffer)) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
		ECerror(ERR_R_ASN1_LIB);
		goto err;
	}
	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
		if ((priv_key->parameters = ec_asn1_group2pkparameters(
			    a->group, priv_key->parameters)) == NULL) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}
	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
		priv_key->publicKey = ASN1_BIT_STRING_new();
		if (priv_key->publicKey == NULL) {

			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
		    a->conv_form, NULL, 0, NULL);

		if (tmp_len > buf_len) {
			unsigned char *tmp_buffer = realloc(buffer, tmp_len);
			if (!tmp_buffer) {
				ECerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			buffer = tmp_buffer;
			buf_len = tmp_len;
		}
		if (!EC_POINT_point2oct(a->group, a->pub_key,
			a->conv_form, buffer, buf_len, NULL)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
		if (!ASN1_STRING_set(priv_key->publicKey, buffer,
			buf_len)) {
			ECerror(ERR_R_ASN1_LIB);
			goto err;
		}
	}
	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	ok = 1;
err:
	free(buffer);
	if (priv_key)
		EC_PRIVATEKEY_free(priv_key);
	return (ok ? ret : 0);
}

int 
i2d_ECParameters(EC_KEY * a, unsigned char **out)
{
	if (a == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	return i2d_ECPKParameters(a->group, out);
}

EC_KEY *
d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
{
	EC_KEY *ret;

	if (in == NULL || *in == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	if (a == NULL || *a == NULL) {
		if ((ret = EC_KEY_new()) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	} else
		ret = *a;

	if (!d2i_ECPKParameters(&ret->group, in, len)) {
		ECerror(ERR_R_EC_LIB);
		if (a == NULL || *a != ret)
			EC_KEY_free(ret);
		return NULL;
	}

	if (a != NULL)
		*a = ret;
	return ret;
}

EC_KEY *
o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
{
	EC_KEY *ret = NULL;

	if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
		/*
		 * sorry, but a EC_GROUP-structur is necessary to set the
		 * public key
		 */
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	ret = *a;
	if (ret->pub_key == NULL &&
	    (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
		ECerror(ERR_R_EC_LIB);
		return 0;
	}
	/* save the point conversion form */
	ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
	*in += len;
	return ret;
}

int 
i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
{
	size_t buf_len = 0;
	int new_buffer = 0;

	if (a == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	buf_len = EC_POINT_point2oct(a->group, a->pub_key,
	    a->conv_form, NULL, 0, NULL);

	if (out == NULL || buf_len == 0)
		/* out == NULL => just return the length of the octet string */
		return buf_len;

	if (*out == NULL) {
		if ((*out = malloc(buf_len)) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		new_buffer = 1;
	}
	if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
		*out, buf_len, NULL)) {
		ECerror(ERR_R_EC_LIB);
		if (new_buffer) {
			free(*out);
			*out = NULL;
		}
		return 0;
	}
	if (!new_buffer)
		*out += buf_len;
	return buf_len;
}
Changes to jni/libressl/crypto/ec/ec_check.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_check.c,v 1.4 2014/07/12 16:03:37 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_check.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
	BIGNUM *order;
	BN_CTX *new_ctx = NULL;
	EC_POINT *point = NULL;

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL) {
			ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	BN_CTX_start(ctx);
	if ((order = BN_CTX_get(ctx)) == NULL)
		goto err;

	/* check the discriminant */
	if (!EC_GROUP_check_discriminant(group, ctx)) {
		ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
		goto err;
	}
	/* check the generator */
	if (group->generator == NULL) {
		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
		goto err;
	}
	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	/* check the order of the generator */
	if ((point = EC_POINT_new(group)) == NULL)
		goto err;
	if (!EC_GROUP_get_order(group, order, ctx))
		goto err;
	if (BN_is_zero(order)) {
		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
		goto err;
	}
	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
		goto err;
	if (EC_POINT_is_at_infinity(group, point) <= 0) {
		ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	ret = 1;

err:
	if (ctx != NULL)
		BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	EC_POINT_free(point);
	return ret;
}







|









|




|



|








|





|











63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
	BIGNUM *order;
	BN_CTX *new_ctx = NULL;
	EC_POINT *point = NULL;

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	BN_CTX_start(ctx);
	if ((order = BN_CTX_get(ctx)) == NULL)
		goto err;

	/* check the discriminant */
	if (!EC_GROUP_check_discriminant(group, ctx)) {
		ECerror(EC_R_DISCRIMINANT_IS_ZERO);
		goto err;
	}
	/* check the generator */
	if (group->generator == NULL) {
		ECerror(EC_R_UNDEFINED_GENERATOR);
		goto err;
	}
	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
		ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	/* check the order of the generator */
	if ((point = EC_POINT_new(group)) == NULL)
		goto err;
	if (!EC_GROUP_get_order(group, order, ctx))
		goto err;
	if (BN_is_zero(order)) {
		ECerror(EC_R_UNDEFINED_ORDER);
		goto err;
	}
	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
		goto err;
	if (EC_POINT_is_at_infinity(group, point) <= 0) {
		ECerror(EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	ret = 1;

err:
	if (ctx != NULL)
		BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	EC_POINT_free(point);
	return ret;
}
Changes to jni/libressl/crypto/ec/ec_curve.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_curve.c,v 1.12 2015/06/20 13:26:08 jsing Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_curve.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
3046
3047
3048
3049
3050
3051
3052



3053
3054
3055
3056

3057

3058
3059
3060
3061
3062
3063
3064
	/* X9.62 curves */
	{NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, "NIST/X9.62/SECG curve over a 192 bit prime field"},
	{NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, "X9.62 curve over a 192 bit prime field"},
	{NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, "X9.62 curve over a 192 bit prime field"},
	{NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, "X9.62 curve over a 239 bit prime field"},
	{NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field"},
	{NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field"},



#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
	{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field"},
#else
	{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field"},

#endif

#ifndef OPENSSL_NO_EC2M
	/* characteristic two field curves */
	/* NIST/SECG curves */
	{NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field"},
	{NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field"},
	{NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field"},
	{NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field"},







>
>
>
|
|

<
>

>







3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058

3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
	/* X9.62 curves */
	{NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, "NIST/X9.62/SECG curve over a 192 bit prime field"},
	{NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, "X9.62 curve over a 192 bit prime field"},
	{NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, "X9.62 curve over a 192 bit prime field"},
	{NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, "X9.62 curve over a 239 bit prime field"},
	{NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field"},
	{NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field"},
	{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
	 EC_GFp_nistz256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
	 EC_GFp_nistp256_method,
#else

	 0,
#endif
	 "X9.62/SECG curve over a 256 bit prime field"},
#ifndef OPENSSL_NO_EC2M
	/* characteristic two field curves */
	/* NIST/SECG curves */
	{NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field"},
	{NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field"},
	{NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field"},
	{NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field"},
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
	int ok = 0;
	int seed_len, param_len;
	const EC_METHOD *meth;
	const EC_CURVE_DATA *data;
	const unsigned char *params;

	if ((ctx = BN_CTX_new()) == NULL) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	data = curve.data;
	seed_len = data->seed_len;
	param_len = data->param_len;
	params = (const unsigned char *) (data + 1);	/* skip header */
	params += seed_len;	/* skip seed   */

	if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
	    !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
	    !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
		goto err;
	}
	if (curve.meth != 0) {
		meth = curve.meth();
		if (((group = EC_GROUP_new(meth)) == NULL) ||
		    (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
			goto err;
		}
	} else if (data->field_type == NID_X9_62_prime_field) {
		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else {			/* field_type ==
				 * NID_X9_62_characteristic_two_field */
		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
			goto err;
		}
	}
#endif

	if ((P = EC_POINT_new(group)) == NULL) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
		goto err;
	}
	if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
	    || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
		goto err;
	}
	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
		goto err;
	}
	if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
	    || !BN_set_word(x, (BN_ULONG) data->cofactor)) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
		goto err;
	}
	if (!EC_GROUP_set_generator(group, P, order, x)) {
		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
		goto err;
	}
	if (seed_len) {
		if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
			goto err;
		}
	}
	ok = 1;
err:
	if (!ok) {
		EC_GROUP_free(group);







|











|






|




|







|






|




|



|




|



|




|







3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
	int ok = 0;
	int seed_len, param_len;
	const EC_METHOD *meth;
	const EC_CURVE_DATA *data;
	const unsigned char *params;

	if ((ctx = BN_CTX_new()) == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	data = curve.data;
	seed_len = data->seed_len;
	param_len = data->param_len;
	params = (const unsigned char *) (data + 1);	/* skip header */
	params += seed_len;	/* skip seed   */

	if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
	    !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
	    !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	if (curve.meth != 0) {
		meth = curve.meth();
		if (((group = EC_GROUP_new(meth)) == NULL) ||
		    (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	} else if (data->field_type == NID_X9_62_prime_field) {
		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else {			/* field_type ==
				 * NID_X9_62_characteristic_two_field */
		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}
#endif

	if ((P = EC_POINT_new(group)) == NULL) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
	    || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
	    || !BN_set_word(x, (BN_ULONG) data->cofactor)) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	if (!EC_GROUP_set_generator(group, P, order, x)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	if (seed_len) {
		if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
	}
	ok = 1;
err:
	if (!ok) {
		EC_GROUP_free(group);
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272

	for (i = 0; i < curve_list_length; i++)
		if (curve_list[i].nid == nid) {
			ret = ec_group_new_from_data(curve_list[i]);
			break;
		}
	if (ret == NULL) {
		ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
		return NULL;
	}
	EC_GROUP_set_curve_name(ret, nid);

	return ret;
}








|







3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276

	for (i = 0; i < curve_list_length; i++)
		if (curve_list[i].nid == nid) {
			ret = ec_group_new_from_data(curve_list[i]);
			break;
		}
	if (ret == NULL) {
		ECerror(EC_R_UNKNOWN_GROUP);
		return NULL;
	}
	EC_GROUP_set_curve_name(ret, nid);

	return ret;
}

Changes to jni/libressl/crypto/ec/ec_cvt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_cvt.c,v 1.5 2014/06/12 15:49:29 deraadt Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_cvt.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/ec/ec_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_err.c,v 1.8 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_err.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)

static ERR_STRING_DATA EC_str_functs[] =
{
	{ERR_FUNC(EC_F_BN_TO_FELEM), "BN_TO_FELEM"},
	{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
	{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
	{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
	{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
	{ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"},
	{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"},
	{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"},
	{ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"},
	{ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"},
	{ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"},
	{ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"},
	{ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"},
	{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
	{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
	{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
	{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
	{ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
	{ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
	{ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
	{ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
	{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
	{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
	{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
	{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
	{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
	{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
	{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
	{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE), "ec_GFp_nistp224_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp224_point_get_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE), "ec_GFp_nistp256_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp256_point_get_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE), "ec_GFp_nistp521_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"},
	{ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp521_point_get_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
	{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
	{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"},
	{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
	{ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
	{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"},
	{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
	{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"},
	{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"},
	{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
	{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
	{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
	{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
	{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
	{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
	{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
	{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
	{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
	{ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
	{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
	{ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
	{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
	{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
	{ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES), "EC_KEY_set_public_key_affine_coordinates"},
	{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
	{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
	{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
	{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
	{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
	{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"},
	{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
	{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
	{ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
	{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
	{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
	{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
	{ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
	{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
	{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
	{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
	{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"},
	{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
	{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"},
	{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
	{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
	{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
	{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
	{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
	{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
	{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
	{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
	{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
	{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
	{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
	{ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"},
	{ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"},
	{ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"},
	{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
	{ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"},
	{ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"},
	{ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"},
	{ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
	{ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
	{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"},
	{ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"},
	{0, NULL}
};

static ERR_STRING_DATA EC_str_reasons[] =
{
	{ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
	{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},







|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







67
68
69
70
71
72
73
74




























































































75












































76
77
78
79
80
81
82

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)

static ERR_STRING_DATA EC_str_functs[] = {




























































































	{ERR_FUNC(0xfff), "CRYPTO_internal"},












































	{0, NULL}
};

static ERR_STRING_DATA EC_str_reasons[] =
{
	{ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
	{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
Changes to jni/libressl/crypto/ec/ec_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_key.c,v 1.11 2015/02/09 15:49:22 jsing Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_key.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
EC_KEY *
EC_KEY_new(void)
{
	EC_KEY *ret;

	ret = malloc(sizeof(EC_KEY));
	if (ret == NULL) {
		ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->version = 1;
	ret->flags = 0;
	ret->group = NULL;
	ret->pub_key = NULL;
	ret->priv_key = NULL;







|







71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
EC_KEY *
EC_KEY_new(void)
{
	EC_KEY *ret;

	ret = malloc(sizeof(EC_KEY));
	if (ret == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->version = 1;
	ret->flags = 0;
	ret->group = NULL;
	ret->pub_key = NULL;
	ret->priv_key = NULL;
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

EC_KEY *
EC_KEY_copy(EC_KEY * dest, const EC_KEY * src)
{
	EC_EXTRA_DATA *d;

	if (dest == NULL || src == NULL) {
		ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	/* copy the parameters */
	if (src->group) {
		const EC_METHOD *meth = EC_GROUP_method_of(src->group);
		/* clear the old group */
		EC_GROUP_free(dest->group);







|







129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

EC_KEY *
EC_KEY_copy(EC_KEY * dest, const EC_KEY * src)
{
	EC_EXTRA_DATA *d;

	if (dest == NULL || src == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	/* copy the parameters */
	if (src->group) {
		const EC_METHOD *meth = EC_GROUP_method_of(src->group);
		/* clear the old group */
		EC_GROUP_free(dest->group);
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
{
	int ok = 0;
	BN_CTX *ctx = NULL;
	BIGNUM *priv_key = NULL, *order = NULL;
	EC_POINT *pub_key = NULL;

	if (!eckey || !eckey->group) {
		ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((order = BN_new()) == NULL)
		goto err;
	if ((ctx = BN_CTX_new()) == NULL)
		goto err;








|







213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
{
	int ok = 0;
	BN_CTX *ctx = NULL;
	BIGNUM *priv_key = NULL, *order = NULL;
	EC_POINT *pub_key = NULL;

	if (!eckey || !eckey->group) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((order = BN_new()) == NULL)
		goto err;
	if ((ctx = BN_CTX_new()) == NULL)
		goto err;

270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
{
	int ok = 0;
	BN_CTX *ctx = NULL;
	const BIGNUM *order = NULL;
	EC_POINT *point = NULL;

	if (!eckey || !eckey->group || !eckey->pub_key) {
		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key) > 0) {
		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
		goto err;
	}
	if ((ctx = BN_CTX_new()) == NULL)
		goto err;
	if ((point = EC_POINT_new(eckey->group)) == NULL)
		goto err;

	/* testing whether the pub_key is on the elliptic curve */
	if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	/* testing whether pub_key * order is the point at infinity */
	order = &eckey->group->order;
	if (BN_is_zero(order)) {
		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
		goto err;
	}
	if (EC_POINT_is_at_infinity(eckey->group, point) <= 0) {
		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
		goto err;
	}
	/*
	 * in case the priv_key is present : check if generator * priv_key ==
	 * pub_key
	 */
	if (eckey->priv_key) {
		if (BN_cmp(eckey->priv_key, order) >= 0) {
			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
			goto err;
		}
		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
			NULL, NULL, ctx)) {
			ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
			goto err;
		}
		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
			ctx) != 0) {
			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
			goto err;
		}
	}
	ok = 1;
err:
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	return (ok);
}

int 
EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
{
	BN_CTX *ctx = NULL;
	BIGNUM *tx, *ty;
	EC_POINT *point = NULL;
	int ok = 0, tmp_nid, is_char_two = 0;

	if (!key || !key->group || !x || !y) {
		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	ctx = BN_CTX_new();
	if (!ctx)
		goto err;

	point = EC_POINT_new(key->group);







|



|









|





|



|



|








|




|




|



















<
|







270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

344
345
346
347
348
349
350
351
{
	int ok = 0;
	BN_CTX *ctx = NULL;
	const BIGNUM *order = NULL;
	EC_POINT *point = NULL;

	if (!eckey || !eckey->group || !eckey->pub_key) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key) > 0) {
		ECerror(EC_R_POINT_AT_INFINITY);
		goto err;
	}
	if ((ctx = BN_CTX_new()) == NULL)
		goto err;
	if ((point = EC_POINT_new(eckey->group)) == NULL)
		goto err;

	/* testing whether the pub_key is on the elliptic curve */
	if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
		ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	/* testing whether pub_key * order is the point at infinity */
	order = &eckey->group->order;
	if (BN_is_zero(order)) {
		ECerror(EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
		ECerror(ERR_R_EC_LIB);
		goto err;
	}
	if (EC_POINT_is_at_infinity(eckey->group, point) <= 0) {
		ECerror(EC_R_WRONG_ORDER);
		goto err;
	}
	/*
	 * in case the priv_key is present : check if generator * priv_key ==
	 * pub_key
	 */
	if (eckey->priv_key) {
		if (BN_cmp(eckey->priv_key, order) >= 0) {
			ECerror(EC_R_WRONG_ORDER);
			goto err;
		}
		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
			NULL, NULL, ctx)) {
			ECerror(ERR_R_EC_LIB);
			goto err;
		}
		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
			ctx) != 0) {
			ECerror(EC_R_INVALID_PRIVATE_KEY);
			goto err;
		}
	}
	ok = 1;
err:
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	return (ok);
}

int 
EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
{
	BN_CTX *ctx = NULL;
	BIGNUM *tx, *ty;
	EC_POINT *point = NULL;
	int ok = 0, tmp_nid, is_char_two = 0;

	if (!key || !key->group || !x || !y) {

		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	ctx = BN_CTX_new();
	if (!ctx)
		goto err;

	point = EC_POINT_new(key->group);
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
			goto err;
	}
	/*
	 * Check if retrieved coordinates match originals: if not values are
	 * out of range.
	 */
	if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
		    EC_R_COORDINATES_OUT_OF_RANGE);
		goto err;
	}
	if (!EC_KEY_set_public_key(key, point))
		goto err;

	if (EC_KEY_check_key(key) == 0)
		goto err;







<
|







382
383
384
385
386
387
388

389
390
391
392
393
394
395
396
			goto err;
	}
	/*
	 * Check if retrieved coordinates match originals: if not values are
	 * out of range.
	 */
	if (BN_cmp(x, tx) || BN_cmp(y, ty)) {

		ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
		goto err;
	}
	if (!EC_KEY_set_public_key(key, point))
		goto err;

	if (EC_KEY_check_key(key) == 0)
		goto err;
Changes to jni/libressl/crypto/ec/ec_lcl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_lcl.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
65
66
67
68
69
70
71
72
73
74
75
76
77


78
79
80
81
82
83



84
85
86
87
88
89
90
 * license provided above.
 *
 * The elliptic curve binary polynomial software is originally written by 
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */


#include <stdlib.h>

#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/bn.h>



#if defined(__SUNPRO_C)
# if __SUNPRO_C >= 0x520
# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
# endif
#endif




/* Use default functions for poin2oct, oct2point and compressed coordinates */
#define EC_FLAGS_DEFAULT_OCT	0x1

/* Structure details are not part of the exported interface,
 * so all this may change in future versions. */








<





>
>






>
>
>







65
66
67
68
69
70
71

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 * license provided above.
 *
 * The elliptic curve binary polynomial software is originally written by 
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */


#include <stdlib.h>

#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/bn.h>

__BEGIN_HIDDEN_DECLS

#if defined(__SUNPRO_C)
# if __SUNPRO_C >= 0x520
# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
# endif
#endif

#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);

/* Use default functions for poin2oct, oct2point and compressed coordinates */
#define EC_FLAGS_DEFAULT_OCT	0x1

/* Structure details are not part of the exported interface,
 * so all this may change in future versions. */

418
419
420
421
422
423
424




425
426
427
428
429
430
431
int ec_GFp_nistp256_group_init(EC_GROUP *group);
int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);





/* method functions in ecp_nistp521.c */
int ec_GFp_nistp521_group_init(EC_GROUP *group);
int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);







>
>
>
>







422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
int ec_GFp_nistp256_group_init(EC_GROUP *group);
int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);

#ifdef ECP_NISTZ256_ASM
const EC_METHOD *EC_GFp_nistz256_method(void);
#endif

/* method functions in ecp_nistp521.c */
int ec_GFp_nistp521_group_init(EC_GROUP *group);
int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
439
440
441
442
443
444
445

446


	int (*felem_is_zero)(const void *in),
	void (*felem_assign)(void *out, const void *in),
	void (*felem_square)(void *out, const void *in),
	void (*felem_mul)(void *out, const void *in1, const void *in2),
	void (*felem_inv)(void *out, const void *in),
	void (*felem_contract)(void *out, const void *in));
void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in);

#endif









>

>
>
447
448
449
450
451
452
453
454
455
456
457
	int (*felem_is_zero)(const void *in),
	void (*felem_assign)(void *out, const void *in),
	void (*felem_square)(void *out, const void *in),
	void (*felem_mul)(void *out, const void *in1, const void *in2),
	void (*felem_inv)(void *out, const void *in),
	void (*felem_contract)(void *out, const void *in));
void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in);

#endif

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/ec/ec_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_lib.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_lib.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

EC_GROUP *
EC_GROUP_new(const EC_METHOD * meth)
{
	EC_GROUP *ret;

	if (meth == NULL) {
		ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
		return NULL;
	}
	if (meth->group_init == 0) {
		ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return NULL;
	}
	ret = malloc(sizeof *ret);
	if (ret == NULL) {
		ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->meth = meth;

	ret->extra_data = NULL;

	ret->generator = NULL;







|



|




|







74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

EC_GROUP *
EC_GROUP_new(const EC_METHOD * meth)
{
	EC_GROUP *ret;

	if (meth == NULL) {
		ECerror(EC_R_SLOT_FULL);
		return NULL;
	}
	if (meth->group_init == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return NULL;
	}
	ret = malloc(sizeof *ret);
	if (ret == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->meth = meth;

	ret->extra_data = NULL;

	ret->generator = NULL;
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

int 
EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src)
{
	EC_EXTRA_DATA *d;

	if (dest->meth->group_copy == 0) {
		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (dest->meth != src->meth) {
		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (dest == src)
		return 1;

	EC_EX_DATA_free_all_data(&dest->extra_data);








|



|







162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

int 
EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src)
{
	EC_EXTRA_DATA *d;

	if (dest->meth->group_copy == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (dest->meth != src->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (dest == src)
		return 1;

	EC_EX_DATA_free_all_data(&dest->extra_data);

229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
}


EC_GROUP *
EC_GROUP_dup(const EC_GROUP * a)
{
	EC_GROUP *t = NULL;
	int ok = 0;

	if (a == NULL)
		return NULL;

	if ((t = EC_GROUP_new(a->meth)) == NULL)
		return (NULL);
	if (!EC_GROUP_copy(t, a))
		goto err;

	ok = 1;

err:
	if (!ok) {
		EC_GROUP_free(t);
		return NULL;
	} else
		return t;
}


const EC_METHOD *
EC_GROUP_method_of(const EC_GROUP *group)
{
	return group->meth;







<

<
<
<
|
<
|
<
|
|
|
<
<
<
<
<
|







229
230
231
232
233
234
235

236



237

238

239
240
241





242
243
244
245
246
247
248
249
}


EC_GROUP *
EC_GROUP_dup(const EC_GROUP * a)
{
	EC_GROUP *t = NULL;





	if ((a != NULL) && ((t = EC_GROUP_new(a->meth)) != NULL) &&

	    (!EC_GROUP_copy(t, a))) {

		EC_GROUP_free(t);
		t = NULL;
	}





	return t;
}


const EC_METHOD *
EC_GROUP_method_of(const EC_GROUP *group)
{
	return group->meth;
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283


int 
EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
    const BIGNUM *order, const BIGNUM *cofactor)
{
	if (generator == NULL) {
		ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (group->generator == NULL) {
		group->generator = EC_POINT_new(group);
		if (group->generator == NULL)
			return 0;
	}







|







258
259
260
261
262
263
264
265
266
267
268
269
270
271
272


int 
EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
    const BIGNUM *order, const BIGNUM *cofactor)
{
	if (generator == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (group->generator == NULL) {
		group->generator = EC_POINT_new(group);
		if (group->generator == NULL)
			return 0;
	}
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477


int 
EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
    const BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_set_curve == 0) {
		ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_set_curve(group, p, a, b, ctx);
}


int 
EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
    BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_get_curve == 0) {
		ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_get_curve(group, p, a, b, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
    const BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_set_curve == 0) {
		ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_set_curve(group, p, a, b, ctx);
}


int 
EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
    BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_get_curve == 0) {
		ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_get_curve(group, p, a, b, ctx);
}
#endif

int 
EC_GROUP_get_degree(const EC_GROUP * group)
{
	if (group->meth->group_get_degree == 0) {
		ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_get_degree(group);
}


int 
EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
{
	if (group->meth->group_check_discriminant == 0) {
		ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_check_discriminant(group, ctx);
}


int 







|











|











|











|










|










|







394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466


int 
EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
    const BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_set_curve == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_set_curve(group, p, a, b, ctx);
}


int 
EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
    BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_get_curve == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_get_curve(group, p, a, b, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
    const BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_set_curve == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_set_curve(group, p, a, b, ctx);
}


int 
EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
    BIGNUM * b, BN_CTX * ctx)
{
	if (group->meth->group_get_curve == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_get_curve(group, p, a, b, ctx);
}
#endif

int 
EC_GROUP_get_degree(const EC_GROUP * group)
{
	if (group->meth->group_get_degree == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_get_degree(group);
}


int 
EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
{
	if (group->meth->group_check_discriminant == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	return group->meth->group_check_discriminant(group, ctx);
}


int 
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574

	if (ex_data == NULL)
		return 0;

	for (d = *ex_data; d != NULL; d = d->next) {
		if (d->dup_func == dup_func && d->free_func == free_func &&
		    d->clear_free_func == clear_free_func) {
			ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
			return 0;
		}
	}

	if (data == NULL)
		/* no explicit entry needed */
		return 1;







|







549
550
551
552
553
554
555
556
557
558
559
560
561
562
563

	if (ex_data == NULL)
		return 0;

	for (d = *ex_data; d != NULL; d = d->next) {
		if (d->dup_func == dup_func && d->free_func == free_func &&
		    d->clear_free_func == clear_free_func) {
			ECerror(EC_R_SLOT_FULL);
			return 0;
		}
	}

	if (data == NULL)
		/* no explicit entry needed */
		return 1;
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729

EC_POINT *
EC_POINT_new(const EC_GROUP * group)
{
	EC_POINT *ret;

	if (group == NULL) {
		ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	if (group->meth->point_init == 0) {
		ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return NULL;
	}
	ret = malloc(sizeof *ret);
	if (ret == NULL) {
		ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->meth = group->meth;

	if (!ret->meth->point_init(ret)) {
		free(ret);
		return NULL;







|



|




|







695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718

EC_POINT *
EC_POINT_new(const EC_GROUP * group)
{
	EC_POINT *ret;

	if (group == NULL) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	if (group->meth->point_init == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return NULL;
	}
	ret = malloc(sizeof *ret);
	if (ret == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->meth = group->meth;

	if (!ret->meth->point_init(ret)) {
		free(ret);
		return NULL;
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
}


int 
EC_POINT_copy(EC_POINT * dest, const EC_POINT * src)
{
	if (dest->meth->point_copy == 0) {
		ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (dest->meth != src->meth) {
		ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (dest == src)
		return 1;
	return dest->meth->point_copy(dest, src);
}








|



|







748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
}


int 
EC_POINT_copy(EC_POINT * dest, const EC_POINT * src)
{
	if (dest->meth->point_copy == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (dest->meth != src->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (dest == src)
		return 1;
	return dest->meth->point_copy(dest, src);
}

804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
}


int 
EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
{
	if (group->meth->point_set_to_infinity == 0) {
		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_to_infinity(group, point);
}


int 
EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
{
	if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
}


int 
EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
    const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
	if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
}


int 
EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_set_affine_coordinates == 0) {
		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_set_affine_coordinates == 0) {
		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
}
#endif

int 
EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
    BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_get_affine_coordinates == 0) {
		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
    BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_get_affine_coordinates == 0) {
		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}
#endif

int 
EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
    const EC_POINT *b, BN_CTX *ctx)
{
	if (group->meth->add == 0) {
		ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) {
		ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->add(group, r, a, b, ctx);
}


int 
EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
{
	if (group->meth->dbl == 0) {
		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if ((group->meth != r->meth) || (r->meth != a->meth)) {
		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->dbl(group, r, a, ctx);
}


int 
EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
{
	if (group->meth->invert == 0) {
		ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != a->meth) {
		ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->invert(group, a, ctx);
}


int 
EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
{
	if (group->meth->is_at_infinity == 0) {
		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->is_at_infinity(group, point);
}


int 
EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
{
	if (group->meth->is_on_curve == 0) {
		ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->is_on_curve(group, point, ctx);
}


int 
EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
    BN_CTX * ctx)
{
	if (group->meth->point_cmp == 0) {
		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}
	if ((group->meth != a->meth) || (a->meth != b->meth)) {
		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
		return -1;
	}
	return group->meth->point_cmp(group, a, b, ctx);
}


int 
EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
{
	if (group->meth->make_affine == 0) {
		ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->make_affine(group, point, ctx);
}


int 
EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
    BN_CTX *ctx)
{
	size_t i;

	if (group->meth->points_make_affine == 0) {
		ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	for (i = 0; i < num; i++) {
		if (group->meth != points[i]->meth) {
			ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
			return 0;
		}
	}
	return group->meth->points_make_affine(group, num, points, ctx);
}









|



|











|



|











|



|











|



|











|



|











|



|











|



|











|



|










|



|










|



|










|



|










|



|











|



|










|



|













|




|







793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
}


int 
EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
{
	if (group->meth->point_set_to_infinity == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_to_infinity(group, point);
}


int 
EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
{
	if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
}


int 
EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
    const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
	if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
}


int 
EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_set_affine_coordinates == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_set_affine_coordinates == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
}
#endif

int 
EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
    BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_get_affine_coordinates == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
    BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
	if (group->meth->point_get_affine_coordinates == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}
#endif

int 
EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
    const EC_POINT *b, BN_CTX *ctx)
{
	if (group->meth->add == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->add(group, r, a, b, ctx);
}


int 
EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
{
	if (group->meth->dbl == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if ((group->meth != r->meth) || (r->meth != a->meth)) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->dbl(group, r, a, ctx);
}


int 
EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
{
	if (group->meth->invert == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != a->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->invert(group, a, ctx);
}


int 
EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
{
	if (group->meth->is_at_infinity == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->is_at_infinity(group, point);
}


int 
EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
{
	if (group->meth->is_on_curve == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->is_on_curve(group, point, ctx);
}


int 
EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
    BN_CTX * ctx)
{
	if (group->meth->point_cmp == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return -1;
	}
	if ((group->meth != a->meth) || (a->meth != b->meth)) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return -1;
	}
	return group->meth->point_cmp(group, a, b, ctx);
}


int 
EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
{
	if (group->meth->make_affine == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	return group->meth->make_affine(group, point, ctx);
}


int 
EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
    BN_CTX *ctx)
{
	size_t i;

	if (group->meth->points_make_affine == 0) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	for (i = 0; i < num; i++) {
		if (group->meth != points[i]->meth) {
			ECerror(EC_R_INCOMPATIBLE_OBJECTS);
			return 0;
		}
	}
	return group->meth->points_make_affine(group, num, points, ctx);
}


Changes to jni/libressl/crypto/ec/ec_mult.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_mult.c,v 1.18 2015/02/15 08:44:35 miod Exp $ */
/*
 * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_mult.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
/*
 * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * Portions of this software developed by SUN MICROSYSTEMS, INC.,
 * and contributed to the OpenSSL project.
 */

#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/err.h>

#include "ec_lcl.h"


/*







<
<
<







58
59
60
61
62
63
64



65
66
67
68
69
70
71
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * Portions of this software developed by SUN MICROSYSTEMS, INC.,
 * and contributed to the OpenSSL project.
 */

#include <string.h>




#include <openssl/err.h>

#include "ec_lcl.h"


/*
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
	EC_PRE_COMP *ret = NULL;

	if (!group)
		return NULL;

	ret = malloc(sizeof(EC_PRE_COMP));
	if (!ret) {
		ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
		return ret;
	}
	ret->group = group;
	ret->blocksize = 8;	/* default */
	ret->numblocks = 0;
	ret->w = 4;		/* default */
	ret->points = NULL;







|







103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
	EC_PRE_COMP *ret = NULL;

	if (!group)
		return NULL;

	ret = malloc(sizeof(EC_PRE_COMP));
	if (!ret) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return ret;
	}
	ret->group = group;
	ret->blocksize = 8;	/* default */
	ret->numblocks = 0;
	ret->w = 4;		/* default */
	ret->points = NULL;
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
	int sign = 1;
	int bit, next_bit, mask;
	size_t len = 0, j;

	if (BN_is_zero(scalar)) {
		r = malloc(1);
		if (!r) {
			ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		r[0] = 0;
		*ret_len = 1;
		return r;
	}
	if (w <= 0 || w > 7) {
		/* 'signed char' can represent integers with
		 * absolute values less than 2^7 */
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	bit = 1 << w;		/* at most 128 */
	next_bit = bit << 1;	/* at most 256 */
	mask = next_bit - 1;	/* at most 255 */

	if (BN_is_negative(scalar)) {
		sign = -1;
	}
	if (scalar->d == NULL || scalar->top == 0) {
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	len = BN_num_bits(scalar);
	r = malloc(len + 1);	/* modified wNAF may be one digit longer than
				 * binary representation (*ret_len will be
				 * set to the actual length, i.e. at most
				 * BN_num_bits(scalar) + 1) */
	if (r == NULL) {
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	window_val = scalar->d[0] & mask;
	j = 0;
	while ((window_val != 0) || (j + w + 1 < len)) {
		/* if j+w+1 >= len, window_val will not increase */
		int digit = 0;







|









|










|








|







201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
	int sign = 1;
	int bit, next_bit, mask;
	size_t len = 0, j;

	if (BN_is_zero(scalar)) {
		r = malloc(1);
		if (!r) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		r[0] = 0;
		*ret_len = 1;
		return r;
	}
	if (w <= 0 || w > 7) {
		/* 'signed char' can represent integers with
		 * absolute values less than 2^7 */
		ECerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	bit = 1 << w;		/* at most 128 */
	next_bit = bit << 1;	/* at most 256 */
	mask = next_bit - 1;	/* at most 255 */

	if (BN_is_negative(scalar)) {
		sign = -1;
	}
	if (scalar->d == NULL || scalar->top == 0) {
		ECerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	len = BN_num_bits(scalar);
	r = malloc(len + 1);	/* modified wNAF may be one digit longer than
				 * binary representation (*ret_len will be
				 * set to the actual length, i.e. at most
				 * BN_num_bits(scalar) + 1) */
	if (r == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	window_val = scalar->d[0] & mask;
	j = 0;
	while ((window_val != 0) || (j + w + 1 < len)) {
		/* if j+w+1 >= len, window_val will not increase */
		int digit = 0;
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
				}
#endif
			} else {
				digit = window_val;	/* 0 < digit < 2^w */
			}

			if (digit <= -bit || digit >= bit || !(digit & 1)) {
				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			window_val -= digit;

			/*
			 * now window_val is 0 or 2^(w+1) in standard wNAF
			 * generation; for modified window NAFs, it may also
			 * be 2^w
			 */
			if (window_val != 0 && window_val != next_bit && window_val != bit) {
				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
				goto err;
			}
		}
		r[j++] = sign * digit;

		window_val >>= 1;
		window_val += bit * BN_is_bit_set(scalar, j + w);

		if (window_val > next_bit) {
			ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}

	if (j > len + 1) {
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	len = j;
	ok = 1;

err:
	if (!ok) {







|










|









|





|







265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
				}
#endif
			} else {
				digit = window_val;	/* 0 < digit < 2^w */
			}

			if (digit <= -bit || digit >= bit || !(digit & 1)) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
			window_val -= digit;

			/*
			 * now window_val is 0 or 2^(w+1) in standard wNAF
			 * generation; for modified window NAFs, it may also
			 * be 2^w
			 */
			if (window_val != 0 && window_val != next_bit && window_val != bit) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
		}
		r[j++] = sign * digit;

		window_val >>= 1;
		window_val += bit * BN_is_bit_set(scalar, j + w);

		if (window_val > next_bit) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}

	if (j > len + 1) {
		ECerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	len = j;
	ok = 1;

err:
	if (!ok) {
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
	const EC_PRE_COMP *pre_comp = NULL;
	int num_scalar = 0;	/* flag: will be set to 1 if 'scalar' must be
				 * treated like other scalars, i.e.
				 * precomputation is not available */
	int ret = 0;

	if (group->meth != r->meth) {
		ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if ((scalar == NULL) && (num == 0)) {
		return EC_POINT_set_to_infinity(group, r);
	}
	for (i = 0; i < num; i++) {
		if (group->meth != points[i]->meth) {
			ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
			return 0;
		}
	}

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			goto err;
	}
	if (scalar != NULL) {
		generator = EC_GROUP_get0_generator(group);
		if (generator == NULL) {
			ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
			goto err;
		}
		/* look if we can use precomputed multiples of generator */

		pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);

		if (pre_comp && pre_comp->numblocks &&







|







|












|







359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
	const EC_PRE_COMP *pre_comp = NULL;
	int num_scalar = 0;	/* flag: will be set to 1 if 'scalar' must be
				 * treated like other scalars, i.e.
				 * precomputation is not available */
	int ret = 0;

	if (group->meth != r->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if ((scalar == NULL) && (num == 0)) {
		return EC_POINT_set_to_infinity(group, r);
	}
	for (i = 0; i < num; i++) {
		if (group->meth != points[i]->meth) {
			ECerror(EC_R_INCOMPATIBLE_OBJECTS);
			return 0;
		}
	}

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			goto err;
	}
	if (scalar != NULL) {
		generator = EC_GROUP_get0_generator(group);
		if (generator == NULL) {
			ECerror(EC_R_UNDEFINED_GENERATOR);
			goto err;
		}
		/* look if we can use precomputed multiples of generator */

		pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);

		if (pre_comp && pre_comp->numblocks &&
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
			if (numblocks > pre_comp->numblocks)
				numblocks = pre_comp->numblocks;

			pre_points_per_block = (size_t) 1 << (pre_comp->w - 1);

			/* check that pre_comp looks sane */
			if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
				goto err;
			}
		} else {
			/* can't use precomputation */
			pre_comp = NULL;
			numblocks = 1;
			num_scalar = 1;	/* treat 'scalar' like 'num'-th
					 * element of 'scalars' */
		}
	}
	totalnum = num + numblocks;

	/* includes space for pivot */
	wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
	if (wNAF == NULL) {
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	wNAF[0] = NULL;		/* preliminary pivot */

	wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
	wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
	val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);

	if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* num_val will be the total number of temporarily precomputed points */
	num_val = 0;

	for (i = 0; i < num + num_scalar; i++) {







|















|










|







409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
			if (numblocks > pre_comp->numblocks)
				numblocks = pre_comp->numblocks;

			pre_points_per_block = (size_t) 1 << (pre_comp->w - 1);

			/* check that pre_comp looks sane */
			if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
		} else {
			/* can't use precomputation */
			pre_comp = NULL;
			numblocks = 1;
			num_scalar = 1;	/* treat 'scalar' like 'num'-th
					 * element of 'scalars' */
		}
	}
	totalnum = num + numblocks;

	/* includes space for pivot */
	wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
	if (wNAF == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	wNAF[0] = NULL;		/* preliminary pivot */

	wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
	wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
	val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);

	if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* num_val will be the total number of temporarily precomputed points */
	num_val = 0;

	for (i = 0; i < num + num_scalar; i++) {
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
	}

	if (numblocks) {
		/* we go here iff scalar != NULL */

		if (pre_comp == NULL) {
			if (num_scalar != 1) {
				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			/* we have already generated a wNAF for 'scalar' */
		} else {
			size_t tmp_len = 0;

			if (num_scalar != 0) {
				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			/*
			 * use the window size for which we have
			 * precomputation
			 */
			wsize[num] = pre_comp->w;







|







|







462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
	}

	if (numblocks) {
		/* we go here iff scalar != NULL */

		if (pre_comp == NULL) {
			if (num_scalar != 1) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
			/* we have already generated a wNAF for 'scalar' */
		} else {
			size_t tmp_len = 0;

			if (num_scalar != 0) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
			/*
			 * use the window size for which we have
			 * precomputation
			 */
			wsize[num] = pre_comp->w;
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
				if (tmp_len < numblocks * blocksize) {
					/*
					 * possibly we can do with fewer
					 * blocks than estimated
					 */
					numblocks = (tmp_len + blocksize - 1) / blocksize;
					if (numblocks > pre_comp->numblocks) {
						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
						goto err;
					}
					totalnum = num + numblocks;
				}
				/* split wNAF in 'numblocks' parts */
				pp = tmp_wNAF;
				tmp_points = pre_comp->points;

				for (i = num; i < totalnum; i++) {
					if (i < totalnum - 1) {
						wNAF_len[i] = blocksize;
						if (tmp_len < blocksize) {
							ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
							goto err;
						}
						tmp_len -= blocksize;
					} else
						/*
						 * last block gets whatever
						 * is left (this could be
						 * more or less than
						 * 'blocksize'!)
						 */
						wNAF_len[i] = tmp_len;

					wNAF[i + 1] = NULL;
					wNAF[i] = malloc(wNAF_len[i]);
					if (wNAF[i] == NULL) {
						ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
						goto err;
					}
					memcpy(wNAF[i], pp, wNAF_len[i]);
					if (wNAF_len[i] > max_len)
						max_len = wNAF_len[i];

					if (*tmp_points == NULL) {
						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
						goto err;
					}
					val_sub[i] = tmp_points;
					tmp_points += pre_points_per_block;
					pp += blocksize;
				}
			}
		}
	}
	/*
	 * All points we precompute now go into a single array 'val'.
	 * 'val_sub[i]' is a pointer to the subarray for the i-th point, or
	 * to a subarray of 'pre_comp->points' if we already have
	 * precomputation.
	 */
	val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
	if (val == NULL) {
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	val[num_val] = NULL;	/* pivot element */

	/* allocate points for precomputation */
	v = val;
	for (i = 0; i < num + num_scalar; i++) {
		val_sub[i] = v;
		for (j = 0; j < ((size_t) 1 << (wsize[i] - 1)); j++) {
			*v = EC_POINT_new(group);
			if (*v == NULL)
				goto err;
			v++;
		}
	}
	if (!(v == val + num_val)) {
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if (!(tmp = EC_POINT_new(group)))
		goto err;

	/*
	 * prepare precomputed values: val_sub[i][0] :=     points[i]







|












|















|







|

















|
















|







520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
				if (tmp_len < numblocks * blocksize) {
					/*
					 * possibly we can do with fewer
					 * blocks than estimated
					 */
					numblocks = (tmp_len + blocksize - 1) / blocksize;
					if (numblocks > pre_comp->numblocks) {
						ECerror(ERR_R_INTERNAL_ERROR);
						goto err;
					}
					totalnum = num + numblocks;
				}
				/* split wNAF in 'numblocks' parts */
				pp = tmp_wNAF;
				tmp_points = pre_comp->points;

				for (i = num; i < totalnum; i++) {
					if (i < totalnum - 1) {
						wNAF_len[i] = blocksize;
						if (tmp_len < blocksize) {
							ECerror(ERR_R_INTERNAL_ERROR);
							goto err;
						}
						tmp_len -= blocksize;
					} else
						/*
						 * last block gets whatever
						 * is left (this could be
						 * more or less than
						 * 'blocksize'!)
						 */
						wNAF_len[i] = tmp_len;

					wNAF[i + 1] = NULL;
					wNAF[i] = malloc(wNAF_len[i]);
					if (wNAF[i] == NULL) {
						ECerror(ERR_R_MALLOC_FAILURE);
						goto err;
					}
					memcpy(wNAF[i], pp, wNAF_len[i]);
					if (wNAF_len[i] > max_len)
						max_len = wNAF_len[i];

					if (*tmp_points == NULL) {
						ECerror(ERR_R_INTERNAL_ERROR);
						goto err;
					}
					val_sub[i] = tmp_points;
					tmp_points += pre_points_per_block;
					pp += blocksize;
				}
			}
		}
	}
	/*
	 * All points we precompute now go into a single array 'val'.
	 * 'val_sub[i]' is a pointer to the subarray for the i-th point, or
	 * to a subarray of 'pre_comp->points' if we already have
	 * precomputation.
	 */
	val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
	if (val == NULL) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	val[num_val] = NULL;	/* pivot element */

	/* allocate points for precomputation */
	v = val;
	for (i = 0; i < num + num_scalar; i++) {
		val_sub[i] = v;
		for (j = 0; j < ((size_t) 1 << (wsize[i] - 1)); j++) {
			*v = EC_POINT_new(group);
			if (*v == NULL)
				goto err;
			v++;
		}
	}
	if (!(v == val + num_val)) {
		ECerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if (!(tmp = EC_POINT_new(group)))
		goto err;

	/*
	 * prepare precomputed values: val_sub[i][0] :=     points[i]
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
	EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);

	if ((pre_comp = ec_pre_comp_new(group)) == NULL)
		return 0;

	generator = EC_GROUP_get0_generator(group);
	if (generator == NULL) {
		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
		goto err;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			goto err;
	}
	BN_CTX_start(ctx);
	if ((order = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!EC_GROUP_get_order(group, order, ctx))
		goto err;
	if (BN_is_zero(order)) {
		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
		goto err;
	}
	bits = BN_num_bits(order);
	/*
	 * The following parameters mean we precompute (approximately) one
	 * point per bit.
	 * 







|














|







739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
	EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);

	if ((pre_comp = ec_pre_comp_new(group)) == NULL)
		return 0;

	generator = EC_GROUP_get0_generator(group);
	if (generator == NULL) {
		ECerror(EC_R_UNDEFINED_GENERATOR);
		goto err;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			goto err;
	}
	BN_CTX_start(ctx);
	if ((order = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!EC_GROUP_get_order(group, order, ctx))
		goto err;
	if (BN_is_zero(order)) {
		ECerror(EC_R_UNKNOWN_ORDER);
		goto err;
	}
	bits = BN_num_bits(order);
	/*
	 * The following parameters mean we precompute (approximately) one
	 * point per bit.
	 * 
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812

	pre_points_per_block = (size_t) 1 << (w - 1);
	num = pre_points_per_block * numblocks;	/* number of points to
						 * compute and store */

	points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *));
	if (!points) {
		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	var = points;
	var[num] = NULL;	/* pivot */
	for (i = 0; i < num; i++) {
		if ((var[i] = EC_POINT_new(group)) == NULL) {
			ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}

	if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EC_POINT_copy(base, generator))
		goto err;

	/* do the precomputation */
	for (i = 0; i < numblocks; i++) {







|






|





|







782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809

	pre_points_per_block = (size_t) 1 << (w - 1);
	num = pre_points_per_block * numblocks;	/* number of points to
						 * compute and store */

	points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *));
	if (!points) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	var = points;
	var[num] = NULL;	/* pivot */
	for (i = 0; i < num; i++) {
		if ((var[i] = EC_POINT_new(group)) == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}

	if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
		ECerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EC_POINT_copy(base, generator))
		goto err;

	/* do the precomputation */
	for (i = 0; i < numblocks; i++) {
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
			/*
			 * get the next base (multiply current one by
			 * 2^blocksize)
			 */
			size_t k;

			if (blocksize <= 2) {
				ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			if (!EC_POINT_dbl(group, base, tmp_point, ctx))
				goto err;
			for (k = 2; k < blocksize; k++) {
				if (!EC_POINT_dbl(group, base, base, ctx))
					goto err;







|







825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
			/*
			 * get the next base (multiply current one by
			 * 2^blocksize)
			 */
			size_t k;

			if (blocksize <= 2) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
			if (!EC_POINT_dbl(group, base, tmp_point, ctx))
				goto err;
			for (k = 2; k < blocksize; k++) {
				if (!EC_POINT_dbl(group, base, base, ctx))
					goto err;
Changes to jni/libressl/crypto/ec/ec_oct.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_oct.c,v 1.3 2014/06/12 15:49:29 deraadt Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

int 
EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, int y_bit, BN_CTX * ctx)
{
	if (group->meth->point_set_compressed_coordinates == 0
	    && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_set_compressed_coordinates(
			    group, point, x, y_bit, ctx);
		else
#ifdef OPENSSL_NO_EC2M
		{
			ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_GF2M_NOT_SUPPORTED);
			return 0;
		}
#else
			return ec_GF2m_simple_set_compressed_coordinates(
			    group, point, x, y_bit, ctx);
#endif
	}
	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, int y_bit, BN_CTX * ctx)
{
	if (group->meth->point_set_compressed_coordinates == 0
	    && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_set_compressed_coordinates(
			    group, point, x, y_bit, ctx);
		else







|



|









|

















|



|







72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

int 
EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, int y_bit, BN_CTX * ctx)
{
	if (group->meth->point_set_compressed_coordinates == 0
	    && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_set_compressed_coordinates(
			    group, point, x, y_bit, ctx);
		else
#ifdef OPENSSL_NO_EC2M
		{
			ECerror(EC_R_GF2M_NOT_SUPPORTED);
			return 0;
		}
#else
			return ec_GF2m_simple_set_compressed_coordinates(
			    group, point, x, y_bit, ctx);
#endif
	}
	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
}

#ifndef OPENSSL_NO_EC2M
int 
EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, int y_bit, BN_CTX * ctx)
{
	if (group->meth->point_set_compressed_coordinates == 0
	    && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_set_compressed_coordinates(
			    group, point, x, y_bit, ctx);
		else
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
size_t 
EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
    point_conversion_form_t form,
    unsigned char *buf, size_t len, BN_CTX *ctx)
{
	if (group->meth->point2oct == 0
	    && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_point2oct(group, point,
			    form, buf, len, ctx);
		else
#ifdef OPENSSL_NO_EC2M
		{
			ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);
			return 0;
		}
#else
			return ec_GF2m_simple_point2oct(group, point,
			    form, buf, len, ctx);
#endif
	}
	return group->meth->point2oct(group, point, form, buf, len, ctx);
}


int 
EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
    const unsigned char *buf, size_t len, BN_CTX *ctx)
{
	if (group->meth->oct2point == 0 &&
	    !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_oct2point(group, point,
			    buf, len, ctx);
		else
#ifdef OPENSSL_NO_EC2M
		{
			ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);
			return 0;
		}
#else
			return ec_GF2m_simple_oct2point(group, point,
			    buf, len, ctx);
#endif
	}
	return group->meth->oct2point(group, point, buf, len, ctx);
}







|



|









|

















|



|









|









130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
size_t 
EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
    point_conversion_form_t form,
    unsigned char *buf, size_t len, BN_CTX *ctx)
{
	if (group->meth->point2oct == 0
	    && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_point2oct(group, point,
			    form, buf, len, ctx);
		else
#ifdef OPENSSL_NO_EC2M
		{
			ECerror(EC_R_GF2M_NOT_SUPPORTED);
			return 0;
		}
#else
			return ec_GF2m_simple_point2oct(group, point,
			    form, buf, len, ctx);
#endif
	}
	return group->meth->point2oct(group, point, form, buf, len, ctx);
}


int 
EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
    const unsigned char *buf, size_t len, BN_CTX *ctx)
{
	if (group->meth->oct2point == 0 &&
	    !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;
	}
	if (group->meth != point->meth) {
		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		return 0;
	}
	if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
		if (group->meth->field_type == NID_X9_62_prime_field)
			return ec_GFp_simple_oct2point(group, point,
			    buf, len, ctx);
		else
#ifdef OPENSSL_NO_EC2M
		{
			ECerror(EC_R_GF2M_NOT_SUPPORTED);
			return 0;
		}
#else
			return ec_GF2m_simple_oct2point(group, point,
			    buf, len, ctx);
#endif
	}
	return group->meth->oct2point(group, point, buf, len, ctx);
}
Changes to jni/libressl/crypto/ec/ec_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_pmeth.c,v 1.8 2014/07/12 16:03:37 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_pmeth.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
	EC_PKEY_CTX *dctx = ctx->data;
	EC_KEY *ec = ctx->pkey->pkey.ec;

	if (!sig) {
		*siglen = ECDSA_size(ec);
		return 1;
	} else if (*siglen < (size_t) ECDSA_size(ec)) {
		ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	if (dctx->md)
		type = EVP_MD_type(dctx->md);
	else
		type = NID_sha1;








|







128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
	EC_PKEY_CTX *dctx = ctx->data;
	EC_KEY *ec = ctx->pkey->pkey.ec;

	if (!sig) {
		*siglen = ECDSA_size(ec);
		return 1;
	} else if (*siglen < (size_t) ECDSA_size(ec)) {
		ECerror(EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	if (dctx->md)
		type = EVP_MD_type(dctx->md);
	else
		type = NID_sha1;

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
static int 
pkey_ec_derive(EVP_PKEY_CTX * ctx, unsigned char *key, size_t * keylen)
{
	int ret;
	size_t outlen;
	const EC_POINT *pubkey = NULL;
	if (!ctx->pkey || !ctx->peerkey) {
		ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
		return 0;
	}
	if (!key) {
		const EC_GROUP *group;
		group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
		*keylen = (EC_GROUP_get_degree(group) + 7) / 8;
		return 1;







|







171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
static int 
pkey_ec_derive(EVP_PKEY_CTX * ctx, unsigned char *key, size_t * keylen)
{
	int ret;
	size_t outlen;
	const EC_POINT *pubkey = NULL;
	if (!ctx->pkey || !ctx->peerkey) {
		ECerror(EC_R_KEYS_NOT_SET);
		return 0;
	}
	if (!key) {
		const EC_GROUP *group;
		group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
		*keylen = (EC_GROUP_get_degree(group) + 7) / 8;
		return 1;
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
{
	EC_PKEY_CTX *dctx = ctx->data;
	EC_GROUP *group;
	switch (type) {
	case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
		group = EC_GROUP_new_by_curve_name(p1);
		if (group == NULL) {
			ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
			return 0;
		}
		EC_GROUP_free(dctx->gen_group);
		dctx->gen_group = group;
		return 1;

	case EVP_PKEY_CTRL_MD:
		if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha224 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
			ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		dctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_PEER_KEY:
		/* Default behaviour is OK */







|













|







205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
{
	EC_PKEY_CTX *dctx = ctx->data;
	EC_GROUP *group;
	switch (type) {
	case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
		group = EC_GROUP_new_by_curve_name(p1);
		if (group == NULL) {
			ECerror(EC_R_INVALID_CURVE);
			return 0;
		}
		EC_GROUP_free(dctx->gen_group);
		dctx->gen_group = group;
		return 1;

	case EVP_PKEY_CTRL_MD:
		if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha224 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
			ECerror(EC_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		dctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_PEER_KEY:
		/* Default behaviour is OK */
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
		int nid;
		nid = EC_curve_nist2nid(value);
		if (nid == NID_undef)
			nid = OBJ_sn2nid(value);
		if (nid == NID_undef)
			nid = OBJ_ln2nid(value);
		if (nid == NID_undef) {
			ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
			return 0;
		}
		return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
	}
	return -2;
}

static int 
pkey_ec_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
{
	EC_KEY *ec = NULL;
	EC_PKEY_CTX *dctx = ctx->data;
	int ret = 0;
	if (dctx->gen_group == NULL) {
		ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
		return 0;
	}
	ec = EC_KEY_new();
	if (!ec)
		return 0;
	ret = EC_KEY_set_group(ec, dctx->gen_group);
	if (ret)
		EVP_PKEY_assign_EC_KEY(pkey, ec);
	else
		EC_KEY_free(ec);
	return ret;
}

static int 
pkey_ec_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
{
	EC_KEY *ec = NULL;
	if (ctx->pkey == NULL) {
		ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
		return 0;
	}
	ec = EC_KEY_new();
	if (!ec)
		return 0;
	EVP_PKEY_assign_EC_KEY(pkey, ec);
	/* Note: if error return, pkey is freed by parent routine */







|














|


















|







250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
		int nid;
		nid = EC_curve_nist2nid(value);
		if (nid == NID_undef)
			nid = OBJ_sn2nid(value);
		if (nid == NID_undef)
			nid = OBJ_ln2nid(value);
		if (nid == NID_undef) {
			ECerror(EC_R_INVALID_CURVE);
			return 0;
		}
		return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
	}
	return -2;
}

static int 
pkey_ec_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
{
	EC_KEY *ec = NULL;
	EC_PKEY_CTX *dctx = ctx->data;
	int ret = 0;
	if (dctx->gen_group == NULL) {
		ECerror(EC_R_NO_PARAMETERS_SET);
		return 0;
	}
	ec = EC_KEY_new();
	if (!ec)
		return 0;
	ret = EC_KEY_set_group(ec, dctx->gen_group);
	if (ret)
		EVP_PKEY_assign_EC_KEY(pkey, ec);
	else
		EC_KEY_free(ec);
	return ret;
}

static int 
pkey_ec_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
{
	EC_KEY *ec = NULL;
	if (ctx->pkey == NULL) {
		ECerror(EC_R_NO_PARAMETERS_SET);
		return 0;
	}
	ec = EC_KEY_new();
	if (!ec)
		return 0;
	EVP_PKEY_assign_EC_KEY(pkey, ec);
	/* Note: if error return, pkey is freed by parent routine */
Changes to jni/libressl/crypto/ec/ec_print.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/crypto.h>
#include "ec_lcl.h"

BIGNUM *
EC_POINT_point2bn(const EC_GROUP * group, const EC_POINT * point,
    point_conversion_form_t form, BIGNUM * ret, BN_CTX * ctx)
{







<
<
<
<







49
50
51
52
53
54
55




56
57
58
59
60
61
62
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */





#include <openssl/crypto.h>
#include "ec_lcl.h"

BIGNUM *
EC_POINT_point2bn(const EC_GROUP * group, const EC_POINT * point,
    point_conversion_form_t form, BIGNUM * ret, BN_CTX * ctx)
{
Changes to jni/libressl/crypto/ec/eck_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eck_prn.c,v 1.10 2014/07/12 16:03:37 miod Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eck_prn.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
int 
ECPKParameters_print_fp(FILE * fp, const EC_GROUP * x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = ECPKParameters_print(b, x, off);
	BIO_free(b);
	return (ret);
}

int 
EC_KEY_print_fp(FILE * fp, const EC_KEY * x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = EC_KEY_print(b, x, off);
	BIO_free(b);
	return (ret);
}

int 
ECParameters_print_fp(FILE * fp, const EC_KEY * x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = ECParameters_print(b, x);
	BIO_free(b);
	return (ret);
}







|















|















|







74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
int 
ECPKParameters_print_fp(FILE * fp, const EC_GROUP * x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ECerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = ECPKParameters_print(b, x, off);
	BIO_free(b);
	return (ret);
}

int 
EC_KEY_print_fp(FILE * fp, const EC_KEY * x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ECerror(ERR_R_BIO_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = EC_KEY_print(b, x, off);
	BIO_free(b);
	return (ret);
}

int 
ECParameters_print_fp(FILE * fp, const EC_KEY * x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		ECerror(ERR_R_BIO_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = ECParameters_print(b, x);
	BIO_free(b);
	return (ret);
}
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
			goto err;
		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
			goto err;
	}
	ret = 1;
err:
	if (!ret)
		ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
	BN_free(p);
	BN_free(a);
	BN_free(b);
	BN_free(gen);
	BN_free(order);
	BN_free(cofactor);
	BN_CTX_free(ctx);







|







319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
			goto err;
		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
			goto err;
	}
	ret = 1;
err:
	if (!ret)
		ECerror(reason);
	BN_free(p);
	BN_free(a);
	BN_free(b);
	BN_free(gen);
	BN_free(order);
	BN_free(cofactor);
	BN_CTX_free(ctx);
Changes to jni/libressl/crypto/ec/ecp_mont.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_mont.c,v 1.9 2014/07/12 16:03:37 miod Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_mont.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
		if (ctx == NULL)
			return 0;
	}
	mont = BN_MONT_CTX_new();
	if (mont == NULL)
		goto err;
	if (!BN_MONT_CTX_set(mont, p, ctx)) {
		ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
		goto err;
	}
	one = BN_new();
	if (one == NULL)
		goto err;
	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
		goto err;







|







199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
		if (ctx == NULL)
			return 0;
	}
	mont = BN_MONT_CTX_new();
	if (mont == NULL)
		goto err;
	if (!BN_MONT_CTX_set(mont, p, ctx)) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	one = BN_new();
	if (one == NULL)
		goto err;
	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
		goto err;
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294


int 
ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    const BIGNUM *b, BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
}


int 
ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
}


int 
ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_to_montgomery(r, a, (BN_MONT_CTX *) group->field_data1, ctx);
}


int 
ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_from_montgomery(r, a, group->field_data1, ctx);
}


int 
ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
{
	if (group->field_data2 == NULL) {
		ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
		return 0;
	}
	if (!BN_copy(r, group->field_data2))
		return 0;
	return 1;
}







|











|











|











|










|






234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294


int 
ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    const BIGNUM *b, BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerror(EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
}


int 
ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerror(EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
}


int 
ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerror(EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_to_montgomery(r, a, (BN_MONT_CTX *) group->field_data1, ctx);
}


int 
ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    BN_CTX *ctx)
{
	if (group->field_data1 == NULL) {
		ECerror(EC_R_NOT_INITIALIZED);
		return 0;
	}
	return BN_from_montgomery(r, a, group->field_data1, ctx);
}


int 
ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
{
	if (group->field_data2 == NULL) {
		ECerror(EC_R_NOT_INITIALIZED);
		return 0;
	}
	if (!BN_copy(r, group->field_data2))
		return 0;
	return 1;
}
Changes to jni/libressl/crypto/ec/ecp_nist.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_nist.c,v 1.8 2014/06/12 15:49:29 deraadt Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_nist.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
		group->field_mod_func = BN_nist_mod_256;
	else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
		group->field_mod_func = BN_nist_mod_384;
	else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
		group->field_mod_func = BN_nist_mod_521;
	else {
		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
		goto err;
	}

	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}


int 
ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    const BIGNUM *b, BN_CTX *ctx)
{
	int ret = 0;
	BN_CTX *ctx_new = NULL;

	if (!group || !r || !a || !b) {
		ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
		goto err;
	}
	if (!ctx)
		if ((ctx_new = ctx = BN_CTX_new()) == NULL)
			goto err;

	if (!BN_mul(r, a, b, ctx))







|




















|







141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
		group->field_mod_func = BN_nist_mod_256;
	else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
		group->field_mod_func = BN_nist_mod_384;
	else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
		group->field_mod_func = BN_nist_mod_521;
	else {
		ECerror(EC_R_NOT_A_NIST_PRIME);
		goto err;
	}

	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}


int 
ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    const BIGNUM *b, BN_CTX *ctx)
{
	int ret = 0;
	BN_CTX *ctx_new = NULL;

	if (!group || !r || !a || !b) {
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		goto err;
	}
	if (!ctx)
		if ((ctx_new = ctx = BN_CTX_new()) == NULL)
			goto err;

	if (!BN_mul(r, a, b, ctx))
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a,
    BN_CTX * ctx)
{
	int ret = 0;
	BN_CTX *ctx_new = NULL;

	if (!group || !r || !a) {
		ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
		goto err;
	}
	if (!ctx)
		if ((ctx_new = ctx = BN_CTX_new()) == NULL)
			goto err;

	if (!BN_sqr(r, a, ctx))







|







189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a,
    BN_CTX * ctx)
{
	int ret = 0;
	BN_CTX *ctx_new = NULL;

	if (!group || !r || !a) {
		ECerror(EC_R_PASSED_NULL_PARAMETER);
		goto err;
	}
	if (!ctx)
		if ((ctx_new = ctx = BN_CTX_new()) == NULL)
			goto err;

	if (!BN_sqr(r, a, ctx))
Added jni/libressl/crypto/ec/ecp_nistp224.c.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
/* $OpenBSD: ecp_nistp224.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Emilia Kasper (Google) for the OpenSSL project.
 */
/*
 * Copyright (c) 2011 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
 *
 * Inspired by Daniel J. Bernstein's public domain nistp224 implementation
 * and Adam Langley's public domain 64-bit C implementation of curve25519
 */

#include <stdint.h>
#include <string.h>

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128

#include <openssl/err.h>
#include "ec_lcl.h"

#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
  /* even with gcc, the typedef won't work for 32-bit platforms */
  typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit platforms */
#else
  #error "Need GCC 3.1 or later to define type uint128_t"
#endif

typedef uint8_t u8;
typedef uint64_t u64;
typedef int64_t s64;


/******************************************************************************/
/*		    INTERNAL REPRESENTATION OF FIELD ELEMENTS
 *
 * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
 * using 64-bit coefficients called 'limbs',
 * and sometimes (for multiplication results) as
 * b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 + 2^336*b_6
 * using 128-bit coefficients called 'widelimbs'.
 * A 4-limb representation is an 'felem';
 * a 7-widelimb representation is a 'widefelem'.
 * Even within felems, bits of adjacent limbs overlap, and we don't always
 * reduce the representations: we ensure that inputs to each felem
 * multiplication satisfy a_i < 2^60, so outputs satisfy b_i < 4*2^60*2^60,
 * and fit into a 128-bit word without overflow. The coefficients are then
 * again partially reduced to obtain an felem satisfying a_i < 2^57.
 * We only reduce to the unique minimal representation at the end of the
 * computation.
 */

typedef uint64_t limb;
typedef uint128_t widelimb;

typedef limb felem[4];
typedef widelimb widefelem[7];

/* Field element represented as a byte arrary.
 * 28*8 = 224 bits is also the group order size for the elliptic curve,
 * and we also use this type for scalars for point multiplication.
  */
typedef u8 felem_bytearray[28];

static const felem_bytearray nistp224_curve_params[5] = {
	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
	 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
	 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
	 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE},
	{0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,    /* b */
	 0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
	 0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4},
	{0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,    /* x */
	 0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
	 0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21},
	{0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,    /* y */
	 0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
	 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34}
};

/* Precomputed multiples of the standard generator
 * Points are given in coordinates (X, Y, Z) where Z normally is 1
 * (0 for the point at infinity).
 * For each field element, slice a_0 is word 0, etc.
 *
 * The table has 2 * 16 elements, starting with the following:
 * index | bits    | point
 * ------+---------+------------------------------
 *     0 | 0 0 0 0 | 0G
 *     1 | 0 0 0 1 | 1G
 *     2 | 0 0 1 0 | 2^56G
 *     3 | 0 0 1 1 | (2^56 + 1)G
 *     4 | 0 1 0 0 | 2^112G
 *     5 | 0 1 0 1 | (2^112 + 1)G
 *     6 | 0 1 1 0 | (2^112 + 2^56)G
 *     7 | 0 1 1 1 | (2^112 + 2^56 + 1)G
 *     8 | 1 0 0 0 | 2^168G
 *     9 | 1 0 0 1 | (2^168 + 1)G
 *    10 | 1 0 1 0 | (2^168 + 2^56)G
 *    11 | 1 0 1 1 | (2^168 + 2^56 + 1)G
 *    12 | 1 1 0 0 | (2^168 + 2^112)G
 *    13 | 1 1 0 1 | (2^168 + 2^112 + 1)G
 *    14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G
 *    15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G
 * followed by a copy of this with each element multiplied by 2^28.
 *
 * The reason for this is so that we can clock bits into four different
 * locations when doing simple scalar multiplies against the base point,
 * and then another four locations using the second 16 elements.
 */
static const felem gmul[2][16][3] =
{{{{0, 0, 0, 0},
   {0, 0, 0, 0},
   {0, 0, 0, 0}},
  {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
   {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
   {1, 0, 0, 0}},
  {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
   {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
   {1, 0, 0, 0}},
  {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
   {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
   {1, 0, 0, 0}},
  {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
   {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
   {1, 0, 0, 0}},
  {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
   {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
   {1, 0, 0, 0}},
  {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
   {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
   {1, 0, 0, 0}},
  {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
   {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
   {1, 0, 0, 0}},
  {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
   {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
   {1, 0, 0, 0}},
  {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
   {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
   {1, 0, 0, 0}},
  {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
   {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
   {1, 0, 0, 0}},
  {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
   {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
   {1, 0, 0, 0}},
  {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
   {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
   {1, 0, 0, 0}},
  {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
   {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
   {1, 0, 0, 0}},
  {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
   {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
   {1, 0, 0, 0}},
  {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
   {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
   {1, 0, 0, 0}}},
 {{{0, 0, 0, 0},
   {0, 0, 0, 0},
   {0, 0, 0, 0}},
  {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31},
   {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d},
   {1, 0, 0, 0}},
  {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3},
   {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a},
   {1, 0, 0, 0}},
  {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33},
   {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100},
   {1, 0, 0, 0}},
  {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5},
   {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea},
   {1, 0, 0, 0}},
  {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be},
   {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51},
   {1, 0, 0, 0}},
  {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1},
   {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb},
   {1, 0, 0, 0}},
  {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233},
   {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def},
   {1, 0, 0, 0}},
  {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae},
   {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45},
   {1, 0, 0, 0}},
  {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e},
   {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb},
   {1, 0, 0, 0}},
  {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de},
   {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3},
   {1, 0, 0, 0}},
  {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05},
   {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58},
   {1, 0, 0, 0}},
  {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb},
   {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0},
   {1, 0, 0, 0}},
  {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9},
   {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea},
   {1, 0, 0, 0}},
  {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba},
   {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405},
   {1, 0, 0, 0}},
  {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e},
   {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e},
   {1, 0, 0, 0}}}};

/* Precomputation for the group generator. */
typedef struct {
	felem g_pre_comp[2][16][3];
	int references;
} NISTP224_PRE_COMP;

const EC_METHOD *
EC_GFp_nistp224_method(void)
{
	static const EC_METHOD ret = {
		.flags = EC_FLAGS_DEFAULT_OCT,
		.field_type = NID_X9_62_prime_field,
		.group_init = ec_GFp_nistp224_group_init,
		.group_finish = ec_GFp_simple_group_finish,
		.group_clear_finish = ec_GFp_simple_group_clear_finish,
		.group_copy = ec_GFp_nist_group_copy,
		.group_set_curve = ec_GFp_nistp224_group_set_curve,
		.group_get_curve = ec_GFp_simple_group_get_curve,
		.group_get_degree = ec_GFp_simple_group_get_degree,
		.group_check_discriminant =
		    ec_GFp_simple_group_check_discriminant,
		.point_init = ec_GFp_simple_point_init,
		.point_finish = ec_GFp_simple_point_finish,
		.point_clear_finish = ec_GFp_simple_point_clear_finish,
		.point_copy = ec_GFp_simple_point_copy,
		.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
		.point_set_Jprojective_coordinates_GFp =
		    ec_GFp_simple_set_Jprojective_coordinates_GFp,
		.point_get_Jprojective_coordinates_GFp =
		    ec_GFp_simple_get_Jprojective_coordinates_GFp,
		.point_set_affine_coordinates =
		    ec_GFp_simple_point_set_affine_coordinates,
		.point_get_affine_coordinates =
		    ec_GFp_nistp224_point_get_affine_coordinates,
		.add = ec_GFp_simple_add,
		.dbl = ec_GFp_simple_dbl,
		.invert = ec_GFp_simple_invert,
		.is_at_infinity = ec_GFp_simple_is_at_infinity,
		.is_on_curve = ec_GFp_simple_is_on_curve,
		.point_cmp = ec_GFp_simple_cmp,
		.make_affine = ec_GFp_simple_make_affine,
		.points_make_affine = ec_GFp_simple_points_make_affine,
		.mul = ec_GFp_nistp224_points_mul,
		.precompute_mult = ec_GFp_nistp224_precompute_mult,
		.have_precompute_mult = ec_GFp_nistp224_have_precompute_mult,
		.field_mul = ec_GFp_nist_field_mul,
		.field_sqr = ec_GFp_nist_field_sqr
	};

	return &ret;
}

/* Helper functions to convert field elements to/from internal representation */
static void 
bin28_to_felem(felem out, const u8 in[28])
{
	out[0] = *((const uint64_t *) (in)) & 0x00ffffffffffffff;
	out[1] = (*((const uint64_t *) (in + 7))) & 0x00ffffffffffffff;
	out[2] = (*((const uint64_t *) (in + 14))) & 0x00ffffffffffffff;
	out[3] = (*((const uint64_t *) (in + 21))) & 0x00ffffffffffffff;
}

static void 
felem_to_bin28(u8 out[28], const felem in)
{
	unsigned i;
	for (i = 0; i < 7; ++i) {
		out[i] = in[0] >> (8 * i);
		out[i + 7] = in[1] >> (8 * i);
		out[i + 14] = in[2] >> (8 * i);
		out[i + 21] = in[3] >> (8 * i);
	}
}

/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
static void 
flip_endian(u8 * out, const u8 * in, unsigned len)
{
	unsigned i;
	for (i = 0; i < len; ++i)
		out[i] = in[len - 1 - i];
}

/* From OpenSSL BIGNUM to internal representation */
static int 
BN_to_felem(felem out, const BIGNUM * bn)
{
	felem_bytearray b_in;
	felem_bytearray b_out;
	unsigned num_bytes;

	/* BN_bn2bin eats leading zeroes */
	memset(b_out, 0, sizeof b_out);
	num_bytes = BN_num_bytes(bn);
	if (num_bytes > sizeof b_out) {
		ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
		return 0;
	}
	if (BN_is_negative(bn)) {
		ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
		return 0;
	}
	num_bytes = BN_bn2bin(bn, b_in);
	flip_endian(b_out, b_in, num_bytes);
	bin28_to_felem(out, b_out);
	return 1;
}

/* From internal representation to OpenSSL BIGNUM */
static BIGNUM *
felem_to_BN(BIGNUM * out, const felem in)
{
	felem_bytearray b_in, b_out;
	felem_to_bin28(b_in, in);
	flip_endian(b_out, b_in, sizeof b_out);
	return BN_bin2bn(b_out, sizeof b_out, out);
}

/******************************************************************************/
/*				FIELD OPERATIONS
 *
 * Field operations, using the internal representation of field elements.
 * NB! These operations are specific to our point multiplication and cannot be
 * expected to be correct in general - e.g., multiplication with a large scalar
 * will cause an overflow.
 *
 */

static void 
felem_one(felem out)
{
	out[0] = 1;
	out[1] = 0;
	out[2] = 0;
	out[3] = 0;
}

static void 
felem_assign(felem out, const felem in)
{
	out[0] = in[0];
	out[1] = in[1];
	out[2] = in[2];
	out[3] = in[3];
}

/* Sum two field elements: out += in */
static void 
felem_sum(felem out, const felem in)
{
	out[0] += in[0];
	out[1] += in[1];
	out[2] += in[2];
	out[3] += in[3];
}

/* Get negative value: out = -in */
/* Assumes in[i] < 2^57 */
static void 
felem_neg(felem out, const felem in)
{
	static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
	static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
	static const limb two58m42m2 = (((limb) 1) << 58) -
	(((limb) 1) << 42) - (((limb) 1) << 2);

	/* Set to 0 mod 2^224-2^96+1 to ensure out > in */
	out[0] = two58p2 - in[0];
	out[1] = two58m42m2 - in[1];
	out[2] = two58m2 - in[2];
	out[3] = two58m2 - in[3];
}

/* Subtract field elements: out -= in */
/* Assumes in[i] < 2^57 */
static void 
felem_diff(felem out, const felem in)
{
	static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
	static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
	static const limb two58m42m2 = (((limb) 1) << 58) -
	(((limb) 1) << 42) - (((limb) 1) << 2);

	/* Add 0 mod 2^224-2^96+1 to ensure out > in */
	out[0] += two58p2;
	out[1] += two58m42m2;
	out[2] += two58m2;
	out[3] += two58m2;

	out[0] -= in[0];
	out[1] -= in[1];
	out[2] -= in[2];
	out[3] -= in[3];
}

/* Subtract in unreduced 128-bit mode: out -= in */
/* Assumes in[i] < 2^119 */
static void 
widefelem_diff(widefelem out, const widefelem in)
{
	static const widelimb two120 = ((widelimb) 1) << 120;
	static const widelimb two120m64 = (((widelimb) 1) << 120) -
	(((widelimb) 1) << 64);
	static const widelimb two120m104m64 = (((widelimb) 1) << 120) -
	(((widelimb) 1) << 104) - (((widelimb) 1) << 64);

	/* Add 0 mod 2^224-2^96+1 to ensure out > in */
	out[0] += two120;
	out[1] += two120m64;
	out[2] += two120m64;
	out[3] += two120;
	out[4] += two120m104m64;
	out[5] += two120m64;
	out[6] += two120m64;

	out[0] -= in[0];
	out[1] -= in[1];
	out[2] -= in[2];
	out[3] -= in[3];
	out[4] -= in[4];
	out[5] -= in[5];
	out[6] -= in[6];
}

/* Subtract in mixed mode: out128 -= in64 */
/* in[i] < 2^63 */
static void 
felem_diff_128_64(widefelem out, const felem in)
{
	static const widelimb two64p8 = (((widelimb) 1) << 64) +
	(((widelimb) 1) << 8);
	static const widelimb two64m8 = (((widelimb) 1) << 64) -
	(((widelimb) 1) << 8);
	static const widelimb two64m48m8 = (((widelimb) 1) << 64) -
	(((widelimb) 1) << 48) - (((widelimb) 1) << 8);

	/* Add 0 mod 2^224-2^96+1 to ensure out > in */
	out[0] += two64p8;
	out[1] += two64m48m8;
	out[2] += two64m8;
	out[3] += two64m8;

	out[0] -= in[0];
	out[1] -= in[1];
	out[2] -= in[2];
	out[3] -= in[3];
}

/* Multiply a field element by a scalar: out = out * scalar
 * The scalars we actually use are small, so results fit without overflow */
static void 
felem_scalar(felem out, const limb scalar)
{
	out[0] *= scalar;
	out[1] *= scalar;
	out[2] *= scalar;
	out[3] *= scalar;
}

/* Multiply an unreduced field element by a scalar: out = out * scalar
 * The scalars we actually use are small, so results fit without overflow */
static void 
widefelem_scalar(widefelem out, const widelimb scalar)
{
	out[0] *= scalar;
	out[1] *= scalar;
	out[2] *= scalar;
	out[3] *= scalar;
	out[4] *= scalar;
	out[5] *= scalar;
	out[6] *= scalar;
}

/* Square a field element: out = in^2 */
static void 
felem_square(widefelem out, const felem in)
{
	limb tmp0, tmp1, tmp2;
	tmp0 = 2 * in[0];
	tmp1 = 2 * in[1];
	tmp2 = 2 * in[2];
	out[0] = ((widelimb) in[0]) * in[0];
	out[1] = ((widelimb) in[0]) * tmp1;
	out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1];
	out[3] = ((widelimb) in[3]) * tmp0 +
	    ((widelimb) in[1]) * tmp2;
	out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2];
	out[5] = ((widelimb) in[3]) * tmp2;
	out[6] = ((widelimb) in[3]) * in[3];
}

/* Multiply two field elements: out = in1 * in2 */
static void 
felem_mul(widefelem out, const felem in1, const felem in2)
{
	out[0] = ((widelimb) in1[0]) * in2[0];
	out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0];
	out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] +
	    ((widelimb) in1[2]) * in2[0];
	out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] +
	    ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
	out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] +
	    ((widelimb) in1[3]) * in2[1];
	out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2];
	out[6] = ((widelimb) in1[3]) * in2[3];
}

/* Reduce seven 128-bit coefficients to four 64-bit coefficients.
 * Requires in[i] < 2^126,
 * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */
static void 
felem_reduce(felem out, const widefelem in)
{
	static const widelimb two127p15 = (((widelimb) 1) << 127) +
	(((widelimb) 1) << 15);
	static const widelimb two127m71 = (((widelimb) 1) << 127) -
	(((widelimb) 1) << 71);
	static const widelimb two127m71m55 = (((widelimb) 1) << 127) -
	(((widelimb) 1) << 71) - (((widelimb) 1) << 55);
	widelimb output[5];

	/* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */
	output[0] = in[0] + two127p15;
	output[1] = in[1] + two127m71m55;
	output[2] = in[2] + two127m71;
	output[3] = in[3];
	output[4] = in[4];

	/* Eliminate in[4], in[5], in[6] */
	output[4] += in[6] >> 16;
	output[3] += (in[6] & 0xffff) << 40;
	output[2] -= in[6];

	output[3] += in[5] >> 16;
	output[2] += (in[5] & 0xffff) << 40;
	output[1] -= in[5];

	output[2] += output[4] >> 16;
	output[1] += (output[4] & 0xffff) << 40;
	output[0] -= output[4];

	/* Carry 2 -> 3 -> 4 */
	output[3] += output[2] >> 56;
	output[2] &= 0x00ffffffffffffff;

	output[4] = output[3] >> 56;
	output[3] &= 0x00ffffffffffffff;

	/* Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72 */

	/* Eliminate output[4] */
	output[2] += output[4] >> 16;
	/* output[2] < 2^56 + 2^56 = 2^57 */
	output[1] += (output[4] & 0xffff) << 40;
	output[0] -= output[4];

	/* Carry 0 -> 1 -> 2 -> 3 */
	output[1] += output[0] >> 56;
	out[0] = output[0] & 0x00ffffffffffffff;

	output[2] += output[1] >> 56;
	/* output[2] < 2^57 + 2^72 */
	out[1] = output[1] & 0x00ffffffffffffff;
	output[3] += output[2] >> 56;
	/* output[3] <= 2^56 + 2^16 */
	out[2] = output[2] & 0x00ffffffffffffff;

	/*
	 * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
	 * (due to final carry), so out < 2*p
	 */
	out[3] = output[3];
}

static void 
felem_square_reduce(felem out, const felem in)
{
	widefelem tmp;
	felem_square(tmp, in);
	felem_reduce(out, tmp);
}

static void 
felem_mul_reduce(felem out, const felem in1, const felem in2)
{
	widefelem tmp;
	felem_mul(tmp, in1, in2);
	felem_reduce(out, tmp);
}

/* Reduce to unique minimal representation.
 * Requires 0 <= in < 2*p (always call felem_reduce first) */
static void 
felem_contract(felem out, const felem in)
{
	static const int64_t two56 = ((limb) 1) << 56;
	/* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */
	/* if in > p , reduce in = in - 2^224 + 2^96 - 1 */
	int64_t tmp[4], a;
	tmp[0] = in[0];
	tmp[1] = in[1];
	tmp[2] = in[2];
	tmp[3] = in[3];
	/* Case 1: a = 1 iff in >= 2^224 */
	a = (in[3] >> 56);
	tmp[0] -= a;
	tmp[1] += a << 40;
	tmp[3] &= 0x00ffffffffffffff;
	/*
	 * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all
	 * 1 and the lower part is non-zero
	 */
	a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
	    (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
	a &= 0x00ffffffffffffff;
	/* turn a into an all-one mask (if a = 0) or an all-zero mask */
	a = (a - 1) >> 63;
	/* subtract 2^224 - 2^96 + 1 if a is all-one */
	tmp[3] &= a ^ 0xffffffffffffffff;
	tmp[2] &= a ^ 0xffffffffffffffff;
	tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
	tmp[0] -= 1 & a;

	/*
	 * eliminate negative coefficients: if tmp[0] is negative, tmp[1]
	 * must be non-zero, so we only need one step
	 */
	a = tmp[0] >> 63;
	tmp[0] += two56 & a;
	tmp[1] -= 1 & a;

	/* carry 1 -> 2 -> 3 */
	tmp[2] += tmp[1] >> 56;
	tmp[1] &= 0x00ffffffffffffff;

	tmp[3] += tmp[2] >> 56;
	tmp[2] &= 0x00ffffffffffffff;

	/* Now 0 <= out < p */
	out[0] = tmp[0];
	out[1] = tmp[1];
	out[2] = tmp[2];
	out[3] = tmp[3];
}

/* Zero-check: returns 1 if input is 0, and 0 otherwise.
 * We know that field elements are reduced to in < 2^225,
 * so we only need to check three cases: 0, 2^224 - 2^96 + 1,
 * and 2^225 - 2^97 + 2 */
static limb 
felem_is_zero(const felem in)
{
	limb zero, two224m96p1, two225m97p2;

	zero = in[0] | in[1] | in[2] | in[3];
	zero = (((int64_t) (zero) - 1) >> 63) & 1;
	two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000)
	    | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff);
	two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1;
	two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000)
	    | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff);
	two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1;
	return (zero | two224m96p1 | two225m97p2);
}

static limb 
felem_is_zero_int(const felem in)
{
	return (int) (felem_is_zero(in) & ((limb) 1));
}

/* Invert a field element */
/* Computation chain copied from djb's code */
static void 
felem_inv(felem out, const felem in)
{
	felem ftmp, ftmp2, ftmp3, ftmp4;
	widefelem tmp;
	unsigned i;

	felem_square(tmp, in);
	felem_reduce(ftmp, tmp);/* 2 */
	felem_mul(tmp, in, ftmp);
	felem_reduce(ftmp, tmp);/* 2^2 - 1 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^3 - 2 */
	felem_mul(tmp, in, ftmp);
	felem_reduce(ftmp, tmp);/* 2^3 - 1 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp2, tmp);	/* 2^4 - 2 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^5 - 4 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^6 - 8 */
	felem_mul(tmp, ftmp2, ftmp);
	felem_reduce(ftmp, tmp);/* 2^6 - 1 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp2, tmp);	/* 2^7 - 2 */
	for (i = 0; i < 5; ++i) {	/* 2^12 - 2^6 */
		felem_square(tmp, ftmp2);
		felem_reduce(ftmp2, tmp);
	}
	felem_mul(tmp, ftmp2, ftmp);
	felem_reduce(ftmp2, tmp);	/* 2^12 - 1 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^13 - 2 */
	for (i = 0; i < 11; ++i) {	/* 2^24 - 2^12 */
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^24 - 1 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^25 - 2 */
	for (i = 0; i < 23; ++i) {	/* 2^48 - 2^24 */
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^48 - 1 */
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp4, tmp);	/* 2^49 - 2 */
	for (i = 0; i < 47; ++i) {	/* 2^96 - 2^48 */
		felem_square(tmp, ftmp4);
		felem_reduce(ftmp4, tmp);
	}
	felem_mul(tmp, ftmp3, ftmp4);
	felem_reduce(ftmp3, tmp);	/* 2^96 - 1 */
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp4, tmp);	/* 2^97 - 2 */
	for (i = 0; i < 23; ++i) {	/* 2^120 - 2^24 */
		felem_square(tmp, ftmp4);
		felem_reduce(ftmp4, tmp);
	}
	felem_mul(tmp, ftmp2, ftmp4);
	felem_reduce(ftmp2, tmp);	/* 2^120 - 1 */
	for (i = 0; i < 6; ++i) {	/* 2^126 - 2^6 */
		felem_square(tmp, ftmp2);
		felem_reduce(ftmp2, tmp);
	}
	felem_mul(tmp, ftmp2, ftmp);
	felem_reduce(ftmp, tmp);/* 2^126 - 1 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^127 - 2 */
	felem_mul(tmp, ftmp, in);
	felem_reduce(ftmp, tmp);/* 2^127 - 1 */
	for (i = 0; i < 97; ++i) {	/* 2^224 - 2^97 */
		felem_square(tmp, ftmp);
		felem_reduce(ftmp, tmp);
	}
	felem_mul(tmp, ftmp, ftmp3);
	felem_reduce(out, tmp);	/* 2^224 - 2^96 - 1 */
}

/* Copy in constant time:
 * if icopy == 1, copy in to out,
 * if icopy == 0, copy out to itself. */
static void
copy_conditional(felem out, const felem in, limb icopy)
{
	unsigned i;
	/* icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one */
	const limb copy = -icopy;
	for (i = 0; i < 4; ++i) {
		const limb tmp = copy & (in[i] ^ out[i]);
		out[i] ^= tmp;
	}
}

/******************************************************************************/
/*			 ELLIPTIC CURVE POINT OPERATIONS
 *
 * Points are represented in Jacobian projective coordinates:
 * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3),
 * or to the point at infinity if Z == 0.
 *
 */

/* Double an elliptic curve point:
 * (X', Y', Z') = 2 * (X, Y, Z), where
 * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
 * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
 * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
 * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
 * while x_out == y_in is not (maybe this works, but it's not tested). */
static void
point_double(felem x_out, felem y_out, felem z_out,
    const felem x_in, const felem y_in, const felem z_in)
{
	widefelem tmp, tmp2;
	felem delta, gamma, beta, alpha, ftmp, ftmp2;

	felem_assign(ftmp, x_in);
	felem_assign(ftmp2, x_in);

	/* delta = z^2 */
	felem_square(tmp, z_in);
	felem_reduce(delta, tmp);

	/* gamma = y^2 */
	felem_square(tmp, y_in);
	felem_reduce(gamma, tmp);

	/* beta = x*gamma */
	felem_mul(tmp, x_in, gamma);
	felem_reduce(beta, tmp);

	/* alpha = 3*(x-delta)*(x+delta) */
	felem_diff(ftmp, delta);
	/* ftmp[i] < 2^57 + 2^58 + 2 < 2^59 */
	felem_sum(ftmp2, delta);
	/* ftmp2[i] < 2^57 + 2^57 = 2^58 */
	felem_scalar(ftmp2, 3);
	/* ftmp2[i] < 3 * 2^58 < 2^60 */
	felem_mul(tmp, ftmp, ftmp2);
	/* tmp[i] < 2^60 * 2^59 * 4 = 2^121 */
	felem_reduce(alpha, tmp);

	/* x' = alpha^2 - 8*beta */
	felem_square(tmp, alpha);
	/* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
	felem_assign(ftmp, beta);
	felem_scalar(ftmp, 8);
	/* ftmp[i] < 8 * 2^57 = 2^60 */
	felem_diff_128_64(tmp, ftmp);
	/* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
	felem_reduce(x_out, tmp);

	/* z' = (y + z)^2 - gamma - delta */
	felem_sum(delta, gamma);
	/* delta[i] < 2^57 + 2^57 = 2^58 */
	felem_assign(ftmp, y_in);
	felem_sum(ftmp, z_in);
	/* ftmp[i] < 2^57 + 2^57 = 2^58 */
	felem_square(tmp, ftmp);
	/* tmp[i] < 4 * 2^58 * 2^58 = 2^118 */
	felem_diff_128_64(tmp, delta);
	/* tmp[i] < 2^118 + 2^64 + 8 < 2^119 */
	felem_reduce(z_out, tmp);

	/* y' = alpha*(4*beta - x') - 8*gamma^2 */
	felem_scalar(beta, 4);
	/* beta[i] < 4 * 2^57 = 2^59 */
	felem_diff(beta, x_out);
	/* beta[i] < 2^59 + 2^58 + 2 < 2^60 */
	felem_mul(tmp, alpha, beta);
	/* tmp[i] < 4 * 2^57 * 2^60 = 2^119 */
	felem_square(tmp2, gamma);
	/* tmp2[i] < 4 * 2^57 * 2^57 = 2^116 */
	widefelem_scalar(tmp2, 8);
	/* tmp2[i] < 8 * 2^116 = 2^119 */
	widefelem_diff(tmp, tmp2);
	/* tmp[i] < 2^119 + 2^120 < 2^121 */
	felem_reduce(y_out, tmp);
}

/* Add two elliptic curve points:
 * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
 * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
 * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
 * Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - X_3) -
 *        Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3
 * Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2)
 *
 * This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0.
 */

/* This function is not entirely constant-time:
 * it includes a branch for checking whether the two input points are equal,
 * (while not equal to the point at infinity).
 * This case never happens during single point multiplication,
 * so there is no timing leak for ECDH or ECDSA signing. */
static void 
point_add(felem x3, felem y3, felem z3,
    const felem x1, const felem y1, const felem z1,
    const int mixed, const felem x2, const felem y2, const felem z2)
{
	felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
	widefelem tmp, tmp2;
	limb z1_is_zero, z2_is_zero, x_equal, y_equal;

	if (!mixed) {
		/* ftmp2 = z2^2 */
		felem_square(tmp, z2);
		felem_reduce(ftmp2, tmp);

		/* ftmp4 = z2^3 */
		felem_mul(tmp, ftmp2, z2);
		felem_reduce(ftmp4, tmp);

		/* ftmp4 = z2^3*y1 */
		felem_mul(tmp2, ftmp4, y1);
		felem_reduce(ftmp4, tmp2);

		/* ftmp2 = z2^2*x1 */
		felem_mul(tmp2, ftmp2, x1);
		felem_reduce(ftmp2, tmp2);
	} else {
		/* We'll assume z2 = 1 (special case z2 = 0 is handled later) */

		/* ftmp4 = z2^3*y1 */
		felem_assign(ftmp4, y1);

		/* ftmp2 = z2^2*x1 */
		felem_assign(ftmp2, x1);
	}

	/* ftmp = z1^2 */
	felem_square(tmp, z1);
	felem_reduce(ftmp, tmp);

	/* ftmp3 = z1^3 */
	felem_mul(tmp, ftmp, z1);
	felem_reduce(ftmp3, tmp);

	/* tmp = z1^3*y2 */
	felem_mul(tmp, ftmp3, y2);
	/* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */

	/* ftmp3 = z1^3*y2 - z2^3*y1 */
	felem_diff_128_64(tmp, ftmp4);
	/* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
	felem_reduce(ftmp3, tmp);

	/* tmp = z1^2*x2 */
	felem_mul(tmp, ftmp, x2);
	/* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */

	/* ftmp = z1^2*x2 - z2^2*x1 */
	felem_diff_128_64(tmp, ftmp2);
	/* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
	felem_reduce(ftmp, tmp);

	/*
	 * the formulae are incorrect if the points are equal so we check for
	 * this and do doubling if this happens
	 */
	x_equal = felem_is_zero(ftmp);
	y_equal = felem_is_zero(ftmp3);
	z1_is_zero = felem_is_zero(z1);
	z2_is_zero = felem_is_zero(z2);
	/* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */
	if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
		point_double(x3, y3, z3, x1, y1, z1);
		return;
	}
	/* ftmp5 = z1*z2 */
	if (!mixed) {
		felem_mul(tmp, z1, z2);
		felem_reduce(ftmp5, tmp);
	} else {
		/* special case z2 = 0 is handled later */
		felem_assign(ftmp5, z1);
	}

	/* z_out = (z1^2*x2 - z2^2*x1)*(z1*z2) */
	felem_mul(tmp, ftmp, ftmp5);
	felem_reduce(z_out, tmp);

	/* ftmp = (z1^2*x2 - z2^2*x1)^2 */
	felem_assign(ftmp5, ftmp);
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);

	/* ftmp5 = (z1^2*x2 - z2^2*x1)^3 */
	felem_mul(tmp, ftmp, ftmp5);
	felem_reduce(ftmp5, tmp);

	/* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
	felem_mul(tmp, ftmp2, ftmp);
	felem_reduce(ftmp2, tmp);

	/* tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
	felem_mul(tmp, ftmp4, ftmp5);
	/* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */

	/* tmp2 = (z1^3*y2 - z2^3*y1)^2 */
	felem_square(tmp2, ftmp3);
	/* tmp2[i] < 4 * 2^57 * 2^57 < 2^116 */

	/* tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 */
	felem_diff_128_64(tmp2, ftmp5);
	/* tmp2[i] < 2^116 + 2^64 + 8 < 2^117 */

	/* ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
	felem_assign(ftmp5, ftmp2);
	felem_scalar(ftmp5, 2);
	/* ftmp5[i] < 2 * 2^57 = 2^58 */

	/*
	 * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
	 * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
	 */
	felem_diff_128_64(tmp2, ftmp5);
	/* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */
	felem_reduce(x_out, tmp2);

	/* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out */
	felem_diff(ftmp2, x_out);
	/* ftmp2[i] < 2^57 + 2^58 + 2 < 2^59 */

	/* tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) */
	felem_mul(tmp2, ftmp3, ftmp2);
	/* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */

	/*
	 * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 -
	 * x_out) - z2^3*y1*(z1^2*x2 - z2^2*x1)^3
	 */
	widefelem_diff(tmp2, tmp);
	/* tmp2[i] < 2^118 + 2^120 < 2^121 */
	felem_reduce(y_out, tmp2);

	/*
	 * the result (x_out, y_out, z_out) is incorrect if one of the inputs
	 * is the point at infinity, so we need to check for this separately
	 */

	/* if point 1 is at infinity, copy point 2 to output, and vice versa */
	copy_conditional(x_out, x2, z1_is_zero);
	copy_conditional(x_out, x1, z2_is_zero);
	copy_conditional(y_out, y2, z1_is_zero);
	copy_conditional(y_out, y1, z2_is_zero);
	copy_conditional(z_out, z2, z1_is_zero);
	copy_conditional(z_out, z1, z2_is_zero);
	felem_assign(x3, x_out);
	felem_assign(y3, y_out);
	felem_assign(z3, z_out);
}

/* select_point selects the |idx|th point from a precomputation table and
 * copies it to out. */
static void 
select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */ ][3], felem out[3])
{
	unsigned i, j;
	limb *outlimbs = &out[0][0];
	memset(outlimbs, 0, 3 * sizeof(felem));

	for (i = 0; i < size; i++) {
		const limb *inlimbs = &pre_comp[i][0][0];
		u64 mask = i ^ idx;
		mask |= mask >> 4;
		mask |= mask >> 2;
		mask |= mask >> 1;
		mask &= 1;
		mask--;
		for (j = 0; j < 4 * 3; j++)
			outlimbs[j] |= inlimbs[j] & mask;
	}
}

/* get_bit returns the |i|th bit in |in| */
static char 
get_bit(const felem_bytearray in, unsigned i)
{
	if (i >= 224)
		return 0;
	return (in[i >> 3] >> (i & 7)) & 1;
}

/* Interleaved point multiplication using precomputed point multiples:
 * The small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[],
 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
 * of the generator, using certain (large) precomputed multiples in g_pre_comp.
 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */
static void 
batch_mul(felem x_out, felem y_out, felem z_out,
    const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
    const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[2][16][3])
{
	int i, skip;
	unsigned num;
	unsigned gen_mul = (g_scalar != NULL);
	felem nq[3], tmp[4];
	u64 bits;
	u8 sign, digit;

	/* set nq to the point at infinity */
	memset(nq, 0, 3 * sizeof(felem));

	/*
	 * Loop over all scalars msb-to-lsb, interleaving additions of
	 * multiples of the generator (two in each of the last 28 rounds) and
	 * additions of other points multiples (every 5th round).
	 */
	skip = 1;		/* save two point operations in the first
				 * round */
	for (i = (num_points ? 220 : 27); i >= 0; --i) {
		/* double */
		if (!skip)
			point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);

		/* add multiples of the generator */
		if (gen_mul && (i <= 27)) {
			/* first, look 28 bits upwards */
			bits = get_bit(g_scalar, i + 196) << 3;
			bits |= get_bit(g_scalar, i + 140) << 2;
			bits |= get_bit(g_scalar, i + 84) << 1;
			bits |= get_bit(g_scalar, i + 28);
			/* select the point to add, in constant time */
			select_point(bits, 16, g_pre_comp[1], tmp);

			if (!skip) {
				point_add(nq[0], nq[1], nq[2],
				    nq[0], nq[1], nq[2],
				    1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
			} else {
				memcpy(nq, tmp, 3 * sizeof(felem));
				skip = 0;
			}

			/* second, look at the current position */
			bits = get_bit(g_scalar, i + 168) << 3;
			bits |= get_bit(g_scalar, i + 112) << 2;
			bits |= get_bit(g_scalar, i + 56) << 1;
			bits |= get_bit(g_scalar, i);
			/* select the point to add, in constant time */
			select_point(bits, 16, g_pre_comp[0], tmp);
			point_add(nq[0], nq[1], nq[2],
			    nq[0], nq[1], nq[2],
			    1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
		}
		/* do other additions every 5 doublings */
		if (num_points && (i % 5 == 0)) {
			/* loop over all scalars */
			for (num = 0; num < num_points; ++num) {
				bits = get_bit(scalars[num], i + 4) << 5;
				bits |= get_bit(scalars[num], i + 3) << 4;
				bits |= get_bit(scalars[num], i + 2) << 3;
				bits |= get_bit(scalars[num], i + 1) << 2;
				bits |= get_bit(scalars[num], i) << 1;
				bits |= get_bit(scalars[num], i - 1);
				ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);

				/* select the point to add or subtract */
				select_point(digit, 17, pre_comp[num], tmp);
				felem_neg(tmp[3], tmp[1]);	/* (X, -Y, Z) is the
								 * negative point */
				copy_conditional(tmp[1], tmp[3], sign);

				if (!skip) {
					point_add(nq[0], nq[1], nq[2],
					    nq[0], nq[1], nq[2],
					    mixed, tmp[0], tmp[1], tmp[2]);
				} else {
					memcpy(nq, tmp, 3 * sizeof(felem));
					skip = 0;
				}
			}
		}
	}
	felem_assign(x_out, nq[0]);
	felem_assign(y_out, nq[1]);
	felem_assign(z_out, nq[2]);
}

/******************************************************************************/
/*		       FUNCTIONS TO MANAGE PRECOMPUTATION
 */

static NISTP224_PRE_COMP *
nistp224_pre_comp_new()
{
	NISTP224_PRE_COMP *ret = NULL;
	ret = malloc(sizeof *ret);
	if (!ret) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return ret;
	}
	memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
	ret->references = 1;
	return ret;
}

static void *
nistp224_pre_comp_dup(void *src_)
{
	NISTP224_PRE_COMP *src = src_;

	/* no need to actually copy, these objects never change! */
	CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);

	return src_;
}

static void 
nistp224_pre_comp_free(void *pre_)
{
	int i;
	NISTP224_PRE_COMP *pre = pre_;

	if (!pre)
		return;

	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
	if (i > 0)
		return;

	free(pre);
}

static void 
nistp224_pre_comp_clear_free(void *pre_)
{
	int i;
	NISTP224_PRE_COMP *pre = pre_;

	if (!pre)
		return;

	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
	if (i > 0)
		return;

	explicit_bzero(pre, sizeof *pre);
	free(pre);
}

/******************************************************************************/
/*			   OPENSSL EC_METHOD FUNCTIONS
 */

int 
ec_GFp_nistp224_group_init(EC_GROUP * group)
{
	int ret;
	ret = ec_GFp_simple_group_init(group);
	group->a_is_minus3 = 1;
	return ret;
}

int 
ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
    const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
	int ret = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *curve_p, *curve_a, *curve_b;

	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
	    ((curve_a = BN_CTX_get(ctx)) == NULL) ||
	    ((curve_b = BN_CTX_get(ctx)) == NULL))
		goto err;
	BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p);
	BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a);
	BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b);
	if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
	    (BN_cmp(curve_b, b))) {
		ECerror(EC_R_WRONG_CURVE_PARAMETERS);
		goto err;
	}
	group->field_mod_func = BN_nist_mod_224;
	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}

/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
 * (X', Y') = (X/Z^2, Y/Z^3) */
int 
ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
    const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
	felem z1, z2, x_in, y_in, x_out, y_out;
	widefelem tmp;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerror(EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
	    (!BN_to_felem(z1, &point->Z)))
		return 0;
	felem_inv(z2, z1);
	felem_square(tmp, z2);
	felem_reduce(z1, tmp);
	felem_mul(tmp, x_in, z1);
	felem_reduce(x_in, tmp);
	felem_contract(x_out, x_in);
	if (x != NULL) {
		if (!felem_to_BN(x, x_out)) {
			ECerror(ERR_R_BN_LIB);
			return 0;
		}
	}
	felem_mul(tmp, z1, z2);
	felem_reduce(z1, tmp);
	felem_mul(tmp, y_in, z1);
	felem_reduce(y_in, tmp);
	felem_contract(y_out, y_in);
	if (y != NULL) {
		if (!felem_to_BN(y, y_out)) {
			ECerror(ERR_R_BN_LIB);
			return 0;
		}
	}
	return 1;
}

static void 
make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /* num+1 */ ])
{
	/*
	 * Runs in constant time, unless an input is the point at infinity
	 * (which normally shouldn't happen).
	 */
	ec_GFp_nistp_points_make_affine_internal(
	    num,
	    points,
	    sizeof(felem),
	    tmp_felems,
	    (void (*) (void *)) felem_one,
	    (int (*) (const void *)) felem_is_zero_int,
	    (void (*) (void *, const void *)) felem_assign,
	    (void (*) (void *, const void *)) felem_square_reduce,
	    (void (*) (void *, const void *, const void *)) felem_mul_reduce,
	    (void (*) (void *, const void *)) felem_inv,
	    (void (*) (void *, const void *)) felem_contract);
}

/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values
 * Result is stored in r (r can equal one of the inputs). */
int 
ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
    const BIGNUM * scalar, size_t num, const EC_POINT * points[],
    const BIGNUM * scalars[], BN_CTX * ctx)
{
	int ret = 0;
	int j;
	unsigned i;
	int mixed = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y, *z, *tmp_scalar;
	felem_bytearray g_secret;
	felem_bytearray *secrets = NULL;
	felem(*pre_comp)[17][3] = NULL;
	felem *tmp_felems = NULL;
	felem_bytearray tmp;
	unsigned num_bytes;
	int have_pre_comp = 0;
	size_t num_points = num;
	felem x_in, y_in, z_in, x_out, y_out, z_out;
	NISTP224_PRE_COMP *pre = NULL;
	const felem(*g_pre_comp)[16][3] = NULL;
	EC_POINT *generator = NULL;
	const EC_POINT *p = NULL;
	const BIGNUM *p_scalar = NULL;

	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((x = BN_CTX_get(ctx)) == NULL) ||
	    ((y = BN_CTX_get(ctx)) == NULL) ||
	    ((z = BN_CTX_get(ctx)) == NULL) ||
	    ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
		goto err;

	if (scalar != NULL) {
		pre = EC_EX_DATA_get_data(group->extra_data,
		    nistp224_pre_comp_dup, nistp224_pre_comp_free,
		    nistp224_pre_comp_clear_free);
		if (pre)
			/* we have precomputation, try to use it */
			g_pre_comp = (const felem(*)[16][3]) pre->g_pre_comp;
		else
			/* try to use the standard precomputation */
			g_pre_comp = &gmul[0];
		generator = EC_POINT_new(group);
		if (generator == NULL)
			goto err;
		/* get the generator from precomputation */
		if (!felem_to_BN(x, g_pre_comp[0][1][0]) ||
		    !felem_to_BN(y, g_pre_comp[0][1][1]) ||
		    !felem_to_BN(z, g_pre_comp[0][1][2])) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
		if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
			generator, x, y, z, ctx))
			goto err;
		if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
			/* precomputation matches generator */
			have_pre_comp = 1;
		else
			/*
			 * we don't have valid precomputation: treat the
			 * generator as a random point
			 */
			num_points = num_points + 1;
	}
	if (num_points > 0) {
		if (num_points >= 3) {
			/*
			 * unless we precompute multiples for just one or two
			 * points, converting those into affine form is time
			 * well spent
			 */
			mixed = 1;
		}
		secrets = calloc(num_points, sizeof(felem_bytearray));
		pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
		if (mixed) {
			/* XXX should do more int overflow checking */
			tmp_felems = reallocarray(NULL,
			    (num_points * 17 + 1), sizeof(felem));
		}
		if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/*
		 * we treat NULL scalars as 0, and NULL points as points at
		 * infinity, i.e., they contribute nothing to the linear
		 * combination
		 */
		for (i = 0; i < num_points; ++i) {
			if (i == num)
				/* the generator */
			{
				p = EC_GROUP_get0_generator(group);
				p_scalar = scalar;
			} else
				/* the i^th point */
			{
				p = points[i];
				p_scalar = scalars[i];
			}
			if ((p_scalar != NULL) && (p != NULL)) {
				/* reduce scalar to 0 <= scalar < 2^224 */
				if ((BN_num_bits(p_scalar) > 224) || (BN_is_negative(p_scalar))) {
					/*
					 * this is an unusual input, and we
					 * don't guarantee constant-timeness
					 */
					if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
						ECerror(ERR_R_BN_LIB);
						goto err;
					}
					num_bytes = BN_bn2bin(tmp_scalar, tmp);
				} else
					num_bytes = BN_bn2bin(p_scalar, tmp);
				flip_endian(secrets[i], tmp, num_bytes);
				/* precompute multiples */
				if ((!BN_to_felem(x_out, &p->X)) ||
				    (!BN_to_felem(y_out, &p->Y)) ||
				    (!BN_to_felem(z_out, &p->Z)))
					goto err;
				felem_assign(pre_comp[i][1][0], x_out);
				felem_assign(pre_comp[i][1][1], y_out);
				felem_assign(pre_comp[i][1][2], z_out);
				for (j = 2; j <= 16; ++j) {
					if (j & 1) {
						point_add(
						    pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2],
						    pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2],
						    0, pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], pre_comp[i][j - 1][2]);
					} else {
						point_double(
						    pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2],
						    pre_comp[i][j / 2][0], pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]);
					}
				}
			}
		}
		if (mixed)
			make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
	}
	/* the scalar for the generator */
	if ((scalar != NULL) && (have_pre_comp)) {
		memset(g_secret, 0, sizeof g_secret);
		/* reduce scalar to 0 <= scalar < 2^224 */
		if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
			/*
			 * this is an unusual input, and we don't guarantee
			 * constant-timeness
			 */
			if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
				ECerror(ERR_R_BN_LIB);
				goto err;
			}
			num_bytes = BN_bn2bin(tmp_scalar, tmp);
		} else
			num_bytes = BN_bn2bin(scalar, tmp);
		flip_endian(g_secret, tmp, num_bytes);
		/* do the multiplication with generator precomputation */
		batch_mul(x_out, y_out, z_out,
		    (const felem_bytearray(*)) secrets, num_points,
		    g_secret,
		    mixed, (const felem(*)[17][3]) pre_comp,
		    g_pre_comp);
	} else
		/* do the multiplication without generator precomputation */
		batch_mul(x_out, y_out, z_out,
		    (const felem_bytearray(*)) secrets, num_points,
		    NULL, mixed, (const felem(*)[17][3]) pre_comp, NULL);
	/* reduce the output to its unique minimal representation */
	felem_contract(x_in, x_out);
	felem_contract(y_in, y_out);
	felem_contract(z_in, z_out);
	if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
	    (!felem_to_BN(z, z_in))) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);

err:
	BN_CTX_end(ctx);
	EC_POINT_free(generator);
	BN_CTX_free(new_ctx);
	free(secrets);
	free(pre_comp);
	free(tmp_felems);
	return ret;
}

int 
ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
{
	int ret = 0;
	NISTP224_PRE_COMP *pre = NULL;
	int i, j;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y;
	EC_POINT *generator = NULL;
	felem tmp_felems[32];

	/* throw away old precomputation */
	EC_EX_DATA_free_data(&group->extra_data, nistp224_pre_comp_dup,
	    nistp224_pre_comp_free, nistp224_pre_comp_clear_free);
	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((x = BN_CTX_get(ctx)) == NULL) ||
	    ((y = BN_CTX_get(ctx)) == NULL))
		goto err;
	/* get the generator */
	if (group->generator == NULL)
		goto err;
	generator = EC_POINT_new(group);
	if (generator == NULL)
		goto err;
	BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x);
	BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y);
	if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
		goto err;
	if ((pre = nistp224_pre_comp_new()) == NULL)
		goto err;
	/* if the generator is the standard one, use built-in precomputation */
	if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
		memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
		ret = 1;
		goto err;
	}
	if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) ||
	    (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) ||
	    (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z)))
		goto err;
	/*
	 * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G,
	 * 2^84*G, 2^140*G, 2^196*G for the second one
	 */
	for (i = 1; i <= 8; i <<= 1) {
		point_double(
		    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2],
		    pre->g_pre_comp[0][i][0], pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]);
		for (j = 0; j < 27; ++j) {
			point_double(
			    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2],
			    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
		}
		if (i == 8)
			break;
		point_double(
		    pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2],
		    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
		for (j = 0; j < 27; ++j) {
			point_double(
			    pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2],
			    pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2]);
		}
	}
	for (i = 0; i < 2; i++) {
		/* g_pre_comp[i][0] is the point at infinity */
		memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
		/* the remaining multiples */
		/* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */
		point_add(
		    pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
		    pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
		    pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
		    0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
		    pre->g_pre_comp[i][2][2]);
		/* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */
		point_add(
		    pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
		    pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
		    pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
		    0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
		    pre->g_pre_comp[i][2][2]);
		/* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */
		point_add(
		    pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
		    pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
		    pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
		    0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
		    pre->g_pre_comp[i][4][2]);
		/*
		 * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G +
		 * 2^196*G
		 */
		point_add(
		    pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
		    pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
		    pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
		    0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
		    pre->g_pre_comp[i][2][2]);
		for (j = 1; j < 8; ++j) {
			/* odd multiples: add G resp. 2^28*G */
			point_add(
			    pre->g_pre_comp[i][2 * j + 1][0], pre->g_pre_comp[i][2 * j + 1][1],
			    pre->g_pre_comp[i][2 * j + 1][2], pre->g_pre_comp[i][2 * j][0],
			    pre->g_pre_comp[i][2 * j][1], pre->g_pre_comp[i][2 * j][2],
			    0, pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1],
			    pre->g_pre_comp[i][1][2]);
		}
	}
	make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);

	if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup,
		nistp224_pre_comp_free, nistp224_pre_comp_clear_free))
		goto err;
	ret = 1;
	pre = NULL;
err:
	BN_CTX_end(ctx);
	EC_POINT_free(generator);
	BN_CTX_free(new_ctx);
	nistp224_pre_comp_free(pre);
	return ret;
}

int 
ec_GFp_nistp224_have_precompute_mult(const EC_GROUP * group)
{
	if (EC_EX_DATA_get_data(group->extra_data, nistp224_pre_comp_dup,
		nistp224_pre_comp_free, nistp224_pre_comp_clear_free)
	    != NULL)
		return 1;
	else
		return 0;
}

#endif
Added jni/libressl/crypto/ec/ecp_nistp256.c.






















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
/* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Adam Langley (Google) for the OpenSSL project
 */
/*
 * Copyright (c) 2011 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication
 *
 * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
 * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
 * work which got its smarts from Daniel J. Bernstein's work on the same.
 */

#include <stdint.h>
#include <string.h>

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128

#include <openssl/err.h>
#include "ec_lcl.h"

#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
  /* even with gcc, the typedef won't work for 32-bit platforms */
  typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit platforms */
  typedef __int128_t int128_t;
#else
  #error "Need GCC 3.1 or later to define type uint128_t"
#endif

typedef uint8_t u8;
typedef uint32_t u32;
typedef uint64_t u64;
typedef int64_t s64;

/* The underlying field.
 *
 * P256 operates over GF(2^256-2^224+2^192+2^96-1). We can serialise an element
 * of this field into 32 bytes. We call this an felem_bytearray. */

typedef u8 felem_bytearray[32];

/* These are the parameters of P256, taken from FIPS 186-3, page 86. These
 * values are big-endian. */
static const felem_bytearray nistp256_curve_params[5] = {
	{0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,       /* p */
	 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
	{0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,       /* a = -3 */
	 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc},      /* b */
	{0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
	 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
	 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
	 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b},
	{0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,       /* x */
	 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
	 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
	 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96},
	{0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,       /* y */
	 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
	 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
	 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5}
};

/* The representation of field elements.
 * ------------------------------------
 *
 * We represent field elements with either four 128-bit values, eight 128-bit
 * values, or four 64-bit values. The field element represented is:
 *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192  (mod p)
 * or:
 *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512  (mod p)
 *
 * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits
 * apart, but are 128-bits wide, the most significant bits of each limb overlap
 * with the least significant bits of the next.
 *
 * A field element with four limbs is an 'felem'. One with eight limbs is a
 * 'longfelem'
 *
 * A field element with four, 64-bit values is called a 'smallfelem'. Small
 * values are used as intermediate values before multiplication.
 */

#define NLIMBS 4

typedef uint128_t limb;
typedef limb felem[NLIMBS];
typedef limb longfelem[NLIMBS * 2];
typedef u64 smallfelem[NLIMBS];

/* This is the value of the prime as four 64-bit words, little-endian. */
static const u64 kPrime[4] = {0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul};
static const limb bottom32bits = 0xffffffff;
static const u64 bottom63bits = 0x7ffffffffffffffful;

/* bin32_to_felem takes a little-endian byte array and converts it into felem
 * form. This assumes that the CPU is little-endian. */
static void 
bin32_to_felem(felem out, const u8 in[32])
{
	out[0] = *((u64 *) & in[0]);
	out[1] = *((u64 *) & in[8]);
	out[2] = *((u64 *) & in[16]);
	out[3] = *((u64 *) & in[24]);
}

/* smallfelem_to_bin32 takes a smallfelem and serialises into a little endian,
 * 32 byte array. This assumes that the CPU is little-endian. */
static void 
smallfelem_to_bin32(u8 out[32], const smallfelem in)
{
	*((u64 *) & out[0]) = in[0];
	*((u64 *) & out[8]) = in[1];
	*((u64 *) & out[16]) = in[2];
	*((u64 *) & out[24]) = in[3];
}

/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
static void 
flip_endian(u8 * out, const u8 * in, unsigned len)
{
	unsigned i;
	for (i = 0; i < len; ++i)
		out[i] = in[len - 1 - i];
}

/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
static int 
BN_to_felem(felem out, const BIGNUM * bn)
{
	felem_bytearray b_in;
	felem_bytearray b_out;
	unsigned num_bytes;

	/* BN_bn2bin eats leading zeroes */
	memset(b_out, 0, sizeof b_out);
	num_bytes = BN_num_bytes(bn);
	if (num_bytes > sizeof b_out) {
		ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
		return 0;
	}
	if (BN_is_negative(bn)) {
		ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
		return 0;
	}
	num_bytes = BN_bn2bin(bn, b_in);
	flip_endian(b_out, b_in, num_bytes);
	bin32_to_felem(out, b_out);
	return 1;
}

/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
static BIGNUM *
smallfelem_to_BN(BIGNUM * out, const smallfelem in)
{
	felem_bytearray b_in, b_out;
	smallfelem_to_bin32(b_in, in);
	flip_endian(b_out, b_in, sizeof b_out);
	return BN_bin2bn(b_out, sizeof b_out, out);
}


/* Field operations
 * ---------------- */

static void 
smallfelem_one(smallfelem out)
{
	out[0] = 1;
	out[1] = 0;
	out[2] = 0;
	out[3] = 0;
}

static void 
smallfelem_assign(smallfelem out, const smallfelem in)
{
	out[0] = in[0];
	out[1] = in[1];
	out[2] = in[2];
	out[3] = in[3];
}

static void 
felem_assign(felem out, const felem in)
{
	out[0] = in[0];
	out[1] = in[1];
	out[2] = in[2];
	out[3] = in[3];
}

/* felem_sum sets out = out + in. */
static void 
felem_sum(felem out, const felem in)
{
	out[0] += in[0];
	out[1] += in[1];
	out[2] += in[2];
	out[3] += in[3];
}

/* felem_small_sum sets out = out + in. */
static void 
felem_small_sum(felem out, const smallfelem in)
{
	out[0] += in[0];
	out[1] += in[1];
	out[2] += in[2];
	out[3] += in[3];
}

/* felem_scalar sets out = out * scalar */
static void 
felem_scalar(felem out, const u64 scalar)
{
	out[0] *= scalar;
	out[1] *= scalar;
	out[2] *= scalar;
	out[3] *= scalar;
}

/* longfelem_scalar sets out = out * scalar */
static void 
longfelem_scalar(longfelem out, const u64 scalar)
{
	out[0] *= scalar;
	out[1] *= scalar;
	out[2] *= scalar;
	out[3] *= scalar;
	out[4] *= scalar;
	out[5] *= scalar;
	out[6] *= scalar;
	out[7] *= scalar;
}

#define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9)
#define two105 (((limb)1) << 105)
#define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9)

/* zero105 is 0 mod p */
static const felem zero105 = {two105m41m9, two105, two105m41p9, two105m41p9};

/* smallfelem_neg sets |out| to |-small|
 * On exit:
 *   out[i] < out[i] + 2^105
 */
static void 
smallfelem_neg(felem out, const smallfelem small)
{
	/* In order to prevent underflow, we subtract from 0 mod p. */
	out[0] = zero105[0] - small[0];
	out[1] = zero105[1] - small[1];
	out[2] = zero105[2] - small[2];
	out[3] = zero105[3] - small[3];
}

/* felem_diff subtracts |in| from |out|
 * On entry:
 *   in[i] < 2^104
 * On exit:
 *   out[i] < out[i] + 2^105
 */
static void 
felem_diff(felem out, const felem in)
{
	/* In order to prevent underflow, we add 0 mod p before subtracting. */
	out[0] += zero105[0];
	out[1] += zero105[1];
	out[2] += zero105[2];
	out[3] += zero105[3];

	out[0] -= in[0];
	out[1] -= in[1];
	out[2] -= in[2];
	out[3] -= in[3];
}

#define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11)
#define two107 (((limb)1) << 107)
#define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11)

/* zero107 is 0 mod p */
static const felem zero107 = {two107m43m11, two107, two107m43p11, two107m43p11};

/* An alternative felem_diff for larger inputs |in|
 * felem_diff_zero107 subtracts |in| from |out|
 * On entry:
 *   in[i] < 2^106
 * On exit:
 *   out[i] < out[i] + 2^107
 */
static void 
felem_diff_zero107(felem out, const felem in)
{
	/* In order to prevent underflow, we add 0 mod p before subtracting. */
	out[0] += zero107[0];
	out[1] += zero107[1];
	out[2] += zero107[2];
	out[3] += zero107[3];

	out[0] -= in[0];
	out[1] -= in[1];
	out[2] -= in[2];
	out[3] -= in[3];
}

/* longfelem_diff subtracts |in| from |out|
 * On entry:
 *   in[i] < 7*2^67
 * On exit:
 *   out[i] < out[i] + 2^70 + 2^40
 */
static void 
longfelem_diff(longfelem out, const longfelem in)
{
	static const limb two70m8p6 = (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6);
	static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40);
	static const limb two70 = (((limb) 1) << 70);
	static const limb two70m40m38p6 = (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) + (((limb) 1) << 6);
	static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6);

	/* add 0 mod p to avoid underflow */
	out[0] += two70m8p6;
	out[1] += two70p40;
	out[2] += two70;
	out[3] += two70m40m38p6;
	out[4] += two70m6;
	out[5] += two70m6;
	out[6] += two70m6;
	out[7] += two70m6;

	/* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */
	out[0] -= in[0];
	out[1] -= in[1];
	out[2] -= in[2];
	out[3] -= in[3];
	out[4] -= in[4];
	out[5] -= in[5];
	out[6] -= in[6];
	out[7] -= in[7];
}

#define two64m0 (((limb)1) << 64) - 1
#define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1
#define two64m46 (((limb)1) << 64) - (((limb)1) << 46)
#define two64m32 (((limb)1) << 64) - (((limb)1) << 32)

/* zero110 is 0 mod p */
static const felem zero110 = {two64m0, two110p32m0, two64m46, two64m32};

/* felem_shrink converts an felem into a smallfelem. The result isn't quite
 * minimal as the value may be greater than p.
 *
 * On entry:
 *   in[i] < 2^109
 * On exit:
 *   out[i] < 2^64
 */
static void 
felem_shrink(smallfelem out, const felem in)
{
	felem tmp;
	u64 a, b, mask;
	s64 high, low;
	static const u64 kPrime3Test = 0x7fffffff00000001ul;	/* 2^63 - 2^32 + 1 */

	/* Carry 2->3 */
	tmp[3] = zero110[3] + in[3] + ((u64) (in[2] >> 64));
	/* tmp[3] < 2^110 */

	tmp[2] = zero110[2] + (u64) in[2];
	tmp[0] = zero110[0] + in[0];
	tmp[1] = zero110[1] + in[1];
	/* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */

	/*
	 * We perform two partial reductions where we eliminate the high-word
	 * of tmp[3]. We don't update the other words till the end.
	 */
	a = tmp[3] >> 64;	/* a < 2^46 */
	tmp[3] = (u64) tmp[3];
	tmp[3] -= a;
	tmp[3] += ((limb) a) << 32;
	/* tmp[3] < 2^79 */

	b = a;
	a = tmp[3] >> 64;	/* a < 2^15 */
	b += a;			/* b < 2^46 + 2^15 < 2^47 */
	tmp[3] = (u64) tmp[3];
	tmp[3] -= a;
	tmp[3] += ((limb) a) << 32;
	/* tmp[3] < 2^64 + 2^47 */

	/*
	 * This adjusts the other two words to complete the two partial
	 * reductions.
	 */
	tmp[0] += b;
	tmp[1] -= (((limb) b) << 32);

	/*
	 * In order to make space in tmp[3] for the carry from 2 -> 3, we
	 * conditionally subtract kPrime if tmp[3] is large enough.
	 */
	high = tmp[3] >> 64;
	/* As tmp[3] < 2^65, high is either 1 or 0 */
	high <<= 63;
	high >>= 63;
	/*
	 * high is: all ones   if the high word of tmp[3] is 1 all zeros  if
	 * the high word of tmp[3] if 0
	 */
	low = tmp[3];
	mask = low >> 63;
	/*
	 * mask is: all ones   if the MSB of low is 1 all zeros  if the MSB
	 * of low if 0
	 */
	low &= bottom63bits;
	low -= kPrime3Test;
	/* if low was greater than kPrime3Test then the MSB is zero */
	low = ~low;
	low >>= 63;
	/*
	 * low is: all ones   if low was > kPrime3Test all zeros  if low was
	 * <= kPrime3Test
	 */
	mask = (mask & low) | high;
	tmp[0] -= mask & kPrime[0];
	tmp[1] -= mask & kPrime[1];
	/* kPrime[2] is zero, so omitted */
	tmp[3] -= mask & kPrime[3];
	/* tmp[3] < 2**64 - 2**32 + 1 */

	tmp[1] += ((u64) (tmp[0] >> 64));
	tmp[0] = (u64) tmp[0];
	tmp[2] += ((u64) (tmp[1] >> 64));
	tmp[1] = (u64) tmp[1];
	tmp[3] += ((u64) (tmp[2] >> 64));
	tmp[2] = (u64) tmp[2];
	/* tmp[i] < 2^64 */

	out[0] = tmp[0];
	out[1] = tmp[1];
	out[2] = tmp[2];
	out[3] = tmp[3];
}

/* smallfelem_expand converts a smallfelem to an felem */
static void 
smallfelem_expand(felem out, const smallfelem in)
{
	out[0] = in[0];
	out[1] = in[1];
	out[2] = in[2];
	out[3] = in[3];
}

/* smallfelem_square sets |out| = |small|^2
 * On entry:
 *   small[i] < 2^64
 * On exit:
 *   out[i] < 7 * 2^64 < 2^67
 */
static void 
smallfelem_square(longfelem out, const smallfelem small)
{
	limb a;
	u64 high, low;

	a = ((uint128_t) small[0]) * small[0];
	low = a;
	high = a >> 64;
	out[0] = low;
	out[1] = high;

	a = ((uint128_t) small[0]) * small[1];
	low = a;
	high = a >> 64;
	out[1] += low;
	out[1] += low;
	out[2] = high;

	a = ((uint128_t) small[0]) * small[2];
	low = a;
	high = a >> 64;
	out[2] += low;
	out[2] *= 2;
	out[3] = high;

	a = ((uint128_t) small[0]) * small[3];
	low = a;
	high = a >> 64;
	out[3] += low;
	out[4] = high;

	a = ((uint128_t) small[1]) * small[2];
	low = a;
	high = a >> 64;
	out[3] += low;
	out[3] *= 2;
	out[4] += high;

	a = ((uint128_t) small[1]) * small[1];
	low = a;
	high = a >> 64;
	out[2] += low;
	out[3] += high;

	a = ((uint128_t) small[1]) * small[3];
	low = a;
	high = a >> 64;
	out[4] += low;
	out[4] *= 2;
	out[5] = high;

	a = ((uint128_t) small[2]) * small[3];
	low = a;
	high = a >> 64;
	out[5] += low;
	out[5] *= 2;
	out[6] = high;
	out[6] += high;

	a = ((uint128_t) small[2]) * small[2];
	low = a;
	high = a >> 64;
	out[4] += low;
	out[5] += high;

	a = ((uint128_t) small[3]) * small[3];
	low = a;
	high = a >> 64;
	out[6] += low;
	out[7] = high;
}

/* felem_square sets |out| = |in|^2
 * On entry:
 *   in[i] < 2^109
 * On exit:
 *   out[i] < 7 * 2^64 < 2^67
 */
static void 
felem_square(longfelem out, const felem in)
{
	u64 small[4];
	felem_shrink(small, in);
	smallfelem_square(out, small);
}

/* smallfelem_mul sets |out| = |small1| * |small2|
 * On entry:
 *   small1[i] < 2^64
 *   small2[i] < 2^64
 * On exit:
 *   out[i] < 7 * 2^64 < 2^67
 */
static void 
smallfelem_mul(longfelem out, const smallfelem small1, const smallfelem small2)
{
	limb a;
	u64 high, low;

	a = ((uint128_t) small1[0]) * small2[0];
	low = a;
	high = a >> 64;
	out[0] = low;
	out[1] = high;


	a = ((uint128_t) small1[0]) * small2[1];
	low = a;
	high = a >> 64;
	out[1] += low;
	out[2] = high;

	a = ((uint128_t) small1[1]) * small2[0];
	low = a;
	high = a >> 64;
	out[1] += low;
	out[2] += high;


	a = ((uint128_t) small1[0]) * small2[2];
	low = a;
	high = a >> 64;
	out[2] += low;
	out[3] = high;

	a = ((uint128_t) small1[1]) * small2[1];
	low = a;
	high = a >> 64;
	out[2] += low;
	out[3] += high;

	a = ((uint128_t) small1[2]) * small2[0];
	low = a;
	high = a >> 64;
	out[2] += low;
	out[3] += high;


	a = ((uint128_t) small1[0]) * small2[3];
	low = a;
	high = a >> 64;
	out[3] += low;
	out[4] = high;

	a = ((uint128_t) small1[1]) * small2[2];
	low = a;
	high = a >> 64;
	out[3] += low;
	out[4] += high;

	a = ((uint128_t) small1[2]) * small2[1];
	low = a;
	high = a >> 64;
	out[3] += low;
	out[4] += high;

	a = ((uint128_t) small1[3]) * small2[0];
	low = a;
	high = a >> 64;
	out[3] += low;
	out[4] += high;


	a = ((uint128_t) small1[1]) * small2[3];
	low = a;
	high = a >> 64;
	out[4] += low;
	out[5] = high;

	a = ((uint128_t) small1[2]) * small2[2];
	low = a;
	high = a >> 64;
	out[4] += low;
	out[5] += high;

	a = ((uint128_t) small1[3]) * small2[1];
	low = a;
	high = a >> 64;
	out[4] += low;
	out[5] += high;


	a = ((uint128_t) small1[2]) * small2[3];
	low = a;
	high = a >> 64;
	out[5] += low;
	out[6] = high;

	a = ((uint128_t) small1[3]) * small2[2];
	low = a;
	high = a >> 64;
	out[5] += low;
	out[6] += high;


	a = ((uint128_t) small1[3]) * small2[3];
	low = a;
	high = a >> 64;
	out[6] += low;
	out[7] = high;
}

/* felem_mul sets |out| = |in1| * |in2|
 * On entry:
 *   in1[i] < 2^109
 *   in2[i] < 2^109
 * On exit:
 *   out[i] < 7 * 2^64 < 2^67
 */
static void 
felem_mul(longfelem out, const felem in1, const felem in2)
{
	smallfelem small1, small2;
	felem_shrink(small1, in1);
	felem_shrink(small2, in2);
	smallfelem_mul(out, small1, small2);
}

/* felem_small_mul sets |out| = |small1| * |in2|
 * On entry:
 *   small1[i] < 2^64
 *   in2[i] < 2^109
 * On exit:
 *   out[i] < 7 * 2^64 < 2^67
 */
static void 
felem_small_mul(longfelem out, const smallfelem small1, const felem in2)
{
	smallfelem small2;
	felem_shrink(small2, in2);
	smallfelem_mul(out, small1, small2);
}

#define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4)
#define two100 (((limb)1) << 100)
#define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4)
/* zero100 is 0 mod p */
static const felem zero100 = {two100m36m4, two100, two100m36p4, two100m36p4};

/* Internal function for the different flavours of felem_reduce.
 * felem_reduce_ reduces the higher coefficients in[4]-in[7].
 * On entry:
 *   out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7]
 *   out[1] >= in[7] + 2^32*in[4]
 *   out[2] >= in[5] + 2^32*in[5]
 *   out[3] >= in[4] + 2^32*in[5] + 2^32*in[6]
 * On exit:
 *   out[0] <= out[0] + in[4] + 2^32*in[5]
 *   out[1] <= out[1] + in[5] + 2^33*in[6]
 *   out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7]
 *   out[3] <= out[3] + 2^32*in[4] + 3*in[7]
 */
static void 
felem_reduce_(felem out, const longfelem in)
{
	int128_t c;
	/* combine common terms from below */
	c = in[4] + (in[5] << 32);
	out[0] += c;
	out[3] -= c;

	c = in[5] - in[7];
	out[1] += c;
	out[2] -= c;

	/* the remaining terms */
	/* 256: [(0,1),(96,-1),(192,-1),(224,1)] */
	out[1] -= (in[4] << 32);
	out[3] += (in[4] << 32);

	/* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */
	out[2] -= (in[5] << 32);

	/* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */
	out[0] -= in[6];
	out[0] -= (in[6] << 32);
	out[1] += (in[6] << 33);
	out[2] += (in[6] * 2);
	out[3] -= (in[6] << 32);

	/* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */
	out[0] -= in[7];
	out[0] -= (in[7] << 32);
	out[2] += (in[7] << 33);
	out[3] += (in[7] * 3);
}

/* felem_reduce converts a longfelem into an felem.
 * To be called directly after felem_square or felem_mul.
 * On entry:
 *   in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64
 *   in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64
 * On exit:
 *   out[i] < 2^101
 */
static void 
felem_reduce(felem out, const longfelem in)
{
	out[0] = zero100[0] + in[0];
	out[1] = zero100[1] + in[1];
	out[2] = zero100[2] + in[2];
	out[3] = zero100[3] + in[3];

	felem_reduce_(out, in);

	/*
	 * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
	 * out[1] > 2^100 - 2^64 - 7*2^96 > 0 out[2] > 2^100 - 2^36 + 2^4 -
	 * 5*2^64 - 5*2^96 > 0 out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96
	 * - 3*2^96 > 0
	 * 
	 * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 out[1] < 2^100 +
	 * 3*2^64 + 5*2^64 + 3*2^97 < 2^101 out[2] < 2^100 + 5*2^64 + 2^64 +
	 * 3*2^65 + 2^97 < 2^101 out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 <
	 * 2^101
	 */
}

/* felem_reduce_zero105 converts a larger longfelem into an felem.
 * On entry:
 *   in[0] < 2^71
 * On exit:
 *   out[i] < 2^106
 */
static void 
felem_reduce_zero105(felem out, const longfelem in)
{
	out[0] = zero105[0] + in[0];
	out[1] = zero105[1] + in[1];
	out[2] = zero105[2] + in[2];
	out[3] = zero105[3] + in[3];

	felem_reduce_(out, in);

	/*
	 * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
	 * out[1] > 2^105 - 2^71 - 2^103 > 0 out[2] > 2^105 - 2^41 + 2^9 -
	 * 2^71 - 2^103 > 0 out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 -
	 * 2^103 > 0
	 * 
	 * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 out[1] < 2^105 + 2^71 +
	 * 2^71 + 2^103 < 2^106 out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 <
	 * 2^106 out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
	 */
}

/* subtract_u64 sets *result = *result - v and *carry to one if the subtraction
 * underflowed. */
static void 
subtract_u64(u64 * result, u64 * carry, u64 v)
{
	uint128_t r = *result;
	r -= v;
	*carry = (r >> 64) & 1;
	*result = (u64) r;
}

/* felem_contract converts |in| to its unique, minimal representation.
 * On entry:
 *   in[i] < 2^109
 */
static void 
felem_contract(smallfelem out, const felem in)
{
	unsigned i;
	u64 all_equal_so_far = 0, result = 0, carry;

	felem_shrink(out, in);
	/* small is minimal except that the value might be > p */

	all_equal_so_far--;
	/*
	 * We are doing a constant time test if out >= kPrime. We need to
	 * compare each u64, from most-significant to least significant. For
	 * each one, if all words so far have been equal (m is all ones) then
	 * a non-equal result is the answer. Otherwise we continue.
	 */
	for (i = 3; i < 4; i--) {
		u64 equal;
		uint128_t a = ((uint128_t) kPrime[i]) - out[i];
		/*
		 * if out[i] > kPrime[i] then a will underflow and the high
		 * 64-bits will all be set.
		 */
		result |= all_equal_so_far & ((u64) (a >> 64));

		/*
		 * if kPrime[i] == out[i] then |equal| will be all zeros and
		 * the decrement will make it all ones.
		 */
		equal = kPrime[i] ^ out[i];
		equal--;
		equal &= equal << 32;
		equal &= equal << 16;
		equal &= equal << 8;
		equal &= equal << 4;
		equal &= equal << 2;
		equal &= equal << 1;
		equal = ((s64) equal) >> 63;

		all_equal_so_far &= equal;
	}

	/*
	 * if all_equal_so_far is still all ones then the two values are
	 * equal and so out >= kPrime is true.
	 */
	result |= all_equal_so_far;

	/* if out >= kPrime then we subtract kPrime. */
	subtract_u64(&out[0], &carry, result & kPrime[0]);
	subtract_u64(&out[1], &carry, carry);
	subtract_u64(&out[2], &carry, carry);
	subtract_u64(&out[3], &carry, carry);

	subtract_u64(&out[1], &carry, result & kPrime[1]);
	subtract_u64(&out[2], &carry, carry);
	subtract_u64(&out[3], &carry, carry);

	subtract_u64(&out[2], &carry, result & kPrime[2]);
	subtract_u64(&out[3], &carry, carry);

	subtract_u64(&out[3], &carry, result & kPrime[3]);
}

static void 
smallfelem_square_contract(smallfelem out, const smallfelem in)
{
	longfelem longtmp;
	felem tmp;

	smallfelem_square(longtmp, in);
	felem_reduce(tmp, longtmp);
	felem_contract(out, tmp);
}

static void 
smallfelem_mul_contract(smallfelem out, const smallfelem in1, const smallfelem in2)
{
	longfelem longtmp;
	felem tmp;

	smallfelem_mul(longtmp, in1, in2);
	felem_reduce(tmp, longtmp);
	felem_contract(out, tmp);
}

/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
 * otherwise.
 * On entry:
 *   small[i] < 2^64
 */
static limb 
smallfelem_is_zero(const smallfelem small)
{
	limb result;
	u64 is_p;

	u64 is_zero = small[0] | small[1] | small[2] | small[3];
	is_zero--;
	is_zero &= is_zero << 32;
	is_zero &= is_zero << 16;
	is_zero &= is_zero << 8;
	is_zero &= is_zero << 4;
	is_zero &= is_zero << 2;
	is_zero &= is_zero << 1;
	is_zero = ((s64) is_zero) >> 63;

	is_p = (small[0] ^ kPrime[0]) |
	    (small[1] ^ kPrime[1]) |
	    (small[2] ^ kPrime[2]) |
	    (small[3] ^ kPrime[3]);
	is_p--;
	is_p &= is_p << 32;
	is_p &= is_p << 16;
	is_p &= is_p << 8;
	is_p &= is_p << 4;
	is_p &= is_p << 2;
	is_p &= is_p << 1;
	is_p = ((s64) is_p) >> 63;

	is_zero |= is_p;

	result = is_zero;
	result |= ((limb) is_zero) << 64;
	return result;
}

static int 
smallfelem_is_zero_int(const smallfelem small)
{
	return (int) (smallfelem_is_zero(small) & ((limb) 1));
}

/* felem_inv calculates |out| = |in|^{-1}
 *
 * Based on Fermat's Little Theorem:
 *   a^p = a (mod p)
 *   a^{p-1} = 1 (mod p)
 *   a^{p-2} = a^{-1} (mod p)
 */
static void 
felem_inv(felem out, const felem in)
{
	felem ftmp, ftmp2;
	/* each e_I will hold |in|^{2^I - 1} */
	felem e2, e4, e8, e16, e32, e64;
	longfelem tmp;
	unsigned i;

	felem_square(tmp, in);
	felem_reduce(ftmp, tmp);/* 2^1 */
	felem_mul(tmp, in, ftmp);
	felem_reduce(ftmp, tmp);/* 2^2 - 2^0 */
	felem_assign(e2, ftmp);
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^3 - 2^1 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^4 - 2^2 */
	felem_mul(tmp, ftmp, e2);
	felem_reduce(ftmp, tmp);/* 2^4 - 2^0 */
	felem_assign(e4, ftmp);
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^5 - 2^1 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^6 - 2^2 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^7 - 2^3 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^8 - 2^4 */
	felem_mul(tmp, ftmp, e4);
	felem_reduce(ftmp, tmp);/* 2^8 - 2^0 */
	felem_assign(e8, ftmp);
	for (i = 0; i < 8; i++) {
		felem_square(tmp, ftmp);
		felem_reduce(ftmp, tmp);
	}			/* 2^16 - 2^8 */
	felem_mul(tmp, ftmp, e8);
	felem_reduce(ftmp, tmp);/* 2^16 - 2^0 */
	felem_assign(e16, ftmp);
	for (i = 0; i < 16; i++) {
		felem_square(tmp, ftmp);
		felem_reduce(ftmp, tmp);
	}			/* 2^32 - 2^16 */
	felem_mul(tmp, ftmp, e16);
	felem_reduce(ftmp, tmp);/* 2^32 - 2^0 */
	felem_assign(e32, ftmp);
	for (i = 0; i < 32; i++) {
		felem_square(tmp, ftmp);
		felem_reduce(ftmp, tmp);
	}			/* 2^64 - 2^32 */
	felem_assign(e64, ftmp);
	felem_mul(tmp, ftmp, in);
	felem_reduce(ftmp, tmp);/* 2^64 - 2^32 + 2^0 */
	for (i = 0; i < 192; i++) {
		felem_square(tmp, ftmp);
		felem_reduce(ftmp, tmp);
	}			/* 2^256 - 2^224 + 2^192 */

	felem_mul(tmp, e64, e32);
	felem_reduce(ftmp2, tmp);	/* 2^64 - 2^0 */
	for (i = 0; i < 16; i++) {
		felem_square(tmp, ftmp2);
		felem_reduce(ftmp2, tmp);
	}			/* 2^80 - 2^16 */
	felem_mul(tmp, ftmp2, e16);
	felem_reduce(ftmp2, tmp);	/* 2^80 - 2^0 */
	for (i = 0; i < 8; i++) {
		felem_square(tmp, ftmp2);
		felem_reduce(ftmp2, tmp);
	}			/* 2^88 - 2^8 */
	felem_mul(tmp, ftmp2, e8);
	felem_reduce(ftmp2, tmp);	/* 2^88 - 2^0 */
	for (i = 0; i < 4; i++) {
		felem_square(tmp, ftmp2);
		felem_reduce(ftmp2, tmp);
	}			/* 2^92 - 2^4 */
	felem_mul(tmp, ftmp2, e4);
	felem_reduce(ftmp2, tmp);	/* 2^92 - 2^0 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^93 - 2^1 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^94 - 2^2 */
	felem_mul(tmp, ftmp2, e2);
	felem_reduce(ftmp2, tmp);	/* 2^94 - 2^0 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^95 - 2^1 */
	felem_square(tmp, ftmp2);
	felem_reduce(ftmp2, tmp);	/* 2^96 - 2^2 */
	felem_mul(tmp, ftmp2, in);
	felem_reduce(ftmp2, tmp);	/* 2^96 - 3 */

	felem_mul(tmp, ftmp2, ftmp);
	felem_reduce(out, tmp);	/* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
}

static void 
smallfelem_inv_contract(smallfelem out, const smallfelem in)
{
	felem tmp;

	smallfelem_expand(tmp, in);
	felem_inv(tmp, tmp);
	felem_contract(out, tmp);
}

/* Group operations
 * ----------------
 *
 * Building on top of the field operations we have the operations on the
 * elliptic curve group itself. Points on the curve are represented in Jacobian
 * coordinates */

/* point_double calculates 2*(x_in, y_in, z_in)
 *
 * The method is taken from:
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
 *
 * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
 * while x_out == y_in is not (maybe this works, but it's not tested). */
static void
point_double(felem x_out, felem y_out, felem z_out,
    const felem x_in, const felem y_in, const felem z_in)
{
	longfelem tmp, tmp2;
	felem delta, gamma, beta, alpha, ftmp, ftmp2;
	smallfelem small1, small2;

	felem_assign(ftmp, x_in);
	/* ftmp[i] < 2^106 */
	felem_assign(ftmp2, x_in);
	/* ftmp2[i] < 2^106 */

	/* delta = z^2 */
	felem_square(tmp, z_in);
	felem_reduce(delta, tmp);
	/* delta[i] < 2^101 */

	/* gamma = y^2 */
	felem_square(tmp, y_in);
	felem_reduce(gamma, tmp);
	/* gamma[i] < 2^101 */
	felem_shrink(small1, gamma);

	/* beta = x*gamma */
	felem_small_mul(tmp, small1, x_in);
	felem_reduce(beta, tmp);
	/* beta[i] < 2^101 */

	/* alpha = 3*(x-delta)*(x+delta) */
	felem_diff(ftmp, delta);
	/* ftmp[i] < 2^105 + 2^106 < 2^107 */
	felem_sum(ftmp2, delta);
	/* ftmp2[i] < 2^105 + 2^106 < 2^107 */
	felem_scalar(ftmp2, 3);
	/* ftmp2[i] < 3 * 2^107 < 2^109 */
	felem_mul(tmp, ftmp, ftmp2);
	felem_reduce(alpha, tmp);
	/* alpha[i] < 2^101 */
	felem_shrink(small2, alpha);

	/* x' = alpha^2 - 8*beta */
	smallfelem_square(tmp, small2);
	felem_reduce(x_out, tmp);
	felem_assign(ftmp, beta);
	felem_scalar(ftmp, 8);
	/* ftmp[i] < 8 * 2^101 = 2^104 */
	felem_diff(x_out, ftmp);
	/* x_out[i] < 2^105 + 2^101 < 2^106 */

	/* z' = (y + z)^2 - gamma - delta */
	felem_sum(delta, gamma);
	/* delta[i] < 2^101 + 2^101 = 2^102 */
	felem_assign(ftmp, y_in);
	felem_sum(ftmp, z_in);
	/* ftmp[i] < 2^106 + 2^106 = 2^107 */
	felem_square(tmp, ftmp);
	felem_reduce(z_out, tmp);
	felem_diff(z_out, delta);
	/* z_out[i] < 2^105 + 2^101 < 2^106 */

	/* y' = alpha*(4*beta - x') - 8*gamma^2 */
	felem_scalar(beta, 4);
	/* beta[i] < 4 * 2^101 = 2^103 */
	felem_diff_zero107(beta, x_out);
	/* beta[i] < 2^107 + 2^103 < 2^108 */
	felem_small_mul(tmp, small2, beta);
	/* tmp[i] < 7 * 2^64 < 2^67 */
	smallfelem_square(tmp2, small1);
	/* tmp2[i] < 7 * 2^64 */
	longfelem_scalar(tmp2, 8);
	/* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */
	longfelem_diff(tmp, tmp2);
	/* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
	felem_reduce_zero105(y_out, tmp);
	/* y_out[i] < 2^106 */
}

/* point_double_small is the same as point_double, except that it operates on
 * smallfelems */
static void
point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out,
    const smallfelem x_in, const smallfelem y_in, const smallfelem z_in)
{
	felem felem_x_out, felem_y_out, felem_z_out;
	felem felem_x_in, felem_y_in, felem_z_in;

	smallfelem_expand(felem_x_in, x_in);
	smallfelem_expand(felem_y_in, y_in);
	smallfelem_expand(felem_z_in, z_in);
	point_double(felem_x_out, felem_y_out, felem_z_out,
	    felem_x_in, felem_y_in, felem_z_in);
	felem_shrink(x_out, felem_x_out);
	felem_shrink(y_out, felem_y_out);
	felem_shrink(z_out, felem_z_out);
}

/* copy_conditional copies in to out iff mask is all ones. */
static void
copy_conditional(felem out, const felem in, limb mask)
{
	unsigned i;
	for (i = 0; i < NLIMBS; ++i) {
		const limb tmp = mask & (in[i] ^ out[i]);
		out[i] ^= tmp;
	}
}

/* copy_small_conditional copies in to out iff mask is all ones. */
static void
copy_small_conditional(felem out, const smallfelem in, limb mask)
{
	unsigned i;
	const u64 mask64 = mask;
	for (i = 0; i < NLIMBS; ++i) {
		out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask);
	}
}

/* point_add calcuates (x1, y1, z1) + (x2, y2, z2)
 *
 * The method is taken from:
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
 * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
 *
 * This function includes a branch for checking whether the two input points
 * are equal, (while not equal to the point at infinity). This case never
 * happens during single point multiplication, so there is no timing leak for
 * ECDH or ECDSA signing. */
static void 
point_add(felem x3, felem y3, felem z3,
    const felem x1, const felem y1, const felem z1,
    const int mixed, const smallfelem x2, const smallfelem y2, const smallfelem z2)
{
	felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
	longfelem tmp, tmp2;
	smallfelem small1, small2, small3, small4, small5;
	limb x_equal, y_equal, z1_is_zero, z2_is_zero;

	felem_shrink(small3, z1);

	z1_is_zero = smallfelem_is_zero(small3);
	z2_is_zero = smallfelem_is_zero(z2);

	/* ftmp = z1z1 = z1**2 */
	smallfelem_square(tmp, small3);
	felem_reduce(ftmp, tmp);
	/* ftmp[i] < 2^101 */
	felem_shrink(small1, ftmp);

	if (!mixed) {
		/* ftmp2 = z2z2 = z2**2 */
		smallfelem_square(tmp, z2);
		felem_reduce(ftmp2, tmp);
		/* ftmp2[i] < 2^101 */
		felem_shrink(small2, ftmp2);

		felem_shrink(small5, x1);

		/* u1 = ftmp3 = x1*z2z2 */
		smallfelem_mul(tmp, small5, small2);
		felem_reduce(ftmp3, tmp);
		/* ftmp3[i] < 2^101 */

		/* ftmp5 = z1 + z2 */
		felem_assign(ftmp5, z1);
		felem_small_sum(ftmp5, z2);
		/* ftmp5[i] < 2^107 */

		/* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */
		felem_square(tmp, ftmp5);
		felem_reduce(ftmp5, tmp);
		/* ftmp2 = z2z2 + z1z1 */
		felem_sum(ftmp2, ftmp);
		/* ftmp2[i] < 2^101 + 2^101 = 2^102 */
		felem_diff(ftmp5, ftmp2);
		/* ftmp5[i] < 2^105 + 2^101 < 2^106 */

		/* ftmp2 = z2 * z2z2 */
		smallfelem_mul(tmp, small2, z2);
		felem_reduce(ftmp2, tmp);

		/* s1 = ftmp2 = y1 * z2**3 */
		felem_mul(tmp, y1, ftmp2);
		felem_reduce(ftmp6, tmp);
		/* ftmp6[i] < 2^101 */
	} else {
		/* We'll assume z2 = 1 (special case z2 = 0 is handled later) */

		/* u1 = ftmp3 = x1*z2z2 */
		felem_assign(ftmp3, x1);
		/* ftmp3[i] < 2^106 */

		/* ftmp5 = 2z1z2 */
		felem_assign(ftmp5, z1);
		felem_scalar(ftmp5, 2);
		/* ftmp5[i] < 2*2^106 = 2^107 */

		/* s1 = ftmp2 = y1 * z2**3 */
		felem_assign(ftmp6, y1);
		/* ftmp6[i] < 2^106 */
	}

	/* u2 = x2*z1z1 */
	smallfelem_mul(tmp, x2, small1);
	felem_reduce(ftmp4, tmp);

	/* h = ftmp4 = u2 - u1 */
	felem_diff_zero107(ftmp4, ftmp3);
	/* ftmp4[i] < 2^107 + 2^101 < 2^108 */
	felem_shrink(small4, ftmp4);

	x_equal = smallfelem_is_zero(small4);

	/* z_out = ftmp5 * h */
	felem_small_mul(tmp, small4, ftmp5);
	felem_reduce(z_out, tmp);
	/* z_out[i] < 2^101 */

	/* ftmp = z1 * z1z1 */
	smallfelem_mul(tmp, small1, small3);
	felem_reduce(ftmp, tmp);

	/* s2 = tmp = y2 * z1**3 */
	felem_small_mul(tmp, y2, ftmp);
	felem_reduce(ftmp5, tmp);

	/* r = ftmp5 = (s2 - s1)*2 */
	felem_diff_zero107(ftmp5, ftmp6);
	/* ftmp5[i] < 2^107 + 2^107 = 2^108 */
	felem_scalar(ftmp5, 2);
	/* ftmp5[i] < 2^109 */
	felem_shrink(small1, ftmp5);
	y_equal = smallfelem_is_zero(small1);

	if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
		point_double(x3, y3, z3, x1, y1, z1);
		return;
	}
	/* I = ftmp = (2h)**2 */
	felem_assign(ftmp, ftmp4);
	felem_scalar(ftmp, 2);
	/* ftmp[i] < 2*2^108 = 2^109 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);

	/* J = ftmp2 = h * I */
	felem_mul(tmp, ftmp4, ftmp);
	felem_reduce(ftmp2, tmp);

	/* V = ftmp4 = U1 * I */
	felem_mul(tmp, ftmp3, ftmp);
	felem_reduce(ftmp4, tmp);

	/* x_out = r**2 - J - 2V */
	smallfelem_square(tmp, small1);
	felem_reduce(x_out, tmp);
	felem_assign(ftmp3, ftmp4);
	felem_scalar(ftmp4, 2);
	felem_sum(ftmp4, ftmp2);
	/* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */
	felem_diff(x_out, ftmp4);
	/* x_out[i] < 2^105 + 2^101 */

	/* y_out = r(V-x_out) - 2 * s1 * J */
	felem_diff_zero107(ftmp3, x_out);
	/* ftmp3[i] < 2^107 + 2^101 < 2^108 */
	felem_small_mul(tmp, small1, ftmp3);
	felem_mul(tmp2, ftmp6, ftmp2);
	longfelem_scalar(tmp2, 2);
	/* tmp2[i] < 2*2^67 = 2^68 */
	longfelem_diff(tmp, tmp2);
	/* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
	felem_reduce_zero105(y_out, tmp);
	/* y_out[i] < 2^106 */

	copy_small_conditional(x_out, x2, z1_is_zero);
	copy_conditional(x_out, x1, z2_is_zero);
	copy_small_conditional(y_out, y2, z1_is_zero);
	copy_conditional(y_out, y1, z2_is_zero);
	copy_small_conditional(z_out, z2, z1_is_zero);
	copy_conditional(z_out, z1, z2_is_zero);
	felem_assign(x3, x_out);
	felem_assign(y3, y_out);
	felem_assign(z3, z_out);
}

/* point_add_small is the same as point_add, except that it operates on
 * smallfelems */
static void 
point_add_small(smallfelem x3, smallfelem y3, smallfelem z3,
    smallfelem x1, smallfelem y1, smallfelem z1,
    smallfelem x2, smallfelem y2, smallfelem z2)
{
	felem felem_x3, felem_y3, felem_z3;
	felem felem_x1, felem_y1, felem_z1;
	smallfelem_expand(felem_x1, x1);
	smallfelem_expand(felem_y1, y1);
	smallfelem_expand(felem_z1, z1);
	point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0, x2, y2, z2);
	felem_shrink(x3, felem_x3);
	felem_shrink(y3, felem_y3);
	felem_shrink(z3, felem_z3);
}

/* Base point pre computation
 * --------------------------
 *
 * Two different sorts of precomputed tables are used in the following code.
 * Each contain various points on the curve, where each point is three field
 * elements (x, y, z).
 *
 * For the base point table, z is usually 1 (0 for the point at infinity).
 * This table has 2 * 16 elements, starting with the following:
 * index | bits    | point
 * ------+---------+------------------------------
 *     0 | 0 0 0 0 | 0G
 *     1 | 0 0 0 1 | 1G
 *     2 | 0 0 1 0 | 2^64G
 *     3 | 0 0 1 1 | (2^64 + 1)G
 *     4 | 0 1 0 0 | 2^128G
 *     5 | 0 1 0 1 | (2^128 + 1)G
 *     6 | 0 1 1 0 | (2^128 + 2^64)G
 *     7 | 0 1 1 1 | (2^128 + 2^64 + 1)G
 *     8 | 1 0 0 0 | 2^192G
 *     9 | 1 0 0 1 | (2^192 + 1)G
 *    10 | 1 0 1 0 | (2^192 + 2^64)G
 *    11 | 1 0 1 1 | (2^192 + 2^64 + 1)G
 *    12 | 1 1 0 0 | (2^192 + 2^128)G
 *    13 | 1 1 0 1 | (2^192 + 2^128 + 1)G
 *    14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G
 *    15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G
 * followed by a copy of this with each element multiplied by 2^32.
 *
 * The reason for this is so that we can clock bits into four different
 * locations when doing simple scalar multiplies against the base point,
 * and then another four locations using the second 16 elements.
 *
 * Tables for other points have table[i] = iG for i in 0 .. 16. */

/* gmul is the table of precomputed base points */
static const smallfelem gmul[2][16][3] =
{{{{0, 0, 0, 0},
{0, 0, 0, 0},
{0, 0, 0, 0}},
{{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2, 0x6b17d1f2e12c4247},
{0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16, 0x4fe342e2fe1a7f9b},
{1, 0, 0, 0}},
{{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de, 0x0fa822bc2811aaa5},
{0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b, 0xbff44ae8f5dba80d},
{1, 0, 0, 0}},
{{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789, 0x300a4bbc89d6726f},
{0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f, 0x72aac7e0d09b4644},
{1, 0, 0, 0}},
{{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e, 0x447d739beedb5e67},
{0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7, 0x2d4825ab834131ee},
{1, 0, 0, 0}},
{{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60, 0xef9519328a9c72ff},
{0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c, 0x611e9fc37dbb2c9b},
{1, 0, 0, 0}},
{{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf, 0x550663797b51f5d8},
{0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5, 0x157164848aecb851},
{1, 0, 0, 0}},
{{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391, 0xeb5d7745b21141ea},
{0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee, 0xeafd72ebdbecc17b},
{1, 0, 0, 0}},
{{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5, 0xa6d39677a7849276},
{0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf, 0x674f84749b0b8816},
{1, 0, 0, 0}},
{{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb, 0x4e769e7672c9ddad},
{0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281, 0x42b99082de830663},
{1, 0, 0, 0}},
{{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478, 0x78878ef61c6ce04d},
{0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def, 0xb6cb3f5d7b72c321},
{1, 0, 0, 0}},
{{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae, 0x0c88bc4d716b1287},
{0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa, 0xdd5ddea3f3901dc6},
{1, 0, 0, 0}},
{{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3, 0x68f344af6b317466},
{0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3, 0x31b9c405f8540a20},
{1, 0, 0, 0}},
{{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0, 0x4052bf4b6f461db9},
{0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8, 0xfecf4d5190b0fc61},
{1, 0, 0, 0}},
{{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a, 0x1eddbae2c802e41a},
{0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0, 0x43104d86560ebcfc},
{1, 0, 0, 0}},
{{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a, 0xb48e26b484f7a21c},
{0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668, 0xfac015404d4d3dab},
{1, 0, 0, 0}}},
{{{0, 0, 0, 0},
{0, 0, 0, 0},
{0, 0, 0, 0}},
{{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da, 0x7fe36b40af22af89},
{0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1, 0xe697d45825b63624},
{1, 0, 0, 0}},
{{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902, 0x4a5b506612a677a6},
{0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40, 0xeb13461ceac089f1},
{1, 0, 0, 0}},
{{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857, 0x0781b8291c6a220a},
{0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434, 0x690cde8df0151593},
{1, 0, 0, 0}},
{{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326, 0x8a535f566ec73617},
{0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf, 0x0455c08468b08bd7},
{1, 0, 0, 0}},
{{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279, 0x06bada7ab77f8276},
{0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70, 0x5b476dfd0e6cb18a},
{1, 0, 0, 0}},
{{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8, 0x3e29864e8a2ec908},
{0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed, 0x239b90ea3dc31e7e},
{1, 0, 0, 0}},
{{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4, 0x820f4dd949f72ff7},
{0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3, 0x140406ec783a05ec},
{1, 0, 0, 0}},
{{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe, 0x68f6b8542783dfee},
{0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028, 0xcbe1feba92e40ce6},
{1, 0, 0, 0}},
{{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927, 0xd0b2f94d2f420109},
{0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a, 0x971459828b0719e5},
{1, 0, 0, 0}},
{{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687, 0x961610004a866aba},
{0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c, 0x7acb9fadcee75e44},
{1, 0, 0, 0}},
{{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea, 0x24eb9acca333bf5b},
{0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d, 0x69f891c5acd079cc},
{1, 0, 0, 0}},
{{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514, 0xe51f547c5972a107},
{0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06, 0x1c309a2b25bb1387},
{1, 0, 0, 0}},
{{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828, 0x20b87b8aa2c4e503},
{0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044, 0xf5c6fa49919776be},
{1, 0, 0, 0}},
{{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56, 0x1ed7d1b9332010b9},
{0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24, 0x3a2b03f03217257a},
{1, 0, 0, 0}},
{{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b, 0x15fee545c78dd9f6},
{0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb, 0x4ab5b6b2b8753f81},
{1, 0, 0, 0}}}};

/* select_point selects the |idx|th point from a precomputation table and
 * copies it to out. */
static void 
select_point(const u64 idx, unsigned int size, const smallfelem pre_comp[16][3], smallfelem out[3])
{
	unsigned i, j;
	u64 *outlimbs = &out[0][0];
	memset(outlimbs, 0, 3 * sizeof(smallfelem));

	for (i = 0; i < size; i++) {
		const u64 *inlimbs = (u64 *) & pre_comp[i][0][0];
		u64 mask = i ^ idx;
		mask |= mask >> 4;
		mask |= mask >> 2;
		mask |= mask >> 1;
		mask &= 1;
		mask--;
		for (j = 0; j < NLIMBS * 3; j++)
			outlimbs[j] |= inlimbs[j] & mask;
	}
}

/* get_bit returns the |i|th bit in |in| */
static char 
get_bit(const felem_bytearray in, int i)
{
	if ((i < 0) || (i >= 256))
		return 0;
	return (in[i >> 3] >> (i & 7)) & 1;
}

/* Interleaved point multiplication using precomputed point multiples:
 * The small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[],
 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
 * of the generator, using certain (large) precomputed multiples in g_pre_comp.
 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */
static void 
batch_mul(felem x_out, felem y_out, felem z_out,
    const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
    const int mixed, const smallfelem pre_comp[][17][3], const smallfelem g_pre_comp[2][16][3])
{
	int i, skip;
	unsigned num, gen_mul = (g_scalar != NULL);
	felem nq[3], ftmp;
	smallfelem tmp[3];
	u64 bits;
	u8 sign, digit;

	/* set nq to the point at infinity */
	memset(nq, 0, 3 * sizeof(felem));

	/*
	 * Loop over all scalars msb-to-lsb, interleaving additions of
	 * multiples of the generator (two in each of the last 32 rounds) and
	 * additions of other points multiples (every 5th round).
	 */
	skip = 1;		/* save two point operations in the first
				 * round */
	for (i = (num_points ? 255 : 31); i >= 0; --i) {
		/* double */
		if (!skip)
			point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);

		/* add multiples of the generator */
		if (gen_mul && (i <= 31)) {
			/* first, look 32 bits upwards */
			bits = get_bit(g_scalar, i + 224) << 3;
			bits |= get_bit(g_scalar, i + 160) << 2;
			bits |= get_bit(g_scalar, i + 96) << 1;
			bits |= get_bit(g_scalar, i + 32);
			/* select the point to add, in constant time */
			select_point(bits, 16, g_pre_comp[1], tmp);

			if (!skip) {
				point_add(nq[0], nq[1], nq[2],
				    nq[0], nq[1], nq[2],
				    1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
			} else {
				smallfelem_expand(nq[0], tmp[0]);
				smallfelem_expand(nq[1], tmp[1]);
				smallfelem_expand(nq[2], tmp[2]);
				skip = 0;
			}

			/* second, look at the current position */
			bits = get_bit(g_scalar, i + 192) << 3;
			bits |= get_bit(g_scalar, i + 128) << 2;
			bits |= get_bit(g_scalar, i + 64) << 1;
			bits |= get_bit(g_scalar, i);
			/* select the point to add, in constant time */
			select_point(bits, 16, g_pre_comp[0], tmp);
			point_add(nq[0], nq[1], nq[2],
			    nq[0], nq[1], nq[2],
			    1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
		}
		/* do other additions every 5 doublings */
		if (num_points && (i % 5 == 0)) {
			/* loop over all scalars */
			for (num = 0; num < num_points; ++num) {
				bits = get_bit(scalars[num], i + 4) << 5;
				bits |= get_bit(scalars[num], i + 3) << 4;
				bits |= get_bit(scalars[num], i + 2) << 3;
				bits |= get_bit(scalars[num], i + 1) << 2;
				bits |= get_bit(scalars[num], i) << 1;
				bits |= get_bit(scalars[num], i - 1);
				ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);

				/*
				 * select the point to add or subtract, in
				 * constant time
				 */
				select_point(digit, 17, pre_comp[num], tmp);
				smallfelem_neg(ftmp, tmp[1]);	/* (X, -Y, Z) is the
								 * negative point */
				copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1));
				felem_contract(tmp[1], ftmp);

				if (!skip) {
					point_add(nq[0], nq[1], nq[2],
					    nq[0], nq[1], nq[2],
					    mixed, tmp[0], tmp[1], tmp[2]);
				} else {
					smallfelem_expand(nq[0], tmp[0]);
					smallfelem_expand(nq[1], tmp[1]);
					smallfelem_expand(nq[2], tmp[2]);
					skip = 0;
				}
			}
		}
	}
	felem_assign(x_out, nq[0]);
	felem_assign(y_out, nq[1]);
	felem_assign(z_out, nq[2]);
}

/* Precomputation for the group generator. */
typedef struct {
	smallfelem g_pre_comp[2][16][3];
	int references;
} NISTP256_PRE_COMP;

const EC_METHOD *
EC_GFp_nistp256_method(void)
{
	static const EC_METHOD ret = {
		.flags = EC_FLAGS_DEFAULT_OCT,
		.field_type = NID_X9_62_prime_field,
		.group_init = ec_GFp_nistp256_group_init,
		.group_finish = ec_GFp_simple_group_finish,
		.group_clear_finish = ec_GFp_simple_group_clear_finish,
		.group_copy = ec_GFp_nist_group_copy,
		.group_set_curve = ec_GFp_nistp256_group_set_curve,
		.group_get_curve = ec_GFp_simple_group_get_curve,
		.group_get_degree = ec_GFp_simple_group_get_degree,
		.group_check_discriminant =
		ec_GFp_simple_group_check_discriminant,
		.point_init = ec_GFp_simple_point_init,
		.point_finish = ec_GFp_simple_point_finish,
		.point_clear_finish = ec_GFp_simple_point_clear_finish,
		.point_copy = ec_GFp_simple_point_copy,
		.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
		.point_set_Jprojective_coordinates_GFp =
		ec_GFp_simple_set_Jprojective_coordinates_GFp,
		.point_get_Jprojective_coordinates_GFp =
		ec_GFp_simple_get_Jprojective_coordinates_GFp,
		.point_set_affine_coordinates =
		ec_GFp_simple_point_set_affine_coordinates,
		.point_get_affine_coordinates =
		ec_GFp_nistp256_point_get_affine_coordinates,
		.add = ec_GFp_simple_add,
		.dbl = ec_GFp_simple_dbl,
		.invert = ec_GFp_simple_invert,
		.is_at_infinity = ec_GFp_simple_is_at_infinity,
		.is_on_curve = ec_GFp_simple_is_on_curve,
		.point_cmp = ec_GFp_simple_cmp,
		.make_affine = ec_GFp_simple_make_affine,
		.points_make_affine = ec_GFp_simple_points_make_affine,
		.mul = ec_GFp_nistp256_points_mul,
		.precompute_mult = ec_GFp_nistp256_precompute_mult,
		.have_precompute_mult = ec_GFp_nistp256_have_precompute_mult,
		.field_mul = ec_GFp_nist_field_mul,
		.field_sqr = ec_GFp_nist_field_sqr
	};

	return &ret;
}

/******************************************************************************/
/*		       FUNCTIONS TO MANAGE PRECOMPUTATION
 */

static NISTP256_PRE_COMP *
nistp256_pre_comp_new()
{
	NISTP256_PRE_COMP *ret = NULL;
	ret = malloc(sizeof *ret);
	if (!ret) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return ret;
	}
	memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
	ret->references = 1;
	return ret;
}

static void *
nistp256_pre_comp_dup(void *src_)
{
	NISTP256_PRE_COMP *src = src_;

	/* no need to actually copy, these objects never change! */
	CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);

	return src_;
}

static void 
nistp256_pre_comp_free(void *pre_)
{
	int i;
	NISTP256_PRE_COMP *pre = pre_;

	if (!pre)
		return;

	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
	if (i > 0)
		return;

	free(pre);
}

static void 
nistp256_pre_comp_clear_free(void *pre_)
{
	int i;
	NISTP256_PRE_COMP *pre = pre_;

	if (!pre)
		return;

	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
	if (i > 0)
		return;

	explicit_bzero(pre, sizeof *pre);
	free(pre);
}

/******************************************************************************/
/*			   OPENSSL EC_METHOD FUNCTIONS
 */

int 
ec_GFp_nistp256_group_init(EC_GROUP * group)
{
	int ret;
	ret = ec_GFp_simple_group_init(group);
	group->a_is_minus3 = 1;
	return ret;
}

int 
ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p,
    const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
	int ret = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *curve_p, *curve_a, *curve_b;

	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
	    ((curve_a = BN_CTX_get(ctx)) == NULL) ||
	    ((curve_b = BN_CTX_get(ctx)) == NULL))
		goto err;
	BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p);
	BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a);
	BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b);
	if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
	    (BN_cmp(curve_b, b))) {
		ECerror(EC_R_WRONG_CURVE_PARAMETERS);
		goto err;
	}
	group->field_mod_func = BN_nist_mod_256;
	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}

/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
 * (X', Y') = (X/Z^2, Y/Z^3) */
int 
ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
    const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
	felem z1, z2, x_in, y_in;
	smallfelem x_out, y_out;
	longfelem tmp;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerror(EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
	    (!BN_to_felem(z1, &point->Z)))
		return 0;
	felem_inv(z2, z1);
	felem_square(tmp, z2);
	felem_reduce(z1, tmp);
	felem_mul(tmp, x_in, z1);
	felem_reduce(x_in, tmp);
	felem_contract(x_out, x_in);
	if (x != NULL) {
		if (!smallfelem_to_BN(x, x_out)) {
			ECerror(ERR_R_BN_LIB);
			return 0;
		}
	}
	felem_mul(tmp, z1, z2);
	felem_reduce(z1, tmp);
	felem_mul(tmp, y_in, z1);
	felem_reduce(y_in, tmp);
	felem_contract(y_out, y_in);
	if (y != NULL) {
		if (!smallfelem_to_BN(y, y_out)) {
			ECerror(ERR_R_BN_LIB);
			return 0;
		}
	}
	return 1;
}

static void 
make_points_affine(size_t num, smallfelem points[ /* num */ ][3], smallfelem tmp_smallfelems[ /* num+1 */ ])
{
	/*
	 * Runs in constant time, unless an input is the point at infinity
	 * (which normally shouldn't happen).
	 */
	ec_GFp_nistp_points_make_affine_internal(
	    num,
	    points,
	    sizeof(smallfelem),
	    tmp_smallfelems,
	    (void (*) (void *)) smallfelem_one,
	    (int (*) (const void *)) smallfelem_is_zero_int,
	    (void (*) (void *, const void *)) smallfelem_assign,
	    (void (*) (void *, const void *)) smallfelem_square_contract,
	    (void (*) (void *, const void *, const void *)) smallfelem_mul_contract,
	    (void (*) (void *, const void *)) smallfelem_inv_contract,
	    (void (*) (void *, const void *)) smallfelem_assign /* nothing to contract */ );
}

/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values
 * Result is stored in r (r can equal one of the inputs). */
int 
ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
    const BIGNUM * scalar, size_t num, const EC_POINT * points[],
    const BIGNUM * scalars[], BN_CTX * ctx)
{
	int ret = 0;
	int j;
	int mixed = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y, *z, *tmp_scalar;
	felem_bytearray g_secret;
	felem_bytearray *secrets = NULL;
	smallfelem(*pre_comp)[17][3] = NULL;
	smallfelem *tmp_smallfelems = NULL;
	felem_bytearray tmp;
	unsigned i, num_bytes;
	int have_pre_comp = 0;
	size_t num_points = num;
	smallfelem x_in, y_in, z_in;
	felem x_out, y_out, z_out;
	NISTP256_PRE_COMP *pre = NULL;
	const smallfelem(*g_pre_comp)[16][3] = NULL;
	EC_POINT *generator = NULL;
	const EC_POINT *p = NULL;
	const BIGNUM *p_scalar = NULL;

	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((x = BN_CTX_get(ctx)) == NULL) ||
	    ((y = BN_CTX_get(ctx)) == NULL) ||
	    ((z = BN_CTX_get(ctx)) == NULL) ||
	    ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
		goto err;

	if (scalar != NULL) {
		pre = EC_EX_DATA_get_data(group->extra_data,
		    nistp256_pre_comp_dup, nistp256_pre_comp_free,
		    nistp256_pre_comp_clear_free);
		if (pre)
			/* we have precomputation, try to use it */
			g_pre_comp = (const smallfelem(*)[16][3]) pre->g_pre_comp;
		else
			/* try to use the standard precomputation */
			g_pre_comp = &gmul[0];
		generator = EC_POINT_new(group);
		if (generator == NULL)
			goto err;
		/* get the generator from precomputation */
		if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) ||
		    !smallfelem_to_BN(y, g_pre_comp[0][1][1]) ||
		    !smallfelem_to_BN(z, g_pre_comp[0][1][2])) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
		if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
			generator, x, y, z, ctx))
			goto err;
		if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
			/* precomputation matches generator */
			have_pre_comp = 1;
		else
			/*
			 * we don't have valid precomputation: treat the
			 * generator as a random point
			 */
			num_points++;
	}
	if (num_points > 0) {
		if (num_points >= 3) {
			/*
			 * unless we precompute multiples for just one or two
			 * points, converting those into affine form is time
			 * well spent
			 */
			mixed = 1;
		}
		secrets = calloc(num_points, sizeof(felem_bytearray));
		pre_comp = calloc(num_points, 17 * 3 * sizeof(smallfelem));
		if (mixed) {
			/* XXX should do more int overflow checking */
			tmp_smallfelems = reallocarray(NULL,
			    (num_points * 17 + 1), sizeof(smallfelem));
		}
		if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/*
		 * we treat NULL scalars as 0, and NULL points as points at
		 * infinity, i.e., they contribute nothing to the linear
		 * combination
		 */
		for (i = 0; i < num_points; ++i) {
			if (i == num)
				/*
				 * we didn't have a valid precomputation, so
				 * we pick the generator
				 */
			{
				p = EC_GROUP_get0_generator(group);
				p_scalar = scalar;
			} else
				/* the i^th point */
			{
				p = points[i];
				p_scalar = scalars[i];
			}
			if ((p_scalar != NULL) && (p != NULL)) {
				/* reduce scalar to 0 <= scalar < 2^256 */
				if ((BN_num_bits(p_scalar) > 256) || (BN_is_negative(p_scalar))) {
					/*
					 * this is an unusual input, and we
					 * don't guarantee constant-timeness
					 */
					if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
						ECerror(ERR_R_BN_LIB);
						goto err;
					}
					num_bytes = BN_bn2bin(tmp_scalar, tmp);
				} else
					num_bytes = BN_bn2bin(p_scalar, tmp);
				flip_endian(secrets[i], tmp, num_bytes);
				/* precompute multiples */
				if ((!BN_to_felem(x_out, &p->X)) ||
				    (!BN_to_felem(y_out, &p->Y)) ||
				    (!BN_to_felem(z_out, &p->Z)))
					goto err;
				felem_shrink(pre_comp[i][1][0], x_out);
				felem_shrink(pre_comp[i][1][1], y_out);
				felem_shrink(pre_comp[i][1][2], z_out);
				for (j = 2; j <= 16; ++j) {
					if (j & 1) {
						point_add_small(
						    pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2],
						    pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2],
						    pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], pre_comp[i][j - 1][2]);
					} else {
						point_double_small(
						    pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2],
						    pre_comp[i][j / 2][0], pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]);
					}
				}
			}
		}
		if (mixed)
			make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems);
	}
	/* the scalar for the generator */
	if ((scalar != NULL) && (have_pre_comp)) {
		memset(g_secret, 0, sizeof(g_secret));
		/* reduce scalar to 0 <= scalar < 2^256 */
		if ((BN_num_bits(scalar) > 256) || (BN_is_negative(scalar))) {
			/*
			 * this is an unusual input, and we don't guarantee
			 * constant-timeness
			 */
			if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
				ECerror(ERR_R_BN_LIB);
				goto err;
			}
			num_bytes = BN_bn2bin(tmp_scalar, tmp);
		} else
			num_bytes = BN_bn2bin(scalar, tmp);
		flip_endian(g_secret, tmp, num_bytes);
		/* do the multiplication with generator precomputation */
		batch_mul(x_out, y_out, z_out,
		    (const felem_bytearray(*)) secrets, num_points,
		    g_secret,
		    mixed, (const smallfelem(*)[17][3]) pre_comp,
		    g_pre_comp);
	} else
		/* do the multiplication without generator precomputation */
		batch_mul(x_out, y_out, z_out,
		    (const felem_bytearray(*)) secrets, num_points,
		    NULL, mixed, (const smallfelem(*)[17][3]) pre_comp, NULL);
	/* reduce the output to its unique minimal representation */
	felem_contract(x_in, x_out);
	felem_contract(y_in, y_out);
	felem_contract(z_in, z_out);
	if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) ||
	    (!smallfelem_to_BN(z, z_in))) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);

err:
	BN_CTX_end(ctx);
	EC_POINT_free(generator);
	BN_CTX_free(new_ctx);
	free(secrets);
	free(pre_comp);
	free(tmp_smallfelems);
	return ret;
}

int 
ec_GFp_nistp256_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
{
	int ret = 0;
	NISTP256_PRE_COMP *pre = NULL;
	int i, j;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y;
	EC_POINT *generator = NULL;
	smallfelem tmp_smallfelems[32];
	felem x_tmp, y_tmp, z_tmp;

	/* throw away old precomputation */
	EC_EX_DATA_free_data(&group->extra_data, nistp256_pre_comp_dup,
	    nistp256_pre_comp_free, nistp256_pre_comp_clear_free);
	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((x = BN_CTX_get(ctx)) == NULL) ||
	    ((y = BN_CTX_get(ctx)) == NULL))
		goto err;
	/* get the generator */
	if (group->generator == NULL)
		goto err;
	generator = EC_POINT_new(group);
	if (generator == NULL)
		goto err;
	BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
	BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
	if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
		goto err;
	if ((pre = nistp256_pre_comp_new()) == NULL)
		goto err;
	/* if the generator is the standard one, use built-in precomputation */
	if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
		memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
		ret = 1;
		goto err;
	}
	if ((!BN_to_felem(x_tmp, &group->generator->X)) ||
	    (!BN_to_felem(y_tmp, &group->generator->Y)) ||
	    (!BN_to_felem(z_tmp, &group->generator->Z)))
		goto err;
	felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
	felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
	felem_shrink(pre->g_pre_comp[0][1][2], z_tmp);
	/*
	 * compute 2^64*G, 2^128*G, 2^192*G for the first table, 2^32*G,
	 * 2^96*G, 2^160*G, 2^224*G for the second one
	 */
	for (i = 1; i <= 8; i <<= 1) {
		point_double_small(
		    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2],
		    pre->g_pre_comp[0][i][0], pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]);
		for (j = 0; j < 31; ++j) {
			point_double_small(
			    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2],
			    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
		}
		if (i == 8)
			break;
		point_double_small(
		    pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2],
		    pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
		for (j = 0; j < 31; ++j) {
			point_double_small(
			    pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2],
			    pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2]);
		}
	}
	for (i = 0; i < 2; i++) {
		/* g_pre_comp[i][0] is the point at infinity */
		memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
		/* the remaining multiples */
		/* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */
		point_add_small(
		    pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], pre->g_pre_comp[i][6][2],
		    pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
		    pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], pre->g_pre_comp[i][2][2]);
		/* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */
		point_add_small(
		    pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], pre->g_pre_comp[i][10][2],
		    pre->g_pre_comp[i][8][0], pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
		    pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], pre->g_pre_comp[i][2][2]);
		/* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */
		point_add_small(
		    pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
		    pre->g_pre_comp[i][8][0], pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
		    pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2]);
		/*
		 * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G +
		 * 2^224*G
		 */
		point_add_small(
		    pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], pre->g_pre_comp[i][14][2],
		    pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
		    pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], pre->g_pre_comp[i][2][2]);
		for (j = 1; j < 8; ++j) {
			/* odd multiples: add G resp. 2^32*G */
			point_add_small(
			    pre->g_pre_comp[i][2 * j + 1][0], pre->g_pre_comp[i][2 * j + 1][1], pre->g_pre_comp[i][2 * j + 1][2],
			    pre->g_pre_comp[i][2 * j][0], pre->g_pre_comp[i][2 * j][1], pre->g_pre_comp[i][2 * j][2],
			    pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1], pre->g_pre_comp[i][1][2]);
		}
	}
	make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);

	if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp256_pre_comp_dup,
		nistp256_pre_comp_free, nistp256_pre_comp_clear_free))
		goto err;
	ret = 1;
	pre = NULL;
err:
	BN_CTX_end(ctx);
	EC_POINT_free(generator);
	BN_CTX_free(new_ctx);
	nistp256_pre_comp_free(pre);
	return ret;
}

int 
ec_GFp_nistp256_have_precompute_mult(const EC_GROUP * group)
{
	if (EC_EX_DATA_get_data(group->extra_data, nistp256_pre_comp_dup,
		nistp256_pre_comp_free, nistp256_pre_comp_clear_free)
	    != NULL)
		return 1;
	else
		return 0;
}
#endif
Added jni/libressl/crypto/ec/ecp_nistp521.c.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
/* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Adam Langley (Google) for the OpenSSL project
 */
/*
 * Copyright (c) 2011 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication
 *
 * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
 * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
 * work which got its smarts from Daniel J. Bernstein's work on the same.
 */

#include <stdint.h>
#include <string.h>

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128

#include <openssl/err.h>
#include "ec_lcl.h"

#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
  /* even with gcc, the typedef won't work for 32-bit platforms */
  typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit platforms */
#else
  #error "Need GCC 3.1 or later to define type uint128_t"
#endif

typedef uint8_t u8;
typedef uint64_t u64;
typedef int64_t s64;

/* The underlying field.
 *
 * P521 operates over GF(2^521-1). We can serialise an element of this field
 * into 66 bytes where the most significant byte contains only a single bit. We
 * call this an felem_bytearray. */

typedef u8 felem_bytearray[66];

/* These are the parameters of P521, taken from FIPS 186-3, section D.1.2.5.
 * These values are big-endian. */
static const felem_bytearray nistp521_curve_params[5] =
	{
	{0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,  /* p */
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff},
	{0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,  /* a = -3 */
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	 0xff, 0xfc},
	{0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c,  /* b */
	 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85,
	 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3,
	 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1,
	 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
	 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1,
	 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c,
	 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50,
	 0x3f, 0x00},
	{0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04,  /* x */
	 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95,
	 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
	 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d,
	 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
	 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
	 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a,
	 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5,
	 0xbd, 0x66},
	{0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b,  /* y */
	 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d,
	 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
	 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e,
	 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
	 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
	 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72,
	 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1,
	 0x66, 0x50}
	};

/* The representation of field elements.
 * ------------------------------------
 *
 * We represent field elements with nine values. These values are either 64 or
 * 128 bits and the field element represented is:
 *   v[0]*2^0 + v[1]*2^58 + v[2]*2^116 + ... + v[8]*2^464  (mod p)
 * Each of the nine values is called a 'limb'. Since the limbs are spaced only
 * 58 bits apart, but are greater than 58 bits in length, the most significant
 * bits of each limb overlap with the least significant bits of the next.
 *
 * A field element with 64-bit limbs is an 'felem'. One with 128-bit limbs is a
 * 'largefelem' */

#define NLIMBS 9

typedef uint64_t limb;
typedef limb felem[NLIMBS];
typedef uint128_t largefelem[NLIMBS];

static const limb bottom57bits = 0x1ffffffffffffff;
static const limb bottom58bits = 0x3ffffffffffffff;

/* bin66_to_felem takes a little-endian byte array and converts it into felem
 * form. This assumes that the CPU is little-endian. */
static void 
bin66_to_felem(felem out, const u8 in[66])
{
	out[0] = (*((limb *) & in[0])) & bottom58bits;
	out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits;
	out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits;
	out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits;
	out[4] = (*((limb *) & in[29])) & bottom58bits;
	out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits;
	out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits;
	out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits;
	out[8] = (*((limb *) & in[58])) & bottom57bits;
}

/* felem_to_bin66 takes an felem and serialises into a little endian, 66 byte
 * array. This assumes that the CPU is little-endian. */
static void 
felem_to_bin66(u8 out[66], const felem in)
{
	memset(out, 0, 66);
	(*((limb *) & out[0])) = in[0];
	(*((limb *) & out[7])) |= in[1] << 2;
	(*((limb *) & out[14])) |= in[2] << 4;
	(*((limb *) & out[21])) |= in[3] << 6;
	(*((limb *) & out[29])) = in[4];
	(*((limb *) & out[36])) |= in[5] << 2;
	(*((limb *) & out[43])) |= in[6] << 4;
	(*((limb *) & out[50])) |= in[7] << 6;
	(*((limb *) & out[58])) = in[8];
}

/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
static void 
flip_endian(u8 * out, const u8 * in, unsigned len)
{
	unsigned i;
	for (i = 0; i < len; ++i)
		out[i] = in[len - 1 - i];
}

/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
static int 
BN_to_felem(felem out, const BIGNUM * bn)
{
	felem_bytearray b_in;
	felem_bytearray b_out;
	unsigned num_bytes;

	/* BN_bn2bin eats leading zeroes */
	memset(b_out, 0, sizeof b_out);
	num_bytes = BN_num_bytes(bn);
	if (num_bytes > sizeof b_out) {
		ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
		return 0;
	}
	if (BN_is_negative(bn)) {
		ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
		return 0;
	}
	num_bytes = BN_bn2bin(bn, b_in);
	flip_endian(b_out, b_in, num_bytes);
	bin66_to_felem(out, b_out);
	return 1;
}

/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
static BIGNUM *
felem_to_BN(BIGNUM * out, const felem in)
{
	felem_bytearray b_in, b_out;
	felem_to_bin66(b_in, in);
	flip_endian(b_out, b_in, sizeof b_out);
	return BN_bin2bn(b_out, sizeof b_out, out);
}


/* Field operations
 * ---------------- */

static void 
felem_one(felem out)
{
	out[0] = 1;
	out[1] = 0;
	out[2] = 0;
	out[3] = 0;
	out[4] = 0;
	out[5] = 0;
	out[6] = 0;
	out[7] = 0;
	out[8] = 0;
}

static void 
felem_assign(felem out, const felem in)
{
	out[0] = in[0];
	out[1] = in[1];
	out[2] = in[2];
	out[3] = in[3];
	out[4] = in[4];
	out[5] = in[5];
	out[6] = in[6];
	out[7] = in[7];
	out[8] = in[8];
}

/* felem_sum64 sets out = out + in. */
static void 
felem_sum64(felem out, const felem in)
{
	out[0] += in[0];
	out[1] += in[1];
	out[2] += in[2];
	out[3] += in[3];
	out[4] += in[4];
	out[5] += in[5];
	out[6] += in[6];
	out[7] += in[7];
	out[8] += in[8];
}

/* felem_scalar sets out = in * scalar */
static void 
felem_scalar(felem out, const felem in, limb scalar)
{
	out[0] = in[0] * scalar;
	out[1] = in[1] * scalar;
	out[2] = in[2] * scalar;
	out[3] = in[3] * scalar;
	out[4] = in[4] * scalar;
	out[5] = in[5] * scalar;
	out[6] = in[6] * scalar;
	out[7] = in[7] * scalar;
	out[8] = in[8] * scalar;
}

/* felem_scalar64 sets out = out * scalar */
static void 
felem_scalar64(felem out, limb scalar)
{
	out[0] *= scalar;
	out[1] *= scalar;
	out[2] *= scalar;
	out[3] *= scalar;
	out[4] *= scalar;
	out[5] *= scalar;
	out[6] *= scalar;
	out[7] *= scalar;
	out[8] *= scalar;
}

/* felem_scalar128 sets out = out * scalar */
static void 
felem_scalar128(largefelem out, limb scalar)
{
	out[0] *= scalar;
	out[1] *= scalar;
	out[2] *= scalar;
	out[3] *= scalar;
	out[4] *= scalar;
	out[5] *= scalar;
	out[6] *= scalar;
	out[7] *= scalar;
	out[8] *= scalar;
}

/* felem_neg sets |out| to |-in|
 * On entry:
 *   in[i] < 2^59 + 2^14
 * On exit:
 *   out[i] < 2^62
 */
static void 
felem_neg(felem out, const felem in)
{
	/* In order to prevent underflow, we subtract from 0 mod p. */
	static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
	static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);

	out[0] = two62m3 - in[0];
	out[1] = two62m2 - in[1];
	out[2] = two62m2 - in[2];
	out[3] = two62m2 - in[3];
	out[4] = two62m2 - in[4];
	out[5] = two62m2 - in[5];
	out[6] = two62m2 - in[6];
	out[7] = two62m2 - in[7];
	out[8] = two62m2 - in[8];
}

/* felem_diff64 subtracts |in| from |out|
 * On entry:
 *   in[i] < 2^59 + 2^14
 * On exit:
 *   out[i] < out[i] + 2^62
 */
static void 
felem_diff64(felem out, const felem in)
{
	/* In order to prevent underflow, we add 0 mod p before subtracting. */
	static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
	static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);

	out[0] += two62m3 - in[0];
	out[1] += two62m2 - in[1];
	out[2] += two62m2 - in[2];
	out[3] += two62m2 - in[3];
	out[4] += two62m2 - in[4];
	out[5] += two62m2 - in[5];
	out[6] += two62m2 - in[6];
	out[7] += two62m2 - in[7];
	out[8] += two62m2 - in[8];
}

/* felem_diff_128_64 subtracts |in| from |out|
 * On entry:
 *   in[i] < 2^62 + 2^17
 * On exit:
 *   out[i] < out[i] + 2^63
 */
static void 
felem_diff_128_64(largefelem out, const felem in)
{
	/* In order to prevent underflow, we add 0 mod p before subtracting. */
	static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
	static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);

	out[0] += two63m6 - in[0];
	out[1] += two63m5 - in[1];
	out[2] += two63m5 - in[2];
	out[3] += two63m5 - in[3];
	out[4] += two63m5 - in[4];
	out[5] += two63m5 - in[5];
	out[6] += two63m5 - in[6];
	out[7] += two63m5 - in[7];
	out[8] += two63m5 - in[8];
}

/* felem_diff_128_64 subtracts |in| from |out|
 * On entry:
 *   in[i] < 2^126
 * On exit:
 *   out[i] < out[i] + 2^127 - 2^69
 */
static void 
felem_diff128(largefelem out, const largefelem in)
{
	/* In order to prevent underflow, we add 0 mod p before subtracting. */
	static const uint128_t two127m70 = (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70);
	static const uint128_t two127m69 = (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69);

	out[0] += (two127m70 - in[0]);
	out[1] += (two127m69 - in[1]);
	out[2] += (two127m69 - in[2]);
	out[3] += (two127m69 - in[3]);
	out[4] += (two127m69 - in[4]);
	out[5] += (two127m69 - in[5]);
	out[6] += (two127m69 - in[6]);
	out[7] += (two127m69 - in[7]);
	out[8] += (two127m69 - in[8]);
}

/* felem_square sets |out| = |in|^2
 * On entry:
 *   in[i] < 2^62
 * On exit:
 *   out[i] < 17 * max(in[i]) * max(in[i])
 */
static void 
felem_square(largefelem out, const felem in)
{
	felem inx2, inx4;
	felem_scalar(inx2, in, 2);
	felem_scalar(inx4, in, 4);

	/*
	 * We have many cases were we want to do in[x] * in[y] + in[y] *
	 * in[x] This is obviously just 2 * in[x] * in[y] However, rather
	 * than do the doubling on the 128 bit result, we double one of the
	 * inputs to the multiplication by reading from |inx2|
	 */

	out[0] = ((uint128_t) in[0]) * in[0];
	out[1] = ((uint128_t) in[0]) * inx2[1];
	out[2] = ((uint128_t) in[0]) * inx2[2] +
	    ((uint128_t) in[1]) * in[1];
	out[3] = ((uint128_t) in[0]) * inx2[3] +
	    ((uint128_t) in[1]) * inx2[2];
	out[4] = ((uint128_t) in[0]) * inx2[4] +
	    ((uint128_t) in[1]) * inx2[3] +
	    ((uint128_t) in[2]) * in[2];
	out[5] = ((uint128_t) in[0]) * inx2[5] +
	    ((uint128_t) in[1]) * inx2[4] +
	    ((uint128_t) in[2]) * inx2[3];
	out[6] = ((uint128_t) in[0]) * inx2[6] +
	    ((uint128_t) in[1]) * inx2[5] +
	    ((uint128_t) in[2]) * inx2[4] +
	    ((uint128_t) in[3]) * in[3];
	out[7] = ((uint128_t) in[0]) * inx2[7] +
	    ((uint128_t) in[1]) * inx2[6] +
	    ((uint128_t) in[2]) * inx2[5] +
	    ((uint128_t) in[3]) * inx2[4];
	out[8] = ((uint128_t) in[0]) * inx2[8] +
	    ((uint128_t) in[1]) * inx2[7] +
	    ((uint128_t) in[2]) * inx2[6] +
	    ((uint128_t) in[3]) * inx2[5] +
	    ((uint128_t) in[4]) * in[4];

	/*
	 * The remaining limbs fall above 2^521, with the first falling at
	 * 2^522. They correspond to locations one bit up from the limbs
	 * produced above so we would have to multiply by two to align them.
	 * Again, rather than operate on the 128-bit result, we double one of
	 * the inputs to the multiplication. If we want to double for both
	 * this reason, and the reason above, then we end up multiplying by
	 * four.
	 */

	/* 9 */
	out[0] += ((uint128_t) in[1]) * inx4[8] +
	    ((uint128_t) in[2]) * inx4[7] +
	    ((uint128_t) in[3]) * inx4[6] +
	    ((uint128_t) in[4]) * inx4[5];

	/* 10 */
	out[1] += ((uint128_t) in[2]) * inx4[8] +
	    ((uint128_t) in[3]) * inx4[7] +
	    ((uint128_t) in[4]) * inx4[6] +
	    ((uint128_t) in[5]) * inx2[5];

	/* 11 */
	out[2] += ((uint128_t) in[3]) * inx4[8] +
	    ((uint128_t) in[4]) * inx4[7] +
	    ((uint128_t) in[5]) * inx4[6];

	/* 12 */
	out[3] += ((uint128_t) in[4]) * inx4[8] +
	    ((uint128_t) in[5]) * inx4[7] +
	    ((uint128_t) in[6]) * inx2[6];

	/* 13 */
	out[4] += ((uint128_t) in[5]) * inx4[8] +
	    ((uint128_t) in[6]) * inx4[7];

	/* 14 */
	out[5] += ((uint128_t) in[6]) * inx4[8] +
	    ((uint128_t) in[7]) * inx2[7];

	/* 15 */
	out[6] += ((uint128_t) in[7]) * inx4[8];

	/* 16 */
	out[7] += ((uint128_t) in[8]) * inx2[8];
}

/* felem_mul sets |out| = |in1| * |in2|
 * On entry:
 *   in1[i] < 2^64
 *   in2[i] < 2^63
 * On exit:
 *   out[i] < 17 * max(in1[i]) * max(in2[i])
 */
static void 
felem_mul(largefelem out, const felem in1, const felem in2)
{
	felem in2x2;
	felem_scalar(in2x2, in2, 2);

	out[0] = ((uint128_t) in1[0]) * in2[0];

	out[1] = ((uint128_t) in1[0]) * in2[1] +
	    ((uint128_t) in1[1]) * in2[0];

	out[2] = ((uint128_t) in1[0]) * in2[2] +
	    ((uint128_t) in1[1]) * in2[1] +
	    ((uint128_t) in1[2]) * in2[0];

	out[3] = ((uint128_t) in1[0]) * in2[3] +
	    ((uint128_t) in1[1]) * in2[2] +
	    ((uint128_t) in1[2]) * in2[1] +
	    ((uint128_t) in1[3]) * in2[0];

	out[4] = ((uint128_t) in1[0]) * in2[4] +
	    ((uint128_t) in1[1]) * in2[3] +
	    ((uint128_t) in1[2]) * in2[2] +
	    ((uint128_t) in1[3]) * in2[1] +
	    ((uint128_t) in1[4]) * in2[0];

	out[5] = ((uint128_t) in1[0]) * in2[5] +
	    ((uint128_t) in1[1]) * in2[4] +
	    ((uint128_t) in1[2]) * in2[3] +
	    ((uint128_t) in1[3]) * in2[2] +
	    ((uint128_t) in1[4]) * in2[1] +
	    ((uint128_t) in1[5]) * in2[0];

	out[6] = ((uint128_t) in1[0]) * in2[6] +
	    ((uint128_t) in1[1]) * in2[5] +
	    ((uint128_t) in1[2]) * in2[4] +
	    ((uint128_t) in1[3]) * in2[3] +
	    ((uint128_t) in1[4]) * in2[2] +
	    ((uint128_t) in1[5]) * in2[1] +
	    ((uint128_t) in1[6]) * in2[0];

	out[7] = ((uint128_t) in1[0]) * in2[7] +
	    ((uint128_t) in1[1]) * in2[6] +
	    ((uint128_t) in1[2]) * in2[5] +
	    ((uint128_t) in1[3]) * in2[4] +
	    ((uint128_t) in1[4]) * in2[3] +
	    ((uint128_t) in1[5]) * in2[2] +
	    ((uint128_t) in1[6]) * in2[1] +
	    ((uint128_t) in1[7]) * in2[0];

	out[8] = ((uint128_t) in1[0]) * in2[8] +
	    ((uint128_t) in1[1]) * in2[7] +
	    ((uint128_t) in1[2]) * in2[6] +
	    ((uint128_t) in1[3]) * in2[5] +
	    ((uint128_t) in1[4]) * in2[4] +
	    ((uint128_t) in1[5]) * in2[3] +
	    ((uint128_t) in1[6]) * in2[2] +
	    ((uint128_t) in1[7]) * in2[1] +
	    ((uint128_t) in1[8]) * in2[0];

	/* See comment in felem_square about the use of in2x2 here */

	out[0] += ((uint128_t) in1[1]) * in2x2[8] +
	    ((uint128_t) in1[2]) * in2x2[7] +
	    ((uint128_t) in1[3]) * in2x2[6] +
	    ((uint128_t) in1[4]) * in2x2[5] +
	    ((uint128_t) in1[5]) * in2x2[4] +
	    ((uint128_t) in1[6]) * in2x2[3] +
	    ((uint128_t) in1[7]) * in2x2[2] +
	    ((uint128_t) in1[8]) * in2x2[1];

	out[1] += ((uint128_t) in1[2]) * in2x2[8] +
	    ((uint128_t) in1[3]) * in2x2[7] +
	    ((uint128_t) in1[4]) * in2x2[6] +
	    ((uint128_t) in1[5]) * in2x2[5] +
	    ((uint128_t) in1[6]) * in2x2[4] +
	    ((uint128_t) in1[7]) * in2x2[3] +
	    ((uint128_t) in1[8]) * in2x2[2];

	out[2] += ((uint128_t) in1[3]) * in2x2[8] +
	    ((uint128_t) in1[4]) * in2x2[7] +
	    ((uint128_t) in1[5]) * in2x2[6] +
	    ((uint128_t) in1[6]) * in2x2[5] +
	    ((uint128_t) in1[7]) * in2x2[4] +
	    ((uint128_t) in1[8]) * in2x2[3];

	out[3] += ((uint128_t) in1[4]) * in2x2[8] +
	    ((uint128_t) in1[5]) * in2x2[7] +
	    ((uint128_t) in1[6]) * in2x2[6] +
	    ((uint128_t) in1[7]) * in2x2[5] +
	    ((uint128_t) in1[8]) * in2x2[4];

	out[4] += ((uint128_t) in1[5]) * in2x2[8] +
	    ((uint128_t) in1[6]) * in2x2[7] +
	    ((uint128_t) in1[7]) * in2x2[6] +
	    ((uint128_t) in1[8]) * in2x2[5];

	out[5] += ((uint128_t) in1[6]) * in2x2[8] +
	    ((uint128_t) in1[7]) * in2x2[7] +
	    ((uint128_t) in1[8]) * in2x2[6];

	out[6] += ((uint128_t) in1[7]) * in2x2[8] +
	    ((uint128_t) in1[8]) * in2x2[7];

	out[7] += ((uint128_t) in1[8]) * in2x2[8];
}

static const limb bottom52bits = 0xfffffffffffff;

/* felem_reduce converts a largefelem to an felem.
 * On entry:
 *   in[i] < 2^128
 * On exit:
 *   out[i] < 2^59 + 2^14
 */
static void 
felem_reduce(felem out, const largefelem in)
{
	u64 overflow1, overflow2;

	out[0] = ((limb) in[0]) & bottom58bits;
	out[1] = ((limb) in[1]) & bottom58bits;
	out[2] = ((limb) in[2]) & bottom58bits;
	out[3] = ((limb) in[3]) & bottom58bits;
	out[4] = ((limb) in[4]) & bottom58bits;
	out[5] = ((limb) in[5]) & bottom58bits;
	out[6] = ((limb) in[6]) & bottom58bits;
	out[7] = ((limb) in[7]) & bottom58bits;
	out[8] = ((limb) in[8]) & bottom58bits;

	/* out[i] < 2^58 */

	out[1] += ((limb) in[0]) >> 58;
	out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
	/*
	 * out[1] < 2^58 + 2^6 + 2^58 = 2^59 + 2^6
	 */
	out[2] += ((limb) (in[0] >> 64)) >> 52;

	out[2] += ((limb) in[1]) >> 58;
	out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6;
	out[3] += ((limb) (in[1] >> 64)) >> 52;

	out[3] += ((limb) in[2]) >> 58;
	out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6;
	out[4] += ((limb) (in[2] >> 64)) >> 52;

	out[4] += ((limb) in[3]) >> 58;
	out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6;
	out[5] += ((limb) (in[3] >> 64)) >> 52;

	out[5] += ((limb) in[4]) >> 58;
	out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6;
	out[6] += ((limb) (in[4] >> 64)) >> 52;

	out[6] += ((limb) in[5]) >> 58;
	out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6;
	out[7] += ((limb) (in[5] >> 64)) >> 52;

	out[7] += ((limb) in[6]) >> 58;
	out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6;
	out[8] += ((limb) (in[6] >> 64)) >> 52;

	out[8] += ((limb) in[7]) >> 58;
	out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
	/*
	 * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 < 2^59 + 2^13
	 */
	overflow1 = ((limb) (in[7] >> 64)) >> 52;

	overflow1 += ((limb) in[8]) >> 58;
	overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6;
	overflow2 = ((limb) (in[8] >> 64)) >> 52;

	overflow1 <<= 1;	/* overflow1 < 2^13 + 2^7 + 2^59 */
	overflow2 <<= 1;	/* overflow2 < 2^13 */

	out[0] += overflow1;	/* out[0] < 2^60 */
	out[1] += overflow2;	/* out[1] < 2^59 + 2^6 + 2^13 */

	out[1] += out[0] >> 58;
	out[0] &= bottom58bits;
	/*
	 * out[0] < 2^58 out[1] < 2^59 + 2^6 + 2^13 + 2^2 < 2^59 + 2^14
	 */
}

static void 
felem_square_reduce(felem out, const felem in)
{
	largefelem tmp;
	felem_square(tmp, in);
	felem_reduce(out, tmp);
}

static void 
felem_mul_reduce(felem out, const felem in1, const felem in2)
{
	largefelem tmp;
	felem_mul(tmp, in1, in2);
	felem_reduce(out, tmp);
}

/* felem_inv calculates |out| = |in|^{-1}
 *
 * Based on Fermat's Little Theorem:
 *   a^p = a (mod p)
 *   a^{p-1} = 1 (mod p)
 *   a^{p-2} = a^{-1} (mod p)
 */
static void 
felem_inv(felem out, const felem in)
{
	felem ftmp, ftmp2, ftmp3, ftmp4;
	largefelem tmp;
	unsigned i;

	felem_square(tmp, in);
	felem_reduce(ftmp, tmp);/* 2^1 */
	felem_mul(tmp, in, ftmp);
	felem_reduce(ftmp, tmp);/* 2^2 - 2^0 */
	felem_assign(ftmp2, ftmp);
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^3 - 2^1 */
	felem_mul(tmp, in, ftmp);
	felem_reduce(ftmp, tmp);/* 2^3 - 2^0 */
	felem_square(tmp, ftmp);
	felem_reduce(ftmp, tmp);/* 2^4 - 2^1 */

	felem_square(tmp, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^3 - 2^1 */
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp3, tmp);	/* 2^4 - 2^2 */
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^4 - 2^0 */

	felem_assign(ftmp2, ftmp3);
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp3, tmp);	/* 2^5 - 2^1 */
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp3, tmp);	/* 2^6 - 2^2 */
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp3, tmp);	/* 2^7 - 2^3 */
	felem_square(tmp, ftmp3);
	felem_reduce(ftmp3, tmp);	/* 2^8 - 2^4 */
	felem_assign(ftmp4, ftmp3);
	felem_mul(tmp, ftmp3, ftmp);
	felem_reduce(ftmp4, tmp);	/* 2^8 - 2^1 */
	felem_square(tmp, ftmp4);
	felem_reduce(ftmp4, tmp);	/* 2^9 - 2^2 */
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^8 - 2^0 */
	felem_assign(ftmp2, ftmp3);

	for (i = 0; i < 8; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^16 - 2^8 */
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^16 - 2^0 */
	felem_assign(ftmp2, ftmp3);

	for (i = 0; i < 16; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^32 - 2^16 */
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^32 - 2^0 */
	felem_assign(ftmp2, ftmp3);

	for (i = 0; i < 32; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^64 - 2^32 */
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^64 - 2^0 */
	felem_assign(ftmp2, ftmp3);

	for (i = 0; i < 64; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^128 - 2^64 */
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^128 - 2^0 */
	felem_assign(ftmp2, ftmp3);

	for (i = 0; i < 128; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^256 - 2^128 */
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^256 - 2^0 */
	felem_assign(ftmp2, ftmp3);

	for (i = 0; i < 256; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^512 - 2^256 */
	}
	felem_mul(tmp, ftmp3, ftmp2);
	felem_reduce(ftmp3, tmp);	/* 2^512 - 2^0 */

	for (i = 0; i < 9; i++) {
		felem_square(tmp, ftmp3);
		felem_reduce(ftmp3, tmp);	/* 2^521 - 2^9 */
	}
	felem_mul(tmp, ftmp3, ftmp4);
	felem_reduce(ftmp3, tmp);	/* 2^512 - 2^2 */
	felem_mul(tmp, ftmp3, in);
	felem_reduce(out, tmp);	/* 2^512 - 3 */
}

/* This is 2^521-1, expressed as an felem */
static const felem kPrime =
{
	0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
	0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
	0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff
};

/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
 * otherwise.
 * On entry:
 *   in[i] < 2^59 + 2^14
 */
static limb 
felem_is_zero(const felem in)
{
	felem ftmp;
	limb is_zero, is_p;
	felem_assign(ftmp, in);

	ftmp[0] += ftmp[8] >> 57;
	ftmp[8] &= bottom57bits;
	/* ftmp[8] < 2^57 */
	ftmp[1] += ftmp[0] >> 58;
	ftmp[0] &= bottom58bits;
	ftmp[2] += ftmp[1] >> 58;
	ftmp[1] &= bottom58bits;
	ftmp[3] += ftmp[2] >> 58;
	ftmp[2] &= bottom58bits;
	ftmp[4] += ftmp[3] >> 58;
	ftmp[3] &= bottom58bits;
	ftmp[5] += ftmp[4] >> 58;
	ftmp[4] &= bottom58bits;
	ftmp[6] += ftmp[5] >> 58;
	ftmp[5] &= bottom58bits;
	ftmp[7] += ftmp[6] >> 58;
	ftmp[6] &= bottom58bits;
	ftmp[8] += ftmp[7] >> 58;
	ftmp[7] &= bottom58bits;
	/* ftmp[8] < 2^57 + 4 */

	/*
	 * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is
	 * greater than our bound for ftmp[8]. Therefore we only have to
	 * check if the zero is zero or 2^521-1.
	 */

	is_zero = 0;
	is_zero |= ftmp[0];
	is_zero |= ftmp[1];
	is_zero |= ftmp[2];
	is_zero |= ftmp[3];
	is_zero |= ftmp[4];
	is_zero |= ftmp[5];
	is_zero |= ftmp[6];
	is_zero |= ftmp[7];
	is_zero |= ftmp[8];

	is_zero--;
	/*
	 * We know that ftmp[i] < 2^63, therefore the only way that the top
	 * bit can be set is if is_zero was 0 before the decrement.
	 */
	is_zero = ((s64) is_zero) >> 63;

	is_p = ftmp[0] ^ kPrime[0];
	is_p |= ftmp[1] ^ kPrime[1];
	is_p |= ftmp[2] ^ kPrime[2];
	is_p |= ftmp[3] ^ kPrime[3];
	is_p |= ftmp[4] ^ kPrime[4];
	is_p |= ftmp[5] ^ kPrime[5];
	is_p |= ftmp[6] ^ kPrime[6];
	is_p |= ftmp[7] ^ kPrime[7];
	is_p |= ftmp[8] ^ kPrime[8];

	is_p--;
	is_p = ((s64) is_p) >> 63;

	is_zero |= is_p;
	return is_zero;
}

static int 
felem_is_zero_int(const felem in)
{
	return (int) (felem_is_zero(in) & ((limb) 1));
}

/* felem_contract converts |in| to its unique, minimal representation.
 * On entry:
 *   in[i] < 2^59 + 2^14
 */
static void 
felem_contract(felem out, const felem in)
{
	limb is_p, is_greater, sign;
	static const limb two58 = ((limb) 1) << 58;

	felem_assign(out, in);

	out[0] += out[8] >> 57;
	out[8] &= bottom57bits;
	/* out[8] < 2^57 */
	out[1] += out[0] >> 58;
	out[0] &= bottom58bits;
	out[2] += out[1] >> 58;
	out[1] &= bottom58bits;
	out[3] += out[2] >> 58;
	out[2] &= bottom58bits;
	out[4] += out[3] >> 58;
	out[3] &= bottom58bits;
	out[5] += out[4] >> 58;
	out[4] &= bottom58bits;
	out[6] += out[5] >> 58;
	out[5] &= bottom58bits;
	out[7] += out[6] >> 58;
	out[6] &= bottom58bits;
	out[8] += out[7] >> 58;
	out[7] &= bottom58bits;
	/* out[8] < 2^57 + 4 */

	/*
	 * If the value is greater than 2^521-1 then we have to subtract
	 * 2^521-1 out. See the comments in felem_is_zero regarding why we
	 * don't test for other multiples of the prime.
	 */

	/*
	 * First, if |out| is equal to 2^521-1, we subtract it out to get
	 * zero.
	 */

	is_p = out[0] ^ kPrime[0];
	is_p |= out[1] ^ kPrime[1];
	is_p |= out[2] ^ kPrime[2];
	is_p |= out[3] ^ kPrime[3];
	is_p |= out[4] ^ kPrime[4];
	is_p |= out[5] ^ kPrime[5];
	is_p |= out[6] ^ kPrime[6];
	is_p |= out[7] ^ kPrime[7];
	is_p |= out[8] ^ kPrime[8];

	is_p--;
	is_p &= is_p << 32;
	is_p &= is_p << 16;
	is_p &= is_p << 8;
	is_p &= is_p << 4;
	is_p &= is_p << 2;
	is_p &= is_p << 1;
	is_p = ((s64) is_p) >> 63;
	is_p = ~is_p;

	/* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */

	out[0] &= is_p;
	out[1] &= is_p;
	out[2] &= is_p;
	out[3] &= is_p;
	out[4] &= is_p;
	out[5] &= is_p;
	out[6] &= is_p;
	out[7] &= is_p;
	out[8] &= is_p;

	/*
	 * In order to test that |out| >= 2^521-1 we need only test if out[8]
	 * >> 57 is greater than zero as (2^521-1) + x >= 2^522
	 */
	is_greater = out[8] >> 57;
	is_greater |= is_greater << 32;
	is_greater |= is_greater << 16;
	is_greater |= is_greater << 8;
	is_greater |= is_greater << 4;
	is_greater |= is_greater << 2;
	is_greater |= is_greater << 1;
	is_greater = ((s64) is_greater) >> 63;

	out[0] -= kPrime[0] & is_greater;
	out[1] -= kPrime[1] & is_greater;
	out[2] -= kPrime[2] & is_greater;
	out[3] -= kPrime[3] & is_greater;
	out[4] -= kPrime[4] & is_greater;
	out[5] -= kPrime[5] & is_greater;
	out[6] -= kPrime[6] & is_greater;
	out[7] -= kPrime[7] & is_greater;
	out[8] -= kPrime[8] & is_greater;

	/* Eliminate negative coefficients */
	sign = -(out[0] >> 63);
	out[0] += (two58 & sign);
	out[1] -= (1 & sign);
	sign = -(out[1] >> 63);
	out[1] += (two58 & sign);
	out[2] -= (1 & sign);
	sign = -(out[2] >> 63);
	out[2] += (two58 & sign);
	out[3] -= (1 & sign);
	sign = -(out[3] >> 63);
	out[3] += (two58 & sign);
	out[4] -= (1 & sign);
	sign = -(out[4] >> 63);
	out[4] += (two58 & sign);
	out[5] -= (1 & sign);
	sign = -(out[0] >> 63);
	out[5] += (two58 & sign);
	out[6] -= (1 & sign);
	sign = -(out[6] >> 63);
	out[6] += (two58 & sign);
	out[7] -= (1 & sign);
	sign = -(out[7] >> 63);
	out[7] += (two58 & sign);
	out[8] -= (1 & sign);
	sign = -(out[5] >> 63);
	out[5] += (two58 & sign);
	out[6] -= (1 & sign);
	sign = -(out[6] >> 63);
	out[6] += (two58 & sign);
	out[7] -= (1 & sign);
	sign = -(out[7] >> 63);
	out[7] += (two58 & sign);
	out[8] -= (1 & sign);
}

/* Group operations
 * ----------------
 *
 * Building on top of the field operations we have the operations on the
 * elliptic curve group itself. Points on the curve are represented in Jacobian
 * coordinates */

/* point_double calcuates 2*(x_in, y_in, z_in)
 *
 * The method is taken from:
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
 *
 * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
 * while x_out == y_in is not (maybe this works, but it's not tested). */
static void
point_double(felem x_out, felem y_out, felem z_out,
    const felem x_in, const felem y_in, const felem z_in)
{
	largefelem tmp, tmp2;
	felem delta, gamma, beta, alpha, ftmp, ftmp2;

	felem_assign(ftmp, x_in);
	felem_assign(ftmp2, x_in);

	/* delta = z^2 */
	felem_square(tmp, z_in);
	felem_reduce(delta, tmp);	/* delta[i] < 2^59 + 2^14 */

	/* gamma = y^2 */
	felem_square(tmp, y_in);
	felem_reduce(gamma, tmp);	/* gamma[i] < 2^59 + 2^14 */

	/* beta = x*gamma */
	felem_mul(tmp, x_in, gamma);
	felem_reduce(beta, tmp);/* beta[i] < 2^59 + 2^14 */

	/* alpha = 3*(x-delta)*(x+delta) */
	felem_diff64(ftmp, delta);
	/* ftmp[i] < 2^61 */
	felem_sum64(ftmp2, delta);
	/* ftmp2[i] < 2^60 + 2^15 */
	felem_scalar64(ftmp2, 3);
	/* ftmp2[i] < 3*2^60 + 3*2^15 */
	felem_mul(tmp, ftmp, ftmp2);
	/*
	 * tmp[i] < 17(3*2^121 + 3*2^76) = 61*2^121 + 61*2^76 < 64*2^121 +
	 * 64*2^76 = 2^127 + 2^82 < 2^128
	 */
	felem_reduce(alpha, tmp);

	/* x' = alpha^2 - 8*beta */
	felem_square(tmp, alpha);
	/*
	 * tmp[i] < 17*2^120 < 2^125
	 */
	felem_assign(ftmp, beta);
	felem_scalar64(ftmp, 8);
	/* ftmp[i] < 2^62 + 2^17 */
	felem_diff_128_64(tmp, ftmp);
	/* tmp[i] < 2^125 + 2^63 + 2^62 + 2^17 */
	felem_reduce(x_out, tmp);

	/* z' = (y + z)^2 - gamma - delta */
	felem_sum64(delta, gamma);
	/* delta[i] < 2^60 + 2^15 */
	felem_assign(ftmp, y_in);
	felem_sum64(ftmp, z_in);
	/* ftmp[i] < 2^60 + 2^15 */
	felem_square(tmp, ftmp);
	/*
	 * tmp[i] < 17(2^122) < 2^127
	 */
	felem_diff_128_64(tmp, delta);
	/* tmp[i] < 2^127 + 2^63 */
	felem_reduce(z_out, tmp);

	/* y' = alpha*(4*beta - x') - 8*gamma^2 */
	felem_scalar64(beta, 4);
	/* beta[i] < 2^61 + 2^16 */
	felem_diff64(beta, x_out);
	/* beta[i] < 2^61 + 2^60 + 2^16 */
	felem_mul(tmp, alpha, beta);
	/*
	 * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) = 17*(2^120 + 2^75
	 * + 2^119 + 2^74 + 2^75 + 2^30) = 17*(2^120 + 2^119 + 2^76 + 2^74 +
	 * 2^30) < 2^128
	 */
	felem_square(tmp2, gamma);
	/*
	 * tmp2[i] < 17*(2^59 + 2^14)^2 = 17*(2^118 + 2^74 + 2^28)
	 */
	felem_scalar128(tmp2, 8);
	/*
	 * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) = 2^125 + 2^121 + 2^81 + 2^77
	 * + 2^35 + 2^31 < 2^126
	 */
	felem_diff128(tmp, tmp2);
	/*
	 * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) =
	 * 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + 2^74
	 * + 2^69 + 2^34 + 2^30 < 2^128
	 */
	felem_reduce(y_out, tmp);
}

/* copy_conditional copies in to out iff mask is all ones. */
static void
copy_conditional(felem out, const felem in, limb mask)
{
	unsigned i;
	for (i = 0; i < NLIMBS; ++i) {
		const limb tmp = mask & (in[i] ^ out[i]);
		out[i] ^= tmp;
	}
}

/* point_add calcuates (x1, y1, z1) + (x2, y2, z2)
 *
 * The method is taken from
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
 * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
 *
 * This function includes a branch for checking whether the two input points
 * are equal (while not equal to the point at infinity). This case never
 * happens during single point multiplication, so there is no timing leak for
 * ECDH or ECDSA signing. */
static void 
point_add(felem x3, felem y3, felem z3,
    const felem x1, const felem y1, const felem z1,
    const int mixed, const felem x2, const felem y2, const felem z2)
{
	felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
	largefelem tmp, tmp2;
	limb x_equal, y_equal, z1_is_zero, z2_is_zero;

	z1_is_zero = felem_is_zero(z1);
	z2_is_zero = felem_is_zero(z2);

	/* ftmp = z1z1 = z1**2 */
	felem_square(tmp, z1);
	felem_reduce(ftmp, tmp);

	if (!mixed) {
		/* ftmp2 = z2z2 = z2**2 */
		felem_square(tmp, z2);
		felem_reduce(ftmp2, tmp);

		/* u1 = ftmp3 = x1*z2z2 */
		felem_mul(tmp, x1, ftmp2);
		felem_reduce(ftmp3, tmp);

		/* ftmp5 = z1 + z2 */
		felem_assign(ftmp5, z1);
		felem_sum64(ftmp5, z2);
		/* ftmp5[i] < 2^61 */

		/* ftmp5 = (z1 + z2)**2 - z1z1 - z2z2 = 2*z1z2 */
		felem_square(tmp, ftmp5);
		/* tmp[i] < 17*2^122 */
		felem_diff_128_64(tmp, ftmp);
		/* tmp[i] < 17*2^122 + 2^63 */
		felem_diff_128_64(tmp, ftmp2);
		/* tmp[i] < 17*2^122 + 2^64 */
		felem_reduce(ftmp5, tmp);

		/* ftmp2 = z2 * z2z2 */
		felem_mul(tmp, ftmp2, z2);
		felem_reduce(ftmp2, tmp);

		/* s1 = ftmp6 = y1 * z2**3 */
		felem_mul(tmp, y1, ftmp2);
		felem_reduce(ftmp6, tmp);
	} else {
		/* We'll assume z2 = 1 (special case z2 = 0 is handled later) */

		/* u1 = ftmp3 = x1*z2z2 */
		felem_assign(ftmp3, x1);

		/* ftmp5 = 2*z1z2 */
		felem_scalar(ftmp5, z1, 2);

		/* s1 = ftmp6 = y1 * z2**3 */
		felem_assign(ftmp6, y1);
	}

	/* u2 = x2*z1z1 */
	felem_mul(tmp, x2, ftmp);
	/* tmp[i] < 17*2^120 */

	/* h = ftmp4 = u2 - u1 */
	felem_diff_128_64(tmp, ftmp3);
	/* tmp[i] < 17*2^120 + 2^63 */
	felem_reduce(ftmp4, tmp);

	x_equal = felem_is_zero(ftmp4);

	/* z_out = ftmp5 * h */
	felem_mul(tmp, ftmp5, ftmp4);
	felem_reduce(z_out, tmp);

	/* ftmp = z1 * z1z1 */
	felem_mul(tmp, ftmp, z1);
	felem_reduce(ftmp, tmp);

	/* s2 = tmp = y2 * z1**3 */
	felem_mul(tmp, y2, ftmp);
	/* tmp[i] < 17*2^120 */

	/* r = ftmp5 = (s2 - s1)*2 */
	felem_diff_128_64(tmp, ftmp6);
	/* tmp[i] < 17*2^120 + 2^63 */
	felem_reduce(ftmp5, tmp);
	y_equal = felem_is_zero(ftmp5);
	felem_scalar64(ftmp5, 2);
	/* ftmp5[i] < 2^61 */

	if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
		point_double(x3, y3, z3, x1, y1, z1);
		return;
	}
	/* I = ftmp = (2h)**2 */
	felem_assign(ftmp, ftmp4);
	felem_scalar64(ftmp, 2);
	/* ftmp[i] < 2^61 */
	felem_square(tmp, ftmp);
	/* tmp[i] < 17*2^122 */
	felem_reduce(ftmp, tmp);

	/* J = ftmp2 = h * I */
	felem_mul(tmp, ftmp4, ftmp);
	felem_reduce(ftmp2, tmp);

	/* V = ftmp4 = U1 * I */
	felem_mul(tmp, ftmp3, ftmp);
	felem_reduce(ftmp4, tmp);

	/* x_out = r**2 - J - 2V */
	felem_square(tmp, ftmp5);
	/* tmp[i] < 17*2^122 */
	felem_diff_128_64(tmp, ftmp2);
	/* tmp[i] < 17*2^122 + 2^63 */
	felem_assign(ftmp3, ftmp4);
	felem_scalar64(ftmp4, 2);
	/* ftmp4[i] < 2^61 */
	felem_diff_128_64(tmp, ftmp4);
	/* tmp[i] < 17*2^122 + 2^64 */
	felem_reduce(x_out, tmp);

	/* y_out = r(V-x_out) - 2 * s1 * J */
	felem_diff64(ftmp3, x_out);
	/*
	 * ftmp3[i] < 2^60 + 2^60 = 2^61
	 */
	felem_mul(tmp, ftmp5, ftmp3);
	/* tmp[i] < 17*2^122 */
	felem_mul(tmp2, ftmp6, ftmp2);
	/* tmp2[i] < 17*2^120 */
	felem_scalar128(tmp2, 2);
	/* tmp2[i] < 17*2^121 */
	felem_diff128(tmp, tmp2);
	/*
	 * tmp[i] < 2^127 - 2^69 + 17*2^122 = 2^126 - 2^122 - 2^6 - 2^2 - 1 <
	 * 2^127
	 */
	felem_reduce(y_out, tmp);

	copy_conditional(x_out, x2, z1_is_zero);
	copy_conditional(x_out, x1, z2_is_zero);
	copy_conditional(y_out, y2, z1_is_zero);
	copy_conditional(y_out, y1, z2_is_zero);
	copy_conditional(z_out, z2, z1_is_zero);
	copy_conditional(z_out, z1, z2_is_zero);
	felem_assign(x3, x_out);
	felem_assign(y3, y_out);
	felem_assign(z3, z_out);
}

/* Base point pre computation
 * --------------------------
 *
 * Two different sorts of precomputed tables are used in the following code.
 * Each contain various points on the curve, where each point is three field
 * elements (x, y, z).
 *
 * For the base point table, z is usually 1 (0 for the point at infinity).
 * This table has 16 elements:
 * index | bits    | point
 * ------+---------+------------------------------
 *     0 | 0 0 0 0 | 0G
 *     1 | 0 0 0 1 | 1G
 *     2 | 0 0 1 0 | 2^130G
 *     3 | 0 0 1 1 | (2^130 + 1)G
 *     4 | 0 1 0 0 | 2^260G
 *     5 | 0 1 0 1 | (2^260 + 1)G
 *     6 | 0 1 1 0 | (2^260 + 2^130)G
 *     7 | 0 1 1 1 | (2^260 + 2^130 + 1)G
 *     8 | 1 0 0 0 | 2^390G
 *     9 | 1 0 0 1 | (2^390 + 1)G
 *    10 | 1 0 1 0 | (2^390 + 2^130)G
 *    11 | 1 0 1 1 | (2^390 + 2^130 + 1)G
 *    12 | 1 1 0 0 | (2^390 + 2^260)G
 *    13 | 1 1 0 1 | (2^390 + 2^260 + 1)G
 *    14 | 1 1 1 0 | (2^390 + 2^260 + 2^130)G
 *    15 | 1 1 1 1 | (2^390 + 2^260 + 2^130 + 1)G
 *
 * The reason for this is so that we can clock bits into four different
 * locations when doing simple scalar multiplies against the base point.
 *
 * Tables for other points have table[i] = iG for i in 0 .. 16. */

/* gmul is the table of precomputed base points */
static const felem gmul[16][3] =
{{{0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334,
		0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8,
0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404},
{0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353,
	0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45,
0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad,
		0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e,
0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5},
{0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58,
	0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c,
0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873,
		0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c,
0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9},
{0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52,
	0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e,
0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2,
		0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561,
0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065},
{0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a,
	0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e,
0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6,
		0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51,
0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe},
{0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d,
	0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c,
0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27,
		0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f,
0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256},
{0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa,
	0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2,
0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890,
		0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74,
0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23},
{0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516,
	0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1,
0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce,
		0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7,
0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5},
{0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318,
	0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83,
0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae,
		0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef,
0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203},
{0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447,
	0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283,
0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5,
		0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c,
0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a},
{0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df,
	0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645,
0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292,
		0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422,
0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b},
{0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30,
	0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb,
0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767,
		0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3,
0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf},
{0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2,
	0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692,
0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3,
		0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade,
0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684},
{0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8,
	0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a,
0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608,
		0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610,
0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d},
{0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006,
	0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86,
0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42},
{1, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c,
		0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9,
0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f},
{0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7,
	0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c,
0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055},
{1, 0, 0, 0, 0, 0, 0, 0, 0}}};

/* select_point selects the |idx|th point from a precomputation table and
 * copies it to out. */
static void 
select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */ ][3],
    felem out[3])
{
	unsigned i, j;
	limb *outlimbs = &out[0][0];
	memset(outlimbs, 0, 3 * sizeof(felem));

	for (i = 0; i < size; i++) {
		const limb *inlimbs = &pre_comp[i][0][0];
		limb mask = i ^ idx;
		mask |= mask >> 4;
		mask |= mask >> 2;
		mask |= mask >> 1;
		mask &= 1;
		mask--;
		for (j = 0; j < NLIMBS * 3; j++)
			outlimbs[j] |= inlimbs[j] & mask;
	}
}

/* get_bit returns the |i|th bit in |in| */
static char 
get_bit(const felem_bytearray in, int i)
{
	if (i < 0)
		return 0;
	return (in[i >> 3] >> (i & 7)) & 1;
}

/* Interleaved point multiplication using precomputed point multiples:
 * The small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[],
 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
 * of the generator, using certain (large) precomputed multiples in g_pre_comp.
 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */
static void 
batch_mul(felem x_out, felem y_out, felem z_out,
    const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
    const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[16][3])
{
	int i, skip;
	unsigned num, gen_mul = (g_scalar != NULL);
	felem nq[3], tmp[4];
	limb bits;
	u8 sign, digit;

	/* set nq to the point at infinity */
	memset(nq, 0, 3 * sizeof(felem));

	/*
	 * Loop over all scalars msb-to-lsb, interleaving additions of
	 * multiples of the generator (last quarter of rounds) and additions
	 * of other points multiples (every 5th round).
	 */
	skip = 1;		/* save two point operations in the first
				 * round */
	for (i = (num_points ? 520 : 130); i >= 0; --i) {
		/* double */
		if (!skip)
			point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);

		/* add multiples of the generator */
		if (gen_mul && (i <= 130)) {
			bits = get_bit(g_scalar, i + 390) << 3;
			if (i < 130) {
				bits |= get_bit(g_scalar, i + 260) << 2;
				bits |= get_bit(g_scalar, i + 130) << 1;
				bits |= get_bit(g_scalar, i);
			}
			/* select the point to add, in constant time */
			select_point(bits, 16, g_pre_comp, tmp);
			if (!skip) {
				point_add(nq[0], nq[1], nq[2],
				    nq[0], nq[1], nq[2],
				    1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
			} else {
				memcpy(nq, tmp, 3 * sizeof(felem));
				skip = 0;
			}
		}
		/* do other additions every 5 doublings */
		if (num_points && (i % 5 == 0)) {
			/* loop over all scalars */
			for (num = 0; num < num_points; ++num) {
				bits = get_bit(scalars[num], i + 4) << 5;
				bits |= get_bit(scalars[num], i + 3) << 4;
				bits |= get_bit(scalars[num], i + 2) << 3;
				bits |= get_bit(scalars[num], i + 1) << 2;
				bits |= get_bit(scalars[num], i) << 1;
				bits |= get_bit(scalars[num], i - 1);
				ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);

				/*
				 * select the point to add or subtract, in
				 * constant time
				 */
				select_point(digit, 17, pre_comp[num], tmp);
				felem_neg(tmp[3], tmp[1]);	/* (X, -Y, Z) is the
								 * negative point */
				copy_conditional(tmp[1], tmp[3], (-(limb) sign));

				if (!skip) {
					point_add(nq[0], nq[1], nq[2],
					    nq[0], nq[1], nq[2],
					    mixed, tmp[0], tmp[1], tmp[2]);
				} else {
					memcpy(nq, tmp, 3 * sizeof(felem));
					skip = 0;
				}
			}
		}
	}
	felem_assign(x_out, nq[0]);
	felem_assign(y_out, nq[1]);
	felem_assign(z_out, nq[2]);
}


/* Precomputation for the group generator. */
typedef struct {
	felem g_pre_comp[16][3];
	int references;
} NISTP521_PRE_COMP;

const EC_METHOD *
EC_GFp_nistp521_method(void)
{
	static const EC_METHOD ret = {
		.flags = EC_FLAGS_DEFAULT_OCT,
		.field_type = NID_X9_62_prime_field,
		.group_init = ec_GFp_nistp521_group_init,
		.group_finish = ec_GFp_simple_group_finish,
		.group_clear_finish = ec_GFp_simple_group_clear_finish,
		.group_copy = ec_GFp_nist_group_copy,
		.group_set_curve = ec_GFp_nistp521_group_set_curve,
		.group_get_curve = ec_GFp_simple_group_get_curve,
		.group_get_degree = ec_GFp_simple_group_get_degree,
		.group_check_discriminant =
		ec_GFp_simple_group_check_discriminant,
		.point_init = ec_GFp_simple_point_init,
		.point_finish = ec_GFp_simple_point_finish,
		.point_clear_finish = ec_GFp_simple_point_clear_finish,
		.point_copy = ec_GFp_simple_point_copy,
		.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
		.point_set_Jprojective_coordinates_GFp =
		ec_GFp_simple_set_Jprojective_coordinates_GFp,
		.point_get_Jprojective_coordinates_GFp =
		ec_GFp_simple_get_Jprojective_coordinates_GFp,
		.point_set_affine_coordinates =
		ec_GFp_simple_point_set_affine_coordinates,
		.point_get_affine_coordinates =
		ec_GFp_nistp521_point_get_affine_coordinates,
		.add = ec_GFp_simple_add,
		.dbl = ec_GFp_simple_dbl,
		.invert = ec_GFp_simple_invert,
		.is_at_infinity = ec_GFp_simple_is_at_infinity,
		.is_on_curve = ec_GFp_simple_is_on_curve,
		.point_cmp = ec_GFp_simple_cmp,
		.make_affine = ec_GFp_simple_make_affine,
		.points_make_affine = ec_GFp_simple_points_make_affine,
		.mul = ec_GFp_nistp521_points_mul,
		.precompute_mult = ec_GFp_nistp521_precompute_mult,
		.have_precompute_mult = ec_GFp_nistp521_have_precompute_mult,
		.field_mul = ec_GFp_nist_field_mul,
		.field_sqr = ec_GFp_nist_field_sqr
	};

	return &ret;
}


/******************************************************************************/
/*		       FUNCTIONS TO MANAGE PRECOMPUTATION
 */

static NISTP521_PRE_COMP *
nistp521_pre_comp_new()
{
	NISTP521_PRE_COMP *ret = NULL;
	ret = malloc(sizeof(NISTP521_PRE_COMP));
	if (!ret) {
		ECerror(ERR_R_MALLOC_FAILURE);
		return ret;
	}
	memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
	ret->references = 1;
	return ret;
}

static void *
nistp521_pre_comp_dup(void *src_)
{
	NISTP521_PRE_COMP *src = src_;

	/* no need to actually copy, these objects never change! */
	CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);

	return src_;
}

static void 
nistp521_pre_comp_free(void *pre_)
{
	int i;
	NISTP521_PRE_COMP *pre = pre_;

	if (!pre)
		return;

	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
	if (i > 0)
		return;

	free(pre);
}

static void 
nistp521_pre_comp_clear_free(void *pre_)
{
	int i;
	NISTP521_PRE_COMP *pre = pre_;

	if (!pre)
		return;

	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
	if (i > 0)
		return;

	explicit_bzero(pre, sizeof(*pre));
	free(pre);
}

/******************************************************************************/
/*			   OPENSSL EC_METHOD FUNCTIONS
 */

int 
ec_GFp_nistp521_group_init(EC_GROUP * group)
{
	int ret;
	ret = ec_GFp_simple_group_init(group);
	group->a_is_minus3 = 1;
	return ret;
}

int 
ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
    const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
	int ret = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *curve_p, *curve_a, *curve_b;

	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
	    ((curve_a = BN_CTX_get(ctx)) == NULL) ||
	    ((curve_b = BN_CTX_get(ctx)) == NULL))
		goto err;
	BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p);
	BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a);
	BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b);
	if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
	    (BN_cmp(curve_b, b))) {
		ECerror(EC_R_WRONG_CURVE_PARAMETERS);
		goto err;
	}
	group->field_mod_func = BN_nist_mod_521;
	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}

/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
 * (X', Y') = (X/Z^2, Y/Z^3) */
int 
ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
    const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
	felem z1, z2, x_in, y_in, x_out, y_out;
	largefelem tmp;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerror(EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
	    (!BN_to_felem(z1, &point->Z)))
		return 0;
	felem_inv(z2, z1);
	felem_square(tmp, z2);
	felem_reduce(z1, tmp);
	felem_mul(tmp, x_in, z1);
	felem_reduce(x_in, tmp);
	felem_contract(x_out, x_in);
	if (x != NULL) {
		if (!felem_to_BN(x, x_out)) {
			ECerror(ERR_R_BN_LIB);
			return 0;
		}
	}
	felem_mul(tmp, z1, z2);
	felem_reduce(z1, tmp);
	felem_mul(tmp, y_in, z1);
	felem_reduce(y_in, tmp);
	felem_contract(y_out, y_in);
	if (y != NULL) {
		if (!felem_to_BN(y, y_out)) {
			ECerror(ERR_R_BN_LIB);
			return 0;
		}
	}
	return 1;
}

static void 
make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /* num+1 */ ])
{
	/*
	 * Runs in constant time, unless an input is the point at infinity
	 * (which normally shouldn't happen).
	 */
	ec_GFp_nistp_points_make_affine_internal(
	    num,
	    points,
	    sizeof(felem),
	    tmp_felems,
	    (void (*) (void *)) felem_one,
	    (int (*) (const void *)) felem_is_zero_int,
	    (void (*) (void *, const void *)) felem_assign,
	    (void (*) (void *, const void *)) felem_square_reduce,
	    (void (*) (void *, const void *, const void *)) felem_mul_reduce,
	    (void (*) (void *, const void *)) felem_inv,
	    (void (*) (void *, const void *)) felem_contract);
}

/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values
 * Result is stored in r (r can equal one of the inputs). */
int 
ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
    const BIGNUM * scalar, size_t num, const EC_POINT * points[],
    const BIGNUM * scalars[], BN_CTX * ctx)
{
	int ret = 0;
	int j;
	int mixed = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y, *z, *tmp_scalar;
	felem_bytearray g_secret;
	felem_bytearray *secrets = NULL;
	felem(*pre_comp)[17][3] = NULL;
	felem *tmp_felems = NULL;
	felem_bytearray tmp;
	unsigned i, num_bytes;
	int have_pre_comp = 0;
	size_t num_points = num;
	felem x_in, y_in, z_in, x_out, y_out, z_out;
	NISTP521_PRE_COMP *pre = NULL;
	felem(*g_pre_comp)[3] = NULL;
	EC_POINT *generator = NULL;
	const EC_POINT *p = NULL;
	const BIGNUM *p_scalar = NULL;

	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((x = BN_CTX_get(ctx)) == NULL) ||
	    ((y = BN_CTX_get(ctx)) == NULL) ||
	    ((z = BN_CTX_get(ctx)) == NULL) ||
	    ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
		goto err;

	if (scalar != NULL) {
		pre = EC_EX_DATA_get_data(group->extra_data,
		    nistp521_pre_comp_dup, nistp521_pre_comp_free,
		    nistp521_pre_comp_clear_free);
		if (pre)
			/* we have precomputation, try to use it */
			g_pre_comp = &pre->g_pre_comp[0];
		else
			/* try to use the standard precomputation */
			g_pre_comp = (felem(*)[3]) gmul;
		generator = EC_POINT_new(group);
		if (generator == NULL)
			goto err;
		/* get the generator from precomputation */
		if (!felem_to_BN(x, g_pre_comp[1][0]) ||
		    !felem_to_BN(y, g_pre_comp[1][1]) ||
		    !felem_to_BN(z, g_pre_comp[1][2])) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
		if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
			generator, x, y, z, ctx))
			goto err;
		if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
			/* precomputation matches generator */
			have_pre_comp = 1;
		else
			/*
			 * we don't have valid precomputation: treat the
			 * generator as a random point
			 */
			num_points++;
	}
	if (num_points > 0) {
		if (num_points >= 2) {
			/*
			 * unless we precompute multiples for just one point,
			 * converting those into affine form is time well
			 * spent
			 */
			mixed = 1;
		}
		secrets = calloc(num_points, sizeof(felem_bytearray));
		pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
		if (mixed) {
			/* XXX should do more int overflow checking */
			tmp_felems = reallocarray(NULL,
			    (num_points * 17 + 1), sizeof(felem));
		}
		if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		/*
		 * we treat NULL scalars as 0, and NULL points as points at
		 * infinity, i.e., they contribute nothing to the linear
		 * combination
		 */
		for (i = 0; i < num_points; ++i) {
			if (i == num)
				/*
				 * we didn't have a valid precomputation, so
				 * we pick the generator
				 */
			{
				p = EC_GROUP_get0_generator(group);
				p_scalar = scalar;
			} else
				/* the i^th point */
			{
				p = points[i];
				p_scalar = scalars[i];
			}
			if ((p_scalar != NULL) && (p != NULL)) {
				/* reduce scalar to 0 <= scalar < 2^521 */
				if ((BN_num_bits(p_scalar) > 521) || (BN_is_negative(p_scalar))) {
					/*
					 * this is an unusual input, and we
					 * don't guarantee constant-timeness
					 */
					if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
						ECerror(ERR_R_BN_LIB);
						goto err;
					}
					num_bytes = BN_bn2bin(tmp_scalar, tmp);
				} else
					num_bytes = BN_bn2bin(p_scalar, tmp);
				flip_endian(secrets[i], tmp, num_bytes);
				/* precompute multiples */
				if ((!BN_to_felem(x_out, &p->X)) ||
				    (!BN_to_felem(y_out, &p->Y)) ||
				    (!BN_to_felem(z_out, &p->Z)))
					goto err;
				memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
				memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
				memcpy(pre_comp[i][1][2], z_out, sizeof(felem));
				for (j = 2; j <= 16; ++j) {
					if (j & 1) {
						point_add(
						    pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2],
						    pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2],
						    0, pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], pre_comp[i][j - 1][2]);
					} else {
						point_double(
						    pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2],
						    pre_comp[i][j / 2][0], pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]);
					}
				}
			}
		}
		if (mixed)
			make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
	}
	/* the scalar for the generator */
	if ((scalar != NULL) && (have_pre_comp)) {
		memset(g_secret, 0, sizeof(g_secret));
		/* reduce scalar to 0 <= scalar < 2^521 */
		if ((BN_num_bits(scalar) > 521) || (BN_is_negative(scalar))) {
			/*
			 * this is an unusual input, and we don't guarantee
			 * constant-timeness
			 */
			if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
				ECerror(ERR_R_BN_LIB);
				goto err;
			}
			num_bytes = BN_bn2bin(tmp_scalar, tmp);
		} else
			num_bytes = BN_bn2bin(scalar, tmp);
		flip_endian(g_secret, tmp, num_bytes);
		/* do the multiplication with generator precomputation */
		batch_mul(x_out, y_out, z_out,
		    (const felem_bytearray(*)) secrets, num_points,
		    g_secret,
		    mixed, (const felem(*)[17][3]) pre_comp,
		    (const felem(*)[3]) g_pre_comp);
	} else
		/* do the multiplication without generator precomputation */
		batch_mul(x_out, y_out, z_out,
		    (const felem_bytearray(*)) secrets, num_points,
		    NULL, mixed, (const felem(*)[17][3]) pre_comp, NULL);
	/* reduce the output to its unique minimal representation */
	felem_contract(x_in, x_out);
	felem_contract(y_in, y_out);
	felem_contract(z_in, z_out);
	if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
	    (!felem_to_BN(z, z_in))) {
		ECerror(ERR_R_BN_LIB);
		goto err;
	}
	ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);

err:
	BN_CTX_end(ctx);
	EC_POINT_free(generator);
	BN_CTX_free(new_ctx);
	free(secrets);
	free(pre_comp);
	free(tmp_felems);
	return ret;
}

int 
ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
{
	int ret = 0;
	NISTP521_PRE_COMP *pre = NULL;
	int i, j;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y;
	EC_POINT *generator = NULL;
	felem tmp_felems[16];

	/* throw away old precomputation */
	EC_EX_DATA_free_data(&group->extra_data, nistp521_pre_comp_dup,
	    nistp521_pre_comp_free, nistp521_pre_comp_clear_free);
	if (ctx == NULL)
		if ((ctx = new_ctx = BN_CTX_new()) == NULL)
			return 0;
	BN_CTX_start(ctx);
	if (((x = BN_CTX_get(ctx)) == NULL) ||
	    ((y = BN_CTX_get(ctx)) == NULL))
		goto err;
	/* get the generator */
	if (group->generator == NULL)
		goto err;
	generator = EC_POINT_new(group);
	if (generator == NULL)
		goto err;
	BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
	BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
	if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
		goto err;
	if ((pre = nistp521_pre_comp_new()) == NULL)
		goto err;
	/* if the generator is the standard one, use built-in precomputation */
	if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
		memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
		ret = 1;
		goto err;
	}
	if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) ||
	    (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) ||
	    (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z)))
		goto err;
	/* compute 2^130*G, 2^260*G, 2^390*G */
	for (i = 1; i <= 4; i <<= 1) {
		point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1],
		    pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0],
		    pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]);
		for (j = 0; j < 129; ++j) {
			point_double(pre->g_pre_comp[2 * i][0],
			    pre->g_pre_comp[2 * i][1],
			    pre->g_pre_comp[2 * i][2],
			    pre->g_pre_comp[2 * i][0],
			    pre->g_pre_comp[2 * i][1],
			    pre->g_pre_comp[2 * i][2]);
		}
	}
	/* g_pre_comp[0] is the point at infinity */
	memset(pre->g_pre_comp[0], 0, sizeof(pre->g_pre_comp[0]));
	/* the remaining multiples */
	/* 2^130*G + 2^260*G */
	point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1],
	    pre->g_pre_comp[6][2], pre->g_pre_comp[4][0],
	    pre->g_pre_comp[4][1], pre->g_pre_comp[4][2],
	    0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
	    pre->g_pre_comp[2][2]);
	/* 2^130*G + 2^390*G */
	point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1],
	    pre->g_pre_comp[10][2], pre->g_pre_comp[8][0],
	    pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
	    0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
	    pre->g_pre_comp[2][2]);
	/* 2^260*G + 2^390*G */
	point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1],
	    pre->g_pre_comp[12][2], pre->g_pre_comp[8][0],
	    pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
	    0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1],
	    pre->g_pre_comp[4][2]);
	/* 2^130*G + 2^260*G + 2^390*G */
	point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1],
	    pre->g_pre_comp[14][2], pre->g_pre_comp[12][0],
	    pre->g_pre_comp[12][1], pre->g_pre_comp[12][2],
	    0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
	    pre->g_pre_comp[2][2]);
	for (i = 1; i < 8; ++i) {
		/* odd multiples: add G */
		point_add(pre->g_pre_comp[2 * i + 1][0], pre->g_pre_comp[2 * i + 1][1],
		    pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0],
		    pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2],
		    0, pre->g_pre_comp[1][0], pre->g_pre_comp[1][1],
		    pre->g_pre_comp[1][2]);
	}
	make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);

	if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp521_pre_comp_dup,
		nistp521_pre_comp_free, nistp521_pre_comp_clear_free))
		goto err;
	ret = 1;
	pre = NULL;
err:
	BN_CTX_end(ctx);
	EC_POINT_free(generator);
	BN_CTX_free(new_ctx);
	nistp521_pre_comp_free(pre);
	return ret;
}

int 
ec_GFp_nistp521_have_precompute_mult(const EC_GROUP * group)
{
	if (EC_EX_DATA_get_data(group->extra_data, nistp521_pre_comp_dup,
		nistp521_pre_comp_free, nistp521_pre_comp_clear_free)
	    != NULL)
		return 1;
	else
		return 0;
}

#endif
Added jni/libressl/crypto/ec/ecp_nistputil.c.


































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
/* $OpenBSD: ecp_nistputil.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */
/*
 * Written by Bodo Moeller for the OpenSSL project.
 */
/*
 * Copyright (c) 2011 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <stddef.h>

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128

/*
 * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c.
 */

#include "ec_lcl.h"

/* Convert an array of points into affine coordinates.
 * (If the point at infinity is found (Z = 0), it remains unchanged.)
 * This function is essentially an equivalent to EC_POINTs_make_affine(), but
 * works with the internal representation of points as used by ecp_nistp###.c
 * rather than with (BIGNUM-based) EC_POINT data structures.
 *
 * point_array is the input/output buffer ('num' points in projective form,
 * i.e. three coordinates each), based on an internal representation of
 * field elements of size 'felem_size'.
 *
 * tmp_felems needs to point to a temporary array of 'num'+1 field elements
 * for storage of intermediate values.
 */
void 
ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
    size_t felem_size, void *tmp_felems,
    void (*felem_one) (void *out),
    int (*felem_is_zero) (const void *in),
    void (*felem_assign) (void *out, const void *in),
    void (*felem_square) (void *out, const void *in),
    void (*felem_mul) (void *out, const void *in1, const void *in2),
    void (*felem_inv) (void *out, const void *in),
    void (*felem_contract) (void *out, const void *in))
{
	int i = 0;

#define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size])
#define X(I) (&((char *)point_array)[3*(I) * felem_size])
#define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size])
#define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size])

	if (!felem_is_zero(Z(0)))
		felem_assign(tmp_felem(0), Z(0));
	else
		felem_one(tmp_felem(0));
	for (i = 1; i < (int) num; i++) {
		if (!felem_is_zero(Z(i)))
			felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i));
		else
			felem_assign(tmp_felem(i), tmp_felem(i - 1));
	}
	/*
	 * Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any
	 * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i)
	 * = 1
	 */

	felem_inv(tmp_felem(num - 1), tmp_felem(num - 1));
	for (i = num - 1; i >= 0; i--) {
		if (i > 0)
			/*
			 * tmp_felem(i-1) is the product of Z(0) .. Z(i-1),
			 * tmp_felem(i) is the inverse of the product of Z(0)
			 * .. Z(i)
			 */
			felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i));	/* 1/Z(i) */
		else
			felem_assign(tmp_felem(num), tmp_felem(0));	/* 1/Z(0) */

		if (!felem_is_zero(Z(i))) {
			if (i > 0)
				/*
				 * For next iteration, replace tmp_felem(i-1)
				 * by its inverse
				 */
				felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i));

			/*
			 * Convert point (X, Y, Z) into affine form (X/(Z^2),
			 * Y/(Z^3), 1)
			 */
			felem_square(Z(i), tmp_felem(num));	/* 1/(Z^2) */
			felem_mul(X(i), X(i), Z(i));	/* X/(Z^2) */
			felem_mul(Z(i), Z(i), tmp_felem(num));	/* 1/(Z^3) */
			felem_mul(Y(i), Y(i), Z(i));	/* Y/(Z^3) */
			felem_contract(X(i), X(i));
			felem_contract(Y(i), Y(i));
			felem_one(Z(i));
		} else {
			if (i > 0)
				/*
				 * For next iteration, replace tmp_felem(i-1)
				 * by its inverse
				 */
				felem_assign(tmp_felem(i - 1), tmp_felem(i));
		}
	}
}

/*
 * This function looks at 5+1 scalar bits (5 current, 1 adjacent less
 * significant bit), and recodes them into a signed digit for use in fast point
 * multiplication: the use of signed rather than unsigned digits means that
 * fewer points need to be precomputed, given that point inversion is easy
 * (a precomputed point dP makes -dP available as well).
 *
 * BACKGROUND:
 *
 * Signed digits for multiplication were introduced by Booth ("A signed binary
 * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV,
 * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers.
 * Booth's original encoding did not generally improve the density of nonzero
 * digits over the binary representation, and was merely meant to simplify the
 * handling of signed factors given in two's complement; but it has since been
 * shown to be the basis of various signed-digit representations that do have
 * further advantages, including the wNAF, using the following general approach:
 *
 * (1) Given a binary representation
 *
 *       b_k  ...  b_2  b_1  b_0,
 *
 *     of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1
 *     by using bit-wise subtraction as follows:
 *
 *        b_k b_(k-1)  ...  b_2  b_1  b_0
 *      -     b_k      ...  b_3  b_2  b_1  b_0
 *       -------------------------------------
 *        s_k b_(k-1)  ...  s_3  s_2  s_1  s_0
 *
 *     A left-shift followed by subtraction of the original value yields a new
 *     representation of the same value, using signed bits s_i = b_(i+1) - b_i.
 *     This representation from Booth's paper has since appeared in the
 *     literature under a variety of different names including "reversed binary
 *     form", "alternating greedy expansion", "mutual opposite form", and
 *     "sign-alternating {+-1}-representation".
 *
 *     An interesting property is that among the nonzero bits, values 1 and -1
 *     strictly alternate.
 *
 * (2) Various window schemes can be applied to the Booth representation of
 *     integers: for example, right-to-left sliding windows yield the wNAF
 *     (a signed-digit encoding independently discovered by various researchers
 *     in the 1990s), and left-to-right sliding windows yield a left-to-right
 *     equivalent of the wNAF (independently discovered by various researchers
 *     around 2004).
 *
 * To prevent leaking information through side channels in point multiplication,
 * we need to recode the given integer into a regular pattern: sliding windows
 * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few
 * decades older: we'll be using the so-called "modified Booth encoding" due to
 * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49
 * (1961), pp. 67-91), in a radix-2^5 setting.  That is, we always combine five
 * signed bits into a signed digit:
 *
 *       s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j)
 *
 * The sign-alternating property implies that the resulting digit values are
 * integers from -16 to 16.
 *
 * Of course, we don't actually need to compute the signed digits s_i as an
 * intermediate step (that's just a nice way to see how this scheme relates
 * to the wNAF): a direct computation obtains the recoded digit from the
 * six bits b_(4j + 4) ... b_(4j - 1).
 *
 * This function takes those five bits as an integer (0 .. 63), writing the
 * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute
 * value, in the range 0 .. 8).  Note that this integer essentially provides the
 * input bits "shifted to the left" by one position: for example, the input to
 * compute the least significant recoded digit, given that there's no bit b_-1,
 * has to be b_4 b_3 b_2 b_1 b_0 0.
 *
 */
void 
ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in)
{
	unsigned char s, d;

	s = ~((in >> 5) - 1);	/* sets all bits to MSB(in), 'in' seen as
				 * 6-bit value */
	d = (1 << 6) - in - 1;
	d = (d & s) | (in & ~s);
	d = (d >> 1) + (d & 1);

	*sign = s & 1;
	*digit = d;
}
#endif
Changes to jni/libressl/crypto/ec/ecp_oct.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_oct.c,v 1.6 2015/02/08 22:25:03 miod Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_oct.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
	}

	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
		unsigned long err = ERR_peek_last_error();

		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
			ERR_clear_error();
			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
		} else
			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
		goto err;
	}
	if (y_bit != BN_is_odd(y)) {
		if (BN_is_zero(y)) {
			int kron;

			kron = BN_kronecker(x, &group->field, ctx);
			if (kron == -2)
				goto err;

			if (kron == 1)
				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
			else
				/*
				 * BN_mod_sqrt() should have cought this
				 * error (not a square)
				 */
				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
			goto err;
		}
		if (!BN_usub(y, &group->field, y))
			goto err;
	}
	if (y_bit != BN_is_odd(y)) {
		ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
		goto err;

	ret = 1;








|

|











|





|






|







151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
	}

	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
		unsigned long err = ERR_peek_last_error();

		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
			ERR_clear_error();
			ECerror(EC_R_INVALID_COMPRESSED_POINT);
		} else
			ECerror(ERR_R_BN_LIB);
		goto err;
	}
	if (y_bit != BN_is_odd(y)) {
		if (BN_is_zero(y)) {
			int kron;

			kron = BN_kronecker(x, &group->field, ctx);
			if (kron == -2)
				goto err;

			if (kron == 1)
				ECerror(EC_R_INVALID_COMPRESSION_BIT);
			else
				/*
				 * BN_mod_sqrt() should have cought this
				 * error (not a square)
				 */
				ECerror(EC_R_INVALID_COMPRESSED_POINT);
			goto err;
		}
		if (!BN_usub(y, &group->field, y))
			goto err;
	}
	if (y_bit != BN_is_odd(y)) {
		ECerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
		goto err;

	ret = 1;

206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
	int used_ctx = 0;
	BIGNUM *x, *y;
	size_t field_len, i, skip;

	if ((form != POINT_CONVERSION_COMPRESSED)
	    && (form != POINT_CONVERSION_UNCOMPRESSED)
	    && (form != POINT_CONVERSION_HYBRID)) {
		ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
		goto err;
	}
	if (EC_POINT_is_at_infinity(group, point) > 0) {
		/* encodes to a single 0 octet */
		if (buf != NULL) {
			if (len < 1) {
				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
				return 0;
			}
			buf[0] = 0;
		}
		return 1;
	}
	/* ret := required output buffer length */
	field_len = BN_num_bytes(&group->field);
	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;

	/* if 'buf' is NULL, just return required length */
	if (buf != NULL) {
		if (len < ret) {
			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
			goto err;
		}
		if (ctx == NULL) {
			ctx = new_ctx = BN_CTX_new();
			if (ctx == NULL)
				return 0;
		}







|






|













|







206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
	int used_ctx = 0;
	BIGNUM *x, *y;
	size_t field_len, i, skip;

	if ((form != POINT_CONVERSION_COMPRESSED)
	    && (form != POINT_CONVERSION_UNCOMPRESSED)
	    && (form != POINT_CONVERSION_HYBRID)) {
		ECerror(EC_R_INVALID_FORM);
		goto err;
	}
	if (EC_POINT_is_at_infinity(group, point) > 0) {
		/* encodes to a single 0 octet */
		if (buf != NULL) {
			if (len < 1) {
				ECerror(EC_R_BUFFER_TOO_SMALL);
				return 0;
			}
			buf[0] = 0;
		}
		return 1;
	}
	/* ret := required output buffer length */
	field_len = BN_num_bytes(&group->field);
	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;

	/* if 'buf' is NULL, just return required length */
	if (buf != NULL) {
		if (len < ret) {
			ECerror(EC_R_BUFFER_TOO_SMALL);
			goto err;
		}
		if (ctx == NULL) {
			ctx = new_ctx = BN_CTX_new();
			if (ctx == NULL)
				return 0;
		}
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
		else
			buf[0] = form;

		i = 1;

		skip = field_len - BN_num_bytes(x);
		if (skip > field_len) {
			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
			goto err;
		}
		while (skip > 0) {
			buf[i++] = 0;
			skip--;
		}
		skip = BN_bn2bin(x, buf + i);
		i += skip;
		if (i != 1 + field_len) {
			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
			goto err;
		}
		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) {
			skip = field_len - BN_num_bytes(y);
			if (skip > field_len) {
				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			while (skip > 0) {
				buf[i++] = 0;
				skip--;
			}
			skip = BN_bn2bin(y, buf + i);
			i += skip;
		}
		if (i != ret) {
			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}
	if (used_ctx)
		BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;







|









|





|










|







254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
		else
			buf[0] = form;

		i = 1;

		skip = field_len - BN_num_bytes(x);
		if (skip > field_len) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
		while (skip > 0) {
			buf[i++] = 0;
			skip--;
		}
		skip = BN_bn2bin(x, buf + i);
		i += skip;
		if (i != 1 + field_len) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) {
			skip = field_len - BN_num_bytes(y);
			if (skip > field_len) {
				ECerror(ERR_R_INTERNAL_ERROR);
				goto err;
			}
			while (skip > 0) {
				buf[i++] = 0;
				skip--;
			}
			skip = BN_bn2bin(y, buf + i);
			i += skip;
		}
		if (i != ret) {
			ECerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}
	if (used_ctx)
		BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
	int y_bit;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y;
	size_t field_len, enc_len;
	int ret = 0;

	if (len == 0) {
		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	form = buf[0];
	y_bit = form & 1;
	form = form & ~1U;
	if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
	    && (form != POINT_CONVERSION_UNCOMPRESSED)
	    && (form != POINT_CONVERSION_HYBRID)) {
		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		return 0;
	}
	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		return 0;
	}
	if (form == 0) {
		if (len != 1) {
			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
			return 0;
		}
		return EC_POINT_set_to_infinity(group, point);
	}
	field_len = BN_num_bytes(&group->field);
	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;

	if (len != enc_len) {
		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}
	BN_CTX_start(ctx);
	if ((x = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((y = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!BN_bin2bn(buf + 1, field_len, x))
		goto err;
	if (BN_ucmp(x, &group->field) >= 0) {
		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
		goto err;
	}
	if (form == POINT_CONVERSION_COMPRESSED) {
		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx))
			goto err;
	} else {
		if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
			goto err;
		if (BN_ucmp(y, &group->field) >= 0) {
			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
			goto err;
		}
		if (form == POINT_CONVERSION_HYBRID) {
			if (y_bit != BN_is_odd(y)) {
				ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
				goto err;
			}
		}
		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
			goto err;
	}

	/* test required by X9.62 */
	if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	ret = 1;

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}







|








|



|




|








|
















|









|




|









|









310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
	int y_bit;
	BN_CTX *new_ctx = NULL;
	BIGNUM *x, *y;
	size_t field_len, enc_len;
	int ret = 0;

	if (len == 0) {
		ECerror(EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	form = buf[0];
	y_bit = form & 1;
	form = form & ~1U;
	if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
	    && (form != POINT_CONVERSION_UNCOMPRESSED)
	    && (form != POINT_CONVERSION_HYBRID)) {
		ECerror(EC_R_INVALID_ENCODING);
		return 0;
	}
	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
		ECerror(EC_R_INVALID_ENCODING);
		return 0;
	}
	if (form == 0) {
		if (len != 1) {
			ECerror(EC_R_INVALID_ENCODING);
			return 0;
		}
		return EC_POINT_set_to_infinity(group, point);
	}
	field_len = BN_num_bytes(&group->field);
	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;

	if (len != enc_len) {
		ECerror(EC_R_INVALID_ENCODING);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}
	BN_CTX_start(ctx);
	if ((x = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((y = BN_CTX_get(ctx)) == NULL)
		goto err;

	if (!BN_bin2bn(buf + 1, field_len, x))
		goto err;
	if (BN_ucmp(x, &group->field) >= 0) {
		ECerror(EC_R_INVALID_ENCODING);
		goto err;
	}
	if (form == POINT_CONVERSION_COMPRESSED) {
		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx))
			goto err;
	} else {
		if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
			goto err;
		if (BN_ucmp(y, &group->field) >= 0) {
			ECerror(EC_R_INVALID_ENCODING);
			goto err;
		}
		if (form == POINT_CONVERSION_HYBRID) {
			if (y_bit != BN_is_odd(y)) {
				ECerror(EC_R_INVALID_ENCODING);
				goto err;
			}
		}
		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
			goto err;
	}

	/* test required by X9.62 */
	if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
		ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	ret = 1;

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
	return ret;
}
Changes to jni/libressl/crypto/ec/ecp_smpl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_smpl.c,v 1.14 2015/02/08 22:25:03 miod Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecp_smpl.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
58
59
60
61
62
63
64
65
66
67
68
69
70

71
72
73
74
75
76
77
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * Portions of this software developed by SUN MICROSYSTEMS, INC.,
 * and contributed to the OpenSSL project.
 */

#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/err.h>


#include "ec_lcl.h"

const EC_METHOD *
EC_GFp_simple_method(void)
{
	static const EC_METHOD ret = {
		.flags = EC_FLAGS_DEFAULT_OCT,







<
<
<
<


>







58
59
60
61
62
63
64




65
66
67
68
69
70
71
72
73
74
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * Portions of this software developed by SUN MICROSYSTEMS, INC.,
 * and contributed to the OpenSSL project.
 */





#include <openssl/err.h>

#include "bn_lcl.h"
#include "ec_lcl.h"

const EC_METHOD *
EC_GFp_simple_method(void)
{
	static const EC_METHOD ret = {
		.flags = EC_FLAGS_DEFAULT_OCT,
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
{
	int ret = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *tmp_a;

	/* p must be a prime > 3 */
	if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}







|







176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
{
	int ret = 0;
	BN_CTX *new_ctx = NULL;
	BIGNUM *tmp_a;

	/* p must be a prime > 3 */
	if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
		ECerror(EC_R_INVALID_FIELD);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
	BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
	const BIGNUM *p = &group->field;
	BN_CTX *new_ctx = NULL;

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL) {
			ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	BN_CTX_start(ctx);
	if ((a = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((b = BN_CTX_get(ctx)) == NULL)







|







285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
	BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
	const BIGNUM *p = &group->field;
	BN_CTX *new_ctx = NULL;

	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL) {
			ECerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	BN_CTX_start(ctx);
	if ((a = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((b = BN_CTX_get(ctx)) == NULL)
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546

int 
ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx)
{
	if (x == NULL || y == NULL) {
		/* unlike for projective coordinates, we do not tolerate this */
		ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
}


int 
ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POINT * point,
    BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
	BN_CTX *new_ctx = NULL;
	BIGNUM *Z, *Z_1, *Z_2, *Z_3;
	const BIGNUM *Z_;
	int ret = 0;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}







|
















|







512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543

int 
ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point,
    const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx)
{
	if (x == NULL || y == NULL) {
		/* unlike for projective coordinates, we do not tolerate this */
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
}


int 
ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POINT * point,
    BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
	BN_CTX *new_ctx = NULL;
	BIGNUM *Z, *Z_1, *Z_2, *Z_3;
	const BIGNUM *Z_;
	int ret = 0;

	if (EC_POINT_is_at_infinity(group, point) > 0) {
		ECerror(EC_R_POINT_AT_INFINITY);
		return 0;
	}
	if (ctx == NULL) {
		ctx = new_ctx = BN_CTX_new();
		if (ctx == NULL)
			return 0;
	}
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
			}
			if (y != NULL) {
				if (!BN_copy(y, &point->Y))
					goto err;
			}
		}
	} else {
		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) {
			ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
			goto err;
		}
		if (group->meth->field_encode == 0) {
			/* field_sqr works on standard representation */
			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
				goto err;
		} else {







|
|







578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
			}
			if (y != NULL) {
				if (!BN_copy(y, &point->Y))
					goto err;
			}
		}
	} else {
		if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
		if (group->meth->field_encode == 0) {
			/* field_sqr works on standard representation */
			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
				goto err;
		} else {
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
		goto err;

	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
		goto err;
	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
		goto err;
	if (!point->Z_is_one) {
		ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	ret = 1;

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);







|







1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
		goto err;

	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
		goto err;
	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
		goto err;
	if (!point->Z_is_one) {
		ECerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	ret = 1;

err:
	BN_CTX_end(ctx);
	BN_CTX_free(new_ctx);
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
				}
			}
		}
	}

	/* invert heap[1] */
	if (!BN_is_zero(heap[1])) {
		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) {
			ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
			goto err;
		}
	}
	if (group->meth->field_encode != 0) {
		/*
		 * in the Montgomery case, we just turned  R*H  (representing
		 * H) into  1/(R*H),  but we need  R*(1/H)  (representing







|
|







1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
				}
			}
		}
	}

	/* invert heap[1] */
	if (!BN_is_zero(heap[1])) {
		if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) {
			ECerror(ERR_R_BN_LIB);
			goto err;
		}
	}
	if (group->meth->field_encode != 0) {
		/*
		 * in the Montgomery case, we just turned  R*H  (representing
		 * H) into  1/(R*H),  but we need  R*(1/H)  (representing
Changes to jni/libressl/crypto/ecdh/ech_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ech_err.c,v 1.4 2015/09/13 10:46:20 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ech_err.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)

static ERR_STRING_DATA ECDH_str_functs[]= {
	{ERR_FUNC(ECDH_F_ECDH_CHECK),	"ECDH_CHECK"},
	{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},
	{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_new_method"},
	{0, NULL}
};

static ERR_STRING_DATA ECDH_str_reasons[]= {
	{ERR_REASON(ECDH_R_KDF_FAILED)           , "KDF failed"},
	{ERR_REASON(ECDH_R_KEY_TRUNCATION), "key would be truncated"},
	{ERR_REASON(ECDH_R_NON_FIPS_METHOD)      , "non fips method"},







|
<
<







68
69
70
71
72
73
74
75


76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)

static ERR_STRING_DATA ECDH_str_functs[]= {
	{ERR_FUNC(0xfff), "CRYPTO_internal"},


	{0, NULL}
};

static ERR_STRING_DATA ECDH_str_reasons[]= {
	{ERR_REASON(ECDH_R_KDF_FAILED)           , "KDF failed"},
	{ERR_REASON(ECDH_R_KEY_TRUNCATION), "key would be truncated"},
	{ERR_REASON(ECDH_R_NON_FIPS_METHOD)      , "non fips method"},
Changes to jni/libressl/crypto/ecdh/ech_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ech_key.c,v 1.5 2015/09/13 14:11:57 jsing Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ech_key.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
	const EC_GROUP* group;
	int ret = -1;
	size_t buflen, len;
	unsigned char *buf = NULL;

	if (outlen > INT_MAX) {
		/* Sort of, anyway. */
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
		return -1;
	}

	if ((ctx = BN_CTX_new()) == NULL)
		goto err;
	BN_CTX_start(ctx);
	if ((x = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((y = BN_CTX_get(ctx)) == NULL)
		goto err;

	priv_key = EC_KEY_get0_private_key(ecdh);
	if (priv_key == NULL) {
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
		goto err;
	}

	group = EC_KEY_get0_group(ecdh);
	if ((tmp = EC_POINT_new(group)) == NULL) {
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,
		    ECDH_R_POINT_ARITHMETIC_FAILURE);
		goto err;
	}

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
	    NID_X9_62_prime_field) {
		if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y,
		    ctx)) {
			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,
			    ECDH_R_POINT_ARITHMETIC_FAILURE);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else {
		if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y,
		    ctx)) {
			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,
			    ECDH_R_POINT_ARITHMETIC_FAILURE);
			goto err;
		}
	}
#endif

	buflen = ECDH_size(ecdh);
	len = BN_num_bytes(x);
	if (len > buflen) {
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if (KDF == NULL && outlen < buflen) {
		/* The resulting key would be truncated. */
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KEY_TRUNCATION);
		goto err;
	}
	if ((buf = malloc(buflen)) == NULL) {
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	memset(buf, 0, buflen - len);
	if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
		goto err;
	}

	if (KDF != NULL) {
		if (KDF(buf, buflen, out, &outlen) == NULL) {
			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);
			goto err;
		}
		ret = outlen;
	} else {
		/* No KDF, just copy out the key and zero the rest. */
		if (outlen > buflen) {
			memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen);







|













|





|




<
|







<
|







<
|








|




|



|





|





|







102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
141

142
143
144
145
146
147
148
149

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
	const EC_GROUP* group;
	int ret = -1;
	size_t buflen, len;
	unsigned char *buf = NULL;

	if (outlen > INT_MAX) {
		/* Sort of, anyway. */
		ECDHerror(ERR_R_MALLOC_FAILURE);
		return -1;
	}

	if ((ctx = BN_CTX_new()) == NULL)
		goto err;
	BN_CTX_start(ctx);
	if ((x = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((y = BN_CTX_get(ctx)) == NULL)
		goto err;

	priv_key = EC_KEY_get0_private_key(ecdh);
	if (priv_key == NULL) {
		ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
		goto err;
	}

	group = EC_KEY_get0_group(ecdh);
	if ((tmp = EC_POINT_new(group)) == NULL) {
		ECDHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {

		ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
		goto err;
	}

	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
	    NID_X9_62_prime_field) {
		if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y,
		    ctx)) {

			ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else {
		if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y,
		    ctx)) {

			ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
			goto err;
		}
	}
#endif

	buflen = ECDH_size(ecdh);
	len = BN_num_bytes(x);
	if (len > buflen) {
		ECDHerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if (KDF == NULL && outlen < buflen) {
		/* The resulting key would be truncated. */
		ECDHerror(ECDH_R_KEY_TRUNCATION);
		goto err;
	}
	if ((buf = malloc(buflen)) == NULL) {
		ECDHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	memset(buf, 0, buflen - len);
	if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
		ECDHerror(ERR_R_BN_LIB);
		goto err;
	}

	if (KDF != NULL) {
		if (KDF(buf, buflen, out, &outlen) == NULL) {
			ECDHerror(ECDH_R_KDF_FAILED);
			goto err;
		}
		ret = outlen;
	} else {
		/* No KDF, just copy out the key and zero the rest. */
		if (outlen > buflen) {
			memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen);
Changes to jni/libressl/crypto/ecdh/ech_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ech_lib.c,v 1.10 2015/09/13 10:46:20 jsing Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ech_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
static ECDH_DATA *
ECDH_DATA_new_method(ENGINE *engine)
{
	ECDH_DATA *ret;

	ret = malloc(sizeof(ECDH_DATA));
	if (ret == NULL) {
		ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ret->init = NULL;

	ret->meth = ECDH_get_default_method();
	ret->engine = engine;
#ifndef OPENSSL_NO_ENGINE
	if (!ret->engine)
		ret->engine = ENGINE_get_default_ECDH();
	if (ret->engine) {
		ret->meth = ENGINE_get_ECDH(ret->engine);
		if (!ret->meth) {
			ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif








|













|







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
static ECDH_DATA *
ECDH_DATA_new_method(ENGINE *engine)
{
	ECDH_DATA *ret;

	ret = malloc(sizeof(ECDH_DATA));
	if (ret == NULL) {
		ECDHerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ret->init = NULL;

	ret->meth = ECDH_get_default_method();
	ret->engine = engine;
#ifndef OPENSSL_NO_ENGINE
	if (!ret->engine)
		ret->engine = ENGINE_get_default_ECDH();
	if (ret->engine) {
		ret->meth = ENGINE_get_ECDH(ret->engine);
		if (!ret->meth) {
			ECDHerror(ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif

Changes to jni/libressl/crypto/ecdh/ech_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ech_locl.h,v 1.3 2015/02/07 13:19:15 doug Exp $ */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ech_locl.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 */

#ifndef HEADER_ECH_LOCL_H
#define HEADER_ECH_LOCL_H

#include <openssl/ecdh.h>

#ifdef  __cplusplus
extern "C" {
#endif

struct ecdh_method {
	const char *name;
	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
	    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
	int flags;
	char *app_data;







|
<
<







54
55
56
57
58
59
60
61


62
63
64
65
66
67
68
 */

#ifndef HEADER_ECH_LOCL_H
#define HEADER_ECH_LOCL_H

#include <openssl/ecdh.h>

__BEGIN_HIDDEN_DECLS



struct ecdh_method {
	const char *name;
	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
	    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
	int flags;
	char *app_data;
86
87
88
89
90
91
92
93
94
95
96
97
	int	flags;
	const ECDH_METHOD *meth;
	CRYPTO_EX_DATA ex_data;
} ECDH_DATA;

ECDH_DATA *ecdh_check(EC_KEY *);

#ifdef  __cplusplus
}
#endif

#endif /* HEADER_ECH_LOCL_H */







|
|
<
<

84
85
86
87
88
89
90
91
92


93
	int	flags;
	const ECDH_METHOD *meth;
	CRYPTO_EX_DATA ex_data;
} ECDH_DATA;

ECDH_DATA *ecdh_check(EC_KEY *);

__END_HIDDEN_DECLS



#endif /* HEADER_ECH_LOCL_H */
Changes to jni/libressl/crypto/ecdsa/ecs_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_asn1.c,v 1.7 2015/10/16 15:12:30 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_asn1.c,v 1.8 2015/10/16 15:15:39 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/ecdsa/ecs_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_err.c,v 1.3 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)

static ERR_STRING_DATA ECDSA_str_functs[]= {
	{ERR_FUNC(ECDSA_F_ECDSA_CHECK),	"ECDSA_CHECK"},
	{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_NEW_METHOD"},
	{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},
	{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},
	{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),	"ECDSA_sign_setup"},
	{0, NULL}
};

static ERR_STRING_DATA ECDSA_str_reasons[]= {
	{ERR_REASON(ECDSA_R_BAD_SIGNATURE)       , "bad signature"},
	{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
	{ERR_REASON(ECDSA_R_ERR_EC_LIB)          , "err ec lib"},







|
<
<
<
<







68
69
70
71
72
73
74
75




76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)

static ERR_STRING_DATA ECDSA_str_functs[]= {
	{ERR_FUNC(0xfff), "CRYPTO_internal"},




	{0, NULL}
};

static ERR_STRING_DATA ECDSA_str_reasons[]= {
	{ERR_REASON(ECDSA_R_BAD_SIGNATURE)       , "bad signature"},
	{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
	{ERR_REASON(ECDSA_R_ERR_EC_LIB)          , "err ec lib"},
Changes to jni/libressl/crypto/ecdsa/ecs_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_lib.c,v 1.9 2015/02/08 13:35:07 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_lib.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
static ECDSA_DATA *
ECDSA_DATA_new_method(ENGINE *engine)
{
	ECDSA_DATA *ret;

	ret = malloc(sizeof(ECDSA_DATA));
	if (ret == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ret->init = NULL;

	ret->meth = ECDSA_get_default_method();
	ret->engine = engine;
#ifndef OPENSSL_NO_ENGINE
	if (!ret->engine)
		ret->engine = ENGINE_get_default_ECDSA();
	if (ret->engine) {
		ret->meth = ENGINE_get_ECDSA(ret->engine);
		if (!ret->meth) {
			ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD,
			    ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif








|













<
|







109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

130
131
132
133
134
135
136
137
static ECDSA_DATA *
ECDSA_DATA_new_method(ENGINE *engine)
{
	ECDSA_DATA *ret;

	ret = malloc(sizeof(ECDSA_DATA));
	if (ret == NULL) {
		ECDSAerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ret->init = NULL;

	ret->meth = ECDSA_get_default_method();
	ret->engine = engine;
#ifndef OPENSSL_NO_ENGINE
	if (!ret->engine)
		ret->engine = ENGINE_get_default_ECDSA();
	if (ret->engine) {
		ret->meth = ENGINE_get_ECDSA(ret->engine);
		if (!ret->meth) {

			ECDSAerror(ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif

Changes to jni/libressl/crypto/ecdsa/ecs_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_locl.h,v 1.3 2014/11/17 20:25:50 miod Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_locl.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 */

#ifndef HEADER_ECS_LOCL_H
#define HEADER_ECS_LOCL_H

#include <openssl/ecdsa.h>

#ifdef  __cplusplus
extern "C" {
#endif

typedef struct ecdsa_data_st {
	/* EC_KEY_METH_DATA part */
	int (*init)(EC_KEY *);
	/* method (ECDSA) specific part */
	ENGINE	*engine;
	int	flags;
	const ECDSA_METHOD *meth;
	CRYPTO_EX_DATA ex_data;
} ECDSA_DATA;

/** ecdsa_check
 * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
 * and if not it removes the old meth_data and creates a ECDSA_DATA structure.
 * \param  eckey pointer to a EC_KEY object
 * \return pointer to a ECDSA_DATA structure
 */
ECDSA_DATA *ecdsa_check(EC_KEY *eckey);

#ifdef  __cplusplus
}
#endif

#endif /* HEADER_ECS_LOCL_H */







|
<
<



















|
|
<
<

57
58
59
60
61
62
63
64


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85


86
 */

#ifndef HEADER_ECS_LOCL_H
#define HEADER_ECS_LOCL_H

#include <openssl/ecdsa.h>

__BEGIN_HIDDEN_DECLS



typedef struct ecdsa_data_st {
	/* EC_KEY_METH_DATA part */
	int (*init)(EC_KEY *);
	/* method (ECDSA) specific part */
	ENGINE	*engine;
	int	flags;
	const ECDSA_METHOD *meth;
	CRYPTO_EX_DATA ex_data;
} ECDSA_DATA;

/** ecdsa_check
 * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
 * and if not it removes the old meth_data and creates a ECDSA_DATA structure.
 * \param  eckey pointer to a EC_KEY object
 * \return pointer to a ECDSA_DATA structure
 */
ECDSA_DATA *ecdsa_check(EC_KEY *eckey);

__END_HIDDEN_DECLS



#endif /* HEADER_ECS_LOCL_H */
Changes to jni/libressl/crypto/ecdsa/ecs_ossl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_ossl.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_ossl.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
54
55
56
57
58
59
60
61
62
63
64
65



66
67
68
69
70
71
72
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/opensslconf.h>

#include "ecs_locl.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/bn.h>




static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
    const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
    BIGNUM **rp);
static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
    const ECDSA_SIG *sig, EC_KEY *eckey);








<




>
>
>







54
55
56
57
58
59
60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/opensslconf.h>


#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/bn.h>

#include "bn_lcl.h"
#include "ecs_locl.h"

static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
    const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
    BIGNUM **rp);
static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
    const ECDSA_SIG *sig, EC_KEY *eckey);

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
	BN_CTX   *ctx = NULL;
	BIGNUM	 *k = NULL, *r = NULL, *order = NULL, *X = NULL;
	EC_POINT *tmp_point = NULL;
	const EC_GROUP *group;
	int 	 ret = 0;

	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}

	if (ctx_in == NULL) {
		if ((ctx = BN_CTX_new()) == NULL) {
			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	} else
		ctx = ctx_in;

	k = BN_new();	/* this value is later returned in *kinvp */
	r = BN_new();	/* this value is later returned in *rp    */
	order = BN_new();
	X = BN_new();
	if (!k || !r || !order || !X) {
		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((tmp_point = EC_POINT_new(group)) == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
		goto err;
	}
	if (!EC_GROUP_get_order(group, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
		goto err;
	}

	do {
		/* get random k */
		do
			if (!BN_rand_range(k, order)) {
				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
				    ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
				goto err;
			}
		while (BN_is_zero(k));

		/* We do not want timing information to leak the length of k,
		 * so we compute G*k using an equivalent scalar of fixed
		 * bit-length. */
		if (!BN_add(k, k, order))
			goto err;
		if (BN_num_bits(k) <= BN_num_bits(order))
			if (!BN_add(k, k, order))
				goto err;

		BN_set_flags(k, BN_FLG_CONSTTIME);

		/* compute r the x-coordinate of generator * k */
		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
			goto err;
		}
		if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
		    NID_X9_62_prime_field) {
			if (!EC_POINT_get_affine_coordinates_GFp(group,
			    tmp_point, X, NULL, ctx)) {
				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
				    ERR_R_EC_LIB);
				goto err;
			}
		}
#ifndef OPENSSL_NO_EC2M
		else /* NID_X9_62_characteristic_two_field */
		{
			if (!EC_POINT_get_affine_coordinates_GF2m(group,
			    tmp_point, X, NULL, ctx)) {
				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
				    ERR_R_EC_LIB);
				goto err;
			}
		}
#endif
		if (!BN_nnmod(r, X, order, ctx)) {
			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
			goto err;
		}
	} while (BN_is_zero(r));

	/* compute the inverse of k */
	if (!BN_mod_inverse(k, k, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
		goto err;
	}
	/* clear old values if necessary */
	BN_clear_free(*rp);
	BN_clear_free(*kinvp);
	/* save the pre-computed values  */
	*rp = r;







|





<
|










|



|



|







<
|

















|






<
|








<
|





|





|
|







91
92
93
94
95
96
97
98
99
100
101
102
103

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164

165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
	BN_CTX   *ctx = NULL;
	BIGNUM	 *k = NULL, *r = NULL, *order = NULL, *X = NULL;
	EC_POINT *tmp_point = NULL;
	const EC_GROUP *group;
	int 	 ret = 0;

	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
		ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}

	if (ctx_in == NULL) {
		if ((ctx = BN_CTX_new()) == NULL) {

			ECDSAerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	} else
		ctx = ctx_in;

	k = BN_new();	/* this value is later returned in *kinvp */
	r = BN_new();	/* this value is later returned in *rp    */
	order = BN_new();
	X = BN_new();
	if (!k || !r || !order || !X) {
		ECDSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if ((tmp_point = EC_POINT_new(group)) == NULL) {
		ECDSAerror(ERR_R_EC_LIB);
		goto err;
	}
	if (!EC_GROUP_get_order(group, order, ctx)) {
		ECDSAerror(ERR_R_EC_LIB);
		goto err;
	}

	do {
		/* get random k */
		do
			if (!BN_rand_range(k, order)) {

				ECDSAerror(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
				goto err;
			}
		while (BN_is_zero(k));

		/* We do not want timing information to leak the length of k,
		 * so we compute G*k using an equivalent scalar of fixed
		 * bit-length. */
		if (!BN_add(k, k, order))
			goto err;
		if (BN_num_bits(k) <= BN_num_bits(order))
			if (!BN_add(k, k, order))
				goto err;

		BN_set_flags(k, BN_FLG_CONSTTIME);

		/* compute r the x-coordinate of generator * k */
		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
			ECDSAerror(ERR_R_EC_LIB);
			goto err;
		}
		if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
		    NID_X9_62_prime_field) {
			if (!EC_POINT_get_affine_coordinates_GFp(group,
			    tmp_point, X, NULL, ctx)) {

				ECDSAerror(ERR_R_EC_LIB);
				goto err;
			}
		}
#ifndef OPENSSL_NO_EC2M
		else /* NID_X9_62_characteristic_two_field */
		{
			if (!EC_POINT_get_affine_coordinates_GF2m(group,
			    tmp_point, X, NULL, ctx)) {

				ECDSAerror(ERR_R_EC_LIB);
				goto err;
			}
		}
#endif
		if (!BN_nnmod(r, X, order, ctx)) {
			ECDSAerror(ERR_R_BN_LIB);
			goto err;
		}
	} while (BN_is_zero(r));

	/* compute the inverse of k */
	if (!BN_mod_inverse_ct(k, k, order, ctx)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/* clear old values if necessary */
	BN_clear_free(*rp);
	BN_clear_free(*kinvp);
	/* save the pre-computed values  */
	*rp = r;
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
	const BIGNUM *priv_key;

	ecdsa = ecdsa_check(eckey);
	group = EC_KEY_get0_group(eckey);
	priv_key = EC_KEY_get0_private_key(eckey);

	if (group == NULL || priv_key == NULL || ecdsa == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}

	ret = ECDSA_SIG_new();
	if (!ret) {
		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	s = ret->s;

	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
	    (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EC_GROUP_get_order(group, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
		goto err;
	}
	i = BN_num_bits(order);
	/* Need to truncate digest if it is too long: first truncate whole
	 * bytes.
	 */
	if (8 * dgst_len > i)
		dgst_len = (i + 7)/8;
	if (!BN_bin2bn(dgst, dgst_len, m)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
		goto err;
	}
	/* If still too long truncate remaining bits with a shift */
	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
		goto err;
	}
	do {
		if (in_kinv == NULL || in_r == NULL) {
			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
				    ERR_R_ECDSA_LIB);
				goto err;
			}
			ckinv = kinv;
		} else {
			ckinv = in_kinv;
			if (BN_copy(ret->r, in_r) == NULL) {
				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}

		if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
			goto err;
		}
		if (!BN_mod_add_quick(s, tmp, m, order)) {
			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
			goto err;
		}
		if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
			goto err;
		}
		if (BN_is_zero(s)) {
			/* if kinv and r have been supplied by the caller
			 * don't to generate new kinv and r values */
			if (in_kinv != NULL && in_r != NULL) {
				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
				    ECDSA_R_NEED_NEW_SETUP_VALUES);
				goto err;
			}
		} else
			/* s != 0 => we have a valid signature */
			break;
	} while (1);








|





|






|




|









|




|





<
|






<
|





|



|



|






<
|







214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259

260
261
262
263
264
265
266

267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287

288
289
290
291
292
293
294
295
	const BIGNUM *priv_key;

	ecdsa = ecdsa_check(eckey);
	group = EC_KEY_get0_group(eckey);
	priv_key = EC_KEY_get0_private_key(eckey);

	if (group == NULL || priv_key == NULL || ecdsa == NULL) {
		ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}

	ret = ECDSA_SIG_new();
	if (!ret) {
		ECDSAerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	s = ret->s;

	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
	    (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
		ECDSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EC_GROUP_get_order(group, order, ctx)) {
		ECDSAerror(ERR_R_EC_LIB);
		goto err;
	}
	i = BN_num_bits(order);
	/* Need to truncate digest if it is too long: first truncate whole
	 * bytes.
	 */
	if (8 * dgst_len > i)
		dgst_len = (i + 7)/8;
	if (!BN_bin2bn(dgst, dgst_len, m)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/* If still too long truncate remaining bits with a shift */
	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	do {
		if (in_kinv == NULL || in_r == NULL) {
			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {

				ECDSAerror(ERR_R_ECDSA_LIB);
				goto err;
			}
			ckinv = kinv;
		} else {
			ckinv = in_kinv;
			if (BN_copy(ret->r, in_r) == NULL) {

				ECDSAerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}

		if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
			ECDSAerror(ERR_R_BN_LIB);
			goto err;
		}
		if (!BN_mod_add_quick(s, tmp, m, order)) {
			ECDSAerror(ERR_R_BN_LIB);
			goto err;
		}
		if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
			ECDSAerror(ERR_R_BN_LIB);
			goto err;
		}
		if (BN_is_zero(s)) {
			/* if kinv and r have been supplied by the caller
			 * don't to generate new kinv and r values */
			if (in_kinv != NULL && in_r != NULL) {

				ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES);
				goto err;
			}
		} else
			/* s != 0 => we have a valid signature */
			break;
	} while (1);

323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
	EC_POINT *point = NULL;
	const EC_GROUP *group;
	const EC_POINT *pub_key;

	/* check input values */
	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
		return -1;
	}

	ctx = BN_CTX_new();
	if (!ctx) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
		return -1;
	}
	BN_CTX_start(ctx);
	order = BN_CTX_get(ctx);
	u1 = BN_CTX_get(ctx);
	u2 = BN_CTX_get(ctx);
	m = BN_CTX_get(ctx);
	X = BN_CTX_get(ctx);
	if (!X) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}

	if (!EC_GROUP_get_order(group, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
		goto err;
	}

	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) ||
	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
		ret = 0;	/* signature is invalid */
		goto err;
	}
	/* calculate tmp1 = inv(S) mod order */
	if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}
	/* digest -> m */
	i = BN_num_bits(order);
	/* Need to truncate digest if it is too long: first truncate whole
	 * bytes.
	 */
	if (8 * dgst_len > i)
		dgst_len = (i + 7)/8;
	if (!BN_bin2bn(dgst, dgst_len, m)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}
	/* If still too long truncate remaining bits with a shift */
	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}
	/* u1 = m * tmp mod order */
	if (!BN_mod_mul(u1, m, u2, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}
	/* u2 = r * w mod q */
	if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}

	if ((point = EC_POINT_new(group)) == NULL) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
		goto err;
	}
	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
	    NID_X9_62_prime_field) {
		if (!EC_POINT_get_affine_coordinates_GFp(group,
		    point, X, NULL, ctx)) {
			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else /* NID_X9_62_characteristic_two_field */
	{
		if (!EC_POINT_get_affine_coordinates_GF2m(group,
		    point, X, NULL, ctx)) {
			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
			goto err;
		}
	}
#endif
	if (!BN_nnmod(u1, X, order, ctx)) {
		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
		goto err;
	}
	/*  if the signature is correct u1 is equal to sig->r */
	ret = (BN_ucmp(u1, sig->r) == 0);

err:
	BN_CTX_end(ctx);
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	return ret;
}







|





|









|




|






|




|
|










|




|




|




|




|



|






|








|





|











318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
	EC_POINT *point = NULL;
	const EC_GROUP *group;
	const EC_POINT *pub_key;

	/* check input values */
	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
		ECDSAerror(ECDSA_R_MISSING_PARAMETERS);
		return -1;
	}

	ctx = BN_CTX_new();
	if (!ctx) {
		ECDSAerror(ERR_R_MALLOC_FAILURE);
		return -1;
	}
	BN_CTX_start(ctx);
	order = BN_CTX_get(ctx);
	u1 = BN_CTX_get(ctx);
	u2 = BN_CTX_get(ctx);
	m = BN_CTX_get(ctx);
	X = BN_CTX_get(ctx);
	if (!X) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}

	if (!EC_GROUP_get_order(group, order, ctx)) {
		ECDSAerror(ERR_R_EC_LIB);
		goto err;
	}

	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) ||
	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0) {
		ECDSAerror(ECDSA_R_BAD_SIGNATURE);
		ret = 0;	/* signature is invalid */
		goto err;
	}
	/* calculate tmp1 = inv(S) mod order */
	if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/* digest -> m */
	i = BN_num_bits(order);
	/* Need to truncate digest if it is too long: first truncate whole
	 * bytes.
	 */
	if (8 * dgst_len > i)
		dgst_len = (i + 7)/8;
	if (!BN_bin2bn(dgst, dgst_len, m)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/* If still too long truncate remaining bits with a shift */
	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/* u1 = m * tmp mod order */
	if (!BN_mod_mul(u1, m, u2, order, ctx)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/* u2 = r * w mod q */
	if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}

	if ((point = EC_POINT_new(group)) == NULL) {
		ECDSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
		ECDSAerror(ERR_R_EC_LIB);
		goto err;
	}
	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
	    NID_X9_62_prime_field) {
		if (!EC_POINT_get_affine_coordinates_GFp(group,
		    point, X, NULL, ctx)) {
			ECDSAerror(ERR_R_EC_LIB);
			goto err;
		}
	}
#ifndef OPENSSL_NO_EC2M
	else /* NID_X9_62_characteristic_two_field */
	{
		if (!EC_POINT_get_affine_coordinates_GF2m(group,
		    point, X, NULL, ctx)) {
			ECDSAerror(ERR_R_EC_LIB);
			goto err;
		}
	}
#endif
	if (!BN_nnmod(u1, X, order, ctx)) {
		ECDSAerror(ERR_R_BN_LIB);
		goto err;
	}
	/*  if the signature is correct u1 is equal to sig->r */
	ret = (BN_ucmp(u1, sig->r) == 0);

err:
	BN_CTX_end(ctx);
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	return ret;
}
Changes to jni/libressl/crypto/ecdsa/ecs_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_sign.c,v 1.5 2014/10/18 17:20:40 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_sign.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/ecdsa/ecs_vrf.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_vrf.c,v 1.4 2015/01/28 04:14:31 beck Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecs_vrf.c,v 1.5 2015/02/08 13:35:07 jsing Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/engine/eng_all.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_all.c,v 1.28 2015/06/19 06:05:11 bcook Exp $ */
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_all.c,v 1.29 2015/07/19 22:34:27 doug Exp $ */
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/engine/eng_cnf.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_cnf.c,v 1.12 2014/07/10 13:58:22 jsing Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_cnf.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#ifdef ENGINE_CONF_DEBUG
	fprintf(stderr, "Configuring engine %s\n", name);
#endif
	/* Value is a section containing ENGINE commands */
	ecmds = NCONF_get_section(cnf, value);

	if (!ecmds) {
		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
		    ENGINE_R_ENGINE_SECTION_ERROR);
		return 0;
	}

	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
		ecmd = sk_CONF_VALUE_value(ecmds, i);
		ctrlname = skip_dot(ecmd->name);
		ctrlvalue = ecmd->value;







<
|







111
112
113
114
115
116
117

118
119
120
121
122
123
124
125
#ifdef ENGINE_CONF_DEBUG
	fprintf(stderr, "Configuring engine %s\n", name);
#endif
	/* Value is a section containing ENGINE commands */
	ecmds = NCONF_get_section(cnf, value);

	if (!ecmds) {

		ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
		return 0;
	}

	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
		ecmd = sk_CONF_VALUE_value(ecmds, i);
		ctrlname = skip_dot(ecmd->name);
		ctrlvalue = ecmd->value;
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
				if (!NCONF_get_number_e(cnf, value, "init",
				    &do_init))
					goto err;
				if (do_init == 1) {
					if (!int_engine_init(e))
						goto err;
				} else if (do_init != 0) {
					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
					    ENGINE_R_INVALID_INIT_VALUE);
					goto err;
				}
			}
			else if (!strcmp(ctrlname, "default_algorithms")) {
				if (!ENGINE_set_default_string(e, ctrlvalue))
					goto err;
			} else if (!ENGINE_ctrl_cmd_string(e,
				ctrlname, ctrlvalue, 0))
				goto err;
		}
	}
	if (e && (do_init == -1) && !int_engine_init(e)) {
		ecmd = NULL;
		goto err;
	}
	ret = 1;

err:
	if (ret != 1) {
		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
		    ENGINE_R_ENGINE_CONFIGURATION_ERROR);
		if (ecmd)
			ERR_asprintf_error_data(
			    "section=%s, name=%s, value=%s",
			    ecmd->section, ecmd->name, ecmd->value);
	}
	if (e)
		ENGINE_free(e);







<
|



















<
|







170
171
172
173
174
175
176

177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

197
198
199
200
201
202
203
204
				if (!NCONF_get_number_e(cnf, value, "init",
				    &do_init))
					goto err;
				if (do_init == 1) {
					if (!int_engine_init(e))
						goto err;
				} else if (do_init != 0) {

					ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
					goto err;
				}
			}
			else if (!strcmp(ctrlname, "default_algorithms")) {
				if (!ENGINE_set_default_string(e, ctrlvalue))
					goto err;
			} else if (!ENGINE_ctrl_cmd_string(e,
				ctrlname, ctrlvalue, 0))
				goto err;
		}
	}
	if (e && (do_init == -1) && !int_engine_init(e)) {
		ecmd = NULL;
		goto err;
	}
	ret = 1;

err:
	if (ret != 1) {

		ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
		if (ecmd)
			ERR_asprintf_error_data(
			    "section=%s, name=%s, value=%s",
			    ecmd->section, ecmd->name, ecmd->value);
	}
	if (e)
		ENGINE_free(e);
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
	fprintf(stderr, "Called engine module: name %s, value %s\n",
	    CONF_imodule_get_name(md), CONF_imodule_get_value(md));
#endif
	/* Value is a section containing ENGINEs to configure */
	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));

	if (!elist) {
		ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
		    ENGINE_R_ENGINES_SECTION_ERROR);
		return 0;
	}

	for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
		cval = sk_CONF_VALUE_value(elist, i);
		if (!int_engine_configure(cval->name, cval->value, cnf))
			return 0;







<
|







217
218
219
220
221
222
223

224
225
226
227
228
229
230
231
	fprintf(stderr, "Called engine module: name %s, value %s\n",
	    CONF_imodule_get_name(md), CONF_imodule_get_value(md));
#endif
	/* Value is a section containing ENGINEs to configure */
	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));

	if (!elist) {

		ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR);
		return 0;
	}

	for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
		cval = sk_CONF_VALUE_value(elist, i);
		if (!int_engine_configure(cval->name, cval->value, cnf))
			return 0;
Changes to jni/libressl/crypto/engine/eng_ctrl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_ctrl.c,v 1.9 2014/07/10 13:58:22 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_ctrl.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
		return e->cmd_defns->cmd_num;
	}
	/* One or two commands require that "p" be a valid string buffer */
	if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
	    (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
	    (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
		if (s == NULL) {
			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
			    ERR_R_PASSED_NULL_PARAMETER);
			return -1;
		}
	}
	/* Now handle cmd_name -> cmd_num conversion */
	if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
		if ((e->cmd_defns == NULL) ||
		    ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
			    ENGINE_R_INVALID_CMD_NAME);
			return -1;
		}
		return e->cmd_defns[idx].cmd_num;
	}
	/* For the rest of the commands, the 'long' argument must specify a
	 * valie command number - so we need to conduct a search. */
	if ((e->cmd_defns == NULL) ||
	    ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
		ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
		    ENGINE_R_INVALID_CMD_NUMBER);
		return -1;
	}
	/* Now the logic splits depending on command type */
	switch (cmd) {
	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
		idx++;
		if (int_ctrl_cmd_is_null(e->cmd_defns + idx))







<
|







<
|








<
|







121
122
123
124
125
126
127

128
129
130
131
132
133
134
135

136
137
138
139
140
141
142
143
144

145
146
147
148
149
150
151
152
		return e->cmd_defns->cmd_num;
	}
	/* One or two commands require that "p" be a valid string buffer */
	if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
	    (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
	    (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
		if (s == NULL) {

			ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
			return -1;
		}
	}
	/* Now handle cmd_name -> cmd_num conversion */
	if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
		if ((e->cmd_defns == NULL) ||
		    ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {

			ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
			return -1;
		}
		return e->cmd_defns[idx].cmd_num;
	}
	/* For the rest of the commands, the 'long' argument must specify a
	 * valie command number - so we need to conduct a search. */
	if ((e->cmd_defns == NULL) ||
	    ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {

		ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
		return -1;
	}
	/* Now the logic splits depending on command type */
	switch (cmd) {
	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
		idx++;
		if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
			ret = -1;
		return ret;
	case ENGINE_CTRL_GET_CMD_FLAGS:
		return e->cmd_defns[idx].cmd_flags;
	}

	/* Shouldn't really be here ... */
	ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
	return -1;
}

int
ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
{
	int ctrl_exists, ref_exists;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ref_exists = ((e->struct_ref > 0) ? 1 : 0);
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
	if (!ref_exists) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
		return 0;
	}
	/* Intercept any "root-level" commands before trying to hand them on to
	 * ctrl() handlers. */
	switch (cmd) {
	case ENGINE_CTRL_HAS_CTRL_FUNCTION:
		return ctrl_exists;
	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
	case ENGINE_CTRL_GET_CMD_FROM_NAME:
	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
	case ENGINE_CTRL_GET_NAME_FROM_CMD:
	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
	case ENGINE_CTRL_GET_DESC_FROM_CMD:
	case ENGINE_CTRL_GET_CMD_FLAGS:
		if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
			return int_ctrl_helper(e, cmd, i, p, f);
		if (!ctrl_exists) {
			ENGINEerr(ENGINE_F_ENGINE_CTRL,
			    ENGINE_R_NO_CONTROL_FUNCTION);
			/* For these cmd-related functions, failure is indicated
			 * by a -1 return value (because 0 is used as a valid
			 * return in some places). */
			return -1;
		}
	default:
		break;
	}
	/* Anything else requires a ctrl() handler to exist. */
	if (!ctrl_exists) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
		return 0;
	}
	return e->ctrl(e, cmd, i, p, f);
}

int
ENGINE_cmd_is_executable(ENGINE *e, int cmd)
{
	int flags;

	if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd,
	    NULL, NULL)) < 0) {
		ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
		    ENGINE_R_INVALID_CMD_NUMBER);
		return 0;
	}
	if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
	    !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
	    !(flags & ENGINE_CMD_FLAG_STRING))
		return 0;
	return 1;
}

int
ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
    void (*f)(void), int cmd_optional)
{
	int num;

	if ((e == NULL) || (cmd_name == NULL)) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((e->ctrl == NULL) ||
	    ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
	    0, (void *)cmd_name, NULL)) <= 0)) {
		/* If the command didn't *have* to be supported, we fake
		 * success. This allows certain settings to be specified for
		 * multiple ENGINEs and only require a change of ENGINE id
		 * (without having to selectively apply settings). Eg. changing
		 * from a hardware device back to the regular software ENGINE
		 * without editing the config file, etc. */
		if (cmd_optional) {
			ERR_clear_error();
			return 1;
		}
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
		return 0;
	}

	/* Force the result of the control command to 0 or 1, for the reasons
	 * mentioned before. */
	if (ENGINE_ctrl(e, num, i, p, f) > 0)
		return 1;

	return 0;
}

int
ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
    int cmd_optional)
{
	int num, flags;
	long l;
	char *ptr;

	if ((e == NULL) || (cmd_name == NULL)) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((e->ctrl == NULL) ||
	    ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0,
	    (void *)cmd_name, NULL)) <= 0)) {
		/* If the command didn't *have* to be supported, we fake
		 * success. This allows certain settings to be specified for
		 * multiple ENGINEs and only require a change of ENGINE id
		 * (without having to selectively apply settings). Eg. changing
		 * from a hardware device back to the regular software ENGINE
		 * without editing the config file, etc. */
		if (cmd_optional) {
			ERR_clear_error();
			return 1;
		}
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ENGINE_R_INVALID_CMD_NAME);
		return 0;
	}
	if (!ENGINE_cmd_is_executable(e, num)) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ENGINE_R_CMD_NOT_EXECUTABLE);
		return 0;
	}
	if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
	    NULL, NULL)) < 0) {
		/* Shouldn't happen, given that ENGINE_cmd_is_executable()
		 * returned success. */
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ENGINE_R_INTERNAL_LIST_ERROR);
		return 0;
	}
	/* If the command takes no input, there must be no input. And vice
	 * versa. */
	if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
		if (arg != NULL) {
			ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
			    ENGINE_R_COMMAND_TAKES_NO_INPUT);
			return 0;
		}
		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1
		 * rather than returning it as "return data". This is to ensure
		 * usage of these commands is consistent across applications and
		 * that certain applications don't understand it one way, and
		 * others another. */
		if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
			return 1;
		return 0;
	}
	/* So, we require input */
	if (arg == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ENGINE_R_COMMAND_TAKES_INPUT);
		return 0;
	}
	/* If it takes string input, that's easy */
	if (flags & ENGINE_CMD_FLAG_STRING) {
		/* Same explanation as above */
		if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
			return 1;
		return 0;
	}
	/* If it doesn't take numeric either, then it is unsupported for use in
	 * a config-setting situation, which is what this function is for. This
	 * should never happen though, because ENGINE_cmd_is_executable() was
	 * used. */
	if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ENGINE_R_INTERNAL_LIST_ERROR);
		return 0;
	}
	l = strtol(arg, &ptr, 10);
	if ((arg == ptr) || (*ptr != '\0')) {
		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
		    ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
		return 0;
	}
	/* Force the result of the control command to 0 or 1, for the reasons
	 * mentioned before. */
	if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
		return 1;
	return 0;
}







|









|







|


















<
|










|












<
|
















<
|















|




















<
|















<
|



<
|






<
|






<
|













<
|














<
|




<
|








181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322

323
324
325
326
327
328
329

330
331
332
333
334
335
336

337
338
339
340
341
342
343
344
345
346
347
348
349
350

351
352
353
354
355
356
357
358
359
360
361
362
363
364
365

366
367
368
369
370

371
372
373
374
375
376
377
378
379
			ret = -1;
		return ret;
	case ENGINE_CTRL_GET_CMD_FLAGS:
		return e->cmd_defns[idx].cmd_flags;
	}

	/* Shouldn't really be here ... */
	ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
	return -1;
}

int
ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
{
	int ctrl_exists, ref_exists;

	if (e == NULL) {
		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ref_exists = ((e->struct_ref > 0) ? 1 : 0);
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
	if (!ref_exists) {
		ENGINEerror(ENGINE_R_NO_REFERENCE);
		return 0;
	}
	/* Intercept any "root-level" commands before trying to hand them on to
	 * ctrl() handlers. */
	switch (cmd) {
	case ENGINE_CTRL_HAS_CTRL_FUNCTION:
		return ctrl_exists;
	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
	case ENGINE_CTRL_GET_CMD_FROM_NAME:
	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
	case ENGINE_CTRL_GET_NAME_FROM_CMD:
	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
	case ENGINE_CTRL_GET_DESC_FROM_CMD:
	case ENGINE_CTRL_GET_CMD_FLAGS:
		if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
			return int_ctrl_helper(e, cmd, i, p, f);
		if (!ctrl_exists) {

			ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
			/* For these cmd-related functions, failure is indicated
			 * by a -1 return value (because 0 is used as a valid
			 * return in some places). */
			return -1;
		}
	default:
		break;
	}
	/* Anything else requires a ctrl() handler to exist. */
	if (!ctrl_exists) {
		ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
		return 0;
	}
	return e->ctrl(e, cmd, i, p, f);
}

int
ENGINE_cmd_is_executable(ENGINE *e, int cmd)
{
	int flags;

	if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd,
	    NULL, NULL)) < 0) {

		ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
		return 0;
	}
	if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
	    !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
	    !(flags & ENGINE_CMD_FLAG_STRING))
		return 0;
	return 1;
}

int
ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
    void (*f)(void), int cmd_optional)
{
	int num;

	if ((e == NULL) || (cmd_name == NULL)) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((e->ctrl == NULL) ||
	    ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
	    0, (void *)cmd_name, NULL)) <= 0)) {
		/* If the command didn't *have* to be supported, we fake
		 * success. This allows certain settings to be specified for
		 * multiple ENGINEs and only require a change of ENGINE id
		 * (without having to selectively apply settings). Eg. changing
		 * from a hardware device back to the regular software ENGINE
		 * without editing the config file, etc. */
		if (cmd_optional) {
			ERR_clear_error();
			return 1;
		}
		ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
		return 0;
	}

	/* Force the result of the control command to 0 or 1, for the reasons
	 * mentioned before. */
	if (ENGINE_ctrl(e, num, i, p, f) > 0)
		return 1;

	return 0;
}

int
ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
    int cmd_optional)
{
	int num, flags;
	long l;
	char *ptr;

	if ((e == NULL) || (cmd_name == NULL)) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((e->ctrl == NULL) ||
	    ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0,
	    (void *)cmd_name, NULL)) <= 0)) {
		/* If the command didn't *have* to be supported, we fake
		 * success. This allows certain settings to be specified for
		 * multiple ENGINEs and only require a change of ENGINE id
		 * (without having to selectively apply settings). Eg. changing
		 * from a hardware device back to the regular software ENGINE
		 * without editing the config file, etc. */
		if (cmd_optional) {
			ERR_clear_error();
			return 1;
		}

		ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
		return 0;
	}
	if (!ENGINE_cmd_is_executable(e, num)) {

		ENGINEerror(ENGINE_R_CMD_NOT_EXECUTABLE);
		return 0;
	}
	if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
	    NULL, NULL)) < 0) {
		/* Shouldn't happen, given that ENGINE_cmd_is_executable()
		 * returned success. */

		ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
		return 0;
	}
	/* If the command takes no input, there must be no input. And vice
	 * versa. */
	if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
		if (arg != NULL) {

			ENGINEerror(ENGINE_R_COMMAND_TAKES_NO_INPUT);
			return 0;
		}
		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1
		 * rather than returning it as "return data". This is to ensure
		 * usage of these commands is consistent across applications and
		 * that certain applications don't understand it one way, and
		 * others another. */
		if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
			return 1;
		return 0;
	}
	/* So, we require input */
	if (arg == NULL) {

		ENGINEerror(ENGINE_R_COMMAND_TAKES_INPUT);
		return 0;
	}
	/* If it takes string input, that's easy */
	if (flags & ENGINE_CMD_FLAG_STRING) {
		/* Same explanation as above */
		if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
			return 1;
		return 0;
	}
	/* If it doesn't take numeric either, then it is unsupported for use in
	 * a config-setting situation, which is what this function is for. This
	 * should never happen though, because ENGINE_cmd_is_executable() was
	 * used. */
	if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {

		ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
		return 0;
	}
	l = strtol(arg, &ptr, 10);
	if ((arg == ptr) || (*ptr != '\0')) {

		ENGINEerror(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
		return 0;
	}
	/* Force the result of the control command to 0 or 1, for the reasons
	 * mentioned before. */
	if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
		return 1;
	return 0;
}
Changes to jni/libressl/crypto/engine/eng_dyn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_dyn.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/engine/eng_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_err.c,v 1.9 2014/06/22 11:33:47 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_err.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)

static ERR_STRING_DATA ENGINE_str_functs[] = {
	{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),	"DYNAMIC_CTRL"},
	{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),	"DYNAMIC_GET_DATA_CTX"},
	{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),	"DYNAMIC_LOAD"},
	{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX),	"DYNAMIC_SET_DATA_CTX"},
	{ERR_FUNC(ENGINE_F_ENGINE_ADD),	"ENGINE_add"},
	{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),	"ENGINE_by_id"},
	{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),	"ENGINE_cmd_is_executable"},
	{ERR_FUNC(ENGINE_F_ENGINE_CTRL),	"ENGINE_ctrl"},
	{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),	"ENGINE_ctrl_cmd"},
	{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),	"ENGINE_ctrl_cmd_string"},
	{ERR_FUNC(ENGINE_F_ENGINE_FINISH),	"ENGINE_finish"},
	{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL),	"ENGINE_FREE_UTIL"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),	"ENGINE_get_cipher"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),	"ENGINE_GET_DEFAULT_TYPE"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),	"ENGINE_get_digest"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),	"ENGINE_get_next"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),	"ENGINE_get_pkey_asn1_meth"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH),	"ENGINE_get_pkey_meth"},
	{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),	"ENGINE_get_prev"},
	{ERR_FUNC(ENGINE_F_ENGINE_INIT),	"ENGINE_init"},
	{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),	"ENGINE_LIST_ADD"},
	{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE),	"ENGINE_LIST_REMOVE"},
	{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),	"ENGINE_load_private_key"},
	{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),	"ENGINE_load_public_key"},
	{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),	"ENGINE_load_ssl_client_cert"},
	{ERR_FUNC(ENGINE_F_ENGINE_NEW),	"ENGINE_new"},
	{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),	"ENGINE_remove"},
	{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),	"ENGINE_set_default_string"},
	{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),	"ENGINE_SET_DEFAULT_TYPE"},
	{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),	"ENGINE_set_id"},
	{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),	"ENGINE_set_name"},
	{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),	"ENGINE_TABLE_REGISTER"},
	{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),	"ENGINE_UNLOAD_KEY"},
	{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH),	"ENGINE_UNLOCKED_FINISH"},
	{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),	"ENGINE_up_ref"},
	{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),	"INT_CTRL_HELPER"},
	{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),	"INT_ENGINE_CONFIGURE"},
	{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT),	"INT_ENGINE_MODULE_INIT"},
	{ERR_FUNC(ENGINE_F_LOG_MESSAGE),	"LOG_MESSAGE"},
	{0, NULL}
};

static ERR_STRING_DATA ENGINE_str_reasons[] = {
	{ERR_REASON(ENGINE_R_ALREADY_LOADED)     , "already loaded"},
	{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), "argument is not a number"},
	{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) , "cmd not executable"},







<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74




75


































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)

static ERR_STRING_DATA ENGINE_str_functs[] = {




	{ERR_FUNC(0xfff), "CRYPTO_internal"},


































	{0, NULL}
};

static ERR_STRING_DATA ENGINE_str_reasons[] = {
	{ERR_REASON(ENGINE_R_ALREADY_LOADED)     , "already loaded"},
	{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), "argument is not a number"},
	{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) , "cmd not executable"},
Changes to jni/libressl/crypto/engine/eng_fat.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_fat.c,v 1.14 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_fat.c,v 1.16 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

int
ENGINE_set_default_string(ENGINE *e, const char *def_list)
{
	unsigned int flags = 0;

	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
		    ENGINE_R_INVALID_STRING);
		ERR_asprintf_error_data("str=%s",def_list);
		return 0;
	}
	return ENGINE_set_default(e, flags);
}

int







<
|







143
144
145
146
147
148
149

150
151
152
153
154
155
156
157

int
ENGINE_set_default_string(ENGINE *e, const char *def_list)
{
	unsigned int flags = 0;

	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {

		ENGINEerror(ENGINE_R_INVALID_STRING);
		ERR_asprintf_error_data("str=%s",def_list);
		return 0;
	}
	return ENGINE_set_default(e, flags);
}

int
Changes to jni/libressl/crypto/engine/eng_init.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_init.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_init.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
		if (!to_return)
			return 0;
	}

	/* Release the structural reference too */
	if (!engine_free_util(e, 0)) {
		ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,
		    ENGINE_R_FINISH_FAILED);
		return 0;
	}
	return to_return;
}

/* The API (locked) version of "init" */
int
ENGINE_init(ENGINE *e)
{
	int ret;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ret = engine_unlocked_init(e);
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	return ret;
}

/* The API (locked) version of "finish" */
int
ENGINE_finish(ENGINE *e)
{
	int to_return = 1;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	to_return = engine_unlocked_finish(e, 1);
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!to_return) {
		ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
		return 0;
	}
	return to_return;
}







<
|












|















|






|




102
103
104
105
106
107
108

109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
		if (!to_return)
			return 0;
	}

	/* Release the structural reference too */
	if (!engine_free_util(e, 0)) {

		ENGINEerror(ENGINE_R_FINISH_FAILED);
		return 0;
	}
	return to_return;
}

/* The API (locked) version of "init" */
int
ENGINE_init(ENGINE *e)
{
	int ret;

	if (e == NULL) {
		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ret = engine_unlocked_init(e);
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	return ret;
}

/* The API (locked) version of "finish" */
int
ENGINE_finish(ENGINE *e)
{
	int to_return = 1;

	if (e == NULL) {
		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	to_return = engine_unlocked_finish(e, 1);
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!to_return) {
		ENGINEerror(ENGINE_R_FINISH_FAILED);
		return 0;
	}
	return to_return;
}
Changes to jni/libressl/crypto/engine/eng_int.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_int.h,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_int.h,v 1.9 2016/12/21 15:49:29 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

#ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H

/* Take public definitions from engine.h */
#include <openssl/engine.h>

#ifdef  __cplusplus
extern "C" {
#endif

/* If we compile with this symbol defined, then both reference counts in the
 * ENGINE structure will be monitored with a line of output on stderr for each
 * change. This prints the engine's pointer address (truncated to unsigned int),
 * "struct" or "funct" to indicate the reference type, the before and after
 * reference count, and the file:line-number pair. The "engine_ref_debug"
 * statements must come *after* the change. */







|
<
<







63
64
65
66
67
68
69
70


71
72
73
74
75
76
77

#ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H

/* Take public definitions from engine.h */
#include <openssl/engine.h>

__BEGIN_HIDDEN_DECLS



/* If we compile with this symbol defined, then both reference counts in the
 * ENGINE structure will be monitored with a line of output on stderr for each
 * change. This prints the engine's pointer address (truncated to unsigned int),
 * "struct" or "funct" to indicate the reference type, the before and after
 * reference count, and the file:line-number pair. The "engine_ref_debug"
 * statements must come *after* the change. */
195
196
197
198
199
200
201
202
203
204
205
206
	/* A place to store per-ENGINE data */
	CRYPTO_EX_DATA ex_data;
	/* Used to maintain the linked-list of engines. */
	struct engine_st *prev;
	struct engine_st *next;
};

#ifdef  __cplusplus
}
#endif

#endif /* HEADER_ENGINE_INT_H */







|
|
<
<

193
194
195
196
197
198
199
200
201


202
	/* A place to store per-ENGINE data */
	CRYPTO_EX_DATA ex_data;
	/* Used to maintain the linked-list of engines. */
	struct engine_st *prev;
	struct engine_st *next;
};

__END_HIDDEN_DECLS



#endif /* HEADER_ENGINE_INT_H */
Changes to jni/libressl/crypto/engine/eng_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_lib.c,v 1.10 2014/10/22 13:02:04 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
ENGINE *
ENGINE_new(void)
{
	ENGINE *ret;

	ret = malloc(sizeof(ENGINE));
	if (ret == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	memset(ret, 0, sizeof(ENGINE));
	ret->struct_ref = 1;
	engine_ref_debug(ret, 0, 1)
	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
	return ret;







|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
ENGINE *
ENGINE_new(void)
{
	ENGINE *ret;

	ret = malloc(sizeof(ENGINE));
	if (ret == NULL) {
		ENGINEerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	memset(ret, 0, sizeof(ENGINE));
	ret->struct_ref = 1;
	engine_ref_debug(ret, 0, 1)
	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
	return ret;
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

int
engine_free_util(ENGINE *e, int locked)
{
	int i;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (locked)
		i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
	else
		i = --e->struct_ref;
	engine_ref_debug(e, 0, -1)







<
|







109
110
111
112
113
114
115

116
117
118
119
120
121
122
123

int
engine_free_util(ENGINE *e, int locked)
{
	int i;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (locked)
		i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
	else
		i = --e->struct_ref;
	engine_ref_debug(e, 0, -1)
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
 * ENGINE structure itself. */

int
ENGINE_set_id(ENGINE *e, const char *id)
{
	if (id == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	e->id = id;
	return 1;
}

int
ENGINE_set_name(ENGINE *e, const char *name)
{
	if (name == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	e->name = name;
	return 1;
}

int







<
|










<
|







240
241
242
243
244
245
246

247
248
249
250
251
252
253
254
255
256
257

258
259
260
261
262
263
264
265
/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
 * ENGINE structure itself. */

int
ENGINE_set_id(ENGINE *e, const char *id)
{
	if (id == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	e->id = id;
	return 1;
}

int
ENGINE_set_name(ENGINE *e, const char *name)
{
	if (name == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	e->name = name;
	return 1;
}

int
Changes to jni/libressl/crypto/engine/eng_list.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_list.c,v 1.20 2015/06/19 06:32:43 bcook Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_list.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
static int
engine_list_add(ENGINE *e)
{
	int conflict = 0;
	ENGINE *iterator = NULL;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	iterator = engine_list_head;
	while (iterator && !conflict) {
		conflict = (strcmp(iterator->id, e->id) == 0);
		iterator = iterator->next;
	}
	if (conflict) {
		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
		    ENGINE_R_CONFLICTING_ENGINE_ID);
		return 0;
	}
	if (engine_list_head == NULL) {
		/* We are adding to an empty list. */
		if (engine_list_tail) {
			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
			    ENGINE_R_INTERNAL_LIST_ERROR);
			return 0;
		}
		engine_list_head = e;
		e->prev = NULL;
		/* The first time the list allocates, we should register the
		 * cleanup. */
		engine_cleanup_add_last(engine_list_cleanup);
	} else {
		/* We are adding to the tail of an existing list. */
		if ((engine_list_tail == NULL) ||
		    (engine_list_tail->next != NULL)) {
			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
			    ENGINE_R_INTERNAL_LIST_ERROR);
			return 0;
		}
		engine_list_tail->next = e;
		e->prev = engine_list_tail;
	}
	/* Having the engine in the list assumes a structural
	 * reference. */







<
|








<
|





<
|











<
|







101
102
103
104
105
106
107

108
109
110
111
112
113
114
115
116

117
118
119
120
121
122

123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
static int
engine_list_add(ENGINE *e)
{
	int conflict = 0;
	ENGINE *iterator = NULL;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	iterator = engine_list_head;
	while (iterator && !conflict) {
		conflict = (strcmp(iterator->id, e->id) == 0);
		iterator = iterator->next;
	}
	if (conflict) {

		ENGINEerror(ENGINE_R_CONFLICTING_ENGINE_ID);
		return 0;
	}
	if (engine_list_head == NULL) {
		/* We are adding to an empty list. */
		if (engine_list_tail) {

			ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
			return 0;
		}
		engine_list_head = e;
		e->prev = NULL;
		/* The first time the list allocates, we should register the
		 * cleanup. */
		engine_cleanup_add_last(engine_list_cleanup);
	} else {
		/* We are adding to the tail of an existing list. */
		if ((engine_list_tail == NULL) ||
		    (engine_list_tail->next != NULL)) {

			ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
			return 0;
		}
		engine_list_tail->next = e;
		e->prev = engine_list_tail;
	}
	/* Having the engine in the list assumes a structural
	 * reference. */
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

static int
engine_list_remove(ENGINE *e)
{
	ENGINE *iterator;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	/* We need to check that e is in our linked list! */
	iterator = engine_list_head;
	while (iterator && (iterator != e))
		iterator = iterator->next;
	if (iterator == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
		    ENGINE_R_ENGINE_IS_NOT_IN_LIST);
		return 0;
	}
	/* un-link e from the chain. */
	if (e->next)
		e->next->prev = e->prev;
	if (e->prev)
		e->prev->next = e->next;







<
|







<
|







150
151
152
153
154
155
156

157
158
159
160
161
162
163
164

165
166
167
168
169
170
171
172

static int
engine_list_remove(ENGINE *e)
{
	ENGINE *iterator;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	/* We need to check that e is in our linked list! */
	iterator = engine_list_head;
	while (iterator && (iterator != e))
		iterator = iterator->next;
	if (iterator == NULL) {

		ENGINEerror(ENGINE_R_ENGINE_IS_NOT_IN_LIST);
		return 0;
	}
	/* un-link e from the chain. */
	if (e->next)
		e->next->prev = e->prev;
	if (e->prev)
		e->prev->next = e->next;
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *
ENGINE_get_next(ENGINE *e)
{
	ENGINE *ret = NULL;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ret = e->next;
	if (ret) {
		/* Return a valid structural refernce to the next ENGINE */
		ret->struct_ref++;







<
|







213
214
215
216
217
218
219

220
221
222
223
224
225
226
227
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *
ENGINE_get_next(ENGINE *e)
{
	ENGINE *ret = NULL;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ret = e->next;
	if (ret) {
		/* Return a valid structural refernce to the next ENGINE */
		ret->struct_ref++;
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257

ENGINE *
ENGINE_get_prev(ENGINE *e)
{
	ENGINE *ret = NULL;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ret = e->prev;
	if (ret) {
		/* Return a valid structural reference to the next ENGINE */
		ret->struct_ref++;







<
|







235
236
237
238
239
240
241

242
243
244
245
246
247
248
249

ENGINE *
ENGINE_get_prev(ENGINE *e)
{
	ENGINE *ret = NULL;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	ret = e->prev;
	if (ret) {
		/* Return a valid structural reference to the next ENGINE */
		ret->struct_ref++;
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
/* Add another "ENGINE" type into the list. */
int
ENGINE_add(ENGINE *e)
{
	int to_return = 1;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_ADD,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((e->id == NULL) || (e->name == NULL)) {
		ENGINEerr(ENGINE_F_ENGINE_ADD,
		    ENGINE_R_ID_OR_NAME_MISSING);
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (!engine_list_add(e)) {
		ENGINEerr(ENGINE_F_ENGINE_ADD,
		    ENGINE_R_INTERNAL_LIST_ERROR);
		to_return = 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	return to_return;
}

/* Remove an existing "ENGINE" type from the array. */
int
ENGINE_remove(ENGINE *e)
{
	int to_return = 1;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (!engine_list_remove(e)) {
		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
		    ENGINE_R_INTERNAL_LIST_ERROR);
		to_return = 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	return to_return;
}

static void







<
|



<
|



<
|













<
|




<
|







258
259
260
261
262
263
264

265
266
267
268

269
270
271
272

273
274
275
276
277
278
279
280
281
282
283
284
285
286

287
288
289
290
291

292
293
294
295
296
297
298
299
/* Add another "ENGINE" type into the list. */
int
ENGINE_add(ENGINE *e)
{
	int to_return = 1;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if ((e->id == NULL) || (e->name == NULL)) {

		ENGINEerror(ENGINE_R_ID_OR_NAME_MISSING);
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (!engine_list_add(e)) {

		ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
		to_return = 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	return to_return;
}

/* Remove an existing "ENGINE" type from the array. */
int
ENGINE_remove(ENGINE *e)
{
	int to_return = 1;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (!engine_list_remove(e)) {

		ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
		to_return = 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	return to_return;
}

static void
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361

ENGINE *
ENGINE_by_id(const char *id)
{
	ENGINE *iterator;

	if (id == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
		    ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	iterator = engine_list_head;
	while (iterator && (strcmp(id, iterator->id) != 0))
		iterator = iterator->next;
	if (iterator) {







<
|







333
334
335
336
337
338
339

340
341
342
343
344
345
346
347

ENGINE *
ENGINE_by_id(const char *id)
{
	ENGINE *iterator;

	if (id == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return NULL;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	iterator = engine_list_head;
	while (iterator && (strcmp(id, iterator->id) != 0))
		iterator = iterator->next;
	if (iterator) {
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
			iterator->struct_ref++;
			engine_ref_debug(iterator, 0, 1)
		}
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

	if (iterator == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
		ERR_asprintf_error_data("id=%s", id);
	}
	return iterator;
}

int
ENGINE_up_ref(ENGINE *e)
{
	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
	return 1;
}







|









|





360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
			iterator->struct_ref++;
			engine_ref_debug(iterator, 0, 1)
		}
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

	if (iterator == NULL) {
		ENGINEerror(ENGINE_R_NO_SUCH_ENGINE);
		ERR_asprintf_error_data("id=%s", id);
	}
	return iterator;
}

int
ENGINE_up_ref(ENGINE *e)
{
	if (e == NULL) {
		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
	return 1;
}
Changes to jni/libressl/crypto/engine/eng_openssl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_openssl.c,v 1.11 2015/08/28 01:06:09 beck Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_openssl.c,v 1.12 2015/12/07 03:30:09 bcook Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/engine/eng_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_pkey.c,v 1.5 2014/06/22 12:05:09 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_pkey.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
EVP_PKEY *
ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
    void *callback_data)
{
	EVP_PKEY *pkey;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (e->funct_ref == 0) {
		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
		    ENGINE_R_NOT_INITIALISED);
		return 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!e->load_privkey) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
		    ENGINE_R_NO_LOAD_FUNCTION);
		return 0;
	}
	pkey = e->load_privkey(e, key_id, ui_method, callback_data);
	if (!pkey) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
		    ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
		return 0;
	}
	return pkey;
}

EVP_PKEY *
ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
    void *callback_data)
{
	EVP_PKEY *pkey;

	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (e->funct_ref == 0) {
		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
		    ENGINE_R_NOT_INITIALISED);
		return 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!e->load_pubkey) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
		    ENGINE_R_NO_LOAD_FUNCTION);
		return 0;
	}
	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
	if (!pkey) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
		    ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
		return 0;
	}
	return pkey;
}

int
ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
    X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother,
    UI_METHOD *ui_method, void *callback_data)
{
	if (e == NULL) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (e->funct_ref == 0) {
		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
		    ENGINE_R_NOT_INITIALISED);
		return 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!e->load_ssl_client_cert) {
		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
		    ENGINE_R_NO_LOAD_FUNCTION);
		return 0;
	}
	return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
	    ui_method, callback_data);
}







<
|





<
|




<
|




<
|












<
|





<
|




<
|




<
|











<
|





<
|




<
|





104
105
106
107
108
109
110

111
112
113
114
115
116

117
118
119
120
121

122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139

140
141
142
143
144
145

146
147
148
149
150

151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167

168
169
170
171
172
173

174
175
176
177
178

179
180
181
182
183
184
EVP_PKEY *
ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
    void *callback_data)
{
	EVP_PKEY *pkey;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (e->funct_ref == 0) {
		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

		ENGINEerror(ENGINE_R_NOT_INITIALISED);
		return 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!e->load_privkey) {

		ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
		return 0;
	}
	pkey = e->load_privkey(e, key_id, ui_method, callback_data);
	if (!pkey) {

		ENGINEerror(ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
		return 0;
	}
	return pkey;
}

EVP_PKEY *
ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
    void *callback_data)
{
	EVP_PKEY *pkey;

	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (e->funct_ref == 0) {
		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

		ENGINEerror(ENGINE_R_NOT_INITIALISED);
		return 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!e->load_pubkey) {

		ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
		return 0;
	}
	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
	if (!pkey) {

		ENGINEerror(ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
		return 0;
	}
	return pkey;
}

int
ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
    X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother,
    UI_METHOD *ui_method, void *callback_data)
{
	if (e == NULL) {

		ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
	if (e->funct_ref == 0) {
		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

		ENGINEerror(ENGINE_R_NOT_INITIALISED);
		return 0;
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
	if (!e->load_ssl_client_cert) {

		ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
		return 0;
	}
	return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
	    ui_method, callback_data);
}
Changes to jni/libressl/crypto/engine/eng_table.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: eng_table.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: eng_table.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
		/* if 'setdefault', this ENGINE goes to the head of the list */
		if (!sk_ENGINE_push(fnd->sk, e))
			goto end;
		/* "touch" this ENGINE_PILE */
		fnd->uptodate = 0;
		if (setdefault) {
			if (!engine_unlocked_init(e)) {
				ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
				    ENGINE_R_INIT_FAILED);
				goto end;
			}
			if (fnd->funct)
				engine_unlocked_finish(fnd->funct, 0);
			fnd->funct = e;
			fnd->uptodate = 1;
		}







<
|







168
169
170
171
172
173
174

175
176
177
178
179
180
181
182
		/* if 'setdefault', this ENGINE goes to the head of the list */
		if (!sk_ENGINE_push(fnd->sk, e))
			goto end;
		/* "touch" this ENGINE_PILE */
		fnd->uptodate = 0;
		if (setdefault) {
			if (!engine_unlocked_init(e)) {

				ENGINEerror(ENGINE_R_INIT_FAILED);
				goto end;
			}
			if (fnd->funct)
				engine_unlocked_finish(fnd->funct, 0);
			fnd->funct = e;
			fnd->uptodate = 1;
		}
Changes to jni/libressl/crypto/engine/tb_asnmth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tb_asnmth.c,v 1.4 2014/07/10 13:58:22 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_asnmth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
const EVP_PKEY_ASN1_METHOD *
ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
{
	EVP_PKEY_ASN1_METHOD *ret;
	ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {
		ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
		    ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
		return NULL;
	}
	return ret;
}

/* Gets the pkey_asn1_meth callback from an ENGINE structure */
ENGINE_PKEY_ASN1_METHS_PTR







<
|







131
132
133
134
135
136
137

138
139
140
141
142
143
144
145
const EVP_PKEY_ASN1_METHOD *
ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
{
	EVP_PKEY_ASN1_METHOD *ret;
	ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {

		ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
		return NULL;
	}
	return ret;
}

/* Gets the pkey_asn1_meth callback from an ENGINE structure */
ENGINE_PKEY_ASN1_METHS_PTR
Changes to jni/libressl/crypto/engine/tb_cipher.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tb_cipher.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_cipher.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
const EVP_CIPHER *
ENGINE_get_cipher(ENGINE *e, int nid)
{
	const EVP_CIPHER *ret;
	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {
		ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
		    ENGINE_R_UNIMPLEMENTED_CIPHER);
		return NULL;
	}
	return ret;
}

/* Gets the cipher callback from an ENGINE structure */
ENGINE_CIPHERS_PTR







<
|







126
127
128
129
130
131
132

133
134
135
136
137
138
139
140
const EVP_CIPHER *
ENGINE_get_cipher(ENGINE *e, int nid)
{
	const EVP_CIPHER *ret;
	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {

		ENGINEerror(ENGINE_R_UNIMPLEMENTED_CIPHER);
		return NULL;
	}
	return ret;
}

/* Gets the cipher callback from an ENGINE structure */
ENGINE_CIPHERS_PTR
Changes to jni/libressl/crypto/engine/tb_dh.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_dh.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/engine/tb_digest.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tb_digest.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_digest.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
const EVP_MD *
ENGINE_get_digest(ENGINE *e, int nid)
{
	const EVP_MD *ret;
	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {
		ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
		    ENGINE_R_UNIMPLEMENTED_DIGEST);
		return NULL;
	}
	return ret;
}

/* Gets the digest callback from an ENGINE structure */
ENGINE_DIGESTS_PTR







<
|







126
127
128
129
130
131
132

133
134
135
136
137
138
139
140
const EVP_MD *
ENGINE_get_digest(ENGINE *e, int nid)
{
	const EVP_MD *ret;
	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {

		ENGINEerror(ENGINE_R_UNIMPLEMENTED_DIGEST);
		return NULL;
	}
	return ret;
}

/* Gets the digest callback from an ENGINE structure */
ENGINE_DIGESTS_PTR
Changes to jni/libressl/crypto/engine/tb_dsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_dsa.c,v 1.7 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/engine/tb_ecdh.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_ecdh.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
Changes to jni/libressl/crypto/engine/tb_ecdsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_ecdsa.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/engine/tb_pkmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tb_pkmeth.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_pkmeth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
const EVP_PKEY_METHOD *
ENGINE_get_pkey_meth(ENGINE *e, int nid)
{
	EVP_PKEY_METHOD *ret;
	ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {
		ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
		    ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
		return NULL;
	}
	return ret;
}

/* Gets the pkey_meth callback from an ENGINE structure */
ENGINE_PKEY_METHS_PTR







<
|







127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
const EVP_PKEY_METHOD *
ENGINE_get_pkey_meth(ENGINE *e, int nid)
{
	EVP_PKEY_METHOD *ret;
	ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);

	if (!fn || !fn(e, &ret, NULL, nid)) {

		ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
		return NULL;
	}
	return ret;
}

/* Gets the pkey_meth callback from an ENGINE structure */
ENGINE_PKEY_METHS_PTR
Changes to jni/libressl/crypto/engine/tb_rand.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_rand.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/engine/tb_rsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_rsa.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/engine/tb_store.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tb_store.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tb_store.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/err/err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: err.c,v 1.40 2014/10/05 15:21:48 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: err.c,v 1.45 2017/02/20 23:21:19 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
/* SYS_str_reasons is filled with copies of strerror() results at
 * initialization.
 * 'errno' values up to 127 should cover all usual errors,
 * others will be displayed numerically by ERR_error_string.
 * It is crucial that we have something for each reason code
 * that occurs in ERR_str_reasons, or bogus reason strings
 * will be returned for SYSerr(), which always gets an errno
 * value and never one of those 'standard' reason codes. */

static void
build_SYS_str_reasons(void)
{
	/* malloc cannot be used here, use static storage instead */
	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];







|







562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
/* SYS_str_reasons is filled with copies of strerror() results at
 * initialization.
 * 'errno' values up to 127 should cover all usual errors,
 * others will be displayed numerically by ERR_error_string.
 * It is crucial that we have something for each reason code
 * that occurs in ERR_str_reasons, or bogus reason strings
 * will be returned for SYSerror(which always gets an errno
 * value and never one of those 'standard' reason codes. */

static void
build_SYS_str_reasons(void)
{
	/* malloc cannot be used here, use static storage instead */
	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122









1123
1124
1125
1126
1127
1128
1129
	r = vasprintf(&errbuf, format, ap);
	va_end(ap);
	if (r == -1)
		ERR_set_error_data("malloc failed", ERR_TXT_STRING);
	else
		ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING);
}
void
ERR_add_error_data(int num, ...)
{
	va_list args;
	va_start(args, num);
	ERR_add_error_vdata(num, args);
	va_end(args);
}

void
ERR_add_error_vdata(int num, va_list args)
{
	char format[129];
	char *errbuf;
	int i;

	format[0] = '\0';
	for (i = 0; i < num; i++) {
		if (strlcat(format, "%s", sizeof(format)) >= sizeof(format)) {
			ERR_set_error_data("too many errors", ERR_TXT_STRING);
			return;
		}
	}
	if (vasprintf(&errbuf, format, args) == -1)
		ERR_set_error_data("malloc failed", ERR_TXT_STRING);
	else
		ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING);
}










int
ERR_set_mark(void)
{
	ERR_STATE *es;

	es = ERR_get_state();







<
<
<
<
<
<
<
<




















>
>
>
>
>
>
>
>
>







1088
1089
1090
1091
1092
1093
1094








1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
	r = vasprintf(&errbuf, format, ap);
	va_end(ap);
	if (r == -1)
		ERR_set_error_data("malloc failed", ERR_TXT_STRING);
	else
		ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING);
}









void
ERR_add_error_vdata(int num, va_list args)
{
	char format[129];
	char *errbuf;
	int i;

	format[0] = '\0';
	for (i = 0; i < num; i++) {
		if (strlcat(format, "%s", sizeof(format)) >= sizeof(format)) {
			ERR_set_error_data("too many errors", ERR_TXT_STRING);
			return;
		}
	}
	if (vasprintf(&errbuf, format, args) == -1)
		ERR_set_error_data("malloc failed", ERR_TXT_STRING);
	else
		ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING);
}

void
ERR_add_error_data(int num, ...)
{
	va_list args;
	va_start(args, num);
	ERR_add_error_vdata(num, args);
	va_end(args);
}

int
ERR_set_mark(void)
{
	ERR_STATE *es;

	es = ERR_get_state();
Changes to jni/libressl/crypto/err/err_all.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: err_all.c,v 1.21 2015/02/11 03:55:42 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: err_all.c,v 1.23 2016/10/19 16:49:11 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/ts.h>
#include <openssl/ui.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>

#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_EC







<
<
<







74
75
76
77
78
79
80



81
82
83
84
85
86
87
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/ts.h>
#include <openssl/ui.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>




#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_EC
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
	ERR_load_DSO_strings();
	ERR_load_TS_strings();
#ifndef OPENSSL_NO_ENGINE
	ERR_load_ENGINE_strings();
#endif
	ERR_load_OCSP_strings();
	ERR_load_UI_strings();
#ifndef OPENSSL_NO_CMS
	ERR_load_CMS_strings();
#endif
#ifndef OPENSSL_NO_GOST
	ERR_load_GOST_strings();
#endif
#endif
}







<
<
<





144
145
146
147
148
149
150



151
152
153
154
155
	ERR_load_DSO_strings();
	ERR_load_TS_strings();
#ifndef OPENSSL_NO_ENGINE
	ERR_load_ENGINE_strings();
#endif
	ERR_load_OCSP_strings();
	ERR_load_UI_strings();



#ifndef OPENSSL_NO_GOST
	ERR_load_GOST_strings();
#endif
#endif
}
Changes to jni/libressl/crypto/err/err_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: err_prn.c,v 1.15 2014/07/10 13:58:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: err_prn.c,v 1.18 2017/02/07 15:52:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/bio_b64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_b64.c,v 1.19 2014/07/11 12:04:46 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_b64.c,v 1.20 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/bio_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_enc.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_enc.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/bio_md.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_md.c,v 1.13 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_md.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/c_all.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: c_all.c,v 1.19 2015/09/13 23:36:21 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: c_all.c,v 1.21 2017/03/01 13:53:58 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
230
231
232
233
234
235
236

237
238
239
240
241
242
243
{
#ifndef OPENSSL_NO_MD4
	EVP_add_digest(EVP_md4());
#endif

#ifndef OPENSSL_NO_MD5
	EVP_add_digest(EVP_md5());

	EVP_add_digest_alias(SN_md5, "ssl2-md5");
	EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif

#if !defined(OPENSSL_NO_SHA)
#ifndef OPENSSL_NO_DSA
	EVP_add_digest(EVP_dss());







>







230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
{
#ifndef OPENSSL_NO_MD4
	EVP_add_digest(EVP_md4());
#endif

#ifndef OPENSSL_NO_MD5
	EVP_add_digest(EVP_md5());
	EVP_add_digest(EVP_md5_sha1());
	EVP_add_digest_alias(SN_md5, "ssl2-md5");
	EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif

#if !defined(OPENSSL_NO_SHA)
#ifndef OPENSSL_NO_DSA
	EVP_add_digest(EVP_dss());
Changes to jni/libressl/crypto/evp/digest.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: digest.c,v 1.25 2015/02/10 09:52:35 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: digest.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
		/* Ensure an ENGINE left lying around from last time is cleared
		 * (the previous check attempted to avoid this if the same
		 * ENGINE and EVP_MD could be used). */
		if (ctx->engine)
			ENGINE_finish(ctx->engine);
		if (impl) {
			if (!ENGINE_init(impl)) {
				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
				    EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
		} else
			/* Ask if an ENGINE is reserved for this job */
			impl = ENGINE_get_digest_engine(type->type);
		if (impl) {
			/* There's an ENGINE for this job ... (apparently) */
			const EVP_MD *d = ENGINE_get_digest(impl, type->type);
			if (!d) {
				/* Same comment from evp_enc.c */
				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
				    EVP_R_INITIALIZATION_ERROR);
				ENGINE_finish(impl);
				return 0;
			}
			/* We'll use the ENGINE's private digest definition */
			type = d;
			/* Store the ENGINE functional reference so we know
			 * 'type' came from an ENGINE and we need to release
			 * it when done. */
			ctx->engine = impl;
		} else
			ctx->engine = NULL;
	} else if (!ctx->digest) {
		EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
		return 0;
	}
#endif
	if (ctx->digest != type) {
		if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
		    !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
			explicit_bzero(ctx->md_data, ctx->digest->ctx_size);
			free(ctx->md_data);
			ctx->md_data = NULL;
		}
		ctx->digest = type;
		if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
			ctx->update = type->update;
			ctx->md_data = malloc(type->ctx_size);
			if (ctx->md_data == NULL) {
				EVP_PKEY_CTX_free(ctx->pctx);
				ctx->pctx = NULL;
				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
				    ERR_R_MALLOC_FAILURE);
				return 0;
			}
		}
	}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif







<
|










<
|












|

















<
|







158
159
160
161
162
163
164

165
166
167
168
169
170
171
172
173
174
175

176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

207
208
209
210
211
212
213
214
		/* Ensure an ENGINE left lying around from last time is cleared
		 * (the previous check attempted to avoid this if the same
		 * ENGINE and EVP_MD could be used). */
		if (ctx->engine)
			ENGINE_finish(ctx->engine);
		if (impl) {
			if (!ENGINE_init(impl)) {

				EVPerror(EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
		} else
			/* Ask if an ENGINE is reserved for this job */
			impl = ENGINE_get_digest_engine(type->type);
		if (impl) {
			/* There's an ENGINE for this job ... (apparently) */
			const EVP_MD *d = ENGINE_get_digest(impl, type->type);
			if (!d) {
				/* Same comment from evp_enc.c */

				EVPerror(EVP_R_INITIALIZATION_ERROR);
				ENGINE_finish(impl);
				return 0;
			}
			/* We'll use the ENGINE's private digest definition */
			type = d;
			/* Store the ENGINE functional reference so we know
			 * 'type' came from an ENGINE and we need to release
			 * it when done. */
			ctx->engine = impl;
		} else
			ctx->engine = NULL;
	} else if (!ctx->digest) {
		EVPerror(EVP_R_NO_DIGEST_SET);
		return 0;
	}
#endif
	if (ctx->digest != type) {
		if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
		    !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
			explicit_bzero(ctx->md_data, ctx->digest->ctx_size);
			free(ctx->md_data);
			ctx->md_data = NULL;
		}
		ctx->digest = type;
		if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
			ctx->update = type->update;
			ctx->md_data = malloc(type->ctx_size);
			if (ctx->md_data == NULL) {
				EVP_PKEY_CTX_free(ctx->pctx);
				ctx->pctx = NULL;

				EVPerror(ERR_R_MALLOC_FAILURE);
				return 0;
			}
		}
	}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
/* The caller can assume that this removes any secret data from the context */
int
EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
	int ret;

	if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) {
		EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_TOO_LARGE);
		return 0;
	}
	ret = ctx->digest->final(ctx, md);
	if (size != NULL)
		*size = ctx->digest->md_size;
	if (ctx->digest->cleanup) {
		ctx->digest->cleanup(ctx);







|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
/* The caller can assume that this removes any secret data from the context */
int
EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
	int ret;

	if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) {
		EVPerror(EVP_R_TOO_LARGE);
		return 0;
	}
	ret = ctx->digest->final(ctx, md);
	if (size != NULL)
		*size = ctx->digest->md_size;
	if (ctx->digest->cleanup) {
		ctx->digest->cleanup(ctx);
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314

int
EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
	unsigned char *tmp_buf;

	if ((in == NULL) || (in->digest == NULL)) {
		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
		return 0;
	}
#ifndef OPENSSL_NO_ENGINE
	/* Make sure it's safe to copy a digest context using an ENGINE */
	if (in->engine && !ENGINE_init(in->engine)) {
		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
		return 0;
	}
#endif

	if (out->digest == in->digest) {
		tmp_buf = out->md_data;
		EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
	} else
		tmp_buf = NULL;
	EVP_MD_CTX_cleanup(out);
	memcpy(out, in, sizeof *out);

	if (in->md_data && out->digest->ctx_size) {
		if (tmp_buf)
			out->md_data = tmp_buf;
		else {
			out->md_data = malloc(out->digest->ctx_size);
			if (!out->md_data) {
				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,
				    ERR_R_MALLOC_FAILURE);
				return 0;
			}
		}
		memcpy(out->md_data, in->md_data, out->digest->ctx_size);
	}

	out->update = in->update;







|





|


















<
|







271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302

303
304
305
306
307
308
309
310

int
EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
	unsigned char *tmp_buf;

	if ((in == NULL) || (in->digest == NULL)) {
		EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
		return 0;
	}
#ifndef OPENSSL_NO_ENGINE
	/* Make sure it's safe to copy a digest context using an ENGINE */
	if (in->engine && !ENGINE_init(in->engine)) {
		EVPerror(ERR_R_ENGINE_LIB);
		return 0;
	}
#endif

	if (out->digest == in->digest) {
		tmp_buf = out->md_data;
		EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
	} else
		tmp_buf = NULL;
	EVP_MD_CTX_cleanup(out);
	memcpy(out, in, sizeof *out);

	if (in->md_data && out->digest->ctx_size) {
		if (tmp_buf)
			out->md_data = tmp_buf;
		else {
			out->md_data = malloc(out->digest->ctx_size);
			if (!out->md_data) {

				EVPerror(ERR_R_MALLOC_FAILURE);
				return 0;
			}
		}
		memcpy(out->md_data, in->md_data, out->digest->ctx_size);
	}

	out->update = in->update;
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405

int
EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
{
	int ret;

	if (!ctx->digest) {
		EVPerr(EVP_F_EVP_MD_CTX_CTRL, EVP_R_NO_CIPHER_SET);
		return 0;
	}

	if (!ctx->digest->md_ctrl) {
		EVPerr(EVP_F_EVP_MD_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
		return 0;
	}

	ret = ctx->digest->md_ctrl(ctx, type, arg, ptr);
	if (ret == -1) {
		EVPerr(EVP_F_EVP_MD_CTX_CTRL,
		    EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
		return 0;
	}
	return ret;
}







|




|





<
|




378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395

396
397
398
399
400

int
EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
{
	int ret;

	if (!ctx->digest) {
		EVPerror(EVP_R_NO_CIPHER_SET);
		return 0;
	}

	if (!ctx->digest->md_ctrl) {
		EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
		return 0;
	}

	ret = ctx->digest->md_ctrl(ctx, type, arg, ptr);
	if (ret == -1) {

		EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
		return 0;
	}
	return ret;
}
Changes to jni/libressl/crypto/evp/e_aes.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_aes.c,v 1.33 2017/01/31 13:17:21 inoguchi Exp $ */
/* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#ifdef AES_XTS_ASM
void AES_xts_encrypt(const char *inp, char *out, size_t len,
    const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
void AES_xts_decrypt(const char *inp, char *out, size_t len,
    const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
#endif

#if	defined(AES_ASM) && !defined(I386_ONLY) &&	(  \
	((defined(__i386)	|| defined(__i386__)	|| \
	  defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
	defined(__x86_64)	|| defined(__x86_64__)	|| \
	defined(_M_AMD64)	|| defined(_M_X64)	|| \
	defined(__INTEL__)				)

extern unsigned int OPENSSL_ia32cap_P[2];

#ifdef VPAES_ASM
#define VPAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
#endif
#ifdef BSAES_ASM
#define BSAES_CAPABLE	VPAES_CAPABLE
#endif
/*
 * AES-NI section
 */
#define	AESNI_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(57-32)))

int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
    AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
    AES_KEY *key);

void aesni_encrypt(const unsigned char *in, unsigned char *out,







|






|


|







|







139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#ifdef AES_XTS_ASM
void AES_xts_encrypt(const char *inp, char *out, size_t len,
    const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
void AES_xts_decrypt(const char *inp, char *out, size_t len,
    const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
#endif

#if	defined(AES_ASM) &&				(  \
	((defined(__i386)	|| defined(__i386__)	|| \
	  defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
	defined(__x86_64)	|| defined(__x86_64__)	|| \
	defined(_M_AMD64)	|| defined(_M_X64)	|| \
	defined(__INTEL__)				)

#include "x86_arch.h"

#ifdef VPAES_ASM
#define VPAES_CAPABLE	(OPENSSL_cpu_caps() & CPUCAP_MASK_SSSE3)
#endif
#ifdef BSAES_ASM
#define BSAES_CAPABLE	VPAES_CAPABLE
#endif
/*
 * AES-NI section
 */
#define	AESNI_CAPABLE	(OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI)

int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
    AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
    AES_KEY *key);

void aesni_encrypt(const unsigned char *in, unsigned char *out,
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
		else if (mode == EVP_CIPH_CTR_MODE)
			dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
		else
			dat->stream.cbc = NULL;
	}

	if (ret < 0) {
		EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
		return 0;
	}

	return 1;
}

static int







|







221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
		else if (mode == EVP_CIPH_CTR_MODE)
			dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
		else
			dat->stream.cbc = NULL;
	}

	if (ret < 0) {
		EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
		return 0;
	}

	return 1;
}

static int
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
#ifdef AES_CTR_ASM
			if (mode == EVP_CIPH_CTR_MODE)
				dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
#endif
		}

	if (ret < 0) {
		EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
		return 0;
	}

	return 1;
}

static int







|







559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
#ifdef AES_CTR_ASM
			if (mode == EVP_CIPH_CTR_MODE)
				dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
#endif
		}

	if (ret < 0) {
		EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
		return 0;
	}

	return 1;
}

static int
803
804
805
806
807
808
809


810
811
812
813


814

815
816
817
818
819
820
821
		memcpy(c->buf, ptr, arg);
		gctx->tls_aad_len = arg;
		{
			unsigned int len = c->buf[arg - 2] << 8 |
			    c->buf[arg - 1];

			/* Correct length for explicit IV */


			len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;

			/* If decrypting correct for tag too */
			if (!c->encrypt)


				len -= EVP_GCM_TLS_TAG_LEN;

			c->buf[arg - 2] = len >> 8;
			c->buf[arg - 1] = len & 0xff;
		}
		/* Extra padding: tag appended to record */
		return EVP_GCM_TLS_TAG_LEN;

	case EVP_CTRL_COPY:







>
>



|
>
>

>







803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
		memcpy(c->buf, ptr, arg);
		gctx->tls_aad_len = arg;
		{
			unsigned int len = c->buf[arg - 2] << 8 |
			    c->buf[arg - 1];

			/* Correct length for explicit IV */
			if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
				return 0;
			len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;

			/* If decrypting correct for tag too */
			if (!c->encrypt) {
				if (len < EVP_GCM_TLS_TAG_LEN)
					return 0;
				len -= EVP_GCM_TLS_TAG_LEN;
			}
			c->buf[arg - 2] = len >> 8;
			c->buf[arg - 1] = len & 0xff;
		}
		/* Extra padding: tag appended to record */
		return EVP_GCM_TLS_TAG_LEN;

	case EVP_CTRL_COPY:
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
    size_t tag_len)
{
	struct aead_aes_gcm_ctx *gcm_ctx;
	const size_t key_bits = key_len * 8;

	/* EVP_AEAD_CTX_init should catch this. */
	if (key_bits != 128 && key_bits != 256) {
		EVPerr(EVP_F_AEAD_AES_GCM_INIT, EVP_R_BAD_KEY_LENGTH);
		return 0;
	}

	if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH)
		tag_len = EVP_AEAD_AES_GCM_TAG_LEN;

	if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
		EVPerr(EVP_F_AEAD_AES_GCM_INIT, EVP_R_TAG_TOO_LARGE);
		return 0;
	}

	gcm_ctx = malloc(sizeof(struct aead_aes_gcm_ctx));
	if (gcm_ctx == NULL)
		return 0;








|







|







1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
    size_t tag_len)
{
	struct aead_aes_gcm_ctx *gcm_ctx;
	const size_t key_bits = key_len * 8;

	/* EVP_AEAD_CTX_init should catch this. */
	if (key_bits != 128 && key_bits != 256) {
		EVPerror(EVP_R_BAD_KEY_LENGTH);
		return 0;
	}

	if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH)
		tag_len = EVP_AEAD_AES_GCM_TAG_LEN;

	if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
		EVPerror(EVP_R_TAG_TOO_LARGE);
		return 0;
	}

	gcm_ctx = malloc(sizeof(struct aead_aes_gcm_ctx));
	if (gcm_ctx == NULL)
		return 0;

1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
    size_t ad_len)
{
	const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
	GCM128_CONTEXT gcm;
	size_t bulk = 0;

	if (max_out_len < in_len + gcm_ctx->tag_len) {
		EVPerr(EVP_F_AEAD_AES_GCM_SEAL, EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
	CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);

	if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))







|







1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
    size_t ad_len)
{
	const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
	GCM128_CONTEXT gcm;
	size_t bulk = 0;

	if (max_out_len < in_len + gcm_ctx->tag_len) {
		EVPerror(EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
	CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);

	if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
	const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
	unsigned char tag[EVP_AEAD_AES_GCM_TAG_LEN];
	GCM128_CONTEXT gcm;
	size_t plaintext_len;
	size_t bulk = 0;

	if (in_len < gcm_ctx->tag_len) {
		EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
		return 0;
	}

	plaintext_len = in_len - gcm_ctx->tag_len;

	if (max_out_len < plaintext_len) {
		EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
	CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);

	if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))







|






|







1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
	const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
	unsigned char tag[EVP_AEAD_AES_GCM_TAG_LEN];
	GCM128_CONTEXT gcm;
	size_t plaintext_len;
	size_t bulk = 0;

	if (in_len < gcm_ctx->tag_len) {
		EVPerror(EVP_R_BAD_DECRYPT);
		return 0;
	}

	plaintext_len = in_len - gcm_ctx->tag_len;

	if (max_out_len < plaintext_len) {
		EVPerror(EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
	CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);

	if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
		if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
		    in_len - bulk - gcm_ctx->tag_len))
			return 0;
	}

	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
	if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
		EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
		return 0;
	}

	*out_len = plaintext_len;

	return 1;
}







|







1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
		if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
		    in_len - bulk - gcm_ctx->tag_len))
			return 0;
	}

	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
	if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
		EVPerror(EVP_R_BAD_DECRYPT);
		return 0;
	}

	*out_len = plaintext_len;

	return 1;
}
Changes to jni/libressl/crypto/evp/e_aes_cbc_hmac_sha1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */
/* ====================================================================
 * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.14 2016/11/05 10:47:57 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
#include "evp_locl.h"
#include "constant_time_locl.h"

#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
#define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
#define EVP_CTRL_AEAD_TLS1_AAD		0x16
#define EVP_CTRL_AEAD_SET_MAC_KEY	0x17
#endif

#define TLS1_1_VERSION 0x0302

typedef struct {
	AES_KEY		ks;
	SHA_CTX		head, tail, md;
	size_t		payload_length;	/* AAD length in decrypt case */
	union {
		unsigned int	tls_ver;
		unsigned char	tls_aad[16];	/* 13 used */
	} aux;
} EVP_AES_HMAC_SHA1;

#define NO_PAYLOAD_LENGTH	((size_t)-1)

#if	defined(AES_ASM) &&	( \
	defined(__x86_64)	|| defined(__x86_64__)	|| \
	defined(_M_AMD64)	|| defined(_M_X64)	|| \
	defined(__INTEL__)	)



#if defined(__GNUC__) && __GNUC__>=2
# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
#endif

extern unsigned int OPENSSL_ia32cap_P[2];
#define AESNI_CAPABLE   (1<<(57-32))

int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);

void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);

void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks,







<
<
<
<
<
<


















>
>





<
<
<







58
59
60
61
62
63
64






65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89



90
91
92
93
94
95
96
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
#include "evp_locl.h"
#include "constant_time_locl.h"







#define TLS1_1_VERSION 0x0302

typedef struct {
	AES_KEY		ks;
	SHA_CTX		head, tail, md;
	size_t		payload_length;	/* AAD length in decrypt case */
	union {
		unsigned int	tls_ver;
		unsigned char	tls_aad[16];	/* 13 used */
	} aux;
} EVP_AES_HMAC_SHA1;

#define NO_PAYLOAD_LENGTH	((size_t)-1)

#if	defined(AES_ASM) &&	( \
	defined(__x86_64)	|| defined(__x86_64__)	|| \
	defined(_M_AMD64)	|| defined(_M_X64)	|| \
	defined(__INTEL__)	)

#include "x86_arch.h"

#if defined(__GNUC__) && __GNUC__>=2
# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
#endif




int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);

void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);

void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks,
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
	.ctx_size = sizeof(EVP_AES_HMAC_SHA1),
	.ctrl = aesni_cbc_hmac_sha1_ctrl
};

const EVP_CIPHER *
EVP_aes_128_cbc_hmac_sha1(void)
{
	return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
	    &aesni_128_cbc_hmac_sha1_cipher : NULL;
}

const EVP_CIPHER *
EVP_aes_256_cbc_hmac_sha1(void)
{
	return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
	    &aesni_256_cbc_hmac_sha1_cipher : NULL;
}
#else
const EVP_CIPHER *
EVP_aes_128_cbc_hmac_sha1(void)
{
	return NULL;







|






|







567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
	.ctx_size = sizeof(EVP_AES_HMAC_SHA1),
	.ctrl = aesni_cbc_hmac_sha1_ctrl
};

const EVP_CIPHER *
EVP_aes_128_cbc_hmac_sha1(void)
{
	return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ?
	    &aesni_128_cbc_hmac_sha1_cipher : NULL;
}

const EVP_CIPHER *
EVP_aes_256_cbc_hmac_sha1(void)
{
	return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ?
	    &aesni_256_cbc_hmac_sha1_cipher : NULL;
}
#else
const EVP_CIPHER *
EVP_aes_128_cbc_hmac_sha1(void)
{
	return NULL;
Changes to jni/libressl/crypto/evp/e_bf.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_bf.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_bf.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_camellia.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_camellia.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_camellia.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
    const unsigned char *iv, int enc)
{
	int ret;

	ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);

	if (ret < 0) {
		EVPerr(EVP_F_CAMELLIA_INIT_KEY,
		    EVP_R_CAMELLIA_KEY_SETUP_FAILED);
		return 0;
	}

	return 1;
}
#endif







<
|






110
111
112
113
114
115
116

117
118
119
120
121
122
123
    const unsigned char *iv, int enc)
{
	int ret;

	ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);

	if (ret < 0) {

		EVPerror(EVP_R_CAMELLIA_KEY_SETUP_FAILED);
		return 0;
	}

	return 1;
}
#endif
Changes to jni/libressl/crypto/evp/e_cast.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_cast.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_cast.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_chacha.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_chacha.c,v 1.4 2014/07/10 22:45:57 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_chacha.c,v 1.5 2014/08/04 04:16:11 miod Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/evp/e_chacha20poly1305.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */

/*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_chacha20poly1305.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */

/*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
	struct aead_chacha20_poly1305_ctx *c20_ctx;

	if (tag_len == 0)
		tag_len = POLY1305_TAG_LEN;

	if (tag_len > POLY1305_TAG_LEN) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_INIT, EVP_R_TOO_LARGE);
		return 0;
	}

	/* Internal error - EVP_AEAD_CTX_init should catch this. */
	if (key_len != sizeof(c20_ctx->key))
		return 0;








|







55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
	struct aead_chacha20_poly1305_ctx *c20_ctx;

	if (tag_len == 0)
		tag_len = POLY1305_TAG_LEN;

	if (tag_len > POLY1305_TAG_LEN) {
		EVPerror(EVP_R_TOO_LARGE);
		return 0;
	}

	/* Internal error - EVP_AEAD_CTX_init should catch this. */
	if (key_len != sizeof(c20_ctx->key))
		return 0;

138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
	 * counter into the second counter word. Therefore we disallow
	 * individual operations that work on more than 2TB at a time.
	 * in_len_64 is needed because, on 32-bit platforms, size_t is only
	 * 32-bits and this produces a warning because it's always false.
	 * Casting to uint64_t inside the conditional is not sufficient to stop
	 * the warning. */
	if (in_len_64 >= (1ULL << 32) * 64 - 64) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_TOO_LARGE);
		return 0;
	}

	if (max_out_len < in_len + c20_ctx->tag_len) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL,
		    EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	if (nonce_len != ctx->aead->nonce_len) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_IV_TOO_LARGE);
		return 0;
	}

	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
		/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */

		memset(poly1305_key, 0, sizeof(poly1305_key));







|




<
|




|







138
139
140
141
142
143
144
145
146
147
148
149

150
151
152
153
154
155
156
157
158
159
160
161
162
	 * counter into the second counter word. Therefore we disallow
	 * individual operations that work on more than 2TB at a time.
	 * in_len_64 is needed because, on 32-bit platforms, size_t is only
	 * 32-bits and this produces a warning because it's always false.
	 * Casting to uint64_t inside the conditional is not sufficient to stop
	 * the warning. */
	if (in_len_64 >= (1ULL << 32) * 64 - 64) {
		EVPerror(EVP_R_TOO_LARGE);
		return 0;
	}

	if (max_out_len < in_len + c20_ctx->tag_len) {

		EVPerror(EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	if (nonce_len != ctx->aead->nonce_len) {
		EVPerror(EVP_R_IV_TOO_LARGE);
		return 0;
	}

	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
		/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */

		memset(poly1305_key, 0, sizeof(poly1305_key));
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
	const unsigned char *iv = nonce;
	poly1305_state poly1305;
	const uint64_t in_len_64 = in_len;
	size_t plaintext_len;
	uint64_t ctr = 0;

	if (in_len < c20_ctx->tag_len) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
		return 0;
	}

	/* The underlying ChaCha implementation may not overflow the block
	 * counter into the second counter word. Therefore we disallow
	 * individual operations that work on more than 2TB at a time.
	 * in_len_64 is needed because, on 32-bit platforms, size_t is only
	 * 32-bits and this produces a warning because it's always false.
	 * Casting to uint64_t inside the conditional is not sufficient to stop
	 * the warning. */
	if (in_len_64 >= (1ULL << 32) * 64 - 64) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_TOO_LARGE);
		return 0;
	}

	if (nonce_len != ctx->aead->nonce_len) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_IV_TOO_LARGE);
		return 0;
	}

	plaintext_len = in_len - c20_ctx->tag_len;

	if (max_out_len < plaintext_len) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN,
		    EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
		/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */

		memset(poly1305_key, 0, sizeof(poly1305_key));







|











|




|






<
|







211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241

242
243
244
245
246
247
248
249
	const unsigned char *iv = nonce;
	poly1305_state poly1305;
	const uint64_t in_len_64 = in_len;
	size_t plaintext_len;
	uint64_t ctr = 0;

	if (in_len < c20_ctx->tag_len) {
		EVPerror(EVP_R_BAD_DECRYPT);
		return 0;
	}

	/* The underlying ChaCha implementation may not overflow the block
	 * counter into the second counter word. Therefore we disallow
	 * individual operations that work on more than 2TB at a time.
	 * in_len_64 is needed because, on 32-bit platforms, size_t is only
	 * 32-bits and this produces a warning because it's always false.
	 * Casting to uint64_t inside the conditional is not sufficient to stop
	 * the warning. */
	if (in_len_64 >= (1ULL << 32) * 64 - 64) {
		EVPerror(EVP_R_TOO_LARGE);
		return 0;
	}

	if (nonce_len != ctx->aead->nonce_len) {
		EVPerror(EVP_R_IV_TOO_LARGE);
		return 0;
	}

	plaintext_len = in_len - c20_ctx->tag_len;

	if (max_out_len < plaintext_len) {

		EVPerror(EVP_R_BUFFER_TOO_SMALL);
		return 0;
	}

	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
		/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */

		memset(poly1305_key, 0, sizeof(poly1305_key));
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
		poly1305_update_with_length(&poly1305, NULL, ad_len);
		poly1305_update_with_length(&poly1305, NULL, plaintext_len);
	}

	CRYPTO_poly1305_finish(&poly1305, mac);

	if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
		return 0;
	}

	CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
	*out_len = plaintext_len;
	return 1;
}







|







270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
		poly1305_update_with_length(&poly1305, NULL, ad_len);
		poly1305_update_with_length(&poly1305, NULL, plaintext_len);
	}

	CRYPTO_poly1305_finish(&poly1305, mac);

	if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
		EVPerror(EVP_R_BAD_DECRYPT);
		return 0;
	}

	CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
	*out_len = plaintext_len;
	return 1;
}
Changes to jni/libressl/crypto/evp/e_des.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_des.c,v 1.13 2014/10/18 17:20:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_des.c,v 1.14 2015/10/12 06:05:52 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_des3.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_des3.c,v 1.18 2014/10/18 17:20:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_des3.c,v 1.19 2015/10/12 06:05:52 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_gost2814789.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_gost2814789.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_gost2814789.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
	unsigned char *buf = NULL;
	unsigned char *p = NULL;
	EVP_GOST2814789_CTX *c = ctx->cipher_data;
	ASN1_OCTET_STRING *os = NULL;
	GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();

	if (gcp == NULL) {
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) {
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
		return 0;
	}
	ASN1_OBJECT_free(gcp->enc_param_set);
	gcp->enc_param_set = OBJ_nid2obj(c->param_nid);

	len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
	p = buf = malloc(len);
	if (buf == NULL) {
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	i2d_GOST_CIPHER_PARAMS(gcp, &p);
	GOST_CIPHER_PARAMS_free(gcp);

	os = ASN1_OCTET_STRING_new();
	if (os == NULL) {
		free(buf);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (ASN1_OCTET_STRING_set(os, buf, len) == 0) {
		ASN1_OCTET_STRING_free(os);
		free(buf);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
		return 0;
	}
	free(buf);

	ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
	return 1;
}







<
|




|









<
|








<
|





|







103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

125
126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144
145
146
147
	unsigned char *buf = NULL;
	unsigned char *p = NULL;
	EVP_GOST2814789_CTX *c = ctx->cipher_data;
	ASN1_OCTET_STRING *os = NULL;
	GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();

	if (gcp == NULL) {

		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) {
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerror(ERR_R_ASN1_LIB);
		return 0;
	}
	ASN1_OBJECT_free(gcp->enc_param_set);
	gcp->enc_param_set = OBJ_nid2obj(c->param_nid);

	len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
	p = buf = malloc(len);
	if (buf == NULL) {
		GOST_CIPHER_PARAMS_free(gcp);

		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	i2d_GOST_CIPHER_PARAMS(gcp, &p);
	GOST_CIPHER_PARAMS_free(gcp);

	os = ASN1_OCTET_STRING_new();
	if (os == NULL) {
		free(buf);

		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (ASN1_OCTET_STRING_set(os, buf, len) == 0) {
		ASN1_OCTET_STRING_free(os);
		free(buf);
		GOSTerror(ERR_R_ASN1_LIB);
		return 0;
	}
	free(buf);

	ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
	return 1;
}
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

	gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
	    params->value.sequence->length);

	len = gcp->iv->length;
	if (len != ctx->cipher->iv_len) {
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
		    GOST_R_INVALID_IV_LENGTH);
		return -1;
	}

	if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) {
		GOST_CIPHER_PARAMS_free(gcp);
		return -1;
	}







<
|







162
163
164
165
166
167
168

169
170
171
172
173
174
175
176

	gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
	    params->value.sequence->length);

	len = gcp->iv->length;
	if (len != ctx->cipher->iv_len) {
		GOST_CIPHER_PARAMS_free(gcp);

		GOSTerror(GOST_R_INVALID_IV_LENGTH);
		return -1;
	}

	if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) {
		GOST_CIPHER_PARAMS_free(gcp);
		return -1;
	}
Changes to jni/libressl/crypto/evp/e_idea.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_idea.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_idea.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_null.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_null.c,v 1.13 2014/07/10 13:58:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_null.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_old.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_old.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_old.c,v 1.8 2015/02/10 11:45:09 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/evp/e_rc2.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_rc2.c,v 1.10 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_rc2.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
	if (i == RC2_128_MAGIC)
		return 128;
	else if (i == RC2_64_MAGIC)
		return 64;
	else if (i == RC2_40_MAGIC)
		return 40;
	else {
		EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
		return (0);
	}
}

static int
rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
	long num = 0;
	int i = 0;
	int key_bits;
	unsigned int l;
	unsigned char iv[EVP_MAX_IV_LENGTH];

	if (type != NULL) {
		l = EVP_CIPHER_CTX_iv_length(c);
		if (l > sizeof(iv)) {
			EVPerr(EVP_F_RC2_GET_ASN1_TYPE_AND_IV,
			    EVP_R_IV_TOO_LARGE);
			return -1;
		}
		i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
		if (i != (int)l)
			return (-1);
		key_bits = rc2_magic_to_meth((int)num);
		if (!key_bits)







|
















<
|







167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
	if (i == RC2_128_MAGIC)
		return 128;
	else if (i == RC2_64_MAGIC)
		return 64;
	else if (i == RC2_40_MAGIC)
		return 40;
	else {
		EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
		return (0);
	}
}

static int
rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
	long num = 0;
	int i = 0;
	int key_bits;
	unsigned int l;
	unsigned char iv[EVP_MAX_IV_LENGTH];

	if (type != NULL) {
		l = EVP_CIPHER_CTX_iv_length(c);
		if (l > sizeof(iv)) {

			EVPerror(EVP_R_IV_TOO_LARGE);
			return -1;
		}
		i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
		if (i != (int)l)
			return (-1);
		key_bits = rc2_magic_to_meth((int)num);
		if (!key_bits)
Changes to jni/libressl/crypto/evp/e_rc4.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_rc4.c,v 1.13 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_rc4.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/e_rc4_hmac_md5.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_rc4_hmac_md5.c,v 1.4 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_rc4_hmac_md5.c,v 1.8 2017/01/31 13:17:21 inoguchi Exp $ */
/* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rc4.h>
#include <openssl/md5.h>

#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
#define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
#define EVP_CTRL_AEAD_TLS1_AAD		0x16
#define EVP_CTRL_AEAD_SET_MAC_KEY	0x17
#endif

/* FIXME: surely this is available elsewhere? */
#define EVP_RC4_KEY_SIZE		16

typedef struct {
	RC4_KEY		ks;
	MD5_CTX		head, tail, md;
	size_t		payload_length;







<
<
<
<
<
<







56
57
58
59
60
61
62






63
64
65
66
67
68
69
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rc4.h>
#include <openssl/md5.h>







/* FIXME: surely this is available elsewhere? */
#define EVP_RC4_KEY_SIZE		16

typedef struct {
	RC4_KEY		ks;
	MD5_CTX		head, tail, md;
	size_t		payload_length;
101
102
103
104
105
106
107

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

#if	!defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) &&	( \
	defined(__x86_64)	|| defined(__x86_64__)	|| \
	defined(_M_AMD64)	|| defined(_M_X64)	|| \
	defined(__INTEL__)		) && \
	!(defined(__APPLE__) && defined(__MACH__))
#define	STITCHED_CALL

#endif

#if !defined(STITCHED_CALL)
#define	rc4_off 0
#define	md5_off 0
#endif

static int
rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t len)
{
	EVP_RC4_HMAC_MD5 *key = data(ctx);
#if defined(STITCHED_CALL)
	size_t	rc4_off = 32-1-(key->ks.x&(32-1)),	/* 32 is $MOD from rc4_md5-x86_64.pl */
	md5_off = MD5_CBLOCK - key->md.num,
	    blocks;
	unsigned int l;
	extern unsigned int OPENSSL_ia32cap_P[];
#endif
	size_t	plen = key->payload_length;

	if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
		return 0;

	if (ctx->encrypt) {
		if (plen == NO_PAYLOAD_LENGTH)
			plen = len;
#if defined(STITCHED_CALL)
		/* cipher has to "fall behind" */
		if (rc4_off > md5_off)
			md5_off += MD5_CBLOCK;

		if (plen > md5_off &&
		    (blocks = (plen - md5_off) / MD5_CBLOCK) &&
		    (OPENSSL_ia32cap_P[0]&(1 << 20)) == 0) {
			MD5_Update(&key->md, in, md5_off);
			RC4(&key->ks, rc4_off, in, out);

			rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
			    &key->md, in + md5_off, blocks);
			blocks *= MD5_CBLOCK;
			rc4_off += blocks;







>

















<
















|







95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

#if	!defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) &&	( \
	defined(__x86_64)	|| defined(__x86_64__)	|| \
	defined(_M_AMD64)	|| defined(_M_X64)	|| \
	defined(__INTEL__)		) && \
	!(defined(__APPLE__) && defined(__MACH__))
#define	STITCHED_CALL
#include "x86_arch.h"
#endif

#if !defined(STITCHED_CALL)
#define	rc4_off 0
#define	md5_off 0
#endif

static int
rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t len)
{
	EVP_RC4_HMAC_MD5 *key = data(ctx);
#if defined(STITCHED_CALL)
	size_t	rc4_off = 32-1-(key->ks.x&(32-1)),	/* 32 is $MOD from rc4_md5-x86_64.pl */
	md5_off = MD5_CBLOCK - key->md.num,
	    blocks;
	unsigned int l;

#endif
	size_t	plen = key->payload_length;

	if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
		return 0;

	if (ctx->encrypt) {
		if (plen == NO_PAYLOAD_LENGTH)
			plen = len;
#if defined(STITCHED_CALL)
		/* cipher has to "fall behind" */
		if (rc4_off > md5_off)
			md5_off += MD5_CBLOCK;

		if (plen > md5_off &&
		    (blocks = (plen - md5_off) / MD5_CBLOCK) &&
		    (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {
			MD5_Update(&key->md, in, md5_off);
			RC4(&key->ks, rc4_off, in, out);

			rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
			    &key->md, in + md5_off, blocks);
			blocks *= MD5_CBLOCK;
			rc4_off += blocks;
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
		/* digest has to "fall behind" */
		if (md5_off > rc4_off)
			rc4_off += 2*MD5_CBLOCK;
		else
			rc4_off += MD5_CBLOCK;

		if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
		    (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
			RC4(&key->ks, rc4_off, in, out);
			MD5_Update(&key->md, out, md5_off);

			rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
			    &key->md, out + md5_off, blocks);
			blocks *= MD5_CBLOCK;
			rc4_off += blocks;







|







177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
		/* digest has to "fall behind" */
		if (md5_off > rc4_off)
			rc4_off += 2*MD5_CBLOCK;
		else
			rc4_off += MD5_CBLOCK;

		if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
		    (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) {
			RC4(&key->ks, rc4_off, in, out);
			MD5_Update(&key->md, out, md5_off);

			rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
			    &key->md, out + md5_off, blocks);
			blocks *= MD5_CBLOCK;
			rc4_off += blocks;
264
265
266
267
268
269
270


271
272
273
274
275
276
277
		}
	case EVP_CTRL_AEAD_TLS1_AAD:
		{
			unsigned char *p = ptr;
			unsigned int len = p[arg - 2] << 8 | p[arg - 1];

			if (!ctx->encrypt) {


				len -= MD5_DIGEST_LENGTH;
				p[arg - 2] = len >> 8;
				p[arg - 1] = len;
			}
			key->payload_length = len;
			key->md = key->head;
			MD5_Update(&key->md, p, arg);







>
>







258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
		}
	case EVP_CTRL_AEAD_TLS1_AAD:
		{
			unsigned char *p = ptr;
			unsigned int len = p[arg - 2] << 8 | p[arg - 1];

			if (!ctx->encrypt) {
				if (len < MD5_DIGEST_LENGTH)
					return -1;
				len -= MD5_DIGEST_LENGTH;
				p[arg - 2] = len >> 8;
				p[arg - 1] = len;
			}
			key->payload_length = len;
			key->md = key->head;
			MD5_Update(&key->md, p, arg);
Changes to jni/libressl/crypto/evp/e_xcbc_d.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: e_xcbc_d.c,v 1.11 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: e_xcbc_d.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/encode.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: encode.c,v 1.23 2016/05/04 14:53:29 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: encode.c,v 1.24 2016/05/04 15:05:13 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/evp_aead.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_aead.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_aead.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

int
EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
    const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl)
{
	ctx->aead = aead;
	if (key_len != aead->key_len) {
		EVPerr(EVP_F_EVP_AEAD_CTX_INIT, EVP_R_UNSUPPORTED_KEY_SIZE);
		return 0;
	}
	return aead->init(ctx, key, key_len, tag_len);
}

void
EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx)







|







49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

int
EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
    const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl)
{
	ctx->aead = aead;
	if (key_len != aead->key_len) {
		EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
		return 0;
	}
	return aead->init(ctx, key, key_len, tag_len);
}

void
EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx)
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
    const unsigned char *in, size_t in_len, const unsigned char *ad,
    size_t ad_len)
{
	size_t possible_out_len = in_len + ctx->aead->overhead;

	/* Overflow. */
	if (possible_out_len < in_len) {
		EVPerr(EVP_F_AEAD_CTX_SEAL, EVP_R_TOO_LARGE);
		goto error;
	}

	if (!check_alias(in, in_len, out)) {
		EVPerr(EVP_F_AEAD_CTX_SEAL, EVP_R_OUTPUT_ALIASES_INPUT);
		goto error;
	}

	if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len,
	    in, in_len, ad, ad_len)) {
		return 1;
	}







|




|







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
    const unsigned char *in, size_t in_len, const unsigned char *ad,
    size_t ad_len)
{
	size_t possible_out_len = in_len + ctx->aead->overhead;

	/* Overflow. */
	if (possible_out_len < in_len) {
		EVPerror(EVP_R_TOO_LARGE);
		goto error;
	}

	if (!check_alias(in, in_len, out)) {
		EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
		goto error;
	}

	if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len,
	    in, in_len, ad, ad_len)) {
		return 1;
	}
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
int
EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
    size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
    const unsigned char *in, size_t in_len, const unsigned char *ad,
    size_t ad_len)
{
	if (!check_alias(in, in_len, out)) {
		EVPerr(EVP_F_AEAD_CTX_OPEN, EVP_R_OUTPUT_ALIASES_INPUT);
		goto error;
	}

	if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len,
	    in, in_len, ad, ad_len)) {
		return 1;
	}







|







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
int
EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
    size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
    const unsigned char *in, size_t in_len, const unsigned char *ad,
    size_t ad_len)
{
	if (!check_alias(in, in_len, out)) {
		EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
		goto error;
	}

	if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len,
	    in, in_len, ad, ad_len)) {
		return 1;
	}
Changes to jni/libressl/crypto/evp/evp_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_enc.c,v 1.31 2016/05/30 13:42:54 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_enc.c,v 1.36 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
55
56
57
58
59
60
61


62
63
64
65
66
67
68
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>



#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/evp.h>

#ifndef OPENSSL_NO_ENGINE







>
>







55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>

#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/evp.h>

#ifndef OPENSSL_NO_ENGINE
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
			/* Restore encrypt and flags */
			ctx->encrypt = enc;
			ctx->flags = flags;
		}
#ifndef OPENSSL_NO_ENGINE
		if (impl) {
			if (!ENGINE_init(impl)) {
				EVPerr(EVP_F_EVP_CIPHERINIT_EX,
				    EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
		} else
			/* Ask if an ENGINE is reserved for this job */
			impl = ENGINE_get_cipher_engine(cipher->nid);
		if (impl) {
			/* There's an ENGINE for this job ... (apparently) */
			const EVP_CIPHER *c =
			    ENGINE_get_cipher(impl, cipher->nid);
			if (!c) {
				EVPerr(EVP_F_EVP_CIPHERINIT_EX,
				    EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
			/* We'll use the ENGINE's private cipher definition */
			cipher = c;
			/* Store the ENGINE functional reference so we know
			 * 'cipher' came from an ENGINE and we need to release
			 * it when done. */
			ctx->engine = impl;
		} else
			ctx->engine = NULL;
#endif

		ctx->cipher = cipher;
		if (ctx->cipher->ctx_size) {
			ctx->cipher_data = malloc(ctx->cipher->ctx_size);
			if (!ctx->cipher_data) {
				EVPerr(EVP_F_EVP_CIPHERINIT_EX,
				    ERR_R_MALLOC_FAILURE);
				return 0;
			}
		} else {
			ctx->cipher_data = NULL;
		}
		ctx->key_len = cipher->key_len;
		ctx->flags = 0;
		if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
			if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
				EVPerr(EVP_F_EVP_CIPHERINIT_EX,
				    EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
		}
	} else if (!ctx->cipher) {
		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
		return 0;
	}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
	/* we assume block size is a power of 2 in *cryptUpdate */
	if (ctx->cipher->block_size != 1 &&
	    ctx->cipher->block_size != 8 &&
	    ctx->cipher->block_size != 16) {
		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}

	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
		switch (EVP_CIPHER_CTX_mode(ctx)) {

		case EVP_CIPH_STREAM_CIPHER:
		case EVP_CIPH_ECB_MODE:
			break;

		case EVP_CIPH_CFB_MODE:
		case EVP_CIPH_OFB_MODE:

			ctx->num = 0;
			/* fall-through */

		case EVP_CIPH_CBC_MODE:

			if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
			    sizeof(ctx->iv)) {
				EVPerr(EVP_F_EVP_CIPHERINIT_EX,
				    EVP_R_IV_TOO_LARGE);
				return 0;
			}
			if (iv)
				memcpy(ctx->oiv, iv,
				    EVP_CIPHER_CTX_iv_length(ctx));
			memcpy(ctx->iv, ctx->oiv,
			    EVP_CIPHER_CTX_iv_length(ctx));







<
|










<
|
















<
|









<
|




|









|




















<
|







126
127
128
129
130
131
132

133
134
135
136
137
138
139
140
141
142
143

144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

161
162
163
164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

207
208
209
210
211
212
213
214
			/* Restore encrypt and flags */
			ctx->encrypt = enc;
			ctx->flags = flags;
		}
#ifndef OPENSSL_NO_ENGINE
		if (impl) {
			if (!ENGINE_init(impl)) {

				EVPerror(EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
		} else
			/* Ask if an ENGINE is reserved for this job */
			impl = ENGINE_get_cipher_engine(cipher->nid);
		if (impl) {
			/* There's an ENGINE for this job ... (apparently) */
			const EVP_CIPHER *c =
			    ENGINE_get_cipher(impl, cipher->nid);
			if (!c) {

				EVPerror(EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
			/* We'll use the ENGINE's private cipher definition */
			cipher = c;
			/* Store the ENGINE functional reference so we know
			 * 'cipher' came from an ENGINE and we need to release
			 * it when done. */
			ctx->engine = impl;
		} else
			ctx->engine = NULL;
#endif

		ctx->cipher = cipher;
		if (ctx->cipher->ctx_size) {
			ctx->cipher_data = malloc(ctx->cipher->ctx_size);
			if (!ctx->cipher_data) {

				EVPerror(ERR_R_MALLOC_FAILURE);
				return 0;
			}
		} else {
			ctx->cipher_data = NULL;
		}
		ctx->key_len = cipher->key_len;
		ctx->flags = 0;
		if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
			if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {

				EVPerror(EVP_R_INITIALIZATION_ERROR);
				return 0;
			}
		}
	} else if (!ctx->cipher) {
		EVPerror(EVP_R_NO_CIPHER_SET);
		return 0;
	}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
	/* we assume block size is a power of 2 in *cryptUpdate */
	if (ctx->cipher->block_size != 1 &&
	    ctx->cipher->block_size != 8 &&
	    ctx->cipher->block_size != 16) {
		EVPerror(EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}

	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
		switch (EVP_CIPHER_CTX_mode(ctx)) {

		case EVP_CIPH_STREAM_CIPHER:
		case EVP_CIPH_ECB_MODE:
			break;

		case EVP_CIPH_CFB_MODE:
		case EVP_CIPH_OFB_MODE:

			ctx->num = 0;
			/* fall-through */

		case EVP_CIPH_CBC_MODE:

			if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
			    sizeof(ctx->iv)) {

				EVPerror(EVP_R_IV_TOO_LARGE);
				return 0;
			}
			if (iv)
				memcpy(ctx->oiv, iv,
				    EVP_CIPHER_CTX_iv_length(ctx));
			memcpy(ctx->iv, ctx->oiv,
			    EVP_CIPHER_CTX_iv_length(ctx));
256
257
258
259
260
261
262



263
264
265

266
267
268
269

270
271
272
273
274
275
276
{
	if (ctx->encrypt)
		return EVP_EncryptFinal_ex(ctx, out, outl);
	else
		return EVP_DecryptFinal_ex(ctx, out, outl);
}




int
EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{

	if (ctx->encrypt)
		return EVP_EncryptFinal_ex(ctx, out, outl);
	else
		return EVP_DecryptFinal_ex(ctx, out, outl);

}

int
EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
    const unsigned char *key, const unsigned char *iv)
{
	return EVP_CipherInit(ctx, cipher, key, iv, 1);







>
>
>



>

|

|
>







253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
{
	if (ctx->encrypt)
		return EVP_EncryptFinal_ex(ctx, out, outl);
	else
		return EVP_DecryptFinal_ex(ctx, out, outl);
}

__warn_references(EVP_CipherFinal,
    "warning: EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup");

int
EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
	int ret;
	if (ctx->encrypt)
		ret = EVP_EncryptFinal_ex(ctx, out, outl);
	else
		ret = EVP_DecryptFinal_ex(ctx, out, outl);
	return ret;
}

int
EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
    const unsigned char *key, const unsigned char *iv)
{
	return EVP_CipherInit(ctx, cipher, key, iv, 1);
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
			*outl = 0;
			return 0;
		}
	}
	i = ctx->buf_len;
	bl = ctx->cipher->block_size;
	if ((size_t)bl > sizeof(ctx->buf)) {
		EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH);
		*outl = 0;
		return 0;
	}
	if (i != 0) {
		if (bl - i > inl) {
			memcpy(&(ctx->buf[i]), in, inl);
			ctx->buf_len += inl;







|







327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
			*outl = 0;
			return 0;
		}
	}
	i = ctx->buf_len;
	bl = ctx->cipher->block_size;
	if ((size_t)bl > sizeof(ctx->buf)) {
		EVPerror(EVP_R_BAD_BLOCK_LENGTH);
		*outl = 0;
		return 0;
	}
	if (i != 0) {
		if (bl - i > inl) {
			memcpy(&(ctx->buf[i]), in, inl);
			ctx->buf_len += inl;
361
362
363
364
365
366
367



368
369
370
371
372
373
374

	if (i != 0)
		memcpy(ctx->buf, &(in[inl]), i);
	ctx->buf_len = i;
	return 1;
}




int
EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
	int ret;

	ret = EVP_EncryptFinal_ex(ctx, out, outl);
	return ret;







>
>
>







363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

	if (i != 0)
		memcpy(ctx->buf, &(in[inl]), i);
	ctx->buf_len = i;
	return 1;
}

__warn_references(EVP_EncryptFinal,
    "warning: EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup");

int
EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
	int ret;

	ret = EVP_EncryptFinal_ex(ctx, out, outl);
	return ret;
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
		else
			*outl = ret;
		return 1;
	}

	b = ctx->cipher->block_size;
	if (b > sizeof ctx->buf) {
		EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}
	if (b == 1) {
		*outl = 0;
		return 1;
	}
	bl = ctx->buf_len;
	if (ctx->flags & EVP_CIPH_NO_PADDING) {
		if (bl) {
			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
			    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
			return 0;
		}
		*outl = 0;
		return 1;
	}

	n = b - bl;







|









<
|







392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408

409
410
411
412
413
414
415
416
		else
			*outl = ret;
		return 1;
	}

	b = ctx->cipher->block_size;
	if (b > sizeof ctx->buf) {
		EVPerror(EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}
	if (b == 1) {
		*outl = 0;
		return 1;
	}
	bl = ctx->buf_len;
	if (ctx->flags & EVP_CIPH_NO_PADDING) {
		if (bl) {

			EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
			return 0;
		}
		*outl = 0;
		return 1;
	}

	n = b - bl;
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
	}

	if (ctx->flags & EVP_CIPH_NO_PADDING)
		return EVP_EncryptUpdate(ctx, out, outl, in, inl);

	b = ctx->cipher->block_size;
	if (b > sizeof ctx->final) {
		EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}

	if (ctx->final_used) {
		memcpy(out, ctx->final, b);
		out += b;
		fix_len = 1;







|







448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
	}

	if (ctx->flags & EVP_CIPH_NO_PADDING)
		return EVP_EncryptUpdate(ctx, out, outl, in, inl);

	b = ctx->cipher->block_size;
	if (b > sizeof ctx->final) {
		EVPerror(EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}

	if (ctx->final_used) {
		memcpy(out, ctx->final, b);
		out += b;
		fix_len = 1;
474
475
476
477
478
479
480



481
482
483
484
485
486
487

	if (fix_len)
		*outl += b;

	return 1;
}




int
EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
	int ret;

	ret = EVP_DecryptFinal_ex(ctx, out, outl);
	return ret;







>
>
>







478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494

	if (fix_len)
		*outl += b;

	return 1;
}

__warn_references(EVP_DecryptFinal,
    "warning: EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup");

int
EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
	int ret;

	ret = EVP_DecryptFinal_ex(ctx, out, outl);
	return ret;
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
			*outl = i;
		return 1;
	}

	b = ctx->cipher->block_size;
	if (ctx->flags & EVP_CIPH_NO_PADDING) {
		if (ctx->buf_len) {
			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
			    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
			return 0;
		}
		*outl = 0;
		return 1;
	}
	if (b > 1) {
		if (ctx->buf_len || !ctx->final_used) {
			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
			    EVP_R_WRONG_FINAL_BLOCK_LENGTH);
			return (0);
		}
		if (b > sizeof ctx->final) {
			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
			    EVP_R_BAD_BLOCK_LENGTH);
			return 0;
		}
		n = ctx->final[b - 1];
		if (n == 0 || n > (int)b) {
			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
			return (0);
		}
		for (i = 0; i < n; i++) {
			if (ctx->final[--b] != n) {
				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
				    EVP_R_BAD_DECRYPT);
				return (0);
			}
		}
		n = ctx->cipher->block_size - n;
		for (i = 0; i < n; i++)
			out[i] = ctx->final[i];
		*outl = n;







<
|







<
|



<
|




|




<
|







509
510
511
512
513
514
515

516
517
518
519
520
521
522
523

524
525
526
527

528
529
530
531
532
533
534
535
536
537

538
539
540
541
542
543
544
545
			*outl = i;
		return 1;
	}

	b = ctx->cipher->block_size;
	if (ctx->flags & EVP_CIPH_NO_PADDING) {
		if (ctx->buf_len) {

			EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
			return 0;
		}
		*outl = 0;
		return 1;
	}
	if (b > 1) {
		if (ctx->buf_len || !ctx->final_used) {

			EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
			return (0);
		}
		if (b > sizeof ctx->final) {

			EVPerror(EVP_R_BAD_BLOCK_LENGTH);
			return 0;
		}
		n = ctx->final[b - 1];
		if (n == 0 || n > (int)b) {
			EVPerror(EVP_R_BAD_DECRYPT);
			return (0);
		}
		for (i = 0; i < n; i++) {
			if (ctx->final[--b] != n) {

				EVPerror(EVP_R_BAD_DECRYPT);
				return (0);
			}
		}
		n = ctx->cipher->block_size - n;
		for (i = 0; i < n; i++)
			out[i] = ctx->final[i];
		*outl = n;
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
		    keylen, NULL);
	if (c->key_len == keylen)
		return 1;
	if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
		c->key_len = keylen;
		return 1;
	}
	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
	return 0;
}

int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
	if (pad)
		ctx->flags &= ~EVP_CIPH_NO_PADDING;
	else
		ctx->flags |= EVP_CIPH_NO_PADDING;
	return 1;
}

int
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
	int ret;

	if (!ctx->cipher) {
		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
		return 0;
	}

	if (!ctx->cipher->ctrl) {
		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
		return 0;
	}

	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
	if (ret == -1) {
		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
		    EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
		return 0;
	}
	return ret;
}

int
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
	arc4random_buf(key, ctx->key_len);
	return 1;
}

int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
	if ((in == NULL) || (in->cipher == NULL)) {
		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
		return 0;
	}
#ifndef OPENSSL_NO_ENGINE
	/* Make sure it's safe to copy a cipher context using an ENGINE */
	if (in->engine && !ENGINE_init(in->engine)) {
		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
		return 0;
	}
#endif

	EVP_CIPHER_CTX_cleanup(out);
	memcpy(out, in, sizeof *out);

	if (in->cipher_data && in->cipher->ctx_size) {
		out->cipher_data = malloc(in->cipher->ctx_size);
		if (!out->cipher_data) {
			EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
	}

	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
		return in->cipher->ctrl((EVP_CIPHER_CTX *)in,
		    EVP_CTRL_COPY, 0, out);
	return 1;
}







|



















|




|





<
|


















|





|










|










586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623

624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
		    keylen, NULL);
	if (c->key_len == keylen)
		return 1;
	if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
		c->key_len = keylen;
		return 1;
	}
	EVPerror(EVP_R_INVALID_KEY_LENGTH);
	return 0;
}

int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
	if (pad)
		ctx->flags &= ~EVP_CIPH_NO_PADDING;
	else
		ctx->flags |= EVP_CIPH_NO_PADDING;
	return 1;
}

int
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
	int ret;

	if (!ctx->cipher) {
		EVPerror(EVP_R_NO_CIPHER_SET);
		return 0;
	}

	if (!ctx->cipher->ctrl) {
		EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
		return 0;
	}

	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
	if (ret == -1) {

		EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
		return 0;
	}
	return ret;
}

int
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
	arc4random_buf(key, ctx->key_len);
	return 1;
}

int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
	if ((in == NULL) || (in->cipher == NULL)) {
		EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
		return 0;
	}
#ifndef OPENSSL_NO_ENGINE
	/* Make sure it's safe to copy a cipher context using an ENGINE */
	if (in->engine && !ENGINE_init(in->engine)) {
		EVPerror(ERR_R_ENGINE_LIB);
		return 0;
	}
#endif

	EVP_CIPHER_CTX_cleanup(out);
	memcpy(out, in, sizeof *out);

	if (in->cipher_data && in->cipher->ctx_size) {
		out->cipher_data = malloc(in->cipher->ctx_size);
		if (!out->cipher_data) {
			EVPerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
	}

	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
		return in->cipher->ctrl((EVP_CIPHER_CTX *)in,
		    EVP_CTRL_COPY, 0, out);
	return 1;
}
Changes to jni/libressl/crypto/evp/evp_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_err.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)

static ERR_STRING_DATA EVP_str_functs[] = {
	{ERR_FUNC(EVP_F_AEAD_AES_GCM_INIT), "AEAD_AES_GCM_INIT"},
	{ERR_FUNC(EVP_F_AEAD_AES_GCM_OPEN), "AEAD_AES_GCM_OPEN"},
	{ERR_FUNC(EVP_F_AEAD_AES_GCM_SEAL), "AEAD_AES_GCM_SEAL"},
	{ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_INIT), "AEAD_CHACHA20_POLY1305_INIT"},
	{ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_OPEN), "AEAD_CHACHA20_POLY1305_OPEN"},
	{ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_SEAL), "AEAD_CHACHA20_POLY1305_SEAL"},
	{ERR_FUNC(EVP_F_AEAD_CTX_OPEN), "AEAD_CTX_OPEN"},
	{ERR_FUNC(EVP_F_AEAD_CTX_SEAL), "AEAD_CTX_SEAL"},
	{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
	{ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
	{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
	{ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
	{ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
	{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
	{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
	{ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
	{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
	{ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
	{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
	{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
	{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
	{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
	{ERR_FUNC(EVP_F_EVP_AEAD_CTX_INIT), "EVP_AEAD_CTX_init"},
	{ERR_FUNC(EVP_F_EVP_AEAD_CTX_OPEN), "EVP_AEAD_CTX_open"},
	{ERR_FUNC(EVP_F_EVP_AEAD_CTX_SEAL), "EVP_AEAD_CTX_seal"},
	{ERR_FUNC(EVP_F_EVP_BYTESTOKEY), "EVP_BytesToKey"},
	{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
	{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
	{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
	{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
	{ERR_FUNC(EVP_F_EVP_CIPHER_GET_ASN1_IV), "EVP_CIPHER_get_asn1_iv"},
	{ERR_FUNC(EVP_F_EVP_CIPHER_SET_ASN1_IV), "EVP_CIPHER_set_asn1_iv"},
	{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
	{ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
	{ERR_FUNC(EVP_F_EVP_DIGESTFINAL_EX), "EVP_DigestFinal_ex"},
	{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
	{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
	{ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
	{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
	{ERR_FUNC(EVP_F_EVP_MD_CTX_CTRL), "EVP_MD_CTX_ctrl"},
	{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
	{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
	{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
	{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
	{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
	{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
	{ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"},
	{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
	{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
	{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
	{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
	{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
	{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
	{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
	{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"},
	{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"},
	{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
	{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
	{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
	{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
	{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
	{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
	{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
	{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
	{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
	{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
	{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
	{ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"},
	{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"},
	{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
	{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), "EVP_PKEY_verify_recover_init"},
	{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
	{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
	{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
	{ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
	{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
	{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
	{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
	{ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
	{ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"},
	{ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"},
	{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
	{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
	{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
	{ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"},
	{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
	{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
	{ERR_FUNC(EVP_F_RC2_GET_ASN1_TYPE_AND_IV), "RC2_GET_ASN1_TYPE_AND_IV"},
	{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
	{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
	{0, NULL}
};

static ERR_STRING_DATA EVP_str_reasons[] = {
	{ERR_REASON(EVP_R_AES_IV_SETUP_FAILED)   , "aes iv setup failed"},
	{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  , "aes key setup failed"},
	{ERR_REASON(EVP_R_ASN1_LIB)              , "asn1 lib"},







<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74











75




















































































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)

static ERR_STRING_DATA EVP_str_functs[] = {











	{ERR_FUNC(0xfff), "CRYPTO_internal"},




















































































	{0, NULL}
};

static ERR_STRING_DATA EVP_str_reasons[] = {
	{ERR_REASON(EVP_R_AES_IV_SETUP_FAILED)   , "aes iv setup failed"},
	{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  , "aes key setup failed"},
	{ERR_REASON(EVP_R_ASN1_LIB)              , "asn1 lib"},
Changes to jni/libressl/crypto/evp/evp_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_key.c,v 1.22 2015/02/10 09:55:39 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_key.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
	unsigned int mds = 0, i;
	int rv = 0;

	nkey = type->key_len;
	niv = type->iv_len;

	if ((size_t)nkey > EVP_MAX_KEY_LENGTH) {
		EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH);
		return 0;
	}
	if ((size_t)niv > EVP_MAX_IV_LENGTH) {
		EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE);
		return 0;
	}

	if (data == NULL)
		return (nkey);

	EVP_MD_CTX_init(&c);







|



|







131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
	unsigned int mds = 0, i;
	int rv = 0;

	nkey = type->key_len;
	niv = type->iv_len;

	if ((size_t)nkey > EVP_MAX_KEY_LENGTH) {
		EVPerror(EVP_R_BAD_KEY_LENGTH);
		return 0;
	}
	if ((size_t)niv > EVP_MAX_IV_LENGTH) {
		EVPerror(EVP_R_IV_TOO_LARGE);
		return 0;
	}

	if (data == NULL)
		return (nkey);

	EVP_MD_CTX_init(&c);
Changes to jni/libressl/crypto/evp/evp_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_lib.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_lib.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
{
	int i = 0;
	unsigned int l;

	if (type != NULL) {
		l = EVP_CIPHER_CTX_iv_length(c);
		if (l > sizeof(c->iv)) {
			EVPerr(EVP_F_EVP_CIPHER_GET_ASN1_IV,
			     EVP_R_IV_TOO_LARGE);
			return 0;
		}
		i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
		if (i != (int)l)
			return (-1);
		else if (i > 0)
			memcpy(c->iv, c->oiv, l);
	}
	return (i);
}

int
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
	int i = 0;
	unsigned int j;

	if (type != NULL) {
		j = EVP_CIPHER_CTX_iv_length(c);
		if (j > sizeof(c->iv)) {
			EVPerr(EVP_F_EVP_CIPHER_SET_ASN1_IV,
			     EVP_R_IV_TOO_LARGE);
			return 0;
		}
		i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
	}
	return (i);
}








<
|




















<
|







96
97
98
99
100
101
102

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

124
125
126
127
128
129
130
131
{
	int i = 0;
	unsigned int l;

	if (type != NULL) {
		l = EVP_CIPHER_CTX_iv_length(c);
		if (l > sizeof(c->iv)) {

			EVPerror(EVP_R_IV_TOO_LARGE);
			return 0;
		}
		i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
		if (i != (int)l)
			return (-1);
		else if (i > 0)
			memcpy(c->iv, c->oiv, l);
	}
	return (i);
}

int
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
	int i = 0;
	unsigned int j;

	if (type != NULL) {
		j = EVP_CIPHER_CTX_iv_length(c);
		if (j > sizeof(c->iv)) {

			EVPerror(EVP_R_IV_TOO_LARGE);
			return 0;
		}
		i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
	}
	return (i);
}

287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
	return md->pkey_type;
}

int
EVP_MD_size(const EVP_MD *md)
{
	if (!md) {
		EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
		return -1;
	}
	return md->md_size;
}

unsigned long
EVP_MD_flags(const EVP_MD *md)







|







285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
	return md->pkey_type;
}

int
EVP_MD_size(const EVP_MD *md)
{
	if (!md) {
		EVPerror(EVP_R_MESSAGE_DIGEST_IS_NULL);
		return -1;
	}
	return md->md_size;
}

unsigned long
EVP_MD_flags(const EVP_MD *md)
Changes to jni/libressl/crypto/evp/evp_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_locl.h,v 1.14 2016/12/21 15:49:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
51
52
53
54
55
56
57


58
59
60
61
62
63
64
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */



/* Macros to code block cipher wrappers */

/* Wrapper functions for each cipher mode */

#define BLOCK_CIPHER_ecb_loop() \
	size_t i, bl; \







>
>







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

__BEGIN_HIDDEN_DECLS

/* Macros to code block cipher wrappers */

/* Wrapper functions for each cipher mode */

#define BLOCK_CIPHER_ecb_loop() \
	size_t i, bl; \
360
361
362
363
364
365
366


	    const unsigned char *ad, size_t ad_len);

	int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out,
	    size_t *out_len, size_t max_out_len, const unsigned char *nonce,
	    size_t nonce_len, const unsigned char *in, size_t in_len,
	    const unsigned char *ad, size_t ad_len);
};









>
>
362
363
364
365
366
367
368
369
370
	    const unsigned char *ad, size_t ad_len);

	int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out,
	    size_t *out_len, size_t max_out_len, const unsigned char *nonce,
	    size_t nonce_len, const unsigned char *in, size_t in_len,
	    const unsigned char *ad, size_t ad_len);
};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/evp/evp_pbe.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_pbe.c,v 1.22 2014/10/28 05:46:56 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_pbe.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172


173
174
175
176
177
178
179
180
181
182
183
184
185














186
187
188
189
190
191
192
	const EVP_MD *md;
	int cipher_nid, md_nid;
	EVP_PBE_KEYGEN *keygen;

	if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
	    &cipher_nid, &md_nid, &keygen)) {
		char obj_tmp[80];
		EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
		if (!pbe_obj)
			strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
		else
			i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
		ERR_asprintf_error_data("TYPE=%s", obj_tmp);
		return 0;
	}

	if (!pass)
		passlen = 0;
	else if (passlen == -1)
		passlen = strlen(pass);

	if (cipher_nid == -1)
		cipher = NULL;
	else {
		cipher = EVP_get_cipherbynid(cipher_nid);
		if (!cipher) {
			EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER);
			return 0;
		}
	}

	if (md_nid == -1)
		md = NULL;
	else {
		md = EVP_get_digestbynid(md_nid);
		if (!md) {
			EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST);
			return 0;
		}
	}

	if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
		EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
		return 0;
	}
	return 1;
}

DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);



static int
pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
{
	int ret = pbe1->pbe_type - pbe2->pbe_type;

	if (ret)
		return ret;
	else
		return pbe1->pbe_nid - pbe2->pbe_nid;
}

IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);















static int
pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
{
	int ret = (*a)->pbe_type - (*b)->pbe_type;

	if (ret)







|


















|









|





|





|
>
>












|
>
>
>
>
>
>
>
>
>
>
>
>
>
>







124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
	const EVP_MD *md;
	int cipher_nid, md_nid;
	EVP_PBE_KEYGEN *keygen;

	if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
	    &cipher_nid, &md_nid, &keygen)) {
		char obj_tmp[80];
		EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
		if (!pbe_obj)
			strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
		else
			i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
		ERR_asprintf_error_data("TYPE=%s", obj_tmp);
		return 0;
	}

	if (!pass)
		passlen = 0;
	else if (passlen == -1)
		passlen = strlen(pass);

	if (cipher_nid == -1)
		cipher = NULL;
	else {
		cipher = EVP_get_cipherbynid(cipher_nid);
		if (!cipher) {
			EVPerror(EVP_R_UNKNOWN_CIPHER);
			return 0;
		}
	}

	if (md_nid == -1)
		md = NULL;
	else {
		md = EVP_get_digestbynid(md_nid);
		if (!md) {
			EVPerror(EVP_R_UNKNOWN_DIGEST);
			return 0;
		}
	}

	if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
		EVPerror(EVP_R_KEYGEN_FAILURE);
		return 0;
	}
	return 1;
}

static int pbe2_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int pbe2_cmp(EVP_PBE_CTL const *, EVP_PBE_CTL const *);
static EVP_PBE_CTL *OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num);

static int
pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
{
	int ret = pbe1->pbe_type - pbe2->pbe_type;

	if (ret)
		return ret;
	else
		return pbe1->pbe_nid - pbe2->pbe_nid;
}


static int
pbe2_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	EVP_PBE_CTL const *a = a_;
	EVP_PBE_CTL const *b = b_;
	return pbe2_cmp(a, b);
}

static EVP_PBE_CTL *
OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num)
{
	return (EVP_PBE_CTL *)OBJ_bsearch_(key, base, num, sizeof(EVP_PBE_CTL),
	    pbe2_cmp_BSEARCH_CMP_FN);
}

static int
pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
{
	int ret = (*a)->pbe_type - (*b)->pbe_type;

	if (ret)
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
    EVP_PBE_KEYGEN *keygen)
{
	EVP_PBE_CTL *pbe_tmp;

	if (pbe_algs == NULL) {
		pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
		if (pbe_algs == NULL) {
			EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	pbe_tmp = malloc(sizeof(EVP_PBE_CTL));
	if (pbe_tmp == NULL) {
		EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	pbe_tmp->pbe_type = pbe_type;
	pbe_tmp->pbe_nid = pbe_nid;
	pbe_tmp->cipher_nid = cipher_nid;
	pbe_tmp->md_nid = md_nid;
	pbe_tmp->keygen = keygen;

	if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) {
		free(pbe_tmp);
		EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}

int
EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,







<
|





|










|







218
219
220
221
222
223
224

225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
    EVP_PBE_KEYGEN *keygen)
{
	EVP_PBE_CTL *pbe_tmp;

	if (pbe_algs == NULL) {
		pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
		if (pbe_algs == NULL) {

			EVPerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	pbe_tmp = malloc(sizeof(EVP_PBE_CTL));
	if (pbe_tmp == NULL) {
		EVPerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	pbe_tmp->pbe_type = pbe_type;
	pbe_tmp->pbe_nid = pbe_nid;
	pbe_tmp->cipher_nid = cipher_nid;
	pbe_tmp->md_nid = md_nid;
	pbe_tmp->keygen = keygen;

	if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) {
		free(pbe_tmp);
		EVPerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}

int
EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
Changes to jni/libressl/crypto/evp/evp_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp_pkey.c,v 1.17 2014/07/12 16:03:37 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp_pkey.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
	ASN1_OBJECT *algoid;
	char obj_tmp[80];

	if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
		return NULL;

	if (!(pkey = EVP_PKEY_new())) {
		EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
		EVPerr(EVP_F_EVP_PKCS82PKEY,
		    EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
		i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
		ERR_asprintf_error_data("TYPE=%s", obj_tmp);
		goto error;
	}

	if (pkey->ameth->priv_decode) {
		if (!pkey->ameth->priv_decode(pkey, p8)) {
			EVPerr(EVP_F_EVP_PKCS82PKEY,
			    EVP_R_PRIVATE_KEY_DECODE_ERROR);
			goto error;
		}
	} else {
		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
		goto error;
	}

	return pkey;

error:
	EVP_PKEY_free(pkey);







|




<
|







<
|



|







73
74
75
76
77
78
79
80
81
82
83
84

85
86
87
88
89
90
91
92

93
94
95
96
97
98
99
100
101
102
103
104
	ASN1_OBJECT *algoid;
	char obj_tmp[80];

	if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
		return NULL;

	if (!(pkey = EVP_PKEY_new())) {
		EVPerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {

		EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
		i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
		ERR_asprintf_error_data("TYPE=%s", obj_tmp);
		goto error;
	}

	if (pkey->ameth->priv_decode) {
		if (!pkey->ameth->priv_decode(pkey, p8)) {

			EVPerror(EVP_R_PRIVATE_KEY_DECODE_ERROR);
			goto error;
		}
	} else {
		EVPerror(EVP_R_METHOD_NOT_SUPPORTED);
		goto error;
	}

	return pkey;

error:
	EVP_PKEY_free(pkey);
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

PKCS8_PRIV_KEY_INFO *
EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
{
	PKCS8_PRIV_KEY_INFO *p8;

	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	p8->broken = broken;

	if (pkey->ameth) {
		if (pkey->ameth->priv_encode) {
			if (!pkey->ameth->priv_encode(p8, pkey)) {
				EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
				    EVP_R_PRIVATE_KEY_ENCODE_ERROR);
				goto error;
			}
		} else {
			EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
			    EVP_R_METHOD_NOT_SUPPORTED);
			goto error;
		}
	} else {
		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
		    EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
		goto error;
	}
	return p8;

error:
	PKCS8_PRIV_KEY_INFO_free(p8);
	return NULL;







|







<
|



<
|



<
|







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

130
131
132
133

134
135
136
137

138
139
140
141
142
143
144
145

PKCS8_PRIV_KEY_INFO *
EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
{
	PKCS8_PRIV_KEY_INFO *p8;

	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
		EVPerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	p8->broken = broken;

	if (pkey->ameth) {
		if (pkey->ameth->priv_encode) {
			if (!pkey->ameth->priv_encode(p8, pkey)) {

				EVPerror(EVP_R_PRIVATE_KEY_ENCODE_ERROR);
				goto error;
			}
		} else {

			EVPerror(EVP_R_METHOD_NOT_SUPPORTED);
			goto error;
		}
	} else {

		EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
		goto error;
	}
	return p8;

error:
	PKCS8_PRIV_KEY_INFO_free(p8);
	return NULL;
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	case PKCS8_NO_OCTET:
		p8->broken = PKCS8_NO_OCTET;
		p8->pkey->type = V_ASN1_SEQUENCE;
		return p8;
		break;

	default:
		EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
		return NULL;
	}
}

/* EVP_PKEY attribute functions */

int







|







157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
	case PKCS8_NO_OCTET:
		p8->broken = PKCS8_NO_OCTET;
		p8->pkey->type = V_ASN1_SEQUENCE;
		return p8;
		break;

	default:
		EVPerror(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
		return NULL;
	}
}

/* EVP_PKEY attribute functions */

int
Changes to jni/libressl/crypto/evp/m_dss.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_dss.c,v 1.15 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_dss.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/m_dss1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_dss1.c,v 1.15 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_dss1.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/m_ecdsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_ecdsa.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_ecdsa.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/evp/m_gost2814789.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_gost2814789.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/evp/m_gostr341194.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_gostr341194.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_gostr341194.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/evp/m_md4.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_md4.c,v 1.16 2015/09/14 01:45:03 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/m_md5.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_md5.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_md5.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Added jni/libressl/crypto/evp/m_md5_sha1.c.






































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
/* $OpenBSD: m_md5_sha1.c,v 1.1 2017/02/28 14:15:37 jsing Exp $ */
/*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>
#include <openssl/sha.h>

struct md5_sha1_ctx {
	MD5_CTX md5;
	SHA_CTX sha1;
};

static int
md5_sha1_init(EVP_MD_CTX *ctx)
{
	struct md5_sha1_ctx *mdctx = ctx->md_data;

	if (!MD5_Init(&mdctx->md5))
		return 0;
	if (!SHA1_Init(&mdctx->sha1))
		return 0;

	return 1;
}

static int 
md5_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
	struct md5_sha1_ctx *mdctx = ctx->md_data;

	if (!MD5_Update(&mdctx->md5, data, count))
		return 0;
	if (!SHA1_Update(&mdctx->sha1, data, count))
		return 0;

	return 1;
}

static int
md5_sha1_final(EVP_MD_CTX *ctx, unsigned char *out)
{
	struct md5_sha1_ctx *mdctx = ctx->md_data;

	if (!MD5_Final(out, &mdctx->md5))
		return 0;
	if (!SHA1_Final(out + MD5_DIGEST_LENGTH, &mdctx->sha1))
		return 0;

	return 1;
}

static const EVP_MD md5_sha1_md = {
        .type = NID_md5_sha1,
        .pkey_type = NID_md5_sha1,
        .md_size = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
        .flags = 0,
        .init = md5_sha1_init,
        .update = md5_sha1_update,
        .final = md5_sha1_final,
        .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */
        .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
};

const EVP_MD *
EVP_md5_sha1(void)
{
	return &md5_sha1_md;
}
Changes to jni/libressl/crypto/evp/m_null.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_null.c,v 1.8 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_null.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/m_ripemd.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_ripemd.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_ripemd.c,v 1.12 2014/07/13 09:30:02 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/m_sha1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_sha1.c,v 1.16 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_sha1.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/m_sigver.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_sigver.c,v 1.4 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_sigver.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
	if (type == NULL) {
		int def_nid;
		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
			type = EVP_get_digestbynid(def_nid);
	}

	if (type == NULL) {
		EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
		return 0;
	}

	if (ver) {
		if (ctx->pctx->pmeth->verifyctx_init) {
			if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx,
			    ctx) <=0)







|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
	if (type == NULL) {
		int def_nid;
		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
			type = EVP_get_digestbynid(def_nid);
	}

	if (type == NULL) {
		EVPerror(EVP_R_NO_DEFAULT_DIGEST);
		return 0;
	}

	if (ver) {
		if (ctx->pctx->pmeth->verifyctx_init) {
			if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx,
			    ctx) <=0)
Changes to jni/libressl/crypto/evp/m_streebog.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_streebog.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_streebog.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/evp/m_wp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: m_wp.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */

#include <stdio.h>

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_WHIRLPOOL

|







1
2
3
4
5
6
7
8
/* $OpenBSD: m_wp.c,v 1.8 2014/07/13 09:30:02 miod Exp $ */

#include <stdio.h>

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_WHIRLPOOL

Changes to jni/libressl/crypto/evp/names.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: names.c,v 1.11 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: names.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/p5_crpt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p5_crpt.c,v 1.15 2015/02/10 09:52:35 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p5_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110



111
112
113
114
115
116
117
	const unsigned char *pbuf;
	int mdsize;
	int rv = 0;

	/* Extract useful info from parameter */
	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
		return 0;
	}

	mdsize = EVP_MD_size(md);
	if (mdsize < 0)
		return 0;

	pbuf = param->value.sequence->data;
	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
		return 0;
	}

	if (!pbe->iter)
		iter = 1;
	else
		iter = ASN1_INTEGER_get (pbe->iter);



	salt = pbe->salt->data;
	saltlen = pbe->salt->length;

	if (!pass)
		passlen = 0;
	else if (passlen == -1)
		passlen = strlen(pass);







|









|





<
|
>
>
>







86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

109
110
111
112
113
114
115
116
117
118
119
	const unsigned char *pbuf;
	int mdsize;
	int rv = 0;

	/* Extract useful info from parameter */
	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		EVPerror(EVP_R_DECODE_ERROR);
		return 0;
	}

	mdsize = EVP_MD_size(md);
	if (mdsize < 0)
		return 0;

	pbuf = param->value.sequence->data;
	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
		EVPerror(EVP_R_DECODE_ERROR);
		return 0;
	}

	if (!pbe->iter)
		iter = 1;

	else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
		EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
		return 0;
	}
	salt = pbe->salt->data;
	saltlen = pbe->salt->length;

	if (!pass)
		passlen = 0;
	else if (passlen == -1)
		passlen = strlen(pass);
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
			goto err;
		if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
			goto err;
		if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
			goto err;
	}
	if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
		goto err;
	}
	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
	if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_IV_TOO_LARGE);
		goto err;
	}
	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
	    EVP_CIPHER_iv_length(cipher));
	if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
		goto err;
	explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);







|




|







133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
			goto err;
		if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
			goto err;
		if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
			goto err;
	}
	if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
		EVPerror(EVP_R_BAD_KEY_LENGTH);
		goto err;
	}
	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
	if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
		EVPerror(EVP_R_IV_TOO_LARGE);
		goto err;
	}
	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
	    EVP_CIPHER_iv_length(cipher));
	if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
		goto err;
	explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
Changes to jni/libressl/crypto/evp/p5_crpt2.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
	PBE2PARAM *pbe2 = NULL;
	const EVP_CIPHER *cipher;

	int rv = 0;

	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
		goto err;
	}

	pbuf = param->value.sequence->data;
	plen = param->value.sequence->length;
	if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
		goto err;
	}

	/* See if we recognise the key derivation function */

	if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
		    EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
		goto err;
	}

	/* lets see if we recognise the encryption algorithm.
	 */

	cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);

	if (!cipher) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
		    EVP_R_UNSUPPORTED_CIPHER);
		goto err;
	}

	/* Fixup cipher based on AlgorithmIdentifier */
	if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
		goto err;
	if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
		    EVP_R_CIPHER_PARAMETER_ERROR);
		goto err;
	}
	rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
	    pbe2->keyfunc->parameter, c, md, en_de);

err:
	PBE2PARAM_free(pbe2);







|






|






<
|









<
|







<
|







171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

192
193
194
195
196
197
198
199
200
201

202
203
204
205
206
207
208
209

210
211
212
213
214
215
216
217
	PBE2PARAM *pbe2 = NULL;
	const EVP_CIPHER *cipher;

	int rv = 0;

	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		EVPerror(EVP_R_DECODE_ERROR);
		goto err;
	}

	pbuf = param->value.sequence->data;
	plen = param->value.sequence->length;
	if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
		EVPerror(EVP_R_DECODE_ERROR);
		goto err;
	}

	/* See if we recognise the key derivation function */

	if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {

		EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
		goto err;
	}

	/* lets see if we recognise the encryption algorithm.
	 */

	cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);

	if (!cipher) {

		EVPerror(EVP_R_UNSUPPORTED_CIPHER);
		goto err;
	}

	/* Fixup cipher based on AlgorithmIdentifier */
	if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
		goto err;
	if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {

		EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
		goto err;
	}
	rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
	    pbe2->keyfunc->parameter, c, md, en_de);

err:
	PBE2PARAM_free(pbe2);
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296



297
298
299
300
301
302
303
304
305
306
307
308
	int rv = 0;
	unsigned int keylen = 0;
	int prf_nid, hmac_md_nid;
	PBKDF2PARAM *kdf = NULL;
	const EVP_MD *prfmd;

	if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
		return 0;
	}
	keylen = EVP_CIPHER_CTX_key_length(ctx);
	if (keylen > sizeof key) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
		return 0;
	}

	/* Decode parameter */

	if (!param || (param->type != V_ASN1_SEQUENCE)) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
		return 0;
	}

	pbuf = param->value.sequence->data;
	plen = param->value.sequence->length;

	if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
		return 0;
	}

	/* Now check the parameters of the kdf */

	if (kdf->keylength &&
	    (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
		    EVP_R_UNSUPPORTED_KEYLENGTH);
		goto err;
	}

	if (kdf->prf)
		prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
	else
		prf_nid = NID_hmacWithSHA1;

	if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
		goto err;
	}

	prfmd = EVP_get_digestbynid(hmac_md_nid);
	if (prfmd == NULL) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
		goto err;
	}

	if (kdf->salt->type != V_ASN1_OCTET_STRING) {
		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
		    EVP_R_UNSUPPORTED_SALT_TYPE);
		goto err;
	}

	/* it seems that its all OK */
	salt = kdf->salt->value.octet_string->data;
	saltlen = kdf->salt->value.octet_string->length;
	iter = ASN1_INTEGER_get(kdf->iter);



	if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
	    keylen, key))
		goto err;
	rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);

err:
	explicit_bzero(key, keylen);
	PBKDF2PARAM_free(kdf);
	return rv;
}

#endif







|




|






|







|







<
|









|





|




<
|






|
>
>
>












228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262

263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283

284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
	int rv = 0;
	unsigned int keylen = 0;
	int prf_nid, hmac_md_nid;
	PBKDF2PARAM *kdf = NULL;
	const EVP_MD *prfmd;

	if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
		EVPerror(EVP_R_NO_CIPHER_SET);
		return 0;
	}
	keylen = EVP_CIPHER_CTX_key_length(ctx);
	if (keylen > sizeof key) {
		EVPerror(EVP_R_BAD_KEY_LENGTH);
		return 0;
	}

	/* Decode parameter */

	if (!param || (param->type != V_ASN1_SEQUENCE)) {
		EVPerror(EVP_R_DECODE_ERROR);
		return 0;
	}

	pbuf = param->value.sequence->data;
	plen = param->value.sequence->length;

	if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
		EVPerror(EVP_R_DECODE_ERROR);
		return 0;
	}

	/* Now check the parameters of the kdf */

	if (kdf->keylength &&
	    (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){

		EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
		goto err;
	}

	if (kdf->prf)
		prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
	else
		prf_nid = NID_hmacWithSHA1;

	if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
		EVPerror(EVP_R_UNSUPPORTED_PRF);
		goto err;
	}

	prfmd = EVP_get_digestbynid(hmac_md_nid);
	if (prfmd == NULL) {
		EVPerror(EVP_R_UNSUPPORTED_PRF);
		goto err;
	}

	if (kdf->salt->type != V_ASN1_OCTET_STRING) {

		EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
		goto err;
	}

	/* it seems that its all OK */
	salt = kdf->salt->value.octet_string->data;
	saltlen = kdf->salt->value.octet_string->length;
	if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
		EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
		goto err;
	}
	if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
	    keylen, key))
		goto err;
	rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);

err:
	explicit_bzero(key, keylen);
	PBKDF2PARAM_free(kdf);
	return rv;
}

#endif
Changes to jni/libressl/crypto/evp/p_dec.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_dec.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_dec.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
    EVP_PKEY *priv)
{
	int ret = -1;

#ifndef OPENSSL_NO_RSA
	if (priv->type != EVP_PKEY_RSA) {
#endif
		EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
		goto err;
	}

	ret = RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa,
	    RSA_PKCS1_PADDING);

err:
#endif
	return (ret);
}







|











74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
    EVP_PKEY *priv)
{
	int ret = -1;

#ifndef OPENSSL_NO_RSA
	if (priv->type != EVP_PKEY_RSA) {
#endif
		EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
		goto err;
	}

	ret = RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa,
	    RSA_PKCS1_PADDING);

err:
#endif
	return (ret);
}
Changes to jni/libressl/crypto/evp/p_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_enc.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_enc.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
    EVP_PKEY *pubk)
{
	int ret = 0;

#ifndef OPENSSL_NO_RSA
	if (pubk->type != EVP_PKEY_RSA) {
#endif
		EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
		goto err;
	}
	ret = RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING);
err:
#endif
	return (ret);
}







|








74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
    EVP_PKEY *pubk)
{
	int ret = 0;

#ifndef OPENSSL_NO_RSA
	if (pubk->type != EVP_PKEY_RSA) {
#endif
		EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
		goto err;
	}
	ret = RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING);
err:
#endif
	return (ret);
}
Changes to jni/libressl/crypto/evp/p_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_lib.c,v 1.15 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_lib.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
	return (0);
}

int
EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
	if (to->type != from->type) {
		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,
		    EVP_R_DIFFERENT_KEY_TYPES);
		goto err;
	}

	if (EVP_PKEY_missing_parameters(from)) {
		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,
		    EVP_R_MISSING_PARAMETERS);
		goto err;
	}
	if (from->ameth && from->ameth->param_copy)
		return from->ameth->param_copy(to, from);

err:
	return 0;







<
|




<
|







124
125
126
127
128
129
130

131
132
133
134
135

136
137
138
139
140
141
142
143
	return (0);
}

int
EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
	if (to->type != from->type) {

		EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
		goto err;
	}

	if (EVP_PKEY_missing_parameters(from)) {

		EVPerror(EVP_R_MISSING_PARAMETERS);
		goto err;
	}
	if (from->ameth && from->ameth->param_copy)
		return from->ameth->param_copy(to, from);

err:
	return 0;
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
EVP_PKEY *
EVP_PKEY_new(void)
{
	EVP_PKEY *ret;

	ret = malloc(sizeof(EVP_PKEY));
	if (ret == NULL) {
		EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->type = EVP_PKEY_NONE;
	ret->save_type = EVP_PKEY_NONE;
	ret->references = 1;
	ret->ameth = NULL;
	ret->engine = NULL;







|







186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
EVP_PKEY *
EVP_PKEY_new(void)
{
	EVP_PKEY *ret;

	ret = malloc(sizeof(EVP_PKEY));
	if (ret == NULL) {
		EVPerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->type = EVP_PKEY_NONE;
	ret->save_type = EVP_PKEY_NONE;
	ret->references = 1;
	ret->ameth = NULL;
	ret->engine = NULL;
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
	else
		ameth = EVP_PKEY_asn1_find(&e, type);
#ifndef OPENSSL_NO_ENGINE
	if (!pkey && e)
		ENGINE_finish(e);
#endif
	if (!ameth) {
		EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
		return 0;
	}
	if (pkey) {
		pkey->ameth = ameth;
		pkey->engine = e;

		pkey->type = pkey->ameth->pkey_id;







|







234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
	else
		ameth = EVP_PKEY_asn1_find(&e, type);
#ifndef OPENSSL_NO_ENGINE
	if (!pkey && e)
		ENGINE_finish(e);
#endif
	if (!ameth) {
		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
		return 0;
	}
	if (pkey) {
		pkey->ameth = ameth;
		pkey->engine = e;

		pkey->type = pkey->ameth->pkey_id;
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
	return ret;
}

RSA *
EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_RSA) {
		EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
		return NULL;
	}
	RSA_up_ref(pkey->pkey.rsa);
	return pkey->pkey.rsa;
}
#endif








|







288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
	return ret;
}

RSA *
EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_RSA) {
		EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
		return NULL;
	}
	RSA_up_ref(pkey->pkey.rsa);
	return pkey->pkey.rsa;
}
#endif

312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
	return ret;
}

DSA *
EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_DSA) {
		EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
		return NULL;
	}
	DSA_up_ref(pkey->pkey.dsa);
	return pkey->pkey.dsa;
}
#endif








|







310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
	return ret;
}

DSA *
EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_DSA) {
		EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
		return NULL;
	}
	DSA_up_ref(pkey->pkey.dsa);
	return pkey->pkey.dsa;
}
#endif

335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
	return ret;
}

EC_KEY *
EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_EC) {
		EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
		return NULL;
	}
	EC_KEY_up_ref(pkey->pkey.ec);
	return pkey->pkey.ec;
}
#endif








|







333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
	return ret;
}

EC_KEY *
EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_EC) {
		EVPerror(EVP_R_EXPECTING_A_EC_KEY);
		return NULL;
	}
	EC_KEY_up_ref(pkey->pkey.ec);
	return pkey->pkey.ec;
}
#endif

359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
	return ret;
}

DH *
EVP_PKEY_get1_DH(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_DH) {
		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
		return NULL;
	}
	DH_up_ref(pkey->pkey.dh);
	return pkey->pkey.dh;
}
#endif








|







357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
	return ret;
}

DH *
EVP_PKEY_get1_DH(EVP_PKEY *pkey)
{
	if (pkey->type != EVP_PKEY_DH) {
		EVPerror(EVP_R_EXPECTING_A_DH_KEY);
		return NULL;
	}
	DH_up_ref(pkey->pkey.dh);
	return pkey->pkey.dh;
}
#endif

Changes to jni/libressl/crypto/evp/p_open.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_open.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_open.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
			return 0;
	}

	if (!priv)
		return 1;

	if (priv->type != EVP_PKEY_RSA) {
		EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
		goto err;
	}

	size = RSA_size(priv->pkey.rsa);
	key = malloc(size + 2);
	if (key == NULL) {
		/* ERROR */
		EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
	if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
		/* ERROR */
		goto err;







|







|







82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
			return 0;
	}

	if (!priv)
		return 1;

	if (priv->type != EVP_PKEY_RSA) {
		EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
		goto err;
	}

	size = RSA_size(priv->pkey.rsa);
	key = malloc(size + 2);
	if (key == NULL) {
		/* ERROR */
		EVPerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
	if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
		/* ERROR */
		goto err;
Changes to jni/libressl/crypto/evp/p_seal.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_seal.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_seal.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/evp/p_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_sign.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_sign.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
			break;
		if (pkey->type == v) {
			ok = 1;
			break;
		}
	}
	if (!ok) {
		EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
		return (0);
	}

	if (ctx->digest->sign == NULL) {
		EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
		return (0);
	}
	return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
	    pkey->pkey.ptr));
}







|




|





106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
			break;
		if (pkey->type == v) {
			ok = 1;
			break;
		}
	}
	if (!ok) {
		EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
		return (0);
	}

	if (ctx->digest->sign == NULL) {
		EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
		return (0);
	}
	return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
	    pkey->pkey.ptr));
}
Changes to jni/libressl/crypto/evp/p_verify.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p_verify.c,v 1.11 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p_verify.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
			break;
		if (pkey->type == v) {
			ok = 1;
			break;
		}
	}
	if (!ok) {
		EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
		return (-1);
	}
	if (ctx->digest->verify == NULL) {
		EVPerr(EVP_F_EVP_VERIFYFINAL,
		    EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
		return (0);
	}

	return(ctx->digest->verify(ctx->digest->type, m, m_len,
	    sigbuf, siglen, pkey->pkey.ptr));
}







|



<
|






101
102
103
104
105
106
107
108
109
110
111

112
113
114
115
116
117
118
			break;
		if (pkey->type == v) {
			ok = 1;
			break;
		}
	}
	if (!ok) {
		EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
		return (-1);
	}
	if (ctx->digest->verify == NULL) {

		EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
		return (0);
	}

	return(ctx->digest->verify(ctx->digest->type, m, m_len,
	    sigbuf, siglen, pkey->pkey.ptr));
}
Changes to jni/libressl/crypto/evp/pmeth_fn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pmeth_fn.c,v 1.4 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pmeth_fn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
		if (!arg) \
			{ \
			*arglen = pksize; \
			return 1; \
			} \
		else if (*arglen < pksize) \
			{ \
			EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
			return 0; \
			} \
		}

int
EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
		EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_SIGN;
	if (!ctx->pmeth->sign_init)
		return 1;
	ret = ctx->pmeth->sign_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
    const unsigned char *tbs, size_t tbslen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
		EVPerr(EVP_F_EVP_PKEY_SIGN,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_SIGN) {
		EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
	return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
}

int
EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
		EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_VERIFY;
	if (!ctx->pmeth->verify_init)
		return 1;
	ret = ctx->pmeth->verify_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
    const unsigned char *tbs, size_t tbslen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
		EVPerr(EVP_F_EVP_PKEY_VERIFY,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_VERIFY) {
		EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
}

int
EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
		EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
	if (!ctx->pmeth->verify_recover_init)
		return 1;
	ret = ctx->pmeth->verify_recover_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
    const unsigned char *sig, size_t siglen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
		EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
		EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
		    EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
	return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
}

int
EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
		EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_ENCRYPT;
	if (!ctx->pmeth->encrypt_init)
		return 1;
	ret = ctx->pmeth->encrypt_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
    const unsigned char *in, size_t inlen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
		EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
	return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
}

int
EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
		EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_DECRYPT;
	if (!ctx->pmeth->decrypt_init)
		return 1;
	ret = ctx->pmeth->decrypt_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
    const unsigned char *in, size_t inlen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
		EVPerr(EVP_F_EVP_PKEY_DECRYPT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
		EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
	return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
}

int
EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_DERIVE;
	if (!ctx->pmeth->derive_init)
		return 1;
	ret = ctx->pmeth->derive_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
{
	int ret;

	if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive ||
	    ctx->pmeth->encrypt || ctx->pmeth->decrypt) ||
	    !ctx->pmeth->ctrl) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_DERIVE &&
	    ctx->operation != EVP_PKEY_OP_ENCRYPT &&
	    ctx->operation != EVP_PKEY_OP_DECRYPT) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
		    EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}

	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);

	if (ret <= 0)
		return ret;

	if (ret == 2)
		return 1;

	if (!ctx->pkey) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
		return -1;
	}

	if (ctx->pkey->type != peer->type) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
		    EVP_R_DIFFERENT_KEY_TYPES);
		return -1;
	}

	/* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
	 * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
	 * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
	 * (different key types) is impossible here because it is checked earlier.
	 * -2 is OK for us here, as well as 1, so we can check for 0 only. */
	if (!EVP_PKEY_missing_parameters(peer) &&
	    !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
		    EVP_R_DIFFERENT_PARAMETERS);
		return -1;
	}

	EVP_PKEY_free(ctx->peerkey);
	ctx->peerkey = peer;

	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);







|










<
|
















<
|



|












<
|
















<
|



|











<
|
















<
|



<
|












<
|
















<
|



|












<
|
















<
|



|












<
|



















<
|





<
|












|




<
|










<
|







72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

174
175
176
177

178
179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241

242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258

259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278

279
280
281
282
283
284

285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311
312
313

314
315
316
317
318
319
320
321
		if (!arg) \
			{ \
			*arglen = pksize; \
			return 1; \
			} \
		else if (*arglen < pksize) \
			{ \
			EVPerror(EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
			return 0; \
			} \
		}

int
EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_SIGN;
	if (!ctx->pmeth->sign_init)
		return 1;
	ret = ctx->pmeth->sign_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
    const unsigned char *tbs, size_t tbslen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_SIGN) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
	return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
}

int
EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_VERIFY;
	if (!ctx->pmeth->verify_init)
		return 1;
	ret = ctx->pmeth->verify_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
    const unsigned char *tbs, size_t tbslen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_VERIFY) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
}

int
EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
	if (!ctx->pmeth->verify_recover_init)
		return 1;
	ret = ctx->pmeth->verify_recover_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
    const unsigned char *sig, size_t siglen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {

		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
	return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
}

int
EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_ENCRYPT;
	if (!ctx->pmeth->encrypt_init)
		return 1;
	ret = ctx->pmeth->encrypt_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
    const unsigned char *in, size_t inlen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
	return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
}

int
EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_DECRYPT;
	if (!ctx->pmeth->decrypt_init)
		return 1;
	ret = ctx->pmeth->decrypt_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
    const unsigned char *in, size_t inlen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
	return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
}

int
EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_DERIVE;
	if (!ctx->pmeth->derive_init)
		return 1;
	ret = ctx->pmeth->derive_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
{
	int ret;

	if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive ||
	    ctx->pmeth->encrypt || ctx->pmeth->decrypt) ||
	    !ctx->pmeth->ctrl) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_DERIVE &&
	    ctx->operation != EVP_PKEY_OP_ENCRYPT &&
	    ctx->operation != EVP_PKEY_OP_DECRYPT) {

		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}

	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);

	if (ret <= 0)
		return ret;

	if (ret == 2)
		return 1;

	if (!ctx->pkey) {
		EVPerror(EVP_R_NO_KEY_SET);
		return -1;
	}

	if (ctx->pkey->type != peer->type) {

		EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
		return -1;
	}

	/* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
	 * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
	 * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
	 * (different key types) is impossible here because it is checked earlier.
	 * -2 is OK for us here, as well as 1, so we can check for 0 only. */
	if (!EVP_PKEY_missing_parameters(peer) &&
	    !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {

		EVPerror(EVP_R_DIFFERENT_PARAMETERS);
		return -1;
	}

	EVP_PKEY_free(ctx->peerkey);
	ctx->peerkey = peer;

	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
	return 1;
}

int
EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_DERIVE) {
		EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
	return ctx->pmeth->derive(ctx, key, pkeylen);
}







<
|



|





329
330
331
332
333
334
335

336
337
338
339
340
341
342
343
344
345
	return 1;
}

int
EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_DERIVE) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}
	M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
	return ctx->pmeth->derive(ctx, key, pkeylen);
}
Changes to jni/libressl/crypto/evp/pmeth_gn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pmeth_gn.c,v 1.4 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pmeth_gn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

int
EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
		EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_PARAMGEN;
	if (!ctx->pmeth->paramgen_init)
		return 1;
	ret = ctx->pmeth->paramgen_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
		EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}

	if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
		EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}

	if (!ppkey)
		return -1;

	if (!*ppkey)







<
|

















<
|




|







68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

93
94
95
96
97
98
99
100
101
102
103
104
105

int
EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_PARAMGEN;
	if (!ctx->pmeth->paramgen_init)
		return 1;
	ret = ctx->pmeth->paramgen_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}

	if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}

	if (!ppkey)
		return -1;

	if (!*ppkey)
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

int
EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
		EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_KEYGEN;
	if (!ctx->pmeth->keygen_init)
		return 1;
	ret = ctx->pmeth->keygen_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
		EVPerr(EVP_F_EVP_PKEY_KEYGEN,
		    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
		EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}

	if (!ppkey)
		return -1;

	if (!*ppkey)







<
|

















<
|



|







115
116
117
118
119
120
121

122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

140
141
142
143
144
145
146
147
148
149
150
151

int
EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	ctx->operation = EVP_PKEY_OP_KEYGEN;
	if (!ctx->pmeth->keygen_init)
		return 1;
	ret = ctx->pmeth->keygen_init(ctx);
	if (ret <= 0)
		ctx->operation = EVP_PKEY_OP_UNDEFINED;
	return ret;
}

int
EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {

		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;
	}
	if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
		EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
		return -1;
	}

	if (!ppkey)
		return -1;

	if (!*ppkey)
Changes to jni/libressl/crypto/evp/pmeth_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pmeth_lib.c,v 1.10 2014/11/09 19:17:13 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pmeth_lib.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
99
100
101
102
103
104
105
106
107

108
109
110
111
112
113
114









115



116

117
118
119
120
121
122
123
	&gostr01_pkey_meth,
	&gostimit_pkey_meth,
#endif
	&hmac_pkey_meth,
	&cmac_pkey_meth,
};

DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
    pmeth);


static int
pmeth_cmp(const EVP_PKEY_METHOD * const *a, const EVP_PKEY_METHOD * const *b)
{
	return ((*a)->pkey_id - (*b)->pkey_id);
}










IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,



    pmeth);


const EVP_PKEY_METHOD *
EVP_PKEY_meth_find(int type)
{
	EVP_PKEY_METHOD tmp;
	const EVP_PKEY_METHOD *t = &tmp, **ret;








|
|
>







>
>
>
>
>
>
>
>
>
|
>
>
>
|
>







99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	&gostr01_pkey_meth,
	&gostimit_pkey_meth,
#endif
	&hmac_pkey_meth,
	&cmac_pkey_meth,
};

static int pmeth_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int pmeth_cmp(const EVP_PKEY_METHOD * const *, const EVP_PKEY_METHOD * const *);
static const EVP_PKEY_METHOD * *OBJ_bsearch_pmeth(const EVP_PKEY_METHOD * *key, const EVP_PKEY_METHOD * const *base, int num);

static int
pmeth_cmp(const EVP_PKEY_METHOD * const *a, const EVP_PKEY_METHOD * const *b)
{
	return ((*a)->pkey_id - (*b)->pkey_id);
}


static int
pmeth_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const EVP_PKEY_METHOD * const *a = a_;
	const EVP_PKEY_METHOD * const *b = b_;
	return pmeth_cmp(a, b);
}

static const EVP_PKEY_METHOD * *
OBJ_bsearch_pmeth(const EVP_PKEY_METHOD * *key, const EVP_PKEY_METHOD * const *base, int num)
{
	return (const EVP_PKEY_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const EVP_PKEY_METHOD *),
	    pmeth_cmp_BSEARCH_CMP_FN);
}

const EVP_PKEY_METHOD *
EVP_PKEY_meth_find(int type)
{
	EVP_PKEY_METHOD tmp;
	const EVP_PKEY_METHOD *t = &tmp, **ret;

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
	}
#ifndef OPENSSL_NO_ENGINE
	if (pkey && pkey->engine)
		e = pkey->engine;
	/* Try to find an ENGINE which implements this method */
	if (e) {
		if (!ENGINE_init(e)) {
			EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB);
			return NULL;
		}
	} else
		e = ENGINE_get_pkey_meth_engine(id);

	/* If an ENGINE handled this method look it up. Othewise
	 * use internal tables.
	 */

	if (e)
		pmeth = ENGINE_get_pkey_meth(e, id);
	else
#endif
		pmeth = EVP_PKEY_meth_find(id);

	if (pmeth == NULL) {
		EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM);
		return NULL;
	}

	ret = malloc(sizeof(EVP_PKEY_CTX));
	if (!ret) {
#ifndef OPENSSL_NO_ENGINE
		if (e)
			ENGINE_finish(e);
#endif
		EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->engine = e;
	ret->pmeth = pmeth;
	ret->operation = EVP_PKEY_OP_UNDEFINED;
	ret->pkey = pkey;
	ret->peerkey = NULL;







|
















|









|







162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
	}
#ifndef OPENSSL_NO_ENGINE
	if (pkey && pkey->engine)
		e = pkey->engine;
	/* Try to find an ENGINE which implements this method */
	if (e) {
		if (!ENGINE_init(e)) {
			EVPerror(ERR_R_ENGINE_LIB);
			return NULL;
		}
	} else
		e = ENGINE_get_pkey_meth_engine(id);

	/* If an ENGINE handled this method look it up. Othewise
	 * use internal tables.
	 */

	if (e)
		pmeth = ENGINE_get_pkey_meth(e, id);
	else
#endif
		pmeth = EVP_PKEY_meth_find(id);

	if (pmeth == NULL) {
		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
		return NULL;
	}

	ret = malloc(sizeof(EVP_PKEY_CTX));
	if (!ret) {
#ifndef OPENSSL_NO_ENGINE
		if (e)
			ENGINE_finish(e);
#endif
		EVPerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->engine = e;
	ret->pmeth = pmeth;
	ret->operation = EVP_PKEY_OP_UNDEFINED;
	ret->pkey = pkey;
	ret->peerkey = NULL;
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
	EVP_PKEY_CTX *rctx;

	if (!pctx->pmeth || !pctx->pmeth->copy)
		return NULL;
#ifndef OPENSSL_NO_ENGINE
	/* Make sure it's safe to copy a pkey context using an ENGINE */
	if (pctx->engine && !ENGINE_init(pctx->engine)) {
		EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB);
		return 0;
	}
#endif
	rctx = malloc(sizeof(EVP_PKEY_CTX));
	if (!rctx)
		return NULL;








|







332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
	EVP_PKEY_CTX *rctx;

	if (!pctx->pmeth || !pctx->pmeth->copy)
		return NULL;
#ifndef OPENSSL_NO_ENGINE
	/* Make sure it's safe to copy a pkey context using an ENGINE */
	if (pctx->engine && !ENGINE_init(pctx->engine)) {
		EVPerror(ERR_R_ENGINE_LIB);
		return 0;
	}
#endif
	rctx = malloc(sizeof(EVP_PKEY_CTX));
	if (!rctx)
		return NULL;

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
int
EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,
    int p1, void *p2)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
		return -2;
	}
	if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
		return -1;

	if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
		return -1;
	}

	if ((optype != -1) && !(ctx->operation & optype)) {
		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
		return -1;
	}

	ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);

	if (ret == -2)
		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);

	return ret;

}

int
EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
		    EVP_R_COMMAND_NOT_SUPPORTED);
		return -2;
	}
	if (!strcmp(name, "digest")) {
		const EVP_MD *md;
		if (!value || !(md = EVP_get_digestbyname(value))) {
			EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
			    EVP_R_INVALID_DIGEST);
			return 0;
		}
		return EVP_PKEY_CTX_set_signature_md(ctx, md);
	}
	return ctx->pmeth->ctrl_str(ctx, name, value);
}








|






|




|






|









<
|





<
|







405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440

441
442
443
444
445
446

447
448
449
450
451
452
453
454
int
EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,
    int p1, void *p2)
{
	int ret;

	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
		EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
		return -2;
	}
	if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
		return -1;

	if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
		EVPerror(EVP_R_NO_OPERATION_SET);
		return -1;
	}

	if ((optype != -1) && !(ctx->operation & optype)) {
		EVPerror(EVP_R_INVALID_OPERATION);
		return -1;
	}

	ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);

	if (ret == -2)
		EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);

	return ret;

}

int
EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value)
{
	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {

		EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
		return -2;
	}
	if (!strcmp(name, "digest")) {
		const EVP_MD *md;
		if (!value || !(md = EVP_get_digestbyname(value))) {

			EVPerror(EVP_R_INVALID_DIGEST);
			return 0;
		}
		return EVP_PKEY_CTX_set_signature_md(ctx, md);
	}
	return ctx->pmeth->ctrl_str(ctx, name, value);
}

Changes to jni/libressl/crypto/ex_data.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ex_data.c,v 1.17 2014/07/11 08:44:47 jsing Exp $ */

/*
 * Overhaul notes;
 *
 * This code is now *mostly* thread-safe. It is now easier to understand in what
 * ways it is safe and in what ways it is not, which is an improvement. Firstly,
 * all per-class stacks and index-counters for ex_data are stored in the same
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ex_data.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */

/*
 * Overhaul notes;
 *
 * This code is now *mostly* thread-safe. It is now easier to understand in what
 * ways it is safe and in what ways it is not, which is an improvement. Firstly,
 * all per-class stacks and index-counters for ex_data are stored in the same
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/err.h>
#include <openssl/lhash.h>

/* What an "implementation of ex_data functionality" looks like */
struct st_CRYPTO_EX_DATA_IMPL {
	/*********************/
	/* GLOBAL OPERATIONS */







<
<
<
<







134
135
136
137
138
139
140




141
142
143
144
145
146
147
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */





#include <openssl/err.h>
#include <openssl/lhash.h>

/* What an "implementation of ex_data functionality" looks like */
struct st_CRYPTO_EX_DATA_IMPL {
	/*********************/
	/* GLOBAL OPERATIONS */
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
				(void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
				p = gen;
			}
		}
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
	if (!p)
		CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
	return p;
}

/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
 * index (or -1 for error). Handles locking. */
static int
def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
	int toret = -1;
	CRYPTO_EX_DATA_FUNCS *a = malloc(sizeof(CRYPTO_EX_DATA_FUNCS));

	if (!a) {
		CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
		return -1;
	}
	a->argl = argl;
	a->argp = argp;
	a->new_func = new_func;
	a->dup_func = dup_func;
	a->free_func = free_func;
	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
			CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
			free(a);
			goto err;
		}
	}
	toret = item->meth_num++;
	(void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
err:







|













|










|







328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
				(void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
				p = gen;
			}
		}
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
	if (!p)
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
	return p;
}

/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
 * index (or -1 for error). Handles locking. */
static int
def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
	int toret = -1;
	CRYPTO_EX_DATA_FUNCS *a = malloc(sizeof(CRYPTO_EX_DATA_FUNCS));

	if (!a) {
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return -1;
	}
	a->argl = argl;
	a->argp = argp;
	a->new_func = new_func;
	a->dup_func = dup_func;
	a->free_func = free_func;
	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
			CRYPTOerror(ERR_R_MALLOC_FAILURE);
			free(a);
			goto err;
		}
	}
	toret = item->meth_num++;
	(void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
err:
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
		for (i = 0; i < mx; i++)
			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(
			    item->meth, i);
	}
skip:
	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
	if ((mx > 0) && !storage) {
		CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < mx; i++) {
		if (storage[i] && storage[i]->new_func) {
			ptr = CRYPTO_get_ex_data(ad, i);
			storage[i]->new_func(obj, ptr, ad, i,
			    storage[i]->argl, storage[i]->argp);







|







430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
		for (i = 0; i < mx; i++)
			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(
			    item->meth, i);
	}
skip:
	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
	if ((mx > 0) && !storage) {
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < mx; i++) {
		if (storage[i] && storage[i]->new_func) {
			ptr = CRYPTO_get_ex_data(ad, i);
			storage[i]->new_func(obj, ptr, ad, i,
			    storage[i]->argl, storage[i]->argp);
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
		for (i = 0; i < mx; i++)
			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(
			    item->meth, i);
	}
skip:
	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
	if ((mx > 0) && !storage) {
		CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < mx; i++) {
		ptr = CRYPTO_get_ex_data(from, i);
		if (storage[i] && storage[i]->dup_func)
			storage[i]->dup_func(to, from, &ptr, i,
			    storage[i]->argl, storage[i]->argp);







|







474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
		for (i = 0; i < mx; i++)
			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(
			    item->meth, i);
	}
skip:
	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
	if ((mx > 0) && !storage) {
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < mx; i++) {
		ptr = CRYPTO_get_ex_data(from, i);
		if (storage[i] && storage[i]->dup_func)
			storage[i]->dup_func(to, from, &ptr, i,
			    storage[i]->argl, storage[i]->argp);
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
		for (i = 0; i < mx; i++)
			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(
			    item->meth, i);
	}
skip:
	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
	if ((mx > 0) && !storage) {
		CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
		return;
	}
	for (i = 0; i < mx; i++) {
		if (storage[i] && storage[i]->free_func) {
			ptr = CRYPTO_get_ex_data(ad, i);
			storage[i]->free_func(obj, ptr, ad, i,
			    storage[i]->argl, storage[i]->argp);







|







511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
		for (i = 0; i < mx; i++)
			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(
			    item->meth, i);
	}
skip:
	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
	if ((mx > 0) && !storage) {
		CRYPTOerror(ERR_R_MALLOC_FAILURE);
		return;
	}
	for (i = 0; i < mx; i++) {
		if (storage[i] && storage[i]->free_func) {
			ptr = CRYPTO_get_ex_data(ad, i);
			storage[i]->free_func(obj, ptr, ad, i,
			    storage[i]->argl, storage[i]->argp);
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
int
CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
{
	int i;

	if (ad->sk == NULL) {
		if ((ad->sk = sk_void_new_null()) == NULL) {
			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,
			    ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}
	i = sk_void_num(ad->sk);

	while (i <= idx) {
		if (!sk_void_push(ad->sk, NULL)) {
			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,
			    ERR_R_MALLOC_FAILURE);
			return (0);
		}
		i++;
	}
	sk_void_set(ad->sk, idx, val);
	return (1);
}







<
|







<
|







601
602
603
604
605
606
607

608
609
610
611
612
613
614
615

616
617
618
619
620
621
622
623
int
CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
{
	int i;

	if (ad->sk == NULL) {
		if ((ad->sk = sk_void_new_null()) == NULL) {

			CRYPTOerror(ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}
	i = sk_void_num(ad->sk);

	while (i <= idx) {
		if (!sk_void_push(ad->sk, NULL)) {

			CRYPTOerror(ERR_R_MALLOC_FAILURE);
			return (0);
		}
		i++;
	}
	sk_void_set(ad->sk, idx, val);
	return (1);
}
Changes to jni/libressl/crypto/gost/gost.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost.h,v 1.3 2016/09/04 17:02:31 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
85
86
87
88
89
90
91




92
93
94
95
96
97
98
99
	unsigned char *ivec, unsigned char *cnt_buf, int *num);

typedef struct {
	ASN1_OCTET_STRING *iv;
	ASN1_OBJECT *enc_param_set;
} GOST_CIPHER_PARAMS;





DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)

#define GOST2814789IMIT_LENGTH 4
#define GOST2814789IMIT_CBLOCK 8
#define GOST2814789IMIT_LONG unsigned int

typedef struct GOST2814789IMITstate_st {
	GOST2814789IMIT_LONG	Nl, Nh;







>
>
>
>
|







85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
	unsigned char *ivec, unsigned char *cnt_buf, int *num);

typedef struct {
	ASN1_OCTET_STRING *iv;
	ASN1_OBJECT *enc_param_set;
} GOST_CIPHER_PARAMS;

GOST_CIPHER_PARAMS *GOST_CIPHER_PARAMS_new(void);
void GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a);
GOST_CIPHER_PARAMS *d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len);
int i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out);
extern const ASN1_ITEM GOST_CIPHER_PARAMS_it;

#define GOST2814789IMIT_LENGTH 4
#define GOST2814789IMIT_CBLOCK 8
#define GOST2814789IMIT_LONG unsigned int

typedef struct GOST2814789IMITstate_st {
	GOST2814789IMIT_LONG	Nl, Nh;
Changes to jni/libressl/crypto/gost/gost2814789.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost2814789.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost2814789.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/gost/gost89_keywrap.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost89_keywrap.c,v 1.2 2014/11/09 19:27:29 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost89_keywrap.c,v 1.3 2014/11/09 19:28:44 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/gost/gost89_params.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost89_params.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost89_params.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/gost/gost89imit_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost89imit_ameth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost89imit_ameth.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/gost/gost89imit_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost89imit_pmeth.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost89imit_pmeth.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
static int
pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
	struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
	unsigned char *keydata;

	if (!data->key_set) {
		GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
		return 0;
	}

	keydata = malloc(32);
	if (keydata == NULL) {
		GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	memcpy(keydata, data->key, 32);
	EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);

	return 1;
}

static int
pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
	struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);

	switch (type) {
	case EVP_PKEY_CTRL_MD:
		if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {
			GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
			    GOST_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		data->md = p2;
		return 1;

	case EVP_PKEY_CTRL_SET_MAC_KEY:
		if (p1 != 32) {
			GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
			    GOST_R_INVALID_MAC_KEY_LENGTH);
			return 0;
		}

		memcpy(data->key, p2, 32);
		data->key_set = 1;
		return 1;

	case EVP_PKEY_CTRL_DIGESTINIT:
	    {
		EVP_MD_CTX *mctx = p2;
		void *key;

		if (!data->key_set) {
			EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
			if (pkey == NULL) {
				GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
				    GOST_R_MAC_KEY_NOT_SET);
				return 0;
			}
			key = EVP_PKEY_get0(pkey);
			if (key == NULL) {
				GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
				    GOST_R_MAC_KEY_NOT_SET);
				return 0;
			}
		} else {
			key = &(data->key);
		}
		if (mctx->digest->md_ctrl == NULL)
			return 0;







|





|
















<
|







<
|















<
|




<
|







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

136
137
138
139
140
141
142
143

144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

160
161
162
163
164

165
166
167
168
169
170
171
172
static int
pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
	struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
	unsigned char *keydata;

	if (!data->key_set) {
		GOSTerror(GOST_R_MAC_KEY_NOT_SET);
		return 0;
	}

	keydata = malloc(32);
	if (keydata == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	memcpy(keydata, data->key, 32);
	EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);

	return 1;
}

static int
pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
	struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);

	switch (type) {
	case EVP_PKEY_CTRL_MD:
		if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {

			GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		data->md = p2;
		return 1;

	case EVP_PKEY_CTRL_SET_MAC_KEY:
		if (p1 != 32) {

			GOSTerror(GOST_R_INVALID_MAC_KEY_LENGTH);
			return 0;
		}

		memcpy(data->key, p2, 32);
		data->key_set = 1;
		return 1;

	case EVP_PKEY_CTRL_DIGESTINIT:
	    {
		EVP_MD_CTX *mctx = p2;
		void *key;

		if (!data->key_set) {
			EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
			if (pkey == NULL) {

				GOSTerror(GOST_R_MAC_KEY_NOT_SET);
				return 0;
			}
			key = EVP_PKEY_get0(pkey);
			if (key == NULL) {

				GOSTerror(GOST_R_MAC_KEY_NOT_SET);
				return 0;
			}
		} else {
			key = &(data->key);
		}
		if (mctx->digest->md_ctrl == NULL)
			return 0;
Changes to jni/libressl/crypto/gost/gost_asn1.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost_asn1.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
50
51
52
53
54
55
56


57
58
59
60
61

62



63
64
65
66
67
68
69




70
71
72
73
74
75
76




77
78
79
80
81
82
83
84

85



86


87
 */

#ifndef HEADER_GOST_ASN1_H
#define HEADER_GOST_ASN1_H

#include <openssl/asn1.h>



typedef struct {
	ASN1_OCTET_STRING *encrypted_key;
	ASN1_OCTET_STRING *imit;
} GOST_KEY_INFO;


DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)




typedef struct {
	ASN1_OBJECT *cipher;
	X509_PUBKEY *ephem_key;
	ASN1_OCTET_STRING *eph_iv;
} GOST_KEY_AGREEMENT_INFO;





DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)

typedef struct {
	GOST_KEY_INFO *key_info;
	GOST_KEY_AGREEMENT_INFO *key_agreement_info;
} GOST_KEY_TRANSPORT;





DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)

typedef struct {
	ASN1_OBJECT *key_params;
	ASN1_OBJECT *hash_params;
	ASN1_OBJECT *cipher_params;
} GOST_KEY_PARAMS;


DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)






#endif







>
>





>
|
>
>
>







>
>
>
>
|






>
>
>
>
|







>
|
>
>
>

>
>

50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 */

#ifndef HEADER_GOST_ASN1_H
#define HEADER_GOST_ASN1_H

#include <openssl/asn1.h>

__BEGIN_HIDDEN_DECLS

typedef struct {
	ASN1_OCTET_STRING *encrypted_key;
	ASN1_OCTET_STRING *imit;
} GOST_KEY_INFO;

GOST_KEY_INFO *GOST_KEY_INFO_new(void);
void GOST_KEY_INFO_free(GOST_KEY_INFO *a);
GOST_KEY_INFO *d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len);
int i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out);
extern const ASN1_ITEM GOST_KEY_INFO_it;

typedef struct {
	ASN1_OBJECT *cipher;
	X509_PUBKEY *ephem_key;
	ASN1_OCTET_STRING *eph_iv;
} GOST_KEY_AGREEMENT_INFO;

GOST_KEY_AGREEMENT_INFO *GOST_KEY_AGREEMENT_INFO_new(void);
void GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a);
GOST_KEY_AGREEMENT_INFO *d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len);
int i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out);
extern const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it;

typedef struct {
	GOST_KEY_INFO *key_info;
	GOST_KEY_AGREEMENT_INFO *key_agreement_info;
} GOST_KEY_TRANSPORT;

GOST_KEY_TRANSPORT *GOST_KEY_TRANSPORT_new(void);
void GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a);
GOST_KEY_TRANSPORT *d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len);
int i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out);
extern const ASN1_ITEM GOST_KEY_TRANSPORT_it;

typedef struct {
	ASN1_OBJECT *key_params;
	ASN1_OBJECT *hash_params;
	ASN1_OBJECT *cipher_params;
} GOST_KEY_PARAMS;

GOST_KEY_PARAMS *GOST_KEY_PARAMS_new(void);
void GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a);
GOST_KEY_PARAMS *d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len);
int i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out);
extern const ASN1_ITEM GOST_KEY_PARAMS_it;

__END_HIDDEN_DECLS

#endif
Changes to jni/libressl/crypto/gost/gost_err.c.
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)

static ERR_STRING_DATA GOST_str_functs[]=
	{
{ERR_FUNC(GOST_F_DECODE_GOST01_ALGOR_PARAMS),	"DECODE_GOST01_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_ENCODE_GOST01_ALGOR_PARAMS),	"ENCODE_GOST01_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC),	"GOST2001_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST2001_DO_SIGN),	"GOST2001_DO_SIGN"},
{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY),	"GOST2001_DO_VERIFY"},
{ERR_FUNC(GOST_F_GOST2001_KEYGEN),	"GOST2001_KEYGEN"},
{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),	"GOST89_GET_ASN1_PARAMETERS"},
{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),	"GOST89_SET_ASN1_PARAMETERS"},
{ERR_FUNC(GOST_F_GOST_KEY_CHECK_KEY),	"GOST_KEY_check_key"},
{ERR_FUNC(GOST_F_GOST_KEY_NEW),	"GOST_KEY_new"},
{ERR_FUNC(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),	"GOST_KEY_set_public_key_affine_coordinates"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01),	"PARAM_COPY_GOST01"},
{ERR_FUNC(GOST_F_PARAM_DECODE_GOST01),	"PARAM_DECODE_GOST01"},
{ERR_FUNC(GOST_F_PKEY_GOST01_CTRL),	"PKEY_GOST01_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST01_DECRYPT),	"PKEY_GOST01_DECRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST01_DERIVE),	"PKEY_GOST01_DERIVE"},
{ERR_FUNC(GOST_F_PKEY_GOST01_ENCRYPT),	"PKEY_GOST01_ENCRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN),	"PKEY_GOST01_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST01_SIGN),	"PKEY_GOST01_SIGN"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL),	"PKEY_GOST_MAC_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN),	"PKEY_GOST_MAC_KEYGEN"},
{ERR_FUNC(GOST_F_PRIV_DECODE_GOST01),	"PRIV_DECODE_GOST01"},
{ERR_FUNC(GOST_F_PUB_DECODE_GOST01),	"PUB_DECODE_GOST01"},
{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01),	"PUB_ENCODE_GOST01"},
{ERR_FUNC(GOST_F_PUB_PRINT_GOST01),	"PUB_PRINT_GOST01"},
{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_CP),	"UNPACK_SIGNATURE_CP"},
{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_LE),	"UNPACK_SIGNATURE_LE"},
{0,NULL}
	};

static ERR_STRING_DATA GOST_str_reasons[]=
	{
{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
{ERR_REASON(GOST_R_CTRL_CALL_FAILED)     ,"ctrl call failed"},







|
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|







64
65
66
67
68
69
70
71










72

















73
74
75
76
77
78
79
80
81

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)

static ERR_STRING_DATA GOST_str_functs[]= {










	{ERR_FUNC(0xfff), "CRYPTO_internal"},

















	{0, NULL}
};

static ERR_STRING_DATA GOST_str_reasons[]=
	{
{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
{ERR_REASON(GOST_R_CTRL_CALL_FAILED)     ,"ctrl call failed"},
Changes to jni/libressl/crypto/gost/gost_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost_locl.h,v 1.2 2014/11/09 19:27:29 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost_locl.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
50
51
52
53
54
55
56


57
58
59
60
61
62
63
 */

#ifndef HEADER_GOST_LOCL_H
#define HEADER_GOST_LOCL_H

#include <openssl/ec.h>
#include <openssl/ecdsa.h>



/* Internal representation of GOST substitution blocks */
typedef struct {
	unsigned char k8[16];
	unsigned char k7[16];
	unsigned char k6[16];
	unsigned char k5[16];







>
>







50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 */

#ifndef HEADER_GOST_LOCL_H
#define HEADER_GOST_LOCL_H

#include <openssl/ec.h>
#include <openssl/ecdsa.h>

__BEGIN_HIDDEN_DECLS

/* Internal representation of GOST substitution blocks */
typedef struct {
	unsigned char k8[16];
	unsigned char k7[16];
	unsigned char k6[16];
	unsigned char k5[16];
105
106
107
108
109
110
111
112


113
extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len);

/* GOST R 34.10 parameters */
extern int GostR3410_get_md_digest(int nid);
extern int GostR3410_get_pk_digest(int nid);
extern int GostR3410_256_param_id(const char *value);
extern int GostR3410_512_param_id(const char *value);



#endif








>
>

107
108
109
110
111
112
113
114
115
116
117
extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len);

/* GOST R 34.10 parameters */
extern int GostR3410_get_md_digest(int nid);
extern int GostR3410_get_pk_digest(int nid);
extern int GostR3410_256_param_id(const char *value);
extern int GostR3410_512_param_id(const char *value);

__END_HIDDEN_DECLS

#endif
Changes to jni/libressl/crypto/gost/gostr341001.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001.c,v 1.3 2015/02/11 03:19:37 doug Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
53
54
55
56
57
58
59


60
61
62
63
64
65
66

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_GOST
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/gost.h>


#include "gost_locl.h"

/* Convert little-endian byte array into bignum */
BIGNUM *
GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn)
{
	unsigned char temp[64];







>
>







53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_GOST
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/gost.h>

#include "bn_lcl.h"
#include "gost_locl.h"

/* Convert little-endian byte array into bignum */
BIGNUM *
GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn)
{
	unsigned char temp[64];
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
	const EC_GROUP *group = GOST_KEY_get0_group(ec);
	EC_POINT *pub_key = NULL;
	const BIGNUM *priv_key = NULL;
	BN_CTX *ctx = NULL;
	int ok = 0;

	if (group == NULL) {
		GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
		    GOST_R_KEY_IS_NOT_INITIALIZED);
		return 0;
	}
	ctx = BN_CTX_new();
	if (ctx == NULL) {
		GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	BN_CTX_start(ctx);
	if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
		goto err;

	pub_key = EC_POINT_new(group);
	if (pub_key == NULL)
		goto err;
	if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
		goto err;
	if (GOST_KEY_set_public_key(ec, pub_key) == 0)
		goto err;
	ok = 1;

	if (ok == 0) {
err:
		GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
	}
	EC_POINT_free(pub_key);
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	return ok;







<
|




<
|

















|







105
106
107
108
109
110
111

112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
	const EC_GROUP *group = GOST_KEY_get0_group(ec);
	EC_POINT *pub_key = NULL;
	const BIGNUM *priv_key = NULL;
	BN_CTX *ctx = NULL;
	int ok = 0;

	if (group == NULL) {

		GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED);
		return 0;
	}
	ctx = BN_CTX_new();
	if (ctx == NULL) {

		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	BN_CTX_start(ctx);
	if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
		goto err;

	pub_key = EC_POINT_new(group);
	if (pub_key == NULL)
		goto err;
	if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
		goto err;
	if (GOST_KEY_set_public_key(ec, pub_key) == 0)
		goto err;
	ok = 1;

	if (ok == 0) {
err:
		GOSTerror(ERR_R_EC_LIB);
	}
	EC_POINT_free(pub_key);
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	return ok;
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
	BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
	    NULL, *e = NULL;
	EC_POINT *C = NULL;
	BN_CTX *ctx = BN_CTX_new();
	int ok = 0;

	if (ctx == NULL) {
		GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	BN_CTX_start(ctx);
	newsig = ECDSA_SIG_new();
	if (newsig == NULL) {
		GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	s = newsig->s;
	r = newsig->r;
	group = GOST_KEY_get0_group(eckey);
	if ((order = BN_CTX_get(ctx)) == NULL)
		goto err;
	if (EC_GROUP_get_order(group, order, ctx) == 0)
		goto err;
	priv_key = GOST_KEY_get0_private_key(eckey);
	if ((e = BN_CTX_get(ctx)) == NULL)
		goto err;
	if (BN_mod(e, md, order, ctx) == 0)
		goto err;
	if (BN_is_zero(e))
		BN_one(e);
	if ((k = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((X = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((C = EC_POINT_new(group)) == NULL)
		goto err;
	do {
		do {
			if (!BN_rand_range(k, order)) {
				GOSTerr(GOST_F_GOST2001_DO_SIGN,
					GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
				goto err;
			}
			/*
			 * We do not want timing information to leak the length
			 * of k, so we compute G*k using an equivalent scalar
			 * of fixed bit-length.
			 */
			if (BN_add(k, k, order) == 0)
				goto err;
			if (BN_num_bits(k) <= BN_num_bits(order))
				if (BN_add(k, k, order) == 0)
					goto err;

			if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
				GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
				goto err;
			}
			if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
			    NULL, ctx) == 0) {
				GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
				goto err;
			}
			if (BN_nnmod(r, X, order, ctx) == 0)
				goto err;
		} while (BN_is_zero(r));
		/* s = (r*priv_key+k*e) mod order */
		if (tmp == NULL) {







|





|












|












<
|














|




|







152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
	BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
	    NULL, *e = NULL;
	EC_POINT *C = NULL;
	BN_CTX *ctx = BN_CTX_new();
	int ok = 0;

	if (ctx == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	BN_CTX_start(ctx);
	newsig = ECDSA_SIG_new();
	if (newsig == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	s = newsig->s;
	r = newsig->r;
	group = GOST_KEY_get0_group(eckey);
	if ((order = BN_CTX_get(ctx)) == NULL)
		goto err;
	if (EC_GROUP_get_order(group, order, ctx) == 0)
		goto err;
	priv_key = GOST_KEY_get0_private_key(eckey);
	if ((e = BN_CTX_get(ctx)) == NULL)
		goto err;
	if (BN_mod_ct(e, md, order, ctx) == 0)
		goto err;
	if (BN_is_zero(e))
		BN_one(e);
	if ((k = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((X = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((C = EC_POINT_new(group)) == NULL)
		goto err;
	do {
		do {
			if (!BN_rand_range(k, order)) {

				GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
				goto err;
			}
			/*
			 * We do not want timing information to leak the length
			 * of k, so we compute G*k using an equivalent scalar
			 * of fixed bit-length.
			 */
			if (BN_add(k, k, order) == 0)
				goto err;
			if (BN_num_bits(k) <= BN_num_bits(order))
				if (BN_add(k, k, order) == 0)
					goto err;

			if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
				GOSTerror(ERR_R_EC_LIB);
				goto err;
			}
			if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
			    NULL, ctx) == 0) {
				GOSTerror(ERR_R_EC_LIB);
				goto err;
			}
			if (BN_nnmod(r, X, order, ctx) == 0)
				goto err;
		} while (BN_is_zero(r));
		/* s = (r*priv_key+k*e) mod order */
		if (tmp == NULL) {
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
		goto err;

	if (EC_GROUP_get_order(group, order, ctx) == 0)
		goto err;
	pub_key = GOST_KEY_get0_public_key(ec);
	if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
	    BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {
		GOSTerr(GOST_F_GOST2001_DO_VERIFY,
		    GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
		goto err;
	}

	if (BN_mod(e, md, order, ctx) == 0)
		goto err;
	if (BN_is_zero(e))
		BN_one(e);
	if ((v = BN_mod_inverse(v, e, order, ctx)) == NULL)
		goto err;
	if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
		goto err;
	if (BN_sub(tmp, order, sig->r) == 0)
		goto err;
	if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
		goto err;
	if ((C = EC_POINT_new(group)) == NULL)
		goto err;
	if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
		GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
		goto err;
	}
	if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
		GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
		goto err;
	}
	if (BN_mod(R, X, order, ctx) == 0)
		goto err;
	if (BN_cmp(R, sig->r) != 0) {
		GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
	} else {
		ok = 1;
	}
err:
	EC_POINT_free(C);
	if (ctx != NULL) {
		BN_CTX_end(ctx);







<
|



|



|










|



|


|


|







278
279
280
281
282
283
284

285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
		goto err;

	if (EC_GROUP_get_order(group, order, ctx) == 0)
		goto err;
	pub_key = GOST_KEY_get0_public_key(ec);
	if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
	    BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {

		GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
		goto err;
	}

	if (BN_mod_ct(e, md, order, ctx) == 0)
		goto err;
	if (BN_is_zero(e))
		BN_one(e);
	if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL)
		goto err;
	if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
		goto err;
	if (BN_sub(tmp, order, sig->r) == 0)
		goto err;
	if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
		goto err;
	if ((C = EC_POINT_new(group)) == NULL)
		goto err;
	if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
		GOSTerror(ERR_R_EC_LIB);
		goto err;
	}
	if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
		GOSTerror(ERR_R_EC_LIB);
		goto err;
	}
	if (BN_mod_ct(R, X, order, ctx) == 0)
		goto err;
	if (BN_cmp(R, sig->r) != 0) {
		GOSTerror(GOST_R_SIGNATURE_MISMATCH);
	} else {
		ok = 1;
	}
err:
	EC_POINT_free(C);
	if (ctx != NULL) {
		BN_CTX_end(ctx);
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
	if (order == NULL || d == NULL)
		goto err;
	if (EC_GROUP_get_order(group, order, NULL) == 0)
		goto err;

	do {
		if (BN_rand_range(d, order) == 0) {
			GOSTerr(GOST_F_GOST2001_KEYGEN,
				GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
			goto err;
		}
	} while (BN_is_zero(d));

	if (GOST_KEY_set_private_key(ec, d) == 0)
		goto err;
	rc = gost2001_compute_public(ec);







<
|







377
378
379
380
381
382
383

384
385
386
387
388
389
390
391
	if (order == NULL || d == NULL)
		goto err;
	if (EC_GROUP_get_order(group, order, NULL) == 0)
		goto err;

	do {
		if (BN_rand_range(d, order) == 0) {

			GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
			goto err;
		}
	} while (BN_is_zero(d));

	if (GOST_KEY_set_private_key(ec, d) == 0)
		goto err;
	rc = gost2001_compute_public(ec);
Changes to jni/libressl/crypto/gost/gostr341001_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_ameth.c,v 1.8 2015/02/11 04:05:14 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_ameth.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/gost.h>

#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif

#include "asn1_locl.h"
#include "gost_locl.h"
#include "gost_asn1.h"

static void
pkey_free_gost01(EVP_PKEY *key)







<
<
<







57
58
59
60
61
62
63



64
65
66
67
68
69
70
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/gost.h>





#include "asn1_locl.h"
#include "gost_locl.h"
#include "gost_asn1.h"

static void
pkey_free_gost01(EVP_PKEY *key)
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
	int param_nid = NID_undef, digest_nid = NID_undef;
	GOST_KEY_PARAMS *gkp = NULL;
	EC_GROUP *group;
	GOST_KEY *ec;

	gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
	if (gkp == NULL) {
		GOSTerr(GOST_F_DECODE_GOST01_ALGOR_PARAMS,
			GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
		return 0;
	}
	param_nid = OBJ_obj2nid(gkp->key_params);
	digest_nid = OBJ_obj2nid(gkp->hash_params);
	GOST_KEY_PARAMS_free(gkp);

	ec = pkey->pkey.gost;







<
|







82
83
84
85
86
87
88

89
90
91
92
93
94
95
96
	int param_nid = NID_undef, digest_nid = NID_undef;
	GOST_KEY_PARAMS *gkp = NULL;
	EC_GROUP *group;
	GOST_KEY *ec;

	gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
	if (gkp == NULL) {

		GOSTerror(GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
		return 0;
	}
	param_nid = OBJ_obj2nid(gkp->key_params);
	digest_nid = OBJ_obj2nid(gkp->hash_params);
	GOST_KEY_PARAMS_free(gkp);

	ec = pkey->pkey.gost;
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
encode_gost01_algor_params(const EVP_PKEY *key)
{
	ASN1_STRING *params = ASN1_STRING_new();
	GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
	int pkey_param_nid = NID_undef;

	if (params == NULL || gkp == NULL) {
		GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
		    ERR_R_MALLOC_FAILURE);
		ASN1_STRING_free(params);
		params = NULL;
		goto err;
	}

	pkey_param_nid =
	    EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
	gkp->key_params = OBJ_nid2obj(pkey_param_nid);
	gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
	/*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
	params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
	if (params->length <= 0) {
		GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
		    ERR_R_MALLOC_FAILURE);
		ASN1_STRING_free(params);
		params = NULL;
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;
err:
	GOST_KEY_PARAMS_free(gkp);







<
|












<
|







120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139

140
141
142
143
144
145
146
147
encode_gost01_algor_params(const EVP_PKEY *key)
{
	ASN1_STRING *params = ASN1_STRING_new();
	GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
	int pkey_param_nid = NID_undef;

	if (params == NULL || gkp == NULL) {

		GOSTerror(ERR_R_MALLOC_FAILURE);
		ASN1_STRING_free(params);
		params = NULL;
		goto err;
	}

	pkey_param_nid =
	    EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
	gkp->key_params = OBJ_nid2obj(pkey_param_nid);
	gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
	/*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
	params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
	if (params->length <= 0) {

		GOSTerror(ERR_R_MALLOC_FAILURE);
		ASN1_STRING_free(params);
		params = NULL;
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;
err:
	GOST_KEY_PARAMS_free(gkp);
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241

	if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)
	    == 0)
		return 0;
	(void)EVP_PKEY_assign_GOST(pk, NULL);
	X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
	if (ptype != V_ASN1_SEQUENCE) {
		GOSTerr(GOST_F_PUB_DECODE_GOST01,
		    GOST_R_BAD_KEY_PARAMETERS_FORMAT);
		return 0;
	}
	p = pval->data;
	if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
		return 0;

	octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
	if (octet == NULL) {
		GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	len = octet->length / 2;

	X = GOST_le2bn(octet->data, len, NULL);
	Y = GOST_le2bn(octet->data + len, len, NULL);

	ASN1_OCTET_STRING_free(octet);

	ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
	if (ret == 0)
		GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);

	BN_free(X);
	BN_free(Y);

	return ret;
}








<
|








|











|







199
200
201
202
203
204
205

206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234

	if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)
	    == 0)
		return 0;
	(void)EVP_PKEY_assign_GOST(pk, NULL);
	X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
	if (ptype != V_ASN1_SEQUENCE) {

		GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
		return 0;
	}
	p = pval->data;
	if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
		return 0;

	octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
	if (octet == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	len = octet->length / 2;

	X = GOST_le2bn(octet->data, len, NULL);
	Y = GOST_le2bn(octet->data + len, len, NULL);

	ASN1_OCTET_STRING_free(octet);

	ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
	if (ret == 0)
		GOSTerror(ERR_R_EC_LIB);

	BN_free(X);
	BN_free(Y);

	return ret;
}

262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
		ptype = V_ASN1_SEQUENCE;
	}

	key_size = GOST_KEY_get_size(ec);

	pub_key = GOST_KEY_get0_public_key(ec);
	if (pub_key == NULL) {
		GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
		goto err;
	}

	octet = ASN1_OCTET_STRING_new();
	if (octet == NULL) {
		GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
	if (ret == 0) {
		GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	sptr = ASN1_STRING_data(octet);

	X = BN_new();
	Y = BN_new();
	if (X == NULL || Y == NULL) {
		GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
	    pub_key, X, Y, NULL) == 0) {
		GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_EC_LIB);
		goto err;
	}

	GOST_bn2le(X, sptr, key_size);
	GOST_bn2le(Y, sptr + key_size, key_size);

	BN_free(Y);







|





|





|








|





|







255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
		ptype = V_ASN1_SEQUENCE;
	}

	key_size = GOST_KEY_get_size(ec);

	pub_key = GOST_KEY_get0_public_key(ec);
	if (pub_key == NULL) {
		GOSTerror(GOST_R_PUBLIC_KEY_UNDEFINED);
		goto err;
	}

	octet = ASN1_OCTET_STRING_new();
	if (octet == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
	if (ret == 0) {
		GOSTerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}

	sptr = ASN1_STRING_data(octet);

	X = BN_new();
	Y = BN_new();
	if (X == NULL || Y == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
	    pub_key, X, Y, NULL) == 0) {
		GOSTerror(ERR_R_EC_LIB);
		goto err;
	}

	GOST_bn2le(X, sptr, key_size);
	GOST_bn2le(Y, sptr + key_size, key_size);

	BN_free(Y);
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
{
	BN_CTX *ctx = BN_CTX_new();
	BIGNUM *X, *Y;
	const EC_POINT *pubkey;
	const EC_GROUP *group;

	if (ctx == NULL) {
		GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	BN_CTX_start(ctx);
	if ((X = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((Y = BN_CTX_get(ctx)) == NULL)
		goto err;
	pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
	group = GOST_KEY_get0_group(pkey->pkey.gost);
	if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y,
	    ctx) == 0) {
		GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_EC_LIB);
		goto err;
	}
	if (BIO_indent(out, indent, 128) == 0)
		goto err;
	BIO_printf(out, "Public key:\n");
	if (BIO_indent(out, indent + 3, 128) == 0)
		goto err;







|











|







332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
{
	BN_CTX *ctx = BN_CTX_new();
	BIGNUM *X, *Y;
	const EC_POINT *pubkey;
	const EC_GROUP *group;

	if (ctx == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	BN_CTX_start(ctx);
	if ((X = BN_CTX_get(ctx)) == NULL)
		goto err;
	if ((Y = BN_CTX_get(ctx)) == NULL)
		goto err;
	pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
	group = GOST_KEY_get0_group(pkey->pkey.gost);
	if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y,
	    ctx) == 0) {
		GOSTerror(ERR_R_EC_LIB);
		goto err;
	}
	if (BIO_indent(out, indent, 128) == 0)
		goto err;
	BIO_printf(out, "Public key:\n");
	if (BIO_indent(out, indent + 3, 128) == 0)
		goto err;
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
	ASN1_STRING *pval = NULL;

	if (PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf) == 0)
		return 0;
	(void)EVP_PKEY_assign_GOST(pk, NULL);
	X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
	if (ptype != V_ASN1_SEQUENCE) {
		GOSTerr(GOST_F_PUB_DECODE_GOST01,
		    GOST_R_BAD_KEY_PARAMETERS_FORMAT);
		return 0;
	}
	p = pval->data;
	if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
		return 0;
	p = pkey_buf;
	if (V_ASN1_OCTET_STRING == *p) {
		/* New format - Little endian octet string */
		unsigned char rev_buf[32];
		int i;
		ASN1_OCTET_STRING *s =
		    d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);

		if (s == NULL || s->length != 32) {
			GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
			ASN1_STRING_free(s);
			return 0;
		}
		for (i = 0; i < 32; i++) {
			rev_buf[31 - i] = s->data[i];
		}
		ASN1_STRING_free(s);
		pk_num = BN_bin2bn(rev_buf, 32, NULL);
	} else {
		priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
		if (priv_key == NULL)
			return 0;
		ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
		ASN1_INTEGER_free(priv_key);
		if (ret == 0) {
			GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
			return 0;
		}
	}

	ec = pk->pkey.gost;
	if (ec == NULL) {
		ec = GOST_KEY_new();







<
|














|















|







408
409
410
411
412
413
414

415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
	ASN1_STRING *pval = NULL;

	if (PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf) == 0)
		return 0;
	(void)EVP_PKEY_assign_GOST(pk, NULL);
	X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
	if (ptype != V_ASN1_SEQUENCE) {

		GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
		return 0;
	}
	p = pval->data;
	if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
		return 0;
	p = pkey_buf;
	if (V_ASN1_OCTET_STRING == *p) {
		/* New format - Little endian octet string */
		unsigned char rev_buf[32];
		int i;
		ASN1_OCTET_STRING *s =
		    d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);

		if (s == NULL || s->length != 32) {
			GOSTerror(EVP_R_DECODE_ERROR);
			ASN1_STRING_free(s);
			return 0;
		}
		for (i = 0; i < 32; i++) {
			rev_buf[31 - i] = s->data[i];
		}
		ASN1_STRING_free(s);
		pk_num = BN_bin2bn(rev_buf, 32, NULL);
	} else {
		priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
		if (priv_key == NULL)
			return 0;
		ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
		ASN1_INTEGER_free(priv_key);
		if (ret == 0) {
			GOSTerror(EVP_R_DECODE_ERROR);
			return 0;
		}
	}

	ec = pk->pkey.gost;
	if (ec == NULL) {
		ec = GOST_KEY_new();
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575

	/* New format */
	if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
		return decode_gost01_algor_params(pkey, pder, derlen);

	/* Compatibility */
	if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	nid = OBJ_obj2nid(obj);
	ASN1_OBJECT_free(obj);

	ec = GOST_KEY_new();
	if (ec == NULL) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	group = EC_GROUP_new_by_curve_name(nid);
	if (group == NULL) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01,
		    EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
		GOST_KEY_free(ec);
		return 0;
	}

	EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
	if (GOST_KEY_set_group(ec, group) == 0) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
		EC_GROUP_free(group);
		GOST_KEY_free(ec);
		return 0;
	}
	EC_GROUP_free(group);
	if (GOST_KEY_set_digest(ec,
	    NID_id_GostR3411_94_CryptoProParamSet) == 0) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
		GOST_KEY_free(ec);
		return 0;
	}
	ret = EVP_PKEY_assign_GOST(pkey, ec);
	if (ret == 0)
		GOST_KEY_free(ec);
	return ret;







|







|




<
|






|







|







524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543

544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566

	/* New format */
	if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
		return decode_gost01_algor_params(pkey, pder, derlen);

	/* Compatibility */
	if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	nid = OBJ_obj2nid(obj);
	ASN1_OBJECT_free(obj);

	ec = GOST_KEY_new();
	if (ec == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	group = EC_GROUP_new_by_curve_name(nid);
	if (group == NULL) {

		GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
		GOST_KEY_free(ec);
		return 0;
	}

	EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
	if (GOST_KEY_set_group(ec, group) == 0) {
		GOSTerror(ERR_R_EC_LIB);
		EC_GROUP_free(group);
		GOST_KEY_free(ec);
		return 0;
	}
	EC_GROUP_free(group);
	if (GOST_KEY_set_digest(ec,
	    NID_id_GostR3411_94_CryptoProParamSet) == 0) {
		GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
		GOST_KEY_free(ec);
		return 0;
	}
	ret = EVP_PKEY_assign_GOST(pkey, ec);
	if (ret == 0)
		GOST_KEY_free(ec);
	return ret;
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
{
	GOST_KEY *eto = to->pkey.gost;
	const GOST_KEY *efrom = from->pkey.gost;
	int ret = 1;

	if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
		GOSTerr(GOST_F_PARAM_COPY_GOST01,
		    GOST_R_INCOMPATIBLE_ALGORITHMS);
		return 0;
	}
	if (efrom == NULL) {
		GOSTerr(GOST_F_PARAM_COPY_GOST01,
		    GOST_R_KEY_PARAMETERS_MISSING);
		return 0;
	}
	if (eto == NULL) {
		eto = GOST_KEY_new();
		if (eto == NULL) {
			GOSTerr(GOST_F_PARAM_COPY_GOST01,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) {
			GOST_KEY_free(eto);
			return 0;
		}
	}







<
|



<
|





<
|







584
585
586
587
588
589
590

591
592
593
594

595
596
597
598
599
600

601
602
603
604
605
606
607
608
param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
{
	GOST_KEY *eto = to->pkey.gost;
	const GOST_KEY *efrom = from->pkey.gost;
	int ret = 1;

	if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {

		GOSTerror(GOST_R_INCOMPATIBLE_ALGORITHMS);
		return 0;
	}
	if (efrom == NULL) {

		GOSTerror(GOST_R_KEY_PARAMETERS_MISSING);
		return 0;
	}
	if (eto == NULL) {
		eto = GOST_KEY_new();
		if (eto == NULL) {

			GOSTerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) {
			GOST_KEY_free(eto);
			return 0;
		}
	}
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
		break;

	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
		if (arg1 == 0)
			PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
		break;
#ifndef OPENSSL_NO_CMS
	case ASN1_PKEY_CTRL_CMS_SIGN:
		if (arg1 == 0)
			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
		break;

	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
		if (arg1 == 0)
			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
		break;
#endif
	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *)arg2 = GostR3410_get_md_digest(digest);
		return 2;

	default:
		return -2;
	}







<
<
<
<
<
<
<
<
<
<
<







640
641
642
643
644
645
646











647
648
649
650
651
652
653
			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
		break;

	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
		if (arg1 == 0)
			PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
		break;











	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *)arg2 = GostR3410_get_md_digest(digest);
		return 2;

	default:
		return -2;
	}
Changes to jni/libressl/crypto/gost/gostr341001_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_key.c,v 1.5 2015/02/14 06:40:04 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_key.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
GOST_KEY *
GOST_KEY_new(void)
{
	GOST_KEY *ret;

	ret = malloc(sizeof(GOST_KEY));
	if (ret == NULL) {
		GOSTerr(GOST_F_GOST_KEY_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->group = NULL;
	ret->pub_key = NULL;
	ret->priv_key = NULL;
	ret->references = 1;
	ret->digest_nid = NID_undef;







|







74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
GOST_KEY *
GOST_KEY_new(void)
{
	GOST_KEY *ret;

	ret = malloc(sizeof(GOST_KEY));
	if (ret == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->group = NULL;
	ret->pub_key = NULL;
	ret->priv_key = NULL;
	ret->references = 1;
	ret->digest_nid = NID_undef;
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
{
	int ok = 0;
	BN_CTX *ctx = NULL;
	BIGNUM *order = NULL;
	EC_POINT *point = NULL;

	if (key == NULL || key->group == NULL || key->pub_key == NULL) {
		GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) {
		GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
		goto err;
	}
	if ((ctx = BN_CTX_new()) == NULL)
		goto err;
	if ((point = EC_POINT_new(key->group)) == NULL)
		goto err;

	/* testing whether the pub_key is on the elliptic curve */
	if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
		GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	/* testing whether pub_key * order is the point at infinity */
	if ((order = BN_new()) == NULL)
		goto err;
	if (EC_GROUP_get_order(key->group, order, ctx) == 0) {
		GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order,
	    ctx) == 0) {
		GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
		goto err;
	}
	if (EC_POINT_is_at_infinity(key->group, point) == 0) {
		GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
		goto err;
	}
	/*
	 * in case the priv_key is present : check if generator * priv_key ==
	 * pub_key
	 */
	if (key->priv_key != NULL) {
		if (BN_cmp(key->priv_key, order) >= 0) {
			GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
			goto err;
		}
		if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL,
		    ctx) == 0) {
			GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
			goto err;
		}
		if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
			GOSTerr(GOST_F_GOST_KEY_CHECK_KEY,
			    EC_R_INVALID_PRIVATE_KEY);
			goto err;
		}
	}
	ok = 1;
err:
	BN_free(order);
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	return (ok);
}

int
GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
{
	BN_CTX *ctx = NULL;
	BIGNUM *tx, *ty;
	EC_POINT *point = NULL;
	int ok = 0;

	if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
		GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
		    ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;

	point = EC_POINT_new(key->group);







|



|









|






|




|



|








|




|



<
|




















<
|







114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189

190
191
192
193
194
195
196
197
{
	int ok = 0;
	BN_CTX *ctx = NULL;
	BIGNUM *order = NULL;
	EC_POINT *point = NULL;

	if (key == NULL || key->group == NULL || key->pub_key == NULL) {
		GOSTerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) {
		GOSTerror(EC_R_POINT_AT_INFINITY);
		goto err;
	}
	if ((ctx = BN_CTX_new()) == NULL)
		goto err;
	if ((point = EC_POINT_new(key->group)) == NULL)
		goto err;

	/* testing whether the pub_key is on the elliptic curve */
	if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
		GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE);
		goto err;
	}
	/* testing whether pub_key * order is the point at infinity */
	if ((order = BN_new()) == NULL)
		goto err;
	if (EC_GROUP_get_order(key->group, order, ctx) == 0) {
		GOSTerror(EC_R_INVALID_GROUP_ORDER);
		goto err;
	}
	if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order,
	    ctx) == 0) {
		GOSTerror(ERR_R_EC_LIB);
		goto err;
	}
	if (EC_POINT_is_at_infinity(key->group, point) == 0) {
		GOSTerror(EC_R_WRONG_ORDER);
		goto err;
	}
	/*
	 * in case the priv_key is present : check if generator * priv_key ==
	 * pub_key
	 */
	if (key->priv_key != NULL) {
		if (BN_cmp(key->priv_key, order) >= 0) {
			GOSTerror(EC_R_WRONG_ORDER);
			goto err;
		}
		if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL,
		    ctx) == 0) {
			GOSTerror(ERR_R_EC_LIB);
			goto err;
		}
		if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {

			GOSTerror(EC_R_INVALID_PRIVATE_KEY);
			goto err;
		}
	}
	ok = 1;
err:
	BN_free(order);
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	return (ok);
}

int
GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
{
	BN_CTX *ctx = NULL;
	BIGNUM *tx, *ty;
	EC_POINT *point = NULL;
	int ok = 0;

	if (key == NULL || key->group == NULL || x == NULL || y == NULL) {

		GOSTerror(ERR_R_PASSED_NULL_PARAMETER);
		return 0;
	}
	ctx = BN_CTX_new();
	if (ctx == NULL)
		goto err;

	point = EC_POINT_new(key->group);
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
	    ctx) == 0)
		goto err;
	/*
	 * Check if retrieved coordinates match originals: if not, values are
	 * out of range.
	 */
	if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
		GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
		    EC_R_COORDINATES_OUT_OF_RANGE);
		goto err;
	}
	if (GOST_KEY_set_public_key(key, point) == 0)
		goto err;

	if (GOST_KEY_check_key(key) == 0)
		goto err;







<
|







209
210
211
212
213
214
215

216
217
218
219
220
221
222
223
	    ctx) == 0)
		goto err;
	/*
	 * Check if retrieved coordinates match originals: if not, values are
	 * out of range.
	 */
	if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {

		GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE);
		goto err;
	}
	if (GOST_KEY_set_public_key(key, point) == 0)
		goto err;

	if (GOST_KEY_check_key(key) == 0)
		goto err;
Changes to jni/libressl/crypto/gost/gostr341001_params.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_params.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_params.c,v 1.3 2015/07/20 22:42:56 bcook Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/gost/gostr341001_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_pmeth.c,v 1.11 2015/02/14 06:40:04 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341001_pmeth.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
static ECDSA_SIG *
unpack_signature_cp(const unsigned char *sig, size_t siglen)
{
	ECDSA_SIG *s;

	s = ECDSA_SIG_new();
	if (s == NULL) {
		GOSTerr(GOST_F_UNPACK_SIGNATURE_CP, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	BN_bin2bn(sig, siglen / 2, s->s);
	BN_bin2bn(sig + siglen / 2, siglen / 2, s->r);
	return s;
}








|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
static ECDSA_SIG *
unpack_signature_cp(const unsigned char *sig, size_t siglen)
{
	ECDSA_SIG *s;

	s = ECDSA_SIG_new();
	if (s == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	BN_bin2bn(sig, siglen / 2, s->s);
	BN_bin2bn(sig + siglen / 2, siglen / 2, s->r);
	return s;
}

102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
static ECDSA_SIG *
unpack_signature_le(const unsigned char *sig, size_t siglen)
{
	ECDSA_SIG *s;

	s = ECDSA_SIG_new();
	if (s == NULL) {
		GOSTerr(GOST_F_UNPACK_SIGNATURE_LE, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	GOST_le2bn(sig, siglen / 2, s->r);
	GOST_le2bn(sig + siglen / 2, siglen / 2, s->s);
	return s;
}








|







102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
static ECDSA_SIG *
unpack_signature_le(const unsigned char *sig, size_t siglen)
{
	ECDSA_SIG *s;

	s = ECDSA_SIG_new();
	if (s == NULL) {
		GOSTerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	GOST_le2bn(sig, siglen / 2, s->r);
	GOST_le2bn(sig + siglen / 2, siglen / 2, s->s);
	return s;
}

186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
	struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
	EC_GROUP *group = NULL;
	GOST_KEY *gost = NULL;
	int ret = 0;

	if (data->sign_param_nid == NID_undef ||
	    data->digest_nid == NID_undef) {
		GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
		return 0;
	}

	group = EC_GROUP_new_by_curve_name(data->sign_param_nid);
	if (group == NULL)
		goto done;








|







186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
	struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
	EC_GROUP *group = NULL;
	GOST_KEY *gost = NULL;
	int ret = 0;

	if (data->sign_param_nid == NID_undef ||
	    data->digest_nid == NID_undef) {
		GOSTerror(GOST_R_NO_PARAMETERS_SET);
		return 0;
	}

	group = EC_GROUP_new_by_curve_name(data->sign_param_nid);
	if (group == NULL)
		goto done;

242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260

	if (siglen == NULL)
		return 0;
	if (sig == NULL) {
		*siglen = 2 * size;
		return 1;
	} else if (*siglen < 2 * size) {
		GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	if (tbs_len != 32 && tbs_len != 64) {
		GOSTerr(GOST_F_PKEY_GOST01_SIGN, EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}
	md = GOST_le2bn(tbs, tbs_len, NULL);
	if (md == NULL)
		return 0;
	unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost);
	BN_free(md);







|



|







242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260

	if (siglen == NULL)
		return 0;
	if (sig == NULL) {
		*siglen = 2 * size;
		return 1;
	} else if (*siglen < 2 * size) {
		GOSTerror(EC_R_BUFFER_TOO_SMALL);
		return 0;
	}
	if (tbs_len != 32 && tbs_len != 64) {
		GOSTerror(EVP_R_BAD_BLOCK_LENGTH);
		return 0;
	}
	md = GOST_le2bn(tbs, tbs_len, NULL);
	if (md == NULL)
		return 0;
	unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost);
	BN_free(md);
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448

	if (key == NULL) {
		*key_len = 32;
		return 1;
	}
	gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
	if (gkt == NULL) {
		GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
		    GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
		return -1;
	}

	/* If key transport structure contains public key, use it */
	eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
	if (eph_key != NULL) {
		if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
			GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
			    GOST_R_INCOMPATIBLE_PEER_KEY);
			goto err;
		}
	} else {
		/* Set control "public key from client certificate used" */
		if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
		    NULL) <= 0) {
			GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
			    GOST_R_CTRL_CALL_FAILED);
			goto err;
		}
	}
	peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
	if (peerkey == NULL) {
		GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_NO_PEER_KEY);
		goto err;
	}

	nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);

	if (gkt->key_agreement_info->eph_iv->length != 8) {
		GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
		    GOST_R_INVALID_IV_LENGTH);
		goto err;
	}
	memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
	if (gkt->key_info->encrypted_key->length != 32) {
		GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
		    EVP_R_BAD_KEY_LENGTH);
		goto err;
	}
	memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
	if (gkt->key_info->imit->length != 4) {
		GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
		    ERR_R_INTERNAL_ERROR);
		goto err;
	}
	memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
	if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0)
		goto err;
	if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) {
		GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
		    GOST_R_ERROR_COMPUTING_SHARED_KEY);
		goto err;
	}

	ret = 1;
err:
	EVP_PKEY_free(eph_key);
	GOST_KEY_TRANSPORT_free(gkt);







<
|







<
|






<
|





|






<
|




<
|




<
|






<
|







382
383
384
385
386
387
388

389
390
391
392
393
394
395
396

397
398
399
400
401
402
403

404
405
406
407
408
409
410
411
412
413
414
415
416

417
418
419
420
421

422
423
424
425
426

427
428
429
430
431
432
433

434
435
436
437
438
439
440
441

	if (key == NULL) {
		*key_len = 32;
		return 1;
	}
	gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
	if (gkt == NULL) {

		GOSTerror(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
		return -1;
	}

	/* If key transport structure contains public key, use it */
	eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
	if (eph_key != NULL) {
		if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {

			GOSTerror(GOST_R_INCOMPATIBLE_PEER_KEY);
			goto err;
		}
	} else {
		/* Set control "public key from client certificate used" */
		if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
		    NULL) <= 0) {

			GOSTerror(GOST_R_CTRL_CALL_FAILED);
			goto err;
		}
	}
	peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
	if (peerkey == NULL) {
		GOSTerror(GOST_R_NO_PEER_KEY);
		goto err;
	}

	nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);

	if (gkt->key_agreement_info->eph_iv->length != 8) {

		GOSTerror(GOST_R_INVALID_IV_LENGTH);
		goto err;
	}
	memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
	if (gkt->key_info->encrypted_key->length != 32) {

		GOSTerror(EVP_R_BAD_KEY_LENGTH);
		goto err;
	}
	memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
	if (gkt->key_info->imit->length != 4) {

		GOSTerror(ERR_R_INTERNAL_ERROR);
		goto err;
	}
	memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
	if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0)
		goto err;
	if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) {

		GOSTerror(GOST_R_ERROR_COMPUTING_SHARED_KEY);
		goto err;
	}

	ret = 1;
err:
	EVP_PKEY_free(eph_key);
	GOST_KEY_TRANSPORT_free(gkt);
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
	 * ukm is in the algorithm specific context data
	 */
	EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
	EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
	struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);

	if (data->shared_ukm == NULL) {
		GOSTerr(GOST_F_PKEY_GOST01_DERIVE, GOST_R_UKM_NOT_SET);
		return 0;
	}

	if (key == NULL) {
		*keylen = 32;
		return 32;
	}







|







451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
	 * ukm is in the algorithm specific context data
	 */
	EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
	EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
	struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);

	if (data->shared_ukm == NULL) {
		GOSTerror(GOST_R_UKM_NOT_SET);
		return 0;
	}

	if (key == NULL) {
		*keylen = 32;
		return 32;
	}
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
	} else /* if (out != NULL) */ {
		arc4random_buf(ukm, 8);
	}
	/* Check for private key in the peer_key of context */
	if (sec_key) {
		key_is_ephemeral = 0;
		if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) {
			GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
			    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
			goto err;
		}
	} else {
		key_is_ephemeral = 1;
		if (out != NULL) {
			GOST_KEY *tmp_key;








<
|







489
490
491
492
493
494
495

496
497
498
499
500
501
502
503
	} else /* if (out != NULL) */ {
		arc4random_buf(ukm, 8);
	}
	/* Check for private key in the peer_key of context */
	if (sec_key) {
		key_is_ephemeral = 0;
		if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) {

			GOSTerror(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
			goto err;
		}
	} else {
		key_is_ephemeral = 1;
		if (out != NULL) {
			GOST_KEY *tmp_key;

544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
		goto err;
	if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8,
	    32) == 0)
		goto err;
	if (key_is_ephemeral) {
		if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,
		    out != NULL ? sec_key : pubk) == 0) {
			GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
			    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
			goto err;
		}
	}
	ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
	gkt->key_agreement_info->cipher = OBJ_nid2obj(nid);
	if (key_is_ephemeral)
		EVP_PKEY_free(sec_key);
	else {
		/* Set control "public key from client certificate used" */
		if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
		    NULL) <= 0) {
			GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
			    GOST_R_CTRL_CALL_FAILED);
			goto err;
		}
	}
	if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
		ret = 1;
	GOST_KEY_TRANSPORT_free(gkt);
	return ret;







<
|











<
|







536
537
538
539
540
541
542

543
544
545
546
547
548
549
550
551
552
553
554

555
556
557
558
559
560
561
562
		goto err;
	if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8,
	    32) == 0)
		goto err;
	if (key_is_ephemeral) {
		if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,
		    out != NULL ? sec_key : pubk) == 0) {

			GOSTerror(GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
			goto err;
		}
	}
	ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
	gkt->key_agreement_info->cipher = OBJ_nid2obj(nid);
	if (key_is_ephemeral)
		EVP_PKEY_free(sec_key);
	else {
		/* Set control "public key from client certificate used" */
		if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
		    NULL) <= 0) {

			GOSTerror(GOST_R_CTRL_CALL_FAILED);
			goto err;
		}
	}
	if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
		ret = 1;
	GOST_KEY_TRANSPORT_free(gkt);
	return ret;
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
{
	struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);

	switch (type) {
	case EVP_PKEY_CTRL_MD:
		if (EVP_MD_type(p2) !=
		    GostR3410_get_md_digest(pctx->digest_nid)) {
			GOSTerr(GOST_F_PKEY_GOST01_CTRL,
			    GOST_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		pctx->md = p2;
		return 1;
	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
	case EVP_PKEY_CTRL_PKCS7_SIGN:
	case EVP_PKEY_CTRL_DIGESTINIT:
#ifndef OPENSSL_NO_CMS
	case EVP_PKEY_CTRL_CMS_ENCRYPT:
	case EVP_PKEY_CTRL_CMS_DECRYPT:
	case EVP_PKEY_CTRL_CMS_SIGN:
#endif
		return 1;

	case EVP_PKEY_CTRL_GOST_PARAMSET:
		pctx->sign_param_nid = (int)p1;
		return 1;

	case EVP_PKEY_CTRL_SET_IV:
	    {
		char *ukm = malloc(p1);

		if (ukm == NULL) {
			GOSTerr(GOST_F_PKEY_GOST01_CTRL,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		memcpy(ukm, p2, p1);
		free(pctx->shared_ukm);
		pctx->shared_ukm = ukm;
		return 1;
	    }







<
|








<
<
<
<
<











<
|







574
575
576
577
578
579
580

581
582
583
584
585
586
587
588
589





590
591
592
593
594
595
596
597
598
599
600

601
602
603
604
605
606
607
608
{
	struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);

	switch (type) {
	case EVP_PKEY_CTRL_MD:
		if (EVP_MD_type(p2) !=
		    GostR3410_get_md_digest(pctx->digest_nid)) {

			GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
			return 0;
		}
		pctx->md = p2;
		return 1;
	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
	case EVP_PKEY_CTRL_PKCS7_SIGN:
	case EVP_PKEY_CTRL_DIGESTINIT:





		return 1;

	case EVP_PKEY_CTRL_GOST_PARAMSET:
		pctx->sign_param_nid = (int)p1;
		return 1;

	case EVP_PKEY_CTRL_SET_IV:
	    {
		char *ukm = malloc(p1);

		if (ukm == NULL) {

			GOSTerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		memcpy(ukm, p2, p1);
		free(pctx->shared_ukm);
		pctx->shared_ukm = ukm;
		return 1;
	    }
Changes to jni/libressl/crypto/gost/gostr341194.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341194.c,v 1.4 2015/07/15 17:13:17 beck Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gostr341194.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/gost/streebog.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: streebog.c,v 1.4 2014/12/07 16:33:51 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: streebog.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
Changes to jni/libressl/crypto/hmac/hm_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: hm_ameth.c,v 1.9 2015/07/20 15:45:29 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
/* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: hm_ameth.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
/* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/hmac/hm_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: hm_pmeth.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
/* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: hm_pmeth.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
/* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/hmac/hmac.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: hmac.c,v 1.21 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: hmac.c,v 1.24 2017/03/03 10:39:07 inoguchi Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
65
66
67
68
69
70
71




72
73
74
75
76
77


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

int
HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
    ENGINE *impl)
{
	int i, j, reset = 0;
	unsigned char pad[HMAC_MAX_MD_CBLOCK];





	if (md != NULL) {
		reset = 1;
		ctx->md = md;
	} else
		md = ctx->md;



	if (key != NULL) {
		reset = 1;
		j = EVP_MD_block_size(md);
		if ((size_t)j > sizeof(ctx->key)) {
			EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_BAD_BLOCK_LENGTH);
			goto err;
		}
		if (j < len) {
			if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
				goto err;
			if (!EVP_DigestUpdate(&ctx->md_ctx, key, len))
				goto err;
			if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key,
			    &ctx->key_length))
				goto err;
		} else {
			if ((size_t)len > sizeof(ctx->key)) {
				EVPerr(EVP_F_HMAC_INIT_EX,
				    EVP_R_BAD_KEY_LENGTH);
				goto err;
			}
			memcpy(ctx->key, key, len);
			ctx->key_length = len;
		}
		if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
			memset(&ctx->key[ctx->key_length], 0,







>
>
>
>




|

>
>





|











|
<
|







65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

102
103
104
105
106
107
108
109

int
HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
    ENGINE *impl)
{
	int i, j, reset = 0;
	unsigned char pad[HMAC_MAX_MD_CBLOCK];

	/* If we are changing MD then we must have a key */
	if (md != NULL && md != ctx->md && (key == NULL || len < 0))
		return 0;

	if (md != NULL) {
		reset = 1;
		ctx->md = md;
	} else if (ctx->md != NULL)
		md = ctx->md;
	else
		return 0;

	if (key != NULL) {
		reset = 1;
		j = EVP_MD_block_size(md);
		if ((size_t)j > sizeof(ctx->key)) {
			EVPerror(EVP_R_BAD_BLOCK_LENGTH);
			goto err;
		}
		if (j < len) {
			if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
				goto err;
			if (!EVP_DigestUpdate(&ctx->md_ctx, key, len))
				goto err;
			if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key,
			    &ctx->key_length))
				goto err;
		} else {
			if (len < 0 || (size_t)len > sizeof(ctx->key)) {

				EVPerror(EVP_R_BAD_KEY_LENGTH);
				goto err;
			}
			memcpy(ctx->key, key, len);
			ctx->key_length = len;
		}
		if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
			memset(&ctx->key[ctx->key_length], 0,
134
135
136
137
138
139
140



141
142
143
144
145
146
147
148



149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

169
170
171
172
173
174
175
		HMAC_CTX_init(ctx);
	return HMAC_Init_ex(ctx, key, len, md, NULL);
}

int
HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
{



	return EVP_DigestUpdate(&ctx->md_ctx, data, len);
}

int
HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
{
	unsigned int i;
	unsigned char buf[EVP_MAX_MD_SIZE];




	if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
		goto err;
	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
		goto err;
	if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i))
		goto err;
	if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len))
		goto err;
	return 1;
err:
	return 0;
}

void
HMAC_CTX_init(HMAC_CTX *ctx)
{
	EVP_MD_CTX_init(&ctx->i_ctx);
	EVP_MD_CTX_init(&ctx->o_ctx);
	EVP_MD_CTX_init(&ctx->md_ctx);

}

int
HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
{
	if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
		goto err;







>
>
>








>
>
>




















>







139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
		HMAC_CTX_init(ctx);
	return HMAC_Init_ex(ctx, key, len, md, NULL);
}

int
HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
{
	if (ctx->md == NULL)
		return 0;

	return EVP_DigestUpdate(&ctx->md_ctx, data, len);
}

int
HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
{
	unsigned int i;
	unsigned char buf[EVP_MAX_MD_SIZE];

	if (ctx->md == NULL)
		goto err;

	if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
		goto err;
	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
		goto err;
	if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i))
		goto err;
	if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len))
		goto err;
	return 1;
err:
	return 0;
}

void
HMAC_CTX_init(HMAC_CTX *ctx)
{
	EVP_MD_CTX_init(&ctx->i_ctx);
	EVP_MD_CTX_init(&ctx->o_ctx);
	EVP_MD_CTX_init(&ctx->md_ctx);
	ctx->md = NULL;
}

int
HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
{
	if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
		goto err;
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

void
HMAC_CTX_cleanup(HMAC_CTX *ctx)
{
	EVP_MD_CTX_cleanup(&ctx->i_ctx);
	EVP_MD_CTX_cleanup(&ctx->o_ctx);
	EVP_MD_CTX_cleanup(&ctx->md_ctx);
	memset(ctx, 0, sizeof *ctx);
}

unsigned char *
HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
    size_t n, unsigned char *md, unsigned int *md_len)
{
	HMAC_CTX c;







|







199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

void
HMAC_CTX_cleanup(HMAC_CTX *ctx)
{
	EVP_MD_CTX_cleanup(&ctx->i_ctx);
	EVP_MD_CTX_cleanup(&ctx->o_ctx);
	EVP_MD_CTX_cleanup(&ctx->md_ctx);
	explicit_bzero(ctx, sizeof(*ctx));
}

unsigned char *
HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
    size_t n, unsigned char *md, unsigned int *md_len)
{
	HMAC_CTX c;
209
210
211
212
213
214
215

216
217
218
219
220
221
222
223
224
225
	if (!HMAC_Update(&c, d, n))
		goto err;
	if (!HMAC_Final(&c, md, md_len))
		goto err;
	HMAC_CTX_cleanup(&c);
	return md;
err:

	return NULL;
}

void
HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
{
	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
}







>










221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
	if (!HMAC_Update(&c, d, n))
		goto err;
	if (!HMAC_Final(&c, md, md_len))
		goto err;
	HMAC_CTX_cleanup(&c);
	return md;
err:
	HMAC_CTX_cleanup(&c);
	return NULL;
}

void
HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
{
	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
}
Changes to jni/libressl/crypto/idea/i_cbc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i_cbc.c,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i_cbc.c,v 1.3 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/idea/i_cfb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i_cfb64.c,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i_cfb64.c,v 1.3 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/idea/i_ecb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i_ecb.c,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i_ecb.c,v 1.3 2014/07/09 11:10:51 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/idea/i_ofb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i_ofb64.c,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i_ofb64.c,v 1.3 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/idea/i_skey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: i_skey.c,v 1.3 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: i_skey.c,v 1.4 2014/10/28 07:35:58 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/idea/idea_lcl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: idea_lcl.h,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: idea_lcl.h,v 1.3 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Deleted jni/libressl/crypto/krb5/krb5_asn.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
/* $OpenBSD: krb5_asn.c,v 1.3 2015/02/09 16:04:46 jsing Exp $ */
/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
** using ocsp/{*.h,*asn*.c} as a starting point
*/
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/krb5_asn.h>


static const ASN1_TEMPLATE KRB5_ENCDATA_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_ENCDATA, etype),
		.field_name = "etype",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
		.tag = 1,
		.offset = offsetof(KRB5_ENCDATA, kvno),
		.field_name = "kvno",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 2,
		.offset = offsetof(KRB5_ENCDATA, cipher),
		.field_name = "cipher",
		.item = &ASN1_OCTET_STRING_it,
	},
};

const ASN1_ITEM KRB5_ENCDATA_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_ENCDATA_seq_tt,
	.tcount = sizeof(KRB5_ENCDATA_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_ENCDATA),
	.sname = "KRB5_ENCDATA",
};


KRB5_ENCDATA *
d2i_KRB5_ENCDATA(KRB5_ENCDATA **a, const unsigned char **in, long len)
{
	return (KRB5_ENCDATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_ENCDATA_it);
}

int
i2d_KRB5_ENCDATA(KRB5_ENCDATA *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_ENCDATA_it);
}

KRB5_ENCDATA *
KRB5_ENCDATA_new(void)
{
	return (KRB5_ENCDATA *)ASN1_item_new(&KRB5_ENCDATA_it);
}

void
KRB5_ENCDATA_free(KRB5_ENCDATA *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_ENCDATA_it);
}


static const ASN1_TEMPLATE KRB5_PRINCNAME_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_PRINCNAME, nametype),
		.field_name = "nametype",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
		.tag = 1,
		.offset = offsetof(KRB5_PRINCNAME, namestring),
		.field_name = "namestring",
		.item = &ASN1_GENERALSTRING_it,
	},
};

const ASN1_ITEM KRB5_PRINCNAME_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_PRINCNAME_seq_tt,
	.tcount = sizeof(KRB5_PRINCNAME_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_PRINCNAME),
	.sname = "KRB5_PRINCNAME",
};


KRB5_PRINCNAME *
d2i_KRB5_PRINCNAME(KRB5_PRINCNAME **a, const unsigned char **in, long len)
{
	return (KRB5_PRINCNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_PRINCNAME_it);
}

int
i2d_KRB5_PRINCNAME(KRB5_PRINCNAME *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_PRINCNAME_it);
}

KRB5_PRINCNAME *
KRB5_PRINCNAME_new(void)
{
	return (KRB5_PRINCNAME *)ASN1_item_new(&KRB5_PRINCNAME_it);
}

void
KRB5_PRINCNAME_free(KRB5_PRINCNAME *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_PRINCNAME_it);
}


/* [APPLICATION 1] = 0x61 */
static const ASN1_TEMPLATE KRB5_TKTBODY_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_TKTBODY, tktvno),
		.field_name = "tktvno",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 1,
		.offset = offsetof(KRB5_TKTBODY, realm),
		.field_name = "realm",
		.item = &ASN1_GENERALSTRING_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 2,
		.offset = offsetof(KRB5_TKTBODY, sname),
		.field_name = "sname",
		.item = &KRB5_PRINCNAME_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 3,
		.offset = offsetof(KRB5_TKTBODY, encdata),
		.field_name = "encdata",
		.item = &KRB5_ENCDATA_it,
	},
};

const ASN1_ITEM KRB5_TKTBODY_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_TKTBODY_seq_tt,
	.tcount = sizeof(KRB5_TKTBODY_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_TKTBODY),
	.sname = "KRB5_TKTBODY",
};


KRB5_TKTBODY *
d2i_KRB5_TKTBODY(KRB5_TKTBODY **a, const unsigned char **in, long len)
{
	return (KRB5_TKTBODY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_TKTBODY_it);
}

int
i2d_KRB5_TKTBODY(KRB5_TKTBODY *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_TKTBODY_it);
}

KRB5_TKTBODY *
KRB5_TKTBODY_new(void)
{
	return (KRB5_TKTBODY *)ASN1_item_new(&KRB5_TKTBODY_it);
}

void
KRB5_TKTBODY_free(KRB5_TKTBODY *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_TKTBODY_it);
}


static const ASN1_TEMPLATE KRB5_TICKET_item_tt =  {
	.flags = ASN1_TFLG_EXPTAG | ASN1_TFLG_APPLICATION,
	.tag = 1,
	.offset = 0,
	.field_name = "KRB5_TICKET",
	.item = &KRB5_TKTBODY_it,
};

const ASN1_ITEM KRB5_TICKET_it = {
	.itype = ASN1_ITYPE_PRIMITIVE,
	.utype = -1,
	.templates = &KRB5_TICKET_item_tt,
	.tcount = 0,
	.funcs = NULL,
	.size = 0,
	.sname = "KRB5_TICKET",
};


KRB5_TICKET *
d2i_KRB5_TICKET(KRB5_TICKET **a, const unsigned char **in, long len)
{
	return (KRB5_TICKET *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_TICKET_it);
}

int
i2d_KRB5_TICKET(KRB5_TICKET *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_TICKET_it);
}

KRB5_TICKET *
KRB5_TICKET_new(void)
{
	return (KRB5_TICKET *)ASN1_item_new(&KRB5_TICKET_it);
}

void
KRB5_TICKET_free(KRB5_TICKET *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_TICKET_it);
}


/* [APPLICATION 14] = 0x6e */
static const ASN1_TEMPLATE KRB5_APREQBODY_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_APREQBODY, pvno),
		.field_name = "pvno",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 1,
		.offset = offsetof(KRB5_APREQBODY, msgtype),
		.field_name = "msgtype",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 2,
		.offset = offsetof(KRB5_APREQBODY, apoptions),
		.field_name = "apoptions",
		.item = &ASN1_BIT_STRING_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 3,
		.offset = offsetof(KRB5_APREQBODY, ticket),
		.field_name = "ticket",
		.item = &KRB5_TICKET_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 4,
		.offset = offsetof(KRB5_APREQBODY, authenticator),
		.field_name = "authenticator",
		.item = &KRB5_ENCDATA_it,
	},
};

const ASN1_ITEM KRB5_APREQBODY_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_APREQBODY_seq_tt,
	.tcount = sizeof(KRB5_APREQBODY_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_APREQBODY),
	.sname = "KRB5_APREQBODY",
};


KRB5_APREQBODY *
d2i_KRB5_APREQBODY(KRB5_APREQBODY **a, const unsigned char **in, long len)
{
	return (KRB5_APREQBODY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_APREQBODY_it);
}

int
i2d_KRB5_APREQBODY(KRB5_APREQBODY *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_APREQBODY_it);
}

KRB5_APREQBODY *
KRB5_APREQBODY_new(void)
{
	return (KRB5_APREQBODY *)ASN1_item_new(&KRB5_APREQBODY_it);
}

void
KRB5_APREQBODY_free(KRB5_APREQBODY *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_APREQBODY_it);
}

static const ASN1_TEMPLATE KRB5_APREQ_item_tt =  {
	.flags = ASN1_TFLG_EXPTAG | ASN1_TFLG_APPLICATION,
	.tag = 14,
	.offset = 0,
	.field_name = "KRB5_APREQ",
	.item = &KRB5_APREQBODY_it,
};

const ASN1_ITEM KRB5_APREQ_it = {
	.itype = ASN1_ITYPE_PRIMITIVE,
	.utype = -1,
	.templates = &KRB5_APREQ_item_tt,
	.tcount = 0,
	.funcs = NULL,
	.size = 0,
	.sname = "KRB5_APREQ",
};


KRB5_APREQ *
d2i_KRB5_APREQ(KRB5_APREQ **a, const unsigned char **in, long len)
{
	return (KRB5_APREQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_APREQ_it);
}

int
i2d_KRB5_APREQ(KRB5_APREQ *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_APREQ_it);
}

KRB5_APREQ *
KRB5_APREQ_new(void)
{
	return (KRB5_APREQ *)ASN1_item_new(&KRB5_APREQ_it);
}

void
KRB5_APREQ_free(KRB5_APREQ *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_APREQ_it);
}


/*  Authenticator stuff 	*/

static const ASN1_TEMPLATE KRB5_CHECKSUM_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_CHECKSUM, ctype),
		.field_name = "ctype",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 1,
		.offset = offsetof(KRB5_CHECKSUM, checksum),
		.field_name = "checksum",
		.item = &ASN1_OCTET_STRING_it,
	},
};

const ASN1_ITEM KRB5_CHECKSUM_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_CHECKSUM_seq_tt,
	.tcount = sizeof(KRB5_CHECKSUM_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_CHECKSUM),
	.sname = "KRB5_CHECKSUM",
};


KRB5_CHECKSUM *
d2i_KRB5_CHECKSUM(KRB5_CHECKSUM **a, const unsigned char **in, long len)
{
	return (KRB5_CHECKSUM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_CHECKSUM_it);
}

int
i2d_KRB5_CHECKSUM(KRB5_CHECKSUM *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_CHECKSUM_it);
}

KRB5_CHECKSUM *
KRB5_CHECKSUM_new(void)
{
	return (KRB5_CHECKSUM *)ASN1_item_new(&KRB5_CHECKSUM_it);
}

void
KRB5_CHECKSUM_free(KRB5_CHECKSUM *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_CHECKSUM_it);
}


static const ASN1_TEMPLATE KRB5_ENCKEY_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_ENCKEY, ktype),
		.field_name = "ktype",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 1,
		.offset = offsetof(KRB5_ENCKEY, keyvalue),
		.field_name = "keyvalue",
		.item = &ASN1_OCTET_STRING_it,
	},
};

const ASN1_ITEM KRB5_ENCKEY_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_ENCKEY_seq_tt,
	.tcount = sizeof(KRB5_ENCKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_ENCKEY),
	.sname = "KRB5_ENCKEY",
};


KRB5_ENCKEY *
d2i_KRB5_ENCKEY(KRB5_ENCKEY **a, const unsigned char **in, long len)
{
	return (KRB5_ENCKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_ENCKEY_it);
}

int
i2d_KRB5_ENCKEY(KRB5_ENCKEY *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_ENCKEY_it);
}

KRB5_ENCKEY *
KRB5_ENCKEY_new(void)
{
	return (KRB5_ENCKEY *)ASN1_item_new(&KRB5_ENCKEY_it);
}

void
KRB5_ENCKEY_free(KRB5_ENCKEY *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_ENCKEY_it);
}


/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
static const ASN1_TEMPLATE KRB5_AUTHDATA_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_AUTHDATA, adtype),
		.field_name = "adtype",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 1,
		.offset = offsetof(KRB5_AUTHDATA, addata),
		.field_name = "addata",
		.item = &ASN1_OCTET_STRING_it,
	},
};

const ASN1_ITEM KRB5_AUTHDATA_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_AUTHDATA_seq_tt,
	.tcount = sizeof(KRB5_AUTHDATA_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_AUTHDATA),
	.sname = "KRB5_AUTHDATA",
};


KRB5_AUTHDATA *
d2i_KRB5_AUTHDATA(KRB5_AUTHDATA **a, const unsigned char **in, long len)
{
	return (KRB5_AUTHDATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_AUTHDATA_it);
}

int
i2d_KRB5_AUTHDATA(KRB5_AUTHDATA *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_AUTHDATA_it);
}

KRB5_AUTHDATA *
KRB5_AUTHDATA_new(void)
{
	return (KRB5_AUTHDATA *)ASN1_item_new(&KRB5_AUTHDATA_it);
}

void
KRB5_AUTHDATA_free(KRB5_AUTHDATA *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_AUTHDATA_it);
}


/* [APPLICATION 2] = 0x62 */
static const ASN1_TEMPLATE KRB5_AUTHENTBODY_seq_tt[] = {
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 0,
		.offset = offsetof(KRB5_AUTHENTBODY, avno),
		.field_name = "avno",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 1,
		.offset = offsetof(KRB5_AUTHENTBODY, crealm),
		.field_name = "crealm",
		.item = &ASN1_GENERALSTRING_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 2,
		.offset = offsetof(KRB5_AUTHENTBODY, cname),
		.field_name = "cname",
		.item = &KRB5_PRINCNAME_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
		.tag = 3,
		.offset = offsetof(KRB5_AUTHENTBODY, cksum),
		.field_name = "cksum",
		.item = &KRB5_CHECKSUM_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 4,
		.offset = offsetof(KRB5_AUTHENTBODY, cusec),
		.field_name = "cusec",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT,
		.tag = 5,
		.offset = offsetof(KRB5_AUTHENTBODY, ctime),
		.field_name = "ctime",
		.item = &ASN1_GENERALIZEDTIME_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
		.tag = 6,
		.offset = offsetof(KRB5_AUTHENTBODY, subkey),
		.field_name = "subkey",
		.item = &KRB5_ENCKEY_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
		.tag = 7,
		.offset = offsetof(KRB5_AUTHENTBODY, seqnum),
		.field_name = "seqnum",
		.item = &ASN1_INTEGER_it,
	},
	{
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
		.tag = 8,
		.offset = offsetof(KRB5_AUTHENTBODY, authorization),
		.field_name = "authorization",
		.item = &KRB5_AUTHDATA_it,
	},
};

const ASN1_ITEM KRB5_AUTHENTBODY_it = {
	.itype = ASN1_ITYPE_SEQUENCE,
	.utype = V_ASN1_SEQUENCE,
	.templates = KRB5_AUTHENTBODY_seq_tt,
	.tcount = sizeof(KRB5_AUTHENTBODY_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(KRB5_AUTHENTBODY),
	.sname = "KRB5_AUTHENTBODY",
};


KRB5_AUTHENTBODY *
d2i_KRB5_AUTHENTBODY(KRB5_AUTHENTBODY **a, const unsigned char **in, long len)
{
	return (KRB5_AUTHENTBODY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_AUTHENTBODY_it);
}

int
i2d_KRB5_AUTHENTBODY(KRB5_AUTHENTBODY *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_AUTHENTBODY_it);
}

KRB5_AUTHENTBODY *
KRB5_AUTHENTBODY_new(void)
{
	return (KRB5_AUTHENTBODY *)ASN1_item_new(&KRB5_AUTHENTBODY_it);
}

void
KRB5_AUTHENTBODY_free(KRB5_AUTHENTBODY *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_AUTHENTBODY_it);
}

static const ASN1_TEMPLATE KRB5_AUTHENT_item_tt =  {
	.flags = ASN1_TFLG_EXPTAG | ASN1_TFLG_APPLICATION,
	.tag = 2,
	.offset = 0,
	.field_name = "KRB5_AUTHENT",
	.item = &KRB5_AUTHENTBODY_it,
};

const ASN1_ITEM KRB5_AUTHENT_it = {
	.itype = ASN1_ITYPE_PRIMITIVE,
	.utype = -1,
	.templates = &KRB5_AUTHENT_item_tt,
	.tcount = 0,
	.funcs = NULL,
	.size = 0,
	.sname = "KRB5_AUTHENT",
};


KRB5_AUTHENT *
d2i_KRB5_AUTHENT(KRB5_AUTHENT **a, const unsigned char **in, long len)
{
	return (KRB5_AUTHENT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &KRB5_AUTHENT_it);
}

int
i2d_KRB5_AUTHENT(KRB5_AUTHENT *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_AUTHENT_it);
}

KRB5_AUTHENT *
KRB5_AUTHENT_new(void)
{
	return (KRB5_AUTHENT *)ASN1_item_new(&KRB5_AUTHENT_it);
}

void
KRB5_AUTHENT_free(KRB5_AUTHENT *a)
{
	ASN1_item_free((ASN1_VALUE *)a, &KRB5_AUTHENT_it);
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/lhash/lh_stats.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: lh_stats.c,v 1.11 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: lh_stats.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/lhash/lhash.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: lhash.c,v 1.16 2014/07/09 11:10:51 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: lhash.c,v 1.18 2016/11/08 20:20:06 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 * 1.1 eay - Added lh_doall
 *
 * 1.0 eay - First version
 */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/crypto.h>
#include <openssl/lhash.h>

#undef MIN_NODES







<
<
<







93
94
95
96
97
98
99



100
101
102
103
104
105
106
 * 1.1 eay - Added lh_doall
 *
 * 1.0 eay - First version
 */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>




#include <openssl/opensslconf.h>

#include <openssl/crypto.h>
#include <openssl/lhash.h>

#undef MIN_NODES
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
 * no collisions on /usr/dict/words and it distributes on %2^n quite
 * well, not as good as MD5, but still good.
 */
unsigned long
lh_strhash(const char *c)
{
	unsigned long ret = 0;
	long n;
	unsigned long v;
	int r;

	if ((c == NULL) || (*c == '\0'))
		return (ret);
/*
	unsigned char b[16];
	MD5(c,strlen(c),b);
	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
*/

	n = 0x100;
	while (*c) {
		v = n | (*c);
		n += 0x100;
		r = (int)((v >> 2) ^ v) & 0x0f;
		ret = (ret << r)|(ret >> (32 - r));
		ret &= 0xFFFFFFFFL;
		ret ^= v * v;
		c++;
	}
	return ((ret >> 16) ^ ret);
}

unsigned long
lh_num_items(const _LHASH *lh)
{
	return lh ? lh->num_items : 0;
}







<
|
|

|
|
<
<
<
<
<



|

|
|
|



|







427
428
429
430
431
432
433

434
435
436
437
438





439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
 * no collisions on /usr/dict/words and it distributes on %2^n quite
 * well, not as good as MD5, but still good.
 */
unsigned long
lh_strhash(const char *c)
{
	unsigned long ret = 0;

	unsigned long n, v;
	unsigned int r;

	if (c == NULL || *c == '\0')
		return ret;






	n = 0x100;
	while (*c) {
		v = n | *c;
		n += 0x100;
		if ((r = ((v >> 2) ^ v) & 0x0f) != 0)
			ret = (ret << r) | (ret >> (32 - r));
		ret &= 0xFFFFFFFFUL;
		ret ^= v * v;
		c++;
	}
	return (ret >> 16) ^ ret;
}

unsigned long
lh_num_items(const _LHASH *lh)
{
	return lh ? lh->num_items : 0;
}
Changes to jni/libressl/crypto/malloc-wrapper.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: malloc-wrapper.c,v 1.2 2014/04/17 20:44:45 tedu Exp $ */
/*
 * Copyright (c) 2014 Bob Beck
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: malloc-wrapper.c,v 1.3 2014/04/20 14:32:19 jsing Exp $ */
/*
 * Copyright (c) 2014 Bob Beck
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/md32_common.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: md32_common.h,v 1.19 2014/10/20 13:06:54 bcook Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md32_common.h,v 1.22 2016/11/04 13:56:04 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
{
	return (a<<n)|(a>>(32-n));
}

#if defined(DATA_ORDER_IS_BIG_ENDIAN)

#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
      (defined(__x86_64) || defined(__x86_64__))
    /*
     * This gives ~30-40% performance improvement in SHA-256 compiled
     * with gcc [on P4]. Well, first macro to be frank. We can pull
     * this trick on x86* platforms only, because these CPUs can fetch
     * unaligned data without raising an exception.
     */
#  define HOST_c2l(c,l)	({ unsigned int r=*((const unsigned int *)(c));	\
				   asm ("bswapl %0":"=r"(r):"0"(r));	\
				   (c)+=4; (l)=r;			})
#  define HOST_l2c(l,c)	({ unsigned int r=(l);			\
				   asm ("bswapl %0":"=r"(r):"0"(r));	\
				   *((unsigned int *)(c))=r; (c)+=4;	})
# endif
#endif
#if defined(__s390__) || defined(__s390x__)
# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
#endif

#ifndef HOST_c2l
#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))<<24);	\
			  l|=(((unsigned long)(*((c)++)))<<16);	\
			  l|=(((unsigned long)(*((c)++)))<< 8);	\
			  l|=(((unsigned long)(*((c)++)))    );	\
		      } while (0)
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) do {*((c)++)=(unsigned char)(((l)>>24)&0xff);	\
			  *((c)++)=(unsigned char)(((l)>>16)&0xff);	\
			  *((c)++)=(unsigned char)(((l)>> 8)&0xff);	\
			  *((c)++)=(unsigned char)(((l)    )&0xff);	\
		      } while (0)
#endif

#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__s390x__)
#  define HOST_c2l(c,l)	({ asm ("lrv	%0,%1"			\
				   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
				   (c)+=4; 				})
#  define HOST_l2c(l,c)	({ asm ("strv	%1,%0"			\
				   :"=m"(*(unsigned int *)(c)) :"d"(l));\
				   (c)+=4; 				})
# endif
#endif
#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
#  define HOST_c2l(c,l)	((l)=*((const unsigned int *)(c)), (c)+=4)
#  define HOST_l2c(l,c)	(*((unsigned int *)(c))=(l), (c)+=4)
#endif

#ifndef HOST_c2l
#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))    );	\







|
|














<
<
<
<


















<
<
<
<
<
<
<
<
<
<







148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170




171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188










189
190
191
192
193
194
195
{
	return (a<<n)|(a>>(32-n));
}

#if defined(DATA_ORDER_IS_BIG_ENDIAN)

#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if (defined(__i386) || defined(__i386__) || \
      defined(__x86_64) || defined(__x86_64__))
    /*
     * This gives ~30-40% performance improvement in SHA-256 compiled
     * with gcc [on P4]. Well, first macro to be frank. We can pull
     * this trick on x86* platforms only, because these CPUs can fetch
     * unaligned data without raising an exception.
     */
#  define HOST_c2l(c,l)	({ unsigned int r=*((const unsigned int *)(c));	\
				   asm ("bswapl %0":"=r"(r):"0"(r));	\
				   (c)+=4; (l)=r;			})
#  define HOST_l2c(l,c)	({ unsigned int r=(l);			\
				   asm ("bswapl %0":"=r"(r):"0"(r));	\
				   *((unsigned int *)(c))=r; (c)+=4;	})
# endif
#endif





#ifndef HOST_c2l
#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))<<24);	\
			  l|=(((unsigned long)(*((c)++)))<<16);	\
			  l|=(((unsigned long)(*((c)++)))<< 8);	\
			  l|=(((unsigned long)(*((c)++)))    );	\
		      } while (0)
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) do {*((c)++)=(unsigned char)(((l)>>24)&0xff);	\
			  *((c)++)=(unsigned char)(((l)>>16)&0xff);	\
			  *((c)++)=(unsigned char)(((l)>> 8)&0xff);	\
			  *((c)++)=(unsigned char)(((l)    )&0xff);	\
		      } while (0)
#endif

#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)











#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
#  define HOST_c2l(c,l)	((l)=*((const unsigned int *)(c)), (c)+=4)
#  define HOST_l2c(l,c)	(*((unsigned int *)(c))=(l), (c)+=4)
#endif

#ifndef HOST_c2l
#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))    );	\
Changes to jni/libressl/crypto/md4/md4_dgst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md4_dgst.c,v 1.16 2015/09/14 01:45:03 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/md4/md4_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md4_locl.h,v 1.10 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
56
57
58
59
60
61
62
63


64


65
66
67
68
69
70
71
 * [including the GNU Public Licence.]
 */

#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/md4.h>



void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);



#define DATA_ORDER_IS_LITTLE_ENDIAN

#define HASH_LONG		MD4_LONG
#define HASH_CTX		MD4_CTX
#define HASH_CBLOCK		MD4_CBLOCK
#define HASH_UPDATE		MD4_Update








>
>

>
>







56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 * [including the GNU Public Licence.]
 */

#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/md4.h>

__BEGIN_HIDDEN_DECLS

void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);

__END_HIDDEN_DECLS

#define DATA_ORDER_IS_LITTLE_ENDIAN

#define HASH_LONG		MD4_LONG
#define HASH_CTX		MD4_CTX
#define HASH_CBLOCK		MD4_CBLOCK
#define HASH_UPDATE		MD4_Update
Changes to jni/libressl/crypto/md4/md4_one.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md4_one.c,v 1.10 2015/09/14 01:45:03 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Added jni/libressl/crypto/md5/md5-elf-x86_64.S.
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
#include "x86_arch.h"
.text	
.align	16

.globl	md5_block_asm_data_order
.type	md5_block_asm_data_order,@function
md5_block_asm_data_order:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r14
	pushq	%r15
.Lprologue:




	movq	%rdi,%rbp
	shlq	$6,%rdx
	leaq	(%rsi,%rdx,1),%rdi
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx







	cmpq	%rdi,%rsi
	je	.Lend				


.Lloop:
	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r14d
	movl	%edx,%r15d
	movl	0(%rsi),%r10d
	movl	%edx,%r11d
	xorl	%ecx,%r11d
	leal	-680876936(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	4(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-389564586(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	8(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	606105819(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	12(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1044525330(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	16(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	-176418897(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	20(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	1200080426(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	24(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1473231341(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	28(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-45705983(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	32(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1770035416(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	36(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-1958414417(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	40(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-42063(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	44(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1990404162(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	48(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1804603682(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	52(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-40341101(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	56(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1502002290(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	60(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	1236535329(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	0(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	movl	4(%rsi),%r10d
	movl	%edx,%r11d
	movl	%edx,%r12d
	notl	%r11d
	leal	-165796510(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	24(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1069501632(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	44(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	643717713(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-373897302(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	20(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-701558691(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	40(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	38016083(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	60(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-660478335(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	16(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-405537848(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	36(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	568446438(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	56(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1019803690(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	12(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-187363961(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	32(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	1163531501(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	52(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-1444681467(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	8(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-51403784(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	28(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	1735328473(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	48(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-1926607734(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	movl	20(%rsi),%r10d
	movl	%ecx,%r11d
	leal	-378558(%rax,%r10,1),%eax
	movl	32(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-2022574463(%rdx,%r10,1),%edx
	movl	44(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	1839030562(%rcx,%r10,1),%ecx
	movl	56(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-35309556(%rbx,%r10,1),%ebx
	movl	4(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-1530992060(%rax,%r10,1),%eax
	movl	16(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	1272893353(%rdx,%r10,1),%edx
	movl	28(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-155497632(%rcx,%r10,1),%ecx
	movl	40(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-1094730640(%rbx,%r10,1),%ebx
	movl	52(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	681279174(%rax,%r10,1),%eax
	movl	0(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-358537222(%rdx,%r10,1),%edx
	movl	12(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-722521979(%rcx,%r10,1),%ecx
	movl	24(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	76029189(%rbx,%r10,1),%ebx
	movl	36(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-640364487(%rax,%r10,1),%eax
	movl	48(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-421815835(%rdx,%r10,1),%edx
	movl	60(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	530742520(%rcx,%r10,1),%ecx
	movl	8(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-995338651(%rbx,%r10,1),%ebx
	movl	0(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	xorl	%edx,%r11d
	leal	-198630844(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	28(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	1126891415(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	56(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1416354905(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	20(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-57434055(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	48(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1700485571(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	12(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1894986606(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	40(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1051523(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	4(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-2054922799(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	32(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1873313359(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	60(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-30611744(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	24(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1560198380(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	52(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	1309151649(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	16(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	-145523070(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	44(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1120210379(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	8(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	718787259(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	36(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-343485551(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx

	addl	%r8d,%eax
	addl	%r9d,%ebx
	addl	%r14d,%ecx
	addl	%r15d,%edx


	addq	$64,%rsi
	cmpq	%rdi,%rsi
	jb	.Lloop				


.Lend:
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	movq	(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r12
	movq	24(%rsp),%rbx
	movq	32(%rsp),%rbp
	addq	$40,%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	md5_block_asm_data_order,.-md5_block_asm_data_order
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/md5/md5-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
.text	
.align	16

.globl	md5_block_asm_data_order
.type	md5_block_asm_data_order,@function
md5_block_asm_data_order:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r14
	pushq	%r15
.Lprologue:




	movq	%rdi,%rbp
	shlq	$6,%rdx
	leaq	(%rsi,%rdx,1),%rdi
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx







	cmpq	%rdi,%rsi
	je	.Lend				


.Lloop:
	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r14d
	movl	%edx,%r15d
	movl	0(%rsi),%r10d
	movl	%edx,%r11d
	xorl	%ecx,%r11d
	leal	-680876936(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	4(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-389564586(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	8(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	606105819(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	12(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1044525330(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	16(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	-176418897(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	20(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	1200080426(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	24(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1473231341(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	28(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-45705983(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	32(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1770035416(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	36(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-1958414417(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	40(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-42063(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	44(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1990404162(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	48(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1804603682(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	52(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-40341101(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	56(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1502002290(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	60(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	1236535329(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	0(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	movl	4(%rsi),%r10d
	movl	%edx,%r11d
	movl	%edx,%r12d
	notl	%r11d
	leal	-165796510(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	24(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1069501632(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	44(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	643717713(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-373897302(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	20(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-701558691(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	40(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	38016083(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	60(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-660478335(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	16(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-405537848(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	36(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	568446438(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	56(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1019803690(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	12(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-187363961(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	32(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	1163531501(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	52(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-1444681467(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	8(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-51403784(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	28(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	1735328473(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	48(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-1926607734(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	movl	20(%rsi),%r10d
	movl	%ecx,%r11d
	leal	-378558(%rax,%r10,1),%eax
	movl	32(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-2022574463(%rdx,%r10,1),%edx
	movl	44(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	1839030562(%rcx,%r10,1),%ecx
	movl	56(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-35309556(%rbx,%r10,1),%ebx
	movl	4(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-1530992060(%rax,%r10,1),%eax
	movl	16(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	1272893353(%rdx,%r10,1),%edx
	movl	28(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-155497632(%rcx,%r10,1),%ecx
	movl	40(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-1094730640(%rbx,%r10,1),%ebx
	movl	52(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	681279174(%rax,%r10,1),%eax
	movl	0(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-358537222(%rdx,%r10,1),%edx
	movl	12(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-722521979(%rcx,%r10,1),%ecx
	movl	24(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	76029189(%rbx,%r10,1),%ebx
	movl	36(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-640364487(%rax,%r10,1),%eax
	movl	48(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-421815835(%rdx,%r10,1),%edx
	movl	60(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	530742520(%rcx,%r10,1),%ecx
	movl	8(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-995338651(%rbx,%r10,1),%ebx
	movl	0(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	xorl	%edx,%r11d
	leal	-198630844(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	28(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	1126891415(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	56(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1416354905(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	20(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-57434055(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	48(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1700485571(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	12(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1894986606(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	40(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1051523(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	4(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-2054922799(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	32(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1873313359(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	60(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-30611744(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	24(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1560198380(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	52(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	1309151649(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	16(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	-145523070(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	44(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1120210379(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	8(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	718787259(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	36(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-343485551(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx

	addl	%r8d,%eax
	addl	%r9d,%ebx
	addl	%r14d,%ecx
	addl	%r15d,%edx


	addq	$64,%rsi
	cmpq	%rdi,%rsi
	jb	.Lloop				


.Lend:
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	movq	(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r12
	movq	24(%rsp),%rbx
	movq	32(%rsp),%rbp
	addq	$40,%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	md5_block_asm_data_order,.-md5_block_asm_data_order
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/md5/md5-macosx-x86_64.S.


























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
#include "x86_arch.h"
.text	
.p2align	4

.globl	_md5_block_asm_data_order

_md5_block_asm_data_order:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r14
	pushq	%r15
L$prologue:




	movq	%rdi,%rbp
	shlq	$6,%rdx
	leaq	(%rsi,%rdx,1),%rdi
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx







	cmpq	%rdi,%rsi
	je	L$end				


L$loop:
	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r14d
	movl	%edx,%r15d
	movl	0(%rsi),%r10d
	movl	%edx,%r11d
	xorl	%ecx,%r11d
	leal	-680876936(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	4(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-389564586(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	8(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	606105819(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	12(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1044525330(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	16(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	-176418897(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	20(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	1200080426(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	24(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1473231341(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	28(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-45705983(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	32(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1770035416(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	36(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-1958414417(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	40(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-42063(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	44(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1990404162(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	48(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1804603682(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	52(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-40341101(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	56(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1502002290(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	60(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	1236535329(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	0(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	movl	4(%rsi),%r10d
	movl	%edx,%r11d
	movl	%edx,%r12d
	notl	%r11d
	leal	-165796510(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	24(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1069501632(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	44(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	643717713(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-373897302(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	20(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-701558691(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	40(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	38016083(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	60(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-660478335(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	16(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-405537848(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	36(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	568446438(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	56(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1019803690(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	12(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-187363961(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	32(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	1163531501(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	52(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-1444681467(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	8(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-51403784(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	28(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	1735328473(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	48(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-1926607734(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	movl	20(%rsi),%r10d
	movl	%ecx,%r11d
	leal	-378558(%rax,%r10,1),%eax
	movl	32(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-2022574463(%rdx,%r10,1),%edx
	movl	44(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	1839030562(%rcx,%r10,1),%ecx
	movl	56(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-35309556(%rbx,%r10,1),%ebx
	movl	4(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-1530992060(%rax,%r10,1),%eax
	movl	16(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	1272893353(%rdx,%r10,1),%edx
	movl	28(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-155497632(%rcx,%r10,1),%ecx
	movl	40(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-1094730640(%rbx,%r10,1),%ebx
	movl	52(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	681279174(%rax,%r10,1),%eax
	movl	0(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-358537222(%rdx,%r10,1),%edx
	movl	12(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-722521979(%rcx,%r10,1),%ecx
	movl	24(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	76029189(%rbx,%r10,1),%ebx
	movl	36(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-640364487(%rax,%r10,1),%eax
	movl	48(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-421815835(%rdx,%r10,1),%edx
	movl	60(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	530742520(%rcx,%r10,1),%ecx
	movl	8(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-995338651(%rbx,%r10,1),%ebx
	movl	0(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	xorl	%edx,%r11d
	leal	-198630844(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	28(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	1126891415(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	56(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1416354905(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	20(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-57434055(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	48(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1700485571(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	12(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1894986606(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	40(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1051523(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	4(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-2054922799(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	32(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1873313359(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	60(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-30611744(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	24(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1560198380(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	52(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	1309151649(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	16(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	-145523070(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	44(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1120210379(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	8(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	718787259(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	36(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-343485551(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx

	addl	%r8d,%eax
	addl	%r9d,%ebx
	addl	%r14d,%ecx
	addl	%r15d,%edx


	addq	$64,%rsi
	cmpq	%rdi,%rsi
	jb	L$loop				


L$end:
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	movq	(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r12
	movq	24(%rsp),%rbx
	movq	32(%rsp),%rbp
	addq	$40,%rsp
L$epilogue:
	.byte	0xf3,0xc3

Deleted jni/libressl/crypto/md5/md5-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
.text	
.p2align	4

.globl	_md5_block_asm_data_order

_md5_block_asm_data_order:
	pushq	%rbp
	pushq	%rbx
	pushq	%r12
	pushq	%r14
	pushq	%r15
L$prologue:




	movq	%rdi,%rbp
	shlq	$6,%rdx
	leaq	(%rsi,%rdx,1),%rdi
	movl	0(%rbp),%eax
	movl	4(%rbp),%ebx
	movl	8(%rbp),%ecx
	movl	12(%rbp),%edx







	cmpq	%rdi,%rsi
	je	L$end				


L$loop:
	movl	%eax,%r8d
	movl	%ebx,%r9d
	movl	%ecx,%r14d
	movl	%edx,%r15d
	movl	0(%rsi),%r10d
	movl	%edx,%r11d
	xorl	%ecx,%r11d
	leal	-680876936(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	4(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-389564586(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	8(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	606105819(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	12(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1044525330(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	16(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	-176418897(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	20(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	1200080426(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	24(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1473231341(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	28(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-45705983(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	32(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1770035416(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	36(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-1958414417(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	40(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-42063(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	44(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	-1990404162(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	48(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	xorl	%ecx,%r11d
	leal	1804603682(%rax,%r10,1),%eax
	andl	%ebx,%r11d
	xorl	%edx,%r11d
	movl	52(%rsi),%r10d
	addl	%r11d,%eax
	roll	$7,%eax
	movl	%ecx,%r11d
	addl	%ebx,%eax
	xorl	%ebx,%r11d
	leal	-40341101(%rdx,%r10,1),%edx
	andl	%eax,%r11d
	xorl	%ecx,%r11d
	movl	56(%rsi),%r10d
	addl	%r11d,%edx
	roll	$12,%edx
	movl	%ebx,%r11d
	addl	%eax,%edx
	xorl	%eax,%r11d
	leal	-1502002290(%rcx,%r10,1),%ecx
	andl	%edx,%r11d
	xorl	%ebx,%r11d
	movl	60(%rsi),%r10d
	addl	%r11d,%ecx
	roll	$17,%ecx
	movl	%eax,%r11d
	addl	%edx,%ecx
	xorl	%edx,%r11d
	leal	1236535329(%rbx,%r10,1),%ebx
	andl	%ecx,%r11d
	xorl	%eax,%r11d
	movl	0(%rsi),%r10d
	addl	%r11d,%ebx
	roll	$22,%ebx
	movl	%edx,%r11d
	addl	%ecx,%ebx
	movl	4(%rsi),%r10d
	movl	%edx,%r11d
	movl	%edx,%r12d
	notl	%r11d
	leal	-165796510(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	24(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1069501632(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	44(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	643717713(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-373897302(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	20(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-701558691(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	40(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	38016083(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	60(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-660478335(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	16(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-405537848(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	36(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	568446438(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	56(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-1019803690(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	12(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	-187363961(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	32(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	1163531501(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	52(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	notl	%r11d
	leal	-1444681467(%rax,%r10,1),%eax
	andl	%ebx,%r12d
	andl	%ecx,%r11d
	movl	8(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ecx,%r11d
	addl	%r12d,%eax
	movl	%ecx,%r12d
	roll	$5,%eax
	addl	%ebx,%eax
	notl	%r11d
	leal	-51403784(%rdx,%r10,1),%edx
	andl	%eax,%r12d
	andl	%ebx,%r11d
	movl	28(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%ebx,%r11d
	addl	%r12d,%edx
	movl	%ebx,%r12d
	roll	$9,%edx
	addl	%eax,%edx
	notl	%r11d
	leal	1735328473(%rcx,%r10,1),%ecx
	andl	%edx,%r12d
	andl	%eax,%r11d
	movl	48(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%eax,%r11d
	addl	%r12d,%ecx
	movl	%eax,%r12d
	roll	$14,%ecx
	addl	%edx,%ecx
	notl	%r11d
	leal	-1926607734(%rbx,%r10,1),%ebx
	andl	%ecx,%r12d
	andl	%edx,%r11d
	movl	0(%rsi),%r10d
	orl	%r11d,%r12d
	movl	%edx,%r11d
	addl	%r12d,%ebx
	movl	%edx,%r12d
	roll	$20,%ebx
	addl	%ecx,%ebx
	movl	20(%rsi),%r10d
	movl	%ecx,%r11d
	leal	-378558(%rax,%r10,1),%eax
	movl	32(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-2022574463(%rdx,%r10,1),%edx
	movl	44(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	1839030562(%rcx,%r10,1),%ecx
	movl	56(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-35309556(%rbx,%r10,1),%ebx
	movl	4(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-1530992060(%rax,%r10,1),%eax
	movl	16(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	1272893353(%rdx,%r10,1),%edx
	movl	28(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-155497632(%rcx,%r10,1),%ecx
	movl	40(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-1094730640(%rbx,%r10,1),%ebx
	movl	52(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	681279174(%rax,%r10,1),%eax
	movl	0(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-358537222(%rdx,%r10,1),%edx
	movl	12(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	-722521979(%rcx,%r10,1),%ecx
	movl	24(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	76029189(%rbx,%r10,1),%ebx
	movl	36(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	leal	-640364487(%rax,%r10,1),%eax
	movl	48(%rsi),%r10d
	xorl	%edx,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%eax
	roll	$4,%eax
	movl	%ebx,%r11d
	addl	%ebx,%eax
	leal	-421815835(%rdx,%r10,1),%edx
	movl	60(%rsi),%r10d
	xorl	%ecx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%edx
	roll	$11,%edx
	movl	%eax,%r11d
	addl	%eax,%edx
	leal	530742520(%rcx,%r10,1),%ecx
	movl	8(%rsi),%r10d
	xorl	%ebx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ecx
	roll	$16,%ecx
	movl	%edx,%r11d
	addl	%edx,%ecx
	leal	-995338651(%rbx,%r10,1),%ebx
	movl	0(%rsi),%r10d
	xorl	%eax,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%ebx
	roll	$23,%ebx
	movl	%ecx,%r11d
	addl	%ecx,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	xorl	%edx,%r11d
	leal	-198630844(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	28(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	1126891415(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	56(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1416354905(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	20(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-57434055(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	48(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1700485571(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	12(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1894986606(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	40(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1051523(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	4(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-2054922799(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	32(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	1873313359(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	60(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-30611744(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	24(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	-1560198380(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	52(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	1309151649(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	16(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx
	leal	-145523070(%rax,%r10,1),%eax
	orl	%ebx,%r11d
	xorl	%ecx,%r11d
	addl	%r11d,%eax
	movl	44(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$6,%eax
	xorl	%ecx,%r11d
	addl	%ebx,%eax
	leal	-1120210379(%rdx,%r10,1),%edx
	orl	%eax,%r11d
	xorl	%ebx,%r11d
	addl	%r11d,%edx
	movl	8(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$10,%edx
	xorl	%ebx,%r11d
	addl	%eax,%edx
	leal	718787259(%rcx,%r10,1),%ecx
	orl	%edx,%r11d
	xorl	%eax,%r11d
	addl	%r11d,%ecx
	movl	36(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$15,%ecx
	xorl	%eax,%r11d
	addl	%edx,%ecx
	leal	-343485551(%rbx,%r10,1),%ebx
	orl	%ecx,%r11d
	xorl	%edx,%r11d
	addl	%r11d,%ebx
	movl	0(%rsi),%r10d
	movl	$4294967295,%r11d
	roll	$21,%ebx
	xorl	%edx,%r11d
	addl	%ecx,%ebx

	addl	%r8d,%eax
	addl	%r9d,%ebx
	addl	%r14d,%ecx
	addl	%r15d,%edx


	addq	$64,%rsi
	cmpq	%rdi,%rsi
	jb	L$loop				


L$end:
	movl	%eax,0(%rbp)
	movl	%ebx,4(%rbp)
	movl	%ecx,8(%rbp)
	movl	%edx,12(%rbp)

	movq	(%rsp),%r15
	movq	8(%rsp),%r14
	movq	16(%rsp),%r12
	movq	24(%rsp),%rbx
	movq	32(%rsp),%rbp
	addq	$40,%rsp
L$epilogue:
	.byte	0xf3,0xc3

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/md5/md5_dgst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: md5_dgst.c,v 1.13 2014/07/09 11:10:51 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md5_dgst.c,v 1.14 2014/10/28 07:35:59 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/md5/md5_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: md5_locl.h,v 1.12 2014/08/18 19:11:48 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md5_locl.h,v 1.14 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
67
68
69
70
71
72
73
74


75


76
77
78
79
80
81
82
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
#  define md5_block_data_order md5_block_asm_data_order
# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
#  define md5_block_data_order md5_block_asm_data_order
# endif
#endif



void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);



#define DATA_ORDER_IS_LITTLE_ENDIAN

#define HASH_LONG		MD5_LONG
#define HASH_CTX		MD5_CTX
#define HASH_CBLOCK		MD5_CBLOCK
#define HASH_UPDATE		MD5_Update








>
>

>
>







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
#  define md5_block_data_order md5_block_asm_data_order
# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
#  define md5_block_data_order md5_block_asm_data_order
# endif
#endif

__BEGIN_HIDDEN_DECLS

void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);

__END_HIDDEN_DECLS

#define DATA_ORDER_IS_LITTLE_ENDIAN

#define HASH_LONG		MD5_LONG
#define HASH_CTX		MD5_CTX
#define HASH_CBLOCK		MD5_CBLOCK
#define HASH_UPDATE		MD5_Update
Changes to jni/libressl/crypto/md5/md5_one.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: md5_one.c,v 1.9 2015/09/10 15:03:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md5_one.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/mem_clr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: mem_clr.c,v 1.3 2014/04/15 23:04:49 tedu Exp $ */

/* Ted Unangst places this file in the public domain. */
#include <string.h>
#include <openssl/crypto.h>

void
OPENSSL_cleanse(void *ptr, size_t len)
|







1
2
3
4
5
6
7
8
/* $OpenBSD: mem_clr.c,v 1.4 2014/06/12 15:49:27 deraadt Exp $ */

/* Ted Unangst places this file in the public domain. */
#include <string.h>
#include <openssl/crypto.h>

void
OPENSSL_cleanse(void *ptr, size_t len)
Changes to jni/libressl/crypto/mem_dbg.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: mem_dbg.c,v 1.22 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/modes/cbc128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cbc128.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cbc128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/modes/ccm128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ccm128.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ccm128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/modes/cfb128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cfb128.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cfb128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/modes/ctr128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ctr128.c,v 1.5 2014/07/09 16:06:13 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ctr128.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/modes/cts128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: cts128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
 *
 * Rights for redistribution and usage in source and binary
 * forms are granted according to the OpenSSL license.
 */

|







1
2
3
4
5
6
7
8
/* $OpenBSD: cts128.c,v 1.5 2015/07/19 18:27:26 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
 *
 * Rights for redistribution and usage in source and binary
 * forms are granted according to the OpenSSL license.
 */

Changes to jni/libressl/crypto/modes/gcm128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: gcm128.c,v 1.12 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gcm128.c,v 1.15 2016/11/04 17:30:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
633
634
635
636
637
638
639







640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
		Xi[1] = Z.lo;
	}
}
#define GCM_MUL(ctx,Xi)	  gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)

#endif








#if	TABLE_BITS==4 && defined(GHASH_ASM)
# if	!defined(I386_ONLY) && \
	(defined(__i386)	|| defined(__i386__)	|| \
	 defined(__x86_64)	|| defined(__x86_64__)	|| \
	 defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64))
#  define GHASH_ASM_X86_OR_64
#  define GCM_FUNCREF_4BIT
extern unsigned int OPENSSL_ia32cap_P[2];

void gcm_init_clmul(u128 Htable[16],const u64 Xi[2]);
void gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]);
void gcm_ghash_clmul(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);

#  if	defined(__i386) || defined(__i386__) || defined(_M_IX86)
#   define GHASH_ASM_X86







>
>
>
>
>
>
>

<
|




<







633
634
635
636
637
638
639
640
641
642
643
644
645
646
647

648
649
650
651
652

653
654
655
656
657
658
659
		Xi[1] = Z.lo;
	}
}
#define GCM_MUL(ctx,Xi)	  gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)

#endif

#if	defined(GHASH_ASM) && \
	(defined(__i386)	|| defined(__i386__)	|| \
	 defined(__x86_64)	|| defined(__x86_64__)	|| \
	 defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64))
#include "x86_arch.h"
#endif

#if	TABLE_BITS==4 && defined(GHASH_ASM)

# if	(defined(__i386)	|| defined(__i386__)	|| \
	 defined(__x86_64)	|| defined(__x86_64__)	|| \
	 defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64))
#  define GHASH_ASM_X86_OR_64
#  define GCM_FUNCREF_4BIT


void gcm_init_clmul(u128 Htable[16],const u64 Xi[2]);
void gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]);
void gcm_ghash_clmul(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);

#  if	defined(__i386) || defined(__i386__) || defined(_M_IX86)
#   define GHASH_ASM_X86
702
703
704
705
706
707
708
709
710

711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
	}

#if	TABLE_BITS==8
	gcm_init_8bit(ctx->Htable,ctx->H.u);
#elif	TABLE_BITS==4
# if	defined(GHASH_ASM_X86_OR_64)
#  if	!defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
	if (OPENSSL_ia32cap_P[0]&(1<<24) &&	/* check FXSR bit */
	    OPENSSL_ia32cap_P[1]&(1<<1) ) {	/* check PCLMULQDQ bit */

		gcm_init_clmul(ctx->Htable,ctx->H.u);
		ctx->gmult = gcm_gmult_clmul;
		ctx->ghash = gcm_ghash_clmul;
		return;
	}
#  endif
	gcm_init_4bit(ctx->Htable,ctx->H.u);
#  if	defined(GHASH_ASM_X86)			/* x86 only */
#   if	defined(OPENSSL_IA32_SSE2)
	if (OPENSSL_ia32cap_P[0]&(1<<25)) {	/* check SSE bit */
#   else
	if (OPENSSL_ia32cap_P[0]&(1<<23)) {	/* check MMX bit */
#   endif
		ctx->gmult = gcm_gmult_4bit_mmx;
		ctx->ghash = gcm_ghash_4bit_mmx;
	} else {
		ctx->gmult = gcm_gmult_4bit_x86;
		ctx->ghash = gcm_ghash_4bit_x86;
	}







|
|
>









|

|







707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
	}

#if	TABLE_BITS==8
	gcm_init_8bit(ctx->Htable,ctx->H.u);
#elif	TABLE_BITS==4
# if	defined(GHASH_ASM_X86_OR_64)
#  if	!defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
	/* check FXSR and PCLMULQDQ bits */
	if ((OPENSSL_cpu_caps() & (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) ==
	    (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) {
		gcm_init_clmul(ctx->Htable,ctx->H.u);
		ctx->gmult = gcm_gmult_clmul;
		ctx->ghash = gcm_ghash_clmul;
		return;
	}
#  endif
	gcm_init_4bit(ctx->Htable,ctx->H.u);
#  if	defined(GHASH_ASM_X86)			/* x86 only */
#   if	defined(OPENSSL_IA32_SSE2)
	if (OPENSSL_cpu_caps() & CPUCAP_MASK_SSE) {	/* check SSE bit */
#   else
	if (OPENSSL_cpu_caps() & CPUCAP_MASK_MMX) {	/* check MMX bit */
#   endif
		ctx->gmult = gcm_gmult_4bit_mmx;
		ctx->ghash = gcm_ghash_4bit_mmx;
	} else {
		ctx->gmult = gcm_gmult_4bit_x86;
		ctx->ghash = gcm_ghash_4bit_x86;
	}
Added jni/libressl/crypto/modes/ghash-elf-x86_64.S.












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
#include "x86_arch.h"
.text	

.globl	gcm_gmult_4bit
.type	gcm_gmult_4bit,@function
.align	16
gcm_gmult_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
.Lgmult_prologue:

	movzbq	15(%rdi),%r8
	leaq	.Lrem_4bit(%rip),%r11
	xorq	%rax,%rax
	xorq	%rbx,%rbx
	movb	%r8b,%al
	movb	%r8b,%bl
	shlb	$4,%al
	movq	$14,%rcx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	movq	%r8,%rdx
	jmp	.Loop1

.align	16
.Loop1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	movb	(%rdi,%rcx,1),%al
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	movb	%al,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	shlb	$4,%al
	xorq	%r10,%r8
	decq	%rcx
	js	.Lbreak1

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8
	jmp	.Loop1

.align	16
.Lbreak1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	xorq	%r10,%r8
	xorq	(%r11,%rdx,8),%r9

	bswapq	%r8
	bswapq	%r9
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	movq	16(%rsp),%rbx
	leaq	24(%rsp),%rsp
.Lgmult_epilogue:
	.byte	0xf3,0xc3
.size	gcm_gmult_4bit,.-gcm_gmult_4bit
.globl	gcm_ghash_4bit
.type	gcm_ghash_4bit,@function
.align	16
gcm_ghash_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$280,%rsp
.Lghash_prologue:
	movq	%rdx,%r14
	movq	%rcx,%r15
	subq	$-128,%rsi
	leaq	16+128(%rsp),%rbp
	xorl	%edx,%edx
	movq	0+0-128(%rsi),%r8
	movq	0+8-128(%rsi),%rax
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	16+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	16+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,0(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,0(%rbp)
	movq	32+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,0-128(%rbp)
	movq	32+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,1(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,8(%rbp)
	movq	48+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,8-128(%rbp)
	movq	48+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,2(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,16(%rbp)
	movq	64+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,16-128(%rbp)
	movq	64+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,3(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,24(%rbp)
	movq	80+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,24-128(%rbp)
	movq	80+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,4(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,32(%rbp)
	movq	96+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,32-128(%rbp)
	movq	96+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,5(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,40(%rbp)
	movq	112+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,40-128(%rbp)
	movq	112+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,6(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,48(%rbp)
	movq	128+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,48-128(%rbp)
	movq	128+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,7(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,56(%rbp)
	movq	144+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,56-128(%rbp)
	movq	144+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,8(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,64(%rbp)
	movq	160+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,64-128(%rbp)
	movq	160+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,9(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,72(%rbp)
	movq	176+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,72-128(%rbp)
	movq	176+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,10(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,80(%rbp)
	movq	192+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,80-128(%rbp)
	movq	192+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,11(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,88(%rbp)
	movq	208+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,88-128(%rbp)
	movq	208+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,12(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,96(%rbp)
	movq	224+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,96-128(%rbp)
	movq	224+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,13(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,104(%rbp)
	movq	240+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,104-128(%rbp)
	movq	240+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,14(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,112(%rbp)
	shlb	$4,%dl
	movq	%rax,112-128(%rbp)
	shlq	$60,%r10
	movb	%dl,15(%rsp)
	orq	%r10,%rbx
	movq	%r9,120(%rbp)
	movq	%rbx,120-128(%rbp)
	addq	$-128,%rsi
	movq	8(%rdi),%r8
	movq	0(%rdi),%r9
	addq	%r14,%r15
	leaq	.Lrem_8bit(%rip),%r11
	jmp	.Louter_loop
.align	16
.Louter_loop:
	xorq	(%r14),%r9
	movq	8(%r14),%rdx
	leaq	16(%r14),%r14
	xorq	%r8,%rdx
	movq	%r9,(%rdi)
	movq	%rdx,8(%rdi)
	shrq	$32,%rdx
	xorq	%rax,%rax
	roll	$8,%edx
	movb	%dl,%al
	movzbl	%dl,%ebx
	shlb	$4,%al
	shrl	$4,%ebx
	roll	$8,%edx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	xorq	%r8,%r12
	movq	%r9,%r10
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	8(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	0(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	andl	$240,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	-4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	movzwq	(%r11,%r12,2),%r12
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	shlq	$48,%r12
	xorq	%r10,%r8
	xorq	%r12,%r9
	movzbq	%r8b,%r13
	shrq	$4,%r8
	movq	%r9,%r10
	shlb	$4,%r13b
	shrq	$4,%r9
	xorq	8(%rsi,%rcx,1),%r8
	movzwq	(%r11,%r13,2),%r13
	shlq	$60,%r10
	xorq	(%rsi,%rcx,1),%r9
	xorq	%r10,%r8
	shlq	$48,%r13
	bswapq	%r8
	xorq	%r13,%r9
	bswapq	%r9
	cmpq	%r15,%r14
	jb	.Louter_loop
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	leaq	280(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lghash_epilogue:
	.byte	0xf3,0xc3
.size	gcm_ghash_4bit,.-gcm_ghash_4bit
.globl	gcm_init_clmul
.type	gcm_init_clmul,@function
.align	16
gcm_init_clmul:
	movdqu	(%rsi),%xmm2
	pshufd	$78,%xmm2,%xmm2


	pshufd	$255,%xmm2,%xmm4
	movdqa	%xmm2,%xmm3
	psllq	$1,%xmm2
	pxor	%xmm5,%xmm5
	psrlq	$63,%xmm3
	pcmpgtd	%xmm4,%xmm5
	pslldq	$8,%xmm3
	por	%xmm3,%xmm2


	pand	.L0x1c2_polynomial(%rip),%xmm5
	pxor	%xmm5,%xmm2


	movdqa	%xmm2,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	movdqu	%xmm2,(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3
.size	gcm_init_clmul,.-gcm_init_clmul
.globl	gcm_gmult_clmul
.type	gcm_gmult_clmul,@function
.align	16
gcm_gmult_clmul:
	movdqu	(%rdi),%xmm0
	movdqa	.Lbswap_mask(%rip),%xmm5
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3
.size	gcm_gmult_clmul,.-gcm_gmult_clmul
.globl	gcm_ghash_clmul
.type	gcm_ghash_clmul,@function
.align	16
gcm_ghash_clmul:
	movdqa	.Lbswap_mask(%rip),%xmm5

	movdqu	(%rdi),%xmm0
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197

	subq	$16,%rcx
	jz	.Lodd_tail

	movdqu	16(%rsi),%xmm8





	movdqu	(%rdx),%xmm3
	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245
	pxor	%xmm3,%xmm0
	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm6,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,242,0
.byte	102,15,58,68,250,17
.byte	102,15,58,68,220,0
	pxor	%xmm6,%xmm3
	pxor	%xmm7,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm7
	pxor	%xmm4,%xmm6
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	jbe	.Leven_tail

.Lmod_loop:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	movdqu	(%rdx),%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245

	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm9
	pshufd	$78,%xmm2,%xmm10
	pxor	%xmm6,%xmm9
	pxor	%xmm2,%xmm10
	pxor	%xmm3,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
.byte	102,15,58,68,242,0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1

.byte	102,15,58,68,250,17
	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0

.byte	102,69,15,58,68,202,0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	pxor	%xmm6,%xmm9
	pxor	%xmm7,%xmm9
	movdqa	%xmm9,%xmm10
	psrldq	$8,%xmm9
	pslldq	$8,%xmm10
	pxor	%xmm9,%xmm7
	pxor	%xmm10,%xmm6

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	ja	.Lmod_loop

.Leven_tail:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	testq	%rcx,%rcx
	jnz	.Ldone

.Lodd_tail:
	movdqu	(%rdx),%xmm3
.byte	102,15,56,0,221
	pxor	%xmm3,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
.Ldone:
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3
.LSEH_end_gcm_ghash_clmul:
.size	gcm_ghash_clmul,.-gcm_ghash_clmul
.align	64
.Lbswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
.L0x1c2_polynomial:
.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
.align	64
.type	.Lrem_4bit,@object
.Lrem_4bit:
.long	0,0,0,471859200,0,943718400,0,610271232
.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160
.type	.Lrem_8bit,@object
.Lrem_8bit:
.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE

.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/modes/ghash-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
.text	

.globl	gcm_gmult_4bit
.type	gcm_gmult_4bit,@function
.align	16
gcm_gmult_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
.Lgmult_prologue:

	movzbq	15(%rdi),%r8
	leaq	.Lrem_4bit(%rip),%r11
	xorq	%rax,%rax
	xorq	%rbx,%rbx
	movb	%r8b,%al
	movb	%r8b,%bl
	shlb	$4,%al
	movq	$14,%rcx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	movq	%r8,%rdx
	jmp	.Loop1

.align	16
.Loop1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	movb	(%rdi,%rcx,1),%al
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	movb	%al,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	shlb	$4,%al
	xorq	%r10,%r8
	decq	%rcx
	js	.Lbreak1

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8
	jmp	.Loop1

.align	16
.Lbreak1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	xorq	%r10,%r8
	xorq	(%r11,%rdx,8),%r9

	bswapq	%r8
	bswapq	%r9
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	movq	16(%rsp),%rbx
	leaq	24(%rsp),%rsp
.Lgmult_epilogue:
	.byte	0xf3,0xc3
.size	gcm_gmult_4bit,.-gcm_gmult_4bit
.globl	gcm_ghash_4bit
.type	gcm_ghash_4bit,@function
.align	16
gcm_ghash_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$280,%rsp
.Lghash_prologue:
	movq	%rdx,%r14
	movq	%rcx,%r15
	subq	$-128,%rsi
	leaq	16+128(%rsp),%rbp
	xorl	%edx,%edx
	movq	0+0-128(%rsi),%r8
	movq	0+8-128(%rsi),%rax
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	16+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	16+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,0(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,0(%rbp)
	movq	32+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,0-128(%rbp)
	movq	32+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,1(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,8(%rbp)
	movq	48+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,8-128(%rbp)
	movq	48+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,2(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,16(%rbp)
	movq	64+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,16-128(%rbp)
	movq	64+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,3(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,24(%rbp)
	movq	80+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,24-128(%rbp)
	movq	80+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,4(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,32(%rbp)
	movq	96+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,32-128(%rbp)
	movq	96+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,5(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,40(%rbp)
	movq	112+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,40-128(%rbp)
	movq	112+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,6(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,48(%rbp)
	movq	128+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,48-128(%rbp)
	movq	128+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,7(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,56(%rbp)
	movq	144+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,56-128(%rbp)
	movq	144+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,8(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,64(%rbp)
	movq	160+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,64-128(%rbp)
	movq	160+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,9(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,72(%rbp)
	movq	176+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,72-128(%rbp)
	movq	176+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,10(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,80(%rbp)
	movq	192+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,80-128(%rbp)
	movq	192+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,11(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,88(%rbp)
	movq	208+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,88-128(%rbp)
	movq	208+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,12(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,96(%rbp)
	movq	224+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,96-128(%rbp)
	movq	224+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,13(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,104(%rbp)
	movq	240+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,104-128(%rbp)
	movq	240+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,14(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,112(%rbp)
	shlb	$4,%dl
	movq	%rax,112-128(%rbp)
	shlq	$60,%r10
	movb	%dl,15(%rsp)
	orq	%r10,%rbx
	movq	%r9,120(%rbp)
	movq	%rbx,120-128(%rbp)
	addq	$-128,%rsi
	movq	8(%rdi),%r8
	movq	0(%rdi),%r9
	addq	%r14,%r15
	leaq	.Lrem_8bit(%rip),%r11
	jmp	.Louter_loop
.align	16
.Louter_loop:
	xorq	(%r14),%r9
	movq	8(%r14),%rdx
	leaq	16(%r14),%r14
	xorq	%r8,%rdx
	movq	%r9,(%rdi)
	movq	%rdx,8(%rdi)
	shrq	$32,%rdx
	xorq	%rax,%rax
	roll	$8,%edx
	movb	%dl,%al
	movzbl	%dl,%ebx
	shlb	$4,%al
	shrl	$4,%ebx
	roll	$8,%edx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	xorq	%r8,%r12
	movq	%r9,%r10
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	8(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	0(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	andl	$240,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	-4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	movzwq	(%r11,%r12,2),%r12
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	shlq	$48,%r12
	xorq	%r10,%r8
	xorq	%r12,%r9
	movzbq	%r8b,%r13
	shrq	$4,%r8
	movq	%r9,%r10
	shlb	$4,%r13b
	shrq	$4,%r9
	xorq	8(%rsi,%rcx,1),%r8
	movzwq	(%r11,%r13,2),%r13
	shlq	$60,%r10
	xorq	(%rsi,%rcx,1),%r9
	xorq	%r10,%r8
	shlq	$48,%r13
	bswapq	%r8
	xorq	%r13,%r9
	bswapq	%r9
	cmpq	%r15,%r14
	jb	.Louter_loop
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	leaq	280(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lghash_epilogue:
	.byte	0xf3,0xc3
.size	gcm_ghash_4bit,.-gcm_ghash_4bit
.globl	gcm_init_clmul
.type	gcm_init_clmul,@function
.align	16
gcm_init_clmul:
	movdqu	(%rsi),%xmm2
	pshufd	$78,%xmm2,%xmm2


	pshufd	$255,%xmm2,%xmm4
	movdqa	%xmm2,%xmm3
	psllq	$1,%xmm2
	pxor	%xmm5,%xmm5
	psrlq	$63,%xmm3
	pcmpgtd	%xmm4,%xmm5
	pslldq	$8,%xmm3
	por	%xmm3,%xmm2


	pand	.L0x1c2_polynomial(%rip),%xmm5
	pxor	%xmm5,%xmm2


	movdqa	%xmm2,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	movdqu	%xmm2,(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3
.size	gcm_init_clmul,.-gcm_init_clmul
.globl	gcm_gmult_clmul
.type	gcm_gmult_clmul,@function
.align	16
gcm_gmult_clmul:
	movdqu	(%rdi),%xmm0
	movdqa	.Lbswap_mask(%rip),%xmm5
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3
.size	gcm_gmult_clmul,.-gcm_gmult_clmul
.globl	gcm_ghash_clmul
.type	gcm_ghash_clmul,@function
.align	16
gcm_ghash_clmul:
	movdqa	.Lbswap_mask(%rip),%xmm5

	movdqu	(%rdi),%xmm0
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197

	subq	$16,%rcx
	jz	.Lodd_tail

	movdqu	16(%rsi),%xmm8





	movdqu	(%rdx),%xmm3
	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245
	pxor	%xmm3,%xmm0
	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm6,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,242,0
.byte	102,15,58,68,250,17
.byte	102,15,58,68,220,0
	pxor	%xmm6,%xmm3
	pxor	%xmm7,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm7
	pxor	%xmm4,%xmm6
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	jbe	.Leven_tail

.Lmod_loop:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	movdqu	(%rdx),%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245

	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm9
	pshufd	$78,%xmm2,%xmm10
	pxor	%xmm6,%xmm9
	pxor	%xmm2,%xmm10
	pxor	%xmm3,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
.byte	102,15,58,68,242,0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1

.byte	102,15,58,68,250,17
	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0

.byte	102,69,15,58,68,202,0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	pxor	%xmm6,%xmm9
	pxor	%xmm7,%xmm9
	movdqa	%xmm9,%xmm10
	psrldq	$8,%xmm9
	pslldq	$8,%xmm10
	pxor	%xmm9,%xmm7
	pxor	%xmm10,%xmm6

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	ja	.Lmod_loop

.Leven_tail:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	testq	%rcx,%rcx
	jnz	.Ldone

.Lodd_tail:
	movdqu	(%rdx),%xmm3
.byte	102,15,56,0,221
	pxor	%xmm3,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
.Ldone:
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3
.LSEH_end_gcm_ghash_clmul:
.size	gcm_ghash_clmul,.-gcm_ghash_clmul
.align	64
.Lbswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
.L0x1c2_polynomial:
.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
.align	64
.type	.Lrem_4bit,@object
.Lrem_4bit:
.long	0,0,0,471859200,0,943718400,0,610271232
.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160
.type	.Lrem_8bit,@object
.Lrem_8bit:
.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE

.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<










































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/modes/ghash-macosx-x86_64.S.






































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
#include "x86_arch.h"
.text	

.globl	_gcm_gmult_4bit

.p2align	4
_gcm_gmult_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
L$gmult_prologue:

	movzbq	15(%rdi),%r8
	leaq	L$rem_4bit(%rip),%r11
	xorq	%rax,%rax
	xorq	%rbx,%rbx
	movb	%r8b,%al
	movb	%r8b,%bl
	shlb	$4,%al
	movq	$14,%rcx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	movq	%r8,%rdx
	jmp	L$oop1

.p2align	4
L$oop1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	movb	(%rdi,%rcx,1),%al
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	movb	%al,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	shlb	$4,%al
	xorq	%r10,%r8
	decq	%rcx
	js	L$break1

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8
	jmp	L$oop1

.p2align	4
L$break1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	xorq	%r10,%r8
	xorq	(%r11,%rdx,8),%r9

	bswapq	%r8
	bswapq	%r9
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	movq	16(%rsp),%rbx
	leaq	24(%rsp),%rsp
L$gmult_epilogue:
	.byte	0xf3,0xc3

.globl	_gcm_ghash_4bit

.p2align	4
_gcm_ghash_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$280,%rsp
L$ghash_prologue:
	movq	%rdx,%r14
	movq	%rcx,%r15
	subq	$-128,%rsi
	leaq	16+128(%rsp),%rbp
	xorl	%edx,%edx
	movq	0+0-128(%rsi),%r8
	movq	0+8-128(%rsi),%rax
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	16+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	16+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,0(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,0(%rbp)
	movq	32+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,0-128(%rbp)
	movq	32+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,1(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,8(%rbp)
	movq	48+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,8-128(%rbp)
	movq	48+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,2(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,16(%rbp)
	movq	64+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,16-128(%rbp)
	movq	64+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,3(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,24(%rbp)
	movq	80+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,24-128(%rbp)
	movq	80+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,4(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,32(%rbp)
	movq	96+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,32-128(%rbp)
	movq	96+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,5(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,40(%rbp)
	movq	112+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,40-128(%rbp)
	movq	112+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,6(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,48(%rbp)
	movq	128+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,48-128(%rbp)
	movq	128+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,7(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,56(%rbp)
	movq	144+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,56-128(%rbp)
	movq	144+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,8(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,64(%rbp)
	movq	160+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,64-128(%rbp)
	movq	160+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,9(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,72(%rbp)
	movq	176+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,72-128(%rbp)
	movq	176+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,10(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,80(%rbp)
	movq	192+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,80-128(%rbp)
	movq	192+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,11(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,88(%rbp)
	movq	208+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,88-128(%rbp)
	movq	208+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,12(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,96(%rbp)
	movq	224+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,96-128(%rbp)
	movq	224+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,13(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,104(%rbp)
	movq	240+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,104-128(%rbp)
	movq	240+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,14(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,112(%rbp)
	shlb	$4,%dl
	movq	%rax,112-128(%rbp)
	shlq	$60,%r10
	movb	%dl,15(%rsp)
	orq	%r10,%rbx
	movq	%r9,120(%rbp)
	movq	%rbx,120-128(%rbp)
	addq	$-128,%rsi
	movq	8(%rdi),%r8
	movq	0(%rdi),%r9
	addq	%r14,%r15
	leaq	L$rem_8bit(%rip),%r11
	jmp	L$outer_loop
.p2align	4
L$outer_loop:
	xorq	(%r14),%r9
	movq	8(%r14),%rdx
	leaq	16(%r14),%r14
	xorq	%r8,%rdx
	movq	%r9,(%rdi)
	movq	%rdx,8(%rdi)
	shrq	$32,%rdx
	xorq	%rax,%rax
	roll	$8,%edx
	movb	%dl,%al
	movzbl	%dl,%ebx
	shlb	$4,%al
	shrl	$4,%ebx
	roll	$8,%edx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	xorq	%r8,%r12
	movq	%r9,%r10
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	8(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	0(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	andl	$240,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	-4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	movzwq	(%r11,%r12,2),%r12
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	shlq	$48,%r12
	xorq	%r10,%r8
	xorq	%r12,%r9
	movzbq	%r8b,%r13
	shrq	$4,%r8
	movq	%r9,%r10
	shlb	$4,%r13b
	shrq	$4,%r9
	xorq	8(%rsi,%rcx,1),%r8
	movzwq	(%r11,%r13,2),%r13
	shlq	$60,%r10
	xorq	(%rsi,%rcx,1),%r9
	xorq	%r10,%r8
	shlq	$48,%r13
	bswapq	%r8
	xorq	%r13,%r9
	bswapq	%r9
	cmpq	%r15,%r14
	jb	L$outer_loop
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	leaq	280(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$ghash_epilogue:
	.byte	0xf3,0xc3

.globl	_gcm_init_clmul

.p2align	4
_gcm_init_clmul:
	movdqu	(%rsi),%xmm2
	pshufd	$78,%xmm2,%xmm2


	pshufd	$255,%xmm2,%xmm4
	movdqa	%xmm2,%xmm3
	psllq	$1,%xmm2
	pxor	%xmm5,%xmm5
	psrlq	$63,%xmm3
	pcmpgtd	%xmm4,%xmm5
	pslldq	$8,%xmm3
	por	%xmm3,%xmm2


	pand	L$0x1c2_polynomial(%rip),%xmm5
	pxor	%xmm5,%xmm2


	movdqa	%xmm2,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	movdqu	%xmm2,(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3

.globl	_gcm_gmult_clmul

.p2align	4
_gcm_gmult_clmul:
	movdqu	(%rdi),%xmm0
	movdqa	L$bswap_mask(%rip),%xmm5
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3

.globl	_gcm_ghash_clmul

.p2align	4
_gcm_ghash_clmul:
	movdqa	L$bswap_mask(%rip),%xmm5

	movdqu	(%rdi),%xmm0
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197

	subq	$16,%rcx
	jz	L$odd_tail

	movdqu	16(%rsi),%xmm8





	movdqu	(%rdx),%xmm3
	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245
	pxor	%xmm3,%xmm0
	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm6,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,242,0
.byte	102,15,58,68,250,17
.byte	102,15,58,68,220,0
	pxor	%xmm6,%xmm3
	pxor	%xmm7,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm7
	pxor	%xmm4,%xmm6
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	jbe	L$even_tail

L$mod_loop:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	movdqu	(%rdx),%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245

	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm9
	pshufd	$78,%xmm2,%xmm10
	pxor	%xmm6,%xmm9
	pxor	%xmm2,%xmm10
	pxor	%xmm3,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
.byte	102,15,58,68,242,0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1

.byte	102,15,58,68,250,17
	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0

.byte	102,69,15,58,68,202,0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	pxor	%xmm6,%xmm9
	pxor	%xmm7,%xmm9
	movdqa	%xmm9,%xmm10
	psrldq	$8,%xmm9
	pslldq	$8,%xmm10
	pxor	%xmm9,%xmm7
	pxor	%xmm10,%xmm6

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	ja	L$mod_loop

L$even_tail:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	testq	%rcx,%rcx
	jnz	L$done

L$odd_tail:
	movdqu	(%rdx),%xmm3
.byte	102,15,56,0,221
	pxor	%xmm3,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
L$done:
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3
L$SEH_end_gcm_ghash_clmul:

.p2align	6
L$bswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
L$0x1c2_polynomial:
.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
.p2align	6

L$rem_4bit:
.long	0,0,0,471859200,0,943718400,0,610271232
.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160

L$rem_8bit:
.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE

.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
Deleted jni/libressl/crypto/modes/ghash-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
.text	

.globl	_gcm_gmult_4bit

.p2align	4
_gcm_gmult_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
L$gmult_prologue:

	movzbq	15(%rdi),%r8
	leaq	L$rem_4bit(%rip),%r11
	xorq	%rax,%rax
	xorq	%rbx,%rbx
	movb	%r8b,%al
	movb	%r8b,%bl
	shlb	$4,%al
	movq	$14,%rcx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	movq	%r8,%rdx
	jmp	L$oop1

.p2align	4
L$oop1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	movb	(%rdi,%rcx,1),%al
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	movb	%al,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	shlb	$4,%al
	xorq	%r10,%r8
	decq	%rcx
	js	L$break1

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8
	jmp	L$oop1

.p2align	4
L$break1:
	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rax,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rax,1),%r9
	andb	$240,%bl
	xorq	(%r11,%rdx,8),%r9
	movq	%r8,%rdx
	xorq	%r10,%r8

	shrq	$4,%r8
	andq	$15,%rdx
	movq	%r9,%r10
	shrq	$4,%r9
	xorq	8(%rsi,%rbx,1),%r8
	shlq	$60,%r10
	xorq	(%rsi,%rbx,1),%r9
	xorq	%r10,%r8
	xorq	(%r11,%rdx,8),%r9

	bswapq	%r8
	bswapq	%r9
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	movq	16(%rsp),%rbx
	leaq	24(%rsp),%rsp
L$gmult_epilogue:
	.byte	0xf3,0xc3

.globl	_gcm_ghash_4bit

.p2align	4
_gcm_ghash_4bit:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$280,%rsp
L$ghash_prologue:
	movq	%rdx,%r14
	movq	%rcx,%r15
	subq	$-128,%rsi
	leaq	16+128(%rsp),%rbp
	xorl	%edx,%edx
	movq	0+0-128(%rsi),%r8
	movq	0+8-128(%rsi),%rax
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	16+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	16+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,0(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,0(%rbp)
	movq	32+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,0-128(%rbp)
	movq	32+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,1(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,8(%rbp)
	movq	48+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,8-128(%rbp)
	movq	48+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,2(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,16(%rbp)
	movq	64+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,16-128(%rbp)
	movq	64+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,3(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,24(%rbp)
	movq	80+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,24-128(%rbp)
	movq	80+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,4(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,32(%rbp)
	movq	96+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,32-128(%rbp)
	movq	96+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,5(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,40(%rbp)
	movq	112+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,40-128(%rbp)
	movq	112+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,6(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,48(%rbp)
	movq	128+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,48-128(%rbp)
	movq	128+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,7(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,56(%rbp)
	movq	144+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,56-128(%rbp)
	movq	144+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,8(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,64(%rbp)
	movq	160+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,64-128(%rbp)
	movq	160+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,9(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,72(%rbp)
	movq	176+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,72-128(%rbp)
	movq	176+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,10(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,80(%rbp)
	movq	192+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,80-128(%rbp)
	movq	192+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,11(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,88(%rbp)
	movq	208+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,88-128(%rbp)
	movq	208+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,12(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,96(%rbp)
	movq	224+0-128(%rsi),%r8
	shlb	$4,%dl
	movq	%rax,96-128(%rbp)
	movq	224+8-128(%rsi),%rax
	shlq	$60,%r10
	movb	%dl,13(%rsp)
	orq	%r10,%rbx
	movb	%al,%dl
	shrq	$4,%rax
	movq	%r8,%r10
	shrq	$4,%r8
	movq	%r9,104(%rbp)
	movq	240+0-128(%rsi),%r9
	shlb	$4,%dl
	movq	%rbx,104-128(%rbp)
	movq	240+8-128(%rsi),%rbx
	shlq	$60,%r10
	movb	%dl,14(%rsp)
	orq	%r10,%rax
	movb	%bl,%dl
	shrq	$4,%rbx
	movq	%r9,%r10
	shrq	$4,%r9
	movq	%r8,112(%rbp)
	shlb	$4,%dl
	movq	%rax,112-128(%rbp)
	shlq	$60,%r10
	movb	%dl,15(%rsp)
	orq	%r10,%rbx
	movq	%r9,120(%rbp)
	movq	%rbx,120-128(%rbp)
	addq	$-128,%rsi
	movq	8(%rdi),%r8
	movq	0(%rdi),%r9
	addq	%r14,%r15
	leaq	L$rem_8bit(%rip),%r11
	jmp	L$outer_loop
.p2align	4
L$outer_loop:
	xorq	(%r14),%r9
	movq	8(%r14),%rdx
	leaq	16(%r14),%r14
	xorq	%r8,%rdx
	movq	%r9,(%rdi)
	movq	%rdx,8(%rdi)
	shrq	$32,%rdx
	xorq	%rax,%rax
	roll	$8,%edx
	movb	%dl,%al
	movzbl	%dl,%ebx
	shlb	$4,%al
	shrl	$4,%ebx
	roll	$8,%edx
	movq	8(%rsi,%rax,1),%r8
	movq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	xorq	%r8,%r12
	movq	%r9,%r10
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	8(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	0(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	shrl	$4,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r12,2),%r12
	movzbl	%dl,%ebx
	shlb	$4,%al
	movzbq	(%rsp,%rcx,1),%r13
	shrl	$4,%ebx
	shlq	$48,%r12
	xorq	%r8,%r13
	movq	%r9,%r10
	xorq	%r12,%r9
	shrq	$8,%r8
	movzbq	%r13b,%r13
	shrq	$8,%r9
	xorq	-128(%rbp,%rcx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rcx,8),%r9
	roll	$8,%edx
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	movb	%dl,%al
	xorq	%r10,%r8
	movzwq	(%r11,%r13,2),%r13
	movzbl	%dl,%ecx
	shlb	$4,%al
	movzbq	(%rsp,%rbx,1),%r12
	andl	$240,%ecx
	shlq	$48,%r13
	xorq	%r8,%r12
	movq	%r9,%r10
	xorq	%r13,%r9
	shrq	$8,%r8
	movzbq	%r12b,%r12
	movl	-4(%rdi),%edx
	shrq	$8,%r9
	xorq	-128(%rbp,%rbx,8),%r8
	shlq	$56,%r10
	xorq	(%rbp,%rbx,8),%r9
	movzwq	(%r11,%r12,2),%r12
	xorq	8(%rsi,%rax,1),%r8
	xorq	(%rsi,%rax,1),%r9
	shlq	$48,%r12
	xorq	%r10,%r8
	xorq	%r12,%r9
	movzbq	%r8b,%r13
	shrq	$4,%r8
	movq	%r9,%r10
	shlb	$4,%r13b
	shrq	$4,%r9
	xorq	8(%rsi,%rcx,1),%r8
	movzwq	(%r11,%r13,2),%r13
	shlq	$60,%r10
	xorq	(%rsi,%rcx,1),%r9
	xorq	%r10,%r8
	shlq	$48,%r13
	bswapq	%r8
	xorq	%r13,%r9
	bswapq	%r9
	cmpq	%r15,%r14
	jb	L$outer_loop
	movq	%r8,8(%rdi)
	movq	%r9,(%rdi)

	leaq	280(%rsp),%rsi
	movq	0(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$ghash_epilogue:
	.byte	0xf3,0xc3

.globl	_gcm_init_clmul

.p2align	4
_gcm_init_clmul:
	movdqu	(%rsi),%xmm2
	pshufd	$78,%xmm2,%xmm2


	pshufd	$255,%xmm2,%xmm4
	movdqa	%xmm2,%xmm3
	psllq	$1,%xmm2
	pxor	%xmm5,%xmm5
	psrlq	$63,%xmm3
	pcmpgtd	%xmm4,%xmm5
	pslldq	$8,%xmm3
	por	%xmm3,%xmm2


	pand	L$0x1c2_polynomial(%rip),%xmm5
	pxor	%xmm5,%xmm2


	movdqa	%xmm2,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	movdqu	%xmm2,(%rdi)
	movdqu	%xmm0,16(%rdi)
	.byte	0xf3,0xc3

.globl	_gcm_gmult_clmul

.p2align	4
_gcm_gmult_clmul:
	movdqu	(%rdi),%xmm0
	movdqa	L$bswap_mask(%rip),%xmm5
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3

.globl	_gcm_ghash_clmul

.p2align	4
_gcm_ghash_clmul:
	movdqa	L$bswap_mask(%rip),%xmm5

	movdqu	(%rdi),%xmm0
	movdqu	(%rsi),%xmm2
.byte	102,15,56,0,197

	subq	$16,%rcx
	jz	L$odd_tail

	movdqu	16(%rsi),%xmm8





	movdqu	(%rdx),%xmm3
	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245
	pxor	%xmm3,%xmm0
	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm6,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,242,0
.byte	102,15,58,68,250,17
.byte	102,15,58,68,220,0
	pxor	%xmm6,%xmm3
	pxor	%xmm7,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm7
	pxor	%xmm4,%xmm6
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	jbe	L$even_tail

L$mod_loop:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	movdqu	(%rdx),%xmm3
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqu	16(%rdx),%xmm6
.byte	102,15,56,0,221
.byte	102,15,56,0,245

	movdqa	%xmm6,%xmm7
	pshufd	$78,%xmm6,%xmm9
	pshufd	$78,%xmm2,%xmm10
	pxor	%xmm6,%xmm9
	pxor	%xmm2,%xmm10
	pxor	%xmm3,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
.byte	102,15,58,68,242,0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1

.byte	102,15,58,68,250,17
	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0

.byte	102,69,15,58,68,202,0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm8,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm8,%xmm4

	pxor	%xmm6,%xmm9
	pxor	%xmm7,%xmm9
	movdqa	%xmm9,%xmm10
	psrldq	$8,%xmm9
	pslldq	$8,%xmm10
	pxor	%xmm9,%xmm7
	pxor	%xmm10,%xmm6

	leaq	32(%rdx),%rdx
	subq	$32,%rcx
	ja	L$mod_loop

L$even_tail:
.byte	102,65,15,58,68,192,0
.byte	102,65,15,58,68,200,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0
	pxor	%xmm6,%xmm0
	pxor	%xmm7,%xmm1

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	testq	%rcx,%rcx
	jnz	L$done

L$odd_tail:
	movdqu	(%rdx),%xmm3
.byte	102,15,56,0,221
	pxor	%xmm3,%xmm0
	movdqa	%xmm0,%xmm1
	pshufd	$78,%xmm0,%xmm3
	pshufd	$78,%xmm2,%xmm4
	pxor	%xmm0,%xmm3
	pxor	%xmm2,%xmm4
.byte	102,15,58,68,194,0
.byte	102,15,58,68,202,17
.byte	102,15,58,68,220,0
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3

	movdqa	%xmm3,%xmm4
	psrldq	$8,%xmm3
	pslldq	$8,%xmm4
	pxor	%xmm3,%xmm1
	pxor	%xmm4,%xmm0

	movdqa	%xmm0,%xmm3
	psllq	$1,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$5,%xmm0
	pxor	%xmm3,%xmm0
	psllq	$57,%xmm0
	movdqa	%xmm0,%xmm4
	pslldq	$8,%xmm0
	psrldq	$8,%xmm4
	pxor	%xmm3,%xmm0
	pxor	%xmm4,%xmm1


	movdqa	%xmm0,%xmm4
	psrlq	$5,%xmm0
	pxor	%xmm4,%xmm0
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
	pxor	%xmm1,%xmm4
	psrlq	$1,%xmm0
	pxor	%xmm4,%xmm0
L$done:
.byte	102,15,56,0,197
	movdqu	%xmm0,(%rdi)
	.byte	0xf3,0xc3
L$SEH_end_gcm_ghash_clmul:

.p2align	6
L$bswap_mask:
.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
L$0x1c2_polynomial:
.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
.p2align	6

L$rem_4bit:
.long	0,0,0,471859200,0,943718400,0,610271232
.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160

L$rem_8bit:
.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE

.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/modes/modes_lcl.h.
1
2
3
4
5
6
7
8
9
10
11
12
13


14
15
16
17
18
19
20
/* $OpenBSD: modes_lcl.h,v 1.7 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use is governed by OpenSSL license.
 * ====================================================================
 */

#include <machine/endian.h>

#include <openssl/opensslconf.h>

#include <openssl/modes.h>



#if defined(_LP64)
typedef long i64;
typedef unsigned long u64;
#define U64(C) C##UL
#else
typedef long long i64;
|












>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* $OpenBSD: modes_lcl.h,v 1.10 2016/12/21 15:49:29 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use is governed by OpenSSL license.
 * ====================================================================
 */

#include <machine/endian.h>

#include <openssl/opensslconf.h>

#include <openssl/modes.h>

__BEGIN_HIDDEN_DECLS

#if defined(_LP64)
typedef long i64;
typedef unsigned long u64;
#define U64(C) C##UL
#else
typedef long long i64;
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# if defined(__x86_64) || defined(__x86_64__)
#  define BSWAP8(x) ({	u64 ret=(x);			\
			asm ("bswapq %0"		\
			: "+r"(ret));	ret;		})
#  define BSWAP4(x) ({	u32 ret=(x);			\
			asm ("bswapl %0"		\
			: "+r"(ret));	ret;		})
# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
			asm ("bswapl %0; bswapl %1"	\
			: "+r"(hi),"+r"(lo));		\
			(u64)hi<<32|lo;			})
#  define BSWAP4(x) ({	u32 ret=(x);			\
			asm ("bswapl %0"		\
			: "+r"(ret));	ret;		})







|







32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# if defined(__x86_64) || defined(__x86_64__)
#  define BSWAP8(x) ({	u64 ret=(x);			\
			asm ("bswapq %0"		\
			: "+r"(ret));	ret;		})
#  define BSWAP4(x) ({	u32 ret=(x);			\
			asm ("bswapl %0"		\
			: "+r"(ret));	ret;		})
# elif (defined(__i386) || defined(__i386__))
#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
			asm ("bswapl %0; bswapl %1"	\
			: "+r"(hi),"+r"(lo));		\
			(u64)hi<<32|lo;			})
#  define BSWAP4(x) ({	u32 ret=(x);			\
			asm ("bswapl %0"		\
			: "+r"(ret));	ret;		})
102
103
104
105
106
107
108

struct ccm128_context {
	union { u64 u[2]; u8 c[16]; } nonce, cmac;
	u64 blocks;
	block128_f block;
	void *key;
};









>
104
105
106
107
108
109
110
111
struct ccm128_context {
	union { u64 u[2]; u8 c[16]; } nonce, cmac;
	u64 blocks;
	block128_f block;
	void *key;
};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/modes/ofb128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ofb128.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ofb128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/modes/xts128.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: xts128.c,v 1.5 2014/07/09 16:06:13 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: xts128.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/o_init.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Ted Unangst places this file in the public domain. */

#include <openssl/crypto.h>

void
OPENSSL_init(void)
{
|







1
2
3
4
5
6
7
8
/* $OpenBSD: o_init.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */
/* Ted Unangst places this file in the public domain. */

#include <openssl/crypto.h>

void
OPENSSL_init(void)
{
Changes to jni/libressl/crypto/o_str.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: o_str.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */
/*
 * Written by Theo de Raadt.  Public domain.
 */

#include <string.h>

int OPENSSL_strcasecmp(const char *str1, const char *str2);
|







1
2
3
4
5
6
7
8
/* $OpenBSD: o_str.c,v 1.9 2014/07/09 20:22:14 tedu Exp $ */
/*
 * Written by Theo de Raadt.  Public domain.
 */

#include <string.h>

int OPENSSL_strcasecmp(const char *str1, const char *str2);
Changes to jni/libressl/crypto/o_time.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2008.
 */
/* ====================================================================
|







1
2
3
4
5
6
7
8
/* $OpenBSD: o_time.c,v 1.15 2014/06/12 15:49:27 deraadt Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2008.
 */
/* ====================================================================
Changes to jni/libressl/crypto/o_time.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: o_time.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
56
57
58
59
60
61
62
63


64
65


66
 *
 */

#ifndef HEADER_O_TIME_H
#define HEADER_O_TIME_H

#include <time.h>



int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);



#endif








>
>


>
>

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 *
 */

#ifndef HEADER_O_TIME_H
#define HEADER_O_TIME_H

#include <time.h>

__BEGIN_HIDDEN_DECLS

int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);

__END_HIDDEN_DECLS

#endif
Changes to jni/libressl/crypto/objects/o_names.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/* $OpenBSD: o_names.c,v 1.20 2015/02/10 11:22:21 jsing Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/safestack.h>
|



<
<
<







1
2
3
4



5
6
7
8
9
10
11
/* $OpenBSD: o_names.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>




#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/safestack.h>
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
		return (0);

	ret = names_type_num;
	names_type_num++;
	for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
		name_funcs = malloc(sizeof(NAME_FUNCS));
		if (!name_funcs) {
			OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
			return (0);
		}
		name_funcs->hash_func = lh_strhash;
		name_funcs->cmp_func = strcmp;
		name_funcs->free_func = NULL;
		if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) {
			free(name_funcs);
			OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}
	name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
	if (hash_func != NULL)
		name_funcs->hash_func = hash_func;
	if (cmp_func != NULL)







|







|







63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
		return (0);

	ret = names_type_num;
	names_type_num++;
	for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
		name_funcs = malloc(sizeof(NAME_FUNCS));
		if (!name_funcs) {
			OBJerror(ERR_R_MALLOC_FAILURE);
			return (0);
		}
		name_funcs->hash_func = lh_strhash;
		name_funcs->cmp_func = strcmp;
		name_funcs->free_func = NULL;
		if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) {
			free(name_funcs);
			OBJerror(ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}
	name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
	if (hash_func != NULL)
		name_funcs->hash_func = hash_func;
	if (cmp_func != NULL)
Changes to jni/libressl/crypto/objects/obj_dat.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: obj_dat.c,v 1.35 2015/10/14 21:54:10 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: obj_dat.c,v 1.39 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
68
69
70
71
72
73
74
75


76


77


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97




98










99
100
101
102
103
104




105










106
107
108
109
110
111
112
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>

/* obj_dat.h is generated from objects.h by obj_dat.pl */
#include "obj_dat.h"

DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);


DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);


DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);



#define ADDED_DATA	0
#define ADDED_SNAME	1
#define ADDED_LNAME	2
#define ADDED_NID	3

typedef struct added_obj_st {
	int type;
	ASN1_OBJECT *obj;
} ADDED_OBJ;
DECLARE_LHASH_OF(ADDED_OBJ);

static int new_nid = NUM_NID;
static LHASH_OF(ADDED_OBJ) *added = NULL;

static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{
	return (strcmp((*a)->sn, nid_objs[*b].sn));
}





IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);











static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{
	return (strcmp((*a)->ln, nid_objs[*b].ln));
}





IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);











static unsigned long
added_obj_hash(const ADDED_OBJ *ca)
{
	const ASN1_OBJECT *a;
	int i;
	unsigned long ret = 0;







|
>
>
|
>
>
|
>
>




















>
>
>
>
|
>
>
>
>
>
>
>
>
>
>






>
>
>
>
|
>
>
>
>
>
>
>
>
>
>







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>

/* obj_dat.h is generated from objects.h by obj_dat.pl */
#include "obj_dat.h"

static int sn_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int sn_cmp(const ASN1_OBJECT * const *, unsigned int const *);
static unsigned int *OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num);
static int ln_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int ln_cmp(const ASN1_OBJECT * const *, unsigned int const *);
static unsigned int *OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num);
static int obj_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int obj_cmp(const ASN1_OBJECT * const *, unsigned int const *);
static unsigned int *OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num);

#define ADDED_DATA	0
#define ADDED_SNAME	1
#define ADDED_LNAME	2
#define ADDED_NID	3

typedef struct added_obj_st {
	int type;
	ASN1_OBJECT *obj;
} ADDED_OBJ;
DECLARE_LHASH_OF(ADDED_OBJ);

static int new_nid = NUM_NID;
static LHASH_OF(ADDED_OBJ) *added = NULL;

static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{
	return (strcmp((*a)->sn, nid_objs[*b].sn));
}


static int
sn_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const ASN1_OBJECT * const *a = a_;
	unsigned int const *b = b_;
	return sn_cmp(a, b);
}

static unsigned int *
OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num)
{
	return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int),
	    sn_cmp_BSEARCH_CMP_FN);
}

static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{
	return (strcmp((*a)->ln, nid_objs[*b].ln));
}


static int
ln_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const ASN1_OBJECT * const *a = a_;
	unsigned int const *b = b_;
	return ln_cmp(a, b);
}

static unsigned int *
OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num)
{
	return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int),
	    ln_cmp_BSEARCH_CMP_FN);
}

static unsigned long
added_obj_hash(const ADDED_OBJ *ca)
{
	const ASN1_OBJECT *a;
	int i;
	unsigned long ret = 0;
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402




403










404
405
406
407
408
409
410
	o->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC |
	    ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
	    ASN1_OBJECT_FLAG_DYNAMIC_DATA);

	return (o->nid);

err2:
	OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
err:
	for (i = ADDED_DATA; i <= ADDED_NID; i++)
		free(ao[i]);
	free(o);
	return (NID_undef);
}

ASN1_OBJECT *
OBJ_nid2obj(int n)
{
	ADDED_OBJ ad, *adp;
	ASN1_OBJECT ob;

	if ((n >= 0) && (n < NUM_NID)) {
		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
			OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
		return ((ASN1_OBJECT *)&(nid_objs[n]));
	} else if (added == NULL)
		return (NULL);
	else {
		ad.type = ADDED_NID;
		ad.obj = &ob;
		ob.nid = n;
		adp = lh_ADDED_OBJ_retrieve(added, &ad);
		if (adp != NULL)
			return (adp->obj);
		else {
			OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
	}
}

const char *
OBJ_nid2sn(int n)
{
	ADDED_OBJ ad, *adp;
	ASN1_OBJECT ob;

	if ((n >= 0) && (n < NUM_NID)) {
		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
			OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
		return (nid_objs[n].sn);
	} else if (added == NULL)
		return (NULL);
	else {
		ad.type = ADDED_NID;
		ad.obj = &ob;
		ob.nid = n;
		adp = lh_ADDED_OBJ_retrieve(added, &ad);
		if (adp != NULL)
			return (adp->obj->sn);
		else {
			OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
	}
}

const char *
OBJ_nid2ln(int n)
{
	ADDED_OBJ ad, *adp;
	ASN1_OBJECT ob;

	if ((n >= 0) && (n < NUM_NID)) {
		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
			OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
		return (nid_objs[n].ln);
	} else if (added == NULL)
		return (NULL);
	else {
		ad.type = ADDED_NID;
		ad.obj = &ob;
		ob.nid = n;
		adp = lh_ADDED_OBJ_retrieve(added, &ad);
		if (adp != NULL)
			return (adp->obj->ln);
		else {
			OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
	}
}

static int
obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
{
	int j;
	const ASN1_OBJECT *a= *ap;
	const ASN1_OBJECT *b = &nid_objs[*bp];

	j = (a->length - b->length);
	if (j)
		return (j);
	return (memcmp(a->data, b->data, a->length));
}





IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);











int
OBJ_obj2nid(const ASN1_OBJECT *a)
{
	const unsigned int *op;
	ADDED_OBJ ad, *adp;








|















|













|













|













|













|













|


















>
>
>
>
|
>
>
>
>
>
>
>
>
>
>







325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
	o->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC |
	    ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
	    ASN1_OBJECT_FLAG_DYNAMIC_DATA);

	return (o->nid);

err2:
	OBJerror(ERR_R_MALLOC_FAILURE);
err:
	for (i = ADDED_DATA; i <= ADDED_NID; i++)
		free(ao[i]);
	free(o);
	return (NID_undef);
}

ASN1_OBJECT *
OBJ_nid2obj(int n)
{
	ADDED_OBJ ad, *adp;
	ASN1_OBJECT ob;

	if ((n >= 0) && (n < NUM_NID)) {
		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
			OBJerror(OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
		return ((ASN1_OBJECT *)&(nid_objs[n]));
	} else if (added == NULL)
		return (NULL);
	else {
		ad.type = ADDED_NID;
		ad.obj = &ob;
		ob.nid = n;
		adp = lh_ADDED_OBJ_retrieve(added, &ad);
		if (adp != NULL)
			return (adp->obj);
		else {
			OBJerror(OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
	}
}

const char *
OBJ_nid2sn(int n)
{
	ADDED_OBJ ad, *adp;
	ASN1_OBJECT ob;

	if ((n >= 0) && (n < NUM_NID)) {
		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
			OBJerror(OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
		return (nid_objs[n].sn);
	} else if (added == NULL)
		return (NULL);
	else {
		ad.type = ADDED_NID;
		ad.obj = &ob;
		ob.nid = n;
		adp = lh_ADDED_OBJ_retrieve(added, &ad);
		if (adp != NULL)
			return (adp->obj->sn);
		else {
			OBJerror(OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
	}
}

const char *
OBJ_nid2ln(int n)
{
	ADDED_OBJ ad, *adp;
	ASN1_OBJECT ob;

	if ((n >= 0) && (n < NUM_NID)) {
		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
			OBJerror(OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
		return (nid_objs[n].ln);
	} else if (added == NULL)
		return (NULL);
	else {
		ad.type = ADDED_NID;
		ad.obj = &ob;
		ob.nid = n;
		adp = lh_ADDED_OBJ_retrieve(added, &ad);
		if (adp != NULL)
			return (adp->obj->ln);
		else {
			OBJerror(OBJ_R_UNKNOWN_NID);
			return (NULL);
		}
	}
}

static int
obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
{
	int j;
	const ASN1_OBJECT *a= *ap;
	const ASN1_OBJECT *b = &nid_objs[*bp];

	j = (a->length - b->length);
	if (j)
		return (j);
	return (memcmp(a->data, b->data, a->length));
}


static int
obj_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const ASN1_OBJECT * const *a = a_;
	unsigned int const *b = b_;
	return obj_cmp(a, b);
}

static unsigned int *
OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num)
{
	return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int),
	    obj_cmp_BSEARCH_CMP_FN);
}

int
OBJ_obj2nid(const ASN1_OBJECT *a)
{
	const unsigned int *op;
	ADDED_OBJ ad, *adp;

548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
				*buf++ = i + '0';
				*buf = '\0';
				buf_len--;
			}
			ret++;
		}

		if (buf_len <= 0) {
			ret = 0;
			goto out;
		}
		if (use_bn) {
			char *bndec;

			bndec = BN_bn2dec(bl);
			if (!bndec)
				goto err;
			i = snprintf(buf, buf_len, ".%s", bndec);







<
<
<
<







596
597
598
599
600
601
602




603
604
605
606
607
608
609
				*buf++ = i + '0';
				*buf = '\0';
				buf_len--;
			}
			ret++;
		}





		if (use_bn) {
			char *bndec;

			bndec = BN_bn2dec(bl);
			if (!bndec)
				goto err;
			i = snprintf(buf, buf_len, ".%s", bndec);
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
	int i;

	i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
	if (i <= 0)
		return (0);

	if ((buf = malloc(i)) == NULL) {
		OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	i = a2d_ASN1_OBJECT(buf, i, oid, -1);
	if (i == 0)
		goto err;
	op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
	if (op == NULL)







|







795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
	int i;

	i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
	if (i <= 0)
		return (0);

	if ((buf = malloc(i)) == NULL) {
		OBJerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	i = a2d_ASN1_OBJECT(buf, i, oid, -1);
	if (i == 0)
		goto err;
	op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
	if (op == NULL)
Changes to jni/libressl/crypto/objects/obj_dat.h.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#define NUM_NID 950
#define NUM_SN 943
#define NUM_LN 943
#define NUM_OBJ 884

static const unsigned char lvalues[6199]={
0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */







|
|
|
|

|







58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#define NUM_NID 956
#define NUM_SN 949
#define NUM_LN 949
#define NUM_OBJ 890

static const unsigned char lvalues[6217]={
0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
942
943
944
945
946
947
948






949
950
951
952
953
954
955
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,/* [6139] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,/* [6148] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,/* [6157] OBJ_id_tc26_gost_28147_param_Z */
0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,     /* [6166] OBJ_id_tc26_gost3410_2012_256 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,     /* [6174] OBJ_id_tc26_gost3410_2012_512 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,     /* [6182] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,     /* [6190] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */






};

static const ASN1_OBJECT nid_objs[NUM_NID]={
{"UNDEF","undefined",NID_undef,0,NULL,0},
{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
{"MD2","md2",NID_md2,8,&(lvalues[13]),0},







>
>
>
>
>
>







942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,/* [6139] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,/* [6148] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,/* [6157] OBJ_id_tc26_gost_28147_param_Z */
0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,     /* [6166] OBJ_id_tc26_gost3410_2012_256 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,     /* [6174] OBJ_id_tc26_gost3410_2012_512 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,     /* [6182] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,     /* [6190] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
0x2B,0x65,0x6E,                              /* [6198] OBJ_X25519 */
0x2B,0x65,0x6F,                              /* [6201] OBJ_X448 */
0x2B,0x65,0x70,                              /* [6204] OBJ_Ed25519 */
0x2B,0x65,0x71,                              /* [6207] OBJ_Ed448 */
0x2B,0x65,0x72,                              /* [6210] OBJ_Ed25519ph */
0x2B,0x65,0x73,                              /* [6213] OBJ_Ed448ph */
};

static const ASN1_OBJECT nid_objs[NUM_NID]={
{"UNDEF","undefined",NID_undef,0,NULL,0},
{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
	&(lvalues[5081]),0},
{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
	&(lvalues[5089]),0},
{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
	&(lvalues[5097]),0},
{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
	NID_subject_directory_attributes,3,&(lvalues[5105]),0},
{"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
	NID_issuing_distribution_point,3,&(lvalues[5108]),0},
{"certificateIssuer","X509v3 Certificate Issuer",
	NID_certificate_issuer,3,&(lvalues[5111]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{NULL,NULL,NID_undef,0,NULL,0},







|







2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
	&(lvalues[5081]),0},
{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
	&(lvalues[5089]),0},
{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
	&(lvalues[5097]),0},
{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
	NID_subject_directory_attributes,3,&(lvalues[5105]),0},
{"issuingDistributionPoint","X509v3 Issuing Distribution Point",
	NID_issuing_distribution_point,3,&(lvalues[5108]),0},
{"certificateIssuer","X509v3 Certificate Issuer",
	NID_certificate_issuer,3,&(lvalues[5111]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{NULL,NULL,NID_undef,0,NULL,0},
2479
2480
2481
2482
2483
2484
2485






2486
2487
2488
2489
2490
2491
2492
	NID_id_tc26_gost3410_2012_512,8,&(lvalues[6174]),0},
{"id-tc26-signwithdigest-gost3410-2012-256",
	"GOST R 34.11-2012 with GOST R 34.10-2012 (256 bit)",
	NID_id_tc26_signwithdigest_gost3410_2012_256,8,&(lvalues[6182]),0},
{"id-tc26-signwithdigest-gost3410-2012-512",
	"GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)",
	NID_id_tc26_signwithdigest_gost3410_2012_512,8,&(lvalues[6190]),0},






};

static const unsigned int sn_objs[NUM_SN]={
364,	/* "AD_DVCS" */
419,	/* "AES-128-CBC" */
916,	/* "AES-128-CBC-HMAC-SHA1" */
421,	/* "AES-128-CFB" */







>
>
>
>
>
>







2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
	NID_id_tc26_gost3410_2012_512,8,&(lvalues[6174]),0},
{"id-tc26-signwithdigest-gost3410-2012-256",
	"GOST R 34.11-2012 with GOST R 34.10-2012 (256 bit)",
	NID_id_tc26_signwithdigest_gost3410_2012_256,8,&(lvalues[6182]),0},
{"id-tc26-signwithdigest-gost3410-2012-512",
	"GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)",
	NID_id_tc26_signwithdigest_gost3410_2012_512,8,&(lvalues[6190]),0},
{"X25519","X25519",NID_X25519,3,&(lvalues[6198]),0},
{"X448","X448",NID_X448,3,&(lvalues[6201]),0},
{"Ed25519","Ed25519",NID_Ed25519,3,&(lvalues[6204]),0},
{"Ed448","Ed448",NID_Ed448,3,&(lvalues[6207]),0},
{"Ed25519ph","Ed25519ph",NID_Ed25519ph,3,&(lvalues[6210]),0},
{"Ed448ph","Ed448ph",NID_Ed448ph,3,&(lvalues[6213]),0},
};

static const unsigned int sn_objs[NUM_SN]={
364,	/* "AD_DVCS" */
419,	/* "AES-128-CBC" */
916,	/* "AES-128-CBC-HMAC-SHA1" */
421,	/* "AES-128-CFB" */
2568
2569
2570
2571
2572
2573
2574




2575
2576
2577
2578
2579
2580
2581
380,	/* "DOD" */
116,	/* "DSA" */
66,	/* "DSA-SHA" */
113,	/* "DSA-SHA1" */
70,	/* "DSA-SHA1-old" */
67,	/* "DSA-old" */
297,	/* "DVCS" */




936,	/* "FRP256v1" */
99,	/* "GN" */
855,	/* "HMAC" */
780,	/* "HMAC-MD5" */
781,	/* "HMAC-SHA1" */
381,	/* "IANA" */
34,	/* "IDEA-CBC" */







>
>
>
>







2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
380,	/* "DOD" */
116,	/* "DSA" */
66,	/* "DSA-SHA" */
113,	/* "DSA-SHA1" */
70,	/* "DSA-SHA1-old" */
67,	/* "DSA-old" */
297,	/* "DVCS" */
952,	/* "Ed25519" */
954,	/* "Ed25519ph" */
953,	/* "Ed448" */
955,	/* "Ed448ph" */
936,	/* "FRP256v1" */
99,	/* "GN" */
855,	/* "HMAC" */
780,	/* "HMAC-MD5" */
781,	/* "HMAC-SHA1" */
381,	/* "IANA" */
34,	/* "IDEA-CBC" */
2667
2668
2669
2670
2671
2672
2673


2674
2675
2676
2677
2678
2679
2680
188,	/* "SMIME" */
167,	/* "SMIME-CAPS" */
100,	/* "SN" */
16,	/* "ST" */
143,	/* "SXNetID" */
458,	/* "UID" */
 0,	/* "UNDEF" */


11,	/* "X500" */
378,	/* "X500algorithms" */
12,	/* "X509" */
184,	/* "X9-57" */
185,	/* "X9cm" */
125,	/* "ZLIB" */
478,	/* "aRecord" */







>
>







2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
188,	/* "SMIME" */
167,	/* "SMIME-CAPS" */
100,	/* "SN" */
16,	/* "ST" */
143,	/* "SXNetID" */
458,	/* "UID" */
 0,	/* "UNDEF" */
950,	/* "X25519" */
951,	/* "X448" */
11,	/* "X500" */
378,	/* "X500algorithms" */
12,	/* "X509" */
184,	/* "X9-57" */
185,	/* "X9cm" */
125,	/* "ZLIB" */
478,	/* "aRecord" */
3443
3444
3445
3446
3447
3448
3449




3450
3451
3452
3453
3454
3455
3456
179,	/* "CA Issuers" */
785,	/* "CA Repository" */
131,	/* "Code Signing" */
783,	/* "Diffie-Hellman based MAC" */
382,	/* "Directory" */
392,	/* "Domain" */
132,	/* "E-mail Protection" */




389,	/* "Enterprises" */
384,	/* "Experimental" */
372,	/* "Extended OCSP Status" */
172,	/* "Extension Request" */
936,	/* "FRP256v1" */
813,	/* "GOST 28147-89" */
849,	/* "GOST 28147-89 Cryptocom ParamSet" */







>
>
>
>







3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
179,	/* "CA Issuers" */
785,	/* "CA Repository" */
131,	/* "Code Signing" */
783,	/* "Diffie-Hellman based MAC" */
382,	/* "Directory" */
392,	/* "Domain" */
132,	/* "E-mail Protection" */
952,	/* "Ed25519" */
954,	/* "Ed25519ph" */
953,	/* "Ed448" */
955,	/* "Ed448ph" */
389,	/* "Enterprises" */
384,	/* "Experimental" */
372,	/* "Extended OCSP Status" */
172,	/* "Extension Request" */
936,	/* "FRP256v1" */
813,	/* "GOST 28147-89" */
849,	/* "GOST 28147-89 Cryptocom ParamSet" */
3543
3544
3545
3546
3547
3548
3549


3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
394,	/* "Selected Attribute Types" */
143,	/* "Strong Extranet ID" */
398,	/* "Subject Information Access" */
130,	/* "TLS Web Client Authentication" */
129,	/* "TLS Web Server Authentication" */
133,	/* "Time Stamping" */
375,	/* "Trust Root" */


12,	/* "X509" */
402,	/* "X509v3 AC Targeting" */
746,	/* "X509v3 Any Policy" */
90,	/* "X509v3 Authority Key Identifier" */
87,	/* "X509v3 Basic Constraints" */
103,	/* "X509v3 CRL Distribution Points" */
88,	/* "X509v3 CRL Number" */
141,	/* "X509v3 CRL Reason Code" */
771,	/* "X509v3 Certificate Issuer" */
89,	/* "X509v3 Certificate Policies" */
140,	/* "X509v3 Delta CRL Indicator" */
126,	/* "X509v3 Extended Key Usage" */
857,	/* "X509v3 Freshest CRL" */
748,	/* "X509v3 Inhibit Any Policy" */
86,	/* "X509v3 Issuer Alternative Name" */
770,	/* "X509v3 Issuing Distrubution Point" */
83,	/* "X509v3 Key Usage" */
666,	/* "X509v3 Name Constraints" */
403,	/* "X509v3 No Revocation Available" */
401,	/* "X509v3 Policy Constraints" */
747,	/* "X509v3 Policy Mappings" */
84,	/* "X509v3 Private Key Usage Period" */
85,	/* "X509v3 Subject Alternative Name" */







>
>















|







3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
394,	/* "Selected Attribute Types" */
143,	/* "Strong Extranet ID" */
398,	/* "Subject Information Access" */
130,	/* "TLS Web Client Authentication" */
129,	/* "TLS Web Server Authentication" */
133,	/* "Time Stamping" */
375,	/* "Trust Root" */
950,	/* "X25519" */
951,	/* "X448" */
12,	/* "X509" */
402,	/* "X509v3 AC Targeting" */
746,	/* "X509v3 Any Policy" */
90,	/* "X509v3 Authority Key Identifier" */
87,	/* "X509v3 Basic Constraints" */
103,	/* "X509v3 CRL Distribution Points" */
88,	/* "X509v3 CRL Number" */
141,	/* "X509v3 CRL Reason Code" */
771,	/* "X509v3 Certificate Issuer" */
89,	/* "X509v3 Certificate Policies" */
140,	/* "X509v3 Delta CRL Indicator" */
126,	/* "X509v3 Extended Key Usage" */
857,	/* "X509v3 Freshest CRL" */
748,	/* "X509v3 Inhibit Any Policy" */
86,	/* "X509v3 Issuer Alternative Name" */
770,	/* "X509v3 Issuing Distribution Point" */
83,	/* "X509v3 Key Usage" */
666,	/* "X509v3 Name Constraints" */
403,	/* "X509v3 No Revocation Available" */
401,	/* "X509v3 Policy Constraints" */
747,	/* "X509v3 Policy Mappings" */
84,	/* "X509v3 Private Key Usage Period" */
85,	/* "X509v3 Subject Alternative Name" */
4396
4397
4398
4399
4400
4401
4402






4403
4404
4405
4406
4407
4408
4409
378,	/* OBJ_X500algorithms               2 5 8 */
81,	/* OBJ_id_ce                        2 5 29 */
512,	/* OBJ_id_set                       2 23 42 */
678,	/* OBJ_wap                          2 23 43 */
435,	/* OBJ_pss                          0 9 2342 */
183,	/* OBJ_ISO_US                       1 2 840 */
381,	/* OBJ_iana                         1 3 6 1 */






677,	/* OBJ_certicom_arc                 1 3 132 */
394,	/* OBJ_selected_attribute_types     2 5 1 5 */
13,	/* OBJ_commonName                   2 5 4 3 */
100,	/* OBJ_surname                      2 5 4 4 */
105,	/* OBJ_serialNumber                 2 5 4 5 */
14,	/* OBJ_countryName                  2 5 4 6 */
15,	/* OBJ_localityName                 2 5 4 7 */







>
>
>
>
>
>







4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
378,	/* OBJ_X500algorithms               2 5 8 */
81,	/* OBJ_id_ce                        2 5 29 */
512,	/* OBJ_id_set                       2 23 42 */
678,	/* OBJ_wap                          2 23 43 */
435,	/* OBJ_pss                          0 9 2342 */
183,	/* OBJ_ISO_US                       1 2 840 */
381,	/* OBJ_iana                         1 3 6 1 */
950,	/* OBJ_X25519                       1 3 101 110 */
951,	/* OBJ_X448                         1 3 101 111 */
952,	/* OBJ_Ed25519                      1 3 101 112 */
953,	/* OBJ_Ed448                        1 3 101 113 */
954,	/* OBJ_Ed25519ph                    1 3 101 114 */
955,	/* OBJ_Ed448ph                      1 3 101 115 */
677,	/* OBJ_certicom_arc                 1 3 132 */
394,	/* OBJ_selected_attribute_types     2 5 1 5 */
13,	/* OBJ_commonName                   2 5 4 3 */
100,	/* OBJ_surname                      2 5 4 4 */
105,	/* OBJ_serialNumber                 2 5 4 5 */
14,	/* OBJ_countryName                  2 5 4 6 */
15,	/* OBJ_localityName                 2 5 4 7 */
Changes to jni/libressl/crypto/objects/obj_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: obj_err.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: obj_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)

static ERR_STRING_DATA OBJ_str_functs[] = {
	{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT),	"OBJ_add_object"},
	{ERR_FUNC(OBJ_F_OBJ_CREATE),	"OBJ_create"},
	{ERR_FUNC(OBJ_F_OBJ_DUP),	"OBJ_dup"},
	{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX),	"OBJ_NAME_new_index"},
	{ERR_FUNC(OBJ_F_OBJ_NID2LN),	"OBJ_nid2ln"},
	{ERR_FUNC(OBJ_F_OBJ_NID2OBJ),	"OBJ_nid2obj"},
	{ERR_FUNC(OBJ_F_OBJ_NID2SN),	"OBJ_nid2sn"},
	{0, NULL}
};

static ERR_STRING_DATA OBJ_str_reasons[] = {
	{ERR_REASON(OBJ_R_MALLOC_FAILURE)        , "malloc failure"},
	{ERR_REASON(OBJ_R_UNKNOWN_NID)           , "unknown nid"},
	{0, NULL}







<
<
|
<
<
<
<







68
69
70
71
72
73
74


75




76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)

static ERR_STRING_DATA OBJ_str_functs[] = {


	{ERR_FUNC(0xfff), "CRYPTO_internal"},




	{0, NULL}
};

static ERR_STRING_DATA OBJ_str_reasons[] = {
	{ERR_REASON(OBJ_R_MALLOC_FAILURE)        , "malloc failure"},
	{ERR_REASON(OBJ_R_UNKNOWN_NID)           , "unknown nid"},
	{0, NULL}
Changes to jni/libressl/crypto/objects/obj_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: obj_lib.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: obj_lib.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
		return (NULL);
	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
					     duplication is this??? */

	r = ASN1_OBJECT_new();
	if (r == NULL) {
		OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
		return (NULL);
	}
	data = malloc(o->length);
	if (data == NULL)
		goto err;
	if (o->data != NULL)
		memcpy(data, o->data, o->length);







|







75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
		return (NULL);
	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
					     duplication is this??? */

	r = ASN1_OBJECT_new();
	if (r == NULL) {
		OBJerror(ERR_R_ASN1_LIB);
		return (NULL);
	}
	data = malloc(o->length);
	if (data == NULL)
		goto err;
	if (o->data != NULL)
		memcpy(data, o->data, o->length);
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
		r->sn = sn;
	}
	r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
	    ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA);
	return (r);

err:
	OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
	free(ln);
	free(sn);
	free(data);
	free(r);
	return (NULL);
}








|







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
		r->sn = sn;
	}
	r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
	    ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA);
	return (r);

err:
	OBJerror(ERR_R_MALLOC_FAILURE);
	free(ln);
	free(sn);
	free(data);
	free(r);
	return (NULL);
}

Changes to jni/libressl/crypto/objects/obj_xref.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: obj_xref.c,v 1.8 2017/01/21 04:44:43 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74



75












76

77
78
79
80
81
82
83
84


85
86
87
88
89
90
91
92
93
94
95
96









97





98
99
100
101
102
103
104
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/objects.h>
#include "obj_xref.h"

DECLARE_STACK_OF(nid_triple)
STACK_OF(nid_triple) *sig_app, *sigx_app;

static int
sig_cmp(const nid_triple *a, const nid_triple *b)
{
	return a->sign_id - b->sign_id;
}




DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);












IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);


static int
sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b)
{
	return (*a)->sign_id - (*b)->sign_id;
}

DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);



static int
sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
{
	int ret;

	ret = (*a)->hash_id - (*b)->hash_id;
	if (ret)
		return ret;
	return (*a)->pkey_id - (*b)->pkey_id;
}










IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);






int
OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
{
	nid_triple tmp;
	const nid_triple *rv = NULL;
	tmp.sign_id = signid;







<
<
<
<












>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>







|
>
>












>
>
>
>
>
>
>
>
>
|
>
>
>
>
>







52
53
54
55
56
57
58




59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */





#include <openssl/objects.h>
#include "obj_xref.h"

DECLARE_STACK_OF(nid_triple)
STACK_OF(nid_triple) *sig_app, *sigx_app;

static int
sig_cmp(const nid_triple *a, const nid_triple *b)
{
	return a->sign_id - b->sign_id;
}

static int sig_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int sig_cmp(nid_triple const *, nid_triple const *);
static nid_triple *OBJ_bsearch_sig(nid_triple *key, nid_triple const *base, int num);

static int
sig_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	nid_triple const *a = a_;
	nid_triple const *b = b_;
	return sig_cmp(a, b);
}

static nid_triple *
OBJ_bsearch_sig(nid_triple *key, nid_triple const *base, int num)
{
	return (nid_triple *)OBJ_bsearch_(key, base, num, sizeof(nid_triple),
	    sig_cmp_BSEARCH_CMP_FN);
}

static int
sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b)
{
	return (*a)->sign_id - (*b)->sign_id;
}

static int sigx_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int sigx_cmp(const nid_triple * const *, const nid_triple * const *);
static const nid_triple * *OBJ_bsearch_sigx(const nid_triple * *key, const nid_triple * const *base, int num);

static int
sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
{
	int ret;

	ret = (*a)->hash_id - (*b)->hash_id;
	if (ret)
		return ret;
	return (*a)->pkey_id - (*b)->pkey_id;
}


static int
sigx_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const nid_triple * const *a = a_;
	const nid_triple * const *b = b_;
	return sigx_cmp(a, b);
}

static const nid_triple * *
OBJ_bsearch_sigx(const nid_triple * *key, const nid_triple * const *base, int num)
{
	return (const nid_triple * *)OBJ_bsearch_(key, base, num, sizeof(const nid_triple *),
	    sigx_cmp_BSEARCH_CMP_FN);
}

int
OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
{
	nid_triple tmp;
	const nid_triple *rv = NULL;
	tmp.sign_id = signid;
Changes to jni/libressl/crypto/objects/obj_xref.h.
1
2


3
4
5
6
7
8
9
/* $OpenBSD: obj_xref.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */



typedef struct
	{
	int sign_id;
	int hash_id;
	int pkey_id;
	} nid_triple;
|

>
>







1
2
3
4
5
6
7
8
9
10
11
/* $OpenBSD: obj_xref.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */
/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */

__BEGIN_HIDDEN_DECLS

typedef struct
	{
	int sign_id;
	int hash_id;
	int pkey_id;
	} nid_triple;
76
77
78
79
80
81
82

	&sigoid_srt[26],
	&sigoid_srt[27],
	&sigoid_srt[28],
	&sigoid_srt[30],
	&sigoid_srt[31],
	};









>
78
79
80
81
82
83
84
85
	&sigoid_srt[26],
	&sigoid_srt[27],
	&sigoid_srt[28],
	&sigoid_srt[30],
	&sigoid_srt[31],
	};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/ocsp/ocsp_asn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_asn.c,v 1.7 2015/02/09 16:04:46 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_asn.c,v 1.9 2016/11/04 18:35:30 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348












349
350
351
352
353
354
355
	.templates = OCSP_REQUEST_seq_tt,
	.tcount = sizeof(OCSP_REQUEST_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(OCSP_REQUEST),
	.sname = "OCSP_REQUEST",
};


OCSP_REQUEST *
d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len)
{
	return (OCSP_REQUEST *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &OCSP_REQUEST_it);
}

int
i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_REQUEST_it);
}













OCSP_REQUEST *
OCSP_REQUEST_new(void)
{
	return (OCSP_REQUEST *)ASN1_item_new(&OCSP_REQUEST_it);
}








<












>
>
>
>
>
>
>
>
>
>
>
>







329
330
331
332
333
334
335

336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
	.templates = OCSP_REQUEST_seq_tt,
	.tcount = sizeof(OCSP_REQUEST_seq_tt) / sizeof(ASN1_TEMPLATE),
	.funcs = NULL,
	.size = sizeof(OCSP_REQUEST),
	.sname = "OCSP_REQUEST",
};


OCSP_REQUEST *
d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len)
{
	return (OCSP_REQUEST *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
	    &OCSP_REQUEST_it);
}

int
i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_REQUEST_it);
}

OCSP_REQUEST *
d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **a)
{
	return ASN1_item_d2i_bio(&OCSP_REQUEST_it, bp, a);
}

int
i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *a)
{
	return ASN1_item_i2d_bio(&OCSP_REQUEST_it, bp, a);
}

OCSP_REQUEST *
OCSP_REQUEST_new(void)
{
	return (OCSP_REQUEST *)ASN1_item_new(&OCSP_REQUEST_it);
}

450
451
452
453
454
455
456












457
458
459
460
461
462
463
}

int
i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_RESPONSE_it);
}













OCSP_RESPONSE *
OCSP_RESPONSE_new(void)
{
	return (OCSP_RESPONSE *)ASN1_item_new(&OCSP_RESPONSE_it);
}








>
>
>
>
>
>
>
>
>
>
>
>







461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
}

int
i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out)
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_RESPONSE_it);
}

OCSP_RESPONSE *
d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **a)
{
	return ASN1_item_d2i_bio(&OCSP_RESPONSE_it, bp, a);
}

int
i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *a)
{
	return ASN1_item_i2d_bio(&OCSP_RESPONSE_it, bp, a);
}

OCSP_RESPONSE *
OCSP_RESPONSE_new(void)
{
	return (OCSP_RESPONSE *)ASN1_item_new(&OCSP_RESPONSE_it);
}

Changes to jni/libressl/crypto/ocsp/ocsp_cl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_cl.c,v 1.10 2016/07/05 03:24:38 beck Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_cl.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>

int asn1_time_parse(const char *, size_t, struct tm *, int);
int asn1_tm_cmp(struct tm *, struct tm *);

/* Utility functions related to sending OCSP requests and extracting
 * relevant information from the response.
 */

/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
 * pointer: useful if we want to add extensions.
 */







<
<
<







67
68
69
70
71
72
73



74
75
76
77
78
79
80
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>




/* Utility functions related to sending OCSP requests and extracting
 * relevant information from the response.
 */

/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
 * pointer: useful if we want to add extensions.
 */
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
		goto err;

	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new()))
		goto err;
	if (key) {
		if (!X509_check_private_key(signer, key)) {
			OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
			    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
			goto err;
		}
		if (!OCSP_REQUEST_sign(req, key, dgst))
			goto err;
	}

	if (!(flags & OCSP_NOCERTS)) {







<
|







155
156
157
158
159
160
161

162
163
164
165
166
167
168
169
	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
		goto err;

	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new()))
		goto err;
	if (key) {
		if (!X509_check_private_key(signer, key)) {

			OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
			goto err;
		}
		if (!OCSP_REQUEST_sign(req, key, dgst))
			goto err;
	}

	if (!(flags & OCSP_NOCERTS)) {
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
OCSP_BASICRESP *
OCSP_response_get1_basic(OCSP_RESPONSE *resp)
{
	OCSP_RESPBYTES *rb;

	rb = resp->responseBytes;
	if (!rb) {
		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,
		    OCSP_R_NO_RESPONSE_DATA);
		return NULL;
	}
	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,
		    OCSP_R_NOT_BASIC_RESPONSE);
		return NULL;
	}

	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
}

/* Return number of OCSP_SINGLERESP reponses present in
 * a basic response.
 */
int
OCSP_resp_count(OCSP_BASICRESP *bs)







<
|



<
|



|







197
198
199
200
201
202
203

204
205
206
207

208
209
210
211
212
213
214
215
216
217
218
219
OCSP_BASICRESP *
OCSP_response_get1_basic(OCSP_RESPONSE *resp)
{
	OCSP_RESPBYTES *rb;

	rb = resp->responseBytes;
	if (!rb) {

		OCSPerror(OCSP_R_NO_RESPONSE_DATA);
		return NULL;
	}
	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {

		OCSPerror(OCSP_R_NOT_BASIC_RESPONSE);
		return NULL;
	}

	return ASN1_item_unpack(rb->response, &OCSP_BASICRESP_it);
}

/* Return number of OCSP_SINGLERESP reponses present in
 * a basic response.
 */
int
OCSP_resp_count(OCSP_BASICRESP *bs)
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
	/*
	 * Times must explicitly be a GENERALIZEDTIME as per section
	 * 4.2.2.1 of RFC 6960 - It is invalid to accept other times
	 * (such as UTCTIME permitted/required by RFC 5280 for certificates)
	 */

	/* Check thisUpdate is valid and not more than nsec in the future */
	if (asn1_time_parse(thisupd->data, thisupd->length, &tm_this,
	    V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
		    OCSP_R_ERROR_IN_THISUPDATE_FIELD);
		return 0;
	} else {
		t_tmp = t_now + nsec;
		if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
			return 0;
		if (asn1_tm_cmp(&tm_this, &tm_tmp) > 0) {
			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
			    OCSP_R_STATUS_NOT_YET_VALID);
			return 0;
		}

		/*
		 * If maxsec specified check thisUpdate is not more than maxsec
		 * in the past
		 */
		if (maxsec >= 0) {
			t_tmp = t_now - maxsec;
			if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
				return 0;
			if (asn1_tm_cmp(&tm_this, &tm_tmp) < 0) {
				OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
				    OCSP_R_STATUS_TOO_OLD);
				return 0;
			}
		}
	}

	if (!nextupd)
		return 1;

	/* Check nextUpdate is valid and not more than nsec in the past */
	if (asn1_time_parse(nextupd->data, nextupd->length, &tm_next,
	    V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
		    OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
		return 0;
	} else {
		t_tmp = t_now - nsec;
		if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
			return 0;
		if (asn1_tm_cmp(&tm_next, &tm_tmp) < 0) {
			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
			    OCSP_R_STATUS_EXPIRED);
			return 0;
		}
	}

	/* Also don't allow nextUpdate to precede thisUpdate */
	if (asn1_tm_cmp(&tm_next, &tm_this) < 0) {
		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
		    OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
		return 0;
	}

	return 1;
}







|

<
|





|
<
|











|
<
|









|

<
|





|
<
|





|
<
|





332
333
334
335
336
337
338
339
340

341
342
343
344
345
346
347

348
349
350
351
352
353
354
355
356
357
358
359
360

361
362
363
364
365
366
367
368
369
370
371
372

373
374
375
376
377
378
379

380
381
382
383
384
385
386

387
388
389
390
391
392
	/*
	 * Times must explicitly be a GENERALIZEDTIME as per section
	 * 4.2.2.1 of RFC 6960 - It is invalid to accept other times
	 * (such as UTCTIME permitted/required by RFC 5280 for certificates)
	 */

	/* Check thisUpdate is valid and not more than nsec in the future */
	if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
	    V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {

		OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);
		return 0;
	} else {
		t_tmp = t_now + nsec;
		if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
			return 0;
		if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {

			OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
			return 0;
		}

		/*
		 * If maxsec specified check thisUpdate is not more than maxsec
		 * in the past
		 */
		if (maxsec >= 0) {
			t_tmp = t_now - maxsec;
			if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
				return 0;
			if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {

				OCSPerror(OCSP_R_STATUS_TOO_OLD);
				return 0;
			}
		}
	}

	if (!nextupd)
		return 1;

	/* Check nextUpdate is valid and not more than nsec in the past */
	if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
	    V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {

		OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
		return 0;
	} else {
		t_tmp = t_now - nsec;
		if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
			return 0;
		if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {

			OCSPerror(OCSP_R_STATUS_EXPIRED);
			return 0;
		}
	}

	/* Also don't allow nextUpdate to precede thisUpdate */
	if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {

		OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
		return 0;
	}

	return 1;
}
Changes to jni/libressl/crypto/ocsp/ocsp_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_err.c,v 1.6 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_err.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)

static ERR_STRING_DATA OCSP_str_functs[]= {
	{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),	"ASN1_STRING_encode"},
	{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),	"D2I_OCSP_NONCE"},
	{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),	"OCSP_basic_add1_status"},
	{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),	"OCSP_basic_sign"},
	{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),	"OCSP_basic_verify"},
	{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),	"OCSP_cert_id_new"},
	{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED),	"OCSP_CHECK_DELEGATED"},
	{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),	"OCSP_CHECK_IDS"},
	{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),	"OCSP_CHECK_ISSUER"},
	{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),	"OCSP_check_validity"},
	{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),	"OCSP_MATCH_ISSUERID"},
	{ERR_FUNC(OCSP_F_OCSP_PARSE_URL),	"OCSP_parse_url"},
	{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),	"OCSP_request_sign"},
	{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),	"OCSP_request_verify"},
	{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),	"OCSP_response_get1_basic"},
	{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),	"OCSP_sendreq_bio"},
	{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),	"OCSP_sendreq_nbio"},
	{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),	"PARSE_HTTP_LINE1"},
	{ERR_FUNC(OCSP_F_REQUEST_VERIFY),	"REQUEST_VERIFY"},
	{0, NULL}
};

static ERR_STRING_DATA OCSP_str_reasons[]= {
	{ERR_REASON(OCSP_R_BAD_DATA)             , "bad data"},
	{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
	{ERR_REASON(OCSP_R_DIGEST_ERR)           , "digest err"},







<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74

75

















76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)

static ERR_STRING_DATA OCSP_str_functs[]= {

	{ERR_FUNC(0xfff), "CRYPTO_internal"},

















	{0, NULL}
};

static ERR_STRING_DATA OCSP_str_reasons[]= {
	{ERR_REASON(OCSP_R_BAD_DATA)             , "bad data"},
	{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
	{ERR_REASON(OCSP_R_DIGEST_ERR)           , "digest err"},
Changes to jni/libressl/crypto/ocsp/ocsp_ext.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_ext.c,v 1.13 2014/10/28 05:46:56 miod Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_ext.c,v 1.15 2016/12/27 16:01:19 jsing Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367

int
OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
{
	return X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL;
}

/* also CRL Entry Extensions */
#if 0
ASN1_STRING *
ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data,
    STACK_OF(ASN1_OBJECT) *sk)
{
	int i;
	unsigned char *p, *b = NULL;

	if (data) {
		if ((i = i2d(data, NULL)) <= 0)
			goto err;
		if (!(b = p = malloc(i)))
			goto err;
		if (i2d(data, &p) <= 0)
			goto err;
	} else if (sk) {
		if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
		    (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
		    IS_SEQUENCE)) <= 0)
			goto err;
		if (!(b = p = malloc(i)))
			goto err;
		if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p,
		    (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE,
		    V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
			goto err;
	} else {
		OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
		goto err;
	}
	if (!s && !(s = ASN1_STRING_new()))
		goto err;
	if (!(ASN1_STRING_set(s, b, i)))
		goto err;
	free(b);
	return s;

err:
	free(b);
	return NULL;
}
#endif

/* Nonce handling functions */

/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
 * a random nonce will be generated.
 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
 * nonce, previous versions used the raw nonce.
 */







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







310
311
312
313
314
315
316












































317
318
319
320
321
322
323

int
OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
{
	return X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL;
}













































/* Nonce handling functions */

/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
 * a random nonce will be generated.
 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
 * nonce, previous versions used the raw nonce.
 */
Changes to jni/libressl/crypto/ocsp/ocsp_ht.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_ht.c,v 1.21 2014/07/25 06:05:32 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_ht.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
153
154
155
156
157
158
159
160



161
162
163
164
165
166
167
{
	OCSP_REQ_CTX *rctx;

	rctx = malloc(sizeof(OCSP_REQ_CTX));
	if (rctx == NULL)
		return NULL;
	rctx->state = OHS_ERROR;
	rctx->mem = BIO_new(BIO_s_mem());



	rctx->io = io;
	rctx->asn1_len = 0;
	if (maxline > 0)
		rctx->iobuflen = maxline;
	else
		rctx->iobuflen = OCSP_MAX_LINE_LEN;
	rctx->iobuf = malloc(rctx->iobuflen);







|
>
>
>







153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
{
	OCSP_REQ_CTX *rctx;

	rctx = malloc(sizeof(OCSP_REQ_CTX));
	if (rctx == NULL)
		return NULL;
	rctx->state = OHS_ERROR;
	if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL) {
		free(rctx);
		return NULL;
	}
	rctx->io = io;
	rctx->asn1_len = 0;
	if (maxline > 0)
		rctx->iobuflen = maxline;
	else
		rctx->iobuflen = OCSP_MAX_LINE_LEN;
	rctx->iobuf = malloc(rctx->iobuflen);
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
	int retcode;
	char *p, *q, *r;

	/* Skip to first white space (passed protocol info) */
	for (p = line; *p && !isspace((unsigned char)*p); p++)
		continue;
	if (!*p) {
		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
		    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
		return 0;
	}

	/* Skip past white space to start of response code */
	while (*p && isspace((unsigned char)*p))
		p++;
	if (!*p) {
		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
		    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
		return 0;
	}

	/* Find end of response code: first whitespace after start of code */
	for (q = p; *q && !isspace((unsigned char)*q); q++)
		continue;
	if (!*q) {
		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
		    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
		return 0;
	}

	/* Set end of response code and start of message */
	*q++ = 0;

	/* Attempt to parse numeric code */







<
|







<
|







<
|







203
204
205
206
207
208
209

210
211
212
213
214
215
216
217

218
219
220
221
222
223
224
225

226
227
228
229
230
231
232
233
	int retcode;
	char *p, *q, *r;

	/* Skip to first white space (passed protocol info) */
	for (p = line; *p && !isspace((unsigned char)*p); p++)
		continue;
	if (!*p) {

		OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
		return 0;
	}

	/* Skip past white space to start of response code */
	while (*p && isspace((unsigned char)*p))
		p++;
	if (!*p) {

		OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
		return 0;
	}

	/* Find end of response code: first whitespace after start of code */
	for (q = p; *q && !isspace((unsigned char)*q); q++)
		continue;
	if (!*q) {

		OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
		return 0;
	}

	/* Set end of response code and start of message */
	*q++ = 0;

	/* Attempt to parse numeric code */
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
		 * CRLF) */

		/* We know q has a non white space character so this is OK */
		for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
			*r = 0;
	}
	if (retcode != 200) {
		OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
		if (!*q)
			ERR_asprintf_error_data("Code=%s", p);
		else
			ERR_asprintf_error_data("Code=%s,Reason=%s", p, q);
		return 0;
	}








|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
		 * CRLF) */

		/* We know q has a non white space character so this is OK */
		for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
			*r = 0;
	}
	if (retcode != 200) {
		OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR);
		if (!*q)
			ERR_asprintf_error_data("Code=%s", p);
		else
			ERR_asprintf_error_data("Code=%s,Reason=%s", p, q);
		return 0;
	}

Changes to jni/libressl/crypto/ocsp/ocsp_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_lib.c,v 1.17 2015/02/10 04:21:50 jsing Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_lib.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
	if (!(cid = OCSP_CERTID_new()))
		goto err;

	alg = cid->hashAlgorithm;
	if (alg->algorithm != NULL)
		ASN1_OBJECT_free(alg->algorithm);
	if ((nid = EVP_MD_type(dgst)) == NID_undef) {
		OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
		goto err;
	}
	if (!(alg->algorithm = OBJ_nid2obj(nid)))
		goto err;
	if ((alg->parameter = ASN1_TYPE_new()) == NULL)
		goto err;
	alg->parameter->type = V_ASN1_NULL;







|







111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
	if (!(cid = OCSP_CERTID_new()))
		goto err;

	alg = cid->hashAlgorithm;
	if (alg->algorithm != NULL)
		ASN1_OBJECT_free(alg->algorithm);
	if ((nid = EVP_MD_type(dgst)) == NID_undef) {
		OCSPerror(OCSP_R_UNKNOWN_NID);
		goto err;
	}
	if (!(alg->algorithm = OBJ_nid2obj(nid)))
		goto err;
	if ((alg->parameter = ASN1_TYPE_new()) == NULL)
		goto err;
	alg->parameter->type = V_ASN1_NULL;
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
		ASN1_INTEGER_free(cid->serialNumber);
		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
			goto err;
	}
	return cid;

digerr:
	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
err:
	if (cid)
		OCSP_CERTID_free(cid);
	return NULL;
}

int







|







140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
		ASN1_INTEGER_free(cid->serialNumber);
		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
			goto err;
	}
	return cid;

digerr:
	OCSPerror(OCSP_R_DIGEST_ERR);
err:
	if (cid)
		OCSP_CERTID_free(cid);
	return NULL;
}

int
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211

212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273

274
275
276
277
278
279
280
281
282

/* Parse a URL and split it up into host, port and path components and whether
 * it is SSL.
 */
int
OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
{
	char *p, *buf;
	char *host, *port;

	*phost = NULL;
	*pport = NULL;
	*ppath = NULL;

	/* dup the buffer since we are going to mess with it */
	buf = url ? strdup(url) : NULL;
	if (!buf)
		goto mem_err;

	/* Check for initial colon */
	p = strchr(buf, ':');
	if (!p)
		goto parse_err;

	*(p++) = '\0';

	if (!strcmp(buf, "http")) {
		*pssl = 0;
		port = "80";
	} else if (!strcmp(buf, "https")) {
		*pssl = 1;
		port = "443";
	} else
		goto parse_err;


	/* Check for double slash */
	if ((p[0] != '/') || (p[1] != '/'))
		goto parse_err;

	p += 2;

	host = p;

	/* Check for trailing part of path */
	p = strchr(p, '/');
	if (!p)
		*ppath = strdup("/");
	else {
		*ppath = strdup(p);
		/* Set start of path to 0 so hostname is valid */
		*p = '\0';
	}

	if (!*ppath)
		goto mem_err;

	/* Look for optional ':' for port number */
	if ((p = strchr(host, ':'))) {
		*p = 0;
		port = p + 1;

	} else {
		/* Not found: set default port */
		if (*pssl)
			port = "443";
		else
			port = "80";
	}

	*pport = strdup(port);
	if (!*pport)
		goto mem_err;

	*phost = strdup(host);

	if (!*phost)
		goto mem_err;

	free(buf);

	return 1;

mem_err:
	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
	goto err;

parse_err:
	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);

err:
	free(buf);
	free(*ppath);
	free(*pport);
	free(*phost);
	*phost = NULL;
	*pport = NULL;
	*ppath = NULL;

	return 0;
}


OCSP_CERTID *
OCSP_CERTID_dup(OCSP_CERTID *x)
{
	return ASN1_item_dup(&OCSP_CERTID_it, x);
}







<
|

<
<
|
|
<
<
<
<

<
<
<
<
|
<
<
<
|
|
|
<
|
|
|
>
|
<
|
|
|
<
|
<

<
|
<
<
<
|
<
|
|
|
<
<

<
|
<
|
>

<

|

|


<
<
<
|
<
<
|
<
|
|
|
|
|
<
<
<

<
<
<
<
<
<
<
<
|
<
|
>
|

<






178
179
180
181
182
183
184

185
186


187
188




189




190



191
192
193

194
195
196
197
198

199
200
201

202

203

204



205

206
207
208


209

210

211
212
213

214
215
216
217
218
219



220


221

222
223
224
225
226



227








228

229
230
231
232

233
234
235
236
237
238

/* Parse a URL and split it up into host, port and path components and whether
 * it is SSL.
 */
int
OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
{

	char *host, *path, *port, *tmp;



	*phost = *pport = *ppath = NULL;
	*pssl = 0;









	if (strncmp(url, "https://", 8) == 0) {



		*pssl = 1;
		host = strdup(url + 8);
	} else if (strncmp(url, "http://", 7) == 0)

		host = strdup(url + 7);
	else {
		OCSPerror(OCSP_R_ERROR_PARSING_URL);
		return 0;
	}

	if (host == NULL) {
		OCSPerror(ERR_R_MALLOC_FAILURE);
		return 0;

	}



	if ((tmp = strchr(host, '/')) != NULL) {



		path = strdup(tmp);

		*tmp = '\0';
	} else
		path = strdup("/");




	if ((tmp = strchr(host, ':')) != NULL ) {

		port = strdup(tmp + 1);
		*tmp = '\0';
	} else {

		if (*pssl)
			port = strdup("443");
		else
			port = strdup("80");
	}




	if (path == NULL || port == NULL) {


		free(host);

		free(path);
		free(port);
		OCSPerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}












	*phost = host;

	*ppath = path;
	*pport = port;
	return 1;
}


OCSP_CERTID *
OCSP_CERTID_dup(OCSP_CERTID *x)
{
	return ASN1_item_dup(&OCSP_CERTID_it, x);
}
Changes to jni/libressl/crypto/ocsp/ocsp_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_prn.c,v 1.7 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was originally part of ocsp.c and was transfered to Richard
   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
   in OpenSSL or released as a patch kit. */
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_prn.c,v 1.8 2015/07/16 02:16:19 miod Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was originally part of ocsp.c and was transfered to Richard
   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
   in OpenSSL or released as a patch kit. */
Changes to jni/libressl/crypto/ocsp/ocsp_srv.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
		goto err;
	if (!bs)
		return rsp;
	if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
		goto err;
	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP),
	    &rsp->responseBytes->response))
		goto err;
	return rsp;

err:
	if (rsp)
		OCSP_RESPONSE_free(rsp);







|







123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
		goto err;
	if (!bs)
		return rsp;
	if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
		goto err;
	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
	if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it,
	    &rsp->responseBytes->response))
		goto err;
	return rsp;

err:
	if (rsp)
		OCSP_RESPONSE_free(rsp);
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	if (!(single->certId = OCSP_CERTID_dup(cid)))
		goto err;

	cs = single->certStatus;
	switch (cs->type = status) {
	case V_OCSP_CERTSTATUS_REVOKED:
		if (!revtime) {
			OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
			    OCSP_R_NO_REVOKED_TIME);
			goto err;
		}
		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
			goto err;
		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
			goto err;
		if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {







<
|







164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
	if (!(single->certId = OCSP_CERTID_dup(cid)))
		goto err;

	cs = single->certStatus;
	switch (cs->type = status) {
	case V_OCSP_CERTSTATUS_REVOKED:
		if (!revtime) {

			OCSPerror(OCSP_R_NO_REVOKED_TIME);
			goto err;
		}
		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
			goto err;
		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
			goto err;
		if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
    const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags)
{
	int i;
	OCSP_RESPID *rid;

	if (!X509_check_private_key(signer, key)) {
		OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
		    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		goto err;
	}

	if (!(flags & OCSP_NOCERTS)) {
		if (!OCSP_basic_add1_cert(brsp, signer))
			goto err;
		for (i = 0; i < sk_X509_num(certs); i++) {







<
|







221
222
223
224
225
226
227

228
229
230
231
232
233
234
235
OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
    const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags)
{
	int i;
	OCSP_RESPID *rid;

	if (!X509_check_private_key(signer, key)) {

		OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		goto err;
	}

	if (!(flags & OCSP_NOCERTS)) {
		if (!OCSP_basic_add1_cert(brsp, signer))
			goto err;
		for (i = 0; i < sk_X509_num(certs); i++) {
Changes to jni/libressl/crypto/ocsp/ocsp_vfy.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_vfy.c,v 1.12 2014/07/09 19:08:10 tedu Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133





134
135
136
137
138
139
140
141
142
143
144
145
146
147
	STACK_OF(X509) *chain = NULL;
	STACK_OF(X509) *untrusted = NULL;
	X509_STORE_CTX ctx;
	int i, ret = 0;

	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
	if (!ret) {
		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
		    OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
		goto end;
	}
	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
		flags |= OCSP_NOVERIFY;
	if (!(flags & OCSP_NOSIGS)) {
		EVP_PKEY *skey;

		skey = X509_get_pubkey(signer);
		if (skey) {
			ret = OCSP_BASICRESP_verify(bs, skey, 0);
			EVP_PKEY_free(skey);
		}
		if (!skey || ret <= 0) {
			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
			    OCSP_R_SIGNATURE_FAILURE);
			goto end;
		}
	}
	if (!(flags & OCSP_NOVERIFY)) {
		int init_res;

		if (flags & OCSP_NOCHAIN) {
			untrusted = NULL;
		} else if (bs->certs && certs) {
			untrusted = sk_X509_dup(bs->certs);
			for (i = 0; i < sk_X509_num(certs); i++) {
				if (!sk_X509_push(untrusted,
					sk_X509_value(certs, i))) {
					OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
					    ERR_R_MALLOC_FAILURE);
					goto end;
				}
			}
		} else
			untrusted = bs->certs;
		init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
		if (!init_res) {
			ret = -1;
			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
			goto end;
		}

		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);





		ret = X509_verify_cert(&ctx);
		chain = X509_STORE_CTX_get1_chain(&ctx);
		X509_STORE_CTX_cleanup(&ctx);
		if (ret <= 0) {
			i = X509_STORE_CTX_get_error(&ctx);
			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
			    OCSP_R_CERTIFICATE_VERIFY_ERROR);
			ERR_asprintf_error_data("Verify error:%s",
			    X509_verify_cert_error_string(i));
			goto end;
		}
		if (flags & OCSP_NOCHECKS) {
			ret = 1;
			goto end;







<
|













<
|













<
|








|



|
>
>
>
>
>





<
|







82
83
84
85
86
87
88

89
90
91
92
93
94
95
96
97
98
99
100
101
102

103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148
	STACK_OF(X509) *chain = NULL;
	STACK_OF(X509) *untrusted = NULL;
	X509_STORE_CTX ctx;
	int i, ret = 0;

	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
	if (!ret) {

		OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
		goto end;
	}
	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
		flags |= OCSP_NOVERIFY;
	if (!(flags & OCSP_NOSIGS)) {
		EVP_PKEY *skey;

		skey = X509_get_pubkey(signer);
		if (skey) {
			ret = OCSP_BASICRESP_verify(bs, skey, 0);
			EVP_PKEY_free(skey);
		}
		if (!skey || ret <= 0) {

			OCSPerror(OCSP_R_SIGNATURE_FAILURE);
			goto end;
		}
	}
	if (!(flags & OCSP_NOVERIFY)) {
		int init_res;

		if (flags & OCSP_NOCHAIN) {
			untrusted = NULL;
		} else if (bs->certs && certs) {
			untrusted = sk_X509_dup(bs->certs);
			for (i = 0; i < sk_X509_num(certs); i++) {
				if (!sk_X509_push(untrusted,
					sk_X509_value(certs, i))) {

					OCSPerror(ERR_R_MALLOC_FAILURE);
					goto end;
				}
			}
		} else
			untrusted = bs->certs;
		init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
		if (!init_res) {
			ret = -1;
			OCSPerror(ERR_R_X509_LIB);
			goto end;
		}

		if (X509_STORE_CTX_set_purpose(&ctx,
		    X509_PURPOSE_OCSP_HELPER) == 0) {
			X509_STORE_CTX_cleanup(&ctx);
			ret = -1;
			goto end;
		}
		ret = X509_verify_cert(&ctx);
		chain = X509_STORE_CTX_get1_chain(&ctx);
		X509_STORE_CTX_cleanup(&ctx);
		if (ret <= 0) {
			i = X509_STORE_CTX_get_error(&ctx);

			OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);
			ERR_asprintf_error_data("Verify error:%s",
			    X509_verify_cert_error_string(i));
			goto end;
		}
		if (flags & OCSP_NOCHECKS) {
			ret = 1;
			goto end;
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
		 */
		if (flags & OCSP_NOEXPLICIT)
			goto end;

		x = sk_X509_value(chain, sk_X509_num(chain) - 1);
		if (X509_check_trust(x, NID_OCSP_sign, 0) !=
			X509_TRUST_TRUSTED) {
			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
			    OCSP_R_ROOT_CA_NOT_TRUSTED);
			goto end;
		}
		ret = 1;
	}

end:
	if (chain)







<
|







161
162
163
164
165
166
167

168
169
170
171
172
173
174
175
		 */
		if (flags & OCSP_NOEXPLICIT)
			goto end;

		x = sk_X509_value(chain, sk_X509_num(chain) - 1);
		if (X509_check_trust(x, NID_OCSP_sign, 0) !=
			X509_TRUST_TRUSTED) {

			OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);
			goto end;
		}
		ret = 1;
	}

end:
	if (chain)
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
	X509 *signer, *sca;
	OCSP_CERTID *caid = NULL;
	int i;

	sresp = bs->tbsResponseData->responses;

	if (sk_X509_num(chain) <= 0) {
		OCSPerr(OCSP_F_OCSP_CHECK_ISSUER,
		    OCSP_R_NO_CERTIFICATES_IN_CHAIN);
		return -1;
	}

	/* See if the issuer IDs match. */
	i = ocsp_check_ids(sresp, &caid);

	/* If ID mismatch or other error then return */







<
|







236
237
238
239
240
241
242

243
244
245
246
247
248
249
250
	X509 *signer, *sca;
	OCSP_CERTID *caid = NULL;
	int i;

	sresp = bs->tbsResponseData->responses;

	if (sk_X509_num(chain) <= 0) {

		OCSPerror(OCSP_R_NO_CERTIFICATES_IN_CHAIN);
		return -1;
	}

	/* See if the issuer IDs match. */
	i = ocsp_check_ids(sresp, &caid);

	/* If ID mismatch or other error then return */
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
{
	OCSP_CERTID *tmpid, *cid;
	int i, idcount;

	idcount = sk_OCSP_SINGLERESP_num(sresp);
	if (idcount <= 0) {
		OCSPerr(OCSP_F_OCSP_CHECK_IDS,
		    OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
		return -1;
	}

	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;

	*ret = NULL;








<
|







278
279
280
281
282
283
284

285
286
287
288
289
290
291
292
ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
{
	OCSP_CERTID *tmpid, *cid;
	int i, idcount;

	idcount = sk_OCSP_SINGLERESP_num(sresp);
	if (idcount <= 0) {

		OCSPerror(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
		return -1;
	}

	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;

	*ret = NULL;

314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
		const EVP_MD *dgst;
		X509_NAME *iname;
		int mdlen;
		unsigned char md[EVP_MAX_MD_SIZE];

		if (!(dgst =
		    EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
			OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
			    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
			return -1;
		}

		mdlen = EVP_MD_size(dgst);
		if (mdlen < 0)
			return -1;
		if (cid->issuerNameHash->length != mdlen ||







<
|







312
313
314
315
316
317
318

319
320
321
322
323
324
325
326
		const EVP_MD *dgst;
		X509_NAME *iname;
		int mdlen;
		unsigned char md[EVP_MAX_MD_SIZE];

		if (!(dgst =
		    EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {

			OCSPerror(OCSP_R_UNKNOWN_MESSAGE_DIGEST);
			return -1;
		}

		mdlen = EVP_MD_size(dgst);
		if (mdlen < 0)
			return -1;
		if (cid->issuerNameHash->length != mdlen ||
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426

427




428
429
430
431
432
433
434
435
436
437
438
439
440

static int
ocsp_check_delegated(X509 *x, int flags)
{
	X509_check_purpose(x, -1, 0);
	if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
		return 1;
	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
	return 0;
}

/* Verify an OCSP request. This is fortunately much easier than OCSP
 * response verify. Just find the signers certificate and verify it
 * against a given trust value.
 */
int
OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
    unsigned long flags)
{
	X509 *signer;
	X509_NAME *nm;
	GENERAL_NAME *gen;
	int ret;
	X509_STORE_CTX ctx;

	if (!req->optionalSignature) {
		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
		return 0;
	}
	gen = req->tbsRequest->requestorName;
	if (!gen || gen->type != GEN_DIRNAME) {
		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
		    OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
		return 0;
	}
	nm = gen->d.directoryName;
	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
	if (ret <= 0) {
		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
		    OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
		return 0;
	}
	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
		flags |= OCSP_NOVERIFY;
	if (!(flags & OCSP_NOSIGS)) {
		EVP_PKEY *skey;

		skey = X509_get_pubkey(signer);
		ret = OCSP_REQUEST_verify(req, skey);
		EVP_PKEY_free(skey);
		if (ret <= 0) {
			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
			    OCSP_R_SIGNATURE_FAILURE);
			return 0;
		}
	}
	if (!(flags & OCSP_NOVERIFY)) {
		int init_res;

		if (flags & OCSP_NOCHAIN)
			init_res = X509_STORE_CTX_init(&ctx, store, signer,
			    NULL);
		else
			init_res = X509_STORE_CTX_init(&ctx, store, signer,
			    req->optionalSignature->certs);
		if (!init_res) {
			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
			return 0;
		}

		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);

		X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);




		ret = X509_verify_cert(&ctx);
		X509_STORE_CTX_cleanup(&ctx);
		if (ret <= 0) {
			ret = X509_STORE_CTX_get_error(&ctx);
			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
			    OCSP_R_CERTIFICATE_VERIFY_ERROR);
			ERR_asprintf_error_data("Verify error:%s",
			    X509_verify_cert_error_string(ret));
			return 0;
		}
	}
	return 1;
}







|


















|




<
|





<
|











<
|













|



|
>
|
>
>
>
>




<
|







353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383

384
385
386
387
388
389

390
391
392
393
394
395
396
397
398
399
400
401

402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430

431
432
433
434
435
436
437
438

static int
ocsp_check_delegated(X509 *x, int flags)
{
	X509_check_purpose(x, -1, 0);
	if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
		return 1;
	OCSPerror(OCSP_R_MISSING_OCSPSIGNING_USAGE);
	return 0;
}

/* Verify an OCSP request. This is fortunately much easier than OCSP
 * response verify. Just find the signers certificate and verify it
 * against a given trust value.
 */
int
OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
    unsigned long flags)
{
	X509 *signer;
	X509_NAME *nm;
	GENERAL_NAME *gen;
	int ret;
	X509_STORE_CTX ctx;

	if (!req->optionalSignature) {
		OCSPerror(OCSP_R_REQUEST_NOT_SIGNED);
		return 0;
	}
	gen = req->tbsRequest->requestorName;
	if (!gen || gen->type != GEN_DIRNAME) {

		OCSPerror(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
		return 0;
	}
	nm = gen->d.directoryName;
	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
	if (ret <= 0) {

		OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
		return 0;
	}
	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
		flags |= OCSP_NOVERIFY;
	if (!(flags & OCSP_NOSIGS)) {
		EVP_PKEY *skey;

		skey = X509_get_pubkey(signer);
		ret = OCSP_REQUEST_verify(req, skey);
		EVP_PKEY_free(skey);
		if (ret <= 0) {

			OCSPerror(OCSP_R_SIGNATURE_FAILURE);
			return 0;
		}
	}
	if (!(flags & OCSP_NOVERIFY)) {
		int init_res;

		if (flags & OCSP_NOCHAIN)
			init_res = X509_STORE_CTX_init(&ctx, store, signer,
			    NULL);
		else
			init_res = X509_STORE_CTX_init(&ctx, store, signer,
			    req->optionalSignature->certs);
		if (!init_res) {
			OCSPerror(ERR_R_X509_LIB);
			return 0;
		}

		if (X509_STORE_CTX_set_purpose(&ctx,
		      X509_PURPOSE_OCSP_HELPER) == 0 ||
		    X509_STORE_CTX_set_trust(&ctx,
		      X509_TRUST_OCSP_REQUEST) == 0) {
			X509_STORE_CTX_cleanup(&ctx);
			return 0;
		}
		ret = X509_verify_cert(&ctx);
		X509_STORE_CTX_cleanup(&ctx);
		if (ret <= 0) {
			ret = X509_STORE_CTX_get_error(&ctx);

			OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);
			ERR_asprintf_error_data("Verify error:%s",
			    X509_verify_cert_error_string(ret));
			return 0;
		}
	}
	return 1;
}
Changes to jni/libressl/crypto/pem/pem_all.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_all.c,v 1.14 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_all.c,v 1.17 2016/09/04 16:10:38 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
136
137
138
139
140
141
142




143

144

























145

146











147
















148










149

150





























151






152

153










154
155
156
157
158
159
160
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
#endif

#ifndef OPENSSL_NO_EC
static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
#endif





IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)



























IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)













IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)



























IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)































IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,






    PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)













#ifndef OPENSSL_NO_RSA

/* We treat RSA or DSA private keys as a special case.
 *
 * For private keys we read in an EVP_PKEY structure with
 * PEM_read_bio_PrivateKey() and extract the relevant private







>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
#endif

#ifndef OPENSSL_NO_EC
static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
#endif


X509_REQ *
PEM_read_X509_REQ(FILE *fp, X509_REQ **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_X509_REQ, PEM_STRING_X509_REQ, fp,
	    (void **)x, cb, u);
}

int
PEM_write_X509_REQ(FILE *fp, X509_REQ *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509_REQ *
PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_REQ, PEM_STRING_X509_REQ, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

int
PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ_OLD, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

int
PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ_OLD, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509_CRL *
PEM_read_X509_CRL(FILE *fp, X509_CRL **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_X509_CRL, PEM_STRING_X509_CRL, fp,
	    (void **)x, cb, u);
}

int
PEM_write_X509_CRL(FILE *fp, X509_CRL *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509_CRL, PEM_STRING_X509_CRL, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509_CRL *
PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_CRL, PEM_STRING_X509_CRL, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_CRL, PEM_STRING_X509_CRL, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

PKCS7 *
PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_PKCS7, PEM_STRING_PKCS7, fp,
	    (void **)x, cb, u);
}

int
PEM_write_PKCS7(FILE *fp, PKCS7 *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_PKCS7, PEM_STRING_PKCS7, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

PKCS7 *
PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_PKCS7, PEM_STRING_PKCS7, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PKCS7, PEM_STRING_PKCS7, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

int
PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

NETSCAPE_CERT_SEQUENCE *
PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, fp,
	    (void **)x, cb, u);
}

NETSCAPE_CERT_SEQUENCE *
PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

#ifndef OPENSSL_NO_RSA

/* We treat RSA or DSA private keys as a special case.
 *
 * For private keys we read in an EVP_PKEY structure with
 * PEM_read_bio_PrivateKey() and extract the relevant private
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201



202



203


204

205



206
































































207
208
209
210
211
212
213
		return NULL;
	if (rsa) {
		RSA_free(*rsa);
		*rsa = rtmp;
	}
	return rtmp;
}

RSA *
PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
	return pkey_get_rsa(pktmp, rsa);
}


RSA *
PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
	return pkey_get_rsa(pktmp, rsa);
}








IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)




IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)



IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)

































































#endif

#ifndef OPENSSL_NO_DSA

static DSA *
pkey_get_dsa(EVP_PKEY *key, DSA **dsa)







<
<
<
<
<
<
<
<
<
<










>
>
>
|
>
>
>
|
>
>
|
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







290
291
292
293
294
295
296










297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
		return NULL;
	if (rsa) {
		RSA_free(*rsa);
		*rsa = rtmp;
	}
	return rtmp;
}











RSA *
PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
	return pkey_get_rsa(pktmp, rsa);
}

int
PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
{
        return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey, PEM_STRING_RSA, fp,
	    x, enc, kstr, klen, cb, u);
}

RSA *
PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
	return pkey_get_rsa(pktmp, rsa);
}

int
PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x,
    const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb,
    void *u)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey, PEM_STRING_RSA, bp,
	    x, enc, kstr, klen, cb, u);
}

RSA *
PEM_read_RSAPublicKey(FILE *fp, RSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_RSAPublicKey, PEM_STRING_RSA_PUBLIC, fp,
	    (void **)x, cb, u);
}

int
PEM_write_RSAPublicKey(FILE *fp, const RSA *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_RSAPublicKey, PEM_STRING_RSA_PUBLIC, fp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

RSA *
PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_RSAPublicKey, PEM_STRING_RSA_PUBLIC, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_RSAPublicKey(BIO *bp, const RSA *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPublicKey, PEM_STRING_RSA_PUBLIC, bp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

RSA *
PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_RSA_PUBKEY, PEM_STRING_PUBLIC, fp,
	    (void **)x, cb, u);
}

int
PEM_write_RSA_PUBKEY(FILE *fp, RSA *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_RSA_PUBKEY, PEM_STRING_PUBLIC, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

RSA *
PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_RSA_PUBKEY, PEM_STRING_PUBLIC, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSA_PUBKEY, PEM_STRING_PUBLIC, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

#endif

#ifndef OPENSSL_NO_DSA

static DSA *
pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252



253



254









































































255
256
257
258
259
260
261
		return NULL;
	if (dsa) {
		DSA_free(*dsa);
		*dsa = dtmp;
	}
	return dtmp;
}

DSA *
PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
}

IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)

IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)


DSA *
PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
}








IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)










































































#endif


#ifndef OPENSSL_NO_EC
static EC_KEY *
pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)







<
<
<
<
<
<
<
<
<
<
<
<
<
<










>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







403
404
405
406
407
408
409














410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
		return NULL;
	if (dsa) {
		DSA_free(*dsa);
		*dsa = dtmp;
	}
	return dtmp;
}















DSA *
PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
}

int
PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
{
        return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey, PEM_STRING_DSA, fp,
	    x, enc, kstr, klen, cb, u);
}

DSA *
PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
}

int
PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x,
    const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb,
    void *u)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey, PEM_STRING_DSA, bp,
	    x, enc, kstr, klen, cb, u);
}

DSA *
PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_DSA_PUBKEY, PEM_STRING_PUBLIC, fp,
	    (void **)x, cb, u);
}

int
PEM_write_DSA_PUBKEY(FILE *fp, DSA *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_DSA_PUBKEY, PEM_STRING_PUBLIC, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

int
PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSA_PUBKEY, PEM_STRING_PUBLIC, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

DSA *
PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_DSA_PUBKEY, PEM_STRING_PUBLIC, bp,
	    (void **)x, cb, u);
}

DSA *
PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_DSAparams, PEM_STRING_DSAPARAMS, fp,
	    (void **)x, cb, u);
}

int
PEM_write_DSAparams(FILE *fp, const DSA *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_DSAparams, PEM_STRING_DSAPARAMS, fp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

DSA *
PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_DSAparams, PEM_STRING_DSAPARAMS, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_DSAparams(BIO *bp, const DSA *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAparams, PEM_STRING_DSAPARAMS, bp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

#endif


#ifndef OPENSSL_NO_EC
static EC_KEY *
pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
271
272
273
274
275
276
277
278
279
280
281
282

283





284
285
286
287
288
289


290


291
292

293
294
295
296
297
298
299
300
301
302
303



304

















































305
306
307
308



309

310






















311
312



313























	if (eckey) {
		EC_KEY_free(*eckey);
		*eckey = dtmp;
	}
	return dtmp;
}

EC_KEY *
PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;
	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);

	return pkey_get_eckey(pktmp, key);	/* will free pktmp */





}

IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
    ECPKParameters)

IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,


    ECPrivateKey)



IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)



EC_KEY *
PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
	return pkey_get_eckey(pktmp, eckey);	/* will free pktmp */
}






















































#endif

#ifndef OPENSSL_NO_DH




IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
























#endif




IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)






























|
|

|
|
>
|
>
>
>
>
>


|
|
|
|
>
>
|
>
>
|
|
>
|










>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
	if (eckey) {
		EC_KEY_free(*eckey);
		*eckey = dtmp;
	}
	return dtmp;
}

EC_GROUP *
PEM_read_ECPKParameters(FILE *fp, EC_GROUP **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_ECPKParameters, PEM_STRING_ECPARAMETERS, fp,
	    (void **)x, cb, u);
}

int
PEM_write_ECPKParameters(FILE *fp, const EC_GROUP *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_ECPKParameters, PEM_STRING_ECPARAMETERS, fp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

EC_GROUP *
PEM_read_bio_ECPKParameters(BIO *bp, EC_GROUP **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_ECPKParameters, PEM_STRING_ECPARAMETERS, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_ECPKParameters(BIO *bp, const EC_GROUP *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPKParameters, PEM_STRING_ECPARAMETERS, bp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

EC_KEY *
PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;

	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
	return pkey_get_eckey(pktmp, eckey);	/* will free pktmp */
}

int
PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
{
        return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey, PEM_STRING_ECPRIVATEKEY, fp,
	    x, enc, kstr, klen, cb, u);
}

EC_KEY *
PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, void *u)
{
	EVP_PKEY *pktmp;
	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
	return pkey_get_eckey(pktmp, key);	/* will free pktmp */
}

int
PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x,
    const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb,
    void *u)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey, PEM_STRING_ECPRIVATEKEY, bp,
	    x, enc, kstr, klen, cb, u);
}

EC_KEY *
PEM_read_EC_PUBKEY(FILE *fp, EC_KEY **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_EC_PUBKEY, PEM_STRING_PUBLIC, fp,
	    (void **)x, cb, u);
}

int
PEM_write_EC_PUBKEY(FILE *fp, EC_KEY *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_EC_PUBKEY, PEM_STRING_PUBLIC, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

EC_KEY *
PEM_read_bio_EC_PUBKEY(BIO *bp, EC_KEY **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_EC_PUBKEY, PEM_STRING_PUBLIC, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_EC_PUBKEY(BIO *bp, EC_KEY *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_EC_PUBKEY, PEM_STRING_PUBLIC, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

#endif

#ifndef OPENSSL_NO_DH

DH *
PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_DHparams, PEM_STRING_DHPARAMS, fp,
	    (void **)x, cb, u);
}

int
PEM_write_DHparams(FILE *fp, const DH *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_DHparams, PEM_STRING_DHPARAMS, fp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

DH *
PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_DHparams, PEM_STRING_DHPARAMS, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_DHparams(BIO *bp, const DH *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_DHparams, PEM_STRING_DHPARAMS, bp,
	    (void *)x, NULL, NULL, 0, NULL, NULL);
}

#endif

EVP_PKEY *
PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_PUBKEY, PEM_STRING_PUBLIC, fp,
	    (void **)x, cb, u);
}

int
PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_PUBKEY, PEM_STRING_PUBLIC, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

EVP_PKEY *
PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_PUBKEY, PEM_STRING_PUBLIC, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PUBKEY, PEM_STRING_PUBLIC, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}
Changes to jni/libressl/crypto/pem/pem_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_err.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)

static ERR_STRING_DATA PEM_str_functs[] = {
	{ERR_FUNC(PEM_F_B2I_DSS),	"B2I_DSS"},
	{ERR_FUNC(PEM_F_B2I_PVK_BIO),	"b2i_PVK_bio"},
	{ERR_FUNC(PEM_F_B2I_RSA),	"B2I_RSA"},
	{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA),	"CHECK_BITLEN_DSA"},
	{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA),	"CHECK_BITLEN_RSA"},
	{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),	"d2i_PKCS8PrivateKey_bio"},
	{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),	"d2i_PKCS8PrivateKey_fp"},
	{ERR_FUNC(PEM_F_DO_B2I),	"DO_B2I"},
	{ERR_FUNC(PEM_F_DO_B2I_BIO),	"DO_B2I_BIO"},
	{ERR_FUNC(PEM_F_DO_BLOB_HEADER),	"DO_BLOB_HEADER"},
	{ERR_FUNC(PEM_F_DO_PK8PKEY),	"DO_PK8PKEY"},
	{ERR_FUNC(PEM_F_DO_PK8PKEY_FP),	"DO_PK8PKEY_FP"},
	{ERR_FUNC(PEM_F_DO_PVK_BODY),	"DO_PVK_BODY"},
	{ERR_FUNC(PEM_F_DO_PVK_HEADER),	"DO_PVK_HEADER"},
	{ERR_FUNC(PEM_F_I2B_PVK),	"I2B_PVK"},
	{ERR_FUNC(PEM_F_I2B_PVK_BIO),	"i2b_PVK_bio"},
	{ERR_FUNC(PEM_F_LOAD_IV),	"LOAD_IV"},
	{ERR_FUNC(PEM_F_PEM_ASN1_READ),	"PEM_ASN1_read"},
	{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),	"PEM_ASN1_read_bio"},
	{ERR_FUNC(PEM_F_PEM_ASN1_WRITE),	"PEM_ASN1_write"},
	{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),	"PEM_ASN1_write_bio"},
	{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK),	"PEM_def_callback"},
	{ERR_FUNC(PEM_F_PEM_DO_HEADER),	"PEM_do_header"},
	{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
	{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),	"PEM_get_EVP_CIPHER_INFO"},
	{ERR_FUNC(PEM_F_PEM_PK8PKEY),	"PEM_PK8PKEY"},
	{ERR_FUNC(PEM_F_PEM_READ),	"PEM_read"},
	{ERR_FUNC(PEM_F_PEM_READ_BIO),	"PEM_read_bio"},
	{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS),	"PEM_read_bio_Parameters"},
	{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),	"PEM_READ_BIO_PRIVATEKEY"},
	{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),	"PEM_READ_PRIVATEKEY"},
	{ERR_FUNC(PEM_F_PEM_SEALFINAL),	"PEM_SealFinal"},
	{ERR_FUNC(PEM_F_PEM_SEALINIT),	"PEM_SealInit"},
	{ERR_FUNC(PEM_F_PEM_SIGNFINAL),	"PEM_SignFinal"},
	{ERR_FUNC(PEM_F_PEM_WRITE),	"PEM_write"},
	{ERR_FUNC(PEM_F_PEM_WRITE_BIO),	"PEM_write_bio"},
	{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY),	"PEM_WRITE_PRIVATEKEY"},
	{ERR_FUNC(PEM_F_PEM_X509_INFO_READ),	"PEM_X509_INFO_read"},
	{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),	"PEM_X509_INFO_read_bio"},
	{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),	"PEM_X509_INFO_write_bio"},
	{0, NULL}
};

static ERR_STRING_DATA PEM_str_reasons[] = {
	{ERR_REASON(PEM_R_BAD_BASE64_DECODE)     , "bad base64 decode"},
	{ERR_REASON(PEM_R_BAD_DECRYPT)           , "bad decrypt"},
	{ERR_REASON(PEM_R_BAD_END_LINE)          , "bad end line"},







<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74







75
































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)

static ERR_STRING_DATA PEM_str_functs[] = {







	{ERR_FUNC(0xfff), "CRYPTO_internal"},
































	{0, NULL}
};

static ERR_STRING_DATA PEM_str_reasons[] = {
	{ERR_REASON(PEM_R_BAD_BASE64_DECODE)     , "bad base64 decode"},
	{ERR_REASON(PEM_R_BAD_DECRYPT)           , "bad decrypt"},
	{ERR_REASON(PEM_R_BAD_END_LINE)          , "bad end line"},
Changes to jni/libressl/crypto/pem/pem_info.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_info.c,v 1.20 2015/02/10 09:52:35 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_info.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
    void *u)
{
	BIO *b;
	STACK_OF(X509_INFO) *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
	BIO_free(b);
	return (ret);
}







|







79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
    void *u)
{
	BIO *b;
	STACK_OF(X509_INFO) *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
	BIO_free(b);
	return (ret);
}
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
	int ok = 0;
	STACK_OF(X509_INFO) *ret = NULL;
	unsigned int i, raw, ptype;
	d2i_of_void *d2i = 0;

	if (sk == NULL) {
		if ((ret = sk_X509_INFO_new_null()) == NULL) {
			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	} else
		ret = sk;

	if ((xi = X509_INFO_new()) == NULL)
		goto err;







<
|







105
106
107
108
109
110
111

112
113
114
115
116
117
118
119
	int ok = 0;
	STACK_OF(X509_INFO) *ret = NULL;
	unsigned int i, raw, ptype;
	d2i_of_void *d2i = 0;

	if (sk == NULL) {
		if ((ret = sk_X509_INFO_new_null()) == NULL) {

			PEMerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	} else
		ret = sk;

	if ((xi = X509_INFO_new()) == NULL)
		goto err;
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
					goto err;
				if (!PEM_do_header(&cipher, data, &len, cb, u))
					goto err;
				p = data;
				if (ptype) {
					if (!d2i_PrivateKey(ptype, pp, &p,
					    len)) {
						PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
						    ERR_R_ASN1_LIB);
						goto err;
					}
				} else if (d2i(pp, &p, len) == NULL) {
					PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
					    ERR_R_ASN1_LIB);
					goto err;
				}
			} else { /* encrypted RSA data */
				if (!PEM_get_EVP_CIPHER_INFO(header,
				    &xi->enc_cipher))
					goto err;
				xi->enc_data = (char *)data;







<
|



<
|







244
245
246
247
248
249
250

251
252
253
254

255
256
257
258
259
260
261
262
					goto err;
				if (!PEM_do_header(&cipher, data, &len, cb, u))
					goto err;
				p = data;
				if (ptype) {
					if (!d2i_PrivateKey(ptype, pp, &p,
					    len)) {

						PEMerror(ERR_R_ASN1_LIB);
						goto err;
					}
				} else if (d2i(pp, &p, len) == NULL) {

					PEMerror(ERR_R_ASN1_LIB);
					goto err;
				}
			} else { /* encrypted RSA data */
				if (!PEM_get_EVP_CIPHER_INFO(header,
				    &xi->enc_cipher))
					goto err;
				xi->enc_data = (char *)data;
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
	const char *objstr = NULL;
	char buf[PEM_BUFSIZE];
	unsigned char *iv = NULL;

	if (enc != NULL) {
		objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
		if (objstr == NULL) {
			PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
			    PEM_R_UNSUPPORTED_CIPHER);
			goto err;
		}
	}

	/* now for the fun part ... if we have a private key then
	 * we have to be able to handle a not-yet-decrypted key
	 * being written out correctly ... if it is decrypted or
	 * it is non-encrypted then we use the base code
	 */
	if (xi->x_pkey != NULL) {
		if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
			if (enc == NULL) {
				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
				    PEM_R_CIPHER_IS_NULL);
				goto err;
			}

			/* copy from weirdo names into more normal things */
			iv = xi->enc_cipher.iv;
			data = (unsigned char *)xi->enc_data;
			i = xi->enc_len;

			/* we take the encryption data from the
			 * internal stuff rather than what the
			 * user has passed us ... as we have to
			 * match exactly for some strange reason
			 */
			objstr = OBJ_nid2sn(
			    EVP_CIPHER_nid(xi->enc_cipher.cipher));
			if (objstr == NULL) {
				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
				    PEM_R_UNSUPPORTED_CIPHER);
				goto err;
			}

			/* create the right magic header stuff */
			if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
			    sizeof buf) {
				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
				    ASN1_R_BUFFER_TOO_SMALL);
				goto err;
			}
			buf[0] = '\0';
			PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
			PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);

			/* use the normal code to write things out */







<
|












<
|
















<
|






<
|







316
317
318
319
320
321
322

323
324
325
326
327
328
329
330
331
332
333
334
335

336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

353
354
355
356
357
358
359

360
361
362
363
364
365
366
367
	const char *objstr = NULL;
	char buf[PEM_BUFSIZE];
	unsigned char *iv = NULL;

	if (enc != NULL) {
		objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
		if (objstr == NULL) {

			PEMerror(PEM_R_UNSUPPORTED_CIPHER);
			goto err;
		}
	}

	/* now for the fun part ... if we have a private key then
	 * we have to be able to handle a not-yet-decrypted key
	 * being written out correctly ... if it is decrypted or
	 * it is non-encrypted then we use the base code
	 */
	if (xi->x_pkey != NULL) {
		if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
			if (enc == NULL) {

				PEMerror(PEM_R_CIPHER_IS_NULL);
				goto err;
			}

			/* copy from weirdo names into more normal things */
			iv = xi->enc_cipher.iv;
			data = (unsigned char *)xi->enc_data;
			i = xi->enc_len;

			/* we take the encryption data from the
			 * internal stuff rather than what the
			 * user has passed us ... as we have to
			 * match exactly for some strange reason
			 */
			objstr = OBJ_nid2sn(
			    EVP_CIPHER_nid(xi->enc_cipher.cipher));
			if (objstr == NULL) {

				PEMerror(PEM_R_UNSUPPORTED_CIPHER);
				goto err;
			}

			/* create the right magic header stuff */
			if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
			    sizeof buf) {

				PEMerror(ASN1_R_BUFFER_TOO_SMALL);
				goto err;
			}
			buf[0] = '\0';
			PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
			PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);

			/* use the normal code to write things out */
Changes to jni/libressl/crypto/pem/pem_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_lib.c,v 1.41 2015/07/19 18:29:31 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_lib.c,v 1.44 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 * [including the GNU Public Licence.]
 */

#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>

#include <openssl/buffer.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>







<
<
<







56
57
58
59
60
61
62



63
64
65
66
67
68
69
 * [including the GNU Public Licence.]
 */

#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>




#include <openssl/opensslconf.h>

#include <openssl/buffer.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
	prompt = EVP_get_pw_prompt();
	if (prompt == NULL)
		prompt = "Enter PEM pass phrase:";

	for (;;) {
		i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
		if (i != 0) {
			PEMerr(PEM_F_PEM_DEF_CALLBACK,
			    PEM_R_PROBLEMS_GETTING_PASSWORD);
			memset(buf, 0, num);
			return (-1);
		}
		l = strlen(buf);
		if (l < MIN_LENGTH) {
			fprintf(stderr, "phrase is too short, "
			    "needs to be at least %zu chars\n",







<
|







108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
	prompt = EVP_get_pw_prompt();
	if (prompt == NULL)
		prompt = "Enter PEM pass phrase:";

	for (;;) {
		i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
		if (i != 0) {

			PEMerror(PEM_R_PROBLEMS_GETTING_PASSWORD);
			memset(buf, 0, num);
			return (-1);
		}
		l = strlen(buf);
		if (l < MIN_LENGTH) {
			fprintf(stderr, "phrase is too short, "
			    "needs to be at least %zu chars\n",
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
    pem_password_cb *cb, void *u)
{
	BIO *b;
	void *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
	BIO_free(b);
	return (ret);
}







|







171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
    pem_password_cb *cb, void *u)
{
	BIO *b;
	void *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
	BIO_free(b);
	return (ret);
}
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
	    !strcmp(name, PEM_STRING_PKCS7))
		return 1;

	if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
	    !strcmp(name, PEM_STRING_PKCS7))
		return 1;

#ifndef OPENSSL_NO_CMS
	if (!strcmp(nm, PEM_STRING_X509) &&
	    !strcmp(name, PEM_STRING_CMS))
		return 1;
	/* Allow CMS to be read from PKCS#7 headers */
	if (!strcmp(nm, PEM_STRING_PKCS7) &&
	    !strcmp(name, PEM_STRING_CMS))
		return 1;
#endif

	return 0;
}

int
PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
    const char *name, BIO *bp, pem_password_cb *cb, void *u)







<
<
<
<
<
<
<
<
<







260
261
262
263
264
265
266









267
268
269
270
271
272
273
	    !strcmp(name, PEM_STRING_PKCS7))
		return 1;

	if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
	    !strcmp(name, PEM_STRING_PKCS7))
		return 1;











	return 0;
}

int
PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
    const char *name, BIO *bp, pem_password_cb *cb, void *u)
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
    const EVP_CIPHER *enc, unsigned char *kstr, int klen,
    pem_password_cb *callback, void *u)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
	BIO_free(b);
	return (ret);
}







|







318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
    const EVP_CIPHER *enc, unsigned char *kstr, int klen,
    pem_password_cb *callback, void *u)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
	BIO_free(b);
	return (ret);
}
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
	char buf[PEM_BUFSIZE];
	unsigned char key[EVP_MAX_KEY_LENGTH];
	unsigned char iv[EVP_MAX_IV_LENGTH];

	if (enc != NULL) {
		objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
		if (objstr == NULL) {
			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
			    PEM_R_UNSUPPORTED_CIPHER);
			goto err;
		}
	}

	if ((dsize = i2d(x, NULL)) < 0) {
		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
		dsize = 0;
		goto err;
	}
	/* dzise + 8 bytes are needed */
	/* actually it needs the cipher block size extra... */
	data = malloc(dsize + 20);
	if (data == NULL) {
		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = data;
	i = i2d(x, &p);

	if (enc != NULL) {
		if (kstr == NULL) {
			if (callback == NULL)
				klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
			else
				klen = (*callback)(buf, PEM_BUFSIZE, 1, u);
			if (klen <= 0) {
				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
				    PEM_R_READ_KEY);
				goto err;
			}
			kstr = (unsigned char *)buf;
		}
		if ((size_t)enc->iv_len > sizeof(iv)) {
			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE);
			goto err;
		}
		arc4random_buf(iv, enc->iv_len); /* Generate a salt */
		/* The 'iv' is used as the iv and as a salt.  It is
		 * NOT taken from the BytesToKey function */
		if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1,
		    key, NULL))
			goto err;

		if (kstr == (unsigned char *)buf)
			explicit_bzero(buf, PEM_BUFSIZE);

		if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {
			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
			    ASN1_R_BUFFER_TOO_SMALL);
			goto err;
		}

		buf[0] = '\0';
		PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
		PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
		/* k=strlen(buf); */







<
|





|







|












<
|





|













<
|







343
344
345
346
347
348
349

350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376

377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396

397
398
399
400
401
402
403
404
	char buf[PEM_BUFSIZE];
	unsigned char key[EVP_MAX_KEY_LENGTH];
	unsigned char iv[EVP_MAX_IV_LENGTH];

	if (enc != NULL) {
		objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
		if (objstr == NULL) {

			PEMerror(PEM_R_UNSUPPORTED_CIPHER);
			goto err;
		}
	}

	if ((dsize = i2d(x, NULL)) < 0) {
		PEMerror(ERR_R_ASN1_LIB);
		dsize = 0;
		goto err;
	}
	/* dzise + 8 bytes are needed */
	/* actually it needs the cipher block size extra... */
	data = malloc(dsize + 20);
	if (data == NULL) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = data;
	i = i2d(x, &p);

	if (enc != NULL) {
		if (kstr == NULL) {
			if (callback == NULL)
				klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
			else
				klen = (*callback)(buf, PEM_BUFSIZE, 1, u);
			if (klen <= 0) {

				PEMerror(PEM_R_READ_KEY);
				goto err;
			}
			kstr = (unsigned char *)buf;
		}
		if ((size_t)enc->iv_len > sizeof(iv)) {
			PEMerror(EVP_R_IV_TOO_LARGE);
			goto err;
		}
		arc4random_buf(iv, enc->iv_len); /* Generate a salt */
		/* The 'iv' is used as the iv and as a salt.  It is
		 * NOT taken from the BytesToKey function */
		if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1,
		    key, NULL))
			goto err;

		if (kstr == (unsigned char *)buf)
			explicit_bzero(buf, PEM_BUFSIZE);

		if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {

			PEMerror(ASN1_R_BUFFER_TOO_SMALL);
			goto err;
		}

		buf[0] = '\0';
		PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
		PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
		/* k=strlen(buf); */
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
	if (cipher->cipher == NULL)
		return (1);
	if (callback == NULL)
		klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
	else
		klen = callback(buf, PEM_BUFSIZE, 0, u);
	if (klen <= 0) {
		PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
		return (0);
	}
	if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
	    (unsigned char *)buf, klen, 1, key, NULL))
		return 0;

	j = (int)len;
	EVP_CIPHER_CTX_init(&ctx);
	o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key,
	    &(cipher->iv[0]));
	if (o)
		o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
	if (o)
		o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
	EVP_CIPHER_CTX_cleanup(&ctx);
	explicit_bzero((char *)buf, sizeof(buf));
	explicit_bzero((char *)key, sizeof(key));
	if (!o) {
		PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
		return (0);
	}
	*plen = j + i;
	return (1);
}

int
PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
	const EVP_CIPHER *enc = NULL;
	char *p, c;
	char **header_pp = &header;

	cipher->cipher = NULL;
	if ((header == NULL) || (*header == '\0') || (*header == '\n'))
		return (1);
	if (strncmp(header, "Proc-Type: ", 11) != 0) {
		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
		return (0);
	}
	header += 11;
	if (*header != '4')
		return (0);
	header++;
	if (*header != ',')
		return (0);
	header++;
	if (strncmp(header, "ENCRYPTED", 9) != 0) {
		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
		return (0);
	}
	for (; (*header != '\n') && (*header != '\0'); header++)
		;
	if (*header == '\0') {
		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
		return (0);
	}
	header++;
	if (strncmp(header, "DEK-Info: ", 10) != 0) {
		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
		return (0);
	}
	header += 10;

	p = header;
	for (;;) {
		c= *header;
		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
		    ((c >= '0') && (c <= '9'))))
			break;
		header++;
	}
	*header = '\0';
	cipher->cipher = enc = EVP_get_cipherbyname(p);
	*header = c;
	header++;

	if (enc == NULL) {
		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,
		    PEM_R_UNSUPPORTED_ENCRYPTION);
		return (0);
	}
	if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
		return (0);

	return (1);
}







|


















|

















|










|





|




|


















<
|







447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531

532
533
534
535
536
537
538
539
	if (cipher->cipher == NULL)
		return (1);
	if (callback == NULL)
		klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
	else
		klen = callback(buf, PEM_BUFSIZE, 0, u);
	if (klen <= 0) {
		PEMerror(PEM_R_BAD_PASSWORD_READ);
		return (0);
	}
	if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
	    (unsigned char *)buf, klen, 1, key, NULL))
		return 0;

	j = (int)len;
	EVP_CIPHER_CTX_init(&ctx);
	o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key,
	    &(cipher->iv[0]));
	if (o)
		o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
	if (o)
		o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
	EVP_CIPHER_CTX_cleanup(&ctx);
	explicit_bzero((char *)buf, sizeof(buf));
	explicit_bzero((char *)key, sizeof(key));
	if (!o) {
		PEMerror(PEM_R_BAD_DECRYPT);
		return (0);
	}
	*plen = j + i;
	return (1);
}

int
PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
	const EVP_CIPHER *enc = NULL;
	char *p, c;
	char **header_pp = &header;

	cipher->cipher = NULL;
	if ((header == NULL) || (*header == '\0') || (*header == '\n'))
		return (1);
	if (strncmp(header, "Proc-Type: ", 11) != 0) {
		PEMerror(PEM_R_NOT_PROC_TYPE);
		return (0);
	}
	header += 11;
	if (*header != '4')
		return (0);
	header++;
	if (*header != ',')
		return (0);
	header++;
	if (strncmp(header, "ENCRYPTED", 9) != 0) {
		PEMerror(PEM_R_NOT_ENCRYPTED);
		return (0);
	}
	for (; (*header != '\n') && (*header != '\0'); header++)
		;
	if (*header == '\0') {
		PEMerror(PEM_R_SHORT_HEADER);
		return (0);
	}
	header++;
	if (strncmp(header, "DEK-Info: ", 10) != 0) {
		PEMerror(PEM_R_NOT_DEK_INFO);
		return (0);
	}
	header += 10;

	p = header;
	for (;;) {
		c= *header;
		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
		    ((c >= '0') && (c <= '9'))))
			break;
		header++;
	}
	*header = '\0';
	cipher->cipher = enc = EVP_get_cipherbyname(p);
	*header = c;
	header++;

	if (enc == NULL) {

		PEMerror(PEM_R_UNSUPPORTED_ENCRYPTION);
		return (0);
	}
	if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
		return (0);

	return (1);
}
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
		if ((*from >= '0') && (*from <= '9'))
			v = *from - '0';
		else if ((*from >= 'A') && (*from <= 'F'))
			v = *from - 'A' + 10;
		else if ((*from >= 'a') && (*from <= 'f'))
			v = *from - 'a' + 10;
		else {
			PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
			return (0);
		}
		from++;
		to[i / 2] |= v << (long)((!(i & 1)) * 4);
	}

	*fromp = from;
	return (1);
}

int
PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_write_bio(b, name, header, data, len);
	BIO_free(b);
	return (ret);
}







|

















|







552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
		if ((*from >= '0') && (*from <= '9'))
			v = *from - '0';
		else if ((*from >= 'A') && (*from <= 'F'))
			v = *from - 'A' + 10;
		else if ((*from >= 'a') && (*from <= 'f'))
			v = *from - 'a' + 10;
		else {
			PEMerror(PEM_R_BAD_IV_CHARS);
			return (0);
		}
		from++;
		to[i / 2] |= v << (long)((!(i & 1)) * 4);
	}

	*fromp = from;
	return (1);
}

int
PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_write_bio(b, name, header, data, len);
	BIO_free(b);
	return (ret);
}
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
	return (i + outl);

err:
	if (buf) {
		explicit_bzero(buf, PEM_BUFSIZE * 8);
		free(buf);
	}
	PEMerr(PEM_F_PEM_WRITE_BIO, reason);
	return (0);
}

int
PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_read_bio(b, name, header, data, len);
	BIO_free(b);
	return (ret);
}







|










|







636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
	return (i + outl);

err:
	if (buf) {
		explicit_bzero(buf, PEM_BUFSIZE * 8);
		free(buf);
	}
	PEMerror(reason);
	return (0);
}

int
PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_read_bio(b, name, header, data, len);
	BIO_free(b);
	return (ret);
}
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
	nameB = BUF_MEM_new();
	headerB = BUF_MEM_new();
	dataB = BUF_MEM_new();
	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
		BUF_MEM_free(nameB);
		BUF_MEM_free(headerB);
		BUF_MEM_free(dataB);
		PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
		return (0);
	}

	buf[254] = '\0';
	for (;;) {
		i = BIO_gets(bp, buf, 254);

		if (i <= 0) {
			PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
			goto err;
		}

		while ((i >= 0) && (buf[i] <= ' '))
			i--;
		buf[++i] = '\n';
		buf[++i] = '\0';

		if (strncmp(buf, "-----BEGIN ", 11) == 0) {
			i = strlen(&(buf[11]));

			if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
				continue;
			if (!BUF_MEM_grow(nameB, i + 9)) {
				PEMerr(PEM_F_PEM_READ_BIO,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			memcpy(nameB->data, &(buf[11]), i - 6);
			nameB->data[i - 6] = '\0';
			break;
		}
	}
	hl = 0;
	if (!BUF_MEM_grow(headerB, 256)) {
		PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	headerB->data[0] = '\0';
	for (;;) {
		i = BIO_gets(bp, buf, 254);
		if (i <= 0)
			break;

		while ((i >= 0) && (buf[i] <= ' '))
			i--;
		buf[++i] = '\n';
		buf[++i] = '\0';

		if (buf[0] == '\n')
			break;
		if (!BUF_MEM_grow(headerB, hl + i + 9)) {
			PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (strncmp(buf, "-----END ", 9) == 0) {
			nohead = 1;
			break;
		}
		memcpy(&(headerB->data[hl]), buf, i);
		headerB->data[hl + i] = '\0';
		hl += i;
	}

	bl = 0;
	if (!BUF_MEM_grow(dataB, 1024)) {
		PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	dataB->data[0] = '\0';
	if (!nohead) {
		for (;;) {
			i = BIO_gets(bp, buf, 254);
			if (i <= 0)







|








|














<
|









|
















|













|







674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704

705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
	nameB = BUF_MEM_new();
	headerB = BUF_MEM_new();
	dataB = BUF_MEM_new();
	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
		BUF_MEM_free(nameB);
		BUF_MEM_free(headerB);
		BUF_MEM_free(dataB);
		PEMerror(ERR_R_MALLOC_FAILURE);
		return (0);
	}

	buf[254] = '\0';
	for (;;) {
		i = BIO_gets(bp, buf, 254);

		if (i <= 0) {
			PEMerror(PEM_R_NO_START_LINE);
			goto err;
		}

		while ((i >= 0) && (buf[i] <= ' '))
			i--;
		buf[++i] = '\n';
		buf[++i] = '\0';

		if (strncmp(buf, "-----BEGIN ", 11) == 0) {
			i = strlen(&(buf[11]));

			if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
				continue;
			if (!BUF_MEM_grow(nameB, i + 9)) {

				PEMerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			memcpy(nameB->data, &(buf[11]), i - 6);
			nameB->data[i - 6] = '\0';
			break;
		}
	}
	hl = 0;
	if (!BUF_MEM_grow(headerB, 256)) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	headerB->data[0] = '\0';
	for (;;) {
		i = BIO_gets(bp, buf, 254);
		if (i <= 0)
			break;

		while ((i >= 0) && (buf[i] <= ' '))
			i--;
		buf[++i] = '\n';
		buf[++i] = '\0';

		if (buf[0] == '\n')
			break;
		if (!BUF_MEM_grow(headerB, hl + i + 9)) {
			PEMerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (strncmp(buf, "-----END ", 9) == 0) {
			nohead = 1;
			break;
		}
		memcpy(&(headerB->data[hl]), buf, i);
		headerB->data[hl + i] = '\0';
		hl += i;
	}

	bl = 0;
	if (!BUF_MEM_grow(dataB, 1024)) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	dataB->data[0] = '\0';
	if (!nohead) {
		for (;;) {
			i = BIO_gets(bp, buf, 254);
			if (i <= 0)
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
			if (i != 65)
				end = 1;
			if (strncmp(buf, "-----END ", 9) == 0)
				break;
			if (i > 65)
				break;
			if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
				PEMerr(PEM_F_PEM_READ_BIO,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			memcpy(&(dataB->data[bl]), buf, i);
			dataB->data[bl + i] = '\0';
			bl += i;
			if (end) {
				buf[0] = '\0';







<
|







761
762
763
764
765
766
767

768
769
770
771
772
773
774
775
			if (i != 65)
				end = 1;
			if (strncmp(buf, "-----END ", 9) == 0)
				break;
			if (i > 65)
				break;
			if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {

				PEMerror(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			memcpy(&(dataB->data[bl]), buf, i);
			dataB->data[bl + i] = '\0';
			bl += i;
			if (end) {
				buf[0] = '\0';
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
		dataB = tmpB;
		bl = hl;
	}
	i = strlen(nameB->data);
	if ((strncmp(buf, "-----END ", 9) != 0) ||
	    (strncmp(nameB->data, &(buf[9]), i) != 0) ||
	    (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
		PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
		goto err;
	}

	EVP_DecodeInit(&ctx);
	i = EVP_DecodeUpdate(&ctx,
	    (unsigned char *)dataB->data, &bl,
	    (unsigned char *)dataB->data, bl);
	if (i < 0) {
		PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
		goto err;
	}
	i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
	if (i < 0) {
		PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
		goto err;
	}
	bl += k;

	if (bl == 0)
		goto err;
	*name = nameB->data;







|








|




|







791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
		dataB = tmpB;
		bl = hl;
	}
	i = strlen(nameB->data);
	if ((strncmp(buf, "-----END ", 9) != 0) ||
	    (strncmp(nameB->data, &(buf[9]), i) != 0) ||
	    (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
		PEMerror(PEM_R_BAD_END_LINE);
		goto err;
	}

	EVP_DecodeInit(&ctx);
	i = EVP_DecodeUpdate(&ctx,
	    (unsigned char *)dataB->data, &bl,
	    (unsigned char *)dataB->data, bl);
	if (i < 0) {
		PEMerror(PEM_R_BAD_BASE64_DECODE);
		goto err;
	}
	i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
	if (i < 0) {
		PEMerror(PEM_R_BAD_BASE64_DECODE);
		goto err;
	}
	bl += k;

	if (bl == 0)
		goto err;
	*name = nameB->data;
Changes to jni/libressl/crypto/pem/pem_oth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_oth.c,v 1.6 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_oth.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
77
78
79
80
81
82
83
84
85
86
87
	char *ret = NULL;

	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
		return NULL;
	p = data;
	ret = d2i(x, &p, len);
	if (ret == NULL)
		PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
	free(data);
	return (ret);
}







|



77
78
79
80
81
82
83
84
85
86
87
	char *ret = NULL;

	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
		return NULL;
	p = data;
	ret = d2i(x, &p, len);
	if (ret == NULL)
		PEMerror(ERR_R_ASN1_LIB);
	free(data);
	return (ret);
}
Changes to jni/libressl/crypto/pem/pem_pk8.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_pk8.c,v 1.9 2014/10/18 17:20:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_pk8.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
{
	X509_SIG *p8;
	PKCS8_PRIV_KEY_INFO *p8inf;
	char buf[PEM_BUFSIZE];
	int ret;

	if (!(p8inf = EVP_PKEY2PKCS8(x))) {
		PEMerr(PEM_F_DO_PK8PKEY,
		    PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
		return 0;
	}
	if (enc || (nid != -1)) {
		if (!kstr) {
			if (!cb)
				klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
			else
				klen = cb(buf, PEM_BUFSIZE, 1, u);
			if (klen <= 0) {
				PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
				PKCS8_PRIV_KEY_INFO_free(p8inf);
				return 0;
			}

			kstr = buf;
		}
		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);







<
|









|







112
113
114
115
116
117
118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
{
	X509_SIG *p8;
	PKCS8_PRIV_KEY_INFO *p8inf;
	char buf[PEM_BUFSIZE];
	int ret;

	if (!(p8inf = EVP_PKEY2PKCS8(x))) {

		PEMerror(PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
		return 0;
	}
	if (enc || (nid != -1)) {
		if (!kstr) {
			if (!cb)
				klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
			else
				klen = cb(buf, PEM_BUFSIZE, 1, u);
			if (klen <= 0) {
				PEMerror(PEM_R_READ_KEY);
				PKCS8_PRIV_KEY_INFO_free(p8inf);
				return 0;
			}

			kstr = buf;
		}
		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
	if (!p8)
		return NULL;
	if (cb)
		klen = cb(psbuf, PEM_BUFSIZE, 0, u);
	else
		klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
	if (klen <= 0) {
		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
		X509_SIG_free(p8);
		return NULL;
	}
	p8inf = PKCS8_decrypt(p8, psbuf, klen);
	X509_SIG_free(p8);
	if (!p8inf)
		return NULL;







|







166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
	if (!p8)
		return NULL;
	if (cb)
		klen = cb(psbuf, PEM_BUFSIZE, 0, u);
	else
		klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
	if (klen <= 0) {
		PEMerror(PEM_R_BAD_PASSWORD_READ);
		X509_SIG_free(p8);
		return NULL;
	}
	p8inf = PKCS8_decrypt(p8, psbuf, klen);
	X509_SIG_free(p8);
	if (!p8inf)
		return NULL;
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252


253
254



























255










256












do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
    char *kstr, int klen, pem_password_cb *cb, void *u)
{
	BIO *bp;
	int ret;

	if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
		return (0);
	}
	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
	BIO_free(bp);
	return ret;
}

EVP_PKEY *
d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	BIO *bp;
	EVP_PKEY *ret;

	if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
		return NULL;
	}
	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
	BIO_free(bp);
	return ret;
}




IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)



























IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,










    PKCS8_PRIV_KEY_INFO)



















|














|







>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
    char *kstr, int klen, pem_password_cb *cb, void *u)
{
	BIO *bp;
	int ret;

	if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
	BIO_free(bp);
	return ret;
}

EVP_PKEY *
d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	BIO *bp;
	EVP_PKEY *ret;

	if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
		PEMerror(ERR_R_BUF_LIB);
		return NULL;
	}
	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
	BIO_free(bp);
	return ret;
}

X509_SIG *
PEM_read_PKCS8(FILE *fp, X509_SIG **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_X509_SIG, PEM_STRING_PKCS8, fp,
	    (void **)x, cb, u);
}

int
PEM_write_PKCS8(FILE *fp, X509_SIG *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509_SIG, PEM_STRING_PKCS8, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509_SIG *
PEM_read_bio_PKCS8(BIO *bp, X509_SIG **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_SIG, PEM_STRING_PKCS8, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_PKCS8(BIO *bp, X509_SIG *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_SIG, PEM_STRING_PKCS8, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

PKCS8_PRIV_KEY_INFO *
PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, fp,
	    (void **)x, cb, u);
}

int
PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

PKCS8_PRIV_KEY_INFO *
PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}
Changes to jni/libressl/crypto/pem/pem_pkey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_pkey.c,v 1.20 2015/02/11 03:19:37 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_pkey.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
		if (!p8)
			goto p8err;
		if (cb)
			klen = cb(psbuf, PEM_BUFSIZE, 0, u);
		else
			klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
		if (klen <= 0) {
			PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
			    PEM_R_BAD_PASSWORD_READ);
			X509_SIG_free(p8);
			goto err;
		}
		p8inf = PKCS8_decrypt(p8, psbuf, klen);
		X509_SIG_free(p8);
		if (!p8inf)
			goto p8err;







<
|







112
113
114
115
116
117
118

119
120
121
122
123
124
125
126
		if (!p8)
			goto p8err;
		if (cb)
			klen = cb(psbuf, PEM_BUFSIZE, 0, u);
		else
			klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
		if (klen <= 0) {

			PEMerror(PEM_R_BAD_PASSWORD_READ);
			X509_SIG_free(p8);
			goto err;
		}
		p8inf = PKCS8_decrypt(p8, psbuf, klen);
		X509_SIG_free(p8);
		if (!p8inf)
			goto p8err;
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
		if (!ameth || !ameth->old_priv_decode)
			goto p8err;
		ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
	}

p8err:
	if (ret == NULL)
		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
err:
	free(nm);
	explicit_bzero(data, len);
	free(data);
	return (ret);
}








|







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
		if (!ameth || !ameth->old_priv_decode)
			goto p8err;
		ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
	}

p8err:
	if (ret == NULL)
		PEMerror(ERR_R_ASN1_LIB);
err:
	free(nm);
	explicit_bzero(data, len);
	free(data);
	return (ret);
}

195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
			EVP_PKEY_free(*x);
			*x = ret;
		}
	}

err:
	if (ret == NULL)
		PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
	free(nm);
	free(data);
	return (ret);
}

int
PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)







|







194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
			EVP_PKEY_free(*x);
			*x = ret;
		}
	}

err:
	if (ret == NULL)
		PEMerror(ERR_R_ASN1_LIB);
	free(nm);
	free(data);
	return (ret);
}

int
PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
EVP_PKEY *
PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	BIO *b;
	EVP_PKEY *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_read_bio_PrivateKey(b, x, cb, u);
	BIO_free(b);
	return (ret);
}

int
PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
{
	BIO *b;
	int ret;

	if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
		PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
		return 0;
	}
	ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
	BIO_free(b);
	return ret;
}








|
















|







221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
EVP_PKEY *
PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	BIO *b;
	EVP_PKEY *ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = PEM_read_bio_PrivateKey(b, x, cb, u);
	BIO_free(b);
	return (ret);
}

int
PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
{
	BIO *b;
	int ret;

	if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
		PEMerror(ERR_R_BUF_LIB);
		return 0;
	}
	ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
	BIO_free(b);
	return ret;
}

Changes to jni/libressl/crypto/pem/pem_seal.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_seal.c,v 1.21 2014/10/18 17:20:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_seal.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74








75
76
77
78
79
80
81
82
83
84








85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

121


122
123
124
125
126
127
128
129
130
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>	/* for OPENSSL_NO_RSA */

#ifndef OPENSSL_NO_RSA

#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>









int
PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
    unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
{
	unsigned char key[EVP_MAX_KEY_LENGTH];
	int ret = -1;
	int i, j, max = 0;
	char *s = NULL;









	for (i = 0; i < npubk; i++) {
		if (pubk[i]->type != EVP_PKEY_RSA) {
			PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
			goto err;
		}
		j = RSA_size(pubk[i]->pkey.rsa);
		if (j > max)
			max = j;
	}
	s = reallocarray(NULL, max, 2);
	if (s == NULL) {
		PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	EVP_EncodeInit(&ctx->encode);

	EVP_MD_CTX_init(&ctx->md);
	if (!EVP_SignInit(&ctx->md, md_type))
		goto err;

	EVP_CIPHER_CTX_init(&ctx->cipher);
	ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
	if (ret <= 0)
		goto err;

	/* base64 encode the keys */
	for (i = 0; i < npubk; i++) {
		j = EVP_EncodeBlock((unsigned char *)s, ek[i],
		    RSA_size(pubk[i]->pkey.rsa));
		ekl[i] = j;
		memcpy(ek[i], s, j + 1);
	}

	ret = npubk;


err:


	free(s);
	explicit_bzero(key, EVP_MAX_KEY_LENGTH);
	return (ret);
}

void
PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
    unsigned char *in, int inl)
{







<
<
<











>
>
>
>
>
>
>
>










>
>
>
>
>
>
>
>


|








|



<
<
<



<














>

>
>

|







54
55
56
57
58
59
60



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112



113
114
115

116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>




#include <openssl/opensslconf.h>	/* for OPENSSL_NO_RSA */

#ifndef OPENSSL_NO_RSA

#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>

static void
PEM_ENCODE_SEAL_CTX_cleanup(PEM_ENCODE_SEAL_CTX *ctx)
{
	EVP_CIPHER_CTX_cleanup(&ctx->cipher);
	EVP_MD_CTX_cleanup(&ctx->md);
	explicit_bzero(&ctx->encode, sizeof(ctx->encode));
}

int
PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
    unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
{
	unsigned char key[EVP_MAX_KEY_LENGTH];
	int ret = -1;
	int i, j, max = 0;
	char *s = NULL;

	/*
	 * Make sure ctx is properly initialized so that we can always pass
	 * it to PEM_ENCODE_SEAL_CTX_cleanup() in the error path.
	 */
	EVP_EncodeInit(&ctx->encode);
	EVP_MD_CTX_init(&ctx->md);
	EVP_CIPHER_CTX_init(&ctx->cipher);

	for (i = 0; i < npubk; i++) {
		if (pubk[i]->type != EVP_PKEY_RSA) {
			PEMerror(PEM_R_PUBLIC_KEY_NO_RSA);
			goto err;
		}
		j = RSA_size(pubk[i]->pkey.rsa);
		if (j > max)
			max = j;
	}
	s = reallocarray(NULL, max, 2);
	if (s == NULL) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}




	if (!EVP_SignInit(&ctx->md, md_type))
		goto err;


	ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
	if (ret <= 0)
		goto err;

	/* base64 encode the keys */
	for (i = 0; i < npubk; i++) {
		j = EVP_EncodeBlock((unsigned char *)s, ek[i],
		    RSA_size(pubk[i]->pkey.rsa));
		ekl[i] = j;
		memcpy(ek[i], s, j + 1);
	}

	ret = npubk;

	if (0) {
err:
		PEM_ENCODE_SEAL_CTX_cleanup(ctx);
	}
	free(s);
	explicit_bzero(key, sizeof(key));
	return (ret);
}

void
PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
    unsigned char *in, int inl)
{
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
    unsigned char *out, int *outl, EVP_PKEY *priv)
{
	unsigned char *s = NULL;
	int ret = 0, j;
	unsigned int i;

	if (priv->type != EVP_PKEY_RSA) {
		PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
		goto err;
	}
	i = RSA_size(priv->pkey.rsa);
	if (i < 100)
		i = 100;
	s = reallocarray(NULL, i, 2);
	if (s == NULL) {
		PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
		goto err;
	EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
	*outl = j;
	out += j;
	EVP_EncodeFinal(&ctx->encode, out, &j);
	*outl += j;

	if (!EVP_SignFinal(&ctx->md, s, &i, priv))
		goto err;
	*sigl = EVP_EncodeBlock(sig, s, i);

	ret = 1;

err:
	EVP_MD_CTX_cleanup(&ctx->md);
	EVP_CIPHER_CTX_cleanup(&ctx->cipher);
	free(s);
	return (ret);
}
#endif







|







|


















|
<




166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

201
202
203
204
    unsigned char *out, int *outl, EVP_PKEY *priv)
{
	unsigned char *s = NULL;
	int ret = 0, j;
	unsigned int i;

	if (priv->type != EVP_PKEY_RSA) {
		PEMerror(PEM_R_PUBLIC_KEY_NO_RSA);
		goto err;
	}
	i = RSA_size(priv->pkey.rsa);
	if (i < 100)
		i = 100;
	s = reallocarray(NULL, i, 2);
	if (s == NULL) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
		goto err;
	EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
	*outl = j;
	out += j;
	EVP_EncodeFinal(&ctx->encode, out, &j);
	*outl += j;

	if (!EVP_SignFinal(&ctx->md, s, &i, priv))
		goto err;
	*sigl = EVP_EncodeBlock(sig, s, i);

	ret = 1;

err:
	PEM_ENCODE_SEAL_CTX_cleanup(ctx);

	free(s);
	return (ret);
}
#endif
Changes to jni/libressl/crypto/pem/pem_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_sign.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_sign.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
{
	unsigned char *m;
	int i, ret = 0;
	unsigned int m_len;

	m = malloc(EVP_PKEY_size(pkey) + 2);
	if (m == NULL) {
		PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
		goto err;

	i = EVP_EncodeBlock(sigret, m, m_len);







|







83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
{
	unsigned char *m;
	int i, ret = 0;
	unsigned int m_len;

	m = malloc(EVP_PKEY_size(pkey) + 2);
	if (m == NULL) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
		goto err;

	i = EVP_EncodeBlock(sigret, m, m_len);
Changes to jni/libressl/crypto/pem/pem_x509.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_x509.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_x509.c,v 1.8 2016/09/04 16:10:38 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
60
61
62
63
64
65
66




67
























#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/x509.h>





IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)






























>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/x509.h>


X509 *
PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_X509, PEM_STRING_X509, fp,
	    (void **)x, cb, u);
}

int
PEM_write_X509(FILE *fp, X509 *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509, PEM_STRING_X509, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509 *
PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509, PEM_STRING_X509, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_X509(BIO *bp, X509 *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509, PEM_STRING_X509, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}
Changes to jni/libressl/crypto/pem/pem_xaux.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pem_xaux.c,v 1.6 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem_xaux.c,v 1.9 2016/09/04 16:10:38 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
60
61
62
63
64
65
66




67



























68










69













#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/x509.h>





IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)



























IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR,










    X509_CERT_PAIR)



















>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/x509.h>


X509 *
PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_X509_AUX, PEM_STRING_X509_TRUSTED, fp,
	    (void **)x, cb, u);
}

int
PEM_write_X509_AUX(FILE *fp, X509 *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509_AUX, PEM_STRING_X509_TRUSTED, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509 *
PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_AUX, PEM_STRING_X509_TRUSTED, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_X509_AUX(BIO *bp, X509 *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_AUX, PEM_STRING_X509_TRUSTED, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509_CERT_PAIR *
PEM_read_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp,
	    (void **)x, cb, u);
}

int
PEM_write_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp,
	    x, NULL, NULL, 0, NULL, NULL);
}

X509_CERT_PAIR *
PEM_read_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp,
	    (void **)x, cb, u);
}

int
PEM_write_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp,
	    x, NULL, NULL, 0, NULL, NULL);
}
Changes to jni/libressl/crypto/pem/pvkfmt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pvkfmt.c,v 1.15 2016/03/02 05:02:35 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pvkfmt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
68
69
70
71
72
73
74


75
76
77
78
79
80
81
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>

#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
#include <openssl/dsa.h>
#include <openssl/rsa.h>



/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
 * format
 */

static unsigned int
read_ledword(const unsigned char **in)







>
>







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>

#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
#include <openssl/dsa.h>
#include <openssl/rsa.h>

#include "bn_lcl.h"

/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
 * format
 */

static unsigned int
read_ledword(const unsigned char **in)
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
	const unsigned char *p = *in;

	if (length < 16)
		return 0;
	/* bType */
	if (*p == MS_PUBLICKEYBLOB) {
		if (*pispub == 0) {
			PEMerr(PEM_F_DO_BLOB_HEADER,
			    PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
			return 0;
		}
		*pispub = 1;
	} else if (*p == MS_PRIVATEKEYBLOB) {
		if (*pispub == 1) {
			PEMerr(PEM_F_DO_BLOB_HEADER,
			    PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
			return 0;
		}
		*pispub = 0;
	} else
		return 0;
	p++;
	/* Version */
	if (*p++ != 0x2) {
		PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
		return 0;
	}
	/* Ignore reserved, aiKeyAlg */
	p += 6;
	*pmagic = read_ledword(&p);
	*pbitlen = read_ledword(&p);
	if (*pbitlen > 65536) {
		PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_INCONSISTENT_HEADER);
		return 0;
	}
	*pisdss = 0;
	switch (*pmagic) {

	case MS_DSS1MAGIC:
		*pisdss = 1;
	case MS_RSA1MAGIC:
		if (*pispub == 0) {
			PEMerr(PEM_F_DO_BLOB_HEADER,
			    PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
			return 0;
		}
		break;

	case MS_DSS2MAGIC:
		*pisdss = 1;
	case MS_RSA2MAGIC:
		if (*pispub == 1) {
			PEMerr(PEM_F_DO_BLOB_HEADER,
			    PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
			return 0;
		}
		break;

	default:
		PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
		return -1;
	}
	*in = p;
	return 1;
}

static unsigned int







<
|





<
|








|







|









<
|








<
|





|







153
154
155
156
157
158
159

160
161
162
163
164
165

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

193
194
195
196
197
198
199
200
201

202
203
204
205
206
207
208
209
210
211
212
213
214
215
	const unsigned char *p = *in;

	if (length < 16)
		return 0;
	/* bType */
	if (*p == MS_PUBLICKEYBLOB) {
		if (*pispub == 0) {

			PEMerror(PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
			return 0;
		}
		*pispub = 1;
	} else if (*p == MS_PRIVATEKEYBLOB) {
		if (*pispub == 1) {

			PEMerror(PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
			return 0;
		}
		*pispub = 0;
	} else
		return 0;
	p++;
	/* Version */
	if (*p++ != 0x2) {
		PEMerror(PEM_R_BAD_VERSION_NUMBER);
		return 0;
	}
	/* Ignore reserved, aiKeyAlg */
	p += 6;
	*pmagic = read_ledword(&p);
	*pbitlen = read_ledword(&p);
	if (*pbitlen > 65536) {
		PEMerror(PEM_R_INCONSISTENT_HEADER);
		return 0;
	}
	*pisdss = 0;
	switch (*pmagic) {

	case MS_DSS1MAGIC:
		*pisdss = 1;
	case MS_RSA1MAGIC:
		if (*pispub == 0) {

			PEMerror(PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
			return 0;
		}
		break;

	case MS_DSS2MAGIC:
		*pisdss = 1;
	case MS_RSA2MAGIC:
		if (*pispub == 1) {

			PEMerror(PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
			return 0;
		}
		break;

	default:
		PEMerror(PEM_R_BAD_MAGIC_NUMBER);
		return -1;
	}
	*in = p;
	return 1;
}

static unsigned int
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
do_b2i(const unsigned char **in, unsigned int length, int ispub)
{
	const unsigned char *p = *in;
	unsigned int bitlen, magic;
	int isdss;

	if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
		PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
		return NULL;
	}
	length -= 16;
	if (length < blob_length(bitlen, isdss, ispub)) {
		PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
		return NULL;
	}
	if (isdss)
		return b2i_dss(&p, length, bitlen, ispub);
	else
		return b2i_rsa(&p, length, bitlen, ispub);
}

static EVP_PKEY *
do_b2i_bio(BIO *in, int ispub)
{
	const unsigned char *p;
	unsigned char hdr_buf[16], *buf = NULL;
	unsigned int bitlen, magic, length;
	int isdss;
	EVP_PKEY *ret = NULL;

	if (BIO_read(in, hdr_buf, 16) != 16) {
		PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
		return NULL;
	}
	p = hdr_buf;
	if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
		return NULL;

	length = blob_length(bitlen, isdss, ispub);
	buf = malloc(length);
	if (!buf) {
		PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = buf;
	if (BIO_read(in, buf, length) != (int)length) {
		PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
		goto err;
	}

	if (isdss)
		ret = b2i_dss(&p, length, bitlen, ispub);
	else
		ret = b2i_rsa(&p, length, bitlen, ispub);







|




|


















|









|




|







248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
do_b2i(const unsigned char **in, unsigned int length, int ispub)
{
	const unsigned char *p = *in;
	unsigned int bitlen, magic;
	int isdss;

	if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
		PEMerror(PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
		return NULL;
	}
	length -= 16;
	if (length < blob_length(bitlen, isdss, ispub)) {
		PEMerror(PEM_R_KEYBLOB_TOO_SHORT);
		return NULL;
	}
	if (isdss)
		return b2i_dss(&p, length, bitlen, ispub);
	else
		return b2i_rsa(&p, length, bitlen, ispub);
}

static EVP_PKEY *
do_b2i_bio(BIO *in, int ispub)
{
	const unsigned char *p;
	unsigned char hdr_buf[16], *buf = NULL;
	unsigned int bitlen, magic, length;
	int isdss;
	EVP_PKEY *ret = NULL;

	if (BIO_read(in, hdr_buf, 16) != 16) {
		PEMerror(PEM_R_KEYBLOB_TOO_SHORT);
		return NULL;
	}
	p = hdr_buf;
	if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
		return NULL;

	length = blob_length(bitlen, isdss, ispub);
	buf = malloc(length);
	if (!buf) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = buf;
	if (BIO_read(in, buf, length) != (int)length) {
		PEMerror(PEM_R_KEYBLOB_TOO_SHORT);
		goto err;
	}

	if (isdss)
		ret = b2i_dss(&p, length, bitlen, ispub);
	else
		ret = b2i_rsa(&p, length, bitlen, ispub);
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
		if (!read_lebn(&p, 20, &dsa->priv_key))
			goto memerr;
		/* Calculate public key */
		if (!(dsa->pub_key = BN_new()))
			goto memerr;
		if (!(ctx = BN_CTX_new()))
			goto memerr;
		if (!BN_mod_exp(dsa->pub_key, dsa->g,
		    dsa->priv_key, dsa->p, ctx))
			goto memerr;
		BN_CTX_free(ctx);
	}

	EVP_PKEY_set1_DSA(ret, dsa);
	DSA_free(dsa);
	*in = p;
	return ret;

memerr:
	PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
	DSA_free(dsa);
	EVP_PKEY_free(ret);
	BN_CTX_free(ctx);
	return NULL;
}

static EVP_PKEY *







|











|







334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
		if (!read_lebn(&p, 20, &dsa->priv_key))
			goto memerr;
		/* Calculate public key */
		if (!(dsa->pub_key = BN_new()))
			goto memerr;
		if (!(ctx = BN_CTX_new()))
			goto memerr;
		if (!BN_mod_exp_ct(dsa->pub_key, dsa->g,
		    dsa->priv_key, dsa->p, ctx))
			goto memerr;
		BN_CTX_free(ctx);
	}

	EVP_PKEY_set1_DSA(ret, dsa);
	DSA_free(dsa);
	*in = p;
	return ret;

memerr:
	PEMerror(ERR_R_MALLOC_FAILURE);
	DSA_free(dsa);
	EVP_PKEY_free(ret);
	BN_CTX_free(ctx);
	return NULL;
}

static EVP_PKEY *
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412

	EVP_PKEY_set1_RSA(ret, rsa);
	RSA_free(rsa);
	*in = p;
	return ret;

memerr:
	PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
	RSA_free(rsa);
	EVP_PKEY_free(ret);
	return NULL;
}

EVP_PKEY *
b2i_PrivateKey(const unsigned char **in, long length)







|







396
397
398
399
400
401
402
403
404
405
406
407
408
409
410

	EVP_PKEY_set1_RSA(ret, rsa);
	RSA_free(rsa);
	*in = p;
	return ret;

memerr:
	PEMerror(ERR_R_MALLOC_FAILURE);
	RSA_free(rsa);
	EVP_PKEY_free(ret);
	return NULL;
}

EVP_PKEY *
b2i_PrivateKey(const unsigned char **in, long length)
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
			goto badkey;
		*pmagic = MS_DSS2MAGIC;
	}

	return bitlen;

badkey:
	PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
	return 0;
}

static int
check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
	int nbyte, hnbyte, bitlen;







|







558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
			goto badkey;
		*pmagic = MS_DSS2MAGIC;
	}

	return bitlen;

badkey:
	PEMerror(PEM_R_UNSUPPORTED_KEY_COMPONENTS);
	return 0;
}

static int
check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
	int nbyte, hnbyte, bitlen;
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
		    (BN_num_bytes(rsa->dmp1) > hnbyte) ||
		    (BN_num_bytes(rsa->dmq1) > hnbyte))
			goto badkey;
	}
	return bitlen;

badkey:
	PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
	return 0;
}

static void
write_rsa(unsigned char **out, RSA *rsa, int ispub)
{
	int nbyte, hnbyte;







|







592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
		    (BN_num_bytes(rsa->dmp1) > hnbyte) ||
		    (BN_num_bytes(rsa->dmq1) > hnbyte))
			goto badkey;
	}
	return bitlen;

badkey:
	PEMerror(PEM_R_UNSUPPORTED_KEY_COMPONENTS);
	return 0;
}

static void
write_rsa(unsigned char **out, RSA *rsa, int ispub)
{
	int nbyte, hnbyte;
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
    unsigned int *psaltlen, unsigned int *pkeylen)
{
	const unsigned char *p = *in;
	unsigned int pvk_magic, is_encrypted;

	if (skip_magic) {
		if (length < 20) {
			PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
			return 0;
		}
		length -= 20;
	} else {
		if (length < 24) {
			PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
			return 0;
		}
		length -= 24;
		pvk_magic = read_ledword(&p);
		if (pvk_magic != MS_PVKMAGIC) {
			PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
			return 0;
		}
	}
	/* Skip reserved */
	p += 4;
	/*keytype = */read_ledword(&p);
	is_encrypted = read_ledword(&p);
	*psaltlen = read_ledword(&p);
	*pkeylen = read_ledword(&p);
	if (*psaltlen > 65536 || *pkeylen > 65536) {
		PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
		return 0;
	}

	if (is_encrypted && !*psaltlen) {
		PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
		return 0;
	}

	*in = p;
	return 1;
}








|





|





|










|




|







657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
    unsigned int *psaltlen, unsigned int *pkeylen)
{
	const unsigned char *p = *in;
	unsigned int pvk_magic, is_encrypted;

	if (skip_magic) {
		if (length < 20) {
			PEMerror(PEM_R_PVK_TOO_SHORT);
			return 0;
		}
		length -= 20;
	} else {
		if (length < 24) {
			PEMerror(PEM_R_PVK_TOO_SHORT);
			return 0;
		}
		length -= 24;
		pvk_magic = read_ledword(&p);
		if (pvk_magic != MS_PVKMAGIC) {
			PEMerror(PEM_R_BAD_MAGIC_NUMBER);
			return 0;
		}
	}
	/* Skip reserved */
	p += 4;
	/*keytype = */read_ledword(&p);
	is_encrypted = read_ledword(&p);
	*psaltlen = read_ledword(&p);
	*pkeylen = read_ledword(&p);
	if (*psaltlen > 65536 || *pkeylen > 65536) {
		PEMerror(PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
		return 0;
	}

	if (is_encrypted && !*psaltlen) {
		PEMerror(PEM_R_INCONSISTENT_HEADER);
		return 0;
	}

	*in = p;
	return 1;
}

734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
		int enctmplen, inlen;

		if (cb)
			inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
		else
			inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
		if (inlen <= 0) {
			PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
			goto err;
		}
		enctmp = malloc(keylen + 8);
		if (!enctmp) {
			PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf,
		    inlen)) {
			goto err;
		}
		p += saltlen;
		/* Copy BLOBHEADER across, decrypt rest */
		memcpy(enctmp, p, 8);
		p += 8;
		if (keylen < 8) {
			PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
			goto err;
		}
		inlen = keylen - 8;
		q = enctmp + 8;
		if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
			goto err;
		if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))







|




|











|







732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
		int enctmplen, inlen;

		if (cb)
			inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
		else
			inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
		if (inlen <= 0) {
			PEMerror(PEM_R_BAD_PASSWORD_READ);
			goto err;
		}
		enctmp = malloc(keylen + 8);
		if (!enctmp) {
			PEMerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf,
		    inlen)) {
			goto err;
		}
		p += saltlen;
		/* Copy BLOBHEADER across, decrypt rest */
		memcpy(enctmp, p, 8);
		p += 8;
		if (keylen < 8) {
			PEMerror(PEM_R_PVK_TOO_SHORT);
			goto err;
		}
		inlen = keylen - 8;
		q = enctmp + 8;
		if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
			goto err;
		if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
			if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
				goto err;
			if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
			    &enctmplen))
				goto err;
			magic = read_ledword((const unsigned char **)&q);
			if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
				PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
				goto err;
			}
		} else
			explicit_bzero(keybuf, 20);
		p = enctmp;
	}








|







775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
			if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
				goto err;
			if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
			    &enctmplen))
				goto err;
			magic = read_ledword((const unsigned char **)&q);
			if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
				PEMerror(PEM_R_BAD_DECRYPT);
				goto err;
			}
		} else
			explicit_bzero(keybuf, 20);
		p = enctmp;
	}

805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
	unsigned char pvk_hdr[24], *buf = NULL;
	const unsigned char *p;
	size_t buflen;
	EVP_PKEY *ret = NULL;
	unsigned int saltlen, keylen;

	if (BIO_read(in, pvk_hdr, 24) != 24) {
		PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
		return NULL;
	}
	p = pvk_hdr;

	if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
		return 0;
	buflen = keylen + saltlen;
	buf = malloc(buflen);
	if (!buf) {
		PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p = buf;
	if (BIO_read(in, buf, buflen) != buflen) {
		PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
		goto err;
	}
	ret = do_PVK_body(&p, saltlen, keylen, cb, u);

err:
	if (buf) {
		explicit_bzero(buf, buflen);







|









|




|







803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
	unsigned char pvk_hdr[24], *buf = NULL;
	const unsigned char *p;
	size_t buflen;
	EVP_PKEY *ret = NULL;
	unsigned int saltlen, keylen;

	if (BIO_read(in, pvk_hdr, 24) != 24) {
		PEMerror(PEM_R_PVK_DATA_TOO_SHORT);
		return NULL;
	}
	p = pvk_hdr;

	if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
		return 0;
	buflen = keylen + saltlen;
	buf = malloc(buflen);
	if (!buf) {
		PEMerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p = buf;
	if (BIO_read(in, buf, buflen) != buflen) {
		PEMerror(PEM_R_PVK_DATA_TOO_SHORT);
		goto err;
	}
	ret = do_PVK_body(&p, saltlen, keylen, cb, u);

err:
	if (buf) {
		explicit_bzero(buf, buflen);
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
	if (!out)
		return outlen;
	if (*out)
		p = *out;
	else {
		p = malloc(outlen);
		if (!p) {
			PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
			return -1;
		}
		*out = p;
	}

	write_ledword(&p, MS_PVKMAGIC);
	write_ledword(&p, 0);







|







853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
	if (!out)
		return outlen;
	if (*out)
		p = *out;
	else {
		p = malloc(outlen);
		if (!p) {
			PEMerror(ERR_R_MALLOC_FAILURE);
			return -1;
		}
		*out = p;
	}

	write_ledword(&p, MS_PVKMAGIC);
	write_ledword(&p, 0);
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
		unsigned char keybuf[20];
		int enctmplen, inlen;
		if (cb)
			inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
		else
			inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
		if (inlen <= 0) {
			PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
			goto error;
		}
		if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
		    (unsigned char *)psbuf, inlen))
			goto error;
		if (enclevel == 1)
			memset(keybuf + 5, 0, 11);







|







885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
		unsigned char keybuf[20];
		int enctmplen, inlen;
		if (cb)
			inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
		else
			inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
		if (inlen <= 0) {
			PEMerror(PEM_R_BAD_PASSWORD_READ);
			goto error;
		}
		if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
		    (unsigned char *)psbuf, inlen))
			goto error;
		if (enclevel == 1)
			memset(keybuf + 5, 0, 11);
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939

	outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
	if (outlen < 0)
		return -1;
	wrlen = BIO_write(out, tmp, outlen);
	free(tmp);
	if (wrlen == outlen) {
		PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
		return outlen;
	}
	return -1;
}

#endif

#endif







|








922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937

	outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
	if (outlen < 0)
		return -1;
	wrlen = BIO_write(out, tmp, outlen);
	free(tmp);
	if (wrlen == outlen) {
		PEMerror(PEM_R_BIO_WRITE_FAILURE);
		return outlen;
	}
	return -1;
}

#endif

#endif
Changes to jni/libressl/crypto/pkcs12/p12_add.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_add.c,v 1.12 2015/02/14 12:43:07 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_add.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
PKCS12_SAFEBAG *
PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
{
	PKCS12_BAGS *bag;
	PKCS12_SAFEBAG *safebag;

	if (!(bag = PKCS12_BAGS_new())) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
		    ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	bag->type = OBJ_nid2obj(nid1);
	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
		    ERR_R_MALLOC_FAILURE);
		PKCS12_BAGS_free(bag);
		return NULL;
	}
	if (!(safebag = PKCS12_SAFEBAG_new())) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
		    ERR_R_MALLOC_FAILURE);
		PKCS12_BAGS_free(bag);
		return NULL;
	}
	safebag->value.bag = bag;
	safebag->type = OBJ_nid2obj(nid2);
	return safebag;
}

/* Turn PKCS8 object into a keybag */

PKCS12_SAFEBAG *
PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
{
	PKCS12_SAFEBAG *bag;

	if (!(bag = PKCS12_SAFEBAG_new())) {
		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	bag->type = OBJ_nid2obj(NID_keyBag);
	bag->value.keybag = p8;
	return bag;
}

/* Turn PKCS8 object into a shrouded keybag */

PKCS12_SAFEBAG *
PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
    unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
{
	PKCS12_SAFEBAG *bag;
	const EVP_CIPHER *pbe_ciph;

	/* Set up the safe bag */
	if (!(bag = PKCS12_SAFEBAG_new())) {
		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);

	pbe_ciph = EVP_get_cipherbynid(pbe_nid);

	if (pbe_ciph)
		pbe_nid = -1;

	if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
	    passlen, salt, saltlen, iter, p8))) {
		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
		PKCS12_SAFEBAG_free(bag);
		return NULL;
	}

	return bag;
}

/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *
PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
	PKCS7 *p7;

	if (!(p7 = PKCS7_new())) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	p7->type = OBJ_nid2obj(NID_pkcs7_data);
	if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA,
		    PKCS12_R_CANT_PACK_STRUCTURE);
		goto err;
	}
	return p7;

err:
	PKCS7_free(p7);
	return NULL;
}

/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
STACK_OF(PKCS12_SAFEBAG) *
PKCS12_unpack_p7data(PKCS7 *p7)
{
	if (!PKCS7_type_is_data(p7)) {
		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
		    PKCS12_R_CONTENT_TYPE_NOT_DATA);
		return NULL;
	}
	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
}

/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */

PKCS7 *
PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
    unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
{
	PKCS7 *p7;
	X509_ALGOR *pbe;
	const EVP_CIPHER *pbe_ciph;

	if (!(p7 = PKCS7_new())) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
		    PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
		goto err;
	}

	pbe_ciph = EVP_get_cipherbynid(pbe_nid);

	if (pbe_ciph)
		pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
	else
		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);

	if (!pbe) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
	p7->d.encrypted->enc_data->algorithm = pbe;
	ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
	if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
	    pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) {
		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
		    PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}

	return p7;

err:
	PKCS7_free(p7);
	return NULL;
}

STACK_OF(PKCS12_SAFEBAG) *
PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
{
	if (!PKCS7_type_is_encrypted(p7))
		return NULL;
	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
	    ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
	    p7->d.encrypted->enc_data->enc_data, 1);
}

PKCS8_PRIV_KEY_INFO *
PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, int passlen)
{
	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
}

int
PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
{
	if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
	    &p12->authsafes->d.data))
		return 1;
	return 0;
}

STACK_OF(PKCS7) *
PKCS12_unpack_authsafes(PKCS12 *p12)
{
	if (!PKCS7_type_is_data(p12->authsafes)) {
		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
		    PKCS12_R_CONTENT_TYPE_NOT_DATA);
		return NULL;
	}
	return ASN1_item_unpack(p12->authsafes->d.data,
	    ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
}







<
|




<
|




<
|
















|


















|












|














|




|



|
<
|














<
|


|













|



<
|











|






|
<
|
















|












|









<
|



|

66
67
68
69
70
71
72

73
74
75
76
77

78
79
80
81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

253
254
255
256
257
258
PKCS12_SAFEBAG *
PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
{
	PKCS12_BAGS *bag;
	PKCS12_SAFEBAG *safebag;

	if (!(bag = PKCS12_BAGS_new())) {

		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	bag->type = OBJ_nid2obj(nid1);
	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {

		PKCS12error(ERR_R_MALLOC_FAILURE);
		PKCS12_BAGS_free(bag);
		return NULL;
	}
	if (!(safebag = PKCS12_SAFEBAG_new())) {

		PKCS12error(ERR_R_MALLOC_FAILURE);
		PKCS12_BAGS_free(bag);
		return NULL;
	}
	safebag->value.bag = bag;
	safebag->type = OBJ_nid2obj(nid2);
	return safebag;
}

/* Turn PKCS8 object into a keybag */

PKCS12_SAFEBAG *
PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
{
	PKCS12_SAFEBAG *bag;

	if (!(bag = PKCS12_SAFEBAG_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	bag->type = OBJ_nid2obj(NID_keyBag);
	bag->value.keybag = p8;
	return bag;
}

/* Turn PKCS8 object into a shrouded keybag */

PKCS12_SAFEBAG *
PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
    unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
{
	PKCS12_SAFEBAG *bag;
	const EVP_CIPHER *pbe_ciph;

	/* Set up the safe bag */
	if (!(bag = PKCS12_SAFEBAG_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);

	pbe_ciph = EVP_get_cipherbynid(pbe_nid);

	if (pbe_ciph)
		pbe_nid = -1;

	if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
	    passlen, salt, saltlen, iter, p8))) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		PKCS12_SAFEBAG_free(bag);
		return NULL;
	}

	return bag;
}

/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *
PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
	PKCS7 *p7;

	if (!(p7 = PKCS7_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	p7->type = OBJ_nid2obj(NID_pkcs7_data);
	if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {

		PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE);
		goto err;
	}
	return p7;

err:
	PKCS7_free(p7);
	return NULL;
}

/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
STACK_OF(PKCS12_SAFEBAG) *
PKCS12_unpack_p7data(PKCS7 *p7)
{
	if (!PKCS7_type_is_data(p7)) {

		PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
		return NULL;
	}
	return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
}

/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */

PKCS7 *
PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
    unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
{
	PKCS7 *p7;
	X509_ALGOR *pbe;
	const EVP_CIPHER *pbe_ciph;

	if (!(p7 = PKCS7_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {

		PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
		goto err;
	}

	pbe_ciph = EVP_get_cipherbynid(pbe_nid);

	if (pbe_ciph)
		pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
	else
		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);

	if (!pbe) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
	p7->d.encrypted->enc_data->algorithm = pbe;
	ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
	if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
	    pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {

		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}

	return p7;

err:
	PKCS7_free(p7);
	return NULL;
}

STACK_OF(PKCS12_SAFEBAG) *
PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
{
	if (!PKCS7_type_is_encrypted(p7))
		return NULL;
	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
	    &PKCS12_SAFEBAGS_it, pass, passlen,
	    p7->d.encrypted->enc_data->enc_data, 1);
}

PKCS8_PRIV_KEY_INFO *
PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, int passlen)
{
	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
}

int
PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
{
	if (ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
	    &p12->authsafes->d.data))
		return 1;
	return 0;
}

STACK_OF(PKCS7) *
PKCS12_unpack_authsafes(PKCS12 *p12)
{
	if (!PKCS7_type_is_data(p12->authsafes)) {

		PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
		return NULL;
	}
	return ASN1_item_unpack(p12->authsafes->d.data,
	    &PKCS12_AUTHSAFES_it);
}
Changes to jni/libressl/crypto/pkcs12/p12_asn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_asn.c,v 1.8 2015/07/25 15:42:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/pkcs12/p12_attr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_attr.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_attr.c,v 1.10 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/pkcs12/p12_crpt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_crpt.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98




99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
	unsigned char *salt;
	const unsigned char *pbuf;
	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

	/* Extract useful info from parameter */
	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
		return 0;
	}

	pbuf = param->value.sequence->data;
	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
		return 0;
	}

	if (!pbe->iter)
		iter = 1;
	else
		iter = ASN1_INTEGER_get (pbe->iter);




	salt = pbe->salt->data;
	saltlen = pbe->salt->length;
	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
	    iter, EVP_CIPHER_key_length(cipher), key, md)) {
		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
		PBEPARAM_free(pbe);
		return 0;
	}
	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
	    iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
		PBEPARAM_free(pbe);
		return 0;
	}
	PBEPARAM_free(pbe);
	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
	explicit_bzero(key, EVP_MAX_KEY_LENGTH);
	explicit_bzero(iv, EVP_MAX_IV_LENGTH);
	return ret;
}







|





|





<
|
>
>
>
>




|





|









78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
	unsigned char *salt;
	const unsigned char *pbuf;
	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

	/* Extract useful info from parameter */
	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		PKCS12error(PKCS12_R_DECODE_ERROR);
		return 0;
	}

	pbuf = param->value.sequence->data;
	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
		PKCS12error(PKCS12_R_DECODE_ERROR);
		return 0;
	}

	if (!pbe->iter)
		iter = 1;

	else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
		PKCS12error(PKCS12_R_DECODE_ERROR);
		PBEPARAM_free(pbe);
		return 0;
	}
	salt = pbe->salt->data;
	saltlen = pbe->salt->length;
	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
	    iter, EVP_CIPHER_key_length(cipher), key, md)) {
		PKCS12error(PKCS12_R_KEY_GEN_ERROR);
		PBEPARAM_free(pbe);
		return 0;
	}
	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
	    iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
		PKCS12error(PKCS12_R_IV_GEN_ERROR);
		PBEPARAM_free(pbe);
		return 0;
	}
	PBEPARAM_free(pbe);
	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
	explicit_bzero(key, EVP_MAX_KEY_LENGTH);
	explicit_bzero(iv, EVP_MAX_IV_LENGTH);
	return ret;
}
Changes to jni/libressl/crypto/pkcs12/p12_crt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_crt.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_crt.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
	if (!iter)
		iter = PKCS12_DEFAULT_ITER;
	if (!mac_iter)
		mac_iter = 1;

	if (!pkey && !cert && !ca) {
		PKCS12err(PKCS12_F_PKCS12_CREATE,
		    PKCS12_R_INVALID_NULL_ARGUMENT);
		return NULL;
	}

	if (pkey && cert) {
		if (!X509_check_private_key(cert, pkey))
			return NULL;
		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);







<
|







100
101
102
103
104
105
106

107
108
109
110
111
112
113
114
		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
	if (!iter)
		iter = PKCS12_DEFAULT_ITER;
	if (!mac_iter)
		mac_iter = 1;

	if (!pkey && !cert && !ca) {

		PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);
		return NULL;
	}

	if (pkey && cert) {
		if (!X509_check_private_key(cert, pkey))
			return NULL;
		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
Changes to jni/libressl/crypto/pkcs12/p12_decr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_decr.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_decr.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
	EVP_CIPHER_CTX ctx;

	EVP_CIPHER_CTX_init(&ctx);
	/* Decrypt data */
	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
	    algor->parameter, &ctx, en_de)) {
		out = NULL;
		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
		    PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
		goto err;
	}

	if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
		free(out);
		out = NULL;
		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
		goto err;
	}

	outlen = i;
	if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
		free(out);
		out = NULL;
		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
		    PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
		goto err;
	}
	outlen += i;
	if (datalen)
		*datalen = outlen;
	if (data)
		*data = out;







<
|




|






|







<
|







75
76
77
78
79
80
81

82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

102
103
104
105
106
107
108
109
	EVP_CIPHER_CTX ctx;

	EVP_CIPHER_CTX_init(&ctx);
	/* Decrypt data */
	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
	    algor->parameter, &ctx, en_de)) {
		out = NULL;

		PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
		goto err;
	}

	if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
		free(out);
		out = NULL;
		PKCS12error(ERR_R_EVP_LIB);
		goto err;
	}

	outlen = i;
	if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
		free(out);
		out = NULL;

		PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
		goto err;
	}
	outlen += i;
	if (datalen)
		*datalen = outlen;
	if (data)
		*data = out;
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
	unsigned char *out;
	const unsigned char *p;
	void *ret;
	int outlen;

	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
	    &out, &outlen, 0)) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
		    PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
		return NULL;
	}
	p = out;
	ret = ASN1_item_d2i(NULL, &p, outlen, it);
	if (zbuf)
		explicit_bzero(out, outlen);
	if (!ret)
		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
		    PKCS12_R_DECODE_ERROR);
	free(out);
	return ret;
}

/* Encode ASN1 structure and encrypt, return OCTET STRING
 * if zbuf set zero encoding.
 */

ASN1_OCTET_STRING *
PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
    const char *pass, int passlen,
    void *obj, int zbuf)
{
	ASN1_OCTET_STRING *oct;
	unsigned char *in = NULL;
	int inlen;

	if (!(oct = ASN1_OCTET_STRING_new ())) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
		    ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	inlen = ASN1_item_i2d(obj, &in, it);
	if (!in) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
		    PKCS12_R_ENCODE_ERROR);
		goto err;
	}
	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
	    &oct->length, 1)) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
		    PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}
	if (zbuf)
		explicit_bzero(in, inlen);
	free(in);
	return oct;








<
|







<
|


















<
|




<
|




<
|







125
126
127
128
129
130
131

132
133
134
135
136
137
138
139

140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

159
160
161
162
163

164
165
166
167
168

169
170
171
172
173
174
175
176
	unsigned char *out;
	const unsigned char *p;
	void *ret;
	int outlen;

	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
	    &out, &outlen, 0)) {

		PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
		return NULL;
	}
	p = out;
	ret = ASN1_item_d2i(NULL, &p, outlen, it);
	if (zbuf)
		explicit_bzero(out, outlen);
	if (!ret)

		PKCS12error(PKCS12_R_DECODE_ERROR);
	free(out);
	return ret;
}

/* Encode ASN1 structure and encrypt, return OCTET STRING
 * if zbuf set zero encoding.
 */

ASN1_OCTET_STRING *
PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
    const char *pass, int passlen,
    void *obj, int zbuf)
{
	ASN1_OCTET_STRING *oct;
	unsigned char *in = NULL;
	int inlen;

	if (!(oct = ASN1_OCTET_STRING_new ())) {

		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	inlen = ASN1_item_i2d(obj, &in, it);
	if (!in) {

		PKCS12error(PKCS12_R_ENCODE_ERROR);
		goto err;
	}
	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
	    &oct->length, 1)) {

		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}
	if (zbuf)
		explicit_bzero(in, inlen);
	free(in);
	return oct;

Changes to jni/libressl/crypto/pkcs12/p12_init.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_init.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

PKCS12 *
PKCS12_init(int mode)
{
	PKCS12 *pkcs12;

	if (!(pkcs12 = PKCS12_new())) {
		PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ASN1_INTEGER_set(pkcs12->version, 3);
	pkcs12->authsafes->type = OBJ_nid2obj(mode);
	switch (mode) {
	case NID_pkcs7_data:
		if (!(pkcs12->authsafes->d.data =
		    ASN1_OCTET_STRING_new())) {
			PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		break;
	default:
		PKCS12err(PKCS12_F_PKCS12_INIT,
		    PKCS12_R_UNSUPPORTED_PKCS12_MODE);
		goto err;
	}

	return pkcs12;

err:
	if (pkcs12 != NULL)
		PKCS12_free(pkcs12);
	return NULL;
}







|








|




<
|










65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96

PKCS12 *
PKCS12_init(int mode)
{
	PKCS12 *pkcs12;

	if (!(pkcs12 = PKCS12_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ASN1_INTEGER_set(pkcs12->version, 3);
	pkcs12->authsafes->type = OBJ_nid2obj(mode);
	switch (mode) {
	case NID_pkcs7_data:
		if (!(pkcs12->authsafes->d.data =
		    ASN1_OCTET_STRING_new())) {
			PKCS12error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		break;
	default:

		PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE);
		goto err;
	}

	return pkcs12;

err:
	if (pkcs12 != NULL)
		PKCS12_free(pkcs12);
	return NULL;
}
Changes to jni/libressl/crypto/pkcs12/p12_key.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_key.c,v 1.22 2015/02/07 13:19:15 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_key.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
	unsigned char *unipass;
	int uniplen;

	if (!pass) {
		unipass = NULL;
		uniplen = 0;
	} else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
	    id, iter, n, out, md_type);
	if (ret <= 0)
		return 0;
	if (unipass) {







|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
	unsigned char *unipass;
	int uniplen;

	if (!pass) {
		unipass = NULL;
		uniplen = 0;
	} else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
	    id, iter, n, out, md_type);
	if (ret <= 0)
		return 0;
	if (unipass) {
103
104
105
106
107
108
109
110
111
112
113
114


115
116
117
118
119
120
121
	unsigned char *B, *D, *I, *p, *Ai;
	int Slen, Plen, Ilen, Ijlen;
	int i, j, u, v;
	int ret = 0;
	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
	EVP_MD_CTX ctx;

	EVP_MD_CTX_init(&ctx);
	v = EVP_MD_block_size(md_type);
	u = EVP_MD_size(md_type);
	if (u < 0)
		return 0;


	D = malloc(v);
	Ai = malloc(u);
	B = malloc(v + 1);
	Slen = v * ((saltlen + v - 1) / v);
	if (passlen)
		Plen = v * ((passlen + v - 1)/v);
	else







<




>
>







103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118
119
120
121
122
	unsigned char *B, *D, *I, *p, *Ai;
	int Slen, Plen, Ilen, Ijlen;
	int i, j, u, v;
	int ret = 0;
	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
	EVP_MD_CTX ctx;


	v = EVP_MD_block_size(md_type);
	u = EVP_MD_size(md_type);
	if (u < 0)
		return 0;

	EVP_MD_CTX_init(&ctx);
	D = malloc(v);
	Ai = malloc(u);
	B = malloc(v + 1);
	Slen = v * ((saltlen + v - 1) / v);
	if (passlen)
		Plen = v * ((passlen + v - 1)/v);
	else
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
#endif
			} else if (!BN_bn2bin (Ij, I + j))
				goto err;
		}
	}

err:
	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);

end:
	free(Ai);
	free(B);
	free(D);
	free(I);
	BN_free(Ij);
	BN_free(Bpl1);
	EVP_MD_CTX_cleanup(&ctx);
	return ret;
}







|











182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#endif
			} else if (!BN_bn2bin (Ij, I + j))
				goto err;
		}
	}

err:
	PKCS12error(ERR_R_MALLOC_FAILURE);

end:
	free(Ai);
	free(B);
	free(D);
	free(I);
	BN_free(Ij);
	BN_free(Bpl1);
	EVP_MD_CTX_cleanup(&ctx);
	return ret;
}
Changes to jni/libressl/crypto/pkcs12/p12_kiss.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_kiss.c,v 1.16 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
    STACK_OF(X509) **ca)
{
	STACK_OF(X509) *ocerts = NULL;
	X509 *x = NULL;
	/* Check for NULL PKCS12 structure */

	if (!p12) {
		PKCS12err(PKCS12_F_PKCS12_PARSE,
		    PKCS12_R_INVALID_NULL_PKCS12_POINTER);
		return 0;
	}

	if (pkey)
		*pkey = NULL;
	if (cert)
		*cert = NULL;







<
|







83
84
85
86
87
88
89

90
91
92
93
94
95
96
97
    STACK_OF(X509) **ca)
{
	STACK_OF(X509) *ocerts = NULL;
	X509 *x = NULL;
	/* Check for NULL PKCS12 structure */

	if (!p12) {

		PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
		return 0;
	}

	if (pkey)
		*pkey = NULL;
	if (cert)
		*cert = NULL;
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

	if (!pass || !*pass) {
		if (PKCS12_verify_mac(p12, NULL, 0))
			pass = NULL;
		else if (PKCS12_verify_mac(p12, "", 0))
			pass = "";
		else {
			PKCS12err(PKCS12_F_PKCS12_PARSE,
			    PKCS12_R_MAC_VERIFY_FAILURE);
			goto err;
		}
	} else if (!PKCS12_verify_mac(p12, pass, -1)) {
		PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
		goto err;
	}

	/* Allocate stack for other certificates */
	ocerts = sk_X509_new_null();
	if (!ocerts) {
		PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
		PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
		goto err;
	}

	while ((x = sk_X509_pop(ocerts))) {
		if (pkey && *pkey && cert && !*cert) {
			if (X509_check_private_key(x, *pkey)) {
				*cert = x;







<
|



|






|




|







106
107
108
109
110
111
112

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

	if (!pass || !*pass) {
		if (PKCS12_verify_mac(p12, NULL, 0))
			pass = NULL;
		else if (PKCS12_verify_mac(p12, "", 0))
			pass = "";
		else {

			PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
			goto err;
		}
	} else if (!PKCS12_verify_mac(p12, pass, -1)) {
		PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
		goto err;
	}

	/* Allocate stack for other certificates */
	ocerts = sk_X509_new_null();
	if (!ocerts) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
		PKCS12error(PKCS12_R_PARSE_ERROR);
		goto err;
	}

	while ((x = sk_X509_pop(ocerts))) {
		if (pkey && *pkey && cert && !*cert) {
			if (X509_check_private_key(x, *pkey)) {
				*cert = x;
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
		fname = attrib->value.bmpstring;

	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
		lkid = attrib->value.octet_string;

	switch (M_PKCS12_bag_type(bag)) {
	case NID_keyBag:
		if (!pkey || *pkey)
			return 1;
		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
			return 0;
		break;

	case NID_pkcs8ShroudedKeyBag:
		if (!pkey || *pkey)
			return 1;
		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
			return 0;
		*pkey = EVP_PKCS82PKEY(p8);
		PKCS8_PRIV_KEY_INFO_free(p8);
		if (!(*pkey))
			return 0;
		break;

	case NID_certBag:
		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
			return 1;
		if (!(x509 = PKCS12_certbag2x509(bag)))
			return 0;
		if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
			X509_free(x509);
			return 0;
		}







|



















|







229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263

	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
		fname = attrib->value.bmpstring;

	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
		lkid = attrib->value.octet_string;

	switch (OBJ_obj2nid(bag->type)) {
	case NID_keyBag:
		if (!pkey || *pkey)
			return 1;
		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
			return 0;
		break;

	case NID_pkcs8ShroudedKeyBag:
		if (!pkey || *pkey)
			return 1;
		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
			return 0;
		*pkey = EVP_PKCS82PKEY(p8);
		PKCS8_PRIV_KEY_INFO_free(p8);
		if (!(*pkey))
			return 0;
		break;

	case NID_certBag:
		if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate )
			return 1;
		if (!(x509 = PKCS12_certbag2x509(bag)))
			return 0;
		if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
			X509_free(x509);
			return 0;
		}
Changes to jni/libressl/crypto/pkcs12/p12_mutl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_mutl.c,v 1.20 2015/07/29 14:58:34 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93



94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
	const EVP_MD *md_type;
	HMAC_CTX hmac;
	unsigned char key[EVP_MAX_MD_SIZE], *salt;
	int saltlen, iter;
	int md_size;

	if (!PKCS7_type_is_data(p12->authsafes)) {
		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
		    PKCS12_R_CONTENT_TYPE_NOT_DATA);
		return 0;
	}

	salt = p12->mac->salt->data;
	saltlen = p12->mac->salt->length;
	if (!p12->mac->iter)
		iter = 1;
	else
		iter = ASN1_INTEGER_get(p12->mac->iter);



	if (!(md_type = EVP_get_digestbyobj(
	    p12->mac->dinfo->algor->algorithm))) {
		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
		    PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
		return 0;
	}
	md_size = EVP_MD_size(md_type);
	if (md_size < 0)
		return 0;
	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
	    md_size, key, md_type)) {
		PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
		return 0;
	}
	HMAC_CTX_init(&hmac);
	if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ||
	    !HMAC_Update(&hmac, p12->authsafes->d.data->data,
	    p12->authsafes->d.data->length) ||
	    !HMAC_Final(&hmac, mac, maclen)) {







<
|







<
|
>
>
>


<
|







|







76
77
78
79
80
81
82

83
84
85
86
87
88
89
90

91
92
93
94
95
96

97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
	const EVP_MD *md_type;
	HMAC_CTX hmac;
	unsigned char key[EVP_MAX_MD_SIZE], *salt;
	int saltlen, iter;
	int md_size;

	if (!PKCS7_type_is_data(p12->authsafes)) {

		PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
		return 0;
	}

	salt = p12->mac->salt->data;
	saltlen = p12->mac->salt->length;
	if (!p12->mac->iter)
		iter = 1;

	else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
		PKCS12error(PKCS12_R_DECODE_ERROR);
		return 0;
	}
	if (!(md_type = EVP_get_digestbyobj(
	    p12->mac->dinfo->algor->algorithm))) {

		PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
		return 0;
	}
	md_size = EVP_MD_size(md_type);
	if (md_size < 0)
		return 0;
	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
	    md_size, key, md_type)) {
		PKCS12error(PKCS12_R_KEY_GEN_ERROR);
		return 0;
	}
	HMAC_CTX_init(&hmac);
	if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ||
	    !HMAC_Update(&hmac, p12->authsafes->d.data->data,
	    p12->authsafes->d.data->length) ||
	    !HMAC_Final(&hmac, mac, maclen)) {
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
int
PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
{
	unsigned char mac[EVP_MAX_MD_SIZE];
	unsigned int maclen;

	if (p12->mac == NULL) {
		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
		return 0;
	}
	if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,
		    PKCS12_R_MAC_GENERATION_ERROR);
		return 0;
	}
	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
	    memcmp(mac, p12->mac->dinfo->digest->data, maclen))
		return 0;
	return 1;
}







|



<
|







121
122
123
124
125
126
127
128
129
130
131

132
133
134
135
136
137
138
139
int
PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
{
	unsigned char mac[EVP_MAX_MD_SIZE];
	unsigned int maclen;

	if (p12->mac == NULL) {
		PKCS12error(PKCS12_R_MAC_ABSENT);
		return 0;
	}
	if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {

		PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
		return 0;
	}
	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
	    memcmp(mac, p12->mac->dinfo->digest->data, maclen))
		return 0;
	return 1;
}
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
	unsigned char mac[EVP_MAX_MD_SIZE];
	unsigned int maclen;

	if (!md_type)
		md_type = EVP_sha1();
	if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
	    PKCS12_ERROR) {
		PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
		return 0;
	}
	if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
		PKCS12err(PKCS12_F_PKCS12_SET_MAC,
		    PKCS12_R_MAC_GENERATION_ERROR);
		return 0;
	}
	if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
		PKCS12err(PKCS12_F_PKCS12_SET_MAC,
		    PKCS12_R_MAC_STRING_SET_ERROR);
		return 0;
	}
	return 1;
}

/* Set up a mac structure */
int
PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
    const EVP_MD *md_type)
{
	if (!(p12->mac = PKCS12_MAC_DATA_new()))
		return PKCS12_ERROR;
	if (iter > 1) {
		if (!(p12->mac->iter = ASN1_INTEGER_new())) {
			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	if (!saltlen)
		saltlen = PKCS12_SALT_LEN;
	if (!(p12->mac->salt->data = malloc(saltlen))) {
		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p12->mac->salt->length = saltlen;
	if (!salt)
		arc4random_buf(p12->mac->salt->data, saltlen);
	else
		memcpy (p12->mac->salt->data, salt, saltlen);
	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;

	return 1;
}
#endif







|



<
|



<
|














<
|



<
|






|









|







147
148
149
150
151
152
153
154
155
156
157

158
159
160
161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

177
178
179
180

181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
	unsigned char mac[EVP_MAX_MD_SIZE];
	unsigned int maclen;

	if (!md_type)
		md_type = EVP_sha1();
	if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
	    PKCS12_ERROR) {
		PKCS12error(PKCS12_R_MAC_SETUP_ERROR);
		return 0;
	}
	if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {

		PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
		return 0;
	}
	if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {

		PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR);
		return 0;
	}
	return 1;
}

/* Set up a mac structure */
int
PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
    const EVP_MD *md_type)
{
	if (!(p12->mac = PKCS12_MAC_DATA_new()))
		return PKCS12_ERROR;
	if (iter > 1) {
		if (!(p12->mac->iter = ASN1_INTEGER_new())) {

			PKCS12error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {

			PKCS12error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	if (!saltlen)
		saltlen = PKCS12_SALT_LEN;
	if (!(p12->mac->salt->data = malloc(saltlen))) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p12->mac->salt->length = saltlen;
	if (!salt)
		arc4random_buf(p12->mac->salt->data, saltlen);
	else
		memcpy (p12->mac->salt->data, salt, saltlen);
	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;

	return 1;
}
#endif
Changes to jni/libressl/crypto/pkcs12/p12_npas.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_npas.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_npas.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

int
PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
{
	/* Check for NULL PKCS12 structure */

	if (!p12) {
		PKCS12err(PKCS12_F_PKCS12_NEWPASS,
		    PKCS12_R_INVALID_NULL_PKCS12_POINTER);
		return 0;
	}

	/* Check the mac */

	if (!PKCS12_verify_mac(p12, oldpass, -1)) {
		PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
		return 0;
	}

	if (!newpass_p12(p12, oldpass, newpass)) {
		PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
		return 0;
	}

	return 1;
}

/* Parse the outer PKCS#12 structure */







<
|






|




|







77
78
79
80
81
82
83

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

int
PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
{
	/* Check for NULL PKCS12 structure */

	if (!p12) {

		PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
		return 0;
	}

	/* Check the mac */

	if (!PKCS12_verify_mac(p12, oldpass, -1)) {
		PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
		return 0;
	}

	if (!newpass_p12(p12, oldpass, newpass)) {
		PKCS12error(PKCS12_R_PARSE_ERROR);
		return 0;
	}

	return 1;
}

/* Parse the outer PKCS#12 structure */
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
static int
newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
{
	PKCS8_PRIV_KEY_INFO *p8;
	X509_SIG *p8new;
	int p8_nid, p8_saltlen, p8_iter;

	if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
		return 1;

	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
		return 0;
	if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
	    &p8_saltlen))
		return 0;







|







206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
static int
newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
{
	PKCS8_PRIV_KEY_INFO *p8;
	X509_SIG *p8new;
	int p8_nid, p8_saltlen, p8_iter;

	if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
		return 1;

	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
		return 0;
	if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
	    &p8_saltlen))
		return 0;
Changes to jni/libressl/crypto/pkcs12/p12_p8d.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_p8d.c,v 1.4 2014/07/08 09:24:53 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_p8d.c,v 1.6 2016/12/30 15:34:35 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
60
61
62
63
64
65
66
67
68

#include <openssl/pkcs12.h>

PKCS8_PRIV_KEY_INFO *
PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
{
	return PKCS12_item_decrypt_d2i(p8->algor,
	    ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, p8->digest, 1);
}







|

60
61
62
63
64
65
66
67
68

#include <openssl/pkcs12.h>

PKCS8_PRIV_KEY_INFO *
PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
{
	return PKCS12_item_decrypt_d2i(p8->algor,
	    &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8->digest, 1);
}
Changes to jni/libressl/crypto/pkcs12/p12_p8e.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_p8e.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
    int passlen, unsigned char *salt, int saltlen, int iter,
    PKCS8_PRIV_KEY_INFO *p8inf)
{
	X509_SIG *p8 = NULL;
	X509_ALGOR *pbe;

	if (!(p8 = X509_SIG_new())) {
		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (pbe_nid == -1)
		pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
	else
		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
	if (!pbe) {
		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
		goto err;
	}
	X509_ALGOR_free(p8->algor);
	p8->algor = pbe;
	ASN1_OCTET_STRING_free(p8->digest);
	p8->digest = PKCS12_item_i2d_encrypt(pbe,
	    ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, p8inf, 1);
	if (!p8->digest) {
		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}

	return p8;

err:
	X509_SIG_free(p8);
	return NULL;
}







|








|






|

|









66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
    int passlen, unsigned char *salt, int saltlen, int iter,
    PKCS8_PRIV_KEY_INFO *p8inf)
{
	X509_SIG *p8 = NULL;
	X509_ALGOR *pbe;

	if (!(p8 = X509_SIG_new())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (pbe_nid == -1)
		pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
	else
		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
	if (!pbe) {
		PKCS12error(ERR_R_ASN1_LIB);
		goto err;
	}
	X509_ALGOR_free(p8->algor);
	p8->algor = pbe;
	ASN1_OCTET_STRING_free(p8->digest);
	p8->digest = PKCS12_item_i2d_encrypt(pbe,
	    &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1);
	if (!p8->digest) {
		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}

	return p8;

err:
	X509_SIG_free(p8);
	return NULL;
}
Changes to jni/libressl/crypto/pkcs12/p12_utl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: p12_utl.c,v 1.11 2014/07/10 13:58:23 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: p12_utl.c,v 1.15 2016/12/30 15:34:35 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
52
53
54
55
56
57
58

59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

74








75
76

77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97



98
99
100
101
102
103


104
105


106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */


#include <stdio.h>
#include <string.h>

#include <openssl/pkcs12.h>

/* Cheap and nasty Unicode stuff */

unsigned char *
OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
{
	int ulen, i;
	unsigned char *unitmp;

	if (asclen == -1)
		asclen = strlen(asc);

	ulen = asclen * 2 + 2;








	if (!(unitmp = malloc(ulen)))
		return NULL;

	for (i = 0; i < ulen - 2; i += 2) {
		unitmp[i] = 0;
		unitmp[i + 1] = asc[i >> 1];
	}
	/* Make result double null terminated */
	unitmp[ulen - 2] = 0;
	unitmp[ulen - 1] = 0;
	if (unilen)
		*unilen = ulen;
	if (uni)
		*uni = unitmp;
	return unitmp;
}

char *
OPENSSL_uni2asc(unsigned char *uni, int unilen)
{
	int asclen, i;
	char *asctmp;

	asclen = unilen / 2;



	/* If no terminating zero allow for one */
	if (!unilen || uni[unilen - 1])
		asclen++;
	uni++;
	if (!(asctmp = malloc(asclen)))
		return NULL;


	for (i = 0; i < unilen; i += 2)
		asctmp[i >> 1] = uni[i];


	asctmp[asclen - 1] = 0;
	return asctmp;
}

int
i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
}

int
i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
}

PKCS12 *
d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
}

PKCS12 *
d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
{
	    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
}

PKCS12_SAFEBAG *
PKCS12_x5092certbag(X509 *x509)
{
	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
	    NID_x509Certificate, NID_certBag);
}

PKCS12_SAFEBAG *
PKCS12_x509crl2certbag(X509_CRL *crl)
{
	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
	    NID_x509Crl, NID_crlBag);
}

X509 *
PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
{
	if (M_PKCS12_bag_type(bag) != NID_certBag)
		return NULL;
	if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
		return NULL;
	return ASN1_item_unpack(bag->value.bag->value.octet,
	    ASN1_ITEM_rptr(X509));
}

X509_CRL *
PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
{
	if (M_PKCS12_bag_type(bag) != NID_crlBag)
		return NULL;
	if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
		return NULL;
	return ASN1_item_unpack(bag->value.bag->value.octet,
	    ASN1_ITEM_rptr(X509_CRL));
}







>










|


|
|
>
|
>
>
>
>
>
>
>
>
|

>


|

|












|


|
>
>
>
|
|

<
|

>
>
|
|
>
>
|






|





|





|





|





|






|






|

|


|





|

|


|

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <limits.h>
#include <stdio.h>
#include <string.h>

#include <openssl/pkcs12.h>

/* Cheap and nasty Unicode stuff */

unsigned char *
OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
{
	size_t ulen, i;
	unsigned char *unitmp;

	if (asclen < 0)
		ulen = strlen(asc);
	else
		ulen = (size_t)asclen;
	ulen++;
	if (ulen == 0) /* unlikely overflow */
		return NULL;
	if ((unitmp = reallocarray(NULL, ulen, 2)) == NULL)
		return NULL;
	ulen *= 2;
	/* XXX This interface ought to use unsigned types */
	if (ulen > INT_MAX) {
		free(unitmp);
		return NULL;
	}
	for (i = 0; i < ulen - 2; i += 2) {
		unitmp[i] = 0;
		unitmp[i + 1] = *asc++;
	}
	/* Make result double-NUL terminated */
	unitmp[ulen - 2] = 0;
	unitmp[ulen - 1] = 0;
	if (unilen)
		*unilen = ulen;
	if (uni)
		*uni = unitmp;
	return unitmp;
}

char *
OPENSSL_uni2asc(unsigned char *uni, int unilen)
{
	size_t asclen, u16len, i;
	char *asctmp;

	if (unilen < 0)
		return NULL;

	asclen = u16len = (size_t)unilen / 2;
	/* If no terminating NUL, allow for one */
	if (unilen == 0 || uni[unilen - 1] != '\0')
		asclen++;

	if ((asctmp = malloc(asclen)) == NULL)
		return NULL;
	/* Skip first zero byte */
	uni++;
	for (i = 0; i < u16len; i++) {
		asctmp[i] = *uni;
		uni += 2;
	}
	asctmp[asclen - 1] = '\0';
	return asctmp;
}

int
i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
{
	return ASN1_item_i2d_bio(&PKCS12_it, bp, p12);
}

int
i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
{
	return ASN1_item_i2d_fp(&PKCS12_it, fp, p12);
}

PKCS12 *
d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
{
	return ASN1_item_d2i_bio(&PKCS12_it, bp, p12);
}

PKCS12 *
d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
{
	    return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
}

PKCS12_SAFEBAG *
PKCS12_x5092certbag(X509 *x509)
{
	return PKCS12_item_pack_safebag(x509, &X509_it,
	    NID_x509Certificate, NID_certBag);
}

PKCS12_SAFEBAG *
PKCS12_x509crl2certbag(X509_CRL *crl)
{
	return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
	    NID_x509Crl, NID_crlBag);
}

X509 *
PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
{
	if (OBJ_obj2nid(bag->type) != NID_certBag)
		return NULL;
	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
		return NULL;
	return ASN1_item_unpack(bag->value.bag->value.octet,
	    &X509_it);
}

X509_CRL *
PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
{
	if (OBJ_obj2nid(bag->type) != NID_crlBag)
		return NULL;
	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
		return NULL;
	return ASN1_item_unpack(bag->value.bag->value.octet,
	    &X509_CRL_it);
}
Changes to jni/libressl/crypto/pkcs12/pk12err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk12err.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk12err.c,v 1.10 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/pkcs7/bio_pk7.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_pk7.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_pk7.c,v 1.5 2016/12/30 15:38:13 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
58
59
60
61
62
63
64
65
66

#include <stdio.h>

/* Streaming encode support for PKCS#7 */
BIO *
BIO_new_PKCS7(BIO *out, PKCS7 *p7)
{
	return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
}







|

58
59
60
61
62
63
64
65
66

#include <stdio.h>

/* Streaming encode support for PKCS#7 */
BIO *
BIO_new_PKCS7(BIO *out, PKCS7 *p7)
{
	return BIO_new_NDEF(out, (ASN1_VALUE *)p7, &PKCS7_it);
}
Changes to jni/libressl/crypto/pkcs7/pk7_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_asn1.c,v 1.11 2015/02/10 06:37:38 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_asn1.c,v 1.12 2015/07/25 15:33:06 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/pkcs7/pk7_attr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_attr.c,v 1.9 2014/06/29 17:05:36 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_attr.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#include <openssl/err.h>

int
PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
{
	ASN1_STRING *seq;
	if (!(seq = ASN1_STRING_new())) {
		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
	    ASN1_ITEM_rptr(X509_ALGORS));
	return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
	    V_ASN1_SEQUENCE, seq);
}

STACK_OF(X509_ALGOR) *
PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
{
	ASN1_TYPE *cap;
	const unsigned char *p;

	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
	if (!cap || (cap->type != V_ASN1_SEQUENCE))
		return NULL;
	p = cap->value.sequence->data;
	return (STACK_OF(X509_ALGOR) *)
	ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
	    ASN1_ITEM_rptr(X509_ALGORS));
}

/* Basic smime-capabilities OID and optional integer arg */
int
PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
{
	X509_ALGOR *alg;

	if (!(alg = X509_ALGOR_new())) {
		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_OBJECT_free(alg->algorithm);
	alg->algorithm = OBJ_nid2obj(nid);
	if (arg > 0) {
		ASN1_INTEGER *nbit;








<
|



|
















|









|







67
68
69
70
71
72
73

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#include <openssl/err.h>

int
PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
{
	ASN1_STRING *seq;
	if (!(seq = ASN1_STRING_new())) {

		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
	    &X509_ALGORS_it);
	return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
	    V_ASN1_SEQUENCE, seq);
}

STACK_OF(X509_ALGOR) *
PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
{
	ASN1_TYPE *cap;
	const unsigned char *p;

	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
	if (!cap || (cap->type != V_ASN1_SEQUENCE))
		return NULL;
	p = cap->value.sequence->data;
	return (STACK_OF(X509_ALGOR) *)
	ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
	    &X509_ALGORS_it);
}

/* Basic smime-capabilities OID and optional integer arg */
int
PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
{
	X509_ALGOR *alg;

	if (!(alg = X509_ALGOR_new())) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_OBJECT_free(alg->algorithm);
	alg->algorithm = OBJ_nid2obj(nid);
	if (arg > 0) {
		ASN1_INTEGER *nbit;

123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
		alg->parameter->type = V_ASN1_INTEGER;
	}
	if (sk_X509_ALGOR_push(sk, alg) == 0)
		goto err;
	return 1;

err:
	PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
	X509_ALGOR_free(alg);
	return 0;
}

int
PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
{
	if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
		return 0;
	if (!coid)
		coid = OBJ_nid2obj(NID_pkcs7_data);
	return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
	    V_ASN1_OBJECT, coid);
}

int
PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
{
	if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
		PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
	    V_ASN1_UTCTIME, t);
}

int







|



















<
|







122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

149
150
151
152
153
154
155
156
		alg->parameter->type = V_ASN1_INTEGER;
	}
	if (sk_X509_ALGOR_push(sk, alg) == 0)
		goto err;
	return 1;

err:
	PKCS7error(ERR_R_MALLOC_FAILURE);
	X509_ALGOR_free(alg);
	return 0;
}

int
PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
{
	if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
		return 0;
	if (!coid)
		coid = OBJ_nid2obj(NID_pkcs7_data);
	return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
	    V_ASN1_OBJECT, coid);
}

int
PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
{
	if (!t && !(t = X509_gmtime_adj(NULL, 0))) {

		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
	    V_ASN1_UTCTIME, t);
}

int
Changes to jni/libressl/crypto/pkcs7/pk7_doit.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_doit.c,v 1.37 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_doit.c,v 1.41 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

static int
PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
{
	BIO *btmp;
	const EVP_MD *md;
	if ((btmp = BIO_new(BIO_f_md())) == NULL) {
		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
		goto err;
	}

	md = EVP_get_digestbyobj(alg->algorithm);
	if (md == NULL) {
		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,
		    PKCS7_R_UNKNOWN_DIGEST_TYPE);
		goto err;
	}

	BIO_set_md(btmp, md);
	if (*pbio == NULL)
		*pbio = btmp;
	else if (!BIO_push(*pbio, btmp)) {
		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
		goto err;
	}
	btmp = NULL;

	return 1;

err:







|





<
|







|







106
107
108
109
110
111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

static int
PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
{
	BIO *btmp;
	const EVP_MD *md;
	if ((btmp = BIO_new(BIO_f_md())) == NULL) {
		PKCS7error(ERR_R_BIO_LIB);
		goto err;
	}

	md = EVP_get_digestbyobj(alg->algorithm);
	if (md == NULL) {

		PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
		goto err;
	}

	BIO_set_md(btmp, md);
	if (*pbio == NULL)
		*pbio = btmp;
	else if (!BIO_push(*pbio, btmp)) {
		PKCS7error(ERR_R_BIO_LIB);
		goto err;
	}
	btmp = NULL;

	return 1;

err:
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
		return 0;

	if (EVP_PKEY_encrypt_init(pctx) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
	    EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
		goto err;
	}

	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
		goto err;

	ek = malloc(eklen);

	if (ek == NULL) {
		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
		goto err;

	ASN1_STRING_set0(ri->enc_key, ek, eklen);







|









|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
		return 0;

	if (EVP_PKEY_encrypt_init(pctx) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
	    EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
		PKCS7error(PKCS7_R_CTRL_ERROR);
		goto err;
	}

	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
		goto err;

	ek = malloc(eklen);

	if (ek == NULL) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
		goto err;

	ASN1_STRING_set0(ri->enc_key, ek, eklen);
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
		return -1;

	if (EVP_PKEY_decrypt_init(pctx) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
	    EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
		goto err;
	}

	if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
	    ri->enc_key->data, ri->enc_key->length) <= 0)
		goto err;

	ek = malloc(eklen);
	if (ek == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EVP_PKEY_decrypt(pctx, ek, &eklen,
	    ri->enc_key->data, ri->enc_key->length) <= 0) {
		ret = 0;
		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
		goto err;
	}

	ret = 1;

	if (*pek) {
		explicit_bzero(*pek, *peklen);







|









|






|







204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
		return -1;

	if (EVP_PKEY_decrypt_init(pctx) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
	    EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
		PKCS7error(PKCS7_R_CTRL_ERROR);
		goto err;
	}

	if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
	    ri->enc_key->data, ri->enc_key->length) <= 0)
		goto err;

	ek = malloc(eklen);
	if (ek == NULL) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EVP_PKEY_decrypt(pctx, ek, &eklen,
	    ri->enc_key->data, ri->enc_key->length) <= 0) {
		ret = 0;
		PKCS7error(ERR_R_EVP_LIB);
		goto err;
	}

	ret = 1;

	if (*pek) {
		explicit_bzero(*pek, *peklen);
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
	STACK_OF(X509_ALGOR) *md_sk = NULL;
	STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
	X509_ALGOR *xalg = NULL;
	PKCS7_RECIP_INFO *ri = NULL;
	ASN1_OCTET_STRING *os = NULL;

	if (p7 == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
		return NULL;
	}

	/*
	 * The content field in the PKCS7 ContentInfo is optional,
	 * but that really only applies to inner content (precisely,
	 * detached signatures).
	 *
	 * When reading content, missing outer content is therefore
	 * treated as an error.
	 *
	 * When creating content, PKCS7_content_new() must be called
	 * before calling this method, so a NULL p7->d is always
	 * an error.
	 */
	if (p7->d.ptr == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
		return NULL;
	}

	i = OBJ_obj2nid(p7->type);
	p7->state = PKCS7_S_HEADER;

	switch (i) {
	case NID_pkcs7_signed:
		md_sk = p7->d.sign->md_algs;
		os = PKCS7_get_octet_string(p7->d.sign->contents);
		break;
	case NID_pkcs7_signedAndEnveloped:
		rsk = p7->d.signed_and_enveloped->recipientinfo;
		md_sk = p7->d.signed_and_enveloped->md_algs;
		xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
		evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
		if (evp_cipher == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
			    PKCS7_R_CIPHER_NOT_INITIALIZED);
			goto err;
		}
		break;
	case NID_pkcs7_enveloped:
		rsk = p7->d.enveloped->recipientinfo;
		xalg = p7->d.enveloped->enc_data->algorithm;
		evp_cipher = p7->d.enveloped->enc_data->cipher;
		if (evp_cipher == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
			    PKCS7_R_CIPHER_NOT_INITIALIZED);
			goto err;
		}
		break;
	case NID_pkcs7_digest:
		xa = p7->d.digest->md;
		os = PKCS7_get_octet_string(p7->d.digest->contents);
		break;
	case NID_pkcs7_data:
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_DATAINIT,
		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}

	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
			goto err;

	if (xa && !PKCS7_bio_add_digest(&out, xa))
		goto err;

	if (evp_cipher != NULL) {
		unsigned char key[EVP_MAX_KEY_LENGTH];
		unsigned char iv[EVP_MAX_IV_LENGTH];
		int keylen, ivlen;
		EVP_CIPHER_CTX *ctx;

		if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
			goto err;
		}
		BIO_get_cipher_ctx(btmp, &ctx);
		keylen = EVP_CIPHER_key_length(evp_cipher);
		ivlen = EVP_CIPHER_iv_length(evp_cipher);
		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
		if (ivlen > 0)







|
















|

















<
|








<
|










<
|

















|







257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298

299
300
301
302
303
304
305
306
307

308
309
310
311
312
313
314
315
316
317
318

319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
	STACK_OF(X509_ALGOR) *md_sk = NULL;
	STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
	X509_ALGOR *xalg = NULL;
	PKCS7_RECIP_INFO *ri = NULL;
	ASN1_OCTET_STRING *os = NULL;

	if (p7 == NULL) {
		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return NULL;
	}

	/*
	 * The content field in the PKCS7 ContentInfo is optional,
	 * but that really only applies to inner content (precisely,
	 * detached signatures).
	 *
	 * When reading content, missing outer content is therefore
	 * treated as an error.
	 *
	 * When creating content, PKCS7_content_new() must be called
	 * before calling this method, so a NULL p7->d is always
	 * an error.
	 */
	if (p7->d.ptr == NULL) {
		PKCS7error(PKCS7_R_NO_CONTENT);
		return NULL;
	}

	i = OBJ_obj2nid(p7->type);
	p7->state = PKCS7_S_HEADER;

	switch (i) {
	case NID_pkcs7_signed:
		md_sk = p7->d.sign->md_algs;
		os = PKCS7_get_octet_string(p7->d.sign->contents);
		break;
	case NID_pkcs7_signedAndEnveloped:
		rsk = p7->d.signed_and_enveloped->recipientinfo;
		md_sk = p7->d.signed_and_enveloped->md_algs;
		xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
		evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
		if (evp_cipher == NULL) {

			PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
			goto err;
		}
		break;
	case NID_pkcs7_enveloped:
		rsk = p7->d.enveloped->recipientinfo;
		xalg = p7->d.enveloped->enc_data->algorithm;
		evp_cipher = p7->d.enveloped->enc_data->cipher;
		if (evp_cipher == NULL) {

			PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
			goto err;
		}
		break;
	case NID_pkcs7_digest:
		xa = p7->d.digest->md;
		os = PKCS7_get_octet_string(p7->d.digest->contents);
		break;
	case NID_pkcs7_data:
		break;
	default:

		PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}

	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
			goto err;

	if (xa && !PKCS7_bio_add_digest(&out, xa))
		goto err;

	if (evp_cipher != NULL) {
		unsigned char key[EVP_MAX_KEY_LENGTH];
		unsigned char iv[EVP_MAX_IV_LENGTH];
		int keylen, ivlen;
		EVP_CIPHER_CTX *ctx;

		if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
			PKCS7error(ERR_R_BIO_LIB);
			goto err;
		}
		BIO_get_cipher_ctx(btmp, &ctx);
		keylen = EVP_CIPHER_key_length(evp_cipher);
		ivlen = EVP_CIPHER_iv_length(evp_cipher);
		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
		if (ivlen > 0)
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
	STACK_OF(X509_ALGOR) *md_sk = NULL;
	STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
	PKCS7_RECIP_INFO *ri = NULL;
	unsigned char *ek = NULL, *tkey = NULL;
	int eklen = 0, tkeylen = 0;

	if (p7 == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATADECODE,
		    PKCS7_R_INVALID_NULL_POINTER);
		return NULL;
	}

	if (p7->d.ptr == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
		return NULL;
	}

	i = OBJ_obj2nid(p7->type);
	p7->state = PKCS7_S_HEADER;

	switch (i) {
	case NID_pkcs7_signed:
		data_body = PKCS7_get_octet_string(p7->d.sign->contents);
		md_sk = p7->d.sign->md_algs;
		break;
	case NID_pkcs7_signedAndEnveloped:
		rsk = p7->d.signed_and_enveloped->recipientinfo;
		md_sk = p7->d.signed_and_enveloped->md_algs;
		data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
		enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
		evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
		if (evp_cipher == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
			    PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
			goto err;
		}
		break;
	case NID_pkcs7_enveloped:
		rsk = p7->d.enveloped->recipientinfo;
		enc_alg = p7->d.enveloped->enc_data->algorithm;
		data_body = p7->d.enveloped->enc_data->enc_data;
		evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
		if (evp_cipher == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
			    PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
			goto err;
		}
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_DATADECODE,
		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}

	/* We will be checking the signature */
	if (md_sk != NULL) {
		for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
			xa = sk_X509_ALGOR_value(md_sk, i);
			if ((btmp = BIO_new(BIO_f_md())) == NULL) {
				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
				    ERR_R_BIO_LIB);
				goto err;
			}

			j = OBJ_obj2nid(xa->algorithm);
			evp_md = EVP_get_digestbynid(j);
			if (evp_md == NULL) {
				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
				    PKCS7_R_UNKNOWN_DIGEST_TYPE);
				goto err;
			}

			BIO_set_md(btmp, evp_md);
			if (out == NULL)
				out = btmp;
			else
				BIO_push(out, btmp);
			btmp = NULL;
		}
	}

	if (evp_cipher != NULL) {
		if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
			goto err;
		}

		/* It was encrypted, we need to decrypt the secret key
		 * with the private key */

		/* Find the recipientInfo which matches the passed certificate
		 * (if any)
		 */
		if (pcert) {
			for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
				ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
				if (!pkcs7_cmp_ri(ri, pcert))
					break;
				ri = NULL;
			}
			if (ri == NULL) {
				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
				    PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
				goto err;
			}
		}

		/* If we haven't got a certificate try each ri in turn */
		if (pcert == NULL) {
			/* Always attempt to decrypt all rinfo even







<
|




|


















<
|









<
|




<
|








<
|






<
|














|

















<
|







432
433
434
435
436
437
438

439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462

463
464
465
466
467
468
469
470
471
472

473
474
475
476
477

478
479
480
481
482
483
484
485
486

487
488
489
490
491
492
493

494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526

527
528
529
530
531
532
533
534
	STACK_OF(X509_ALGOR) *md_sk = NULL;
	STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
	PKCS7_RECIP_INFO *ri = NULL;
	unsigned char *ek = NULL, *tkey = NULL;
	int eklen = 0, tkeylen = 0;

	if (p7 == NULL) {

		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return NULL;
	}

	if (p7->d.ptr == NULL) {
		PKCS7error(PKCS7_R_NO_CONTENT);
		return NULL;
	}

	i = OBJ_obj2nid(p7->type);
	p7->state = PKCS7_S_HEADER;

	switch (i) {
	case NID_pkcs7_signed:
		data_body = PKCS7_get_octet_string(p7->d.sign->contents);
		md_sk = p7->d.sign->md_algs;
		break;
	case NID_pkcs7_signedAndEnveloped:
		rsk = p7->d.signed_and_enveloped->recipientinfo;
		md_sk = p7->d.signed_and_enveloped->md_algs;
		data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
		enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
		evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
		if (evp_cipher == NULL) {

			PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
			goto err;
		}
		break;
	case NID_pkcs7_enveloped:
		rsk = p7->d.enveloped->recipientinfo;
		enc_alg = p7->d.enveloped->enc_data->algorithm;
		data_body = p7->d.enveloped->enc_data->enc_data;
		evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
		if (evp_cipher == NULL) {

			PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
			goto err;
		}
		break;
	default:

		PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}

	/* We will be checking the signature */
	if (md_sk != NULL) {
		for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
			xa = sk_X509_ALGOR_value(md_sk, i);
			if ((btmp = BIO_new(BIO_f_md())) == NULL) {

				PKCS7error(ERR_R_BIO_LIB);
				goto err;
			}

			j = OBJ_obj2nid(xa->algorithm);
			evp_md = EVP_get_digestbynid(j);
			if (evp_md == NULL) {

				PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
				goto err;
			}

			BIO_set_md(btmp, evp_md);
			if (out == NULL)
				out = btmp;
			else
				BIO_push(out, btmp);
			btmp = NULL;
		}
	}

	if (evp_cipher != NULL) {
		if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
			PKCS7error(ERR_R_BIO_LIB);
			goto err;
		}

		/* It was encrypted, we need to decrypt the secret key
		 * with the private key */

		/* Find the recipientInfo which matches the passed certificate
		 * (if any)
		 */
		if (pcert) {
			for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
				ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
				if (!pkcs7_cmp_ri(ri, pcert))
					break;
				ri = NULL;
			}
			if (ri == NULL) {

				PKCS7error(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
				goto err;
			}
		}

		/* If we haven't got a certificate try each ri in turn */
		if (pcert == NULL) {
			/* Always attempt to decrypt all rinfo even
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707

static BIO *
PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
{
	for (;;) {
		bio = BIO_find_type(bio, BIO_TYPE_MD);
		if (bio == NULL) {
			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
			    PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
			return NULL;
		}
		BIO_get_md_ctx(bio, pmd);
		if (*pmd == NULL) {
			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}
		if (EVP_MD_CTX_type(*pmd) == nid)
			return bio;
		bio = BIO_next(bio);
	}
	return NULL;
}

static int
do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
{
	unsigned char md_data[EVP_MAX_MD_SIZE];
	unsigned int md_len;

	/* Add signing time if not already present */
	if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
		if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
			PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}

	/* Add digest */
	if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
		return 0;
	}
	if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	/* Now sign the attributes */
	if (!PKCS7_SIGNER_INFO_sign(si))
		return 0;








<
|




<
|


















<
|






|



|







644
645
646
647
648
649
650

651
652
653
654
655

656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674

675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693

static BIO *
PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
{
	for (;;) {
		bio = BIO_find_type(bio, BIO_TYPE_MD);
		if (bio == NULL) {

			PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
			return NULL;
		}
		BIO_get_md_ctx(bio, pmd);
		if (*pmd == NULL) {

			PKCS7error(ERR_R_INTERNAL_ERROR);
			return NULL;
		}
		if (EVP_MD_CTX_type(*pmd) == nid)
			return bio;
		bio = BIO_next(bio);
	}
	return NULL;
}

static int
do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
{
	unsigned char md_data[EVP_MAX_MD_SIZE];
	unsigned int md_len;

	/* Add signing time if not already present */
	if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
		if (!PKCS7_add0_attrib_signing_time(si, NULL)) {

			PKCS7error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}

	/* Add digest */
	if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
		PKCS7error(ERR_R_EVP_LIB);
		return 0;
	}
	if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	/* Now sign the attributes */
	if (!PKCS7_SIGNER_INFO_sign(si))
		return 0;

718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
	PKCS7_SIGNER_INFO *si;
	EVP_MD_CTX *mdc, ctx_tmp;
	STACK_OF(X509_ATTRIBUTE) *sk;
	STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
	ASN1_OCTET_STRING *os = NULL;

	if (p7 == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
		    PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (p7->d.ptr == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
		return 0;
	}

	EVP_MD_CTX_init(&ctx_tmp);
	i = OBJ_obj2nid(p7->type);
	p7->state = PKCS7_S_HEADER;

	switch (i) {
	case NID_pkcs7_data:
		os = p7->d.data;
		break;
	case NID_pkcs7_signedAndEnveloped:
		/* XXX */
		si_sk = p7->d.signed_and_enveloped->signer_info;
		os = p7->d.signed_and_enveloped->enc_data->enc_data;
		if (!os) {
			os = ASN1_OCTET_STRING_new();
			if (!os) {
				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			p7->d.signed_and_enveloped->enc_data->enc_data = os;
		}
		break;
	case NID_pkcs7_enveloped:
		/* XXX */
		os = p7->d.enveloped->enc_data->enc_data;
		if (!os) {
			os = ASN1_OCTET_STRING_new();
			if (!os) {
				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			p7->d.enveloped->enc_data->enc_data = os;
		}
		break;
	case NID_pkcs7_signed:
		si_sk = p7->d.sign->signer_info;
		os = PKCS7_get_octet_string(p7->d.sign->contents);
		if (!PKCS7_is_detached(p7) && os == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
			goto err;
		}
		/* If detached data then the content is excluded */
		if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
			ASN1_OCTET_STRING_free(os);
			os = NULL;
			p7->d.sign->contents->d.data = NULL;
		}
		break;

	case NID_pkcs7_digest:
		os = PKCS7_get_octet_string(p7->d.digest->contents);
		if (os == NULL) {
			PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
			goto err;
		}
		/* If detached data then the content is excluded */
		if (PKCS7_type_is_data(p7->d.digest->contents) &&
		    p7->detached) {
			ASN1_OCTET_STRING_free(os);
			os = NULL;
			p7->d.digest->contents->d.data = NULL;
		}
		break;

	default:
		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}

	if (si_sk != NULL) {
		for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
			si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
			if (si->pkey == NULL)
				continue;

			j = OBJ_obj2nid(si->digest_alg->algorithm);

			btmp = bio;

			btmp = PKCS7_find_digest(&mdc, btmp, j);

			if (btmp == NULL)
				goto err;

			/* We now have the EVP_MD_CTX, lets do the
			 * signing. */
			if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
				goto err;








<
|




|


















<
|











<
|









|













|












<
|











<
<
|
<
<







704
705
706
707
708
709
710

711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734

735
736
737
738
739
740
741
742
743
744
745
746

747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783

784
785
786
787
788
789
790
791
792
793
794
795


796


797
798
799
800
801
802
803
	PKCS7_SIGNER_INFO *si;
	EVP_MD_CTX *mdc, ctx_tmp;
	STACK_OF(X509_ATTRIBUTE) *sk;
	STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
	ASN1_OCTET_STRING *os = NULL;

	if (p7 == NULL) {

		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (p7->d.ptr == NULL) {
		PKCS7error(PKCS7_R_NO_CONTENT);
		return 0;
	}

	EVP_MD_CTX_init(&ctx_tmp);
	i = OBJ_obj2nid(p7->type);
	p7->state = PKCS7_S_HEADER;

	switch (i) {
	case NID_pkcs7_data:
		os = p7->d.data;
		break;
	case NID_pkcs7_signedAndEnveloped:
		/* XXX */
		si_sk = p7->d.signed_and_enveloped->signer_info;
		os = p7->d.signed_and_enveloped->enc_data->enc_data;
		if (!os) {
			os = ASN1_OCTET_STRING_new();
			if (!os) {

				PKCS7error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			p7->d.signed_and_enveloped->enc_data->enc_data = os;
		}
		break;
	case NID_pkcs7_enveloped:
		/* XXX */
		os = p7->d.enveloped->enc_data->enc_data;
		if (!os) {
			os = ASN1_OCTET_STRING_new();
			if (!os) {

				PKCS7error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			p7->d.enveloped->enc_data->enc_data = os;
		}
		break;
	case NID_pkcs7_signed:
		si_sk = p7->d.sign->signer_info;
		os = PKCS7_get_octet_string(p7->d.sign->contents);
		if (!PKCS7_is_detached(p7) && os == NULL) {
			PKCS7error(PKCS7_R_DECODE_ERROR);
			goto err;
		}
		/* If detached data then the content is excluded */
		if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
			ASN1_OCTET_STRING_free(os);
			os = NULL;
			p7->d.sign->contents->d.data = NULL;
		}
		break;

	case NID_pkcs7_digest:
		os = PKCS7_get_octet_string(p7->d.digest->contents);
		if (os == NULL) {
			PKCS7error(PKCS7_R_DECODE_ERROR);
			goto err;
		}
		/* If detached data then the content is excluded */
		if (PKCS7_type_is_data(p7->d.digest->contents) &&
		    p7->detached) {
			ASN1_OCTET_STRING_free(os);
			os = NULL;
			p7->d.digest->contents->d.data = NULL;
		}
		break;

	default:

		PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}

	if (si_sk != NULL) {
		for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
			si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
			if (si->pkey == NULL)
				continue;

			j = OBJ_obj2nid(si->digest_alg->algorithm);



			if ((btmp = PKCS7_find_digest(&mdc, bio, j)) == NULL)


				goto err;

			/* We now have the EVP_MD_CTX, lets do the
			 * signing. */
			if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
				goto err;

836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
				abuflen = EVP_PKEY_size(si->pkey);
				abuf = malloc(abuflen);
				if (!abuf)
					goto err;

				if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
				    si->pkey)) {
					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
					    ERR_R_EVP_LIB);
					goto err;
				}
				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
			}
		}
	} else if (i == NID_pkcs7_digest) {
		unsigned char md_data[EVP_MAX_MD_SIZE];







<
|







814
815
816
817
818
819
820

821
822
823
824
825
826
827
828
				abuflen = EVP_PKEY_size(si->pkey);
				abuf = malloc(abuflen);
				if (!abuf)
					goto err;

				if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
				    si->pkey)) {

					PKCS7error(ERR_R_EVP_LIB);
					goto err;
				}
				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
			}
		}
	} else if (i == NID_pkcs7_digest) {
		unsigned char md_data[EVP_MAX_MD_SIZE];
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
			goto err;
		if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
			char *cont;
			long contlen;

			btmp = BIO_find_type(bio, BIO_TYPE_MEM);
			if (btmp == NULL) {
				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
				    PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
				goto err;
			}
			contlen = BIO_get_mem_data(btmp, &cont);
			/*
			 * Mark the BIO read only then we can use its copy
			 * of the data instead of making an extra copy.
			 */







<
|







847
848
849
850
851
852
853

854
855
856
857
858
859
860
861
			goto err;
		if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
			char *cont;
			long contlen;

			btmp = BIO_find_type(bio, BIO_TYPE_MEM);
			if (btmp == NULL) {

				PKCS7error(PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
				goto err;
			}
			contlen = BIO_get_mem_data(btmp, &cont);
			/*
			 * Mark the BIO read only then we can use its copy
			 * of the data instead of making an extra copy.
			 */
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946

	EVP_MD_CTX_init(&mctx);
	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
	    EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
		PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
		goto err;
	}

	alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
	    ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
	if (!abuf)
		goto err;
	if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
		goto err;
	free(abuf);
	abuf = NULL;
	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
		goto err;
	abuf = malloc(siglen);
	if (!abuf)
		goto err;
	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
	    EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
		PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
		goto err;
	}

	EVP_MD_CTX_cleanup(&mctx);

	ASN1_STRING_set0(si->enc_digest, abuf, siglen);








|




|
















|







886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922

	EVP_MD_CTX_init(&mctx);
	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
	    EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
		PKCS7error(PKCS7_R_CTRL_ERROR);
		goto err;
	}

	alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
	    &PKCS7_ATTR_SIGN_it);
	if (!abuf)
		goto err;
	if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
		goto err;
	free(abuf);
	abuf = NULL;
	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
		goto err;
	abuf = malloc(siglen);
	if (!abuf)
		goto err;
	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
	    EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
		PKCS7error(PKCS7_R_CTRL_ERROR);
		goto err;
	}

	EVP_MD_CTX_cleanup(&mctx);

	ASN1_STRING_set0(si->enc_digest, abuf, siglen);

958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000



1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
{
	PKCS7_ISSUER_AND_SERIAL *ias;
	int ret = 0, i;
	STACK_OF(X509) *cert;
	X509 *x509;

	if (p7 == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
		    PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (p7->d.ptr == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
		return 0;
	}

	if (PKCS7_type_is_signed(p7)) {
		cert = p7->d.sign->cert;
	} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
		cert = p7->d.signed_and_enveloped->cert;
	} else {
		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
		goto err;
	}
	/* XXXX */
	ias = si->issuer_and_serial;

	x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);

	/* were we able to find the cert in passed to us */
	if (x509 == NULL) {
		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
		    PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
		goto err;
	}

	/* Lets verify */
	if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
		goto err;
	}
	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);



	i = X509_verify_cert(ctx);
	if (i <= 0) {
		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
		X509_STORE_CTX_cleanup(ctx);
		goto err;
	}
	X509_STORE_CTX_cleanup(ctx);

	return PKCS7_signatureVerify(bio, p7, si, x509);
err:







<
|




|








|









<
|





|


|
>
>
>


|







934
935
936
937
938
939
940

941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964

965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
{
	PKCS7_ISSUER_AND_SERIAL *ias;
	int ret = 0, i;
	STACK_OF(X509) *cert;
	X509 *x509;

	if (p7 == NULL) {

		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (p7->d.ptr == NULL) {
		PKCS7error(PKCS7_R_NO_CONTENT);
		return 0;
	}

	if (PKCS7_type_is_signed(p7)) {
		cert = p7->d.sign->cert;
	} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
		cert = p7->d.signed_and_enveloped->cert;
	} else {
		PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
		goto err;
	}
	/* XXXX */
	ias = si->issuer_and_serial;

	x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);

	/* were we able to find the cert in passed to us */
	if (x509 == NULL) {

		PKCS7error(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
		goto err;
	}

	/* Lets verify */
	if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
		PKCS7error(ERR_R_X509_LIB);
		goto err;
	}
	if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) {
		X509_STORE_CTX_cleanup(ctx);
		goto err;
	}
	i = X509_verify_cert(ctx);
	if (i <= 0) {
		PKCS7error(ERR_R_X509_LIB);
		X509_STORE_CTX_cleanup(ctx);
		goto err;
	}
	X509_STORE_CTX_cleanup(ctx);

	return PKCS7_signatureVerify(bio, p7, si, x509);
err:
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
	BIO *btmp;
	EVP_PKEY *pkey;

	EVP_MD_CTX_init(&mdc_tmp);

	if (!PKCS7_type_is_signed(p7) &&
	    !PKCS7_type_is_signedAndEnveloped(p7)) {
		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
		    PKCS7_R_WRONG_PKCS7_TYPE);
		goto err;
	}

	md_type = OBJ_obj2nid(si->digest_alg->algorithm);

	btmp = bio;
	for (;;) {
		if ((btmp == NULL) ||
		    ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
			    PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
			goto err;
		}
		BIO_get_md_ctx(btmp, &mdc);
		if (mdc == NULL) {
			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}
		if (EVP_MD_CTX_type(mdc) == md_type)
			break;
		/* Workaround for some broken clients that put the signature
		 * OID instead of the digest OID in digest_alg->algorithm
		 */







<
|









<
|




<
|







1000
1001
1002
1003
1004
1005
1006

1007
1008
1009
1010
1011
1012
1013
1014
1015
1016

1017
1018
1019
1020
1021

1022
1023
1024
1025
1026
1027
1028
1029
	BIO *btmp;
	EVP_PKEY *pkey;

	EVP_MD_CTX_init(&mdc_tmp);

	if (!PKCS7_type_is_signed(p7) &&
	    !PKCS7_type_is_signedAndEnveloped(p7)) {

		PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
		goto err;
	}

	md_type = OBJ_obj2nid(si->digest_alg->algorithm);

	btmp = bio;
	for (;;) {
		if ((btmp == NULL) ||
		    ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {

			PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
			goto err;
		}
		BIO_get_md_ctx(btmp, &mdc);
		if (mdc == NULL) {

			PKCS7error(ERR_R_INTERNAL_ERROR);
			goto err;
		}
		if (EVP_MD_CTX_type(mdc) == md_type)
			break;
		/* Workaround for some broken clients that put the signature
		 * OID instead of the digest OID in digest_alg->algorithm
		 */
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
		int alen;
		ASN1_OCTET_STRING *message_digest;

		if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
			goto err;
		message_digest = PKCS7_digest_from_attributes(sk);
		if (!message_digest) {
			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
			    PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
			goto err;
		}
		if ((message_digest->length != (int)md_len) ||
		    (memcmp(message_digest->data, md_dat, md_len))) {
			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
			    PKCS7_R_DIGEST_FAILURE);
			ret = -1;
			goto err;
		}

		if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
		    NULL))
			goto err;

		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
		    ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
		if (alen <= 0) {
			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
			ret = -1;
			goto err;
		}
		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
			goto err;

		free(abuf);
	}

	os = si->enc_digest;
	pkey = X509_get_pubkey(x509);
	if (!pkey) {
		ret = -1;
		goto err;
	}

	i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
	EVP_PKEY_free(pkey);
	if (i <= 0) {
		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
		    PKCS7_R_SIGNATURE_FAILURE);
		ret = -1;
		goto err;
	} else
		ret = 1;
err:
	EVP_MD_CTX_cleanup(&mdc_tmp);
	return (ret);







<
|




<
|









|

|



















<
|







1044
1045
1046
1047
1048
1049
1050

1051
1052
1053
1054
1055

1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087

1088
1089
1090
1091
1092
1093
1094
1095
		int alen;
		ASN1_OCTET_STRING *message_digest;

		if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
			goto err;
		message_digest = PKCS7_digest_from_attributes(sk);
		if (!message_digest) {

			PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
			goto err;
		}
		if ((message_digest->length != (int)md_len) ||
		    (memcmp(message_digest->data, md_dat, md_len))) {

			PKCS7error(PKCS7_R_DIGEST_FAILURE);
			ret = -1;
			goto err;
		}

		if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
		    NULL))
			goto err;

		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
		    &PKCS7_ATTR_VERIFY_it);
		if (alen <= 0) {
			PKCS7error(ERR_R_ASN1_LIB);
			ret = -1;
			goto err;
		}
		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
			goto err;

		free(abuf);
	}

	os = si->enc_digest;
	pkey = X509_get_pubkey(x509);
	if (!pkey) {
		ret = -1;
		goto err;
	}

	i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
	EVP_PKEY_free(pkey);
	if (i <= 0) {

		PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
		ret = -1;
		goto err;
	} else
		ret = 1;
err:
	EVP_MD_CTX_cleanup(&mdc_tmp);
	return (ret);
Changes to jni/libressl/crypto/pkcs7/pk7_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_lib.c,v 1.17 2015/09/30 17:30:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
			if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
				ASN1_OCTET_STRING *os;
				os = p7->d.sign->contents->d.data;
				ASN1_OCTET_STRING_free(os);
				p7->d.sign->contents->d.data = NULL;
			}
		} else {
			PKCS7err(PKCS7_F_PKCS7_CTRL,
			    PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
			ret = 0;
		}
		break;
	case PKCS7_OP_GET_DETACHED_SIGNATURE:
		if (nid == NID_pkcs7_signed) {
			if (!p7->d.sign  || !p7->d.sign->contents->d.ptr)
				ret = 1;
			else
				ret = 0;

			p7->detached = ret;
		} else {
			PKCS7err(PKCS7_F_PKCS7_CTRL,
			    PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
			ret = 0;
		}

		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
		ret = 0;
	}
	return (ret);
}

int
PKCS7_content_new(PKCS7 *p7, int type)







<
|












<
|





|







79
80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96
97
98

99
100
101
102
103
104
105
106
107
108
109
110
111
112
			if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
				ASN1_OCTET_STRING *os;
				os = p7->d.sign->contents->d.data;
				ASN1_OCTET_STRING_free(os);
				p7->d.sign->contents->d.data = NULL;
			}
		} else {

			PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
			ret = 0;
		}
		break;
	case PKCS7_OP_GET_DETACHED_SIGNATURE:
		if (nid == NID_pkcs7_signed) {
			if (!p7->d.sign  || !p7->d.sign->contents->d.ptr)
				ret = 1;
			else
				ret = 0;

			p7->detached = ret;
		} else {

			PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
			ret = 0;
		}

		break;
	default:
		PKCS7error(PKCS7_R_UNKNOWN_OPERATION);
		ret = 0;
	}
	return (ret);
}

int
PKCS7_content_new(PKCS7 *p7, int type)
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
		p7->d.digest->contents = p7_data;
		break;
	case NID_pkcs7_data:
	case NID_pkcs7_enveloped:
	case NID_pkcs7_signedAndEnveloped:
	case NID_pkcs7_encrypted:
	default:
		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,
		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}
	return (1);
err:
	return (0);
}








<
|







145
146
147
148
149
150
151

152
153
154
155
156
157
158
159
		p7->d.digest->contents = p7_data;
		break;
	case NID_pkcs7_data:
	case NID_pkcs7_enveloped:
	case NID_pkcs7_signedAndEnveloped:
	case NID_pkcs7_encrypted:
	default:

		PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}
	return (1);
err:
	return (0);
}

218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
		p7->type = obj;
		if ((p7->d.digest = PKCS7_DIGEST_new()) == NULL)
			goto err;
		if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
			goto err;
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,
		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}
	return (1);
err:
	return (0);
}








<
|







215
216
217
218
219
220
221

222
223
224
225
226
227
228
229
		p7->type = obj;
		if ((p7->d.digest = PKCS7_DIGEST_new()) == NULL)
			goto err;
		if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
			goto err;
		break;
	default:

		PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
	}
	return (1);
err:
	return (0);
}

254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
		md_sk = p7->d.sign->md_algs;
		break;
	case NID_pkcs7_signedAndEnveloped:
		signer_sk = p7->d.signed_and_enveloped->signer_info;
		md_sk = p7->d.signed_and_enveloped->md_algs;
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	nid = OBJ_obj2nid(psi->digest_alg->algorithm);

	/* If the digest is not currently listed, add it */
	j = 0;
	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
		alg = sk_X509_ALGOR_value(md_sk, i);
		if (OBJ_obj2nid(alg->algorithm) == nid) {
			j = 1;
			break;
		}
	}
	if (!j) /* we need to add another algorithm */
	{
		if (!(alg = X509_ALGOR_new()) ||
		    !(alg->parameter = ASN1_TYPE_new())) {
			X509_ALGOR_free(alg);
			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,
			    ERR_R_MALLOC_FAILURE);
			return (0);
		}
		alg->algorithm = OBJ_nid2obj(nid);
		alg->parameter->type = V_ASN1_NULL;
		if (!sk_X509_ALGOR_push(md_sk, alg)) {
			X509_ALGOR_free(alg);
			return 0;







|



















<
|







250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276

277
278
279
280
281
282
283
284
		md_sk = p7->d.sign->md_algs;
		break;
	case NID_pkcs7_signedAndEnveloped:
		signer_sk = p7->d.signed_and_enveloped->signer_info;
		md_sk = p7->d.signed_and_enveloped->md_algs;
		break;
	default:
		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	nid = OBJ_obj2nid(psi->digest_alg->algorithm);

	/* If the digest is not currently listed, add it */
	j = 0;
	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
		alg = sk_X509_ALGOR_value(md_sk, i);
		if (OBJ_obj2nid(alg->algorithm) == nid) {
			j = 1;
			break;
		}
	}
	if (!j) /* we need to add another algorithm */
	{
		if (!(alg = X509_ALGOR_new()) ||
		    !(alg->parameter = ASN1_TYPE_new())) {
			X509_ALGOR_free(alg);

			PKCS7error(ERR_R_MALLOC_FAILURE);
			return (0);
		}
		alg->algorithm = OBJ_nid2obj(nid);
		alg->parameter->type = V_ASN1_NULL;
		if (!sk_X509_ALGOR_push(md_sk, alg)) {
			X509_ALGOR_free(alg);
			return 0;
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
	case NID_pkcs7_signed:
		sk = &(p7->d.sign->cert);
		break;
	case NID_pkcs7_signedAndEnveloped:
		sk = &(p7->d.signed_and_enveloped->cert);
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,
		    PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	if (*sk == NULL)
		*sk = sk_X509_new_null();
	if (*sk == NULL) {
		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
	if (!sk_X509_push(*sk, x509)) {
		X509_free(x509);
		return 0;
	}







<
|






|







301
302
303
304
305
306
307

308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
	case NID_pkcs7_signed:
		sk = &(p7->d.sign->cert);
		break;
	case NID_pkcs7_signedAndEnveloped:
		sk = &(p7->d.signed_and_enveloped->cert);
		break;
	default:

		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	if (*sk == NULL)
		*sk = sk_X509_new_null();
	if (*sk == NULL) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
	if (!sk_X509_push(*sk, x509)) {
		X509_free(x509);
		return 0;
	}
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
	case NID_pkcs7_signed:
		sk = &(p7->d.sign->crl);
		break;
	case NID_pkcs7_signedAndEnveloped:
		sk = &(p7->d.signed_and_enveloped->crl);
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	if (*sk == NULL)
		*sk = sk_X509_CRL_new_null();
	if (*sk == NULL) {
		PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
	if (!sk_X509_CRL_push(*sk, crl)) {
		X509_CRL_free(crl);
		return 0;







|






|







334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
	case NID_pkcs7_signed:
		sk = &(p7->d.sign->crl);
		break;
	case NID_pkcs7_signedAndEnveloped:
		sk = &(p7->d.signed_and_enveloped->crl);
		break;
	default:
		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	if (*sk == NULL)
		*sk = sk_X509_CRL_new_null();
	if (*sk == NULL) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
	if (!sk_X509_CRL_push(*sk, crl)) {
		X509_CRL_free(crl);
		return 0;
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431

	if (pkey->ameth && pkey->ameth->pkey_ctrl) {
		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
		    0, p7i);
		if (ret > 0)
			return 1;
		if (ret != -2) {
			PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
			    PKCS7_R_SIGNING_CTRL_FAILURE);
			return 0;
		}
	}
	PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
	    PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
err:
	return 0;
}

PKCS7_SIGNER_INFO *
PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
{
	PKCS7_SIGNER_INFO *si = NULL;

	if (dgst == NULL) {
		int def_nid;
		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
			goto err;
		dgst = EVP_get_digestbynid(def_nid);
		if (dgst == NULL) {
			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
			    PKCS7_R_NO_DEFAULT_DIGEST);
			goto err;
		}
	}

	if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
		goto err;
	if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))







<
|



<
|















<
|







388
389
390
391
392
393
394

395
396
397
398

399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414

415
416
417
418
419
420
421
422

	if (pkey->ameth && pkey->ameth->pkey_ctrl) {
		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
		    0, p7i);
		if (ret > 0)
			return 1;
		if (ret != -2) {

			PKCS7error(PKCS7_R_SIGNING_CTRL_FAILURE);
			return 0;
		}
	}

	PKCS7error(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
err:
	return 0;
}

PKCS7_SIGNER_INFO *
PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
{
	PKCS7_SIGNER_INFO *si = NULL;

	if (dgst == NULL) {
		int def_nid;
		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
			goto err;
		dgst = EVP_get_digestbynid(def_nid);
		if (dgst == NULL) {

			PKCS7error(PKCS7_R_NO_DEFAULT_DIGEST);
			goto err;
		}
	}

	if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
		goto err;
	if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
}

int
PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
{
	if (PKCS7_type_is_digest(p7)) {
		if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
			PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		p7->d.digest->md->parameter->type = V_ASN1_NULL;
		p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
		return 1;
	}

	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
	return 1;
}

STACK_OF(PKCS7_SIGNER_INFO) *
PKCS7_get_signer_info(PKCS7 *p7)
{
	if (p7 == NULL || p7->d.ptr == NULL)







<
|







|







431
432
433
434
435
436
437

438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
}

int
PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
{
	if (PKCS7_type_is_digest(p7)) {
		if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {

			PKCS7error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		p7->d.digest->md->parameter->type = V_ASN1_NULL;
		p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
		return 1;
	}

	PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
	return 1;
}

STACK_OF(PKCS7_SIGNER_INFO) *
PKCS7_get_signer_info(PKCS7 *p7)
{
	if (p7 == NULL || p7->d.ptr == NULL)
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
	case NID_pkcs7_signedAndEnveloped:
		sk = p7->d.signed_and_enveloped->recipientinfo;
		break;
	case NID_pkcs7_enveloped:
		sk = p7->d.enveloped->recipientinfo;
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
		    PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
		return 0;
	return (1);
}







<
|







508
509
510
511
512
513
514

515
516
517
518
519
520
521
522
	case NID_pkcs7_signedAndEnveloped:
		sk = p7->d.signed_and_enveloped->recipientinfo;
		break;
	case NID_pkcs7_enveloped:
		sk = p7->d.enveloped->recipientinfo;
		break;
	default:

		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
		return 0;
	return (1);
}
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
	if (!(p7i->issuer_and_serial->serial =
	    ASN1_STRING_dup(X509_get_serialNumber(x509))))
		return 0;

	pkey = X509_get_pubkey(x509);

	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
	}

	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
	    0, p7i);
	if (ret == -2) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
	}
	if (ret <= 0) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		    PKCS7_R_ENCRYPTION_CTRL_FAILURE);
		goto err;
	}

	EVP_PKEY_free(pkey);

	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
	p7i->cert = x509;







<
|






<
|



<
|







536
537
538
539
540
541
542

543
544
545
546
547
548
549

550
551
552
553

554
555
556
557
558
559
560
561
	if (!(p7i->issuer_and_serial->serial =
	    ASN1_STRING_dup(X509_get_serialNumber(x509))))
		return 0;

	pkey = X509_get_pubkey(x509);

	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {

		PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
	}

	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
	    0, p7i);
	if (ret == -2) {

		PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
	}
	if (ret <= 0) {

		PKCS7error(PKCS7_R_ENCRYPTION_CTRL_FAILURE);
		goto err;
	}

	EVP_PKEY_free(pkey);

	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
	p7i->cert = x509;
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
	case NID_pkcs7_signedAndEnveloped:
		ec = p7->d.signed_and_enveloped->enc_data;
		break;
	case NID_pkcs7_enveloped:
		ec = p7->d.enveloped->enc_data;
		break;
	default:
		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	/* Check cipher OID exists and has data in it*/
	i = EVP_CIPHER_type(cipher);
	if (i == NID_undef) {
		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
		    PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
		return (0);
	}

	ec->cipher = cipher;
	return 1;
}








|






<
|







589
590
591
592
593
594
595
596
597
598
599
600
601
602

603
604
605
606
607
608
609
610
	case NID_pkcs7_signedAndEnveloped:
		ec = p7->d.signed_and_enveloped->enc_data;
		break;
	case NID_pkcs7_enveloped:
		ec = p7->d.enveloped->enc_data;
		break;
	default:
		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return (0);
	}

	/* Check cipher OID exists and has data in it*/
	i = EVP_CIPHER_type(cipher);
	if (i == NID_undef) {

		PKCS7error(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
		return (0);
	}

	ec->cipher = cipher;
	return 1;
}

Changes to jni/libressl/crypto/pkcs7/pk7_mime.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_mime.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_mime.c,v 1.13 2016/12/30 15:38:13 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

/* PKCS#7 wrappers round generalised stream and MIME routines */

int
i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
{
	return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
	    ASN1_ITEM_rptr(PKCS7));
}

int
PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
{
	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
	    "PKCS7", ASN1_ITEM_rptr(PKCS7));
}

int
SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
	STACK_OF(X509_ALGOR) *mdalgs;
	int ctype_nid = OBJ_obj2nid(p7->type);
	if (ctype_nid == NID_pkcs7_signed)
		mdalgs = p7->d.sign->md_algs;
	else
		mdalgs = NULL;

	flags ^= SMIME_OLDMIME;


	return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
	    ctype_nid, NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7));
}

PKCS7 *
SMIME_read_PKCS7(BIO *bio, BIO **bcont)
{
	return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
}







|






|
















|





|

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

/* PKCS#7 wrappers round generalised stream and MIME routines */

int
i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
{
	return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
	    &PKCS7_it);
}

int
PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
{
	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
	    "PKCS7", &PKCS7_it);
}

int
SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
	STACK_OF(X509_ALGOR) *mdalgs;
	int ctype_nid = OBJ_obj2nid(p7->type);
	if (ctype_nid == NID_pkcs7_signed)
		mdalgs = p7->d.sign->md_algs;
	else
		mdalgs = NULL;

	flags ^= SMIME_OLDMIME;


	return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
	    ctype_nid, NID_undef, mdalgs, &PKCS7_it);
}

PKCS7 *
SMIME_read_PKCS7(BIO *bio, BIO **bcont)
{
	return (PKCS7 *)SMIME_read_ASN1(bio, bcont, &PKCS7_it);
}
Changes to jni/libressl/crypto/pkcs7/pk7_smime.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_smime.c,v 1.19 2014/11/09 19:17:13 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
    int flags)
{
	PKCS7 *p7;
	int i;

	if (!(p7 = PKCS7_new())) {
		PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
		goto err;

	if (!PKCS7_content_new(p7, NID_pkcs7_data))
		goto err;

	if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
		PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
		goto err;
	}

	if (!(flags & PKCS7_NOCERTS)) {
		for (i = 0; i < sk_X509_num(certs); i++) {
			if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
				goto err;







|










|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
    int flags)
{
	PKCS7 *p7;
	int i;

	if (!(p7 = PKCS7_new())) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
		goto err;

	if (!PKCS7_content_new(p7, NID_pkcs7_data))
		goto err;

	if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
		PKCS7error(PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
		goto err;
	}

	if (!(flags & PKCS7_NOCERTS)) {
		for (i = 0; i < sk_X509_num(certs); i++) {
			if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
				goto err;
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
int
PKCS7_final(PKCS7 *p7, BIO *data, int flags)
{
	BIO *p7bio;
	int ret = 0;

	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
		PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	SMIME_crlf_copy(data, p7bio, flags);

	(void)BIO_flush(p7bio);

	if (!PKCS7_dataFinal(p7, p7bio)) {
		PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
		goto err;
	}

	ret = 1;

err:
	BIO_free_all(p7bio);







|








|







113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
int
PKCS7_final(PKCS7 *p7, BIO *data, int flags)
{
	BIO *p7bio;
	int ret = 0;

	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	SMIME_crlf_copy(data, p7bio, flags);

	(void)BIO_flush(p7bio);

	if (!PKCS7_dataFinal(p7, p7bio)) {
		PKCS7error(PKCS7_R_PKCS7_DATASIGN);
		goto err;
	}

	ret = 1;

err:
	BIO_free_all(p7bio);
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
    const EVP_MD *md, int flags)
{
	PKCS7_SIGNER_INFO *si = NULL;
	STACK_OF(X509_ALGOR) *smcap = NULL;

	if (!X509_check_private_key(signcert, pkey)) {
		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
		    PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		return NULL;
	}

	if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
		    PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
		return NULL;
	}

	if (!(flags & PKCS7_NOCERTS)) {
		if (!PKCS7_add_certificate(p7, signcert))
			goto err;
	}

	if (!(flags & PKCS7_NOATTR)) {
		if (!PKCS7_add_attrib_content_type(si, NULL))
			goto err;
		/* Add SMIMECapabilities */
		if (!(flags & PKCS7_NOSMIMECAP)) {
			if (!(smcap = sk_X509_ALGOR_new_null())) {
				PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
			    !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
			    !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
			    !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
			    !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||







<
|




<
|














<
|







160
161
162
163
164
165
166

167
168
169
170
171

172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

187
188
189
190
191
192
193
194
PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
    const EVP_MD *md, int flags)
{
	PKCS7_SIGNER_INFO *si = NULL;
	STACK_OF(X509_ALGOR) *smcap = NULL;

	if (!X509_check_private_key(signcert, pkey)) {

		PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		return NULL;
	}

	if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {

		PKCS7error(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
		return NULL;
	}

	if (!(flags & PKCS7_NOCERTS)) {
		if (!PKCS7_add_certificate(p7, signcert))
			goto err;
	}

	if (!(flags & PKCS7_NOATTR)) {
		if (!PKCS7_add_attrib_content_type(si, NULL))
			goto err;
		/* Add SMIMECapabilities */
		if (!(flags & PKCS7_NOSMIMECAP)) {
			if (!(smcap = sk_X509_ALGOR_new_null())) {

				PKCS7error(ERR_R_MALLOC_FAILURE);
				goto err;
			}
			if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
			    !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
			    !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
			    !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
			    !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323





324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
		}

	}

	if (osdig)
		return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);

	PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
	    PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
	return 0;
}

int
PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
    BIO *out, int flags)
{
	STACK_OF(X509) *signers;
	X509 *signer;
	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
	PKCS7_SIGNER_INFO *si;
	X509_STORE_CTX cert_ctx;
	char buf[4096];
	int i, j = 0, k, ret = 0;
	BIO *p7bio;
	BIO *tmpin, *tmpout;

	if (!p7) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (!PKCS7_type_is_signed(p7)) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
		return 0;
	}

	/* Check for no data and no content: no data to verify signature */
	if (PKCS7_get_detached(p7) && !indata) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
		return 0;
	}

	/*
	 * Very old Netscape illegally included empty content with
	 * a detached signature.  Very old users should upgrade.
	 */
	/* Check for data and content: two sets of data */
	if (!PKCS7_get_detached(p7) && indata) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
		return 0;
	}

	sinfos = PKCS7_get_signer_info(p7);

	if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
		return 0;
	}


	signers = PKCS7_get0_signers(p7, certs, flags);

	if (!signers)
		return 0;

	/* Now verify the certificates */

	if (!(flags & PKCS7_NOVERIFY))
		for (k = 0; k < sk_X509_num(signers); k++) {
			signer = sk_X509_value (signers, k);
			if  (!(flags & PKCS7_NOCHAIN)) {
				if (!X509_STORE_CTX_init(&cert_ctx, store,
				    signer, p7->d.sign->cert)) {
					PKCS7err(PKCS7_F_PKCS7_VERIFY,
					    ERR_R_X509_LIB);





					sk_X509_free(signers);
					return 0;
				}
				X509_STORE_CTX_set_default(&cert_ctx,
				    "smime_sign");
			} else if (!X509_STORE_CTX_init(&cert_ctx, store,
			    signer, NULL)) {
				PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
				sk_X509_free(signers);
				return 0;
			}
			if (!(flags & PKCS7_NOCRL))
				X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
			i = X509_verify_cert(&cert_ctx);
			if (i <= 0)
				j = X509_STORE_CTX_get_error(&cert_ctx);
			X509_STORE_CTX_cleanup(&cert_ctx);
			if (i <= 0) {
				PKCS7err(PKCS7_F_PKCS7_VERIFY,
				    PKCS7_R_CERTIFICATE_VERIFY_ERROR);
				ERR_asprintf_error_data("Verify error:%s",
				    X509_verify_cert_error_string(j));
				sk_X509_free(signers);
				return 0;
			}
			/* Check for revocation status here */
		}







<
|


















|




|





|









|






|

















<
|
>
>
>
>
>



<
<


|










<
|







246
247
248
249
250
251
252

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317

318
319
320
321
322
323
324
325
326


327
328
329
330
331
332
333
334
335
336
337
338
339

340
341
342
343
344
345
346
347
		}

	}

	if (osdig)
		return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);


	PKCS7error(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
	return 0;
}

int
PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
    BIO *out, int flags)
{
	STACK_OF(X509) *signers;
	X509 *signer;
	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
	PKCS7_SIGNER_INFO *si;
	X509_STORE_CTX cert_ctx;
	char buf[4096];
	int i, j = 0, k, ret = 0;
	BIO *p7bio;
	BIO *tmpin, *tmpout;

	if (!p7) {
		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (!PKCS7_type_is_signed(p7)) {
		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return 0;
	}

	/* Check for no data and no content: no data to verify signature */
	if (PKCS7_get_detached(p7) && !indata) {
		PKCS7error(PKCS7_R_NO_CONTENT);
		return 0;
	}

	/*
	 * Very old Netscape illegally included empty content with
	 * a detached signature.  Very old users should upgrade.
	 */
	/* Check for data and content: two sets of data */
	if (!PKCS7_get_detached(p7) && indata) {
		PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT);
		return 0;
	}

	sinfos = PKCS7_get_signer_info(p7);

	if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
		PKCS7error(PKCS7_R_NO_SIGNATURES_ON_DATA);
		return 0;
	}


	signers = PKCS7_get0_signers(p7, certs, flags);

	if (!signers)
		return 0;

	/* Now verify the certificates */

	if (!(flags & PKCS7_NOVERIFY))
		for (k = 0; k < sk_X509_num(signers); k++) {
			signer = sk_X509_value (signers, k);
			if  (!(flags & PKCS7_NOCHAIN)) {
				if (!X509_STORE_CTX_init(&cert_ctx, store,
				    signer, p7->d.sign->cert)) {

					PKCS7error(ERR_R_X509_LIB);
					sk_X509_free(signers);
					return 0;
				}
				if (X509_STORE_CTX_set_default(&cert_ctx,
				    "smime_sign") == 0) {
					sk_X509_free(signers);
					return 0;
				}


			} else if (!X509_STORE_CTX_init(&cert_ctx, store,
			    signer, NULL)) {
				PKCS7error(ERR_R_X509_LIB);
				sk_X509_free(signers);
				return 0;
			}
			if (!(flags & PKCS7_NOCRL))
				X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
			i = X509_verify_cert(&cert_ctx);
			if (i <= 0)
				j = X509_STORE_CTX_get_error(&cert_ctx);
			X509_STORE_CTX_cleanup(&cert_ctx);
			if (i <= 0) {

				PKCS7error(PKCS7_R_CERTIFICATE_VERIFY_ERROR);
				ERR_asprintf_error_data("Verify error:%s",
				    X509_verify_cert_error_string(j));
				sk_X509_free(signers);
				return 0;
			}
			/* Check for revocation status here */
		}
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
		char *ptr;
		long len;

		len = BIO_get_mem_data(indata, &ptr);
		tmpin = BIO_new_mem_buf(ptr, len);
		if (tmpin == NULL) {
			PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
			return 0;
		}
	} else
		tmpin = indata;


	if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
		goto err;

	if (flags & PKCS7_TEXT) {
		if (!(tmpout = BIO_new(BIO_s_mem()))) {
			PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		BIO_set_mem_eof_return(tmpout, 0);
	} else
		tmpout = out;

	/* We now have to 'read' from p7bio to calculate digests etc. */
	for (;;) {
		i = BIO_read(p7bio, buf, sizeof(buf));
		if (i <= 0)
			break;
		if (tmpout)
			BIO_write(tmpout, buf, i);
	}

	if (flags & PKCS7_TEXT) {
		if (!SMIME_text(tmpout, out)) {
			PKCS7err(PKCS7_F_PKCS7_VERIFY,
			    PKCS7_R_SMIME_TEXT_ERROR);
			BIO_free(tmpout);
			goto err;
		}
		BIO_free(tmpout);
	}

	/* Now Verify All Signatures */
	if (!(flags & PKCS7_NOSIGS))
		for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
			si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
			signer = sk_X509_value (signers, i);
			j = PKCS7_signatureVerify(p7bio, p7, si, signer);
			if (j <= 0) {
				PKCS7err(PKCS7_F_PKCS7_VERIFY,
				    PKCS7_R_SIGNATURE_FAILURE);
				goto err;
			}
		}

	ret = 1;

err:







|











|

















<
|













<
|







356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392

393
394
395
396
397
398
399
400
401
402
403
404
405
406

407
408
409
410
411
412
413
414
	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
		char *ptr;
		long len;

		len = BIO_get_mem_data(indata, &ptr);
		tmpin = BIO_new_mem_buf(ptr, len);
		if (tmpin == NULL) {
			PKCS7error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	} else
		tmpin = indata;


	if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
		goto err;

	if (flags & PKCS7_TEXT) {
		if (!(tmpout = BIO_new(BIO_s_mem()))) {
			PKCS7error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		BIO_set_mem_eof_return(tmpout, 0);
	} else
		tmpout = out;

	/* We now have to 'read' from p7bio to calculate digests etc. */
	for (;;) {
		i = BIO_read(p7bio, buf, sizeof(buf));
		if (i <= 0)
			break;
		if (tmpout)
			BIO_write(tmpout, buf, i);
	}

	if (flags & PKCS7_TEXT) {
		if (!SMIME_text(tmpout, out)) {

			PKCS7error(PKCS7_R_SMIME_TEXT_ERROR);
			BIO_free(tmpout);
			goto err;
		}
		BIO_free(tmpout);
	}

	/* Now Verify All Signatures */
	if (!(flags & PKCS7_NOSIGS))
		for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
			si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
			signer = sk_X509_value (signers, i);
			j = PKCS7_signatureVerify(p7bio, p7, si, signer);
			if (j <= 0) {

				PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
				goto err;
			}
		}

	ret = 1;

err:
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
	PKCS7_SIGNER_INFO *si;
	PKCS7_ISSUER_AND_SERIAL *ias;
	X509 *signer;
	int i;

	if (!p7) {
		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
		    PKCS7_R_INVALID_NULL_POINTER);
		return NULL;
	}

	if (!PKCS7_type_is_signed(p7)) {
		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
		    PKCS7_R_WRONG_CONTENT_TYPE);
		return NULL;
	}

	/* Collect all the signers together */
	sinfos = PKCS7_get_signer_info(p7);
	if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
		return 0;
	}

	if (!(signers = sk_X509_new_null())) {
		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
		si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
		ias = si->issuer_and_serial;
		signer = NULL;
		/* If any certificates passed they take priority */
		if (certs)
			signer = X509_find_by_issuer_and_serial (certs,
			    ias->issuer, ias->serial);
		if (!signer && !(flags & PKCS7_NOINTERN) && p7->d.sign->cert)
			signer =
			    X509_find_by_issuer_and_serial(p7->d.sign->cert,
			      ias->issuer, ias->serial);
		if (!signer) {
			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
			    PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
			sk_X509_free(signers);
			return 0;
		}

		if (!sk_X509_push(signers, signer)) {
			sk_X509_free(signers);
			return NULL;







<
|




<
|






|




|
















<
|







429
430
431
432
433
434
435

436
437
438
439
440

441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469

470
471
472
473
474
475
476
477
	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
	PKCS7_SIGNER_INFO *si;
	PKCS7_ISSUER_AND_SERIAL *ias;
	X509 *signer;
	int i;

	if (!p7) {

		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return NULL;
	}

	if (!PKCS7_type_is_signed(p7)) {

		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return NULL;
	}

	/* Collect all the signers together */
	sinfos = PKCS7_get_signer_info(p7);
	if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
		PKCS7error(PKCS7_R_NO_SIGNERS);
		return 0;
	}

	if (!(signers = sk_X509_new_null())) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
		si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
		ias = si->issuer_and_serial;
		signer = NULL;
		/* If any certificates passed they take priority */
		if (certs)
			signer = X509_find_by_issuer_and_serial (certs,
			    ias->issuer, ias->serial);
		if (!signer && !(flags & PKCS7_NOINTERN) && p7->d.sign->cert)
			signer =
			    X509_find_by_issuer_and_serial(p7->d.sign->cert,
			      ias->issuer, ias->serial);
		if (!signer) {

			PKCS7error(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
			sk_X509_free(signers);
			return 0;
		}

		if (!sk_X509_push(signers, signer)) {
			sk_X509_free(signers);
			return NULL;
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
{
	PKCS7 *p7;
	BIO *p7bio = NULL;
	int i;
	X509 *x509;

	if (!(p7 = PKCS7_new())) {
		PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
		goto err;
	if (!PKCS7_set_cipher(p7, cipher)) {
		PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
		goto err;
	}

	for (i = 0; i < sk_X509_num(certs); i++) {
		x509 = sk_X509_value(certs, i);
		if (!PKCS7_add_recipient(p7, x509)) {
			PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
			    PKCS7_R_ERROR_ADDING_RECIPIENT);
			goto err;
		}
	}

	if (flags & PKCS7_STREAM)
		return p7;








|






|






<
|







488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508

509
510
511
512
513
514
515
516
{
	PKCS7 *p7;
	BIO *p7bio = NULL;
	int i;
	X509 *x509;

	if (!(p7 = PKCS7_new())) {
		PKCS7error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
		goto err;
	if (!PKCS7_set_cipher(p7, cipher)) {
		PKCS7error(PKCS7_R_ERROR_SETTING_CIPHER);
		goto err;
	}

	for (i = 0; i < sk_X509_num(certs); i++) {
		x509 = sk_X509_value(certs, i);
		if (!PKCS7_add_recipient(p7, x509)) {

			PKCS7error(PKCS7_R_ERROR_ADDING_RECIPIENT);
			goto err;
		}
	}

	if (flags & PKCS7_STREAM)
		return p7;

536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
{
	BIO *tmpmem;
	int ret, i;
	char buf[4096];

	if (!p7) {
		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (!PKCS7_type_is_enveloped(p7)) {
		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
		return 0;
	}

	if (cert && !X509_check_private_key(cert, pkey)) {
		PKCS7err(PKCS7_F_PKCS7_DECRYPT,
		    PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		return 0;
	}

	if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
		return 0;
	}

	if (flags & PKCS7_TEXT) {
		BIO *tmpbuf;

		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
		if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
			BIO_free_all(tmpmem);
			return 0;
		}
		BIO_push(tmpbuf, tmpmem);
		ret = SMIME_text(tmpbuf, data);
		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
			if (!BIO_get_cipher_status(tmpmem))







|




|




<
|




|








|







527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543

544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
{
	BIO *tmpmem;
	int ret, i;
	char buf[4096];

	if (!p7) {
		PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
		return 0;
	}

	if (!PKCS7_type_is_enveloped(p7)) {
		PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
		return 0;
	}

	if (cert && !X509_check_private_key(cert, pkey)) {

		PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		return 0;
	}

	if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
		PKCS7error(PKCS7_R_DECRYPT_ERROR);
		return 0;
	}

	if (flags & PKCS7_TEXT) {
		BIO *tmpbuf;

		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
		if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
			PKCS7error(ERR_R_MALLOC_FAILURE);
			BIO_free_all(tmpmem);
			return 0;
		}
		BIO_push(tmpbuf, tmpmem);
		ret = SMIME_text(tmpbuf, data);
		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
			if (!BIO_get_cipher_status(tmpmem))
Changes to jni/libressl/crypto/pkcs7/pkcs7err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs7err.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs7err.c,v 1.11 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/poly1305/poly1305-donna.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/*
 * Public Domain poly1305 from Andrew Moon
 * Based on poly1305-donna.c, poly1305-donna-32.h and poly1305-donna.h from:
 *   https://github.com/floodyberry/poly1305-donna
 */

#include <stddef.h>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: poly1305-donna.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/*
 * Public Domain poly1305 from Andrew Moon
 * Based on poly1305-donna.c, poly1305-donna-32.h and poly1305-donna.h from:
 *   https://github.com/floodyberry/poly1305-donna
 */

#include <stddef.h>
Changes to jni/libressl/crypto/poly1305/poly1305.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: poly1305.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/rand/rand_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rand_err.c,v 1.13 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rand_err.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)

static ERR_STRING_DATA RAND_str_functs[] = {
	{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},
	{ERR_FUNC(RAND_F_RAND_INIT_FIPS),	"RAND_init_fips"},
	{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
	{0, NULL}
};

static ERR_STRING_DATA RAND_str_reasons[] = {
	{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"},
	{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
	{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},







<
|
<







68
69
70
71
72
73
74

75

76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)

static ERR_STRING_DATA RAND_str_functs[] = {

	{ERR_FUNC(0xfff), "CRYPTO_internal"},

	{0, NULL}
};

static ERR_STRING_DATA RAND_str_reasons[] = {
	{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"},
	{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
	{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
Changes to jni/libressl/crypto/rand/rand_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rand_lib.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */
/*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rand_lib.c,v 1.20 2014/10/22 13:02:04 jsing Exp $ */
/*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/crypto/rand/randfile.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: randfile.c,v 1.41 2015/07/18 22:46:42 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: randfile.c,v 1.42 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/rc2/rc2_cbc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc2_cbc.c,v 1.4 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2_cbc.c,v 1.5 2014/10/28 07:35:59 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/rc2/rc2_ecb.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc2_ecb.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2_ecb.c,v 1.6 2014/07/09 11:10:51 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/rc2/rc2_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2_locl.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/rc2/rc2_skey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2_skey.c,v 1.12 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/rc2/rc2cfb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc2cfb64.c,v 1.4 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2cfb64.c,v 1.5 2014/10/28 07:35:59 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/rc2/rc2ofb64.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc2ofb64.c,v 1.4 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2ofb64.c,v 1.5 2014/10/28 07:35:59 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Added jni/libressl/crypto/rc4/rc4-elf-x86_64.S.
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
#include "x86_arch.h"
.text	

.hidden	OPENSSL_ia32cap_P

.globl	RC4
.type	RC4,@function
.align	16
RC4:	orq	%rsi,%rsi
	jne	.Lentry
	.byte	0xf3,0xc3
.Lentry:
	pushq	%rbx
	pushq	%r12
	pushq	%r13
.Lprologue:
	movq	%rsi,%r11
	movq	%rdx,%r12
	movq	%rcx,%r13
	xorq	%r10,%r10
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%r10b
	movb	-4(%rdi),%cl
	cmpl	$-1,256(%rdi)
	je	.LRC4_CHAR
	movl	OPENSSL_ia32cap_P(%rip),%r8d
	xorq	%rbx,%rbx
	incb	%r10b
	subq	%r10,%rbx
	subq	%r12,%r13
	movl	(%rdi,%r10,4),%eax
	testq	$-16,%r11
	jz	.Lloop1
	btl	$IA32CAP_BIT0_INTEL,%r8d
	jc	.Lintel
	andq	$7,%rbx
	leaq	1(%r10),%rsi
	jz	.Loop8
	subq	%rbx,%r11
.Loop8_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	.Loop8_warmup

	leaq	1(%r10),%rsi
	jmp	.Loop8
.align	16
.Loop8:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	0(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,0(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,4(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	8(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,8(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	12(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,12(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	16(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,16(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	20(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,20(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	24(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,24(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%sil
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	-4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,28(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%r10b
	rorq	$8,%r8
	subq	$8,%r11

	xorq	(%r12),%r8
	movq	%r8,(%r13,%r12,1)
	leaq	8(%r12),%r12

	testq	$-8,%r11
	jnz	.Loop8
	cmpq	$0,%r11
	jne	.Lloop1
	jmp	.Lexit

.align	16
.Lintel:
	testq	$-32,%r11
	jz	.Lloop1
	andq	$15,%rbx
	jz	.Loop16_is_hot
	subq	%rbx,%r11
.Loop16_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	.Loop16_warmup

	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	movb	%bl,%cl

.Loop16_is_hot:
	leaq	(%rdi,%r10,4),%rsi
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	jmp	.Loop16_enter
.align	16
.Loop16:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm2
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	pxor	%xmm1,%xmm2
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12
.Loop16_enter:
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm1,%xmm1
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	8(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addb	%al,%cl
	pinsrw	$0,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	12(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	pinsrw	$1,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	16(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addb	%al,%cl
	pinsrw	$1,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	20(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	pinsrw	$2,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	24(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addb	%al,%cl
	pinsrw	$2,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	28(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	pinsrw	$3,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	32(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addb	%al,%cl
	pinsrw	$3,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	36(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	pinsrw	$4,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	40(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addb	%al,%cl
	pinsrw	$4,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	44(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	pinsrw	$5,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	48(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addb	%al,%cl
	pinsrw	$5,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	52(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	pinsrw	$6,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	56(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addb	%al,%cl
	pinsrw	$6,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	60(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	pinsrw	$7,(%rdi,%rax,4),%xmm0
	addb	$16,%r10b
	movdqu	(%r12),%xmm2
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	leaq	(%rdi,%r10,4),%rsi
	pinsrw	$7,(%rdi,%rbx,4),%xmm1
	movl	(%rsi),%eax
	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	subq	$16,%r11
	movb	%bl,%cl
	testq	$-16,%r11
	jnz	.Loop16

	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12

	cmpq	$0,%r11
	jne	.Lloop1
	jmp	.Lexit

.align	16
.Lloop1:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%r11
	jnz	.Lloop1
	jmp	.Lexit

.align	16
.LRC4_CHAR:
	addb	$1,%r10b
	movzbl	(%rdi,%r10,1),%eax
	testq	$-8,%r11
	jz	.Lcloop1
	jmp	.Lcloop8
.align	16
.Lcloop8:
	movl	(%r12),%r8d
	movl	4(%r12),%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov0			
	movq	%rax,%rbx
.Lcmov0:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov1			
	movq	%rbx,%rax
.Lcmov1:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov2			
	movq	%rax,%rbx
.Lcmov2:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov3			
	movq	%rbx,%rax
.Lcmov3:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov4			
	movq	%rax,%rbx
.Lcmov4:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov5			
	movq	%rbx,%rax
.Lcmov5:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov6			
	movq	%rax,%rbx
.Lcmov6:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov7			
	movq	%rbx,%rax
.Lcmov7:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	leaq	-8(%r11),%r11
	movl	%r8d,(%r13)
	leaq	8(%r12),%r12
	movl	%r9d,4(%r13)
	leaq	8(%r13),%r13

	testq	$-8,%r11
	jnz	.Lcloop8
	cmpq	$0,%r11
	jne	.Lcloop1
	jmp	.Lexit
.align	16
.Lcloop1:
	addb	%al,%cl
	movzbl	%cl,%ecx
	movzbl	(%rdi,%rcx,1),%edx
	movb	%al,(%rdi,%rcx,1)
	movb	%dl,(%rdi,%r10,1)
	addb	%al,%dl
	addb	$1,%r10b
	movzbl	%dl,%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%rdx,1),%edx
	movzbl	(%rdi,%r10,1),%eax
	xorb	(%r12),%dl
	leaq	1(%r12),%r12
	movb	%dl,(%r13)
	leaq	1(%r13),%r13
	subq	$1,%r11
	jnz	.Lcloop1
	jmp	.Lexit

.align	16
.Lexit:
	subb	$1,%r10b
	movl	%r10d,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	(%rsp),%r13
	movq	8(%rsp),%r12
	movq	16(%rsp),%rbx
	addq	$24,%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	RC4,.-RC4
.globl	RC4_set_key
.type	RC4_set_key,@function
.align	16
RC4_set_key:
	leaq	8(%rdi),%rdi
	leaq	(%rdx,%rsi,1),%rdx
	negq	%rsi
	movq	%rsi,%rcx
	xorl	%eax,%eax
	xorq	%r9,%r9
	xorq	%r10,%r10
	xorq	%r11,%r11

	movl	OPENSSL_ia32cap_P(%rip),%r8d
	btl	$IA32CAP_BIT0_INTELP4,%r8d
	jc	.Lc1stloop
	jmp	.Lw1stloop

.align	16
.Lw1stloop:
	movl	%eax,(%rdi,%rax,4)
	addb	$1,%al
	jnc	.Lw1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.align	16
.Lw2ndloop:
	movl	(%rdi,%r9,4),%r10d
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movl	(%rdi,%r8,4),%r11d
	cmovzq	%rcx,%rsi
	movl	%r10d,(%rdi,%r8,4)
	movl	%r11d,(%rdi,%r9,4)
	addb	$1,%r9b
	jnc	.Lw2ndloop
	jmp	.Lexit_key

.align	16
.Lc1stloop:
	movb	%al,(%rdi,%rax,1)
	addb	$1,%al
	jnc	.Lc1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.align	16
.Lc2ndloop:
	movb	(%rdi,%r9,1),%r10b
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movb	(%rdi,%r8,1),%r11b
	jnz	.Lcnowrap
	movq	%rcx,%rsi
.Lcnowrap:
	movb	%r10b,(%rdi,%r8,1)
	movb	%r11b,(%rdi,%r9,1)
	addb	$1,%r9b
	jnc	.Lc2ndloop
	movl	$-1,256(%rdi)

.align	16
.Lexit_key:
	xorl	%eax,%eax
	movl	%eax,-8(%rdi)
	movl	%eax,-4(%rdi)
	.byte	0xf3,0xc3
.size	RC4_set_key,.-RC4_set_key

.globl	RC4_options
.type	RC4_options,@function
.align	16
RC4_options:
	leaq	.Lopts(%rip),%rax
	movl	OPENSSL_ia32cap_P(%rip),%edx
	btl	$IA32CAP_BIT0_INTELP4,%edx
	jc	.L8xchar
	btl	$IA32CAP_BIT0_INTEL,%edx
	jnc	.Ldone
	addq	$25,%rax
	.byte	0xf3,0xc3
.L8xchar:
	addq	$12,%rax
.Ldone:
	.byte	0xf3,0xc3
.align	64
.Lopts:
.byte	114,99,52,40,56,120,44,105,110,116,41,0
.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
.size	RC4_options,.-RC4_options
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/rc4/rc4-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
.text	


.globl	RC4
.type	RC4,@function
.align	16
RC4:	orq	%rsi,%rsi
	jne	.Lentry
	.byte	0xf3,0xc3
.Lentry:
	pushq	%rbx
	pushq	%r12
	pushq	%r13
.Lprologue:
	movq	%rsi,%r11
	movq	%rdx,%r12
	movq	%rcx,%r13
	xorq	%r10,%r10
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%r10b
	movb	-4(%rdi),%cl
	cmpl	$-1,256(%rdi)
	je	.LRC4_CHAR
	movl	OPENSSL_ia32cap_P(%rip),%r8d
	xorq	%rbx,%rbx
	incb	%r10b
	subq	%r10,%rbx
	subq	%r12,%r13
	movl	(%rdi,%r10,4),%eax
	testq	$-16,%r11
	jz	.Lloop1
	btl	$30,%r8d
	jc	.Lintel
	andq	$7,%rbx
	leaq	1(%r10),%rsi
	jz	.Loop8
	subq	%rbx,%r11
.Loop8_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	.Loop8_warmup

	leaq	1(%r10),%rsi
	jmp	.Loop8
.align	16
.Loop8:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	0(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,0(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,4(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	8(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,8(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	12(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,12(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	16(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,16(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	20(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,20(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	24(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,24(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%sil
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	-4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,28(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%r10b
	rorq	$8,%r8
	subq	$8,%r11

	xorq	(%r12),%r8
	movq	%r8,(%r13,%r12,1)
	leaq	8(%r12),%r12

	testq	$-8,%r11
	jnz	.Loop8
	cmpq	$0,%r11
	jne	.Lloop1
	jmp	.Lexit

.align	16
.Lintel:
	testq	$-32,%r11
	jz	.Lloop1
	andq	$15,%rbx
	jz	.Loop16_is_hot
	subq	%rbx,%r11
.Loop16_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	.Loop16_warmup

	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	movb	%bl,%cl

.Loop16_is_hot:
	leaq	(%rdi,%r10,4),%rsi
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	jmp	.Loop16_enter
.align	16
.Loop16:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm2
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	pxor	%xmm1,%xmm2
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12
.Loop16_enter:
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm1,%xmm1
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	8(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addb	%al,%cl
	pinsrw	$0,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	12(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	pinsrw	$1,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	16(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addb	%al,%cl
	pinsrw	$1,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	20(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	pinsrw	$2,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	24(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addb	%al,%cl
	pinsrw	$2,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	28(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	pinsrw	$3,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	32(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addb	%al,%cl
	pinsrw	$3,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	36(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	pinsrw	$4,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	40(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addb	%al,%cl
	pinsrw	$4,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	44(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	pinsrw	$5,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	48(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addb	%al,%cl
	pinsrw	$5,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	52(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	pinsrw	$6,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	56(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addb	%al,%cl
	pinsrw	$6,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	60(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	pinsrw	$7,(%rdi,%rax,4),%xmm0
	addb	$16,%r10b
	movdqu	(%r12),%xmm2
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	leaq	(%rdi,%r10,4),%rsi
	pinsrw	$7,(%rdi,%rbx,4),%xmm1
	movl	(%rsi),%eax
	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	subq	$16,%r11
	movb	%bl,%cl
	testq	$-16,%r11
	jnz	.Loop16

	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12

	cmpq	$0,%r11
	jne	.Lloop1
	jmp	.Lexit

.align	16
.Lloop1:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%r11
	jnz	.Lloop1
	jmp	.Lexit

.align	16
.LRC4_CHAR:
	addb	$1,%r10b
	movzbl	(%rdi,%r10,1),%eax
	testq	$-8,%r11
	jz	.Lcloop1
	jmp	.Lcloop8
.align	16
.Lcloop8:
	movl	(%r12),%r8d
	movl	4(%r12),%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov0			
	movq	%rax,%rbx
.Lcmov0:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov1			
	movq	%rbx,%rax
.Lcmov1:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov2			
	movq	%rax,%rbx
.Lcmov2:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov3			
	movq	%rbx,%rax
.Lcmov3:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov4			
	movq	%rax,%rbx
.Lcmov4:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov5			
	movq	%rbx,%rax
.Lcmov5:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	.Lcmov6			
	movq	%rax,%rbx
.Lcmov6:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	.Lcmov7			
	movq	%rbx,%rax
.Lcmov7:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	leaq	-8(%r11),%r11
	movl	%r8d,(%r13)
	leaq	8(%r12),%r12
	movl	%r9d,4(%r13)
	leaq	8(%r13),%r13

	testq	$-8,%r11
	jnz	.Lcloop8
	cmpq	$0,%r11
	jne	.Lcloop1
	jmp	.Lexit
.align	16
.Lcloop1:
	addb	%al,%cl
	movzbl	%cl,%ecx
	movzbl	(%rdi,%rcx,1),%edx
	movb	%al,(%rdi,%rcx,1)
	movb	%dl,(%rdi,%r10,1)
	addb	%al,%dl
	addb	$1,%r10b
	movzbl	%dl,%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%rdx,1),%edx
	movzbl	(%rdi,%r10,1),%eax
	xorb	(%r12),%dl
	leaq	1(%r12),%r12
	movb	%dl,(%r13)
	leaq	1(%r13),%r13
	subq	$1,%r11
	jnz	.Lcloop1
	jmp	.Lexit

.align	16
.Lexit:
	subb	$1,%r10b
	movl	%r10d,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	(%rsp),%r13
	movq	8(%rsp),%r12
	movq	16(%rsp),%rbx
	addq	$24,%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	RC4,.-RC4
.globl	RC4_set_key
.type	RC4_set_key,@function
.align	16
RC4_set_key:
	leaq	8(%rdi),%rdi
	leaq	(%rdx,%rsi,1),%rdx
	negq	%rsi
	movq	%rsi,%rcx
	xorl	%eax,%eax
	xorq	%r9,%r9
	xorq	%r10,%r10
	xorq	%r11,%r11

	movl	OPENSSL_ia32cap_P(%rip),%r8d
	btl	$20,%r8d
	jc	.Lc1stloop
	jmp	.Lw1stloop

.align	16
.Lw1stloop:
	movl	%eax,(%rdi,%rax,4)
	addb	$1,%al
	jnc	.Lw1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.align	16
.Lw2ndloop:
	movl	(%rdi,%r9,4),%r10d
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movl	(%rdi,%r8,4),%r11d
	cmovzq	%rcx,%rsi
	movl	%r10d,(%rdi,%r8,4)
	movl	%r11d,(%rdi,%r9,4)
	addb	$1,%r9b
	jnc	.Lw2ndloop
	jmp	.Lexit_key

.align	16
.Lc1stloop:
	movb	%al,(%rdi,%rax,1)
	addb	$1,%al
	jnc	.Lc1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.align	16
.Lc2ndloop:
	movb	(%rdi,%r9,1),%r10b
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movb	(%rdi,%r8,1),%r11b
	jnz	.Lcnowrap
	movq	%rcx,%rsi
.Lcnowrap:
	movb	%r10b,(%rdi,%r8,1)
	movb	%r11b,(%rdi,%r9,1)
	addb	$1,%r9b
	jnc	.Lc2ndloop
	movl	$-1,256(%rdi)

.align	16
.Lexit_key:
	xorl	%eax,%eax
	movl	%eax,-8(%rdi)
	movl	%eax,-4(%rdi)
	.byte	0xf3,0xc3
.size	RC4_set_key,.-RC4_set_key

.globl	RC4_options
.type	RC4_options,@function
.align	16
RC4_options:
	leaq	.Lopts(%rip),%rax
	movl	OPENSSL_ia32cap_P(%rip),%edx
	btl	$20,%edx
	jc	.L8xchar
	btl	$30,%edx
	jnc	.Ldone
	addq	$25,%rax
	.byte	0xf3,0xc3
.L8xchar:
	addq	$12,%rax
.Ldone:
	.byte	0xf3,0xc3
.align	64
.Lopts:
.byte	114,99,52,40,56,120,44,105,110,116,41,0
.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
.size	RC4_options,.-RC4_options
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/rc4/rc4-macosx-x86_64.S.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
#include "x86_arch.h"
.text	

.private_extern	_OPENSSL_ia32cap_P

.globl	_RC4

.p2align	4
_RC4:	orq	%rsi,%rsi
	jne	L$entry
	.byte	0xf3,0xc3
L$entry:
	pushq	%rbx
	pushq	%r12
	pushq	%r13
L$prologue:
	movq	%rsi,%r11
	movq	%rdx,%r12
	movq	%rcx,%r13
	xorq	%r10,%r10
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%r10b
	movb	-4(%rdi),%cl
	cmpl	$-1,256(%rdi)
	je	L$RC4_CHAR
	movl	_OPENSSL_ia32cap_P(%rip),%r8d
	xorq	%rbx,%rbx
	incb	%r10b
	subq	%r10,%rbx
	subq	%r12,%r13
	movl	(%rdi,%r10,4),%eax
	testq	$-16,%r11
	jz	L$loop1
	btl	$IA32CAP_BIT0_INTEL,%r8d
	jc	L$intel
	andq	$7,%rbx
	leaq	1(%r10),%rsi
	jz	L$oop8
	subq	%rbx,%r11
L$oop8_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	L$oop8_warmup

	leaq	1(%r10),%rsi
	jmp	L$oop8
.p2align	4
L$oop8:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	0(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,0(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,4(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	8(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,8(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	12(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,12(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	16(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,16(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	20(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,20(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	24(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,24(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%sil
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	-4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,28(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%r10b
	rorq	$8,%r8
	subq	$8,%r11

	xorq	(%r12),%r8
	movq	%r8,(%r13,%r12,1)
	leaq	8(%r12),%r12

	testq	$-8,%r11
	jnz	L$oop8
	cmpq	$0,%r11
	jne	L$loop1
	jmp	L$exit

.p2align	4
L$intel:
	testq	$-32,%r11
	jz	L$loop1
	andq	$15,%rbx
	jz	L$oop16_is_hot
	subq	%rbx,%r11
L$oop16_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	L$oop16_warmup

	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	movb	%bl,%cl

L$oop16_is_hot:
	leaq	(%rdi,%r10,4),%rsi
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	jmp	L$oop16_enter
.p2align	4
L$oop16:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm2
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	pxor	%xmm1,%xmm2
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12
L$oop16_enter:
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm1,%xmm1
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	8(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addb	%al,%cl
	pinsrw	$0,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	12(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	pinsrw	$1,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	16(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addb	%al,%cl
	pinsrw	$1,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	20(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	pinsrw	$2,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	24(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addb	%al,%cl
	pinsrw	$2,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	28(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	pinsrw	$3,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	32(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addb	%al,%cl
	pinsrw	$3,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	36(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	pinsrw	$4,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	40(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addb	%al,%cl
	pinsrw	$4,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	44(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	pinsrw	$5,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	48(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addb	%al,%cl
	pinsrw	$5,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	52(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	pinsrw	$6,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	56(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addb	%al,%cl
	pinsrw	$6,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	60(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	pinsrw	$7,(%rdi,%rax,4),%xmm0
	addb	$16,%r10b
	movdqu	(%r12),%xmm2
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	leaq	(%rdi,%r10,4),%rsi
	pinsrw	$7,(%rdi,%rbx,4),%xmm1
	movl	(%rsi),%eax
	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	subq	$16,%r11
	movb	%bl,%cl
	testq	$-16,%r11
	jnz	L$oop16

	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12

	cmpq	$0,%r11
	jne	L$loop1
	jmp	L$exit

.p2align	4
L$loop1:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%r11
	jnz	L$loop1
	jmp	L$exit

.p2align	4
L$RC4_CHAR:
	addb	$1,%r10b
	movzbl	(%rdi,%r10,1),%eax
	testq	$-8,%r11
	jz	L$cloop1
	jmp	L$cloop8
.p2align	4
L$cloop8:
	movl	(%r12),%r8d
	movl	4(%r12),%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov0			
	movq	%rax,%rbx
L$cmov0:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov1			
	movq	%rbx,%rax
L$cmov1:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov2			
	movq	%rax,%rbx
L$cmov2:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov3			
	movq	%rbx,%rax
L$cmov3:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov4			
	movq	%rax,%rbx
L$cmov4:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov5			
	movq	%rbx,%rax
L$cmov5:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov6			
	movq	%rax,%rbx
L$cmov6:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov7			
	movq	%rbx,%rax
L$cmov7:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	leaq	-8(%r11),%r11
	movl	%r8d,(%r13)
	leaq	8(%r12),%r12
	movl	%r9d,4(%r13)
	leaq	8(%r13),%r13

	testq	$-8,%r11
	jnz	L$cloop8
	cmpq	$0,%r11
	jne	L$cloop1
	jmp	L$exit
.p2align	4
L$cloop1:
	addb	%al,%cl
	movzbl	%cl,%ecx
	movzbl	(%rdi,%rcx,1),%edx
	movb	%al,(%rdi,%rcx,1)
	movb	%dl,(%rdi,%r10,1)
	addb	%al,%dl
	addb	$1,%r10b
	movzbl	%dl,%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%rdx,1),%edx
	movzbl	(%rdi,%r10,1),%eax
	xorb	(%r12),%dl
	leaq	1(%r12),%r12
	movb	%dl,(%r13)
	leaq	1(%r13),%r13
	subq	$1,%r11
	jnz	L$cloop1
	jmp	L$exit

.p2align	4
L$exit:
	subb	$1,%r10b
	movl	%r10d,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	(%rsp),%r13
	movq	8(%rsp),%r12
	movq	16(%rsp),%rbx
	addq	$24,%rsp
L$epilogue:
	.byte	0xf3,0xc3

.globl	_RC4_set_key

.p2align	4
_RC4_set_key:
	leaq	8(%rdi),%rdi
	leaq	(%rdx,%rsi,1),%rdx
	negq	%rsi
	movq	%rsi,%rcx
	xorl	%eax,%eax
	xorq	%r9,%r9
	xorq	%r10,%r10
	xorq	%r11,%r11

	movl	_OPENSSL_ia32cap_P(%rip),%r8d
	btl	$IA32CAP_BIT0_INTELP4,%r8d
	jc	L$c1stloop
	jmp	L$w1stloop

.p2align	4
L$w1stloop:
	movl	%eax,(%rdi,%rax,4)
	addb	$1,%al
	jnc	L$w1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.p2align	4
L$w2ndloop:
	movl	(%rdi,%r9,4),%r10d
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movl	(%rdi,%r8,4),%r11d
	cmovzq	%rcx,%rsi
	movl	%r10d,(%rdi,%r8,4)
	movl	%r11d,(%rdi,%r9,4)
	addb	$1,%r9b
	jnc	L$w2ndloop
	jmp	L$exit_key

.p2align	4
L$c1stloop:
	movb	%al,(%rdi,%rax,1)
	addb	$1,%al
	jnc	L$c1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.p2align	4
L$c2ndloop:
	movb	(%rdi,%r9,1),%r10b
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movb	(%rdi,%r8,1),%r11b
	jnz	L$cnowrap
	movq	%rcx,%rsi
L$cnowrap:
	movb	%r10b,(%rdi,%r8,1)
	movb	%r11b,(%rdi,%r9,1)
	addb	$1,%r9b
	jnc	L$c2ndloop
	movl	$-1,256(%rdi)

.p2align	4
L$exit_key:
	xorl	%eax,%eax
	movl	%eax,-8(%rdi)
	movl	%eax,-4(%rdi)
	.byte	0xf3,0xc3


.globl	_RC4_options

.p2align	4
_RC4_options:
	leaq	L$opts(%rip),%rax
	movl	_OPENSSL_ia32cap_P(%rip),%edx
	btl	$IA32CAP_BIT0_INTELP4,%edx
	jc	L$8xchar
	btl	$IA32CAP_BIT0_INTEL,%edx
	jnc	L$done
	addq	$25,%rax
	.byte	0xf3,0xc3
L$8xchar:
	addq	$12,%rax
L$done:
	.byte	0xf3,0xc3
.p2align	6
L$opts:
.byte	114,99,52,40,56,120,44,105,110,116,41,0
.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6

Deleted jni/libressl/crypto/rc4/rc4-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
.text	


.globl	_RC4

.p2align	4
_RC4:	orq	%rsi,%rsi
	jne	L$entry
	.byte	0xf3,0xc3
L$entry:
	pushq	%rbx
	pushq	%r12
	pushq	%r13
L$prologue:
	movq	%rsi,%r11
	movq	%rdx,%r12
	movq	%rcx,%r13
	xorq	%r10,%r10
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%r10b
	movb	-4(%rdi),%cl
	cmpl	$-1,256(%rdi)
	je	L$RC4_CHAR
	movl	_OPENSSL_ia32cap_P(%rip),%r8d
	xorq	%rbx,%rbx
	incb	%r10b
	subq	%r10,%rbx
	subq	%r12,%r13
	movl	(%rdi,%r10,4),%eax
	testq	$-16,%r11
	jz	L$loop1
	btl	$30,%r8d
	jc	L$intel
	andq	$7,%rbx
	leaq	1(%r10),%rsi
	jz	L$oop8
	subq	%rbx,%r11
L$oop8_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	L$oop8_warmup

	leaq	1(%r10),%rsi
	jmp	L$oop8
.p2align	4
L$oop8:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	0(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,0(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,4(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	8(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,8(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	12(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,12(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	16(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,16(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	20(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,20(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	24(%rdi,%rsi,4),%ebx
	rorq	$8,%r8
	movl	%edx,24(%rdi,%r10,4)
	addb	%al,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%sil
	addb	%bl,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	movl	-4(%rdi,%rsi,4),%eax
	rorq	$8,%r8
	movl	%edx,28(%rdi,%r10,4)
	addb	%bl,%dl
	movb	(%rdi,%rdx,4),%r8b
	addb	$8,%r10b
	rorq	$8,%r8
	subq	$8,%r11

	xorq	(%r12),%r8
	movq	%r8,(%r13,%r12,1)
	leaq	8(%r12),%r12

	testq	$-8,%r11
	jnz	L$oop8
	cmpq	$0,%r11
	jne	L$loop1
	jmp	L$exit

.p2align	4
L$intel:
	testq	$-32,%r11
	jz	L$loop1
	andq	$15,%rbx
	jz	L$oop16_is_hot
	subq	%rbx,%r11
L$oop16_warmup:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%rbx
	jnz	L$oop16_warmup

	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	movb	%bl,%cl

L$oop16_is_hot:
	leaq	(%rdi,%r10,4),%rsi
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	jmp	L$oop16_enter
.p2align	4
L$oop16:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm0,%xmm2
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm0
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	4(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	pxor	%xmm1,%xmm2
	addb	%bl,%cl
	pinsrw	$0,(%rdi,%rax,4),%xmm0
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12
L$oop16_enter:
	movl	(%rdi,%rcx,4),%edx
	pxor	%xmm1,%xmm1
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	8(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addb	%al,%cl
	pinsrw	$0,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	12(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	pinsrw	$1,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	16(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addb	%al,%cl
	pinsrw	$1,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	20(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	pinsrw	$2,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	24(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addb	%al,%cl
	pinsrw	$2,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	28(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	pinsrw	$3,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	32(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addb	%al,%cl
	pinsrw	$3,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	36(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	pinsrw	$4,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	40(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addb	%al,%cl
	pinsrw	$4,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	44(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	pinsrw	$5,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	48(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addb	%al,%cl
	pinsrw	$5,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	52(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	pinsrw	$6,(%rdi,%rax,4),%xmm0
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movl	56(%rsi),%eax
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addb	%al,%cl
	pinsrw	$6,(%rdi,%rbx,4),%xmm1
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	addb	%dl,%al
	movl	60(%rsi),%ebx
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	pinsrw	$7,(%rdi,%rax,4),%xmm0
	addb	$16,%r10b
	movdqu	(%r12),%xmm2
	movl	(%rdi,%rcx,4),%edx
	movl	%ebx,(%rdi,%rcx,4)
	addb	%dl,%bl
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	leaq	(%rdi,%r10,4),%rsi
	pinsrw	$7,(%rdi,%rbx,4),%xmm1
	movl	(%rsi),%eax
	movq	%rcx,%rbx
	xorq	%rcx,%rcx
	subq	$16,%r11
	movb	%bl,%cl
	testq	$-16,%r11
	jnz	L$oop16

	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	movdqu	%xmm2,(%r13,%r12,1)
	leaq	16(%r12),%r12

	cmpq	$0,%r11
	jne	L$loop1
	jmp	L$exit

.p2align	4
L$loop1:
	addb	%al,%cl
	movl	(%rdi,%rcx,4),%edx
	movl	%eax,(%rdi,%rcx,4)
	movl	%edx,(%rdi,%r10,4)
	addb	%dl,%al
	incb	%r10b
	movl	(%rdi,%rax,4),%edx
	movl	(%rdi,%r10,4),%eax
	xorb	(%r12),%dl
	movb	%dl,(%r13,%r12,1)
	leaq	1(%r12),%r12
	decq	%r11
	jnz	L$loop1
	jmp	L$exit

.p2align	4
L$RC4_CHAR:
	addb	$1,%r10b
	movzbl	(%rdi,%r10,1),%eax
	testq	$-8,%r11
	jz	L$cloop1
	jmp	L$cloop8
.p2align	4
L$cloop8:
	movl	(%r12),%r8d
	movl	4(%r12),%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov0			
	movq	%rax,%rbx
L$cmov0:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov1			
	movq	%rbx,%rax
L$cmov1:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov2			
	movq	%rax,%rbx
L$cmov2:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov3			
	movq	%rbx,%rax
L$cmov3:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r8b
	rorl	$8,%r8d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov4			
	movq	%rax,%rbx
L$cmov4:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov5			
	movq	%rbx,%rax
L$cmov5:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%al,%cl
	leaq	1(%r10),%rsi
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%sil,%esi
	movzbl	(%rdi,%rsi,1),%ebx
	movb	%al,(%rdi,%rcx,1)
	cmpq	%rsi,%rcx
	movb	%dl,(%rdi,%r10,1)
	jne	L$cmov6			
	movq	%rax,%rbx
L$cmov6:
	addb	%al,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	addb	%bl,%cl
	leaq	1(%rsi),%r10
	movzbl	(%rdi,%rcx,1),%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%r10,1),%eax
	movb	%bl,(%rdi,%rcx,1)
	cmpq	%r10,%rcx
	movb	%dl,(%rdi,%rsi,1)
	jne	L$cmov7			
	movq	%rbx,%rax
L$cmov7:
	addb	%bl,%dl
	xorb	(%rdi,%rdx,1),%r9b
	rorl	$8,%r9d
	leaq	-8(%r11),%r11
	movl	%r8d,(%r13)
	leaq	8(%r12),%r12
	movl	%r9d,4(%r13)
	leaq	8(%r13),%r13

	testq	$-8,%r11
	jnz	L$cloop8
	cmpq	$0,%r11
	jne	L$cloop1
	jmp	L$exit
.p2align	4
L$cloop1:
	addb	%al,%cl
	movzbl	%cl,%ecx
	movzbl	(%rdi,%rcx,1),%edx
	movb	%al,(%rdi,%rcx,1)
	movb	%dl,(%rdi,%r10,1)
	addb	%al,%dl
	addb	$1,%r10b
	movzbl	%dl,%edx
	movzbl	%r10b,%r10d
	movzbl	(%rdi,%rdx,1),%edx
	movzbl	(%rdi,%r10,1),%eax
	xorb	(%r12),%dl
	leaq	1(%r12),%r12
	movb	%dl,(%r13)
	leaq	1(%r13),%r13
	subq	$1,%r11
	jnz	L$cloop1
	jmp	L$exit

.p2align	4
L$exit:
	subb	$1,%r10b
	movl	%r10d,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	(%rsp),%r13
	movq	8(%rsp),%r12
	movq	16(%rsp),%rbx
	addq	$24,%rsp
L$epilogue:
	.byte	0xf3,0xc3

.globl	_RC4_set_key

.p2align	4
_RC4_set_key:
	leaq	8(%rdi),%rdi
	leaq	(%rdx,%rsi,1),%rdx
	negq	%rsi
	movq	%rsi,%rcx
	xorl	%eax,%eax
	xorq	%r9,%r9
	xorq	%r10,%r10
	xorq	%r11,%r11

	movl	_OPENSSL_ia32cap_P(%rip),%r8d
	btl	$20,%r8d
	jc	L$c1stloop
	jmp	L$w1stloop

.p2align	4
L$w1stloop:
	movl	%eax,(%rdi,%rax,4)
	addb	$1,%al
	jnc	L$w1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.p2align	4
L$w2ndloop:
	movl	(%rdi,%r9,4),%r10d
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movl	(%rdi,%r8,4),%r11d
	cmovzq	%rcx,%rsi
	movl	%r10d,(%rdi,%r8,4)
	movl	%r11d,(%rdi,%r9,4)
	addb	$1,%r9b
	jnc	L$w2ndloop
	jmp	L$exit_key

.p2align	4
L$c1stloop:
	movb	%al,(%rdi,%rax,1)
	addb	$1,%al
	jnc	L$c1stloop

	xorq	%r9,%r9
	xorq	%r8,%r8
.p2align	4
L$c2ndloop:
	movb	(%rdi,%r9,1),%r10b
	addb	(%rdx,%rsi,1),%r8b
	addb	%r10b,%r8b
	addq	$1,%rsi
	movb	(%rdi,%r8,1),%r11b
	jnz	L$cnowrap
	movq	%rcx,%rsi
L$cnowrap:
	movb	%r10b,(%rdi,%r8,1)
	movb	%r11b,(%rdi,%r9,1)
	addb	$1,%r9b
	jnc	L$c2ndloop
	movl	$-1,256(%rdi)

.p2align	4
L$exit_key:
	xorl	%eax,%eax
	movl	%eax,-8(%rdi)
	movl	%eax,-4(%rdi)
	.byte	0xf3,0xc3


.globl	_RC4_options

.p2align	4
_RC4_options:
	leaq	L$opts(%rip),%rax
	movl	_OPENSSL_ia32cap_P(%rip),%edx
	btl	$20,%edx
	jc	L$8xchar
	btl	$30,%edx
	jnc	L$done
	addq	$25,%rax
	.byte	0xf3,0xc3
L$8xchar:
	addq	$12,%rax
L$done:
	.byte	0xf3,0xc3
.p2align	6
L$opts:
.byte	114,99,52,40,56,120,44,105,110,116,41,0
.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/rc4/rc4-md5-elf-x86_64.S.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
#include "x86_arch.h"
.text	
.align	16

.globl	rc4_md5_enc
.type	rc4_md5_enc,@function
rc4_md5_enc:
	cmpq	$0,%r9
	je	.Labort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$40,%rsp
.Lbody:
	movq	%rcx,%r11
	movq	%r9,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%r8,%r15
	xorq	%rbp,%rbp
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%bpl
	movb	-4(%rdi),%cl

	incb	%bpl
	subq	%r13,%r14
	movl	(%rdi,%rbp,4),%eax
	addb	%al,%cl
	leaq	(%rdi,%rbp,4),%rsi
	shlq	$6,%r12
	addq	%r15,%r12
	movq	%r12,16(%rsp)

	movq	%r11,24(%rsp)
	movl	0(%r11),%r8d
	movl	4(%r11),%r9d
	movl	8(%r11),%r10d
	movl	12(%r11),%r11d
	jmp	.Loop

.align	16
.Loop:
	movl	%r8d,0(%rsp)
	movl	%r9d,4(%rsp)
	movl	%r10d,8(%rsp)
	movl	%r11d,%r12d
	movl	%r11d,12(%rsp)
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$3614090360,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	4(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$3905402710,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$606105819,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	12(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$3250441966,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$4118548399,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	20(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1200080426,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$2821735955,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	28(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$4249261313,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$1770035416,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	36(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$2336552879,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$4294925233,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	44(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$2304563134,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$1804603682,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	52(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$4254626195,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$2792965006,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	(%r13),%xmm2
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	60(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$1236535329,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r10d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4129170786,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	24(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$3225465664,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$643717713,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	0(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$3921069994,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$3593408605,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	40(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$38016083,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$3634488961,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	16(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$3889429448,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$568446438,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	56(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$3275163606,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$4107603335,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	32(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1163531501,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$2850285829,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	8(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$4243563512,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$1735328473,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	16(%r13),%xmm3
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	48(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$2368359562,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$4294588738,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	32(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$2272392833,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,4(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$1839030562,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	56(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$4259657740,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,12(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$2763975236,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	16(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1272893353,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,20(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$4139469664,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	40(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$3200236656,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,28(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$681279174,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	0(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$3936430074,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,36(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$3572445317,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	24(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$76029189,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,44(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$3654602809,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	48(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$3873151461,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,52(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$530742520,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	32(%r13),%xmm4
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	8(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$3299628645,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,60(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm4
	pxor	%xmm1,%xmm4
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4096336452,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	28(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$1126891415,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$2878612391,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	20(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$4237533241,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$1700485571,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	12(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$2399980690,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$4293915773,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	4(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$2240044497,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$1873313359,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	60(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$4264355552,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$2734768916,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	52(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1309151649,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$4149444226,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	44(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$3174756917,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$718787259,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	48(%r13),%xmm5
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	36(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$3951481745,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rbp,%rsi
	xorq	%rbp,%rbp
	movb	%sil,%bpl
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm5
	pxor	%xmm1,%xmm5
	addl	0(%rsp),%r8d
	addl	4(%rsp),%r9d
	addl	8(%rsp),%r10d
	addl	12(%rsp),%r11d

	movdqu	%xmm2,(%r14,%r13,1)
	movdqu	%xmm3,16(%r14,%r13,1)
	movdqu	%xmm4,32(%r14,%r13,1)
	movdqu	%xmm5,48(%r14,%r13,1)
	leaq	64(%r15),%r15
	leaq	64(%r13),%r13
	cmpq	16(%rsp),%r15
	jb	.Loop

	movq	24(%rsp),%r12
	subb	%al,%cl
	movl	%r8d,0(%r12)
	movl	%r9d,4(%r12)
	movl	%r10d,8(%r12)
	movl	%r11d,12(%r12)
	subb	$1,%bpl
	movl	%ebp,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	40(%rsp),%r15
	movq	48(%rsp),%r14
	movq	56(%rsp),%r13
	movq	64(%rsp),%r12
	movq	72(%rsp),%rbp
	movq	80(%rsp),%rbx
	leaq	88(%rsp),%rsp
.Lepilogue:
.Labort:
	.byte	0xf3,0xc3
.size	rc4_md5_enc,.-rc4_md5_enc
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/rc4/rc4-md5-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
.text	
.align	16

.globl	rc4_md5_enc
.type	rc4_md5_enc,@function
rc4_md5_enc:
	cmpq	$0,%r9
	je	.Labort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$40,%rsp
.Lbody:
	movq	%rcx,%r11
	movq	%r9,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%r8,%r15
	xorq	%rbp,%rbp
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%bpl
	movb	-4(%rdi),%cl

	incb	%bpl
	subq	%r13,%r14
	movl	(%rdi,%rbp,4),%eax
	addb	%al,%cl
	leaq	(%rdi,%rbp,4),%rsi
	shlq	$6,%r12
	addq	%r15,%r12
	movq	%r12,16(%rsp)

	movq	%r11,24(%rsp)
	movl	0(%r11),%r8d
	movl	4(%r11),%r9d
	movl	8(%r11),%r10d
	movl	12(%r11),%r11d
	jmp	.Loop

.align	16
.Loop:
	movl	%r8d,0(%rsp)
	movl	%r9d,4(%rsp)
	movl	%r10d,8(%rsp)
	movl	%r11d,%r12d
	movl	%r11d,12(%rsp)
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$3614090360,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	4(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$3905402710,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$606105819,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	12(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$3250441966,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$4118548399,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	20(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1200080426,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$2821735955,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	28(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$4249261313,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$1770035416,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	36(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$2336552879,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$4294925233,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	44(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$2304563134,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$1804603682,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	52(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$4254626195,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$2792965006,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	(%r13),%xmm2
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	60(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$1236535329,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r10d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4129170786,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	24(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$3225465664,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$643717713,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	0(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$3921069994,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$3593408605,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	40(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$38016083,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$3634488961,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	16(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$3889429448,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$568446438,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	56(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$3275163606,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$4107603335,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	32(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1163531501,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$2850285829,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	8(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$4243563512,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$1735328473,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	16(%r13),%xmm3
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	48(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$2368359562,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$4294588738,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	32(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$2272392833,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,4(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$1839030562,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	56(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$4259657740,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,12(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$2763975236,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	16(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1272893353,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,20(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$4139469664,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	40(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$3200236656,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,28(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$681279174,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	0(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$3936430074,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,36(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$3572445317,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	24(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$76029189,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,44(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$3654602809,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	48(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$3873151461,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,52(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$530742520,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	32(%r13),%xmm4
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	8(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$3299628645,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,60(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm4
	pxor	%xmm1,%xmm4
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4096336452,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	28(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$1126891415,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$2878612391,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	20(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$4237533241,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$1700485571,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	12(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$2399980690,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$4293915773,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	4(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$2240044497,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$1873313359,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	60(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$4264355552,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$2734768916,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	52(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1309151649,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$4149444226,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	44(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$3174756917,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$718787259,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	48(%r13),%xmm5
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	36(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$3951481745,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rbp,%rsi
	xorq	%rbp,%rbp
	movb	%sil,%bpl
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm5
	pxor	%xmm1,%xmm5
	addl	0(%rsp),%r8d
	addl	4(%rsp),%r9d
	addl	8(%rsp),%r10d
	addl	12(%rsp),%r11d

	movdqu	%xmm2,(%r14,%r13,1)
	movdqu	%xmm3,16(%r14,%r13,1)
	movdqu	%xmm4,32(%r14,%r13,1)
	movdqu	%xmm5,48(%r14,%r13,1)
	leaq	64(%r15),%r15
	leaq	64(%r13),%r13
	cmpq	16(%rsp),%r15
	jb	.Loop

	movq	24(%rsp),%r12
	subb	%al,%cl
	movl	%r8d,0(%r12)
	movl	%r9d,4(%r12)
	movl	%r10d,8(%r12)
	movl	%r11d,12(%r12)
	subb	$1,%bpl
	movl	%ebp,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	40(%rsp),%r15
	movq	48(%rsp),%r14
	movq	56(%rsp),%r13
	movq	64(%rsp),%r12
	movq	72(%rsp),%rbp
	movq	80(%rsp),%rbx
	leaq	88(%rsp),%rsp
.Lepilogue:
.Labort:
	.byte	0xf3,0xc3
.size	rc4_md5_enc,.-rc4_md5_enc
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/rc4/rc4-md5-macosx-x86_64.S.
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
#include "x86_arch.h"
.text	
.p2align	4

.globl	_rc4_md5_enc

_rc4_md5_enc:
	cmpq	$0,%r9
	je	L$abort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$40,%rsp
L$body:
	movq	%rcx,%r11
	movq	%r9,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%r8,%r15
	xorq	%rbp,%rbp
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%bpl
	movb	-4(%rdi),%cl

	incb	%bpl
	subq	%r13,%r14
	movl	(%rdi,%rbp,4),%eax
	addb	%al,%cl
	leaq	(%rdi,%rbp,4),%rsi
	shlq	$6,%r12
	addq	%r15,%r12
	movq	%r12,16(%rsp)

	movq	%r11,24(%rsp)
	movl	0(%r11),%r8d
	movl	4(%r11),%r9d
	movl	8(%r11),%r10d
	movl	12(%r11),%r11d
	jmp	L$oop

.p2align	4
L$oop:
	movl	%r8d,0(%rsp)
	movl	%r9d,4(%rsp)
	movl	%r10d,8(%rsp)
	movl	%r11d,%r12d
	movl	%r11d,12(%rsp)
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$3614090360,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	4(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$3905402710,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$606105819,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	12(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$3250441966,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$4118548399,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	20(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1200080426,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$2821735955,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	28(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$4249261313,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$1770035416,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	36(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$2336552879,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$4294925233,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	44(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$2304563134,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$1804603682,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	52(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$4254626195,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$2792965006,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	(%r13),%xmm2
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	60(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$1236535329,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r10d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4129170786,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	24(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$3225465664,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$643717713,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	0(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$3921069994,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$3593408605,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	40(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$38016083,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$3634488961,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	16(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$3889429448,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$568446438,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	56(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$3275163606,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$4107603335,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	32(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1163531501,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$2850285829,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	8(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$4243563512,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$1735328473,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	16(%r13),%xmm3
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	48(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$2368359562,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$4294588738,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	32(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$2272392833,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,4(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$1839030562,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	56(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$4259657740,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,12(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$2763975236,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	16(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1272893353,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,20(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$4139469664,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	40(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$3200236656,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,28(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$681279174,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	0(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$3936430074,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,36(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$3572445317,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	24(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$76029189,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,44(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$3654602809,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	48(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$3873151461,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,52(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$530742520,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	32(%r13),%xmm4
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	8(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$3299628645,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,60(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm4
	pxor	%xmm1,%xmm4
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4096336452,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	28(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$1126891415,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$2878612391,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	20(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$4237533241,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$1700485571,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	12(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$2399980690,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$4293915773,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	4(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$2240044497,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$1873313359,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	60(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$4264355552,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$2734768916,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	52(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1309151649,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$4149444226,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	44(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$3174756917,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$718787259,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	48(%r13),%xmm5
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	36(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$3951481745,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rbp,%rsi
	xorq	%rbp,%rbp
	movb	%sil,%bpl
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm5
	pxor	%xmm1,%xmm5
	addl	0(%rsp),%r8d
	addl	4(%rsp),%r9d
	addl	8(%rsp),%r10d
	addl	12(%rsp),%r11d

	movdqu	%xmm2,(%r14,%r13,1)
	movdqu	%xmm3,16(%r14,%r13,1)
	movdqu	%xmm4,32(%r14,%r13,1)
	movdqu	%xmm5,48(%r14,%r13,1)
	leaq	64(%r15),%r15
	leaq	64(%r13),%r13
	cmpq	16(%rsp),%r15
	jb	L$oop

	movq	24(%rsp),%r12
	subb	%al,%cl
	movl	%r8d,0(%r12)
	movl	%r9d,4(%r12)
	movl	%r10d,8(%r12)
	movl	%r11d,12(%r12)
	subb	$1,%bpl
	movl	%ebp,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	40(%rsp),%r15
	movq	48(%rsp),%r14
	movq	56(%rsp),%r13
	movq	64(%rsp),%r12
	movq	72(%rsp),%rbp
	movq	80(%rsp),%rbx
	leaq	88(%rsp),%rsp
L$epilogue:
L$abort:
	.byte	0xf3,0xc3

Deleted jni/libressl/crypto/rc4/rc4-md5-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
.text	
.p2align	4

.globl	_rc4_md5_enc

_rc4_md5_enc:
	cmpq	$0,%r9
	je	L$abort
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15
	subq	$40,%rsp
L$body:
	movq	%rcx,%r11
	movq	%r9,%r12
	movq	%rsi,%r13
	movq	%rdx,%r14
	movq	%r8,%r15
	xorq	%rbp,%rbp
	xorq	%rcx,%rcx

	leaq	8(%rdi),%rdi
	movb	-8(%rdi),%bpl
	movb	-4(%rdi),%cl

	incb	%bpl
	subq	%r13,%r14
	movl	(%rdi,%rbp,4),%eax
	addb	%al,%cl
	leaq	(%rdi,%rbp,4),%rsi
	shlq	$6,%r12
	addq	%r15,%r12
	movq	%r12,16(%rsp)

	movq	%r11,24(%rsp)
	movl	0(%r11),%r8d
	movl	4(%r11),%r9d
	movl	8(%r11),%r10d
	movl	12(%r11),%r11d
	jmp	L$oop

.p2align	4
L$oop:
	movl	%r8d,0(%rsp)
	movl	%r9d,4(%rsp)
	movl	%r10d,8(%rsp)
	movl	%r11d,%r12d
	movl	%r11d,12(%rsp)
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$3614090360,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,0(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	4(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$3905402710,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,4(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$606105819,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,8(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	12(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$3250441966,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,12(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$4118548399,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,16(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	20(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1200080426,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,20(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$2821735955,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,24(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	28(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$4249261313,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,28(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$1770035416,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,32(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	36(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$2336552879,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,36(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$4294925233,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,40(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	44(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$2304563134,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,44(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$1804603682,%r8d
	xorl	%r11d,%r12d
	movzbl	%al,%eax
	movl	%edx,48(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$7,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	52(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$4254626195,%r11d
	xorl	%r10d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,52(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$12,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$2792965006,%r10d
	xorl	%r9d,%r12d
	movzbl	%al,%eax
	movl	%edx,56(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$17,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	(%r13),%xmm2
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	60(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$1236535329,%r9d
	xorl	%r8d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,60(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$22,%r9d
	movl	%r10d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm2
	pxor	%xmm1,%xmm2
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4129170786,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	24(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$3225465664,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$643717713,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	0(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$3921069994,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$3593408605,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	40(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$38016083,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$3634488961,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	16(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$3889429448,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$568446438,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	56(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$3275163606,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$4107603335,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	32(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1163531501,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r10d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r11d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$2850285829,%r8d
	xorl	%r10d,%r12d
	movzbl	%al,%eax
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$5,%r8d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r10d,%r12d
	addl	8(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$4243563512,%r11d
	xorl	%r9d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$9,%r11d
	movl	%r8d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	andl	%r9d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$1735328473,%r10d
	xorl	%r8d,%r12d
	movzbl	%al,%eax
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$14,%r10d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	16(%r13),%xmm3
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	andl	%r8d,%r12d
	addl	48(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$2368359562,%r9d
	xorl	%r11d,%r12d
	movzbl	%bl,%ebx
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$20,%r9d
	movl	%r11d,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm3
	pxor	%xmm1,%xmm3
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	20(%r15),%r8d
	addb	%dl,%al
	movl	4(%rsi),%ebx
	addl	$4294588738,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,0(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	32(%r15),%r11d
	addb	%dl,%bl
	movl	8(%rsi),%eax
	addl	$2272392833,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,4(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	44(%r15),%r10d
	addb	%dl,%al
	movl	12(%rsi),%ebx
	addl	$1839030562,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,8(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	56(%r15),%r9d
	addb	%dl,%bl
	movl	16(%rsi),%eax
	addl	$4259657740,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,12(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	4(%r15),%r8d
	addb	%dl,%al
	movl	20(%rsi),%ebx
	addl	$2763975236,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,16(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	16(%r15),%r11d
	addb	%dl,%bl
	movl	24(%rsi),%eax
	addl	$1272893353,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,20(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	28(%r15),%r10d
	addb	%dl,%al
	movl	28(%rsi),%ebx
	addl	$4139469664,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,24(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	40(%r15),%r9d
	addb	%dl,%bl
	movl	32(%rsi),%eax
	addl	$3200236656,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,28(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	52(%r15),%r8d
	addb	%dl,%al
	movl	36(%rsi),%ebx
	addl	$681279174,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,32(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	0(%r15),%r11d
	addb	%dl,%bl
	movl	40(%rsi),%eax
	addl	$3936430074,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,36(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	12(%r15),%r10d
	addb	%dl,%al
	movl	44(%rsi),%ebx
	addl	$3572445317,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,40(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	24(%r15),%r9d
	addb	%dl,%bl
	movl	48(%rsi),%eax
	addl	$76029189,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,44(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	%r11d,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r9d,%r12d
	addl	36(%r15),%r8d
	addb	%dl,%al
	movl	52(%rsi),%ebx
	addl	$3654602809,%r8d
	movzbl	%al,%eax
	addl	%r12d,%r8d
	movl	%edx,48(%rsi)
	addb	%bl,%cl
	roll	$4,%r8d
	movl	%r10d,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r8d,%r12d
	addl	48(%r15),%r11d
	addb	%dl,%bl
	movl	56(%rsi),%eax
	addl	$3873151461,%r11d
	movzbl	%bl,%ebx
	addl	%r12d,%r11d
	movl	%edx,52(%rsi)
	addb	%al,%cl
	roll	$11,%r11d
	movl	%r9d,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	xorl	%r11d,%r12d
	addl	60(%r15),%r10d
	addb	%dl,%al
	movl	60(%rsi),%ebx
	addl	$530742520,%r10d
	movzbl	%al,%eax
	addl	%r12d,%r10d
	movl	%edx,56(%rsi)
	addb	%bl,%cl
	roll	$16,%r10d
	movl	%r8d,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	32(%r13),%xmm4
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	xorl	%r10d,%r12d
	addl	8(%r15),%r9d
	addb	%dl,%bl
	movl	64(%rsi),%eax
	addl	$3299628645,%r9d
	movzbl	%bl,%ebx
	addl	%r12d,%r9d
	movl	%edx,60(%rsi)
	addb	%al,%cl
	roll	$23,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm4
	pxor	%xmm1,%xmm4
	pxor	%xmm0,%xmm0
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	0(%r15),%r8d
	addb	%dl,%al
	movl	68(%rsi),%ebx
	addl	$4096336452,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,64(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	movd	(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	pxor	%xmm1,%xmm1
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	28(%r15),%r11d
	addb	%dl,%bl
	movl	72(%rsi),%eax
	addl	$1126891415,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,68(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	movd	(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	56(%r15),%r10d
	addb	%dl,%al
	movl	76(%rsi),%ebx
	addl	$2878612391,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,72(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	20(%r15),%r9d
	addb	%dl,%bl
	movl	80(%rsi),%eax
	addl	$4237533241,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,76(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$1,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	48(%r15),%r8d
	addb	%dl,%al
	movl	84(%rsi),%ebx
	addl	$1700485571,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,80(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	12(%r15),%r11d
	addb	%dl,%bl
	movl	88(%rsi),%eax
	addl	$2399980690,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,84(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$2,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	40(%r15),%r10d
	addb	%dl,%al
	movl	92(%rsi),%ebx
	addl	$4293915773,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,88(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	4(%r15),%r9d
	addb	%dl,%bl
	movl	96(%rsi),%eax
	addl	$2240044497,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,92(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$3,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	32(%r15),%r8d
	addb	%dl,%al
	movl	100(%rsi),%ebx
	addl	$1873313359,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,96(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	60(%r15),%r11d
	addb	%dl,%bl
	movl	104(%rsi),%eax
	addl	$4264355552,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,100(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$4,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	24(%r15),%r10d
	addb	%dl,%al
	movl	108(%rsi),%ebx
	addl	$2734768916,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,104(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	52(%r15),%r9d
	addb	%dl,%bl
	movl	112(%rsi),%eax
	addl	$1309151649,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,108(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$5,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r11d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r9d,%r12d
	addl	16(%r15),%r8d
	addb	%dl,%al
	movl	116(%rsi),%ebx
	addl	$4149444226,%r8d
	movzbl	%al,%eax
	xorl	%r10d,%r12d
	movl	%edx,112(%rsi)
	addl	%r12d,%r8d
	addb	%bl,%cl
	roll	$6,%r8d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rax,4),%xmm0

	addl	%r9d,%r8d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r10d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r8d,%r12d
	addl	44(%r15),%r11d
	addb	%dl,%bl
	movl	120(%rsi),%eax
	addl	$3174756917,%r11d
	movzbl	%bl,%ebx
	xorl	%r9d,%r12d
	movl	%edx,116(%rsi)
	addl	%r12d,%r11d
	addb	%al,%cl
	roll	$10,%r11d
	movl	$-1,%r12d
	pinsrw	$6,(%rdi,%rbx,4),%xmm1

	addl	%r8d,%r11d
	movl	(%rdi,%rcx,4),%edx
	xorl	%r9d,%r12d
	movl	%eax,(%rdi,%rcx,4)
	orl	%r11d,%r12d
	addl	8(%r15),%r10d
	addb	%dl,%al
	movl	124(%rsi),%ebx
	addl	$718787259,%r10d
	movzbl	%al,%eax
	xorl	%r8d,%r12d
	movl	%edx,120(%rsi)
	addl	%r12d,%r10d
	addb	%bl,%cl
	roll	$15,%r10d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rax,4),%xmm0

	addl	%r11d,%r10d
	movdqu	48(%r13),%xmm5
	addb	$32,%bpl
	movl	(%rdi,%rcx,4),%edx
	xorl	%r8d,%r12d
	movl	%ebx,(%rdi,%rcx,4)
	orl	%r10d,%r12d
	addl	36(%r15),%r9d
	addb	%dl,%bl
	movl	0(%rdi,%rbp,4),%eax
	addl	$3951481745,%r9d
	movzbl	%bl,%ebx
	xorl	%r11d,%r12d
	movl	%edx,124(%rsi)
	addl	%r12d,%r9d
	addb	%al,%cl
	roll	$21,%r9d
	movl	$-1,%r12d
	pinsrw	$7,(%rdi,%rbx,4),%xmm1

	addl	%r10d,%r9d
	movq	%rbp,%rsi
	xorq	%rbp,%rbp
	movb	%sil,%bpl
	movq	%rcx,%rsi
	xorq	%rcx,%rcx
	movb	%sil,%cl
	leaq	(%rdi,%rbp,4),%rsi
	psllq	$8,%xmm1
	pxor	%xmm0,%xmm5
	pxor	%xmm1,%xmm5
	addl	0(%rsp),%r8d
	addl	4(%rsp),%r9d
	addl	8(%rsp),%r10d
	addl	12(%rsp),%r11d

	movdqu	%xmm2,(%r14,%r13,1)
	movdqu	%xmm3,16(%r14,%r13,1)
	movdqu	%xmm4,32(%r14,%r13,1)
	movdqu	%xmm5,48(%r14,%r13,1)
	leaq	64(%r15),%r15
	leaq	64(%r13),%r13
	cmpq	16(%rsp),%r15
	jb	L$oop

	movq	24(%rsp),%r12
	subb	%al,%cl
	movl	%r8d,0(%r12)
	movl	%r9d,4(%r12)
	movl	%r10d,8(%r12)
	movl	%r11d,12(%r12)
	subb	$1,%bpl
	movl	%ebp,-8(%rdi)
	movl	%ecx,-4(%rdi)

	movq	40(%rsp),%r15
	movq	48(%rsp),%r14
	movq	56(%rsp),%r13
	movq	64(%rsp),%r12
	movq	72(%rsp),%rbp
	movq	80(%rsp),%rbx
	leaq	88(%rsp),%rsp
L$epilogue:
L$abort:
	.byte	0xf3,0xc3

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/rc4/rc4_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc4_enc.c,v 1.14 2015/10/20 15:50:13 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc4_enc.c,v 1.15 2015/10/21 16:36:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/rc4/rc4_locl.h.
1
2
3
4
5
/* $OpenBSD: rc4_locl.h,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */

#ifndef HEADER_RC4_LOCL_H
#define HEADER_RC4_LOCL_H
#endif
|




1
2
3
4
5
/* $OpenBSD: rc4_locl.h,v 1.4 2014/07/11 08:44:49 jsing Exp $ */

#ifndef HEADER_RC4_LOCL_H
#define HEADER_RC4_LOCL_H
#endif
Changes to jni/libressl/crypto/rc4/rc4_skey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc4_skey.c,v 1.13 2014/10/28 07:35:59 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc4_skey.c,v 1.14 2015/10/20 15:50:13 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/ripemd/rmd_dgst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rmd_dgst.c,v 1.16 2014/08/18 19:11:48 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rmd_dgst.c,v 1.17 2014/10/28 07:35:59 jsg Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/ripemd/rmd_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: rmd_locl.h,v 1.11 2014/08/18 19:11:48 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rmd_locl.h,v 1.13 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
67
68
69
70
71
72
73
74


75


76
77
78
79
80
81
82
 *					<appro@fy.chalmers.se>
 */
#ifdef RMD160_ASM
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
#  define ripemd160_block_data_order ripemd160_block_asm_data_order
# endif
#endif



void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);



#define DATA_ORDER_IS_LITTLE_ENDIAN

#define HASH_LONG               RIPEMD160_LONG
#define HASH_CTX                RIPEMD160_CTX
#define HASH_CBLOCK             RIPEMD160_CBLOCK
#define HASH_UPDATE             RIPEMD160_Update








>
>

>
>







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 *					<appro@fy.chalmers.se>
 */
#ifdef RMD160_ASM
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
#  define ripemd160_block_data_order ripemd160_block_asm_data_order
# endif
#endif

__BEGIN_HIDDEN_DECLS

void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);

__END_HIDDEN_DECLS

#define DATA_ORDER_IS_LITTLE_ENDIAN

#define HASH_LONG               RIPEMD160_LONG
#define HASH_CTX                RIPEMD160_CTX
#define HASH_CBLOCK             RIPEMD160_CBLOCK
#define HASH_UPDATE             RIPEMD160_Update
139
140
141
142
143
144
145
146
        a=ROTATE(a,s)+e; \
        c=ROTATE(c,10); }

#define RIP5(a,b,c,d,e,w,s,K) { \
	a+=F5(b,c,d)+X(w)+K; \
        a=ROTATE(a,s)+e; \
        c=ROTATE(c,10); }








<
143
144
145
146
147
148
149

        a=ROTATE(a,s)+e; \
        c=ROTATE(c,10); }

#define RIP5(a,b,c,d,e,w,s,K) { \
	a+=F5(b,c,d)+X(w)+K; \
        a=ROTATE(a,s)+e; \
        c=ROTATE(c,10); }

Changes to jni/libressl/crypto/ripemd/rmd_one.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rmd_one.c,v 1.8 2015/09/10 15:03:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rmd_one.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/ripemd/rmdconst.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rmdconst.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
51
52
53
54
55
56
57



58
59
60
61
62
63
64
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */



#define KL0 0x00000000L
#define KL1 0x5A827999L
#define KL2 0x6ED9EBA1L
#define KL3 0x8F1BBCDCL
#define KL4 0xA953FD4EL

#define KR0 0x50A28BE6L







>
>
>







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

__BEGIN_HIDDEN_DECLS

#define KL0 0x00000000L
#define KL1 0x5A827999L
#define KL2 0x6ED9EBA1L
#define KL3 0x8F1BBCDCL
#define KL4 0xA953FD4EL

#define KR0 0x50A28BE6L
393
394
395
396
397
398
399

#define WR77  3
#define SR77 13
#define WR78  9
#define SR78 11
#define WR79 11
#define SR79 11









>
396
397
398
399
400
401
402
403
#define WR77  3
#define SR77 13
#define WR78  9
#define SR78 11
#define WR79 11
#define SR79 11

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/rsa/rsa_ameth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>

#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif

#include "asn1_locl.h"

static int
rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
	unsigned char *penc = NULL;







<
<
<







62
63
64
65
66
67
68



69
70
71
72
73
74
75

#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>





#include "asn1_locl.h"

static int
rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
	unsigned char *penc = NULL;
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
	const unsigned char *p;
	int pklen;
	RSA *rsa = NULL;

	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
		return 0;
	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
		RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
		return 0;
	}
	EVP_PKEY_assign_RSA (pkey, rsa);
	return 1;
}

static int







|







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
	const unsigned char *p;
	int pklen;
	RSA *rsa = NULL;

	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
		return 0;
	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
		RSAerror(ERR_R_RSA_LIB);
		return 0;
	}
	EVP_PKEY_assign_RSA (pkey, rsa);
	return 1;
}

static int
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

static int
old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	RSA *rsa;

	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
		RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
		return 0;
	}
	EVP_PKEY_assign_RSA(pkey, rsa);
	return 1;
}

static int







|







114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

static int
old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	RSA *rsa;

	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
		RSAerror(ERR_R_RSA_LIB);
		return 0;
	}
	EVP_PKEY_assign_RSA(pkey, rsa);
	return 1;
}

static int
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
	unsigned char *rk = NULL;
	int rklen;

	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);

	if (rklen <= 0) {
		RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
	    V_ASN1_NULL, NULL, rk, rklen)) {
		RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	return 1;
}

static int







|





|







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
{
	unsigned char *rk = NULL;
	int rklen;

	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);

	if (rklen <= 0) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
	    V_ASN1_NULL, NULL, rk, rklen)) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	return 1;
}

static int
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
		update_buflen(x->dmp1, &buf_len);
		update_buflen(x->dmq1, &buf_len);
		update_buflen(x->iqmp, &buf_len);
	}

	m = malloc(buf_len + 10);
	if (m == NULL) {
		RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (x->n != NULL)
		mod_len = BN_num_bits(x->n);

	if (!BIO_indent(bp, off, 128))







|







212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
		update_buflen(x->dmp1, &buf_len);
		update_buflen(x->dmq1, &buf_len);
		update_buflen(x->iqmp, &buf_len);
	}

	m = malloc(buf_len + 10);
	if (m == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (x->n != NULL)
		mod_len = BN_num_bits(x->n);

	if (!BIO_indent(bp, off, 128))
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
		break;

	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
		if (arg1 == 0)
			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
		break;
#ifndef OPENSSL_NO_CMS
	case ASN1_PKEY_CTRL_CMS_SIGN:
		if (arg1 == 0)
			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
		break;

	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
		if (arg1 == 0)
			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
		break;
#endif

	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *)arg2 = NID_sha1;
		return 1;

	default:
		return -2;







<
<
<
<
<
<
<
<
<
<
<







413
414
415
416
417
418
419











420
421
422
423
424
425
426
			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
		break;

	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
		if (arg1 == 0)
			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
		break;












	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		*(int *)arg2 = NID_sha1;
		return 1;

	default:
		return -2;
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
	const EVP_MD *mgf1md = NULL, *md = NULL;
	RSA_PSS_PARAMS *pss;
	X509_ALGOR *maskHash;
	EVP_PKEY_CTX *pkctx;

	/* Sanity check: make sure it is PSS */
	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
		return -1;
	}

	/* Decode PSS parameters */
	pss = rsa_pss_decode(sigalg, &maskHash);

	if (pss == NULL) {
		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
		goto err;
	}
	/* Check mask and lookup mask hash algorithm */
	if (pss->maskGenAlgorithm) {
		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
			    RSA_R_UNSUPPORTED_MASK_ALGORITHM);
			goto err;
		}
		if (!maskHash) {
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
			    RSA_R_UNSUPPORTED_MASK_PARAMETER);
			goto err;
		}
		mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
		if (mgf1md == NULL) {
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
			    RSA_R_UNKNOWN_MASK_DIGEST);
			goto err;
		}
	} else
		mgf1md = EVP_sha1();

	if (pss->hashAlgorithm) {
		md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
		if (md == NULL) {
			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
			goto err;
		}
	} else
		md = EVP_sha1();

	if (pss->saltLength) {
		saltlen = ASN1_INTEGER_get(pss->saltLength);

		/* Could perform more salt length sanity checks but the main
		 * RSA routines will trap other invalid values anyway.
		 */
		if (saltlen < 0) {
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
			    RSA_R_INVALID_SALT_LENGTH);
			goto err;
		}
	} else
		saltlen = 20;

	/* low-level routines support only trailer field 0xbc (value 1)
	 * and PKCS#1 says we should reject any other value anyway.
	 */
	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
		goto err;
	}

	/* We have all parameters now set up context */

	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
		goto err;







|







|





<
|



<
|




<
|








|












<
|









|







446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466

467
468
469
470

471
472
473
474
475

476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497

498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
	const EVP_MD *mgf1md = NULL, *md = NULL;
	RSA_PSS_PARAMS *pss;
	X509_ALGOR *maskHash;
	EVP_PKEY_CTX *pkctx;

	/* Sanity check: make sure it is PSS */
	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
		RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
		return -1;
	}

	/* Decode PSS parameters */
	pss = rsa_pss_decode(sigalg, &maskHash);

	if (pss == NULL) {
		RSAerror(RSA_R_INVALID_PSS_PARAMETERS);
		goto err;
	}
	/* Check mask and lookup mask hash algorithm */
	if (pss->maskGenAlgorithm) {
		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {

			RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM);
			goto err;
		}
		if (!maskHash) {

			RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER);
			goto err;
		}
		mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
		if (mgf1md == NULL) {

			RSAerror(RSA_R_UNKNOWN_MASK_DIGEST);
			goto err;
		}
	} else
		mgf1md = EVP_sha1();

	if (pss->hashAlgorithm) {
		md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
		if (md == NULL) {
			RSAerror(RSA_R_UNKNOWN_PSS_DIGEST);
			goto err;
		}
	} else
		md = EVP_sha1();

	if (pss->saltLength) {
		saltlen = ASN1_INTEGER_get(pss->saltLength);

		/* Could perform more salt length sanity checks but the main
		 * RSA routines will trap other invalid values anyway.
		 */
		if (saltlen < 0) {

			RSAerror(RSA_R_INVALID_SALT_LENGTH);
			goto err;
		}
	} else
		saltlen = 20;

	/* low-level routines support only trailer field 0xbc (value 1)
	 * and PKCS#1 says we should reject any other value anyway.
	 */
	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
		RSAerror(RSA_R_INVALID_TRAILER);
		goto err;
	}

	/* We have all parameters now set up context */

	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
		goto err;
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
			X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
		}
		if (EVP_MD_type(mgf1md) != NID_sha1) {
			ASN1_STRING *stmp = NULL;
			/* need to embed algorithm ID inside another */
			mgf1alg = X509_ALGOR_new();
			X509_ALGOR_set_md(mgf1alg, mgf1md);
			if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
			    &stmp))
				goto err;
			pss->maskGenAlgorithm = X509_ALGOR_new();
			if (!pss->maskGenAlgorithm)
				goto err;
			X509_ALGOR_set0(pss->maskGenAlgorithm,
			    OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
		}
		/* Finally create string with pss parameter encoding. */
		if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
			goto err;
		if (alg2) {
			os2 = ASN1_STRING_dup(os1);
			if (!os2)
				goto err;
			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
			    V_ASN1_SEQUENCE, os2);







|









|







580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
			X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
		}
		if (EVP_MD_type(mgf1md) != NID_sha1) {
			ASN1_STRING *stmp = NULL;
			/* need to embed algorithm ID inside another */
			mgf1alg = X509_ALGOR_new();
			X509_ALGOR_set_md(mgf1alg, mgf1md);
			if (!ASN1_item_pack(mgf1alg, &X509_ALGOR_it,
			    &stmp))
				goto err;
			pss->maskGenAlgorithm = X509_ALGOR_new();
			if (!pss->maskGenAlgorithm)
				goto err;
			X509_ALGOR_set0(pss->maskGenAlgorithm,
			    OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
		}
		/* Finally create string with pss parameter encoding. */
		if (!ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, &os1))
			goto err;
		if (alg2) {
			os2 = ASN1_STRING_dup(os1);
			if (!os2)
				goto err;
			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
			    V_ASN1_SEQUENCE, os2);
Changes to jni/libressl/crypto/rsa/rsa_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_asn1.c,v 1.11 2015/02/10 05:12:23 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_asn1.c,v 1.13 2016/12/30 15:47:07 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPublicKey_it);
}

RSA *
RSAPublicKey_dup(RSA *rsa)
{
	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
}

RSA *
RSAPrivateKey_dup(RSA *rsa)
{
	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
}







|





|

294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
{
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPublicKey_it);
}

RSA *
RSAPublicKey_dup(RSA *rsa)
{
	return ASN1_item_dup(&RSAPublicKey_it, rsa);
}

RSA *
RSAPrivateKey_dup(RSA *rsa)
{
	return ASN1_item_dup(&RSAPrivateKey_it, rsa);
}
Changes to jni/libressl/crypto/rsa/rsa_chk.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_chk.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
48
49
50
51
52
53
54


55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 * ====================================================================
 */

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>



int
RSA_check_key(const RSA *key)
{
	BIGNUM *i, *j, *k, *l, *m;
	BN_CTX *ctx;
	int r;
	int ret = 1;

	if (!key->p || !key->q || !key->n || !key->e || !key->d) {
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
		return 0;
	}

	i = BN_new();
	j = BN_new();
	k = BN_new();
	l = BN_new();
	m = BN_new();
	ctx = BN_CTX_new();
	if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL ||
	    ctx == NULL) {
		ret = -1;
		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* p prime? */
	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
	if (r != 1) {
		ret = r;
		if (r != 0)
			goto err;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
	}

	/* q prime? */
	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
	if (r != 1) {
		ret = r;
		if (r != 0)
			goto err;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
	}

	/* n = p*q? */
	r = BN_mul(i, key->p, key->q, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}

	if (BN_cmp(i, key->n) != 0) {
		ret = 0;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
	}

	/* d*e = 1  mod lcm(p-1,q-1)? */

	r = BN_sub(i, key->p, BN_value_one());
	if (!r) {
		ret = -1;







>
>









|












|









|








|











|







48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 * ====================================================================
 */

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>

#include "bn_lcl.h"

int
RSA_check_key(const RSA *key)
{
	BIGNUM *i, *j, *k, *l, *m;
	BN_CTX *ctx;
	int r;
	int ret = 1;

	if (!key->p || !key->q || !key->n || !key->e || !key->d) {
		RSAerror(RSA_R_VALUE_MISSING);
		return 0;
	}

	i = BN_new();
	j = BN_new();
	k = BN_new();
	l = BN_new();
	m = BN_new();
	ctx = BN_CTX_new();
	if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL ||
	    ctx == NULL) {
		ret = -1;
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* p prime? */
	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
	if (r != 1) {
		ret = r;
		if (r != 0)
			goto err;
		RSAerror(RSA_R_P_NOT_PRIME);
	}

	/* q prime? */
	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
	if (r != 1) {
		ret = r;
		if (r != 0)
			goto err;
		RSAerror(RSA_R_Q_NOT_PRIME);
	}

	/* n = p*q? */
	r = BN_mul(i, key->p, key->q, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}

	if (BN_cmp(i, key->n) != 0) {
		ret = 0;
		RSAerror(RSA_R_N_DOES_NOT_EQUAL_P_Q);
	}

	/* d*e = 1  mod lcm(p-1,q-1)? */

	r = BN_sub(i, key->p, BN_value_one());
	if (!r) {
		ret = -1;
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

	/* now compute k = lcm(i,j) */
	r = BN_mul(l, i, j, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}
	r = BN_gcd(m, i, j, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}
	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
	if (!r) {
		ret = -1;
		goto err;
	}

	r = BN_mod_mul(i, key->d, key->e, k, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}

	if (!BN_is_one(i)) {
		ret = 0;
		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
	}

	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
		/* dmp1 = d mod (p-1)? */
		r = BN_sub(i, key->p, BN_value_one());
		if (!r) {
			ret = -1;
			goto err;
		}

		r = BN_mod(j, key->d, i, ctx);
		if (!r) {
			ret = -1;
			goto err;
		}

		if (BN_cmp(j, key->dmp1) != 0) {
			ret = 0;
			RSAerr(RSA_F_RSA_CHECK_KEY,
			    RSA_R_DMP1_NOT_CONGRUENT_TO_D);
		}

		/* dmq1 = d mod (q-1)? */
		r = BN_sub(i, key->q, BN_value_one());
		if (!r) {
			ret = -1;
			goto err;
		}

		r = BN_mod(j, key->d, i, ctx);
		if (!r) {
			ret = -1;
			goto err;
		}

		if (BN_cmp(j, key->dmq1) != 0) {
			ret = 0;
			RSAerr(RSA_F_RSA_CHECK_KEY,
			    RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
		}

		/* iqmp = q^-1 mod p? */
		if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
			ret = -1;
			goto err;
		}

		if (BN_cmp(i, key->iqmp) != 0) {
			ret = 0;
			RSAerr(RSA_F_RSA_CHECK_KEY,
			    RSA_R_IQMP_NOT_INVERSE_OF_Q);
		}
	}

err:
	BN_free(i);
	BN_free(j);
	BN_free(k);
	BN_free(l);
	BN_free(m);
	BN_CTX_free(ctx);

	return (ret);
}







|




|













|










|







<
|









|







<
|



|






<
|













125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

188
189
190
191
192
193
194
195
196
197
198

199
200
201
202
203
204
205
206
207
208
209
210
211
212

	/* now compute k = lcm(i,j) */
	r = BN_mul(l, i, j, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}
	r = BN_gcd_ct(m, i, j, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}
	r = BN_div_ct(k, NULL, l, m, ctx); /* remainder is 0 */
	if (!r) {
		ret = -1;
		goto err;
	}

	r = BN_mod_mul(i, key->d, key->e, k, ctx);
	if (!r) {
		ret = -1;
		goto err;
	}

	if (!BN_is_one(i)) {
		ret = 0;
		RSAerror(RSA_R_D_E_NOT_CONGRUENT_TO_1);
	}

	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
		/* dmp1 = d mod (p-1)? */
		r = BN_sub(i, key->p, BN_value_one());
		if (!r) {
			ret = -1;
			goto err;
		}

		r = BN_mod_ct(j, key->d, i, ctx);
		if (!r) {
			ret = -1;
			goto err;
		}

		if (BN_cmp(j, key->dmp1) != 0) {
			ret = 0;

			RSAerror(RSA_R_DMP1_NOT_CONGRUENT_TO_D);
		}

		/* dmq1 = d mod (q-1)? */
		r = BN_sub(i, key->q, BN_value_one());
		if (!r) {
			ret = -1;
			goto err;
		}

		r = BN_mod_ct(j, key->d, i, ctx);
		if (!r) {
			ret = -1;
			goto err;
		}

		if (BN_cmp(j, key->dmq1) != 0) {
			ret = 0;

			RSAerror(RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
		}

		/* iqmp = q^-1 mod p? */
		if (!BN_mod_inverse_ct(i, key->q, key->p, ctx)) {
			ret = -1;
			goto err;
		}

		if (BN_cmp(i, key->iqmp) != 0) {
			ret = 0;

			RSAerror(RSA_R_IQMP_NOT_INVERSE_OF_Q);
		}
	}

err:
	BN_free(i);
	BN_free(j);
	BN_free(k);
	BN_free(l);
	BN_free(m);
	BN_CTX_free(ctx);

	return (ret);
}
Changes to jni/libressl/crypto/rsa/rsa_crpt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_crpt.c,v 1.15 2016/06/30 02:02:06 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
61
62
63
64
65
66
67


68
69
70
71
72
73
74
#include <openssl/opensslconf.h>

#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/rsa.h>



#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif

int
RSA_size(const RSA *r)







>
>







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#include <openssl/opensslconf.h>

#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/rsa.h>

#include "bn_lcl.h"

#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif

int
RSA_size(const RSA *r)
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
	if (!BN_sub(r1, p, BN_value_one()))
		goto err;
	if (!BN_sub(r2, q, BN_value_one()))
		goto err;
	if (!BN_mul(r0, r1, r2, ctx))
		goto err;

	ret = BN_mod_inverse(NULL, d, r0, ctx);
err:
	BN_CTX_end(ctx);
	return ret;
}

BN_BLINDING *
RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)







|







158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
	if (!BN_sub(r1, p, BN_value_one()))
		goto err;
	if (!BN_sub(r2, q, BN_value_one()))
		goto err;
	if (!BN_mul(r0, r1, r2, ctx))
		goto err;

	ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
err:
	BN_CTX_end(ctx);
	return ret;
}

BN_BLINDING *
RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
		ctx = in_ctx;

	BN_CTX_start(ctx);

	if (rsa->e == NULL) {
		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
		if (e == NULL) {
			RSAerr(RSA_F_RSA_SETUP_BLINDING,
			    RSA_R_NO_PUBLIC_EXPONENT);
			goto err;
		}
	} else
		e = rsa->e;

	BN_init(&n);
	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);

	ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp,
	    rsa->_method_mod_n);

	if (ret == NULL) {
		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
		goto err;
	}
	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
err:
	BN_CTX_end(ctx);
	if (in_ctx == NULL)
		BN_CTX_free(ctx);
	if (rsa->e == NULL)
		BN_free(e);

	return ret;
}







<
|












|












183
184
185
186
187
188
189

190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
		ctx = in_ctx;

	BN_CTX_start(ctx);

	if (rsa->e == NULL) {
		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
		if (e == NULL) {

			RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
			goto err;
		}
	} else
		e = rsa->e;

	BN_init(&n);
	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);

	ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp,
	    rsa->_method_mod_n);

	if (ret == NULL) {
		RSAerror(ERR_R_BN_LIB);
		goto err;
	}
	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
err:
	BN_CTX_end(ctx);
	if (in_ctx == NULL)
		BN_CTX_free(ctx);
	if (rsa->e == NULL)
		BN_free(e);

	return ret;
}
Changes to jni/libressl/crypto/rsa/rsa_depr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_depr.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_depr.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/crypto/rsa/rsa_eay.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_eay.c,v 1.41 2016/06/30 02:02:06 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_eay.c,v 1.46 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
113
114
115
116
117
118
119


120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
#include <string.h>

#include <openssl/opensslconf.h>

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>



static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
static int RSA_eay_init(RSA *rsa);
static int RSA_eay_finish(RSA *rsa);

static RSA_METHOD rsa_pkcs1_eay_meth = {
	.name = "Eric Young's PKCS#1 RSA",
	.rsa_pub_enc = RSA_eay_public_encrypt,
	.rsa_pub_dec = RSA_eay_public_decrypt, /* signature verification */
	.rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
	.rsa_priv_dec = RSA_eay_private_decrypt,
	.rsa_mod_exp = RSA_eay_mod_exp,
	.bn_mod_exp = BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
	.init = RSA_eay_init,
	.finish = RSA_eay_finish,
};

const RSA_METHOD *
RSA_PKCS1_SSLeay(void)
{
	return &rsa_pkcs1_eay_meth;
}

static int
RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
    RSA *rsa, int padding)
{
	BIGNUM *f, *ret;
	int i, j, k, num = 0, r = -1;
	unsigned char *buf = NULL;
	BN_CTX *ctx = NULL;

	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
		return -1;
	}

	if (BN_ucmp(rsa->n, rsa->e) <= 0) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
		return -1;
	}

	/* for large moduli, enforce exponent limit */
	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
			return -1;
		}
	}

	if ((ctx = BN_CTX_new()) == NULL)
		goto err;

	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (f == NULL || ret == NULL || buf == NULL) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	switch (padding) {
	case RSA_PKCS1_PADDING:
		i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
		break;
#ifndef OPENSSL_NO_SHA
	case RSA_PKCS1_OAEP_PADDING:
		i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
		break;
#endif
	case RSA_SSLV23_PADDING:
		i = RSA_padding_add_SSLv23(buf, num, from, flen);
		break;
	case RSA_NO_PADDING:
		i = RSA_padding_add_none(buf, num, from, flen);
		break;
	default:
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
		    RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (i <= 0)
		goto err;

	if (BN_bin2bn(buf, num, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {
		/* usually the padding functions would catch this */
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
		    CRYPTO_LOCK_RSA, rsa->n, ctx))
			goto err;

	if (!rsa->meth->bn_mod_exp(ret, f,rsa->e, rsa->n, ctx,
	    rsa->_method_mod_n))
		goto err;

	/* put in leading 0 bytes if the number is less than the
	 * length of the modulus */
	j = BN_num_bytes(ret);
	i = BN_bn2bin(ret, &(to[num - j]));







>
>




















|




















|




|






|














|



















<
|










<
|








|







113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

210
211
212
213
214
215
216
217
218
219
220

221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
#include <string.h>

#include <openssl/opensslconf.h>

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>

#include "bn_lcl.h"

static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
static int RSA_eay_init(RSA *rsa);
static int RSA_eay_finish(RSA *rsa);

static RSA_METHOD rsa_pkcs1_eay_meth = {
	.name = "Eric Young's PKCS#1 RSA",
	.rsa_pub_enc = RSA_eay_public_encrypt,
	.rsa_pub_dec = RSA_eay_public_decrypt, /* signature verification */
	.rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
	.rsa_priv_dec = RSA_eay_private_decrypt,
	.rsa_mod_exp = RSA_eay_mod_exp,
	.bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if  e == 3 */
	.init = RSA_eay_init,
	.finish = RSA_eay_finish,
};

const RSA_METHOD *
RSA_PKCS1_SSLeay(void)
{
	return &rsa_pkcs1_eay_meth;
}

static int
RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
    RSA *rsa, int padding)
{
	BIGNUM *f, *ret;
	int i, j, k, num = 0, r = -1;
	unsigned char *buf = NULL;
	BN_CTX *ctx = NULL;

	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
		RSAerror(RSA_R_MODULUS_TOO_LARGE);
		return -1;
	}

	if (BN_ucmp(rsa->n, rsa->e) <= 0) {
		RSAerror(RSA_R_BAD_E_VALUE);
		return -1;
	}

	/* for large moduli, enforce exponent limit */
	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
			RSAerror(RSA_R_BAD_E_VALUE);
			return -1;
		}
	}

	if ((ctx = BN_CTX_new()) == NULL)
		goto err;

	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (f == NULL || ret == NULL || buf == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	switch (padding) {
	case RSA_PKCS1_PADDING:
		i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
		break;
#ifndef OPENSSL_NO_SHA
	case RSA_PKCS1_OAEP_PADDING:
		i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
		break;
#endif
	case RSA_SSLV23_PADDING:
		i = RSA_padding_add_SSLv23(buf, num, from, flen);
		break;
	case RSA_NO_PADDING:
		i = RSA_padding_add_none(buf, num, from, flen);
		break;
	default:

		RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (i <= 0)
		goto err;

	if (BN_bin2bn(buf, num, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {
		/* usually the padding functions would catch this */

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
		    CRYPTO_LOCK_RSA, rsa->n, ctx))
			goto err;

	if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
	    rsa->_method_mod_n))
		goto err;

	/* put in leading 0 bytes if the number is less than the
	 * length of the modulus */
	j = BN_num_bytes(ret);
	i = BN_bn2bin(ret, &(to[num - j]));
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (f == NULL || ret == NULL || buf == NULL) {
		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	switch (padding) {
	case RSA_PKCS1_PADDING:
		i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
		break;
	case RSA_X931_PADDING:
		i = RSA_padding_add_X931(buf, num, from, flen);
		break;
	case RSA_NO_PADDING:
		i = RSA_padding_add_none(buf, num, from, flen);
		break;
	case RSA_SSLV23_PADDING:
	default:
		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
		    RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (i <= 0)
		goto err;

	if (BN_bin2bn(buf, num, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {
		/* usually the padding functions would catch this */
		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
		if (blinding == NULL) {
			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}

	if (blinding != NULL) {
		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
			goto err;
	}

	if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||







|















<
|










<
|






<
|






<
|







368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398
399
400
401

402
403
404
405
406
407
408

409
410
411
412
413
414
415

416
417
418
419
420
421
422
423
	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (f == NULL || ret == NULL || buf == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	switch (padding) {
	case RSA_PKCS1_PADDING:
		i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
		break;
	case RSA_X931_PADDING:
		i = RSA_padding_add_X931(buf, num, from, flen);
		break;
	case RSA_NO_PADDING:
		i = RSA_padding_add_none(buf, num, from, flen);
		break;
	case RSA_SSLV23_PADDING:
	default:

		RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (i <= 0)
		goto err;

	if (BN_bin2bn(buf, num, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {
		/* usually the padding functions would catch this */

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
		if (blinding == NULL) {

			RSAerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}

	if (blinding != NULL) {
		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {

			RSAerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
			goto err;
	}

	if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (!f || !ret || !buf) {
		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* This check was for equality but PGP does evil things
	 * and chops off the top '0' bytes */
	if (flen > num) {
		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
		    RSA_R_DATA_GREATER_THAN_MOD_LEN);
		goto err;
	}

	/* make data into a big number */
	if (BN_bin2bn(from, (int)flen, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {
		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
		if (blinding == NULL) {
			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}

	if (blinding != NULL) {
		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
			goto err;
	}

	/* do the decrypt */







|






<
|








<
|






<
|






<
|







499
500
501
502
503
504
505
506
507
508
509
510
511
512

513
514
515
516
517
518
519
520
521

522
523
524
525
526
527
528

529
530
531
532
533
534
535

536
537
538
539
540
541
542
543
	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (!f || !ret || !buf) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* This check was for equality but PGP does evil things
	 * and chops off the top '0' bytes */
	if (flen > num) {

		RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
		goto err;
	}

	/* make data into a big number */
	if (BN_bin2bn(from, (int)flen, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
		if (blinding == NULL) {

			RSAerror(ERR_R_INTERNAL_ERROR);
			goto err;
		}
	}

	if (blinding != NULL) {
		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {

			RSAerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
			goto err;
	}

	/* do the decrypt */
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
	case RSA_SSLV23_PADDING:
		r = RSA_padding_check_SSLv23(to, num, buf, j, num);
		break;
	case RSA_NO_PADDING:
		r = RSA_padding_check_none(to, num, buf, j, num);
		break;
	default:
		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
		    RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (r < 0)
		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
		    RSA_R_PADDING_CHECK_FAILED);

err:
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	if (buf != NULL) {







<
|



<
|







582
583
584
585
586
587
588

589
590
591
592

593
594
595
596
597
598
599
600
	case RSA_SSLV23_PADDING:
		r = RSA_padding_check_SSLv23(to, num, buf, j, num);
		break;
	case RSA_NO_PADDING:
		r = RSA_padding_check_none(to, num, buf, j, num);
		break;
	default:

		RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (r < 0)

		RSAerror(RSA_R_PADDING_CHECK_FAILED);

err:
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	if (buf != NULL) {
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
	BIGNUM *f, *ret;
	int i, num = 0, r = -1;
	unsigned char *p;
	unsigned char *buf = NULL;
	BN_CTX *ctx = NULL;

	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
		return -1;
	}

	if (BN_ucmp(rsa->n, rsa->e) <= 0) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
		return -1;
	}

	/* for large moduli, enforce exponent limit */
	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
			return -1;
		}
	}

	if ((ctx = BN_CTX_new()) == NULL)
		goto err;

	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (!f || !ret || !buf) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* This check was for equality but PGP does evil things
	 * and chops off the top '0' bytes */
	if (flen > num) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
		    RSA_R_DATA_GREATER_THAN_MOD_LEN);
		goto err;
	}

	if (BN_bin2bn(from, flen, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
		    CRYPTO_LOCK_RSA, rsa->n, ctx))
			goto err;







|




|






|














|






<
|







<
|







612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652

653
654
655
656
657
658
659
660

661
662
663
664
665
666
667
668
	BIGNUM *f, *ret;
	int i, num = 0, r = -1;
	unsigned char *p;
	unsigned char *buf = NULL;
	BN_CTX *ctx = NULL;

	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
		RSAerror(RSA_R_MODULUS_TOO_LARGE);
		return -1;
	}

	if (BN_ucmp(rsa->n, rsa->e) <= 0) {
		RSAerror(RSA_R_BAD_E_VALUE);
		return -1;
	}

	/* for large moduli, enforce exponent limit */
	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
			RSAerror(RSA_R_BAD_E_VALUE);
			return -1;
		}
	}

	if ((ctx = BN_CTX_new()) == NULL)
		goto err;

	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);
	ret = BN_CTX_get(ctx);
	num = BN_num_bytes(rsa->n);
	buf = malloc(num);

	if (!f || !ret || !buf) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* This check was for equality but PGP does evil things
	 * and chops off the top '0' bytes */
	if (flen > num) {

		RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
		goto err;
	}

	if (BN_bin2bn(from, flen, f) == NULL)
		goto err;

	if (BN_ucmp(f, rsa->n) >= 0) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
		goto err;
	}

	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
		    CRYPTO_LOCK_RSA, rsa->n, ctx))
			goto err;
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
	case RSA_X931_PADDING:
		r = RSA_padding_check_X931(to, num, buf, i, num);
		break;
	case RSA_NO_PADDING:
		r = RSA_padding_check_none(to, num, buf, i, num);
		break;
	default:
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
		    RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (r < 0)
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
		    RSA_R_PADDING_CHECK_FAILED);

err:
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	if (buf != NULL) {







<
|



<
|







685
686
687
688
689
690
691

692
693
694
695

696
697
698
699
700
701
702
703
	case RSA_X931_PADDING:
		r = RSA_padding_check_X931(to, num, buf, i, num);
		break;
	case RSA_NO_PADDING:
		r = RSA_padding_check_none(to, num, buf, i, num);
		break;
	default:

		RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
		goto err;
	}
	if (r < 0)

		RSAerror(RSA_R_PADDING_CHECK_FAILED);

err:
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}
	if (buf != NULL) {
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
	int ret = 0;

	BN_CTX_start(ctx);
	r1 = BN_CTX_get(ctx);
	m1 = BN_CTX_get(ctx);
	vrfy = BN_CTX_get(ctx);
	if (r1 == NULL || m1 == NULL || vrfy == NULL) {
		RSAerr(RSA_F_RSA_EAY_MOD_EXP, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	{
		BIGNUM p, q;

		/*







|







715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
	int ret = 0;

	BN_CTX_start(ctx);
	r1 = BN_CTX_get(ctx);
	m1 = BN_CTX_get(ctx);
	vrfy = BN_CTX_get(ctx);
	if (r1 == NULL || m1 == NULL || vrfy == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	{
		BIGNUM p, q;

		/*
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
		    CRYPTO_LOCK_RSA, rsa->n, ctx))
			goto err;

	/* compute I mod q */
	BN_init(&c);
	BN_with_flags(&c, I, BN_FLG_CONSTTIME);

	if (!BN_mod(r1, &c, rsa->q, ctx))
		goto err;

	/* compute r1^dmq1 mod q */
	BN_init(&dmq1);
	BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME);

	if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx,
	    rsa->_method_mod_q))
		goto err;

	/* compute I mod p */
	BN_with_flags(&c, I, BN_FLG_CONSTTIME);

	if (!BN_mod(r1, &c, rsa->p, ctx))
		goto err;

	/* compute r1^dmp1 mod p */
	BN_init(&dmp1);
	BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME);

	if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx,







|













|







750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
		    CRYPTO_LOCK_RSA, rsa->n, ctx))
			goto err;

	/* compute I mod q */
	BN_init(&c);
	BN_with_flags(&c, I, BN_FLG_CONSTTIME);

	if (!BN_mod_ct(r1, &c, rsa->q, ctx))
		goto err;

	/* compute r1^dmq1 mod q */
	BN_init(&dmq1);
	BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME);

	if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx,
	    rsa->_method_mod_q))
		goto err;

	/* compute I mod p */
	BN_with_flags(&c, I, BN_FLG_CONSTTIME);

	if (!BN_mod_ct(r1, &c, rsa->p, ctx))
		goto err;

	/* compute r1^dmp1 mod p */
	BN_init(&dmp1);
	BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME);

	if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx,
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
	if (!BN_mul(r1, r0, rsa->iqmp, ctx))
		goto err;

	/* Turn BN_FLG_CONSTTIME flag on before division operation */
	BN_init(&pr1);
	BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);

	if (!BN_mod(r0, &pr1, rsa->p, ctx))
		goto err;

	/*
	 * If p < q it is occasionally possible for the correction of
	 * adding 'p' if r0 is negative above to leave the result still
	 * negative. This can break the private key operations: the following
	 * second correction should *always* correct this rare occurrence.







|







793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
	if (!BN_mul(r1, r0, rsa->iqmp, ctx))
		goto err;

	/* Turn BN_FLG_CONSTTIME flag on before division operation */
	BN_init(&pr1);
	BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);

	if (!BN_mod_ct(r0, &pr1, rsa->p, ctx))
		goto err;

	/*
	 * If p < q it is occasionally possible for the correction of
	 * adding 'p' if r0 is negative above to leave the result still
	 * negative. This can break the private key operations: the following
	 * second correction should *always* correct this rare occurrence.
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
		 * If 'I' was greater than (or equal to) rsa->n, the operation
		 * will be equivalent to using 'I mod n'. However, the result of
		 * the verify will *always* be less than 'n' so we don't check
		 * for absolute equality, just congruency.
		 */
		if (!BN_sub(vrfy, vrfy, I))
			goto err;
		if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
			goto err;
		if (BN_is_negative(vrfy))
			if (!BN_add(vrfy, vrfy, rsa->n))
				goto err;
		if (!BN_is_zero(vrfy)) {
			/*
			 * 'I' and 'vrfy' aren't congruent mod n. Don't leak







|







824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
		 * If 'I' was greater than (or equal to) rsa->n, the operation
		 * will be equivalent to using 'I mod n'. However, the result of
		 * the verify will *always* be less than 'n' so we don't check
		 * for absolute equality, just congruency.
		 */
		if (!BN_sub(vrfy, vrfy, I))
			goto err;
		if (!BN_mod_ct(vrfy, vrfy, rsa->n, ctx))
			goto err;
		if (BN_is_negative(vrfy))
			if (!BN_add(vrfy, vrfy, rsa->n))
				goto err;
		if (!BN_is_zero(vrfy)) {
			/*
			 * 'I' and 'vrfy' aren't congruent mod n. Don't leak
Changes to jni/libressl/crypto/rsa/rsa_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_err.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)

static ERR_STRING_DATA RSA_str_functs[] = {
	{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
	{ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
	{ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
	{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
	{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
	{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
	{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
	{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
	{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
	{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
	{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
	{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
	{ERR_FUNC(RSA_F_RSA_EAY_MOD_EXP), "RSA_EAY_MOD_EXP"},
	{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
	{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
	{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
	{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
	{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
	{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
	{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
	{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
	{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
	{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
	{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
	{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
	{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
	{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
	{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), "RSA_padding_add_PKCS1_PSS_mgf1"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
	{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
	{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
	{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
	{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
	{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
	{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
	{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
	{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
	{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
	{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
	{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
	{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
	{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
	{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
	{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
	{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
	{0, NULL}
};

static ERR_STRING_DATA RSA_str_reasons[] = {
	{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    , "algorithm mismatch"},
	{ERR_REASON(RSA_R_BAD_E_VALUE)           , "bad e value"},
	{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74






















75



































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)

static ERR_STRING_DATA RSA_str_functs[] = {






















	{ERR_FUNC(0xfff), "CRYPTO_internal"},



































	{0, NULL}
};

static ERR_STRING_DATA RSA_str_reasons[] = {
	{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    , "algorithm mismatch"},
	{ERR_REASON(RSA_R_BAD_E_VALUE)           , "bad e value"},
	{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
Changes to jni/libressl/crypto/rsa/rsa_gen.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_gen.c,v 1.17 2015/02/09 15:49:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_gen.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
64
65
66
67
68
69
70


71
72
73
74
75
76
77

#include <stdio.h>
#include <time.h>

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>



static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);

/*
 * NB: this wrapper would normally be placed in rsa_lib.c and the static
 * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
 * that we don't introduce a new linker dependency. Eg. any application that







>
>







64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

#include <stdio.h>
#include <time.h>

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>

#include "bn_lcl.h"

static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);

/*
 * NB: this wrapper would normally be placed in rsa_lib.c and the static
 * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
 * that we don't introduce a new linker dependency. Eg. any application that
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

	/* generate p and q */
	for (;;) {
		if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
			goto err;
		if (!BN_sub(r2, rsa->p, BN_value_one()))
			goto err;
		if (!BN_gcd(r1, r2, rsa->e, ctx))
			goto err;
		if (BN_is_one(r1))
			break;
		if (!BN_GENCB_call(cb, 2, n++))
			goto err;
	}
	if (!BN_GENCB_call(cb, 3, 0))







|







134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

	/* generate p and q */
	for (;;) {
		if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
			goto err;
		if (!BN_sub(r2, rsa->p, BN_value_one()))
			goto err;
		if (!BN_gcd_ct(r1, r2, rsa->e, ctx))
			goto err;
		if (BN_is_one(r1))
			break;
		if (!BN_GENCB_call(cb, 2, n++))
			goto err;
	}
	if (!BN_GENCB_call(cb, 3, 0))
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
			if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL,
			    cb))
				goto err;
		} while (BN_cmp(rsa->p, rsa->q) == 0 &&
		    ++degenerate < 3);
		if (degenerate == 3) {
			ok = 0; /* we set our own err */
			RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,
			    RSA_R_KEY_SIZE_TOO_SMALL);
			goto err;
		}
		if (!BN_sub(r2, rsa->q, BN_value_one()))
			goto err;
		if (!BN_gcd(r1, r2, rsa->e, ctx))
			goto err;
		if (BN_is_one(r1))
			break;
		if (!BN_GENCB_call(cb, 2, n++))
			goto err;
	}
	if (!BN_GENCB_call(cb, 3, 1))







<
|




|







158
159
160
161
162
163
164

165
166
167
168
169
170
171
172
173
174
175
176
177
			if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL,
			    cb))
				goto err;
		} while (BN_cmp(rsa->p, rsa->q) == 0 &&
		    ++degenerate < 3);
		if (degenerate == 3) {
			ok = 0; /* we set our own err */

			RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
			goto err;
		}
		if (!BN_sub(r2, rsa->q, BN_value_one()))
			goto err;
		if (!BN_gcd_ct(r1, r2, rsa->e, ctx))
			goto err;
		if (BN_is_one(r1))
			break;
		if (!BN_GENCB_call(cb, 2, n++))
			goto err;
	}
	if (!BN_GENCB_call(cb, 3, 1))
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
	if (!BN_sub(r2, rsa->q, BN_value_one()))	/* q-1 */
		goto err;
	if (!BN_mul(r0, r1, r2, ctx))			/* (p-1)(q-1) */
		goto err;

	BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME);

	if (!BN_mod_inverse(rsa->d, rsa->e, &pr0, ctx)) /* d */
		goto err;

	/* set up d for correct BN_FLG_CONSTTIME flag */
	BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);

	/* calculate d mod (p-1) */
	if (!BN_mod(rsa->dmp1, &d, r1, ctx))
		goto err;

	/* calculate d mod (q-1) */
	if (!BN_mod(rsa->dmq1, &d, r2, ctx))
		goto err;

	/* calculate inverse of q mod p */
	BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME);
	if (!BN_mod_inverse(rsa->iqmp, rsa->q, &p, ctx))
		goto err;

	ok = 1;
err:
	if (ok == -1) {
		RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
		ok = 0;
	}
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}

	return ok;
}







|






|



|




|





|









192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
	if (!BN_sub(r2, rsa->q, BN_value_one()))	/* q-1 */
		goto err;
	if (!BN_mul(r0, r1, r2, ctx))			/* (p-1)(q-1) */
		goto err;

	BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME);

	if (!BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx)) /* d */
		goto err;

	/* set up d for correct BN_FLG_CONSTTIME flag */
	BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);

	/* calculate d mod (p-1) */
	if (!BN_mod_ct(rsa->dmp1, &d, r1, ctx))
		goto err;

	/* calculate d mod (q-1) */
	if (!BN_mod_ct(rsa->dmq1, &d, r2, ctx))
		goto err;

	/* calculate inverse of q mod p */
	BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME);
	if (!BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx))
		goto err;

	ok = 1;
err:
	if (ok == -1) {
		RSAerror(ERR_LIB_BN);
		ok = 0;
	}
	if (ctx != NULL) {
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
	}

	return ok;
}
Changes to jni/libressl/crypto/rsa/rsa_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_lib.c,v 1.29 2014/10/18 17:20:40 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_lib.c,v 1.31 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
RSA *
RSA_new_method(ENGINE *engine)
{
	RSA *ret;

	ret = malloc(sizeof(RSA));
	if (ret == NULL) {
		RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
	if (engine) {
		if (!ENGINE_init(engine)) {
			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
			free(ret);
			return NULL;
		}
		ret->engine = engine;
	} else
		ret->engine = ENGINE_get_default_RSA();
	if (ret->engine) {
		ret->meth = ENGINE_get_RSA(ret->engine);
		if (!ret->meth) {
			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif








|







|









|







128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
RSA *
RSA_new_method(ENGINE *engine)
{
	RSA *ret;

	ret = malloc(sizeof(RSA));
	if (ret == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
	if (engine) {
		if (!ENGINE_init(engine)) {
			RSAerror(ERR_R_ENGINE_LIB);
			free(ret);
			return NULL;
		}
		ret->engine = engine;
	} else
		ret->engine = ENGINE_get_default_RSA();
	if (ret->engine) {
		ret->meth = ENGINE_get_RSA(ret->engine);
		if (!ret->meth) {
			RSAerror(ERR_R_ENGINE_LIB);
			ENGINE_finish(ret->engine);
			free(ret);
			return NULL;
		}
	}
#endif

Changes to jni/libressl/crypto/rsa/rsa_locl.h.
1



2
3
4


/* $OpenBSD: rsa_locl.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */



extern int int_rsa_verify(int dtype, const unsigned char *m,
    unsigned int m_len, unsigned char *rm, size_t *prm_len,
    const unsigned char *sigbuf, size_t siglen, RSA *rsa);


|
>
>
>



>
>
1
2
3
4
5
6
7
8
9
/* $OpenBSD: rsa_locl.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */

__BEGIN_HIDDEN_DECLS

extern int int_rsa_verify(int dtype, const unsigned char *m,
    unsigned int m_len, unsigned char *rm, size_t *prm_len,
    const unsigned char *sigbuf, size_t siglen, RSA *rsa);

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/rsa/rsa_none.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_none.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_none.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#include <openssl/rsa.h>

int
RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
    int flen)
{
	if (flen > tlen) {
		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	if (flen < tlen) {
		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,
		    RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
		return 0;
	}

	memcpy(to, from, flen);
	return 1;
}

int
RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from,
    int flen, int num)
{
	if (flen > tlen) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
		return -1;
	}

	memset(to, 0, tlen - flen);
	memcpy(to + tlen - flen, from, flen);
	return tlen;
}







<
|




<
|












|







64
65
66
67
68
69
70

71
72
73
74
75

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#include <openssl/rsa.h>

int
RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
    int flen)
{
	if (flen > tlen) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	if (flen < tlen) {

		RSAerror(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
		return 0;
	}

	memcpy(to, from, flen);
	return 1;
}

int
RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from,
    int flen, int num)
{
	if (flen > tlen) {
		RSAerror(RSA_R_DATA_TOO_LARGE);
		return -1;
	}

	memset(to, 0, tlen - flen);
	memcpy(to + tlen - flen, from, flen);
	return tlen;
}
Changes to jni/libressl/crypto/rsa/rsa_oaep.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */
/* Written by Ulf Moeller. This software is distributed on an "AS IS"
   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */

/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */

/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
 * <URL: http://www.shoup.net/papers/oaep.ps.Z>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_oaep.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
/* Written by Ulf Moeller. This software is distributed on an "AS IS"
   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */

/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */

/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
 * <URL: http://www.shoup.net/papers/oaep.ps.Z>
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
    const unsigned char *from, int flen, const unsigned char *param, int plen)
{
	int i, emlen = tlen - 1;
	unsigned char *db, *seed;
	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];

	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
		    RSA_R_KEY_SIZE_TOO_SMALL);
		return 0;
	}

	to[0] = 0;
	seed = to + 1;
	db = to + SHA_DIGEST_LENGTH + 1;

	if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL))
		return 0;
	memset(db + SHA_DIGEST_LENGTH, 0,
	    emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, flen);
	arc4random_buf(seed, SHA_DIGEST_LENGTH);

	dbmask = malloc(emlen - SHA_DIGEST_LENGTH);
	if (dbmask == NULL) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed,
	    SHA_DIGEST_LENGTH) < 0)
		return 0;
	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)







<
|




<
|

















|







40
41
42
43
44
45
46

47
48
49
50
51

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
    const unsigned char *from, int flen, const unsigned char *param, int plen)
{
	int i, emlen = tlen - 1;
	unsigned char *db, *seed;
	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];

	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {

		RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
		return 0;
	}

	to[0] = 0;
	seed = to + 1;
	db = to + SHA_DIGEST_LENGTH + 1;

	if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL))
		return 0;
	memset(db + SHA_DIGEST_LENGTH, 0,
	    emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, flen);
	arc4random_buf(seed, SHA_DIGEST_LENGTH);

	dbmask = malloc(emlen - SHA_DIGEST_LENGTH);
	if (dbmask == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed,
	    SHA_DIGEST_LENGTH) < 0)
		return 0;
	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
		lzero = 0;
		flen = num; /* don't overflow the memcpy to padded_from */
	}

	dblen = num - SHA_DIGEST_LENGTH;
	db = malloc(dblen + num);
	if (db == NULL) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
		    ERR_R_MALLOC_FAILURE);
		return -1;
	}

	/*
	 * Always do this zero-padding copy (even when lzero == 0)
	 * to avoid leaking timing info about the value of lzero.
	 */







<
|







120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
		lzero = 0;
		flen = num; /* don't overflow the memcpy to padded_from */
	}

	dblen = num - SHA_DIGEST_LENGTH;
	db = malloc(dblen + num);
	if (db == NULL) {

		RSAerror(ERR_R_MALLOC_FAILURE);
		return -1;
	}

	/*
	 * Always do this zero-padding copy (even when lzero == 0)
	 * to avoid leaking timing info about the value of lzero.
	 */
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
		if (i == dblen || db[i] != 0x01)
			goto decoding_err;
		else {
			/* everything looks OK */

			mlen = dblen - ++i;
			if (tlen < mlen) {
				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
				    RSA_R_DATA_TOO_LARGE);
				mlen = -1;
			} else
				memcpy(to, db + i, mlen);
		}
	}
	free(db);
	return mlen;

decoding_err:
	/*
	 * To avoid chosen ciphertext attacks, the error message should not
	 * reveal which kind of decoding error happened
	 */
	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
	free(db);
	return -1;
}

int
PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
    long seedlen, const EVP_MD *dgst)







<
|













|







160
161
162
163
164
165
166

167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
		if (i == dblen || db[i] != 0x01)
			goto decoding_err;
		else {
			/* everything looks OK */

			mlen = dblen - ++i;
			if (tlen < mlen) {

				RSAerror(RSA_R_DATA_TOO_LARGE);
				mlen = -1;
			} else
				memcpy(to, db + i, mlen);
		}
	}
	free(db);
	return mlen;

decoding_err:
	/*
	 * To avoid chosen ciphertext attacks, the error message should not
	 * reveal which kind of decoding error happened
	 */
	RSAerror(RSA_R_OAEP_DECODING_ERROR);
	free(db);
	return -1;
}

int
PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
    long seedlen, const EVP_MD *dgst)
Changes to jni/libressl/crypto/rsa/rsa_pk1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_pk1.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_pk1.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
    const unsigned char *from, int flen)
{
	int j;
	unsigned char *p;

	if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	p = (unsigned char *)to;

	*(p++) = 0;
	*(p++) = 1; /* Private Key BT (Block Type) */







<
|







68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
    const unsigned char *from, int flen)
{
	int j;
	unsigned char *p;

	if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	p = (unsigned char *)to;

	*(p++) = 0;
	*(p++) = 1; /* Private Key BT (Block Type) */
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
    const unsigned char *from, int flen, int num)
{
	int i, j;
	const unsigned char *p;

	p = from;
	if (num != flen + 1 || *(p++) != 01) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
		    RSA_R_BLOCK_TYPE_IS_NOT_01);
		return -1;
	}

	/* scan over padding data */
	j = flen - 1; /* one for type. */
	for (i = 0; i < j; i++) {
		if (*p != 0xff) {
			/* should decrypt to 0xff */
			if (*p == 0) {
				p++;
				break;
			} else {
				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
				    RSA_R_BAD_FIXED_HEADER_DECRYPT);
				return -1;
			}
		}
		p++;
	}

	if (i == j) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
		    RSA_R_NULL_BEFORE_BLOCK_MISSING);
		return -1;
	}

	if (i < 8) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
		    RSA_R_BAD_PAD_BYTE_COUNT);
		return -1;
	}
	i++; /* Skip over the '\0' */
	j -= i;
	if (j > tlen) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
		    RSA_R_DATA_TOO_LARGE);
		return -1;
	}
	memcpy(to, p, j);

	return j;
}

int
RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
    const unsigned char *from, int flen)
{
	int i, j;
	unsigned char *p;

	if (flen > tlen - 11) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	p = (unsigned char *)to;

	*(p++) = 0;
	*(p++) = 2; /* Public Key BT (Block Type) */







<
|












<
|







<
|




<
|





<
|















<
|







96
97
98
99
100
101
102

103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119
120
121
122
123

124
125
126
127
128

129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

151
152
153
154
155
156
157
158
    const unsigned char *from, int flen, int num)
{
	int i, j;
	const unsigned char *p;

	p = from;
	if (num != flen + 1 || *(p++) != 01) {

		RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_01);
		return -1;
	}

	/* scan over padding data */
	j = flen - 1; /* one for type. */
	for (i = 0; i < j; i++) {
		if (*p != 0xff) {
			/* should decrypt to 0xff */
			if (*p == 0) {
				p++;
				break;
			} else {

				RSAerror(RSA_R_BAD_FIXED_HEADER_DECRYPT);
				return -1;
			}
		}
		p++;
	}

	if (i == j) {

		RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
		return -1;
	}

	if (i < 8) {

		RSAerror(RSA_R_BAD_PAD_BYTE_COUNT);
		return -1;
	}
	i++; /* Skip over the '\0' */
	j -= i;
	if (j > tlen) {

		RSAerror(RSA_R_DATA_TOO_LARGE);
		return -1;
	}
	memcpy(to, p, j);

	return j;
}

int
RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
    const unsigned char *from, int flen)
{
	int i, j;
	unsigned char *p;

	if (flen > tlen - 11) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	p = (unsigned char *)to;

	*(p++) = 0;
	*(p++) = 2; /* Public Key BT (Block Type) */
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
    const unsigned char *from, int flen, int num)
{
	int i, j;
	const unsigned char *p;

	p = from;
	if (num != flen + 1 || *(p++) != 02) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
		    RSA_R_BLOCK_TYPE_IS_NOT_02);
		return -1;
	}

	/* scan over padding data */
	j = flen - 1; /* one for type. */
	for (i = 0; i < j; i++)
		if (*(p++) == 0)
			break;

	if (i == j) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
		    RSA_R_NULL_BEFORE_BLOCK_MISSING);
		return -1;
	}

	if (i < 8) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
		    RSA_R_BAD_PAD_BYTE_COUNT);
		return -1;
	}
	i++; /* Skip over the '\0' */
	j -= i;
	if (j > tlen) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
		    RSA_R_DATA_TOO_LARGE);
		return -1;
	}
	memcpy(to, p, j);

	return j;
}







<
|










<
|




<
|





<
|






178
179
180
181
182
183
184

185
186
187
188
189
190
191
192
193
194
195

196
197
198
199
200

201
202
203
204
205
206

207
208
209
210
211
212
213
    const unsigned char *from, int flen, int num)
{
	int i, j;
	const unsigned char *p;

	p = from;
	if (num != flen + 1 || *(p++) != 02) {

		RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_02);
		return -1;
	}

	/* scan over padding data */
	j = flen - 1; /* one for type. */
	for (i = 0; i < j; i++)
		if (*(p++) == 0)
			break;

	if (i == j) {

		RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
		return -1;
	}

	if (i < 8) {

		RSAerror(RSA_R_BAD_PAD_BYTE_COUNT);
		return -1;
	}
	i++; /* Skip over the '\0' */
	j -= i;
	if (j > tlen) {

		RSAerror(RSA_R_DATA_TOO_LARGE);
		return -1;
	}
	memcpy(to, p, j);

	return j;
}
Changes to jni/libressl/crypto/rsa/rsa_pmeth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_pmeth.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>

#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif

#include "evp_locl.h"
#include "rsa_locl.h"

/* RSA pkey context structure */

typedef struct {







<
<
<







65
66
67
68
69
70
71



72
73
74
75
76
77
78
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>





#include "evp_locl.h"
#include "rsa_locl.h"

/* RSA pkey context structure */

typedef struct {
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
{
	int ret;
	RSA_PKEY_CTX *rctx = ctx->data;
	RSA *rsa = ctx->pkey->pkey.rsa;

	if (rctx->md) {
		if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
			RSAerr(RSA_F_PKEY_RSA_SIGN,
			    RSA_R_INVALID_DIGEST_LENGTH);
			return -1;
		}

		if (rctx->pad_mode == RSA_X931_PADDING) {
			if (!setup_tbuf(rctx, ctx))
				return -1;
			memcpy(rctx->tbuf, tbs, tbslen);







<
|







166
167
168
169
170
171
172

173
174
175
176
177
178
179
180
{
	int ret;
	RSA_PKEY_CTX *rctx = ctx->data;
	RSA *rsa = ctx->pkey->pkey.rsa;

	if (rctx->md) {
		if (tbslen != (size_t)EVP_MD_size(rctx->md)) {

			RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
			return -1;
		}

		if (rctx->pad_mode == RSA_X931_PADDING) {
			if (!setup_tbuf(rctx, ctx))
				return -1;
			memcpy(rctx->tbuf, tbs, tbslen);
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
			    ctx->pkey->pkey.rsa, RSA_X931_PADDING);
			if (ret < 1)
				return 0;
			ret--;
			if (rctx->tbuf[ret] !=
				RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
				    RSA_R_ALGORITHM_MISMATCH);
				return 0;
			}
			if (ret != EVP_MD_size(rctx->md)) {
				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
				    RSA_R_INVALID_DIGEST_LENGTH);
				return 0;
			}
			if (rout)
				memcpy(rout, rctx->tbuf, ret);
		} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
			size_t sltmp;








<
|



<
|







223
224
225
226
227
228
229

230
231
232
233

234
235
236
237
238
239
240
241
			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
			    ctx->pkey->pkey.rsa, RSA_X931_PADDING);
			if (ret < 1)
				return 0;
			ret--;
			if (rctx->tbuf[ret] !=
				RSA_X931_hash_id(EVP_MD_type(rctx->md))) {

				RSAerror(RSA_R_ALGORITHM_MISMATCH);
				return 0;
			}
			if (ret != EVP_MD_size(rctx->md)) {

				RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
				return 0;
			}
			if (rout)
				memcpy(rout, rctx->tbuf, ret);
		} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
			size_t sltmp;

341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
static int
check_padding_md(const EVP_MD *md, int padding)
{
	if (!md)
		return 1;

	if (padding == RSA_NO_PADDING) {
		RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
		return 0;
	}

	if (padding == RSA_X931_PADDING) {
		if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
			RSAerr(RSA_F_CHECK_PADDING_MD,
			    RSA_R_INVALID_X931_DIGEST);
			return 0;
		}
		return 1;
	}

	return 1;
}







|





<
|







335
336
337
338
339
340
341
342
343
344
345
346
347

348
349
350
351
352
353
354
355
static int
check_padding_md(const EVP_MD *md, int padding)
{
	if (!md)
		return 1;

	if (padding == RSA_NO_PADDING) {
		RSAerror(RSA_R_INVALID_PADDING_MODE);
		return 0;
	}

	if (padding == RSA_X931_PADDING) {
		if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {

			RSAerror(RSA_R_INVALID_X931_DIGEST);
			return 0;
		}
		return 1;
	}

	return 1;
}
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
				if (!rctx->md)
					rctx->md = EVP_sha1();
			}
			rctx->pad_mode = p1;
			return 1;
		}
bad_pad:
		RSAerr(RSA_F_PKEY_RSA_CTRL,
		    RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
		return -2;

	case EVP_PKEY_CTRL_GET_RSA_PADDING:
		*(int *)p2 = rctx->pad_mode;
		return 1;

	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
	case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
			return -2;
		}
		if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
			*(int *)p2 = rctx->saltlen;
		else {
			if (p1 < -2)
				return -2;
			rctx->saltlen = p1;
		}
		return 1;

	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
		if (p1 < 256) {
			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
			return -2;
		}
		rctx->nbits = p1;
		return 1;

	case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
		if (!p2)
			return -2;
		rctx->pub_exp = p2;
		return 1;

	case EVP_PKEY_CTRL_MD:
		if (!check_padding_md(p2, rctx->pad_mode))
			return 0;
		rctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_RSA_MGF1_MD:
	case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
			return -2;
		}
		if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
			if (rctx->mgf1md)
				*(const EVP_MD **)p2 = rctx->mgf1md;
			else
				*(const EVP_MD **)p2 = rctx->md;
		} else
			rctx->mgf1md = p2;
		return 1;

	case EVP_PKEY_CTRL_DIGESTINIT:
	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
	case EVP_PKEY_CTRL_PKCS7_SIGN:
		return 1;
#ifndef OPENSSL_NO_CMS
	case EVP_PKEY_CTRL_CMS_DECRYPT:
		{
			X509_ALGOR *alg = NULL;
			ASN1_OBJECT *encalg = NULL;

			if (p2)
				CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
				    NULL, &alg);
			if (alg)
				X509_ALGOR_get0(&encalg, NULL, NULL, alg);
			if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
				rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
		}
		/* FALLTHROUGH */

	case EVP_PKEY_CTRL_CMS_ENCRYPT:
	case EVP_PKEY_CTRL_CMS_SIGN:
		return 1;
#endif
	case EVP_PKEY_CTRL_PEER_KEY:
		RSAerr(RSA_F_PKEY_RSA_CTRL,
		    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;

	default:
		return -2;
	}
}

static int
pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
{
	long lval;
	char *ep;

	if (!value) {
		RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
		return 0;
	}
	if (!strcmp(type, "rsa_padding_mode")) {
		int pm;
		if (!strcmp(value, "pkcs1"))
			pm = RSA_PKCS1_PADDING;
		else if (!strcmp(value, "sslv23"))
			pm = RSA_SSLV23_PADDING;
		else if (!strcmp(value, "none"))
			pm = RSA_NO_PADDING;
		else if (!strcmp(value, "oeap"))
			pm = RSA_PKCS1_OAEP_PADDING;
		else if (!strcmp(value, "oaep"))
			pm = RSA_PKCS1_OAEP_PADDING;
		else if (!strcmp(value, "x931"))
			pm = RSA_X931_PADDING;
		else if (!strcmp(value, "pss"))
			pm = RSA_PKCS1_PSS_PADDING;
		else {
			RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
			    RSA_R_UNKNOWN_PADDING_TYPE);
			return -2;
		}
		return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
	}

	if (!strcmp(type, "rsa_pss_saltlen")) {
		int saltlen;







<
|









|













|




















|
















<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
|














|



















<
|







377
378
379
380
381
382
383

384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445




















446

447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481

482
483
484
485
486
487
488
489
				if (!rctx->md)
					rctx->md = EVP_sha1();
			}
			rctx->pad_mode = p1;
			return 1;
		}
bad_pad:

		RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
		return -2;

	case EVP_PKEY_CTRL_GET_RSA_PADDING:
		*(int *)p2 = rctx->pad_mode;
		return 1;

	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
	case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
			RSAerror(RSA_R_INVALID_PSS_SALTLEN);
			return -2;
		}
		if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
			*(int *)p2 = rctx->saltlen;
		else {
			if (p1 < -2)
				return -2;
			rctx->saltlen = p1;
		}
		return 1;

	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
		if (p1 < 256) {
			RSAerror(RSA_R_INVALID_KEYBITS);
			return -2;
		}
		rctx->nbits = p1;
		return 1;

	case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
		if (!p2)
			return -2;
		rctx->pub_exp = p2;
		return 1;

	case EVP_PKEY_CTRL_MD:
		if (!check_padding_md(p2, rctx->pad_mode))
			return 0;
		rctx->md = p2;
		return 1;

	case EVP_PKEY_CTRL_RSA_MGF1_MD:
	case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
			RSAerror(RSA_R_INVALID_MGF1_MD);
			return -2;
		}
		if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
			if (rctx->mgf1md)
				*(const EVP_MD **)p2 = rctx->mgf1md;
			else
				*(const EVP_MD **)p2 = rctx->md;
		} else
			rctx->mgf1md = p2;
		return 1;

	case EVP_PKEY_CTRL_DIGESTINIT:
	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
	case EVP_PKEY_CTRL_PKCS7_SIGN:
		return 1;




















	case EVP_PKEY_CTRL_PEER_KEY:

		RSAerror(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		return -2;

	default:
		return -2;
	}
}

static int
pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
{
	long lval;
	char *ep;

	if (!value) {
		RSAerror(RSA_R_VALUE_MISSING);
		return 0;
	}
	if (!strcmp(type, "rsa_padding_mode")) {
		int pm;
		if (!strcmp(value, "pkcs1"))
			pm = RSA_PKCS1_PADDING;
		else if (!strcmp(value, "sslv23"))
			pm = RSA_SSLV23_PADDING;
		else if (!strcmp(value, "none"))
			pm = RSA_NO_PADDING;
		else if (!strcmp(value, "oeap"))
			pm = RSA_PKCS1_OAEP_PADDING;
		else if (!strcmp(value, "oaep"))
			pm = RSA_PKCS1_OAEP_PADDING;
		else if (!strcmp(value, "x931"))
			pm = RSA_X931_PADDING;
		else if (!strcmp(value, "pss"))
			pm = RSA_PKCS1_PSS_PADDING;
		else {

			RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
			return -2;
		}
		return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
	}

	if (!strcmp(type, "rsa_pss_saltlen")) {
		int saltlen;
Changes to jni/libressl/crypto/rsa/rsa_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_prn.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_prn.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
int
RSA_print_fp(FILE *fp, const RSA *x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = RSA_print(b, x, off);
	BIO_free(b);
	return ret;
}







|







65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
int
RSA_print_fp(FILE *fp, const RSA *x, int off)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file())) == NULL) {
		RSAerror(ERR_R_BUF_LIB);
		return 0;
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = RSA_print(b, x, off);
	BIO_free(b);
	return ret;
}
Changes to jni/libressl/crypto/rsa/rsa_pss.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_pss.c,v 1.10 2014/07/13 12:53:46 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_pss.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
	 *	-N	reserved
	 */
	if (sLen == -1)
		sLen = hLen;
	else if (sLen == -2)
		sLen = -2;
	else if (sLen < -2) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
		    RSA_R_SLEN_CHECK_FAILED);
		goto err;
	}

	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
	emLen = RSA_size(rsa);
	if (EM[0] & (0xFF << MSBits)) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
		    RSA_R_FIRST_OCTET_INVALID);
		goto err;
	}
	if (MSBits == 0) {
		EM++;
		emLen--;
	}
	if (emLen < (hLen + sLen + 2)) {
		/* sLen can be small negative */
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
		goto err;
	}
	if (EM[emLen - 1] != 0xbc) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
		    RSA_R_LAST_OCTET_INVALID);
		goto err;
	}
	maskedDBLen = emLen - hLen - 1;
	H = EM + maskedDBLen;
	DB = malloc(maskedDBLen);
	if (!DB) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
		goto err;
	for (i = 0; i < maskedDBLen; i++)
		DB[i] ^= EM[i];
	if (MSBits)
		DB[0] &= 0xFF >> (8 - MSBits);
	for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
		;
	if (DB[i++] != 0x1) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
		    RSA_R_SLEN_RECOVERY_FAILED);
		goto err;
	}
	if (sLen >= 0 && (maskedDBLen - i) != sLen) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
		    RSA_R_SLEN_CHECK_FAILED);
		goto err;
	}
	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
	    !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ||
	    !EVP_DigestUpdate(&ctx, mHash, hLen))
		goto err;
	if (maskedDBLen - i) {
		if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
			goto err;
	}
	if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
		goto err;
	if (memcmp(H_, H, hLen)) {
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
		ret = 0;
	} else
		ret = 1;

err:
	free(DB);
	EVP_MD_CTX_cleanup(&ctx);







<
|






<
|








|



<
|






|











<
|



<
|













|







103
104
105
106
107
108
109

110
111
112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

149
150
151
152

153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
	 *	-N	reserved
	 */
	if (sLen == -1)
		sLen = hLen;
	else if (sLen == -2)
		sLen = -2;
	else if (sLen < -2) {

		RSAerror(RSA_R_SLEN_CHECK_FAILED);
		goto err;
	}

	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
	emLen = RSA_size(rsa);
	if (EM[0] & (0xFF << MSBits)) {

		RSAerror(RSA_R_FIRST_OCTET_INVALID);
		goto err;
	}
	if (MSBits == 0) {
		EM++;
		emLen--;
	}
	if (emLen < (hLen + sLen + 2)) {
		/* sLen can be small negative */
		RSAerror(RSA_R_DATA_TOO_LARGE);
		goto err;
	}
	if (EM[emLen - 1] != 0xbc) {

		RSAerror(RSA_R_LAST_OCTET_INVALID);
		goto err;
	}
	maskedDBLen = emLen - hLen - 1;
	H = EM + maskedDBLen;
	DB = malloc(maskedDBLen);
	if (!DB) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
		goto err;
	for (i = 0; i < maskedDBLen; i++)
		DB[i] ^= EM[i];
	if (MSBits)
		DB[0] &= 0xFF >> (8 - MSBits);
	for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
		;
	if (DB[i++] != 0x1) {

		RSAerror(RSA_R_SLEN_RECOVERY_FAILED);
		goto err;
	}
	if (sLen >= 0 && (maskedDBLen - i) != sLen) {

		RSAerror(RSA_R_SLEN_CHECK_FAILED);
		goto err;
	}
	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
	    !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ||
	    !EVP_DigestUpdate(&ctx, mHash, hLen))
		goto err;
	if (maskedDBLen - i) {
		if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
			goto err;
	}
	if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
		goto err;
	if (memcmp(H_, H, hLen)) {
		RSAerror(RSA_R_BAD_SIGNATURE);
		ret = 0;
	} else
		ret = 1;

err:
	free(DB);
	EVP_MD_CTX_cleanup(&ctx);
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
	 *	-N	reserved
	 */
	if (sLen == -1)
		sLen = hLen;
	else if (sLen == -2)
		sLen = -2;
	else if (sLen < -2) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
		    RSA_R_SLEN_CHECK_FAILED);
		goto err;
	}

	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
	emLen = RSA_size(rsa);
	if (MSBits == 0) {
		*EM++ = 0;
		emLen--;
	}
	if (sLen == -2)
		sLen = emLen - hLen - 2;
	else if (emLen < (hLen + sLen + 2)) {
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		goto err;
	}
	if (sLen > 0) {
		salt = malloc(sLen);
		if (!salt) {
			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		arc4random_buf(salt, sLen);
	}
	maskedDBLen = emLen - hLen - 1;
	H = EM + maskedDBLen;
	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||







<
|












<
|





<
|







209
210
211
212
213
214
215

216
217
218
219
220
221
222
223
224
225
226
227
228

229
230
231
232
233
234

235
236
237
238
239
240
241
242
	 *	-N	reserved
	 */
	if (sLen == -1)
		sLen = hLen;
	else if (sLen == -2)
		sLen = -2;
	else if (sLen < -2) {

		RSAerror(RSA_R_SLEN_CHECK_FAILED);
		goto err;
	}

	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
	emLen = RSA_size(rsa);
	if (MSBits == 0) {
		*EM++ = 0;
		emLen--;
	}
	if (sLen == -2)
		sLen = emLen - hLen - 2;
	else if (emLen < (hLen + sLen + 2)) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		goto err;
	}
	if (sLen > 0) {
		salt = malloc(sLen);
		if (!salt) {

			RSAerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		arc4random_buf(salt, sLen);
	}
	maskedDBLen = emLen - hLen - 1;
	H = EM + maskedDBLen;
	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
Changes to jni/libressl/crypto/rsa/rsa_saos.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_saos.c,v 1.18 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_saos.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
	sig.type = V_ASN1_OCTET_STRING;
	sig.length = m_len;
	sig.data = (unsigned char *)m;

	i = i2d_ASN1_OCTET_STRING(&sig, NULL);
	j = RSA_size(rsa);
	if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
		    RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
		return 0;
	}
	s = malloc(j + 1);
	if (s == NULL) {
		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p = s;
	i2d_ASN1_OCTET_STRING(&sig, &p);
	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
	if (i <= 0)
		ret = 0;







<
|




|







76
77
78
79
80
81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
	sig.type = V_ASN1_OCTET_STRING;
	sig.length = m_len;
	sig.data = (unsigned char *)m;

	i = i2d_ASN1_OCTET_STRING(&sig, NULL);
	j = RSA_size(rsa);
	if (i > (j - RSA_PKCS1_PADDING_SIZE)) {

		RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
		return 0;
	}
	s = malloc(j + 1);
	if (s == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p = s;
	i2d_ASN1_OCTET_STRING(&sig, &p);
	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
	if (i <= 0)
		ret = 0;
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
{
	int i, ret = 0;
	unsigned char *s;
	const unsigned char *p;
	ASN1_OCTET_STRING *sig = NULL;

	if (siglen != (unsigned int)RSA_size(rsa)) {
		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
		    RSA_R_WRONG_SIGNATURE_LENGTH);
		return 0;
	}

	s = malloc(siglen);
	if (s == NULL) {
		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}
	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);

	if (i <= 0)
		goto err;

	p = s;
	sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
	if (sig == NULL)
		goto err;

	if ((unsigned int)sig->length != m_len ||
	    memcmp(m, sig->data, m_len) != 0) {
		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
		    RSA_R_BAD_SIGNATURE);
	} else
		ret = 1;
err:
	ASN1_OCTET_STRING_free(sig);
	if (s != NULL) {
		explicit_bzero(s, (unsigned int)siglen);
		free(s);
	}
	return ret;
}







<
|





<
|














<
|










107
108
109
110
111
112
113

114
115
116
117
118
119

120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
{
	int i, ret = 0;
	unsigned char *s;
	const unsigned char *p;
	ASN1_OCTET_STRING *sig = NULL;

	if (siglen != (unsigned int)RSA_size(rsa)) {

		RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
		return 0;
	}

	s = malloc(siglen);
	if (s == NULL) {

		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);

	if (i <= 0)
		goto err;

	p = s;
	sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
	if (sig == NULL)
		goto err;

	if ((unsigned int)sig->length != m_len ||
	    memcmp(m, sig->data, m_len) != 0) {

		RSAerror(RSA_R_BAD_SIGNATURE);
	} else
		ret = 1;
err:
	ASN1_OCTET_STRING_free(sig);
	if (s != NULL) {
		explicit_bzero(s, (unsigned int)siglen);
		free(s);
	}
	return ret;
}
Changes to jni/libressl/crypto/rsa/rsa_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_sign.c,v 1.24 2015/07/19 18:29:31 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
		return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);

	/* Special case: SSL signature, just check the length */
	if (type == NID_md5_sha1) {
		if (m_len != SSL_SIG_LENGTH) {
			RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
			return 0;
		}
		i = SSL_SIG_LENGTH;
		s = m;
	} else {
		sig.algor = &algor;
		sig.algor->algorithm = OBJ_nid2obj(type);
		if (sig.algor->algorithm == NULL) {
			RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
			return 0;
		}
		if (sig.algor->algorithm->length == 0) {
			RSAerr(RSA_F_RSA_SIGN,
			    RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
			return 0;
		}
		parameter.type = V_ASN1_NULL;
		parameter.value.ptr = NULL;
		sig.algor->parameter = &parameter;

		sig.digest = &digest;
		sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
		sig.digest->length = m_len;

		i = i2d_X509_SIG(&sig, NULL);
	}
	j = RSA_size(rsa);
	if (i > j - RSA_PKCS1_PADDING_SIZE) {
		RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
		return 0;
	}
	if (type != NID_md5_sha1) {
		tmps = malloc(j + 1);
		if (tmps == NULL) {
			RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		p = tmps;
		i2d_X509_SIG(&sig, &p);
		s = tmps;
	}
	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);







|








|



<
|














|





|







84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
		return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);

	/* Special case: SSL signature, just check the length */
	if (type == NID_md5_sha1) {
		if (m_len != SSL_SIG_LENGTH) {
			RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
			return 0;
		}
		i = SSL_SIG_LENGTH;
		s = m;
	} else {
		sig.algor = &algor;
		sig.algor->algorithm = OBJ_nid2obj(type);
		if (sig.algor->algorithm == NULL) {
			RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE);
			return 0;
		}
		if (sig.algor->algorithm->length == 0) {

			RSAerror(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
			return 0;
		}
		parameter.type = V_ASN1_NULL;
		parameter.value.ptr = NULL;
		sig.algor->parameter = &parameter;

		sig.digest = &digest;
		sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
		sig.digest->length = m_len;

		i = i2d_X509_SIG(&sig, NULL);
	}
	j = RSA_size(rsa);
	if (i > j - RSA_PKCS1_PADDING_SIZE) {
		RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
		return 0;
	}
	if (type != NID_md5_sha1) {
		tmps = malloc(j + 1);
		if (tmps == NULL) {
			RSAerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		p = tmps;
		i2d_X509_SIG(&sig, &p);
		s = tmps;
	}
	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
    size_t siglen, RSA *rsa)
{
	int i, ret = 0, sigtype;
	unsigned char *s;
	X509_SIG *sig = NULL;

	if (siglen != (unsigned int)RSA_size(rsa)) {
		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
		return 0;
	}

	if ((dtype == NID_md5_sha1) && rm) {
		i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
		    RSA_PKCS1_PADDING);
		if (i <= 0)
			return 0;
		*prm_len = i;
		return 1;
	}

	s = malloc(siglen);
	if (s == NULL) {
		RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
		goto err;
	}
	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);

	if (i <= 0)
		goto err;

	/* Special case: SSL signature */
	if (dtype == NID_md5_sha1) {
		if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
		else
			ret = 1;
	} else {
		const unsigned char *p = s;

		sig = d2i_X509_SIG(NULL, &p, (long)i);

		if (sig == NULL)
			goto err;

		/* Excess data can be used to create forgeries */
		if (p != s + i) {
			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
			goto err;
		}

		/* Parameters to the signature algorithm can also be used to
		   create forgeries */
		if (sig->algor->parameter &&
		    ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
			goto err;
		}

		sigtype = OBJ_obj2nid(sig->algor->algorithm);

		if (sigtype != dtype) {
			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
			goto err;
		}
		if (rm) {
			const EVP_MD *md;

			md = EVP_get_digestbynid(dtype);
			if (md && (EVP_MD_size(md) != sig->digest->length))
				RSAerr(RSA_F_INT_RSA_VERIFY,
				    RSA_R_INVALID_DIGEST_LENGTH);
			else {
				memcpy(rm, sig->digest->data,
				    sig->digest->length);
				*prm_len = sig->digest->length;
				ret = 1;
			}
		} else if ((unsigned int)sig->digest->length != m_len ||
		    memcmp(m, sig->digest->data, m_len) != 0) {
			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
		} else
			ret = 1;
	}
err:
	if (sig != NULL)
		X509_SIG_free(sig);
	if (s != NULL) {







|














|



|










|












|







|






|







<
|








|







148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
    size_t siglen, RSA *rsa)
{
	int i, ret = 0, sigtype;
	unsigned char *s;
	X509_SIG *sig = NULL;

	if (siglen != (unsigned int)RSA_size(rsa)) {
		RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
		return 0;
	}

	if ((dtype == NID_md5_sha1) && rm) {
		i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
		    RSA_PKCS1_PADDING);
		if (i <= 0)
			return 0;
		*prm_len = i;
		return 1;
	}

	s = malloc(siglen);
	if (s == NULL) {
		RSAerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
		RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
		goto err;
	}
	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);

	if (i <= 0)
		goto err;

	/* Special case: SSL signature */
	if (dtype == NID_md5_sha1) {
		if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
			RSAerror(RSA_R_BAD_SIGNATURE);
		else
			ret = 1;
	} else {
		const unsigned char *p = s;

		sig = d2i_X509_SIG(NULL, &p, (long)i);

		if (sig == NULL)
			goto err;

		/* Excess data can be used to create forgeries */
		if (p != s + i) {
			RSAerror(RSA_R_BAD_SIGNATURE);
			goto err;
		}

		/* Parameters to the signature algorithm can also be used to
		   create forgeries */
		if (sig->algor->parameter &&
		    ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
			RSAerror(RSA_R_BAD_SIGNATURE);
			goto err;
		}

		sigtype = OBJ_obj2nid(sig->algor->algorithm);

		if (sigtype != dtype) {
			RSAerror(RSA_R_ALGORITHM_MISMATCH);
			goto err;
		}
		if (rm) {
			const EVP_MD *md;

			md = EVP_get_digestbynid(dtype);
			if (md && (EVP_MD_size(md) != sig->digest->length))

				RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
			else {
				memcpy(rm, sig->digest->data,
				    sig->digest->length);
				*prm_len = sig->digest->length;
				ret = 1;
			}
		} else if ((unsigned int)sig->digest->length != m_len ||
		    memcmp(m, sig->digest->data, m_len) != 0) {
			RSAerror(RSA_R_BAD_SIGNATURE);
		} else
			ret = 1;
	}
err:
	if (sig != NULL)
		X509_SIG_free(sig);
	if (s != NULL) {
Changes to jni/libressl/crypto/rsa/rsa_ssl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_ssl.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_ssl.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
    int flen)
{
	int i, j;
	unsigned char *p;

	if (flen > tlen - 11) {
		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	p = (unsigned char *)to;

	*(p++) = 0;
	*(p++) = 2; /* Public Key BT (Block Type) */







<
|







68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
    int flen)
{
	int i, j;
	unsigned char *p;

	if (flen > tlen - 11) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return 0;
	}

	p = (unsigned char *)to;

	*(p++) = 0;
	*(p++) = 2; /* Public Key BT (Block Type) */
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
    int flen, int num)
{
	int i, j, k;
	const unsigned char *p;

	p = from;
	if (flen < 10) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
		return -1;
	}
	if (num != flen + 1 || *(p++) != 02) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
		    RSA_R_BLOCK_TYPE_IS_NOT_02);
		return -1;
	}

	/* scan over padding data */
	j = flen - 1; /* one for type */
	for (i = 0; i < j; i++)
		if (*(p++) == 0)
			break;

	if (i == j || i < 8) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
		    RSA_R_NULL_BEFORE_BLOCK_MISSING);
		return -1;
	}
	for (k = -9; k < -1; k++) {
		if (p[k] !=  0x03)
			break;
	}
	if (k == -1) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
		    RSA_R_SSLV3_ROLLBACK_ATTACK);
		return -1;
	}

	i++; /* Skip over the '\0' */
	j -= i;
	if (j > tlen) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
		return -1;
	}
	memcpy(to, p, j);

	return j;
}







|



<
|










<
|







<
|






|






104
105
106
107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
123
124
125

126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144
145
146
147
    int flen, int num)
{
	int i, j, k;
	const unsigned char *p;

	p = from;
	if (flen < 10) {
		RSAerror(RSA_R_DATA_TOO_SMALL);
		return -1;
	}
	if (num != flen + 1 || *(p++) != 02) {

		RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_02);
		return -1;
	}

	/* scan over padding data */
	j = flen - 1; /* one for type */
	for (i = 0; i < j; i++)
		if (*(p++) == 0)
			break;

	if (i == j || i < 8) {

		RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
		return -1;
	}
	for (k = -9; k < -1; k++) {
		if (p[k] !=  0x03)
			break;
	}
	if (k == -1) {

		RSAerror(RSA_R_SSLV3_ROLLBACK_ATTACK);
		return -1;
	}

	i++; /* Skip over the '\0' */
	j -= i;
	if (j > tlen) {
		RSAerror(RSA_R_DATA_TOO_LARGE);
		return -1;
	}
	memcpy(to, p, j);

	return j;
}
Changes to jni/libressl/crypto/rsa/rsa_x931.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_x931.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa_x931.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
/* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
	/*
	 * Absolute minimum amount of padding is 1 header nibble, 1 padding
	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
	 */
	j = tlen - flen - 2;

	if (j < 0) {
		RSAerr(RSA_F_RSA_PADDING_ADD_X931,
		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return -1;
	}

	p = (unsigned char *)to;

	/* If no padding start and end nibbles are in one byte */
	if (j == 0)







<
|







74
75
76
77
78
79
80

81
82
83
84
85
86
87
88
	/*
	 * Absolute minimum amount of padding is 1 header nibble, 1 padding
	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
	 */
	j = tlen - flen - 2;

	if (j < 0) {

		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		return -1;
	}

	p = (unsigned char *)to;

	/* If no padding start and end nibbles are in one byte */
	if (j == 0)
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
    int flen, int num)
{
	int i = 0, j;
	const unsigned char *p = from;

	if (num != flen || (*p != 0x6A && *p != 0x6B)) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
		return -1;
	}

	if (*p++ == 0x6B) {
		j = flen - 3;
		for (i = 0; i < j; i++) {
			unsigned char c = *p++;
			if (c == 0xBA)
				break;
			if (c != 0xBB) {
				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
				    RSA_R_INVALID_PADDING);
				return -1;
			}
		}

		if (i == 0) {
			RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
			    RSA_R_INVALID_PADDING);
			return -1;
		}

		j -= i;
	} else
		j = flen - 2;

	if (j < 0 || p[j] != 0xCC) {
		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
		return -1;
	}

	memcpy(to, p, j);

	return j;
}







|










<
|





<
|








|







105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

123
124
125
126
127
128

129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
    int flen, int num)
{
	int i = 0, j;
	const unsigned char *p = from;

	if (num != flen || (*p != 0x6A && *p != 0x6B)) {
		RSAerror(RSA_R_INVALID_HEADER);
		return -1;
	}

	if (*p++ == 0x6B) {
		j = flen - 3;
		for (i = 0; i < j; i++) {
			unsigned char c = *p++;
			if (c == 0xBA)
				break;
			if (c != 0xBB) {

				RSAerror(RSA_R_INVALID_PADDING);
				return -1;
			}
		}

		if (i == 0) {

			RSAerror(RSA_R_INVALID_PADDING);
			return -1;
		}

		j -= i;
	} else
		j = flen - 2;

	if (j < 0 || p[j] != 0xCC) {
		RSAerror(RSA_R_INVALID_TRAILER);
		return -1;
	}

	memcpy(to, p, j);

	return j;
}
Added jni/libressl/crypto/sha/sha1-elf-x86_64.S.






















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
#include "x86_arch.h"
.text	

.hidden	OPENSSL_ia32cap_P

.globl	sha1_block_data_order
.type	sha1_block_data_order,@function
.align	16
sha1_block_data_order:
	movl	OPENSSL_ia32cap_P+0(%rip),%r9d
	movl	OPENSSL_ia32cap_P+4(%rip),%r8d
	testl	$IA32CAP_MASK1_SSSE3,%r8d
	jz	.Lialu
	jmp	_ssse3_shortcut

.align	16
.Lialu:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	movq	%rsp,%r11
	movq	%rdi,%r8
	subq	$72,%rsp
	movq	%rsi,%r9
	andq	$-64,%rsp
	movq	%rdx,%r10
	movq	%r11,64(%rsp)
.Lprologue:

	movl	0(%r8),%esi
	movl	4(%r8),%edi
	movl	8(%r8),%r11d
	movl	12(%r8),%r12d
	movl	16(%r8),%r13d
	jmp	.Lloop

.align	16
.Lloop:
	movl	0(%r9),%edx
	bswapl	%edx
	movl	%edx,0(%rsp)
	movl	%r11d,%eax
	movl	4(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,4(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	8(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,8(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	12(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,12(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	16(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,16(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	20(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,20(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	24(%r9),%edx
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r13,1),%r13d
	andl	%edi,%eax
	movl	%edx,24(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	28(%r9),%ebp
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r12,1),%r12d
	andl	%esi,%eax
	movl	%ebp,28(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	32(%r9),%edx
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%edx,32(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	36(%r9),%ebp
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%ebp,36(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	40(%r9),%edx
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%edx,40(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	44(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,44(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	48(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,48(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	52(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,52(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	56(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,56(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	60(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,60(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	0(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	xorl	32(%rsp),%edx
	andl	%edi,%eax
	leal	1518500249(%rbp,%r13,1),%r13d
	xorl	52(%rsp),%edx
	xorl	%r12d,%eax
	roll	$1,%edx
	addl	%ecx,%r13d
	roll	$30,%edi
	movl	%edx,0(%rsp)
	addl	%eax,%r13d
	movl	4(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	xorl	36(%rsp),%ebp
	andl	%esi,%eax
	leal	1518500249(%rdx,%r12,1),%r12d
	xorl	56(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$1,%ebp
	addl	%ecx,%r12d
	roll	$30,%esi
	movl	%ebp,4(%rsp)
	addl	%eax,%r12d
	movl	8(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	xorl	40(%rsp),%edx
	andl	%r13d,%eax
	leal	1518500249(%rbp,%r11,1),%r11d
	xorl	60(%rsp),%edx
	xorl	%edi,%eax
	roll	$1,%edx
	addl	%ecx,%r11d
	roll	$30,%r13d
	movl	%edx,8(%rsp)
	addl	%eax,%r11d
	movl	12(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	leal	1518500249(%rdx,%rdi,1),%edi
	xorl	0(%rsp),%ebp
	xorl	%esi,%eax
	roll	$1,%ebp
	addl	%ecx,%edi
	roll	$30,%r12d
	movl	%ebp,12(%rsp)
	addl	%eax,%edi
	movl	16(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	leal	1518500249(%rbp,%rsi,1),%esi
	xorl	4(%rsp),%edx
	xorl	%r13d,%eax
	roll	$1,%edx
	addl	%ecx,%esi
	roll	$30,%r11d
	movl	%edx,16(%rsp)
	addl	%eax,%esi
	movl	20(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	52(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	8(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	56(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	12(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	16(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	20(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	24(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	28(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	32(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	36(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	40(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	44(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	48(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	52(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	56(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	60(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	0(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	4(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	8(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	12(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	16(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	20(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r13d
	movl	40(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,40(%rsp)
	addl	%ecx,%r12d
	movl	44(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	52(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,44(%rsp)
	addl	%ecx,%r11d
	movl	48(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	56(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,48(%rsp)
	addl	%ecx,%edi
	movl	52(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	60(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	40(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,52(%rsp)
	addl	%ecx,%esi
	movl	56(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	0(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	44(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,56(%rsp)
	addl	%ecx,%r13d
	movl	60(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	4(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	48(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,60(%rsp)
	addl	%ecx,%r12d
	movl	0(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	8(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	52(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,0(%rsp)
	addl	%ecx,%r11d
	movl	4(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	12(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	56(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,4(%rsp)
	addl	%ecx,%edi
	movl	8(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	16(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	60(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,8(%rsp)
	addl	%ecx,%esi
	movl	12(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	20(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	0(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,12(%rsp)
	addl	%ecx,%r13d
	movl	16(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	24(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	4(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,16(%rsp)
	addl	%ecx,%r12d
	movl	20(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	28(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	8(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,20(%rsp)
	addl	%ecx,%r11d
	movl	24(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	32(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	56(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	12(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,24(%rsp)
	addl	%ecx,%edi
	movl	28(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	36(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	16(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,28(%rsp)
	addl	%ecx,%esi
	movl	32(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	40(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	20(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,32(%rsp)
	addl	%ecx,%r13d
	movl	36(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	44(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r12d
	movl	40(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	48(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	8(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,40(%rsp)
	addl	%ecx,%r11d
	movl	44(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	52(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,44(%rsp)
	addl	%ecx,%edi
	movl	48(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	56(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	16(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,48(%rsp)
	addl	%ecx,%esi
	movl	52(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	20(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	40(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	24(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	44(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	48(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	52(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	56(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	60(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	0(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	4(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	8(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rsi,1),%esi
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	12(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	16(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	20(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	24(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	28(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	32(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	36(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	40(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	56(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	44(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	60(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	48(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	%r11d,%eax
	leal	-899497514(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	roll	$30,%r11d
	addl	%eax,%esi
	addl	0(%r8),%esi
	addl	4(%r8),%edi
	addl	8(%r8),%r11d
	addl	12(%r8),%r12d
	addl	16(%r8),%r13d
	movl	%esi,0(%r8)
	movl	%edi,4(%r8)
	movl	%r11d,8(%r8)
	movl	%r12d,12(%r8)
	movl	%r13d,16(%r8)

	subq	$1,%r10
	leaq	64(%r9),%r9
	jnz	.Lloop

	movq	64(%rsp),%rsi
	movq	(%rsi),%r13
	movq	8(%rsi),%r12
	movq	16(%rsi),%rbp
	movq	24(%rsi),%rbx
	leaq	32(%rsi),%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	sha1_block_data_order,.-sha1_block_data_order
.type	sha1_block_data_order_ssse3,@function
.align	16
sha1_block_data_order_ssse3:
_ssse3_shortcut:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	leaq	-64(%rsp),%rsp
	movq	%rdi,%r8
	movq	%rsi,%r9
	movq	%rdx,%r10

	shlq	$6,%r10
	addq	%r9,%r10
	leaq	K_XX_XX(%rip),%r11

	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movl	%ebx,%esi
	movl	16(%r8),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	jmp	.Loop_ssse3
.align	16
.Loop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r10,%r9
	je	.Ldone_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	addl	12(%r8),%edx
	movl	%eax,0(%r8)
	addl	16(%r8),%ebp
	movl	%esi,4(%r8)
	movl	%esi,%ebx
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	jmp	.Loop_ssse3

.align	16
.Ldone_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	movl	%eax,0(%r8)
	addl	12(%r8),%edx
	movl	%esi,4(%r8)
	addl	16(%r8),%ebp
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	leaq	64(%rsp),%rsi
	movq	0(%rsi),%r12
	movq	8(%rsi),%rbp
	movq	16(%rsi),%rbx
	leaq	24(%rsi),%rsp
.Lepilogue_ssse3:
	.byte	0xf3,0xc3
.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
.align	64
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/sha/sha1-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
.text	


.globl	sha1_block_data_order
.type	sha1_block_data_order,@function
.align	16
sha1_block_data_order:
	movl	OPENSSL_ia32cap_P+0(%rip),%r9d
	movl	OPENSSL_ia32cap_P+4(%rip),%r8d
	testl	$512,%r8d
	jz	.Lialu
	jmp	_ssse3_shortcut

.align	16
.Lialu:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	movq	%rsp,%r11
	movq	%rdi,%r8
	subq	$72,%rsp
	movq	%rsi,%r9
	andq	$-64,%rsp
	movq	%rdx,%r10
	movq	%r11,64(%rsp)
.Lprologue:

	movl	0(%r8),%esi
	movl	4(%r8),%edi
	movl	8(%r8),%r11d
	movl	12(%r8),%r12d
	movl	16(%r8),%r13d
	jmp	.Lloop

.align	16
.Lloop:
	movl	0(%r9),%edx
	bswapl	%edx
	movl	%edx,0(%rsp)
	movl	%r11d,%eax
	movl	4(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,4(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	8(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,8(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	12(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,12(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	16(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,16(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	20(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,20(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	24(%r9),%edx
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r13,1),%r13d
	andl	%edi,%eax
	movl	%edx,24(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	28(%r9),%ebp
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r12,1),%r12d
	andl	%esi,%eax
	movl	%ebp,28(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	32(%r9),%edx
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%edx,32(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	36(%r9),%ebp
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%ebp,36(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	40(%r9),%edx
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%edx,40(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	44(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,44(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	48(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,48(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	52(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,52(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	56(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,56(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	60(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,60(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	0(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	xorl	32(%rsp),%edx
	andl	%edi,%eax
	leal	1518500249(%rbp,%r13,1),%r13d
	xorl	52(%rsp),%edx
	xorl	%r12d,%eax
	roll	$1,%edx
	addl	%ecx,%r13d
	roll	$30,%edi
	movl	%edx,0(%rsp)
	addl	%eax,%r13d
	movl	4(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	xorl	36(%rsp),%ebp
	andl	%esi,%eax
	leal	1518500249(%rdx,%r12,1),%r12d
	xorl	56(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$1,%ebp
	addl	%ecx,%r12d
	roll	$30,%esi
	movl	%ebp,4(%rsp)
	addl	%eax,%r12d
	movl	8(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	xorl	40(%rsp),%edx
	andl	%r13d,%eax
	leal	1518500249(%rbp,%r11,1),%r11d
	xorl	60(%rsp),%edx
	xorl	%edi,%eax
	roll	$1,%edx
	addl	%ecx,%r11d
	roll	$30,%r13d
	movl	%edx,8(%rsp)
	addl	%eax,%r11d
	movl	12(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	leal	1518500249(%rdx,%rdi,1),%edi
	xorl	0(%rsp),%ebp
	xorl	%esi,%eax
	roll	$1,%ebp
	addl	%ecx,%edi
	roll	$30,%r12d
	movl	%ebp,12(%rsp)
	addl	%eax,%edi
	movl	16(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	leal	1518500249(%rbp,%rsi,1),%esi
	xorl	4(%rsp),%edx
	xorl	%r13d,%eax
	roll	$1,%edx
	addl	%ecx,%esi
	roll	$30,%r11d
	movl	%edx,16(%rsp)
	addl	%eax,%esi
	movl	20(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	52(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	8(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	56(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	12(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	16(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	20(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	24(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	28(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	32(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	36(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	40(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	44(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	48(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	52(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	56(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	60(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	0(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	4(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	8(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	12(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	16(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	20(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r13d
	movl	40(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,40(%rsp)
	addl	%ecx,%r12d
	movl	44(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	52(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,44(%rsp)
	addl	%ecx,%r11d
	movl	48(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	56(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,48(%rsp)
	addl	%ecx,%edi
	movl	52(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	60(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	40(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,52(%rsp)
	addl	%ecx,%esi
	movl	56(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	0(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	44(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,56(%rsp)
	addl	%ecx,%r13d
	movl	60(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	4(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	48(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,60(%rsp)
	addl	%ecx,%r12d
	movl	0(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	8(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	52(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,0(%rsp)
	addl	%ecx,%r11d
	movl	4(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	12(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	56(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,4(%rsp)
	addl	%ecx,%edi
	movl	8(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	16(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	60(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,8(%rsp)
	addl	%ecx,%esi
	movl	12(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	20(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	0(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,12(%rsp)
	addl	%ecx,%r13d
	movl	16(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	24(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	4(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,16(%rsp)
	addl	%ecx,%r12d
	movl	20(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	28(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	8(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,20(%rsp)
	addl	%ecx,%r11d
	movl	24(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	32(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	56(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	12(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,24(%rsp)
	addl	%ecx,%edi
	movl	28(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	36(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	16(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,28(%rsp)
	addl	%ecx,%esi
	movl	32(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	40(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	20(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,32(%rsp)
	addl	%ecx,%r13d
	movl	36(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	44(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r12d
	movl	40(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	48(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	8(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,40(%rsp)
	addl	%ecx,%r11d
	movl	44(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	52(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,44(%rsp)
	addl	%ecx,%edi
	movl	48(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	56(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	16(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,48(%rsp)
	addl	%ecx,%esi
	movl	52(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	20(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	40(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	24(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	44(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	48(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	52(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	56(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	60(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	0(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	4(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	8(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rsi,1),%esi
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	12(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	16(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	20(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	24(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	28(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	32(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	36(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	40(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	56(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	44(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	60(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	48(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	%r11d,%eax
	leal	-899497514(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	roll	$30,%r11d
	addl	%eax,%esi
	addl	0(%r8),%esi
	addl	4(%r8),%edi
	addl	8(%r8),%r11d
	addl	12(%r8),%r12d
	addl	16(%r8),%r13d
	movl	%esi,0(%r8)
	movl	%edi,4(%r8)
	movl	%r11d,8(%r8)
	movl	%r12d,12(%r8)
	movl	%r13d,16(%r8)

	subq	$1,%r10
	leaq	64(%r9),%r9
	jnz	.Lloop

	movq	64(%rsp),%rsi
	movq	(%rsi),%r13
	movq	8(%rsi),%r12
	movq	16(%rsi),%rbp
	movq	24(%rsi),%rbx
	leaq	32(%rsi),%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	sha1_block_data_order,.-sha1_block_data_order
.type	sha1_block_data_order_ssse3,@function
.align	16
sha1_block_data_order_ssse3:
_ssse3_shortcut:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	leaq	-64(%rsp),%rsp
	movq	%rdi,%r8
	movq	%rsi,%r9
	movq	%rdx,%r10

	shlq	$6,%r10
	addq	%r9,%r10
	leaq	K_XX_XX(%rip),%r11

	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movl	%ebx,%esi
	movl	16(%r8),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	jmp	.Loop_ssse3
.align	16
.Loop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r10,%r9
	je	.Ldone_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	addl	12(%r8),%edx
	movl	%eax,0(%r8)
	addl	16(%r8),%ebp
	movl	%esi,4(%r8)
	movl	%esi,%ebx
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	jmp	.Loop_ssse3

.align	16
.Ldone_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	movl	%eax,0(%r8)
	addl	12(%r8),%edx
	movl	%esi,4(%r8)
	addl	16(%r8),%ebp
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	leaq	64(%rsp),%rsi
	movq	0(%rsi),%r12
	movq	8(%rsi),%rbp
	movq	16(%rsi),%rbx
	leaq	24(%rsi),%rsp
.Lepilogue_ssse3:
	.byte	0xf3,0xc3
.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
.align	64
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align	64
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/sha/sha1-macosx-x86_64.S.
















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
#include "x86_arch.h"
.text	

.private_extern	_OPENSSL_ia32cap_P

.globl	_sha1_block_data_order

.p2align	4
_sha1_block_data_order:
	movl	_OPENSSL_ia32cap_P+0(%rip),%r9d
	movl	_OPENSSL_ia32cap_P+4(%rip),%r8d
	testl	$IA32CAP_MASK1_SSSE3,%r8d
	jz	L$ialu
	jmp	_ssse3_shortcut

.p2align	4
L$ialu:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	movq	%rsp,%r11
	movq	%rdi,%r8
	subq	$72,%rsp
	movq	%rsi,%r9
	andq	$-64,%rsp
	movq	%rdx,%r10
	movq	%r11,64(%rsp)
L$prologue:

	movl	0(%r8),%esi
	movl	4(%r8),%edi
	movl	8(%r8),%r11d
	movl	12(%r8),%r12d
	movl	16(%r8),%r13d
	jmp	L$loop

.p2align	4
L$loop:
	movl	0(%r9),%edx
	bswapl	%edx
	movl	%edx,0(%rsp)
	movl	%r11d,%eax
	movl	4(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,4(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	8(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,8(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	12(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,12(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	16(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,16(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	20(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,20(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	24(%r9),%edx
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r13,1),%r13d
	andl	%edi,%eax
	movl	%edx,24(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	28(%r9),%ebp
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r12,1),%r12d
	andl	%esi,%eax
	movl	%ebp,28(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	32(%r9),%edx
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%edx,32(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	36(%r9),%ebp
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%ebp,36(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	40(%r9),%edx
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%edx,40(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	44(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,44(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	48(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,48(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	52(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,52(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	56(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,56(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	60(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,60(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	0(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	xorl	32(%rsp),%edx
	andl	%edi,%eax
	leal	1518500249(%rbp,%r13,1),%r13d
	xorl	52(%rsp),%edx
	xorl	%r12d,%eax
	roll	$1,%edx
	addl	%ecx,%r13d
	roll	$30,%edi
	movl	%edx,0(%rsp)
	addl	%eax,%r13d
	movl	4(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	xorl	36(%rsp),%ebp
	andl	%esi,%eax
	leal	1518500249(%rdx,%r12,1),%r12d
	xorl	56(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$1,%ebp
	addl	%ecx,%r12d
	roll	$30,%esi
	movl	%ebp,4(%rsp)
	addl	%eax,%r12d
	movl	8(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	xorl	40(%rsp),%edx
	andl	%r13d,%eax
	leal	1518500249(%rbp,%r11,1),%r11d
	xorl	60(%rsp),%edx
	xorl	%edi,%eax
	roll	$1,%edx
	addl	%ecx,%r11d
	roll	$30,%r13d
	movl	%edx,8(%rsp)
	addl	%eax,%r11d
	movl	12(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	leal	1518500249(%rdx,%rdi,1),%edi
	xorl	0(%rsp),%ebp
	xorl	%esi,%eax
	roll	$1,%ebp
	addl	%ecx,%edi
	roll	$30,%r12d
	movl	%ebp,12(%rsp)
	addl	%eax,%edi
	movl	16(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	leal	1518500249(%rbp,%rsi,1),%esi
	xorl	4(%rsp),%edx
	xorl	%r13d,%eax
	roll	$1,%edx
	addl	%ecx,%esi
	roll	$30,%r11d
	movl	%edx,16(%rsp)
	addl	%eax,%esi
	movl	20(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	52(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	8(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	56(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	12(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	16(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	20(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	24(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	28(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	32(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	36(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	40(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	44(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	48(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	52(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	56(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	60(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	0(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	4(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	8(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	12(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	16(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	20(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r13d
	movl	40(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,40(%rsp)
	addl	%ecx,%r12d
	movl	44(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	52(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,44(%rsp)
	addl	%ecx,%r11d
	movl	48(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	56(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,48(%rsp)
	addl	%ecx,%edi
	movl	52(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	60(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	40(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,52(%rsp)
	addl	%ecx,%esi
	movl	56(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	0(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	44(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,56(%rsp)
	addl	%ecx,%r13d
	movl	60(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	4(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	48(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,60(%rsp)
	addl	%ecx,%r12d
	movl	0(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	8(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	52(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,0(%rsp)
	addl	%ecx,%r11d
	movl	4(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	12(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	56(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,4(%rsp)
	addl	%ecx,%edi
	movl	8(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	16(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	60(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,8(%rsp)
	addl	%ecx,%esi
	movl	12(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	20(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	0(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,12(%rsp)
	addl	%ecx,%r13d
	movl	16(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	24(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	4(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,16(%rsp)
	addl	%ecx,%r12d
	movl	20(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	28(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	8(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,20(%rsp)
	addl	%ecx,%r11d
	movl	24(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	32(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	56(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	12(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,24(%rsp)
	addl	%ecx,%edi
	movl	28(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	36(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	16(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,28(%rsp)
	addl	%ecx,%esi
	movl	32(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	40(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	20(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,32(%rsp)
	addl	%ecx,%r13d
	movl	36(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	44(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r12d
	movl	40(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	48(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	8(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,40(%rsp)
	addl	%ecx,%r11d
	movl	44(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	52(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,44(%rsp)
	addl	%ecx,%edi
	movl	48(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	56(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	16(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,48(%rsp)
	addl	%ecx,%esi
	movl	52(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	20(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	40(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	24(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	44(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	48(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	52(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	56(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	60(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	0(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	4(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	8(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rsi,1),%esi
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	12(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	16(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	20(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	24(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	28(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	32(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	36(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	40(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	56(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	44(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	60(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	48(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	%r11d,%eax
	leal	-899497514(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	roll	$30,%r11d
	addl	%eax,%esi
	addl	0(%r8),%esi
	addl	4(%r8),%edi
	addl	8(%r8),%r11d
	addl	12(%r8),%r12d
	addl	16(%r8),%r13d
	movl	%esi,0(%r8)
	movl	%edi,4(%r8)
	movl	%r11d,8(%r8)
	movl	%r12d,12(%r8)
	movl	%r13d,16(%r8)

	subq	$1,%r10
	leaq	64(%r9),%r9
	jnz	L$loop

	movq	64(%rsp),%rsi
	movq	(%rsi),%r13
	movq	8(%rsi),%r12
	movq	16(%rsi),%rbp
	movq	24(%rsi),%rbx
	leaq	32(%rsi),%rsp
L$epilogue:
	.byte	0xf3,0xc3


.p2align	4
sha1_block_data_order_ssse3:
_ssse3_shortcut:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	leaq	-64(%rsp),%rsp
	movq	%rdi,%r8
	movq	%rsi,%r9
	movq	%rdx,%r10

	shlq	$6,%r10
	addq	%r9,%r10
	leaq	K_XX_XX(%rip),%r11

	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movl	%ebx,%esi
	movl	16(%r8),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	jmp	L$oop_ssse3
.p2align	4
L$oop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r10,%r9
	je	L$done_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	addl	12(%r8),%edx
	movl	%eax,0(%r8)
	addl	16(%r8),%ebp
	movl	%esi,4(%r8)
	movl	%esi,%ebx
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	jmp	L$oop_ssse3

.p2align	4
L$done_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	movl	%eax,0(%r8)
	addl	12(%r8),%edx
	movl	%esi,4(%r8)
	addl	16(%r8),%ebp
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	leaq	64(%rsp),%rsi
	movq	0(%rsi),%r12
	movq	8(%rsi),%rbp
	movq	16(%rsi),%rbx
	leaq	24(%rsi),%rsp
L$epilogue_ssse3:
	.byte	0xf3,0xc3

.p2align	6
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
Deleted jni/libressl/crypto/sha/sha1-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
.text	


.globl	_sha1_block_data_order

.p2align	4
_sha1_block_data_order:
	movl	_OPENSSL_ia32cap_P+0(%rip),%r9d
	movl	_OPENSSL_ia32cap_P+4(%rip),%r8d
	testl	$512,%r8d
	jz	L$ialu
	jmp	_ssse3_shortcut

.p2align	4
L$ialu:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	movq	%rsp,%r11
	movq	%rdi,%r8
	subq	$72,%rsp
	movq	%rsi,%r9
	andq	$-64,%rsp
	movq	%rdx,%r10
	movq	%r11,64(%rsp)
L$prologue:

	movl	0(%r8),%esi
	movl	4(%r8),%edi
	movl	8(%r8),%r11d
	movl	12(%r8),%r12d
	movl	16(%r8),%r13d
	jmp	L$loop

.p2align	4
L$loop:
	movl	0(%r9),%edx
	bswapl	%edx
	movl	%edx,0(%rsp)
	movl	%r11d,%eax
	movl	4(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,4(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	8(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,8(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	12(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,12(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	16(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,16(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	20(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,20(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	24(%r9),%edx
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r13,1),%r13d
	andl	%edi,%eax
	movl	%edx,24(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	28(%r9),%ebp
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r12,1),%r12d
	andl	%esi,%eax
	movl	%ebp,28(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	32(%r9),%edx
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%edx,32(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	36(%r9),%ebp
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%ebp,36(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	40(%r9),%edx
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%edx,40(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	%r11d,%eax
	movl	44(%r9),%ebp
	movl	%esi,%ecx
	xorl	%r12d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r13,1),%r13d
	andl	%edi,%eax
	movl	%ebp,44(%rsp)
	addl	%ecx,%r13d
	xorl	%r12d,%eax
	roll	$30,%edi
	addl	%eax,%r13d
	movl	%edi,%eax
	movl	48(%r9),%edx
	movl	%r13d,%ecx
	xorl	%r11d,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%r12,1),%r12d
	andl	%esi,%eax
	movl	%edx,48(%rsp)
	addl	%ecx,%r12d
	xorl	%r11d,%eax
	roll	$30,%esi
	addl	%eax,%r12d
	movl	%esi,%eax
	movl	52(%r9),%ebp
	movl	%r12d,%ecx
	xorl	%edi,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%r11,1),%r11d
	andl	%r13d,%eax
	movl	%ebp,52(%rsp)
	addl	%ecx,%r11d
	xorl	%edi,%eax
	roll	$30,%r13d
	addl	%eax,%r11d
	movl	%r13d,%eax
	movl	56(%r9),%edx
	movl	%r11d,%ecx
	xorl	%esi,%eax
	bswapl	%edx
	roll	$5,%ecx
	leal	1518500249(%rbp,%rdi,1),%edi
	andl	%r12d,%eax
	movl	%edx,56(%rsp)
	addl	%ecx,%edi
	xorl	%esi,%eax
	roll	$30,%r12d
	addl	%eax,%edi
	movl	%r12d,%eax
	movl	60(%r9),%ebp
	movl	%edi,%ecx
	xorl	%r13d,%eax
	bswapl	%ebp
	roll	$5,%ecx
	leal	1518500249(%rdx,%rsi,1),%esi
	andl	%r11d,%eax
	movl	%ebp,60(%rsp)
	addl	%ecx,%esi
	xorl	%r13d,%eax
	roll	$30,%r11d
	addl	%eax,%esi
	movl	0(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	xorl	32(%rsp),%edx
	andl	%edi,%eax
	leal	1518500249(%rbp,%r13,1),%r13d
	xorl	52(%rsp),%edx
	xorl	%r12d,%eax
	roll	$1,%edx
	addl	%ecx,%r13d
	roll	$30,%edi
	movl	%edx,0(%rsp)
	addl	%eax,%r13d
	movl	4(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	xorl	36(%rsp),%ebp
	andl	%esi,%eax
	leal	1518500249(%rdx,%r12,1),%r12d
	xorl	56(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$1,%ebp
	addl	%ecx,%r12d
	roll	$30,%esi
	movl	%ebp,4(%rsp)
	addl	%eax,%r12d
	movl	8(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	xorl	40(%rsp),%edx
	andl	%r13d,%eax
	leal	1518500249(%rbp,%r11,1),%r11d
	xorl	60(%rsp),%edx
	xorl	%edi,%eax
	roll	$1,%edx
	addl	%ecx,%r11d
	roll	$30,%r13d
	movl	%edx,8(%rsp)
	addl	%eax,%r11d
	movl	12(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	leal	1518500249(%rdx,%rdi,1),%edi
	xorl	0(%rsp),%ebp
	xorl	%esi,%eax
	roll	$1,%ebp
	addl	%ecx,%edi
	roll	$30,%r12d
	movl	%ebp,12(%rsp)
	addl	%eax,%edi
	movl	16(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	leal	1518500249(%rbp,%rsi,1),%esi
	xorl	4(%rsp),%edx
	xorl	%r13d,%eax
	roll	$1,%edx
	addl	%ecx,%esi
	roll	$30,%r11d
	movl	%edx,16(%rsp)
	addl	%eax,%esi
	movl	20(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	52(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	8(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	56(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	12(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	16(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	20(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	24(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	28(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	32(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	36(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	40(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	44(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r13,1),%r13d
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	48(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r12,1),%r12d
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	52(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r11,1),%r11d
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	56(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rdi,1),%edi
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	60(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rsi,1),%esi
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	0(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r13,1),%r13d
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	4(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%r12,1),%r12d
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	8(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%r11,1),%r11d
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	12(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	1859775393(%rdx,%rdi,1),%edi
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	16(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	1859775393(%rbp,%rsi,1),%esi
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	20(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	44(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r13d
	movl	40(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	48(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,40(%rsp)
	addl	%ecx,%r12d
	movl	44(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	52(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,44(%rsp)
	addl	%ecx,%r11d
	movl	48(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	56(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	16(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,48(%rsp)
	addl	%ecx,%edi
	movl	52(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	60(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	20(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	40(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,52(%rsp)
	addl	%ecx,%esi
	movl	56(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	0(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	24(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	44(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,56(%rsp)
	addl	%ecx,%r13d
	movl	60(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	4(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	48(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,60(%rsp)
	addl	%ecx,%r12d
	movl	0(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	8(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	32(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	52(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,0(%rsp)
	addl	%ecx,%r11d
	movl	4(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	12(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	36(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	56(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,4(%rsp)
	addl	%ecx,%edi
	movl	8(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	16(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	40(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	60(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,8(%rsp)
	addl	%ecx,%esi
	movl	12(%rsp),%ebp
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	20(%rsp),%ebp
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r12d,%ebx
	leal	-1894007588(%rdx,%r13,1),%r13d
	roll	$5,%ecx
	xorl	0(%rsp),%ebp
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%ebp,12(%rsp)
	addl	%ecx,%r13d
	movl	16(%rsp),%edx
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	24(%rsp),%edx
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r11d,%ebx
	leal	-1894007588(%rbp,%r12,1),%r12d
	roll	$5,%ecx
	xorl	4(%rsp),%edx
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%edx
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%edx,16(%rsp)
	addl	%ecx,%r12d
	movl	20(%rsp),%ebp
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	28(%rsp),%ebp
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	52(%rsp),%ebp
	xorl	%edi,%ebx
	leal	-1894007588(%rdx,%r11,1),%r11d
	roll	$5,%ecx
	xorl	8(%rsp),%ebp
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%ebp
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%ebp,20(%rsp)
	addl	%ecx,%r11d
	movl	24(%rsp),%edx
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	32(%rsp),%edx
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	56(%rsp),%edx
	xorl	%esi,%ebx
	leal	-1894007588(%rbp,%rdi,1),%edi
	roll	$5,%ecx
	xorl	12(%rsp),%edx
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%edx
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%edx,24(%rsp)
	addl	%ecx,%edi
	movl	28(%rsp),%ebp
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	36(%rsp),%ebp
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%r13d,%ebx
	leal	-1894007588(%rdx,%rsi,1),%esi
	roll	$5,%ecx
	xorl	16(%rsp),%ebp
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%ebp
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%ebp,28(%rsp)
	addl	%ecx,%esi
	movl	32(%rsp),%edx
	movl	%r11d,%eax
	movl	%r11d,%ebx
	xorl	40(%rsp),%edx
	andl	%r12d,%eax
	movl	%esi,%ecx
	xorl	0(%rsp),%edx
	xorl	%r12d,%ebx
	leal	-1894007588(%rbp,%r13,1),%r13d
	roll	$5,%ecx
	xorl	20(%rsp),%edx
	addl	%eax,%r13d
	andl	%edi,%ebx
	roll	$1,%edx
	addl	%ebx,%r13d
	roll	$30,%edi
	movl	%edx,32(%rsp)
	addl	%ecx,%r13d
	movl	36(%rsp),%ebp
	movl	%edi,%eax
	movl	%edi,%ebx
	xorl	44(%rsp),%ebp
	andl	%r11d,%eax
	movl	%r13d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r11d,%ebx
	leal	-1894007588(%rdx,%r12,1),%r12d
	roll	$5,%ecx
	xorl	24(%rsp),%ebp
	addl	%eax,%r12d
	andl	%esi,%ebx
	roll	$1,%ebp
	addl	%ebx,%r12d
	roll	$30,%esi
	movl	%ebp,36(%rsp)
	addl	%ecx,%r12d
	movl	40(%rsp),%edx
	movl	%esi,%eax
	movl	%esi,%ebx
	xorl	48(%rsp),%edx
	andl	%edi,%eax
	movl	%r12d,%ecx
	xorl	8(%rsp),%edx
	xorl	%edi,%ebx
	leal	-1894007588(%rbp,%r11,1),%r11d
	roll	$5,%ecx
	xorl	28(%rsp),%edx
	addl	%eax,%r11d
	andl	%r13d,%ebx
	roll	$1,%edx
	addl	%ebx,%r11d
	roll	$30,%r13d
	movl	%edx,40(%rsp)
	addl	%ecx,%r11d
	movl	44(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r13d,%ebx
	xorl	52(%rsp),%ebp
	andl	%esi,%eax
	movl	%r11d,%ecx
	xorl	12(%rsp),%ebp
	xorl	%esi,%ebx
	leal	-1894007588(%rdx,%rdi,1),%edi
	roll	$5,%ecx
	xorl	32(%rsp),%ebp
	addl	%eax,%edi
	andl	%r12d,%ebx
	roll	$1,%ebp
	addl	%ebx,%edi
	roll	$30,%r12d
	movl	%ebp,44(%rsp)
	addl	%ecx,%edi
	movl	48(%rsp),%edx
	movl	%r12d,%eax
	movl	%r12d,%ebx
	xorl	56(%rsp),%edx
	andl	%r13d,%eax
	movl	%edi,%ecx
	xorl	16(%rsp),%edx
	xorl	%r13d,%ebx
	leal	-1894007588(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	36(%rsp),%edx
	addl	%eax,%esi
	andl	%r11d,%ebx
	roll	$1,%edx
	addl	%ebx,%esi
	roll	$30,%r11d
	movl	%edx,48(%rsp)
	addl	%ecx,%esi
	movl	52(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	60(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	20(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	40(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,52(%rsp)
	movl	56(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	0(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	24(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	44(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,56(%rsp)
	movl	60(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	28(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	48(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,60(%rsp)
	movl	0(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	8(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	32(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	52(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,0(%rsp)
	movl	4(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	12(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	36(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	56(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,4(%rsp)
	movl	8(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	16(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	40(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	60(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,8(%rsp)
	movl	12(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	20(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	44(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	0(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	%ebp,12(%rsp)
	movl	16(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	24(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	48(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	4(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	%edx,16(%rsp)
	movl	20(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	28(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	52(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	8(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%ebp,20(%rsp)
	movl	24(%rsp),%edx
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	32(%rsp),%edx
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rsi,1),%esi
	xorl	56(%rsp),%edx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	12(%rsp),%edx
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%edx
	movl	%edx,24(%rsp)
	movl	28(%rsp),%ebp
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	36(%rsp),%ebp
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r13,1),%r13d
	xorl	60(%rsp),%ebp
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	16(%rsp),%ebp
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%ebp
	movl	%ebp,28(%rsp)
	movl	32(%rsp),%edx
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	40(%rsp),%edx
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r12,1),%r12d
	xorl	0(%rsp),%edx
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	20(%rsp),%edx
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%edx
	movl	%edx,32(%rsp)
	movl	36(%rsp),%ebp
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	44(%rsp),%ebp
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r11,1),%r11d
	xorl	4(%rsp),%ebp
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	24(%rsp),%ebp
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%ebp
	movl	%ebp,36(%rsp)
	movl	40(%rsp),%edx
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	48(%rsp),%edx
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%rdi,1),%edi
	xorl	8(%rsp),%edx
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	28(%rsp),%edx
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%edx
	movl	%edx,40(%rsp)
	movl	44(%rsp),%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	52(%rsp),%ebp
	xorl	%r11d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rsi,1),%esi
	xorl	12(%rsp),%ebp
	xorl	%r13d,%eax
	addl	%ecx,%esi
	xorl	32(%rsp),%ebp
	roll	$30,%r11d
	addl	%eax,%esi
	roll	$1,%ebp
	movl	%ebp,44(%rsp)
	movl	48(%rsp),%edx
	movl	%r11d,%eax
	movl	%esi,%ecx
	xorl	56(%rsp),%edx
	xorl	%edi,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r13,1),%r13d
	xorl	16(%rsp),%edx
	xorl	%r12d,%eax
	addl	%ecx,%r13d
	xorl	36(%rsp),%edx
	roll	$30,%edi
	addl	%eax,%r13d
	roll	$1,%edx
	movl	%edx,48(%rsp)
	movl	52(%rsp),%ebp
	movl	%edi,%eax
	movl	%r13d,%ecx
	xorl	60(%rsp),%ebp
	xorl	%esi,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%r12,1),%r12d
	xorl	20(%rsp),%ebp
	xorl	%r11d,%eax
	addl	%ecx,%r12d
	xorl	40(%rsp),%ebp
	roll	$30,%esi
	addl	%eax,%r12d
	roll	$1,%ebp
	movl	56(%rsp),%edx
	movl	%esi,%eax
	movl	%r12d,%ecx
	xorl	0(%rsp),%edx
	xorl	%r13d,%eax
	roll	$5,%ecx
	leal	-899497514(%rbp,%r11,1),%r11d
	xorl	24(%rsp),%edx
	xorl	%edi,%eax
	addl	%ecx,%r11d
	xorl	44(%rsp),%edx
	roll	$30,%r13d
	addl	%eax,%r11d
	roll	$1,%edx
	movl	60(%rsp),%ebp
	movl	%r13d,%eax
	movl	%r11d,%ecx
	xorl	4(%rsp),%ebp
	xorl	%r12d,%eax
	roll	$5,%ecx
	leal	-899497514(%rdx,%rdi,1),%edi
	xorl	28(%rsp),%ebp
	xorl	%esi,%eax
	addl	%ecx,%edi
	xorl	48(%rsp),%ebp
	roll	$30,%r12d
	addl	%eax,%edi
	roll	$1,%ebp
	movl	%r12d,%eax
	movl	%edi,%ecx
	xorl	%r11d,%eax
	leal	-899497514(%rbp,%rsi,1),%esi
	roll	$5,%ecx
	xorl	%r13d,%eax
	addl	%ecx,%esi
	roll	$30,%r11d
	addl	%eax,%esi
	addl	0(%r8),%esi
	addl	4(%r8),%edi
	addl	8(%r8),%r11d
	addl	12(%r8),%r12d
	addl	16(%r8),%r13d
	movl	%esi,0(%r8)
	movl	%edi,4(%r8)
	movl	%r11d,8(%r8)
	movl	%r12d,12(%r8)
	movl	%r13d,16(%r8)

	subq	$1,%r10
	leaq	64(%r9),%r9
	jnz	L$loop

	movq	64(%rsp),%rsi
	movq	(%rsi),%r13
	movq	8(%rsi),%r12
	movq	16(%rsi),%rbp
	movq	24(%rsi),%rbx
	leaq	32(%rsi),%rsp
L$epilogue:
	.byte	0xf3,0xc3


.p2align	4
sha1_block_data_order_ssse3:
_ssse3_shortcut:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	leaq	-64(%rsp),%rsp
	movq	%rdi,%r8
	movq	%rsi,%r9
	movq	%rdx,%r10

	shlq	$6,%r10
	addq	%r9,%r10
	leaq	K_XX_XX(%rip),%r11

	movl	0(%r8),%eax
	movl	4(%r8),%ebx
	movl	8(%r8),%ecx
	movl	12(%r8),%edx
	movl	%ebx,%esi
	movl	16(%r8),%ebp

	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
.byte	102,15,56,0,206
.byte	102,15,56,0,214
.byte	102,15,56,0,222
	paddd	%xmm9,%xmm0
	paddd	%xmm9,%xmm1
	paddd	%xmm9,%xmm2
	movdqa	%xmm0,0(%rsp)
	psubd	%xmm9,%xmm0
	movdqa	%xmm1,16(%rsp)
	psubd	%xmm9,%xmm1
	movdqa	%xmm2,32(%rsp)
	psubd	%xmm9,%xmm2
	jmp	L$oop_ssse3
.p2align	4
L$oop_ssse3:
	movdqa	%xmm1,%xmm4
	addl	0(%rsp),%ebp
	xorl	%edx,%ecx
	movdqa	%xmm3,%xmm8
.byte	102,15,58,15,224,8
	movl	%eax,%edi
	roll	$5,%eax
	paddd	%xmm3,%xmm9
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrldq	$4,%xmm8
	xorl	%edx,%esi
	addl	%eax,%ebp
	pxor	%xmm0,%xmm4
	rorl	$2,%ebx
	addl	%esi,%ebp
	pxor	%xmm2,%xmm8
	addl	4(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pxor	%xmm8,%xmm4
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm9,48(%rsp)
	xorl	%ecx,%edi
	addl	%ebp,%edx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm4,%xmm8
	rorl	$7,%eax
	addl	%edi,%edx
	addl	8(%rsp),%ecx
	xorl	%ebx,%eax
	pslldq	$12,%xmm10
	paddd	%xmm4,%xmm4
	movl	%edx,%edi
	roll	$5,%edx
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrld	$31,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	movdqa	%xmm10,%xmm9
	rorl	$7,%ebp
	addl	%esi,%ecx
	psrld	$30,%xmm10
	por	%xmm8,%xmm4
	addl	12(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm4
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	0(%r11),%xmm10
	xorl	%eax,%edi
	addl	%ecx,%ebx
	pxor	%xmm9,%xmm4
	rorl	$7,%edx
	addl	%edi,%ebx
	movdqa	%xmm2,%xmm5
	addl	16(%rsp),%eax
	xorl	%ebp,%edx
	movdqa	%xmm4,%xmm9
.byte	102,15,58,15,233,8
	movl	%ebx,%edi
	roll	$5,%ebx
	paddd	%xmm4,%xmm10
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrldq	$4,%xmm9
	xorl	%ebp,%esi
	addl	%ebx,%eax
	pxor	%xmm1,%xmm5
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm3,%xmm9
	addl	20(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pxor	%xmm9,%xmm5
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm10,0(%rsp)
	xorl	%edx,%edi
	addl	%eax,%ebp
	movdqa	%xmm5,%xmm8
	movdqa	%xmm5,%xmm9
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	24(%rsp),%edx
	xorl	%ecx,%ebx
	pslldq	$12,%xmm8
	paddd	%xmm5,%xmm5
	movl	%ebp,%edi
	roll	$5,%ebp
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	psrld	$31,%xmm9
	xorl	%ecx,%esi
	addl	%ebp,%edx
	movdqa	%xmm8,%xmm10
	rorl	$7,%eax
	addl	%esi,%edx
	psrld	$30,%xmm8
	por	%xmm9,%xmm5
	addl	28(%rsp),%ecx
	xorl	%ebx,%eax
	movl	%edx,%esi
	roll	$5,%edx
	pslld	$2,%xmm10
	pxor	%xmm8,%xmm5
	andl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	16(%r11),%xmm8
	xorl	%ebx,%edi
	addl	%edx,%ecx
	pxor	%xmm10,%xmm5
	rorl	$7,%ebp
	addl	%edi,%ecx
	movdqa	%xmm3,%xmm6
	addl	32(%rsp),%ebx
	xorl	%eax,%ebp
	movdqa	%xmm5,%xmm10
.byte	102,15,58,15,242,8
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm5,%xmm8
	andl	%ebp,%esi
	xorl	%eax,%ebp
	psrldq	$4,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	pxor	%xmm2,%xmm6
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm4,%xmm10
	addl	36(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	pxor	%xmm10,%xmm6
	andl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm8,16(%rsp)
	xorl	%ebp,%edi
	addl	%ebx,%eax
	movdqa	%xmm6,%xmm9
	movdqa	%xmm6,%xmm10
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	40(%rsp),%ebp
	xorl	%edx,%ecx
	pslldq	$12,%xmm9
	paddd	%xmm6,%xmm6
	movl	%eax,%edi
	roll	$5,%eax
	andl	%ecx,%esi
	xorl	%edx,%ecx
	psrld	$31,%xmm10
	xorl	%edx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	psrld	$30,%xmm9
	por	%xmm10,%xmm6
	addl	44(%rsp),%edx
	xorl	%ecx,%ebx
	movl	%ebp,%esi
	roll	$5,%ebp
	pslld	$2,%xmm8
	pxor	%xmm9,%xmm6
	andl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	16(%r11),%xmm9
	xorl	%ecx,%edi
	addl	%ebp,%edx
	pxor	%xmm8,%xmm6
	rorl	$7,%eax
	addl	%edi,%edx
	movdqa	%xmm4,%xmm7
	addl	48(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm8
.byte	102,15,58,15,251,8
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm6,%xmm9
	andl	%eax,%esi
	xorl	%ebx,%eax
	psrldq	$4,%xmm8
	xorl	%ebx,%esi
	addl	%edx,%ecx
	pxor	%xmm3,%xmm7
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm5,%xmm8
	addl	52(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%esi
	roll	$5,%ecx
	pxor	%xmm8,%xmm7
	andl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm9,32(%rsp)
	xorl	%eax,%edi
	addl	%ecx,%ebx
	movdqa	%xmm7,%xmm10
	movdqa	%xmm7,%xmm8
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	56(%rsp),%eax
	xorl	%ebp,%edx
	pslldq	$12,%xmm10
	paddd	%xmm7,%xmm7
	movl	%ebx,%edi
	roll	$5,%ebx
	andl	%edx,%esi
	xorl	%ebp,%edx
	psrld	$31,%xmm8
	xorl	%ebp,%esi
	addl	%ebx,%eax
	movdqa	%xmm10,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	psrld	$30,%xmm10
	por	%xmm8,%xmm7
	addl	60(%rsp),%ebp
	xorl	%edx,%ecx
	movl	%eax,%esi
	roll	$5,%eax
	pslld	$2,%xmm9
	pxor	%xmm10,%xmm7
	andl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	16(%r11),%xmm10
	xorl	%edx,%edi
	addl	%eax,%ebp
	pxor	%xmm9,%xmm7
	rorl	$7,%ebx
	addl	%edi,%ebp
	movdqa	%xmm7,%xmm9
	addl	0(%rsp),%edx
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,206,8
	xorl	%ecx,%ebx
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm1,%xmm0
	andl	%ebx,%esi
	xorl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm7,%xmm10
	xorl	%ecx,%esi
	addl	%ebp,%edx
	pxor	%xmm9,%xmm0
	rorl	$7,%eax
	addl	%esi,%edx
	addl	4(%rsp),%ecx
	xorl	%ebx,%eax
	movdqa	%xmm0,%xmm9
	movdqa	%xmm10,48(%rsp)
	movl	%edx,%esi
	roll	$5,%edx
	andl	%eax,%edi
	xorl	%ebx,%eax
	pslld	$2,%xmm0
	xorl	%ebx,%edi
	addl	%edx,%ecx
	psrld	$30,%xmm9
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	8(%rsp),%ebx
	xorl	%eax,%ebp
	movl	%ecx,%edi
	roll	$5,%ecx
	por	%xmm9,%xmm0
	andl	%ebp,%esi
	xorl	%eax,%ebp
	movdqa	%xmm0,%xmm10
	xorl	%eax,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	12(%rsp),%eax
	xorl	%ebp,%edx
	movl	%ebx,%esi
	roll	$5,%ebx
	andl	%edx,%edi
	xorl	%ebp,%edx
	xorl	%ebp,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	16(%rsp),%ebp
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,215,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm2,%xmm1
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm8,%xmm9
	paddd	%xmm0,%xmm8
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm10,%xmm1
	addl	20(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm1,%xmm10
	movdqa	%xmm8,0(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm1
	addl	24(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm10
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm10,%xmm1
	addl	28(%rsp),%ebx
	xorl	%eax,%edi
	movdqa	%xmm1,%xmm8
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	32(%rsp),%eax
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,192,8
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	pxor	%xmm3,%xmm2
	xorl	%edx,%esi
	addl	%ebx,%eax
	movdqa	32(%r11),%xmm10
	paddd	%xmm1,%xmm9
	rorl	$7,%ecx
	addl	%esi,%eax
	pxor	%xmm8,%xmm2
	addl	36(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	movdqa	%xmm2,%xmm8
	movdqa	%xmm9,16(%rsp)
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	pslld	$2,%xmm2
	addl	40(%rsp),%edx
	xorl	%ecx,%esi
	psrld	$30,%xmm8
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	por	%xmm8,%xmm2
	addl	44(%rsp),%ecx
	xorl	%ebx,%edi
	movdqa	%xmm2,%xmm9
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	48(%rsp),%ebx
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,201,8
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	pxor	%xmm4,%xmm3
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm2,%xmm10
	rorl	$7,%edx
	addl	%esi,%ebx
	pxor	%xmm9,%xmm3
	addl	52(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	movdqa	%xmm3,%xmm9
	movdqa	%xmm10,32(%rsp)
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	pslld	$2,%xmm3
	addl	56(%rsp),%ebp
	xorl	%edx,%esi
	psrld	$30,%xmm9
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	por	%xmm9,%xmm3
	addl	60(%rsp),%edx
	xorl	%ecx,%edi
	movdqa	%xmm3,%xmm10
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	0(%rsp),%ecx
	pxor	%xmm0,%xmm4
.byte	102,68,15,58,15,210,8
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	pxor	%xmm5,%xmm4
	xorl	%eax,%esi
	addl	%edx,%ecx
	movdqa	%xmm8,%xmm9
	paddd	%xmm3,%xmm8
	rorl	$7,%ebp
	addl	%esi,%ecx
	pxor	%xmm10,%xmm4
	addl	4(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	movdqa	%xmm4,%xmm10
	movdqa	%xmm8,48(%rsp)
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	pslld	$2,%xmm4
	addl	8(%rsp),%eax
	xorl	%ebp,%esi
	psrld	$30,%xmm10
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	por	%xmm10,%xmm4
	addl	12(%rsp),%ebp
	xorl	%edx,%edi
	movdqa	%xmm4,%xmm8
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	16(%rsp),%edx
	pxor	%xmm1,%xmm5
.byte	102,68,15,58,15,195,8
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	pxor	%xmm6,%xmm5
	xorl	%ebx,%esi
	addl	%ebp,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm4,%xmm9
	rorl	$7,%eax
	addl	%esi,%edx
	pxor	%xmm8,%xmm5
	addl	20(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	movdqa	%xmm5,%xmm8
	movdqa	%xmm9,0(%rsp)
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	pslld	$2,%xmm5
	addl	24(%rsp),%ebx
	xorl	%eax,%esi
	psrld	$30,%xmm8
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	por	%xmm8,%xmm5
	addl	28(%rsp),%eax
	xorl	%ebp,%edi
	movdqa	%xmm5,%xmm9
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ecx,%edi
	pxor	%xmm2,%xmm6
.byte	102,68,15,58,15,204,8
	xorl	%edx,%ecx
	addl	32(%rsp),%ebp
	andl	%edx,%edi
	pxor	%xmm7,%xmm6
	andl	%ecx,%esi
	rorl	$7,%ebx
	movdqa	%xmm10,%xmm8
	paddd	%xmm5,%xmm10
	addl	%edi,%ebp
	movl	%eax,%edi
	pxor	%xmm9,%xmm6
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movdqa	%xmm6,%xmm9
	movdqa	%xmm10,16(%rsp)
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	36(%rsp),%edx
	andl	%ecx,%esi
	pslld	$2,%xmm6
	andl	%ebx,%edi
	rorl	$7,%eax
	psrld	$30,%xmm9
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	por	%xmm9,%xmm6
	movl	%eax,%edi
	xorl	%ebx,%eax
	movdqa	%xmm6,%xmm10
	addl	40(%rsp),%ecx
	andl	%ebx,%edi
	andl	%eax,%esi
	rorl	$7,%ebp
	addl	%edi,%ecx
	movl	%edx,%edi
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	44(%rsp),%ebx
	andl	%eax,%esi
	andl	%ebp,%edi
	rorl	$7,%edx
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%edi
	pxor	%xmm3,%xmm7
.byte	102,68,15,58,15,213,8
	xorl	%ebp,%edx
	addl	48(%rsp),%eax
	andl	%ebp,%edi
	pxor	%xmm0,%xmm7
	andl	%edx,%esi
	rorl	$7,%ecx
	movdqa	48(%r11),%xmm9
	paddd	%xmm6,%xmm8
	addl	%edi,%eax
	movl	%ebx,%edi
	pxor	%xmm10,%xmm7
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movdqa	%xmm7,%xmm10
	movdqa	%xmm8,32(%rsp)
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	52(%rsp),%ebp
	andl	%edx,%esi
	pslld	$2,%xmm7
	andl	%ecx,%edi
	rorl	$7,%ebx
	psrld	$30,%xmm10
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	por	%xmm10,%xmm7
	movl	%ebx,%edi
	xorl	%ecx,%ebx
	movdqa	%xmm7,%xmm8
	addl	56(%rsp),%edx
	andl	%ecx,%edi
	andl	%ebx,%esi
	rorl	$7,%eax
	addl	%edi,%edx
	movl	%ebp,%edi
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	60(%rsp),%ecx
	andl	%ebx,%esi
	andl	%eax,%edi
	rorl	$7,%ebp
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movl	%ebp,%edi
	pxor	%xmm4,%xmm0
.byte	102,68,15,58,15,198,8
	xorl	%eax,%ebp
	addl	0(%rsp),%ebx
	andl	%eax,%edi
	pxor	%xmm1,%xmm0
	andl	%ebp,%esi
	rorl	$7,%edx
	movdqa	%xmm9,%xmm10
	paddd	%xmm7,%xmm9
	addl	%edi,%ebx
	movl	%ecx,%edi
	pxor	%xmm8,%xmm0
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movdqa	%xmm0,%xmm8
	movdqa	%xmm9,48(%rsp)
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	4(%rsp),%eax
	andl	%ebp,%esi
	pslld	$2,%xmm0
	andl	%edx,%edi
	rorl	$7,%ecx
	psrld	$30,%xmm8
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	por	%xmm8,%xmm0
	movl	%ecx,%edi
	xorl	%edx,%ecx
	movdqa	%xmm0,%xmm9
	addl	8(%rsp),%ebp
	andl	%edx,%edi
	andl	%ecx,%esi
	rorl	$7,%ebx
	addl	%edi,%ebp
	movl	%eax,%edi
	roll	$5,%eax
	addl	%esi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%esi
	xorl	%ecx,%ebx
	addl	12(%rsp),%edx
	andl	%ecx,%esi
	andl	%ebx,%edi
	rorl	$7,%eax
	addl	%esi,%edx
	movl	%ebp,%esi
	roll	$5,%ebp
	addl	%edi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movl	%eax,%edi
	pxor	%xmm5,%xmm1
.byte	102,68,15,58,15,207,8
	xorl	%ebx,%eax
	addl	16(%rsp),%ecx
	andl	%ebx,%edi
	pxor	%xmm2,%xmm1
	andl	%eax,%esi
	rorl	$7,%ebp
	movdqa	%xmm10,%xmm8
	paddd	%xmm0,%xmm10
	addl	%edi,%ecx
	movl	%edx,%edi
	pxor	%xmm9,%xmm1
	roll	$5,%edx
	addl	%esi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	movdqa	%xmm1,%xmm9
	movdqa	%xmm10,0(%rsp)
	movl	%ebp,%esi
	xorl	%eax,%ebp
	addl	20(%rsp),%ebx
	andl	%eax,%esi
	pslld	$2,%xmm1
	andl	%ebp,%edi
	rorl	$7,%edx
	psrld	$30,%xmm9
	addl	%esi,%ebx
	movl	%ecx,%esi
	roll	$5,%ecx
	addl	%edi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	por	%xmm9,%xmm1
	movl	%edx,%edi
	xorl	%ebp,%edx
	movdqa	%xmm1,%xmm10
	addl	24(%rsp),%eax
	andl	%ebp,%edi
	andl	%edx,%esi
	rorl	$7,%ecx
	addl	%edi,%eax
	movl	%ebx,%edi
	roll	$5,%ebx
	addl	%esi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	movl	%ecx,%esi
	xorl	%edx,%ecx
	addl	28(%rsp),%ebp
	andl	%edx,%esi
	andl	%ecx,%edi
	rorl	$7,%ebx
	addl	%esi,%ebp
	movl	%eax,%esi
	roll	$5,%eax
	addl	%edi,%ebp
	xorl	%edx,%ecx
	addl	%eax,%ebp
	movl	%ebx,%edi
	pxor	%xmm6,%xmm2
.byte	102,68,15,58,15,208,8
	xorl	%ecx,%ebx
	addl	32(%rsp),%edx
	andl	%ecx,%edi
	pxor	%xmm3,%xmm2
	andl	%ebx,%esi
	rorl	$7,%eax
	movdqa	%xmm8,%xmm9
	paddd	%xmm1,%xmm8
	addl	%edi,%edx
	movl	%ebp,%edi
	pxor	%xmm10,%xmm2
	roll	$5,%ebp
	addl	%esi,%edx
	xorl	%ecx,%ebx
	addl	%ebp,%edx
	movdqa	%xmm2,%xmm10
	movdqa	%xmm8,16(%rsp)
	movl	%eax,%esi
	xorl	%ebx,%eax
	addl	36(%rsp),%ecx
	andl	%ebx,%esi
	pslld	$2,%xmm2
	andl	%eax,%edi
	rorl	$7,%ebp
	psrld	$30,%xmm10
	addl	%esi,%ecx
	movl	%edx,%esi
	roll	$5,%edx
	addl	%edi,%ecx
	xorl	%ebx,%eax
	addl	%edx,%ecx
	por	%xmm10,%xmm2
	movl	%ebp,%edi
	xorl	%eax,%ebp
	movdqa	%xmm2,%xmm8
	addl	40(%rsp),%ebx
	andl	%eax,%edi
	andl	%ebp,%esi
	rorl	$7,%edx
	addl	%edi,%ebx
	movl	%ecx,%edi
	roll	$5,%ecx
	addl	%esi,%ebx
	xorl	%eax,%ebp
	addl	%ecx,%ebx
	movl	%edx,%esi
	xorl	%ebp,%edx
	addl	44(%rsp),%eax
	andl	%ebp,%esi
	andl	%edx,%edi
	rorl	$7,%ecx
	addl	%esi,%eax
	movl	%ebx,%esi
	roll	$5,%ebx
	addl	%edi,%eax
	xorl	%ebp,%edx
	addl	%ebx,%eax
	addl	48(%rsp),%ebp
	pxor	%xmm7,%xmm3
.byte	102,68,15,58,15,193,8
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	pxor	%xmm4,%xmm3
	xorl	%ecx,%esi
	addl	%eax,%ebp
	movdqa	%xmm9,%xmm10
	paddd	%xmm2,%xmm9
	rorl	$7,%ebx
	addl	%esi,%ebp
	pxor	%xmm8,%xmm3
	addl	52(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	movdqa	%xmm3,%xmm8
	movdqa	%xmm9,32(%rsp)
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	pslld	$2,%xmm3
	addl	56(%rsp),%ecx
	xorl	%ebx,%esi
	psrld	$30,%xmm8
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	por	%xmm8,%xmm3
	addl	60(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	0(%rsp),%eax
	paddd	%xmm3,%xmm10
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	movdqa	%xmm10,48(%rsp)
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	4(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	8(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	12(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	cmpq	%r10,%r9
	je	L$done_ssse3
	movdqa	64(%r11),%xmm6
	movdqa	0(%r11),%xmm9
	movdqu	0(%r9),%xmm0
	movdqu	16(%r9),%xmm1
	movdqu	32(%r9),%xmm2
	movdqu	48(%r9),%xmm3
.byte	102,15,56,0,198
	addq	$64,%r9
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
.byte	102,15,56,0,206
	movl	%ecx,%edi
	roll	$5,%ecx
	paddd	%xmm9,%xmm0
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	movdqa	%xmm0,0(%rsp)
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	psubd	%xmm9,%xmm0
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
.byte	102,15,56,0,214
	movl	%edx,%edi
	roll	$5,%edx
	paddd	%xmm9,%xmm1
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	movdqa	%xmm1,16(%rsp)
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	psubd	%xmm9,%xmm1
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
.byte	102,15,56,0,222
	movl	%ebp,%edi
	roll	$5,%ebp
	paddd	%xmm9,%xmm2
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	movdqa	%xmm2,32(%rsp)
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	psubd	%xmm9,%xmm2
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	addl	12(%r8),%edx
	movl	%eax,0(%r8)
	addl	16(%r8),%ebp
	movl	%esi,4(%r8)
	movl	%esi,%ebx
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	jmp	L$oop_ssse3

.p2align	4
L$done_ssse3:
	addl	16(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	20(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	24(%rsp),%ebp
	xorl	%edx,%esi
	movl	%eax,%edi
	roll	$5,%eax
	xorl	%ecx,%esi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%esi,%ebp
	addl	28(%rsp),%edx
	xorl	%ecx,%edi
	movl	%ebp,%esi
	roll	$5,%ebp
	xorl	%ebx,%edi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%edi,%edx
	addl	32(%rsp),%ecx
	xorl	%ebx,%esi
	movl	%edx,%edi
	roll	$5,%edx
	xorl	%eax,%esi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%esi,%ecx
	addl	36(%rsp),%ebx
	xorl	%eax,%edi
	movl	%ecx,%esi
	roll	$5,%ecx
	xorl	%ebp,%edi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%edi,%ebx
	addl	40(%rsp),%eax
	xorl	%ebp,%esi
	movl	%ebx,%edi
	roll	$5,%ebx
	xorl	%edx,%esi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%esi,%eax
	addl	44(%rsp),%ebp
	xorl	%edx,%edi
	movl	%eax,%esi
	roll	$5,%eax
	xorl	%ecx,%edi
	addl	%eax,%ebp
	rorl	$7,%ebx
	addl	%edi,%ebp
	addl	48(%rsp),%edx
	xorl	%ecx,%esi
	movl	%ebp,%edi
	roll	$5,%ebp
	xorl	%ebx,%esi
	addl	%ebp,%edx
	rorl	$7,%eax
	addl	%esi,%edx
	addl	52(%rsp),%ecx
	xorl	%ebx,%edi
	movl	%edx,%esi
	roll	$5,%edx
	xorl	%eax,%edi
	addl	%edx,%ecx
	rorl	$7,%ebp
	addl	%edi,%ecx
	addl	56(%rsp),%ebx
	xorl	%eax,%esi
	movl	%ecx,%edi
	roll	$5,%ecx
	xorl	%ebp,%esi
	addl	%ecx,%ebx
	rorl	$7,%edx
	addl	%esi,%ebx
	addl	60(%rsp),%eax
	xorl	%ebp,%edi
	movl	%ebx,%esi
	roll	$5,%ebx
	xorl	%edx,%edi
	addl	%ebx,%eax
	rorl	$7,%ecx
	addl	%edi,%eax
	addl	0(%r8),%eax
	addl	4(%r8),%esi
	addl	8(%r8),%ecx
	movl	%eax,0(%r8)
	addl	12(%r8),%edx
	movl	%esi,4(%r8)
	addl	16(%r8),%ebp
	movl	%ecx,8(%r8)
	movl	%edx,12(%r8)
	movl	%ebp,16(%r8)
	leaq	64(%rsp),%rsi
	movq	0(%rsi),%r12
	movq	8(%rsi),%rbp
	movq	16(%rsi),%rbx
	leaq	24(%rsi),%rsp
L$epilogue_ssse3:
	.byte	0xf3,0xc3

.p2align	6
K_XX_XX:
.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.p2align	6
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/sha/sha1_one.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: sha1_one.c,v 1.11 2014/07/10 22:45:58 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sha1_one.c,v 1.12 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/sha/sha1dgst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: sha1dgst.c,v 1.13 2014/07/10 22:45:58 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sha1dgst.c,v 1.14 2015/09/13 21:09:56 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/crypto/sha/sha256-elf-x86_64.S.

1
2
3
4
5
6
7

.text	

.globl	sha256_block_data_order
.type	sha256_block_data_order,@function
.align	16
sha256_block_data_order:
	pushq	%rbx
>







1
2
3
4
5
6
7
8
#include "x86_arch.h"
.text	

.globl	sha256_block_data_order
.type	sha256_block_data_order,@function
.align	16
sha256_block_data_order:
	pushq	%rbx
Changes to jni/libressl/crypto/sha/sha256-macosx-x86_64.S.

1
2
3
4
5
6
7

.text	

.globl	_sha256_block_data_order

.p2align	4
_sha256_block_data_order:
	pushq	%rbx
>







1
2
3
4
5
6
7
8
#include "x86_arch.h"
.text	

.globl	_sha256_block_data_order

.p2align	4
_sha256_block_data_order:
	pushq	%rbx
Changes to jni/libressl/crypto/sha/sha256.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: sha256.c,v 1.8 2014/08/18 19:11:48 bcook Exp $ */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
 * according to the OpenSSL license [found in ../../LICENSE].
 * ====================================================================
 */

#include <openssl/opensslconf.h>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sha256.c,v 1.9 2015/09/10 15:56:26 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
 * according to the OpenSSL license [found in ../../LICENSE].
 * ====================================================================
 */

#include <openssl/opensslconf.h>
Changes to jni/libressl/crypto/sha/sha512-elf-x86_64.S.

1
2
3
4
5
6
7

.text	

.globl	sha512_block_data_order
.type	sha512_block_data_order,@function
.align	16
sha512_block_data_order:
	pushq	%rbx
>







1
2
3
4
5
6
7
8
#include "x86_arch.h"
.text	

.globl	sha512_block_data_order
.type	sha512_block_data_order,@function
.align	16
sha512_block_data_order:
	pushq	%rbx
Changes to jni/libressl/crypto/sha/sha512-macosx-x86_64.S.

1
2
3
4
5
6
7

.text	

.globl	_sha512_block_data_order

.p2align	4
_sha512_block_data_order:
	pushq	%rbx
>







1
2
3
4
5
6
7
8
#include "x86_arch.h"
.text	

.globl	_sha512_block_data_order

.p2align	4
_sha512_block_data_order:
	pushq	%rbx
Changes to jni/libressl/crypto/sha/sha512.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: sha512.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
 * according to the OpenSSL license [found in ../../LICENSE].
 * ====================================================================
 */

#include <machine/endian.h>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sha512.c,v 1.15 2016/11/04 13:56:05 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
 * according to the OpenSSL license [found in ../../LICENSE].
 * ====================================================================
 */

#include <machine/endian.h>
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
				: "J"(n),"0"(a)		\
				: "cc"); ret;		})
#   define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));	\
				asm ("bswapq	%0"		\
				: "=r"(ret)			\
				: "0"(ret)); ret;		})
# elif (defined(__i386) || defined(__i386__))
#  if defined(I386_ONLY)
#   define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
			 unsigned int hi=p[0],lo=p[1];		\
				asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
				    "roll $16,%%eax; roll $16,%%edx; "\
				    "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
				: "=a"(lo),"=d"(hi)		\
				: "0"(lo),"1"(hi) : "cc");	\
				((SHA_LONG64)hi)<<32|lo;	})
#  else
#   define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
			 unsigned int hi=p[0],lo=p[1];		\
				asm ("bswapl %0; bswapl %1;"	\
				: "=r"(lo),"=r"(hi)		\
				: "0"(lo),"1"(hi));		\
				((SHA_LONG64)hi)<<32|lo;	})
#  endif
# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
#  define ROTR(a,n)	({ SHA_LONG64 ret;		\
				asm ("rotrdi %0,%1,%2"	\
				: "=r"(ret)		\
				: "r"(a),"K"(n)); ret;	})
# endif
#endif







<
<
<
<
<
<
<
<
<
<






<







316
317
318
319
320
321
322










323
324
325
326
327
328

329
330
331
332
333
334
335
				: "J"(n),"0"(a)		\
				: "cc"); ret;		})
#   define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));	\
				asm ("bswapq	%0"		\
				: "=r"(ret)			\
				: "0"(ret)); ret;		})
# elif (defined(__i386) || defined(__i386__))










#   define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
			 unsigned int hi=p[0],lo=p[1];		\
				asm ("bswapl %0; bswapl %1;"	\
				: "=r"(lo),"=r"(hi)		\
				: "0"(lo),"1"(hi));		\
				((SHA_LONG64)hi)<<32|lo;	})

# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
#  define ROTR(a,n)	({ SHA_LONG64 ret;		\
				asm ("rotrdi %0,%1,%2"	\
				: "=r"(ret)		\
				: "r"(a),"K"(n)); ret;	})
# endif
#endif
Changes to jni/libressl/crypto/sha/sha_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: sha_locl.h,v 1.20 2015/09/13 21:09:56 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sha_locl.h,v 1.23 2016/12/23 23:22:25 patrick Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
81
82
83
84
85
86
87


88
89
90

91


92
93
94
95
96
97
98
# define HASH_FINAL              	SHA1_Final
# define HASH_INIT			SHA1_Init
# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
# define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\
					  ix=(a)=ROTATE((a),1)	\
					)



#ifndef SHA1_ASM
static
#endif

void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);



#include "md32_common.h"

#define INIT_DATA_h0 0x67452301UL
#define INIT_DATA_h1 0xefcdab89UL
#define INIT_DATA_h2 0x98badcfeUL
#define INIT_DATA_h3 0x10325476UL







>
>



>

>
>







81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# define HASH_FINAL              	SHA1_Final
# define HASH_INIT			SHA1_Init
# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
# define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\
					  ix=(a)=ROTATE((a),1)	\
					)

__BEGIN_HIDDEN_DECLS

#ifndef SHA1_ASM
static
#endif

void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);

__END_HIDDEN_DECLS

#include "md32_common.h"

#define INIT_DATA_h0 0x67452301UL
#define INIT_DATA_h1 0xefcdab89UL
#define INIT_DATA_h2 0x98badcfeUL
#define INIT_DATA_h3 0x10325476UL
Changes to jni/libressl/crypto/stack/stack.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: stack.c,v 1.18 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: stack.c,v 1.19 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/objects.h>
#include <openssl/stack.h>

#undef MIN_NODES
#define MIN_NODES	4








<
<
<







54
55
56
57
58
59
60



61
62
63
64
65
66
67
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>




#include <openssl/objects.h>
#include <openssl/stack.h>

#undef MIN_NODES
#define MIN_NODES	4

Changes to jni/libressl/crypto/ts/ts_asn1.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_asn1.c,v 1.8 2015/02/10 05:25:45 jsing Exp $ */
/* Written by Nils Larsch for the OpenSSL project 2004.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Written by Nils Larsch for the OpenSSL project 2004.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
	return ASN1_item_dup(&TS_MSG_IMPRINT_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_MSG_IMPRINT *
d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
{
	return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
	    d2i_TS_MSG_IMPRINT, bp, a);
}

int
i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
{
	return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
}
#endif

TS_MSG_IMPRINT *
d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
{
	return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
	    d2i_TS_MSG_IMPRINT, fp, a);
}

int
i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
{
	return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a);
}

static const ASN1_TEMPLATE TS_REQ_seq_tt[] = {
	{
		.flags = 0,
		.tag = 0,
		.offset = offsetof(TS_REQ, version),







<
|





|






<
|





|







120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139

140
141
142
143
144
145
146
147
148
149
150
151
152
153
	return ASN1_item_dup(&TS_MSG_IMPRINT_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_MSG_IMPRINT *
d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
{

	return ASN1_item_d2i_bio(&TS_MSG_IMPRINT_it, bp, a);
}

int
i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
{
	return ASN1_item_i2d_bio(&TS_MSG_IMPRINT_it, bp, a);
}
#endif

TS_MSG_IMPRINT *
d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
{

	return ASN1_item_d2i_fp(&TS_MSG_IMPRINT_it, fp, a);
}

int
i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
{
	return ASN1_item_i2d_fp(&TS_MSG_IMPRINT_it, fp, a);
}

static const ASN1_TEMPLATE TS_REQ_seq_tt[] = {
	{
		.flags = 0,
		.tag = 0,
		.offset = offsetof(TS_REQ, version),
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
	return ASN1_item_dup(&TS_REQ_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_REQ *
d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
{
	return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
}

int
i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
{
	return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
}
#endif

TS_REQ *
d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
{
	return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
}

int
i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
{
	return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a);
}

static const ASN1_TEMPLATE TS_ACCURACY_seq_tt[] = {
	{
		.flags = ASN1_TFLG_OPTIONAL,
		.tag = 0,
		.offset = offsetof(TS_ACCURACY, seconds),







|





|






|





|







233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
	return ASN1_item_dup(&TS_REQ_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_REQ *
d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
{
	return ASN1_item_d2i_bio(&TS_REQ_it, bp, a);
}

int
i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
{
	return ASN1_item_i2d_bio(&TS_REQ_it, bp, a);
}
#endif

TS_REQ *
d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
{
	return ASN1_item_d2i_fp(&TS_REQ_it, fp, a);
}

int
i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
{
	return ASN1_item_i2d_fp(&TS_REQ_it, fp, a);
}

static const ASN1_TEMPLATE TS_ACCURACY_seq_tt[] = {
	{
		.flags = ASN1_TFLG_OPTIONAL,
		.tag = 0,
		.offset = offsetof(TS_ACCURACY, seconds),
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
	return ASN1_item_dup(&TS_TST_INFO_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_TST_INFO *
d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
{
	return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO,
	    bp, a);
}

int
i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
{
	return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
}
#endif

TS_TST_INFO *
d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
{
	return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO,
	    fp, a);
}

int
i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
{
	return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a);
}

static const ASN1_TEMPLATE TS_STATUS_INFO_seq_tt[] = {
	{
		.flags = 0,
		.tag = 0,
		.offset = offsetof(TS_STATUS_INFO, status),







<
|





|






<
|





|







440
441
442
443
444
445
446

447
448
449
450
451
452
453
454
455
456
457
458
459

460
461
462
463
464
465
466
467
468
469
470
471
472
473
	return ASN1_item_dup(&TS_TST_INFO_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_TST_INFO *
d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
{

	return ASN1_item_d2i_bio(&TS_TST_INFO_it, bp, a);
}

int
i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
{
	return ASN1_item_i2d_bio(&TS_TST_INFO_it, bp, a);
}
#endif

TS_TST_INFO *
d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
{

	return ASN1_item_d2i_fp(&TS_TST_INFO_it, fp, a);
}

int
i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
{
	return ASN1_item_i2d_fp(&TS_TST_INFO_it, fp, a);
}

static const ASN1_TEMPLATE TS_STATUS_INFO_seq_tt[] = {
	{
		.flags = 0,
		.tag = 0,
		.offset = offsetof(TS_STATUS_INFO, status),
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
{
	long    status;

	status = ASN1_INTEGER_get(a->status_info->status);

	if (a->token) {
		if (status != 0 && status != 1) {
			TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
			return 0;
		}
		if (a->tst_info != NULL)
			TS_TST_INFO_free(a->tst_info);
		a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
		if (!a->tst_info) {
			TSerr(TS_F_TS_RESP_SET_TST_INFO,
			    TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
			return 0;
		}
	} else if (status == 0 || status == 1) {
		TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
		return 0;
	}

	return 1;
}

static int







|






<
|



|







537
538
539
540
541
542
543
544
545
546
547
548
549
550

551
552
553
554
555
556
557
558
559
560
561
562
{
	long    status;

	status = ASN1_INTEGER_get(a->status_info->status);

	if (a->token) {
		if (status != 0 && status != 1) {
			TSerror(TS_R_TOKEN_PRESENT);
			return 0;
		}
		if (a->tst_info != NULL)
			TS_TST_INFO_free(a->tst_info);
		a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
		if (!a->tst_info) {

			TSerror(TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
			return 0;
		}
	} else if (status == 0 || status == 1) {
		TSerror(TS_R_TOKEN_NOT_PRESENT);
		return 0;
	}

	return 1;
}

static int
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
	return ASN1_item_dup(&TS_RESP_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_RESP *
d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
{
	return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
}

int
i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
{
	return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
}
#endif

TS_RESP *
d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
{
	return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
}

int
i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
{
	return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a);
}

static const ASN1_TEMPLATE ESS_ISSUER_SERIAL_seq_tt[] = {
	{
		.flags = ASN1_TFLG_SEQUENCE_OF,
		.tag = 0,
		.offset = offsetof(ESS_ISSUER_SERIAL, issuer),







|





|






|





|







643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
	return ASN1_item_dup(&TS_RESP_it, x);
}

#ifndef OPENSSL_NO_BIO
TS_RESP *
d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
{
	return ASN1_item_d2i_bio(&TS_RESP_it, bp, a);
}

int
i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
{
	return ASN1_item_i2d_bio(&TS_RESP_it, bp, a);
}
#endif

TS_RESP *
d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
{
	return ASN1_item_d2i_fp(&TS_RESP_it, fp, a);
}

int
i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
{
	return ASN1_item_i2d_fp(&TS_RESP_it, fp, a);
}

static const ASN1_TEMPLATE ESS_ISSUER_SERIAL_seq_tt[] = {
	{
		.flags = ASN1_TFLG_SEQUENCE_OF,
		.tag = 0,
		.offset = offsetof(ESS_ISSUER_SERIAL, issuer),
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
	PKCS7_SIGNED *pkcs7_signed;
	PKCS7 *enveloped;
	ASN1_TYPE *tst_info_wrapper;
	ASN1_OCTET_STRING *tst_info_der;
	const unsigned char *p;

	if (!PKCS7_type_is_signed(token)) {
		TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
		return NULL;
	}

	/* Content must be present. */
	if (PKCS7_get_detached(token)) {
		TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
		return NULL;
	}

	/* We have a signed data with content. */
	pkcs7_signed = token->d.sign;
	enveloped = pkcs7_signed->contents;
	if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
		TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
		return NULL;
	}

	/* We have a DER encoded TST_INFO as the signed data. */
	tst_info_wrapper = enveloped->d.other;
	if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
		TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
		return NULL;
	}

	/* We have the correct ASN1_OCTET_STRING type. */
	tst_info_der = tst_info_wrapper->value.octet_string;
	/* At last, decode the TST_INFO. */
	p = tst_info_der->data;
	return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
}







|





|







|






|









853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
	PKCS7_SIGNED *pkcs7_signed;
	PKCS7 *enveloped;
	ASN1_TYPE *tst_info_wrapper;
	ASN1_OCTET_STRING *tst_info_der;
	const unsigned char *p;

	if (!PKCS7_type_is_signed(token)) {
		TSerror(TS_R_BAD_PKCS7_TYPE);
		return NULL;
	}

	/* Content must be present. */
	if (PKCS7_get_detached(token)) {
		TSerror(TS_R_DETACHED_CONTENT);
		return NULL;
	}

	/* We have a signed data with content. */
	pkcs7_signed = token->d.sign;
	enveloped = pkcs7_signed->contents;
	if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
		TSerror(TS_R_BAD_PKCS7_TYPE);
		return NULL;
	}

	/* We have a DER encoded TST_INFO as the signed data. */
	tst_info_wrapper = enveloped->d.other;
	if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
		TSerror(TS_R_BAD_TYPE);
		return NULL;
	}

	/* We have the correct ASN1_OCTET_STRING type. */
	tst_info_der = tst_info_wrapper->value.octet_string;
	/* At last, decode the TST_INFO. */
	p = tst_info_der->data;
	return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
}
Changes to jni/libressl/crypto/ts/ts_conf.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_conf.c,v 1.8 2014/10/28 05:46:56 miod Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_conf.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
	/* All the operations are going to be carried out by the engine. */
	if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
		goto err;
	ret = 1;

err:
	if (!ret) {
		TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE,
		    TS_R_COULD_NOT_SET_ENGINE);
		ERR_asprintf_error_data("engine:%s", name);
	}
	if (e)
		ENGINE_free(e);
	return ret;
}








<
|







241
242
243
244
245
246
247

248
249
250
251
252
253
254
255
	/* All the operations are going to be carried out by the engine. */
	if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
		goto err;
	ret = 1;

err:
	if (!ret) {

		TSerror(TS_R_COULD_NOT_SET_ENGINE);
		ERR_asprintf_error_data("engine:%s", name);
	}
	if (e)
		ENGINE_free(e);
	return ret;
}

Changes to jni/libressl/crypto/ts/ts_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_err.c,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)

static ERR_STRING_DATA TS_str_functs[] = {
	{ERR_FUNC(TS_F_D2I_TS_RESP),	"d2i_TS_RESP"},
	{ERR_FUNC(TS_F_DEF_SERIAL_CB),	"DEF_SERIAL_CB"},
	{ERR_FUNC(TS_F_DEF_TIME_CB),	"DEF_TIME_CB"},
	{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT),	"ESS_ADD_SIGNING_CERT"},
	{ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT),	"ESS_CERT_ID_NEW_INIT"},
	{ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT),	"ESS_SIGNING_CERT_NEW_INIT"},
	{ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN),	"INT_TS_RESP_VERIFY_TOKEN"},
	{ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO),	"PKCS7_to_TS_TST_INFO"},
	{ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS),	"TS_ACCURACY_set_micros"},
	{ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS),	"TS_ACCURACY_set_millis"},
	{ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS),	"TS_ACCURACY_set_seconds"},
	{ERR_FUNC(TS_F_TS_CHECK_IMPRINTS),	"TS_CHECK_IMPRINTS"},
	{ERR_FUNC(TS_F_TS_CHECK_NONCES),	"TS_CHECK_NONCES"},
	{ERR_FUNC(TS_F_TS_CHECK_POLICY),	"TS_CHECK_POLICY"},
	{ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS),	"TS_CHECK_SIGNING_CERTS"},
	{ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO),	"TS_CHECK_STATUS_INFO"},
	{ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT),	"TS_COMPUTE_IMPRINT"},
	{ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE),	"TS_CONF_set_default_engine"},
	{ERR_FUNC(TS_F_TS_GET_STATUS_TEXT),	"TS_GET_STATUS_TEXT"},
	{ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO),	"TS_MSG_IMPRINT_set_algo"},
	{ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT),	"TS_REQ_set_msg_imprint"},
	{ERR_FUNC(TS_F_TS_REQ_SET_NONCE),	"TS_REQ_set_nonce"},
	{ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID),	"TS_REQ_set_policy_id"},
	{ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE),	"TS_RESP_create_response"},
	{ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO),	"TS_RESP_CREATE_TST_INFO"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),	"TS_RESP_CTX_add_failure_info"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD),	"TS_RESP_CTX_add_md"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY),	"TS_RESP_CTX_add_policy"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_NEW),	"TS_RESP_CTX_new"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY),	"TS_RESP_CTX_set_accuracy"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS),	"TS_RESP_CTX_set_certs"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY),	"TS_RESP_CTX_set_def_policy"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),	"TS_RESP_CTX_set_signer_cert"},
	{ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),	"TS_RESP_CTX_set_status_info"},
	{ERR_FUNC(TS_F_TS_RESP_GET_POLICY),	"TS_RESP_GET_POLICY"},
	{ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),	"TS_RESP_SET_GENTIME_WITH_PRECISION"},
	{ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO),	"TS_RESP_set_status_info"},
	{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO),	"TS_RESP_set_tst_info"},
	{ERR_FUNC(TS_F_TS_RESP_SIGN),	"TS_RESP_SIGN"},
	{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE),	"TS_RESP_verify_signature"},
	{ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN),	"TS_RESP_verify_token"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY),	"TS_TST_INFO_set_accuracy"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),	"TS_TST_INFO_set_msg_imprint"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE),	"TS_TST_INFO_set_nonce"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID),	"TS_TST_INFO_set_policy_id"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL),	"TS_TST_INFO_set_serial"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME),	"TS_TST_INFO_set_time"},
	{ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA),	"TS_TST_INFO_set_tsa"},
	{ERR_FUNC(TS_F_TS_VERIFY),	"TS_VERIFY"},
	{ERR_FUNC(TS_F_TS_VERIFY_CERT),	"TS_VERIFY_CERT"},
	{ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW),	"TS_VERIFY_CTX_new"},
	{0, NULL}
};

static ERR_STRING_DATA TS_str_reasons[]= {
	{ERR_REASON(TS_R_BAD_PKCS7_TYPE)         , "bad pkcs7 type"},
	{ERR_REASON(TS_R_BAD_TYPE)               , "bad type"},
	{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<







68
69
70
71
72
73
74
















































75


76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)

static ERR_STRING_DATA TS_str_functs[] = {
















































	{ERR_FUNC(0xfff), "CRYPTO_internal"},


	{0, NULL}
};

static ERR_STRING_DATA TS_str_reasons[]= {
	{ERR_REASON(TS_R_BAD_PKCS7_TYPE)         , "bad pkcs7 type"},
	{ERR_REASON(TS_R_BAD_TYPE)               , "bad type"},
	{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
Changes to jni/libressl/crypto/ts/ts_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_lib.c,v 1.9 2015/07/29 14:58:34 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_lib.c,v 1.10 2015/09/10 14:29:22 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/ts/ts_req_print.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_req_print.c,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_req_print.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/ts/ts_req_utils.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_req_utils.c,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_req_utils.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
{
	TS_MSG_IMPRINT *new_msg_imprint;

	if (a->msg_imprint == msg_imprint)
		return 1;
	new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
	if (new_msg_imprint == NULL) {
		TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_MSG_IMPRINT_free(a->msg_imprint);
	a->msg_imprint = new_msg_imprint;
	return 1;
}








|







80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
{
	TS_MSG_IMPRINT *new_msg_imprint;

	if (a->msg_imprint == msg_imprint)
		return 1;
	new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
	if (new_msg_imprint == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_MSG_IMPRINT_free(a->msg_imprint);
	a->msg_imprint = new_msg_imprint;
	return 1;
}

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
{
	X509_ALGOR *new_alg;

	if (a->hash_algo == alg)
		return 1;
	new_alg = X509_ALGOR_dup(alg);
	if (new_alg == NULL) {
		TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	X509_ALGOR_free(a->hash_algo);
	a->hash_algo = new_alg;
	return 1;
}








|







103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
{
	X509_ALGOR *new_alg;

	if (a->hash_algo == alg)
		return 1;
	new_alg = X509_ALGOR_dup(alg);
	if (new_alg == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	X509_ALGOR_free(a->hash_algo);
	a->hash_algo = new_alg;
	return 1;
}

138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
{
	ASN1_OBJECT *new_policy;

	if (a->policy_id == policy)
		return 1;
	new_policy = OBJ_dup(policy);
	if (new_policy == NULL) {
		TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_OBJECT_free(a->policy_id);
	a->policy_id = new_policy;
	return 1;
}








|







138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
{
	ASN1_OBJECT *new_policy;

	if (a->policy_id == policy)
		return 1;
	new_policy = OBJ_dup(policy);
	if (new_policy == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_OBJECT_free(a->policy_id);
	a->policy_id = new_policy;
	return 1;
}

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
{
	ASN1_INTEGER *new_nonce;

	if (a->nonce == nonce)
		return 1;
	new_nonce = ASN1_INTEGER_dup(nonce);
	if (new_nonce == NULL) {
		TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->nonce);
	a->nonce = new_nonce;
	return 1;
}








|







161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
{
	ASN1_INTEGER *new_nonce;

	if (a->nonce == nonce)
		return 1;
	new_nonce = ASN1_INTEGER_dup(nonce);
	if (new_nonce == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->nonce);
	a->nonce = new_nonce;
	return 1;
}

Changes to jni/libressl/crypto/ts/ts_rsp_print.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_print.c,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_print.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/ts/ts_rsp_sign.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_sign.c,v 1.19 2015/09/30 18:04:02 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_sign.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
	if (!serial)
		goto err;
	if (!ASN1_INTEGER_set(serial, 1))
		goto err;
	return serial;

err:
	TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
	TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
	    "Error during serial number generation.");
	return NULL;
}

/* Use the gettimeofday function call. */
static int
def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec)
{
	struct timeval tv;

	if (gettimeofday(&tv, NULL) != 0) {
		TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
		    "Time is not available.");
		TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
		return 0;
	}
	/* Return time to caller. */
	*sec = tv.tv_sec;







|












|







99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
	if (!serial)
		goto err;
	if (!ASN1_INTEGER_set(serial, 1))
		goto err;
	return serial;

err:
	TSerror(ERR_R_MALLOC_FAILURE);
	TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
	    "Error during serial number generation.");
	return NULL;
}

/* Use the gettimeofday function call. */
static int
def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec)
{
	struct timeval tv;

	if (gettimeofday(&tv, NULL) != 0) {
		TSerror(TS_R_TIME_SYSCALL_ERROR);
		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
		    "Time is not available.");
		TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
		return 0;
	}
	/* Return time to caller. */
	*sec = tv.tv_sec;
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

TS_RESP_CTX *
TS_RESP_CTX_new(void)
{
	TS_RESP_CTX *ctx;

	if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) {
		TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	/* Setting default callbacks. */
	ctx->serial_cb = def_serial_cb;
	ctx->time_cb = def_time_cb;
	ctx->extension_cb = def_extension_cb;







|







143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

TS_RESP_CTX *
TS_RESP_CTX_new(void)
{
	TS_RESP_CTX *ctx;

	if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	/* Setting default callbacks. */
	ctx->serial_cb = def_serial_cb;
	ctx->time_cb = def_time_cb;
	ctx->extension_cb = def_extension_cb;
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
	free(ctx);
}

int
TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
{
	if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
		TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
		    TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
		return 0;
	}
	X509_free(ctx->signer_cert);
	ctx->signer_cert = signer;
	CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
	return 1;
}







<
|







177
178
179
180
181
182
183

184
185
186
187
188
189
190
191
	free(ctx);
}

int
TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
{
	if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {

		TSerror(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
		return 0;
	}
	X509_free(ctx->signer_cert);
	ctx->signer_cert = signer;
	CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
	return 1;
}
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
	if (ctx->default_policy)
		ASN1_OBJECT_free(ctx->default_policy);
	if (!(ctx->default_policy = OBJ_dup(def_policy)))
		goto err;
	return 1;

err:
	TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
	return 0;
}

int
TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
	int i;

	if (ctx->certs) {
		sk_X509_pop_free(ctx->certs, X509_free);
		ctx->certs = NULL;
	}
	if (!certs)
		return 1;
	if (!(ctx->certs = sk_X509_dup(certs))) {
		TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
		X509 *cert = sk_X509_value(ctx->certs, i);
		CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
	}








|















|







206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
	if (ctx->default_policy)
		ASN1_OBJECT_free(ctx->default_policy);
	if (!(ctx->default_policy = OBJ_dup(def_policy)))
		goto err;
	return 1;

err:
	TSerror(ERR_R_MALLOC_FAILURE);
	return 0;
}

int
TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
	int i;

	if (ctx->certs) {
		sk_X509_pop_free(ctx->certs, X509_free);
		ctx->certs = NULL;
	}
	if (!certs)
		return 1;
	if (!(ctx->certs = sk_X509_dup(certs))) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
		X509 *cert = sk_X509_value(ctx->certs, i);
		CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
	}

250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
		goto err;
	if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
		goto err;

	return 1;

err:
	TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
	ASN1_OBJECT_free(copy);
	return 0;
}

int
TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
{
	/* Create new md stack if necessary. */
	if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null()))
		goto err;
	/* Add the shared md, no copy needed. */
	if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md))
		goto err;

	return 1;

err:
	TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
	return 0;
}

#define TS_RESP_CTX_accuracy_free(ctx)		\
	ASN1_INTEGER_free(ctx->seconds);	\
	ctx->seconds = NULL;			\
	ASN1_INTEGER_free(ctx->millis);		\







|

















|







249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
		goto err;
	if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
		goto err;

	return 1;

err:
	TSerror(ERR_R_MALLOC_FAILURE);
	ASN1_OBJECT_free(copy);
	return 0;
}

int
TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
{
	/* Create new md stack if necessary. */
	if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null()))
		goto err;
	/* Add the shared md, no copy needed. */
	if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md))
		goto err;

	return 1;

err:
	TSerror(ERR_R_MALLOC_FAILURE);
	return 0;
}

#define TS_RESP_CTX_accuracy_free(ctx)		\
	ASN1_INTEGER_free(ctx->seconds);	\
	ctx->seconds = NULL;			\
	ASN1_INTEGER_free(ctx->millis);		\
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
	    !ASN1_INTEGER_set(ctx->micros, micros)))
		goto err;

	return 1;

err:
	TS_RESP_CTX_accuracy_free(ctx);
	TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
	return 0;
}

void
TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
{
	ctx->flags |= flags;







|







297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
	    !ASN1_INTEGER_set(ctx->micros, micros)))
		goto err;

	return 1;

err:
	TS_RESP_CTX_accuracy_free(ctx);
	TSerror(ERR_R_MALLOC_FAILURE);
	return 0;
}

void
TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
{
	ctx->flags |= flags;
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
	}
	if (!TS_RESP_set_status_info(ctx->response, si))
		goto err;
	ret = 1;

err:
	if (!ret)
		TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
	TS_STATUS_INFO_free(si);
	ASN1_UTF8STRING_free(utf8_text);
	return ret;
}

int
TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int status, const char *text)







|







348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
	}
	if (!TS_RESP_set_status_info(ctx->response, si))
		goto err;
	ret = 1;

err:
	if (!ret)
		TSerror(ERR_R_MALLOC_FAILURE);
	TS_STATUS_INFO_free(si);
	ASN1_UTF8STRING_free(utf8_text);
	return ret;
}

int
TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int status, const char *text)
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
	if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new()))
		goto err;
	if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
		goto err;
	return 1;

err:
	TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
	return 0;
}

TS_REQ *
TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
{
	return ctx->request;







|







379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
	if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new()))
		goto err;
	if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
		goto err;
	return 1;

err:
	TSerror(ERR_R_MALLOC_FAILURE);
	return 0;
}

TS_REQ *
TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
{
	return ctx->request;
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
	TS_RESP *response;
	int result = 0;

	TS_RESP_CTX_init(ctx);

	/* Creating the response object. */
	if (!(ctx->response = TS_RESP_new())) {
		TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
		goto end;
	}

	/* Parsing DER request. */
	if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) {
		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
		    "Bad request format or "







|







416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
	TS_RESP *response;
	int result = 0;

	TS_RESP_CTX_init(ctx);

	/* Creating the response object. */
	if (!(ctx->response = TS_RESP_new())) {
		TSerror(ERR_R_MALLOC_FAILURE);
		goto end;
	}

	/* Parsing DER request. */
	if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) {
		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
		    "Bad request format or "
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
		goto end;

	/* Everything was successful. */
	result = 1;

end:
	if (!result) {
		TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
		if (ctx->response != NULL) {
			if (TS_RESP_CTX_set_status_info_cond(ctx,
			    TS_STATUS_REJECTION, "Error during response "
			    "generation.") == 0) {
				TS_RESP_free(ctx->response);
				ctx->response = NULL;
			}







|







458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
		goto end;

	/* Everything was successful. */
	result = 1;

end:
	if (!result) {
		TSerror(TS_R_RESPONSE_SETUP_ERROR);
		if (ctx->response != NULL) {
			if (TS_RESP_CTX_set_status_info_cond(ctx,
			    TS_STATUS_REJECTION, "Error during response "
			    "generation.") == 0) {
				TS_RESP_free(ctx->response);
				ctx->response = NULL;
			}
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
TS_RESP_get_policy(TS_RESP_CTX *ctx)
{
	ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
	ASN1_OBJECT *policy = NULL;
	int i;

	if (ctx->default_policy == NULL) {
		TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
		return NULL;
	}
	/* Return the default policy if none is requested or the default is
	   requested. */
	if (!requested || !OBJ_cmp(requested, ctx->default_policy))
		policy = ctx->default_policy;

	/* Check if the policy is acceptable. */
	for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
		ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
		if (!OBJ_cmp(requested, current))
			policy = current;
	}
	if (!policy) {
		TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
		    "Requested policy is not "
		    "supported.");
		TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
	}
	return policy;
}







|














|







562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
TS_RESP_get_policy(TS_RESP_CTX *ctx)
{
	ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
	ASN1_OBJECT *policy = NULL;
	int i;

	if (ctx->default_policy == NULL) {
		TSerror(TS_R_INVALID_NULL_POINTER);
		return NULL;
	}
	/* Return the default policy if none is requested or the default is
	   requested. */
	if (!requested || !OBJ_cmp(requested, ctx->default_policy))
		policy = ctx->default_policy;

	/* Check if the policy is acceptable. */
	for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
		ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
		if (!OBJ_cmp(requested, current))
			policy = current;
	}
	if (!policy) {
		TSerror(TS_R_UNACCEPTABLE_POLICY);
		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
		    "Requested policy is not "
		    "supported.");
		TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
	}
	return policy;
}
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675

	result = 1;

end:
	if (!result) {
		TS_TST_INFO_free(tst_info);
		tst_info = NULL;
		TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
		TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
		    "Error during TSTInfo "
		    "generation.");
	}
	GENERAL_NAME_free(tsa_name);
	TS_ACCURACY_free(accuracy);
	ASN1_GENERALIZEDTIME_free(asn1_time);







|







660
661
662
663
664
665
666
667
668
669
670
671
672
673
674

	result = 1;

end:
	if (!result) {
		TS_TST_INFO_free(tst_info);
		tst_info = NULL;
		TSerror(TS_R_TST_INFO_SETUP_ERROR);
		TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
		    "Error during TSTInfo "
		    "generation.");
	}
	GENERAL_NAME_free(tsa_name);
	TS_ACCURACY_free(accuracy);
	ASN1_GENERALIZEDTIME_free(asn1_time);
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
	ESS_SIGNING_CERT *sc = NULL;
	ASN1_OBJECT *oid;
	BIO *p7bio = NULL;
	int i;

	/* Check if signcert and pkey match. */
	if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
		TSerr(TS_F_TS_RESP_SIGN,
		    TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		goto err;
	}

	/* Create a new PKCS7 signed object. */
	if (!(p7 = PKCS7_new())) {
		TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
		goto err;

	/* Force SignedData version to be 3 instead of the default 1. */
	if (!ASN1_INTEGER_set(p7->d.sign->version, 3))







<
|





|







711
712
713
714
715
716
717

718
719
720
721
722
723
724
725
726
727
728
729
730
731
	ESS_SIGNING_CERT *sc = NULL;
	ASN1_OBJECT *oid;
	BIO *p7bio = NULL;
	int i;

	/* Check if signcert and pkey match. */
	if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {

		TSerror(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
		goto err;
	}

	/* Create a new PKCS7 signed object. */
	if (!(p7 = PKCS7_new())) {
		TSerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
		goto err;

	/* Force SignedData version to be 3 instead of the default 1. */
	if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
			}
		}
	}

	/* Add a new signer info. */
	if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
	    ctx->signer_key, EVP_sha1()))) {
		TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
		goto err;
	}

	/* Add content type signed attribute to the signer info. */
	oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
	if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
	    V_ASN1_OBJECT, oid)) {
		TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
		goto err;
	}

	/* Create the ESS SigningCertificate attribute which contains
	   the signer certificate id and optionally the certificate chain. */
	certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
	if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)))
		goto err;

	/* Add SigningCertificate signed attribute to the signer info. */
	if (!ESS_add_signing_cert(si, sc)) {
		TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
		goto err;
	}

	/* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */
	if (!TS_TST_INFO_content_new(p7))
		goto err;

	/* Add the DER encoded tst_info to the PKCS7 structure. */
	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
		TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* Convert tst_info to DER. */
	if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
		TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
		goto err;
	}

	/* Create the signature and add it to the signer info. */
	if (!PKCS7_dataFinal(p7, p7bio)) {
		TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
		goto err;
	}

	/* Set new PKCS7 and TST_INFO objects. */
	TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
	p7 = NULL;		/* Ownership is lost. */
	ctx->tst_info = NULL;	/* Ownership is lost. */







|







|











|









|





|





|







741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
			}
		}
	}

	/* Add a new signer info. */
	if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
	    ctx->signer_key, EVP_sha1()))) {
		TSerror(TS_R_PKCS7_ADD_SIGNATURE_ERROR);
		goto err;
	}

	/* Add content type signed attribute to the signer info. */
	oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
	if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
	    V_ASN1_OBJECT, oid)) {
		TSerror(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
		goto err;
	}

	/* Create the ESS SigningCertificate attribute which contains
	   the signer certificate id and optionally the certificate chain. */
	certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
	if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)))
		goto err;

	/* Add SigningCertificate signed attribute to the signer info. */
	if (!ESS_add_signing_cert(si, sc)) {
		TSerror(TS_R_ESS_ADD_SIGNING_CERT_ERROR);
		goto err;
	}

	/* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */
	if (!TS_TST_INFO_content_new(p7))
		goto err;

	/* Add the DER encoded tst_info to the PKCS7 structure. */
	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
		TSerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* Convert tst_info to DER. */
	if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
		TSerror(TS_R_TS_DATASIGN);
		goto err;
	}

	/* Create the signature and add it to the signer info. */
	if (!PKCS7_dataFinal(p7, p7bio)) {
		TSerror(TS_R_TS_DATASIGN);
		goto err;
	}

	/* Set new PKCS7 and TST_INFO objects. */
	TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
	p7 = NULL;		/* Ownership is lost. */
	ctx->tst_info = NULL;	/* Ownership is lost. */
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
			goto err;
	}

	return sc;

err:
	ESS_SIGNING_CERT_free(sc);
	TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
	return NULL;
}

static ESS_CERT_ID *
ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
{
	ESS_CERT_ID *cid = NULL;







|







834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
			goto err;
	}

	return sc;

err:
	ESS_SIGNING_CERT_free(sc);
	TSerror(ERR_R_MALLOC_FAILURE);
	return NULL;
}

static ESS_CERT_ID *
ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
{
	ESS_CERT_ID *cid = NULL;
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
	}

	return cid;

err:
	GENERAL_NAME_free(name);
	ESS_CERT_ID_free(cid);
	TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
	return NULL;
}

static int
TS_TST_INFO_content_new(PKCS7 *p7)
{
	PKCS7 *ret = NULL;







|







880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
	}

	return cid;

err:
	GENERAL_NAME_free(name);
	ESS_CERT_ID_free(cid);
	TSerror(ERR_R_MALLOC_FAILURE);
	return NULL;
}

static int
TS_TST_INFO_content_new(PKCS7 *p7)
{
	PKCS7 *ret = NULL;
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
{
	ASN1_STRING *seq = NULL;
	unsigned char *p, *pp = NULL;
	int len;

	len = i2d_ESS_SIGNING_CERT(sc, NULL);
	if (!(pp = malloc(len))) {
		TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = pp;
	i2d_ESS_SIGNING_CERT(sc, &p);
	if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
		TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	free(pp);
	pp = NULL;
	return PKCS7_add_signed_attribute(si,
	    NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);








|





|







922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
{
	ASN1_STRING *seq = NULL;
	unsigned char *p, *pp = NULL;
	int len;

	len = i2d_ESS_SIGNING_CERT(sc, NULL);
	if (!(pp = malloc(len))) {
		TSerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	p = pp;
	i2d_ESS_SIGNING_CERT(sc, &p);
	if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
		TSerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	free(pp);
	pp = NULL;
	return PKCS7_add_signed_attribute(si,
	    NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);

1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
		ASN1_GENERALIZEDTIME_free(asn1_time);
		goto err;
	}

	return asn1_time;

err:
	TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
	return NULL;
}







|


1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
		ASN1_GENERALIZEDTIME_free(asn1_time);
		goto err;
	}

	return asn1_time;

err:
	TSerror(TS_R_COULD_NOT_SET_TIME);
	return NULL;
}
Changes to jni/libressl/crypto/ts/ts_rsp_utils.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_utils.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_utils.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
{
	TS_STATUS_INFO *new_status_info;

	if (a->status_info == status_info)
		return 1;
	new_status_info = TS_STATUS_INFO_dup(status_info);
	if (new_status_info == NULL) {
		TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_STATUS_INFO_free(a->status_info);
	a->status_info = new_status_info;

	return 1;
}







|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
{
	TS_STATUS_INFO *new_status_info;

	if (a->status_info == status_info)
		return 1;
	new_status_info = TS_STATUS_INFO_dup(status_info);
	if (new_status_info == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_STATUS_INFO_free(a->status_info);
	a->status_info = new_status_info;

	return 1;
}
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
{
	ASN1_OBJECT *new_policy;

	if (a->policy_id == policy)
		return 1;
	new_policy = OBJ_dup(policy);
	if (new_policy == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_OBJECT_free(a->policy_id);
	a->policy_id = new_policy;
	return 1;
}








|







129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
{
	ASN1_OBJECT *new_policy;

	if (a->policy_id == policy)
		return 1;
	new_policy = OBJ_dup(policy);
	if (new_policy == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_OBJECT_free(a->policy_id);
	a->policy_id = new_policy;
	return 1;
}

152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
{
	TS_MSG_IMPRINT *new_msg_imprint;

	if (a->msg_imprint == msg_imprint)
		return 1;
	new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
	if (new_msg_imprint == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_MSG_IMPRINT_free(a->msg_imprint);
	a->msg_imprint = new_msg_imprint;
	return 1;
}








|







152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
{
	TS_MSG_IMPRINT *new_msg_imprint;

	if (a->msg_imprint == msg_imprint)
		return 1;
	new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
	if (new_msg_imprint == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_MSG_IMPRINT_free(a->msg_imprint);
	a->msg_imprint = new_msg_imprint;
	return 1;
}

175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
{
	ASN1_INTEGER *new_serial;

	if (a->serial == serial)
		return 1;
	new_serial = ASN1_INTEGER_dup(serial);
	if (new_serial == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->serial);
	a->serial = new_serial;
	return 1;
}








|







175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
{
	ASN1_INTEGER *new_serial;

	if (a->serial == serial)
		return 1;
	new_serial = ASN1_INTEGER_dup(serial);
	if (new_serial == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->serial);
	a->serial = new_serial;
	return 1;
}

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
{
	ASN1_GENERALIZEDTIME *new_time;

	if (a->time == gtime)
		return 1;
	new_time = ASN1_STRING_dup(gtime);
	if (new_time == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_GENERALIZEDTIME_free(a->time);
	a->time = new_time;
	return 1;
}








|







198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
{
	ASN1_GENERALIZEDTIME *new_time;

	if (a->time == gtime)
		return 1;
	new_time = ASN1_STRING_dup(gtime);
	if (new_time == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_GENERALIZEDTIME_free(a->time);
	a->time = new_time;
	return 1;
}

221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
{
	TS_ACCURACY *new_accuracy;

	if (a->accuracy == accuracy)
		return 1;
	new_accuracy = TS_ACCURACY_dup(accuracy);
	if (new_accuracy == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_ACCURACY_free(a->accuracy);
	a->accuracy = new_accuracy;
	return 1;
}








|







221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
{
	TS_ACCURACY *new_accuracy;

	if (a->accuracy == accuracy)
		return 1;
	new_accuracy = TS_ACCURACY_dup(accuracy);
	if (new_accuracy == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	TS_ACCURACY_free(a->accuracy);
	a->accuracy = new_accuracy;
	return 1;
}

244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
{
	ASN1_INTEGER *new_seconds;

	if (a->seconds == seconds)
		return 1;
	new_seconds = ASN1_INTEGER_dup(seconds);
	if (new_seconds == NULL) {
		TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->seconds);
	a->seconds = new_seconds;
	return 1;
}








|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
{
	ASN1_INTEGER *new_seconds;

	if (a->seconds == seconds)
		return 1;
	new_seconds = ASN1_INTEGER_dup(seconds);
	if (new_seconds == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->seconds);
	a->seconds = new_seconds;
	return 1;
}

268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
	ASN1_INTEGER *new_millis = NULL;

	if (a->millis == millis)
		return 1;
	if (millis != NULL) {
		new_millis = ASN1_INTEGER_dup(millis);
		if (new_millis == NULL) {
			TSerr(TS_F_TS_ACCURACY_SET_MILLIS,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	ASN1_INTEGER_free(a->millis);
	a->millis = new_millis;
	return 1;
}







<
|







268
269
270
271
272
273
274

275
276
277
278
279
280
281
282
	ASN1_INTEGER *new_millis = NULL;

	if (a->millis == millis)
		return 1;
	if (millis != NULL) {
		new_millis = ASN1_INTEGER_dup(millis);
		if (new_millis == NULL) {

			TSerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	ASN1_INTEGER_free(a->millis);
	a->millis = new_millis;
	return 1;
}
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
	ASN1_INTEGER *new_micros = NULL;

	if (a->micros == micros)
		return 1;
	if (micros != NULL) {
		new_micros = ASN1_INTEGER_dup(micros);
		if (new_micros == NULL) {
			TSerr(TS_F_TS_ACCURACY_SET_MICROS,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	ASN1_INTEGER_free(a->micros);
	a->micros = new_micros;
	return 1;
}







<
|







293
294
295
296
297
298
299

300
301
302
303
304
305
306
307
	ASN1_INTEGER *new_micros = NULL;

	if (a->micros == micros)
		return 1;
	if (micros != NULL) {
		new_micros = ASN1_INTEGER_dup(micros);
		if (new_micros == NULL) {

			TSerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	ASN1_INTEGER_free(a->micros);
	a->micros = new_micros;
	return 1;
}
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
{
	ASN1_INTEGER *new_nonce;

	if (a->nonce == nonce)
		return 1;
	new_nonce = ASN1_INTEGER_dup(nonce);
	if (new_nonce == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->nonce);
	a->nonce = new_nonce;
	return 1;
}








|







330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
{
	ASN1_INTEGER *new_nonce;

	if (a->nonce == nonce)
		return 1;
	new_nonce = ASN1_INTEGER_dup(nonce);
	if (new_nonce == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	ASN1_INTEGER_free(a->nonce);
	a->nonce = new_nonce;
	return 1;
}

355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
{
	GENERAL_NAME *new_tsa;

	if (a->tsa == tsa)
		return 1;
	new_tsa = GENERAL_NAME_dup(tsa);
	if (new_tsa == NULL) {
		TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	GENERAL_NAME_free(a->tsa);
	a->tsa = new_tsa;
	return 1;
}








|







353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
{
	GENERAL_NAME *new_tsa;

	if (a->tsa == tsa)
		return 1;
	new_tsa = GENERAL_NAME_dup(tsa);
	if (new_tsa == NULL) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	GENERAL_NAME_free(a->tsa);
	a->tsa = new_tsa;
	return 1;
}

Changes to jni/libressl/crypto/ts/ts_rsp_verify.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_verify.c,v 1.15 2015/07/19 05:42:55 miod Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
	STACK_OF(X509) *chain = NULL;
	char	buf[4096];
	int	i, j = 0, ret = 0;
	BIO	*p7bio = NULL;

	/* Some sanity checks first. */
	if (!token) {
		TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
		goto err;
	}

	/* Check for the correct content type */
	if (!PKCS7_type_is_signed(token)) {
		TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
		goto err;
	}

	/* Check if there is one and only one signer. */
	sinfos = PKCS7_get_signer_info(token);
	if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
		TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE,
		    TS_R_THERE_MUST_BE_ONE_SIGNER);
		goto err;
	}
	si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);

	/* Check for no content: no data to verify signature. */
	if (PKCS7_get_detached(token)) {
		TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
		goto err;
	}

	/* Get hold of the signer certificate, search only internal
	   certificates if it was requested. */
	signers = PKCS7_get0_signers(token, certs, 0);
	if (!signers || sk_X509_num(signers) != 1)







|





|






<
|






|







151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
	STACK_OF(X509) *chain = NULL;
	char	buf[4096];
	int	i, j = 0, ret = 0;
	BIO	*p7bio = NULL;

	/* Some sanity checks first. */
	if (!token) {
		TSerror(TS_R_INVALID_NULL_POINTER);
		goto err;
	}

	/* Check for the correct content type */
	if (!PKCS7_type_is_signed(token)) {
		TSerror(TS_R_WRONG_CONTENT_TYPE);
		goto err;
	}

	/* Check if there is one and only one signer. */
	sinfos = PKCS7_get_signer_info(token);
	if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {

		TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER);
		goto err;
	}
	si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);

	/* Check for no content: no data to verify signature. */
	if (PKCS7_get_detached(token)) {
		TSerror(TS_R_NO_CONTENT);
		goto err;
	}

	/* Get hold of the signer certificate, search only internal
	   certificates if it was requested. */
	signers = PKCS7_get0_signers(token, certs, 0);
	if (!signers || sk_X509_num(signers) != 1)
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
	/* We now have to 'read' from p7bio to calculate digests etc. */
	while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
		;

	/* Verifying the signature. */
	j = PKCS7_signatureVerify(p7bio, token, si, signer);
	if (j <= 0) {
		TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
		goto err;
	}

	/* Return the signer certificate if needed. */
	if (signer_out) {
		*signer_out = signer;
		CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);







|







201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
	/* We now have to 'read' from p7bio to calculate digests etc. */
	while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
		;

	/* Verifying the signature. */
	j = PKCS7_signatureVerify(p7bio, token, si, signer);
	if (j <= 0) {
		TSerror(TS_R_SIGNATURE_FAILURE);
		goto err;
	}

	/* Return the signer certificate if needed. */
	if (signer_out) {
		*signer_out = signer;
		CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
237
238
239
240
241
242
243
244
245
246
247


248
249
250
251
252
253
254
255
256
257
258
259
	X509_STORE_CTX cert_ctx;
	int i;
	int ret = 0;

	/* chain is an out argument. */
	*chain = NULL;
	if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) {
		TSerr(TS_F_TS_VERIFY_CERT, ERR_R_X509_LIB);
		goto err;
	}
	X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);


	i = X509_verify_cert(&cert_ctx);
	if (i <= 0) {
		int j = X509_STORE_CTX_get_error(&cert_ctx);

		TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
		ERR_asprintf_error_data("Verify error:%s",
		    X509_verify_cert_error_string(j));
		goto err;
	} else {
		/* Get a copy of the certificate chain. */
		*chain = X509_STORE_CTX_get1_chain(&cert_ctx);
		ret = 1;







|


|
>
>




|







236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
	X509_STORE_CTX cert_ctx;
	int i;
	int ret = 0;

	/* chain is an out argument. */
	*chain = NULL;
	if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) {
		TSerror(ERR_R_X509_LIB);
		goto err;
	}
	if (X509_STORE_CTX_set_purpose(&cert_ctx,
	    X509_PURPOSE_TIMESTAMP_SIGN) == 0)
		goto err;
	i = X509_verify_cert(&cert_ctx);
	if (i <= 0) {
		int j = X509_STORE_CTX_get_error(&cert_ctx);

		TSerror(TS_R_CERTIFICATE_VERIFY_ERROR);
		ERR_asprintf_error_data("Verify error:%s",
		    X509_verify_cert_error_string(j));
		goto err;
	} else {
		/* Get a copy of the certificate chain. */
		*chain = X509_STORE_CTX_get1_chain(&cert_ctx);
		ret = 1;
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
				goto err;
		}
	}
	ret = 1;

err:
	if (!ret)
		TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
		    TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
	ESS_SIGNING_CERT_free(ss);
	return ret;
}

static ESS_SIGNING_CERT *
ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
{







<
|







293
294
295
296
297
298
299

300
301
302
303
304
305
306
307
				goto err;
		}
	}
	ret = 1;

err:
	if (!ret)

		TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
	ESS_SIGNING_CERT_free(ss);
	return ret;
}

static ESS_SIGNING_CERT *
ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
{
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
	if ((ctx->flags & TS_VFY_SIGNATURE) &&
	    !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
		goto err;

	/* Check version number of response. */
	if ((ctx->flags & TS_VFY_VERSION) &&
	    TS_TST_INFO_get_version(tst_info) != 1) {
		TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
		goto err;
	}

	/* Check policies. */
	if ((ctx->flags & TS_VFY_POLICY) &&
	    !TS_check_policy(ctx->policy, tst_info))
		goto err;







|







440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
	if ((ctx->flags & TS_VFY_SIGNATURE) &&
	    !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
		goto err;

	/* Check version number of response. */
	if ((ctx->flags & TS_VFY_VERSION) &&
	    TS_TST_INFO_get_version(tst_info) != 1) {
		TSerror(TS_R_UNSUPPORTED_VERSION);
		goto err;
	}

	/* Check policies. */
	if ((ctx->flags & TS_VFY_POLICY) &&
	    !TS_check_policy(ctx->policy, tst_info))
		goto err;
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
	if ((ctx->flags & TS_VFY_NONCE) &&
	    !TS_check_nonces(ctx->nonce, tst_info))
		goto err;

	/* Check whether TSA name and signer certificate match. */
	if ((ctx->flags & TS_VFY_SIGNER) &&
	    tsa_name && !TS_check_signer_name(tsa_name, signer)) {
		TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
		goto err;
	}

	/* Check whether the TSA is the expected one. */
	if ((ctx->flags & TS_VFY_TSA_NAME) &&
	    !TS_check_signer_name(ctx->tsa_name, signer)) {
		TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
		goto err;
	}

	ret = 1;

err:
	X509_free(signer);







|






|







470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
	if ((ctx->flags & TS_VFY_NONCE) &&
	    !TS_check_nonces(ctx->nonce, tst_info))
		goto err;

	/* Check whether TSA name and signer certificate match. */
	if ((ctx->flags & TS_VFY_SIGNER) &&
	    tsa_name && !TS_check_signer_name(tsa_name, signer)) {
		TSerror(TS_R_TSA_NAME_MISMATCH);
		goto err;
	}

	/* Check whether the TSA is the expected one. */
	if ((ctx->flags & TS_VFY_TSA_NAME) &&
	    !TS_check_signer_name(ctx->tsa_name, signer)) {
		TSerror(TS_R_TSA_UNTRUSTED);
		goto err;
	}

	ret = 1;

err:
	X509_free(signer);
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
			}
		}
	}
	if (failure_text[0] == '\0')
		strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE);

	/* Making up the error string. */
	TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
	ERR_asprintf_error_data
	    ("status code: %s, status text: %s, failure codes: %s",
	    status_text,
	    embedded_status_text ? embedded_status_text : "unspecified",
	    failure_text);
	free(embedded_status_text);








|







535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
			}
		}
	}
	if (failure_text[0] == '\0')
		strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE);

	/* Making up the error string. */
	TSerror(TS_R_NO_TIME_STAMP_TOKEN);
	ERR_asprintf_error_data
	    ("status code: %s, status text: %s, failure codes: %s",
	    status_text,
	    embedded_status_text ? embedded_status_text : "unspecified",
	    failure_text);
	free(embedded_status_text);

561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
	for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
		ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
		length += ASN1_STRING_length(current);
		length += 1;	/* separator character */
	}
	/* Allocate memory (closing '\0' included). */
	if (!(result = malloc(length))) {
		TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	/* Concatenate the descriptions. */
	result[0] = '\0';
	for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
		ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
		if (i > 0)
			strlcat(result, "/", length);
		strlcat(result, (const char *)ASN1_STRING_data(current), length);
	}
	return result;
}

static int
TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
{
	ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);

	if (OBJ_cmp(req_oid, resp_oid) != 0) {
		TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
		return 0;
	}

	return 1;
}

static int







|



















|







561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
	for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
		ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
		length += ASN1_STRING_length(current);
		length += 1;	/* separator character */
	}
	/* Allocate memory (closing '\0' included). */
	if (!(result = malloc(length))) {
		TSerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	/* Concatenate the descriptions. */
	result[0] = '\0';
	for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
		ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
		if (i > 0)
			strlcat(result, "/", length);
		strlcat(result, (const char *)ASN1_STRING_data(current), length);
	}
	return result;
}

static int
TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
{
	ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);

	if (OBJ_cmp(req_oid, resp_oid) != 0) {
		TSerror(TS_R_POLICY_MISMATCH);
		return 0;
	}

	return 1;
}

static int
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632

	/* Return the MD algorithm of the response. */
	if (!(*md_alg = X509_ALGOR_dup(md_alg_resp)))
		goto err;

	/* Getting the MD object. */
	if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
		TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
		goto err;
	}

	/* Compute message digest. */
	length = EVP_MD_size(md);
	if (length < 0)
		goto err;
	*imprint_len = length;
	if (!(*imprint = malloc(*imprint_len))) {
		TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_DigestInit(&md_ctx, md))
		goto err;
	while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
		if (!EVP_DigestUpdate(&md_ctx, buffer, length))







|









|







608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632

	/* Return the MD algorithm of the response. */
	if (!(*md_alg = X509_ALGOR_dup(md_alg_resp)))
		goto err;

	/* Getting the MD object. */
	if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
		TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM);
		goto err;
	}

	/* Compute message digest. */
	length = EVP_MD_size(md);
	if (length < 0)
		goto err;
	*imprint_len = length;
	if (!(*imprint = malloc(*imprint_len))) {
		TSerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_DigestInit(&md_ctx, md))
		goto err;
	while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
		if (!EVP_DigestUpdate(&md_ctx, buffer, length))
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700

	/* Compare octet strings. */
	ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) &&
	    memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;

err:
	if (!ret)
		TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
	return ret;
}

static int
TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
{
	const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);

	/* Error if nonce is missing. */
	if (!b) {
		TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
		return 0;
	}

	/* No error if a nonce is returned without being requested. */
	if (ASN1_INTEGER_cmp(a, b) != 0) {
		TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
		return 0;
	}

	return 1;
}

/* Check if the specified TSA name matches either the subject







|










|





|







669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700

	/* Compare octet strings. */
	ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) &&
	    memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;

err:
	if (!ret)
		TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH);
	return ret;
}

static int
TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
{
	const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);

	/* Error if nonce is missing. */
	if (!b) {
		TSerror(TS_R_NONCE_NOT_RETURNED);
		return 0;
	}

	/* No error if a nonce is returned without being requested. */
	if (ASN1_INTEGER_cmp(a, b) != 0) {
		TSerror(TS_R_NONCE_MISMATCH);
		return 0;
	}

	return 1;
}

/* Check if the specified TSA name matches either the subject
Changes to jni/libressl/crypto/ts/ts_verify_ctx.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts_verify_ctx.c,v 1.7 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2003.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2003.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

TS_VERIFY_CTX *
TS_VERIFY_CTX_new(void)
{
	TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX));

	if (!ctx)
		TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);

	return ctx;
}

void
TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
{







|







64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

TS_VERIFY_CTX *
TS_VERIFY_CTX_new(void)
{
	TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX));

	if (!ctx)
		TSerror(ERR_R_MALLOC_FAILURE);

	return ctx;
}

void
TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
{
Changes to jni/libressl/crypto/txt_db/txt_db.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: txt_db.c,v 1.17 2014/07/09 11:10:51 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: txt_db.c,v 1.18 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/buffer.h>
#include <openssl/txt_db.h>

#undef BUFSIZE
#define BUFSIZE	512








<
<
<







55
56
57
58
59
60
61



62
63
64
65
66
67
68
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>




#include <openssl/buffer.h>
#include <openssl/txt_db.h>

#undef BUFSIZE
#define BUFSIZE	512

Changes to jni/libressl/crypto/ui/ui_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ui_err.c,v 1.7 2014/06/12 15:49:31 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)

static ERR_STRING_DATA UI_str_functs[] = {
	{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
	{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
	{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
	{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
	{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
	{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
	{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
	{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
	{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
	{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
	{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
	{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
	{0, NULL}
};

static ERR_STRING_DATA UI_str_reasons[] = {
	{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), "common ok and cancel characters"},
	{ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
	{ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},







<
<
<
|
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74



75








76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)

static ERR_STRING_DATA UI_str_functs[] = {



	{ERR_FUNC(0xfff), "CRYPTO_internal"},








	{0, NULL}
};

static ERR_STRING_DATA UI_str_reasons[] = {
	{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), "common ok and cancel characters"},
	{ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
	{ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},
Changes to jni/libressl/crypto/ui/ui_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ui_lib.c,v 1.30 2015/02/10 11:22:21 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui_lib.c,v 1.32 2017/01/29 17:49:23 beck Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
UI *
UI_new_method(const UI_METHOD *method)
{
	UI *ret;

	ret = malloc(sizeof(UI));
	if (ret == NULL) {
		UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	if (method == NULL)
		ret->meth = UI_get_default_method();
	else
		ret->meth = method;








|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
UI *
UI_new_method(const UI_METHOD *method)
{
	UI *ret;

	ret = malloc(sizeof(UI));
	if (ret == NULL) {
		UIerror(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	if (method == NULL)
		ret->meth = UI_get_default_method();
	else
		ret->meth = method;

139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
static UI_STRING *
general_allocate_prompt(UI *ui, const char *prompt, int prompt_freeable,
    enum UI_string_types type, int input_flags, char *result_buf)
{
	UI_STRING *ret = NULL;

	if (prompt == NULL) {
		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,
		    ERR_R_PASSED_NULL_PARAMETER);
	} else if ((type == UIT_PROMPT || type == UIT_VERIFY ||
	    type == UIT_BOOLEAN) && result_buf == NULL) {
		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
	} else if ((ret = malloc(sizeof(UI_STRING)))) {
		ret->out_string = prompt;
		ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
		ret->input_flags = input_flags;
		ret->type = type;
		ret->result_buf = result_buf;
	}







<
|


|







139
140
141
142
143
144
145

146
147
148
149
150
151
152
153
154
155
156
static UI_STRING *
general_allocate_prompt(UI *ui, const char *prompt, int prompt_freeable,
    enum UI_string_types type, int input_flags, char *result_buf)
{
	UI_STRING *ret = NULL;

	if (prompt == NULL) {

		UIerror(ERR_R_PASSED_NULL_PARAMETER);
	} else if ((type == UIT_PROMPT || type == UIT_VERIFY ||
	    type == UIT_BOOLEAN) && result_buf == NULL) {
		UIerror(UI_R_NO_RESULT_BUFFER);
	} else if ((ret = malloc(sizeof(UI_STRING)))) {
		ret->out_string = prompt;
		ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
		ret->input_flags = input_flags;
		ret->type = type;
		ret->result_buf = result_buf;
	}
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
    enum UI_string_types type, int input_flags, char *result_buf)
{
	int ret = -1;
	UI_STRING *s;
	const char *p;

	if (ok_chars == NULL) {
		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
		    ERR_R_PASSED_NULL_PARAMETER);
	} else if (cancel_chars == NULL) {
		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
		    ERR_R_PASSED_NULL_PARAMETER);
	} else {
		for (p = ok_chars; *p; p++) {
			if (strchr(cancel_chars, *p)) {
				UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
				    UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
			}
		}

		s = general_allocate_prompt(ui, prompt, prompt_freeable,
		    type, input_flags, result_buf);

		if (s) {







<
|

<
|



<
|







187
188
189
190
191
192
193

194
195

196
197
198
199

200
201
202
203
204
205
206
207
    enum UI_string_types type, int input_flags, char *result_buf)
{
	int ret = -1;
	UI_STRING *s;
	const char *p;

	if (ok_chars == NULL) {

		UIerror(ERR_R_PASSED_NULL_PARAMETER);
	} else if (cancel_chars == NULL) {

		UIerror(ERR_R_PASSED_NULL_PARAMETER);
	} else {
		for (p = ok_chars; *p; p++) {
			if (strchr(cancel_chars, *p)) {

				UIerror(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
			}
		}

		s = general_allocate_prompt(ui, prompt, prompt_freeable,
		    type, input_flags, result_buf);

		if (s) {
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
    int minsize, int maxsize)
{
	char *prompt_copy = NULL;

	if (prompt) {
		prompt_copy = strdup(prompt);
		if (prompt_copy == NULL) {
			UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	return general_allocate_string(ui, prompt_copy, 1, UIT_PROMPT, flags,
	    result_buf, minsize, maxsize, NULL);
}








|







239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
    int minsize, int maxsize)
{
	char *prompt_copy = NULL;

	if (prompt) {
		prompt_copy = strdup(prompt);
		if (prompt_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	return general_allocate_string(ui, prompt_copy, 1, UIT_PROMPT, flags,
	    result_buf, minsize, maxsize, NULL);
}

268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
    char *result_buf, int minsize, int maxsize, const char *test_buf)
{
	char *prompt_copy = NULL;

	if (prompt) {
		prompt_copy = strdup(prompt);
		if (prompt_copy == NULL) {
			UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
			return -1;
		}
	}
	return general_allocate_string(ui, prompt_copy, 1, UIT_VERIFY, flags,
	    result_buf, minsize, maxsize, test_buf);
}








|







264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
    char *result_buf, int minsize, int maxsize, const char *test_buf)
{
	char *prompt_copy = NULL;

	if (prompt) {
		prompt_copy = strdup(prompt);
		if (prompt_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			return -1;
		}
	}
	return general_allocate_string(ui, prompt_copy, 1, UIT_VERIFY, flags,
	    result_buf, minsize, maxsize, test_buf);
}

296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
	char *action_desc_copy = NULL;
	char *ok_chars_copy = NULL;
	char *cancel_chars_copy = NULL;

	if (prompt) {
		prompt_copy = strdup(prompt);
		if (prompt_copy == NULL) {
			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (action_desc) {
		action_desc_copy = strdup(action_desc);
		if (action_desc_copy == NULL) {
			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (ok_chars) {
		ok_chars_copy = strdup(ok_chars);
		if (ok_chars_copy == NULL) {
			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (cancel_chars) {
		cancel_chars_copy = strdup(cancel_chars);
		if (cancel_chars_copy == NULL) {
			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
	    ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
	    result_buf);








|






|






|






|







292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
	char *action_desc_copy = NULL;
	char *ok_chars_copy = NULL;
	char *cancel_chars_copy = NULL;

	if (prompt) {
		prompt_copy = strdup(prompt);
		if (prompt_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (action_desc) {
		action_desc_copy = strdup(action_desc);
		if (action_desc_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (ok_chars) {
		ok_chars_copy = strdup(ok_chars);
		if (ok_chars_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (cancel_chars) {
		cancel_chars_copy = strdup(cancel_chars);
		if (cancel_chars_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
	    ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
	    result_buf);

348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
UI_dup_info_string(UI *ui, const char *text)
{
	char *text_copy = NULL;

	if (text) {
		text_copy = strdup(text);
		if (text_copy == NULL) {
			UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
			return -1;
		}
	}
	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
	    0, 0, NULL);
}








|







344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
UI_dup_info_string(UI *ui, const char *text)
{
	char *text_copy = NULL;

	if (text) {
		text_copy = strdup(text);
		if (text_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			return -1;
		}
	}
	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
	    0, 0, NULL);
}

371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
UI_dup_error_string(UI *ui, const char *text)
{
	char *text_copy = NULL;

	if (text) {
		text_copy = strdup(text);
		if (text_copy == NULL) {
			UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
			return -1;
		}
	}
	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
	    0, 0, NULL);
}








|







367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
UI_dup_error_string(UI *ui, const char *text)
{
	char *text_copy = NULL;

	if (text) {
		text_copy = strdup(text);
		if (text_copy == NULL) {
			UIerror(ERR_R_MALLOC_FAILURE);
			return -1;
		}
	}
	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
	    0, 0, NULL);
}

422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
	return ui->user_data;
}

const char *
UI_get0_result(UI *ui, int i)
{
	if (i < 0) {
		UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
		return NULL;
	}
	if (i >= sk_UI_STRING_num(ui->strings)) {
		UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
		return NULL;
	}
	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
}

static int
print_error(const char *str, size_t len, UI *ui)







|



|







418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
	return ui->user_data;
}

const char *
UI_get0_result(UI *ui, int i)
{
	if (i < 0) {
		UIerror(UI_R_INDEX_TOO_SMALL);
		return NULL;
	}
	if (i >= sk_UI_STRING_num(ui->strings)) {
		UIerror(UI_R_INDEX_TOO_LARGE);
		return NULL;
	}
	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
}

static int
print_error(const char *str, size_t len, UI *ui)
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
	return ok;
}

int
UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
{
	if (ui == NULL) {
		UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
		return -1;
	}
	switch (cmd) {
	case UI_CTRL_PRINT_ERRORS:
		{
			int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
			if (i)
				ui->flags |= UI_FLAG_PRINT_ERRORS;
			else
				ui->flags &= ~UI_FLAG_PRINT_ERRORS;
			return save_flag;
		}
	case UI_CTRL_IS_REDOABLE:
		return !!(ui->flags & UI_FLAG_REDOABLE);
	default:
		break;
	}
	UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
	return -1;
}

int
UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{







|

















|







506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
	return ok;
}

int
UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
{
	if (ui == NULL) {
		UIerror(ERR_R_PASSED_NULL_PARAMETER);
		return -1;
	}
	switch (cmd) {
	case UI_CTRL_PRINT_ERRORS:
		{
			int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
			if (i)
				ui->flags |= UI_FLAG_PRINT_ERRORS;
			else
				ui->flags &= ~UI_FLAG_PRINT_ERRORS;
			return save_flag;
		}
	case UI_CTRL_IS_REDOABLE:
		return !!(ui->flags & UI_FLAG_REDOABLE);
	default:
		break;
	}
	UIerror(UI_R_UNKNOWN_CONTROL_COMMAND);
	return -1;
}

int
UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
	if (!uis)
		return -1;
	switch (uis->type) {
	case UIT_PROMPT:
	case UIT_VERIFY:
		if (l < uis->_.string_data.result_minsize) {
			ui->flags |= UI_FLAG_REDOABLE;
			UIerr(UI_F_UI_SET_RESULT,
			    UI_R_RESULT_TOO_SMALL);
			ERR_asprintf_error_data
			    ("You must type in %d to %d characters",
				uis->_.string_data.result_minsize,
				uis->_.string_data.result_maxsize);
			return -1;
		}
		if (l > uis->_.string_data.result_maxsize) {
			ui->flags |= UI_FLAG_REDOABLE;
			UIerr(UI_F_UI_SET_RESULT,
			    UI_R_RESULT_TOO_LARGE);
			ERR_asprintf_error_data
			    ("You must type in %d to %d characters",
				uis->_.string_data.result_minsize,
				uis->_.string_data.result_maxsize);
			return -1;
		}
		if (!uis->result_buf) {
			UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
			return -1;
		}
		strlcpy(uis->result_buf, result,
		    uis->_.string_data.result_maxsize + 1);
		break;
	case UIT_BOOLEAN:
		{
			const char *p;

			if (!uis->result_buf) {
				UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
				return -1;
			}
			uis->result_buf[0] = '\0';
			for (p = result; *p; p++) {
				if (strchr(uis->_.boolean_data.ok_chars, *p)) {
					uis->result_buf[0] =
					    uis->_.boolean_data.ok_chars[0];







<
|








<
|







|










|







823
824
825
826
827
828
829

830
831
832
833
834
835
836
837
838

839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
	if (!uis)
		return -1;
	switch (uis->type) {
	case UIT_PROMPT:
	case UIT_VERIFY:
		if (l < uis->_.string_data.result_minsize) {
			ui->flags |= UI_FLAG_REDOABLE;

			UIerror(UI_R_RESULT_TOO_SMALL);
			ERR_asprintf_error_data
			    ("You must type in %d to %d characters",
				uis->_.string_data.result_minsize,
				uis->_.string_data.result_maxsize);
			return -1;
		}
		if (l > uis->_.string_data.result_maxsize) {
			ui->flags |= UI_FLAG_REDOABLE;

			UIerror(UI_R_RESULT_TOO_LARGE);
			ERR_asprintf_error_data
			    ("You must type in %d to %d characters",
				uis->_.string_data.result_minsize,
				uis->_.string_data.result_maxsize);
			return -1;
		}
		if (!uis->result_buf) {
			UIerror(UI_R_NO_RESULT_BUFFER);
			return -1;
		}
		strlcpy(uis->result_buf, result,
		    uis->_.string_data.result_maxsize + 1);
		break;
	case UIT_BOOLEAN:
		{
			const char *p;

			if (!uis->result_buf) {
				UIerror(UI_R_NO_RESULT_BUFFER);
				return -1;
			}
			uis->result_buf[0] = '\0';
			for (p = result; *p; p++) {
				if (strchr(uis->_.boolean_data.ok_chars, *p)) {
					uis->result_buf[0] =
					    uis->_.boolean_data.ok_chars[0];
Changes to jni/libressl/crypto/ui/ui_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */

/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui_locl.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */

/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
58
59
60
61
62
63
64


65
66
67
68
69
70
71
 */

#ifndef HEADER_UI_LOCL_H
#define HEADER_UI_LOCL_H

#include <openssl/ui.h>
#include <openssl/crypto.h>



#ifdef _
#undef _
#endif

struct ui_method_st {
	char *name;







>
>







58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 */

#ifndef HEADER_UI_LOCL_H
#define HEADER_UI_LOCL_H

#include <openssl/ui.h>
#include <openssl/crypto.h>

__BEGIN_HIDDEN_DECLS

#ifdef _
#undef _
#endif

struct ui_method_st {
	char *name;
140
141
142
143
144
145
146
147


148
	void *user_data;
	CRYPTO_EX_DATA ex_data;

#define UI_FLAG_REDOABLE	0x0001
#define UI_FLAG_PRINT_ERRORS	0x0100
	int flags;
};



#endif








>
>

142
143
144
145
146
147
148
149
150
151
152
	void *user_data;
	CRYPTO_EX_DATA ex_data;

#define UI_FLAG_REDOABLE	0x0001
#define UI_FLAG_PRINT_ERRORS	0x0100
	int flags;
};

__END_HIDDEN_DECLS

#endif
Changes to jni/libressl/crypto/ui/ui_openssl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ui_openssl.c,v 1.24 2015/07/16 02:46:49 guenther Exp $ */
/* Written by Richard Levitte (richard@levitte.org) and others
 * for the OpenSSL project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui_openssl.c,v 1.25 2015/09/10 15:56:26 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) and others
 * for the OpenSSL project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/ui/ui_util.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ui_util.c,v 1.9 2014/06/12 15:49:31 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui_util.c,v 1.10 2015/09/10 15:56:26 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Added jni/libressl/crypto/whrlpool/wp-elf-x86_64.S.




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
#include "x86_arch.h"
.text	

.globl	whirlpool_block
.type	whirlpool_block,@function
.align	16
whirlpool_block:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movq	%rsp,%r11
	subq	$128+40,%rsp
	andq	$-64,%rsp

	leaq	128(%rsp),%r10
	movq	%rdi,0(%r10)
	movq	%rsi,8(%r10)
	movq	%rdx,16(%r10)
	movq	%r11,32(%r10)
.Lprologue:

	movq	%r10,%rbx
	leaq	.Ltable(%rip),%rbp

	xorq	%rcx,%rcx
	xorq	%rdx,%rdx
	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11
	movq	32(%rdi),%r12
	movq	40(%rdi),%r13
	movq	48(%rdi),%r14
	movq	56(%rdi),%r15
.Louterloop:
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	xorq	%rsi,%rsi
	movq	%rsi,24(%rbx)
.align	16
.Lround:
	movq	4096(%rbp,%rsi,8),%r8
	movl	0(%rsp),%eax
	movl	4(%rsp),%ebx
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	movq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	6(%rbp,%rsi,8),%r10
	movq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	movq	4(%rbp,%rsi,8),%r12
	movq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	2(%rbp,%rsi,8),%r14
	movq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	movl	56+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	movl	56+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	xorq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r10
	xorq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r12
	xorq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r14
	xorq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	leaq	128(%rsp),%rbx
	movq	24(%rbx),%rsi
	addq	$1,%rsi
	cmpq	$10,%rsi
	je	.Lroundsdone

	movq	%rsi,24(%rbx)
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	jmp	.Lround
.align	16
.Lroundsdone:
	movq	0(%rbx),%rdi
	movq	8(%rbx),%rsi
	movq	16(%rbx),%rax
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	xorq	0(%rdi),%r8
	xorq	8(%rdi),%r9
	xorq	16(%rdi),%r10
	xorq	24(%rdi),%r11
	xorq	32(%rdi),%r12
	xorq	40(%rdi),%r13
	xorq	48(%rdi),%r14
	xorq	56(%rdi),%r15
	movq	%r8,0(%rdi)
	movq	%r9,8(%rdi)
	movq	%r10,16(%rdi)
	movq	%r11,24(%rdi)
	movq	%r12,32(%rdi)
	movq	%r13,40(%rdi)
	movq	%r14,48(%rdi)
	movq	%r15,56(%rdi)
	leaq	64(%rsi),%rsi
	subq	$1,%rax
	jz	.Lalldone
	movq	%rsi,8(%rbx)
	movq	%rax,16(%rbx)
	jmp	.Louterloop
.Lalldone:
	movq	32(%rbx),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	whirlpool_block,.-whirlpool_block

.align	64
.type	.Ltable,@object
.Ltable:
.byte	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216
.byte	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38
.byte	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184
.byte	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251
.byte	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203
.byte	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17
.byte	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9
.byte	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13
.byte	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155
.byte	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255
.byte	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12
.byte	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14
.byte	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150
.byte	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48
.byte	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109
.byte	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248
.byte	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71
.byte	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53
.byte	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55
.byte	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138
.byte	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210
.byte	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108
.byte	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132
.byte	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128
.byte	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245
.byte	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179
.byte	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33
.byte	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156
.byte	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67
.byte	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41
.byte	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93
.byte	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213
.byte	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189
.byte	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232
.byte	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146
.byte	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158
.byte	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19
.byte	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35
.byte	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32
.byte	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68
.byte	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162
.byte	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207
.byte	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124
.byte	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90
.byte	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80
.byte	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201
.byte	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20
.byte	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217
.byte	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60
.byte	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143
.byte	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144
.byte	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7
.byte	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221
.byte	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211
.byte	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45
.byte	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120
.byte	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151
.byte	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2
.byte	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115
.byte	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167
.byte	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246
.byte	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178
.byte	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73
.byte	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86
.byte	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112
.byte	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205
.byte	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187
.byte	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113
.byte	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123
.byte	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175
.byte	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69
.byte	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26
.byte	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212
.byte	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88
.byte	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46
.byte	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63
.byte	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172
.byte	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176
.byte	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239
.byte	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182
.byte	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92
.byte	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18
.byte	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147
.byte	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222
.byte	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198
.byte	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209
.byte	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59
.byte	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95
.byte	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49
.byte	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168
.byte	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185
.byte	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188
.byte	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62
.byte	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11
.byte	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191
.byte	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89
.byte	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242
.byte	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119
.byte	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51
.byte	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244
.byte	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39
.byte	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235
.byte	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137
.byte	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50
.byte	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84
.byte	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141
.byte	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100
.byte	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157
.byte	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61
.byte	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15
.byte	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202
.byte	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183
.byte	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125
.byte	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206
.byte	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127
.byte	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47
.byte	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99
.byte	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42
.byte	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204
.byte	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130
.byte	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122
.byte	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72
.byte	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149
.byte	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223
.byte	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77
.byte	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192
.byte	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145
.byte	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200
.byte	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91
.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
.byte	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249
.byte	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110
.byte	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225
.byte	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230
.byte	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40
.byte	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195
.byte	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116
.byte	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190
.byte	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29
.byte	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234
.byte	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87
.byte	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56
.byte	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173
.byte	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196
.byte	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218
.byte	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199
.byte	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219
.byte	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233
.byte	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106
.byte	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3
.byte	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74
.byte	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142
.byte	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96
.byte	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252
.byte	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70
.byte	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31
.byte	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118
.byte	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250
.byte	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54
.byte	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174
.byte	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75
.byte	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133
.byte	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126
.byte	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231
.byte	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85
.byte	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58
.byte	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129
.byte	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82
.byte	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98
.byte	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163
.byte	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16
.byte	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171
.byte	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208
.byte	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197
.byte	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236
.byte	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22
.byte	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148
.byte	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159
.byte	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229
.byte	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152
.byte	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23
.byte	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228
.byte	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161
.byte	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78
.byte	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66
.byte	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52
.byte	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8
.byte	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238
.byte	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97
.byte	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177
.byte	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79
.byte	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36
.byte	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227
.byte	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37
.byte	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34
.byte	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101
.byte	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121
.byte	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105
.byte	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169
.byte	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25
.byte	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254
.byte	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154
.byte	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240
.byte	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153
.byte	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131
.byte	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4
.byte	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102
.byte	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224
.byte	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193
.byte	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253
.byte	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64
.byte	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28
.byte	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24
.byte	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139
.byte	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81
.byte	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5
.byte	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140
.byte	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57
.byte	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170
.byte	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27
.byte	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220
.byte	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94
.byte	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160
.byte	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136
.byte	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103
.byte	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10
.byte	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135
.byte	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241
.byte	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114
.byte	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83
.byte	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1
.byte	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43
.byte	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164
.byte	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243
.byte	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21
.byte	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76
.byte	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165
.byte	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181
.byte	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180
.byte	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186
.byte	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166
.byte	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247
.byte	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6
.byte	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65
.byte	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215
.byte	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111
.byte	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30
.byte	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214
.byte	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226
.byte	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104
.byte	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44
.byte	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237
.byte	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117
.byte	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134
.byte	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107
.byte	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194
.byte	24,35,198,232,135,184,1,79
.byte	54,166,210,245,121,111,145,82
.byte	96,188,155,142,163,12,123,53
.byte	29,224,215,194,46,75,254,87
.byte	21,119,55,229,159,240,74,218
.byte	88,201,41,10,177,160,107,133
.byte	189,93,16,244,203,62,5,103
.byte	228,39,65,139,167,125,149,216
.byte	251,238,124,102,221,23,71,158
.byte	202,45,191,7,173,90,131,51
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
Deleted jni/libressl/crypto/whrlpool/wp-elf-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
.text	

.globl	whirlpool_block
.type	whirlpool_block,@function
.align	16
whirlpool_block:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movq	%rsp,%r11
	subq	$128+40,%rsp
	andq	$-64,%rsp

	leaq	128(%rsp),%r10
	movq	%rdi,0(%r10)
	movq	%rsi,8(%r10)
	movq	%rdx,16(%r10)
	movq	%r11,32(%r10)
.Lprologue:

	movq	%r10,%rbx
	leaq	.Ltable(%rip),%rbp

	xorq	%rcx,%rcx
	xorq	%rdx,%rdx
	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11
	movq	32(%rdi),%r12
	movq	40(%rdi),%r13
	movq	48(%rdi),%r14
	movq	56(%rdi),%r15
.Louterloop:
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	xorq	%rsi,%rsi
	movq	%rsi,24(%rbx)
.align	16
.Lround:
	movq	4096(%rbp,%rsi,8),%r8
	movl	0(%rsp),%eax
	movl	4(%rsp),%ebx
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	movq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	6(%rbp,%rsi,8),%r10
	movq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	movq	4(%rbp,%rsi,8),%r12
	movq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	2(%rbp,%rsi,8),%r14
	movq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	movl	56+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	movl	56+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	xorq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r10
	xorq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r12
	xorq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r14
	xorq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	leaq	128(%rsp),%rbx
	movq	24(%rbx),%rsi
	addq	$1,%rsi
	cmpq	$10,%rsi
	je	.Lroundsdone

	movq	%rsi,24(%rbx)
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	jmp	.Lround
.align	16
.Lroundsdone:
	movq	0(%rbx),%rdi
	movq	8(%rbx),%rsi
	movq	16(%rbx),%rax
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	xorq	0(%rdi),%r8
	xorq	8(%rdi),%r9
	xorq	16(%rdi),%r10
	xorq	24(%rdi),%r11
	xorq	32(%rdi),%r12
	xorq	40(%rdi),%r13
	xorq	48(%rdi),%r14
	xorq	56(%rdi),%r15
	movq	%r8,0(%rdi)
	movq	%r9,8(%rdi)
	movq	%r10,16(%rdi)
	movq	%r11,24(%rdi)
	movq	%r12,32(%rdi)
	movq	%r13,40(%rdi)
	movq	%r14,48(%rdi)
	movq	%r15,56(%rdi)
	leaq	64(%rsi),%rsi
	subq	$1,%rax
	jz	.Lalldone
	movq	%rsi,8(%rbx)
	movq	%rax,16(%rbx)
	jmp	.Louterloop
.Lalldone:
	movq	32(%rbx),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
.Lepilogue:
	.byte	0xf3,0xc3
.size	whirlpool_block,.-whirlpool_block

.align	64
.type	.Ltable,@object
.Ltable:
.byte	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216
.byte	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38
.byte	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184
.byte	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251
.byte	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203
.byte	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17
.byte	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9
.byte	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13
.byte	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155
.byte	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255
.byte	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12
.byte	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14
.byte	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150
.byte	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48
.byte	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109
.byte	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248
.byte	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71
.byte	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53
.byte	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55
.byte	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138
.byte	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210
.byte	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108
.byte	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132
.byte	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128
.byte	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245
.byte	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179
.byte	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33
.byte	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156
.byte	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67
.byte	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41
.byte	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93
.byte	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213
.byte	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189
.byte	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232
.byte	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146
.byte	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158
.byte	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19
.byte	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35
.byte	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32
.byte	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68
.byte	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162
.byte	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207
.byte	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124
.byte	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90
.byte	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80
.byte	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201
.byte	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20
.byte	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217
.byte	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60
.byte	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143
.byte	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144
.byte	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7
.byte	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221
.byte	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211
.byte	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45
.byte	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120
.byte	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151
.byte	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2
.byte	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115
.byte	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167
.byte	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246
.byte	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178
.byte	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73
.byte	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86
.byte	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112
.byte	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205
.byte	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187
.byte	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113
.byte	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123
.byte	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175
.byte	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69
.byte	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26
.byte	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212
.byte	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88
.byte	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46
.byte	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63
.byte	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172
.byte	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176
.byte	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239
.byte	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182
.byte	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92
.byte	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18
.byte	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147
.byte	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222
.byte	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198
.byte	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209
.byte	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59
.byte	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95
.byte	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49
.byte	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168
.byte	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185
.byte	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188
.byte	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62
.byte	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11
.byte	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191
.byte	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89
.byte	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242
.byte	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119
.byte	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51
.byte	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244
.byte	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39
.byte	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235
.byte	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137
.byte	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50
.byte	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84
.byte	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141
.byte	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100
.byte	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157
.byte	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61
.byte	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15
.byte	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202
.byte	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183
.byte	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125
.byte	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206
.byte	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127
.byte	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47
.byte	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99
.byte	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42
.byte	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204
.byte	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130
.byte	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122
.byte	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72
.byte	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149
.byte	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223
.byte	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77
.byte	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192
.byte	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145
.byte	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200
.byte	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91
.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
.byte	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249
.byte	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110
.byte	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225
.byte	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230
.byte	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40
.byte	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195
.byte	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116
.byte	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190
.byte	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29
.byte	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234
.byte	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87
.byte	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56
.byte	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173
.byte	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196
.byte	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218
.byte	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199
.byte	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219
.byte	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233
.byte	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106
.byte	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3
.byte	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74
.byte	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142
.byte	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96
.byte	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252
.byte	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70
.byte	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31
.byte	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118
.byte	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250
.byte	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54
.byte	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174
.byte	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75
.byte	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133
.byte	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126
.byte	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231
.byte	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85
.byte	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58
.byte	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129
.byte	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82
.byte	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98
.byte	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163
.byte	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16
.byte	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171
.byte	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208
.byte	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197
.byte	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236
.byte	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22
.byte	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148
.byte	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159
.byte	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229
.byte	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152
.byte	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23
.byte	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228
.byte	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161
.byte	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78
.byte	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66
.byte	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52
.byte	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8
.byte	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238
.byte	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97
.byte	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177
.byte	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79
.byte	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36
.byte	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227
.byte	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37
.byte	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34
.byte	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101
.byte	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121
.byte	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105
.byte	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169
.byte	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25
.byte	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254
.byte	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154
.byte	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240
.byte	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153
.byte	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131
.byte	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4
.byte	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102
.byte	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224
.byte	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193
.byte	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253
.byte	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64
.byte	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28
.byte	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24
.byte	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139
.byte	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81
.byte	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5
.byte	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140
.byte	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57
.byte	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170
.byte	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27
.byte	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220
.byte	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94
.byte	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160
.byte	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136
.byte	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103
.byte	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10
.byte	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135
.byte	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241
.byte	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114
.byte	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83
.byte	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1
.byte	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43
.byte	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164
.byte	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243
.byte	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21
.byte	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76
.byte	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165
.byte	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181
.byte	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180
.byte	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186
.byte	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166
.byte	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247
.byte	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6
.byte	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65
.byte	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215
.byte	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111
.byte	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30
.byte	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214
.byte	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226
.byte	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104
.byte	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44
.byte	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237
.byte	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117
.byte	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134
.byte	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107
.byte	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194
.byte	24,35,198,232,135,184,1,79
.byte	54,166,210,245,121,111,145,82
.byte	96,188,155,142,163,12,123,53
.byte	29,224,215,194,46,75,254,87
.byte	21,119,55,229,159,240,74,218
.byte	88,201,41,10,177,160,107,133
.byte	189,93,16,244,203,62,5,103
.byte	228,39,65,139,167,125,149,216
.byte	251,238,124,102,221,23,71,158
.byte	202,45,191,7,173,90,131,51
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Added jni/libressl/crypto/whrlpool/wp-macosx-x86_64.S.






















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
#include "x86_arch.h"
.text	

.globl	_whirlpool_block

.p2align	4
_whirlpool_block:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movq	%rsp,%r11
	subq	$128+40,%rsp
	andq	$-64,%rsp

	leaq	128(%rsp),%r10
	movq	%rdi,0(%r10)
	movq	%rsi,8(%r10)
	movq	%rdx,16(%r10)
	movq	%r11,32(%r10)
L$prologue:

	movq	%r10,%rbx
	leaq	L$table(%rip),%rbp

	xorq	%rcx,%rcx
	xorq	%rdx,%rdx
	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11
	movq	32(%rdi),%r12
	movq	40(%rdi),%r13
	movq	48(%rdi),%r14
	movq	56(%rdi),%r15
L$outerloop:
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	xorq	%rsi,%rsi
	movq	%rsi,24(%rbx)
.p2align	4
L$round:
	movq	4096(%rbp,%rsi,8),%r8
	movl	0(%rsp),%eax
	movl	4(%rsp),%ebx
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	movq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	6(%rbp,%rsi,8),%r10
	movq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	movq	4(%rbp,%rsi,8),%r12
	movq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	2(%rbp,%rsi,8),%r14
	movq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	movl	56+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	movl	56+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	xorq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r10
	xorq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r12
	xorq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r14
	xorq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	leaq	128(%rsp),%rbx
	movq	24(%rbx),%rsi
	addq	$1,%rsi
	cmpq	$10,%rsi
	je	L$roundsdone

	movq	%rsi,24(%rbx)
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	jmp	L$round
.p2align	4
L$roundsdone:
	movq	0(%rbx),%rdi
	movq	8(%rbx),%rsi
	movq	16(%rbx),%rax
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	xorq	0(%rdi),%r8
	xorq	8(%rdi),%r9
	xorq	16(%rdi),%r10
	xorq	24(%rdi),%r11
	xorq	32(%rdi),%r12
	xorq	40(%rdi),%r13
	xorq	48(%rdi),%r14
	xorq	56(%rdi),%r15
	movq	%r8,0(%rdi)
	movq	%r9,8(%rdi)
	movq	%r10,16(%rdi)
	movq	%r11,24(%rdi)
	movq	%r12,32(%rdi)
	movq	%r13,40(%rdi)
	movq	%r14,48(%rdi)
	movq	%r15,56(%rdi)
	leaq	64(%rsi),%rsi
	subq	$1,%rax
	jz	L$alldone
	movq	%rsi,8(%rbx)
	movq	%rax,16(%rbx)
	jmp	L$outerloop
L$alldone:
	movq	32(%rbx),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$epilogue:
	.byte	0xf3,0xc3


.p2align	6

L$table:
.byte	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216
.byte	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38
.byte	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184
.byte	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251
.byte	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203
.byte	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17
.byte	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9
.byte	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13
.byte	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155
.byte	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255
.byte	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12
.byte	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14
.byte	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150
.byte	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48
.byte	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109
.byte	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248
.byte	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71
.byte	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53
.byte	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55
.byte	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138
.byte	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210
.byte	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108
.byte	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132
.byte	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128
.byte	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245
.byte	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179
.byte	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33
.byte	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156
.byte	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67
.byte	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41
.byte	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93
.byte	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213
.byte	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189
.byte	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232
.byte	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146
.byte	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158
.byte	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19
.byte	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35
.byte	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32
.byte	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68
.byte	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162
.byte	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207
.byte	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124
.byte	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90
.byte	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80
.byte	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201
.byte	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20
.byte	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217
.byte	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60
.byte	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143
.byte	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144
.byte	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7
.byte	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221
.byte	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211
.byte	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45
.byte	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120
.byte	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151
.byte	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2
.byte	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115
.byte	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167
.byte	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246
.byte	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178
.byte	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73
.byte	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86
.byte	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112
.byte	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205
.byte	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187
.byte	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113
.byte	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123
.byte	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175
.byte	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69
.byte	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26
.byte	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212
.byte	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88
.byte	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46
.byte	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63
.byte	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172
.byte	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176
.byte	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239
.byte	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182
.byte	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92
.byte	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18
.byte	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147
.byte	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222
.byte	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198
.byte	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209
.byte	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59
.byte	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95
.byte	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49
.byte	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168
.byte	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185
.byte	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188
.byte	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62
.byte	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11
.byte	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191
.byte	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89
.byte	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242
.byte	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119
.byte	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51
.byte	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244
.byte	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39
.byte	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235
.byte	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137
.byte	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50
.byte	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84
.byte	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141
.byte	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100
.byte	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157
.byte	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61
.byte	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15
.byte	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202
.byte	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183
.byte	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125
.byte	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206
.byte	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127
.byte	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47
.byte	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99
.byte	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42
.byte	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204
.byte	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130
.byte	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122
.byte	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72
.byte	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149
.byte	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223
.byte	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77
.byte	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192
.byte	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145
.byte	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200
.byte	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91
.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
.byte	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249
.byte	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110
.byte	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225
.byte	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230
.byte	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40
.byte	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195
.byte	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116
.byte	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190
.byte	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29
.byte	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234
.byte	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87
.byte	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56
.byte	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173
.byte	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196
.byte	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218
.byte	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199
.byte	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219
.byte	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233
.byte	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106
.byte	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3
.byte	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74
.byte	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142
.byte	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96
.byte	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252
.byte	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70
.byte	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31
.byte	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118
.byte	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250
.byte	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54
.byte	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174
.byte	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75
.byte	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133
.byte	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126
.byte	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231
.byte	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85
.byte	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58
.byte	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129
.byte	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82
.byte	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98
.byte	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163
.byte	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16
.byte	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171
.byte	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208
.byte	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197
.byte	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236
.byte	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22
.byte	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148
.byte	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159
.byte	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229
.byte	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152
.byte	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23
.byte	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228
.byte	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161
.byte	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78
.byte	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66
.byte	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52
.byte	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8
.byte	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238
.byte	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97
.byte	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177
.byte	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79
.byte	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36
.byte	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227
.byte	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37
.byte	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34
.byte	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101
.byte	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121
.byte	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105
.byte	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169
.byte	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25
.byte	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254
.byte	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154
.byte	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240
.byte	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153
.byte	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131
.byte	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4
.byte	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102
.byte	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224
.byte	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193
.byte	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253
.byte	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64
.byte	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28
.byte	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24
.byte	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139
.byte	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81
.byte	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5
.byte	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140
.byte	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57
.byte	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170
.byte	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27
.byte	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220
.byte	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94
.byte	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160
.byte	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136
.byte	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103
.byte	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10
.byte	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135
.byte	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241
.byte	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114
.byte	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83
.byte	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1
.byte	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43
.byte	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164
.byte	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243
.byte	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21
.byte	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76
.byte	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165
.byte	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181
.byte	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180
.byte	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186
.byte	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166
.byte	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247
.byte	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6
.byte	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65
.byte	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215
.byte	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111
.byte	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30
.byte	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214
.byte	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226
.byte	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104
.byte	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44
.byte	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237
.byte	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117
.byte	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134
.byte	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107
.byte	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194
.byte	24,35,198,232,135,184,1,79
.byte	54,166,210,245,121,111,145,82
.byte	96,188,155,142,163,12,123,53
.byte	29,224,215,194,46,75,254,87
.byte	21,119,55,229,159,240,74,218
.byte	88,201,41,10,177,160,107,133
.byte	189,93,16,244,203,62,5,103
.byte	228,39,65,139,167,125,149,216
.byte	251,238,124,102,221,23,71,158
.byte	202,45,191,7,173,90,131,51
Deleted jni/libressl/crypto/whrlpool/wp-macosx-x86_64.s.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
.text	

.globl	_whirlpool_block

.p2align	4
_whirlpool_block:
	pushq	%rbx
	pushq	%rbp
	pushq	%r12
	pushq	%r13
	pushq	%r14
	pushq	%r15

	movq	%rsp,%r11
	subq	$128+40,%rsp
	andq	$-64,%rsp

	leaq	128(%rsp),%r10
	movq	%rdi,0(%r10)
	movq	%rsi,8(%r10)
	movq	%rdx,16(%r10)
	movq	%r11,32(%r10)
L$prologue:

	movq	%r10,%rbx
	leaq	L$table(%rip),%rbp

	xorq	%rcx,%rcx
	xorq	%rdx,%rdx
	movq	0(%rdi),%r8
	movq	8(%rdi),%r9
	movq	16(%rdi),%r10
	movq	24(%rdi),%r11
	movq	32(%rdi),%r12
	movq	40(%rdi),%r13
	movq	48(%rdi),%r14
	movq	56(%rdi),%r15
L$outerloop:
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	xorq	%rsi,%rsi
	movq	%rsi,24(%rbx)
.p2align	4
L$round:
	movq	4096(%rbp,%rsi,8),%r8
	movl	0(%rsp),%eax
	movl	4(%rsp),%ebx
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	movq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	6(%rbp,%rsi,8),%r10
	movq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	movq	4(%rbp,%rsi,8),%r12
	movq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	movq	2(%rbp,%rsi,8),%r14
	movq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	movl	56+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	movl	56+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	movq	%r8,0(%rsp)
	movq	%r9,8(%rsp)
	movq	%r10,16(%rsp)
	movq	%r11,24(%rsp)
	movq	%r12,32(%rsp)
	movq	%r13,40(%rsp)
	movq	%r14,48(%rsp)
	movq	%r15,56(%rsp)
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r8
	xorq	7(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+0+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r10
	xorq	5(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r12
	xorq	3(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+0+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r14
	xorq	1(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r9
	xorq	7(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+8+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r11
	xorq	5(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r13
	xorq	3(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+8+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r15
	xorq	1(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r10
	xorq	7(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+16+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r12
	xorq	5(%rbp,%rdi,8),%r13
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r14
	xorq	3(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+16+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r8
	xorq	1(%rbp,%rdi,8),%r9
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r11
	xorq	7(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+24+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r13
	xorq	5(%rbp,%rdi,8),%r14
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r15
	xorq	3(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+24+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r9
	xorq	1(%rbp,%rdi,8),%r10
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r12
	xorq	7(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+32+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r14
	xorq	5(%rbp,%rdi,8),%r15
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r8
	xorq	3(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+32+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r10
	xorq	1(%rbp,%rdi,8),%r11
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r13
	xorq	7(%rbp,%rdi,8),%r14
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+40+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r15
	xorq	5(%rbp,%rdi,8),%r8
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r9
	xorq	3(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+40+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r11
	xorq	1(%rbp,%rdi,8),%r12
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r14
	xorq	7(%rbp,%rdi,8),%r15
	movb	%al,%cl
	movb	%ah,%dl
	movl	64+48+8(%rsp),%eax
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r8
	xorq	5(%rbp,%rdi,8),%r9
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r10
	xorq	3(%rbp,%rdi,8),%r11
	movb	%bl,%cl
	movb	%bh,%dl
	movl	64+48+8+4(%rsp),%ebx
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r12
	xorq	1(%rbp,%rdi,8),%r13
	movb	%al,%cl
	movb	%ah,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%eax
	xorq	0(%rbp,%rsi,8),%r15
	xorq	7(%rbp,%rdi,8),%r8
	movb	%al,%cl
	movb	%ah,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	6(%rbp,%rsi,8),%r9
	xorq	5(%rbp,%rdi,8),%r10
	movb	%bl,%cl
	movb	%bh,%dl
	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	shrl	$16,%ebx
	xorq	4(%rbp,%rsi,8),%r11
	xorq	3(%rbp,%rdi,8),%r12
	movb	%bl,%cl
	movb	%bh,%dl

	leaq	(%rcx,%rcx,1),%rsi
	leaq	(%rdx,%rdx,1),%rdi
	xorq	2(%rbp,%rsi,8),%r13
	xorq	1(%rbp,%rdi,8),%r14
	leaq	128(%rsp),%rbx
	movq	24(%rbx),%rsi
	addq	$1,%rsi
	cmpq	$10,%rsi
	je	L$roundsdone

	movq	%rsi,24(%rbx)
	movq	%r8,64+0(%rsp)
	movq	%r9,64+8(%rsp)
	movq	%r10,64+16(%rsp)
	movq	%r11,64+24(%rsp)
	movq	%r12,64+32(%rsp)
	movq	%r13,64+40(%rsp)
	movq	%r14,64+48(%rsp)
	movq	%r15,64+56(%rsp)
	jmp	L$round
.p2align	4
L$roundsdone:
	movq	0(%rbx),%rdi
	movq	8(%rbx),%rsi
	movq	16(%rbx),%rax
	xorq	0(%rsi),%r8
	xorq	8(%rsi),%r9
	xorq	16(%rsi),%r10
	xorq	24(%rsi),%r11
	xorq	32(%rsi),%r12
	xorq	40(%rsi),%r13
	xorq	48(%rsi),%r14
	xorq	56(%rsi),%r15
	xorq	0(%rdi),%r8
	xorq	8(%rdi),%r9
	xorq	16(%rdi),%r10
	xorq	24(%rdi),%r11
	xorq	32(%rdi),%r12
	xorq	40(%rdi),%r13
	xorq	48(%rdi),%r14
	xorq	56(%rdi),%r15
	movq	%r8,0(%rdi)
	movq	%r9,8(%rdi)
	movq	%r10,16(%rdi)
	movq	%r11,24(%rdi)
	movq	%r12,32(%rdi)
	movq	%r13,40(%rdi)
	movq	%r14,48(%rdi)
	movq	%r15,56(%rdi)
	leaq	64(%rsi),%rsi
	subq	$1,%rax
	jz	L$alldone
	movq	%rsi,8(%rbx)
	movq	%rax,16(%rbx)
	jmp	L$outerloop
L$alldone:
	movq	32(%rbx),%rsi
	movq	(%rsi),%r15
	movq	8(%rsi),%r14
	movq	16(%rsi),%r13
	movq	24(%rsi),%r12
	movq	32(%rsi),%rbp
	movq	40(%rsi),%rbx
	leaq	48(%rsi),%rsp
L$epilogue:
	.byte	0xf3,0xc3


.p2align	6

L$table:
.byte	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216
.byte	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38
.byte	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184
.byte	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251
.byte	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203
.byte	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17
.byte	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9
.byte	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13
.byte	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155
.byte	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255
.byte	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12
.byte	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14
.byte	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150
.byte	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48
.byte	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109
.byte	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248
.byte	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71
.byte	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53
.byte	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55
.byte	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138
.byte	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210
.byte	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108
.byte	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132
.byte	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128
.byte	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245
.byte	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179
.byte	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33
.byte	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156
.byte	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67
.byte	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41
.byte	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93
.byte	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213
.byte	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189
.byte	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232
.byte	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146
.byte	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158
.byte	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19
.byte	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35
.byte	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32
.byte	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68
.byte	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162
.byte	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207
.byte	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124
.byte	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90
.byte	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80
.byte	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201
.byte	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20
.byte	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217
.byte	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60
.byte	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143
.byte	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144
.byte	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7
.byte	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221
.byte	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211
.byte	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45
.byte	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120
.byte	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151
.byte	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2
.byte	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115
.byte	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167
.byte	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246
.byte	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178
.byte	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73
.byte	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86
.byte	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112
.byte	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205
.byte	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187
.byte	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113
.byte	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123
.byte	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175
.byte	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69
.byte	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26
.byte	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212
.byte	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88
.byte	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46
.byte	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63
.byte	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172
.byte	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176
.byte	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239
.byte	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182
.byte	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92
.byte	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18
.byte	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147
.byte	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222
.byte	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198
.byte	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209
.byte	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59
.byte	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95
.byte	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49
.byte	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168
.byte	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185
.byte	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188
.byte	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62
.byte	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11
.byte	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191
.byte	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89
.byte	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242
.byte	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119
.byte	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51
.byte	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244
.byte	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39
.byte	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235
.byte	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137
.byte	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50
.byte	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84
.byte	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141
.byte	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100
.byte	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157
.byte	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61
.byte	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15
.byte	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202
.byte	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183
.byte	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125
.byte	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206
.byte	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127
.byte	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47
.byte	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99
.byte	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42
.byte	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204
.byte	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130
.byte	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122
.byte	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72
.byte	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149
.byte	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223
.byte	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77
.byte	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192
.byte	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145
.byte	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200
.byte	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91
.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
.byte	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249
.byte	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110
.byte	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225
.byte	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230
.byte	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40
.byte	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195
.byte	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116
.byte	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190
.byte	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29
.byte	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234
.byte	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87
.byte	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56
.byte	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173
.byte	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196
.byte	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218
.byte	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199
.byte	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219
.byte	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233
.byte	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106
.byte	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3
.byte	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74
.byte	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142
.byte	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96
.byte	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252
.byte	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70
.byte	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31
.byte	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118
.byte	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250
.byte	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54
.byte	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174
.byte	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75
.byte	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133
.byte	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126
.byte	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231
.byte	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85
.byte	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58
.byte	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129
.byte	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82
.byte	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98
.byte	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163
.byte	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16
.byte	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171
.byte	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208
.byte	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197
.byte	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236
.byte	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22
.byte	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148
.byte	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159
.byte	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229
.byte	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152
.byte	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23
.byte	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228
.byte	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161
.byte	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78
.byte	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66
.byte	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52
.byte	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8
.byte	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238
.byte	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97
.byte	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177
.byte	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79
.byte	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36
.byte	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227
.byte	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37
.byte	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34
.byte	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101
.byte	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121
.byte	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105
.byte	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169
.byte	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25
.byte	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254
.byte	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154
.byte	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240
.byte	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153
.byte	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131
.byte	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4
.byte	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102
.byte	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224
.byte	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193
.byte	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253
.byte	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64
.byte	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28
.byte	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24
.byte	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139
.byte	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81
.byte	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5
.byte	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140
.byte	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57
.byte	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170
.byte	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27
.byte	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220
.byte	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94
.byte	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160
.byte	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136
.byte	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103
.byte	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10
.byte	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135
.byte	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241
.byte	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114
.byte	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83
.byte	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1
.byte	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43
.byte	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164
.byte	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243
.byte	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21
.byte	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76
.byte	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165
.byte	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181
.byte	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180
.byte	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186
.byte	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166
.byte	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247
.byte	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6
.byte	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65
.byte	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215
.byte	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111
.byte	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30
.byte	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214
.byte	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226
.byte	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104
.byte	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44
.byte	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237
.byte	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117
.byte	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134
.byte	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107
.byte	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194
.byte	24,35,198,232,135,184,1,79
.byte	54,166,210,245,121,111,145,82
.byte	96,188,155,142,163,12,123,53
.byte	29,224,215,194,46,75,254,87
.byte	21,119,55,229,159,240,74,218
.byte	88,201,41,10,177,160,107,133
.byte	189,93,16,244,203,62,5,103
.byte	228,39,65,139,167,125,149,216
.byte	251,238,124,102,221,23,71,158
.byte	202,45,191,7,173,90,131,51
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/crypto/whrlpool/wp_block.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: wp_block.c,v 1.9 2014/07/09 16:06:13 miod Exp $ */
/**
 * The Whirlpool hashing function.
 *
 * <P>
 * <b>References</b>
 *
 * <P>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: wp_block.c,v 1.13 2016/11/04 17:30:30 miod Exp $ */
/**
 * The Whirlpool hashing function.
 *
 * <P>
 * <b>References</b>
 *
 * <P>
32
33
34
35
36
37
38
39
40
41


42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

60
61

62

63
64

65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "wp_locl.h"
#include <string.h>
#include <machine/endian.h>



typedef unsigned char		u8;
#if defined(_LP64)
typedef unsigned long		u64;
#else
typedef unsigned long long	u64;
#endif

#define ROUNDS	10

#undef SMALL_REGISTER_BANK
#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
#  define SMALL_REGISTER_BANK
#  if defined(WHIRLPOOL_ASM)
#    ifndef OPENSSL_SMALL_FOOTPRINT
#      define OPENSSL_SMALL_FOOTPRINT	/* it appears that for elder non-MMX
					   CPUs this is actually faster! */
#    endif

#    define GO_FOR_MMX(ctx,inp,num)	do {			\
	extern unsigned int OPENSSL_ia32cap_P[];		\

	void whirlpool_block_mmx(void *,const void *,size_t);	\

	if (!(OPENSSL_ia32cap_P[0] & (1<<23)))	break;		\
        whirlpool_block_mmx(ctx->H.c,inp,num);	return;		\

					} while (0)
#  endif
#elif defined(__arm__)
#  define SMALL_REGISTER_BANK
#elif defined(__vax__)
#  define SMALL_REGISTER_BANK
#endif

#undef ROTATE
#if defined(__GNUC__) && __GNUC__>=2
#  if defined(__x86_64) || defined(__x86_64__)
#      define ROTATE(a,n)	({ u64 ret; asm ("rolq %1,%0"	\
				   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
#  elif defined(__ia64) || defined(__ia64__)
#    if BYTE_ORDER == LITTLE_ENDIAN
#      define ROTATE(a,n)	({ u64 ret; asm ("shrp %0=%1,%1,%2"	\
				   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
#    else
#      define ROTATE(a,n)	({ u64 ret; asm ("shrp %0=%1,%1,%2"	\
				   : "=r"(ret) : "r"(a),"M"(n)); ret; })
#    endif
#  endif
#endif

#if defined(OPENSSL_SMALL_FOOTPRINT)
#  if !defined(ROTATE)
#    if BYTE_ORDER == LITTLE_ENDIAN	/* little-endians have to rotate left */
#      define ROTATE(i,n)	((i)<<(n) ^ (i)>>(64-n))







|
|

>
>


















>
|
<
>

>
|
|
>
|


<
<








<
<
<
<
<
<
<
<







32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72


73
74
75
76
77
78
79
80








81
82
83
84
85
86
87
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include <string.h>
#include <openssl/crypto.h>
#include <machine/endian.h>

#include "wp_locl.h"

typedef unsigned char		u8;
#if defined(_LP64)
typedef unsigned long		u64;
#else
typedef unsigned long long	u64;
#endif

#define ROUNDS	10

#undef SMALL_REGISTER_BANK
#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
#  define SMALL_REGISTER_BANK
#  if defined(WHIRLPOOL_ASM)
#    ifndef OPENSSL_SMALL_FOOTPRINT
#      define OPENSSL_SMALL_FOOTPRINT	/* it appears that for elder non-MMX
					   CPUs this is actually faster! */
#    endif
#include "x86_arch.h"
#    define GO_FOR_MMX(ctx,inp,num)				\

do {								\
	void whirlpool_block_mmx(void *,const void *,size_t);	\
	if ((OPENSSL_cpu_caps() & CPUCAP_MASK_MMX) == 0)	\
		break;						\
        whirlpool_block_mmx(ctx->H.c,inp,num);			\
	return;							\
} while (0)
#  endif
#elif defined(__arm__)


#  define SMALL_REGISTER_BANK
#endif

#undef ROTATE
#if defined(__GNUC__) && __GNUC__>=2
#  if defined(__x86_64) || defined(__x86_64__)
#      define ROTATE(a,n)	({ u64 ret; asm ("rolq %1,%0"	\
				   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })








#  endif
#endif

#if defined(OPENSSL_SMALL_FOOTPRINT)
#  if !defined(ROTATE)
#    if BYTE_ORDER == LITTLE_ENDIAN	/* little-endians have to rotate left */
#      define ROTATE(i,n)	((i)<<(n) ^ (i)>>(64-n))
Changes to jni/libressl/crypto/whrlpool/wp_dgst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: wp_dgst.c,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/**
 * The Whirlpool hashing function.
 *
 * <P>
 * <b>References</b>
 *
 * <P>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: wp_dgst.c,v 1.4 2014/07/12 11:25:25 miod Exp $ */
/**
 * The Whirlpool hashing function.
 *
 * <P>
 * <b>References</b>
 *
 * <P>
Changes to jni/libressl/crypto/whrlpool/wp_locl.h.
1
2
3
4


5


/* $OpenBSD$ */

#include <openssl/whrlpool.h>



void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);


|



>
>

>
>
1
2
3
4
5
6
7
8
9
/* $OpenBSD: wp_locl.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */

#include <openssl/whrlpool.h>

__BEGIN_HIDDEN_DECLS

void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/x509/by_dir.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: by_dir.c,v 1.36 2015/02/12 03:54:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: by_dir.c,v 1.38 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

	switch (cmd) {
	case X509_L_ADD_DIR:
		if (argl == X509_FILETYPE_DEFAULT) {
			ret = add_cert_dir(ld, X509_get_default_cert_dir(),
			    X509_FILETYPE_PEM);
			if (!ret) {
				X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
			}
		} else
			ret = add_cert_dir(ld, argp, (int)argl);
		break;
	}
	return (ret);
}







|







129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

	switch (cmd) {
	case X509_L_ADD_DIR:
		if (argl == X509_FILETYPE_DEFAULT) {
			ret = add_cert_dir(ld, X509_get_default_cert_dir(),
			    X509_FILETYPE_PEM);
			if (!ret) {
				X509error(X509_R_LOADING_CERT_DIR);
			}
		} else
			ret = add_cert_dir(ld, argp, (int)argl);
		break;
	}
	return (ret);
}
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
add_cert_dir(BY_DIR *ctx, const char *dir, int type)
{
	int j;
	const char *s, *ss, *p;
	ptrdiff_t len;

	if (dir == NULL || !*dir) {
		X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
		return 0;
	}

	s = dir;
	p = s;
	do {
		if ((*p == ':') || (*p == '\0')) {







|







201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
add_cert_dir(BY_DIR *ctx, const char *dir, int type)
{
	int j;
	const char *s, *ss, *p;
	ptrdiff_t len;

	if (dir == NULL || !*dir) {
		X509error(X509_R_INVALID_DIRECTORY);
		return 0;
	}

	s = dir;
	p = s;
	do {
		if ((*p == ':') || (*p == '\0')) {
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
					break;
			}
			if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
				continue;
			if (ctx->dirs == NULL) {
				ctx->dirs = sk_BY_DIR_ENTRY_new_null();
				if (!ctx->dirs) {
					X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
					return 0;
				}
			}
			ent = malloc(sizeof(BY_DIR_ENTRY));
			if (!ent) {
				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
				return 0;
			}
			ent->dir_type = type;
			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
			ent->dir = strndup(ss, (size_t)len);
			if (!ent->dir || !ent->hashes) {
				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
				by_dir_entry_free(ent);
				return 0;
			}
			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
				by_dir_entry_free(ent);
				return 0;
			}
		}
	} while (*p++ != '\0');
	return 1;
}







|





|






|




|







226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
					break;
			}
			if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
				continue;
			if (ctx->dirs == NULL) {
				ctx->dirs = sk_BY_DIR_ENTRY_new_null();
				if (!ctx->dirs) {
					X509error(ERR_R_MALLOC_FAILURE);
					return 0;
				}
			}
			ent = malloc(sizeof(BY_DIR_ENTRY));
			if (!ent) {
				X509error(ERR_R_MALLOC_FAILURE);
				return 0;
			}
			ent->dir_type = type;
			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
			ent->dir = strndup(ss, (size_t)len);
			if (!ent->dir || !ent->hashes) {
				X509error(ERR_R_MALLOC_FAILURE);
				by_dir_entry_free(ent);
				return 0;
			}
			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
				X509error(ERR_R_MALLOC_FAILURE);
				by_dir_entry_free(ent);
				return 0;
			}
		}
	} while (*p++ != '\0');
	return 1;
}
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
		postfix="";
	} else if (type == X509_LU_CRL) {
		data.crl.st_crl.crl = &data.crl.st_crl_info;
		data.crl.st_crl_info.issuer = name;
		stmp.data.crl = &data.crl.st_crl;
		postfix="r";
	} else {
		X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
		goto finish;
	}

	if ((b = BUF_MEM_new()) == NULL) {
		X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
		goto finish;
	}

	ctx = (BY_DIR *)xl->method_data;

	h = X509_NAME_hash(name);
	for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
		BY_DIR_ENTRY *ent;
		int idx;
		BY_DIR_HASH htmp, *hent;
		ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
		j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
		if (!BUF_MEM_grow(b, j)) {
			X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
			goto finish;
		}
		if (type == X509_LU_CRL && ent->hashes) {
			htmp.hash = h;
			CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
			idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
			if (idx >= 0) {







|




|













|







290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
		postfix="";
	} else if (type == X509_LU_CRL) {
		data.crl.st_crl.crl = &data.crl.st_crl_info;
		data.crl.st_crl_info.issuer = name;
		stmp.data.crl = &data.crl.st_crl;
		postfix="r";
	} else {
		X509error(X509_R_WRONG_LOOKUP_TYPE);
		goto finish;
	}

	if ((b = BUF_MEM_new()) == NULL) {
		X509error(ERR_R_BUF_LIB);
		goto finish;
	}

	ctx = (BY_DIR *)xl->method_data;

	h = X509_NAME_hash(name);
	for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
		BY_DIR_ENTRY *ent;
		int idx;
		BY_DIR_HASH htmp, *hent;
		ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
		j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
		if (!BUF_MEM_grow(b, j)) {
			X509error(ERR_R_MALLOC_FAILURE);
			goto finish;
		}
		if (type == X509_LU_CRL && ent->hashes) {
			htmp.hash = h;
			CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
			idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
			if (idx >= 0) {
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
				if (idx >= 0)
					hent = sk_BY_DIR_HASH_value(
					    ent->hashes, idx);
			}
			if (!hent) {
				hent = malloc(sizeof(BY_DIR_HASH));
				if (!hent) {
					X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
					ok = 0;
					goto finish;
				}
				hent->hash = h;
				hent->suffix = k;
				if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
					X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
					free(hent);
					ok = 0;
					goto finish;
				}
			} else if (hent->suffix < k)
				hent->suffix = k;







|







|







377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
				if (idx >= 0)
					hent = sk_BY_DIR_HASH_value(
					    ent->hashes, idx);
			}
			if (!hent) {
				hent = malloc(sizeof(BY_DIR_HASH));
				if (!hent) {
					X509error(ERR_R_MALLOC_FAILURE);
					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
					ok = 0;
					goto finish;
				}
				hent->hash = h;
				hent->suffix = k;
				if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
					X509error(ERR_R_MALLOC_FAILURE);
					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
					free(hent);
					ok = 0;
					goto finish;
				}
			} else if (hent->suffix < k)
				hent->suffix = k;
Changes to jni/libressl/crypto/x509/by_file.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: by_file.c,v 1.19 2015/04/11 16:03:21 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: by_file.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
	switch (cmd) {
	case X509_L_FILE_LOAD:
		if (argl == X509_FILETYPE_DEFAULT) {
			ok = (X509_load_cert_crl_file(ctx,
			    X509_get_default_cert_file(),
			    X509_FILETYPE_PEM) != 0);
			if (!ok) {
				X509err(X509_F_BY_FILE_CTRL,
				    X509_R_LOADING_DEFAULTS);
			}
		} else {
			if (argl == X509_FILETYPE_PEM)
				ok = (X509_load_cert_crl_file(ctx, argp,
				    X509_FILETYPE_PEM) != 0);
			else
				ok = (X509_load_cert_file(ctx,







<
|







98
99
100
101
102
103
104

105
106
107
108
109
110
111
112
	switch (cmd) {
	case X509_L_FILE_LOAD:
		if (argl == X509_FILETYPE_DEFAULT) {
			ok = (X509_load_cert_crl_file(ctx,
			    X509_get_default_cert_file(),
			    X509_FILETYPE_PEM) != 0);
			if (!ok) {

				X509error(X509_R_LOADING_DEFAULTS);
			}
		} else {
			if (argl == X509_FILETYPE_PEM)
				ok = (X509_load_cert_crl_file(ctx, argp,
				    X509_FILETYPE_PEM) != 0);
			else
				ok = (X509_load_cert_file(ctx,
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
	X509 *x = NULL;

	if (file == NULL)
		return (1);
	in = BIO_new(BIO_s_file_internal());

	if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
		X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
		goto err;
	}

	if (type == X509_FILETYPE_PEM) {
		for (;;) {
			x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
			if (x == NULL) {
				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
				    PEM_R_NO_START_LINE) && (count > 0)) {
					ERR_clear_error();
					break;
				} else {
					X509err(X509_F_X509_LOAD_CERT_FILE,
					    ERR_R_PEM_LIB);
					goto err;
				}
			}
			i = X509_STORE_add_cert(ctx->store_ctx, x);
			if (!i)
				goto err;
			count++;
			X509_free(x);
			x = NULL;
		}
		ret = count;
	} else if (type == X509_FILETYPE_ASN1) {
		x = d2i_X509_bio(in, NULL);
		if (x == NULL) {
			X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
			goto err;
		}
		i = X509_STORE_add_cert(ctx->store_ctx, x);
		if (!i)
			goto err;
		ret = i;
	} else {
		X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
		goto err;
	}
err:
	X509_free(x);
	BIO_free(in);
	return (ret);
}







|












<
|














|







|







126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	X509 *x = NULL;

	if (file == NULL)
		return (1);
	in = BIO_new(BIO_s_file_internal());

	if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
		X509error(ERR_R_SYS_LIB);
		goto err;
	}

	if (type == X509_FILETYPE_PEM) {
		for (;;) {
			x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
			if (x == NULL) {
				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
				    PEM_R_NO_START_LINE) && (count > 0)) {
					ERR_clear_error();
					break;
				} else {

					X509error(ERR_R_PEM_LIB);
					goto err;
				}
			}
			i = X509_STORE_add_cert(ctx->store_ctx, x);
			if (!i)
				goto err;
			count++;
			X509_free(x);
			x = NULL;
		}
		ret = count;
	} else if (type == X509_FILETYPE_ASN1) {
		x = d2i_X509_bio(in, NULL);
		if (x == NULL) {
			X509error(ERR_R_ASN1_LIB);
			goto err;
		}
		i = X509_STORE_add_cert(ctx->store_ctx, x);
		if (!i)
			goto err;
		ret = i;
	} else {
		X509error(X509_R_BAD_X509_FILETYPE);
		goto err;
	}
err:
	X509_free(x);
	BIO_free(in);
	return (ret);
}
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
	X509_CRL *x = NULL;

	if (file == NULL)
		return (1);
	in = BIO_new(BIO_s_file_internal());

	if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
		X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
		goto err;
	}

	if (type == X509_FILETYPE_PEM) {
		for (;;) {
			x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
			if (x == NULL) {
				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
				    PEM_R_NO_START_LINE) && (count > 0)) {
					ERR_clear_error();
					break;
				} else {
					X509err(X509_F_X509_LOAD_CRL_FILE,
					    ERR_R_PEM_LIB);
					goto err;
				}
			}
			i = X509_STORE_add_crl(ctx->store_ctx, x);
			if (!i)
				goto err;
			count++;
			X509_CRL_free(x);
			x = NULL;
		}
		ret = count;
	} else if (type == X509_FILETYPE_ASN1) {
		x = d2i_X509_CRL_bio(in, NULL);
		if (x == NULL) {
			X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
			goto err;
		}
		i = X509_STORE_add_crl(ctx->store_ctx, x);
		if (!i)
			goto err;
		ret = i;
	} else {
		X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
		goto err;
	}
err:
	if (x != NULL)
		X509_CRL_free(x);
	BIO_free(in);
	return (ret);
}

int
X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
{
	STACK_OF(X509_INFO) *inf;
	X509_INFO *itmp;
	BIO *in;
	int i, count = 0;
	if (type != X509_FILETYPE_PEM)
		return X509_load_cert_file(ctx, file, type);
	in = BIO_new_file(file, "r");
	if (!in) {
		X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
		return 0;
	}
	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
	BIO_free(in);
	if (!inf) {
		X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
		return 0;
	}
	for (i = 0; i < sk_X509_INFO_num(inf); i++) {
		itmp = sk_X509_INFO_value(inf, i);
		if (itmp->x509) {
			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
			count++;







|












<
|














|







|




















|





|







184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203

204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
	X509_CRL *x = NULL;

	if (file == NULL)
		return (1);
	in = BIO_new(BIO_s_file_internal());

	if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
		X509error(ERR_R_SYS_LIB);
		goto err;
	}

	if (type == X509_FILETYPE_PEM) {
		for (;;) {
			x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
			if (x == NULL) {
				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
				    PEM_R_NO_START_LINE) && (count > 0)) {
					ERR_clear_error();
					break;
				} else {

					X509error(ERR_R_PEM_LIB);
					goto err;
				}
			}
			i = X509_STORE_add_crl(ctx->store_ctx, x);
			if (!i)
				goto err;
			count++;
			X509_CRL_free(x);
			x = NULL;
		}
		ret = count;
	} else if (type == X509_FILETYPE_ASN1) {
		x = d2i_X509_CRL_bio(in, NULL);
		if (x == NULL) {
			X509error(ERR_R_ASN1_LIB);
			goto err;
		}
		i = X509_STORE_add_crl(ctx->store_ctx, x);
		if (!i)
			goto err;
		ret = i;
	} else {
		X509error(X509_R_BAD_X509_FILETYPE);
		goto err;
	}
err:
	if (x != NULL)
		X509_CRL_free(x);
	BIO_free(in);
	return (ret);
}

int
X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
{
	STACK_OF(X509_INFO) *inf;
	X509_INFO *itmp;
	BIO *in;
	int i, count = 0;
	if (type != X509_FILETYPE_PEM)
		return X509_load_cert_file(ctx, file, type);
	in = BIO_new_file(file, "r");
	if (!in) {
		X509error(ERR_R_SYS_LIB);
		return 0;
	}
	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
	BIO_free(in);
	if (!inf) {
		X509error(ERR_R_PEM_LIB);
		return 0;
	}
	for (i = 0; i < sk_X509_INFO_num(inf); i++) {
		itmp = sk_X509_INFO_value(inf, i);
		if (itmp->x509) {
			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
			count++;
Changes to jni/libressl/crypto/x509/by_mem.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: by_mem.c,v 1.2 2015/01/22 11:16:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: by_mem.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
125
126
127
128
129
130
131
132
133
134
135
136
137
138
			count++;
		}
	}

	ok = count != 0;
 done:
	if (count == 0)
		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
	if (inf != NULL)
		sk_X509_INFO_pop_free(inf, X509_INFO_free);
	if (in != NULL)
		BIO_free(in);
	return (ok);
}







|






125
126
127
128
129
130
131
132
133
134
135
136
137
138
			count++;
		}
	}

	ok = count != 0;
 done:
	if (count == 0)
		X509error(ERR_R_PEM_LIB);
	if (inf != NULL)
		sk_X509_INFO_pop_free(inf, X509_INFO_free);
	if (in != NULL)
		BIO_free(in);
	return (ok);
}
Added jni/libressl/crypto/x509/vpm_int.h.




















































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
/* $OpenBSD: vpm_int.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2013.
 */
/* ====================================================================
 * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

__BEGIN_HIDDEN_DECLS

/* internal only structure to hold additional X509_VERIFY_PARAM data */

struct X509_VERIFY_PARAM_ID_st {
	STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
	unsigned int hostflags;     /* Flags to control matching features */
	char *peername;             /* Matching hostname in peer certificate */
	char *email;                /* If not NULL email address to match */
	size_t emaillen;
	unsigned char *ip;          /* If not NULL IP address to match */
	size_t iplen;               /* Length of IP address */
};

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/x509/x509_att.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_att.c,v 1.13 2014/09/29 16:20:40 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_att.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
STACK_OF(X509_ATTRIBUTE) *
X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr)
{
	X509_ATTRIBUTE *new_attr = NULL;
	STACK_OF(X509_ATTRIBUTE) *sk = NULL;

	if (x == NULL) {
		X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}

	if (*x == NULL) {
		if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
			goto err;
	} else
		sk = *x;

	if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
		goto err2;
	if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
		goto err;
	if (*x == NULL)
		*x = sk;
	return (sk);

err:
	X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
err2:
	if (new_attr != NULL)
		X509_ATTRIBUTE_free(new_attr);
	if (sk != NULL && sk != *x)
		sk_X509_ATTRIBUTE_free(sk);
	return (NULL);
}







|


















|







127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
STACK_OF(X509_ATTRIBUTE) *
X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr)
{
	X509_ATTRIBUTE *new_attr = NULL;
	STACK_OF(X509_ATTRIBUTE) *sk = NULL;

	if (x == NULL) {
		X509error(ERR_R_PASSED_NULL_PARAMETER);
		return (NULL);
	}

	if (*x == NULL) {
		if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
			goto err;
	} else
		sk = *x;

	if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
		goto err2;
	if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
		goto err;
	if (*x == NULL)
		*x = sk;
	return (sk);

err:
	X509error(ERR_R_MALLOC_FAILURE);
err2:
	if (new_attr != NULL)
		X509_ATTRIBUTE_free(new_attr);
	if (sk != NULL && sk != *x)
		sk_X509_ATTRIBUTE_free(sk);
	return (NULL);
}
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
    const void *data, int len)
{
	ASN1_OBJECT *obj;
	X509_ATTRIBUTE *ret;

	obj = OBJ_nid2obj(nid);
	if (obj == NULL) {
		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,
		    X509_R_UNKNOWN_NID);
		return (NULL);
	}
	ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
	if (ret == NULL)
		ASN1_OBJECT_free(obj);
	return (ret);
}

X509_ATTRIBUTE *
X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj,
    int atrtype, const void *data, int len)
{
	X509_ATTRIBUTE *ret;

	if ((attr == NULL) || (*attr == NULL)) {
		if ((ret = X509_ATTRIBUTE_new()) == NULL) {
			X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
			    ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	} else
		ret= *attr;

	if (!X509_ATTRIBUTE_set1_object(ret, obj))
		goto err;







<
|
















<
|







227
228
229
230
231
232
233

234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250

251
252
253
254
255
256
257
258
    const void *data, int len)
{
	ASN1_OBJECT *obj;
	X509_ATTRIBUTE *ret;

	obj = OBJ_nid2obj(nid);
	if (obj == NULL) {

		X509error(X509_R_UNKNOWN_NID);
		return (NULL);
	}
	ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
	if (ret == NULL)
		ASN1_OBJECT_free(obj);
	return (ret);
}

X509_ATTRIBUTE *
X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj,
    int atrtype, const void *data, int len)
{
	X509_ATTRIBUTE *ret;

	if ((attr == NULL) || (*attr == NULL)) {
		if ((ret = X509_ATTRIBUTE_new()) == NULL) {

			X509error(ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	} else
		ret= *attr;

	if (!X509_ATTRIBUTE_set1_object(ret, obj))
		goto err;
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
    int type, const unsigned char *bytes, int len)
{
	ASN1_OBJECT *obj;
	X509_ATTRIBUTE *nattr;

	obj = OBJ_txt2obj(atrname, 0);
	if (obj == NULL) {
		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
		    X509_R_INVALID_FIELD_NAME);
		ERR_asprintf_error_data("name=%s", atrname);
		return (NULL);
	}
	nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
	ASN1_OBJECT_free(obj);
	return nattr;
}







<
|







274
275
276
277
278
279
280

281
282
283
284
285
286
287
288
    int type, const unsigned char *bytes, int len)
{
	ASN1_OBJECT *obj;
	X509_ATTRIBUTE *nattr;

	obj = OBJ_txt2obj(atrname, 0);
	if (obj == NULL) {

		X509error(X509_R_INVALID_FIELD_NAME);
		ERR_asprintf_error_data("name=%s", atrname);
		return (NULL);
	}
	nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
	ASN1_OBJECT_free(obj);
	return nattr;
}
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325

	if (!attr)
		return 0;
	if (attrtype & MBSTRING_FLAG) {
		stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
		    OBJ_obj2nid(attr->object));
		if (!stmp) {
			X509err(X509_F_X509_ATTRIBUTE_SET1_DATA,
			    ERR_R_ASN1_LIB);
			return 0;
		}
		atype = stmp->type;
	} else if (len != -1){
		if (!(stmp = ASN1_STRING_type_new(attrtype)))
			goto err;
		if (!ASN1_STRING_set(stmp, data, len))







<
|







307
308
309
310
311
312
313

314
315
316
317
318
319
320
321

	if (!attr)
		return 0;
	if (attrtype & MBSTRING_FLAG) {
		stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
		    OBJ_obj2nid(attr->object));
		if (!stmp) {

			X509error(ERR_R_ASN1_LIB);
			return 0;
		}
		atype = stmp->type;
	} else if (len != -1){
		if (!(stmp = ASN1_STRING_type_new(attrtype)))
			goto err;
		if (!ASN1_STRING_set(stmp, data, len))
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
	if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
		goto err;
	return 1;

err:
	ASN1_TYPE_free(ttmp);
	ASN1_STRING_free(stmp);
	X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
	return 0;
}

int
X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
{
	if (!attr->single)







|







344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
	if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
		goto err;
	return 1;

err:
	ASN1_TYPE_free(ttmp);
	ASN1_STRING_free(stmp);
	X509error(ERR_R_MALLOC_FAILURE);
	return 0;
}

int
X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
{
	if (!attr->single)
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
{
	ASN1_TYPE *ttmp;

	ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
	if (!ttmp)
		return NULL;
	if (atrtype != ASN1_TYPE_get(ttmp)){
		X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
		return NULL;
	}
	return ttmp->value.ptr;
}

ASN1_TYPE *
X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)







|







375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
{
	ASN1_TYPE *ttmp;

	ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
	if (!ttmp)
		return NULL;
	if (atrtype != ASN1_TYPE_get(ttmp)){
		X509error(X509_R_WRONG_TYPE);
		return NULL;
	}
	return ttmp->value.ptr;
}

ASN1_TYPE *
X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
Changes to jni/libressl/crypto/x509/x509_cmp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_cmp.c,v 1.25 2014/09/26 19:31:09 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_cmp.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
	else
		ret = -2;

	switch (ret) {
	case 1:
		break;
	case 0:
		X509err(X509_F_X509_CHECK_PRIVATE_KEY,
		    X509_R_KEY_VALUES_MISMATCH);
		break;
	case -1:
		X509err(X509_F_X509_CHECK_PRIVATE_KEY,
		    X509_R_KEY_TYPE_MISMATCH);
		break;
	case -2:
		X509err(X509_F_X509_CHECK_PRIVATE_KEY,
		    X509_R_UNKNOWN_KEY_TYPE);
	}
	EVP_PKEY_free(xk);
	if (ret > 0)
		return 1;
	return 0;
}







<
|


<
|


<
|






347
348
349
350
351
352
353

354
355
356

357
358
359

360
361
362
363
364
365
366
	else
		ret = -2;

	switch (ret) {
	case 1:
		break;
	case 0:

		X509error(X509_R_KEY_VALUES_MISMATCH);
		break;
	case -1:

		X509error(X509_R_KEY_TYPE_MISMATCH);
		break;
	case -2:

		X509error(X509_R_UNKNOWN_KEY_TYPE);
	}
	EVP_PKEY_free(xk);
	if (ret > 0)
		return 1;
	return 0;
}
Changes to jni/libressl/crypto/x509/x509_d2.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_d2.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_d2.c,v 1.10 2015/01/22 09:06:39 reyk Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x509_def.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_def.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x509_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_err.c,v 1.11 2014/06/12 15:49:31 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_err.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)

static ERR_STRING_DATA X509_str_functs[] = {
	{ERR_FUNC(X509_F_ADD_CERT_DIR),	"ADD_CERT_DIR"},
	{ERR_FUNC(X509_F_BY_FILE_CTRL),	"BY_FILE_CTRL"},
	{ERR_FUNC(X509_F_CHECK_POLICY),	"CHECK_POLICY"},
	{ERR_FUNC(X509_F_DIR_CTRL),	"DIR_CTRL"},
	{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),	"GET_CERT_BY_SUBJECT"},
	{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),	"NETSCAPE_SPKI_b64_decode"},
	{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),	"NETSCAPE_SPKI_b64_encode"},
	{ERR_FUNC(X509_F_X509AT_ADD1_ATTR),	"X509at_add1_attr"},
	{ERR_FUNC(X509_F_X509V3_ADD_EXT),	"X509v3_add_ext"},
	{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),	"X509_ATTRIBUTE_create_by_NID"},
	{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),	"X509_ATTRIBUTE_create_by_OBJ"},
	{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),	"X509_ATTRIBUTE_create_by_txt"},
	{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),	"X509_ATTRIBUTE_get0_data"},
	{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),	"X509_ATTRIBUTE_set1_data"},
	{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),	"X509_check_private_key"},
	{ERR_FUNC(X509_F_X509_CRL_PRINT_FP),	"X509_CRL_print_fp"},
	{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),	"X509_EXTENSION_create_by_NID"},
	{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),	"X509_EXTENSION_create_by_OBJ"},
	{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),	"X509_get_pubkey_parameters"},
	{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE),	"X509_load_cert_crl_file"},
	{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE),	"X509_load_cert_file"},
	{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE),	"X509_load_crl_file"},
	{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY),	"X509_NAME_add_entry"},
	{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),	"X509_NAME_ENTRY_create_by_NID"},
	{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),	"X509_NAME_ENTRY_create_by_txt"},
	{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),	"X509_NAME_ENTRY_set_object"},
	{ERR_FUNC(X509_F_X509_NAME_ONELINE),	"X509_NAME_oneline"},
	{ERR_FUNC(X509_F_X509_NAME_PRINT),	"X509_NAME_print"},
	{ERR_FUNC(X509_F_X509_PRINT_EX_FP),	"X509_print_ex_fp"},
	{ERR_FUNC(X509_F_X509_PUBKEY_GET),	"X509_PUBKEY_get"},
	{ERR_FUNC(X509_F_X509_PUBKEY_SET),	"X509_PUBKEY_set"},
	{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),	"X509_REQ_check_private_key"},
	{ERR_FUNC(X509_F_X509_REQ_PRINT_EX),	"X509_REQ_print_ex"},
	{ERR_FUNC(X509_F_X509_REQ_PRINT_FP),	"X509_REQ_print_fp"},
	{ERR_FUNC(X509_F_X509_REQ_TO_X509),	"X509_REQ_to_X509"},
	{ERR_FUNC(X509_F_X509_STORE_ADD_CERT),	"X509_STORE_add_cert"},
	{ERR_FUNC(X509_F_X509_STORE_ADD_CRL),	"X509_STORE_add_crl"},
	{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),	"X509_STORE_CTX_get1_issuer"},
	{ERR_FUNC(X509_F_X509_STORE_CTX_INIT),	"X509_STORE_CTX_init"},
	{ERR_FUNC(X509_F_X509_STORE_CTX_NEW),	"X509_STORE_CTX_new"},
	{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),	"X509_STORE_CTX_purpose_inherit"},
	{ERR_FUNC(X509_F_X509_TO_X509_REQ),	"X509_to_X509_REQ"},
	{ERR_FUNC(X509_F_X509_TRUST_ADD),	"X509_TRUST_add"},
	{ERR_FUNC(X509_F_X509_TRUST_SET),	"X509_TRUST_set"},
	{ERR_FUNC(X509_F_X509_VERIFY_CERT),	"X509_verify_cert"},
	{0, NULL}
};

static ERR_STRING_DATA X509_str_reasons[] = {
	{ERR_REASON(X509_R_BAD_X509_FILETYPE)    , "bad x509 filetype"},
	{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  , "base64 decode error"},
	{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    , "cant check dh key"},







<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







68
69
70
71
72
73
74



75









































76
77
78
79
80
81
82
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)

static ERR_STRING_DATA X509_str_functs[] = {



	{ERR_FUNC(0xfff), "CRYPTO_internal"},









































	{0, NULL}
};

static ERR_STRING_DATA X509_str_reasons[] = {
	{ERR_REASON(X509_R_BAD_X509_FILETYPE)    , "bad x509 filetype"},
	{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  , "base64 decode error"},
	{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    , "cant check dh key"},
Changes to jni/libressl/crypto/x509/x509_ext.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_ext.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_ext.c,v 1.9 2015/02/10 08:33:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x509_lcl.h.
51
52
53
54
55
56
57
58


59
60
61

 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */



int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
int asn1_time_parse(const char *, size_t, struct tm *, int);
int asn1_tm_cmp(struct tm *tm1, struct tm *tm2);









>
>

|
<
>
51
52
53
54
55
56
57
58
59
60
61
62

63
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

__BEGIN_HIDDEN_DECLS

int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);


__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/x509/x509_lu.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_lu.c,v 1.19 2015/02/10 11:22:21 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_lu.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
60
61
62
63
64
65
66



67
68
69
70
71
72
73

#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_lcl.h"




X509_LOOKUP *
X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
	X509_LOOKUP *ret;

	ret = malloc(sizeof(X509_LOOKUP));
	if (ret == NULL)







>
>
>







60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_lcl.h"

static void X509_OBJECT_dec_ref_count(X509_OBJECT *a);
/* static void X509_OBJECT_up_ref_count(X509_OBJECT *a); */

X509_LOOKUP *
X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
	X509_LOOKUP *ret;

	ret = malloc(sizeof(X509_LOOKUP));
	if (ret == NULL)
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
	sk_X509_LOOKUP_free(ret->get_cert_methods);
	sk_X509_OBJECT_free(ret->objs);
	free(ret);
	return NULL;
}

static void
cleanup(X509_OBJECT *a)
{
	if (a->type == X509_LU_X509) {
		X509_free(a->data.x509);
	} else if (a->type == X509_LU_CRL) {
		X509_CRL_free(a->data.crl);
	} else {
		/* abort(); */
	}

	free(a);
}

void
X509_STORE_free(X509_STORE *vfy)
{
	int i;







|

<
<
<
<
<
<
<
|







230
231
232
233
234
235
236
237
238







239
240
241
242
243
244
245
246
	sk_X509_LOOKUP_free(ret->get_cert_methods);
	sk_X509_OBJECT_free(ret->objs);
	free(ret);
	return NULL;
}

static void
X509_OBJECT_free(X509_OBJECT *a)
{







	X509_OBJECT_free_contents(a);
	free(a);
}

void
X509_STORE_free(X509_STORE *vfy)
{
	int i;
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
	sk = vfy->get_cert_methods;
	for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
		lu = sk_X509_LOOKUP_value(sk, i);
		X509_LOOKUP_shutdown(lu);
		X509_LOOKUP_free(lu);
	}
	sk_X509_LOOKUP_free(sk);
	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
	X509_VERIFY_PARAM_free(vfy->param);
	free(vfy);
}

X509_LOOKUP *







|







257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
	sk = vfy->get_cert_methods;
	for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
		lu = sk_X509_LOOKUP_value(sk, i);
		X509_LOOKUP_shutdown(lu);
		X509_LOOKUP_free(lu);
	}
	sk_X509_LOOKUP_free(sk);
	sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
	X509_VERIFY_PARAM_free(vfy->param);
	free(vfy);
}

X509_LOOKUP *
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373


374





375





376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407


408





409





410
411
412
413
414













415
416
417
418
419
420
421
	X509_OBJECT *obj;
	int ret = 1;

	if (x == NULL)
		return 0;
	obj = malloc(sizeof(X509_OBJECT));
	if (obj == NULL) {
		X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	obj->type = X509_LU_X509;
	obj->data.x509 = x;

	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

	X509_OBJECT_up_ref_count(obj);

	if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
		X509_OBJECT_free_contents(obj);
		free(obj);
		X509err(X509_F_X509_STORE_ADD_CERT,
		    X509_R_CERT_ALREADY_IN_HASH_TABLE);
		ret = 0;
	} else
		sk_X509_OBJECT_push(ctx->objs, obj);








	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);






	return ret;
}

int
X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
{
	X509_OBJECT *obj;
	int ret = 1;

	if (x == NULL)
		return 0;
	obj = malloc(sizeof(X509_OBJECT));
	if (obj == NULL) {
		X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	obj->type = X509_LU_CRL;
	obj->data.crl = x;

	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

	X509_OBJECT_up_ref_count(obj);

	if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
		X509_OBJECT_free_contents(obj);
		free(obj);
		X509err(X509_F_X509_STORE_ADD_CRL,
		    X509_R_CERT_ALREADY_IN_HASH_TABLE);
		ret = 0;
	} else
		sk_X509_OBJECT_push(ctx->objs, obj);








	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);






	return ret;
}

void













X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
	switch (a->type) {
	case X509_LU_X509:
		CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
		break;
	case X509_LU_CRL:







|










<
<
<
|

|
|
>
>
|
>
>
>
>
>

>
>
>
>
>














|










<
<
<
|

|
|
>
>
|
>
>
>
>
>

>
>
>
>
>




|
>
>
>
>
>
>
>
>
>
>
>
>
>







345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362



363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405



406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
	X509_OBJECT *obj;
	int ret = 1;

	if (x == NULL)
		return 0;
	obj = malloc(sizeof(X509_OBJECT));
	if (obj == NULL) {
		X509error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	obj->type = X509_LU_X509;
	obj->data.x509 = x;

	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

	X509_OBJECT_up_ref_count(obj);

	if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {



		X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE);
		ret = 0;
	} else {
		if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) {
			X509error(ERR_R_MALLOC_FAILURE);
			ret = 0;
		}
	}

	if (ret == 0)
		X509_OBJECT_dec_ref_count(obj);

	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

	if (ret == 0) {
		obj->data.x509 = NULL; /* owned by the caller */
		X509_OBJECT_free(obj);
	}

	return ret;
}

int
X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
{
	X509_OBJECT *obj;
	int ret = 1;

	if (x == NULL)
		return 0;
	obj = malloc(sizeof(X509_OBJECT));
	if (obj == NULL) {
		X509error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	obj->type = X509_LU_CRL;
	obj->data.crl = x;

	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

	X509_OBJECT_up_ref_count(obj);

	if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {



		X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE);
		ret = 0;
	} else {
		if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) {
			X509error(ERR_R_MALLOC_FAILURE);
			ret = 0;
		}
	}

	if (ret == 0)
		X509_OBJECT_dec_ref_count(obj);

	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

	if (ret == 0) {
		obj->data.crl = NULL; /* owned by the caller */
		X509_OBJECT_free(obj);
	}

	return ret;
}

static void
X509_OBJECT_dec_ref_count(X509_OBJECT *a)
{
	switch (a->type) {
	case X509_LU_X509:
		CRYPTO_add(&a->data.x509->references, -1, CRYPTO_LOCK_X509);
		break;
	case X509_LU_CRL:
		CRYPTO_add(&a->data.crl->references, -1, CRYPTO_LOCK_X509_CRL);
		break;
	}
}

/*static*/ void
X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
	switch (a->type) {
	case X509_LU_X509:
		CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
		break;
	case X509_LU_CRL:
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658

	*issuer = NULL;
	xn = X509_get_issuer_name(x);
	ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
	if (ok != X509_LU_X509) {
		if (ok == X509_LU_RETRY) {
			X509_OBJECT_free_contents(&obj);
			X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,
			    X509_R_SHOULD_RETRY);
			return -1;
		} else if (ok != X509_LU_FAIL) {
			X509_OBJECT_free_contents(&obj);
			/* not good :-(, break anyway */
			return -1;
		}
		return 0;







<
|







670
671
672
673
674
675
676

677
678
679
680
681
682
683
684

	*issuer = NULL;
	xn = X509_get_issuer_name(x);
	ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
	if (ok != X509_LU_X509) {
		if (ok == X509_LU_RETRY) {
			X509_OBJECT_free_contents(&obj);

			X509error(X509_R_SHOULD_RETRY);
			return -1;
		} else if (ok != X509_LU_FAIL) {
			X509_OBJECT_free_contents(&obj);
			/* not good :-(, break anyway */
			return -1;
		}
		return 0;
Changes to jni/libressl/crypto/x509/x509_obj.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_obj.c,v 1.15 2014/07/10 13:58:23 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_obj.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
168
169
170
171
172
173
174
175
176
177
178
179
	} else
		p = buf;
	if (i == 0)
		*p = '\0';
	return (p);

err:
	X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
	if (b != NULL)
		BUF_MEM_free(b);
	return (NULL);
}







|




168
169
170
171
172
173
174
175
176
177
178
179
	} else
		p = buf;
	if (i == 0)
		*p = '\0';
	return (p);

err:
	X509error(ERR_R_MALLOC_FAILURE);
	if (b != NULL)
		BUF_MEM_free(b);
	return (NULL);
}
Changes to jni/libressl/crypto/x509/x509_r2x.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_r2x.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_r2x.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
{
	X509 *ret = NULL;
	X509_CINF *xi = NULL;
	X509_NAME *xn;

	if ((ret = X509_new()) == NULL) {
		X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* duplicate the request */
	xi = ret->cert_info;

	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {







|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
{
	X509 *ret = NULL;
	X509_CINF *xi = NULL;
	X509_NAME *xn;

	if ((ret = X509_new()) == NULL) {
		X509error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* duplicate the request */
	xi = ret->cert_info;

	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
Changes to jni/libressl/crypto/x509/x509_req.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_req.c,v 1.17 2015/03/15 22:52:17 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_req.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
	X509_REQ *ret;
	X509_REQ_INFO *ri;
	int i;
	EVP_PKEY *pktmp;

	ret = X509_REQ_new();
	if (ret == NULL) {
		X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	ri = ret->req_info;

	if ((ri->version = ASN1_INTEGER_new()) == NULL)
		goto err;







|







76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
	X509_REQ *ret;
	X509_REQ_INFO *ri;
	int i;
	EVP_PKEY *pktmp;

	ret = X509_REQ_new();
	if (ret == NULL) {
		X509error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	ri = ret->req_info;

	if ((ri->version = ASN1_INTEGER_new()) == NULL)
		goto err;
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

	xk = X509_REQ_get_pubkey(x);
	switch (EVP_PKEY_cmp(xk, k)) {
	case 1:
		ok = 1;
		break;
	case 0:
		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
		    X509_R_KEY_VALUES_MISMATCH);
		break;
	case -1:
		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
		    X509_R_KEY_TYPE_MISMATCH);
		break;
	case -2:
#ifndef OPENSSL_NO_EC
		if (k->type == EVP_PKEY_EC) {
			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
			    ERR_R_EC_LIB);
			break;
		}
#endif
#ifndef OPENSSL_NO_DH
		if (k->type == EVP_PKEY_DH) {
			/* No idea */
			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
			    X509_R_CANT_CHECK_DH_KEY);
			break;
		}
#endif
		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
		    X509_R_UNKNOWN_KEY_TYPE);
	}

	EVP_PKEY_free(xk);
	return (ok);
}

/* It seems several organisations had the same idea of including a list of







<
|


<
|




<
|






<
|



<
|







129
130
131
132
133
134
135

136
137
138

139
140
141
142
143

144
145
146
147
148
149
150

151
152
153
154

155
156
157
158
159
160
161
162

	xk = X509_REQ_get_pubkey(x);
	switch (EVP_PKEY_cmp(xk, k)) {
	case 1:
		ok = 1;
		break;
	case 0:

		X509error(X509_R_KEY_VALUES_MISMATCH);
		break;
	case -1:

		X509error(X509_R_KEY_TYPE_MISMATCH);
		break;
	case -2:
#ifndef OPENSSL_NO_EC
		if (k->type == EVP_PKEY_EC) {

			X509error(ERR_R_EC_LIB);
			break;
		}
#endif
#ifndef OPENSSL_NO_DH
		if (k->type == EVP_PKEY_DH) {
			/* No idea */

			X509error(X509_R_CANT_CHECK_DH_KEY);
			break;
		}
#endif

		X509error(X509_R_UNKNOWN_KEY_TYPE);
	}

	EVP_PKEY_free(xk);
	return (ok);
}

/* It seems several organisations had the same idea of including a list of
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
			ext = sk_ASN1_TYPE_value(attr->value.set, 0);
		break;
	}
	if (!ext || (ext->type != V_ASN1_SEQUENCE))
		return NULL;
	p = ext->value.sequence->data;
	return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
	    ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));
}

/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
 * in case we want to create a non standard one.
 */

int
X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
    int nid)
{
	ASN1_TYPE *at = NULL;
	X509_ATTRIBUTE *attr = NULL;

	if (!(at = ASN1_TYPE_new()) ||
	    !(at->value.sequence = ASN1_STRING_new()))
		goto err;

	at->type = V_ASN1_SEQUENCE;
	/* Generate encoding of extensions */
	at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,
	    &at->value.sequence->data, ASN1_ITEM_rptr(X509_EXTENSIONS));
	if (!(attr = X509_ATTRIBUTE_new()))
		goto err;
	if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
		goto err;
	if (!sk_ASN1_TYPE_push(attr->value.set, at))
		goto err;
	at = NULL;







|




















|







215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
			ext = sk_ASN1_TYPE_value(attr->value.set, 0);
		break;
	}
	if (!ext || (ext->type != V_ASN1_SEQUENCE))
		return NULL;
	p = ext->value.sequence->data;
	return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
	    ext->value.sequence->length, &X509_EXTENSIONS_it);
}

/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
 * in case we want to create a non standard one.
 */

int
X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
    int nid)
{
	ASN1_TYPE *at = NULL;
	X509_ATTRIBUTE *attr = NULL;

	if (!(at = ASN1_TYPE_new()) ||
	    !(at->value.sequence = ASN1_STRING_new()))
		goto err;

	at->type = V_ASN1_SEQUENCE;
	/* Generate encoding of extensions */
	at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,
	    &at->value.sequence->data, &X509_EXTENSIONS_it);
	if (!(attr = X509_ATTRIBUTE_new()))
		goto err;
	if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
		goto err;
	if (!sk_ASN1_TYPE_push(attr->value.set, at))
		goto err;
	at = NULL;
Changes to jni/libressl/crypto/x509/x509_set.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_set.c,v 1.11 2015/09/30 17:30:16 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_set.c,v 1.12 2015/09/30 17:49:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x509_trs.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_trs.c,v 1.19 2014/12/06 19:26:37 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_trs.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
112
113
114
115
116
117
118
















119
120
121
122
123
124
125
X509_check_trust(X509 *x, int id, int flags)
{
	X509_TRUST *pt;
	int idx;

	if (id == -1)
		return 1;
















	idx = X509_TRUST_get_by_id(id);
	if (idx == -1)
		return default_trust(id, x, flags);
	pt = X509_TRUST_get0(idx);
	return pt->check_trust(pt, x, flags);
}








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
X509_check_trust(X509 *x, int id, int flags)
{
	X509_TRUST *pt;
	int idx;

	if (id == -1)
		return 1;
	/*
	 * XXX beck/jsing This enables self signed certs to be trusted for
	 * an unspecified id/trust flag value (this is NOT the
	 * X509_TRUST_DEFAULT), which was the longstanding
	 * openssl behaviour. boringssl does not have this behaviour.
	 *
	 * This should be revisited, but changing the default "not default"
	 * may break things.
	 */
	if (id == 0) {
		int rv;
		rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
		if (rv != X509_TRUST_UNTRUSTED)
			return rv;
		return trust_compat(NULL, x, 0);
	}
	idx = X509_TRUST_get_by_id(id);
	if (idx == -1)
		return default_trust(id, x, flags);
	pt = X509_TRUST_get0(idx);
	return pt->check_trust(pt, x, flags);
}

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
	return idx + X509_TRUST_COUNT;
}

int
X509_TRUST_set(int *t, int trust)
{
	if (X509_TRUST_get_by_id(trust) == -1) {
		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
		return 0;
	}
	*t = trust;
	return 1;
}

int







|







174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
	return idx + X509_TRUST_COUNT;
}

int
X509_TRUST_set(int *t, int trust)
{
	if (X509_TRUST_get_by_id(trust) == -1) {
		X509error(X509_R_INVALID_TRUST);
		return 0;
	}
	*t = trust;
	return 1;
}

int
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
	/* This will always be set for application modified trust entries */
	flags |= X509_TRUST_DYNAMIC_NAME;
	/* Get existing entry if any */
	idx = X509_TRUST_get_by_id(id);
	/* Need a new entry */
	if (idx == -1) {
		if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
			X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		trtmp->flags = X509_TRUST_DYNAMIC;
	} else {
		trtmp = X509_TRUST_get0(idx);
		if (trtmp == NULL) {
			X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST);
			return 0;
		}
	}

	if ((name_dup = strdup(name)) == NULL)
		goto err;








|






|







198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
	/* This will always be set for application modified trust entries */
	flags |= X509_TRUST_DYNAMIC_NAME;
	/* Get existing entry if any */
	idx = X509_TRUST_get_by_id(id);
	/* Need a new entry */
	if (idx == -1) {
		if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
			X509error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		trtmp->flags = X509_TRUST_DYNAMIC;
	} else {
		trtmp = X509_TRUST_get0(idx);
		if (trtmp == NULL) {
			X509error(X509_R_INVALID_TRUST);
			return 0;
		}
	}

	if ((name_dup = strdup(name)) == NULL)
		goto err;

226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
	}
	return 1;

err:
	free(name_dup);
	if (idx == -1)
		free(trtmp);
	X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
	return 0;
}

static void
trtable_free(X509_TRUST *p)
{
	if (!p)







|







242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
	}
	return 1;

err:
	free(name_dup);
	if (idx == -1)
		free(trtmp);
	X509error(ERR_R_MALLOC_FAILURE);
	return 0;
}

static void
trtable_free(X509_TRUST *p)
{
	if (!p)
Changes to jni/libressl/crypto/x509/x509_txt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_txt.c,v 1.18 2014/06/12 15:49:31 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_txt.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x509_v3.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_v3.c,v 1.12 2015/07/29 14:58:34 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_v3.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc)
{
	X509_EXTENSION *new_ex = NULL;
	int n;
	STACK_OF(X509_EXTENSION) *sk = NULL;

	if (x == NULL) {
		X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
		goto err2;
	}

	if (*x == NULL) {
		if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
			goto err;
	} else







|







152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc)
{
	X509_EXTENSION *new_ex = NULL;
	int n;
	STACK_OF(X509_EXTENSION) *sk = NULL;

	if (x == NULL) {
		X509error(ERR_R_PASSED_NULL_PARAMETER);
		goto err2;
	}

	if (*x == NULL) {
		if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
			goto err;
	} else
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
	if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
		goto err;
	if (*x == NULL)
		*x = sk;
	return (sk);

err:
	X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
err2:
	if (new_ex != NULL)
		X509_EXTENSION_free(new_ex);
	if (sk != NULL && (x != NULL && sk != *x))
		sk_X509_EXTENSION_free(sk);
	return (NULL);
}

X509_EXTENSION *
X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit,
    ASN1_OCTET_STRING *data)
{
	ASN1_OBJECT *obj;
	X509_EXTENSION *ret;

	obj = OBJ_nid2obj(nid);
	if (obj == NULL) {
		X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,
		    X509_R_UNKNOWN_NID);
		return (NULL);
	}
	ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
	if (ret == NULL)
		ASN1_OBJECT_free(obj);
	return (ret);
}

X509_EXTENSION *
X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, ASN1_OBJECT *obj, int crit,
    ASN1_OCTET_STRING *data)
{
	X509_EXTENSION *ret;

	if ((ex == NULL) || (*ex == NULL)) {
		if ((ret = X509_EXTENSION_new()) == NULL) {
			X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
			    ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	} else
		ret= *ex;

	if (!X509_EXTENSION_set_object(ret, obj))
		goto err;







|

















<
|
















<
|







177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218

219
220
221
222
223
224
225
226
	if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
		goto err;
	if (*x == NULL)
		*x = sk;
	return (sk);

err:
	X509error(ERR_R_MALLOC_FAILURE);
err2:
	if (new_ex != NULL)
		X509_EXTENSION_free(new_ex);
	if (sk != NULL && (x != NULL && sk != *x))
		sk_X509_EXTENSION_free(sk);
	return (NULL);
}

X509_EXTENSION *
X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit,
    ASN1_OCTET_STRING *data)
{
	ASN1_OBJECT *obj;
	X509_EXTENSION *ret;

	obj = OBJ_nid2obj(nid);
	if (obj == NULL) {

		X509error(X509_R_UNKNOWN_NID);
		return (NULL);
	}
	ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
	if (ret == NULL)
		ASN1_OBJECT_free(obj);
	return (ret);
}

X509_EXTENSION *
X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, ASN1_OBJECT *obj, int crit,
    ASN1_OCTET_STRING *data)
{
	X509_EXTENSION *ret;

	if ((ex == NULL) || (*ex == NULL)) {
		if ((ret = X509_EXTENSION_new()) == NULL) {

			X509error(ERR_R_MALLOC_FAILURE);
			return (NULL);
		}
	} else
		ret= *ex;

	if (!X509_EXTENSION_set_object(ret, obj))
		goto err;
Changes to jni/libressl/crypto/x509/x509_vfy.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_vfy.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
70
71
72
73
74
75
76

77
78
79
80
81
82
83
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_lcl.h"


/* CRL score values */

/* No unhandled critical extensions */

#define CRL_SCORE_NOCRITICAL	0x100








>







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_lcl.h"
#include "vpm_int.h"

/* CRL score values */

/* No unhandled critical extensions */

#define CRL_SCORE_NOCRITICAL	0x100

148
149
150
151
152
153
154
155






























































156
157
158
159
160
161
162
163
164
165
166
167
168
169

170
171








172










173
174

175
176
177

178
179
180

181
182
183
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

207





208











209
210

211
212
213
214
215
216
217


218
219
220
221
222
223
224
225

226
227
228
229
230
231
232
233
234
235

236
237
238

239


240
241
242
243
244
245
246
247
248

249

250
251

252
253
254
255
256
257
258
259
260
261
262
263
264
265

266

267

268
269
270
271
272
273
274

275


276
277
278

279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

294

295

296
297
298
299
300
301
302

303

304
305
306
307
308

309
























310









311










312






313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391




392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
#if 0
static int
x509_subject_cmp(X509 **a, X509 **b)
{
	return X509_subject_name_cmp(*a, *b);
}
#endif































































int
X509_verify_cert(X509_STORE_CTX *ctx)
{
	X509 *x, *xtmp, *chain_ss = NULL;
	int bad_chain = 0;
	X509_VERIFY_PARAM *param = ctx->param;
	int depth, i, ok = 0;
	int num;
	int (*cb)(int xok, X509_STORE_CTX *xctx);
	STACK_OF(X509) *sktmp = NULL;

	if (ctx->cert == NULL) {
		X509err(X509_F_X509_VERIFY_CERT,
		    X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);

		return -1;
	}



















	cb = ctx->verify_cb;


	/* first we make sure the chain we are going to build is
	 * present and that the first entry is in place */
	if (ctx->chain == NULL) {

		if (((ctx->chain = sk_X509_new_null()) == NULL) ||
		    (!sk_X509_push(ctx->chain, ctx->cert))) {
			X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);

			goto end;
		}
		CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
		ctx->last_untrusted = 1;
	}

	/* We use a temporary STACK so we can chop and hack at it */
	if (ctx->untrusted != NULL &&
	    (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
		X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);

		goto end;
	}

	num = sk_X509_num(ctx->chain);
	x = sk_X509_value(ctx->chain, num - 1);
	depth = param->depth;

	for (;;) {
		/* If we have enough, we break */
		if (depth < num)
			break;	/* FIXME: If this happens, we should take
				 * note of it and, if appropriate, use the
				 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
				 * code later.
				 */


		/* If we are self signed, we break */





		if (ctx->check_issued(ctx, x, x))











			break;


		/* If we were passed a cert chain, use it first */
		if (ctx->untrusted != NULL) {
			xtmp = find_issuer(ctx, sktmp, x);
			if (xtmp != NULL) {
				if (!sk_X509_push(ctx->chain, xtmp)) {
					X509err(X509_F_X509_VERIFY_CERT,
					    ERR_R_MALLOC_FAILURE);


					goto end;
				}
				CRYPTO_add(&xtmp->references, 1,
				    CRYPTO_LOCK_X509);
				(void)sk_X509_delete_ptr(sktmp, xtmp);
				ctx->last_untrusted++;
				x = xtmp;
				num++;

				/* reparse the full chain for
				 * the next one */
				continue;
			}
		}
		break;
	}
	sk_X509_free(sktmp);
	sktmp = NULL;
	

	/* at this point, chain should contain a list of untrusted
	 * certificates.  We now need to add at least one trusted one,
	 * if possible, otherwise we complain. */




	/* Examine last certificate in chain and see if it
 	 * is self signed.
 	 */

	i = sk_X509_num(ctx->chain);
	x = sk_X509_value(ctx->chain, i - 1);
	if (ctx->check_issued(ctx, x, x)) {
		/* we have a self signed certificate */
		if (sk_X509_num(ctx->chain) == 1) {

			/* We have a single self signed certificate: see if

			 * we can find it in the store. We must have an exact
			 * match to avoid possible impersonation.

			 */
			ok = ctx->get_issuer(&xtmp, ctx, x);
			if ((ok <= 0) || X509_cmp(x, xtmp)) {
				ctx->error =
				    X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
				ctx->current_cert = x;
				ctx->error_depth = i - 1;
				if (ok == 1)
					X509_free(xtmp);
				bad_chain = 1;
				ok = cb(0, ctx);
				if (!ok)
					goto end;
			} else {

				/* We have a match: replace certificate with store version

				 * so we get any trust settings.

				 */
				X509_free(x);
				x = xtmp;
				(void)sk_X509_set(ctx->chain, i - 1, x);
				ctx->last_untrusted = 0;
			}
		} else {

			/* extract and save self signed certificate for later use */


			chain_ss = sk_X509_pop(ctx->chain);
			ctx->last_untrusted--;
			num--;

			x = sk_X509_value(ctx->chain, num - 1);
		}
	}

	/* We now lookup certs from the certificate store */
	for (;;) {
		/* If we have enough, we break */
		if (depth < num)
			break;

		/* If we are self signed, we break */
		if (ctx->check_issued(ctx, x, x))
			break;

		ok = ctx->get_issuer(&xtmp, ctx, x);

		if (ok < 0)

			return ok;

		if (ok == 0)
			break;

		x = xtmp;
		if (!sk_X509_push(ctx->chain, x)) {
			X509_free(xtmp);
			X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);

			return 0;

		}
		num++;
	}

	/* we now have our chain, lets check it... */


























	/* Is last certificate looked up self signed? */









	if (!ctx->check_issued(ctx, x, x)) {










		if ((chain_ss == NULL) ||






		    !ctx->check_issued(ctx, x, chain_ss)) {
			if (ctx->last_untrusted >= num)
				ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
			else
				ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
			ctx->current_cert = x;
		} else {

			if (!sk_X509_push(ctx->chain, chain_ss)) {
				X509_free(chain_ss);
				X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
				return 0;
			}
			num++;
			ctx->last_untrusted = num;
			ctx->current_cert = chain_ss;
			ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
			chain_ss = NULL;
		}

		ctx->error_depth = num - 1;
		bad_chain = 1;
		ok = cb(0, ctx);
		if (!ok)
			goto end;
	}

	/* We have the chain complete: now we need to check its purpose */
	ok = check_chain_extensions(ctx);

	if (!ok)
		goto end;

	/* Check name constraints */

	ok = check_name_constraints(ctx);

	if (!ok)
		goto end;

	/* The chain extensions are OK: check trust */

	if (param->trust > 0)
		ok = check_trust(ctx);

	if (!ok)
		goto end;

	/* We may as well copy down any DSA parameters that are required */
	X509_get_pubkey_parameters(NULL, ctx->chain);

	/* Check revocation status: we do this after copying parameters
	 * because they may be needed for CRL signature verification.
	 */

	ok = ctx->check_revocation(ctx);
	if (!ok)
		goto end;

	/* At this point, we have a chain and need to verify it */
	if (ctx->verify != NULL)
		ok = ctx->verify(ctx);
	else
		ok = internal_verify(ctx);
	if (!ok)
		goto end;

	/* If we get this far evaluate policies */
	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
		ok = ctx->check_policy(ctx);
	if (!ok)
		goto end;
	if (0) {
end:
		X509_get_pubkey_parameters(NULL, ctx->chain);
	}
	if (sktmp != NULL)
		sk_X509_free(sktmp);
	X509_free(chain_ss);




	return ok;
}


/* Given a STACK_OF(X509) find the issuer of cert (if any)
 */

static X509 *
find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
	int i;
	X509 *issuer, *rv = NULL;

	for (i = 0; i < sk_X509_num(sk); i++) {
		issuer = sk_X509_value(sk, i);
		if (ctx->check_issued(ctx, x, issuer)) {
			rv = issuer;
			if (x509_check_cert_time(ctx, rv, 1))
				break;
		}
	}
	return rv;
}

/* Given a possible certificate and issuer check them */








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



|



|
|



<
|
>


>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>


>
|
|
<
>
|
|
|
>
|
|
|
|
<




|
>









<
|
|
|
|
|
|
>

>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
|
>





<
|
>
>


<
|




>
|
|





|
|
|
>
|

|
>

>
>
|
|
|
<
|
|
|
|
|
>
|
>
|
|
>
|
|
|
<
|
|
|
|
|
|
|
|
|
|
>
|
>
|
>
|
|
|
|
|
|
|
>
|
>
>
|
|
|
>
|
|
|
<
|
|
|
|
|
<
|
|
|
<
|
>
|
>
|
>
|
|
<
|
|
|
|
>
|
>
|
|
|

|
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
|






<


|


















<




<

<



<
<
<
|
<


|
<
<
<
|
|

<















|
<
<
|
<
<



>
>
>
>


<














|







149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258

259
260
261
262
263
264
265
266
267

268
269
270
271
272
273
274
275
276
277
278
279
280
281
282

283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315

316
317
318
319
320

321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347

348
349
350
351
352
353
354
355
356
357
358
359
360
361

362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394

395
396
397
398
399

400
401
402

403
404
405
406
407
408
409
410

411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483

484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504

505
506
507
508

509

510
511
512



513

514
515
516



517
518
519

520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535


536


537
538
539
540
541
542
543
544
545

546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
#if 0
static int
x509_subject_cmp(X509 **a, X509 **b)
{
	return X509_subject_name_cmp(*a, *b);
}
#endif

/* Return 1 is a certificate is self signed */
static int
cert_self_signed(X509 *x)
{
	X509_check_purpose(x, -1, 0);
	if (x->ex_flags & EXFLAG_SS)
		return 1;
	else
		return 0;
}

static int
check_id_error(X509_STORE_CTX *ctx, int errcode)
{
	ctx->error = errcode;
	ctx->current_cert = ctx->cert;
	ctx->error_depth = 0;
	return ctx->verify_cb(0, ctx);
}

static int
check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
{
	size_t i;
	size_t n = sk_OPENSSL_STRING_num(id->hosts);
	char *name;

	free(id->peername);
	id->peername = NULL;

	for (i = 0; i < n; ++i) {
		name = sk_OPENSSL_STRING_value(id->hosts, i);
		if (X509_check_host(x, name, strlen(name), id->hostflags,
		    &id->peername) > 0)
			return 1;
	}
	return n == 0;
}

static int
check_id(X509_STORE_CTX *ctx)
{
	X509_VERIFY_PARAM *vpm = ctx->param;
	X509_VERIFY_PARAM_ID *id = vpm->id;
	X509 *x = ctx->cert;

	if (id->hosts && check_hosts(x, id) <= 0) {
		if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
			return 0;
	}
	if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0)
	    <= 0) {
		if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
			return 0;
	}
	if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
		if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
			return 0;
	}
	return 1;
}

int
X509_verify_cert(X509_STORE_CTX *ctx)
{
	X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
	int bad_chain = 0;
	X509_VERIFY_PARAM *param = ctx->param;
	int depth, i, ok = 0;
	int num, j, retry, trust;
	int (*cb) (int xok, X509_STORE_CTX *xctx);
	STACK_OF(X509) *sktmp = NULL;

	if (ctx->cert == NULL) {

		X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
		ctx->error = X509_V_ERR_INVALID_CALL;
		return -1;
	}
	if (ctx->chain != NULL) {
		/*
		 * This X509_STORE_CTX has already been used to verify
		 * a cert. We cannot do another one.
		 */
		X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		ctx->error = X509_V_ERR_INVALID_CALL;
		return -1;
	}
	if (ctx->error != X509_V_ERR_INVALID_CALL) {
		/*
		 * This X509_STORE_CTX has not been properly initialized.
		 */
		X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		ctx->error = X509_V_ERR_INVALID_CALL;
		return -1;
	}
	ctx->error = X509_V_OK; /* Initialize to OK */

	cb = ctx->verify_cb;

	/*
	 * First we make sure the chain we are going to build is
	 * present and that the first entry is in place.

	 */
	ctx->chain = sk_X509_new_null();
	if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
		X509error(ERR_R_MALLOC_FAILURE);
		ctx->error = X509_V_ERR_OUT_OF_MEM;
		goto end;
	}
	X509_up_ref(ctx->cert);
	ctx->last_untrusted = 1;


	/* We use a temporary STACK so we can chop and hack at it */
	if (ctx->untrusted != NULL &&
	    (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
		X509error(ERR_R_MALLOC_FAILURE);
		ctx->error = X509_V_ERR_OUT_OF_MEM;
		goto end;
	}

	num = sk_X509_num(ctx->chain);
	x = sk_X509_value(ctx->chain, num - 1);
	depth = param->depth;

	for (;;) {
		/* If we have enough, we break */

		/* FIXME: If this happens, we should take
		 * note of it and, if appropriate, use the
		 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
		 * later.
		 */
		if (depth < num)
			break;
		/* If we are self signed, we break */
		if (cert_self_signed(x))
			break;
		/*
		 * If asked see if we can find issuer in trusted store first
		 */
		if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
			ok = ctx->get_issuer(&xtmp, ctx, x);
			if (ok < 0) {
				ctx->error = X509_V_ERR_STORE_LOOKUP;
				goto end;
			}
			/*
			 * If successful for now free up cert so it
			 * will be picked up again later.
			 */
			if (ok > 0) {
				X509_free(xtmp);
				break;
			}
		}
		/* If we were passed a cert chain, use it first */
		if (ctx->untrusted != NULL) {
			xtmp = find_issuer(ctx, sktmp, x);
			if (xtmp != NULL) {
				if (!sk_X509_push(ctx->chain, xtmp)) {

					X509error(ERR_R_MALLOC_FAILURE);
					ctx->error = X509_V_ERR_OUT_OF_MEM;
					ok = 0;
					goto end;
				}

				X509_up_ref(xtmp);
				(void)sk_X509_delete_ptr(sktmp, xtmp);
				ctx->last_untrusted++;
				x = xtmp;
				num++;
				/*
				 * reparse the full chain for the next one
				 */
				continue;
			}
		}
		break;
	}
	/* Remember how many untrusted certs we have */
	j = num;

	/*
	 * At this point, chain should contain a list of untrusted
	 * certificates.  We now need to add at least one trusted one,
	 * if possible, otherwise we complain.
	 */

	do {
		/*
		 * Examine last certificate in chain and see if it is
		 * self signed.
		 */

		i = sk_X509_num(ctx->chain);
		x = sk_X509_value(ctx->chain, i - 1);
		if (cert_self_signed(x)) {
			/* we have a self signed certificate */
			if (i == 1) {
				/*
				 * We have a single self signed
				 * certificate: see if we can find it
				 * in the store. We must have an exact
				 * match to avoid possible
				 * impersonation.
				 */
				ok = ctx->get_issuer(&xtmp, ctx, x);
				if ((ok <= 0) || X509_cmp(x, xtmp)) {

					ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
					ctx->current_cert = x;
					ctx->error_depth = i - 1;
					if (ok == 1)
						X509_free(xtmp);
					bad_chain = 1;
					ok = cb(0, ctx);
					if (!ok)
						goto end;
				} else {
					/*
					 * We have a match: replace
					 * certificate with store
					 * version so we get any trust
					 * settings.
					 */
					X509_free(x);
					x = xtmp;
					(void)sk_X509_set(ctx->chain, i - 1, x);
					ctx->last_untrusted = 0;
				}
			} else {
				/*
				 * extract and save self signed
				 * certificate for later use
				 */
				chain_ss = sk_X509_pop(ctx->chain);
				ctx->last_untrusted--;
				num--;
				j--;
				x = sk_X509_value(ctx->chain, num - 1);
			}
		}

		/* We now lookup certs from the certificate store */
		for (;;) {
			/* If we have enough, we break */
			if (depth < num)
				break;

			/* If we are self signed, we break */
			if (cert_self_signed(x))
				break;

			ok = ctx->get_issuer(&xtmp, ctx, x);

			if (ok < 0) {
				ctx->error = X509_V_ERR_STORE_LOOKUP;
				goto end;
			}
			if (ok == 0)
				break;

			x = xtmp;
			if (!sk_X509_push(ctx->chain, x)) {
				X509_free(xtmp);
				X509error(ERR_R_MALLOC_FAILURE);
				ctx->error = X509_V_ERR_OUT_OF_MEM;
				ok = 0;
				goto end;
			}
			num++;
		}

		/* we now have our chain, lets check it... */
		trust = check_trust(ctx);

		/* If explicitly rejected error */
		if (trust == X509_TRUST_REJECTED) {
			ok = 0;
			goto end;
		}
		/*
		 * If it's not explicitly trusted then check if there
		 * is an alternative chain that could be used. We only
		 * do this if we haven't already checked via
		 * TRUSTED_FIRST and the user hasn't switched off
		 * alternate chain checking
		 */
		retry = 0;
		if (trust != X509_TRUST_TRUSTED &&
		    !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
		    !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
			while (j-- > 1) {
				xtmp2 = sk_X509_value(ctx->chain, j - 1);
				ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
				if (ok < 0)
					goto end;
				/* Check if we found an alternate chain */
				if (ok > 0) {
					/*
					 * Free up the found cert
					 * we'll add it again later
					 */
					X509_free(xtmp);
					/*
					 * Dump all the certs above
					 * this point - we've found an
					 * alternate chain
					 */
					while (num > j) {
						xtmp = sk_X509_pop(ctx->chain);
						X509_free(xtmp);
						num--;
					}
					ctx->last_untrusted = sk_X509_num(ctx->chain);
					retry = 1;
					break;
				}
			}
		}
	} while (retry);

	/*
	 * If not explicitly trusted then indicate error unless it's a single
	 * self signed certificate in which case we've indicated an error already
	 * and set bad_chain == 1
	 */
	if (trust != X509_TRUST_TRUSTED && !bad_chain) {
		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
			if (ctx->last_untrusted >= num)
				ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
			else
				ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
			ctx->current_cert = x;
		} else {

			if (!sk_X509_push(ctx->chain, chain_ss)) {
				X509_free(chain_ss);
				X509error(ERR_R_MALLOC_FAILURE);
				return 0;
			}
			num++;
			ctx->last_untrusted = num;
			ctx->current_cert = chain_ss;
			ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
			chain_ss = NULL;
		}

		ctx->error_depth = num - 1;
		bad_chain = 1;
		ok = cb(0, ctx);
		if (!ok)
			goto end;
	}

	/* We have the chain complete: now we need to check its purpose */
	ok = check_chain_extensions(ctx);

	if (!ok)
		goto end;

	/* Check name constraints */

	ok = check_name_constraints(ctx);

	if (!ok)
		goto end;




	ok = check_id(ctx);

	if (!ok)
		goto end;
	/*



	 * Check revocation status: we do this after copying parameters because
	 * they may be needed for CRL signature verification.
	 */

	ok = ctx->check_revocation(ctx);
	if (!ok)
		goto end;

	/* At this point, we have a chain and need to verify it */
	if (ctx->verify != NULL)
		ok = ctx->verify(ctx);
	else
		ok = internal_verify(ctx);
	if (!ok)
		goto end;

	/* If we get this far evaluate policies */
	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
		ok = ctx->check_policy(ctx);



 end:


	if (sktmp != NULL)
		sk_X509_free(sktmp);
	X509_free(chain_ss);

	/* Safety net, error returns must set ctx->error */
	if (ok <= 0 && ctx->error == X509_V_OK)
		ctx->error = X509_V_ERR_UNSPECIFIED;
	return ok;
}


/* Given a STACK_OF(X509) find the issuer of cert (if any)
 */

static X509 *
find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
	int i;
	X509 *issuer, *rv = NULL;

	for (i = 0; i < sk_X509_num(sk); i++) {
		issuer = sk_X509_value(sk, i);
		if (ctx->check_issued(ctx, x, issuer)) {
			rv = issuer;
			if (x509_check_cert_time(ctx, rv, -1))
				break;
		}
	}
	return rv;
}

/* Given a possible certificate and issuer check them */
623
624
625
626
627
628
629

630
631
632



633



634










635









636
637
638
639
640
641
642
643
644


645
646





647
648
649
650
651
652
653

654



















655





656
657
658
659
660
661
662
				}
			}
		}
	}
	return 1;
}


static int
check_trust(X509_STORE_CTX *ctx)
{



#ifdef OPENSSL_NO_CHAIN_VERIFY



	return 1;










#else









	int i, ok;
	X509 *x;
	int (*cb)(int xok, X509_STORE_CTX *xctx);

	cb = ctx->verify_cb;
	/* For now just check the last certificate in the chain */
	i = sk_X509_num(ctx->chain) - 1;
	x = sk_X509_value(ctx->chain, i);
	ok = X509_check_trust(x, ctx->param->trust, 0);


	if (ok == X509_TRUST_TRUSTED)
		return 1;





	ctx->error_depth = i;
	ctx->current_cert = x;
	if (ok == X509_TRUST_REJECTED)
		ctx->error = X509_V_ERR_CERT_REJECTED;
	else
		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
	ok = cb(0, ctx);

	return ok;



















#endif





}

static int
check_revocation(X509_STORE_CTX *ctx)
{
	int i, last, ok;








>
|
|

>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|


|
|
|
|
>
>
|
|
>
>
>
>
>
|
|
<
|
<
<
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>







774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832

833


834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
				}
			}
		}
	}
	return 1;
}

/* Given a certificate try and find an exact match in the store */

static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
{
	STACK_OF(X509) *certs;
	X509 *xtmp = NULL;
	size_t i;

	/* Lookup all certs with matching subject name */
	certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
	if (certs == NULL)
		return NULL;

	/* Look for exact match */
	for (i = 0; i < sk_X509_num(certs); i++) {
		xtmp = sk_X509_value(certs, i);
		if (!X509_cmp(xtmp, x))
			break;
	}

	if (i < sk_X509_num(certs))
		X509_up_ref(xtmp);
	else
		xtmp = NULL;

	sk_X509_pop_free(certs, X509_free);
	return xtmp;
}

static int check_trust(X509_STORE_CTX *ctx)
{
	size_t i;
	int ok;
	X509 *x = NULL;
	int (*cb) (int xok, X509_STORE_CTX *xctx);

	cb = ctx->verify_cb;
	/* Check all trusted certificates in chain */
	for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
		x = sk_X509_value(ctx->chain, i);
		ok = X509_check_trust(x, ctx->param->trust, 0);

		/* If explicitly trusted return trusted */
		if (ok == X509_TRUST_TRUSTED)
			return X509_TRUST_TRUSTED;
		/*
		 * If explicitly rejected notify callback and reject if not
		 * overridden.
		 */
		if (ok == X509_TRUST_REJECTED) {
			ctx->error_depth = i;
			ctx->current_cert = x;

			ctx->error = X509_V_ERR_CERT_REJECTED;


			ok = cb(0, ctx);
			if (!ok)
				return X509_TRUST_REJECTED;
		}
	}
	/*
	 * If we accept partial chains and have at least one trusted certificate
	 * return success.
	 */
	if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
		X509 *mx;
		if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
			return X509_TRUST_TRUSTED;
		x = sk_X509_value(ctx->chain, 0);
		mx = lookup_cert_match(ctx, x);
		if (mx) {
			(void)sk_X509_set(ctx->chain, 0, mx);
			X509_free(x);
			ctx->last_untrusted = 0;
			return X509_TRUST_TRUSTED;
		}
	}

	/*
	 * If no trusted certs in chain at all return untrusted and allow
	 * standard (no issuer cert) etc errors to be indicated.
	 */
	return X509_TRUST_UNTRUSTED;
}

static int
check_revocation(X509_STORE_CTX *ctx)
{
	int i, last, ok;

1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
	int ret;

	if (ctx->parent)
		return 1;
	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
	    ctx->param->policies, ctx->param->flags);
	if (ret == 0) {
		X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	/* Invalid or inconsistent extensions */
	if (ret == -1) {
		/* Locate certificates with bad extensions and notify
		 * callback.
		 */







|







1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
	int ret;

	if (ctx->parent)
		return 1;
	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
	    ctx->param->policies, ctx->param->flags);
	if (ret == 0) {
		X509error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	/* Invalid or inconsistent extensions */
	if (ret == -1) {
		/* Locate certificates with bad extensions and notify
		 * callback.
		 */
1483
1484
1485
1486
1487
1488
1489





























1490
1491
1492
1493
1494
1495
1496


1497
1498
1499
1500
1501
1502
1503
1504
1505

1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524

1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556

1557
1558
1559
1560




1561

1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573



1574
1575
1576

1577
1578
1579



1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593








1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607


1608

1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
		if (!ctx->verify_cb(2, ctx))
			return 0;
	}

	return 1;
}






























int
x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet)
{
	time_t *ptime = NULL;
	int i;

	if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)


		return (1);

	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
		ptime = &ctx->param->check_time;

	i = X509_cmp_time(X509_get_notBefore(x), ptime);
	if (i == 0) {
		if (quiet)
			return 0;

		ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
		ctx->current_cert = x;
		if (!ctx->verify_cb(0, ctx))
			return 0;
	}

	if (i > 0) {
		if (quiet)
			return 0;
		ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
		ctx->current_cert = x;
		if (!ctx->verify_cb(0, ctx))
			return 0;
	}

	i = X509_cmp_time(X509_get_notAfter(x), ptime);
	if (i == 0) {
		if (quiet)
			return 0;

		ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
		ctx->current_cert = x;
		if (!ctx->verify_cb(0, ctx))
			return 0;
	}

	if (i < 0) {
		if (quiet)
			return 0;
		ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
		ctx->current_cert = x;
		if (!ctx->verify_cb(0, ctx))
			return 0;
	}

	return 1;
}

static int
internal_verify(X509_STORE_CTX *ctx)
{
	int ok = 0, n;
	X509 *xs, *xi;
	EVP_PKEY *pkey = NULL;
	int (*cb)(int xok, X509_STORE_CTX *xctx);

	cb = ctx->verify_cb;

	n = sk_X509_num(ctx->chain);
	ctx->error_depth = n - 1;
	n--;
	xi = sk_X509_value(ctx->chain, n);


	if (ctx->check_issued(ctx, xi, xi))
		xs = xi;
	else {




		if (n <= 0) {

			ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
			ctx->current_cert = xi;
			ok = cb(0, ctx);
			goto end;
		} else {
			n--;
			ctx->error_depth = n;
			xs = sk_X509_value(ctx->chain, n);
		}
	}

/*	ctx->error=0;  not needed */



	while (n >= 0) {
		ctx->error_depth = n;


		/* Skip signature check for self signed certificates unless
		 * explicitly asked for. It doesn't add any security and
		 * just wastes time.



		 */
		if (!xs->valid && (xs != xi ||
		    (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
			if ((pkey = X509_get_pubkey(xi)) == NULL) {
				ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
				ctx->current_cert = xi;
				ok = (*cb)(0, ctx);
				if (!ok)
					goto end;
			} else if (X509_verify(xs, pkey) <= 0) {
				ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
				ctx->current_cert = xs;
				ok = (*cb)(0, ctx);
				if (!ok) {








					EVP_PKEY_free(pkey);
					goto end;
				}
			}
			EVP_PKEY_free(pkey);
			pkey = NULL;
		}

		xs->valid = 1;

		ok = x509_check_cert_time(ctx, xs, 0);
		if (!ok)
			goto end;



		/* The last error (if any) is still in the error value */

		ctx->current_issuer = xi;
		ctx->current_cert = xs;
		ok = (*cb)(1, ctx);
		if (!ok)
			goto end;

		n--;
		if (n >= 0) {
			xi = xs;
			xs = sk_X509_value(ctx->chain, n);
		}
	}
	ok = 1;

end:
	return ok;
}

int
X509_cmp_current_time(const ASN1_TIME *ctm)
{
	return X509_cmp_time(ctm, NULL);
}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|

|


|
>
>
|
|
<
|


|
<
|
>
|
<
<
|
<
<
|
<
<
|
<
<
|
|
<

|
<
|
>
|
<
<
|
<
<
|
<
<
|
<
<
|
<
<






<
<
<
<
<
<
<
|
<
<
|
>




>
>
>
>
|
>
|
<
<
<
<
|
|
|
|
|
|
|
>
>
>

<

>
|
|
|
>
>
>

|
|
<
<
<
<
<
<
<
<
<
<
<
>
>
>
>
>
>
>
>

|



<

|
<
|
|
|
<

>
>
|
>


|
|
|

<
|




<
<
<
|







1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735

1736
1737
1738
1739

1740
1741
1742


1743


1744


1745


1746
1747

1748
1749

1750
1751
1752


1753


1754


1755


1756


1757
1758
1759
1760
1761
1762







1763


1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776




1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787

1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798











1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811

1812
1813

1814
1815
1816

1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827

1828
1829
1830
1831
1832



1833
1834
1835
1836
1837
1838
1839
1840
		if (!ctx->verify_cb(2, ctx))
			return 0;
	}

	return 1;
}

/*
 * Inform the verify callback of an error.
 *
 * If x is not NULL it is the error cert, otherwise use the chain cert
 * at depth.
 *
 * If err is not X509_V_OK, that's the error value, otherwise leave
 * unchanged (presumably set by the caller).
 *
 * Returns 0 to abort verification with an error, non-zero to continue.
 */
static int
verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
{
	ctx->error_depth = depth;
	ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth);
	if (err != X509_V_OK)
		ctx->error = err;
	return ctx->verify_cb(0, ctx);
}

/*
 * Check certificate validity times.
 *
 * If depth >= 0, invoke verification callbacks on error, otherwise just return
 * the validation status.
 *
 * Return 1 on success, 0 otherwise.
 */
int
x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
{
	time_t *ptime;
	int i;

	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
		ptime = &ctx->param->check_time;
	else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
		return 1;
	else

		ptime = NULL;

	i = X509_cmp_time(X509_get_notBefore(x), ptime);
	if (i >= 0 && depth < 0)

		return 0;
	if (i == 0 && !verify_cb_cert(ctx, x, depth,
	    X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD))


		return 0;


	if (i > 0 && !verify_cb_cert(ctx, x, depth,


		X509_V_ERR_CERT_NOT_YET_VALID))


		return 0;


	i = X509_cmp_time(X509_get_notAfter(x), ptime);
	if (i <= 0 && depth < 0)

		return 0;
	if (i == 0 && !verify_cb_cert(ctx, x, depth,
	    X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD))


		return 0;


	if (i < 0 && !verify_cb_cert(ctx, x, depth,


	    X509_V_ERR_CERT_HAS_EXPIRED))


		return 0;


	return 1;
}

static int
internal_verify(X509_STORE_CTX *ctx)
{







	int n = sk_X509_num(ctx->chain) - 1;


	X509 *xi = sk_X509_value(ctx->chain, n);
	X509 *xs;

	if (ctx->check_issued(ctx, xi, xi))
		xs = xi;
	else {
		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
			xs = xi;
			goto check_cert;
		}
		if (n <= 0)
			return verify_cb_cert(ctx, xi, 0,
			    X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);




		n--;
		ctx->error_depth = n;
		xs = sk_X509_value(ctx->chain, n);
	}

	/*
	 * Do not clear ctx->error=0, it must be "sticky", only the
	 * user's callback is allowed to reset errors (at its own
	 * peril).
	 */
	while (n >= 0) {


		/*
		 * Skip signature check for self signed certificates
		 * unless explicitly asked for.  It doesn't add any
		 * security and just wastes time.  If the issuer's
		 * public key is unusable, report the issuer
		 * certificate and its depth (rather than the depth of
		 * the subject).
		 */
		if (xs != xi || (ctx->param->flags &
			X509_V_FLAG_CHECK_SS_SIGNATURE)) {











			EVP_PKEY *pkey;
			if ((pkey = X509_get_pubkey(xi)) == NULL) {
				if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
					X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
					return 0;
			} else if (X509_verify(xs, pkey) <= 0) {
				if (!verify_cb_cert(ctx, xs, n,
					X509_V_ERR_CERT_SIGNATURE_FAILURE)) {
					EVP_PKEY_free(pkey);
					return 0;
				}
			}
			EVP_PKEY_free(pkey);

		}
check_cert:

		/* Calls verify callback as needed */
		if (!x509_check_cert_time(ctx, xs, n))
			return 0;


		/*
		 * Signal success at this depth.  However, the
		 * previous error (if any) is retained.
		 */
		ctx->current_issuer = xi;
		ctx->current_cert = xs;
		ctx->error_depth = n;
		if (!ctx->verify_cb(1, ctx))
			return 0;


		if (--n >= 0) {
			xi = xs;
			xs = sk_X509_value(ctx->chain, n);
		}
	}



	return 1;
}

int
X509_cmp_current_time(const ASN1_TIME *ctm)
{
	return X509_cmp_time(ctm, NULL);
}
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
	if (cmp_time == NULL)
		time2 = time(NULL);
	else
		time2 = *cmp_time;

	memset(&tm1, 0, sizeof(tm1));

	type = asn1_time_parse(ctm->data, ctm->length, &tm1, ctm->type);
	if (type == -1)
		goto out; /* invalid time */

	/* RFC 5280 section 4.1.2.5 */
	if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME)
		goto out;
	if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME)
		goto out;

	/*
	 * Defensively fail if the time string is not representable as
	 * a time_t. A time_t must be sane if you care about times after
	 * Jan 19 2038.
	 */
	if ((time1 = timegm(&tm1)) == -1)
		goto out;

	if (gmtime_r(&time2, &tm2) == NULL)
		goto out;

	ret = asn1_tm_cmp(&tm1, &tm2);
	if (ret == 0)
		ret = -1; /* 0 is used for error, so map same to less than */
 out:
	return (ret);
}

ASN1_TIME *







|




















|







1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
	if (cmp_time == NULL)
		time2 = time(NULL);
	else
		time2 = *cmp_time;

	memset(&tm1, 0, sizeof(tm1));

	type = ASN1_time_parse(ctm->data, ctm->length, &tm1, ctm->type);
	if (type == -1)
		goto out; /* invalid time */

	/* RFC 5280 section 4.1.2.5 */
	if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME)
		goto out;
	if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME)
		goto out;

	/*
	 * Defensively fail if the time string is not representable as
	 * a time_t. A time_t must be sane if you care about times after
	 * Jan 19 2038.
	 */
	if ((time1 = timegm(&tm1)) == -1)
		goto out;

	if (gmtime_r(&time2, &tm2) == NULL)
		goto out;

	ret = ASN1_time_tm_cmp(&tm1, &tm2);
	if (ret == 0)
		ret = -1; /* 0 is used for error, so map same to less than */
 out:
	return (ret);
}

ASN1_TIME *
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745

	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
		return 1;

	for (i = 0; i < sk_X509_num(chain); i++) {
		ktmp = X509_get_pubkey(sk_X509_value(chain, i));
		if (ktmp == NULL) {
			X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
			    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
			return 0;
		}
		if (!EVP_PKEY_missing_parameters(ktmp))
			break;
		else {
			EVP_PKEY_free(ktmp);
			ktmp = NULL;
		}
	}
	if (ktmp == NULL) {
		X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
		    X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
		return 0;
	}

	/* first, populate the other certs */
	for (j = i - 1; j >= 0; j--) {
		ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
		EVP_PKEY_copy_parameters(ktmp2, ktmp);







<
|










<
|







1927
1928
1929
1930
1931
1932
1933

1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944

1945
1946
1947
1948
1949
1950
1951
1952

	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
		return 1;

	for (i = 0; i < sk_X509_num(chain); i++) {
		ktmp = X509_get_pubkey(sk_X509_value(chain, i));
		if (ktmp == NULL) {

			X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
			return 0;
		}
		if (!EVP_PKEY_missing_parameters(ktmp))
			break;
		else {
			EVP_PKEY_free(ktmp);
			ktmp = NULL;
		}
	}
	if (ktmp == NULL) {

		X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
		return 0;
	}

	/* first, populate the other certs */
	for (j = i - 1; j >= 0; j--) {
		ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
		EVP_PKEY_copy_parameters(ktmp2, ktmp);
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
	if (!purpose)
		purpose = def_purpose;
	/* If we have a purpose then check it is valid */
	if (purpose) {
		X509_PURPOSE *ptmp;
		idx = X509_PURPOSE_get_by_id(purpose);
		if (idx == -1) {
			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
			    X509_R_UNKNOWN_PURPOSE_ID);
			return 0;
		}
		ptmp = X509_PURPOSE_get0(idx);
		if (ptmp->trust == X509_TRUST_DEFAULT) {
			idx = X509_PURPOSE_get_by_id(def_purpose);
			if (idx == -1) {
				X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
				    X509_R_UNKNOWN_PURPOSE_ID);
				return 0;
			}
			ptmp = X509_PURPOSE_get0(idx);
		}
		/* If trust not set then get from purpose default */
		if (!trust)
			trust = ptmp->trust;
	}
	if (trust) {
		idx = X509_TRUST_get_by_id(trust);
		if (idx == -1) {
			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
			    X509_R_UNKNOWN_TRUST_ID);
			return 0;
		}
	}

	if (purpose && !ctx->param->purpose)
		ctx->param->purpose = purpose;
	if (trust && !ctx->param->trust)
		ctx->param->trust = trust;
	return 1;
}

X509_STORE_CTX *
X509_STORE_CTX_new(void)
{
	X509_STORE_CTX *ctx;

	ctx = calloc(1, sizeof(X509_STORE_CTX));
	if (!ctx) {
		X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	return ctx;
}

void
X509_STORE_CTX_free(X509_STORE_CTX *ctx)







<
|






<
|











<
|


















|







2093
2094
2095
2096
2097
2098
2099

2100
2101
2102
2103
2104
2105
2106

2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118

2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
	if (!purpose)
		purpose = def_purpose;
	/* If we have a purpose then check it is valid */
	if (purpose) {
		X509_PURPOSE *ptmp;
		idx = X509_PURPOSE_get_by_id(purpose);
		if (idx == -1) {

			X509error(X509_R_UNKNOWN_PURPOSE_ID);
			return 0;
		}
		ptmp = X509_PURPOSE_get0(idx);
		if (ptmp->trust == X509_TRUST_DEFAULT) {
			idx = X509_PURPOSE_get_by_id(def_purpose);
			if (idx == -1) {

				X509error(X509_R_UNKNOWN_PURPOSE_ID);
				return 0;
			}
			ptmp = X509_PURPOSE_get0(idx);
		}
		/* If trust not set then get from purpose default */
		if (!trust)
			trust = ptmp->trust;
	}
	if (trust) {
		idx = X509_TRUST_get_by_id(trust);
		if (idx == -1) {

			X509error(X509_R_UNKNOWN_TRUST_ID);
			return 0;
		}
	}

	if (purpose && !ctx->param->purpose)
		ctx->param->purpose = purpose;
	if (trust && !ctx->param->trust)
		ctx->param->trust = trust;
	return 1;
}

X509_STORE_CTX *
X509_STORE_CTX_new(void)
{
	X509_STORE_CTX *ctx;

	ctx = calloc(1, sizeof(X509_STORE_CTX));
	if (!ctx) {
		X509error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	return ctx;
}

void
X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1960
1961
1962
1963
1964
1965
1966






1967
1968
1969
1970
1971
1972
1973
	 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have
	 * freed everything and memset ex_data anyway.  This also allows us
	 * to safely use X509_STORE_CTX variables from the stack which will
	 * have uninitialized data.
	 */
	memset(ctx, 0, sizeof(*ctx));







	/*
	 * Set values other than 0.  Keep this in the same order as
	 * X509_STORE_CTX except for values that may fail.  All fields that
	 * may fail should go last to make sure 'ctx' is as consistent as
	 * possible even on early exits.
	 */
	ctx->ctx = store;







>
>
>
>
>
>







2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
	 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have
	 * freed everything and memset ex_data anyway.  This also allows us
	 * to safely use X509_STORE_CTX variables from the stack which will
	 * have uninitialized data.
	 */
	memset(ctx, 0, sizeof(*ctx));

	/*
	 * Start with this set to not valid - it will be set to valid
	 * in X509_verify_cert.
	 */
	ctx->error = X509_V_ERR_INVALID_CALL;

	/*
	 * Set values other than 0.  Keep this in the same order as
	 * X509_STORE_CTX except for values that may fail.  All fields that
	 * may fail should go last to make sure 'ctx' is as consistent as
	 * possible even on early exits.
	 */
	ctx->ctx = store;
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
	if (store && store->cleanup)
		ctx->cleanup = store->cleanup;
	else
		ctx->cleanup = NULL;

	ctx->param = X509_VERIFY_PARAM_new();
	if (!ctx->param) {
		X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	/* Inherit callbacks and flags from X509_STORE if not set
	 * use defaults.
	 */
	if (store)
		param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
	else
		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;

	if (param_ret)
		param_ret = X509_VERIFY_PARAM_inherit(ctx->param,
		    X509_VERIFY_PARAM_lookup("default"));

	if (param_ret == 0) {
		X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
	    &(ctx->ex_data)) == 0) {
		X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}

/* Set alternative lookup method: just a STACK of trusted certificates.
 * This avoids X509_STORE nastiness where it isn't needed.







|
















|





|







2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
	if (store && store->cleanup)
		ctx->cleanup = store->cleanup;
	else
		ctx->cleanup = NULL;

	ctx->param = X509_VERIFY_PARAM_new();
	if (!ctx->param) {
		X509error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	/* Inherit callbacks and flags from X509_STORE if not set
	 * use defaults.
	 */
	if (store)
		param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
	else
		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;

	if (param_ret)
		param_ret = X509_VERIFY_PARAM_inherit(ctx->param,
		    X509_VERIFY_PARAM_lookup("default"));

	if (param_ret == 0) {
		X509error(ERR_R_MALLOC_FAILURE);
		return 0;
	}

	if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
	    &(ctx->ex_data)) == 0) {
		X509error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}

/* Set alternative lookup method: just a STACK of trusted certificates.
 * This avoids X509_STORE nastiness where it isn't needed.
Changes to jni/libressl/crypto/x509/x509_vpm.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_vpm.c,v 1.10 2014/07/22 02:21:20 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_vpm.c,v 1.15 2016/12/21 15:15:45 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
58
59
60
61
62
63
64

65
66
67


68
69








70























































































71
72

73
74
75
76
77
78
79
80
81
82
83
84
85













86
87
88
89
90
91
92
93








94
95
96
97
98
99
100


101

102
103
104
105
106
107
108

#include <stdio.h>
#include <string.h>

#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>

#include <openssl/x509.h>
#include <openssl/x509v3.h>



/* X509_VERIFY_PARAM functions */









static void























































































x509_verify_param_zero(X509_VERIFY_PARAM *param)
{

	if (!param)
		return;
	param->name = NULL;
	param->purpose = 0;
	param->trust = 0;
	/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
	param->inh_flags = 0;
	param->flags = 0;
	param->depth = -1;
	if (param->policies) {
		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
		param->policies = NULL;
	}













}

X509_VERIFY_PARAM *
X509_VERIFY_PARAM_new(void)
{
	X509_VERIFY_PARAM *param;

	param = calloc(1, sizeof(X509_VERIFY_PARAM));








	x509_verify_param_zero(param);
	return param;
}

void
X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{


	x509_verify_param_zero(param);

	free(param);
}

/* This function determines how parameters are "inherited" from one structure
 * to another. There are several different ways this can happen.
 *
 * 1. If a child structure needs to have its values initialized from a parent







>



>
>


>
>
>
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


>













>
>
>
>
>
>
>
>
>
>
>
>
>






|

>
>
>
>
>
>
>
>







>
>

>







58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

#include <stdio.h>
#include <string.h>

#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/stack.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>

#include "vpm_int.h"

/* X509_VERIFY_PARAM functions */

int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email,
    size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip,
    size_t iplen);

#define SET_HOST 0
#define ADD_HOST 1

static void
str_free(char *s)
{
    free(s);
}

#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)


/*
 * Post 1.0.1 sk function "deep_copy".  For the moment we simply make
 * these take void * and use them directly without a glorious blob of
 * obfuscating macros of dubious value in front of them. All this in
 * preparation for a rototilling of safestack.h (likely inspired by
 * this).
 */
static void *
sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void)
{
	_STACK *sk = sk_void;
	void *(*copy_func)(void *) = copy_func_void;
	void (*free_func)(void *) = free_func_void;
	_STACK *ret = sk_dup(sk);

	if (ret == NULL)
		return NULL;

	size_t i;
	for (i = 0; i < ret->num; i++) {
		if (ret->data[i] == NULL)
			continue;
		ret->data[i] = copy_func(ret->data[i]);
		if (ret->data[i] == NULL) {
			size_t j;
			for (j = 0; j < i; j++) {
				if (ret->data[j] != NULL)
					free_func(ret->data[j]);
			}
			sk_free(ret);
			return NULL;
		}
	}

	return ret;
}

static int
int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
    const char *name, size_t namelen)
{
	char *copy;

	/*
	 * Refuse names with embedded NUL bytes.
	 * XXX: Do we need to push an error onto the error stack?
	 */
	if (name && memchr(name, '\0', namelen))
		return 0;

	if (mode == SET_HOST && id->hosts) {
		string_stack_free(id->hosts);
		id->hosts = NULL;
	}
	if (name == NULL || namelen == 0)
		return 1;
	copy = strndup(name, namelen);
	if (copy == NULL)
		return 0;

	if (id->hosts == NULL &&
	    (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
		free(copy);
		return 0;
	}

	if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
		free(copy);
		if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
			sk_OPENSSL_STRING_free(id->hosts);
			id->hosts = NULL;
		}
		return 0;
	}

	return 1;
}

static void
x509_verify_param_zero(X509_VERIFY_PARAM *param)
{
	X509_VERIFY_PARAM_ID *paramid;
	if (!param)
		return;
	param->name = NULL;
	param->purpose = 0;
	param->trust = 0;
	/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
	param->inh_flags = 0;
	param->flags = 0;
	param->depth = -1;
	if (param->policies) {
		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
		param->policies = NULL;
	}
	paramid = param->id;
	if (paramid->hosts) {
		string_stack_free(paramid->hosts);
		paramid->hosts = NULL;
	}
	free(paramid->peername);
	paramid->peername = NULL;
	free(paramid->email);
	paramid->email = NULL;
	paramid->emaillen = 0;
	free(paramid->ip);
	paramid->ip = NULL;
	paramid->iplen = 0;
}

X509_VERIFY_PARAM *
X509_VERIFY_PARAM_new(void)
{
	X509_VERIFY_PARAM *param;
	X509_VERIFY_PARAM_ID *paramid;
	param = calloc(1, sizeof(X509_VERIFY_PARAM));
	if (param == NULL)
		return NULL;
	paramid = calloc (1, sizeof(X509_VERIFY_PARAM_ID));
	if (paramid == NULL) {
		free(param);
		return NULL;
	}
	param->id = paramid;
	x509_verify_param_zero(param);
	return param;
}

void
X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
	if (param == NULL)
		return;
	x509_verify_param_zero(param);
	free(param->id);
	free(param);
}

/* This function determines how parameters are "inherited" from one structure
 * to another. There are several different ways this can happen.
 *
 * 1. If a child structure needs to have its values initialized from a parent
135
136
137
138
139
140
141





142
143
144
145
146
147
148
149
150
151
152
153

154
155
156

157
158
159
160
161
162
163

/* Macro to test if a field should be copied from src to dest */

#define test_x509_verify_param_copy(field, def) \
	(to_overwrite || \
		((src->field != def) && (to_default || (dest->field == def))))






/* Macro to test and copy a field if necessary */

#define x509_verify_param_copy(field, def) \
	if (test_x509_verify_param_copy(field, def)) \
		dest->field = src->field


int
X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src)
{
	unsigned long inh_flags;
	int to_default, to_overwrite;


	if (!src)
		return 1;

	inh_flags = dest->inh_flags | src->inh_flags;

	if (inh_flags & X509_VP_FLAG_ONCE)
		dest->inh_flags = 0;

	if (inh_flags & X509_VP_FLAG_LOCKED)
		return 1;







>
>
>
>
>





<






>



>







258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274

275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292

/* Macro to test if a field should be copied from src to dest */

#define test_x509_verify_param_copy(field, def) \
	(to_overwrite || \
		((src->field != def) && (to_default || (dest->field == def))))

/* As above but for ID fields */

#define test_x509_verify_param_copy_id(idf, def) \
	test_x509_verify_param_copy(id->idf, def)

/* Macro to test and copy a field if necessary */

#define x509_verify_param_copy(field, def) \
	if (test_x509_verify_param_copy(field, def)) \
		dest->field = src->field


int
X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src)
{
	unsigned long inh_flags;
	int to_default, to_overwrite;
	X509_VERIFY_PARAM_ID *id;

	if (!src)
		return 1;
	id = src->id;
	inh_flags = dest->inh_flags | src->inh_flags;

	if (inh_flags & X509_VP_FLAG_ONCE)
		dest->inh_flags = 0;

	if (inh_flags & X509_VP_FLAG_LOCKED)
		return 1;
189
190
191
192
193
194
195


























196
197
198
199
200
201
202
203
204
205
206
207
208
209
210



























211
212
213
214
215
216
217

	dest->flags |= src->flags;

	if (test_x509_verify_param_copy(policies, NULL)) {
		if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
			return 0;
	}



























	return 1;
}

int
X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from)
{
	unsigned long save_flags = to->inh_flags;
	int ret;

	to->inh_flags |= X509_VP_FLAG_DEFAULT;
	ret = X509_VERIFY_PARAM_inherit(to, from);
	to->inh_flags = save_flags;
	return ret;
}




























int
X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
{
	free(param->name);
	param->name = NULL;
	if (name == NULL)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>















>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399

	dest->flags |= src->flags;

	if (test_x509_verify_param_copy(policies, NULL)) {
		if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
			return 0;
	}

	/* Copy the host flags if and only if we're copying the host list */
	if (test_x509_verify_param_copy_id(hosts, NULL)) {
		if (dest->id->hosts) {
			string_stack_free(dest->id->hosts);
			dest->id->hosts = NULL;
		}
		if (id->hosts) {
			dest->id->hosts =
			    sk_deep_copy(id->hosts, strdup, str_free);
			if (dest->id->hosts == NULL)
				return 0;
			dest->id->hostflags = id->hostflags;
		}
	}

	if (test_x509_verify_param_copy_id(email, NULL)) {
		if (!X509_VERIFY_PARAM_set1_email(dest, id->email,
		    id->emaillen))
			return 0;
	}

	if (test_x509_verify_param_copy_id(ip, NULL)) {
		if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen))
			return 0;
	}

	return 1;
}

int
X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from)
{
	unsigned long save_flags = to->inh_flags;
	int ret;

	to->inh_flags |= X509_VP_FLAG_DEFAULT;
	ret = X509_VERIFY_PARAM_inherit(to, from);
	to->inh_flags = save_flags;
	return ret;
}

static int
int_x509_param_set1(char **pdest, size_t *pdestlen,  const char *src,
    size_t srclen)
{
	char *tmp;
	if (src) {
		if (srclen == 0) {
			if ((tmp = strdup(src)) == NULL)
				return 0;
			srclen = strlen(src);
		} else {
			if ((tmp = malloc(srclen)) == NULL)
				return 0;
			memcpy(tmp, src, srclen);
		}
	} else {
		tmp = NULL;
		srclen = 0;
	}
	if (*pdest)
		free(*pdest);
	*pdest = tmp;
	if (pdestlen)
		*pdestlen = srclen;
	return 1;
}

int
X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
{
	free(param->name);
	param->name = NULL;
	if (name == NULL)
312
313
314
315
316
317
318
319
320
























































321
322
323
324
325











326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341


342
343
344
345
346
347
348
349
350
351

352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371

372
373
374
375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413


414
415
416

417
418

419
420
421
422
423
424
425

426

















427
428
429
430

431
432
433

434
435
436
437
438
439






440
441
442
443
444
445
446
447
448
449
			ASN1_OBJECT_free(doid);
			return 0;
		}
	}
	param->flags |= X509_V_FLAG_POLICY_CHECK;
	return 1;
}

int
























































X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
{
	return param->depth;
}












/* Default verify parameters: these are used for various
 * applications and can be overridden by the user specified table.
 * NB: the 'name' field *must* be in alphabetical order because it
 * will be searched using OBJ_search.
 */

static const X509_VERIFY_PARAM default_table[] = {
	{
		"default",			/* X509 default parameters */
		0,				/* Check time */
		0,				/* internal flags */
		0,				/* flags */
		0,				/* purpose */
		0,				/* trust */
		100,				/* depth */
		NULL				/* policies */


	},
	{
		"pkcs7",			/* S/MIME sign parameters */
		0,				/* Check time */
		0,				/* internal flags */
		0,				/* flags */
		X509_PURPOSE_SMIME_SIGN,	/* purpose */
		X509_TRUST_EMAIL,		/* trust */
		-1,				/* depth */
		NULL				/* policies */

	},
	{
		"smime_sign",			/* S/MIME sign parameters */
		0,				/* Check time */
		0,				/* internal flags */
		0,				/* flags */
		X509_PURPOSE_SMIME_SIGN,	/* purpose */
		X509_TRUST_EMAIL,		/* trust */
		-1,				/* depth */
		NULL				/* policies */
	},
	{
		"ssl_client",			/* SSL/TLS client parameters */
		0,				/* Check time */
		0,				/* internal flags */
		0,				/* flags */
		X509_PURPOSE_SSL_CLIENT,	/* purpose */
		X509_TRUST_SSL_CLIENT,		/* trust */
		-1,				/* depth */
		NULL				/* policies */

	},
	{
		"ssl_server",			/* SSL/TLS server parameters */
		0,				/* Check time */
		0,				/* internal flags */
		0,				/* flags */
		X509_PURPOSE_SSL_SERVER,	/* purpose */
		X509_TRUST_SSL_SERVER,		/* trust */
		-1,				/* depth */
		NULL				/* policies */

	}
};

static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;

static int
table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
{
	return strcmp(a->name, b->name);
}

DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);

static int
param_cmp(const X509_VERIFY_PARAM * const *a,
    const X509_VERIFY_PARAM * const *b)
{
	return strcmp((*a)->name, (*b)->name);
}

int
X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
{
	int idx;
	X509_VERIFY_PARAM *ptmp;

	if (!param_table) {
		param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
		if (!param_table)
			return 0;
	} else {


		idx = sk_X509_VERIFY_PARAM_find(param_table, param);
		if (idx != -1) {
			ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);

			X509_VERIFY_PARAM_free(ptmp);
			(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);

		}
	}
	if (!sk_X509_VERIFY_PARAM_push(param_table, param))
		return 0;
	return 1;
}


const X509_VERIFY_PARAM *

















X509_VERIFY_PARAM_lookup(const char *name)
{
	int idx;
	X509_VERIFY_PARAM pm;


	pm.name = (char *)name;
	if (param_table) {

		idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
		if (idx != -1)
			return sk_X509_VERIFY_PARAM_value(param_table, idx);
	}
	return OBJ_bsearch_table(&pm, default_table,
	    sizeof(default_table)/sizeof(X509_VERIFY_PARAM));






}

void
X509_VERIFY_PARAM_table_cleanup(void)
{
	if (param_table)
		sk_X509_VERIFY_PARAM_pop_free(param_table,
		    X509_VERIFY_PARAM_free);
	param_table = NULL;
}









>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





>
>
>
>
>
>
>
>
>
>
>
|
|
<
<




|
<
<
<
<
<
|
<
>
>


|
<
<
<
|
|
|
<
>


|
<
<
<
|
|
|
|


|
<
<
<
|
|
|
<
>


|
<
<
<
|
|
|
<
>





<
<
<
<
<
<
<
<
<










<

<





>
>
|
|
|
>

|
>







>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

<

>



>
|
<


|
|
>
>
>
>
>
>










494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576


577
578
579
580
581





582

583
584
585
586
587



588
589
590

591
592
593
594



595
596
597
598
599
600
601



602
603
604

605
606
607
608



609
610
611

612
613
614
615
616
617









618
619
620
621
622
623
624
625
626
627

628

629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670

671
672
673
674
675
676
677

678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
			ASN1_OBJECT_free(doid);
			return 0;
		}
	}
	param->flags |= X509_V_FLAG_POLICY_CHECK;
	return 1;
}

int
X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
    const char *name, size_t namelen)
{
	return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
}

int
X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
    const char *name, size_t namelen)
{
	return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
}

void
X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags)
{
	param->id->hostflags = flags;
}

char *
X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
{
	return param->id->peername;
}

int
X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,  const char *email,
    size_t emaillen)
{
	return int_x509_param_set1(&param->id->email, &param->id->emaillen,
	    email, emaillen);
}

int
X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip,
    size_t iplen)
{
	if (iplen != 0 && iplen != 4 && iplen != 16)
		return 0;
	return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
	    (char *)ip, iplen);
}

int
X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
{
	unsigned char ipout[16];
	size_t iplen;

	iplen = (size_t)a2i_ipadd(ipout, ipasc);
	if (iplen == 0)
		return 0;
	return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
}

int
X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
{
	return param->depth;
}

const char *
X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
{
	return param->name;
}

static const X509_VERIFY_PARAM_ID _empty_id = { NULL };

#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id

/*
 * Default verify parameters: these are used for various applications and can
 * be overridden by the user specified table.


 */

static const X509_VERIFY_PARAM default_table[] = {
	{
		.name = "default",





		.depth = 100,

		.trust = 0,  /* XXX This is not the default trust value */
		.id = vpm_empty_id
	},
	{
		.name = "pkcs7",



		.purpose = X509_PURPOSE_SMIME_SIGN,
		.trust = X509_TRUST_EMAIL,
		.depth = -1,

		.id = vpm_empty_id
	},
	{
		.name = "smime_sign",



		.purpose = X509_PURPOSE_SMIME_SIGN,
		.trust = X509_TRUST_EMAIL,
		.depth =  -1,
		.id = vpm_empty_id
	},
	{
		.name = "ssl_client",



		.purpose = X509_PURPOSE_SSL_CLIENT,
		.trust = X509_TRUST_SSL_CLIENT,
		.depth = -1,

		.id = vpm_empty_id
	},
	{
		.name = "ssl_server",



		.purpose = X509_PURPOSE_SSL_SERVER,
		.trust = X509_TRUST_SSL_SERVER,
		.depth = -1,

		.id = vpm_empty_id
	}
};

static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;










static int
param_cmp(const X509_VERIFY_PARAM * const *a,
    const X509_VERIFY_PARAM * const *b)
{
	return strcmp((*a)->name, (*b)->name);
}

int
X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
{

	X509_VERIFY_PARAM *ptmp;

	if (!param_table) {
		param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
		if (!param_table)
			return 0;
	} else {
		size_t idx;

		if ((idx = sk_X509_VERIFY_PARAM_find(param_table, param))
		    != -1) {
			ptmp = sk_X509_VERIFY_PARAM_value(param_table,
			    idx);
			X509_VERIFY_PARAM_free(ptmp);
			(void)sk_X509_VERIFY_PARAM_delete(param_table,
			    idx);
		}
	}
	if (!sk_X509_VERIFY_PARAM_push(param_table, param))
		return 0;
	return 1;
}

int
X509_VERIFY_PARAM_get_count(void)
{
	int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
	if (param_table)
		num += sk_X509_VERIFY_PARAM_num(param_table);
	return num;
}

const
X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
{
	int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
	if (id < num)
		return default_table + id;
	return sk_X509_VERIFY_PARAM_value(param_table, id - num);
}

const
X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
{

	X509_VERIFY_PARAM pm;
	unsigned int i, limit;

	pm.name = (char *)name;
	if (param_table) {
		size_t idx;
		if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &pm)) != -1)

			return sk_X509_VERIFY_PARAM_value(param_table, idx);
	}

	limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
	for (i = 0; i < limit; i++) {
		if (strcmp(default_table[i].name, name) == 0) {
			return &default_table[i];
		}
	}
	return NULL;
}

void
X509_VERIFY_PARAM_table_cleanup(void)
{
	if (param_table)
		sk_X509_VERIFY_PARAM_pop_free(param_table,
		    X509_VERIFY_PARAM_free);
	param_table = NULL;
}
Changes to jni/libressl/crypto/x509/x509cset.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509cset.c,v 1.10 2015/09/30 17:30:16 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509cset.c,v 1.11 2015/09/30 17:49:59 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509/x509name.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509name.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509name.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
		inc = (set == 0) ? 1 : 0;
	}

	if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
		goto err;
	new_name->set = set;
	if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
		X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (inc) {
		n = sk_X509_NAME_ENTRY_num(sk);
		for (i = loc + 1; i < n; i++)
			sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
	}







|







271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
		inc = (set == 0) ? 1 : 0;
	}

	if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
		goto err;
	new_name->set = set;
	if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
		X509error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (inc) {
		n = sk_X509_NAME_ENTRY_num(sk);
		for (i = loc + 1; i < n; i++)
			sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
	}
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
    const char *field, int type, const unsigned char *bytes, int len)
{
	ASN1_OBJECT *obj;
	X509_NAME_ENTRY *nentry;

	obj = OBJ_txt2obj(field, 0);
	if (obj == NULL) {
		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
		    X509_R_INVALID_FIELD_NAME);
		ERR_asprintf_error_data("name=%s", field);
		return (NULL);
	}
	nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
	ASN1_OBJECT_free(obj);
	return nentry;
}

X509_NAME_ENTRY *
X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,
    unsigned char *bytes, int len)
{
	ASN1_OBJECT *obj;
	X509_NAME_ENTRY *nentry;

	obj = OBJ_nid2obj(nid);
	if (obj == NULL) {
		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,
		    X509_R_UNKNOWN_NID);
		return (NULL);
	}
	nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
	ASN1_OBJECT_free(obj);
	return nentry;
}








<
|

















<
|







296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320

321
322
323
324
325
326
327
328
    const char *field, int type, const unsigned char *bytes, int len)
{
	ASN1_OBJECT *obj;
	X509_NAME_ENTRY *nentry;

	obj = OBJ_txt2obj(field, 0);
	if (obj == NULL) {

		X509error(X509_R_INVALID_FIELD_NAME);
		ERR_asprintf_error_data("name=%s", field);
		return (NULL);
	}
	nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
	ASN1_OBJECT_free(obj);
	return nentry;
}

X509_NAME_ENTRY *
X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,
    unsigned char *bytes, int len)
{
	ASN1_OBJECT *obj;
	X509_NAME_ENTRY *nentry;

	obj = OBJ_nid2obj(nid);
	if (obj == NULL) {

		X509error(X509_R_UNKNOWN_NID);
		return (NULL);
	}
	nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
	ASN1_OBJECT_free(obj);
	return nentry;
}

355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
	return (NULL);
}

int
X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
{
	if ((ne == NULL) || (obj == NULL)) {
		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
		    ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	ASN1_OBJECT_free(ne->object);
	ne->object = OBJ_dup(obj);
	return ((ne->object == NULL) ? 0 : 1);
}








<
|







353
354
355
356
357
358
359

360
361
362
363
364
365
366
367
	return (NULL);
}

int
X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
{
	if ((ne == NULL) || (obj == NULL)) {

		X509error(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	ASN1_OBJECT_free(ne->object);
	ne->object = OBJ_dup(obj);
	return ((ne->object == NULL) ? 0 : 1);
}

Changes to jni/libressl/crypto/x509/x509rset.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509rset.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509rset.c,v 1.6 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x509spki.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509spki.c,v 1.11 2014/07/10 13:58:23 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509spki.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <string.h>
#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/err.h>
#include <openssl/x509.h>

int
NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
{







<
<
<







54
55
56
57
58
59
60



61
62
63
64
65
66
67
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <string.h>




#include <openssl/err.h>
#include <openssl/x509.h>

int
NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
{
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
	const unsigned char *p;
	int spki_len;
	NETSCAPE_SPKI *spki;

	if (len <= 0)
		len = strlen(str);
	if (!(spki_der = malloc(len + 1))) {
		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
	if (spki_len < 0) {
		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
		    X509_R_BASE64_DECODE_ERROR);
		free(spki_der);
		return NULL;
	}
	p = spki_der;
	spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
	free(spki_der);
	return spki;







|




<
|







87
88
89
90
91
92
93
94
95
96
97
98

99
100
101
102
103
104
105
106
	const unsigned char *p;
	int spki_len;
	NETSCAPE_SPKI *spki;

	if (len <= 0)
		len = strlen(str);
	if (!(spki_der = malloc(len + 1))) {
		X509error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
	if (spki_len < 0) {

		X509error(X509_R_BASE64_DECODE_ERROR);
		free(spki_der);
		return NULL;
	}
	p = spki_der;
	spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
	free(spki_der);
	return spki;
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
	unsigned char *der_spki, *p;
	char *b64_str;
	int der_len;
	der_len = i2d_NETSCAPE_SPKI(spki, NULL);
	der_spki = malloc(der_len);
	b64_str = reallocarray(NULL, der_len, 2);
	if (!der_spki || !b64_str) {
		X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
		free(der_spki);
		free(b64_str);
		return NULL;
	}
	p = der_spki;
	i2d_NETSCAPE_SPKI(spki, &p);
	EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
	free(der_spki);
	return b64_str;
}







|










114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
	unsigned char *der_spki, *p;
	char *b64_str;
	int der_len;
	der_len = i2d_NETSCAPE_SPKI(spki, NULL);
	der_spki = malloc(der_len);
	b64_str = reallocarray(NULL, der_len, 2);
	if (!der_spki || !b64_str) {
		X509error(ERR_R_MALLOC_FAILURE);
		free(der_spki);
		free(b64_str);
		return NULL;
	}
	p = der_spki;
	i2d_NETSCAPE_SPKI(spki, &p);
	EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
	free(der_spki);
	return b64_str;
}
Changes to jni/libressl/crypto/x509/x509type.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509type.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509type.c,v 1.12 2015/06/13 08:38:10 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/crypto/x509/x_all.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: x_all.c,v 1.20 2015/09/13 15:59:30 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x_all.c,v 1.23 2016/12/30 15:24:51 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif

X509 *
d2i_X509_bio(BIO *bp, X509 **x509)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
}

int
i2d_X509_bio(BIO *bp, X509 *x509)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
}

X509 *
d2i_X509_fp(FILE *fp, X509 **x509)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
}

int
i2d_X509_fp(FILE *fp, X509 *x509)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
}

X509_CRL *
d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
}

int
i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
}

X509_CRL *
d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
}

int
i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
}

PKCS7 *
d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
}

int
i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
}

PKCS7 *
d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
}

int
i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
}

X509_REQ *
d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}

int
i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}

X509_REQ *
d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
}

int
i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
}

#ifndef OPENSSL_NO_RSA
RSA *
d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
}

int
i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
}

RSA *
d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
}

int
i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
}

RSA *
d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
}

int
i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
}

RSA *
d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
}

int
i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
}

RSA *
d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
{
	return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
}







|





|





|





|





|





|





|





|





|





|





|





|





|





|





|





|






|





|





|





|





|





|





|





|







72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif

X509 *
d2i_X509_bio(BIO *bp, X509 **x509)
{
	return ASN1_item_d2i_bio(&X509_it, bp, x509);
}

int
i2d_X509_bio(BIO *bp, X509 *x509)
{
	return ASN1_item_i2d_bio(&X509_it, bp, x509);
}

X509 *
d2i_X509_fp(FILE *fp, X509 **x509)
{
	return ASN1_item_d2i_fp(&X509_it, fp, x509);
}

int
i2d_X509_fp(FILE *fp, X509 *x509)
{
	return ASN1_item_i2d_fp(&X509_it, fp, x509);
}

X509_CRL *
d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
{
	return ASN1_item_d2i_bio(&X509_CRL_it, bp, crl);
}

int
i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
{
	return ASN1_item_i2d_bio(&X509_CRL_it, bp, crl);
}

X509_CRL *
d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
{
	return ASN1_item_d2i_fp(&X509_CRL_it, fp, crl);
}

int
i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
{
	return ASN1_item_i2d_fp(&X509_CRL_it, fp, crl);
}

PKCS7 *
d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
{
	return ASN1_item_d2i_bio(&PKCS7_it, bp, p7);
}

int
i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
{
	return ASN1_item_i2d_bio(&PKCS7_it, bp, p7);
}

PKCS7 *
d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
{
	return ASN1_item_d2i_fp(&PKCS7_it, fp, p7);
}

int
i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
{
	return ASN1_item_i2d_fp(&PKCS7_it, fp, p7);
}

X509_REQ *
d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
{
	return ASN1_item_d2i_bio(&X509_REQ_it, bp, req);
}

int
i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
{
	return ASN1_item_i2d_bio(&X509_REQ_it, bp, req);
}

X509_REQ *
d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
{
	return ASN1_item_d2i_fp(&X509_REQ_it, fp, req);
}

int
i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
{
	return ASN1_item_i2d_fp(&X509_REQ_it, fp, req);
}

#ifndef OPENSSL_NO_RSA
RSA *
d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
{
	return ASN1_item_d2i_bio(&RSAPrivateKey_it, bp, rsa);
}

int
i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
{
	return ASN1_item_i2d_bio(&RSAPrivateKey_it, bp, rsa);
}

RSA *
d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
{
	return ASN1_item_d2i_fp(&RSAPrivateKey_it, fp, rsa);
}

int
i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
{
	return ASN1_item_i2d_fp(&RSAPrivateKey_it, fp, rsa);
}

RSA *
d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
{
	return ASN1_item_d2i_bio(&RSAPublicKey_it, bp, rsa);
}

int
i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
{
	return ASN1_item_i2d_bio(&RSAPublicKey_it, bp, rsa);
}

RSA *
d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
{
	return ASN1_item_d2i_fp(&RSAPublicKey_it, fp, rsa);
}

int
i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
{
	return ASN1_item_i2d_fp(&RSAPublicKey_it, fp, rsa);
}

RSA *
d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
{
	return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
}
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
}
#endif

#ifndef OPENSSL_NO_DSA
DSA *
d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(DSAPrivateKey), bp, dsa);
}

int
i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(DSAPrivateKey), bp, dsa);
}

DSA *
d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(DSAPrivateKey), fp, dsa);
}

int
i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(DSAPrivateKey), fp, dsa);
}

DSA *
d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
{
	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
}







|





|





|





|







244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
}
#endif

#ifndef OPENSSL_NO_DSA
DSA *
d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
{
	return ASN1_item_d2i_bio(&DSAPrivateKey_it, bp, dsa);
}

int
i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
{
	return ASN1_item_i2d_bio(&DSAPrivateKey_it, bp, dsa);
}

DSA *
d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
{
	return ASN1_item_d2i_fp(&DSAPrivateKey_it, fp, dsa);
}

int
i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
{
	return ASN1_item_i2d_fp(&DSAPrivateKey_it, fp, dsa);
}

DSA *
d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
{
	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
}
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
	return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
}
#endif

X509_SIG *
d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_SIG), bp, p8);
}

int
i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_SIG), bp, p8);
}

X509_SIG *
d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_SIG), fp, p8);
}

int
i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_SIG), fp, p8);
}

PKCS8_PRIV_KEY_INFO *
d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf)
{
	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), bp,
	    p8inf);
}

int
i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
{
	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), bp,
	    p8inf);
}

PKCS8_PRIV_KEY_INFO *
d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf)
{
	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), fp,
	    p8inf);
}

int
i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
{
	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), fp,
	    p8inf);
}

EVP_PKEY *
d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
{
	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey,







|





|





|





|





|






|






|






|







342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
	return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
}
#endif

X509_SIG *
d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
{
	return ASN1_item_d2i_bio(&X509_SIG_it, bp, p8);
}

int
i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
{
	return ASN1_item_i2d_bio(&X509_SIG_it, bp, p8);
}

X509_SIG *
d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
{
	return ASN1_item_d2i_fp(&X509_SIG_it, fp, p8);
}

int
i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
{
	return ASN1_item_i2d_fp(&X509_SIG_it, fp, p8);
}

PKCS8_PRIV_KEY_INFO *
d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf)
{
	return ASN1_item_d2i_bio(&PKCS8_PRIV_KEY_INFO_it, bp,
	    p8inf);
}

int
i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
{
	return ASN1_item_i2d_bio(&PKCS8_PRIV_KEY_INFO_it, bp,
	    p8inf);
}

PKCS8_PRIV_KEY_INFO *
d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf)
{
	return ASN1_item_d2i_fp(&PKCS8_PRIV_KEY_INFO_it, fp,
	    p8inf);
}

int
i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
{
	return ASN1_item_i2d_fp(&PKCS8_PRIV_KEY_INFO_it, fp,
	    p8inf);
}

EVP_PKEY *
d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
{
	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey,
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602







}

int
X509_verify(X509 *a, EVP_PKEY *r)
{
	if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
		return 0;
	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
	    a->signature, a->cert_info, r));
}

int
X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
{
	return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
	    a->sig_alg, a->signature, a->req_info, r));
}

int
NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
{
	return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
	    a->sig_algor, a->signature, a->spkac, r));
}

int
X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	x->cert_info->enc.modified = 1;
	return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF),
	    x->cert_info->signature, x->sig_alg, x->signature,
	    x->cert_info, pkey, md));
}

int
X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
	x->cert_info->enc.modified = 1;
	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
	    x->cert_info->signature, x->sig_alg, x->signature,
	    x->cert_info, ctx);
}

int
X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),
	    x->sig_alg, NULL, x->signature, x->req_info, pkey, md));
}

int
X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
{
	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
	    x->sig_alg, NULL, x->signature, x->req_info, ctx);
}

int
X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	x->crl->enc.modified = 1;
	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
	    x->sig_alg, x->signature, x->crl, pkey, md));
}

int
X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
	x->crl->enc.modified = 1;
	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
	    x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
}

int
NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
	    x->sig_algor, NULL, x->signature, x->spkac, pkey, md));
}

int
X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	ASN1_BIT_STRING *key;
	key = X509_get0_pubkey_bitstr(data);
	if (!key)
		return 0;
	return EVP_Digest(key->data, key->length, md, len, type, NULL);
}

int
X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(ASN1_ITEM_rptr(X509), type, (char *)data,
	    md, len));
}

int
X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL), type, (char *)data,
	    md, len));
}

int
X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ), type, (char *)data,
	    md, len));
}

int
X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data,
	    md, len));
}

int
PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
    const EVP_MD *type, unsigned char *md, unsigned int *len)
{
	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
	    (char *)data, md, len));
}














|






|






|







|








|







|






|







|







|






|


















|







|







|







|







|


>
>
>
>
>
>
>
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
}

int
X509_verify(X509 *a, EVP_PKEY *r)
{
	if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
		return 0;
	return(ASN1_item_verify(&X509_CINF_it, a->sig_alg,
	    a->signature, a->cert_info, r));
}

int
X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
{
	return (ASN1_item_verify(&X509_REQ_INFO_it,
	    a->sig_alg, a->signature, a->req_info, r));
}

int
NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
{
	return (ASN1_item_verify(&NETSCAPE_SPKAC_it,
	    a->sig_algor, a->signature, a->spkac, r));
}

int
X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	x->cert_info->enc.modified = 1;
	return (ASN1_item_sign(&X509_CINF_it,
	    x->cert_info->signature, x->sig_alg, x->signature,
	    x->cert_info, pkey, md));
}

int
X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
	x->cert_info->enc.modified = 1;
	return ASN1_item_sign_ctx(&X509_CINF_it,
	    x->cert_info->signature, x->sig_alg, x->signature,
	    x->cert_info, ctx);
}

int
X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	return (ASN1_item_sign(&X509_REQ_INFO_it,
	    x->sig_alg, NULL, x->signature, x->req_info, pkey, md));
}

int
X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
{
	return ASN1_item_sign_ctx(&X509_REQ_INFO_it,
	    x->sig_alg, NULL, x->signature, x->req_info, ctx);
}

int
X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	x->crl->enc.modified = 1;
	return(ASN1_item_sign(&X509_CRL_INFO_it, x->crl->sig_alg,
	    x->sig_alg, x->signature, x->crl, pkey, md));
}

int
X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
	x->crl->enc.modified = 1;
	return ASN1_item_sign_ctx(&X509_CRL_INFO_it,
	    x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
}

int
NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
{
	return (ASN1_item_sign(&NETSCAPE_SPKAC_it,
	    x->sig_algor, NULL, x->signature, x->spkac, pkey, md));
}

int
X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	ASN1_BIT_STRING *key;
	key = X509_get0_pubkey_bitstr(data);
	if (!key)
		return 0;
	return EVP_Digest(key->data, key->length, md, len, type, NULL);
}

int
X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(&X509_it, type, (char *)data,
	    md, len));
}

int
X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(&X509_CRL_it, type, (char *)data,
	    md, len));
}

int
X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(&X509_REQ_it, type, (char *)data,
	    md, len));
}

int
X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
    unsigned int *len)
{
	return (ASN1_item_digest(&X509_NAME_it, type, (char *)data,
	    md, len));
}

int
PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
    const EVP_MD *type, unsigned char *md, unsigned int *len)
{
	return(ASN1_item_digest(&PKCS7_ISSUER_AND_SERIAL_it, type,
	    (char *)data, md, len));
}

int
X509_up_ref(X509 *x)
{
	int i = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	return i > 1 ? 1 : 0;
}
Changes to jni/libressl/crypto/x509v3/ext_dat.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ext_dat.h,v 1.11 2014/07/10 22:45:58 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ext_dat.h,v 1.13 2016/12/21 15:49:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
53
54
55
56
57
58
59


60
61
62
63
64
65
66
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/opensslconf.h>



/* This file contains a table of "standard" extensions */

extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;







>
>







53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/opensslconf.h>

__BEGIN_HIDDEN_DECLS

/* This file contains a table of "standard" extensions */

extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
123
124
125
126
127
128
129


	&v3_idp,
	&v3_alt[2],
	&v3_freshest_crl,
};

/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))









>
>
125
126
127
128
129
130
131
132
133
	&v3_idp,
	&v3_alt[2],
	&v3_freshest_crl,
};

/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/x509v3/pcy_cache.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_cache.c,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_cache.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/pcy_data.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_data.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_data.c,v 1.9 2015/07/15 16:53:42 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/pcy_int.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_int.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_int.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
52
53
54
55
56
57
58

59
60
61
62
63
64
65
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */



typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;

DECLARE_STACK_OF(X509_POLICY_DATA)

/* Internal structures */








>







52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

__BEGIN_HIDDEN_DECLS

typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;

DECLARE_STACK_OF(X509_POLICY_DATA)

/* Internal structures */

200
201
202
203
204
205
206


    const X509_POLICY_DATA *data, X509_POLICY_NODE *parent,
    X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep);
void policy_node_free(X509_POLICY_NODE *node);
int policy_node_match(const X509_POLICY_LEVEL *lvl,
    const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);

const X509_POLICY_CACHE *policy_cache_set(X509 *x);









>
>
201
202
203
204
205
206
207
208
209
    const X509_POLICY_DATA *data, X509_POLICY_NODE *parent,
    X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep);
void policy_node_free(X509_POLICY_NODE *node);
int policy_node_match(const X509_POLICY_LEVEL *lvl,
    const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);

const X509_POLICY_CACHE *policy_cache_set(X509 *x);

__END_HIDDEN_DECLS
Changes to jni/libressl/crypto/x509v3/pcy_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_lib.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_lib.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/pcy_map.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_map.c,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_map.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/pcy_node.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_node.c,v 1.5 2014/07/23 20:49:52 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_node.c,v 1.6 2015/07/18 00:01:05 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/pcy_tree.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pcy_tree.c,v 1.17 2016/11/05 15:21:20 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
95
96
97
98
99
100
101
102


103
104
105
106
107
108
109
tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
{
	X509_POLICY_LEVEL *plev;
	X509_POLICY_NODE *node;
	int i;
	BIO *err;

	err = BIO_new_fp(stderr, BIO_NOCLOSE);


	if (!curr)
		curr = tree->levels + tree->nlevel;
	else
		curr++;
	BIO_printf(err, "Level print after %s\n", str);
	BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
	for (plev = tree->levels; plev != curr; plev++) {







|
>
>







95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
{
	X509_POLICY_LEVEL *plev;
	X509_POLICY_NODE *node;
	int i;
	BIO *err;

	if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
		return;

	if (!curr)
		curr = tree->levels + tree->nlevel;
	else
		curr++;
	BIO_printf(err, "Level print after %s\n", str);
	BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
	for (plev = tree->levels; plev != curr; plev++) {
Changes to jni/libressl/crypto/x509v3/v3_akey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_akey.c,v 1.16 2015/09/30 17:30:16 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_akey.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
    AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_akey_id = {
	.ext_nid = NID_authority_key_identifier,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = ASN1_ITEM_ref(AUTHORITY_KEYID),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,







|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
    AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_akey_id = {
	.ext_nid = NID_authority_key_identifier,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = &AUTHORITY_KEYID_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
				keyid = 2;
		}
		else if (!strcmp(cnf->name, "issuer")) {
			issuer = 1;
			if (cnf->value && !strcmp(cnf->value, "always"))
				issuer = 2;
		} else {
			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
			    X509V3_R_UNKNOWN_OPTION);
			ERR_asprintf_error_data("name=%s", cnf->name);
			return NULL;
		}
	}

	if (!ctx || !ctx->issuer_cert) {
		if (ctx && (ctx->flags == CTX_TEST))
			return AUTHORITY_KEYID_new();
		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
		    X509V3_R_NO_ISSUER_CERTIFICATE);
		return NULL;
	}

	cert = ctx->issuer_cert;

	if (keyid) {
		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
		if ((i >= 0)  && (ext = X509_get_ext(cert, i)))
			ikeyid = X509V3_EXT_d2i(ext);
		if (keyid == 2 && !ikeyid) {
			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
			    X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
			return NULL;
		}
	}

	if ((issuer && !ikeyid) || (issuer == 2)) {
		isname = X509_NAME_dup(X509_get_issuer_name(cert));
		serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
		if (!isname || !serial) {
			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
			    X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
			goto err;
		}
	}

	if (!(akeyid = AUTHORITY_KEYID_new()))
		goto err;

	if (isname) {
		if (!(gens = sk_GENERAL_NAME_new_null()) ||
		    !(gen = GENERAL_NAME_new()) ||
		    !sk_GENERAL_NAME_push(gens, gen)) {
			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		gen->type = GEN_DIRNAME;
		gen->d.dirn = isname;
	}

	akeyid->issuer = gens;







<
|








<
|










<
|








<
|











<
|







141
142
143
144
145
146
147

148
149
150
151
152
153
154
155
156

157
158
159
160
161
162
163
164
165
166
167

168
169
170
171
172
173
174
175
176

177
178
179
180
181
182
183
184
185
186
187
188

189
190
191
192
193
194
195
196
				keyid = 2;
		}
		else if (!strcmp(cnf->name, "issuer")) {
			issuer = 1;
			if (cnf->value && !strcmp(cnf->value, "always"))
				issuer = 2;
		} else {

			X509V3error(X509V3_R_UNKNOWN_OPTION);
			ERR_asprintf_error_data("name=%s", cnf->name);
			return NULL;
		}
	}

	if (!ctx || !ctx->issuer_cert) {
		if (ctx && (ctx->flags == CTX_TEST))
			return AUTHORITY_KEYID_new();

		X509V3error(X509V3_R_NO_ISSUER_CERTIFICATE);
		return NULL;
	}

	cert = ctx->issuer_cert;

	if (keyid) {
		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
		if ((i >= 0)  && (ext = X509_get_ext(cert, i)))
			ikeyid = X509V3_EXT_d2i(ext);
		if (keyid == 2 && !ikeyid) {

			X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
			return NULL;
		}
	}

	if ((issuer && !ikeyid) || (issuer == 2)) {
		isname = X509_NAME_dup(X509_get_issuer_name(cert));
		serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
		if (!isname || !serial) {

			X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
			goto err;
		}
	}

	if (!(akeyid = AUTHORITY_KEYID_new()))
		goto err;

	if (isname) {
		if (!(gens = sk_GENERAL_NAME_new_null()) ||
		    !(gen = GENERAL_NAME_new()) ||
		    !sk_GENERAL_NAME_push(gens, gen)) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		gen->type = GEN_DIRNAME;
		gen->d.dirn = isname;
	}

	akeyid->issuer = gens;
Changes to jni/libressl/crypto/x509v3/v3_akeya.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_akeya.c,v 1.6 2015/02/09 16:03:11 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_akeya.c,v 1.7 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/v3_alt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_alt.c,v 1.24 2015/07/29 16:13:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_alt.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

const X509V3_EXT_METHOD v3_alt[] = {
	{
		.ext_nid = NID_subject_alt_name,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(GENERAL_NAMES),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
		.v2i = (X509V3_EXT_V2I)v2i_subject_alt,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_issuer_alt_name,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(GENERAL_NAMES),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
		.v2i = (X509V3_EXT_V2I)v2i_issuer_alt,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_certificate_issuer,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(GENERAL_NAMES),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,







|















|















|







72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

const X509V3_EXT_METHOD v3_alt[] = {
	{
		.ext_nid = NID_subject_alt_name,
		.ext_flags = 0,
		.it = &GENERAL_NAMES_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
		.v2i = (X509V3_EXT_V2I)v2i_subject_alt,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_issuer_alt_name,
		.ext_flags = 0,
		.it = &GENERAL_NAMES_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
		.v2i = (X509V3_EXT_V2I)v2i_issuer_alt,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_certificate_issuer,
		.ext_flags = 0,
		.it = &GENERAL_NAMES_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
    STACK_OF(CONF_VALUE) *nval)
{
	GENERAL_NAMES *gens = NULL;
	CONF_VALUE *cnf;
	int i;

	if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
		X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if (name_cmp(cnf->name, "issuer") == 0 && cnf->value != NULL &&
		    strcmp(cnf->value, "copy") == 0) {
			if (!copy_issuer(ctx, gens))







|







275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
    STACK_OF(CONF_VALUE) *nval)
{
	GENERAL_NAMES *gens = NULL;
	CONF_VALUE *cnf;
	int i;

	if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if (name_cmp(cnf->name, "issuer") == 0 && cnf->value != NULL &&
		    strcmp(cnf->value, "copy") == 0) {
			if (!copy_issuer(ctx, gens))
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
	GENERAL_NAME *gen;
	X509_EXTENSION *ext;
	int i;

	if (ctx && (ctx->flags == CTX_TEST))
		return 1;
	if (!ctx || !ctx->issuer_cert) {
		X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
		goto err;
	}
	i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
	if (i < 0)
		return 1;
	if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
	    !(ialt = X509V3_EXT_d2i(ext))) {
		X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
		goto err;
	}

	for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
		gen = sk_GENERAL_NAME_value(ialt, i);
		if (!sk_GENERAL_NAME_push(gens, gen)) {
			X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	sk_GENERAL_NAME_free(ialt);

	return 1;








|







|






|







314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
	GENERAL_NAME *gen;
	X509_EXTENSION *ext;
	int i;

	if (ctx && (ctx->flags == CTX_TEST))
		return 1;
	if (!ctx || !ctx->issuer_cert) {
		X509V3error(X509V3_R_NO_ISSUER_DETAILS);
		goto err;
	}
	i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
	if (i < 0)
		return 1;
	if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
	    !(ialt = X509V3_EXT_d2i(ext))) {
		X509V3error(X509V3_R_ISSUER_DECODE_ERROR);
		goto err;
	}

	for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
		gen = sk_GENERAL_NAME_value(ialt, i);
		if (!sk_GENERAL_NAME_push(gens, gen)) {
			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	sk_GENERAL_NAME_free(ialt);

	return 1;

351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
    STACK_OF(CONF_VALUE) *nval)
{
	GENERAL_NAMES *gens = NULL;
	CONF_VALUE *cnf;
	int i;

	if (!(gens = sk_GENERAL_NAME_new_null())) {
		X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if (!name_cmp(cnf->name, "email") && cnf->value &&
		    !strcmp(cnf->value, "copy")) {
			if (!copy_email(ctx, gens, 0))







|







351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
    STACK_OF(CONF_VALUE) *nval)
{
	GENERAL_NAMES *gens = NULL;
	CONF_VALUE *cnf;
	int i;

	if (!(gens = sk_GENERAL_NAME_new_null())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if (!name_cmp(cnf->name, "email") && cnf->value &&
		    !strcmp(cnf->value, "copy")) {
			if (!copy_email(ctx, gens, 0))
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
	X509_NAME_ENTRY *ne;
	GENERAL_NAME *gen = NULL;
	int i;

	if (ctx != NULL && ctx->flags == CTX_TEST)
		return 1;
	if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
		X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
		goto err;
	}
	/* Find the subject name */
	if (ctx->subject_cert)
		nm = X509_get_subject_name(ctx->subject_cert);
	else
		nm = X509_REQ_get_subject_name(ctx->subject_req);

	/* Now add any email address(es) to STACK */
	i = -1;
	while ((i = X509_NAME_get_index_by_NID(nm,
	    NID_pkcs9_emailAddress, i)) >= 0) {
		ne = X509_NAME_get_entry(nm, i);
		email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
		if (move_p) {
			X509_NAME_delete_entry(nm, i);
			X509_NAME_ENTRY_free(ne);
			i--;
		}
		if (!email || !(gen = GENERAL_NAME_new())) {
			X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		gen->d.ia5 = email;
		email = NULL;
		gen->type = GEN_EMAIL;
		if (!sk_GENERAL_NAME_push(gens, gen)) {
			X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		gen = NULL;
	}

	return 1;








|




















|






|







397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
	X509_NAME_ENTRY *ne;
	GENERAL_NAME *gen = NULL;
	int i;

	if (ctx != NULL && ctx->flags == CTX_TEST)
		return 1;
	if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
		X509V3error(X509V3_R_NO_SUBJECT_DETAILS);
		goto err;
	}
	/* Find the subject name */
	if (ctx->subject_cert)
		nm = X509_get_subject_name(ctx->subject_cert);
	else
		nm = X509_REQ_get_subject_name(ctx->subject_req);

	/* Now add any email address(es) to STACK */
	i = -1;
	while ((i = X509_NAME_get_index_by_NID(nm,
	    NID_pkcs9_emailAddress, i)) >= 0) {
		ne = X509_NAME_get_entry(nm, i);
		email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
		if (move_p) {
			X509_NAME_delete_entry(nm, i);
			X509_NAME_ENTRY_free(ne);
			i--;
		}
		if (!email || !(gen = GENERAL_NAME_new())) {
			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		gen->d.ia5 = email;
		email = NULL;
		gen->type = GEN_EMAIL;
		if (!sk_GENERAL_NAME_push(gens, gen)) {
			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		gen = NULL;
	}

	return 1;

449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
{
	GENERAL_NAME *gen;
	GENERAL_NAMES *gens = NULL;
	CONF_VALUE *cnf;
	int i;

	if (!(gens = sk_GENERAL_NAME_new_null())) {
		X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
			goto err;
		if (sk_GENERAL_NAME_push(gens, gen) == 0) {







|







449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
{
	GENERAL_NAME *gen;
	GENERAL_NAMES *gens = NULL;
	CONF_VALUE *cnf;
	int i;

	if (!(gens = sk_GENERAL_NAME_new_null())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
			goto err;
		if (sk_GENERAL_NAME_push(gens, gen) == 0) {
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, int gen_type, char *value, int is_nc)
{
	char is_string = 0;
	GENERAL_NAME *gen = NULL;

	if (!value) {
		X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE);
		return NULL;
	}

	if (out)
		gen = out;
	else {
		gen = GENERAL_NAME_new();
		if (gen == NULL) {
			X509V3err(X509V3_F_A2I_GENERAL_NAME,
			    ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	}

	switch (gen_type) {
	case GEN_URI:
	case GEN_EMAIL:
	case GEN_DNS:
		is_string = 1;
		break;

	case GEN_RID:
		{
			ASN1_OBJECT *obj;
			if (!(obj = OBJ_txt2obj(value, 0))) {
				X509V3err(X509V3_F_A2I_GENERAL_NAME,
				    X509V3_R_BAD_OBJECT);
				ERR_asprintf_error_data("value=%s", value);
				goto err;
			}
			gen->d.rid = obj;
		}
		break;

	case GEN_IPADD:
		if (is_nc)
			gen->d.ip = a2i_IPADDRESS_NC(value);
		else
			gen->d.ip = a2i_IPADDRESS(value);
		if (gen->d.ip == NULL) {
			X509V3err(X509V3_F_A2I_GENERAL_NAME,
			    X509V3_R_BAD_IP_ADDRESS);
			ERR_asprintf_error_data("value=%s", value);
			goto err;
		}
		break;

	case GEN_DIRNAME:
		if (!do_dirname(gen, value, ctx)) {
			X509V3err(X509V3_F_A2I_GENERAL_NAME,
			    X509V3_R_DIRNAME_ERROR);
			goto err;
		}
		break;

	case GEN_OTHERNAME:
		if (!do_othername(gen, value, ctx)) {
			X509V3err(X509V3_F_A2I_GENERAL_NAME,
			    X509V3_R_OTHERNAME_ERROR);
			goto err;
		}
		break;

	default:
		X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE);
		goto err;
	}

	if (is_string) {
		if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
		    !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
			strlen(value))) {
			X509V3err(X509V3_F_A2I_GENERAL_NAME,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}

	gen->type = gen_type;

	return gen;







|








<
|















<
|













<
|







<
|






<
|





|







<
|







483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498

499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514

515
516
517
518
519
520
521
522
523
524
525
526
527
528

529
530
531
532
533
534
535
536

537
538
539
540
541
542
543

544
545
546
547
548
549
550
551
552
553
554
555
556
557

558
559
560
561
562
563
564
565
a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, int gen_type, char *value, int is_nc)
{
	char is_string = 0;
	GENERAL_NAME *gen = NULL;

	if (!value) {
		X509V3error(X509V3_R_MISSING_VALUE);
		return NULL;
	}

	if (out)
		gen = out;
	else {
		gen = GENERAL_NAME_new();
		if (gen == NULL) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	}

	switch (gen_type) {
	case GEN_URI:
	case GEN_EMAIL:
	case GEN_DNS:
		is_string = 1;
		break;

	case GEN_RID:
		{
			ASN1_OBJECT *obj;
			if (!(obj = OBJ_txt2obj(value, 0))) {

				X509V3error(X509V3_R_BAD_OBJECT);
				ERR_asprintf_error_data("value=%s", value);
				goto err;
			}
			gen->d.rid = obj;
		}
		break;

	case GEN_IPADD:
		if (is_nc)
			gen->d.ip = a2i_IPADDRESS_NC(value);
		else
			gen->d.ip = a2i_IPADDRESS(value);
		if (gen->d.ip == NULL) {

			X509V3error(X509V3_R_BAD_IP_ADDRESS);
			ERR_asprintf_error_data("value=%s", value);
			goto err;
		}
		break;

	case GEN_DIRNAME:
		if (!do_dirname(gen, value, ctx)) {

			X509V3error(X509V3_R_DIRNAME_ERROR);
			goto err;
		}
		break;

	case GEN_OTHERNAME:
		if (!do_othername(gen, value, ctx)) {

			X509V3error(X509V3_R_OTHERNAME_ERROR);
			goto err;
		}
		break;

	default:
		X509V3error(X509V3_R_UNSUPPORTED_TYPE);
		goto err;
	}

	if (is_string) {
		if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
		    !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
			strlen(value))) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}

	gen->type = gen_type;

	return gen;
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
	int type;
	char *name, *value;

	name = cnf->name;
	value = cnf->value;

	if (!value) {
		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
		return NULL;
	}

	if (!name_cmp(name, "email"))
		type = GEN_EMAIL;
	else if (!name_cmp(name, "URI"))
		type = GEN_URI;
	else if (!name_cmp(name, "DNS"))
		type = GEN_DNS;
	else if (!name_cmp(name, "RID"))
		type = GEN_RID;
	else if (!name_cmp(name, "IP"))
		type = GEN_IPADD;
	else if (!name_cmp(name, "dirName"))
		type = GEN_DIRNAME;
	else if (!name_cmp(name, "otherName"))
		type = GEN_OTHERNAME;
	else {
		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,
		    X509V3_R_UNSUPPORTED_OPTION);
		ERR_asprintf_error_data("name=%s", name);
		return NULL;
	}

	return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
}








|


















<
|







577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602

603
604
605
606
607
608
609
610
	int type;
	char *name, *value;

	name = cnf->name;
	value = cnf->value;

	if (!value) {
		X509V3error(X509V3_R_MISSING_VALUE);
		return NULL;
	}

	if (!name_cmp(name, "email"))
		type = GEN_EMAIL;
	else if (!name_cmp(name, "URI"))
		type = GEN_URI;
	else if (!name_cmp(name, "DNS"))
		type = GEN_DNS;
	else if (!name_cmp(name, "RID"))
		type = GEN_RID;
	else if (!name_cmp(name, "IP"))
		type = GEN_IPADD;
	else if (!name_cmp(name, "dirName"))
		type = GEN_DIRNAME;
	else if (!name_cmp(name, "otherName"))
		type = GEN_OTHERNAME;
	else {

		X509V3error(X509V3_R_UNSUPPORTED_OPTION);
		ERR_asprintf_error_data("name=%s", name);
		return NULL;
	}

	return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
}

651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
	STACK_OF(CONF_VALUE) *sk;
	X509_NAME *nm;

	if (!(nm = X509_NAME_new()))
		return 0;
	sk = X509V3_get_section(ctx, value);
	if (!sk) {
		X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
		ERR_asprintf_error_data("section=%s", value);
		X509_NAME_free(nm);
		return 0;
	}
	/* FIXME: should allow other character types... */
	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
	if (!ret)
		X509_NAME_free(nm);
	gen->d.dirn = nm;
	X509V3_section_free(ctx, sk);

	return ret;
}







|













644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
	STACK_OF(CONF_VALUE) *sk;
	X509_NAME *nm;

	if (!(nm = X509_NAME_new()))
		return 0;
	sk = X509V3_get_section(ctx, value);
	if (!sk) {
		X509V3error(X509V3_R_SECTION_NOT_FOUND);
		ERR_asprintf_error_data("section=%s", value);
		X509_NAME_free(nm);
		return 0;
	}
	/* FIXME: should allow other character types... */
	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
	if (!ret)
		X509_NAME_free(nm);
	gen->d.dirn = nm;
	X509V3_section_free(ctx, sk);

	return ret;
}
Changes to jni/libressl/crypto/x509v3/v3_bcons.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_bcons.c,v 1.12 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_bcons.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
    BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_bcons = {
	.ext_nid = NID_basic_constraints,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(BASIC_CONSTRAINTS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,







|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
    BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_bcons = {
	.ext_nid = NID_basic_constraints,
	.ext_flags = 0,
	.it = &BASIC_CONSTRAINTS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
    STACK_OF(CONF_VALUE) *values)
{
	BASIC_CONSTRAINTS *bcons = NULL;
	CONF_VALUE *val;
	int i;

	if (!(bcons = BASIC_CONSTRAINTS_new())) {
		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
		val = sk_CONF_VALUE_value(values, i);
		if (!strcmp(val->name, "CA")) {
			if (!X509V3_get_value_bool(val, &bcons->ca))
				goto err;
		} else if (!strcmp(val->name, "pathlen")) {
			if (!X509V3_get_value_int(val, &bcons->pathlen))
				goto err;
		} else {
			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS,
			    X509V3_R_INVALID_NAME);
			X509V3_conf_err(val);
			goto err;
		}
	}
	return bcons;

err:
	BASIC_CONSTRAINTS_free(bcons);
	return NULL;
}







|











<
|










155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

174
175
176
177
178
179
180
181
182
183
184
    STACK_OF(CONF_VALUE) *values)
{
	BASIC_CONSTRAINTS *bcons = NULL;
	CONF_VALUE *val;
	int i;

	if (!(bcons = BASIC_CONSTRAINTS_new())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
		val = sk_CONF_VALUE_value(values, i);
		if (!strcmp(val->name, "CA")) {
			if (!X509V3_get_value_bool(val, &bcons->ca))
				goto err;
		} else if (!strcmp(val->name, "pathlen")) {
			if (!X509V3_get_value_int(val, &bcons->pathlen))
				goto err;
		} else {

			X509V3error(X509V3_R_INVALID_NAME);
			X509V3_conf_err(val);
			goto err;
		}
	}
	return bcons;

err:
	BASIC_CONSTRAINTS_free(bcons);
	return NULL;
}
Changes to jni/libressl/crypto/x509v3/v3_bitst.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_bitst.c,v 1.11 2015/07/29 16:13:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_bitst.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
	{8, "Decipher Only", "decipherOnly"},
	{-1, NULL, NULL}
};

const X509V3_EXT_METHOD v3_nscert = {
	.ext_nid = NID_netscape_cert_type,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_BIT_STRING),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
	.v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = ns_cert_type_table,
};

const X509V3_EXT_METHOD v3_key_usage = {
	.ext_nid = NID_key_usage,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_BIT_STRING),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,







|
















|







87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
	{8, "Decipher Only", "decipherOnly"},
	{-1, NULL, NULL}
};

const X509V3_EXT_METHOD v3_nscert = {
	.ext_nid = NID_netscape_cert_type,
	.ext_flags = 0,
	.it = &ASN1_BIT_STRING_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
	.v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = ns_cert_type_table,
};

const X509V3_EXT_METHOD v3_key_usage = {
	.ext_nid = NID_key_usage,
	.ext_flags = 0,
	.it = &ASN1_BIT_STRING_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
{
	CONF_VALUE *val;
	ASN1_BIT_STRING *bs;
	int i;
	BIT_STRING_BITNAME *bnam;

	if (!(bs = ASN1_BIT_STRING_new())) {
		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		val = sk_CONF_VALUE_value(nval, i);
		for (bnam = method->usr_data; bnam->lname; bnam++) {
			if (!strcmp(bnam->sname, val->name) ||
			    !strcmp(bnam->lname, val->name) ) {
				if (!ASN1_BIT_STRING_set_bit(bs,
				    bnam->bitnum, 1)) {
					X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
					    ERR_R_MALLOC_FAILURE);
					ASN1_BIT_STRING_free(bs);
					return NULL;
				}
				break;
			}
		}
		if (!bnam->lname) {
			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
			    X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
			X509V3_conf_err(val);
			ASN1_BIT_STRING_free(bs);
			return NULL;
		}
	}
	return bs;
}







|









<
|







<
|







141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

158
159
160
161
162
163
164
165

166
167
168
169
170
171
172
173
{
	CONF_VALUE *val;
	ASN1_BIT_STRING *bs;
	int i;
	BIT_STRING_BITNAME *bnam;

	if (!(bs = ASN1_BIT_STRING_new())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		val = sk_CONF_VALUE_value(nval, i);
		for (bnam = method->usr_data; bnam->lname; bnam++) {
			if (!strcmp(bnam->sname, val->name) ||
			    !strcmp(bnam->lname, val->name) ) {
				if (!ASN1_BIT_STRING_set_bit(bs,
				    bnam->bitnum, 1)) {

					X509V3error(ERR_R_MALLOC_FAILURE);
					ASN1_BIT_STRING_free(bs);
					return NULL;
				}
				break;
			}
		}
		if (!bnam->lname) {

			X509V3error(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
			X509V3_conf_err(val);
			ASN1_BIT_STRING_free(bs);
			return NULL;
		}
	}
	return bs;
}
Changes to jni/libressl/crypto/x509v3/v3_conf.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_conf.c,v 1.18 2015/09/30 18:41:06 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_conf.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
	X509_EXTENSION *ret;

	crit = v3_check_critical(&value);
	if ((ext_type = v3_check_generic(&value)))
		return v3_generic_extension(name, value, crit, ext_type, ctx);
	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
	if (!ret) {
		X509V3err(X509V3_F_X509V3_EXT_NCONF,
		    X509V3_R_ERROR_IN_EXTENSION);
		ERR_asprintf_error_data("name=%s, value=%s", name, value);
	}
	return ret;
}

/* CONF *conf:  Config file    */
/* char *value:  Value    */







<
|







89
90
91
92
93
94
95

96
97
98
99
100
101
102
103
	X509_EXTENSION *ret;

	crit = v3_check_critical(&value);
	if ((ext_type = v3_check_generic(&value)))
		return v3_generic_extension(name, value, crit, ext_type, ctx);
	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
	if (!ret) {

		X509V3error(X509V3_R_ERROR_IN_EXTENSION);
		ERR_asprintf_error_data("name=%s, value=%s", name, value);
	}
	return ret;
}

/* CONF *conf:  Config file    */
/* char *value:  Value    */
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
{
	const X509V3_EXT_METHOD *method;
	X509_EXTENSION *ext;
	void *ext_struc;

	if (ext_nid == NID_undef) {
		X509V3err(X509V3_F_DO_EXT_NCONF,
		    X509V3_R_UNKNOWN_EXTENSION_NAME);
		return NULL;
	}
	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
		X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
		return NULL;
	}
	/* Now get internal extension representation based on type */
	if (method->v2i) {
		STACK_OF(CONF_VALUE) *nval;

		if (*value == '@')
			nval = NCONF_get_section(conf, value + 1);
		else
			nval = X509V3_parse_list(value);
		if (sk_CONF_VALUE_num(nval) <= 0) {
			X509V3err(X509V3_F_DO_EXT_NCONF,
			    X509V3_R_INVALID_EXTENSION_STRING);
			ERR_asprintf_error_data("name=%s,section=%s",
			    OBJ_nid2sn(ext_nid), value);
			if (*value != '@')
				sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
			return NULL;
		}
		ext_struc = method->v2i(method, ctx, nval);
		if (*value != '@')
			sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
	} else if (method->s2i) {
		ext_struc = method->s2i(method, ctx, value);
	} else if (method->r2i) {
		if (!ctx->db || !ctx->db_meth) {
			X509V3err(X509V3_F_DO_EXT_NCONF,
			    X509V3_R_NO_CONFIG_DATABASE);
			return NULL;
		}
		ext_struc = method->r2i(method, ctx, value);
	} else {
		X509V3err(X509V3_F_DO_EXT_NCONF,
		    X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
		ERR_asprintf_error_data("name=%s", OBJ_nid2sn(ext_nid));
		return NULL;
	}
	if (ext_struc == NULL)
		return NULL;

	ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
	if (method->it)
		ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
	else
		method->ext_free(ext_struc);
	return ext;
}

static X509_EXTENSION *
do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit,
    void *ext_struc)
{
	unsigned char *ext_der;
	int ext_len;
	ASN1_OCTET_STRING *ext_oct = NULL;
	X509_EXTENSION *ext;

	/* Convert internal representation to DER */
	if (method->it) {
		ext_der = NULL;
		ext_len = ASN1_item_i2d(ext_struc, &ext_der,
		    ASN1_ITEM_ptr(method->it));
		if (ext_len < 0)
			goto merr;
	} else {
		unsigned char *p;
		ext_len = method->i2d(ext_struc, NULL);
		if (!(ext_der = malloc(ext_len)))
			goto merr;







<
|



|











<
|













<
|




<
|








|


















|







120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

143
144
145
146
147
148
149
150
151
152
153
154
155
156

157
158
159
160
161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
{
	const X509V3_EXT_METHOD *method;
	X509_EXTENSION *ext;
	void *ext_struc;

	if (ext_nid == NID_undef) {

		X509V3error(X509V3_R_UNKNOWN_EXTENSION_NAME);
		return NULL;
	}
	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
		X509V3error(X509V3_R_UNKNOWN_EXTENSION);
		return NULL;
	}
	/* Now get internal extension representation based on type */
	if (method->v2i) {
		STACK_OF(CONF_VALUE) *nval;

		if (*value == '@')
			nval = NCONF_get_section(conf, value + 1);
		else
			nval = X509V3_parse_list(value);
		if (sk_CONF_VALUE_num(nval) <= 0) {

			X509V3error(X509V3_R_INVALID_EXTENSION_STRING);
			ERR_asprintf_error_data("name=%s,section=%s",
			    OBJ_nid2sn(ext_nid), value);
			if (*value != '@')
				sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
			return NULL;
		}
		ext_struc = method->v2i(method, ctx, nval);
		if (*value != '@')
			sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
	} else if (method->s2i) {
		ext_struc = method->s2i(method, ctx, value);
	} else if (method->r2i) {
		if (!ctx->db || !ctx->db_meth) {

			X509V3error(X509V3_R_NO_CONFIG_DATABASE);
			return NULL;
		}
		ext_struc = method->r2i(method, ctx, value);
	} else {

		X509V3error(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
		ERR_asprintf_error_data("name=%s", OBJ_nid2sn(ext_nid));
		return NULL;
	}
	if (ext_struc == NULL)
		return NULL;

	ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
	if (method->it)
		ASN1_item_free(ext_struc, method->it);
	else
		method->ext_free(ext_struc);
	return ext;
}

static X509_EXTENSION *
do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit,
    void *ext_struc)
{
	unsigned char *ext_der;
	int ext_len;
	ASN1_OCTET_STRING *ext_oct = NULL;
	X509_EXTENSION *ext;

	/* Convert internal representation to DER */
	if (method->it) {
		ext_der = NULL;
		ext_len = ASN1_item_i2d(ext_struc, &ext_der,
		    method->it);
		if (ext_len < 0)
			goto merr;
	} else {
		unsigned char *p;
		ext_len = method->i2d(ext_struc, NULL);
		if (!(ext_der = malloc(ext_len)))
			goto merr;
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
		goto merr;
	ASN1_OCTET_STRING_free(ext_oct);

	return ext;

merr:
	ASN1_OCTET_STRING_free(ext_oct);
	X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
	return NULL;

}

/* Given an internal structure, nid and critical flag create an extension */

X509_EXTENSION *
X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
{
	const X509V3_EXT_METHOD *method;

	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
		X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
		return NULL;
	}
	return do_ext_i2d(method, ext_nid, crit, ext_struc);
}

/* Check the extension string for critical flag */
static int







|












|







208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
		goto merr;
	ASN1_OCTET_STRING_free(ext_oct);

	return ext;

merr:
	ASN1_OCTET_STRING_free(ext_oct);
	X509V3error(ERR_R_MALLOC_FAILURE);
	return NULL;

}

/* Given an internal structure, nid and critical flag create an extension */

X509_EXTENSION *
X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
{
	const X509V3_EXT_METHOD *method;

	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
		X509V3error(X509V3_R_UNKNOWN_EXTENSION);
		return NULL;
	}
	return do_ext_i2d(method, ext_nid, crit, ext_struc);
}

/* Check the extension string for critical flag */
static int
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
	unsigned char *ext_der = NULL;
	long ext_len = 0;
	ASN1_OBJECT *obj = NULL;
	ASN1_OCTET_STRING *oct = NULL;
	X509_EXTENSION *extension = NULL;

	if (!(obj = OBJ_txt2obj(ext, 0))) {
		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
		    X509V3_R_EXTENSION_NAME_ERROR);
		ERR_asprintf_error_data("name=%s", ext);
		goto err;
	}

	if (gen_type == 1)
		ext_der = string_to_hex(value, &ext_len);
	else if (gen_type == 2)
		ext_der = generic_asn1(value, ctx, &ext_len);
	else {
		ERR_asprintf_error_data("Unexpected generic extension type %d", gen_type);
		goto err;
	}

	if (ext_der == NULL) {
		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
		    X509V3_R_EXTENSION_VALUE_ERROR);
		ERR_asprintf_error_data("value=%s", value);
		goto err;
	}

	if (!(oct = ASN1_OCTET_STRING_new())) {
		X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	oct->data = ext_der;
	oct->length = ext_len;
	ext_der = NULL;








<
|














<
|





|







275
276
277
278
279
280
281

282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

297
298
299
300
301
302
303
304
305
306
307
308
309
310
	unsigned char *ext_der = NULL;
	long ext_len = 0;
	ASN1_OBJECT *obj = NULL;
	ASN1_OCTET_STRING *oct = NULL;
	X509_EXTENSION *extension = NULL;

	if (!(obj = OBJ_txt2obj(ext, 0))) {

		X509V3error(X509V3_R_EXTENSION_NAME_ERROR);
		ERR_asprintf_error_data("name=%s", ext);
		goto err;
	}

	if (gen_type == 1)
		ext_der = string_to_hex(value, &ext_len);
	else if (gen_type == 2)
		ext_der = generic_asn1(value, ctx, &ext_len);
	else {
		ERR_asprintf_error_data("Unexpected generic extension type %d", gen_type);
		goto err;
	}

	if (ext_der == NULL) {

		X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
		ERR_asprintf_error_data("value=%s", value);
		goto err;
	}

	if (!(oct = ASN1_OCTET_STRING_new())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	oct->data = ext_der;
	oct->length = ext_len;
	ext_der = NULL;

410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438

/* Config database functions */

char *
X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
{
	if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
		X509V3err(X509V3_F_X509V3_GET_STRING,
		    X509V3_R_OPERATION_NOT_DEFINED);
		return NULL;
	}
	if (ctx->db_meth->get_string)
		return ctx->db_meth->get_string(ctx->db, name, section);
	return NULL;
}

STACK_OF(CONF_VALUE) *
X509V3_get_section(X509V3_CTX *ctx, char *section)
{
	if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
		X509V3err(X509V3_F_X509V3_GET_SECTION,
		    X509V3_R_OPERATION_NOT_DEFINED);
		return NULL;
	}
	if (ctx->db_meth->get_section)
		return ctx->db_meth->get_section(ctx->db, section);
	return NULL;
}








<
|











<
|







403
404
405
406
407
408
409

410
411
412
413
414
415
416
417
418
419
420
421

422
423
424
425
426
427
428
429

/* Config database functions */

char *
X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
{
	if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {

		X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
		return NULL;
	}
	if (ctx->db_meth->get_string)
		return ctx->db_meth->get_string(ctx->db, name, section);
	return NULL;
}

STACK_OF(CONF_VALUE) *
X509V3_get_section(X509V3_CTX *ctx, char *section)
{
	if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {

		X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
		return NULL;
	}
	if (ctx->db_meth->get_section)
		return ctx->db_meth->get_section(ctx->db, section);
	return NULL;
}

Changes to jni/libressl/crypto/x509v3/v3_cpols.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_cpols.c,v 1.22 2015/07/29 16:13:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_cpols.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *unot, int ia5org);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

const X509V3_EXT_METHOD v3_cpols = {
	.ext_nid = NID_certificate_policies,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(CERTIFICATEPOLICIES),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|







81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *unot, int ia5org);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

const X509V3_EXT_METHOD v3_cpols = {
	.ext_nid = NID_certificate_policies,
	.ext_flags = 0,
	.it = &CERTIFICATEPOLICIES_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
	ASN1_OBJECT *pobj;
	STACK_OF(CONF_VALUE) *vals;
	CONF_VALUE *cnf;
	int i, ia5org;

	pols = sk_POLICYINFO_new_null();
	if (pols == NULL) {
		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	vals = X509V3_parse_list(value);
	if (vals == NULL) {
		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
		goto err;
	}
	ia5org = 0;
	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
		cnf = sk_CONF_VALUE_value(vals, i);
		if (cnf->value || !cnf->name) {
			X509V3err(X509V3_F_R2I_CERTPOL,
			    X509V3_R_INVALID_POLICY_IDENTIFIER);
			X509V3_conf_err(cnf);
			goto err;
		}
		pstr = cnf->name;
		if (!strcmp(pstr, "ia5org")) {
			ia5org = 1;
			continue;
		} else if (*pstr == '@') {
			STACK_OF(CONF_VALUE) *polsect;
			polsect = X509V3_get_section(ctx, pstr + 1);
			if (!polsect) {
				X509V3err(X509V3_F_R2I_CERTPOL,
				    X509V3_R_INVALID_SECTION);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol = policy_section(ctx, polsect, ia5org);
			X509V3_section_free(ctx, polsect);
			if (!pol)
				goto err;
		} else {
			if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
				X509V3err(X509V3_F_R2I_CERTPOL,
				    X509V3_R_INVALID_OBJECT_IDENTIFIER);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol = POLICYINFO_new();
			pol->policyid = pobj;
		}
		if (!sk_POLICYINFO_push(pols, pol)){
			POLICYINFO_free(pol);
			X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
	return pols;

err:







|




|






<
|











<
|









<
|








|







408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426

427
428
429
430
431
432
433
434
435
436
437
438

439
440
441
442
443
444
445
446
447
448

449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
	ASN1_OBJECT *pobj;
	STACK_OF(CONF_VALUE) *vals;
	CONF_VALUE *cnf;
	int i, ia5org;

	pols = sk_POLICYINFO_new_null();
	if (pols == NULL) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	vals = X509V3_parse_list(value);
	if (vals == NULL) {
		X509V3error(ERR_R_X509V3_LIB);
		goto err;
	}
	ia5org = 0;
	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
		cnf = sk_CONF_VALUE_value(vals, i);
		if (cnf->value || !cnf->name) {

			X509V3error(X509V3_R_INVALID_POLICY_IDENTIFIER);
			X509V3_conf_err(cnf);
			goto err;
		}
		pstr = cnf->name;
		if (!strcmp(pstr, "ia5org")) {
			ia5org = 1;
			continue;
		} else if (*pstr == '@') {
			STACK_OF(CONF_VALUE) *polsect;
			polsect = X509V3_get_section(ctx, pstr + 1);
			if (!polsect) {

				X509V3error(X509V3_R_INVALID_SECTION);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol = policy_section(ctx, polsect, ia5org);
			X509V3_section_free(ctx, polsect);
			if (!pol)
				goto err;
		} else {
			if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {

				X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol = POLICYINFO_new();
			pol->policyid = pobj;
		}
		if (!sk_POLICYINFO_push(pols, pol)){
			POLICYINFO_free(pol);
			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
	return pols;

err:
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
		goto merr;
	for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
		cnf = sk_CONF_VALUE_value(polstrs, i);
		if (strcmp(cnf->name, "policyIdentifier") == 0) {
			ASN1_OBJECT *pobj;

			if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
				X509V3err(X509V3_F_POLICY_SECTION,
				    X509V3_R_INVALID_OBJECT_IDENTIFIER);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol->policyid = pobj;
		} else if (name_cmp(cnf->name, "CPS") == 0) {
			if ((nqual = POLICYQUALINFO_new()) == NULL)
				goto merr;







<
|







480
481
482
483
484
485
486

487
488
489
490
491
492
493
494
		goto merr;
	for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
		cnf = sk_CONF_VALUE_value(polstrs, i);
		if (strcmp(cnf->name, "policyIdentifier") == 0) {
			ASN1_OBJECT *pobj;

			if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {

				X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol->policyid = pobj;
		} else if (name_cmp(cnf->name, "CPS") == 0) {
			if ((nqual = POLICYQUALINFO_new()) == NULL)
				goto merr;
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
				goto merr;
			nqual = NULL;
		} else if (name_cmp(cnf->name, "userNotice") == 0) {
			STACK_OF(CONF_VALUE) *unot;
			POLICYQUALINFO *qual;

			if (*cnf->value != '@') {
				X509V3err(X509V3_F_POLICY_SECTION,
				    X509V3_R_EXPECTED_A_SECTION_NAME);
				X509V3_conf_err(cnf);
				goto err;
			}
			unot = X509V3_get_section(ctx, cnf->value + 1);
			if (unot == NULL) {
				X509V3err(X509V3_F_POLICY_SECTION,
				    X509V3_R_INVALID_SECTION);
				X509V3_conf_err(cnf);
				goto err;
			}
			qual = notice_section(ctx, unot, ia5org);
			X509V3_section_free(ctx, unot);
			if (qual == NULL)
				goto err;

			if (pol->qualifiers == NULL) {
				pol->qualifiers = sk_POLICYQUALINFO_new_null();
				if (pol->qualifiers == NULL)
					goto merr;
			}
			if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0)
				goto merr;
		} else {
			X509V3err(X509V3_F_POLICY_SECTION,
			    X509V3_R_INVALID_OPTION);
			X509V3_conf_err(cnf);
			goto err;
		}
	}
	if (pol->policyid == NULL) {
		X509V3err(X509V3_F_POLICY_SECTION,
		    X509V3_R_NO_POLICY_IDENTIFIER);
		goto err;
	}

	return pol;

merr:
	X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);

err:
	POLICYQUALINFO_free(nqual);
	POLICYINFO_free(pol);
	return NULL;
}








<
|





<
|
















<
|





<
|






|







509
510
511
512
513
514
515

516
517
518
519
520
521

522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538

539
540
541
542
543
544

545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
				goto merr;
			nqual = NULL;
		} else if (name_cmp(cnf->name, "userNotice") == 0) {
			STACK_OF(CONF_VALUE) *unot;
			POLICYQUALINFO *qual;

			if (*cnf->value != '@') {

				X509V3error(X509V3_R_EXPECTED_A_SECTION_NAME);
				X509V3_conf_err(cnf);
				goto err;
			}
			unot = X509V3_get_section(ctx, cnf->value + 1);
			if (unot == NULL) {

				X509V3error(X509V3_R_INVALID_SECTION);
				X509V3_conf_err(cnf);
				goto err;
			}
			qual = notice_section(ctx, unot, ia5org);
			X509V3_section_free(ctx, unot);
			if (qual == NULL)
				goto err;

			if (pol->qualifiers == NULL) {
				pol->qualifiers = sk_POLICYQUALINFO_new_null();
				if (pol->qualifiers == NULL)
					goto merr;
			}
			if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0)
				goto merr;
		} else {

			X509V3error(X509V3_R_INVALID_OPTION);
			X509V3_conf_err(cnf);
			goto err;
		}
	}
	if (pol->policyid == NULL) {

		X509V3error(X509V3_R_NO_POLICY_IDENTIFIER);
		goto err;
	}

	return pol;

merr:
	X509V3error(ERR_R_MALLOC_FAILURE);

err:
	POLICYQUALINFO_free(nqual);
	POLICYINFO_free(pol);
	return NULL;
}

612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
				if (!(nref = NOTICEREF_new()))
					goto merr;
				not->noticeref = nref;
			} else
				nref = not->noticeref;
			nos = X509V3_parse_list(cnf->value);
			if (!nos || !sk_CONF_VALUE_num(nos)) {
				X509V3err(X509V3_F_NOTICE_SECTION,
				    X509V3_R_INVALID_NUMBERS);
				X509V3_conf_err(cnf);
				if (nos != NULL)
					sk_CONF_VALUE_pop_free(nos,
					    X509V3_conf_free);
				goto err;
			}
			ret = nref_nos(nref->noticenos, nos);
			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
			if (!ret)
				goto err;
		} else {
			X509V3err(X509V3_F_NOTICE_SECTION,
			    X509V3_R_INVALID_OPTION);
			X509V3_conf_err(cnf);
			goto err;
		}
	}

	if (not->noticeref &&
	    (!not->noticeref->noticenos || !not->noticeref->organization)) {
		X509V3err(X509V3_F_NOTICE_SECTION,
		    X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
		goto err;
	}

	return qual;

merr:
	X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);

err:
	POLICYQUALINFO_free(qual);
	return NULL;
}

static int
nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
{
	CONF_VALUE *cnf;
	ASN1_INTEGER *aint;
	int i;

	for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
		cnf = sk_CONF_VALUE_value(nos, i);
		if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
			X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
			goto err;
		}
		if (!sk_ASN1_INTEGER_push(nnums, aint))
			goto merr;
	}
	return 1;

merr:
	X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);

err:
	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
	return 0;
}

static int







<
|











<
|







<
|






|
















|








|







604
605
606
607
608
609
610

611
612
613
614
615
616
617
618
619
620
621
622

623
624
625
626
627
628
629
630

631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
				if (!(nref = NOTICEREF_new()))
					goto merr;
				not->noticeref = nref;
			} else
				nref = not->noticeref;
			nos = X509V3_parse_list(cnf->value);
			if (!nos || !sk_CONF_VALUE_num(nos)) {

				X509V3error(X509V3_R_INVALID_NUMBERS);
				X509V3_conf_err(cnf);
				if (nos != NULL)
					sk_CONF_VALUE_pop_free(nos,
					    X509V3_conf_free);
				goto err;
			}
			ret = nref_nos(nref->noticenos, nos);
			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
			if (!ret)
				goto err;
		} else {

			X509V3error(X509V3_R_INVALID_OPTION);
			X509V3_conf_err(cnf);
			goto err;
		}
	}

	if (not->noticeref &&
	    (!not->noticeref->noticenos || !not->noticeref->organization)) {

		X509V3error(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
		goto err;
	}

	return qual;

merr:
	X509V3error(ERR_R_MALLOC_FAILURE);

err:
	POLICYQUALINFO_free(qual);
	return NULL;
}

static int
nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
{
	CONF_VALUE *cnf;
	ASN1_INTEGER *aint;
	int i;

	for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
		cnf = sk_CONF_VALUE_value(nos, i);
		if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
			X509V3error(X509V3_R_INVALID_NUMBER);
			goto err;
		}
		if (!sk_ASN1_INTEGER_push(nnums, aint))
			goto merr;
	}
	return 1;

merr:
	X509V3error(ERR_R_MALLOC_FAILURE);

err:
	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
	return 0;
}

static int
Changes to jni/libressl/crypto/x509v3/v3_crld.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_crld.c,v 1.18 2015/07/25 16:14:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_crld.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
    int indent);

const X509V3_EXT_METHOD v3_crld = {
	.ext_nid = NID_crl_distribution_points,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(CRL_DIST_POINTS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = v2i_crld,
	.i2r = i2r_crldp,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_freshest_crl = {
	.ext_nid = NID_freshest_crl,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(CRL_DIST_POINTS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|
















|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
    int indent);

const X509V3_EXT_METHOD v3_crld = {
	.ext_nid = NID_crl_distribution_points,
	.ext_flags = 0,
	.it = &CRL_DIST_POINTS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = v2i_crld,
	.i2r = i2r_crldp,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_freshest_crl = {
	.ext_nid = NID_freshest_crl,
	.ext_flags = 0,
	.it = &CRL_DIST_POINTS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
	STACK_OF(GENERAL_NAME) *gens;

	if (*sect == '@')
		gnsect = X509V3_get_section(ctx, sect + 1);
	else
		gnsect = X509V3_parse_list(sect);
	if (!gnsect) {
		X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
		    X509V3_R_SECTION_NOT_FOUND);
		return NULL;
	}
	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
	if (*sect == '@')
		X509V3_section_free(ctx, gnsect);
	else
		sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);







<
|







111
112
113
114
115
116
117

118
119
120
121
122
123
124
125
	STACK_OF(GENERAL_NAME) *gens;

	if (*sect == '@')
		gnsect = X509V3_get_section(ctx, sect + 1);
	else
		gnsect = X509V3_parse_list(sect);
	if (!gnsect) {

		X509V3error(X509V3_R_SECTION_NOT_FOUND);
		return NULL;
	}
	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
	if (*sect == '@')
		X509V3_section_free(ctx, gnsect);
	else
		sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
		STACK_OF(CONF_VALUE) *dnsect;
		X509_NAME *nm;
		nm = X509_NAME_new();
		if (!nm)
			return -1;
		dnsect = X509V3_get_section(ctx, cnf->value);
		if (!dnsect) {
			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
			    X509V3_R_SECTION_NOT_FOUND);
			X509_NAME_free(nm);
			return -1;
		}
		ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
		X509V3_section_free(ctx, dnsect);
		rnm = nm->entries;
		nm->entries = NULL;
		X509_NAME_free(nm);
		if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
			goto err;
		/* Since its a name fragment can't have more than one
		 * RDNSequence
		 */
		if (sk_X509_NAME_ENTRY_value(rnm,
		    sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
			    X509V3_R_INVALID_MULTIPLE_RDNS);
			goto err;
		}
	} else
		return 0;

	if (*pdp) {
		X509V3err(X509V3_F_SET_DIST_POINT_NAME,
		    X509V3_R_DISTPOINT_ALREADY_SET);
		goto err;
	}

	*pdp = DIST_POINT_NAME_new();
	if (!*pdp)
		goto err;
	if (fnm) {







<
|















<
|






<
|







141
142
143
144
145
146
147

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
		STACK_OF(CONF_VALUE) *dnsect;
		X509_NAME *nm;
		nm = X509_NAME_new();
		if (!nm)
			return -1;
		dnsect = X509V3_get_section(ctx, cnf->value);
		if (!dnsect) {

			X509V3error(X509V3_R_SECTION_NOT_FOUND);
			X509_NAME_free(nm);
			return -1;
		}
		ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
		X509V3_section_free(ctx, dnsect);
		rnm = nm->entries;
		nm->entries = NULL;
		X509_NAME_free(nm);
		if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
			goto err;
		/* Since its a name fragment can't have more than one
		 * RDNSequence
		 */
		if (sk_X509_NAME_ENTRY_value(rnm,
		    sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {

			X509V3error(X509V3_R_INVALID_MULTIPLE_RDNS);
			goto err;
		}
	} else
		return 0;

	if (*pdp) {

		X509V3error(X509V3_R_DISTPOINT_ALREADY_SET);
		goto err;
	}

	*pdp = DIST_POINT_NAME_new();
	if (!*pdp)
		goto err;
	if (fnm) {
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
			point->distpoint->type = 0;
			gens = NULL;
		}
	}
	return crld;

merr:
	X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
err:
	GENERAL_NAME_free(gen);
	GENERAL_NAMES_free(gens);
	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
	return NULL;
}








|







353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
			point->distpoint->type = 0;
			gens = NULL;
		}
	}
	return crld;

merr:
	X509V3error(ERR_R_MALLOC_FAILURE);
err:
	GENERAL_NAME_free(gen);
	GENERAL_NAMES_free(gens);
	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
	return NULL;
}

638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
    int indent);
static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *nval);

const X509V3_EXT_METHOD v3_idp = {
	NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
	ASN1_ITEM_ref(ISSUING_DIST_POINT),
	0, 0, 0, 0,
	0, 0,
	0,
	v2i_idp,
	i2r_idp, 0,
	NULL
};







|







634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
    int indent);
static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *nval);

const X509V3_EXT_METHOD v3_idp = {
	NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
	&ISSUING_DIST_POINT_it,
	0, 0, 0, 0,
	0, 0,
	0,
	v2i_idp,
	i2r_idp, 0,
	NULL
};
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
				goto err;
		}
		else if (!strcmp(name, "onlysomereasons")) {
			if (!set_reasons(&idp->onlysomereasons, val))
				goto err;
		} else {
			X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
			X509V3_conf_err(cnf);
			goto err;
		}
	}
	return idp;

merr:
	X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
err:
	ISSUING_DIST_POINT_free(idp);
	return NULL;
}

static int
print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)







|







|







684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
				goto err;
		}
		else if (!strcmp(name, "onlysomereasons")) {
			if (!set_reasons(&idp->onlysomereasons, val))
				goto err;
		} else {
			X509V3error(X509V3_R_INVALID_NAME);
			X509V3_conf_err(cnf);
			goto err;
		}
	}
	return idp;

merr:
	X509V3error(ERR_R_MALLOC_FAILURE);
err:
	ISSUING_DIST_POINT_free(idp);
	return NULL;
}

static int
print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
Changes to jni/libressl/crypto/x509v3/v3_enum.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_enum.c,v 1.10 2014/07/13 16:03:10 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_enum.c,v 1.12 2016/12/30 15:54:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
	{CRL_REASON_AA_COMPROMISE,	 "AA Compromise", "AACompromise"},
	{-1, NULL, NULL}
};

const X509V3_EXT_METHOD v3_crl_reason = {
	.ext_nid = NID_crl_reason,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_ENUMERATED),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
	.s2i = NULL,
	.i2v = NULL,







|







74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
	{CRL_REASON_AA_COMPROMISE,	 "AA Compromise", "AACompromise"},
	{-1, NULL, NULL}
};

const X509V3_EXT_METHOD v3_crl_reason = {
	.ext_nid = NID_crl_reason,
	.ext_flags = 0,
	.it = &ASN1_ENUMERATED_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
	.s2i = NULL,
	.i2v = NULL,
Changes to jni/libressl/crypto/x509v3/v3_extku.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_extku.c,v 1.12 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_extku.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
    const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist);

const X509V3_EXT_METHOD v3_ext_ku = {
	.ext_nid = NID_ext_key_usage,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_EXTENDED_KEY_USAGE,
	.v2i = v2i_EXTENDED_KEY_USAGE,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
const X509V3_EXT_METHOD v3_ocsp_accresp = {
	.ext_nid = NID_id_pkix_OCSP_acceptableResponses,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_EXTENDED_KEY_USAGE,







|

















|







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
    const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist);

const X509V3_EXT_METHOD v3_ext_ku = {
	.ext_nid = NID_ext_key_usage,
	.ext_flags = 0,
	.it = &EXTENDED_KEY_USAGE_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_EXTENDED_KEY_USAGE,
	.v2i = v2i_EXTENDED_KEY_USAGE,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
const X509V3_EXT_METHOD v3_ocsp_accresp = {
	.ext_nid = NID_id_pkix_OCSP_acceptableResponses,
	.ext_flags = 0,
	.it = &EXTENDED_KEY_USAGE_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_EXTENDED_KEY_USAGE,
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
	EXTENDED_KEY_USAGE *extku;
	char *extval;
	ASN1_OBJECT *objtmp;
	CONF_VALUE *val;
	int i;

	if (!(extku = sk_ASN1_OBJECT_new_null())) {
		X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
		    ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		val = sk_CONF_VALUE_value(nval, i);
		if (val->value)
			extval = val->value;
		else
			extval = val->name;
		if (!(objtmp = OBJ_txt2obj(extval, 0))) {
			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
			X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
			    X509V3_R_INVALID_OBJECT_IDENTIFIER);
			X509V3_conf_err(val);
			return NULL;
		}
		if (sk_ASN1_OBJECT_push(extku, objtmp) == 0) {
			ASN1_OBJECT_free(objtmp);
			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
			X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
			    ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	}
	return extku;
}







<
|











<
|






<
|





171
172
173
174
175
176
177

178
179
180
181
182
183
184
185
186
187
188
189

190
191
192
193
194
195
196

197
198
199
200
201
202
	EXTENDED_KEY_USAGE *extku;
	char *extval;
	ASN1_OBJECT *objtmp;
	CONF_VALUE *val;
	int i;

	if (!(extku = sk_ASN1_OBJECT_new_null())) {

		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		val = sk_CONF_VALUE_value(nval, i);
		if (val->value)
			extval = val->value;
		else
			extval = val->name;
		if (!(objtmp = OBJ_txt2obj(extval, 0))) {
			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);

			X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
			X509V3_conf_err(val);
			return NULL;
		}
		if (sk_ASN1_OBJECT_push(extku, objtmp) == 0) {
			ASN1_OBJECT_free(objtmp);
			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);

			X509V3error(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
	}
	return extku;
}
Changes to jni/libressl/crypto/x509v3/v3_genn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_genn.c,v 1.11 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_genn.c,v 1.12 2015/09/26 17:38:41 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/crypto/x509v3/v3_ia5.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_ia5.c,v 1.14 2015/07/29 16:13:48 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_ia5.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
	{
		.ext_nid = NID_netscape_base_url,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_revocation_url,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_ca_revocation_url,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_renewal_url,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_ca_policy_url,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_ssl_server_name,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_comment,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,







|















|















|















|















|















|















|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
	{
		.ext_nid = NID_netscape_base_url,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_revocation_url,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_ca_revocation_url,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_renewal_url,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_ca_policy_url,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_ssl_server_name,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_comment,
		.ext_flags = 0,
		.it = &ASN1_IA5STRING_it,
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
{
	char *tmp;

	if (!ia5 || !ia5->length)
		return NULL;
	if (!(tmp = malloc(ia5->length + 1))) {
		X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	memcpy(tmp, ia5->data, ia5->length);
	tmp[ia5->length] = 0;
	return tmp;
}

static ASN1_IA5STRING *
s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
{
	ASN1_IA5STRING *ia5;
	if (!str) {
		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
		    X509V3_R_INVALID_NULL_ARGUMENT);
		return NULL;
	}
	if (!(ia5 = ASN1_IA5STRING_new()))
		goto err;
	if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
	    strlen(str))) {
		ASN1_IA5STRING_free(ia5);
		goto err;
	}
	return ia5;

err:
	X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
	return NULL;
}







|












<
|












|


203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
{
	char *tmp;

	if (!ia5 || !ia5->length)
		return NULL;
	if (!(tmp = malloc(ia5->length + 1))) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	memcpy(tmp, ia5->data, ia5->length);
	tmp[ia5->length] = 0;
	return tmp;
}

static ASN1_IA5STRING *
s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
{
	ASN1_IA5STRING *ia5;
	if (!str) {

		X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
		return NULL;
	}
	if (!(ia5 = ASN1_IA5STRING_new()))
		goto err;
	if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
	    strlen(str))) {
		ASN1_IA5STRING_free(ia5);
		goto err;
	}
	return ia5;

err:
	X509V3error(ERR_R_MALLOC_FAILURE);
	return NULL;
}
Changes to jni/libressl/crypto/x509v3/v3_info.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_info.c,v 1.22 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_info.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
    STACK_OF(CONF_VALUE) *ret);
static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
    X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

const X509V3_EXT_METHOD v3_info = {
	.ext_nid = NID_info_access,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
	.v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_sinfo = {
	.ext_nid = NID_sinfo_access,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,







|
















|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
    STACK_OF(CONF_VALUE) *ret);
static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
    X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

const X509V3_EXT_METHOD v3_info = {
	.ext_nid = NID_info_access,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = &AUTHORITY_INFO_ACCESS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
	.v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_sinfo = {
	.ext_nid = NID_sinfo_access,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = &AUTHORITY_INFO_ACCESS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
		if (!ret)
			break;
		vtmp = sk_CONF_VALUE_value(ret, i);
		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
		nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
		ntmp = malloc(nlen);
		if (!ntmp) {
			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
			    ERR_R_MALLOC_FAILURE);
			return NULL;
		}
		strlcpy(ntmp, objtmp, nlen);
		strlcat(ntmp, " - ", nlen);
		strlcat(ntmp, vtmp->name, nlen);
		free(vtmp->name);
		vtmp->name = ntmp;







<
|







217
218
219
220
221
222
223

224
225
226
227
228
229
230
231
		if (!ret)
			break;
		vtmp = sk_CONF_VALUE_value(ret, i);
		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
		nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
		ntmp = malloc(nlen);
		if (!ntmp) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			return NULL;
		}
		strlcpy(ntmp, objtmp, nlen);
		strlcat(ntmp, " - ", nlen);
		strlcat(ntmp, vtmp->name, nlen);
		free(vtmp->name);
		vtmp->name = ntmp;
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
	AUTHORITY_INFO_ACCESS *ainfo = NULL;
	CONF_VALUE *cnf, ctmp;
	ACCESS_DESCRIPTION *acc;
	int i, objlen;
	char *objtmp, *ptmp;

	if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
		X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
		    ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) {
			ACCESS_DESCRIPTION_free(acc);
			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ptmp = strchr(cnf->name, ';');
		if (!ptmp) {
			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
			    X509V3_R_INVALID_SYNTAX);
			goto err;
		}
		objlen = ptmp - cnf->name;
		ctmp.name = ptmp + 1;
		ctmp.value = cnf->value;
		if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
			goto err;
		if (!(objtmp = malloc(objlen + 1))) {
			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		strlcpy(objtmp, cnf->name, objlen + 1);
		acc->method = OBJ_txt2obj(objtmp, 0);
		if (!acc->method) {
			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
			    X509V3_R_BAD_OBJECT);
			ERR_asprintf_error_data("value=%s", objtmp);
			free(objtmp);
			goto err;
		}
		free(objtmp);
	}
	return ainfo;







<
|





<
|




<
|




<
|








<
|





<
|







243
244
245
246
247
248
249

250
251
252
253
254
255

256
257
258
259
260

261
262
263
264
265

266
267
268
269
270
271
272
273
274

275
276
277
278
279
280

281
282
283
284
285
286
287
288
	AUTHORITY_INFO_ACCESS *ainfo = NULL;
	CONF_VALUE *cnf, ctmp;
	ACCESS_DESCRIPTION *acc;
	int i, objlen;
	char *objtmp, *ptmp;

	if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {

		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		cnf = sk_CONF_VALUE_value(nval, i);
		if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) {
			ACCESS_DESCRIPTION_free(acc);

			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ptmp = strchr(cnf->name, ';');
		if (!ptmp) {

			X509V3error(X509V3_R_INVALID_SYNTAX);
			goto err;
		}
		objlen = ptmp - cnf->name;
		ctmp.name = ptmp + 1;
		ctmp.value = cnf->value;
		if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
			goto err;
		if (!(objtmp = malloc(objlen + 1))) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			goto err;
		}
		strlcpy(objtmp, cnf->name, objlen + 1);
		acc->method = OBJ_txt2obj(objtmp, 0);
		if (!acc->method) {

			X509V3error(X509V3_R_BAD_OBJECT);
			ERR_asprintf_error_data("value=%s", objtmp);
			free(objtmp);
			goto err;
		}
		free(objtmp);
	}
	return ainfo;
Changes to jni/libressl/crypto/x509v3/v3_int.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_int.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_int.c,v 1.11 2016/12/30 15:54:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#include <stdio.h>

#include <openssl/x509v3.h>

const X509V3_EXT_METHOD v3_crl_num = {
	.ext_nid = NID_crl_number,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_INTEGER),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_delta_crl = {
	.ext_nid = NID_delta_crl,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_INTEGER),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

static void *
s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
{
	return s2i_ASN1_INTEGER(meth, value);
}

const X509V3_EXT_METHOD v3_inhibit_anyp = {
	NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
	0, 0, 0, 0,
	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	(X509V3_EXT_S2I)s2i_asn1_int,
	0, 0, 0, 0,
	NULL
};







|
















|




















|






59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#include <stdio.h>

#include <openssl/x509v3.h>

const X509V3_EXT_METHOD v3_crl_num = {
	.ext_nid = NID_crl_number,
	.ext_flags = 0,
	.it = &ASN1_INTEGER_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_delta_crl = {
	.ext_nid = NID_delta_crl,
	.ext_flags = 0,
	.it = &ASN1_INTEGER_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = NULL,
	.r2i = NULL,
	.usr_data = NULL,
};

static void *
s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
{
	return s2i_ASN1_INTEGER(meth, value);
}

const X509V3_EXT_METHOD v3_inhibit_anyp = {
	NID_inhibit_any_policy, 0, &ASN1_INTEGER_it,
	0, 0, 0, 0,
	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	(X509V3_EXT_S2I)s2i_asn1_int,
	0, 0, 0, 0,
	NULL
};
Changes to jni/libressl/crypto/x509v3/v3_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_lib.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_lib.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93





94

95
96



97





98
99
100
101
102
103
104
    const X509V3_EXT_METHOD * const *b);
static void ext_list_free(X509V3_EXT_METHOD *ext);

int
X509V3_EXT_add(X509V3_EXT_METHOD *ext)
{
	if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
		X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
		X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}

static int
ext_cmp(const X509V3_EXT_METHOD * const *a, const X509V3_EXT_METHOD * const *b)
{
	return ((*a)->ext_nid - (*b)->ext_nid);
}






DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,

    const X509V3_EXT_METHOD *, ext);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,



    const X509V3_EXT_METHOD *, ext);






const X509V3_EXT_METHOD *
X509V3_EXT_get_nid(int nid)
{
	X509V3_EXT_METHOD tmp;
	const X509V3_EXT_METHOD *t = &tmp, * const *ret;
	int idx;







|



|











>
>
>
>
>
|
>
|
|
>
>
>
|
>
>
>
>
>







71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
    const X509V3_EXT_METHOD * const *b);
static void ext_list_free(X509V3_EXT_METHOD *ext);

int
X509V3_EXT_add(X509V3_EXT_METHOD *ext)
{
	if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	return 1;
}

static int
ext_cmp(const X509V3_EXT_METHOD * const *a, const X509V3_EXT_METHOD * const *b)
{
	return ((*a)->ext_nid - (*b)->ext_nid);
}

static int ext_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int ext_cmp(const X509V3_EXT_METHOD * const *, const X509V3_EXT_METHOD * const *);
static const X509V3_EXT_METHOD * *OBJ_bsearch_ext(const X509V3_EXT_METHOD * *key, const X509V3_EXT_METHOD * const *base, int num);

static int
ext_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	const X509V3_EXT_METHOD * const *a = a_;
	const X509V3_EXT_METHOD * const *b = b_;
	return ext_cmp(a, b);
}

static const X509V3_EXT_METHOD * *
OBJ_bsearch_ext(const X509V3_EXT_METHOD * *key, const X509V3_EXT_METHOD * const *base, int num)
{
	return (const X509V3_EXT_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const X509V3_EXT_METHOD *),
	    ext_cmp_BSEARCH_CMP_FN);
}

const X509V3_EXT_METHOD *
X509V3_EXT_get_nid(int nid)
{
	X509V3_EXT_METHOD tmp;
	const X509V3_EXT_METHOD *t = &tmp, * const *ret;
	int idx;
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
int
X509V3_EXT_add_alias(int nid_to, int nid_from)
{
	const X509V3_EXT_METHOD *ext;
	X509V3_EXT_METHOD *tmpext;

	if (!(ext = X509V3_EXT_get_nid(nid_from))) {
		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
		    X509V3_R_EXTENSION_NOT_FOUND);
		return 0;
	}
	if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) {
		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	*tmpext = *ext;
	tmpext->ext_nid = nid_to;
	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
	return X509V3_EXT_add(tmpext);
}







<
|



|







153
154
155
156
157
158
159

160
161
162
163
164
165
166
167
168
169
170
171
int
X509V3_EXT_add_alias(int nid_to, int nid_from)
{
	const X509V3_EXT_METHOD *ext;
	X509V3_EXT_METHOD *tmpext;

	if (!(ext = X509V3_EXT_get_nid(nid_from))) {

		X509V3error(X509V3_R_EXTENSION_NOT_FOUND);
		return 0;
	}
	if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return 0;
	}
	*tmpext = *ext;
	tmpext->ext_nid = nid_to;
	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
	return X509V3_EXT_add(tmpext);
}
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
	const unsigned char *p;

	if (!(method = X509V3_EXT_get(ext)))
		return NULL;
	p = ext->value->data;
	if (method->it)
		return ASN1_item_d2i(NULL, &p, ext->value->length,
		    ASN1_ITEM_ptr(method->it));
	return method->d2i(NULL, &p, ext->value->length);
}

/* Get critical flag and decoded version of extension from a NID.
 * The "idx" variable returns the last found extension and can
 * be used to retrieve multiple extensions of the same NID.
 * However multiple extensions with the same NID is usually







|







203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
	const unsigned char *p;

	if (!(method = X509V3_EXT_get(ext)))
		return NULL;
	p = ext->value->data;
	if (method->it)
		return ASN1_item_d2i(NULL, &p, ext->value->length,
		    method->it);
	return method->d2i(NULL, &p, ext->value->length);
}

/* Get critical flag and decoded version of extension from a NID.
 * The "idx" variable returns the last found extension and can
 * be used to retrieve multiple extensions of the same NID.
 * However multiple extensions with the same NID is usually
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
	/* If we get this far then we have to create an extension:
	 * could have some flags for alternative encoding schemes...
	 */

	ext = X509V3_EXT_i2d(nid, crit, value);

	if (!ext) {
		X509V3err(X509V3_F_X509V3_ADD1_I2D,
		    X509V3_R_ERROR_CREATING_EXTENSION);
		return 0;
	}

	/* If extension exists replace it.. */
	if (extidx >= 0) {
		extmp = sk_X509_EXTENSION_value(*x, extidx);
		X509_EXTENSION_free(extmp);







<
|







326
327
328
329
330
331
332

333
334
335
336
337
338
339
340
	/* If we get this far then we have to create an extension:
	 * could have some flags for alternative encoding schemes...
	 */

	ext = X509V3_EXT_i2d(nid, crit, value);

	if (!ext) {

		X509V3error(X509V3_R_ERROR_CREATING_EXTENSION);
		return 0;
	}

	/* If extension exists replace it.. */
	if (extidx >= 0) {
		extmp = sk_X509_EXTENSION_value(*x, extidx);
		X509_EXTENSION_free(extmp);
336
337
338
339
340
341
342
343
344
345
	if (!sk_X509_EXTENSION_push(*x, ext))
		return -1;

	return 1;

err:
	if (!(flags & X509V3_ADD_SILENT))
		X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
	return 0;
}







|


348
349
350
351
352
353
354
355
356
357
	if (!sk_X509_EXTENSION_push(*x, ext))
		return -1;

	return 1;

err:
	if (!(flags & X509V3_ADD_SILENT))
		X509V3error(errcode);
	return 0;
}
Changes to jni/libressl/crypto/x509v3/v3_ncons.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_ncons.c,v 1.8 2015/07/25 16:14:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_ncons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);

const X509V3_EXT_METHOD v3_name_constraints = {
	.ext_nid = NID_name_constraints,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(NAME_CONSTRAINTS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|







78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);

const X509V3_EXT_METHOD v3_name_constraints = {
	.ext_nid = NID_name_constraints,
	.ext_flags = 0,
	.it = &NAME_CONSTRAINTS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
		if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
			ptree = &ncons->permittedSubtrees;
			tval.name = val->name + 10;
		} else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
			ptree = &ncons->excludedSubtrees;
			tval.name = val->name + 9;
		} else {
			X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS,
			    X509V3_R_INVALID_SYNTAX);
			goto err;
		}
		tval.value = val->value;
		sub = GENERAL_SUBTREE_new();
		if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
			goto err;
		if (!*ptree)
			*ptree = sk_GENERAL_SUBTREE_new_null();
		if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
			goto memerr;
		sub = NULL;
	}

	return ncons;

memerr:
	X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
err:
	if (ncons)
		NAME_CONSTRAINTS_free(ncons);
	if (sub)
		GENERAL_SUBTREE_free(sub);

	return NULL;







<
|
















|







200
201
202
203
204
205
206

207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
		if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
			ptree = &ncons->permittedSubtrees;
			tval.name = val->name + 10;
		} else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
			ptree = &ncons->excludedSubtrees;
			tval.name = val->name + 9;
		} else {

			X509V3error(X509V3_R_INVALID_SYNTAX);
			goto err;
		}
		tval.value = val->value;
		sub = GENERAL_SUBTREE_new();
		if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
			goto err;
		if (!*ptree)
			*ptree = sk_GENERAL_SUBTREE_new_null();
		if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
			goto memerr;
		sub = NULL;
	}

	return ncons;

memerr:
	X509V3error(ERR_R_MALLOC_FAILURE);
err:
	if (ncons)
		NAME_CONSTRAINTS_free(ncons);
	if (sub)
		GENERAL_SUBTREE_free(sub);

	return NULL;
Changes to jni/libressl/crypto/x509v3/v3_ocsp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_ocsp.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_ocsp.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
    const char *str);
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
    BIO *bp, int ind);

const X509V3_EXT_METHOD v3_ocsp_crlid = {
	.ext_nid = NID_id_pkix_OCSP_CrlID,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(OCSP_CRLID),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_crlid,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_ocsp_acutoff = {
	.ext_nid = NID_id_pkix_OCSP_archiveCutoff,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_acutoff,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_crl_invdate = {
	.ext_nid = NID_invalidity_date,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_acutoff,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_crl_hold = {
	.ext_nid = NID_hold_instruction_code,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_OBJECT),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|
















|
















|
















|







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
    const char *str);
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
    BIO *bp, int ind);

const X509V3_EXT_METHOD v3_ocsp_crlid = {
	.ext_nid = NID_id_pkix_OCSP_CrlID,
	.ext_flags = 0,
	.it = &OCSP_CRLID_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_crlid,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_ocsp_acutoff = {
	.ext_nid = NID_id_pkix_OCSP_archiveCutoff,
	.ext_flags = 0,
	.it = &ASN1_GENERALIZEDTIME_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_acutoff,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_crl_invdate = {
	.ext_nid = NID_invalidity_date,
	.ext_flags = 0,
	.it = &ASN1_GENERALIZEDTIME_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_acutoff,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_crl_hold = {
	.ext_nid = NID_hold_instruction_code,
	.ext_flags = 0,
	.it = &ASN1_OBJECT_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_ocsp_nocheck = {
	.ext_nid = NID_id_pkix_OCSP_noCheck,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_NULL),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = s2i_ocsp_nocheck,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_nocheck,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
	.ext_nid = NID_id_pkix_OCSP_serviceLocator,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(OCSP_SERVICELOC),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|
















|







177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_ocsp_nocheck = {
	.ext_nid = NID_id_pkix_OCSP_noCheck,
	.ext_flags = 0,
	.it = &ASN1_NULL_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = s2i_ocsp_nocheck,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = i2r_ocsp_nocheck,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
	.ext_nid = NID_id_pkix_OCSP_serviceLocator,
	.ext_flags = 0,
	.it = &OCSP_SERVICELOC_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
	if (pos != NULL)
		*pos = os;
	return os;

err:
	if (pos == NULL || *pos != os)
		ASN1_OCTET_STRING_free(os);
	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
	return NULL;
}

static void
ocsp_nonce_free(void *a)
{
	ASN1_OCTET_STRING_free(a);







|







309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
	if (pos != NULL)
		*pos = os;
	return os;

err:
	if (pos == NULL || *pos != os)
		ASN1_OCTET_STRING_free(os);
	OCSPerror(ERR_R_MALLOC_FAILURE);
	return NULL;
}

static void
ocsp_nonce_free(void *a)
{
	ASN1_OCTET_STRING_free(a);
Changes to jni/libressl/crypto/x509v3/v3_pci.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pci.c,v 1.9 2015/07/19 01:20:32 doug Exp $ */
/* Contributed to the OpenSSL Project 2004
 * by Richard Levitte (richard@levitte.org)
 */
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pci.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
/* Contributed to the OpenSSL Project 2004
 * by Richard Levitte (richard@levitte.org)
 */
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
    BIO *out, int indent);
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_pci = {
	.ext_nid = NID_proxyCertInfo,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|







45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
    BIO *out, int indent);
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_pci = {
	.ext_nid = NID_proxyCertInfo,
	.ext_flags = 0,
	.it = &PROXY_CERT_INFO_EXTENSION_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
    ASN1_INTEGER **pathlen, ASN1_OCTET_STRING **policy)
{
	int free_policy = 0;

	if (strcmp(val->name, "language") == 0) {
		if (*language) {
			X509V3err(X509V3_F_PROCESS_PCI_VALUE,
			    X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
			X509V3_conf_err(val);
			return 0;
		}
		if (!(*language = OBJ_txt2obj(val->value, 0))) {
			X509V3err(X509V3_F_PROCESS_PCI_VALUE,
			    X509V3_R_INVALID_OBJECT_IDENTIFIER);
			X509V3_conf_err(val);
			return 0;
		}
	}
	else if (strcmp(val->name, "pathlen") == 0) {
		if (*pathlen) {
			X509V3err(X509V3_F_PROCESS_PCI_VALUE,
			    X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
			X509V3_conf_err(val);
			return 0;
		}
		if (!X509V3_get_value_int(val, pathlen)) {
			X509V3err(X509V3_F_PROCESS_PCI_VALUE,
			    X509V3_R_POLICY_PATH_LENGTH);
			X509V3_conf_err(val);
			return 0;
		}
	}
	else if (strcmp(val->name, "policy") == 0) {
		unsigned char *tmp_data = NULL;
		long val_len;
		if (!*policy) {
			*policy = ASN1_OCTET_STRING_new();
			if (!*policy) {
				X509V3err(X509V3_F_PROCESS_PCI_VALUE,
				    ERR_R_MALLOC_FAILURE);
				X509V3_conf_err(val);
				return 0;
			}
			free_policy = 1;
		}
		if (strncmp(val->value, "hex:", 4) == 0) {
			unsigned char *tmp_data2 =
			    string_to_hex(val->value + 4, &val_len);

			if (!tmp_data2) {
				X509V3err(X509V3_F_PROCESS_PCI_VALUE,
				    X509V3_R_ILLEGAL_HEX_DIGIT);
				X509V3_conf_err(val);
				goto err;
			}

			tmp_data = realloc((*policy)->data,
			    (*policy)->length + val_len + 1);
			if (tmp_data) {
				(*policy)->data = tmp_data;
				memcpy(&(*policy)->data[(*policy)->length],
				    tmp_data2, val_len);
				(*policy)->length += val_len;
				(*policy)->data[(*policy)->length] = '\0';
			} else {
				free(tmp_data2);
				free((*policy)->data);
				(*policy)->data = NULL;
				(*policy)->length = 0;
				X509V3err(X509V3_F_PROCESS_PCI_VALUE,
				    ERR_R_MALLOC_FAILURE);
				X509V3_conf_err(val);
				goto err;
			}
			free(tmp_data2);
		}
		else if (strncmp(val->value, "file:", 5) == 0) {
			unsigned char buf[2048];
			int n;
			BIO *b = BIO_new_file(val->value + 5, "r");
			if (!b) {
				X509V3err(X509V3_F_PROCESS_PCI_VALUE,
				    ERR_R_BIO_LIB);
				X509V3_conf_err(val);
				goto err;
			}
			while ((n = BIO_read(b, buf, sizeof(buf))) > 0 ||
			    (n == 0 && BIO_should_retry(b))) {
				if (!n)
					continue;







<
|




<
|






<
|




<
|










<
|










<
|

















<
|










<
|







86
87
88
89
90
91
92

93
94
95
96
97

98
99
100
101
102
103
104

105
106
107
108
109

110
111
112
113
114
115
116
117
118
119
120

121
122
123
124
125
126
127
128
129
130
131

132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

150
151
152
153
154
155
156
157
158
159
160

161
162
163
164
165
166
167
168
process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
    ASN1_INTEGER **pathlen, ASN1_OCTET_STRING **policy)
{
	int free_policy = 0;

	if (strcmp(val->name, "language") == 0) {
		if (*language) {

			X509V3error(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
			X509V3_conf_err(val);
			return 0;
		}
		if (!(*language = OBJ_txt2obj(val->value, 0))) {

			X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
			X509V3_conf_err(val);
			return 0;
		}
	}
	else if (strcmp(val->name, "pathlen") == 0) {
		if (*pathlen) {

			X509V3error(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
			X509V3_conf_err(val);
			return 0;
		}
		if (!X509V3_get_value_int(val, pathlen)) {

			X509V3error(X509V3_R_POLICY_PATH_LENGTH);
			X509V3_conf_err(val);
			return 0;
		}
	}
	else if (strcmp(val->name, "policy") == 0) {
		unsigned char *tmp_data = NULL;
		long val_len;
		if (!*policy) {
			*policy = ASN1_OCTET_STRING_new();
			if (!*policy) {

				X509V3error(ERR_R_MALLOC_FAILURE);
				X509V3_conf_err(val);
				return 0;
			}
			free_policy = 1;
		}
		if (strncmp(val->value, "hex:", 4) == 0) {
			unsigned char *tmp_data2 =
			    string_to_hex(val->value + 4, &val_len);

			if (!tmp_data2) {

				X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);
				X509V3_conf_err(val);
				goto err;
			}

			tmp_data = realloc((*policy)->data,
			    (*policy)->length + val_len + 1);
			if (tmp_data) {
				(*policy)->data = tmp_data;
				memcpy(&(*policy)->data[(*policy)->length],
				    tmp_data2, val_len);
				(*policy)->length += val_len;
				(*policy)->data[(*policy)->length] = '\0';
			} else {
				free(tmp_data2);
				free((*policy)->data);
				(*policy)->data = NULL;
				(*policy)->length = 0;

				X509V3error(ERR_R_MALLOC_FAILURE);
				X509V3_conf_err(val);
				goto err;
			}
			free(tmp_data2);
		}
		else if (strncmp(val->value, "file:", 5) == 0) {
			unsigned char buf[2048];
			int n;
			BIO *b = BIO_new_file(val->value + 5, "r");
			if (!b) {

				X509V3error(ERR_R_BIO_LIB);
				X509V3_conf_err(val);
				goto err;
			}
			while ((n = BIO_read(b, buf, sizeof(buf))) > 0 ||
			    (n == 0 && BIO_should_retry(b))) {
				if (!n)
					continue;
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
				    buf, n);
				(*policy)->length += n;
				(*policy)->data[(*policy)->length] = '\0';
			}
			BIO_free_all(b);

			if (n < 0) {
				X509V3err(X509V3_F_PROCESS_PCI_VALUE,
				    ERR_R_BIO_LIB);
				X509V3_conf_err(val);
				goto err;
			}
		}
		else if (strncmp(val->value, "text:", 5) == 0) {
			val_len = strlen(val->value + 5);
			tmp_data = realloc((*policy)->data,
			    (*policy)->length + val_len + 1);
			if (tmp_data) {
				(*policy)->data = tmp_data;
				memcpy(&(*policy)->data[(*policy)->length],
				    val->value + 5, val_len);
				(*policy)->length += val_len;
				(*policy)->data[(*policy)->length] = '\0';
			} else {
				free((*policy)->data);
				(*policy)->data = NULL;
				(*policy)->length = 0;
				X509V3err(X509V3_F_PROCESS_PCI_VALUE,
				    ERR_R_MALLOC_FAILURE);
				X509V3_conf_err(val);
				goto err;
			}
		} else {
			X509V3err(X509V3_F_PROCESS_PCI_VALUE,
			    X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
			X509V3_conf_err(val);
			goto err;
		}
		if (!tmp_data) {
			X509V3err(X509V3_F_PROCESS_PCI_VALUE,
			    ERR_R_MALLOC_FAILURE);
			X509V3_conf_err(val);
			goto err;
		}
	}
	return 1;

err:







<
|


















<
|




<
|




<
|







178
179
180
181
182
183
184

185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203

204
205
206
207
208

209
210
211
212
213

214
215
216
217
218
219
220
221
				    buf, n);
				(*policy)->length += n;
				(*policy)->data[(*policy)->length] = '\0';
			}
			BIO_free_all(b);

			if (n < 0) {

				X509V3error(ERR_R_BIO_LIB);
				X509V3_conf_err(val);
				goto err;
			}
		}
		else if (strncmp(val->value, "text:", 5) == 0) {
			val_len = strlen(val->value + 5);
			tmp_data = realloc((*policy)->data,
			    (*policy)->length + val_len + 1);
			if (tmp_data) {
				(*policy)->data = tmp_data;
				memcpy(&(*policy)->data[(*policy)->length],
				    val->value + 5, val_len);
				(*policy)->length += val_len;
				(*policy)->data[(*policy)->length] = '\0';
			} else {
				free((*policy)->data);
				(*policy)->data = NULL;
				(*policy)->length = 0;

				X509V3error(ERR_R_MALLOC_FAILURE);
				X509V3_conf_err(val);
				goto err;
			}
		} else {

			X509V3error(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
			X509V3_conf_err(val);
			goto err;
		}
		if (!tmp_data) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			X509V3_conf_err(val);
			goto err;
		}
	}
	return 1;

err:
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
	ASN1_OCTET_STRING *policy = NULL;
	int i, j;

	vals = X509V3_parse_list(value);
	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
		CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
		if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
			X509V3err(X509V3_F_R2I_PCI,
			    X509V3_R_INVALID_PROXY_POLICY_SETTING);
			X509V3_conf_err(cnf);
			goto err;
		}
		if (*cnf->name == '@') {
			STACK_OF(CONF_VALUE) *sect;
			int success_p = 1;

			sect = X509V3_get_section(ctx, cnf->name + 1);
			if (!sect) {
				X509V3err(X509V3_F_R2I_PCI,
				    X509V3_R_INVALID_SECTION);
				X509V3_conf_err(cnf);
				goto err;
			}
			for (j = 0; success_p &&
			    j < sk_CONF_VALUE_num(sect); j++) {
				success_p = process_pci_value(
				    sk_CONF_VALUE_value(sect, j),







<
|









<
|







236
237
238
239
240
241
242

243
244
245
246
247
248
249
250
251
252

253
254
255
256
257
258
259
260
	ASN1_OCTET_STRING *policy = NULL;
	int i, j;

	vals = X509V3_parse_list(value);
	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
		CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
		if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {

			X509V3error(X509V3_R_INVALID_PROXY_POLICY_SETTING);
			X509V3_conf_err(cnf);
			goto err;
		}
		if (*cnf->name == '@') {
			STACK_OF(CONF_VALUE) *sect;
			int success_p = 1;

			sect = X509V3_get_section(ctx, cnf->name + 1);
			if (!sect) {

				X509V3error(X509V3_R_INVALID_SECTION);
				X509V3_conf_err(cnf);
				goto err;
			}
			for (j = 0; success_p &&
			    j < sk_CONF_VALUE_num(sect); j++) {
				success_p = process_pci_value(
				    sk_CONF_VALUE_value(sect, j),
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
				goto err;
			}
		}
	}

	/* Language is mandatory */
	if (!language) {
		X509V3err(X509V3_F_R2I_PCI,
		    X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
		goto err;
	}
	i = OBJ_obj2nid(language);
	if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
		X509V3err(X509V3_F_R2I_PCI,
		    X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
		goto err;
	}

	pci = PROXY_CERT_INFO_EXTENSION_new();
	if (!pci) {
		X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	pci->proxyPolicy->policyLanguage = language;
	language = NULL;
	pci->proxyPolicy->policy = policy;
	policy = NULL;







<
|




<
|





|







270
271
272
273
274
275
276

277
278
279
280
281

282
283
284
285
286
287
288
289
290
291
292
293
294
295
				goto err;
			}
		}
	}

	/* Language is mandatory */
	if (!language) {

		X509V3error(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
		goto err;
	}
	i = OBJ_obj2nid(language);
	if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {

		X509V3error(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
		goto err;
	}

	pci = PROXY_CERT_INFO_EXTENSION_new();
	if (!pci) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	pci->proxyPolicy->policyLanguage = language;
	language = NULL;
	pci->proxyPolicy->policy = policy;
	policy = NULL;
Changes to jni/libressl/crypto/x509v3/v3_pcia.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pcia.c,v 1.5 2015/02/09 16:03:11 jsing Exp $ */
/* Contributed to the OpenSSL Project 2004
 * by Richard Levitte (richard@levitte.org)
 */
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pcia.c,v 1.6 2015/07/25 16:00:14 jsing Exp $ */
/* Contributed to the OpenSSL Project 2004
 * by Richard Levitte (richard@levitte.org)
 */
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
Changes to jni/libressl/crypto/x509v3/v3_pcons.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pcons.c,v 1.8 2015/07/25 16:14:29 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pcons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
    STACK_OF(CONF_VALUE) *extlist);
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_policy_constraints = {
	.ext_nid = NID_policy_constraints,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(POLICY_CONSTRAINTS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_POLICY_CONSTRAINTS,







|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
    STACK_OF(CONF_VALUE) *extlist);
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_policy_constraints = {
	.ext_nid = NID_policy_constraints,
	.ext_flags = 0,
	.it = &POLICY_CONSTRAINTS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_POLICY_CONSTRAINTS,
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
    STACK_OF(CONF_VALUE) *values)
{
	POLICY_CONSTRAINTS *pcons = NULL;
	CONF_VALUE *val;
	int i;

	if (!(pcons = POLICY_CONSTRAINTS_new())) {
		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
		    ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
		val = sk_CONF_VALUE_value(values, i);
		if (!strcmp(val->name, "requireExplicitPolicy")) {
			if (!X509V3_get_value_int(val,
			    &pcons->requireExplicitPolicy)) goto err;
		} else if (!strcmp(val->name, "inhibitPolicyMapping")) {
			if (!X509V3_get_value_int(val,
			    &pcons->inhibitPolicyMapping)) goto err;
		} else {
			X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
			    X509V3_R_INVALID_NAME);
			X509V3_conf_err(val);
			goto err;
		}
	}
	if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
		    X509V3_R_ILLEGAL_EMPTY_EXTENSION);
		goto err;
	}

	return pcons;

err:
	POLICY_CONSTRAINTS_free(pcons);
	return NULL;
}







<
|











<
|





<
|









146
147
148
149
150
151
152

153
154
155
156
157
158
159
160
161
162
163
164

165
166
167
168
169
170

171
172
173
174
175
176
177
178
179
180
    STACK_OF(CONF_VALUE) *values)
{
	POLICY_CONSTRAINTS *pcons = NULL;
	CONF_VALUE *val;
	int i;

	if (!(pcons = POLICY_CONSTRAINTS_new())) {

		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
		val = sk_CONF_VALUE_value(values, i);
		if (!strcmp(val->name, "requireExplicitPolicy")) {
			if (!X509V3_get_value_int(val,
			    &pcons->requireExplicitPolicy)) goto err;
		} else if (!strcmp(val->name, "inhibitPolicyMapping")) {
			if (!X509V3_get_value_int(val,
			    &pcons->inhibitPolicyMapping)) goto err;
		} else {

			X509V3error(X509V3_R_INVALID_NAME);
			X509V3_conf_err(val);
			goto err;
		}
	}
	if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {

		X509V3error(X509V3_R_ILLEGAL_EMPTY_EXTENSION);
		goto err;
	}

	return pcons;

err:
	POLICY_CONSTRAINTS_free(pcons);
	return NULL;
}
Changes to jni/libressl/crypto/x509v3/v3_pku.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pku.c,v 1.11 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pku.c,v 1.13 2016/12/30 15:54:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
    PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
/*
static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
*/
const X509V3_EXT_METHOD v3_pkey_usage_period = {
	.ext_nid = NID_private_key_usage_period,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
    PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
/*
static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
*/
const X509V3_EXT_METHOD v3_pkey_usage_period = {
	.ext_nid = NID_private_key_usage_period,
	.ext_flags = 0,
	.it = &PKEY_USAGE_PERIOD_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
Changes to jni/libressl/crypto/x509v3/v3_pmaps.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pmaps.c,v 1.8 2015/07/25 16:00:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_pmaps.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
    const X509V3_EXT_METHOD *method, void *pmps, STACK_OF(CONF_VALUE) *extlist);

const X509V3_EXT_METHOD v3_policy_mappings = {
	.ext_nid = NID_policy_mappings,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(POLICY_MAPPINGS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_POLICY_MAPPINGS,







|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
    const X509V3_EXT_METHOD *method, void *pmps, STACK_OF(CONF_VALUE) *extlist);

const X509V3_EXT_METHOD v3_policy_mappings = {
	.ext_nid = NID_policy_mappings,
	.ext_flags = 0,
	.it = &POLICY_MAPPINGS_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = i2v_POLICY_MAPPINGS,
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
	POLICY_MAPPINGS *pmaps = NULL;
	POLICY_MAPPING *pmap = NULL;
	ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
	CONF_VALUE *val;
	int i, rc;

	if (!(pmaps = sk_POLICY_MAPPING_new_null())) {
		X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		val = sk_CONF_VALUE_value(nval, i);
		if (!val->value || !val->name) {
			rc = X509V3_R_INVALID_OBJECT_IDENTIFIER;







|







170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
	POLICY_MAPPINGS *pmaps = NULL;
	POLICY_MAPPING *pmap = NULL;
	ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
	CONF_VALUE *val;
	int i, rc;

	if (!(pmaps = sk_POLICY_MAPPING_new_null())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
		val = sk_CONF_VALUE_value(nval, i);
		if (!val->value || !val->name) {
			rc = X509V3_R_INVALID_OBJECT_IDENTIFIER;
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
		}
		pmap = NULL;
	}
	return pmaps;

err:
	sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
	X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, rc);
	if (rc == X509V3_R_INVALID_OBJECT_IDENTIFIER)
		X509V3_conf_err(val);
	ASN1_OBJECT_free(obj1);
	ASN1_OBJECT_free(obj2);
	POLICY_MAPPING_free(pmap);
	return NULL;
}







|







204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
		}
		pmap = NULL;
	}
	return pmaps;

err:
	sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
	X509V3error(rc);
	if (rc == X509V3_R_INVALID_OBJECT_IDENTIFIER)
		X509V3_conf_err(val);
	ASN1_OBJECT_free(obj1);
	ASN1_OBJECT_free(obj2);
	POLICY_MAPPING_free(pmap);
	return NULL;
}
Changes to jni/libressl/crypto/x509v3/v3_prn.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_prn.c,v 1.17 2014/07/11 08:44:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_prn.c,v 1.19 2016/12/30 15:54:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
	int ok = 1;

	if (!(method = X509V3_EXT_get(ext)))
		return unknown_ext_print(out, ext, flag, indent, 0);
	p = ext->value->data;
	if (method->it)
		ext_str = ASN1_item_d2i(NULL, &p, ext->value->length,
		    ASN1_ITEM_ptr(method->it));
	else
		ext_str = method->d2i(NULL, &p, ext->value->length);

	if (!ext_str)
		return unknown_ext_print(out, ext, flag, indent, 1);

	if (method->i2s) {







|







111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
	int ok = 1;

	if (!(method = X509V3_EXT_get(ext)))
		return unknown_ext_print(out, ext, flag, indent, 0);
	p = ext->value->data;
	if (method->it)
		ext_str = ASN1_item_d2i(NULL, &p, ext->value->length,
		    method->it);
	else
		ext_str = method->d2i(NULL, &p, ext->value->length);

	if (!ext_str)
		return unknown_ext_print(out, ext, flag, indent, 1);

	if (method->i2s) {
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
	} else
		ok = 0;

err:
	sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
	free(value);
	if (method->it)
		ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
	else
		method->ext_free(ext_str);
	return ok;
}

int
X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts,







|







141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
	} else
		ok = 0;

err:
	sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
	free(value);
	if (method->it)
		ASN1_item_free(ext_str, method->it);
	else
		method->ext_free(ext_str);
	return ok;
}

int
X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts,
Changes to jni/libressl/crypto/x509v3/v3_purp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_purp.c,v 1.25 2015/02/10 11:22:22 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_purp.c,v 1.29.4.1 2017/07/05 15:20:10 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
61
62
63
64
65
66
67








68
69
70
71
72
73
74

#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>









static void x509v3_cache_extensions(X509 *x);

static int check_ssl_ca(const X509 *x);
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
    int ca);
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
    int ca);







>
>
>
>
>
>
>
>







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>

#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
#define ku_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
#define xku_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
#define ns_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))

static void x509v3_cache_extensions(X509 *x);

static int check_ssl_ca(const X509 *x);
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
    int ca);
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
    int ca);
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
	return pt->check_purpose(pt, x, ca);
}

int
X509_PURPOSE_set(int *p, int purpose)
{
	if (X509_PURPOSE_get_by_id(purpose) == -1) {
		X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
		return 0;
	}
	*p = purpose;
	return 1;
}

int







|







142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
	return pt->check_purpose(pt, x, ca);
}

int
X509_PURPOSE_set(int *p, int purpose)
{
	if (X509_PURPOSE_get_by_id(purpose) == -1) {
		X509V3error(X509V3_R_INVALID_PURPOSE);
		return 0;
	}
	*p = purpose;
	return 1;
}

int
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
	int idx;
	X509_PURPOSE *ptmp;
	char *name_dup, *sname_dup;

	name_dup = sname_dup = NULL;

	if (name == NULL || sname == NULL) {
		X509V3err(X509V3_F_X509_PURPOSE_ADD,
		    X509V3_R_INVALID_NULL_ARGUMENT);
		return 0;
	}

	/* This is set according to what we change: application can't set it */
	flags &= ~X509_PURPOSE_DYNAMIC;
	/* This will always be set for application modified trust entries */
	flags |= X509_PURPOSE_DYNAMIC_NAME;
	/* Get existing entry if any */
	idx = X509_PURPOSE_get_by_id(id);
	/* Need a new entry */
	if (idx == -1) {
		if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) {
			X509V3err(X509V3_F_X509_PURPOSE_ADD,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}
		ptmp->flags = X509_PURPOSE_DYNAMIC;
	} else
		ptmp = X509_PURPOSE_get0(idx);

	if ((name_dup = strdup(name)) == NULL)







<
|












<
|







210
211
212
213
214
215
216

217
218
219
220
221
222
223
224
225
226
227
228
229

230
231
232
233
234
235
236
237
	int idx;
	X509_PURPOSE *ptmp;
	char *name_dup, *sname_dup;

	name_dup = sname_dup = NULL;

	if (name == NULL || sname == NULL) {

		X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
		return 0;
	}

	/* This is set according to what we change: application can't set it */
	flags &= ~X509_PURPOSE_DYNAMIC;
	/* This will always be set for application modified trust entries */
	flags |= X509_PURPOSE_DYNAMIC_NAME;
	/* Get existing entry if any */
	idx = X509_PURPOSE_get_by_id(id);
	/* Need a new entry */
	if (idx == -1) {
		if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) {

			X509V3error(ERR_R_MALLOC_FAILURE);
			return 0;
		}
		ptmp->flags = X509_PURPOSE_DYNAMIC;
	} else
		ptmp = X509_PURPOSE_get0(idx);

	if ((name_dup = strdup(name)) == NULL)
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
	return 1;

err:
	free(name_dup);
	free(sname_dup);
	if (idx == -1)
		free(ptmp);
	X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
	return 0;
}

static void
xptable_free(X509_PURPOSE *p)
{
	if (!p)







|







268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
	return 1;

err:
	free(name_dup);
	free(sname_dup);
	if (idx == -1)
		free(ptmp);
	X509V3error(ERR_R_MALLOC_FAILURE);
	return 0;
}

static void
xptable_free(X509_PURPOSE *p)
{
	if (!p)
321
322
323
324
325
326
327



328












329

330
331
332
333
334
335
336

static int
nid_cmp(const int *a, const int *b)
{
	return *a - *b;
}




DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);












IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);


int
X509_supported_extension(X509_EXTENSION *ex)
{
	/* This table is a list of the NIDs of supported extensions:
	 * that is those which are used by the verify process. If
	 * an extension is critical and doesn't appear in this list







>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>







327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358

static int
nid_cmp(const int *a, const int *b)
{
	return *a - *b;
}

static int nid_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int nid_cmp(int const *, int const *);
static int *OBJ_bsearch_nid(int *key, int const *base, int num);

static int
nid_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	int const *a = a_;
	int const *b = b_;
	return nid_cmp(a, b);
}

static int *
OBJ_bsearch_nid(int *key, int const *base, int num)
{
	return (int *)OBJ_bsearch_(key, base, num, sizeof(int),
	    nid_cmp_BSEARCH_CMP_FN);
}

int
X509_supported_extension(X509_EXTENSION *ex)
{
	/* This table is a list of the NIDs of supported extensions:
	 * that is those which are used by the verify process. If
	 * an extension is critical and doesn't appear in this list
409
410
411
412
413
414
415
416
417

418
419

420
421
422
423
424
425
426
427
428

429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444

445
446
447
448
449
450
451
452





453
454

455
456
457
458
459

460
461
462
463
464
465
466
{
	BASIC_CONSTRAINTS *bs;
	PROXY_CERT_INFO_EXTENSION *pci;
	ASN1_BIT_STRING *usage;
	ASN1_BIT_STRING *ns;
	EXTENDED_KEY_USAGE *extusage;
	X509_EXTENSION *ex;

	int i;

	if (x->ex_flags & EXFLAG_SET)
		return;

#ifndef OPENSSL_NO_SHA
	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
#endif
	/* Does subject name match issuer ? */
	if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
		x->ex_flags |= EXFLAG_SI;
	/* V1 should mean no extensions ... */
	if (!X509_get_version(x))
		x->ex_flags |= EXFLAG_V1;

	/* Handle basic constraints */
	if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
		if (bs->ca)
			x->ex_flags |= EXFLAG_CA;
		if (bs->pathlen) {
			if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) ||
			    !bs->ca) {
				x->ex_flags |= EXFLAG_INVALID;
				x->ex_pathlen = 0;
			} else
				x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
		} else
			x->ex_pathlen = -1;
		BASIC_CONSTRAINTS_free(bs);
		x->ex_flags |= EXFLAG_BCONS;
	}

	/* Handle proxy certificates */
	if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
		if (x->ex_flags & EXFLAG_CA ||
		    X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 ||
		    X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
			x->ex_flags |= EXFLAG_INVALID;
		}
		if (pci->pcPathLengthConstraint) {





			x->ex_pcpathlen =
			    ASN1_INTEGER_get(pci->pcPathLengthConstraint);

		} else
			x->ex_pcpathlen = -1;
		PROXY_CERT_INFO_EXTENSION_free(pci);
		x->ex_flags |= EXFLAG_PROXY;
	}

	/* Handle key usage */
	if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
		if (usage->length > 0) {
			x->ex_kusage = usage->data[0];
			if (usage->length > 1)
				x->ex_kusage |= usage->data[1] << 8;
		} else







<

>


>



|
<
<



>
















>








>
>
>
>
>
|
|
>





>







431
432
433
434
435
436
437

438
439
440
441
442
443
444
445
446


447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
{
	BASIC_CONSTRAINTS *bs;
	PROXY_CERT_INFO_EXTENSION *pci;
	ASN1_BIT_STRING *usage;
	ASN1_BIT_STRING *ns;
	EXTENDED_KEY_USAGE *extusage;
	X509_EXTENSION *ex;

	int i;

	if (x->ex_flags & EXFLAG_SET)
		return;

#ifndef OPENSSL_NO_SHA
	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
#endif



	/* V1 should mean no extensions ... */
	if (!X509_get_version(x))
		x->ex_flags |= EXFLAG_V1;

	/* Handle basic constraints */
	if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
		if (bs->ca)
			x->ex_flags |= EXFLAG_CA;
		if (bs->pathlen) {
			if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) ||
			    !bs->ca) {
				x->ex_flags |= EXFLAG_INVALID;
				x->ex_pathlen = 0;
			} else
				x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
		} else
			x->ex_pathlen = -1;
		BASIC_CONSTRAINTS_free(bs);
		x->ex_flags |= EXFLAG_BCONS;
	}

	/* Handle proxy certificates */
	if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
		if (x->ex_flags & EXFLAG_CA ||
		    X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 ||
		    X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
			x->ex_flags |= EXFLAG_INVALID;
		}
		if (pci->pcPathLengthConstraint) {
			if (pci->pcPathLengthConstraint->type ==
			    V_ASN1_NEG_INTEGER) {
				x->ex_flags |= EXFLAG_INVALID;
				x->ex_pcpathlen = 0;
			} else
				x->ex_pcpathlen =
				    ASN1_INTEGER_get(pci->
				      pcPathLengthConstraint);
		} else
			x->ex_pcpathlen = -1;
		PROXY_CERT_INFO_EXTENSION_free(pci);
		x->ex_flags |= EXFLAG_PROXY;
	}

	/* Handle key usage */
	if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
		if (usage->length > 0) {
			x->ex_kusage = usage->data[0];
			if (usage->length > 1)
				x->ex_kusage |= usage->data[1] << 8;
		} else
517
518
519
520
521
522
523










524
525
526
527
528
529
530
			x->ex_nscert = 0;
		x->ex_flags |= EXFLAG_NSCERT;
		ASN1_BIT_STRING_free(ns);
	}

	x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
	x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);










	x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
	x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
	if (!x->nc && (i != -1))
		x->ex_flags |= EXFLAG_INVALID;
	setup_crldp(x);

	for (i = 0; i < X509_get_ext_count(x); i++) {







>
>
>
>
>
>
>
>
>
>







547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
			x->ex_nscert = 0;
		x->ex_flags |= EXFLAG_NSCERT;
		ASN1_BIT_STRING_free(ns);
	}

	x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
	x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);

	/* Does subject name match issuer? */
	if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
		x->ex_flags |= EXFLAG_SI;
		/* If SKID matches AKID also indicate self signed. */
		if (X509_check_akid(x, x->akid) == X509_V_OK &&
		    !ku_reject(x, KU_KEY_CERT_SIGN))
			x->ex_flags |= EXFLAG_SS;
	}

	x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
	x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
	if (!x->nc && (i != -1))
		x->ex_flags |= EXFLAG_INVALID;
	setup_crldp(x);

	for (i = 0; i < X509_get_ext_count(x); i++) {
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
 * 0 not a CA
 * 1 is a CA
 * 2 basicConstraints absent so "maybe" a CA
 * 3 basicConstraints absent but self signed V1.
 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
 */

#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
#define ku_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
#define xku_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
#define ns_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))

static int
check_ca(const X509 *x)
{
	/* keyUsage if present should allow cert signing */
	if (ku_reject(x, KU_KEY_CERT_SIGN))
		return 0;
	if (x->ex_flags & EXFLAG_BCONS) {







<
<
<
<
<
<
<
<







587
588
589
590
591
592
593








594
595
596
597
598
599
600
 * 0 not a CA
 * 1 is a CA
 * 2 basicConstraints absent so "maybe" a CA
 * 3 basicConstraints absent but self signed V1.
 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
 */









static int
check_ca(const X509 *x)
{
	/* keyUsage if present should allow cert signing */
	if (ku_reject(x, KU_KEY_CERT_SIGN))
		return 0;
	if (x->ex_flags & EXFLAG_BCONS) {
Changes to jni/libressl/crypto/x509v3/v3_skey.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_skey.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_skey.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_skey_id = {
	.ext_nid = NID_subject_key_identifier,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(ASN1_OCTET_STRING),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
	.s2i = (X509V3_EXT_S2I)s2i_skey_id,
	.i2v = NULL,







|







64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_skey_id = {
	.ext_nid = NID_subject_key_identifier,
	.ext_flags = 0,
	.it = &ASN1_OCTET_STRING_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
	.s2i = (X509V3_EXT_S2I)s2i_skey_id,
	.i2v = NULL,
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
ASN1_OCTET_STRING *
s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
{
	ASN1_OCTET_STRING *oct;
	long length;

	if (!(oct = ASN1_OCTET_STRING_new())) {
		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!(oct->data = string_to_hex(str, &length))) {
		ASN1_OCTET_STRING_free(oct);
		return NULL;
	}







|







91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
ASN1_OCTET_STRING *
s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
{
	ASN1_OCTET_STRING *oct;
	long length;

	if (!(oct = ASN1_OCTET_STRING_new())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (!(oct->data = string_to_hex(str, &length))) {
		ASN1_OCTET_STRING_free(oct);
		return NULL;
	}
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
	unsigned int diglen;

	if (strcmp(str, "hash"))
		return s2i_ASN1_OCTET_STRING(method, ctx, str);

	if (!(oct = ASN1_OCTET_STRING_new())) {
		X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (ctx && (ctx->flags == CTX_TEST))
		return oct;

	if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
		X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
		goto err;
	}

	if (ctx->subject_req)
		pk = ctx->subject_req->req_info->pubkey->public_key;
	else
		pk = ctx->subject_cert->cert_info->key->public_key;

	if (!pk) {
		X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
		goto err;
	}

	if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen,
	    EVP_sha1(), NULL))
		goto err;

	if (!ASN1_STRING_set(oct, pkey_dig, diglen)) {
		X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	return oct;

err:
	ASN1_OCTET_STRING_free(oct);
	return NULL;
}







|







|









|








|









117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
	unsigned int diglen;

	if (strcmp(str, "hash"))
		return s2i_ASN1_OCTET_STRING(method, ctx, str);

	if (!(oct = ASN1_OCTET_STRING_new())) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}

	if (ctx && (ctx->flags == CTX_TEST))
		return oct;

	if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
		X509V3error(X509V3_R_NO_PUBLIC_KEY);
		goto err;
	}

	if (ctx->subject_req)
		pk = ctx->subject_req->req_info->pubkey->public_key;
	else
		pk = ctx->subject_cert->cert_info->key->public_key;

	if (!pk) {
		X509V3error(X509V3_R_NO_PUBLIC_KEY);
		goto err;
	}

	if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen,
	    EVP_sha1(), NULL))
		goto err;

	if (!ASN1_STRING_set(oct, pkey_dig, diglen)) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	return oct;

err:
	ASN1_OCTET_STRING_free(oct);
	return NULL;
}
Changes to jni/libressl/crypto/x509v3/v3_sxnet.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_sxnet.c,v 1.16 2015/07/29 16:13:49 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_sxnet.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *nval);
#endif

const X509V3_EXT_METHOD v3_sxnet = {
	.ext_nid = NID_sxnet,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = ASN1_ITEM_ref(SXNET),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,







|







75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *nval);
#endif

const X509V3_EXT_METHOD v3_sxnet = {
	.ext_nid = NID_sxnet,
	.ext_flags = X509V3_EXT_MULTILINE,
	.it = &SXNET_it,
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

int
SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
{
	ASN1_INTEGER *izone = NULL;

	if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
		X509V3err(X509V3_F_SXNET_ADD_ID_ASC,
		    X509V3_R_ERROR_CONVERTING_ZONE);
		return 0;
	}
	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
}

/* Add an id given the zone as an unsigned long */

int
SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen)
{
	ASN1_INTEGER *izone = NULL;

	if (!(izone = ASN1_INTEGER_new()) ||
	    !ASN1_INTEGER_set(izone, lzone)) {
		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
		ASN1_INTEGER_free(izone);
		return 0;
	}
	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
}

/* Add an id given the zone as an ASN1_INTEGER.
 * Note this version uses the passed integer and doesn't make a copy so don't
 * free it up afterwards.
 */

int
SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
{
	SXNET *sx = NULL;
	SXNETID *id = NULL;

	if (!psx || !zone || !user) {
		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
		    X509V3_R_INVALID_NULL_ARGUMENT);
		return 0;
	}
	if (userlen == -1)
		userlen = strlen(user);
	if (userlen > 64) {
		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
		    X509V3_R_USER_TOO_LONG);
		return 0;
	}
	if (!*psx) {
		if (!(sx = SXNET_new()))
			goto err;
		if (!ASN1_INTEGER_set(sx->version, 0))
			goto err;
		*psx = sx;
	} else
		sx = *psx;
	if (SXNET_get_id_INTEGER(sx, zone)) {
		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
		    X509V3_R_DUPLICATE_ZONE_ID);
		return 0;
	}

	if (!(id = SXNETID_new()))
		goto err;
	if (userlen == -1)
		userlen = strlen(user);

	if (!ASN1_STRING_set(id->user, user, userlen))
		goto err;
	if (!sk_SXNETID_push(sx->ids, id))
		goto err;
	id->zone = zone;
	return 1;

err:
	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
	SXNETID_free(id);
	SXNET_free(sx);
	*psx = NULL;
	return 0;
}

ASN1_OCTET_STRING *
SXNET_get_id_asc(SXNET *sx, char *zone)
{
	ASN1_INTEGER *izone = NULL;
	ASN1_OCTET_STRING *oct;

	if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
		X509V3err(X509V3_F_SXNET_GET_ID_ASC,
		    X509V3_R_ERROR_CONVERTING_ZONE);
		return NULL;
	}
	oct = SXNET_get_id_INTEGER(sx, izone);
	ASN1_INTEGER_free(izone);
	return oct;
}

ASN1_OCTET_STRING *
SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
{
	ASN1_INTEGER *izone = NULL;
	ASN1_OCTET_STRING *oct;

	if (!(izone = ASN1_INTEGER_new()) ||
	    !ASN1_INTEGER_set(izone, lzone)) {
		X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
		ASN1_INTEGER_free(izone);
		return NULL;
	}
	oct = SXNET_get_id_INTEGER(sx, izone);
	ASN1_INTEGER_free(izone);
	return oct;
}







<
|














|


















<
|





<
|











<
|
















|













<
|















|







254
255
256
257
258
259
260

261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

295
296
297
298
299
300

301
302
303
304
305
306
307
308
309
310
311
312

313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367

int
SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
{
	ASN1_INTEGER *izone = NULL;

	if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {

		X509V3error(X509V3_R_ERROR_CONVERTING_ZONE);
		return 0;
	}
	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
}

/* Add an id given the zone as an unsigned long */

int
SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen)
{
	ASN1_INTEGER *izone = NULL;

	if (!(izone = ASN1_INTEGER_new()) ||
	    !ASN1_INTEGER_set(izone, lzone)) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		ASN1_INTEGER_free(izone);
		return 0;
	}
	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
}

/* Add an id given the zone as an ASN1_INTEGER.
 * Note this version uses the passed integer and doesn't make a copy so don't
 * free it up afterwards.
 */

int
SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
{
	SXNET *sx = NULL;
	SXNETID *id = NULL;

	if (!psx || !zone || !user) {

		X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
		return 0;
	}
	if (userlen == -1)
		userlen = strlen(user);
	if (userlen > 64) {

		X509V3error(X509V3_R_USER_TOO_LONG);
		return 0;
	}
	if (!*psx) {
		if (!(sx = SXNET_new()))
			goto err;
		if (!ASN1_INTEGER_set(sx->version, 0))
			goto err;
		*psx = sx;
	} else
		sx = *psx;
	if (SXNET_get_id_INTEGER(sx, zone)) {

		X509V3error(X509V3_R_DUPLICATE_ZONE_ID);
		return 0;
	}

	if (!(id = SXNETID_new()))
		goto err;
	if (userlen == -1)
		userlen = strlen(user);

	if (!ASN1_STRING_set(id->user, user, userlen))
		goto err;
	if (!sk_SXNETID_push(sx->ids, id))
		goto err;
	id->zone = zone;
	return 1;

err:
	X509V3error(ERR_R_MALLOC_FAILURE);
	SXNETID_free(id);
	SXNET_free(sx);
	*psx = NULL;
	return 0;
}

ASN1_OCTET_STRING *
SXNET_get_id_asc(SXNET *sx, char *zone)
{
	ASN1_INTEGER *izone = NULL;
	ASN1_OCTET_STRING *oct;

	if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {

		X509V3error(X509V3_R_ERROR_CONVERTING_ZONE);
		return NULL;
	}
	oct = SXNET_get_id_INTEGER(sx, izone);
	ASN1_INTEGER_free(izone);
	return oct;
}

ASN1_OCTET_STRING *
SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
{
	ASN1_INTEGER *izone = NULL;
	ASN1_OCTET_STRING *oct;

	if (!(izone = ASN1_INTEGER_new()) ||
	    !ASN1_INTEGER_set(izone, lzone)) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		ASN1_INTEGER_free(izone);
		return NULL;
	}
	oct = SXNET_get_id_INTEGER(sx, izone);
	ASN1_INTEGER_free(izone);
	return oct;
}
Changes to jni/libressl/crypto/x509v3/v3_utl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3_utl.c,v 1.23 2014/07/13 16:03:10 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3_utl.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
	vtmp->name = tname;
	vtmp->value = tvalue;
	if (!sk_CONF_VALUE_push(*extlist, vtmp))
		goto err;
	return 1;

err:
	X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
	free(vtmp);
	free(tname);
	free(tvalue);
	return 0;
}

int







|







99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
	vtmp->name = tname;
	vtmp->value = tvalue;
	if (!sk_CONF_VALUE_push(*extlist, vtmp))
		goto err;
	return 1;

err:
	X509V3error(ERR_R_MALLOC_FAILURE);
	free(vtmp);
	free(tname);
	free(tvalue);
	return 0;
}

int
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
	BIGNUM *bntmp = NULL;
	char *strtmp = NULL;

	if (!a)
		return NULL;
	if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
	    !(strtmp = BN_bn2dec(bntmp)))
		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
	BN_free(bntmp);
	return strtmp;
}

char *
i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
{
	BIGNUM *bntmp = NULL;
	char *strtmp = NULL;

	if (!a)
		return NULL;
	if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
	    !(strtmp = BN_bn2dec(bntmp)))
		X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
	BN_free(bntmp);
	return strtmp;
}

ASN1_INTEGER *
s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
{
	BIGNUM *bn = NULL;
	ASN1_INTEGER *aint;
	int isneg, ishex;
	int ret;

	if (!value) {
		X509V3err(X509V3_F_S2I_ASN1_INTEGER,
		    X509V3_R_INVALID_NULL_VALUE);
		return 0;
	}
	bn = BN_new();
	if (value[0] == '-') {
		value++;
		isneg = 1;
	} else







|














|













<
|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
	BIGNUM *bntmp = NULL;
	char *strtmp = NULL;

	if (!a)
		return NULL;
	if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
	    !(strtmp = BN_bn2dec(bntmp)))
		X509V3error(ERR_R_MALLOC_FAILURE);
	BN_free(bntmp);
	return strtmp;
}

char *
i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
{
	BIGNUM *bntmp = NULL;
	char *strtmp = NULL;

	if (!a)
		return NULL;
	if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
	    !(strtmp = BN_bn2dec(bntmp)))
		X509V3error(ERR_R_MALLOC_FAILURE);
	BN_free(bntmp);
	return strtmp;
}

ASN1_INTEGER *
s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
{
	BIGNUM *bn = NULL;
	ASN1_INTEGER *aint;
	int isneg, ishex;
	int ret;

	if (!value) {

		X509V3error(X509V3_R_INVALID_NULL_VALUE);
		return 0;
	}
	bn = BN_new();
	if (value[0] == '-') {
		value++;
		isneg = 1;
	} else
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
	if (ishex)
		ret = BN_hex2bn(&bn, value);
	else
		ret = BN_dec2bn(&bn, value);

	if (!ret || value[ret]) {
		BN_free(bn);
		X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
		return 0;
	}

	if (isneg && BN_is_zero(bn))
		isneg = 0;

	aint = BN_to_ASN1_INTEGER(bn, NULL);
	BN_free(bn);
	if (!aint) {
		X509V3err(X509V3_F_S2I_ASN1_INTEGER,
		    X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
		return 0;
	}
	if (isneg)
		aint->type |= V_ASN1_NEG;
	return aint;
}








|









<
|







207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

224
225
226
227
228
229
230
231
	if (ishex)
		ret = BN_hex2bn(&bn, value);
	else
		ret = BN_dec2bn(&bn, value);

	if (!ret || value[ret]) {
		BN_free(bn);
		X509V3error(X509V3_R_BN_DEC2BN_ERROR);
		return 0;
	}

	if (isneg && BN_is_zero(bn))
		isneg = 0;

	aint = BN_to_ASN1_INTEGER(bn, NULL);
	BN_free(bn);
	if (!aint) {

		X509V3error(X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
		return 0;
	}
	if (isneg)
		aint->type |= V_ASN1_NEG;
	return aint;
}

263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
	    !strcmp(btmp, "N") || !strcmp(btmp, "n") ||
	    !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
		*asn1_bool = 0;
		return 1;
	}

err:
	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
	    X509V3_R_INVALID_BOOLEAN_STRING);
	X509V3_conf_err(value);
	return 0;
}

int
X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
{







<
|







261
262
263
264
265
266
267

268
269
270
271
272
273
274
275
	    !strcmp(btmp, "N") || !strcmp(btmp, "n") ||
	    !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
		*asn1_bool = 0;
		return 1;
	}

err:

	X509V3error(X509V3_R_INVALID_BOOLEAN_STRING);
	X509V3_conf_err(value);
	return 0;
}

int
X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
{
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
	char *ntmp, *vtmp;
	STACK_OF(CONF_VALUE) *values = NULL;
	char *linebuf;
	int state;

	/* We are going to modify the line so copy it first */
	if ((linebuf = strdup(line)) == NULL) {
		X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	state = HDR_NAME;
	ntmp = NULL;

	/* Go through all characters */
	for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') &&
	    (c != '\n'); p++) {

		switch (state) {
		case HDR_NAME:
			if (c == ':') {
				state = HDR_VALUE;
				*p = 0;
				ntmp = strip_spaces(q);
				if (!ntmp) {
					X509V3err(X509V3_F_X509V3_PARSE_LIST,
					    X509V3_R_INVALID_NULL_NAME);
					goto err;
				}
				q = p + 1;
			} else if (c == ',') {
				*p = 0;
				ntmp = strip_spaces(q);
				q = p + 1;
				if (!ntmp) {
					X509V3err(X509V3_F_X509V3_PARSE_LIST,
					    X509V3_R_INVALID_NULL_NAME);
					goto err;
				}
				X509V3_add_value(ntmp, NULL, &values);
			}
			break;

		case HDR_VALUE:
			if (c == ',') {
				state = HDR_NAME;
				*p = 0;
				vtmp = strip_spaces(q);
				if (!vtmp) {
					X509V3err(X509V3_F_X509V3_PARSE_LIST,
					    X509V3_R_INVALID_NULL_VALUE);
					goto err;
				}
				X509V3_add_value(ntmp, vtmp, &values);
				ntmp = NULL;
				q = p + 1;
			}

		}
	}

	if (state == HDR_VALUE) {
		vtmp = strip_spaces(q);
		if (!vtmp) {
			X509V3err(X509V3_F_X509V3_PARSE_LIST,
			    X509V3_R_INVALID_NULL_VALUE);
			goto err;
		}
		X509V3_add_value(ntmp, vtmp, &values);
	} else {
		ntmp = strip_spaces(q);
		if (!ntmp) {
			X509V3err(X509V3_F_X509V3_PARSE_LIST,
			    X509V3_R_INVALID_NULL_NAME);
			goto err;
		}
		X509V3_add_value(ntmp, NULL, &values);
	}
	free(linebuf);
	return values;








|
















<
|








<
|












<
|













<
|






<
|







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322
323
324
325
326
327

328
329
330
331
332
333
334
335
336
337
338
339
340

341
342
343
344
345
346
347
348
349
350
351
352
353
354

355
356
357
358
359
360
361

362
363
364
365
366
367
368
369
	char *ntmp, *vtmp;
	STACK_OF(CONF_VALUE) *values = NULL;
	char *linebuf;
	int state;

	/* We are going to modify the line so copy it first */
	if ((linebuf = strdup(line)) == NULL) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	state = HDR_NAME;
	ntmp = NULL;

	/* Go through all characters */
	for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') &&
	    (c != '\n'); p++) {

		switch (state) {
		case HDR_NAME:
			if (c == ':') {
				state = HDR_VALUE;
				*p = 0;
				ntmp = strip_spaces(q);
				if (!ntmp) {

					X509V3error(X509V3_R_INVALID_NULL_NAME);
					goto err;
				}
				q = p + 1;
			} else if (c == ',') {
				*p = 0;
				ntmp = strip_spaces(q);
				q = p + 1;
				if (!ntmp) {

					X509V3error(X509V3_R_INVALID_NULL_NAME);
					goto err;
				}
				X509V3_add_value(ntmp, NULL, &values);
			}
			break;

		case HDR_VALUE:
			if (c == ',') {
				state = HDR_NAME;
				*p = 0;
				vtmp = strip_spaces(q);
				if (!vtmp) {

					X509V3error(X509V3_R_INVALID_NULL_VALUE);
					goto err;
				}
				X509V3_add_value(ntmp, vtmp, &values);
				ntmp = NULL;
				q = p + 1;
			}

		}
	}

	if (state == HDR_VALUE) {
		vtmp = strip_spaces(q);
		if (!vtmp) {

			X509V3error(X509V3_R_INVALID_NULL_VALUE);
			goto err;
		}
		X509V3_add_value(ntmp, vtmp, &values);
	} else {
		ntmp = strip_spaces(q);
		if (!ntmp) {

			X509V3error(X509V3_R_INVALID_NULL_NAME);
			goto err;
		}
		X509V3_add_value(ntmp, NULL, &values);
	}
	free(linebuf);
	return values;

416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
	const unsigned char *p;
	int i;
	static const char hexdig[] = "0123456789ABCDEF";

	if (!buffer || !len)
		return NULL;
	if (!(tmp = malloc(len * 3 + 1))) {
		X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	q = tmp;
	for (i = 0, p = buffer; i < len; i++, p++) {
		*q++ = hexdig[(*p >> 4) & 0xf];
		*q++ = hexdig[*p & 0xf];
		*q++ = ':';







|







408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
	const unsigned char *p;
	int i;
	static const char hexdig[] = "0123456789ABCDEF";

	if (!buffer || !len)
		return NULL;
	if (!(tmp = malloc(len * 3 + 1))) {
		X509V3error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	q = tmp;
	for (i = 0, p = buffer; i < len; i++, p++) {
		*q++ = hexdig[(*p >> 4) & 0xf];
		*q++ = hexdig[*p & 0xf];
		*q++ = ':';
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466

unsigned char *
string_to_hex(const char *str, long *len)
{
	unsigned char *hexbuf, *q;
	unsigned char ch, cl, *p;
	if (!str) {
		X509V3err(X509V3_F_STRING_TO_HEX,
		    X509V3_R_INVALID_NULL_ARGUMENT);
		return NULL;
	}
	if (!(hexbuf = malloc(strlen(str) >> 1)))
		goto err;
	for (p = (unsigned char *)str, q = hexbuf; *p; ) {
		ch = *p++;
		if (ch == ':')
			continue;
		cl = *p++;
		if (!cl) {
			X509V3err(X509V3_F_STRING_TO_HEX,
			    X509V3_R_ODD_NUMBER_OF_DIGITS);
			free(hexbuf);
			return NULL;
		}
		ch = tolower(ch);
		cl = tolower(cl);

		if ((ch >= '0') && (ch <= '9'))







<
|










<
|







431
432
433
434
435
436
437

438
439
440
441
442
443
444
445
446
447
448

449
450
451
452
453
454
455
456

unsigned char *
string_to_hex(const char *str, long *len)
{
	unsigned char *hexbuf, *q;
	unsigned char ch, cl, *p;
	if (!str) {

		X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
		return NULL;
	}
	if (!(hexbuf = malloc(strlen(str) >> 1)))
		goto err;
	for (p = (unsigned char *)str, q = hexbuf; *p; ) {
		ch = *p++;
		if (ch == ':')
			continue;
		cl = *p++;
		if (!cl) {

			X509V3error(X509V3_R_ODD_NUMBER_OF_DIGITS);
			free(hexbuf);
			return NULL;
		}
		ch = tolower(ch);
		cl = tolower(cl);

		if ((ch >= '0') && (ch <= '9'))
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
	if (len)
		*len = q - hexbuf;

	return hexbuf;

err:
	free(hexbuf);
	X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
	return NULL;

badhex:
	free(hexbuf);
	X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
	return NULL;
}

/* V2I name comparison function: returns zero if 'name' matches
 * cmp or cmp.*
 */








|




|







473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
	if (len)
		*len = q - hexbuf;

	return hexbuf;

err:
	free(hexbuf);
	X509V3error(ERR_R_MALLOC_FAILURE);
	return NULL;

badhex:
	free(hexbuf);
	X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);
	return NULL;
}

/* V2I name comparison function: returns zero if 'name' matches
 * cmp or cmp.*
 */

633
634
635
636
637
638
639







































































































































































































































































































































































































































640
641
642
643
644
645
646
}

void
X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
{
	sk_OPENSSL_STRING_pop_free(sk, str_free);
}








































































































































































































































































































































































































































/* Convert IP addresses both IPv4 and IPv6 into an
 * OCTET STRING compatible with RFC3280.
 */

ASN1_OCTET_STRING *
a2i_IPADDRESS(const char *ipasc)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
}

void
X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
{
	sk_OPENSSL_STRING_pop_free(sk, str_free);
}

typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
    const unsigned char *subject, size_t subject_len, unsigned int flags);

/* Skip pattern prefix to match "wildcard" subject */
static void skip_prefix(const unsigned char **p, size_t *plen,
    const unsigned char *subject, size_t subject_len, unsigned int flags)
{
	const unsigned char *pattern = *p;
	size_t pattern_len = *plen;

	/*
	 * If subject starts with a leading '.' followed by more octets, and
	 * pattern is longer, compare just an equal-length suffix with the
	 * full subject (starting at the '.'), provided the prefix contains
	 * no NULs.
	 */
	if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
		return;

	while (pattern_len > subject_len && *pattern) {
		if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
		    *pattern == '.')
			break;
		++pattern;
		--pattern_len;
	}

	/* Skip if entire prefix acceptable */
	if (pattern_len == subject_len) {
		*p = pattern;
		*plen = pattern_len;
	}
}

/*
 * Open/BoringSSL uses memcmp for "equal_case" while their
 * "equal_nocase" function is a hand-rolled strncasecmp that does not
 * allow \0 in the pattern. Since an embedded \0 is likely a sign of
 * problems, we simply don't allow it in either case, and then we use
 * standard libc funcitons.
 */

/* Compare using strncasecmp */
static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
    const unsigned char *subject, size_t subject_len,
    unsigned int flags)
{
	if (memchr(pattern, '\0', pattern_len) != NULL)
		return 0;
	if (memchr(subject, '\0', subject_len) != NULL)
		return 0;
	skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
	if (pattern_len != subject_len)
		return 0;
	return (strncasecmp(pattern, subject, pattern_len) == 0);
}

/* Compare using strncmp. */
static int equal_case(const unsigned char *pattern, size_t pattern_len,
    const unsigned char *subject, size_t subject_len,
    unsigned int flags)
{
	if (memchr(pattern, 0, pattern_len) != NULL)
		return 0;
	if (memchr(subject, 0, subject_len) != NULL)
		return 0;
	skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
	if (pattern_len != subject_len)
		return 0;
	return (strncmp(pattern, subject, pattern_len) == 0);
}

/*
 * RFC 5280, section 7.5, requires that only the domain is compared in a
 * case-insensitive manner.
 */
static int equal_email(const unsigned char *a, size_t a_len,
    const unsigned char *b, size_t b_len,
    unsigned int unused_flags)
{
	size_t pos = a_len;
	if (a_len != b_len)
		return 0;
	/*
	 * We search backwards for the '@' character, so that we do not have to
	 * deal with quoted local-parts.  The domain part is compared in a
	 * case-insensitive manner.
	 */
	while (pos > 0) {
		pos--;
		if (a[pos] == '@' || b[pos] == '@') {
			if (!equal_nocase(a + pos, a_len - pos, b + pos, a_len - pos, 0))
				return 0;
			break;
		}
	}
	if (pos == 0)
		pos = a_len;
	return equal_case(a, pos, b, pos, 0);
}

/*
 * Compare the prefix and suffix with the subject, and check that the
 * characters in-between are valid.
 */
static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
    const unsigned char *suffix, size_t suffix_len,
    const unsigned char *subject, size_t subject_len, unsigned int flags)
{
	const unsigned char *wildcard_start;
	const unsigned char *wildcard_end;
	const unsigned char *p;
	int allow_multi = 0;
	int allow_idna = 0;

	if (subject_len < prefix_len + suffix_len)
		return 0;
	if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
		return 0;
	wildcard_start = subject + prefix_len;
	wildcard_end = subject + (subject_len - suffix_len);
	if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
		return 0;
	/*
	 * If the wildcard makes up the entire first label, it must match at
	 * least one character.
	 */
	if (prefix_len == 0 && *suffix == '.') {
		if (wildcard_start == wildcard_end)
			return 0;
		allow_idna = 1;
		if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
			allow_multi = 1;
	}
	/* IDNA labels cannot match partial wildcards */
	if (!allow_idna &&
	    subject_len >= 4
	    && strncasecmp((char *)subject, "xn--", 4) == 0)
		return 0;
	/* The wildcard may match a literal '*' */
	if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
		return 1;
	/*
	 * Check that the part matched by the wildcard contains only
	 * permitted characters and only matches a single label unless
	 * allow_multi is set.
	 */
	for (p = wildcard_start; p != wildcard_end; ++p)
		if (!(('0' <= *p && *p <= '9') || ('A' <= *p && *p <= 'Z') ||
		    ('a' <= *p && *p <= 'z') || *p == '-' ||
		    (allow_multi && *p == '.')))
			return 0;
	return 1;
}

#define LABEL_START     (1 << 0)
#define LABEL_END       (1 << 1)
#define LABEL_HYPHEN    (1 << 2)
#define LABEL_IDNA      (1 << 3)

static const unsigned char *valid_star(const unsigned char *p, size_t len,
    unsigned int flags)
{
	const unsigned char *star = 0;
	size_t i;
	int state = LABEL_START;
	int dots = 0;
	for (i = 0; i < len; ++i) {
		/*
		 * Locate first and only legal wildcard, either at the start
		 * or end of a non-IDNA first and not final label.
		 */
		if (p[i] == '*') {
			int atstart = (state & LABEL_START);
			int atend = (i == len - 1 || p[i + 1] == '.');
			/*
			 * At most one wildcard per pattern.
			 * No wildcards in IDNA labels.
			 * No wildcards after the first label.
			 */
			if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
				return NULL;
			/* Only full-label '*.example.com' wildcards? */
			if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
			    && (!atstart || !atend))
				return NULL;
			/* No 'foo*bar' wildcards */
			if (!atstart && !atend)
				return NULL;
			star = &p[i];
			state &= ~LABEL_START;
		} else if ((state & LABEL_START) != 0) {
			/*
			 * At the start of a label, skip any "xn--" and
			 * remain in the LABEL_START state, but set the
			 * IDNA label state
			 */
			if ((state & LABEL_IDNA) == 0 && len - i >= 4
			    && strncasecmp((char *)&p[i], "xn--", 4) == 0) {
				i += 3;
				state |= LABEL_IDNA;
				continue;
			}
			/* Labels must start with a letter or digit */
			state &= ~LABEL_START;
			if (('a' <= p[i] && p[i] <= 'z')
			    || ('A' <= p[i] && p[i] <= 'Z')
			    || ('0' <= p[i] && p[i] <= '9'))
				continue;
			return NULL;
		} else if (('a' <= p[i] && p[i] <= 'z')
		    || ('A' <= p[i] && p[i] <= 'Z')
		    || ('0' <= p[i] && p[i] <= '9')) {
			state &= LABEL_IDNA;
			continue;
		} else if (p[i] == '.') {
			if (state & (LABEL_HYPHEN | LABEL_START))
				return NULL;
			state = LABEL_START;
			++dots;
		} else if (p[i] == '-') {
			/* no domain/subdomain starts with '-' */
			if ((state & LABEL_START) != 0)
				return NULL;
			state |= LABEL_HYPHEN;
		} else
			return NULL;
	}

	/*
	 * The final label must not end in a hyphen or ".", and
	 * there must be at least two dots after the star.
	 */
	if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
		return NULL;
	return star;
}

/* Compare using wildcards. */
static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
    const unsigned char *subject, size_t subject_len, unsigned int flags)
{
	const unsigned char *star = NULL;

	/*
	 * Subject names starting with '.' can only match a wildcard pattern
	 * via a subject sub-domain pattern suffix match.
	 */
	if (!(subject_len > 1 && subject[0] == '.'))
		star = valid_star(pattern, pattern_len, flags);
	if (star == NULL)
		return equal_nocase(pattern, pattern_len,
		    subject, subject_len, flags);
	return wildcard_match(pattern, star - pattern,
	    star + 1, (pattern + pattern_len) - star - 1,
	    subject, subject_len, flags);
}

/*
 * Compare an ASN1_STRING to a supplied string. If they match return 1. If
 * cmp_type > 0 only compare if string matches the type, otherwise convert it
 * to UTF8.
 */

static int
do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
    unsigned int flags, const char *b, size_t blen, char **peername)
{
	int rv = 0;

	if (!a->data || !a->length)
		return 0;
	if (cmp_type > 0) {
		if (cmp_type != a->type)
			return 0;
		if (cmp_type == V_ASN1_IA5STRING)
			rv = equal(a->data, a->length, (unsigned char *)b,
			    blen, flags);
		else if (a->length == (int)blen && !memcmp(a->data, b, blen))
			rv = 1;
		if (rv > 0 && peername &&
		    (*peername = strndup((char *)a->data, a->length)) == NULL)
			rv = -1;
	} else {
		int astrlen;
		unsigned char *astr;
		astrlen = ASN1_STRING_to_UTF8(&astr, a);
		if (astrlen < 0)
			return -1;
		rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
		if (rv > 0 && peername &&
		    (*peername = strndup((char *)astr, astrlen)) == NULL)
			rv = -1;
		free(astr);
	}
	return rv;
}

static int do_x509_check(X509 *x, const char *chk, size_t chklen,
    unsigned int flags, int check_type, char **peername)
{
	GENERAL_NAMES *gens = NULL;
	X509_NAME *name = NULL;
	size_t i;
	int j;
	int cnid = NID_undef;
	int alt_type;
	int san_present = 0;
	int rv = 0;
	equal_fn equal;

	/* See below, this flag is internal-only */
	flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS;
	if (check_type == GEN_EMAIL) {
		cnid = NID_pkcs9_emailAddress;
		alt_type = V_ASN1_IA5STRING;
		equal = equal_email;
	} else if (check_type == GEN_DNS) {
		cnid = NID_commonName;
		/* Implicit client-side DNS sub-domain pattern */
		if (chklen > 1 && chk[0] == '.')
			flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS;
		alt_type = V_ASN1_IA5STRING;
		if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
			equal = equal_nocase;
		else
			equal = equal_wildcard;
	} else {
		alt_type = V_ASN1_OCTET_STRING;
		equal = equal_case;
	}

	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
	if (gens != NULL) {
		for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
			GENERAL_NAME *gen;
			ASN1_STRING *cstr;
			gen = sk_GENERAL_NAME_value(gens, i);
			if (gen->type != check_type)
				continue;
			san_present = 1;
			if (check_type == GEN_EMAIL)
				cstr = gen->d.rfc822Name;
			else if (check_type == GEN_DNS)
				cstr = gen->d.dNSName;
			else
				cstr = gen->d.iPAddress;
			/* Positive on success, negative on error! */
			if ((rv = do_check_string(cstr, alt_type, equal, flags,
			    chk, chklen, peername)) != 0)
				break;
		}
		GENERAL_NAMES_free(gens);
		if (rv != 0)
			return rv;
		if (cnid == NID_undef ||
		    (san_present &&
		    !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
			return 0;
	}

	/* We're done if CN-ID is not pertinent */
	if (cnid == NID_undef)
		return 0;

	j = -1;
	name = X509_get_subject_name(x);
	while ((j = X509_NAME_get_index_by_NID(name, cnid, j)) >= 0) {
		X509_NAME_ENTRY *ne;
		ASN1_STRING *str;
		if ((ne = X509_NAME_get_entry(name, j)) == NULL)
			return -1;
		if ((str = X509_NAME_ENTRY_get_data(ne)) == NULL)
			return -1;
		/* Positive on success, negative on error! */
		if ((rv = do_check_string(str, -1, equal, flags,
			 chk, chklen, peername)) != 0)
			return rv;
	}
	return 0;
}

int X509_check_host(X509 *x, const char *chk, size_t chklen,
    unsigned int flags, char **peername)
{
	if (chk == NULL)
		return -2;
	if (memchr(chk, '\0', chklen))
		return -2;
	return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
}

int X509_check_email(X509 *x, const char *chk, size_t chklen,
    unsigned int flags)
{
	if (chk == NULL)
		return -2;
	if (memchr(chk, '\0', chklen))
		return -2;
	return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
}

int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
    unsigned int flags)
{
	if (chk == NULL)
		return -2;
	return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
}

int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
{
	unsigned char ipout[16];
	size_t iplen;

	if (ipasc == NULL)
		return -2;
	iplen = (size_t)a2i_ipadd(ipout, ipasc);
	if (iplen == 0)
		return -2;
	return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
}

/* Convert IP addresses both IPv4 and IPv6 into an
 * OCTET STRING compatible with RFC3280.
 */

ASN1_OCTET_STRING *
a2i_IPADDRESS(const char *ipasc)
Changes to jni/libressl/crypto/x509v3/v3err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: v3err.c,v 1.10 2014/06/12 15:49:31 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: v3err.c,v 1.11 2014/07/10 22:45:58 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Added jni/libressl/crypto/x86_arch.h.




















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*	$OpenBSD: x86_arch.h,v 1.1 2016/11/04 17:30:30 miod Exp $	*/
/*
 * Copyright (c) 2016 Miodrag Vallat.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * The knowledge of the layout of OPENSSL_ia32cap_P is internal to libcrypto
 * (and, to some extent, to libssl), and may change in the future without
 * notice.
 */

/*
 * OPENSSL_ia32cap_P is computed at runtime by OPENSSL_ia32_cpuid().
 *
 * On processors which lack the cpuid instruction, the value is always
 * zero (this only matters on 32-bit processors, of course).
 *
 * On processors which support the cpuid instruction, after running
 * "cpuid 1", the value of %edx is written to the low word of OPENSSL_ia32cap_P,
 * and the value of %ecx is written to its high word.
 *
 * Further processing is done to set or clear specific bits, depending
 * upon the exact processor type.
 *
 * Assembly routines usually address OPENSSL_ia32cap_P as two 32-bit words,
 * hence two sets of bit numbers and masks. OPENSSL_cpu_caps() returns the
 * complete 64-bit word.
 */

/* bit numbers for the low word */
#define	IA32CAP_BIT0_FPU	0
#define	IA32CAP_BIT0_MMX	23
#define	IA32CAP_BIT0_FXSR	24
#define	IA32CAP_BIT0_SSE	25
#define	IA32CAP_BIT0_SSE2	26
#define	IA32CAP_BIT0_HT		28

/* the following bits are not obtained from cpuid */
#define	IA32CAP_BIT0_INTELP4	20
#define	IA32CAP_BIT0_INTEL	30

/* bit numbers for the high word */
#define	IA32CAP_BIT1_PCLMUL	1
#define	IA32CAP_BIT1_SSSE3	9
#define	IA32CAP_BIT1_FMA3	12
#define	IA32CAP_BIT1_AESNI	25
#define	IA32CAP_BIT1_OSXSAVE	27
#define	IA32CAP_BIT1_AVX	28

#define	IA32CAP_BIT1_AMD_XOP	11

/* bit masks for the low word */
#define	IA32CAP_MASK0_MMX	(1 << IA32CAP_BIT0_MMX)
#define	IA32CAP_MASK0_FXSR	(1 << IA32CAP_BIT0_FXSR)
#define	IA32CAP_MASK0_SSE	(1 << IA32CAP_BIT0_SSE)
#define	IA32CAP_MASK0_SSE2	(1 << IA32CAP_BIT0_SSE2)
#define	IA32CAP_MASK0_HT	(1 << IA32CAP_BIT0_HT)

#define	IA32CAP_MASK0_INTELP4	(1 << IA32CAP_BIT0_INTELP4)
#define	IA32CAP_MASK0_INTEL	(1 << IA32CAP_BIT0_INTEL)

/* bit masks for the high word */
#define	IA32CAP_MASK1_PCLMUL	(1 << IA32CAP_BIT1_PCLMUL)
#define	IA32CAP_MASK1_SSSE3	(1 << IA32CAP_BIT1_SSSE3)
#define	IA32CAP_MASK1_FMA3	(1 << IA32CAP_BIT1_FMA3)
#define	IA32CAP_MASK1_AESNI	(1 << IA32CAP_BIT1_AESNI)
#define	IA32CAP_MASK1_AVX	(1 << IA32CAP_BIT1_AVX)

#define	IA32CAP_MASK1_AMD_XOP	(1 << IA32CAP_BIT1_AMD_XOP)

/* bit masks for OPENSSL_cpu_caps() */
#define	CPUCAP_MASK_MMX		IA32CAP_MASK0_MMX
#define	CPUCAP_MASK_FXSR	IA32CAP_MASK0_FXSR
#define	CPUCAP_MASK_SSE		IA32CAP_MASK0_SSE
#define	CPUCAP_MASK_INTELP4	IA32CAP_MASK0_INTELP4
#define	CPUCAP_MASK_PCLMUL	(1ULL << (32 + IA32CAP_BIT1_PCLMUL))
#define	CPUCAP_MASK_SSSE3	(1ULL << (32 + IA32CAP_BIT1_SSSE3))
#define	CPUCAP_MASK_AESNI	(1ULL << (32 + IA32CAP_BIT1_AESNI))
Changes to jni/libressl/include/CMakeLists.txt.
1
2
3
4
5
install(DIRECTORY .
        DESTINATION include
        PATTERN "CMakeLists.txt" EXCLUDE
        PATTERN "compat" EXCLUDE
        PATTERN "Makefile*" EXCLUDE)

|



1
2
3
4
5
install(DIRECTORY .
        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
        PATTERN "CMakeLists.txt" EXCLUDE
        PATTERN "compat" EXCLUDE
        PATTERN "Makefile*" EXCLUDE)
Changes to jni/libressl/include/Makefile.am.
1
2
3
4
5
6
7
8
9
10

11
12
13
14
15
16
17
include $(top_srcdir)/Makefile.am.common

EXTRA_DIST = CMakeLists.txt

SUBDIRS = openssl

noinst_HEADERS = pqueue.h
noinst_HEADERS += compat/dirent.h
noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/err.h

noinst_HEADERS += compat/limits.h
noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h
noinst_HEADERS += compat/readpassphrase.h
noinst_HEADERS += compat/resolv.h
noinst_HEADERS += compat/stdio.h
noinst_HEADERS += compat/stdlib.h










>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
include $(top_srcdir)/Makefile.am.common

EXTRA_DIST = CMakeLists.txt

SUBDIRS = openssl

noinst_HEADERS = pqueue.h
noinst_HEADERS += compat/dirent.h
noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/err.h
noinst_HEADERS += compat/fcntl.h
noinst_HEADERS += compat/limits.h
noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h
noinst_HEADERS += compat/readpassphrase.h
noinst_HEADERS += compat/resolv.h
noinst_HEADERS += compat/stdio.h
noinst_HEADERS += compat/stdlib.h
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

noinst_HEADERS += compat/machine/endian.h

noinst_HEADERS += compat/netinet/in.h
noinst_HEADERS += compat/netinet/ip.h
noinst_HEADERS += compat/netinet/tcp.h

noinst_HEADERS += compat/sys/cdefs.h
noinst_HEADERS += compat/sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h
noinst_HEADERS += compat/sys/param.h
noinst_HEADERS += compat/sys/select.h
noinst_HEADERS += compat/sys/socket.h
noinst_HEADERS += compat/sys/stat.h
noinst_HEADERS += compat/sys/time.h
noinst_HEADERS += compat/sys/types.h
noinst_HEADERS += compat/sys/uio.h

include_HEADERS = tls.h







<











26
27
28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43

noinst_HEADERS += compat/machine/endian.h

noinst_HEADERS += compat/netinet/in.h
noinst_HEADERS += compat/netinet/ip.h
noinst_HEADERS += compat/netinet/tcp.h


noinst_HEADERS += compat/sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h
noinst_HEADERS += compat/sys/param.h
noinst_HEADERS += compat/sys/select.h
noinst_HEADERS += compat/sys/socket.h
noinst_HEADERS += compat/sys/stat.h
noinst_HEADERS += compat/sys/time.h
noinst_HEADERS += compat/sys/types.h
noinst_HEADERS += compat/sys/uio.h

include_HEADERS = tls.h
Changes to jni/libressl/include/Makefile.in.
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
        fi; \
        dir0="$$dir0"/"$$first"; \
      fi; \
    fi; \
    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
  done; \
  reldir="$$dir2"
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
        fi; \
        dir0="$$dir0"/"$$first"; \
      fi; \
    fi; \
    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
  done; \
  reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
241
242
243
244
245
246
247

248
249
250
251
252
253
254
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
336
337
338
339
340
341
342
343


344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL


EXTRA_DIST = CMakeLists.txt
SUBDIRS = openssl
noinst_HEADERS = pqueue.h compat/dirent.h compat/dirent_msvc.h \
	compat/err.h compat/limits.h compat/netdb.h compat/poll.h \
	compat/readpassphrase.h compat/resolv.h compat/stdio.h \
	compat/stdlib.h compat/string.h compat/time.h compat/unistd.h \
	compat/win32netcompat.h compat/arpa/inet.h \
	compat/arpa/nameser.h compat/machine/endian.h \
	compat/netinet/in.h compat/netinet/ip.h compat/netinet/tcp.h \
	compat/sys/cdefs.h compat/sys/ioctl.h compat/sys/mman.h \
	compat/sys/param.h compat/sys/select.h compat/sys/socket.h \
	compat/sys/stat.h compat/sys/time.h compat/sys/types.h \
	compat/sys/uio.h
include_HEADERS = tls.h
all: all-recursive

.SUFFIXES:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \







|
>
>



|
|
|
|


|
|
|
<







337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358

359
360
361
362
363
364
365
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
EXTRA_DIST = CMakeLists.txt
SUBDIRS = openssl
noinst_HEADERS = pqueue.h compat/dirent.h compat/dirent_msvc.h \
	compat/err.h compat/fcntl.h compat/limits.h compat/netdb.h \
	compat/poll.h compat/readpassphrase.h compat/resolv.h \
	compat/stdio.h compat/stdlib.h compat/string.h compat/time.h \
	compat/unistd.h compat/win32netcompat.h compat/arpa/inet.h \
	compat/arpa/nameser.h compat/machine/endian.h \
	compat/netinet/in.h compat/netinet/ip.h compat/netinet/tcp.h \
	compat/sys/ioctl.h compat/sys/mman.h compat/sys/param.h \
	compat/sys/select.h compat/sys/socket.h compat/sys/stat.h \
	compat/sys/time.h compat/sys/types.h compat/sys/uio.h

include_HEADERS = tls.h
all: all-recursive

.SUFFIXES:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
Changes to jni/libressl/include/compat/arpa/inet.h.
9
10
11
12
13
14
15




16
17
18
19
#include <win32netcompat.h>

#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG               0x00000400
#endif

#endif





#ifndef HAVE_INET_PTON
int inet_pton(int af, const char * src, void * dst);
#endif







>
>
>
>




9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#include <win32netcompat.h>

#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG               0x00000400
#endif

#endif

#ifndef HAVE_INET_NTOP
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size);
#endif

#ifndef HAVE_INET_PTON
int inet_pton(int af, const char * src, void * dst);
#endif
Changes to jni/libressl/include/compat/err.h.
14
15
16
17
18
19
20





21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36





37
38
39
40
41
42
43

#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>






static inline void
err(int eval, const char *fmt, ...)
{
	int sverrno = errno;
	va_list ap;

	va_start(ap, fmt);
	if (fmt != NULL) {
		vfprintf(stderr, fmt, ap);
		fprintf(stderr, ": ");
	}
	fprintf(stderr, "%s\n", strerror(sverrno));
	exit(eval);
	va_end(ap);
}






static inline void
errx(int eval, const char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	if (fmt != NULL)







>
>
>
>
>
















>
>
>
>
>







14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void
err(int eval, const char *fmt, ...)
{
	int sverrno = errno;
	va_list ap;

	va_start(ap, fmt);
	if (fmt != NULL) {
		vfprintf(stderr, fmt, ap);
		fprintf(stderr, ": ");
	}
	fprintf(stderr, "%s\n", strerror(sverrno));
	exit(eval);
	va_end(ap);
}

#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void
errx(int eval, const char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	if (fmt != NULL)
Added jni/libressl/include/compat/fcntl.h.
































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/*
 * Public domain
 * fcntl.h compatibility shim
 */

#ifndef _WIN32
#include_next <fcntl.h>
#else

#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/fcntl.h>
#else
#include <../include/fcntl.h>
#endif
#else
#include_next <fcntl.h>
#endif

#endif

#ifndef O_NONBLOCK
#define O_NONBLOCK      0x100000
#endif

#ifndef O_CLOEXEC
#define O_CLOEXEC       0x200000
#endif

#ifndef FD_CLOEXEC
#define FD_CLOEXEC      1
#endif
Changes to jni/libressl/include/compat/limits.h.
1
2
3
4
5
6
7








8
9
10
11
12
13
14
/*
 * Public domain
 * limits.h compatibility shim
 */

#ifdef _MSC_VER
#include <../include/limits.h>








#else
#include_next <limits.h>
#endif

#ifdef __hpux
#include <sys/param.h>
#ifndef PATH_MAX







>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/*
 * Public domain
 * limits.h compatibility shim
 */

#ifdef _MSC_VER
#include <../include/limits.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#ifndef PATH_MAX
#define PATH_MAX _MAX_PATH
#endif
#else
#include_next <limits.h>
#endif

#ifdef __hpux
#include <sys/param.h>
#ifndef PATH_MAX
Changes to jni/libressl/include/compat/machine/endian.h.
17
18
19
20
21
22
23



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 */
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define BYTE_ORDER LITTLE_ENDIAN
#else
#define BYTE_ORDER BIG_ENDIAN
#endif




#elif defined(__linux__)
#include <endian.h>

#elif defined(__sun) || defined(_AIX) || defined(__hpux)
#include <sys/types.h>
#include <arpa/nameser_compat.h>

#elif defined(__sgi)
#include <standards.h>
#include <sys/endian.h>

#elif defined(__HAIKU__)
#include_next <endian.h>

#else
#include_next <machine/endian.h>

#endif

#endif







>
>
>











<
<
<






17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37



38
39
40
41
42
43
 */
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define BYTE_ORDER LITTLE_ENDIAN
#else
#define BYTE_ORDER BIG_ENDIAN
#endif

#elif defined(ANDROID)
#include_next <machine/endian.h>

#elif defined(__linux__)
#include <endian.h>

#elif defined(__sun) || defined(_AIX) || defined(__hpux)
#include <sys/types.h>
#include <arpa/nameser_compat.h>

#elif defined(__sgi)
#include <standards.h>
#include <sys/endian.h>




#else
#include_next <machine/endian.h>

#endif

#endif
Changes to jni/libressl/include/compat/stdio.h.
21
22
23
24
25
26
27




28
29
30
31
32
33
34
#ifndef HAVE_ASPRINTF
#include <stdarg.h>
int vasprintf(char **str, const char *fmt, va_list ap);
int asprintf(char **str, const char *fmt, ...);
#endif

#ifdef _WIN32





void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode);
char * posix_fgets(char *s, int size, FILE *stream);
int posix_rename(const char *oldpath, const char *newpath);

#ifndef NO_REDEF_POSIX_FUNCTIONS







>
>
>
>







21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#ifndef HAVE_ASPRINTF
#include <stdarg.h>
int vasprintf(char **str, const char *fmt, va_list ap);
int asprintf(char **str, const char *fmt, ...);
#endif

#ifdef _WIN32

#if defined(_MSC_VER)
#define __func__ __FUNCTION__
#endif

void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode);
char * posix_fgets(char *s, int size, FILE *stream);
int posix_rename(const char *oldpath, const char *newpath);

#ifndef NO_REDEF_POSIX_FUNCTIONS
Changes to jni/libressl/include/compat/stdlib.h.
24
25
26
27
28
29
30




31
32
33
34
35
36
37
void arc4random_buf(void *_buf, size_t n);
uint32_t arc4random_uniform(uint32_t upper_bound);
#endif

#ifndef HAVE_REALLOCARRAY
void *reallocarray(void *, size_t, size_t);
#endif





#ifndef HAVE_STRTONUM
long long strtonum(const char *nptr, long long minval,
		long long maxval, const char **errstr);
#endif

#endif







>
>
>
>







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
void arc4random_buf(void *_buf, size_t n);
uint32_t arc4random_uniform(uint32_t upper_bound);
#endif

#ifndef HAVE_REALLOCARRAY
void *reallocarray(void *, size_t, size_t);
#endif

#ifndef HAVE_RECALLOCARRAY
void *recallocarray(void *, size_t, size_t, size_t);
#endif

#ifndef HAVE_STRTONUM
long long strtonum(const char *nptr, long long minval,
		long long maxval, const char **errstr);
#endif

#endif
Deleted jni/libressl/include/compat/sys/cdefs.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/*
 * Public domain
 * sys/cdefs.h compatibility shim
 */

#ifndef LIBCRYPTOCOMPAT_SYS_CDEFS_H
#define LIBCRYPTOCOMPAT_SYS_CDEFS_H

#ifdef _WIN32

#define __warn_references(sym,msg)

#else

#include_next <sys/cdefs.h>

#ifndef __warn_references

#if defined(__GNUC__)  && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg)          \
  __asm__(".section .gnu.warning." __STRING(sym)  \
         " ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif

#endif /* __warn_references */

#endif /* _WIN32 */

#endif /* LIBCRYPTOCOMPAT_SYS_CDEFS_H */
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































Changes to jni/libressl/include/compat/sys/socket.h.
1
2
3
4
5
6
7
8
9
10







/*
 * Public domain
 * sys/socket.h compatibility shim
 */

#ifndef _WIN32
#include_next <sys/socket.h>
#else
#include <win32netcompat.h>
#endif

















>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
/*
 * Public domain
 * sys/socket.h compatibility shim
 */

#ifndef _WIN32
#include_next <sys/socket.h>
#else
#include <win32netcompat.h>
#endif

#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define SOCK_CLOEXEC            0x8000  /* set FD_CLOEXEC */
#define SOCK_NONBLOCK           0x4000  /* set O_NONBLOCK */
int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv)
#endif
Changes to jni/libressl/include/compat/sys/stat.h.
1
2
3
4
5
6
7
8
9
10









11
12
13
14
15
16
17
/*
 * Public domain
 * sys/stat.h compatibility shim
 */

#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
#define LIBCRYPTOCOMPAT_SYS_STAT_H

#ifndef _MSC_VER
#include_next <sys/stat.h>









#else

#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/sys/stat.h>
#else
#include <../include/sys/stat.h>










>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/*
 * Public domain
 * sys/stat.h compatibility shim
 */

#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
#define LIBCRYPTOCOMPAT_SYS_STAT_H

#ifndef _MSC_VER
#include_next <sys/stat.h>

/* for old MinGW */
#ifndef S_IRGRP
#define S_IRGRP         0
#endif
#ifndef S_IROTH
#define S_IROTH         0
#endif

#else

#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/sys/stat.h>
#else
#include <../include/sys/stat.h>
Changes to jni/libressl/include/compat/sys/types.h.
40
41
42
43
44
45
46





















47

#endif

#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif






















#endif







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

#endif

#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif

#ifdef _WIN32
#define __warn_references(sym,msg)
#else

#ifndef __warn_references

#ifndef __STRING
#define __STRING(x) #x
#endif

#if defined(__GNUC__)  && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg)          \
  __asm__(".section .gnu.warning." __STRING(sym)  \
         " ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif

#endif /* __warn_references */
#endif /* _WIN32 */

#endif
Changes to jni/libressl/include/compat/unistd.h.
10
11
12
13
14
15
16



17
18
19
20
21
22
23
#include_next <unistd.h>
#else

#include <stdlib.h>
#include <io.h>
#include <process.h>




#define R_OK    4
#define W_OK    2
#define X_OK    0
#define F_OK    0

#define access _access








>
>
>







10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#include_next <unistd.h>
#else

#include <stdlib.h>
#include <io.h>
#include <process.h>

#define STDOUT_FILENO   1
#define STDERR_FILENO   2

#define R_OK    4
#define W_OK    2
#define X_OK    0
#define F_OK    0

#define access _access

31
32
33
34
35
36
37
38




39
40


41


/*
 * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
 */
#if defined(__sun)
#include <sys/random.h>
#endif
#endif





#define pledge(request, paths) 0



#endif










>
>
>
>


>
>

>
>
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
/*
 * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
 */
#if defined(__sun)
#include <sys/random.h>
#endif
#endif

#ifndef HAVE_GETPAGESIZE
int getpagesize(void);
#endif

#define pledge(request, paths) 0

#ifndef HAVE_PIPE2
int pipe2(int fildes[2], int flags);
#endif

#endif
Changes to jni/libressl/include/compat/win32netcompat.h.
22
23
24
25
26
27
28


29

30
31
32
33
34
35
36
37
38
39
40
41

42
43
44
45
46
47
48
#endif
#ifndef SHUT_WR
#define SHUT_WR   SD_SEND
#endif

int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);



int posix_close(int fd);

ssize_t posix_read(int fd, void *buf, size_t count);

ssize_t posix_write(int fd, const void *buf, size_t count);

int posix_getsockopt(int sockfd, int level, int optname,
	void *optval, socklen_t *optlen);

int posix_setsockopt(int sockfd, int level, int optname,
	const void *optval, socklen_t optlen);

#ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)

#define close(fd) posix_close(fd)
#define read(fd, buf, count) posix_read(fd, buf, count)
#define write(fd, buf, count) posix_write(fd, buf, count)
#define getsockopt(sockfd, level, optname, optval, optlen) \
	posix_getsockopt(sockfd, level, optname, optval, optlen)
#define setsockopt(sockfd, level, optname, optval, optlen) \
	posix_setsockopt(sockfd, level, optname, optval, optlen)







>
>

>












>







22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#endif
#ifndef SHUT_WR
#define SHUT_WR   SD_SEND
#endif

int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);

int posix_open(const char *path, ...);

int posix_close(int fd);

ssize_t posix_read(int fd, void *buf, size_t count);

ssize_t posix_write(int fd, const void *buf, size_t count);

int posix_getsockopt(int sockfd, int level, int optname,
	void *optval, socklen_t *optlen);

int posix_setsockopt(int sockfd, int level, int optname,
	const void *optval, socklen_t optlen);

#ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
#define open(path, ...) posix_open(path, __VA_ARGS__)
#define close(fd) posix_close(fd)
#define read(fd, buf, count) posix_read(fd, buf, count)
#define write(fd, buf, count) posix_write(fd, buf, count)
#define getsockopt(sockfd, level, optname, optval, optlen) \
	posix_getsockopt(sockfd, level, optname, optval, optlen)
#define setsockopt(sockfd, level, optname, optval, optlen) \
	posix_setsockopt(sockfd, level, optname, optval, optlen)
Changes to jni/libressl/include/openssl/Makefile.am.
11
12
13
14
15
16
17
18
19
20
21
22

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
opensslinclude_HEADERS += blowfish.h
opensslinclude_HEADERS += bn.h
opensslinclude_HEADERS += buffer.h
opensslinclude_HEADERS += camellia.h
opensslinclude_HEADERS += cast.h
opensslinclude_HEADERS += chacha.h
opensslinclude_HEADERS += cmac.h
opensslinclude_HEADERS += cms.h
opensslinclude_HEADERS += comp.h
opensslinclude_HEADERS += conf.h
opensslinclude_HEADERS += conf_api.h
opensslinclude_HEADERS += crypto.h

opensslinclude_HEADERS += des.h
opensslinclude_HEADERS += dh.h
opensslinclude_HEADERS += dsa.h
opensslinclude_HEADERS += dso.h
opensslinclude_HEADERS += dtls1.h
opensslinclude_HEADERS += ec.h
opensslinclude_HEADERS += ecdh.h
opensslinclude_HEADERS += ecdsa.h
opensslinclude_HEADERS += engine.h
opensslinclude_HEADERS += err.h
opensslinclude_HEADERS += evp.h
opensslinclude_HEADERS += gost.h
opensslinclude_HEADERS += hmac.h
opensslinclude_HEADERS += idea.h
opensslinclude_HEADERS += krb5_asn.h
opensslinclude_HEADERS += lhash.h
opensslinclude_HEADERS += md4.h
opensslinclude_HEADERS += md5.h
opensslinclude_HEADERS += modes.h
opensslinclude_HEADERS += obj_mac.h
opensslinclude_HEADERS += objects.h
opensslinclude_HEADERS += ocsp.h







<




>














<







11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

37
38
39
40
41
42
43
opensslinclude_HEADERS += blowfish.h
opensslinclude_HEADERS += bn.h
opensslinclude_HEADERS += buffer.h
opensslinclude_HEADERS += camellia.h
opensslinclude_HEADERS += cast.h
opensslinclude_HEADERS += chacha.h
opensslinclude_HEADERS += cmac.h

opensslinclude_HEADERS += comp.h
opensslinclude_HEADERS += conf.h
opensslinclude_HEADERS += conf_api.h
opensslinclude_HEADERS += crypto.h
opensslinclude_HEADERS += curve25519.h
opensslinclude_HEADERS += des.h
opensslinclude_HEADERS += dh.h
opensslinclude_HEADERS += dsa.h
opensslinclude_HEADERS += dso.h
opensslinclude_HEADERS += dtls1.h
opensslinclude_HEADERS += ec.h
opensslinclude_HEADERS += ecdh.h
opensslinclude_HEADERS += ecdsa.h
opensslinclude_HEADERS += engine.h
opensslinclude_HEADERS += err.h
opensslinclude_HEADERS += evp.h
opensslinclude_HEADERS += gost.h
opensslinclude_HEADERS += hmac.h
opensslinclude_HEADERS += idea.h

opensslinclude_HEADERS += lhash.h
opensslinclude_HEADERS += md4.h
opensslinclude_HEADERS += md5.h
opensslinclude_HEADERS += modes.h
opensslinclude_HEADERS += obj_mac.h
opensslinclude_HEADERS += objects.h
opensslinclude_HEADERS += ocsp.h
Changes to jni/libressl/include/openssl/Makefile.in.
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
199
200
201
202
203
204
205

206
207
208
209
210
211
212
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
294
295
296
297
298
299
300
301


302
303
304
305
306
307
308
309
310
311
312
313
314
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL


opensslincludedir = $(includedir)/openssl
opensslinclude_HEADERS = aes.h asn1.h asn1_mac.h asn1t.h bio.h \
	blowfish.h bn.h buffer.h camellia.h cast.h chacha.h cmac.h \
	cms.h comp.h conf.h conf_api.h crypto.h des.h dh.h dsa.h dso.h \
	dtls1.h ec.h ecdh.h ecdsa.h engine.h err.h evp.h gost.h hmac.h \
	idea.h krb5_asn.h lhash.h md4.h md5.h modes.h obj_mac.h \
	objects.h ocsp.h opensslconf.h opensslfeatures.h opensslv.h \
	ossl_typ.h pem.h pem2.h pkcs12.h pkcs7.h poly1305.h rand.h \
	rc2.h rc4.h ripemd.h rsa.h safestack.h sha.h srtp.h ssl.h \
	ssl2.h ssl23.h ssl3.h stack.h tls1.h ts.h txt_db.h ui.h \
	ui_compat.h whrlpool.h x509.h x509_vfy.h x509v3.h
all: all-am








|
>
>



|
|
|







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
opensslincludedir = $(includedir)/openssl
opensslinclude_HEADERS = aes.h asn1.h asn1_mac.h asn1t.h bio.h \
	blowfish.h bn.h buffer.h camellia.h cast.h chacha.h cmac.h \
	comp.h conf.h conf_api.h crypto.h curve25519.h des.h dh.h \
	dsa.h dso.h dtls1.h ec.h ecdh.h ecdsa.h engine.h err.h evp.h \
	gost.h hmac.h idea.h lhash.h md4.h md5.h modes.h obj_mac.h \
	objects.h ocsp.h opensslconf.h opensslfeatures.h opensslv.h \
	ossl_typ.h pem.h pem2.h pkcs12.h pkcs7.h poly1305.h rand.h \
	rc2.h rc4.h ripemd.h rsa.h safestack.h sha.h srtp.h ssl.h \
	ssl2.h ssl23.h ssl3.h stack.h tls1.h ts.h txt_db.h ui.h \
	ui_compat.h whrlpool.h x509.h x509_vfy.h x509v3.h
all: all-am

Changes to jni/libressl/include/openssl/aes.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: aes.h,v 1.13 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: aes.h,v 1.14 2014/07/09 09:10:07 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/include/openssl/asn1.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1.h,v 1.33 2015/10/08 02:42:58 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1.h,v 1.42 2016/12/30 16:29:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
282
283
284
285
286
287
288


289
290
291
292
293
294
295
/* Declarations for template structures: for full definitions
 * see asn1t.h
 */
typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
typedef struct ASN1_TLC_st ASN1_TLC;
/* This is just an opaque pointer */
typedef struct ASN1_VALUE_st ASN1_VALUE;



/* Declare ASN1 functions: the implement macro in in asn1t.h */

#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)

#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)







>
>







282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
/* Declarations for template structures: for full definitions
 * see asn1t.h
 */
typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
typedef struct ASN1_TLC_st ASN1_TLC;
/* This is just an opaque pointer */
typedef struct ASN1_VALUE_st ASN1_VALUE;

#ifndef LIBRESSL_INTERNAL

/* Declare ASN1 functions: the implement macro in in asn1t.h */

#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)

#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
325
326
327
328
329
330
331


332
333
334
335
336
337
338

#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
	DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)

#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
	int fname##_print_ctx(BIO *out, stname *x, int indent, \
					 const ASN1_PCTX *pctx);



#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
#define I2D_OF(type) int (*)(type *,unsigned char **)
#define I2D_OF_const(type) int (*)(const type *,unsigned char **)

#define CHECKED_D2I_OF(type, d2i) \
    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))







>
>







327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342

#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
	DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)

#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
	int fname##_print_ctx(BIO *out, stname *x, int indent, \
					 const ASN1_PCTX *pctx);

#endif /* !LIBRESSL_INTERNAL */

#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
#define I2D_OF(type) int (*)(type *,unsigned char **)
#define I2D_OF_const(type) int (*)(const type *,unsigned char **)

#define CHECKED_D2I_OF(type, d2i) \
    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
382
383
384
385
386
387
388
389
390
391


392
393
394
395
396
397
398
399
400
401
402
403

404
405
406
407
408
409
410
 *
 * Finally an ASN1_ITEM pointer can be extracted from an
 * appropriate reference with: ASN1_ITEM_rptr(X509). This
 * would be used when a function takes an ASN1_ITEM * argument.
 *
 */


/* ASN1_ITEM pointer exported type */
typedef const ASN1_ITEM ASN1_ITEM_EXP;



/* Macro to obtain ASN1_ITEM pointer from exported type */
#define ASN1_ITEM_ptr(iptr) (iptr)

/* Macro to include ASN1_ITEM pointer from base type */
#define ASN1_ITEM_ref(iptr) (&(iptr##_it))

#define ASN1_ITEM_rptr(ref) (&(ref##_it))

#define DECLARE_ASN1_ITEM(name) \
	extern const ASN1_ITEM name##_it;



/* Parameters used by ASN1_STRING_print_ex() */

/* These determine which characters to escape:
 * RFC2253 special characters, control characters and
 * MSB set characters
 */







<


>
>












>







386
387
388
389
390
391
392

393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
 *
 * Finally an ASN1_ITEM pointer can be extracted from an
 * appropriate reference with: ASN1_ITEM_rptr(X509). This
 * would be used when a function takes an ASN1_ITEM * argument.
 *
 */


/* ASN1_ITEM pointer exported type */
typedef const ASN1_ITEM ASN1_ITEM_EXP;

#ifndef LIBRESSL_INTERNAL

/* Macro to obtain ASN1_ITEM pointer from exported type */
#define ASN1_ITEM_ptr(iptr) (iptr)

/* Macro to include ASN1_ITEM pointer from base type */
#define ASN1_ITEM_ref(iptr) (&(iptr##_it))

#define ASN1_ITEM_rptr(ref) (&(ref##_it))

#define DECLARE_ASN1_ITEM(name) \
	extern const ASN1_ITEM name##_it;

#endif /* !LIBRESSL_INTERNAL */

/* Parameters used by ASN1_STRING_print_ex() */

/* These determine which characters to escape:
 * RFC2253 special characters, control characters and
 * MSB set characters
 */
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
				ASN1_STRFLGS_ESC_CTRL | \
				ASN1_STRFLGS_ESC_MSB | \
				ASN1_STRFLGS_UTF8_CONVERT | \
				ASN1_STRFLGS_DUMP_UNKNOWN | \
				ASN1_STRFLGS_DUMP_DER)

DECLARE_STACK_OF(ASN1_INTEGER)
DECLARE_ASN1_SET_OF(ASN1_INTEGER)

DECLARE_STACK_OF(ASN1_GENERALSTRING)

typedef struct asn1_type_st {
	int type;
	union {
		char *ptr;







<







484
485
486
487
488
489
490

491
492
493
494
495
496
497
				ASN1_STRFLGS_ESC_CTRL | \
				ASN1_STRFLGS_ESC_MSB | \
				ASN1_STRFLGS_UTF8_CONVERT | \
				ASN1_STRFLGS_DUMP_UNKNOWN | \
				ASN1_STRFLGS_DUMP_DER)

DECLARE_STACK_OF(ASN1_INTEGER)


DECLARE_STACK_OF(ASN1_GENERALSTRING)

typedef struct asn1_type_st {
	int type;
	union {
		char *ptr;
512
513
514
515
516
517
518
519
520
521
522

523
524



525
526
527
528
529
530
531
		ASN1_STRING *		set;
		ASN1_STRING *		sequence;
		ASN1_VALUE *		asn1_value;
	} value;
} ASN1_TYPE;

DECLARE_STACK_OF(ASN1_TYPE)
DECLARE_ASN1_SET_OF(ASN1_TYPE)

typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;


DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)




typedef struct NETSCAPE_X509_st {
	ASN1_OCTET_STRING *header;
	X509 *cert;
} NETSCAPE_X509;

/* This is used to contain a list of bit names */







<



>
|
|
>
>
>







517
518
519
520
521
522
523

524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
		ASN1_STRING *		set;
		ASN1_STRING *		sequence;
		ASN1_VALUE *		asn1_value;
	} value;
} ASN1_TYPE;

DECLARE_STACK_OF(ASN1_TYPE)


typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;

ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len);
int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out);
extern const ASN1_ITEM ASN1_SEQUENCE_ANY_it;
ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len);
int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out);
extern const ASN1_ITEM ASN1_SET_ANY_it;

typedef struct NETSCAPE_X509_st {
	ASN1_OCTET_STRING *header;
	X509 *cert;
} NETSCAPE_X509;

/* This is used to contain a list of bit names */
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
#define M_i2d_ASN1_UTF8STRING(a,pp) \
		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
			V_ASN1_UNIVERSAL)
#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)

#endif

#define B_ASN1_TIME \
			B_ASN1_UTCTIME | \
			B_ASN1_GENERALIZEDTIME

#define B_ASN1_PRINTABLE \
			B_ASN1_NUMERICSTRING| \







|







709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
#define M_i2d_ASN1_UTF8STRING(a,pp) \
		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
			V_ASN1_UNIVERSAL)
#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)

#endif /* !LIBRESSL_INTERNAL */

#define B_ASN1_TIME \
			B_ASN1_UTCTIME | \
			B_ASN1_GENERALIZEDTIME

#define B_ASN1_PRINTABLE \
			B_ASN1_NUMERICSTRING| \
736
737
738
739
740
741
742

743



744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777

778



779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798

799



800
801
802
803
804
805
806
807

808



809
810
811
812
813
814

815
816
817

818
819
820
821
822
823
824




825
826
827
828
829
830
831




832




833

834




835



836




837





838







839
840
841




842
843




844








845

846







847

848



849
850
851
852
853
854
855
856
857
			B_ASN1_BMPSTRING|\
			B_ASN1_UTF8STRING

/* for the is_set parameter to i2d_ASN1_SET */
#define IS_SEQUENCE	0
#define IS_SET		1


DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)




int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);

ASN1_OBJECT *ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
    long length);
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
    long length);

DECLARE_ASN1_ITEM(ASN1_OBJECT)

DECLARE_STACK_OF(ASN1_OBJECT)
DECLARE_ASN1_SET_OF(ASN1_OBJECT)

ASN1_STRING *ASN1_STRING_new(void);
void ASN1_STRING_free(ASN1_STRING *a);
int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
ASN1_STRING *ASN1_STRING_type_new(int type );
int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
  /* Since this is used to store all sorts of things, via macros, for now, make
     its data void * */
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(const ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
int ASN1_STRING_type(ASN1_STRING *x);
unsigned char * ASN1_STRING_data(ASN1_STRING *x);


DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)



int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
    const unsigned char **pp, long length);
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length );
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
    unsigned char *flags, int flags_len);

#ifndef OPENSSL_NO_BIO
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
    BIT_STRING_BITNAME *tbl, int indent);
#endif
int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
    BIT_STRING_BITNAME *tbl);

int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);


DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)



int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    long length);
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    long length);
ASN1_INTEGER *	ASN1_INTEGER_dup(const ASN1_INTEGER *x);
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);


DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)




int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
    int offset_day, long offset_sec);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);

#ifndef LIBRESSL_INTERNAL
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
#endif

int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
    time_t t);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
    time_t t, int offset_day, long offset_sec);
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);





DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
    const ASN1_OCTET_STRING *b);
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
    int len);





DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)




DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)

DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)




DECLARE_ASN1_FUNCTIONS(ASN1_NULL)



DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)










DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)








DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)




DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)




DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)








DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)

DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)







DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)

DECLARE_ASN1_FUNCTIONS(ASN1_TIME)




DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
    long offset_sec);
int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
    ASN1_GENERALIZEDTIME **out);







>
|
>
>
>














|


<
















>
|
>
>
>




















>
|
>
>
>








>
|
>
>
>






>


|
>







>
>
>
>
|






>
>
>
>
|
>
>
>
>
|
>
|
>
>
>
>
|
>
>
>
|
>
>
>
>

>
>
>
>
>
|
>
>
>
>
>
>
>
|
|
|
>
>
>
>
|
|
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
|
>
|
>
>
>

|







744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772

773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
			B_ASN1_BMPSTRING|\
			B_ASN1_UTF8STRING

/* for the is_set parameter to i2d_ASN1_SET */
#define IS_SEQUENCE	0
#define IS_SET		1

ASN1_TYPE *ASN1_TYPE_new(void);
void ASN1_TYPE_free(ASN1_TYPE *a);
ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len);
int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out);
extern const ASN1_ITEM ASN1_ANY_it;

int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);

ASN1_OBJECT *ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
    long length);
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
    long length);

extern const ASN1_ITEM ASN1_OBJECT_it;

DECLARE_STACK_OF(ASN1_OBJECT)


ASN1_STRING *ASN1_STRING_new(void);
void ASN1_STRING_free(ASN1_STRING *a);
int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
ASN1_STRING *ASN1_STRING_type_new(int type );
int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
  /* Since this is used to store all sorts of things, via macros, for now, make
     its data void * */
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(const ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
int ASN1_STRING_type(ASN1_STRING *x);
unsigned char * ASN1_STRING_data(ASN1_STRING *x);

ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len);
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_BIT_STRING_it;
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
    const unsigned char **pp, long length);
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length );
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
    unsigned char *flags, int flags_len);

#ifndef OPENSSL_NO_BIO
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
    BIT_STRING_BITNAME *tbl, int indent);
#endif
int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
    BIT_STRING_BITNAME *tbl);

int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);

ASN1_INTEGER *ASN1_INTEGER_new(void);
void ASN1_INTEGER_free(ASN1_INTEGER *a);
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len);
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out);
extern const ASN1_ITEM ASN1_INTEGER_it;
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    long length);
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    long length);
ASN1_INTEGER *	ASN1_INTEGER_dup(const ASN1_INTEGER *x);
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);

ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len);
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out);
extern const ASN1_ITEM ASN1_ENUMERATED_it;

int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
    int offset_day, long offset_sec);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);

#ifndef LIBRESSL_INTERNAL
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
#endif /* !LIBRESSL_INTERNAL */

int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
    time_t t);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
    time_t t, int offset_day, long offset_sec);
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);

ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void);
void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len);
int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_OCTET_STRING_it;
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
    const ASN1_OCTET_STRING *b);
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
    int len);

ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void);
void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in, long len);
int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_VISIBLESTRING_it;
ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void);
void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a);
ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in, long len);
int i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_UNIVERSALSTRING_it;
ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
void ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len);
int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_UTF8STRING_it;
ASN1_NULL *ASN1_NULL_new(void);
void ASN1_NULL_free(ASN1_NULL *a);
ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len);
int i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out);
extern const ASN1_ITEM ASN1_NULL_it;
ASN1_BMPSTRING *ASN1_BMPSTRING_new(void);
void ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len);
int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_BMPSTRING_it;

ASN1_STRING *ASN1_PRINTABLE_new(void);
void ASN1_PRINTABLE_free(ASN1_STRING *a);
ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len);
int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_PRINTABLE_it;

ASN1_STRING *DIRECTORYSTRING_new(void);
void DIRECTORYSTRING_free(ASN1_STRING *a);
ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len);
int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out);
extern const ASN1_ITEM DIRECTORYSTRING_it;
ASN1_STRING *DISPLAYTEXT_new(void);
void DISPLAYTEXT_free(ASN1_STRING *a);
ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len);
int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out);
extern const ASN1_ITEM DISPLAYTEXT_it;
ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void);
void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in, long len);
int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_PRINTABLESTRING_it;
ASN1_T61STRING *ASN1_T61STRING_new(void);
void ASN1_T61STRING_free(ASN1_T61STRING *a);
ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len);
int i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_T61STRING_it;
ASN1_IA5STRING *ASN1_IA5STRING_new(void);
void ASN1_IA5STRING_free(ASN1_IA5STRING *a);
ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len);
int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_IA5STRING_it;
ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void);
void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a);
ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in, long len);
int i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out);
extern const ASN1_ITEM ASN1_GENERALSTRING_it;
ASN1_UTCTIME *ASN1_UTCTIME_new(void);
void ASN1_UTCTIME_free(ASN1_UTCTIME *a);
ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len);
int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out);
extern const ASN1_ITEM ASN1_UTCTIME_it;
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void);
void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in, long len);
int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out);
extern const ASN1_ITEM ASN1_GENERALIZEDTIME_it;
ASN1_TIME *ASN1_TIME_new(void);
void ASN1_TIME_free(ASN1_TIME *a);
ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len);
int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out);
extern const ASN1_ITEM ASN1_TIME_it;

extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it;

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
    long offset_sec);
int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
    ASN1_GENERALIZEDTIME **out);
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947

/* ASN1 alloc/free macros for when a type is only used internally */

#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
#define M_ASN1_free_of(x, type) \
		ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))

#endif

void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);

#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
			CHECKED_D2I_OF(type, d2i), \
			in, \







|







1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036

/* ASN1 alloc/free macros for when a type is only used internally */

#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
#define M_ASN1_free_of(x, type) \
		ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))

#endif /* !LIBRESSL_INTERNAL */

void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);

#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
			CHECKED_D2I_OF(type, d2i), \
			in, \
998
999
1000
1001
1002
1003
1004

1005



1006
1007
1008
1009
1010
1011
1012
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump);
#endif
const char *ASN1_tag2str(int tag);

/* Used to load and write netscape format cert */


DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)




int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);

int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
    int len);







>
|
>
>
>







1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump);
#endif
const char *ASN1_tag2str(int tag);

/* Used to load and write netscape format cert */

NETSCAPE_X509 *NETSCAPE_X509_new(void);
void NETSCAPE_X509_free(NETSCAPE_X509 *a);
NETSCAPE_X509 *d2i_NETSCAPE_X509(NETSCAPE_X509 **a, const unsigned char **in, long len);
int i2d_NETSCAPE_X509(NETSCAPE_X509 *a, unsigned char **out);
extern const ASN1_ITEM NETSCAPE_X509_it;

int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);

int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
    int len);
1353
1354
1355
1356
1357
1358
1359



1360
1361
1362
1363
#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
#define ASN1_R_UNSUPPORTED_TYPE				 196
#define ASN1_R_WRONG_PUBLIC_KEY_TYPE			 200
#define ASN1_R_WRONG_TAG				 168
#define ASN1_R_WRONG_TYPE				 169




#ifdef  __cplusplus
}
#endif
#endif







>
>
>




1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
#define ASN1_R_UNSUPPORTED_TYPE				 196
#define ASN1_R_WRONG_PUBLIC_KEY_TYPE			 200
#define ASN1_R_WRONG_TAG				 168
#define ASN1_R_WRONG_TYPE				 169


int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode);
int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2);
#ifdef  __cplusplus
}
#endif
#endif
Changes to jni/libressl/include/openssl/asn1_mac.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_mac.h,v 1.13 2014/06/12 15:49:27 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1_mac.h,v 1.14 2014/06/27 04:41:09 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/asn1t.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1t.h,v 1.12 2015/02/14 19:41:39 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1t.h,v 1.14 2016/12/27 15:12:51 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)

#endif /* !LIBRESSL_INTERNAL */

/* external definitions for primitive types */

DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
DECLARE_ASN1_ITEM(CBIGNUM)
DECLARE_ASN1_ITEM(BIGNUM)
DECLARE_ASN1_ITEM(LONG)
DECLARE_ASN1_ITEM(ZLONG)

DECLARE_STACK_OF(ASN1_VALUE)

/* Functions used internally by the ASN1 code */

int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);







|
|
|
|
|
|
|
|







827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)

#endif /* !LIBRESSL_INTERNAL */

/* external definitions for primitive types */

extern const ASN1_ITEM ASN1_BOOLEAN_it;
extern const ASN1_ITEM ASN1_TBOOLEAN_it;
extern const ASN1_ITEM ASN1_FBOOLEAN_it;
extern const ASN1_ITEM ASN1_SEQUENCE_it;
extern const ASN1_ITEM CBIGNUM_it;
extern const ASN1_ITEM BIGNUM_it;
extern const ASN1_ITEM LONG_it;
extern const ASN1_ITEM ZLONG_it;

DECLARE_STACK_OF(ASN1_VALUE)

/* Functions used internally by the ASN1 code */

int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
Changes to jni/libressl/include/openssl/bio.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio.h,v 1.28 2015/02/09 10:55:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio.h,v 1.29 2015/06/20 01:17:27 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
674
675
676
677
678
679
680
















681
682
683
684
685
686
687
688
689
690
691
692
693
694


695
696
697
698
699
700
701
 * Size 0 uses default value.
 */

void BIO_copy_next_retry(BIO *b);

/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/

















int
BIO_printf(BIO *bio, const char *format, ...)
	__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
int
BIO_vprintf(BIO *bio, const char *format, va_list args)
	__attribute__((__format__(__printf__, 2, 0), __nonnull__(2)));
int
BIO_snprintf(char *buf, size_t n, const char *format, ...)
	__attribute__((__deprecated__, __format__(__printf__, 3, 4),
	    __nonnull__(3)));
int
BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
	__attribute__((__deprecated__, __format__(__printf__, 3, 0),
	    __nonnull__(3)));



/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_BIO_strings(void);








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>














>
>







674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
 * Size 0 uses default value.
 */

void BIO_copy_next_retry(BIO *b);

/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/

#ifdef __MINGW_PRINTF_FORMAT
int
BIO_printf(BIO *bio, const char *format, ...)
	__attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2)));
int
BIO_vprintf(BIO *bio, const char *format, va_list args)
	__attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 0), __nonnull__(2)));
int
BIO_snprintf(char *buf, size_t n, const char *format, ...)
	__attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 4),
	    __nonnull__(3)));
int
BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
	__attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0),
	    __nonnull__(3)));
#else
int
BIO_printf(BIO *bio, const char *format, ...)
	__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
int
BIO_vprintf(BIO *bio, const char *format, va_list args)
	__attribute__((__format__(__printf__, 2, 0), __nonnull__(2)));
int
BIO_snprintf(char *buf, size_t n, const char *format, ...)
	__attribute__((__deprecated__, __format__(__printf__, 3, 4),
	    __nonnull__(3)));
int
BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
	__attribute__((__deprecated__, __format__(__printf__, 3, 0),
	    __nonnull__(3)));
#endif


/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_BIO_strings(void);

Changes to jni/libressl/include/openssl/blowfish.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: blowfish.h,v 1.13 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: blowfish.h,v 1.14 2014/07/10 09:01:04 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/bn.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: bn.h,v 1.30 2016/03/04 16:06:38 doug Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bn.h,v 1.36 2017/01/25 06:15:44 beck Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
383
384
385
386
387
388
389

390
391
392

393
394
395
396
397
398
399
void	BN_set_negative(BIGNUM *b, int n);
/** BN_is_negative returns 1 if the BIGNUM is negative
 * \param  a  pointer to the BIGNUM object
 * \return 1 if a < 0 and 0 otherwise
 */
#define BN_is_negative(a) ((a)->neg != 0)


int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
    BN_CTX *ctx);
#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))

int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
    const BIGNUM *m, BN_CTX *ctx);







>



>







383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
void	BN_set_negative(BIGNUM *b, int n);
/** BN_is_negative returns 1 if the BIGNUM is negative
 * \param  a  pointer to the BIGNUM object
 * \return 1 if a < 0 and 0 otherwise
 */
#define BN_is_negative(a) ((a)->neg != 0)

#ifndef LIBRESSL_INTERNAL
int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
    BN_CTX *ctx);
#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
#endif
int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
    const BIGNUM *m, BN_CTX *ctx);
414
415
416
417
418
419
420

421
422
423
424

425
426
427
428
429
430
431
int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
void	BN_free(BIGNUM *a);
int	BN_is_bit_set(const BIGNUM *a, int n);
int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);


int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
    const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *m_ctx);







>




>







416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
void	BN_free(BIGNUM *a);
int	BN_is_bit_set(const BIGNUM *a, int n);
int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

#ifndef LIBRESSL_INTERNAL
int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#endif
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
    const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
444
445
446
447
448
449
450

451

452

453
454

455
456
457
458
459
460
461
int	BN_set_bit(BIGNUM *a, int n);
int	BN_clear_bit(BIGNUM *a, int n);
char *	BN_bn2hex(const BIGNUM *a);
char *	BN_bn2dec(const BIGNUM *a);
int 	BN_hex2bn(BIGNUM **a, const char *str);
int 	BN_dec2bn(BIGNUM **a, const char *str);
int	BN_asc2bn(BIGNUM **a, const char *str);

int	BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);

int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */

BIGNUM *BN_mod_inverse(BIGNUM *ret,
    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);

BIGNUM *BN_mod_sqrt(BIGNUM *ret,
    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);

void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);

/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED







>

>

>


>







448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
int	BN_set_bit(BIGNUM *a, int n);
int	BN_clear_bit(BIGNUM *a, int n);
char *	BN_bn2hex(const BIGNUM *a);
char *	BN_bn2dec(const BIGNUM *a);
int 	BN_hex2bn(BIGNUM **a, const char *str);
int 	BN_dec2bn(BIGNUM **a, const char *str);
int	BN_asc2bn(BIGNUM **a, const char *str);
#ifndef LIBRESSL_INTERNAL
int	BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
#endif
int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
#ifndef LIBRESSL_INTERNAL
BIGNUM *BN_mod_inverse(BIGNUM *ret,
    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
#endif
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);

void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);

/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752

const BIGNUM *BN_get0_nist_prime_192(void);
const BIGNUM *BN_get0_nist_prime_224(void);
const BIGNUM *BN_get0_nist_prime_256(void);
const BIGNUM *BN_get0_nist_prime_384(void);
const BIGNUM *BN_get0_nist_prime_521(void);

/* library internal functions */

#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
BIGNUM *bn_expand(BIGNUM *a, int bits);

#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
#endif

/* Bignum consistency macros
 * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
 * bignum data after direct manipulations on the data. There is also an
 * "internal" macro, bn_check_top(), for verifying that there are no leading
 * zeroes. Unfortunately, some auditing is required due to the fact that
 * bn_fix_top() has become an overabused duct-tape because bignum data is
 * occasionally passed around in an inconsistent state. So the following
 * changes have been made to sort this out;
 * - bn_fix_top()s implementation has been moved to bn_correct_top()
 * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
 *   bn_check_top() is as before.
 * - if BN_DEBUG *is* defined;
 *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
 *     consistent. (ed: only if BN_DEBUG_RAND is defined)
 *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
 * The idea is to have debug builds flag up inconsistent bignums when they
 * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
 * the use of bn_fix_top() was appropriate (ie. it follows directly after code
 * that manipulates the bignum) it is converted to bn_correct_top(), and if it
 * was not appropriate, we convert it permanently to bn_check_top() and track
 * down the cause of the bug. Eventually, no internal code should be using the
 * bn_fix_top() macro. External applications and libraries should try this with
 * their own code too, both in terms of building against the openssl headers
 * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
 * defined. This not only improves external code, it provides more test
 * coverage for openssl's own code.
 */

#ifdef BN_DEBUG

/* We only need assert() when debugging */
#include <assert.h>

#ifdef BN_DEBUG_RAND
#define bn_pollute(a) \
	do { \
		const BIGNUM *_bnum1 = (a); \
		if(_bnum1->top < _bnum1->dmax) { \
			unsigned char _tmp_char; \
			/* We cast away const without the compiler knowing, any \
			 * *genuinely* constant variables that aren't mutable \
			 * wouldn't be constructed with top!=dmax. */ \
			BN_ULONG *_not_const; \
			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
			arc4random_buf(&_tmp_char, 1); \
			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
		} \
	} while(0)
#else
#define bn_pollute(a)
#endif

#define bn_check_top(a) \
	do { \
		const BIGNUM *_bnum2 = (a); \
		if (_bnum2 != NULL) { \
			assert((_bnum2->top == 0) || \
				(_bnum2->d[_bnum2->top - 1] != 0)); \
			bn_pollute(_bnum2); \
		} \
	} while(0)

#define bn_fix_top(a)		bn_check_top(a)

#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
#define bn_wcheck_size(bn, words) \
	do { \
		const BIGNUM *_bnum2 = (bn); \
		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
	} while(0)

#else /* !BN_DEBUG */

#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a)		bn_correct_top(a)
#define bn_check_size(bn, bits)
#define bn_wcheck_size(bn, words)

#endif

#define bn_correct_top(a) \
        { \
        BN_ULONG *ftl; \
	int tmp_top = (a)->top; \
	if (tmp_top > 0) \
		{ \
		for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
			if (*(ftl--)) break; \
		(a)->top = tmp_top; \
		} \
	bn_pollute(a); \
	}

			BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);

/* Primes from RFC 2409 */
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);

/* Primes from RFC 3526 */
BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);

int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);

/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_BN_strings(void);

/* Error codes for the BN functions. */







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












<
<







621
622
623
624
625
626
627
















































































































628
629
630
631
632
633
634
635
636
637
638
639


640
641
642
643
644
645
646

const BIGNUM *BN_get0_nist_prime_192(void);
const BIGNUM *BN_get0_nist_prime_224(void);
const BIGNUM *BN_get0_nist_prime_256(void);
const BIGNUM *BN_get0_nist_prime_384(void);
const BIGNUM *BN_get0_nist_prime_521(void);

















































































































/* Primes from RFC 2409 */
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);

/* Primes from RFC 3526 */
BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);



/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_BN_strings(void);

/* Error codes for the BN functions. */
Changes to jni/libressl/include/openssl/buffer.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: buffer.h,v 1.14 2014/10/16 03:19:02 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: buffer.h,v 1.15 2015/06/24 10:05:14 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/camellia.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: camellia.h,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: camellia.h,v 1.5 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/include/openssl/cast.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: cast.h,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cast.h,v 1.12 2014/07/10 22:45:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/chacha.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: chacha.h,v 1.6 2014/07/25 14:04:51 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: chacha.h,v 1.7 2015/12/09 14:07:55 bcook Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/include/openssl/cmac.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: cmac.h,v 1.2 2014/06/12 15:49:28 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: cmac.h,v 1.3 2014/06/21 13:42:14 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Deleted jni/libressl/include/openssl/cms.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
/* $OpenBSD: cms.h,v 1.6 2015/02/11 03:55:42 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */

#ifndef HEADER_CMS_H
#define HEADER_CMS_H

#include <openssl/opensslconf.h>

#include <openssl/x509.h>

#ifdef OPENSSL_NO_CMS
#error CMS is disabled.
#endif

#ifdef __cplusplus
extern "C" {
#endif

typedef struct CMS_ContentInfo_st CMS_ContentInfo;
typedef struct CMS_SignerInfo_st CMS_SignerInfo;
typedef struct CMS_CertificateChoices CMS_CertificateChoices;
typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
typedef struct CMS_Receipt_st CMS_Receipt;

DECLARE_STACK_OF(CMS_SignerInfo)
DECLARE_STACK_OF(GENERAL_NAMES)
DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)

#define CMS_SIGNERINFO_ISSUER_SERIAL	0
#define CMS_SIGNERINFO_KEYIDENTIFIER	1

#define CMS_RECIPINFO_TRANS		0
#define CMS_RECIPINFO_AGREE		1
#define CMS_RECIPINFO_KEK		2
#define CMS_RECIPINFO_PASS		3
#define CMS_RECIPINFO_OTHER		4

/* S/MIME related flags */

#define CMS_TEXT			0x1
#define CMS_NOCERTS			0x2
#define CMS_NO_CONTENT_VERIFY		0x4
#define CMS_NO_ATTR_VERIFY		0x8
#define CMS_NOSIGS			\
			(CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
#define CMS_NOINTERN			0x10
#define CMS_NO_SIGNER_CERT_VERIFY	0x20
#define CMS_NOVERIFY			0x20
#define CMS_DETACHED			0x40
#define CMS_BINARY			0x80
#define CMS_NOATTR			0x100
#define	CMS_NOSMIMECAP			0x200
#define CMS_NOOLDMIMETYPE		0x400
#define CMS_CRLFEOL			0x800
#define CMS_STREAM			0x1000
#define CMS_NOCRL			0x2000
#define CMS_PARTIAL			0x4000
#define CMS_REUSE_DIGEST		0x8000
#define CMS_USE_KEYID			0x10000
#define CMS_DEBUG_DECRYPT		0x20000

const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);

BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);

ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
int CMS_is_detached(CMS_ContentInfo *cms);
int CMS_set_detached(CMS_ContentInfo *cms, int detached);

#ifdef HEADER_PEM_H
DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
#endif

int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);

BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
    int flags);
CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);

int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);

CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
    STACK_OF(X509) *certs, BIO *data, unsigned int flags);

CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
    EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);

int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);

int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
    unsigned int flags);
CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
    unsigned int flags);

int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
    size_t keylen, BIO *dcont, BIO *out, unsigned int flags);

CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
    const unsigned char *key, size_t keylen, unsigned int flags);

int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
    const unsigned char *key, size_t keylen);

int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
    X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);

int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
    STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);

STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);

CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
    const EVP_CIPHER *cipher, unsigned int flags);

int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont,
    BIO *out, unsigned int flags);

int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key,
    size_t keylen, unsigned char *id, size_t idlen);
int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
    ssize_t passlen);

STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
    unsigned int flags);
int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
    X509 **recip, X509_ALGOR **palg);
int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);

CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
    unsigned char *key, size_t keylen, unsigned char *id, size_t idlen,
    ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId,
    ASN1_TYPE *otherType);

int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
    ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
    ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);

int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
    size_t keylen);

int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
    const unsigned char *id, size_t idlen);

int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
    ssize_t passlen);

CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter,
    int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen,
    const EVP_CIPHER *kekciph);

int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);

int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
    unsigned int flags);
CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);

int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);

CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);

CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);

int CMS_SignedData_init(CMS_ContentInfo *cms);
CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer,
    EVP_PKEY *pk, const EVP_MD *md, unsigned int flags);
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);

void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
    unsigned int flags);
void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
    X509_ALGOR **pdig, X509_ALGOR **psig);
int CMS_SignerInfo_sign(CMS_SignerInfo *si);
int CMS_SignerInfo_verify(CMS_SignerInfo *si);
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);

int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid,
    int keysize);
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);

int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos);
int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
    int lastpos);
X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
    int type, const void *bytes, int len);
int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
    const void *bytes, int len);
int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
    int type, const void *bytes, int len);
void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
    int lastpos, int type);

int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
    int lastpos);
int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
    int lastpos);
X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
    int type, const void *bytes, int len);
int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
    const void *bytes, int len);
int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
    int type, const void *bytes, int len);
void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
    int lastpos, int type);

#ifdef HEADER_X509V3_H

int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
    int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
    STACK_OF(GENERAL_NAMES) *receiptsTo);
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
    int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
    STACK_OF(GENERAL_NAMES) **prto);

#endif

/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_CMS_strings(void);

/* Error codes for the CMS functions. */

/* Function codes. */
#define CMS_F_CHECK_CONTENT				 99
#define CMS_F_CMS_ADD0_CERT				 164
#define CMS_F_CMS_ADD0_RECIPIENT_KEY			 100
#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD		 165
#define CMS_F_CMS_ADD1_RECEIPTREQUEST			 158
#define CMS_F_CMS_ADD1_RECIPIENT_CERT			 101
#define CMS_F_CMS_ADD1_SIGNER				 102
#define CMS_F_CMS_ADD1_SIGNINGTIME			 103
#define CMS_F_CMS_COMPRESS				 104
#define CMS_F_CMS_COMPRESSEDDATA_CREATE			 105
#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO		 106
#define CMS_F_CMS_COPY_CONTENT				 107
#define CMS_F_CMS_COPY_MESSAGEDIGEST			 108
#define CMS_F_CMS_DATA					 109
#define CMS_F_CMS_DATAFINAL				 110
#define CMS_F_CMS_DATAINIT				 111
#define CMS_F_CMS_DECRYPT				 112
#define CMS_F_CMS_DECRYPT_SET1_KEY			 113
#define CMS_F_CMS_DECRYPT_SET1_PASSWORD			 166
#define CMS_F_CMS_DECRYPT_SET1_PKEY			 114
#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX		 115
#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO		 116
#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL			 117
#define CMS_F_CMS_DIGEST_VERIFY				 118
#define CMS_F_CMS_ENCODE_RECEIPT			 161
#define CMS_F_CMS_ENCRYPT				 119
#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO		 120
#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT			 121
#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT			 122
#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY		 123
#define CMS_F_CMS_ENVELOPEDDATA_CREATE			 124
#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO		 125
#define CMS_F_CMS_ENVELOPED_DATA_INIT			 126
#define CMS_F_CMS_FINAL					 127
#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES		 128
#define CMS_F_CMS_GET0_CONTENT				 129
#define CMS_F_CMS_GET0_ECONTENT_TYPE			 130
#define CMS_F_CMS_GET0_ENVELOPED			 131
#define CMS_F_CMS_GET0_REVOCATION_CHOICES		 132
#define CMS_F_CMS_GET0_SIGNED				 133
#define CMS_F_CMS_MSGSIGDIGEST_ADD1			 162
#define CMS_F_CMS_RECEIPTREQUEST_CREATE0		 159
#define CMS_F_CMS_RECEIPT_VERIFY			 160
#define CMS_F_CMS_RECIPIENTINFO_DECRYPT			 134
#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT		 135
#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT		 136
#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID		 137
#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP		 138
#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP		 139
#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT		 140
#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT		 141
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS		 142
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID	 143
#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT		 167
#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY		 144
#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD		 168
#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY		 145
#define CMS_F_CMS_SET1_SIGNERIDENTIFIER			 146
#define CMS_F_CMS_SET_DETACHED				 147
#define CMS_F_CMS_SIGN					 148
#define CMS_F_CMS_SIGNED_DATA_INIT			 149
#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN		 150
#define CMS_F_CMS_SIGNERINFO_SIGN			 151
#define CMS_F_CMS_SIGNERINFO_VERIFY			 152
#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT		 153
#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT		 154
#define CMS_F_CMS_SIGN_RECEIPT				 163
#define CMS_F_CMS_STREAM				 155
#define CMS_F_CMS_UNCOMPRESS				 156
#define CMS_F_CMS_VERIFY				 157

/* Reason codes. */
#define CMS_R_ADD_SIGNER_ERROR				 99
#define CMS_R_CERTIFICATE_ALREADY_PRESENT		 175
#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
#define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
#define CMS_R_CIPHER_INITIALISATION_ERROR		 101
#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102
#define CMS_R_CMS_DATAFINAL_ERROR			 103
#define CMS_R_CMS_LIB					 104
#define CMS_R_CONTENTIDENTIFIER_MISMATCH		 170
#define CMS_R_CONTENT_NOT_FOUND				 105
#define CMS_R_CONTENT_TYPE_MISMATCH			 171
#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA		 106
#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA		 107
#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA		 108
#define CMS_R_CONTENT_VERIFY_ERROR			 109
#define CMS_R_CTRL_ERROR				 110
#define CMS_R_CTRL_FAILURE				 111
#define CMS_R_DECRYPT_ERROR				 112
#define CMS_R_DIGEST_ERROR				 161
#define CMS_R_ERROR_GETTING_PUBLIC_KEY			 113
#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE	 114
#define CMS_R_ERROR_SETTING_KEY				 115
#define CMS_R_ERROR_SETTING_RECIPIENTINFO		 116
#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH		 117
#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER		 176
#define CMS_R_INVALID_KEY_LENGTH			 118
#define CMS_R_MD_BIO_INIT_ERROR				 119
#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH	 120
#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH		 121
#define CMS_R_MSGSIGDIGEST_ERROR			 172
#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE		 162
#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH			 163
#define CMS_R_NEED_ONE_SIGNER				 164
#define CMS_R_NOT_A_SIGNED_RECEIPT			 165
#define CMS_R_NOT_ENCRYPTED_DATA			 122
#define CMS_R_NOT_KEK					 123
#define CMS_R_NOT_KEY_TRANSPORT				 124
#define CMS_R_NOT_PWRI					 177
#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE		 125
#define CMS_R_NO_CIPHER					 126
#define CMS_R_NO_CONTENT				 127
#define CMS_R_NO_CONTENT_TYPE				 173
#define CMS_R_NO_DEFAULT_DIGEST				 128
#define CMS_R_NO_DIGEST_SET				 129
#define CMS_R_NO_KEY					 130
#define CMS_R_NO_KEY_OR_CERT				 174
#define CMS_R_NO_MATCHING_DIGEST			 131
#define CMS_R_NO_MATCHING_RECIPIENT			 132
#define CMS_R_NO_MATCHING_SIGNATURE			 166
#define CMS_R_NO_MSGSIGDIGEST				 167
#define CMS_R_NO_PASSWORD				 178
#define CMS_R_NO_PRIVATE_KEY				 133
#define CMS_R_NO_PUBLIC_KEY				 134
#define CMS_R_NO_RECEIPT_REQUEST			 168
#define CMS_R_NO_SIGNERS				 135
#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 136
#define CMS_R_RECEIPT_DECODE_ERROR			 169
#define CMS_R_RECIPIENT_ERROR				 137
#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND		 138
#define CMS_R_SIGNFINAL_ERROR				 139
#define CMS_R_SMIME_TEXT_ERROR				 140
#define CMS_R_STORE_INIT_ERROR				 141
#define CMS_R_TYPE_NOT_COMPRESSED_DATA			 142
#define CMS_R_TYPE_NOT_DATA				 143
#define CMS_R_TYPE_NOT_DIGESTED_DATA			 144
#define CMS_R_TYPE_NOT_ENCRYPTED_DATA			 145
#define CMS_R_TYPE_NOT_ENVELOPED_DATA			 146
#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT		 147
#define CMS_R_UNKNOWN_CIPHER				 148
#define CMS_R_UNKNOWN_DIGEST_ALGORIHM			 149
#define CMS_R_UNKNOWN_ID				 150
#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 151
#define CMS_R_UNSUPPORTED_CONTENT_TYPE			 152
#define CMS_R_UNSUPPORTED_KEK_ALGORITHM			 153
#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM	 179
#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE		 154
#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE		 155
#define CMS_R_UNSUPPORTED_TYPE				 156
#define CMS_R_UNWRAP_ERROR				 157
#define CMS_R_UNWRAP_FAILURE				 180
#define CMS_R_VERIFICATION_FAILURE			 158
#define CMS_R_WRAP_ERROR				 159

#ifdef  __cplusplus
}
#endif
#endif
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/include/openssl/comp.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: comp.h,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */

#ifndef HEADER_COMP_H
#define HEADER_COMP_H

#include <openssl/crypto.h>

#ifdef  __cplusplus
|







1
2
3
4
5
6
7
8
/* $OpenBSD: comp.h,v 1.8 2014/11/03 16:58:28 tedu Exp $ */

#ifndef HEADER_COMP_H
#define HEADER_COMP_H

#include <openssl/crypto.h>

#ifdef  __cplusplus
Changes to jni/libressl/include/openssl/conf.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: conf.h,v 1.13 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf.h,v 1.14 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/conf_api.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: conf_api.h,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/crypto.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: crypto.h,v 1.39 2015/09/13 16:56:11 miod Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: crypto.h,v 1.40 2015/09/17 09:51:40 bcook Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Added jni/libressl/include/openssl/curve25519.h.






































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/*
 * Copyright (c) 2015, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef HEADER_CURVE25519_H
#define HEADER_CURVE25519_H

#include <stdint.h>

#include <openssl/opensslconf.h>

#if defined(__cplusplus)
extern "C" {
#endif

/*
 * Curve25519.
 *
 * Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748.
 */

/*
 * X25519.
 *
 * X25519 is the Diffie-Hellman primitive built from curve25519. It is
 * sometimes referred to as curve25519, but X25519 is a more precise name.
 * See http://cr.yp.to/ecdh.html and https://tools.ietf.org/html/rfc7748.
 */

#define X25519_KEY_LENGTH 32

/*
 * X25519_keypair sets |out_public_value| and |out_private_key| to a freshly
 * generated, public/private key pair.
 */
void X25519_keypair(uint8_t out_public_value[X25519_KEY_LENGTH],
    uint8_t out_private_key[X25519_KEY_LENGTH]);

/*
 * X25519 writes a shared key to |out_shared_key| that is calculated from the
 * given private key and the peer's public value. It returns one on success and
 * zero on error.
 *
 * Don't use the shared key directly, rather use a KDF and also include the two
 * public values as inputs.
 */
int X25519(uint8_t out_shared_key[X25519_KEY_LENGTH],
    const uint8_t private_key[X25519_KEY_LENGTH],
    const uint8_t peers_public_value[X25519_KEY_LENGTH]);

#if defined(__cplusplus)
}  /* extern C */
#endif

#endif  /* HEADER_CURVE25519_H */
Changes to jni/libressl/include/openssl/des.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: des.h,v 1.18 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: des.h,v 1.19 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/dh.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: dh.h,v 1.16 2014/06/12 15:49:28 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dh.h,v 1.18 2016/11/04 18:35:30 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#define DH_CHECK_PUBKEY_TOO_SMALL	0x01
#define DH_CHECK_PUBKEY_TOO_LARGE	0x02

/* primes p where (p-1)/2 is prime too are called "safe"; we define
   this for backward compatibility: */
#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME

#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
		(unsigned char *)(x))
#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)

DH *DHparams_dup(DH *);

const DH_METHOD *DH_OpenSSL(void);

void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);







<
|
|
<
|
|







161
162
163
164
165
166
167

168
169

170
171
172
173
174
175
176
177
178
#define DH_CHECK_PUBKEY_TOO_SMALL	0x01
#define DH_CHECK_PUBKEY_TOO_LARGE	0x02

/* primes p where (p-1)/2 is prime too are called "safe"; we define
   this for backward compatibility: */
#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME


DH *d2i_DHparams_bio(BIO *bp, DH **a);
int i2d_DHparams_bio(BIO *bp, DH *a);

DH *d2i_DHparams_fp(FILE *fp, DH **a);
int i2d_DHparams_fp(FILE *fp, DH *a);

DH *DHparams_dup(DH *);

const DH_METHOD *DH_OpenSSL(void);

void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
Changes to jni/libressl/include/openssl/dsa.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: dsa.h,v 1.20 2016/06/21 04:16:53 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dsa.h,v 1.22 2016/11/04 18:35:30 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
	int references;
	CRYPTO_EX_DATA ex_data;
	const DSA_METHOD *meth;
	/* functional reference if 'meth' is ENGINE-provided */
	ENGINE *engine;
	};

#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
		(unsigned char *)(x))
#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)


DSA *DSAparams_dup(DSA *x);
DSA_SIG * DSA_SIG_new(void);
void	DSA_SIG_free(DSA_SIG *a);
int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);








<
|
|
<
|
<
|







169
170
171
172
173
174
175

176
177

178

179
180
181
182
183
184
185
186
	int references;
	CRYPTO_EX_DATA ex_data;
	const DSA_METHOD *meth;
	/* functional reference if 'meth' is ENGINE-provided */
	ENGINE *engine;
	};


DSA *d2i_DSAparams_bio(BIO *bp, DSA **a);
int i2d_DSAparams_bio(BIO *bp, DSA *a);

DSA *d2i_DSAparams_fp(FILE *fp, DSA **a);

int i2d_DSAparams_fp(FILE *fp, DSA *a);

DSA *DSAparams_dup(DSA *x);
DSA_SIG * DSA_SIG_new(void);
void	DSA_SIG_free(DSA_SIG *a);
int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);

Changes to jni/libressl/include/openssl/dso.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: dso.h,v 1.11 2015/02/07 13:19:15 doug Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dso.h,v 1.12 2016/03/15 20:50:22 krw Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/include/openssl/dtls1.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: dtls1.h,v 1.17 2015/02/09 10:53:28 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: dtls1.h,v 1.21 2017/01/22 07:16:39 beck Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
66
67
68
69
70
71
72

73
74
75
76
77
78
79
#include <sys/time.h>
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>


#include <openssl/buffer.h>

#ifdef  __cplusplus
extern "C" {
#endif

#define DTLS1_VERSION			0xFEFF







>







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#include <sys/time.h>
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/opensslconf.h>
#include <openssl/buffer.h>

#ifdef  __cplusplus
extern "C" {
#endif

#define DTLS1_VERSION			0xFEFF
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235

typedef struct hm_fragment_st {
	struct hm_header_st msg_header;
	unsigned char *fragment;
	unsigned char *reassembly;
} hm_fragment;

typedef struct dtls1_state_st {
	unsigned int send_cookie;
	unsigned char cookie[DTLS1_COOKIE_LENGTH];
	unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
	unsigned int cookie_len;

	/*
	 * The current data and handshake epoch.  This is initially
	 * undefined, and starts at zero once the initial handshake is
	 * completed
	 */
	unsigned short r_epoch;
	unsigned short w_epoch;

	/* records being received in the current epoch */
	DTLS1_BITMAP bitmap;

	/* renegotiation starts a new set of sequence numbers */
	DTLS1_BITMAP next_bitmap;

	/* handshake message numbers */
	unsigned short handshake_write_seq;
	unsigned short next_handshake_write_seq;

	unsigned short handshake_read_seq;

	/* save last sequence number for retransmissions */
	unsigned char last_write_sequence[8];

	/* Received handshake records (processed and unprocessed) */
	record_pqueue unprocessed_rcds;
	record_pqueue processed_rcds;

	/* Buffered handshake messages */
	struct _pqueue *buffered_messages;

	/* Buffered (sent) handshake records */
	struct _pqueue *sent_messages;

	/* Buffered application records.
	 * Only for records between CCS and Finished
	 * to prevent either protocol violation or
	 * unnecessary message loss.
	 */
	record_pqueue buffered_app_data;

	/* Is set when listening for new connections with dtls1_listen() */
	unsigned int listen;

	unsigned int mtu; /* max DTLS packet size */

	struct hm_header_st w_msg_hdr;
	struct hm_header_st r_msg_hdr;

	struct dtls1_timeout_st timeout;

	/* Indicates when the last handshake msg or heartbeat sent will timeout */
	struct timeval next_timeout;

	/* Timeout duration */
	unsigned short timeout_duration;

	/* storage for Alert/Handshake protocol data received but not
	 * yet processed by ssl3_read_bytes: */
	unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
	unsigned int alert_fragment_len;
	unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
	unsigned int handshake_fragment_len;

	unsigned int retransmitting;
	unsigned int change_cipher_spec_ok;


} DTLS1_STATE;

typedef struct dtls1_record_data_st {
	unsigned char *packet;
	unsigned int   packet_length;
	SSL3_BUFFER    rbuf;
	SSL3_RECORD    rrec;







|
<
<
<
<

<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






<
<
<
<
<
<
|
<
<
<
<







150
151
152
153
154
155
156
157




158







159






















160
161
162

















163
164
165
166
167
168






169




170
171
172
173
174
175
176

typedef struct hm_fragment_st {
	struct hm_header_st msg_header;
	unsigned char *fragment;
	unsigned char *reassembly;
} hm_fragment;

struct dtls1_state_internal_st;












typedef struct dtls1_state_st {






















	/* Buffered (sent) handshake records */
	struct _pqueue *sent_messages;


















	/* Indicates when the last handshake msg or heartbeat sent will timeout */
	struct timeval next_timeout;

	/* Timeout duration */
	unsigned short timeout_duration;







	struct dtls1_state_internal_st *internal;




} DTLS1_STATE;

typedef struct dtls1_record_data_st {
	unsigned char *packet;
	unsigned int   packet_length;
	SSL3_BUFFER    rbuf;
	SSL3_RECORD    rrec;
Changes to jni/libressl/include/openssl/ec.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ec.h,v 1.10 2015/06/20 13:26:08 jsing Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/**
 * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
 * \author Originally written by Bodo Moeller for the OpenSSL project
 */
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ec.h,v 1.12 2016/11/04 17:33:19 miod Exp $ */
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
/**
 * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
 * \author Originally written by Bodo Moeller for the OpenSSL project
 */
988
989
990
991
992
993
994






995
996
997
998
999
1000
1001
#define EC_F_ECPARAMETERS_PRINT_FP			 148
#define EC_F_ECPKPARAMETERS_PRINT			 149
#define EC_F_ECPKPARAMETERS_PRINT_FP			 150
#define EC_F_ECP_NIST_MOD_192				 203
#define EC_F_ECP_NIST_MOD_224				 204
#define EC_F_ECP_NIST_MOD_256				 205
#define EC_F_ECP_NIST_MOD_521				 206






#define EC_F_EC_ASN1_GROUP2CURVE			 153
#define EC_F_EC_ASN1_GROUP2FIELDID			 154
#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155
#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156
#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157
#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158
#define EC_F_EC_EX_DATA_SET_DATA			 211







>
>
>
>
>
>







988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
#define EC_F_ECPARAMETERS_PRINT_FP			 148
#define EC_F_ECPKPARAMETERS_PRINT			 149
#define EC_F_ECPKPARAMETERS_PRINT_FP			 150
#define EC_F_ECP_NIST_MOD_192				 203
#define EC_F_ECP_NIST_MOD_224				 204
#define EC_F_ECP_NIST_MOD_256				 205
#define EC_F_ECP_NIST_MOD_521				 206
#define EC_F_ECP_NISTZ256_GET_AFFINE			 240
#define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE		 243
#define EC_F_ECP_NISTZ256_POINTS_MUL			 241
#define EC_F_ECP_NISTZ256_PRE_COMP_NEW			 244
#define EC_F_ECP_NISTZ256_SET_WORDS			 245
#define EC_F_ECP_NISTZ256_WINDOWED_MUL			 242
#define EC_F_EC_ASN1_GROUP2CURVE			 153
#define EC_F_EC_ASN1_GROUP2FIELDID			 154
#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155
#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156
#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157
#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158
#define EC_F_EC_EX_DATA_SET_DATA			 211
Changes to jni/libressl/include/openssl/ecdh.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecdh.h,v 1.4 2015/09/13 11:49:44 jsing Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecdh.h,v 1.5 2015/09/13 12:03:07 jsing Exp $ */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
Changes to jni/libressl/include/openssl/ecdsa.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ecdsa.h,v 1.3 2014/11/17 20:25:50 miod Exp $ */
/**
 * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
 * \author Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ecdsa.h,v 1.4 2015/02/08 13:35:06 jsing Exp $ */
/**
 * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
 * \author Written by Nils Larsch for the OpenSSL project
 */
/* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
Changes to jni/libressl/include/openssl/engine.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: engine.h,v 1.30 2014/10/18 17:20:40 jsing Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: engine.h,v 1.31 2015/07/19 22:34:27 doug Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/include/openssl/err.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: err.h,v 1.21 2014/07/11 09:25:24 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: err.h,v 1.25 2017/02/20 23:21:19 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
195
196
197
198
199
200
201

202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235






































236
237
238
239
240
241
242
#define ERR_LIB_TS		47
#define ERR_LIB_HMAC		48
#define ERR_LIB_JPAKE		49
#define ERR_LIB_GOST		50

#define ERR_LIB_USER		128


#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__)







































#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)<<24L)| \
				((((unsigned long)f)&0xfffL)<<12L)| \
				((((unsigned long)r)&0xfffL)))
#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)
#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)
#define ERR_GET_REASON(l)	(int)((l)&0xfffL)







>














<



















>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
#define ERR_LIB_TS		47
#define ERR_LIB_HMAC		48
#define ERR_LIB_JPAKE		49
#define ERR_LIB_GOST		50

#define ERR_LIB_USER		128

#ifndef LIBRESSL_INTERNAL
#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)

#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__)
#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
#endif

#ifdef LIBRESSL_INTERNAL
#define SYSerror(r)  ERR_PUT_error(ERR_LIB_SYS,(0xfff),(r),__FILE__,__LINE__)
#define BNerror(r)   ERR_PUT_error(ERR_LIB_BN,(0xfff),(r),__FILE__,__LINE__)
#define RSAerror(r)  ERR_PUT_error(ERR_LIB_RSA,(0xfff),(r),__FILE__,__LINE__)
#define DHerror(r)   ERR_PUT_error(ERR_LIB_DH,(0xfff),(r),__FILE__,__LINE__)
#define EVPerror(r)  ERR_PUT_error(ERR_LIB_EVP,(0xfff),(r),__FILE__,__LINE__)
#define BUFerror(r)  ERR_PUT_error(ERR_LIB_BUF,(0xfff),(r),__FILE__,__LINE__)
#define OBJerror(r)  ERR_PUT_error(ERR_LIB_OBJ,(0xfff),(r),__FILE__,__LINE__)
#define PEMerror(r)  ERR_PUT_error(ERR_LIB_PEM,(0xfff),(r),__FILE__,__LINE__)
#define DSAerror(r)  ERR_PUT_error(ERR_LIB_DSA,(0xfff),(r),__FILE__,__LINE__)
#define X509error(r) ERR_PUT_error(ERR_LIB_X509,(0xfff),(r),__FILE__,__LINE__)
#define ASN1error(r) ERR_PUT_error(ERR_LIB_ASN1,(0xfff),(r),__FILE__,__LINE__)
#define CONFerror(r) ERR_PUT_error(ERR_LIB_CONF,(0xfff),(r),__FILE__,__LINE__)
#define CRYPTOerror(r) ERR_PUT_error(ERR_LIB_CRYPTO,(0xfff),(r),__FILE__,__LINE__)
#define ECerror(r)   ERR_PUT_error(ERR_LIB_EC,(0xfff),(r),__FILE__,__LINE__)
#define BIOerror(r)  ERR_PUT_error(ERR_LIB_BIO,(0xfff),(r),__FILE__,__LINE__)
#define PKCS7error(r) ERR_PUT_error(ERR_LIB_PKCS7,(0xfff),(r),__FILE__,__LINE__)
#define X509V3error(r) ERR_PUT_error(ERR_LIB_X509V3,(0xfff),(r),__FILE__,__LINE__)
#define PKCS12error(r) ERR_PUT_error(ERR_LIB_PKCS12,(0xfff),(r),__FILE__,__LINE__)
#define RANDerror(r) ERR_PUT_error(ERR_LIB_RAND,(0xfff),(r),__FILE__,__LINE__)
#define DSOerror(r) ERR_PUT_error(ERR_LIB_DSO,(0xfff),(r),__FILE__,__LINE__)
#define ENGINEerror(r) ERR_PUT_error(ERR_LIB_ENGINE,(0xfff),(r),__FILE__,__LINE__)
#define OCSPerror(r) ERR_PUT_error(ERR_LIB_OCSP,(0xfff),(r),__FILE__,__LINE__)
#define UIerror(r) ERR_PUT_error(ERR_LIB_UI,(0xfff),(r),__FILE__,__LINE__)
#define COMPerror(r) ERR_PUT_error(ERR_LIB_COMP,(0xfff),(r),__FILE__,__LINE__)
#define ECDSAerror(r)  ERR_PUT_error(ERR_LIB_ECDSA,(0xfff),(r),__FILE__,__LINE__)
#define ECDHerror(r)  ERR_PUT_error(ERR_LIB_ECDH,(0xfff),(r),__FILE__,__LINE__)
#define STOREerror(r) ERR_PUT_error(ERR_LIB_STORE,(0xfff),(r),__FILE__,__LINE__)
#define FIPSerror(r) ERR_PUT_error(ERR_LIB_FIPS,(0xfff),(r),__FILE__,__LINE__)
#define CMSerror(r) ERR_PUT_error(ERR_LIB_CMS,(0xfff),(r),__FILE__,__LINE__)
#define TSerror(r) ERR_PUT_error(ERR_LIB_TS,(0xfff),(r),__FILE__,__LINE__)
#define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__)
#define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__)
#define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__)
#endif

#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)<<24L)| \
				((((unsigned long)f)&0xfffL)<<12L)| \
				((((unsigned long)r)&0xfffL)))
#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)
#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)
#define ERR_GET_REASON(l)	(int)((l)&0xfffL)
336
337
338
339
340
341
342

343
344

345
346
347
348
349
350
351
void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
    void *u);
void ERR_print_errors_fp(FILE *fp);
#ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
#endif
void ERR_asprintf_error_data(char * format, ...);

void ERR_add_error_data(int num, ...);
void ERR_add_error_vdata(int num, va_list args);

void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void);
void ERR_load_crypto_strings(void);
void ERR_free_strings(void);

void ERR_remove_thread_state(const CRYPTO_THREADID *tid);







>


>







374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
    void *u);
void ERR_print_errors_fp(FILE *fp);
#ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
#endif
void ERR_asprintf_error_data(char * format, ...);
#ifndef LIBRESSL_INTERNAL
void ERR_add_error_data(int num, ...);
void ERR_add_error_vdata(int num, va_list args);
#endif
void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void);
void ERR_load_crypto_strings(void);
void ERR_free_strings(void);

void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
Changes to jni/libressl/include/openssl/evp.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: evp.h,v 1.50 2016/04/28 16:06:53 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: evp.h,v 1.52 2017/02/28 14:15:37 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
655
656
657
658
659
660
661

662
663
664
665
666
667
668

const EVP_MD *EVP_md_null(void);
#ifndef OPENSSL_NO_MD4
const EVP_MD *EVP_md4(void);
#endif
#ifndef OPENSSL_NO_MD5
const EVP_MD *EVP_md5(void);

#endif
#ifndef OPENSSL_NO_SHA
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_ecdsa(void);
#endif







>







655
656
657
658
659
660
661
662
663
664
665
666
667
668
669

const EVP_MD *EVP_md_null(void);
#ifndef OPENSSL_NO_MD4
const EVP_MD *EVP_md4(void);
#endif
#ifndef OPENSSL_NO_MD5
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_md5_sha1(void);
#endif
#ifndef OPENSSL_NO_SHA
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_ecdsa(void);
#endif
Changes to jni/libressl/include/openssl/gost.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
|







1
2
3
4
5
6
7
8
/* $OpenBSD: gost.h,v 1.3 2016/09/04 17:02:31 jsing Exp $ */
/*
 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
 * Copyright (c) 2005-2006 Cryptocom LTD
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
85
86
87
88
89
90
91




92
93
94
95
96
97
98
99
	unsigned char *ivec, unsigned char *cnt_buf, int *num);

typedef struct {
	ASN1_OCTET_STRING *iv;
	ASN1_OBJECT *enc_param_set;
} GOST_CIPHER_PARAMS;





DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)

#define GOST2814789IMIT_LENGTH 4
#define GOST2814789IMIT_CBLOCK 8
#define GOST2814789IMIT_LONG unsigned int

typedef struct GOST2814789IMITstate_st {
	GOST2814789IMIT_LONG	Nl, Nh;







>
>
>
>
|







85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
	unsigned char *ivec, unsigned char *cnt_buf, int *num);

typedef struct {
	ASN1_OCTET_STRING *iv;
	ASN1_OBJECT *enc_param_set;
} GOST_CIPHER_PARAMS;

GOST_CIPHER_PARAMS *GOST_CIPHER_PARAMS_new(void);
void GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a);
GOST_CIPHER_PARAMS *d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len);
int i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out);
extern const ASN1_ITEM GOST_CIPHER_PARAMS_it;

#define GOST2814789IMIT_LENGTH 4
#define GOST2814789IMIT_CBLOCK 8
#define GOST2814789IMIT_LONG unsigned int

typedef struct GOST2814789IMITstate_st {
	GOST2814789IMIT_LONG	Nl, Nh;
Changes to jni/libressl/include/openssl/hmac.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: hmac.h,v 1.11 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: hmac.h,v 1.12 2014/06/21 13:39:46 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/idea.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: idea.h,v 1.10 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Deleted jni/libressl/include/openssl/krb5_asn.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
/* $OpenBSD$ */
/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
** using ocsp/{*.h,*asn*.c} as a starting point
*/

/* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#ifndef HEADER_KRB5_ASN_H
#define HEADER_KRB5_ASN_H

/*
#include <krb5.h>
*/
#include <openssl/safestack.h>

#ifdef  __cplusplus
extern "C" {
#endif


/*	ASN.1 from Kerberos RFC 1510
*/

/*	EncryptedData ::=   SEQUENCE {
**		etype[0]                      INTEGER, -- EncryptionType
**		kvno[1]                       INTEGER OPTIONAL,
**		cipher[2]                     OCTET STRING -- ciphertext
**	}
*/
typedef	struct	krb5_encdata_st
	{
	ASN1_INTEGER			*etype;
	ASN1_INTEGER			*kvno;
	ASN1_OCTET_STRING		*cipher;
	}	KRB5_ENCDATA;

DECLARE_STACK_OF(KRB5_ENCDATA)

/*	PrincipalName ::=   SEQUENCE {
**		name-type[0]                  INTEGER,
**		name-string[1]                SEQUENCE OF GeneralString
**	}
*/
typedef	struct	krb5_princname_st
	{
	ASN1_INTEGER			*nametype;
	STACK_OF(ASN1_GENERALSTRING)	*namestring;
	}	KRB5_PRINCNAME;

DECLARE_STACK_OF(KRB5_PRINCNAME)


/*	Ticket ::=	[APPLICATION 1] SEQUENCE {
**		tkt-vno[0]                    INTEGER,
**		realm[1]                      Realm,
**		sname[2]                      PrincipalName,
**		enc-part[3]                   EncryptedData
**	}
*/
typedef	struct	krb5_tktbody_st
	{
	ASN1_INTEGER			*tktvno;
	ASN1_GENERALSTRING		*realm;
	KRB5_PRINCNAME			*sname;
	KRB5_ENCDATA			*encdata;
	}	KRB5_TKTBODY;

typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
DECLARE_STACK_OF(KRB5_TKTBODY)


/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {
**		pvno[0]                       INTEGER,
**		msg-type[1]                   INTEGER,
**		ap-options[2]                 APOptions,
**		ticket[3]                     Ticket,
**		authenticator[4]              EncryptedData
**	}
**
**	APOptions ::=   BIT STRING {
**		reserved(0), use-session-key(1), mutual-required(2) }
*/
typedef	struct	krb5_ap_req_st
	{
	ASN1_INTEGER			*pvno;
	ASN1_INTEGER			*msgtype;
	ASN1_BIT_STRING			*apoptions;
	KRB5_TICKET			*ticket;
	KRB5_ENCDATA			*authenticator;
	}	KRB5_APREQBODY;

typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
DECLARE_STACK_OF(KRB5_APREQBODY)


/*	Authenticator Stuff	*/


/*	Checksum ::=   SEQUENCE {
**		cksumtype[0]                  INTEGER,
**		checksum[1]                   OCTET STRING
**	}
*/
typedef	struct	krb5_checksum_st
	{
	ASN1_INTEGER			*ctype;
	ASN1_OCTET_STRING		*checksum;
	}	KRB5_CHECKSUM;

DECLARE_STACK_OF(KRB5_CHECKSUM)


/*	EncryptionKey ::=   SEQUENCE {
**		keytype[0]                    INTEGER,
**		keyvalue[1]                   OCTET STRING
**	}
*/
typedef struct  krb5_encryptionkey_st
	{
	ASN1_INTEGER			*ktype;
	ASN1_OCTET_STRING		*keyvalue;
	}	KRB5_ENCKEY;

DECLARE_STACK_OF(KRB5_ENCKEY)


/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {
**		ad-type[0]                    INTEGER,
**              ad-data[1]                    OCTET STRING
**	}
*/
typedef struct	krb5_authorization_st
	{
	ASN1_INTEGER			*adtype;
	ASN1_OCTET_STRING		*addata;
	}	KRB5_AUTHDATA;

DECLARE_STACK_OF(KRB5_AUTHDATA)

			
/*	-- Unencrypted authenticator
**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {
**		authenticator-vno[0]          INTEGER,
**		crealm[1]                     Realm,
**		cname[2]                      PrincipalName,
**		cksum[3]                      Checksum OPTIONAL,
**		cusec[4]                      INTEGER,
**		ctime[5]                      KerberosTime,
**		subkey[6]                     EncryptionKey OPTIONAL,
**		seq-number[7]                 INTEGER OPTIONAL,
**		authorization-data[8]         AuthorizationData OPTIONAL
**	}
*/
typedef struct	krb5_authenticator_st
	{
	ASN1_INTEGER			*avno;
	ASN1_GENERALSTRING		*crealm;
	KRB5_PRINCNAME			*cname;
	KRB5_CHECKSUM			*cksum;
	ASN1_INTEGER			*cusec;
	ASN1_GENERALIZEDTIME		*ctime;
	KRB5_ENCKEY			*subkey;
	ASN1_INTEGER			*seqnum;
	KRB5_AUTHDATA			*authorization;
	}	KRB5_AUTHENTBODY;

typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
DECLARE_STACK_OF(KRB5_AUTHENTBODY)


/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
**	type *name##_new(void);
**	void name##_free(type *a);
**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
**	  type *d2i_##name(type **a, const unsigned char **in, long len);
**	  int i2d_##name(type *a, unsigned char **out);
**	  DECLARE_ASN1_ITEM(itname) = extern const ASN1_ITEM itname##_it
*/

DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)

DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)


/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */

#ifdef  __cplusplus
}
#endif
#endif

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































































































































































































































































































































































































































































Changes to jni/libressl/include/openssl/lhash.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: lhash.h,v 1.12 2014/06/12 15:49:29 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/md4.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md4.h,v 1.16 2015/09/14 01:45:03 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/md5.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: md5.h,v 1.19 2014/07/13 14:13:27 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: md5.h,v 1.20 2014/10/20 13:06:54 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/modes.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
 *
 * Rights for redistribution and usage in source and binary
 * forms are granted according to the OpenSSL license.
 */

|







1
2
3
4
5
6
7
8
/* $OpenBSD: modes.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
 *
 * Rights for redistribution and usage in source and binary
 * forms are granted according to the OpenSSL license.
 */

Changes to jni/libressl/include/openssl/obj_mac.h.
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359

#define SN_delta_crl		"deltaCRL"
#define LN_delta_crl		"X509v3 Delta CRL Indicator"
#define NID_delta_crl		140
#define OBJ_delta_crl		OBJ_id_ce,27L

#define SN_issuing_distribution_point		"issuingDistributionPoint"
#define LN_issuing_distribution_point		"X509v3 Issuing Distrubution Point"
#define NID_issuing_distribution_point		770
#define OBJ_issuing_distribution_point		OBJ_id_ce,28L

#define SN_certificate_issuer		"certificateIssuer"
#define LN_certificate_issuer		"X509v3 Certificate Issuer"
#define NID_certificate_issuer		771
#define OBJ_certificate_issuer		OBJ_id_ce,29L







|







2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359

#define SN_delta_crl		"deltaCRL"
#define LN_delta_crl		"X509v3 Delta CRL Indicator"
#define NID_delta_crl		140
#define OBJ_delta_crl		OBJ_id_ce,27L

#define SN_issuing_distribution_point		"issuingDistributionPoint"
#define LN_issuing_distribution_point		"X509v3 Issuing Distribution Point"
#define NID_issuing_distribution_point		770
#define OBJ_issuing_distribution_point		OBJ_id_ce,28L

#define SN_certificate_issuer		"certificateIssuer"
#define LN_certificate_issuer		"X509v3 Certificate Issuer"
#define NID_certificate_issuer		771
#define OBJ_certificate_issuer		OBJ_id_ce,29L
4150
4151
4152
4153
4154
4155
4156
























#define OBJ_id_tc26_signwithdigest_gost3410_2012_256		OBJ_tc26,1L,3L,2L

#define SN_id_tc26_signwithdigest_gost3410_2012_512		"id-tc26-signwithdigest-gost3410-2012-512"
#define LN_id_tc26_signwithdigest_gost3410_2012_512		"GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)"
#define NID_id_tc26_signwithdigest_gost3410_2012_512		949
#define OBJ_id_tc26_signwithdigest_gost3410_2012_512		OBJ_tc26,1L,3L,3L
































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
#define OBJ_id_tc26_signwithdigest_gost3410_2012_256		OBJ_tc26,1L,3L,2L

#define SN_id_tc26_signwithdigest_gost3410_2012_512		"id-tc26-signwithdigest-gost3410-2012-512"
#define LN_id_tc26_signwithdigest_gost3410_2012_512		"GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)"
#define NID_id_tc26_signwithdigest_gost3410_2012_512		949
#define OBJ_id_tc26_signwithdigest_gost3410_2012_512		OBJ_tc26,1L,3L,3L

#define SN_X25519		"X25519"
#define NID_X25519		950
#define OBJ_X25519		1L,3L,101L,110L

#define SN_X448		"X448"
#define NID_X448		951
#define OBJ_X448		1L,3L,101L,111L

#define SN_Ed25519		"Ed25519"
#define NID_Ed25519		952
#define OBJ_Ed25519		1L,3L,101L,112L

#define SN_Ed448		"Ed448"
#define NID_Ed448		953
#define OBJ_Ed448		1L,3L,101L,113L

#define SN_Ed25519ph		"Ed25519ph"
#define NID_Ed25519ph		954
#define OBJ_Ed25519ph		1L,3L,101L,114L

#define SN_Ed448ph		"Ed448ph"
#define NID_Ed448ph		955
#define OBJ_Ed448ph		1L,3L,101L,115L

Changes to jni/libressl/include/openssl/objects.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: objects.h,v 1.12 2017/01/21 04:53:22 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
1011
1012
1013
1014
1015
1016
1017


1018
1019
1020
1021
1022
1023
1024
int		OBJ_sn2nid(const char *s);
int		OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
const void *	OBJ_bsearch_(const void *key, const void *base, int num,
		    int size, int (*cmp)(const void *, const void *));
const void *	OBJ_bsearch_ex_(const void *key, const void *base, int num,
		    int size, int (*cmp)(const void *, const void *),
		    int flags);



#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)	\
  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
  static int nm##_cmp(type1 const *, type2 const *); \
  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)

#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)	\







>
>







1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
int		OBJ_sn2nid(const char *s);
int		OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
const void *	OBJ_bsearch_(const void *key, const void *base, int num,
		    int size, int (*cmp)(const void *, const void *));
const void *	OBJ_bsearch_ex_(const void *key, const void *base, int num,
		    int size, int (*cmp)(const void *, const void *),
		    int flags);

#ifndef LIBRESSL_INTERNAL

#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)	\
  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
  static int nm##_cmp(type1 const *, type2 const *); \
  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)

#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)	\
1090
1091
1092
1093
1094
1095
1096


1097
1098
1099
1100
1101
1102
1103

#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)			\
  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
			 num,sizeof(type2),				\
			 ((void)CHECKED_PTR_OF(type1,cmp##_type_1),	\
			  (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
			  cmp##_BSEARCH_CMP_FN)),flags)



int		OBJ_new_nid(int num);
int		OBJ_add_object(const ASN1_OBJECT *obj);
int		OBJ_create(const char *oid, const char *sn, const char *ln);
void		OBJ_cleanup(void );
int		OBJ_create_objects(BIO *in);








>
>







1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107

#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)			\
  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
			 num,sizeof(type2),				\
			 ((void)CHECKED_PTR_OF(type1,cmp##_type_1),	\
			  (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
			  cmp##_BSEARCH_CMP_FN)),flags)

#endif /* !LIBRESSL_INTERNAL */

int		OBJ_new_nid(int num);
int		OBJ_add_object(const ASN1_OBJECT *obj);
int		OBJ_create(const char *oid, const char *sn, const char *ln);
void		OBJ_cleanup(void );
int		OBJ_create_objects(BIO *in);

Changes to jni/libressl/include/openssl/ocsp.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp.h,v 1.6 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ocsp.h,v 1.11 2016/12/30 16:19:04 jsing Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

/* History:
   This file was transfered to Richard Levitte from CertCo by Kathy
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
   as a patch kit. */
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 */
typedef struct ocsp_one_request_st {
	OCSP_CERTID *reqCert;
	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} OCSP_ONEREQ;

DECLARE_STACK_OF(OCSP_ONEREQ)
DECLARE_ASN1_SET_OF(OCSP_ONEREQ)


/*   TBSRequest      ::=     SEQUENCE {
 *       version             [0] EXPLICIT Version DEFAULT v1,
 *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
 *       requestList             SEQUENCE OF Request,
 *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }







<







111
112
113
114
115
116
117

118
119
120
121
122
123
124
 */
typedef struct ocsp_one_request_st {
	OCSP_CERTID *reqCert;
	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} OCSP_ONEREQ;

DECLARE_STACK_OF(OCSP_ONEREQ)



/*   TBSRequest      ::=     SEQUENCE {
 *       version             [0] EXPLICIT Version DEFAULT v1,
 *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
 *       requestList             SEQUENCE OF Request,
 *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
197
198
199
200
201
202
203

204



205
206
207
208
209
210
211
	union {
		X509_NAME* byName;
		ASN1_OCTET_STRING *byKey;
	} value;
};

DECLARE_STACK_OF(OCSP_RESPID)

DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)




/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
 *                            --(excluding the tag and length fields)
 */

/*   RevokedInfo ::= SEQUENCE {
 *       revocationTime              GeneralizedTime,







>
|
>
>
>







196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
	union {
		X509_NAME* byName;
		ASN1_OCTET_STRING *byKey;
	} value;
};

DECLARE_STACK_OF(OCSP_RESPID)
OCSP_RESPID *OCSP_RESPID_new(void);
void OCSP_RESPID_free(OCSP_RESPID *a);
OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len);
int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out);
extern const ASN1_ITEM OCSP_RESPID_it;

/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
 *                            --(excluding the tag and length fields)
 */

/*   RevokedInfo ::= SEQUENCE {
 *       revocationTime              GeneralizedTime,
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
	OCSP_CERTSTATUS *certStatus;
	ASN1_GENERALIZEDTIME *thisUpdate;
	ASN1_GENERALIZEDTIME *nextUpdate;
	STACK_OF(X509_EXTENSION) *singleExtensions;
} OCSP_SINGLERESP;

DECLARE_STACK_OF(OCSP_SINGLERESP)
DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)

/*   ResponseData ::= SEQUENCE {
 *      version              [0] EXPLICIT Version DEFAULT v1,
 *      responderID              ResponderID,
 *      producedAt               GeneralizedTime,
 *      responses                SEQUENCE OF SingleResponse,
 *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }







<







248
249
250
251
252
253
254

255
256
257
258
259
260
261
	OCSP_CERTSTATUS *certStatus;
	ASN1_GENERALIZEDTIME *thisUpdate;
	ASN1_GENERALIZEDTIME *nextUpdate;
	STACK_OF(X509_EXTENSION) *singleExtensions;
} OCSP_SINGLERESP;

DECLARE_STACK_OF(OCSP_SINGLERESP)


/*   ResponseData ::= SEQUENCE {
 *      version              [0] EXPLICIT Version DEFAULT v1,
 *      responderID              ResponderID,
 *      producedAt               GeneralizedTime,
 *      responses                SEQUENCE OF SingleResponse,
 *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
	X509_NAME* issuer;
	STACK_OF(ACCESS_DESCRIPTION) *locator;
} OCSP_SERVICELOC;

#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"

#define d2i_OCSP_REQUEST_bio(bp,p) \
    ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)

#define d2i_OCSP_RESPONSE_bio(bp,p) \
    ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)

#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) \
    (OCSP_REQUEST *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_REQUEST, \
	PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)

#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb) \
    (OCSP_RESPONSE *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_RESPONSE, \
	PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)

#define PEM_write_bio_OCSP_REQUEST(bp,o) \
    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
	bp,(char *)o, NULL,NULL,0,NULL,NULL)

#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
	bp,(char *)o, NULL,NULL,0,NULL,NULL)

#define i2d_OCSP_RESPONSE_bio(bp,o) \
    ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)

#define i2d_OCSP_REQUEST_bio(bp,o) \
    ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)

#define OCSP_REQUEST_sign(o,pkey,md) \
    ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO), \
	o->optionalSignature->signatureAlgorithm,NULL, \
	o->optionalSignature->signature,o->tbsRequest,pkey,md)

#define OCSP_BASICRESP_sign(o,pkey,md,d) \
    ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL, \
	o->signature,o->tbsResponseData,pkey,md)

#define OCSP_REQUEST_verify(a,r) \
    ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO), \
	a->optionalSignature->signatureAlgorithm, \
	a->optionalSignature->signature,a->tbsRequest,r)

#define OCSP_BASICRESP_verify(a,r,d) \
    ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA), \
	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)

#define ASN1_BIT_STRING_digest(data,type,md,len) \
    ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

#define OCSP_CERTSTATUS_dup(cs) \
	ASN1_item_dup(&OCSP_CERTSTATUS_it, cs)

OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);

OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);







<
<
<
<
<
<
















<
<
<
<
<
<

|




|



|




|



|







337
338
339
340
341
342
343






344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359






360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
	X509_NAME* issuer;
	STACK_OF(ACCESS_DESCRIPTION) *locator;
} OCSP_SERVICELOC;

#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"







#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) \
    (OCSP_REQUEST *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_REQUEST, \
	PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)

#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb) \
    (OCSP_RESPONSE *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_RESPONSE, \
	PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)

#define PEM_write_bio_OCSP_REQUEST(bp,o) \
    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
	bp,(char *)o, NULL,NULL,0,NULL,NULL)

#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
	bp,(char *)o, NULL,NULL,0,NULL,NULL)







#define OCSP_REQUEST_sign(o,pkey,md) \
    ASN1_item_sign(&OCSP_REQINFO_it, \
	o->optionalSignature->signatureAlgorithm,NULL, \
	o->optionalSignature->signature,o->tbsRequest,pkey,md)

#define OCSP_BASICRESP_sign(o,pkey,md,d) \
    ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \
	o->signature,o->tbsResponseData,pkey,md)

#define OCSP_REQUEST_verify(a,r) \
    ASN1_item_verify(&OCSP_REQINFO_it, \
	a->optionalSignature->signatureAlgorithm, \
	a->optionalSignature->signature,a->tbsRequest,r)

#define OCSP_BASICRESP_verify(a,r,d) \
    ASN1_item_verify(&OCSP_RESPDATA_it, \
	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)

#define ASN1_BIT_STRING_digest(data,type,md,len) \
    ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len)

#define OCSP_CERTSTATUS_dup(cs) \
	ASN1_item_dup(&OCSP_CERTSTATUS_it, cs)

OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);

OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
518
519
520
521
522
523
524

525




526







527
528





529




530




531





532





533




534




535





536





537




538




539



540
541
542
543
544
545
546
void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
	    int *idx);
int	OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
	    int crit, unsigned long flags);
int	OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex,
	    int loc);


DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)




DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)







DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)





DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)




DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)




DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)





DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)





DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)




DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)




DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)





DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)





DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)




DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)




DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)




const char *OCSP_response_status_str(long s);
const char *OCSP_cert_status_str(long s);
const char *OCSP_crl_reason_str(long s);

int	OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
int	OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);







>
|
>
>
>
>
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>







508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
	    int *idx);
int	OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
	    int crit, unsigned long flags);
int	OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex,
	    int loc);

OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, const unsigned char **in, long len);
int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **out);
extern const ASN1_ITEM OCSP_SINGLERESP_it;
OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a);
OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, const unsigned char **in, long len);
int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **out);
extern const ASN1_ITEM OCSP_CERTSTATUS_it;
OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void);
void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a);
OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, const unsigned char **in, long len);
int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **out);
extern const ASN1_ITEM OCSP_REVOKEDINFO_it;
OCSP_BASICRESP *OCSP_BASICRESP_new(void);
void OCSP_BASICRESP_free(OCSP_BASICRESP *a);
OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, const unsigned char **in, long len);
int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **out);
extern const ASN1_ITEM OCSP_BASICRESP_it;
OCSP_RESPDATA *OCSP_RESPDATA_new(void);
void OCSP_RESPDATA_free(OCSP_RESPDATA *a);
OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, const unsigned char **in, long len);
int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **out);
extern const ASN1_ITEM OCSP_RESPDATA_it;
OCSP_RESPID *OCSP_RESPID_new(void);
void OCSP_RESPID_free(OCSP_RESPID *a);
OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len);
int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out);
extern const ASN1_ITEM OCSP_RESPID_it;
OCSP_RESPONSE *OCSP_RESPONSE_new(void);
void OCSP_RESPONSE_free(OCSP_RESPONSE *a);
OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, const unsigned char **in, long len);
int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out);
OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **a);
int i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *a);
extern const ASN1_ITEM OCSP_RESPONSE_it;
OCSP_RESPBYTES *OCSP_RESPBYTES_new(void);
void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a);
OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, const unsigned char **in, long len);
int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **out);
extern const ASN1_ITEM OCSP_RESPBYTES_it;
OCSP_ONEREQ *OCSP_ONEREQ_new(void);
void OCSP_ONEREQ_free(OCSP_ONEREQ *a);
OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, const unsigned char **in, long len);
int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **out);
extern const ASN1_ITEM OCSP_ONEREQ_it;
OCSP_CERTID *OCSP_CERTID_new(void);
void OCSP_CERTID_free(OCSP_CERTID *a);
OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, const unsigned char **in, long len);
int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **out);
extern const ASN1_ITEM OCSP_CERTID_it;
OCSP_REQUEST *OCSP_REQUEST_new(void);
void OCSP_REQUEST_free(OCSP_REQUEST *a);
OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len);
int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out);
OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **a);
int i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *a);
extern const ASN1_ITEM OCSP_REQUEST_it;
OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);
OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, const unsigned char **in, long len);
int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **out);
extern const ASN1_ITEM OCSP_SIGNATURE_it;
OCSP_REQINFO *OCSP_REQINFO_new(void);
void OCSP_REQINFO_free(OCSP_REQINFO *a);
OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, const unsigned char **in, long len);
int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **out);
extern const ASN1_ITEM OCSP_REQINFO_it;
OCSP_CRLID *OCSP_CRLID_new(void);
void OCSP_CRLID_free(OCSP_CRLID *a);
OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, const unsigned char **in, long len);
int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **out);
extern const ASN1_ITEM OCSP_CRLID_it;
OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, const unsigned char **in, long len);
int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **out);
extern const ASN1_ITEM OCSP_SERVICELOC_it;

const char *OCSP_response_status_str(long s);
const char *OCSP_cert_status_str(long s);
const char *OCSP_crl_reason_str(long s);

int	OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
int	OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
Changes to jni/libressl/include/openssl/opensslconf.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */

#if defined(_MSC_VER) && !defined(__attribute__)
#define __attribute__(a)
#endif

/* Generate 80386 code? */
#undef I386_ONLY

#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#define OPENSSLDIR "/etc/ssl"
#endif

#undef OPENSSL_UNISTD
#define OPENSSL_UNISTD <unistd.h>








<
<
<







1
2
3
4
5
6
7



8
9
10
11
12
13
14
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */

#if defined(_MSC_VER) && !defined(__attribute__)
#define __attribute__(a)
#endif




#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#define OPENSSLDIR "/etc/ssl"
#endif

#undef OPENSSL_UNISTD
#define OPENSSL_UNISTD <unistd.h>

Changes to jni/libressl/include/openssl/opensslv.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/* $OpenBSD: opensslv.h,v 1.36.2.2 2016/10/02 23:22:52 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER	0x2040500fL
#define LIBRESSL_VERSION_TEXT	"LibreSSL 2.4.5"

/* These will never change */
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define OPENSSL_VERSION_TEXT	LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

#define SHLIB_VERSION_HISTORY ""
|




|
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
/* $OpenBSD: opensslv.h,v 1.39.4.3 2017/07/07 05:28:12 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER	0x2050500fL
#define LIBRESSL_VERSION_TEXT	"LibreSSL 2.5.5"

/* These will never change */
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define OPENSSL_VERSION_TEXT	LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

#define SHLIB_VERSION_HISTORY ""
Changes to jni/libressl/include/openssl/ossl_typ.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ossl_typ.h,v 1.12 2014/06/12 15:49:27 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ossl_typ.h,v 1.13 2015/09/30 04:10:07 doug Exp $ */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/include/openssl/pem.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem.h,v 1.17 2016/09/04 16:22:54 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
197
198
199
200
201
202
203

204
205
206
207
208
209
210
211
212
213
214
215
	   unsigned char iv[8]; */

	int  data_enc;		/* is the data encrypted */
	int data_len;
	unsigned char *data;
} PEM_CTX;


/* These macros make the PEM_read/PEM_write functions easier to maintain and
 * write. Now they are all implemented with either:
 * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
 */


#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
{ \
return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
}








>




<







197
198
199
200
201
202
203
204
205
206
207
208

209
210
211
212
213
214
215
	   unsigned char iv[8]; */

	int  data_enc;		/* is the data encrypted */
	int data_len;
	unsigned char *data;
} PEM_CTX;

#ifndef LIBRESSL_INTERNAL
/* These macros make the PEM_read/PEM_write functions easier to maintain and
 * write. Now they are all implemented with either:
 * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
 */


#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
{ \
return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
}

301
302
303
304
305
306
307


308
309
310
311
312
313
314
#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
	IMPLEMENT_PEM_read(name, type, str, asn1) \
	IMPLEMENT_PEM_write_const(name, type, str, asn1)

#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
	IMPLEMENT_PEM_read(name, type, str, asn1) \
	IMPLEMENT_PEM_write_cb(name, type, str, asn1)



/* These are the same except they are for the declarations */


#define DECLARE_PEM_read_fp(name, type) \
	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);








>
>







301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
	IMPLEMENT_PEM_read(name, type, str, asn1) \
	IMPLEMENT_PEM_write_const(name, type, str, asn1)

#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
	IMPLEMENT_PEM_read(name, type, str, asn1) \
	IMPLEMENT_PEM_write_cb(name, type, str, asn1)

#endif

/* These are the same except they are for the declarations */


#define DECLARE_PEM_read_fp(name, type) \
	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);

Changes to jni/libressl/include/openssl/pem2.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pem2.h,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
Changes to jni/libressl/include/openssl/pkcs12.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs12.h,v 1.12 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs12.h,v 1.17 2016/12/30 15:08:58 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139


140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159


160
161
162
163
164
165
166
		STACK_OF(PKCS12_SAFEBAG) *safes;
		ASN1_TYPE *other;
	} value;
	STACK_OF(X509_ATTRIBUTE) *attrib;
} PKCS12_SAFEBAG;

DECLARE_STACK_OF(PKCS12_SAFEBAG)
DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)

typedef struct pkcs12_bag_st {
	ASN1_OBJECT *type;
	union {
		ASN1_OCTET_STRING *x509cert;
		ASN1_OCTET_STRING *x509crl;
		ASN1_OCTET_STRING *octet;
		ASN1_IA5STRING *sdsicert;
		ASN1_TYPE *other; /* Secret or other bag */
	} value;
} PKCS12_BAGS;

#define PKCS12_ERROR	0
#define PKCS12_OK	1



/* Compatibility macros */

#define M_PKCS12_x5092certbag PKCS12_x5092certbag
#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag

#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl

#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata

#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
#define M_PKCS8_decrypt PKCS8_decrypt

#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type



#define PKCS12_get_attr(bag, attr_nid) \
			 PKCS12_get_attr_gen(bag->attrib, attr_nid)

#define PKCS8_get_attr(p8, attr_nid) \
		PKCS12_get_attr_gen(p8->attributes, attr_nid)








<















>
>




















>
>







117
118
119
120
121
122
123

124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
		STACK_OF(PKCS12_SAFEBAG) *safes;
		ASN1_TYPE *other;
	} value;
	STACK_OF(X509_ATTRIBUTE) *attrib;
} PKCS12_SAFEBAG;

DECLARE_STACK_OF(PKCS12_SAFEBAG)

DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)

typedef struct pkcs12_bag_st {
	ASN1_OBJECT *type;
	union {
		ASN1_OCTET_STRING *x509cert;
		ASN1_OCTET_STRING *x509crl;
		ASN1_OCTET_STRING *octet;
		ASN1_IA5STRING *sdsicert;
		ASN1_TYPE *other; /* Secret or other bag */
	} value;
} PKCS12_BAGS;

#define PKCS12_ERROR	0
#define PKCS12_OK	1

#ifndef LIBRESSL_INTERNAL

/* Compatibility macros */

#define M_PKCS12_x5092certbag PKCS12_x5092certbag
#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag

#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl

#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata

#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
#define M_PKCS8_decrypt PKCS8_decrypt

#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type

#endif /* !LIBRESSL_INTERNAL */

#define PKCS12_get_attr(bag, attr_nid) \
			 PKCS12_get_attr_gen(bag->attrib, attr_nid)

#define PKCS8_get_attr(p8, attr_nid) \
		PKCS12_get_attr_gen(p8->attributes, attr_nid)

230
231
232
233
234
235
236

237




238



239





240



241
242
243
244
245
246
247
248
249
250
    const EVP_MD *md_type);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
    int saltlen, const EVP_MD *md_type);
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
    unsigned char **uni, int *unilen);
char *OPENSSL_uni2asc(unsigned char *uni, int unilen);


DECLARE_ASN1_FUNCTIONS(PKCS12)




DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)



DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)





DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)




DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)

void PKCS12_PBE_add(void);
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
    STACK_OF(X509) **ca);
PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
    STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
    int mac_iter, int keytype);







>
|
>
>
>
>
|
>
>
>
|
>
>
>
>
>
|
>
>
>

|
|







233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
    const EVP_MD *md_type);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
    int saltlen, const EVP_MD *md_type);
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
    unsigned char **uni, int *unilen);
char *OPENSSL_uni2asc(unsigned char *uni, int unilen);

PKCS12 *PKCS12_new(void);
void PKCS12_free(PKCS12 *a);
PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len);
int i2d_PKCS12(PKCS12 *a, unsigned char **out);
extern const ASN1_ITEM PKCS12_it;
PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len);
int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out);
extern const ASN1_ITEM PKCS12_MAC_DATA_it;
PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len);
int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out);
extern const ASN1_ITEM PKCS12_SAFEBAG_it;
PKCS12_BAGS *PKCS12_BAGS_new(void);
void PKCS12_BAGS_free(PKCS12_BAGS *a);
PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len);
int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out);
extern const ASN1_ITEM PKCS12_BAGS_it;

extern const ASN1_ITEM PKCS12_SAFEBAGS_it;
extern const ASN1_ITEM PKCS12_AUTHSAFES_it;

void PKCS12_PBE_add(void);
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
    STACK_OF(X509) **ca);
PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
    STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
    int mac_iter, int keytype);
Changes to jni/libressl/include/openssl/pkcs7.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs7.h,v 1.13 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pkcs7.h,v 1.18 2016/12/27 16:12:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */

	/* The private key to sign with */
	EVP_PKEY			*pkey;
} PKCS7_SIGNER_INFO;

DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)

typedef struct pkcs7_recip_info_st {
	ASN1_INTEGER			*version;	/* version 0 */
	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
	X509_ALGOR			*key_enc_algor;
	ASN1_OCTET_STRING		*enc_key;
	X509				*cert; /* get the pub-key from this */
} PKCS7_RECIP_INFO;

DECLARE_STACK_OF(PKCS7_RECIP_INFO)
DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)

typedef struct pkcs7_signed_st {
	ASN1_INTEGER			*version;	/* version 1 */
	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
	STACK_OF(X509)			*cert;		/* [ 0 ] */
	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;







<










<







103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118
119

120
121
122
123
124
125
126
	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */

	/* The private key to sign with */
	EVP_PKEY			*pkey;
} PKCS7_SIGNER_INFO;

DECLARE_STACK_OF(PKCS7_SIGNER_INFO)


typedef struct pkcs7_recip_info_st {
	ASN1_INTEGER			*version;	/* version 0 */
	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
	X509_ALGOR			*key_enc_algor;
	ASN1_OCTET_STRING		*enc_key;
	X509				*cert; /* get the pub-key from this */
} PKCS7_RECIP_INFO;

DECLARE_STACK_OF(PKCS7_RECIP_INFO)


typedef struct pkcs7_signed_st {
	ASN1_INTEGER			*version;	/* version 1 */
	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
	STACK_OF(X509)			*cert;		/* [ 0 ] */
	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

		/* Anything else */
		ASN1_TYPE *other;
	} d;
} PKCS7;

DECLARE_STACK_OF(PKCS7)
DECLARE_ASN1_SET_OF(PKCS7)
DECLARE_PKCS12_STACK_OF(PKCS7)

#define PKCS7_OP_SET_DETACHED_SIGNATURE	1
#define PKCS7_OP_GET_DETACHED_SIGNATURE	2

#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)
#define PKCS7_get_attributes(si)	((si)->unauth_attr)







<







206
207
208
209
210
211
212

213
214
215
216
217
218
219

		/* Anything else */
		ASN1_TYPE *other;
	} d;
} PKCS7;

DECLARE_STACK_OF(PKCS7)

DECLARE_PKCS12_STACK_OF(PKCS7)

#define PKCS7_OP_SET_DETACHED_SIGNATURE	1
#define PKCS7_OP_GET_DETACHED_SIGNATURE	2

#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)
#define PKCS7_get_attributes(si)	((si)->unauth_attr)
267
268
269
270
271
272
273




274
275
276
277
278
279
280
281
282
283
284
285




286




287

288







289
290








291

292




293




294



295
296
297
298
299
300
301
302
303
304
305
306
307
#define SMIME_NOCHAIN	PKCS7_NOCHAIN
#define SMIME_NOINTERN	PKCS7_NOINTERN
#define SMIME_NOVERIFY	PKCS7_NOVERIFY
#define SMIME_DETACHED	PKCS7_DETACHED
#define SMIME_BINARY	PKCS7_BINARY
#define SMIME_NOATTR	PKCS7_NOATTR





DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)

int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
    const EVP_MD *type, unsigned char *md, unsigned int *len);
PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
PKCS7 *PKCS7_dup(PKCS7 *p7);
PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);





DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)




DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)

DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)







DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)








DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)

DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)




DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)




DECLARE_ASN1_FUNCTIONS(PKCS7)




DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)

DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
DECLARE_ASN1_PRINT_FUNCTION(PKCS7)

long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);

int PKCS7_set_type(PKCS7 *p7, int type);
int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,







>
>
>
>
|











>
>
>
>
|
>
>
>
>
|
>
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>

|
|

|
|







264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
#define SMIME_NOCHAIN	PKCS7_NOCHAIN
#define SMIME_NOINTERN	PKCS7_NOINTERN
#define SMIME_NOVERIFY	PKCS7_NOVERIFY
#define SMIME_DETACHED	PKCS7_DETACHED
#define SMIME_BINARY	PKCS7_BINARY
#define SMIME_NOATTR	PKCS7_NOATTR

PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void);
void PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a);
PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, const unsigned char **in, long len);
int i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_ISSUER_AND_SERIAL_it;

int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
    const EVP_MD *type, unsigned char *md, unsigned int *len);
PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
PKCS7 *PKCS7_dup(PKCS7 *p7);
PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);

PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void);
void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, const unsigned char **in, long len);
int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_SIGNER_INFO_it;
PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void);
void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, const unsigned char **in, long len);
int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_RECIP_INFO_it;
PKCS7_SIGNED *PKCS7_SIGNED_new(void);
void PKCS7_SIGNED_free(PKCS7_SIGNED *a);
PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, const unsigned char **in, long len);
int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_SIGNED_it;
PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void);
void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, const unsigned char **in, long len);
int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_ENC_CONTENT_it;
PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void);
void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, const unsigned char **in, long len);
int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_ENVELOPE_it;
PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void);
void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, const unsigned char **in, long len);
int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_SIGN_ENVELOPE_it;
PKCS7_DIGEST *PKCS7_DIGEST_new(void);
void PKCS7_DIGEST_free(PKCS7_DIGEST *a);
PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, const unsigned char **in, long len);
int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_DIGEST_it;
PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void);
void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, const unsigned char **in, long len);
int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_ENCRYPT_it;
PKCS7 *PKCS7_new(void);
void PKCS7_free(PKCS7 *a);
PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len);
int i2d_PKCS7(PKCS7 *a, unsigned char **out);
extern const ASN1_ITEM PKCS7_it;

extern const ASN1_ITEM PKCS7_ATTR_SIGN_it;
extern const ASN1_ITEM PKCS7_ATTR_VERIFY_it;

int i2d_PKCS7_NDEF(PKCS7 *a, unsigned char **out);
int PKCS7_print_ctx(BIO *out, PKCS7 *x, int indent, const ASN1_PCTX *pctx);

long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);

int PKCS7_set_type(PKCS7 *p7, int type);
int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
Changes to jni/libressl/include/openssl/poly1305.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: poly1305.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: poly1305.h,v 1.3 2014/07/25 14:04:51 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/include/openssl/rand.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: rand.h,v 1.21 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rand.h,v 1.22 2014/10/22 14:02:52 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/rc2.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc2.h,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc2.h,v 1.11 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/rc4.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: rc4.h,v 1.12 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rc4.h,v 1.13 2015/10/20 15:50:13 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/ripemd.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ripemd.h,v 1.13 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ripemd.h,v 1.14 2014/07/10 22:45:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/rsa.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: rsa.h,v 1.27 2015/02/14 15:10:39 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rsa.h,v 1.29 2016/09/04 17:25:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
289
290
291
292
293
294
295


296


297
298
299
300
301
302
303
304
305
306




307
308
309
310
311
312
313
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);

/* these are the actual SSLeay RSA functions */
const RSA_METHOD *RSA_PKCS1_SSLeay(void);

const RSA_METHOD *RSA_null_method(void);



DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)


DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)

typedef struct rsa_pss_params_st {
	X509_ALGOR *hashAlgorithm;
	X509_ALGOR *maskGenAlgorithm;
	ASN1_INTEGER *saltLength;
	ASN1_INTEGER *trailerField;
} RSA_PSS_PARAMS;

DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)





int RSA_print_fp(FILE *fp, const RSA *r, int offset);

#ifndef OPENSSL_NO_BIO
int RSA_print(BIO *bp, const RSA *r, int offset);
#endif








>
>
|
>
>
|








|
>
>
>
>







289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);

/* these are the actual SSLeay RSA functions */
const RSA_METHOD *RSA_PKCS1_SSLeay(void);

const RSA_METHOD *RSA_null_method(void);

RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len);
int i2d_RSAPublicKey(const RSA *a, unsigned char **out);
extern const ASN1_ITEM RSAPublicKey_it;
RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len);
int i2d_RSAPrivateKey(const RSA *a, unsigned char **out);
extern const ASN1_ITEM RSAPrivateKey_it;

typedef struct rsa_pss_params_st {
	X509_ALGOR *hashAlgorithm;
	X509_ALGOR *maskGenAlgorithm;
	ASN1_INTEGER *saltLength;
	ASN1_INTEGER *trailerField;
} RSA_PSS_PARAMS;

RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void);
void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a);
RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len);
int i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out);
extern const ASN1_ITEM RSA_PSS_PARAMS_it;

int RSA_print_fp(FILE *fp, const RSA *r, int offset);

#ifndef OPENSSL_NO_BIO
int RSA_print(BIO *bp, const RSA *r, int offset);
#endif

Changes to jni/libressl/include/openssl/safestack.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: safestack.h,v 1.15 2016/12/27 16:02:40 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
175
176
177
178
179
180
181

182
183
184
185
186
187
188
#define SKM_sk_pop(type, st) \
	(type *)sk_pop(CHECKED_STACK_OF(type, st))
#define SKM_sk_sort(type, st) \
	sk_sort(CHECKED_STACK_OF(type, st))
#define SKM_sk_is_sorted(type, st) \
	sk_is_sorted(CHECKED_STACK_OF(type, st))


#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
  (STACK_OF(type) *)d2i_ASN1_SET( \
				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
				pp, length, \
				CHECKED_D2I_OF(type, d2i_func), \
				CHECKED_SK_FREE_FUNC(type, free_func), \
				ex_tag, ex_class)







>







175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#define SKM_sk_pop(type, st) \
	(type *)sk_pop(CHECKED_STACK_OF(type, st))
#define SKM_sk_sort(type, st) \
	sk_sort(CHECKED_STACK_OF(type, st))
#define SKM_sk_is_sorted(type, st) \
	sk_is_sorted(CHECKED_STACK_OF(type, st))

#ifndef LIBRESSL_INTERNAL
#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
  (STACK_OF(type) *)d2i_ASN1_SET( \
				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
				pp, length, \
				CHECKED_D2I_OF(type, d2i_func), \
				CHECKED_SK_FREE_FUNC(type, free_func), \
				ex_tag, ex_class)
200
201
202
203
204
205
206

207
208
209
210
211
212
213
	(STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))

#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
				CHECKED_D2I_OF(type, d2i_func), \
				CHECKED_SK_FREE_FUNC(type, free_func), \
				pass, passlen, oct, seq)


/* This block of defines is updated by util/mkstack.pl, please do not touch! */
#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))







>







201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
	(STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))

#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
				CHECKED_D2I_OF(type, d2i_func), \
				CHECKED_SK_FREE_FUNC(type, free_func), \
				pass, passlen, oct, seq)
#endif

/* This block of defines is updated by util/mkstack.pl, please do not touch! */
#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))


#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \







|







2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))

#ifndef LIBRESSL_INTERNAL
#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
2421
2422
2423
2424
2425
2426
2427

2428
2429
2430
2431
2432
2433
2434
	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))

#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))

#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))


#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \







>







2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))

#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))

#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
#endif /* !LIBRESSL_INTERNAL */

#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \
Changes to jni/libressl/include/openssl/sha.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: sha.h,v 1.20 2014/10/20 13:06:54 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: sha.h,v 1.21 2015/09/13 21:09:56 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
Changes to jni/libressl/include/openssl/srtp.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: srtp.h,v 1.5 2014/12/14 15:30:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/ssl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl.h,v 1.95 2015/10/25 15:58:57 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl.h,v 1.127 2017/02/05 15:06:05 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#include <stdint.h>

#include <openssl/opensslconf.h>
#include <openssl/hmac.h>
#include <openssl/pem.h>
#include <openssl/safestack.h>

#ifndef OPENSSL_NO_BIO
#include <openssl/bio.h>
#endif

#ifndef OPENSSL_NO_DEPRECATED
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>

#ifndef OPENSSL_NO_X509







<

<







146
147
148
149
150
151
152

153

154
155
156
157
158
159
160
#include <stdint.h>

#include <openssl/opensslconf.h>
#include <openssl/hmac.h>
#include <openssl/pem.h>
#include <openssl/safestack.h>


#include <openssl/bio.h>


#ifndef OPENSSL_NO_DEPRECATED
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>

#ifndef OPENSSL_NO_X509
349
350
351
352
353
354
355

356
357
358
359
360
361
362
#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM

/* This is needed to stop compilers complaining about the
 * 'struct ssl_st *' function parameters used to prototype callbacks
 * in SSL_CTX. */
typedef struct ssl_st *ssl_crock_st;

typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;

DECLARE_STACK_OF(SSL_CIPHER)








>







347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM

/* This is needed to stop compilers complaining about the
 * 'struct ssl_st *' function parameters used to prototype callbacks
 * in SSL_CTX. */
typedef struct ssl_st *ssl_crock_st;

typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;

DECLARE_STACK_OF(SSL_CIPHER)

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418

419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
	unsigned long algorithm2;	/* Extra flags */
	int strength_bits;		/* Number of bits really used */
	int alg_bits;			/* Number of bits for algorithm */
};


/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_st {
	int version;
	int (*ssl_new)(SSL *s);
	void (*ssl_clear)(SSL *s);
	void (*ssl_free)(SSL *s);
	int (*ssl_accept)(SSL *s);
	int (*ssl_connect)(SSL *s);
	int (*ssl_read)(SSL *s, void *buf, int len);
	int (*ssl_peek)(SSL *s, void *buf, int len);
	int (*ssl_write)(SSL *s, const void *buf, int len);
	int (*ssl_shutdown)(SSL *s);
	int (*ssl_renegotiate)(SSL *s);
	int (*ssl_renegotiate_check)(SSL *s);
	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
	    long max, int *ok);
	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
	    int len, int peek);
	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
	int (*ssl_dispatch_alert)(SSL *s);
	long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
	long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);

	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
	int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
	int (*ssl_pending)(const SSL *s);
	int (*num_ciphers)(void);
	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
	const struct ssl_method_st *(*get_ssl_method)(int version);
	long (*get_timeout)(void);
	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
	int (*ssl_version)(void);
	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};

/* Lets make this into an ASN.1 type structure as follows
 * SSL_SESSION_ID ::= SEQUENCE {
 *	version 		INTEGER,	-- structure version number
 *	SSLversion 		INTEGER,	-- SSL version number
 *	Cipher 			OCTET STRING,	-- the 3 byte cipher ID







|
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<

|
<
>


|
<
<
|
<
<
<
<
<







390
391
392
393
394
395
396
397
398


399













400
401

402
403
404
405


406





407
408
409
410
411
412
413
	unsigned long algorithm2;	/* Extra flags */
	int strength_bits;		/* Number of bits really used */
	int alg_bits;			/* Number of bits for algorithm */
};


/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_internal_st;



struct ssl_method_st {













	int (*ssl_dispatch_alert)(SSL *s);
	int (*num_ciphers)(void);

	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
	int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);



	const struct ssl_method_internal_st *internal;





};

/* Lets make this into an ASN.1 type structure as follows
 * SSL_SESSION_ID ::= SEQUENCE {
 *	version 		INTEGER,	-- structure version number
 *	SSLversion 		INTEGER,	-- SSL version number
 *	Cipher 			OCTET STRING,	-- the 3 byte cipher ID
449
450
451
452
453
454
455


456
457
458
459
460
461

462
463
464

465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483

484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513


514
515
516
517
518
519
520
 *	Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
 *	Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
 *	SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
 *	}
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
 */


struct ssl_session_st {
	int ssl_version;	/* what ssl version session info is
				 * being kept in here? */

	int master_key_length;
	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

	/* session_id - valid? */
	unsigned int session_id_length;
	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

	/* this is used to determine whether the session is being reused in
	 * the appropriate context. It is up to the application to set this,
	 * via SSL_new */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

	/* Used to indicate that session resumption is not allowed.
	 * Applications can also set this bit for a new session via
	 * not_resumable_session_cb to disable session caching and tickets. */
	int not_resumable;

	/* The cert is the certificate used to establish this connection */
	struct sess_cert_st /* SESS_CERT */ *sess_cert;

	/* This is the cert for the other end.
	 * On clients, it will be the same as sess_cert->peer_key->x509
	 * (the latter is not enough as sess_cert is not retained
	 * in the external representation of sessions, see ssl_asn1.c). */
	X509 *peer;

	/* when app_verify_callback accepts a session where the peer's certificate
	 * is not ok, we must remember the error for session reuse: */
	long verify_result; /* only for servers */

	long timeout;
	time_t time;
	int references;

	const SSL_CIPHER *cipher;
	unsigned long cipher_id;	/* when ASN.1 loaded, this
					 * needs to be used to load
					 * the 'cipher' structure */

	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */

	CRYPTO_EX_DATA ex_data; /* application specific data */

	/* These are used to make removal of session-ids more
	 * efficient and to implement a maximum cache size. */
	struct ssl_session_st *prev, *next;
	char *tlsext_hostname;
	size_t tlsext_ecpointformatlist_length;
	uint8_t *tlsext_ecpointformatlist; /* peer's list */
	size_t tlsext_ellipticcurvelist_length;
	uint16_t *tlsext_ellipticcurvelist; /* peer's list */

	/* RFC4507 info */
	unsigned char *tlsext_tick;	/* Session ticket */
	size_t tlsext_ticklen;		/* Session ticket length */
	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */


};

#endif

/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
#define SSL_OP_TLSEXT_PADDING				0x00000010L







>
>






>



>






<
<
<
<
<
<
<
<
|
<
<
<

>















<
<
<
<
<

<
<
<
<





>
>







426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451








452



453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469





470




471
472
473
474
475
476
477
478
479
480
481
482
483
484
 *	Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
 *	Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
 *	SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
 *	}
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
 */
struct ssl_session_internal_st;

struct ssl_session_st {
	int ssl_version;	/* what ssl version session info is
				 * being kept in here? */

	int master_key_length;
	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

	/* session_id - valid? */
	unsigned int session_id_length;
	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

	/* this is used to determine whether the session is being reused in
	 * the appropriate context. It is up to the application to set this,
	 * via SSL_new */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];









	/* This is the cert for the other end. */



	X509 *peer;

	/* when app_verify_callback accepts a session where the peer's certificate
	 * is not ok, we must remember the error for session reuse: */
	long verify_result; /* only for servers */

	long timeout;
	time_t time;
	int references;

	const SSL_CIPHER *cipher;
	unsigned long cipher_id;	/* when ASN.1 loaded, this
					 * needs to be used to load
					 * the 'cipher' structure */

	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */






	char *tlsext_hostname;





	/* RFC4507 info */
	unsigned char *tlsext_tick;	/* Session ticket */
	size_t tlsext_ticklen;		/* Session ticket length */
	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */

	struct ssl_session_internal_st *internal;
};

#endif

/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
#define SSL_OP_TLSEXT_PADDING				0x00000010L
533
534
535
536
537
538
539


540
541
542
543
544
545
546
/* Turn on Cookie Exchange (on relevant for servers) */
#define SSL_OP_COOKIE_EXCHANGE				0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET				0x00004000L

/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L


/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE				0x00100000L
/* Set on servers to choose the cipher according to the server's
 * preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L







>
>







497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
/* Turn on Cookie Exchange (on relevant for servers) */
#define SSL_OP_COOKIE_EXCHANGE				0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET				0x00004000L

/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
/* Disallow client initiated renegotiation. */
#define SSL_OP_NO_CLIENT_RENEGOTIATION			0x00020000L
/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE				0x00100000L
/* Set on servers to choose the cipher according to the server's
 * preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
677
678
679
680
681
682
683
684




685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745


746
747
748
749
750





751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903

struct ssl_comp_st {
	int id;
	const char *name;
};

DECLARE_STACK_OF(SSL_COMP)
DECLARE_LHASH_OF(SSL_SESSION);





struct ssl_ctx_st {
	const SSL_METHOD *method;

	STACK_OF(SSL_CIPHER) *cipher_list;
	/* same as above but sorted for lookup */
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

	struct x509_store_st /* X509_STORE */ *cert_store;
	LHASH_OF(SSL_SESSION) *sessions;
	/* Most session-ids that will be cached, default is
	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
	unsigned long session_cache_size;
	struct ssl_session_st *session_cache_head;
	struct ssl_session_st *session_cache_tail;

	/* This can have one of 2 values, ored together,
	 * SSL_SESS_CACHE_CLIENT,
	 * SSL_SESS_CACHE_SERVER,
	 * Default is SSL_SESSION_CACHE_SERVER, which means only
	 * SSL_accept which cache SSL_SESSIONS. */
	int session_cache_mode;

	/* If timeout is not 0, it is the default timeout value set
	 * when SSL_new() is called.  This has been put in to make
	 * life easier to set things up */
	long session_timeout;

	/* If this callback is not null, it will be called each
	 * time a session id is added to the cache.  If this function
	 * returns 1, it means that the callback will do a
	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
	 * on 0, it means the callback has finished with it.
	 * If remove_session_cb is not null, it will be called when
	 * a session-id is removed from the cache.  After the call,
	 * OpenSSL will SSL_SESSION_free() it. */
	int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
	void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
	unsigned char *data, int len, int *copy);

	struct {
		int sess_connect;	/* SSL new conn - started */
		int sess_connect_renegotiate;/* SSL reneg - requested */
		int sess_connect_good;	/* SSL new conne/reneg - finished */
		int sess_accept;	/* SSL new accept - started */
		int sess_accept_renegotiate;/* SSL reneg - requested */
		int sess_accept_good;	/* SSL accept/reneg - finished */
		int sess_miss;		/* session lookup misses  */
		int sess_timeout;	/* reuse attempt on timeouted session */
		int sess_cache_full;	/* session removed due to full cache */
		int sess_hit;		/* session reuse actually done */
		int sess_cb_hit;	/* session-id that was not
					 * in the cache was
					 * passed back via the callback.  This
					 * indicates that the application is
					 * supplying session-id's from other
					 * processes - spooky :-) */
	} stats;

	int references;



	/* if defined, these override the X509_verify_cert() calls */
	int (*app_verify_callback)(X509_STORE_CTX *, void *);
	void *app_verify_arg;






	/* Default password callback. */
	pem_password_cb *default_passwd_callback;

	/* Default password callback user data. */
	void *default_passwd_callback_userdata;

	/* get client cert callback */
	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

	/* cookie generate callback */
	int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
	unsigned int *cookie_len);

	/* verify cookie callback */
	int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
	unsigned int cookie_len);

	CRYPTO_EX_DATA ex_data;

	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
	const EVP_MD *sha1;	/* For SSLv3/TLSv1 'ssl3-sha1' */

	STACK_OF(X509) *extra_certs;

	/* Default values used when no per-SSL value is defined follow */

	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */

	/* what we put in client cert requests */
	STACK_OF(X509_NAME) *client_CA;


	/* Default values to use in SSL structures follow (these are copied by SSL_new) */

	unsigned long options;
	unsigned long mode;
	long max_cert_list;

	struct cert_st /* CERT */ *cert;
	int read_ahead;

	/* callback that allows applications to peek at protocol messages */
	void (*msg_callback)(int write_p, int version, int content_type,
	    const void *buf, size_t len, SSL *ssl, void *arg);
	void *msg_callback_arg;

	int verify_mode;
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */

	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

	X509_VERIFY_PARAM *param;

	int quiet_shutdown;

	/* Maximum amount of data to send in one fragment.
	 * actual record size can be more than this due to
	 * padding and MAC overheads.
	 */
	unsigned int max_send_fragment;

#ifndef OPENSSL_NO_ENGINE
	/* Engine to pass requests for client certs to
	 */
	ENGINE *client_cert_engine;
#endif

	/* TLS extensions servername callback */
	int (*tlsext_servername_callback)(SSL*, int *, void *);
	void *tlsext_servername_arg;
	/* RFC 4507 session ticket keys */
	unsigned char tlsext_tick_key_name[16];
	unsigned char tlsext_tick_hmac_key[16];
	unsigned char tlsext_tick_aes_key[16];
	/* Callback to support customisation of ticket key setting */
	int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
	    unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);

	/* certificate status request info */
	/* Callback for status request */
	int (*tlsext_status_cb)(SSL *ssl, void *arg);
	void *tlsext_status_arg;




	/* Next protocol negotiation information */
	/* (for experimental NPN extension). */

	/* For a server, this contains a callback function by which the set of
	 * advertised protocols can be provided. */
	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
	    unsigned int *len, void *arg);
	void *next_protos_advertised_cb_arg;
	/* For a client, this contains a callback function that selects the
	 * next protocol from the list provided by the server. */
	int (*next_proto_select_cb)(SSL *s, unsigned char **out,
	    unsigned char *outlen, const unsigned char *in,
	    unsigned int inlen, void *arg);
	void *next_proto_select_cb_arg;

	/*
	 * ALPN information
	 * (we are in the process of transitioning from NPN to ALPN).
	 */

	/*
	 * Server callback function that allows the server to select the
	 * protocol for the connection.
	 *   out: on successful return, this must point to the raw protocol
	 *       name (without the length prefix).
	 *   outlen: on successful return, this contains the length of out.
	 *   in: points to the client's list of supported protocols in
	 *       wire-format.
	 *   inlen: the length of in.
	 */
	int (*alpn_select_cb)(SSL *s, const unsigned char **out,
	    unsigned char *outlen, const unsigned char *in, unsigned int inlen,
	    void *arg);
	void *alpn_select_cb_arg;

	/* Client list of supported protocols in wire format. */
	unsigned char *alpn_client_proto_list;
	unsigned int alpn_client_proto_list_len;

	/* SRTP profiles we are willing to do from RFC 5764 */
	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
};

#endif

#define SSL_SESS_CACHE_OFF			0x0000
#define SSL_SESS_CACHE_CLIENT			0x0001
#define SSL_SESS_CACHE_SERVER			0x0002
#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
#define SSL_SESS_CACHE_NO_INTERNAL \
	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)

LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
#define SSL_CTX_sess_number(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
#define SSL_CTX_sess_connect(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
#define SSL_CTX_sess_connect_good(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
#define SSL_CTX_sess_connect_renegotiate(ctx) \







|
>
>
>
>





<
<


<
<
<
<
<
<
<
<
<
<
<
<
<






<
<
<
<
<
<
<
<
<
<
<
|

|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|

|
>
>

<
|
<

>
>
>
>
>






<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<















|







643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659


660
661













662
663
664
665
666
667











668
669
670
671















672
673
674
675
676
677

678

679
680
681
682
683
684
685
686
687
688
689
690


691

























































































































692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714

struct ssl_comp_st {
	int id;
	const char *name;
};

DECLARE_STACK_OF(SSL_COMP)
struct lhash_st_SSL_SESSION {
	int dummy;
};

struct ssl_ctx_internal_st;

struct ssl_ctx_st {
	const SSL_METHOD *method;

	STACK_OF(SSL_CIPHER) *cipher_list;



	struct x509_store_st /* X509_STORE */ *cert_store;














	/* If timeout is not 0, it is the default timeout value set
	 * when SSL_new() is called.  This has been put in to make
	 * life easier to set things up */
	long session_timeout;












	int references;

	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
















	STACK_OF(X509) *extra_certs;

	int verify_mode;
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];


	X509_VERIFY_PARAM *param;


	/*
	 * XXX
	 * default_passwd_cb used by python and openvpn, need to keep it until we
	 * add an accessor
	 */
	/* Default password callback. */
	pem_password_cb *default_passwd_callback;

	/* Default password callback user data. */
	void *default_passwd_callback_userdata;



	struct ssl_ctx_internal_st *internal;

























































































































};

#endif

#define SSL_SESS_CACHE_OFF			0x0000
#define SSL_SESS_CACHE_CLIENT			0x0001
#define SSL_SESS_CACHE_SERVER			0x0002
#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
#define SSL_SESS_CACHE_NO_INTERNAL \
	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)

struct lhash_st_SSL_SESSION *SSL_CTX_sessions(SSL_CTX *ctx);
#define SSL_CTX_sess_number(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
#define SSL_CTX_sess_connect(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
#define SSL_CTX_sess_connect_good(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
#define SSL_CTX_sess_connect_renegotiate(ctx) \
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
#endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
    unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
    unsigned int cookie_len));
void
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
    unsigned char **out, unsigned char *outlen, const unsigned char *in,
    unsigned int inlen, void *arg), void *arg);

int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, const unsigned char *client,







<
|







756
757
758
759
760
761
762

763
764
765
766
767
768
769
770
#endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
    unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
    unsigned int cookie_len));

void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
    unsigned char **out, unsigned char *outlen, const unsigned char *in,
    unsigned int inlen, void *arg), void *arg);

int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, const unsigned char *client,
987
988
989
990
991
992
993

994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142

1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204


1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216

1217
1218
1219
1220
1221
1222
1223
#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)

#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2

#ifndef OPENSSL_NO_SSL_INTERN


struct ssl_st {
	/* protocol version
	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
	 */
	int version;
	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

	const SSL_METHOD *method; /* SSLv3 */

	/* There are 2 BIO's even though they are normally both the
	 * same.  This is so data can be read and written to different
	 * handlers */

#ifndef OPENSSL_NO_BIO
	BIO *rbio; /* used by SSL_read */
	BIO *wbio; /* used by SSL_write */
	BIO *bbio; /* used during session-id reuse to concatenate
		    * messages */
#else
	char *rbio; /* used by SSL_read */
	char *wbio; /* used by SSL_write */
	char *bbio;
#endif
	/* This holds a variable that indicates what we were doing
	 * when a 0 or -1 is returned.  This is needed for
	 * non-blocking IO so we know what request needs re-doing when
	 * in SSL_accept or SSL_connect */
	int rwstate;

	/* true when we are actually in SSL_accept() or SSL_connect() */
	int in_handshake;
	int (*handshake_func)(SSL *);

	/* Imagine that here's a boolean member "init" that is
	 * switched as soon as SSL_set_{accept/connect}_state
	 * is called for the first time, so that "state" and
	 * "handshake_func" are properly initialized.  But as
	 * handshake_func is == 0 until then, we use this
	 * test instead of an "init" member.
	 */

	int server;	/* are we the server side? - mostly used by SSL_clear*/

	int new_session;/* Generate a new session or reuse an old one.
			 * NB: For servers, the 'new' session may actually be a previously
			 * cached session or even the previous session unless
			 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
	int quiet_shutdown;/* don't send shutdown packets */
	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
			 * for received */
	int state;	/* where we are */
	int rstate;	/* where we are when reading */

	BUF_MEM *init_buf;	/* buffer used during init */
	void *init_msg;		/* pointer to handshake message body, set by ssl3_get_message() */
	int init_num;		/* amount read/written */
	int init_off;		/* amount read/written */

	/* used internally to point at a raw packet */
	unsigned char *packet;
	unsigned int packet_length;

	struct ssl3_state_st *s3; /* SSLv3 variables */
	struct dtls1_state_st *d1; /* DTLSv1 variables */

	int read_ahead;		/* Read as many input bytes as possible
				 * (for non-blocking reads) */

	/* callback that allows applications to peek at protocol messages */
	void (*msg_callback)(int write_p, int version, int content_type,
	    const void *buf, size_t len, SSL *ssl, void *arg);
	void *msg_callback_arg;

	int hit;		/* reusing a previous session */

	X509_VERIFY_PARAM *param;

	/* crypto */
	STACK_OF(SSL_CIPHER) *cipher_list;
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

	/* These are the ones being used, the ones in SSL_SESSION are
	 * the ones to be 'copied' into these ones */
	int mac_flags;

	SSL_AEAD_CTX *aead_read_ctx;	/* AEAD context. If non-NULL, then
					   enc_read_ctx and read_hash are
					   ignored. */

	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
	EVP_MD_CTX *read_hash;			/* used for mac generation */

	SSL_AEAD_CTX *aead_write_ctx;	/* AEAD context. If non-NULL, then
					   enc_write_ctx and write_hash are
					   ignored. */

	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
	EVP_MD_CTX *write_hash;			/* used for mac generation */

	/* session info */

	/* client cert? */
	/* This is used to hold the server certificate used */
	struct cert_st /* CERT */ *cert;

	/* the session_id_context is used to ensure sessions are only reused
	 * in the appropriate context */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

	/* This can also be in the session once a session is established */
	SSL_SESSION *session;

	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

	/* Used in SSL2 and SSL3 */
	int verify_mode;	/* 0 don't care about verify failure.
				 * 1 fail if verify fails */
	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */

	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */

	int error;		/* error bytes to be written */
	int error_code;		/* actual code */



	SSL_CTX *ctx;
	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
	 * and SSL_write() calls, good for nbio debuging :-) */
	int debug;


	/* extra application data */
	long verify_result;
	CRYPTO_EX_DATA ex_data;

	/* for server side, keep the list of CA_dn we can use */
	STACK_OF(X509_NAME) *client_CA;

	int references;
	unsigned long options; /* protocol behaviour */
	unsigned long mode; /* API behaviour */
	long max_cert_list;
	int first_packet;
	int client_version;	/* what was passed, used for
				 * SSLv3/TLS rollback check */

	unsigned int max_send_fragment;
	/* TLS extension debug callback */
	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
	    unsigned char *data, int len, void *arg);
	void *tlsext_debug_arg;
	char *tlsext_hostname;
	int servername_done;	/* no further mod of servername
				   0 : call the servername extension callback.
				   1 : prepare 2, allow last ack just after in server callback.
				   2 : don't call servername callback, no ack in server hello
				   */
	/* certificate status request info */
	/* Status type or -1 if no status type */
	int tlsext_status_type;
	/* Expect OCSP CertificateStatus message */
	int tlsext_status_expected;
	/* OCSP status request only */
	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
	X509_EXTENSIONS *tlsext_ocsp_exts;
	/* OCSP response received or to be sent */
	unsigned char *tlsext_ocsp_resp;
	int tlsext_ocsp_resplen;

	/* RFC4507 session ticket expected to be received or sent */
	int tlsext_ticket_expected;
	size_t tlsext_ecpointformatlist_length;
	uint8_t *tlsext_ecpointformatlist; /* our list */
	size_t tlsext_ellipticcurvelist_length;
	uint16_t *tlsext_ellipticcurvelist; /* our list */

	/* TLS Session Ticket extension override */
	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;

	/* TLS Session Ticket extension callback */
	tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
	void *tls_session_ticket_ext_cb_arg;

	/* TLS pre-shared secret session resumption */
	tls_session_secret_cb_fn tls_session_secret_cb;
	void *tls_session_secret_cb_arg;

	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

	/* Next protocol negotiation. For the client, this is the protocol that
	 * we sent in NextProtocol and is set when handling ServerHello
	 * extensions.
	 *
	 * For a server, this is the client's selected_protocol from
	 * NextProtocol and is set when handling the NextProtocol message,
	 * before the Finished message. */
	unsigned char *next_proto_negotiated;
	unsigned char next_proto_negotiated_len;

#define session_ctx initial_ctx

	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;	/* What we'll do */
	SRTP_PROTECTION_PROFILE *srtp_profile;			/* What's been chosen */

	unsigned int tlsext_heartbeat;	/* Is use of the Heartbeat extension negotiated?
					   0: disabled
					   1: enabled
					   2: enabled, but not allowed to send Requests


					   */
	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
	unsigned int tlsext_hb_seq;	/* HeartbeatRequest sequence number */

	/* Client list of supported protocols in wire format. */
	unsigned char *alpn_client_proto_list;
	unsigned int alpn_client_proto_list_len;

	int renegotiate;/* 1 if we are renegotiating.
		 	 * 2 if we are a server and are inside a handshake
	                 * (i.e. not just sending a HelloRequest) */


};

#endif

#ifdef __cplusplus
}
#endif







>






<







<




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



<
<
<
<
<
<
<
<
<
<




<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<











<
<
<



<
<
<
<



<
<

<
<
<

<
<

<

<
<
<

|
<
<
<


>

|
<
<
<

|
<
<
<
<



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


<
<
<
<
<
<
<
<
<
<
<


<
<
|
<
<
<
|
>
>
|
<
<
|
<
<
<
|
<
<
<

>







797
798
799
800
801
802
803
804
805
806
807
808
809
810

811
812
813
814
815
816
817

818
819
820
821























822
823



















824
825
826










827
828
829
830

831





















832
833
834
835
836
837
838
839
840
841
842



843
844
845




846
847
848


849



850


851

852



853
854



855
856
857
858
859



860
861




862
863
864


























865
866











867
868


869



870
871
872
873


874



875



876
877
878
879
880
881
882
883
884
#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)

#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2

#ifndef OPENSSL_NO_SSL_INTERN
struct ssl_internal_st;

struct ssl_st {
	/* protocol version
	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
	 */
	int version;


	const SSL_METHOD *method; /* SSLv3 */

	/* There are 2 BIO's even though they are normally both the
	 * same.  This is so data can be read and written to different
	 * handlers */


	BIO *rbio; /* used by SSL_read */
	BIO *wbio; /* used by SSL_write */
	BIO *bbio; /* used during session-id reuse to concatenate
		    * messages */























	int server;	/* are we the server side? - mostly used by SSL_clear*/




















	struct ssl3_state_st *s3; /* SSLv3 variables */
	struct dtls1_state_st *d1; /* DTLSv1 variables */











	X509_VERIFY_PARAM *param;

	/* crypto */
	STACK_OF(SSL_CIPHER) *cipher_list;























	/* This is used to hold the server certificate used */
	struct cert_st /* CERT */ *cert;

	/* the session_id_context is used to ensure sessions are only reused
	 * in the appropriate context */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

	/* This can also be in the session once a session is established */
	SSL_SESSION *session;




	/* Used in SSL2 and SSL3 */
	int verify_mode;	/* 0 don't care about verify failure.
				 * 1 fail if verify fails */




	int error;		/* error bytes to be written */
	int error_code;		/* actual code */



	SSL_CTX *ctx;






	long verify_result;





	int references;




	int client_version;	/* what was passed, used for
				 * SSLv3/TLS rollback check */

	unsigned int max_send_fragment;




	char *tlsext_hostname;





	/* certificate status request info */
	/* Status type or -1 if no status type */
	int tlsext_status_type;



























	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */











#define session_ctx initial_ctx



	/*



	 * XXX really should be internal, but is
	 * touched unnaturally by wpa-supplicant
	 * and freeradius and other perversions
	 */


	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */



	EVP_MD_CTX *read_hash;			/* used for mac generation */




	struct ssl_internal_st *internal;
};

#endif

#ifdef __cplusplus
}
#endif
1314
1315
1316
1317
1318
1319
1320




1321

1322
1323
1324
1325
1326
1327
1328
#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))

#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)





DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)


#define SSL_AD_REASON_OFFSET		1000 /* offset to get SSL_R_... value from SSL_AD_... */

/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */







>
>
>
>
|
>







975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))

#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)

SSL_SESSION *PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x,
    pem_password_cb *cb, void *u);
SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
    pem_password_cb *cb, void *u);
int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);

#define SSL_AD_REASON_OFFSET		1000 /* offset to get SSL_R_... value from SSL_AD_... */

/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
1450
1451
1452
1453
1454
1455
1456



1457


1458
1459
1460
1461
1462
1463
1464
#define SSL_CTRL_GET_RI_SUPPORT			76
#define SSL_CTRL_CLEAR_OPTIONS			77
#define SSL_CTRL_CLEAR_MODE			78

#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83




#define SSL_CTRL_SET_ECDH_AUTO				94



#define SSL_CTRL_SET_DH_AUTO			118

#define DTLSv1_get_timeout(ssl, arg) \
	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)







>
>
>
|
>
>







1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
#define SSL_CTRL_GET_RI_SUPPORT			76
#define SSL_CTRL_CLEAR_OPTIONS			77
#define SSL_CTRL_CLEAR_MODE			78

#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83

#define SSL_CTRL_SET_GROUPS				91
#define SSL_CTRL_SET_GROUPS_LIST			92

#define SSL_CTRL_SET_ECDH_AUTO			94

#define SSL_CTRL_GET_SERVER_TMP_KEY		109

#define SSL_CTRL_SET_DH_AUTO			118

#define DTLSv1_get_timeout(ssl, arg) \
	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1495
1496
1497
1498
1499
1500
1501
















1502
1503
1504
1505
1506
1507
1508
1509


1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
#define SSL_set_tmp_ecdh(ssl,ecdh) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
#define SSL_set_dh_auto(s, onoff) \
	SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
#define SSL_set_ecdh_auto(s, onoff) \
	SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)

















#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)



#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
int BIO_ssl_copy_session_id(BIO *to, BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);
#endif

int	SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
void	SSL_CTX_free(SSL_CTX *);
long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








>
>
|






<







1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205

1206
1207
1208
1209
1210
1211
1212
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
#define SSL_set_tmp_ecdh(ssl,ecdh) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
#define SSL_set_dh_auto(s, onoff) \
	SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
#define SSL_set_ecdh_auto(s, onoff) \
	SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)

int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len);
int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);

int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len);
int SSL_set1_groups_list(SSL *ssl, const char *groups);

#ifndef LIBRESSL_INTERNAL
#define SSL_CTRL_SET_CURVES			SSL_CTRL_SET_GROUPS
#define SSL_CTRL_SET_CURVES_LIST		SSL_CTRL_SET_GROUPS_LIST

#define SSL_CTX_set1_curves SSL_CTX_set1_groups
#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list
#define SSL_set1_curves SSL_set1_groups
#define SSL_set1_curves_list SSL_set1_groups_list
#endif

#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)

#define SSL_get_server_tmp_key(s, pk) \
	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)

BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
int BIO_ssl_copy_session_id(BIO *to, BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);


int	SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
void	SSL_CTX_free(SSL_CTX *);
long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
const char  * SSL_get_cipher_list(const SSL *s, int n);
char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
int	SSL_get_read_ahead(const SSL * s);
int	SSL_pending(const SSL *s);
int	SSL_set_fd(SSL *s, int fd);
int	SSL_set_rfd(SSL *s, int fd);
int	SSL_set_wfd(SSL *s, int fd);
#ifndef OPENSSL_NO_BIO
void	SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
BIO *	SSL_get_rbio(const SSL *s);
BIO *	SSL_get_wbio(const SSL *s);
#endif
int	SSL_set_cipher_list(SSL *s, const char *str);
void	SSL_set_read_ahead(SSL *s, int yes);
int	SSL_get_verify_mode(const SSL *s);
int	SSL_get_verify_depth(const SSL *s);
int	(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
void	SSL_set_verify(SSL *s, int mode,
	    int (*callback)(int ok, X509_STORE_CTX *ctx));







<



<







1231
1232
1233
1234
1235
1236
1237

1238
1239
1240

1241
1242
1243
1244
1245
1246
1247
const char  * SSL_get_cipher_list(const SSL *s, int n);
char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
int	SSL_get_read_ahead(const SSL * s);
int	SSL_pending(const SSL *s);
int	SSL_set_fd(SSL *s, int fd);
int	SSL_set_rfd(SSL *s, int fd);
int	SSL_set_wfd(SSL *s, int fd);

void	SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
BIO *	SSL_get_rbio(const SSL *s);
BIO *	SSL_get_wbio(const SSL *s);

int	SSL_set_cipher_list(SSL *s, const char *str);
void	SSL_set_read_ahead(SSL *s, int yes);
int	SSL_get_verify_mode(const SSL *s);
int	SSL_get_verify_depth(const SSL *s);
int	(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
void	SSL_set_verify(SSL *s, int mode,
	    int (*callback)(int ok, X509_STORE_CTX *ctx));
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
long	SSL_SESSION_get_time(const SSL_SESSION *s);
long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
void	SSL_copy_session_id(SSL *to, const SSL *from);
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
int
SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);

SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
	    unsigned int *len);
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
int	SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
#ifndef OPENSSL_NO_BIO
int	SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
#endif
void	SSL_SESSION_free(SSL_SESSION *ses);
int	i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
int	SSL_set_session(SSL *to, SSL_SESSION *session);
int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
int	SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);







|
<
|
|






<

<







1273
1274
1275
1276
1277
1278
1279
1280

1281
1282
1283
1284
1285
1286
1287
1288

1289

1290
1291
1292
1293
1294
1295
1296
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
long	SSL_SESSION_get_time(const SSL_SESSION *s);
long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
void	SSL_copy_session_id(SSL *to, const SSL *from);
X509	*SSL_SESSION_get0_peer(SSL_SESSION *s);

int	SSL_SESSION_set1_id_context(SSL_SESSION *s,
	    const unsigned char *sid_ctx, unsigned int sid_ctx_len);

SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
	    unsigned int *len);
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
int	SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);

int	SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);

void	SSL_SESSION_free(SSL_SESSION *ses);
int	i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
int	SSL_set_session(SSL *to, SSL_SESSION *session);
int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
int	SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
2371
2372
2373
2374
2375
2376
2377

2378
2379
2380
2381
2382
#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
#define SSL_R_WRONG_SIGNATURE_SIZE			 265
#define SSL_R_WRONG_SIGNATURE_TYPE			 370
#define SSL_R_WRONG_SSL_VERSION				 266
#define SSL_R_WRONG_VERSION_NUMBER			 267
#define SSL_R_X509_LIB					 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269


#ifdef  __cplusplus
}
#endif
#endif







>





2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
#define SSL_R_WRONG_SIGNATURE_SIZE			 265
#define SSL_R_WRONG_SIGNATURE_TYPE			 370
#define SSL_R_WRONG_SSL_VERSION				 266
#define SSL_R_WRONG_VERSION_NUMBER			 267
#define SSL_R_X509_LIB					 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
#define SSL_R_PEER_BEHAVING_BADLY			 666

#ifdef  __cplusplus
}
#endif
#endif
Changes to jni/libressl/include/openssl/ssl2.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl2.h,v 1.11 2014/08/11 04:45:19 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl2.h,v 1.12 2014/12/14 15:30:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/ssl23.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl23.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl23.h,v 1.4 2014/12/14 15:30:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/ssl3.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl3.h,v 1.40 2015/07/18 19:41:54 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
113
114
115
116
117
118
119

120
121
122
123
124
125
126
 * ECC cipher suite support in OpenSSL originally developed by
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */

#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H


#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>

#ifdef  __cplusplus
extern "C" {
#endif







>







113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
 * ECC cipher suite support in OpenSSL originally developed by
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */

#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H

#include <openssl/opensslconf.h>
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>

#ifdef  __cplusplus
extern "C" {
#endif
354
355
356
357
358
359
360


361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
#define TLS1_FLAGS_TLS_PADDING_BUG		0x0
#define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
#define SSL3_FLAGS_CCS_OK			0x0080

#ifndef OPENSSL_NO_SSL_INTERN



typedef struct ssl3_state_st {
	long flags;
	int delay_buf_pop_ret;

	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
	int read_mac_secret_size;
	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
	int write_mac_secret_size;
	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];

	unsigned char server_random[SSL3_RANDOM_SIZE];
	unsigned char client_random[SSL3_RANDOM_SIZE];

	/* flags for countermeasure against known-IV weakness */
	int need_empty_fragments;
	int empty_fragment_done;

	SSL3_BUFFER rbuf;	/* read IO goes into here */
	SSL3_BUFFER wbuf;	/* write IO goes into here */

	SSL3_RECORD rrec;	/* each decoded record goes in here */
	SSL3_RECORD wrec;	/* goes out from here */

	/* storage for Alert/Handshake protocol data received but not
	 * yet processed by ssl3_read_bytes: */
	unsigned char alert_fragment[2];
	unsigned int alert_fragment_len;
	unsigned char handshake_fragment[4];
	unsigned int handshake_fragment_len;

	/* partial write - check the numbers match */
	unsigned int wnum;	/* number of bytes sent so far */
	int wpend_tot;		/* number bytes written */
	int wpend_type;
	int wpend_ret;		/* number of bytes submitted */
	const unsigned char *wpend_buf;

	/* used during startup, digest all incoming/outgoing packets */
	BIO *handshake_buffer;
	/* When set of handshake digests is determined, buffer is hashed
	 * and freed and MD_CTX-es for all required digests are stored in
	 * this array */
	EVP_MD_CTX **handshake_dgst;
	/* this is set whenerver we see a change_cipher_spec message
	 * come in when we are not looking for one */
	int change_cipher_spec;

	int warn_alert;
	int fatal_alert;
	/* we allow one fatal and one warning alert to be outstanding,
	 * send close alert via the warning alert */
	int alert_dispatch;
	unsigned char send_alert[2];

	/* This flag is set when we should renegotiate ASAP, basically when
	 * there is no more data in the read or write buffers */
	int renegotiate;
	int total_renegotiations;
	int num_renegotiations;

	int in_read_app_data;

	struct	{
		/* actually only needs to be 16+20 */
		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
		int finish_md_len;
		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
		int peer_finish_md_len;

		unsigned long message_size;
		int message_type;

		/* used to hold the new cipher we are going to use */
		const SSL_CIPHER *new_cipher;
		DH *dh;

		EC_KEY *ecdh; /* holds short lived ECDH key */

		/* used when SSL_ST_FLUSH_DATA is entered */
		int next_state;

		int reuse_message;

		/* used for certificate requests */
		int cert_req;
		int ctype_num;
		char ctype[SSL3_CT_NUMBER];
		STACK_OF(X509_NAME) *ca_names;

		int key_block_length;
		unsigned char *key_block;

		const EVP_CIPHER *new_sym_enc;
		const EVP_AEAD *new_aead;
		const EVP_MD *new_hash;
		int new_mac_pkey_type;
		int new_mac_secret_size;
		int cert_request;
	} tmp;

	/* Connection binding to prevent renegotiation attacks */
	unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
	unsigned char previous_client_finished_len;
	unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
	unsigned char previous_server_finished_len;
	int send_connection_binding; /* TODOEKR */

	/* Set if we saw the Next Protocol Negotiation extension from our peer.
	 */
	int next_proto_neg_seen;

	/*
	 * ALPN information
	 * (we are in the process of transitioning from NPN to ALPN).
	 */

	/*
	 * In a server these point to the selected ALPN protocol after the
	 * ClientHello has been processed. In a client these contain the
	 * protocol that the server selected once the ServerHello has been
	 * processed.
	 */
	unsigned char *alpn_selected;
	unsigned int alpn_selected_len;
} SSL3_STATE;

#endif

/* SSLv3 */
/*client */
/* extra state */







>
>


<
<
<
<
<
<
<
<




<
<
<
<



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<


<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







355
356
357
358
359
360
361
362
363
364
365








366
367
368
369




370
371
372





























373
374
375
376
377








378




































379

380
381






382

















383
384
385
386
387
388
389
#define TLS1_FLAGS_TLS_PADDING_BUG		0x0
#define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
#define SSL3_FLAGS_CCS_OK			0x0080

#ifndef OPENSSL_NO_SSL_INTERN

struct ssl3_state_internal_st;

typedef struct ssl3_state_st {
	long flags;









	unsigned char server_random[SSL3_RANDOM_SIZE];
	unsigned char client_random[SSL3_RANDOM_SIZE];





	SSL3_BUFFER rbuf;	/* read IO goes into here */
	SSL3_BUFFER wbuf;	/* write IO goes into here */






























	/* we allow one fatal and one warning alert to be outstanding,
	 * send close alert via the warning alert */
	int alert_dispatch;
	unsigned char send_alert[2];









	struct {




































		int new_mac_secret_size;

	} tmp;







	struct ssl3_state_internal_st *internal;

















} SSL3_STATE;

#endif

/* SSLv3 */
/*client */
/* extra state */
Changes to jni/libressl/include/openssl/stack.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: stack.h,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/tls1.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls1.h,v 1.27 2016/03/07 19:33:26 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls1.h,v 1.29 2017/03/25 14:15:11 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262

/* ExtensionType value from RFC 5620. */
#define TLSEXT_TYPE_heartbeat	15

/* ExtensionType value from RFC 7301. */
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16

/* ExtensionType value for TLS padding extension.
 * (TEMPORARY - registered 2014-03-12, expires 2015-03-12)
 * https://tools.ietf.org/html/draft-agl-tls-padding-03
 */
#define TLSEXT_TYPE_padding	21

/* ExtensionType value from RFC 4507. */
#define TLSEXT_TYPE_session_ticket		35

/* Temporary extension type */
#define TLSEXT_TYPE_renegotiate                 0xff01







|
<
<
<







245
246
247
248
249
250
251
252



253
254
255
256
257
258
259

/* ExtensionType value from RFC 5620. */
#define TLSEXT_TYPE_heartbeat	15

/* ExtensionType value from RFC 7301. */
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16

/* ExtensionType value from RFC 7685. */



#define TLSEXT_TYPE_padding	21

/* ExtensionType value from RFC 4507. */
#define TLSEXT_TYPE_session_ticket		35

/* Temporary extension type */
#define TLSEXT_TYPE_renegotiate                 0xff01
Changes to jni/libressl/include/openssl/ts.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ts.h,v 1.6 2014/06/12 15:49:30 deraadt Exp $ */
/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
 * project 2002, 2003, 2004.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ts.h,v 1.8 2016/12/27 16:05:57 jsing Exp $ */
/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
 * project 2002, 2003, 2004.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
typedef struct TS_status_info_st {
	ASN1_INTEGER *status;
	STACK_OF(ASN1_UTF8STRING) *text;
	ASN1_BIT_STRING *failure_info;
} TS_STATUS_INFO;

DECLARE_STACK_OF(ASN1_UTF8STRING)
DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)

/*
TimeStampResp ::= SEQUENCE  {
     status                  PKIStatusInfo,
     timeStampToken          TimeStampToken     OPTIONAL }
*/








<







207
208
209
210
211
212
213

214
215
216
217
218
219
220
typedef struct TS_status_info_st {
	ASN1_INTEGER *status;
	STACK_OF(ASN1_UTF8STRING) *text;
	ASN1_BIT_STRING *failure_info;
} TS_STATUS_INFO;

DECLARE_STACK_OF(ASN1_UTF8STRING)


/*
TimeStampResp ::= SEQUENCE  {
     status                  PKIStatusInfo,
     timeStampToken          TimeStampToken     OPTIONAL }
*/

248
249
250
251
252
253
254
255
256
257
258
259
260
261
262

typedef struct ESS_cert_id {
	ASN1_OCTET_STRING *hash;	/* Always SHA-1 digest. */
	ESS_ISSUER_SERIAL *issuer_serial;
} ESS_CERT_ID;

DECLARE_STACK_OF(ESS_CERT_ID)
DECLARE_ASN1_SET_OF(ESS_CERT_ID)

/*
SigningCertificate ::=  SEQUENCE {
       certs        SEQUENCE OF ESSCertID,
       policies     SEQUENCE OF PolicyInformation OPTIONAL
}
*/







<







247
248
249
250
251
252
253

254
255
256
257
258
259
260

typedef struct ESS_cert_id {
	ASN1_OCTET_STRING *hash;	/* Always SHA-1 digest. */
	ESS_ISSUER_SERIAL *issuer_serial;
} ESS_CERT_ID;

DECLARE_STACK_OF(ESS_CERT_ID)


/*
SigningCertificate ::=  SEQUENCE {
       certs        SEQUENCE OF ESSCertID,
       policies     SEQUENCE OF PolicyInformation OPTIONAL
}
*/
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
	/* These members are used only while creating the response. */
	TS_REQ		*request;
	TS_RESP		*response;
	TS_TST_INFO	*tst_info;
} TS_RESP_CTX;

DECLARE_STACK_OF(EVP_MD)
DECLARE_ASN1_SET_OF(EVP_MD)

/* Creates a response context that can be used for generating responses. */
TS_RESP_CTX *TS_RESP_CTX_new(void);
void TS_RESP_CTX_free(TS_RESP_CTX *ctx);

/* This parameter must be set. */
int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);







<







508
509
510
511
512
513
514

515
516
517
518
519
520
521
	/* These members are used only while creating the response. */
	TS_REQ		*request;
	TS_RESP		*response;
	TS_TST_INFO	*tst_info;
} TS_RESP_CTX;

DECLARE_STACK_OF(EVP_MD)


/* Creates a response context that can be used for generating responses. */
TS_RESP_CTX *TS_RESP_CTX_new(void);
void TS_RESP_CTX_free(TS_RESP_CTX *ctx);

/* This parameter must be set. */
int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
Changes to jni/libressl/include/openssl/txt_db.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: txt_db.h,v 1.8 2014/06/12 15:49:31 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: txt_db.h,v 1.9 2014/07/10 22:45:58 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Changes to jni/libressl/include/openssl/ui.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ui.h,v 1.8 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui.h,v 1.9 2014/07/10 22:45:58 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/include/openssl/ui_compat.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ui_compat.h,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
/* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
Changes to jni/libressl/include/openssl/whrlpool.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: whrlpool.h,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */

#include <stddef.h>

#ifndef HEADER_WHRLPOOL_H
#define HEADER_WHRLPOOL_H

#include <openssl/opensslconf.h>
|







1
2
3
4
5
6
7
8
/* $OpenBSD: whrlpool.h,v 1.5 2014/07/10 22:45:58 jsing Exp $ */

#include <stddef.h>

#ifndef HEADER_WHRLPOOL_H
#define HEADER_WHRLPOOL_H

#include <openssl/opensslconf.h>
Changes to jni/libressl/include/openssl/x509.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509.h,v 1.22 2015/02/11 02:17:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509.h,v 1.26 2016/12/27 16:05:57 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

struct X509_algor_st
	{
	ASN1_OBJECT *algorithm;
	ASN1_TYPE *parameter;
	} /* X509_ALGOR */;

DECLARE_ASN1_SET_OF(X509_ALGOR)

typedef STACK_OF(X509_ALGOR) X509_ALGORS;

typedef struct X509_val_st
	{
	ASN1_TIME *notBefore;
	ASN1_TIME *notAfter;







<







149
150
151
152
153
154
155

156
157
158
159
160
161
162

struct X509_algor_st
	{
	ASN1_OBJECT *algorithm;
	ASN1_TYPE *parameter;
	} /* X509_ALGOR */;



typedef STACK_OF(X509_ALGOR) X509_ALGORS;

typedef struct X509_val_st
	{
	ASN1_TIME *notBefore;
	ASN1_TIME *notAfter;
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
	ASN1_OBJECT *object;
	ASN1_STRING *value;
	int set;
	int size; 	/* temp variable */
	} X509_NAME_ENTRY;

DECLARE_STACK_OF(X509_NAME_ENTRY)
DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)

/* we always keep X509_NAMEs in 2 forms. */
struct X509_name_st
	{
	STACK_OF(X509_NAME_ENTRY) *entries;
	int modified;	/* true if 'bytes' needs to be built */
#ifndef OPENSSL_NO_BUFFER







<







180
181
182
183
184
185
186

187
188
189
190
191
192
193
	ASN1_OBJECT *object;
	ASN1_STRING *value;
	int set;
	int size; 	/* temp variable */
	} X509_NAME_ENTRY;

DECLARE_STACK_OF(X509_NAME_ENTRY)


/* we always keep X509_NAMEs in 2 forms. */
struct X509_name_st
	{
	STACK_OF(X509_NAME_ENTRY) *entries;
	int modified;	/* true if 'bytes' needs to be built */
#ifndef OPENSSL_NO_BUFFER
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
	ASN1_BOOLEAN critical;
	ASN1_OCTET_STRING *value;
	} X509_EXTENSION;

typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;

DECLARE_STACK_OF(X509_EXTENSION)
DECLARE_ASN1_SET_OF(X509_EXTENSION)

/* a sequence of these are used */
typedef struct x509_attributes_st
	{
	ASN1_OBJECT *object;
	int single; /* 0 for a set, 1 for a single item (which is wrong) */
	union	{
		char		*ptr;
/* 0 */		STACK_OF(ASN1_TYPE) *set;
/* 1 */		ASN1_TYPE	*single;
		} value;
	} X509_ATTRIBUTE;

DECLARE_STACK_OF(X509_ATTRIBUTE)
DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)


typedef struct X509_req_info_st
	{
	ASN1_ENCODING enc;
	ASN1_INTEGER *version;
	X509_NAME *subject;







<














<







210
211
212
213
214
215
216

217
218
219
220
221
222
223
224
225
226
227
228
229
230

231
232
233
234
235
236
237
	ASN1_BOOLEAN critical;
	ASN1_OCTET_STRING *value;
	} X509_EXTENSION;

typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;

DECLARE_STACK_OF(X509_EXTENSION)


/* a sequence of these are used */
typedef struct x509_attributes_st
	{
	ASN1_OBJECT *object;
	int single; /* 0 for a set, 1 for a single item (which is wrong) */
	union	{
		char		*ptr;
/* 0 */		STACK_OF(ASN1_TYPE) *set;
/* 1 */		ASN1_TYPE	*single;
		} value;
	} X509_ATTRIBUTE;

DECLARE_STACK_OF(X509_ATTRIBUTE)



typedef struct X509_req_info_st
	{
	ASN1_ENCODING enc;
	ASN1_INTEGER *version;
	X509_NAME *subject;
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
#ifndef OPENSSL_NO_SHA
	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
	X509_CERT_AUX *aux;
	} /* X509 */;

DECLARE_STACK_OF(X509)
DECLARE_ASN1_SET_OF(X509)

/* This is used for a table of trust checking functions */

typedef struct x509_trust_st {
	int trust;
	int flags;
	int (*check_trust)(struct x509_trust_st *, X509 *, int);







<







303
304
305
306
307
308
309

310
311
312
313
314
315
316
#ifndef OPENSSL_NO_SHA
	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
	X509_CERT_AUX *aux;
	} /* X509 */;

DECLARE_STACK_OF(X509)


/* This is used for a table of trust checking functions */

typedef struct x509_trust_st {
	int trust;
	int flags;
	int (*check_trust)(struct x509_trust_st *, X509 *, int);
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
	STACK_OF(GENERAL_NAME) *issuer;
	/* Revocation reason */
	int reason;
	int sequence; /* load sequence */
	};

DECLARE_STACK_OF(X509_REVOKED)
DECLARE_ASN1_SET_OF(X509_REVOKED)

typedef struct X509_crl_info_st
	{
	ASN1_INTEGER *version;
	X509_ALGOR *sig_alg;
	X509_NAME *issuer;
	ASN1_TIME *lastUpdate;







<







437
438
439
440
441
442
443

444
445
446
447
448
449
450
	STACK_OF(GENERAL_NAME) *issuer;
	/* Revocation reason */
	int reason;
	int sequence; /* load sequence */
	};

DECLARE_STACK_OF(X509_REVOKED)


typedef struct X509_crl_info_st
	{
	ASN1_INTEGER *version;
	X509_ALGOR *sig_alg;
	X509_NAME *issuer;
	ASN1_TIME *lastUpdate;
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
#endif
	STACK_OF(GENERAL_NAMES) *issuers;
	const X509_CRL_METHOD *meth;
	void *meth_data;
	} /* X509_CRL */;

DECLARE_STACK_OF(X509_CRL)
DECLARE_ASN1_SET_OF(X509_CRL)

typedef struct private_key_st
	{
	int version;
	/* The PKCS#8 data types */
	X509_ALGOR *enc_algor;
	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */







<







476
477
478
479
480
481
482

483
484
485
486
487
488
489
#endif
	STACK_OF(GENERAL_NAMES) *issuers;
	const X509_CRL_METHOD *meth;
	void *meth_data;
	} /* X509_CRL */;

DECLARE_STACK_OF(X509_CRL)


typedef struct private_key_st
	{
	int version;
	/* The PKCS#8 data types */
	X509_ALGOR *enc_algor;
	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */
785
786
787
788
789
790
791
792
793







794



795

796



797
798
799
800
801
802
803
const char *	X509_get_default_cert_dir_env(void );
const char *	X509_get_default_cert_file_env(void );
const char *	X509_get_default_private_dir(void );

X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);

DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)







DECLARE_ASN1_FUNCTIONS(X509_VAL)





DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)




int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
					   STACK_OF(X509) *chain);
int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,







|
|
>
>
>
>
>
>
>
|
>
>
>

>
|
>
>
>







778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
const char *	X509_get_default_cert_dir_env(void );
const char *	X509_get_default_cert_file_env(void );
const char *	X509_get_default_private_dir(void );

X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);

X509_ALGOR *X509_ALGOR_new(void);
void X509_ALGOR_free(X509_ALGOR *a);
X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len);
int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **out);
extern const ASN1_ITEM X509_ALGOR_it;
X509_ALGORS *d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len);
int i2d_X509_ALGORS(X509_ALGORS *a, unsigned char **out);
extern const ASN1_ITEM X509_ALGORS_it;
X509_VAL *X509_VAL_new(void);
void X509_VAL_free(X509_VAL *a);
X509_VAL *d2i_X509_VAL(X509_VAL **a, const unsigned char **in, long len);
int i2d_X509_VAL(X509_VAL *a, unsigned char **out);
extern const ASN1_ITEM X509_VAL_it;

X509_PUBKEY *X509_PUBKEY_new(void);
void X509_PUBKEY_free(X509_PUBKEY *a);
X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len);
int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out);
extern const ASN1_ITEM X509_PUBKEY_it;

int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
					   STACK_OF(X509) *chain);
int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
814
815
816
817
818
819
820

821




822




823



824
825




826
827
828





829

830

831



832

833



834
835
836

837



838

839




840



841
842




843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861

862




863




864



865
866
867
868
869
870
871
872
873

874



875





876



877
878
879
880
881
882
883
#endif
#ifndef OPENSSL_NO_EC
int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
			long length);
#endif


DECLARE_ASN1_FUNCTIONS(X509_SIG)




DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)




DECLARE_ASN1_FUNCTIONS(X509_REQ)




DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)




X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);

DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)





DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)



DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)





DECLARE_ASN1_FUNCTIONS(X509_NAME)




int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);


DECLARE_ASN1_FUNCTIONS(X509_CINF)





DECLARE_ASN1_FUNCTIONS(X509)




DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)




DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)





int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int X509_set_ex_data(X509 *r, int idx, void *arg);
void *X509_get_ex_data(X509 *r, int idx);
int		i2d_X509_AUX(X509 *a,unsigned char **pp);
X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);

int X509_alias_set1(X509 *x, unsigned char *name, int len);
int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char * X509_alias_get0(X509 *x, int *len);
unsigned char * X509_keyid_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
int X509_TRUST_set(int *t, int trust);
int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);


DECLARE_ASN1_FUNCTIONS(X509_REVOKED)




DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)




DECLARE_ASN1_FUNCTIONS(X509_CRL)




int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
int X509_CRL_get0_by_serial(X509_CRL *crl,
		X509_REVOKED **ret, ASN1_INTEGER *serial);
int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);

X509_PKEY *	X509_PKEY_new(void );
void		X509_PKEY_free(X509_PKEY *a);


DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)



DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)





DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)




#ifndef OPENSSL_NO_EVP
X509_INFO *	X509_INFO_new(void);
void		X509_INFO_free(X509_INFO *a);
char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);

int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,







>
|
>
>
>
>
|
>
>
>
>
|
>
>
>

|
>
>
>
>


|
>
>
>
>
>
|
>

>
|
>
>
>

>
|
>
>
>



>
|
>
>
>

>
|
>
>
>
>
|
>
>
>

|
>
>
>
>



















>
|
>
>
>
>
|
>
>
>
>
|
>
>
>









>
|
>
>
>
|
>
>
>
>
>
|
>
>
>







821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
#endif
#ifndef OPENSSL_NO_EC
int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
			long length);
#endif

X509_SIG *X509_SIG_new(void);
void X509_SIG_free(X509_SIG *a);
X509_SIG *d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len);
int i2d_X509_SIG(X509_SIG *a, unsigned char **out);
extern const ASN1_ITEM X509_SIG_it;
X509_REQ_INFO *X509_REQ_INFO_new(void);
void X509_REQ_INFO_free(X509_REQ_INFO *a);
X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len);
int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out);
extern const ASN1_ITEM X509_REQ_INFO_it;
X509_REQ *X509_REQ_new(void);
void X509_REQ_free(X509_REQ *a);
X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len);
int i2d_X509_REQ(X509_REQ *a, unsigned char **out);
extern const ASN1_ITEM X509_REQ_it;

X509_ATTRIBUTE *X509_ATTRIBUTE_new(void);
void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len);
int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out);
extern const ASN1_ITEM X509_ATTRIBUTE_it;
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);

X509_EXTENSION *X509_EXTENSION_new(void);
void X509_EXTENSION_free(X509_EXTENSION *a);
X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, const unsigned char **in, long len);
int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **out);
extern const ASN1_ITEM X509_EXTENSION_it;
X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len);
int i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out);
extern const ASN1_ITEM X509_EXTENSIONS_it;

X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, const unsigned char **in, long len);
int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **out);
extern const ASN1_ITEM X509_NAME_ENTRY_it;

X509_NAME *X509_NAME_new(void);
void X509_NAME_free(X509_NAME *a);
X509_NAME *d2i_X509_NAME(X509_NAME **a, const unsigned char **in, long len);
int i2d_X509_NAME(X509_NAME *a, unsigned char **out);
extern const ASN1_ITEM X509_NAME_it;

int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);

X509_CINF *X509_CINF_new(void);
void X509_CINF_free(X509_CINF *a);
X509_CINF *d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len);
int i2d_X509_CINF(X509_CINF *a, unsigned char **out);
extern const ASN1_ITEM X509_CINF_it;

X509 *X509_new(void);
void X509_free(X509 *a);
X509 *d2i_X509(X509 **a, const unsigned char **in, long len);
int i2d_X509(X509 *a, unsigned char **out);
extern const ASN1_ITEM X509_it;
X509_CERT_AUX *X509_CERT_AUX_new(void);
void X509_CERT_AUX_free(X509_CERT_AUX *a);
X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len);
int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
extern const ASN1_ITEM X509_CERT_AUX_it;

X509_CERT_PAIR *X509_CERT_PAIR_new(void);
void X509_CERT_PAIR_free(X509_CERT_PAIR *a);
X509_CERT_PAIR *d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len);
int i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out);
extern const ASN1_ITEM X509_CERT_PAIR_it;

int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int X509_set_ex_data(X509 *r, int idx, void *arg);
void *X509_get_ex_data(X509 *r, int idx);
int		i2d_X509_AUX(X509 *a,unsigned char **pp);
X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);

int X509_alias_set1(X509 *x, unsigned char *name, int len);
int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char * X509_alias_get0(X509 *x, int *len);
unsigned char * X509_keyid_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
int X509_TRUST_set(int *t, int trust);
int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);

X509_REVOKED *X509_REVOKED_new(void);
void X509_REVOKED_free(X509_REVOKED *a);
X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len);
int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out);
extern const ASN1_ITEM X509_REVOKED_it;
X509_CRL_INFO *X509_CRL_INFO_new(void);
void X509_CRL_INFO_free(X509_CRL_INFO *a);
X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len);
int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out);
extern const ASN1_ITEM X509_CRL_INFO_it;
X509_CRL *X509_CRL_new(void);
void X509_CRL_free(X509_CRL *a);
X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len);
int i2d_X509_CRL(X509_CRL *a, unsigned char **out);
extern const ASN1_ITEM X509_CRL_it;

int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
int X509_CRL_get0_by_serial(X509_CRL *crl,
		X509_REVOKED **ret, ASN1_INTEGER *serial);
int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);

X509_PKEY *	X509_PKEY_new(void );
void		X509_PKEY_free(X509_PKEY *a);

NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len);
int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **out);
extern const ASN1_ITEM NETSCAPE_SPKI_it;
NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len);
int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out);
extern const ASN1_ITEM NETSCAPE_SPKAC_it;
NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, const unsigned char **in, long len);
int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **out);
extern const ASN1_ITEM NETSCAPE_CERT_SEQUENCE_it;

#ifndef OPENSSL_NO_EVP
X509_INFO *	X509_INFO_new(void);
void		X509_INFO_free(X509_INFO *a);
char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);

int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
1136
1137
1138
1139
1140
1141
1142

1143




1144




1145



1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162




1163
1164
1165
1166
1167
1168
1169
1170
int		X509_verify_cert(X509_STORE_CTX *ctx);

/* lookup a cert from a X509 STACK */
X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
				     ASN1_INTEGER *serial);
X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);


DECLARE_ASN1_FUNCTIONS(PBEPARAM)




DECLARE_ASN1_FUNCTIONS(PBE2PARAM)




DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)




int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
				const unsigned char *salt, int saltlen);

X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
				const unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
					 unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
				 unsigned char *salt, int saltlen,
				 unsigned char *aiv, int prf_nid);

X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
				int prf_nid, int keylen);

/* PKCS#8 utilities */





DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)

EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);

int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,







>
|
>
>
>
>
|
>
>
>
>
|
>
>
>

















>
>
>
>
|







1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
int		X509_verify_cert(X509_STORE_CTX *ctx);

/* lookup a cert from a X509 STACK */
X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
				     ASN1_INTEGER *serial);
X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);

PBEPARAM *PBEPARAM_new(void);
void PBEPARAM_free(PBEPARAM *a);
PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len);
int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out);
extern const ASN1_ITEM PBEPARAM_it;
PBE2PARAM *PBE2PARAM_new(void);
void PBE2PARAM_free(PBE2PARAM *a);
PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len);
int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out);
extern const ASN1_ITEM PBE2PARAM_it;
PBKDF2PARAM *PBKDF2PARAM_new(void);
void PBKDF2PARAM_free(PBKDF2PARAM *a);
PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len);
int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out);
extern const ASN1_ITEM PBKDF2PARAM_it;

int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
				const unsigned char *salt, int saltlen);

X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
				const unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
					 unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
				 unsigned char *salt, int saltlen,
				 unsigned char *aiv, int prf_nid);

X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
				int prf_nid, int keylen);

/* PKCS#8 utilities */

PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsigned char **in, long len);
int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out);
extern const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it;

EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);

int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
1189
1190
1191
1192
1193
1194
1195


1196
1197
1198
1199
1200
1201
1202
int X509_TRUST_get_by_id(int id);
int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
					char *name, int arg1, void *arg2);
void X509_TRUST_cleanup(void);
int X509_TRUST_get_flags(X509_TRUST *xp);
char *X509_TRUST_get0_name(X509_TRUST *xp);
int X509_TRUST_get_trust(X509_TRUST *xp);



/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_X509_strings(void);








>
>







1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
int X509_TRUST_get_by_id(int id);
int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
					char *name, int arg1, void *arg2);
void X509_TRUST_cleanup(void);
int X509_TRUST_get_flags(X509_TRUST *xp);
char *X509_TRUST_get0_name(X509_TRUST *xp);
int X509_TRUST_get_trust(X509_TRUST *xp);

int X509_up_ref(X509 *x);

/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_X509_strings(void);

Changes to jni/libressl/include/openssl/x509_vfy.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509_vfy.h,v 1.15 2015/02/07 13:19:15 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509_vfy.h,v 1.18 2016/12/21 15:15:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
142
143
144
145
146
147
148


149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

165
166
167
168
169
170
171
172
				    ASN1_INTEGER *serial,X509_OBJECT *ret);
	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
				  unsigned char *bytes,int len,
				  X509_OBJECT *ret);
	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
			    X509_OBJECT *ret);
	} X509_LOOKUP_METHOD;



/* This structure hold all parameters associated with a verify operation
 * by including an X509_VERIFY_PARAM structure in related structures the
 * parameters used can be customized
 */

typedef struct X509_VERIFY_PARAM_st
	{
	char *name;
	time_t check_time;	/* Time to use */
	unsigned long inh_flags; /* Inheritance flags */
	unsigned long flags;	/* Various verify flags */
	int purpose;		/* purpose to check untrusted certificates */
	int trust;		/* trust setting to check */
	int depth;		/* Verify depth */
	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */

	} X509_VERIFY_PARAM;

DECLARE_STACK_OF(X509_VERIFY_PARAM)

/* This is used to hold everything.  It is used for all certificate
 * validation.  Once we have a certificate chain, the 'verify'
 * function is then called to actually check the cert chain. */
struct x509_store_st







>
>
















>
|







142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
				    ASN1_INTEGER *serial,X509_OBJECT *ret);
	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
				  unsigned char *bytes,int len,
				  X509_OBJECT *ret);
	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
			    X509_OBJECT *ret);
	} X509_LOOKUP_METHOD;

typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;

/* This structure hold all parameters associated with a verify operation
 * by including an X509_VERIFY_PARAM structure in related structures the
 * parameters used can be customized
 */

typedef struct X509_VERIFY_PARAM_st
	{
	char *name;
	time_t check_time;	/* Time to use */
	unsigned long inh_flags; /* Inheritance flags */
	unsigned long flags;	/* Various verify flags */
	int purpose;		/* purpose to check untrusted certificates */
	int trust;		/* trust setting to check */
	int depth;		/* Verify depth */
	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */
	X509_VERIFY_PARAM_ID *id;	/* opaque ID data */
} X509_VERIFY_PARAM;

DECLARE_STACK_OF(X509_VERIFY_PARAM)

/* This is used to hold everything.  It is used for all certificate
 * validation.  Once we have a certificate chain, the 'verify'
 * function is then called to actually check the cert chain. */
struct x509_store_st
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)

#define X509_LOOKUP_add_mem(x,iov,type) \
		X509_LOOKUP_ctrl((x),X509_L_MEM,(const char *)(iov),\
		(long)(type),NULL)

#define		X509_V_OK					0
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */

#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2
#define		X509_V_ERR_UNABLE_TO_GET_CRL			3
#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4
#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5
#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6
#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7
#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8







<
|







287
288
289
290
291
292
293

294
295
296
297
298
299
300
301
		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)

#define X509_LOOKUP_add_mem(x,iov,type) \
		X509_LOOKUP_ctrl((x),X509_L_MEM,(const char *)(iov),\
		(long)(type),NULL)

#define		X509_V_OK					0

#define		X509_V_ERR_UNSPECIFIED				1
#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2
#define		X509_V_ERR_UNABLE_TO_GET_CRL			3
#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4
#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5
#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6
#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7
#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8
347
348
349
350
351
352
353










354
355
356
357
358
359
360
#define		X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX	52
#define		X509_V_ERR_UNSUPPORTED_NAME_SYNTAX		53
#define		X509_V_ERR_CRL_PATH_VALIDATION_ERROR		54

/* The application is not happy */
#define		X509_V_ERR_APPLICATION_VERIFICATION		50











/* Certificate verify flags */

/* Send issuer+subject checks to verify_cb */
#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1
/* Use check time instead of current time */
#define	X509_V_FLAG_USE_CHECK_TIME		0x2
/* Lookup CRLs */







>
>
>
>
>
>
>
>
>
>







349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
#define		X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX	52
#define		X509_V_ERR_UNSUPPORTED_NAME_SYNTAX		53
#define		X509_V_ERR_CRL_PATH_VALIDATION_ERROR		54

/* The application is not happy */
#define		X509_V_ERR_APPLICATION_VERIFICATION		50

/* Host, email and IP check errors */
#define		X509_V_ERR_HOSTNAME_MISMATCH			62
#define		X509_V_ERR_EMAIL_MISMATCH			63
#define		X509_V_ERR_IP_ADDRESS_MISMATCH			64

/* Caller error */
#define		X509_V_ERR_INVALID_CALL				65
/* Issuer lookup error */
#define		X509_V_ERR_STORE_LOOKUP				66

/* Certificate verify flags */

/* Send issuer+subject checks to verify_cb */
#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1
/* Use check time instead of current time */
#define	X509_V_FLAG_USE_CHECK_TIME		0x2
/* Lookup CRLs */
379
380
381
382
383
384
385










386
387
388
389
390
391
392
#define X509_V_FLAG_NOTIFY_POLICY		0x800
/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
#define X509_V_FLAG_EXTENDED_CRL_SUPPORT	0x1000
/* Delta CRL support */
#define X509_V_FLAG_USE_DELTAS			0x2000
/* Check selfsigned CA signature */
#define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000










/* Do not check certificate or CRL validity against current time. */
#define X509_V_FLAG_NO_CHECK_TIME		0x200000

#define X509_VP_FLAG_DEFAULT			0x1
#define X509_VP_FLAG_OVERWRITE			0x2
#define X509_VP_FLAG_RESET_FLAGS		0x4
#define X509_VP_FLAG_LOCKED			0x8







>
>
>
>
>
>
>
>
>
>







391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
#define X509_V_FLAG_NOTIFY_POLICY		0x800
/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
#define X509_V_FLAG_EXTENDED_CRL_SUPPORT	0x1000
/* Delta CRL support */
#define X509_V_FLAG_USE_DELTAS			0x2000
/* Check selfsigned CA signature */
#define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
/* Use trusted store first */
#define X509_V_FLAG_TRUSTED_FIRST		0x8000
/* Allow partial chains if at least one certificate is in trusted store */
#define X509_V_FLAG_PARTIAL_CHAIN		0x80000

/* If the initial chain is not trusted, do not attempt to build an alternative
 * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
 * will force the behaviour to match that of previous versions. */
#define X509_V_FLAG_NO_ALT_CHAINS		0x100000

/* Do not check certificate or CRL validity against current time. */
#define X509_V_FLAG_NO_CHECK_TIME		0x200000

#define X509_VP_FLAG_DEFAULT			0x1
#define X509_VP_FLAG_OVERWRITE			0x2
#define X509_VP_FLAG_RESET_FLAGS		0x4
#define X509_VP_FLAG_LOCKED			0x8
Changes to jni/libressl/include/openssl/x509v3.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: x509v3.h,v 1.15 2014/07/10 22:45:58 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
|







1
2
3
4
5
6
7
8
/* $OpenBSD: x509v3.h,v 1.21.4.1 2017/07/05 15:20:10 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
} ACCESS_DESCRIPTION;

typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;

typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;

DECLARE_STACK_OF(GENERAL_NAME)
DECLARE_ASN1_SET_OF(GENERAL_NAME)

DECLARE_STACK_OF(ACCESS_DESCRIPTION)
DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)

typedef struct DIST_POINT_NAME_st {
int type;
union {
	GENERAL_NAMES *fullname;
	STACK_OF(X509_NAME_ENTRY) *relativename;
} name;







<


<







214
215
216
217
218
219
220

221
222

223
224
225
226
227
228
229
} ACCESS_DESCRIPTION;

typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;

typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;

DECLARE_STACK_OF(GENERAL_NAME)


DECLARE_STACK_OF(ACCESS_DESCRIPTION)


typedef struct DIST_POINT_NAME_st {
int type;
union {
	GENERAL_NAMES *fullname;
	STACK_OF(X509_NAME_ENTRY) *relativename;
} name;
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
GENERAL_NAMES *CRLissuer;
int dp_reasons;
};

typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;

DECLARE_STACK_OF(DIST_POINT)
DECLARE_ASN1_SET_OF(DIST_POINT)

struct AUTHORITY_KEYID_st {
ASN1_OCTET_STRING *keyid;
GENERAL_NAMES *issuer;
ASN1_INTEGER *serial;
};

/* Strong extranet structures */

typedef struct SXNET_ID_st {
	ASN1_INTEGER *zone;
	ASN1_OCTET_STRING *user;
} SXNETID;

DECLARE_STACK_OF(SXNETID)
DECLARE_ASN1_SET_OF(SXNETID)

typedef struct SXNET_st {
	ASN1_INTEGER *version;
	STACK_OF(SXNETID) *ids;
} SXNET;

typedef struct NOTICEREF_st {







<















<







251
252
253
254
255
256
257

258
259
260
261
262
263
264
265
266
267
268
269
270
271
272

273
274
275
276
277
278
279
GENERAL_NAMES *CRLissuer;
int dp_reasons;
};

typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;

DECLARE_STACK_OF(DIST_POINT)


struct AUTHORITY_KEYID_st {
ASN1_OCTET_STRING *keyid;
GENERAL_NAMES *issuer;
ASN1_INTEGER *serial;
};

/* Strong extranet structures */

typedef struct SXNET_ID_st {
	ASN1_INTEGER *zone;
	ASN1_OCTET_STRING *user;
} SXNETID;

DECLARE_STACK_OF(SXNETID)


typedef struct SXNET_st {
	ASN1_INTEGER *version;
	STACK_OF(SXNETID) *ids;
} SXNET;

typedef struct NOTICEREF_st {
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
		ASN1_IA5STRING *cpsuri;
		USERNOTICE *usernotice;
		ASN1_TYPE *other;
	} d;
} POLICYQUALINFO;

DECLARE_STACK_OF(POLICYQUALINFO)
DECLARE_ASN1_SET_OF(POLICYQUALINFO)

typedef struct POLICYINFO_st {
	ASN1_OBJECT *policyid;
	STACK_OF(POLICYQUALINFO) *qualifiers;
} POLICYINFO;

typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;

DECLARE_STACK_OF(POLICYINFO)
DECLARE_ASN1_SET_OF(POLICYINFO)

typedef struct POLICY_MAPPING_st {
	ASN1_OBJECT *issuerDomainPolicy;
	ASN1_OBJECT *subjectDomainPolicy;
} POLICY_MAPPING;

DECLARE_STACK_OF(POLICY_MAPPING)







<









<







292
293
294
295
296
297
298

299
300
301
302
303
304
305
306
307

308
309
310
311
312
313
314
		ASN1_IA5STRING *cpsuri;
		USERNOTICE *usernotice;
		ASN1_TYPE *other;
	} d;
} POLICYQUALINFO;

DECLARE_STACK_OF(POLICYQUALINFO)


typedef struct POLICYINFO_st {
	ASN1_OBJECT *policyid;
	STACK_OF(POLICYQUALINFO) *qualifiers;
} POLICYINFO;

typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;

DECLARE_STACK_OF(POLICYINFO)


typedef struct POLICY_MAPPING_st {
	ASN1_OBJECT *issuerDomainPolicy;
	ASN1_OBJECT *subjectDomainPolicy;
} POLICY_MAPPING;

DECLARE_STACK_OF(POLICY_MAPPING)
348
349
350
351
352
353
354

355







356
357
358
359
360
361
362
363

typedef struct PROXY_CERT_INFO_EXTENSION_st
	{
	ASN1_INTEGER *pcPathLengthConstraint;
	PROXY_POLICY *proxyPolicy;
	} PROXY_CERT_INFO_EXTENSION;


DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)







DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)

struct ISSUING_DIST_POINT_st
	{
	DIST_POINT_NAME *distpoint;
	int onlyuser;
	int onlyCA;
	ASN1_BIT_STRING *onlysomereasons;







>
|
>
>
>
>
>
>
>
|







342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365

typedef struct PROXY_CERT_INFO_EXTENSION_st
	{
	ASN1_INTEGER *pcPathLengthConstraint;
	PROXY_POLICY *proxyPolicy;
	} PROXY_CERT_INFO_EXTENSION;

PROXY_POLICY *PROXY_POLICY_new(void);
void PROXY_POLICY_free(PROXY_POLICY *a);
PROXY_POLICY *d2i_PROXY_POLICY(PROXY_POLICY **a, const unsigned char **in, long len);
int i2d_PROXY_POLICY(PROXY_POLICY *a, unsigned char **out);
extern const ASN1_ITEM PROXY_POLICY_it;
PROXY_CERT_INFO_EXTENSION *PROXY_CERT_INFO_EXTENSION_new(void);
void PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *a);
PROXY_CERT_INFO_EXTENSION *d2i_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION **a, const unsigned char **in, long len);
int i2d_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION *a, unsigned char **out);
extern const ASN1_ITEM PROXY_CERT_INFO_EXTENSION_it;

struct ISSUING_DIST_POINT_st
	{
	DIST_POINT_NAME *distpoint;
	int onlyuser;
	int onlyCA;
	ASN1_BIT_STRING *onlysomereasons;
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428

429
430
431
432
433
434
435
			"section:%s,name:%s,value:%s", val->section, \
			val->name, val->value);

#define X509V3_set_ctx_test(ctx) \
			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;

#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
			0,0,0,0, \
			0,0, \
			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
			NULL, NULL, \
			table}

#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
			0,0,0,0, \
			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
			0,0,0,0, \
			NULL}

#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}


/* X509_PURPOSE stuff */

#define EXFLAG_BCONS		0x1
#define EXFLAG_KUSAGE		0x2
#define EXFLAG_XKUSAGE		0x4
#define EXFLAG_NSCERT		0x8

#define EXFLAG_CA		0x10
/* Really self issued not necessarily self signed */
#define EXFLAG_SI		0x20
#define EXFLAG_SS		0x20
#define EXFLAG_V1		0x40
#define EXFLAG_INVALID		0x80
#define EXFLAG_SET		0x100
#define EXFLAG_CRITICAL		0x200
#define EXFLAG_PROXY		0x400

#define EXFLAG_INVALID_POLICY	0x800
#define EXFLAG_FRESHEST		0x1000


#define KU_DIGITAL_SIGNATURE	0x0080
#define KU_NON_REPUDIATION	0x0040
#define KU_KEY_ENCIPHERMENT	0x0020
#define KU_DATA_ENCIPHERMENT	0x0010
#define KU_KEY_AGREEMENT	0x0008
#define KU_KEY_CERT_SIGN	0x0004







|







|











|
|
|
|

|
<
|
|
<
|
|
|
|
<
|

>







387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419

420
421

422
423
424
425

426
427
428
429
430
431
432
433
434
435
			"section:%s,name:%s,value:%s", val->section, \
			val->name, val->value);

#define X509V3_set_ctx_test(ctx) \
			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;

#define EXT_BITSTRING(nid, table) { nid, 0, &ASN1_BIT_STRING_it, \
			0,0,0,0, \
			0,0, \
			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
			NULL, NULL, \
			table}

#define EXT_IA5STRING(nid) { nid, 0, &ASN1_IA5STRING_it, \
			0,0,0,0, \
			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
			0,0,0,0, \
			NULL}

#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}


/* X509_PURPOSE stuff */

#define EXFLAG_BCONS		0x0001
#define EXFLAG_KUSAGE		0x0002
#define EXFLAG_XKUSAGE		0x0004
#define EXFLAG_NSCERT		0x0008

#define EXFLAG_CA		0x0010

#define EXFLAG_SI		0x0020  /* Self issued. */
#define EXFLAG_V1		0x0040

#define EXFLAG_INVALID		0x0080
#define EXFLAG_SET		0x0100
#define EXFLAG_CRITICAL		0x0200
#define EXFLAG_PROXY		0x0400

#define EXFLAG_INVALID_POLICY	0x0800
#define EXFLAG_FRESHEST		0x1000
#define EXFLAG_SS               0x2000	/* Self signed. */

#define KU_DIGITAL_SIGNATURE	0x0080
#define KU_NON_REPUDIATION	0x0040
#define KU_KEY_ENCIPHERMENT	0x0020
#define KU_DATA_ENCIPHERMENT	0x0010
#define KU_KEY_AGREEMENT	0x0008
#define KU_KEY_CERT_SIGN	0x0004
503
504
505
506
507
508
509




510
511

512




513



514
515
516
517
518
519
520
521
522

523



524




525
526

527



528
529
530
531
532
533
534
535
536
537
538
539
540
541

542



543
544
545
546
547
548

549




550



551
552
553
554
555
556
557
558
559
560
561

562



563
564




565

566



567





568




569



570

571




572




573




574



575
576
577
578
579

580







581
582
583

584
585
586
587

588
589

590
591
592

593
594
595
596
597
598
599
600
601
#define X509V3_ADD_REPLACE_EXISTING	3L
#define X509V3_ADD_KEEP_EXISTING	4L
#define X509V3_ADD_DELETE		5L
#define X509V3_ADD_SILENT		0x10

DECLARE_STACK_OF(X509_PURPOSE)





DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)


DECLARE_ASN1_FUNCTIONS(SXNET)




DECLARE_ASN1_FUNCTIONS(SXNETID)




int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 

ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);


DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)








DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)


DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)



GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);



ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
				ASN1_BIT_STRING *bits,
				STACK_OF(CONF_VALUE) *extlist);

STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);


DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)




STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);


DECLARE_ASN1_FUNCTIONS(OTHERNAME)




DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)



int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
				ASN1_OBJECT *oid, ASN1_TYPE *value);
int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
				ASN1_OBJECT **poid, ASN1_TYPE **pvalue);

char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);


DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)



int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);





DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)

DECLARE_ASN1_FUNCTIONS(POLICYINFO)



DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)





DECLARE_ASN1_FUNCTIONS(USERNOTICE)




DECLARE_ASN1_FUNCTIONS(NOTICEREF)





DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)




DECLARE_ASN1_FUNCTIONS(DIST_POINT)




DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)




DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)




int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);

int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);


DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)







DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)

DECLARE_ASN1_ITEM(POLICY_MAPPING)

DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
DECLARE_ASN1_ITEM(POLICY_MAPPINGS)

DECLARE_ASN1_ITEM(GENERAL_SUBTREE)

DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)


DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)


DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)

GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
			       int gen_type, char *value, int is_nc);

#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,







>
>
>
>
|

>
|
>
>
>
>
|
>
>
>









>
|
>
>
>

>
>
>
>
|

>
|
>
>
>














>
|
>
>
>






>
|
>
>
>
>
|
>
>
>











>
|
>
>
>


>
>
>
>
|
>
|
>
>
>
|
>
>
>
>
>
|
>
>
>
>
|
>
>
>

>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>





>
|
>
>
>
>
>
>
>
|

|
>
|
|

|
>
|

>
|
|

>
|
|







503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
#define X509V3_ADD_REPLACE_EXISTING	3L
#define X509V3_ADD_KEEP_EXISTING	4L
#define X509V3_ADD_DELETE		5L
#define X509V3_ADD_SILENT		0x10

DECLARE_STACK_OF(X509_PURPOSE)

BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len);
int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out);
extern const ASN1_ITEM BASIC_CONSTRAINTS_it;

SXNET *SXNET_new(void);
void SXNET_free(SXNET *a);
SXNET *d2i_SXNET(SXNET **a, const unsigned char **in, long len);
int i2d_SXNET(SXNET *a, unsigned char **out);
extern const ASN1_ITEM SXNET_it;
SXNETID *SXNETID_new(void);
void SXNETID_free(SXNETID *a);
SXNETID *d2i_SXNETID(SXNETID **a, const unsigned char **in, long len);
int i2d_SXNETID(SXNETID *a, unsigned char **out);
extern const ASN1_ITEM SXNETID_it;

int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 

ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);

AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len);
int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out);
extern const ASN1_ITEM AUTHORITY_KEYID_it;

PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, const unsigned char **in, long len);
int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **out);
extern const ASN1_ITEM PKEY_USAGE_PERIOD_it;

GENERAL_NAME *GENERAL_NAME_new(void);
void GENERAL_NAME_free(GENERAL_NAME *a);
GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len);
int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out);
extern const ASN1_ITEM GENERAL_NAME_it;
GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);



ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
				ASN1_BIT_STRING *bits,
				STACK_OF(CONF_VALUE) *extlist);

STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);

GENERAL_NAMES *GENERAL_NAMES_new(void);
void GENERAL_NAMES_free(GENERAL_NAMES *a);
GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len);
int i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out);
extern const ASN1_ITEM GENERAL_NAMES_it;

STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

OTHERNAME *OTHERNAME_new(void);
void OTHERNAME_free(OTHERNAME *a);
OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len);
int i2d_OTHERNAME(OTHERNAME *a, unsigned char **out);
extern const ASN1_ITEM OTHERNAME_it;
EDIPARTYNAME *EDIPARTYNAME_new(void);
void EDIPARTYNAME_free(EDIPARTYNAME *a);
EDIPARTYNAME *d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len);
int i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out);
extern const ASN1_ITEM EDIPARTYNAME_it;
int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
				ASN1_OBJECT *oid, ASN1_TYPE *value);
int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
				ASN1_OBJECT **poid, ASN1_TYPE **pvalue);

char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);

EXTENDED_KEY_USAGE *EXTENDED_KEY_USAGE_new(void);
void EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a);
EXTENDED_KEY_USAGE *d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len);
int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out);
extern const ASN1_ITEM EXTENDED_KEY_USAGE_it;
int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);

CERTIFICATEPOLICIES *CERTIFICATEPOLICIES_new(void);
void CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a);
CERTIFICATEPOLICIES *d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len);
int i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out);
extern const ASN1_ITEM CERTIFICATEPOLICIES_it;
POLICYINFO *POLICYINFO_new(void);
void POLICYINFO_free(POLICYINFO *a);
POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len);
int i2d_POLICYINFO(POLICYINFO *a, unsigned char **out);
extern const ASN1_ITEM POLICYINFO_it;
POLICYQUALINFO *POLICYQUALINFO_new(void);
void POLICYQUALINFO_free(POLICYQUALINFO *a);
POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len);
int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out);
extern const ASN1_ITEM POLICYQUALINFO_it;
USERNOTICE *USERNOTICE_new(void);
void USERNOTICE_free(USERNOTICE *a);
USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len);
int i2d_USERNOTICE(USERNOTICE *a, unsigned char **out);
extern const ASN1_ITEM USERNOTICE_it;
NOTICEREF *NOTICEREF_new(void);
void NOTICEREF_free(NOTICEREF *a);
NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len);
int i2d_NOTICEREF(NOTICEREF *a, unsigned char **out);
extern const ASN1_ITEM NOTICEREF_it;

CRL_DIST_POINTS *CRL_DIST_POINTS_new(void);
void CRL_DIST_POINTS_free(CRL_DIST_POINTS *a);
CRL_DIST_POINTS *d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len);
int i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out);
extern const ASN1_ITEM CRL_DIST_POINTS_it;
DIST_POINT *DIST_POINT_new(void);
void DIST_POINT_free(DIST_POINT *a);
DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len);
int i2d_DIST_POINT(DIST_POINT *a, unsigned char **out);
extern const ASN1_ITEM DIST_POINT_it;
DIST_POINT_NAME *DIST_POINT_NAME_new(void);
void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len);
int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out);
extern const ASN1_ITEM DIST_POINT_NAME_it;
ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void);
void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a);
ISSUING_DIST_POINT *d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len);
int i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out);
extern const ASN1_ITEM ISSUING_DIST_POINT_it;

int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);

int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);

ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len);
int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out);
extern const ASN1_ITEM ACCESS_DESCRIPTION_it;
AUTHORITY_INFO_ACCESS *AUTHORITY_INFO_ACCESS_new(void);
void AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a);
AUTHORITY_INFO_ACCESS *d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len);
int i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out);
extern const ASN1_ITEM AUTHORITY_INFO_ACCESS_it;

extern const ASN1_ITEM POLICY_MAPPING_it;
POLICY_MAPPING *POLICY_MAPPING_new(void);
void POLICY_MAPPING_free(POLICY_MAPPING *a);
extern const ASN1_ITEM POLICY_MAPPINGS_it;

extern const ASN1_ITEM GENERAL_SUBTREE_it;
GENERAL_SUBTREE *GENERAL_SUBTREE_new(void);
void GENERAL_SUBTREE_free(GENERAL_SUBTREE *a);

extern const ASN1_ITEM NAME_CONSTRAINTS_it;
NAME_CONSTRAINTS *NAME_CONSTRAINTS_new(void);
void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a);

POLICY_CONSTRAINTS *POLICY_CONSTRAINTS_new(void);
void POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *a);
extern const ASN1_ITEM POLICY_CONSTRAINTS_it;

GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
			       int gen_type, char *value, int is_nc);

#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
697
698
699
700
701
702
703



























704
705
706
707
708
709
710
int X509_PURPOSE_get_id(X509_PURPOSE *);

STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);




























ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
int a2i_ipadd(unsigned char *ipout, const char *ipasc);
int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
						unsigned long chtype);

void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
int X509_PURPOSE_get_id(X509_PURPOSE *);

STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);

/* Flags for X509_check_* functions */
/* Always check subject name for host match even if subject alt names present */
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT	0x1
/* Disable wildcard matching for dnsName fields and common name. */
#define X509_CHECK_FLAG_NO_WILDCARDS	0x2
/* Wildcards must not match a partial label. */
#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
/* Allow (non-partial) wildcards to match multiple labels. */
#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
/* Constraint verifier subdomain patterns to match a single labels. */
#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10

/*
 * Match reference identifiers starting with "." to any sub-domain.
 * This is a non-public flag, turned on implicitly when the subject
 * reference identity is a DNS name.
 */
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000

int X509_check_host(X509 *x, const char *chk, size_t chklen,
    unsigned int flags, char **peername);
int X509_check_email(X509 *x, const char *chk, size_t chklen,
    unsigned int flags);
int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
    unsigned int flags);
int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);

ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
int a2i_ipadd(unsigned char *ipout, const char *ipasc);
int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
						unsigned long chtype);

void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
Changes to jni/libressl/include/pqueue.h.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */

/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pqueue.h,v 1.4 2016/11/04 18:28:58 guenther Exp $ */

/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
56
57
58
59
60
61
62


63
64
65
66
67
68
69
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#ifndef HEADER_PQUEUE_H
#define HEADER_PQUEUE_H



typedef struct _pqueue *pqueue;

typedef struct _pitem {
	unsigned char priority[8]; /* 64-bit value in big-endian encoding */
	void *data;
	struct _pitem *next;







>
>







56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#ifndef HEADER_PQUEUE_H
#define HEADER_PQUEUE_H

__BEGIN_HIDDEN_DECLS 

typedef struct _pqueue *pqueue;

typedef struct _pitem {
	unsigned char priority[8]; /* 64-bit value in big-endian encoding */
	void *data;
	struct _pitem *next;
81
82
83
84
85
86
87
88


89
pitem *pqueue_peek(pqueue pq);
pitem *pqueue_pop(pqueue pq);
pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);

int    pqueue_size(pqueue pq);



#endif /* ! HEADER_PQUEUE_H */








>
>

83
84
85
86
87
88
89
90
91
92
93
pitem *pqueue_peek(pqueue pq);
pitem *pqueue_pop(pqueue pq);
pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);

int    pqueue_size(pqueue pq);

__END_HIDDEN_DECLS 

#endif /* ! HEADER_PQUEUE_H */
Changes to jni/libressl/include/tls.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls.h,v 1.28 2016/04/28 17:05:59 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls.h,v 1.47 2017/01/31 16:18:57 beck Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
17
18
19
20
21
22
23







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




























44
45





46
47
48
49
50
51
52
53
54











55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72









73
74
75
76
77
78
79
80
81
82
83

84
85
86
87
88






89
90
91
92
93
94
95
96
97
98


99
100
101
102
103
104


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120


121
122











123
124
125
126
127
128

#ifndef HEADER_TLS_H
#define HEADER_TLS_H

#ifdef __cplusplus
extern "C" {
#endif








#include <sys/types.h>

#include <stddef.h>
#include <stdint.h>

#define TLS_API	20141031

#define TLS_PROTOCOL_TLSv1_0	(1 << 1)
#define TLS_PROTOCOL_TLSv1_1	(1 << 2)
#define TLS_PROTOCOL_TLSv1_2	(1 << 3)
#define TLS_PROTOCOL_TLSv1 \
	(TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|TLS_PROTOCOL_TLSv1_2)

#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
#define TLS_PROTOCOLS_DEFAULT TLS_PROTOCOL_TLSv1_2

#define TLS_WANT_POLLIN		-2
#define TLS_WANT_POLLOUT	-3





























struct tls;
struct tls_config;






int tls_init(void);

const char *tls_config_error(struct tls_config *_config);
const char *tls_error(struct tls *_ctx);

struct tls_config *tls_config_new(void);
void tls_config_free(struct tls_config *_config);












int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
    size_t _len);
int tls_config_set_cert_file(struct tls_config *_config,
    const char *_cert_file);
int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _len);
int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_name);
int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
    size_t _len);
int tls_config_set_keypair_file(struct tls_config *_config,
    const char *_cert_file, const char *_key_file);
int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _cert_len, const uint8_t *_key, size_t _key_len);









void tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
void tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);

void tls_config_prefer_ciphers_client(struct tls_config *_config);
void tls_config_prefer_ciphers_server(struct tls_config *_config);

void tls_config_insecure_noverifycert(struct tls_config *_config);
void tls_config_insecure_noverifyname(struct tls_config *_config);
void tls_config_insecure_noverifytime(struct tls_config *_config);
void tls_config_verify(struct tls_config *_config);


void tls_config_verify_client(struct tls_config *_config);
void tls_config_verify_client_optional(struct tls_config *_config);

void tls_config_clear_keys(struct tls_config *_config);
int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);







struct tls *tls_client(void);
struct tls *tls_server(void);
int tls_configure(struct tls *_ctx, struct tls_config *_config);
void tls_reset(struct tls *_ctx);
void tls_free(struct tls *_ctx);

int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read,
    int _fd_write);
int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket);


int tls_connect(struct tls *_ctx, const char *_host, const char *_port);
int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
    const char *_servername);
int tls_connect_servername(struct tls *_ctx, const char *_host,
    const char *_port, const char *_servername);
int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);


int tls_handshake(struct tls *_ctx);
ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
int tls_close(struct tls *_ctx);

int tls_peer_cert_provided(struct tls *_ctx);
int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name);

const char *tls_peer_cert_hash(struct tls *_ctx);
const char *tls_peer_cert_issuer(struct tls *_ctx);
const char *tls_peer_cert_subject(struct tls *_ctx);
time_t	tls_peer_cert_notbefore(struct tls *_ctx);
time_t	tls_peer_cert_notafter(struct tls *_ctx);

const char *tls_conn_version(struct tls *_ctx);
const char *tls_conn_cipher(struct tls *_ctx);



uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);












#ifdef __cplusplus
}
#endif

#endif /* HEADER_TLS_H */







>
>
>
>
>
>
>






|













>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


>
>
>
>
>









>
>
>
>
>
>
>
>
>
>
>


















>
>
>
>
>
>
>
>
>
|
|









>





>
>
>
>
>
>










>
>






>
>














|

>
>


>
>
>
>
>
>
>
>
>
>
>






17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

#ifndef HEADER_TLS_H
#define HEADER_TLS_H

#ifdef __cplusplus
extern "C" {
#endif

#ifdef _MSC_VER
#ifndef LIBRESSL_INTERNAL
#include <basetsd.h>
typedef SSIZE_T ssize_t;
#endif
#endif

#include <sys/types.h>

#include <stddef.h>
#include <stdint.h>

#define TLS_API	20170126

#define TLS_PROTOCOL_TLSv1_0	(1 << 1)
#define TLS_PROTOCOL_TLSv1_1	(1 << 2)
#define TLS_PROTOCOL_TLSv1_2	(1 << 3)
#define TLS_PROTOCOL_TLSv1 \
	(TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|TLS_PROTOCOL_TLSv1_2)

#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
#define TLS_PROTOCOLS_DEFAULT TLS_PROTOCOL_TLSv1_2

#define TLS_WANT_POLLIN		-2
#define TLS_WANT_POLLOUT	-3

/* RFC 6960 Section 2.3 */
#define TLS_OCSP_RESPONSE_SUCCESSFUL		0
#define TLS_OCSP_RESPONSE_MALFORMED		1
#define TLS_OCSP_RESPONSE_INTERNALERROR		2
#define TLS_OCSP_RESPONSE_TRYLATER		3
#define TLS_OCSP_RESPONSE_SIGREQUIRED		4
#define TLS_OCSP_RESPONSE_UNAUTHORIZED		5

/* RFC 6960 Section 2.2 */
#define TLS_OCSP_CERT_GOOD			0
#define TLS_OCSP_CERT_REVOKED			1
#define TLS_OCSP_CERT_UNKNOWN			2

/* RFC 5280 Section 5.3.1 */
#define TLS_CRL_REASON_UNSPECIFIED		0
#define TLS_CRL_REASON_KEY_COMPROMISE		1
#define TLS_CRL_REASON_CA_COMPROMISE		2
#define TLS_CRL_REASON_AFFILIATION_CHANGED	3
#define TLS_CRL_REASON_SUPERSEDED		4
#define TLS_CRL_REASON_CESSATION_OF_OPERATION	5
#define TLS_CRL_REASON_CERTIFICATE_HOLD		6
#define TLS_CRL_REASON_REMOVE_FROM_CRL		8
#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN	9
#define TLS_CRL_REASON_AA_COMPROMISE		10

#define TLS_MAX_SESSION_ID_LENGTH		32
#define TLS_TICKET_KEY_SIZE			48

struct tls;
struct tls_config;

typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
    void *_cb_arg);
typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
    size_t _buflen, void *_cb_arg);

int tls_init(void);

const char *tls_config_error(struct tls_config *_config);
const char *tls_error(struct tls *_ctx);

struct tls_config *tls_config_new(void);
void tls_config_free(struct tls_config *_config);

int tls_config_add_keypair_file(struct tls_config *_config,
    const char *_cert_file, const char *_key_file);
int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _cert_len, const uint8_t *_key, size_t _key_len);
int tls_config_add_keypair_ocsp_file(struct tls_config *_config,
    const char *_cert_file, const char *_key_file,
    const char *_ocsp_staple_file);
int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _cert_len, const uint8_t *_key, size_t _key_len,
    const uint8_t *_staple, size_t _staple_len);
int tls_config_set_alpn(struct tls_config *_config, const char *_alpn);
int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
    size_t _len);
int tls_config_set_cert_file(struct tls_config *_config,
    const char *_cert_file);
int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _len);
int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_name);
int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
    size_t _len);
int tls_config_set_keypair_file(struct tls_config *_config,
    const char *_cert_file, const char *_key_file);
int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _cert_len, const uint8_t *_key, size_t _key_len);
int tls_config_set_keypair_ocsp_file(struct tls_config *_config,
    const char *_cert_file, const char *_key_file, const char *_staple_file);
int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
    size_t _cert_len, const uint8_t *_key, size_t _key_len,
    const uint8_t *_staple, size_t staple_len);
int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
    const uint8_t *_staple, size_t _len);
int tls_config_set_ocsp_staple_file(struct tls_config *_config,
    const char *_staple_file);
int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);

void tls_config_prefer_ciphers_client(struct tls_config *_config);
void tls_config_prefer_ciphers_server(struct tls_config *_config);

void tls_config_insecure_noverifycert(struct tls_config *_config);
void tls_config_insecure_noverifyname(struct tls_config *_config);
void tls_config_insecure_noverifytime(struct tls_config *_config);
void tls_config_verify(struct tls_config *_config);

void tls_config_ocsp_require_stapling(struct tls_config *_config);
void tls_config_verify_client(struct tls_config *_config);
void tls_config_verify_client_optional(struct tls_config *_config);

void tls_config_clear_keys(struct tls_config *_config);
int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);

int tls_config_set_session_id(struct tls_config *_config,
    const unsigned char *_session_id, size_t _len);
int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime);
int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev,
    unsigned char *_key, size_t _keylen);

struct tls *tls_client(void);
struct tls *tls_server(void);
int tls_configure(struct tls *_ctx, struct tls_config *_config);
void tls_reset(struct tls *_ctx);
void tls_free(struct tls *_ctx);

int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read,
    int _fd_write);
int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket);
int tls_accept_cbs(struct tls *_ctx, struct tls **_cctx,
    tls_read_cb _read_cb, tls_write_cb _write_cb, void *_cb_arg);
int tls_connect(struct tls *_ctx, const char *_host, const char *_port);
int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
    const char *_servername);
int tls_connect_servername(struct tls *_ctx, const char *_host,
    const char *_port, const char *_servername);
int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);
int tls_connect_cbs(struct tls *_ctx, tls_read_cb _read_cb,
    tls_write_cb _write_cb, void *_cb_arg, const char *_servername);
int tls_handshake(struct tls *_ctx);
ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
int tls_close(struct tls *_ctx);

int tls_peer_cert_provided(struct tls *_ctx);
int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name);

const char *tls_peer_cert_hash(struct tls *_ctx);
const char *tls_peer_cert_issuer(struct tls *_ctx);
const char *tls_peer_cert_subject(struct tls *_ctx);
time_t	tls_peer_cert_notbefore(struct tls *_ctx);
time_t	tls_peer_cert_notafter(struct tls *_ctx);

const char *tls_conn_alpn_selected(struct tls *_ctx);
const char *tls_conn_cipher(struct tls *_ctx);
const char *tls_conn_servername(struct tls *_ctx);
const char *tls_conn_version(struct tls *_ctx);

uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);

int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
    size_t _size);
int tls_peer_ocsp_cert_status(struct tls *_ctx);
int tls_peer_ocsp_crl_reason(struct tls *_ctx);
time_t tls_peer_ocsp_next_update(struct tls *_ctx);
int tls_peer_ocsp_response_status(struct tls *_ctx);
const char *tls_peer_ocsp_result(struct tls *_ctx);
time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
time_t tls_peer_ocsp_this_update(struct tls *_ctx);
const char *tls_peer_ocsp_url(struct tls *_ctx);

#ifdef __cplusplus
}
#endif

#endif /* HEADER_TLS_H */
Changes to jni/libressl/libcrypto.pc.in.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#libcrypto pkg-config source file

prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@

Name: LibreSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: @VERSION@
Requires:
Conflicts:
Libs: -L${libdir} -lcrypto
Libs.private: @LIBS@ @PLATFORM_LDADD@
Cflags: -I${includedir}







|
|






1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#libcrypto pkg-config source file

prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@

Name: LibreSSL-libcrypto
Description: LibreSSL cryptography library
Version: @VERSION@
Requires:
Conflicts:
Libs: -L${libdir} -lcrypto
Libs.private: @LIBS@ @PLATFORM_LDADD@
Cflags: -I${includedir}
Changes to jni/libressl/m4/check-libc.m4.
1
2
3
4
5

6
7
8


9
10
11
12

13
14
15
16
17
18
19
20
21
22
23
24

25
26

27
28
29
30
31
32
33
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for libc headers
AC_CHECK_HEADERS([err.h readpassphrase.h])
# Check for general libc functions
AC_CHECK_FUNCS([asprintf inet_pton memmem readpassphrase reallocarray])

AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])


AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])

AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
])

AC_DEFUN([CHECK_SYSCALL_COMPAT], [
AC_CHECK_FUNCS([accept4 pledge poll])
AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])

AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])

])

AC_DEFUN([CHECK_B64_NTOP], [
AC_SEARCH_LIBS([b64_ntop],[resolv])
AC_SEARCH_LIBS([__b64_ntop],[resolv])
AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
	AC_LINK_IFELSE([AC_LANG_PROGRAM([[




|
>



>
>




>










|

>


>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for libc headers
AC_CHECK_HEADERS([err.h readpassphrase.h])
# Check for general libc functions
AC_CHECK_FUNCS([asprintf getpagesize inet_ntop inet_pton memmem readpassphrase])
AC_CHECK_FUNCS([reallocarray recallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
AM_CONDITIONAL([HAVE_INET_NTOP], [test "x$ac_cv_func_inet_ntop" = xyes])
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
])

AC_DEFUN([CHECK_SYSCALL_COMPAT], [
AC_CHECK_FUNCS([accept4 pipe2 pledge poll socketpair])
AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])
AM_CONDITIONAL([HAVE_PIPE2], [test "x$ac_cv_func_pipe2" = xyes])
AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_SOCKETPAIR], [test "x$ac_cv_func_socketpair" = xyes])
])

AC_DEFUN([CHECK_B64_NTOP], [
AC_SEARCH_LIBS([b64_ntop],[resolv])
AC_SEARCH_LIBS([__b64_ntop],[resolv])
AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
137
138
139
140
141
142
143


















































































	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
	])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
])

























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
	])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
])

AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [
AS_CASE([$host_cpu],
	[i?86], [HOSTARCH=intel],
	[x86_64], [HOSTARCH=intel],
	[amd64], [HOSTARCH=intel],
)
AC_SUBST([HOSTARCH])
crypto_sym=$srcdir/crypto/crypto.sym
crypto_p_sym=./crypto/crypto_portable.sym
echo "generating $crypto_p_sym ..."
mkdir -p ./crypto
cp $crypto_sym $crypto_p_sym
chmod u+w $crypto_p_sym
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
	echo arc4random >> $crypto_p_sym
	echo arc4random_buf >> $crypto_p_sym
	echo arc4random_uniform >> $crypto_p_sym
	if test "x$ac_cv_func_getentropy" = "xno" ; then
		echo getentropy >> $crypto_p_sym
	fi
fi
if test "x$ac_cv_func_asprintf" = "xno" ; then
	echo asprintf >> $crypto_p_sym
	echo vasprintf >> $crypto_p_sym
fi
if test "x$ac_cv_func_explicit_bzero" = "xno" ; then
	echo explicit_bzero >> $crypto_p_sym
fi
if test "x$ac_cv_func_inet_pton" = "xno" ; then
	echo inet_pton >> $crypto_p_sym
fi
if test "x$ac_cv_func_reallocarray" = "xno" ; then
	echo reallocarray >> $crypto_p_sym
fi
if test "x$ac_cv_func_recallocarray" = "xno" ; then
	echo recallocarray >> $crypto_p_sym
fi
if test "x$ac_cv_func_strlcat" = "xno" ; then
	echo strlcat >> $crypto_p_sym
fi
if test "x$ac_cv_func_strlcpy" = "xno" ; then
	echo strlcpy >> $crypto_p_sym
fi
if test "x$ac_cv_func_strndup" = "xno" ; then
	echo strndup >> $crypto_p_sym
fi
if test "x$ac_cv_func_strnlen" = "xno" ; then
	echo strnlen >> $crypto_p_sym
fi
if test "x$ac_cv_func_strsep" = "xno" ; then
	echo strsep >> $crypto_p_sym
fi
if test "x$ac_cv_func_timegm" = "xno" ; then
	echo timegm >> $crypto_p_sym
fi
if test "x$ac_cv_func_timingsafe_bcmp" = "xno" ; then
	echo timingsafe_bcmp >> $crypto_p_sym
fi
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
	echo timingsafe_memcmp >> $crypto_p_sym
fi
if test "x$HOSTARCH" = "xintel" ; then
	echo OPENSSL_ia32cap_P >> $crypto_p_sym
fi
if test "x$HOST_OS" = "xwin" ; then
	echo posix_perror >> $crypto_p_sym
	echo posix_fopen >> $crypto_p_sym
	echo posix_fgets >> $crypto_p_sym
	echo posix_open >> $crypto_p_sym
	echo posix_rename >> $crypto_p_sym
	echo posix_connect >> $crypto_p_sym
	echo posix_close >> $crypto_p_sym
	echo posix_read >> $crypto_p_sym
	echo posix_write >> $crypto_p_sym
	echo posix_getsockopt >> $crypto_p_sym
	echo posix_setsockopt >> $crypto_p_sym

	grep -v BIO_s_log $crypto_p_sym > $crypto_p_sym.tmp
	mv $crypto_p_sym.tmp $crypto_p_sym
fi
])
Changes to jni/libressl/m4/check-os-options.m4.
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
	*mingw*)
		HOST_OS=win
		BUILD_NC=no
		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
		CFLAGS="$CFLAGS -static-libgcc"
		LDFLAGS="$LDFLAGS -static-libgcc"
		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
		AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])







<
<







102
103
104
105
106
107
108


109
110
111
112
113
114
115
	*mingw*)
		HOST_OS=win
		BUILD_NC=no
		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"


		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
		AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
Added jni/libressl/man/ACCESS_DESCRIPTION_new.3.




























































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
.\"	$OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.3 2016/12/28 18:31:33 jmc Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt ACCESS_DESCRIPTION_NEW 3
.Os
.Sh NAME
.Nm ACCESS_DESCRIPTION_new ,
.Nm ACCESS_DESCRIPTION_free ,
.Nm AUTHORITY_INFO_ACCESS_new ,
.Nm AUTHORITY_INFO_ACCESS_free
.Nd X.509 information access extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft ACCESS_DESCRIPTION *
.Fn ACCESS_DESCRIPTION_new void
.Ft void
.Fn ACCESS_DESCRIPTION_free "ACCESS_DESCRIPTION *ad"
.Ft AUTHORITY_INFO_ACCESS
.Fn AUTHORITY_INFO_ACCESS_new void
.Ft void
.Fn AUTHORITY_INFO_ACCESS_free "AUTHORITY_INFO_ACCESS *aia"
.Sh DESCRIPTION
Using the information access extensions, certificates and certificate
revocation lists can point to auxiliary information and services
available online, for example online validation services or CA
policy data.
.Pp
.Fn ACCESS_DESCRIPTION_new
allocates and initializes an empty
.Vt ACCESS_DESCRIPTION
object, representing an ASN.1
.Vt AccessDescription
structure defined in RFC 5280 section 4.2.2.1.
It can hold a pointer to a
.Vt GENERAL_NAME
object documented in
.Xr GENERAL_NAME_new 3
and an access method identifier.
.Fn ACCESS_DESCRIPTION_free
frees
.Fa ad .
.Pp
The access method identifier is somewhat misnamed; it identifies
the type and format of the information provided.
How to access that information is often obvious from the
.Vt GENERAL_NAME
which may for example include a uniform resource identifier.
.Pp
Four standard access method identifiers are defined in RFC 5280:
.Bl -bullet
.It
.Qq id-ad-caIssuers
can occur in the authority information access extension of certificates
and certificate revocation lists and provides access to certificates
issued to the CA that issued the certificate, or provides access
to certificates used for signing the CRL, in order to help constructing
a certification path.
.It
.Qq id-ad-ocsp
can occur in the authority information access extension of certificates
and provides access to revocation information via the Online
Certificate Status Protocol (OCSP) defined in RFC 6960.
.It
.Qq id-ad-caRepository
can occur in the subject information access extension of CA
certificates and provides access to an online repository of
certificates issued by the CA.
.It
.Qq id-ad-timeStamping
can occur in the subject information access extension of end entity
certificates and indicates that the subject offers timestamping
services using the Time Stamp Protocol defined in RFC 3161.
.El
.Pp
.Fn AUTHORITY_INFO_ACCESS_new
allocates and initializes an empty
.Vt AUTHORITY_INFO_ACCESS
object, which is a
.Vt STACK_OF(ACCESS_DESCRIPTION)
and represents an ASN.1
.Vt AuthorityInfoAccessSyntax
structure defined in RFC 5280 section 4.2.2.1.
If can be used for the authority information access extension of
certificates and certificate revocation lists and for the subject
information access extension of certificates.
.Fn AUTHORITY_INFO_ACCESS_free
frees
.Fa aia .
.Sh RETURN VALUES
.Fn ACCESS_DESCRIPTION_new
and
.Fn AUTHORITY_INFO_ACCESS_new
return the new
.Vt ACCESS_DESCRIPTION
or
.Vt AUTHORITY_INFO_ACCESS
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr DIST_POINT_new 3 ,
.Xr GENERAL_NAME_new 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr TS_REQ_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
These extensions are only defined in the following RFC and not
specified in the underlying X.509 standard.
.Pp
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.2.1: Certificate Extensions: Authority Information Access
.It
section 4.2.2.2: Certificate Extensions: Subject Information Access
.It
section 5.2.7: CRL Extensions: Authority Information Access
.El
.Pp
Regarding OCSP and TSP, see:
.Pp
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol
.Pp
RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol
Changes to jni/libressl/man/ASN1_OBJECT_new.3.



































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

20
21




22



23
24
25
26
27
28
29
30



31
32


33
34
35
36

37
38
39
40


41



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



































































.Dd $Mdocdate: September 9 2015 $
.Dt ASN1_OBJECT_NEW 3
.Os
.Sh NAME
.Nm ASN1_OBJECT_new ,
.Nm ASN1_OBJECT_free
.Nd ASN1 object allocation functions
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_OBJECT *
.Fo ASN1_OBJECT_new
.Fa void
.Fc
.Ft void
.Fo ASN1_OBJECT_free
.Fa "ASN1_OBJECT *a"
.Fc
.Sh DESCRIPTION
The ASN1_OBJECT allocation routines allocate and free an

.Vt ASN1_OBJECT
structure, which represents an ASN1 OBJECT IDENTIFIER.




.Pp



.Fn ASN1_OBJECT_new
allocates and initializes an
.Vt ASN1_OBJECT
structure.
.Pp
.Fn ASN1_OBJECT_free
frees up the
.Vt ASN1_OBJECT



structure
.Fa a .


.Sh NOTES
Although
.Fn ASN1_OBJECT_new
allocates a new

.Vt ASN1_OBJECT
structure, it is almost never used in applications.
The ASN1 object utility functions such as
.Xr OBJ_nid2obj 3


are used instead.



.Sh RETURN VALUES
If the allocation fails,
.Fn ASN1_OBJECT_new
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr d2i_ASN1_OBJECT 3 ,
.Xr ERR_get_error 3 ,
.Xr OBJ_nid2obj 3
.Sh HISTORY
.Fn ASN1_OBJECT_new
and
.Fn ASN1_OBJECT_free
are available in all versions of SSLeay and OpenSSL.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|





|











|
>

|
>
>
>
>

>
>
>

<
<
|


|
|
>
>
>
|
|
>
>
|
|
|
|
>
|
<
|
|
>
>
|
>
>
>







|


<






1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98


99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
.\"	$OpenBSD: ASN1_OBJECT_new.3,v 1.8 2017/01/04 05:14:51 schwarze Exp $
.\"	OpenSSL 99d63d4 Mar 19 12:28:58 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson.
.\" Copyright (c) 2002, 2006 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 4 2017 $
.Dt ASN1_OBJECT_NEW 3
.Os
.Sh NAME
.Nm ASN1_OBJECT_new ,
.Nm ASN1_OBJECT_free
.Nd ASN.1 object identifiers
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_OBJECT *
.Fo ASN1_OBJECT_new
.Fa void
.Fc
.Ft void
.Fo ASN1_OBJECT_free
.Fa "ASN1_OBJECT *a"
.Fc
.Sh DESCRIPTION
.Fn ASN1_OBJECT_new
allocates and initializes an empty
.Vt ASN1_OBJECT
object, representing an ASN.1 OBJECT IDENTIFIER.
It can hold a short name, a long name, a numeric identifier (NID),
and a sequence of integers identifying a node in the International
Object Identifier tree as specified in ITU-T recommendation X.660.
The new object is marked as dynamically allocated.
.Pp
Application programs normally use utility functions like
.Xr OBJ_nid2obj 3
rather than using
.Fn ASN1_OBJECT_new


directly.
.Pp
.Fn ASN1_OBJECT_free
has the following effects:
.Pp
All data contained in
.Fa a
that is marked as dynamically allocated is freed,
and the respective fields of
.Fa a
become empty.
Contained data not marked as dynamically allocated remains intact.
.Pp
If the object
.Fa a
itself is marked as dynamically allocated, it is freed.
Otherwise, the pointer
.Fa a

remains valid.
.Pp
If
.Fa a
is a
.Dv NULL
pointer or if neither the object itself nor any of its content
is marked as dynamically allocated, no action occurs.
.Sh RETURN VALUES
If the allocation fails,
.Fn ASN1_OBJECT_new
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the new object.
.Sh SEE ALSO
.Xr d2i_ASN1_OBJECT 3 ,

.Xr OBJ_nid2obj 3
.Sh HISTORY
.Fn ASN1_OBJECT_new
and
.Fn ASN1_OBJECT_free
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/ASN1_STRING_length.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: July 17 2014 $
.Dt ASN1_STRING_LENGTH 3
.Os
.Sh NAME
.Nm ASN1_STRING_cmp ,
.Nm ASN1_STRING_data ,
.Nm ASN1_STRING_dup ,
.Nm ASN1_STRING_length ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: ASN1_STRING_length.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 99d63d46 Tue Jun 21 07:03:34 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson.
.\" Copyright (c) 2002, 2006, 2013, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt ASN1_STRING_LENGTH 3
.Os
.Sh NAME
.Nm ASN1_STRING_cmp ,
.Nm ASN1_STRING_data ,
.Nm ASN1_STRING_dup ,
.Nm ASN1_STRING_length ,
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157



158

159
160
161
162
163
164
165
.Xr free 3 .
.Pp
.Fn ASN1_STRING_type
returns the type of
.Fa x ,
using standard constants such as
.Dv V_ASN1_OCTET_STRING .
.Sh NOTES
Almost all ASN1 types in OpenSSL are represented as
.Vt ASN1_STRING
structures.
Other types such as
.Vt ASN1_OCTET_STRING
are simply typedefed to
.Vt ASN1_STRING
and the functions call the
.Vt ASN1_STRING
equivalents.
.Vt ASN1_STRING
is also used for some
.Sy CHOICE
types which consist entirely of primitive string types such as
.Sy DirectoryString
and
.Sy Time .
.Pp
These functions should
.Em not
be used to examine or modify
.Vt ASN1_INTEGER
or
.Vt ASN1_ENUMERATED
types: the relevant
.Sy INTEGER
or
.Sy ENUMERATED
utility functions should be used instead.
.Pp
In general it cannot be assumed that the data returned by
.Fn ASN1_STRING_data
is NUL terminated, and it may contain embedded NUL characters.
The actual format of the data will depend on the actual string type itself:
for example for an IA5String the data will be ASCII,



for a BMPString two bytes per character in big endian format,

UTF8String will be in UTF8 format.
.Pp
Similar care should be take to ensure the data is in the correct format
when calling
.Fn ASN1_STRING_set .
.Sh SEE ALSO
.Xr ERR_get_error 3







|
|










|
<
|
|

|







|
<
<
<
|





|
>
>
>
|
>
|






166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

186
187
188
189
190
191
192
193
194
195
196
197



198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
.Xr free 3 .
.Pp
.Fn ASN1_STRING_type
returns the type of
.Fa x ,
using standard constants such as
.Dv V_ASN1_OCTET_STRING .
.Pp
Almost all ASN.1 types in OpenSSL are represented as
.Vt ASN1_STRING
structures.
Other types such as
.Vt ASN1_OCTET_STRING
are simply typedefed to
.Vt ASN1_STRING
and the functions call the
.Vt ASN1_STRING
equivalents.
.Vt ASN1_STRING
is also used for some CHOICE types which consist entirely of primitive

string types such as
.Vt DirectoryString
and
.Vt Time .
.Pp
These functions should
.Em not
be used to examine or modify
.Vt ASN1_INTEGER
or
.Vt ASN1_ENUMERATED
types: the relevant INTEGER or ENUMERATED utility functions should



be used instead.
.Pp
In general it cannot be assumed that the data returned by
.Fn ASN1_STRING_data
is NUL terminated, and it may contain embedded NUL characters.
The actual format of the data will depend on the actual string type itself:
for example for an
.Vt IA5String
the data will be ASCII, for a
.Vt BMPString
two bytes per character in big endian format, and a
.Vt UTF8String
will be in UTF8 format.
.Pp
Similar care should be take to ensure the data is in the correct format
when calling
.Fn ASN1_STRING_set .
.Sh SEE ALSO
.Xr ERR_get_error 3
Changes to jni/libressl/man/ASN1_STRING_new.3.

















1
2
3
4
5
6
7




































8
9
10
11
12


13



14





15







































16
17
18



19

20


21


22









23
24
25
26
27

28
29

30

31
32
33

34


35

36
37




38


39







40


41


42


43
44








45

46
47
48
49
50
51
52
53
54
55
56
57



58





































.Dd $Mdocdate: July 17 2014 $
.Dt ASN1_STRING_NEW 3
.Os
.Sh NAME
.Nm ASN1_STRING_new ,
.Nm ASN1_STRING_type_new ,
.Nm ASN1_STRING_free




































.Nd ASN1_STRING allocation functions
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_STRING *
.Fo ASN1_STRING_new


.Fa void



.Fc





.Ft ASN1_STRING *







































.Fo ASN1_STRING_type_new
.Fa "int type"
.Fc



.Ft void

.Fo ASN1_STRING_free


.Fa "ASN1_STRING *a"


.Fc









.Sh DESCRIPTION
.Fn ASN1_STRING_new
returns an allocated
.Vt ASN1_STRING
structure.

Its type is undefined.
.Pp

.Fn ASN1_STRING_type_new

returns an allocated
.Vt ASN1_STRING
structure of type

.Fa type .


.Pp

.Fn ASN1_STRING_free
frees up




.Fa a .


.Sh NOTES







Other string types call the ASN1_STRING functions.


For example


.Fn ASN1_OCTET_STRING_new


calls
.Fn ASN1_STRING_type V_ASN1_OCTET_STRING .








.Sh RETURN VALUES

.Fn ASN1_STRING_new
and
.Fn ASN1_STRING_type_new
return a valid
.Vt ASN1_STRING
structure or
.Dv NULL
if an error occurred.
.Pp
.Fn ASN1_STRING_free
does not return a value.
.Sh SEE ALSO



.Xr ERR_get_error 3




















>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|





|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
>
>
|
>
>
>
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
>

>
|
>
>
|
>
>
|
>
>
>
>
>
>
>
>
>

|
<

<
>
|

>
|
>
|

|
>
|
>
>
|
>
|
|
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
|
>
>
|
>
>
|
>
>
|
|
>
>
>
>
>
>
>
>

>
|
<
<
|

|

|
<
<
<

>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

144

145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198


199
200
201
202
203



204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
.\"	$OpenBSD: ASN1_STRING_new.3,v 1.10 2017/01/07 23:15:37 schwarze Exp $
.\"	OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt ASN1_STRING_NEW 3
.Os
.Sh NAME
.Nm ASN1_STRING_new ,
.Nm ASN1_STRING_type_new ,
.Nm ASN1_STRING_free ,
.Nm ASN1_OCTET_STRING_new ,
.Nm ASN1_OCTET_STRING_free ,
.Nm ASN1_BIT_STRING_new ,
.Nm ASN1_BIT_STRING_free ,
.Nm ASN1_INTEGER_new ,
.Nm ASN1_INTEGER_free ,
.Nm ASN1_ENUMERATED_new ,
.Nm ASN1_ENUMERATED_free ,
.Nm ASN1_UTF8STRING_new ,
.Nm ASN1_UTF8STRING_free ,
.Nm ASN1_IA5STRING_new ,
.Nm ASN1_IA5STRING_free ,
.Nm ASN1_UNIVERSALSTRING_new ,
.Nm ASN1_UNIVERSALSTRING_free ,
.Nm ASN1_BMPSTRING_new ,
.Nm ASN1_BMPSTRING_free ,
.Nm ASN1_GENERALSTRING_new ,
.Nm ASN1_GENERALSTRING_free ,
.Nm ASN1_T61STRING_new ,
.Nm ASN1_T61STRING_free ,
.Nm ASN1_VISIBLESTRING_new ,
.Nm ASN1_VISIBLESTRING_free ,
.Nm ASN1_PRINTABLESTRING_new ,
.Nm ASN1_PRINTABLESTRING_free ,
.Nm ASN1_PRINTABLE_new ,
.Nm ASN1_PRINTABLE_free ,
.Nm DIRECTORYSTRING_new ,
.Nm DIRECTORYSTRING_free ,
.Nm DISPLAYTEXT_new ,
.Nm DISPLAYTEXT_free ,
.Nm ASN1_GENERALIZEDTIME_new ,
.Nm ASN1_GENERALIZEDTIME_free ,
.Nm ASN1_UTCTIME_new ,
.Nm ASN1_UTCTIME_free ,
.Nm ASN1_TIME_new ,
.Nm ASN1_TIME_free
.Nd allocate and free ASN1_STRING objects
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_STRING *
.Fn ASN1_STRING_new void
.Ft ASN1_STRING *
.Fn ASN1_STRING_type_new "int type"
.Ft void
.Fn ASN1_STRING_free "ASN1_STRING *a"
.Ft ASN1_OCTET_STRING *
.Fn ASN1_OCTET_STRING_new void
.Ft void
.Fn ASN1_OCTET_STRING_free "ASN1_OCTET_STRING *a"
.Ft ASN1_BIT_STRING *
.Fn ASN1_BIT_STRING_new void
.Ft void
.Fn ASN1_BIT_STRING_free "ASN1_BIT_STRING *a"
.Ft ASN1_INTEGER *
.Fn ASN1_INTEGER_new void
.Ft void
.Fn ASN1_INTEGER_free "ASN1_INTEGER *a"
.Ft ASN1_ENUMERATED *
.Fn ASN1_ENUMERATED_new void
.Ft void
.Fn ASN1_ENUMERATED_free "ASN1_ENUMERATED *a"
.Ft ASN1_UTF8STRING *
.Fn ASN1_UTF8STRING_new void
.Ft void
.Fn ASN1_UTF8STRING_free "ASN1_UTF8STRING *a"
.Ft ASN1_IA5STRING *
.Fn ASN1_IA5STRING_new void
.Ft void
.Fn ASN1_IA5STRING_free "ASN1_IA5STRING *a"
.Ft ASN1_UNIVERSALSTRING *
.Fn ASN1_UNIVERSALSTRING_new void
.Ft void
.Fn ASN1_UNIVERSALSTRING_free "ASN1_UNIVERSALSTRING *a"
.Ft ASN1_BMPSTRING *
.Fn ASN1_BMPSTRING_new void
.Ft void
.Fn ASN1_BMPSTRING_free "ASN1_BMPSTRING *a"
.Ft ASN1_GENERALSTRING *
.Fn ASN1_GENERALSTRING_new void
.Ft void
.Fn ASN1_GENERALSTRING_free "ASN1_GENERALSTRING *a"
.Ft ASN1_T61STRING *
.Fn ASN1_T61STRING_new void
.Ft void
.Fn ASN1_T61STRING_free "ASN1_T61STRING *a"
.Ft ASN1_VISIBLESTRING *
.Fn ASN1_VISIBLESTRING_new void
.Ft void
.Fn ASN1_VISIBLESTRING_free "ASN1_VISIBLESTRING *a"
.Ft ASN1_PRINTABLESTRING *
.Fn ASN1_PRINTABLESTRING_new void
.Ft void
.Fn ASN1_PRINTABLESTRING_free "ASN1_PRINTABLESTRING *a"
.Ft ASN1_STRING *
.Fn ASN1_PRINTABLE_new void
.Ft void
.Fn ASN1_PRINTABLE_free "ASN1_STRING *a"
.Ft ASN1_STRING *
.Fn DIRECTORYSTRING_new void
.Ft void
.Fn DIRECTORYSTRING_free "ASN1_STRING *a"
.Ft ASN1_STRING *
.Fn DISPLAYTEXT_new void
.Ft void
.Fn DISPLAYTEXT_free "ASN1_STRING *a"
.Ft ASN1_GENERALIZEDTIME *
.Fn ASN1_GENERALIZEDTIME_new void
.Ft void
.Fn ASN1_GENERALIZEDTIME_free "ASN1_GENERALIZEDTIME *a"
.Ft ASN1_UTCTIME *
.Fn ASN1_UTCTIME_new void
.Ft void
.Fn ASN1_UTCTIME_free "ASN1_UTCTIME *a"
.Ft ASN1_TIME *
.Fn ASN1_TIME_new void
.Ft void
.Fn ASN1_TIME_free "ASN1_TIME *a"
.Sh DESCRIPTION
The

.Vt ASN1_STRING

object can represent a variety of ASN.1 built-in types.
It can store a type and a value.
.Pp
All the
.Fn *_new
functions
allocate and initialize an empty
.Vt ASN1_STRING
object.
The following table shows the type assigned to the new object,
and which ASN.1 type it represents.
.Bl -column "ASN1_GENERALIZEDTIME_new()" "V_ASN1_GENERALIZEDTIME"
.It Em constructor function     Ta Em OpenSSL type          Ta Em ASN.1 type
.It Ta
.It Fn ASN1_STRING_new          Ta Dv V_ASN1_OCTET_STRING
.It Fn ASN1_STRING_type_new     Ta Fa type No argument
.It Ta
.It Fn ASN1_OCTET_STRING_new    Ta Dv V_ASN1_OCTET_STRING    Ta OCTET STRING
.It Fn ASN1_BIT_STRING_new      Ta Dv V_ASN1_BIT_STRING      Ta BIT STRING
.It Fn ASN1_INTEGER_new         Ta Dv V_ASN1_INTEGER         Ta INTEGER
.It Fn ASN1_ENUMERATED_new      Ta Dv V_ASN1_ENUMERATED      Ta ENUMERATED
.It Ta
.It Fn ASN1_UTF8STRING_new      Ta Dv V_ASN1_UTF8STRING      Ta UTF8String
.It Fn ASN1_IA5STRING_new       Ta Dv V_ASN1_IA5STRING       Ta IA5String
.It Ta
.It Fn ASN1_UNIVERSALSTRING_new Ta Dv V_ASN1_UNIVERSALSTRING Ta UniversalString
.It Fn ASN1_BMPSTRING_new       Ta Dv V_ASN1_BMPSTRING       Ta BMPString
.It Fn ASN1_GENERALSTRING_new   Ta Dv V_ASN1_GENERALSTRING   Ta GeneralString
.It Fn ASN1_T61STRING_new       Ta Dv V_ASN1_T61STRING       Ta T61String
.It Fn ASN1_VISIBLESTRING_new   Ta Dv V_ASN1_VISIBLESTRING   Ta VisibleString
.It Fn ASN1_PRINTABLESTRING_new Ta Dv V_ASN1_PRINTABLESTRING Ta PrintableString
.It Ta
.It Fn ASN1_PRINTABLE_new       Ta Dv V_ASN1_UNDEF
.It Fn DIRECTORYSTRING_new      Ta Dv V_ASN1_UNDEF
.It Fn DISPLAYTEXT_new          Ta Dv V_ASN1_UNDEF
.It Ta
.It Fn ASN1_GENERALIZEDTIME_new Ta Dv V_ASN1_GENERALIZEDTIME Ta GeneralizedTime
.It Fn ASN1_UTCTIME_new         Ta Dv V_ASN1_UTCTIME         Ta UTCTime
.It Fn ASN1_TIME_new            Ta Dv V_ASN1_UNDEF           Ta TIME
.El
.Pp
All the
.Fa *_free
functions free
.Fa a
including any data contained in it.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Sh RETURN VALUES
All the
.Fa *_new


functions return the new
.Vt ASN1_STRING
object or
.Dv NULL
if an error occurs.



.Sh SEE ALSO
.Xr ASN1_time_parse 3 ,
.Xr ASN1_TIME_set 3 ,
.Xr d2i_ASN1_OCTET_STRING 3 ,
.Xr ERR_get_error 3
.Sh BUGS
.Vt ASN1_OCTET_STRING ,
.Vt ASN1_BIT_STRING ,
.Vt ASN1_INTEGER ,
.Vt ASN1_ENUMERATED ,
.Vt ASN1_UTF8STRING ,
.Vt ASN1_IA5STRING ,
.Vt ASN1_UNIVERSALSTRING ,
.Vt ASN1_BMPSTRING ,
.Vt ASN1_GENERALSTRING ,
.Vt ASN1_T61STRING ,
.Vt ASN1_VISIBLESTRING ,
.Vt ASN1_PRINTABLESTRING ,
.Vt ASN1_GENERALIZEDTIME ,
.Vt ASN1_UTCTIME ,
and
.Vt ASN1_TIME
are merely typedef aliases of
.Vt ASN1_STRING
and provide no type safety whatsoever.
Changes to jni/libressl/man/ASN1_STRING_print_ex.3.




















































1
2
3
4
5
6
7

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26




27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57




58
59
60
61
62
63
64
65

66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151




















































.Dd $Mdocdate: July 17 2014 $
.Dt ASN1_STRING_PRINT_EX 3
.Os
.Sh NAME
.Nm ASN1_STRING_print_ex ,
.Nm ASN1_STRING_print_ex_fp ,
.Nm ASN1_STRING_print

.Nd ASN1_STRING output routines
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft int
.Fo ASN1_STRING_print_ex
.Fa "BIO *out"
.Fa "ASN1_STRING *str"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo ASN1_STRING_print_ex_fp
.Fa "FILE *fp"
.Fa "ASN1_STRING *str"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo ASN1_STRING_print
.Fa "BIO *out"
.Fa "ASN1_STRING *str"




.Fc
.Sh DESCRIPTION
These functions output an
.Vt ASN1_STRING
structure.
.Vt ASN1_STRING
is used to
represent all the ASN1 string types.
.Pp
.Fn ASN1_STRING_print_ex
outputs
.Fa str
to
.Fa out ,
the format is determined by the options
.Fa flags .
.Fn ASN1_STRING_print_ex_fp
is identical except it outputs to
.Fa fp
instead.
.Pp
.Fn ASN1_STRING_print
prints
.Fa str
to
.Fa out
but using a different format to
.Fn ASN1_STRING_print_ex .
It replaces unprintable characters (other than CR, LF) with
.Sq \&. .
.Sh NOTES




.Fn ASN1_STRING_print
is a legacy function which should be avoided in new
applications.
.Pp
Although there are a large number of options frequently
.Dv ASN1_STRFLGS_RFC2253
is suitable, or on UTF8 terminals
.Dv ASN1_STRFLGS_RFC2253 No &

.Pf ~ Dv ASN1_STRFLGS_ESC_MSB .
.Pp
The complete set of supported options for
.Fa flags
is listed below.
.Pp
Various characters can be escaped.
If
.Dv ASN1_STRFLGS_ESC_2253
is set, the characters determined by RFC2253 are escaped.
If
.Dv ASN1_STRFLGS_ESC_CTRL
is set, control characters are escaped.
If
.Dv ASN1_STRFLGS_ESC_MSB
is set, characters with the MSB set are escaped: this option should
.Em not
be used if the terminal correctly interprets UTF8 sequences.
.Pp
Escaping takes several forms.
.Pp
If the character being escaped is a 16 bit character then the form "\eUXXXX"
is used using exactly four characters for the hex representation.
If it is 32 bits then "\eWXXXXXXXX" is used using eight characters
of its hex representation.
These forms will only be used if UTF8 conversion is not set (see below).
.Pp
Printable characters are normally escaped using the backslash
.Pq Sq \e
character.
If
.Dv ASN1_STRFLGS_ESC_QUOTE
is set, then the whole string is instead surrounded by double quote
characters: this is arguably more readable than the backslash notation.
Other characters use the "\eXX" using exactly two characters of the hex
representation.
.Pp
If
.Dv ASN1_STRFLGS_UTF8_CONVERT
is set, then characters are converted to UTF8 format first.
If the terminal supports the display of UTF8 sequences then this
option will correctly display multi byte characters.
.Pp
If
.Dv ASN1_STRFLGS_IGNORE_TYPE
is set, then the string type is not interpreted at all:
everything is assumed to be one byte per character.
This is primarily for debugging purposes and can result
in confusing output in multi character strings.
.Pp
If
.Dv ASN1_STRFLGS_SHOW_TYPE
is set, then the string type itself is printed out before its value
(for example "BMPSTRING"), this actually uses
.Fn ASN1_tag2str .
.Pp
The content of a string instead of being interpreted can be "dumped":
this just outputs the value of the string using the form #XXXX
using hex format for each octet.
.Pp
If
.Dv ASN1_STRFLGS_DUMP_ALL
is set, then any type is dumped.
.Pp
Normally non character string types (such as OCTET STRING)
are assumed to be one byte per character; if
.Dv ASN1_STRFLGS_DUMP_UNKNOWN
is set, then they will be dumped instead.
.Pp
When a type is dumped normally just the content octets are printed; if
.Dv ASN1_STRFLGS_DUMP_DER
is set, then the complete encoding is dumped
instead (including tag and length octets).
.Pp
.Dv ASN1_STRFLGS_RFC2253
includes all the flags required by RFC2253.
It is equivalent to
.Dv ASN1_STRFLGS_ESC_2253 |
.Dv ASN1_STRFLGS_ESC_CTRL |
.Dv ASN1_STRFLGS_ESC_MSB |
.Dv ASN1_STRFLGS_UTF8_CONVERT |
.Dv ASN1_STRFLGS_DUMP_UNKNOWN |
.Dv ASN1_STRFLGS_DUMP_DER .
.Sh SEE ALSO
.Xr ASN1_tag2str 3 ,
.Xr X509_NAME_print_ex 3
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|





|
>



















>
>
>
>







|






|















|
>
>
>
>




|

|
|
>









|







|


<
|



|













|
|
|






|



|
|


|







|










|








<

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210

211
.\"	$OpenBSD: ASN1_STRING_print_ex.3,v 1.7 2017/03/25 16:30:10 schwarze Exp $
.\"	OpenSSL 9e183d22 Sat Mar 11 08:56:44 2017 -0500
.\"	OpenSSL bb9ad09e Mon Jun 6 00:43:05 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson.
.\" Copyright (c) 2002, 2004, 2007, 2013, 2016, 2017 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 25 2017 $
.Dt ASN1_STRING_PRINT_EX 3
.Os
.Sh NAME
.Nm ASN1_STRING_print_ex ,
.Nm ASN1_STRING_print_ex_fp ,
.Nm ASN1_STRING_print ,
.Nm ASN1_tag2str
.Nd ASN1_STRING output routines
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft int
.Fo ASN1_STRING_print_ex
.Fa "BIO *out"
.Fa "ASN1_STRING *str"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo ASN1_STRING_print_ex_fp
.Fa "FILE *fp"
.Fa "ASN1_STRING *str"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo ASN1_STRING_print
.Fa "BIO *out"
.Fa "ASN1_STRING *str"
.Fc
.Ft const char *
.Fo ASN1_tag2str
.Fa "int tag"
.Fc
.Sh DESCRIPTION
These functions output an
.Vt ASN1_STRING
structure.
.Vt ASN1_STRING
is used to
represent all the ASN.1 string types.
.Pp
.Fn ASN1_STRING_print_ex
outputs
.Fa str
to
.Fa out ,
the format being determined by the options
.Fa flags .
.Fn ASN1_STRING_print_ex_fp
is identical except it outputs to
.Fa fp
instead.
.Pp
.Fn ASN1_STRING_print
prints
.Fa str
to
.Fa out
but using a different format to
.Fn ASN1_STRING_print_ex .
It replaces unprintable characters (other than CR, LF) with
.Sq \&. .
.Pp
.Fn ASN1_tag2str
returns a human-readable name of the specified ASN.1
.Fa tag .
.Pp
.Fn ASN1_STRING_print
is a legacy function which should be avoided in new
applications.
.Pp
Although there are a large number of options,
.Dv ASN1_STRFLGS_RFC2253
is often suitable, or on UTF-8 terminals
.Dv ASN1_STRFLGS_RFC2253
and
.Pf ~ Dv ASN1_STRFLGS_ESC_MSB .
.Pp
The complete set of supported options for
.Fa flags
is listed below.
.Pp
Various characters can be escaped.
If
.Dv ASN1_STRFLGS_ESC_2253
is set, the characters determined by RFC 2253 are escaped.
If
.Dv ASN1_STRFLGS_ESC_CTRL
is set, control characters are escaped.
If
.Dv ASN1_STRFLGS_ESC_MSB
is set, characters with the MSB set are escaped: this option should
.Em not
be used if the terminal correctly interprets UTF-8 sequences.
.Pp
Escaping takes several forms.

If the character being escaped is a 16-bit character then the form "\eUXXXX"
is used using exactly four characters for the hex representation.
If it is 32 bits then "\eWXXXXXXXX" is used using eight characters
of its hex representation.
These forms will only be used if UTF-8 conversion is not set (see below).
.Pp
Printable characters are normally escaped using the backslash
.Pq Sq \e
character.
If
.Dv ASN1_STRFLGS_ESC_QUOTE
is set, then the whole string is instead surrounded by double quote
characters: this is arguably more readable than the backslash notation.
Other characters use the "\eXX" using exactly two characters of the hex
representation.
.Pp
If
.Dv ASN1_STRFLGS_UTF8_CONVERT
is set, then characters are converted to UTF-8 format first.
If the terminal supports the display of UTF-8 sequences then this
option will correctly display multi-byte characters.
.Pp
If
.Dv ASN1_STRFLGS_IGNORE_TYPE
is set, then the string type is not interpreted at all:
everything is assumed to be one byte per character.
This is primarily for debugging purposes and can result
in confusing output in multi-character strings.
.Pp
If
.Dv ASN1_STRFLGS_SHOW_TYPE
is set, then the string type itself is printed before its value
(for example "BMPSTRING"), using
.Fn ASN1_tag2str .
.Pp
Instead of being interpreted the contents of a string can be "dumped":
this just outputs the value of the string using the form #XXXX
using hex format for each octet.
.Pp
If
.Dv ASN1_STRFLGS_DUMP_ALL
is set, then any type is dumped.
.Pp
Normally non-character string types (such as OCTET STRING)
are assumed to be one byte per character; if
.Dv ASN1_STRFLGS_DUMP_UNKNOWN
is set, then they will be dumped instead.
.Pp
When a type is dumped normally just the content octets are printed; if
.Dv ASN1_STRFLGS_DUMP_DER
is set, then the complete encoding is dumped
instead (including tag and length octets).
.Pp
.Dv ASN1_STRFLGS_RFC2253
includes all the flags required by RFC 2253.
It is equivalent to
.Dv ASN1_STRFLGS_ESC_2253 |
.Dv ASN1_STRFLGS_ESC_CTRL |
.Dv ASN1_STRFLGS_ESC_MSB |
.Dv ASN1_STRFLGS_UTF8_CONVERT |
.Dv ASN1_STRFLGS_DUMP_UNKNOWN |
.Dv ASN1_STRFLGS_DUMP_DER .
.Sh SEE ALSO

.Xr X509_NAME_print_ex 3
Added jni/libressl/man/ASN1_TIME_set.3.












































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
.\"	$OpenBSD: ASN1_TIME_set.3,v 1.2 2016/11/10 15:08:13 jmc Exp $
.\"	OpenSSL 99d63d46 Mon Jun 6 00:43:05 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 10 2016 $
.Dt ASN1_TIME_SET 3
.Os
.Sh NAME
.Nm ASN1_TIME_set ,
.Nm ASN1_TIME_adj ,
.Nm ASN1_TIME_set_string ,
.Nm ASN1_TIME_check ,
.Nm ASN1_TIME_print
.Nd ASN.1 Time functions
.Sh SYNOPSIS
.Ft ASN1_TIME *
.Fo ASN1_TIME_set
.Fa "ASN1_TIME *s"
.Fa "time_t t"
.Fc
.Ft ASN1_TIME *
.Fo ASN1_TIME_adj
.Fa "ASN1_TIME *s"
.Fa "time_t t"
.Fa "int offset_day"
.Fa "long offset_sec"
.Fc
.Ft int
.Fo ASN1_TIME_set_string
.Fa "ASN1_TIME *s"
.Fa "const char *str"
.Fc
.Ft int
.Fo ASN1_TIME_check
.Fa "const ASN1_TIME *t"
.Fc
.Ft int
.Fo ASN1_TIME_print
.Fa "BIO *b"
.Fa "const ASN1_TIME *s"
.Fc
.Sh DESCRIPTION
The function
.Fn ASN1_TIME_set
sets the
.Vt ASN1_TIME
structure
.Fa s
to the time represented by the
.Vt time_t
value
.Fa t .
If
.Fa s
is
.Dv NULL ,
a new
.Vt ASN1_TIME
structure is allocated and returned.
.Pp
.Fn ASN1_TIME_adj
sets the
.Vt ASN1_TIME
structure
.Fa s
to the time represented by the time
.Fa offset_day
and
.Fa offset_sec
after the
.Vt time_t
value
.Fa t .
The values of
.Fa offset_day
or
.Fa offset_sec
can be negative to set a time before
.Fa t .
The
.Fa offset_sec
value can also exceed the number of seconds in a day.
If
.Fa s
is
.Dv NULL ,
a new
.Vt ASN1_TIME
structure is allocated and returned.
.Pp
.Fn ASN1_TIME_set_string
sets the
.Vt ASN1_TIME
structure
.Fa s
to the time represented by the string
.Fa str ,
which must be in appropriate ASN.1 time format (for example
YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ).
.Pp
.Fn ASN1_TIME_check
checks the syntax of the
.Vt ASN1_TIME
structure
.Fa s .
.Pp
.Fn ASN1_TIME_print
prints out the time
.Fa s
to
.Vt BIO
.Fa b
in human readable format.
It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3
00:55:52 2015 GMT".
It does not include a newline.
If the time structure has an invalid format,
it prints out "Bad time value" and returns an error.
.Pp
The
.Vt ASN1_TIME
structure corresponds to the ASN.1 structure
.Sy Time
defined in RFC 5280 et al.
The time setting functions obey the rules outlined in RFC 5280: if the
date can be represented by UTCTime it is used, otherwise GeneralizedTime is
used.
.Pp
The
.Vt ASN1_TIME
structure is represented as an
.Vt ASN1_STRING
internally and can be freed up using
.Xr ASN1_STRING_free 3 .
.Pp
The
.Vt ASN1_TIME
structure can represent years from 0000 to 9999 but no attempt is
made to correct ancient calendar changes (for example from Julian
to Gregorian calendars).
.Sh RETURN VALUES
.Fn ASN1_TIME_set
and
.Fn ASN1_TIME_adj
return a pointer to an
.Vt ASN1_TIME
structure or
.Dv NULL
if an error occurred.
.Pp
.Fn ASN1_TIME_set_string
returns 1 if the time value is successfully set or 0 otherwise.
.Pp
.Fn ASN1_TIME_check
returns 1 if the structure is syntactically correct or 0 otherwise.
.Pp
.Fn ASN1_TIME_print
returns 1 if the time is successfully printed out or 0 if an error
occurred (I/O error or invalid time format).
.Sh EXAMPLES
Set a time structure to one hour after the current time and print it
out:
.Bd -literal -offset indent
#include <time.h>
#include <openssl/asn1.h>

ASN1_TIME *tm;
time_t t;
BIO *b;

t = time(NULL);
tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
b = BIO_new_fp(stdout, BIO_NOCLOSE);
ASN1_TIME_print(b, tm);
ASN1_STRING_free(tm);
BIO_free(b);
.Ed
.Sh CAVEATS
Some applications add offset times directly to a
.Vt time_t
value and pass the results to
.Fn ASN1_TIME_set
(or equivalent).
This can cause problems as the
.Vt time_t
value can overflow on some systems resulting in unexpected results.
New applications should use
.Fn ASN1_TIME_adj
instead and pass the offset value in the
.Fa offset_sec
and
.Fa offset_day
parameters instead of directly manipulating a
.Vt time_t
value.
.Sh BUGS
.Fn ASN1_TIME_print
currently does not print out the time zone: it either prints out "GMT"
or nothing.
But all certificates complying with RFC 5280 et al use GMT anyway.
Added jni/libressl/man/ASN1_TYPE_get.3.
















































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
.\"	$OpenBSD: ASN1_TYPE_get.3,v 1.3 2017/01/03 20:15:47 schwarze Exp $
.\"	OpenSSL 99d63d46 Mon Jun 6 00:43:05 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 3 2017 $
.Dt ASN1_TYPE_GET 3
.Os
.Sh NAME
.Nm ASN1_TYPE_new ,
.Nm ASN1_TYPE_free ,
.Nm ASN1_TYPE_get ,
.Nm ASN1_TYPE_set ,
.Nm ASN1_TYPE_set1 ,
.Nm ASN1_TYPE_cmp
.Nd ASN.1 objects of arbitrary type
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_TYPE *
.Fn ASN1_TYPE_new void
.Ft void
.Fn ASN1_TYPE_free "ASN1_TYPE *a"
.Ft int
.Fo ASN1_TYPE_get
.Fa "ASN1_TYPE *a"
.Fc
.Ft void
.Fo ASN1_TYPE_set
.Fa "ASN1_TYPE *a"
.Fa "int type"
.Fa "void *value"
.Fc
.Ft int
.Fo ASN1_TYPE_set1
.Fa "ASN1_TYPE *a"
.Fa "int type"
.Fa "const void *value"
.Fc
.Ft int
.Fo ASN1_TYPE_cmp
.Fa "ASN1_TYPE *a"
.Fa "ASN1_TYPE *b"
.Fc
.Sh DESCRIPTION
.Vt ASN1_TYPE
represents the ASN.1 ANY type.
An
.Vt ASN1_TYPE
object can store an ASN.1 value of arbitrary type,
including constructed types such as a SEQUENCE.
It also remembers internally which type it currently holds.
.Pp
.Fn ASN1_TYPE_new
allocates and initializes an empty
.Vt ASN1_TYPE
object of undefined type.
.Pp
.Fn ASN1_TYPE_free
frees
.Fa a
including the value stored in it, if any.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn ASN1_TYPE_get
returns the type of
.Fa a ,
represented by one of the
.Dv V_ASN1_*
constants defined in
.In openssl/asn1.h .
.Pp
.Fn ASN1_TYPE_set
frees the value contained in
.Fa a ,
if any, and sets
.Fa a
to
.Fa type
and
.Fa value .
This function uses the pointer
.Fa value
internally so it must
.Sy not
be freed up after the call.
.Pp
.Fn ASN1_TYPE_set1
sets the type of
.Fa a
to
.Fa type
and its value to a copy of
.Fa value .
If copying succeeds, the previous value that was contained in
.Fa a
is freed.
If copying fails,
.Fa a
remains unchanged.
.Pp
The type and meaning of the
.Fa value
argument of
.Fn ASN1_TYPE_set
and
.Fn ASN1_TYPE_set1
is determined by the
.Fa type
argument.
If
.Fa type
is
.Dv V_ASN1_NULL ,
.Fa value
is ignored.
If
.Fa type
is
.Dv V_ASN1_BOOLEAN ,
then the boolean is set to TRUE if
.Fa value
is not
.Dv NULL .
If
.Fa type
is
.Dv V_ASN1_OBJECT ,
then
.Fa value
is an
.Vt ASN1_OBJECT
structure.
Otherwise
.Fa type
is an
.Vt ASN1_STRING
structure.
If
.Fa type
corresponds to a primitive type or a string type, then the contents
of the
.Vt ASN1_STRING
contains the content octets of the type.
If
.Fa type
corresponds to a constructed type or a tagged type
.Pq Dv V_ASN1_SEQUENCE , V_ASN1_SET , No or Dv V_ASN1_OTHER ,
then the
.Vt ASN1_STRING
contains the entire ASN.1 encoding verbatim, including tag and
length octets.
.Pp
.Fn ASN1_TYPE_cmp
checks that
.Fa a
and
.Fa b
have the same type, the same value, and are encoded in the same way.
.Pp
If the types agree and the values have the same meaning but are
encoded differently, they are considered different.
For example, a boolean value is represented
using a single content octet.
Under BER, any non-zero octet represents the TRUE value, but
.Fn ASN1_TYPE_cmp
will only report a match if the content octet is the same.
.Pp
If either or both of the arguments passed to
.Fn ASN1_TYPE_cmp
is
.Dv NULL ,
the result is a mismatch.
Technically, if both arguments are
.Dv NULL ,
the two types could be absent OPTIONAL fields and so should match,
however passing
.Dv NULL
values could also indicate a programming error (for example an
unparseable type which returns
.Dv NULL )
for types which do
.Sy not
match.
So applications should handle the case of two absent values separately.
.Sh RETURN VALUES
.Fn ASN1_TYPE_new
returns the new
.Vt ASN1_TYPE
object or
.Dv NULL
if an error occurs.
.Pp
.Fn ASN1_TYPE_get
returns the type of
.Fa a
or 0 if an error occurs.
The latter can happen if
.Fa a
does not contain a value even though its type is not
.Dv V_ASN1_NULL .
For example, it will always happen for empty objects
newly constructed with
.Fn ASN1_TYPE_new .
.Pp
.Fn ASN1_TYPE_set1
returns 1 if the copying succeeds or 0 if it fails.
.Pp
.Fn ASN1_TYPE_cmp
returns 0 for a match or non-zero for a mismatch.
.Sh SEE ALSO
.Xr ASN1_item_free 3 ,
.Xr ASN1_STRING_dup 3 ,
.Xr d2i_ASN1_TYPE 3 ,
.Xr OBJ_dup 3
Changes to jni/libressl/man/ASN1_generate_nconf.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28



















































.Dd $Mdocdate: September 9 2015 $
.Dt ASN1_GENERATE_NCONF 3
.Os
.Sh NAME
.Nm ASN1_generate_nconf ,
.Nm ASN1_generate_v3
.Nd ASN1 generation functions
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_TYPE *
.Fo ASN1_generate_nconf
.Fa "char *str"
.Fa "CONF *nconf"
.Fc
.Ft ASN1_TYPE *
.Fo ASN1_generate_v3
.Fa "char *str"
.Fa "X509V3_CTX *cnf"
.Fc
.Sh DESCRIPTION
These functions generate the ASN1 encoding of a string in an
.Vt ASN1_TYPE
structure.
.Pp
.Fa str
contains the string to encode
.Fa nconf
or
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|





|













|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
.\"	$OpenBSD: ASN1_generate_nconf.3,v 1.9 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 05ea606a Fri May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson.
.\" Copyright (c) 2002, 2003, 2006-2009, 2013-2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt ASN1_GENERATE_NCONF 3
.Os
.Sh NAME
.Nm ASN1_generate_nconf ,
.Nm ASN1_generate_v3
.Nd ASN.1 generation functions
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_TYPE *
.Fo ASN1_generate_nconf
.Fa "char *str"
.Fa "CONF *nconf"
.Fc
.Ft ASN1_TYPE *
.Fo ASN1_generate_v3
.Fa "char *str"
.Fa "X509V3_CTX *cnf"
.Fc
.Sh DESCRIPTION
These functions generate the ASN.1 encoding of a string in an
.Vt ASN1_TYPE
structure.
.Pp
.Fa str
contains the string to encode
.Fa nconf
or
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
are acceptable.
.It Cm NULL
Encode the NULL type.
The
.Ar value
string must not be present.
.It Cm INTEGER , INT
Encodes an ASN1 INTEGER type.
The
.Ar value
string represents the value of the integer.
It can be prefaced by a minus sign
and is normally interpreted as a decimal value unless the prefix
.Cm 0x
is included.
.It Cm ENUMERATED , ENUM
Encodes the ASN1 ENUMERATED type.
It is otherwise identical to
.Cm INTEGER .
.It Cm OBJECT , OID
Encodes an ASN1 OBJECT IDENTIFIER.
The
.Ar value
string can be a short name, a long name, or numerical format.
.It Cm UTCTIME , UTC
Encodes an ASN1 UTCTime structure.
The value should be in the format
.Ar YYMMDDHHMMSSZ .
.It Cm GENERALIZEDTIME , GENTIME
Encodes an ASN1 GeneralizedTime structure.
The value should be in the format
.Ar YYYYMMDDHHMMSSZ .
.It Cm OCTETSTRING , OCT
Encodes an ASN1 OCTET STRING.
.Ar value
represents the contents of this structure.
The format strings
.Cm ASCII
and
.Cm HEX
can be used to specify the format of
.Ar value .
.It Cm BITSTRING , BITSTR
Encodes an ASN1 BIT STRING.
.Ar value
represents the contents of this structure.
The format strings
.Cm ASCII ,
.Cm HEX ,
and
.Cm BITLIST
can be used to specify the format of
.Ar value .
.Pp
If the format is anything other than
.Cm BITLIST ,
the number of unused bits is set to zero.
.It Xo 
.Cm BMPSTRING , BMP ,
.Cm GeneralString ,
.Cm IA5STRING , IA5 ,
.Cm NUMERICSTRING , NUMERIC ,
.Cm PRINTABLESTRING , PRINTABLE ,
.Cm T61STRING , T61 ,
.Cm TELETEXSTRING ,
.Cm UNIVERSALSTRING , UNIV ,
.Cm UTF8String , UTF8 ,
.Cm VISIBLESTRING , VISIBLE
.Xc
These encode the corresponding string types.
.Ar value
represents the contents of this structure.
The format can be
.Cm ASCII
or
.Cm UTF8 .
.It Cm SEQUENCE , SEQ , SET
Formats the result as an ASN1 SEQUENCE or SET type.
.Ar value
should be a section name which will contain the contents.
The field names in the section are ignored
and the values are in the generated string format.
If
.Ar value
is absent, then an empty SEQUENCE will be encoded.







|








|



|




|



|



|









|













|



















|







138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
are acceptable.
.It Cm NULL
Encode the NULL type.
The
.Ar value
string must not be present.
.It Cm INTEGER , INT
Encodes an ASN.1 INTEGER type.
The
.Ar value
string represents the value of the integer.
It can be prefaced by a minus sign
and is normally interpreted as a decimal value unless the prefix
.Cm 0x
is included.
.It Cm ENUMERATED , ENUM
Encodes the ASN.1 ENUMERATED type.
It is otherwise identical to
.Cm INTEGER .
.It Cm OBJECT , OID
Encodes an ASN.1 OBJECT IDENTIFIER.
The
.Ar value
string can be a short name, a long name, or numerical format.
.It Cm UTCTIME , UTC
Encodes an ASN.1 UTCTime structure.
The value should be in the format
.Ar YYMMDDHHMMSSZ .
.It Cm GENERALIZEDTIME , GENTIME
Encodes an ASN.1 GeneralizedTime structure.
The value should be in the format
.Ar YYYYMMDDHHMMSSZ .
.It Cm OCTETSTRING , OCT
Encodes an ASN.1 OCTET STRING.
.Ar value
represents the contents of this structure.
The format strings
.Cm ASCII
and
.Cm HEX
can be used to specify the format of
.Ar value .
.It Cm BITSTRING , BITSTR
Encodes an ASN.1 BIT STRING.
.Ar value
represents the contents of this structure.
The format strings
.Cm ASCII ,
.Cm HEX ,
and
.Cm BITLIST
can be used to specify the format of
.Ar value .
.Pp
If the format is anything other than
.Cm BITLIST ,
the number of unused bits is set to zero.
.It Xo
.Cm BMPSTRING , BMP ,
.Cm GeneralString ,
.Cm IA5STRING , IA5 ,
.Cm NUMERICSTRING , NUMERIC ,
.Cm PRINTABLESTRING , PRINTABLE ,
.Cm T61STRING , T61 ,
.Cm TELETEXSTRING ,
.Cm UNIVERSALSTRING , UNIV ,
.Cm UTF8String , UTF8 ,
.Cm VISIBLESTRING , VISIBLE
.Xc
These encode the corresponding string types.
.Ar value
represents the contents of this structure.
The format can be
.Cm ASCII
or
.Cm UTF8 .
.It Cm SEQUENCE , SEQ , SET
Formats the result as an ASN.1 SEQUENCE or SET type.
.Ar value
should be a section name which will contain the contents.
The field names in the section are ignored
and the values are in the generated string format.
If
.Ar value
is absent, then an empty SEQUENCE will be encoded.
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

238
239
240


241
242
243
244


245
246
247
248
249
250
251
252
253
254

255
256
257
258
259
260
261
262
263
264
265


266
267
268
269
270
271
272
If no format specifier is included, then
.Cm ASCII
is used.
If
.Cm UTF8
is specified, then the
.Ar value
string must be a valid UTF8 string.
For
.Cm HEX ,
the output must be a set of hex digits.
.Cm BITLIST
(which is only valid for a BIT STRING) is a comma separated list
of the indices of the set bits, all other bits are zero.
.El
.Sh RETURN VALUES
.Fn ASN1_generate_nconf
and
.Fn ASN1_generate_v3
return the encoded data as an
.Vt ASN1_TYPE
structure or
.Dv NULL
if an error occurred.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh EXAMPLES
A simple IA5String:

.Pp
.Dl IA5STRING:Hello World
.Pp


An IA5String explicitly tagged:
.Pp
.Dl EXPLICIT:0,IA5STRING:Hello World
.Pp


An IA5String explicitly tagged using APPLICATION tagging:
.Pp
.Dl EXPLICIT:0A,IA5STRING:Hello World
.Pp
A BITSTRING with bits 1 and 5 set and all others zero:
.Pp
.Dl FORMAT:BITLIST,BITSTRING:1,5
.Pp
A more complex example using a config file to produce a
SEQUENCE consisting of a BOOL an OID and a UTF8String:

.Bd -literal -offset indent
asn1 = SEQUENCE:seq_section

[seq_section]

field1 = BOOLEAN:TRUE
field2 = OID:commonName
field3 = UTF8:Third field
.Ed
.Pp
This example produces an RSAPrivateKey structure.


This is the key contained in the file
.Pa client.pem
in all OpenSSL distributions.
Note that the field names such as
.Qq coeff
are ignored and are present just for clarity.
.Bd -literal -offset 2n







|




















|
>



>
>
|



>
>
|








|
>










|
>
>







260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
If no format specifier is included, then
.Cm ASCII
is used.
If
.Cm UTF8
is specified, then the
.Ar value
string must be a valid UTF-8 string.
For
.Cm HEX ,
the output must be a set of hex digits.
.Cm BITLIST
(which is only valid for a BIT STRING) is a comma separated list
of the indices of the set bits, all other bits are zero.
.El
.Sh RETURN VALUES
.Fn ASN1_generate_nconf
and
.Fn ASN1_generate_v3
return the encoded data as an
.Vt ASN1_TYPE
structure or
.Dv NULL
if an error occurred.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh EXAMPLES
A simple
.Vt IA5String :
.Pp
.Dl IA5STRING:Hello World
.Pp
An
.Vt IA5String
explicitly tagged:
.Pp
.Dl EXPLICIT:0,IA5STRING:Hello World
.Pp
An
.Vt IA5String
explicitly tagged using APPLICATION tagging:
.Pp
.Dl EXPLICIT:0A,IA5STRING:Hello World
.Pp
A BITSTRING with bits 1 and 5 set and all others zero:
.Pp
.Dl FORMAT:BITLIST,BITSTRING:1,5
.Pp
A more complex example using a config file to produce a
SEQUENCE consisting of a BOOL an OID and a
.Vt UTF8String :
.Bd -literal -offset indent
asn1 = SEQUENCE:seq_section

[seq_section]

field1 = BOOLEAN:TRUE
field2 = OID:commonName
field3 = UTF8:Third field
.Ed
.Pp
This example produces an
.Vt RSAPrivateKey
structure.
This is the key contained in the file
.Pa client.pem
in all OpenSSL distributions.
Note that the field names such as
.Qq coeff
are ignored and are present just for clarity.
.Bd -literal -offset 2n
294
295
296
297
298
299
300
301

302
303
304
305
306
307
308
exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e
E7B2458F

coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e
628657053A
.Ed
.Pp
This example is the corresponding public key in a SubjectPublicKeyInfo

structure:
.Bd -literal -offset 2n
# Start with a SEQUENCE
asn1=SEQUENCE:pubkeyinfo

# pubkeyinfo contains an algorithm identifier and the public key
# wrapped in a BIT STRING







|
>







353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e
E7B2458F

coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e
628657053A
.Ed
.Pp
This example is the corresponding public key in an ASN.1
.Vt SubjectPublicKeyInfo
structure:
.Bd -literal -offset 2n
# Start with a SEQUENCE
asn1=SEQUENCE:pubkeyinfo

# pubkeyinfo contains an algorithm identifier and the public key
# wrapped in a BIT STRING
319
320
321
322
323
324
325
326

327
328
329
330
331
[rsapubkey]
n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e
D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9

e=INTEGER:0x010001
.Ed
.Sh SEE ALSO
.Xr ERR_get_error 3

.Sh HISTORY
.Fn ASN1_generate_nconf
and
.Fn ASN1_generate_v3
were added to OpenSSL 0.9.8.







|
>





379
380
381
382
383
384
385
386
387
388
389
390
391
392
[rsapubkey]
n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e
D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9

e=INTEGER:0x010001
.Ed
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr x509v3.cnf 5
.Sh HISTORY
.Fn ASN1_generate_nconf
and
.Fn ASN1_generate_v3
were added to OpenSSL 0.9.8.
Added jni/libressl/man/ASN1_item_d2i.3.








































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
.\"     $OpenBSD: ASN1_item_d2i.3,v 1.4 2017/01/03 23:56:50 schwarze Exp $
.\"     OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2003, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 3 2017 $
.Dt ASN1_ITEM_D2I 3
.Os
.Sh NAME
.Nm ASN1_item_d2i ,
.Nm ASN1_item_d2i_bio ,
.Nm ASN1_item_d2i_fp ,
.Nm d2i_ASN1_TYPE ,
.Nm ASN1_item_i2d ,
.Nm ASN1_item_i2d_bio ,
.Nm ASN1_item_i2d_fp ,
.Nm i2d_ASN1_TYPE ,
.Nm ASN1_item_dup ,
.Nm ASN1_item_print
.Nd decode and encode ASN.1 objects
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_VALUE *
.Fo ASN1_item_d2i
.Fa "ASN1_VALUE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fa "const ASN1_ITEM *it"
.Fc
.Ft void *
.Fo ASN1_item_d2i_bio
.Fa "const ASN1_ITEM *it"
.Fa "BIO *in_bio"
.Fa "void *val_out"
.Fc
.Ft void *
.Fo ASN1_item_d2i_fp
.Fa "const ASN1_ITEM *it"
.Fa "FILE *in_fp"
.Fa "void *val_out"
.Fc
.Ft ASN1_TYPE *
.Fo d2i_ASN1_TYPE
.Fa "ASN1_TYPE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo ASN1_item_i2d
.Fa "ASN1_VALUE *val_in"
.Fa "unsigned char **der_out"
.Fa "const ASN1_ITEM *it"
.Fc
.Ft int
.Fo ASN1_item_i2d_bio
.Fa "const ASN1_ITEM *it"
.Fa "BIO *out_bio"
.Fa "void *val_in"
.Fc
.Ft int
.Fo ASN1_item_i2d_fp
.Fa "const ASN1_ITEM *it"
.Fa "FILE *out_fp"
.Fa "void *val_in"
.Fc
.Ft int
.Fo i2d_ASN1_TYPE
.Fa "ASN1_TYPE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft void *
.Fo ASN1_item_dup
.Fa "const ASN1_ITEM *it"
.Fa "void *val_in"
.Fc
.Ft int
.Fo ASN1_item_print
.Fa "BIO *out_bio"
.Fa "ASN1_VALUE *val_in"
.Fa "int indent"
.Fa "const ASN1_ITEM *it"
.Fa "const ASN1_PCTX *pctx"
.Fc
.Sh DESCRIPTION
These functions convert ASN.1 values from their BER encoding to
internal C structures
.Pq Dq d2i
and vice versa
.Pq Dq i2d .
Unlike the C structures which contain pointers to sub-objects, BER
is a serialized encoding, suitable for transfer over the network
and for storage in a file.
.Pp
.Fn ASN1_item_d2i
interpretes
.Pf * Fa der_in
as a DER- or BER-encoded byte array and decodes one value of type
.Fa it
represented by up to
.Fa length
bytes.
If successful,
.Pf * Fa der_in
is advanced to the byte following the parsed data.
.Pp
If decoding succeeds and
.Fa val_out
or
.Pf * Fa val_out
is
.Dv NULL ,
a new object is allocated.
.Pp
If decoding succeeds and
.Pf * Fa val_out
is not
.Dv NULL ,
it is assumed to point to a valid populated object and an attempt
is made to reuse it.
It must not be an empty structure such as one returned by
.Xr ASN1_item_new 3
or by one of the various type-specific
.Fn *_new
functions.
This
.Dq reuse
capability is present for backward compatibility, but its use is
strongly discouraged; see the
.Sx BUGS
section below.
.Pp
.Fn ASN1_item_d2i_bio
and
.Fn ASN1_item_d2i_fp
are similar to
.Fn ASN1_item_d2i
except that they read from a
.Vt BIO
or
.Vt FILE ,
respectively.
.Pp
.Fn d2i_ASN1_TYPE
is similar to
.Fn ASN1_item_d2i
except that it does not require a desired type to be specified by
the user, but instead returns an
.Vt ASN1_TYPE
wrapper object containing both the type and the value found in the input.
.Pp
.Fn ASN1_item_i2d
encodes the object pointed to by
.Fa val_in
into DER format.
.Pp
If
.Pf * Fa der_out
is not
.Dv NULL ,
it writes the DER-encoded data to the buffer at
.Pf * Fa der_out
and increments it to point after the data just written.
In this case, it is the responsibility of the user to make sure
that the buffer pointed to by
.Pf * Fa der_out
is long enough, such that no buffer owerflow can occur.
.Pp
If
.Pf * Fa der_out
is
.Dv NULL ,
memory is allocated for a buffer, and
.Pf * Fa der_out
is not incremented, but points to the start of the data just written.
.Pp
If
.Fa der_out
is
.Dv NULL ,
the encoded bytes are not written anywhere but discarded.
For
.Fa val_in
objects of variable encoding size, this is sometimes used to first
find the number of bytes that will be written.
Then, a sufficient amount of memory is allocated before calling
.Fn ASN1_item_i2d
again.
This explicit double-call technique is often not needed because the
auto-allocation technique described in the previous paragraph can
be used.
.Pp
.Fn ASN1_item_i2d_bio
and
.Fn ASN1_item_i2d_fp
are similar to
.Fn ASN1_item_i2d
except that they write to a
.Vt BIO
or
.Vt FILE ,
respectively.
.Pp
.Fn i2d_ASN1_TYPE
is similar to
.Fn ASN1_item_i2d
except that the type and the value are not provided separately,
but in the form of a single
.Vt ASN1_TYPE
object.
.Pp
.Fn ASN1_item_dup
creates a deep copy of
.Fa val_in
by calling
.Fn ASN1_item_i2d
and
.Fn ASN1_item_d2i .
.Sh RETURN VALUES
If successful,
.Fn ASN1_item_d2i ,
.Fn ASN1_item_d2i_bio ,
.Fn ASN1_item_d2i_fp ,
and
.Fn d2i_ASN1_TYPE
return a pointer to the decoded ASN.1 value.
In addition, if
.Fa val_out
is not
.Dv NULL ,
the pointer is also written to
.Pf * Fa val_out .
If an error occurs,
.Dv NULL
is returned.
.Pp
.Fn ASN1_item_i2d
and
.Fn i2d_ASN1_TYPE
return the number of bytes written
or a negative value if an error occurs.
.Pp
.Fn ASN1_item_i2d_bio
and
.Fn ASN1_item_i2d_fp
return 1 for success or 0 for failure.
.Pp
.Fn ASN1_item_dup
returns the new
.Vt ASN1_VALUE
object or
.Dv NULL
if an error occurs.
.Sh EXAMPLES
Many type-specific wrapper functions exist.
Using those wrappers is recommended in application code
because it restores part of the type safety that the low-level
interfaces using
.Vt ASN1_VALUE
lack.
.Pp
For example, to allocate a buffer and write the DER encoding of an
.Vt X509
object into it:
.Bd -literal -offset indent
X509		*x;
unsigned char	*buf;
int		 len;

buf = NULL;
len = i2d_X509(x, &buf);
if (len < 0)
	/* error */
.Ed
.Pp
Attempt to decode a buffer:
.Bd -literal -offset indent
X509		*x;
unsigned char	*buf, *p;
int		 len;

/* Set up buf and len to point to the input buffer. */
p = buf;
x = d2i_X509(NULL, &p, len);
if (x == NULL)
	/* error */
.Ed
.Pp
Equivalent technique:
.Bd -literal -offset indent
X509		*x;
unsigned char	*buf, *p;
int		 len;

/* Set up buf and len to point to the input buffer. */
p = buf;
x = NULL;

if (d2i_X509(&x, &p, len) == NULL)
	/* error */
.Ed
.Sh SEE ALSO
.Xr ASN1_item_new 3 ,
.Xr ASN1_TYPE_new 3
.Sh CAVEATS
If the type described by
.Fa it
fails to match the true type of
.Fa val_in
or
.Pf * Fa val_out ,
buffer overflows and segmentation faults are likely to occur.
For more details about why the type
.Vt ASN1_VALUE
constitutes dangerous user interface design, see
.Xr ASN1_item_new 3 .
.Pp
The encoded data is in binary form and may contain embedded NUL bytes.
Functions such as
.Xr strlen 3
will not return the correct length of the encoded data.
.Pp
While the way that
.Pf * Fa der_in
and
.Pf * Fa der_out
are incremented after the operation supports the typical usage
patterns of reading or writing one object after another, this
behaviour can trap the unwary.
.Pp
Using a temporary pointer into the buffer is mandatory.
A common mistake is to attempt to use a buffer directly as follows:
.Bd -literal -offset indent
X509		*x;
unsigned char	*buf;
int		 len;

len = i2d_X509(x, NULL);
buf = malloc(len);
i2d_X509(x, &buf);
/* do something with buf[] */
free(buf);
.Ed
.Pp
This code will result in
.Va buf
apparently containing garbage because it was incremented during
.Fn i2d_X509
to point after the data just written.
Also
.Va buf
will no longer contain the pointer allocated by
.Xr malloc 3
and the subsequent call to
.Xr free 3
is likely to crash.
.Pp
Another trap to avoid is misuse of the
.Fa val_out
argument:
.Bd -literal -offset indent
X509		*x;

if (d2i_X509(&x, &p, len) == NULL)
	/* error */
.Ed
.Pp
This will probably crash somewhere in
.Fn d2i_X509
because
.Va x
is uninitialized and an attempt will be made to interpret its invalid
content as an
.Vt X509
object, typically causing a segmentation violation.
If
.Va x
is set to
.Dv NULL
first, then this will not happen.
.Sh BUGS
If the
.Dq reuse
capability is used, a valid object is passed in via
.Pf * Fa val_out ,
and an error occurs, then the object is not freed and may be left
in an invalid or inconsistent state.
.Pp
In some versions of OpenSSL, the
.Dq reuse
behaviour is broken such that some parts of the reused object may
persist if they are not present in the new one.
.Pp
In many versions of OpenSSL,
.Fn ASN1_item_i2d
will not return an error if mandatory fields are not initialized
due to a programming error.
In that case, the encoded structure may contain invalid data and
some fields may be missing entirely, such that trying to parse it
with
.Fn ASN1_item_d2i
may fail.
.Pp
Any function which encodes an object may return a stale encoding
if the object has been modified after deserialization or previous
serialization.
This is because some objects cache the encoding for efficiency reasons.
Added jni/libressl/man/ASN1_item_new.3.


















































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
.\"     $OpenBSD: ASN1_item_new.3,v 1.2 2017/01/03 20:15:47 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 3 2017 $
.Dt ASN1_ITEM_NEW 3
.Os
.Sh NAME
.Nm ASN1_item_new ,
.Nm ASN1_item_free
.Nd generic ASN.1 value constructor and destructor
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_VALUE *
.Fo ASN1_item_new
.Fa "const ASN1_ITEM *it"
.Fc
.Ft void
.Fo ASN1_item_free
.Fa "ASN1_VALUE *val_in"
.Fa "const ASN1_ITEM *it"
.Fc
.Sh DESCRIPTION
.Fn ASN1_item_new
allocates and initializes an empty ASN.1 value
of the type described by the global static object
.Fa it .
.Pp
.Fn ASN1_item_free
frees an ASN.1 value of the type described by
.Fa it .
If the true type of
.Fa val_in
fails to match the specified
.Fa it ,
buffer overflows and segmentation faults are likely to occur.
It is not possible to recover the type of an
.Vt ASN1_VALUE
object by inspecting it; the type always needs to be remembered
separately.
.Pp
.Vt ASN1_VALUE
is an incomplete type, and pointers to it always require casting
to the correct complete type before they can be dereferenced.
For all practical purposes, a pointer to
.Vt ASN1_VALUE
is equivalent to a
.Vt void
pointer.
.Pp
Depending on
.Fa it ,
there are more than 150 different types that
.Fn ASN1_item_new
may return.
Most of them are pointers to structures or pointers to arrays of
structures, but there are a few exceptions, for example:
If
.Fa it
is
.Dv ASN1_NULL_it ,
.Fn ASN1_item_new
returns a specific invalid pointer representing the unique
.Vt ASN1_NULL
object.
If
.Fa it
is
.Dv ASN1_BOOLEAN_it
or
.Dv LONG_it ,
.Fn ASN1_item_new
does not return a pointer at all, but a
.Vt long
value cast to
.Vt ASN1_VALUE * .
.Sh RETURN VALUES
.Fn ASN1_item_new
returns the new
.Vt ASN1_VALUE
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ASN1_TYPE_new 3 ,
.Xr d2i_ASN1_NULL 3 ,
.Xr OBJ_nid2obj 3
.Sh BUGS
The
.Vt ASN1_VALUE
type compromises type safety and invites programming mistakes that
will typically have severe consequences.
Added jni/libressl/man/ASN1_time_parse.3.






































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
.\" $OpenBSD: ASN1_time_parse.3,v 1.3 2016/11/05 09:13:56 jmc Exp $
.\"
.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 5 2016 $
.Dt ASN1_TIME_PARSE 3
.Os
.Sh NAME
.Nm ASN1_time_parse ,
.Nm ASN1_time_tm_cmp
.Nd LibreSSL utilities for ASN.1 time types
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft int
.Fn ASN1_time_parse "const char *bytes" "size_t len" "struct tm *tm" "int mode"
.Ft int
.Fn ASN1_time_tm_cmp "struct tm *tm1" "struct tm *tm2"
.Sh DESCRIPTION
The
.Fn ASN1_time_parse
function parses an ASN.1 time string of
.Ar len
bytes starting at
.Ar bytes .
The resulting time is stored in
.Ar tm
if
.Ar tm
is not
.Dv NULL .
.Pp
The
.Ar mode
parameter must be one of
.Bl -bullet -offset four
.It
0 to parse a time as specified in RFC 5280 for an X509 object,
which may be either a UTC time or a Generalized time.
.It
.Dv V_ASN1_UTCTIME
to parse an RFC 5280 format UTC time.
.It
.Dv V_ASN1_GENERALIZEDTIME
to parse an RFC 5280 format Generalized time.
.El
.Pp
The
.Fn ASN1_time_tm_cmp
function compares two times in
.Ar tm1
and
.Ar tm2 .
.Sh RETURN VALUES
.Fn ASN1_parse_time
returns
.Bl -bullet -offset four
.It
-1 if the string was invalid for the
.Ar mode
specified.
.It
.Dv V_ASN1_UTCTIME
if the string parsed as a valid UTC time.
.It
.Dv V_ASN1_GENERALIZEDTIME
if the string parsed as a valid Generalized time.
.El
.Pp
.Fn ASN1_time_tm_cmp
returns
.Bl -bullet -offset four
.It
-1 if
.Ar tm1
is less than
.Ar tm2 .
.It
1 if
.Ar tm1
is greater than
.Ar tm2 .
.It
0 if
.Ar tm1
is the same as
.Ar tm2 .
.El
Added jni/libressl/man/AUTHORITY_KEYID_new.3.




































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
.\"	$OpenBSD: AUTHORITY_KEYID_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt AUTHORITY_KEYID_NEW 3
.Os
.Sh NAME
.Nm AUTHORITY_KEYID_new ,
.Nm AUTHORITY_KEYID_free
.Nd X.509 authority key identifier extension
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft AUTHORITY_KEYID *
.Fn AUTHORITY_KEYID_new void
.Ft void
.Fn AUTHORITY_KEYID_free "AUTHORITY_KEYID *id"
.Sh DESCRIPTION
Using the authority key identifier extension, an X.509 certificate
or certificate revocation list can specify which key pair was used
for signing it.
.Pp
.Fn AUTHORITY_KEYID_new
allocates and initializes an empty
.Vt AUTHORITY_KEYID
object, representing an ASN.1
.Vt AuthorityKeyIdentifier
structure defined in RFC 5280 section 4.2.1.1.
It can hold an issuer name, a serial number, and a key identifier.
.Pp
.Fn AUTHORITY_KEYID_free
frees
.Fa id .
.Sh RETURN VALUES
.Fn AUTHORITY_KEYID_new
returns the new
.Vt AUTHORITY_KEYID
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr GENERAL_NAMES_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.1.1: Certificate Extensions: Authority Key Identifier
.It
section 5.2.1: CRL Extensions: Authority Key Identifier
.El
Added jni/libressl/man/BASIC_CONSTRAINTS_new.3.
































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
.\"	$OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt BASIC_CONSTRAINTS_NEW 3
.Os
.Sh NAME
.Nm BASIC_CONSTRAINTS_new ,
.Nm BASIC_CONSTRAINTS_free
.Nd X.509 extension to mark CA certificates
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft BASIC_CONSTRAINTS *
.Fn BASIC_CONSTRAINTS_new void
.Ft void
.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc"
.Sh DESCRIPTION
.Fn BASIC_CONSTRAINTS_new
allocates and initializes an empty
.Vt BASIC_CONSTRAINTS
object, representing an ASN.1
.Vt BasicConstraints
structure defined in RFC 5280 section 4.2.1.9.
.Pp
This object contains two fields.
The field
.Fa "int ca"
is non-zero if the certificate is a CA certificate.
The field
.Fa "ASN1_INTEGER *pathlen"
specifies the maximum number of non-self-issued intermediate
certificates that may follow this certificate in a valid
certification path.
.Pp
If an X.509 version 3 certificate does not contain this extension
or if the
.Fa ca
field of the
.Vt BASIC_CONSTRAINTS
object is 0, or if the certificate contains a key usage extension
having the
.Dv KU_KEY_CERT_SIGN
bit unset, then it is not a CA certificate but an end entity
certificate.
.Pp
.Fn BASIC_CONSTRAINTS_free
frees
.Fa bc .
.Sh RETURN VALUES
.Fn BASIC_CONSTRAINTS_new
returns the new
.Vt BASIC_CONSTRAINTS
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.1.9: Basic Constraints
.It
section 6.1: Basic Path Validation
.El
Changes to jni/libressl/man/BF_set_key.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21










22
23
24
25
26
27
28



















































.Dd $Mdocdate: July 17 2014 $
.Dt BF_SET_KEY 3
.Os
.Sh NAME
.Nm BF_set_key ,
.Nm BF_encrypt ,
.Nm BF_decrypt ,
.Nm BF_ecb_encrypt ,
.Nm BF_cbc_encrypt ,
.Nm BF_cfb64_encrypt ,
.Nm BF_ofb64_encrypt ,
.Nm BF_options
.Nd Blowfish encryption
.Sh SYNOPSIS
.In openssl/blowfish.h
.Ft void
.Fo BF_set_key
.Fa "BF_KEY *key"
.Fa "int len"
.Fa "const unsigned char *data"
.Fc










.Ft void
.Fo BF_ecb_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "BF_KEY *key"
.Fa "int enc"
.Fc
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




















>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
.\"	$OpenBSD: BF_set_key.3,v 1.5 2016/11/11 01:20:53 schwarze Exp $
.\"	OpenSSL 99d63d46 Jul 19 09:27:53 2016 -0400
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000, 2002, 2005, 2014, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 11 2016 $
.Dt BF_SET_KEY 3
.Os
.Sh NAME
.Nm BF_set_key ,
.Nm BF_encrypt ,
.Nm BF_decrypt ,
.Nm BF_ecb_encrypt ,
.Nm BF_cbc_encrypt ,
.Nm BF_cfb64_encrypt ,
.Nm BF_ofb64_encrypt ,
.Nm BF_options
.Nd Blowfish encryption
.Sh SYNOPSIS
.In openssl/blowfish.h
.Ft void
.Fo BF_set_key
.Fa "BF_KEY *key"
.Fa "int len"
.Fa "const unsigned char *data"
.Fc
.Ft void
.Fo BF_encrypt
.Fa "BF_LONG *data"
.Fa "const BF_KEY *key"
.Fc
.Ft void
.Fo BF_decrypt
.Fa "BF_LONG *data"
.Fa "const BF_KEY *key"
.Fc
.Ft void
.Fo BF_ecb_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "BF_KEY *key"
.Fa "int enc"
.Fc
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74



75
76
77
78
79
80
81
82
83
84
85
86
87
88
.Fa "unsigned char *ivec"
.Fa "int *num"
.Fc
.Ft const char *
.Fo BF_options
.Fa void
.Fc
.Ft void
.Fo BF_encrypt
.Fa "BF_LONG *data"
.Fa "const BF_KEY *key"
.Fc
.Ft void
.Fo BF_decrypt
.Fa "BF_LONG *data"
.Fa "const BF_KEY *key"
.Fc
.Sh DESCRIPTION
This library implements the Blowfish cipher,
which was invented and described by
.An Counterpane .



.Pp
Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
It uses a variable size key, but typically, 128 bit (16 byte) keys
are considered good for strong encryption.
Blowfish can be used in the same modes as DES (see
.Xr des_modes 3 ) .
Blowfish is currently one of the faster block ciphers.
It is quite a bit faster than DES, and much faster than IDEA or RC2.
.Pp
Blowfish consists of a key setup phase
and the actual encryption or decryption phase.
.Pp
.Fn BF_set_key
sets up the







<
<
<
<
<
<
<
<
<
<


|

>
>
>

|
|

|
<
|







115
116
117
118
119
120
121










122
123
124
125
126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
.Fa "unsigned char *ivec"
.Fa "int *num"
.Fc
.Ft const char *
.Fo BF_options
.Fa void
.Fc










.Sh DESCRIPTION
This library implements the Blowfish cipher,
which was invented and defined by
.An Counterpane .
Note that applications should use higher level functions such as
.Xr EVP_EncryptInit 3
instead of calling the Blowfish functions directly.
.Pp
Blowfish is a block cipher that operates on 64-bit (8 byte) blocks of data.
It uses a variable size key, but typically, 128-bit (16 byte) keys
are considered good for strong encryption.
Blowfish can be used in the same modes as DES

and is currently one of the faster block ciphers.
It is quite a bit faster than DES, and much faster than IDEA or RC2.
.Pp
Blowfish consists of a key setup phase
and the actual encryption or decryption phase.
.Pp
.Fn BF_set_key
sets up the
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
.Fn BF_cbc_encrypt
operates on data that is a multiple of 8 bytes long, while
.Fn BF_cfb64_encrypt
and
.Fn BF_ofb64_encrypt
are used to encrypt an variable number of bytes (the amount
does not have to be an exact multiple of 8).
The purpose of the latter two is to simulate stream ciphers,
and therefore, they need the parameter
.Fa num ,
which is a pointer to an integer where the current offset in
.Fa ivec
is stored between calls.
This integer must be initialized to zero when
.Fa ivec
is initialized.
.Pp
.Fn BF_cbc_encrypt
is the Cipher Block Chaining function for Blowfish.
It encrypts or decrypts the 64 bits chunks of
.Fa in
using the key
.Fa schedule ,
putting the result in
.Fa out .
.Fa enc
decides if encryption
.Pq Dv BF_ENCRYPT
or decryption
.Pq Dv BF_DECRYPT
shall be performed.
.Fa ivec
must point at an 8 byte long initialization vector.
.Pp
.Fn BF_cfb64_encrypt
is the CFB mode for Blowfish with 64 bit feedback.
It encrypts or decrypts the bytes in
.Fa in
using the key
.Fa schedule ,
putting the result in
.Fa out .
.Fa enc
decides if encryption
.Pq Dv BF_ENCRYPT
or decryption
.Pq Dv BF_DECRYPT
shall be performed.
.Fa ivec
must point at an
8 byte long initialization vector.
.Fa num
must point at an integer which must be initially zero.
.Pp
.Fn BF_ofb64_encrypt
is the OFB mode for Blowfish with 64 bit feedback.
It uses the same parameters as
.Fn BF_cfb64_encrypt ,
which must be initialized the same way.
.Pp
.Fn BF_encrypt
and
.Fn BF_decrypt
are the lowest level functions for Blowfish encryption.
They encrypt/decrypt the first 64 bits of the vector pointed by
.Fa data ,
using the key
.Fa key .
These functions should not be used unless you implement 'modes' of Blowfish.
The alternative is to use
.Fn BF_ecb_encrypt .
If you still want to use these functions, you should be aware
that they take each 32-bit chunk in host-byte order,
which is little-endian on little-endian platforms
and big-endian on big-endian ones.
.Sh RETURN VALUES
None of the functions presented here return any value.
.Sh NOTE
Applications should use the higher level functions
.Xr EVP_EncryptInit 3
etc. instead of calling the blowfish functions directly.
.Sh HISTORY
The Blowfish functions are available in all versions of SSLeay and OpenSSL.







|
|










|












|


|














|




|












|


<
|


<
<
<
<
<
<


186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

257
258
259






260
261
.Fn BF_cbc_encrypt
operates on data that is a multiple of 8 bytes long, while
.Fn BF_cfb64_encrypt
and
.Fn BF_ofb64_encrypt
are used to encrypt an variable number of bytes (the amount
does not have to be an exact multiple of 8).
The purpose of the latter two is to simulate stream ciphers and,
therefore, they need the parameter
.Fa num ,
which is a pointer to an integer where the current offset in
.Fa ivec
is stored between calls.
This integer must be initialized to zero when
.Fa ivec
is initialized.
.Pp
.Fn BF_cbc_encrypt
is the Cipher Block Chaining function for Blowfish.
It encrypts or decrypts the 64-bit chunks of
.Fa in
using the key
.Fa schedule ,
putting the result in
.Fa out .
.Fa enc
decides if encryption
.Pq Dv BF_ENCRYPT
or decryption
.Pq Dv BF_DECRYPT
shall be performed.
.Fa ivec
must point at an 8-byte long initialization vector.
.Pp
.Fn BF_cfb64_encrypt
is the CFB mode for Blowfish with 64-bit feedback.
It encrypts or decrypts the bytes in
.Fa in
using the key
.Fa schedule ,
putting the result in
.Fa out .
.Fa enc
decides if encryption
.Pq Dv BF_ENCRYPT
or decryption
.Pq Dv BF_DECRYPT
shall be performed.
.Fa ivec
must point at an
8-byte long initialization vector.
.Fa num
must point at an integer which must be initially zero.
.Pp
.Fn BF_ofb64_encrypt
is the OFB mode for Blowfish with 64-bit feedback.
It uses the same parameters as
.Fn BF_cfb64_encrypt ,
which must be initialized the same way.
.Pp
.Fn BF_encrypt
and
.Fn BF_decrypt
are the lowest level functions for Blowfish encryption.
They encrypt/decrypt the first 64 bits of the vector pointed by
.Fa data ,
using the key
.Fa key .
These functions should not be used unless implementing `modes' of Blowfish.
The alternative is to use
.Fn BF_ecb_encrypt .

Be aware that these functions take each 32-bit chunk in host-byte order,
which is little-endian on little-endian platforms
and big-endian on big-endian ones.






.Sh HISTORY
The Blowfish functions are available in all versions of SSLeay and OpenSSL.
Deleted jni/libressl/man/BIO.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
.Dd $Mdocdate: July 17 2014 $
.Dt BIO 3
.Os
.Sh NAME
.Nm BIO
.Nd I/O abstraction
.Sh SYNOPSIS
.In openssl/bio.h
.Sh DESCRIPTION
A BIO is an I/O abstraction,
it hides many of the underlying I/O details from an application.
If an application uses a BIO for its I/O, it can transparently handle
SSL connections, unencrypted network connections and file I/O.
.Pp
There are two types of BIO, a source/sink BIO and a filter BIO.
.Pp
As its name implies, a source/sink BIO is a source and/or sink of data,
examples include a socket BIO and a file BIO.
.Pp
A filter BIO takes data from one BIO and passes it through
to another, or to the application.
The data may be left unmodified (for example a message digest BIO)
or translated (for example an encryption BIO).
The effect of a filter BIO may change according to the I/O operation
it is performing: for example an encryption BIO will encrypt data
if it is being written to and decrypt data if it is being read from.
.Pp
BIOs can be joined together to form a chain
(a single BIO is a chain with one component).
A chain normally consist of one source/sink BIO
and one or more filter BIOs.
Data read from or written to the first BIO then traverses the chain
to the end (normally a source/sink BIO).
.Sh SEE ALSO
.Xr BIO_ctrl 3 ,
.Xr BIO_f_base64 3 ,
.Xr BIO_f_buffer 3 ,
.Xr BIO_f_cipher 3 ,
.Xr BIO_f_md 3 ,
.Xr BIO_f_null 3 ,
.Xr BIO_f_ssl 3 ,
.Xr BIO_find_type 3 ,
.Xr BIO_new 3 ,
.Xr BIO_new_bio_pair 3 ,
.Xr BIO_push 3 ,
.Xr BIO_read 3 ,
.Xr BIO_s_accept 3 ,
.Xr BIO_s_bio 3 ,
.Xr BIO_s_connect 3 ,
.Xr BIO_s_fd 3 ,
.Xr BIO_s_file 3 ,
.Xr BIO_s_mem 3 ,
.Xr BIO_s_null 3 ,
.Xr BIO_s_socket 3 ,
.Xr BIO_set_callback 3 ,
.Xr BIO_should_retry 3
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















































































































Changes to jni/libressl/man/BIO_ctrl.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_CTRL 3
.Os
.Sh NAME
.Nm BIO_ctrl ,
.Nm BIO_callback_ctrl ,
.Nm BIO_ptr_ctrl ,
.Nm BIO_int_ctrl ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BIO_ctrl.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL b055fceb Thu Oct 20 09:56:18 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_CTRL 3
.Os
.Sh NAME
.Nm BIO_ctrl ,
.Nm BIO_callback_ctrl ,
.Nm BIO_ptr_ctrl ,
.Nm BIO_int_ctrl ,
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
.Fa "long larg"
.Fa "void *parg"
.Fc
.Ft long
.Fo BIO_callback_ctrl
.Fa "BIO *b"
.Fa "int cmd"
.Fa "void (*fp)(struct bio_st *, int, const char *, int, long, long)"
.Fc
.Ft char *
.Fo BIO_ptr_ctrl
.Fa "BIO *bp"
.Fa "int cmd"
.Fa "long larg"
.Fc







|







79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
.Fa "long larg"
.Fa "void *parg"
.Fc
.Ft long
.Fo BIO_callback_ctrl
.Fa "BIO *b"
.Fa "int cmd"
.Fa "bio_info_cb cb"
.Fc
.Ft char *
.Fo BIO_ptr_ctrl
.Fa "BIO *bp"
.Fa "int cmd"
.Fa "long larg"
.Fc
116
117
118
119
120
121
122
123
124
125

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
.Sh DESCRIPTION
.Fn BIO_ctrl ,
.Fn BIO_callback_ctrl ,
.Fn BIO_ptr_ctrl ,
and
.Fn BIO_int_ctrl
are BIO "control" operations taking arguments of various types.
These functions are not normally called directly,
various macros are used instead.
The standard macros are described below, macros specific to a

particular type of BIO are described in the specific BIO's manual
page as well as any special features of the standard calls.
.Pp
.Fn BIO_reset
typically resets a BIO to some initial state, in the case
of file related BIOs for example it rewinds the file pointer
to the start of the file.
.Pp
.Fn BIO_seek
resets a file related BIO's (that is file descriptor and
FILE BIOs) file position pointer to
.Fa ofs
bytes from start of file.
.Pp
.Fn BIO_tell
returns the current file position of a file related BIO.
.Pp
.Fn BIO_flush
normally writes out any internally buffered data, in some cases
it is used to signal EOF and that no more data will be written.
.Pp
.Fn BIO_eof
returns 1 if the BIO has read EOF, the precise meaning of
"EOF" varies according to the BIO type.
.Pp
.Fn BIO_set_close
sets the BIO
.Fa b
close flag to
.Fa flag .
.Fa flag







|

|
>
|
|


|
|
|











|
|


|
|







166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
.Sh DESCRIPTION
.Fn BIO_ctrl ,
.Fn BIO_callback_ctrl ,
.Fn BIO_ptr_ctrl ,
and
.Fn BIO_int_ctrl
are BIO "control" operations taking arguments of various types.
These functions are not normally called directly -
various macros are used instead.
The standard macros are described below.
Macros specific to a particular type of BIO
are described in the specific BIO's manual page
as well as any special features of the standard calls.
.Pp
.Fn BIO_reset
typically resets a BIO to some initial state.
In the case of file related BIOs, for example,
it rewinds the file pointer to the start of the file.
.Pp
.Fn BIO_seek
resets a file related BIO's (that is file descriptor and
FILE BIOs) file position pointer to
.Fa ofs
bytes from start of file.
.Pp
.Fn BIO_tell
returns the current file position of a file related BIO.
.Pp
.Fn BIO_flush
normally writes out any internally buffered data.
In some cases it is used to signal EOF and that no more data will be written.
.Pp
.Fn BIO_eof
returns 1 if the BIO has read EOF.
The precise meaning of "EOF" varies according to the BIO type.
.Pp
.Fn BIO_set_close
sets the BIO
.Fa b
close flag to
.Fa flag .
.Fa flag
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
return the number of pending characters in the BIO's read and write buffers.
Not all BIOs support these calls.
.Fn BIO_ctrl_pending
and
.Fn BIO_ctrl_wpending
return a
.Vt size_t
type and are functions,
.Fn BIO_pending
and
.Fn BIO_wpending
are macros which call
.Fn BIO_ctrl .
.Sh RETURN VALUES
.Fn BIO_reset
normally returns 1 for success and 0 or -1 for failure.
File BIOs are an exception, they return 0 for success and -1 for failure.
.Pp
.Fn BIO_seek
and
.Fn BIO_tell
both return the current file position on success
and -1 for failure, except file BIOs which for
.Fn BIO_seek
always return 0 for success and -1 for failure.
.Pp
.Fn BIO_flush
returns 1 for success and 0 or -1 for failure.
.Pp
.Fn BIO_eof
returns 1 if EOF has been reached 0 otherwise.
.Pp
.Fn BIO_set_close
always returns 1.
.Pp
.Fn BIO_get_close
returns the close flag value
.Dv BIO_CLOSE







|








|













|







225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
return the number of pending characters in the BIO's read and write buffers.
Not all BIOs support these calls.
.Fn BIO_ctrl_pending
and
.Fn BIO_ctrl_wpending
return a
.Vt size_t
type and are functions.
.Fn BIO_pending
and
.Fn BIO_wpending
are macros which call
.Fn BIO_ctrl .
.Sh RETURN VALUES
.Fn BIO_reset
normally returns 1 for success and 0 or -1 for failure.
File BIOs are an exception, returning 0 for success and -1 for failure.
.Pp
.Fn BIO_seek
and
.Fn BIO_tell
both return the current file position on success
and -1 for failure, except file BIOs which for
.Fn BIO_seek
always return 0 for success and -1 for failure.
.Pp
.Fn BIO_flush
returns 1 for success and 0 or -1 for failure.
.Pp
.Fn BIO_eof
returns 1 if EOF has been reached or 0 otherwise.
.Pp
.Fn BIO_set_close
always returns 1.
.Pp
.Fn BIO_get_close
returns the close flag value
.Dv BIO_CLOSE
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257


258
259
260
261
262
263
264
.Fn BIO_ctrl_wpending
return the amount of pending data.
.Sh NOTES
Because it can write data,
.Fn BIO_flush
may return 0 or -1 indicating that the call should be retried later
in a similar manner to
.Fn BIO_write .
The
.Fn BIO_should_retry
call should be used and appropriate action taken is the call fails.
.Pp
The return values of
.Fn BIO_pending
and
.Fn BIO_wpending
may not reliably determine the amount of pending data in all cases.
For example in the case of a file BIO some data may be available in the
.Vt FILE
structure's internal buffers but it is not possible
to determine this in a portably way.
For other types of BIO they may not be supported.
.Pp
If they do not internally handle a particular
.Fn BIO_ctrl
operation, filter BIOs usually pass the operation
to the next BIO in the chain.
This often means there is no need to locate the required BIO for
a particular operation, it can be called on a chain and it will
be automatically passed to the relevant BIO.
However this can cause unexpected results:
for example no current filter BIOs implement
.Fn BIO_seek ,
but this may still succeed if the chain ends
in a FILE or file descriptor BIO.
.Pp
Source/sink BIOs return an 0 if they do not recognize the
.Fn BIO_ctrl
operation.


.Sh BUGS
Some of the return values are ambiguous and care should be taken.
In particular a return value of 0 can be returned if an operation
is not supported, if an error occurred, if EOF has not been reached
and in the case of
.Fn BIO_seek
on a file BIO for a successful operation.







|

|
|









|







|

|
|







>
>







270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
.Fn BIO_ctrl_wpending
return the amount of pending data.
.Sh NOTES
Because it can write data,
.Fn BIO_flush
may return 0 or -1 indicating that the call should be retried later
in a similar manner to
.Xr BIO_write 3 .
The
.Xr BIO_should_retry 3
call should be used and appropriate action taken if the call fails.
.Pp
The return values of
.Fn BIO_pending
and
.Fn BIO_wpending
may not reliably determine the amount of pending data in all cases.
For example in the case of a file BIO some data may be available in the
.Vt FILE
structure's internal buffers but it is not possible
to determine this in a portable way.
For other types of BIO they may not be supported.
.Pp
If they do not internally handle a particular
.Fn BIO_ctrl
operation, filter BIOs usually pass the operation
to the next BIO in the chain.
This often means there is no need to locate the required BIO for
a particular operation: it can be called on a chain and it will
be automatically passed to the relevant BIO.
However this can cause unexpected results.
For example no current filter BIOs implement
.Fn BIO_seek ,
but this may still succeed if the chain ends
in a FILE or file descriptor BIO.
.Pp
Source/sink BIOs return an 0 if they do not recognize the
.Fn BIO_ctrl
operation.
.Sh SEE ALSO
.Xr BIO_new 3
.Sh BUGS
Some of the return values are ambiguous and care should be taken.
In particular a return value of 0 can be returned if an operation
is not supported, if an error occurred, if EOF has not been reached
and in the case of
.Fn BIO_seek
on a file BIO for a successful operation.
Changes to jni/libressl/man/BIO_f_base64.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_F_BASE64 3
.Os
.Sh NAME
.Nm BIO_f_base64
.Nd base64 BIO filter
.Sh SYNOPSIS
.In openssl/bio.h
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BIO_f_base64.3,v 1.7 2017/01/06 03:45:57 schwarze Exp $
.\"	OpenSSL fc1d88f0 Wed Jul 2 22:42:40 2014 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2003, 2005, 2014 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt BIO_F_BASE64 3
.Os
.Sh NAME
.Nm BIO_f_base64
.Nd base64 BIO filter
.Sh SYNOPSIS
.In openssl/bio.h
23
24
25
26
27
28
29
30
31
32
33
34
35



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74


75
76
77
78
79
80
.Xr BIO_puts 3 .
.Pp
.Xr BIO_flush 3
on a base64 BIO that is being written through
is used to signal that no more data is to be encoded:
this is used to flush the final block through the BIO.
.Pp
The flag
.Dv BIO_FLAGS_BASE64_NO_NL
can be set with
.Xr BIO_set_flags 3
to encode the data all on one line
or expect the data to be all on one line.



.Sh NOTES
Because of the format of base64 encoding the end of the encoded
block cannot always be reliably determined.
.Sh RETURN VALUES
.Fn BIO_f_base64
returns the base64 BIO method.
.Sh EXAMPLES
Base64 encode the string "Hello World\en"
and write the result to standard output:
.Bd -literal -offset indent
BIO *bio, *b64;
char message[] = "Hello World \en";

b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
BIO_write(b64, message, strlen(message));
BIO_flush(b64);

BIO_free_all(b64);
.Ed
.Pp
Read Base64 encoded data from standard input
and write the decoded data to standard output:
.Bd -literal -offset indent
BIO *bio, *b64, *bio_out;
char inbuf[512];
int inlen;

b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
while((inlen = BIO_read(b64, inbuf, 512)) > 0)
	BIO_write(bio_out, inbuf, inlen);

BIO_flush(bio_out);
BIO_free_all(b64);
.Ed


.Sh BUGS
The ambiguity of EOF in base64 encoded data can cause additional
data following the base64 encoded block to be misinterpreted.
.Pp
There should be some way of specifying a test that the BIO can perform
to reliably determine EOF (for example a MIME boundary).







<
<
<
<
|
|
>
>
>
|
<
<



















|
















>
>

|
|



74
75
76
77
78
79
80




81
82
83
84
85
86


87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
.Xr BIO_puts 3 .
.Pp
.Xr BIO_flush 3
on a base64 BIO that is being written through
is used to signal that no more data is to be encoded:
this is used to flush the final block through the BIO.
.Pp




To encode the data all on one line and to expect the data to be all
on one line, initialize the base64 BIO as follows:
.Bd -literal -offset indent
BIO *b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
.Ed


.Sh RETURN VALUES
.Fn BIO_f_base64
returns the base64 BIO method.
.Sh EXAMPLES
Base64 encode the string "Hello World\en"
and write the result to standard output:
.Bd -literal -offset indent
BIO *bio, *b64;
char message[] = "Hello World \en";

b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
BIO_write(b64, message, strlen(message));
BIO_flush(b64);

BIO_free_all(b64);
.Ed
.Pp
Read Base64-encoded data from standard input
and write the decoded data to standard output:
.Bd -literal -offset indent
BIO *bio, *b64, *bio_out;
char inbuf[512];
int inlen;

b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
while((inlen = BIO_read(b64, inbuf, 512)) > 0)
	BIO_write(bio_out, inbuf, inlen);

BIO_flush(bio_out);
BIO_free_all(b64);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
.Sh BUGS
The ambiguity of EOF in base64-encoded data can cause additional
data following the base64-encoded block to be misinterpreted.
.Pp
There should be some way of specifying a test that the BIO can perform
to reliably determine EOF (for example a MIME boundary).
Changes to jni/libressl/man/BIO_f_buffer.3.
1

2
















































3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22


23

24


25

26


27

28

29
30


31
32
33
34
35
36
37
38
.\"	$OpenBSD$

.\"
















































.Dd $Mdocdate: September 9 2015 $
.Dt BIO_F_BUFFER 3
.Os
.Sh NAME
.Nm BIO_f_buffer ,
.Nm BIO_get_buffer_num_lines ,
.Nm BIO_set_read_buffer_size ,
.Nm BIO_set_write_buffer_size ,
.Nm BIO_set_buffer_size ,
.Nm BIO_set_buffer_read_data
.Nd buffering BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_f_buffer
.Fa void
.Fc
.Bd -literal
#define	BIO_get_buffer_num_lines(b) \e
	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)


#define	BIO_set_read_buffer_size(b,size) \e

	BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)


#define	BIO_set_write_buffer_size(b,size) \e

	BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)


#define	BIO_set_buffer_size(b,size) \e

	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)

#define	BIO_set_buffer_read_data(b,buf,num) \e
	BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)


.Ed
.Sh DESCRIPTION
.Fn BIO_f_buffer
returns the buffering BIO method.
.Pp
Data written to a buffering BIO is buffered and periodically written
to the next BIO in the chain.
Data read from a buffering BIO comes from an internal buffer
|
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
















|
|
|
>
>
|
>
|
>
>
|
>
|
>
>
|
>
|
>
|
|
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
.\"	$OpenBSD: BIO_f_buffer.3,v 1.6 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2010, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_F_BUFFER 3
.Os
.Sh NAME
.Nm BIO_f_buffer ,
.Nm BIO_get_buffer_num_lines ,
.Nm BIO_set_read_buffer_size ,
.Nm BIO_set_write_buffer_size ,
.Nm BIO_set_buffer_size ,
.Nm BIO_set_buffer_read_data
.Nd buffering BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_f_buffer
.Fa void
.Fc
.Ft long
.Fo BIO_get_buffer_num_lines
.Fa "BIO *b"
.Fc
.Ft long
.Fo BIO_set_read_buffer_size
.Fa "BIO *b"
.Fa "long size"
.Fc
.Ft long
.Fo BIO_set_write_buffer_size
.Fa "BIO *b"
.Fa "long size"
.Fc
.Ft long
.Fo BIO_set_buffer_size
.Fa "BIO *b"
.Fa "long size"
.Fc
.Fo BIO_set_buffer_read_data
.Fa "BIO *b"
.Fa "void *buf"
.Fa "long num"
.Fc
.Sh DESCRIPTION
.Fn BIO_f_buffer
returns the buffering BIO method.
.Pp
Data written to a buffering BIO is buffered and periodically written
to the next BIO in the chain.
Data read from a buffering BIO comes from an internal buffer
68
69
70
71
72
73
74
75




76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
clears the read buffer and fills it with
.Fa num
bytes of
.Fa buf .
If
.Fa num
is larger than the current buffer size the buffer is expanded.
.Sh NOTES




Buffering BIOs implement
.Xr BIO_gets 3
by using
.Xr BIO_read 3
operations on the next BIO in the chain.
By prepending a buffering BIO to a chain
it is therefore possible to provide
.Xr BIO_gets 3
functionality if the following BIOs do not support it (for example SSL BIOs).
.Pp
Data is only written to the next BIO in the chain
when the write buffer fills or when
.Xr BIO_flush 3
is called.
It is therefore important to call
.Xr BIO_flush 3
whenever any pending data should be written
such as when removing a buffering BIO using
.Xr BIO_pop 3 .
.Xr BIO_flush 3
may need to be retried if the ultimate source/sink BIO is non blocking.
.Sh RETURN VALUES
.Fn BIO_f_buffer
returns the buffering BIO method.
.Pp
.Fn BIO_get_buffer_num_lines
returns the number of lines buffered (may be 0).
.Pp
.Fn BIO_set_read_buffer_size ,
.Fn BIO_set_write_buffer_size ,
and
.Fn BIO_set_buffer_size
return 1 if the buffer was successfully resized or 0 for failure.
.Pp
.Fn BIO_set_buffer_read_data
returns 1 if the data was set correctly or 0 if there was an error.
.Sh SEE ALSO
.Xr BIO 3 ,
.Xr BIO_ctrl 3 ,
.Xr BIO_flush 3 ,

.Xr BIO_pop 3 ,
.Xr BIO_reset 3







|
>
>
>
>






|

|











|
















<


>


129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

178
179
180
181
182
clears the read buffer and fills it with
.Fa num
bytes of
.Fa buf .
If
.Fa num
is larger than the current buffer size the buffer is expanded.
.Pp
Except
.Fn BIO_f_buffer ,
these functions are implemented as macros.
.Pp
Buffering BIOs implement
.Xr BIO_gets 3
by using
.Xr BIO_read 3
operations on the next BIO in the chain.
By prepending a buffering BIO to a chain
it is therefore possible to provide the functionality of
.Xr BIO_gets 3
if the following BIOs do not support it (for example SSL BIOs).
.Pp
Data is only written to the next BIO in the chain
when the write buffer fills or when
.Xr BIO_flush 3
is called.
It is therefore important to call
.Xr BIO_flush 3
whenever any pending data should be written
such as when removing a buffering BIO using
.Xr BIO_pop 3 .
.Xr BIO_flush 3
may need to be retried if the ultimate source/sink BIO is non-blocking.
.Sh RETURN VALUES
.Fn BIO_f_buffer
returns the buffering BIO method.
.Pp
.Fn BIO_get_buffer_num_lines
returns the number of lines buffered (may be 0).
.Pp
.Fn BIO_set_read_buffer_size ,
.Fn BIO_set_write_buffer_size ,
and
.Fn BIO_set_buffer_size
return 1 if the buffer was successfully resized or 0 for failure.
.Pp
.Fn BIO_set_buffer_read_data
returns 1 if the data was set correctly or 0 if there was an error.
.Sh SEE ALSO

.Xr BIO_ctrl 3 ,
.Xr BIO_flush 3 ,
.Xr BIO_new 3 ,
.Xr BIO_pop 3 ,
.Xr BIO_reset 3
Changes to jni/libressl/man/BIO_f_cipher.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_F_CIPHER 3
.Os
.Sh NAME
.Nm BIO_f_cipher ,
.Nm BIO_set_cipher ,
.Nm BIO_get_cipher_status ,
.Nm BIO_get_cipher_ctx
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BIO_f_cipher.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2003, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_F_CIPHER 3
.Os
.Sh NAME
.Nm BIO_f_cipher ,
.Nm BIO_set_cipher ,
.Nm BIO_get_cipher_status ,
.Nm BIO_get_cipher_ctx
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
.Xr BIO_ctrl 3
macro which retrieves the internal BIO cipher context.
The retrieved context can be used in conjunction
with the standard cipher routines to set it up.
This is useful when
.Fn BIO_set_cipher
is not flexible enough for the applications needs.
.Sh NOTES
When encrypting,
.Xr BIO_flush 3
must be called to flush the final block through the BIO.
If it is not, then the final block will fail a subsequent decrypt.
.Pp
When decrypting, an error on the final block is signalled
by a zero return value from the read operation.







|







128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
.Xr BIO_ctrl 3
macro which retrieves the internal BIO cipher context.
The retrieved context can be used in conjunction
with the standard cipher routines to set it up.
This is useful when
.Fn BIO_set_cipher
is not flexible enough for the applications needs.
.Pp
When encrypting,
.Xr BIO_flush 3
must be called to flush the final block through the BIO.
If it is not, then the final block will fail a subsequent decrypt.
.Pp
When decrypting, an error on the final block is signalled
by a zero return value from the read operation.
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114


.Xr BIO_puts 3
support is needed, then it can be achieved
by preceding the cipher BIO with a buffering BIO.
.Sh RETURN VALUES
.Fn BIO_f_cipher
returns the cipher BIO method.
.Pp
.Fn BIO_set_cipher
does not return a value.
.Pp
.Fn BIO_get_cipher_status
returns 1 for a successful decrypt and 0 for failure.
.Pp
.Fn BIO_get_cipher_ctx
currently always returns 1.









<
<
<





>
>
151
152
153
154
155
156
157



158
159
160
161
162
163
164
.Xr BIO_puts 3
support is needed, then it can be achieved
by preceding the cipher BIO with a buffering BIO.
.Sh RETURN VALUES
.Fn BIO_f_cipher
returns the cipher BIO method.
.Pp



.Fn BIO_get_cipher_status
returns 1 for a successful decrypt and 0 for failure.
.Pp
.Fn BIO_get_cipher_ctx
currently always returns 1.
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_f_md.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_F_MD 3
.Os
.Sh NAME
.Nm BIO_f_md ,
.Nm BIO_set_md ,
.Nm BIO_get_md ,
.Nm BIO_get_md_ctx
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BIO_f_md.3,v 1.7 2017/01/07 08:46:13 jmc Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2006, 2009, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt BIO_F_MD 3
.Os
.Sh NAME
.Nm BIO_f_md ,
.Nm BIO_set_md ,
.Nm BIO_get_md ,
.Nm BIO_get_md_ctx
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
.Fa "EVP_MD_CTX **mdcp"
.Fc
.Sh DESCRIPTION
.Fn BIO_f_md
returns the message digest BIO method.
This is a filter BIO that digests any data passed through it.
It is a BIO wrapper for the digest routines
.Fn EVP_DigestInit ,
.Fn EVP_DigestUpdate ,
and
.Fn EVP_DigestFinal .
.Pp
Any data written or read through a digest BIO using
.Xr BIO_read 3
and
.Xr BIO_write 3
is digested.
.Pp







|
|

|







81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
.Fa "EVP_MD_CTX **mdcp"
.Fc
.Sh DESCRIPTION
.Fn BIO_f_md
returns the message digest BIO method.
This is a filter BIO that digests any data passed through it.
It is a BIO wrapper for the digest routines
.Xr EVP_DigestInit 3 ,
.Xr EVP_DigestUpdate 3 ,
and
.Xr EVP_DigestFinal 3 .
.Pp
Any data written or read through a digest BIO using
.Xr BIO_read 3
and
.Xr BIO_write 3
is digested.
.Pp
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
this must be called to initialize a digest BIO
before any data is passed through it.
It is a
.Xr BIO_ctrl 3
macro.
.Pp
.Fn BIO_get_md
places the a pointer to the digest BIOs digest method in
.Fa mdp .
It is a
.Xr BIO_ctrl 3
macro.
.Pp
.Fn BIO_get_md_ctx
returns the digest BIOs context in
.Fa mdcp .
.Sh NOTES
The context returned by
.Fn BIO_get_md_ctx
can be used in calls to
.Xr EVP_DigestFinal 3
and also in the signature routines
.Xr EVP_SignFinal 3
and







|








|







116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
this must be called to initialize a digest BIO
before any data is passed through it.
It is a
.Xr BIO_ctrl 3
macro.
.Pp
.Fn BIO_get_md
places a pointer to the digest BIOs digest method in
.Fa mdp .
It is a
.Xr BIO_ctrl 3
macro.
.Pp
.Fn BIO_get_md_ctx
returns the digest BIOs context in
.Fa mdcp .
.Pp
The context returned by
.Fn BIO_get_md_ctx
can be used in calls to
.Xr EVP_DigestFinal 3
and also in the signature routines
.Xr EVP_SignFinal 3
and
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
If an application needs to call
.Xr BIO_gets 3
or
.Xr BIO_puts 3
through a chain containing digest BIOs,
then this can be done by prepending a buffering BIO.
.Pp
Before OpenSSL 1.0.0 the call to
.Fn BIO_get_md_ctx
would only work if the BIO had been initialized for example by calling
.Fn BIO_set_md .
In OpenSSL 1.0.0 and later the context is always returned
and the BIO is state is set to initialized.
This allows applications to initialize the context externally
if the standard calls such as
.Fn BIO_set_md
are not sufficiently flexible.
.Sh RETURN VALUES
.Fn BIO_f_md
returns the digest BIO method.
.Pp
.Fn BIO_set_md ,
.Fn BIO_get_md ,
and
.Fn BIO_get_md_ctx
return 1 for success and 0 for failure.
.Sh EXAMPLES
The following example creates a BIO chain containing an SHA1 and MD5
digest BIO and passes the string "Hello World" through it.
Error checking has been omitted for clarity.
.Bd -literal -offset 2n
BIO *bio, *mdtmp;
const char message[] = "Hello World";
bio = BIO_new(BIO_s_null());
mdtmp = BIO_new(BIO_f_md());







|

|
|
<
|














|







155
156
157
158
159
160
161
162
163
164
165

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
If an application needs to call
.Xr BIO_gets 3
or
.Xr BIO_puts 3
through a chain containing digest BIOs,
then this can be done by prepending a buffering BIO.
.Pp
Calling
.Fn BIO_get_md_ctx
will return the context and initialize the
.Vt BIO

state.
This allows applications to initialize the context externally
if the standard calls such as
.Fn BIO_set_md
are not sufficiently flexible.
.Sh RETURN VALUES
.Fn BIO_f_md
returns the digest BIO method.
.Pp
.Fn BIO_set_md ,
.Fn BIO_get_md ,
and
.Fn BIO_get_md_ctx
return 1 for success and 0 for failure.
.Sh EXAMPLES
The following example creates a BIO chain containing a SHA-1 and MD5
digest BIO and passes the string "Hello World" through it.
Error checking has been omitted for clarity.
.Bd -literal -offset 2n
BIO *bio, *mdtmp;
const char message[] = "Hello World";
bio = BIO_new(BIO_s_null());
mdtmp = BIO_new(BIO_f_md());
189
190
191
192
193
194
195









196
197
198
199
200
201
202
203
204
205
206
207
208
209
	for(i = 0; i < mdlen; i++)
		printf(":%02X", mdbuf[i]);
	printf("\en");
	mdtmp = BIO_next(mdtmp);
} while(mdtmp);
BIO_free_all(bio);
.Ed









.Sh BUGS
The lack of support for
.Xr BIO_puts 3
and the non standard behaviour of
.Xr BIO_gets 3
could be regarded as anomalous.
It could be argued that
.Xr BIO_gets 3
and
.Xr BIO_puts 3
should be passed to the next BIO in the chain and digest the data
passed through and that digests should be retrieved using a separate
.Xr BIO_ctrl 3
call.







>
>
>
>
>
>
>
>
>



|










239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
	for(i = 0; i < mdlen; i++)
		printf(":%02X", mdbuf[i]);
	printf("\en");
	mdtmp = BIO_next(mdtmp);
} while(mdtmp);
BIO_free_all(bio);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
.Sh HISTORY
Before OpenSSL 1.0.0, the call to
.Fn BIO_get_md_ctx
would only work if the
.Vt BIO
had been initialized, for example by calling
.Fn BIO_set_md .
.Sh BUGS
The lack of support for
.Xr BIO_puts 3
and the non-standard behaviour of
.Xr BIO_gets 3
could be regarded as anomalous.
It could be argued that
.Xr BIO_gets 3
and
.Xr BIO_puts 3
should be passed to the next BIO in the chain and digest the data
passed through and that digests should be retrieved using a separate
.Xr BIO_ctrl 3
call.
Changes to jni/libressl/man/BIO_f_null.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

17
18
19
20
21
22
23
24
25




















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_F_NULL 3
.Os
.Sh NAME
.Nm BIO_f_null
.Nd null filter
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_f_null
.Fa void
.Fc
.Sh DESCRIPTION
.Fn BIO_f_null
returns the null filter BIO method.
This is a filter BIO that does nothing.

.Pp
All requests to a null filter BIO are passed through to the next BIO
in the chain: this means that a BIO chain containing a null filter BIO
behaves just as though the BIO was not there.
.Sh NOTES
As may be apparent, a null filter BIO is not particularly useful.
.Sh RETURN VALUES
.Fn BIO_f_null
returns the null filter BIO method.


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|















>




<
<



>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71


72
73
74
75
76
.\"	$OpenBSD: BIO_f_null.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL e117a890 Sep 14 12:14:41 2000 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_F_NULL 3
.Os
.Sh NAME
.Nm BIO_f_null
.Nd null filter
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_f_null
.Fa void
.Fc
.Sh DESCRIPTION
.Fn BIO_f_null
returns the null filter BIO method.
This is a filter BIO that does nothing.
As may be apparent, a null filter BIO is not particularly useful.
.Pp
All requests to a null filter BIO are passed through to the next BIO
in the chain: this means that a BIO chain containing a null filter BIO
behaves just as though the BIO was not there.


.Sh RETURN VALUES
.Fn BIO_f_null
returns the null filter BIO method.
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_f_ssl.3.


1
2



3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: BIO_f_ssl.3,v 1.3 2015/06/18 22:51:05 doug Exp $



.\"












































.Dd $Mdocdate: June 18 2015 $
.Dt BIO_F_SSL 3
.Os
.Sh NAME
.Nm BIO_f_ssl ,
.Nm BIO_set_ssl ,
.Nm BIO_get_ssl ,
.Nm BIO_set_ssl_mode ,
>
>

<
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BIO_f_ssl.3,v 1.3 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2003, 2009, 2014-2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt BIO_F_SSL 3
.Os
.Sh NAME
.Nm BIO_f_ssl ,
.Nm BIO_set_ssl ,
.Nm BIO_get_ssl ,
.Nm BIO_set_ssl_mode ,
20
21
22
23
24
25
26

27





28




29




30
31




32

33


34
35

36
37
38
39
40
41
42
43
44
45

46
47
48
49
50
51
52
53
.Nm BIO_do_handshake
.Nd SSL BIO
.Sh SYNOPSIS
.In openssl/bio.h
.In openssl/ssl.h
.Ft BIO_METHOD *
.Fn BIO_f_ssl void

.Fd #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)





.Fd #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)




.Fd #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)




.Fd #define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)




.Fd #define BIO_set_ssl_renegotiate_timeout(b,seconds) \

BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)


.Fd #define BIO_get_num_renegotiates(b) \
BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL)

.Ft BIO *
.Fn BIO_new_ssl "SSL_CTX *ctx" "int client"
.Ft BIO *
.Fn BIO_new_ssl_connect "SSL_CTX *ctx"
.Ft BIO *
.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx"
.Ft int
.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from"
.Ft void
.Fn BIO_ssl_shutdown "BIO *bio"

.Fd #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
.Sh DESCRIPTION
.Fn BIO_f_ssl
returns the
.Vt SSL
.Vt BIO
method.
This is a filter







>
|
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
>
>
>
>
|
>
|
>
>
|
|
>










>
|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
.Nm BIO_do_handshake
.Nd SSL BIO
.Sh SYNOPSIS
.In openssl/bio.h
.In openssl/ssl.h
.Ft BIO_METHOD *
.Fn BIO_f_ssl void
.Ft long
.Fo BIO_set_ssl
.Fa "BIO *b"
.Fa "SSL *ssl"
.Fa "long c"
.Fc
.Ft long
.Fo BIO_get_ssl
.Fa "BIO *b"
.Fa "SSL *sslp"
.Fc
.Ft long
.Fo BIO_set_ssl_mode
.Fa "BIO *b"
.Fa "long client"
.Fc
.Ft long
.Fo BIO_set_ssl_renegotiate_bytes

.Fa "BIO *b"
.Fa "long num"
.Fc
.Ft long
.Fo BIO_set_ssl_renegotiate_timeout
.Fa "BIO *b"
.Fa "long seconds"
.Fc
.Ft long
.Fo BIO_get_num_renegotiates
.Fa "BIO *b"
.Fc
.Ft BIO *
.Fn BIO_new_ssl "SSL_CTX *ctx" "int client"
.Ft BIO *
.Fn BIO_new_ssl_connect "SSL_CTX *ctx"
.Ft BIO *
.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx"
.Ft int
.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from"
.Ft void
.Fn BIO_ssl_shutdown "BIO *bio"
.Ft long
.Fn BIO_do_handshake "BIO *b"
.Sh DESCRIPTION
.Fn BIO_f_ssl
returns the
.Vt SSL
.Vt BIO
method.
This is a filter
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
I/O performed on an
.Vt SSL
.Vt BIO
communicates using the SSL protocol with
the
.Vt SSL Ns 's
read and write
.Vt BIO Ns s.
If an SSL connection is not established then an attempt is made to establish
one on the first I/O call.
.Pp
If a
.Vt BIO
is appended to an
.Vt SSL
.Vt BIO
using
.Xr BIO_push 3
it is automatically used as the
.Vt SSL
.Vt BIO Ns 's read and write
.Vt BIO Ns s.
.Pp
Calling
.Xr BIO_reset 3
on an
.Vt SSL
.Vt BIO
closes down any current SSL connection by calling
.Xr SSL_shutdown 3 .
.Xr BIO_reset
is then sent to the next
.Vt BIO
in the chain; this will typically disconnect the underlying transport.
The
.Vt SSL
.Vt BIO
is then reset to the initial accept or connect state.







|













|








|







132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
I/O performed on an
.Vt SSL
.Vt BIO
communicates using the SSL protocol with
the
.Vt SSL Ns 's
read and write
.Vt BIO Ns s .
If an SSL connection is not established then an attempt is made to establish
one on the first I/O call.
.Pp
If a
.Vt BIO
is appended to an
.Vt SSL
.Vt BIO
using
.Xr BIO_push 3
it is automatically used as the
.Vt SSL
.Vt BIO Ns 's read and write
.Vt BIO Ns s .
.Pp
Calling
.Xr BIO_reset 3
on an
.Vt SSL
.Vt BIO
closes down any current SSL connection by calling
.Xr SSL_shutdown 3 .
.Xr BIO_reset 3
is then sent to the next
.Vt BIO
in the chain; this will typically disconnect the underlying transport.
The
.Vt SSL
.Vt BIO
is then reset to the initial accept or connect state.
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
A zero or negative value is returned if the connection could not be
established; the call
.Xr BIO_should_retry 3
should be used for non blocking connect
.Vt BIO Ns s
to determine if the call should be retried.
If an SSL connection has already been established this call has no effect.
.Sh NOTES
.Vt SSL
.Vt BIO Ns s
are exceptional in that if the underlying transport is non-blocking they can
still request a retry in exceptional circumstances.
Specifically this will happen if a session renegotiation takes place during a
.Xr BIO_read 3
operation.







|







299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
A zero or negative value is returned if the connection could not be
established; the call
.Xr BIO_should_retry 3
should be used for non blocking connect
.Vt BIO Ns s
to determine if the call should be retried.
If an SSL connection has already been established this call has no effect.
.Pp
.Vt SSL
.Vt BIO Ns s
are exceptional in that if the underlying transport is non-blocking they can
still request a retry in exceptional circumstances.
Specifically this will happen if a session renegotiation takes place during a
.Xr BIO_read 3
operation.
265
266
267
268
269
270
271










272
273
274
275
276
277
278
.Vt BIO
first.
.Pp
Applications do not have to call
.Fn BIO_do_handshake
but may wish to do so to separate the handshake process from other I/O
processing.










.Sh RETURN VALUES
.\" XXX
This section is incomplete.
.Sh EXAMPLES
This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web
server.
The I/O routines are identical to those of the unencrypted example in







>
>
>
>
>
>
>
>
>
>







335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
.Vt BIO
first.
.Pp
Applications do not have to call
.Fn BIO_do_handshake
but may wish to do so to separate the handshake process from other I/O
processing.
.Pp
.Fn BIO_set_ssl ,
.Fn BIO_get_ssl ,
.Fn BIO_set_ssl_mode ,
.Fn BIO_set_ssl_renegotiate_bytes ,
.Fn BIO_set_ssl_renegotiate_timeout ,
.Fn BIO_get_num_renegotiates ,
and
.Fn BIO_do_handshake
are implemented as macros.
.Sh RETURN VALUES
.\" XXX
This section is incomplete.
.Sh EXAMPLES
This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web
server.
The I/O routines are identical to those of the unencrypted example in
Changes to jni/libressl/man/BIO_find_type.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

20


21
22
23
24
25
26
27


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_FIND_TYPE 3
.Os
.Sh NAME
.Nm BIO_find_type ,
.Nm BIO_next ,
.Nm BIO_method_type
.Nd BIO chain traversal
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO *
.Fo BIO_find_type
.Fa "BIO *b"
.Fa "int bio_type"
.Fc
.Ft BIO *
.Fo BIO_next
.Fa "BIO *b"
.Fc

.Fd #define BIO_method_type(b)	((b)->method->type)


.Fd #define BIO_TYPE_NONE		0
.Fd #define BIO_TYPE_MEM		(1|0x0400)
.Fd #define BIO_TYPE_FILE		(2|0x0400)
.Fd #define BIO_TYPE_FD			(4|0x0400|0x0100)
.Fd #define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
.Fd #define BIO_TYPE_NULL		(6|0x0400)
.Fd #define BIO_TYPE_SSL		(7|0x0200)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|


















>
|
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
.\"	$OpenBSD: BIO_find_type.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2013, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_FIND_TYPE 3
.Os
.Sh NAME
.Nm BIO_find_type ,
.Nm BIO_next ,
.Nm BIO_method_type
.Nd BIO chain traversal
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO *
.Fo BIO_find_type
.Fa "BIO *b"
.Fa "int bio_type"
.Fc
.Ft BIO *
.Fo BIO_next
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_method_type
.Fa "const BIO *b"
.Fc
.Fd #define BIO_TYPE_NONE		0
.Fd #define BIO_TYPE_MEM		(1|0x0400)
.Fd #define BIO_TYPE_FILE		(2|0x0400)
.Fd #define BIO_TYPE_FD			(4|0x0400|0x0100)
.Fd #define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
.Fd #define BIO_TYPE_NULL		(6|0x0400)
.Fd #define BIO_TYPE_SSL		(7|0x0200)
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117









.Pp
.Fn BIO_next
returns the next BIO in a chain.
.Pp
.Fn BIO_method_type
returns the type of the BIO
.Fa b .
.Sh NOTES
.Fn BIO_next
was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a BIO
chain or find multiple matches using
.Fn BIO_find_type .
Previous versions had to use:
.Pp
.Dl next = bio->next_bio;
.Sh BUGS
.Fn BIO_find_type
in OpenSSL 0.9.5a and earlier could not be safely passed a
.Dv NULL
pointer for the
.Fa b
argument.
.Sh EXAMPLE
Traverse a chain looking for digest BIOs:
.Bd -literal -offset 2n
BIO *btmp;
btmp = in_bio;	/* in_bio is chain to search through */

do {
	btmp = BIO_find_type(btmp, BIO_TYPE_MD);
	if (btmp == NULL)
		break;	/* Not found */
	/* btmp is a digest BIO, do something with it ...*/
	...

	btmp = BIO_next(btmp);
} while(btmp);
.Ed
















<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|















>
>
>
>
>
>
>
>
>
133
134
135
136
137
138
139















140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
.Pp
.Fn BIO_next
returns the next BIO in a chain.
.Pp
.Fn BIO_method_type
returns the type of the BIO
.Fa b .















.Sh EXAMPLES
Traverse a chain looking for digest BIOs:
.Bd -literal -offset 2n
BIO *btmp;
btmp = in_bio;	/* in_bio is chain to search through */

do {
	btmp = BIO_find_type(btmp, BIO_TYPE_MD);
	if (btmp == NULL)
		break;	/* Not found */
	/* btmp is a digest BIO, do something with it ...*/
	...

	btmp = BIO_next(btmp);
} while(btmp);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
.Sh BUGS
.Fn BIO_find_type
in OpenSSL 0.9.5a and earlier could not be safely passed a
.Dv NULL
pointer for the
.Fa b
argument.
Added jni/libressl/man/BIO_get_ex_new_index.3.
























































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
.\"	$OpenBSD: BIO_get_ex_new_index.3,v 1.3 2017/01/06 20:35:23 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Rich Salz <rsalz@akamai.com>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt BIO_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm BIO_get_ex_new_index ,
.Nm BIO_set_ex_data ,
.Nm BIO_get_ex_data ,
.Nm ENGINE_get_ex_new_index ,
.Nm ENGINE_set_ex_data ,
.Nm ENGINE_get_ex_data ,
.Nm UI_get_ex_new_index ,
.Nm UI_set_ex_data ,
.Nm UI_get_ex_data ,
.Nm X509_get_ex_new_index ,
.Nm X509_set_ex_data ,
.Nm X509_get_ex_data ,
.Nm ECDH_get_ex_new_index ,
.Nm ECDH_set_ex_data ,
.Nm ECDH_get_ex_data ,
.Nm ECDSA_get_ex_new_index ,
.Nm ECDSA_set_ex_data ,
.Nm ECDSA_get_ex_data
.Nd application-specific data
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo TYPE_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc
.Ft int
.Fo TYPE_set_ex_data
.Fa "TYPE *d"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft void *
.Fo TYPE_get_ex_data
.Fa "TYPE *d"
.Fa "int idx"
.Fc
.Sh DESCRIPTION
In the description here,
.Vt TYPE
is used a placeholder for any of the OpenSSL datatypes listed in
.Xr CRYPTO_get_ex_new_index 3 .
.Pp
These functions handle application-specific data for OpenSSL data
structures.
.Pp
.Fn TYPE_get_ex_new_index
is a macro that calls
.Xr CRYPTO_get_ex_new_index 3
with the correct index value.
.Pp
.Fn TYPE_set_ex_data
is a function that calls
.Xr CRYPTO_set_ex_data 3
with an offset into the opaque exdata part of the
.Vt TYPE
object.
.Pp
.Fn TYPE_get_ex_data
is a function that calls
.Xr CRYPTO_get_ex_data 3
with an offset into the opaque exdata part of the
.Vt TYPE
object.
.Sh SEE ALSO
.Xr CRYPTO_get_ex_new_index 3 ,
.Xr RSA_get_ex_new_index 3
Changes to jni/libressl/man/BIO_new.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17



















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_NEW 3
.Os
.Sh NAME
.Nm BIO_new ,
.Nm BIO_set ,
.Nm BIO_free ,
.Nm BIO_vfree ,
.Nm BIO_free_all
.Nd BIO allocation and freeing functions
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO *
.Fo BIO_new
.Fa "BIO_METHOD *type"
.Fc
.Ft int
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|








|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.\"	$OpenBSD: BIO_new.3,v 1.8 2017/03/25 17:15:59 schwarze Exp $
.\"	OpenSSL doc/man3/BIO_new.pod ca3a82c3 Mar 25 11:31:18 2015 -0400
.\"	OpenSSL doc/man7/bio.pod a9c85cea Nov 11 09:33:55 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 25 2017 $
.Dt BIO_NEW 3
.Os
.Sh NAME
.Nm BIO_new ,
.Nm BIO_set ,
.Nm BIO_free ,
.Nm BIO_vfree ,
.Nm BIO_free_all
.Nd construct and destruct I/O abstraction objects
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO *
.Fo BIO_new
.Fa "BIO_METHOD *type"
.Fc
.Ft int
28
29
30
31
32
33
34







35
36
37


38

39

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100























































101
102
103
104























.Fa "BIO *a"
.Fc
.Ft void
.Fo BIO_free_all
.Fa "BIO *a"
.Fc
.Sh DESCRIPTION







The
.Fn BIO_new
function returns a new BIO using method


.Fa type .

.Pp

.Fn BIO_set
sets the method of an already existing BIO.
.Pp
.Fn BIO_free
frees up a single BIO,
.Fn BIO_vfree
also frees up a single BIO, but it does not return a value.
Calling
.Fn BIO_free
may also have some effect on the underlying I/O structure,
for example it may close the file being
referred to under certain circumstances.
For more details see the individual
.Vt BIO_METHOD
descriptions.
.Pp
.Fn BIO_free_all
frees up an entire BIO chain.
It does not halt if an error occurs
freeing up an individual BIO in the chain.
.Sh RETURN VALUES
.Fn BIO_new
returns a newly created BIO or
.Dv NULL
if the call fails.
.Pp
.Fn BIO_set
and
.Fn BIO_free
return 1 for success and 0 for failure.
.Pp
.Fn BIO_free_all
and
.Fn BIO_vfree
do not return values.
.Sh NOTES
Some BIOs (such as memory BIOs) can be used immediately after calling
.Fn BIO_new .
Others (such as file BIOs) need some additional initialization, and
frequently a utility function exists to create and initialize such BIOs.
.Pp
If
.Fn BIO_free
is called on a BIO chain, it will only free one BIO,
resulting in a memory leak.
.Pp
Calling
.Fn BIO_free_all
on a single BIO has the same effect as calling
.Fn BIO_free
on it other than the discarded return value.
.Pp
Normally the
.Fa type
argument is supplied by a function which returns a pointer to a
.Vt BIO_METHOD .
There is a naming convention for such functions:
a source/sink BIO is normally called
.Fn BIO_s_*
and a filter BIO
.Fn BIO_f_* .























































.Sh EXAMPLES
Create a memory BIO:
.Pp
.Dl BIO *mem = BIO_new(BIO_s_mem());






























>
>
>
>
>
>
>


|
>
>

>

>
|
<

|
<
|
<
<
|
<
|
<
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
|
<
<

<
<
<
<
<



|
<
<
<
<
<
<
<
<
<
<
<






|

|

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103
104

105


106

107



108



109








110


111





112
113
114
115











116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
.Fa "BIO *a"
.Fc
.Ft void
.Fo BIO_free_all
.Fa "BIO *a"
.Fc
.Sh DESCRIPTION
A
.Vt BIO
is an I/O abstraction object, hiding many of the underlying I/O
details from an application.
If an application uses BIOs for its I/O, it can transparently handle
SSL connections, unencrypted network connections, and file I/O.
.Pp
The
.Fn BIO_new
function constructs a new
.Vt BIO
using the method
.Fa type .
There are two groups of BIO types, source/sink BIOs and filter BIOs.
.Pp
Source/sink BIOs provide input or consume output.
Examples include socket BIOs and file BIOs.

.Pp
Filter BIOs take data from one BIO and pass it through to another,

or to the application, forming a chain of BIOs.


The data may be left unmodified (for example by a message digest BIO)

or translated (for example by an encryption BIO).



The effect of a filter BIO may change according to the I/O operation



it is performing: for example an encryption BIO will encrypt data








if it is written to and decrypt data if it is read from.


.Pp





Some BIOs (such as memory BIOs) can be used immediately after calling
.Fn BIO_new .
Others (such as file BIOs) need some additional initialization, and
utility functions exists to construct and initialize such BIOs.











.Pp
Normally the
.Fa type
argument is supplied by a function which returns a pointer to a
.Vt BIO_METHOD .
There is a naming convention for such functions:
the methods for source/sink BIOs are called
.Fn BIO_s_*
and those for filter BIOs
.Fn BIO_f_* .
.Pp
.Fn BIO_set
sets the method of an already existing BIO.
.Pp
.Fn BIO_free
and
.Fn BIO_vfree
destruct a single BIO, which may also have some effect on the
underlying I/O structure, for example it may close the file being
referred to under certain circumstances.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
If
.Fn BIO_free
is called on a BIO chain, it will only destruct one BIO,
resulting in a memory leak.
.Pp
.Fn BIO_free_all
destructs an entire BIO chain.
It does not halt if an error occurs
destructing an individual BIO in the chain.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
Calling
.Fn BIO_free_all
on a single BIO has the same effect as
.Fn BIO_vfree .
.Pp
Common I/O functions are documented in
.Xr BIO_read 3 .
Forming chains is explained in
.Xr BIO_push 3 ;
inspecting them is explained in
.Xr BIO_find_type 3 .
For more details about the different kinds of BIOs, see the individual
.Vt BIO_METHOD
manual pages.
.Sh RETURN VALUES
.Fn BIO_new
returns a newly constructed
.Vt BIO
object or
.Dv NULL
on failure.
.Pp
.Fn BIO_set
and
.Fn BIO_free
return 1 for success or 0 for failure.
.Sh EXAMPLES
Create a memory BIO:
.Pp
.Dl BIO *mem = BIO_new(BIO_s_mem());
.Sh SEE ALSO
.Xr BIO_ctrl 3 ,
.Xr BIO_f_base64 3 ,
.Xr BIO_f_buffer 3 ,
.Xr BIO_f_cipher 3 ,
.Xr BIO_f_md 3 ,
.Xr BIO_f_null 3 ,
.Xr BIO_f_ssl 3 ,
.Xr BIO_find_type 3 ,
.Xr BIO_get_ex_new_index 3 ,
.Xr BIO_printf 3 ,
.Xr BIO_push 3 ,
.Xr BIO_read 3 ,
.Xr BIO_s_accept 3 ,
.Xr BIO_s_bio 3 ,
.Xr BIO_s_connect 3 ,
.Xr BIO_s_fd 3 ,
.Xr BIO_s_file 3 ,
.Xr BIO_s_mem 3 ,
.Xr BIO_s_null 3 ,
.Xr BIO_s_socket 3 ,
.Xr BIO_set_callback 3 ,
.Xr BIO_should_retry 3
Deleted jni/libressl/man/BIO_new_CMS.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
.Dd $Mdocdate: October 2 2010 $
.Dt BIO_NEW_CMS 3
.Os
.Sh NAME
.Nm BIO_new_CMS
.Nd CMS streaming filter BIO
.Sh SYNOPSIS
.In openssl/cms.h
.Ft BIO *
.Fo BIO_new_CMS
.Fa "BIO *out"
.Fa "CMS_ContentInfo *cms"
.Fc
.Sh DESCRIPTION
.Fn BIO_new_CMS
returns a streaming filter BIO chain based on
.Fa cms .
The output of the filter is written to
.Fa out .
Any data written to the chain is automatically translated
to a BER format CMS structure of the appropriate type.
.Sh RETURN VALUES
.Fn BIO_new_CMS
returns a BIO chain when successful or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh NOTES
The chain returned by this function behaves like a standard filter BIO.
It supports non blocking I/O.
Content is processed and streamed on the fly and not all held in memory
at once: so it is possible to encode very large structures.
After all content has been written through the chain
.Xr BIO_flush 3
must be called to finalise the structure.
.Pp
The
.Dv CMS_STREAM
flag must be included in the corresponding
.Fa flags
parameter of the
.Fa cms
creation function.
.Pp
If an application wishes to write additional data to
.Fa out ,
BIOs should be removed from the chain using
.Xr BIO_pop 3
and freed with
.Xr BIO_free 3
until
.Fa out
is reached.
If no additional data needs to be written,
.Xr BIO_free_all 3
can be called to free up the whole chain.
.Pp
Any content written through the filter is used verbatim:
no canonical translation is performed.
.Pp
It is possible to chain multiple BIOs to, for example,
create a triple wrapped signed, enveloped, signed structure.
In this case it is the application's responsibility
to set the inner content type of any outer
.Vt CMS_ContentInfo
structures.
.Pp
Large numbers of small writes through the chain should be avoided as this
will produce an output consisting of lots of OCTET STRING structures.
Prepending a
.Xr BIO_f_buffer 3
buffering BIO will prevent this.
.Sh SEE ALSO
.Xr CMS_encrypt 3 ,
.Xr CMS_sign 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BIO_new_CMS
was added to OpenSSL 1.0.0.
.Sh BUGS
There is currently no corresponding inverse BIO
which can decode a CMS structure on the fly.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






































































































































































Added jni/libressl/man/BIO_printf.3.












































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
.\"	$OpenBSD: BIO_printf.3,v 1.1 2017/03/25 17:15:59 schwarze Exp $
.\"	OpenSSL 2ca2e917 Mon Mar 20 16:25:22 2017 -0400
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: March 25 2017 $
.Dt BIO_PRINTF 3
.Os
.Sh NAME
.Nm BIO_printf ,
.Nm BIO_vprintf ,
.Nm BIO_snprintf ,
.Nm BIO_vsnprintf
.Nd formatted output to a BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft int
.Fo BIO_printf
.Fa "BIO *bio"
.Fa "const char *format"
.Fa ...
.Fc
.Ft int
.Fo BIO_vprintf
.Fa "BIO *bio"
.Fa "const char *format"
.Fa "va_list args"
.Fc
.Ft int
.Fo BIO_snprintf
.Fa "char *buf"
.Fa "size_t n"
.Fa "const char *format"
.Fa ...
.Fc
.Ft int
.Fo BIO_vsnprintf
.Fa "char *buf"
.Fa "size_t n"
.Fa "const char *format"
.Fa "va_list args"
.Fc
.Sh DESCRIPTION
.Fn BIO_vprintf
is a wrapper around
.Xr vfprintf 3 ,
sending the output to the specified
.Fa bio .
.Pp
.Fn BIO_printf
is a wrapper around
.Fn BIO_vprintf .
.Pp
.Fn BIO_snprintf
and
.Fn BIO_vsnprintf
are wrappers around
.Xr vsnprintf 3 .
.Sh RETURN VALUES
These functions return the number of bytes written,
or -1 if an error occurs.
.Pp
In contrast to
.Xr snprintf 3
and
.Xr vsnprintf 3 ,
.Fn BIO_snprintf
and
.Fn BIO_vsnprintf
also return -1 if
.Fa n
is too small to hold the complete output.
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_push.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19







20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

36
















37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75



















































.Dd $Mdocdate: July 17, 2014 $
.Dt BIO_PUSH 3
.Os
.Sh NAME
.Nm BIO_push ,
.Nm BIO_pop
.Nd add and remove BIOs from a chain
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO *
.Fo BIO_push
.Fa "BIO *b"
.Fa "BIO *append"
.Fc
.Ft BIO *
.Fo BIO_pop
.Fa "BIO *b"
.Fc
.Sh DESCRIPTION







The
.Fn BIO_push
function appends the BIO
.Fa append
to
.Fa b
and returns
.Fa b .
.Pp
.Fn BIO_pop
removes the BIO
.Fa b
from a chain and returns the next BIO in the chain, or
.Dv NULL
if there is no next BIO.
The removed BIO then becomes a single BIO with no association with the

original chain, it can thus be freed or attached to a different chain.
















.Sh RETURN VALUES
.Fn BIO_push
returns the beginning of the chain,
.Fa b .
.Pp
.Fn BIO_pop
returns the next BIO in the chain, or
.Dv NULL
if there is no next BIO.
.Sh NOTES
The names of these functions are perhaps a little misleading.
.Fn BIO_push
joins two BIO chains whereas
.Fn BIO_pop
deletes a single BIO from a chain,
the deleted BIO does not need to be at the end of a chain.
.Pp
The process of calling
.Fn BIO_push
and
.Fn BIO_pop
on a BIO may have additional consequences:
a control call is made to the affected BIOs.
Any effects will be noted in the descriptions of individual BIOs.
.Sh EXAMPLES
For these examples suppose
.Sy md1
and
.Sy md2
are digest BIOs,
.Sy b64
is a base64 BIO and
.Sy f
is a file BIO.
.Pp
If the call
.Pp
.Dl BIO_push(b64, f);
.Pp
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|


















>
>
>
>
>
>
>
















>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>









<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120















121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
.\"	$OpenBSD: BIO_push.3,v 1.5 2016/12/06 12:54:19 schwarze Exp $
.\"	OpenSSL doc/man3/BIO_push.pod 76ed5a42 Jun 29 13:38:55 2014 +0100
.\"	OpenSSL doc/man7/bio.pod a9c85cea Nov 11 09:33:55 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_PUSH 3
.Os
.Sh NAME
.Nm BIO_push ,
.Nm BIO_pop
.Nd add and remove BIOs from a chain
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO *
.Fo BIO_push
.Fa "BIO *b"
.Fa "BIO *append"
.Fc
.Ft BIO *
.Fo BIO_pop
.Fa "BIO *b"
.Fc
.Sh DESCRIPTION
BIOs can be joined together to form chains.
A chain normally consist of one or more filter BIOs
and one source/sink BIO at the end.
Data read from or written to the first BIO traverses the chain
to the end.
A single BIO can be regarded as a chain with one component.
.Pp
The
.Fn BIO_push
function appends the BIO
.Fa append
to
.Fa b
and returns
.Fa b .
.Pp
.Fn BIO_pop
removes the BIO
.Fa b
from a chain and returns the next BIO in the chain, or
.Dv NULL
if there is no next BIO.
The removed BIO then becomes a single BIO with no association with the
original chain.
it can thus be freed or attached to a different chain.
.Pp
The names of these functions are perhaps a little misleading.
.Fn BIO_push
joins two BIO chains whereas
.Fn BIO_pop
deletes a single BIO from a chain;
the deleted BIO does not need to be at the end of a chain.
.Pp
The process of calling
.Fn BIO_push
and
.Fn BIO_pop
on a BIO may have additional consequences: a
.Xr BIO_ctrl 3
call is made to the affected BIOs.
Any effects will be noted in the descriptions of individual BIOs.
.Sh RETURN VALUES
.Fn BIO_push
returns the beginning of the chain,
.Fa b .
.Pp
.Fn BIO_pop
returns the next BIO in the chain, or
.Dv NULL
if there is no next BIO.















.Sh EXAMPLES
For these examples suppose
.Sy md1
and
.Sy md2
are digest BIOs,
.Sy b64
is a Base64 BIO and
.Sy f
is a file BIO.
.Pp
If the call
.Pp
.Dl BIO_push(b64, f);
.Pp
86
87
88
89
90
91
92
93
94
95
96
97
98

99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117




Data written to
.Sy md1
will be digested
by
.Sy md1
and
.Sy md2 ,
.Sy base64
encoded and written to
.Sy f .
.Pp
It should be noted that reading causes data to pass
in the reverse direction, that is data is read from

.Sy f ,
base64
.Sy decoded
and digested
by
.Sy md1
and
.Sy md2 .
If this call is made:
.Pp
.Dl BIO_pop(md2);
.Pp
The call will return
.Sy b64
and the new chain will be
.Sy md1-b64-f Ns ;
data can be written to
.Sy md1
as before.











<
|



|
>

<
<
|
<










|



>
>
>
>
146
147
148
149
150
151
152

153
154
155
156
157
158
159


160

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
Data written to
.Sy md1
will be digested
by
.Sy md1
and
.Sy md2 ,

Base64-encoded and written to
.Sy f .
.Pp
It should be noted that reading causes data to pass
in the reverse direction.
That is, data is read from
.Sy f ,


Base64-decoded and digested by

.Sy md1
and
.Sy md2 .
If this call is made:
.Pp
.Dl BIO_pop(md2);
.Pp
The call will return
.Sy b64
and the new chain will be
.Sy md1-b64-f ;
data can be written to
.Sy md1
as before.
.Sh SEE ALSO
.Xr BIO_find_type 3 ,
.Xr BIO_new 3 ,
.Xr BIO_read 3
Changes to jni/libressl/man/BIO_read.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14


















































.Dd $Mdocdate: February 14 2015 $
.Dt BIO_READ 3
.Os
.Sh NAME
.Nm BIO_read ,
.Nm BIO_write ,
.Nm BIO_gets ,
.Nm BIO_puts
.Nd BIO I/O functions
.Sh SYNOPSIS
.In openssl/bio.h
.Ft int
.Fo BIO_read
.Fa "BIO *b"
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




|
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
.\"	$OpenBSD: BIO_read.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_READ 3
.Os
.Sh NAME
.Nm BIO_read ,
.Nm BIO_gets ,
.Nm BIO_write ,
.Nm BIO_puts
.Nd BIO I/O functions
.Sh SYNOPSIS
.In openssl/bio.h
.Ft int
.Fo BIO_read
.Fa "BIO *b"
42
43
44
45
46
47
48
49
50
51
52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113













114

115
.Fa buf .
.Pp
.Fn BIO_gets
performs the BIOs "gets" operation and places the data in
.Fa buf .
Usually this operation will attempt to read a line of data
from the BIO of maximum length
.Fa len .
There are exceptions to this however, for example
.Fn BIO_gets
on a digest BIO will calculate and return the digest
and other BIOs may not support
.Fn BIO_gets
at all.

.Pp
.Fn BIO_write
attempts to write
.Fa len
bytes from
.Fa buf
to BIO
.Fa b .
.Pp
.Fn BIO_puts
attempts to write a null terminated string
.Fa buf
to BIO
.Fa b .
.Sh RETURN VALUES
All these functions return either the amount of data successfully
read or written (if the return value is positive) or that no data
was successfully read or written if the result is 0 or -1.
If the return value is -2, then the operation is not implemented
in the specific BIO type.
.Sh NOTES
A 0 or -1 return is not necessarily an indication of an error.
In particular when the source/sink is non-blocking or of a certain type
it may merely be an indication that no data is currently available and that
the application should retry the operation later.
.Pp
One technique sometimes used with blocking sockets
is to use a system call (such as
.Xr select 2 ,
.Xr poll 2
or equivalent) to determine when data is available and then call
.Xr read 3
to read the data.
The equivalent with BIOs (that is call
.Xr select 2
on the underlying I/O structure and then call
.Fn BIO_read
to read the data) should
.Em not
be used because a single call to
.Fn BIO_read
can cause several reads (and writes in the case of SSL BIOs)
on the underlying I/O structure and may block as a result.
Instead
.Xr select 2
(or equivalent) should be combined with non blocking I/O
so successive reads will request a retry instead of blocking.
.Pp
See
.Xr BIO_should_retry 3
for details of how to determine the cause of a retry and other I/O issues.
.Pp
If the
.Fn BIO_gets
function is not supported by a BIO then it is possible to
work around this by adding a buffering BIO
.Xr BIO_f_buffer 3
to the chain.













.Sh SEE ALSO

.Xr BIO_should_retry 3







|






>














<
<
<
<
<
<
<
<
<
<
<






|













|












>
>
>
>
>
>
>
>
>
>
>
>
>

>

92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120











121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
.Fa buf .
.Pp
.Fn BIO_gets
performs the BIOs "gets" operation and places the data in
.Fa buf .
Usually this operation will attempt to read a line of data
from the BIO of maximum length
.Fa len No - 1 .
There are exceptions to this however, for example
.Fn BIO_gets
on a digest BIO will calculate and return the digest
and other BIOs may not support
.Fn BIO_gets
at all.
The returned string is always NUL-terminated.
.Pp
.Fn BIO_write
attempts to write
.Fa len
bytes from
.Fa buf
to BIO
.Fa b .
.Pp
.Fn BIO_puts
attempts to write a null terminated string
.Fa buf
to BIO
.Fa b .











.Pp
One technique sometimes used with blocking sockets
is to use a system call (such as
.Xr select 2 ,
.Xr poll 2
or equivalent) to determine when data is available and then call
.Xr read 2
to read the data.
The equivalent with BIOs (that is call
.Xr select 2
on the underlying I/O structure and then call
.Fn BIO_read
to read the data) should
.Em not
be used because a single call to
.Fn BIO_read
can cause several reads (and writes in the case of SSL BIOs)
on the underlying I/O structure and may block as a result.
Instead
.Xr select 2
(or equivalent) should be combined with non-blocking I/O
so successive reads will request a retry instead of blocking.
.Pp
See
.Xr BIO_should_retry 3
for details of how to determine the cause of a retry and other I/O issues.
.Pp
If the
.Fn BIO_gets
function is not supported by a BIO then it is possible to
work around this by adding a buffering BIO
.Xr BIO_f_buffer 3
to the chain.
.Sh RETURN VALUES
All these functions return either the amount of data successfully
read or written (if the return value is positive) or that no data
was successfully read or written if the result is 0 or -1.
If the return value is -2, then the operation is not implemented
in the specific BIO type.
The trailing NUL is not included in the length returned by
.Fn BIO_gets .
.Pp
A 0 or -1 return is not necessarily an indication of an error.
In particular when the source/sink is non-blocking or of a certain type
it may merely be an indication that no data is currently available and that
the application should retry the operation later.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr BIO_should_retry 3
Changes to jni/libressl/man/BIO_s_accept.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_ACCEPT 3
.Os
.Sh NAME
.Nm BIO_s_accept ,
.Nm BIO_set_accept_port ,
.Nm BIO_get_accept_port ,
.Nm BIO_new_accept ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BIO_s_accept.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2014, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_S_ACCEPT 3
.Os
.Sh NAME
.Nm BIO_s_accept ,
.Nm BIO_set_accept_port ,
.Nm BIO_get_accept_port ,
.Nm BIO_new_accept ,
57
58
59
60
61
62
63
64


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
.Ft int
.Fo BIO_do_accept
.Fa "BIO *b"
.Fc
.Sh DESCRIPTION
.Fn BIO_s_accept
returns the accept BIO method.
This is a wrapper round the platform's TCP/IP socket accept routines.


.Pp
Using accept BIOs, TCP/IP connections can be accepted
and data transferred using only BIO routines.
In this way any platform specific operations
are hidden by the BIO abstraction.
.Pp
Read and write operations on an accept BIO
will perform I/O on the underlying connection.
If no connection is established and the port (see below) is set up
properly then the BIO waits for an incoming connection.
.Pp
Accept BIOs support
.Xr BIO_puts 3
but not
.Xr BIO_gets 3 .
.Pp
If the close flag is set on an accept BIO, then any active
connection on that chain is shutdown and the socket closed when
the BIO is freed.
.Pp
Calling
.Xr BIO_reset 3
on a accept BIO will close any active connection and reset the BIO
into a state where it awaits another incoming connection.
.Pp
.Xr BIO_get_fd 3
and
.Xr BIO_set_fd 3
can be called to retrieve or set the accept socket.
See
.Xr BIO_s_fd 3 .
.Pp
.Fn BIO_set_accept_port
uses the string
.Fa name
to set the accept port.
The port is represented as a string of the form
.Ar host : Ns Ar port ,
where
.Ar host
is the interface to use and
.Ar port
is the port.
Either or both values can be
.Qq *
which is interpreted as meaning any interface or port respectively.
.Ar port
has the same syntax as the port specified in
.Xr BIO_set_conn_port 3
for connect BIOs.
It can be a numerical port string or a string to lookup using
.Xr getservbyname 3
and a string table.
.Pp
.Fn BIO_new_accept
combines
.Xr BIO_new 3
and
.Fn BIO_set_accept_port
into a single call.
It creates a new accept BIO with port
.Fa host_port .
.Pp
.Fn BIO_set_nbio_accept
sets the accept socket to blocking mode (the default) if
.Fa n
is 0 or non blocking mode if
.Fa n
is 1.
.Pp
.Fn BIO_set_accept_bios
can be used to set a chain of BIOs which will be duplicated
and prepended to the chain when an incoming connection is received.
This is useful if, for example, a buffering or SSL BIO
is required for each connection.
The chain of BIOs must not be freed after this call,
they will be automatically freed when the accept BIO is freed.
.Pp
.Fn BIO_set_bind_mode
and
.Fn BIO_get_bind_mode
set and retrieve the current bind mode.
If







|
>
>

















|




|




















|
|
|




|















|








|







107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
.Ft int
.Fo BIO_do_accept
.Fa "BIO *b"
.Fc
.Sh DESCRIPTION
.Fn BIO_s_accept
returns the accept BIO method.
This is a wrapper round the platform's TCP/IP socket
.Xr accept 2
routines.
.Pp
Using accept BIOs, TCP/IP connections can be accepted
and data transferred using only BIO routines.
In this way any platform specific operations
are hidden by the BIO abstraction.
.Pp
Read and write operations on an accept BIO
will perform I/O on the underlying connection.
If no connection is established and the port (see below) is set up
properly then the BIO waits for an incoming connection.
.Pp
Accept BIOs support
.Xr BIO_puts 3
but not
.Xr BIO_gets 3 .
.Pp
If the close flag is set on an accept BIO, then any active
connection on that chain is shut down and the socket closed when
the BIO is freed.
.Pp
Calling
.Xr BIO_reset 3
on an accept BIO will close any active connection and reset the BIO
into a state where it awaits another incoming connection.
.Pp
.Xr BIO_get_fd 3
and
.Xr BIO_set_fd 3
can be called to retrieve or set the accept socket.
See
.Xr BIO_s_fd 3 .
.Pp
.Fn BIO_set_accept_port
uses the string
.Fa name
to set the accept port.
The port is represented as a string of the form
.Ar host : Ns Ar port ,
where
.Ar host
is the interface to use and
.Ar port
is the port.
The host can be
.Qq * ,
which is interpreted as meaning any interface;
.Ar port
has the same syntax as the port specified in
.Xr BIO_set_conn_port 3
for connect BIOs.
It can be a numerical port string or a string to look up using
.Xr getservbyname 3
and a string table.
.Pp
.Fn BIO_new_accept
combines
.Xr BIO_new 3
and
.Fn BIO_set_accept_port
into a single call.
It creates a new accept BIO with port
.Fa host_port .
.Pp
.Fn BIO_set_nbio_accept
sets the accept socket to blocking mode (the default) if
.Fa n
is 0 or non-blocking mode if
.Fa n
is 1.
.Pp
.Fn BIO_set_accept_bios
can be used to set a chain of BIOs which will be duplicated
and prepended to the chain when an incoming connection is received.
This is useful if, for example, a buffering or SSL BIO
is required for each connection.
The chain of BIOs must not be freed after this call -
they will be automatically freed when the accept BIO is freed.
.Pp
.Fn BIO_set_bind_mode
and
.Fn BIO_get_bind_mode
set and retrieve the current bind mode.
If
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
.Dv BIO_BIN_NORMAL ;
if this fails and the port is not in use,
then a second attempt is made using
.Dv BIO_BIND_REUSEADDR .
.Pp
.Fn BIO_do_accept
serves two purposes.
When it is first called, after the accept BIO has been setup,
it will attempt to create the accept socket and bind an address to it.
Second and subsequent calls to
.Fn BIO_do_accept
will await an incoming connection, or request a retry in non blocking mode.
.Sh NOTES
When an accept BIO is at the end of a chain, it will await an
incoming connection before processing I/O calls.
When an accept BIO is not at then end of a chain,
it passes I/O calls to the next BIO in the chain.
.Pp
When a connection is established a new socket BIO is created
for the connection and appended to the chain.
That is the chain is now accept->socket.
This effectively means that attempting I/O on an initial accept
socket will await an incoming connection then perform I/O on it.
.Pp
If any additional BIOs have been set using
.Fn BIO_set_accept_bios ,
then they are placed between the socket and the accept BIO,
that is the chain will be accept->otherbios->socket.
.Pp
If a server wishes to process multiple connections (as is normally
the case), then the accept BIO must be made available for further
incoming connections.
This can be done by waiting for a connection and then calling:
.Pp
.Dl connection = BIO_pop(accept);







|



|














|
|







208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
.Dv BIO_BIN_NORMAL ;
if this fails and the port is not in use,
then a second attempt is made using
.Dv BIO_BIND_REUSEADDR .
.Pp
.Fn BIO_do_accept
serves two purposes.
When it is first called, after the accept BIO has been set up,
it will attempt to create the accept socket and bind an address to it.
Second and subsequent calls to
.Fn BIO_do_accept
will await an incoming connection, or request a retry in non-blocking mode.
.Sh NOTES
When an accept BIO is at the end of a chain, it will await an
incoming connection before processing I/O calls.
When an accept BIO is not at then end of a chain,
it passes I/O calls to the next BIO in the chain.
.Pp
When a connection is established a new socket BIO is created
for the connection and appended to the chain.
That is the chain is now accept->socket.
This effectively means that attempting I/O on an initial accept
socket will await an incoming connection then perform I/O on it.
.Pp
If any additional BIOs have been set using
.Fn BIO_set_accept_bios ,
then they are placed between the socket and the accept BIO;
that is, the chain will be accept->otherbios->socket.
.Pp
If a server wishes to process multiple connections (as is normally
the case), then the accept BIO must be made available for further
incoming connections.
This can be done by waiting for a connection and then calling:
.Pp
.Dl connection = BIO_pop(accept);
224
225
226
227
228
229
230























231
232
233
234
235
236
237
.Fn BIO_set_nbio_accept ,
.Fn BIO_set_accept_bios ,
.Fn BIO_set_bind_mode ,
.Fn BIO_get_bind_mode ,
and
.Fn BIO_do_accept
are macros.























.Sh EXAMPLES
This example accepts two connections on port 4444,
sends messages down each and finally closes both down.
.Bd -literal -offset 2n
BIO *abio, *cbio, *cbio2;
ERR_load_crypto_strings();
abio = BIO_new_accept("4444");







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
.Fn BIO_set_nbio_accept ,
.Fn BIO_set_accept_bios ,
.Fn BIO_set_bind_mode ,
.Fn BIO_get_bind_mode ,
and
.Fn BIO_do_accept
are macros.
.Sh RETURN VALUES
.Fn BIO_do_accept ,
.Fn BIO_set_accept_port ,
.Fn BIO_set_nbio_accept ,
.Fn BIO_set_accept_bios ,
and
.Fn BIO_set_bind_mode
return 1 for success or 0 or -1 for failure.
.Pp
.Fn BIO_get_accept_port
returns the port as a string or
.Dv NULL
on error.
.Pp
.Fn BIO_get_bind_mode
returns the set of BIO_BIND flags or -1 on failure.
.Pp
.Fn BIO_new_accept
returns a
.Vt BIO
or
.Dv NULL
on error.
.Sh EXAMPLES
This example accepts two connections on port 4444,
sends messages down each and finally closes both down.
.Bd -literal -offset 2n
BIO *abio, *cbio, *cbio2;
ERR_load_crypto_strings();
abio = BIO_new_accept("4444");
273
274
275
276
277
278
279


fprintf(stderr, "Sent out data on connection 2\en");
BIO_puts(cbio, "Connection 1: Second connection established\en");

/* Close the two established connections */
BIO_free(cbio);
BIO_free(cbio2);
.Ed









>
>
348
349
350
351
352
353
354
355
356
fprintf(stderr, "Sent out data on connection 2\en");
BIO_puts(cbio, "Connection 1: Second connection established\en");

/* Close the two established connections */
BIO_free(cbio);
BIO_free(cbio2);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_s_bio.3.























































1
2
3
4
5
6
7
8























































.Dd $Mdocdate: July 24 2015 $
.Dt BIO_S_BIO 3
.Os
.Sh NAME
.Nm BIO_s_bio ,
.Nm BIO_make_bio_pair ,
.Nm BIO_destroy_bio_pair ,
.Nm BIO_shutdown_wr ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
.\"	$OpenBSD: BIO_s_bio.3,v 1.9 2017/01/06 02:29:18 schwarze Exp $
.\"	OpenSSL c03726ca Aug 27 12:28:08 2015 -0400
.\"
.\" This file was written by
.\" Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>,
.\" Dr. Stephen Henson <steve@openssl.org>,
.\" Bodo Moeller <bodo@openssl.org>,
.\" and Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000, 2002, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt BIO_S_BIO 3
.Os
.Sh NAME
.Nm BIO_s_bio ,
.Nm BIO_make_bio_pair ,
.Nm BIO_destroy_bio_pair ,
.Nm BIO_shutdown_wr ,
17
18
19
20
21
22
23
24
25



26
27


28
29


30
31



32
33
34
35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
.Nd BIO pair BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_bio
.Fa void
.Fc
.Bd -unfilled
#define	BIO_make_bio_pair(b1, b2) \e



	(int)BIO_ctrl(b1, BIO_C_MAKE_BIO_PAIR, 0, b2)
#define	BIO_destroy_bio_pair(b) \e


	(int)BIO_ctrl(b, BIO_C_DESTROY_BIO_PAIR, 0, NULL)
#define	BIO_shutdown_wr(b) \e


	(int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
#define	BIO_set_write_buf_size(b, size) \e



	(int)BIO_ctrl(b, BIO_C_SET_WRITE_BUF_SIZE, size, NULL)
#define	BIO_get_write_buf_size(b, size) \e
	(size_t)BIO_ctrl(b, BIO_C_GET_WRITE_BUF_SIZE, size, NULL)
.Ed

.Pp
.Ft int
.Fo BIO_new_bio_pair
.Fa "BIO **bio1"
.Fa "size_t writebuf1"
.Fa "BIO **bio2"
.Fa "size_t writebuf2"
.Fc
.Bd -unfilled
#define	BIO_get_write_guarantee(b) \e
	(int)BIO_ctrl(b, BIO_C_GET_WRITE_GUARANTEE, 0, NULL)
.Ed
.Pp
.Ft size_t
.Fo BIO_ctrl_get_write_guarantee
.Fa "BIO *b"
.Fc
.Bd -unfilled
#define	BIO_get_read_request(b) \e
	(int)BIO_ctrl(b, BIO_C_GET_READ_REQUEST, 0, NULL)
.Ed
.Pp
.Ft size_t
.Fo BIO_ctrl_get_read_request
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_ctrl_reset_read_request
.Fa "BIO *b"







|
|
>
>
>
|
|
>
>
|
|
>
>
|
|
>
>
>
|
|
<
|
>
|







|
|
<
|
|




|
|
<
|
|







72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

99
100
101
102
103
104
105
106
107
108
109
110

111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
126
127
.Nd BIO pair BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_bio
.Fa void
.Fc
.Ft int
.Fo BIO_make_bio_pair
.Fa "BIO *b1"
.Fa "BIO *b2"
.Fc
.Ft int
.Fo BIO_destroy_bio_pair
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_shutdown_wr
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_set_write_buf_size
.Fa "BIO *b"
.Fa "long size"
.Fc
.Ft size_t
.Fo BIO_get_write_buf_size

.Fa "BIO *b"
.Fa "long size"
.Fc
.Ft int
.Fo BIO_new_bio_pair
.Fa "BIO **bio1"
.Fa "size_t writebuf1"
.Fa "BIO **bio2"
.Fa "size_t writebuf2"
.Fc
.Ft size_t
.Fo BIO_get_write_guarantee

.Fa "BIO *b"
.Fc
.Ft size_t
.Fo BIO_ctrl_get_write_guarantee
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_get_read_request

.Fa "BIO *b"
.Fc
.Ft size_t
.Fo BIO_ctrl_get_read_request
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_ctrl_reset_read_request
.Fa "BIO *b"
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
.Pp
Since BIO chains typically end in a source/sink BIO,
it is possible to make this one half of a BIO pair and
have all the data processed by the chain under application control.
.Pp
One typical use of BIO pairs is
to place TLS/SSL I/O under application control.
This can be used when the application wishes to use a non standard
transport for TLS/SSL or the normal socket routines are inappropriate.
.Pp
Calls to
.Xr BIO_read 3
will read data from the buffer or request a retry if no data is available.
.Pp
Calls to







|







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
.Pp
Since BIO chains typically end in a source/sink BIO,
it is possible to make this one half of a BIO pair and
have all the data processed by the chain under application control.
.Pp
One typical use of BIO pairs is
to place TLS/SSL I/O under application control.
This can be used when the application wishes to use a non-standard
transport for TLS/SSL or the normal socket routines are inappropriate.
.Pp
Calls to
.Xr BIO_read 3
will read data from the buffer or request a retry if no data is available.
.Pp
Calls to
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
.Fa writebuf2 .
If either size is zero, then the default size is used.
.Fn BIO_new_bio_pair
does not check whether
.Fa bio1
or
.Fa bio2
do point to some other BIO, the values are overwritten,
.Xr BIO_free 3
is not called.
.Pp
.Fn BIO_get_write_guarantee
and
.Fn BIO_ctrl_get_write_guarantee
return the maximum length of data







|







204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
.Fa writebuf2 .
If either size is zero, then the default size is used.
.Fn BIO_new_bio_pair
does not check whether
.Fa bio1
or
.Fa bio2
point to some other BIO; the values are overwritten and
.Xr BIO_free 3
is not called.
.Pp
.Fn BIO_get_write_guarantee
and
.Fn BIO_ctrl_get_write_guarantee
return the maximum length of data
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
never returns an amount larger than that returned by
.Fn BIO_get_write_guarantee .
.Pp
.Fn BIO_ctrl_reset_read_request
can also be used to reset the value returned by
.Fn BIO_get_read_request
to zero.
.Sh RETURN VALUES
.Fn BIO_new_bio_pair
returns 1 on success, with the new BIOs available in
.Fa bio1
and
.Fa bio2 ,
or 0 on failure, with NULL pointers stored into the locations for
.Fa bio1
and
.Fa bio2 .
Check the error stack for more information.
.\" XXX More return values need to be added here.
.Sh NOTES
Both halves of a BIO pair should be freed.
Even if one half is implicitly freed due to a
.Xr BIO_free_all 3
or
.Xr SSL_free 3
call, the other half still needs to be freed.
.Pp







<
<
<
|
<
<
<
<
<
<
<
<
<







243
244
245
246
247
248
249



250









251
252
253
254
255
256
257
never returns an amount larger than that returned by
.Fn BIO_get_write_guarantee .
.Pp
.Fn BIO_ctrl_reset_read_request
can also be used to reset the value returned by
.Fn BIO_get_read_request
to zero.



.Pp









Both halves of a BIO pair should be freed.
Even if one half is implicitly freed due to a
.Xr BIO_free_all 3
or
.Xr SSL_free 3
call, the other half still needs to be freed.
.Pp
227
228
229
230
231
232
233

























234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254



255
256
257
258
259
260
261
.Xr BIO_read 3
will initially fail and
.Xr BIO_should_read 3
will be true.
If the application then waits for data to become available
on the underlying transport before flushing the write buffer,
it will never succeed because the request was never sent.

























.Sh EXAMPLE
The BIO pair can be used to have full control
over the network access of an application.
The application can call
.Xr select 2
on the socket as required without having to go through the SSL-interface.
.Bd -literal -offset 2n
BIO *internal_bio, *network_bio;
\&...
BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
SSL_set_bio(ssl, internal_bio, internal_bio);
SSL_operations();
\&...

application |   TLS-engine
   |        |
   +----------> SSL_operations()
            |     /\e    ||
            |     ||    \e/
            |   BIO-pair (internal_bio)
   +----------< BIO-pair (network_bio)



   |        |
 socket     |

\&...
SSL_free(ssl);		/* implicitly frees internal_bio */
BIO_free(network_bio);
\&...







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




|



|

|








|
>
>
>







278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
.Xr BIO_read 3
will initially fail and
.Xr BIO_should_read 3
will be true.
If the application then waits for data to become available
on the underlying transport before flushing the write buffer,
it will never succeed because the request was never sent.
.Pp
.Xr BIO_eof 3
is true if no data is in the peer BIO and the peer BIO has been shutdown.
.Pp
.Fn BIO_make_bio_pair ,
.Fn BIO_destroy_bio_pair ,
.Fn BIO_shutdown_wr ,
.Fn BIO_set_write_buf_size ,
.Fn BIO_get_write_buf_size ,
.Fn BIO_get_write_guarantee ,
and
.Fn BIO_get_read_request
are implemented as macros.
.Sh RETURN VALUES
.Fn BIO_new_bio_pair
returns 1 on success, with the new BIOs available in
.Fa bio1
and
.Fa bio2 ,
or 0 on failure, with NULL pointers stored into the locations for
.Fa bio1
and
.Fa bio2 .
Check the error stack for more information.
.\" XXX More return values need to be added here.
.Sh EXAMPLES
The BIO pair can be used to have full control
over the network access of an application.
The application can call
.Xr select 2
on the socket as required without having to go through the SSL interface.
.Bd -literal -offset 2n
BIO *internal_bio, *network_bio;
\&...
BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
SSL_set_bio(ssl, internal_bio, internal_bio);
SSL_operations();  /* e.g. SSL_read() and SSL_write() */
\&...

application |   TLS-engine
   |        |
   +----------> SSL_operations()
            |     /\e    ||
            |     ||    \e/
            |   BIO-pair (internal_bio)
            |   BIO-pair (network_bio)
            |     ||     /\e
            |     \e/     ||
   +-----------< BIO_operations()
   |        |
 socket     |

\&...
SSL_free(ssl);		/* implicitly frees internal_bio */
BIO_free(network_bio);
\&...
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
Use
.Xr BIO_ctrl_pending 3
to find out whether data is buffered in the BIO
and must be transferred to the network.
Use
.Fn BIO_ctrl_get_read_request
to find out how many bytes must be written into the buffer before the
.Xr SSL_operation 3
can successfully be continued.
.Sh SEE ALSO
.Xr bio 3 ,
.Xr BIO_read 3 ,
.Xr BIO_should_retry 3 ,
.Xr ssl 3 ,
.Xr SSL_set_bio 3
.Sh CAVEATS
As the data is buffered,
.Xr SSL_operation 3
may return with an
.Dv ERROR_SSL_WANT_READ
condition, but there is still data in the write buffer.
An application must not rely on the error value of
.Xr SSL_operation 3
but must assure that the write buffer is always flushed first.
Otherwise a deadlock may occur as the peer might be waiting
for the data before being able to continue.







<
|

|





|
<
<


|
<



349
350
351
352
353
354
355

356
357
358
359
360
361
362
363
364


365
366
367

368
369
370
Use
.Xr BIO_ctrl_pending 3
to find out whether data is buffered in the BIO
and must be transferred to the network.
Use
.Fn BIO_ctrl_get_read_request
to find out how many bytes must be written into the buffer before the

SSL operations can successfully be continued.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr BIO_read 3 ,
.Xr BIO_should_retry 3 ,
.Xr ssl 3 ,
.Xr SSL_set_bio 3
.Sh CAVEATS
As the data is buffered, SSL operations may return with an


.Dv ERROR_SSL_WANT_READ
condition, but there is still data in the write buffer.
An application must not rely on the error value of the SSL operation

but must assure that the write buffer is always flushed first.
Otherwise a deadlock may occur as the peer might be waiting
for the data before being able to continue.
Changes to jni/libressl/man/BIO_s_connect.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_CONNECT 3
.Os
.Sh NAME
.Nm BIO_s_connect ,
.Nm BIO_new_connect ,
.Nm BIO_set_conn_hostname ,
.Nm BIO_set_conn_port ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BIO_s_connect.3,v 1.6 2016/12/20 23:14:37 beck Exp $
.\"	OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 20 2016 $
.Dt BIO_S_CONNECT 3
.Os
.Sh NAME
.Nm BIO_s_connect ,
.Nm BIO_new_connect ,
.Nm BIO_set_conn_hostname ,
.Nm BIO_set_conn_port ,
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
on a connect BIO will close any active connection and reset the BIO
into a state where it can connect to the same host again.
.Pp
.Xr BIO_get_fd 3
places the underlying socket in
.Fa c
if it is not
.Dv NULL ,
it also returns the socket.
If
.Fa c
is not
.Dv NULL
it should be of type
.Vt "int *" .
.Pp







|
|







150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
on a connect BIO will close any active connection and reset the BIO
into a state where it can connect to the same host again.
.Pp
.Xr BIO_get_fd 3
places the underlying socket in
.Fa c
if it is not
.Dv NULL
and also returns the socket.
If
.Fa c
is not
.Dv NULL
it should be of type
.Vt "int *" .
.Pp
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
or
.Ar hostname : Ns Ar port Ns / Ns Pa any/other/path .
.Pp
.Fn BIO_set_conn_port
sets the port to
.Fa port .
.Fa port
can be the numerical form or a string such as
.Cm http .
A string will be looked up first using
.Xr getservbyname 3
on the host platform, but if that fails
a built-in table of port names will be used.
Currently the list is
.Cm http ,
.Cm telnet ,
.Cm socks ,
.Cm https ,
.Cm ssl ,
.Cm ftp ,
.Cm gopher ,
and
.Cm wais .
.Pp
.Fn BIO_set_conn_ip
sets the IP address to
.Fa ip
using binary form, that is four bytes specifying the IP address
in big-endian form.
.Pp
.Fn BIO_set_conn_int_port
sets the port using
.Fa port .
.Fa port
should
be of type
.Vt "int *" .
.Pp
.Fn BIO_get_conn_hostname
returns the hostname of the connect BIO or
.Dv NULL
if the BIO is initialized but no hostname is set.
This return value is an internal pointer which should not be modified.
.Pp
.Fn BIO_get_conn_port
returns the port as a string.

.Pp
.Fn BIO_get_conn_ip
returns the IP address in binary form.
.Pp
.Fn BIO_get_conn_int_port
returns the port as an
.Vt int .
.Pp
.Fn BIO_set_nbio
sets the non blocking I/O flag to
.Fa n .
If
.Fa n
is zero then blocking I/O is set.
If
.Fa n
is 1 then non blocking I/O is set.
Blocking I/O is the default.
The call to
.Fn BIO_set_nbio
should be made before the connection is established
because non blocking I/O is set during the connect process.
.Pp
.Fn BIO_new_connect
combines
.Xr BIO_new 3
and
.Fn BIO_set_conn_hostname
into a single call.
It creates a new connect BIO with
.Fa name .
.Pp
.Fn BIO_do_connect
attempts to connect the supplied BIO.
It returns 1 if the connection was established successfully.
A zero or negative value is returned if the connection
could not be established.
The call
.Xr BIO_should_retry 3
should be used for non blocking connect BIOs
to determine if the call should be retried.
.Sh NOTES
If blocking I/O is set then a non positive return value from any
I/O call is caused by an error condition, although a zero return
will normally mean that the connection was closed.
.Pp
If the port name is supplied as part of the host name then this will
override any value set with
.Fn BIO_set_conn_port .
This may be undesirable if the application does not wish to allow







<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<




|


















>









|






|




|

















|

|
|







175
176
177
178
179
180
181


182
183












184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
or
.Ar hostname : Ns Ar port Ns / Ns Pa any/other/path .
.Pp
.Fn BIO_set_conn_port
sets the port to
.Fa port .
.Fa port


is looked up as a service using
.Xr getaddrinfo 3












.Pp
.Fn BIO_set_conn_ip
sets the IP address to
.Fa ip
using binary form i.e. four bytes specifying the IP address
in big-endian form.
.Pp
.Fn BIO_set_conn_int_port
sets the port using
.Fa port .
.Fa port
should
be of type
.Vt "int *" .
.Pp
.Fn BIO_get_conn_hostname
returns the hostname of the connect BIO or
.Dv NULL
if the BIO is initialized but no hostname is set.
This return value is an internal pointer which should not be modified.
.Pp
.Fn BIO_get_conn_port
returns the port as a string.
This return value is an internal pointer which should not be modified.
.Pp
.Fn BIO_get_conn_ip
returns the IP address in binary form.
.Pp
.Fn BIO_get_conn_int_port
returns the port as an
.Vt int .
.Pp
.Fn BIO_set_nbio
sets the non-blocking I/O flag to
.Fa n .
If
.Fa n
is zero then blocking I/O is set.
If
.Fa n
is 1 then non-blocking I/O is set.
Blocking I/O is the default.
The call to
.Fn BIO_set_nbio
should be made before the connection is established
because non-blocking I/O is set during the connect process.
.Pp
.Fn BIO_new_connect
combines
.Xr BIO_new 3
and
.Fn BIO_set_conn_hostname
into a single call.
It creates a new connect BIO with
.Fa name .
.Pp
.Fn BIO_do_connect
attempts to connect the supplied BIO.
It returns 1 if the connection was established successfully.
A zero or negative value is returned if the connection
could not be established.
The call
.Xr BIO_should_retry 3
should be used for non-blocking connect BIOs
to determine if the call should be retried.
.Pp
If blocking I/O is set then a non-positive return value from any
I/O call is caused by an error condition, although a zero return
will normally mean that the connection was closed.
.Pp
If the port name is supplied as part of the host name then this will
override any value set with
.Fn BIO_set_conn_port .
This may be undesirable if the application does not wish to allow
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
.Fn BIO_do_connect
but may wish to do so to separate the connection process
from other I/O processing.
.Pp
If non-blocking I/O is set,
then retries will be requested as appropriate.
.Pp
It addition to
.Xr BIO_should_read 3
and
.Xr BIO_should_write 3
it is also possible for
.Xr BIO_should_io_special 3
to be true during the initial connection process with the reason
.Dv BIO_RR_CONNECT .







|







275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
.Fn BIO_do_connect
but may wish to do so to separate the connection process
from other I/O processing.
.Pp
If non-blocking I/O is set,
then retries will be requested as appropriate.
.Pp
In addition to
.Xr BIO_should_read 3
and
.Xr BIO_should_write 3
it is also possible for
.Xr BIO_should_io_special 3
to be true during the initial connection process with the reason
.Dv BIO_RR_CONNECT .
326
327
328
329
330
331
332


	if (len <= 0)
		break;
	BIO_write(out, tmpbuf, len);
}
BIO_free(cbio);
BIO_free(out);
.Ed









>
>
363
364
365
366
367
368
369
370
371
	if (len <= 0)
		break;
	BIO_write(out, tmpbuf, len);
}
BIO_free(cbio);
BIO_free(out);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_s_fd.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

16





17



18
19
20
21
22
23
24


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_FD 3
.Os
.Sh NAME
.Nm BIO_s_fd ,
.Nm BIO_set_fd ,
.Nm BIO_get_fd ,
.Nm BIO_new_fd
.Nd file descriptor BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_fd
.Fa "void"
.Fc

.Fd #define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)





.Fd #define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)



.Ft BIO *
.Fo BIO_new_fd
.Fa "int fd"
.Fa "int close_flag"
.Fc
.Sh DESCRIPTION
.Fn BIO_s_fd
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|














>
|
>
>
>
>
>
|
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
.\"	$OpenBSD: BIO_s_fd.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_S_FD 3
.Os
.Sh NAME
.Nm BIO_s_fd ,
.Nm BIO_set_fd ,
.Nm BIO_get_fd ,
.Nm BIO_new_fd
.Nd file descriptor BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_fd
.Fa "void"
.Fc
.Ft long
.Fo BIO_set_fd
.Fa "BIO *b"
.Fa "int fd"
.Fa "long close_flag"
.Fc
.Ft long
.Fo BIO_get_fd
.Fa "BIO *b"
.Fa "int *c"
.Fc
.Ft BIO *
.Fo BIO_new_fd
.Fa "int fd"
.Fa "int close_flag"
.Fc
.Sh DESCRIPTION
.Fn BIO_s_fd
35
36
37
38
39
40
41
42


43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

60
61
62
63
64

65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102





103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121


122
123
124


125
126
127
128
129
130
131
132
133
134
135

136

137
.Xr BIO_puts 3
is supported but
.Xr BIO_gets 3
is not.
.Pp
If the close flag is set,
.Xr close 2
is called on the underlying file descriptor when the BIO is freed.


.Pp
.Xr BIO_reset 3
attempts to set the file pointer to the start of the file using
.Fn lseek fd 0 0 .
.Pp
.Xr BIO_seek 3
sets the file pointer to position
.Fa ofs
from start of file using
.Fn lseek fd ofs 0 .
.Pp
.Xr BIO_tell 3
returns the current file position by calling
.Fn lseek fd 0 1 .
.Pp
.Fn BIO_set_fd
sets the file descriptor of BIO

.Fa b
to
.Fa fd
and the close flag to
.Fa c .

.Pp
.Fn BIO_get_fd
places the file descriptor in
.Fa c
if it is not
.Dv NULL ,
it also returns the file descriptor.
If
.Fa c
is not
.Dv NULL ,
it should be of type
.Vt "int *" .
.Pp
.Fn BIO_new_fd
returns a file descriptor BIO using
.Fa fd
and
.Fa close_flag .
.Sh NOTES
The behaviour of
.Xr BIO_read 3
and
.Xr BIO_write 3
depends on the behavior of the platform's
.Xr read 2
and
.Xr write 2
calls on the descriptor.
If the underlying file descriptor is in a non blocking mode,
then the BIO will behave in the manner described in the
.Xr BIO_read 3
and
.Xr BIO_should_retry 3
manual pages.
.Pp
File descriptor BIOs should not be used for socket I/O.
Use socket BIOs instead.





.Sh RETURN VALUES
.Fn BIO_s_fd
returns the file descriptor BIO method.
.Pp
.Xr BIO_reset 3
returns zero for success and -1 if an error occurred.
.Xr BIO_seek 3
and
.Xr BIO_tell 3
return the current file position or -1 if an error occurred.
These values reflect the underlying
.Xr lseek 2
behaviour.
.Pp
.Fn BIO_set_fd
always returns 1.
.Pp
.Fn BIO_get_fd
returns the file descriptor or -1 if the BIO has not been initialized.


.Pp
.Fn BIO_new_fd
returns the newly allocated BIO or


.Dv NULL
if an error occurred.
.Sh EXAMPLE
This is a file descriptor BIO version of "Hello World":
.Bd -literal -offset indent
BIO *out;
out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
BIO_printf(out, "Hello World\en");
BIO_free(out);
.Ed
.Sh SEE ALSO

.Xr BIO_read 3 ,

.Xr BIO_seek 3







|
>
>
















|
>




|
>





|
|
<
<
|
<
<
<






|









|








>
>
>
>
>




<
<
<
<
<
<
<
<
<
<




|
>
>


|
>
>


|








>

>

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134


135



136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169










170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
.Xr BIO_puts 3
is supported but
.Xr BIO_gets 3
is not.
.Pp
If the close flag is set,
.Xr close 2
is called on the underlying file descriptor when the
.Vt BIO
is freed.
.Pp
.Xr BIO_reset 3
attempts to set the file pointer to the start of the file using
.Fn lseek fd 0 0 .
.Pp
.Xr BIO_seek 3
sets the file pointer to position
.Fa ofs
from start of file using
.Fn lseek fd ofs 0 .
.Pp
.Xr BIO_tell 3
returns the current file position by calling
.Fn lseek fd 0 1 .
.Pp
.Fn BIO_set_fd
sets the file descriptor of
.Vt BIO
.Fa b
to
.Fa fd
and the close flag to
.Fa close_flag .
It is currently implemented as a macro.
.Pp
.Fn BIO_get_fd
places the file descriptor in
.Fa c
if it is not
.Dv NULL
and also returns the file descriptor.


It is currently implemented as a macro.



.Pp
.Fn BIO_new_fd
returns a file descriptor BIO using
.Fa fd
and
.Fa close_flag .
.Pp
The behaviour of
.Xr BIO_read 3
and
.Xr BIO_write 3
depends on the behavior of the platform's
.Xr read 2
and
.Xr write 2
calls on the descriptor.
If the underlying file descriptor is in a non-blocking mode,
then the BIO will behave in the manner described in the
.Xr BIO_read 3
and
.Xr BIO_should_retry 3
manual pages.
.Pp
File descriptor BIOs should not be used for socket I/O.
Use socket BIOs instead.
.Pp
.Fn BIO_set_fd
and
.Fn BIO_get_fd
are implemented as macros.
.Sh RETURN VALUES
.Fn BIO_s_fd
returns the file descriptor BIO method.
.Pp










.Fn BIO_set_fd
always returns 1.
.Pp
.Fn BIO_get_fd
returns the file descriptor or -1 if the
.Vt BIO
has not been initialized.
.Pp
.Fn BIO_new_fd
returns the newly allocated
.Vt BIO
or
.Dv NULL
if an error occurred.
.Sh EXAMPLES
This is a file descriptor BIO version of "Hello World":
.Bd -literal -offset indent
BIO *out;
out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
BIO_printf(out, "Hello World\en");
BIO_free(out);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr BIO_read 3 ,
.Xr BIO_s_socket 3 ,
.Xr BIO_seek 3
Changes to jni/libressl/man/BIO_s_file.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_FILE 3
.Os
.Sh NAME
.Nm BIO_s_file ,
.Nm BIO_new_file ,
.Nm BIO_new_fp ,
.Nm BIO_set_fp ,
.Nm BIO_get_fp ,
.Nm BIO_read_filename ,
.Nm BIO_write_filename ,
.Nm BIO_append_filename ,
.Nm BIO_rw_filename
.Nd FILE bio
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_file
.Fa void
.Fc
.Ft BIO *
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|












|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
.\"	$OpenBSD: BIO_s_file.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2010 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_S_FILE 3
.Os
.Sh NAME
.Nm BIO_s_file ,
.Nm BIO_new_file ,
.Nm BIO_new_fp ,
.Nm BIO_set_fp ,
.Nm BIO_get_fp ,
.Nm BIO_read_filename ,
.Nm BIO_write_filename ,
.Nm BIO_append_filename ,
.Nm BIO_rw_filename
.Nd FILE BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_file
.Fa void
.Fc
.Ft BIO *
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
and
.Fn BIO_rw_filename
set the file BIO
.Fa b
to use file
.Fa name
for reading, writing, append or read write respectively.
.Sh NOTES
When wrapping stdout, stdin, or stderr, the underlying stream
should not normally be closed, so the
.Dv BIO_NOCLOSE
flag should be set.
.Pp
Because the file BIO calls the underlying stdio functions, any quirks
in stdio behaviour will be mirrored by the corresponding BIO.







|







197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
and
.Fn BIO_rw_filename
set the file BIO
.Fa b
to use file
.Fa name
for reading, writing, append or read write respectively.
.Pp
When wrapping stdout, stdin, or stderr, the underlying stream
should not normally be closed, so the
.Dv BIO_NOCLOSE
flag should be set.
.Pp
Because the file BIO calls the underlying stdio functions, any quirks
in stdio behaviour will be mirrored by the corresponding BIO.
228
229
230
231
232
233
234

235
236
237
238
239
240
241
242
243
244
245
246
247
248
out = BIO_new(BIO_s_file());
if(out == NULL) /* Error ... */
if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
BIO_printf(out, "Hello World\en");
BIO_free(out);
.Ed
.Sh SEE ALSO

.Xr BIO_read 3 ,
.Xr BIO_seek 3
.Sh BUGS
.Xr BIO_reset 3
and
.Xr BIO_seek 3
are implemented using
.Xr fseek 3
on the underlying stream.
The return value for
.Xr fseek 3
is 0 for success or -1 if an error occurred.
This differs from other types of BIO which will typically return
1 for success and a non positive value if an error occurred.







>













|
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
out = BIO_new(BIO_s_file());
if(out == NULL) /* Error ... */
if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
BIO_printf(out, "Hello World\en");
BIO_free(out);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr BIO_read 3 ,
.Xr BIO_seek 3
.Sh BUGS
.Xr BIO_reset 3
and
.Xr BIO_seek 3
are implemented using
.Xr fseek 3
on the underlying stream.
The return value for
.Xr fseek 3
is 0 for success or -1 if an error occurred.
This differs from other types of BIO which will typically return
1 for success and a non-positive value if an error occurred.
Changes to jni/libressl/man/BIO_s_mem.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_MEM 3
.Os
.Sh NAME
.Nm BIO_s_mem ,
.Nm BIO_set_mem_eof_return ,
.Nm BIO_get_mem_data ,
.Nm BIO_set_mem_buf ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BIO_s_mem.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_S_MEM 3
.Os
.Sh NAME
.Nm BIO_s_mem ,
.Nm BIO_set_mem_eof_return ,
.Nm BIO_get_mem_data ,
.Nm BIO_set_mem_buf ,
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
.Pp
.Xr BIO_eof 3
is true if no data is in the BIO.
.Pp
.Xr BIO_ctrl_pending 3
returns the number of bytes currently stored.
.Pp
.Xr BIO_set_mem_eof_return 3
sets the behaviour of memory BIO
.Fa b
when it is empty.
If
.Fa v
is zero, then an empty memory BIO will return EOF:
It will return zero and
.Fn BIO_should_retry
will be false.
If
.Fa v
is non-zero then it will return
.Fa v
when it is empty and it will set the read retry flag:







|






|







123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
.Pp
.Xr BIO_eof 3
is true if no data is in the BIO.
.Pp
.Xr BIO_ctrl_pending 3
returns the number of bytes currently stored.
.Pp
.Fn BIO_set_mem_eof_return
sets the behaviour of memory BIO
.Fa b
when it is empty.
If
.Fa v
is zero, then an empty memory BIO will return EOF:
it will return zero and
.Fn BIO_should_retry
will be false.
If
.Fa v
is non-zero then it will return
.Fa v
when it is empty and it will set the read retry flag:
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
and returns the total amount of data available.
It is implemented as a macro.
.Pp
.Fn BIO_set_mem_buf
sets the internal BUF_MEM structure to
.Fa bm
and sets the close flag to
.Fa c ,
that is
.Fa c
should be either
.Dv BIO_CLOSE
or
.Dv BIO_NOCLOSE .
.Fn BIO_set_mem_buf
is a macro.







|
|







155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
and returns the total amount of data available.
It is implemented as a macro.
.Pp
.Fn BIO_set_mem_buf
sets the internal BUF_MEM structure to
.Fa bm
and sets the close flag to
.Fa c .
That is,
.Fa c
should be either
.Dv BIO_CLOSE
or
.Dv BIO_NOCLOSE .
.Fn BIO_set_mem_buf
is a macro.
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
This is useful when some data needs to be made available
from a static area of memory in the form of a BIO.
The supplied data is read directly from the supplied buffer:
it is
.Em not
copied first, so the supplied area of memory must be unchanged
until the BIO is freed.
.Sh NOTES
Writes to memory BIOs will always succeed if memory is available:
their size can grow indefinitely.
.Pp
Every read from a read/write memory BIO will remove the data just read
with an internal copy operation.
If a BIO contains a lot of data and it is read in small chunks,
the operation can be very slow.







|







191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
This is useful when some data needs to be made available
from a static area of memory in the form of a BIO.
The supplied data is read directly from the supplied buffer:
it is
.Em not
copied first, so the supplied area of memory must be unchanged
until the BIO is freed.
.Pp
Writes to memory BIOs will always succeed if memory is available:
their size can grow indefinitely.
.Pp
Every read from a read/write memory BIO will remove the data just read
with an internal copy operation.
If a BIO contains a lot of data and it is read in small chunks,
the operation can be very slow.
176
177
178
179
180
181
182


183
184
185
186
187
188
189
190
.Bd -literal -offset indent
BUF_MEM *bptr;
BIO_get_mem_ptr(mem, &bptr);
/* Make sure BIO_free() leaves BUF_MEM alone. */
BIO_set_close(mem, BIO_NOCLOSE);
BIO_free(mem);
.Ed


.Sh BUGS
There should be an option to set the maximum size of a memory BIO.
.Pp
There should be a way to "rewind" a read/write BIO without destroying
its contents.
.Pp
The copying operation should not occur after every small read
of a large BIO to improve efficiency.







>
>








226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
.Bd -literal -offset indent
BUF_MEM *bptr;
BIO_get_mem_ptr(mem, &bptr);
/* Make sure BIO_free() leaves BUF_MEM alone. */
BIO_set_close(mem, BIO_NOCLOSE);
BIO_free(mem);
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
.Sh BUGS
There should be an option to set the maximum size of a memory BIO.
.Pp
There should be a way to "rewind" a read/write BIO without destroying
its contents.
.Pp
The copying operation should not occur after every small read
of a large BIO to improve efficiency.
Changes to jni/libressl/man/BIO_s_null.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32




















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_NULL 3
.Os
.Sh NAME
.Nm BIO_s_null
.Nd null data sink
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_null
.Fa void
.Fc
.Sh DESCRIPTION
.Fn BIO_s_null
returns the null sink BIO method.
Data written to the null sink is discarded, reads return EOF.
.Sh NOTES
A null sink BIO behaves in a similar manner to the
.Xr null 4
device.
.Pp
A null bio can be placed on the end of a chain to discard any data
passed through it.
.Pp
A null sink is useful if, for example, an application wishes
to digest some data by writing through a digest bio
but not send the digested data anywhere.
Since a BIO chain must normally include a source/sink BIO,
this can be achieved by adding a null sink BIO to the end of the chain.
.Sh RETURN VALUES
.Fn BIO_s_null
returns the null sink BIO method.


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|















|




|










>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
.\"	$OpenBSD: BIO_s_null.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL e117a890 Sep 14 12:14:41 2000 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_S_NULL 3
.Os
.Sh NAME
.Nm BIO_s_null
.Nd null data sink
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_null
.Fa void
.Fc
.Sh DESCRIPTION
.Fn BIO_s_null
returns the null sink BIO method.
Data written to the null sink is discarded, reads return EOF.
.Pp
A null sink BIO behaves in a similar manner to the
.Xr null 4
device.
.Pp
A null BIO can be placed on the end of a chain to discard any data
passed through it.
.Pp
A null sink is useful if, for example, an application wishes
to digest some data by writing through a digest bio
but not send the digested data anywhere.
Since a BIO chain must normally include a source/sink BIO,
this can be achieved by adding a null sink BIO to the end of the chain.
.Sh RETURN VALUES
.Fn BIO_s_null
returns the null sink BIO method.
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_s_socket.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_S_SOCKET 3
.Os
.Sh NAME
.Nm BIO_s_socket ,
.Nm BIO_new_socket
.Nd socket BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_socket
.Fa void
.Fc
.Ft long
.Fo BIO_set_fd
.Fa "BIO *b"
.Fa "int fd"
.Fa "long close_flag"
.Fc
.Ft long
.Fo BIO_get_fd
.Fa "BIO *b"
.Fa "int *c"
.Fc
.Ft BIO *
.Fo BIO_new_socket
.Fa "int sock"
.Fa "int close_flag"
.Fc
.Sh DESCRIPTION
.Fn BIO_s_socket
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|












<
<
<
<
<
<
<
<
<
<
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63











64
65
66
67
68
69
70
.\"	$OpenBSD: BIO_s_socket.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL bbdc9c98 Oct 19 22:02:21 2000 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_S_SOCKET 3
.Os
.Sh NAME
.Nm BIO_s_socket ,
.Nm BIO_new_socket
.Nd socket BIO
.Sh SYNOPSIS
.In openssl/bio.h
.Ft BIO_METHOD *
.Fo BIO_s_socket
.Fa void
.Fc











.Ft BIO *
.Fo BIO_new_socket
.Fa "int sock"
.Fa "int close_flag"
.Fc
.Sh DESCRIPTION
.Fn BIO_s_socket
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99



is supported but
.Xr BIO_gets 3
is not.
.Pp
If the close flag is set, then the socket is shut down and closed
when the BIO is freed.
.Pp
.Fn BIO_set_fd
sets the socket of BIO
.Fa b
to
.Fa fd
and the close flag to
.Fa close_flag .
.Pp
.Fn BIO_get_fd
places the socket in
.Fa c
if it is not
.Dv NULL ,
it also returns the socket.
If
.Fa c
is not
.Dv NULL
it should be of type
.Vt "int *" .
.Pp
.Fn BIO_new_socket
returns a socket BIO using
.Fa sock
and
.Fa close_flag .
.Sh NOTES
Socket BIOs also support any relevant functionality of file descriptor BIOs.
.Pp
The reason for having separate file descriptor and socket BIOs
is that on some platforms, sockets are not file descriptors
and use distinct I/O routines.
Windows is one such platform.
Any code mixing the two will not work on all platforms.
.Pp
.Fn BIO_set_fd
and
.Fn BIO_get_fd
are macros.
.Sh RETURN VALUES
.Fn BIO_s_socket
returns the socket BIO method.
.Pp
.Fn BIO_set_fd
always returns 1.
.Pp
.Fn BIO_get_fd
returns the socket or -1 if the BIO has not been initialized.
.Pp
.Fn BIO_new_socket
returns the newly allocated BIO or
.Dv NULL
if an error occurred.










<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





|







<
<
<
<
<




<
<
<
<
<
<




>
>
>
79
80
81
82
83
84
85





















86
87
88
89
90
91
92
93
94
95
96
97
98





99
100
101
102






103
104
105
106
107
108
109
is supported but
.Xr BIO_gets 3
is not.
.Pp
If the close flag is set, then the socket is shut down and closed
when the BIO is freed.
.Pp





















.Fn BIO_new_socket
returns a socket BIO using
.Fa sock
and
.Fa close_flag .
.Pp
Socket BIOs also support any relevant functionality of file descriptor BIOs.
.Pp
The reason for having separate file descriptor and socket BIOs
is that on some platforms, sockets are not file descriptors
and use distinct I/O routines.
Windows is one such platform.
Any code mixing the two will not work on all platforms.





.Sh RETURN VALUES
.Fn BIO_s_socket
returns the socket BIO method.
.Pp






.Fn BIO_new_socket
returns the newly allocated BIO or
.Dv NULL
if an error occurred.
.Sh SEE ALSO
.Xr BIO_get_fd 3 ,
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_set_callback.3.


















































1
2
3
4
5
6
7
8
9
10
11
12

13




14



15




16


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

129




















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_SET_CALLBACK 3
.Os
.Sh NAME
.Nm BIO_set_callback ,
.Nm BIO_get_callback ,
.Nm BIO_set_callback_arg ,
.Nm BIO_get_callback_arg ,
.Nm BIO_debug_callback
.Nd BIO callback functions
.Sh SYNOPSIS
.In openssl/bio.h

.Fd #define BIO_set_callback(b,cb)		((b)->callback=(cb))




.Fd #define BIO_get_callback(b)			((b)->callback)



.Fd #define BIO_set_callback_arg(b,arg)	((b)->cb_arg=(char *)(arg))




.Fd #define BIO_get_callback_arg(b)		((b)->cb_arg)


.Ft long
.Fo BIO_debug_callback
.Fa "BIO *bio"
.Fa "int cmd"
.Fa "const char *argp"
.Fa "int argi"
.Fa "long argl"
.Fa "long ret"
.Fc
.Ft typedef long *
.Fo callback
.Fa "BIO *b"
.Fa "int oper"
.Fa "const char *argp"
.Fa "int argi"
.Fa "long argl"
.Fa "long retvalue"
.Fc
.Sh DESCRIPTION
.Fn BIO_set_callback
and
.Fn BIO_get_callback
set and retrieve the BIO callback, they are both macros.
The callback is called during most high level BIO operations.
It can be used for debugging purposes to trace operations on a BIO
or to modify its operation.
.Pp
.Fn BIO_set_callback_arg
and
.Fn BIO_get_callback_arg
are macros which can be used to set and retrieve an argument
for use in the callback.
.Pp
.Fn BIO_debug_callback
is a standard debugging callback which prints
out information relating to each BIO operation.
If the callback argument is set, it is interpreted as a BIO
to send the information to, otherwise stderr is used.
.Pp
.Fn callback
is the callback function itself.
The meaning of each argument is described below.
.Pp
The BIO the callback is attached to is passed in
.Fa b .
.Pp
.Fa oper
is set to the operation being performed.
For some operations the callback is called twice,
once before and once after the actual operation.
The latter case has
.Fa oper
or'ed with
.Dv BIO_CB_RETURN .
.Pp
The meaning of the arguments
.Fa argp ,
.Fa argi
and
.Fa argl
depends on the value of
.Fa oper ,
that is the operation being performed.
.Pp
.Fa retvalue
is the return value that would be returned to the application
if no callback were present.
The actual value returned is the return value of the callback itself.
In the case of callbacks called before the actual BIO operation,
1 is placed in retvalue.

If the return value is not positive, it will be immediately returned to
the application and the BIO operation will not be performed.
.Pp
The callback should normally simply return
.Fa retvalue
when it has finished processing, unless it specifically wishes
to modify the value returned to the application.
.Ss Callback operations
.Bl -tag -width Ds
.It Fn BIO_free b
.Fn callback b BIO_CB_FREE NULL 0L 0L 1L
is called before the free operation.
.It Fn BIO_read b out outl
.Fn callback b BIO_CB_READ out outl 0L 1L
is called before the read and
.Fn callback b BIO_CB_READ|BIO_CB_RETURN out outl 0L retvalue
after.
.It Fn BIO_write b in inl
.Fn callback b BIO_CB_WRITE in inl 0L 1L
is called before the write and
.Fn callback b BIO_CB_WRITE|BIO_CB_RETURN in inl 0L retvalue
after.
.It Fn BIO_gets b out outl
.Fn callback b BIO_CB_GETS out outl 0L 1L
is called before the operation and
.Fn callback b BIO_CB_GETS|BIO_CB_RETURN out outl 0L retvalue
after.
.It Fn BIO_puts b in
.Fn callback b BIO_CB_WRITE in 0 0L 1L
is called before the operation and
.Fn callback b BIO_CB_WRITE|BIO_CB_RETURN in 0 0L retvalue
after.
.It Fn BIO_ctrl b cmd larg parg
.Fn callback b BIO_CB_CTRL parg cmd larg 1L
is called before the call and
.Fn callback b BIO_CB_CTRL|BIO_CB_RETURN parg cmd larg ret
after.
.El
.Sh EXAMPLES
The
.Fn BIO_debug_callback
function is a good example, its source is in the file

.Pa crypto/bio/bio_cb.c .


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|











>
|
>
>
>
>
|
>
>
>
|
>
>
>
>
|
>
>



|





|
|





|





|







<
|







|
|




















|
|

|




|
>




|










|




|




|




|

|
|

|





|
>

>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
.\"	$OpenBSD: BIO_set_callback.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_SET_CALLBACK 3
.Os
.Sh NAME
.Nm BIO_set_callback ,
.Nm BIO_get_callback ,
.Nm BIO_set_callback_arg ,
.Nm BIO_get_callback_arg ,
.Nm BIO_debug_callback
.Nd BIO callback functions
.Sh SYNOPSIS
.In openssl/bio.h
.Ft void
.Fo BIO_set_callback
.Fa "BIO *b"
.Fa "BIO_callback_fn cb"
.Fc
.Ft BIO_callback_fn
.Fo BIO_get_callback
.Fa "BIO *b"
.Fc
.Ft void
.Fo BIO_set_callback_arg
.Fa "BIO *b"
.Fa "char *arg"
.Fc
.Ft char *
.Fo BIO_get_callback_arg
.Fa "const BIO *b"
.Fc
.Ft long
.Fo BIO_debug_callback
.Fa "BIO *bio"
.Fa "int oper"
.Fa "const char *argp"
.Fa "int argi"
.Fa "long argl"
.Fa "long ret"
.Fc
.Ft typedef long
.Fo "(*BIO_callback_fn)"
.Fa "BIO *b"
.Fa "int oper"
.Fa "const char *argp"
.Fa "int argi"
.Fa "long argl"
.Fa "long ret"
.Fc
.Sh DESCRIPTION
.Fn BIO_set_callback
and
.Fn BIO_get_callback
set and retrieve the BIO callback.
The callback is called during most high level BIO operations.
It can be used for debugging purposes to trace operations on a BIO
or to modify its operation.
.Pp
.Fn BIO_set_callback_arg
and
.Fn BIO_get_callback_arg

set and retrieve an argument for use in the callback.
.Pp
.Fn BIO_debug_callback
is a standard debugging callback which prints
out information relating to each BIO operation.
If the callback argument is set, it is interpreted as a BIO
to send the information to, otherwise stderr is used.
.Pp
.Fn BIO_callback_fn
is the type of the callback function.
The meaning of each argument is described below.
.Pp
The BIO the callback is attached to is passed in
.Fa b .
.Pp
.Fa oper
is set to the operation being performed.
For some operations the callback is called twice,
once before and once after the actual operation.
The latter case has
.Fa oper
or'ed with
.Dv BIO_CB_RETURN .
.Pp
The meaning of the arguments
.Fa argp ,
.Fa argi
and
.Fa argl
depends on the value of
.Fa oper
(i.e. the operation being performed).
.Pp
.Fa ret
is the return value that would be returned to the application
if no callback were present.
The actual value returned is the return value of the callback itself.
In the case of callbacks called before the actual BIO operation,
1 is placed in
.Fa ret .
If the return value is not positive, it will be immediately returned to
the application and the BIO operation will not be performed.
.Pp
The callback should normally simply return
.Fa ret
when it has finished processing, unless it specifically wishes
to modify the value returned to the application.
.Ss Callback operations
.Bl -tag -width Ds
.It Fn BIO_free b
.Fn callback b BIO_CB_FREE NULL 0L 0L 1L
is called before the free operation.
.It Fn BIO_read b out outl
.Fn callback b BIO_CB_READ out outl 0L 1L
is called before the read and
.Fn callback b BIO_CB_READ|BIO_CB_RETURN out outl 0L ret
after.
.It Fn BIO_write b in inl
.Fn callback b BIO_CB_WRITE in inl 0L 1L
is called before the write and
.Fn callback b BIO_CB_WRITE|BIO_CB_RETURN in inl 0L ret
after.
.It Fn BIO_gets b out outl
.Fn callback b BIO_CB_GETS out outl 0L 1L
is called before the operation and
.Fn callback b BIO_CB_GETS|BIO_CB_RETURN out outl 0L ret
after.
.It Fn BIO_puts b in
.Fn callback b BIO_CB_WRITE in 0 0L 1L
is called before the operation and
.Fn callback b BIO_CB_WRITE|BIO_CB_RETURN in 0 0L ret
after.
.It Fn BIO_ctrl b oper larg parg
.Fn callback b BIO_CB_CTRL parg oper larg 1L
is called before the call and
.Fn callback b BIO_CB_CTRL|BIO_CB_RETURN parg oper larg ret
after.
.El
.Sh EXAMPLES
The
.Fn BIO_debug_callback
function is a good example.
Its source is in the file
.Pa crypto/bio/bio_cb.c .
.Sh SEE ALSO
.Xr BIO_new 3
Changes to jni/libressl/man/BIO_should_retry.3.


















































1
2
3
4
5
6
7
8
9

10
11
12
13
14
15
16



17



18



19



20


21
22
23
24
25
26
27


















































.Dd $Mdocdate: July 17 2014 $
.Dt BIO_SHOULD_RETRY 3
.Os
.Sh NAME
.Nm BIO_should_retry ,
.Nm BIO_should_read ,
.Nm BIO_should_write ,
.Nm BIO_should_io_special ,
.Nm BIO_retry_type ,

.Nm BIO_get_retry_BIO ,
.Nm BIO_get_retry_reason
.Nd BIO retry functions
.Sh SYNOPSIS
.In openssl/bio.h
.Pp
.Fd #define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)



.Fd #define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)



.Fd #define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)



.Fd #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)



.Fd #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)


.Fd #define BIO_FLAGS_READ			0x01
.Fd #define BIO_FLAGS_WRITE			0x02
.Fd #define BIO_FLAGS_IO_SPECIAL		0x04
.Fd #define BIO_FLAGS_RWS \e
.Fd \&	(BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
.Fd #define BIO_FLAGS_SHOULD_RETRY	0x08
.Ft BIO *
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|








>





|
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
.\"	$OpenBSD: BIO_should_retry.3,v 1.5 2016/12/06 14:45:08 schwarze Exp $
.\"	OpenSSL 60e24554 Apr 6 14:45:18 2010 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2010, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt BIO_SHOULD_RETRY 3
.Os
.Sh NAME
.Nm BIO_should_retry ,
.Nm BIO_should_read ,
.Nm BIO_should_write ,
.Nm BIO_should_io_special ,
.Nm BIO_retry_type ,
.Nm BIO_should_retry ,
.Nm BIO_get_retry_BIO ,
.Nm BIO_get_retry_reason
.Nd BIO retry functions
.Sh SYNOPSIS
.In openssl/bio.h
.Ft int
.Fo BIO_should_read
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_should_write
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_should_io_special
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_retry_type
.Fa "BIO *b"
.Fc
.Ft int
.Fo BIO_should_retry
.Fa "BIO *b"
.Fc
.Fd #define BIO_FLAGS_READ			0x01
.Fd #define BIO_FLAGS_WRITE			0x02
.Fd #define BIO_FLAGS_IO_SPECIAL		0x04
.Fd #define BIO_FLAGS_RWS \e
.Fd \&	(BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
.Fd #define BIO_FLAGS_SHOULD_RETRY	0x08
.Ft BIO *
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
.Fn BIO_should_read
is true if the cause of the condition is that a BIO needs to read data.
.Pp
.Fn BIO_should_write
is true if the cause of the condition is that a BIO needs to write data.
.Pp
.Fn BIO_should_io_special
is true if some "special" condition, that is a reason other than
reading or writing, is the cause of the condition.
.Pp
.Fn BIO_retry_type
returns a mask of the cause of a retry condition consisting of the values
.Dv BIO_FLAGS_READ ,
.Dv BIO_FLAGS_WRITE ,
.Dv BIO_FLAGS_IO_SPECIAL
though current BIO types will only set one of these.







|
|







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
.Fn BIO_should_read
is true if the cause of the condition is that a BIO needs to read data.
.Pp
.Fn BIO_should_write
is true if the cause of the condition is that a BIO needs to write data.
.Pp
.Fn BIO_should_io_special
is true if some "special" condition
(i.e. a reason other than reading or writing) is the cause of the condition.
.Pp
.Fn BIO_retry_type
returns a mask of the cause of a retry condition consisting of the values
.Dv BIO_FLAGS_READ ,
.Dv BIO_FLAGS_WRITE ,
.Dv BIO_FLAGS_IO_SPECIAL
though current BIO types will only set one of these.
76
77
78
79
80
81
82
83








84
85
86
87
88
89
90
The meaning of the reason code and the action that should be taken
depends on the type of BIO that resulted in this condition.
.Pp
.Fn BIO_get_retry_reason
returns the reason for a special condition
if passed the relevant BIO, for example as returned by
.Fn BIO_get_retry_BIO .
.Sh NOTES








If
.Fn BIO_should_retry
returns false, then the precise "error condition" depends on
the BIO type that caused it and the return code of the BIO operation.
For example if a call to
.Xr BIO_read 3
on a socket BIO returns 0 and







|
>
>
>
>
>
>
>
>







141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
The meaning of the reason code and the action that should be taken
depends on the type of BIO that resulted in this condition.
.Pp
.Fn BIO_get_retry_reason
returns the reason for a special condition
if passed the relevant BIO, for example as returned by
.Fn BIO_get_retry_BIO .
.Pp
.Fn BIO_should_retry ,
.Fn BIO_should_read ,
.Fn BIO_should_write ,
.Fn BIO_should_io_special ,
and
.Fn BIO_retry_type
are implemented as macros.
.Pp
If
.Fn BIO_should_retry
returns false, then the precise "error condition" depends on
the BIO type that caused it and the return code of the BIO operation.
For example if a call to
.Xr BIO_read 3
on a socket BIO returns 0 and
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140



141
142
143
144
145
is blocking, if a handshake occurs during a call to
.Xr BIO_read 3 .
An application can retry the failed call immediately
or avoid this situation by setting
.Dv SSL_MODE_AUTO_RETRY
on the underlying SSL structure.
.Pp
While an application may retry a failed non blocking call immediately,
this is likely to be very inefficient because the call will fail
repeatedly until data can be processed or is available.
An application will normally wait until the necessary condition
is satisfied.
How this is done depends on the underlying I/O structure.
.Pp
For example if the cause is ultimately a socket and
.Fn BIO_should_read
is true then a call to
.Xr select 2
may be made to wait until data is available
and then retry the BIO operation.
By combining the retry conditions of several non blocking BIOs in a single
.Xr select 2
call it is possible to service several BIOs in a single thread,
though the performance may be poor if SSL BIOs are present because
long delays can occur during the initial handshake process.
.Pp
It is possible for a BIO to block indefinitely if the underlying I/O
structure cannot process or return any data.
This depends on the behaviour of the platforms I/O functions.
This is often not desirable: one solution is to use non blocking I/O
and use a timeout on the
.Xr select 2
(or equivalent) call.



.Sh BUGS
The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O:
they cannot retry after a partial read or write.
This is usually worked around by only passing the relevant data to ASN1
functions when the entire structure can be read or written.







|












|








|



>
>
>

|

|

181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
is blocking, if a handshake occurs during a call to
.Xr BIO_read 3 .
An application can retry the failed call immediately
or avoid this situation by setting
.Dv SSL_MODE_AUTO_RETRY
on the underlying SSL structure.
.Pp
While an application may retry a failed non-blocking call immediately,
this is likely to be very inefficient because the call will fail
repeatedly until data can be processed or is available.
An application will normally wait until the necessary condition
is satisfied.
How this is done depends on the underlying I/O structure.
.Pp
For example if the cause is ultimately a socket and
.Fn BIO_should_read
is true then a call to
.Xr select 2
may be made to wait until data is available
and then retry the BIO operation.
By combining the retry conditions of several non-blocking BIOs in a single
.Xr select 2
call it is possible to service several BIOs in a single thread,
though the performance may be poor if SSL BIOs are present because
long delays can occur during the initial handshake process.
.Pp
It is possible for a BIO to block indefinitely if the underlying I/O
structure cannot process or return any data.
This depends on the behaviour of the platforms I/O functions.
This is often not desirable: one solution is to use non-blocking I/O
and use a timeout on the
.Xr select 2
(or equivalent) call.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr BIO_read 3
.Sh BUGS
The OpenSSL ASN.1 functions cannot gracefully deal with non-blocking I/O:
they cannot retry after a partial read or write.
This is usually worked around by only passing the relevant data to ASN.1
functions when the entire structure can be read or written.
Changes to jni/libressl/man/BN_BLINDING_new.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: February 23 2015 $
.Dt BN_BLINDING_NEW 3
.Os
.Sh NAME
.Nm BN_BLINDING_new ,
.Nm BN_BLINDING_free ,
.Nm BN_BLINDING_update ,
.Nm BN_BLINDING_convert ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BN_BLINDING_new.3,v 1.6 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Nils Larsch <nils@openssl.org>.
.\" Copyright (c) 2005, 2008, 2013, 2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_BLINDING_NEW 3
.Os
.Sh NAME
.Nm BN_BLINDING_new ,
.Nm BN_BLINDING_free ,
.Nm BN_BLINDING_update ,
.Nm BN_BLINDING_convert ,
105
106
107
108
109
110
111





112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
.Vt BN_BLINDING
object.
.Pp
.Fn BN_BLINDING_free
frees the
.Vt BN_BLINDING
structure.





.Pp
.Fn BN_BLINDING_update
updates the
.Vt BN_BLINDING
parameters by squaring the
.Fa A
and
.Fa \&Ai
or, after specific number of uses and if the necessary parameters are
set, by re-creating the blinding parameters.
.Pp
.Fn BN_BLINDING_convert_ex
multiplies
.Fa n
with the blinding factor
.Fa A .
If
.Fa r
is not
.Dv NULL ,
a copy of the inverse blinding factor
.Fa \&Ai
will be returned in
.Fa r
(this is useful if a
.Vt RSA
object is shared among several threads).
.Fn BN_BLINDING_invert_ex
multiplies
.Fa n
with the inverse blinding factor
.Fa \&Ai .







>
>
>
>
>








|















|







156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
.Vt BN_BLINDING
object.
.Pp
.Fn BN_BLINDING_free
frees the
.Vt BN_BLINDING
structure.
If
.Fa b
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn BN_BLINDING_update
updates the
.Vt BN_BLINDING
parameters by squaring the
.Fa A
and
.Fa \&Ai
or, after a specific number of uses and if the necessary parameters are
set, by re-creating the blinding parameters.
.Pp
.Fn BN_BLINDING_convert_ex
multiplies
.Fa n
with the blinding factor
.Fa A .
If
.Fa r
is not
.Dv NULL ,
a copy of the inverse blinding factor
.Fa \&Ai
will be returned in
.Fa r
(this is useful if an
.Vt RSA
object is shared among several threads).
.Fn BN_BLINDING_invert_ex
multiplies
.Fa n
with the inverse blinding factor
.Fa \&Ai .
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
provides access to the
.Vt CRYPTO_THREADID
object within the
.Vt BN_BLINDING
structure.
This is to help users provide proper locking if needed for
multi-threaded use.
The "thread id" object of a newly allocated
.Vt BN_BLINDING
structure is initialised to the thread id in which
.Fn BN_BLINDING_new
was called.
.Pp
.Fn BN_BLINDING_get_flags
returns the
.Dv BN_BLINDING_*
flags.







|

|







219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
provides access to the
.Vt CRYPTO_THREADID
object within the
.Vt BN_BLINDING
structure.
This is to help users provide proper locking if needed for
multi-threaded use.
The thread ID object of a newly allocated
.Vt BN_BLINDING
structure is initialised to the thread ID in which
.Fn BN_BLINDING_new
was called.
.Pp
.Fn BN_BLINDING_get_flags
returns the
.Dv BN_BLINDING_*
flags.
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
.Fa e
and the modulus
.Fa m .
.Fa bn_mod_exp
and
.Fa m_ctx
can be used to pass special functions for exponentiation (normally
.Xr BN_mod_exp_mont 3
and
.Vt BN_MONT_CTX Ns ).
.Sh RETURN VALUES
.Fn BN_BLINDING_new
returns the newly allocated
.Vt BN_BLINDING
structure or
.Dv NULL
in case of an error.
.Pp
.Fn BN_BLINDING_update ,
.Fn BN_BLINDING_convert ,
.Fn BN_BLINDING_invert ,
.Fn BN_BLINDING_convert_ex
and
.Fn BN_BLINDING_invert_ex
return 1 on success and 0 if an error occurred.
.Pp
.Fn BN_BLINDING_thread_id
returns a pointer to the thread id object within a
.Vt BN_BLINDING
object.
.Pp
.Fn BN_BLINDING_get_flags
returns the currently set
.Dv BN_BLINDING_*
flags (an
.Vt unsigned long
value).
.Pp
.Fn BN_BLINDING_create_param
returns the newly created
.Vt BN_BLINDING
parameters or
.Dv NULL
on error.
.Sh SEE ALSO
.Xr bn 3
.Sh HISTORY
.Fn BN_BLINDING_thread_id
was first introduced in OpenSSL 1.0.0, and it deprecates
.Fn BN_BLINDING_set_thread_id
and
.Fn BN_BLINDING_get_thread_id .
.Pp
.Fn BN_BLINDING_convert_ex ,
.Fn BN_BLINDIND_invert_ex ,
.Fn BN_BLINDING_get_thread_id ,
.Fn BN_BLINDING_set_thread_id ,
.Fn BN_BLINDING_set_flags ,
.Fn BN_BLINDING_get_flags
and
.Fn BN_BLINDING_create_param
were first introduced in OpenSSL 0.9.8
.Sh AUTHORS
.An Nils Larsch
for
.Lk http://www.openssl.org/ "the OpenSSL project" .







|

|

















|

















|















|

|
<
<
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323


.Fa e
and the modulus
.Fa m .
.Fa bn_mod_exp
and
.Fa m_ctx
can be used to pass special functions for exponentiation (normally
.Xr BN_mod_exp 3
and
.Vt BN_MONT_CTX ) .
.Sh RETURN VALUES
.Fn BN_BLINDING_new
returns the newly allocated
.Vt BN_BLINDING
structure or
.Dv NULL
in case of an error.
.Pp
.Fn BN_BLINDING_update ,
.Fn BN_BLINDING_convert ,
.Fn BN_BLINDING_invert ,
.Fn BN_BLINDING_convert_ex
and
.Fn BN_BLINDING_invert_ex
return 1 on success and 0 if an error occurred.
.Pp
.Fn BN_BLINDING_thread_id
returns a pointer to the thread ID object within a
.Vt BN_BLINDING
object.
.Pp
.Fn BN_BLINDING_get_flags
returns the currently set
.Dv BN_BLINDING_*
flags (an
.Vt unsigned long
value).
.Pp
.Fn BN_BLINDING_create_param
returns the newly created
.Vt BN_BLINDING
parameters or
.Dv NULL
on error.
.Sh SEE ALSO
.Xr BN_new 3
.Sh HISTORY
.Fn BN_BLINDING_thread_id
was first introduced in OpenSSL 1.0.0, and it deprecates
.Fn BN_BLINDING_set_thread_id
and
.Fn BN_BLINDING_get_thread_id .
.Pp
.Fn BN_BLINDING_convert_ex ,
.Fn BN_BLINDIND_invert_ex ,
.Fn BN_BLINDING_get_thread_id ,
.Fn BN_BLINDING_set_thread_id ,
.Fn BN_BLINDING_set_flags ,
.Fn BN_BLINDING_get_flags
and
.Fn BN_BLINDING_create_param
were first introduced in OpenSSL 0.9.8.
.Sh AUTHORS
.An Nils Larsch Aq Mt nils@openssl.org


Changes to jni/libressl/man/BN_CTX_new.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14


















































.Dd $Mdocdate: July 17 2014 $
.Dt BN_CTX_NEW 3
.Os
.Sh NAME
.Nm BN_CTX_new ,
.Nm BN_CTX_init ,
.Nm BN_CTX_free
.Nd allocate and free BN_CTX structures
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BN_CTX *
.Fo BN_CTX_new
.Fa void
.Fc
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




|
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
.\"	$OpenBSD: BN_CTX_new.3,v 1.5 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL aafbe1cc Jun 12 23:42:08 2013 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_CTX_NEW 3
.Os
.Sh NAME
.Nm BN_CTX_new ,
.Nm BN_CTX_free ,
.Nm BN_CTX_init
.Nd allocate and free BN_CTX structures
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BN_CTX *
.Fo BN_CTX_new
.Fa void
.Fc
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58





59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

84
85
86
87
88
89
90
91
.Fn BN_CTX_new
allocates and initializes a
.Vt BN_CTX
structure.
.Pp
.Fn BN_CTX_free
frees the components of the
.Vt BN_CTX ,
and if it was created by
.Fn BN_CTX_new ,
also the structure itself.
If
.Xr BN_CTX_start 3
has been used on the
.Vt BN_CTX ,
.Xr BN_CTX_end 3
must be called before the
.Vt BN_CTX
may be freed by
.Fn BN_CTX_free .





.Pp
.Fn BN_CTX_init
(deprecated) initializes an existing uninitialized
.Vt BN_CTX .
This should not be used for new programs.
Use
.Fn BN_CTX_new
instead.
.Sh RETURN VALUES
.Fn BN_CTX_new
returns a pointer to the
.Vt BN_CTX .
If the allocation fails, it returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
.Pp
.Fn BN_CTX_init
and
.Fn BN_CTX_free
return no value.
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add 3 ,
.Xr BN_CTX_start 3 ,

.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_CTX_new
and
.Fn BN_CTX_free
are available in all versions on SSLeay and OpenSSL.
.Fn BN_CTX_init
was added in SSLeay 0.9.1b.







|
|











>
>
>
>
>
















<
<
<
<
<

<


>





|


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129





130

131
132
133
134
135
136
137
138
139
140
141
.Fn BN_CTX_new
allocates and initializes a
.Vt BN_CTX
structure.
.Pp
.Fn BN_CTX_free
frees the components of the
.Vt BN_CTX
and, if it was created by
.Fn BN_CTX_new ,
also the structure itself.
If
.Xr BN_CTX_start 3
has been used on the
.Vt BN_CTX ,
.Xr BN_CTX_end 3
must be called before the
.Vt BN_CTX
may be freed by
.Fn BN_CTX_free .
If
.Fa c
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn BN_CTX_init
(deprecated) initializes an existing uninitialized
.Vt BN_CTX .
This should not be used for new programs.
Use
.Fn BN_CTX_new
instead.
.Sh RETURN VALUES
.Fn BN_CTX_new
returns a pointer to the
.Vt BN_CTX .
If the allocation fails, it returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .





.Sh SEE ALSO

.Xr BN_add 3 ,
.Xr BN_CTX_start 3 ,
.Xr BN_new 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_CTX_new
and
.Fn BN_CTX_free
are available in all versions of SSLeay and OpenSSL.
.Fn BN_CTX_init
was added in SSLeay 0.9.1b.
Changes to jni/libressl/man/BN_CTX_start.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: December 15 2000 $
.Dt BN_CTX_START 3
.Os
.Sh NAME
.Nm BN_CTX_start ,
.Nm BN_CTX_get ,
.Nm BN_CTX_end
.Nd use temporary BIGNUM variables
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BN_CTX_start.3,v 1.6 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_CTX_START 3
.Os
.Sh NAME
.Nm BN_CTX_start ,
.Nm BN_CTX_get ,
.Nm BN_CTX_end
.Nd use temporary BIGNUM variables
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

80
81
82
83
84
85
.Fa "BN_CTX *ctx"
.Fc
.Sh DESCRIPTION
These functions are used to obtain temporary
.Vt BIGNUM
variables from a
.Vt BN_CTX
(which can been created by using
.Xr BN_CTX_new 3 )
in order to save the overhead of repeatedly creating and freeing
.Vt BIGNUM Ns s
in functions that are called from inside a loop.
.Pp
A function must call
.Fn BN_CTX_start
first.
Then,
.Fn BN_CTX_get
may be called repeatedly to obtain temporary
.Vt BIGNUM Ns s.
All
.Fn BN_CTX_get
calls must be made before calling any other functions that use the
.Fa ctx
as an argument.
.Pp
Finally,
.Fn BN_CTX_end
must be called before returning from the function.
When
.Fn BN_CTX_end
is called, the
.Vt BIGNUM
pointers obtained from
.Fn BN_CTX_get
become invalid.
.Sh RETURN VALUES
.Fn BN_CTX_start
and
.Fn BN_CTX_end
return no values.
.Pp
.Fn BN_CTX_get
returns a pointer to the
.Vt BIGNUM ,
or
.Dv NULL
on error.
Once
.Fn BN_CTX_get
has failed, the subsequent calls will return
.Dv NULL
as well, so it is sufficient to check the return value of the last
.Fn BN_CTX_get
call.
In case of an error, an error code is set, which can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_CTX_new 3

.Sh HISTORY
.Fn BN_CTX_start ,
.Fn BN_CTX_get ,
and
.Fn BN_CTX_end
were added in OpenSSL 0.9.5.







|











|

















<
<
<
<
<













|


|
>






71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107





108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
.Fa "BN_CTX *ctx"
.Fc
.Sh DESCRIPTION
These functions are used to obtain temporary
.Vt BIGNUM
variables from a
.Vt BN_CTX
(which can be created using
.Xr BN_CTX_new 3 )
in order to save the overhead of repeatedly creating and freeing
.Vt BIGNUM Ns s
in functions that are called from inside a loop.
.Pp
A function must call
.Fn BN_CTX_start
first.
Then,
.Fn BN_CTX_get
may be called repeatedly to obtain temporary
.Vt BIGNUM Ns s .
All
.Fn BN_CTX_get
calls must be made before calling any other functions that use the
.Fa ctx
as an argument.
.Pp
Finally,
.Fn BN_CTX_end
must be called before returning from the function.
When
.Fn BN_CTX_end
is called, the
.Vt BIGNUM
pointers obtained from
.Fn BN_CTX_get
become invalid.
.Sh RETURN VALUES





.Fn BN_CTX_get
returns a pointer to the
.Vt BIGNUM ,
or
.Dv NULL
on error.
Once
.Fn BN_CTX_get
has failed, the subsequent calls will return
.Dv NULL
as well, so it is sufficient to check the return value of the last
.Fn BN_CTX_get
call.
In case of an error, an error code is set which can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_CTX_new 3 ,
.Xr BN_new 3
.Sh HISTORY
.Fn BN_CTX_start ,
.Fn BN_CTX_get ,
and
.Fn BN_CTX_end
were added in OpenSSL 0.9.5.
Changes to jni/libressl/man/BN_add.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: June 16 2014 $
.Dt BN_ADD 3
.Os
.Sh NAME
.Nm BN_add ,
.Nm BN_sub ,
.Nm BN_mul ,
.Nm BN_sqr ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BN_add.3,v 1.7 2017/01/30 01:29:31 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>
.\" and Bodo Moeller <bodo@openssl.org>.
.\" Copyright (c) 2000, 2001, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_ADD 3
.Os
.Sh NAME
.Nm BN_add ,
.Nm BN_sub ,
.Nm BN_mul ,
.Nm BN_sqr ,
140
141
142
143
144
145
146







147
148
149
150
151
152
153
subtracts
.Fa b
from
.Fa a
and places the result in
.Fa r
.Pq Li r=a-b .







.Pp
.Fn BN_mul
multiplies
.Fa a
and
.Fa b
and places the result in







>
>
>
>
>
>
>







191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
subtracts
.Fa b
from
.Fa a
and places the result in
.Fa r
.Pq Li r=a-b .
.Fa r
may be the same
.Vt BIGNUM
as
.Fa a
or
.Fa b .
.Pp
.Fn BN_mul
multiplies
.Fa a
and
.Fa b
and places the result in
203
204
205
206
207
208
209

210
211
212
213
214
215
216
.Fn BN_mod
corresponds to
.Fn BN_div
with
.Fa dv
set to
.Dv NULL .

.Pp
.Fn BN_nnmod
reduces
.Fa a
modulo
.Fa m
and places the non-negative remainder in







>







261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
.Fn BN_mod
corresponds to
.Fn BN_div
with
.Fa dv
set to
.Dv NULL .
It is implemented as a macro.
.Pp
.Fn BN_nnmod
reduces
.Fa a
modulo
.Fa m
and places the non-negative remainder in
317
318
319
320
321
322
323
324
325
326

327
328

329
330
331
332
333
334
335
The return value should always be checked, for example:
.Pp
.Dl if (!BN_add(r,a,b)) goto err;
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add_word 3 ,
.Xr BN_CTX_new 3 ,

.Xr BN_set_bit 3 ,
.Xr ERR_get_error 3

.Sh HISTORY
.Fn BN_add ,
.Fn BN_sub ,
.Fn BN_sqr ,
.Fn BN_div ,
.Fn BN_mod ,
.Fn BN_mod_mul ,







<


>

|
>







376
377
378
379
380
381
382

383
384
385
386
387
388
389
390
391
392
393
394
395
The return value should always be checked, for example:
.Pp
.Dl if (!BN_add(r,a,b)) goto err;
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr BN_add_word 3 ,
.Xr BN_CTX_new 3 ,
.Xr BN_new 3 ,
.Xr BN_set_bit 3 ,
.Xr BN_set_flags 3 ,
.Xr BN_set_negative 3
.Sh HISTORY
.Fn BN_add ,
.Fn BN_sub ,
.Fn BN_sqr ,
.Fn BN_div ,
.Fn BN_mod ,
.Fn BN_mod_mul ,
Changes to jni/libressl/man/BN_add_word.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: February 23 2015 $
.Dt BN_ADD_WORD 3
.Os
.Sh NAME
.Nm BN_add_word ,
.Nm BN_sub_word ,
.Nm BN_mul_word ,
.Nm BN_div_word ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BN_add_word.3,v 1.5 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_ADD_WORD 3
.Os
.Sh NAME
.Nm BN_add_word ,
.Nm BN_sub_word ,
.Nm BN_mul_word ,
.Nm BN_div_word ,
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

107
108
109
110
111
112
113
and returns the remainder.
.Pp
.Fn BN_mod_word
returns the remainder of
.Fa a
divided by
.Fa w
.Pq Li a%w
or (BN_ULONG)-1 on error.
.Pp
For
.Fn BN_div_word
and
.Fn BN_mod_word ,
.Fa w
must not be 0.
.Sh RETURN VALUES
.Fn BN_add_word ,
.Fn BN_sub_word ,
and
.Fn BN_mul_word
return 1 for success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Pp
.Fn BN_mod_word
and
.Fn BN_div_word
return
.Fa a Ns % Ns Fa w
on success and
.Pq Vt BN_ULONG Ns -1
if an error occurred.
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add 3 ,

.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_add_word
and
.Fn BN_mod_word
are available in all versions of SSLeay and OpenSSL.
.Fn BN_div_word







|
<












|









|


<

>







121
122
123
124
125
126
127
128

129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

154
155
156
157
158
159
160
161
162
and returns the remainder.
.Pp
.Fn BN_mod_word
returns the remainder of
.Fa a
divided by
.Fa w
.Pq Li a%w .

.Pp
For
.Fn BN_div_word
and
.Fn BN_mod_word ,
.Fa w
must not be 0.
.Sh RETURN VALUES
.Fn BN_add_word ,
.Fn BN_sub_word ,
and
.Fn BN_mul_word
return 1 for success or 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Pp
.Fn BN_mod_word
and
.Fn BN_div_word
return
.Fa a Ns % Ns Fa w
on success and
.Po Vt BN_ULONG Pc Ns -1
if an error occurred.
.Sh SEE ALSO

.Xr BN_add 3 ,
.Xr BN_new 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_add_word
and
.Fn BN_mod_word
are available in all versions of SSLeay and OpenSSL.
.Fn BN_div_word
Changes to jni/libressl/man/BN_bn2bin.3.


















































1
2
3
4
5
6
7
8
9
10

11
12
13
14
15
16
17


















































.Dd $Mdocdate: July 17 2014 $
.Dt BN_BN2BIN 3
.Os
.Sh NAME
.Nm BN_bn2bin ,
.Nm BN_bin2bn ,
.Nm BN_bn2hex ,
.Nm BN_bn2dec ,
.Nm BN_hex2bn ,
.Nm BN_dec2bn ,

.Nm BN_print ,
.Nm BN_print_fp ,
.Nm BN_bn2mpi ,
.Nm BN_mpi2bn
.Nd format conversions
.Sh SYNOPSIS
.In openssl/bn.h
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|









>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.\"	$OpenBSD: BN_bn2bin.3,v 1.6 2017/01/25 16:12:45 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 25 2017 $
.Dt BN_BN2BIN 3
.Os
.Sh NAME
.Nm BN_bn2bin ,
.Nm BN_bin2bn ,
.Nm BN_bn2hex ,
.Nm BN_bn2dec ,
.Nm BN_hex2bn ,
.Nm BN_dec2bn ,
.Nm BN_asc2bn ,
.Nm BN_print ,
.Nm BN_print_fp ,
.Nm BN_bn2mpi ,
.Nm BN_mpi2bn
.Nd format conversions
.Sh SYNOPSIS
.In openssl/bn.h
37
38
39
40
41
42
43





44
45
46
47
48
49
50
.Ft int
.Fo BN_hex2bn
.Fa "BIGNUM **a"
.Fa "const char *str"
.Fc
.Ft int
.Fo BN_dec2bn





.Fa "BIGNUM **a"
.Fa "const char *str"
.Fc
.Ft int
.Fo BN_print
.Fa "BIO *fp"
.Fa "const BIGNUM *a"







>
>
>
>
>







88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
.Ft int
.Fo BN_hex2bn
.Fa "BIGNUM **a"
.Fa "const char *str"
.Fc
.Ft int
.Fo BN_dec2bn
.Fa "BIGNUM **a"
.Fa "const char *str"
.Fc
.Ft int
.Fo BN_asc2bn
.Fa "BIGNUM **a"
.Fa "const char *str"
.Fc
.Ft int
.Fo BN_print
.Fa "BIO *fp"
.Fa "const BIGNUM *a"
100
101
102
103
104
105
106
107
108
109




110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127














128
129
130
131
132
133
134
.Fa a
respectively.
For negative numbers, the string is prefaced with a leading minus sign.
The string must be freed later using
.Xr free 3 .
.Pp
.Fn BN_hex2bn
converts the string
.Fa str
containing a hexadecimal number to a




.Vt BIGNUM
and stores it in
.Pf * Fa a .
If
.Pf * Fa a
is
.Dv NULL ,
a new
.Vt BIGNUM
is created.
If
.Fa a
is
.Dv NULL ,
it only computes the number's length in hexadecimal digits.
If the string starts with a minus sign, the number is negative.
.Fn BN_dec2bn
is the same using the decimal system.














.Pp
.Fn BN_print
and
.Fn BN_print_fp
write the hexadecimal encoding of
.Fa a ,
with a leading minus sign for negative numbers, to the







|

|
>
>
>
>

|













|


>
>
>
>
>
>
>
>
>
>
>
>
>
>







156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
.Fa a
respectively.
For negative numbers, the string is prefaced with a leading minus sign.
The string must be freed later using
.Xr free 3 .
.Pp
.Fn BN_hex2bn
interprets
.Fa str
as a hexadecimal number.
The string may start with a minus sign
.Pq Sq - .
Conversion stops at the first byte that is not a hexadecimal digit.
The number is converted to a
.Vt BIGNUM
and stored in
.Pf * Fa a .
If
.Pf * Fa a
is
.Dv NULL ,
a new
.Vt BIGNUM
is created.
If
.Fa a
is
.Dv NULL ,
it only computes the number's length in hexadecimal digits.
A "negative zero" is converted to zero.
.Fn BN_dec2bn
is the same using the decimal system.
.Fn BN_asc2bn
infers the number base from an optional prefix.
If
.Fa str
starts with
.Qq 0x
or
.Qq 0X ,
it calls
.Fn BN_hex2bn ,
otherwise
.Fn BN_dec2bn .
If the number is negative, the minus sign can be given before or
after the prefix.
.Pp
.Fn BN_print
and
.Fn BN_print_fp
write the hexadecimal encoding of
.Fa a ,
with a leading minus sign for negative numbers, to the
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
.Fa a
at
.Fa to ,
where
.Fa to
must be large enough to hold the result.
The size can be determined by calling
.Fn BN_bn2mpi a , NULL .
.Pp
.Fn BN_mpi2bn
converts the
.Fa len
bytes long representation at
.Fa s
to a







|







227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
.Fa a
at
.Fa to ,
where
.Fa to
must be large enough to hold the result.
The size can be determined by calling
.Fn BN_bn2mpi a  NULL .
.Pp
.Fn BN_mpi2bn
converts the
.Fa len
bytes long representation at
.Fa s
to a
190
191
192
193
194
195
196
197
198






199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
.Fn BN_bn2dec
return a NUL-terminated string, or
.Dv NULL
on error.
.Fn BN_hex2bn
and
.Fn BN_dec2bn
return the number's length in hexadecimal or decimal digits, and 0 on
error.






.Pp
.Fn BN_print_fp
and
.Fn BN_print
return 1 on success, 0 on write errors.
.Pp
.Fn BN_bn2mpi
returns the length of the representation.
.Fn BN_mpi2bn
returns the
.Vt BIGNUM ,
or
.Dv NULL
on error.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ASN1_INTEGER_to_BN 3 ,
.Xr bn 3 ,
.Xr BN_num_bytes 3 ,
.Xr BN_zero 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_bn2bin ,
.Fn BN_bin2bn ,
.Fn BN_print_fp ,







|
|
>
>
>
>
>
>


















<
|







264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

297
298
299
300
301
302
303
304
.Fn BN_bn2dec
return a NUL-terminated string, or
.Dv NULL
on error.
.Fn BN_hex2bn
and
.Fn BN_dec2bn
return the number's length in hexadecimal or decimal digits
or 0 on error, in which case no new
.Vt BIGNUM
is created.
.Fn BN_asc2bn
returns 1 on success or 0 on error, in which case no new
.Vt BIGNUM
is created.
.Pp
.Fn BN_print_fp
and
.Fn BN_print
return 1 on success, 0 on write errors.
.Pp
.Fn BN_bn2mpi
returns the length of the representation.
.Fn BN_mpi2bn
returns the
.Vt BIGNUM ,
or
.Dv NULL
on error.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr BN_new 3 ,
.Xr BN_num_bytes 3 ,
.Xr BN_zero 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_bn2bin ,
.Fn BN_bin2bn ,
.Fn BN_print_fp ,
Changes to jni/libressl/man/BN_cmp.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: June 16 2014 $
.Dt BN_CMP 3
.Os
.Sh NAME
.Nm BN_cmp ,
.Nm BN_ucmp ,
.Nm BN_is_zero ,
.Nm BN_is_one ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BN_cmp.3,v 1.4 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_CMP 3
.Os
.Sh NAME
.Nm BN_cmp ,
.Nm BN_ucmp ,
.Nm BN_is_zero ,
.Nm BN_is_one ,
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
.Fn BN_is_zero ,
.Fn BN_is_one ,
.Fn BN_is_word ,
and
.Fn BN_is_odd
return 1 if the condition is true, 0 otherwise.
.Sh SEE ALSO
.Xr bn 3
.Sh HISTORY
.Fn BN_cmp ,
.Fn BN_ucmp ,
.Fn BN_is_zero ,
.Fn BN_is_one
and
.Fn BN_is_word
are available in all versions of SSLeay and OpenSSL.
.Fn BN_is_odd
was added in SSLeay 0.8.







|










132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
.Fn BN_is_zero ,
.Fn BN_is_one ,
.Fn BN_is_word ,
and
.Fn BN_is_odd
return 1 if the condition is true, 0 otherwise.
.Sh SEE ALSO
.Xr BN_new 3
.Sh HISTORY
.Fn BN_cmp ,
.Fn BN_ucmp ,
.Fn BN_is_zero ,
.Fn BN_is_one
and
.Fn BN_is_word
are available in all versions of SSLeay and OpenSSL.
.Fn BN_is_odd
was added in SSLeay 0.8.
Changes to jni/libressl/man/BN_copy.3.



















































1
2
3
4
5
6

7
8
9
10
11
12
13
14
15
16
17
18






19
20
21
22
23
24

25
26
27
28
29
















































30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52



















































.Dd $Mdocdate: April 03 2000 $
.Dt BN_COPY 3
.Os
.Sh NAME
.Nm BN_copy ,
.Nm BN_dup

.Nd copy BIGNUMs
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BIGNUM *
.Fo BN_copy
.Fa "BIGNUM *to"
.Fa "const BIGNUM *from"
.Fc
.Ft BIGNUM *
.Fo BN_dup
.Fa "const BIGNUM *from"
.Fc






.Sh DESCRIPTION
.Fn BN_copy
copies
.Fa from
to
.Fa to .

.Fn BN_dup
creates a new
.Vt BIGNUM
containing the value
.Fa from .
















































.Sh RETURN VALUES
.Fn BN_copy
returns
.Fa to
on success,
.Dv NULL
on error.
.Fn BN_dup
returns the new
.Vt BIGNUM ,
or
.Dv NULL
on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_copy
and
.Fn BN_dup
are available in all versions of SSLeay and OpenSSL.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




|
>












>
>
>
>
>
>






>





>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|




|






|
|





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
.\"	$OpenBSD: BN_copy.3,v 1.6 2017/01/30 01:29:31 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>
.\" and Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_COPY 3
.Os
.Sh NAME
.Nm BN_copy ,
.Nm BN_dup ,
.Nm BN_with_flags
.Nd copy BIGNUMs
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BIGNUM *
.Fo BN_copy
.Fa "BIGNUM *to"
.Fa "const BIGNUM *from"
.Fc
.Ft BIGNUM *
.Fo BN_dup
.Fa "const BIGNUM *from"
.Fc
.Ft void
.Fo BN_with_flags
.Fa "BIGNUM *dest"
.Fa "const BIGNUM *b"
.Fa "int flags"
.Fc
.Sh DESCRIPTION
.Fn BN_copy
copies
.Fa from
to
.Fa to .
.Pp
.Fn BN_dup
creates a new
.Vt BIGNUM
containing the value
.Fa from .
.Pp
.Fn BN_with_flags
creates a
.Em temporary
shallow copy of
.Fa b
in
.Fa dest .
It places significant restrictions on the copied data.
Applications that do not adhere to these restrictions
may encounter unexpected side effects or crashes.
For that reason, use of this macro is discouraged.
.Pp
Any flags provided in
.Fa flags
will be set in
.Fa dest
in addition to any flags already set in
.Fa b .
For example, this can be used to create a temporary copy of a
.Vt BIGNUM
with the
.Dv BN_FLG_CONSTTIME
flag set for constant time operations.
.Pp
The temporary copy in
.Fa dest
will share some internal state with
.Fa b .
For this reason, the following restrictions apply to the use of
.Fa dest :
.Bl -bullet
.It
.Fa dest
should be a newly allocated
.Vt BIGNUM
obtained via a call to
.Xr BN_new 3 .
It should not have been used for other purposes or initialised in any way.
.It
.Fa dest
must only be used in "read-only" operations, i.e. typically those
functions where the relevant parameter is declared "const".
.It
.Fa dest
must be used and freed before any further subsequent use of
.Fa b .
.El
.Sh RETURN VALUES
.Fn BN_copy
returns
.Fa to
on success or
.Dv NULL
on error.
.Fn BN_dup
returns the new
.Vt BIGNUM
or
.Dv NULL
on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_new 3 ,
.Xr BN_set_flags 3
.Sh HISTORY
.Fn BN_copy
and
.Fn BN_dup
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/BN_generate_prime.3.




















































1
2
3
4
5
6
7
8




















































.Dd $Mdocdate: July 17 2014 $
.Dt BN_GENERATE_PRIME 3
.Os
.Sh NAME
.Nm BN_generate_prime_ex ,
.Nm BN_is_prime_ex ,
.Nm BN_is_prime_fasttest_ex ,
.Nm BN_GENCB_call ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
.\"	$OpenBSD: BN_generate_prime.3,v 1.6 2017/01/07 05:06:22 schwarze Exp $
.\"	OpenSSL 2afb29b4 Aug 14 16:47:13 2014 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>
.\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2003, 2013, 2014 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt BN_GENERATE_PRIME 3
.Os
.Sh NAME
.Nm BN_generate_prime_ex ,
.Nm BN_is_prime_ex ,
.Nm BN_is_prime_fasttest_ex ,
.Nm BN_GENCB_call ,
40
41
42
43
44
45
46

47





48




49
50
51
52
53
54
55
.Fc
.Ft int
.Fo BN_GENCB_call
.Fa "BN_GENCB *cb"
.Fa "int a"
.Fa "int b"
.Fc

.Fd #define BN_GENCB_set_old(gencb, callback, cb_arg) ...





.Fd #define BN_GENCB_set(gencb, callback, cb_arg) ...




.Pp
Deprecated:
.Pp
.Ft BIGNUM *
.Fo BN_generate_prime
.Fa "BIGNUM *ret"
.Fa "int num"







>
|
>
>
>
>
>
|
>
>
>
>







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
.Fc
.Ft int
.Fo BN_GENCB_call
.Fa "BN_GENCB *cb"
.Fa "int a"
.Fa "int b"
.Fc
.Ft void
.Fo BN_GENCB_set_old
.Fa "BN_GENCB *gencb"
.Fa "void (*callback)(int, int, void *)"
.Fa "void *cb_arg"
.Fc
.Ft void
.Fo BN_GENCB_set
.Fa "BN_GENCB *gencb"
.Fa "int (*callback)(int, int, BN_GENCB *)"
.Fa "void *cb_arg"
.Fc
.Pp
Deprecated:
.Pp
.Ft BIGNUM *
.Fo BN_generate_prime
.Fa "BIGNUM *ret"
.Fa "int num"
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
.Fa "void (*callback)(int, int, void *)"
.Fa "BN_CTX *ctx"
.Fa "void *cb_arg"
.Fa "int do_trial_division"
.Fc
.Sh DESCRIPTION
.Fn BN_generate_prime_ex
generates a pseudo-random prime number of bit length
.Fa bits .
If
.Fa ret
is not
.Dv NULL ,
it will be used to store the number.
.Pp







|







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
.Fa "void (*callback)(int, int, void *)"
.Fa "BN_CTX *ctx"
.Fa "void *cb_arg"
.Fa "int do_trial_division"
.Fc
.Sh DESCRIPTION
.Fn BN_generate_prime_ex
generates a pseudo-random prime number of at least bit length
.Fa bits .
If
.Fa ret
is not
.Dv NULL ,
it will be used to store the number.
.Pp
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
.Vt BN_GENCB
structures that are supported: "new" style and "old" style.
New programs should prefer the "new" style, whilst the "old" style is
provided for backwards compatibility purposes.
.Pp
For "new" style callbacks a
.Vt BN_GENCB
structure should be initialised with a call to
.Fn BN_GENCB_set ,
where
.Fa gencb
is a
.Vt BN_GENCB * ,
.Fa callback
is of type
.Vt int (*callback)(int, int, BN_GENCB *)
and
.Fa cb_arg
is a
.Vt void * .
"Old" style callbacks are the same except they are initialised with a
call to
.Fn BN_GENCB_set_old
and
.Fa callback
is of type
.Vt void (*callback)(int, int, void *) .
.Pp
A callback is invoked through a call to







|













|







258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
.Vt BN_GENCB
structures that are supported: "new" style and "old" style.
New programs should prefer the "new" style, whilst the "old" style is
provided for backwards compatibility purposes.
.Pp
For "new" style callbacks a
.Vt BN_GENCB
structure should be initialised with a call to the macro
.Fn BN_GENCB_set ,
where
.Fa gencb
is a
.Vt BN_GENCB * ,
.Fa callback
is of type
.Vt int (*callback)(int, int, BN_GENCB *)
and
.Fa cb_arg
is a
.Vt void * .
"Old" style callbacks are the same except they are initialised with a
call to the macro
.Fn BN_GENCB_set_old
and
.Fa callback
is of type
.Vt void (*callback)(int, int, void *) .
.Pp
A callback is invoked through a call to
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
otherwise.
.Pp
Callback functions should return 1 on success or 0 on error.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr ERR_get_error 3 ,
.Xr rand 3
.Sh HISTORY
The
.Fa cb_arg
arguments to
.Fn BN_generate_prime
and to
.Fn BN_is_prime







|

|







327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
otherwise.
.Pp
Callback functions should return 1 on success or 0 on error.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_new 3 ,
.Xr ERR_get_error 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
The
.Fa cb_arg
arguments to
.Fn BN_generate_prime
and to
.Fn BN_is_prime
Added jni/libressl/man/BN_get0_nist_prime_521.3.










































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
.\"	$OpenBSD: BN_get0_nist_prime_521.3,v 1.4 2016/12/11 10:00:30 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Rich Salz <rsalz@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt BN_GET0_NIST_PRIME_521 3
.Os
.Sh NAME
.Nm BN_get0_nist_prime_192 ,
.Nm BN_get0_nist_prime_224 ,
.Nm BN_get0_nist_prime_256 ,
.Nm BN_get0_nist_prime_384 ,
.Nm BN_get0_nist_prime_521
.Nd create standardized public primes or DH pairs
.Sh SYNOPSIS
.In openssl/bn.h
.Ft const BIGNUM *
.Fn BN_get0_nist_prime_192 void
.Ft const BIGNUM *
.Fn BN_get0_nist_prime_224 void
.Ft const BIGNUM *
.Fn BN_get0_nist_prime_256 void
.Ft const BIGNUM *
.Fn BN_get0_nist_prime_384 void
.Ft const BIGNUM *
.Fn BN_get0_nist_prime_521 void
.Sh DESCRIPTION
The
.Fn BN_get0_nist_prime_192 ,
.Fn BN_get0_nist_prime_224 ,
.Fn BN_get0_nist_prime_256 ,
.Fn BN_get0_nist_prime_384 ,
and
.Fn BN_get0_nist_prime_521
functions return a
.Vt BIGNUM
for the specific NIST prime curve (e.g. P-256).
.Sh SEE ALSO
.Xr BN_new 3
Changes to jni/libressl/man/BN_mod_inverse.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29


















































.Dd $Mdocdate: June 16 2014 $
.Dt BN_MOD_INVERSE 3
.Os
.Sh NAME
.Nm BN_mod_inverse
.Nd compute inverse modulo n
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BIGNUM *
.Fo BN_mod_inverse
.Fa "BIGNUM *r"
.Fa "BIGNUM *a"
.Fa "const BIGNUM *n"
.Fa "BN_CTX *ctx"
.Fc
.Sh DESCRIPTION
.Fn BN_mod_inverse
computes the inverse of
.Fa a
modulo
.Fa n
add places the result in
.Fa r
.Pq Li (a*r)%n==1 .
If
.Fa r
is
.Dv NULL ,
a new
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
.\"	$OpenBSD: BN_mod_inverse.3,v 1.6 2017/01/30 01:29:31 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_MOD_INVERSE 3
.Os
.Sh NAME
.Nm BN_mod_inverse
.Nd compute inverse modulo n
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BIGNUM *
.Fo BN_mod_inverse
.Fa "BIGNUM *r"
.Fa "BIGNUM *a"
.Fa "const BIGNUM *n"
.Fa "BN_CTX *ctx"
.Fc
.Sh DESCRIPTION
.Fn BN_mod_inverse
computes the inverse of
.Fa a
modulo
.Fa n
and places the result in
.Fa r
.Pq Li (a*r)%n==1 .
If
.Fa r
is
.Dv NULL ,
a new
47
48
49
50
51
52
53
54
55
56

57
58
59
.Vt BIGNUM
containing the inverse, or
.Dv NULL
on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add 3 ,
.Xr ERR_get_error 3

.Sh HISTORY
.Fn BN_mod_inverse
is available in all versions of SSLeay and OpenSSL.







<

|
>



97
98
99
100
101
102
103

104
105
106
107
108
109
.Vt BIGNUM
containing the inverse, or
.Dv NULL
on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr BN_add 3 ,
.Xr BN_new 3 ,
.Xr BN_set_flags 3
.Sh HISTORY
.Fn BN_mod_inverse
is available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/BN_mod_mul_montgomery.3.


















































1
2
3
4
5
6
7
8
9
10

11
12
13
14
15
16
17


















































.Dd $Mdocdate: May 15 2002 $
.Dt BN_MOD_MUL_MONTGOMERY 3
.Os
.Sh NAME
.Nm BN_mod_mul_montgomery ,
.Nm BN_MONT_CTX_new ,
.Nm BN_MONT_CTX_init ,
.Nm BN_MONT_CTX_free ,
.Nm BN_MONT_CTX_set ,
.Nm BN_MONT_CTX_copy ,

.Nm BN_from_montgomery ,
.Nm BN_to_montgomery
.Nd Montgomery multiplication
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BN_MONT_CTX *
.Fo BN_MONT_CTX_new
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



<





>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

55
56
57
58
59
60
61
62
63
64
65
66
67
.\"	$OpenBSD: BN_mod_mul_montgomery.3,v 1.7 2017/01/30 07:51:27 jmc Exp $
.\"	OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_MOD_MUL_MONTGOMERY 3
.Os
.Sh NAME

.Nm BN_MONT_CTX_new ,
.Nm BN_MONT_CTX_init ,
.Nm BN_MONT_CTX_free ,
.Nm BN_MONT_CTX_set ,
.Nm BN_MONT_CTX_copy ,
.Nm BN_mod_mul_montgomery ,
.Nm BN_from_montgomery ,
.Nm BN_to_montgomery
.Nd Montgomery multiplication
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BN_MONT_CTX *
.Fo BN_MONT_CTX_new
65
66
67
68
69
70
71

72
73
74


75
76
77
78
79
80
81
is called with suitable input, but they may be useful when several
operations are to be performed using the same modulus.
.Pp
.Fn BN_MONT_CTX_new
allocates and initializes a
.Vt BN_MONT_CTX
structure.

.Fn BN_MONT_CTX_init
initializes an existing uninitialized
.Vt BN_MONT_CTX .


.Pp
.Fn BN_MONT_CTX_set
sets up the
.Fa mont
structure from the modulus
.Fa m
by precomputing its inverse and a value R.







>



>
>







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
is called with suitable input, but they may be useful when several
operations are to be performed using the same modulus.
.Pp
.Fn BN_MONT_CTX_new
allocates and initializes a
.Vt BN_MONT_CTX
structure.
.Pp
.Fn BN_MONT_CTX_init
initializes an existing uninitialized
.Vt BN_MONT_CTX .
It is deprecated and dangerous: see
.Sx CAVEATS .
.Pp
.Fn BN_MONT_CTX_set
sets up the
.Fa mont
structure from the modulus
.Fa m
by precomputing its inverse and a value R.
89
90
91
92
93
94
95





96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
.Pp
.Fn BN_MONT_CTX_free
frees the components of the
.Vt BN_MONT_CTX ,
and, if it was created by
.Fn BN_MONT_CTX_new ,
also the structure itself.





.Pp
.Fn BN_mod_mul_montgomery
computes
.Pp
.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1
.Pp
and places the result in
.Fa r .
.Pp
.Fn BN_from_montgomery
performs the Montgomery reduction
.Pp
.D1 Fa r No = Fa a No * R^-1.
.Pp
.Fn BN_to_montgomery
computes
.Pp
.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R .
.Pp
Note that
.Fa a
must be non-negative and smaller than the modulus.
.Pp
For all functions,
.Fa ctx







>
>
>
>
>












|




|







142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
.Pp
.Fn BN_MONT_CTX_free
frees the components of the
.Vt BN_MONT_CTX ,
and, if it was created by
.Fn BN_MONT_CTX_new ,
also the structure itself.
If
.Fa mont
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn BN_mod_mul_montgomery
computes
.Pp
.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1
.Pp
and places the result in
.Fa r .
.Pp
.Fn BN_from_montgomery
performs the Montgomery reduction
.Pp
.D1 Fa r No = Fa a No * R^-1
.Pp
.Fn BN_to_montgomery
computes
.Pp
.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R
.Pp
Note that
.Fa a
must be non-negative and smaller than the modulus.
.Pp
For all functions,
.Fa ctx
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

















	int flags;
} BN_MONT_CTX;
.Ed
.Pp
.Fn BN_to_montgomery
is a macro.
.Pp
.Sy Warning:
The inputs must be reduced modulo
.Fa m ,
otherwise the result will be outside the expected range.
.Sh RETURN VALUES
.Fn BN_MONT_CTX_new
returns the newly allocated
.Vt BN_MONT_CTX ,
and

.Dv NULL
on error.
.Pp
.Fn BN_MONT_CTX_init
and
.Fn BN_MONT_CTX_free
return no values.
.Pp
For the other functions, 1 is returned for success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add 3 ,
.Xr BN_CTX_new 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_MONT_CTX_new ,
.Fn BN_MONT_CTX_free ,
.Fn BN_MONT_CTX_set ,
.Fn BN_mod_mul_montgomery ,
.Fn BN_from_montgomery
and
.Fn BN_to_montgomery
are available in all versions of SSLeay and OpenSSL.
.Pp
.Fn BN_MONT_CTX_init
and
.Fn BN_MONT_CTX_copy
were added in SSLeay 0.9.1b.
























|






|
<
>



<
<
<
<
<
|



<


|














>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

209
210
211
212





213
214
215
216

217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
	int flags;
} BN_MONT_CTX;
.Ed
.Pp
.Fn BN_to_montgomery
is a macro.
.Pp
.Sy Warning :
The inputs must be reduced modulo
.Fa m ,
otherwise the result will be outside the expected range.
.Sh RETURN VALUES
.Fn BN_MONT_CTX_new
returns the newly allocated
.Vt BN_MONT_CTX

or
.Dv NULL
on error.
.Pp





For the other functions, 1 is returned for success or 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr BN_add 3 ,
.Xr BN_CTX_new 3 ,
.Xr BN_new 3
.Sh HISTORY
.Fn BN_MONT_CTX_new ,
.Fn BN_MONT_CTX_free ,
.Fn BN_MONT_CTX_set ,
.Fn BN_mod_mul_montgomery ,
.Fn BN_from_montgomery
and
.Fn BN_to_montgomery
are available in all versions of SSLeay and OpenSSL.
.Pp
.Fn BN_MONT_CTX_init
and
.Fn BN_MONT_CTX_copy
were added in SSLeay 0.9.1b.
.Sh CAVEATS
.Fn BN_MONT_CTX_init
must not be called on a context that was used previously, or
memory used by the embedded
.Vt BIGNUM
structures is leaked immediately.
Besides, it must not be called on a context created with
.Fn BN_MONT_CTX_new ,
or the context itself will likely be leaked later.
It can only be used on a static
.Vt BN_MONT_CTX
structure, on one located on the stack, or on one
.Xr malloc 3 Ap ed
manually, but all these options are discouraged because they
will no longer work once
.Vt BN_MONT_CTX
is made opaque.
Changes to jni/libressl/man/BN_mod_mul_reciprocal.3.


















































1
2
3
4
5
6
7
8
9
10

11
12
13








14
15
16
17
18
19
20


















































.Dd $Mdocdate: December 15 2000 $
.Dt BN_MOD_MUL_RECIPROCAL 3
.Os
.Sh NAME
.Nm BN_mod_mul_reciprocal ,
.Nm BN_div_recp ,
.Nm BN_RECP_CTX_new ,
.Nm BN_RECP_CTX_init ,
.Nm BN_RECP_CTX_free ,
.Nm BN_RECP_CTX_set

.Nd modular multiplication using reciprocal
.Sh SYNOPSIS
.In openssl/bn.h








.Ft BN_RECP_CTX *
.Fo BN_RECP_CTX_new
.Fa void
.Fc
.Ft void
.Fo BN_RECP_CTX_init
.Fa "BN_RECP_CTX *recp"
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




<



|
>



>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
.\"	$OpenBSD: BN_mod_mul_reciprocal.3,v 1.7 2017/01/30 07:51:27 jmc Exp $
.\"	OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_MOD_MUL_RECIPROCAL 3
.Os
.Sh NAME
.Nm BN_mod_mul_reciprocal ,

.Nm BN_RECP_CTX_new ,
.Nm BN_RECP_CTX_init ,
.Nm BN_RECP_CTX_free ,
.Nm BN_RECP_CTX_set ,
.Nm BN_div_recp
.Nd modular multiplication using reciprocal
.Sh SYNOPSIS
.In openssl/bn.h
.Ft int
.Fo BN_mod_mul_reciprocal
.Fa "BIGNUM *r"
.Fa "BIGNUM *a"
.Fa "BIGNUM *b"
.Fa "BN_RECP_CTX *recp"
.Fa "BN_CTX *ctx"
.Fc
.Ft BN_RECP_CTX *
.Fo BN_RECP_CTX_new
.Fa void
.Fc
.Ft void
.Fo BN_RECP_CTX_init
.Fa "BN_RECP_CTX *recp"
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68
69
70


71
72
73
74
75
76
77





78
79
80
81
82
83
84
.Fo BN_div_recp
.Fa "BIGNUM *dv"
.Fa "BIGNUM *rem"
.Fa "BIGNUM *a"
.Fa "BN_RECP_CTX *recp"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo BN_mod_mul_reciprocal
.Fa "BIGNUM *r"
.Fa "BIGNUM *a"
.Fa "BIGNUM *b"
.Fa "BN_RECP_CTX *recp"
.Fa "BN_CTX *ctx"
.Fc
.Sh DESCRIPTION
.Fn BN_mod_mul_reciprocal
can be used to perform an efficient
.Xr BN_mod_mul 3
operation when the operation will be performed repeatedly with the same
modulus.
It computes
.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m
using
.Fa recp Ns =1/ Ns Fa m ,
which is set as described below.
.Fa ctx
is a previously allocated
.Vt BN_CTX
used for temporary variables.
.Pp
.Fn BN_RECP_CTX_new
allocates and initializes a
.Vt BN_RECP_CTX
structure.

.Fn BN_RECP_CTX_init
initializes an existing uninitialized
.Vt BN_RECP_CTX .


.Pp
.Fn BN_RECP_CTX_free
frees the components of the
.Vt BN_RECP_CTX ,
and, if it was created by
.Fn BN_RECP_CTX_new ,
also the structure itself.





.Pp
.Fn BN_RECP_CTX_set
stores
.Fa m
in
.Fa recp
and sets it up for computing







<
<
<
<
<
<
<
<




















>



>
>







>
>
>
>
>







91
92
93
94
95
96
97








98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
.Fo BN_div_recp
.Fa "BIGNUM *dv"
.Fa "BIGNUM *rem"
.Fa "BIGNUM *a"
.Fa "BN_RECP_CTX *recp"
.Fa "BN_CTX *ctx"
.Fc








.Sh DESCRIPTION
.Fn BN_mod_mul_reciprocal
can be used to perform an efficient
.Xr BN_mod_mul 3
operation when the operation will be performed repeatedly with the same
modulus.
It computes
.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m
using
.Fa recp Ns =1/ Ns Fa m ,
which is set as described below.
.Fa ctx
is a previously allocated
.Vt BN_CTX
used for temporary variables.
.Pp
.Fn BN_RECP_CTX_new
allocates and initializes a
.Vt BN_RECP_CTX
structure.
.Pp
.Fn BN_RECP_CTX_init
initializes an existing uninitialized
.Vt BN_RECP_CTX .
It is deprecated and dangerous: see
.Sx CAVEATS .
.Pp
.Fn BN_RECP_CTX_free
frees the components of the
.Vt BN_RECP_CTX ,
and, if it was created by
.Fn BN_RECP_CTX_new ,
also the structure itself.
If
.Fa recp
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn BN_RECP_CTX_set
stores
.Fa m
in
.Fa recp
and sets it up for computing
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

















} BN_RECP_CTX;
.Ed
.Pp
It cannot be shared between threads.
.Sh RETURN VALUES
.Fn BN_RECP_CTX_new
returns the newly allocated
.Vt BN_RECP_CTX ,
or
.Dv NULL
on error.
.Pp
.Fn BN_RECP_CTX_init
and
.Fn BN_RECP_CTX_free
return no values.
.Pp
For the other functions, 1 is returned for success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add 3 ,
.Xr BN_CTX_new 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Vt BN_RECP_CTX
was added in SSLeay 0.9.0.
Before that, a function
.Fn BN_reciprocal
was used instead, and the
.Fn BN_mod_mul_reciprocal
arguments were different.
























|




<
<
<
<
<
|



<


|








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
173
174
175
176
177
178
179
180
181
182
183
184





185
186
187
188

189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
} BN_RECP_CTX;
.Ed
.Pp
It cannot be shared between threads.
.Sh RETURN VALUES
.Fn BN_RECP_CTX_new
returns the newly allocated
.Vt BN_RECP_CTX
or
.Dv NULL
on error.
.Pp





For the other functions, 1 is returned for success or 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr BN_add 3 ,
.Xr BN_CTX_new 3 ,
.Xr BN_new 3
.Sh HISTORY
.Vt BN_RECP_CTX
was added in SSLeay 0.9.0.
Before that, a function
.Fn BN_reciprocal
was used instead, and the
.Fn BN_mod_mul_reciprocal
arguments were different.
.Sh CAVEATS
.Fn BN_RECP_CTX_init
must not be called on a context that was used previously, or
memory used by the embedded
.Vt BIGNUM
structures is leaked immediately.
Besides, it must not be called on a context created with
.Fn BN_RECP_CTX_new ,
or the context itself will likely be leaked later.
It can only be used on a static
.Vt BN_RECP_CTX
structure, on one located on the stack, or on one
.Xr malloc 3 Ap ed
manually, but all these options are discouraged because they
will no longer work once
.Vt BN_RECP_CTX
is made opaque.
Changes to jni/libressl/man/BN_new.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: September 6 2008 $
.Dt BN_NEW 3
.Os
.Sh NAME
.Nm BN_new ,
.Nm BN_init ,
.Nm BN_clear ,
.Nm BN_free ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BN_new.3,v 1.9 2017/01/30 07:51:27 jmc Exp $
.\"	OpenSSL doc/man3/BN_new.pod 2457c19d Mar 6 08:43:36 2004 +0000
.\"	OpenSSL doc/man7/bn.pod 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2004 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_NEW 3
.Os
.Sh NAME
.Nm BN_new ,
.Nm BN_init ,
.Nm BN_clear ,
.Nm BN_free ,
27
28
29
30
31
32
33
















34
35
36
37

38
39
40


41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57





58
59
60
61
62
63
64
65
66
67



68
69








70
71
72
73

74
75
76
77
78
79
80
81
82
83
84























.Fa "BIGNUM *a"
.Fc
.Ft void
.Fo BN_clear_free
.Fa "BIGNUM *a"
.Fc
.Sh DESCRIPTION
















.Fn BN_new
allocates and initializes a
.Vt BIGNUM
structure.

.Fn BN_init
initializes an existing uninitialized
.Vt BIGNUM .


.Pp
.Fn BN_clear
is used to destroy sensitive data such as keys when they are no longer
needed.
It erases the memory used by
.Fa a
and sets it to the value 0.
.Pp
.Fn BN_free
frees the components of the
.Vt BIGNUM ,
and if it was created by
.Fn BN_new ,
also the structure itself.
.Fn BN_clear_free
additionally overwrites the data before the memory is returned to the
system.





.Sh RETURN VALUES
.Fn BN_new
returns a pointer to the
.Vt BIGNUM .
If the allocation fails, it returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
.Pp
.Fn BN_init ,



.Fn BN_clear ,
.Fn BN_free ,








and
.Fn BN_clear_free
return no values.
.Sh SEE ALSO

.Xr bn 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn BN_new ,
.Fn BN_clear ,
.Fn BN_free ,
and
.Fn BN_clear_free
are available in all versions on SSLeay and OpenSSL.
.Fn BN_init
was added in SSLeay 0.9.1b.






























>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




>



>
>










|
|





>
>
>
>
>








|
|
>
>
>
|
|
>
>
>
>
>
>
>
>
|
|
|
<
>
|
|






|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
.Fa "BIGNUM *a"
.Fc
.Ft void
.Fo BN_clear_free
.Fa "BIGNUM *a"
.Fc
.Sh DESCRIPTION
The BN library performs arithmetic operations on integers of arbitrary
size.
It was written for use in public key cryptography, such as RSA and
Diffie-Hellman.
.Pp
It uses dynamic memory allocation for storing its data structures.
That means that there is no limit on the size of the numbers manipulated
by these functions, but return values must always be checked in case a
memory allocation error has occurred.
.Pp
The basic object in this library is a
.Vt BIGNUM .
It is used to hold a single large integer.
This type should be considered opaque and fields should not be modified
or accessed directly.
.Pp
.Fn BN_new
allocates and initializes a
.Vt BIGNUM
structure.
.Pp
.Fn BN_init
initializes an existing uninitialized
.Vt BIGNUM .
It is deprecated and dangerous: see
.Sx CAVEATS .
.Pp
.Fn BN_clear
is used to destroy sensitive data such as keys when they are no longer
needed.
It erases the memory used by
.Fa a
and sets it to the value 0.
.Pp
.Fn BN_free
frees the components of the
.Vt BIGNUM
and, if it was created by
.Fn BN_new ,
also the structure itself.
.Fn BN_clear_free
additionally overwrites the data before the memory is returned to the
system.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Sh RETURN VALUES
.Fn BN_new
returns a pointer to the
.Vt BIGNUM .
If the allocation fails, it returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_add 3 ,
.Xr BN_add_word 3 ,
.Xr BN_BLINDING_new 3 ,
.Xr BN_bn2bin 3 ,
.Xr BN_cmp 3 ,
.Xr BN_copy 3 ,
.Xr BN_CTX_new 3 ,
.Xr BN_CTX_start 3 ,
.Xr BN_generate_prime 3 ,
.Xr BN_get0_nist_prime_521 3 ,
.Xr BN_mod_inverse 3 ,
.Xr BN_mod_mul_montgomery 3 ,
.Xr BN_mod_mul_reciprocal 3 ,
.Xr BN_num_bytes 3 ,
.Xr BN_rand 3 ,
.Xr BN_set_bit 3 ,
.Xr BN_set_flags 3 ,

.Xr BN_set_negative 3 ,
.Xr BN_swap 3 ,
.Xr BN_zero 3
.Sh HISTORY
.Fn BN_new ,
.Fn BN_clear ,
.Fn BN_free ,
and
.Fn BN_clear_free
are available in all versions of SSLeay and OpenSSL.
.Fn BN_init
was added in SSLeay 0.9.1b.
.Sh CAVEATS
.Fn BN_init
must not be called on a
.Vt BIGNUM
that was used and contains an actual number, or the memory
used for storing the number is leaked immediately.
Besides, it must not be called on a number allocated with
.Fn BN_new ,
or the
.Vt BIGNUM
structure itself will likely be leaked later on.
It can only be used on static
.Vt BIGNUM
structures, on
.Vt BIGNUM
structures on the stack, or on
.Vt BIGNUM
structures
.Xr malloc 3 Ap ed
manually, but all of these options are discouraged because they
will no longer work once the
.Vt BIGNUM
data type is made opaque.
Changes to jni/libressl/man/BN_num_bytes.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65


66
67
68
69
70
71
72
73
74
75
76



















































.Dd $Mdocdate: April 29 2005 $
.Dt BN_NUM_BYTES 3
.Os
.Sh NAME
.Nm BN_num_bits ,
.Nm BN_num_bytes ,
.Nm BN_num_bits_word
.Nd get BIGNUM size
.Sh SYNOPSIS
.In openssl/bn.h
.Ft int
.Fo BN_num_bytes
.Fa "const BIGNUM *a"
.Fc
.Ft int
.Fo BN_num_bits
.Fa "const BIGNUM *a"
.Fc
.Ft int
.Fo BN_num_bits_word
.Fa "BN_ULONG w"
.Fc
.Sh DESCRIPTION
.Fn BN_num_bytes
returns the size of a
.Sy BIGNUM
in bytes.
.Pp
.Fn BN_num_bits_word
returns the number of significant bits in a word.
If we take 0x00000432 as an example, it returns 11, not 16, not 32.
Basically, except for a zero, it returns
.Pp
.D1 floor(log2( Ns Fa w ) ) No + 1 .
.Pp
.Fn BN_num_bits
returns the number of significant bits in a
.Sy BIGNUM ,
following the same principle as
.Fn BN_num_bits_word .
.Pp
.Fn BN_num_bytes
is a macro.
.Sh RETURN VALUES
The size.
.Sh NOTES
Some have tried using
.Fn BN_num_bits
on individual numbers in RSA keys, DH keys and DSA keys, and found that
they don't always come up with the number of bits they expected
(something like 512, 1024, 2048, ...). This is because generating a
number with some specific number of bits doesn't always set the highest
bits, thereby making the number of
.Em significant
bits a little lower.
If you want to know the "key size" of such a key, either use functions
like
.Xr RSA_size 3 ,
.Xr DH_size 3 ,
and
.Xr DSA_size 3 ,
or use
.Fn BN_num_bytes
and multiply with 8 (although there's no real guarantee that will match
the "key size", just a lot more probability).


.Sh SEE ALSO
.Xr bn 3 ,
.Xr DH_size 3 ,
.Xr DSA_size 3 ,
.Xr RSA_size 3
.Sh HISTORY
.Fn BN_num_bytes ,
.Fn BN_num_bits ,
and
.Fn BN_num_bits_word
are available in all versions of SSLeay and OpenSSL.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
|



















|




|












<
|
<



















>
>

|









1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

95

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
.\"	$OpenBSD: BN_num_bytes.3,v 1.5 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>
.\" and Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000, 2004 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_NUM_BYTES 3
.Os
.Sh NAME
.Nm BN_num_bytes ,
.Nm BN_num_bits ,
.Nm BN_num_bits_word
.Nd get BIGNUM size
.Sh SYNOPSIS
.In openssl/bn.h
.Ft int
.Fo BN_num_bytes
.Fa "const BIGNUM *a"
.Fc
.Ft int
.Fo BN_num_bits
.Fa "const BIGNUM *a"
.Fc
.Ft int
.Fo BN_num_bits_word
.Fa "BN_ULONG w"
.Fc
.Sh DESCRIPTION
.Fn BN_num_bytes
returns the size of a
.Vt BIGNUM
in bytes.
.Pp
.Fn BN_num_bits_word
returns the number of significant bits in a word.
As an example, 0x00000432 returns 11, not 16 or 32.
Basically, except for a zero, it returns
.Pp
.D1 floor(log2( Ns Fa w ) ) No + 1 .
.Pp
.Fn BN_num_bits
returns the number of significant bits in a
.Sy BIGNUM ,
following the same principle as
.Fn BN_num_bits_word .
.Pp
.Fn BN_num_bytes
is a macro.

.Pp

Some have tried using
.Fn BN_num_bits
on individual numbers in RSA keys, DH keys and DSA keys, and found that
they don't always come up with the number of bits they expected
(something like 512, 1024, 2048, ...). This is because generating a
number with some specific number of bits doesn't always set the highest
bits, thereby making the number of
.Em significant
bits a little lower.
If you want to know the "key size" of such a key, either use functions
like
.Xr RSA_size 3 ,
.Xr DH_size 3 ,
and
.Xr DSA_size 3 ,
or use
.Fn BN_num_bytes
and multiply with 8 (although there's no real guarantee that will match
the "key size", just a lot more probability).
.Sh RETURN VALUES
The size.
.Sh SEE ALSO
.Xr BN_new 3 ,
.Xr DH_size 3 ,
.Xr DSA_size 3 ,
.Xr RSA_size 3
.Sh HISTORY
.Fn BN_num_bytes ,
.Fn BN_num_bits ,
and
.Fn BN_num_bits_word
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/BN_rand.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: February 23 2015 $
.Dt BN_RAND 3
.Os
.Sh NAME
.Nm BN_rand ,
.Nm BN_pseudo_rand ,
.Nm BN_rand_range ,
.Nm BN_pseudo_rand_range
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: BN_rand.3,v 1.6 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2013, 2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_RAND 3
.Os
.Sh NAME
.Nm BN_rand ,
.Nm BN_pseudo_rand ,
.Nm BN_rand_range ,
.Nm BN_pseudo_rand_range
49
50
51
52
53
54
55








56
57
58
59
60
61
62
is 1, the two most significant bits of the number will be set to 1, so
that the product of two such random numbers will always have
.Pf 2* Fa bits
length.
If
.Fa bottom
is true, the number will be odd.








.Pp
.Fn BN_pseudo_rand
does the same, but pseudo-random numbers generated by this function are
not necessarily unpredictable.
They can be used for non-cryptographic purposes and for certain purposes
in cryptographic protocols, but usually not for key generation etc.
.Pp







>
>
>
>
>
>
>
>







100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
is 1, the two most significant bits of the number will be set to 1, so
that the product of two such random numbers will always have
.Pf 2* Fa bits
length.
If
.Fa bottom
is true, the number will be odd.
The value of
.Fa bits
must be zero or greater.
If
.Fa bits
is +1 then
.Fa top
cannot also be 1.
.Pp
.Fn BN_pseudo_rand
does the same, but pseudo-random numbers generated by this function are
not necessarily unpredictable.
They can be used for non-cryptographic purposes and for certain purposes
in cryptographic protocols, but usually not for key generation etc.
.Pp
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
.Fn BN_pseudo_rand ,
and hence numbers generated by it are not necessarily unpredictable.
.Sh RETURN VALUES
The functions return 1 on success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr ERR_get_error 3 ,
.Xr rand 3 ,
.Xr RAND_add 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
.Fn BN_rand
is available in all versions of SSLeay and OpenSSL.
.Fn BN_pseudo_rand
was added in OpenSSL 0.9.5.







|

<







129
130
131
132
133
134
135
136
137

138
139
140
141
142
143
144
.Fn BN_pseudo_rand ,
and hence numbers generated by it are not necessarily unpredictable.
.Sh RETURN VALUES
The functions return 1 on success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_new 3 ,
.Xr ERR_get_error 3 ,

.Xr RAND_add 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
.Fn BN_rand
is available in all versions of SSLeay and OpenSSL.
.Fn BN_pseudo_rand
was added in OpenSSL 0.9.5.
Changes to jni/libressl/man/BN_set_bit.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: March 19 2000 $
.Dt BN_SET_BIT 3
.Os
.Sh NAME
.Nm BN_set_bit ,
.Nm BN_clear_bit ,
.Nm BN_is_bit_set ,
.Nm BN_mask_bits ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BN_set_bit.3,v 1.5 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_SET_BIT 3
.Os
.Sh NAME
.Nm BN_set_bit ,
.Nm BN_clear_bit ,
.Nm BN_is_bit_set ,
.Nm BN_mask_bits ,
102
103
104
105
106
107
108



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

146


147
148
149
150
151
152
153
154
155
156
157
shifts
.Fa a
left by
.Fa n
bits and places the result in
.Fa r
.Pq Li r=a*2^n .



.Fn BN_lshift1
shifts
.Fa a
left by one and places the result in
.Fa r
.Pq Li r=2*a .
.Pp
.Fn BN_rshift
shifts
.Fa a
right by
.Fa n
bits and places the result in
.Fa r
.Pq Li r=a/2^n .



.Fn BN_rshift1
shifts
.Fa a
right by one and places the result in
.Fa r
.Pq Li r=a/2 .
.Pp
For the shift functions,
.Fa r
and
.Fa a
may be the same variable.
.Sh RETURN VALUES
.Fn BN_is_bit_set
returns 1 if the bit is set, 0 otherwise.
.Pp
All other functions return 1 for success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_add 3 ,

.Xr BN_num_bytes 3


.Sh HISTORY
.Fn BN_set_bit ,
.Fn BN_clear_bit ,
.Fn BN_is_bit_set ,
.Fn BN_mask_bits ,
.Fn BN_lshift ,
.Fn BN_lshift1 ,
.Fn BN_rshift ,
and
.Fn BN_rshift1
are available in all versions of SSLeay and OpenSSL.







>
>
>















>
>
>




















<

>
|
>
>











152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
shifts
.Fa a
left by
.Fa n
bits and places the result in
.Fa r
.Pq Li r=a*2^n .
Note that
.Fa n
must be non-negative.
.Fn BN_lshift1
shifts
.Fa a
left by one and places the result in
.Fa r
.Pq Li r=2*a .
.Pp
.Fn BN_rshift
shifts
.Fa a
right by
.Fa n
bits and places the result in
.Fa r
.Pq Li r=a/2^n .
Note that
.Fa n
must be non-negative.
.Fn BN_rshift1
shifts
.Fa a
right by one and places the result in
.Fa r
.Pq Li r=a/2 .
.Pp
For the shift functions,
.Fa r
and
.Fa a
may be the same variable.
.Sh RETURN VALUES
.Fn BN_is_bit_set
returns 1 if the bit is set, 0 otherwise.
.Pp
All other functions return 1 for success, 0 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr BN_add 3 ,
.Xr BN_new 3 ,
.Xr BN_num_bytes 3 ,
.Xr BN_set_negative 3 ,
.Xr BN_zero 3
.Sh HISTORY
.Fn BN_set_bit ,
.Fn BN_clear_bit ,
.Fn BN_is_bit_set ,
.Fn BN_mask_bits ,
.Fn BN_lshift ,
.Fn BN_lshift1 ,
.Fn BN_rshift ,
and
.Fn BN_rshift1
are available in all versions of SSLeay and OpenSSL.
Added jni/libressl/man/BN_set_flags.3.
































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
.\"	$OpenBSD: BN_set_flags.3,v 1.1 2017/01/30 01:29:31 schwarze Exp $
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 30 2017 $
.Dt BN_SET_FLAGS 3
.Os
.Sh NAME
.Nm BN_set_flags ,
.Nm BN_get_flags
.Nd enable and inspect flags on BIGNUM objects
.Sh SYNOPSIS
.In openssl/bn.h
.Ft void
.Fo BN_set_flags
.Fa "BIGNUM *b"
.Fa "int flags"
.Fc
.Ft int
.Fo BN_get_flags
.Fa "const BIGNUM *b"
.Fa "int flags"
.Fc
.Sh DESCRIPTION
.Fn BN_set_flags
enables the given
.Fa flags
on
.Fa b .
The
.Fa flags
argument can contain zero or more of the following constants OR'ed
together:
.Bl -tag -width Ds
.It Dv BN_FLG_CONSTTIME
If this flag is set on the divident
.Fa a
in
.Xr BN_div 3 ,
on the exponent
.Fa p
in
.Xr BN_mod_exp 3 ,
or on the divisor
.Fa a
or the modulus
.Fa n
in
.Xr BN_mod_inverse 3 ,
these functions prefer algorithms with an execution time independent
of the respective numbers, to avoid exposing sensitive information
to timing attacks.
.Pp
If this flag is set on the exponent
.Fa p
in
.Xr BN_exp 3
or if the modulus
.Fa m
is even for
.Xr BN_mod_exp 3 ,
an error occurs.
.Pp
Various functions automatically set this flag on sensitive data.
For example, the default implementations of
.Xr DH_generate_key 3 ,
.Xr DSA_generate_key 3 ,
and
.Xr RSA_generate_key_ex 3
set it on the generated private key.
.It Dv BN_FLG_MALLOCED
If this flag is set,
.Xr BN_free 3
and
.Xr BN_clear_free 3
will not only clear and free the components of
.Fa b ,
but also
.Fa b
itself.
This flag is set internally by
.Xr BN_new 3 .
Setting it manually on an existing
.Vt BIGNUM
object is usually a bad idea and can cause calls to
.Xr free 3
with bogus arguments.
.It Dv BN_FLG_STATIC_DATA
If this flag is set,
.Xr BN_clear_free 3
will neither clear nor free the memory used for storing the number.
Consequently, setting it manually on an existing
.Vt BIGNUM
object is usually a terrible idea that can cause both disclosure
of secret data and memory leaks.
This flag is automatically set on the constant
.Vt BIGNUM
objects returned by
.Xr BN_value_one 3
and by the functions documented in
.Xr BN_get0_nist_prime_521 3 .
.El
.Pp
.Fn BN_get_flags
interpretes
.Fa flags
as a bitmask and returns those of the given flags that are set in
.Fa b ,
OR'ed together, or 0 if none of the given
.Fa flags
is set.
The
.Fa flags
argument has the same syntax as for
.Fn BN_set_flags .
.Pp
These functions are currently implemented as macros, but they are
likely to become real functions in the future when the
.Vt BIGNUM
data type will be made opaque.
.Sh RETURN VALUES
.Fn BN_get_flags
returns zero or more of the above constants, OR'ed together.
.Sh SEE ALSO
.Xr BN_mod_exp 3 ,
.Xr BN_mod_inverse 3 ,
.Xr BN_new 3 ,
.Xr BN_with_flags 3
.Sh CAVEATS
No public interface exists to clear a flag once it is set.
So think twice before using
.Fn BN_set_flags .
Added jni/libressl/man/BN_set_negative.3.


















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
.\"	$OpenBSD: BN_set_negative.3,v 1.3 2016/12/10 21:13:25 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_SET_NEGATIVE 3
.Os
.Sh NAME
.Nm BN_set_negative ,
.Nm BN_is_negative
.Nd change and inspect the sign of a BIGNUM
.Sh SYNOPSIS
.Ft void
.Fo BN_set_negative
.Fa "BIGNUM *b"
.Fa "int n"
.Fc
.Ft int
.Fo BN_is_negative
.Fa "const BIGNUM *b"
.Fc
.Sh DESCRIPTION
.Fn BN_set_negative
sets
.Fa b
to negative if both
.Fa b
and
.Fa n
are non-zero, otherwise it sets it to positive.
.Pp
.Fn BN_is_negative
tests the sign of
.Fa b .
It is currently implemented as a macro.
.Sh RETURN VALUES
.Fn BN_is_negative
returns 1 if
.Fa b
is negative or 0 otherwise.
.Sh SEE ALSO
.Xr BN_add 3 ,
.Xr BN_new 3 ,
.Xr BN_set_bit 3 ,
.Xr BN_zero 3
Changes to jni/libressl/man/BN_swap.3.


















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23


















































.Dd $Mdocdate: June 16 2014 $
.Dt BN_SWAP 3
.Os
.Sh NAME
.Nm BN_swap
.Nd exchange BIGNUMs
.Sh SYNOPSIS
.In openssl/bn.h
.Ft void
.Fo BN_swap
.Fa "BIGNUM *a"
.Fa "BIGNUM *b"
.Fc
.Sh DESCRIPTION
.Fn BN_swap
exchanges the values of
.Fa a
and
.Fa b .
.Sh SEE ALSO
.Xr bn 3
.Sh HISTORY
BN_swap was added in OpenSSL 0.9.7.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



















|


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
.\"	$OpenBSD: BN_swap.3,v 1.4 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Bodo Moeller <bodo@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_SWAP 3
.Os
.Sh NAME
.Nm BN_swap
.Nd exchange BIGNUMs
.Sh SYNOPSIS
.In openssl/bn.h
.Ft void
.Fo BN_swap
.Fa "BIGNUM *a"
.Fa "BIGNUM *b"
.Fc
.Sh DESCRIPTION
.Fn BN_swap
exchanges the values of
.Fa a
and
.Fa b .
.Sh SEE ALSO
.Xr BN_new 3
.Sh HISTORY
BN_swap was added in OpenSSL 0.9.7.
Changes to jni/libressl/man/BN_zero.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: September 10 2002 $
.Dt BN_ZERO 3
.Os
.Sh NAME
.Nm BN_zero ,
.Nm BN_one ,
.Nm BN_value_one ,
.Nm BN_set_word ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: BN_zero.3,v 1.6 2016/12/10 21:13:25 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_ZERO 3
.Os
.Sh NAME
.Nm BN_zero ,
.Nm BN_one ,
.Nm BN_value_one ,
.Nm BN_set_word ,
70
71
72
73
74
75
76
77
78



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
.Fn BN_one ,
and
.Fn BN_set_word
return 1 on success, 0 otherwise.
.Fn BN_value_one
returns the constant.
.Sh SEE ALSO
.Xr bn 3 ,
.Xr BN_bn2bin 3



.Sh HISTORY
.Fn BN_zero ,
.Fn BN_one ,
and
.Fn BN_set_word
are available in all versions of SSLeay and OpenSSL.
.Fn BN_value_one
and
.Fn BN_get_word
were added in SSLeay 0.8.
.Pp
.Fn BN_value_one
was changed to return a true
.Vt const BIGNUM *
in OpenSSL 0.9.7.
.Sh BUGS
Someone might change the constant.
.Pp
If a
.Vt BIGNUM
is equal to 0xffffffffL it can be represented as an
.Vt unsigned long
but this value is also returned on error.







<
|
>
>
>




















|


120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
.Fn BN_one ,
and
.Fn BN_set_word
return 1 on success, 0 otherwise.
.Fn BN_value_one
returns the constant.
.Sh SEE ALSO

.Xr BN_bn2bin 3 ,
.Xr BN_new 3 ,
.Xr BN_set_bit 3 ,
.Xr BN_set_negative 3
.Sh HISTORY
.Fn BN_zero ,
.Fn BN_one ,
and
.Fn BN_set_word
are available in all versions of SSLeay and OpenSSL.
.Fn BN_value_one
and
.Fn BN_get_word
were added in SSLeay 0.8.
.Pp
.Fn BN_value_one
was changed to return a true
.Vt const BIGNUM *
in OpenSSL 0.9.7.
.Sh BUGS
Someone might change the constant.
.Pp
If a
.Vt BIGNUM
is equal to 0xffffffffL; it can be represented as an
.Vt unsigned long
but this value is also returned on error.
Changes to jni/libressl/man/BUF_MEM_new.3.






















































1
2
3
4
5
6
7


8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24











25
26
27
28
29
30
31






















































.Dd $Mdocdate: September 22 2015 $
.Dt BUF_MEM_NEW 3
.Os
.Sh NAME
.Nm BUF_MEM_new ,
.Nm BUF_MEM_free ,
.Nm BUF_MEM_grow ,


.Nm BUF_strdup
.Nd simple character arrays structure
.Sh SYNOPSIS
.In openssl/buffer.h
.Ft BUF_MEM *
.Fo BUF_MEM_new
.Fa void
.Fc
.Ft void
.Fo BUF_MEM_free
.Fa "BUF_MEM *a"
.Fc
.Ft int
.Fo BUF_MEM_grow
.Fa "BUF_MEM *str"
.Fa "size_t len"
.Fc











.Ft char *
.Fo BUF_strdup
.Fa "const char *str"
.Fc
.Sh DESCRIPTION
The buffer library handles simple character arrays.
Buffers are used for various purposes in the library, most notably
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|






>
>

















>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
.\"	$OpenBSD: BUF_MEM_new.3,v 1.10 2016/12/16 08:49:43 schwarze Exp $
.\"	OpenSSL doc/crypto/buffer.pod 18edda0f Sep 20 03:28:54 2000 +0000
.\"	not merged: 74924dcb, 58e3457a, 21b0fa91, 7644a9ae
.\"	OpenSSL doc/crypto/BUF_MEM_new.pod 53934822 Jun 9 16:39:19 2016 -0400
.\"	not merged: c952780c, 91da5e77
.\"	OpenSSL doc/man3/BUF_MEM_new.pod 498180de Dec 12 15:35:09 2016 +0300
.\"
.\" This file was written by Ralf S. Engelschall <rse@openssl.org>.
.\" Copyright (c) 1999, 2000, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt BUF_MEM_NEW 3
.Os
.Sh NAME
.Nm BUF_MEM_new ,
.Nm BUF_MEM_free ,
.Nm BUF_MEM_grow ,
.Nm BUF_MEM_grow_clean ,
.Nm BUF_reverse ,
.Nm BUF_strdup
.Nd simple character arrays structure
.Sh SYNOPSIS
.In openssl/buffer.h
.Ft BUF_MEM *
.Fo BUF_MEM_new
.Fa void
.Fc
.Ft void
.Fo BUF_MEM_free
.Fa "BUF_MEM *a"
.Fc
.Ft int
.Fo BUF_MEM_grow
.Fa "BUF_MEM *str"
.Fa "size_t len"
.Fc
.Ft size_t
.Fo BUF_MEM_grow_clean
.Fa "BUF_MEM *str"
.Fa "size_t len"
.Fc
.Ft void
.Fo BUF_reverse
.Fa "unsigned char *out"
.Fa "const unsigned char *in"
.Fa "size_t len"
.Fc
.Ft char *
.Fo BUF_strdup
.Fa "const char *str"
.Fc
.Sh DESCRIPTION
The buffer library handles simple character arrays.
Buffers are used for various purposes in the library, most notably
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60





61
62
63
64
65



















66
67
68
69
70
71
72
	size_t length;	/* current number of bytes */
	char *data;
	size_t max;	/* size of buffer */
} BUF_MEM;
.Ed
.Pp
.Fa length
is the current size of the buffer in bytes,
.Fa max
is the amount of memory allocated to the buffer.
There are three functions which handle these and one
.Dq miscellaneous
function.
.Pp
.Fn BUF_MEM_new
allocates a new buffer of zero size.
.Pp
.Fn BUF_MEM_free
frees up an already existing buffer.
The data is zeroed before freeing up in case the buffer contains
sensitive data.





.Pp
.Fn BUF_MEM_grow
changes the size of an already existing buffer to
.Fa len .
Any data already in the buffer is preserved if it increases in size.



















.Pp
.Fn BUF_strdup
copies a NUL terminated string into a block of allocated memory and
returns a pointer to the allocated block.
Unlike the system
.Xr strdup 3
function,







|


|
<
<








>
>
>
>
>





>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







107
108
109
110
111
112
113
114
115
116
117


118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
	size_t length;	/* current number of bytes */
	char *data;
	size_t max;	/* size of buffer */
} BUF_MEM;
.Ed
.Pp
.Fa length
is the current size of the buffer in bytes;
.Fa max
is the amount of memory allocated to the buffer.
There are three functions which handle these and one miscellaneous function.


.Pp
.Fn BUF_MEM_new
allocates a new buffer of zero size.
.Pp
.Fn BUF_MEM_free
frees up an already existing buffer.
The data is zeroed before freeing up in case the buffer contains
sensitive data.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn BUF_MEM_grow
changes the size of an already existing buffer to
.Fa len .
Any data already in the buffer is preserved if it increases in size.
.Pp
.Fn BUF_MEM_grow_clean
is similar to
.Fn BUF_MEM_grow ,
but it sets any freed or additionally allocated memory to zero.
.Pp
.Fn BUF_reverse
reverses
.Fa len
bytes at
.Fa in
into
.Fa out .
If
.Fa in
is
.Dv NULL ,
.Fa out
is reversed in place.
.Pp
.Fn BUF_strdup
copies a NUL terminated string into a block of allocated memory and
returns a pointer to the allocated block.
Unlike the system
.Xr strdup 3
function,
86
87
88
89
90
91
92


93
94
95
96
97
98
99
100
101
102
103
104
.Sh RETURN VALUES
.Fn BUF_MEM_new
returns the buffer or
.Dv NULL
on error.
.Pp
.Fn BUF_MEM_grow


returns zero on error or the new size (i.e.
.Fa len Ns ).
.Sh SEE ALSO
.Xr bio 3
.Sh HISTORY
.Fn BUF_MEM_new ,
.Fn BUF_MEM_free
and
.Fn BUF_MEM_grow
are available in all versions of SSLeay and OpenSSL.
.Fn BUF_strdup
was added in SSLeay 0.8.







>
>
|
|

|








175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
.Sh RETURN VALUES
.Fn BUF_MEM_new
returns the buffer or
.Dv NULL
on error.
.Pp
.Fn BUF_MEM_grow
and
.Fn BUF_MEM_grow_clean
return zero on error or the new size (i.e.\&
.Fa len ) .
.Sh SEE ALSO
.Xr BIO_new 3
.Sh HISTORY
.Fn BUF_MEM_new ,
.Fn BUF_MEM_free
and
.Fn BUF_MEM_grow
are available in all versions of SSLeay and OpenSSL.
.Fn BUF_strdup
was added in SSLeay 0.8.
Deleted jni/libressl/man/CMS_add0_cert.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_ADD0_CERT 3
.Os
.Sh NAME
.Nm CMS_add0_cert ,
.Nm CMS_add1_cert ,
.Nm CMS_get1_certs ,
.Nm CMS_add0_crl ,
.Nm CMS_add1_crl ,
.Nm CMS_get1_crls
.Nd CMS certificate and CRL utility functions
.Sh SYNOPSIS
.In openssl/cms.h
.Ft int
.Fo CMS_add0_cert
.Fa "CMS_ContentInfo *cms"
.Fa "X509 *cert"
.Fc
.Ft int
.Fo CMS_add1_cert
.Fa "CMS_ContentInfo *cms"
.Fa "X509 *cert"
.Fc
.Ft STACK_OF(X509) *
.Fo CMS_get1_certs
.Fa "CMS_ContentInfo *cms"
.Fc
.Ft int
.Fo CMS_add0_crl
.Fa "CMS_ContentInfo *cms"
.Fa "X509_CRL *crl"
.Fc
.Ft int
.Fo CMS_add1_crl
.Fa "CMS_ContentInfo *cms"
.Fa "X509_CRL *crl"
.Fc
.Ft STACK_OF(X509_CRL) *
.Fo CMS_get1_crls
.Fa "CMS_ContentInfo *cms"
.Fc
.Sh DESCRIPTION
.Fn CMS_add0_cert
and
.Fn CMS_add1_cert
add certificate
.Fa cert
to
.Fa cms .
.Fa cms
must be of type signed data or enveloped data.
.Pp
.Fn CMS_get1_certs
returns all certificates in
.Fa cms .
.Pp
.Fn CMS_add0_crl
and
.Fn CMS_add1_crl
add CRL
.Fa crl
to
.Fa cms .
.Fn CMS_get1_crls
returns any CRLs in
.Fa cms .
.Sh NOTES
The
.Vt CMS_ContentInfo
structure
.Fa cms
must be of type signed data or enveloped data or an error will be
returned.
.Pp
For signed data, certificates and CRLs are added to the
.Fa certificates
and
.Fa crls
fields of the SignedData structure.
For enveloped data, they are added to
.Fa OriginatorInfo .
.Pp
As the
.Sq 0
implies,
.Fn CMS_add0_cert
adds
.Fa cert
internally to
.Fa cms
and it must not be freed up after the call, as opposed to
.Fn CMS_add1_cert
where
.Fa cert
must be freed up.
.Pp
The same certificate or CRL must not be added to the same cms structure
more than once.
.Sh RETURN VALUES
.Fn CMS_add0_cert ,
.Fn CMS_add1_cert ,
.Fn CMS_add0_crl ,
and
.Fn CMS_add1_crl
return 1 for success and 0 for failure.
.Pp
.Fn CMS_get1_certs
and
.Fn CMS_get1_crls
return the STACK of certificates or CRLs or
.Dv NULL
if there are none or an error occurs.
The only error which will occur in practice is if the
.Fa cms
type is invalid.
.Sh SEE ALSO
.Xr CMS_encrypt 3 ,
.Xr CMS_sign 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_add0_cert ,
.Fn CMS_add1_cert ,
.Fn CMS_get1_certs ,
.Fn CMS_add0_crl
and
.Fn CMS_get1_crls
were all first added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































































































Deleted jni/libressl/man/CMS_add1_recipient_cert.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_ADD1_RECIPIENT_CERT 3
.Os
.Sh NAME
.Nm CMS_add1_recipient_cert ,
.Nm CMS_add0_recipient_key
.Nd add recipients to a CMS enveloped data structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_RecipientInfo *
.Fo CMS_add1_recipient_cert
.Fa "CMS_ContentInfo *cms"
.Fa "X509 *recip"
.Fa "unsigned int flags"
.Fc
.Ft CMS_RecipientInfo *
.Fo CMS_add0_recipient_key
.Fa "CMS_ContentInfo *cms"
.Fa "int nid"
.Fa "unsigned char *key"
.Fa "size_t keylen"
.Fa "unsigned char *id"
.Fa "size_t idlen"
.Fa "ASN1_GENERALIZEDTIME *date"
.Fa "ASN1_OBJECT *otherTypeId"
.Fa "ASN1_TYPE *otherType"
.Fc
.Sh DESCRIPTION
.Fn CMS_add1_recipient_cert
adds recipient
.Fa recip
to the
.Vt CMS_ContentInfo
enveloped data structure
.Fa cms
as a KeyTransRecipientInfo structure.
.Pp
.Fn CMS_add0_recipient_key
adds the symmetric key
.Fa key
of length
.Fa keylen
using the wrapping algorithm
.Fa nid ,
identifier
.Fa id
of length
.Fa idlen
and optional values
.Fa date ,
.Fa otherTypeId ,
and
.Fa otherType
to the
.Vt CMS_ContentInfo
enveloped data structure
.Fa cms
as a KEKRecipientInfo structure.
.Pp
The
.Vt CMS_ContentInfo
structure should be obtained from an initial call to
.Xr CMS_encrypt 3
with the flag
.Dv CMS_PARTIAL
set.
.Sh NOTES
The main purpose of this function is to provide finer control over a CMS
enveloped data structure where the simpler
.Xr CMS_encrypt 3
function defaults are not appropriate.
For example if one or more KEKRecipientInfo structures need to be added.
New attributes can also be added using the returned
.Vt CMS_RecipientInfo
structure and the CMS attribute utility functions.
.Pp
OpenSSL will by default identify recipient certificates using issuer
name and serial number.
If
.Dv CMS_USE_KEYID
is set, it will use the subject key identifier value instead.
An error occurs if all recipient certificates do not have a subject key
identifier extension.
.Pp
Currently only AES based key wrapping algorithms are supported for
.Fa nid ,
specifically:
.Dv NID_id_aes128_wrap ,
.Dv NID_id_aes192_wrap ,
and
.Dv NID_id_aes256_wrap .
If
.Fa nid
is set to
.Dv NID_undef ,
then an AES wrap algorithm will be used consistent with
.Fa keylen .
.Sh RETURN VALUES
.Fn CMS_add1_recipient_cert
and
.Fn CMS_add0_recipient_key
return an internal pointer to the
.Vt CMS_RecipientInfo
structure just added or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr CMS_decrypt 3 ,
.Xr CMS_final 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_add1_recipient_cert
and
.Fn CMS_add0_recipient_key
were added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






































































































































































































































Deleted jni/libressl/man/CMS_add1_signer.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_SIGN_ADD1_SIGNER 3
.Os
.Sh NAME
.Nm CMS_add1_signer ,
.Nm CMS_SignerInfo_sign
.Nd add a signer to a CMS_ContentInfo signed data structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_SignerInfo *
.Fo CMS_add1_signer
.Fa "CMS_ContentInfo *cms"
.Fa "X509 *signcert"
.Fa "EVP_PKEY *pkey"
.Fa "const EVP_MD *md"
.Fa "unsigned int flags"
.Fc
.Ft int
.Fo CMS_SignerInfo_sign
.Fa "CMS_SignerInfo *si"
.Fc
.Sh DESCRIPTION
.Fn CMS_add1_signer
adds a signer with certificate
.Fa signcert
and private key
.Fa pkey
using message digest
.Fa md
to the
.Vt CMS_ContentInfo
SignedData structure
.Fa cms .
.Pp
The
.Vt CMS_ContentInfo
structure should be obtained from an initial call to
.Xr CMS_sign 3
with the flag
.Dv CMS_PARTIAL
set or in the case or re-signing a valid
.Vt CMS_ContentInfo
SignedData structure.
.Pp
If the
.Fa md
parameter is
.Dv NULL ,
then the default digest for the public key algorithm will be used.
.Pp
Unless the
.Dv CMS_REUSE_DIGEST
flag is set, the returned
.Vt CMS_ContentInfo
structure is not complete and must be finalized either by streaming
(if applicable) or a call to
.Xr CMS_final 3 .
.Pp
The
.Fn CMS_SignerInfo_sign
function will explicitly sign a
.Vt CMS_SignerInfo
structure, its main use is when
.Dv CMS_REUSE_DIGEST
and
.Dv CMS_PARTIAL
flags are both set.
.Sh NOTES
The main purpose of
.Fn CMS_add1_signer
is to provide finer control over a CMS signed data structure where the
simpler
.Xr CMS_sign 3
function defaults are not appropriate.
For example if multiple signers or non default digest algorithms are
needed.
New attributes can also be added using the returned
.Vt CMS_SignerInfo
structure and the CMS attribute utility functions or the CMS signed
receipt request functions.
.Pp
Any of the following flags (OR'ed together) can be passed in the
.Fa flags
parameter.
.Pp
If
.Dv CMS_REUSE_DIGEST
is set, then an attempt is made to copy the content digest value from the
.Dv CMS_ContentInfo
structure: to add a signer to an existing structure.
An error occurs if a matching digest value cannot be found to copy.
The returned
.Dv CMS_ContentInfo
structure will be valid and finalized when this flag is set.
.Pp
If
.Dv CMS_PARTIAL
is set in addition to
.Dv CMS_REUSE_DIGEST
then the
.Vt CMS_SignerInfo
structure will not be finalized so additional attributes can be added.
In this case an explicit call to
.Fn CMS_SignerInfo_sign
is needed to finalize it.
.Pp
If
.Dv CMS_NOCERTS
is set, the signer's certificate will not be included in the
.Vt CMS_ContentInfo
structure, the signer's certificate must still be supplied in the
.Fa signcert
parameter though.
This can reduce the size of the signature if the signers certificate can
be obtained by other means: for example a previously signed message.
.Pp
The SignedData structure includes several CMS signedAttributes including
the signing time, the CMS content type and the supported list of ciphers
in an SMIMECapabilities attribute.
If
.Dv CMS_NOATTR
is set, then no signedAttributes will be used.
If
.Dv CMS_NOSMIMECAP
is set, then just the SMIMECapabilities are omitted.
.Pp
OpenSSL will by default identify signing certificates using issuer name
and serial number.
If
.Dv CMS_USE_KEYID
is set, it will use the subject key identifier value instead.
An error occurs if the signing certificate does not have a subject key
identifier extension.
.Pp
If present, the SMIMECapabilities attribute indicates support for the
following algorithms in preference order: 256 bit AES, Gost R3411-94,
Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
RC2, DES and 40 bit RC2.
If any of these algorithms is not available then it will not be
included: for example the GOST algorithms will not be included if
the GOST ENGINE is not loaded.
.Pp
.Fn CMS_add1_signer
returns an internal pointer to the
.Dv CMS_SignerInfo
structure just added.
This can be used to set additional attributes before it is finalized.
.Sh RETURN VALUES
.Fn CMS_add1_signer
returns an internal pointer to the
.Vt CMS_SignerInfo
structure just added or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr CMS_final 3 ,
.Xr CMS_sign 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_add1_signer
was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


































































































































































































































































































































Deleted jni/libressl/man/CMS_compress.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_COMPRESS 3
.Os
.Sh NAME
.Nm CMS_compress
.Nd create a CMS CompressedData structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_ContentInfo *
.Fo CMS_compress
.Fa "BIO *in"
.Fa "int comp_nid"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_compress
creates and returns a CMS CompressedData structure.
.Fa comp_nid
is the compression algorithm to use or
.Dv NID_undef
to use the default algorithm (zlib compression).
.Fa in
is the content to be compressed.
.Fa flags
is an optional set of flags.
.Sh NOTES
The only currently supported compression algorithm is zlib using the NID
.Dv NID_zlib_compression .
.Pp
If zlib support is not compiled into OpenSSL then
.Fn CMS_compress
will return an error.
.Pp
If the
.Dv CMS_TEXT
flag is set, MIME headers for type
.Sy text/plain
are prepended to the data.
.Pp
Normally the supplied content is translated into MIME canonical format
(as required by the S/MIME specifications); if
.Dv CMS_BINARY
is set, no translation occurs.
This option should be used if the supplied data is in binary format;
otherwise the translation will corrupt it.
If
.Dv CMS_BINARY
is set then
.Dv CMS_TEXT
is ignored.
.Pp
If the
.Dv CMS_STREAM
flag is set a partial
.Vt CMS_ContentInfo
structure is returned suitable for streaming I/O: no data is read from
the
.Vt BIO
.Fa in .
.Pp
The compressed data is included in the
.Vt CMS_ContentInfo
structure, unless
.Dv CMS_DETACHED
is set, in which case it is omitted.
This is rarely used in practice and is not supported by
.Xr SMIME_write_CMS 3 .
.Sh NOTES
If the flag
.Dv CMS_STREAM
is set, the returned
.Vt CMS_ContentInfo
structure is
.Em not
complete and outputting its contents via a function that does not
properly finalize the
.Vt CMS_ContentInfo
structure will give unpredictable results.
.Pp
Several functions including
.Xr SMIME_write_CMS 3 ,
.Xr i2d_CMS_bio_stream 3 ,
.Xr PEM_write_bio_CMS_stream 3
finalize the structure.
Alternatively finalization can be performed by obtaining the streaming
ASN1
.Vt BIO
directly using
.Xr BIO_new_CMS 3 .
.Pp
Additional compression parameters such as the zlib compression level
cannot currently be set.
.Sh RETURN VALUES
.Fn CMS_compress
returns either a
.Vt CMS_ContentInfo
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_uncompress 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_compress
was added to OpenSSL 0.9.8.
The
.Dv CMS_STREAM
flag was first supported in OpenSSL 1.0.0.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































Deleted jni/libressl/man/CMS_decrypt.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_DECRYPT 3
.Os
.Sh NAME
.Nm CMS_decrypt
.Nd decrypt content from a CMS envelopedData structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft int
.Fo CMS_decrypt
.Fa "CMS_ContentInfo *cms"
.Fa "EVP_PKEY *pkey"
.Fa "X509 *cert"
.Fa "BIO *dcont"
.Fa "BIO *out"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_decrypt
extracts and decrypts the content from a CMS EnvelopedData structure.
.Fa pkey
is the private key of the recipient,
.Fa cert
is the recipient's certificate,
.Fa out
is a
.Vt BIO
to write the content to and
.Fa flags
is an optional set of flags.
.Pp
The
.Fa dcont
parameter is used in the rare case where the encrypted content is
detached.
It will normally be set to
.Dv NULL .
.Sh NOTES
.Xr OpenSSL_add_all_algorithms 3
(or equivalent) should be called before using this function or errors
about unknown algorithms will occur.
.Pp
Although the recipients certificate is not needed to decrypt the data it
is needed to locate the appropriate (of possible several) recipients in
the CMS structure.
.Pp
If
.Fa cert
is set to
.Dv NULL ,
all possible recipients are tried.
This case however is problematic.
To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
padding) all recipients are tried whether they succeed or not.
If no recipient succeeds then a random symmetric key is used to decrypt
the content: this will typically output garbage and may (but is not
guaranteed to) ultimately return a padding error only.
If
.Fn CMS_decrypt
just returned an error when all recipient encrypted keys failed to
decrypt an attacker could use this in a timing attack.
If the special flag
.Dv CMS_DEBUG_DECRYPT
is set then the above behaviour is modified and an error
.Em is
returned if no recipient encrypted key can be decrypted
.Em without
generating a random content encryption key.
Applications should use this flag with
.Sy extreme caution
especially in automated gateways as it can leave them open to attack.
.Pp
It is possible to determine the correct recipient key by other means
(for example looking them up in a database) and setting them in the CMS
structure in advance using the CMS utility functions such as
.Xr CMS_set1_pkey 3 .
In this case both
.Fa cert
and
.Fa pkey
should be set to
.Dv NULL .
.Pp
To process KEKRecipientInfo types
.Xr CMS_set1_key 3
or
.Xr CMS_RecipientInfo_set0_key 3
and
.Xr CMS_ReceipientInfo_decrypt 3
should be called before
.Fn CMS_decrypt
and
.Fa cert
and
.Fa pkey
set to
.Dv NULL .
.Pp
The following flags can be passed in the
.Fa flags
parameter:
.Pp
If the
.Dv CMS_TEXT
flag is set MIME headers for type
.Sy text/plain
are deleted from the content.
If the content is not of type
.Sy text/plain
then an error is returned.
.Sh RETURN VALUES
.Fn CMS_decrypt
returns either 1 for success or 0 for failure.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh BUGS
The lack of single pass processing and the need to hold all data in
memory as mentioned in
.Xr CMS_verify 3
also applies to
.Fn CMS_decrypt .
.Sh SEE ALSO
.Xr CMS_encrypt 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_decrypt
was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































































































Deleted jni/libressl/man/CMS_encrypt.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_ENCRYPT 3
.Os
.Sh NAME
.Nm CMS_encrypt
.Nd create a CMS envelopedData structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_ContentInfo *
.Fo CMS_encrypt
.Fa "STACK_OF(X509) *certs"
.Fa "BIO *in"
.Fa "const EVP_CIPHER *cipher"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_encrypt
creates and returns a CMS EnvelopedData structure.
.Fa certs
is a list of recipient certificates.
.Fa in
is the content to be encrypted.
.Fa cipher
is the symmetric cipher to use.
.Fa flags
is an optional set of flags.
.Sh NOTES
Only certificates carrying RSA keys are supported so the recipient
certificates supplied to this function must all contain RSA public keys,
though they do not have to be signed using the RSA algorithm.
.Pp
The algorithm passed in the
.Fa cipher
parameter must support ASN1 encoding of its parameters.
.Pp
Many browsers implement a "sign and encrypt" option which is simply an
S/MIME envelopedData containing an S/MIME signed message.
This can be readily produced by storing the S/MIME signed message in a
memory BIO and passing it to
.Fn CMS_encrypt .
.Pp
The following flags can be passed in the
.Fa flags
parameter:
.Pp
If the
.Dv CMS_TEXT
flag is set, MIME headers for type
.Sy text/plain
are prepended to the data.
.Pp
Normally the supplied content is translated into MIME canonical format
(as required by the S/MIME specifications); if
.Dv CMS_BINARY
is set, no translation occurs.
This option should be used if the supplied data is in binary format;
otherwise the translation will corrupt it.
If
.Dv CMS_BINARY
is set then
.Dv CMS_TEXT
is ignored.
.Pp
OpenSSL will by default identify recipient certificates using issuer
name and serial number.
If
.Dv CMS_USE_KEYID
is set, it will use the subject key identifier value instead.
An error occurs if all recipient certificates do not have a subject key
identifier extension.
.Pp
If the
.Dv CMS_STREAM
flag is set, a partial
.Vt CMS_ContentInfo
structure is returned suitable for streaming I/O: no data is read from the
.Vt BIO
.Fa in .
.Pp
If the
.Dv CMS_PARTIAL
flag is set, a partial
.Vt CMS_ContentInfo
structure is returned to which additional recipients and attributes can
be added before finalization.
.Pp
The data being encrypted is included in the
.Vt CMS_ContentInfo
structure, unless
.Dv CMS_DETACHED
is set, in which case it is omitted.
This is rarely used in practice and is not supported by
.Xr SMIME_write_CMS 3 .
.Pp
If the flag
.Dv CMS_STREAM
is set, the returned
.Vt CMS_ContentInfo
structure is
.Em not
complete and outputting its contents via a function that does not
properly finalize the
.Vt CMS_ContentInfo
structure will give unpredictable results.
.Pp
Several functions including
.Xr SMIME_write_CMS 3 ,
.Xr i2d_CMS_bio_stream 3 ,
.Xr PEM_write_bio_CMS_stream 3
finalize the structure.
Alternatively finalization can be performed by obtaining the streaming
ASN1
.Vt BIO
directly using
.Xr BIO_new_CMS 3 .
.Pp
The recipients specified in
.Fa certs
use a CMS KeyTransRecipientInfo info structure.
KEKRecipientInfo is also supported using the flag
.Dv CMS_PARTIAL
and
.Xr CMS_add0_recipient_key 3 .
.Pp
The parameter
.Fa certs
may be
.Dv NULL
if
.Dv CMS_PARTIAL
is set and recipients are added later using
.Xr CMS_add1_recipient_cert 3
or
.Xr CMS_add0_recipient_key 3 .
.Sh RETURN VALUES
.Fn CMS_encrypt
returns either a
.Vt CMS_ContentInfo
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_decrypt 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_encrypt
was added to OpenSSL 0.9.8.
The
.Dv CMS_STREAM
flag was first supported in OpenSSL 1.0.0.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















































































































































































































































































































Deleted jni/libressl/man/CMS_final.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_FINAL 3
.Os
.Sh NAME
.Nm CMS_final
.Nd finalise a CMS_ContentInfo structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft int
.Fo CMS_final
.Fa "CMS_ContentInfo *cms"
.Fa "BIO *data"
.Fa "BIO *dcont"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_final
finalises the structure
.Fa cms .
Its purpose is to perform any operations necessary on
.Fa cms
(digest computation for example) and set the appropriate fields.
The parameter
.Fa data
contains the content to be processed.
The
.Fa dcont
parameter contains a
.Vt BIO
to write content to after processing: this is
only used with detached data and will usually be set to
.Dv NULL .
.Sh NOTES
This function will normally be called when the
.Dv CMS_PARTIAL
flag is used.
It should only be used when streaming is not performed because the
streaming I/O functions perform finalisation operations internally.
.Sh RETURN VALUES
.Fn CMS_final
returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr CMS_encrypt 3 ,
.Xr CMS_sign 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_final
was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































Deleted jni/libressl/man/CMS_get0_RecipientInfos.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_GET0_RECIPIENTINFOS 3
.Os
.Sh NAME
.Nm CMS_get0_RecipientInfos ,
.Nm CMS_RecipientInfo_type ,
.Nm CMS_RecipientInfo_ktri_get0_signer_id ,
.Nm CMS_RecipientInfo_ktri_cert_cmp ,
.Nm CMS_RecipientInfo_set0_pkey ,
.Nm CMS_RecipientInfo_kekri_get0_id ,
.Nm CMS_RecipientInfo_kekri_id_cmp ,
.Nm CMS_RecipientInfo_set0_key ,
.Nm CMS_RecipientInfo_decrypt ,
.Nm CMS_RecipientInfo_encrypt
.Nd CMS envelopedData RecipientInfo routines
.Sh SYNOPSIS
.In openssl/cms.h
.Ft STACK_OF(CMS_RecipientInfo) *
.Fo CMS_get0_RecipientInfos
.Fa "CMS_ContentInfo *cms"
.Fc
.Ft int
.Fo CMS_RecipientInfo_type
.Fa "CMS_RecipientInfo *ri"
.Fc
.Ft int
.Fo CMS_RecipientInfo_ktri_get0_signer_id
.Fa "CMS_RecipientInfo *ri"
.Fa "ASN1_OCTET_STRING **keyid"
.Fa "X509_NAME **issuer"
.Fa "ASN1_INTEGER **sno"
.Fc
.Ft int
.Fo CMS_RecipientInfo_ktri_cert_cmp
.Fa "CMS_RecipientInfo *ri"
.Fa "X509 *cert"
.Fc
.Ft int
.Fo CMS_RecipientInfo_set0_pkey
.Fa "CMS_RecipientInfo *ri"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo CMS_RecipientInfo_kekri_get0_id
.Fa "CMS_RecipientInfo *ri"
.Fa "X509_ALGOR **palg"
.Fa "ASN1_OCTET_STRING **pid"
.Fa "ASN1_GENERALIZEDTIME **pdate"
.Fa "ASN1_OBJECT **potherid"
.Fa "ASN1_TYPE **pothertype"
.Fc
.Ft int
.Fo CMS_RecipientInfo_kekri_id_cmp
.Fa "CMS_RecipientInfo *ri"
.Fa "const unsigned char *id"
.Fa "size_t idlen"
.Fc
.Ft int
.Fo CMS_RecipientInfo_set0_key
.Fa "CMS_RecipientInfo *ri"
.Fa "unsigned char *key"
.Fa "size_t keylen"
.Fc
.Ft int
.Fo CMS_RecipientInfo_decrypt
.Fa "CMS_ContentInfo *cms"
.Fa "CMS_RecipientInfo *ri"
.Fc
.Sh DESCRIPTION
The function
.Fn CMS_get0_RecipientInfos
returns all the
.Vt CMS_RecipientInfo
structures associated with a CMS EnvelopedData structure.
.Pp
.Fn CMS_RecipientInfo_type
returns the type of the
.Vt CMS_RecipientInfo
structure
.Fa ri .
It will currently return
.Dv CMS_RECIPINFO_TRANS ,
.Dv CMS_RECIPINFO_AGREE ,
.Dv CMS_RECIPINFO_KEK ,
.Dv CMS_RECIPINFO_PASS ,
or
.Dv CMS_RECIPINFO_OTHER .
.Pp
.Fn CMS_RecipientInfo_ktri_get0_signer_id
retrieves the certificate recipient identifier associated with a
specific
.Vt CMS_RecipientInfo
structure
.Fa ri ,
which must be of type
.Dv CMS_RECIPINFO_TRANS .
Either the keyidentifier will be set in
.Fa keyid
or
.Em both
issuer name and serial number in
.Fa issuer
and
.Fa sno .
.Pp
.Fn CMS_RecipientInfo_ktri_cert_cmp
compares the certificate
.Fa cert
against the
.Vt CMS_RecipientInfo
structure
.Fa ri ,
which must be of type
.Dv CMS_RECIPINFO_TRANS .
It returns zero if the
comparison is successful and non zero if not.
.Pp
.Fn CMS_RecipientInfo_set0_pkey
associates the private key
.Fa pkey
with the
.Vt CMS_RecipientInfo
structure
.Fa ri ,
which must be of type
.Dv CMS_RECIPINFO_TRANS .
.Pp
.Fn CMS_RecipientInfo_kekri_get0_id
retrieves the key information from the
.Vt CMS_RecipientInfo
structure
.Fa ri
which must be of type
.Dv CMS_RECIPINFO_KEK .
Any of the remaining parameters can be
.Dv NULL
if the application is not interested in the value of a field.
Where a field is optional and absent,
.Dv NULL
will be written to the corresponding parameter.
The
.Sy keyEncryptionAlgorithm
field is written to
.Fa palg ,
the
.Sy keyIdentifier
field is written to
.Fa pid ,
the
.Sy date
field if present is written to
.Fa pdate ,
if the
.Sy other
field is present the components
.Sy keyAttrId
and
.Sy keyAttr
are written to the parameters
.Fa potherid
and
.Fa pothertype .
.Pp
.Fn CMS_RecipientInfo_kekri_id_cmp
compares the ID in the
.Fa id
and
.Fa idlen
parameters against the
.Sy keyIdentifier
.Vt CMS_RecipientInfo
structure
.Fa ri ,
which must be of type
.Dv CMS_RECIPINFO_KEK .
It returns zero if the comparison is successful and non zero if not.
.Pp
.Fn CMS_RecipientInfo_set0_key
associates the symmetric key
.Fa key
of length
.Fa keylen
with the
.Vt CMS_RecipientInfo
structure
.Fa ri ,
which must be of type
.Dv CMS_RECIPINFO_KEK .
.Pp
.Fn CMS_RecipientInfo_decrypt
attempts to decrypt the
.Vt CMS_RecipientInfo
structure
.Fa ri
in structure
.Fa cms .
A key must have been associated with the structure first.
.Sh NOTES
The main purpose of these functions is to enable an application to
lookup recipient keys using any appropriate technique when the simpler
method of
.Xr CMS_decrypt 3
is not appropriate.
.Pp
In typical usage, an application will retrieve all
.Vt CMS_RecipientInfo
structures using
.Fn CMS_get0_RecipientInfos
and check the type of each using
.Fn CMS_RecipientInfo_type .
Depending on the type, the
.Vt CMS_RecipientInfo
structure can be ignored or its key identifier data retrieved using
an appropriate function.
Then if the corresponding secret or private key can be obtained by any
appropriate means it can then associated with the structure and
.Xr CMS_RecpientInfo_decrypt 3
called.
If successful,
.Xr CMS_decrypt 3
can be called with a
.Dv NULL
key to decrypt the enveloped content.
.Sh RETURN VALUES
.Fn CMS_get0_RecipientInfos
returns all
.Vt CMS_RecipientInfo
structures, or
.Dv NULL
if an error occurs.
.Pp
.Fn CMS_RecipientInfo_ktri_get0_signer_id ,
.Fn CMS_RecipientInfo_set0_pkey ,
.Fn CMS_RecipientInfo_kekri_get0_id ,
.Fn CMS_RecipientInfo_set0_key ,
and
.Fn CMS_RecipientInfo_decrypt
return 1 for success or 0 if an error occurs.
.Pp
.Fn CMS_RecipientInfo_ktri_cert_cmp
and
.Fn CMS_RecipientInfo_kekri_id_cmp
return 0 for a successful comparison and non zero otherwise.
.Pp
Any error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_decrypt 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
These functions were first was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






















































































































































































































































































































































































































































































































Deleted jni/libressl/man/CMS_get0_SignerInfos.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_GET0_SIGNERINFOS 3
.Os
.Sh NAME
.Nm CMS_get0_SignerInfos ,
.Nm CMS_SignerInfo_get0_signer_id ,
.Nm CMS_SignerInfo_cert_cmp ,
.Nm CMS_set1_signer_certs
.Nd CMS signedData signer functions
.Sh SYNOPSIS
.In openssl/cms.h
.Ft STACK_OF(CMS_SignerInfo) *
.Fo CMS_get0_SignerInfos
.Fa "CMS_ContentInfo *cms"
.Fc
.Ft int
.Fo CMS_SignerInfo_get0_signer_id
.Fa "CMS_SignerInfo *si"
.Fa "ASN1_OCTET_STRING **keyid"
.Fa "X509_NAME **issuer"
.Fa "ASN1_INTEGER **sno"
.Fc
.Ft int
.Fo CMS_SignerInfo_cert_cmp
.Fa "CMS_SignerInfo *si"
.Fa "X509 *cert"
.Fc
.Ft void
.Fo CMS_SignerInfo_set1_signer_cert
.Fa "CMS_SignerInfo *si"
.Fa "X509 *signer"
.Fc
.Sh DESCRIPTION
The function
.Fn CMS_get0_SignerInfos
returns all the
.Vt CMS_SignerInfo
structures associated with a CMS signedData structure.
.Pp
.Fn CMS_SignerInfo_get0_signer_id
retrieves the certificate signer identifier associated with a specific
.Vt CMS_SignerInfo
structure
.Fa si .
Either the keyidentifier will be set in
.Fa keyid
or
.Em both
issuer name and serial number in
.Fa issuer
and
.Fa sno .
.Pp
.Fn CMS_SignerInfo_cert_cmp
compares the certificate
.Fa cert
against the signer identifier
.Fa si .
It returns zero if the comparison is successful and non zero if not.
.Pp
.Fn CMS_SignerInfo_set1_signer_cert
sets the signers certificate of
.Fa si
to
.Fa signer .
.Sh NOTES
The main purpose of these functions is to enable an application to
lookup signers certificates using any appropriate technique when the
simpler method of
.Xr CMS_verify 3
is not appropriate.
.Pp
In typical usage and application will retrieve all
.Vt CMS_SignerInfo
structures using
.Fn CMS_get0_SignerInfo
and retrieve the identifier information using CMS.
It will then obtain the signer certificate by some unspecified means
(or return and error if it cannot be found) and set it using
.Fn CMS_SignerInfo_set1_signer_cert .
.Pp
Once all signer certificates have been set,
.Xr CMS_verify 3
can be used.
.Pp
Although
.Fn CMS_get0_SignerInfos
can return
.Dv NULL
if an error occur
.Em or
if there are no signers, this is not a problem in practice because the
only error which can occur is if the
.Fa cms
structure is not of type signedData due to application error.
.Sh RETURN VALUES
.Fn CMS_get0_SignerInfos
returns all
.Vt CMS_SignerInfo
structures, or
.Dv NULL
if there are no signers or an error occurs.
.Pp
.Fn CMS_SignerInfo_get0_signer_id
returns 1 for success and 0 for failure.
.Pp
.Fn CMS_SignerInfo_cert_cmp
returns 0 for a successful comparison and non zero otherwise.
.Pp
.Fn CMS_SignerInfo_set1_signer_cert
does not return a value.
.Pp
Any error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_verify 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
These functions were first was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































































































































































Deleted jni/libressl/man/CMS_get0_type.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_GET0_TYPE 3
.Os
.Sh NAME
.Nm CMS_get0_type ,
.Nm CMS_set1_eContentType ,
.Nm CMS_get0_eContentType
.Nd get and set CMS content types
.Sh SYNOPSIS
.In openssl/cms.h
.Ft const ASN1_OBJECT *
.Fo CMS_get0_type
.Fa "CMS_ContentInfo *cms"
.Fc
.Ft int
.Fo CMS_set1_eContentType
.Fa "CMS_ContentInfo *cms"
.Fa "const ASN1_OBJECT *oid"
.Fc
.Ft const ASN1_OBJECT *
.Fo CMS_get0_eContentType
.Fa "CMS_ContentInfo *cms"
.Fc
.Sh DESCRIPTION
.Fn CMS_get0_type
returns the content type of a
.Vt CMS_ContentInfo
structure as an
.Vt ASN1_OBJECT
pointer.
An application can then decide how to process the
.Vt CMS_ContentInfo
structure based on this value.
.Pp
.Fn CMS_set1_eContentType
sets the embedded content type of a
.Vt CMS_ContentInfo
structure.
It should be called with CMS functions with the
.Dv CMS_PARTIAL
flag and
.Em before
the structure is finalised, otherwise the results are undefined.
.Pp
.Fn CMS_get0_eContentType
returns a pointer to the embedded content type.
.Sh NOTES
As the
.Sq 0
implies,
.Fn CMS_get0_type
and
.Fn CMS_get0_eContentType
return internal pointers which should
.Em not
be freed up.
.Fn CMS_set1_eContentType
copies the supplied OID and it
.Em should
be freed up after use.
.Pp
The
.Vt ASN1_OBJECT
values returned can be converted to an integer NID value using
.Xr OBJ_obj2nid 3 .
For the currently supported content types the following values are
returned:
.Bd -unfilled -offset indent
.Dv NID_pkcs7_data
.Dv NID_pkcs7_signed
.Dv NID_pkcs7_digest
.Dv NID_id_smime_ct_compressedData
.Dv NID_pkcs7_encrypted
.Dv NID_pkcs7_enveloped
.Ed
.Sh RETURN VALUES
.Fn CMS_get0_type
and
.Fn CMS_get0_eContentType
return an
.Vt ASN1_OBJECT
structure.
.Pp
.Fn CMS_set1_eContentType
returns 1 for success or 0 if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_get0_type ,
.Fn CMS_set1_eContentType ,
and
.Fn CMS_get0_eContentType
were all first added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































Deleted jni/libressl/man/CMS_get1_ReceiptRequest.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_GET1_RECEIPTREQUEST 3
.Os
.Sh NAME
.Nm CMS_ReceiptRequest_create0 ,
.Nm CMS_add1_ReceiptRequest ,
.Nm CMS_get1_ReceiptRequest ,
.Nm CMS_ReceiptRequest_get0_values
.Nd CMS signed receipt request functions
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_ReceiptRequest *
.Fo CMS_ReceiptRequest_create0
.Fa "unsigned char *id"
.Fa "int idlen"
.Fa "int allorfirst"
.Fa "STACK_OF(GENERAL_NAMES) *receiptList"
.Fa "STACK_OF(GENERAL_NAMES) *receiptsTo"
.Fc
.Ft int
.Fo CMS_add1_ReceiptRequest
.Fa "CMS_SignerInfo *si"
.Fa "CMS_ReceiptRequest *rr"
.Fc
.Ft int
.Fo CMS_get1_ReceiptRequest
.Fa "CMS_SignerInfo *si"
.Fa "CMS_ReceiptRequest **prr"
.Fc
.Ft void
.Fo CMS_ReceiptRequest_get0_values
.Fa "CMS_ReceiptRequest *rr"
.Fa "ASN1_STRING **pcid"
.Fa "int *pallorfirst"
.Fa "STACK_OF(GENERAL_NAMES) **plist"
.Fa "STACK_OF(GENERAL_NAMES) **prto"
.Fc
.Sh DESCRIPTION
.Fn CMS_ReceiptRequest_create0
creates a signed receipt request structure.
The
.Sy signedContentIdentifier
field is set using
.Fa id
and
.Fa idlen ,
or it is set to 32 bytes of pseudo random data if
.Fa id
is
.Dv NULL .
If
.Fa receiptList
is
.Dv NULL ,
the
.Sy allOrFirstTier
option in
.Sy receiptsFrom
is used and set to the value of the
.Fa allorfirst
parameter.
If
.Fa receiptList
is not
.Dv NULL ,
the
.Sy receiptList
option in
.Sy receiptsFrom
is used.
The
.Fa receiptsTo
parameter specifies the
.Sy receiptsTo
field value.
.Pp
The
.Fn CMS_add1_ReceiptRequest
function adds a signed receipt request
.Fa rr
to the
.Vt CMS_SignerInfo
structure
.Fa si .
.Pp
.Fn CMS_get1_ReceiptRequest
looks for a signed receipt request in
.Fa si .
If any is found, it is decoded and written to
.Fa prr .
.Pp
.Fn CMS_ReceiptRequest_get0_values
retrieves the values of a receipt request.
The signedContentIdentifier is copied to
.Fa pcid .
If the
.Sy allOrFirstTier
option of
.Sy receiptsFrom
is used, its value is copied to
.Fa pallorfirst ;
otherwise the
.Sy receiptList
field is copied to
.Fa plist .
The
.Sy receiptsTo
parameter is copied to
.Fa prto .
.Sh NOTES
For more details of the meaning of the fields see RFC2634.
.Pp
The contents of a signed receipt should only be considered meaningful if
the corresponding
.Vt CMS_ContentInfo
structure can be successfully verified using
.Xr CMS_verify 3 .
.Sh RETURN VALUES
.Fn CMS_ReceiptRequest_create0
returns a signed receipt request structure or
.Dv NULL
if an error occurred.
.Pp
.Fn CMS_add1_ReceiptRequest
returns 1 for success or 0 is an error occurred.
.Pp
.Fn CMS_get1_ReceiptRequest
returns 1 is a signed receipt request is found and decoded.
It returns 0 if a signed receipt request is not present and -1 if it is
present but malformed.
.Sh SEE ALSO
.Xr CMS_sign 3 ,
.Xr CMS_sign_receipt 3 ,
.Xr CMS_verify 3 ,
.Xr CMS_verify_receipt 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_ReceiptRequest_create0 ,
.Fn CMS_add1_ReceiptRequest ,
.Fn CMS_get1_ReceiptRequest ,
and
.Fn CMS_ReceiptRequest_get0_values
were added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































































































































Deleted jni/libressl/man/CMS_sign.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_SIGN 3
.Os
.Sh NAME
.Nm CMS_sign
.Nd create a CMS SignedData structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_ContentInfo *
.Fo CMS_sign
.Fa "X509 *signcert"
.Fa "EVP_PKEY *pkey"
.Fa "STACK_OF(X509) *certs"
.Fa "BIO *data"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_sign
creates and returns a CMS SignedData structure.
.Fa signcert
is the certificate to sign with,
.Fa pkey
is the corresponding private key.
.Fa certs
is an optional additional set of certificates to include in the CMS
structure (for example any intermediate CAs in the chain).
Any or all of these parameters can be
.Dv NULL ,
see
.Sx NOTES
below.
.Pp
The data to be signed is read from
.Fa data .
.Pp
.Fa flags
is an optional set of flags.
.Sh NOTES
Any of the following flags (OR'ed together) can be passed in the
.Fa flags
parameter.
.Pp
Many S/MIME clients expect the signed content to include valid MIME
headers.
If the
.Dv CMS_TEXT
flag is set, MIME headers for type
.Sy text/plain
are prepended to the data.
.Pp
If
.Dv CMS_NOCERTS
is set, the signer's certificate will not be included in the
.Vt CMS_ContentInfo
structure, the signer's certificate must still be supplied in the
.Fa signcert
parameter though.
This can reduce the size of the signature if the signers certificate can
be obtained by other means: for example a previously signed message.
.Pp
The data being signed is included in the
.Vt CMS_ContentInfo
structure, unless
.Dv CMS_DETACHED
is set, in which case it is omitted.
This is used for
.Vt CMS_ContentInfo
detached signatures which are used in S/MIME plaintext signed
messages for example.
.Pp
Normally the supplied content is translated into MIME canonical format
(as required by the S/MIME specifications); if
.Dv CMS_BINARY
is set, no translation occurs.
This option should be used if the supplied data is in binary format;
otherwise the translation will corrupt it.
.Pp
The SignedData structure includes several CMS signedAttributes including
the signing time, the CMS content type and the supported list of ciphers
in an SMIMECapabilities attribute.
If
.Dv CMS_NOATTR
is set, then no signedAttributes will be used.
If
.Dv CMS_NOSMIMECAP
is set, then just the SMIMECapabilities are omitted.
.Pp
If present, the SMIMECapabilities attribute indicates support for the
following algorithms in preference order: 256 bit AES, Gost R3411-94,
Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
RC2, DES and 40 bit RC2.
If any of these algorithms is not available, then it will not be
included: for example the GOST algorithms will not be included if
the GOST ENGINE is not loaded.
.Pp
OpenSSL will by default identify signing certificates using issuer name
and serial number.
If
.Dv CMS_USE_KEYID
is set, it will use the subject key identifier value instead.
An error occurs if the signing certificate does not have a subject key
identifier extension.
.Pp
If the flag
.Dv CMS_STREAM
is set, then the returned
.Vt CMS_ContentInfo
structure is just initialized ready to perform the signing operation.
The signing is however
.Em not
performed and the data to be signed is not read from the
.Fa data
parameter.
Signing is deferred until after the data has been written.
In this way, data can be signed in a single pass.
.Pp
If the
.Dv CMS_PARTIAL
flag is set, a partial
.Vt CMS_ContentInfo
structure is output to which additional signers and capabilities can be
added before finalization.
.Pp
If the flag
.Dv CMS_STREAM
is set, the returned
.Vt CMS_ContentInfo
structure is
.Em not
complete and outputting its contents via a function that does not
properly finalize the
.Vt CMS_ContentInfo
structure will give unpredictable results.
.Pp
Several functions including
.Xr SMIME_write_CMS 3 ,
.Xr i2d_CMS_bio_stream 3 ,
.Xr PEM_write_bio_CMS_stream 3
finalize the structure.
Alternatively finalization can be performed by obtaining the streaming
ASN1
.Vt BIO
directly using
.Xr BIO_new_CMS 3 .
.Pp
If a signer is specified, it will use the default digest for the signing
algorithm.
This is SHA1 for both RSA and DSA keys.
.Pp
If
.Fa signcert
and
.Fa pkey
are
.Dv NULL ,
then a certificates only CMS structure is output.
.Pp
The function
.Fn CMS_sign
is a basic CMS signing function whose output will be suitable for many
purposes.
For finer control of the output format the
.Fa certs ,
.Fa signcert
and
.Fa pkey
parameters can all be
.Dv NULL
and the
.Dv CMS_PARTIAL
flag set.
Then one or more signers can be added using the function
.Xr CMS_sign_add1_signer 3 ,
non default digests can be used and custom attributes added.
.Xr CMS_final 3
must then be called to finalize the structure if streaming is not
enabled.
.Sh RETURN VALUES
.Fn CMS_sign
returns either a valid
.Vt CMS_ContentInfo
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_verify 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_sign
was added to OpenSSL 0.9.8.
.Pp
The
.Dv CMS_STREAM
flag is only supported for detached data in OpenSSL 0.9.8.
It is supported for embedded data in OpenSSL 1.0.0 and later.
.Sh BUGS
Some attributes such as counter signatures are not supported.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































































































































































































































































































































Deleted jni/libressl/man/CMS_sign_receipt.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_SIGN_RECEIPT 3
.Os
.Sh NAME
.Nm CMS_sign_receipt
.Nd create a CMS signed receipt
.Sh SYNOPSIS
.In openssl/cms.h
.Ft CMS_ContentInfo *
.Fo CMS_sign_receipt
.Fa "CMS_SignerInfo *si"
.Fa "X509 *signcert"
.Fa "EVP_PKEY *pkey"
.Fa "STACK_OF(X509) *certs"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_sign_receipt
creates and returns a CMS signed receipt structure.
.Fa si
is the
.Vt CMS_SignerInfo
structure containing the signed receipt request.
.Fa signcert
is the certificate to sign with,
.Fa pkey
is the corresponding private key.
.Fa certs
is an optional additional set of certificates to include in the CMS
structure (for example any intermediate CAs in the chain).
.Pp
.Fa flags
is an optional set of flags.
.Sh NOTES
This functions behaves in a similar way to
.Xr CMS_sign 3
except the flag values
.Dv CMS_DETACHED ,
.Dv CMS_BINARY ,
.Dv CMS_NOATTR ,
.Dv CMS_TEXT ,
and
.Dv CMS_STREAM
are not supported, since they do not make sense in the context of
signed receipts.
.Sh RETURN VALUES
.Fn CMS_sign_receipt
returns either a valid
.Vt CMS_ContentInfo
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_sign 3 ,
.Xr CMS_verify_receipt 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_sign_receipt
was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


























































































































Deleted jni/libressl/man/CMS_uncompress.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_UNCOMPRESS 3
.Os
.Sh NAME
.Nm CMS_uncompress
.Nd uncompress a CMS CompressedData structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft int
.Fo CMS_uncompress
.Fa "CMS_ContentInfo *cms"
.Fa "BIO *dcont"
.Fa "BIO *out"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_uncompress
extracts and uncompresses the content from a CMS CompressedData
structure
.Fa cms .
.Fa data
is a
.Vt BIO
to write the content to and
.Fa flags
is an optional set of flags.
.Pp
The
.Fa dcont
parameter is used in the rare case where the compressed content is
detached.
It will normally be set to
.Dv NULL .
.Sh NOTES
The only currently supported compression algorithm is zlib: if the
structure indicates the use of any other algorithm, an error is returned.
.Pp
If zlib support is not compiled into OpenSSL, then
.Fn CMS_uncompress
will always return an error.
.Pp
The following flags can be passed in the
.Fa flags
parameter:
.Pp
If the
.Dv CMS_TEXT
flag is set, MIME headers for type
.Sy text/plain
are deleted from the content.
If the content is not of type
.Sy text/plain ,
then an error is returned.
.Sh RETURN VALUES
.Fn CMS_uncompress
returns either 1 for success or 0 for failure.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_compress 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_uncompress
was added to OpenSSL 0.9.8.
.Sh BUGS
The lack of single pass processing and the need to hold all data in
memory as mentioned in
.Xr CMS_verify 3
also applies to
.Xr CMS_decompress 3 .
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












































































































































Deleted jni/libressl/man/CMS_verify.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_VERIFY 3
.Os
.Sh NAME
.Nm CMS_verify ,
.Nm CMS_get0_signers
.Nd verify a CMS SignedData structure
.Sh SYNOPSIS
.In openssl/cms.h
.Ft int
.Fo CMS_verify
.Fa "CMS_ContentInfo *cms"
.Fa "STACK_OF(X509) *certs"
.Fa "X509_STORE *store"
.Fa "BIO *indata"
.Fa "BIO *out"
.Fa "unsigned int flags"
.Fc
.Ft STACK_OF(X509) *
.Fo CMS_get0_signers
.Fa "CMS_ContentInfo *cms"
.Fc
.Sh DESCRIPTION
.Fn CMS_verify
verifies a CMS SignedData structure.
.Fa cms
is the
.Vt CMS_ContentInfo
structure to verify.
.Fa certs
is a set of certificates in which to search for the signing
certificate(s).
.Fa store
is a trusted certificate store used for chain verification.
.Fa indata
is the detached content if the content is not present in
.Fa cms .
The content is written to
.Fa out
if it is not
.Dv NULL .
.Pp
.Fa flags
is an optional set of flags, which can be used to modify the verify
operation.
.Pp
.Fn CMS_get0_signers
retrieves the signing certificate(s) from
.Fa cms ,
it must be called after a successful
.Fn CMS_verify
operation.
.Sh VERIFY PROCESS
Normally the verify process proceeds as follows.
.Pp
Initially some sanity checks are performed on
.Fa cms .
The type of
.Fa cms
must be SignedData.
There must be at least one signature on the data and if the content is
detached
.Fa indata
cannot be
.Dv NULL .
.Pp
An attempt is made to locate all the signing certificate(s), first
looking in the
.Fa certs
parameter (if it is not
.Dv NULL )
and then looking in any certificates contained in the
.Fa cms
structure itself.
If no signing certificate can be located, the operation fails.
.Pp
Each signing certificate is chain verified using the
.Sy smimesign
purpose and the supplied trusted certificate store.
Any internal certificates in the message are used as untrusted CAs.
If CRL checking is enabled in
.Fa store ,
any internal CRLs are used in addition to attempting to look them up in
.Fa store .
If any chain verify fails, an error code is returned.
.Pp
Finally the signed content is read (and written to
.Fa out
is it is not
.Dv NULL )
and the signature is checked.
.Pp
If all signatures verify correctly, then the function is successful.
.Pp
Any of the following flags (OR'ed together) can be passed in the
.Fa flags
parameter to change the default verify behaviour.
.Pp
If
.Dv CMS_NOINTERN
is set, the certificates in the message itself are not searched when
locating the signing certificate(s).
This means that all the signing certificates must be in the
.Fa certs
parameter.
.Pp
If
.Dv CMS_NOCRL
is set, and CRL checking is enabled in
.Fa store ,
then any CRLs in the message itself are ignored.
.Pp
If the
.Dv CMS_TEXT
flag is set, MIME headers for type
.Sy text/plain
are deleted from the content.
If the content is not of type
.Sy text/plain ,
then an error is returned.
.Pp
If
.Dv CMS_NO_SIGNER_CERT_VERIFY
is set, the signing certificates are not verified.
.Pp
If
.Dv CMS_NO_ATTR_VERIFY
is set, the signed attributes signature is not verified.
.Pp
If
.Dv CMS_NO_CONTENT_VERIFY
is set, then the content digest is not checked.
.Sh NOTES
One application of
.Dv CMS_NOINTERN
is to only accept messages signed by a small number of certificates.
The acceptable certificates would be passed in the
.Fa certs
parameter.
In this case, if the signer is not one of the certificates supplied in
.Fa certs ,
then the verify will fail because the signer cannot be found.
.Pp
In some cases the standard techniques for looking up and validating
certificates are not appropriate: for example an application may wish to
lookup certificates in a database or perform customised verification.
This can be achieved by setting and verifying the signers certificates
manually using the signed data utility functions.
.Pp
Care should be taken when modifying the default verify behaviour, for
example setting
.Dv CMS_NO_CONTENT_VERIFY
will totally disable all content verification and any modified content
will be considered valid.
This combination is however useful if one merely wishes to write the
content to
.Fa out
and its validity is not considered important.
.Pp
Chain verification should arguably be performed using the signing time
rather than the current time.
However since the signing time is supplied by the signer it cannot be
trusted without additional evidence (such as a trusted timestamp).
.Sh RETURN VALUES
.Fn CMS_verify
returns 1 for a successful verification and zero if an error occurred.
.Pp
.Fn CMS_get0_signers
returns all signers or
.Dv NULL
if an error occurred.
.Pp
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_sign 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_verify
was added to OpenSSL 0.9.8.
.Sh BUGS
The trusted certificate store is not searched for the signing
certificate, this is primarily due to the inadequacies of the current
.Vt X509_STORE
functionality.
.Pp
The lack of single pass processing means that the signed content must
all be held in memory if it is not detached.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
























































































































































































































































































































































































Deleted jni/libressl/man/CMS_verify_receipt.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
.Dd $Mdocdate: March 21 2015 $
.Dt CMS_VERIFY_RECEIPT 3
.Os
.Sh NAME
.Nm CMS_verify_receipt
.Nd verify a CMS signed receipt
.Sh SYNOPSIS
.In openssl/cms.h
.Ft int
.Fo CMS_verify_receipt
.Fa "CMS_ContentInfo *rcms"
.Fa "CMS_ContentInfo *ocms"
.Fa "STACK_OF(X509) *certs"
.Fa "X509_STORE *store"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
.Fn CMS_verify_receipt
verifies a CMS signed receipt.
.Fa rcms
is the signed receipt to verify.
.Fa ocms
is the original SignedData structure containing the receipt request.
.Fa certs
is a set of certificates in which to search for the signing certificate.
.Fa store
is a trusted certificate store (used for chain verification).
.Pp
.Fa flags
is an optional set of flags, which can be used to modify the verify
operation.
.Sh NOTES
This functions behaves in a similar way to
.Xr CMS_verify 3
except the flag values
.Dv CMS_DETACHED ,
.Dv CMS_BINARY ,
.Dv CMS_TEXT ,
and
.Dv CMS_STREAM
are not supported since they do not make sense in the context of signed
receipts.
.Sh RETURN VALUES
.Fn CMS_verify_receipt
returns 1 for a successful verification and zero if an error occurred.
.Pp
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr CMS_sign_receipt 3 ,
.Xr CMS_verify 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn CMS_verify_receipt
was added to OpenSSL 0.9.8.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































Changes to jni/libressl/man/CMakeLists.txt.
1
2
3
4
5
6
7
8
9
install(DIRECTORY .
    DESTINATION share/man/man3
    FILES_MATCHING PATTERN "*.3"
    )

install(DIRECTORY .
    DESTINATION share/man/man1
    FILES_MATCHING PATTERN "*.1"
    )

|




|


1
2
3
4
5
6
7
8
9
install(DIRECTORY .
    DESTINATION ${CMAKE_INSTALL_MANDIR}/man3
    FILES_MATCHING PATTERN "*.3"
    )

install(DIRECTORY .
    DESTINATION ${CMAKE_INSTALL_MANDIR}/man1
    FILES_MATCHING PATTERN "*.1"
    )
Changes to jni/libressl/man/CONF_modules_free.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: March 21 2015 $
.Dt CONF_MODULES_FREE 3
.Os
.Sh NAME
.Nm CONF_modules_free ,
.Nm CONF_modules_finish ,
.Nm CONF_modules_unload
.Nd OpenSSL configuration cleanup functions
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: CONF_modules_free.3,v 1.4 2016/11/20 19:45:17 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2004, 2006 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 20 2016 $
.Dt CONF_MODULES_FREE 3
.Os
.Sh NAME
.Nm CONF_modules_free ,
.Nm CONF_modules_finish ,
.Nm CONF_modules_unload
.Nd OpenSSL configuration cleanup functions
20
21
22
23
24
25
26


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
.Fo CONF_modules_unload
.Fa "int all"
.Fc
.Sh DESCRIPTION
.Fn CONF_modules_free
closes down and frees up all memory allocated by all configuration
modules.


.Pp
.Fn CONF_modules_finish
calls the configuration
.Sy finish
handler of each configuration module to free up any configuration
that module may have performed.
.Pp
.Fn CONF_modules_unload
finishes and unloads configuration modules.
If
.Fa all
is set to 0, only modules loaded from DSOs will be unloaded.
If
.Fa all
is 1, all modules, including builtin modules, will be unloaded.
.Sh NOTES
Normally applications will only call
.Fn CONF_modules_free
at application to tidy up any configuration performed.
.Sh RETURN VALUE
None of the functions return a value.
.Sh SEE ALSO
.Xr CONF_modules_load_file 3 ,
.Xr OPENSSL_config 3
.Sh HISTORY
.Fn CONF_modules_free ,
.Fn CONF_modules_unload ,
and
.Fn CONF_modules_finish
first appeared in OpenSSL 0.9.7.







>
>















<
<
<
<
<
<









70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93






94
95
96
97
98
99
100
101
102
.Fo CONF_modules_unload
.Fa "int all"
.Fc
.Sh DESCRIPTION
.Fn CONF_modules_free
closes down and frees up all memory allocated by all configuration
modules.
Normally applications will only call this function
at application exit to tidy up any configuration performed.
.Pp
.Fn CONF_modules_finish
calls the configuration
.Sy finish
handler of each configuration module to free up any configuration
that module may have performed.
.Pp
.Fn CONF_modules_unload
finishes and unloads configuration modules.
If
.Fa all
is set to 0, only modules loaded from DSOs will be unloaded.
If
.Fa all
is 1, all modules, including builtin modules, will be unloaded.






.Sh SEE ALSO
.Xr CONF_modules_load_file 3 ,
.Xr OPENSSL_config 3
.Sh HISTORY
.Fn CONF_modules_free ,
.Fn CONF_modules_unload ,
and
.Fn CONF_modules_finish
first appeared in OpenSSL 0.9.7.
Changes to jni/libressl/man/CONF_modules_load_file.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: October 09 2015 $
.Dt CONF_MODULES_LOAD_FILE 3
.Os
.Sh NAME
.Nm CONF_modules_load_file ,
.Nm CONF_modules_load
.Nd OpenSSL configuration functions
.Sh SYNOPSIS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: CONF_modules_load_file.3,v 1.5 2016/12/11 18:06:09 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt CONF_MODULES_LOAD_FILE 3
.Os
.Sh NAME
.Nm CONF_modules_load_file ,
.Nm CONF_modules_load
.Nd OpenSSL configuration functions
.Sh SYNOPSIS
18
19
20
21
22
23
24
25
26


27
28
29
30
31
32
33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
.Fa "const CONF *cnf"
.Fa "const char *appname"
.Fa "unsigned long flags"
.Fc
.Sh DESCRIPTION
The function
.Fn CONF_modules_load_file
configures OpenSSL using file
.Fa filename


and application name
.Fa appname .
If
.Fa filename
is
.Dv NULL ,
the standard OpenSSL configuration file is used.


If
.Fa appname
is
.Dv NULL ,
the standard OpenSSL application name
.Qq openssl_conf
is used.
The behaviour can be cutomized using
.Fa flags .
.Pp
.Fn CONF_modules_load
is idential to
.Fn CONF_modules_load_file
except it reads configuration information from
.Fa cnf .
.Pp
The following
.Fa flags
are currently recognized:







|

>
>
|





|
>
>







|



|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
.Fa "const CONF *cnf"
.Fa "const char *appname"
.Fa "unsigned long flags"
.Fc
.Sh DESCRIPTION
The function
.Fn CONF_modules_load_file
configures OpenSSL using the file
.Fa filename
in
.Xr openssl.cnf 5
format and the application name
.Fa appname .
If
.Fa filename
is
.Dv NULL ,
the standard OpenSSL configuration file
.Pa /etc/ssl/openssl.cnf
is used.
If
.Fa appname
is
.Dv NULL ,
the standard OpenSSL application name
.Qq openssl_conf
is used.
The behaviour can be customized using
.Fa flags .
.Pp
.Fn CONF_modules_load
is identical to
.Fn CONF_modules_load_file
except it reads configuration information from
.Fa cnf .
.Pp
The following
.Fa flags
are currently recognized:
61
62
63
64
65
66
67







68





















69
70
71
72
73































































74
75
76
77
78
79
80
81
82
.It Dv CONF_MFLAGS_NO_DSO
Disable loading of configuration modules from DSOs.
.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
Let
.Fn CONF_modules_load_file
ignore missing configuration files.
By default, a missing configuration file returns an error.







.El





















.Sh RETURN VALUES
These functions return 1 for success and zero or a negative value for
failure.
If module errors are not ignored, the return code will reflect the return
value of the failing module (this will always be zero or negative).































































.Sh SEE ALSO
.Xr CONF_free 3 ,
.Xr ERR 3 ,
.Xr OPENSSL_config 3
.Sh HISTORY
.Fn CONF_modules_load_file
and
.Fn CONF_modules_load
first appeared in OpenSSL 0.9.7.







>
>
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
.It Dv CONF_MFLAGS_NO_DSO
Disable loading of configuration modules from DSOs.
.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
Let
.Fn CONF_modules_load_file
ignore missing configuration files.
By default, a missing configuration file returns an error.
.It CONF_MFLAGS_DEFAULT_SECTION
If
.Fa appname
is not
.Dv NULL
but does not exist, fall back to the default section
.Qq openssl_conf .
.El
.Pp
By using
.Fn CONF_modules_load_file
with appropriate flags, an application can customise application
configuration to best suit its needs.
In some cases the use of a configuration file is optional and its
absence is not an error: in this case
.Dv CONF_MFLAGS_IGNORE_MISSING_FILE
would be set.
.Pp
Errors during configuration may also be handled differently by
different applications.
For example in some cases an error may simply print out a warning
message and the application may continue.
In other cases an application might consider a configuration file
error fatal and exit immediately.
.Pp
Applications can use the
.Fn CONF_modules_load
function if they wish to load a configuration file themselves and
have finer control over how errors are treated.
.Sh RETURN VALUES
These functions return 1 for success and zero or a negative value for
failure.
If module errors are not ignored, the return code will reflect the return
value of the failing module (this will always be zero or negative).
.Sh FILES
.Bl -tag -width /etc/ssl/openssl.cnf -compact
.It Pa /etc/ssl/openssl.cnf
standard configuration file
.El
.Sh EXAMPLES
Load a configuration file and print out any errors and exit (missing
file considered fatal):
.Bd -literal
if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
	fprintf(stderr, "FATAL: error loading configuration file\n");
	ERR_print_errors_fp(stderr);
	exit(1);
}
.Ed
.Pp
Load default configuration file using the section indicated
by "myapp", tolerate missing files, but exit on other errors:
.Bd -literal
if (CONF_modules_load_file(NULL, "myapp",
    CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
	fprintf(stderr, "FATAL: error loading configuration file\n");
	ERR_print_errors_fp(stderr);
	exit(1);
}
.Ed
.Pp
Load custom configuration file and section, only print warnings on
error, missing configuration file ignored:
.Bd -literal
if (CONF_modules_load_file("/something/app.cnf", "myapp",
    CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
	fprintf(stderr, "WARNING: error loading configuration file\n");
	ERR_print_errors_fp(stderr);
}
.Ed
.Pp
Load and parse configuration file manually, custom error handling:
.Bd -literal
FILE	*fp;
CONF	*cnf = NULL;
long	 eline;

fp = fopen("/somepath/app.cnf", "r");
if (fp == NULL) {
	fprintf(stderr, "Error opening configuration file\n");
	/* Other missing configuration file behaviour */
} else {
	cnf = NCONF_new(NULL);
	if (NCONF_load_fp(cnf, fp, &eline) == 0) {
		fprintf(stderr, "Error on line %ld of configuration file\n",
		    eline);
		ERR_print_errors_fp(stderr);
		/* Other malformed configuration file behaviour */
	} else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
		fprintf(stderr, "Error configuring application\n");
		ERR_print_errors_fp(stderr);
		/* Other configuration error behaviour */
	}
	fclose(fp);
	NCONF_free(cnf);
}
.Ed
.Sh SEE ALSO
.Xr CONF_modules_free 3 ,
.Xr ERR 3 ,
.Xr OPENSSL_config 3
.Sh HISTORY
.Fn CONF_modules_load_file
and
.Fn CONF_modules_load
first appeared in OpenSSL 0.9.7.
Added jni/libressl/man/CRYPTO_get_mem_functions.3.




























































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
.\"	$OpenBSD: CRYPTO_get_mem_functions.3,v 1.2 2016/11/29 21:29:19 jmc Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 29 2016 $
.Dt CRYPTO_GET_MEM_FUNCTIONS 3
.Os
.Sh NAME
.Nm CRYPTO_get_mem_functions ,
.Nm CRYPTO_set_mem_functions ,
.Nm CRYPTO_mem_ctrl ,
.Nm CRYPTO_mem_leaks ,
.Nm CRYPTO_mem_leaks_fp
.Nd legacy OpenSSL memory allocation control
.Sh SYNOPSIS
.In openssl/crypto.h
.Ft void
.Fo CRYPTO_get_mem_functions
.Fa "void *(**m)(size_t)"
.Fa "void *(**r)(void *, size_t)"
.Fa "void (**f)(void *)"
.Fc
.Ft int
.Fo CRYPTO_set_mem_functions
.Fa "void *(*m)(size_t)"
.Fa "void *(*r)(void *, size_t)"
.Fa "void (*f)(void *)"
.Fc
.Ft int
.Fo CRYPTO_mem_ctrl
.Fa "int mode"
.Fc
.Ft void
.Fo CRYPTO_mem_leaks
.Fa "BIO *b"
.Fc
.Ft void
.Fo CRYPTO_mem_leaks_fp
.Fa "FILE *fp"
.Fc
.Sh DESCRIPTION
Do not use any of the interfaces documented here.
They are provided purely for compatibility with legacy application code.
.Pp
.Fn CRYPTO_get_mem_functions
assigns pointers to the C library functions
.Xr malloc 3 ,
.Xr realloc 3 ,
and
.Xr free 3
to those of its arguments that are not
.Dv NULL .
.Pp
.Fn CRYPTO_set_mem_functions ,
.Fn CRYPTO_mem_ctrl ,
.Fn CRYPTO_mem_leaks ,
and
.Fn CRYPTO_mem_leaks_fp
have no effect.
.Sh RETURN VALUES
.Fn CRYPTO_set_mem_functions
always returns 0.
.Pp
.Fn CRYPTO_mem_ctrl
always returns
.Dv CRYPTO_MEM_CHECK_OFF .
Changes to jni/libressl/man/CRYPTO_set_ex_data.3.




































































































1
2
3
4




5
6


7
8
9










































10
11
12
13
14
15
16
17
18
19
20






21
22
23






















24
25




26














































27











































































28
29




30






31


32
33



34
35
36


37
38
39

40
41
42
43
44
45
46
47
48
49




50
51
52
53
54

55

56

57
58

59
60
61
62

63
64
65

66
67
68
69
70




































































































.Dd $Mdocdate: June 16 2014 $
.Dt CRYPTO_SET_EX_DATA 3
.Os
.Sh NAME




.Nm CRYPTO_set_ex_data ,
.Nm CRYPTO_get_ex_data


.Nd internal application specific data functions
.Sh SYNOPSIS
.In openssl/crypto.h










































.Ft int
.Fo CRYPTO_set_ex_data
.Fa "CRYPTO_EX_DATA *r"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft void *
.Fo CRYPTO_get_ex_data
.Fa "CRYPTO_EX_DATA *r"
.Fa "int idx"
.Fc






.Sh DESCRIPTION
Several OpenSSL structures can have application specific data attached
to them.






















These functions are used internally by OpenSSL to manipulate application
specific data attached to a specific structure.




.Pp














































These functions should only be used by applications to manipulate











































































.Vt CRYPTO_EX_DATA
structures passed to the




.Fn new_func ,






.Fn free_func ,


and
.Fn dup_func



callbacks: as passed to
.Xr RSA_get_ex_new_index 3
for example.


.Pp
.Fn CRYPTO_set_ex_data
is used to set application specific data, the data is supplied in the

.Fa arg
parameter and its precise meaning is up to the application.
.Pp
.Fn CRYPTO_get_ex_data
is used to retrieve application specific data.
The data is returned to the application, this will be the same value as
supplied to a previous
.Fn CRYPTO_set_ex_data
call.
.Sh RETURN VALUES




.Fn CRYPTO_set_ex_data
returns 1 on success or 0 on failure.
.Pp
.Fn CRYPTO_get_ex_data
returns the application data or 0 on failure.

0 may also be valid application data but currently it can only fail if

given an invalid

.Fa idx
parameter.

.Pp
On failure an error code can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr DH_get_ex_new_index 3 ,
.Xr DSA_get_ex_new_index 3 ,
.Xr RSA_get_ex_new_index 3

.Sh HISTORY
.Fn CRYPTO_set_ex_data
and
.Fn CRYPTO_get_ex_data
have been available since SSLeay 0.9.0.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



>
>
>
>

|
>
>
|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>











>
>
>
>
>
>


|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
>
>
>
>
|
>
>
>
>
>
>
|
>
>

|
>
>
>
|
<
|
>
>


|
>





|




>
>
>
>




|
>
|
>
|
>
|
<
>




>


|
>





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350

351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382

383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
.\"	$OpenBSD: CRYPTO_set_ex_data.3,v 1.7 2017/01/06 20:35:23 schwarze Exp $
.\"	OpenSSL CRYPTO_get_ex_new_index.pod 35cb565a Nov 19 15:49:30 2015 -0500
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2006 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"	OpenSSL
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
.\" and by Rich Salz <rsalz@akamai.com>.
.\" Copyright (c) 2000, 2006, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt CRYPTO_SET_EX_DATA 3
.Os
.Sh NAME
.Nm CRYPTO_EX_new ,
.Nm CRYPTO_EX_free ,
.Nm CRYPTO_EX_dup ,
.Nm CRYPTO_get_ex_new_index ,
.Nm CRYPTO_set_ex_data ,
.Nm CRYPTO_get_ex_data ,
.Nm CRYPTO_free_ex_data ,
.Nm CRYPTO_new_ex_data
.Nd functions supporting application-specific data
.Sh SYNOPSIS
.In openssl/crypto.h
.Ft int
.Fo CRYPTO_get_ex_new_index
.Fa "int class_index"
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc
.Ft typedef int
.Fo CRYPTO_EX_new
.Fa "void *parent"
.Fa "void *ptr"
.Fa "CRYPTO_EX_DATA *ad"
.Fa "int idx"
.Fa "long argl"
.Fa "void *argp"
.Fc
.Ft typedef void
.Fo CRYPTO_EX_free
.Fa "void *parent"
.Fa "void *ptr"
.Fa "CRYPTO_EX_DATA *ad"
.Fa "int idx"
.Fa "long argl"
.Fa "void *argp"
.Fc
.Ft typedef int
.Fo CRYPTO_EX_dup
.Fa "CRYPTO_EX_DATA *to"
.Fa "const CRYPTO_EX_DATA *from"
.Fa "void *from_d"
.Fa "int idx"
.Fa "long argl"
.Fa "void *argp"
.Fc
.Ft int
.Fo CRYPTO_new_ex_data
.Fa "int class_index"
.Fa "void *obj"
.Fa "CRYPTO_EX_DATA *ad"
.Fc
.Ft int
.Fo CRYPTO_set_ex_data
.Fa "CRYPTO_EX_DATA *r"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft void *
.Fo CRYPTO_get_ex_data
.Fa "CRYPTO_EX_DATA *r"
.Fa "int idx"
.Fc
.Ft void
.Fo CRYPTO_free_ex_data
.Fa "int class_index"
.Fa "void *obj"
.Fa "CRYPTO_EX_DATA *r"
.Fc
.Sh DESCRIPTION
Several OpenSSL structures can have application specific data attached
to them, known as "exdata".
The specific structures are:
.Bd -literal
    SSL
    SSL_CTX
    SSL_SESSION
    X509
    X509_STORE
    X509_STORE_CTX
    DH
    DSA
    RSA
    ENGINE
    UI
    BIO
.Ed
.Pp
Each is identified by a
.Dv CRYPTO_EX_INDEX_*
constant defined in the
.In openssl/crypto.h
header file.
.Pp
The API described here is used by OpenSSL to manipulate exdata for
specific structures.
Since the application data can be anything at all it is passed and
retrieved as a
.Vt void *
type.
.Pp
The
.Vt CRYPTO_EX_DATA
type is opaque.
To initialize the exdata part of a structure, call
.Fn CRYPTO_new_ex_data .
.Pp
Exdata types are identified by an index, an integer guaranteed to
be unique within structures for the lifetime of the program.
Applications using exdata typically call
.Fn CRYPTO_get_ex_new_index
at startup and store the result in a global variable, or write a
wrapper function to provide lazy evaluation.
The
.Fa class_index
should be one of the
.Dv CRYPTO_EX_INDEX_*
values.
The
.Fa argl
and
.Fa argp
parameters are saved to be passed to the callbacks but are otherwise not
used.
In order to transparently manipulate exdata, three callbacks must be
provided.
The semantics of those callbacks are described below.
.Pp
When copying or releasing objects with exdata, the callback functions
are called in increasing order of their index value.
.Pp
To set or get the exdata on an object, the appropriate type-specific
routine must be used.
This is because the containing structure is opaque and the
.Vt CRYPTO_EX_DATA
field is not accessible.
In both APIs, the
.Fa idx
parameter should be an already-created index value.
.Pp
When setting exdata, the pointer specified with a particular index is
saved, and returned on a subsequent "get" call.
If the application is going to release the data, it must make sure to
set a
.Dv NULL
value at the index, to avoid likely double-free crashes.
.Pp
The function
.Fn CRYPTO_free_ex_data
is used to free all exdata attached to a structure.
The appropriate type-specific routine must be used.
The
.Fa class_index
identifies the structure type, the
.Fa obj
is be the pointer to the actual structure, and
.Fa r
is a pointer to the structure's exdata field.
.Pp
The callback functions are used as follows.
.Pp
When a structure is initially allocated (such as by
.Xr RSA_new 3 ) ,
then
.Fa new_func
is called for every defined index.
There is no requirement that the entire parent, or containing, structure
has been set up.
The
.Fa new_func
is typically used only to allocate memory to store the
exdata, and perhaps an "initialized" flag within that memory.
The exdata value should be set by calling
.Fn CRYPTO_set_ex_data .
.Pp
When a structure is free'd (such as by
.Xr SSL_CTX_free 3 ) ,
then the
.Fa free_func
is called for every defined index.
Again, the state of the parent structure is not guaranteed.
The
.Fa free_func
may be called with a
.Dv NULL
pointer.
.Pp
Both
.Fa new_func
and
.Fa free_func
take the same parameters.
The
.Fa parent
is the pointer to the structure that contains the exdata.
The
.Fa ptr
is the current exdata item; for
.Fa new_func
this will typically be
.Dv NULL .
The
.Fa r
parameter is a pointer to the exdata field of the object.
The
.Fa idx
is the index and is the value returned when the callbacks were initially
registered via
.Fn CRYPTO_get_ex_new_index
and can be used if the same callback handles different types of exdata.
.Pp
.Fa dup_func
is called when a structure is being copied.
This is only done for
.Vt SSL
and
.Vt SSL_SESSION
objects.
The
.Fa to
and
.Fa from
parameters are pointers to the destination and source
.Vt CRYPTO_EX_DATA
structures, respectively.
The
.Fa from_d
parameter is a pointer to the source exdata.
When
.Fa dup_func
returns, the value in
.Fa from_d
is copied to the destination ex_data.
If the pointer contained in
.Fa from_d
is not modified by the
.Fa dup_func ,
then both
.Fa to
and
.Fa from
will point to the same data.
The
.Fa idx ,
.Fa argl

and
.Fa argp
parameters are as described for the other two callbacks.
.Pp
.Fn CRYPTO_set_ex_data
is used to set application specific data.
The data is supplied in the
.Fa arg
parameter and its precise meaning is up to the application.
.Pp
.Fn CRYPTO_get_ex_data
is used to retrieve application specific data.
The data is returned to the application; this will be the same value as
supplied to a previous
.Fn CRYPTO_set_ex_data
call.
.Sh RETURN VALUES
.Fn CRYPTO_get_ex_new_index
returns a new index or -1 on failure; the value 0 is reserved for
the legacy "app_data" APIs.
.Pp
.Fn CRYPTO_set_ex_data
returns 1 on success or 0 on failure.
.Pp
.Fn CRYPTO_get_ex_data
returns the application data or
.Dv NULL
on failure; note that
.Dv NULL
may be a valid value.
.Pp
.Fa dup_func

should return 0 for failure and 1 for success.
.Pp
On failure an error code can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BIO_get_ex_new_index 3 ,
.Xr DH_get_ex_new_index 3 ,
.Xr DSA_get_ex_new_index 3 ,
.Xr RSA_get_ex_new_index 3 ,
.Xr X509_STORE_CTX_get_ex_new_index 3
.Sh HISTORY
.Fn CRYPTO_set_ex_data
and
.Fn CRYPTO_get_ex_data
have been available since SSLeay 0.9.0.
Changes to jni/libressl/man/CRYPTO_set_locking_callback.3.





















































1
2
3
4


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32





















































.Dd $Mdocdate: November 11 2015 $
.Dt CRYPTO_SET_LOCKING_CALLBACK 3
.Os
.Sh NAME


.Nm CRYPTO_THREADID_set_callback ,
.Nm CRYPTO_THREADID_get_callback ,
.Nm CRYPTO_THREADID_current ,
.Nm CRYPTO_THREADID_cmp ,
.Nm CRYPTO_THREADID_cpy ,
.Nm CRYPTO_THREADID_hash ,
.Nm CRYPTO_set_locking_callback ,
.Nm CRYPTO_num_locks ,
.Nm CRYPTO_set_dynlock_create_callback ,
.Nm CRYPTO_set_dynlock_lock_callback ,
.Nm CRYPTO_set_dynlock_destroy_callback ,
.Nm CRYPTO_get_new_dynlockid ,
.Nm CRYPTO_destroy_dynlockid ,
.Nm CRYPTO_lock ,
.Nm CRYPTO_w_lock ,
.Nm CRYPTO_w_unlock ,
.Nm CRYPTO_r_lock ,
.Nm CRYPTO_r_unlock ,
.Nm CRYPTO_add ,
.Nm CRYPTO_add_lock ,
.Nm CRYPTO_set_id_callback
.Nd OpenSSL thread support
.Sh SYNOPSIS
.In openssl/crypto.h
.Bd -literal
/* Don't use this structure directly. */
typedef struct crypto_threadid_st {
	void *ptr;
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



>
>






<











<
|
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

66
67
68
69
70
71
72
73
74
75
76

77

78
79
80
81
82
83
84
.\"	$OpenBSD: CRYPTO_set_locking_callback.3,v 1.5 2016/11/23 16:28:23 schwarze Exp $
.\"	OpenSSL doc/crypto/threads.pod fb552ac6 Sep 30 23:43:01 2009 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,
.\" Richard Levitte <levitte@openssl.org>, Bodo Moeller <bodo@openssl.org>,
.\" and Geoff Thorpe <geoff@openssl.org>.
.\" Copyright (c) 2000, 2001, 2005, 2006, 2008, 2009 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 23 2016 $
.Dt CRYPTO_SET_LOCKING_CALLBACK 3
.Os
.Sh NAME
.Nm CRYPTO_THREADID_set_numeric ,
.Nm CRYPTO_THREADID_set_pointer ,
.Nm CRYPTO_THREADID_set_callback ,
.Nm CRYPTO_THREADID_get_callback ,
.Nm CRYPTO_THREADID_current ,
.Nm CRYPTO_THREADID_cmp ,
.Nm CRYPTO_THREADID_cpy ,
.Nm CRYPTO_THREADID_hash ,

.Nm CRYPTO_num_locks ,
.Nm CRYPTO_set_dynlock_create_callback ,
.Nm CRYPTO_set_dynlock_lock_callback ,
.Nm CRYPTO_set_dynlock_destroy_callback ,
.Nm CRYPTO_get_new_dynlockid ,
.Nm CRYPTO_destroy_dynlockid ,
.Nm CRYPTO_lock ,
.Nm CRYPTO_w_lock ,
.Nm CRYPTO_w_unlock ,
.Nm CRYPTO_r_lock ,
.Nm CRYPTO_r_unlock ,

.Nm CRYPTO_add

.Nd OpenSSL thread support
.Sh SYNOPSIS
.In openssl/crypto.h
.Bd -literal
/* Don't use this structure directly. */
typedef struct crypto_threadid_st {
	void *ptr;
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
.Vt long
variables and the platform's thread IDs are pointer-based \(em in
this case, mixing is done to attempt to produce a unique numeric
value even though it is not as wide as the platform's true thread
IDs.
.El
.Pp
Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
of OpenSSL need it for better performance.
To enable this, the following is required:
.Bl -bullet
.It
Three additional callback functions,
.Fn dyn_create_function ,
.Fn dyn_lock_function ,







|







257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
.Vt long
variables and the platform's thread IDs are pointer-based \(em in
this case, mixing is done to attempt to produce a unique numeric
value even though it is not as wide as the platform's true thread
IDs.
.El
.Pp
Additionally, OpenSSL supports dynamic locks and, sometimes, some parts
of OpenSSL need it for better performance.
To enable this, the following is required:
.Bl -bullet
.It
Three additional callback functions,
.Fn dyn_create_function ,
.Fn dyn_lock_function ,
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308








309
310
311
312
313
314
315
should not be used together):
.Bd -literal -offset indent
CRYPTO_LOCK	0x01
CRYPTO_UNLOCK	0x02
CRYPTO_READ	0x04
CRYPTO_WRITE	0x08
.Ed
.Sh RETURN VALUES
.Fn CRYPTO_num_locks
returns the required number of locks.
.Pp
.Fn CRYPTO_get_new_dynlockid
returns the index to the newly created lock.
.Pp
The other functions return no values.
.Sh NOTES
You can find out if OpenSSL was configured with thread support:
.Bd -literal -offset indent
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>
#if defined(OPENSSL_THREADS)
	/* thread support enabled */
#else
	/* no thread support */
#endif
.Ed
.Pp
Also, dynamic locks are currently not used internally by OpenSSL, but
may do so in the future.








.Sh EXAMPLES
.Pa crypto/threads/mttest.c
shows examples of the callback functions on Solaris, Irix and Win32.
.Sh SEE ALSO
.Xr crypto 3
.Sh HISTORY
.Fn CRYPTO_set_locking_callback







<
<
<

<
<
<
<
<













>
>
>
>
>
>
>
>







332
333
334
335
336
337
338



339





340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
should not be used together):
.Bd -literal -offset indent
CRYPTO_LOCK	0x01
CRYPTO_UNLOCK	0x02
CRYPTO_READ	0x04
CRYPTO_WRITE	0x08
.Ed



.Pp





You can find out if OpenSSL was configured with thread support:
.Bd -literal -offset indent
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>
#if defined(OPENSSL_THREADS)
	/* thread support enabled */
#else
	/* no thread support */
#endif
.Ed
.Pp
Also, dynamic locks are currently not used internally by OpenSSL, but
may do so in the future.
.Sh RETURN VALUES
.Fn CRYPTO_num_locks
returns the required number of locks.
.Pp
.Fn CRYPTO_get_new_dynlockid
returns the index to the newly created lock.
.Pp
The other functions return no values.
.Sh EXAMPLES
.Pa crypto/threads/mttest.c
shows examples of the callback functions on Solaris, Irix and Win32.
.Sh SEE ALSO
.Xr crypto 3
.Sh HISTORY
.Fn CRYPTO_set_locking_callback
Changes to jni/libressl/man/DES_set_key.3.
1

2

3
4
5
6
7


8


9
10


11




12




13



14
15



16




17
18
19
20
21
22









23
24
25
26
27
28
29
30
31

32
33



34






35


36
37
38
39
40
41
42
43
44
45


46








47






48


49
50
51





52
53


54
55

56
57
58
59
60
61
62


63
64
65
66
67
68
69
70
71
























72











73
74
75
76

77




78
79
80




81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96







97



98
















99
100
101
102


103
104
105

106

107
108
109


110




111

112
113



114



115


116

117


118
119




120


121
122
123
124
125



126


127

128



129


130



131
132



133


134

135
136




137
138

139
140
141
142




143
144
145
146
147

148
149

150



151


152

153

154



155

156
157
158
159
160
161
162





163


164


165





166

167



168
169



























170
171



172
173
174
175



176
177
178

179

180
181
182
183

184
185
186
187
188
189
190
191

192
193
194










195

















196

197

198

199
200
201
202
203

204



205
206
207
208

209
210
211
212
213



214
215
216

217


218
219

220




221



222
223
224
225
226
227
228
229
230

231
232
233
234
235
236





237

238

239
240
241
242



243
244
245
246
247
248
249
250
251
252



253
254

255
256
257


258

259
260
261
262
263
264


















265
266




267
268
269
270
271
272






273
274
275





276
277


278
279
280


281



282
283
284

285
286

287


288
289
290

291

292
293
294







295
296

297
298
299
300


301





























302

303
304


305

306
307

308

309

310




311
312
313
314
315

316


317

318
319
320
321
322

323

324


325
326
327
328
329
330
331
332
333
334
335
336
337
338
339


340


341
342


343





344
345
346
347

348
349
350
351
352
353


354


355





356

357
358
359
360


361
362
363

364
365
366
367
368
369


370
371


372






373








374
375
376
377
378
379


380
381
382
383
384
385
386
387
388
389
390
391


392
393
394

395

396
397


398
399

400
401
402
403









404

405


406















.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"

.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp


..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R



.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,









.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""



.    ds C' ""






'br\}


.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.


.ie \n(.g .ds Aq \(aq








.el       .ds Aq '






.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the





.\" output yourself in some meaningful fashion.
.\"


.\" Avoid warning from groff about undefined register 'F'.
.de IX

..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
























.\"











.IX Title "DES_set_key 3"
.TH DES_set_key 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l




.nh
.SH "NAME"
DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,




DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write \- DES encryption
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/des.h>
\&
\& void DES_random_key(DES_cblock *ret);
\&
\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);







\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);



\& int DES_set_key_checked(const_DES_cblock *key,
















\&        DES_key_schedule *schedule);
\& void DES_set_key_unchecked(const_DES_cblock *key,
\&        DES_key_schedule *schedule);
\&


\& void DES_set_odd_parity(DES_cblock *key);
\& int DES_is_weak_key(const_DES_cblock *key);
\&

\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,

\&        DES_key_schedule *ks, int enc);
\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
\&        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);


\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,




\&        DES_key_schedule *ks1, DES_key_schedule *ks2,

\&        DES_key_schedule *ks3, int enc);
\&



\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,



\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,


\&        int enc);

\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,


\&        int numbits, long length, DES_key_schedule *schedule,
\&        DES_cblock *ivec, int enc);




\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,


\&        int numbits, long length, DES_key_schedule *schedule,
\&        DES_cblock *ivec);
\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,
\&        int enc);



\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,


\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,

\&        int *num, int enc);



\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,


\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,



\&        int *num);
\&



\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,


\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,

\&        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
\&




\& void DES_ede2_cbc_encrypt(const unsigned char *input,
\&        unsigned char *output, long length, DES_key_schedule *ks1,

\&        DES_key_schedule *ks2, DES_cblock *ivec, int enc);
\& void DES_ede2_cfb64_encrypt(const unsigned char *in,
\&        unsigned char *out, long length, DES_key_schedule *ks1,
\&        DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);




\& void DES_ede2_ofb64_encrypt(const unsigned char *in,
\&        unsigned char *out, long length, DES_key_schedule *ks1,
\&        DES_key_schedule *ks2, DES_cblock *ivec, int *num);
\&
\& void DES_ede3_cbc_encrypt(const unsigned char *input,

\&        unsigned char *output, long length, DES_key_schedule *ks1,
\&        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,

\&        int enc);



\& void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,


\&        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,

\&        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,

\&        int enc);



\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,

\&        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
\&        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
\&        long length, DES_key_schedule *ks1,
\&        DES_key_schedule *ks2, DES_key_schedule *ks3,
\&        DES_cblock *ivec, int *num);
\&





\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,


\&        long length, DES_key_schedule *schedule,


\&        const_DES_cblock *ivec);





\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],

\&        long length, int out_count, DES_cblock *seed);



\& void DES_string_to_key(const char *str, DES_cblock *key);
\& void DES_string_to_2keys(const char *str, DES_cblock *key1,



























\&        DES_cblock *key2);
\&



\& char *DES_fcrypt(const char *buf, const char *salt, char *ret);
\& char *DES_crypt(const char *buf, const char *salt);
\&
\& int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,



\&        DES_cblock *iv);
\& int DES_enc_write(int fd, const void *buf, int len,
\&        DES_key_schedule *sched, DES_cblock *iv);

.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This library contains a fast implementation of the \s-1DES\s0 encryption
algorithm.

.PP
There are two phases to the use of \s-1DES\s0 encryption.  The first is the
generation of a \fIDES_key_schedule\fR from a key, the second is the
actual encryption.  A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is
consists of 8 bytes with odd parity.  The least significant bit in
each byte is the parity bit.  The key schedule is an expanded form of
the key; it is used to speed the encryption process.
.PP

\&\fIDES_random_key()\fR generates a random key in odd parity.
.PP
Before a \s-1DES\s0 key can be used, it must be converted into the










architecture dependent \fIDES_key_schedule\fR via the

















\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function.

.PP

\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity

and is not a week or semi-weak key.  If the parity is wrong, then \-1
is returned.  If the key is a weak key, then \-2 is returned.  If an
error is returned, the key schedule is not generated.
.PP
\&\fIDES_set_key()\fR works like

\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero,



otherwise like \fIDES_set_key_unchecked()\fR.  These functions are available
for compatibility; it is recommended to use a function that does not
depend on a global variable.
.PP

\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd.
.PP
\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it
is ok.
.PP



The following routines mostly operate on an input and output stream of
\&\fIDES_cblock\fRs.
.PP

\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or


decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR
(\s-1ECB\s0) mode.  It always transforms the input data, pointed to by

\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument.




If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR



(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the
key_schedule specified by the \fIschedule\fR argument, previously set via
\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now
ciphertext) is decrypted into the \fIoutput\fR (now cleartext).  Input
and output may overlap.  \fIDES_ecb_encrypt()\fR does not return a value.
.PP
\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using
three-key Triple-DES encryption in \s-1ECB\s0 mode.  This involves encrypting
the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and

then encrypting with \fIks3\fR.  This routine greatly reduces the chances
of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR,
\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption
using \s-1ECB\s0 mode and \fIks1\fR as the key.
.PP
The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES





encryption by using \fIks1\fR for the final encryption.

.PP

\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the
routine cipher-block-chain encrypts the cleartext data pointed to by
the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR



argument, using the key schedule provided by the \fIschedule\fR argument,
and initialization vector provided by the \fIivec\fR argument.  If the
\&\fIlength\fR argument is not an integral multiple of eight bytes, the
last block is copied to a temporary area and zero filled.  The output
is always an integral multiple of eight bytes.
.PP
\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and
\&\fIoutw\fR to 'whiten' the encryption.  \fIinw\fR and \fIoutw\fR are secret
(unlike the iv) and are as such, part of the key.  So the key is sort
of 24 bytes.  This is much better than \s-1CBC DES.\s0



.PP
\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with

three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR.  This mode is used by \s-1SSL.\s0
.PP


The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by

reusing \fIks1\fR for the final encryption.  \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
This form of Triple-DES is used by the \s-1RSAREF\s0 library.
.PP
\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block
chaining mode used by Kerberos v4. Its parameters are the same as
\&\fIDES_ncbc_encrypt()\fR.


















.PP
\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode.  This




method takes an array of characters as input and outputs and array of
characters.  It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function.  Since this function runs
a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
suggested for use when sending small numbers of characters.






.PP
\&\fIDES_cfb64_encrypt()\fR
implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback.  Why is this





useful you ask?  Because this routine will allow you to encrypt an
arbitrary number of bytes, no 8 byte padding.  Each call to this


routine will encrypt the input bytes to output and then update ivec
and num.  num contains 'how far' we are though ivec.  If this does
not make much sense, read more about cfb mode of \s-1DES :\-\s0).


.PP



\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
.PP

\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode.  This method
takes an array of characters as input and outputs and array of

characters.  It does not require any padding to 8 character groups.


Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function.  Since this function runs
a complete \s-1DES ECB\s0 encryption per numbits, this function is only

suggested for use when sending small numbers of characters.

.PP
\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
Feed Back mode.







.PP
\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as

\&\fIDES_ofb64_encrypt()\fR, using Triple-DES.
.PP
The following functions are included in the \s-1DES\s0 library for
compatibility with the \s-1MIT\s0 Kerberos library.


.PP





























\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream

(via \s-1CBC\s0 encryption).  The last 4 bytes of the checksum are returned
and the complete 8 bytes are placed in \fIoutput\fR. This function is


used by Kerberos v4.  Other applications should use

\&\fIEVP_DigestInit\fR\|(3) etc. instead.
.PP

\&\fIDES_quad_cksum()\fR is a Kerberos v4 function.  It returns a 4 byte

checksum from the input bytes.  The algorithm can be iterated over the

input, depending on \fIout_count\fR, 1, 2, 3 or 4 times.  If \fIoutput\fR is




non-NULL, the 8 bytes generated by each pass are written into
\&\fIoutput\fR.
.PP
The following are DES-based transformations:
.PP

\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function.  This


version takes only a small amount of space relative to other fast

\&\fIcrypt()\fR implementations.  This is different to the normal crypt in
that the third parameter is the buffer that the return value is
written into.  It needs to be at least 14 bytes long.  This function
is thread safe, unlike the normal crypt.
.PP

\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR.

This function calls \fIDES_fcrypt()\fR with a static array passed as the


third parameter.  This emulates the normal non-thread safe semantics
of \fIcrypt\fR\|(3).
.PP
\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from
buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default)
using \fIsched\fR for the key and \fIiv\fR as a starting vector.  The actual
data send down \fIfd\fR consists of 4 bytes (in network byte order)
containing the length of the following encrypted data.  The encrypted
data then follows, padded with random data out to a multiple of 8
bytes.
.PP
\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor
\&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to
have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for
the key schedule and \fIiv\fR for the initial vector.


.PP


\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR
has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0


bytes, \fIDES_enc_write()\fR will split the data into several chunks that





are all encrypted using the same \s-1IV. \s0 So don't use these functions
unless you are sure you know what you do (in which case you might not
want to use them anyway).  They cannot handle non-blocking sockets.
\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on

multiple files.
.PP
\&\fIDES_rw_mode\fR is used to specify the encryption mode to use with
\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR.  If set to \fI\s-1DES_PCBC_MODE\s0\fR (the
default), DES_pcbc_encrypt is used.  If set to \fI\s-1DES_CBC_MODE\s0\fR
DES_cbc_encrypt is used.


.SH "NOTES"


.IX Header "NOTES"





Single-key \s-1DES\s0 is insecure due to its short key size.  \s-1ECB\s0 mode is

not suitable for most applications.
.PP
The \fIevp\fR\|(3) library provides higher-level encryption functions.
.SH "BUGS"


.IX Header "BUGS"
\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR
instead.

.PP
\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits.
What this means is that if you set numbits to 12, and length to 2, the
first 12 bits will come from the 1st input byte and the low half of
the second input byte.  The second 12 bits will have the low 8 bits
taken from the 3rd input byte and the top 4 bits taken from the 4th


input byte.  The same holds for output.  This function has been
implemented this way because most people will be using a multiple of 8


and because once you get into pulling bytes input bytes apart things






get ugly!








.PP
\&\fIDES_string_to_key()\fR is available for backward compatibility with the
\&\s-1MIT\s0 library.  New applications should use a cryptographic hash function.
The same applies for \fIDES_string_to_2key()\fR.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"


\&\s-1ANSI X3.106\s0
.PP
The \fBdes\fR library was initially written to be source code compatible with
the \s-1MIT\s0 Kerberos library.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrypt\fR\|(3), \fIevp\fR\|(3), \fIrand\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid
clashes with older versions of libdes.
.PP


\&\fIDES_set_key_checked()\fR and \fIDES_set_key_unchecked()\fR were added in
OpenSSL 0.9.5.
.PP

\&\fIdes_generate_random_block()\fR, \fIdes_init_random_number_generator()\fR,

\&\fIdes_new_random_key()\fR, \fIdes_set_random_generator_seed()\fR and
\&\fIdes_set_sequence_number()\fR and \fIdes_rand_data()\fR are used in newer


versions of Kerberos but are not implemented here.
.PP

\&\fIDES_random_key()\fR generated cryptographically weak random data in
SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
\&\s-1MIT\s0 library.
.SH "AUTHOR"









.IX Header "AUTHOR"

Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project


(http://www.openssl.org).















|
>

>
|
<
<
|
|
>
>
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
|
>
>
>
|
>
>
>
>
|
<
<
<
<
<
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
>
|
|
>
>
>
|
>
>
>
>
>
>
|
>
>
|
|
|
|
<
<
<
<

<
>
>
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>

>
>
|
|
|
>
>
>
>
>
|

>
>
|
<
>
|
<
<
<
<
<
<
>
>
|
<
<
<
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
|
<
<
>
|
>
>
>
>
|
|
|
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
|
>
>
>
>
>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
<
>
>
|
|
<
>
|
>
|
|
|
>
>
|
>
>
>
>
|
>
|
<
>
>
>
|
>
>
>
|
>
>
|
>
|
>
>
|
|
>
>
>
>
|
>
>
|
|
|
<
|
>
>
>
|
>
>
|
>
|
>
>
>
|
>
>
|
>
>
>
|
<
>
>
>
|
>
>
|
>
|
<
>
>
>
>
|
|
>
|
<
|
|
>
>
>
>
|
|
<
<
|
>
|
|
>
|
>
>
>
|
>
>
|
>
|
>
|
>
>
>
|
>
|
|
<
|
|
|
<
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
>
>
|
>
|
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
>
|
|
<
<
>
>
>
|
|
<
>
|
>
|
|
<
<
>
|
<
|
|
<
<
<
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
|
|
|
|
|
>
|
>
>
>
|
|
|
|
>
|
|
<
|
|
>
>
>

|
|
>
|
>
>
|
|
>
|
>
>
>
>
|
>
>
>
|
<
<
<
<
|
|
<
|
>
|
|
|
|
|
|
>
>
>
>
>
|
>
|
>
|
<
<
|
>
>
>
|
<
<
<
<
|
|
|
|
|
>
>
>
|
|
>
|
<
|
>
>
|
>
|
<
|
<
<
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
|
<
<
<
|
<
>
>
>
>
>
>
|
|
|
>
>
>
>
>
|
<
>
>
|
<
<
>
>
|
>
>
>
|
|
|
>
|
|
>
|
>
>
|
|
|
>
|
>
|
|
|
>
>
>
>
>
>
>
|
|
>
|
<
<
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
>
>
|
>
|
|
>
|
>
|
>
|
>
>
>
>
|
|
|

|
>
|
>
>
|
>
|
|
|
|
|
>
|
>
|
>
>
|
|
|
<
<
<
<
<
<
<
<
<
<
|
|
>
>
|
>
>
|
|
>
>
|
>
>
>
>
>
|
<
<
<
>
|
|
<
|
<
|
>
>
|
>
>
|
>
>
>
>
>
|
>
|
|
<
|
>
>
|
<
|
>
|
<
<
|
<
<
>
>
|
<
>
>
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
<
<
|
<
|
>
>
|
|
|
|
<
<
<
|
<
|

|
>
>
|
|
|
>
|
>
|
|
>
>
|
|
>
|
|
<
|
>
>
>
>
>
>
>
>
>
|
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41





42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79




80

81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

115
116






117
118
119



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162


163
164
165
166
167
168
169
170
171
172
173
174
175
176












177

178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

210
211
212
213

214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229

230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

278
279
280
281
282
283
284
285
286

287
288
289
290
291
292
293
294

295
296
297
298
299
300
301
302


303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326

327
328
329

330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353

354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381

382
383
384
385
386


387
388
389
390
391

392
393
394
395
396


397
398

399
400



401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456

457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481




482
483

484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501


502
503
504
505
506




507
508
509
510
511
512
513
514
515
516
517
518

519
520
521
522
523
524

525


526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551



552

553
554
555
556
557
558
559
560
561
562
563
564
565
566
567

568
569
570


571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606


607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684










685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702



703
704
705

706

707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722

723
724
725
726

727
728
729


730


731
732
733

734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752


753

754
755
756
757
758
759
760



761

762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781

782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
.\"	$OpenBSD: DES_set_key.3,v 1.7 2017/02/09 03:43:05 dtucker Exp $
.\"	OpenSSL c7497f34 Aug 14 10:50:26 2014 -0400
.\"
.\" --------------------------------------------------------------------------
.\" Major patches to this file were contributed by


.\" Ulf Moeller <ulf@openssl.org>, Ben Laurie <ben@openssl.org>,
.\" and Richard Levitte <levitte@openssl.org>.
.\" --------------------------------------------------------------------------
.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"





.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" --------------------------------------------------------------------------
.\" Parts of this file are derived from SSLeay documentation,
.\" which is covered by the following Copyright and license:
.\" --------------------------------------------------------------------------
.\"
.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com)
.\" All rights reserved.
.\"
.\" This package is an SSL implementation written
.\" by Eric Young (eay@cryptsoft.com).
.\" The implementation was written so as to conform with Netscapes SSL.
.\"
.\" This library is free for commercial and non-commercial use as long as
.\" the following conditions are aheared to.  The following conditions
.\" apply to all code found in this distribution, be it the RC4, RSA,
.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
.\" included with this distribution is covered by the same copyright terms
.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
.\"
.\" Copyright remains Eric Young's, and as such any Copyright notices in
.\" the code are not to be removed.
.\" If this package is used in a product, Eric Young should be given
.\" attribution as the author of the parts of the library used.
.\" This can be in the form of a textual message at program startup or
.\" in documentation (online or textual) provided with the package.




.\"

.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"    "This product includes cryptographic software written by
.\"     Eric Young (eay@cryptsoft.com)"
.\"    The word 'cryptographic' can be left out if the rouines from the
.\"    library being used are not cryptographic related :-).
.\" 4. If you include any Windows specific code (or a derivative thereof)
.\"    from the apps directory (application code) you must include an
.\"    acknowledgement: "This product includes software written by
.\"    Tim Hudson (tjh@cryptsoft.com)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" The licence and distribution terms for any publically available version or
.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
.\" copied and put under another distribution licence

.\" [including the GNU Public Licence.]
.\"






.Dd $Mdocdate: February 9 2017 $
.Dt DES_SET_KEY 3
.Os



.Sh NAME
.Nm DES_random_key ,
.Nm DES_set_key ,
.Nm DES_key_sched ,
.Nm DES_set_key_checked ,
.Nm DES_set_key_unchecked ,
.Nm DES_set_odd_parity ,
.Nm DES_is_weak_key ,
.Nm DES_ecb_encrypt ,
.Nm DES_ecb2_encrypt ,
.Nm DES_ecb3_encrypt ,
.Nm DES_ncbc_encrypt ,
.Nm DES_cfb_encrypt ,
.Nm DES_ofb_encrypt ,
.Nm DES_pcbc_encrypt ,
.Nm DES_cfb64_encrypt ,
.Nm DES_ofb64_encrypt ,
.Nm DES_xcbc_encrypt ,
.Nm DES_ede2_cbc_encrypt ,
.Nm DES_ede2_cfb64_encrypt ,
.Nm DES_ede2_ofb64_encrypt ,
.Nm DES_ede3_cbc_encrypt ,
.Nm DES_ede3_cbcm_encrypt ,
.Nm DES_ede3_cfb64_encrypt ,
.Nm DES_ede3_ofb64_encrypt ,
.Nm DES_cbc_cksum ,
.Nm DES_quad_cksum ,
.Nm DES_string_to_key ,
.Nm DES_string_to_2keys ,
.Nm DES_fcrypt ,
.Nm DES_crypt ,
.Nm DES_enc_read ,
.Nm DES_enc_write
.Nd DES encryption
.Sh SYNOPSIS
.In openssl/des.h
.Ft void
.Fo DES_random_key
.Fa "DES_cblock *ret"
.Fc
.Ft int
.Fo DES_set_key
.Fa "const_DES_cblock *key"


.Fa "DES_key_schedule *schedule"
.Fc
.Ft int
.Fo DES_key_sched
.Fa "const_DES_cblock *key"
.Fa "DES_key_schedule *schedule"
.Fc
.Ft int
.Fo DES_set_key_checked
.Fa "const_DES_cblock *key"
.Fa "DES_key_schedule *schedule"
.Fc
.Ft void
.Fo DES_set_key_unchecked












.Fa "const_DES_cblock *key"

.Fa "DES_key_schedule *schedule"
.Fc
.Ft void
.Fo DES_set_odd_parity
.Fa "DES_cblock *key"
.Fc
.Ft int
.Fo DES_is_weak_key
.Fa "const_DES_cblock *key"
.Fc
.Ft void
.Fo DES_ecb_encrypt
.Fa "const_DES_cblock *input"
.Fa "DES_cblock *output"
.Fa "DES_key_schedule *ks"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_ecb2_encrypt
.Fa "const_DES_cblock *input"
.Fa "DES_cblock *output"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_ecb3_encrypt
.Fa "const_DES_cblock *input"
.Fa "DES_cblock *output"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "DES_key_schedule *ks3"

.Fa "int enc"
.Fc
.Ft void
.Fo DES_ncbc_encrypt

.Fa "const unsigned char *input"
.Fa "unsigned char *output"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_cfb_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "int numbits"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fa "int enc"

.Fc
.Ft void
.Fo DES_ofb_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "int numbits"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fc
.Ft void
.Fo DES_pcbc_encrypt
.Fa "const unsigned char *input"
.Fa "unsigned char *output"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_cfb64_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fa "int *num"

.Fa "int enc"
.Fc
.Ft void
.Fo DES_ofb64_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fa "int *num"
.Fc
.Ft void
.Fo DES_xcbc_encrypt
.Fa "const unsigned char *input"
.Fa "unsigned char *output"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "DES_cblock *ivec"
.Fa "const_DES_cblock *inw"
.Fa "const_DES_cblock *outw"
.Fa "int enc"

.Fc
.Ft void
.Fo DES_ede2_cbc_encrypt
.Fa "const unsigned char *input"
.Fa "unsigned char *output"
.Fa "long length"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "DES_cblock *ivec"

.Fa "int enc"
.Fc
.Ft void
.Fo DES_ede2_cfb64_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *ks1"

.Fa "DES_key_schedule *ks2"
.Fa "DES_cblock *ivec"
.Fa "int *num"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_ede2_ofb64_encrypt
.Fa "const unsigned char *in"


.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "DES_cblock *ivec"
.Fa "int *num"
.Fc
.Ft void
.Fo DES_ede3_cbc_encrypt
.Fa "const unsigned char *input"
.Fa "unsigned char *output"
.Fa "long length"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "DES_key_schedule *ks3"
.Fa "DES_cblock *ivec"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_ede3_cbcm_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *ks1"

.Fa "DES_key_schedule *ks2"
.Fa "DES_key_schedule *ks3"
.Fa "DES_cblock *ivec1"

.Fa "DES_cblock *ivec2"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_ede3_cfb64_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "DES_key_schedule *ks3"
.Fa "DES_cblock *ivec"
.Fa "int *num"
.Fa "int enc"
.Fc
.Ft void
.Fo DES_ede3_ofb64_encrypt
.Fa "const unsigned char *in"
.Fa "unsigned char *out"
.Fa "long length"
.Fa "DES_key_schedule *ks1"
.Fa "DES_key_schedule *ks2"
.Fa "DES_key_schedule *ks3"
.Fa "DES_cblock *ivec"

.Fa "int *num"
.Fc
.Ft DES_LONG
.Fo DES_cbc_cksum
.Fa "const unsigned char *input"
.Fa "DES_cblock *output"
.Fa "long length"
.Fa "DES_key_schedule *schedule"
.Fa "const_DES_cblock *ivec"
.Fc
.Ft DES_LONG
.Fo DES_quad_cksum
.Fa "const unsigned char *input"
.Fa "DES_cblock output[]"
.Fa "long length"
.Fa "int out_count"
.Fa "DES_cblock *seed"
.Fc
.Ft void
.Fo DES_string_to_key
.Fa "const char *str"
.Fa "DES_cblock *key"
.Fc
.Ft void
.Fo DES_string_to_2keys
.Fa "const char *str"
.Fa "DES_cblock *key1"
.Fa "DES_cblock *key2"

.Fc
.Ft char *
.Fo DES_fcrypt
.Fa "const char *buf"
.Fa "const char *salt"


.Fa "char *ret"
.Fc
.Ft char *
.Fo DES_crypt
.Fa "const char *buf"

.Fa "const char *salt"
.Fc
.Ft int
.Fo DES_enc_read
.Fa "int fd"


.Fa "void *buf"
.Fa "int len"

.Fa "DES_key_schedule *sched"
.Fa "DES_cblock *iv"



.Fc
.Ft int
.Fo DES_enc_write
.Fa "int fd"
.Fa "const void *buf"
.Fa "int len"
.Fa "DES_key_schedule *sched"
.Fa "DES_cblock *iv"
.Fc
.Sh DESCRIPTION
This library contains a fast implementation of the DES encryption
algorithm.
.Pp
There are two phases to the use of DES encryption.
The first is the generation of a
.Vt DES_key_schedule
from a key, and the second is the actual encryption.
A DES key is of type
.Vt DES_cblock .
This type consists of 8 bytes with odd parity.
The least significant bit in each byte is the parity bit.
The key schedule is an expanded form of the key; it is used to speed the
encryption process.
.Pp
.Fn DES_random_key
generates a random key in odd parity.
.Pp
Before a DES key can be used, it must be converted into the architecture
dependent
.Vt DES_key_schedule
via the
.Fn DES_set_key_checked
or
.Fn DES_set_key_unchecked
function.
.Pp
.Fn DES_set_key_checked
will check that the key passed is of odd parity and is not a weak or
semi-weak key.
If the parity is wrong, then -1 is returned.
If the key is a weak key, then -2 is returned.
If an error is returned, the key schedule is not generated.
.Pp
.Fn DES_set_key
works like
.Fn DES_set_key_checked
if the
.Em DES_check_key
flag is non-zero, otherwise like
.Fn DES_set_key_unchecked .
These functions are available for compatibility; it is recommended to
use a function that does not depend on a global variable.
.Pp
.Fn DES_set_odd_parity
sets the parity of the passed
.Fa key

to odd.
.Pp
.Fn DES_is_weak_key
returns 1 if the passed key is a weak key or 0 if it is ok.
.Pp
The following routines mostly operate on an input and output stream of
.Vt DES_cblock Ns s .
.Pp
.Fn DES_ecb_encrypt
is the basic DES encryption routine that encrypts or decrypts a single
8-byte
.Vt DES_cblock
in electronic code book (ECB) mode.
It always transforms the input data, pointed to by
.Fa input ,
into the output data, pointed to by the
.Fa output
argument.
If the
.Fa enc
argument is non-zero
.Pq Dv DES_ENCRYPT ,
the
.Fa input
(cleartext) is encrypted into the




.Fa output
(ciphertext) using the key_schedule specified by the

.Fa schedule
argument, previously set via
.Fn DES_set_key .
If
.Fa enc
is zero
.Pq Dv DES_DECRYPT ,
the
.Fa input
(now ciphertext) is decrypted into the
.Fa output
(now cleartext).
Input and output may overlap.
.Fn DES_ecb_encrypt
does not return a value.
.Pp
.Fn DES_ecb3_encrypt
encrypts/decrypts the


.Fa input
block by using three-key Triple-DES encryption in ECB mode.
This involves encrypting the input with
.Fa ks1 ,
decrypting with the key schedule




.Fa ks2 ,
and then encrypting with
.Fa ks3 .
This routine greatly reduces the chances of brute force breaking of DES
and has the advantage of if
.Fa ks1 ,
.Fa ks2 ,
and
.Fa ks3
are the same, it is equivalent to just encryption using ECB mode and
.Fa ks1
as the key.

.Pp
The macro
.Fn DES_ecb2_encrypt
is provided to perform two-key Triple-DES encryption by using
.Fa ks1
for the final encryption.

.Pp


.Fn DES_ncbc_encrypt
encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES.
If the
.Fa enc
argument is non-zero, the routine cipher-block-chain encrypts the
cleartext data pointed to by the
.Fa input
argument into the ciphertext pointed to by the
.Fa output
argument, using the key schedule provided by the
.Fa schedule
argument, and initialization vector provided by the
.Fa ivec
argument.
If the
.Fa length
argument is not an integral multiple of eight bytes, the last block is
copied to a temporary area and zero filled.
The output is always an integral multiple of eight bytes.
.Pp
.Fn DES_xcbc_encrypt
is RSA's DESX mode of DES.
It uses
.Fa inw
and
.Fa outw



to "whiten" the encryption.

.Fa inw
and
.Fa outw
are secret (unlike the iv) and are as such, part of the key.
So the key is sort of 24 bytes.
This is much better than CBC DES.
.Pp
.Fn DES_ede3_cbc_encrypt
implements outer triple CBC DES encryption with three keys.
This means that each DES operation inside the CBC mode is really an
.Qq Li C=E(ks3,D(ks2,E(ks1,M))) .
This mode is used by SSL.
.Pp
The
.Fn DES_ede2_cbc_encrypt

macro implements two-key Triple-DES by reusing
.Fa ks1
for the final encryption.


.Qq Li C=E(ks1,D(ks2,E(ks1,M))) .
This form of Triple-DES is used by the RSAREF library.
.Pp
.Fn DES_pcbc_encrypt
encrypt/decrypts using the propagating cipher block chaining mode used
by Kerberos v4.
Its parameters are the same as
.Fn DES_ncbc_encrypt .
.Pp
.Fn DES_cfb_encrypt
encrypt/decrypts using cipher feedback mode.
This method takes an array of characters as input and outputs an array
of characters.
It does not require any padding to 8 character groups.
Note: the
.Fa ivec
variable is changed and the new changed value needs to be passed to the
next call to this function.
Since this function runs a complete DES ECB encryption per
.Fa numbits ,
this function is only suggested for use when sending small numbers of
characters.
.Pp
.Fn DES_cfb64_encrypt
implements CFB mode of DES with 64bit feedback.
Why is this useful you ask?
Because this routine will allow you to encrypt an arbitrary number of
bytes, no 8 byte padding.
Each call to this routine will encrypt the input bytes to output and
then update ivec and num.
num contains "how far" we are though ivec.
If this does not make much sense, read more about cfb mode of DES :-).
.Pp
.Fn DES_ede3_cfb64_encrypt
and
.Fn DES_ede2_cfb64_encrypt


is the same as
.Fn DES_cfb64_encrypt
except that Triple-DES is used.
.Pp
.Fn DES_ofb_encrypt
encrypts using output feedback mode.
This method takes an array of characters as input and outputs an array
of characters.
It does not require any padding to 8 character groups.
Note: the
.Fa ivec
variable is changed and the new changed value needs to be passed to the
next call to this function.
Since this function runs a complete DES ECB encryption per numbits, this
function is only suggested for use when sending small numbers of
characters.
.Pp
.Fn DES_ofb64_encrypt
is the same as
.Fn DES_cfb64_encrypt
using Output Feed Back mode.
.Pp
.Fn DES_ede3_ofb64_encrypt
and
.Fn DES_ede2_ofb64_encrypt
is the same as
.Fn DES_ofb64_encrypt ,
using Triple-DES.
.Pp
The following functions are included in the DES library for
compatibility with the MIT Kerberos library.
.Pp
.Fn DES_cbc_cksum
produces an 8-byte checksum based on the input stream (via CBC
encryption).
The last 4 bytes of the checksum are returned and the complete 8 bytes
are placed in
.Fa output .
This function is used by Kerberos v4.
Other applications should use
.Xr EVP_DigestInit 3
etc. instead.
.Pp
.Fn DES_quad_cksum
is a Kerberos v4 function.
It returns a 4-byte checksum from the input bytes.
The algorithm can be iterated over the input, depending on
.Fa out_count ,
1, 2, 3 or 4 times.
If
.Fa output
is
.Pf non- Dv NULL ,
the 8 bytes generated by each pass are written into
.Fa output .
.Pp
The following are DES-based transformations:
.Pp
.Fn DES_fcrypt
is a fast version of the Unix
.Xr crypt 3
function.
This version takes only a small amount of space relative to other
fast crypt implementations.
This is different to the normal crypt in that the third parameter is the
buffer that the return value is written into.
It needs to be at least 14 bytes long.
This function is thread safe, unlike the normal crypt.
.Pp
.Fn DES_crypt
is a faster replacement for the normal system
.Xr crypt 3 .
This function calls
.Fn DES_fcrypt
with a static array passed as the third parameter.
This emulates the normal non-thread safe semantics of
.Xr crypt 3 .
.Pp










.Fn DES_enc_write
writes
.Fa len
bytes to file descriptor
.Fa fd
from buffer
.Fa buf .
The data is encrypted via
.Em pcbc_encrypt
(default) using
.Fa sched
for the key and
.Fa iv
as a starting vector.
The actual data send down
.Fa fd
consists of 4 bytes (in network byte order) containing the length of the
following encrypted data.



The encrypted data then follows, padded with random data out to a
multiple of 8 bytes.
.Pp

.Fn DES_enc_read

is used to read
.Fa len
bytes from file descriptor
.Fa fd
into buffer
.Fa buf .
The data being read from
.Fa fd
is assumed to have come from
.Fn DES_enc_write
and is decrypted using
.Fa sched
for the key schedule and
.Fa iv
for the initial vector.
.Pp

.Sy Warning :
The data format used by
.Fn DES_enc_write
and

.Fn DES_enc_read
has a cryptographic weakness: when asked to write more than
.Dv MAXWRITE


bytes,


.Fn DES_enc_write
will split the data into several chunks that are all encrypted using the
same IV.

So don't use these functions unless you are sure you know what
you do (in which case you might not want to use them anyway).
They cannot handle non-blocking sockets.
.Fn DES_enc_read
uses an internal state and thus cannot be used on multiple files.
.Pp
.Em DES_rw_mode
is used to specify the encryption mode to use with
.Fn DES_enc_read .
If set to
.Dv DES_PCBC_MODE
(the default), DES_pcbc_encrypt is used.
If set to
.Dv DES_CBC_MODE
DES_cbc_encrypt is used.
.Sh SEE ALSO
.Xr crypt 3 ,
.Xr RAND_bytes 3
.Pp


The

.Xr evp 3
library provides higher-level encryption functions.
.Sh STANDARDS
ANSI X3.106
.Pp
The DES library was initially written to be source code compatible
with the MIT Kerberos library.



.Sh HISTORY

In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
clashes with older versions of libdes.
.Pp
.Fn DES_set_key_checked
and
.Fn DES_set_key_unchecked
were added in OpenSSL 0.9.5.
.Pp
.Fn des_generate_random_block ,
.Fn des_init_random_number_generator ,
.Fn des_new_random_key ,
.Fn des_set_random_generator_seed ,
.Fn des_set_sequence_number ,
and
.Fn des_rand_data 3
are used in newer versions of Kerberos but are not implemented here.
.Pp
.Fn DES_random_key
generated cryptographically weak random data in SSLeay and in OpenSSL
prior version 0.9.5, as well as in the original MIT library.

.Sh AUTHORS
.An Eric Young Aq Mt eay@cryptsoft.com
.Sh CAVEATS
Single-key DES is insecure due to its short key size.
ECB mode is not suitable for most applications.
.Sh BUGS
DES_cbc_encrypt does not modify
.Fa ivec ;
use
.Fn DES_ncbc_encrypt
instead.
.Pp
.Fn DES_cfb_encrypt
and
.Fn DES_ofb_encrypt
operates on input of 8 bits.
What this means is that if you set numbits to 12, and length to 2, the
first 12 bits will come from the 1st input byte and the low half of the
second input byte.
The second 12 bits will have the low 8 bits taken from the 3rd input
byte and the top 4 bits taken from the 4th input byte.
The same holds for output.
This function has been implemented this way because most people will be
using a multiple of 8 and because once you get into pulling input
bytes apart things get ugly!
.Pp
.Fn DES_string_to_key
is available for backward compatibility with the MIT library.
New applications should use a cryptographic hash function.
The same applies for
.Fn DES_string_to_2key .
Changes to jni/libressl/man/DH_generate_key.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36


37
38
39
40
41
42
43
44
45
46

47


48





49
50
51



52
53
54
55


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93


94
95













96
97
98
99
100
101
102
103

104






105
106
107

108
109

110
111
112
113

114
115
116
117


118
119

120
121
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\


.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"





.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the



.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DH_generate_key 3"
.TH DH_generate_key 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&
\& int DH_generate_key(DH *dh);
\&
\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key
exchange by generating private and public \s-1DH\s0 values. By calling


\&\fIDH_compute_key()\fR, these are combined with the other party's public
value to compute the shared key.













.PP
\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters
\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value
unless \fBdh\->priv_key\fR is already set, and computes the
corresponding public value \fBdh\->pub_key\fR, which can then be
published.
.PP
\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value

in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores






it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise.
.PP

\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1
on error.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
\&\fIDH_size\fR\|(3)


.SH "HISTORY"
.IX Header "HISTORY"

\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
<
<
<
|
<
>
>
<
<
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
|
|
|
>
>
>
|

<
<
>
>
|
|
<
<
<
|
|
|
<
<
<
<
|
|
<
<
|
|
|
<
<
<
|
|
|
|
|
<
<
<
|
<
<
|
|
|
|
|
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
|
<
<
<
|
>
|
>
>
>
>
>
>
|
|
<
>
|
|
>
|
<
|
|
>
|
|
<
|
>
>
|
|
>
|
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27



28

29
30




31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54



55
56
57




58
59


60
61
62



63
64
65
66
67



68


69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91


92



93
94
95
96
97
98
99
100
101
102
103

104
105
106
107
108

109
110
111
112
113

114
115
116
117
118
119
120
121
.\"	$OpenBSD: DH_generate_key.3,v 1.6 2016/12/10 22:22:59 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written




.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: December 10 2016 $
.Dt DH_GENERATE_KEY 3
.Os
.Sh NAME



.Nm DH_generate_key ,
.Nm DH_compute_key
.Nd perform Diffie-Hellman key exchange




.Sh SYNOPSIS
.In openssl/dh.h


.Ft int
.Fo DH_generate_key
.Fa "DH *dh"



.Fc
.Ft int
.Fo DH_compute_key
.Fa "unsigned char *key"
.Fa "BIGNUM *pub_key"



.Fa "DH *dh"


.Fc
.Sh DESCRIPTION
.Fn DH_generate_key
performs the first step of a Diffie-Hellman key exchange by generating
private and public DH values.
By calling
.Fn DH_compute_key ,
these are combined with the other party's public value to compute the
shared key.
.Pp
.Fn DH_generate_key
expects
.Fa dh
to contain the shared parameters
.Sy dh->p
and
.Sy dh->g .
It generates a random private DH value unless
.Sy dh->priv_key
is already set, and computes the corresponding public value
.Sy dh->pub_key ,
which can then be published.
.Pp


.Fn DH_compute_key



computes the shared secret from the private DH value in
.Fa dh
and the other party's public value in
.Fa pub_key
and stores it in
.Fa key .
.Fa key
must point to
.Fn DH_size dh
bytes of memory.
.Sh RETURN VALUES

.Fn DH_generate_key
returns 1 on success, or 0 otherwise.
.Pp
.Fn DH_compute_key
returns the size of the shared secret on success, or -1 on error.

.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr DH_new 3 ,

.Xr DH_size 3 ,
.Xr ERR_get_error 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
.Fn DH_generate_key
and
.Fn DH_compute_key
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/DH_generate_parameters.3.
1





















2
3
4
5
6
7
8

9
10
11
12
13

14

15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

45
46
47
48

49

50
51


52





53
54
55



56
57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72

73
74
75
76

77
78
79
80
81
82
83
84
85
86

87
88
89

90

91

92





93
94
95
96


97
98
99

100
101
102



103
104

105
106
107
108
109
110
111
112



113



114
115
116
117
118
119
120
121
122
123
124

125



126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

144
145

146




147
148
149


150

















.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)





















.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..

.de Ve \" End verbatim text

.ft R
.fi
..

.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for

.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the


.\" output yourself in some meaningful fashion.





.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX



..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "DH_generate_parameters 3"
.TH DH_generate_parameters 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l
.nh
.SH "NAME"
DH_generate_parameters_ex, DH_generate_parameters,
DH_check \- generate and check Diffie\-Hellman parameters
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&

\& int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
\&
\& int DH_check(DH *dh, int *codes);

.Ve

.PP

Deprecated:





.PP
.Vb 2
\& DH *DH_generate_parameters(int prime_len, int generator,
\&     void (*callback)(int, int, void *), void *cb_arg);


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can
be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR
structure.



.PP
\&\fBprime_len\fR is the length in bits of the safe prime to be generated.

\&\fBgenerator\fR is a small number > 1, typically 2 or 5.
.PP
A callback function may be used to provide feedback about the progress
of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be
called as described in \fIBN_generate_prime\fR\|(3) while a random prime number is
generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR is
called. See \fIBN_generate_prime\fR\|(3) for information on
the \fIBN_GENCB_call()\fR function.



.PP



\&\fIDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is
a safe prime, and that \fBg\fR is a suitable generator. In the case of an
error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or
\&\s-1DH_NOT_SUITABLE_GENERATOR\s0 are set in \fB*codes\fR.
\&\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0 is set if the generator cannot be
checked, i.e. it does not equal 2 or 5.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIDH_generate_parameters_ex()\fR and \fIDH_check()\fR return 1 if the check could be
performed, 0 otherwise.
.PP

\&\fIDH_generate_parameters()\fR (deprecated) returns a pointer to the \s-1DH\s0 structure, or



\&\s-1NULL\s0 if the parameter generation fails.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
\&\fIDH_generate_parameters_ex()\fR and \fIDH_generate_parameters()\fR may run for several
hours before finding a suitable prime.
.PP
The parameters generated by \fIDH_generate_parameters_ex()\fR and \fIDH_generate_parameters()\fR
are not to be used in signature schemes.
.SH "BUGS"
.IX Header "BUGS"
If \fBgenerator\fR is not 2 or 5, \fBdh\->g\fR=\fBgenerator\fR is not
a usable generator.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
\&\fIDH_free\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"

\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.




The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0.
.PP
In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used


instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0

















|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
<
|
>
|
|
<
<
|
>
|
>
|
<
|
>
|
|
|
|
|
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
<

>
|
<
<
|
>
|
>
|
|
>
>
|
>
>
>
>
>
|
<
|
>
>
>
|
|
<
<
<
|
<
|
>
|
|
|
|
|
|
|
<
|
>
|
|
|
|
>
|
|
<
|
|
<
|
|
<
<
>
|
<
<
>
|
>
|
>
|
>
>
>
>
>
|
|
|
<
>
>
|
|
|
>
|
<
|
>
>
>
|
|
>
|
|
<
<
<
<
|
|
>
>
>
|
>
>
>
<
<
<
<
<
|
<
<
|
<
|
>
|
>
>
>
|
|
|
<
|
<
<
<
<
<
<
<
<
<
|
|
|
<
>
|
<
>
|
>
>
>
>
|
|
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29
30
31


32
33
34
35
36

37
38
39
40
41
42
43
44
45














46
47
48
49

50
51
52


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68
69
70
71
72
73



74

75
76
77
78
79
80
81
82
83

84
85
86
87
88
89
90
91
92

93
94

95
96


97
98


99
100
101
102
103
104
105
106
107
108
109
110
111
112

113
114
115
116
117
118
119

120
121
122
123
124
125
126
127
128




129
130
131
132
133
134
135
136
137





138


139

140
141
142
143
144
145
146
147
148

149









150
151
152

153
154

155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
.\"	$OpenBSD: DH_generate_parameters.3,v 1.6 2016/12/10 22:22:59 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)














.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: December 10 2016 $
.Dt DH_GENERATE_PARAMETERS 3


.Os
.Sh NAME
.Nm DH_generate_parameters_ex ,
.Nm DH_check ,
.Nm DH_generate_parameters
.Nd generate and check Diffie-Hellman parameters
.Sh SYNOPSIS
.In openssl/dh.h
.Ft int
.Fo DH_generate_parameters_ex
.Fa "DH *dh"
.Fa "int prime_len"
.Fa "int generator"
.Fa "BN_GENCB *cb"
.Fc

.Ft int
.Fo DH_check
.Fa "DH *dh"
.Fa "int *codes"
.Fc
.Pp



Deprecated:

.Pp
.Ft DH *
.Fo DH_generate_parameters
.Fa "int prime_len"
.Fa "int generator"
.Fa "void (*callback)(int"
.Fa int
.Fa "void *)"
.Fa "void *cb_arg"

.Fc
.Sh DESCRIPTION
.Fn DH_generate_parameters_ex
generates Diffie-Hellman parameters that can be shared among a group of
users, and stores them in the provided
.Vt DH
structure.
.Pp
.Fa prime_len

is the length in bits of the safe prime to be generated.
.Fa generator

is a small number > 1, typically 2 or 5.
.Pp


A callback function may be used to provide feedback about the progress
of the key generation.


If
.Fa cb
is not
.Dv NULL ,
it will be called as described in
.Xr BN_generate_prime 3
while a random prime number is generated, and when a prime has been
found,
.Fn BN_GENCB_call cb 3 0
is called; see
.Xr BN_GENCB_call 3 .
.Pp
.Fn DH_check
validates Diffie-Hellman parameters.

If no problems are found,
.Pf * Ar codes
is set to zero.
Otherwise, one or more of the following bits are set:
.Bl -tag -width Ds
.It Dv DH_CHECK_P_NOT_PRIME
The parameter

.Fa dh->p
is not prime.
.It Dv DH_CHECK_P_NOT_SAFE_PRIME
The parameter
.Fa dh->p
is not a safe prime.
.It Dv DH_UNABLE_TO_CHECK_GENERATOR
The generator
.Fa dh->g




cannot be checked for suitability: it is neither 2 nor 5.
.It Dv DH_NOT_SUITABLE_GENERATOR
The generator
.Fa dh->g
is not suitable.
.El
.Sh RETURN VALUES
.Fn DH_generate_parameters_ex
and





.Fn DH_check


return 1 if the check could be performed, or 0 otherwise.

.Pp
.Fn DH_generate_parameters
(deprecated) returns a pointer to the
.Vt DH
structure, or
.Dv NULL
if the parameter generation fails.
.Pp
The error codes can be obtained by

.Xr ERR_get_error 3 .









.Sh SEE ALSO
.Xr DH_new 3 ,
.Xr ERR_get_error 3 ,

.Xr RAND_bytes 3
.Sh HISTORY

.Fn DH_check
is available in all versions of SSLeay and OpenSSL.
The
.Fa cb_arg
argument to
.Fn DH_generate_parameters
was added in SSLeay 0.9.0.
.Pp
In versions before OpenSSL 0.9.5,
.Dv DH_CHECK_P_NOT_STRONG_PRIME
is used instead of
.Dv DH_CHECK_P_NOT_SAFE_PRIME .
.Sh CAVEATS
.Fn DH_generate_parameters_ex
and
.Fn DH_generate_parameters
may run for several hours before finding a suitable prime.
.Pp
The parameters generated by
.Fn DH_generate_parameters_ex
and
.Fn DH_generate_parameters
are not to be used in signature schemes.
.Sh BUGS
If
.Fa generator
is not 2 or 5,
.Fa dh->g Ns = Ns Fa generator
is not a usable generator.
Changes to jni/libressl/man/DH_get_ex_new_index.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53





54






55
56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

87


88
89
90
91


92
93





94


95
96
97
98


99
100


101
102
103
104
105
106
107



108
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"





.\" Avoid warning from groff about undefined register 'F'.






.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
.TH DH_get_ex_new_index 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific
data to DH structures
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&

\& int DH_get_ex_new_index(long argl, void *argp,


\&                CRYPTO_EX_new *new_func,
\&                CRYPTO_EX_dup *dup_func,
\&                CRYPTO_EX_free *free_func);
\&


\& int DH_set_ex_data(DH *d, int idx, void *arg);
\&





\& char *DH_get_ex_data(DH *d, int idx);


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions handle application specific data in \s-1DH\s0


structures. Their usage is identical to that of
\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR


as described in \fIRSA_get_ex_new_index\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIRSA_get_ex_new_index\fR\|(3), \fIdh\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDH_get_ex_new_index()\fR, \fIDH_set_ex_data()\fR and \fIDH_get_ex_data()\fR are



available since OpenSSL 0.9.5.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
|
>
>
>
>
>
>
<
|
|
<
<
<
<
<
>
|
<
<
<
<
<
|
<
<
<
|
|
<
<
<
<
<
|
|
|
<
<
|
<
>
|
>
>
|
|
|
<
>
>
|
<
>
>
>
>
>
|
>
>
|
|
<
|
>
>
|
|
>
>
|
|
|
|
|
<
|
>
>
>
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26

27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51





52
53





54



55
56





57
58
59


60

61
62
63
64
65
66
67

68
69
70

71
72
73
74
75
76
77
78
79
80

81
82
83
84
85
86
87
88
89
90
91
92

93
94
95
96
97
.\"	$OpenBSD: DH_get_ex_new_index.3,v 1.4 2016/12/10 22:22:59 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: December 10 2016 $





.Dt DH_GET_EX_NEW_INDEX 3
.Os





.Sh NAME



.Nm DH_get_ex_new_index ,
.Nm DH_set_ex_data ,





.Nm DH_get_ex_data
.Nd add application specific data to DH structures
.Sh SYNOPSIS


.In openssl/dh.h

.Ft int
.Fo DH_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"

.Fc
.Ft int
.Fo DH_set_ex_data

.Fa "DH *d"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft char *
.Fo DH_get_ex_data
.Fa "DH *d"
.Fa "int idx"
.Fc
.Sh DESCRIPTION

These functions handle application specific data in
.Vt DH
structures.
Their usage is identical to that of
.Xr RSA_get_ex_new_index 3 ,
.Xr RSA_set_ex_data 3 ,
and
.Xr RSA_get_ex_data 3 .
.Sh SEE ALSO
.Xr DH_new 3 ,
.Xr RSA_get_ex_new_index 3
.Sh HISTORY

.Fn DH_get_ex_new_index ,
.Fn DH_set_ex_data ,
and
.Fn DH_get_ex_data
are available since OpenSSL 0.9.5.
Changes to jni/libressl/man/DH_new.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27

28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48










49
50
51
52
53
54


55
56
57

58
59
60
61
62
63

64
65
66
67
68
69
70
71

72
73
74
75
76
77
78

79
80




81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

96
97
98



99

100
101
102
103


104
105





106
107


108
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"










.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX
..
.nr rF 0

.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================

.\"
.IX Title "DH_new 3"
.TH DH_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh

.SH "NAME"
DH_new, DH_free \- allocate and free DH objects




.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&
\& DH* DH_new(void);
\&
\& void DH_free(DH *dh);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure.
.PP
\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are
erased before the memory is returned to the system.

.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that



can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns a

pointer to the newly allocated structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3),


\&\fIDH_generate_parameters\fR\|(3),
\&\fIDH_generate_key\fR\|(3)





.SH "HISTORY"
.IX Header "HISTORY"


\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
>
|
<
<
<
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
>
|
<
<
|

<
>
>
<
|
|
>
|
|
|
|
<
|
>
|
|
<
<
|
|
|
<
>
|
|
<
<
<
|
|
>
|
|
>
>
>
>
|
<
<
<
<
<
<
<
|
|
<
<
|
<
<
>
|
<
|
>
>
>
|
>
|
|
|
<
>
>
|
|
>
>
>
>
>
|
|
>
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26
27






28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48


49
50

51
52

53
54
55
56
57
58
59

60
61
62
63


64
65
66

67
68
69



70
71
72
73
74
75
76
77
78
79







80
81


82


83
84

85
86
87
88
89
90
91
92
93

94
95
96
97
98
99
100
101
102
103
104
105
106
107
.\"	$OpenBSD: DH_new.3,v 1.4 2016/12/10 22:30:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.






.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 10 2016 $
.Dt DH_NEW 3

.Os
.Sh NAME
.Nm DH_new ,
.Nm DH_free
.Nd allocate and free DH objects
.Sh SYNOPSIS
.In openssl/dh.h

.Ft DH*
.Fn DH_new void
.Ft void
.Fo DH_free


.Fa "DH *dh"
.Fc
.Sh DESCRIPTION

The DH functions implement the Diffie-Hellman key agreement protocol.
.Pp
.Fn DH_new



allocates and initializes a
.Vt DH
structure.
.Pp
.Fn DH_free
frees the
.Vt DH
structure and its components.
The values are erased before the memory is returned to the system.
If







.Fa dh
is a


.Dv NULL


pointer, no action occurs.
.Sh RETURN VALUES

If the allocation fails,
.Fn DH_new
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr BN_new 3 ,

.Xr d2i_DHparams 3 ,
.Xr DH_generate_key 3 ,
.Xr DH_generate_parameters 3 ,
.Xr DH_get_ex_new_index 3 ,
.Xr DH_set_method 3 ,
.Xr DH_size 3 ,
.Xr DHparams_print 3 ,
.Xr DSA_dup_DH 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn DH_new
and
.Fn DH_free
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/DH_set_method.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32

33
34
35
36

37
38
39
40
41
42
43
44




45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69


70
71
72

73

74
75
76
77
78
79
80
81
82


83


84
85

86



87


88
89



90
91



92
93

94
95
96
97
98

99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116

117
118



119

120







121


122

123


124

125
126

127



128






129




130



131
132

133
134
135
136
137
138
139
140
141
142








143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163


164
165
166

167



168

169

170



171

172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188




189





190
191

192
193

194
195
196
197
198

199


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\

.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"




.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}


.rr rF
.\" ========================================================================
.\"

.IX Title "DH_set_method 3"

.TH DH_set_method 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DH_set_default_method, DH_get_default_method,
DH_set_method, DH_new_method, DH_OpenSSL,
DH_set_default_openssl_method, DH_get_default_openssl_method


\&\- select DH method


.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 2



\& #include <openssl/dh.h>


\& #include <openssl/engine.h>
\&



\& void DH_set_default_method(const DH_METHOD *meth);
\&



\& const DH_METHOD *DH_get_default_method(void);
\&

\& int DH_set_method(DH *dh, const DH_METHOD *meth);
\&
\& DH *DH_new_method(ENGINE *engine);
\&
\& const DH_METHOD *DH_OpenSSL(void);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
important information about how these \s-1DH API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
returned by \fIDH_OpenSSL()\fR.
.PP
\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
as a default for \s-1DH,\s0 so this function is no longer recommended.
.PP
\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0

However, the meaningfulness of this result is dependent on whether the \s-1ENGINE

API\s0 is being used, so this function is no longer recommended.
.PP



\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.

This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method







was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the


change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0

implementations (eg. from an \s-1ENGINE\s0 module that supports embedded


hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0

for the key can have unexpected results.
.PP

\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will



be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0






operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by




\&\fIDH_set_default_method()\fR is used.



.SH "THE DH_METHOD STRUCTURE"
.IX Header "THE DH_METHOD STRUCTURE"

.Vb 4
\& typedef struct dh_meth_st
\& {
\&     /* name of the implementation */
\&        const char *name;
\&
\&     /* generate private and public DH values for key agreement */
\&        int (*generate_key)(DH *dh);
\&
\&     /* compute shared secret */








\&        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
\&
\&     /* compute r = a ^ p mod m (May be NULL for some implementations) */
\&        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
\&                                const BIGNUM *m, BN_CTX *ctx,
\&                                BN_MONT_CTX *m_ctx);
\&
\&     /* called at DH_new */
\&        int (*init)(DH *dh);
\&
\&     /* called at DH_free */
\&        int (*finish)(DH *dh);
\&
\&        int flags;
\&
\&        char *app_data; /* ?? */
\&
\& } DH_METHOD;
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"


\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective
\&\fB\s-1DH_METHOD\s0\fRs.
.PP

\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as



the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous

method was supplied by an \s-1ENGINE\s0).

.PP



\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by

\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it
returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function,
that will override any \s-1DH\s0 defaults set using the \s-1DH API \s0(ie.
\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DH\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdh\fR\|(3), \fIDH_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR,




\&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4.





.PP
\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced

\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and
\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than

\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now
transparently overrides the behaviour of defaults in the \s-1DH API\s0 without

requiring changing these function prototypes.


|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
>
<
<
|
|
|
<
<

>
>
>
>
|
|
|
|
|
|
|
|

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
<
|
>
|
>
|
<
<
<
|
|
<
|
<
>
>
|
>
>
|
|
>
|
>
>
>
|
>
>
|
<
>
>
>
|
<
>
>
>
|
<
>
|
<
|
<
|
>
|
|
<
<
<
<
<
|
<
|
|
|
|
<
<
<
|
>
|
>
|
|
>
>
>
|
>
|
>
>
>
>
>
>
>
|
>
>
|
>
|
>
>
|
>

|
>
|
>
>
>
|
>
>
>
>
>
>
|
>
>
>
>
|
>
>
>
|
<
>
|
|
<
<
<
<
<
<
<
<
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
>
|
>
>
>
|
>
|
>
|
>
>
>
|
>
|
|
<
<
<
<
<
<
<
<
<
|
<
|
|
|
|
>
>
>
>
|
>
>
>
>
>
|
<
>
|
|
>
|
<
|
|
<
>
|
>
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27
28
29
30
31
32

33


34
35
36


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

70
71
72
73
74



75
76

77

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

94
95
96
97

98
99
100
101

102
103

104

105
106
107
108





109

110
111
112
113



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

167
168
169








170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220









221

222
223
224
225
226
227
228
229
230
231
232
233
234
235
236

237
238
239
240
241

242
243

244
245
246
247
.\"	$OpenBSD: DH_set_method.3,v 1.5 2016/12/10 22:22:59 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following


.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt DH_SET_METHOD 3
.Os
.Sh NAME
.Nm DH_set_default_method ,
.Nm DH_get_default_method ,
.Nm DH_set_method ,
.Nm DH_new_method ,
.Nm DH_OpenSSL
.Nd select DH method
.Sh SYNOPSIS
.In openssl/dh.h
.Ft void
.Fo DH_set_default_method
.Fa "const DH_METHOD *meth"
.Fc
.Ft const DH_METHOD *
.Fo DH_get_default_method
.Fa void

.Fc
.Ft int
.Fo DH_set_method
.Fa "DH *dh"
.Fa "const DH_METHOD *meth"



.Fc
.Ft DH *

.Fo DH_new_method

.Fa "ENGINE *engine"
.Fc
.Ft const DH_METHOD *
.Fo DH_OpenSSL
.Fa void
.Fc
.Sh DESCRIPTION
A
.Vt DH_METHOD
specifies the functions that OpenSSL uses for Diffie-Hellman operations.
By modifying the method, alternative implementations such as hardware
accelerators may be used.
See the
.Sx CAVEATS
section for how these DH API functions are affected by the use of
.Xr engine 3

API calls.
.Pp
Initially, the default
.Vt DH_METHOD

is the OpenSSL internal implementation as returned by
.Fn DH_OpenSSL .
.Pp
.Fn DH_set_default_method

makes
.Fa meth

the default method for all

.Vt DH
structures created later.
.Sy NB :
This is true only whilst no





.Vt ENGINE

has been set as a default for DH, so this function is no longer
recommended.
.Pp
.Fn DH_get_default_method



returns a pointer to the current default
.Vt DH_METHOD .
However, the meaningfulness of this result is dependent on whether the
.Xr engine 3
API is being used, so this function is no longer recommended.
.Pp
.Fn DH_set_method
selects
.Fa meth
to perform all operations using the key
.Fa dh .
This will replace the
.Vt DH_METHOD
used by the
.Fa dh
key and if the previous method was supplied by an
.Vt ENGINE ,
the handle to that
.Vt ENGINE
will be released during the change.
It is possible to have
.Vt DH
keys that only work with certain
.Vt DH_METHOD
implementations (e.g. from an
.Vt ENGINE
module that supports embedded hardware-protected keys),
and in such cases attempting to change the
.Vt DH_METHOD
for the key can have unexpected results.
.Pp
.Fn DH_new_method
allocates and initializes a
.Vt DH
structure so that
.Fa engine
will be used for the DH operations.
If
.Fa engine
is
.Dv NULL ,
the default
.Vt ENGINE
for DH operations is used and, if no default
.Vt ENGINE
is set, the
.Vt DH_METHOD
controlled by
.Fn DH_set_default_method
is used.
.Pp
The
.Vt DH_METHOD

structure is defined as follows:
.Bd -literal
typedef struct dh_meth_st








{
     /* name of the implementation */
	const char *name;

     /* generate private and public DH values for key agreement */
        int (*generate_key)(DH *dh);

     /* compute shared secret */
        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                                const BIGNUM *m, BN_CTX *ctx,
                                BN_MONT_CTX *m_ctx);

     /* called at DH_new */
        int (*init)(DH *dh);

     /* called at DH_free */
        int (*finish)(DH *dh);

        int flags;

        char *app_data; /* ?? */

} DH_METHOD;
.Ed
.Sh RETURN VALUES
.Fn DH_OpenSSL
and
.Fn DH_get_default_method
return pointers to the respective
.Sy DH_METHOD Ns s.
.Pp
.Fn DH_set_method
returns non-zero if the provided
.Fa meth
was successfully set as the method for
.Fa dh
(including unloading the
.Vt ENGINE
handle if the previous method was supplied by an
.Vt ENGINE ) .
.Pp
.Fn DH_new_method
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3
if the allocation fails.
Otherwise it returns a pointer to the newly allocated structure.









.Sh SEE ALSO

.Xr DH_new 3
.Sh HISTORY
.Fn DH_set_default_method ,
.Fn DH_get_default_method ,
.Fn DH_set_method ,
.Fn DH_new_method
and
.Fn DH_OpenSSL
were added in OpenSSL 0.9.4.
.Sh CAVEATS
As of version 0.9.7,
.Vt DH_METHOD
implementations are grouped together with other algorithmic APIs
(e.g. RSA_METHOD, EVP_CIPHER) in
.Vt ENGINE

modules.
If a default
.Vt ENGINE
is specified for DH functionality using an
.Xr engine 3

API function, that will override any DH defaults set using the DH API
.Pq i.e. Fn DH_set_default_method .

For this reason, the
.Xr engine 3
API is the recommended way to control default implementations
for use in DH and other cryptographic algorithms.
Changes to jni/libressl/man/DH_size.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87
88
89
90
91

92
93



94

95
96
97
98
99
100

101
102

103
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DH_size 3"
.TH DH_size 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"
DH_size \- get Diffie\-Hellman prime size
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&
\& int DH_size(DH *dh);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This function returns the Diffie-Hellman size in bytes. It can be used
to determine how much memory must be allocated for the shared secret

computed by \fIDH_compute_key()\fR.
.PP



\&\fBdh\->p\fR must not be \fB\s-1NULL\s0\fR.

.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
The size in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdh\fR\|(3), \fIDH_generate_key\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"

\&\fIDH_size()\fR is available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
<
<
|
|
|
<
<
|
|
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
>
|
|
|
<
<
<
<
<
|
<
<
|
<
|
|
<
<
|
|
<
<
<
<
>
|
<
<
<
<
<
<
<
<
<
|
<
|
|
>
|
|
>
>
>
|
>
|
<

|
|
|
>
|
<
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22


23
24
25


26
27


28


29
30


31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54





55


56

57
58


59
60




61
62









63

64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80

81
82
.\"	$OpenBSD: DH_size.3,v 1.4 2016/12/10 22:22:59 schwarze Exp $
.\"	OpenSSL 4d524e10 Feb 24 11:55:57 2000 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without


.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 10 2016 $
.Dt DH_SIZE 3
.Os
.Sh NAME





.Nm DH_size


.Nd get Diffie-Hellman prime size

.Sh SYNOPSIS
.In openssl/dh.h


.Ft int
.Fo DH_size




.Fa "DH *dh"
.Fc









.Sh DESCRIPTION

This function returns the Diffie-Hellman size in bytes.
It can be used to determine how much memory must be allocated for the
shared secret computed by
.Xr DH_compute_key 3 .
.Pp
.Fa dh
and
.Fa dh->p
must not be
.Dv NULL .
.Sh RETURN VALUES

The size in bytes.
.Sh SEE ALSO
.Xr BN_num_bytes 3 ,
.Xr DH_generate_key 3 ,
.Xr DH_new 3
.Sh HISTORY

.Fn DH_size
is available in all versions of SSLeay and OpenSSL.
Added jni/libressl/man/DIST_POINT_new.3.


















































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
.\"	$OpenBSD: DIST_POINT_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt DIST_POINT_NEW 3
.Os
.Sh NAME
.Nm DIST_POINT_new ,
.Nm DIST_POINT_free ,
.Nm CRL_DIST_POINTS_new ,
.Nm CRL_DIST_POINTS_free ,
.Nm DIST_POINT_NAME_new ,
.Nm DIST_POINT_NAME_free ,
.Nm ISSUING_DIST_POINT_new ,
.Nm ISSUING_DIST_POINT_free
.Nd X.509 CRL distribution point extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft DIST_POINT *
.Fn DIST_POINT_new void
.Ft void
.Fn DIST_POINT_free "DIST_POINT *dp"
.Ft CRL_DIST_POINTS *
.Fn CRL_DIST_POINTS_new void
.Ft void
.Fn CRL_DIST_POINTS_free "CRL_DIST_POINTS *dps"
.Ft DIST_POINT_NAME *
.Fn DIST_POINT_NAME_new void
.Ft void
.Fn DIST_POINT_NAME_free "DIST_POINT_NAME *name"
.Ft ISSUING_DIST_POINT *
.Fn ISSUING_DIST_POINT_new void
.Ft void
.Fn ISSUING_DIST_POINT_free "ISSUING_DIST_POINT *dp"
.Sh DESCRIPTION
Using the CRL distribution point extension, a certificate can specify
where to obtain certificate revocation lists that might later revoke it.
.Pp
.Fn DIST_POINT_new
allocates and initializes an empty
.Vt DIST_POINT
object, representing an ASN.1
.Vt DistributionPoint
structure defined in RFC 5280 section 4.2.1.13.
It can hold issuer names, distribution point names, and reason flags.
.Fn DIST_POINT_free
frees
.Fa dp .
.Pp
.Fn CRL_DIST_POINTS_new
allocates and initializes an empty
.Vt CRL_DIST_POINTS
object, which is a
.Vt STACK_OF(DIST_POINT)
and represents the ASN.1
.Vt CRLDistributionPoints
structure defined in RFC 5280 section 4.2.1.13.
It can be used as an extension in
.Vt X509
and in
.Vt X509_CRL
objects.
.Fn CRL_DIST_POINTS_free
frees
.Fa dps .
.Pp
.Fn DIST_POINT_NAME_new
allocates and initializes an empty
.Vt DIST_POINT_NAME
object, representing an ASN.1
.Vt DistributionPointName
structure defined in RFC 5280 section 4.2.1.13.
It is used by the
.Vt DIST_POINT
and
.Vt ISSUING_DIST_POINT
objects and can hold multiple names, each representing a different
way to obtain the same CRL.
.Fn DIST_POINT_NAME_free
frees
.Fa name .
.Pp
.Fn ISSUING_DIST_POINT_new
allocates and initializes an empty
.Vt ISSUING_DIST_POINT
object, representing an ASN.1
.Vt IssuingDistributionPoint
structure defined in RFC 5280 section 5.2.5.
Using this extension, a CRL can specify which distribution point
it was issued from and which kinds of certificates and revocation
reasons it covers.
.Fn ISSUING_DIST_POINT_free
frees
.Fa dp .
.Sh RETURN VALUES
.Fn DIST_POINT_new ,
.Fn CRL_DIST_POINTS_new ,
.Fn DIST_POINT_NAME_new ,
and
.Fn ISSUING_DIST_POINT_new
return the new
.Vt DIST_POINT ,
.Vt CRL_DIST_POINTS ,
.Vt DIST_POINT_NAME ,
or
.Vt ISSUING_DIST_POINT
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr GENERAL_NAMES_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_NAME_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.1.13: CRL Distribution Points
.It
section 5.2.5: Issuing Distribution Point
.El
Changes to jni/libressl/man/DSA_SIG_new.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53





54






55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79


80
81
82
83
84
85
86
87


88

89
90
91
92


93



94
95





96
97
98



99
100
101
102

103
104
105
106
107



108
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"





.\" Avoid warning from groff about undefined register 'F'.






.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "DSA_SIG_new 3"
.TH DSA_SIG_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"


DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&
\& DSA_SIG *DSA_SIG_new(void);
\&


\& void   DSA_SIG_free(DSA_SIG *a);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure.


.PP



\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The
values are erased before the memory is returned to the system.





.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an



error code that can be obtained by
\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
to the newly allocated structure.
.SH "SEE ALSO"

.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3),
\&\fIDSA_do_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"



\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
|
>
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

>
|
<
<
<
<
|
|
>
>
|
<
|
<
|
<
|
<
>
>
|
>
|
|
|
|
>
>
|
>
>
>
|
|
>
>
>
>
>
|
<
|
>
>
>
|
|
|
|
>
|
|
<
|
<
>
>
>
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26

27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

















50
51
52




53
54
55
56
57

58

59

60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

83
84
85
86
87
88
89
90
91
92
93

94

95
96
97
98
.\"	$OpenBSD: DSA_SIG_new.3,v 1.4 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

















.\"
.Dd $Mdocdate: December 10 2016 $
.Dt DSA_SIG_NEW 3




.Os
.Sh NAME
.Nm DSA_SIG_new ,
.Nm DSA_SIG_free
.Nd allocate and free DSA signature objects

.Sh SYNOPSIS

.In openssl/dsa.h

.Ft DSA_SIG *

.Fn DSA_SIG_new void
.Ft void
.Fo DSA_SIG_free
.Fa "DSA_SIG *a"
.Fc
.Sh DESCRIPTION
.Fn DSA_SIG_new
allocates and initializes a
.Vt DSA_SIG
structure.
.Pp
.Fn DSA_SIG_free
frees the
.Vt DSA_SIG
structure and its components.
The values are erased before the memory is returned to the system.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Sh RETURN VALUES

If the allocation fails,
.Fn DSA_SIG_new
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr DSA_do_sign 3 ,
.Xr DSA_new 3 ,
.Xr ERR_get_error 3

.Sh HISTORY

.Fn DSA_SIG_new
and
.Fn DSA_SIG_free
were added in OpenSSL 0.9.3.
Changes to jni/libressl/man/DSA_do_sign.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54


55






56
57
58
59
60
61
62

63
64


65
66
67
68
69
70
71
72
73
74
75
76

77

78

79

80

81
82


83
84
85
86
87
88
89

90
91
92
93
94
95
96
97
98
99

100
101
102
103
104
105

106



107

108
109
110
111
112
113
114


115


116
117
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-


.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX






..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{


.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_do_sign 3"
.TH DSA_do_sign 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l

.nh

.SH "NAME"

DSA_do_sign, DSA_do_verify \- raw DSA signature operations

.SH "SYNOPSIS"
.IX Header "SYNOPSIS"


.Vb 1
\& #include <openssl/dsa.h>
\&
\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
\&
\& int DSA_do_verify(const unsigned char *dgst, int dgst_len,
\&             DSA_SIG *sig, DSA *dsa);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message
digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a
newly allocated \fB\s-1DSA_SIG\s0\fR structure.
.PP
\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part
of the signing operation in case signature generation is
time-critical.

.PP
\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
message digest \fBdgst\fR of size \fBlen\fR.  \fBdsa\fR is the signer's public
key.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error.  \fIDSA_do_verify()\fR



returns 1 for a valid signature, 0 for an incorrect signature and \-1

on error. The error codes can be obtained by
\&\fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
\&\fIDSA_SIG_new\fR\|(3),
\&\fIDSA_sign\fR\|(3)


.SH "HISTORY"


.IX Header "HISTORY"
\&\fIDSA_do_sign()\fR and \fIDSA_do_verify()\fR were added in OpenSSL 0.9.3.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
>
>
|
>
>
>
>
>
>
|
|
|
<
<
|
<
>
|
|
>
>
|
|
<
|
|
<
<
|
|
<
<
<
>
|
>
|
>
|
>
|
>
|
|
>
>
|
<
<
<
<
|
<
>
|
<
<
<
|
<
|
<
|
<
>
|
<
|
<
|
<
>
|
>
>
>
|
>
|
|
|
|
<
|
|
>
>
|
>
>
|
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30












31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54
55
56
57
58
59
60
61
62


63

64
65
66
67
68
69
70

71
72


73
74



75
76
77
78
79
80
81
82
83
84
85
86
87
88




89

90
91



92

93

94

95
96

97

98

99
100
101
102
103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118
.\"	$OpenBSD: DSA_do_sign.3,v 1.5 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written












.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 10 2016 $
.Dt DSA_DO_SIGN 3
.Os
.Sh NAME
.Nm DSA_do_sign ,
.Nm DSA_do_verify
.Nd raw DSA signature operations
.Sh SYNOPSIS
.In openssl/dsa.h
.Ft DSA_SIG *
.Fo DSA_do_sign
.Fa "const unsigned char *dgst"


.Fa "int dlen"

.Fa "DSA *dsa"
.Fc
.Ft int
.Fo DSA_do_verify
.Fa "const unsigned char *dgst"
.Fa "int dgst_len"
.Fa "DSA_SIG *sig"

.Fa "DSA *dsa"
.Fc


.Sh DESCRIPTION
.Fn DSA_do_sign



computes a digital signature on the
.Fa dlen
byte message digest
.Fa dgst
using the private key
.Fa dsa
and returns it in a newly allocated
.Vt DSA_SIG
structure.
.Pp
.Xr DSA_sign_setup 3
may be used to precompute part of the signing operation in case
signature generation is time-critical.
.Pp




.Fn DSA_do_verify

verifies that the signature
.Fa sig



matches a given message digest

.Fa dgst

of size

.Fa dgst_len .
.Fa dsa

is the signer's public key.

.Sh RETURN VALUES

.Fn DSA_do_sign
returns the signature or
.Dv NULL
on error.
.Fn DSA_do_verify
returns 1 for a valid signature, 0 for an incorrect signature,
and -1 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr DSA_new 3 ,

.Xr DSA_SIG_new 3 ,
.Xr DSA_sign 3 ,
.Xr ERR_get_error 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
.Fn DSA_do_sign
and
.Fn DSA_do_verify
were added in OpenSSL 0.9.3.
Changes to jni/libressl/man/DSA_dup_DH.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

95




96
97
98
99
100
101

102
103
104

105


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_dup_DH 3"
.TH DSA_dup_DH 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh



.SH "NAME"
DSA_dup_DH \- create a DH structure out of DSA structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&
\& DH * DSA_dup_DH(const DSA *r);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q
is lost during that conversion, but the resulting \s-1DH\s0 parameters
contain its length.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"

\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The




error codes can be obtained by \fIERR_get_error\fR\|(3).
.SH "NOTE"
.IX Header "NOTE"
Be careful to avoid small subgroup attacks when using this.
.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.


|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
<
|
<
<
<
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

|
|
|
|
|
|
|
|
<
|
<
<
<
<
|
|
|
<
|
|
|
<
<
|
>
|
>
>
>
<
<
<
<
<
<
<
<
|
<
<
<
<
|
|
<
>
|
>
>
>
>
|
<
|
<
|
|
>
|
|
<
>
|
>
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26

27






28


29
30


31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

59




60
61
62

63
64
65


66
67
68
69
70
71








72




73
74

75
76
77
78
79
80
81

82

83
84
85
86
87

88
89
90
91
.\"	$OpenBSD: DSA_dup_DH.3,v 1.5 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.






.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt DSA_DUP_DH 3
.Os
.Sh NAME
.Nm DSA_dup_DH
.Nd create a DH structure out of DSA structure
.Sh SYNOPSIS
.In openssl/dsa.h

.Ft DH *




.Fo DSA_dup_DH
.Fa "const DSA *r"
.Fc

.Sh DESCRIPTION
.Fn DSA_dup_DH
duplicates


.Vt DSA
parameters/keys as
.Vt DH
parameters/keys.
.Fa r->q
is lost during that conversion, but the resulting








.Vt DH




parameters contain its length.
.Sh RETURN VALUES

.Fn DSA_dup_DH
returns the new
.Vt DH
structure or
.Dv NULL
on error.
The error codes can be obtained by

.Xr ERR_get_error 3 .

.Sh SEE ALSO
.Xr DH_new 3 ,
.Xr DSA_new 3 ,
.Xr ERR_get_error 3
.Sh HISTORY

.Fn DSA_dup_DH
was added in OpenSSL 0.9.4.
.Sh CAVEATS
Be careful to avoid small subgroup attacks when using this.
Changes to jni/libressl/man/DSA_generate_key.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73




74
75
76



77
78
79
80
81
82
83
84
85
86

87
88
89
90
91



92
93

94
95

96
97
98
99



100
101
102
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_generate_key 3"




.TH DSA_generate_key 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.



.if n .ad l
.nh
.SH "NAME"
DSA_generate_key \- generate DSA key pair
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&
\& int DSA_generate_key(DSA *a);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates
a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR.



.SH "RETURN VALUE"
.IX Header "RETURN VALUE"

\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise.
The error codes can be obtained by \fIERR_get_error\fR\|(3).

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
\&\fIDSA_generate_parameters\fR\|(3)



.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
<
<
|
|
|
<
<
|
|
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
<
<
|
<
<
<
|
<
|
<
<
<
<
<
|
<
<
<
|
>
>
>
>
|
<
<
>
>
>
<
<
<
<
<
<
<
<
<
|
>
|
<
<
|
|
>
>
>
|
<
>
|
|
>
|
<
<
|
>
>
>
|
|
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22


23
24
25


26
27


28


29
30


31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50



51



52

53





54



55
56
57
58
59
60


61
62
63









64
65
66


67
68
69
70
71
72

73
74
75
76
77


78
79
80
81
82
83
84
.\"	$OpenBSD: DSA_generate_key.3,v 1.5 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without


.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: December 10 2016 $



.Dt DSA_GENERATE_KEY 3

.Os





.Sh NAME



.Nm DSA_generate_key
.Nd generate DSA key pair
.Sh SYNOPSIS
.In openssl/dsa.h
.Ft int
.Fo DSA_generate_key


.Fa "DSA *a"
.Fc
.Sh DESCRIPTION









.Fn DSA_generate_key
expects
.Fa a


to contain DSA parameters.
It generates a new key pair and stores it in
.Fa a->pub_key
and
.Fa a->priv_key .
.Sh RETURN VALUES

.Fn DSA_generate_key
returns 1 on success or 0 otherwise.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO


.Xr DSA_generate_parameters 3 ,
.Xr DSA_new 3 ,
.Xr ERR_get_error 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
.Fn DSA_generate_key
is available since SSLeay 0.8.
Changes to jni/libressl/man/DSA_generate_parameters.3.
1

2
3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20
21
22



23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41


42
43
44
45


46
47
48
49
50
51








52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86


87


88

89
90
91
92
93
94




95
96

97
98
99

100
101

102

103
104
105






106
107
108
109

110

111

112

113

114
115
116





117


118
119

120
121



122
123
124
125

126

127
128

129
130
131



132
133
134

135
136
137
138

139

140
141

142
143
144


145
146



147

148





149
150




151
152
153

154
155

156



157
158
159
160
161
162
163
164
165
166



167
168

169


170
171

172
173

174



175


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,



.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.


.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the








.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_generate_parameters 3"
.TH DSA_generate_parameters 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&

\& int DSA_generate_parameters_ex(DSA *dsa, int bits,


\&                const unsigned char *seed,int seed_len,


\&                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

.Ve
.PP
Deprecated:
.PP
.Vb 3
\& DSA *DSA_generate_parameters(int bits, unsigned char *seed,




\&                int seed_len, int *counter_ret, unsigned long *h_ret,
\&                void (*callback)(int, int, void *), void *cb_arg);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g
for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR.

.PP

\&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a
maximum of 1024 bits.
.PP






If \fBseed\fR is \fB\s-1NULL\s0\fR or \fBseed_len\fR < 20, the primes will be
generated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new random
seed is chosen and placed at \fBseed\fR.

.PP

\&\fIDSA_generate_parameters_ex()\fR places the iteration count in

*\fBcounter_ret\fR and a counter used for finding a generator in

*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR.

.PP
A callback function may be used to provide feedback about the progress
of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be





called as shown below. For information on the \s-1BN_GENCB\s0 structure and the


BN_GENCB_call function discussed below, refer to
\&\fIBN_generate_prime\fR\|(3).

.IP "\(bu" 4
When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called



(m is 0 for the first candidate).
.IP "\(bu" 4
When a candidate for q has passed a test by trial division,
\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called.

While a candidate for q is tested by Miller-Rabin primality tests,

\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop
(once for each witness that confirms that the candidate may be prime);

i is the loop counter (starting at 0).
.IP "\(bu" 4
When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and



\&\fBBN_GENCB_call(cb, 3, 0)\fR are called.
.IP "\(bu" 4
Before a candidate for p (other than the first) is generated and tested,

\&\fBBN_GENCB_call(cb, 0, counter)\fR is called.
.IP "\(bu" 4
When a candidate for p has passed the test by trial division,
\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called.

While it is tested by the Miller-Rabin primality test,

\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop
(once for each witness that confirms that the candidate may be prime).

i is the loop counter (starting at 0).
.IP "\(bu" 4
When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called.


.IP "\(bu" 4
When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called.



.PP

\&\fIDSA_generate_parameters()\fR (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no \fBdsa\fR parameter is passed and





instead a newly allocated \fB\s-1DSA\s0\fR structure is returned. Additionally \*(L"old
style\*(R" callbacks are used instead of the newer \s-1BN_GENCB\s0 based approach.




Refer to \fIBN_generate_prime\fR\|(3) for further information.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"

\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise.
.PP

\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or



\&\fB\s-1NULL\s0\fR if the parameter generation fails.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).
.SH "BUGS"
.IX Header "BUGS"
Seed lengths > 20 are not supported.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3)



.SH "HISTORY"
.IX Header "HISTORY"

\&\fIDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR


argument was added in SSLeay 0.9.0.
In versions up to OpenSSL 0.9.4, \fBcallback(1, ...)\fR was called

in the inner loop of the Miller-Rabin test whenever it reached the
squaring step (the parameters to \fBcallback\fR did not reveal how many

witnesses had been tested); since OpenSSL 0.9.5, \fBcallback(1, ...)\fR



is called as in \fIBN_is_prime\fR\|(3), i.e. once for each witness.


|
>

|
<
|
|
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
>
<
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
|
|
>
>
|
<

<
>
>
|
|

|
|
|
>
>
>
>
>
>
>
>
|

<
<
<
|
<
<
<
<
<
|
<
<
<
<
<
|
<
<
|
|
|
<
<
<
<
<
|
|
<
<
|
<
>
|
>
>
|
>
>
|
>
|
|

|
|
|
>
>
>
>
|
|
>
|
|
<
>
|
|
>
|
>
|
|
|
>
>
>
>
>
>
|
|
|
|
>
|
>
|
>
|
>
|
>
|

|
>
>
>
>
>
|
>
>
|
<
>
|
|
>
>
>
|
|

|
>

>
|
|
>
|
|
|
>
>
>
|
|

>
|
|

|
>

>
|
|
>
|
|
|
>
>
|
|
>
>
>
|
>
|
>
>
>
>
>
|
|
>
>
>
>
|
|
<
>
|
|
>
|
>
>
>
|
|
|
<
|
<
|
<
<
|
>
>
>
|
<
>
|
>
>

|
>
|
|
>
|
>
>
>
|
>
>
1
2
3
4

5
6

7
8
9


10
11



12
13
14





15
16
17





18


19
20
21
22
23
24


25
26
27
28
29
30
31
32

33

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51



52





53





54


55
56
57





58
59


60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

187
188
189
190
191
192
193
194
195
196
197

198

199


200
201
202
203
204

205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
.\"	$OpenBSD: DSA_generate_parameters.3,v 1.5 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 7 22:14:47 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,

.\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the





.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"

.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: December 10 2016 $





.Dt DSA_GENERATE_PARAMETERS 3





.Os


.Sh NAME
.Nm DSA_generate_parameters_ex ,
.Nm DSA_generate_parameters





.Nd generate DSA parameters
.Sh SYNOPSIS


.In openssl/dsa.h

.Ft int
.Fo DSA_generate_parameters_ex
.Fa "DSA *dsa"
.Fa "int bits"
.Fa "const unsigned char *seed"
.Fa "int seed_len"
.Fa "int *counter_ret"
.Fa "unsigned long *h_ret"
.Fa "BN_GENCB *cb"
.Fc
.Pp
Deprecated:
.Pp
.Ft DSA *
.Fo DSA_generate_parameters
.Fa "int bits"
.Fa "unsigned char *seed"
.Fa "int seed_len"
.Fa "int *counter_ret"
.Fa "unsigned long *h_ret"
.Fa "void (*callback)(int, int, void *)"
.Fa "void *cb_arg"
.Fc
.Sh DESCRIPTION

.Fn DSA_generate_parameters_ex
generates primes p and q and a generator g for use in the DSA and stores
the result in
.Fa dsa .
.Pp
.Fa bits
is the length of the prime to be generated; the DSS allows a maximum of
1024 bits.
.Pp
If
.Fa seed
is
.Dv NULL
or
.Fa seed_len
< 20, the primes will be generated at random.
Otherwise, the seed is used to generate them.
If the given seed does not yield a prime q, a new random seed is chosen
and placed at
.Fa seed .
.Pp
.Fn DSA_generate_parameters_ex
places the iteration count in
.Pf * Fa counter_ret
and a counter used for finding a generator in
.Pf * Fa h_ret ,
unless these are
.Dv NULL .
.Pp
A callback function may be used to provide feedback about the progress
of the key generation.
If
.Fa cb
is not
.Dv NULL ,
it will be called as shown below.
For information on the
.Vt BN_GENCB
structure, refer to
.Xr BN_GENCB_call 3 .

.Bl -bullet
.It
When a candidate for q is generated,
.Fn BN_GENCB_call cb 0 m++
is called
.Pf ( Fa m
is 0 for the first candidate).
.It
When a candidate for q has passed a test by trial division,
.Fn BN_GENCB_call cb 1 -1
is called.
While a candidate for q is tested by Miller-Rabin primality tests,
.Fn BN_GENCB_call cb 1 i
is called in the outer loop (once for each witness that confirms that
the candidate may be prime);
.Fa i
is the loop counter (starting at 0).
.It
When a prime q has been found,
.Fn BN_GENCB_call cb 2 0
and
.Fn BN_GENCB_call cb 3 0
are called.
.It
Before a candidate for p (other than the first) is generated and tested,
.Fn BN_GENCB_call cb 0 counter
is called.
.It
When a candidate for p has passed the test by trial division,
.Fn BN_GENCB_call cb 1 -1
is called.
While it is tested by the Miller-Rabin primality test,
.Fn BN_GENCB_call cb 1 i
is called in the outer loop (once for each witness that confirms that
the candidate may be prime).
.Fa i
is the loop counter (starting at 0).
.It
When p has been found,
.Fn BN_GENCB_call cb 2 1
is called.
.It
When the generator has been found,
.Fn BN_GENCB_call cb 3 1
is called.
.El
.Pp
.Fn DSA_generate_parameters
(deprecated) works in much the same way as for
.Fn DSA_generate_parameters_ex ,
except that no
.Fa dsa
parameter is passed and instead a newly allocated
.Vt DSA
structure is returned.
Additionally "old style" callbacks are used instead of the newer
.Vt BN_GENCB
based approach.
Refer to
.Xr BN_generate_prime 3
for further information.
.Sh RETURN VALUES

.Fn DSA_generate_parameters_ex
returns a 1 on success, or 0 otherwise.
.Pp
.Fn DSA_generate_parameters
returns a pointer to the
.Vt DSA
structure, or
.Dv NULL
if the parameter generation fails.
.Pp
The error codes can be obtained by

.Xr ERR_get_error 3 .

.Sh SEE ALSO


.Xr BN_generate_prime 3 ,
.Xr DSA_new 3 ,
.Xr ERR_get_error 3 ,
.Xr RAND_bytes 3
.Sh HISTORY

.Fn DSA_generate_parameters
appeared in SSLeay 0.8.
The
.Fa cb_arg
argument was added in SSLeay 0.9.0.
In versions up to OpenSSL 0.9.4,
.Fn callback 1 ...\&
was called in the inner loop of the Miller-Rabin test whenever it
reached the squaring step (the parameters to
.Fn callback
did not reveal how many witnesses had been tested); since OpenSSL 0.9.5,
.Fn callback 1 ...\&
is called as in
.Xr BN_is_prime 3 ,
i.e. once for each witness.
.Sh BUGS
Seed lengths > 20 are not supported.
Changes to jni/libressl/man/DSA_get_ex_new_index.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53





54






55
56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

87


88
89
90
91


92
93





94


95
96
97
98


99
100


101
102
103
104
105
106
107



108
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"





.\" Avoid warning from groff about undefined register 'F'.






.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
.TH DSA_get_ex_new_index 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application
specific data to DSA structures
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&

\& int DSA_get_ex_new_index(long argl, void *argp,


\&                CRYPTO_EX_new *new_func,
\&                CRYPTO_EX_dup *dup_func,
\&                CRYPTO_EX_free *free_func);
\&


\& int DSA_set_ex_data(DSA *d, int idx, void *arg);
\&





\& char *DSA_get_ex_data(DSA *d, int idx);


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions handle application specific data in \s-1DSA\s0


structures. Their usage is identical to that of
\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR


as described in \fIRSA_get_ex_new_index\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIRSA_get_ex_new_index\fR\|(3), \fIdsa\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_get_ex_new_index()\fR, \fIDSA_set_ex_data()\fR and \fIDSA_get_ex_data()\fR are



available since OpenSSL 0.9.5.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
|
>
>
>
>
>
>
<
|
|
<
<
<
<
<
>
|
<
<
<
<
<
|
<
<
<
|
|
<
<
<
<
<
|
|
|
<
<
|
<
>
|
>
>
|
|
|
<
>
>
|
<
>
>
>
>
>
|
>
>
|
|
<
|
>
>
|
|
>
>
|
|
|
|
|
<
|
>
>
>
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26

27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51





52
53





54



55
56





57
58
59


60

61
62
63
64
65
66
67

68
69
70

71
72
73
74
75
76
77
78
79
80

81
82
83
84
85
86
87
88
89
90
91
92

93
94
95
96
97
.\"	$OpenBSD: DSA_get_ex_new_index.3,v 1.4 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2009 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: December 10 2016 $





.Dt DSA_GET_EX_NEW_INDEX 3
.Os





.Sh NAME



.Nm DSA_get_ex_new_index ,
.Nm DSA_set_ex_data ,





.Nm DSA_get_ex_data
.Nd add application specific data to DSA structures
.Sh SYNOPSIS


.In openssl/dsa.h

.Ft int
.Fo DSA_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"

.Fc
.Ft int
.Fo DSA_set_ex_data

.Fa "DSA *d"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft char *
.Fo DSA_get_ex_data
.Fa "DSA *d"
.Fa "int idx"
.Fc
.Sh DESCRIPTION

These functions handle application specific data in
.Vt DSA
structures.
Their usage is identical to that of
.Xr RSA_get_ex_new_index 3 ,
.Xr RSA_set_ex_data 3 ,
and
.Xr RSA_get_ex_data 3 .
.Sh SEE ALSO
.Xr DSA_new 3 ,
.Xr RSA_get_ex_new_index 3
.Sh HISTORY

.Fn DSA_get_ex_new_index ,
.Fn DSA_set_ex_data ,
and
.Fn DSA_get_ex_data
are available since OpenSSL 0.9.5.
Changes to jni/libressl/man/DSA_new.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54


55






56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71


72
73

74
75
76


77
78

79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105





106
107








108


109



110
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-


.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX






..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================


.\"
.IX Title "DSA_new 3"

.TH DSA_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.


.if n .ad l
.nh

.SH "NAME"
DSA_new, DSA_free \- allocate and free DSA objects
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&
\& DSA* DSA_new(void);
\&
\& void DSA_free(DSA *dsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
calling DSA_new_method(\s-1NULL\s0).
.PP
\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
erased before the memory is returned to the system.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
code that can be obtained by
\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
to the newly allocated structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3),





\&\fIDSA_generate_parameters\fR\|(3),
\&\fIDSA_generate_key\fR\|(3)








.SH "HISTORY"


.IX Header "HISTORY"



\&\fIDSA_new()\fR and \fIDSA_free()\fR are available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
>
>
|
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
<
|
|
<
<
|
|
<
>
>
|
|
>
|
|
|
>
>
|
|
>
|
|
<
<
|
<
<
<
<
<
|
<
<
<
<
|
<
<
<
<
<
|
|
|
|
|
<
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
>
>
|
>
>
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30












31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

69
70


71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87


88





89




90





91
92
93
94
95

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
.\"	$OpenBSD: DSA_new.3,v 1.5 2016/12/11 09:57:57 jmc Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written












.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 11 2016 $
.Dt DSA_NEW 3
.Os
.Sh NAME
.Nm DSA_new ,
.Nm DSA_free
.Nd allocate and free DSA objects
.Sh SYNOPSIS
.In openssl/dsa.h
.Ft DSA*
.Fn DSA_new void
.Ft void
.Fo DSA_free
.Fa "DSA *dsa"
.Fc
.Sh DESCRIPTION
The DSA functions implement the Digital Signature Algorithm.
.Pp

.Fn DSA_new
allocates and initializes a


.Vt DSA
structure.

It is equivalent to calling
.Fn DSA_new_method NULL .
.Pp
.Fn DSA_free
frees the
.Vt DSA
structure and its components.
The values are erased before the memory is returned to the system.
If
.Fa dsa
is a
.Dv NULL
pointer, no action occurs.
.Sh RETURN VALUES
If the allocation fails,


.Fn DSA_new





returns




.Dv NULL





and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr BN_new 3 ,

.Xr d2i_DSAPublicKey 3 ,
.Xr DH_new 3 ,
.Xr DSA_do_sign 3 ,
.Xr DSA_dup_DH 3 ,
.Xr DSA_generate_key 3 ,
.Xr DSA_generate_parameters 3 ,
.Xr DSA_get_ex_new_index 3 ,
.Xr DSA_print 3 ,
.Xr DSA_set_method 3 ,
.Xr DSA_SIG_new 3 ,
.Xr DSA_sign 3 ,
.Xr DSA_size 3 ,
.Xr engine 3 ,
.Xr ERR_get_error 3 ,
.Xr RSA_new 3
.Sh STANDARDS
US Federal Information Processing Standard FIPS 186 (Digital Signature
Standard, DSS), ANSI X9.30
.Sh HISTORY
.Fn DSA_new
and
.Fn DSA_free
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/DSA_set_method.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48








49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

81
82
83
84
85
86
87
88
89

90
91



92
93



94
95


96
97


98
99

100
101


102
103
104


105

106
107
108


109
110



111

112
113
114
115
116


117
118
119










120

121

122



123


124

125
126

127
128

129



130




131




132
133



134


135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177


178
179
180

181



182

183

184



185

186
187
188

189
190
191
192
193
194
195
196
197
198
199
200
201
202
203



204
205
206
207

208
209
210
211
212
213


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"








.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_set_method 3"
.TH DSA_set_method 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DSA_set_default_method, DSA_get_default_method,

DSA_set_method, DSA_new_method, DSA_OpenSSL,
DSA_set_default_openssl_method, DSA_get_default_openssl_method
\&\- select DSA method
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/dsa.h>
\& #include <openssl/engine.h>
\&

\& void DSA_set_default_method(const DSA_METHOD *meth);
\&



\& const DSA_METHOD *DSA_get_default_method(void);
\&



\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
\&


\& DSA *DSA_new_method(ENGINE *engine);
\&


\& DSA_METHOD *DSA_OpenSSL(void);
.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"


A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for


important information about how these \s-1DSA API\s0 functions are affected by the use

of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,


as returned by \fIDSA_OpenSSL()\fR.
.PP



\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0

structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
been set as a default for \s-1DSA,\s0 so this function is no longer recommended.
.PP
\&\fIDSA_get_default_method()\fR returns a pointer to the current default
\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on


whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP










\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key

\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the

previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will



be released during the change. It is possible to have \s-1DSA\s0 keys that only


work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module

that supports embedded hardware-protected keys), and in such cases
attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected

results.
.PP

\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR



will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine




for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0




controlled by \fIDSA_set_default_method()\fR is used.
.SH "THE DSA_METHOD STRUCTURE"



.IX Header "THE DSA_METHOD STRUCTURE"


struct
 {
     /* name of the implementation */
        const char *name;
.PP
.Vb 3
\&     /* sign */
\&        DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
\&                                 DSA *dsa);
\&
\&     /* pre\-compute k^\-1 and r */
\&        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
\&                                 BIGNUM **rp);
\&
\&     /* verify */
\&        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
\&                                 DSA_SIG *sig, DSA *dsa);
\&
\&     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
\&                                          implementations) */
\&        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
\&                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
\&                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
\&
\&     /* compute r = a ^ p mod m (May be NULL for some implementations) */
\&        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
\&                                 const BIGNUM *p, const BIGNUM *m,
\&                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
\&
\&     /* called at DSA_new */
\&        int (*init)(DSA *DSA);
\&
\&     /* called at DSA_free */
\&        int (*finish)(DSA *DSA);
\&
\&        int flags;
\&
\&        char *app_data; /* ?? */
\&
\& } DSA_METHOD;
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"


\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective
\&\fB\s-1DSA_METHOD\s0\fRs.
.PP

\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set



as the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous

method was supplied by an \s-1ENGINE\s0).

.PP



\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be

obtained by \fIERR_get_error\fR\|(3) if the allocation
fails. Otherwise it returns a pointer to the newly allocated structure.
.SH "NOTES"

.IX Header "NOTES"
As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function,
that will override any \s-1DSA\s0 defaults set using the \s-1DSA API \s0(ie.
\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended
way to control default implementations for use in \s-1DSA\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIDSA_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR,
\&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4.



.PP
\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced
\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and
\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than

\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now
transparently overrides the behaviour of defaults in the \s-1DSA API\s0 without
requiring changing these function prototypes.


|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
|
|
|
|

|
|
|
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
|
>
|
|
|
|
<
<
|
|
<
>
|
<
>
>
>
|
<
>
>
>
|
<
>
>
|
<
>
>
|
<
>
|
<
>
>
|
|
|
>
>
|
>
|
|
|
>
>
|
|
>
>
>
|
>
|
<
|
<
<
>
>
|

|
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
>
>
|
>
>
|
>
|
|
>
|
|
>
|
>
>
>
|
>
>
>
>
|
>
>
>
>
|
|
>
>
>
|
>
>

|

|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
>
|
>
>
>
|
>
|
>
|
>
>
>
|
>
|
|
|
>
|
<
<
<
<
|
|
|
|
|
|
<
<
<
|
>
>
>
|
|
|
|
>
|
<
|
|
|
|
>
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27



28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53






54









55






56
57
58
59
60
61


62
63

64
65

66
67
68
69

70
71
72
73

74
75
76

77
78
79

80
81

82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

104


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227




228
229
230
231
232
233



234
235
236
237
238
239
240
241
242
243

244
245
246
247
248
249
.\"	$OpenBSD: DSA_set_method.3,v 1.6 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt DSA_SET_METHOD 3
.Os






.Sh NAME









.Nm DSA_set_default_method ,






.Nm DSA_get_default_method ,
.Nm DSA_set_method ,
.Nm DSA_new_method ,
.Nm DSA_OpenSSL
.Nd select DSA method
.Sh SYNOPSIS


.In openssl/dsa.h
.In openssl/engine.h

.Ft void
.Fo DSA_set_default_method

.Fa "const DSA_METHOD *meth"
.Fc
.Ft const DSA_METHOD *
.Fn DSA_get_default_method void

.Ft int
.Fo DSA_set_method
.Fa "DSA *dsa"
.Fa "const DSA_METHOD *meth"

.Fc
.Ft DSA *
.Fo DSA_new_method

.Fa "ENGINE *engine"
.Fc
.Ft DSA_METHOD *

.Fn DSA_OpenSSL void
.Sh DESCRIPTION

A
.Vt DSA_METHOD
specifies the functions that OpenSSL uses for DSA operations.
By modifying the method, alternative implementations such as hardware
accelerators may be used.
See the
.Sx CAVEATS
section for how these DSA API functions are affected by the use of
.Xr engine 3
API calls.
.Pp
Initially, the default
.Vt DSA_METHOD
is the OpenSSL internal implementation, as returned by
.Fn DSA_OpenSSL .
.Pp
.Fn DSA_set_default_method
makes
.Fa meth
the default method for all
.Vt DSA
structures created later.

.Sy Note :


this is true only whilst no
.Vt ENGINE
has been set as a default for DSA, so this function is no longer
recommended.
.Pp
.Fn DSA_get_default_method
returns a pointer to the current default
.Vt DSA_METHOD .
However, the meaningfulness of this result is dependent on whether the
.Xr engine 3
API is being used, so this function is no longer recommended.
.Pp
.Fn DSA_set_method
selects
.Fa meth
to perform all operations using the key
.Fa dsa .
This will replace the
.Vt DSA_METHOD
used by the DSA key and if the previous method was supplied by an
.Vt ENGINE ,
the handle to that
.Vt ENGINE
will be released during the change.
It is possible to have DSA keys that only work with certain
.Vt DSA_METHOD
implementations (e.g. from an
.Vt ENGINE
module that supports embedded hardware-protected keys),
and in such cases attempting to change the
.Vt DSA_METHOD
for the key can have unexpected results.
.Pp
.Fn DSA_new_method
allocates and initializes a
.Vt DSA
structure so that
.Fa engine
will be used for the DSA operations.
If
.Fa engine
is
.Dv NULL ,
the default engine for DSA operations is used and, if no
default
.Vt ENGINE
is set, the
.Vt DSA_METHOD
controlled by
.Fn DSA_set_default_method
is used.
.Pp
The
.Vt DSA_METHOD
structure is defined as follows:
.Bd -literal
struct
{
     /* name of the implementation */
	const char *name;


     /* sign */
	DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
                                 DSA *dsa);

     /* pre-compute k^-1 and r */
	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
                                 BIGNUM **rp);

     /* verify */
	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
                                 DSA_SIG *sig, DSA *dsa);

     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
                                          implementations) */
	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
                                 const BIGNUM *p, const BIGNUM *m,
                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);

     /* called at DSA_new */
        int (*init)(DSA *DSA);

     /* called at DSA_free */
        int (*finish)(DSA *DSA);

        int flags;

        char *app_data; /* ?? */

} DSA_METHOD;
.Ed
.Sh RETURN VALUES
.Fn DSA_OpenSSL
and
.Fn DSA_get_default_method
return pointers to the respective
.Vt DSA_METHOD Ns s .
.Pp
.Fn DSA_set_method
returns non-zero if the provided
.Fa meth
was successfully set as the method for
.Fa dsa
(including unloading the
.Vt ENGINE
handle if the previous method was supplied by an
.Vt ENGINE ) .
.Pp
.Fn DSA_new_method
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3
if the allocation fails.
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr DSA_new 3
.Sh HISTORY




.Fn DSA_set_default_method ,
.Fn DSA_get_default_method ,
.Fn DSA_set_method ,
.Fn DSA_new_method ,
and
.Fn DSA_OpenSSL



were added in OpenSSL 0.9.4.
.Sh CAVEATS
As of version 0.9.7, DSA_METHOD implementations are grouped together
with other algorithmic APIs (e.g. RSA_METHOD, EVP_CIPHER) in
.Vt ENGINE
modules.
If a default
.Vt ENGINE
is specified for DSA functionality using an
.Xr engine 3

API function, that will override any DSA defaults set using the DSA API
.Pq i.e. DSA_set_default_method .
For this reason, the
.Xr engine 3
API is the recommended way to control default implementations for
use in DSA and other cryptographic algorithms.
Changes to jni/libressl/man/DSA_sign.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18



19
20
21
22

23
24
25
26
27
28
29
30
31

32
33
34
35

36




37
38
39
40
41
42
43
44

45
46
47
48


49
50
51


52
53
54
55





56
57
58
59
60
61
62




63
64
65
66
67
68
69


70
71


72

73
74
75




76





77

78
79
80
81
82


83
84
85
86
87
88
89

90
91
92
93
94

95
96
97
98
99
100
101



102







103
104
105
106
107
108
109

110



111




112
113


114
115
116



117

118

119
120
121
122
123
124
125
126
127
128






129


130
131

132
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will



.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}

.el\{\




.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the


.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX





..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"




..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}


.rr rF
.\" ========================================================================


.\"

.IX Title "DSA_sign 3"
.TH DSA_sign 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes




.\" way too many mistakes in technical documents.





.if n .ad l

.nh
.SH "NAME"
DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"


.Vb 1
\& #include <openssl/dsa.h>
\&
\& int    DSA_sign(int type, const unsigned char *dgst, int len,
\&                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
\&
\& int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,

\&                BIGNUM **rp);
\&
\& int    DSA_verify(int type, const unsigned char *dgst, int len,
\&                unsigned char *sigbuf, int siglen, DSA *dsa);
.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0
encoding at \fBsigret\fR. The length of the signature is places in
*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory.
.PP



\&\fIDSA_sign_setup()\fR may be used to precompute part of the signing







operation in case signature generation is time-critical. It expects
\&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values
in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing
the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may
be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0
.PP

\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR



matches a given message digest \fBdgst\fR of size \fBlen\fR.




\&\fBdsa\fR is the signer's public key.
.PP


The \fBtype\fR parameter is ignored.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"



\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error.

\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect

signature and \-1 on error. The error codes can be obtained by
\&\fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
\&\fIDSA_do_sign\fR\|(3)






.SH "HISTORY"


.IX Header "HISTORY"
\&\fIDSA_sign()\fR and \fIDSA_verify()\fR are available in all versions of SSLeay.

\&\fIDSA_sign_setup()\fR was added in SSLeay 0.8.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
>
>
>
|
|
|
|
>
|
|
<
|
|
|
<
<
|
>
|
|
|
|
>
|
>
>
>
>
|
|
|
|
|
|
<

>
|
<
<
|
>
>
|
|
|
>
>
|
|
<
|
>
>
>
>
>
|
<
<
<
|
<
|
>
>
>
>
|
|
<
<
<
|
|
>
>
|
<
>
>
|
>
|
|
|
>
>
>
>
|
>
>
>
>
>
|
>
|
<
|
<
<
>
>
|
|
<
<
<
<
|
>
|
<
|
<
|
>
|
|
|
|
<
<
|
>
>
>
|
>
>
>
>
>
>
>
|
<
<
<
<
|
|
>
|
>
>
>
|
>
>
>
>
|
|
>
>
|
|
<
>
>
>
|
>
|
>
|
|
<
<
<
<
|
<
<
|
>
>
>
>
>
>
|
>
>
|
|
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21
22
23
24
25
26
27
28

29
30
31


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52


53
54
55
56
57
58
59
60
61
62

63
64
65
66
67
68
69



70

71
72
73
74
75
76
77



78
79
80
81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103


104
105
106
107




108
109
110

111

112
113
114
115
116
117


118
119
120
121
122
123
124
125
126
127
128
129
130




131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

149
150
151
152
153
154
155
156
157




158


159
160
161
162
163
164
165
166
167
168
169
170
171
172
.\"	$OpenBSD: DSA_sign.3,v 1.5 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: December 10 2016 $
.Dt DSA_SIGN 3


.Os
.Sh NAME
.Nm DSA_sign ,
.Nm DSA_sign_setup ,
.Nm DSA_verify
.Nd DSA signatures
.Sh SYNOPSIS
.In openssl/dsa.h
.Ft int
.Fo DSA_sign

.Fa "int type"
.Fa "const unsigned char *dgst"
.Fa "int len"
.Fa "unsigned char *sigret"
.Fa "unsigned int *siglen"
.Fa "DSA *dsa"
.Fc



.Ft int

.Fo DSA_sign_setup
.Fa "DSA *dsa"
.Fa "BN_CTX *ctx"
.Fa "BIGNUM **kinvp"
.Fa "BIGNUM **rp"
.Fc
.Ft int



.Fo DSA_verify
.Fa "int type"
.Fa "const unsigned char *dgst"
.Fa "int len"
.Fa "unsigned char *sigbuf"

.Fa "int siglen"
.Fa "DSA *dsa"
.Fc
.Sh DESCRIPTION
.Fn DSA_sign
computes a digital signature on the
.Fa len
byte message digest
.Fa dgst
using the private key
.Fa dsa
and places its ASN.1 DER encoding at
.Fa sigret .
The length of the signature is placed in
.Pf * Fa siglen .
.Fa sigret
must point to
.Fn DSA_size dsa
bytes of memory.
.Pp

.Fn DSA_sign_setup


may be used to precompute part of the signing operation in case
signature generation is time-critical.
It expects
.Fa dsa




to contain DSA parameters.
It places the precomputed values in newly allocated
.Vt BIGNUM Ns s

at

.Pf * Fa kinvp
and
.Pf * Fa rp ,
after freeing the old ones unless
.Fa kinvp
and


.Fa rp
are
.Dv NULL .
These values may be passed to
.Fn DSA_sign
in
.Fa dsa->kinv
and
.Sy dsa->r .
.Fa ctx
is a pre-allocated
.Vt BN_CTX
or




.Dv NULL .
.Pp
.Fn DSA_verify
verifies that the signature
.Fa sigbuf
of size
.Fa siglen
matches a given message digest
.Fa dgst
of size
.Fa len .
.Fa dsa
is the signer's public key.
.Pp
The
.Fa type
parameter is ignored.
.Sh RETURN VALUES

.Fn DSA_sign
and
.Fn DSA_sign_setup
return 1 on success or 0 on error.
.Fn DSA_verify
returns 1 for a valid signature, 0 for an incorrect signature,
and -1 on error.
The error codes can be obtained by
.Xr ERR_get_error 3 .




.Sh SEE ALSO


.Xr DSA_do_sign 3 ,
.Xr DSA_new 3 ,
.Xr ERR_get_error 3 ,
.Xr RAND_bytes 3
.Sh STANDARDS
US Federal Information Processing Standard FIPS 186 (Digital Signature
Standard, DSS), ANSI X9.30
.Sh HISTORY
.Fn DSA_sign
and
.Fn DSA_verify
are available in all versions of SSLeay.
.Fn DSA_sign_setup
was added in SSLeay 0.8.
Changes to jni/libressl/man/DSA_size.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91
92
93

94

95
96
97
98
99
100
101
102

103
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DSA_size 3"
.TH DSA_size 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DSA_size \- get DSA signature size
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dsa.h>
\&
\& int DSA_size(const DSA *dsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This function returns the size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature in

bytes. It can be used to determine how much memory must be allocated
for a \s-1DSA\s0 signature.
.PP

\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR.

.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
The size in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIDSA_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIDSA_size()\fR is available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
|
<
|
|
|
|
|
|
>
|
|
|
|
<
|
|
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
>
|
|
<
<
<
<
<
<
|
<
<
<
|
|
|
|
<
|
|
|
<
<
<
|
<
<
<
<
<
<
<
<
<
|
<
|
>
|
|
|
>
|
>
|
<

|
|
|
|
<
>
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16
17

18
19
20
21
22
23
24
25
26
27
28

29
30


31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53






54



55
56
57
58

59
60
61



62









63

64
65
66
67
68
69
70
71
72

73
74
75
76
77

78
79
.\"	$OpenBSD: DSA_size.3,v 1.4 2016/12/10 22:47:49 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 10 2016 $
.Dt DSA_SIZE 3
.Os






.Sh NAME



.Nm DSA_size
.Nd get DSA signature size
.Sh SYNOPSIS
.In openssl/dsa.h

.Ft int
.Fo DSA_size
.Fa "const DSA *dsa"



.Fc









.Sh DESCRIPTION

This function returns the size of an ASN.1 encoded DSA signature in
bytes.
It can be used to determine how much memory must be allocated for a DSA
signature.
.Pp
.Fa dsa->q
must not be
.Dv NULL .
.Sh RETURN VALUES

The size in bytes.
.Sh SEE ALSO
.Xr DSA_new 3 ,
.Xr DSA_sign 3
.Sh HISTORY

.Fn DSA_size
is available in all versions of SSLeay and OpenSSL.
Added jni/libressl/man/DTLSv1_listen.3.




















































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
.\"	$OpenBSD: DTLSv1_listen.3,v 1.2 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL 7795475f Dec 18 13:18:31 2015 -0500
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt DTLSV1_LISTEN 3
.Os
.Sh NAME
.Nm DTLSv1_listen
.Nd listen for incoming DTLS connections
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo DTLSv1_listen
.Fa "SSL *ssl"
.Fa "struct sockaddr *peer"
.Fc
.Sh DESCRIPTION
.Fn DTLSv1_listen
listens for new incoming DTLS connections.
If a ClientHello is received that does not contain a cookie, then
.Fn DTLSv1_listen
responds with a HelloVerifyRequest.
If a ClientHello is received with a cookie that is verified, then
control is returned to user code to enable the handshake to be
completed (for example by using
.Xr SSL_accept 3 ) .
.Pp
.Fn DTLSv1_listen
is currently implemented as a macro.
.Pp
Datagram based protocols can be susceptible to Denial of Service
attacks.
A DTLS attacker could, for example, submit a series of handshake
initiation requests that cause the server to allocate state (and
possibly perform cryptographic operations) thus consuming server
resources.
The attacker could also (with UDP) quite simply forge the source IP
address in such an attack.
.Pp
As a counter measure to that DTLS includes a stateless cookie mechanism.
The idea is that when a client attempts to connect to a server it sends
a ClientHello message.
The server responds with a HelloVerifyRequest which contains a unique
cookie.
The client then resends the ClientHello, but this time includes the
cookie in the message thus proving that the client is capable of
receiving messages sent to that address.
All of this can be done by the server without allocating any state, and
thus without consuming expensive resources.
.Pp
OpenSSL implements this capability via the
.Fn DTLSv1_listen
function.
The
.Fa ssl
parameter should be a newly allocated
.Vt SSL
object with its read and write BIOs set, in the same way as might
be done for a call to
.Xr SSL_accept 3 .
Typically the read BIO will be in an "unconnected" state and thus
capable of receiving messages from any peer.
.Pp
When a ClientHello is received that contains a cookie that has been
verified, then
.Fn DTLSv1_listen
will return with the
.Fa ssl
parameter updated into a state where the handshake can be continued by a
call to (for example)
.Xr SSL_accept 3 .
Additionally the
.Vt struct sockaddr
pointed to by
.Fa peer
will be filled in with details of the peer that sent the ClientHello.
It is the calling code's responsibility to ensure that the
.Fa peer
location is sufficiently large to accommodate the addressing scheme in use.
For example this might be done by allocating space for a
.Vt struct sockaddr_storage
and casting the pointer to it to a
.Vt struct sockaddr *
for the call to
.Fn DTLSv1_listen .
Typically user code is expected to "connect" the underlying socket
to the peer and continue the handshake in a connected state.
.Pp
Prior to calling
.Fn DTLSv1_listen
user code must ensure that cookie generation and verification callbacks
have been set up using
.Fn SSL_CTX_set_cookie_generate_cb
and
.Fn SSL_CTX_set_cookie_verify_cb
respectively.
.Pp
Since
.Fn DTLSv1_listen
operates entirely statelessly whilst processing incoming ClientHellos,
it is unable to process fragmented messages (since this would require
the allocation of state).
An implication of this is that
.Fn DTLSv1_listen
only supports ClientHellos that fit inside a single datagram.
.Sh RETURN VALUES
From OpenSSL 1.1.0 a return value of >= 1 indicates success.
In this instance the
.Fa peer
value will be filled in and the
.Fa ssl
object set up ready to continue the handshake.
.Pp
A return value of 0 indicates a non-fatal error.
This could (for example) be because of non-blocking IO, or some invalid
message having been received from a peer.
Errors may be placed on the OpenSSL error queue with further information
if appropriate.
Typically user code is expected to retry the call to
.Fn DTLSv1_listen
in the event of a non-fatal error.
Any old errors on the error queue will be cleared in the subsequent
call.
.Pp
A return value of <0 indicates a fatal error.
This could (for example) be because of a failure to allocate sufficient
memory for the operation.
.Pp
Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return
codes <= 0 (in typical implementations user code treats all errors as
non-fatal), whilst return codes >0 indicate success.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_get_error 3
.Sh HISTORY
.Fn DTLSv1_listen
was added in OpenSSL 0.9.8.
Changes to jni/libressl/man/ECDSA_SIG_new.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29



















































.Dd $Mdocdate: July 17 2014 $
.Dt ECDSA_SIG_NEW 3
.Os
.Sh NAME
.Nm ECDSA_SIG_new ,
.Nm ECDSA_SIG_free ,
.Nm i2d_ECDSA_SIG ,
.Nm d2i_ECDSA_SIG ,
.Nm ECDSA_size ,
.Nm ECDSA_sign_setup ,
.Nm ECDSA_sign ,
.Nm ECDSA_sign_ex ,
.Nm ECDSA_verify ,
.Nm ECDSA_do_sign ,
.Nm ECDSA_do_sign_ex ,
.Nm ECDSA_do_verify ,
.Nm ECDSA_OpenSSL ,
.Nm ECDSA_get_default_method ,
.Nm ECDSA_get_ex_data ,
.Nm ECDSA_get_ex_new_index ,
.Nm ECDSA_set_default_method ,
.Nm ECDSA_set_ex_data ,
.Nm ECDSA_set_method
.Nd Elliptic Curve Digital Signature Algorithm
.Sh SYNOPSIS
.In openssl/ecdsa.h
.Ft ECDSA_SIG*
.Fo ECDSA_SIG_new
.Fa void
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

















<
<

<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69


70

71
72
73
74
75
76
77
.\"	$OpenBSD: ECDSA_SIG_new.3,v 1.8 2017/01/06 20:35:23 schwarze Exp $
.\"	OpenSSL e6390aca Jul 21 10:06:03 2015 -0400
.\"
.\" This file was written by Nils Larsch <nils@openssl.org>.
.\" Copyright (c) 2004, 2005, 2012, 2013 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt ECDSA_SIG_NEW 3
.Os
.Sh NAME
.Nm ECDSA_SIG_new ,
.Nm ECDSA_SIG_free ,
.Nm i2d_ECDSA_SIG ,
.Nm d2i_ECDSA_SIG ,
.Nm ECDSA_size ,
.Nm ECDSA_sign_setup ,
.Nm ECDSA_sign ,
.Nm ECDSA_sign_ex ,
.Nm ECDSA_verify ,
.Nm ECDSA_do_sign ,
.Nm ECDSA_do_sign_ex ,
.Nm ECDSA_do_verify ,
.Nm ECDSA_OpenSSL ,
.Nm ECDSA_get_default_method ,


.Nm ECDSA_set_default_method ,

.Nm ECDSA_set_method
.Nd Elliptic Curve Digital Signature Algorithm
.Sh SYNOPSIS
.In openssl/ecdsa.h
.Ft ECDSA_SIG*
.Fo ECDSA_SIG_new
.Fa void
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
.Fc
.Ft ECDSA_SIG*
.Fo d2i_ECDSA_SIG
.Fa "ECDSA_SIG **sig"
.Fa "const unsigned char **pp"
.Fa "long len"
.Fc
.Ft ECDSA_SIG*
.Fo ECDSA_do_sign
.Fa "const unsigned char *dgst"
.Fa "int dgst_len"
.Fa "EC_KEY *eckey"
.Fc
.Ft ECDSA_SIG*
.Fo ECDSA_do_sign_ex
.Fa "const unsigned char *dgst"
.Fa "int dgstlen"
.Fa "const BIGNUM *kinv"
.Fa "const BIGNUM *rp"
.Fa "EC_KEY *eckey"
.Fc
.Ft int
.Fo ECDSA_do_verify
.Fa "const unsigned char *dgst"
.Fa "int dgst_len"
.Fa "const ECDSA_SIG *sig"
.Fa "EC_KEY* eckey"
.Fc
.Ft int
.Fo ECDSA_sign_setup
.Fa "EC_KEY *eckey"
.Fa "BN_CTX *ctx"
.Fa "BIGNUM **kinv"
.Fa "BIGNUM **rp"







<
<
<
<
<
<
<
<
<
<
<
<
<
<

|
<
<
|
<







87
88
89
90
91
92
93














94
95


96

97
98
99
100
101
102
103
.Fc
.Ft ECDSA_SIG*
.Fo d2i_ECDSA_SIG
.Fa "ECDSA_SIG **sig"
.Fa "const unsigned char **pp"
.Fa "long len"
.Fc














.Ft int
.Fo ECDSA_size


.Fa "const EC_KEY *eckey"

.Fc
.Ft int
.Fo ECDSA_sign_setup
.Fa "EC_KEY *eckey"
.Fa "BN_CTX *ctx"
.Fa "BIGNUM **kinv"
.Fa "BIGNUM **rp"
96
97
98
99
100
101
102














103
104


105

106
107
108
109
110




111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
.Fa "int type"
.Fa "const unsigned char *dgst"
.Fa "int dgstlen"
.Fa "const unsigned char *sig"
.Fa "int siglen"
.Fa "EC_KEY *eckey"
.Fc














.Ft int
.Fo ECDSA_size


.Fa "const EC_KEY *eckey"

.Fc
.Ft const ECDSA_METHOD*
.Fo ECDSA_OpenSSL
.Fa void
.Fc




.Ft void
.Fo ECDSA_set_default_method
.Fa "const ECDSA_METHOD *meth"
.Fc
.Ft const ECDSA_METHOD*
.Fo ECDSA_get_default_method
.Fa void
.Fc
.Ft int
.Fo ECDSA_set_method
.Fa "EC_KEY *eckey"
.Fa "const ECDSA_METHOD *meth"
.Fc
.Ft int
.Fo ECDSA_get_ex_new_index
.Fa "long argl"

.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc
.Ft int
.Fo ECDSA_set_ex_data

.Fa "EC_KEY *d"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft void*
.Fo ECDSA_get_ex_data
.Fa "EC_KEY *d"
.Fa "int idx"
.Fc
.Sh DESCRIPTION
The
.Vt ECDSA_SIG
structure consists of two
.Vt BIGNUM Ns s
for the
.Fa r
and







>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
>
>
|
>





>
>
>
>




<
<
<
<





|
|
|
>
|
<
|
<
<
|
<
>
|
|
<
<
<
<
|
<
|
<







127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166




167
168
169
170
171
172
173
174
175
176

177


178

179
180
181




182

183

184
185
186
187
188
189
190
.Fa "int type"
.Fa "const unsigned char *dgst"
.Fa "int dgstlen"
.Fa "const unsigned char *sig"
.Fa "int siglen"
.Fa "EC_KEY *eckey"
.Fc
.Ft ECDSA_SIG*
.Fo ECDSA_do_sign
.Fa "const unsigned char *dgst"
.Fa "int dgst_len"
.Fa "EC_KEY *eckey"
.Fc
.Ft ECDSA_SIG*
.Fo ECDSA_do_sign_ex
.Fa "const unsigned char *dgst"
.Fa "int dgstlen"
.Fa "const BIGNUM *kinv"
.Fa "const BIGNUM *rp"
.Fa "EC_KEY *eckey"
.Fc
.Ft int
.Fo ECDSA_do_verify
.Fa "const unsigned char *dgst"
.Fa "int dgst_len"
.Fa "const ECDSA_SIG *sig"
.Fa "EC_KEY* eckey"
.Fc
.Ft const ECDSA_METHOD*
.Fo ECDSA_OpenSSL
.Fa void
.Fc
.Ft const ECDSA_METHOD*
.Fo ECDSA_get_default_method
.Fa void
.Fc
.Ft void
.Fo ECDSA_set_default_method
.Fa "const ECDSA_METHOD *meth"
.Fc




.Ft int
.Fo ECDSA_set_method
.Fa "EC_KEY *eckey"
.Fa "const ECDSA_METHOD *meth"
.Fc
.Sh DESCRIPTION
These functions provide a low level interface to ECDSA.
Most applications should use the higher level EVP interface such as
.Xr EVP_DigestSignInit 3
or

.Xr EVP_DigestVerifyInit 3


instead.

Creation of the required
.Vt EC_KEY
objects is described in




.Xr EC_KEY_new 3 .

.Pp

The
.Vt ECDSA_SIG
structure consists of two
.Vt BIGNUM Ns s
for the
.Fa r
and
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
.Ed
.Pp
.Fn ECDSA_SIG_new
allocates a new
.Vt ECDSA_SIG
structure (note: this function also allocates the
.Vt BIGNUM Ns s )
and initialize it.
.Pp
.Fn ECDSA_SIG_free
frees the
.Vt ECDSA_SIG
structure
.Fa sig .
.Pp
.Fn i2d_ECDSA_SIG
creates the DER encoding of the ECDSA signature
.Fa sig
and writes the encoded signature to
.Fa *pp
(note: if
.Fa pp
is
.Dv NULL ,
.Fn i2d_ECDSA_SIG
returns the expected length in bytes of the DER encoded signature).
.Fn i2d_ECDSA_SIG
returns the length of the DER encoded signature (or 0 on error).
.Pp
.Fn d2i_ECDSA_SIG
decodes a DER encoded ECDSA signature and returns the decoded signature
in a newly allocated
.Vt ECDSA_SIG
structure.
.Fa *sig
points to the buffer containing the DER encoded signature of size
.Fa len .
.Pp
.Fn ECDSA_size
returns the maximum length of a DER encoded ECDSA signature created with
the private EC key
.Fa eckey .
.Pp
.Fn ECDSA_sign_setup
may be used to precompute parts of the signing operation.
.Fa eckey
is the private EC key and
.Fa ctx
is a pointer to a
.Vt BN_CTX
structure (or
.Dv NULL ) .
The precomputed values or returned in
.Fa kinv
and
.Fa rp
and can be used in a later call to
.Fa ECDSA_sign_ex
or
.Fa ECDSA_do_sign_ex .
.Pp
.Fn ECDSA_sign
is wrapper function for
.Fa ECDSA_sign_ex
with
.Fa kinv
and
.Fa rp
set to
.Dv NULL .
.Pp
.Fn ECDSA_sign_ex
computes a digital signature of the
.Fa dgstlen
bytes hash value
.Fa dgst
using the private EC key
.Fa eckey
and the optional pre-computed values
.Fa kinv
and
.Fa rp .
The DER encoded signatures is stored in
.Fa sig
and its length is returned in
.Fa siglen .
Note:
.Fa sig
must point to
.Fn ECDSA_size







|

















|

|


|




|



|












|









|



















|







198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
.Ed
.Pp
.Fn ECDSA_SIG_new
allocates a new
.Vt ECDSA_SIG
structure (note: this function also allocates the
.Vt BIGNUM Ns s )
and initializes it.
.Pp
.Fn ECDSA_SIG_free
frees the
.Vt ECDSA_SIG
structure
.Fa sig .
.Pp
.Fn i2d_ECDSA_SIG
creates the DER encoding of the ECDSA signature
.Fa sig
and writes the encoded signature to
.Fa *pp
(note: if
.Fa pp
is
.Dv NULL ,
.Fn i2d_ECDSA_SIG
returns the expected length in bytes of the DER-encoded signature).
.Fn i2d_ECDSA_SIG
returns the length of the DER-encoded signature (or 0 on error).
.Pp
.Fn d2i_ECDSA_SIG
decodes a DER-encoded ECDSA signature and returns the decoded signature
in a newly allocated
.Vt ECDSA_SIG
structure.
.Fa *sig
points to the buffer containing the DER-encoded signature of size
.Fa len .
.Pp
.Fn ECDSA_size
returns the maximum length of a DER-encoded ECDSA signature created with
the private EC key
.Fa eckey .
.Pp
.Fn ECDSA_sign_setup
may be used to precompute parts of the signing operation.
.Fa eckey
is the private EC key and
.Fa ctx
is a pointer to a
.Vt BN_CTX
structure (or
.Dv NULL ) .
The precomputed values are returned in
.Fa kinv
and
.Fa rp
and can be used in a later call to
.Fa ECDSA_sign_ex
or
.Fa ECDSA_do_sign_ex .
.Pp
.Fn ECDSA_sign
is a wrapper function for
.Fa ECDSA_sign_ex
with
.Fa kinv
and
.Fa rp
set to
.Dv NULL .
.Pp
.Fn ECDSA_sign_ex
computes a digital signature of the
.Fa dgstlen
bytes hash value
.Fa dgst
using the private EC key
.Fa eckey
and the optional pre-computed values
.Fa kinv
and
.Fa rp .
The DER-encoded signature is stored in
.Fa sig
and its length is returned in
.Fa siglen .
Note:
.Fa sig
must point to
.Fn ECDSA_size
262
263
264
265
266
267
268
269


270
271
272
273
274
275
276
using the public key
.Fa eckey .
The parameter
.Fa type
is ignored.
.Pp
.Fn ECDSA_do_sign
is wrapper function for ECDSA_do_sign_ex with


.Fa kinv
and
.Fa rp
set to
.Dv NULL .
.Pp
.Fn ECDSA_do_sign_ex







|
>
>







302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
using the public key
.Fa eckey .
The parameter
.Fa type
is ignored.
.Pp
.Fn ECDSA_do_sign
is a wrapper function for
.Fn ECDSA_do_sign_ex
with
.Fa kinv
and
.Fa rp
set to
.Dv NULL .
.Pp
.Fn ECDSA_do_sign_ex
299
300
301
302
303
304
305
306

307
308
309









310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
.Fa dgst_len
using the public key
.Fa eckey .
.Sh RETURN VALUES
.Fn ECDSA_size
returns the maximum length signature or 0 on error.
.Pp
.Fn ECDSA_sign_setup

and
.Fn ECDSA_sign
return 1 if successful or 0 on error.









.Pp
.Fn ECDSA_verify
and
.Fn ECDSA_do_verify
return 1 for a valid signature, 0 for an invalid signature and -1 on
error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh EXAMPLES
Creating a ECDSA signature of given SHA-1 hash value using the named
curve secp192k1.
.Pp
First step: Create an
.Vt EC_KEY
object.
This part is
.Em not
ECDSA specific.
.Bd -literal -offset indent
int ret;







|
>

|

>
>
>
>
>
>
>
>
>









|


|







341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
.Fa dgst_len
using the public key
.Fa eckey .
.Sh RETURN VALUES
.Fn ECDSA_size
returns the maximum length signature or 0 on error.
.Pp
.Fn ECDSA_sign ,
.Fn ECDSA_sign_ex ,
and
.Fn ECDSA_sign_setup
return 1 if successful or 0 on error.
.Pp
.Fn ECDSA_do_sign
and
.Fn ECDSA_do_sign_ex
return a pointer to an allocated
.Vt ECDSA_SIG
structure or
.Dv NULL
on error.
.Pp
.Fn ECDSA_verify
and
.Fn ECDSA_do_verify
return 1 for a valid signature, 0 for an invalid signature and -1 on
error.
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh EXAMPLES
Creating an ECDSA signature of given SHA-1 hash value using the named
curve secp192k1.
.Pp
First step: create an
.Vt EC_KEY
object.
This part is
.Em not
ECDSA specific.
.Bd -literal -offset indent
int ret;
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
buffer  = malloc(buf_len);
pp = buffer;
if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) {
	/* error */
}
.Ed
.Pp
Third step: Verify the created ECDSA signature using
.Fn ECDSA_do_verify
.Pp
.Dl ret = ECDSA_do_verify(digest, 20, sig, eckey);
.Pp
or using
.Fn ECDSA_verify
.Pp







|







410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
buffer  = malloc(buf_len);
pp = buffer;
if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) {
	/* error */
}
.Ed
.Pp
Third step: verify the created ECDSA signature using
.Fn ECDSA_do_verify
.Pp
.Dl ret = ECDSA_do_verify(digest, 20, sig, eckey);
.Pp
or using
.Fn ECDSA_verify
.Pp
380
381
382
383
384
385
386

387





388
389
390
391
392
393
394
395
396
	/* incorrect signature */
} else {
	/* ret == 1 */
	/* signature ok */
}
.Ed
.Sh SEE ALSO

.Xr dsa 3 ,





.Xr rsa 3
.Sh STANDARDS
ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
(Digital Signature Standard, DSS)
.Sh HISTORY
The ecdsa implementation was first introduced in OpenSSL 0.9.8.
.Sh AUTHORS
.An Nils Larsch
for the OpenSSL project.







>
|
>
>
>
>
>
|




|



432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
	/* incorrect signature */
} else {
	/* ret == 1 */
	/* signature ok */
}
.Ed
.Sh SEE ALSO
.Xr d2i_ECPKParameters 3 ,
.Xr DSA_new 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr ECDSA_set_ex_data 3 ,
.Xr EVP_DigestSignInit 3 ,
.Xr EVP_DigestVerifyInit 3 ,
.Xr RSA_new 3
.Sh STANDARDS
ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
(Digital Signature Standard, DSS)
.Sh HISTORY
The ECDSA implementation was first introduced in OpenSSL 0.9.8.
.Sh AUTHORS
.An Nils Larsch
for the OpenSSL project.
Changes to jni/libressl/man/EC_GFp_simple_method.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17


18
19
20
21
22

23
24
25
26
27
28
29
30
31


32



33
34
35
36
37
38
39
40
41
42
43
44


45
46
47





48
49
50
51
52
53
54
55
56
57
58
59
60
61
62




63
64
65
66
67
68
69
70

71




72

73




74
75
76

77
78
79
80
81
82
83
84
85

86


87


88






89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

115

116



117
118



119



120
121
122



123


124

125


126
127
128
129
130
131






.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..


.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""


.    ds R" ""



.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"


.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '





.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"




..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF

.\" ========================================================================




.\"

.IX Title "EC_GFp_simple_method 3"




.TH EC_GFp_simple_method 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l
.nh
.SH "NAME"
EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ec.h>
\&

\& const EC_METHOD *EC_GFp_simple_method(void);


\& const EC_METHOD *EC_GFp_mont_method(void);


\& const EC_METHOD *EC_GFp_nist_method(void);






\& const EC_METHOD *EC_GFp_nistp224_method(void);
\& const EC_METHOD *EC_GFp_nistp256_method(void);
\& const EC_METHOD *EC_GFp_nistp521_method(void);
\&
\& const EC_METHOD *EC_GF2m_simple_method(void);
\&
\& int EC_METHOD_get_field_type(const EC_METHOD *meth);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The Elliptic Curve library provides a number of different implementations through a single common interface.
When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an
implementation method must be provided. The functions described here all return a const pointer to an
\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation
type for the form of curve selected is used.
.PP
For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method.
.PP
For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All
other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the
use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method
offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through
EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)).
.PP
The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit
optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these

implementations are not available on all platforms.

.PP



EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either
F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is



F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the



obj_mac.h header file.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"



All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure.


.PP

EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports.


.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
\&\fId2i_ECPKParameters\fR\|(3),
\&\fIBN_mod_mul_montgomery\fR\|(3)






|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
>
>
|
|
|
|
|
>
|
|
<
|
|
|
|
|
|
>
>
|
>
>
>
|
|
|
|
|
|
|
|
|
<
<

>
>
|
|
|
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
<
<
|
|
<
|
|
>
|
>
>
>
>
|
>
|
>
>
>
>
|
<
<
>
|
|
|
|
<
<
|
<
<
>
|
>
>
|
>
>
|
>
>
>
>
>
>
|
|
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
>
|
>
|
>
>
>
|
|
>
>
>
|
>
>
>
|
|
|
>
>
>
|
>
>
|
>
|
>
>
|
<
<
<
<
|
>
>
>
>
>
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80


81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98


99
100
101
102
103


104


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120







121














122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154




155
156
157
158
159
160
161
.\"	$OpenBSD: EC_GFp_simple_method.3,v 1.6 2016/12/11 14:22:43 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.

.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: December 11 2016 $
.Dt EC_GFP_SIMPLE_METHOD 3
.Os
.Sh NAME
.Nm EC_GFp_simple_method ,
.Nm EC_GFp_mont_method ,
.Nm EC_GFp_nist_method ,
.Nm EC_GFp_nistp224_method ,
.Nm EC_GFp_nistp256_method ,
.Nm EC_GFp_nistp521_method ,
.Nm EC_GF2m_simple_method ,
.Nm EC_METHOD_get_field_type
.Nd obtain EC_METHOD objects
.Sh SYNOPSIS
.In openssl/ec.h
.Ft const EC_METHOD *
.Fn EC_GFp_simple_method void
.Ft const EC_METHOD *
.Fn EC_GFp_mont_method void
.Ft const EC_METHOD *
.Fn EC_GFp_nist_method void
.Ft const EC_METHOD *
.Fn EC_GFp_nistp224_method void
.Ft const EC_METHOD *
.Fn EC_GFp_nistp256_method void
.Ft const EC_METHOD *
.Fn EC_GFp_nistp521_method void
.Ft const EC_METHOD *
.Fn EC_GF2m_simple_method void
.Ft int


.Fo EC_METHOD_get_field_type
.Fa "const EC_METHOD *meth"

.Fc
.Sh DESCRIPTION
The elliptic curve library provides a number of different
implementations through a single common interface.
Each implementation is optimised for different scenarios.
An implementation is represented by an
.Vt EC_METHOD
structure.
.Pp
When constructing a curve using
.Xr EC_GROUP_new 3 ,
an implementation method must be provided.
The functions described here all return a const pointer to an
.Sy EC_METHOD
structure that can be passed to
.Xr EC_GROUP_new 3 .


It is important that the correct implementation type for the form
of curve selected is used.
.Pp
For F2^m curves there is only one implementation choice,
.Fn EC_GF2_simple_method .


.Pp


For Fp curves the lowest common denominator implementation is the
.Fn EC_GFp_simple_method
implementation.
All other implementations are based on this one.
.Fn EC_GFp_mont_method
adds the use of Montgomery multiplication (see
.Xr BN_mod_mul_montgomery 3 ) .
.Fn EC_GFp_nist_method
offers an implementation optimised for use with NIST recommended
curves.
NIST curves are available through
.Xr EC_GROUP_new_by_curve_name 3 .
.Pp
The functions
.Fn EC_GFp_nistp224_method ,
.Fn EC_GFp_nistp256_method ,







and














.Fn EC_GFp_nistp521_method
offer 64-bit optimised implementations for the NIST P224, P256 and
P521 curves respectively.
Note, however, that these implementations are not available on all
platforms.
.Pp
.Fn EC_METHOD_get_field_type
identifies what type of field the
.Vt EC_METHOD
structure supports, which will be either F2^m or Fp.
If the field type is Fp, then the value
.Dv NID_X9_62_prime_field
is returned.
If the field type is F2^m, then the value
.Dv NID_X9_62_characteristic_two_field
is returned.
These values are defined in the
.In openssl/obj_mac.h
header file.
.Sh RETURN VALUES
All
.Fn EC_GFp*
functions and
.Fn EC_GF2m_simple_method
always return a const pointer to an
.Vt EC_METHOD
structure.
.Pp
.Fn EC_METHOD_get_field_type
returns an integer that identifies the type of field the
.Vt EC_METHOD
structure supports.
.Sh SEE ALSO




.Xr BN_mod_mul_montgomery 3 ,
.Xr d2i_ECPKParameters 3 ,
.Xr EC_GROUP_copy 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr EC_POINT_add 3 ,
.Xr EC_POINT_new 3
Changes to jni/libressl/man/EC_GROUP_copy.3.
1

2


3
4


5
6
7


8



9
10




11
12




13


14
15
16




17
18
19
20
21
22
23
24
25







26
27


28
29
30
31






32
33
34
35

36
37
38
39
40












41

42
43

44
45
46



47



48
49
50
51
52
53

54



55



56





57
58
59
60




61
62




63
64
65
66
67




68



69




70
71



72

73
74
75
76
77



78
79
80
81

82
83
84



85
86
87
88
89




90
91



92
93
94








95
96
97


98
99
100
101
102
103

104




105
106

107

108









109
110

111
112

113
114

115
116

117
118


119

120



121
122

123






124






125
126
127
128
129
130
131
132
133
134
135
136
137

138

139



140




141

142

143

144




145
146
147

148





149
150
151
152



153
154
155
156













157
158
159
160
161
162
163
164
165
166
167
168
169

170
171



172

173
174


175

176
177

178


179
180
181


182


183
184




185

186



187

188

189


190











191
192
193
194
195
196
197

198
199
200





201
202




203

204









205
206
207
208
209
210
211
212
213



214




215



216

217
218
219






220





221
222

223
224


225

226


227




228


229

230


231




232

233
234

235



236
237

238

239
240







241
242
243


244

245
246

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================


.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp


..



.de Vb \" Begin verbatim text
.ft CW




.nf
.ne \\$1




..


.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'







.ie n \{\
.    ds -- \(*W-


.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""






.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}

.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''












.    ds C`

.    ds C'
'br\}

.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq



.el       .ds Aq '



.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.



.de IX



..





.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{




.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"




..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}




.    \}



.\}




.rr rF
.\" ========================================================================



.\"

.IX Title "EC_GROUP_copy 3"
.TH EC_GROUP_copy 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l



.nh
.SH "NAME"
EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \- Functions for manipulating EC_GROUP objects.
.SH "SYNOPSIS"

.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/ec.h>



\& #include <openssl/bn.h>
\&
\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
\&




\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
\&



\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
\&








\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
\&


\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
\& int EC_GROUP_get_curve_name(const EC_GROUP *group);
\&
\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
\&

\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);




\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
\&

\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);

\& size_t EC_GROUP_get_seed_len(const EC_GROUP *);









\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
\&

\& int EC_GROUP_get_degree(const EC_GROUP *group);
\&

\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
\&

\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
\&

\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
\&


\& int EC_GROUP_get_basis_type(const EC_GROUP *);

\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);



\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
\&        unsigned int *k2, unsigned int *k3);

.Ve






.SH "DESCRIPTION"






.IX Header "DESCRIPTION"
EC_GROUP_copy copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0
.PP
EC_GROUP_dup creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created
\&\s-1EC_GROUP\s0 object.
.PP
EC_GROUP_method_of obtains the \s-1EC_METHOD\s0 of \fBgroup\fR.
.PP
EC_GROUP_set_generator sets curve paramaters that must be agreed by all participants using the curve. These
paramaters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the
curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and
n\-1 where n is the \fBorder\fR. The \fBorder\fR multipied by the \fBcofactor\fR gives the number of points on the curve.
.PP

EC_GROUP_get0_generator returns the generator for the identified \fBgroup\fR.

.PP



The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided \fBorder\fR and \fBcofactor\fR parameters




with the respective order and cofactors for the \fBgroup\fR.

.PP

The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively

(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name




will return 0.
.PP
The asn1_flag value on a curve is used to determine whether there is a specific \s-1ASN1 OID\s0 to describe the curve or not.

If the asn1_flag is 1 then this is a named curve with an associated \s-1ASN1 OID.\s0 If not then asn1_flag is 0. The functions





EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. If set then
the curve_name must also be set.
.PP
The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0).



point_conversion_form_t is an enum defined as follows:
.PP
.Vb 10
\& typedef enum {













\&        /** the point is encoded as z||x, where the octet z specifies 
\&         *   which solution of the quadratic equation y is  */
\&        POINT_CONVERSION_COMPRESSED = 2,
\&        /** the point is encoded as z||x||y, where z is the octet 0x02  */
\&        POINT_CONVERSION_UNCOMPRESSED = 4,
\&        /** the point is encoded as z||x||y, where the octet z specifies
\&         *  which solution of the quadratic equation y is  */
\&        POINT_CONVERSION_HYBRID = 6
\& } point_conversion_form_t;
.Ve
.PP
For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by
the octets for x, followed by the octets for y.

.PP
For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For



\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of

the two possible solutions for y has been used, followed by the octets for x.
.PP


For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two

possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
.PP

The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form


for the curve respectively.
.PP
\&\s-1ANSI X9.62 \s0(\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages


in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it.


If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library
does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block




containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the

builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using



EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use

this seed value, although it will be preserved in any \s-1ASN1\s0 based communications.

.PP


EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p.  For F2^m fields this will be











the value m.
.PP
The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid.
For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is
simply b. In either case for the curve to be valid the discriminant must be non zero.
.PP
The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include

verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has
the correct order.
.PP





EC_GROUP_cmp compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not.
.PP




The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves

defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial









function f(x). This function is either a trinomial of the form:
.PP
f(x) = x^m + x^k + 1 with m > k >= 1
.PP
or a pentanomial of the form:
.PP
f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
.PP
The function EC_GROUP_get_basis_type returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The



function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly




the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR,



\&\fBk2\fR and \fBk3\fR respectively.

.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check,






EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis.





.PP
EC_GROUP_dup returns a pointer to the duplicated curve, or \s-1NULL\s0 on error.

.PP
EC_GROUP_method_of returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error.


.PP

EC_GROUP_get0_generator returns the generator for the given curve or \s-1NULL\s0 on error.


.PP




EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form


and EC_GROUP_get_degree return the order, cofactor, curve name (\s-1NID\s0), \s-1ASN1\s0 flag, point_conversion_form and degree for the

specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0.


.PP




EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not

specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified.
.PP

EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is



0, the return value will be 1. On error 0 is returned.
.PP

EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error.

.PP
EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a







trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.
.SH "SEE ALSO"
.IX Header "SEE ALSO"


\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3),

\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)

|
>

>
>
|
<
>
>
|
<
|
>
>
|
>
>
>
|
|
>
>
>
>
|
<
>
>
>
>
|
>
>
|
<
|
>
>
>
>
|
<
<
<
|
|
|
|
|
>
>
>
>
>
>
>
|
<
>
>
|
<
<
|
>
>
>
>
>
>
|
|
|
<
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
<
>
|
<
<
>
>
>
|
>
>
>
|
<
<
<
<
|
>
|
>
>
>
|
>
>
>
|
>
>
>
>
>
|
<
<
|
>
>
>
>
|
<
>
>
>
>
|
|
|
|
|
>
>
>
>
|
>
>
>
|
>
>
>
>
|
<
>
>
>
|
>
|
|
<
<
|
>
>
>
|
|
|
|
>
|
|
|
>
>
>
|
<
|
|
<
>
>
>
>
|
<
>
>
>
|
|
<
>
>
>
>
>
>
>
>
|
|
<
>
>
|
|
<
<
|
<
>
|
>
>
>
>
|
<
>
|
>
|
>
>
>
>
>
>
>
>
>
|
<
>
|
<
>
|
<
>
|
<
>
|
<
>
>
|
>
|
>
>
>
|
<
>
|
>
>
>
>
>
>
|
>
>
>
>
>
>
|
<
<
<
<
<
<
<
|
|
<
|
|
>
|
>
|
>
>
>
|
>
>
>
>
|
>
|
>
|
>
|
>
>
>
>

|
|
>
|
>
>
>
>
>
|
|
|
|
>
>
>
|
|
<
|
>
>
>
>
>
>
>
>
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
|
|
>
|
|
>
>
>
|
>
|
|
>
>
|
>
|
|
>
|
>
>
|
|
|
>
>
|
>
>
|
|
>
>
>
>
|
>
|
>
>
>
|
>
|
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
<
|
<
<
<
|
>
|
|
|
>
>
>
>
>
|
|
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
|
|
<
<
<
<
<
<
|
>
>
>
|
>
>
>
>
|
>
>
>
|
>
|
<
|
>
>
>
>
>
>
|
>
>
>
>
>
|
|
>
|
|
>
>
|
>
|
>
>
|
>
>
>
>
|
>
>
|
>
|
>
>
|
>
>
>
>
|
>
|
|
>
|
>
>
>
|
|
>
|
>
|
|
>
>
>
>
>
>
>
|
|
<
>
>
|
>
|
<
>
1
2
3
4
5
6

7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23

24
25
26
27
28
29
30
31

32
33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53


54
55
56
57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

85
86


87
88
89
90
91
92
93
94




95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111


112
113
114
115
116
117

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147


148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

164
165

166
167
168
169
170

171
172
173
174
175

176
177
178
179
180
181
182
183
184
185

186
187
188
189


190

191
192
193
194
195
196
197

198
199
200
201
202
203
204
205
206
207
208
209
210
211

212
213

214
215

216
217

218
219

220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244







245
246

247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290

291
292
293
294
295
296
297
298
299
300
301
302
303
304











305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366

367



368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397






398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413

414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481

482
483
484
485
486

487
.\"	$OpenBSD: EC_GROUP_copy.3,v 1.7 2016/12/11 14:22:43 schwarze Exp $
.\"	OpenSSL aafbe1cc Jun 12 23:42:08 2013 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2013, 2015 The OpenSSL Project.  All rights reserved.
.\"

.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"

.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 11 2016 $
.Dt EC_GROUP_COPY 3
.Os


.Sh NAME
.Nm EC_GROUP_copy ,
.Nm EC_GROUP_dup ,
.Nm EC_GROUP_method_of ,
.Nm EC_GROUP_set_generator ,
.Nm EC_GROUP_get0_generator ,
.Nm EC_GROUP_get_order ,
.Nm EC_GROUP_get_cofactor ,
.Nm EC_GROUP_set_curve_name ,
.Nm EC_GROUP_get_curve_name ,

.Nm EC_GROUP_set_asn1_flag ,
.Nm EC_GROUP_get_asn1_flag ,
.Nm EC_GROUP_set_point_conversion_form ,
.Nm EC_GROUP_get_point_conversion_form ,
.Nm EC_GROUP_get0_seed ,
.Nm EC_GROUP_get_seed_len ,
.Nm EC_GROUP_set_seed ,
.Nm EC_GROUP_get_degree ,
.Nm EC_GROUP_check ,
.Nm EC_GROUP_check_discriminant ,
.Nm EC_GROUP_cmp ,
.Nm EC_GROUP_get_basis_type ,
.Nm EC_GROUP_get_trinomial_basis ,
.Nm EC_GROUP_get_pentanomial_basis
.Nd manipulate EC_GROUP objects
.Sh SYNOPSIS
.In openssl/ec.h
.In openssl/bn.h
.Ft int
.Fo EC_GROUP_copy
.Fa "EC_GROUP *dst"

.Fa "const EC_GROUP *src"
.Fc


.Ft EC_GROUP *
.Fo EC_GROUP_dup
.Fa "const EC_GROUP *src"
.Fc
.Ft const EC_METHOD *
.Fo EC_GROUP_method_of
.Fa "const EC_GROUP *group"
.Fc




.Ft int
.Fo EC_GROUP_set_generator
.Fa "EC_GROUP *group"
.Fa "const EC_POINT *generator"
.Fa "const BIGNUM *order"
.Fa "const BIGNUM *cofactor"
.Fc
.Ft const EC_POINT *
.Fo EC_GROUP_get0_generator
.Fa "const EC_GROUP *group"
.Fc
.Ft int
.Fo EC_GROUP_get_order
.Fa "const EC_GROUP *group"
.Fa "BIGNUM *order"
.Fa "BN_CTX *ctx"
.Fc


.Ft int
.Fo EC_GROUP_get_cofactor
.Fa "const EC_GROUP *group"
.Fa "BIGNUM *cofactor"
.Fa "BN_CTX *ctx"
.Fc

.Ft void
.Fo EC_GROUP_set_curve_name
.Fa "EC_GROUP *group"
.Fa "int nid"
.Fc
.Ft int
.Fo EC_GROUP_get_curve_name
.Fa "const EC_GROUP *group"
.Fc
.Ft void
.Fo EC_GROUP_set_asn1_flag
.Fa "EC_GROUP *group"
.Fa "int flag"
.Fc
.Ft int
.Fo EC_GROUP_get_asn1_flag
.Fa "const EC_GROUP *group"
.Fc
.Ft void
.Fo EC_GROUP_set_point_conversion_form
.Fa "EC_GROUP *group"
.Fa "point_conversion_form_t form"
.Fc

.Ft point_conversion_form_t
.Fo EC_GROUP_get_point_conversion_form
.Fa "const EC_GROUP *"
.Fc
.Ft unsigned char *
.Fo EC_GROUP_get0_seed
.Fa "const EC_GROUP *x"


.Fc
.Ft size_t
.Fo EC_GROUP_get_seed_len
.Fa "const EC_GROUP *"
.Fc
.Ft size_t
.Fo EC_GROUP_set_seed
.Fa "EC_GROUP *"
.Fa "const unsigned char *"
.Fa "size_t len"
.Fc
.Ft int
.Fo EC_GROUP_get_degree
.Fa "const EC_GROUP *group"
.Fc
.Ft int

.Fo EC_GROUP_check
.Fa "const EC_GROUP *group"

.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_GROUP_check_discriminant
.Fa "const EC_GROUP *group"

.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_GROUP_cmp
.Fa "const EC_GROUP *a"

.Fa "const EC_GROUP *b"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_GROUP_get_basis_type
.Fa "const EC_GROUP *"
.Fc
.Ft int
.Fo EC_GROUP_get_trinomial_basis
.Fa "const EC_GROUP *"

.Fa "unsigned int *k"
.Fc
.Ft int
.Fo EC_GROUP_get_pentanomial_basis


.Fa "const EC_GROUP *"

.Fa "unsigned int *k1"
.Fa "unsigned int *k2"
.Fa "unsigned int *k3"
.Fc
.Sh DESCRIPTION
These functions operate on
.Vt EC_GROUP

objects created by the functions described in
.Xr EC_GROUP_new 3 .
.Pp
.Fn EC_GROUP_copy
copies the curve
.Fa src
into
.Fa dst .
Both
.Fa src
and
.Fa dst
must use the same
.Vt EC_METHOD .

.Pp
.Fn EC_GROUP_dup

creates a new
.Vt EC_GROUP

object and copies the content from
.Fa src

to the newly created
.Vt EC_GROUP

object.
.Pp
.Fn EC_GROUP_method_of
obtains the
.Vt EC_METHOD
of
.Fa group .
.Pp
.Fn EC_GROUP_set_generator

sets curve parameters that must be agreed by all participants using
the curve.
These parameters include the
.Fa generator ,
the
.Fa order
and the
.Fa cofactor .
The
.Fa generator
is a well defined point on the curve chosen for cryptographic
operations.
Integers used for point multiplications will be between 0 and
.Fa order No - 1 .
The
.Fa order







multiplied by the
.Fa cofactor

gives the number of points on the curve.
.Pp
.Fn EC_GROUP_get0_generator
returns the generator for the identified
.Fa group .
.Pp
The functions
.Fn EC_GROUP_get_order
and
.Fn EC_GROUP_get_cofactor
populate the provided
.Fa order
and
.Fa cofactor
parameters with the respective order and cofactors for the
.Fa group .
.Pp
The functions
.Fn EC_GROUP_set_curve_name
and
.Fn EC_GROUP_get_curve_name
set and get the NID for the curve, respectively (see
.Xr EC_GROUP_new 3 ) .
If a curve does not have a NID associated with it, then
.Fn EC_GROUP_get_curve_name
will return 0.
.Pp
The asn1_flag value on a curve is used to determine whether there is a
specific ASN.1 OID to describe the curve or not.
If the asn1_flag is 1 then this is a named curve with an associated ASN.1 OID.
If not then asn1_flag is 0.
The functions
.Fn EC_GROUP_get_asn1_flag
and
.Fn EC_GROUP_set_asn1_flag
get and set the status of the asn1_flag for the curve.
If set, then the curve_name must also be set.
.Pp
The point_conversion_form for a curve controls how
.Vt EC_POINT
data is encoded as ASN.1 as defined in X9.62 (ECDSA).
.Vt point_conversion_form_t
is an enum defined as follows:
.Bd -literal

typedef enum {
	/** the point is encoded as z||x, where the octet z specifies
	 *   which solution of the quadratic equation y is  */
	POINT_CONVERSION_COMPRESSED = 2,
	/** the point is encoded as z||x||y, where z is the octet 0x02  */
	POINT_CONVERSION_UNCOMPRESSED = 4,
	/** the point is encoded as z||x||y, where the octet z specifies
         *  which solution of the quadratic equation y is  */
	POINT_CONVERSION_HYBRID = 6
} point_conversion_form_t;
.Ed
.Pp
For
.Dv POINT_CONVERSION_UNCOMPRESSED











the point is encoded as an octet signifying the UNCOMPRESSED form
has been used followed by the octets for x, followed by the octets
for y.
.Pp
For any given x coordinate for a point on a curve it is possible to
derive two possible y values.
For
.Dv POINT_CONVERSION_COMPRESSED
the point is encoded as an octet signifying that the COMPRESSED
form has been used AND which of the two possible solutions for y
has been used, followed by the octets for x.
.Pp
For
.Dv POINT_CONVERSION_HYBRID
the point is encoded as an octet signifying the HYBRID form has
been used AND which of the two possible solutions for y has been
used, followed by the octets for x, followed by the octets for y.
.Pp
The functions
.Fn EC_GROUP_set_point_conversion_form
and
.Fn EC_GROUP_get_point_conversion_form
set and get the point_conversion_form for the curve, respectively.
.Pp
ANSI X9.62 (ECDSA standard) defines a method of generating the curve
parameter b from a random number.
This provides advantages in that a parameter obtained in this way is
highly unlikely to be susceptible to special purpose attacks, or have
any trapdoors in it.
If the seed is present for a curve then the b parameter was generated in
a verifiable fashion using that seed.
The OpenSSL EC library does not use this seed value but does enable you
to inspect it using
.Fn EC_GROUP_get0_seed .
This returns a pointer to a memory block containing the seed that was
used.
The length of the memory block can be obtained using
.Fn EC_GROUP_get_seed_len .
A number of the builtin curves within the library provide seed values
that can be obtained.
It is also possible to set a custom seed using
.Fn EC_GROUP_set_seed
and passing a pointer to a memory block, along with the length of
the seed.
Again, the EC library will not use this seed value, although it will be
preserved in any ASN.1 based communications.
.Pp
.Fn EC_GROUP_get_degree
gets the degree of the field.
For Fp fields this will be the number of bits in p.
For F2^m fields this will be the value m.
.Pp
The function
.Fn EC_GROUP_check_discriminant
calculates the discriminant for the curve and verifies that it is
valid.
For a curve defined over Fp the discriminant is given by the formula
4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b.
In either case for the curve to be valid the discriminant must be
non-zero.
.Pp
The function

.Fn EC_GROUP_check



performs a number of checks on a curve to verify that it is valid.
Checks performed include verifying that the discriminant is non-zero;
that a generator has been defined; that the generator is on the curve
and has the correct order.
.Pp
.Fn EC_GROUP_cmp
compares
.Fa a
and
.Fa b
to determine whether they represent the same curve or not.
.Pp
The functions
.Fn EC_GROUP_get_basis_type ,
.Fn EC_GROUP_get_trinomial_basis ,
and
.Fn EC_GROUP_get_pentanomial_basis
should only be called for curves defined over an F2^m field.
Addition and multiplication operations within an F2^m field are
performed using an irreducible polynomial function f(x).
This function is either a trinomial of the form:
.Pp
.Dl f(x) = x^m + x^k + 1 with m > k >= 1
.Pp
or a pentanomial of the form:
.Pp
.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
.Pp
The function
.Fn EC_GROUP_get_basis_type






returns a NID identifying whether a trinomial or pentanomial is in
use for the field.
The function
.Fn EC_GROUP_get_trinomial_basis
must only be called where f(x) is of the trinomial form, and returns
the value of
.Fa k .
Similarly, the function
.Fn EC_GROUP_get_pentanomial_basis
must only be called where f(x) is of the pentanomial form, and
returns the values of
.Fa k1 ,
.Fa k2 ,
and
.Fa k3 .
.Sh RETURN VALUES

The following functions return 1 on success or 0 on error:
.Fn EC_GROUP_copy ,
.Fn EC_GROUP_set_generator ,
.Fn EC_GROUP_check ,
.Fn EC_GROUP_check_discriminant ,
.Fn EC_GROUP_get_trinomial_basis ,
and
.Fn EC_GROUP_get_pentanomial_basis .
.Pp
.Fn EC_GROUP_dup
returns a pointer to the duplicated curve or
.Dv NULL
on error.
.Pp
.Fn EC_GROUP_method_of
returns the
.Vt EC_METHOD
implementation in use for the given curve or
.Dv NULL
on error.
.Pp
.Fn EC_GROUP_get0_generator
returns the generator for the given curve or
.Dv NULL
on error.
.Pp
.Fn EC_GROUP_get_order ,
.Fn EC_GROUP_get_cofactor ,
.Fn EC_GROUP_get_curve_name ,
.Fn EC_GROUP_get_asn1_flag ,
.Fn EC_GROUP_get_point_conversion_form ,
and
.Fn EC_GROUP_get_degree
return the order, cofactor, curve name (NID), ASN.1 flag,
point_conversion_form and degree for the specified curve, respectively.
If there is no curve name associated with a curve then
.Fn EC_GROUP_get_curve_name
returns 0.
.Pp
.Fn EC_GROUP_get0_seed
returns a pointer to the seed that was used to generate the parameter
b, or
.Dv NULL
if the seed is not specified.
.Fn EC_GROUP_get_seed_len
returns the length of the seed or 0 if the seed is not specified.
.Pp
.Fn EC_GROUP_set_seed
returns the length of the seed that has been set.
If the supplied seed is
.Dv NULL
or the supplied seed length is 0, the return value will be 1.
On error 0 is returned.
.Pp
.Fn EC_GROUP_cmp
returns 0 if the curves are equal, 1 if they are not equal,
or -1 on error.
.Pp
.Fn EC_GROUP_get_basis_type
returns the values
.Dv NID_X9_62_tpBasis
or
.Dv NID_X9_62_ppBasis
as defined in
.In openssl/obj_mac.h
for a trinomial or pentanomial, respectively.
Alternatively in the event of an error a 0 is returned.
.Sh SEE ALSO

.Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr EC_POINT_add 3 ,

.Xr EC_POINT_new 3
Changes to jni/libressl/man/EC_GROUP_new.3.
1

2
3
4
5
6
7
8


9
10


11




12




13



14
15



16




17
18
19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35


36
37
38
39
















40
41


42
43
44
45
46
47
48

49
50
51
52

53
54






55



56







57
58
59
60






61
62
63
64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80



81

82

83



84









85
86







87


88


89
90
91
92



93
94

95
96

97
98
99
100
101
102
103
104
105
106
107


108







109
110


111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

128
129




130




131
132
133


134




135





136





137
138








139



140
141
142
143
144
145
146
147
148




149
150
151



152
153



154





155

156







157
158


159


160

161
162





163
164
165


166

167
168


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R



.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and

.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}


.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
















.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.

.\"
.\" Avoid warning from groff about undefined register 'F'.






.de IX



..







.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{






.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EC_GROUP_new 3"
.TH EC_GROUP_new 3 "2017-01-09" "LibreSSL " "LibreSSL"

.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects.



.SH "SYNOPSIS"

.IX Header "SYNOPSIS"

.Vb 2



\& #include <openssl/ec.h>









\& #include <openssl/bn.h>
\&







\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);


\& void EC_GROUP_free(EC_GROUP *group);


\& void EC_GROUP_clear_free(EC_GROUP *group);
\&
\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);



\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
\&

\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);

\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\&
\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the
prime field Fp. The elements of Fp are the integers 0 to p\-1, where p is a prime number. This gives us a revised
elliptic curve equation as follows:
.PP


y^2 mod p = x^3 +ax + b mod p







.PP
The second form is those defined over a binary field F2^m where the elements of the field are integers of length at


most m bits. For this form the elliptic curve equation is modified to:
.PP
y^2 + xy = x^3 + ax^2 + b (where b != 0)
.PP
Operations in a binary field are performed relative to an \fBirreducible polynomial\fR. All such curves with OpenSSL
use a trinomial or a pentanomial for this parameter.
.PP
A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see
\&\fIEC_GFp_simple_method\fR\|(3)). It is then necessary to call either EC_GROUP_set_curve_GFp or
EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively.
.PP
EC_GROUP_set_curve_GFp sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR for a curve over Fp stored in \fBgroup\fR.
EC_group_get_curve_GFp obtains the previously set curve parameters.
.PP
EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case \fBp\fR represents
the irreducible polynomial \- each bit represents a term in the polynomial. Therefore there will either be three
or five bits set dependent on whether the polynomial is a trinomial or a pentanomial.

EC_group_get_curve_GF2m obtains the previously set curve parameters.
.PP




The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the




appropriate EC_group_set_curve function. An appropriate default implementation method will be used.
.PP
Whilst the library can be used to create any curve using the functions described above, there are also a number of


predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function




EC_get_builtin_curves. The parameter \fBr\fR should be an array of EC_builtin_curve structures of size \fBnitems\fR. The function





will populate the \fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than the total number of





curves available, then the first \fBnitems\fR curves will be returned. Otherwise the total number of curves will be
provided. The return value is the total number of curves available (whether that number has been populated in \fBr\fR or








not). Passing a \s-1NULL \s0\fBr\fR, or setting \fBnitems\fR to 0 will do nothing other than return the total number of curves available.



The EC_builtin_curve structure is defined as follows:
.PP
.Vb 4
\& typedef struct { 
\&        int nid;
\&        const char *comment;
\&        } EC_builtin_curve;
.Ve
.PP




Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human readable comment string describing the curve.
.PP
In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the \fBnid\fR of the curve to



be constructed.
.PP



EC_GROUP_free frees the memory associated with the \s-1EC_GROUP.\s0





.PP

EC_GROUP_clear_free destroys any sensitive data held within the \s-1EC_GROUP\s0 and then frees its memory.







.SH "RETURN VALUES"
.IX Header "RETURN VALUES"


All EC_GROUP_new* functions return a pointer to the newly constructed group, or \s-1NULL\s0 on error.


.PP

EC_get_builtin_curves returns the number of builtin curves that are available.
.PP





EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"


\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_copy\fR\|(3),

\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)


|
>

|
<
|
<
<
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
|
>
>
>
|
>
>
>
>
|
<
<
<
<
>
|
|
|
|
|
|
|
|
|
|
|
<
<
|
>
>
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
|
<
|
|
|
<
|
>
|
|
|
|
>
|
<
>
>
>
>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
|
<
<
|
>
>
>
>
>
>
|
<
|
|
|
|
|
|
|
|
<
|
|
|
>
|
|
|
|
|
|
>
>
>
|
>
|
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
|
>
>
|
>
>
|
<
<
<
>
>
>
|
<
>
|
<
>
|
<
<
<
<
<
<
|
<
<
|
>
>
|
>
>
>
>
>
>
>
|
<
>
>
|
|
<
<
|
|
<
<
<
<
<
<
<
<
<
|
|
>
|
|
>
>
>
>
|
>
>
>
>
|
|
|
>
>
|
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
>
>
>
|
|
<
|
|
|
|
|
|
>
>
>
>
|
|
|
>
>
>
|
|
>
>
>
<
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
|
<
>
>
|
>
>
|
>
|
|
>
>
>
>
>
|
|
<
>
>
|
>
|
<
>
>
1
2
3
4

5


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37




38
39
40
41
42
43
44
45
46
47
48
49


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80

81
82
83
84
85
86
87
88

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107


108
109
110
111
112
113
114
115

116
117
118
119
120
121
122
123

124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169



170
171
172
173

174
175

176
177






178


179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194


195
196









197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269

270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285

286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

302
303
304
305
306

307
308
.\"	$OpenBSD: EC_GROUP_new.3,v 1.6 2016/12/11 14:22:43 schwarze Exp $
.\"	OpenSSL 9b86974e Mon Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.

.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"




.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: December 11 2016 $
.Dt EC_GROUP_NEW 3
.Os
.Sh NAME
.Nm EC_GROUP_new ,
.Nm EC_GROUP_free ,
.Nm EC_GROUP_clear_free ,
.Nm EC_GROUP_new_curve_GFp ,
.Nm EC_GROUP_new_curve_GF2m ,
.Nm EC_GROUP_new_by_curve_name ,
.Nm EC_GROUP_set_curve_GFp ,
.Nm EC_GROUP_get_curve_GFp ,
.Nm EC_GROUP_set_curve_GF2m ,
.Nm EC_GROUP_get_curve_GF2m ,
.Nm EC_get_builtin_curves
.Nd create and destroy EC_GROUP objects
.Sh SYNOPSIS
.In openssl/ec.h
.In openssl/bn.h
.Ft EC_GROUP *
.Fo EC_GROUP_new
.Fa "const EC_METHOD *meth"
.Fc
.Ft void
.Fo EC_GROUP_free
.Fa "EC_GROUP *group"
.Fc

.Ft void
.Fo EC_GROUP_clear_free
.Fa "EC_GROUP *group"

.Fc
.Ft EC_GROUP *
.Fo EC_GROUP_new_curve_GFp
.Fa "const BIGNUM *p"
.Fa "const BIGNUM *a"
.Fa "const BIGNUM *b"
.Fa "BN_CTX *ctx"
.Fc

.Ft EC_GROUP *
.Fo EC_GROUP_new_curve_GF2m
.Fa "const BIGNUM *p"
.Fa "const BIGNUM *a"
.Fa "const BIGNUM *b"
.Fa "BN_CTX *ctx"
.Fc
.Ft EC_GROUP *
.Fo EC_GROUP_new_by_curve_name
.Fa "int nid"
.Fc
.Ft int
.Fo EC_GROUP_set_curve_GFp
.Fa "EC_GROUP *group"
.Fa "const BIGNUM *p"
.Fa "const BIGNUM *a"
.Fa "const BIGNUM *b"
.Fa "BN_CTX *ctx"
.Fc


.Ft int
.Fo EC_GROUP_get_curve_GFp
.Fa "const EC_GROUP *group"
.Fa "BIGNUM *p"
.Fa "BIGNUM *a"
.Fa "BIGNUM *b"
.Fa "BN_CTX *ctx"
.Fc

.Ft int
.Fo EC_GROUP_set_curve_GF2m
.Fa "EC_GROUP *group"
.Fa "const BIGNUM *p"
.Fa "const BIGNUM *a"
.Fa "const BIGNUM *b"
.Fa "BN_CTX *ctx"
.Fc

.Ft int
.Fo EC_GROUP_get_curve_GF2m
.Fa "const EC_GROUP *group"
.Fa "BIGNUM *p"
.Fa "BIGNUM *a"
.Fa "BIGNUM *b"
.Fa "BN_CTX *ctx"
.Fc
.Ft size_t
.Fo EC_get_builtin_curves
.Fa "EC_builtin_curve *r"
.Fa "size_t nitems"
.Fc
.Sh DESCRIPTION
The EC library provides functions for performing operations on
elliptic curves over finite fields.
In general, an elliptic curve satisfies an equation of the form:
.Pp
.Dl y^2 = x^3 + ax + b
.Pp
Within the library there are two forms of elliptic curves that are of
interest.
The first form is those defined over the prime field Fp.
The elements of Fp are the integers 0 to p-1, where
.Fa p
is a prime number.
This gives us a revised elliptic curve equation as follows:
.Pp
.Dl y^2 mod p = x^3 + ax + b mod p
.Pp
The second form is those defined over a binary field F2^m where the
elements of the field are integers of length at most m bits.

For this form the elliptic curve equation is modified to:
.Pp
.Dl y^2 + xy = x^3 + ax^2 + b (where b != 0)
.Pp
Operations in a binary field are performed relative to an irreducible
polynomial.
All such curves with OpenSSL use a trinomial or a pentanomial for this
parameter.
.Pp
An
.Vt EC_GROUP
structure is used to represent the definition of an elliptic curve.
A new curve can be constructed by calling
.Fn EC_GROUP_new ,



using the implementation provided by
.Fa meth
(see
.Xr EC_GFp_simple_method 3 ) .

It is then necessary to call either
.Fn EC_GROUP_set_curve_GFp

or
.Fn EC_GROUP_set_curve_GF2m






as appropriate to create a curve defined over Fp or over F2^m, respectively.


.Pp
.Fn EC_GROUP_set_curve_GFp
sets the curve parameters
.Fa p ,
.Fa a ,
and
.Fa b
for a curve over Fp stored in
.Fa group .
.Fn EC_group_get_curve_GFp
obtains the previously set curve parameters.
.Pp

.Fn EC_GROUP_set_curve_GF2m
sets the equivalent curve parameters for a curve over F2^m.
In this case
.Fa p


represents the irreducible polynomial - each bit represents a term in
the polynomial.









Therefore there will either be three or five bits set dependent on
whether the polynomial is a trinomial or a pentanomial.
.Fn EC_group_get_curve_GF2m
obtains the previously set curve parameters.
.Pp
The functions
.Fn EC_GROUP_new_curve_GFp
and
.Fn EC_GROUP_new_curve_GF2m
are shortcuts for calling
.Fn EC_GROUP_new
and the appropriate
.Fn EC_GROUP_set_curve_*
function.
An appropriate default implementation method will be used.
.Pp
Whilst the library can be used to create any curve using the functions
described above, there are also a number of predefined curves that are
available.
In order to obtain a list of all of the predefined curves, call the
function
.Fn EC_get_builtin_curves .
The parameter
.Fa r
should be an array of
.Vt EC_builtin_cure
structures of size
.Fa nitems .
The function will populate the
.Fa r
array with information about the builtin curves.
If
.Fa nitems
is less than the total number of curves available, then the first
.Fa nitems
curves will be returned.
Otherwise the total number of curves will be provided.
The return value is the total number of curves available (whether that
number has been populated in
.Fa r
or not).
Passing a
.Dv NULL
.Fa r ,
or setting
.Fa nitems
to 0, will do nothing other than return the total number of curves
available.
The
.Vt EC_builtin_curve
structure is defined as follows:
.Bd -literal

typedef struct {
	int nid;
	const char *comment;
} EC_builtin_curve;
.Ed
.Pp
Each
.Vt EC_builtin_curve
item has a unique integer ID
.Pq Fa nid
and a human readable comment string describing the curve.
.Pp
In order to construct a builtin curve use the function
.Fn EC_GROUP_new_by_curve_name
and provide the
.Fa nid
of the curve to be constructed.
.Pp
.Fn EC_GROUP_free
frees the memory associated with the
.Vt EC_GROUP .

If
.Fa group
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn EC_GROUP_clear_free
destroys any sensitive data held within the
.Vt EC_GROUP
and then frees its memory.
If
.Fa group
is a
.Dv NULL
pointer, no action occurs.
.Sh RETURN VALUES

All
.Fn EC_GROUP_new*
functions return a pointer to the newly constructed group or
.Dv NULL
on error.
.Pp
.Fn EC_get_builtin_curves
returns the number of builtin curves that are available.
.Pp
.Fn EC_GROUP_set_curve_GFp ,
.Fn EC_GROUP_get_curve_GFp ,
.Fn EC_GROUP_set_curve_GF2m ,
and
.Fn EC_GROUP_get_curve_GF2m
return 1 on success or 0 on error.
.Sh SEE ALSO

.Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 ,
.Xr EC_GROUP_copy 3 ,
.Xr EC_KEY_new 3 ,
.Xr EC_POINT_add 3 ,

.Xr EC_POINT_new 3 ,
.Xr ECDSA_SIG_new 3
Changes to jni/libressl/man/EC_KEY_new.3.
1

2


3
4


5
6


7




8








9





10



11
12












13
14

15
16
17
18
19
20
21











22
23
















24
25
26






27
28
29
30

31
32




33



34


35

36


37

38



39
40


41



42
43




44
45
46
47
48
49
50
51






52



53




54



55








56
57
58
59





60







61
62




63
64
65
66



67



68



69





70
71





72

















73
74
75
76
77
78
79
80
81
82
83
84
85
86

87

88




89


90

91


















92




93

94





95

96




97

98
99


100
101
102
103


104
105
106
107

108
109
110
111
112



113




114



115
116
117




118
119






120
121
122




123





124

125















126




127





128

129
130










131

132






133
134
135
136

137









138



139



140
141
142

143
144
145
146
147


148
149
150






151
152
153
154
155
156
157
158

159






160
161



162
163



















164




165




166

167

168

169
170
171

172
















173

174

175

176

177

178

179

180


181
182
183
184


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================


.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v


.if n .sp




..








.de Vb \" Begin verbatim text





.ft CW



.nf
.ne \\$1












..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and











.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
















.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\






.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""




.    ds C` ""



.    ds C' ""


'br\}

.el\{\


.    ds -- \|\(em\|

.    ds PI \(*p



.    ds L" ``
.    ds R" ''


.    ds C`



.    ds C'
'br\}




.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the






.\" output yourself in some meaningful fashion.



.\"




.\" Avoid warning from groff about undefined register 'F'.



.de IX








..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{





.    if \nF \{







.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"




..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2



.        \}



.    \}



.\}





.rr rF
.\" ========================================================================





.\"

















.IX Title "EC_KEY_new 3"
.TH EC_KEY_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_get_key_method_data, EC_KEY_insert_key_method_data, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates \- Functions for creating, destroying and manipulating EC_KEY objects.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/ec.h>
\& #include <openssl/bn.h>
\&

\& EC_KEY *EC_KEY_new(void);

\& int EC_KEY_get_flags(const EC_KEY *key);




\& void EC_KEY_set_flags(EC_KEY *key, int flags);


\& void EC_KEY_clear_flags(EC_KEY *key, int flags);

\& EC_KEY *EC_KEY_new_by_curve_name(int nid);


















\& void EC_KEY_free(EC_KEY *key);




\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);

\& EC_KEY *EC_KEY_dup(const EC_KEY *src);





\& int EC_KEY_up_ref(EC_KEY *key);

\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);




\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);

\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);


\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);


\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
\& void *EC_KEY_get_key_method_data(EC_KEY *key, 
\&        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

\& void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
\&        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
\& int EC_KEY_generate_key(EC_KEY *key);



\& int EC_KEY_check_key(const EC_KEY *key);




\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);



.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"




An \s-1EC_KEY\s0 represents a public key and (optionally) an associated private key. A new \s-1EC_KEY \s0(with no associated curve) can be constructed by calling EC_KEY_new.
The reference count for the newly created \s-1EC_KEY\s0 is initially set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling






EC_KEY_set_group.
.PP
Alternatively a new \s-1EC_KEY\s0 can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to \fIEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to EC_KEY_new and 




EC_GROUP_new_by_curve_name.





.PP

Calling EC_KEY_free decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated















with it.




.PP





EC_KEY_copy copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR.

.PP
EC_KEY_dup creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it.










.PP

EC_KEY_up_ref increments the reference count associated with the \s-1EC_KEY\s0 object.






.PP
EC_KEY_generate_key generates a new public and private key for the supplied \fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object
associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where order is the order
of the \s-1EC_GROUP\s0 object). The public key is an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the curve by the

private key.









.PP



EC_KEY_check_key performs various sanity checks on the \s-1EC_KEY\s0 object to confirm that it is valid.



.PP
EC_KEY_set_public_key_affine_coordinates sets the public key for \fBkey\fR based on its affine co-ordinates, i.e. it constructs an \s-1EC_POINT\s0
object based on the supplied \fBx\fR and \fBy\fR values and sets the public key to be this \s-1EC_POINT.\s0 It will also performs certain sanity checks

on the key to confirm that it is valid.
.PP
The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the \s-1EC_GROUP\s0 object, the private key and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively.
.PP
The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the value of the encoding flags for the \fBkey\fR. There are two encoding


flags currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY. \s0 These flags define the behaviour of how the  \fBkey\fR is
converted into \s-1ASN1\s0 in a call to i2d_ECPrivateKey. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for the curve are not encoded
along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is set then the public key is not encoded along with the private key.






.PP
The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the \fBkey\fR. For a description
of point_conversion_forms please refer to \fIEC_POINT_new\fR\|(3).
.PP
EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitrary additional data specific to the
elliptic curve scheme being used with the \s-1EC_KEY\s0 object. This data is treated as a \*(L"black box\*(R" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the \fBdata\fR parameter, which must have associated functions for duplicating, freeing and \*(L"clear_freeing\*(R" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and \*(L"clear_freeing\*(R" the data item must be provided again, and they must be the same as they were when the data item was inserted.
.PP
EC_KEY_set_flags sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The currently defined standard flags are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH\s0 and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this \s-1EC_KEY.\s0 EC_KEY_clear_flags clears the flags indicated by the \fBflags\fR parameter. All other flags are left in their existing state.

.PP






EC_KEY_set_asn1_flag sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object (if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the asn1_flag.
.PP



EC_KEY_precompute_mult stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fIEC_POINT_add\fR\|(3).
.SH "RETURN VALUES"



















.IX Header "RETURN VALUES"




EC_KEY_new, EC_KEY_new_by_curve_name and EC_KEY_dup return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error.




.PP

EC_KEY_get_flags returns the flags associated with the \s-1EC_KEY\s0 object as an integer.

.PP

EC_KEY_copy returns a pointer to the destination key, or \s-1NULL\s0 on error.
.PP
EC_KEY_up_ref, EC_KEY_set_group, EC_KEY_set_private_key, EC_KEY_set_public_key, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key and EC_KEY_set_public_key_affine_coordinates return 1 on success or 0 on error.

.PP
















EC_KEY_get0_group returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0

.PP

EC_KEY_get0_private_key returns the private key associated with the \s-1EC_KEY.\s0

.PP

EC_KEY_get_enc_flags returns the value of the current encoding flags for the \s-1EC_KEY.\s0

.PP

EC_KEY_get_conv_form return the point_conversion_form for the \s-1EC_KEY.\s0

.SH "SEE ALSO"


.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3),
\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)


|
>

>
>
|
<
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
|
|
|
<
<
<
<
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
>
>
>
>
>
>
|
|
<
<
>
|
|
>
>
>
>
|
>
>
>
|
>
>
|
>
|
>
>
|
>
|
>
>
>
|
|
>
>
|
>
>
>
|
<
>
>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
|
>
>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
|
|
<
<
>
>
>
>
>
|
>
>
>
>
>
>
>
|
<
>
>
>
>
|
|
<
<
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
>
>
|
<
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
|
|
<
<
<
|
<
<
<
>
|
>
|
>
>
>
>
|
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
|
>
|
>
>
>
>
>
|
>
|
>
>
>
>
|
>
|
<
>
>
|
|
|
<
>
>
|
|
|
|
>
|
<
|
|
|
>
>
>
|
>
>
>
>
|
>
>
>
|
<
<
>
>
>
>
|
<
>
>
>
>
>
>
|
|
|
>
>
>
>
|
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
|
>
|
<
>
>
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
|
<
<
<
>
|
>
>
>
>
>
>
>
>
>
|
>
>
>
|
>
>
>
|
|
|
>
|
|
<
<
<
>
>
|
<
<
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
>
>
>
>
>
>
|
|
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
|
>
|
>
|
|
<
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
|
>
|
>
|
>
|
>
|
>
>
|
|
|
<
>
>
1
2
3
4
5
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54




55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

85
86
87
88
89
90
91
92
93


94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169


170
171
172
173
174
175
176
177
178
179
180
181
182
183

184
185
186
187
188
189


190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231




232
233



234



235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289

290
291
292
293
294

295
296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318


319
320
321
322
323

324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374

375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394



395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419



420
421
422


423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450

451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487

488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525

526
527
.\"	$OpenBSD: EC_KEY_new.3,v 1.8 2016/12/11 14:22:43 schwarze Exp $
.\"	OpenSSL d900a015 Oct 8 14:40:42 2015 +0200
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2013, 2014 The OpenSSL Project.  All rights reserved.
.\"

.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 11 2016 $
.Dt EC_KEY_NEW 3
.Os
.Sh NAME




.Nm EC_KEY_new ,
.Nm EC_KEY_get_flags ,
.Nm EC_KEY_set_flags ,
.Nm EC_KEY_clear_flags ,
.Nm EC_KEY_new_by_curve_name ,
.Nm EC_KEY_free ,
.Nm EC_KEY_copy ,
.Nm EC_KEY_dup ,
.Nm EC_KEY_up_ref ,
.Nm EC_KEY_get0_group ,
.Nm EC_KEY_set_group ,
.Nm EC_KEY_get0_private_key ,
.Nm EC_KEY_set_private_key ,
.Nm EC_KEY_get0_public_key ,
.Nm EC_KEY_set_public_key ,
.Nm EC_KEY_get_enc_flags ,
.Nm EC_KEY_set_enc_flags ,
.Nm EC_KEY_get_conv_form ,
.Nm EC_KEY_set_conv_form ,
.Nm EC_KEY_get_key_method_data ,
.Nm EC_KEY_insert_key_method_data ,
.Nm EC_KEY_set_asn1_flag ,
.Nm EC_KEY_precompute_mult ,
.Nm EC_KEY_generate_key ,
.Nm EC_KEY_check_key ,
.Nm EC_KEY_set_public_key_affine_coordinates ,
.Nm EC_KEY_print ,
.Nm EC_KEY_print_fp
.Nd create, destroy and manipulate EC_KEY objects
.Sh SYNOPSIS

.In openssl/ec.h
.In openssl/bn.h
.Ft EC_KEY *
.Fn EC_KEY_new void
.Ft int
.Fo EC_KEY_get_flags
.Fa "const EC_KEY *key"
.Fc
.Ft void


.Fo EC_KEY_set_flags
.Fa "EC_KEY *key"
.Fa "int flags"
.Fc
.Ft void
.Fo EC_KEY_clear_flags
.Fa "EC_KEY *key"
.Fa "int flags"
.Fc
.Ft EC_KEY *
.Fo EC_KEY_new_by_curve_name
.Fa "int nid"
.Fc
.Ft void
.Fo EC_KEY_free
.Fa "EC_KEY *key"
.Fc
.Ft EC_KEY *
.Fo EC_KEY_copy
.Fa "EC_KEY *dst"
.Fa "const EC_KEY *src"
.Fc
.Ft EC_KEY *
.Fo EC_KEY_dup
.Fa "const EC_KEY *src"
.Fc
.Ft int
.Fo EC_KEY_up_ref
.Fa "EC_KEY *key"
.Fc
.Ft const EC_GROUP *
.Fo EC_KEY_get0_group
.Fa "const EC_KEY *key"
.Fc

.Ft int
.Fo EC_KEY_set_group
.Fa "EC_KEY *key"
.Fa "const EC_GROUP *group"
.Fc
.Ft const BIGNUM *
.Fo EC_KEY_get0_private_key
.Fa "const EC_KEY *key"
.Fc
.Ft int
.Fo EC_KEY_set_private_key
.Fa "EC_KEY *key"
.Fa "const BIGNUM *prv"
.Fc
.Ft const EC_POINT *
.Fo EC_KEY_get0_public_key
.Fa "const EC_KEY *key"
.Fc
.Ft int
.Fo EC_KEY_set_public_key
.Fa "EC_KEY *key"
.Fa "const EC_POINT *pub"
.Fc
.Ft unsigned int
.Fo EC_KEY_get_enc_flags
.Fa "const EC_KEY *key"
.Fc
.Ft void
.Fo EC_KEY_set_enc_flags
.Fa "EC_KEY *key"
.Fa "unsigned int flags"
.Fc
.Ft point_conversion_form_t
.Fo EC_KEY_get_conv_form
.Fa "const EC_KEY *key"
.Fc
.Ft void
.Fo EC_KEY_set_conv_form
.Fa "EC_KEY *key"
.Fa "point_conversion_form_t cform"
.Fc
.Ft void *


.Fo EC_KEY_get_key_method_data
.Fa "EC_KEY *key"
.Fa "void *(*dup_func)(void *)"
.Fa "void (*free_func)(void *)"
.Fa "void (*clear_free_func)(void *)"
.Fc
.Ft void
.Fo EC_KEY_insert_key_method_data
.Fa "EC_KEY *key"
.Fa "void *data"
.Fa "void *(*dup_func)(void *)"
.Fa "void (*free_func)(void *)"
.Fa "void (*clear_free_func)(void *)"
.Fc

.Ft void
.Fo EC_KEY_set_asn1_flag
.Fa "EC_KEY *key"
.Fa "int asn1_flag"
.Fc
.Ft int


.Fo EC_KEY_precompute_mult
.Fa "EC_KEY *key"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_KEY_generate_key
.Fa "EC_KEY *key"
.Fc
.Ft int
.Fo EC_KEY_check_key
.Fa "const EC_KEY *key"
.Fc
.Ft int
.Fo EC_KEY_set_public_key_affine_coordinates
.Fa "EC_KEY *key"
.Fa "BIGNUM *x"
.Fa "BIGNUM *y"
.Fc

.Ft int
.Fo EC_KEY_print
.Fa "BIO *bp"
.Fa "const EC_KEY *key"
.Fa "int off"
.Fc
.Ft int
.Fo EC_KEY_print_fp
.Fa "FILE *fp"
.Fa "const EC_KEY *key"
.Fa "int off"
.Fc
.Sh DESCRIPTION
An
.Vt EC_KEY
represents a public key and (optionally) an associated private key.
The public key is a point on a curve represented by an
.Vt EC_POINT ,
see
.Xr EC_POINT_new 3 .
The private key is simply a
.Vt BIGNUM ,
see
.Xr BN_new 3 .




.Pp
A new



.Vt EC_KEY



(with no associated curve) can be constructed by calling
.Fn EC_KEY_new .
The reference count for the newly created
.Vt EC_KEY
is initially set to 1.
A curve can be associated with the
.Vt EC_KEY
by calling
.Fn EC_KEY_set_group .
.Pp
Alternatively a new
.Vt EC_KEY
can be constructed by calling
.Fn EC_KEY_new_by_curve_name
and supplying the
.Fa nid
of the associated curve.
Refer to
.Xr EC_GROUP_new 3
for a description of curve names.
This function simply wraps calls to
.Fn EC_KEY_new
and
.Fn EC_GROUP_new_by_curve_name .
.Pp
Calling
.Fn EC_KEY_free
decrements the reference count for the
.Vt EC_KEY
object and, if it has dropped to zero, then frees the memory associated
with it.
If
.Fa key
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn EC_KEY_copy
copies the contents of the
.Vt EC_KEY
in
.Fa src
into
.Fa dst .
.Pp
.Fn EC_KEY_dup
creates a new
.Vt EC_KEY
object and copies
.Fa src
into it.
.Pp
.Fn EC_KEY_up_ref
increments the reference count associated with the
.Vt EC_KEY

object.
.Pp
.Fn EC_KEY_generate_key
generates a new public and private key for the supplied
.Fa key

object.
.Fa key
must have an
.Vt EC_GROUP
object associated with it before calling this function.
The private key is a random integer (0 < priv_key < order, where order
is the order of the
.Vt EC_GROUP

object).
The public key is an
.Vt EC_POINT
on the curve calculated by multiplying the generator for the curve
by the private key.
.Pp
.Fn EC_KEY_check_key
performs various sanity checks on the
.Vt EC_KEY
object to confirm that it is valid.
.Pp
.Fn EC_KEY_set_public_key_affine_coordinates
sets the public key for
.Fa key
based on its affine coordinates, i.e. it constructs an
.Vt EC_POINT


object based on the supplied
.Fa x
and
.Fa y
values and sets the public key to be this

.Vt EC_POINT .
It also performs certain sanity checks on the key to confirm that
it is valid.
.Pp
The functions
.Fn EC_KEY_get0_group ,
.Fn EC_KEY_set_group ,
.Fn EC_KEY_get0_private_key ,
.Fn EC_KEY_set_private_key ,
.Fn EC_KEY_get0_public_key ,
and
.Fn EC_KEY_set_public_key
get and set the
.Vt EC_GROUP
object, the private key and the
.Vt EC_POINT
public key for the
.Fa key ,
respectively.
.Pp
The functions
.Fn EC_KEY_get_enc_flags
and
.Fn EC_KEY_set_enc_flags
get and set the value of the encoding flags for the
.Fa key .
There are two encoding flags currently defined:
.Dv EC_PKEY_NO_PARAMETERS
and
.Dv EC_PKEY_NO_PUBKEY .
These flags define the behaviour of how the
.Fa key
is converted into ASN.1 in a call to
.Fn i2d_ECPrivateKey .
If
.Dv EC_PKEY_NO_PARAMETERS
is set then the public parameters for the curve
are not encoded along with the private key.
If
.Dv EC_PKEY_NO_PUBKEY
is set then the public key is not encoded along with the private
key.
.Pp
The format of the external representation of the public key written by
.Xr i2d_ECPrivateKey 3 ,
such as whether it is stored in a compressed form or not,
is described by the point_conversion_form.
See
.Xr EC_GROUP_copy 3
for a description of point_conversion_form.
.Pp

When reading a private key encoded without an associated public key,
for example if
.Dv EC_PKEY_NO_PUBKEY
was used,
.Xr d2i_ECPrivateKey 3
generates the missing public key automatically.
Private keys encoded without parameters, for example if
.Dv EC_PKEY_NO_PARAMETERS
was used, cannot be loaded using
.Xr d2i_ECPrivateKey 3 .
.Pp
The functions
.Fn EC_KEY_get_conv_form
and
.Fn EC_KEY_set_conv_form
get and set the point_conversion_form for the
.Fa key .
For a description of point_conversion_form please refer to
.Xr EC_GROUP_copy 3 .
.Pp



.Fn EC_KEY_insert_key_method_data
and
.Fn EC_KEY_get_key_method_data
enable the caller to associate arbitrary additional data specific
to the elliptic curve scheme being used with the
.Vt EC_KEY
object.
This data is treated as a "black box" by the EC library.
The data to be stored by
.Fn EC_KEY_insert_key_method_data
is provided in the
.Fa data
parameter, which must have associated functions for duplicating, freeing
and "clear_freeing" the data item.
If a subsequent
.Fn EC_KEY_get_key_method_data
call is issued, the functions for duplicating, freeing and
"clear_freeing" the data item must be provided again, and they must
be the same as they were when the data item was inserted.
.Pp
.Fn EC_KEY_set_flags
sets the flags in the
.Fa flags
parameter on the
.Vt EC_KEY



object.
Any flags that are already set are left set.
The currently defined standard flags are


.Dv EC_FLAG_NON_FIPS_ALLOW
and
.Dv EC_FLAG_FIPS_CHECKED .
In addition there is the flag
.Dv EC_FLAG_COFACTOR_ECDH
which is specific to ECDH and is defined in
.In openssl/ecdh.h .
.Fn EC_KEY_get_flags
returns the current flags that are set for this
.Vt EC_KEY .
.Fn EC_KEY_clear_flags
clears the flags indicated by the
.Fa flags
parameter.
All other flags are left in their existing state.
.Pp
.Fn EC_KEY_set_asn1_flag
sets the asn1_flag on the underlying
.Vt EC_GROUP
object (if set).
Refer to
.Xr EC_GROUP_copy 3
for further information on the asn1_flag.
.Pp
.Fn EC_KEY_precompute_mult
stores multiples of the underlying
.Vt EC_GROUP
generator for faster point multiplication.

See also
.Xr EC_POINT_add 3 .
.Pp
.Fn EC_KEY_print
and
.Fn EC_KEY_print_fp
print out the content of
.Fa key
to the
.Vt BIO
.Fa bp
or to the
.Vt FILE
pointer
.Fa fp ,
respectively.
Each line is indented by
.Fa indent
spaces.
.Sh RETURN VALUES
.Fn EC_KEY_new ,
.Fn EC_KEY_new_by_curve_name ,
and
.Fn EC_KEY_dup
return a pointer to the newly created
.Vt EC_KEY object
or
.Dv NULL
on error.
.Pp
.Fn EC_KEY_get_flags
returns the flags associated with the
.Vt EC_KEY object .
.Pp
.Fn EC_KEY_copy
returns a pointer to the destination key or
.Dv NULL

on error.
.Pp
.Fn EC_KEY_up_ref ,
.Fn EC_KEY_set_group ,
.Fn EC_KEY_set_private_key ,
.Fn EC_KEY_set_public_key ,
.Fn EC_KEY_precompute_mult ,
.Fn EC_KEY_generate_key ,
.Fn EC_KEY_check_key ,
.Fn EC_KEY_set_public_key_affine_coordinates ,
.Fn EC_KEY_print ,
and
.Fn EC_KEY_print_fp
return 1 on success or 0 on error.
.Pp
.Fn EC_KEY_get0_group
returns the
.Vt EC_GROUP
associated with the
.Vt EC_KEY .
.Pp
.Fn EC_KEY_get0_private_key
returns the private key associated with the
.Vt EC_KEY .
.Pp
.Fn EC_KEY_get_enc_flags
returns the value of the current encoding flags for the
.Vt EC_KEY .
.Pp
.Fn EC_KEY_get_conv_form
returns the point_conversion_form for the
.Vt EC_KEY .
.Sh SEE ALSO
.Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 ,
.Xr EC_GROUP_copy 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_POINT_add 3 ,

.Xr EC_POINT_new 3 ,
.Xr ECDSA_SIG_new 3
Changes to jni/libressl/man/EC_POINT_add.3.
1

2
3
4
5
6
7
8


9
10


11




12




13



14
15
16



17


18
19
20
21
22
23
24
25
26
27
28
29
30
31

32


33
34
35














36
37
38
39
40




41
42
43




44
45
46





47




48
49
50
51
52





53
54
55



56
57
58
59
60
61
62


63
64


65
66


67
68








69




70
71
72
73
74
75
76
77


78
79
80
81
82
83
84
85
86
87
88
89



90

91
92

93
94



95
96
97
98





99
100
101
102
103



104

105



106


107
108

109
110

111

112




113






114

115
116











117
118

119







120

121


122


123


124
125
126
127









128
129

130
131

132
133

134
135

136
137


138
139

140
141
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R
.fi



..


.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""


.    ds C` ""
.    ds C' ""
'br\}














.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''




.    ds C`
.    ds C'
'br\}




.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq





.el       .ds Aq '




.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.





.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX



..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{


.            nr % 0
.            nr F 2


.        \}
.    \}








.\}




.rr rF
.\" ========================================================================
.\"
.IX Title "EC_POINT_add 3"
.TH EC_POINT_add 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l


.nh
.SH "NAME"
EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/ec.h>
\& #include <openssl/bn.h>
\&
\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);



\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);

\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);

\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);



\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group);





.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the
result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR.



.PP

EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR.



.PP


The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not.
.PP

EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.
.PP

EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.

.PP




The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine






co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be

forced.
.PP











EC_POINT_mul calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR.
.PP

EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value







\&\fBn\fR may be \s-1NULL.\s0

.PP


The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst


EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information


about the generator.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine,









EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult.
.PP

EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise.
.PP

EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error.
.PP

EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error.
.PP

EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.
.SH "SEE ALSO"


.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),

\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3),
\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
|
>

|
<
|
<
<
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
<
|
>
>
>
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
>
|
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
>
|
|
|
>
>
>
>
|
<
<
>
>
>
>
>
|
>
>
>
>
|
<
<
<
|
>
>
>
>
>
|
|
|
>
>
>
|
<
<
<
|
|
|
>
>
|
|
>
>
|
<
>
>
|
|
>
>
>
>
>
>
>
>
|
>
>
>
>
|
<
<
|
<
<
<
<
>
>
|
|
|
|
|
|
|
<
<
<
|
|
>
>
>
|
>
|
<
>
|
|
>
>
>
|
|
|
|
>
>
>
>
>
|
<
<
<
|
>
>
>
|
>
|
>
>
>
|
>
>
|
|
>
|
|
>
|
>
|
>
>
>
>
|
>
>
>
>
>
>
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
>
|
>
>
>
>
>
>
>
|
>
|
>
>
|
>
>
|
>
>
|
|
<
|
>
>
>
>
>
>
>
>
>
|
|
>
|
|
>
|
|
>
|
|
>
|
|
>
>
|
|
>
|
<
1
2
3
4

5


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85


86
87
88
89
90
91
92
93
94
95
96



97
98
99
100
101
102
103
104
105
106
107
108
109



110
111
112
113
114
115
116
117
118
119

120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137


138




139
140
141
142
143
144
145
146
147



148
149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171



172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273

.\"	$OpenBSD: EC_POINT_add.3,v 1.6 2016/12/11 14:22:43 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.

.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt EC_POINT_ADD 3
.Os
.Sh NAME

.Nm EC_POINT_add ,
.Nm EC_POINT_dbl ,
.Nm EC_POINT_invert ,
.Nm EC_POINT_is_at_infinity ,
.Nm EC_POINT_is_on_curve ,
.Nm EC_POINT_cmp ,
.Nm EC_POINT_make_affine ,
.Nm EC_POINTs_make_affine ,
.Nm EC_POINTs_mul ,
.Nm EC_POINT_mul ,
.Nm EC_GROUP_precompute_mult ,
.Nm EC_GROUP_have_precompute_mult
.Nd perform mathematical operations and tests on EC_POINT objects
.Sh SYNOPSIS
.In openssl/ec.h
.In openssl/bn.h
.Ft int
.Fo EC_POINT_add
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *r"
.Fa "const EC_POINT *a"
.Fa "const EC_POINT *b"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_dbl
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *r"
.Fa "const EC_POINT *a"
.Fa "BN_CTX *ctx"
.Fc


.Ft int
.Fo EC_POINT_invert
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *a"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_is_at_infinity
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *p"
.Fc



.Ft int
.Fo EC_POINT_is_on_curve
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *point"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_cmp
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *a"
.Fa "const EC_POINT *b"
.Fa "BN_CTX *ctx"
.Fc



.Ft int
.Fo EC_POINT_make_affine
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *point"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINTs_make_affine
.Fa "const EC_GROUP *group"
.Fa "size_t num"

.Fa "EC_POINT *points[]"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINTs_mul
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *r"
.Fa "const BIGNUM *n"
.Fa "size_t num"
.Fa "const EC_POINT *p[]"
.Fa "const BIGNUM *m[]"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_mul
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *r"
.Fa "const BIGNUM *n"


.Fa "const EC_POINT *q"




.Fa "const BIGNUM *m"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_GROUP_precompute_mult
.Fa "EC_GROUP *group"
.Fa "BN_CTX *ctx"
.Fc
.Ft int



.Fo EC_GROUP_have_precompute_mult
.Fa "const EC_GROUP *group"
.Fc
.Sh DESCRIPTION
These functions operate on
.Vt EC_POINT
objects created by
.Xr EC_POINT_new 3 .

.Pp
.Fn EC_POINT_add
adds the two points
.Fa a
and
.Fa b
and places the result in
.Fa r .
Similarly
.Fn EC_POINT_dbl
doubles the point
.Fa a
and places the result in
.Fa r .
In both cases it is valid for
.Fa r



to be one of
.Fa a
or
.Fa b .
.Pp
.Fn EC_POINT_invert
calculates the inverse of the supplied point
.Fa a .
The result is placed back in
.Fa a .
.Pp
The function
.Fn EC_POINT_is_at_infinity
tests whether the supplied point is at infinity or not.
.Pp
.Fn EC_POINT_is_on_curve
tests whether the supplied point is on the curve or not.
.Pp
.Fn EC_POINT_cmp
compares the two supplied points and tests whether or not they are
equal.
.Pp
The functions
.Fn EC_POINT_make_affine
and
.Fn EC_POINTs_make_affine
force the internal representation of the
.Vt EC_POINT Ns s
into the affine coordinate system.
In the case of
.Fn EC_POINTs_make_affine ,
the value
.Fa num
provides the number of points in the array
.Fa points
to be forced.
.Pp
.Fn EC_POINT_mul
calculates the value
.Pp
.D1 generator * n + q * m
.Pp
and stores the result in
.Fa r .
The value
.Fa n
may be
.Dv NULL ,
in which case the result is just q * m.
.Pp
.Fn EC_POINTs_mul
calculates the value
.Pp
.Dl generator * n + q[0] * m[0] + ... + q[num-1] * m[num-1]
.Pp
As for
.Fn EC_POINT_mul ,
the value
.Fa n
may be
.Dv NULL .
.Pp
The function
.Fn EC_GROUP_precompute_mult
stores multiples of the generator for faster point multiplication,
whilst
.Fn EC_GROUP_have_precompute_mult
tests whether precomputation has already been done.
See
.Xr EC_GROUP_copy 3
for information about the generator.
.Sh RETURN VALUES

The following functions return 1 on success or 0 on error:
.Fn EC_POINT_add ,
.Fn EC_POINT_dbl ,
.Fn EC_POINT_invert ,
.Fn EC_POINT_make_affine ,
.Fn EC_POINTs_make_affine ,
.Fn EC_POINTs_make_affine ,
.Fn EC_POINT_mul ,
.Fn EC_POINTs_mul ,
and
.Fn EC_GROUP_precompute_mult .
.Pp
.Fn EC_POINT_is_at_infinity
returns 1 if the point is at infinity or 0 otherwise.
.Pp
.Fn EC_POINT_is_on_curve
returns 1 if the point is on the curve, 0 if not, or -1 on error.
.Pp
.Fn EC_POINT_cmp
returns 1 if the points are not equal, 0 if they are, or -1 on error.
.Pp
.Fn EC_GROUP_have_precompute_mult
returns 1 if a precomputation has been done or 0 if not.
.Sh SEE ALSO
.Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 ,
.Xr EC_GROUP_copy 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr EC_POINT_new 3

Changes to jni/libressl/man/EC_POINT_new.3.
1

2


3
4


5
6
7


8



9
10




11






12

13

14


15












16


17
18
19
20
21
22
23























24
25
26
27




28
29
30
31

32
33
34
35


36
37


38

39




40



41
42
43



44
45
46







47
48
49
50
51
52


53
54







55







56
57
58
59




60
61
62
63
64
65
66





67
68






69
70
71






72

73

74
75





76




77

78





79
80
81





82

83
84
85
86

87
88



89
90
91

92




93


94



95
96






97








98
99







100













101



102






103













104
105
106
107

108
109
110
111
112
113

114
115
116
117
118
119













120




121

122

123
124

125
126



127

128

129



130
131

132
133


134
135

136


137








138
139
140







141
142
143
144
145
146
147

148
149
150

151
152
153

154
155
156
157
158
159
160
161
162

163
164




165













166
167
168
169
170
171
172
173



174


175


176


177



178

179

180
181

182




183

184




185

186


187

188



189


190
191

192
193
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================


.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp


..



.de Vb \" Begin verbatim text
.ft CW




.nf






.ne \\$1

..

.de Ve \" End verbatim text


.ft R












.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.























.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-




.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}


.el\{\
.    ds -- \|\(em\|


.    ds PI \(*p

.    ds L" ``




.    ds R" ''



.    ds C`
.    ds C'
'br\}



.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq







.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.


.\"
.\" Avoid warning from groff about undefined register 'F'.







.de IX







..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{




.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2





.        \}
.    \}






.\}
.rr rF
.\" ========================================================================






.\"

.IX Title "EC_POINT_new 3"

.TH EC_POINT_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes





.\" way too many mistakes in technical documents.




.if n .ad l

.nh





.SH "NAME"
EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_set_Jprojective_coordinates, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \- Functions for creating, destroying and manipulating EC_POINT objects.
.SH "SYNOPSIS"





.IX Header "SYNOPSIS"

.Vb 2
\& #include <openssl/ec.h>
\& #include <openssl/bn.h>
\&

\& EC_POINT *EC_POINT_new(const EC_GROUP *group);
\& void EC_POINT_free(EC_POINT *point);



\& void EC_POINT_clear_free(EC_POINT *point);
\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);

\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);




\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);


\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,



\&        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,






\&        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);








\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);







\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,













\&        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);



\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,






\&        const BIGNUM *x, int y_bit, BN_CTX *ctx);













\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
\&        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);

\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, int y_bit, BN_CTX *ctx);
\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
\&        point_conversion_form_t form,
\&        unsigned char *buf, size_t len, BN_CTX *ctx);
\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,

\&        const unsigned char *buf, size_t len, BN_CTX *ctx);
\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
\&        point_conversion_form_t form, BIGNUM *, BN_CTX *);
\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
\&        EC_POINT *, BN_CTX *);
\& char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,













\&        point_conversion_form_t form, BN_CTX *);




\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,

\&        EC_POINT *, BN_CTX *);

.Ve
.SH "DESCRIPTION"

.IX Header "DESCRIPTION"
An \s-1EC_POINT\s0 represents a point on a curve. A new point is constructed by calling the function EC_POINT_new and providing the \fBgroup\fR



object that the point relates to.

.PP

EC_POINT_free frees the memory associated with the \s-1EC_POINT.\s0



.PP
EC_POINT_clear_free destroys any sensitive data held within the \s-1EC_POINT\s0 and then frees its memory.

.PP
EC_POINT_copy copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0


.PP
EC_POINT_dup creates a new \s-1EC_POINT\s0 object and copies the content from \fBsrc\fR to the newly created

\&\s-1EC_POINT\s0 object.


.PP








EC_POINT_method_of obtains the \s-1EC_METHOD\s0 associated with \fBpoint\fR.
.PP
A valid point on a curve is the special point at  infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity.







.PP
The affine co-ordinates for a point describe a point in terms of its x and y position. The functions
EC_POINT_set_affine_coordinates_GFp and EC_POINT_set_affine_coordinates_GF2m set the \fBx\fR and \fBy\fR co-ordinates for the point
\&\fBp\fR defined over the curve given in \fBgroup\fR.
.PP
As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian
projective co-ordinates (for Fp curves only). Jacobian projective co-ordinates are expressed as three values x, y and z. Working in

this co-ordinate system provides more efficient point multiplication operations.
A mapping exists between Jacobian projective co-ordinates and affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective to affine co-ordinates is simple. The co-ordinate (x, y) is
mapped to (x, y, 1). To set or get the projective co-ordinates use EC_POINT_set_Jprojective_coordinates_GFp and

EC_POINT_get_Jprojective_coordinates_GFp respectively.
.PP
Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is

on the curve there will only ever be two possible values for y. Therefore a point can be set using the EC_POINT_set_compressed_coordinates_GFp
and EC_POINT_set_compressed_coordinates_GF2m functions where \fBx\fR is the x co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of
the two possible values for y should be used.
.PP
In addition EC_POINTs can be converted to and from various external representations. Supported representations are octet strings, BIGNUMs and hexadecimal. The format of the external representation is described by the point_conversion_form. See \fIEC_GROUP_copy\fR\|(3) for
a description of point_conversion_form. Octet strings are stored in a buffer along with an associated buffer length. A point held in a \s-1BIGNUM\s0 is calculated by converting the point to an octet string and then converting that octet string into a \s-1BIGNUM\s0 integer. Points in hexadecimal format are stored in a \s-1NULL\s0 terminated character string where each character is one of the printable values 0\-9 or A\-F (or a\-f).
.PP
The functions EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex and EC_POINT_hex2point convert
from and to EC_POINTs for the formats: octet string, \s-1BIGNUM\s0 and hexadecimal respectively.

.PP
The function EC_POINT_point2oct must be supplied with a buffer long enough to store the octet string. The return value provides the number of




octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will still return the required buffer length.













.PP
The function EC_POINT_point2hex will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free
this memory with a subsequent call to \fIfree()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
EC_POINT_new and EC_POINT_dup return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 on error.
.PP
The following functions return 1 on success or 0 on error: EC_POINT_copy, EC_POINT_set_to_infinity, EC_POINT_set_Jprojective_coordinates_GFp,



EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,


EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m,


EC_POINT_set_compressed_coordinates_GF2m and EC_POINT_oct2point.


.PP



EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0

.PP

EC_POINT_point2oct returns the length of the required buffer, or 0 on error.
.PP

EC_POINT_point2bn returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on error.




.PP

EC_POINT_bn2point returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error.




.PP

EC_POINT_point2hex returns a pointer to the hex string, or \s-1NULL\s0 on error.


.PP

EC_POINT_hex2point returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error.



.SH "SEE ALSO"


.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),

\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
|
>

>
>
|
<
>
>
|
<
|
>
>
|
>
>
>
|
|
>
>
>
>
|
>
>
>
>
>
>
|
>
|
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
<
<
<
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
<
>
>
>
>
|
<
<
|
>
|
|
|
<
>
>
|
<
>
>
|
>
|
>
>
>
>
|
>
>
>
|
|
<
>
>
>
|
<
<
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
|
<
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
|
<
<
>
>
>
>
|
|
|
|
|
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
|
|
<
>
>
>
>
>
>
|
>
|
>
|
<
>
>
>
>
>
|
>
>
>
>
|
>
|
>
>
>
>
>
|
<
|
>
>
>
>
>
|
>
|
<
|
<
>
|
|
>
>
>
|
|
|
>
|
>
>
>
>
|
>
>
|
>
>
>
|
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
>
|
<
|
|
<
|
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
|
>
|
>
|
<
>
|
<
>
>
>
|
>
|
>
|
>
>
>
|
<
>
|
<
>
>
|
<
>
|
>
>
|
>
>
>
>
>
>
>
>
|
|
<
>
>
>
>
>
>
>
|
|
|
<
<
|
<
>
|
<
|
>
|
<
<
>
|
<
|
|
|
<
|
|
|
>
|
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
<
<
|
|
|
>
>
>
|
>
>
|
>
>
|
>
>
|
>
>
>
|
>
|
>
|
|
>
|
>
>
>
>
|
>
|
>
>
>
>
|
>
|
>
>
|
>
|
>
>
>
|
>
>
|
|
>
|
<
1
2
3
4
5
6

7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53






54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78

79
80
81
82
83


84
85
86
87
88

89
90
91

92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

107
108
109
110


111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143


144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

170
171
172
173
174
175
176
177
178
179
180

181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

200
201
202
203
204
205
206
207
208

209

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

302
303

304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334

335
336

337
338
339
340
341
342
343
344
345
346
347
348

349
350

351
352
353

354
355
356
357
358
359
360
361
362
363
364
365
366
367
368

369
370
371
372
373
374
375
376
377
378


379

380
381

382
383
384


385
386

387
388
389

390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416


417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472

.\"	$OpenBSD: EC_POINT_new.3,v 1.6 2016/12/11 14:22:43 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2013, 2016 The OpenSSL Project.  All rights reserved.
.\"

.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt EC_POINT_NEW 3
.Os






.Sh NAME
.Nm EC_POINT_new ,
.Nm EC_POINT_free ,
.Nm EC_POINT_clear_free ,
.Nm EC_POINT_copy ,
.Nm EC_POINT_dup ,
.Nm EC_POINT_method_of ,
.Nm EC_POINT_set_to_infinity ,
.Nm EC_POINT_set_affine_coordinates_GFp ,
.Nm EC_POINT_set_affine_coordinates_GF2m ,
.Nm EC_POINT_get_affine_coordinates_GFp ,
.Nm EC_POINT_get_affine_coordinates_GF2m ,
.Nm EC_POINT_set_Jprojective_coordinates_GFp ,
.Nm EC_POINT_get_Jprojective_coordinates_GFp ,
.Nm EC_POINT_set_compressed_coordinates_GFp ,
.Nm EC_POINT_set_compressed_coordinates_GF2m ,
.Nm EC_POINT_point2oct ,
.Nm EC_POINT_oct2point ,
.Nm EC_POINT_point2bn ,
.Nm EC_POINT_bn2point ,
.Nm EC_POINT_point2hex ,
.Nm EC_POINT_hex2point
.Nd create, destroy, and manipulate EC_POINT objects
.Sh SYNOPSIS

.In openssl/ec.h

.In openssl/bn.h
.Ft EC_POINT *
.Fo EC_POINT_new
.Fa "const EC_GROUP *group"
.Fc


.Ft void
.Fo EC_POINT_free
.Fa "EC_POINT *point"
.Fc
.Ft void

.Fo EC_POINT_clear_free
.Fa "EC_POINT *point"
.Fc

.Ft int
.Fo EC_POINT_copy
.Fa "EC_POINT *dst"
.Fa "const EC_POINT *src"
.Fc
.Ft EC_POINT *
.Fo EC_POINT_dup
.Fa "const EC_POINT *src"
.Fa "const EC_GROUP *group"
.Fc
.Ft const EC_METHOD *
.Fo EC_POINT_method_of
.Fa "const EC_POINT *point"
.Fc
.Ft int

.Fo EC_POINT_set_to_infinity
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *point"
.Fc


.Ft int
.Fo EC_POINT_set_affine_coordinates_GFp
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *p"
.Fa "const BIGNUM *x"
.Fa "const BIGNUM *y"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_set_affine_coordinates_GF2m
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *p"
.Fa "const BIGNUM *x"
.Fa "const BIGNUM *y"
.Fa "BN_CTX *ctx"
.Fc

.Ft int
.Fo EC_POINT_get_affine_coordinates_GFp
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *p"
.Fa "BIGNUM *x"
.Fa "BIGNUM *y"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_get_affine_coordinates_GF2m
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *p"
.Fa "BIGNUM *x"
.Fa "BIGNUM *y"
.Fa "BN_CTX *ctx"
.Fc
.Ft int


.Fo EC_POINT_set_Jprojective_coordinates_GFp
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *p"
.Fa "const BIGNUM *x"
.Fa "const BIGNUM *y"
.Fa "const BIGNUM *z"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_get_Jprojective_coordinates_GFp
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *p"
.Fa "BIGNUM *x"
.Fa "BIGNUM *y"
.Fa "BIGNUM *z"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_set_compressed_coordinates_GFp
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *p"
.Fa "const BIGNUM *x"
.Fa "int y_bit"
.Fa "BN_CTX *ctx"
.Fc
.Ft int

.Fo EC_POINT_set_compressed_coordinates_GF2m
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *p"
.Fa "const BIGNUM *x"
.Fa "int y_bit"
.Fa "BN_CTX *ctx"
.Fc
.Ft size_t
.Fo EC_POINT_point2oct
.Fa "const EC_GROUP *group"
.Fa "const EC_POINT *p"

.Fa "point_conversion_form_t form"
.Fa "unsigned char *buf"
.Fa "size_t len"
.Fa "BN_CTX *ctx"
.Fc
.Ft int
.Fo EC_POINT_oct2point
.Fa "const EC_GROUP *group"
.Fa "EC_POINT *p"
.Fa "const unsigned char *buf"
.Fa "size_t len"
.Fa "BN_CTX *ctx"
.Fc
.Ft BIGNUM *
.Fo EC_POINT_point2bn
.Fa "const EC_GROUP *"
.Fa "const EC_POINT *"
.Fa "point_conversion_form_t form"
.Fa "BIGNUM *"

.Fa "BN_CTX *"
.Fc
.Ft EC_POINT *
.Fo EC_POINT_bn2point
.Fa "const EC_GROUP *"
.Fa "const BIGNUM *"
.Fa "EC_POINT *"
.Fa "BN_CTX *"
.Fc

.Ft char *

.Fo EC_POINT_point2hex
.Fa "const EC_GROUP *"
.Fa "const EC_POINT *"
.Fa "point_conversion_form_t form"
.Fa "BN_CTX *"
.Fc
.Ft EC_POINT *
.Fo EC_POINT_hex2point
.Fa "const EC_GROUP *"
.Fa "const char *"
.Fa "EC_POINT *"
.Fa "BN_CTX *"
.Fc
.Sh DESCRIPTION
An
.Vt EC_POINT
represents a point on a curve.
A curve is represented by an
.Vt EC_GROUP
object created by the functions described in
.Xr EC_GROUP_new 3 .
.Pp
A new point is constructed by calling the function
.Fn EC_POINT_new
and providing the
.Fa group
object that the point relates to.
.Pp
.Fn EC_POINT_free
frees the memory associated with the
.Vt EC_POINT .
If
.Fa point
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn EC_POINT_clear_free
destroys any sensitive data held within the
.Vt EC_POINT

and then frees its memory.
If
.Fa point
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn EC_POINT_copy
copies the point
.Fa src
into
.Fa dst .
Both
.Fa src
and
.Fa dst
must use the same
.Vt EC_METHOD .
.Pp
.Fn EC_POINT_dup
creates a new
.Vt EC_POINT
object and copies the content from
.Fa src
to the newly created
.Vt EC_POINT
object.
.Pp
.Fn EC_POINT_method_of
obtains the
.Vt EC_METHOD
associated with
.Fa point .
.Pp
A valid point on a curve is the special point at infinity.
A point is set to be at infinity by calling
.Fn EC_POINT_set_to_infinity .
.Pp
The affine coordinates for a point describe a point in terms of its
.Fa x
and
.Fa y
position.
The functions
.Fn EC_POINT_set_affine_coordinates_GFp
and
.Fn EC_POINT_set_affine_coordinates_GF2m
set the
.Fa x
and
.Fa y
coordinates for the point

.Fa p
defined over the curve given in

.Fa group .
.Pp
As well as the affine coordinates, a point can alternatively be
described in terms of its Jacobian projective coordinates (for Fp
curves only).
Jacobian projective coordinates are expressed as three values
.Fa x ,
.Fa y ,
and
.Fa z .
Working in this coordinate system provides more efficient point
multiplication operations.
A mapping exists between Jacobian projective coordinates and affine
coordinates.
A Jacobian projective coordinate
.Pq Fa x , y , z
can be written as an affine coordinate as
.Pp
.Dl (x/(z^2), y/(z^3)) .
.Pp
Conversion to Jacobian projective from affine coordinates is simple.
The coordinate
.Pq Fa x , y
is mapped to
.Pq Fa x , y , No 1 .
To set or get the projective coordinates use
.Fn EC_POINT_set_Jprojective_coordinates_GFp
and
.Fn EC_POINT_get_Jprojective_coordinates_GFp ,
respectively.
.Pp

Points can also be described in terms of their compressed coordinates.
For a point

.Pq Fa x , y ,
for any given value for
.Fa x
such that the point is on the curve, there will only ever be two
possible values for
.Fa y .
Therefore a point can be set using the
.Fn EC_POINT_set_compressed_coordinates_GFp
and
.Fn EC_POINT_set_compressed_coordinates_GF2m
functions where
.Fa x

is the x coordinate and
.Fa y_bit

is a value 0 or 1 to identify which of the two possible values for y
should be used.
.Pp

In addition
.Vt EC_POINT Ns s
can be converted to and from various external representations.
Supported representations are octet strings,
.Vt BIGNUM Ns s ,
and hexadecimal.
The format of the external representation is described by the
point_conversion_form.
See
.Xr EC_GROUP_copy 3
for a description of point_conversion_form.
Octet strings are stored in a buffer along with an associated buffer
length.
A point held in a
.Vt BIGNUM

is calculated by converting the point to an octet string and then
converting that octet string into a
.Vt BIGNUM
integer.
Points in hexadecimal format are stored in a NUL terminated character
string where each character is one of the printable values 0-9 or A-F
(or a-f).
.Pp
The functions
.Fn EC_POINT_point2oct ,


.Fn EC_POINT_oct2point ,

.Fn EC_POINT_point2bn ,
.Fn EC_POINT_bn2point ,

.Fn EC_POINT_point2hex ,
and
.Fn EC_POINT_hex2point


convert from and to
.Vt EC_POINT Ns s

for the formats octet string,
.Vt BIGNUM ,
and hexadecimal, respectively.

.Pp
The function
.Fn EC_POINT_point2oct
must be supplied with a
.Fa buf
long enough to store the octet string.
The return value provides the number of octets stored.
Calling the function with a
.Dv NULL
.Fa buf
will not perform the conversion but will still return the required
buffer length.
.Pp
The function
.Fn EC_POINT_point2hex
will allocate sufficient memory to store the hexadecimal string.
It is the caller's responsibility to free this memory with a subsequent
call to
.Xr free 3 .
.Sh RETURN VALUES
.Fn EC_POINT_new
and
.Fn EC_POINT_dup
return the newly allocated
.Vt EC_POINT
or
.Dv NULL


on error.
.Pp
The following functions return 1 on success or 0 on error:
.Fn EC_POINT_copy ,
.Fn EC_POINT_set_to_infinity ,
.Fn EC_POINT_set_Jprojective_coordinates_GFp ,
.Fn EC_POINT_get_Jprojective_coordinates_GFp ,
.Fn EC_POINT_set_affine_coordinates_GFp ,
.Fn EC_POINT_get_affine_coordinates_GFp ,
.Fn EC_POINT_set_compressed_coordinates_GFp ,
.Fn EC_POINT_set_affine_coordinates_GF2m ,
.Fn EC_POINT_get_affine_coordinates_GF2m ,
.Fn EC_POINT_set_compressed_coordinates_GF2m ,
and
.Fn EC_POINT_oct2point .
.Pp
.Fn EC_POINT_method_of
returns the
.Vt EC_METHOD
associated with the supplied
.Vt EC_POINT .
.Pp
.Fn EC_POINT_point2oct
returns the length of the required buffer, or 0 on error.
.Pp
.Fn EC_POINT_point2bn
returns the pointer to the
.Vt BIGNUM
supplied or
.Vt NULL
on error.
.Pp
.Fn EC_POINT_bn2point
returns the pointer to the
.Vt EC_POINT
supplied or
.Dv NULL
on error.
.Pp
.Fn EC_POINT_point2hex
returns a pointer to the hex string or
.Dv NULL
on error.
.Pp
.Fn EC_POINT_hex2point
returns the pointer to the
.Vt EC_POINT supplied or
.Dv NULL
on error.
.Sh SEE ALSO
.Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 ,
.Xr EC_GROUP_copy 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr EC_POINT_add 3

Changes to jni/libressl/man/ERR.3.
1

2
3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48

49
50
51
52
53
54
55
56
57
58
59

60
61
62
63
64

65
66
67
68
69
70
71
72











73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109


110
111
112
113
114
115
116
117
118
119
120
121

122
123
124
125
126


127
128


129
130
131
132


133
134
135
136
137
138
139

140
141
142

143
144
145



146
147
148
149

150
151
152
153
154
155
156
157
158

159
160

161
162
163



164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

185
186
187
188
189

190
191


192

193

194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216


217
218
219


220
221
222



223


224
225
226
227
228

229
230

231

232
233

234
235
236



237



238


239
240
241
242

243

244
245
246
247
248
249
250
251
252
253

254
255

256

257
258
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{

.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{

.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"











.IX Title "ERR 3"
.TH ERR 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
ERR \- error codes
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&
\& unsigned long ERR_get_error(void);
\& unsigned long ERR_peek_error(void);
\& unsigned long ERR_get_error_line(const char **file, int *line);
\& unsigned long ERR_peek_error_line(const char **file, int *line);
\& unsigned long ERR_get_error_line_data(const char **file, int *line,
\&         const char **data, int *flags);
\& unsigned long ERR_peek_error_line_data(const char **file, int *line,
\&         const char **data, int *flags);
\&
\& int ERR_GET_LIB(unsigned long e);
\& int ERR_GET_FUNC(unsigned long e);
\& int ERR_GET_REASON(unsigned long e);
\&
\& void ERR_clear_error(void);
\&
\& char *ERR_error_string(unsigned long e, char *buf);
\& const char *ERR_lib_error_string(unsigned long e);
\& const char *ERR_func_error_string(unsigned long e);
\& const char *ERR_reason_error_string(unsigned long e);
\&
\& void ERR_print_errors(BIO *bp);
\& void ERR_print_errors_fp(FILE *fp);
\&
\& void ERR_load_crypto_strings(void);


\& void ERR_free_strings(void);
\&
\& void ERR_remove_state(unsigned long pid);
\&
\& void ERR_put_error(int lib, int func, int reason, const char *file,
\&         int line);
\& void ERR_add_error_data(int num, ...);
\&
\& void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
\& unsigned long ERR_PACK(int lib, int func, int reason);
\& int ERR_get_next_error_library(void);
.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
When a call to the OpenSSL library fails, this is usually signalled
by the return value, and an error code is stored in an error queue
associated with the current thread. The \fBerr\fR library provides


functions to obtain these error codes and textual error messages.
.PP


The \fIERR_get_error\fR\|(3) manpage describes how to
access error codes.
.PP
Error codes contain information about where the error occurred, and


what went wrong. \s-1\fIERR_GET_LIB\s0\fR\|(3) describes how to
extract this information. A method to obtain human-readable error
messages is described in \fIERR_error_string\fR\|(3).
.PP
\&\fIERR_clear_error\fR\|(3) can be used to clear the
error queue.
.PP

Note that \fIERR_remove_state\fR\|(3) should be used to
avoid memory leaks when threads are terminated.
.SH "ADDING NEW ERROR CODES TO OPENSSL"

.IX Header "ADDING NEW ERROR CODES TO OPENSSL"
See \fIERR_put_error\fR\|(3) if you want to record error codes in the
OpenSSL error system from within your application.



.PP
The remainder of this section is of interest only if you want to add
new error codes to OpenSSL or add error codes from external libraries.
.SS "Reporting errors"

.IX Subsection "Reporting errors"
Each sub-library has a specific macro \fIXXXerr()\fR that is used to report
errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second
argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived
from the function names; reason codes consist of textual error
descriptions. For example, the function \fIssl23_read()\fR reports a
\&\*(L"handshake failure\*(R" as follows:
.PP
.Vb 1

\& SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
.Ve

.PP
Function and reason codes should consist of upper case characters,
numbers and underscores only. The error file generation script translates



function codes into function names by looking in the header files
for an appropriate function name, if none is found it just uses
the capitalized form such as \*(L"\s-1SSL23_READ\*(R"\s0 in the above example.
.PP
The trailing section of a reason code (after the \*(L"_R_\*(R") is translated
into lower case and underscores changed to spaces.
.PP
When you are using new function or reason codes, run \fBmake errors\fR.
The necessary \fB#define\fRs will then automatically be added to the
sub-library's header file.
.PP
Although a library will normally report errors using its own specific
XXXerr macro, another library's macro can be used. This is normally
only done when a library wants to include \s-1ASN1\s0 code which must use
the \fIASN1err()\fR macro.
.SS "Adding new libraries"
.IX Subsection "Adding new libraries"
When adding a new sub-library to OpenSSL, assign it a library number
\&\fB\s-1ERR_LIB_XXX\s0\fR, define a macro \fIXXXerr()\fR (both in \fBerr.h\fR), add its
name to \fBERR_str_libraries[]\fR (in \fBcrypto/err/err.c\fR), and add
\&\f(CW\*(C`ERR_load_XXX_strings()\*(C'\fR to the \fIERR_load_crypto_strings()\fR function

(in \fBcrypto/err/err_all.c\fR). Finally, add an entry
.PP
.Vb 1
\& L      XXX     xxx.h   xxx_err.c
.Ve

.PP
to \fBcrypto/err/openssl.ec\fR, and add \fBxxx_err.c\fR to the Makefile.


Running \fBmake errors\fR will then generate a file \fBxxx_err.c\fR, and

add all error codes used in the library to \fBxxx.h\fR.

.PP
Additionally the library include file must have a certain form.
Typically it will initially look like this:
.PP
.Vb 2
\& #ifndef HEADER_XXX_H
\& #define HEADER_XXX_H
\&
\& #ifdef _\|_cplusplus
\& extern "C" {
\& #endif
\&
\& /* Include files */
\&
\& #include <openssl/bio.h>
\& #include <openssl/x509.h>
\&
\& /* Macros, structures and function prototypes */
\&
\&
\& /* BEGIN ERROR CODES */
.Ve
.PP


The \fB\s-1BEGIN ERROR CODES\s0\fR sequence is used by the error code
generation script as the point to place new error codes, any text
after this point will be overwritten when \fBmake errors\fR is run.


The closing #endif etc will be automatically added by the script.
.PP
The generated C error code file \fBxxx_err.c\fR will load the header



files \fBstdio.h\fR, \fBopenssl/err.h\fR and \fBopenssl/xxx.h\fR so the


header file must load any additional header files containing any
definitions it uses.
.SH "USING ERROR CODES IN EXTERNAL LIBRARIES"
.IX Header "USING ERROR CODES IN EXTERNAL LIBRARIES"
It is also possible to use OpenSSL's error code scheme in external

libraries. The library needs to load its own codes and call the OpenSSL
error code insertion script \fBmkerr.pl\fR explicitly to add codes to

the header file and generate the C error code file. This will normally

be done if the external library needs to generate new \s-1ASN1\s0 structures
but it can also be used to add more general purpose error code handling.

.SH "INTERNALS"
.IX Header "INTERNALS"
The error queues are stored in a hash table with one \fB\s-1ERR_STATE\s0\fR



entry for each pid. \fIERR_get_state()\fR returns the current thread's



\&\fB\s-1ERR_STATE\s0\fR. An \fB\s-1ERR_STATE\s0\fR can hold up to \fB\s-1ERR_NUM_ERRORS\s0\fR error


codes. When more error codes are added, the old ones are overwritten,
on the assumption that the most recent errors are most important.
.PP
Error strings are also stored in hash table. The hash tables can

be obtained by calling ERR_get_err_state_table(void) and

ERR_get_string_table(void) respectively.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fICRYPTO_set_id_callback\fR\|(3),
\&\fICRYPTO_set_locking_callback\fR\|(3),
\&\fIERR_get_error\fR\|(3),
\&\s-1\fIERR_GET_LIB\s0\fR\|(3),
\&\fIERR_clear_error\fR\|(3),
\&\fIERR_error_string\fR\|(3),
\&\fIERR_print_errors\fR\|(3),

\&\fIERR_load_crypto_strings\fR\|(3),
\&\fIERR_remove_state\fR\|(3),

\&\fIERR_put_error\fR\|(3),

\&\fIERR_load_strings\fR\|(3),
\&\fISSL_get_error\fR\|(3)
|
>

|
<
|
|
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
<
<
<
<
<
<
<
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<

<
<
>
|
>
>

>
|
|
<
|

<
<
<
<
<
<
>
|
|
<
|
<
>
|
<
|
|
<
<
<

>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
|
<
<
<
>
>
|
<
<
<
<
<
<
<
<
<
|
|
>
|
<
|
|
|
>
>
|
<
>
>
|
|
|
|
>
>
|
|
|
|
|
|
|
>
|
|
|
>
|
|
|
>
>
>
|
|
<
|
>
|
|
|
|
|
|
<
|
|
>
|
|
>
|
|
<
>
>
>
|
<
<
<
|
|
|
|
<
<
|
<
<
<
<
<
<
<
<
<
<
>
|
<
|
|
<
>
|
<
>
>
|
>
|
>
|


|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
>
>
|
|
|
>
>
|
|
|
>
>
>
|
>
>
|

|
<

>
|
|
>
|
>
|
|
>
|
<
|
>
>
>
|
>
>
>
|
>
>
|
|
|
|
>
|
>
|
|
<
<
|
<
<
|
|
|
>
|
|
>
|
>
|
|
1
2
3
4

5
6

7
8
9


10
11



12
13
14










15
16












17
18

19


20
21
22
23
24
25
26
27

28
29






30
31
32

33

34
35

36
37



38
39
40
41
42
43
44
45
46
47
48
49
50
























51
52






53



54
55
56









57
58
59
60

61
62
63
64
65
66

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

95
96
97
98
99
100
101
102

103
104
105
106
107
108
109
110

111
112
113
114



115
116
117
118


119










120
121

122
123

124
125

126
127
128
129
130
131
132
133
134
135

136
137
138
139
140
141
142
143
144
145
146
147
148
149

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

172
173
174
175
176
177
178
179
180
181
182

183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202


203


204
205
206
207
208
209
210
211
212
213
214
.\"	$OpenBSD: ERR.3,v 1.5 2016/11/23 17:54:15 schwarze Exp $
.\"	OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2015 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"










.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in












.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.
.\"






.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"

.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:

.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"



.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
























.\"
.Dd $Mdocdate: November 23 2016 $






.Dt ERR 3



.Os
.Sh NAME
.Nm ERR









.Nd OpenSSL error codes
.Sh SYNOPSIS
.In openssl/err.h
.Sh DESCRIPTION

When a call to the OpenSSL library fails, this is usually signaled by
the return value, and an error code is stored in an error queue
associated with the current thread.
The
.Nm
library provides functions to obtain these error codes and textual error

messages.
The
.Xr ERR_get_error 3
manpage describes how to access error codes.
.Pp
Error codes contain information about where the error occurred, and what
went wrong.
.Xr ERR_GET_LIB 3
describes how to extract this information.
A method to obtain human-readable error messages is described in
.Xr ERR_error_string 3 .
.Pp
.Xr ERR_clear_error 3
can be used to clear the error queue.
.Pp
Note that
.Xr ERR_remove_state 3
should be used to avoid memory leaks when threads are terminated.
.Sh ADDING NEW ERROR CODES TO OPENSSL
See
.Xr ERR_put_error 3
if you want to record error codes in the OpenSSL error system from
within your application.
.Pp
The remainder of this section is of interest only if you want to add new
error codes to OpenSSL or add error codes from external libraries.
.Pp
When you are using new function or reason codes, run

.Sy make errors .
The necessary
.Sy #define Ns s
will then automatically be added to the sub-library's header file.
.Ss Adding new libraries
When adding a new sub-library to OpenSSL, assign it a library number
.Dv ERR_LIB_XXX ,
define a macro

.Fn XXXerr
(both in
.In openssl/err.h ) ,
add its name to
.Va ERR_str_libraries[]
(in
.Pa /usr/src/lib/libcrypto/err/err.c ) ,
and add

.Fn ERR_load_XXX_strings
to the
.Fn ERR_load_crypto_strings
function (in



.Sy /usr/src/lib/libcrypto/err/err_all.c ) .
Finally, add an entry
.Pp
.Dl L XXX xxx.h xxx_err.c


.Pp










to
.Sy /usr/src/lib/libcrypto/err/openssl.ec ,

and add
.Pa xxx_err.c

to the
.Pa Makefile .

Running
.Sy make errors
will then generate a file
.Pa xxx_err.c ,
and add all error codes used in the library to
.Pa xxx.h .
.Pp
Additionally the library include file must have a certain form.
Typically it will initially look like this:
.Bd -literal -offset indent

#ifndef HEADER_XXX_H
#define HEADER_XXX_H

#ifdef __cplusplus
extern "C" {
#endif

/* Include files */

#include <openssl/bio.h>
#include <openssl/x509.h>

/* Macros, structures and function prototypes */


/* BEGIN ERROR CODES */
.Ed
.Pp
The
.Sy BEGIN ERROR CODES
sequence is used by the error code generation script as the point to
place new error codes.
Any text after this point will be overwritten when
.Sy make errors
is run.
The closing #endif etc. will be automatically added by the script.
.Pp
The generated C error code file
.Pa xxx_err.c
will load the header files
.In stdio.h ,
.In openssl/err.h
and
.In openssl/xxx.h
so the header file must load any additional header files containing any
definitions it uses.
.Sh USING ERROR CODES IN EXTERNAL LIBRARIES

It is also possible to use OpenSSL's error code scheme in external
libraries.
The library needs to load its own codes and call the OpenSSL error code
insertion script
.Pa mkerr.pl
explicitly to add codes to the header file and generate the C error code
file.
This will normally be done if the external library needs to generate new
ASN.1 structures but it can also be used to add more general purpose
error code handling.
.Sh INTERNALS

The error queues are stored in a hash table with one
.Vt ERR_STATE
entry for each PID.
.Fn ERR_get_state
returns the current thread's
.Vt ERR_STATE .
An
.Vt ERR_STATE
can hold up to
.Dv ERR_NUM_ERRORS
error codes.
When more error codes are added, the old ones are overwritten, on the
assumption that the most recent errors are most important.
.Pp
Error strings are also stored in a hash table.
The hash tables can be obtained by calling
.Fn ERR_get_err_state_table
and
.Fn ERR_get_string_table .
.Sh SEE ALSO


.Xr CRYPTO_set_locking_callback 3 ,


.Xr ERR_clear_error 3 ,
.Xr ERR_error_string 3 ,
.Xr ERR_get_error 3 ,
.Xr ERR_GET_LIB 3 ,
.Xr ERR_load_crypto_strings 3 ,
.Xr ERR_load_strings 3 ,
.Xr ERR_print_errors 3 ,
.Xr ERR_put_error 3 ,
.Xr ERR_remove_state 3 ,
.Xr ERR_set_mark 3 ,
.Xr SSL_get_error 3
Changes to jni/libressl/man/ERR_GET_LIB.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32

33
34
35
36

37
38
39
40
41
42
43
44




45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90



91
92
93
94
95

96




97
98
99
100
101
102
103
104
105
106

107


108
109
110
111




112
113



114



115
116
117
118
119



120
121
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\

.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"




.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
.TH ERR_GET_LIB 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON \- get library, function and
reason code
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&
\& int ERR_GET_LIB(unsigned long e);
\&
\& int ERR_GET_FUNC(unsigned long e);
\&



\& int ERR_GET_REASON(unsigned long e);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The error code returned by \fIERR_get_error()\fR consists of a library

number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR




and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these.
.PP
The library number and function code describe where the error
occurred, the reason code is the information about what went wrong.
.PP
Each sub-library of OpenSSL has a unique library number; function and
reason codes are unique within each sub-library.  Note that different
libraries may use the same value to signal different functions and
reasons.
.PP

\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally


unique. However, when checking for sub-library specific reason codes,
be sure to also compare the library number.
.PP
\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are macros.




.SH "RETURN VALUES"
.IX Header "RETURN VALUES"



The library number, function code and reason code respectively.



.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"



\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in
all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
>
<
<
|
|
|
<
<

>
>
>
>
|
|
|
|
|
|
|
|

|
|
|
|
|
|
|
|
|
|
<
<
<
<
<
<
|
<
|
|
<
<
<
|
|
|
|
|
<
<
|
|
<
|
<
|
<
>
>
>
|
|
|
<
|
>
|
>
>
>
>
|
|
|
|
|

|
|
|
|
>
|
>
>
|
|
|
<
>
>
>
>
|
|
>
>
>
|
>
>
>
|
|
|
|
<
>
>
>
|
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27
28
29
30
31
32

33


34
35
36


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60






61

62
63



64
65
66
67
68


69
70

71

72

73
74
75
76
77
78

79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120
121
122
123
124
.\"	$OpenBSD: ERR_GET_LIB.3,v 1.5 2016/12/16 08:53:30 schwarze Exp $
.\"	OpenSSL doc/man3/ERR_GET_LIB.pod 3dfda1a6 Dec 12 11:14:40 2016 -0500
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following


.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt ERR_GET_LIB 3
.Os
.Sh NAME
.Nm ERR_GET_LIB ,
.Nm ERR_GET_FUNC ,
.Nm ERR_GET_REASON ,
.Nm ERR_FATAL_ERROR
.Nd get library, function and reason codes for OpenSSL errors
.Sh SYNOPSIS






.In openssl/err.h

.Ft int
.Fo ERR_GET_LIB



.Fa "unsigned long e"
.Fc
.Ft int
.Fo ERR_GET_FUNC
.Fa "unsigned long e"


.Fc
.Ft int

.Fo ERR_GET_REASON

.Fa "unsigned long e"

.Fc
.Ft int
.Fo ERR_FATAL_ERROR
.Fa "unsigned long e"
.Fc
.Sh DESCRIPTION

The error code returned by
.Xr ERR_get_error 3
consists of a library number, function code, and reason code.
.Fn ERR_GET_LIB ,
.Fn ERR_GET_FUNC ,
and
.Fn ERR_GET_REASON
can be used to extract these.
.Pp
The library number and function code describe where the error occurred,
whereas the reason code is the information about what went wrong.
.Pp
Each sub-library of OpenSSL has a unique library number; function and
reason codes are unique within each sub-library.
Note that different libraries may use the same value to signal different
functions and reasons.
.Pp
.Dv ERR_R_*
reason codes such as
.Dv ERR_R_MALLOC_FAILURE
are globally unique.
However, when checking for sub-library specific reason codes, be sure to
also compare the library number.
.Pp

.Fn ERR_FATAL_ERROR
indicates whether a given error code is a fatal error.
.Pp
These functions are implemented as macros.
.Sh RETURN VALUES
.Fn ERR_GET_LIB ,
.Fn ERR_GET_FUNC ,
and
.Fn ERR_GET_REASON
return the library number, function code, and reason code, respectively.
.Pp
.Fn ERR_FATAL_ERROR
returns non-zero if the error is fatal or 0 otherwise.
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_get_error 3
.Sh HISTORY

.Fn ERR_GET_LIB ,
.Fn ERR_GET_FUNC ,
and
.Fn ERR_GET_REASON
are available in all versions of SSLeay and OpenSSL.
Added jni/libressl/man/ERR_asprintf_error_data.3.














































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
.\" $OpenBSD: ERR_asprintf_error_data.3,v 1.2 2017/02/21 07:15:21 jmc Exp $
.\"
.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: February 21 2017 $
.Dt ERR_ASPRINTF_ERROR_DATA 3
.Os
.Sh NAME
.Nm ERR_asprintf_error_data
.Nd record a LibreSSL error using a formatted string
.Sh SYNOPSIS
.In openssl/err.h
.Ft void
.Fo ERR_asprintf_error_data
.Fa "char * format"
.Fa ...
.Fc
.Sh DESCRIPTION
.Nm
builds a string using
.Xr asprintf 3
called with the provided
.Ar format
and arguments.
The resulting string is then associated with the error code that was most
recently added.
If
.Xr asprintf 3
fails, the string "malloc failed" is associated instead.
.Pp
.Nm
is intended to be used instead of the OpenSSL functions
.Xr ERR_add_error_data 3
and
.Xr ERR_add_error_vdata 3 .
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_put_error 3 ,
.Xr printf 3
.Sh HISTORY
.Nm
appeared in
.Ox 5.6
and is available in all versions of LibreSSL.
Changes to jni/libressl/man/ERR_clear_error.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46


47
48
49

50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96
97
98
99
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for

.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ERR_clear_error 3"
.TH ERR_clear_error 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
ERR_clear_error \- clear the error queue
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&

\& void ERR_clear_error(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIERR_clear_error()\fR empties the current thread's error queue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIERR_clear_error()\fR has no return value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

<
<
>
>
|

<
>
|
|
|

|
|
|
|
|
|
|
|
|
|
|
<
<
<
<
<
<
<
|
<
<
|
|
|
|
|
|
|
|
<
|
<
>
|
<
|
|
|
<
<
<
|
|
|
|
|
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26

27


28


29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48







49


50
51
52
53
54
55
56
57

58

59
60

61
62
63



64
65
66
67
68
69
.\"	$OpenBSD: ERR_clear_error.3,v 1.3 2016/11/23 17:58:42 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED







.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: November 23 2016 $
.Dt ERR_CLEAR_ERROR 3
.Os
.Sh NAME
.Nm ERR_clear_error
.Nd clear the OpenSSL error queue
.Sh SYNOPSIS

.In openssl/err.h

.Ft void
.Fn ERR_clear_error void

.Sh DESCRIPTION
.Fn ERR_clear_error
empties the current thread's error queue.



.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_get_error 3
.Sh HISTORY
.Fn ERR_clear_error
is available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/ERR_error_string.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17



18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35





36
37
38
39
40
41
42
43
44

45
46
47
48


49
50
51
52




53
54
55
56
57
58
59
60
61
62
63
64
65


66
67
68

69
70
71


72

73
74
75

76
77
78


79





80
81
82
83
84
85
86
87

88

89
90
91
92

93



94
95
96
97

98

99


100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

121













122
123
124
125
126
127
128
129
130
131
132
133

134


135
136
137
138
139

140
141
142
143
144

145
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..



.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}





.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.




.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0


.            nr F 2
.        \}
.    \}

.\}
.rr rF
.\" ========================================================================


.\"

.IX Title "ERR_error_string 3"
.TH ERR_error_string 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes

.\" way too many mistakes in technical documents.
.if n .ad l
.nh


.SH "NAME"





ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable
error message
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&

\& char *ERR_error_string(unsigned long e, char *buf);

\& void ERR_error_string_n(unsigned long e, char *buf, size_t len);
\&
\& const char *ERR_lib_error_string(unsigned long e);
\& const char *ERR_func_error_string(unsigned long e);

\& const char *ERR_reason_error_string(unsigned long e);



.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIERR_error_string()\fR generates a human-readable string representing the

error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 120

bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a


static buffer.
\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes
at most \fIlen\fR characters (including the terminating 0)
and truncates the string if necessary.
For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR.
.PP
The string will have the following format:
.PP
.Vb 1
\& error:[error code]:[library name]:[function name]:[reason string]
.Ve
.PP
\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR,
\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text.
.PP
\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
\&\fIERR_reason_error_string()\fR return the library name, function
name and reason string respectively.
.PP
The OpenSSL error strings should be loaded by calling
\&\fIERR_load_crypto_strings\fR\|(3) or, for \s-1SSL\s0

applications, \fISSL_load_error_strings\fR\|(3)













first.
If there is no text string registered for the given error code,
the error string will contain the numeric code.
.PP
\&\fIERR_print_errors\fR\|(3) can be used to print
all error codes currently in the queue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the
string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise.
.PP
\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and

\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if


none is registered for the error code.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3),
\&\fIERR_load_crypto_strings\fR\|(3),

\&\fISSL_load_error_strings\fR\|(3)
\&\fIERR_print_errors\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIERR_error_string()\fR is available in all versions of SSLeay and OpenSSL.

\&\fIERR_error_string_n()\fR was added in OpenSSL 0.9.6.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
>
>
>
|
|
|
|
|
|
|
|
<
|
|
<
<
|
>
|
|
|
|
>
>
>
>
>
|
|
|
|
|
|
|
<

>
|
<
<
|
>
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
|
|
<
|
<
|
>
>
|
|
|
>
|
|
<
>
>
|
>
|
<
|
>
|
|
|
>
>
|
>
>
>
>
>
|
<
<
<
|
|
|
<
>
|
>
|
<
|
|
>
|
>
>
>
|
<
<
|
>
|
>
|
>
>
|
|
|
|
<
<
|
<
<
<
<
<
<
<
<
<
|
|
|

|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
<
|
<
<
<
<
|
<
<
|
>
|
>
>
|
|
|
|
|
>
|
<
|
|
|
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

30
31


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73

74
75
76
77
78
79
80
81
82

83
84
85
86
87

88
89
90
91
92
93
94
95
96
97
98
99
100
101



102
103
104

105
106
107
108

109
110
111
112
113
114
115
116


117
118
119
120
121
122
123
124
125
126
127


128









129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

151




152


153
154
155
156
157
158
159
160
161
162
163
164

165
166
167
168
169
.\"	$OpenBSD: ERR_error_string.3,v 1.4 2016/11/23 17:55:31 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2004 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"

.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: November 23 2016 $
.Dt ERR_ERROR_STRING 3


.Os
.Sh NAME
.Nm ERR_error_string ,
.Nm ERR_error_string_n ,
.Nm ERR_lib_error_string ,
.Nm ERR_func_error_string ,
.Nm ERR_reason_error_string
.Nd obtain human-readable OpenSSL error messages
.Sh SYNOPSIS
.In openssl/err.h
.Ft char *
.Fo ERR_error_string
.Fa "unsigned long e"
.Fa "char *buf"
.Fc
.Ft void
.Fo ERR_error_string_n
.Fa "unsigned long e"
.Fa "char *buf"
.Fa "size_t len"

.Fc

.Ft const char *
.Fo ERR_lib_error_string
.Fa "unsigned long e"
.Fc
.Ft const char *
.Fo ERR_func_error_string
.Fa "unsigned long e"
.Fc
.Ft const char *

.Fo ERR_reason_error_string
.Fa "unsigned long e"
.Fc
.Sh DESCRIPTION
.Fn ERR_error_string

generates a human-readable string representing the error code
.Fa e
and places it in
.Fa buf .
.Fa buf
must be at least 256 bytes long.
If
.Fa buf
is
.Dv NULL ,
the error string is placed in a static buffer.
Note that this function is not thread-safe and does no checks on
the size of the buffer; use
.Fn ERR_error_string_n



instead.
.Pp
.Fn ERR_error_string_n

is a variant of
.Fn ERR_error_string
that writes at most
.Fa len

characters (including the terminating NUL) and truncates the string
if necessary.
For
.Fn ERR_error_string_n ,
.Fa buf
may not be
.Dv NULL .
.Pp


The string will have the following format:
.Pp
.Dl error:[error code]:[library name]:[function name]:[reason string]
.Pp
The error code is an 8-digit hexadecimal number.
The library name, the function name, and the reason string are ASCII
text.
.Pp
.Fn ERR_lib_error_string ,
.Fn ERR_func_error_string ,
and


.Fn ERR_reason_error_string









return the library name, the function name, and the reason string,
respectively.
.Pp
The OpenSSL error strings should be loaded by calling
.Xr ERR_load_crypto_strings 3
or, for SSL applications,
.Xr SSL_load_error_strings 3
first.
If there is no text string registered for the given error code, the
error string will contain the numeric code.
.Pp
.Xr ERR_print_errors 3
can be used to print all error codes currently in the queue.
.Sh RETURN VALUES
.Fn ERR_error_string
returns a pointer to a static buffer containing the string if
.Fa buf
is
.Dv NULL ,
or
.Fa buf
otherwise.

.Pp




.Fn ERR_lib_error_string ,


.Fn ERR_func_error_string ,
and
.Fn ERR_reason_error_string
return the strings, or
.Dv NULL
if none is registered for the error code.
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_get_error 3 ,
.Xr ERR_load_crypto_strings 3 ,
.Xr ERR_print_errors 3 ,
.Xr SSL_load_error_strings 3

.Sh HISTORY
.Fn ERR_error_string
is available in all versions of SSLeay and OpenSSL.
.Fn ERR_error_string_n
was added in OpenSSL 0.9.6.
Changes to jni/libressl/man/ERR_get_error.3.
1

2
3
4
5
6
7
8


9
10
11

12
13



14
15
16




17
18
19
20
21
22

23
24
25
26
27
28
29
30
31

32
33
34
35

36
37
38
39




40
41
42
43
44

45
46
47
48


49
50
51
52
53
54


55
56




57
58
59
60
61
62

63
64
65
66
67
68
69


70
71

72

73
74
75
76
77
78


79
80
81
82






83

84

85
86
87
88

89





90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

113
114
115

116
117

118










119

120
121
122
123
124
125
126

127
128



129



130







131
132
133
134
135
136
137
138
139
140
141
142
143

144


145


146
147

148

149

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..



.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}

.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``




.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX
..




.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}


.rr rF
.\" ========================================================================

.\"

.IX Title "ERR_get_error 3"
.TH ERR_get_error 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh


.SH "NAME"
ERR_get_error, ERR_peek_error, ERR_peek_last_error,
ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
ERR_get_error_line_data, ERR_peek_error_line_data,






ERR_peek_last_error_line_data \- obtain error code and data

.SH "SYNOPSIS"

.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&

\& unsigned long ERR_get_error(void);





\& unsigned long ERR_peek_error(void);
\& unsigned long ERR_peek_last_error(void);
\&
\& unsigned long ERR_get_error_line(const char **file, int *line);
\& unsigned long ERR_peek_error_line(const char **file, int *line);
\& unsigned long ERR_peek_last_error_line(const char **file, int *line);
\&
\& unsigned long ERR_get_error_line_data(const char **file, int *line,
\&         const char **data, int *flags);
\& unsigned long ERR_peek_error_line_data(const char **file, int *line,
\&         const char **data, int *flags);
\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
\&         const char **data, int *flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIERR_get_error()\fR returns the earliest error code from the thread's error
queue and removes the entry. This function can be called repeatedly
until there are no more error codes to return.
.PP
\&\fIERR_peek_error()\fR returns the earliest error code from the thread's
error queue without modifying it.
.PP

\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's
error queue without modifying it.
.PP

See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining information about
location and reason of the error, and

\&\fIERR_error_string\fR\|(3) for human-readable error










messages.

.PP
\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and
\&\fIERR_peek_last_error_line()\fR are the same as the above, but they
additionally store the file name and line number where
the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR.
.PP
\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and

\&\fIERR_peek_last_error_line_data()\fR store additional data and flags
associated with the error code in *\fBdata\fR



and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string



if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true.







.PP
An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
returned by these functions) with \fIfree()\fR as freeing is handled
automatically by the error library.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The error code, or 0 if there is no error in the queue.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3),
\&\s-1\fIERR_GET_LIB\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIERR_get_error()\fR, \fIERR_peek_error()\fR, \fIERR_get_error_line()\fR and


\&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and


OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR
were added in SSLeay 0.9.0.

\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and

\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7.

|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
>
>
>
|
<
|
>
>
>
>
|
<
<
<
|
|
>
|
|
<
|
|
|
<
<
|
>
|
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
<

>
|
<
<
|
>
>
|
|
|
|
|
|
>
>
|
|
>
>
>
>
|
|
|
|
|
|
>
|
<
|
|
|
|
|
>
>
|
<
>
|
>
|
<
<
<
|
|
>
>
|
<
|
|
>
>
>
>
>
>
|
>
|
>
|
|
<
<
>
|
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
|
|
>
|
|
|
>
|
|
>
|
>
>
>
>
>
>
>
>
>
>
|
>
|
|
<
<
<
<
|
>
|
|
>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
|
<
<
|
|
<

|
|
|
|
|
|
>
|
>
>
|
>
>
|

>
|
>
|
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17

18
19
20
21
22
23



24
25
26
27
28

29
30
31


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85

86
87
88
89



90
91
92
93
94

95
96
97
98
99
100
101
102
103
104
105
106
107
108


109
110
111
112
113
114
115
116















117




118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142




143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162


163
164

165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
.\"	$OpenBSD: ERR_get_error.3,v 1.4 2016/11/23 17:59:29 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002, 2014 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"



.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: November 23 2016 $
.Dt ERR_GET_ERROR 3


.Os
.Sh NAME
.Nm ERR_get_error ,
.Nm ERR_peek_error ,
.Nm ERR_peek_last_error ,
.Nm ERR_get_error_line ,
.Nm ERR_peek_error_line ,
.Nm ERR_peek_last_error_line ,
.Nm ERR_get_error_line_data ,
.Nm ERR_peek_error_line_data ,
.Nm ERR_peek_last_error_line_data
.Nd obtain OpenSSL error code and data
.Sh SYNOPSIS
.In openssl/err.h
.Ft unsigned long
.Fn ERR_get_error void
.Ft unsigned long
.Fn ERR_peek_error void
.Ft unsigned long
.Fn ERR_peek_last_error void
.Ft unsigned long
.Fo ERR_get_error_line
.Fa "const char **file"
.Fa "int *line"
.Fc

.Ft unsigned long
.Fo ERR_peek_error_line
.Fa "const char **file"
.Fa "int *line"
.Fc
.Ft unsigned long
.Fo ERR_peek_last_error_line
.Fa "const char **file"

.Fa "int *line"
.Fc
.Ft unsigned long
.Fo ERR_get_error_line_data



.Fa "const char **file"
.Fa "int *line"
.Fa "const char **data"
.Fa "int *flags"
.Fc

.Ft unsigned long
.Fo ERR_peek_error_line_data
.Fa "const char **file"
.Fa "int *line"
.Fa "const char **data"
.Fa "int *flags"
.Fc
.Ft unsigned long
.Fo ERR_peek_last_error_line_data
.Fa "const char **file"
.Fa "int *line"
.Fa "const char **data"
.Fa "int *flags"
.Fc


.Sh DESCRIPTION
.Fn ERR_get_error
returns the earliest error code from the thread's error queue and
removes the entry.
This function can be called repeatedly until there are no more error
codes to return.
.Pp
.Fn ERR_peek_error















returns the earliest error code from the thread's error queue without




modifying it.
.Pp
.Fn ERR_peek_last_error
returns the latest error code from the thread's error queue without
modifying it.
.Pp
See
.Xr ERR_GET_LIB 3
for obtaining information about the location and reason for the error, and
.Xr ERR_error_string 3
for human-readable error messages.
.Pp
.Fn ERR_get_error_line ,
.Fn ERR_peek_error_line ,
and
.Fn ERR_peek_last_error_line
are the same as the above, but they additionally store the file name and
line number where the error occurred in
.Pf * Fa file
and
.Pf * Fa line ,
unless these are
.Dv NULL .
.Pp
.Fn ERR_get_error_line_data ,




.Fn ERR_peek_error_line_data ,
and
.Fn ERR_peek_last_error_line_data
store additional data and flags associated with the error code in
.Pf * Fa data
and
.Pf * Fa flags ,
unless these are
.Dv NULL .
.Pf * Fa data
contains a string if
.Pf * Fa flags Ns & Ns Dv ERR_TXT_STRING
is true.
.Pp
An application
.Sy MUST NOT
free the
.Pf * Fa data
pointer (or any other pointers returned by these functions) with
.Xr free 3


as freeing is handled automatically by the error library.
.Sh RETURN VALUES

The error code, or 0 if there is no error in the queue.
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_error_string 3 ,
.Xr ERR_GET_LIB 3
.Sh HISTORY
.Fn ERR_get_error ,
.Fn ERR_peek_error ,
.Fn ERR_get_error_line ,
and
.Fn ERR_peek_error_line
are available in all versions of SSLeay and OpenSSL.
.Fn ERR_get_error_line_data
and
.Fn ERR_peek_error_line_data
were added in SSLeay 0.9.0.
.Fn ERR_peek_last_error ,
.Fn ERR_peek_last_error_line ,
and
.Fn ERR_peek_last_error_line_data
were added in OpenSSL 0.9.7.
Changes to jni/libressl/man/ERR_load_crypto_strings.3.
1

2
3
4
5
6
7

8
9


10







11
12


13


14
15
16


17
18
19
20
21
22
23
24
25
26
27

28
29
30

31
32

33
34

35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53


54
55








56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

87

88
89



90
91







92






93
94
95

96

97


98
99
100
101
102
103

104
105
106
107
108
109
110
111
112
113

114


115
116







.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp

..
.de Vb \" Begin verbatim text


.ft CW







.nf
.ne \\$1


..


.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""

'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"


.\" Avoid warning from groff about undefined register 'F'.
.de IX








..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
.TH ERR_load_crypto_strings 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
load and free error strings
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&

\& void ERR_load_crypto_strings(void);

\& void ERR_free_strings(void);
\&



\& #include <openssl/ssl.h>
\&







\& void SSL_load_error_strings(void);






.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIERR_load_crypto_strings()\fR registers the error strings for all

\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same,


but also registers the \fBlibssl\fR error strings.
.PP
One of these functions should be called before generating
textual error messages. However, this is not required when memory
usage is an issue.
.PP

\&\fIERR_free_strings()\fR frees all previously loaded error strings.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and
\&\fIERR_free_strings()\fR return no values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIERR_load_error_strings()\fR, \fISSL_load_error_strings()\fR and


\&\fIERR_free_strings()\fR are available in all versions of SSLeay and
OpenSSL.







|
>

|
<
|
<
|
>
|
|
>
>
|
>
>
>
>
>
>
>
|
<
>
>
|
>
>
|
<
|
>
>
|
<
<
<
<
<
<
<
<
<
<
>
|
<
<
>
|
|
>
|
|
>
|
<
<
|
|
|
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
|
|
>
>
>
>
>
>
>
>
|
<
<
|
|
<
<
|
<
<
<
<
<
|
<
<
<
|
|
<
<
|
<
<
|
|
|
<
<
|
<
>
|
>
|
<
>
>
>
|
<
>
>
>
>
>
>
>
|
>
>
>
>
>
>
|
|
|
>
|
>
|
>
>
|
|
|
|
|
|
>
|
<
<
<
<
|
|
|
|
<
>
|
>
>
|
|
>
>
>
>
>
>
>
1
2
3
4

5

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

21
22
23
24
25
26

27
28
29
30










31
32


33
34
35
36
37
38
39
40


41
42
43
44


45


46
47
48
49



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67


68
69


70





71



72
73


74


75
76
77


78

79
80
81
82

83
84
85
86

87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117




118
119
120
121

122
123
124
125
126
127
128
129
130
131
132
133
134
.\"	$OpenBSD: ERR_load_crypto_strings.3,v 1.5 2017/01/26 04:37:08 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file is a derived work.

.\" The changes are covered by the following Copyright and license:

.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.\" The original file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"










.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in


.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: January 26 2017 $
.Dt ERR_LOAD_CRYPTO_STRINGS 3


.Os





.Sh NAME



.Nm ERR_load_crypto_strings ,
.Nm ERR_free_strings ,


.Nm ERR_load_BN_strings ,


.Nm SSL_load_error_strings
.Nd load and free OpenSSL error strings
.Sh SYNOPSIS


.In openssl/err.h

.Ft void
.Fn ERR_load_crypto_strings void
.Ft void
.Fn ERR_free_strings void

.In openssl/bn.h
.Ft void
.Fn ERR_load_BN_strings void
.In openssl/ssl.h

.Ft void
.Fn SSL_load_error_strings void
.Sh DESCRIPTION
.Fn ERR_load_crypto_strings
registers the error strings for all
.Xr crypto 3
functions.
.Fn SSL_load_error_strings
does the same, but also registers the
.Xr ssl 3
error strings.
.Pp
.Fn ERR_load_BN_strings
only registers the error strings for the
.Vt BIGNUM
part of the library, i.e. the functions documented in
.Xr BN_new 3
and in the manual pages referenced from there.
That may be useful if no other parts of the crypto library
are used by the program.
Similar functions exist for other parts of the crypto library,
but they are not yet documented.
.Pp
If the error strings were already loaded before, no action occurs.
.Pp
One of these functions should be called before generating textual error
messages.
However, this is not required when memory usage is an issue.
.Pp
.Fn ERR_free_strings
frees all previously loaded error strings.




.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_error_string 3
.Sh HISTORY

.Fn ERR_load_crypto_strings ,
.Fn SSL_load_error_strings ,
and
.Fn ERR_free_strings
are available in all versions of SSLeay and OpenSSL.
.Sh BUGS
Even though the error strings are already compiled into the object
code of the library as static strings, these functions store them
again using dynamically allocated memory on the heap.
That may fail if insufficient memory is available,
but these functions do not report such errors.
Instead, they fail silently, possibly having registered none or only
a part of the strings requested.
Changes to jni/libressl/man/ERR_load_strings.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48






49
50
51


52
53
54
55


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79

80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

95

96

97
98
99

100
101

102
103
104
105
106
107
108




109
110
111

112
113
114
115
116

117

118
119
120
121
122
123



124
125
126
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"






.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the


.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ERR_load_strings 3"
.TH ERR_load_strings 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"

ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load
arbitrary error strings
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&
\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
\&
\& int ERR_get_next_error_library(void);
\&
\& unsigned long ERR_PACK(int lib, int func, int reason);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR.

.PP

\&\fBstr\fR is an array of error string data:
.PP
.Vb 5

\& typedef struct ERR_string_data_st
\& {

\&        unsigned long error;
\&        char *string;
\& } ERR_STRING_DATA;
.Ve
.PP
The error code is generated from the library number and a function and
reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR).




\&\s-1\fIERR_PACK\s0()\fR is a macro.
.PP
The last entry in the array is {0,0}.

.PP
\&\fIERR_get_next_error_library()\fR can be used to assign library numbers
to user libraries at runtime.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"

\&\s-1\fIERR_PACK\s0()\fR return the error code.

\&\fIERR_get_next_error_library()\fR returns a new library number.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"



\&\fIERR_load_error_strings()\fR and \s-1\fIERR_PACK\s0()\fR are available in all versions
of SSLeay and OpenSSL. \fIERR_get_next_error_library()\fR was added in
SSLeay 0.9.0.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
<
|
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
|
|
|
>
>
|

<
<
>
>
|
|
<
<
|
|
|
<
|
<
<
<
<
|
|
<
|
|
<
<
<
|
>
|
<
>
|
|
|
|
|
|
<
<
<
|
<
<
<
|
<
>
|
>
|
>
|
<
<
>
|
<
>
|
|
|
|
|

|
>
>
>
>
|
|
|
>
|
|
|
|
<
>
|
>
|
|
|
<
|
<
>
>
>
|
|
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26



27


28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54


55
56
57

58




59
60

61
62



63
64
65

66
67
68
69
70
71
72



73



74

75
76
77
78
79
80


81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103
104
105
106
107
108

109

110
111
112
113
114
115
.\"	$OpenBSD: ERR_load_strings.3,v 1.4 2016/11/23 17:59:29 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact



.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 23 2016 $
.Dt ERR_LOAD_STRINGS 3
.Os
.Sh NAME


.Nm ERR_load_strings ,
.Nm ERR_PACK ,
.Nm ERR_get_next_error_library

.Nd load arbitrary OpenSSL error strings




.Sh SYNOPSIS
.In openssl/err.h

.Ft void
.Fo ERR_load_strings



.Fa "int lib"
.Fa "ERR_STRING_DATA str[]"
.Fc

.Ft unsigned long
.Fo ERR_PACK
.Fa "int lib"
.Fa "int func"
.Fa "int reason"
.Fc
.Ft int



.Fn ERR_get_next_error_library void



.Sh DESCRIPTION

.Fn ERR_load_strings
registers error strings for library number
.Fa lib .
.Pp
.Fa str
is an array of error string data:


.Bd -literal -offset indent
typedef struct ERR_string_data_st

{
        unsigned long error;
        char *string;
} ERR_STRING_DATA;
.Ed
.Pp
The error code is generated from the library number and a function and
reason code:
.Pp
.Dl error = ERR_PACK(lib, func, reason)
.Pp
.Fn ERR_PACK
is a macro.
.Pp
The last entry in the array is
.Brq 0 , Dv NULL .
.Pp
.Fn ERR_get_next_error_library
can be used to assign library numbers to user libraries at runtime.
.Sh RETURN VALUES

.Fn ERR_PACK
returns the error code.
.Fn ERR_get_next_error_library
returns a new library number.
.Sh SEE ALSO
.Xr ERR 3

.Sh HISTORY

.Fn ERR_load_error_strings
and
.Fn ERR_PACK
are available in all versions of SSLeay and OpenSSL.
.Fn ERR_get_next_error_library
was added in SSLeay 0.9.0.
Changes to jni/libressl/man/ERR_print_errors.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48










49
50
51
52
53
54
55


56
57


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87


88
89
90

91
92

93
94

95
96
97
98





99

100
101

102
103
104
105

106
107
108
109
110
111


112

113
114
115
116
117
118
119
120

121
122
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"










.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0


.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ERR_print_errors 3"
.TH ERR_print_errors 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"
ERR_print_errors, ERR_print_errors_fp \- print error messages
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&
\& void ERR_print_errors(BIO *bp);
\& void ERR_print_errors_fp(FILE *fp);


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIERR_print_errors()\fR is a convenience function that prints the error
strings for all errors that OpenSSL has recorded to \fBbp\fR, thus

emptying the error queue.
.PP

\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a
\&\fB\s-1FILE\s0\fR.
.PP
The error strings will have the following format:





.PP

.Vb 1
\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]

.Ve
.PP
\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR,
\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional

text message\fR if one was set for the respective error code.
.PP
If there is no text string registered for the given error code,
the error string will contain the numeric code.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"


\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values.

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3),
\&\fIERR_get_error\fR\|(3),
\&\fIERR_load_crypto_strings\fR\|(3),
\&\fISSL_load_error_strings\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR
are available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
|
|
|
|
|
|
<
<
<
<
<
<
<
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
>
|
<
<
|

<
<
>
>
|
|
>
>
|
|
|
<
<
<
<
<
<
<
<
<
|
<
|
|
<
<
<
<
>
|
|
|
|
<
|
<
<
|
|
>
>
|
|
<
>
|
|
>
|
|
>
|
|
|
|
>
>
>
>
>
|
>
|
|
>
|
|
|
|
>
|
|
|
|
|
<
>
>
|
>
|
|
|
|
|
|
|
|
>
|

1
2
3
4

5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25
26
27
28
29
30
31









32


33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49


50
51


52
53
54
55
56
57
58
59
60









61

62
63




64
65
66
67
68

69


70
71
72
73
74
75

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
.\"	$OpenBSD: ERR_print_errors.3,v 1.4 2016/11/23 17:56:36 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,

.\" with additions by Rich Salz <rsalz@openssl.org>.
.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written









.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 23 2016 $
.Dt ERR_PRINT_ERRORS 3
.Os
.Sh NAME
.Nm ERR_print_errors ,
.Nm ERR_print_errors_fp ,
.Nm ERR_print_errors_cb
.Nd print OpenSSL error messages
.Sh SYNOPSIS









.In openssl/err.h

.Ft void
.Fo ERR_print_errors




.Fa "BIO *bp"
.Fc
.Ft void
.Fo ERR_print_errors_fp
.Fa "FILE *fp"

.Fc


.Ft void
.Fo ERR_print_errors_cb
.Fa "int (*cb)(const char *str, size_t len, void *u)"
.Fa "void *u"
.Fc
.Sh DESCRIPTION

.Fn ERR_print_errors
is a convenience function that prints the error strings for all errors
that OpenSSL has recorded to
.Fa bp ,
thus emptying the error queue.
.Pp
.Fn ERR_print_errors_fp
is the same, except that the output goes to a
.Vt FILE .
.Pp
.Fn ERR_print_errors_cb
is the same, except that the callback function,
.Fa cb ,
is called for each error line with the string, length, and userdata
.Fa u
as the callback parameters.
.Pp
The error strings have the following format:
.Bd -literal
[pid]:error:[error code]:[library name]:[function name]:[reason string]:
[file name]:[line]:[optional text message]
.Ed
.Pp
The error code is an 8-digit hexadecimal number.
The library name, the function name, and the reason string are ASCII
text, as is the optional text message if one was set for the
respective error code.
.Pp
If there is no text string registered for the given error code, the
error string will contain the numeric code.
.Sh RETURN VALUES

.Fn ERR_print_errors
and
.Fn ERR_print_errors_fp
return no values.
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_error_string 3 ,
.Xr ERR_get_error 3 ,
.Xr ERR_load_crypto_strings 3 ,
.Xr SSL_load_error_strings 3
.Sh HISTORY
.Fn ERR_print_errors
and
.Fn ERR_print_errors_fp
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/ERR_put_error.3.
1

2
3
4
5
6
7
8


9
10
11

12
13



14
15




16




17
18
19
20
21
22


23
24
25
26

27




28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


48






49
50
51
52




53
54



55




56




57
58
59
60
61
62
63
64

65
66
67

68

69
70
71

72

73
74
75
76

77

78
79
80


81
82


83

84
85

86
87
88

89





90

91
92
93
94
95
96



97
98
99


100


101
102


103
104
105
106
107
108
109

110
111
112
113

114
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..



.de Ve \" End verbatim text
.ft R




.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-




.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '


.\"






.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.




.\"
.\" Avoid warning from groff about undefined register 'F'.



.de IX




..




.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{

.            nr % 0
.            nr F 2
.        \}

.    \}

.\}
.rr rF
.\" ========================================================================

.\"

.IX Title "ERR_put_error 3"
.TH ERR_put_error 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l

.nh
.SH "NAME"
ERR_put_error, ERR_add_error_data \- record an error


.SH "SYNOPSIS"
.IX Header "SYNOPSIS"


.Vb 1

\& #include <openssl/err.h>
\&

\& void ERR_put_error(int lib, int func, int reason, const char *file,
\&         int line);
\&

\& void ERR_add_error_data(int num, ...);





.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It
signals that the error of reason code \fBreason\fR occurred in function
\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR.
This function is usually called by a macro.



.PP
\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string
arguments with the error code added last.


.PP


\&\fIERR_load_strings\fR\|(3) can be used to register
error strings so that the application can a generate human-readable


error messages for the error code.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return
no values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIERR_put_error()\fR is available in all versions of SSLeay and OpenSSL.

\&\fIERR_add_error_data()\fR was added in SSLeay 0.9.0.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
>
>
>
|
|
>
>
>
>
|
>
>
>
>
|
<
<
<
<
<
>
>
|
|
<
<
>
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
<
<
<
<
<

<
<
<
>
>
|
>
>
>
>
>
>
|
|
|
|
>
>
>
>
|
|
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
<
|
<
<
|
|
>
|
<
|
>
|
>
|
|
<
>
|
>
|
<
<
|
>
|
>
|
<
|
>
>
|
|
>
>
|
>
|
<
>
|
|
<
>
|
>
>
>
>
>
|
>
|
<
<
|
|
|
>
>
>
|
<
<
>
>
|
>
>
|
<
>
>
|
<
<
<
|
|
|
>
|
|
|
|
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28





29
30
31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49





50



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83


84


85
86
87
88

89
90
91
92
93
94

95
96
97
98


99
100
101
102
103

104
105
106
107
108
109
110
111
112
113

114
115
116

117
118
119
120
121
122
123
124
125
126


127
128
129
130
131
132
133


134
135
136
137
138
139

140
141
142



143
144
145
146
147
148
149
150
151
152
.\"	$OpenBSD: ERR_put_error.3,v 1.5 2017/02/20 23:21:19 beck Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"





.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.





.\"



.Dd $Mdocdate: February 20 2017 $
.Dt ERR_PUT_ERROR 3
.Os
.Sh NAME
.Nm ERR_put_error ,
.Nm ERR_add_error_data ,
.Nm ERR_add_error_vdata
.Nd record an OpenSSL error
.Sh SYNOPSIS
.In openssl/err.h
.Ft void
.Fo ERR_put_error
.Fa "int lib"
.Fa "int func"
.Fa "int reason"
.Fa "const char *file"
.Fa "int line"
.Fc
.Ft void
.Fo ERR_add_error_data
.Fa "int num"
.Fa ...
.Fc
.Ft void
.Fo ERR_add_error_vdata
.Fa "int num"
.Fa "va_list arg"
.Fc
.Sh DESCRIPTION
.Fn ERR_put_error
adds an error code to the thread's error queue.
It signals that the error of reason code
.Fa reason


occurred in function


.Fa func
of library
.Fa lib ,
in line number

.Fa line
of
.Fa file .
This function is usually called by a macro.
.Pp
.Fn ERR_add_error_data

associates the concatenation of its
.Fa num
string arguments with the error code added last.
.Fn ERR_add_error_vdata


is similar except the argument is a
.Vt va_list .
Use of
.Fn ERR_add_error_data
and

.Fn ERR_add_error_vdata
is deprecated inside of LibreSSL in favour of
.Xr ERR_asprintf_error_data 3 .
.Pp
.Xr ERR_load_strings 3
can be used to register error strings so that the application can
generate human-readable error messages for the error code.
.Pp
Each sub-library has a specific macro
.Fn XXXerr f r

that is used to report errors.
Its first argument is a function code
.Dv XXX_F_* ;

the second argument is a reason code
.Dv XXX_R_* .
Function codes are derived from the function names
whereas reason codes consist of textual error descriptions.
For example, the function
.Fn ssl23_read
reports a "handshake failure" as follows:
.Pp
.Dl SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
.Pp


Function and reason codes should consist of upper case characters,
numbers and underscores only.
The error file generation script translates function codes into function
names by looking in the header files for an appropriate function name.
If none is found it just uses the capitalized form such as "SSL23_READ"
in the above example.
.Pp


The trailing section of a reason code (after the "_R_") is translated
into lower case and underscores changed to spaces.
.Pp
Although a library will normally report errors using its own specific
.Fn XXXerr
macro, another library's macro can be used.

This is normally only done when a library wants to include ASN.1 code
which must use the
.Fn ASN1err



macro.
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr ERR_asprintf_error_data 3 ,
.Xr ERR_load_strings 3
.Sh HISTORY
.Fn ERR_put_error
is available in all versions of SSLeay and OpenSSL.
.Fn ERR_add_error_data
was added in SSLeay 0.9.0.
Changes to jni/libressl/man/ERR_remove_state.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49


50
51







52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86

87
88
89
90
91
92

93
94
95
96





97
98
99
100
101
102

103

104
105



106
107
108


109
110
111
112
113
114

115
116

117


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for


.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the







.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ERR_remove_state 3"
.TH ERR_remove_state 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
ERR_remove_thread_state, ERR_remove_state \- free a thread's error queue
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&

\& void ERR_remove_thread_state(const CRYPTO_THREADID *tid);

.Ve
.PP
Deprecated:
.PP
.Vb 1
\& void ERR_remove_state(unsigned long pid);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIERR_remove_thread_state()\fR frees the error queue associated with thread \fBtid\fR.





If \fBtid\fR == \fB\s-1NULL\s0\fR, the current thread will have its error queue removed.
.PP
Since error queue data structures are allocated automatically for new
threads, they must be freed when threads are terminated in order to
avoid memory leaks.
.PP

ERR_remove_state is deprecated and has been replaced by

ERR_remove_thread_state. Since threads in OpenSSL are no longer identified
by unsigned long values any argument to this function is ignored. Calling



ERR_remove_state is equivalent to \fBERR_remove_thread_state(\s-1NULL\s0)\fR.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"


ERR_remove_thread_state and \fIERR_remove_state()\fR return no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL. It
was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state was introduced

and thread IDs were introduced to identify threads instead of 'unsigned long'.


|
>

|
<
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
<
<
<
<
<
|
|
|
|
<
<
|
>
|
|
|
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
>
>
|
|
>
>
>
>
>
>
>
|

<
<
<
|
<
<
<
<
|
|
<
<
<
<
<
|
<
<
<
|
|
<
<
<
<
<
|
|
<
<
|
<
>
|
>
|
|

|
|
|
>
|
|
|
|
>
>
>
>
>
|
|



|
>
|
>
|
|
>
>
>
|
|
|
>
>
|
|
|
<
|
<
>
|
|
>
|
>
>
1
2
3
4

5
6

7
8
9
10
11
12
13
14
15
16
17
18


19







20
21
22
23


24
25
26
27
28
29


30
31


32


33


34
35
36
37
38

39
40
41
42
43
44
45
46
47
48
49
50
51



52




53
54





55



56
57





58
59


60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

102

103
104
105
106
107
108
109
.\"	$OpenBSD: ERR_remove_state.3,v 1.3 2016/11/23 17:59:29 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"







.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: November 23 2016 $




.Dt ERR_REMOVE_STATE 3
.Os





.Sh NAME



.Nm ERR_remove_thread_state ,
.Nm ERR_remove_state





.Nd free a thread's OpenSSL error queue
.Sh SYNOPSIS


.In openssl/err.h

.Ft void
.Fo ERR_remove_thread_state
.Fa "const CRYPTO_THREADID *tid"
.Fc
.Pp
Deprecated:
.Pp
.Ft void
.Fo ERR_remove_state
.Fa "unsigned long pid"
.Fc
.Sh DESCRIPTION
.Fn ERR_remove_thread_state
frees the error queue associated with thread
.Fa tid .
If
.Fa tid
is
.Dv NULL ,
the current thread will have its error queue removed.
.Pp
Since error queue data structures are allocated automatically for new
threads, they must be freed when threads are terminated in order to
avoid memory leaks.
.Pp
.Fn ERR_remove_state
is deprecated and has been replaced by
.Fn ERR_remove_thread_state .
Since threads in OpenSSL are no longer identified by unsigned long
values, any argument to this function is ignored.
Calling
.Fn ERR_remove_state
is equivalent to
.Fn ERR_remove_thread_state NULL .
.Sh RETURN VALUES
.Fn ERR_remove_thread_state
and
.Fn ERR_remove_state
return no value.
.Sh SEE ALSO
.Xr ERR 3

.Sh HISTORY

.Fn ERR_remove_state
is available in all versions of SSLeay and OpenSSL.
It was deprecated in OpenSSL 1.0.0 when
.Fn ERR_remove_thread_state
was introduced and thread IDs were introduced to identify threads
instead of
.Vt unsigned long .
Changes to jni/libressl/man/ERR_set_mark.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46



47
48


49
50
51
52
53

54


55
56

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79

80
81

82
83
84
85

86
87

88
89
90
91

92
93
94

95

96
97
98

99
100

101
102
103
104
105
106

107

108
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq



.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.


.de IX
..

.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "ERR_set_mark 3"
.TH ERR_set_mark 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"

ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark
.SH "SYNOPSIS"

.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
\&

\& int ERR_set_mark(void);
\&

\& int ERR_pop_to_mark(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there
is one.
.PP

\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found.

The mark is then removed.  If there is no mark, the whole stack is removed.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1.
.PP

\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which
implies that the stack became empty, otherwise 1.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIerr\fR\|(3)
.SH "HISTORY"

.IX Header "HISTORY"

\&\fIERR_set_mark()\fR and \fIERR_pop_to_mark()\fR were added in OpenSSL 0.9.8.
|
>

<
|
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
<
<
<
<
|
<
<
>
|
|
<
|
<
<

<
<
>
>
>
|

>
>
|
<
<
<

>
|
>
>
<
|
>
|
|
|
|
|
|
|
|
|
|
<
<
|
<
<

>
|
<
<
<
<
|
|
>
|
<
>
|
<
|
<
>
|
<
>
|
<
|
<
>
|
<
|
>
|
>
|
|
<
>
|
|
>
|
|
|
|
<
|
>
|
>
|
1
2
3

4
5


6



7
8
9
10



11
12
13





14
15
16




17






18


19
20
21

22


23


24
25
26
27
28
29
30
31



32
33
34
35
36

37
38
39
40
41
42
43
44
45
46
47
48


49


50
51
52




53
54
55
56

57
58

59

60
61

62
63

64

65
66

67
68
69
70
71
72

73
74
75
76
77
78
79
80

81
82
83
84
85
.\"	$OpenBSD: ERR_set_mark.3,v 1.3 2016/11/23 17:59:29 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2003 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.






.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.



.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: November 23 2016 $
.Dt ERR_SET_MARK 3




.Os
.Sh NAME
.Nm ERR_set_mark ,
.Nm ERR_pop_to_mark

.Nd set marks and pop OpenSSL errors until mark
.Sh SYNOPSIS

.In openssl/err.h

.Ft int
.Fn ERR_set_mark void

.Ft int
.Fn ERR_pop_to_mark void

.Sh DESCRIPTION

.Fn ERR_set_mark
sets a mark on the current topmost error record if there is one.

.Pp
.Fn ERR_pop_to_mark
will pop the top of the error stack until a mark is found.
The mark is then removed.
If there is no mark, the whole stack is removed.
.Sh RETURN VALUES

.Fn ERR_set_mark
returns 0 if the error stack is empty, otherwise 1.
.Pp
.Fn ERR_pop_to_mark
returns 0 if there was no mark in the error stack, which implies that
the stack became empty, otherwise 1.
.Sh SEE ALSO
.Xr ERR 3

.Sh HISTORY
.Fn ERR_set_mark
and
.Fn ERR_pop_to_mark
were added in OpenSSL 0.9.8.
Added jni/libressl/man/ESS_SIGNING_CERT_new.3.






























































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
.\"	$OpenBSD: ESS_SIGNING_CERT_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt ESS_SIGNING_CERT_NEW 3
.Os
.Sh NAME
.Nm ESS_SIGNING_CERT_new ,
.Nm ESS_SIGNING_CERT_free ,
.Nm ESS_CERT_ID_new ,
.Nm ESS_CERT_ID_free ,
.Nm ESS_ISSUER_SERIAL_new ,
.Nm ESS_ISSUER_SERIAL_free
.Nd signing certificates for S/MIME
.Sh SYNOPSIS
.In openssl/ts.h
.Ft ESS_SIGNING_CERT *
.Fn ESS_SIGNING_CERT_new void
.Ft void
.Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert"
.Ft ESS_CERT_ID *
.Fn ESS_CERT_ID_new void
.Ft void
.Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id"
.Ft ESS_ISSUER_SERIAL *
.Fn ESS_ISSUER_SERIAL_new void
.Ft void
.Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial"
.Sh DESCRIPTION
The signing certificate may be included in the signedAttributes
field of a
.Vt SignerInfo
structure to mitigate simple substitution and re-issue attacks.
.Pp
.Fn ESS_SIGNING_CERT_new
allocates and initializes an empty
.Vt ESS_SIGNING_CERT
object, representing an ASN.1
.Vt SigningCertificate
structure defined in RFC 2634 section 5.4.
It can hold the certificate used for signing the data,
additional authorization certificates that can be used during
validation, and policies applying to the certificate.
.Fn ESS_SIGNING_CERT_free
frees
.Fa signing_cert .
.Pp
.Fn ESS_CERT_ID_new
allocates and initializes an empty
.Vt ESS_CERT_ID
object, representing an ASN.1
.Vt ESSCertID
structure defined in RFC 2634 section 5.4.1.
Such objects can be used inside
.Vt ESS_SIGNING_CERT
objects, and each one can hold a SHA1 hash of one certificate.
.Fn ESS_CERT_ID_free
frees
.Fa cert_id .
.Pp
.Fn ESS_ISSUER_SERIAL_new
allocates and initializes an empty
.Vt ESS_ISSUER_SERIAL
object, representing an ASN.1
.Vt IssuerSerial
structure defined in RFC 2634 section 5.4.1.
It can hold an issuer name and a serial number and can be included in an
.Vt ESS_CERT_ID
object, which is useful for additional authorization certificates,
but redundant for the signing certificate itself.
.Fn ESS_ISSUER_SERIAL_free
frees
.Fa issuer_serial .
.Sh RETURN VALUES
.Fn ESS_SIGNING_CERT_new ,
.Fn ESS_CERT_ID_new ,
and
.Fn ESS_ISSUER_SERIAL_new
return the new
.Vt ESS_SIGNING_CERT ,
.Vt ESS_CERT_ID ,
or
.Vt ESS_ISSUER_SERIAL
object, respectively, or
.Dv NULL
if an error occurred.
.Sh STANDARDS
RFC 2634: Enhanced Security Services for S/MIME,
section 5: Signing Certificate Attribute
.Pp
Note that RFC 2634 has been updated by RFC 5035:
Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility.
But the current implementation only supports the
Signing Certificate Attribute Definition Version 1
according to RFC 2634, not the
Signing Certificate Attribute Definition Version 2
according to RFC 5035.
Changes to jni/libressl/man/EVP_AEAD_CTX_init.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.2 2015/10/14 09:11:25 schwarze Exp $
.\"
.\" Copyright (c) 2014, Google Inc.
.\" Parts of the text were written by Adam Langley and David Benjamin.
.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 14 2015 $
.Dt EVP_AEAD_CTX_INIT 3
.Os
.Sh NAME
.Nm EVP_AEAD_CTX_init ,
.Nm EVP_AEAD_CTX_cleanup ,
.Nm EVP_AEAD_CTX_open ,
.Nm EVP_AEAD_CTX_seal ,
|

















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.5 2016/11/21 22:19:15 jmc Exp $
.\"
.\" Copyright (c) 2014, Google Inc.
.\" Parts of the text were written by Adam Langley and David Benjamin.
.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 21 2016 $
.Dt EVP_AEAD_CTX_INIT 3
.Os
.Sh NAME
.Nm EVP_AEAD_CTX_init ,
.Nm EVP_AEAD_CTX_cleanup ,
.Nm EVP_AEAD_CTX_open ,
.Nm EVP_AEAD_CTX_seal ,
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
.Fn EVP_AEAD_CTX_open .
At most
.Fa max_out_len
bytes are written as output and, in order to ensure success, this value
should be the
.Fa in_len
plus the result of
.Xr EVP_AEAD_overhead 3 .
On successful return,
.Fa out_len
is set to the actual number of bytes written.
The length of the
.Fa nonce
specified with
.Fa nonce_len







|







180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
.Fn EVP_AEAD_CTX_open .
At most
.Fa max_out_len
bytes are written as output and, in order to ensure success, this value
should be the
.Fa in_len
plus the result of
.Fn EVP_AEAD_max_overhead .
On successful return,
.Fa out_len
is set to the actual number of bytes written.
The length of the
.Fa nonce
specified with
.Fa nonce_len
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
.Pp
Where possible the
.Sy EVP_AEAD
interface to AEAD ciphers should be used in preference to the older
.Sy EVP
variants or to the low level interfaces.
This is because the code then becomes transparent to the AEAD cipher
used and much more flexible,
it is also safer to use as it prevents common mistakes with the native APIs.
.Sh RETURN VALUES
.Fn EVP_AEAD_CTX_init ,
.Fn EVP_AEAD_CTX_open ,
and
.Fn EVP_AEAD_CTX_seal
return 1 for success or zero for failure.
.Pp







|
|







233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
.Pp
Where possible the
.Sy EVP_AEAD
interface to AEAD ciphers should be used in preference to the older
.Sy EVP
variants or to the low level interfaces.
This is because the code then becomes transparent to the AEAD cipher
used and much more flexible.
It is also safer to use as it prevents common mistakes with the native APIs.
.Sh RETURN VALUES
.Fn EVP_AEAD_CTX_init ,
.Fn EVP_AEAD_CTX_open ,
and
.Fn EVP_AEAD_CTX_seal
return 1 for success or zero for failure.
.Pp
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
This is the largest value that can be passed as a tag length to
.Fn EVP_AEAD_CTX_init .
.Pp
.Fn EVP_AEAD_nonce_length
returns the length of the per-message nonce.
.Sh EXAMPLES
Encrypt a string using ChaCha20-Poly1305:
.Bd -literal
.\" XXX
const EVP_AEAD *aead = EVP_aead_chacha20_poly1305();
static const unsigned char nonce[32] = {0};
size_t buf_len, nonce_len;
EVP_AEAD_CTX ctx;

EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead),
    EVP_AEAD_DEFAULT_TAG_LENGTH, NULL);







|
<







258
259
260
261
262
263
264
265

266
267
268
269
270
271
272
This is the largest value that can be passed as a tag length to
.Fn EVP_AEAD_CTX_init .
.Pp
.Fn EVP_AEAD_nonce_length
returns the length of the per-message nonce.
.Sh EXAMPLES
Encrypt a string using ChaCha20-Poly1305:
.Bd -literal -offset indent

const EVP_AEAD *aead = EVP_aead_chacha20_poly1305();
static const unsigned char nonce[32] = {0};
size_t buf_len, nonce_len;
EVP_AEAD_CTX ctx;

EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead),
    EVP_AEAD_DEFAULT_TAG_LENGTH, NULL);
292
293
294
295
296
297
298
299
300
301
302
303
304
.Rs
.%A Y. Nir
.%A A. Langley
.%D May 2015
.%R RFC 7539
.%T ChaCha20 and Poly1305 for IETF Protocols
.Re
.Pp
.Sh HISTORY
AEAD is based on the implementation by
.An Adam Langley
for Chromium/BoringSSL and first appeared in
.Ox 5.6 .







<





291
292
293
294
295
296
297

298
299
300
301
302
.Rs
.%A Y. Nir
.%A A. Langley
.%D May 2015
.%R RFC 7539
.%T ChaCha20 and Poly1305 for IETF Protocols
.Re

.Sh HISTORY
AEAD is based on the implementation by
.An Adam Langley
for Chromium/BoringSSL and first appeared in
.Ox 5.6 .
Changes to jni/libressl/man/EVP_BytesToKey.3.
1

2


3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20
21
22



23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41


42
43
44
45


46
47
48
49
50
51








52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85


86

87
88


89

90
91
92
93

94




95




96

97

98




99
100
101
102
103


104
105


106
107
108
109
110
111
112




113
114
115
116
117
118

119
120
121
122
123
124
125
126
127
128
129
130






131

132
133
134
135
136
137
138

139
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,



.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.


.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the








.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_BytesToKey 3"
.TH EVP_BytesToKey 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_BytesToKey \- password based encryption routine
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&


\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,

\&                       const unsigned char *salt,
\&                       const unsigned char *data, int datal, int count,


\&                       unsigned char *key,unsigned char *iv);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is

the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.




The \fBsalt\fR parameter is used as a salt in the derivation: it should point to




an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing

\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the

iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR




and \fBiv\fR respectively.
.SH "NOTES"
.IX Header "NOTES"
A typical application of this function is to derive keying material for an
encryption algorithm from a password in the \fBdata\fR parameter.


.PP
Increasing the \fBcount\fR parameter slows down the algorithm which makes it


harder for an attacker to perform a brute force attack using a large number
of candidate passwords.
.PP
If the total key and \s-1IV\s0 length is less than the digest length and
\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5
otherwise a non standard extension is used to derive the extra data.
.PP




Newer applications should use more standard algorithms such as \s-1PBKDF2\s0 as
defined in PKCS#5v2.1 for key derivation.
.SH "KEY DERIVATION ALGORITHM"
.IX Header "KEY DERIVATION ALGORITHM"
The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
enough data is available for the key and \s-1IV.\s0 D_i is defined as:

.PP
.Vb 1
\&        D_i = HASH^count(D_(i\-1) || data || salt)
.Ve
.PP
where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest
algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data)
is \s-1HASH\s0(\s-1HASH\s0(data)) and so on.
.PP
The initial bytes are used for the key and the subsequent bytes for
the \s-1IV.\s0
.SH "RETURN VALUES"






.IX Header "RETURN VALUES"

\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIrand\fR\|(3),
\&\s-1\fIPKCS5_PBKDF2_HMAC\s0\fR\|(3),
\&\fIEVP_EncryptInit\fR\|(3)
.SH "HISTORY"

.IX Header "HISTORY"
|
>

>
>
|
<
<
<
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
>
<
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
|
|
>
>
|
<

<
>
>
|
|

|
|
|
>
>
>
>
>
>
>
>
|

<
<
<
|
<
<
<
<
<
|
<
<
<
<
<
|
<
<
|
|
<
<
<
<
<
<
|
|
<
<
|
<
>
>
|
>
|
|
>
>
|
>
|
|
|
|
>
|
>
>
>
>
|
>
>
>
>
|
>
|
>
|
>
>
>
>
|
|
<
|
|
>
>
|
|
>
>
|
|
<
<
<
<
|
>
>
>
>
|

|
<
|
|
>
|
<
|
<
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
|
|
<
|
<
|
<
>
|
1
2
3
4
5
6




7
8
9


10
11



12
13
14





15
16
17





18


19
20
21
22
23
24


25
26
27
28
29
30
31
32

33

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51



52





53





54


55
56






57
58


59

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

96
97
98
99
100
101
102
103
104
105




106
107
108
109
110
111
112
113

114
115
116
117

118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

137

138

139
140
.\"	$OpenBSD: EVP_BytesToKey.3,v 1.5 2016/11/24 00:20:36 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2001, 2011, 2013, 2014, 2015 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the





.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"

.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: November 24 2016 $





.Dt EVP_BYTESTOKEY 3





.Os


.Sh NAME
.Nm EVP_BytesToKey






.Nd password based encryption routine
.Sh SYNOPSIS


.In openssl/evp.h

.Ft int
.Fo EVP_BytesToKey
.Fa "const EVP_CIPHER *type"
.Fa "const EVP_MD *md"
.Fa "const unsigned char *salt"
.Fa "const unsigned char *data"
.Fa "int datal"
.Fa "int count"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fc
.Sh DESCRIPTION
.Fn EVP_BytesToKey
derives a key and IV from various parameters.
.Fa type
is the cipher to derive the key and IV for.
.Fa md
is the message digest to use.
The
.Fa salt
parameter is used as a salt in the derivation:
it should point to an 8-byte buffer or
.Dv NULL
if no salt is used.
.Fa data
is a buffer containing
.Fa datal
bytes which is used to derive the keying data.
.Fa count
is the iteration count to use.
The derived key and IV will be written to
.Fa key
and
.Fa iv ,
respectively.
.Pp

A typical application of this function is to derive keying material for
an encryption algorithm from a password in the
.Fa data
parameter.
.Pp
Increasing the
.Fa count
parameter slows down the algorithm, which makes it harder for an attacker
to perform a brute force attack using a large number of candidate
passwords.




.Pp
If the total key and IV length is less than the digest length and MD5
is used, then the derivation algorithm is compatible with PKCS#5 v1.5.
Otherwise, a non-standard extension is used to derive the extra data.
.Pp
Newer applications should use more standard algorithms such as PBKDF2 as
defined in PKCS#5v2.1 for key derivation.
.Sh KEY DERIVATION ALGORITHM

The key and IV is derived by concatenating D_1, D_2, etc. until enough
data is available for the key and IV.
D_i is defined recursively as:
.Pp

.Dl D_i = HASH^count(D_(i-1) || data || salt)

.Pp
where || denotes concatenation, D_0 is empty, HASH is the digest
algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is
HASH(HASH(data)) and so on.
.Pp
The initial bytes are used for the key and the subsequent bytes for the
IV.
.Sh RETURN VALUES
If
.Fa data
is
.Dv NULL ,
.Fn EVP_BytesToKey
returns the number of bytes needed to store the derived key.
Otherwise,
.Fn EVP_BytesToKey
returns the size of the derived key in bytes or 0 on error.
.Sh SEE ALSO

.Xr evp 3 ,

.Xr EVP_EncryptInit 3 ,

.Xr PKCS5_PBKDF2_HMAC 3 ,
.Xr RAND_bytes 3
Changes to jni/libressl/man/EVP_DigestInit.3.






1































2
3
4
5
6
7
8
9
10
11
12


13
14

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62


63
64
65
66

67



68

69
70
71




72

73





74
75
76

77

78
79
80



81



82
83
84


85
86



87
88

89





90

91
92
93



94
95
96


97
98

99
100




101
102
103


104
105
106


107


108
109
110
111


112
113



114

115

116

117
118

119
120
121
122
123
124

125

126

127

128

129



130
131



132










133
134
135
136
137
138
139
140
141
142
143
144
145


146

147
148
149





150

151





152













153
154
155
156
157
158





159

160




161


162

163

164
165
166


167
168
169



170
171
172

173
174
175






176
177

178



179
180
181


182


183
184



185

186
187
188
189
190
191
192
193
194

195
196
197
198
199
200






201

202
203






204


205
206
207
208
209
210
211
212



213
214
215
216





217
218
219
220












221



















222





223

224
225
226
227
228
229
230
231


232
233
234

235
236
237



238
239
240
241


242
243
244

245
246
247
248
249
250
251
252
253
254
255
256
257




258

259
260
261
262
263
264
265
266
267
268
269













270
271
272
273
274

275
276














277
278










279

280

281






















282
283
284
285
286
287

288
289
290
291
292
293

294
295
296
297
298
299
300
301
302
303
304
305

306
307
308
309
310
311

312
313
314
315
316
317
318
319
320
321
322
323
324
325

326
327
328
329
330
331
332
333

334


335
336


337
338




339
340
341






342
343


344
345
346



347
348
349
350






.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)































.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1


..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}

.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2

.        \}



.    \}

.\}
.rr rF
.\" ========================================================================




.\"

.IX Title "EVP_DigestInit 3"





.TH EVP_DigestInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l

.nh
.SH "NAME"
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,



EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,



EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5,


EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,



EVP_get_digestbyobj, EVP_DigestInit, EVP_DigestFinal \- EVP digest routines
.SH "SYNOPSIS"

.IX Header "SYNOPSIS"





.Vb 1

\& #include <openssl/evp.h>
\&
\& void EVP_MD_CTX_init(EVP_MD_CTX *ctx);



\& EVP_MD_CTX *EVP_MD_CTX_create(void);
\&
\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);


\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,

\&        unsigned int *s);
\&




\& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
\& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
\&


\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
\&
\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);


\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,


\&        unsigned int *s);
\&
\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
\&


\& #define EVP_MAX_MD_SIZE 64     /* SHA512 */
\&



\& int EVP_MD_type(const EVP_MD *md);

\& int EVP_MD_pkey_type(const EVP_MD *md);

\& int EVP_MD_size(const EVP_MD *md);

\& int EVP_MD_block_size(const EVP_MD *md);
\&

\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
\& #define EVP_MD_CTX_size(e)             EVP_MD_size(EVP_MD_CTX_md(e))
\& #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)\->digest)
\& #define EVP_MD_CTX_type(e)             EVP_MD_type((e)\->digest)
\&
\& const EVP_MD *EVP_md_null(void);

\& const EVP_MD *EVP_md2(void);

\& const EVP_MD *EVP_md5(void);

\& const EVP_MD *EVP_sha1(void);

\& const EVP_MD *EVP_dss(void);

\& const EVP_MD *EVP_dss1(void);



\& const EVP_MD *EVP_ripemd160(void);
\&



\& const EVP_MD *EVP_sha224(void);










\& const EVP_MD *EVP_sha256(void);
\& const EVP_MD *EVP_sha384(void);
\& const EVP_MD *EVP_sha512(void);
\&
\& const EVP_MD *EVP_get_digestbyname(const char *name);
\& #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
\& #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 digest routines are a high level interface to message digests.
.PP
\&\fIEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR.


.PP

\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
.PP
\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest





\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this

function. \fBtype\fR will typically be supplied by a function such as \fIEVP_sha1()\fR.





If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.













.PP
\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
digest context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to hash additional data.
.PP
\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places





it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of

bytes of data written (i.e. the length of the digest) will be written




to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.


After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR

can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new

digest operation.
.PP
\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called


after a digest context is no longer needed.
.PP
\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the



space allocated to it, it should be called only on a context created
using \fIEVP_MD_CTX_create()\fR.
.PP

\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from
\&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be
hashed which only differ in the last few bytes. \fBout\fR must be initialized






before calling this function.
.PP

\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except



the passed context \fBctx\fR does not have to be initialized, and it always
uses the default digest implementation.
.PP


\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest


context \fBctx\fR is automatically cleaned up.
.PP



\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination

\&\fBout\fR does not have to be initialized.
.PP
\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest
when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the
hash.
.PP
\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the
message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure.
.PP

\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0
representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure.
For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
normally used when setting \s-1ASN1\s0 OIDs.
.PP
\&\fIEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed






\&\fB\s-1EVP_MD_CTX\s0\fR.

.PP
\&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm






associated with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so


this will return \fBNID_sha1WithRSAEncryption\fR. Since digests and signature
algorithms are no longer linked this function is only retained for
compatibility reasons.
.PP
\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha1()\fR, \fIEVP_sha224()\fR, \fIEVP_sha256()\fR, \fIEVP_sha384()\fR,
\&\fIEVP_sha512()\fR and \fIEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2, MD5,
SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1RIPEMD160\s0 digest algorithms
respectively.



.PP
\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA1\s0 digest
algorithms but using \s-1DSS \s0(\s-1DSA\s0) for the signature algorithm. Note: there is
no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are





however retained for compatibility.
.PP
\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
returns is of zero length.












.PP



















\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR





return an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \s-1NID\s0 or

an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initialized
using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for
success and 0 for failure.
.PP
\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.


.PP
\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists.

.PP
\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR and
\&\fIEVP_MD_CTX_block_size()\fR return the digest or block size in bytes.



.PP
\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR,
\&\fIEVP_dss1()\fR and \fIEVP_ripemd160()\fR return pointers to the
corresponding \s-1EVP_MD\s0 structures.


.PP
\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
return either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs.

.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the digest used and much more flexible.
.PP
New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256.\s0
The other digest algorithms are still in common use.
.PP
For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
set to \s-1NULL\s0 to use the default digest implementation.
.PP
The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are




obsolete but are retained to maintain compatibility with existing code. New

applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and
\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
instead of initializing and cleaning it up on each call and allow non default
implementations of digests to be specified.
.PP
In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
memory leaks will occur.
.PP
Stack allocation of \s-1EVP_MD_CTX\s0 structures is common, for example:
.PP
.Vb 2













\& EVP_MD_CTX mctx;
\& EVP_MD_CTX_init(&mctx);
.Ve
.PP
This will cause binary compatibility issues if the size of \s-1EVP_MD_CTX\s0

structure changes (this will only happen with a major release of OpenSSL).
Applications wishing to avoid this should use \fIEVP_MD_CTX_create()\fR instead:














.PP
.Vb 2










\& EVP_MD_CTX *mctx;

\& mctx = EVP_MD_CTX_create();

.Ve






















.SH "EXAMPLE"
.IX Header "EXAMPLE"
This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
digest name passed on the command line.
.PP
.Vb 2

\& #include <stdio.h>
\& #include <openssl/evp.h>
\&
\& int
\& main(int argc, char *argv[])
\& {

\&        EVP_MD_CTX *mdctx;
\&        const EVP_MD *md;
\&        const char mess1[] = "Test Message\en";
\&        const char mess2[] = "Hello World\en";
\&        unsigned char md_value[EVP_MAX_MD_SIZE];
\&        int md_len, i;
\&
\&        OpenSSL_add_all_digests();
\&
\&        if (argc <= 1) {
\&                printf("Usage: mdtest digestname\en");
\&                exit(1);

\&        }
\&
\&        md = EVP_get_digestbyname(argv[1]);
\&        if (md == NULL) {
\&                printf("Unknown message digest %s\en", argv[1]);
\&                exit(1);

\&        }
\&
\&        mdctx = EVP_MD_CTX_create();
\&        EVP_DigestInit_ex(mdctx, md, NULL);
\&        EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
\&        EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
\&        EVP_DigestFinal_ex(mdctx, md_value, &md_len);
\&        EVP_MD_CTX_destroy(mdctx);
\&
\&        printf("Digest is: ");
\&        for(i = 0; i < md_len; i++)
\&                printf("%02x", md_value[i]);
\&        printf("\en");
\& }

.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
\&\fImd5\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are


available in all versions of SSLeay and OpenSSL.
.PP


\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR,
\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR




and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7.
.PP
\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha1()\fR,






\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR and \fIEVP_ripemd160()\fR were
changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7.


.PP
The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA,\s0 there is no need to



use \fIEVP_dss1()\fR any more.
.PP
OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the
default configuration due to its security weaknesses.
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
|
|
|
|
|
|
>
>
|
<
>
|
|
|
<
<
|
<
<
|
|
|
|
|
|
|
|
|
|
|
|
<
>
|
|
|
|
|
|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
<
<
|
>
|
>
>
>
|
>
|
|
<
>
>
>
>
|
>
|
>
>
>
>
>
|
<
<
>
|
>
|
|
|
>
>
>
|
>
>
>
|
|
|
>
>
|
|
>
>
>
|
|
>
|
>
>
>
>
>
|
>
|
<
|
>
>
>
|
<
|
>
>
|
|
>
|
<
>
>
>
>
|
|
<
>
>
|
<
|
>
>
|
>
>
|
<
|
<
>
>
|
<
>
>
>
|
>
|
>
|
>
|
<
>
|
<
<
|
<
|
>
|
>
|
>
|
>
|
>
|
>
>
>
|
<
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
|
|
|
>
>
|
>
|
|
|
>
>
>
>
>
|
>
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
<
<
<
|
>
>
>
>
>
|
>
|
>
>
>
>
|
>
>
|
>
|
>
|
|
|
>
>
|
|
|
>
>
>
|
|
|
>
|
<
<
>
>
>
>
>
>
|
|
>
|
>
>
>
|
|
|
>
>
|
>
>
|
|
>
>
>
|
>
|
|
|
<
|
<
|
|
|
>
|
|
<
<
|
<
>
>
>
>
>
>
|
>
|
|
>
>
>
>
>
>
|
>
>
|
|
<
|
<
|
<
|
>
>
>
|
|
|
|
>
>
>
>
>
|
|
|
<
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
|
|
<
<
<
|
|
|
>
>
|
|
|
>
|
<
|
>
>
>
|
<
<
<
>
>
|
<
<
>
|
|
<
<
<
<
<
<
<
|
|
|
|
>
>
>
>
|
>
|
|
<
|
<
<
<
<
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>

|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
|
<
<
>
|
|
|
|
|
<
>
|
|
|
|
|
|
|
|
|
|
|
|
>
|
<
|
|
|
|
>
|
<
|
|
|
|
|
|
|
|
|
|
|
<
>
|
|
|
<
<
<
|
<
>
|
>
>
|
|
>
>
|
|
>
>
>
>
|
|
|
>
>
>
>
>
>
|
|
>
>
|
|
|
>
>
>
|
|
|

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

53
54
55
56


57


58
59
60
61
62
63
64
65
66
67
68
69

70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99


100
101
102
103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118
119
120
121
122


123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

158
159
160
161
162

163
164
165
166
167
168
169

170
171
172
173
174
175

176
177
178

179
180
181
182
183
184
185

186

187
188
189

190
191
192
193
194
195
196
197
198
199

200
201


202

203
204
205
206
207
208
209
210
211
212
213
214
215
216
217

218
219
220
221
222
223
224
225
226
227
228
229
230
231
232









233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271



272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307


308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338

339

340
341
342
343
344
345


346

347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367

368

369

370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385

386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427



428
429
430
431
432
433
434
435
436
437

438
439
440
441
442



443
444
445


446
447
448







449
450
451
452
453
454
455
456
457
458
459
460

461







462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497

498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535

536
537


538
539
540
541
542
543

544
545
546
547
548
549
550
551
552
553
554
555
556
557
558

559
560
561
562
563
564

565
566
567
568
569
570
571
572
573
574
575

576
577
578
579



580

581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
.\"	$OpenBSD: EVP_DigestInit.3,v 1.6 2017/03/25 17:54:04 schwarze Exp $
.\"	OpenSSL d2a56999 Sep 24 13:37:16 2016 +0200
.\"	OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000-2004, 2009, 2012-2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: March 25 2017 $
.Dt EVP_DIGESTINIT 3
.Os
.Sh NAME


.Nm EVP_MD_CTX_init ,


.Nm EVP_MD_CTX_create ,
.Nm EVP_MD_CTX_ctrl ,
.Nm EVP_DigestInit_ex ,
.Nm EVP_DigestUpdate ,
.Nm EVP_DigestFinal_ex ,
.Nm EVP_MD_CTX_cleanup ,
.Nm EVP_MD_CTX_destroy ,
.Nm EVP_MD_CTX_copy_ex ,
.Nm EVP_DigestInit ,
.Nm EVP_DigestFinal ,
.Nm EVP_MD_CTX_copy ,
.Nm EVP_MAX_MD_SIZE ,

.Nm EVP_MD_type ,
.Nm EVP_MD_pkey_type ,
.Nm EVP_MD_size ,
.Nm EVP_MD_block_size ,
.Nm EVP_MD_CTX_md ,
.Nm EVP_MD_CTX_size ,
.Nm EVP_MD_CTX_block_size ,
.Nm EVP_MD_CTX_type ,

.Nm EVP_md_null ,
.Nm EVP_md2 ,
.Nm EVP_md5 ,
.Nm EVP_md5_sha1 ,
.Nm EVP_sha1 ,
.Nm EVP_sha224 ,
.Nm EVP_sha256 ,
.Nm EVP_sha384 ,
.Nm EVP_sha512 ,
.Nm EVP_dss ,
.Nm EVP_dss1 ,
.Nm EVP_ripemd160 ,
.Nm EVP_get_digestbyname ,
.Nm EVP_get_digestbynid ,
.Nm EVP_get_digestbyobj
.Nd EVP digest routines
.Sh SYNOPSIS
.In openssl/evp.h
.Ft void
.Fo EVP_MD_CTX_init
.Fa "EVP_MD_CTX *ctx"
.Fc


.Ft EVP_MD_CTX *
.Fn EVP_MD_CTX_create void
.Ft void
.Fo EVP_MD_CTX_ctrl
.Fa "EVP_MD_CTX *ctx"
.Fa "int cmd"
.Fa "int p1"
.Fa "void* p2"
.Fc
.Ft int

.Fo EVP_DigestInit_ex
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"
.Fc
.Ft int
.Fo EVP_DigestUpdate
.Fa "EVP_MD_CTX *ctx"
.Fa "const void *d"
.Fa "size_t cnt"
.Fc
.Ft int
.Fo EVP_DigestFinal_ex


.Fa "EVP_MD_CTX *ctx"
.Fa "unsigned char *md"
.Fa "unsigned int *s"
.Fc
.Ft int
.Fo EVP_MD_CTX_cleanup
.Fa "EVP_MD_CTX *ctx"
.Fc
.Ft void
.Fo EVP_MD_CTX_destroy
.Fa "EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo EVP_MD_CTX_copy_ex
.Fa "EVP_MD_CTX *out"
.Fa "const EVP_MD_CTX *in"
.Fc
.Ft int
.Fo EVP_DigestInit
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fc
.Ft int
.Fo EVP_DigestFinal
.Fa "EVP_MD_CTX *ctx"
.Fa "unsigned char *md"
.Fa "unsigned int *s"
.Fc
.Ft int
.Fo EVP_MD_CTX_copy
.Fa "EVP_MD_CTX *out"
.Fa "EVP_MD_CTX *in"
.Fc
.Fd #define EVP_MAX_MD_SIZE 64	/* SHA512 */
.Ft int

.Fo EVP_MD_type
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo EVP_MD_pkey_type

.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo EVP_MD_size
.Fa "const EVP_MD *md"
.Fc
.Ft int

.Fo EVP_MD_block_size
.Fa "const EVP_MD *md"
.Fc
.Ft const EVP_MD *
.Fo EVP_MD_CTX_md
.Fa "const EVP_MD_CTX *ctx"

.Fc
.Ft int
.Fo EVP_MD_CTX_size

.Fa "const EVP_MD *ctx"
.Fc
.Ft int
.Fo EVP_MD_CTX_block_size
.Fa "const EVP_MD *ctx"
.Fc
.Ft int

.Fo EVP_MD_CTX_type

.Fa "const EVP_MD *ctx"
.Fc
.Ft const EVP_MD *

.Fn EVP_md_null void
.Ft const EVP_MD *
.Fn EVP_md2 void
.Ft const EVP_MD *
.Fn EVP_md5 void
.Ft const EVP_MD *
.Fn EVP_md5_sha1 void
.Ft const EVP_MD *
.Fn EVP_sha1 void
.Ft const EVP_MD *

.Fn EVP_sha224 void
.Ft const EVP_MD *


.Fn EVP_sha256 void

.Ft const EVP_MD *
.Fn EVP_sha384 void
.Ft const EVP_MD *
.Fn EVP_sha512 void
.Ft const EVP_MD *
.Fn EVP_dss void
.Ft const EVP_MD *
.Fn EVP_dss1 void
.Ft const EVP_MD *
.Fn EVP_ripemd160 void
.Ft const EVP_MD *
.Fo EVP_get_digestbyname
.Fa "const char *name"
.Fc
.Ft const EVP_MD *

.Fo EVP_get_digestbynid
.Fa "int type"
.Fc
.Ft const EVP_MD *
.Fo EVP_get_digestbyobj
.Fa "const ASN1_OBJECT *o"
.Fc
.Sh DESCRIPTION
The EVP digest routines are a high level interface to message digests.
.Pp
.Fn EVP_MD_CTX_init
initializes the digest context
.Fa ctx .
.Pp
.Fn EVP_MD_CTX_create









allocates, initializes, and returns a digest context.
.Pp
.Fn EVP_MD_CTX_ctrl
performs digest-specific control actions on the context
.Fa ctx .
.Pp
.Fn EVP_DigestInit_ex
sets up digest context
.Fa ctx
to use a digest
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa ctx
must be initialized before calling this function.
.Fa type
will typically be supplied by a function such as
.Fn EVP_sha1 .
If
.Fa impl
is
.Dv NULL ,
then the default implementation of digest
.Fa type
is used.
.Pp
.Fn EVP_DigestUpdate
hashes
.Fa cnt
bytes of data at
.Fa d
into the digest context
.Fa ctx .
This function can be called several times on the same
.Fa ctx
to hash additional data.
.Pp
.Fn EVP_DigestFinal_ex



retrieves the digest value from
.Fa ctx
and places it in
.Fa md .
If the
.Fa s
parameter is not
.Dv NULL ,
then the number of bytes of data written (i.e. the length of the
digest) will be written to the integer at
.Fa s ;
at most
.Dv EVP_MAX_MD_SIZE
bytes will be written.
After calling
.Fn EVP_DigestFinal_ex ,
no additional calls to
.Fn EVP_DigestUpdate
can be made, but
.Fn EVP_DigestInit_ex
can be called to initialize a new digest operation.
.Pp
.Fn EVP_MD_CTX_cleanup
cleans up the digest context
.Fa ctx .
It should be called after a digest context is no longer needed.
.Pp
.Fn EVP_MD_CTX_destroy
cleans up the digest context
.Fa ctx
and frees up the space allocated to it.
It should be called only on a context created using
.Fn EVP_MD_CTX_create .
.Pp
.Fn EVP_MD_CTX_copy_ex
can be used to copy the message digest state from


.Fa in
to
.Fa out .
This is useful if large amounts of data are to be hashed which only
differ in the last few bytes.
.Fa out
must be initialized before calling this function.
.Pp
.Fn EVP_DigestInit
behaves in the same way as
.Fn EVP_DigestInit_ex
except the passed context
.Fa ctx
does not have to be initialized, and it always uses the default digest
implementation.
.Pp
.Fn EVP_DigestFinal
is similar to
.Fn EVP_DigestFinal_ex
except the digest context
.Fa ctx
is automatically cleaned up.
.Pp
.Fn EVP_MD_CTX_copy
is similar to
.Fn EVP_MD_CTX_copy_ex
except the destination
.Fa out
does not have to be initialized.
.Pp
.Fn EVP_MD_size

and

.Fn EVP_MD_CTX_size
return the size of the message digest when passed an
.Vt EVP_MD
or an
.Vt EVP_MD_CTX
structure, i.e. the size of the hash.


.Pp

.Fn EVP_MD_block_size
and
.Fn EVP_MD_CTX_block_size
return the block size of the message digest when passed an
.Vt EVP_MD
or an
.Vt EVP_MD_CTX
structure.
.Pp
.Fn EVP_MD_type
and
.Fn EVP_MD_CTX_type
return the NID of the OBJECT IDENTIFIER representing the given message
digest when passed an
.Vt EVP_MD
structure.
For example
.Fn EVP_MD_type EVP_sha1()
returns
.Dv NID_sha1 .
This function is normally used when setting ASN.1 OIDs.

.Pp

.Fn EVP_MD_CTX_md

returns the
.Vt EVP_MD
structure corresponding to the passed
.Vt EVP_MD_CTX .
.Pp
.Fn EVP_MD_pkey_type
returns the NID of the public key signing algorithm associated with this
digest.
For example
.Fn EVP_sha1
is associated with RSA so this will return
.Dv NID_sha1WithRSAEncryption .
Since digests and signature algorithms are no longer linked this
function is only retained for compatibility reasons.
.Pp
.Fn EVP_md2 ,

.Fn EVP_md5 ,
.Fn EVP_sha1 ,
.Fn EVP_sha224 ,
.Fn EVP_sha256 ,
.Fn EVP_sha384 ,
.Fn EVP_sha512 ,
and
.Fn EVP_ripemd160
return
.Vt EVP_MD
structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and
RIPEMD160 digest algorithms respectively.
.Pp
.Fn EVP_md5_sha1
returns an
.Vt EVP_MD
structure that provides concatenated MD5 and SHA1 message digests.
.Pp
.Fn EVP_dss
and
.Fn EVP_dss1
return
.Vt EVP_MD
structures for SHA1 digest algorithms but using DSS (DSA) for the
signature algorithm.
Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and
later; they are however retained for compatibility.
.Pp
.Fn EVP_md_null
is a "null" message digest that does nothing:
i.e. the hash it returns is of zero length.
.Pp
.Fn EVP_get_digestbyname ,
.Fn EVP_get_digestbynid ,
and
.Fn EVP_get_digestbyobj
return an
.Vt EVP_MD
structure when passed a digest name, a digest NID, or an ASN1_OBJECT
structure respectively.
The digest table must be initialized using, for example,
.Xr OpenSSL_add_all_digests 3



for these functions to work.
.Pp
.Fn EVP_MD_CTX_size ,
.Fn EVP_MD_CTX_block_size ,
.Fn EVP_MD_CTX_type ,
.Fn EVP_get_digestbynid ,
and
.Fn EVP_get_digestbyobj
are implemented as macros.
.Pp

The EVP interface to message digests should almost always be used
in preference to the low level interfaces.
This is because the code then becomes transparent to the digest used and
much more flexible.
.Pp



New applications should use the SHA2 digest algorithms such as SHA256.
The other digest algorithms are still in common use.
.Pp


For most applications the
.Fa impl
parameter to







.Fn EVP_DigestInit_ex
will be set to NULL to use the default digest implementation.
.Pp
The functions
.Fn EVP_DigestInit ,
.Fn EVP_DigestFinal ,
and
.Fn EVP_MD_CTX_copy
are obsolete but are retained to maintain compatibility with existing
code.
New applications should use
.Fn EVP_DigestInit_ex ,

.Fn EVP_DigestFinal_ex ,







and
.Fn EVP_MD_CTX_copy_ex
because they can efficiently reuse a digest context instead of
initializing and cleaning it up on each call and allow non-default
implementations of digests to be specified.
.Pp
In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after
use memory leaks will occur.
.Pp
Stack allocation of
.Vt EVP_MD_CTX
structures is common, for example:
.Bd -literal -offset indent
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
.Ed
.Pp
This will cause binary compatibility issues if the size of
.Vt EVP_MD_CTX
structure changes (this will only happen with a major release of OpenSSL).
Applications wishing to avoid this should use
.Fn EVP_MD_CTX_create
instead:
.Bd -literal -offset indent
EVP_MD_CTX *mctx;
mctx = EVP_MD_CTX_create();
.Ed
.Sh RETURN VALUES
.Fn EVP_MD_CTX_ctrl ,
.Fn EVP_DigestInit_ex ,
.Fn EVP_DigestUpdate ,
.Fn EVP_DigestFinal_ex ,
and
.Fn EVP_MD_CTX_copy_ex
return 1 for success or 0 for failure.
.Pp

.Fn EVP_MD_type ,
.Fn EVP_MD_pkey_type ,
and
.Fn EVP_MD_type
return the NID of the corresponding OBJECT IDENTIFIER or
.Dv NID_undef
if none exists.
.Pp
.Fn EVP_MD_size ,
.Fn EVP_MD_block_size ,
.Fn EVP_MD_CTX_size ,
and
.Fn EVP_MD_CTX_block_size
return the digest or block size in bytes.
.Pp
.Fn EVP_md_null ,
.Fn EVP_md2 ,
.Fn EVP_md5 ,
.Fn EVP_md5_sha1 ,
.Fn EVP_sha1 ,
.Fn EVP_dss ,
.Fn EVP_dss1 ,
and
.Fn EVP_ripemd160
return pointers to the corresponding
.Vt EVP_MD
structures.
.Pp
.Fn EVP_get_digestbyname ,
.Fn EVP_get_digestbynid ,
and
.Fn EVP_get_digestbyobj
return either an
.Vt EVP_MD
structure or
.Dv NULL
if an error occurs.
.Sh EXAMPLES

This example digests the data "Test Message\en" and "Hello World\en",
using the digest name passed on the command line.


.Bd -literal -offset indent
#include <stdio.h>
#include <openssl/evp.h>

int
main(int argc, char *argv[])

{
	EVP_MD_CTX *mdctx;
	const EVP_MD *md;
	const char mess1[] = "Test Message\en";
	const char mess2[] = "Hello World\en";
	unsigned char md_value[EVP_MAX_MD_SIZE];
	int md_len, i;

	OpenSSL_add_all_digests();

	if (argc <= 1) {
		printf("Usage: mdtest digestname\en");
		exit(1);
	}


	md = EVP_get_digestbyname(argv[1]);
	if (md == NULL) {
		printf("Unknown message digest %s\en", argv[1]);
		exit(1);
	}


	mdctx = EVP_MD_CTX_create();
	EVP_DigestInit_ex(mdctx, md, NULL);
	EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
	EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
	EVP_DigestFinal_ex(mdctx, md_value, &md_len);
	EVP_MD_CTX_destroy(mdctx);

	printf("Digest is: ");
	for(i = 0; i < md_len; i++)
		printf("%02x", md_value[i]);
	printf("\en");

}
.Ed
.Sh SEE ALSO
.Xr evp 3



.Sh HISTORY

.Fn EVP_DigestInit ,
.Fn EVP_DigestUpdate ,
and
.Fn EVP_DigestFinal
are available in all versions of SSLeay and OpenSSL.
.Pp
.Fn EVP_MD_CTX_init ,
.Fn EVP_MD_CTX_create ,
.Fn EVP_MD_CTX_copy_ex ,
.Fn EVP_MD_CTX_cleanup ,
.Fn EVP_MD_CTX_destroy ,
.Fn EVP_DigestInit_ex ,
and
.Fn EVP_DigestFinal_ex
were added in OpenSSL 0.9.7.
.Pp
.Fn EVP_md_null ,
.Fn EVP_md2 ,
.Fn EVP_md5 ,
.Fn EVP_sha1 ,
.Fn EVP_dss ,
.Fn EVP_dss1 ,
and
.Fn EVP_ripemd160
were changed to return truly const
.Vt EVP_MD
pointers in OpenSSL 0.9.7.
.Pp
The link between digests and signing algorithms was fixed in OpenSSL 1.0
and later, so now
.Fn EVP_sha1
can be used with RSA and DSA; there is no need to use
.Fn EVP_dss1
any more.
.Pp
OpenSSL 1.0 and later does not include the MD2 digest algorithm in the
default configuration due to its security weaknesses.
Changes to jni/libressl/man/EVP_DigestSignInit.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16




17
18
19
20
21
22

23
24
25
26

27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43




44
45
46
47
48

49


50
51


52






53
54
55




56
57
58
59
60
61
62


63
64
65
66
67
68
69

70
71
72
73


74

75
76









77

78
79
80
81
82
83
84
85
86
87
88

89
90

91
92
93
94





95
96
97
98
99
100
101
102
103
104
105

106
107
108





109

110




111
112
113
114
115
116
117
118
119
120
121
122
123
124

125
126
127
128


129
130

131


132

133


134
135
136
137

138
139


140
141


142
143











144
145


146
147
148
149
150
151
152

153


154
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}




.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for


.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the


.\" output yourself in some meaningful fashion.






.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX




..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}

.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_DigestSignInit 3"


.TH EVP_DigestSignInit 3 "2017-01-09" "LibreSSL " "LibreSSL"

.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.









.if n .ad l

.nh
.SH "NAME"
EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing
functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
\&                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);

\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.





.PP
\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
\&\s-1ENGINE \s0\fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can
be used to set alternative signing options.
.PP
\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
signature context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to include additional data. This function is currently implemented
using a macro.

.PP
\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR.
If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to





the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the

\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer, if the




call is successful the signature is written to \fBsig\fR and the amount of data
written to \fBsiglen\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_DigestSignInit()\fR \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignaFinal()\fR return
1 for success and 0 or a negative value for failure. In particular a return
value of \-2 indicates the operation is not supported by the public key
algorithm.
.PP
The error codes can be obtained from \fIERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes

transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR


needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
the use of clone digest is now discouraged.

.PP


The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest

context. This means that calls to \fIEVP_DigestSignUpdate()\fR and


\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak

will occur.
.PP


The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some
signature operations may have a signature length which depends on the


parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value
which indicates the maximum possible signature for any set of parameters.











.SH "SEE ALSO"
.IX Header "SEE ALSO"


\&\fIEVP_DigestVerifyInit\fR\|(3),
\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
\&\fImd5\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR


were first added to OpenSSL 1.0.0.
|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
|
>
>
>
>
|
<
<
<
<
<
>
|
|
|
|
>
|
|
<
<
|
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>

|
|
<
|
>
|
>
>
|
<
>
>
|
>
>
>
>
>
>
|
<
|
>
>
>
>
|
<
<
<
|
|
|
>
>
|
<
<
<
<
<
|
>
|
<
|
|
>
>
|
>
|
|
>
>
>
>
>
>
>
>
>
|
>
|
<
|
|
|
|
|
<
<
|
<
>
|
<
>
|
<
<
|
>
>
>
>
>
|
|
<
|
|
|
|
|
<
<
|
>
|
<
|
>
>
>
>
>
|
>
|
>
>
>
>
|
|
<
<
<
<
<
<
|
<
<
<
|
|
>
|
|
|
|
>
>
|
|
>
|
>
>
|
>
|
>
>
|
|
|
|
>
|
|
>
>
|
|
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
|
<
<
<
<
|
<
>
|
>
>

1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18

19
20
21
22
23
24





25
26
27
28
29
30
31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

54
55
56
57
58
59

60
61
62
63
64
65
66
67
68
69

70
71
72
73
74
75



76
77
78
79
80
81





82
83
84

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

105
106
107
108
109


110

111
112

113
114


115
116
117
118
119
120
121
122

123
124
125
126
127


128
129
130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145






146



147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197




198

199
200
201
202
203
.\"	$OpenBSD: EVP_DigestSignInit.3,v 1.3 2016/11/26 17:38:55 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"





.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 26 2016 $
.Dt EVP_DIGESTSIGNINIT 3

.Os
.Sh NAME
.Nm EVP_DigestSignInit ,
.Nm EVP_DigestSignUpdate ,
.Nm EVP_DigestSignFinal
.Nd EVP signing functions

.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_DigestSignInit
.Fa "EVP_MD_CTX *ctx"
.Fa "EVP_PKEY_CTX **pctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *e"
.Fa "EVP_PKEY *pkey"
.Fc

.Ft int
.Fo EVP_DigestSignUpdate
.Fa "EVP_MD_CTX *ctx"
.Fa "const void *d"
.Fa "size_t cnt"
.Fc



.Ft int
.Fo EVP_DigestSignFinal
.Fa "EVP_MD_CTX *ctx"
.Fa "unsigned char *sig"
.Fa "size_t *siglen"
.Fc





.Sh DESCRIPTION
The EVP signature routines are a high level interface to digital
signatures.

.Pp
.Fn EVP_DigestSignInit
sets up the signing context
.Fa ctx
to use the digest
.Fa type
from
.Vt ENGINE
.Fa e
and private key
.Fa pkey .
.Fa ctx
must be initialized with
.Xr EVP_MD_CTX_init 3
before calling this function.
If
.Fa pctx
is not
.Dv NULL ,
the

.Vt EVP_PKEY_CTX
of the signing operation will be written to
.Pf * Fa pctx :
this can be used to set alternative signing options.
.Pp


.Fn EVP_DigestSignUpdate

hashes
.Fa cnt

bytes of data at
.Fa d


into the signature context
.Fa ctx .
This function can be called several times on the same
.Fa ctx
to include additional data.
This function is currently implemented using a macro.
.Pp
.Fn EVP_DigestSignFinal

signs the data in
.Fa ctx
and places the signature in
.Fa sig .
If


.Fa sig
is
.Dv NULL ,

then the maximum size of the output buffer is written to
.Pf * Fa siglen .
If
.Fa sig
is not
.Dv NULL ,
then before the call
.Fa siglen
should contain the length of the
.Fa sig
buffer.
If the call is successful, the signature is written to
.Fa sig
and the amount of data written to
.Fa siglen .






.Pp



The EVP interface to digital signatures should almost always be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the algorithm used
and much more flexible.
.Pp
In previous versions of OpenSSL, there was a link between message digest
types and public key algorithms.
This meant that "clone" digests such as
.Xr EVP_dss1 3
needed to be used to sign using SHA1 and DSA.
This is no longer necessary and the use of clone digest is now
discouraged.
.Pp
The call to
.Fn EVP_DigestSignFinal
internally finalizes a copy of the digest context.
This means that
.Fn EVP_DigestSignUpdate
and
.Fn EVP_DigestSignFinal
can be called later to digest and sign additional data.
.Pp
Since only a copy of the digest context is ever finalized, the context
must be cleaned up after use by calling
.Xr EVP_MD_CTX_cleanup 3 ,
or a memory leak will occur.
.Pp
The use of
.Xr EVP_PKEY_size 3
with these functions is discouraged because some signature operations
may have a signature length which depends on the parameters set.
As a result,
.Xr EVP_PKEY_size 3
would have to return a value which indicates the maximum possible
signature for any set of parameters.
.Sh RETURN VALUES
.Fn EVP_DigestSignInit ,
.Fn EVP_DigestSignUpdate ,
and
.Fn EVP_DigestSignFinal
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Pp
The error codes can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr evp 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_DigestVerifyInit 3




.Sh HISTORY

.Fn EVP_DigestSignInit ,
.Fn EVP_DigestSignUpdate ,
and
.Fn EVP_DigestSignFinal
were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_DigestVerifyInit.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17



18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35







36
37
38
39
40
41
42
43
44
45
46
47


48




49
50
51
52
53

54


55

56
57
58
59
60
61
62
63
64

65
66
67
68



69





70
71

72



73
74
75
76



77

78




79
80




81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

104
105
106



107

108
109




























110


111

112
113
114
115

116
117

118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147

148


149
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..



.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}







.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '


.\"




.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.


.de IX

..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{

.            nr % 0
.            nr F 2
.        \}
.    \}



.\}





.rr rF
.\" ========================================================================

.\"



.IX Title "EVP_DigestVerifyInit 3"
.TH EVP_DigestVerifyInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.



.if n .ad l

.nh




.SH "NAME"
EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP




signature verification functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
\&                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
can be used to set alternative verification options.
.PP
\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
verification context \fBctx\fR. This function can be called several times on the

same \fBctx\fR to include additional data. This function is currently implemented
using a macro.
.PP



\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in

\&\fBsig\fR of length \fBsiglen\fR.
.SH "RETURN VALUES"




























.IX Header "RETURN VALUES"


\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0

or a negative value for failure. In particular a return value of \-2 indicates
the operation is not supported by the public key algorithm.
.PP
Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only

indicates that the signature did not verify successfully (that is tbs did
not match the original data or the signature was of invalid form) it is not an

indication of a more serious error.

.PP
The error codes can be obtained from \fIERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
the use of clone digest is now discouraged.
.PP
The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can
be called later to digest and verify additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fIEVP_DigestSignInit\fR\|(3),
\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
\&\fImd5\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR


were first added to OpenSSL 1.0.0.
|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
>
>
>
|
|
|
|
|
|
|
|
<
|
|
<
<
|
>
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
<
<
<

<
<
<
>
>
|
>
>
>
>
|
|
|
<
|
>
|
>
>
|
>
|
|
|
|
|
|
<
|
|
>
|
|
|
|
>
>
>
|
>
>
>
>
>
|
<
>
|
>
>
>
|
|
<
<
>
>
>
|
>
|
>
>
>
>
|
|
>
>
>
>
|
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
|
>
|
|
|
>
>
>
|
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
>
|
|
|
|
>
|
|
>
|
>
|
|
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
>
|
|
<
<
<
|
<
>
|
>
>

1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19
20
21
22
23
24
25
26
27
28
29
30

31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50



51



52
53
54
55
56
57
58
59
60
61

62
63
64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

92
93
94
95
96
97
98


99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115









116











117
118
119
120
121
122
123
124
125
126
127

128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

173
















174
175
176
177
178



179

180
181
182
183
184
.\"	$OpenBSD: EVP_DigestVerifyInit.3,v 1.3 2016/11/26 17:40:58 schwarze Exp $
.\"	OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2014, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"

.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.



.\"



.Dd $Mdocdate: November 26 2016 $
.Dt EVP_DIGESTVERIFYINIT 3
.Os
.Sh NAME
.Nm EVP_DigestVerifyInit ,
.Nm EVP_DigestVerifyUpdate ,
.Nm EVP_DigestVerifyFinal
.Nd EVP signature verification functions
.Sh SYNOPSIS
.In openssl/evp.h

.Ft int
.Fo EVP_DigestVerifyInit
.Fa "EVP_MD_CTX *ctx"
.Fa "EVP_PKEY_CTX **pctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *e"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo EVP_DigestVerifyUpdate
.Fa "EVP_MD_CTX *ctx"
.Fa "const void *d"
.Fa "size_t cnt"

.Fc
.Ft int
.Fo EVP_DigestVerifyFinal
.Fa "EVP_MD_CTX *ctx"
.Fa "unsigned char *sig"
.Fa "size_t siglen"
.Fc
.Sh DESCRIPTION
The EVP signature routines are a high level interface to digital
signatures.
.Pp
.Fn EVP_DigestVerifyInit
sets up verification context
.Fa ctx
to use digest
.Fa type
from

.Vt ENGINE
.Fa e
and public key
.Fa pkey .
.Fa ctx
must be initialized with
.Xr EVP_MD_CTX_init 3


before calling this function.
If
.Fa pctx
is not
.Dv NULL ,
the
.Vt EVP_PKEY_CTX
of the verification operation will be written to
.Pf * Fa pctx :
this can be used to set alternative verification options.
.Pp
.Fn EVP_DigestVerifyUpdate
hashes
.Fa cnt
bytes of data at
.Fa d
into the verification context









.Fa ctx .











This function can be called several times on the same
.Fa ctx
to include additional data.
This function is currently implemented using a macro.
.Pp
.Fn EVP_DigestVerifyFinal
verifies the data in
.Fa ctx
against the signature in
.Fa sig
of length

.Fa siglen .
.Pp
The EVP interface to digital signatures should almost always be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the algorithm used
and much more flexible.
.Pp
In previous versions of OpenSSL, there was a link between message digest
types and public key algorithms.
This meant that "clone" digests such as
.Xr EVP_dss1 3
needed to be used to sign using SHA1 and DSA.
This is no longer necessary and the use of clone digest is now
discouraged.
.Pp
The call to
.Fn EVP_DigestVerifyFinal
internally finalizes a copy of the digest context.
This means that
.Xr EVP_VerifyUpdate 3
and
.Xr EVP_VerifyFinal 3
can be called later to digest and verify additional data.
.Pp
Since only a copy of the digest context is ever finalized, the context
must be cleaned up after use by calling
.Xr EVP_MD_CTX_cleanup 3
or a memory leak will occur.
.Sh RETURN VALUES
.Fn EVP_DigestVerifyInit
and
.Fn EVP_DigestVerifyUpdate
return 1 for success and 0 or a negative value for failure.
In particular a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Pp
.Fn EVP_DigestVerifyFinal
returns 1 for success; any other value indicates failure.
A return value of 0 indicates that the signature did not verify
successfully (that is, the signature did not match the original
data or the signature had an invalid form), while other values
indicate a more serious error (and sometimes also indicate an invalid
signature form).
.Pp
The error codes can be obtained from

.Xr ERR_get_error 3 .
















.Sh SEE ALSO
.Xr ERR 3 ,
.Xr evp 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_DigestSignInit 3



.Sh HISTORY

.Fn EVP_DigestVerifyInit ,
.Fn EVP_DigestVerifyUpdate ,
and
.Fn EVP_DigestVerifyFinal
were first added to OpenSSL 1.0.0.
Added jni/libressl/man/EVP_EncodeInit.3.














































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
.\"	$OpenBSD: EVP_EncodeInit.3,v 1.2 2016/11/26 19:16:58 jmc Exp $
.\"	OpenSSL f430ba31 Jun 19 19:39:01 2016 +0200
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 26 2016 $
.Dt EVP_ENCODEINIT 3
.Os
.Sh NAME
.Nm EVP_EncodeInit ,
.Nm EVP_EncodeUpdate ,
.Nm EVP_EncodeFinal ,
.Nm EVP_EncodeBlock ,
.Nm EVP_DecodeInit ,
.Nm EVP_DecodeUpdate ,
.Nm EVP_DecodeFinal ,
.Nm EVP_DecodeBlock
.Nd EVP base64 encode/decode routines
.Sh SYNOPSIS
.In openssl/evp.h
.Ft void
.Fo EVP_EncodeInit
.Fa "EVP_ENCODE_CTX *ctx"
.Fc
.Ft int
.Fo EVP_EncodeUpdate
.Fa "EVP_ENCODE_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "const unsigned char *in"
.Fa "int inl"
.Fc
.Ft void
.Fo EVP_EncodeFinal
.Fa "EVP_ENCODE_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fc
.Ft int
.Fo EVP_EncodeBlock
.Fa "unsigned char *t"
.Fa "const unsigned char *f"
.Fa "int n"
.Fc
.Ft void
.Fo EVP_DecodeInit
.Fa "EVP_ENCODE_CTX *ctx"
.Fc
.Ft int
.Fo EVP_DecodeUpdate
.Fa "EVP_ENCODE_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "const unsigned char *in"
.Fa "int inl"
.Fc
.Ft int
.Fo EVP_DecodeFinal
.Fa "EVP_ENCODE_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fc
.Ft int
.Fo EVP_DecodeBlock
.Fa "unsigned char *t"
.Fa "const unsigned char *f"
.Fa "int n"
.Fc
.Sh DESCRIPTION
The EVP encode routines provide a high level interface to base64
encoding and decoding.
Base64 encoding converts binary data into a printable form that uses
the characters A-Z, a-z, 0-9, "+" and "/" to represent the data.
For every 3 bytes of binary data provided, 4 bytes of base64-encoded
data will be produced, plus some occasional newlines.
If the input data length is not a multiple of 3, then the output data
will be padded at the end using the "=" character.
.Pp
Encoding of binary data is performed in blocks of 48 input bytes (or
less for the final block).
For each 48-byte input block encoded, 64 bytes of base64 data is output,
plus an additional newline character, i.e. 65 bytes in total.
The final block, which may be less than 48 bytes, will output 4 bytes
for every 3 bytes of input.
If the data length is not divisible by 3, then a full 4 bytes is still
output for the final 1 or 2 bytes of input.
Similarly a newline character will also be output.
.Pp
.Fn EVP_EncodeInit
initialises
.Fa ctx
for the start of a new encoding operation.
.Pp
.Fn EVP_EncodeUpdate
encodes
.Fa inl
bytes of data found in the buffer pointed to by
.Fa in .
The output is stored in the buffer
.Fa out
and the number of bytes output is stored in
.Pf * Fa outl .
It is the caller's responsibility to ensure that the buffer at
.Fa out
is sufficiently large to accommodate the output data.
Only full blocks of data (48 bytes) will be immediately processed and
output by this function.
Any remainder is held in the
.Fa ctx
object and will be processed by a subsequent call to
.Fn EVP_EncodeUpdate
or
.Fn EVP_EncodeFinal .
To calculate the required size of the output buffer, add together the
value of
.Fa inl
with the amount of unprocessed data held in
.Fa ctx
and divide the result by 48 (ignore any remainder).
This gives the number of blocks of data that will be processed.
Ensure the output buffer contains 65 bytes of storage for each block,
plus an additional byte for a NUL terminator.
.Fn EVP_EncodeUpdate
may be called repeatedly to process large amounts of input data.
In the event of an error ,
.Fn EVP_EncodeUpdate
will set
.Pf * Fa outl
to 0 and return 0.
On success 1 will be returned.
.Pp
.Fn EVP_EncodeFinal
must be called at the end of an encoding operation.
It will process any partial block of data remaining in the
.Fa ctx
object.
The output data will be stored in
.Fa out
and the length of the data written will be stored in
.Pf * Fa outl .
It is the caller's responsibility to ensure that
.Fa out
is sufficiently large to accommodate the output data, which will
never be more than 65 bytes plus an additional NUL terminator, i.e.
66 bytes in total.
.Pp
.Fn EVP_EncodeBlock
encodes a full block of input data in
.Fa f
and of length
.Fa n
and stores it in
.Fa t .
For every 3 bytes of input provided, 4 bytes of output data will be
produced.
If
.Sy n
is not divisible by 3, then the block is encoded as a final block
of data and the output is padded such that it is always divisible
by 4.
Additionally a NUL terminator character will be added.
For example, if 16 bytes of input data are provided, then 24 bytes
of encoded data is created plus 1 byte for a NUL terminator,
i.e. 25 bytes in total.
The length of the data generated
.Em without
the NUL terminator is returned from the function.
.Pp
.Fn EVP_DecodeInit
initialises
.Fa ctx
for the start of a new decoding operation.
.Pp
.Fn EVP_DecodeUpdate
decodes
.Fa inl
characters of data found in the buffer pointed to by
.Fa in .
The output is stored in the buffer
.Fa out
and the number of bytes output is stored in
.Pf * Fa outl .
It is the caller's responsibility to ensure that the buffer at
.Fa out
is sufficiently large to accommodate the output data.
This function will attempt to decode as much data as possible in 4-byte
chunks.
Any whitespace, newline or carriage return characters are ignored.
Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at
the end will be held in the
.Fa ctx
object and processed by a subsequent call to
.Fn EVP_DecodeUpdate .
If any illegal base64 characters are encountered or if the base64
padding character "=" is encountered in the middle of the data,
then the function returns -1 to indicate an error.
A return value of 0 or 1 indicates successful processing of the data.
A return value of 0 additionally indicates that the last input data
characters processed included the base64 padding character "=" and
therefore no more non-padding character data is expected to be
processed.
For every 4 valid base64 bytes processed \(em ignoring whitespace,
carriage returns and line feeds \(em 3 bytes of binary output data
will be produced, or less at the end of the data where the padding
character "=" has been used.
.Pp
.Fn EVP_DecodeFinal
must be called at the end of a decoding operation.
If there is any unprocessed data still in
.Fa ctx ,
then the input data must not have been a multiple of 4 and therefore an
error has occurred.
The function will return -1 in this case.
Otherwise the function returns 1 on success.
.Pp
.Fn EVP_DecodeBlock
will decode the block of
.Fa n
characters of base64 data contained in
.Fa f
and store the result in
.Fa t .
Any leading whitespace will be trimmed as will any trailing whitespace,
newlines, carriage returns or EOF characters.
After such trimming the length of the data in
.Fa f
must be divisible by 4.
For every 4 input bytes, exactly 3 output bytes will be produced.
The output will be padded with 0 bits if necessary to ensure that the
output is always 3 bytes for every 4 input bytes.
This function will return the length of the data decoded or -1 on error.
.Sh RETURN VALUES
.Fn EVP_EncodeUpdate
returns 0 on error or 1 on success.
.Pp
.Fn EVP_EncodeBlock
returns the number of bytes encoded excluding the NUL terminator.
.Pp
.Fn EVP_DecodeUpdate
returns -1 on error and 0 or 1 on success.
If 0 is returned, then no more non-padding base64 characters are
expected.
.Pp
.Fn EVP_DecodeFinal
returns -1 on error or 1 on success.
.Pp
.Fn EVP_DecodeBlock
returns the length of the data decoded or -1 on error.
.Sh SEE ALSO
.Xr evp 3
Changes to jni/libressl/man/EVP_EncryptInit.3.





1































2
3
4
5
6
7
8
9
10
11
12


13
14

15
16
17
18
19
20
21
22
23
24
25

26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54





















55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77















78
79
80
81
82
83
84
85
86
87


88
89
90
91
92
93

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

111
112
113

114




115


116



117


118
119




120

121




122


123



124


125
126




127

128





129


130



131


132
133




134
135




136

137
138




139
140




141

142
143




144
145





146

147
148


149




150




151






152
153


154
155



156
157







158



159



160



161



162



163




164
165


166



167



168



169



170



171
172
173


174
175
176



177
178
179
180
181
182
183
184




185















186

187


188







189
190
191
192
193
194
195
196



197


198
199








200
201







202

203
204


205











206
207
208
209
210
211
212
213















214

215
216
217
218
219
220
221
222
223

224
225
226





227

228
229

230
231
232
233
234
235
236




237


238
239

240
241

242


243
244
245


246
247







248
249
250
251
252




253
254
255
256
257

258
259
260
261
262

263
264


265
266
267
268
269
270

271






272

273
274
275

276
277
278
279

280
281

282
283

284
285
286


287





288
289
290
291
292
293
294






295







296


297

298

299





300



301
302
303
304
305
306
307

308
309
310

311
312
313

314
315
316


317





318






319
320
321
322
323
324
325


326

327
328

329



330
331



332
333






334
335
336
337




338
339
340

341


342
343


344
345
346


347





348
349







350
351
352


353
354
355




356
357






358
359

360
361
362
363











364
365



366
367
368
369
370
371
372
373
374










375
376
377
378
379
380
381
382
383
384
385
386

387







388

389
390



391
392









393
394
395
396
397
398
399

400
401
402

403

404


405




406
407

408
409




410




411
412



413
414
415
416
417

418
419
420
421
422



423


424
425
426
427
428
429
430
431
432
433
















434
435
436
437
438
439
440
441
442
443




444
445











446



447
448
449

450


451


452
453
454
455

456
457
458
459

460
461
462
463


464










465





466





467
468
469
470
471

472
473

474
475
476
477
478


479

480



481



482


483
484







485
486




487
488
489

490




491
492

493





494








495

496


497
498
499
500
501
502
503
504
505


506
507




508
509








510
511
512

513



514


515


516

517
518
519
520
521
522
523
524
525
526



527
528
529
530
531
532
533
534
535
536
537
538




539
540
541








542
543





544


545


























546
547








548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564














565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581

582




583
584
585
586
587
588

589
590
591
592
593

594
595
596
597
598
599
600



601



602
603























.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)































.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1


..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'

.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.





















.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_EncryptInit 3"
.TH EVP_EncryptInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l















.nh
.SH "NAME"
EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,


EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,

EVP_CIPHER_CTX_set_padding,  EVP_enc_null, EVP_des_cbc, EVP_des_ecb,
EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb,
EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb,
EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc,
EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc,
EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc,
EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc,
EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, 
EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm,
EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_rc5_32_12_16_cbc,
EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb
\&\- EVP cipher routines
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&

\& void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
\&
\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

\&         ENGINE *impl, unsigned char *key, unsigned char *iv);




\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,


\&         int *outl, unsigned char *in, int inl);



\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,


\&         int *outl);
\&




\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

\&         ENGINE *impl, unsigned char *key, unsigned char *iv);




\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,


\&         int *outl, unsigned char *in, int inl);



\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,


\&         int *outl);
\&




\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

\&         ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);





\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,


\&         int *outl, unsigned char *in, int inl);



\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,


\&         int *outl);
\&




\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\&         unsigned char *key, unsigned char *iv);




\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,

\&         int *outl);
\&




\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\&         unsigned char *key, unsigned char *iv);




\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,

\&         int *outl);
\&




\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\&         unsigned char *key, unsigned char *iv, int enc);





\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,

\&         int *outl);
\&


\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);




\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);




\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);






\& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
\&


\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
\& #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))



\& #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
\&







\& #define EVP_CIPHER_nid(e)              ((e)\->nid)



\& #define EVP_CIPHER_block_size(e)       ((e)\->block_size)



\& #define EVP_CIPHER_key_length(e)       ((e)\->key_len)



\& #define EVP_CIPHER_iv_length(e)                ((e)\->iv_len)



\& #define EVP_CIPHER_flags(e)            ((e)\->flags)



\& #define EVP_CIPHER_mode(e)             ((e)\->flags) & EVP_CIPH_MODE)




\& int EVP_CIPHER_type(const EVP_CIPHER *ctx);
\&


\& #define EVP_CIPHER_CTX_cipher(e)       ((e)\->cipher)



\& #define EVP_CIPHER_CTX_nid(e)          ((e)\->cipher\->nid)



\& #define EVP_CIPHER_CTX_block_size(e)   ((e)\->cipher\->block_size)



\& #define EVP_CIPHER_CTX_key_length(e)   ((e)\->key_len)



\& #define EVP_CIPHER_CTX_iv_length(e)    ((e)\->cipher\->iv_len)



\& #define EVP_CIPHER_CTX_get_app_data(e) ((e)\->app_data)
\& #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)\->app_data=(char *)(d))
\& #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))


\& #define EVP_CIPHER_CTX_flags(e)                ((e)\->cipher\->flags)
\& #define EVP_CIPHER_CTX_mode(e)         ((e)\->cipher\->flags & EVP_CIPH_MODE)
\&



\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 cipher routines are a high level interface to certain
symmetric ciphers.
.PP




\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher context \fBctx\fR.















.PP

\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption


with cipher \fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized







before calling this function. \fBtype\fR is normally supplied
by a function such as \fIEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
default implementation is used. \fBkey\fR is the symmetric key to use
and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes
used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply
the remaining parameters in subsequent calls, all of which have \fBtype\fR
set to \s-1NULL.\s0 This is done when the default cipher parameters are not



appropriate.


.PP
\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and








writes the encrypted version to \fBout\fR. This function can be called
multiple times to encrypt successive blocks of data. The amount







of data written depends on the block alignment of the encrypted data:

as a result the amount of data written may be anything from zero bytes
to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient


room. The actual number of bytes written is placed in \fBoutl\fR.











.PP
If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts
the \*(L"final\*(R" data, that is any data that remains in a partial block.
It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted
final data is written to \fBout\fR which should have sufficient space for
one cipher block. The number of bytes written is placed in \fBoutl\fR. After
this function is called the encryption operation is finished and no further
calls to \fIEVP_EncryptUpdate()\fR should be made.















.PP

If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more
data and it will return an error if any data remains in a partial block:
that is if the total data length is not a multiple of the block size.
.PP
\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the
corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an
error code if padding is enabled and the final block is not correctly
formatted. The parameters and restrictions are identical to the encryption
operations except that if padding is enabled the decrypted data buffer \fBout\fR

passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for
(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in
which case \fBinl\fR bytes is sufficient.





.PP

\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are
functions that can be used for decryption or encryption. The operation

performed depends on the value of the \fBenc\fR parameter. It should be set
to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged
(the actual value of 'enc' being supplied in a previous call).
.PP
\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context
and free up any allocated memory associate with it. It should be called
after all operations using a cipher are complete so sensitive information




does not remain in memory.


.PP
\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a

similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and
\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR parameter does not need to be

initialized and they always use the default cipher implementation.


.PP
\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are
identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and


\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also used to clean up
the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR







must be called to free any context resources.
.PP
\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an
\&\s-1ASN1_OBJECT\s0 structure.




.PP
\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure.  The actual \s-1NID\s0
value is an internal value which may not have a corresponding \s-1OBJECT
IDENTIFIER.\s0

.PP
\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
encryption operations are padded using standard block padding and the
padding is checked and removed when decrypting. If the \fBpad\fR parameter
is zero then no padding is performed, the total amount of data encrypted

or decrypted must then be a multiple of the block size or an error will
occur.


.PP
\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length
for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a
given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different

for variable key length ciphers.






.PP

\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx.
If the cipher is a fixed length cipher then attempting to set the key
length to any value other than the fixed value is an error.

.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
It will return zero if the cipher does not use an \s-1IV. \s0 The constant

\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
.PP

\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR

structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is also the maximum block
length for all ciphers.
.PP


\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed





cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT
IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object
identifier or does not have \s-1ASN1\s0 support this function will return
\&\fBNID_undef\fR.
.PP
\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed






an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.







.PP


\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode:

\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or

\&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then





\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.



.PP
\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
on the passed cipher. This will typically include any parameters and an
\&\s-1IV.\s0 The cipher \s-1IV \s0(if any) must be set when this call is made. This call
should be made before the cipher is actually \*(L"used\*(R" (before any
\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
may fail if the cipher does not have any \s-1ASN1\s0 support.

.PP
\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher

In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length.
This function should be called after the base cipher type is set but before
the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and

key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support


or the parameters cannot be set (for example the \s-1RC2\s0 effective key length





is not supported.






.PP
\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined
and set. Currently only the \s-1RC2\s0 effective key length and the number of rounds of
\&\s-1RC5\s0 can be set.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR


return 1 for success and 0 for failure.

.PP
\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for

failure.  \fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for



success.
.PP



\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for
failure.  \fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for






success.
.PP
\&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure.
.PP




\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
.PP

\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0


.PP
\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block


size.
.PP
\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key


length.





.PP
\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.







.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length or zero if the cipher does not use an \s-1IV.\s0


.PP
\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0




.PP
\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.






.PP
\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return 1 for

success or zero for failure.
.SH "CIPHER LISTING"
.IX Header "CIPHER LISTING"
All algorithms have a fixed key length unless otherwise stated.











.IP "EVP_enc_null(void)" 4
.IX Item "EVP_enc_null(void)"



Null cipher: does nothing.
.IP "EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void)" 4
.IX Item "EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void)"
128\-bit \s-1AES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void)" 4
.IX Item "EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void)"
192\-bit \s-1AES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void)" 4
.IX Item "EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void)"










256\-bit \s-1AES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4
.IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)"
\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4
.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4
.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_desx_cbc(void)" 4
.IX Item "EVP_desx_cbc(void)"

\&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode.







.IP "EVP_rc4(void)" 4

.IX Item "EVP_rc4(void)"
\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with default key length



128 bits.
.IP "EVP_rc4_40(void)" 4









.IX Item "EVP_rc4_40(void)"
\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should
use \fIEVP_rc4()\fR and the \fIEVP_CIPHER_CTX_set_key_length()\fR function.
.IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4
.IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)"
\&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4

.IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)"
\&\s-1RC2\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a
variable key length cipher with an additional parameter called \*(L"effective key

bits\*(R" or \*(L"effective key length\*(R".  By default both are set to 128 bits.

.IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4


.IX Item "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)"




\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of
40 and 64 bits.  These are obsolete and new code should use \fIEVP_rc2_cbc()\fR,

\&\fIEVP_CIPHER_CTX_set_key_length()\fR and \fIEVP_CIPHER_CTX_ctrl()\fR to set the key length
and effective key length.




.IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4




.IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);"
Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This



is a variable key length cipher.
.IP "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4
.IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)"
\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is
a variable key length cipher.

.IP "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4
.IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)"
\&\s-1RC5\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a
variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By
default the key length is set to 128 bits and 12 rounds.



.SH "NOTES"


.IX Header "NOTES"
Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the cipher used and much more flexible.
.PP
\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total
length of the encrypted data a multiple of the block size. Padding is always
added so if the data is already a multiple of the block size \fBn\fR will equal
the block size. For example if the block size is 8 and 11 bytes are to be
encrypted then 5 padding bytes of value 5 will be added.
















.PP
When decrypting the final block is checked to see if it has the correct form.
.PP
Although the decryption operation can produce an error if padding is enabled,
it is not a strong test that the input data or key is correct. A random block
has better than 1 in 256 chance of being of the correct format and problems with
the input data earlier on will not produce a final decrypt error.
.PP
If padding is disabled then the decryption operation will always succeed if
the total amount of data decrypted is a multiple of the block size.




.PP
The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR,











\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for



compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR,
\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR,
\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an

existing context without allocating and freeing it up on each call.


.SH "BUGS"


.IX Header "BUGS"
For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is
a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface.
.PP

\&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with
default key lengths. If custom ciphers exceed these values the results are
unpredictable. This is because it has become standard practice to define a
generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes.

.PP
The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested
for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode.
.SH "EXAMPLES"


.IX Header "EXAMPLES"










Get the number of rounds used in \s-1RC5:\s0





.PP





.Vb 2
\& int nrounds;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
.Ve
.PP

Get the \s-1RC2\s0 effective key length:
.PP

.Vb 2
\& int key_bits;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
.Ve
.PP


Set the number of rounds used in \s-1RC5:\s0

.PP



.Vb 2



\& int nrounds;


\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
.Ve







.PP
Set the effective key length used in \s-1RC2:\s0




.PP
.Vb 2
\& int key_bits;

\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);




.Ve
.PP

Encrypt a string using blowfish:





.PP








.Vb 10

\& int


\& do_crypt(char *outfile)
\& {
\&        unsigned char outbuf[1024];
\&        int outlen, tmplen;
\&        /*
\&         * Bogus key and IV: we\*(Aqd normally set these from
\&         * another source.
\&         */
\&        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};


\&        unsigned char iv[] = {1,2,3,4,5,6,7,8};
\&        const char intext[] = "Some Crypto Text";




\&        EVP_CIPHER_CTX ctx;
\&        FILE *out;








\&        EVP_CIPHER_CTX_init(&ctx);
\&        EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
\&

\&        if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,



\&            strlen(intext))) {


\&                /* Error */


\&                return 0;

\&        }
\&        /*
\&         * Buffer passed to EVP_EncryptFinal() must be after data just
\&         * encrypted to avoid overwriting it.
\&         */
\&        if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) {
\&                /* Error */
\&                return 0;
\&        }
\&        outlen += tmplen;



\&        EVP_CIPHER_CTX_cleanup(&ctx);
\&        /*
\&         * Need binary mode for fopen because encrypted data is
\&         * binary data. Also cannot use strlen() on it because
\&         * it won\*(Aqt be NUL terminated and may contain embedded
\&         * NULs.
\&         */
\&        out = fopen(outfile, "wb");
\&        fwrite(outbuf, 1, outlen, out);
\&        fclose(out);
\&        return 1;
\& }




.Ve
.PP
The ciphertext from the above example can be decrypted using the \fBopenssl\fR








utility with the command line:
.PP





.Vb 1


\& S<openssl bf \-in cipher.bin \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 \-d>


























.Ve
.PP








General encryption, decryption function example using \s-1FILE I/O\s0 and \s-1RC2\s0 with an
80 bit key:
.PP
.Vb 12
\& int
\& do_crypt(FILE *in, FILE *out, int do_encrypt)
\& {
\&        /* Allow enough space in output buffer for additional block */
\&        inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
\&        int inlen, outlen;
\&        /*
\&         * Bogus key and IV: we\*(Aqd normally set these from
\&         * another source.
\&         */
\&        unsigned char key[] = "0123456789";
\&        unsigned char iv[] = "12345678";
\&














\&        /* Don\*(Aqt set key or IV because we will modify the parameters */
\&        EVP_CIPHER_CTX_init(&ctx);
\&        EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
\&        EVP_CIPHER_CTX_set_key_length(&ctx, 10);
\&        /* We finished modifying parameters so now we can set key and IV */
\&        EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
\&
\&        for(;;) {
\&                inlen = fread(inbuf, 1, 1024, in);
\&                if (inlen <= 0)
\&                        break;
\&                if (!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf,
\&                    inlen)) {
\&                        /* Error */
\&                        EVP_CIPHER_CTX_cleanup(&ctx);
\&                        return 0;
\&                }

\&                fwrite(outbuf, 1, outlen, out);




\&        }
\&        if (!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) {
\&                /* Error */
\&                EVP_CIPHER_CTX_cleanup(&ctx);
\&                return 0;
\&        }

\&        fwrite(outbuf, 1, outlen, out);
\&
\&        EVP_CIPHER_CTX_cleanup(&ctx);
\&        return 1;
\& }

.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR,



\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR,



\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in
OpenSSL 0.9.7.


















>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
|
|
|
|
|
|
>
>
|
<
>
|
|
|
<
<
|
|
|
|
|
|
>
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<
<
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
<
>
|
<
<
<
<
<
<
|
<
<
<
|
<
<
|
|
<
>
|
<
|
>
|
>
>
>
>
|
>
>
|
>
>
>
|
>
>
|
<
>
>
>
>
|
>
|
>
>
>
>
|
>
>
|
>
>
>
|
>
>
|
<
>
>
>
>
|
>
|
>
>
>
>
>
|
>
>
|
>
>
>
|
>
>
|
<
>
>
>
>
|
|
>
>
>
>
|
>
|
<
>
>
>
>
|
|
>
>
>
>
|
>
|
<
>
>
>
>
|
|
>
>
>
>
>
|
>
|
<
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
>
|
<
>
>
|
|
>
>
>
|
<
>
>
>
>
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
>
|
<
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
|
<
>
>
|
|
<
>
>
>
|
|
|
<
<
<
<
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
>
|
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
>
>
>
|
>
>
|
|
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
|
>
|
<
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|
<
<
<
|
|
<
>
|
<
|
>
>
>
>
>
|
>
|
|
>
|
<
<
|
|
|
|
>
>
>
>
|
>
>
|
<
>
|
<
>
|
>
>
|
|
<
>
>
|
<
>
>
>
>
>
>
>
|
|
<
|
<
>
>
>
>
|
<
|
|
<
>
|
|
|
|
|
>
|
|
>
>
|
<
<
<
|
|
>
|
>
>
>
>
>
>
|
>
|
<
<
>
|
<
|
|
>
|
<
>
|
|
>
|
<
|
>
>
|
>
>
>
>
>
|
|
<
<
<
|
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
>
>
|
>
|
>
|
>
>
>
>
>
|
>
>
>
|
|
|
<
|
<
<
>
|
|
<
>
|
|
|
>
|
<
|
>
>
|
>
>
>
>
>
|
>
>
>
>
>
>
|
|
|
|
|
|
|
>
>
|
>
|
<
>
|
>
>
>
|
|
>
>
>
|
|
>
>
>
>
>
>
|
|
|
|
>
>
>
>
|
|
<
>
|
>
>
|
|
>
>
|
<
<
>
>
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
|
|
|
>
>
|
<
<
>
>
>
>
|
<
>
>
>
>
>
>
|
<
>
|
<
<
<
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
|
<
<
<
<
<
<
<
<
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
<
|
|
>
|
>
>
>
>
>
>
>
|
>
|
<
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
<
|
>
|
|
<
>
|
>
|
>
>
|
>
>
>
>
|
<
>
|
|
>
>
>
>
|
>
>
>
>
|
<
>
>
>
|
|
|
<
|
>
|
|
|
|
|
>
>
>
|
>
>
|
<
<
|
|
<
<
<
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
|
<
<
>
|
>
>
|
>
>
|
|
<
|
>
|
|
|
|
>
|
<
|
|
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
>
|
<
|
|
|
>
|
|
>
|
<
|
|
|
>
>
|
>
|
>
>
>
|
>
>
>
|
>
>
|
|
>
>
>
>
>
>
>
|
<
>
>
>
>
|
<
<
>
|
>
>
>
>
|
|
>
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
|
>
>
|
<
<
<
<
<
<
<
<
>
>
|
|
>
>
>
>
|
<
>
>
>
>
>
>
>
>
|
|
<
>
|
>
>
>
|
>
>
|
>
>
|
>
|
|
|
<
|
<
<
|
<
<
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
>
|
>
>
>
>
|
<
<
<
<
<
>
|
|
|
|
<
>
|
|
<
|
|
<
|
>
>
>
|
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

52
53
54
55


56
57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149


150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

165
166






167



168


169
170

171
172

173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235

236
237
238
239
240
241
242
243
244
245
246
247
248

249
250
251
252
253
254
255
256
257
258
259
260
261

262
263
264
265
266
267
268
269
270
271
272
273
274
275

276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295

296
297
298
299
300
301
302
303

304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336

337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360

361
362
363
364

365
366
367
368
369
370




371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405







406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422

423
424
425
426
427
428
429
430
431
432

433
434
435
436
437
438
439
440
441
442
443
444
445
446
447






448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468



469
470

471
472

473
474
475
476
477
478
479
480
481
482
483
484


485
486
487
488
489
490
491
492
493
494
495
496

497
498

499
500
501
502
503
504

505
506
507

508
509
510
511
512
513
514
515
516

517

518
519
520
521
522

523
524

525
526
527
528
529
530
531
532
533
534
535
536



537
538
539
540
541
542
543
544
545
546
547
548
549


550
551

552
553
554
555

556
557
558
559
560

561
562
563
564
565
566
567
568
569
570
571



572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607

608


609
610
611

612
613
614
615
616
617

618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645

646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673

674
675
676
677
678
679
680
681
682


683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705


706
707
708
709
710

711
712
713
714
715
716
717

718
719



720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736








737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755

756
757
758
759
760
761
762
763
764
765
766
767
768
769

770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788

789
790
791
792

793
794
795
796
797
798
799
800
801
802
803
804

805
806
807
808
809
810
811
812
813
814
815
816
817

818
819
820
821
822
823

824
825
826
827
828
829
830
831
832
833
834
835
836
837


838
839



840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872

873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888


889
890
891
892
893
894
895
896
897

898
899
900
901
902
903
904
905

906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933

934
935
936
937
938
939
940
941

942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969

970
971
972
973
974


975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004








1005
1006
1007
1008
1009
1010
1011
1012
1013

1014
1015
1016
1017
1018
1019
1020
1021
1022
1023

1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039

1040


1041


1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072

1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119















1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149

1150
1151
1152
1153
1154
1155
1156





1157
1158
1159
1160
1161

1162
1163
1164

1165
1166

1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
.\"	$OpenBSD: EVP_EncryptInit.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000-2002, 2005, 2012-2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 25 2016 $
.Dt EVP_ENCRYPTINIT 3
.Os
.Sh NAME


.Nm EVP_CIPHER_CTX_new ,
.Nm EVP_CIPHER_CTX_init ,
.Nm EVP_CIPHER_CTX_free ,
.Nm EVP_EncryptInit_ex ,
.Nm EVP_EncryptUpdate ,
.Nm EVP_EncryptFinal_ex ,
.Nm EVP_DecryptInit_ex ,
.Nm EVP_DecryptUpdate ,

.Nm EVP_DecryptFinal_ex ,
.Nm EVP_CipherInit_ex ,
.Nm EVP_CipherUpdate ,
.Nm EVP_CipherFinal_ex ,
.Nm EVP_EncryptInit ,
.Nm EVP_EncryptFinal ,
.Nm EVP_DecryptInit ,
.Nm EVP_DecryptFinal ,
.Nm EVP_CipherInit ,
.Nm EVP_CipherFinal ,
.Nm EVP_CIPHER_CTX_set_padding ,
.Nm EVP_CIPHER_CTX_set_key_length ,
.Nm EVP_CIPHER_CTX_ctrl ,
.Nm EVP_CIPHER_CTX_cleanup ,
.Nm EVP_get_cipherbyname ,
.Nm EVP_get_cipherbynid ,
.Nm EVP_get_cipherbyobj ,
.Nm EVP_CIPHER_nid ,
.Nm EVP_CIPHER_block_size ,
.Nm EVP_CIPHER_key_length ,
.Nm EVP_CIPHER_iv_length ,
.Nm EVP_CIPHER_flags ,
.Nm EVP_CIPHER_mode ,
.Nm EVP_CIPHER_type ,
.Nm EVP_CIPHER_CTX_cipher ,
.Nm EVP_CIPHER_CTX_nid ,
.Nm EVP_CIPHER_CTX_block_size ,
.Nm EVP_CIPHER_CTX_key_length ,
.Nm EVP_CIPHER_CTX_iv_length ,
.Nm EVP_CIPHER_CTX_get_app_data ,
.Nm EVP_CIPHER_CTX_set_app_data ,
.Nm EVP_CIPHER_CTX_type ,
.Nm EVP_CIPHER_CTX_flags ,
.Nm EVP_CIPHER_CTX_mode ,
.Nm EVP_CIPHER_param_to_asn1 ,
.Nm EVP_CIPHER_asn1_to_param ,
.Nm EVP_enc_null ,
.Nm EVP_des_cbc ,
.Nm EVP_des_ecb ,
.Nm EVP_des_cfb ,
.Nm EVP_des_ofb ,
.Nm EVP_des_ede_cbc ,
.Nm EVP_des_ede ,
.Nm EVP_des_ede_ofb ,
.Nm EVP_des_ede_cfb ,
.Nm EVP_des_ede3_cbc ,
.Nm EVP_des_ede3 ,
.Nm EVP_des_ede3_ofb ,
.Nm EVP_des_ede3_cfb ,
.Nm EVP_desx_cbc ,
.Nm EVP_rc4 ,
.Nm EVP_rc4_40 ,
.Nm EVP_idea_cbc ,
.Nm EVP_idea_ecb ,
.Nm EVP_idea_cfb ,
.Nm EVP_idea_ofb ,
.Nm EVP_rc2_cbc ,
.Nm EVP_rc2_ecb ,
.Nm EVP_rc2_cfb ,
.Nm EVP_rc2_ofb ,
.Nm EVP_rc2_40_cbc ,
.Nm EVP_rc2_64_cbc ,
.Nm EVP_bf_cbc ,
.Nm EVP_bf_ecb ,
.Nm EVP_bf_cfb ,
.Nm EVP_bf_ofb ,
.Nm EVP_cast5_cbc ,
.Nm EVP_cast5_ecb ,
.Nm EVP_cast5_cfb ,
.Nm EVP_cast5_ofb ,
.Nm EVP_aes_128_cbc ,
.Nm EVP_aes_128_ecb ,
.Nm EVP_aes_128_cfb ,
.Nm EVP_aes_128_ofb ,
.Nm EVP_aes_192_cbc ,
.Nm EVP_aes_192_ecb ,
.Nm EVP_aes_192_cfb ,
.Nm EVP_aes_192_ofb ,
.Nm EVP_aes_256_cbc ,
.Nm EVP_aes_256_ecb ,
.Nm EVP_aes_256_cfb ,
.Nm EVP_aes_256_ofb ,
.Nm EVP_aes_128_gcm ,
.Nm EVP_aes_192_gcm ,
.Nm EVP_aes_256_gcm ,
.Nm EVP_aes_128_ccm ,


.Nm EVP_aes_192_ccm ,
.Nm EVP_aes_256_ccm ,
.Nm EVP_rc5_32_12_16_cbc ,
.Nm EVP_rc5_32_12_16_cfb ,
.Nm EVP_rc5_32_12_16_ecb ,
.Nm EVP_rc5_32_12_16_ofb ,
.Nm EVP_chacha20
.Nd EVP cipher routines
.Sh SYNOPSIS
.In openssl/evp.h
.Ft EVP_CIPHER_CTX *
.Fn EVP_CIPHER_CTX_new void
.Ft void
.Fo EVP_CIPHER_CTX_init
.Fa "EVP_CIPHER_CTX *ctx"

.Fc
.Ft void






.Fo EVP_CIPHER_CTX_free



.Fa "EVP_CIPHER_CTX *ctx"


.Fc
.Ft int

.Fo EVP_EncryptInit_ex
.Fa "EVP_CIPHER_CTX *ctx"

.Fa "const EVP_CIPHER *type"
.Fa "ENGINE *impl"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fc
.Ft int
.Fo EVP_EncryptUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "unsigned char *in"
.Fa "int inl"
.Fc
.Ft int
.Fo EVP_EncryptFinal_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"

.Fc
.Ft int
.Fo EVP_DecryptInit_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "ENGINE *impl"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fc
.Ft int
.Fo EVP_DecryptUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "unsigned char *in"
.Fa "int inl"
.Fc
.Ft int
.Fo EVP_DecryptFinal_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"

.Fc
.Ft int
.Fo EVP_CipherInit_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "ENGINE *impl"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fa "int enc"
.Fc
.Ft int
.Fo EVP_CipherUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "unsigned char *in"
.Fa "int inl"
.Fc
.Ft int
.Fo EVP_CipherFinal_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"

.Fc
.Ft int
.Fo EVP_EncryptInit
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fc
.Ft int
.Fo EVP_EncryptFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"

.Fc
.Ft int
.Fo EVP_DecryptInit
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fc
.Ft int
.Fo EVP_DecryptFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"

.Fc
.Ft int
.Fo EVP_CipherInit
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "unsigned char *key"
.Fa "unsigned char *iv"
.Fa "int enc"
.Fc
.Ft int
.Fo EVP_CipherFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"

.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_padding
.Fa "EVP_CIPHER_CTX *x"
.Fa "int padding"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_key_length
.Fa "EVP_CIPHER_CTX *x"
.Fa "int keylen"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_ctrl
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int type"
.Fa "int arg"
.Fa "void *ptr"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_cleanup

.Fa "EVP_CIPHER_CTX *ctx"
.Fc
.Ft const EVP_CIPHER *
.Fo EVP_get_cipherbyname
.Fa "const char *name"
.Fc
.Ft const EVP_CIPHER *
.Fo EVP_get_cipherbynid

.Fa "int nid"
.Fc
.Ft const EVP_CIPHER *
.Fo EVP_get_cipherbyobj
.Fa "const ASN1_OBJECT *a"
.Fc
.Ft int
.Fo EVP_CIPHER_nid
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_block_size
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_key_length
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_iv_length
.Fa "const EVP_CIPHER *e"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_flags
.Fa "const EVP_CIPHER *e"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_mode
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_type
.Fa "const EVP_CIPHER *ctx"

.Fc
.Ft const EVP_CIPHER *
.Fo EVP_CIPHER_CTX_cipher
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_nid
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_block_size
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_key_length
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_iv_length
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft void *
.Fo EVP_CIPHER_CTX_get_app_data
.Fa "const EVP_CIPHER_CTX *ctx"

.Fc
.Ft void
.Fo EVP_CIPHER_CTX_set_app_data
.Fa "const EVP_CIPHER_CTX *ctx"

.Fa "void *data"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_type
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc




.Ft unsigned long
.Fo EVP_CIPHER_CTX_flags
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_CTX_mode
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_param_to_asn1
.Fa "EVP_CIPHER_CTX *c"
.Fa "ASN1_TYPE *type"
.Fc
.Ft int
.Fo EVP_CIPHER_asn1_to_param
.Fa "EVP_CIPHER_CTX *c"
.Fa "ASN1_TYPE *type"
.Fc
.Sh DESCRIPTION
The EVP cipher routines are a high level interface to certain symmetric
ciphers.
.Pp
.Fn EVP_CIPHER_CTX_new
creates a cipher context.
.Pp
.Fn EVP_CIPHER_CTX_init
initializes the cipher context
.Fa ctx .
.Pp
.Fn EVP_CIPHER_CTX_free
clears all information from a cipher context and frees up any
allocated memory associate with it, including
.Fa ctx
itself.
This function should be called after all operations using a cipher







are complete, so sensitive information does not remain in memory.
If
.Fa ctx
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn EVP_EncryptInit_ex
sets up the cipher context
.Fa ctx
for encryption with cipher
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa ctx
must be initialized before calling this function.

.Fa type
is normally supplied by a function such as
.Fn EVP_aes_256_cbc .
If
.Fa impl
is
.Dv NULL ,
then the default implementation is used.
.Fa key
is the symmetric key to use and

.Fa iv
is the IV to use (if necessary).
The actual number of bytes used for the
key and IV depends on the cipher.
It is possible to set all parameters to
.Dv NULL
except
.Fa type
in an initial call and supply the remaining parameters in subsequent
calls, all of which have
.Fa type
set to
.Dv NULL .
This is done when the default cipher parameters are not appropriate.
.Pp






.Fn EVP_EncryptUpdate
encrypts
.Fa inl
bytes from the buffer
.Fa in
and writes the encrypted version to
.Fa out .
This function can be called multiple times to encrypt successive blocks
of data.
The amount of data written depends on the block alignment of the
encrypted data: as a result the amount of data written may be anything
from zero bytes to (inl + cipher_block_size - 1) so
.Fa out
should contain sufficient room.
The actual number of bytes written is placed in
.Fa outl .
.Pp
If padding is enabled (the default) then
.Fn EVP_EncryptFinal_ex
encrypts the "final" data, that is any data that remains in a partial
block.



It uses NOTES (aka PKCS padding).
The encrypted final data is written to

.Fa out
which should have sufficient space for one cipher block.

The number of bytes written is placed in
.Fa outl .
After this function is called the encryption operation is finished and
no further calls to
.Fn EVP_EncryptUpdate
should be made.
.Pp
If padding is disabled then
.Fn EVP_EncryptFinal_ex
will not encrypt any more data and it will return an error if any data
remains in a partial block: that is if the total data length is not a
multiple of the block size.


.Pp
.Fn EVP_DecryptInit_ex ,
.Fn EVP_DecryptUpdate ,
and
.Fn EVP_DecryptFinal_ex
are the corresponding decryption operations.
.Fn EVP_DecryptFinal
will return an error code if padding is enabled and the final block is
not correctly formatted.
The parameters and restrictions are identical to the encryption
operations except that if padding is enabled the decrypted data buffer
.Fa out

passed to
.Fn EVP_DecryptUpdate

should have sufficient room for (inl + cipher_block_size) bytes
unless the cipher block size is 1 in which case
.Fa inl
bytes is sufficient.
.Pp
.Fn EVP_CipherInit_ex ,

.Fn EVP_CipherUpdate ,
and
.Fn EVP_CipherFinal_ex

are functions that can be used for decryption or encryption.
The operation performed depends on the value of the
.Fa enc
parameter.
It should be set to 1 for encryption, 0 for decryption and -1 to leave
the value unchanged (the actual value of
.Fa enc
being supplied in a previous call).
.Pp

.Fn EVP_CIPHER_CTX_cleanup

clears all information from a cipher context and free up any allocated
memory associated with it.
It should be called after all operations using a cipher are complete so
sensitive information does not remain in memory.
.Pp

.Fn EVP_EncryptInit ,
.Fn EVP_DecryptInit ,

and
.Fn EVP_CipherInit
behave in a similar way to
.Fn EVP_EncryptInit_ex ,
.Fn EVP_DecryptInit_ex ,
and
.Fn EVP_CipherInit_ex
except the
.Fa ctx
parameter does not need to be initialized and they always use the
default cipher implementation.
.Pp



.Fn EVP_EncryptFinal ,
.Fn EVP_DecryptFinal ,
and
.Fn EVP_CipherFinal
are identical to
.Fn EVP_EncryptFinal_ex ,
.Fn EVP_DecryptFinal_ex ,
and
.Fn EVP_CipherFinal_ex .
In previous releases of OpenSSL, they also used to clean up the
.Fa ctx ,
but this is no longer done and
.Fn EVP_CIPHER_CTX_cleanup


must be called to free any context resources.
.Pp

.Fn EVP_get_cipherbyname ,
.Fn EVP_get_cipherbynid ,
and
.Fn EVP_get_cipherbyobj

return an
.Vt EVP_CIPHER
structure when passed a cipher name, a NID or an
.Vt ASN1_OBJECT
structure.

.Pp
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
return the NID of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The actual NID value is an internal value which may not have a
corresponding OBJECT IDENTIFIER.



.Pp
.Fn EVP_CIPHER_CTX_set_padding
enables or disables padding.
This function should be called after the context is set up for
encryption or decryption with
.Fn EVP_EncryptInit_ex ,
.Fn EVP_DecryptInit_ex ,
or
EVP_CipherInit_ex .
By default encryption operations are padded using standard block padding
and the padding is checked and removed when decrypting.
If the
.Fa padding
parameter is zero, then no padding is performed, the total amount of data
encrypted or decrypted must then be a multiple of the block size or an
error will occur.
.Pp
.Fn EVP_CIPHER_key_length
and
.Fn EVP_CIPHER_CTX_key_length
return the key length of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The constant
.Dv EVP_MAX_KEY_LENGTH
is the maximum key length for all ciphers.
Note: although
.Fn EVP_CIPHER_key_length
is fixed for a given cipher, the value of
.Fn EVP_CIPHER_CTX_key_length
may be different for variable key length ciphers.
.Pp
.Fn EVP_CIPHER_CTX_set_key_length
sets the key length of the cipher ctx.

If the cipher is a fixed length cipher, then attempting to set the key


length to any value other than the fixed value is an error.
.Pp
.Fn EVP_CIPHER_iv_length

and
.Fn EVP_CIPHER_CTX_iv_length
return the IV length of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX .

It will return zero if the cipher does not use an IV.
The constant
.Dv EVP_MAX_IV_LENGTH
is the maximum IV length for all ciphers.
.Pp
.Fn EVP_CIPHER_block_size
and
.Fn EVP_CIPHER_CTX_block_size
return the block size of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The constant
.Dv EVP_MAX_BLOCK_LENGTH
is also the maximum block length for all ciphers.
.Pp
.Fn EVP_CIPHER_type
and
.Fn EVP_CIPHER_CTX_type
return the type of the passed cipher or context.
This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
same NID.
If the cipher does not have an object identifier or does not
have ASN.1 support this function will return
.Dv NID_undef .
.Pp

.Fn EVP_CIPHER_CTX_cipher
returns the
.Vt EVP_CIPHER
structure when passed an
.Vt EVP_CIPHER_CTX
structure.
.Pp
.Fn EVP_CIPHER_mode
and
.Fn EVP_CIPHER_CTX_mode
return the block cipher mode:
.Dv EVP_CIPH_ECB_MODE ,
.Dv EVP_CIPH_CBC_MODE ,
.Dv EVP_CIPH_CFB_MODE ,
or
.Dv EVP_CIPH_OFB_MODE .
If the cipher is a stream cipher then
.Dv EVP_CIPH_STREAM_CIPHER
is returned.
.Pp
.Fn EVP_CIPHER_param_to_asn1
sets the ASN.1
.Vt AlgorithmIdentifier
parameter based on the passed cipher.
This will typically include any parameters and an IV.
The cipher IV (if any) must be set when this call is made.
This call should be made before the cipher is actually "used" (before any
.Fn EVP_EncryptUpdate

or
.Fn EVP_DecryptUpdate
calls, for example).
This function may fail if the cipher does not have any ASN.1 support.
.Pp
.Fn EVP_CIPHER_asn1_to_param
sets the cipher parameters based on an ASN.1
.Vt AlgorithmIdentifier
parameter.


The precise effect depends on the cipher.
In the case of RC2, for example, it will set the IV and effective
key length.
This function should be called after the base cipher type is set but
before the key is set.
For example
.Fn EVP_CipherInit
will be called with the IV and key set to
.Dv NULL ,
.Fn EVP_CIPHER_asn1_to_param
will be called and finally
.Fn EVP_CipherInit
again with all parameters except the key set to
.Dv NULL .
It is possible for this function to fail if the cipher does not
have any ASN.1 support or the parameters cannot be set (for example
the RC2 effective key length is not supported).
.Pp
.Fn EVP_CIPHER_CTX_ctrl
allows various cipher specific parameters to be determined and set.
Currently only the RC2 effective key length and the number of rounds of
RC5 can be set.
.Pp


Where possible the EVP interface to symmetric ciphers should be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the cipher used and
much more flexible.
.Pp

PKCS padding works by adding n padding bytes of value n to make the
total length of the encrypted data a multiple of the block size.
Padding is always added so if the data is already a multiple of the
block size n will equal the block size.
For example if the block size is 8 and 11 bytes are to be encrypted then
5 padding bytes of value 5 will be added.
.Pp

When decrypting the final block is checked to see if it has the correct
form.



.Pp
Although the decryption operation can produce an error if padding is
enabled, it is not a strong test that the input data or key is correct.
A random block has better than 1 in 256 chance of being of the correct
format and problems with the input data earlier on will not produce a
final decrypt error.
.Pp
If padding is disabled then the decryption operation will always succeed
if the total amount of data decrypted is a multiple of the block size.
.Pp
The functions
.Fn EVP_EncryptInit ,
.Fn EVP_EncryptFinal ,
.Fn EVP_DecryptInit ,
.Fn EVP_CipherInit ,
and
.Fn EVP_CipherFinal








are obsolete but are retained for compatibility with existing code.
New code should use
.Fn EVP_EncryptInit_ex ,
.Fn EVP_EncryptFinal_ex ,
.Fn EVP_DecryptInit_ex ,
.Fn EVP_DecryptFinal_ex ,
.Fn EVP_CipherInit_ex ,
and
.Fn EVP_CipherFinal_ex
because they can reuse an existing context without allocating and
freeing it up on each call.
.Pp
.Fn EVP_get_cipherbynid
and
.Fn EVP_get_cipherbyobj
are implemented as macros.
.Sh RETURN VALUES
.Fn EVP_CIPHER_CTX_new
returns a pointer to a newly created

.Vt EVP_CIPHER_CTX
for success or
.Dv NULL
for failure.
.Pp
.Fn EVP_EncryptInit_ex ,
.Fn EVP_EncryptUpdate ,
and
.Fn EVP_EncryptFinal_ex
return 1 for success and 0 for failure.
.Pp
.Fn EVP_DecryptInit_ex
and
.Fn EVP_DecryptUpdate

return 1 for success and 0 for failure.
.Fn EVP_DecryptFinal_ex
returns 0 if the decrypt failed or 1 for success.
.Pp
.Fn EVP_CipherInit_ex
and
.Fn EVP_CipherUpdate
return 1 for success and 0 for failure.
.Fn EVP_CipherFinal_ex
returns 0 for a decryption failure or 1 for success.
.Pp
.Fn EVP_CIPHER_CTX_cleanup
returns 1 for success and 0 for failure.
.Pp
.Fn EVP_get_cipherbyname ,
.Fn EVP_get_cipherbynid ,
and
.Fn EVP_get_cipherbyobj
return an

.Vt EVP_CIPHER
structure or
.Dv NULL
on error.

.Pp
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
return a NID.
.Pp
.Fn EVP_CIPHER_block_size
and
.Fn EVP_CIPHER_CTX_block_size
return the block size.
.Pp
.Fn EVP_CIPHER_key_length

and
.Fn EVP_CIPHER_CTX_key_length
return the key length.
.Pp
.Fn EVP_CIPHER_CTX_set_padding
always returns 1.
.Pp
.Fn EVP_CIPHER_iv_length
and
.Fn EVP_CIPHER_CTX_iv_length
return the IV length or zero if the cipher does not use an IV.
.Pp
.Fn EVP_CIPHER_type

and
.Fn EVP_CIPHER_CTX_type
return the NID of the cipher's OBJECT IDENTIFIER or
.Dv NID_undef
if it has no defined OBJECT IDENTIFIER.
.Pp

.Fn EVP_CIPHER_CTX_cipher
returns an
.Vt EVP_CIPHER
structure.
.Pp
.Fn EVP_CIPHER_param_to_asn1
and
.Fn EVP_CIPHER_asn1_to_param
return greater than zero for success and zero or a negative number
for failure.
.Sh CIPHER LISTING
All algorithms have a fixed key length unless otherwise stated.
.Bl -tag -width Ds
.It Fn EVP_enc_null


Null cipher: does nothing.
.It Xo



.Fn EVP_aes_128_cbc ,
.Fn EVP_aes_128_ecb ,
.Fn EVP_aes_128_cfb ,
.Fn EVP_aes_128_ofb
.Xc
AES with a 128-bit key in CBC, ECB, CFB and OFB modes respectively.
.It Xo
.Fn EVP_aes_192_cbc ,
.Fn EVP_aes_192_ecb ,
.Fn EVP_aes_192_cfb ,
.Fn EVP_aes_192_ofb
.Xc
AES with a 192-bit key in CBC, ECB, CFB and OFB modes respectively.
.It Xo
.Fn EVP_aes_256_cbc ,
.Fn EVP_aes_256_ecb ,
.Fn EVP_aes_256_cfb ,
.Fn EVP_aes_256_ofb
.Xc
AES with a 256-bit key in CBC, ECB, CFB and OFB modes respectively.
.It Xo
.Fn EVP_des_cbc ,
.Fn EVP_des_ecb ,
.Fn EVP_des_cfb ,
.Fn EVP_des_ofb
.Xc
DES in CBC, ECB, CFB and OFB modes respectively.
.It Xo
.Fn EVP_des_ede_cbc ,
.Fn EVP_des_ede ,
.Fn EVP_des_ede_ofb ,
.Fn EVP_des_ede_cfb
.Xc

Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
.It Xo
.Fn EVP_des_ede3_cbc ,
.Fn EVP_des_ede3 ,
.Fn EVP_des_ede3_ofb ,
.Fn EVP_des_ede3_cfb
.Xc
Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
.It Fn EVP_desx_cbc
DESX algorithm in CBC mode.
.It Fn EVP_rc4
RC4 stream cipher.
This is a variable key length cipher with default key length 128 bits.
.It Fn EVP_rc4_40
RC4 stream cipher with 40-bit key length.
This is obsolete and new code should use


.Fn EVP_rc4
and the
.Fn EVP_CIPHER_CTX_set_key_length
function.
.It Xo
.Fn EVP_idea_cbc ,
.Fn EVP_idea_ecb ,
.Fn EVP_idea_cfb ,
.Fn EVP_idea_ofb

.Xc
IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
.It Xo
.Fn EVP_rc2_cbc ,
.Fn EVP_rc2_ecb ,
.Fn EVP_rc2_cfb ,
.Fn EVP_rc2_ofb
.Xc

RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
This is a variable key length cipher with an additional parameter called
"effective key bits" or "effective key length".
By default both are set to 128 bits.
.It Xo
.Fn EVP_rc2_40_cbc ,
.Fn EVP_rc2_64_cbc
.Xc
RC2 algorithm in CBC mode with a default key length and effective key
length of 40 and 64 bits.
These are obsolete and new code should use
.Fn EVP_rc2_cbc ,
.Fn EVP_CIPHER_CTX_set_key_length ,
and
.Fn EVP_CIPHER_CTX_ctrl
to set the key length and effective key length.
.It Xo
.Fn EVP_bf_cbc ,
.Fn EVP_bf_ecb ,
.Fn EVP_bf_cfb ,
.Fn EVP_bf_ofb
.Xc
Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes
respectively.
This is a variable key length cipher.
.It Xo
.Fn EVP_cast5_cbc ,
.Fn EVP_cast5_ecb ,

.Fn EVP_cast5_cfb ,
.Fn EVP_cast5_ofb
.Xc
CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
This is a variable key length cipher.
.It Xo
.Fn EVP_rc5_32_12_16_cbc ,
.Fn EVP_rc5_32_12_16_ecb ,

.Fn EVP_rc5_32_12_16_cfb ,
.Fn EVP_rc5_32_12_16_ofb
.Xc
RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
This is a variable key length cipher with an additional "number of
rounds" parameter.
By default the key length is set to 128 bits and 12 rounds.
.It Xo
.Fn EVP_aes_128_gcm ,
.Fn EVP_aes_192_gcm ,
.Fn EVP_aes_256_gcm
.Xc
AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
These ciphers require additional control operations to function
correctly: see the GCM mode section below for details.
.It Xo
.Fn EVP_aes_128_ccm ,
.Fn EVP_aes_192_ccm ,
.Fn EVP_aes_256_ccm
.Xc
AES Counter with CBC-MAC Mode (CCM) for 128, 192 and 256 bit keys
respectively.
These ciphers require additional control operations to function
correctly: see CCM mode section below for details.
.It Fn EVP_chacha20
The ChaCha20 stream cipher.
The key length is 256 bits, the IV is 96 bits long.
.El

.Ss GCM mode
For GCM mode ciphers, the behaviour of the EVP interface
is subtly altered and several additional ctrl operations are
supported.
.Pp


To specify any additional authenticated data (AAD), a call to
.Fn EVP_CipherUpdate ,
.Fn EVP_EncryptUpdate ,
or
.Fn EVP_DecryptUpdate
should be made with the output parameter out set to
.Dv NULL .
.Pp
When decrypting, the return value of
.Fn EVP_DecryptFinal
or
.Fn EVP_CipherFinal
indicates if the operation was successful.
If it does not indicate success, the authentication operation has
failed and any output data MUST NOT be used as it is corrupted.
.Pp
The following ctrls are supported in GCM mode:
.Bl -tag -width Ds
.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL
Sets the IV length: this call can only be made before specifying an IV.
If not called, a default IV length is used.
For GCM AES the default is 12, i.e. 96 bits.
.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag
Writes
.Fa taglen
bytes of the tag value to the buffer indicated by
.Fa tag .
This call can only be made when encrypting data and after all data has
been processed, e.g. after an
.Fn EVP_EncryptFinal








call.
.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag
Sets the expected tag to
.Fa taglen
bytes from
.Fa tag .
This call is only legal when decrypting data and must be made before
any data is processed, e.g. before any
.Fa EVP_DecryptUpdate

call.
.El
.Ss CCM mode
The behaviour of CCM mode ciphers is similar to GCM mode, but with
a few additional requirements and different ctrl values.
.Pp
Like GCM mode any additional authenticated data (AAD) is passed
by calling
.Fn EVP_CipherUpdate ,
.Fn EVP_EncryptUpdate ,

or
.Fn EVP_DecryptUpdate
with the output parameter out set to
.Dv NULL .
Additionally, the total
plaintext or ciphertext length MUST be passed to
.Fn EVP_CipherUpdate ,
.Fn EVP_EncryptUpdate ,
or
.Fn EVP_DecryptUpdate
with the output and input
parameters
.Pq Fa in No and Fa out
set to
.Dv NULL
and the length passed in the

.Fa inl


parameter.


.Pp
The following ctrls are supported in CCM mode:
.Bl -tag -width Ds
.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_TAG taglen tag
This call is made to set the expected CCM tag value when decrypting or
the length of the tag (with the
.Fa tag
parameter set to
.Dv NULL )
when encrypting.
The tag length is often referred to as M.
If not set, a default value is used (12 for AES).
.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_L ivlen NULL
Sets the CCM L value.
If not set, a default is used (8 for AES).
.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_IVLEN ivlen NULL
Sets the CCM nonce (IV) length: this call can only be made before
specifying an nonce value.
The nonce length is given by 15 - L so it is 7 by default for AES.
.El
.Sh EXAMPLES
Encrypt a string using blowfish:
.Bd -literal -offset 3n
int
do_crypt(char *outfile)
{
	unsigned char outbuf[1024];
	int outlen, tmplen;
	/*
	 * Bogus key and IV: we'd normally set these from
	 * another source.

	 */
	unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
	unsigned char iv[] = {1,2,3,4,5,6,7,8};
	const char intext[] = "Some Crypto Text";
	EVP_CIPHER_CTX ctx;
	FILE *out;
	EVP_CIPHER_CTX_init(&ctx);
	EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);

	if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,
	    strlen(intext))) {
		/* Error */
		return 0;
	}
	/*
	 * Buffer passed to EVP_EncryptFinal() must be after data just
	 * encrypted to avoid overwriting it.
	 */
	if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) {
		/* Error */
		return 0;
	}
	outlen += tmplen;
	EVP_CIPHER_CTX_cleanup(&ctx);
	/*
	 * Need binary mode for fopen because encrypted data is
	 * binary data. Also cannot use strlen() on it because
	 * it won't be NUL terminated and may contain embedded
	 * NULs.
	 */
	out = fopen(outfile, "wb");
	fwrite(outbuf, 1, outlen, out);
	fclose(out);
	return 1;
}
.Ed
.Pp
The ciphertext from the above example can be decrypted using the
.Xr openssl 1
utility with the command line:
.Bd -literal -offset indent
openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e
           -iv 0102030405060708 -d
.Ed
.Pp
General encryption, decryption function example using FILE I/O and RC2
with an 80-bit key:















.Bd -literal
int
do_crypt(FILE *in, FILE *out, int do_encrypt)
{
	/* Allow enough space in output buffer for additional block */
	inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
	int inlen, outlen;
	/*
	 * Bogus key and IV: we'd normally set these from
	 * another source.
	 */
	unsigned char key[] = "0123456789";
	unsigned char iv[] = "12345678";

	/* Don't set key or IV because we will modify the parameters */
	EVP_CIPHER_CTX_init(&ctx);
	EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
	EVP_CIPHER_CTX_set_key_length(&ctx, 10);
	/* We finished modifying parameters so now we can set key and IV */
	EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);

	for(;;) {
		inlen = fread(inbuf, 1, 1024, in);
		if (inlen <= 0)
			break;
		if (!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf,
		    inlen)) {
			/* Error */
			EVP_CIPHER_CTX_cleanup(&ctx);
			return 0;

		}
		fwrite(outbuf, 1, outlen, out);
	}
	if (!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) {
		/* Error */
		EVP_CIPHER_CTX_cleanup(&ctx);
		return 0;





	}
	fwrite(outbuf, 1, outlen, out);

	EVP_CIPHER_CTX_cleanup(&ctx);
	return 1;

}
.Ed
.Sh SEE ALSO

.Xr evp 3
.Sh HISTORY

.Fn EVP_CIPHER_CTX_init ,
.Fn EVP_EncryptInit_ex ,
.Fn EVP_EncryptFinal_ex ,
.Fn EVP_DecryptInit_ex ,
.Fn EVP_DecryptFinal_ex ,
.Fn EVP_CipherInit_ex ,
.Fn EVP_CipherFinal_ex ,
and
.Fn EVP_CIPHER_CTX_set_padding
appeared in OpenSSL 0.9.7.
.Sh BUGS
For RC5 the number of rounds can currently only be set to 8, 12 or 16.
This is a limitation of the current RC5 code rather than the EVP
interface.
.Pp
.Dv EVP_MAX_KEY_LENGTH
and
.Dv EVP_MAX_IV_LENGTH
only refer to the internal ciphers with default key lengths.
If custom ciphers exceed these values the results are unpredictable.
This is because it has become standard practice to define a generic key
as a fixed unsigned char array containing
.Dv EVP_MAX_KEY_LENGTH
bytes.
.Pp
The ASN.1 code is incomplete (and sometimes inaccurate).
It has only been tested for certain common S/MIME ciphers
(RC2, DES, triple DES) in CBC mode.
Changes to jni/libressl/man/EVP_OpenInit.3.
1

2
3
4
5
6
7
8


9
10
11

12
13



14
15




16




17
18
19
20
21
22


23
24
25
26

27
28
29
30

31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48


49
50
51
52
53
54

55
56

57
58
59
60
61
62
63
64


65

66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

96
97
























98
99
100
101
102
103
104
105
106
107
108
109
110

111



112


113

114
115

116

117
118
119
120

121
122
123

124
125

126
127
128
129
130
131

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..



.de Ve \" End verbatim text
.ft R




.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..

.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{


.            nr % 0

.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_OpenInit 3"
.TH EVP_OpenInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
\&                int ekl,unsigned char *iv,EVP_PKEY *priv);
\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\&         int *outl, unsigned char *in, int inl);
\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
\&         int *outl);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 envelope routines are a high level interface to envelope

decryption. They decrypt a public key encrypted symmetric key and
then decrypt data using it.
























.PP
\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption
with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length
\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR.
The \s-1IV\s0 is supplied in the \fBiv\fR parameter.
.PP
\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties
as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as
documented on the \fIEVP_EncryptInit\fR\|(3) manual
page.
.SH "NOTES"
.IX Header "NOTES"
It is possible to call \fIEVP_OpenInit()\fR twice in the same way as

\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0



and (after setting any cipher parameters) it should be called again


with \fBtype\fR set to \s-1NULL.\s0

.PP
If the cipher passed in the \fBtype\fR parameter is a variable length

cipher then the key length will be set to the value of the recovered

key length. If the cipher is a fixed length cipher then the recovered
key length must match the fixed cipher length.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the
recovered secret key size) if successful.
.PP

\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure.
.PP

\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIrand\fR\|(3),
\&\fIEVP_EncryptInit\fR\|(3),
\&\fIEVP_SealInit\fR\|(3)

|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
>
>
>
|
|
>
>
>
>
|
>
>
>
>
|
<
<
<
<
<
>
>
|
|
<
<
>
|
|
<
<
>
|
|
|
|
|
|
|
|
|
|
|
|
|

|
|
<
|
>
>
|
|
|
<
|
<
>
|
|
>
|
|
|
|
|
<
|
|
>
>
|
>
|
<
|
|
<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
|
|
|
|
<
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
|
<
|
<
<
<
<
<
|
>
|
>
>
>
|
>
>
|
>
|
|
>
|
>
|
|
|
<
>
|
|
|
>
|
|
>
|
|
<
|
|
|
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28





29
30
31
32


33
34
35


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

53
54
55
56
57
58

59

60
61
62
63
64
65
66
67
68

69
70
71
72
73
74
75

76
77


78
79














80

81
82
83
84

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113



114

115





116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144

145
146
147
148
.\"	$OpenBSD: EVP_OpenInit.3,v 1.5 2016/11/26 20:55:26 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"





.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project


.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 26 2016 $
.Dt EVP_OPENINIT 3

.Os
.Sh NAME
.Nm EVP_OpenInit ,
.Nm EVP_OpenUpdate ,
.Nm EVP_OpenFinal
.Nd EVP envelope decryption

.Sh SYNOPSIS

.In openssl/evp.h
.Ft int
.Fo EVP_OpenInit
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "EVP_CIPHER *type"
.Fa "unsigned char *ek"
.Fa "int ekl"
.Fa "unsigned char *iv"
.Fa "EVP_PKEY *priv"

.Fc
.Ft int
.Fo EVP_OpenUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "unsigned char *in"

.Fa "int inl"
.Fc


.Ft int
.Fo EVP_OpenFinal














.Fa "EVP_CIPHER_CTX *ctx"

.Fa "unsigned char *out"
.Fa "int *outl"
.Fc
.Sh DESCRIPTION

The EVP envelope routines are a high level interface to envelope
decryption.
They decrypt a public key encrypted symmetric key and then decrypt data
using it.
.Pp
.Fn EVP_OpenInit
initializes a cipher context
.Fa ctx
for decryption with cipher
.Fa type .
It decrypts the encrypted symmetric key of length
.Fa ekl
bytes passed in the
.Fa ek
parameter using the private key
.Fa priv .
The IV is supplied in the
.Fa iv
parameter.
.Pp
.Fn EVP_OpenUpdate
and
.Fn EVP_OpenFinal
have exactly the same properties as the
.Xr EVP_DecryptUpdate 3
and
.Xr EVP_DecryptFinal 3
routines.
.Pp



It is possible to call

.Fn EVP_OpenInit





twice in the same way as
.Xr EVP_DecryptInit 3 .
The first call should have
.Fa priv
set to
.Dv NULL
and (after setting any cipher parameters) it should be
called again with
.Fa type
set to
.Dv NULL .
.Pp
If the cipher passed in the
.Fa type
parameter is a variable length cipher then the key length will be set to
the value of the recovered key length.
If the cipher is a fixed length cipher then the recovered key length
must match the fixed cipher length.
.Sh RETURN VALUES

.Fn EVP_OpenInit
returns 0 on error or a non-zero integer (actually the recovered secret
key size) if successful.
.Pp
.Fn EVP_OpenUpdate
returns 1 for success or 0 for failure.
.Pp
.Fn EVP_OpenFinal
returns 0 if the decrypt failed or 1 for success.
.Sh SEE ALSO

.Xr evp 3 ,
.Xr EVP_EncryptInit 3 ,
.Xr EVP_SealInit 3 ,
.Xr RAND_bytes 3
Changes to jni/libressl/man/EVP_PKEY_CTX_ctrl.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15




16




17
18
19
20
21
22


23
24
25
26



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47












48







49
50
51








52





53
54
55
56
57
58
59
60

61
62

63

64
65
66
67
68

69
70
71



72

73
74
75
76
77
78









79
80
81
82
83





84




85
86
87
88
89
90
91

92
93
94
95
96
97
98


99
100
101
102









103
104
105
106
107

108

109
110
111
112
113
114
115
116
117
118
119
120





121
122
123
124
125
126
127
128
129
130
131

132

133






134
135
136
137


138
139
140
141

142




143



144



145

146

147
148
149


150
151

152

153






154
155
156
157
158
159


160
161

162
163

164
165
166

167


168
169

170


171


172

173
174

175
176


177

178


179
180
181

182


183

184

185
186


187
188
189

190
191

192
193
194
195


196

197
198
199
200
201
202
203
204
205
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R




.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\



.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '












.\"







.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the








.\" output yourself in some meaningful fashion.





.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{

.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}

.\}
.rr rF
.\" ========================================================================



.\"

.IX Title "EVP_PKEY_CTX_ctrl 3"
.TH EVP_PKEY_CTX_ctrl 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh









.SH "NAME"
EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_get_default_digest_nid,
EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding,
EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits,
EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits,





EVP_PKEY_CTX_set_dh_paramgen_prime_len,




EVP_PKEY_CTX_set_dh_paramgen_generator,
EVP_PKEY_CTX_set_ec_paramgen_curve_nid \- algorithm specific control operations
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&

\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
\&                                int cmd, int p1, void *p2);
\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
\&                                                const char *value);
\&
\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
\&


\& #include <openssl/rsa.h>
\&
\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
\&









\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
\& int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
\&

\& #include <openssl/dsa.h>

\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
\&
\& #include <openssl/dh.h>
\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
\&
\& #include <openssl/ec.h>
\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context





\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter
\&\fBoptype\fR is a mask indicating which operations the control can be applied to.
The control command is indicated in \fBcmd\fR and any additional arguments in
\&\fBp1\fR and \fBp2\fR.
.PP
Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will
instead call one of the algorithm specific macros below.
.PP
The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm
specific control operation to a context \fBctx\fR in string form. This is
intended to be used for options specified on the command line or in text

files. The commands supported are documented in the openssl utility

command line pages for the option \fB\-pkeyopt\fR which is supported by the






\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands.
.PP
All the remaining \*(L"functions\*(R" are implemented as macros.
.PP


The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used
in a signature. It can be used with any public key algorithm supporting
signature operations.
.PP

The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR.




The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 padding,



\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding,



\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only),

\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and

\&\s-1RSA_PKCS1_PSS_PADDING \s0(sign and verify only).
.PP
Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR is


used. If this macro is called for PKCS#1 padding the plaintext buffer is an
actual digest value and is encapsulated in a DigestInfo structure according to

PKCS#1 when signing and this structure is expected (and stripped off) when

verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the






supplied data is used directly and not encapsulated. In the case of X9.31
padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed
if this control is called. If it is not called then the first byte of the
plaintext buffer is expected to be the algorithm identifier byte.
.PP
The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to


\&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding.  Two special
values are supported: \-1 sets the salt length to the digest length. When

signing \-2 sets the salt length to the maximum permissible value. When
verifying \-2 causes the salt length to be automatically determined based on the

\&\fB\s-1PSS\s0\fR block structure. If this macro is not called a salt length value of \-2
is used by default.
.PP

The \fIEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for


\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used.
.PP

The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value


for \s-1RSA\s0 key generation to \fBpubexp\fR currently it should be an odd integer. The


\&\fBpubexp\fR pointer is used internally by this function so it should not be

modified or free after the call. If this macro is not called then 65537 is used.
.PP

The macro \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used
for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used.


.PP

The macro \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0


prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called
then 1024 is used.
.PP

The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR


for \s-1DH\s0 parameter generation. If not specified 2 is used.

.PP

The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter
generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called


or an error occurs because there is no default curve.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0
or a negative value for failure. In particular a return value of \-2

indicates the operation is not supported by the public key algorithm.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),


\&\fIEVP_PKEY_encrypt\fR\|(3),

\&\fIEVP_PKEY_decrypt\fR\|(3),
\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
\&\fIEVP_PKEY_keygen\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
|
>
>
>
>
|
>
>
>
>
|
<
<
<
<
<
>
>
|
|
<
<
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<

<
<
<
>
>
>
>
>
>
>
>
>
>
>
>

>
>
>
>
>
>
>
|
|
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
|
|
<
|
<
<
<
|
>
|
|
>
|
>
|
<
<
|
|
>
|
|
<
>
>
>
|
>
|
|
<
<
|
|
>
>
>
>
>
>
>
>
>
|
<
|
|
|
>
>
>
>
>
|
>
>
>
>
|
|
|
<
|
|
<
>
|
<
|
<
<
|
<
>
>
|
<
|
<
>
>
>
>
>
>
>
>
>
|
|
|
|
<
>
|
>
|
<
|
|
<
<
<
<
|
<
<
|
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
|
>
|
>
|
>
>
>
>
>
>
|
|
|
|
>
>
|
|
|
|
>
|
>
>
>
>
|
>
>
>
|
>
>
>
|
>
|
>
|
|
|
>
>
|
|
>
|
>
|
>
>
>
>
>
>
|
<
<
<
<
|
>
>
|
|
>
|
|
>
|
|
|
>
|
>
>
|
|
>
|
>
>
|
>
>
|
>
|
|
>
|
|
>
>
|
>
|
>
>
|
|
|
>
|
>
>
|
>
|
>
|
|
>
>
|
|
<
>
|
|
>
|
|
<
|
>
>
|
>
|
|
|
|
<
<
|
<

1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29





30
31
32
33


34
35
36














37


38



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78



79
80
81
82
83
84
85
86


87
88
89
90
91

92
93
94
95
96
97
98


99
100
101
102
103
104
105
106
107
108
109
110

111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

127
128

129
130

131


132

133
134
135

136

137
138
139
140
141
142
143
144
145
146
147
148
149

150
151
152
153

154
155




156


157
158
159
160
161
162










163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219




220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275

276
277
278
279
280
281

282
283
284
285
286
287
288
289
290


291

292
.\"	$OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL e03af178 Dec 11 17:05:57 2014 -0500
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013, 2014, 2015 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"





.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project














.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt EVP_PKEY_CTX_CTRL 3
.Os
.Sh NAME
.Nm EVP_PKEY_CTX_ctrl ,
.Nm EVP_PKEY_CTX_ctrl_str ,
.Nm EVP_PKEY_CTX_set_signature_md ,
.Nm EVP_PKEY_CTX_set_rsa_padding ,
.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
.Nm EVP_PKEY_CTX_set_rsa_rsa_keygen_bits ,
.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits ,
.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len ,
.Nm EVP_PKEY_CTX_set_dh_paramgen_generator ,
.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid
.Nd algorithm specific control operations
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_CTX_ctrl
.Fa "EVP_PKEY_CTX *ctx"
.Fa "int keytype"
.Fa "int optype"
.Fa "int cmd"
.Fa "int p1"
.Fa "void *p2"

.Fc



.Ft int
.Fo EVP_PKEY_CTX_ctrl_str
.Fa "EVP_PKEY_CTX *ctx"
.Fa "const char *type"
.Fa "const char *value"
.Fc
.In openssl/rsa.h
.Ft int


.Fo EVP_PKEY_CTX_set_signature_md
.Fa "EVP_PKEY_CTX *ctx"
.Fa "const EVP_MD *md"
.Fc
.Ft int

.Fo EVP_PKEY_CTX_set_rsa_padding
.Fa "EVP_PKEY_CTX *ctx"
.Fa "int pad"
.Fc
.Ft int
.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
.Fa "EVP_PKEY_CTX *ctx"


.Fa "int len"
.Fc
.Ft int
.Fo EVP_PKEY_CTX_set_rsa_rsa_keygen_bits
.Fa "EVP_PKEY_CTX *ctx"
.Fa "int mbits"
.Fc
.Ft int
.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
.Fa "EVP_PKEY_CTX *ctx"
.Fa "BIGNUM *pubexp"
.Fc

.In openssl/dsa.h
.Ft int
.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits
.Fa "EVP_PKEY_CTX *ctx"
.Fa "int nbits"
.Fc
.In openssl/dh.h
.Ft int
.Fo EVP_PKEY_CTX_set_dh_paramgen_prime_len
.Fa "EVP_PKEY_CTX *ctx"
.Fa "int len"
.Fc
.Ft int
.Fo EVP_PKEY_CTX_set_dh_paramgen_generator
.Fa "EVP_PKEY_CTX *ctx"
.Fa "int gen"

.Fc
.In openssl/ec.h

.Ft int
.Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid

.Fa "EVP_PKEY_CTX *ctx"


.Fa "int nid"

.Fc
.Sh DESCRIPTION
The function

.Fn EVP_PKEY_CTX_ctrl

sends a control operation to the context
.Fa ctx .
The key type used must match
.Fa keytype
if it is not -1.
The parameter
.Fa optype
is a mask indicating which operations the control can be applied to.
The control command is indicated in
.Fa cmd
and any additional arguments in
.Fa p1
and

.Fa p2 .
.Pp
Applications will not normally call
.Fn EVP_PKEY_CTX_ctrl

directly but will instead call one of the algorithm specific macros
below.




.Pp


The function
.Fn EVP_PKEY_CTX_ctrl_str
allows an application to send an algorithm specific control operation to
a context
.Fa ctx
in string form.










This is intended to be used for options specified on the command line or
in text files.
The commands supported are documented in the
.Xr openssl 1
utility command line pages for the option
.Fl pkeyopt
which is supported by the
.Cm pkeyutl ,
.Cm genpkey ,
and
.Cm req
commands.
.Pp
All the remaining "functions" are implemented as macros.
.Pp
The
.Fn EVP_PKEY_CTX_set_signature_md
macro sets the message digest type used in a signature.
It can be used with any public key algorithm supporting signature
operations.
.Pp
The macro
.Fn EVP_PKEY_CTX_set_rsa_padding
sets the RSA padding mode for
.Fa ctx .
The
.Fa pad
parameter can take the value
.Dv RSA_PKCS1_PADDING
for PKCS#1 padding,
.Dv RSA_SSLV23_PADDING
for SSLv23 padding,
.Dv RSA_NO_PADDING
for no padding,
.Dv RSA_PKCS1_OAEP_PADDING
for OAEP padding (encrypt and decrypt only),
.Dv RSA_X931_PADDING
for X9.31 padding (signature operations only) and
.Dv RSA_PKCS1_PSS_PADDING
(sign and verify only).
.Pp
Two RSA padding modes behave differently if
.Fn EVP_PKEY_CTX_set_signature_md
is used.
If this macro is called for PKCS#1 padding, the plaintext buffer is an
actual digest value and is encapsulated in a
.Vt DigestInfo
structure according to PKCS#1 when signing and this structure is
expected (and stripped off) when verifying.
If this control is not used with RSA and PKCS#1 padding then the
supplied data is used directly and not encapsulated.
In the case of X9.31 padding for RSA the algorithm identifier byte is
added or checked and removed if this control is called.
If it is not called then the first byte of the plaintext buffer is
expected to be the algorithm identifier byte.
.Pp
The




.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
macro sets the RSA PSS salt length to
.Fa len .
As its name implies, it is only supported for PSS padding.
Two special values are supported: -1 sets the salt length to the digest
length.
When signing -2 sets the salt length to the maximum permissible value.
When verifying -2 causes the salt length to be automatically determined
based on the PSS block structure.
If this macro is not called a salt length value of -2 is used by
default.
.Pp
The
.Fn EVP_PKEY_CTX_set_rsa_rsa_keygen_bits
macro sets the RSA key length for RSA key generation to
.Fa mbits .
If not specified, 1024 bits is used.
.Pp
The
.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
macro sets the public exponent value for RSA key generation to
.Fa pubexp .
Currently, it should be an odd integer.
The
.Fa pubexp
pointer is used internally by this function, so it should not be modified
or freed after the call.
If this macro is not called, then 65537 is used.
.Pp
The macro
.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits
sets the number of bits used for DSA parameter generation to
.Fa nbits .
If not specified, 1024 is used.
.Pp
The macro
.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len
sets the length of the DH prime parameter
.Fa len
for DH parameter generation.
If this macro is not called, then 1024 is used.
.Pp
The
.Fn EVP_PKEY_CTX_set_dh_paramgen_generator
macro sets DH generator to
.Fa gen
for DH parameter generation.
If not specified, 2 is used.
.Pp
The
.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid
sets the EC curve for EC parameter generation to
.Fa nid .
For EC parameter generation, this macro must be called or an error occurs
because there is no default curve.
.Sh RETURN VALUES

.Fn EVP_PKEY_CTX_ctrl
and its macros return a positive value for success and 0 or a negative
value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_get_default_digest_nid 3 ,
.Xr EVP_PKEY_keygen 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3


.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_CTX_new.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30



31
32
33
34
35
36
37
38
39
40
41
42
43
44










45
46
47
48

49
50
51
52
53



54


55





56
57
58
59


60
61
62

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

80
81


82
83
84
85
86
87


88
89
90
91
92
93
94
95
96
97



98

99
100
101

102

103

104
105
106
107
108
109
110


111
112

113


114
115
116



117
118
119
120
121
122










.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch



.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"










.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"



.\" Avoid warning from groff about undefined register 'F'.


.de IX





..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{


.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_new 3"
.TH EVP_PKEY_CTX_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"

EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \-
public key algorithm context functions.


.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);


\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using
the algorithm specified in \fBpkey\fR and \s-1ENGINE \s0\fBe\fR.
.PP
The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context



using the algorithm specified by \fBid\fR and \s-1ENGINE \s0\fBe\fR. It is normally used

when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example
during parameter generation of key generation for some algorithms.
.PP

\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR.

.PP

\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR.
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used
by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between
threads: that is it is not permissible to use the same context simultaneously
in two threads.


.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either


the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred.
.PP
\&\fIEVP_PKEY_CTX_free()\fR does not return a value.



.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.










|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
>
>
>
|
|
<
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
>
>
|
|
<

>
|
<
<
<
|
>
>
>
|
>
>
|
>
>
>
>
>
|
<
<
<
>
>
|
<
<
>
|
<
|
|
|
<
|
<
<
|
|
|
<
<
<
|
|
>
|
|
>
>
|
<
|
|
<
<
>
>
|
<
<
<
<
<
|
|
|
<
>
>
>
|
>
|
|
|
>
|
>
|
>
|
|
|
<
<
|
|
>
>
|
<
>
|
>
>
|
<
|
>
>
>
|
<
|
|
<

>
>
>
>
>
>
>
>
>
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35








36


37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52



53
54
55
56
57
58
59
60
61
62
63
64
65
66



67
68
69


70
71

72
73
74

75


76
77
78



79
80
81
82
83
84
85
86

87
88


89
90
91





92
93
94

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110


111
112
113
114
115

116
117
118
119
120

121
122
123
124
125

126
127

128
129
130
131
132
133
134
135
136
137
138
.\"	$OpenBSD: EVP_PKEY_CTX_new.3,v 1.4 2016/11/27 15:22:00 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2015 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project








.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_CTX_NEW 3



.Os
.Sh NAME
.Nm EVP_PKEY_CTX_new ,
.Nm EVP_PKEY_CTX_new_id ,
.Nm EVP_PKEY_CTX_dup ,
.Nm EVP_PKEY_CTX_free
.Nd public key algorithm context functions
.Sh SYNOPSIS
.In openssl/evp.h
.Ft EVP_PKEY_CTX *
.Fo EVP_PKEY_CTX_new
.Fa "EVP_PKEY *pkey"
.Fa "ENGINE *e"
.Fc



.Ft EVP_PKEY_CTX *
.Fo EVP_PKEY_CTX_new_id
.Fa "int id"


.Fa "ENGINE *e"
.Fc

.Ft EVP_PKEY_CTX *
.Fo EVP_PKEY_CTX_dup
.Fa "EVP_PKEY_CTX *ctx"

.Fc


.Ft void
.Fo EVP_PKEY_CTX_free
.Fa "EVP_PKEY_CTX *ctx"



.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_CTX_new
function allocates a public key algorithm context using the algorithm
specified in
.Fa pkey
and the

.Vt ENGINE
.Fa e .


.Pp
The
.Fn EVP_PKEY_CTX_new_id





function allocates a public key algorithm context using the algorithm
specified by
.Fa id

and
.Vt ENGINE
.Fa e .
It is normally used when no
.Vt EVP_PKEY
structure is associated with the operations, for example during
parameter generation of key generation for some algorithms.
.Pp
.Fn EVP_PKEY_CTX_dup
duplicates the context
.Fa ctx .
.Pp
.Fn EVP_PKEY_CTX_free
frees up the context
.Fa ctx .
If


.Fa ctx
is a
.Dv NULL
pointer, no action occurs.
.Sh RETURN VALUES

.Fn EVP_PKEY_CTX_new ,
.Fn EVP_PKEY_CTX_new_id ,
and
.Fn EVP_PKEY_CTX_dup
return either the newly allocated

.Vt EVP_PKEY_CTX
structure or
.Dv NULL
if an error occurred.
.Sh SEE ALSO

.Xr EVP_PKEY_new 3
.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
.Sh CAVEATS
The
.Vt EVP_PKEY_CTX
structure is an opaque public key algorithm context used by the OpenSSL
high level public key API.
Contexts
.Sy MUST NOT
be shared between threads.
It is not permissible to use the same context simultaneously in two
threads.
Changes to jni/libressl/man/EVP_PKEY_cmp.3.





1












2
3
4
5
6
7
8

9
10
11
12
13

14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44






45
46
47
48
49
50
51
52
53
54


55
56
57
58
59




60
61
62


63
64
65
66
67
68

69

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

95


96
97
98


99

100



101


102

103








104
105
106
107
108
109



110
111
112
113
114


115
116
117
118

119


120
121
122

123
124
125

126


127
128
129
130
131
132





.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)












.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..

.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"






.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{




.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}

.\}

.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_cmp 3"
.TH EVP_PKEY_cmp 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters,
EVP_PKEY_cmp \- public key parameter and comparison functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
\&
\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key


parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm
doesn't use parameters.
.PP


The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key

\&\fBfrom\fR to key \fBto\fR.



.PP


The function \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys

\&\fBa\fR and \fBb\fR.








.PP
The function \fIEVP_PKEY_cmp()\fR compares the public key components and parameters
(if present) of keys \fBa\fR and \fBb\fR.
.SH "NOTES"
.IX Header "NOTES"
The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and



\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the
parameters are sometimes omitted from a public key if they are inherited from
the \s-1CA\s0 that signed it.
.PP
Since OpenSSL private keys contain public key components too the function


\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches
a public key.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key


parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm
doesn't use parameters.
.PP

These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for
failure.
.PP

The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the


keys match, 0 if they don't match, \-1 if the key types are different and
\&\-2 if the operation is not supported.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_keygen\fR\|(3)
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
<
|
>
|
|
|
<
|
>
|
|
<
|
<
<
<
<
<
<
<
<
<
<
>
|
<
<
|
<
<
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
|
|
|
|
|
<
<
|

<
>
>
|
|
|
|
|
>
>
>
>
|
<
<
>
>
|
|
<
<
<
<
>
|
>
|
<
|
|
|
<
<
<
<
<
<
|
<
<
|
|
<
|
<
<
|
|
|
|
<
>
|
>
>
|
|
|
>
>
|
>
|
>
>
>
|
>
>
|
>
|
>
>
>
>
>
>
>
>
|
<
<
<
<
|
>
>
>
|
|
|
|
|
>
>
|
<
|
<
>
|
>
>
|
|
|
>
|
|
|
>
|
>
>
|
|
|
<
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

24
25
26
27
28

29
30
31
32

33










34
35


36









37


38
39
40
41
42
43
44
45
46
47
48
49


50
51

52
53
54
55
56
57
58
59
60
61
62
63


64
65
66
67




68
69
70
71

72
73
74






75


76
77

78


79
80
81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112




113
114
115
116
117
118
119
120
121
122
123
124

125

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

144
145
.\"	$OpenBSD: EVP_PKEY_cmp.3,v 1.4 2016/11/27 15:22:39 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2013, 2014, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"










.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:


.\"    "This product includes software developed by the OpenSSL Project









.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_CMP 3
.Os
.Sh NAME
.Nm EVP_PKEY_missing_parameters ,
.Nm EVP_PKEY_copy_parameters ,
.Nm EVP_PKEY_cmp_parameters ,
.Nm EVP_PKEY_cmp
.Nd public key parameter and comparison functions
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int


.Fo EVP_PKEY_missing_parameters
.Fa "const EVP_PKEY *pkey"
.Fc
.Ft int




.Fo EVP_PKEY_copy_parameters
.Fa "EVP_PKEY *to"
.Fa "const EVP_PKEY *from"
.Fc

.Ft int
.Fo EVP_PKEY_cmp_parameters
.Fa "const EVP_PKEY *a"






.Fa "const EVP_PKEY *b"


.Fc
.Ft int

.Fo EVP_PKEY_cmp


.Fa "const EVP_PKEY *a"
.Fa "const EVP_PKEY *b"
.Fc
.Sh DESCRIPTION

The function
.Fn EVP_PKEY_missing_parameters
returns 1 if the public key parameters of
.Fa pkey
are missing and 0 if they are present or the algorithm doesn't use
parameters.
.Pp
The function
.Fn EVP_PKEY_copy_parameters
copies the parameters from key
.Fa from
to key
.Fa to .
An error is returned if the parameters are missing in
.Fa from .
.Pp
The function
.Fn EVP_PKEY_cmp_parameters
compares the parameters of keys
.Fa a
and
.Fa b .
.Pp
The function
.Fn EVP_PKEY_cmp
compares the public key components and parameters (if present) of keys
.Fa a
and
.Fa b .
.Pp




The main purpose of the functions
.Fn EVP_PKEY_missing_parameters
and
.Fn EVP_PKEY_copy_parameters
is to handle public keys in certificates where the parameters are
sometimes omitted from a public key if they are inherited from the CA
that signed it.
.Pp
Since OpenSSL private keys contain public key components too, the
function
.Fn EVP_PKEY_cmp
can also be used to determine if a private key matches a public key.

.Sh RETURN VALUES

The function
.Fn EVP_PKEY_missing_parameters
returns 1 if the public key parameters of
.Fa pkey
are missing and 0 if they are present or the algorithm doesn't use
parameters.
.Pp
The function
.Fn EVP_PKEY_copy_parameters
returns 1 for success and 0 for failure.
.Pp
The functions
.Fn EVP_PKEY_cmp_parameters
and
.Fn EVP_PKEY_cmp
return 1 if the keys match, 0 if they don't match, -1 if the key types
are different and -2 if the operation is not supported.
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_keygen 3
Changes to jni/libressl/man/EVP_PKEY_decrypt.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32

33
34
35
36
37

38
39
40
41




42
43
44
45
46
47
48
49
50
51
52
53
54
55


56
57



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72


73


74
75
76
77
78
79
80
81
82

83
84
85
86
87






88
89
90
91







92
93
94
95
96
97
98
99
100
101
102

103
104
105
106
107

108


109
110
111
112
113


114

115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`




.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0



.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"


.IX Title "EVP_PKEY_decrypt 3"


.TH EVP_PKEY_decrypt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,






\&                        unsigned char *out, size_t *outlen,
\&                        const unsigned char *in, size_t inlen);
.Ve
.SH "DESCRIPTION"







.IX Header "DESCRIPTION"
The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm
context using key \fBpkey\fR for a decryption operation.
.PP
The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation
using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and
\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then
before the call the \fBoutlen\fR parameter should contain the length of the
\&\fBout\fR buffer, if the call is successful the decrypted data is written to
\&\fBout\fR and the amount of data written to \fBoutlen\fR.

.SH "NOTES"
.IX Header "NOTES"
After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control
operations can be performed to set any appropriate parameters for the
operation.

.PP


The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same
context if several operations are performed using the same parameters.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0


or a negative value for failure. In particular a return value of \-2

indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Decrypt data using \s-1OAEP \s0(for \s-1RSA\s0 keys):
.PP
.Vb 2
\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&
\& EVP_PKEY_CTX *ctx;
\& unsigned char *out, *in;
\& size_t outlen, inlen;
\& EVP_PKEY *key;
\& /* NB: assumes key in, inlen are already set up
\&  * and that key is an RSA private key
\&  */
\& ctx = EVP_PKEY_CTX_new(key);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_decrypt_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
\&        /* Error */
\&
\& /* Determine buffer length */
\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
\&        /* Error */
\&
\& out = malloc(outlen);
\&
\& if (!out)
\&        /* malloc failure */
\&
\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
\&        /* Error */
\&
\& /* Decrypted data is outlen bytes written to buffer out */
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),

\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
<
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
<
<
<
|

<
<
>
>
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
>
>
|
>
>
|
<
<
|
|
<
|
|
|
>
|
|
<
<
|
>
>
>
>
>
>
|
<
|
|
>
>
>
>
>
>
>
|
<
|
|
<
<
<
<
<
<
|
>
|
|
|
|
<
>
|
>
>
|
|
|
<
|
>
>
|
>
|
|
<
|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
>
|
|
|
|
<
|
<

1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27
28
29
30
31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48



49
50


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

71
72
73
74
75
76
77


78
79

80
81
82
83
84
85


86
87
88
89
90
91
92
93

94
95
96
97
98
99
100
101
102
103

104
105






106
107
108
109
110
111

112
113
114
115
116
117
118

119
120
121
122
123
124
125

126
127

128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

161
162
163
164
165
166

167

168
.\"	$OpenBSD: EVP_PKEY_decrypt.3,v 1.4 2016/11/27 15:27:19 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED



.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_DECRYPT 3
.Os
.Sh NAME
.Nm EVP_PKEY_decrypt_init ,
.Nm EVP_PKEY_decrypt
.Nd decrypt using a public key algorithm
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_decrypt_init
.Fa "EVP_PKEY_CTX *ctx"
.Fc
.Ft int
.Fo EVP_PKEY_decrypt
.Fa "EVP_PKEY_CTX *ctx"
.Fa "unsigned char *out"
.Fa "size_t *outlen"
.Fa "const unsigned char *in"
.Fa "size_t inlen"

.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_decrypt_init
function initializes a public key algorithm context using key
.Fa ctx->pkey
for a decryption operation.


.Pp
The

.Fn EVP_PKEY_decrypt
function performs a public key decryption operation using
.Fa ctx .
The data to be decrypted is specified using the
.Fa in
and


.Fa inlen
parameters.
If
.Fa out
is
.Dv NULL
then the maximum size of the output buffer is written to the
.Fa outlen

parameter.
If
.Fa out
is not
.Dv NULL
then before the call the
.Fa outlen
parameter should contain the length of the
.Fa out
buffer.

If the call is successful the decrypted data is written to
.Fa out






and the amount of data written to
.Fa outlen .
.Pp
After the call to
.Fn EVP_PKEY_decrypt_init ,
algorithm specific control operations can be performed to set any

appropriate parameters for the operation.
.Pp
The function
.Fn EVP_PKEY_decrypt
can be called more than once on the same context if several operations
are performed using the same parameters.
.Sh RETURN VALUES

.Fn EVP_PKEY_decrypt_init
and
.Fn EVP_PKEY_decrypt
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES

Decrypt data using OAEP (for RSA keys):
.Bd -literal -offset indent

#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
/* NB: assumes key in, inlen are already set up
 * and that key is an RSA private key
 */
ctx = EVP_PKEY_CTX_new(key);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_decrypt_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
	/* Error */

/* Determine buffer length */
if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
	/* Error */

out = malloc(outlen);

if (!out)
	/* malloc failure */

if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
	/* Error */

/* Decrypted data is outlen bytes written to buffer out */
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3

.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_derive.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22



23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49
50
51








52
53
54
55


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

90
91

92
93

94
95


96
97
98


99





100






101

102




103
104
105
106
107
108
109

110


111
112
113
114

115
116

117
118
119
120
121
122

123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,



.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the








.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_derive 3"
.TH EVP_PKEY_derive 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public
key algorithm shared secret.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);

.Ve
.SH "DESCRIPTION"

.IX Header "DESCRIPTION"
The \fIEVP_PKEY_derive_init()\fR function initializes a public key algorithm

context using key \fBpkey\fR for shared secret derivation.
.PP


The \fIEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally
be a public key.
.PP


The \fIEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR.





If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to






the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the

\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call




is successful the shared secret is written to \fBkey\fR and the amount of data
written to \fBkeylen\fR.
.SH "NOTES"
.IX Header "NOTES"
After the call to \fIEVP_PKEY_derive_init()\fR algorithm specific control
operations can be performed to set any appropriate parameters for the
operation.

.PP


The function \fIEVP_PKEY_derive()\fR can be called more than once on the same
context if several operations are performed using the same parameters.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 for success and 0
or a negative value for failure. In particular a return value of \-2

indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys):
.PP
.Vb 2

\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&
\& EVP_PKEY_CTX *ctx;
\& unsigned char *skey;
\& size_t skeylen;
\& EVP_PKEY *pkey, *peerkey;
\& /* NB: assumes pkey, peerkey have been already set up */
\&
\& ctx = EVP_PKEY_CTX_new(pkey);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_derive_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
\&        /* Error */
\&
\& /* Determine buffer length */
\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
\&        /* Error */
\&
\& skey = malloc(skeylen);
\&
\& if (!skey)
\&        /* malloc failure */
\&
\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
\&        /* Error */
\&
\& /* Shared secret is skey bytes written to buffer skey */
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),
\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

<
|
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
>
|
|
|
|
|
|
<
<
|
>
|
|
|
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

|
|
|
>
>
>
>
>
>
>
>
|

<
<
>
>
|
<
<
<
<
<
<
|
<
<
|
|
|
|
|
|
|
|
|
<
<
<
|
|
|
<
|
|
|
|
<
|
|
|
>
|
|
>
|
|
>
|
|
>
>
|
<
|
>
>
|
>
>
>
>
>
|
>
>
>
>
>
>
|
>
|
>
>
>
>
|
|
|
|
|
|
<
>
|
>
>
|
|
|
|
>
|
|
>
|
|
<
|
<
<
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
|
|
|
|
<

1
2
3

4
5


6



7
8
9
10



11
12
13





14
15
16
17
18
19
20
21
22


23
24
25
26
27
28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53






54


55
56
57
58
59
60
61
62
63



64
65
66

67
68
69
70

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
123
124
125
126
127
128

129


130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

163
164
165
166
167
168
169

170
.\"	$OpenBSD: EVP_PKEY_derive.3,v 1.4 2016/11/27 15:27:19 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_DERIVE 3
.Os






.Sh NAME


.Nm EVP_PKEY_derive_init ,
.Nm EVP_PKEY_derive_set_peer ,
.Nm EVP_PKEY_derive
.Nd derive public key algorithm shared secret
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_derive_init
.Fa "EVP_PKEY_CTX *ctx"



.Fc
.Ft int
.Fo EVP_PKEY_derive_set_peer

.Fa "EVP_PKEY_CTX *ctx"
.Fa "EVP_PKEY *peer"
.Fc
.Ft int

.Fo EVP_PKEY_derive
.Fa "EVP_PKEY_CTX *ctx"
.Fa "unsigned char *key"
.Fa "size_t *keylen"
.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_derive_init
function initializes a public key algorithm context using key
.Fa ctx->pkey
for shared secret derivation.
.Pp
The
.Fn EVP_PKEY_derive_set_peer
function sets the peer key: this will normally be a public key.

.Pp
The
.Fn EVP_PKEY_derive
function derives a shared secret using
.Fa ctx .
If
.Fa key
is
.Dv NULL ,
then the maximum size of the output buffer is written to the
.Fa keylen
parameter.
If
.Fa key
is not
.Dv NULL
then before the call the
.Fa keylen
parameter should contain the length of the
.Fa key
buffer.
If the call is successful, the shared secret is written to
.Fa key
and the amount of data written to
.Fa keylen .
.Pp
After the call to
.Fn EVP_PKEY_derive_init ,
algorithm specific control operations can be performed to set any

appropriate parameters for the operation.
.Pp
The function
.Fn EVP_PKEY_derive
can be called more than once on the same context if several operations
are performed using the same parameters.
.Sh RETURN VALUES
.Fn EVP_PKEY_derive_init
and
.Fn EVP_PKEY_derive
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES

Derive shared secret (for example DH or EC keys):


.Bd -literal -offset indent
#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
unsigned char *skey;
size_t skeylen;
EVP_PKEY *pkey, *peerkey;
/* NB: assumes pkey, peerkey have been already set up */

ctx = EVP_PKEY_CTX_new(pkey);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_derive_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
	/* Error */

/* Determine buffer length */
if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
	/* Error */

skey = malloc(skeylen);

if (!skey)
	/* malloc failure */

if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
	/* Error */

/* Shared secret is skey bytes written to buffer skey */
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3
.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_encrypt.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21

22
23
24
25
26

27
28
29
30
31
32

33
34
35
36
37
38

39
40
41
42
43






44
45
46
47
48
49
50
51
52
53
54
55


56
57



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73







74
75
76



77
78
79
80



81


82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

99






100


101

102

103
104
105
106
107
108


109
110
111
112
113


114

115
116
117
118
119
120
121









122

123
124

125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142




143
144
145
146
147
148
149
150
151
152
153
154
155
156

157
158
159
160
161
162
163
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and

.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p

.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}






.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0



.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "EVP_PKEY_encrypt 3"







.TH EVP_PKEY_encrypt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.



.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm



.SH "SYNOPSIS"


.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
\&                        unsigned char *out, size_t *outlen,
\&                        const unsigned char *in, size_t inlen);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm
context using key \fBpkey\fR for an encryption operation.
.PP
The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation
using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and
\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output

buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then






before the call the \fBoutlen\fR parameter should contain the length of the


\&\fBout\fR buffer, if the call is successful the encrypted data is written to

\&\fBout\fR and the amount of data written to \fBoutlen\fR.

.SH "NOTES"
.IX Header "NOTES"
After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control
operations can be performed to set any appropriate parameters for the
operation.
.PP


The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same
context if several operations are performed using the same parameters.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0


or a negative value for failure. In particular a return value of \-2

indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Encrypt data using \s-1OAEP \s0(for \s-1RSA\s0 keys):
.PP
.Vb 2
\& #include <openssl/evp.h>









\& #include <openssl/rsa.h>

\&
\& EVP_PKEY_CTX *ctx;

\& unsigned char *out, *in;
\& size_t outlen, inlen;
\& EVP_PKEY *key;
\& /* NB: assumes key in, inlen are already set up
\&  * and that key is an RSA public key
\&  */
\& ctx = EVP_PKEY_CTX_new(key);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_encrypt_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
\&        /* Error */
\&
\& /* Determine buffer length */
\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
\&        /* Error */
\&




\& out = malloc(outlen);
\&
\& if (!out)
\&        /* malloc failure */
\&
\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
\&        /* Error */
\&
\& /* Encrypted data is outlen bytes written to buffer out */
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),

\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
>
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
<
<
>
|
|
|
<
|
>
>
>
>
>
>
|
|
|
|
|
<
<
<
|

<
<
>
>
|
|
>
>
>
|
|
|
|
|
|
<
<
<
<
<
|
<
<
<
>
|
>
>
>
>
>
>
>
|
<
<
>
>
>
|
|
<
|
>
>
>
|
>
>
|
>
|
|
<
<
<
<
<
|
<
<
<
<
<
<
<
|
>
|
>
>
>
>
>
>
|
>
>
|
>
|
>
|
|
|
|
|
|
>
>
|
|
|
<
|
>
>
|
>
|
|
<
|
<
|
<
>
>
>
>
>
>
>
>
>
|
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
<
<
<
<
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
<
|
|
>
|
|
|
<
|
<

1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22

23
24


25
26
27


28
29
30
31
32
33



34
35
36
37

38
39
40
41
42
43
44
45
46
47
48
49



50
51


52
53
54
55
56
57
58
59
60
61
62
63
64





65



66
67
68
69
70
71
72
73
74
75


76
77
78
79
80

81
82
83
84
85
86
87
88
89
90
91





92







93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120
121
122
123
124
125
126

127

128

129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155




156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

172
173
174
175
176
177

178

179
.\"	$OpenBSD: EVP_PKEY_encrypt.3,v 1.4 2016/11/27 15:23:29 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013, 2014, 2016 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED



.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_ENCRYPT 3
.Os
.Sh NAME
.Nm EVP_PKEY_encrypt_init ,
.Nm EVP_PKEY_encrypt
.Nd encrypt using a public key algorithm
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_encrypt_init
.Fa "EVP_PKEY_CTX *ctx"
.Fc





.Ft int



.Fo EVP_PKEY_encrypt
.Fa "EVP_PKEY_CTX *ctx"
.Fa "unsigned char *out"
.Fa "size_t *outlen"
.Fa "const unsigned char *in"
.Fa "size_t inlen"
.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_encrypt_init


function initializes a public key algorithm context using key
.Fa ctx->pkey
for an encryption operation.
.Pp
The

.Fn EVP_PKEY_encrypt
function performs a public key encryption operation using
.Fa ctx .
The data to be encrypted is specified using the
.Fa in
and
.Fa inlen
parameters.
If
.Fa out
is





.Dv NULL ,







then the maximum size of the output buffer is written to the
.Fa outlen
parameter.
If
.Fa out
is not
.Dv NULL ,
then before the call the
.Fa outlen
parameter should contain the length of the
.Fa out
buffer.
If the call is successful the encrypted data is written to
.Fa out
and the amount of data written to
.Fa outlen .
.Pp
After the call to
.Fn EVP_PKEY_encrypt_init ,
algorithm specific control operations can be performed to set any
appropriate parameters for the operation.
.Pp
The function
.Fn EVP_PKEY_encrypt
can be called more than once on the same context if several operations
are performed using the same parameters.
.Sh RETURN VALUES

.Fn EVP_PKEY_encrypt_init
and
.Fn EVP_PKEY_encrypt
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES

Encrypt data using OAEP (for RSA keys).

See also

.Xr PEM_read_PUBKEY 3
and
.Xr d2i_X509 3
for means to load a public key.
You may also simply set
.Ql eng = NULL;
to start with the default OpenSSL RSA implementation:
.Bd -literal -offset indent
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>

EVP_PKEY_CTX *ctx;
ENGINE *eng;
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
/* NB: assumes eng, key in, inlen are already set up
 * and that key is an RSA public key
 */
ctx = EVP_PKEY_CTX_new(key, eng);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_encrypt_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
	/* Error */





/* Determine buffer length */
if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
	/* Error */

out = malloc(outlen);

if (!out)
	/* malloc failure */

if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
	/* Error */

/* Encrypted data is outlen bytes written to buffer out */
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3

.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Deleted jni/libressl/man/EVP_PKEY_get_default_digest.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_get_default_digest 3"
.TH EVP_PKEY_get_default_digest 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_get_default_digest_nid \- get default signature digest
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/evp.h>
\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default
message digest \s-1NID\s0 for the public key signature operations associated with key
\&\fBpkey\fR.
.SH "NOTES"
.IX Header "NOTES"
For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The \fIEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest
is advisory (that is other digests can be used) and 2 if it is mandatory (other
digests can not be used).  It returns 0 or a negative value for failure. In
particular a return value of \-2 indicates the operation is not supported by the
public key algorithm.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
.SH "HISTORY"
.IX Header "HISTORY"
This function was first added to OpenSSL 1.0.0.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































Added jni/libressl/man/EVP_PKEY_get_default_digest_nid.3.




















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.\"	$OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.2 2016/11/27 15:27:19 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
.Os
.Sh NAME
.Nm EVP_PKEY_get_default_digest_nid
.Nd get default signature digest
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_get_default_digest_nid
.Fa "EVP_PKEY *pkey"
.Fa "int *pnid"
.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_get_default_digest_nid
function sets
.Fa pnid
to the default message digest NID for the public key signature
operations associated with key
.Fa pkey .
.Pp
For all current standard OpenSSL public key algorithms, SHA1 is returned.
.Sh RETURN VALUES
The
.Fn EVP_PKEY_get_default_digest_nid
function returns 1 if the message digest is advisory (that is other
digests can be used) and 2 if it is mandatory (other digests cannot be
used).
It returns 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh SEE ALSO
.Xr EVP_PKEY_CTX_ctrl 3 ,
.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3
.Sh HISTORY
This function was first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_keygen.3.








1













2
3
4
5
6
7
8

9
10
11
12
13

14

15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

45
46
47
48


49
50
51
52
53
54



55




56
57
58
59
60
61
62

63
64
65
66

67
68



69



70
71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

96
97
98
99
100
101


102

103
104
105

106

107
















108
109
110
111
112
113
114
115
116
117
118

119
120



121

122

123
124
125

126
127
128

129


130

131
132
133
134


135
136
137
138
139



140
141
142
143
144
145

146
147
148

149
150


151


152
153
154

155

156
157
158
159
160
161
162
163
164
165
166
167
168
169










170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214

215
216
217
218
219
220
221
222
223
224
225







226
227
228
229
230
231

232
233
234
235
236
237

238
239
240
241
242
243
244








.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)













.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..

.de Ve \" End verbatim text

.ft R
.fi
..

.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.



.de IX




..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2

.        \}
.    \}



.\}



.rr rF
.\" ========================================================================
.\"

.IX Title "EVP_PKEY_keygen 3"
.TH EVP_PKEY_keygen 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
EVP_PKEY_CTX_get_app_data \- key and parameter generation functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
\&
\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
\&

\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
\&
\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
\&
\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);


\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm

context using key \fBpkey\fR for a key generation operation.
















.PP
The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the
generated key is written to \fBppkey\fR.
.PP
The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar
except parameters are generated.
.PP
The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback
to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter
generation callback.
.PP

The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated
with the generation operation. If \fBidx\fR is \-1 the total number of



parameters available is returned. Any non negative value returns the value of

that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for

\&\fBidx\fR should only be called within the generation callback.
.PP
If the callback returns 0 then the key generation operation is aborted and an

error occurs. This might occur during a time consuming operation where
a user clicks on a \*(L"cancel\*(R" button.
.PP

The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set


and retrieve an opaque pointer. This can be used to set some application

defined value which can be retrieved in the callback: for example a handle
which is used to update a \*(L"progress dialog\*(R".
.SH "NOTES"
.IX Header "NOTES"


After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm
specific control operations can be performed to set any appropriate parameters
for the operation.
.PP
The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than



once on the same context if several operations are performed using the same
parameters.
.PP
The meaning of the parameters passed to the callback will depend on the
algorithm and the specific implementation of the algorithm. Some might not
give any useful information at all during key or parameter generation. Others

might not even call the callback.
.PP
The operation performed by key or parameter generation depends on the algorithm

used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R"
option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure.


.PP


In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the
public key components and parameters (if any). An OpenSSL private key is
equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used

in functions which require the use of a public key or parameters.

.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and
\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure.
In particular a return value of \-2 indicates the operation is not supported by
the public key algorithm.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Generate a 2048 bit \s-1RSA\s0 key:
.PP
.Vb 2
\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&










\& EVP_PKEY_CTX *ctx;
\& EVP_PKEY *pkey = NULL;
\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_keygen_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
\&        /* Error */
\&
\& /* Generate key */
\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
\&        /* Error */
.Ve
.PP
Generate a key from a set of parameters:
.PP
.Vb 2
\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&
\& EVP_PKEY_CTX *ctx;
\& EVP_PKEY *pkey = NULL, *param;
\& /* Assumed param is set up already */
\& ctx = EVP_PKEY_CTX_new(param);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_keygen_init(ctx) <= 0)
\&        /* Error */
\&
\& /* Generate key */
\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
\&        /* Error */
.Ve
.PP
Example of generation callback for OpenSSL public key implementations:
.PP
.Vb 1
\& /* Application data is a BIO to output status to */
\&
\& EVP_PKEY_CTX_set_app_data(ctx, status_bio);
\&
\& static int
\& genpkey_cb(EVP_PKEY_CTX *ctx)
\& {

\&        char c = \*(Aq*\*(Aq;
\&        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
\&        int p;
\&
\&        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
\&        if (p == 0)
\&                c=\*(Aq.\*(Aq;
\&        if (p == 1)
\&                c=\*(Aq+\*(Aq;
\&        if (p == 2)
\&                c=\*(Aq*\*(Aq;







\&        if (p == 3)
\&                c=\*(Aq\en\*(Aq;
\&        BIO_write(b,&c,1);
\&        (void)BIO_flush(b);
\&        return 1;
\& }

.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),

\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
<
|
>
|
|
<
<
|
>
|
>
|
<
|
>
|
|
|
|
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
|
<

>
|
<
<
|
>
>
|
|
|
|
|
|
>
>
>
|
>
>
>
>
|
<
<
<
|
|
|
>
|
|
<
|
>
|
|
>
>
>
|
>
>
>
|
<
|
>
|
|
<
<
<
|
<
|
|
|
<
<
<
|
|
<
|
<
|
<
<
|
<
>
|
|
<
|
<
|
>
>
|
>
|
|
|
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
|
|
|
|
>
|
|
>
>
>
|
>
|
>
|
|
|
>
|
|
|
>
|
>
>
|
>
|
|
|
|
>
>
|
|
|
|
|
>
>
>
|
|
|

|
|
>
|
|
|
>
|
|
>
>
|
>
>
|
|
|
>
|
>
|
<
|
|
<
|
<
<
<
<
<
<
|
<
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|

|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|

|
<
|
|
|
|
|
|
<
>
|
|
|
<
<
<
<
<
<
<
|
>
>
>
>
>
>
>
|
|
|
|
|
<
>
|
|
<
|
|
|
>
|
|
|
<
|
<

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29
30
31


32
33
34
35
36

37
38
39
40
41
42
43
44














45
46
47
48
49

50
51
52


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70



71
72
73
74
75
76

77
78
79
80
81
82
83
84
85
86
87
88

89
90
91
92



93

94
95
96



97
98

99

100


101

102
103
104

105

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134






135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

201
202

203






204

205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250

251
252
253
254
255
256

257
258
259
260







261
262
263
264
265
266
267
268
269
270
271
272
273

274
275
276

277
278
279
280
281
282
283

284

285
.\"	$OpenBSD: EVP_PKEY_keygen.3,v 1.4 2016/11/27 15:23:29 schwarze Exp $
.\"	OpenSSL 99d63d466 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013, 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;














.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_KEYGEN 3


.Os
.Sh NAME
.Nm EVP_PKEY_keygen_init ,
.Nm EVP_PKEY_keygen ,
.Nm EVP_PKEY_paramgen_init ,
.Nm EVP_PKEY_paramgen ,
.Nm EVP_PKEY_CTX_set_cb ,
.Nm EVP_PKEY_CTX_get_cb ,
.Nm EVP_PKEY_CTX_get_keygen_info ,
.Nm EVP_PKEY_CTX_set_app_data ,
.Nm EVP_PKEY_CTX_get_app_data
.Nd key and parameter generation functions
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_keygen_init
.Fa "EVP_PKEY_CTX *ctx"
.Fc



.Ft int
.Fo EVP_PKEY_keygen
.Fa "EVP_PKEY_CTX *ctx"
.Fa "EVP_PKEY **ppkey"
.Fc
.Ft int

.Fo EVP_PKEY_paramgen_init
.Fa "EVP_PKEY_CTX *ctx"
.Fc
.Ft int
.Fo EVP_PKEY_paramgen
.Fa "EVP_PKEY_CTX *ctx"
.Fa "EVP_PKEY **ppkey"
.Fc
.Ft typedef int
.Fo EVP_PKEY_gen_cb
.Fa "EVP_PKEY_CTX *ctx"
.Fc

.Ft void
.Fo EVP_PKEY_CTX_set_cb
.Fa "EVP_PKEY_CTX *ctx"
.Fa "EVP_PKEY_gen_cb *cb"



.Fc

.Ft EVP_PKEY_gen_cb *
.Fo EVP_PKEY_CTX_get_cb
.Fa "EVP_PKEY_CTX *ctx"



.Fc
.Ft int

.Fo EVP_PKEY_CTX_get_keygen_info

.Fa "EVP_PKEY_CTX *ctx"


.Fa "int idx"

.Fc
.Ft void
.Fo EVP_PKEY_CTX_set_app_data

.Fa "EVP_PKEY_CTX *ctx"

.Fa "void *data"
.Fc
.Ft void *
.Fo EVP_PKEY_CTX_get_app_data
.Fa "EVP_PKEY_CTX *ctx"
.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_keygen_init
function initializes a public key algorithm context using key
.Fa ctx->pkey
for a key generation operation.
.Pp
The
.Fn EVP_PKEY_keygen
function performs a key generation operation.
The generated key is written to
.Fa ppkey .
.Pp
The functions
.Fn EVP_PKEY_paramgen_init
and
.Fn EVP_PKEY_paramgen
are similar except parameters are generated.
.Pp
The function
.Fn EVP_PKEY_CTX_set_cb
sets the key or parameter generation callback to
.Fa cb .






The function
.Fn EVP_PKEY_CTX_get_cb
returns the key or parameter generation callback.
.Pp
The function
.Fn EVP_PKEY_CTX_get_keygen_info
returns parameters associated with the generation operation.
If
.Fa idx
is -1, the total number of parameters available is returned.
Any non-negative value returns the value of that parameter.
.Fn EVP_PKEY_CTX_get_keygen_info
with a non-negative value for
.Fa idx
should only be called within the generation callback.
.Pp
If the callback returns 0, then the key generation operation is aborted
and an error occurs.
This might occur during a time consuming operation where a user clicks
on a "cancel" button.
.Pp
The functions
.Fn EVP_PKEY_CTX_set_app_data
and
.Fn EVP_PKEY_CTX_get_app_data
set and retrieve an opaque pointer.
This can be used to set some application defined value which can be
retrieved in the callback: for example a handle which is used to update
a "progress dialog".
.Pp
After the call to
.Fn EVP_PKEY_keygen_init
or
.Fn EVP_PKEY_paramgen_init ,
algorithm specific control operations can be performed to set any
appropriate parameters for the operation.
.Pp
The functions
.Fn EVP_PKEY_keygen
and
.Fn EVP_PKEY_paramgen
can be called more than once on the same context if several operations
are performed using the same parameters.
.Pp
The meaning of the parameters passed to the callback will depend on the
algorithm and the specific implementation of the algorithm.
Some might not give any useful information at all during key or
parameter generation.
Others might not even call the callback.
.Pp
The operation performed by key or parameter generation depends on the
algorithm used.
In some cases (e.g. EC with a supplied named curve) the "generation"
option merely sets the appropriate fields in an
.Vt EVP_PKEY
structure.
.Pp
In OpenSSL, an
.Vt EVP_PKEY
structure containing a private key also contains the public key
components and parameters (if any).
An OpenSSL private key is equivalent to what some libraries call a "key
pair".
A private key can be used in functions which require the use of a public
key or parameters.
.Sh RETURN VALUES

.Fn EVP_PKEY_keygen_init ,
.Fn EVP_PKEY_paramgen_init ,

.Fn EVP_PKEY_keygen ,






and

.Fn EVP_PKEY_paramgen
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES
Generate a 2048-bit RSA key:
.Bd -literal -offset indent
#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_keygen_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
	/* Error */

/* Generate key */
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
	/* Error */
.Ed
.Pp
Generate a key from a set of parameters:
.Bd -literal -offset indent

#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL, *param;
/* Assumed param is set up already */
ctx = EVP_PKEY_CTX_new(param);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_keygen_init(ctx) <= 0)
	/* Error */

/* Generate key */
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
	/* Error */
.Ed
.Pp
Example of generation callback for OpenSSL public key implementations:
.Bd -literal -offset indent

/* Application data is a BIO to output status to */

EVP_PKEY_CTX_set_app_data(ctx, status_bio);

static int
genpkey_cb(EVP_PKEY_CTX *ctx)

{
	char c = '*';
	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
	int p;








	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
	if (p == 0)
		c = '.';
	if (p == 1)
		c = '+';
	if (p == 2)
		c = '*';
	if (p == 3)
		c = '\en';
	BIO_write(b, &c, 1);
	(void)BIO_flush(b);
	return 1;

}
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3

.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_new.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53
54
55
56












57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79


80
81
82
83
84
















85
86
87
88
89
90
91
92


93

94
95
96
97
98
99

100
101
102
103
104
105

106

107
108
109

110
111
112





.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi

.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..












.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "EVP_PKEY_new 3"
.TH EVP_PKEY_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"


EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
















\&
\& EVP_PKEY *EVP_PKEY_new(void);
\& void EVP_PKEY_free(EVP_PKEY *key);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR
structure which is used by OpenSSL to store private keys.


.PP

\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR.
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions
which require a general private key without reference to any
particular algorithm.

.PP
The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a
private key to this empty structure the functions described in
\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR

structure of \fB\s-1NULL\s0\fR if an error occurred.
.PP
\&\fIEVP_PKEY_free()\fR does not return a value.

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_set1_RSA\fR\|(3)





|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
<
<
>
<
<
|
|
<
<
<
<
<
<
<
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

>
|
<
<
<
<
|
|
>
>
|
|
<
<
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<
<
<
<
<
<
<
|
>
>
|
>
|
|
|
<
|
<
>
|
<
|
<
|
<
>
|
>
|
|
<
>
|
<
|
>
>
>
>
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23




24


25
26








27


28


29
30
31
32



33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49















50
51
52




53
54
55
56
57
58


59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75







76
77
78
79
80
81
82
83

84

85
86

87

88

89
90
91
92
93

94
95

96
97
98
99
100
101
.\"	$OpenBSD: EVP_PKEY_new.3,v 1.3 2016/11/27 15:24:27 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"




.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to


.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact








.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.















.\"
.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_NEW 3




.Os
.Sh NAME
.Nm EVP_PKEY_new ,
.Nm EVP_PKEY_free
.Nd private key allocation functions
.Sh SYNOPSIS


.In openssl/evp.h
.Ft EVP_PKEY *
.Fn EVP_PKEY_new void
.Ft void
.Fo EVP_PKEY_free
.Fa "EVP_PKEY *key"
.Fc
.Sh DESCRIPTION
The
.Vt EVP_PKEY
structure is used by various OpenSSL functions which require a general
private key without reference to any particular algorithm.
.Pp
The
.Fn EVP_PKEY_new
function allocates an empty
.Vt EVP_PKEY







structure.
To add a private key to it, use the functions described in
.Xr EVP_PKEY_set1_RSA 3 .
.Pp
.Fn EVP_PKEY_free
frees up the private key
.Fa key .
If

.Fa key

is a
.Dv NULL

pointer, no action occurs.

.Sh RETURN VALUES

.Fn EVP_PKEY_new
returns either the newly allocated
.Vt EVP_PKEY
structure or
.Dv NULL

if an error occurred.
.Sh SEE ALSO

.Xr EVP_PKEY_set1_RSA 3
.Sh HISTORY
.Fn EVP_PKEY_new
and
.Fn EVP_PKEY_free
exist in all versions of OpenSSL.
Changes to jni/libressl/man/EVP_PKEY_print_private.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21



22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41


42
43
44
45
46
47


48
49
50
51









52
53
54
55


56
57
58
59






60
61
62

63

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

89
90
91
92
93
94
95
96




97





98


99
100


101
102




103
104
105
106

107
108
109
110


111
112
113
114

115
116
117
118
119
120
121
122
123
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and



.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the









.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{






.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_print_private 3"
.TH EVP_PKEY_print_private 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public
key algorithm printing routines.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
\&                                int indent, ASN1_PCTX *pctx);

\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
\&                                int indent, ASN1_PCTX *pctx);
\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
\&                                int indent, ASN1_PCTX *pctx);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and




\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components





of key \fBpkey\fR respectively. The key is sent to \s-1BIO \s0\fBout\fR in human readable


form. The parameter \fBindent\fR indicated how far the printout should be indented.
.PP


The \fBpctx\fR parameter allows the print output to be finely tuned by using
\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will




be used.
.SH "NOTES"
.IX Header "NOTES"
Currently no public key algorithms include any options in the \fBpctx\fR parameter

parameter.
.PP
If the key does not include all the components indicated by the function then
only those contained in the key will be printed. For example passing a public


key to \fIEVP_PKEY_print_private()\fR will only print the public components.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
These functions all return 1 for success and 0 or a negative value for failure.

In particular a return value of \-2 indicates the operation is not supported by
the public key algorithm.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_keygen\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

<
|
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
>
>
>
<
<
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
|
|
>
>
|
<

|
<
|
>
>

<
|
|
>
>
>
>
>
>
>
>
>
|

<
<
>
>
|
|
<
<
>
>
>
>
>
>
|
<
<
>
|
>
|
<
|
<
<
|
<
<
|
|
<
<
<
<
<
|
|
|
|
<
|
|
<
|
<
>
|
|
<
|
|
|
<
|
>
>
>
>
|
>
>
>
>
>
|
>
>
|
|
>
>
|
|
>
>
>
>
|
<
<
|
>

|
|
|
>
>
|
|
<
|
>
|
|
|
<
|
|
|
<

1
2
3

4
5


6



7
8
9
10



11
12
13




14
15
16






17


18
19
20
21
22
23


24
25
26
27
28
29
30
31

32
33

34
35
36
37

38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54


55
56
57
58
59
60
61


62
63
64
65

66


67


68
69





70
71
72
73

74
75

76

77
78
79

80
81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107


108
109
110
111
112
113
114
115
116
117

118
119
120
121
122

123
124
125

126
.\"	$OpenBSD: EVP_PKEY_print_private.3,v 1.4 2016/11/27 15:27:19 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"




.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the






.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"
.\" 6. Redistributions of any form whatsoever must retain the following

.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_PRINT_PRIVATE 3
.Os
.Sh NAME


.Nm EVP_PKEY_print_public ,
.Nm EVP_PKEY_print_private ,
.Nm EVP_PKEY_print_params
.Nd public key algorithm printing routines
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int


.Fo EVP_PKEY_print_public
.Fa "BIO *out"
.Fa "const EVP_PKEY *pkey"
.Fa "int indent"

.Fa "ASN1_PCTX *pctx"


.Fc


.Ft int
.Fo EVP_PKEY_print_private





.Fa "BIO *out"
.Fa "const EVP_PKEY *pkey"
.Fa "int indent"
.Fa "ASN1_PCTX *pctx"

.Fc
.Ft int

.Fo EVP_PKEY_print_params

.Fa "BIO *out"
.Fa "const EVP_PKEY *pkey"
.Fa "int indent"

.Fa "ASN1_PCTX *pctx"
.Fc
.Sh DESCRIPTION

The functions
.Fn EVP_PKEY_print_public ,
.Fn EVP_PKEY_print_private ,
and
.Fn EVP_PKEY_print_params
print out the public, private or parameter components of key
.Fa pkey ,
respectively.
The key is sent to
.Vt BIO
.Fa out
in human readable form.
The parameter
.Fa indent
indicates how far the printout should be indented.
.Pp
The
.Fa pctx
parameter allows the print output to be finely tuned by using ASN.1
printing options.
If
.Fa pctx
is set to
.Dv NULL ,
then default values will be used.


Currently, no public key algorithms include any options in the
.Fa pctx
parameter.
.Pp
If the key does not include all the components indicated by the function,
then only those contained in the key will be printed.
For example, passing a public key to
.Fn EVP_PKEY_print_private
will only print the public components.
.Sh RETURN VALUES

These functions all return 1 for success and 0 or a negative value for
failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_keygen 3
.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_set1_RSA.3.
1

2
3
4
5
6
7
8


9
10


11




12




13



14
15
16



17
18
19
20
21
22
23
24


25
26
27
28
29
30
31
32
33
34
35






















36
37

38

39
40



41
42
43



44
45
46




47



48
49
50
51
52



53
54
55


56



57
58
59
60



61
62




63
64
65
66



67
68



69
70
71


72









73
74
75
76
77
78
79
80









81







82


83
84


85
86
87
88

89

90


91

92
93
94
95

96

97
98




99
100



101
102
103

104

105
106



107
108

109
110
111

112
113

114
115

116

117

118

119
120
121
122







123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138




139

140
141
142




143
144









145
146

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R
.fi



..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-


.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}






















.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p

.    ds L" ``
.    ds R" ''



.    ds C`
.    ds C'
'br\}



.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq




.el       .ds Aq '



.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.



.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..



.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{



.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"




..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2



.        \}
.    \}



.\}
.rr rF
.\" ========================================================================


.\"









.IX Title "EVP_PKEY_set1_RSA 3"
.TH EVP_PKEY_set1_RSA 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,









EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,







EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,


EVP_PKEY_assign_EC_KEY, EVP_PKEY_type \- EVP_PKEY assignment functions.
.SH "SYNOPSIS"


.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&

\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);

\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);


\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);

\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
\&
\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);

\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);

\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
\&




\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);



\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
\&

\& int EVP_PKEY_type(int type);

.Ve
.SH "DESCRIPTION"



.IX Header "DESCRIPTION"
\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and

\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR.
.PP
\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and

\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or
\&\fB\s-1NULL\s0\fR if the key is not of the correct type.

.PP
\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR

and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR

however these use the supplied \fBkey\fR internally and so \fBkey\fR

will be freed when the parent \fBpkey\fR is freed.

.PP
\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value
\&\fBtype\fR. The type of a key can be obtained with
EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA,







EVP_PKEY_DSA, EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
key types or NID_undef if the key type is unassigned.
.SH "NOTES"
.IX Header "NOTES"
In accordance with the OpenSSL naming convention the key obtained
from or assigned to the \fBpkey\fR using the \fB1\fR functions must be
freed as well as \fBpkey\fR.
.PP
\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure.
.PP
\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and




\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if

an error occurred.
.PP
\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR




and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure.
.SH "SEE ALSO"









.IX Header "SEE ALSO"
\&\fIEVP_PKEY_new\fR\|(3)

|
>

<
|
|
<
<
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
<
|
>
>
>
|
|
|
|
<
<
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
|
>
|
|
>
>
>
|
|
<
>
>
>
|
<
<
>
>
>
>
|
>
>
>
|
<
<
<
<
>
>
>
|
<
|
>
>
|
>
>
>
|
<
<
|
>
>
>
|
<
>
>
>
>
|
|
<
<
>
>
>
|
|
>
>
>
|
|
<
>
>
|
>
>
>
>
>
>
>
>
>
|
|
<
<
|
|
<
|
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
>
>
|
<
>
>
|
|
<
<
>
|
>
|
>
>
|
>
|
<
|
|
>
|
>
|
<
>
>
>
>
|
<
>
>
>
|
<
<
>
|
>
|
<
>
>
>
|
|
>
|
|
<
>
|
|
>
|
<
>
|
>
|
>
|
>
|
|
<
|
>
>
>
>
>
>
>
|
<
<
|
<
<
<
<
<
<
<
<
|
|
|
|
>
>
>
>
|
>
|
|
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
>
1
2
3

4
5


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
34
35


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

74
75
76
77
78
79
80
81
82
83

84
85
86
87


88
89
90
91
92
93
94
95
96




97
98
99
100

101
102
103
104
105
106
107
108


109
110
111
112
113

114
115
116
117
118
119


120
121
122
123
124
125
126
127
128
129

130
131
132
133
134
135
136
137
138
139
140
141
142
143


144
145

146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

168
169
170
171


172
173
174
175
176
177
178
179
180

181
182
183
184
185
186

187
188
189
190
191

192
193
194
195


196
197
198
199

200
201
202
203
204
205
206
207

208
209
210
211
212

213
214
215
216
217
218
219
220
221

222
223
224
225
226
227
228
229
230


231








232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
.\"	$OpenBSD: EVP_PKEY_set1_RSA.3,v 1.5 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2014, 2016 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project


.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt EVP_PKEY_SET1_RSA 3
.Os
.Sh NAME
.Nm EVP_PKEY_set1_RSA ,
.Nm EVP_PKEY_set1_DSA ,
.Nm EVP_PKEY_set1_DH ,
.Nm EVP_PKEY_set1_EC_KEY ,
.Nm EVP_PKEY_get1_RSA ,
.Nm EVP_PKEY_get1_DSA ,
.Nm EVP_PKEY_get1_DH ,
.Nm EVP_PKEY_get1_EC_KEY ,
.Nm EVP_PKEY_assign_RSA ,
.Nm EVP_PKEY_assign_DSA ,
.Nm EVP_PKEY_assign_DH ,
.Nm EVP_PKEY_assign_EC_KEY ,
.Nm EVP_PKEY_id ,
.Nm EVP_PKEY_base_id ,
.Nm EVP_PKEY_type
.Nd EVP_PKEY assignment functions
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int

.Fo EVP_PKEY_set1_RSA
.Fa "EVP_PKEY *pkey"
.Fa "RSA *key"
.Fc
.Ft int
.Fo EVP_PKEY_set1_DSA
.Fa "EVP_PKEY *pkey"
.Fa "DSA *key"
.Fc
.Ft int

.Fo EVP_PKEY_set1_DH
.Fa "EVP_PKEY *pkey"
.Fa "DH *key"
.Fc


.Ft int
.Fo EVP_PKEY_set1_EC_KEY
.Fa "EVP_PKEY *pkey"
.Fa "EC_KEY *key"
.Fc
.Ft RSA *
.Fo EVP_PKEY_get1_RSA
.Fa "EVP_PKEY *pkey"
.Fc




.Ft DSA *
.Fo EVP_PKEY_get1_DSA
.Fa "EVP_PKEY *pkey"
.Fc

.Ft DH *
.Fo EVP_PKEY_get1_DH
.Fa "EVP_PKEY *pkey"
.Fc
.Ft EC_KEY *
.Fo EVP_PKEY_get1_EC_KEY
.Fa "EVP_PKEY *pkey"
.Fc


.Ft int
.Fo EVP_PKEY_assign_RSA
.Fa "EVP_PKEY *pkey"
.Fa "RSA *key"
.Fc

.Ft int
.Fo EVP_PKEY_assign_DSA
.Fa "EVP_PKEY *pkey"
.Fa "DSA *key"
.Fc
.Ft int


.Fo EVP_PKEY_assign_DH
.Fa "EVP_PKEY *pkey"
.Fa "DH *key"
.Fc
.Ft int
.Fo EVP_PKEY_assign_EC_KEY
.Fa "EVP_PKEY *pkey"
.Fa "EC_KEY *key"
.Fc
.Ft int

.Fo EVP_PKEY_id
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo EVP_PKEY_base_id
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo EVP_PKEY_type
.Fa "int type"
.Fc
.Sh DESCRIPTION
.Fn EVP_PKEY_set1_RSA ,
.Fn EVP_PKEY_set1_DSA ,


.Fn EVP_PKEY_set1_DH ,
and

.Fn EVP_PKEY_set1_EC_KEY
set the key referenced by
.Fa pkey
to
.Fa key .
.Pp
.Fn EVP_PKEY_get1_RSA ,
.Fn EVP_PKEY_get1_DSA ,
.Fn EVP_PKEY_get1_DH ,
and
.Fn EVP_PKEY_get1_EC_KEY
return the key referenced in
.Fa pkey
or
.Dv NULL
if the key is not of the correct type.
.Pp
.Fn EVP_PKEY_assign_RSA ,
.Fn EVP_PKEY_assign_DSA ,
.Fn EVP_PKEY_assign_DH ,
and
.Fn EVP_PKEY_assign_EC_KEY

also set the referenced key to
.Fa key ;
however these use the supplied
.Fa key


internally and so
.Fa key
will be freed when the parent
.Fa pkey
is freed.
.Pp
.Fn EVP_PKEY_base_id
returns the type of
.Fa pkey .

For example, an RSA key will return
.Dv EVP_PKEY_RSA .
.Pp
.Fn EVP_PKEY_id
returns the actual OID associated with
.Fa pkey .

Historically keys using the same algorithm could use different OIDs.
For example, an RSA key could use the OIDs corresponding to the NIDs
.Dv NID_rsaEncryption
(equivalent to
.Dv EVP_PKEY_RSA )

or
.Dv NID_rsa
(equivalent to
.Dv EVP_PKEY_RSA2 ) .


The use of alternative non-standard OIDs is now rare, so
.Dv EVP_PKEY_RSA2
et al. are not often seen in practice.
.Pp

.Fn EVP_PKEY_type
returns the underlying type of the NID
.Fa type .
For example,
.Fn EVP_PKEY_type EVP_PKEY_RSA2
will return
.Dv EVP_PKEY_RSA .
.Pp

Most applications wishing to know a key type will simply call
.Fn EVP_PKEY_base_id
and will not care about the actual type,
which will be identical in almost all cases.
.Pp

In accordance with the OpenSSL naming convention, the key obtained from
or assigned to
.Fa pkey
using the
.Sy 1
functions must be freed as well as
.Fa pkey .
.Pp
.Fn EVP_PKEY_assign_RSA ,

.Fn EVP_PKEY_assign_DSA ,
.Fn EVP_PKEY_assign_DH ,
and
.Fn EVP_PKEY_assign_EC_KEY
are implemented as macros.
.Sh RETURN VALUES
.Fn EVP_PKEY_set1_RSA ,
.Fn EVP_PKEY_set1_DSA ,
.Fn EVP_PKEY_set1_DH ,


and








.Fn EVP_PKEY_set1_EC_KEY
return 1 for success or 0 for failure.
.Pp
.Fn EVP_PKEY_get1_RSA ,
.Fn EVP_PKEY_get1_DSA ,
.Fn EVP_PKEY_get1_DH ,
and
.Fn EVP_PKEY_get1_EC_KEY
return the referenced key or
.Dv NULL
if an error occurred.
.Pp
.Fn EVP_PKEY_assign_RSA ,
.Fn EVP_PKEY_assign_DSA ,
.Fn EVP_PKEY_assign_DH ,
and
.Fn EVP_PKEY_assign_EC_KEY
return 1 for success and 0 for failure.
.Pp
.Fn EVP_PKEY_base_id ,
.Fn EVP_PKEY_id ,
and
.Fn EVP_PKEY_type
return a key type or
.Dv NID_undef
(equivalently
.Dv EVP_PKEY_NONE )
on error.
.Sh SEE ALSO
.Xr EVP_PKEY_new 3 ,
.Xr RSA_new 3
Changes to jni/libressl/man/EVP_PKEY_sign.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48








49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

90
91
92


93

94
95


96

97








98

99






100


101

102

103







104

105

106
107


108


109
110
111
112
113


114

115
116
117
118
119
120

121
122
123
124

125
126
127


128
129

130
131
132
133
134
135
136
137
138
139
140
141
142



143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159


160
161
162
163
164
165
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"








.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_sign 3"
.TH EVP_PKEY_sign 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
\&                        unsigned char *sig, size_t *siglen,
\&                        const unsigned char *tbs, size_t tbslen);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"


The \fIEVP_PKEY_sign_init()\fR function initializes a public key algorithm

context using key \fBpkey\fR for a signing operation.
.PP


The \fIEVP_PKEY_sign()\fR function performs a public key signing operation

using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and








\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output

buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then






before the call the \fBsiglen\fR parameter should contain the length of the


\&\fBsig\fR buffer, if the call is successful the signature is written to

\&\fBsig\fR and the amount of data written to \fBsiglen\fR.

.SH "NOTES"







.IX Header "NOTES"

After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control

operations can be performed to set any appropriate parameters for the
operation.


.PP


The function \fIEVP_PKEY_sign()\fR can be called more than once on the same
context if several operations are performed using the same parameters.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0


or a negative value for failure. In particular a return value of \-2

indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest:
.PP
.Vb 2

\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&
\& EVP_PKEY_CTX *ctx;

\& unsigned char *md, *sig;
\& size_t mdlen, siglen;
\& EVP_PKEY *signing_key;


\& /* NB: assumes signing_key, md and mdlen are already set up
\&  * and that signing_key is an RSA private key

\&  */
\& ctx = EVP_PKEY_CTX_new(signing_key);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_sign_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
\&        /* Error */
\&
\& /* Determine buffer length */
\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)



\&        /* Error */
\&
\& sig = malloc(siglen);
\&
\& if (!sig)
\&        /* malloc failure */
\&
\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
\&        /* Error */
\&
\& /* Signature is siglen bytes written to buffer sig */
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),


\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
<
<
|
>
|
|
<
<
|
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
|
|
|
|

|
|
|
|
|
|
|
|
|
|
|
|
<
<
<
|
<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
>
|
|
<
>
>
|
>
|
|
>
>
|
>
|
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
|
>
>
|
>
|
>
|
>
>
>
>
>
>
>
|
>
|
>
|
<
>
>
|
>
>
|
|
|
<
|
>
>
|
>
|
|
<
|
<
<
>
|
|
|
|
>
|
|
|
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
<
<
<
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
>
>
|
|
<
|
<

1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23


24
25
26
27


28



29


30
31


32


33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63



64


65
66












67
68
69
70
71
72
73

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

122
123
124
125
126
127
128
129

130
131
132
133
134
135
136

137


138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161



162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

178
179
180
181
182
183
184

185

186
.\"	$OpenBSD: EVP_PKEY_sign.3,v 1.5 2017/01/06 02:43:14 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013, 2014 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt EVP_PKEY_SIGN 3
.Os
.Sh NAME
.Nm EVP_PKEY_sign_init ,
.Nm EVP_PKEY_sign
.Nd sign using a public key algorithm
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_sign_init
.Fa "EVP_PKEY_CTX *ctx"



.Fc


.Ft int
.Fo EVP_PKEY_sign












.Fa "EVP_PKEY_CTX *ctx"
.Fa "unsigned char *sig"
.Fa "size_t *siglen"
.Fa "const unsigned char *tbs"
.Fa "size_t tbslen"
.Fc
.Sh DESCRIPTION

The
.Fn EVP_PKEY_sign_init
function initializes a public key algorithm context using the key
.Fa ctx->pkey
for a signing operation.
.Pp
The
.Fn EVP_PKEY_sign
function performs a public key signing operation using
.Fa ctx .
The data to be signed is specified using the
.Fa tbs
and
.Fa tbslen
parameters.
If
.Fa sig
is
.Dv NULL ,
then the maximum size of the output buffer is written to the
.Fa siglen
parameter.
If
.Fa sig
is not
.Dv NULL ,
then before the call the
.Fa siglen
parameter should contain the length of the
.Fa sig
buffer.
If the call is successful the signature is written to
.Fa sig
and the amount of data written to
.Fa siglen .
.Pp
.Fn EVP_PKEY_sign
does not hash the data to be signed, and therefore is normally used
to sign digests.
For signing arbitrary messages, see the
.Xr EVP_DigestSignInit 3
and
.Xr EVP_SignInit 3
signing interfaces instead.
.Pp
After the call to
.Fn EVP_PKEY_sign_init ,
algorithm specific control operations can be performed to set any

appropriate parameters for the operation; see
.Xr EVP_PKEY_CTX_ctrl 3 .
.Pp
The function
.Fn EVP_PKEY_sign
can be called more than once on the same context if several operations
are performed using the same parameters.
.Sh RETURN VALUES

.Fn EVP_PKEY_sign_init
and
.Fn EVP_PKEY_sign
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES

Sign data using RSA with PKCS#1 padding and SHA256 digest:


.Bd -literal -offset indent
#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
/* md is a SHA-256 digest in this example. */
unsigned char *md, *sig;
size_t mdlen = 32, siglen;
EVP_PKEY *signing_key;

/*
 * NB: assumes signing_key and md are set up before the next
 * step. signing_key must be an RSA private key and md must
 * point to the SHA-256 digest to be signed.
 */
ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_sign_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	/* Error */




/* Determine buffer length */
if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
	/* Error */

sig = malloc(siglen);

if (!sig)
	/* malloc failure */

if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
	/* Error */

/* Signature is siglen bytes written to buffer sig */
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_ctrl 3 ,
.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3

.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_verify.3.
1

2
3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20



21
22
23
24
25
26

27
28
29
30
31
32

33

34
35
36
37

38
39
40

41
42
43
44
45
46
47
48
49
50
51




52
53
54
55


56
57
58
59
60
61
62
63
64
65
66
67
68
69


70
71
72
73
74
75
76

77

78
79

80
81


82








83


84

85
86



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106


107
108
109
110



111
112

113


114
115
116
117

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

157
158
159
160
161
162
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will



.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""

.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''

.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the




.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}


.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify 3"
.TH EVP_PKEY_verify 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l

.nh
.SH "NAME"

EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public
key algorithm


.SH "SYNOPSIS"








.IX Header "SYNOPSIS"


.Vb 1

\& #include <openssl/evp.h>
\&



\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
\&                        const unsigned char *sig, size_t siglen,
\&                        const unsigned char *tbs, size_t tbslen);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_verify_init()\fR function initializes a public key algorithm
context using key \fBpkey\fR for a signature verification operation.
.PP
The \fIEVP_PKEY_verify()\fR function performs a public key verification operation
using \fBctx\fR. The signature is specified using the \fBsig\fR and
\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally
signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters.
.SH "NOTES"
.IX Header "NOTES"
After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control
operations can be performed to set any appropriate parameters for the
operation.
.PP


The function \fIEVP_PKEY_verify()\fR can be called more than once on the same
context if several operations are performed using the same parameters.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"



\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was
successful and 0 if it failed. Unlike other functions the return value 0 from

\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not verify


successfully (that is tbs did not match the original data or the signature was
of invalid form) it is not an indication of a more serious error.
.PP
A negative value indicates an error other that signature verification failure.

In particular a return value of \-2 indicates the operation is not supported by
the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Verify signature using PKCS#1 and \s-1SHA256\s0 digest:
.PP
.Vb 2
\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&
\& EVP_PKEY_CTX *ctx;
\& unsigned char *md, *sig;
\& size_t mdlen, siglen;
\& EVP_PKEY *verify_key;
\& /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
\&  * and that verify_key is an RSA public key
\&  */
\& ctx = EVP_PKEY_CTX_new(verify_key);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_verify_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
\&        /* Error */
\&
\& /* Perform operation */
\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
\&
\& /* ret == 1 indicates success, 0 verify failure and < 0 for some
\&  * other error.
\&  */
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),

\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

<
|
|
|
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
>
>
>
<
<
|
|
<
<
>
|
|
<
<
|
|
>
|
>
|
|
<
<
>
|
|
|
>
|
|
|

|
|
|
|
|
|
|
>
>
>
>
|

<
<
>
>
|
<
<
<
<
<
<
|
|
|
|
|
|
|
>
>
|
<
|
|
|
<
|
>
|
>
|
|
>
|
|
>
>
|
>
>
>
>
>
>
>
>
|
>
>
|
>
|
<
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
|
>
>
|
|
|
<
>
>
>
|
|
>
|
>
>
|
|
|
|
>
|
|
|
<
|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
>
|
|
<
|
<

1
2
3

4
5
6

7
8
9


10
11



12
13
14



15
16
17


18
19


20
21
22


23
24
25
26
27
28
29


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51


52
53
54






55
56
57
58
59
60
61
62
63
64

65
66
67

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

94
95
96
97















98
99

100
101
102
103
104
105

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

123
124

125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

153
154
155
156
157
158

159

160
.\"	$OpenBSD: EVP_PKEY_verify.3,v 1.4 2016/11/27 15:27:19 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2010, 2013 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"



.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the


.\"    distribution.
.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project


.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 27 2016 $
.Dt EVP_PKEY_VERIFY 3
.Os






.Sh NAME
.Nm EVP_PKEY_verify_init ,
.Nm EVP_PKEY_verify
.Nd signature verification using a public key algorithm
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_PKEY_verify_init
.Fa "EVP_PKEY_CTX *ctx"
.Fc

.Ft int
.Fo EVP_PKEY_verify
.Fa "EVP_PKEY_CTX *ctx"

.Fa "const unsigned char *sig"
.Fa "size_t siglen"
.Fa "const unsigned char *tbs"
.Fa "size_t tbslen"
.Fc
.Sh DESCRIPTION
The
.Fn EVP_PKEY_verify_init
function initializes a public key algorithm context using key
.Fa ctx->pkey
for a signature verification operation.
.Pp
The
.Fn EVP_PKEY_verify
function performs a public key verification operation using
.Fa ctx .
The signature is specified using the
.Fa sig
and
.Fa siglen
parameters.
The verified data (i.e. the data believed originally signed) is
specified using the
.Fa tbs
and
.Fa tbslen

parameters.
.Pp
After the call to
.Fn EVP_PKEY_verify_init ,















algorithm specific control operations can be performed to set any
appropriate parameters for the operation.

.Pp
The function
.Fn EVP_PKEY_verify
can be called more than once on the same context if several operations
are performed using the same parameters.
.Sh RETURN VALUES

.Fn EVP_PKEY_verify_init
and
.Fn EVP_PKEY_verify
return 1 if the verification was successful and 0 if it failed.
Unlike other functions the return value 0 from
.Fn EVP_PKEY_verify
only indicates that the signature did not verify successfully.
That is,
.Fa tbs
did not match the original data or the signature was of invalid form.
It is not an indication of a more serious error.
.Pp
A negative value indicates an error other that signature verification
failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES

Verify signature using PKCS#1 and SHA256 digest:
.Bd -literal -offset 3n

#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
unsigned char *md, *sig;
size_t mdlen, siglen;
EVP_PKEY *verify_key;
/* NB: assumes verify_key, sig, siglen md and mdlen are already set up
 * and that verify_key is an RSA public key
 */
ctx = EVP_PKEY_CTX_new(verify_key);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_verify_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	/* Error */

/* Perform operation */
ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);

/* ret == 1 indicates success, 0 verify failure and < 0 for some
 * other error.
 */
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify_recover 3

.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_PKEY_verify_recover.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21

22
23
24
25
26

27
28
29
30
31
32

33
34
35
36
37
38

39
40
41
42
43







44
45
46
47
48
49
50
51
52
53
54
55


56
57




58
59
60

61
62
63
64

65
66
67
68
69
70
71
72

73
74
75
76
77
78
79
80

81

82


83

84
85
86
87
88


89
90
91
92







93
94
95



96



97
98
99
100
101
102
103
104
105
106
107
108
109
110

111
112
113
114

115
116

117


118
119
120
121
122
123


124

125
126
127
128
129
130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

170
171
172
173
174
175
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and

.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p

.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}







.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0




.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{

.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{

.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "EVP_PKEY_verify_recover 3"
.TH EVP_PKEY_verify_recover 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using

a public key algorithm

.SH "SYNOPSIS"


.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,


\&                        unsigned char *rout, size_t *routlen,
\&                        const unsigned char *sig, size_t siglen);
.Ve
.SH "DESCRIPTION"







.IX Header "DESCRIPTION"
The \fIEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm
context using key \fBpkey\fR for a verify recover operation.



.PP



The \fIEVP_PKEY_verify_recover()\fR function recovers signed data
using \fBctx\fR. The signature is specified using the \fBsig\fR and
\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then
before the call the \fBroutlen\fR parameter should contain the length of the
\&\fBrout\fR buffer, if the call is successful recovered data is written to
\&\fBrout\fR and the amount of data written to \fBroutlen\fR.
.SH "NOTES"
.IX Header "NOTES"
Normally an application is only interested in whether a signature verification
operation is successful in those cases the \fIEVP_verify()\fR function should be
used.
.PP
Sometimes however it is useful to obtain the data originally signed using a

signing operation. Only certain public key algorithms can recover a signature
in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode).
.PP
After the call to \fIEVP_PKEY_verify_recover_init()\fR algorithm specific control

operations can be performed to set any appropriate parameters for the
operation.

.PP


The function \fIEVP_PKEY_verify_recover()\fR can be called more than once on the same
context if several operations are performed using the same parameters.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_verify_recover_init()\fR and \fIEVP_PKEY_verify_recover()\fR return 1 for
success


and 0 or a negative value for failure. In particular a return value of \-2

indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest:
.PP
.Vb 2

\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
\&
\& EVP_PKEY_CTX *ctx;
\& unsigned char *rout, *sig;
\& size_t routlen, siglen;
\& EVP_PKEY *verify_key;
\& /* NB: assumes verify_key, sig and siglen are already set up
\&  * and that verify_key is an RSA public key
\&  */
\& ctx = EVP_PKEY_CTX_new(verify_key);
\& if (!ctx)
\&        /* Error occurred */
\& if (EVP_PKEY_verify_recover_init(ctx) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
\&        /* Error */
\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
\&        /* Error */
\&
\& /* Determine buffer length */
\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
\&        /* Error */
\&
\& rout = malloc(routlen);
\&
\& if (!rout)
\&        /* malloc failure */
\&
\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
\&        /* Error */
\&
\& /* Recovered data is routlen bytes written to buffer rout */
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),

\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.0.
|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
>
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
<
<
>
|
|
|
<
|
>
>
>
>
>
>
>
|
|
|
|
|
<
<
<
<

<
<
>
>
|
|
>
>
>
>
|
<
|
>
|
<
|
|
>
|
|
|
|
|
|
<
|
>
|
|
|
|
|
|
<
|
>
|
>
|
>
>
|
>
|
<
<
<
|
>
>
|
<
|
|
>
>
>
>
>
>
>
|
<
|
>
>
>
|
>
>
>
|
<
<
<
<
<
<
<
<
<
<
|
|
|
>
|
|
|
|
>
|
<
>
|
>
>
|
|
|
<
|
<
>
>
|
>
|
|
<
|
<
<
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
>
|
|
<
|
<

1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22

23
24


25
26
27


28
29
30
31
32
33



34
35
36
37

38
39
40
41
42
43
44
45
46
47
48
49
50




51


52
53
54
55
56
57
58
59
60

61
62
63

64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79
80

81
82
83
84
85
86
87
88
89
90



91
92
93
94

95
96
97
98
99
100
101
102
103
104

105
106
107
108
109
110
111
112
113










114
115
116
117
118
119
120
121
122
123

124
125
126
127
128
129
130

131

132
133
134
135
136
137

138


139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

175
176
177
178
179
180

181

182
.\"	$OpenBSD: EVP_PKEY_verify_recover.3,v 1.6 2017/01/06 02:43:14 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2010, 2013 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"


.Dd $Mdocdate: January 6 2017 $
.Dt EVP_PKEY_VERIFY_RECOVER 3
.Os
.Sh NAME
.Nm EVP_PKEY_verify_recover_init ,
.Nm EVP_PKEY_verify_recover
.Nd recover signature using a public key algorithm
.Sh SYNOPSIS
.In openssl/evp.h

.Ft int
.Fo EVP_PKEY_verify_recover_init
.Fa "EVP_PKEY_CTX *ctx"

.Fc
.Ft int
.Fo EVP_PKEY_verify_recover
.Fa "EVP_PKEY_CTX *ctx"
.Fa "unsigned char *rout"
.Fa "size_t *routlen"
.Fa "const unsigned char *sig"
.Fa "size_t siglen"
.Fc

.Sh DESCRIPTION
The
.Fn EVP_PKEY_verify_recover_init
function initializes a public key algorithm context using key
.Fa ctx->pkey
for a verify recover operation.
.Pp
The

.Fn EVP_PKEY_verify_recover
function recovers signed data using
.Fa ctx .
The signature is specified using the
.Fa sig
and
.Fa siglen
parameters.
If
.Fa rout



is
.Dv NULL ,
then the maximum size of the output buffer is written to the
.Fa routlen

parameter.
If
.Fa rout
is not
.Dv NULL ,
then before the call the
.Fa routlen
parameter should contain the length of the
.Fa rout
buffer.

If the call is successful, recovered data is written to
.Fa rout
and the amount of data written to
.Fa routlen .
.Pp
Normally an application is only interested in whether a signature
verification operation is successful.
In those cases, the
.Xr EVP_PKEY_verify 3










function should be used.
.Pp
Sometimes however it is useful to obtain the data originally signed
using a signing operation.
Only certain public key algorithms can recover a signature in this way
(for example RSA in PKCS padding mode).
.Pp
After the call to
.Fn EVP_PKEY_verify_recover_init ,
algorithm specific control operations can be performed to set any

appropriate parameters for the operation.
.Pp
The function
.Fn EVP_PKEY_verify_recover
can be called more than once on the same context if several operations
are performed using the same parameters.
.Sh RETURN VALUES

.Fn EVP_PKEY_verify_recover_init

and
.Fn EVP_PKEY_verify_recover
return 1 for success and 0 or a negative value for failure.
In particular, a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES

Recover digest originally signed using PKCS#1 and SHA256 digest:


.Bd -literal -offset indent
#include <openssl/evp.h>
#include <openssl/rsa.h>

EVP_PKEY_CTX *ctx;
unsigned char *rout, *sig;
size_t routlen, siglen;
EVP_PKEY *verify_key;
/* NB: assumes verify_key, sig and siglen are already set up
 * and that verify_key is an RSA public key
 */
ctx = EVP_PKEY_CTX_new(verify_key);
if (!ctx)
	/* Error occurred */
if (EVP_PKEY_verify_recover_init(ctx) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	/* Error */
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	/* Error */

/* Determine buffer length */
if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
	/* Error */

rout = malloc(routlen);

if (!rout)
	/* malloc failure */

if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
	/* Error */

/* Recovered data is routlen bytes written to buffer rout */
.Ed
.Sh SEE ALSO

.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3

.Sh HISTORY

These functions were first added to OpenSSL 1.0.0.
Changes to jni/libressl/man/EVP_SealInit.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19



20
21
22
23
24
25
26

27
28
29
30
31

32
33
34
35
36
37
38




39
40
41
42
43
44
45
46
47
48

49
50
51
52
53
54
55








56
57
58
59
60
61
62



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103





104
105

106

107


108


109




110
111


112
113

114
115
116





117
118
119
120

121
122
123
124
125
126
127
128
129
130
131
132













133
134
135
136
137
138
139
140
141
142


143
144









145
146
147
148

149
150
151
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left



.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p




.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX








..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_SealInit 3"
.TH EVP_SealInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"
EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\&                  unsigned char **ek, int *ekl, unsigned char *iv,
\&                  EVP_PKEY **pubk, int npubk);
\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\&         int *outl, unsigned char *in, int inl);
\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
\&         int *outl);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 envelope routines are a high level interface to envelope
encryption. They generate a random key and \s-1IV \s0(if required) then
\&\*(L"envelope\*(R" it by using public key encryption. Data can then be
encrypted using this key.
.PP
\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
with cipher \fBtype\fR using a random secret key and \s-1IV. \s0\fBtype\fR is normally

supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted





using one or more public keys, this allows the same encrypted data to be
decrypted using any of the corresponding private keys. \fBek\fR is an array of

buffers where the public key encrypted secret key will be written, each buffer

must contain enough room for the corresponding encrypted key: that is


\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual


size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is




an array of \fBnpubk\fR public keys.
.PP


The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must
contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for

example) EVP_CIPHER_iv_length(type).
.PP
If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored





and can be \fB\s-1NULL\s0\fR.
.PP
\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as

documented on the \fIEVP_EncryptInit\fR\|(3) manual
page.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
.PP
\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for
failure.
.SH "NOTES"
.IX Header "NOTES"
The public key must be \s-1RSA\s0 because it is the only OpenSSL public key
algorithm that supports key transport.













.PP
Envelope encryption is the usual method of using public key encryption
on large amounts of data, this is because public key encryption is slow
but symmetric encryption is fast. So symmetric encryption is used for
bulk encryption and the small random symmetric key used is transferred
using public key encryption.
.PP
It is possible to call \fIEVP_SealInit()\fR twice in the same way as
\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0
and (after setting any cipher parameters) it should be called again


with \fBtype\fR set to \s-1NULL.\s0
.SH "SEE ALSO"









.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIrand\fR\|(3),
\&\fIEVP_EncryptInit\fR\|(3),
\&\fIEVP_OpenInit\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7.
|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
>
>
>
|
|
|
|
|
|
|
>
|
|
<
<
|
>
|
|
|
|
|
|
|
>
>
>
>
|
|
|
|
|

|
|
<
|
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
|
<
<
|
|
|
>
>
>
|
|
<
<
<
|
|
|
|
|
|
|
|
|
|
>
|
<
|
<
|
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
|
|
<
|
>
|
>
>
>
>
>
|
|
>
|
>
|
>
>
|
>
>
|
>
>
>
>
|
|
>
>
|
|
>
|
|
|
>
>
>
>
>
|
|
|
|
>
|
|
<
<
<
|
<
<
<
<
|

>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
|
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
>
|
|
|
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25
26
27
28
29
30
31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72


73
74
75
76
77
78
79
80



81
82
83
84
85
86
87
88
89
90
91
92

93

94










95





96
97

98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143



144




145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160








161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
.\"	$OpenBSD: EVP_SealInit.3,v 1.5 2016/11/26 20:55:26 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2002, 2003, 2005, 2015 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 26 2016 $
.Dt EVP_SEALINIT 3

.Os
.Sh NAME
.Nm EVP_SealInit ,
.Nm EVP_SealUpdate ,
.Nm EVP_SealFinal
.Nd EVP envelope encryption
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_SealInit
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "unsigned char **ek"
.Fa "int *ekl"
.Fa "unsigned char *iv"
.Fa "EVP_PKEY **pubk"
.Fa "int npubk"
.Fc
.Ft int


.Fo EVP_SealUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "unsigned char *in"
.Fa "int inl"
.Fc
.Ft int



.Fo EVP_SealFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fc
.Sh DESCRIPTION
The EVP envelope routines are a high level interface to envelope
encryption.
They generate a random key and IV (if required) then "envelope" it by
using public key encryption.
Data can then be encrypted using this key.
.Pp

.Fn EVP_SealInit

initializes a cipher context










.Fa ctx





for encryption with cipher
.Fa type

using a random secret key and IV.
.Fa type
is normally supplied by a function such as
.Xr EVP_aes_256_cbc 3 ;
see
.Xr EVP_EncryptInit 3
for details.
The secret key is encrypted using one or more public keys.
This allows the same encrypted data to be decrypted using any of
the corresponding private keys.
.Fa ek
is an array of buffers where the public key encrypted secret key will be
written.
Each buffer must contain enough room for the corresponding encrypted
key: that is
.Fa ek[i]
must have room for
.Fn EVP_PKEY_size pubk[i]
bytes.
The actual size of each encrypted secret key is written to the array
.Fa ekl .
.Fa pubk
is an array of
.Fa npubk
public keys.
.Pp
The
.Fa iv
parameter is a buffer where the generated IV is written to.
It must contain enough room for the corresponding cipher's IV, as
determined by (for example)
.Fn EVP_CIPHER_iv_length type .
.Pp
If the cipher does not require an IV then the
.Fa iv
parameter is ignored and can be
.Dv NULL .
.Pp
.Fn EVP_SealUpdate
and
.Fn EVP_SealFinal
have exactly the same properties as the
.Xr EVP_EncryptUpdate 3
and
.Xr EVP_EncryptFinal 3
routines.



.Pp




The public key must be RSA because it is the only OpenSSL public key
algorithm that supports key transport.
.Pp
Envelope encryption is the usual method of using public key encryption
on large amounts of data.
This is because public key encryption is slow but symmetric encryption
is fast.
So symmetric encryption is used for bulk encryption and the small random
symmetric key used is transferred using public key encryption.
.Pp
It is possible to call
.Fn EVP_SealInit
twice in the same way as
.Xr EVP_EncryptInit 3 .
The first call should have
.Fa npubk








set to 0 and (after setting any cipher parameters) it should be called
again with
.Fa type
set to NULL.
.Sh RETURN VALUES
.Fn EVP_SealInit
returns 0 on error or
.Fa npubk
if successful.
.Pp
.Fn EVP_SealUpdate
and
.Fn EVP_SealFinal
return 1 for success and 0 for failure.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_EncryptInit 3 ,
.Xr EVP_OpenInit 3 ,
.Xr RAND_bytes 3
.Sh HISTORY
.Fn EVP_SealFinal
did not return a value before OpenSSL 0.9.7.
Changes to jni/libressl/man/EVP_SignInit.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48








49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

87

88




89
90
91
92


93

94
95
96
97
98
99
100








101

102
103



104



105

106
107



108

109






110
111
112



113
114

115

116

117

118
119


























120
121
122


123
124

125
126
127

128
129
130
131
132
133
134
135
136
137

138
139
140
141


142
143
144
145
146
147
148

149

150
151

152
153
154

155
156

157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"








.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "EVP_SignInit 3"
.TH EVP_SignInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_SignInit, EVP_SignUpdate, EVP_SignFinal, EVP_PKEY_size
\&\- EVP signing functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&

\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);

\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);




\& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
\&
\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
\&


\& int EVP_PKEY_size(EVP_PKEY *pkey);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature routines are a high level interface to digital
signatures.
.PP
\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest








\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized with

\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP



\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the



signature context \fBctx\fR. This function can be called several times on the

same \fBctx\fR to include additional data.
.PP



\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and

places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey)






bytes in size. \fBs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter.
The number of bytes of data written (i.e. the length of the signature)
will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes



will be written.
.PP

\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default

implementation of digest \fBtype\fR.

.PP

\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual
signature returned by \fIEVP_SignFinal()\fR may be smaller.


























.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1


for success and 0 for failure.
.PP

\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).

.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
.PP
Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
algorithms and associated public key algorithms appears in
\&\fIEVP_DigestInit\fR\|(3).

.PP
The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context.
This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called
later to digest and sign additional data.


.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.SH "BUGS"
.IX Header "BUGS"
Older versions of this documentation wrongly stated that calls to

\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR.

.PP
Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error

relating to the private key (for example an unsuitable key and digest
combination) will not be indicated until after potentially large amounts of
data have been passed through \fIEVP_SignUpdate()\fR.

.PP
It is not possible to change the signing parameters using these function.

.PP
The previous two bugs are fixed in the newer EVP_SignDigest*() function.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_VerifyInit\fR\|(3),
\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
\&\fImd5\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are
available in all versions of SSLeay and OpenSSL.
.PP
\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7.
|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
<
<
|
>
|
|
<
<
|
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
|
|
|
|

|
|
|
|
|
|
|
|
|
|
<
<
<
<
|
|
<
<
|
|
|
|
|
<
|
|
|
|
|
|
|
|
<
>
|
>
|
>
>
>
>
|
<
|
<
>
>
|
>
|
|
<
|

|
|
>
>
>
>
>
>
>
>
|
>
|
|
>
>
>
|
>
>
>
|
>
|
|
>
>
>
|
>
|
>
>
>
>
>
>
|
|
|
>
>
>
|
|
>
|
>
|
>
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
|
|
>
|
|
|
>
|
|
<
<
<
|
<
<
<
|
>
|
|
|
|
>
>
|
<
|
|
|
<

>
|
>
|
|
>
|
|
|
>
|
|
>
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23


24
25
26
27


28



29


30
31


32


33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61




62
63


64
65
66
67
68

69
70
71
72
73
74
75
76

77
78
79
80
81
82
83
84
85

86

87
88
89
90
91
92

93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188



189



190
191
192
193
194
195
196
197
198

199
200
201

202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217













.\"	$OpenBSD: EVP_SignInit.3,v 1.4 2016/11/26 20:55:26 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000-2002, 2005, 2006, 2014-2016 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 26 2016 $
.Dt EVP_SIGNINIT 3
.Os
.Sh NAME
.Nm EVP_SignInit_ex ,
.Nm EVP_SignUpdate ,
.Nm EVP_SignFinal ,
.Nm EVP_SignInit ,
.Nm EVP_PKEY_size
.Nd EVP signing functions




.Sh SYNOPSIS
.In openssl/evp.h


.Ft int
.Fo EVP_SignInit_ex
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"

.Fc
.Ft int
.Fo EVP_SignUpdate
.Fa "EVP_MD_CTX *ctx"
.Fa "const void *d"
.Fa "unsigned int cnt"
.Fc
.Ft int

.Fo EVP_SignFinal
.Fa "EVP_MD_CTX *ctx"
.Fa "unsigned char *sig"
.Fa "unsigned int *s"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft void
.Fo EVP_SignInit
.Fa "EVP_MD_CTX *ctx"

.Fa "const EVP_MD *type"

.Fc
.Ft int
.Fo EVP_PKEY_size
.Fa "EVP_PKEY *pkey"
.Fc
.Sh DESCRIPTION

The EVP signature routines are a high level interface to digital
signatures.
.Pp
.Fn EVP_SignInit_ex
sets up a signing context
.Fa ctx
to use the digest
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa ctx
must be initialized with
.Xr EVP_MD_CTX_init 3
before calling this function.
.Pp
.Fn EVP_SignUpdate
hashes
.Fa cnt
bytes of data at
.Fa d
into the signature context
.Fa ctx .
This function can be called several times on the same
.Fa ctx
to include additional data.
.Pp
.Fn EVP_SignFinal
signs the data in
.Fa ctx
using the private key
.Fa pkey
and places the signature in
.Fa sig .
.Fa sig
must be at least
.Fn EVP_PKEY_size pkey
bytes in size.
.Fa s
is an OUT parameter, and not used as an IN parameter.
The number of bytes of data written (i.e.\&
the length of the signature) will be written to the integer at
.Fa s .
At most
.Fn EVP_PKEY_size pkey
bytes will be written.
.Pp
.Fn EVP_SignInit
initializes a signing context
.Fa ctx
to use the default implementation of digest
.Fa type .
.Pp
.Fn EVP_PKEY_size
returns the maximum size of a signature in bytes.
The actual signature returned by
.Fn EVP_SignFinal
may be smaller.
.Pp
The EVP interface to digital signatures should almost always be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the algorithm used
and much more flexible.
.Pp
Due to the link between message digests and public key algorithms the
correct digest algorithm must be used with the correct public key type.
A list of algorithms and associated public key algorithms appears in
.Xr EVP_DigestInit 3 .
.Pp
The call to
.Fn EVP_SignFinal
internally finalizes a copy of the digest context.
This means that calls to
.Fn EVP_SignUpdate
and
.Fn EVP_SignFinal
can be called later to digest and sign additional data.
.Pp
Since only a copy of the digest context is ever finalized, the context
must be cleaned up after use by calling
.Xr EVP_MD_CTX_cleanup 3
or a memory leak will occur.
.Sh RETURN VALUES
.Fn EVP_SignInit_ex ,
.Fn EVP_SignUpdate ,
and
.Fn EVP_SignFinal
return 1 for success and 0 for failure.
.Pp
.Fn EVP_PKEY_size
returns the maximum size of a signature in bytes.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR 3 ,



.Xr evp 3 ,



.Xr EVP_DigestInit 3 ,
.Xr EVP_VerifyInit 3
.Sh HISTORY
.Fn EVP_SignInit ,
.Fn EVP_SignUpdate ,
and
.Fn EVP_SignFinal
are available in all versions of SSLeay and OpenSSL.
.Pp

.Fn EVP_SignInit_ex
was added in OpenSSL 0.9.7.
.Sh BUGS

Older versions of this documentation wrongly stated that calls to
.Fn EVP_SignUpdate
could not be made after calling
.Fn EVP_SignFinal .
.Pp
Since the private key is passed in the call to
.Fn EVP_SignFinal
any error relating to the private key (for example an unsuitable key and
digest combination) will not be indicated until after potentially large
amounts of data have been passed through
.Fn EVP_SignUpdate .
.Pp
It is not possible to change the signing parameters using these
function.
.Pp
The previous two bugs are fixed in the newer EVP_SignDigest* function.













Changes to jni/libressl/man/EVP_VerifyInit.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16




17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

33
34
35
36
37
38

39
40
41
42
43
44








45
46
47
48
49
50
51
52
53
54
55


56
57



58

59

60
61
62



63
64
65
66
67
68



69
70
71





72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

98







99

100
101



102



103

104
105

106



107
108
109
110
111
112
113
114

115
116



117
118
119
120
121
122
123

124
125
126
127
128
129









130
131
132
133
134
135
136

137
138
139
140

141

142
143
144
145
146


147





























148

149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p

.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"








.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0



.if \n(.g .if rF .nr rF 1

.if (\n(rF:(\n(.g==0)) \{

.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}



.\}
.rr rF
.\" ========================================================================





.\"

.IX Title "EVP_VerifyInit 3"
.TH EVP_VerifyInit 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- EVP signature verification
functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
\&
\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature verification routines are a high level interface to digital
signatures.
.PP

\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest







\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized by calling

\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP



\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the



verification context \fBctx\fR. This function can be called several times on the

same \fBctx\fR to include additional data.
.PP

\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR



and against the \fBsiglen\fR bytes at \fBsigbuf\fR.
.PP
\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default
implementation of digest \fBtype\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for
failure.

.PP
\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if



some other error occurred.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes

transparent to the algorithm used and much more flexible.
.PP
Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
algorithms and associated public key algorithms appears in
\&\fIEVP_DigestInit\fR\|(3).









.PP
The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context.
This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called
later to digest and verify additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak

will occur.
.SH "BUGS"
.IX Header "BUGS"
Older versions of this documentation wrongly stated that calls to

\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR.

.PP
Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error
relating to the private key (for example an unsuitable key and digest
combination) will not be indicated until after potentially large amounts of
data have been passed through \fIEVP_SignUpdate()\fR.


.PP





























It is not possible to change the signing parameters using these function.

.PP
The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3),
\&\fIEVP_SignInit\fR\|(3),
\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
\&\fImd5\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are
available in all versions of SSLeay and OpenSSL.
.PP
\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7

|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
|
>
>
>
>
|
<
<
<
<
<
|
<
<
<
|
|
<
<
|
|
>
|
|
|
<
<
<
>
|
|
|
<
<

>
>
>
>
>
>
>
>
|
|
|
|
<
<
<
<

<
<
>
>
|
|
>
>
>
|
>
|
>
|
<
|
>
>
>
|
|
<
<
<
|
>
>
>
|
|
<
>
>
>
>
>
|
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
|
|
|
<
|
|
|
>
|
>
>
>
>
>
>
>
|
>
|
|
>
>
>
|
>
>
>
|
>
|
|
>
|
>
>
>
|
|
<
<
<
<
<
|
>
|
|
>
>
>
|
|
<
<
<
|
|
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
<
<
<
<
|
|
>
|
|
|
<
>
|
>
|
<
<
<
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
<
<
<
<
|
<
<
<
<
<
<
<
<
<
>
1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18

19
20
21
22
23
24





25



26
27


28
29
30
31
32
33



34
35
36
37


38
39
40
41
42
43
44
45
46
47
48
49
50




51


52
53
54
55
56
57
58
59
60
61
62
63

64
65
66
67
68
69



70
71
72
73
74
75

76
77
78
79
80
81
82
83














84


85
86
87

88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121





122
123
124
125
126
127
128
129
130



131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149




150
151
152
153
154
155

156
157
158
159



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196




197









198
.\"	$OpenBSD: EVP_VerifyInit.3,v 1.4 2016/11/26 20:55:26 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2001, 2006, 2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"





.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to



.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"


.Dd $Mdocdate: November 26 2016 $
.Dt EVP_VERIFYINIT 3
.Os
.Sh NAME
.Nm EVP_VerifyInit_ex ,
.Nm EVP_VerifyUpdate ,
.Nm EVP_VerifyFinal ,
.Nm EVP_VerifyInit
.Nd EVP signature verification functions
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int

.Fo EVP_VerifyInit_ex
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"
.Fc
.Ft int



.Fo EVP_VerifyUpdate
.Fa "EVP_MD_CTX *ctx"
.Fa "const void *d"
.Fa "unsigned int cnt"
.Fc
.Ft int

.Fo EVP_VerifyFinal
.Fa "EVP_MD_CTX *ctx"
.Fa "unsigned char *sigbuf"
.Fa "unsigned int siglen"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo EVP_VerifyInit














.Fa "EVP_MD_CTX *ctx"


.Fa "const EVP_MD *type"
.Fc
.Sh DESCRIPTION

The EVP signature verification routines are a high level interface to
digital signatures.
.Pp
.Fn EVP_VerifyInit_ex
sets up a verification context
.Fa ctx
to use the digest
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa ctx
must be initialized by calling
.Xr EVP_MD_CTX_init 3
before calling this function.
.Pp
.Fn EVP_VerifyUpdate
hashes
.Fa cnt
bytes of data at
.Fa d
into the verification context
.Fa ctx .
This function can be called several times on the same
.Fa ctx
to include additional data.
.Pp
.Fn EVP_VerifyFinal
verifies the data in
.Fa ctx
using the public key
.Fa pkey
and against the
.Fa siglen





bytes at
.Fa sigbuf .
.Pp
.Fn EVP_VerifyInit
initializes a verification context
.Fa ctx
to use the default implementation of digest
.Fa type .
.Pp



The EVP interface to digital signatures should almost always be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the algorithm used
and much more flexible.
.Pp
Due to the link between message digests and public key algorithms, the
correct digest algorithm must be used with the correct public key type.
A list of algorithms and associated public key algorithms appears in
.Xr EVP_DigestInit 3 .
.Pp
The call to
.Fn EVP_VerifyFinal
internally finalizes a copy of the digest context.
This means that calls to
.Fn EVP_VerifyUpdate
and
.Fn EVP_VerifyFinal
can be called later to digest and verify additional data.
.Pp




Since only a copy of the digest context is ever finalized, the context
must be cleaned up after use by calling
.Xr EVP_MD_CTX_cleanup 3 ,
or a memory leak will occur.
.Sh RETURN VALUES
.Fn EVP_VerifyInit_ex

and
.Fn EVP_VerifyUpdate
return 1 for success and 0 for failure.
.Pp



.Fn EVP_VerifyFinal
returns 1 for a correct signature, 0 for failure, and -1 if some other
error occurred.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR 3 ,
.Xr evp 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_SignInit 3
.Sh HISTORY
.Fn EVP_VerifyInit ,
.Fn EVP_VerifyUpdate ,
and
.Fn EVP_VerifyFinal
are available in all versions of SSLeay and OpenSSL.
.Pp
.Fn EVP_VerifyInit_ex
was added in OpenSSL 0.9.7.
.Sh BUGS
Older versions of this documentation wrongly stated that calls to
.Fn EVP_VerifyUpdate
could not be made after calling
.Fn EVP_VerifyFinal .
.Pp
Since the public key is passed in the call to
.Xr EVP_SignFinal 3 ,
any error relating to the private key (for example an unsuitable key and
digest combination) will not be indicated until after potentially large
amounts of data have been passed through
.Xr EVP_SignUpdate 3 .
.Pp
It is not possible to change the signing parameters using these
functions.
.Pp
The previous two bugs are fixed in the newer functions of the




.Xr EVP_DigestVerifyInit 3









family.
Added jni/libressl/man/EXTENDED_KEY_USAGE_new.3.






















































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
.\"	$OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt EXTENDED_KEY_USAGE_NEW 3
.Os
.Sh NAME
.Nm EXTENDED_KEY_USAGE_new ,
.Nm EXTENDED_KEY_USAGE_free
.Nd X.509 key usage restrictions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft EXTENDED_KEY_USAGE
.Fn EXTENDED_KEY_USAGE_new void
.Ft void
.Fn EXTENDED_KEY_USAGE_free "EXTENDED_KEY_USAGE *eku"
.Sh DESCRIPTION
By using the key usage extension, the extended key usage extension,
or both of them,
.Vt X509
end entity certificates may indicate that the key contained in them
is only intended to be used for the specified purposes.
If both extensions are present, only uses compatible with both
extensions are intended.
.Pp
.Fn EXTENDED_KEY_USAGE_new
allocates and initializes an empty
.Vt EXTENDED_KEY_USAGE
object, which is a
.Vt STACK_OF(ASN1_OBJECT)
and represents an ASN.1
.Vt ExtKeyUsageSyntax
structure defined in RFC 5280 section 4.2.1.12.
It can hold key purpose identifiers.
.Pp
.Fn EXTENDED_KEY_USAGE_free
frees
.Fa eku .
.Pp
The key usage extension uses the ASN.1 BIT STRING data type
and doesn't require any dedicated object.
.Sh RETURN VALUES
.Fn EXTENDED_KEY_USAGE_new
returns the new
.Vt EXTENDED_KEY_USAGE
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr POLICYINFO_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.1.3: Key Usage
.It
section 4.2.1.12: Extended Key Usage
.El
Added jni/libressl/man/GENERAL_NAME_new.3.
































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
.\"	$OpenBSD: GENERAL_NAME_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt GENERAL_NAME_NEW 3
.Os
.Sh NAME
.Nm GENERAL_NAME_new ,
.Nm GENERAL_NAME_free ,
.Nm GENERAL_NAMES_new ,
.Nm GENERAL_NAMES_free ,
.Nm EDIPARTYNAME_new ,
.Nm EDIPARTYNAME_free ,
.Nm OTHERNAME_new ,
.Nm OTHERNAME_free
.Nd names for use in X.509 extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft GENERAL_NAME *
.Fn GENERAL_NAME_new void
.Ft void
.Fn GENERAL_NAME_free "GENERAL_NAME *name"
.Ft GENERAL_NAMES *
.Fn GENERAL_NAMES_new void
.Ft void
.Fn GENERAL_NAMES_free "GENERAL_NAMES *names"
.Ft EDIPARTYNAME *
.Fn EDIPARTYNAME_new void
.Ft void
.Fn EDIPARTYNAME_free "EDIPARTYNAME *name"
.Ft OTHERNAME *
.Fn OTHERNAME_new void
.Ft void
.Fn OTHERNAME_free "OTHERNAME *name"
.Sh DESCRIPTION
Even though the X.501
.Vt Name
documented in
.Xr X509_NAME_new 3
is a complicated multi-layered structure, it is very rigid and not
flexible enough to represent various entities that many people want
to use as names in certificates.
For that reason, X.509 extensions use the X.509
.Vt GeneralName
wrapper structure rather than using the X.501
.Vt Name
structure directly, at the expense of adding one or two additional
layers of indirection.
.Pp
.Fn GENERAL_NAME_new
allocates and initializes an empty
.Vt GENERAL_NAME
object, representing the ASN.1
.Vt GeneralName
structure defined in RFC 5280 section 4.2.1.6.
It can for example hold an
.Vt X509_name
object, an IP address, a DNS host name, a uniform resource identifier,
an email address, or an
.Vt EDIPARTYNAME
or
.Vt OTHERNAME
object described below.
.Fn GENERAL_NAME_free
frees
.Fa name .
.Pp
.Fn GENERAL_NAMES_new
allocates and initializes an empty
.Vt GENERAL_NAMES
object, which is a
.Vt STACK_OF(GENERAL_NAME)
and represents the ASN.1
.Vt GeneralNames
structure defined in RFC 5280 section 4.2.1.6.
It is used by extension structures that can contain multiple names,
for example key identifier, alternative name, and distribution point
extensions.
.Fn GENERAL_NAMES_free
frees
.Fa names .
.Pp
.Fn EDIPARTYNAME_new
allocates and initializes an empty
.Vt EDIPARTYNAME
object, representing the ASN.1
.Vt EDIPartyName
structure defined in RFC 5280 section 4.2.1.6, where
.Dq EDI
stands for
.Dq electronic data identifier .
It can hold two strings, the name itself and the name of the authority
that assigned that name.
.Fn EDIPARTYNAME_free
frees
.Fa name .
.Pp
.Fn OTHERNAME_new
allocates and initializes an empty
.Vt OTHERNAME
object, representing the ASN.1
.Vt OtherName
structure defined in RFC 5280 section 4.2.1.6.
It can hold data of any
.Vt ASN1_TYPE
together with a type identifier.
.Fn OTHERNAME_free
frees
.Fa name .
.Sh RETURN VALUES
.Fn GENERAL_NAME_new ,
.Fn GENERAL_NAMES_new ,
.Fn EDIPARTYNAME_new ,
and
.Fn OTHERNAME_new
return a new
.Vt GENERAL_NAME ,
.Vt GENERAL_NAMES ,
.Vt EDIPARTYNAME ,
or
.Vt OTHERNAME
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr X509_EXTENSION_new 3 ,
.Xr X509_NAME_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.2: Certificate Extensions
Changes to jni/libressl/man/HMAC.3.
1

2
3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20
21



22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41


42
43
44
45
46
47


48
49
50
51










52














53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77


78
79
80

81
82
83

84
85
86
87

88





89
90



91
92
93

94

95
96



97
98
99


100
101

102




103
104
105
106
107
108

109



110





111
112
113



114





115
116
117
118


119









120
121
122

123

124


125
126


127
128

129
130
131
132



133

134




135
136
137

138





139

140

141




142
143

144
145

146
147
148












149








150

151
152
153

154
155
156




157
158
159


160
161

162
163
164
165
166
167




168
169
170



171
172
173
174



175
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and



.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the










.\" output yourself in some meaningful fashion.














.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "HMAC 3"
.TH HMAC 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l


.nh
.SH "NAME"
HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- HMAC message

authentication code
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/hmac.h>
\&
\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key,

\&               int key_len, const unsigned char *d, int n,





\&               unsigned char *md, unsigned int *md_len);
\&



\& void HMAC_CTX_init(HMAC_CTX *ctx);
\&
\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,

\&               const EVP_MD *md);

\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
\&                   const EVP_MD *md, ENGINE *impl);



\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
\&


\& void HMAC_CTX_cleanup(HMAC_CTX *ctx);
\& void HMAC_cleanup(HMAC_CTX *ctx);

.Ve




.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\s-1HMAC\s0 is a \s-1MAC \s0(message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.
.PP

\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at



\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is





\&\fBkey_len\fR bytes long.
.PP
It places the result in \fBmd\fR (which must have space for the output of



the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes).





If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array.  The size of
the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR.
.PP
\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc.


.PP









\&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be
called.
.PP

\&\fIHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR

and releases any associated resources. It must be called when an


\&\fB\s-1HMAC_CTX\s0\fR is no longer required.
.PP


\&\fIHMAC_cleanup()\fR is an alias for \fIHMAC_CTX_cleanup()\fR included for back
compatibility with 0.9.6b, it is deprecated.

.PP
The following functions may be used if the message is not completely
stored in memory:
.PP



\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash

function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes




long. It is deprecated and only included for backward compatibility
with OpenSSL 0.9.6b.
.PP

\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use





the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL,\s0 in which

case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been

called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this




function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in
previous versions of OpenSSL \- failure to switch to \f(BIHMAC_Init_ex()\fB in

programs that expect it will cause them to stop working\fR.
.PP

\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to
be authenticated (\fBlen\fR bytes at \fBdata\fR).
.PP












\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which








must have space for the hash function output.

.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if

an error occurred.
.PP
\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR return 1 for success or 0 if




an error occurred.
.PP
\&\fIHMAC_CTX_init()\fR and \fIHMAC_CTX_cleanup()\fR do not return values.


.SH "CONFORMING TO"
.IX Header "CONFORMING TO"

\&\s-1RFC 2104\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIevp\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"




\&\s-1\fIHMAC\s0()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR
are available since SSLeay 0.9.0.
.PP



\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available
since OpenSSL 0.9.7.
.PP
\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in



versions of OpenSSL before 1.0.0.
|
>

|
<
|
|
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
<
>
>
>
<
<
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
|
|
>
>
|
<

|
<
|
>
>

<
|
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
<
|
|
<
|
|
<
<
<
|
>
>
|
|
|
>
|
|
|
>
|
|
<
|
>
|
>
>
>
>
>
|
<
>
>
>
|
<
|
>
|
>
|
<
>
>
>
|
|
<
>
>
|
|
>
|
>
>
>
>
|
<
|


|
>
|
>
>
>
|
>
>
>
>
>
|
|
|
>
>
>
|
>
>
>
>
>
|
|
|
<
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|
>
|
>
|
>
>
|
|
>
>
|
|
>
|


|
>
>
>
|
>
|
>
>
>
>
|
|
|
>
|
>
>
>
>
>
|
>
|
>
|
>
>
>
>
|
|
>
|
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
|
|
|
>
|
|
|
>
>
>
>
|
|
|
>
>
|
|
>
|
<
<
<
|
|
>
>
>
>
|

|
>
>
>
|
|
|
|
>
>
>
|
1
2
3
4

5
6

7
8
9


10
11



12
13
14




15
16
17






18


19
20
21
22
23
24


25
26
27
28
29
30
31
32

33
34

35
36
37
38

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79


80
81

82
83



84
85
86
87
88
89
90
91
92
93
94
95
96

97
98
99
100
101
102
103
104
105

106
107
108
109

110
111
112
113
114

115
116
117
118
119

120
121
122
123
124
125
126
127
128
129
130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273



274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
.\"	$OpenBSD: HMAC.3,v 1.6 2017/01/06 17:38:21 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000-2002, 2006, 2008, 2009, 2013, 2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"




.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the






.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"
.\" 6. Redistributions of any form whatsoever must retain the following

.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt HMAC 3
.Os
.Sh NAME
.Nm HMAC ,
.Nm HMAC_CTX_init ,
.Nm HMAC_Init ,
.Nm HMAC_Init_ex ,
.Nm HMAC_Update ,
.Nm HMAC_Final ,
.Nm HMAC_CTX_cleanup ,
.Nm HMAC_cleanup
.Nd HMAC message authentication code
.Sh SYNOPSIS
.In openssl/hmac.h
.Ft unsigned char *
.Fo HMAC
.Fa "const EVP_MD *evp_md"
.Fa "const void *key"
.Fa "int key_len"
.Fa "const unsigned char *d"
.Fa "int n"
.Fa "unsigned char *md"
.Fa "unsigned int *md_len"
.Fc
.Ft void
.Fo HMAC_CTX_init
.Fa "HMAC_CTX *ctx"


.Fc
.Ft int

.Fo HMAC_Init
.Fa "HMAC_CTX *ctx"



.Fa "const void *key"
.Fa "int key_len"
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo HMAC_Init_ex
.Fa "HMAC_CTX *ctx"
.Fa "const void *key"
.Fa "int key_len"
.Fa "const EVP_MD *md"
.Fa "ENGINE *impl"
.Fc
.Ft int

.Fo HMAC_Update
.Fa "HMAC_CTX *ctx"
.Fa "const unsigned char *data"
.Fa "int len"
.Fc
.Ft int
.Fo HMAC_Final
.Fa "HMAC_CTX *ctx"
.Fa "unsigned char *md"

.Fa "unsigned int *len"
.Fc
.Ft void
.Fo HMAC_CTX_cleanup

.Fa "HMAC_CTX *ctx"
.Fc
.Ft void
.Fo HMAC_cleanup
.Fa "HMAC_CTX *ctx"

.Fc
.Ft int
.Fo HMAC_CTX_copy
.Fa "HMAC_CTX *dctx"
.Fa "HMAC_CTX *sctx"

.Fc
.Ft void
.Fo HMAC_CTX_set_flags
.Fa "HMAC_CTX *ctx"
.Fa "unsigned long flags"
.Fc
.Ft size_t
.Fo HMAC_size
.Fa "const HMAC_CTX *e"
.Fc
.Sh DESCRIPTION

HMAC is a MAC (message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.
.Pp
.Fn HMAC
computes the message authentication code of the
.Fa n
bytes at
.Fa d
using the hash function
.Fa evp_md
and the key
.Fa key
which is
.Fa key_len
bytes long.
.Pp
It places the result in
.Fa md ,
which must have space for the output of the hash function, which is no
more than
.Dv EVP_MAX_MD_SIZE
bytes.
If
.Fa md
is
.Dv NULL ,
the digest is placed in a static array.
The size of the output is placed in
.Fa md_len ,

unless it is
.Dv NULL .
.Pp
.Fa evp_md
can be
.Xr EVP_sha1 3 ,
.Xr EVP_ripemd160 3 ,
etc.
.Pp
.Fn HMAC_CTX_init
initialises a
.Vt HMAC_CTX
before first use.
It must be called.
.Pp
.Fn HMAC_CTX_cleanup
erases the key and other data from the
.Vt HMAC_CTX
and releases any associated resources.
It must be called when an
.Vt HMAC_CTX
is no longer required.
.Pp
.Fn HMAC_cleanup
is an alias for
.Fn HMAC_CTX_cleanup
included for backward compatibility with 0.9.6b.
It is deprecated and implemented as a macro.
.Pp
The following functions may be used if the message is not completely
stored in memory:
.Pp
.Fn HMAC_Init
initializes a
.Vt HMAC_CTX
structure to use the hash function
.Fa evp_md
and the key
.Fa key
which is
.Fa key_len
bytes long.
It is deprecated and only included for backward compatibility with
OpenSSL 0.9.6b.
.Pp
.Fn HMAC_Init_ex
initializes or reuses a
.Vt HMAC_CTX
structure to use the function
.Fa evp_md
and key
.Fa key .
Either can be
.Dv NULL ,
in which case the existing one will be reused.
.Fn HMAC_CTX_init
must have been called before the first use of an
.Vt HMAC_CTX
in this function.
.Sy N.B.
.Fn HMAC_Init
had this undocumented behaviour in previous versions of OpenSSL -
failure to switch to
.Fn HMAC_Init_ex
in programs that expect it will cause them to stop working.
.Pp
.Fn HMAC_Update
can be called repeatedly with chunks of the message to be authenticated
.Pq Fa len No bytes at Fa data .
.Pp
.Fn HMAC_Final
places the message authentication code in
.Fa md ,
which must have space for the hash function output.
.Pp
.Fn HMAC_CTX_copy
copies all of the internal state from
.Fa sctx
into
.Fa dctx .
.Pp
.Fn HMAC_CTX_set_flags
applies the specified flags to the internal
.Vt EVP_MD_CTX
objects.
Possible flag values
.Dv EVP_MD_CTX_FLAG_*
are defined in
.In openssl/evp.h .
.Pp
.Fn HMAC_size
returns the length in bytes of the underlying hash function output.
It is implemented as a macro.
.Sh RETURN VALUES
.Fn HMAC
returns a pointer to the message authentication code or
.Dv NULL
if an error occurred.
.Pp
.Fn HMAC_Init_ex ,
.Fn HMAC_Update ,
.Fn HMAC_Final ,
and
.Fn HMAC_CTX_copy
return 1 for success or 0 if an error occurred.
.Pp
.Fn HMAC_size
returns the length in bytes of the underlying hash function output
or 0 on error.
.Sh SEE ALSO
.Xr evp 3
.Sh STANDARDS
RFC 2104



.Sh HISTORY
.Fn HMAC ,
.Fn HMAC_Init ,
.Fn HMAC_Update ,
.Fn HMAC_Final ,
and
.Fn HMAC_cleanup
are available since SSLeay 0.9.0.
.Pp
.Fn HMAC_CTX_init ,
.Fn HMAC_Init_ex ,
and
.Fn HMAC_CTX_cleanup
are available since OpenSSL 0.9.7.
.Pp
.Fn HMAC_Init_ex ,
.Fn HMAC_Update ,
and
.Fn HMAC_Final
did not return values in versions of OpenSSL before 1.0.0.
Changes to jni/libressl/man/MD5.3.
1

2
3
4
5
6
7
8


9
10


11
12




13
14

15
16

17
18
19
20
21
22
23
24

25
26
27

28
29
30

31


32
33
34
35
36
37
38
39
40
41
42
43
44


45





46
47
48
49
50
51
52


53

54
55



56
57
58
59
60


61
62





63
64

65
66

67


68



69
70
71


72


73
74
75
76

77
78
79
80
81
82
83
84
85
86


87

88
89



90


91


92

93
94
95
96
97
98
99
100







101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119

120
121


122
123


124




125
126
127
128
129

130


131

132
133
134

135



136

137

138





139




140
141
142
143
144
145
146
147
148
149
150




151
152

153





154


155
156
157


158
159
160
161
162
163


164



165
166


167




168
169
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf
.ne \\$1




..
.de Ve \" End verbatim text

.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""


.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"


.\" Escape single quotes in literal strings from groff's Unicode transform.





.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.


.\"

.\" Avoid warning from groff about undefined register 'F'.
.de IX



..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{


.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"





..
.        if !\nF==2 \{

.            nr % 0
.            nr F 2

.        \}


.    \}



.\}
.rr rF
.\" ========================================================================


.\"


.IX Title "MD5 3"
.TH MD5 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l
.nh
.SH "NAME"
MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/md2.h>
\&


\& unsigned char *MD2(const unsigned char *d, unsigned long n,

\&                  unsigned char *md);
\&



\& int MD2_Init(MD2_CTX *c);


\& int MD2_Update(MD2_CTX *c, const unsigned char *data,


\&                  unsigned long len);

\& int MD2_Final(unsigned char *md, MD2_CTX *c);
\&
\&
\& #include <openssl/md4.h>
\&
\& unsigned char *MD4(const unsigned char *d, unsigned long n,
\&                  unsigned char *md);
\&







\& int MD4_Init(MD4_CTX *c);
\& int MD4_Update(MD4_CTX *c, const void *data,
\&                  unsigned long len);
\& int MD4_Final(unsigned char *md, MD4_CTX *c);
\&
\&
\& #include <openssl/md5.h>
\&
\& unsigned char *MD5(const unsigned char *d, unsigned long n,
\&                  unsigned char *md);
\&
\& int MD5_Init(MD5_CTX *c);
\& int MD5_Update(MD5_CTX *c, const void *data,
\&                  unsigned long len);
\& int MD5_Final(unsigned char *md, MD5_CTX *c);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.

.PP
\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest


of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space
for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16


bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static




array.
.PP
The following functions may be used if the message is not completely
stored in memory:
.PP

\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure.


.PP

\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to
be hashed (\fBlen\fR bytes at \fBdata\fR).
.PP

\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space



for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR.

.PP

\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and





\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure.




.PP
Applications should use the higher level functions
\&\fIEVP_DigestInit\fR\|(3)
etc. instead of calling the hash functions directly.
.SH "NOTE"
.IX Header "NOTE"
\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing
applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be
preferred.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"




\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value.
.PP

\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR,





\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for


success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"


\&\s-1RFC 1319, RFC 1320, RFC 1321\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"


\&\s-1\fIMD2\s0()\fR, \fIMD2_Init()\fR, \fIMD2_Update()\fR \fIMD2_Final()\fR, \s-1\fIMD5\s0()\fR, \fIMD5_Init()\fR,



\&\fIMD5_Update()\fR and \fIMD5_Final()\fR are available in all versions of SSLeay
and OpenSSL.


.PP




\&\s-1\fIMD4\s0()\fR, \fIMD4_Init()\fR, and \fIMD4_Update()\fR are available in OpenSSL 0.9.6 and
above.
|
>

|
<
|
|
<
|
>
>
|
|
>
>
|
<
>
>
>
>
|
<
>
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
>
|
<
|
>
|
>
>
|
|
|
|
|
|
|
|
|
|
<
<

>
>
|
>
>
>
>
>
|
|
|
|
|
|
|
>
>
|
>
|
|
>
>
>
|
<
<
<
|
>
>
|
<
>
>
>
>
>
|
|
>
|
<
>
|
>
>
|
>
>
>
|
|
<
>
>
|
>
>
|
<
<
<
>
|
|
|
<
|
|
|
|
|
<
>
>
|
>
|
<
>
>
>
|
>
>
|
>
>
|
>
|
<
<
|
<
<
|
<
>
>
>
>
>
>
>
|
|
<
<
<
<
<
<
<
<
<
|
<
<
<
>
|
<
<
<
>
|
<
>
>
|
|
>
>
|
>
>
>
>
|
|


|
>
|
>
>
|
>
|
|
|
>
|
>
>
>
|
>
|
>
|
>
>
>
>
>
|
>
>
>
>
|

|
|
<
<
<
<
<
|
<
>
>
>
>
|
|
>
|
>
>
>
>
>
|
>
>
|
|
<
>
>
|
<
<
<
|
<
>
>
|
>
>
>
|
|
>
>
|
>
>
>
>
|
<
1
2
3
4

5
6

7
8
9
10
11
12
13
14

15
16
17
18
19

20
21
22
23
24

25
26
27

28
29
30
31
32
33
34
35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76



77
78
79
80

81
82
83
84
85
86
87
88
89

90
91
92
93
94
95
96
97
98
99

100
101
102
103
104
105



106
107
108
109

110
111
112
113
114

115
116
117
118
119

120
121
122
123
124
125
126
127
128
129
130
131


132


133

134
135
136
137
138
139
140
141
142









143



144
145



146
147

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196





197

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215

216
217
218



219

220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235

.\"	$OpenBSD: MD5.3,v 1.4 2016/11/27 16:20:15 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000, 2006 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"

.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"

.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:

.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: November 27 2016 $
.Dt MD5 3
.Os
.Sh NAME
.Nm MD2 ,
.Nm MD4 ,
.Nm MD5 ,
.Nm MD2_Init ,
.Nm MD2_Update ,
.Nm MD2_Final ,
.Nm MD4_Init ,
.Nm MD4_Update ,
.Nm MD4_Final ,
.Nm MD5_Init ,
.Nm MD5_Update ,
.Nm MD5_Final
.Nd MD2, MD4, and MD5 hash functions
.Sh SYNOPSIS
.In openssl/md2.h
.Ft unsigned char *
.Fo MD2
.Fa "const unsigned char *d"
.Fa "unsigned long n"
.Fa "unsigned char *md"
.Fc



.Ft int
.Fo MD2_Init
.Fa "MD2_CTX *c"
.Fc

.Ft int
.Fo MD2_Update
.Fa "MD2_CTX *c"
.Fa "const unsigned char *data"
.Fa "unsigned long len"
.Fc
.Ft int
.Fo MD2_Final
.Fa "unsigned char *md"

.Fa "MD2_CTX *c"
.Fc
.In openssl/md4.h
.Ft unsigned char *
.Fo MD4
.Fa "const unsigned char *d"
.Fa "unsigned long n"
.Fa "unsigned char *md"
.Fc
.Ft int

.Fo MD4_Init
.Fa "MD4_CTX *c"
.Fc
.Ft int
.Fo MD4_Update
.Fa "MD4_CTX *c"



.Fa "const void *data"
.Fa "unsigned long len"
.Fc
.Ft int

.Fo MD4_Final
.Fa "unsigned char *md"
.Fa "MD4_CTX *c"
.Fc
.In openssl/md5.h

.Ft unsigned char *
.Fo MD5
.Fa "const unsigned char *d"
.Fa "unsigned long n"
.Fa "unsigned char *md"

.Fc
.Ft int
.Fo MD5_Init
.Fa "MD5_CTX *c"
.Fc
.Ft int
.Fo MD5_Update
.Fa "MD5_CTX *c"
.Fa "const void *data"
.Fa "unsigned long len"
.Fc
.Ft int


.Fo MD5_Final


.Fa "unsigned char *md"

.Fa "MD5_CTX *c"
.Fc
.Sh DESCRIPTION
MD2, MD4, and MD5 are cryptographic hash functions with a 128-bit
output.
.Pp
.Fn MD2 ,
.Fn MD4 ,
and









.Fn MD5



compute the MD2, MD4, and MD5 message digest of the
.Fa n



bytes at
.Fa d

and place it in
.Fa md ,
which must have space for
.Dv MD2_DIGEST_LENGTH No ==
.Dv MD4_DIGEST_LENGTH No ==
.Dv MD5_DIGEST_LENGTH No == 16
bytes of output.
If
.Fa md
is
.Dv NULL ,
the digest is placed in a static array.
.Pp
The following functions may be used if the message is not completely
stored in memory:
.Pp
.Fn MD2_Init
initializes a
.Vt MD2_CTX
structure.
.Pp
.Fn MD2_Update
can be called repeatedly with chunks of the message to be hashed
.Pq Fa len No bytes at Fa data .
.Pp
.Fn MD2_Final
places the message digest in
.Fa md ,
which must have space for
.Dv MD2_DIGEST_LENGTH No == 16
bytes of output, and erases the
.Vt MD2_CTX .
.Pp
.Fn MD4_Init ,
.Fn MD4_Update ,
.Fn MD4_Final ,
.Fn MD5_Init ,
.Fn MD5_Update ,
and
.Fn MD5_Final
are analogous using an
.Vt MD4_CTX
and
.Vt MD5_CTX
structure.
.Pp
Applications should use the higher level functions
.Xr EVP_DigestInit 3
etc. instead of calling these hash functions directly.





.Sh RETURN VALUES

.Fn MD2 ,
.Fn MD4 ,
and
.Fn MD5
return pointers to the hash value.
.Pp
.Fn MD2_Init ,
.Fn MD2_Update ,
.Fn MD2_Final ,
.Fn MD4_Init ,
.Fn MD4_Update ,
.Fn MD4_Final ,
.Fn MD5_Init ,
.Fn MD5_Update ,
and
.Fn MD5_Final
return 1 for success or 0 otherwise.
.Sh SEE ALSO

.Xr EVP_DigestInit 3
.Sh STANDARDS
RFC 1319, RFC 1320, RFC 1321



.Sh HISTORY

.Fn MD2 ,
.Fn MD2_Init ,
.Fn MD2_Update ,
.Fn MD2_Final ,
.Fn MD5 ,
.Fn MD5_Init ,
.Fn MD5_Update ,
and
.Fn MD5_Final
are available in all versions of SSLeay and OpenSSL.
.Pp
.Fn MD4 ,
.Fn MD4_Init ,
and
.Fn MD4_Update
are available in OpenSSL 0.9.6 and above.

Changes to jni/libressl/man/Makefile.am.
1
2
3
4

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37


38
39
40
41
42
43
44
45


46
47
48
49

50


51
52

53
54
55
56
57
58
59
60
61
62
63
64
65

66
67
68
69
70

71
72

73
74

75
76
77

78
79
80
81
82
83
84
85
86

87
88
89
90


91
92
93




94
95
96
97
98
99
100

101
102
103
104
105
106
107
108
109
EXTRA_DIST = CMakeLists.txt
dist_man_MANS =
dist_man_MANS += tls_init.3
dist_man_MANS += BIO_f_ssl.3

dist_man_MANS += SSL_CIPHER_get_name.3
dist_man_MANS += SSL_COMP_add_compression_method.3
dist_man_MANS += SSL_CTX_add_extra_chain_cert.3
dist_man_MANS += SSL_CTX_add_session.3
dist_man_MANS += SSL_CTX_ctrl.3
dist_man_MANS += SSL_CTX_flush_sessions.3
dist_man_MANS += SSL_CTX_free.3
dist_man_MANS += SSL_CTX_get_ex_new_index.3
dist_man_MANS += SSL_CTX_get_verify_mode.3
dist_man_MANS += SSL_CTX_load_verify_locations.3
dist_man_MANS += SSL_CTX_new.3
dist_man_MANS += SSL_CTX_sess_number.3
dist_man_MANS += SSL_CTX_sess_set_cache_size.3
dist_man_MANS += SSL_CTX_sess_set_get_cb.3
dist_man_MANS += SSL_CTX_sessions.3

dist_man_MANS += SSL_CTX_set_cert_store.3
dist_man_MANS += SSL_CTX_set_cert_verify_callback.3
dist_man_MANS += SSL_CTX_set_cipher_list.3
dist_man_MANS += SSL_CTX_set_client_CA_list.3
dist_man_MANS += SSL_CTX_set_client_cert_cb.3
dist_man_MANS += SSL_CTX_set_default_passwd_cb.3
dist_man_MANS += SSL_CTX_set_generate_session_id.3
dist_man_MANS += SSL_CTX_set_info_callback.3
dist_man_MANS += SSL_CTX_set_max_cert_list.3
dist_man_MANS += SSL_CTX_set_mode.3
dist_man_MANS += SSL_CTX_set_msg_callback.3
dist_man_MANS += SSL_CTX_set_options.3
dist_man_MANS += SSL_CTX_set_psk_client_callback.3
dist_man_MANS += SSL_CTX_set_quiet_shutdown.3
dist_man_MANS += SSL_CTX_set_session_cache_mode.3
dist_man_MANS += SSL_CTX_set_session_id_context.3
dist_man_MANS += SSL_CTX_set_ssl_version.3
dist_man_MANS += SSL_CTX_set_timeout.3


dist_man_MANS += SSL_CTX_set_tmp_dh_callback.3
dist_man_MANS += SSL_CTX_set_tmp_rsa_callback.3
dist_man_MANS += SSL_CTX_set_verify.3
dist_man_MANS += SSL_CTX_use_certificate.3
dist_man_MANS += SSL_CTX_use_psk_identity_hint.3
dist_man_MANS += SSL_SESSION_free.3
dist_man_MANS += SSL_SESSION_get_ex_new_index.3
dist_man_MANS += SSL_SESSION_get_time.3


dist_man_MANS += SSL_accept.3
dist_man_MANS += SSL_alert_type_string.3
dist_man_MANS += SSL_clear.3
dist_man_MANS += SSL_connect.3

dist_man_MANS += SSL_do_handshake.3


dist_man_MANS += SSL_free.3
dist_man_MANS += SSL_get_SSL_CTX.3

dist_man_MANS += SSL_get_ciphers.3
dist_man_MANS += SSL_get_client_CA_list.3
dist_man_MANS += SSL_get_current_cipher.3
dist_man_MANS += SSL_get_default_timeout.3
dist_man_MANS += SSL_get_error.3
dist_man_MANS += SSL_get_ex_data_X509_STORE_CTX_idx.3
dist_man_MANS += SSL_get_ex_new_index.3
dist_man_MANS += SSL_get_fd.3
dist_man_MANS += SSL_get_peer_cert_chain.3
dist_man_MANS += SSL_get_peer_certificate.3
dist_man_MANS += SSL_get_psk_identity.3
dist_man_MANS += SSL_get_rbio.3
dist_man_MANS += SSL_get_session.3

dist_man_MANS += SSL_get_verify_result.3
dist_man_MANS += SSL_get_version.3
dist_man_MANS += SSL_library_init.3
dist_man_MANS += SSL_load_client_CA_file.3
dist_man_MANS += SSL_new.3

dist_man_MANS += SSL_pending.3
dist_man_MANS += SSL_read.3

dist_man_MANS += SSL_rstate_string.3
dist_man_MANS += SSL_session_reused.3

dist_man_MANS += SSL_set_bio.3
dist_man_MANS += SSL_set_connect_state.3
dist_man_MANS += SSL_set_fd.3

dist_man_MANS += SSL_set_session.3
dist_man_MANS += SSL_set_shutdown.3
dist_man_MANS += SSL_set_verify_result.3
dist_man_MANS += SSL_shutdown.3
dist_man_MANS += SSL_state_string.3
dist_man_MANS += SSL_want.3
dist_man_MANS += SSL_write.3
dist_man_MANS += d2i_SSL_SESSION.3
dist_man_MANS += ssl.3

dist_man_MANS += ASN1_OBJECT_new.3
dist_man_MANS += ASN1_STRING_length.3
dist_man_MANS += ASN1_STRING_new.3
dist_man_MANS += ASN1_STRING_print_ex.3


dist_man_MANS += ASN1_generate_nconf.3
dist_man_MANS += BF_set_key.3
dist_man_MANS += BIO.3




dist_man_MANS += BIO_ctrl.3
dist_man_MANS += BIO_f_base64.3
dist_man_MANS += BIO_f_buffer.3
dist_man_MANS += BIO_f_cipher.3
dist_man_MANS += BIO_f_md.3
dist_man_MANS += BIO_f_null.3
dist_man_MANS += BIO_find_type.3

dist_man_MANS += BIO_new.3
dist_man_MANS += BIO_new_CMS.3
dist_man_MANS += BIO_push.3
dist_man_MANS += BIO_read.3
dist_man_MANS += BIO_s_accept.3
dist_man_MANS += BIO_s_bio.3
dist_man_MANS += BIO_s_connect.3
dist_man_MANS += BIO_s_fd.3
dist_man_MANS += BIO_s_file.3


|
|
>















>












|
|




>
>




<



>
>




>

>
>


>










|
|
|
>





>


>


>



>









>




>
>

|
|
>
>
>
>







>

|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
EXTRA_DIST = CMakeLists.txt
dist_man_MANS =
dist_man_MANS += BIO_f_ssl.3
dist_man_MANS += DTLSv1_listen.3
dist_man_MANS += PEM_read_SSL_SESSION.3
dist_man_MANS += SSL_CIPHER_get_name.3
dist_man_MANS += SSL_COMP_add_compression_method.3
dist_man_MANS += SSL_CTX_add_extra_chain_cert.3
dist_man_MANS += SSL_CTX_add_session.3
dist_man_MANS += SSL_CTX_ctrl.3
dist_man_MANS += SSL_CTX_flush_sessions.3
dist_man_MANS += SSL_CTX_free.3
dist_man_MANS += SSL_CTX_get_ex_new_index.3
dist_man_MANS += SSL_CTX_get_verify_mode.3
dist_man_MANS += SSL_CTX_load_verify_locations.3
dist_man_MANS += SSL_CTX_new.3
dist_man_MANS += SSL_CTX_sess_number.3
dist_man_MANS += SSL_CTX_sess_set_cache_size.3
dist_man_MANS += SSL_CTX_sess_set_get_cb.3
dist_man_MANS += SSL_CTX_sessions.3
dist_man_MANS += SSL_CTX_set_alpn_select_cb.3
dist_man_MANS += SSL_CTX_set_cert_store.3
dist_man_MANS += SSL_CTX_set_cert_verify_callback.3
dist_man_MANS += SSL_CTX_set_cipher_list.3
dist_man_MANS += SSL_CTX_set_client_CA_list.3
dist_man_MANS += SSL_CTX_set_client_cert_cb.3
dist_man_MANS += SSL_CTX_set_default_passwd_cb.3
dist_man_MANS += SSL_CTX_set_generate_session_id.3
dist_man_MANS += SSL_CTX_set_info_callback.3
dist_man_MANS += SSL_CTX_set_max_cert_list.3
dist_man_MANS += SSL_CTX_set_mode.3
dist_man_MANS += SSL_CTX_set_msg_callback.3
dist_man_MANS += SSL_CTX_set_options.3
dist_man_MANS += SSL_CTX_set_quiet_shutdown.3
dist_man_MANS += SSL_CTX_set_read_ahead.3
dist_man_MANS += SSL_CTX_set_session_cache_mode.3
dist_man_MANS += SSL_CTX_set_session_id_context.3
dist_man_MANS += SSL_CTX_set_ssl_version.3
dist_man_MANS += SSL_CTX_set_timeout.3
dist_man_MANS += SSL_CTX_set_tlsext_status_cb.3
dist_man_MANS += SSL_CTX_set_tlsext_ticket_key_cb.3
dist_man_MANS += SSL_CTX_set_tmp_dh_callback.3
dist_man_MANS += SSL_CTX_set_tmp_rsa_callback.3
dist_man_MANS += SSL_CTX_set_verify.3
dist_man_MANS += SSL_CTX_use_certificate.3

dist_man_MANS += SSL_SESSION_free.3
dist_man_MANS += SSL_SESSION_get_ex_new_index.3
dist_man_MANS += SSL_SESSION_get_time.3
dist_man_MANS += SSL_SESSION_new.3
dist_man_MANS += SSL_SESSION_print.3
dist_man_MANS += SSL_accept.3
dist_man_MANS += SSL_alert_type_string.3
dist_man_MANS += SSL_clear.3
dist_man_MANS += SSL_connect.3
dist_man_MANS += SSL_copy_session_id.3
dist_man_MANS += SSL_do_handshake.3
dist_man_MANS += SSL_dup.3
dist_man_MANS += SSL_dup_CA_list.3
dist_man_MANS += SSL_free.3
dist_man_MANS += SSL_get_SSL_CTX.3
dist_man_MANS += SSL_get_certificate.3
dist_man_MANS += SSL_get_ciphers.3
dist_man_MANS += SSL_get_client_CA_list.3
dist_man_MANS += SSL_get_current_cipher.3
dist_man_MANS += SSL_get_default_timeout.3
dist_man_MANS += SSL_get_error.3
dist_man_MANS += SSL_get_ex_data_X509_STORE_CTX_idx.3
dist_man_MANS += SSL_get_ex_new_index.3
dist_man_MANS += SSL_get_fd.3
dist_man_MANS += SSL_get_peer_cert_chain.3
dist_man_MANS += SSL_get_peer_certificate.3
dist_man_MANS += SSL_get_rbio.3
dist_man_MANS += SSL_get_session.3
dist_man_MANS += SSL_get_shared_ciphers.3
dist_man_MANS += SSL_get_state.3
dist_man_MANS += SSL_get_verify_result.3
dist_man_MANS += SSL_get_version.3
dist_man_MANS += SSL_library_init.3
dist_man_MANS += SSL_load_client_CA_file.3
dist_man_MANS += SSL_new.3
dist_man_MANS += SSL_num_renegotiations.3
dist_man_MANS += SSL_pending.3
dist_man_MANS += SSL_read.3
dist_man_MANS += SSL_renegotiate.3
dist_man_MANS += SSL_rstate_string.3
dist_man_MANS += SSL_session_reused.3
dist_man_MANS += SSL_set1_param.3
dist_man_MANS += SSL_set_bio.3
dist_man_MANS += SSL_set_connect_state.3
dist_man_MANS += SSL_set_fd.3
dist_man_MANS += SSL_set_max_send_fragment.3
dist_man_MANS += SSL_set_session.3
dist_man_MANS += SSL_set_shutdown.3
dist_man_MANS += SSL_set_verify_result.3
dist_man_MANS += SSL_shutdown.3
dist_man_MANS += SSL_state_string.3
dist_man_MANS += SSL_want.3
dist_man_MANS += SSL_write.3
dist_man_MANS += d2i_SSL_SESSION.3
dist_man_MANS += ssl.3
dist_man_MANS += ACCESS_DESCRIPTION_new.3
dist_man_MANS += ASN1_OBJECT_new.3
dist_man_MANS += ASN1_STRING_length.3
dist_man_MANS += ASN1_STRING_new.3
dist_man_MANS += ASN1_STRING_print_ex.3
dist_man_MANS += ASN1_TIME_set.3
dist_man_MANS += ASN1_TYPE_get.3
dist_man_MANS += ASN1_generate_nconf.3
dist_man_MANS += ASN1_item_d2i.3
dist_man_MANS += ASN1_item_new.3
dist_man_MANS += ASN1_time_parse.3
dist_man_MANS += AUTHORITY_KEYID_new.3
dist_man_MANS += BASIC_CONSTRAINTS_new.3
dist_man_MANS += BF_set_key.3
dist_man_MANS += BIO_ctrl.3
dist_man_MANS += BIO_f_base64.3
dist_man_MANS += BIO_f_buffer.3
dist_man_MANS += BIO_f_cipher.3
dist_man_MANS += BIO_f_md.3
dist_man_MANS += BIO_f_null.3
dist_man_MANS += BIO_find_type.3
dist_man_MANS += BIO_get_ex_new_index.3
dist_man_MANS += BIO_new.3
dist_man_MANS += BIO_printf.3
dist_man_MANS += BIO_push.3
dist_man_MANS += BIO_read.3
dist_man_MANS += BIO_s_accept.3
dist_man_MANS += BIO_s_bio.3
dist_man_MANS += BIO_s_connect.3
dist_man_MANS += BIO_s_fd.3
dist_man_MANS += BIO_s_file.3
117
118
119
120
121
122
123

124
125
126
127
128
129
130


131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

169
170
171
172
173
174
175
176
177
178

179
180
181
182
183
184
185
186

187
188
189
190
191
192
193
194
195


196
197
198
199

200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218


219
220

221








222

223
224

225

226
227


228
229
230
231
232
233

234
235
236


237
238
239
240
241
242
243
244

245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261




262








263
264
265

266




267
268
269
270


271
272









273

274



275
276




277

278
279












280

281
282

283

284
285
286
287
288
289


290
291

292





293
294
295

296
297



298
299
300
301
302
303
304
305




















306
307
308
309
310
311

312
313
314
315
316

317
318

319
320


321
322
323
324
325
326
327
328
329
330
331
332
333











334

335

336

337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353


354
355
356
357
358

359
360
361
362
363
364
365

366

367
368





369
370



















371
372
373
374
375
376
377
378
379
380
381

382
383
384













385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423



















424
425
426
427
428
429
430
431

432
433
434
435




436
437
438
439
440
441
442



443
444
445
446
447
448
449
450
451
452
453
454
455
456





457
458









459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476

477
478
479
480













481
482
483
484
485
486








487


488

489
490



491
492
493
494
495
496
497
498








499
500
501
502
503
504
505
506
507
508
509
510

511

512
513
514
515



516
517

518

519
520


521


522
523



524
525



526
527
528
529
530

531


532
533
534

535
536
537
538
539
540
541
542
543
544

545

546
547

548


549

550
551


552

553




554
555
556
557







558
559
560
561
562
563
564
565

566
567
568



569
570
571
572


573




574


575
576
577

578
579
580

581
582
583
584
585
586



587
588
589
590
591
592






593
594
595
596
597
598

599

600
601
602
603
604




605

606
607
608
609

610
















611
612
613
614
615

616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631



632
633
634
635
636
637
638
639
640
641




642
643
644
645
646
647












648
649



650


651


652
653

654
655
656
657
658
659
660
661
662
663
664
665



666
667
668
669
670
671
672











673
674
675
676
677
678
679

680
681
682

683
684
685





686
687
688



689
690
691
692
693
694
695
696
697
698
699
700




701
702










703
704
705
706
707

708
709
710
711
712
713

714
715
716
717
718
719
720


721



722
723
724

725
726
727
728
729
730
731


732
733
734
735
736
737
738
739










740
741

742
743
744
745
746
747
748
749
750
751
752
753
754

755
756
757










758
759
760
761
762
763
764
765
766
767
768
769
770









771
772
773
774
775
776




777





778
779
780


781
782
783
784
785

786
787
788
789


790
791
792

793

794


795
796
797
798
799
800
801
802


803
804
805
806
807

808

809

810
811




812
813





814
815
816
817
818
819







820
821

822



823
824
825
826
827

828
829

830
831

832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847







848
849













850


851
852
853

854
855
856
857
858

859
860


861
862
863
864
865
866


867
868




869
870
871
872
873




874
875



876
877
878
879
880
881
882

883
884
885
886

887

888
889
890
891

892









893
894
895
896
897
898
899
900

901
902
903

904
905
906


907

908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926










927









928
929
930
931
932
933
934
935
936
937
938


939
940
941
942
943




944
945


946
947
948






949
950
951
952
953
954
955
956
957
958
959
960

961






962
963

964

965
966
967

968

969
970
971
972
973
974




975
976
977


978
979
980




981
982
983
984
985
986
987

988
989
990
991
992

993


994






995
996
997
998
999


1000







1001
1002
1003
1004
1005



1006
1007

1008



1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022






1023





1024
1025



1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052

1053
1054














1055
1056
1057
1058
1059
1060
1061

1062

1063



1064
1065
1066
1067
1068
1069
1070
1071
1072








1073
1074
1075
1076
1077
1078
1079

1080
1081
1082
1083
1084



1085
1086
1087
1088









1089

1090
1091





1092


1093


1094





1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116







1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127










1128
1129
1130

1131
1132
1133
1134
1135
1136
1137
1138








1139



1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153




1154

1155



1156
1157
1158
1159
1160



1161
1162
1163



1164
1165
1166
1167
1168
1169
1170

1171

1172


1173


1174
1175
1176
1177
1178
1179






1180
1181
1182


1183
1184
1185


1186
1187
1188

1189
1190
1191
1192

1193
1194


1195

1196
1197

1198

1199




1200


1201
1202

1203
1204
1205

1206




1207
1208

1209
1210



1211
1212
1213
1214
1215
1216


1217
1218
1219
1220
1221



1222
1223
1224
1225
1226
1227
1228

1229
1230



1231
1232


1233
1234
1235
1236



1237




1238


1239
1240
1241




1242
1243
1244
1245


1246
1247
1248
1249
1250

1251
1252
1253
1254

1255


1256

1257












1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272

1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291












1292

1293
1294
1295
1296
1297
1298


1299
1300
1301
1302
1303


1304
1305
1306
1307
1308




1309


1310



1311



1312


1313
1314
1315


1316
1317
1318
1319
1320
1321
1322


1323



1324
1325
1326
1327
1328
1329

1330


1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343




1344
1345
1346

1347






1348
1349


1350
1351
1352
1353




1354
1355
1356
1357
1358


1359
1360
1361

1362
1363

1364
1365
1366
1367






1368
1369
1370
1371
1372
1373



1374

1375

1376

1377

1378

1379


1380
1381
1382

1383

1384




1385
1386
1387
1388
1389
1390
1391
1392
1393
1394



1395




1396


1397
1398
1399
1400
1401
1402
1403
1404



1405
1406
1407



1408




1409

1410
1411
1412


1413
1414
1415
1416
1417
1418
1419
1420
1421


1422












1423
1424
1425
1426
1427
1428
1429

1430
1431
1432
1433
1434
1435
1436
1437



1438
1439
1440
1441
1442
1443
1444
1445

1446
1447
1448
1449
1450
1451
1452












1453
1454

1455
1456
1457
1458
1459
1460


1461
1462
1463
1464
1465
1466
1467










1468
1469
1470

1471

1472
1473
1474
1475
1476
1477
1478
1479
1480



1481
1482
1483
1484
1485
1486
1487
1488




















1489
1490
1491
1492
1493
1494


1495
1496
1497
1498


1499
1500
1501
1502
1503

1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517












1518

1519

1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536


1537
1538
1539
1540
1541

1542
1543
1544
1545
1546
1547
1548

1549

1550






1551
1552
1553


















1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564

1565
1566
1567
1568
1569













1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606















1607

1608
1609
1610
1611
1612
1613
1614
1615
1616
1617

1618
1619
1620
1621




1622
1623
1624
1625
1626
1627






1628
1629
1630
1631
1632
1633
1634


1635
1636









1637
1638




1639
1640
1641
1642
1643
1644
1645
1646
1647
1648

1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662













1663
1664
1665
1666

1667
1668







1669


1670
1671
1672
1673



1674
1675
1676
1677
1678
1679
1680
1681
1682







1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693




1694

1695
1696

1697
1698
1699
1700

1701

1702
1703





1704
1705



1706
1707

1708

1709
1710
1711
1712
1713

1714



1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727

1728

1729
1730

1731


1732

1733
1734


1735

1736




1737
1738
1739
1740






1741
1742
1743
1744
1745
1746
1747
1748


1749

1750




1751
1752
1753
1754
1755
1756
1757

1758

1759


1760
1761
1762



1763

1764
1765
1766
1767
1768
1769



1770
1771
1772
1773
1774
1775






1776
1777
1778
1779
1780
1781

1782

1783
1784




1785
1786

1787

1788

1789
1790

1791
1792
1793




1794
1795








1796
1797
1798
1799
1800

1801
1802
1803
1804
1805

1806
1807
1808
1809
1810

1811
1812
1813
1814



1815
1816
1817
1818
1819
1820
1821
1822
1823
1824




1825
1826
1827
1828
1829
1830












1831
1832






1833
1834
1835
1836
1837

1838
1839
1840
1841
1842
1843
1844

1845
1846

1847



1848
1849
1850
1851
1852
1853












1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867



1868
1869
1870
1871
1872
1873



1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885






1886









1887
1888
1889
1890
1891

1892
1893
1894
1895

1896


1897
1898
1899
1900
1901
1902
1903

1904
1905


1906
1907
1908

1909
1910
1911
1912
1913
1914



1915
1916
1917
1918
1919
1920
1921

1922












1923
1924

1925

1926
1927
1928
1929
1930
1931
1932
1933

1934
1935
1936




1937
1938
1939
1940


1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953









1954
1955
1956
1957



1958
1959

1960



1961
1962
1963
1964
1965

1966
1967

1968
1969
1970
1971
1972
1973






1974
1975
1976
1977



1978
1979
1980
1981
1982
1983
1984
1985


1986

1987
1988
1989



1990

1991
1992


1993

1994
1995

1996



1997
1998
1999
2000
2001
2002


2003


2004

2005
2006

2007



2008
2009
2010

2011

2012
2013


2014

2015
2016



2017
2018

2019
2020
2021
2022
2023
2024
2025
2026

2027
2028

2029


2030
2031



2032




2033
2034
2035
2036

2037
2038
2039

2040
2041

2042
2043
2044
2045


2046
2047




2048
2049

2050


2051
2052




2053
2054
2055
2056
2057




2058
2059


2060
2061
2062
2063

2064
2065
2066

2067
2068
2069
2070



2071
2072
2073
2074
2075
2076



2077





2078
2079
2080
2081
2082

2083
2084


2085


2086
2087
2088


2089

2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107











2108
2109
2110
2111



2112
2113


2114
2115

2116

2117
2118
2119
2120
2121


2122
2123
2124
2125





2126
2127


2128
2129
2130

2131




2132
2133
2134
2135
2136
2137
2138

2139
2140
2141


2142

2143
2144








2145
2146
2147

2148


2149
2150
2151

2152

2153
2154

2155
2156
2157


2158
2159





2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174









2175
2176
2177
2178
2179










2180
2181
2182
2183
2184



2185
2186

2187
2188


2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202






2203



2204

2205
2206

2207

2208
2209
2210

2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228

2229
2230
2231
2232

2233
2234
2235








2236
2237


2238
2239

2240

2241
2242

2243
2244





2245
2246
2247

2248
2249
2250

2251
2252
2253
2254




2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268



2269

2270
2271






2272


2273


2274



2275

2276


2277



2278
2279



2280
2281
2282
2283
2284
2285

2286

2287
2288
2289
2290
2291
2292
2293
2294
2295
2296

2297
2298
2299


2300



2301
2302
2303
2304
2305
2306
2307
2308



2309


2310






2311
2312
2313

2314
2315
2316
2317
2318
2319
2320
2321

2322



2323






2324
2325
2326
2327

2328
2329
2330
2331
2332
2333
2334
2335
2336
2337










2338
2339
2340
2341
2342

2343
2344
2345
2346



2347



2348
2349
2350



2351






2352
2353
2354
2355
2356
2357
2358

2359
2360
2361
2362
2363
2364
2365

2366
2367
2368


2369
2370
2371

2372
2373
2374
2375

2376
2377


2378

2379
2380



2381

2382


2383


2384
2385
2386
2387
2388
2389
2390
2391
2392



2393


2394
2395



2396
2397
2398

2399
2400


2401
2402

2403
2404



2405
2406
2407
2408
2409
2410


2411




2412
2413


2414
2415
2416
2417




2418
2419


2420


2421
2422
2423

2424


2425
2426
2427
2428
2429

2430
2431
2432
2433


2434
2435
2436





2437
2438

2439




2440


2441



2442


2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454


2455
2456

2457
2458
2459
2460
2461

2462

2463
2464
2465
2466
2467
2468
2469
2470
2471










2472
2473
2474

2475
2476
2477
2478


2479
2480
2481
2482
2483


2484
2485
2486
2487




2488
2489

2490
2491
2492


2493



2494


2495
2496



2497
2498
2499
2500
2501
2502
2503

2504
2505



2506
2507
2508
2509
2510
2511
2512
2513


2514

2515
2516
2517
2518
2519
2520

2521
2522
2523
2524
2525

2526

2527
2528
2529

2530






2531
2532

2533
2534
2535
2536
2537
2538

2539
2540


2541
2542
2543


2544
2545


2546


2547
2548
2549







2550
2551
2552

2553
2554
2555




2556

2557

2558
2559
2560

2561


2562
2563
2564

2565


2566
2567

2568
2569
2570
2571
2572
2573
2574
2575
2576
2577












2578
2579
2580
2581
2582
2583
2584
2585
2586


2587
2588
2589
2590


2591




2592

2593
2594



2595
2596
2597
2598
2599

2600
2601



2602

2603














2604
2605
2606

2607
2608
2609
2610
2611
2612
2613
2614
2615
2616

2617
2618
2619
2620
2621

2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632


2633








2634
2635


2636
2637
2638
2639



2640
2641
2642
2643
2644
2645
2646
2647
2648
2649





2650

2651
2652
2653
2654
2655

2656
2657
2658
2659

2660
2661
dist_man_MANS += BN_CTX_start.3
dist_man_MANS += BN_add.3
dist_man_MANS += BN_add_word.3
dist_man_MANS += BN_bn2bin.3
dist_man_MANS += BN_cmp.3
dist_man_MANS += BN_copy.3
dist_man_MANS += BN_generate_prime.3

dist_man_MANS += BN_mod_inverse.3
dist_man_MANS += BN_mod_mul_montgomery.3
dist_man_MANS += BN_mod_mul_reciprocal.3
dist_man_MANS += BN_new.3
dist_man_MANS += BN_num_bytes.3
dist_man_MANS += BN_rand.3
dist_man_MANS += BN_set_bit.3


dist_man_MANS += BN_swap.3
dist_man_MANS += BN_zero.3
dist_man_MANS += BUF_MEM_new.3
dist_man_MANS += CMS_add0_cert.3
dist_man_MANS += CMS_add1_recipient_cert.3
dist_man_MANS += CMS_add1_signer.3
dist_man_MANS += CMS_compress.3
dist_man_MANS += CMS_decrypt.3
dist_man_MANS += CMS_encrypt.3
dist_man_MANS += CMS_final.3
dist_man_MANS += CMS_get0_RecipientInfos.3
dist_man_MANS += CMS_get0_SignerInfos.3
dist_man_MANS += CMS_get0_type.3
dist_man_MANS += CMS_get1_ReceiptRequest.3
dist_man_MANS += CMS_sign.3
dist_man_MANS += CMS_sign_receipt.3
dist_man_MANS += CMS_uncompress.3
dist_man_MANS += CMS_verify.3
dist_man_MANS += CMS_verify_receipt.3
dist_man_MANS += CONF_modules_free.3
dist_man_MANS += CONF_modules_load_file.3
dist_man_MANS += CRYPTO_set_ex_data.3
dist_man_MANS += CRYPTO_set_locking_callback.3
dist_man_MANS += ECDSA_SIG_new.3
dist_man_MANS += EVP_AEAD_CTX_init.3
dist_man_MANS += UI_new.3
dist_man_MANS += bn_dump.3
dist_man_MANS += crypto.3
dist_man_MANS += d2i_PKCS8PrivateKey_bio.3
dist_man_MANS += des_read_pw.3
dist_man_MANS += lh_new.3
dist_man_MANS += DES_set_key.3
dist_man_MANS += DH_generate_key.3
dist_man_MANS += DH_generate_parameters.3
dist_man_MANS += DH_get_ex_new_index.3
dist_man_MANS += DH_new.3
dist_man_MANS += DH_set_method.3
dist_man_MANS += DH_size.3

dist_man_MANS += DSA_SIG_new.3
dist_man_MANS += DSA_do_sign.3
dist_man_MANS += DSA_dup_DH.3
dist_man_MANS += DSA_generate_key.3
dist_man_MANS += DSA_generate_parameters.3
dist_man_MANS += DSA_get_ex_new_index.3
dist_man_MANS += DSA_new.3
dist_man_MANS += DSA_set_method.3
dist_man_MANS += DSA_sign.3
dist_man_MANS += DSA_size.3

dist_man_MANS += EC_GFp_simple_method.3
dist_man_MANS += EC_GROUP_copy.3
dist_man_MANS += EC_GROUP_new.3
dist_man_MANS += EC_KEY_new.3
dist_man_MANS += EC_POINT_add.3
dist_man_MANS += EC_POINT_new.3
dist_man_MANS += ERR.3
dist_man_MANS += ERR_GET_LIB.3

dist_man_MANS += ERR_clear_error.3
dist_man_MANS += ERR_error_string.3
dist_man_MANS += ERR_get_error.3
dist_man_MANS += ERR_load_crypto_strings.3
dist_man_MANS += ERR_load_strings.3
dist_man_MANS += ERR_print_errors.3
dist_man_MANS += ERR_put_error.3
dist_man_MANS += ERR_remove_state.3
dist_man_MANS += ERR_set_mark.3


dist_man_MANS += EVP_BytesToKey.3
dist_man_MANS += EVP_DigestInit.3
dist_man_MANS += EVP_DigestSignInit.3
dist_man_MANS += EVP_DigestVerifyInit.3

dist_man_MANS += EVP_EncryptInit.3
dist_man_MANS += EVP_OpenInit.3
dist_man_MANS += EVP_PKEY_CTX_ctrl.3
dist_man_MANS += EVP_PKEY_CTX_new.3
dist_man_MANS += EVP_PKEY_cmp.3
dist_man_MANS += EVP_PKEY_decrypt.3
dist_man_MANS += EVP_PKEY_derive.3
dist_man_MANS += EVP_PKEY_encrypt.3
dist_man_MANS += EVP_PKEY_get_default_digest.3
dist_man_MANS += EVP_PKEY_keygen.3
dist_man_MANS += EVP_PKEY_new.3
dist_man_MANS += EVP_PKEY_print_private.3
dist_man_MANS += EVP_PKEY_set1_RSA.3
dist_man_MANS += EVP_PKEY_sign.3
dist_man_MANS += EVP_PKEY_verify.3
dist_man_MANS += EVP_PKEY_verify_recover.3
dist_man_MANS += EVP_SealInit.3
dist_man_MANS += EVP_SignInit.3
dist_man_MANS += EVP_VerifyInit.3


dist_man_MANS += HMAC.3
dist_man_MANS += MD5.3

dist_man_MANS += OBJ_nid2obj.3








dist_man_MANS += OPENSSL_VERSION_NUMBER.3

dist_man_MANS += OPENSSL_config.3
dist_man_MANS += OPENSSL_load_builtin_modules.3

dist_man_MANS += OpenSSL_add_all_algorithms.3

dist_man_MANS += PEM_read_bio_PrivateKey.3
dist_man_MANS += PEM_write_bio_CMS_stream.3


dist_man_MANS += PEM_write_bio_PKCS7_stream.3
dist_man_MANS += PKCS12_create.3
dist_man_MANS += PKCS12_parse.3
dist_man_MANS += PKCS5_PBKDF2_HMAC.3
dist_man_MANS += PKCS7_decrypt.3
dist_man_MANS += PKCS7_encrypt.3

dist_man_MANS += PKCS7_sign.3
dist_man_MANS += PKCS7_sign_add_signer.3
dist_man_MANS += PKCS7_verify.3


dist_man_MANS += RAND.3
dist_man_MANS += RAND_add.3
dist_man_MANS += RAND_bytes.3
dist_man_MANS += RAND_cleanup.3
dist_man_MANS += RAND_load_file.3
dist_man_MANS += RAND_set_rand_method.3
dist_man_MANS += RC4.3
dist_man_MANS += RIPEMD160.3

dist_man_MANS += RSA_blinding_on.3
dist_man_MANS += RSA_check_key.3
dist_man_MANS += RSA_generate_key.3
dist_man_MANS += RSA_get_ex_new_index.3
dist_man_MANS += RSA_new.3
dist_man_MANS += RSA_padding_add_PKCS1_type_1.3
dist_man_MANS += RSA_print.3
dist_man_MANS += RSA_private_encrypt.3
dist_man_MANS += RSA_public_encrypt.3
dist_man_MANS += RSA_set_method.3
dist_man_MANS += RSA_sign.3
dist_man_MANS += RSA_sign_ASN1_OCTET_STRING.3
dist_man_MANS += RSA_size.3
dist_man_MANS += SHA1.3
dist_man_MANS += SMIME_read_CMS.3
dist_man_MANS += SMIME_read_PKCS7.3
dist_man_MANS += SMIME_write_CMS.3




dist_man_MANS += SMIME_write_PKCS7.3








dist_man_MANS += X509_NAME_ENTRY_get_object.3
dist_man_MANS += X509_NAME_add_entry_by_txt.3
dist_man_MANS += X509_NAME_get_index_by_NID.3

dist_man_MANS += X509_NAME_print_ex.3




dist_man_MANS += X509_STORE_CTX_get_error.3
dist_man_MANS += X509_STORE_CTX_get_ex_new_index.3
dist_man_MANS += X509_STORE_CTX_new.3
dist_man_MANS += X509_STORE_CTX_set_verify_cb.3


dist_man_MANS += X509_STORE_set_verify_cb_func.3
dist_man_MANS += X509_VERIFY_PARAM_set_flags.3









dist_man_MANS += X509_new.3

dist_man_MANS += X509_verify_cert.3



dist_man_MANS += bn.3
dist_man_MANS += d2i_ASN1_OBJECT.3




dist_man_MANS += d2i_DHparams.3

dist_man_MANS += d2i_DSAPublicKey.3
dist_man_MANS += d2i_ECPKParameters.3












dist_man_MANS += d2i_RSAPublicKey.3

dist_man_MANS += d2i_X509.3
dist_man_MANS += d2i_X509_ALGOR.3

dist_man_MANS += d2i_X509_CRL.3

dist_man_MANS += d2i_X509_NAME.3
dist_man_MANS += d2i_X509_REQ.3
dist_man_MANS += d2i_X509_SIG.3
dist_man_MANS += dh.3
dist_man_MANS += dsa.3
dist_man_MANS += ec.3


dist_man_MANS += engine.3
dist_man_MANS += evp.3

dist_man_MANS += i2d_CMS_bio_stream.3





dist_man_MANS += i2d_PKCS7_bio_stream.3
dist_man_MANS += lh_stats.3
dist_man_MANS += rsa.3

dist_man_MANS += x509.3
install-data-hook:



	ln -sf ASN1_OBJECT_new.3 $(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3




















	ln -sf ASN1_STRING_new.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3
	ln -sf ASN1_STRING_new.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3
	ln -sf ASN1_STRING_print_ex.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3
	ln -sf ASN1_STRING_print_ex.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3
	ln -sf ASN1_generate_nconf.3 $(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3

	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_decrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_encrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3

	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_options.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3

	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3


	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_eof.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_flush.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_get_close.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_pending.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_reset.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_seek.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_set_close.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_tell.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_wpending.3











	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/bio_info_cb.3

	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3

	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3

	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3
	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3
	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3
	ln -sf BIO_f_cipher.3 $(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3
	ln -sf BIO_f_cipher.3 $(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3
	ln -sf BIO_f_cipher.3 $(DESTDIR)$(mandir)/man3/BIO_set_cipher.3
	ln -sf BIO_f_md.3 $(DESTDIR)$(mandir)/man3/BIO_get_md.3
	ln -sf BIO_f_md.3 $(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3
	ln -sf BIO_f_md.3 $(DESTDIR)$(mandir)/man3/BIO_set_md.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_do_handshake.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_get_ssl.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_new_ssl.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3


	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3
	ln -sf BIO_find_type.3 $(DESTDIR)$(mandir)/man3/BIO_method_type.3

	ln -sf BIO_find_type.3 $(DESTDIR)$(mandir)/man3/BIO_next.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_free.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_free_all.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_set.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_vfree.3
	ln -sf BIO_push.3 $(DESTDIR)$(mandir)/man3/BIO_pop.3
	ln -sf BIO_read.3 $(DESTDIR)$(mandir)/man3/BIO_gets.3

	ln -sf BIO_read.3 $(DESTDIR)$(mandir)/man3/BIO_puts.3

	ln -sf BIO_read.3 $(DESTDIR)$(mandir)/man3/BIO_write.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_do_accept.3





	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3



















	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_new_accept.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_get_read_request.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3

	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3













	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_do_connect.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_new_connect.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_nbio.3
	ln -sf BIO_s_fd.3 $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	ln -sf BIO_s_fd.3 $(DESTDIR)$(mandir)/man3/BIO_new_fd.3
	ln -sf BIO_s_fd.3 $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_append_filename.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_get_fp.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_new_file.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_new_fp.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_read_filename.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_rw_filename.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_set_fp.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_write_filename.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3
	ln -sf BIO_s_socket.3 $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	ln -sf BIO_s_socket.3 $(DESTDIR)$(mandir)/man3/BIO_new_socket.3
	ln -sf BIO_s_socket.3 $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_debug_callback.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_get_callback.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/callback.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3



















	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_retry_type.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_should_io_special.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_should_read.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_should_write.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3

	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3




	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3
	ln -sf BN_CTX_new.3 $(DESTDIR)$(mandir)/man3/BN_CTX_free.3
	ln -sf BN_CTX_new.3 $(DESTDIR)$(mandir)/man3/BN_CTX_init.3
	ln -sf BN_CTX_start.3 $(DESTDIR)$(mandir)/man3/BN_CTX_end.3



	ln -sf BN_CTX_start.3 $(DESTDIR)$(mandir)/man3/BN_CTX_get.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_div.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_exp.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_gcd.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_add.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_exp.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_mul.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_sqr.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_sub.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mul.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_nnmod.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_sqr.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_sub.3





	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_div_word.3
	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_mod_word.3









	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_mul_word.3
	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_sub_word.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bin2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bn2dec.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bn2hex.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bn2mpi.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_dec2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_hex2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_mpi2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_print.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_print_fp.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_odd.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_one.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_word.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_zero.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_ucmp.3
	ln -sf BN_copy.3 $(DESTDIR)$(mandir)/man3/BN_dup.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_GENCB_call.3

	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_GENCB_set.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime.3













	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3








	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3


	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3

	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_from_montgomery.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_to_montgomery.3



	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_div_recp.3
	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_clear.3
	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_clear_free.3
	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_free.3








	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_init.3
	ln -sf BN_num_bytes.3 $(DESTDIR)$(mandir)/man3/BN_num_bits.3
	ln -sf BN_num_bytes.3 $(DESTDIR)$(mandir)/man3/BN_num_bits_word.3
	ln -sf BN_rand.3 $(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3
	ln -sf BN_rand.3 $(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3
	ln -sf BN_rand.3 $(DESTDIR)$(mandir)/man3/BN_rand_range.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_clear_bit.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_is_bit_set.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_lshift.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_lshift1.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_mask_bits.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_rshift.3

	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_rshift1.3

	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_get_word.3
	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_one.3
	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_set_word.3
	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_value_one.3



	ln -sf BUF_MEM_new.3 $(DESTDIR)$(mandir)/man3/BUF_MEM_free.3
	ln -sf BUF_MEM_new.3 $(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3

	ln -sf BUF_MEM_new.3 $(DESTDIR)$(mandir)/man3/BUF_strdup.3

	ln -sf CONF_modules_free.3 $(DESTDIR)$(mandir)/man3/CONF_modules_finish.3
	ln -sf CONF_modules_free.3 $(DESTDIR)$(mandir)/man3/CONF_modules_unload.3


	ln -sf CONF_modules_load_file.3 $(DESTDIR)$(mandir)/man3/CONF_modules_load.3


	ln -sf CRYPTO_set_ex_data.3 $(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3



	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3



	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3

	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_add.3


	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_add_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3

	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_id_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_crypt.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3




	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3







	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_enc_read.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_enc_write.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_fcrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_is_weak_key.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_key_sched.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_quad_cksum.3



	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_random_key.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_set_key_checked.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3




	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_string_to_key.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3
	ln -sf DH_generate_key.3 $(DESTDIR)$(mandir)/man3/DH_compute_key.3
	ln -sf DH_generate_parameters.3 $(DESTDIR)$(mandir)/man3/DH_check.3

	ln -sf DH_generate_parameters.3 $(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3
	ln -sf DH_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DH_get_ex_data.3
	ln -sf DH_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DH_set_ex_data.3

	ln -sf DH_new.3 $(DESTDIR)$(mandir)/man3/DH_free.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_OpenSSL.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_get_default_method.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_get_default_openssl_method.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_new_method.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_set_default_method.3



	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_set_default_openssl_method.3
	ln -sf DSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/DSA_SIG_free.3
	ln -sf DSA_do_sign.3 $(DESTDIR)$(mandir)/man3/DSA_do_verify.3
	ln -sf DSA_generate_parameters.3 $(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3
	ln -sf DSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3
	ln -sf DSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3






	ln -sf DSA_new.3 $(DESTDIR)$(mandir)/man3/DSA_free.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_get_default_method.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_get_default_openssl_method.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_new_method.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_set_default_method.3

	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_set_default_openssl_method.3

	ln -sf DSA_sign.3 $(DESTDIR)$(mandir)/man3/DSA_sign_setup.3
	ln -sf DSA_sign.3 $(DESTDIR)$(mandir)/man3/DSA_verify.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3




	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3

	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3

	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3
















	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_set_method.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_sign.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3

	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_size.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_verify.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_check.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3



	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3




	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3












	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3



	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_free.3


	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3


	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3

	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_copy.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_dup.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_free.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3



	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3











	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3

	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3

	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3





	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_invert.3



	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_mul.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_copy.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_dup.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_free.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3




	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3










	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3

	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3

	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3
	ln -sf ERR_GET_LIB.3 $(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3
	ln -sf ERR_GET_LIB.3 $(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_error_string_n.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_func_error_string.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3


	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_get_error_line.3



	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_error.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3

	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3
	ln -sf ERR_load_crypto_strings.3 $(DESTDIR)$(mandir)/man3/ERR_free_strings.3
	ln -sf ERR_load_crypto_strings.3 $(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3
	ln -sf ERR_load_strings.3 $(DESTDIR)$(mandir)/man3/ERR_PACK.3


	ln -sf ERR_load_strings.3 $(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3
	ln -sf ERR_print_errors.3 $(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3
	ln -sf ERR_put_error.3 $(DESTDIR)$(mandir)/man3/ERR_add_error_data.3
	ln -sf ERR_remove_state.3 $(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3
	ln -sf ERR_set_mark.3 $(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3










	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3

	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3

	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3










	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_type.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_dss.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_dss1.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3









	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_md2.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_md5.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_md_null.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_ripemd160.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha1.3




	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha224.3





	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha256.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha384.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha512.3


	ln -sf EVP_DigestSignInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3
	ln -sf EVP_DigestSignInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3
	ln -sf EVP_DigestVerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3
	ln -sf EVP_DigestVerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherInit.3




	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3





	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3







	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3



	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3







	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3













	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_enc_null.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc4.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc4_40.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3




	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3
	ln -sf EVP_OpenInit.3 $(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3
	ln -sf EVP_OpenInit.3 $(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3




	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3



	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3

	ln -sf EVP_PKEY_CTX_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3
	ln -sf EVP_PKEY_CTX_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3
	ln -sf EVP_PKEY_CTX_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3
	ln -sf EVP_PKEY_cmp.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3

	ln -sf EVP_PKEY_cmp.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3

	ln -sf EVP_PKEY_cmp.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3
	ln -sf EVP_PKEY_decrypt.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3
	ln -sf EVP_PKEY_derive.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3
	ln -sf EVP_PKEY_derive.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3

	ln -sf EVP_PKEY_encrypt.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3









	ln -sf EVP_PKEY_get_default_digest.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3

	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3
	ln -sf EVP_PKEY_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3
	ln -sf EVP_PKEY_print_private.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3

	ln -sf EVP_PKEY_print_private.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3


	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3

	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3
	ln -sf EVP_PKEY_sign.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3
	ln -sf EVP_PKEY_verify.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3
	ln -sf EVP_PKEY_verify_recover.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3
	ln -sf EVP_SealInit.3 $(DESTDIR)$(mandir)/man3/EVP_SealFinal.3
	ln -sf EVP_SealInit.3 $(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3
	ln -sf EVP_SignInit.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3
	ln -sf EVP_SignInit.3 $(DESTDIR)$(mandir)/man3/EVP_SignFinal.3
	ln -sf EVP_SignInit.3 $(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3
	ln -sf EVP_VerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3
	ln -sf EVP_VerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3










	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_Final.3









	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_Init.3
	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_Update.3
	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_cleanup.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2_Final.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2_Init.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2_Update.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4_Final.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4_Init.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4_Update.3


	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD5_Final.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD5_Init.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD5_Update.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_cleanup.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_cmp.3




	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_create.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_dup.3


	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3






	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3
	ln -sf OPENSSL_VERSION_NUMBER.3 $(DESTDIR)$(mandir)/man3/SSLeay.3
	ln -sf OPENSSL_VERSION_NUMBER.3 $(DESTDIR)$(mandir)/man3/SSLeay_version.3
	ln -sf OPENSSL_config.3 $(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3
	ln -sf OPENSSL_load_builtin_modules.3 $(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3
	ln -sf OPENSSL_load_builtin_modules.3 $(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3
	ln -sf OpenSSL_add_all_algorithms.3 $(DESTDIR)$(mandir)/man3/EVP_cleanup.3
	ln -sf OpenSSL_add_all_algorithms.3 $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3

	ln -sf OpenSSL_add_all_algorithms.3 $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3






	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509.3




	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3


	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3




	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3


	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3






	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3


	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3







	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509.3



	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3



	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3






	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3





	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3



	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3
	ln -sf PKCS5_PBKDF2_HMAC.3 $(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3
	ln -sf PKCS7_verify.3 $(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3
	ln -sf RAND_add.3 $(DESTDIR)$(mandir)/man3/RAND_seed.3
	ln -sf RAND_add.3 $(DESTDIR)$(mandir)/man3/RAND_status.3
	ln -sf RAND_bytes.3 $(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3
	ln -sf RAND_load_file.3 $(DESTDIR)$(mandir)/man3/RAND_file_name.3
	ln -sf RAND_load_file.3 $(DESTDIR)$(mandir)/man3/RAND_write_file.3
	ln -sf RAND_set_rand_method.3 $(DESTDIR)$(mandir)/man3/RAND_SSLeay.3
	ln -sf RAND_set_rand_method.3 $(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3
	ln -sf RC4.3 $(DESTDIR)$(mandir)/man3/RC4_set_key.3
	ln -sf RIPEMD160.3 $(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3
	ln -sf RIPEMD160.3 $(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3
	ln -sf RIPEMD160.3 $(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3
	ln -sf RSA_blinding_on.3 $(DESTDIR)$(mandir)/man3/RSA_blinding_off.3
	ln -sf RSA_generate_key.3 $(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3
	ln -sf RSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3
	ln -sf RSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3
	ln -sf RSA_new.3 $(DESTDIR)$(mandir)/man3/RSA_free.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3

	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3














	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DHparams_print.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DHparams_print_fp.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSA_print.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSA_print_fp.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSAparams_print.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/RSA_print_fp.3

	ln -sf RSA_private_encrypt.3 $(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3

	ln -sf RSA_public_encrypt.3 $(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3



	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_flags.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_get_default_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_get_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_new_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_null_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_set_default_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3








	ln -sf RSA_sign.3 $(DESTDIR)$(mandir)/man3/RSA_verify.3
	ln -sf RSA_sign_ASN1_OCTET_STRING.3 $(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3
	ln -sf SHA1.3 $(DESTDIR)$(mandir)/man3/SHA1_Final.3
	ln -sf SHA1.3 $(DESTDIR)$(mandir)/man3/SHA1_Init.3
	ln -sf SHA1.3 $(DESTDIR)$(mandir)/man3/SHA1_Update.3
	ln -sf SSL_CIPHER_get_name.3 $(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3
	ln -sf SSL_CIPHER_get_name.3 $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3

	ln -sf SSL_CIPHER_get_name.3 $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3
	ln -sf SSL_CTX_add_session.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3
	ln -sf SSL_CTX_add_session.3 $(DESTDIR)$(mandir)/man3/SSL_add_session.3
	ln -sf SSL_CTX_add_session.3 $(DESTDIR)$(mandir)/man3/SSL_remove_session.3
	ln -sf SSL_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3



	ln -sf SSL_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3
	ln -sf SSL_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/SSL_ctrl.3
	ln -sf SSL_CTX_flush_sessions.3 $(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3
	ln -sf SSL_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3









	ln -sf SSL_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3

	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3
	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3





	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3


	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3


	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3





	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv23_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv23_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv23_server_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv3_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv3_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv3_server_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_1_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_server_method.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3







	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3
	ln -sf SSL_CTX_sess_set_cache_size.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/get_session_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/new_session_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/remove_session_cb.3
	ln -sf SSL_CTX_set_cert_store.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3










	ln -sf SSL_CTX_set_cipher_list.3 $(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3
	ln -sf SSL_CTX_set_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3
	ln -sf SSL_CTX_set_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3

	ln -sf SSL_CTX_set_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3
	ln -sf SSL_CTX_set_client_cert_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3
	ln -sf SSL_CTX_set_client_cert_cb.3 $(DESTDIR)$(mandir)/man3/client_cert_cb.3
	ln -sf SSL_CTX_set_default_passwd_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3
	ln -sf SSL_CTX_set_default_passwd_cb.3 $(DESTDIR)$(mandir)/man3/pem_passwd_cb.3
	ln -sf SSL_CTX_set_generate_session_id.3 $(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3
	ln -sf SSL_CTX_set_generate_session_id.3 $(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3
	ln -sf SSL_CTX_set_info_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3








	ln -sf SSL_CTX_set_info_callback.3 $(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3



	ln -sf SSL_CTX_set_info_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3
	ln -sf SSL_CTX_set_max_cert_list.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3
	ln -sf SSL_CTX_set_max_cert_list.3 $(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3
	ln -sf SSL_CTX_set_max_cert_list.3 $(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3
	ln -sf SSL_CTX_set_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3
	ln -sf SSL_CTX_set_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_mode.3
	ln -sf SSL_CTX_set_mode.3 $(DESTDIR)$(mandir)/man3/SSL_set_mode.3
	ln -sf SSL_CTX_set_msg_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3
	ln -sf SSL_CTX_set_msg_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3
	ln -sf SSL_CTX_set_msg_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_clear_options.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_get_options.3




	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3

	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_set_options.3



	ln -sf SSL_CTX_set_psk_client_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_psk_client_callback.3
	ln -sf SSL_CTX_set_quiet_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3
	ln -sf SSL_CTX_set_quiet_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3
	ln -sf SSL_CTX_set_quiet_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3
	ln -sf SSL_CTX_set_session_cache_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3



	ln -sf SSL_CTX_set_session_id_context.3 $(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3
	ln -sf SSL_CTX_set_ssl_version.3 $(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3
	ln -sf SSL_CTX_set_ssl_version.3 $(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3



	ln -sf SSL_CTX_set_timeout.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3
	ln -sf SSL_CTX_set_tmp_dh_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3
	ln -sf SSL_CTX_set_tmp_dh_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3
	ln -sf SSL_CTX_set_tmp_dh_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3
	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_rsa.3
	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3
	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3

	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3

	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3


	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3


	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3
	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/SSL_set_verify.3
	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3
	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/verify_callback.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3






	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3


	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3


	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_check_private_key.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3


	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_certificate.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3

	ln -sf SSL_CTX_use_psk_identity_hint.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_psk_server_callback.3




	ln -sf SSL_CTX_use_psk_identity_hint.3 $(DESTDIR)$(mandir)/man3/SSL_set_psk_server_callback.3


	ln -sf SSL_CTX_use_psk_identity_hint.3 $(DESTDIR)$(mandir)/man3/SSL_use_psk_identity_hint.3
	ln -sf SSL_SESSION_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3

	ln -sf SSL_SESSION_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3

	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3




	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_get_time.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_get_timeout.3

	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_set_time.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_set_timeout.3



	ln -sf SSL_alert_type_string.3 $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3
	ln -sf SSL_alert_type_string.3 $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3
	ln -sf SSL_alert_type_string.3 $(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3
	ln -sf SSL_get_ciphers.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3
	ln -sf SSL_get_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3
	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher.3


	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3
	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3
	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3
	ln -sf SSL_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3
	ln -sf SSL_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3



	ln -sf SSL_get_fd.3 $(DESTDIR)$(mandir)/man3/SSL_get_rfd.3
	ln -sf SSL_get_fd.3 $(DESTDIR)$(mandir)/man3/SSL_get_wfd.3
	ln -sf SSL_get_psk_identity.3 $(DESTDIR)$(mandir)/man3/SSL_get_psk_identity_hint.3
	ln -sf SSL_get_rbio.3 $(DESTDIR)$(mandir)/man3/SSL_get_wbio.3
	ln -sf SSL_get_session.3 $(DESTDIR)$(mandir)/man3/SSL_get0_session.3
	ln -sf SSL_get_session.3 $(DESTDIR)$(mandir)/man3/SSL_get1_session.3
	ln -sf SSL_library_init.3 $(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3

	ln -sf SSL_library_init.3 $(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3
	ln -sf SSL_rstate_string.3 $(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3



	ln -sf SSL_set_connect_state.3 $(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3
	ln -sf SSL_set_fd.3 $(DESTDIR)$(mandir)/man3/SSL_set_rfd.3


	ln -sf SSL_set_fd.3 $(DESTDIR)$(mandir)/man3/SSL_set_wfd.3
	ln -sf SSL_set_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3
	ln -sf SSL_state_string.3 $(DESTDIR)$(mandir)/man3/SSL_state_string_long.3
	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_nothing.3



	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_read.3




	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_write.3


	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/ERR_load_UI_strings.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_OpenSSL.3




	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_error_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_info_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_input_string.3


	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_user_data.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_verify_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_construct_prompt.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_ctrl.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_error_string.3

	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_info_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_input_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3

	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_free.3


	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get0_result.3

	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get0_user_data.3












	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get_default_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_new_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_process.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_set_default_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_set_method.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3
	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3
	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3
	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3

	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3
	ln -sf X509_NAME_print_ex.3 $(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3
	ln -sf X509_NAME_print_ex.3 $(DESTDIR)$(mandir)/man3/X509_NAME_print.3
	ln -sf X509_NAME_print_ex.3 $(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3
	ln -sf X509_STORE_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3
	ln -sf X509_STORE_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3












	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3

	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3


	ln -sf X509_STORE_set_verify_cb_func.3 $(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3


	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3




	ln -sf X509_new.3 $(DESTDIR)$(mandir)/man3/X509_free.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_add_words.3



	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_check_top.3



	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_cmp_words.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_div_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_expand.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_expand2.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_fix_top.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_add_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_comba4.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_comba8.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_high.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_normal.3



	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_recursive.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_print.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_set_high.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_set_low.3

	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_set_max.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_normal.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sub_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_wexpand.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/mul.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/mul_add.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/sqr.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_dispatch.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_done.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_freereq.3




	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_freesession.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_get_driverid.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_getreq.3

	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_newsession.3






	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_register.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_unregister.3


	ln -sf d2i_ASN1_OBJECT.3 $(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3
	ln -sf d2i_DHparams.3 $(DESTDIR)$(mandir)/man3/i2d_DHparams.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3




	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSAparams.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3


	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSAparams.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/ECPKParameters_print.3

	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3

	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3






	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3
	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3



	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3


	ln -sf d2i_SSL_SESSION.3 $(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3
	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/d2i_X509_bio.3
	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/d2i_X509_fp.3

	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/i2d_X509.3

	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/i2d_X509_bio.3




	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/i2d_X509_fp.3
	ln -sf d2i_X509_ALGOR.3 $(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3
	ln -sf d2i_X509_NAME.3 $(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3
	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3
	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3



	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3




	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3


	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3
	ln -sf d2i_X509_SIG.3 $(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3
	ln -sf des_read_pw.3 $(DESTDIR)$(mandir)/man3/des_read_2passwords.3
	ln -sf des_read_pw.3 $(DESTDIR)$(mandir)/man3/des_read_password.3
	ln -sf des_read_pw.3 $(DESTDIR)$(mandir)/man3/des_read_pw_string.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_add.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_by_id.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_finish.3



	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_first.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_last.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_next.3



	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3




	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_init.3

	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_remove.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3


	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_delete.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_doall.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_doall_arg.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_error.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_free.3


	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_insert.3












	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_retrieve.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_stats.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_stats_bio.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_accept_fds.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_accept_socket.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_client.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_close.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_free.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3



	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_new.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_protocols.3












	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_verify.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_verify_client.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_configure.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_conn_cipher.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_conn_version.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect.3


	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect_fds.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect_servername.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect_socket.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_error.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_free.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_handshake.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_load_file.3










	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_read.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_reset.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_server.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_write.3

uninstall-local:



	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3




















	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_decrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_eof.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_flush.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_close.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_pending.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_reset.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_seek.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_close.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_tell.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_wpending.3
	-rm -f $(DESTDIR)$(mandir)/man3/bio_info_cb.3












	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_do_handshake.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_ssl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_ssl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3


	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_method_type.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_next.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_free_all.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_vfree.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_pop.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_gets.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_puts.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_write.3






	-rm -f $(DESTDIR)$(mandir)/man3/BIO_do_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3


















	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_read_request.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3













	-rm -f $(DESTDIR)$(mandir)/man3/BIO_do_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_nbio.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_append_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_read_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_rw_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_write_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_socket.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_debug_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3















	-rm -f $(DESTDIR)$(mandir)/man3/BIO_retry_type.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_should_io_special.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_should_read.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_should_write.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3




	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_end.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_get.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_div.3






	-rm -f $(DESTDIR)$(mandir)/man3/BN_exp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_gcd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_add.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_exp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_sqr.3


	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_sub.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mul.3









	-rm -f $(DESTDIR)$(mandir)/man3/BN_nnmod.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_sqr.3




	-rm -f $(DESTDIR)$(mandir)/man3/BN_sub.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_div_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mul_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_sub_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bin2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bn2dec.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bn2hex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bn2mpi.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_dec2bn.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_hex2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mpi2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_print_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_odd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_one.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_zero.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_ucmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_GENCB_call.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_GENCB_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3













	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3







	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3


	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_from_montgomery.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_to_montgomery.3



	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_div_recp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_clear.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_clear_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_init.3







	-rm -f $(DESTDIR)$(mandir)/man3/BN_num_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_num_bits_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_rand_range.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_clear_bit.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_bit_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_lshift.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_lshift1.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mask_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_rshift.3




	-rm -f $(DESTDIR)$(mandir)/man3/BN_rshift1.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_get_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_one.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_set_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_value_one.3
	-rm -f $(DESTDIR)$(mandir)/man3/BUF_MEM_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3

	-rm -f $(DESTDIR)$(mandir)/man3/BUF_strdup.3

	-rm -f $(DESTDIR)$(mandir)/man3/CONF_modules_finish.3
	-rm -f $(DESTDIR)$(mandir)/man3/CONF_modules_unload.3





	-rm -f $(DESTDIR)$(mandir)/man3/CONF_modules_load.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3



	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3

	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3

	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3

	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_add.3



	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_add_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_id_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_crypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3




	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3






	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_enc_read.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_enc_write.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_fcrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_is_weak_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_key_sched.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3




	-rm -f $(DESTDIR)$(mandir)/man3/DES_quad_cksum.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_random_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_set_key_checked.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_string_to_key.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DH_compute_key.3


	-rm -f $(DESTDIR)$(mandir)/man3/DH_check.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_get_ex_data.3



	-rm -f $(DESTDIR)$(mandir)/man3/DH_set_ex_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/DH_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_OpenSSL.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_get_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_get_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_set_default_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/DH_set_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_SIG_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_do_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3






	-rm -f $(DESTDIR)$(mandir)/man3/DSA_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_get_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_get_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_set_default_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_set_default_openssl_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_sign_setup.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_verify.3




	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3




	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_set_method.3








	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_sign.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_verify.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_check.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3




	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3












	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3






	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_copy.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3












	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_invert.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_copy.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3






	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3









	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3


	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_error_string_n.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_func_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3

	-rm -f $(DESTDIR)$(mandir)/man3/ERR_get_error_line.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3


	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_free_strings.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_PACK.3



	-rm -f $(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_add_error_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3












	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_dss.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_dss1.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3









	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_md2.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_md5.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_md_null.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_ripemd160.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha1.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha224.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha256.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha384.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha512.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3






	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherInit.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ecb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ofb.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_enc_null.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc4.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc4_40.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3





	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SealFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SignFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3











	-rm -f $(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_Init.3



	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_cleanup.3


	-rm -f $(DESTDIR)$(mandir)/man3/MD2.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD2_Final.3

	-rm -f $(DESTDIR)$(mandir)/man3/MD2_Init.3

	-rm -f $(DESTDIR)$(mandir)/man3/MD2_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4_Update.3


	-rm -f $(DESTDIR)$(mandir)/man3/MD5_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD5_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD5_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_cleanup.3





	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_create.3


	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3

	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3




	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLeay.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLeay_version.3

	-rm -f $(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cleanup.3

	-rm -f $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3
	-rm -f $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3








	-rm -f $(DESTDIR)$(mandir)/man3/PEM.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3


	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509.3


	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3





	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3









	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3










	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3



	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509.3


	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3






	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3



	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3

	-rm -f $(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3
	-rm -f $(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_seed.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_status.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_file_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_write_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_SSLeay.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RC4_set_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_blinding_off.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3








	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3


	-rm -f $(DESTDIR)$(mandir)/man3/DHparams_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/DHparams_print_fp.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_print.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_print_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSAparams_print.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_print_fp.3





	-rm -f $(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_null_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_set_default_method.3




	-rm -f $(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3
	-rm -f $(DESTDIR)$(mandir)/man3/SHA1_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/SHA1_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/SHA1_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_add_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_remove_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_ctrl.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSLv23_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv23_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSLv23_server_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv3_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv3_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv3_server_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_1_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_server_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/get_session_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/new_session_cb.3



	-rm -f $(DESTDIR)$(mandir)/man3/remove_session_cb.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/client_cert_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3
	-rm -f $(DESTDIR)$(mandir)/man3/pem_passwd_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_clear_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3










	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_psk_client_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_rsa.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_verify.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/verify_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_check_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_certificate.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_psk_server_callback.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_psk_server_callback.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_psk_identity_hint.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_time.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_time.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_timeout.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_rfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_wfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_psk_identity_hint.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_wbio.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get0_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get1_session.3


	-rm -f $(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3




	-rm -f $(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_rfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_wfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3




	-rm -f $(DESTDIR)$(mandir)/man3/SSL_state_string_long.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_nothing.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_read.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_write.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_load_UI_strings.3

	-rm -f $(DESTDIR)$(mandir)/man3/UI_OpenSSL.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_info_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_input_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_user_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_verify_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_construct_prompt.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_error_string.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_info_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_input_string.3





	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/UI_get0_result.3




	-rm -f $(DESTDIR)$(mandir)/man3/UI_get0_user_data.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_get_default_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/UI_get_method.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_process.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_set_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_set_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3


	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3










	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3


	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3


	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3




	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_free.3


	-rm -f $(DESTDIR)$(mandir)/man3/bn_add_words.3



	-rm -f $(DESTDIR)$(mandir)/man3/bn_check_top.3


	-rm -f $(DESTDIR)$(mandir)/man3/bn_cmp_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_div_words.3



	-rm -f $(DESTDIR)$(mandir)/man3/bn_expand.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_expand2.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_fix_top.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_add_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_comba4.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_comba8.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_high.3

	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3



	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_normal.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_recursive.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_set_high.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_set_low.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_set_max.3


	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3

	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_normal.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sub_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_wexpand.3

	-rm -f $(DESTDIR)$(mandir)/man3/mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/mul_add.3
	-rm -f $(DESTDIR)$(mandir)/man3/sqr.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_dispatch.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_done.3

	-rm -f $(DESTDIR)$(mandir)/man3/crypto_freereq.3

	-rm -f $(DESTDIR)$(mandir)/man3/crypto_freesession.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_get_driverid.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_getreq.3

	-rm -f $(DESTDIR)$(mandir)/man3/crypto_newsession.3






	-rm -f $(DESTDIR)$(mandir)/man3/crypto_register.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_unregister.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSAparams.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3


	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSAparams.3


	-rm -f $(DESTDIR)$(mandir)/man3/ECPKParameters_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3


	-rm -f $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3


	-rm -f $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3







	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3




	-rm -f $(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3


	-rm -f $(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_bio.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_fp.3


	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_bio.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3












	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/des_read_2passwords.3
	-rm -f $(DESTDIR)$(mandir)/man3/des_read_password.3
	-rm -f $(DESTDIR)$(mandir)/man3/des_read_pw_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_add.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_by_id.3


	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_finish.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_first.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_last.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_next.3


	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3




	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_init.3

	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_remove.3



	-rm -f $(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3

	-rm -f $(DESTDIR)$(mandir)/man3/lh_delete.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_doall.3



	-rm -f $(DESTDIR)$(mandir)/man3/lh_doall_arg.3

	-rm -f $(DESTDIR)$(mandir)/man3/lh_error.3














	-rm -f $(DESTDIR)$(mandir)/man3/lh_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_insert.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_retrieve.3

	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_stats.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_stats_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_accept_fds.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_accept_socket.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_client.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_close.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_new.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3


	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3








	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_protocols.3


	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_verify_client.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3



	-rm -f $(DESTDIR)$(mandir)/man3/tls_configure.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_conn_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_conn_version.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect_fds.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect_servername.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect_socket.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_handshake.3





	-rm -f $(DESTDIR)$(mandir)/man3/tls_load_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_read.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_reset.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_server.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_write.3







>







>
>



<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


|
|
<
<
|
<
<
<
<
<







>










>








>









>
>




>








|










>
>


>

>
>
>
>
>
>
>
>

>


>

>

|
>
>
|
|




>



>
>
|
|
|
|




>














|
|
|
>
>
>
>
|
>
>
>
>
>
>
>
>



>

>
>
>
>




>
>


>
>
>
>
>
>
>
>
>

>

>
>
>
|

>
>
>
>

>


>
>
>
>
>
>
>
>
>
>
>
>

>


>

>



|
|
|
>
>
|
|
>
|
>
>
>
>
>
|
|
|
>
|

>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
|
|
|
|
|
>
|
|
>
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
>
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
>
>
|
>
|
|
>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
|
|
>
>
>
|
|
>
|
>
|
|
>
>
|
>
>
|
|
>
>
>
|
|
>
>
>
|
|
|
|
|
>
|
>
>
|
|
|
>
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
>
|
>
>
|
>
|
|
>
>
|
>
|
>
>
>
>
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
|
|
|
|
>
>
|
>
>
>
>
|
>
>
|
|
|
>
|
|
|
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
>
|
>
|
|
|
|
|
>
>
>
>
|
>
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
|
>
>
|
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
>
|
|
|
>
>
>
>
>
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
|
>
|
|
|
|
|
|
|
>
>
|
>
>
>
|
|
|
>
|
|
|
|
|
|
|
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
>
>
|
>
>
>
>
>
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
>
>
|
|
|
>
|
>
|
>
>
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
|
>
|
>
|
|
>
>
>
>
|
|
>
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
>
|
>
>
>
|
|
|
|
|
>
|
|
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
|
|
>
|
|
|
|
|
>
|
|
>
>
|
|
|
|
|
|
>
>
|
|
>
>
>
>
|
|
|
|
|
>
>
>
>
|
|
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
>
|
>
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
>
|
|
|
>
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
>
|
|
>
>
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
>
>
>
>
>
|
|
>
|
>
|
|
|
>
|
>
|
|
|
|
|
|
>
>
>
>
|
|
|
>
>
|
|
|
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
>
|
>
>
|
>
>
>
>
>
>
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
|
|
>
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
>
>
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
>
|
>
>
>
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
>
>
>
|
|
|
|
>
>
>
>
>
>
>
>
>
|
>
|
|
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
>
|
>
>
>
|
|
|
|
|
>
>
>
|
|
|
>
>
>
|
|
|
|
|
|
|
>
|
>
|
>
>
|
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
>
>
|
|
|
>
>
|
|
|
>
|
|
|
|
>
|
|
>
>
|
>
|
|
>
|
>
|
>
>
>
>
|
>
>
|
|
>
|
|
|
>
|
>
>
>
>
|
|
>
|
|
>
>
>
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
>
|
|
>
>
>
|
|
>
>
|
|
|
|
>
>
>
|
>
>
>
>
|
>
>
|
|
|
>
>
>
>
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
>
|
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
>
|
>
>
|
>
>
>
|
>
>
>
|
>
>
|
|
|
>
>
|
|
|
|
|
|
|
>
>
|
>
>
>
|
|
|
|
|
|
>
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
>
|
>
>
>
>
>
>
|
|
>
>
|
|
|
|
>
>
>
>
|
|
|
|
|
>
>
|
|
|
>
|
|
>
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
>
>
>
|
>
|
>
|
>
|
>
|
>
|
>
>
|
|
|
>
|
>
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
|
>
>
>
>
|
>
>
|
|
|
|
|
|
|
|
>
>
>
|
|
|
>
>
>
|
>
>
>
>
|
>
|
|
|
>
>
|
|
|
|
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
|
|
|
|
|
|
>
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
>
|
|
|
|
|
|
|


>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
>
|
>
>
>
>
>
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
|
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
>
|
|
>
>
>
>
>
>
>
|
>
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
>
|
|
>
|
|
|
|
>
|
>
|
|
>
>
>
>
>
|
|
>
>
>
|
|
>
|
>
|
|
|
|
|
>
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
>
|
>
>
|
>
|
|
>
>
|
>
|
>
>
>
>
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
>
|
>
|
>
>
>
>
|
|
|
|
|
|
|
>
|
>
|
>
>
|
|
|
>
>
>
|
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
>
|
>
|
|
>
>
>
>
|
|
>
|
>
|
>
|
|
>
|
|
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
>
|
|
|
|
|
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
|
>
|
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
>
|
>
>
|
|
|
|
|
|
|
>
|
|
>
>
|
|
|
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
|
>
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
>
|
|
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
>
>
>
|
|
>
|
>
>
>
|
|
|
|
|
>
|
|
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
>
>
|
>
|
|
|
>
>
>
|
>
|
|
>
>
|
>
|
|
>
|
>
>
>
|
|
|
|
|
|
>
>
|
>
>
|
>
|
|
>
|
>
>
>
|
|
|
>
|
>
|
|
>
>
|
>
|
|
>
>
>
|
|
>
|
|
|
|
|
|
|
|
>
|
|
>
|
>
>
|
|
>
>
>
|
>
>
>
>
|
|
|
|
>
|
|
|
>
|
|
>
|
|
|
|
>
>
|
|
>
>
>
>
|
|
>
|
>
>
|
|
>
>
>
>
|
|
|
|
|
>
>
>
>
|
|
>
>
|
|
|
|
>
|
|
|
>
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
|
>
>
>
>
>
|
|
|
|
|
>
|
|
>
>
|
>
>
|
|
|
>
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
>
>
>
|
|
>
>
|
|
>
|
>
|
|
|
|
|
>
>
|
|
|
|
>
>
>
>
>
|
|
>
>
|
|
|
>
|
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
>
>
|
>
|
|
>
>
>
>
>
>
>
>
|
|
|
>
|
>
>
|
|
|
>
|
>
|
|
>
|
|
|
>
>
|
|
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
|
|
>
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
|
>
|
|
>
|
>
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
>
|
|
|
>
>
>
>
>
>
>
>
|
|
>
>
|
|
>
|
>
|
|
>
|
|
>
>
>
>
>
|
|
|
>
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
>
|
|
>
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
|
>
|
>
>
|
>
>
>
|
|
>
>
>
|
|
|
|
|
|
>
|
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
>
>
|
>
>
>
|
|
|
|
|
|
|
|
>
>
>
|
>
>
|
>
>
>
>
>
>
|
|
|
>
|
|
|
|
|
|
|
|
>
|
>
>
>
|
>
>
>
>
>
>
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
>
>
>
|
>
>
>
|
|
|
>
>
>
|
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
|
|
>
>
|
|
|
>
|
|
|
|
>
|
|
>
>
|
>
|
|
>
>
>
|
>
|
>
>
|
>
>
|
|
|
|
|
|
|
|
|
>
>
>
|
>
>
|
|
>
>
>
|
|
|
>
|
|
>
>
|
|
>
|
|
>
>
>
|
|
|
|
|
|
>
>
|
>
>
>
>
|
|
>
>
|
|
|
|
>
>
>
>
|
|
>
>
|
>
>
|
|
|
>
|
>
>
|
|
|
|
|
>
|
|
|
|
>
>
|
|
|
>
>
>
>
>
|
|
>
|
>
>
>
>
|
>
>
|
>
>
>
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
>
|
|
|
|
|
>
|
>
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
|
|
|
>
>
|
|
|
|
|
>
>
|
|
|
|
>
>
>
>
|
|
>
|
|
|
>
>
|
>
>
>
|
>
>
|
|
>
>
>
|
|
|
|
|
|
|
>
|
|
>
>
>
|
|
|
|
|
|
|
|
>
>
|
>
|
|
|
|
|
|
>
|
|
|
|
|
>
|
>
|
|
|
>
|
>
>
>
>
>
>
|
|
>
|
|
|
|
|
|
>
|
|
>
>
|
|
|
>
>
|
|
>
>
|
>
>
|
|
|
>
>
>
>
>
>
>
|
|
|
>
|
|
|
>
>
>
>
|
>
|
>
|
|
|
>
|
>
>
|
|
|
>
|
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
>
>
|
>
>
>
>
|
>
|
|
>
>
>
|
|
|
|
|
>
|
|
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
>
|
|
>
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
|
>
|
|
|
|
|
>
|
|
|
|
>
|
|
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
















159
160
161
162


163





164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587

588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657

2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
dist_man_MANS += BN_CTX_start.3
dist_man_MANS += BN_add.3
dist_man_MANS += BN_add_word.3
dist_man_MANS += BN_bn2bin.3
dist_man_MANS += BN_cmp.3
dist_man_MANS += BN_copy.3
dist_man_MANS += BN_generate_prime.3
dist_man_MANS += BN_get0_nist_prime_521.3
dist_man_MANS += BN_mod_inverse.3
dist_man_MANS += BN_mod_mul_montgomery.3
dist_man_MANS += BN_mod_mul_reciprocal.3
dist_man_MANS += BN_new.3
dist_man_MANS += BN_num_bytes.3
dist_man_MANS += BN_rand.3
dist_man_MANS += BN_set_bit.3
dist_man_MANS += BN_set_flags.3
dist_man_MANS += BN_set_negative.3
dist_man_MANS += BN_swap.3
dist_man_MANS += BN_zero.3
dist_man_MANS += BUF_MEM_new.3
















dist_man_MANS += CONF_modules_free.3
dist_man_MANS += CONF_modules_load_file.3
dist_man_MANS += CRYPTO_get_mem_functions.3
dist_man_MANS += CRYPTO_set_ex_data.3


dist_man_MANS += CRYPTO_set_locking_callback.3





dist_man_MANS += DES_set_key.3
dist_man_MANS += DH_generate_key.3
dist_man_MANS += DH_generate_parameters.3
dist_man_MANS += DH_get_ex_new_index.3
dist_man_MANS += DH_new.3
dist_man_MANS += DH_set_method.3
dist_man_MANS += DH_size.3
dist_man_MANS += DIST_POINT_new.3
dist_man_MANS += DSA_SIG_new.3
dist_man_MANS += DSA_do_sign.3
dist_man_MANS += DSA_dup_DH.3
dist_man_MANS += DSA_generate_key.3
dist_man_MANS += DSA_generate_parameters.3
dist_man_MANS += DSA_get_ex_new_index.3
dist_man_MANS += DSA_new.3
dist_man_MANS += DSA_set_method.3
dist_man_MANS += DSA_sign.3
dist_man_MANS += DSA_size.3
dist_man_MANS += ECDSA_SIG_new.3
dist_man_MANS += EC_GFp_simple_method.3
dist_man_MANS += EC_GROUP_copy.3
dist_man_MANS += EC_GROUP_new.3
dist_man_MANS += EC_KEY_new.3
dist_man_MANS += EC_POINT_add.3
dist_man_MANS += EC_POINT_new.3
dist_man_MANS += ERR.3
dist_man_MANS += ERR_GET_LIB.3
dist_man_MANS += ERR_asprintf_error_data.3
dist_man_MANS += ERR_clear_error.3
dist_man_MANS += ERR_error_string.3
dist_man_MANS += ERR_get_error.3
dist_man_MANS += ERR_load_crypto_strings.3
dist_man_MANS += ERR_load_strings.3
dist_man_MANS += ERR_print_errors.3
dist_man_MANS += ERR_put_error.3
dist_man_MANS += ERR_remove_state.3
dist_man_MANS += ERR_set_mark.3
dist_man_MANS += ESS_SIGNING_CERT_new.3
dist_man_MANS += EVP_AEAD_CTX_init.3
dist_man_MANS += EVP_BytesToKey.3
dist_man_MANS += EVP_DigestInit.3
dist_man_MANS += EVP_DigestSignInit.3
dist_man_MANS += EVP_DigestVerifyInit.3
dist_man_MANS += EVP_EncodeInit.3
dist_man_MANS += EVP_EncryptInit.3
dist_man_MANS += EVP_OpenInit.3
dist_man_MANS += EVP_PKEY_CTX_ctrl.3
dist_man_MANS += EVP_PKEY_CTX_new.3
dist_man_MANS += EVP_PKEY_cmp.3
dist_man_MANS += EVP_PKEY_decrypt.3
dist_man_MANS += EVP_PKEY_derive.3
dist_man_MANS += EVP_PKEY_encrypt.3
dist_man_MANS += EVP_PKEY_get_default_digest_nid.3
dist_man_MANS += EVP_PKEY_keygen.3
dist_man_MANS += EVP_PKEY_new.3
dist_man_MANS += EVP_PKEY_print_private.3
dist_man_MANS += EVP_PKEY_set1_RSA.3
dist_man_MANS += EVP_PKEY_sign.3
dist_man_MANS += EVP_PKEY_verify.3
dist_man_MANS += EVP_PKEY_verify_recover.3
dist_man_MANS += EVP_SealInit.3
dist_man_MANS += EVP_SignInit.3
dist_man_MANS += EVP_VerifyInit.3
dist_man_MANS += EXTENDED_KEY_USAGE_new.3
dist_man_MANS += GENERAL_NAME_new.3
dist_man_MANS += HMAC.3
dist_man_MANS += MD5.3
dist_man_MANS += NAME_CONSTRAINTS_new.3
dist_man_MANS += OBJ_nid2obj.3
dist_man_MANS += OCSP_CRLID_new.3
dist_man_MANS += OCSP_REQUEST_new.3
dist_man_MANS += OCSP_SERVICELOC_new.3
dist_man_MANS += OCSP_cert_to_id.3
dist_man_MANS += OCSP_request_add1_nonce.3
dist_man_MANS += OCSP_resp_find_status.3
dist_man_MANS += OCSP_response_status.3
dist_man_MANS += OCSP_sendreq_new.3
dist_man_MANS += OPENSSL_VERSION_NUMBER.3
dist_man_MANS += OPENSSL_cleanse.3
dist_man_MANS += OPENSSL_config.3
dist_man_MANS += OPENSSL_load_builtin_modules.3
dist_man_MANS += OPENSSL_malloc.3
dist_man_MANS += OpenSSL_add_all_algorithms.3
dist_man_MANS += PEM_read.3
dist_man_MANS += PEM_read_bio_PrivateKey.3
dist_man_MANS += PEM_write_bio_PKCS7_stream.3
dist_man_MANS += PKCS12_SAFEBAG_new.3
dist_man_MANS += PKCS12_create.3
dist_man_MANS += PKCS12_new.3
dist_man_MANS += PKCS12_newpass.3
dist_man_MANS += PKCS12_parse.3
dist_man_MANS += PKCS5_PBKDF2_HMAC.3
dist_man_MANS += PKCS7_decrypt.3
dist_man_MANS += PKCS7_encrypt.3
dist_man_MANS += PKCS7_new.3
dist_man_MANS += PKCS7_sign.3
dist_man_MANS += PKCS7_sign_add_signer.3
dist_man_MANS += PKCS7_verify.3
dist_man_MANS += PKCS8_PRIV_KEY_INFO_new.3
dist_man_MANS += PKEY_USAGE_PERIOD_new.3
dist_man_MANS += POLICYINFO_new.3
dist_man_MANS += PROXY_POLICY_new.3
dist_man_MANS += RAND_add.3
dist_man_MANS += RAND_bytes.3
dist_man_MANS += RAND_load_file.3
dist_man_MANS += RAND_set_rand_method.3
dist_man_MANS += RC4.3
dist_man_MANS += RIPEMD160.3
dist_man_MANS += RSA_PSS_PARAMS_new.3
dist_man_MANS += RSA_blinding_on.3
dist_man_MANS += RSA_check_key.3
dist_man_MANS += RSA_generate_key.3
dist_man_MANS += RSA_get_ex_new_index.3
dist_man_MANS += RSA_new.3
dist_man_MANS += RSA_padding_add_PKCS1_type_1.3
dist_man_MANS += RSA_print.3
dist_man_MANS += RSA_private_encrypt.3
dist_man_MANS += RSA_public_encrypt.3
dist_man_MANS += RSA_set_method.3
dist_man_MANS += RSA_sign.3
dist_man_MANS += RSA_sign_ASN1_OCTET_STRING.3
dist_man_MANS += RSA_size.3
dist_man_MANS += SHA1.3
dist_man_MANS += SMIME_read_PKCS7.3
dist_man_MANS += SMIME_write_PKCS7.3
dist_man_MANS += SXNET_new.3
dist_man_MANS += TS_REQ_new.3
dist_man_MANS += UI_UTIL_read_pw.3
dist_man_MANS += UI_create_method.3
dist_man_MANS += UI_get_string_type.3
dist_man_MANS += UI_new.3
dist_man_MANS += X509V3_get_d2i.3
dist_man_MANS += X509_ALGOR_dup.3
dist_man_MANS += X509_ATTRIBUTE_new.3
dist_man_MANS += X509_CINF_new.3
dist_man_MANS += X509_CRL_get0_by_serial.3
dist_man_MANS += X509_CRL_new.3
dist_man_MANS += X509_EXTENSION_set_object.3
dist_man_MANS += X509_LOOKUP_hash_dir.3
dist_man_MANS += X509_NAME_ENTRY_get_object.3
dist_man_MANS += X509_NAME_add_entry_by_txt.3
dist_man_MANS += X509_NAME_get_index_by_NID.3
dist_man_MANS += X509_NAME_new.3
dist_man_MANS += X509_NAME_print_ex.3
dist_man_MANS += X509_PUBKEY_new.3
dist_man_MANS += X509_REQ_new.3
dist_man_MANS += X509_REVOKED_new.3
dist_man_MANS += X509_SIG_new.3
dist_man_MANS += X509_STORE_CTX_get_error.3
dist_man_MANS += X509_STORE_CTX_get_ex_new_index.3
dist_man_MANS += X509_STORE_CTX_new.3
dist_man_MANS += X509_STORE_CTX_set_verify_cb.3
dist_man_MANS += X509_STORE_load_locations.3
dist_man_MANS += X509_STORE_set1_param.3
dist_man_MANS += X509_STORE_set_verify_cb_func.3
dist_man_MANS += X509_VERIFY_PARAM_set_flags.3
dist_man_MANS += X509_check_ca.3
dist_man_MANS += X509_check_host.3
dist_man_MANS += X509_check_issued.3
dist_man_MANS += X509_cmp_time.3
dist_man_MANS += X509_digest.3
dist_man_MANS += X509_get_pubkey.3
dist_man_MANS += X509_get_serialNumber.3
dist_man_MANS += X509_get_subject_name.3
dist_man_MANS += X509_get_version.3
dist_man_MANS += X509_new.3
dist_man_MANS += X509_sign.3
dist_man_MANS += X509_verify_cert.3
dist_man_MANS += X509v3_get_ext_by_NID.3
dist_man_MANS += bn_dump.3
dist_man_MANS += crypto.3
dist_man_MANS += d2i_ASN1_NULL.3
dist_man_MANS += d2i_ASN1_OBJECT.3
dist_man_MANS += d2i_ASN1_OCTET_STRING.3
dist_man_MANS += d2i_ASN1_SEQUENCE_ANY.3
dist_man_MANS += d2i_AUTHORITY_KEYID.3
dist_man_MANS += d2i_BASIC_CONSTRAINTS.3
dist_man_MANS += d2i_DHparams.3
dist_man_MANS += d2i_DIST_POINT.3
dist_man_MANS += d2i_DSAPublicKey.3
dist_man_MANS += d2i_ECPKParameters.3
dist_man_MANS += d2i_ESS_SIGNING_CERT.3
dist_man_MANS += d2i_GENERAL_NAME.3
dist_man_MANS += d2i_OCSP_REQUEST.3
dist_man_MANS += d2i_OCSP_RESPONSE.3
dist_man_MANS += d2i_PKCS12.3
dist_man_MANS += d2i_PKCS7.3
dist_man_MANS += d2i_PKCS8PrivateKey_bio.3
dist_man_MANS += d2i_PKCS8_PRIV_KEY_INFO.3
dist_man_MANS += d2i_PKEY_USAGE_PERIOD.3
dist_man_MANS += d2i_POLICYINFO.3
dist_man_MANS += d2i_PROXY_POLICY.3
dist_man_MANS += d2i_PrivateKey.3
dist_man_MANS += d2i_RSAPublicKey.3
dist_man_MANS += d2i_TS_REQ.3
dist_man_MANS += d2i_X509.3
dist_man_MANS += d2i_X509_ALGOR.3
dist_man_MANS += d2i_X509_ATTRIBUTE.3
dist_man_MANS += d2i_X509_CRL.3
dist_man_MANS += d2i_X509_EXTENSION.3
dist_man_MANS += d2i_X509_NAME.3
dist_man_MANS += d2i_X509_REQ.3
dist_man_MANS += d2i_X509_SIG.3
dist_man_MANS += des_read_pw.3
dist_man_MANS += engine.3
dist_man_MANS += evp.3
dist_man_MANS += get_rfc3526_prime_8192.3
dist_man_MANS += i2d_PKCS7_bio_stream.3
dist_man_MANS += lh_new.3
dist_man_MANS += lh_stats.3
dist_man_MANS += tls_accept_socket.3
dist_man_MANS += tls_client.3
dist_man_MANS += tls_config_ocsp_require_stapling.3
dist_man_MANS += tls_config_set_protocols.3
dist_man_MANS += tls_config_set_session_id.3
dist_man_MANS += tls_config_verify.3
dist_man_MANS += tls_conn_version.3
dist_man_MANS += tls_connect.3
dist_man_MANS += tls_init.3
dist_man_MANS += tls_load_file.3
dist_man_MANS += tls_ocsp_process_response.3
dist_man_MANS += tls_read.3
install-data-hook:
	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3"
	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3"
	ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3"
	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3"
	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3"
	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3"
	ln -sf "ASN1_generate_nconf.3" "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
	ln -sf "ASN1_item_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3"
	ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3"
	ln -sf "AUTHORITY_KEYID_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3"
	ln -sf "BASIC_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_decrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_options.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_eof.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_flush.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_close.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_pending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_reset.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_seek.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_close.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3"
	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3"
	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3"
	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3"
	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3"
	ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_type.3"
	ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_next.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free_all.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_set.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_vfree.3"
	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3"
	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3"
	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3"
	ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3"
	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3"
	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_puts.3"
	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_write.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3"
	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3"
	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3"
	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_file.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3"

	ln -sf "BIO_s_socket.3" "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_read.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_write.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_div.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_exp.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_gcd.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mul.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_nnmod.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sqr.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sub.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_div_word.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mod_word.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mul_word.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_sub_word.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print_fp.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_odd.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_one.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_word.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_zero.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_ucmp.3"
	ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_dup.3"
	ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_with_flags.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_div_recp.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_free.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_init.3"
	ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits.3"
	ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3"
	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3"
	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3"
	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_rand_range.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift1.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift1.3"
	ln -sf "BN_set_flags.3" "$(DESTDIR)$(mandir)/man3/BN_get_flags.3"
	ln -sf "BN_set_negative.3" "$(DESTDIR)$(mandir)/man3/BN_is_negative.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_get_word.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_reverse.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_strdup.3"
	ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3"
	ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3"
	ln -sf "CONF_modules_load_file.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_lock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_crypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_read.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_write.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_key_sched.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_random_key.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3"
	ln -sf "DH_generate_key.3" "$(DESTDIR)$(mandir)/man3/DH_compute_key.3"
	ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check.3"
	ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3"
	ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3"
	ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3"
	ln -sf "DH_new.3" "$(DESTDIR)$(mandir)/man3/DH_free.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_new_method.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3"
	ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3"
	ln -sf "DSA_do_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3"
	ln -sf "DSA_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3"
	ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3"
	ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3"
	ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_free.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_new_method.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3"
	ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3"
	ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_verify.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_size.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3"
	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3"
	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3"
	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3"
	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_load_BN_strings.3"
	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3"
	ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_PACK.3"
	ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3"
	ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3"
	ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3"
	ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3"
	ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3"
	ln -sf "ERR_remove_state.3" "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3"
	ln -sf "ERR_set_mark.3" "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss1.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md2.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md_null.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha1.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha224.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
	ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3"
	ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3"
	ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3"
	ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3"
	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3"
	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3"
	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3"
	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3"
	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3"
	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3"
	ln -sf "EVP_PKEY_decrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3"
	ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3"
	ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3"
	ln -sf "EVP_PKEY_encrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3"
	ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3"
	ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3"
	ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3"
	ln -sf "EVP_PKEY_sign.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3"
	ln -sf "EVP_PKEY_verify.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3"
	ln -sf "EVP_PKEY_verify_recover.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3"
	ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3"
	ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3"
	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3"
	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3"
	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3"
	ln -sf "EXTENDED_KEY_USAGE_new.3" "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Final.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Update.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_size.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2_Final.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2_Init.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2_Update.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Final.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Init.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Update.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Final.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Init.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Update.3"
	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3"
	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3"
	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_create.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3"
	ln -sf "OCSP_CRLID_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3"
	ln -sf "OCSP_CRLID_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_crlID_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3"
	ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3"
	ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3"
	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3"
	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3"
	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3"
	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay.3"
	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay_version.3"
	ln -sf "OPENSSL_config.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3"
	ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3"
	ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3"
	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3"
	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3"
	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_do_header.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3"
	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3"
	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3"
	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3"
	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3"
	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3"
	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3"
	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3"
	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3"
	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_free.3"
	ln -sf "PKCS5_PBKDF2_HMAC.3" "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_free.3"
	ln -sf "PKCS7_verify.3" "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3"
	ln -sf "PKCS8_PRIV_KEY_INFO_new.3" "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3"
	ln -sf "PKEY_USAGE_PERIOD_new.3" "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3"
	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3"
	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3"
	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3"
	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3"
	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_seed.3"
	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_status.3"
	ln -sf "RAND_bytes.3" "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3"
	ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_file_name.3"
	ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_write_file.3"
	ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3"
	ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3"
	ln -sf "RC4.3" "$(DESTDIR)$(mandir)/man3/RC4_set_key.3"
	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3"
	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3"
	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3"
	ln -sf "RSA_PSS_PARAMS_new.3" "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3"
	ln -sf "RSA_blinding_on.3" "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3"
	ln -sf "RSA_generate_key.3" "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3"
	ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSA_free.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3"
	ln -sf "RSA_private_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3"
	ln -sf "RSA_public_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_flags.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_new_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_null_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3"
	ln -sf "RSA_sign.3" "$(DESTDIR)$(mandir)/man3/RSA_verify.3"
	ln -sf "RSA_sign_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Update.3"
	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3"
	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3"
	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3"
	ln -sf "SSL_COMP_add_compression_method.3" "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3"
	ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3"
	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3"
	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_add_session.3"
	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_remove_session.3"
	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3"
	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3"
	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3"
	ln -sf "SSL_CTX_flush_sessions.3" "$(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3"
	ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3"
	ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3"
	ln -sf "SSL_CTX_load_verify_locations.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3"
	ln -sf "SSL_CTX_sess_set_cache_size.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/get_session_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/new_session_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/remove_session_cb.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3"
	ln -sf "SSL_CTX_set_cert_store.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3"
	ln -sf "SSL_CTX_set_cipher_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3"
	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3"
	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3"
	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3"
	ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3"
	ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/client_cert_cb.3"
	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3"
	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3"
	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3"
	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3"
	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3"
	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3"
	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3"
	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3"
	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3"
	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3"
	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3"
	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3"
	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3"
	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3"
	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3"
	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_set_options.3"
	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3"
	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3"
	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3"
	ln -sf "SSL_CTX_set_session_cache_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3"
	ln -sf "SSL_CTX_set_session_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3"
	ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3"
	ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3"
	ln -sf "SSL_CTX_set_timeout.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3"
	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3"
	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3"
	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/verify_callback.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3"
	ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3"
	ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_time.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_time.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3"
	ln -sf "SSL_SESSION_print.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3"
	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3"
	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3"
	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3"
	ln -sf "SSL_get_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3"
	ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3"
	ln -sf "SSL_get_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3"
	ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3"
	ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3"
	ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3"
	ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3"
	ln -sf "SSL_get_rbio.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3"
	ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3"
	ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_before.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_init.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_state.3"
	ln -sf "SSL_get_version.3" "$(DESTDIR)$(mandir)/man3/SSL_version.3"
	ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3"
	ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3"
	ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3"
	ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3"
	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
	ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3"
	ln -sf "SSL_set_connect_state.3" "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3"
	ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3"
	ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3"
	ln -sf "SSL_set_max_send_fragment.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3"
	ln -sf "SSL_set_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3"
	ln -sf "SSL_state_string.3" "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_read.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_write.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_free.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_new.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNET_free.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3"
	ln -sf "UI_UTIL_read_pw.3" "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_set_result.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_ctrl.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_free.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_new_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_process.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_method.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3"
	ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3"
	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3"
	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3"
	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3"
	ln -sf "X509_NAME_new.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3"
	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3"
	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3"
	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3"
	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3"
	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3"
	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3"
	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3"
	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3"
	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3"
	ln -sf "X509_SIG_new.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3"
	ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3"
	ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3"
	ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3"
	ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3"
	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_email.3"
	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip.3"
	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3"
	ln -sf "X509_get_serialNumber.3" "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_set_version.3"
	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_free.3"
	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_up_ref.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_verify.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_add_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_check_top.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_div_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand2.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_fix_top.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_high.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_print.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_high.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_low.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_max.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sub_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_wexpand.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul_add.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/sqr.3"
	ln -sf "d2i_ASN1_NULL.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3"
	ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME_new.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME_new.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3"
	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3"
	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3"
	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3"
	ln -sf "d2i_AUTHORITY_KEYID.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3"
	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3"
	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3"
	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3"
	ln -sf "d2i_DHparams.3" "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKPrivateKey_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPK_PUBKEY_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3"
	ln -sf "d2i_PKEY_USAGE_PERIOD.3" "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3"
	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3"
	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3"
	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3"
	ln -sf "d2i_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3"
	ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3"
	ln -sf "d2i_X509_ATTRIBUTE.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3"
	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3"
	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3"
	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3"
	ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3"
	ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_free.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_privkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_pubkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_init.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_cryptodev.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_new.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_privkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_pubkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_delete.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_error.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_free.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_configure.3"
	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_free.3"
	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_server.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3"
	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3"
	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3"
	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3"
	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3"
	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3"
	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_error.3"
	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_free.3"
	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_new.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result_msg.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_close.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_error.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"

uninstall-local:
	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_decrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_eof.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_flush.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_close.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_pending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_reset.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_seek.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_close.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_next.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_free_all.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vfree.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_puts.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3"

	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_read.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_exp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_gcd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_nnmod.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sqr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sub.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mul_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sub_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_odd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_one.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_zero.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_ucmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_with_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div_recp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rand_range.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_negative.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_reverse.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_strdup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_lock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_crypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_read.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_key_sched.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_random_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_compute_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_check.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_load_BN_strings.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_PACK.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md_null.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha224.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_crlID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_do_header.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_seed.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_file_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_write_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RC4_set_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_null_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_remove_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_session_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/new_session_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/remove_session_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/client_cert_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/verify_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_before.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_state.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_read.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SXNET_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_result.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_process.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_email.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_up_ref.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_add_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_check_top.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_div_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_expand.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_expand2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_fix_top.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_high.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_high.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_low.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_max.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sub_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_wexpand.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/mul_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/sqr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPK_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_privkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_pubkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_cryptodev.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_privkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_pubkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_delete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_doall.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_configure.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_server.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result_msg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_close.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"
Changes to jni/libressl/man/Makefile.in.
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
man3dir = $(mandir)/man3
am__installdirs = "$(DESTDIR)$(man3dir)"
NROFF = nroff
MANS = $(dist_man_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
man3dir = $(mandir)/man3
am__installdirs = "$(DESTDIR)$(man3dir)"
NROFF = nroff
MANS = $(dist_man_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
180
181
182
183
184
185
186

187
188
189
190
191
192
193
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289

290
291
292
293
294
295
296
297
298
299

300
301
302

303
304


305
306
307
308
309

310
311
312
313

314
315
316

317
318


319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

344
345
346

347
348
349

350
351
352
353
354
355
356




357
358

359
360

361
362

363
364

365
366
367
368
369





370
371
372

373
374

375







376




377

378
379
380
381





382
383
384
385
386
387
388
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = CMakeLists.txt
dist_man_MANS = tls_init.3 BIO_f_ssl.3 SSL_CIPHER_get_name.3 \
	SSL_COMP_add_compression_method.3 \
	SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 \
	SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 \
	SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 \
	SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 \
	SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 \
	SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 \

	SSL_CTX_set_cert_store.3 SSL_CTX_set_cert_verify_callback.3 \
	SSL_CTX_set_cipher_list.3 SSL_CTX_set_client_CA_list.3 \
	SSL_CTX_set_client_cert_cb.3 SSL_CTX_set_default_passwd_cb.3 \
	SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 \
	SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 \
	SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 \
	SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_quiet_shutdown.3 \
	SSL_CTX_set_session_cache_mode.3 \
	SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 \
	SSL_CTX_set_timeout.3 SSL_CTX_set_tmp_dh_callback.3 \

	SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 \
	SSL_CTX_use_certificate.3 SSL_CTX_use_psk_identity_hint.3 \
	SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 \

	SSL_SESSION_get_time.3 SSL_accept.3 SSL_alert_type_string.3 \
	SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 SSL_free.3 \


	SSL_get_SSL_CTX.3 SSL_get_ciphers.3 SSL_get_client_CA_list.3 \
	SSL_get_current_cipher.3 SSL_get_default_timeout.3 \
	SSL_get_error.3 SSL_get_ex_data_X509_STORE_CTX_idx.3 \
	SSL_get_ex_new_index.3 SSL_get_fd.3 SSL_get_peer_cert_chain.3 \
	SSL_get_peer_certificate.3 SSL_get_psk_identity.3 \

	SSL_get_rbio.3 SSL_get_session.3 SSL_get_verify_result.3 \
	SSL_get_version.3 SSL_library_init.3 SSL_load_client_CA_file.3 \
	SSL_new.3 SSL_pending.3 SSL_read.3 SSL_rstate_string.3 \
	SSL_session_reused.3 SSL_set_bio.3 SSL_set_connect_state.3 \

	SSL_set_fd.3 SSL_set_session.3 SSL_set_shutdown.3 \
	SSL_set_verify_result.3 SSL_shutdown.3 SSL_state_string.3 \
	SSL_want.3 SSL_write.3 d2i_SSL_SESSION.3 ssl.3 \

	ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 \
	ASN1_STRING_print_ex.3 ASN1_generate_nconf.3 BF_set_key.3 \


	BIO.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 \
	BIO_f_md.3 BIO_f_null.3 BIO_find_type.3 BIO_new.3 \
	BIO_new_CMS.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 \
	BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 \
	BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 \
	BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 \
	BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 \
	BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 \
	BN_mod_mul_montgomery.3 BN_mod_mul_reciprocal.3 BN_new.3 \
	BN_num_bytes.3 BN_rand.3 BN_set_bit.3 BN_swap.3 BN_zero.3 \
	BUF_MEM_new.3 CMS_add0_cert.3 CMS_add1_recipient_cert.3 \
	CMS_add1_signer.3 CMS_compress.3 CMS_decrypt.3 CMS_encrypt.3 \
	CMS_final.3 CMS_get0_RecipientInfos.3 CMS_get0_SignerInfos.3 \
	CMS_get0_type.3 CMS_get1_ReceiptRequest.3 CMS_sign.3 \
	CMS_sign_receipt.3 CMS_uncompress.3 CMS_verify.3 \
	CMS_verify_receipt.3 CONF_modules_free.3 \
	CONF_modules_load_file.3 CRYPTO_set_ex_data.3 \
	CRYPTO_set_locking_callback.3 ECDSA_SIG_new.3 \
	EVP_AEAD_CTX_init.3 UI_new.3 bn_dump.3 crypto.3 \
	d2i_PKCS8PrivateKey_bio.3 des_read_pw.3 lh_new.3 DES_set_key.3 \
	DH_generate_key.3 DH_generate_parameters.3 \
	DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 \
	DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 DSA_generate_key.3 \
	DSA_generate_parameters.3 DSA_get_ex_new_index.3 DSA_new.3 \
	DSA_set_method.3 DSA_sign.3 DSA_size.3 EC_GFp_simple_method.3 \

	EC_GROUP_copy.3 EC_GROUP_new.3 EC_KEY_new.3 EC_POINT_add.3 \
	EC_POINT_new.3 ERR.3 ERR_GET_LIB.3 ERR_clear_error.3 \
	ERR_error_string.3 ERR_get_error.3 ERR_load_crypto_strings.3 \

	ERR_load_strings.3 ERR_print_errors.3 ERR_put_error.3 \
	ERR_remove_state.3 ERR_set_mark.3 EVP_BytesToKey.3 \
	EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 \

	EVP_EncryptInit.3 EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 \
	EVP_PKEY_CTX_new.3 EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 \
	EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 \
	EVP_PKEY_get_default_digest.3 EVP_PKEY_keygen.3 EVP_PKEY_new.3 \
	EVP_PKEY_print_private.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 \
	EVP_PKEY_verify.3 EVP_PKEY_verify_recover.3 EVP_SealInit.3 \
	EVP_SignInit.3 EVP_VerifyInit.3 HMAC.3 MD5.3 OBJ_nid2obj.3 \




	OPENSSL_VERSION_NUMBER.3 OPENSSL_config.3 \
	OPENSSL_load_builtin_modules.3 OpenSSL_add_all_algorithms.3 \

	PEM_read_bio_PrivateKey.3 PEM_write_bio_CMS_stream.3 \
	PEM_write_bio_PKCS7_stream.3 PKCS12_create.3 PKCS12_parse.3 \

	PKCS5_PBKDF2_HMAC.3 PKCS7_decrypt.3 PKCS7_encrypt.3 \
	PKCS7_sign.3 PKCS7_sign_add_signer.3 PKCS7_verify.3 RAND.3 \

	RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_load_file.3 \
	RAND_set_rand_method.3 RC4.3 RIPEMD160.3 RSA_blinding_on.3 \

	RSA_check_key.3 RSA_generate_key.3 RSA_get_ex_new_index.3 \
	RSA_new.3 RSA_padding_add_PKCS1_type_1.3 RSA_print.3 \
	RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 \
	RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SHA1.3 \
	SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 \





	SMIME_write_PKCS7.3 X509_NAME_ENTRY_get_object.3 \
	X509_NAME_add_entry_by_txt.3 X509_NAME_get_index_by_NID.3 \
	X509_NAME_print_ex.3 X509_STORE_CTX_get_error.3 \

	X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_new.3 \
	X509_STORE_CTX_set_verify_cb.3 X509_STORE_set_verify_cb_func.3 \

	X509_VERIFY_PARAM_set_flags.3 X509_new.3 X509_verify_cert.3 \







	bn.3 d2i_ASN1_OBJECT.3 d2i_DHparams.3 d2i_DSAPublicKey.3 \




	d2i_ECPKParameters.3 d2i_RSAPublicKey.3 d2i_X509.3 \

	d2i_X509_ALGOR.3 d2i_X509_CRL.3 d2i_X509_NAME.3 d2i_X509_REQ.3 \
	d2i_X509_SIG.3 dh.3 dsa.3 ec.3 engine.3 evp.3 \
	i2d_CMS_bio_stream.3 i2d_PKCS7_bio_stream.3 lh_stats.3 rsa.3 \
	x509.3





all: all-am

.SUFFIXES:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
	    *$$dep*) \







|
|






>
|
|
|



|


|
>
|
|

>
|
|
>
>
|
|
|
|
|
>
|
|
|
|
>
|
|
|
>
|
|
>
>
|
|
|
|
|


|
|
|
|
<
<
<
<
|
|
|
<
<
|

|
|
|
>

|
|
>
|
|
|
>
|
|
|
|
|
|
|
>
>
>
>
|
|
>
|
|
>
|
|
>
|
|
>
|
|


|
>
>
>
>
>
|
|
|
>

|
>
|
>
>
>
>
>
>
>
|
>
>
>
>
|
>
|
|
|
<
>
>
>
>
>







276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340




341
342
343


344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415

416
417
418
419
420
421
422
423
424
425
426
427
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = CMakeLists.txt
dist_man_MANS = BIO_f_ssl.3 DTLSv1_listen.3 PEM_read_SSL_SESSION.3 \
	SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 \
	SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 \
	SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 \
	SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 \
	SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 \
	SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 \
	SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 \
	SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_cert_store.3 \
	SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 \
	SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 \
	SSL_CTX_set_default_passwd_cb.3 \
	SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 \
	SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 \
	SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 \
	SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_read_ahead.3 \
	SSL_CTX_set_session_cache_mode.3 \
	SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 \
	SSL_CTX_set_timeout.3 SSL_CTX_set_tlsext_status_cb.3 \
	SSL_CTX_set_tlsext_ticket_key_cb.3 \
	SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_rsa_callback.3 \
	SSL_CTX_set_verify.3 SSL_CTX_use_certificate.3 \
	SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 \
	SSL_SESSION_get_time.3 SSL_SESSION_new.3 SSL_SESSION_print.3 \
	SSL_accept.3 SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 \
	SSL_copy_session_id.3 SSL_do_handshake.3 SSL_dup.3 \
	SSL_dup_CA_list.3 SSL_free.3 SSL_get_SSL_CTX.3 \
	SSL_get_certificate.3 SSL_get_ciphers.3 \
	SSL_get_client_CA_list.3 SSL_get_current_cipher.3 \
	SSL_get_default_timeout.3 SSL_get_error.3 \
	SSL_get_ex_data_X509_STORE_CTX_idx.3 SSL_get_ex_new_index.3 \
	SSL_get_fd.3 SSL_get_peer_cert_chain.3 \
	SSL_get_peer_certificate.3 SSL_get_rbio.3 SSL_get_session.3 \
	SSL_get_shared_ciphers.3 SSL_get_state.3 \
	SSL_get_verify_result.3 SSL_get_version.3 SSL_library_init.3 \
	SSL_load_client_CA_file.3 SSL_new.3 SSL_num_renegotiations.3 \
	SSL_pending.3 SSL_read.3 SSL_renegotiate.3 SSL_rstate_string.3 \
	SSL_session_reused.3 SSL_set1_param.3 SSL_set_bio.3 \
	SSL_set_connect_state.3 SSL_set_fd.3 \
	SSL_set_max_send_fragment.3 SSL_set_session.3 \
	SSL_set_shutdown.3 SSL_set_verify_result.3 SSL_shutdown.3 \
	SSL_state_string.3 SSL_want.3 SSL_write.3 d2i_SSL_SESSION.3 \
	ssl.3 ACCESS_DESCRIPTION_new.3 ASN1_OBJECT_new.3 \
	ASN1_STRING_length.3 ASN1_STRING_new.3 ASN1_STRING_print_ex.3 \
	ASN1_TIME_set.3 ASN1_TYPE_get.3 ASN1_generate_nconf.3 \
	ASN1_item_d2i.3 ASN1_item_new.3 ASN1_time_parse.3 \
	AUTHORITY_KEYID_new.3 BASIC_CONSTRAINTS_new.3 BF_set_key.3 \
	BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 \
	BIO_f_md.3 BIO_f_null.3 BIO_find_type.3 BIO_get_ex_new_index.3 \
	BIO_new.3 BIO_printf.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 \
	BIO_s_bio.3 BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 \
	BIO_s_mem.3 BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 \
	BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 \
	BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 \
	BN_copy.3 BN_generate_prime.3 BN_get0_nist_prime_521.3 \
	BN_mod_inverse.3 BN_mod_mul_montgomery.3 \
	BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 \
	BN_set_bit.3 BN_set_flags.3 BN_set_negative.3 BN_swap.3 \




	BN_zero.3 BUF_MEM_new.3 CONF_modules_free.3 \
	CONF_modules_load_file.3 CRYPTO_get_mem_functions.3 \
	CRYPTO_set_ex_data.3 CRYPTO_set_locking_callback.3 \


	DES_set_key.3 DH_generate_key.3 DH_generate_parameters.3 \
	DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 \
	DIST_POINT_new.3 DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 \
	DSA_generate_key.3 DSA_generate_parameters.3 \
	DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 \
	DSA_size.3 ECDSA_SIG_new.3 EC_GFp_simple_method.3 \
	EC_GROUP_copy.3 EC_GROUP_new.3 EC_KEY_new.3 EC_POINT_add.3 \
	EC_POINT_new.3 ERR.3 ERR_GET_LIB.3 ERR_asprintf_error_data.3 \
	ERR_clear_error.3 ERR_error_string.3 ERR_get_error.3 \
	ERR_load_crypto_strings.3 ERR_load_strings.3 \
	ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 \
	ERR_set_mark.3 ESS_SIGNING_CERT_new.3 EVP_AEAD_CTX_init.3 \
	EVP_BytesToKey.3 EVP_DigestInit.3 EVP_DigestSignInit.3 \
	EVP_DigestVerifyInit.3 EVP_EncodeInit.3 EVP_EncryptInit.3 \
	EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_new.3 \
	EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 \
	EVP_PKEY_encrypt.3 EVP_PKEY_get_default_digest_nid.3 \
	EVP_PKEY_keygen.3 EVP_PKEY_new.3 EVP_PKEY_print_private.3 \
	EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 EVP_PKEY_verify.3 \
	EVP_PKEY_verify_recover.3 EVP_SealInit.3 EVP_SignInit.3 \
	EVP_VerifyInit.3 EXTENDED_KEY_USAGE_new.3 GENERAL_NAME_new.3 \
	HMAC.3 MD5.3 NAME_CONSTRAINTS_new.3 OBJ_nid2obj.3 \
	OCSP_CRLID_new.3 OCSP_REQUEST_new.3 OCSP_SERVICELOC_new.3 \
	OCSP_cert_to_id.3 OCSP_request_add1_nonce.3 \
	OCSP_resp_find_status.3 OCSP_response_status.3 \
	OCSP_sendreq_new.3 OPENSSL_VERSION_NUMBER.3 OPENSSL_cleanse.3 \
	OPENSSL_config.3 OPENSSL_load_builtin_modules.3 \
	OPENSSL_malloc.3 OpenSSL_add_all_algorithms.3 PEM_read.3 \
	PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS7_stream.3 \
	PKCS12_SAFEBAG_new.3 PKCS12_create.3 PKCS12_new.3 \
	PKCS12_newpass.3 PKCS12_parse.3 PKCS5_PBKDF2_HMAC.3 \
	PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_new.3 PKCS7_sign.3 \
	PKCS7_sign_add_signer.3 PKCS7_verify.3 \
	PKCS8_PRIV_KEY_INFO_new.3 PKEY_USAGE_PERIOD_new.3 \
	POLICYINFO_new.3 PROXY_POLICY_new.3 RAND_add.3 RAND_bytes.3 \
	RAND_load_file.3 RAND_set_rand_method.3 RC4.3 RIPEMD160.3 \
	RSA_PSS_PARAMS_new.3 RSA_blinding_on.3 RSA_check_key.3 \
	RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 \
	RSA_padding_add_PKCS1_type_1.3 RSA_print.3 \
	RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 \
	RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SHA1.3 \
	SMIME_read_PKCS7.3 SMIME_write_PKCS7.3 SXNET_new.3 \
	TS_REQ_new.3 UI_UTIL_read_pw.3 UI_create_method.3 \
	UI_get_string_type.3 UI_new.3 X509V3_get_d2i.3 \
	X509_ALGOR_dup.3 X509_ATTRIBUTE_new.3 X509_CINF_new.3 \
	X509_CRL_get0_by_serial.3 X509_CRL_new.3 \
	X509_EXTENSION_set_object.3 X509_LOOKUP_hash_dir.3 \
	X509_NAME_ENTRY_get_object.3 X509_NAME_add_entry_by_txt.3 \
	X509_NAME_get_index_by_NID.3 X509_NAME_new.3 \
	X509_NAME_print_ex.3 X509_PUBKEY_new.3 X509_REQ_new.3 \
	X509_REVOKED_new.3 X509_SIG_new.3 X509_STORE_CTX_get_error.3 \
	X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_new.3 \
	X509_STORE_CTX_set_verify_cb.3 X509_STORE_load_locations.3 \
	X509_STORE_set1_param.3 X509_STORE_set_verify_cb_func.3 \
	X509_VERIFY_PARAM_set_flags.3 X509_check_ca.3 \
	X509_check_host.3 X509_check_issued.3 X509_cmp_time.3 \
	X509_digest.3 X509_get_pubkey.3 X509_get_serialNumber.3 \
	X509_get_subject_name.3 X509_get_version.3 X509_new.3 \
	X509_sign.3 X509_verify_cert.3 X509v3_get_ext_by_NID.3 \
	bn_dump.3 crypto.3 d2i_ASN1_NULL.3 d2i_ASN1_OBJECT.3 \
	d2i_ASN1_OCTET_STRING.3 d2i_ASN1_SEQUENCE_ANY.3 \
	d2i_AUTHORITY_KEYID.3 d2i_BASIC_CONSTRAINTS.3 d2i_DHparams.3 \
	d2i_DIST_POINT.3 d2i_DSAPublicKey.3 d2i_ECPKParameters.3 \
	d2i_ESS_SIGNING_CERT.3 d2i_GENERAL_NAME.3 d2i_OCSP_REQUEST.3 \
	d2i_OCSP_RESPONSE.3 d2i_PKCS12.3 d2i_PKCS7.3 \
	d2i_PKCS8PrivateKey_bio.3 d2i_PKCS8_PRIV_KEY_INFO.3 \
	d2i_PKEY_USAGE_PERIOD.3 d2i_POLICYINFO.3 d2i_PROXY_POLICY.3 \
	d2i_PrivateKey.3 d2i_RSAPublicKey.3 d2i_TS_REQ.3 d2i_X509.3 \
	d2i_X509_ALGOR.3 d2i_X509_ATTRIBUTE.3 d2i_X509_CRL.3 \
	d2i_X509_EXTENSION.3 d2i_X509_NAME.3 d2i_X509_REQ.3 \
	d2i_X509_SIG.3 des_read_pw.3 engine.3 evp.3 \
	get_rfc3526_prime_8192.3 i2d_PKCS7_bio_stream.3 lh_new.3 \

	lh_stats.3 tls_accept_socket.3 tls_client.3 \
	tls_config_ocsp_require_stapling.3 tls_config_set_protocols.3 \
	tls_config_set_session_id.3 tls_config_verify.3 \
	tls_conn_version.3 tls_connect.3 tls_init.3 tls_load_file.3 \
	tls_ocsp_process_response.3 tls_read.3
all: all-am

.SUFFIXES:
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
	    *$$dep*) \
617
618
619
620
621
622
623



624
625
626
627
628
629
630
631




















632
633
634
635
636
637

638
639
640
641
642

643
644

645
646


647
648
649
650
651
652
653
654
655
656
657
658
659











660

661

662

663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679


680
681
682
683
684

685
686
687
688
689
690
691

692

693
694





695
696



















697
698
699
700
701
702
703
704
705
706
707

708
709
710













711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749



















750
751
752
753
754
755
756
757

758
759
760
761




762
763
764
765
766
767
768



769
770
771
772
773
774
775
776
777
778
779
780
781
782





783
784









785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802

803
804
805
806













807
808
809
810
811
812








813


814

815
816



817
818
819
820
821
822
823
824








825
826
827
828
829
830
831
832
833
834
835
836

837

838
839
840
841



842
843

844

845
846


847


848
849



850
851



852
853
854
855
856

857


858
859
860

861
862
863
864
865
866
867
868
869
870

871

872
873

874


875

876
877


878

879




880
881
882
883







884
885
886
887
888
889
890
891

892
893
894



895
896
897
898


899




900


901
902
903

904
905
906

907
908
909
910
911
912



913
914
915
916
917
918






919
920
921
922
923
924

925

926
927
928
929
930




931

932
933
934
935

936
















937
938
939
940
941

942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957



958
959
960
961
962
963
964
965
966
967




968
969
970
971
972
973












974
975



976


977


978
979

980
981
982
983
984
985
986
987
988
989
990
991



992
993
994
995
996
997
998











999
1000
1001
1002
1003
1004
1005

1006
1007
1008

1009
1010
1011





1012
1013
1014



1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026




1027
1028










1029
1030
1031
1032
1033

1034
1035
1036
1037
1038
1039

1040
1041
1042
1043
1044
1045
1046


1047



1048
1049
1050

1051
1052
1053
1054
1055
1056
1057


1058
1059
1060
1061
1062
1063
1064
1065










1066
1067

1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080

1081
1082
1083










1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096









1097
1098
1099
1100
1101
1102




1103





1104
1105
1106


1107
1108
1109
1110
1111

1112
1113
1114
1115


1116
1117
1118

1119

1120


1121
1122
1123
1124
1125
1126
1127
1128


1129
1130
1131
1132
1133

1134

1135

1136
1137




1138
1139





1140
1141
1142
1143
1144
1145







1146
1147

1148



1149
1150
1151
1152
1153

1154
1155

1156
1157

1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173







1174
1175













1176


1177
1178
1179

1180
1181
1182
1183
1184

1185
1186


1187
1188
1189
1190
1191
1192


1193
1194




1195
1196
1197
1198
1199




1200
1201



1202
1203
1204
1205
1206
1207
1208

1209
1210
1211
1212

1213

1214
1215
1216
1217

1218









1219
1220
1221
1222
1223
1224
1225
1226

1227
1228
1229

1230
1231
1232


1233

1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252










1253









1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264


1265
1266
1267
1268
1269




1270
1271


1272
1273
1274






1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286

1287






1288
1289

1290

1291
1292
1293

1294

1295
1296
1297
1298
1299
1300




1301
1302
1303


1304
1305
1306




1307
1308
1309
1310
1311
1312
1313

1314
1315
1316
1317
1318

1319


1320






1321
1322
1323
1324
1325


1326







1327
1328
1329
1330
1331



1332
1333

1334



1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348






1349





1350
1351



1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378

1379
1380














1381
1382
1383
1384
1385
1386
1387

1388

1389



1390
1391
1392
1393
1394
1395
1396
1397
1398








1399
1400
1401
1402
1403
1404
1405

1406
1407
1408
1409
1410



1411
1412
1413
1414









1415

1416
1417





1418


1419


1420





1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442







1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453










1454
1455
1456

1457
1458
1459
1460
1461
1462
1463
1464








1465



1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479




1480

1481



1482
1483
1484
1485
1486



1487
1488
1489



1490
1491
1492
1493
1494
1495
1496

1497

1498


1499


1500
1501
1502
1503
1504
1505






1506
1507
1508


1509
1510
1511


1512
1513
1514

1515
1516
1517
1518

1519
1520


1521

1522
1523

1524

1525




1526


1527
1528

1529
1530
1531

1532




1533
1534

1535
1536



1537
1538
1539
1540
1541
1542


1543
1544
1545
1546
1547



1548
1549
1550
1551
1552
1553
1554

1555
1556



1557
1558


1559
1560
1561
1562



1563




1564


1565
1566
1567




1568
1569
1570
1571


1572
1573
1574
1575
1576

1577
1578
1579
1580

1581


1582

1583












1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598

1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617












1618

1619
1620
1621
1622
1623
1624


1625
1626
1627
1628
1629


1630
1631
1632
1633
1634




1635


1636



1637



1638


1639
1640
1641


1642
1643
1644
1645
1646
1647
1648


1649



1650
1651
1652
1653
1654
1655

1656


1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669




1670
1671
1672

1673






1674
1675


1676
1677
1678
1679




1680
1681
1682
1683
1684


1685
1686
1687

1688
1689

1690
1691
1692
1693






1694
1695
1696
1697
1698
1699



1700

1701

1702

1703

1704

1705


1706
1707
1708

1709

1710




1711
1712
1713
1714
1715
1716
1717
1718
1719
1720



1721




1722


1723
1724
1725
1726
1727
1728
1729
1730



1731
1732
1733



1734




1735

1736
1737
1738


1739
1740
1741
1742
1743
1744
1745
1746
1747


1748












1749
1750
1751
1752
1753
1754
1755

1756
1757
1758
1759
1760
1761
1762
1763



1764
1765
1766
1767
1768
1769
1770
1771

1772
1773
1774
1775
1776
1777
1778












1779
1780

1781
1782
1783
1784
1785
1786


1787
1788
1789
1790
1791
1792
1793










1794
1795
1796

1797

1798
1799
1800
1801
1802
1803
1804
1805
1806



1807
1808
1809
1810
1811
1812
1813
1814




















1815
1816
1817
1818
1819
1820


1821
1822
1823
1824


1825
1826
1827
1828
1829

1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843












1844

1845

1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862


1863
1864
1865
1866
1867

1868
1869
1870
1871
1872
1873
1874

1875

1876






1877
1878
1879


















1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890

1891
1892
1893
1894
1895













1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932















1933

1934
1935
1936
1937
1938
1939
1940
1941
1942
1943

1944
1945
1946
1947




1948
1949
1950
1951
1952
1953






1954
1955
1956
1957
1958
1959
1960


1961
1962









1963
1964




1965
1966
1967
1968
1969
1970
1971
1972
1973
1974

1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988













1989
1990
1991
1992

1993
1994







1995


1996
1997
1998
1999



2000
2001
2002
2003
2004
2005
2006
2007
2008







2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019




2020

2021
2022

2023
2024
2025
2026

2027

2028
2029





2030
2031



2032
2033

2034

2035
2036
2037
2038
2039

2040



2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053

2054

2055
2056

2057


2058

2059
2060


2061

2062




2063
2064
2065
2066






2067
2068
2069
2070
2071
2072
2073
2074


2075

2076




2077
2078
2079
2080
2081
2082
2083

2084

2085


2086
2087
2088



2089

2090
2091
2092
2093
2094
2095



2096
2097
2098
2099
2100
2101






2102
2103
2104
2105
2106
2107

2108

2109
2110




2111
2112

2113

2114

2115
2116

2117
2118
2119




2120
2121








2122
2123
2124
2125
2126

2127
2128
2129
2130
2131

2132
2133
2134
2135
2136

2137
2138
2139
2140



2141
2142
2143
2144
2145
2146
2147
2148
2149
2150




2151
2152
2153
2154
2155
2156












2157
2158






2159
2160
2161
2162
2163

2164
2165
2166
2167
2168
2169
2170

2171
2172

2173



2174
2175
2176
2177
2178
2179












2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193



2194
2195
2196
2197
2198
2199



2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211






2212









2213
2214
2215
2216
2217

2218
2219
2220
2221

2222


2223
2224
2225
2226
2227
2228
2229

2230
2231


2232
2233
2234

2235
2236
2237
2238
2239
2240



2241
2242
2243
2244
2245
2246
2247

2248












2249
2250

2251

2252
2253
2254
2255
2256
2257
2258
2259

2260
2261
2262




2263
2264
2265
2266


2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279









2280
2281
2282
2283



2284
2285

2286



2287
2288
2289
2290
2291

2292
2293

2294
2295
2296
2297
2298
2299






2300
2301
2302
2303



2304
2305
2306
2307
2308
2309
2310
2311


2312

2313
2314
2315



2316

2317
2318


2319

2320
2321

2322



2323
2324
2325
2326
2327
2328


2329


2330

2331
2332

2333



2334
2335
2336

2337

2338
2339


2340

2341
2342



2343
2344

2345
2346
2347
2348
2349
2350
2351
2352

2353
2354

2355


2356
2357



2358




2359
2360
2361
2362

2363
2364
2365

2366
2367

2368
2369
2370
2371


2372
2373




2374
2375

2376


2377
2378




2379
2380
2381
2382
2383




2384
2385


2386
2387
2388
2389

2390
2391
2392

2393
2394
2395
2396



2397
2398
2399
2400
2401
2402



2403





2404
2405
2406
2407
2408

2409
2410


2411


2412
2413
2414


2415

2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433











2434
2435
2436
2437



2438
2439


2440
2441

2442

2443
2444
2445
2446
2447


2448
2449
2450
2451





2452
2453


2454
2455
2456

2457




2458
2459
2460
2461
2462
2463
2464

2465
2466
2467


2468

2469
2470








2471
2472
2473

2474


2475
2476
2477

2478

2479
2480

2481
2482
2483


2484
2485





2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500









2501
2502
2503
2504
2505










2506
2507
2508
2509
2510



2511
2512

2513
2514


2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528






2529



2530

2531
2532

2533

2534
2535
2536

2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554

2555
2556
2557
2558

2559
2560
2561








2562
2563


2564
2565

2566

2567
2568

2569
2570





2571
2572
2573

2574
2575
2576

2577
2578
2579
2580




2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594



2595

2596
2597






2598


2599


2600



2601

2602


2603



2604
2605



2606
2607
2608
2609
2610
2611

2612

2613
2614
2615
2616
2617
2618
2619
2620
2621
2622

2623
2624
2625


2626



2627
2628
2629
2630
2631
2632
2633
2634



2635


2636






2637
2638
2639

2640
2641
2642
2643
2644
2645
2646
2647

2648



2649






2650
2651
2652
2653

2654
2655
2656
2657
2658
2659
2660
2661
2662
2663










2664
2665
2666
2667
2668

2669
2670
2671
2672



2673



2674
2675
2676



2677






2678
2679
2680
2681
2682
2683
2684

2685
2686
2687
2688
2689
2690
2691

2692
2693
2694


2695
2696
2697

2698
2699
2700
2701

2702
2703


2704

2705
2706



2707

2708


2709


2710
2711
2712
2713
2714
2715
2716
2717
2718



2719


2720
2721



2722
2723
2724

2725
2726


2727
2728

2729
2730



2731
2732
2733
2734
2735
2736


2737




2738
2739


2740
2741
2742
2743




2744
2745


2746


2747
2748
2749

2750


2751
2752
2753
2754
2755

2756
2757
2758
2759


2760
2761
2762





2763
2764

2765




2766


2767



2768


2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780


2781
2782

2783
2784
2785
2786
2787

2788

2789
2790
2791
2792
2793
2794
2795
2796
2797










2798
2799
2800

2801
2802
2803
2804


2805
2806
2807
2808
2809


2810
2811
2812
2813




2814
2815

2816
2817
2818


2819



2820


2821
2822



2823
2824
2825
2826
2827
2828
2829

2830
2831



2832
2833
2834
2835
2836
2837
2838
2839


2840

2841
2842
2843
2844
2845
2846

2847
2848
2849
2850
2851

2852

2853
2854
2855

2856






2857
2858

2859
2860
2861
2862
2863
2864

2865
2866


2867
2868
2869


2870
2871


2872


2873
2874
2875







2876
2877
2878

2879
2880
2881




2882

2883

2884
2885
2886

2887


2888
2889
2890

2891


2892
2893

2894
2895
2896
2897
2898
2899
2900
2901
2902
2903












2904
2905
2906
2907
2908
2909
2910
2911
2912


2913
2914
2915
2916


2917




2918

2919
2920



2921
2922
2923
2924
2925

2926
2927



2928

2929














2930
2931
2932

2933
2934
2935
2936
2937
2938
2939
2940
2941
2942

2943
2944
2945
2946
2947

2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958


2959








2960
2961


2962
2963
2964
2965



2966
2967
2968
2969
2970
2971
2972
2973
2974
2975





2976

2977
2978
2979
2980
2981

2982
2983
2984
2985

2986
2987
2988
2989
2990
2991
	maintainer-clean-generic mostlyclean mostlyclean-generic \
	mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
	uninstall-am uninstall-local uninstall-man uninstall-man3

.PRECIOUS: Makefile

install-data-hook:



	ln -sf ASN1_OBJECT_new.3 $(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3
	ln -sf ASN1_STRING_length.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3




















	ln -sf ASN1_STRING_new.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3
	ln -sf ASN1_STRING_new.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3
	ln -sf ASN1_STRING_print_ex.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3
	ln -sf ASN1_STRING_print_ex.3 $(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3
	ln -sf ASN1_generate_nconf.3 $(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3

	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_decrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_encrypt.3
	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3

	ln -sf BF_set_key.3 $(DESTDIR)$(mandir)/man3/BF_options.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3

	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3


	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_eof.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_flush.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_get_close.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_pending.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_reset.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_seek.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_set_close.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_tell.3
	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/BIO_wpending.3











	ln -sf BIO_ctrl.3 $(DESTDIR)$(mandir)/man3/bio_info_cb.3

	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3

	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3

	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3
	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3
	ln -sf BIO_f_buffer.3 $(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3
	ln -sf BIO_f_cipher.3 $(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3
	ln -sf BIO_f_cipher.3 $(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3
	ln -sf BIO_f_cipher.3 $(DESTDIR)$(mandir)/man3/BIO_set_cipher.3
	ln -sf BIO_f_md.3 $(DESTDIR)$(mandir)/man3/BIO_get_md.3
	ln -sf BIO_f_md.3 $(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3
	ln -sf BIO_f_md.3 $(DESTDIR)$(mandir)/man3/BIO_set_md.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_do_handshake.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_get_ssl.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_new_ssl.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3


	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3
	ln -sf BIO_f_ssl.3 $(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3
	ln -sf BIO_find_type.3 $(DESTDIR)$(mandir)/man3/BIO_method_type.3

	ln -sf BIO_find_type.3 $(DESTDIR)$(mandir)/man3/BIO_next.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_free.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_free_all.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_set.3
	ln -sf BIO_new.3 $(DESTDIR)$(mandir)/man3/BIO_vfree.3
	ln -sf BIO_push.3 $(DESTDIR)$(mandir)/man3/BIO_pop.3
	ln -sf BIO_read.3 $(DESTDIR)$(mandir)/man3/BIO_gets.3

	ln -sf BIO_read.3 $(DESTDIR)$(mandir)/man3/BIO_puts.3

	ln -sf BIO_read.3 $(DESTDIR)$(mandir)/man3/BIO_write.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_do_accept.3





	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3



















	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_new_accept.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3
	ln -sf BIO_s_accept.3 $(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_get_read_request.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3

	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3













	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3
	ln -sf BIO_s_bio.3 $(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_do_connect.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_new_connect.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3
	ln -sf BIO_s_connect.3 $(DESTDIR)$(mandir)/man3/BIO_set_nbio.3
	ln -sf BIO_s_fd.3 $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	ln -sf BIO_s_fd.3 $(DESTDIR)$(mandir)/man3/BIO_new_fd.3
	ln -sf BIO_s_fd.3 $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_append_filename.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_get_fp.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_new_file.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_new_fp.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_read_filename.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_rw_filename.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_set_fp.3
	ln -sf BIO_s_file.3 $(DESTDIR)$(mandir)/man3/BIO_write_filename.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3
	ln -sf BIO_s_mem.3 $(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3
	ln -sf BIO_s_socket.3 $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	ln -sf BIO_s_socket.3 $(DESTDIR)$(mandir)/man3/BIO_new_socket.3
	ln -sf BIO_s_socket.3 $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_debug_callback.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_get_callback.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3
	ln -sf BIO_set_callback.3 $(DESTDIR)$(mandir)/man3/callback.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3



















	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_retry_type.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_should_io_special.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_should_read.3
	ln -sf BIO_should_retry.3 $(DESTDIR)$(mandir)/man3/BIO_should_write.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3

	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3




	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3
	ln -sf BN_BLINDING_new.3 $(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3
	ln -sf BN_CTX_new.3 $(DESTDIR)$(mandir)/man3/BN_CTX_free.3
	ln -sf BN_CTX_new.3 $(DESTDIR)$(mandir)/man3/BN_CTX_init.3
	ln -sf BN_CTX_start.3 $(DESTDIR)$(mandir)/man3/BN_CTX_end.3



	ln -sf BN_CTX_start.3 $(DESTDIR)$(mandir)/man3/BN_CTX_get.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_div.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_exp.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_gcd.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_add.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_exp.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_mul.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_sqr.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mod_sub.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_mul.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_nnmod.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_sqr.3
	ln -sf BN_add.3 $(DESTDIR)$(mandir)/man3/BN_sub.3





	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_div_word.3
	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_mod_word.3









	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_mul_word.3
	ln -sf BN_add_word.3 $(DESTDIR)$(mandir)/man3/BN_sub_word.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bin2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bn2dec.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bn2hex.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_bn2mpi.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_dec2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_hex2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_mpi2bn.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_print.3
	ln -sf BN_bn2bin.3 $(DESTDIR)$(mandir)/man3/BN_print_fp.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_odd.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_one.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_word.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_is_zero.3
	ln -sf BN_cmp.3 $(DESTDIR)$(mandir)/man3/BN_ucmp.3
	ln -sf BN_copy.3 $(DESTDIR)$(mandir)/man3/BN_dup.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_GENCB_call.3

	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_GENCB_set.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime.3













	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3
	ln -sf BN_generate_prime.3 $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3








	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3


	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3

	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_from_montgomery.3
	ln -sf BN_mod_mul_montgomery.3 $(DESTDIR)$(mandir)/man3/BN_to_montgomery.3



	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3
	ln -sf BN_mod_mul_reciprocal.3 $(DESTDIR)$(mandir)/man3/BN_div_recp.3
	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_clear.3
	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_clear_free.3
	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_free.3








	ln -sf BN_new.3 $(DESTDIR)$(mandir)/man3/BN_init.3
	ln -sf BN_num_bytes.3 $(DESTDIR)$(mandir)/man3/BN_num_bits.3
	ln -sf BN_num_bytes.3 $(DESTDIR)$(mandir)/man3/BN_num_bits_word.3
	ln -sf BN_rand.3 $(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3
	ln -sf BN_rand.3 $(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3
	ln -sf BN_rand.3 $(DESTDIR)$(mandir)/man3/BN_rand_range.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_clear_bit.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_is_bit_set.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_lshift.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_lshift1.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_mask_bits.3
	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_rshift.3

	ln -sf BN_set_bit.3 $(DESTDIR)$(mandir)/man3/BN_rshift1.3

	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_get_word.3
	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_one.3
	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_set_word.3
	ln -sf BN_zero.3 $(DESTDIR)$(mandir)/man3/BN_value_one.3



	ln -sf BUF_MEM_new.3 $(DESTDIR)$(mandir)/man3/BUF_MEM_free.3
	ln -sf BUF_MEM_new.3 $(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3

	ln -sf BUF_MEM_new.3 $(DESTDIR)$(mandir)/man3/BUF_strdup.3

	ln -sf CONF_modules_free.3 $(DESTDIR)$(mandir)/man3/CONF_modules_finish.3
	ln -sf CONF_modules_free.3 $(DESTDIR)$(mandir)/man3/CONF_modules_unload.3


	ln -sf CONF_modules_load_file.3 $(DESTDIR)$(mandir)/man3/CONF_modules_load.3


	ln -sf CRYPTO_set_ex_data.3 $(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3



	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3



	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3

	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_add.3


	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_add_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3

	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_set_id_callback.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3
	ln -sf CRYPTO_set_locking_callback.3 $(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_crypt.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3




	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3







	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_enc_read.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_enc_write.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_fcrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_is_weak_key.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_key_sched.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3

	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_quad_cksum.3



	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_random_key.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_set_key_checked.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3
	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3




	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_string_to_key.3


	ln -sf DES_set_key.3 $(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3
	ln -sf DH_generate_key.3 $(DESTDIR)$(mandir)/man3/DH_compute_key.3
	ln -sf DH_generate_parameters.3 $(DESTDIR)$(mandir)/man3/DH_check.3

	ln -sf DH_generate_parameters.3 $(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3
	ln -sf DH_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DH_get_ex_data.3
	ln -sf DH_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DH_set_ex_data.3

	ln -sf DH_new.3 $(DESTDIR)$(mandir)/man3/DH_free.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_OpenSSL.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_get_default_method.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_get_default_openssl_method.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_new_method.3
	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_set_default_method.3



	ln -sf DH_set_method.3 $(DESTDIR)$(mandir)/man3/DH_set_default_openssl_method.3
	ln -sf DSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/DSA_SIG_free.3
	ln -sf DSA_do_sign.3 $(DESTDIR)$(mandir)/man3/DSA_do_verify.3
	ln -sf DSA_generate_parameters.3 $(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3
	ln -sf DSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3
	ln -sf DSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3






	ln -sf DSA_new.3 $(DESTDIR)$(mandir)/man3/DSA_free.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_get_default_method.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_get_default_openssl_method.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_new_method.3
	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_set_default_method.3

	ln -sf DSA_set_method.3 $(DESTDIR)$(mandir)/man3/DSA_set_default_openssl_method.3

	ln -sf DSA_sign.3 $(DESTDIR)$(mandir)/man3/DSA_sign_setup.3
	ln -sf DSA_sign.3 $(DESTDIR)$(mandir)/man3/DSA_verify.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3




	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3

	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3

	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3
















	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_set_method.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_sign.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3

	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_size.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/ECDSA_verify.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3
	ln -sf ECDSA_SIG_new.3 $(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3
	ln -sf EC_GFp_simple_method.3 $(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_check.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3



	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3




	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3
	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3












	ln -sf EC_GROUP_copy.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3



	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_free.3


	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3


	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3

	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3
	ln -sf EC_GROUP_new.3 $(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_copy.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_dup.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_free.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3



	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3











	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3

	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3
	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3

	ln -sf EC_KEY_new.3 $(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3





	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_invert.3



	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINT_mul.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3
	ln -sf EC_POINT_add.3 $(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_copy.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_dup.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_free.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3




	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3










	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3

	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3
	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3

	ln -sf EC_POINT_new.3 $(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3
	ln -sf ERR_GET_LIB.3 $(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3
	ln -sf ERR_GET_LIB.3 $(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_error_string_n.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_func_error_string.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3
	ln -sf ERR_error_string.3 $(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3


	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_get_error_line.3



	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_error.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3

	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3
	ln -sf ERR_get_error.3 $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3
	ln -sf ERR_load_crypto_strings.3 $(DESTDIR)$(mandir)/man3/ERR_free_strings.3
	ln -sf ERR_load_crypto_strings.3 $(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3
	ln -sf ERR_load_strings.3 $(DESTDIR)$(mandir)/man3/ERR_PACK.3


	ln -sf ERR_load_strings.3 $(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3
	ln -sf ERR_print_errors.3 $(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3
	ln -sf ERR_put_error.3 $(DESTDIR)$(mandir)/man3/ERR_add_error_data.3
	ln -sf ERR_remove_state.3 $(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3
	ln -sf ERR_set_mark.3 $(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3










	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3

	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3
	ln -sf EVP_AEAD_CTX_init.3 $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3

	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3










	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_size.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_MD_type.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_dss.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_dss1.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3









	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_md2.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_md5.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_md_null.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_ripemd160.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha1.3




	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha224.3





	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha256.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha384.3
	ln -sf EVP_DigestInit.3 $(DESTDIR)$(mandir)/man3/EVP_sha512.3


	ln -sf EVP_DigestSignInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3
	ln -sf EVP_DigestSignInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3
	ln -sf EVP_DigestVerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3
	ln -sf EVP_DigestVerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherInit.3




	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3





	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3







	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3



	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3







	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_des_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3













	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_enc_null.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3

	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc4.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc4_40.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3


	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3
	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3




	ln -sf EVP_EncryptInit.3 $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3
	ln -sf EVP_OpenInit.3 $(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3
	ln -sf EVP_OpenInit.3 $(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3




	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3



	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3
	ln -sf EVP_PKEY_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3

	ln -sf EVP_PKEY_CTX_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3
	ln -sf EVP_PKEY_CTX_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3
	ln -sf EVP_PKEY_CTX_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3
	ln -sf EVP_PKEY_cmp.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3

	ln -sf EVP_PKEY_cmp.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3

	ln -sf EVP_PKEY_cmp.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3
	ln -sf EVP_PKEY_decrypt.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3
	ln -sf EVP_PKEY_derive.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3
	ln -sf EVP_PKEY_derive.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3

	ln -sf EVP_PKEY_encrypt.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3









	ln -sf EVP_PKEY_get_default_digest.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3
	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3

	ln -sf EVP_PKEY_keygen.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3
	ln -sf EVP_PKEY_new.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3
	ln -sf EVP_PKEY_print_private.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3

	ln -sf EVP_PKEY_print_private.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3


	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3

	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3
	ln -sf EVP_PKEY_set1_RSA.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3
	ln -sf EVP_PKEY_sign.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3
	ln -sf EVP_PKEY_verify.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3
	ln -sf EVP_PKEY_verify_recover.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3
	ln -sf EVP_SealInit.3 $(DESTDIR)$(mandir)/man3/EVP_SealFinal.3
	ln -sf EVP_SealInit.3 $(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3
	ln -sf EVP_SignInit.3 $(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3
	ln -sf EVP_SignInit.3 $(DESTDIR)$(mandir)/man3/EVP_SignFinal.3
	ln -sf EVP_SignInit.3 $(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3
	ln -sf EVP_VerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3
	ln -sf EVP_VerifyInit.3 $(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3










	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_Final.3









	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_Init.3
	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_Update.3
	ln -sf HMAC.3 $(DESTDIR)$(mandir)/man3/HMAC_cleanup.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2_Final.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2_Init.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD2_Update.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4_Final.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4_Init.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD4_Update.3


	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD5_Final.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD5_Init.3
	ln -sf MD5.3 $(DESTDIR)$(mandir)/man3/MD5_Update.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_cleanup.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_cmp.3




	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_create.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_dup.3


	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3






	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3
	ln -sf OBJ_nid2obj.3 $(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3
	ln -sf OPENSSL_VERSION_NUMBER.3 $(DESTDIR)$(mandir)/man3/SSLeay.3
	ln -sf OPENSSL_VERSION_NUMBER.3 $(DESTDIR)$(mandir)/man3/SSLeay_version.3
	ln -sf OPENSSL_config.3 $(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3
	ln -sf OPENSSL_load_builtin_modules.3 $(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3
	ln -sf OPENSSL_load_builtin_modules.3 $(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3
	ln -sf OpenSSL_add_all_algorithms.3 $(DESTDIR)$(mandir)/man3/EVP_cleanup.3
	ln -sf OpenSSL_add_all_algorithms.3 $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3

	ln -sf OpenSSL_add_all_algorithms.3 $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3






	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509.3




	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3


	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3




	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3


	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3






	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3


	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3







	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509.3



	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3

	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3



	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3






	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3





	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3



	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3
	ln -sf PEM_read_bio_PrivateKey.3 $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3
	ln -sf PKCS5_PBKDF2_HMAC.3 $(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3
	ln -sf PKCS7_verify.3 $(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3
	ln -sf RAND_add.3 $(DESTDIR)$(mandir)/man3/RAND_seed.3
	ln -sf RAND_add.3 $(DESTDIR)$(mandir)/man3/RAND_status.3
	ln -sf RAND_bytes.3 $(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3
	ln -sf RAND_load_file.3 $(DESTDIR)$(mandir)/man3/RAND_file_name.3
	ln -sf RAND_load_file.3 $(DESTDIR)$(mandir)/man3/RAND_write_file.3
	ln -sf RAND_set_rand_method.3 $(DESTDIR)$(mandir)/man3/RAND_SSLeay.3
	ln -sf RAND_set_rand_method.3 $(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3
	ln -sf RC4.3 $(DESTDIR)$(mandir)/man3/RC4_set_key.3
	ln -sf RIPEMD160.3 $(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3
	ln -sf RIPEMD160.3 $(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3
	ln -sf RIPEMD160.3 $(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3
	ln -sf RSA_blinding_on.3 $(DESTDIR)$(mandir)/man3/RSA_blinding_off.3
	ln -sf RSA_generate_key.3 $(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3
	ln -sf RSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3
	ln -sf RSA_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3
	ln -sf RSA_new.3 $(DESTDIR)$(mandir)/man3/RSA_free.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3

	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3
	ln -sf RSA_padding_add_PKCS1_type_1.3 $(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3














	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DHparams_print.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DHparams_print_fp.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSA_print.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSA_print_fp.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSAparams_print.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3
	ln -sf RSA_print.3 $(DESTDIR)$(mandir)/man3/RSA_print_fp.3

	ln -sf RSA_private_encrypt.3 $(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3

	ln -sf RSA_public_encrypt.3 $(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3



	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_flags.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_get_default_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_get_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_new_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_null_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_set_default_method.3
	ln -sf RSA_set_method.3 $(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3








	ln -sf RSA_sign.3 $(DESTDIR)$(mandir)/man3/RSA_verify.3
	ln -sf RSA_sign_ASN1_OCTET_STRING.3 $(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3
	ln -sf SHA1.3 $(DESTDIR)$(mandir)/man3/SHA1_Final.3
	ln -sf SHA1.3 $(DESTDIR)$(mandir)/man3/SHA1_Init.3
	ln -sf SHA1.3 $(DESTDIR)$(mandir)/man3/SHA1_Update.3
	ln -sf SSL_CIPHER_get_name.3 $(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3
	ln -sf SSL_CIPHER_get_name.3 $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3

	ln -sf SSL_CIPHER_get_name.3 $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3
	ln -sf SSL_CTX_add_session.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3
	ln -sf SSL_CTX_add_session.3 $(DESTDIR)$(mandir)/man3/SSL_add_session.3
	ln -sf SSL_CTX_add_session.3 $(DESTDIR)$(mandir)/man3/SSL_remove_session.3
	ln -sf SSL_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3



	ln -sf SSL_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3
	ln -sf SSL_CTX_ctrl.3 $(DESTDIR)$(mandir)/man3/SSL_ctrl.3
	ln -sf SSL_CTX_flush_sessions.3 $(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3
	ln -sf SSL_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3









	ln -sf SSL_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3

	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3
	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3





	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3


	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3


	ln -sf SSL_CTX_get_verify_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3





	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv23_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv23_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv23_server_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv3_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv3_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/SSLv3_server_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_1_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_client_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_method.3
	ln -sf SSL_CTX_new.3 $(DESTDIR)$(mandir)/man3/TLSv1_server_method.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3
	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3







	ln -sf SSL_CTX_sess_number.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3
	ln -sf SSL_CTX_sess_set_cache_size.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/get_session_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/new_session_cb.3
	ln -sf SSL_CTX_sess_set_get_cb.3 $(DESTDIR)$(mandir)/man3/remove_session_cb.3
	ln -sf SSL_CTX_set_cert_store.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3










	ln -sf SSL_CTX_set_cipher_list.3 $(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3
	ln -sf SSL_CTX_set_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3
	ln -sf SSL_CTX_set_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3

	ln -sf SSL_CTX_set_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3
	ln -sf SSL_CTX_set_client_cert_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3
	ln -sf SSL_CTX_set_client_cert_cb.3 $(DESTDIR)$(mandir)/man3/client_cert_cb.3
	ln -sf SSL_CTX_set_default_passwd_cb.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3
	ln -sf SSL_CTX_set_default_passwd_cb.3 $(DESTDIR)$(mandir)/man3/pem_passwd_cb.3
	ln -sf SSL_CTX_set_generate_session_id.3 $(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3
	ln -sf SSL_CTX_set_generate_session_id.3 $(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3
	ln -sf SSL_CTX_set_info_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3








	ln -sf SSL_CTX_set_info_callback.3 $(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3



	ln -sf SSL_CTX_set_info_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3
	ln -sf SSL_CTX_set_max_cert_list.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3
	ln -sf SSL_CTX_set_max_cert_list.3 $(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3
	ln -sf SSL_CTX_set_max_cert_list.3 $(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3
	ln -sf SSL_CTX_set_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3
	ln -sf SSL_CTX_set_mode.3 $(DESTDIR)$(mandir)/man3/SSL_get_mode.3
	ln -sf SSL_CTX_set_mode.3 $(DESTDIR)$(mandir)/man3/SSL_set_mode.3
	ln -sf SSL_CTX_set_msg_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3
	ln -sf SSL_CTX_set_msg_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3
	ln -sf SSL_CTX_set_msg_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_clear_options.3
	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_get_options.3




	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3

	ln -sf SSL_CTX_set_options.3 $(DESTDIR)$(mandir)/man3/SSL_set_options.3



	ln -sf SSL_CTX_set_psk_client_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_psk_client_callback.3
	ln -sf SSL_CTX_set_quiet_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3
	ln -sf SSL_CTX_set_quiet_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3
	ln -sf SSL_CTX_set_quiet_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3
	ln -sf SSL_CTX_set_session_cache_mode.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3



	ln -sf SSL_CTX_set_session_id_context.3 $(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3
	ln -sf SSL_CTX_set_ssl_version.3 $(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3
	ln -sf SSL_CTX_set_ssl_version.3 $(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3



	ln -sf SSL_CTX_set_timeout.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3
	ln -sf SSL_CTX_set_tmp_dh_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3
	ln -sf SSL_CTX_set_tmp_dh_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3
	ln -sf SSL_CTX_set_tmp_dh_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3
	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_rsa.3
	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3
	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3

	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3

	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3


	ln -sf SSL_CTX_set_tmp_rsa_callback.3 $(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3


	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3
	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/SSL_set_verify.3
	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3
	ln -sf SSL_CTX_set_verify.3 $(DESTDIR)$(mandir)/man3/verify_callback.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3






	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3


	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3


	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_check_private_key.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3


	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_certificate.3
	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3

	ln -sf SSL_CTX_use_certificate.3 $(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3

	ln -sf SSL_CTX_use_psk_identity_hint.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_set_psk_server_callback.3




	ln -sf SSL_CTX_use_psk_identity_hint.3 $(DESTDIR)$(mandir)/man3/SSL_set_psk_server_callback.3


	ln -sf SSL_CTX_use_psk_identity_hint.3 $(DESTDIR)$(mandir)/man3/SSL_use_psk_identity_hint.3
	ln -sf SSL_SESSION_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3

	ln -sf SSL_SESSION_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3

	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3




	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_get_time.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_get_timeout.3

	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_set_time.3
	ln -sf SSL_SESSION_get_time.3 $(DESTDIR)$(mandir)/man3/SSL_set_timeout.3



	ln -sf SSL_alert_type_string.3 $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3
	ln -sf SSL_alert_type_string.3 $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3
	ln -sf SSL_alert_type_string.3 $(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3
	ln -sf SSL_get_ciphers.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3
	ln -sf SSL_get_client_CA_list.3 $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3
	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher.3


	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3
	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3
	ln -sf SSL_get_current_cipher.3 $(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3
	ln -sf SSL_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3
	ln -sf SSL_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3



	ln -sf SSL_get_fd.3 $(DESTDIR)$(mandir)/man3/SSL_get_rfd.3
	ln -sf SSL_get_fd.3 $(DESTDIR)$(mandir)/man3/SSL_get_wfd.3
	ln -sf SSL_get_psk_identity.3 $(DESTDIR)$(mandir)/man3/SSL_get_psk_identity_hint.3
	ln -sf SSL_get_rbio.3 $(DESTDIR)$(mandir)/man3/SSL_get_wbio.3
	ln -sf SSL_get_session.3 $(DESTDIR)$(mandir)/man3/SSL_get0_session.3
	ln -sf SSL_get_session.3 $(DESTDIR)$(mandir)/man3/SSL_get1_session.3
	ln -sf SSL_library_init.3 $(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3

	ln -sf SSL_library_init.3 $(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3
	ln -sf SSL_rstate_string.3 $(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3



	ln -sf SSL_set_connect_state.3 $(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3
	ln -sf SSL_set_fd.3 $(DESTDIR)$(mandir)/man3/SSL_set_rfd.3


	ln -sf SSL_set_fd.3 $(DESTDIR)$(mandir)/man3/SSL_set_wfd.3
	ln -sf SSL_set_shutdown.3 $(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3
	ln -sf SSL_state_string.3 $(DESTDIR)$(mandir)/man3/SSL_state_string_long.3
	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_nothing.3



	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_read.3




	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_write.3


	ln -sf SSL_want.3 $(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/ERR_load_UI_strings.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_OpenSSL.3




	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_error_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_info_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_input_string.3


	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_user_data.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_add_verify_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_construct_prompt.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_ctrl.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_error_string.3

	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_info_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_input_string.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3

	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_free.3


	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get0_result.3

	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get0_user_data.3












	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get_default_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_get_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_new_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_process.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_set_default_method.3
	ln -sf UI_new.3 $(DESTDIR)$(mandir)/man3/UI_set_method.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3
	ln -sf X509_NAME_ENTRY_get_object.3 $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3
	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3
	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3
	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3

	ln -sf X509_NAME_add_entry_by_txt.3 $(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3
	ln -sf X509_NAME_get_index_by_NID.3 $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3
	ln -sf X509_NAME_print_ex.3 $(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3
	ln -sf X509_NAME_print_ex.3 $(DESTDIR)$(mandir)/man3/X509_NAME_print.3
	ln -sf X509_NAME_print_ex.3 $(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3
	ln -sf X509_STORE_CTX_get_error.3 $(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3
	ln -sf X509_STORE_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3
	ln -sf X509_STORE_CTX_get_ex_new_index.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3












	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3

	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3
	ln -sf X509_STORE_CTX_new.3 $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3


	ln -sf X509_STORE_set_verify_cb_func.3 $(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3


	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3
	ln -sf X509_VERIFY_PARAM_set_flags.3 $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3




	ln -sf X509_new.3 $(DESTDIR)$(mandir)/man3/X509_free.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_add_words.3



	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_check_top.3



	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_cmp_words.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_div_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_expand.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_expand2.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_fix_top.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_add_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_comba4.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_comba8.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_high.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_normal.3



	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_recursive.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_mul_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_print.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_set_high.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_set_low.3

	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_set_max.3


	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_normal.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sqr_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_sub_words.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/bn_wexpand.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/mul.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/mul_add.3
	ln -sf bn_dump.3 $(DESTDIR)$(mandir)/man3/sqr.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_dispatch.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_done.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_freereq.3




	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_freesession.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_get_driverid.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_getreq.3

	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_newsession.3






	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_register.3
	ln -sf crypto.3 $(DESTDIR)$(mandir)/man3/crypto_unregister.3


	ln -sf d2i_ASN1_OBJECT.3 $(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3
	ln -sf d2i_DHparams.3 $(DESTDIR)$(mandir)/man3/i2d_DHparams.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3




	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_DSAparams.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3


	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3
	ln -sf d2i_DSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_DSAparams.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/ECPKParameters_print.3

	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3

	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3
	ln -sf d2i_ECPKParameters.3 $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3






	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3
	ln -sf d2i_PKCS8PrivateKey_bio.3 $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3
	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3



	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3

	ln -sf d2i_RSAPublicKey.3 $(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3


	ln -sf d2i_SSL_SESSION.3 $(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3
	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/d2i_X509_bio.3
	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/d2i_X509_fp.3

	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/i2d_X509.3

	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/i2d_X509_bio.3




	ln -sf d2i_X509.3 $(DESTDIR)$(mandir)/man3/i2d_X509_fp.3
	ln -sf d2i_X509_ALGOR.3 $(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3
	ln -sf d2i_X509_CRL.3 $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3
	ln -sf d2i_X509_NAME.3 $(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3
	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3
	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3



	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3




	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3


	ln -sf d2i_X509_REQ.3 $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3
	ln -sf d2i_X509_SIG.3 $(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3
	ln -sf des_read_pw.3 $(DESTDIR)$(mandir)/man3/des_read_2passwords.3
	ln -sf des_read_pw.3 $(DESTDIR)$(mandir)/man3/des_read_password.3
	ln -sf des_read_pw.3 $(DESTDIR)$(mandir)/man3/des_read_pw_string.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_add.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_by_id.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_finish.3



	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_first.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_last.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_next.3



	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3




	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_init.3

	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3
	ln -sf engine.3 $(DESTDIR)$(mandir)/man3/ENGINE_remove.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3


	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_delete.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_doall.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_doall_arg.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_error.3
	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_free.3


	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_insert.3












	ln -sf lh_new.3 $(DESTDIR)$(mandir)/man3/lh_retrieve.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_stats.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3
	ln -sf lh_stats.3 $(DESTDIR)$(mandir)/man3/lh_stats_bio.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_accept_fds.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_accept_socket.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_client.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_close.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_free.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3



	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_new.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_protocols.3












	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_verify.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_verify_client.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_configure.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_conn_cipher.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_conn_version.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect.3


	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect_fds.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect_servername.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_connect_socket.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_error.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_free.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_handshake.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_load_file.3










	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3

	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_read.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_reset.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_server.3
	ln -sf tls_init.3 $(DESTDIR)$(mandir)/man3/tls_write.3

uninstall-local:



	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3




















	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_decrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/BF_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_eof.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_flush.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_close.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_pending.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_reset.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_seek.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_close.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_tell.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_wpending.3
	-rm -f $(DESTDIR)$(mandir)/man3/bio_info_cb.3












	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_do_handshake.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_ssl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_ssl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3


	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_method_type.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_next.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_free_all.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_vfree.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_pop.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_gets.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_puts.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_write.3






	-rm -f $(DESTDIR)$(mandir)/man3/BIO_do_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3


















	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_read_request.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3













	-rm -f $(DESTDIR)$(mandir)/man3/BIO_do_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_nbio.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_append_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_read_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_rw_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_write_filename.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_new_socket.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_fd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_debug_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3















	-rm -f $(DESTDIR)$(mandir)/man3/BIO_retry_type.3

	-rm -f $(DESTDIR)$(mandir)/man3/BIO_should_io_special.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_should_read.3
	-rm -f $(DESTDIR)$(mandir)/man3/BIO_should_write.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3




	-rm -f $(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_end.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_CTX_get.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_div.3






	-rm -f $(DESTDIR)$(mandir)/man3/BN_exp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_gcd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_add.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_exp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_sqr.3


	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_sub.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mul.3









	-rm -f $(DESTDIR)$(mandir)/man3/BN_nnmod.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_sqr.3




	-rm -f $(DESTDIR)$(mandir)/man3/BN_sub.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_div_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mod_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mul_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_sub_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bin2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bn2dec.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bn2hex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_bn2mpi.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_dec2bn.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_hex2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mpi2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_print_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_odd.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_one.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_zero.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_ucmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_GENCB_call.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_GENCB_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3













	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3







	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3


	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_from_montgomery.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_to_montgomery.3



	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_div_recp.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_clear.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_clear_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_init.3







	-rm -f $(DESTDIR)$(mandir)/man3/BN_num_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_num_bits_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_rand_range.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_clear_bit.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_is_bit_set.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_lshift.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_lshift1.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_mask_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_rshift.3




	-rm -f $(DESTDIR)$(mandir)/man3/BN_rshift1.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_get_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_one.3

	-rm -f $(DESTDIR)$(mandir)/man3/BN_set_word.3
	-rm -f $(DESTDIR)$(mandir)/man3/BN_value_one.3
	-rm -f $(DESTDIR)$(mandir)/man3/BUF_MEM_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3

	-rm -f $(DESTDIR)$(mandir)/man3/BUF_strdup.3

	-rm -f $(DESTDIR)$(mandir)/man3/CONF_modules_finish.3
	-rm -f $(DESTDIR)$(mandir)/man3/CONF_modules_unload.3





	-rm -f $(DESTDIR)$(mandir)/man3/CONF_modules_load.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3



	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3

	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3

	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3

	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_add.3



	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_add_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_set_id_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3
	-rm -f $(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_crypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3




	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3






	-rm -f $(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_enc_read.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_enc_write.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_fcrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_is_weak_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_key_sched.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3


	-rm -f $(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3




	-rm -f $(DESTDIR)$(mandir)/man3/DES_quad_cksum.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_random_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_set_key_checked.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3
	-rm -f $(DESTDIR)$(mandir)/man3/DES_string_to_key.3

	-rm -f $(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3

	-rm -f $(DESTDIR)$(mandir)/man3/DH_compute_key.3


	-rm -f $(DESTDIR)$(mandir)/man3/DH_check.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_get_ex_data.3



	-rm -f $(DESTDIR)$(mandir)/man3/DH_set_ex_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/DH_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_OpenSSL.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_get_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_get_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DH_set_default_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/DH_set_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_SIG_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_do_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3






	-rm -f $(DESTDIR)$(mandir)/man3/DSA_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_get_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_get_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_set_default_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_set_default_openssl_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_sign_setup.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSA_verify.3




	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3




	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_set_method.3








	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_sign.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECDSA_verify.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_check.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3




	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3












	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3






	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_copy.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3












	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_invert.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3



	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_copy.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3






	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3









	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3

	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3


	-rm -f $(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_error_string_n.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_func_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3

	-rm -f $(DESTDIR)$(mandir)/man3/ERR_get_error_line.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3


	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_free_strings.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_PACK.3



	-rm -f $(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_add_error_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3












	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_MD_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_dss.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_dss1.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3









	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_md2.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_md5.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_md_null.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_ripemd160.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha1.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha224.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha256.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha384.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_sha512.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3






	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherInit.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ecb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_des_ofb.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_enc_null.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc4.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc4_40.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3




	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get_default_digest_nid.3



	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3





	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3

	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SealFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SignFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3











	-rm -f $(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3
	-rm -f $(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3
	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_Init.3



	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/HMAC_cleanup.3


	-rm -f $(DESTDIR)$(mandir)/man3/MD2.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD2_Final.3

	-rm -f $(DESTDIR)$(mandir)/man3/MD2_Init.3

	-rm -f $(DESTDIR)$(mandir)/man3/MD2_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD4_Update.3


	-rm -f $(DESTDIR)$(mandir)/man3/MD5_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD5_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/MD5_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_cleanup.3





	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_cmp.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_create.3


	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_dup.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3

	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3




	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLeay.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLeay_version.3

	-rm -f $(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3
	-rm -f $(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3


	-rm -f $(DESTDIR)$(mandir)/man3/EVP_cleanup.3

	-rm -f $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3
	-rm -f $(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3








	-rm -f $(DESTDIR)$(mandir)/man3/PEM.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3


	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509.3


	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3





	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3









	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3










	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3



	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509.3


	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3






	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3



	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3

	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3

	-rm -f $(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3
	-rm -f $(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_seed.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_status.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_file_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_write_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_SSLeay.3
	-rm -f $(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RC4_set_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_blinding_off.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3








	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3


	-rm -f $(DESTDIR)$(mandir)/man3/DHparams_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/DHparams_print_fp.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_print.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSA_print_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/DSAparams_print.3

	-rm -f $(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_print_fp.3





	-rm -f $(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/RSA_get_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_null_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_set_default_method.3




	-rm -f $(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3
	-rm -f $(DESTDIR)$(mandir)/man3/SHA1_Final.3
	-rm -f $(DESTDIR)$(mandir)/man3/SHA1_Init.3
	-rm -f $(DESTDIR)$(mandir)/man3/SHA1_Update.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_add_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_remove_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_ctrl.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSLv23_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv23_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSLv23_server_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv3_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv3_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSLv3_server_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_1_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3

	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_client_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/TLSv1_server_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/get_session_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/new_session_cb.3



	-rm -f $(DESTDIR)$(mandir)/man3/remove_session_cb.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/client_cert_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3
	-rm -f $(DESTDIR)$(mandir)/man3/pem_passwd_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_clear_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3










	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_options.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_psk_client_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_rsa.3






	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_verify.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/verify_callback.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_check_private_key.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_certificate.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_set_psk_server_callback.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_psk_server_callback.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_use_psk_identity_hint.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_time.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_timeout.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_time.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_timeout.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3

	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3



	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_rfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_wfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_psk_identity_hint.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_wbio.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get0_session.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get1_session.3


	-rm -f $(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3




	-rm -f $(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_rfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_set_wfd.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3




	-rm -f $(DESTDIR)$(mandir)/man3/SSL_state_string_long.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_nothing.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_read.3


	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_write.3
	-rm -f $(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3
	-rm -f $(DESTDIR)$(mandir)/man3/ERR_load_UI_strings.3

	-rm -f $(DESTDIR)$(mandir)/man3/UI_OpenSSL.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_info_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_input_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_user_data.3

	-rm -f $(DESTDIR)$(mandir)/man3/UI_add_verify_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_construct_prompt.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_ctrl.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_error_string.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_info_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_input_string.3





	-rm -f $(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_free.3

	-rm -f $(DESTDIR)$(mandir)/man3/UI_get0_result.3




	-rm -f $(DESTDIR)$(mandir)/man3/UI_get0_user_data.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_get_default_method.3



	-rm -f $(DESTDIR)$(mandir)/man3/UI_get_method.3


	-rm -f $(DESTDIR)$(mandir)/man3/UI_new_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_process.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_set_default_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/UI_set_method.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3


	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3










	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3


	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3


	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3




	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3

	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3
	-rm -f $(DESTDIR)$(mandir)/man3/X509_free.3


	-rm -f $(DESTDIR)$(mandir)/man3/bn_add_words.3



	-rm -f $(DESTDIR)$(mandir)/man3/bn_check_top.3


	-rm -f $(DESTDIR)$(mandir)/man3/bn_cmp_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_div_words.3



	-rm -f $(DESTDIR)$(mandir)/man3/bn_expand.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_expand2.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_fix_top.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_add_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_comba4.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_comba8.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_high.3

	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3



	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_normal.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_recursive.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_mul_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_set_high.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_set_low.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_set_max.3


	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3

	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_normal.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sqr_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_sub_words.3
	-rm -f $(DESTDIR)$(mandir)/man3/bn_wexpand.3

	-rm -f $(DESTDIR)$(mandir)/man3/mul.3
	-rm -f $(DESTDIR)$(mandir)/man3/mul_add.3
	-rm -f $(DESTDIR)$(mandir)/man3/sqr.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_dispatch.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_done.3

	-rm -f $(DESTDIR)$(mandir)/man3/crypto_freereq.3

	-rm -f $(DESTDIR)$(mandir)/man3/crypto_freesession.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_get_driverid.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_getreq.3

	-rm -f $(DESTDIR)$(mandir)/man3/crypto_newsession.3






	-rm -f $(DESTDIR)$(mandir)/man3/crypto_register.3
	-rm -f $(DESTDIR)$(mandir)/man3/crypto_unregister.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DHparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_DSAparams.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3


	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_DSAparams.3


	-rm -f $(DESTDIR)$(mandir)/man3/ECPKParameters_print.3
	-rm -f $(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3


	-rm -f $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3


	-rm -f $(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3







	-rm -f $(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3




	-rm -f $(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3


	-rm -f $(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_bio.3

	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_fp.3


	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_bio.3

	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3












	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3
	-rm -f $(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3
	-rm -f $(DESTDIR)$(mandir)/man3/des_read_2passwords.3
	-rm -f $(DESTDIR)$(mandir)/man3/des_read_password.3
	-rm -f $(DESTDIR)$(mandir)/man3/des_read_pw_string.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_add.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_by_id.3


	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_finish.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_first.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_last.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_next.3


	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3




	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_init.3

	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3
	-rm -f $(DESTDIR)$(mandir)/man3/ENGINE_remove.3



	-rm -f $(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3
	-rm -f $(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3

	-rm -f $(DESTDIR)$(mandir)/man3/lh_delete.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_doall.3



	-rm -f $(DESTDIR)$(mandir)/man3/lh_doall_arg.3

	-rm -f $(DESTDIR)$(mandir)/man3/lh_error.3














	-rm -f $(DESTDIR)$(mandir)/man3/lh_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_insert.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_retrieve.3

	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_stats.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/lh_stats_bio.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_accept_fds.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_accept_socket.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_client.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_close.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_new.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3


	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3








	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_protocols.3


	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_verify.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_verify_client.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3



	-rm -f $(DESTDIR)$(mandir)/man3/tls_configure.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_conn_cipher.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_conn_version.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect_fds.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect_servername.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_connect_socket.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_error.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_free.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_handshake.3





	-rm -f $(DESTDIR)$(mandir)/man3/tls_load_file.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_read.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_reset.3

	-rm -f $(DESTDIR)$(mandir)/man3/tls_server.3
	-rm -f $(DESTDIR)$(mandir)/man3/tls_write.3

# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:







>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
|
|
|
|
|
>
|
|
>
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
>
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
>
>
|
>
|
|
>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
|
|
>
>
>
|
|
>
|
>
|
|
>
>
|
>
>
|
|
>
>
>
|
|
>
>
>
|
|
|
|
|
>
|
>
>
|
|
|
>
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
>
|
>
>
|
>
|
|
>
>
|
>
|
>
>
>
>
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
|
|
|
|
>
>
|
>
>
>
>
|
>
>
|
|
|
>
|
|
|
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
>
|
>
|
|
|
|
|
>
>
>
>
|
>
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
|
>
>
|
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
>
|
|
|
>
>
>
>
>
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
|
>
|
|
|
|
|
|
|
>
>
|
>
>
>
|
|
|
>
|
|
|
|
|
|
|
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
>
>
|
>
>
>
>
>
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
>
>
|
|
|
>
|
>
|
>
>
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
|
>
|
>
|
|
>
>
>
>
|
|
>
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
>
|
>
>
>
|
|
|
|
|
>
|
|
>
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
|
|
>
|
|
|
|
|
>
|
|
>
>
|
|
|
|
|
|
>
>
|
|
>
>
>
>
|
|
|
|
|
>
>
>
>
|
|
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
>
|
>
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
>
|
|
|
>
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
>
|
|
>
>
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
>
>
>
>
>
|
|
>
|
>
|
|
|
>
|
>
|
|
|
|
|
|
>
>
>
>
|
|
|
>
>
|
|
|
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
>
|
>
>
|
>
>
>
>
>
>
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
|
|
>
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
>
>
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
>
|
>
>
>
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
>
>
>
|
|
|
|
>
>
>
>
>
>
>
>
>
|
>
|
|
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
>
|
>
>
>
|
|
|
|
|
>
>
>
|
|
|
>
>
>
|
|
|
|
|
|
|
>
|
>
|
>
>
|
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
>
>
|
|
|
>
>
|
|
|
>
|
|
|
|
>
|
|
>
>
|
>
|
|
>
|
>
|
>
>
>
>
|
>
>
|
|
>
|
|
|
>
|
>
>
>
>
|
|
>
|
|
>
>
>
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
>
|
|
>
>
>
|
|
>
>
|
|
|
|
>
>
>
|
>
>
>
>
|
>
>
|
|
|
>
>
>
>
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
>
|
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>
|
|
|
|
|
>
>
>
>
|
>
>
|
>
>
>
|
>
>
>
|
>
>
|
|
|
>
>
|
|
|
|
|
|
|
>
>
|
>
>
>
|
|
|
|
|
|
>
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
>
|
>
>
>
>
>
>
|
|
>
>
|
|
|
|
>
>
>
>
|
|
|
|
|
>
>
|
|
|
>
|
|
>
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
>
>
>
|
>
|
>
|
>
|
>
|
>
|
>
>
|
|
|
>
|
>
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
|
>
>
>
>
|
>
>
|
|
|
|
|
|
|
|
>
>
>
|
|
|
>
>
>
|
>
>
>
>
|
>
|
|
|
>
>
|
|
|
|
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
|
|
|
|
|
|
>
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
>
|
|
|
|
|
|
|


>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
>
>
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
>
|
>
>
>
>
>
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
|
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
>
|
|
>
>
>
>
>
>
>
|
>
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
>
|
|
>
|
|
|
|
>
|
>
|
|
>
>
>
>
>
|
|
>
>
>
|
|
>
|
>
|
|
|
|
|
>
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
>
|
>
>
|
>
|
|
>
>
|
>
|
>
>
>
>
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
>
|
>
|
>
>
>
>
|
|
|
|
|
|
|
>
|
>
|
>
>
|
|
|
>
>
>
|
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
|
|
>
|
>
|
|
>
>
>
>
|
|
>
|
>
|
>
|
|
>
|
|
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
>
|
|
|
|
|
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
|
>
|
>
>
>
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
>
|
>
>
|
|
|
|
|
|
|
>
|
|
>
>
|
|
|
>
|
|
|
|
|
|
>
>
>
|
|
|
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
|
>
|
|
|
|
|
|
|
|
>
|
|
|
>
>
>
>
|
|
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
>
>
>
|
|
>
|
>
>
>
|
|
|
|
|
>
|
|
>
|
|
|
|
|
|
>
>
>
>
>
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
>
>
|
>
|
|
|
>
>
>
|
>
|
|
>
>
|
>
|
|
>
|
>
>
>
|
|
|
|
|
|
>
>
|
>
>
|
>
|
|
>
|
>
>
>
|
|
|
>
|
>
|
|
>
>
|
>
|
|
>
>
>
|
|
>
|
|
|
|
|
|
|
|
>
|
|
>
|
>
>
|
|
>
>
>
|
>
>
>
>
|
|
|
|
>
|
|
|
>
|
|
>
|
|
|
|
>
>
|
|
>
>
>
>
|
|
>
|
>
>
|
|
>
>
>
>
|
|
|
|
|
>
>
>
>
|
|
>
>
|
|
|
|
>
|
|
|
>
|
|
|
|
>
>
>
|
|
|
|
|
|
>
>
>
|
>
>
>
>
>
|
|
|
|
|
>
|
|
>
>
|
>
>
|
|
|
>
>
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
>
>
>
|
|
>
>
|
|
>
|
>
|
|
|
|
|
>
>
|
|
|
|
>
>
>
>
>
|
|
>
>
|
|
|
>
|
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
>
>
|
>
|
|
>
>
>
>
>
>
>
>
|
|
|
>
|
>
>
|
|
|
>
|
>
|
|
>
|
|
|
>
>
|
|
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
>
>
|
|
>
|
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
|
>
|
|
>
|
>
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
>
|
|
|
>
>
>
>
>
>
>
>
|
|
>
>
|
|
>
|
>
|
|
>
|
|
>
>
>
>
>
|
|
|
>
|
|
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
>
|
|
>
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
|
>
|
>
>
|
>
>
>
|
|
>
>
>
|
|
|
|
|
|
>
|
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
>
>
|
>
>
>
|
|
|
|
|
|
|
|
>
>
>
|
>
>
|
>
>
>
>
>
>
|
|
|
>
|
|
|
|
|
|
|
|
>
|
>
>
>
|
>
>
>
>
>
>
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
>
|
|
|
|
>
>
>
|
>
>
>
|
|
|
>
>
>
|
>
>
>
>
>
>
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
>
|
|
|
>
>
|
|
|
>
|
|
|
|
>
|
|
>
>
|
>
|
|
>
>
>
|
>
|
>
>
|
>
>
|
|
|
|
|
|
|
|
|
>
>
>
|
>
>
|
|
>
>
>
|
|
|
>
|
|
>
>
|
|
>
|
|
>
>
>
|
|
|
|
|
|
>
>
|
>
>
>
>
|
|
>
>
|
|
|
|
>
>
>
>
|
|
>
>
|
>
>
|
|
|
>
|
>
>
|
|
|
|
|
>
|
|
|
|
>
>
|
|
|
>
>
>
>
>
|
|
>
|
>
>
>
>
|
>
>
|
>
>
>
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
|
|
>
|
|
|
|
|
>
|
>
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
|
|
|
>
>
|
|
|
|
|
>
>
|
|
|
|
>
>
>
>
|
|
>
|
|
|
>
>
|
>
>
>
|
>
>
|
|
>
>
>
|
|
|
|
|
|
|
>
|
|
>
>
>
|
|
|
|
|
|
|
|
>
>
|
>
|
|
|
|
|
|
>
|
|
|
|
|
>
|
>
|
|
|
>
|
>
>
>
>
>
>
|
|
>
|
|
|
|
|
|
>
|
|
>
>
|
|
|
>
>
|
|
>
>
|
>
>
|
|
|
>
>
>
>
>
>
>
|
|
|
>
|
|
|
>
>
>
>
|
>
|
>
|
|
|
>
|
>
>
|
|
|
>
|
>
>
|
|
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
>
>
|
>
>
>
>
|
>
|
|
>
>
>
|
|
|
|
|
>
|
|
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
|
|
|
|
|
|
|
|
|
|
>
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
>
|
|
>
>
|
|
|
|
>
>
>
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
|
>
|
|
|
|
|
>
|
|
|
|
>
|
|




656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863

864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933

2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
	maintainer-clean-generic mostlyclean mostlyclean-generic \
	mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
	uninstall-am uninstall-local uninstall-man uninstall-man3

.PRECIOUS: Makefile

install-data-hook:
	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3"
	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3"
	ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3"
	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3"
	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3"
	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3"
	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3"
	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3"
	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3"
	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3"
	ln -sf "ASN1_generate_nconf.3" "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
	ln -sf "ASN1_item_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3"
	ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3"
	ln -sf "AUTHORITY_KEYID_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3"
	ln -sf "BASIC_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_decrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3"
	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_options.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_eof.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_flush.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_close.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_pending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_reset.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_seek.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_close.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3"
	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3"
	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3"
	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3"
	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3"
	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3"
	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3"
	ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_type.3"
	ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_next.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3"
	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free_all.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_set.3"
	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_vfree.3"
	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3"
	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3"
	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3"
	ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3"
	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3"
	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_puts.3"
	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_write.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3"
	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3"
	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3"
	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3"
	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3"
	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3"
	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_file.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3"
	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3"
	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3"

	ln -sf "BIO_s_socket.3" "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3"
	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_read.3"
	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_write.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_div.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_exp.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_gcd.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mul.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_nnmod.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sqr.3"
	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sub.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_div_word.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mod_word.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mul_word.3"
	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_sub_word.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print.3"
	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print_fp.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_odd.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_one.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_word.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_zero.3"
	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_ucmp.3"
	ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_dup.3"
	ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_with_flags.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3"
	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3"
	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3"
	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_div_recp.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_free.3"
	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_init.3"
	ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits.3"
	ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3"
	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3"
	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3"
	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_rand_range.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift1.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift.3"
	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift1.3"
	ln -sf "BN_set_flags.3" "$(DESTDIR)$(mandir)/man3/BN_get_flags.3"
	ln -sf "BN_set_negative.3" "$(DESTDIR)$(mandir)/man3/BN_is_negative.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_get_word.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_reverse.3"
	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_strdup.3"
	ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3"
	ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3"
	ln -sf "CONF_modules_load_file.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3"
	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3"
	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_lock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3"
	ln -sf "CRYPTO_set_locking_callback.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_crypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_read.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_write.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_key_sched.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_random_key.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3"
	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3"
	ln -sf "DH_generate_key.3" "$(DESTDIR)$(mandir)/man3/DH_compute_key.3"
	ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check.3"
	ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3"
	ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3"
	ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3"
	ln -sf "DH_new.3" "$(DESTDIR)$(mandir)/man3/DH_free.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_new_method.3"
	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3"
	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3"
	ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3"
	ln -sf "DSA_do_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3"
	ln -sf "DSA_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3"
	ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3"
	ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3"
	ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_free.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_new_method.3"
	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3"
	ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3"
	ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_verify.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_size.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3"
	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3"
	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3"
	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3"
	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3"
	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3"
	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3"
	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3"
	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3"
	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_load_BN_strings.3"
	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3"
	ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_PACK.3"
	ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3"
	ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3"
	ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3"
	ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3"
	ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3"
	ln -sf "ERR_remove_state.3" "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3"
	ln -sf "ERR_set_mark.3" "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3"
	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3"
	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss1.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md2.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md_null.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha1.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha224.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
	ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3"
	ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3"
	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3"
	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3"
	ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3"
	ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3"
	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3"
	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3"
	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3"
	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3"
	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3"
	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3"
	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3"
	ln -sf "EVP_PKEY_decrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3"
	ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3"
	ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3"
	ln -sf "EVP_PKEY_encrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3"
	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3"
	ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3"
	ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3"
	ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3"
	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3"
	ln -sf "EVP_PKEY_sign.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3"
	ln -sf "EVP_PKEY_verify.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3"
	ln -sf "EVP_PKEY_verify_recover.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3"
	ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3"
	ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3"
	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3"
	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3"
	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3"
	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3"
	ln -sf "EXTENDED_KEY_USAGE_new.3" "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3"
	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Final.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Update.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3"
	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_size.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2_Final.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2_Init.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD2_Update.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Final.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Init.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Update.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Final.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Init.3"
	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Update.3"
	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3"
	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3"
	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_create.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3"
	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3"
	ln -sf "OCSP_CRLID_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3"
	ln -sf "OCSP_CRLID_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_crlID_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3"
	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3"
	ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3"
	ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3"
	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3"
	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3"
	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3"
	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3"
	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3"
	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3"
	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3"
	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay.3"
	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay_version.3"
	ln -sf "OPENSSL_config.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3"
	ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3"
	ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3"
	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3"
	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3"
	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3"
	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_do_header.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3"
	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3"
	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3"
	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3"
	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3"
	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3"
	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3"
	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3"
	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3"
	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3"
	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3"
	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_free.3"
	ln -sf "PKCS5_PBKDF2_HMAC.3" "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3"
	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_free.3"
	ln -sf "PKCS7_verify.3" "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3"
	ln -sf "PKCS8_PRIV_KEY_INFO_new.3" "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3"
	ln -sf "PKEY_USAGE_PERIOD_new.3" "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3"
	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3"
	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3"
	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3"
	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3"
	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3"
	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_seed.3"
	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_status.3"
	ln -sf "RAND_bytes.3" "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3"
	ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_file_name.3"
	ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_write_file.3"
	ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3"
	ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3"
	ln -sf "RC4.3" "$(DESTDIR)$(mandir)/man3/RC4_set_key.3"
	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3"
	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3"
	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3"
	ln -sf "RSA_PSS_PARAMS_new.3" "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3"
	ln -sf "RSA_blinding_on.3" "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3"
	ln -sf "RSA_generate_key.3" "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3"
	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3"
	ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSA_free.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3"
	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3"
	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3"
	ln -sf "RSA_private_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3"
	ln -sf "RSA_public_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_flags.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_new_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_null_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3"
	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3"
	ln -sf "RSA_sign.3" "$(DESTDIR)$(mandir)/man3/RSA_verify.3"
	ln -sf "RSA_sign_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Update.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Final.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Init.3"
	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Update.3"
	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3"
	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3"
	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3"
	ln -sf "SSL_COMP_add_compression_method.3" "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3"
	ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3"
	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3"
	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_add_session.3"
	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_remove_session.3"
	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3"
	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3"
	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3"
	ln -sf "SSL_CTX_flush_sessions.3" "$(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3"
	ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3"
	ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3"
	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3"
	ln -sf "SSL_CTX_load_verify_locations.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_method.3"
	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3"
	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3"
	ln -sf "SSL_CTX_sess_set_cache_size.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/get_session_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/new_session_cb.3"
	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/remove_session_cb.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3"
	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3"
	ln -sf "SSL_CTX_set_cert_store.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3"
	ln -sf "SSL_CTX_set_cipher_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3"
	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3"
	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3"
	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3"
	ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3"
	ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/client_cert_cb.3"
	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3"
	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3"
	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3"
	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3"
	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3"
	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3"
	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3"
	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3"
	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3"
	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3"
	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3"
	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3"
	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3"
	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3"
	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3"
	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_options.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3"
	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_set_options.3"
	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3"
	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3"
	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3"
	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3"
	ln -sf "SSL_CTX_set_session_cache_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3"
	ln -sf "SSL_CTX_set_session_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3"
	ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3"
	ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3"
	ln -sf "SSL_CTX_set_timeout.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3"
	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3"
	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3"
	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3"
	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3"
	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3"
	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/verify_callback.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3"
	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3"
	ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3"
	ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_time.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_time.3"
	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3"
	ln -sf "SSL_SESSION_print.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3"
	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3"
	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3"
	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3"
	ln -sf "SSL_get_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3"
	ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3"
	ln -sf "SSL_get_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3"
	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3"
	ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3"
	ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3"
	ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3"
	ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3"
	ln -sf "SSL_get_rbio.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3"
	ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3"
	ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_before.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_init.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3"
	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_state.3"
	ln -sf "SSL_get_version.3" "$(DESTDIR)$(mandir)/man3/SSL_version.3"
	ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3"
	ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3"
	ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3"
	ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3"
	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
	ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3"
	ln -sf "SSL_set_connect_state.3" "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3"
	ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3"
	ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3"
	ln -sf "SSL_set_max_send_fragment.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3"
	ln -sf "SSL_set_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3"
	ln -sf "SSL_state_string.3" "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_read.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_write.3"
	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_free.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_new.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNET_free.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3"
	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3"
	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3"
	ln -sf "UI_UTIL_read_pw.3" "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3"
	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3"
	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_set_result.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_ctrl.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_free.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_new_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_process.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3"
	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_method.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3"
	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3"
	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3"
	ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3"
	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3"
	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3"
	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3"
	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3"
	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3"
	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3"
	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3"
	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3"
	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3"
	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3"
	ln -sf "X509_NAME_new.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3"
	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3"
	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3"
	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3"
	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3"
	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3"
	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3"
	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3"
	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3"
	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3"
	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3"
	ln -sf "X509_SIG_new.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3"
	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3"
	ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3"
	ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3"
	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3"
	ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3"
	ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3"
	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3"
	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_email.3"
	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip.3"
	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3"
	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3"
	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3"
	ln -sf "X509_get_serialNumber.3" "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3"
	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3"
	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_set_version.3"
	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_free.3"
	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_up_ref.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3"
	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_verify.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3"
	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_add_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_check_top.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_div_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand2.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_fix_top.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_high.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_print.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_high.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_low.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_max.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sub_words.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_wexpand.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul_add.3"
	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/sqr.3"
	ln -sf "d2i_ASN1_NULL.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3"
	ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME_new.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME_new.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3"
	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3"
	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3"
	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3"
	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3"
	ln -sf "d2i_AUTHORITY_KEYID.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3"
	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3"
	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3"
	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3"
	ln -sf "d2i_DHparams.3" "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3"
	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3"
	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKPrivateKey_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPK_PUBKEY_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3"
	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3"
	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3"
	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3"
	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3"
	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3"
	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3"
	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3"
	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3"
	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3"
	ln -sf "d2i_PKEY_USAGE_PERIOD.3" "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3"
	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3"
	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3"
	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3"
	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3"
	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3"
	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3"
	ln -sf "d2i_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3"
	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3"
	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3"
	ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3"
	ln -sf "d2i_X509_ATTRIBUTE.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3"
	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3"
	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3"
	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3"
	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3"
	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3"
	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3"
	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3"
	ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3"
	ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_free.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_privkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_pubkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_init.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_cryptodev.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_new.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_privkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_pubkey_function.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RSA.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3"
	ln -sf "engine.3" "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3"
	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_delete.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_error.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_free.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3"
	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_configure.3"
	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_free.3"
	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_server.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3"
	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3"
	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3"
	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3"
	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3"
	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3"
	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3"
	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3"
	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3"
	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_error.3"
	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_free.3"
	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_new.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3"
	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result_msg.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3"
	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_close.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_error.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"

uninstall-local:
	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_decrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BF_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_eof.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_flush.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_close.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_pending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_reset.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_seek.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_close.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_next.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_free_all.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vfree.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_puts.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3"

	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_read.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_exp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_gcd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_nnmod.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sqr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sub.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mul_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sub_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_odd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_one.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_zero.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_ucmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_with_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div_recp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rand_range.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_negative.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_reverse.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_strdup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_get_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_numeric.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_set_pointer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_destroy_dynlockid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_new_dynlockid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_lock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_num_locks.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_create_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_destroy_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_dynlock_lock_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_crypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_read.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_key_sched.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_random_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_compute_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_check.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_load_BN_strings.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_PACK.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305_ietf.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md_null.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha224.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cbc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_cfb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ecb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc5_32_12_16_ofb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD2_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_crlID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_do_header.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_seed.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_file_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_write_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RC4_set_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_SSLv23.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_SSLv23.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_openssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_null_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_default_openssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Final.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_remove_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_flush_sessions.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_session_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/new_session_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/remove_session_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/client_cert_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_options.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_rsa.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tmp_rsa_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/verify_callback.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_before.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_state.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_read.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_write.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/SXNET_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_result.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_new_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_process.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_method.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_email.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_version.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_up_ref.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_verify.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_add_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_check_top.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_div_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_expand.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_expand2.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_fix_top.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_high.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_high.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_low.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_max.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sub_words.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/bn_wexpand.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/mul.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/mul_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/sqr.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPK_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_privkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_load_pubkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_init.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_cryptodev.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_privkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_load_pubkey_function.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RSA.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_delete.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_doall.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_configure.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_server.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurve.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_free.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_new.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result_msg.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_close.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_error.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"

# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
Added jni/libressl/man/NAME_CONSTRAINTS_new.3.


















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
.\"	$OpenBSD: NAME_CONSTRAINTS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt NAME_CONSTRAINTS_NEW 3
.Os
.Sh NAME
.Nm NAME_CONSTRAINTS_new ,
.Nm NAME_CONSTRAINTS_free ,
.Nm GENERAL_SUBTREE_new ,
.Nm GENERAL_SUBTREE_free
.Nd X.509 CA name constraints extension
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft NAME_CONSTRAINTS *
.Fn NAME_CONSTRAINTS_new void
.Ft void
.Fn NAME_CONSTRAINTS_free "NAME_CONSTRAINTS *names"
.Ft GENERAL_SUBTREE *
.Fn GENERAL_SUBTREE_new void
.Ft void
.Fn GENERAL_SUBTREE_free "GENERAL_SUBTREE *name"
.Sh DESCRIPTION
X.509 CA certificates can use the name constraints extension
to restrict the subject names of subsequent certificates in a
certification path.
.Pp
.Fn NAME_CONSTRAINTS_new
allocates and initializes an empty
.Vt NAME_CONSTRAINTS
object, representing an ASN.1
.Vt NameConstraints
structure defined in RFC 5280 section 4.2.1.10.
It consists of two
.Vt STACK_OF(GENERAL_SUBTREE)
objects, one specifying permitted names, the other excluded names.
.Fn NAME_CONSTRAINTS_free
frees
.Fa names .
.Pp
.Fn GENERAL_SUBTREE_new
allocates and initializes an empty
.Vt GENERAL_SUBTREE
object, representing an ASN.1
.Vt GeneralSubtree
structure defined in RFC 5280 section 4.2.1.10.
It is a trivial wrapper around the
.Vt GENERAL_NAME
object documented in
.Xr GENERAL_NAME_new 3 .
The standard requires the other fields of
.Vt GENERAL_SUBTREE
to be ignored.
.Fn GENERAL_SUBTREE_free
frees
.Fa name .
.Sh RETURN VALUES
.Fn NAME_CONSTRAINTS_new
and
.Fn GENERAL_SUBTREE_new
return the new
.Vt NAME_CONSTRAINTS
or
.Vt GENERAL_SUBTREE
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr GENERAL_NAMES_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.2.1.10: Name Constraints
Changes to jni/libressl/man/OBJ_nid2obj.3.
1

2
3
4
5
6
7

8
9


10







11
12



13


14
15


16




17
18
19
20

21
22
23
24
25
26
27
28
29
30
31
32
33

34


35












36
37
38


39
40
41


42
43
44
45





46





47


48
49
50
51
52



53
54


55
56



57
58
59
60


61
62



63
64

65




66
67
68





69
70
71



72
73
74
75
76

77





78
79
80
81


82
83
84

85

86
87
88











89

90
91



92





93

94
95
96
97
98
99
100
101
102
103
104
105

106
107


108
109
110
111
112
113
114
115
116
117
118
119

120


121

122

123






124
125


126
127




128
129



130
131


132
133




134


135





136
137

138













139

140

141




142
143









144
145
146
147
148
149
150
151
152

153
154
155
156
157
158
159
160
161
162

163
164
165
166
167
168
169

170
171
172



173
174
175





176


177






178
179

















180
181
182
183
184
185

186
187
188
189
190
191
192

193
194
195
196
197
198
199
200
201
202
203
204
205

206

207
208

209


210

211

212
213
214
215
216
217
218
219
220
221
222
223
224
225
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp

..
.de Vb \" Begin verbatim text


.ft CW







.nf
.ne \\$1



..


.de Ve \" End verbatim text
.ft R


.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will

.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""

.    ds C' ""


'br\}












.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p


.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.





.ie \n(.g .ds Aq \(aq





.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.



.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX
..



.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{


.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{

.            nr % 0




.            nr F 2
.        \}
.    \}





.\}
.rr rF
.\" ========================================================================



.\"
.IX Title "OBJ_nid2obj 3"
.TH OBJ_nid2obj 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l





.nh
.SH "NAME"
OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid,
OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup


\&\- ASN1 object utility functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 1

\& #include <openssl/objects.h>
\&
\& ASN1_OBJECT * OBJ_nid2obj(int n);











\& const char *  OBJ_nid2ln(int n);

\& const char *  OBJ_nid2sn(int n);
\&



\& int OBJ_obj2nid(const ASN1_OBJECT *o);





\& int OBJ_ln2nid(const char *ln);

\& int OBJ_sn2nid(const char *sn);
\&
\& int OBJ_txt2nid(const char *s);
\&
\& ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
\&
\& int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
\& ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
\&
\& int OBJ_create(const char *oid,const char *sn,const char *ln);
\& void OBJ_cleanup(void);

.Ve
.SH "DESCRIPTION"


.IX Header "DESCRIPTION"
The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are
a representation of the \s-1ASN1 OBJECT IDENTIFIER \s0(\s-1OID\s0) type.
.PP
\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID \s0\fBn\fR to
an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
or \fB\s-1NULL\s0\fR is an error occurred.
.PP
\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0
for the object \fBo\fR, the long name <ln> or the short name <sn> respectively
or NID_undef if an error occurred.
.PP

\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be


a long name, a short name or the numerical representation of an object.

.PP

\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure.






If \fBno_name\fR is 0 then long names and short names will be interpreted
as well as numerical forms. If \fBno_name\fR is 1 only the numerical form


is acceptable.
.PP




\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation.
The representation is written as a null terminated string to \fBbuf\fR



at most \fBbuf_len\fR bytes are written, truncating the result if necessary.
The total amount of space required is returned. If \fBno_name\fR is 0 then


if the object has a long or short name then that will be used, otherwise
the numerical form will be used. If \fBno_name\fR is 1 then the numerical




form will always be used.


.PP





\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned.
.PP

\&\fIOBJ_dup()\fR returns a copy of \fBo\fR.













.PP

\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the

numerical form of the object, \fBsn\fR the short name and \fBln\fR the




long name. A new \s-1NID\s0 is returned for the created object.
.PP









\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should
be called before an application exits if any new objects were added
using \fIOBJ_create()\fR.
.SH "NOTES"
.IX Header "NOTES"
Objects in OpenSSL can have a short name, a long name and a numerical
identifier (\s-1NID\s0) associated with them. A standard set of objects is
represented in an internal table. The appropriate values are defined
in the header file \fBobjects.h\fR.

.PP
For example the \s-1OID\s0 for commonName has the following definitions:
.PP
.Vb 3
\& #define SN_commonName                   "CN"
\& #define LN_commonName                   "commonName"
\& #define NID_commonName                  13
.Ve
.PP
New objects can be added by calling \fIOBJ_create()\fR.

.PP
Table objects have certain advantages over other objects: for example
their NIDs can be used in a C language switch statement. They are
also static constant structures which are shared: that is there
is only a single constant structure for each table object.
.PP
Objects which are not in the table have the \s-1NID\s0 value NID_undef.

.PP
Objects do not need to be in the internal tables to be processed,
the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical



form of an \s-1OID.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"





Create an object for \fBcommonName\fR:


.PP






.Vb 2
\& ASN1_OBJECT *o;

















\& o = OBJ_nid2obj(NID_commonName);
.Ve
.PP
Check if an object is \fBcommonName\fR
.PP
.Vb 2

\& if (OBJ_obj2nid(obj) == NID_commonName)
\&        /* Do something */
.Ve
.PP
Create a new \s-1NID\s0 and initialize an object from it:
.PP
.Vb 3

\& int new_nid;
\& ASN1_OBJECT *obj;
\& new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
\&
\& obj = OBJ_nid2obj(new_nid);
.Ve
.PP
Create a new object directly:
.PP
.Vb 1
\& obj = OBJ_txt2obj("1.2.3.4", 1);
.Ve
.SH "BUGS"

.IX Header "BUGS"

\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the
convention of other OpenSSL functions where the buffer can be set

to \fB\s-1NULL\s0\fR to determine the amount of data that should be written.


Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should

be set to a positive value. A buffer length of 80 should be more

than enough to handle any \s-1OID\s0 encountered in practice.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an
error occurred.
.PP
\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR
on error.
.PP
\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return
a \s-1NID\s0 or \fBNID_undef\fR on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3)
|
>

|
<
|
<
|
>
|
|
>
>
|
>
>
>
>
>
>
>
|
<
>
>
>
|
>
>
|
|
>
>
|
>
>
>
>
|
<
<
<
>
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
>
>
|
<
|
>
>
|
|
|
|
>
>
>
>
>
|
>
>
>
>
>
|
>
>
|
<
<
<
<
>
>
>
|
<
>
>
|
|
>
>
>
|
<
<
|
>
>
|
<
>
>
>
|
|
>
|
>
>
>
>
|
|
|
>
>
>
>
>
|
|
<
>
>
>
|
|
|
<
<
>
|
>
>
>
>
>
|
|
<
|
>
>
|
|
|
>
|
>
|
<
|
>
>
>
>
>
>
>
>
>
>
>
|
>
|
<
>
>
>
|
>
>
>
>
>
|
>
|
<
<
<
<
<
<
<
<
<
<
<
>
|
<
>
>
<
<
|
|
<
|
<
|
<
<
|
|
>
|
>
>
|
>
|
>
|
>
>
>
>
>
>
|
|
>
>
|
|
>
>
>
>
|
|
>
>
>
|
|
>
>
|
|
>
>
>
>
|
>
>
|
>
>
>
>
>
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
<
|
|
|
|
>
|
|
|
<
|
|
|
|
|
|
>
|

|
|

|
|
>
|
|
|
>
>
>
|
|
<
>
>
>
>
>
|
>
>
|
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
<
>
|
|
|
|
|
<
<
>
|
|
|
<
|
|
|

|
<
|
|
|
>
|
>
|
|
>
|
>
>
|
>
|
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
1
2
3
4

5

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68


69
70
71

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93




94
95
96
97

98
99
100
101
102
103
104
105


106
107
108
109

110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

131
132
133
134
135
136


137
138
139
140
141
142
143
144
145

146
147
148
149
150
151
152
153
154
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
179
180
181
182











183
184

185
186


187
188

189

190


191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282

283
284
285
286
287
288
289
290

291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

353
354
355
356
357
358


359
360
361
362

363
364
365
366
367

368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384













.\"	$OpenBSD: OBJ_nid2obj.3,v 1.5 2017/01/04 05:14:51 schwarze Exp $
.\"	OpenSSL c264592d May 14 11:28:00 2006 +0000
.\"
.\" This file is a derived work.

.\" The changes are covered by the following Copyright and license:

.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"



.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: January 4 2017 $
.Dt OBJ_NID2OBJ 3
.Os

.Sh NAME
.Nm OBJ_nid2obj ,
.Nm OBJ_nid2ln ,
.Nm OBJ_nid2sn ,
.Nm OBJ_obj2nid ,
.Nm OBJ_ln2nid ,
.Nm OBJ_sn2nid ,
.Nm OBJ_txt2nid ,
.Nm OBJ_txt2obj ,
.Nm OBJ_obj2txt ,
.Nm OBJ_cmp ,
.Nm OBJ_dup ,
.Nm OBJ_create ,
.Nm OBJ_cleanup ,
.Nm i2t_ASN1_OBJECT
.Nd inspect and create ASN.1 object identifiers
.Sh SYNOPSIS
.In openssl/objects.h
.Ft ASN1_OBJECT *
.Fo OBJ_nid2obj
.Fa "int n"
.Fc




.Ft const char *
.Fo OBJ_nid2ln
.Fa "int n"
.Fc

.Ft const char *
.Fo OBJ_nid2sn
.Fa "int n"
.Fc
.Ft int
.Fo OBJ_obj2nid
.Fa "const ASN1_OBJECT *o"
.Fc


.Ft int
.Fo OBJ_ln2nid
.Fa "const char *ln"
.Fc

.Ft int
.Fo OBJ_sn2nid
.Fa "const char *sn"
.Fc
.Ft int
.Fo OBJ_txt2nid
.Fa "const char *s"
.Fc
.Ft ASN1_OBJECT *
.Fo OBJ_txt2obj
.Fa "const char *s"
.Fa "int no_name"
.Fc
.Ft int
.Fo OBJ_obj2txt
.Fa "char *buf"
.Fa "int buf_len"
.Fa "const ASN1_OBJECT *a"
.Fa "int no_name"
.Fc
.Ft int

.Fo OBJ_cmp
.Fa "const ASN1_OBJECT *a"
.Fa "const ASN1_OBJECT *b"
.Fc
.Ft ASN1_OBJECT *
.Fo OBJ_dup


.Fa "const ASN1_OBJECT *o"
.Fc
.Ft int
.Fo OBJ_create
.Fa "const char *oid"
.Fa "const char *sn"
.Fa "const char *ln"
.Fc
.Ft void

.Fn OBJ_cleanup void
.In openssl/asn1.h
.Ft int
.Fo i2t_ASN1_OBJECT
.Fa "char *buf"
.Fa "int buf_len"
.Fa "ASN1_OBJECT *a"
.Fc
.Sh DESCRIPTION
The ASN.1 object utility functions process

.Vt ASN1_OBJECT
structures which are a representation of the ASN.1 OBJECT IDENTIFIER
(OID) type.
For convenience, OIDs are usually represented in source code as
numeric identifiers, or NIDs.
OpenSSL has an internal table of OIDs that are generated when the
library is built, and their corresponding NIDs are available as
defined constants.
For the functions below, application code should treat all returned
values \(em OIDs, NIDs, or names \(em as constants.
.Pp
.Fn OBJ_nid2obj ,
.Fn OBJ_nid2ln ,
and
.Fn OBJ_nid2sn

convert the NID
.Fa n
to an
.Vt ASN1_OBJECT
structure, its long name, and its short name, respectively, or return
.Dv NULL
if an error occurred.
.Pp
.Fn OBJ_obj2nid ,
.Fn OBJ_ln2nid ,
and
.Fn OBJ_sn2nid











return the corresponding NID for the object
.Fa o ,

the long name
.Fa ln ,


or the short name
.Fa sn ,

respectively, or

.Dv NID_undef


if an error occurred.
.Pp
.Fn OBJ_txt2nid
returns the NID corresponding to text string
.Fa s .
.Fa s
can be a long name, a short name, or the numerical representation
of an object.
.Pp
.Fn OBJ_txt2obj
converts the text string
.Fa s
into an
.Vt ASN1_OBJECT
structure.
If
.Fa no_name
is 0 then long names and short names will be interpreted as well as
numerical forms.
If
.Fa no_name
is 1 only the numerical form is acceptable.
.Pp
.Fn OBJ_obj2txt
converts the
.Vt ASN1_OBJECT
.Fa a
into a textual representation.
The representation is written as a NUL terminated string to
.Fa buf .
At most
.Fa buf_len
bytes are written, truncating the result if necessary.
The total amount of space required is returned.
If
.Fa no_name
is 0 and the object has a long or short name, then that will be used,
otherwise the numerical form will be used.
.Pp
.Fn i2t_ASN1_OBJECT
is the same as
.Fn OBJ_obj2txt
with
.Fa no_name
set to 0.
.Pp
.Fn OBJ_cmp
compares
.Fa a
to
.Fa b .
If the two are identical, 0 is returned.
.Pp
.Fn OBJ_dup
returns a deep copy of
.Fa o
if
.Fa o
is marked as dynamically allocated.
The new object and all data contained in it is marked as dynamically
allocated.
If
.Fa o
is not marked as dynamically allocated,
.Fn OBJ_dup
just returns
.Fa o
itself.
.Pp
.Fn OBJ_create
adds a new object to the internal table.
.Fa oid
is the numerical form of the object,
.Fa sn
the short name and
.Fa ln
the long name.
A new NID is returned for the created object.
.Pp
The new object added to the internal table and all the data
contained in it is marked as not dynamically allocated.
Consequently, retrieving it with
.Fn OBJ_nid2obj
or a similar function and then calling
.Xr ASN1_OBJECT_free 3
on the returned pointer will have no effect.
.Pp
.Fn OBJ_cleanup
cleans up the internal object table: this should be called before
an application exits if any new objects were added using
.Fn OBJ_create .
.Pp

Objects can have a short name, a long name, and a numerical
identifier (NID) associated with them.
A standard set of objects is represented in an internal table.
The appropriate values are defined in the header file
.In openssl/objects.h .
.Pp
For example, the OID for commonName has the following definitions:
.Bd -literal

#define SN_commonName                   "CN"
#define LN_commonName                   "commonName"
#define NID_commonName                  13
.Ed
.Pp
New objects can be added by calling
.Fn OBJ_create .
.Pp
Table objects have certain advantages over other objects: for example
their NIDs can be used in a C language switch statement.
They are also static constant structures which are shared: that is there
is only a single constant structure for each table object.
.Pp
Objects which are not in the table have the NID value
.Dv NID_undef .
.Pp
Objects do not need to be in the internal tables to be processed:
the functions
.Fn OBJ_txt2obj
and
.Fn OBJ_obj2txt
can process the numerical form of an OID.
.Sh RETURN VALUES

.Fn OBJ_nid2obj
and
.Fn OBJ_dup
return an
.Vt ASN1_OBJECT
object or
.Dv NULL
if an error occurs.
.Pp
.Fn OBJ_nid2ln
and
.Fn OBJ_nid2sn
return a valid string or
.Dv NULL
on error.
.Pp
.Fn OBJ_obj2nid ,
.Fn OBJ_ln2nid ,
.Fn OBJ_sn2nid ,
and
.Fn OBJ_txt2nid
return a NID or
.Dv NID_undef
on error.
.Pp
.Fn OBJ_create
returns the new NID or
.Dv NID_undef
if an error occurs.
.Sh EXAMPLES
Create an object for
.Sy commonName :
.Bd -literal -offset indent
ASN1_OBJECT *o;
o = OBJ_nid2obj(NID_commonName);
.Ed
.Pp
Check if an object is
.Sy commonName :

.Bd -literal -offset indent
if (OBJ_obj2nid(obj) == NID_commonName)
	/* Do something */
.Ed
.Pp
Create a new NID and initialize an object from it:


.Bd -literal -offset indent
int new_nid;
ASN1_OBJECT *obj;
new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");

obj = OBJ_nid2obj(new_nid);
.Ed
.Pp
Create a new object directly:
.Bd -literal -offset indent

obj = OBJ_txt2obj("1.2.3.4", 1);
.Ed
.Sh SEE ALSO
.Xr ERR_get_error 3
.Sh BUGS
.Fn OBJ_obj2txt
is awkward and messy to use: it doesn't follow the convention of other
OpenSSL functions where the buffer can be set to
.Dv NULL
to determine the amount of data that should be written.
Instead
.Fa buf
must point to a valid buffer and
.Fa buf_len
should be set to a positive value.
A buffer length of 80 should be more than enough to handle any OID
encountered in practice.













Added jni/libressl/man/OCSP_CRLID_new.3.


















































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
.\"	$OpenBSD: OCSP_CRLID_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt OCSP_CRLID_NEW 3
.Os
.Sh NAME
.Nm OCSP_CRLID_new ,
.Nm OCSP_CRLID_free ,
.Nm OCSP_crlID_new
.Nd OCSP CRL extension
.Sh SYNOPSIS
.In opsenssl/ocsp.h
.Ft OCSP_CRLID *
.Fn OCSP_CRLID_new void
.Ft void
.Fn OCSP_CRLID_free "OCSP_CRLID *crlid"
.Ft X509_EXTENSION *
.Fo OCSP_crlID_new
.Fa "char *url"
.Fa "long *number"
.Fa "char *time"
.Fc
.Sh DESCRIPTION
If a client asks about the validity of a certificate and it turns
out to be invalid, the responder may optionally communicate which
certificate revocation list the certificate was found on.
The required data is stored as an ASN.1
.Vt CrlID
structure in the singleExtensions field of the
.Vt SingleResponse
structure.
The
.Vt CrlID
is represented by an
.Vt OCSP_CRLID
object, which will be stored inside the
.Vt OCSP_SINGLERESP
object documented in
.Xr OCSP_SINGLERESP_new 3 .
.Pp
.Fn OCSP_CRLID_new
allocates and initializes an empty
.Vt OCSP_CRLID
object.
.Fn OCSP_CRLID_free
frees
.Fa crlid .
.Pp
.Fn OCSP_crlID_new
accepts the
.Fa url
at which the CRL is available, the CRL
.Fa number ,
and/or the
.Fa time
at which the CRL was created.
Each argument can be
.Dv NULL ,
in which case the respective field is omitted.
The resulting
.Vt CrlID
structure is encoded in ASN.1 using
.Xr X509V3_EXT_i2d 3
with criticality 0.
.Sh RETURN VALUES
.Fn OCSP_CRLID_new
returns a new
.Vt OCSP_CRLID
object or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_crlID_new
returns a new
.Vt X509_EXTENSION
object or
.Dv NULL
if an error occurred.
.Sh SEE ALSO
.Xr OCSP_resp_find_status 3 ,
.Xr OCSP_response_status 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.4.2: CRL References
.Sh CAVEATS
The function names
.Fn OCSP_CRLID_new
and
.Fn OCSP_crlID_new
only differ in case.
Added jni/libressl/man/OCSP_REQUEST_new.3.






























































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
.\"	$OpenBSD: OCSP_REQUEST_new.3,v 1.7 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt OCSP_REQUEST_NEW 3
.Os
.Sh NAME
.Nm OCSP_REQUEST_new ,
.Nm OCSP_REQUEST_free ,
.Nm OCSP_SIGNATURE_new ,
.Nm OCSP_SIGNATURE_free ,
.Nm OCSP_REQINFO_new ,
.Nm OCSP_REQINFO_free ,
.Nm OCSP_ONEREQ_new ,
.Nm OCSP_ONEREQ_free ,
.Nm OCSP_request_add0_id ,
.Nm OCSP_request_sign ,
.Nm OCSP_request_add1_cert ,
.Nm OCSP_request_onereq_count ,
.Nm OCSP_request_onereq_get0
.Nd OCSP request functions
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_REQUEST *
.Fn OCSP_REQUEST_new void
.Ft void
.Fn OCSP_REQUEST_free "OCSP_REQUEST *req"
.Ft OCSP_SIGNATURE *
.Fn OCSP_SIGNATURE_new void
.Ft void
.Fn OCSP_SIGNATURE_free "OCSP_SIGNATURE *signature"
.Ft OCSP_REQINFO *
.Fn OCSP_REQINFO_new void
.Ft void
.Fn OCSP_REQINFO_free "OCSP_REQINFO *reqinfo"
.Ft OCSP_ONEREQ *
.Fn OCSP_ONEREQ_new void
.Ft void
.Fn OCSP_ONEREQ_free "OCSP_ONEREQ *onereq"
.Ft OCSP_ONEREQ *
.Fo OCSP_request_add0_id
.Fa "OCSP_REQUEST *req"
.Fa "OCSP_CERTID *cid"
.Fc
.Ft int
.Fo OCSP_request_sign
.Fa "OCSP_REQUEST *req"
.Fa "X509 *signer"
.Fa "EVP_PKEY *key"
.Fa "const EVP_MD *dgst"
.Fa "STACK_OF(X509) *certs"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo OCSP_request_add1_cert
.Fa "OCSP_REQUEST *req"
.Fa "X509 *cert"
.Fc
.Ft int
.Fo OCSP_request_onereq_count
.Fa "OCSP_REQUEST *req"
.Fc
.Ft OCSP_ONEREQ *
.Fo OCSP_request_onereq_get0
.Fa "OCSP_REQUEST *req"
.Fa "int i"
.Fc
.Sh DESCRIPTION
.Fn OCSP_REQUEST_new
allocates and initializes an empty
.Vt OCSP_REQUEST
object, representing an ASN.1
.Vt OCSPRequest
structure defined in RFC 6960.
.Fn OCSP_REQUEST_free
frees
.Fa req .
.Pp
.Fn OCSP_SIGNATURE_new
allocates and initializes an empty
.Vt OCSP_SIGNATURE
object, representing an ASN.1
.Vt Signature
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_REQUEST .
.Fn OCSP_SIGNATURE_free
frees
.Fa signature .
.Pp
.Fn OCSP_REQINFO_new
allocates and initializes an empty
.Vt OCSP_REQINFO
object, representing an ASN.1
.Vt TBSRequest
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_REQUEST .
It asks about the validity of one or more certificates.
.Fn OCSP_REQINFO_free
frees
.Fa reqinfo .
.Pp
.Fn OCSP_ONEREQ_new
allocates and initializes an empty
.Vt OCSP_ONEREQ
object, representing an ASN.1
.Vt Request
structure defined in RFC 6960.
Such objects are used inside
.Vt OCSP_REQINFO .
Each one asks about the validity of one certificiate.
.Fn OCSP_ONEREQ_free
frees
.Fa onereq .
.Pp
.Fn OCSP_request_add0_id
adds certificate ID
.Fa cid
to
.Fa req .
It returns the
.Vt OCSP_ONEREQ
object added so an application can add additional extensions to the
request.
The
.Fa cid
parameter must not be freed up after the operation.
.Pp
.Fn OCSP_request_sign
signs OCSP request
.Fa req
using certificate
.Fa signer ,
private key
.Fa key ,
digest
.Fa dgst ,
and additional certificates
.Fa certs .
If the
.Fa flags
option
.Dv OCSP_NOCERTS
is set, then no certificates will be included in the request.
.Pp
.Fn OCSP_request_add1_cert
adds certificate
.Fa cert
to request
.Fa req .
The application is responsible for freeing up
.Fa cert
after use.
.Pp
.Fn OCSP_request_onereq_count
returns the total number of
.Vt OCSP_ONEREQ
objects in
.Fa req .
.Pp
.Fn OCSP_request_onereq_get0
returns an internal pointer to the
.Vt OCSP_ONEREQ
contained in
.Fa req
of index
.Fa i .
The index value
.Fa i
runs from 0 to
.Fn OCSP_request_onereq_count req No - 1 .
.Pp
.Fn OCSP_request_onereq_count
and
.Fn OCSP_request_onereq_get0
are mainly used by OCSP responders.
.Sh RETURN VALUES
.Fn OCSP_REQUEST_new ,
.Fn OCSP_SIGNATURE_new ,
.Fn OCSP_REQINFO_new ,
and
.Fn OCSP_ONEREQ_new
return an empty
.Vt OCSP_REQUEST ,
.Vt OCSP_SIGNATURE ,
.Vt OCSP_REQINFO ,
or
.Vt OCSP_ONEREQ
object, respectively, or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_request_add0_id
returns the
.Vt OCSP_ONEREQ
object containing
.Fa cid
or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_request_sign
and
.Fn OCSP_request_add1_cert
return 1 for success or 0 for failure.
.Pp
.Fn OCSP_request_onereq_count
returns the total number of
.Vt OCSP_ONEREQ
objects in
.Fa req .
.Pp
.Fn OCSP_request_onereq_get0
returns a pointer to an
.Vt OCSP_ONEREQ
object or
.Dv NULL
if the index value is out of range.
.Sh EXAMPLES
Create an
.Vt OCSP_REQUEST
object for certificate
.Fa cert
with issuer
.Fa issuer :
.Bd -literal -offset indent
OCSP_REQUEST *req;
OCSP_ID *cid;

req = OCSP_REQUEST_new();
if (req == NULL)
	/* error */
cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
if (cid == NULL)
	/* error */

if (OCSP_REQUEST_add0_id(req, cid) == NULL)
	/* error */

 /* Do something with req, e.g. query responder */

OCSP_REQUEST_free(req);
.Ed
.Sh SEE ALSO
.Xr ACCESS_DESCRIPTION_new 3 ,
.Xr OCSP_cert_to_id 3 ,
.Xr OCSP_request_add1_nonce 3 ,
.Xr OCSP_resp_find_status 3 ,
.Xr OCSP_response_status 3 ,
.Xr OCSP_sendreq_new 3 ,
.Xr OCSP_SERVICELOC_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.1: Request Syntax
Added jni/libressl/man/OCSP_SERVICELOC_new.3.










































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
.\"	$OpenBSD: OCSP_SERVICELOC_new.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt OCSP_SERVICELOC_NEW 3
.Os
.Sh NAME
.Nm OCSP_SERVICELOC_new ,
.Nm OCSP_SERVICELOC_free ,
.Nm OCSP_url_svcloc_new
.Nd OCSP service locator extension
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_SERVICELOC *
.Fn OCSP_SERVICELOC_new void
.Ft void
.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc"
.Ft X509_EXTENSION *
.Fo OCSP_url_svcloc_new
.Fa "X509_NAME *issuer"
.Fa "char **urls"
.Fc
.Sh DESCRIPTION
Due to restrictions of network routing, a client may be unable to
directly contact the authoritative OCSP server for a certificate
that needs to be checked.
In that case, the request can be sent via a proxy server.
An ASN.1
.Vt ServiceLocator
structure is included in the singleRequestExtensions field of the
.Vt Request
structure to indicate where to forward the request.
The
.Vt ServiceLocator
is represented by a
.Vt OCSP_SERVICELOC
object, which will be stored inside the
.Vt OCSP_ONEREQ
object documented in
.Xr OCSP_ONEREQ_new 3 .
.Pp
.Fn OCSP_SERVICELOC_new
allocates and initializes an empty
.Vt OCSP_SERVICELOC
object.
.Fn OCSP_SERVICELOC_free
frees
.Fa sloc .
.Pp
.Fn OCSP_url_svcloc_new
requires an
.Fa issuer
name and optionally accepts an array of
.Fa urls .
If
.Fa urls
or its first element is
.Dv NULL ,
the locator field is omitted from the
.Vt ServiceLocator
structure and only the issuer is included.
The resulting
.Vt ServiceLocator
structure is encoded in ASN.1 using
.Xr X509V3_EXT_i2d 3
with criticality 0.
.Sh RETURN VALUES
.Fn OCSP_SERVICELOC_new
returns a new
.Vt OCSP_SERVICELOC
object or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_url_svcloc_new
returns a new
.Vt X509_EXTENSION
object or
.Dv NULL
if an error occurred.
.Sh SEE ALSO
.Xr OCSP_REQUEST_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_get_issuer_name 3 ,
.Xr X509_NAME_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.4.6: Service Locator
Added jni/libressl/man/OCSP_cert_to_id.3.




































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
.\"	$OpenBSD: OCSP_cert_to_id.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt OCSP_CERT_TO_ID 3
.Os
.Sh NAME
.Nm OCSP_CERTID_new ,
.Nm OCSP_CERTID_free ,
.Nm OCSP_cert_to_id ,
.Nm OCSP_cert_id_new ,
.Nm OCSP_id_issuer_cmp ,
.Nm OCSP_id_cmp ,
.Nm OCSP_id_get0_info
.Nd OCSP certificate ID utility functions
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_CERTID *
.Fn OCSP_CERTID_new void
.Ft void
.Fn OCSP_CERTID_free "OCSP_CERTID *id"
.Ft OCSP_CERTID *
.Fo OCSP_cert_to_id
.Fa "const EVP_MD *dgst"
.Fa "X509 *subject"
.Fa "X509 *issuer"
.Fc
.Ft OCSP_CERTID *
.Fo OCSP_cert_id_new
.Fa "const EVP_MD *dgst"
.Fa "X509_NAME *issuerName"
.Fa "ASN1_BIT_STRING *issuerKey"
.Fa "ASN1_INTEGER *serialNumber"
.Fc
.Ft int
.Fo OCSP_id_issuer_cmp
.Fa "OCSP_CERTID *a"
.Fa "OCSP_CERTID *b"
.Fc
.Ft int
.Fo OCSP_id_cmp
.Fa "OCSP_CERTID *a"
.Fa "OCSP_CERTID *b"
.Fc
.Ft int
.Fo OCSP_id_get0_info
.Fa "ASN1_OCTET_STRING **piNameHash"
.Fa "ASN1_OBJECT **pmd"
.Fa "ASN1_OCTET_STRING **pikeyHash"
.Fa "ASN1_INTEGER **pserial"
.Fa "OCSP_CERTID *cid"
.Fc
.Sh DESCRIPTION
.Fn OCSP_CERTID_new
allocates and initializes an empty
.Vt OCSP_CERTID
object, representing an ASN.1
.Vt CertID
structure defined in RFC 6960.
It can store hashes of an issuer's distinguished name and public
key together with a serial number of a certificate.
It is used by the
.Vt OCSP_ONEREQ
object described in
.Xr OCSP_ONEREQ_new 3
and by the
.Vt OCSP_SINGLERESP
object described in
.Xr OCSP_SINGLERESP_new 3 .
.Fn OCSP_CERTID_free
frees
.Fa id .
.Pp
.Fn OCSP_cert_to_id
creates and returns a new
.Vt OCSP_CERTID
object using message digest
.Fa dgst
for certificate
.Fa subject
with issuer
.Fa issuer .
If
.Fa dgst
is
.Dv NULL
then SHA1 is used.
.Pp
.Fn OCSP_cert_id_new
creates and returns a new
.Vt OCSP_CERTID
using
.Fa dgst
and issuer name
.Fa issuerName ,
issuer key hash
.Fa issuerKey
and serial number
.Fa serialNumber .
.Pp
.Fn OCSP_id_cmp
compares
.Vt OCSP_CERTID
.Fa a
and
.Fa b .
.Pp
.Fn OCSP_id_issuer_cmp
compares only the issuer name of
.Vt OCSP_CERTID
.Fa a
and
.Fa b .
.Pp
.Fn OCSP_id_get0_info
returns the issuer name hash, hash OID, issuer key hash and serial
number contained in
.Fa cid .
If any of the values are not required the corresponding parameter can be
set to
.Dv NULL .
The values returned by
.Fn OCSP_id_get0_info
are internal pointers and must not be freed up by an application:
they will be freed when the corresponding
.Vt OCSP_CERTID
object is freed.
.Pp
OCSP clients will typically only use
.Fn OCSP_cert_to_id
or
.Fn OCSP_cert_id_new :
the other functions are used by responder applications.
.Sh RETURN VALUES
.Fn OCSP_CERTID_new ,
.Fn OCSP_cert_to_id ,
and
.Fn OCSP_cert_id_new
return either a pointer to a valid
.Vt OCSP_CERTID
object or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_id_cmp
and
.Fn OCSP_id_issuer_cmp
return 0 for a match or non-zero otherwise.
.Pp
.Fn OCSP_id_get0_info
returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr OCSP_request_add1_nonce 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr OCSP_resp_find_status 3 ,
.Xr OCSP_response_status 3 ,
.Xr OCSP_sendreq_new 3 ,
.Xr X509_get_issuer_name 3 ,
.Xr X509_NAME_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4: Details of the Protocol
Added jni/libressl/man/OCSP_request_add1_nonce.3.






























































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
.\"	$OpenBSD: OCSP_request_add1_nonce.3,v 1.3 2016/12/06 14:54:55 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt OCSP_REQUEST_ADD1_NONCE 3
.Os
.Sh NAME
.Nm OCSP_request_add1_nonce ,
.Nm OCSP_basic_add1_nonce ,
.Nm OCSP_check_nonce ,
.Nm OCSP_copy_nonce
.Nd OCSP nonce functions
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft int
.Fo OCSP_request_add1_nonce
.Fa "OCSP_REQUEST *req"
.Fa "unsigned char *val"
.Fa "int len"
.Fc
.Ft int
.Fo OCSP_basic_add1_nonce
.Fa "OCSP_BASICRESP *resp"
.Fa "unsigned char *val"
.Fa "int len"
.Fc
.Ft int
.Fo OCSP_check_nonce
.Fa "OCSP_REQUEST *req"
.Fa "OCSP_BASICRESP *resp"
.Fc
.Ft int
.Fo OCSP_copy_nonce
.Fa "OCSP_BASICRESP *resp"
.Fa "OCSP_REQUEST *req"
.Fc
.Sh DESCRIPTION
An OCSP nonce is typically added to an OCSP request to thwart replay
attacks by checking the same nonce value appears in the response.
.Pp
.Fn OCSP_request_add1_nonce
adds a nonce of value
.Fa val
and length
.Fa len
to OCSP request
.Fa req .
If
.Fa val
is
.Dv NULL ,
a random nonce is used.
If
.Fa len
is zero or negative, a default length will be used (currently 16 bytes).
For most purposes the nonce value in a request is set to a random value
so the
.Fa val
parameter in
.Fn OCSP_request_add1_nonce
is usually NULL.
.Pp
.Fn OCSP_basic_add1_nonce
is identical to
.Fn OCSP_request_add1_nonce
except it adds a nonce to OCSP basic response
.Fa resp .
.Pp
.Fn OCSP_check_nonce
compares the nonce value in
.Fa req
and
.Fa resp .
.Pp
.Fn OCSP_copy_nonce
copies any nonce value present in
.Fa req
to
.Fa resp .
.Pp
Some responders may include a nonce in all responses even if one is not
supplied.
.Pp
Some responders cache OCSP responses and do not sign each response for
performance reasons.
As a result they do not support nonces.
.Sh RETURN VALUES
.Fn OCSP_request_add1_nonce
and
.Fn OCSP_basic_add1_nonce
return 1 for success or 0 for failure.
.Pp
.Fn OCSP_copy_nonce
returns 1 if a nonce was successfully copied, 2 if no nonce was
present in
.Fa req ,
or 0 if an error occurred.
.Pp
.Fn OCSP_check_nonce
returns positive values for success: 1 if nonces are present and
equal, 2 if both nonces are absent, or 3 if a nonce is present in
the response only.
A zero return value indicates that both nonces are present but
mismatch: this should be treated as an error condition.
A return value of -1 indicates that a nonce is present in the request
only: this will happen if the responder doesn't support nonces.
.Sh SEE ALSO
.Xr OCSP_cert_to_id 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr OCSP_resp_find_status 3 ,
.Xr OCSP_response_status 3 ,
.Xr OCSP_sendreq_new 3
Added jni/libressl/man/OCSP_resp_find_status.3.




















































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
.\"	$OpenBSD: OCSP_resp_find_status.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL c952780c Jun 21 07:03:34 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt OCSP_RESP_FIND_STATUS 3
.Os
.Sh NAME
.Nm OCSP_SINGLERESP_new ,
.Nm OCSP_SINGLERESP_free ,
.Nm OCSP_CERTSTATUS_new ,
.Nm OCSP_CERTSTATUS_free ,
.Nm OCSP_REVOKEDINFO_new ,
.Nm OCSP_REVOKEDINFO_free ,
.Nm OCSP_resp_find_status ,
.Nm OCSP_resp_count ,
.Nm OCSP_resp_get0 ,
.Nm OCSP_resp_find ,
.Nm OCSP_single_get0_status ,
.Nm OCSP_check_validity
.Nd OCSP response utility functions
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_SINGLERESP *
.Fn OCSP_SINGLERESP_new void
.Ft void
.Fn OCSP_SINGLERESP_free "OCSP_SINGLERESP *single"
.Ft OCSP_CERTSTATUS *
.Fn OCSP_CERTSTATUS_new void
.Ft void
.Fn OCSP_CERTSTATUS_free "OCSP_CERTSTATUS *certstatus"
.Ft OCSP_REVOKEDINFO *
.Fn OCSP_REVOKEDINFO_new void
.Ft void
.Fn OCSP_REVOKEDINFO_free "OCSP_REVOKEDINFO *revokedinfo"
.Ft int
.Fo OCSP_resp_find_status
.Fa "OCSP_BASICRESP *bs"
.Fa "OCSP_CERTID *id"
.Fa "int *status"
.Fa "int *reason"
.Fa "ASN1_GENERALIZEDTIME **revtime"
.Fa "ASN1_GENERALIZEDTIME **thisupd"
.Fa "ASN1_GENERALIZEDTIME **nextupd"
.Fc
.Ft int
.Fo OCSP_resp_count
.Fa "OCSP_BASICRESP *bs"
.Fc
.Ft OCSP_SINGLERESP *
.Fo OCSP_resp_get0
.Fa "OCSP_BASICRESP *bs"
.Fa "int idx"
.Fc
.Ft int
.Fo OCSP_resp_find
.Fa "OCSP_BASICRESP *bs"
.Fa "OCSP_CERTID *id"
.Fa "int last"
.Fc
.Ft int
.Fo OCSP_single_get0_status
.Fa "OCSP_SINGLERESP *single"
.Fa "int *reason"
.Fa "ASN1_GENERALIZEDTIME **revtime"
.Fa "ASN1_GENERALIZEDTIME **thisupd"
.Fa "ASN1_GENERALIZEDTIME **nextupd"
.Fc
.Ft int
.Fo OCSP_check_validity
.Fa "ASN1_GENERALIZEDTIME *thisupd"
.Fa "ASN1_GENERALIZEDTIME *nextupd"
.Fa "long sec"
.Fa "long maxsec"
.Fc
.Sh DESCRIPTION
.Fn OCSP_SINGLERESP_new
allocates and initializes an empty
.Vt OCSP_SINGLERESP
object, representing an ASN.1
.Vt SingleResponse
structure defined in RFC 6960.
Each such object can store the server's answer regarding the validity
of one individual certificate.
Such objects are used inside the
.Vt OCSP_RESPDATA
of
.Vt OCSP_BASICRESP
objects, which are described in
.Xr OCSP_BASICRESP_new 3 .
.Fn OCSP_SINGLERESP_free
frees
.Fa single .
.Pp
.Fn OCSP_CERTSTATUS_new
allocates and initializes an empty
.Vt OCSP_CERTSTATUS
object, representing an ASN.1
.Vt CertStatus
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_SINGLERESP .
.Fn OCSP_CERTSTATUS_free
frees
.Fa certstatus .
.Pp
.Fn OCSP_REVOKEDINFO_new
allocates and initializes an empty
.Vt OCSP_REVOKEDINFO
object, representing an ASN.1
.Vt RevokedInfo
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_CERTSTATUS .
.Fn OCSP_REVOKEDINFO_free
frees
.Fa revokedinfo .
.Pp
.Fn OCSP_resp_find_status
searches
.Fa bs
for an OCSP response for
.Fa id .
If it is successful, the fields of the response are returned in
.Pf * Fa status ,
.Pf * Fa reason ,
.Pf * Fa revtime ,
.Pf * Fa thisupd
and
.Pf * Fa nextupd .
The
.Pf * Fa status
value will be one of
.Dv V_OCSP_CERTSTATUS_GOOD ,
.Dv V_OCSP_CERTSTATUS_REVOKED ,
or
.Dv V_OCSP_CERTSTATUS_UNKNOWN .
The
.Pf * Fa reason
and
.Pf * Fa revtime
fields are only set if the status is
.Dv V_OCSP_CERTSTATUS_REVOKED .
If set, the
.Pf * Fa reason
field will be set to the revocation reason which will be one of
.Dv OCSP_REVOKED_STATUS_NOSTATUS ,
.Dv OCSP_REVOKED_STATUS_UNSPECIFIED ,
.Dv OCSP_REVOKED_STATUS_KEYCOMPROMISE ,
.Dv OCSP_REVOKED_STATUS_CACOMPROMISE ,
.Dv OCSP_REVOKED_STATUS_AFFILIATIONCHANGED ,
.Dv OCSP_REVOKED_STATUS_SUPERSEDED ,
.Dv OCSP_REVOKED_STATUS_CESSATIONOFOPERATION ,
.Dv OCSP_REVOKED_STATUS_CERTIFICATEHOLD
or
.Dv OCSP_REVOKED_STATUS_REMOVEFROMCRL .
.Pp
.Fn OCSP_resp_count
returns the number of
.Vt OCSP_SINGLERESP
structures in
.Fa bs .
.Pp
.Fn OCSP_resp_get0
returns the
.Vt OCSP_SINGLERESP
structure in
.Fa bs
corresponding to index
.Fa idx ,
where
.Fa idx
runs from 0 to
.Fn OCSP_resp_count bs No - 1 .
.Pp
.Fn OCSP_resp_find
searches
.Fa bs
for
.Fa id
and returns the index of the first matching entry after
.Fa last
or starting from the beginning if
.Fa last
is -1.
.Pp
.Fn OCSP_single_get0_status
extracts the fields of
.Fa single
in
.Pf * Fa reason ,
.Pf * Fa revtime ,
.Pf * Fa thisupd ,
and
.Pf * Fa nextupd .
.Pp
.Fn OCSP_check_validity
checks the validity of
.Fa thisupd
and
.Fa nextupd
values which will be typically obtained from
.Fn OCSP_resp_find_status
or
.Fn OCSP_single_get0_status .
If
.Fa sec
is non-zero it indicates how many seconds leeway should be allowed in
the check.
If
.Fa maxsec
is positive it indicates the maximum age of
.Fa thisupd
in seconds.
.Pp
Applications will typically call
.Fn OCSP_resp_find_status
using the certificate ID of interest and then check its validity using
.Fn OCSP_check_validity .
They can then take appropriate action based on the status of the
certificate.
.Pp
An OCSP response for a certificate contains
.Sy thisUpdate
and
.Sy nextUpdate
fields.
Normally the current time should be between these two values.
To account for clock skew, the
.Fa maxsec
field can be set to non-zero in
.Fn OCSP_check_validity .
Some responders do not set the
.Sy nextUpdate
field.
This would otherwise mean an ancient response would be considered
valid: the
.Fa maxsec
parameter to
.Fn OCSP_check_validity
can be used to limit the permitted age of responses.
.Pp
The values written to
.Pf * Fa revtime ,
.Pf * Fa thisupd ,
and
.Pf * Fa nextupd
by
.Fn OCSP_resp_find_status
and
.Fn OCSP_single_get0_status
are internal pointers which must not be freed up by the calling
application.
Any or all of these parameters can be set to
.Dv NULL
if their value is not required.
.Sh RETURN VALUES
.Fn OCSP_SINGLERESP_new ,
.Fn OCSP_CERTSTATUS_new ,
and
.Fn OCSP_REVOKEDINFO_new
return a pointer to an empty
.Vt OCSP_SINGLERESP ,
.Vt OCSP_CERTSTATUS ,
or
.Vt OCSP_REVOKEDINFO
object, respectively, or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_resp_find_status
returns 1 if
.Fa id
is found in
.Fa bs
or 0 otherwise.
.Pp
.Fn OCSP_resp_count
returns the total number of
.Vt OCSP_SINGLERESP
fields in
.Fa bs .
.Pp
.Fn OCSP_resp_get0
returns a pointer to an
.Vt OCSP_SINGLERESP
structure or
.Dv NULL
if
.Fa idx
is out of range.
.Pp
.Fn OCSP_resp_find
returns the index of
.Fa id
in
.Fa bs
(which may be 0) or -1 if
.Fa id
was not found.
.Pp
.Fn OCSP_single_get0_status
returns the status of
.Fa single
or -1 if an error occurred.
.Sh SEE ALSO
.Xr OCSP_cert_to_id 3 ,
.Xr OCSP_CRLID_new 3 ,
.Xr OCSP_request_add1_nonce 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr OCSP_response_status 3 ,
.Xr OCSP_sendreq_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.2: Response Syntax
Added jni/libressl/man/OCSP_response_status.3.






















































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
.\"	$OpenBSD: OCSP_response_status.3,v 1.4 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt OCSP_RESPONSE_STATUS 3
.Os
.Sh NAME
.Nm OCSP_RESPONSE_new ,
.Nm OCSP_RESPONSE_free ,
.Nm OCSP_RESPBYTES_new ,
.Nm OCSP_RESPBYTES_free ,
.Nm OCSP_BASICRESP_new ,
.Nm OCSP_BASICRESP_free ,
.Nm OCSP_RESPDATA_new ,
.Nm OCSP_RESPDATA_free ,
.Nm OCSP_RESPID_new ,
.Nm OCSP_RESPID_free ,
.Nm OCSP_response_create ,
.Nm OCSP_response_status ,
.Nm OCSP_response_get1_basic
.Nd OCSP response functions
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_RESPONSE *
.Fn OCSP_RESPONSE_new void
.Ft void
.Fn OCSP_RESPONSE_free "OCSP_RESPONSE *resp"
.Ft OCSP_RESPBYTES *
.Fn OCSP_RESPBYTES_new void
.Ft void
.Fn OCSP_RESPBYTES_free "OCSP_RESPBYTES *respbytes"
.Ft OCSP_BASICRESP *
.Fn OCSP_BASICRESP_new void
.Ft void
.Fn OCSP_BASICRESP_free "OCSP_BASICRESP *bs"
.Ft OCSP_RESPDATA *
.Fn OCSP_RESPDATA_new void
.Ft void
.Fn OCSP_RESPDATA_free "OCSP_RESPDATA *respdata"
.Ft OCSP_RESPID *
.Fn OCSP_RESPID_new void
.Ft void
.Fn OCSP_RESPID_free "OCSP_RESPID *respid"
.Ft OCSP_RESPONSE *
.Fo OCSP_response_create
.Fa "int status"
.Fa "OCSP_BASICRESP *bs"
.Fc
.Ft int
.Fo OCSP_response_status
.Fa "OCSP_RESPONSE *resp"
.Fc
.Ft OCSP_BASICRESP *
.Fo OCSP_response_get1_basic
.Fa "OCSP_RESPONSE *resp"
.Fc
.Sh DESCRIPTION
.Fn OCSP_RESPONSE_new
allocates and initializes an empty
.Vt OCSP_RESPONSE
object, representing an ASN.1
.Vt OCSPResponse
structure defined in RFC 6960.
.Fn OCSP_RESPONSE_free
frees
.Fa resp .
.Pp
.Fn OCSP_RESPBYTES_new
allocates and initializes an empty
.Vt OCSP_RESPBYTES
object, representing an ASN.1
.Vt ResponseBytes
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_RESPONSE .
.Fn OCSP_RESPBYTES_free
frees
.Fa respbytes .
.Pp
.Fn OCSP_BASICRESP_new
allocates and initializes an empty
.Vt OCSP_BASICRESP
object, representing an ASN.1
.Vt BasicOCSPResponse
structure defined in RFC 6960.
.Vt OCSP_RESPBYTES
contains the DER-encoded form of an
.Vt OCSP_BASICRESP
object.
.Fn OCSP_BASICRESP_free
frees
.Fa bs .
.Pp
.Fn OCSP_RESPDATA_new
allocates and initializes an empty
.Vt OCSP_RESPDATA
object, representing an ASN.1
.Vt ResponseData
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_BASICRESP .
.Fn OCSP_RESPDATA_free
frees
.Fa respdata .
.Pp
.Fn OCSP_RESPID_new
allocates and initializes an empty
.Vt OCSP_RESPID
object, representing an ASN.1
.Vt ResponderID
structure defined in RFC 6960.
Such an object is used inside
.Vt OCSP_RESPDATA .
.Fn OCSP_RESPID_free
frees
.Fa respid .
.Pp
.Fn OCSP_response_create
creates an
.Vt OCSP_RESPONSE
object for
.Fa status
and optionally including the basic response
.Fa bs .
.Pp
.Fn OCSP_response_status
returns the OCSP response status of
.Fa resp .
It returns one of the values
.Dv OCSP_RESPONSE_STATUS_SUCCESSFUL ,
.Dv OCSP_RESPONSE_STATUS_MALFORMEDREQUEST ,
.Dv OCSP_RESPONSE_STATUS_INTERNALERROR ,
.Dv OCSP_RESPONSE_STATUS_TRYLATER ,
.Dv OCSP_RESPONSE_STATUS_SIGREQUIRED ,
or
.Dv OCSP_RESPONSE_STATUS_UNAUTHORIZED .
.Pp
.Fn OCSP_response_get1_basic
decodes and returns the
.Vt OCSP_BASICRESP
object contained in
.Fa resp .
It is only called if the status of a response is
.Dv OCSP_RESPONSE_STATUS_SUCCESSFUL .
.Sh RETURN VALUES
.Fn OCSP_RESPONSE_new
and
.Fn OCSP_response_create
return a pointer to an
.Vt OCSP_RESPONSE
object or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_BASICRESP_new
and
.Fn OCSP_response_get1_basic
return a pointer to an
.Vt OCSP_BASICRESP
object or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_RESPBYTES_new ,
.Fn OCSP_RESPDATA_new ,
and
.Fn OCSP_RESPID_new
return a pointer to an empty
.Vt OCSP_RESPBYTES ,
.Vt OCSP_RESPDATA ,
or
.Vt OCSP_RESPID
object, respectively, or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_response_status
returns a status value.
.Sh SEE ALSO
.Xr OCSP_cert_to_id 3 ,
.Xr OCSP_request_add1_nonce 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr OCSP_resp_find_status 3 ,
.Xr OCSP_sendreq_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.2: Response Syntax
Added jni/libressl/man/OCSP_sendreq_new.3.
























































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
.\"	$OpenBSD: OCSP_sendreq_new.3,v 1.3 2016/12/06 14:54:55 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt OCSP_SENDREQ_NEW 3
.Os
.Sh NAME
.Nm OCSP_sendreq_new ,
.Nm OCSP_sendreq_nbio ,
.Nm OCSP_REQ_CTX_free ,
.Nm OCSP_REQ_CTX_add1_header ,
.Nm OCSP_REQ_CTX_set1_req ,
.Nm OCSP_sendreq_bio
.Nd OCSP responder query functions
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_REQ_CTX *
.Fo OCSP_sendreq_new
.Fa "BIO *io"
.Fa "const char *path"
.Fa "OCSP_REQUEST *req"
.Fa "int maxline"
.Fc
.Ft int
.Fo OCSP_sendreq_nbio
.Fa "OCSP_RESPONSE **presp"
.Fa "OCSP_REQ_CTX *rctx"
.Fc
.Ft void
.Fo OCSP_REQ_CTX_free
.Fa "OCSP_REQ_CTX *rctx"
.Fc
.Ft int
.Fo OCSP_REQ_CTX_add1_header
.Fa "OCSP_REQ_CTX *rctx"
.Fa "const char *name"
.Fa "const char *value"
.Fc
.Ft int
.Fo OCSP_REQ_CTX_set1_req
.Fa "OCSP_REQ_CTX *rctx"
.Fa "OCSP_REQUEST *req"
.Fc
.Ft OCSP_RESPONSE *
.Fo OCSP_sendreq_bio
.Fa "BIO *io"
.Fa "const char *path"
.Fa "OCSP_REQUEST *req"
.Fc
.Sh DESCRIPTION
The function
.Fn OCSP_sendreq_new
returns an
.Vt OCSP_REQ_CTX
structure using the responder
.Fa io ,
the URI path
.Fa path ,
the OCSP request
.Fa req
and with a response header maximum line length of
.Fa maxline .
If
.Fa maxline
is zero, a default value of 4k is used.
The OCSP request
.Fa req
may be set to
.Dv NULL
and provided later if required.
.Pp
The arguments to
.Fn OCSP_sendreq_new
correspond to the components of the URI.
For example, if the responder URI is
.Pa http://ocsp.com/ocspreq ,
the BIO
.Fa io
should be connected to host
.Pa ocsp.com
on port 80 and
.Fa path
should be set to
.Qq /ocspreq .
.Pp
.Fn OCSP_sendreq_nbio
performs non-blocking I/O on the OCSP request context
.Fa rctx .
When the operation is complete it returns the response in
.Pf * Fa presp .
If
.Fn OCSP_sendreq_nbio
indicates an operation should be retried, the corresponding BIO can
be examined to determine which operation (read or write) should be
retried and appropriate action can be taken, for example a
.Xr select 3
call on the underlying socket.
.Pp
.Fn OCSP_REQ_CTX_free
frees up the OCSP context
.Fa rctx .
.Pp
.Fn OCSP_REQ_CTX_add1_header
adds header
.Fa name
with value
.Fa value
to the context
.Fa rctx .
The added headers are of the form
.Qq Fa name : value
or just
.Qq Fa name
if
.Fa value
is
.Dv NULL .
.Fn OCSP_REQ_CTX_add1_header
can be called more than once to add multiple headers.
It must be called before any calls to
.Fn OCSP_sendreq_nbio .
The
.Fa req
parameter in the initial to
.Fn OCSP_sendreq_new
call must be set to
.Dv NULL
if additional headers are set.
.Pp
.Fn OCSP_REQ_CTX_set1_req
sets the OCSP request in
.Fa rctx
to
.Fa req .
This function should be called after any calls to
.Fn OCSP_REQ_CTX_add1_header .
.Pp
.Fn OCSP_sendreq_bio
performs an OCSP request using the responder
.Fa io ,
the URI path
.Fa path ,
the OCSP request
.Fa req .
It does not support retries and so cannot handle non-blocking I/O
efficiently.
It is retained for compatibility and its use in new applications
is not recommended.
.Sh RETURN VALUES
.Fn OCSP_sendreq_new
returns a valid
.Vt OCSP_REQ_CTX
structure or
.Dv NULL
if an error occurred.
.Pp
.Fn OCSP_sendreq_nbio
returns 1 if the operation was completed successfully,
-1 if the operation should be retried,
or 0 if an error occurred.
.Pp
.Fn OCSP_REQ_CTX_add1_header
and
.Fn OCSP_REQ_CTX_set1_req
return 1 for success or 0 for failure.
.Pp
.Fn OCSP_sendreq_bio
returns the
.Vt OCSP_RESPONSE
structure sent by the responder or
.Dv NULL
if an error occurred.
.Sh EXAMPLES
Add a Host header for
.Pa ocsp.com :
.Pp
.Dl OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
.Sh SEE ALSO
.Xr OCSP_cert_to_id 3 ,
.Xr OCSP_request_add1_nonce 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr OCSP_resp_find_status 3 ,
.Xr OCSP_response_status 3
.Sh CAVEATS
These functions only perform a minimal HTTP query to a responder.
If an application wishes to support more advanced features, it
should use an alternative, more complete, HTTP library.
.Pp
Currently only HTTP POST queries to responders are supported.
Changes to jni/libressl/man/OPENSSL_VERSION_NUMBER.3.
1

2
3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44

45
46
47
48

49
50
51
52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79



80
81
82
83
84
85
86
87

88

89

90
91
92
93
94
95
96
97
98


99
100
101
102
103
104
105
106
107
108
109
110
111
112

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130


131
132
133
134

135
136


137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

157
158


159
160
161
162
163
164
165
166


167

168

169
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "OPENSSL_VERSION_NUMBER 3"
.TH OPENSSL_VERSION_NUMBER 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"



OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version \- get OpenSSL version number
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/opensslv.h>
\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
\&
\& #include <openssl/crypto.h>

\& long SSLeay(void);

\& const char *SSLeay_version(int t);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier:
.PP
.Vb 1
\& MMNNFFPPS: major minor fix patch status
.Ve
.PP


The status nibble has one of the values 0 for development, 1 to e for betas
1 to 14, and f for release.
.PP
for example
.PP
.Vb 3
\& 0x000906000 == 0.9.6 dev
\& 0x000906023 == 0.9.6b beta 3
\& 0x00090605f == 0.9.6e release
.Ve
.PP
Versions prior to 0.9.3 have identifiers < 0x0930.
Versions between 0.9.3 and 0.9.5 had a version identifier with this
interpretation:

.PP
.Vb 1
\& MMNNFFRBB major minor fix final beta/patch
.Ve
.PP
for example
.PP
.Vb 2
\& 0x000904100 == 0.9.4 release
\& 0x000905000 == 0.9.5 dev
.Ve
.PP
Version 0.9.5a had an interim interpretation that is like the current one,
except the patch level got the highest bit set, to keep continuity.  The
number was therefore 0x0090581f.
.PP
For backward compatibility, \s-1SSLEAY_VERSION_NUMBER\s0 is also defined.
.PP


\&\fISSLeay()\fR returns this number. The return value can be compared to the
macro to make sure that the correct version of the library has been
loaded, especially when using DLLs on Windows systems.
.PP

\&\fISSLeay_version()\fR returns different strings depending on \fBt\fR:
.IP "\s-1SSLEAY_VERSION\s0" 4


.IX Item "SSLEAY_VERSION"
The text variant of the version number and the release date.  For example,
\&\*(L"OpenSSL 0.9.5a 1 Apr 2000\*(R".
.IP "\s-1SSLEAY_CFLAGS\s0" 4
.IX Item "SSLEAY_CFLAGS"
The compiler flags set for the compilation process in the form
\&\*(L"compiler: ...\*(R"  if available or \*(L"compiler: information not available\*(R"
otherwise.
.IP "\s-1SSLEAY_BUILT_ON\s0" 4
.IX Item "SSLEAY_BUILT_ON"
The date of the build process in the form \*(L"built on: ...\*(R" if available
or \*(L"built on: date not available\*(R" otherwise.
.IP "\s-1SSLEAY_PLATFORM\s0" 4
.IX Item "SSLEAY_PLATFORM"
The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R"
if available or \*(L"platform: information not available\*(R" otherwise.
.IP "\s-1SSLEAY_DIR\s0" 4
.IX Item "SSLEAY_DIR"
The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0
if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise.

.PP
For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned.


.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
The version number.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"


\&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and

OpenSSL.  \s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL.

\&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7.
|
>

|
<
|
|
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

>
|
<
|

>
|
|
|
<

>
|
|
|
|
|
<
<
<
<
<
|
|
|
|
|
|
<
<

>
|
<
<
<
<
|
|
>
>
>
|
|
<
<
|
|
<
|
>
|
>
|
>
|
|
|
|
<
<
|
|
<
>
>
|
|
|
|
<
|
|
|
|
|
|
|
|
|
>
|
<
<
<
<
|
|
<
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
|
>
|
<
>
>
|
|
|
<
|

|

<
|
|
|
<
|
|
|
<
|
|
|
>
|
|
>
>
|
<

|
<
|
|
|
>
>
|
>
|
>
|
1
2
3
4

5
6

7
8
9


10
11



12
13
14





15
16
17




18


19
20
21
22
23
24


25
26
27

28


29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44





45
46
47
48
49
50


51
52
53




54
55
56
57
58
59
60


61
62

63
64
65
66
67
68
69
70
71
72


73
74

75
76
77
78
79
80

81
82
83
84
85
86
87
88
89
90
91




92
93

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

112
113
114
115
116

117
118
119
120

121
122
123

124
125
126

127
128
129
130
131
132
133
134
135

136
137

138
139
140
141
142
143
144
145
146
147
.\"	$OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.3 2016/11/28 14:51:03 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000, 2002, 2014 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written

.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT





.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: November 28 2016 $
.Dt OPENSSL_VERSION_NUMBER 3




.Os
.Sh NAME
.Nm OPENSSL_VERSION_NUMBER ,
.Nm SSLeay ,
.Nm SSLeay_version
.Nd get OpenSSL version number
.Sh SYNOPSIS


.In openssl/opensslv.h
.Fd #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL

.In openssl/crypto.h
.Ft long
.Fn SSLeay void
.Ft const char *
.Fo SSLeay_version
.Fa "int t"
.Fc
.Sh DESCRIPTION
.Dv OPENSSL_VERSION_NUMBER
is a numeric release version identifier.


The first two digits contain the major release number,
the third and fourth digits the minor release number,

the fifth and sixth digits the fix release number,
the seventh and eight digits the patch release number.
The final digit is 0 for development, 1 to e for betas 1 to 14, or f
for release.
.Pp
For example:

.Bd -literal -offset indent
0x000906000 == 0.9.6 dev
0x000906023 == 0.9.6b beta 3
0x00090605f == 0.9.6e release
.Ed
.Pp
Versions prior to 0.9.3 had identifiers < 0x0930.
For versions between 0.9.3 and 0.9.5,
the seventh digit was 1 for release and 0 otherwise,
and the eighth and ninth digits were the patch release number.
.Pp




For example:
.Bd -literal

0x000904100 == 0.9.4 release
0x000905000 == 0.9.5 dev
.Ed
.Pp
Version 0.9.5a had an interim interpretation that is like the current
one, except the patch level got the highest bit set, to keep continuity.
The number was therefore 0x0090581f.
.Pp
For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
.Pp
.Fn SSLeay
returns this number.
The return value can be compared to the macro to make sure that the
correct version of the library has been loaded, especially when using
DLLs on Windows systems.
.Pp
.Fn SSLeay_version
returns different strings depending on

.Fa t :
.Bl -tag -width Ds
.It Dv SSLEAY_VERSION
The text variant of the version number and the release date.
For example, "OpenSSL 0.9.5a 1 Apr 2000".

.It Dv SSLEAY_CFLAGS
The compiler flags set for the compilation process in the form
"compiler: ..." if available or "compiler: information not available"
otherwise.

.It Dv SSLEAY_BUILT_ON
The date of the build process in the form "built on: ..." if available
or "built on: date not available" otherwise.

.It Dv SSLEAY_PLATFORM
The "Configure" target of the library build in the form "platform: ..."
if available or "platform: information not available" otherwise.

.It Dv SSLEAY_DIR
The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR:
"..."" if available or "OPENSSLDIR: N/A" otherwise.
.El
.Pp
For an unknown
.Fa t ,
the text "not available" is returned.
.Sh RETURN VALUES

The version number.
.Sh SEE ALSO

.Xr crypto 3
.Sh HISTORY
.Fn SSLeay
and
.Dv SSLEAY_VERSION_NUMBER
are available in all versions of SSLeay and OpenSSL.
.Dv OPENSSL_VERSION_NUMBER
is available in all versions of OpenSSL.
.Dv SSLEAY_DIR
was added in OpenSSL 0.9.7.
Added jni/libressl/man/OPENSSL_cleanse.3.








































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
.\"	$OpenBSD: OPENSSL_cleanse.3,v 1.2 2016/11/29 21:29:19 jmc Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 29 2016 $
.Dt OPENSSL_CLEANSE 3
.Os
.Sh NAME
.Nm OPENSSL_cleanse
.Nd OpenSSL memory cleaning operation
.Sh SYNOPSIS
.In openssl/crypto.h
.Ft void
.Fo OPENSSL_cleanse
.Fa "void *ptr"
.Fa "size_t len"
.Fc
.Sh DESCRIPTION
Do not use the interface documented here.
It is provided purely for compatibility with legacy application code.
.Pp
.Fn OPENSSL_cleanse
has the same semantics as, and is a wrapper around,
.Xr explicit_bzero 3 .
Changes to jni/libressl/man/OPENSSL_config.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19


20
21
22
23
24
25
26

27
28
29
30
31

32
33
34
35
36
37
38


39
40
41
42
43


44
45
46
47

48
49
50
51
52

53

54


55
56
57
58
59

60
61
62
63
64

65
66

67
68
69


70
71
72
73


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98


99
100

101

102

103
104
105

106
107



108
109

110
111
112
















113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

130






131








132







133

134
135
136
137
138



139
140
141
142
143
144
145
146
147
148
149
150

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left


.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p


.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}


.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '

.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.

.\"

.\" Avoid warning from groff about undefined register 'F'.


.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{

.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{

.            nr % 0
.            nr F 2

.        \}
.    \}
.\}


.rr rF
.\" ========================================================================
.\"
.IX Title "OPENSSL_config 3"


.TH OPENSSL_config 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/conf.h>
\&
\& void OPENSSL_config(const char *config_name);
\& void OPENSSL_no_config(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR
configuration file name using \fBconfig_name\fR. If \fBconfig_name\fR is \s-1NULL\s0 then
the default name \fBopenssl_conf\fR will be used. Any errors are ignored. Further
calls to \fIOPENSSL_config()\fR will have no effect. The configuration file format
is documented in the \fIconf\fR\|(5) manual page.
.PP
\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR
no configuration takes place.


.SH "NOTES"
.IX Header "NOTES"

It is \fBstrongly\fR recommended that \fBall\fR new applications call \fIOPENSSL_config()\fR

or the more sophisticated functions such as \fICONF_modules_load()\fR during

initialization (that is before starting any threads). By doing this
an application does not need to keep track of all configuration options
and some new functionality can be supported automatically.

.PP
It is also possible to automatically call \fIOPENSSL_config()\fR when an application



calls \fIOPENSSL_add_all_algorithms()\fR by compiling an application with the
preprocessor symbol \fB\s-1OPENSSL_LOAD_CONF\s0\fR #define'd. In this way configuration

can be added without source changes.
.PP
The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be set to specify the location
















of the configuration file.
.PP
Currently \s-1ASN1\s0 OBJECTs and \s-1ENGINE\s0 configuration can be performed future
versions of OpenSSL will add new configuration options.
.PP
There are several reasons why calling the OpenSSL configuration routines is
advisable. For example new \s-1ENGINE\s0 functionality was added to OpenSSL 0.9.7.
In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
However very few applications currently support the control interface and so
very few can load and use dynamic ENGINEs. Equally in future more sophisticated
ENGINEs will require certain control operations to customize them. If an
application calls \fIOPENSSL_config()\fR it doesn't need to know or care about
\&\s-1ENGINE\s0 control operations because they can be performed by editing a
configuration file.
.PP
Applications should free up configuration at application closedown by calling

\&\fICONF_modules_free()\fR.






.SH "RESTRICTIONS"








.IX Header "RESTRICTIONS"







The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and

forget it\*(R" function. As a result its behaviour is somewhat limited. It ignores
all errors silently and it can only load from the standard configuration file
location for example.
.PP
It is however \fBmuch\fR better than nothing. Applications which need finer



control over their configuration functionality should use the configuration
functions such as \fICONF_load_modules()\fR directly.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIconf\fR\|(5), \fICONF_load_modules_file\fR\|(3),
\&\fICONF_modules_free\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIOPENSSL_config()\fR and \fIOPENSSL_no_config()\fR first appeared in OpenSSL 0.9.7

|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
>
>
|
|
|
|
|
|
|
>
|
|
<
<
|
>
|
|
|
|
|
|
|
>
>
|
|
|
|
|
>
>

<
<
|
>
|
<
|
|
|
>
|
>
|
>
>
|
|
|
|
|
>
|
|
<
|
<
>
|
<
>
|
|
|
>
>
|
<
<
|
>
>
|
|
<
|
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<

>
>
|
|
>
|
>
|
>
|
|
|
>
|
|
>
>
>
|
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
|
<
|
|
|
>
|
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
>
|
|
|
|
|
>
>
>
|
<
<
<
<
<
<
<
|
<
<
<
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21
22
23
24
25
26
27
28
29
30
31


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

71

72
73

74
75
76
77
78
79
80


81
82
83
84
85

86








87











88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129











130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169







170



171
.\"	$OpenBSD: OPENSSL_config.3,v 1.5 2016/12/11 18:06:09 schwarze Exp $
.\"	OpenSSL ab6577a4 May 14 21:07:51 2014 +0100
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2004, 2005 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: December 11 2016 $
.Dt OPENSSL_CONFIG 3
.Os

.Sh NAME
.Nm OPENSSL_config ,
.Nm OPENSSL_no_config
.Nd simple OpenSSL configuration functions
.Sh SYNOPSIS
.In openssl/conf.h
.Ft void
.Fo OPENSSL_config
.Fa "const char *config_name"
.Fc
.Ft void
.Fn OPENSSL_no_config void
.Sh DESCRIPTION
.Fn OPENSSL_config
configures OpenSSL using the standard
.Xr openssl.cnf 5
configuration file name using

.Fa config_name .

If
.Fa config_name

is
.Dv NULL
then the default name
.Sy openssl_conf
will be used.
Any errors are ignored.
Further calls to


.Fn OPENSSL_config
will have no effect.
.Pp
.Fn OPENSSL_no_config
disables configuration.

If called before








.Fn OPENSSL_config ,











no configuration takes place.
.Pp
It is
.Sy strongly
recommended that
.Sy all
new applications call
.Fn OPENSSL_config
or the more sophisticated functions such as
.Xr CONF_modules_load 3
during initialization (that is before starting any threads).
By doing this, an application does not need to keep track of all
configuration options and some new functionality can be supported
automatically.
.Pp
It is also possible to automatically call
.Fn OPENSSL_config
when an application calls
.Xr OPENSSL_add_all_algorithms 3
by compiling an application with the preprocessor symbol
.Dv OPENSSL_LOAD_CONF
#define'd.
In this way configuration can be added without source changes.
.Pp
The environment variable
.Ev OPENSSL_CONF
can be set to specify the location of the configuration file.
.Pp
Currently ASN.1 OBJECT and ENGINE configuration can be performed.
.Pp
There are several reasons why calling the OpenSSL configuration routines
is advisable.
For example new ENGINE functionality was added to OpenSSL 0.9.7.
In OpenSSL 0.9.7 control functions can be supported by ENGINEs which can be
used (among other things) to load dynamic ENGINEs from shared libraries
(DSOs).
However very few applications currently support the control interface
and so very few can load and use dynamic ENGINEs.
Equally in future more sophisticated ENGINEs will require certain
control operations to customize them.
If an application calls
.Fn OPENSSL_config











it doesn't need to know or care about ENGINE control operations because

they can be performed by editing a configuration file.
.Pp
Applications should free up configuration at application closedown by
calling
.Xr CONF_modules_free 3 .
.Sh RETURN VALUES
Neither
.Fn OPENSSL_config
nor
.Fn OPENSSL_no_config
return a value.
.Sh FILES
.Bl -tag -width /etc/ssl/openssl.cnf -compact
.It Pa /etc/ssl/openssl.cnf
standard configuration file
.El
.Sh SEE ALSO
.Xr CONF_modules_free 3 ,
.Xr CONF_modules_load 3 ,
.Xr openssl.cnf 5
.Sh HISTORY
.Fn OPENSSL_config
and
.Fn OPENSSL_no_config
first appeared in OpenSSL 0.9.7.
.Sh CAVEATS
The
.Fn OPENSSL_config
function is designed to be a very simple "call it and forget it"
function.
As a result its behaviour is somewhat limited.
It ignores all errors silently and it can only load from the standard
configuration file location for example.
.Pp
It is however
.Sy much
better than nothing.
Applications which need finer control over their configuration
functionality should use the configuration functions such as







.Xr CONF_modules_load 3



directly.
Changes to jni/libressl/man/OPENSSL_load_builtin_modules.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53











54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79



80
81
82
83
84
85

86

87

88
89
90
91
92
93

94
95
96

97
98

99
100
101


102

103
104

105


106
107
108

109
110
111
112
113
114
115
116
117
118
119
120
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch

.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"











.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "OPENSSL_load_builtin_modules 3"
.TH OPENSSL_load_builtin_modules 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"



OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/conf.h>
\&

\& void OPENSSL_load_builtin_modules(void);

\& void ASN1_add_oid_module(void);

\& ENGINE_add_conf_module();
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL
configuration modules to the internal list. They can then be used by the

OpenSSL configuration code.
.PP
\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module.

.PP
\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module.

.SH "NOTES"
.IX Header "NOTES"
If the simple configuration function \fIOPENSSL_config()\fR is called then


\&\fIOPENSSL_load_builtin_modules()\fR is called automatically.

.PP
Applications which use the configuration functions directly will need to

call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other


configuration code.
.PP
Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all

configuration modules instead of adding modules selectively: otherwise
functionality may be missing from the application if an when new
modules are added.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
None of the functions return a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIconf\fR\|(3), \fIOPENSSL_config\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions first appeared in OpenSSL 0.9.7.
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
<
<
<
>
<
|
|
<
<
<
<
<
<
<
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

>
|
<
<
<
<
|
|
>
>
>
|
|
<
<
|
<
>
|
>
|
>
|
<
|
|
|
|
>
|
|
|
>
|
|
>
|
<
|
>
>
|
>
|

>
|
>
>
|
|
|
>
|
|
|
<
<
<
|
<
|
|
<

1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23





24

25
26








27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

















50
51
52




53
54
55
56
57
58
59


60

61
62
63
64
65
66

67
68
69
70
71
72
73
74
75
76
77
78
79

80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97



98

99
100

101
.\"	$OpenBSD: OPENSSL_load_builtin_modules.3,v 1.4 2016/11/28 15:08:58 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2004, 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"





.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact








.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

















.\"
.Dd $Mdocdate: November 28 2016 $
.Dt OPENSSL_LOAD_BUILTIN_MODULES 3




.Os
.Sh NAME
.Nm OPENSSL_load_builtin_modules ,
.Nm ASN1_add_oid_module ,
.Nm ENGINE_add_conf_module
.Nd add standard configuration modules
.Sh SYNOPSIS


.In openssl/conf.h

.Ft void
.Fn OPENSSL_load_builtin_modules void
.Ft void
.Fn ASN1_add_oid_module void
.Ft void
.Fn ENGINE_add_conf_module void

.Sh DESCRIPTION
The function
.Fn OPENSSL_load_builtin_modules
adds all the standard OpenSSL configuration modules to the internal
list.
They can then be used by the OpenSSL configuration code.
.Pp
.Fn ASN1_add_oid_module
adds just the ASN.1 OBJECT module.
.Pp
.Fn ENGINE_add_conf_module
adds just the ENGINE configuration module.
.Pp

If the simple configuration function
.Xr OPENSSL_config 3
is called then
.Fn OPENSSL_load_builtin_modules
is called automatically.
.Pp
Applications which use the configuration functions directly will need to
call
.Fn OPENSSL_load_builtin_modules
themselves
.Em before
any other configuration code.
.Pp
Applications should call
.Fn OPENSSL_load_builtin_modules
to load all configuration modules instead of adding modules selectively:
otherwise functionality may be missing from the application when
new modules are added.



.Sh SEE ALSO

.Xr OPENSSL_config 3
.Sh HISTORY

These functions first appeared in OpenSSL 0.9.7.
Added jni/libressl/man/OPENSSL_malloc.3.
















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
.\"	$OpenBSD: OPENSSL_malloc.3,v 1.4 2016/11/29 21:29:19 jmc Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 29 2016 $
.Dt OPENSSL_MALLOC 3
.Os
.Sh NAME
.Nm OPENSSL_malloc ,
.Nm OPENSSL_realloc ,
.Nm OPENSSL_free ,
.Nm OPENSSL_strdup ,
.Nm CRYPTO_malloc ,
.Nm CRYPTO_realloc ,
.Nm CRYPTO_free ,
.Nm CRYPTO_strdup
.Nd legacy OpenSSL memory allocation wrappers
.Sh SYNOPSIS
.In openssl/crypto.h
.Ft void *
.Fo OPENSSL_malloc
.Fa "size_t num"
.Fc
.Ft void *
.Fo OPENSSL_realloc
.Fa "void *addr"
.Fa "size_t num"
.Fc
.Ft void
.Fo OPENSSL_free
.Fa "void *addr"
.Fc
.Ft char *
.Fo OPENSSL_strdup
.Fa "const char *str"
.Fc
.Ft void *
.Fo CRYPTO_malloc
.Fa "size_t num"
.Fa "const char *file"
.Fa "int line"
.Fc
.Ft void *
.Fo CRYPTO_realloc
.Fa "void *p"
.Fa "size_t num"
.Fa "const char *file"
.Fa "int line"
.Fc
.Ft void
.Fo CRYPTO_free
.Fa "void *str"
.Fa "const char *"
.Fa int
.Fc
.Ft char *
.Fo CRYPTO_strdup
.Fa "const char *p"
.Fa "const char *file"
.Fa "int line"
.Fc
.Sh DESCRIPTION
Do not use any of the interfaces documented here in new code.
They are provided purely for compatibility with legacy application code.
.Pp
All 8 of these functions are wrappers around the corresponding
standard
.Xr malloc 3 ,
.Xr realloc 3 ,
.Xr free 3 ,
and
.Xr strdup 3
functions.
.Sh RETURN VALUES
These functions return the same type and value as the corresponding
standard functions.
Changes to jni/libressl/man/OpenSSL_add_all_algorithms.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44







45
46
47
48
49
50
51
52
53
54
55


56
57



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

89
90

91
92
93
94
95
96

97




98
99
100




101






102
103
104
105
106
107
108
109
110
111
112
113
114
115


116
117
118
119

120
121

122
123

124
125

126

127



128
129

130
131
132
133
134
135
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"







.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0



.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
.TH OpenSSL_add_all_algorithms 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \-
add algorithms to internal table
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& void OpenSSL_add_all_algorithms(void);
\& void OpenSSL_add_all_ciphers(void);

\& void OpenSSL_add_all_digests(void);
\&

\& void EVP_cleanup(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR.

.PP




\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table.
.PP
\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and




ciphers).






.PP
\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including
password based encryption algorithms.
.PP
\&\fIEVP_cleanup()\fR removes all ciphers and digests from the table.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
None of the functions return a value.
.SH "NOTES"
.IX Header "NOTES"
A typical application will call \fIOpenSSL_add_all_algorithms()\fR initially and
\&\fIEVP_cleanup()\fR before exiting.
.PP
An application does not need to add algorithms to use them explicitly, for


example by \fIEVP_sha1()\fR. It just needs to add them if it (or any of the functions
it calls) needs to lookup algorithms.
.PP
The cipher and digest lookup functions are used in many parts of the library.

If the table is not initialized several functions will misbehave and complain
they cannot find algorithms. This includes the \s-1PEM,\s0 PKCS#12, \s-1SSL\s0 and S/MIME

libraries.  This is a common query in the OpenSSL mailing lists.
.PP

Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a
statically linked executable can be quite large. If this is important it is

possible to just add the required ciphers and digests.

.SH "BUGS"



.IX Header "BUGS"
Although the functions do not return error codes it is possible for them to

fail.  This will only happen as a result of a memory allocation failure so this
is not too much of a problem in practice.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIEVP_DigestInit\fR\|(3),
\&\fIEVP_EncryptInit\fR\|(3)
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
|
|
|
|
<
<
<
<
|
<
|
<
<

>
>
>
>
>
>
>
|
|
|
|
<
<
<
|

<
<
>
>
|
|
>
>
>
|
|
|
<
<
|
<
<
<
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
>
|
<
>
|
<
|
<
|
|
>
|
>
>
>
>
|
|
|
>
>
>
>
|
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
>
>
|
|
|
|
>
|
|
>
|
|
>
|
|
>
|
>
|
>
>
>
|
|
>
|

<
<
<
<
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34




35

36


37
38
39
40
41
42
43
44
45
46
47
48



49
50


51
52
53
54
55
56
57
58
59
60


61





62



63













64
65
66
67

68
69

70

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93












94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121




.\"	$OpenBSD: OpenSSL_add_all_algorithms.3,v 1.4 2016/11/28 16:40:27 schwarze Exp $
.\"	OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2003, 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:




.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED



.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 28 2016 $
.Dt OPENSSL_ADD_ALL_ALGORITHMS 3
.Os
.Sh NAME
.Nm OpenSSL_add_all_algorithms ,
.Nm OpenSSL_add_all_ciphers ,
.Nm OpenSSL_add_all_digests ,
.Nm EVP_cleanup
.Nd add algorithms to internal table
.Sh SYNOPSIS


.In openssl/evp.h





.Ft void



.Fn OpenSSL_add_all_algorithms void













.Ft void
.Fn OpenSSL_add_all_ciphers void
.Ft void
.Fn OpenSSL_add_all_digests void

.Ft void
.Fn EVP_cleanup void

.Sh DESCRIPTION

OpenSSL keeps an internal table of digest algorithms and ciphers.
It uses this table to look up ciphers via functions such as
.Xr EVP_get_cipherbyname 3 .
.Pp
.Fn OpenSSL_add_all_algorithms
adds all algorithms to the table (digests and ciphers).
.Pp
.Fn OpenSSL_add_all_digests
adds all digest algorithms to the table.
.Pp
.Fn OpenSSL_add_all_ciphers
adds all encryption algorithms to the table including password based
encryption algorithms.
.Pp
.Fn EVP_cleanup
removes all ciphers and digests from the table.
.Pp
A typical application will call
.Fn OpenSSL_add_all_algorithms
initially and
.Fn EVP_cleanup
before exiting.
.Pp












An application does not need to add algorithms to use them explicitly,
for example by
.Xr EVP_sha1 3 .
It just needs to add them if it (or any of the functions it calls) needs
to look up algorithms.
.Pp
The cipher and digest lookup functions are used in many parts of the
library.
If the table is not initialized, several functions will misbehave and
complain they cannot find algorithms.
This includes the PEM, PKCS#12, SSL and S/MIME libraries.
This is a common query in the OpenSSL mailing lists.
.Pp
Calling
.Fn OpenSSL_add_all_algorithms
links in all algorithms: as a result a statically linked executable can
be quite large.
If this is important, it is possible to just add the required ciphers and
digests.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_EncryptInit 3
.Sh BUGS
Although the functions do not return error codes, it is possible for them
to fail.
This will only happen as a result of a memory allocation failure so this
is not too much of a problem in practice.




Added jni/libressl/man/PEM_read.3.




















































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
.\"	$OpenBSD: PEM_read.3,v 1.2 2016/11/29 07:29:52 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Viktor Dukhovni
.\" and by Rich Salz <rsalz@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 29 2016 $
.Dt PEM_READ 3
.Os
.Sh NAME
.Nm PEM_write ,
.Nm PEM_write_bio ,
.Nm PEM_read ,
.Nm PEM_read_bio ,
.Nm PEM_do_header ,
.Nm PEM_get_EVP_CIPHER_INFO
.Nd PEM encoding routines
.Sh SYNOPSIS
.In openssl/pem.h
.Ft int
.Fo PEM_write
.Fa "FILE *fp"
.Fa "char *name"
.Fa "char *header"
.Fa "unsigned char *data"
.Fa "long len"
.Fc
.Ft int
.Fo PEM_write_bio
.Fa "BIO *bp"
.Fa "const char *name"
.Fa "char *header"
.Fa "unsigned char *data"
.Fa "long len"
.Fc
.Ft int
.Fo PEM_read
.Fa "FILE *fp"
.Fa "char **name"
.Fa "char **header"
.Fa "unsigned char **data"
.Fa "long *len"
.Fc
.Ft int
.Fo PEM_read_bio
.Fa "BIO *bp"
.Fa "char **name"
.Fa "char **header"
.Fa "unsigned char **data"
.Fa "long *len"
.Fc
.Ft int
.Fo PEM_get_EVP_CIPHER_INFO
.Fa "char *header"
.Fa "EVP_CIPHER_INFO *cinfo"
.Fc
.Ft int
.Fo PEM_do_header
.Fa "EVP_CIPHER_INFO *cinfo"
.Fa "unsigned char *data"
.Fa "long *len"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Sh DESCRIPTION
These functions read and write PEM-encoded objects, using the PEM type
.Fa name ,
any additional
.Fa header
information, and the raw
.Fa data
of length
.Fa len .
.Pp
PEM is the binary content encoding first defined in IETF RFC 1421.
The content is a series of base64-encoded lines, surrounded by
begin/end markers each on their own line.
For example:
.Bd -literal -offset indent
-----BEGIN PRIVATE KEY-----
MIICdg....
\&... bhTQ==
-----END PRIVATE KEY-----
.Ed
.Pp
Optional header line(s) may appear after the begin line, and their
existence depends on the type of object being written or read.
.Pp
.Fn PEM_write
writes to the file
.Fa fp ,
while
.Fn PEM_write_bio
writes to the BIO
.Fa bp .
The
.Fa name
is the name to use in the marker, the
.Fa header
is the header value or
.Dv NULL ,
and
.Fa data
and
.Fa len
specify the data and its length.
.Pp
The final
.Fa data
buffer is typically an ASN.1 object which can be decoded with the
.Fn d2i_*
function appropriate to the type
.Fa name ;
see
.Xr d2i_X509 3
for examples.
.Pp
.Fn PEM_read
reads from the file
.Fa fp ,
while
.Fn PEM_read_bio
reads from the BIO
.Fa bp .
Both skip any non-PEM data that precedes the start of the next PEM
object.
When an object is successfully retrieved, the type name from the
"----BEGIN <type>-----" is returned via the
.Fa name
argument, any encapsulation headers are returned in
.Fa header ,
and the base64-decoded content and its length are returned via
.Fa data
and
.Fa len ,
respectively.
The
.Fa name ,
.Fa header ,
and
.Fa data
pointers should be freed by the caller when no longer needed.
.Pp
The remaining functions are deprecated because the underlying PEM
encryption format is obsolete and should be avoided.
It uses an encryption format with an OpenSSL-specific key-derivation
function, which employs MD5 with an iteration count of 1.
Instead, private keys should be stored in PKCS#8 form, with a strong
PKCS#5 v2.0 PBE; see
.Xr PEM_write_PrivateKey 3
and
.Xr d2i_PKCS8PrivateKey_bio 3 .
.Pp
.Fn PEM_get_EVP_CIPHER_INFO
can be used to determine the
.Fa data
returned by
.Fn PEM_read
or
.Fn PEM_read_bio
is encrypted and to retrieve the associated cipher and IV.
The caller passes a pointer to a structure of type
.Vt EVP_CIPHER_INFO
via the
.Fa cinfo
argument and the
.Fa header
returned via
.Fn PEM_read
or
.Fn PEM_read_bio .
If the call is successful, 1 is returned and the cipher and IV are
stored at the address pointed to by
.Fa cinfo .
When the header is malformed or not supported or when the cipher is
unknown or some internal error happens, 0 is returned.
.Pp
.Fn PEM_do_header
can then be used to decrypt the data if the header indicates encryption.
The
.Fa cinfo
argument is a pointer to the structure initialized by the previous call
to
.Fn PEM_get_EVP_CIPHER_INFO .
The
.Fa data
and
.Fa len
arguments are those returned by the previous call to
.Fn PEM_read
or
.Fn PEM_read_bio .
The
.Fa cb
and
.Fa u
arguments make it possible to override the default password prompt
function as described in
.Xr PEM_read_PrivateKey 3 .
On successful completion, the
.Fa data
is decrypted in place, and
.Fa len
is updated to indicate the plaintext length.
.Pp
If the data is a priori known to not be encrypted, then neither
.Fn PEM_do_header
nor
.Fn PEM_get_EVP_CIPHER_INFO
need to be called.
.Sh RETURN VALUES
.Fn PEM_read
and
.Fn PEM_read_bio
return 1 on success or 0 on failure.
The latter includes the case when no more PEM objects remain in the
input file.
To distinguish end of file from more serious errors, the caller
must peek at the error stack and check for
.Dv PEM_R_NO_START_LINE ,
which indicates that no more PEM objects were found.
See
.Xr ERR_peek_last_error 3
and
.Xr ERR_GET_REASON 3 .
.Pp
.Fn PEM_get_EVP_CIPHER_INFO
and
.Fn PEM_do_header
return 1 on success or 0 on failure.
The
.Fa data
is likely meaningless if these functions fail.
.Sh SEE ALSO
.Xr d2i_PKCS8PrivateKey_bio 3 ,
.Xr ERR_GET_LIB 3 ,
.Xr ERR_peek_last_error 3
Added jni/libressl/man/PEM_read_SSL_SESSION.3.














































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
.\"	$OpenBSD: PEM_read_SSL_SESSION.3,v 1.1 2016/11/28 21:05:21 schwarze Exp $
.\"	OpenSSL doc/man3/PEM_read_CMS.pod b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Rich Salz <rsalz@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 28 2016 $
.Dt PEM_READ_SSL_SESSION 3
.Os
.Sh NAME
.Nm PEM_read_SSL_SESSION ,
.Nm PEM_read_bio_SSL_SESSION ,
.Nm PEM_write_SSL_SESSION ,
.Nm PEM_write_bio_SSL_SESSION
.Nd encode and decode SSL session objects in PEM format
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL_SESSION *
.Fo PEM_read_SSL_SESSION
.Fa "FILE *fp"
.Fa "SSL_SESSION **a"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft SSL_SESSION *
.Fo PEM_read_bio_SSL_SESSION
.Fa "BIO *bp"
.Fa "SSL_SESSION **a"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_SSL_SESSION
.Fa "FILE *fp"
.Fa "const SSL_SESSION *a"
.Fc
.Ft int
.Fo PEM_write_bio_SSL_SESSION
.Fa "BIO *bp"
.Fa "const SSL_SESSION *a"
.Fc
.Sh DESCRIPTION
These routines convert between local instances of ASN.1
.Vt SSL_SESSION
objects and the PEM encoding.
.Pp
.Fn PEM_read_SSL_SESSION
reads a PEM-encoded
.Vt SSL_SESSION
object from the file
.Fa fp
and returns it.
The
.Fa cb
and
.Fa u
parameters are as described in
.Xr PEM_read_bio_PrivateKey 3 .
.Pp
.Fn PEM_read_bio_SSL_SESSION
is similar to
.Fn PEM_read_SSL_SESSION
but reads from the BIO
.Fa bp .
.Pp
.Fn PEM_write_SSL_SESSION
writes the PEM encoding of the object
.Fa a
to the file
.Fa fp .
.Pp
.Fn PEM_write_bio_SSL_SESSION
similarly writes to the BIO
.Fa bp .
.Sh RETURN VALUES
.Fn PEM_read_SSL_SESSION
and
.Fn PEM_read_bio_SSL_SESSION
return a pointer to an allocated object, which should be released by
calling
.Xr SSL_SESSION_free 3 ,
or
.Dv NULL
on error.
.Pp
.Fn PEM_write_SSL_SESSION
and
.Fn PEM_write_bio_SSL_SESSION
return the number of bytes written or 0 on error.
.Sh SEE ALSO
.Xr PEM_read 3
Changes to jni/libressl/man/PEM_read_bio_PrivateKey.3.
1

2
3
4
5
6
7
8


9
10


11




12




13



14
15



16




17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35


36

37
38
39



















40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58




















59
60
61
62
63
64
65
66
67
68
69
70
71
72



73











74
75
76



77
78





79


80









81









82
83
84









85
86
87
88
89
90
91
92
93
94
95



96
97
98
99


100
101









102


103

104


105
106
107

108


109
110



111


112
113



114



115








116
117




118
119

120
121



122



123
124
125
126
127







128
129
130
131
132
133

134
135
136
137
138
139
140

141
142
143



144




145
146




147


148
149



150


151
152



153




154
155
156



157



158

159
160



161


162
163



164


165
166



167
168




169
170




171


172
173



174


175
176



177
178




179
180




181


182
183



184


185
186



187



188

189
190



191



192

193
194



195


196
197



198


199
200



201
202




203
204




205
206


207
208










209
210




211
212




213
214


215
216



217
218
219
220
221
222

223
224


225
226
227
228
229
230


231
232
233
234
235
236



237


238
239



240


241
242














243
244






245
246




247
248
249
250
251




252




253




254




255
256
257

258
259






260
261



262
263




264
265




266
267


268
269



270
271


272
273



274
275




276
277
278
279
280
281
282
283

284
285
286
287
288
289






290


291

292
293
294











295
296




297

298
299
300
301
302

303
304


305

306




307
308
309
310


311
312
313






314











315
316
317
318


319
320
321





322






323
324
325
326
327



328
329
330
331


















332
333
334
335
336



337






338
339


340

341
342
343
344
345


346



347


348


349
350
351
352
353

354
355
356
357

358

359



360



361
362









363
364
365
366


367
368







369






370
371
372





373
374




375



376


377
378
379

380
381
382
383

384
385


386
387
388


389


390





391







392



393
394
395




396



397


398


399
400
401
402
403
404
405
406






407























408
409







410

411
412
413
414
415
416
417
418
419
420


421
422
423
424
425

426







427
428
429

430
431
432
433
434
435

436



437



438



439
440
441
442
443
444
445



446
447
448
449
450


451
452
453

454




455

456
457
458
459

460

461
462


463


464

465
466
467
468


469

470


471
472
473

474
475
476

477

478
479
480

481
482



483

484
485






486
487
488
489
490
491
492
493
494



495
496
497
498

499


500

501
502


503
504
505

506
507
508
509
510
511
512

513
514
515

516

517
518
519
520
521

522
523



524

525
526

527




528
529
530
531

532
533
534
535
536
537
538
539
540
541
542
543
544
545





546








547




548


549
550
551
552
553

554
555
556
557
558
559
560
561


562
563

564
565












































566






567


568
569
570



571

572
573
574
575

576



577


578
579
580









581

582















583


584



585


















586


587
588
589
590
591

592
593











.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R



.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}


.el\{\

.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``



















.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1




















.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"



.IX Title "PEM_read_bio_PrivateKey 3"











.TH PEM_read_bio_PrivateKey 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.



.if n .ad l
.nh





.SH "NAME"


PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,









PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,









PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,









PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,



PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,


PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,









PEM_write_NETSCAPE_CERT_SEQUENCE \- PEM routines


.SH "SYNOPSIS"

.IX Header "SYNOPSIS"


.Vb 1
\& #include <openssl/pem.h>
\&

\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,



\&                                        unsigned char *kstr, int klen,








\&                                        pem_password_cb *cb, void *u);
\&




\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
\&                                        unsigned char *kstr, int klen,

\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,



\&                                        char *kstr, int klen,
\&                                        pem_password_cb *cb, void *u);
\&
\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
\&                                        char *kstr, int klen,







\&                                        pem_password_cb *cb, void *u);
\&
\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
\&                                        char *kstr, int klen,
\&                                        pem_password_cb *cb, void *u);
\&

\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
\&                                        char *kstr, int klen,
\&                                        pem_password_cb *cb, void *u);
\&
\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
\&                                        pem_password_cb *cb, void *u);
\&

\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);




\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
\&




\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,




\&                                        unsigned char *kstr, int klen,
\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,



\&                                        unsigned char *kstr, int klen,

\&                                        pem_password_cb *cb, void *u);
\&



\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
\&




\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
\&




\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
\&




\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
\&




\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,



\&                                        unsigned char *kstr, int klen,

\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,



\&                                        unsigned char *kstr, int klen,

\&                                        pem_password_cb *cb, void *u);
\&



\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
\&




\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
\&




\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
\&


\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
\&










\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
\&




\& int PEM_write_DSAparams(FILE *fp, DSA *x);
\&




\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
\&


\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_DHparams(BIO *bp, DH *x);
\&
\& int PEM_write_DHparams(FILE *fp, DH *x);
\&
\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
\&

\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
\&


\& int PEM_write_bio_X509(BIO *bp, X509 *x);
\&
\& int PEM_write_X509(FILE *fp, X509 *x);
\&
\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
\&


\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
\&
\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
\&
\& int PEM_write_X509_AUX(FILE *fp, X509 *x);
\&



\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,


\&                                        pem_password_cb *cb, void *u);
\&



\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,


\&                                        pem_password_cb *cb, void *u);
\&














\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
\&






\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
\&




\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
\&
\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
\&
\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,




\&                                        pem_password_cb *cb, void *u);




\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,




\&                                        pem_password_cb *cb, void *u);




\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
\&

\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
\&






\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
\&




\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
\&




\& NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
\&                                                NETSCAPE_CERT_SEQUENCE **x,


\&                                                pem_password_cb *cb, void *u);
\&



\& NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
\&                                                NETSCAPE_CERT_SEQUENCE **x,


\&                                                pem_password_cb *cb, void *u);
\&



\& int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x);
\&




\& int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In
this sense \s-1PEM\s0 format is simply base64 encoded data surrounded
by header lines.
.PP

For more details about the meaning of arguments see the
\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section.
.PP
Each operation has four functions associated with it. For
clarity the term "\fBfoobar\fR functions" will be used to collectively
refer to the \fIPEM_read_bio_foobar()\fR, \fIPEM_read_foobar()\fR,






\&\fIPEM_write_bio_foobar()\fR and \fIPEM_write_foobar()\fR functions.


.PP

The \fBPrivateKey\fR functions read or write a private key in
\&\s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The write routines use
\&\*(L"traditional\*(R" private key format and can handle both \s-1RSA\s0 and \s-1DSA\s0











private keys. The read functions can additionally transparently
handle PKCS#8 format encrypted and unencrypted keys too.




.PP

\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR
write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8
EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
algorithms. The \fBcipher\fR argument specifies the encryption algorithm to
use: unlike all other \s-1PEM\s0 routines the encryption is applied at the

PKCS#8 level and not in the \s-1PEM\s0 headers. If \fBcipher\fR is \s-1NULL\s0 then no
encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.


.PP

\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR




also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the
corresponding \s-1OBJECT IDENTIFIER \s0(see \s-1NOTES\s0 section).


.PP
The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0
structure. The public key is encoded as a SubjectPublicKeyInfo






structure.











.PP
The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an
\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
functions but an error occurs if the private key is not \s-1RSA.\s0


.PP
The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an
\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey





structure.






.PP
The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using
an \s-1RSA\s0 structure. However the public key is encoded using a
SubjectPublicKeyInfo structure and an error occurs if the public
key is not \s-1RSA.\s0



.PP
The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a
\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
functions but an error occurs if the private key is not \s-1DSA.\s0


















.PP
The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using
a \s-1DSA\s0 structure. The public key is encoded using a
SubjectPublicKeyInfo structure and an error occurs if the public
key is not \s-1DSA.\s0



.PP






The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0
structure. The parameters are encoded using a foobar structure.


.PP

The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0
structure. The parameters are encoded using a PKCS#3 DHparameter
structure.
.PP
The \fBX509\fR functions process an X509 certificate using an X509


structure. They will also process a trusted X509 certificate but



any trust settings are discarded.


.PP


The \fBX509_AUX\fR functions process a trusted X509 certificate using
an X509 structure.
.PP
The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10
certificate request using an X509_REQ structure. The \fBX509_REQ\fR

write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas
the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR
(as required by some CAs). The \fBX509_REQ\fR read functions will
handle either form so there are no \fBX509_REQ_NEW\fR read functions.

.PP

The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL



structure.



.PP
The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0









structure.
.PP
The \fB\s-1NETSCAPE_CERT_SEQUENCE\s0\fR functions process a Netscape Certificate
Sequence using a \s-1NETSCAPE_CERT_SEQUENCE\s0 structure.


.SH "PEM FUNCTION ARGUMENTS"
.IX Header "PEM FUNCTION ARGUMENTS"







The \s-1PEM\s0 functions have many common arguments.






.PP
The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from
or write to.





.PP
The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to




read from or write to.



.PP


The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return
a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function
uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not

\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written
to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made
to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections).
Irrespective of the value of \fBx\fR a pointer to the structure is always

returned (or \s-1NULL\s0 if an error occurred).
.PP


The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter
which specifies the encryption algorithm to use, encryption is done
at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private


key is written in unencrypted form.


.PP





The \fBcb\fR argument is the callback to use when querying for the pass







phrase used for encrypted \s-1PEM\s0 structures (normally only private keys).



.PP
For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then
\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is




ignored.



.PP


If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not


\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string
to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the
default callback routine is used which will typically prompt for the
passphrase on the current terminal with echoing turned off.
.PP
The default passphrase callback is sometimes inappropriate (for example
in a \s-1GUI\s0 application) so an alternative can be supplied. The callback
routine has the following form:






.PP























.Vb 1
\& int cb(char *buf, int size, int rwflag, void *u);







.Ve

.PP
\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum
length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag
which is set to 0 when reading and 1 when writing. A typical routine
will ask the user to verify the passphrase (for example by prompting
for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same
value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows
arbitrary data to be passed to the callback by the application
(for example a window handle in a \s-1GUI\s0 application). The callback
\&\fBmust\fR return the number of characters in the passphrase or 0 if


an error occurred.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Although the \s-1PEM\s0 routines take several arguments in almost all applications
most of them are set to 0 or \s-1NULL.\s0

.PP







Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0
.PP
.Vb 5

\& X509 *x;
\& x = PEM_read_bio_X509(bp, NULL, 0, NULL);
\& if (x == NULL) {
\&        /* Error */
\& }
.Ve

.PP



Alternative method:



.PP



.Vb 4
\& X509 *x = NULL;
\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
\&        /* Error */
\& }
.Ve
.PP



Write a certificate to a \s-1BIO:\s0
.PP
.Vb 3
\& if (!PEM_write_bio_X509(bp, x)) {
\&        /* Error */


\& }
.Ve
.PP

Write an unencrypted private key to a \s-1FILE\s0 pointer:




.PP

.Vb 3
\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
\&        /* Error */
\& }

.Ve

.PP
Write a private key (using traditional format) to a \s-1BIO\s0 using


triple \s-1DES\s0 encryption, the pass phrase is prompted for:


.PP

.Vb 4
\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
\&     NULL, 0, 0, NULL)) {
\&        /* Error */


\& }

.Ve


.PP
Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple
\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R":

.PP
.Vb 4
\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),

\&     NULL, 0, 0, "hello")) {

\&        /* Error */
\& }
.Ve

.PP
Read a private key from a \s-1BIO\s0 using the pass phrase \*(L"hello\*(R":



.PP

.Vb 4
\& key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");






\& if (key == NULL) {
\&        /* Error */
\& }
.Ve
.PP
Read a private key from a \s-1BIO\s0 using a pass phrase callback:
.PP
.Vb 4
\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");



\& if (key == NULL) {
\&        /* Error */
\& }
.Ve

.PP


Skeleton pass phrase callback:

.PP
.Vb 5


\& int
\& pass_cb(char *buf, int size, int rwflag, void *u)
\& {

\&        int len;
\&        char *tmp;
\&
\&        /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */
\&        printf("Enter pass phrase for \e"%s\e"\en", u);
\&
\&        /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */

\&        tmp = "hello";
\&        len = strlen(tmp);
\&

\&        if (len == 0)

\&                return 0;
\&        /* if too long, truncate */
\&        if (len > size)
\&                len = size;
\&        memcpy(buf, tmp, len);

\&        return len;
\& }



.Ve

.SH "NOTES"
.IX Header "NOTES"

The old \fBPrivateKey\fR write routines are retained for compatibility.




New applications should write private keys using the
\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines
because they are more secure (they use an iteration count of 2048 whereas
the traditional routines use a count of 1) unless compatibility with older

versions of OpenSSL is important.
.PP
The \fBPrivateKey\fR read routines can be used in all applications because
they handle all formats transparently.
.PP
A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like
this:
.PP
.Vb 2
\& X509 *x;
\& PEM_read_bio_X509(bp, &x, 0, NULL);
.Ve
.PP
this is a bug because an attempt will be made to reuse the data at \fBx\fR





which is an uninitialised pointer.








.SH "PEM ENCRYPTION FORMAT"




.IX Header "PEM ENCRYPTION FORMAT"


This old \fBPrivateKey\fR routines use a non standard technique for encryption.
.PP
The private key (or other data) takes the following form:
.PP
.Vb 3

\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
\& Proc\-Type: 4,ENCRYPTED
\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89
\&
\& ...base64 encoded data...
\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
.Ve
.PP


The line beginning DEK-Info contains two comma separated pieces of information:
the encryption algorithm name as used by \fIEVP_get_cipherbyname()\fR and an 8

byte \fBsalt\fR encoded as a set of hexadecimal digits.
.PP












































After this is the base64 encoded encrypted data.






.PP


The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an
iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0
returned by \fIEVP_bytestokey()\fR.



.SH "BUGS"

.IX Header "BUGS"
The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse
an existing structure. Therefore the following:
.PP

.Vb 1



\& PEM_read_bio_X509(bp, &x, 0, NULL);


.Ve
.PP
where \fBx\fR already contains a valid certificate, may not work, whereas:









.PP

.Vb 2















\& X509_free(x);


\& x = PEM_read_bio_X509(bp, NULL, 0, NULL);



.Ve


















.PP


is guaranteed to work.
.SH "RETURN CODES"
.IX Header "RETURN CODES"
The read routines return either a pointer to the structure read or \s-1NULL\s0
if an error occurred.

.PP
The write routines return 1 for success or 0 for failure.











|
>

<
|
|
|
<
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
|
>
>
>
|
>
>
>
>
|
<
<
|
|
|
|
|
|
|
|
|
|
|
|
<
<
<
|
>
>
|
>
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
<
<
>
>
>
|
|
>
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
<
<
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
>
>
>
|
|
|
|
>
>
|
<
>
>
>
>
>
>
>
>
>
|
>
>
|
>
|
>
>
|
<
<
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
|
<
>
>
>
>
|
<
>
|
<
>
>
>
|
>
>
>
|
<
<
|
<
>
>
>
>
>
>
>
|
<
<
<
|
<
>
|
<
<
<
|
<
<
>
|
|
<
>
>
>
|
>
>
>
>
|
<
>
>
>
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
>
>
>
>
|
|
<
>
>
>
|
>
>
>
|
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
>
>
>
|
>
|
<
>
>
>
|
>
>
>
|
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
<
>
>
|
<
>
>
>
>
>
>
>
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
<
>
>
|
<
>
>
>
|
<
|
<
<
<
>
|
<
>
>
|
<
|
<
|
<
>
>
|
<
|
<
|
<
>
>
>
|
>
>
|
<
>
>
>
|
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
|
<
>
>
>
>
|
<
|
<
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
<
>
|
<
>
>
>
>
>
>
|
<
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
<
>
>
|
<
>
>
>
|
<
>
>
|
<
>
>
>
|
<
>
>
>
>
|
|
|
|
|
<
|
|
>
|
|
|
|
<
|
>
>
>
>
>
>
|
>
>
|
>
|
<
<
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
>
>
|
>
|
<
|
|
<
>
|
|
>
>
|
>
|
>
>
>
>
|
<
<
<
>
>
|
<
<
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
|
<
|
|
>
>
|
<
|
>
>
>
>
>
|
>
>
>
>
>
>
|
<
<
<
|
>
>
>
|
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
|
>
>
>
|
>
>
>
>
>
>
|
<
>
>
|
>
|
<
|
|
|
>
>
|
>
>
>
|
>
>
|
>
>
|
<
|
<
|
>
|
<
|
<
>
|
>
|
>
>
>
|
>
>
>
|
<
>
>
>
>
>
>
>
>
>
|
|
<
<
>
>
|
<
>
>
>
>
>
>
>
|
>
>
>
>
>
>
|
<
<
>
>
>
>
>
|
<
>
>
>
>
|
>
>
>
|
>
>
|
<
<
>
|
<
|
<
>
|
|
>
>
|
<
<
>
>
|
>
>
|
>
>
>
>
>
|
>
>
>
>
>
>
>
|
>
>
>
|
<
<
>
>
>
>
|
>
>
>
|
>
>
|
>
>
|
<
<
<
|
<
<
<
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
|
>
|
<
<
<
<
<
<
<
<
<
>
>
|
|
|
|
|
>
|
>
>
>
>
>
>
>
|
|
<
>
|
|
<
<
<
|
>
|
>
>
>
|
>
>
>
|
>
>
>
|
<
<
<
<
|
|
>
>
>
|
<
<
|
|
>
>
|
|
|
>
|
>
>
>
>
|
>
|
<
<
<
>
|
>
|
<
>
>
|
>
>
|
>
|
<
<
<
>
>
|
>
|
>
>
|
<
<
>
|
|
|
>
|
>
|
|
|
>
|
<
>
>
>
|
>
|
<
>
>
>
>
>
>
|
|
<
<
|
|
|
<
<
>
>
>
|
<
<
<
>
|
>
>
|
>
|
<
>
>
|
<
|
>
|
<
<
|
|
<
|
>
|
<
<
>
|
>
|
|
|
|
|
>
|
|
>
>
>
|
>
|
|
>
|
>
>
>
>
|
<
<
|
>
|
|
|
|
|
<
|
|
<
<
<
|
|
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
>
>
>
|
>
>
|
|

<
<
>
|
|
|
|
|
|
|
|
>
>
|
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
|
>
>
|
<
<
>
>
>
|
>
|
<
<
|
>
|
>
>
>
|
>
>
|
|
<
>
>
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
|
<
|
|
>
|
<
>
>
>
>
>
>
>
>
>
>
>
1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38


39
40
41
42
43
44
45
46
47
48
49
50



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146


147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180


181
182
183
184
185
186
187
188
189
190










191
192
193
194
195
196
197
198
199
200

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218


219
220
221
222
223

224
225
226
227
228
229
230

231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247

248
249
250
251
252

253
254

255
256
257
258
259
260
261
262


263

264
265
266
267
268
269
270
271



272

273
274



275


276
277
278

279
280
281
282
283
284
285
286
287

288
289
290
291
292
293
294
295

296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311
312

313
314
315
316
317
318
319
320
321
322

323
324
325
326
327
328
329

330
331
332
333
334
335
336

337
338
339
340

341
342
343
344
345

346
347
348
349
350
351
352
353

354
355
356
357
358
359
360

361
362
363
364

365
366
367
368
369

370
371
372
373
374
375
376
377

378
379
380
381
382
383
384

385
386
387
388
389
390
391
392
393
394

395
396
397
398
399
400
401
402
403
404

405
406
407
408
409
410
411

412
413
414
415
416
417
418

419
420
421
422

423
424
425
426
427

428
429
430
431
432

433
434
435

436
437
438
439
440
441
442
443
444
445
446

447
448
449
450
451

452
453
454
455
456

457
458
459

460
461
462
463

464



465
466

467
468
469

470

471

472
473
474

475

476

477
478
479
480
481
482
483

484
485
486
487
488
489
490

491
492
493
494
495
496
497
498
499
500
501
502
503
504
505

506
507
508
509
510
511
512

513
514
515
516
517

518

519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539


540
541

542
543
544
545
546
547
548

549
550
551
552

553
554
555
556
557

558
559
560
561
562

563
564
565

566
567
568
569

570
571
572

573
574
575
576

577
578
579
580
581
582
583
584
585

586
587
588
589
590
591
592

593
594
595
596
597
598
599
600
601
602
603
604
605


606
607
608
609
610
611
612
613
614
615
616
617

618
619
620
621
622
623
624

625
626

627
628
629
630
631
632
633
634
635
636
637
638
639



640
641
642


643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661

662
663
664
665
666

667
668
669
670
671
672
673
674
675
676
677
678
679
680



681
682
683
684
685



686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704



705
706
707
708
709
710
711
712
713
714
715
716

717
718
719
720
721

722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737

738

739
740
741

742

743
744
745
746
747
748
749
750
751
752
753
754

755
756
757
758
759
760
761
762
763
764
765


766
767
768

769
770
771
772
773
774
775
776
777
778
779
780
781
782
783


784
785
786
787
788
789

790
791
792
793
794
795
796
797
798
799
800
801


802
803

804

805
806
807
808
809
810


811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834


835
836
837
838
839
840
841
842
843
844
845
846
847
848
849



850



851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881

882
883
884
885
886
887
888
889
890
891









892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909

910
911
912



913
914
915
916
917
918
919
920
921
922
923
924
925
926
927




928
929
930
931
932
933


934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949



950
951
952
953

954
955
956
957
958
959
960
961



962
963
964
965
966
967
968
969


970
971
972
973
974
975
976
977
978
979
980
981

982
983
984
985
986
987

988
989
990
991
992
993
994
995


996
997
998


999
1000
1001
1002



1003
1004
1005
1006
1007
1008
1009

1010
1011
1012

1013
1014
1015


1016
1017

1018
1019
1020


1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045


1046
1047
1048
1049
1050
1051
1052

1053
1054



1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082


1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153


1154
1155
1156
1157
1158
1159


1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170

1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228

1229
1230
1231
1232

1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
.\"	$OpenBSD: PEM_read_bio_PrivateKey.3,v 1.7 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"


.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.



.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PEM_READ_BIO_PRIVATEKEY 3
.Os
.Sh NAME
.Nm PEM_read_bio_PrivateKey ,
.Nm PEM_read_PrivateKey ,
.Nm PEM_write_bio_PrivateKey ,
.Nm PEM_write_PrivateKey ,
.Nm PEM_write_bio_PKCS8PrivateKey ,
.Nm PEM_write_PKCS8PrivateKey ,
.Nm PEM_write_bio_PKCS8PrivateKey_nid ,
.Nm PEM_write_PKCS8PrivateKey_nid ,
.Nm PEM_read_bio_PKCS8 ,
.Nm PEM_read_PKCS8 ,
.Nm PEM_write_bio_PKCS8 ,
.Nm PEM_write_PKCS8 ,
.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_read_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_write_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_read_bio_PUBKEY ,
.Nm PEM_read_PUBKEY ,
.Nm PEM_write_bio_PUBKEY ,
.Nm PEM_write_PUBKEY ,
.Nm PEM_read_bio_RSAPrivateKey ,
.Nm PEM_read_RSAPrivateKey ,
.Nm PEM_write_bio_RSAPrivateKey ,
.Nm PEM_write_RSAPrivateKey ,
.Nm PEM_read_bio_RSAPublicKey ,
.Nm PEM_read_RSAPublicKey ,
.Nm PEM_write_bio_RSAPublicKey ,
.Nm PEM_write_RSAPublicKey ,
.Nm PEM_read_bio_RSA_PUBKEY ,
.Nm PEM_read_RSA_PUBKEY ,
.Nm PEM_write_bio_RSA_PUBKEY ,
.Nm PEM_write_RSA_PUBKEY ,
.Nm PEM_read_bio_DSAPrivateKey ,
.Nm PEM_read_DSAPrivateKey ,
.Nm PEM_write_bio_DSAPrivateKey ,
.Nm PEM_write_DSAPrivateKey ,
.Nm PEM_read_bio_DSA_PUBKEY ,
.Nm PEM_read_DSA_PUBKEY ,
.Nm PEM_write_bio_DSA_PUBKEY ,
.Nm PEM_write_DSA_PUBKEY ,
.Nm PEM_read_bio_DSAparams ,
.Nm PEM_read_DSAparams ,
.Nm PEM_write_bio_DSAparams ,
.Nm PEM_write_DSAparams ,
.Nm PEM_read_bio_DHparams ,
.Nm PEM_read_DHparams ,
.Nm PEM_write_bio_DHparams ,
.Nm PEM_write_DHparams ,
.Nm PEM_read_bio_ECPKParameters ,
.Nm PEM_read_ECPKParameters ,
.Nm PEM_write_bio_ECPKParameters ,
.Nm PEM_write_ECPKParameters ,
.Nm PEM_read_bio_ECPrivateKey ,
.Nm PEM_read_ECPrivateKey ,
.Nm PEM_write_bio_ECPrivateKey ,
.Nm PEM_write_ECPrivateKey ,
.Nm PEM_read_bio_EC_PUBKEY ,
.Nm PEM_read_EC_PUBKEY ,
.Nm PEM_write_bio_EC_PUBKEY ,
.Nm PEM_write_EC_PUBKEY ,
.Nm PEM_read_bio_X509 ,
.Nm PEM_read_X509 ,
.Nm PEM_write_bio_X509 ,
.Nm PEM_write_X509 ,
.Nm PEM_read_bio_X509_AUX ,
.Nm PEM_read_X509_AUX ,
.Nm PEM_write_bio_X509_AUX ,
.Nm PEM_write_X509_AUX ,
.Nm PEM_read_bio_X509_REQ ,
.Nm PEM_read_X509_REQ ,
.Nm PEM_write_bio_X509_REQ ,
.Nm PEM_write_X509_REQ ,
.Nm PEM_write_bio_X509_REQ_NEW ,
.Nm PEM_write_X509_REQ_NEW ,
.Nm PEM_read_bio_X509_CRL ,
.Nm PEM_read_X509_CRL ,
.Nm PEM_write_bio_X509_CRL ,
.Nm PEM_write_X509_CRL ,
.Nm PEM_read_bio_PKCS7 ,
.Nm PEM_read_PKCS7 ,
.Nm PEM_write_bio_PKCS7 ,
.Nm PEM_write_PKCS7 ,
.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
.Nm PEM_read_NETSCAPE_CERT_SEQUENCE ,
.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
.Nm PEM_write_NETSCAPE_CERT_SEQUENCE
.Nd PEM routines
.Sh SYNOPSIS
.In openssl/pem.h
.Ft EVP_PKEY *
.Fo PEM_read_bio_PrivateKey


.Fa "BIO *bp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EVP_PKEY *
.Fo PEM_read_PrivateKey
.Fa "FILE *fp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PrivateKey
.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_PrivateKey
.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8PrivateKey


.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_PKCS8PrivateKey










.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8PrivateKey_nid

.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fa "int nid"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_PKCS8PrivateKey_nid
.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fa "int nid"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc


.Ft X509_SIG *
.Fo PEM_read_bio_PKCS8
.Fa "BIO *bp"
.Fa "X509_SIG **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft X509_SIG *
.Fo PEM_read_PKCS8
.Fa "FILE *fp"
.Fa "X509_SIG **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8
.Fa "BIO *bp"
.Fa "X509_SIG *x"
.Fc
.Ft int
.Fo PEM_write_PKCS8
.Fa "FILE *fp"
.Fa "X509_SIG *x"
.Fc
.Ft PKCS8_PRIV_KEY_INFO *
.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO
.Fa "BIO *bp"
.Fa "PKCS8_PRIV_KEY_INFO **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft PKCS8_PRIV_KEY_INFO *
.Fo PEM_read_PKCS8_PRIV_KEY_INFO
.Fa "FILE *fp"

.Fa "PKCS8_PRIV_KEY_INFO **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO
.Fa "BIO *bp"
.Fa "PKCS8_PRIV_KEY_INFO *x"
.Fc
.Ft int


.Fo PEM_write_PKCS8_PRIV_KEY_INFO

.Fa "FILE *fp"
.Fa "PKCS8_PRIV_KEY_INFO *x"
.Fc
.Ft EVP_PKEY *
.Fo PEM_read_bio_PUBKEY
.Fa "BIO *bp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"



.Fa "void *u"

.Fc
.Ft EVP_PKEY *



.Fo PEM_read_PUBKEY


.Fa "FILE *fp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PUBKEY
.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fc
.Ft int
.Fo PEM_write_PUBKEY

.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fc
.Ft RSA *
.Fo PEM_read_bio_RSAPrivateKey
.Fa "BIO *bp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_RSAPrivateKey
.Fa "FILE *fp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_RSAPrivateKey
.Fa "BIO *bp"
.Fa "RSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_RSAPrivateKey
.Fa "FILE *fp"
.Fa "RSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_bio_RSAPublicKey
.Fa "BIO *bp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_RSAPublicKey
.Fa "FILE *fp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_RSAPublicKey

.Fa "BIO *bp"
.Fa "RSA *x"
.Fc
.Ft int
.Fo PEM_write_RSAPublicKey

.Fa "FILE *fp"
.Fa "RSA *x"
.Fc
.Ft RSA *
.Fo PEM_read_bio_RSA_PUBKEY
.Fa "BIO *bp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_RSA_PUBKEY
.Fa "FILE *fp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_RSA_PUBKEY

.Fa "BIO *bp"
.Fa "RSA *x"
.Fc
.Ft int
.Fo PEM_write_RSA_PUBKEY

.Fa "FILE *fp"
.Fa "RSA *x"
.Fc
.Ft DSA *
.Fo PEM_read_bio_DSAPrivateKey
.Fa "BIO *bp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_DSAPrivateKey
.Fa "FILE *fp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DSAPrivateKey
.Fa "BIO *bp"
.Fa "DSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_DSAPrivateKey
.Fa "FILE *fp"
.Fa "DSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_bio_DSA_PUBKEY
.Fa "BIO *bp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_DSA_PUBKEY
.Fa "FILE *fp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DSA_PUBKEY

.Fa "BIO *bp"
.Fa "DSA *x"
.Fc
.Ft int
.Fo PEM_write_DSA_PUBKEY

.Fa "FILE *fp"
.Fa "DSA *x"
.Fc
.Ft DSA *
.Fo PEM_read_bio_DSAparams

.Fa "BIO *bp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_DSAparams
.Fa "FILE *fp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DSAparams

.Fa "BIO *bp"
.Fa "DSA *x"
.Fc
.Ft int
.Fo PEM_write_DSAparams

.Fa "FILE *fp"
.Fa "DSA *x"
.Fc
.Ft DH *
.Fo PEM_read_bio_DHparams

.Fa "BIO *bp"
.Fa "DH **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft DH *
.Fo PEM_read_DHparams

.Fa "FILE *fp"



.Fa "DH **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int

.Fo PEM_write_bio_DHparams

.Fa "BIO *bp"

.Fa "DH *x"
.Fc
.Ft int

.Fo PEM_write_DHparams

.Fa "FILE *fp"

.Fa "DH *x"
.Fc
.Ft EC_GROUP *
.Fo PEM_read_bio_ECPKParameters
.Fa "BIO *bp"
.Fa "EC_GROUP **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft EC_GROUP *
.Fo PEM_read_ECPKParameters
.Fa "FILE *fp"
.Fa "EC_GROUP **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_ECPKParameters
.Fa "BIO *bp"
.Fa "const EC_GROUP *x"
.Fc
.Ft int
.Fo PEM_write_ECPKParameters
.Fa "FILE *fp"
.Fa "const EC_GROUP *x"
.Fc
.Ft EC_KEY *
.Fo PEM_read_bio_ECPrivateKey
.Fa "BIO *bp"

.Fa "EC_KEY **key"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EC_KEY *
.Fo PEM_read_ECPrivateKey
.Fa "FILE *fp"

.Fa "EC_KEY **eckey"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int

.Fo PEM_write_bio_ECPrivateKey

.Fa "BIO *bp"
.Fa "EC_KEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_ECPrivateKey
.Fa "FILE *fp"
.Fa "EC_KEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EC_KEY *
.Fo PEM_read_bio_EC_PUBKEY
.Fa "BIO *bp"


.Fa "EC_KEY **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft EC_KEY *
.Fo PEM_read_EC_PUBKEY
.Fa "FILE *fp"
.Fa "EC_KEY **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_EC_PUBKEY

.Fa "BIO *bp"
.Fa "EC_KEY *x"
.Fc
.Ft int
.Fo PEM_write_EC_PUBKEY

.Fa "FILE *fp"
.Fa "EC_KEY *x"
.Fc
.Ft X509 *
.Fo PEM_read_bio_X509

.Fa "BIO *bp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft X509 *
.Fo PEM_read_X509

.Fa "FILE *fp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"

.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509

.Fa "BIO *bp"
.Fa "X509 *x"
.Fc
.Ft int
.Fo PEM_write_X509
.Fa "FILE *fp"
.Fa "X509 *x"
.Fc
.Ft X509 *

.Fo PEM_read_bio_X509_AUX
.Fa "BIO *bp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509 *

.Fo PEM_read_X509_AUX
.Fa "FILE *fp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509_AUX
.Fa "BIO *bp"
.Fa "X509 *x"
.Fc
.Ft int
.Fo PEM_write_X509_AUX


.Fa "FILE *fp"
.Fa "X509 *x"
.Fc
.Ft X509_REQ *
.Fo PEM_read_bio_X509_REQ
.Fa "BIO *bp"
.Fa "X509_REQ **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509_REQ *
.Fo PEM_read_X509_REQ

.Fa "FILE *fp"
.Fa "X509_REQ **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509_REQ

.Fa "BIO *bp"
.Fa "X509_REQ *x"

.Fc
.Ft int
.Fo PEM_write_X509_REQ
.Fa "FILE *fp"
.Fa "X509_REQ *x"
.Fc
.Ft int
.Fo PEM_write_bio_X509_REQ_NEW
.Fa "BIO *bp"
.Fa "X509_REQ *x"
.Fc
.Ft int
.Fo PEM_write_X509_REQ_NEW



.Fa "FILE *fp"
.Fa "X509_REQ *x"
.Fc


.Ft X509_CRL *
.Fo PEM_read_bio_X509_CRL
.Fa "BIO *bp"
.Fa "X509_CRL **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509_CRL *
.Fo PEM_read_X509_CRL
.Fa "FILE *fp"
.Fa "X509_CRL **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509_CRL
.Fa "BIO *bp"
.Fa "X509_CRL *x"
.Fc

.Ft int
.Fo PEM_write_X509_CRL
.Fa "FILE *fp"
.Fa "X509_CRL *x"
.Fc

.Ft PKCS7 *
.Fo PEM_read_bio_PKCS7
.Fa "BIO *bp"
.Fa "PKCS7 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft PKCS7 *
.Fo PEM_read_PKCS7
.Fa "FILE *fp"
.Fa "PKCS7 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc



.Ft int
.Fo PEM_write_bio_PKCS7
.Fa "BIO *bp"
.Fa "PKCS7 *x"
.Fc



.Ft int
.Fo PEM_write_PKCS7
.Fa "FILE *fp"
.Fa "PKCS7 *x"
.Fc
.Ft NETSCAPE_CERT_SEQUENCE *
.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE
.Fa "BIO *bp"
.Fa "NETSCAPE_CERT_SEQUENCE **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft NETSCAPE_CERT_SEQUENCE *
.Fo PEM_read_NETSCAPE_CERT_SEQUENCE
.Fa "FILE *fp"
.Fa "NETSCAPE_CERT_SEQUENCE **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc



.Ft int
.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE
.Fa "BIO *bp"
.Fa "NETSCAPE_CERT_SEQUENCE *x"
.Fc
.Ft int
.Fo PEM_write_NETSCAPE_CERT_SEQUENCE
.Fa "FILE *fp"
.Fa "NETSCAPE_CERT_SEQUENCE *x"
.Fc
.Sh DESCRIPTION
The PEM functions read or write structures in PEM format.

In this sense PEM format is simply base64-encoded data surrounded by
header lines.
.Pp
For more details about the meaning of arguments see the
.Sx PEM function arguments

section.
.Pp
Each operation has four functions associated with it.
For clarity the term
.Dq Sy foobar No functions
will be used to collectively refer to the
.Fn PEM_read_bio_foobar ,
.Fn PEM_read_foobar ,
.Fn PEM_write_bio_foobar ,
and
.Fn PEM_write_foobar
functions.
.Pp
The
.Sy PrivateKey
functions read or write a private key in PEM format using an

.Vt EVP_PKEY

structure.
The write routines use "traditional" private key format and can handle
both RSA and DSA private keys.

The read functions can additionally transparently handle PKCS#8 format

encrypted and unencrypted keys too.
.Pp
.Fn PEM_write_bio_PKCS8PrivateKey
and
.Fn PEM_write_PKCS8PrivateKey
write a private key in an
.Vt EVP_PKEY
structure in PKCS#8
.Vt EncryptedPrivateKeyInfo
format using PKCS#5 v2.0 password based encryption algorithms.
The
.Fa enc

argument specifies the encryption algorithm to use: unlike all other PEM
routines, the encryption is applied at the PKCS#8 level and not in the
PEM headers.
If
.Fa enc
is
.Dv NULL ,
then no encryption is used and a PKCS#8
.Vt PrivateKeyInfo
structure is used instead.
.Pp


.Fn PEM_write_bio_PKCS8PrivateKey_nid
and
.Fn PEM_write_PKCS8PrivateKey_nid

also write out a private key as a PKCS#8
.Vt EncryptedPrivateKeyInfo .
However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
The algorithm to use is specified in the
.Fa nid
parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
.Pp
The
.Sy PKCS8
functions process an encrypted private key using an
.Vt X509_SIG
structure and the
.Xr d2i_X509_SIG 3
function.
.Pp


The
.Sy PKCS8_PRIV_KEY_INFO
functions process a private key using a
.Vt PKCS8_PRIV_KEY_INFO
structure.
.Pp

The
.Sy PUBKEY
functions process a public key using an
.Vt EVP_PKEY
structure.
The public key is encoded as an ASN.1
.Vt SubjectPublicKeyInfo
structure.
.Pp
The
.Sy RSAPrivateKey
functions process an RSA private key using an


.Vt RSA
structure.

They handle the same formats as the

.Sy PrivateKey
functions, but an error occurs if the private key is not RSA.
.Pp
The
.Sy RSAPublicKey
functions process an RSA public key using an


.Vt RSA
structure.
The public key is encoded using a PKCS#1
.Vt RSAPublicKey
structure.
.Pp
The
.Sy RSA_PUBKEY
functions also process an RSA public key using an
.Vt RSA
structure.
However the public key is encoded using an ASN.1
.Vt SubjectPublicKeyInfo
structure and an error occurs if the public key is not RSA.
.Pp
The
.Sy DSAPrivateKey
functions process a DSA private key using a
.Vt DSA
structure.
They handle the same formats as the
.Sy PrivateKey
functions but an error occurs if the private key is not DSA.
.Pp


The
.Sy DSA_PUBKEY
functions process a DSA public key using a
.Vt DSA
structure.
The public key is encoded using an ASN.1
.Vt SubjectPublicKeyInfo
structure and an error occurs if the public key is not DSA.
.Pp
The
.Sy DSAparams
functions process DSA parameters using a
.Vt DSA
structure.
The parameters are encoded using a Dss-Parms structure as defined in RFC 2459.



.Pp



The
.Sy DHparams
functions process DH parameters using a
.Vt DH
structure.
The parameters are encoded using a PKCS#3 DHparameter structure.
.Pp
The
.Sy ECPKParameters
functions process EC parameters using an
.Vt EC_GROUP
structure and the
.Xr d2i_ECPKParameters 3
function.
.Pp
The
.Sy ECPrivateKey
functions process an EC private key using an
.Vt EC_KEY
structure.
.Pp
The
.Sy EC_PUBKEY
functions process an EC public key using an
.Vt EC_KEY
structure.
.Pp
The
.Sy X509
functions process an X509 certificate using an
.Vt X509

structure.
They will also process a trusted X509 certificate but any trust settings
are discarded.
.Pp
The
.Sy X509_AUX
functions process a trusted X509 certificate using an
.Vt X509
structure.
.Pp









The
.Sy X509_REQ
and
.Sy X509_REQ_NEW
functions process a PKCS#10 certificate request using an
.Vt X509_REQ
structure.
The
.Sy X509_REQ
write functions use CERTIFICATE REQUEST in the header whereas the
.Sy X509_REQ_NEW
functions use NEW CERTIFICATE REQUEST (as required by some CAs).
The
.Sy X509_REQ
read functions will handle either form so there are no
.Sy X509_REQ_NEW
read functions.
.Pp

The
.Sy X509_CRL
functions process an X509 CRL using an



.Vt X509_CRL
structure.
.Pp
The
.Sy PKCS7
functions process a PKCS#7
.Vt ContentInfo
using a
.Vt PKCS7
structure.
.Pp
The
.Sy NETSCAPE_CERT_SEQUENCE
functions process a Netscape Certificate Sequence using a
.Vt NETSCAPE_CERT_SEQUENCE




structure.
.Pp
The old
.Sy PrivateKey
write routines are retained for compatibility.
New applications should write private keys using the


.Fn PEM_write_bio_PKCS8PrivateKey
or
.Fn PEM_write_PKCS8PrivateKey
routines because they are more secure (they use an iteration count of
2048 whereas the traditional routines use a count of 1) unless
compatibility with older versions of OpenSSL is important.
.Pp
The
.Sy PrivateKey
read routines can be used in all applications because they handle all
formats transparently.
.Ss PEM function arguments
The PEM functions have many common arguments.
.Pp
The
.Fa bp



parameter specifies the
.Vt BIO
to read from or write to.
.Pp

The
.Fa fp
parameter specifies the
.Vt FILE
pointer to read from or write to.
.Pp
The PEM read functions all take a pointer to pointer argument
.Fa x



and return a pointer of the same type.
If
.Fa x
is
.Dv NULL ,
then the parameter is ignored.
If
.Fa x


is not
.Dv NULL
but
.Pf * Fa x
is
.Dv NULL ,
then the structure returned will be written to
.Pf * Fa x .
If neither
.Fa x
nor
.Pf * Fa x

are
.Dv NULL ,
then an attempt is made to reuse the structure at
.Pf * Fa x ,
but see the
.Sx BUGS

and
.Sx EXAMPLES
sections.
Irrespective of the value of
.Fa x ,
a pointer to the structure is always returned, or
.Dv NULL
if an error occurred.


.Pp
The PEM functions which write private keys take an
.Fa enc


parameter, which specifies the encryption algorithm to use.
Encryption is done at the PEM level.
If this parameter is set to
.Dv NULL ,



then the private key is written in unencrypted form.
.Pp
The
.Fa cb
argument is the callback to use when querying for the passphrase used
for encrypted PEM structures (normally only private keys).
.Pp

For the PEM write routines, if the
.Fa kstr
parameter is not

.Dv NULL ,
then
.Fa klen


bytes at
.Fa kstr

are used as the passphrase and
.Fa cb
is ignored.


.Pp
If the
.Fa cb
parameter is set to
.Dv NULL
and the
.Fa u
parameter is not
.Dv NULL ,
then the
.Fa u
parameter is interpreted as a null terminated string to use as the
passphrase.
If both
.Fa cb
and
.Fa u
are
.Dv NULL ,
then the default callback routine is used, which will typically
prompt for the passphrase on the current terminal with echoing
turned off.
.Pp
The default passphrase callback is sometimes inappropriate (for example
in a GUI application) so an alternative can be supplied.


The callback routine has the following form:
.Bd -filled -offset inset
.Ft int
.Fo cb
.Fa "char *buf"
.Fa "int size"
.Fa "int rwflag"

.Fa "void *u"
.Fc



.Ed
.Pp
.Fa buf
is the buffer to write the passphrase to.
.Fa size
is the maximum length of the passphrase, i.e. the size of
.Fa buf .
.Fa rwflag
is a flag which is set to 0 when reading and 1 when writing.
A typical routine will ask the user to verify the passphrase (for
example by prompting for it twice) if
.Fa rwflag
is 1.
The
.Fa u
parameter has the same value as the
.Fa u
parameter passed to the PEM routine.
It allows arbitrary data to be passed to the callback by the application
(for example a window handle in a GUI application).
The callback must return the number of characters in the passphrase
or 0 if an error occurred.
.Ss PEM encryption format
This old
.Sy PrivateKey
routines use a non-standard technique for encryption.
.Pp
The private key (or other data) takes the following form:


.Bd -literal -offset indent
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89

\&...base64 encoded data...
-----END RSA PRIVATE KEY-----
.Ed
.Pp
The line beginning with
.Dq DEK-Info
contains two comma separated pieces of information:
the encryption algorithm name as used by
.Xr EVP_get_cipherbyname 3
and an 8-byte salt encoded as a set of hexadecimal digits.
.Pp
After this is the base64-encoded encrypted data.
.Pp
The encryption key is determined using
.Xr EVP_BytesToKey 3 ,
using the salt and an iteration count of 1.
The IV used is the value of the salt and *not* the IV returned by
.Xr EVP_BytesToKey 3 .
.Sh RETURN VALUES
The read routines return either a pointer to the structure read or
.Dv NULL
if an error occurred.
.Pp
The write routines return 1 for success or 0 for failure.
.Sh EXAMPLES
Although the PEM routines take several arguments, in almost all
applications most of them are set to 0 or
.Dv NULL .
.Pp
Read a certificate in PEM format from a
.Vt BIO :
.Bd -literal -offset indent
X509 *x;
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
if (x == NULL) {
	/* Error */
}
.Ed
.Pp
Alternative method:
.Bd -literal -offset indent
X509 *x = NULL;
if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
	/* Error */
}
.Ed
.Pp
Write a certificate to a
.Vt BIO :
.Bd -literal -offset indent
if (!PEM_write_bio_X509(bp, x)) {
	/* Error */
}
.Ed
.Pp
Write an unencrypted private key to a
.Vt FILE :
.Bd -literal -offset indent
if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
	/* Error */
}
.Ed
.Pp
Write a private key (using traditional format) to a
.Vt BIO
using triple DES encryption; the pass phrase is prompted for:


.Bd -literal -offset indent
if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
    NULL, 0, 0, NULL)) {
	/* Error */
}
.Ed


.Pp
Write a private key (using PKCS#8 format) to a
.Vt BIO
using triple DES encryption, using the pass phrase "hello":
.Bd -literal -offset indent
if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
    NULL, 0, 0, "hello")) {
	/* Error */
}
.Ed
.Pp

Read a private key from a
.Vt BIO
using the pass phrase "hello":
.Bd -literal -offset indent
key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
if (key == NULL) {
	/* Error */
}
.Ed
.Pp
Read a private key from a
.Vt BIO
using a pass phrase callback:
.Bd -literal -offset indent
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
if (key == NULL) {
	/* Error */
}
.Ed
.Pp
Skeleton pass phrase callback:
.Bd -literal -offset indent
int
pass_cb(char *buf, int size, int rwflag, void *u)
{
	int len;
	char *tmp;

	/* We'd probably do something else if 'rwflag' is 1 */
	printf("Enter pass phrase for \e"%s\e"\en", u);

	/* get pass phrase, length 'len' into 'tmp' */
	tmp = "hello";
	len = strlen(tmp);

	if (len == 0)
		return 0;
	/* if too long, truncate */
	if (len > size)
		len = size;
	memcpy(buf, tmp, len);
	return len;
}
.Ed
.Sh SEE ALSO
.Xr BIO_new 3
.Sh CAVEATS
A frequent cause of problems is attempting to use the PEM routines like
this:
.Bd -literal -offset indent
X509 *x;
PEM_read_bio_X509(bp, &x, 0, NULL);
.Ed
.Pp
This is a bug because an attempt will be made to reuse the data at
.Fa x ,
which is an uninitialised pointer.
.Sh BUGS

The PEM read routines in some versions of OpenSSL will not correctly
reuse an existing structure.
Therefore
.Pp

.Dl PEM_read_bio_X509(bp, &x, 0, NULL);
.Pp
where
.Fa x
already contains a valid certificate may not work, whereas
.Bd -literal -offset indent
X509_free(x);
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
.Ed
.Pp
is guaranteed to work.
Deleted jni/libressl/man/PEM_write_bio_CMS_stream.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_CMS_stream 3"
.TH PEM_write_bio_CMS_stream 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/cms.h>
\& #include <openssl/pem.h>
\&
\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format.
.PP
It is otherwise identical to the function \fISMIME_write_CMS()\fR.
.SH "NOTES"
.IX Header "NOTES"
This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting
streaming.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
\&\fICMS_decrypt\fR\|(3),
\&\fISMIME_write_CMS\fR\|(3),
\&\fIi2d_CMS_bio_stream\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































Changes to jni/libressl/man/PEM_write_bio_PKCS7_stream.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53





54
55





56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73




74
75
76
77




78
79

80
81
82
83
84
85
86
87
88
89
90
91
92
93

94
95
96

97
98
99

100
101
102
103
104

105
106
107
108
109

110
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"





.\" Avoid warning from groff about undefined register 'F'.
.de IX





..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_PKCS7_stream 3"




.TH PEM_write_bio_PKCS7_stream 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l




.nh
.SH "NAME"

PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/pkcs7.h>
\& #include <openssl/pem.h>
\&
\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format.
.PP
It is otherwise identical to the function \fISMIME_write_PKCS7()\fR.

.SH "NOTES"
.IX Header "NOTES"
This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting

streaming.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)

\&\fIPKCS7_decrypt\fR\|(3),
\&\fISMIME_write_PKCS7\fR\|(3),
\&\fIi2d_PKCS7_bio_stream\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0
|
>

<
|
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
|
|
>
>
>
>
>
|
|
|
<
<
<
<
|
<
<
<
<
<
|
<
<
<
|
>
>
>
>
|
<
<
<
>
>
>
>
|
|
>
|
<
<
<
<
<
<
<
<
<
<
<
|
|
>
|
<
|
>
|
|
<
>
|
|
|
|
|
>
|
|
<
|
<
>
|
1
2
3

4
5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26

27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52




53





54



55
56
57
58
59
60



61
62
63
64
65
66
67
68











69
70
71
72

73
74
75
76

77
78
79
80
81
82
83
84
85

86

87
88
.\"	$OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.7 2016/12/14 21:22:06 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2007, 2009, 2016 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 14 2016 $
.Dt PEM_WRITE_BIO_PKCS7_STREAM 3




.Os





.Sh NAME



.Nm PEM_write_bio_PKCS7_stream
.Nd output PKCS7 structure in PEM format
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft int
.Fo PEM_write_bio_PKCS7_stream



.Fa "BIO *out"
.Fa "PKCS7 *p7"
.Fa "BIO *data"
.Fa "int flags"
.Fc
.Sh DESCRIPTION
.Fn PEM_write_bio_PKCS7_stream
outputs a PKCS7 structure in PEM format.











.Pp
It is otherwise identical to the function
.Xr SMIME_write_PKCS7 3 .
.Pp

This function is effectively a version of
.Xr PEM_write_bio_PKCS7 3
supporting streaming.
.Sh RETURN VALUES

.Fn PEM_write_bio_PKCS7_stream
returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ERR_get_error 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
.Xr PEM_write_PKCS7 3 ,
.Xr PKCS7_new 3 ,
.Xr SMIME_write_PKCS7 3

.Sh HISTORY

.Fn PEM_write_bio_PKCS7_stream
was added to OpenSSL 1.0.0.
Added jni/libressl/man/PKCS12_SAFEBAG_new.3.






























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
.\"	$OpenBSD: PKCS12_SAFEBAG_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PKCS12_SAFEBAG_NEW 3
.Os
.Sh NAME
.Nm PKCS12_SAFEBAG_new ,
.Nm PKCS12_SAFEBAG_free ,
.Nm PKCS12_BAGS_new ,
.Nm PKCS12_BAGS_free
.Nd PKCS#12 container for one piece of information
.Sh SYNOPSIS
.In openssl/pkcs12.h
.Ft PKCS12_SAFEBAG *
.Fn PKCS12_SAFEBAG_new void
.Ft void
.Fn PKCS12_SAFEBAG_free "PKCS12_SAFEBAG *safebag"
.Ft PKCS12_BAGS *
.Fn PKCS12_BAGS_new void
.Ft void
.Fn PKCS12_BAGS_free "PKCS12_BAGS *bag"
.Sh DESCRIPTION
.Fn PKCS12_SAFEBAG_new
allocates and initializes an empty
.Vt PKCS12_SAFEBAG
object, representing an ASN.1
.Vt SafeBag
structure defined in RFC 7292 section 4.2.
It can hold a pointer to a
.Vt PKCS12_BAGS
object together with a type identifier and optional attributes.
.Fn PKCS12_SAFEBAG_free
frees
.Fa safebag .
.Pp
.Fn PKCS12_BAGS_new
allocates and initializes an empty
.Vt PKCS12_BAGS
object, representing the bagValue field of an ASN.1
.Vt SafeBag
structure.
It is used in
.Vt PKCS12_SAFEBAG
and can hold a DER-encoded X.509 certificate,
a base64-encoded SDSI certificate,
a DER-encoded X.509 CRL,
or other user-defined information.
.Pp
If an instance of
.Vt PKCS12_SAFEBAG
contains
.Vt PKCS8_PRIV_KEY_INFO ,
.Vt X509_SIG ,
or nested
.Vt PKCS12_SAFEBAG
objects, the respective pointers are stored directly in the
.Vt PKCS12_SAFEBAG
object rather than in the contained
.Vt PKCS12_BAGS
object as required by RFC 7292.
.Sh RETURN VALUES
.Fn PKCS12_SAFEBAG_new
and
.Fn PKCS12_BAGS_new
return the new
.Vt PKCS12_SAFEBAG
or
.Vt PKCS12_BAGS
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr PKCS12_new 3 ,
.Xr PKCS8_PRIV_KEY_INFO_new 3 ,
.Xr X509_ATTRIBUTE_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_new 3 ,
.Xr X509_SIG_new 3
.Sh STANDARDS
RFC 7292: PKCS #12: Personal Information Exchange Syntax,
section 4.2: The SafeBag Type
Changes to jni/libressl/man/PKCS12_create.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28
29
30

31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48






49
50
51


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

70
71

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

87



88

89
90
91
92
93

94



95



96

97


98

99
100



101
102




103
104

105

106


107
108

109
110
111
112






113
114
115
116
117
118
119
120


121
122

123
124



125

126
127
128
129
130
131



132



133
134
135
136
137
138
139
140
141





142



143
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"






.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the


.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}

.rr rF
.\" ========================================================================

.\"
.IX Title "PKCS12_create 3"
.TH PKCS12_create 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS12_create \- create a PKCS#12 structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs12.h>
\&
\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey,

\&       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,



\&       int iter, int mac_iter, int keytype);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS12_create()\fR creates a PKCS#12 structure.
.PP

\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for



the supplied certificate and key. \fBpkey\fR is the private key to include in



the structure and \fBcert\fR its corresponding certificates. \fBca\fR is an optional

set of certificates to also include in the structure.


Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or

certificate is required.
.PP



\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used
for the key and certificate respectively. If either \fBnid_key\fR or \fBnid_cert\fR




is set to \-1, no encryption will be used.
.PP

\&\fBiter\fR is the encryption algorithm iteration count to use and \fBmac_iter\fR is

the \s-1MAC\s0 iteration count to use. If \fBmac_iter\fR is set to \-1, the \s-1MAC\s0 will be


omitted entirely.
.PP

\&\fBkeytype\fR is the type of key.
.SH "NOTES"
.IX Header "NOTES"
The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR






can all be set to zero and sensible defaults will be used.
.PP
These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER
\&\s0(currently 2048) and a \s-1MAC\s0 iteration count of 1.
.PP
The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility


is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0
.PP

\&\fBkeytype\fR adds a flag to the store private key. This is a non standard
extension that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag



is omitted, if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set

to \fB\s-1KEY_EX\s0\fR it can be used for signing and encryption. This option was useful
for old export grade software which could use signing only keys of arbitrary
size but had restrictions on the permissible sizes of keys which could be used
for encryption.
.PP
If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be



used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the



\&\s-1PKCS12\s0 structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fId2i_PKCS12\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
PKCS12_create was added in OpenSSL 0.9.3.
.PP
Before OpenSSL 0.9.8, neither \fBpkey\fR nor \fBcert\fR were allowed to be \fB\s-1NULL\s0\fR,





and a value of \fB\-1\fR was not allowed for \fBnid_key\fR, \fBnid_cert\fR and



\&\fBmac_iter\fR.
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
<
<
<
<
|
<
|
|
<
<
>
|
|
|
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
|
|
|
>
>
|

<
<
|
|
<
<
<
<
<
|
<
<
<
<
|
|
>
|
<
>
|
|
<
<
<
<
<
|
<
|
<
<
<
<
|
>
|
>
>
>
|
>
|
|
|
|
|
>
|
>
>
>
|
>
>
>
|
>
|
>
>
|
>
|
|
>
>
>
|
|
>
>
>
>
|
|
>
|
>
|
>
>
|
|
>
|
|
<
|
>
>
>
>
>
>

|
|
|
|
|
|
|
>
>
|
|
>
|
|
>
>
>
|
>
|
|
|
|
|
|
>
>
>
|
>
>
>
|
|
<
|
|
<

|
|
>
>
>
>
>
|
>
>
>
|
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20




21

22
23


24
25
26
27

28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52





53




54
55
56
57

58
59
60





61

62




63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

158
159

160
161
162
163
164
165
166
167
168
169
170
171
172
.\"	$OpenBSD: PKCS12_create.3,v 1.4 2016/11/28 22:41:38 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2015 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:




.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 28 2016 $
.Dt PKCS12_CREATE 3





.Os




.Sh NAME
.Nm PKCS12_create
.Nd create a PKCS#12 structure
.Sh SYNOPSIS

.In openssl/pkcs12.h
.Ft PKCS12 *
.Fo PKCS12_create





.Fa "char *pass"

.Fa "char *name"




.Fa "EVP_PKEY *pkey"
.Fa "X509 *cert"
.Fa "STACK_OF(X509) *ca"
.Fa "int nid_key"
.Fa "int nid_cert"
.Fa "int iter"
.Fa "int mac_iter"
.Fa "int keytype"
.Fc
.Sh DESCRIPTION
.Fn PKCS12_create
creates a PKCS#12 structure.
.Pp
.Fa pass
is the passphrase to use.
.Fa name
is the
.Sy friendlyName
to use for the supplied certificate and key.
.Fa pkey
is the private key to include in the structure and
.Fa cert
its corresponding certificates.
.Fa ca
is an optional set of certificates to also include in the structure.
.Fa pkey ,
.Fa cert ,
or both can be
.Dv NULL
to indicate that no key or certificate is required.
.Pp
.Fa nid_key
and
.Fa nid_cert
are the encryption algorithms that should be used for the key and
certificate, respectively.
If either
.Fa nid_key
or
.Fa nid_cert
is set to -1, no encryption will be used.
.Pp
.Fa iter
is the encryption algorithm iteration count to use and
.Fa mac_iter
is the MAC iteration count to use.
If
.Fa mac_iter
is set to -1, the MAC will be omitted entirely.
.Pp
.Fa keytype
is the type of key.
.Pp

The parameters
.Fa nid_key ,
.Fa nid_cert ,
.Fa iter ,
.Fa mac_iter ,
and
.Fa keytype
can all be set to zero and sensible defaults will be used.
.Pp
These defaults are: 40-bit RC2 encryption for certificates, triple DES
encryption for private keys, a key iteration count of
PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1.
.Pp
The default MAC iteration count is 1 in order to retain compatibility
with old software which did not interpret MAC iteration counts.
If such compatibility is not required then
.Fa mac_iter
should be set to PKCS12_DEFAULT_ITER.
.Pp
.Fa keytype
adds a flag to the store private key.
This is a non-standard extension that is only currently interpreted by
MSIE.
If set to zero the flag is omitted; if set to
.Dv KEY_SIG
the key can be used for signing only; and if set to
.Dv KEY_EX
it can be used for signing and encryption.
This option was useful for old export grade software which could use
signing only keys of arbitrary size but had restrictions on the
permissible sizes of keys which could be used for encryption.
.Pp
If a certificate contains an
.Sy alias
or
.Sy keyid
then this will be used for the corresponding
.Sy friendlyName
or
.Sy localKeyID
in the PKCS12 structure.
.Sh SEE ALSO

.Xr d2i_PKCS12 3
.Sh HISTORY

PKCS12_create was added in OpenSSL 0.9.3.
.Pp
Before OpenSSL 0.9.8, neither
.Fa pkey
nor
.Fa cert
were allowed to be
.Dv NULL ,
and a value of -1 was not allowed for
.Fa nid_key ,
.Fa nid_cert ,
and
.Fa mac_iter .
Added jni/libressl/man/PKCS12_new.3.




















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.\"	$OpenBSD: PKCS12_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PKCS12_NEW 3
.Os
.Sh NAME
.Nm PKCS12_new ,
.Nm PKCS12_free ,
.Nm PKCS12_MAC_DATA_new ,
.Nm PKCS12_MAC_DATA_free
.Nd PKCS#12 personal information exchange (PFX)
.Sh SYNOPSIS
.In openssl/pkcs12.h
.Ft PKCS12 *
.Fn PKCS12_new void
.Ft void
.Fn PKCS12_free "PKCS12 *pfx"
.Ft PKCS12_MAC_DATA *
.Fn PKCS12_MAC_DATA_new void
.Ft void
.Fn PKCS12_MAC_DATA_free "PKCS12_MAC_DATA *mac_data"
.Sh DESCRIPTION
.Fn PKCS12_new
allocates and initializes an empty
.Vt PKCS12
object, representing an ASN.1
.Vt PFX
.Pq personal information exchange
structure defined in RFC 7292 section 4.
It can hold a pointer to a
.Vt PKCS7
object described in
.Xr PKCS7_new 3
and optionally an instance of
.Vt PKCS12_MAC_DATA
described below.
.Fn PKCS12_free
frees
.Fa pfx .
.Pp
.Fn PKCS12_MAC_DATA_new
allocates and initializes an empty
.Vt PKCS12_MAC_DATA
object, representing an ASN.1
.Vt MacData
structure defined in RFC 7292 section 4.
It is used inside
.Vt PKCS12
and can hold a pointer to an
.Vt X509_SIG
object described in
.Xr X509_SIG_new 3
together with a salt value and an iteration count.
.Fn PKCS12_MAC_DATA_free
frees
.Fa mac_data .
.Sh RETURN VALUES
.Fn PKCS12_new
and
.Fn PKCS12_MAC_DATA_new
return the new
.Vt PKCS12
or
.Vt PKCS12_MAC_DATA
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr d2i_PKCS12 3 ,
.Xr PKCS12_create 3 ,
.Xr PKCS12_newpass 3 ,
.Xr PKCS12_SAFEBAG_new 3 ,
.Xr PKCS7_new 3 ,
.Xr X509_SIG_new 3
.Sh STANDARDS
RFC 7292: PKCS #12: Personal Information Exchange Syntax
Added jni/libressl/man/PKCS12_newpass.3.






















































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
.\"	$OpenBSD: PKCS12_newpass.3,v 1.1 2016/11/28 23:02:16 schwarze Exp $
.\"	OpenSSL c95a8b4e May 5 14:26:26 2016 +0100
.\"
.\" This file was written by Jeffrey Walton <noloader@gmail.com>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 28 2016 $
.Dt PKCS12_NEWPASS 3
.Os
.Sh NAME
.Nm PKCS12_newpass
.Nd change the password of a PKCS#12 structure
.Sh SYNOPSIS
.In openssl/pkcs12.h
.Ft int
.Fo PKCS12_newpass
.Fa "PKCS12 *p12"
.Fa "const char *oldpass"
.Fa "const char *newpass"
.Fc
.Sh DESCRIPTION
.Fn PKCS12_newpass
changes the password of a PKCS#12 structure.
.Pp
.Fa p12
is a pointer to a PKCS#12 structure.
.Fa oldpass
is the existing password and
.Fa newpass
is the new password.
.Pp
If the PKCS#12 structure does not have a password, use the empty
string
.Qq \&
for
.Fa oldpass .
Passing
.Dv NULL
for
.Fa oldpass
results in a
.Fn PKCS12_newpass
failure.
.Pp
If the wrong password is used for
.Fa oldpass ,
the function will fail with a MAC verification error.
In rare cases, the PKCS#12 structure does not contain a MAC:
in this case it will usually fail with a decryption padding error.
.Sh RETURN VALUES
.Fn PKCS12_newpass
returns 1 on success or 0 on failure.
.Pp
Applications can retrieve the most recent error from
.Fn PKCS12_newpass
with
.Xr ERR_get_error 3 .
.Sh EXAMPLES
This example loads a PKCS#12 file, changes its password,
and writes out the result to a new file.
.Bd -literal
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>

int main(int argc, char **argv)
{
	FILE *fp;
	PKCS12 *p12;
	if (argc != 5) {
		fprintf(stderr,
		    "Usage: pkread p12file password newpass opfile\en");
		return 1;
	}
	if ((fp = fopen(argv[1], "rb")) == NULL) {
		fprintf(stderr, "Error opening file %s\en", argv[1]);
		return 1;
	}
	p12 = d2i_PKCS12_fp(fp, NULL);
	fclose(fp);
	if (p12 == NULL) {
		fprintf(stderr, "Error reading PKCS#12 file\en");
		ERR_print_errors_fp(stderr);
		return 1;
	}
	if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
		fprintf(stderr, "Error changing password\en");
		ERR_print_errors_fp(stderr);
		PKCS12_free(p12);
		return 1;
	}
	if ((fp = fopen(argv[4], "wb")) == NULL) {
		fprintf(stderr, "Error opening file %s\en", argv[4]);
		PKCS12_free(p12);
		return 1;
	}
	i2d_PKCS12_fp(fp, p12);
	PKCS12_free(p12);
	fclose(fp);
	return 0;
}
.Ed
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr PKCS12_create 3
.Sh BUGS
The password format is a NUL terminated ASCII string which is
converted to Unicode form internally.
As a result, some passwords cannot be supplied to this function.
Changes to jni/libressl/man/PKCS12_parse.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30



31

32
33
34
35
36
37
38
39
40
41
42
43
44











45
46
47
48


49
50
51
52
53
54
55






56



57
58
59
60
61
62
63
64
65
66
67
68

69



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86
87
88
89
90




91
92
93


94
95
96
97
98
99
100
101
102



103

104
105
106

107
108
109



110

111
112

113
114
115




116
117
118
119
120
121
122
123
124
125

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch



.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"











.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX






..



.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}

.\}



.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS12_parse 3"
.TH PKCS12_parse 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS12_parse \- parse a PKCS#12 structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs12.h>
.Ve

.PP
int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, \s-1STACK_OF\s0(X509) **ca);
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure.




.PP
\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use.
If successful the private key will be written to \fB*pkey\fR, the corresponding


certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR.
.SH "NOTES"
.IX Header "NOTES"
The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in
which case additional certificates will be discarded. \fB*ca\fR can also be a
valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If
\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated.
.PP
The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each



certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the

\&\fBX509\fR structure.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred.
.PP
The error can be obtained from \fIERR_get_error\fR\|(3)



.SH "BUGS"

.IX Header "BUGS"
Only a single private key and corresponding certificate is returned by this

function. More complex PKCS#12 files with multiple private keys will only
return the first match.
.PP




Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in
certificates. Other attributes are discarded.
.PP
Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fId2i_PKCS12\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
PKCS12_parse was added in OpenSSL 0.9.3

|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
>
>
>
|
>
<
<
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
>
>
>
|
<
<

>
>
|
|
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
|
<
<
<
<
<
|
|
|
|
|
|
>
|
>
>
>
|
<
|
|
<
<
<
|
|
|
|
|
|
|
<
|
>
|
|
|
|
|
>
>
>
>
|
<
<
>
>
|
|
<
<
<
<
<
<
|
>
>
>
|
>
|
|
<
>
|
|
|
>
>
>
|
>
|
|
>
|
|
|
>
>
>
>
|
|
|
|
<
<
|
<
<
<
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35









36


37
38
39
40
41
42
43
44
45
46
47
48
49


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70





71
72
73
74
75
76
77
78
79
80
81
82

83
84



85
86
87
88
89
90
91

92
93
94
95
96
97
98
99
100
101
102
103


104
105
106
107






108
109
110
111
112
113
114
115

116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138


139



140
.\"	$OpenBSD: PKCS12_parse.3,v 1.4 2016/11/28 22:41:38 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2009 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project









.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: November 28 2016 $
.Dt PKCS12_PARSE 3
.Os
.Sh NAME
.Nm PKCS12_parse
.Nd parse a PKCS#12 structure
.Sh SYNOPSIS
.In openssl/pkcs12.h
.Ft int
.Fo PKCS12_parse
.Fa "PKCS12 *p12"
.Fa "const char *pass"
.Fa "EVP_PKEY **pkey"
.Fa "X509 **cert"
.Fa "STACK_OF(X509) **ca"
.Fc
.Sh DESCRIPTION
.Fn PKCS12_parse
parses a PKCS12 structure.
.Pp





.Fa p12
is the
.Vt PKCS12
structure to parse.
.Fa pass
is the passphrase to use.
If successful, the private key will be written to
.Pf * Fa pkey ,
the corresponding certificate to
.Pf * Fa cert ,
and any additional certificates to
.Pf * Fa ca .

.Pp
The parameters



.Fa pkey
and
.Fa cert
cannot be
.Dv NULL .
.Fa ca
can be

.Dv NULL ,
in which case additional certificates will be discarded.
.Pf * Fa ca
can also be a valid STACK, in which case additional certificates are
appended to
.Pf * Fa ca .
If
.Pf * Fa ca
is
.Dv NULL ,
a new STACK will be allocated.
.Pp


The
.Sy friendlyName
and
.Sy localKeyID






attributes (if present) of each certificate will be stored in the
.Fa alias
and
.Fa keyid
attributes of the
.Vt X509
structure.
.Sh RETURN VALUES

.Fn PKCS12_parse
returns 1 for success and 0 if an error occurred.
.Pp
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_PKCS12 3
.Sh HISTORY
PKCS12_parse was added in OpenSSL 0.9.3.
.Sh BUGS
Only a single private key and corresponding certificate is returned by
this function.
More complex PKCS#12 files with multiple private keys will only return
the first match.
.Pp
Only
.Sy friendlyName
and
.Sy localKeyID
attributes are currently stored in certificates.
Other attributes are discarded.
.Pp
Attributes currently cannot be stored in the private key


.Vt EVP_PKEY



structure.
Changes to jni/libressl/man/PKCS5_PBKDF2_HMAC.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41


42
43
44
45
46

47


48
49
50
51










52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86


87


88

89
90
91
92


93



94

95
96

97
98
99

100


101



102



103

104







105
106

107
108

109
110


111
112

113
114


115


116
117



118

119
120
121
122



123
124


125
126
127
128
129



130
131
132
133
134

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the










.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS5_PBKDF2_HMAC 3"
.TH PKCS5_PBKDF2_HMAC 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&

\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,


\&                       const unsigned char *salt, int saltlen, int iter,


\&                       const EVP_MD *digest,

\&                       int keylen, unsigned char *out);
.Ve
.PP
int \s-1PKCS5_PBKDF2_HMAC_SHA1\s0(const char *pass, int passlen,


			   const unsigned char *salt, int saltlen, int iter,



			   int keylen, unsigned char *out);

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count
as specified in \s-1RFC 2898.\s0
.PP

\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR


is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the



function will calculate the length of \fBpass\fR using \fIstrlen()\fR.



.PP

\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the







\&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not
attempt to calculate the length of the \fBsalt\fR because it is not assumed to

be \s-1NULL\s0 terminated.
.PP

\&\fBiter\fR is the iteration count and its value should be greater than or 
equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any


\&\fBiter\fR less than 1 is treated as a single iteration.
.PP

\&\fBdigest\fR is the message digest function used in the derivation. Values include
any of the EVP_* message digests. \s-1\fIPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls


\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR with \fIEVP_sha1()\fR.


.PP
The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer



is specified via \fBkeylen\fR.

.SH "NOTES"
.IX Header "NOTES"
A typical application of this function is to derive keying material for an
encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR,



and an iteration count.
.PP


Increasing the \fBiter\fR parameter slows down the algorithm which makes it
harder for an attacker to perform a brute force attack using a large number
of candidate passwords.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"



\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fIPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIrand\fR\|(3),
\&\fIEVP_BytesToKey\fR\|(3)

|
>

<
|
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
|
|
>
>
|
<

<
<
>
|
>
>

<
<
|
>
>
>
>
>
>
>
>
>
>
|

<
<
<
|
<
<
<
<
<
<
<
|
<
<
<
<
|
<
|
|
|
<
<
<
<
<
|
|
<
<
|
<
>
|
>
>
|
>
>
|
>
|
|
|
|
>
>
|
>
>
>
|
>
|
<
>
|
|
|
>
|
>
>
|
>
>
>
|
>
>
>
|
>
|
>
>
>
>
>
>
>
|
|
>
|
|
>
|
|
>
>
|
|
>
|
|
>
>
|
>
>
|
|
>
>
>
|
>
|
<
|
|
>
>
>

|
>
>
|
|
|
|
<
>
>
>
|
|
<
|
|
>
1
2
3

4
5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26
27
28
29
30
31

32


33
34
35
36
37


38
39
40
41
42
43
44
45
46
47
48
49
50



51







52




53

54
55
56





57
58


59

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

136
137
138
139
140
141
142
143
144
145
146
147
148

149
150
151
152
153

154
155
156
.\"	$OpenBSD: PKCS5_PBKDF2_HMAC.3,v 1.4 2016/11/28 23:27:55 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Jeffrey Walton <noloader@gmail.com>.
.\" Copyright (c) 2014, 2015 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"


.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: November 28 2016 $







.Dt PKCS5_PBKDF2_HMAC 3




.Os

.Sh NAME
.Nm PKCS5_PBKDF2_HMAC ,
.Nm PKCS5_PBKDF2_HMAC_SHA1





.Nd password based derivation routines with salt and iteration count
.Sh SYNOPSIS


.In openssl/evp.h

.Ft int
.Fo PKCS5_PBKDF2_HMAC
.Fa "const char *pass"
.Fa "int passlen"
.Fa "const unsigned char *salt"
.Fa "int saltlen"
.Fa "int iter"
.Fa "const EVP_MD *digest"
.Fa "int keylen"
.Fa "unsigned char *out"
.Fc
.Ft int
.Fo PKCS5_PBKDF2_HMAC_SHA1
.Fa "const char *pass"
.Fa "int passlen"
.Fa "const unsigned char *salt"
.Fa "int saltlen"
.Fa "int iter"
.Fa "int keylen"
.Fa "unsigned char *out"
.Fc
.Sh DESCRIPTION

.Fn PKCS5_PBKDF2_HMAC
derives a key from a password using a salt and iteration count as
specified in RFC 2898.
.Pp
.Fa pass
is the password used in the derivation of length
.Fa passlen .
.Fa pass
is an optional parameter and can be
.Dv NULL .
If
.Fa passlen
is -1, then the function will calculate the length of
.Fa pass
using
.Xr strlen 3 .
.Pp
.Fa salt
is the salt used in the derivation of length
.Fa saltlen .
If the
.Fa salt
is
.Dv NULL ,
then
.Fa saltlen
must be 0.
The function will not attempt to calculate the length of the
.Fa salt
because it is not assumed to be NUL terminated.
.Pp
.Fa iter
is the iteration count and its value should be greater than or equal to 1.
RFC 2898 suggests an iteration count of at least 1000.
Any
.Fa iter
less than 1 is treated as a single iteration.
.Pp
.Fa digest
is the message digest function used in the derivation.
Values include any of the EVP_* message digests.
.Fn PKCS5_PBKDF2_HMAC_SHA1
calls
.Fn PKCS5_PBKDF2_HMAC
with
.Xr EVP_sha1 3 .
.Pp
The derived key will be written to
.Fa out .
The size of the
.Fa out
buffer is specified via
.Fa keylen .
.Pp

A typical application of this function is to derive keying material for
an encryption algorithm from a password in the
.Fa pass ,
a salt in
.Fa salt ,
and an iteration count.
.Pp
Increasing the
.Fa iter
parameter slows down the algorithm which makes it harder for an attacker
to perform a brute force attack using a large number of candidate
passwords.
.Sh RETURN VALUES

.Fn PKCS5_PBKDF2_HMAC
and
.Fn PBKCS5_PBKDF2_HMAC_SHA1
return 1 on success or 0 on error.
.Sh SEE ALSO

.Xr evp 3 ,
.Xr EVP_BytesToKey 3 ,
.Xr RAND_bytes 3
Changes to jni/libressl/man/PKCS7_decrypt.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43
44








45
46
47

48
49
50
51
52
53
54

55

56
57
58
59
60
61


62


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91





92

93













94
95
96
97
98
99
100
101
102
103
104
105
106

107
108
109
110

111








112
113
114
115
116
117
118
119
120
121
122
123
124

125
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"








.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '

.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX

..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX


.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS7_decrypt 3"
.TH PKCS7_decrypt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&
\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData

structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the





recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and

\&\fBflags\fR is an optional set of flags.













.SH "NOTES"
.IX Header "NOTES"
\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
function or errors about unknown algorithms will occur.
.PP
Although the recipients certificate is not needed to decrypt the data it is
needed to locate the appropriate (of possible several) recipients in the PKCS#7
structure.
.PP
The following flags can be passed in the \fBflags\fR parameter.
.PP
If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
from the content. If the content is not of type \fBtext/plain\fR then an error is

returned.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure.

The error can be obtained from \fIERR_get_error\fR\|(3)








.SH "BUGS"
.IX Header "BUGS"
\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It
would be better if it could look up the correct key and certificate from a
database.
.PP
The lack of single pass processing and need to hold all data in memory as
mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
|
>
|
|
|
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
|
|
|
>

<
|
|
<
|
<
>
|
>
|
|
<
<
|
|
>
>
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
>
|
>
>
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
<
<
<
<
<
|
|
>
|
|
|
|
>
|
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
<
<
|
<
<
>
|
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35






36


37
38
39
40
41
42
43
44
45
46
47
48
49
50

51
52

53

54
55
56
57
58


59
60
61
62
63
64
65
66
























67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93










94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118


119


120
121
.\"	$OpenBSD: PKCS7_decrypt.3,v 1.6 2016/12/13 15:00:22 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project






.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 13 2016 $
.Dt PKCS7_DECRYPT 3

.Os

.Sh NAME
.Nm PKCS7_decrypt
.Nd decrypt content from a PKCS#7 envelopedData structure
.Sh SYNOPSIS
.In openssl/pkcs7.h


.Ft int
.Fo PKCS7_decrypt
.Fa "PKCS7 *p7"
.Fa "EVP_PKEY *pkey"
.Fa "X509 *cert"
.Fa "BIO *data"
.Fa "int flags"
.Fc
























.Sh DESCRIPTION
.Fn PKCS7_decrypt
extracts and decrypts the content from a PKCS#7 envelopedData structure.
.Fa pkey
is the private key of the recipient,
.Fa cert
is the recipient's certificate,
.Fa data
is a
.Vt BIO
to write the content to and
.Fa flags
is an optional set of flags.
.Pp
.Xr OpenSSL_add_all_algorithms 3
(or equivalent) should be called before using this function or errors
about unknown algorithms will occur.
.Pp
Although the recipient's certificate is not needed to decrypt the data,
it is needed to locate the appropriate recipients
in the PKCS#7 structure.
.Pp
If the
.Dv PKCS7_TEXT
.Fa flag
is set, MIME headers for type
.Sy text/plain










are deleted from the content.
If the content is not of type
.Sy text/plain ,
an error is returned.
.Sh RETURN VALUES
.Fn PKCS7_decrypt
returns 1 for success or 0 for failure.
.Pp
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr PKCS7_encrypt 3 ,
.Xr PKCS7_new 3
.Sh HISTORY
.Fn PKCS7_decrypt
was added to OpenSSL 0.9.5.
.Sh BUGS
.Fn PKCS7_decrypt
must be passed the correct recipient key and certificate.
It would be better if it could look up the correct key and certificate
from a database.
.Pp
The lack of single pass processing and need to hold all data in memory
as mentioned in


.Xr PKCS7_sign 3


also applies to
.Fn PKCS7_decrypt .
Changes to jni/libressl/man/PKCS7_encrypt.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49



50
51






52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73




74
75
76
77
78
79
80
81
82
83
84
85
86

87
88
89

90

91



92
93

94
95
96
97
98
99

100
101
102
103
104



105
106
107


108


109

110
111
112
113



114
115




116







117

118
119
120
121
122

123
124

125
126
127



128

129



130
131

132



133
134

135
136
137

138
139
140


141
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for



.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the






.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS7_encrypt 3"




.TH PKCS7_encrypt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS7_encrypt \- create a PKCS#7 envelopedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&
\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR

is a list of recipient certificates. \fBin\fR is the content to be encrypted.



\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
.SH "NOTES"

.IX Header "NOTES"
Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient
certificates supplied to this function must all contain \s-1RSA\s0 public keys, though
they do not have to be signed using the \s-1RSA\s0 algorithm.
.PP
The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of

its parameters.
.PP
Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
envelopedData containing an S/MIME signed message. This can be readily produced
by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to



\&\fIPKCS7_encrypt()\fR.
.PP
The following flags can be passed in the \fBflags\fR parameter.


.PP


If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are

prepended to the data.
.PP
Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation



occurs. This option should be used if the supplied data is in binary format
otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then




\&\fB\s-1PKCS7_TEXT\s0\fR is ignored.







.PP

If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output
suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
.SH "NOTES"
.IX Header "NOTES"
If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR

complete and outputting its contents via a function that does not
properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable

results.
.PP
Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,



\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization

can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using



\&\fIBIO_new_PKCS7()\fR.
.SH "RETURN VALUES"

.IX Header "RETURN VALUES"



\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
The error can be obtained from \fIERR_get_error\fR\|(3).

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"
\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5


The \fB\s-1PKCS7_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
<
<
<
<
<
|
|
|
|
<
<
|
>
|
|
|
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
>
>
>
|
|
>
>
>
>
>
>
|

<
<
<
<
<
<
|
|
<
|
<
<
<
<
<
|
<
<
<
|
>
>
>
>
|
<
<
<
<
<
<
|
|
<
<
<
|
>
|
|
<
>
|
>
|
>
>
>
|
|
>
|
|
|
|
|
|
>
|
|
|
|
|
>
>
>
|
|
|
>
>
|
>
>
|
>
|
|
|
|
>
>
>
|
|
>
>
>
>
|
>
>
>
>
>
>
>
|
>
|
<
|
|
|
>

|
>
|
|
|
>
>
>
|
>
|
>
>
>
|
|
>
|
>
>
>
|
|
>
|
|
|
>
|
|
|
>
>
|
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19







20
21
22
23


24
25
26
27
28
29


30
31


32


33


34
35
36
37
38

39
40
41
42
43
44
45
46
47
48
49
50
51






52
53

54





55



56
57
58
59
60
61






62
63



64
65
66
67

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
.\"	$OpenBSD: PKCS7_encrypt.3,v 1.6 2017/01/12 16:13:51 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006, 2007, 2008, 2009 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"







.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"






.Dd $Mdocdate: January 12 2017 $
.Dt PKCS7_ENCRYPT 3

.Os





.Sh NAME



.Nm PKCS7_encrypt
.Nd create a PKCS#7 envelopedData structure
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft PKCS7 *
.Fo PKCS7_encrypt






.Fa "STACK_OF(X509) *certs"
.Fa "BIO *in"



.Fa "const EVP_CIPHER *cipher"
.Fa "int flags"
.Fc
.Sh DESCRIPTION

.Fn PKCS7_encrypt
creates and returns a PKCS#7 envelopedData structure.
.Fa certs
is a list of recipient certificates.
.Fa in
is the content to be encrypted.
.Fa cipher
is the symmetric cipher to use.
.Fa flags
is an optional set of flags.
.Pp
Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
certificates supplied to this function must all contain RSA public keys,
though they do not have to be signed using the RSA algorithm.
.Pp
The algorithm passed in the
.Fa cipher
parameter must support ASN.1 encoding of its parameters.
.Pp
Many browsers implement a "sign and encrypt" option which is simply an
S/MIME envelopedData containing an S/MIME signed message.
This can be readily produced by storing the S/MIME signed message in a
memory
.Vt BIO
and passing it to
.Fn PKCS7_encrypt .
.Pp
The following flags can be passed in the
.Fa flags
parameter.
.Pp
If the
.Dv PKCS7_TEXT
flag is set, MIME headers for type
.Sy text/plain
are prepended to the data.
.Pp
Normally the supplied content is translated into MIME canonical format
(as required by the S/MIME specifications).
If
.Dv PKCS7_BINARY
is set, no translation occurs.
This option should be used if the supplied data is in binary format;
otherwise, the translation will corrupt it.
If
.Dv PKCS7_BINARY
is set, then
.Dv PKCS7_TEXT
is ignored.
.Pp
If the
.Dv PKCS7_STREAM
flag is set, a partial
.Vt PKCS7
structure is output suitable for streaming I/O: no data is read from
.Fa in .
.Pp
If the flag
.Dv PKCS7_STREAM

is set, the returned
.Vt PKCS7
structure is
.Sy not
complete and outputting its contents via a function that does not
properly finalize the
.Vt PKCS7
structure will give unpredictable results.
.Pp
Several functions, including
.Xr SMIME_write_PKCS7 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
and
.Xr PEM_write_bio_PKCS7_stream 3 ,
finalize the structure.
Alternatively finalization can be performed by obtaining the streaming
ASN.1
.Vt BIO
directly using
.Fn BIO_new_PKCS7 .
.Sh RETURN VALUES
.Fn PKCS7_encrypt
returns either a
.Vt PKCS7
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr PKCS7_decrypt 3 ,
.Xr PKCS7_new 3
.Sh HISTORY
.Xr PKCS7_decrypt 3
was added to OpenSSL 0.9.5.
The
.Dv PKCS7_STREAM
flag was first supported in OpenSSL 1.0.0.
Added jni/libressl/man/PKCS7_new.3.






























































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
.\"	$OpenBSD: PKCS7_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PKCS7_NEW 3
.Os
.Sh NAME
.Nm PKCS7_new ,
.Nm PKCS7_free ,
.Nm PKCS7_SIGNED_new ,
.Nm PKCS7_SIGNED_free ,
.Nm PKCS7_ENVELOPE_new ,
.Nm PKCS7_ENVELOPE_free ,
.Nm PKCS7_SIGN_ENVELOPE_new ,
.Nm PKCS7_SIGN_ENVELOPE_free ,
.Nm PKCS7_DIGEST_new ,
.Nm PKCS7_DIGEST_free ,
.Nm PKCS7_ENCRYPT_new ,
.Nm PKCS7_ENCRYPT_free ,
.Nm PKCS7_ENC_CONTENT_new ,
.Nm PKCS7_ENC_CONTENT_free ,
.Nm PKCS7_SIGNER_INFO_new ,
.Nm PKCS7_SIGNER_INFO_free ,
.Nm PKCS7_RECIP_INFO_new ,
.Nm PKCS7_RECIP_INFO_free ,
.Nm PKCS7_ISSUER_AND_SERIAL_new ,
.Nm PKCS7_ISSUER_AND_SERIAL_free
.Nd PKCS#7 data structures
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft PKCS7 *
.Fn PKCS7_new void
.Ft void
.Fn PKCS7_free "PKCS7 *p7"
.Ft PKCS7_SIGNED *
.Fn PKCS7_SIGNED_new void
.Ft void
.Fn PKCS7_SIGNED_free "PKCS7_SIGNED *signed"
.Ft PKCS7_ENVELOPE *
.Fn PKCS7_ENVELOPE_new void
.Ft void
.Fn PKCS7_ENVELOPE_free "PKCS7_ENVELOPE *envelope"
.Ft PKCS7_SIGN_ENVELOPE *
.Fn PKCS7_SIGN_ENVELOPE_new void
.Ft void
.Fn PKCS7_SIGN_ENVELOPE_free "PKCS7_SIGN_ENVELOPE *signed_envelope"
.Ft PKCS7_DIGEST *
.Fn PKCS7_DIGEST_new void
.Ft void
.Fn PKCS7_DIGEST_free "PKCS7_DIGEST *digested"
.Ft PKCS7_ENCRYPT *
.Fn PKCS7_ENCRYPT_new void
.Ft void
.Fn PKCS7_ENCRYPT_free "PKCS7_ENCRYPT *encrypted"
.Ft PKCS7_ENC_CONTENT *
.Fn PKCS7_ENC_CONTENT_new void
.Ft void
.Fn PKCS7_ENC_CONTENT_free "PKCS7_ENC_CONTENT *content"
.Ft PKCS7_SIGNER_INFO *
.Fn PKCS7_SIGNER_INFO_new void
.Ft void
.Fn PKCS7_SIGNER_INFO_free "PKCS7_SIGNER_INFO *signer"
.Ft PKCS7_RECIP_INFO *
.Fn PKCS7_RECIP_INFO_new void
.Ft void
.Fn PKCS7_RECIP_INFO_free "PKCS7_RECIP_INFO *recip"
.Ft PKCS7_ISSUER_AND_SERIAL *
.Fn PKCS7_ISSUER_AND_SERIAL_new void
.Ft void
.Fn PKCS7_ISSUER_AND_SERIAL_free "PKCS7_ISSUER_AND_SERIAL *cert"
.Sh DESCRIPTION
PKCS#7 is an ASN.1-based format for transmitting data that has
cryptography applied to it, in particular signed and encrypted data.
.Pp
.Fn PKCS7_new
allocates and initializes an empty
.Vt PKCS7
object, representing an ASN.1
.Vt ContentInfo
structure defined in RFC 2315 section 7.
It is the top-level data structure able to hold any kind of content
that can be transmitted using PKCS#7.
It can be used recursively in
.Vt PKCS7_SIGNED
and
.Vt PKCS7_DIGEST
objects.
.Fn PKCS7_free
frees
.Fa p7 .
.Pp
.Fn PKCS7_SIGNED_new
allocates and initializes an empty
.Vt PKCS7_SIGNED
object, representing an ASN.1
.Vt SignedData
structure defined in RFC 2315 section 9.
It can be used inside
.Vt PKCS7
objects and holds any kind of content together with signatures by
zero or more signers and information about the signing algorithm
and certificates used.
.Fn PKCS7_SIGNED_free
frees
.Fa signed .
.Pp
.Fn PKCS7_ENVELOPE_new
allocates and initializes an empty
.Vt PKCS7_ENVELOPE
object, representing an ASN.1
.Vt EnvelopedData
structure defined in RFC 2315 section 10.
It can be used inside
.Vt PKCS7
objects and holds any kind of encrypted content together with
content-encryption keys for one or more recipients.
.Fn PKCS7_ENVELOPE_free
frees
.Fa envelope .
.Pp
.Fn PKCS7_SIGN_ENVELOPE_new
allocates and initializes an empty
.Vt PKCS7_SIGN_ENVELOPE
object, representing an ASN.1
.Vt SignedAndEnvelopedData
structure defined in RFC 2315 section 11.
It can be used inside
.Vt PKCS7
objects and holds any kind of encrypted content together with
signatures by one or more signers, information about the signing
algorithm and certificates used, and content-encryption keys for
one or more recipients.
.Fn PKCS7_SIGN_ENVELOPE_free
frees
.Fa signed_envelope .
.Pp
.Fn PKCS7_DIGEST_new
allocates and initializes an empty
.Vt PKCS7_DIGEST
object, representing an ASN.1
.Vt DigestedData
structure defined in RFC 2315 section 12.
It can be used inside
.Vt PKCS7
objects and holds any kind of content together with a message digest
for checking its integrity and information about the algorithm used.
.Fn PKCS7_DIGEST_free
frees
.Fa digested .
.Pp
.Fn PKCS7_ENCRYPT_new
allocates and initializes an empty
.Vt PKCS7_ENCRYPT
object, representing an ASN.1
.Vt EncryptedData
structure defined in RFC 2315 section 13.
It can be used inside
.Vt PKCS7
objects and holds any kind of encrypted content.
Keys are not included and need to be communicated separately.
.Fn PKCS7_ENCRYPT_free
frees
.Fa encrypted .
.Pp
.Fn PKCS7_ENC_CONTENT_new
allocates and initializes an empty
.Vt PKCS7_ENC_CONTENT
object, representing an ASN.1
.Vt EncryptedContentInfo
structure defined in RFC 2315 section 10.1.
It can be used inside
.Vt PKCS7_ENVELOPE ,
.Vt PKCS7_SIGN_ENVELOPE ,
and
.Vt PKCS7_ENCRYPT
objects and holds encrypted content together with information about
the encryption algorithm used.
.Fn PKCS7_ENC_CONTENT_free
frees
.Fa content .
.Pp
.Fn PKCS7_SIGNER_INFO_new
allocates and initializes an empty
.Vt PKCS7_SIGNER_INFO
object, representing an ASN.1
.Vt SignerInfo
structure defined in RFC 2315 section 9.2.
It can be used inside
.Vt PKCS7_SIGNED
and
.Vt PKCS7_SIGN_ENVELOPE
objects and holds a signature together with information about the
signer and the algorithms used.
.Fn PKCS7_SIGNER_INFO_free
frees
.Fa signer .
.Pp
.Fn PKCS7_RECIP_INFO_new
allocates and initializes an empty
.Vt PKCS7_RECIP_INFO
object, representing an ASN.1
.Vt RecipientInfo
structure defined in RFC 2315 section 10.2.
It can be used inside
.Vt PKCS7_ENVELOPE
and
.Vt PKCS7_SIGN_ENVELOPE
objects and holds a content-encryption key together with information
about the intended recipient and the key encryption algorithm used.
.Fn PKCS7_RECIP_INFO_free
frees
.Fa recip .
.Pp
.Fn PKCS7_ISSUER_AND_SERIAL_new
allocates and initializes an empty
.Vt PKCS7_ISSUER_AND_SERIAL
object, representing an ASN.1
.Vt IssuerAndSerialNumber
structure defined in RFC 2315 section 6.7.
It can be used inside
.Vt PKCS7_SIGNER_INFO
and
.Vt PKCS7_RECIP_INFO
objects and identifies a certificate by holding the distinguished
name of the certificate issuer and an issuer-specific certificate
serial number.
.Fn PKCS7_ISSUER_AND_SERIAL_free
frees
.Fa cert .
.Sh SEE ALSO
.Xr i2d_PKCS7_bio_stream 3 ,
.Xr PEM_read_PKCS7 3 ,
.Xr PEM_write_bio_PKCS7_stream 3 ,
.Xr PKCS7_decrypt 3 ,
.Xr PKCS7_encrypt 3 ,
.Xr PKCS7_sign 3 ,
.Xr PKCS7_sign_add_signer 3 ,
.Xr PKCS7_verify 3 ,
.Xr SMIME_read_PKCS7 3 ,
.Xr SMIME_write_PKCS7 3
.Sh STANDARDS
RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5
Changes to jni/libressl/man/PKCS7_sign.3.
1

2


3
4
5
6
7
8

9
10
11
12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41


42
43
44
45
46

47


48
49
50
51










52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85




86


87
88
89

90



91

92
93
94
95


96

97
98





99
100










101
102
103
104
105
106
107
108
109
110
111
112
113



114
115
116
117
118
119



120
121
122
123
124
125


126


127
128
129
130

131
132
133



134


135


136
137




138
139
140
141
142
143





144


145
146
147



148

149



150
151
152
153



154
155









156
157

158

159
160
161





162
163
164
165
166

167
168

169


170

171




172

173
174

175
176
177

178
179

180

181
182


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`


.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the










.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS7_sign 3"
.TH PKCS7_sign 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS7_sign \- create a PKCS#7 signedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&




\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is



the certificate to sign with, \fBpkey\fR is the corresponding private key.

\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7
structure (for example any intermediate CAs in the chain).
.PP
The data to be signed is read from \s-1BIO \s0\fBdata\fR.


.PP

\&\fBflags\fR is an optional set of flags.
.SH "NOTES"





.IX Header "NOTES"
Any of the following flags (ored together) can be passed in the \fBflags\fR










parameter.
.PP
Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If
the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
to the data.
.PP
If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the
\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the
signers certificate can be obtained by other means: for example a previously
signed message.
.PP
The data being signed is included in the \s-1PKCS7\s0 structure, unless



\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0
detached signatures which are used in S/MIME plaintext signed messages for
example.
.PP
Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation



occurs. This option should be used if the supplied data is in binary format
otherwise the translation will corrupt it.
.PP
The signedData structure includes several PKCS#7 authenticatedAttributes
including the signing time, the PKCS#7 content type and the supported list of
ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no


authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just


the SMIMECapabilities are omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of

these algorithms is disabled then it will not be included.
.PP
If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is



just initialized ready to perform the signing operation. The signing is however


\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR


parameter. Signing is deferred until after the data has been written. In this
way data can be signed in a single pass.




.PP
If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to
which additional signers and capabilities can be added before finalization.
.SH "NOTES"
.IX Header "NOTES"
If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR





complete and outputting its contents via a function that does not properly


finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results.
.PP
Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,



\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization

can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using



\&\fIBIO_new_PKCS7()\fR.
.PP
If a signer is specified it will use the default digest for the signing
algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.



.PP
In OpenSSL 1.0.0 the \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be









\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added
using the function \fB\f(BIPKCS7_sign_add_signer()\fB\fR. \fB\f(BIPKCS7_final()\fB\fR must also be

called to finalize the structure if streaming is not enabled. Alternative

signing digests can also be specified using this method.
.PP
In OpenSSL 1.0.0 if \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only





PKCS#7 structure is output.
.PP
In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must
\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0
.SH "BUGS"

.IX Header "BUGS"
Some advanced attributes such as counter signatures are not supported.

.SH "RETURN VALUES"


.IX Header "RETURN VALUES"

\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error




occurred.  The error can be obtained from \fIERR_get_error\fR\|(3).

.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5
.PP

The \fB\s-1PKCS7_PARTIAL\s0\fR flag was added in OpenSSL 1.0.0

.PP
The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0


|
>

>
>
|
<
<
<
<
|
>
|
<
<
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
|
|
>
>
|
<

<
<
>
|
>
>

<
<
|
>
>
>
>
>
>
>
>
>
>
|

<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
|
|
<
|
|
<
<
<
<
<
<
|
|
<
<
|
<
>
>
>
>
|
>
>
|
|
<
>
|
>
>
>
|
>
|

|
|
>
>
|
>
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>

<
<
<
<
<
<
<
|
|
<
|
|
>
>
>
|
|
|
|
|
|
>
>
>
|
|
|

|
|
>
>
|
>
>
|
|
|
|
>
|
|
|
>
>
>
|
>
>
|
>
>
|
|
>
>
>
>
|
|
|
|
<
|
>
>
>
>
>
|
>
>
|
|
|
>
>
>
|
>
|
>
>
>
|
|
|
|
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
>
|
>
|
|
|
>
>
>
>
>
|
|
|
<
<
>
|
|
>
|
>
>
|
>
|
>
>
>
>
|
>
|
|
>
|
|
<
>
|
|
>
|
>
|
|
>
>
1
2
3
4
5
6




7
8
9


10
11



12
13
14





15
16
17




18


19
20
21
22
23
24


25
26
27
28
29
30
31
32

33


34
35
36
37
38


39
40
41
42
43
44
45
46
47
48
49
50
51










52




53
54

55
56






57
58


59

60
61
62
63
64
65
66
67
68

69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103







104
105

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212


213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233

234
235
236
237
238
239
240
241
242
243
.\"	$OpenBSD: PKCS7_sign.3,v 1.7 2017/01/12 16:13:51 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2003, 2006-2009, 2015 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"


.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"










.Dd $Mdocdate: January 12 2017 $




.Dt PKCS7_SIGN 3
.Os

.Sh NAME
.Nm PKCS7_sign






.Nd create a PKCS#7 signedData structure
.Sh SYNOPSIS


.In openssl/pkcs7.h

.Ft PKCS7 *
.Fo PKCS7_sign
.Fa "X509 *signcert"
.Fa "EVP_PKEY *pkey"
.Fa "STACK_OF(X509) *certs"
.Fa "BIO *data"
.Fa "int flags"
.Fc
.Sh DESCRIPTION

.Fn PKCS7_sign
creates and returns a PKCS#7 signedData structure.
.Fa signcert
is the certificate to sign with,
.Fa pkey
is the corresponding private key.
.Fa certs
is an optional additional set of certificates to include in the PKCS#7
structure (for example any intermediate CAs in the chain).
.Pp
The data to be signed is read from
.Vt BIO
.Fa data .
.Pp
.Fa flags
is an optional set of flags.
.Pp
Any of the following flags (OR'ed together) can be passed in the
.Fa flags
parameter.
.Pp
Many S/MIME clients expect the signed content to include valid MIME
headers.
If the
.Dv PKCS7_TEXT
flag is set, MIME headers for type
.Sy text/plain
are prepended to the data.
.Pp
If
.Dv PKCS7_NOCERTS
is set, the signer's certificate will not be included in the PKCS7
structure, though the signer's certificate must still be supplied in the
.Fa signcert
parameter.







This can reduce the size of the signature if the signer's certificate can
be obtained by other means: for example a previously signed message.

.Pp
The data being signed is included in the
.Vt PKCS7
structure, unless
.Dv PKCS7_DETACHED
is set, in which case it is omitted.
This is used for PKCS7 detached signatures which are used in S/MIME
plaintext signed messages for example.
.Pp
Normally the supplied content is translated into MIME canonical format
(as required by the S/MIME specifications).
If
.Dv PKCS7_BINARY
is set, no translation occurs.
This option should be used if the supplied data is in binary format;
otherwise, the translation will corrupt it.
.Pp
The signedData structure includes several PKCS#7 authenticatedAttributes
including the signing time, the PKCS#7 content type and the supported
list of ciphers in an SMIMECapabilities attribute.
If
.Dv PKCS7_NOATTR
is set, then no authenticatedAttributes will be used.
If
.Dv PKCS7_NOSMIMECAP
is set, then just the SMIMECapabilities are omitted.
.Pp
If present, the SMIMECapabilities attribute indicates support for the
following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES
and 40-bit RC2.
If any of these algorithms is disabled then it will not be included.
.Pp
If the flags
.Dv PKCS7_STREAM
is set, then the returned
.Vt PKCS7
structure is just initialized ready to perform the signing operation.
The signing is however
.Sy not
performed and the data to be signed is not read from the
.Fa data
parameter.
Signing is deferred until after the data has been written.
In this way data can be signed in a single pass.
.Pp
If the
.Dv PKCS7_PARTIAL
flag is set, a partial
.Vt PKCS7
structure is output to which additional signers and capabilities can be
added before finalization.
.Pp

If the flag
.Dv PKCS7_STREAM
is set, the returned
.Vt PKCS7
structure is
.Sy not
complete and outputting its contents via a function that does not
properly finalize the
.Vt PKCS7
structure will give unpredictable results.
.Pp
Several functions, including
.Xr SMIME_write_PKCS7 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
and
.Xr PEM_write_bio_PKCS7_stream 3 ,
finalize the structure.
Alternatively finalization can be performed by obtaining the streaming
ASN.1
.Vt BIO
directly using
.Fn BIO_new_PKCS7 .
.Pp
If a signer is specified, it will use the default digest for the
signing algorithm.
This is
.Sy SHA1
for both RSA and DSA keys.
.Pp
In OpenSSL 1.0.0, the
.Fa certs ,
.Fa signcert ,
and
.Fa pkey
parameters can all be
.Dv NULL
if the
.Dv PKCS7_PARTIAL
flag is set.
One or more signers can be added using the function
.Xr PKCS7_sign_add_signer 3 .
.Fn PKCS7_final
must also be called to finalize the structure if streaming is not
enabled.
Alternative signing digests can also be specified using this method.
.Pp
In OpenSSL 1.0.0, if
.Fa signcert
and
.Fa pkey
are
.Dv NULL ,
then a certificate-only PKCS#7 structure is output.
.Pp
In versions of OpenSSL before 1.0.0 the


.Fa signcert
and
.Fa pkey
parameters must
.Sy NOT
be
.Dv NULL .
.Sh RETURN VALUES
.Fn PKCS7_sign
returns either a valid
.Vt PKCS7
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Fn ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr PKCS7_new 3 ,
.Xr PKCS7_verify 3
.Sh HISTORY

.Fn PKCS7_sign
was added to OpenSSL 0.9.5.
.Pp
The
.Dv PKCS7_PARTIAL
and
.Dv PKCS7_STREAM
flags were added in OpenSSL 1.0.0.
.Sh BUGS
Some advanced attributes such as counter signatures are not supported.
Changes to jni/libressl/man/PKCS7_sign_add_signer.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

33
34
35
36
37
38

39
40
41
42
43
44
45
46






47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79

80
81
82
83
84
85
86
87


88
89

90
91
92
93
94
95
96
97
98

99
100

101



102
103
104
105
106
107

108
109


110
111
112
113


114

115
116


117
118


119



120
121

122
123


124

125


126
127
128
129
130
131
132


133


134
135
136
137

138
139

140

141
142
143
144

145

146


147
148
149

150
151
152

153
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p

.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq






.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS7_sign_add_signer 3"
.TH PKCS7_sign_add_signer 3 "2017-01-09" "LibreSSL " "LibreSSL"

.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"

PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&
\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
.Ve


.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private
key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure
\&\fBp7\fR.
.PP
The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR
with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0
signed data structure.
.PP
If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public

key algorithm will be used.
.PP

Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure



is not complete and must be finalized either by streaming (if applicable) or
a call to \fIPKCS7_final()\fR.
.SH "NOTES"
.IX Header "NOTES"
The main purpose of this function is to provide finer control over a PKCS#7
signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are

not appropriate. For example if multiple signers or non default digest
algorithms are needed.


.PP
Any of the following flags (ored together) can be passed in the \fBflags\fR
parameter.
.PP


If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content

digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure.
An error occurs if a matching digest value cannot be found to copy. The


returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set.
.PP


If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the



\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes
can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is

needed to finalize it.
.PP


If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the

\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the


\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the
signers certificate can be obtained by other means: for example a previously
signed message.
.PP
The signedData structure includes several PKCS#7 authenticatedAttributes
including the signing time, the PKCS#7 content type and the supported list of
ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no


authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just


the SMIMECapabilities are omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of

these algorithms is disabled then it will not be included.
.PP

\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0

structure just added, this can be used to set additional attributes
before it is finalized.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0

structure just added or \s-1NULL\s0 if an error occurs.


.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),

\&\fIPKCS7_final\fR\|(3),
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0
|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
<
|
|
<
<
|
|
>
|
|
|
<
<
<
>
|
|
|
<
<

<
<
>
>
>
>
>
>
|
|
|
|
|
|

|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
<
|
|
|
>
|
|
|
|
|
>
|
<
|
|
|
<
<
|
>
>
|
|
>
|
|
<
|
|
<
<
|
|
>
|
|
>
|
>
>
>
|
|
|
<
|
|
>
|
|
>
>
|
<

|
>
>
|
>
|
|
>
>
|
|
>
>
|
>
>
>
|
|
>
|
|
>
>
|
>
|
>
>
|
|
<
|

|
|
>
>
|
>
>
|
|
|
|
>
|
|
>
|
>
|

|
<
>
|
>
|
>
>
|
<
|
>
|
|
<
>
|
1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25

26
27


28
29
30
31
32
33



34
35
36
37


38


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

66
67

68
69
70
71
72
73
74
75
76
77
78

79
80
81


82
83
84
85
86
87
88
89

90
91


92
93
94
95
96
97
98
99
100
101
102
103
104

105
106
107
108
109
110
111
112

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

167
168
169
170
171
172
173

174
175
176
177

178
179
.\"	$OpenBSD: PKCS7_sign_add_signer.3,v 1.7 2017/01/06 18:21:55 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2007, 2008, 2009, 2015 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"


.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt PKCS7_SIGN_ADD_SIGNER 3
.Os
.Sh NAME
.Nm PKCS7_sign_add_signer
.Nd add a signer PKCS7 signed data structure
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft PKCS7_SIGNER_INFO *
.Fo PKCS7_sign_add_signer
.Fa "PKCS7 *p7"
.Fa "X509 *signcert"
.Fa "EVP_PKEY *pkey"
.Fa "const EVP_MD *md"

.Fa "int flags"
.Fc

.Sh DESCRIPTION
.Fn PKCS7_sign_add_signer
adds a signer with certificate
.Fa signcert
and private key
.Fa pkey
using message digest
.Fa md
to a
.Vt PKCS7
signed data structure

.Fa p7 .
.Pp
The


.Vt PKCS7
structure should be obtained from an initial call to
.Xr PKCS7_sign 3
with the flag
.Dv PKCS7_PARTIAL
set or, in the case or re-signing, a valid
.Vt PKCS7
signed data structure.

.Pp
If the


.Fa md
parameter is
.Dv NULL ,
then the default digest for the public key algorithm will be used.
.Pp
Unless the
.Dv PKCS7_REUSE_DIGEST
flag is set, the returned
.Dv PKCS7
structure is not complete and must be
finalized either by streaming (if applicable) or by a call to
.Fn PKCS7_final .
.Pp

The main purpose of this function is to provide finer control over a
PKCS#7 signed data structure where the simpler
.Xr PKCS7_sign 3
function defaults are not appropriate, for example if multiple
signers or non default digest algorithms are needed.
.Pp
Any of the following flags (OR'ed together) can be passed in the
.Fa flags

parameter.
.Pp
If
.Dv PKCS7_REUSE_DIGEST
is set, then an attempt is made to copy the content digest value from the
.Vt PKCS7
structure: to add a signer to an existing structure.
An error occurs if a matching digest value cannot be found to copy.
The returned
.Vt PKCS7
structure will be valid and finalized when this flag is set.
.Pp
If
.Dv PKCS7_PARTIAL
is set in addition to
.Dv PKCS7_REUSE_DIGEST ,
then the
.Dv PKCS7_SIGNER_INO
structure will not be finalized, so additional attributes can be added.
In this case an explicit call to
.Fn PKCS7_SIGNER_INFO_sign
is needed to finalize it.
.Pp
If
.Dv PKCS7_NOCERTS
is set, the signer's certificate will not be included in the
.Vt PKCS7
structure, though the signer's certificate must still be supplied in the
.Fa signcert
parameter.
This can reduce the size of the signature if the signers certificate can
be obtained by other means: for example a previously signed message.

.Pp
The signedData structure includes several PKCS#7 authenticatedAttributes
including the signing time, the PKCS#7 content type and the supported
list of ciphers in an SMIMECapabilities attribute.
If
.Dv PKCS7_NOATTR
is set, then no authenticatedAttributes will be used.
If
.Dv PKCS7_NOSMIMECAP
is set, then just the SMIMECapabilities are omitted.
.Pp
If present, the SMIMECapabilities attribute indicates support for the
following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES
and 40-bit RC2.
If any of these algorithms is disabled, then it will not be included.
.Pp
.Fn PKCS7_sign_add_signer
returns an internal pointer to the
.Vt PKCS7_SIGNER_INFO
structure just added, which can be used to set additional attributes
before it is finalized.
.Sh RETURN VALUES

.Fn PKCS7_sign_add_signer
returns an internal pointer to the
.Vt PKCS7_SIGNER_INFO
structure just added or
.Dv NULL
if an error occurs.
.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr PKCS7_new 3 ,
.Xr PKCS7_sign 3
.Sh HISTORY

.Fn PKCS7_sign_add_signer
was added to OpenSSL 1.0.0.
Changes to jni/libressl/man/PKCS7_verify.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49











50
51
52
53
54
55


56
57
58


59
60
61
62
63
64


65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92





93


94

95


96

97

98

99
100
101

102



103




104
105
106

107
108
109




110
111



112
113


114

115


116
117
118

119

120
121
122



123
124
125
126
127

128



129
130


131
132
133


134


135


136

137
138


139
140


141

142
143
144


145
146

147
148
149

150
151

152
153
154


155
156
157


158
159
160

161
162
163
164
165
166
167
168

169


170
171





172


173
174

175

176
177
178
179
180
181
182
183
184

185
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for











.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1


.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{


.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "PKCS7_verify 3"
.TH PKCS7_verify 3 "2017-01-09" "LibreSSL " "LibreSSL"

.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&
\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
\&
\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0





structure to verify. \fBcerts\fR is a set of certificates in which to search for


the signer's certificate. \fBstore\fR is a trusted certificate store (used for

chain verification). \fBindata\fR is the signed data if the content is not


present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR

if it is not \s-1NULL.\s0

.PP

\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
operation.
.PP

\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does



\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR




and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR.
.SH "VERIFY PROCESS"
.IX Header "VERIFY PROCESS"

Normally the verify process proceeds as follows.
.PP
Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must




be signedData. There must be at least one signature on the data and if
the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR.



.PP
An attempt is made to locate all the signer's certificates, first looking in


the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any

certificates contained in the \fBp7\fR structure itself. If any signer's


certificates cannot be located the operation fails.
.PP
Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and

the supplied trusted certificate store. Any internal certificates in the message

are used as untrusted CAs. If any chain verify fails an error code is returned.
.PP
Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and



the signature's checked.
.PP
If all signature's verify correctly then the function is successful.
.PP
Any of the following flags (ored together) can be passed in the \fBflags\fR

parameter to change the default verify behaviour. Only the flag



\&\fB\s-1PKCS7_NOINTERN\s0\fR is meaningful to \fIPKCS7_get0_signers()\fR.
.PP


If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not
searched when locating the signer's certificate. This means that all the signers
certificates must be in the \fBcerts\fR parameter.


.PP


If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted


from the content. If the content is not of type \fBtext/plain\fR then an error is

returned.
.PP


If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified.
.PP


If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are

not used as untrusted CAs. This means that the whole verify chain (apart from
the signer's certificate) must be contained in the trusted store.
.PP


If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked.
.SH "NOTES"

.IX Header "NOTES"
One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by
a small number of certificates. The acceptable certificates would be passed

in the \fBcerts\fR parameter. In this case if the signer is not one of the
certificates supplied in \fBcerts\fR then the verify will fail because the

signer cannot be found.
.PP
Care should be taken when modifying the default verify behaviour, for example


setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification
and any signed message will be considered valid. This combination is however
useful if one merely wishes to write the content to \fBout\fR and its validity


is not considered important.
.PP
Chain verification should arguably be performed  using the signing time rather

than the current time. However since the signing time is supplied by the
signer it cannot be trusted without additional evidence (such as a trusted
timestamp).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative
value if an error occurs.
.PP

\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred.


.PP
The error can be obtained from \fIERR_get_error\fR\|(3)





.SH "BUGS"


.IX Header "BUGS"
The trusted certificate store is not searched for the signers certificate,

this is primarily due to the inadequacies of the current \fBX509_STORE\fR

functionality.
.PP
The lack of single pass processing and need to hold all data in memory as
mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
<
<
|
|
<
<
|
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
>
>
>
>
>
>
>
>
>
>
>
<
<
|

<
<
>
>
|
|
|
>
>
|
|
<
<
|
|
>
>
|
|
|
|
|
|
<
<
|
|
>
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
|
>
>
>
>
>
|
>
>
|
>
|
>
>
|
>
|
>
|
>
|

|
>
|
>
>
>
|
>
>
>
>
|
|
<
>

|
|
>
>
>
>
|
|
>
>
>
|
|
>
>
|
>
|
>
>
|
|
|
>
|
>
|
|
|
>
>
>
|
|

|
|
>
|
>
>
>
|
|
>
>
|
|
|
>
>
|
>
>
|
>
>
|
>
|
|
>
>
|
|
>
>
|
>
|
|
|
>
>
|
|
>
|
|
|
>
|
|
>
|
|
|
>
>
|
|
|
>
>
|
|
|
>
|
|
<
|
|
|
|
|
>
|
>
>
|
|
>
>
>
>
>
|
>
>
|
|
>
|
>

|
|
|
<
<
|
<
<
>
|
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24


25
26


27



28


29
30


31


32


33
34
35
36
37

38
39
40
41
42
43
44
45
46
47
48


49
50


51
52
53
54
55
56
57
58
59


60
61
62
63
64
65
66
67
68
69


70
71
72













73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241


242


243
244
.\"	$OpenBSD: PKCS7_verify.3,v 1.5 2016/12/13 15:00:22 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006, 2013, 2014, 2015 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to


.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: December 13 2016 $
.Dt PKCS7_VERIFY 3
.Os
.Sh NAME
.Nm PKCS7_verify ,
.Nm PKCS7_get0_signers
.Nd verify a PKCS#7 signedData structure
.Sh SYNOPSIS
.In openssl/pkcs7.h


.Ft int
.Fo PKCS7_verify
.Fa "PKCS7 *p7"
.Fa "STACK_OF(X509) *certs"
.Fa "X509_STORE *store"
.Fa "BIO *indata"
.Fa "BIO *out"
.Fa "int flags"
.Fc
.Ft STACK_OF(X509) *


.Fo PKCS7_get0_signers
.Fa "PKCS7 *p7"
.Fa "STACK_OF(X509) *certs"













.Fa "int flags"
.Fc
.Sh DESCRIPTION
.Fn PKCS7_verify
verifies a PKCS#7 signedData structure.
.Fa p7
is the
.Vt PKCS7
structure to verify.
.Fa certs
is a set of certificates in which to search for the signer's
certificate.
.Fa store
is a trusted certificate store (used for chain verification).
.Fa indata
is the signed data if the content is not present in
.Fa p7 ,
that is if it is detached.
The content is written to
.Fa out
if it is not
.Dv NULL .
.Pp
.Fa flags
is an optional set of flags, which can be used to modify the verify
operation.
.Pp
.Fn PKCS7_get0_signers
retrieves the signer's certificates from
.Fa p7 .
It does
.Sy not
check their validity or whether any signatures are valid.
The
.Fa certs
and
.Fa flags
parameters have the same meanings as in
.Fn PKCS7_verify .

.Pp
Normally the verify process proceeds as follows.
.Pp
Initially some sanity checks are performed on
.Fa p7 .
The type of
.Fa p7
must be signedData.
There must be at least one signature on the data and if the content
is detached,
.Fa indata
cannot be
.Dv NULL .
.Pp
An attempt is made to locate all the signer's certificates, first
looking in the
.Fa certs
parameter (if it is not
.Dv NULL )
and then looking in any certificates contained in the
.Fa p7
structure itself.
If any signer's certificates cannot be located the operation fails.
.Pp
Each signer's certificate is chain verified using the
.Sy smimesign
purpose and the supplied trusted certificate store.
Any internal certificates in the message are used as untrusted CAs.
If any chain verify fails an error code is returned.
.Pp
Finally, the signed content is read (and written to
.Fa out
if it is not
.Dv NULL )
and the signature's checked.
.Pp
If all signature's verify correctly then the function is successful.
.Pp
Any of the following flags (OR'ed together) can be passed in the
.Fa flags
parameter to change the default verify behaviour.
Only the flag
.Dv PKCS7_NOINTERN
is meaningful to
.Fn PKCS7_get0_signers .
.Pp
If
.Dv PKCS7_NOINTERN
is set, the certificates in the message itself are not searched when
locating the signer's certificate.
This means that all the signer's certificates must be in the
.Fa certs
parameter.
.Pp
If the
.Dv PKCS7_TEXT
flag is set, MIME headers for type
.Sy text/plain
are deleted from the content.
If the content is not of type
.Sy text/plain ,
then an error is returned.
.Pp
If
.Dv PKCS7_NOVERIFY
is set, the signer's certificates are not chain verified.
.Pp
If
.Dv PKCS7_NOCHAIN
is set, then the certificates contained in the message are not used as
untrusted CAs.
This means that the whole verify chain (apart from the signer's
certificate) must be contained in the trusted store.
.Pp
If
.Dv PKCS7_NOSIGS
is set, then the signatures on the data are not checked.
.Pp
One application of
.Dv PKCS7_NOINTERN
is to only accept messages signed by a small number of certificates.
The acceptable certificates would be passed in the
.Fa certs
parameter.
In this case, if the signer is not one of the certificates supplied in
.Fa certs ,
then the verify will fail because the signer cannot be found.
.Pp
Care should be taken when modifying the default verify behaviour, for
example setting
.Dv PKCS7_NOVERIFY | PKCS7_NOSIGS
will totally disable all verification and any signed message will be
considered valid.
This combination is however useful if one merely wishes to write the
content to
.Fa out
and its validity is not considered important.
.Pp
Chain verification should arguably be performed using the signing time
rather than the current time.
However since the signing time is supplied by the signer, it cannot be
trusted without additional evidence (such as a trusted timestamp).

.Sh RETURN VALUES
.Fn PKCS7_verify
returns 1 for a successful verification and 0 or a negative value if
an error occurs.
.Pp
.Fn PKCS7_get0_signers
returns all signers or
.Dv NULL
if an error occurred.
.Pp
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr PKCS7_new 3 ,
.Xr PKCS7_sign 3
.Sh HISTORY
.Fn PKCS7_verify
was added to OpenSSL 0.9.5 .
.Sh BUGS
The trusted certificate store is not searched for the signer's
certificate.
This is primarily due to the inadequacies of the current
.Vt X509_STORE
functionality.
.Pp
The lack of single pass processing and the need to hold all data
in memory as mentioned in


.Xr PKCS7_sign 3


also applies to
.Fn PKCS7_verify .
Added jni/libressl/man/PKCS8_PRIV_KEY_INFO_new.3.
















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
.\"	$OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PKCS8_PRIV_KEY_INFO_NEW 3
.Os
.Sh NAME
.Nm PKCS8_PRIV_KEY_INFO_new ,
.Nm PKCS8_PRIV_KEY_INFO_free
.Nd PKCS#8 private key information
.Sh SYNOPSIS
.In openssl/x509.h
.Ft PKCS8_PRIV_KEY_INFO *
.Fn PKCS8_PRIV_KEY_INFO_new void
.Ft void
.Fn PKCS8_PRIV_KEY_INFO_free "PKCS8_PRIV_KEY_INFO *key"
.Sh DESCRIPTION
.Fn PKCS8_PRIV_KEY_INFO_new
allocates and initializes an empty
.Vt PKCS8_PRIV_KEY_INFO
object, representing an ASN.1
.Vt PrivateKeyInfo
structure defined in RFC 5208 section 5.
It can hold a private key together with information about the
algorithm to be used with it and optional attributes.
.Pp
.Fn PKCS8_PRIV_KEY_INFO_free
frees
.Fa key .
.Sh RETURN VALUES
.Fn PKCS8_PRIV_KEY_INFO_new
returns the new
.Vt PKCS8_PRIV_KEY_INFO
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr d2i_PKCS8PrivateKey_bio 3 ,
.Xr PEM_read_PKCS8_PRIV_KEY_INFO 3 ,
.Xr PKCS12_parse 3 ,
.Xr X509_ATTRIBUTE_new 3
.Sh STANDARDS
RFC 5208: PKCS#8: Private-Key Information Syntax Specification
Added jni/libressl/man/PKEY_USAGE_PERIOD_new.3.






































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
.\"	$OpenBSD: PKEY_USAGE_PERIOD_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PKEY_USAGE_PERIOD_NEW 3
.Os
.Sh NAME
.Nm PKEY_USAGE_PERIOD_new ,
.Nm PKEY_USAGE_PERIOD_free
.Nd X.509 certificate private key usage period extension
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft PKEY_USAGE_PERIOD *
.Fn PKEY_USAGE_PERIOD_new void
.Ft void
.Fn PKEY_USAGE_PERIOD_free "PKEY_USAGE_PERIOD *period"
.Sh DESCRIPTION
.Fn PKEY_USAGE_PERIOD_new
allocates and initializes an empty
.Vt PKEY_USAGE_PERIOD
object, representing an ASN.1
.Vt PrivateKeyUsagePeriod
structure defined in RFC 3280 section 4.2.1.4.
It could be used in
.Vt X509
certificates to specify a validity period for the private key
that differed from the validity period of the certificate.
.Pp
.Fn PKEY_USAGE_PERIOD_free
frees
.Fa period .
.Sh RETURN VALUES
.Fn PKEY_USAGE_PERIOD_new
returns the new
.Vt PKEY_USAGE_PERIOD
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr X509_CINF_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 3280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.2.1.4: Private Key Usage Period
.Pp
RFC 3280 was obsoleted by RFC 5280, which says: "Section 4.2.1.4
in RFC 3280, which specified the
.Vt PrivateKeyUsagePeriod
certificate extension but deprecated its use, was removed.
Use of this ISO standard extension is neither deprecated
nor recommended for use in the Internet PKI."
Added jni/libressl/man/POLICYINFO_new.3.




































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
.\"	$OpenBSD: POLICYINFO_new.3,v 1.3 2016/12/28 20:29:15 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt POLICYINFO_NEW 3
.Os
.Sh NAME
.Nm POLICYINFO_new ,
.Nm POLICYINFO_free ,
.Nm CERTIFICATEPOLICIES_new ,
.Nm CERTIFICATEPOLICIES_free ,
.Nm POLICYQUALINFO_new ,
.Nm POLICYQUALINFO_free ,
.Nm USERNOTICE_new ,
.Nm USERNOTICE_free ,
.Nm NOTICEREF_new ,
.Nm NOTICEREF_free ,
.Nm POLICY_MAPPING_new ,
.Nm POLICY_MAPPING_free ,
.Nm POLICY_CONSTRAINTS_new ,
.Nm POLICY_CONSTRAINTS_free
.Nd X.509 certificate policies
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft POLICYINFO *
.Fn POLICYINFO_new void
.Ft void
.Fn POLICYINFO_free "POLICYINFO *pi"
.Ft CERTIFICATEPOLICIES *
.Fn CERTIFICATEPOLICIES_new void
.Ft void
.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis"
.Ft POLICYQUALINFO *
.Fn POLICYQUALINFO_new void
.Ft void
.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi"
.Ft USERNOTICE *
.Fn USERNOTICE_new void
.Ft void
.Fn USERNOTICE_free "USERNOTICE *usernotice"
.Ft NOTICEREF *
.Fn NOTICEREF_new void
.Ft void
.Fn NOTICEREF_free "NOTICEREF *noticeref"
.Ft POLICY_MAPPING *
.Fn POLICY_MAPPING_new void
.Ft void
.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm"
.Ft POLICY_CONSTRAINTS *
.Fn POLICY_CONSTRAINTS_new void
.Ft void
.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc"
.Sh DESCRIPTION
X.509 CA and end entity certificates can optionally indicate
restrictions on their intended use.
.Pp
.Fn POLICYINFO_new
allocates and initializes an empty
.Vt POLICYINFO
object, representing an ASN.1
.Vt PolicyInformation
structure defined in RFC 5280 section 4.2.1.4.
It can hold a policy identifier and optional advisory qualifiers.
.Fn POLICYINFO_free
frees
.Fa pi .
.Pp
.Fn CERTIFICATEPOLICIES_new
allocates and initializes an empty
.Vt CERTIFICATEPOLICIES
object, which is a
.Vt STACK_OF(POLICYINFO)
and represents an ASN.1
.Vt CertificatePolicies
structure defined in RFC 5280 section 4.2.1.4.
It can be used by
.Vt X509
objects, both by CA certificates and end entity certificates.
.Fn CERTIFICATEPOLICIES_free
frees
.Fa pis .
.Pp
.Fn POLICYQUALINFO_new
allocates and initializes an empty
.Vt POLICYQUALINFO
object, representing an ASN.1
.Vt PolicyQualifierInfo
structure defined in RFC 5280 section 4.2.1.4.
It can be used in
.Vt POLICYINFO
and it can hold either a uniform resource identifier of a certification
practice statement published by the CA, or a pointer to a
.Vt USERNOTICE
object, or arbitrary other information.
.Fn POLICYQUALINFO_free
frees
.Fa pqi .
.Pp
.Fn USERNOTICE_new
allocates and initializes an empty
.Vt USERNOTICE
object, representing an ASN.1
.Vt UserNotice
structure defined in RFC 5280 section 4.2.1.4.
It can be used in
.Vt POLICYQUALINFO
and it can hold either an
.Vt ASN1_STRING
intended for display to the user or a pointer to a
.Vt NOTICEREF
object.
.Fn NOTICEREF_free
frees
.Fa usernotice .
.Pp
.Fn NOTICEREF_new
allocates and initializes an empty
.Vt NOTICEREF
object, representing an ASN.1
.Vt NoticeReference
structure defined in RFC 5280 section 4.2.1.4.
It can be used in
.Vt USERNOTICE
and can hold an organization name and a stack of notice numbers.
.Fn NOTICEREF_free
frees
.Fa noticeref .
.Pp
.Fn POLICY_MAPPING_new
allocates and initializes an empty
.Vt POLICY_MAPPING
object, representing an ASN.1
.Vt PolicyMappings
structure defined in RFC 5280 section 4.2.1.5.
It can be used in
.Vt X509
CA certificates and can hold a list of pairs of policy identifiers,
declaring one of the policies in each pair as equivalent to the
other.
.Fn POLICY_MAPPING_free
frees
.Fa pm .
.Pp
.Fn POLICY_CONSTRAINTS_new
allocates and initializes an empty
.Vt POLICY_CONSTRAINTS
object, representing an ASN.1
.Vt PolicyConstraints
structure defined in RFC 5280 section 4.2.1.11.
It can be used in
.Vt X509
CA certificates to restrict policy mapping and/or to require explicit
certificate policies in subsequent intermediate certificates in the
certification path.
.Fn POLICY_CONSTRAINTS_free
frees
.Fa pc .
.Sh RETURN VALUES
The constructor functions return a new object of the respective
type or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr NAME_CONSTRAINTS_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.1.4: Certificate Policies
.It
section 4.2.1.5: Policy Mappings
.It
section 4.2.1.11: Policy Constraints
.El
.Sh BUGS
This is a lot of nested data structures, but most of them are
designed to have almost no effect.
Added jni/libressl/man/PROXY_POLICY_new.3.






















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
.\"	$OpenBSD: PROXY_POLICY_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt PROXY_POLICY_NEW 3
.Os
.Sh NAME
.Nm PROXY_POLICY_new ,
.Nm PROXY_POLICY_free ,
.Nm PROXY_CERT_INFO_EXTENSION_new ,
.Nm PROXY_CERT_INFO_EXTENSION_free
.Nd X.509 proxy certificate extension
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft PROXY_POLICY *
.Fn PROXY_POLICY_new void
.Ft void
.Fn PROXY_POLICY_free "PROXY_POLICY *pp"
.Ft PROXY_CERT_INFO_EXTENSION *
.Fn PROXY_CERT_INFO_EXTENSION_new void
.Ft void
.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie"
.Sh DESCRIPTION
If a given non-CA certificate grants any privileges, using that
certificate to issue a proxy certificate and handing that proxy
certificate over to another person, organization, or service allows
the bearer of the proxy certificate to exercise some or all of the
privileges on behalf of the subject of the original certificate.
.Pp
.Fn PROXY_POLICY_new
allocates and initializes an empty
.Vt PROXY_POLICY
object, representing an ASN.1
.Vt ProxyPolicy
structure defined in RFC 3820 section 3.8.
It defines which privileges are to be delegated.
.Fn PROXY_POLICY_free
frees
.Fa pp .
.Pp
.Fn PROXY_CERT_INFO_EXTENSION_new
allocates and initializes an empty
.Vt PROXY_CERT_INFO_EXTENSION
object, representing an ASN.1
.Vt ProxyCertInfo
structure defined in RFC 3820 section 3.8.
It can contain a
.Vt PROXY_POLICY
object, and it can additionally restrict the maximum depth of the
path of proxy certificates that can be signed by this proxy
certificate.
.Fn PROXY_CERT_INFO_EXTENSION_free
frees
.Fa pcie .
.Pp
If a non-CA certificate contains a
.Vt PROXY_CERT_INFO_EXTENSION ,
it is a proxy certificate; otherwise, it is an end entity certificate.
.Sh RETURN VALUES
.Fn PROXY_POLICY_new
and
.Fn PROXY_CERT_INFO_EXTENSION_new
return the new
.Vt PROXY_POLICY
or
.Vt PROXY_CERT_INFO_EXTENSION
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr POLICYINFO_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile
Deleted jni/libressl/man/RAND.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RAND 3"
.TH RAND 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RAND \- pseudo\-random number generator
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rand.h>
\&
\& int  RAND_bytes(unsigned char *buf, int num);
\& int  RAND_pseudo_bytes(unsigned char *buf, int num);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions give access to the systems cryptographically secure
pseudo-random number generator (\s-1PRNG\s0). It is used by other library functions
for example to generate random keys, and applications can use it when they
need randomness.
.PP
\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the
\&\s-1PRNG.\s0
.SH "INTERNALS"
.IX Header "INTERNALS"
The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on the systems'
\&\fIarc4random_buf\fR\|(3) random number generator.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIBN_rand\fR\|(3),
\&\fIRAND_bytes\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


















































































































































































































Changes to jni/libressl/man/RAND_add.3.
1
2

3
4
5
6
7
8
9
10
11
12



13
14

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

72
73
74
75
76

77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"

.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1



..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================

.\"
.IX Title "RAND_add 3"
.TH RAND_add 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l
.nh
.SH "NAME"
RAND_add, RAND_seed, RAND_status \- add entropy to the PRNG (DEPRECATED)
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rand.h>
\&
\& void RAND_seed(const void *buf, int num);
\&
\& void RAND_add(const void *buf, int num, double entropy);
\&
\& int  RAND_status(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions used to allow for the state of the random number generator
to be controlled by external sources.
.PP
They are kept for \s-1ABI\s0 compatibility but are no longer functional, and
should not be used in new programs.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrand\fR\|(3),
\&\fIRAND_load_file\fR\|(3), \fIRAND_cleanup\fR\|(3)

|

>
|
<
|
|
|
|
|
|
|
|
>
>
>
|
<
>
|
<
|
<
<
<
<
<
<
|
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
|
<
<
<
|
<
<
<
|
<
<
<
|
|
|
|
|
|
|
<
<
|
<
|
<
<
<
<
<
|
<
<
>
|
|
<
<
<
>
|
|
<
<
<
<
|
<
<
<
<
<
<
|
<
|
<
|
|
|
|

|
<
<
|
>
1
2
3
4

5
6
7
8
9
10
11
12
13
14
15
16

17
18

19






20







21







22



23



24



25
26
27
28
29
30
31


32

33





34


35
36
37



38
39
40




41






42

43

44
45
46
47
48
49


50
51
.\"	$OpenBSD: RAND_add.3,v 1.5 2016/12/15 06:52:02 jmc Exp $
.\"
.\" Copyright (c) 2014 Miod Vallat <miod@openbsd.org>
.\"

.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: December 15 2016 $
.Dt RAND_ADD 3

.Os






.Sh NAME







.Nm RAND_add ,







.Nm RAND_cleanup ,



.Nm RAND_seed ,



.Nm RAND_status



.Nd manipulate the PRNG state
.Sh SYNOPSIS
.In openssl/rand.h
.Ft void
.Fo RAND_add
.Fa "const void *buf"
.Fa "int num"


.Fa "double entropy"

.Fc





.Ft void


.Fn RAND_cleanup void
.Ft void
.Fo RAND_seed



.Fa "const void *buf"
.Fa "int num"
.Fc




.Ft int






.Fn RAND_status void

.Sh DESCRIPTION

These functions used to allow for the state of the random number
generator to be controlled by external sources.
.Pp
They are kept for ABI compatibility but are no longer functional, and
should not be used in new programs.
.Sh RETURN VALUES


.Fn RAND_status
always returns 1.
Changes to jni/libressl/man/RAND_bytes.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48









49
50
51
52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67
68
69

70
71


72
73
74
75
76

77
78
79
80
81
82
83




84




85
86
87
88
89
90
91
92
93
94



95

96

97

98
99
100
101
102
103
104
105
106
107
108

109
110

111

112

113
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"









.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX

..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}

.rr rF
.\" ========================================================================


.\"
.IX Title "RAND_bytes 3"
.TH RAND_bytes 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l
.nh
.SH "NAME"
RAND_bytes, RAND_pseudo_bytes \- generate random data
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1




\& #include <openssl/rand.h>




\&
\& int RAND_bytes(unsigned char *buf, int num);
\&
\& int RAND_pseudo_bytes(unsigned char *buf, int num);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes
into \fBbuf\fR.
.PP



\&\fIRAND_pseudo_bytes()\fR puts \fBnum\fR pseudo-random bytes into \fBbuf\fR.

Pseudo-random byte sequences generated by \fIRAND_pseudo_bytes()\fR will be

unique if they are of sufficient length, but are not necessarily

unpredictable. They can be used for non-cryptographic purposes and for
certain purposes in cryptographic protocols, but usually not for key
generation etc.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIRAND_bytes()\fR returns 1.
\&\fIRAND_pseudo_bytes()\fR returns 1.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrand\fR\|(3), \fIERR_get_error\fR\|(3),
\&\fIRAND_add\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"

\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL.  It

has a return value since OpenSSL 0.9.5. \fIRAND_pseudo_bytes()\fR was added

in OpenSSL 0.9.5.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
|
|
<
|

<
<
>
|
<
<
<
<
<
<
|
<
<
<
<
|
|
>
|
<
>
>
|
|
<
<
<
>
|
|
|
|
|
|
|
>
>
>
>
|
>
>
>
>
<
<
<
<
|
<
<
|
|
|
>
>
>
|
>
|
>
|
>
|
|
<
|
<
|
|
<
<
<
|
>
|
<
>
|
>
|
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27



28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

49
50


51
52






53




54
55
56
57

58
59
60
61



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78




79


80
81
82
83
84
85
86
87
88
89
90
91
92
93

94

95
96



97
98
99

100
101
102
103
104
105
.\"	$OpenBSD: RAND_bytes.3,v 1.3 2016/11/29 00:26:23 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: November 29 2016 $
.Dt RAND_BYTES 3






.Os




.Sh NAME
.Nm RAND_bytes ,
.Nm RAND_pseudo_bytes
.Nd generate random data

.Sh SYNOPSIS
.In openssl/rand.h
.Ft int
.Fo RAND_bytes



.Fa "unsigned char *buf"
.Fa "int num"
.Fc
.Ft int
.Fo RAND_pseudo_bytes
.Fa "unsigned char *buf"
.Fa "int num"
.Fc
.Sh DESCRIPTION
These functions are deprecated and only retained for compatibility
with legacy application programs.
Use
.Xr arc4random_buf 3
instead.
.Pp
.Fn RAND_bytes
puts




.Fa num


cryptographically strong pseudo-random bytes into
.Fa buf .
.Pp
.Fn RAND_pseudo_bytes
puts
.Fa num
pseudo-random bytes into
.Fa buf .
Pseudo-random byte sequences generated by
.Fn RAND_pseudo_bytes
will be unique if they are of sufficient length, but are not necessarily
unpredictable.
They can be used for non-cryptographic purposes and for certain purposes
in cryptographic protocols, but usually not for key generation etc.

.Sh RETURN VALUES

.Fn RAND_bytes
returns 1.



.Fn RAND_pseudo_bytes
returns 1.
.Sh HISTORY

.Fn RAND_bytes
is available in all versions of SSLeay and OpenSSL.
It has a return
value since OpenSSL 0.9.5.
.Fn RAND_pseudo_bytes
was added in OpenSSL 0.9.5.
Deleted jni/libressl/man/RAND_cleanup.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RAND_cleanup 3"
.TH RAND_cleanup 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RAND_cleanup \- erase the PRNG state
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rand.h>
\&
\& void RAND_cleanup(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrand\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRAND_cleanup()\fR is available in all versions of SSLeay and OpenSSL.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































































































































Changes to jni/libressl/man/RAND_load_file.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30



31
32
33
34
35
36
37
38
39
40
41
42
43
44










45
46
47
48
49
50
51
52
53
54
55


56
57
58
59
60
61




62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

95




96
97

98
99
100
101
102
103

104
105
106
107

108




109
110
111

112

113



114
115
116
117
118
119
120
121


122
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch



.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"










.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX




.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RAND_load_file 3"
.TH RAND_load_file 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"
RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rand.h>
\&
\& const char *RAND_file_name(char *buf, size_t num);
\&
\& int RAND_load_file(const char *filename, long max_bytes);
\&
\& int RAND_write_file(const char *filename);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRAND_file_name()\fR returns a default path for the random seed file.

\&\fBbuf\fR points to a buffer of size \fBnum\fR in which to store the




filename. If \fBnum\fR is too small for the path name, an error occurs.
.PP

\&\fIRAND_load_file()\fR used to allow for the state of the random number generator
to be controlled by external sources.
.PP
It is kept for \s-1ABI\s0 compatibility but is no longer functional, and
should not used in new programs.
.PP

\&\fIRAND_write_file()\fR writes a number of random bytes (currently 1024) to
file \fBfilename\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIRAND_load_file()\fR always returns 0.




.PP
\&\fIRAND_write_file()\fR returns the number of bytes written, and \-1 if the
bytes written were generated without appropriate seed.

.PP

\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on



error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrand\fR\|(3), \fIRAND_add\fR\|(3),
\&\fIRAND_cleanup\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRAND_load_file()\fR, \fIRAND_write_file()\fR and \fIRAND_file_name()\fR are available in


all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
>
>
>
|
|
<
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
>
>
|
<
<
|
<
<
<
<

<
<
>
>
|
|
<
<
<
|
>
>
>
>
|
|
|
|
|
<
<
|
<
<
|
|
|
<
<
<
>
|
|
|
<
<
<
<
<
<
<
<
<
|
|
|
|
|
>
|
>
>
>
>
|
|
>
|
|
<
|
|
|
>
|
|
|
<
>
|
>
>
>
>
|
|
|
>
|
>
|
>
>
>
|
<
<
<
<
|
|
|
>
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35








36


37
38
39
40
41
42
43
44
45
46
47
48


49




50


51
52
53
54



55
56
57
58
59
60
61
62
63
64


65


66
67
68



69
70
71
72









73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

89
90
91
92
93
94
95

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112




113
114
115
116
117
118
.\"	$OpenBSD: RAND_load_file.3,v 1.4 2016/11/29 00:45:36 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project








.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"


.Dd $Mdocdate: November 29 2016 $
.Dt RAND_LOAD_FILE 3
.Os
.Sh NAME



.Nm RAND_file_name ,
.Nm RAND_load_file ,
.Nm RAND_write_file
.Nd PRNG seed file
.Sh SYNOPSIS
.In openssl/rand.h
.Ft const char *
.Fo RAND_file_name
.Fa "char *buf"
.Fa "size_t num"


.Fc


.Ft int
.Fo RAND_load_file
.Fa "const char *filename"



.Fa "long max_bytes"
.Fc
.Ft int
.Fo RAND_write_file









.Fa "const char *filename"
.Fc
.Sh DESCRIPTION
.Fn RAND_file_name
returns a default path for the random seed file.
.Fa buf
points to a buffer of size
.Fa num
in which to store the filename.
If
.Fa num
is too small for the path name, an error occurs.
.Pp
.Fn RAND_load_file
used to allow for the state of the random number generator to be
controlled by external sources.

It is kept for ABI compatibility but is no longer functional, and should
not be used in new programs.
.Pp
.Fn RAND_write_file
writes a number of random bytes (currently 1024) to file
.Fa filename .
.Sh RETURN VALUES

.Fn RAND_load_file
returns
.Fa max_bytes ,
or a bogus positive value if
.Fa max_bytes
is -1.
.Pp
.Fn RAND_write_file
returns the number of bytes written, or a number less than or equal
to 1 if an error occurs.
.Pp
.Fn RAND_file_name
returns a pointer to
.Fa buf
on success or
.Dv NULL
on error.




.Sh HISTORY
.Fn RAND_load_file ,
.Fn RAND_write_file ,
and
.Fn RAND_file_name
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/RAND_set_rand_method.3.
1
2
3
4
5
6
7
8
9
10
11
12



13





14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85


86
87

88
89

90
91

92
93
94
95
96
97
98
99
100


101



102
103
104



105
106
107
108
109
110
111
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1



..





.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RAND_set_rand_method 3"
.TH RAND_set_rand_method 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select RAND method
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rand.h>
\&


\& void RAND_set_rand_method(const RAND_METHOD *meth);
\&

\& const RAND_METHOD *RAND_get_rand_method(void);
\&

\& RAND_METHOD *RAND_SSLeay(void);
.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions used to allow for the random number generator functions
to be replaced by arbitrary code.
.PP
They are kept for \s-1ABI\s0 compatibility but are no longer functional, and
should not be used in new programs.
.SH "SEE ALSO"
.IX Header "SEE ALSO"


\&\fIrand\fR\|(3)



.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are



available in all versions of OpenSSL.
.PP
In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to
take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been
reverted as the \s-1ENGINE API\s0 transparently overrides \s-1RAND\s0 defaults if used,
otherwise \s-1RAND API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
introduced in version 0.9.7.
|

|
<
<
<
<
|
<
<
<
<
>
>
>
|
>
>
>
>
>
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
>
>
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
|
|
<
<
<
|
<
|
|
<
<
|
<
>
>
|
<
>
|
<
>
|
<
>
|
<


|
|

|
|
>
>
|
>
>
>
|
<
|
>
>
>
|
<
<
<
<
<
<
1
2
3




4




5
6
7
8
9
10
11
12
13
14
15




























16


17
18









19






20









21
22



23

24
25


26

27
28
29

30
31

32
33

34
35

36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52
53
54






.\"	$OpenBSD: RAND_set_rand_method.3,v 1.3 2016/11/29 00:07:45 schwarze Exp $
.\"
.\" Copyright (c) 2014 Miod Vallat <miod@openbsd.org>




.\"




.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.




























.\"


.Dd $Mdocdate: November 29 2016 $
.Dt RAND_SET_RAND_METHOD 3









.Os






.Sh NAME









.Nm RAND_set_rand_method ,
.Nm RAND_get_rand_method ,



.Nm RAND_SSLeay

.Nd select RAND method
.Sh SYNOPSIS


.In openssl/rand.h

.Ft int
.Fo RAND_set_rand_method
.Fa "const RAND_METHOD *meth"

.Fc
.Ft const RAND_METHOD *

.Fn RAND_get_rand_method void
.Ft RAND_METHOD *

.Fn RAND_SSLeay void
.Sh DESCRIPTION

These functions used to allow for the random number generator functions
to be replaced by arbitrary code.
.Pp
They are kept for ABI compatibility but are no longer functional, and
should not be used in new programs.
.Sh RETURN VALUES
.Fn RAND_set_rand_method
always returns 1.
.Fn RAND_get_rand_method
and
.Fn RAND_SSLeay
always return
.Dv NULL .
.Sh HISTORY

.Fn RAND_set_rand_method ,
.Fn RAND_get_rand_method ,
and
.Fn RAND_SSLeay
are available in all versions of OpenSSL.






Changes to jni/libressl/man/RC4.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54


55



56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

94
95

96
97
98
99

100
101
102
103

104




105

106

107





108





109
110
111
112
113
114
115
116
117
118
119
120

121
122
123
124
125
126
127
128

129
130



131


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX



..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RC4 3"
.TH RC4 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l


.nh
.SH "NAME"
RC4_set_key, RC4 \- RC4 encryption
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rc4.h>
\&
\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
\&
\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
\&          unsigned char *outdata);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This library implements the Alleged \s-1RC4\s0 cipher, which is described for

example in \fIApplied Cryptography\fR.  It is believed to be compatible
with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc.

.PP
\&\s-1RC4\s0 is a stream cipher with variable key length.  Typically, 128 bit
(16 byte) keys are used for strong encryption, but shorter insecure
key sizes have been widely used due to export restrictions.

.PP
\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or
decryption phase.
.PP

\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long




key at \fBdata\fR.

.PP

\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using





\&\fBkey\fR and places the result at \fBoutdata\fR.  Repeated \s-1\fIRC4\s0()\fR calls with





the same \fBkey\fR yield a continuous key stream.
.PP
Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random
key stream to produce the output), decryption uses the same function
calls as encryption.
.PP
Applications should use the higher level functions
\&\fIEVP_EncryptInit\fR\|(3)
etc. instead of calling the \s-1RC4\s0 functions directly.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values.

.SH "NOTE"
.IX Header "NOTE"
Certain conditions have to be observed to securely use stream ciphers.
It is not permissible to perform multiple encryptions using the same
key stream.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIblowfish\fR\|(3), \fIdes\fR\|(3), \fIrc2\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"



\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR are available in all versions of SSLeay and OpenSSL.


|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
>
|
<
<
|
<
<
<
<
<
<
<
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
>
>
|
>
>
>
|
|
|
|
|
|
|
>
|
<
<
<
<
<
|
<
<
|
|
<
<
<
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
|
>
|
|
>
|
|
|
|
>
|
|

|
>
|
>
>
>
>
|
>
|
>
|
>
>
>
>
>
|
>
>
>
>
>
|
|
|


<
<
<
<
|
<
|
>
|
<
<
<
|
|
<
|
>
|
<
>
>
>
|
>
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29


30









31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65





66


67
68



69
70
71
72












73

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114




115

116
117
118



119
120

121
122
123

124
125
126
127
128
129
.\"	$OpenBSD: RC4.3,v 1.4 2016/11/29 14:51:09 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"


.\"    nor may "OpenSSL" appear in their names without prior written









.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: November 29 2016 $
.Dt RC4 3
.Os
.Sh NAME
.Nm RC4_set_key ,
.Nm RC4
.Nd RC4 encryption
.Sh SYNOPSIS
.In openssl/rc4.h
.Ft void
.Fo RC4_set_key
.Fa "RC4_KEY *key"
.Fa "int len"
.Fa "const unsigned char *data"
.Fc





.Ft void


.Fo RC4
.Fa "RC4_KEY *key"



.Fa "unsigned long len"
.Fa "const unsigned char *indata"
.Fa "unsigned char *outdata"
.Fc












.Sh DESCRIPTION

This library implements the alleged RC4 cipher, which is described for
example in
.Qq Applied Cryptography .
It is believed to be compatible with RC4[TM], a proprietary cipher of
RSA Security Inc.
.Pp
RC4 is a stream cipher with variable key length.
Typically, 128-bit (16-byte) keys are used for strong encryption, but
shorter insecure key sizes have been widely used due to export
restrictions.
.Pp
RC4 consists of a key setup phase and the actual encryption or
decryption phase.
.Pp
.Fn RC4_set_key
sets up the
.Vt RC4_KEY
.Fa key
using the
.Fa len
bytes long key at
.Fa data .
.Pp
.Fn RC4
encrypts or decrypts the
.Fa len
bytes of data at
.Fa indata
using
.Fa key
and places the result at
.Fa outdata .
Repeated
.Fn RC4
calls with the same
.Fa key
yield a continuous key stream.
.Pp
Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random
key stream to produce the output), decryption uses the same function
calls as encryption.




.Sh RETURN VALUES

.Fn RC4_set_key
and
.Fn RC4



do not return values.
.Sh SEE ALSO

.Xr blowfish 3 ,
.Xr EVP_EncryptInit 3
.Sh HISTORY

.Fn RC4_set_key
and
.Fn RC4
are available in all versions of SSLeay and OpenSSL.
.Sh BUGS
This cipher is broken and should no longer be used.
Changes to jni/libressl/man/RIPEMD160.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

81
82
83
84
85
86


87

88
89


90



91


92



93

94
95
96
97
98
99

100





101
102





103
104
105
106
107
108



109

110
111
112

113


114


115
116
117
118
119
120
121
122
123

124


125
126
127
128
129
130
131

132

133


134


135
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RIPEMD160 3"
.TH RIPEMD160 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-

RIPEMD\-160 hash function
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ripemd.h>
\&


\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,

\&                  unsigned char *md);
\&


\& int RIPEMD160_Init(RIPEMD160_CTX *c);



\& int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,


\&                  unsigned long len);



\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a
160 bit output.
.PP

\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR





bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest





is placed in a static array.
.PP
The following functions may be used if the message is not completely
stored in memory:
.PP
\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure.



.PP

\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to
be hashed (\fBlen\fR bytes at \fBdata\fR).
.PP

\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have


space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases


the \fB\s-1RIPEMD160_CTX\s0\fR.
.PP
Applications should use the higher level functions
\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the
hash functions directly.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value.
.PP

\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for


success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1ISO/IEC 10118\-3 \s0(draft) (??)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)

.SH "HISTORY"

.IX Header "HISTORY"


\&\s-1\fIRIPEMD160\s0()\fR, \fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and


\&\fIRIPEMD160_Final()\fR are available since SSLeay 0.9.0.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
<
|
<
<
<
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

|
<
|
<
<
<
<
<
<
|
<
<
<
<
<
|
<
<
<
|
|
<
<
<
<
<
|
>
|
|
<
<
|
<
>
>
|
>
|
<
>
>
|
>
>
>
|
>
>
|
>
>
>
|
>
|
|
<
|
<
|
>
|
>
>
>
>
>
|
|
>
>
>
>
>
|
|


|
|
>
>
>
|
>
|
|
|
>
|
>
>
|
>
>
|
|

|
|
|
|
|
|
>
|
>
>
|
<
<
<
|
<
|
>
|
>
|
>
>
|
>
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26

27






28


29
30


31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50
51

52






53





54



55
56





57
58
59
60


61

62
63
64
65
66

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

84

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134



135

136
137
138
139
140
141
142
143
144
145
146
.\"	$OpenBSD: RIPEMD160.3,v 1.4 2016/11/29 14:51:09 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2006, 2014 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.






.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 29 2016 $

.Dt RIPEMD160 3






.Os





.Sh NAME



.Nm RIPEMD160 ,
.Nm RIPEMD160_Init ,





.Nm RIPEMD160_Update ,
.Nm RIPEMD160_Final
.Nd RIPEMD-160 hash function
.Sh SYNOPSIS


.In openssl/ripemd.h

.Ft unsigned char *
.Fo RIPEMD160
.Fa "const unsigned char *d"
.Fa "unsigned long n"
.Fa "unsigned char *md"

.Fc
.Ft int
.Fo RIPEMD160_Init
.Fa "RIPEMD160_CTX *c"
.Fc
.Ft int
.Fo RIPEMD160_Update
.Fa "RIPEMD_CTX *c"
.Fa "const void *data"
.Fa "unsigned long len"
.Fc
.Ft int
.Fo RIPEMD160_Final
.Fa "unsigned char *md"
.Fa "RIPEMD160_CTX *c"
.Fc
.Sh DESCRIPTION

RIPEMD-160 is a cryptographic hash function with a 160-bit output.

.Pp
.Fn RIPEMD160
computes the RIPEMD-160 message digest of the
.Fa n
bytes at
.Fa d
and places it in
.Fa md ,
which must have space for
.Dv RIPEMD160_DIGEST_LENGTH
== 20 bytes of output.
If
.Fa md
is
.Dv NULL ,
the digest is placed in a static array.
.Pp
The following functions may be used if the message is not completely
stored in memory:
.Pp
.Fn RIPEMD160_Init
initializes a
.Vt RIPEMD160_CTX
structure.
.Pp
.Fn RIPEMD160_Update
can be called repeatedly with chunks of the message to be hashed
.Pq Fa len No bytes at Fa data .
.Pp
.Fn RIPEMD160_Final
places the message digest in
.Fa md ,
which must have space for
.Dv RIPEMD160_DIGEST_LENGTH
== 20 bytes of output,
and erases the
.Vt RIPEMD160_CTX .
.Pp
Applications should use the higher level functions
.Xr EVP_DigestInit 3
etc. instead of calling the hash functions directly.
.Sh RETURN VALUES
.Fn RIPEMD160
returns a pointer to the hash value.
.Pp
.Fn RIPEMD160_Init ,
.Fn RIPEMD160_Update ,
and
.Fn RIPEMD160_Final
return 1 for success or 0 otherwise.



.Sh SEE ALSO

.Xr EVP_DigestInit 3 ,
.Xr HMAC 3
.Sh STANDARDS
ISO/IEC 10118-3 (draft) (??)
.Sh HISTORY
.Fn RIPEMD160 ,
.Fn RIPEMD160_Init ,
.Fn RIPEMD160_Update ,
and
.Fn RIPEMD160_Final
are available since SSLeay 0.9.0.
Added jni/libressl/man/RSA_PSS_PARAMS_new.3.










































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
.\"	$OpenBSD: RSA_PSS_PARAMS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt RSA_PSS_PARAMS_NEW 3
.Os
.Sh NAME
.Nm RSA_PSS_PARAMS_new ,
.Nm RSA_PSS_PARAMS_free
.Nd probabilistic signature scheme with RSA hashing
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft RSA_PSS_PARAMS *
.Fn RSA_PSS_PARAMS_new void
.Ft void
.Fn RSA_PSS_PARAMS_free "RSA_PSS_PARAMS *params"
.Sh DESCRIPTION
.Fn RSA_PSS_PARAMS_new
allocates and initializes an empty
.Vt RSA_PSS_PARAMS
object, representing an ASN.1
.Vt RSASSA-PSS-params
structure defined in RFC 8017 appendix A.2.3.
It references the hash function and the mask generation function
and stores the length of the salt and the trailer field number.
.Fn RSA_PSS_PARAMS_free
frees
.Fa params .
.Sh RETURN VALUES
.Fn RSA_PSS_PARAMS_new
returns the new
.Vt RSA_PSS_PARAMS
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr RSA_padding_add_PKCS1_type_1 3 ,
.Xr X509_sign 3
.Sh STANDARDS
RFC 8017: PKCS#1: RSA Cryptography Specifications Version 2.2
Changes to jni/libressl/man/RSA_blinding_on.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53





54
55





56
57
58
59
60
61
62
63
64
65
66
67



68
69
70
71
72
73




74
75
76
77

78
79


80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97


98
99
100
101
102
103
104

105
106
107
108
109
110



111
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"





.\" Avoid warning from groff about undefined register 'F'.
.de IX





..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}



.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RSA_blinding_on 3"




.TH RSA_blinding_on 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"


RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing
attacks
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
\&
\& void RSA_blinding_off(RSA *rsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can
measure the time of \s-1RSA\s0 decryption or signature operations, blinding
must be used to protect the \s-1RSA\s0 operation from that attack.
.PP
\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a


random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and
initialized \fB\s-1BN_CTX\s0\fR.
.PP
\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for
the blinding factor.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsa\fR\|(3), \fIrand\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"



\&\fIRSA_blinding_on()\fR and \fIRSA_blinding_off()\fR appeared in SSLeay 0.9.0.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
<
<
<
<
|
<
<
|
>
|
|
|
|
<
<
>
|
|
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
|
|
>
>
>
>
>
|
|
|
<
<
<
<
|
<
<
<
|
>
>
>
|
|
<
<
|
|
>
>
>
>
|
<
<
<
>
|
|
>
>
|
|
<
<
|
<
<
|
<
|
|
<
<
<
|
<
|
<
>
>
|
|
|
|
|
|
<
>
|
|
|
<
|
<
>
>
>
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16




17


18
19
20
21
22
23


24
25
26

27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52




53



54
55
56
57
58
59


60
61
62
63
64
65
66



67
68
69
70
71
72
73


74


75

76
77



78

79

80
81
82
83
84
85
86
87

88
89
90
91

92

93
94
95
96
.\"	$OpenBSD: RSA_blinding_on.3,v 1.4 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the




.\"    distribution.


.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact

.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt RSA_BLINDING_ON 3




.Os



.Sh NAME
.Nm RSA_blinding_on ,
.Nm RSA_blinding_off
.Nd protect the RSA operation from timing attacks
.Sh SYNOPSIS
.In openssl/rsa.h


.Ft int
.Fo RSA_blinding_on
.Fa "RSA *rsa"
.Fa "BN_CTX *ctx"
.Fc
.Ft void
.Fo RSA_blinding_off



.Fa "RSA *rsa"
.Fc
.Sh DESCRIPTION
RSA is vulnerable to timing attacks.
In a setup where attackers can measure the time of RSA decryption or
signature operations, blinding must be used to protect the RSA operation
from that attack.


.Pp


.Fn RSA_blinding_on

turns blinding on for key
.Fa rsa



and generates a random blinding factor.

.Fa ctx

is
.Dv NULL
or a pre-allocated and initialized
.Vt BN_CTX .
.Pp
.Fn RSA_blinding_off
turns blinding off and frees the memory used for the blinding factor.
.Sh RETURN VALUES

.Fn RSA_blinding_on
returns 1 on success, and 0 if an error occurred.
.Sh SEE ALSO
.Xr RSA_new 3

.Sh HISTORY

.Fn RSA_blinding_on
and
.Fn RSA_blinding_off
appeared in SSLeay 0.9.0.
Changes to jni/libressl/man/RSA_check_key.3.
1

2
3
4
5
6
7
8

9
10
11
12
13
14
15
16


17



18
19
20
21
22



23
24
25
26

27
28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51




52
53
54
55


56
57
58
59




60
61
62


63
64
65
66



67

68



69

70
71
72
73
74
75
76
77
78
79
80
81
82

83
84
85
86
87
88
89
90
91
92
93
94

95





96

97
98

99
100







101




102










103
104
105

106



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124




125


126
127


128
129
130
131
132
133
134
135
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..



.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,



.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the




.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{




.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2



.        \}

.    \}



.\}

.rr rF
.\" ========================================================================
.\"
.IX Title "RSA_check_key 3"
.TH RSA_check_key 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RSA_check_key \- validate private RSA keys
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_check_key(RSA *rsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This function validates \s-1RSA\s0 keys. It checks that \fBp\fR and \fBq\fR are
in fact prime, and that \fBn = p*q\fR.
.PP
It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR,
and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR.

.PP





As such, this function can not be used with any arbitrary \s-1RSA\s0 key object,

even if it is otherwise fit for regular \s-1RSA\s0 operation. See \fB\s-1NOTES\s0\fR for more
information.

.SH "RETURN VALUE"
.IX Header "RETURN VALUE"







\&\fIRSA_check_key()\fR returns 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise.




\&\-1 is returned if an error occurs while checking the key.










.PP
If the key is invalid or an error occurred, the reason code can be
obtained using \fIERR_get_error\fR\|(3).

.SH "NOTES"



.IX Header "NOTES"
This function does not work on \s-1RSA\s0 public keys that have only the modulus
and public exponent elements populated. It performs integrity checks on all
the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private
key data too.
.PP
Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work
transparently with any underlying \s-1ENGINE\s0 implementation because it uses the
key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can
override the way key data is stored and handled, and can even provide
support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR
key data at all! If the \s-1ENGINE\s0 in question is only being used for
acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data
is complete and untouched, but this can't be assumed in the general case.
.SH "BUGS"
.IX Header "BUGS"
A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need
to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure




elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and


completely violating encapsulation and object-orientation in the process).
The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the


\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also
provide their own verifiers.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsa\fR\|(3), \fIERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4.
|
>

|
<
|
|
<
|
>
|
<
<
|
|
<
<
<
>
>
|
>
>
>
|
<
<
<
|
>
>
>
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
|
<
|
|
|
<
<

|
|
|
|
|
|
|
>
>
>
>
|

<
<
>
>
|
|
<
<
>
>
>
>
|
<
<
>
>
|
<
<
<
>
>
>
|
>
|
>
>
>
|
>
|
<
<
<
<
<
<
<
|
|
<
<
<
>
|
|
<
|
<
<
<
<
|
|
<
|
>
|
>
>
>
>
>
|
>
|
|
>
|
|
>
>
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|

|
>
|
>
>
>
|
<
<
<
|
<
<
<
<
<
<
<
<
|
|
<
|
|
>
>
>
>
|
>
>
|
|
>
>
|
|
<
<
<
<
<
<
1
2
3
4

5
6

7
8
9


10
11



12
13
14
15
16
17
18



19
20
21
22
23
24


25
26
27


28
29
30
31
32
33

34

35
36
37


38
39
40
41
42
43
44
45
46
47
48
49
50
51


52
53
54
55


56
57
58
59
60


61
62
63



64
65
66
67
68
69
70
71
72
73
74
75







76
77



78
79
80

81




82
83

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130



131








132
133

134
135
136
137
138
139
140
141
142
143
144
145
146
147
148






.\"	$OpenBSD: RSA_check_key.3,v 1.4 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Geoff Thorpe <geoff@openssl.org>.
.\" Copyright (c) 2000, 2002 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.



.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following

.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: December 11 2016 $
.Dt RSA_CHECK_KEY 3
.Os
.Sh NAME


.Nm RSA_check_key
.Nd validate private RSA keys
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int


.Fo RSA_check_key
.Fa "RSA *rsa"
.Fc



.Sh DESCRIPTION
This function validates RSA keys.
It checks that
.Fa rsa->p
and
.Fa rsa->q
are in fact prime, and that
.Fa rsa->n
satifies n = p*q.
.Pp
It also checks that
.Fa rsa->d







and
.Fa rsa->e



satisfy d*e = 1 mod ((p-1)*(q-1)),
and that
.Fa rsa->dmp1 ,

.Fa rsa->dmq1 ,




and
.Fa resa->iqmp

are set correctly or are
.Dv NULL .
.Pp
This function does not work on RSA public keys that have only the
modulus and public exponent elements populated.
It performs integrity checks on all the RSA key material, so the
.Vt RSA
key structure must contain all the private key data too.
Therefore, it cannot be used with any arbitrary
.Vt RSA
key object, even if it is otherwise fit for regular RSA operation.
.Pp
Unlike most other RSA functions, this function does
.Sy not
work transparently with any underlying
.Vt ENGINE
implementation because it uses the key data in the
.Vt RSA
structure directly.
An
.Vt ENGINE
implementation can override the way key data is stored and handled,
and can even provide support for HSM keys - in which case the
.Vt RSA
structure may contain
.Sy no
key data at all!
If the
.Vt ENGINE
in question is only being used for acceleration or analysis purposes,
then in all likelihood the RSA key data is complete and untouched,
but this can't be assumed in the general case.
.Sh RETURN VALUES
.Fn RSA_check_key
returns 1 if
.Fa rsa
is a valid RSA key, and 0 otherwise.
-1 is returned if an error occurs while checking the key.
.Pp
If the key is invalid or an error occurred, the reason code can be
obtained using
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_is_prime_ex 3 ,
.Xr ERR_get_error 3 ,
.Xr RSA_new 3
.Sh HISTORY



.Fn RSA_check_key








appeared in OpenSSL 0.9.4.
.Sh BUGS

A method of verifying the RSA key using opaque RSA API functions might
need to be considered.
Right now
.Fn RSA_check_key
simply uses the
.Vt RSA
structure elements directly, bypassing the
.Vt RSA_METHOD
table altogether (and completely violating encapsulation and
object-orientation in the process).
The best fix will probably be to introduce a check_key() handler
to the
.Vt RSA_METHOD
function table so that alternative implementations can also provide
their own verifiers.






Changes to jni/libressl/man/RSA_generate_key.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18

19
20
21
22
23
24
25
26

27
28
29
30
31
32

33
34
35




36


37
38
39
40
41
42
43



44
45
46
47


48



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

69
70




71
72


73
74
75
76
77
78

79
80

81
82
83
84
85
86
87


88

89

90
91
92
93
94

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111


112

113

114
115

116


117
118

119


120



121
122



123
124
125
126





127
128





129



130

131
132

133
134
135
136
137
138
139
140
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will

.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}




.el\{\


.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}



.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '


.\"



.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}

.\}
.rr rF




.\" ========================================================================
.\"


.IX Title "RSA_generate_key 3"
.TH RSA_generate_key 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh

.SH "NAME"
RSA_generate_key_ex, RSA_generate_key \- generate RSA key pair

.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
.Ve


.PP

Deprecated:

.PP
.Vb 2
\& RSA *RSA_generate_key(int num, unsigned long e,
\&    void (*callback)(int,int,void *), void *cb_arg);
.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRSA_generate_key_ex()\fR generates a key pair and stores it in the \fB\s-1RSA\s0\fR
structure provided in \fBrsa\fR.
.PP
The modulus size will be of length \fBbits\fR, and the public exponent will be
\&\fBe\fR. Key sizes with \fBnum\fR < 1024 should be considered insecure.
The exponent is an odd number, typically 3, 17 or 65537.
.PP
A callback function may be used to provide feedback about the
progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it
will be called as follows using the \fIBN_GENCB_call()\fR function
described on the \fIBN_generate_prime\fR\|(3) page:
.IP "\(bu" 4
While a random prime number is generated, it is called as
described in \fIBN_generate_prime\fR\|(3).
.IP "\(bu" 4


When the n\-th randomly generated prime is rejected as not

suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called.

.IP "\(bu" 4
When a random p has been found with p\-1 relatively prime to \fBe\fR,

it is called as \fBBN_GENCB_call(cb, 3, 0)\fR.


.PP
The process is then repeated for prime q with \fBBN_GENCB_call(cb, 3, 1)\fR.

.PP


RSA_generate_key is deprecated (new applications should use



RSA_generate_key_ex instead). RSA_generate_key works in the same was as
RSA_generate_key_ex except it uses \*(L"old style\*(R" call backs. See



\&\fIBN_generate_prime\fR\|(3) for further details.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
If key generation fails, \fIRSA_generate_key()\fR returns \fB\s-1NULL\s0\fR.





.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).





.SH "BUGS"



.IX Header "BUGS"

\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings.
.PP

\&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),
\&\fIRSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBcb_arg\fR argument was added in SSLeay 0.9.0.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
>
|
|
<
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
>
>
>
>
|
>
>
|
|
|
|
|
|
|
>
>
>

<
<
<
>
>
|
>
>
>
|
<
<
<
|
<
|
|
|
|
|
|
|
<
|
<
<
<
<
|
>
|
|
>
>
>
>
|
|
>
>
|
<
<
<
|
|
>
|
<
>
|
<
|
<
<
<
|
>
>
|
>
|
>
|
|
<
<
|
>
<
|
<
|
|
<
<
<
|
<
<
<
<
<
|
|
|
>
>
|
>
|
>
|
|
>
|
>
>
|
|
>
|
>
>
|
>
>
>
|
|
>
>
>
|
|
<
|
>
>
>
>
>
|
|
>
>
>
>
>
|
>
>
>
|
>
|
|
>
|
<
<
<
<
<
<
<
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21


22
23


24
25
26


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50



51
52
53
54
55
56
57



58

59
60
61
62
63
64
65

66




67
68
69
70
71
72
73
74
75
76
77
78
79



80
81
82
83

84
85

86



87
88
89
90
91
92
93
94
95


96
97

98

99
100



101





102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156







.\"	$OpenBSD: RSA_generate_key.3,v 1.6 2017/03/25 18:08:48 schwarze Exp $
.\"	OpenSSL RSA_generate_key.pod bb6c5e7f Feb 5 10:29:22 2017 -0500
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002, 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project


.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: March 25 2017 $
.Dt RSA_GENERATE_KEY 3
.Os
.Sh NAME
.Nm RSA_generate_key_ex ,
.Nm RSA_generate_key
.Nd generate RSA key pair



.Sh SYNOPSIS

.In openssl/rsa.h
.Ft int
.Fo RSA_generate_key_ex
.Fa "RSA *rsa"
.Fa "int bits"
.Fa "BIGNUM *e"
.Fa "BN_GENCB *cb"

.Fc




.Pp
Deprecated:
.Pp
.Ft RSA *
.Fo RSA_generate_key
.Fa "int num"
.Fa "unsigned long e"
.Fa "void (*callback)(int, int, void *)"
.Fa "void *cb_arg"
.Fc
.Sh DESCRIPTION
.Fn RSA_generate_key_ex
generates a key pair and stores it in



.Fa rsa .
.Pp
The modulus size will be of length
.Fa bits ,

and the public exponent will be
.Fa e .

Key sizes with



.Fa num
< 1024 should be considered insecure.
The exponent is an odd number, typically 3, 17 or 65537.
.Pp
A callback function may be used to provide feedback about the progress
of the key generation.
If
.Fa cb
is not


.Dv NULL ,
it will be called as follows using the

.Xr BN_GENCB_call 3

function:
.Bl -bullet



.It





While a random prime number is generated, it is called as described in
.Xr BN_generate_prime 3 .
.It
When the
.Fa n Ns -th
randomly generated prime is rejected as not suitable for
the key,
.Fn BN_GENCB_call cb 2 n
is called.
.It
When a random p has been found with p-1 relatively prime to
.Fa e ,
it is called as
.Fn BN_GENCB_call cb 3 0 .
.El
.Pp
The process is then repeated for prime q with
.Fn BN_GENCB_call cb 3 1 .
.Pp
.Fn RSA_generate_key
is deprecated.
New applications should use
.Fn RSA_generate_key_ex
instead.
.Fn RSA_generate_key
works in the same way as
.Fn RSA_generate_key_ex
except it uses "old style" call backs.
See
.Xr BN_generate_prime 3
for further details.
.Sh RETURN VALUES

.Fn RSA_generate_key_ex
returns 1 on success or 0 on error.
.Fn RSA_generate_key
returns the key on success or
.Dv NULL
on error.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BN_generate_prime 3 ,
.Xr ERR_get_error 3 ,
.Xr RSA_new 3
.Sh HISTORY
The
.Fa cb_arg
argument was added in SSLeay 0.9.0.
.Sh BUGS
.Fn BN_GENCB_call cb 2 x
is used with two different meanings.
.Pp
.Fn RSA_generate_key
goes into an infinite loop for illegal input values.







Changes to jni/libressl/man/RSA_get_ex_new_index.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25



26


27


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44











45
46
47
48


49

50
51
52




53


54


55
56
57
58
59
60
61
62



63
64
65
66
67
68
69
70
71
72

73
74
75
76


77
78


79
80
81
82

83
84
85
86
87


88
89
90
91



92
93
94
95
96
97
98
99
100
101
102
103
104
105

106
107
108

109
110

111

112


113

114
115
116
117


118


119
120
121
122


123

124

125

126

127


128
129
130

131
132

133

134

135

136

137
138










139
140

141
142
143
144
145


146

147





148


149

150




151

152







153
154
155



156
157
158


159





160


161
162
163

164
165
166

167
168

169




170

171
172



173
174
175
176







177





178

179
180
181


182


183
184
185
186
187
188
189
190
191
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'



.ie n \{\


.    ds -- \(*W-


.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"











.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for

.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.




.\"


.\" Avoid warning from groff about undefined register 'F'.


.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "RSA_get_ex_new_index 3"
.TH RSA_get_ex_new_index 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.


.if n .ad l
.nh


.SH "NAME"
RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application
specific data to RSA structures
.SH "SYNOPSIS"

.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_get_ex_new_index(long argl, void *argp,


\&                CRYPTO_EX_new *new_func,
\&                CRYPTO_EX_dup *dup_func,
\&                CRYPTO_EX_free *free_func);
\&



\& int RSA_set_ex_data(RSA *r, int idx, void *arg);
\&
\& void *RSA_get_ex_data(RSA *r, int idx);
\&
\& typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
\&                           int idx, long argl, void *argp);
\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
\&                             int idx, long argl, void *argp);
\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
\&                           int idx, long argl, void *argp);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Several OpenSSL structures can have application specific data attached to them.

This has several potential uses, it can be used to cache data associated with
a structure (for example the hash of some part of the structure) or some
additional data (for example a handle to the data in an external library).

.PP
Since the application data can be anything at all it is passed and retrieved

as a \fBvoid *\fR type.

.PP


The \fB\f(BIRSA_get_ex_new_index()\fB\fR function is initially called to \*(L"register\*(R" some

new application specific data. It takes three optional function pointers which
are called when the parent structure (in this case an \s-1RSA\s0 structure) is
initially created, when it is copied and when it is freed up. If any or all of
these function pointer arguments are not used they should be set to \s-1NULL.\s0 The


precise manner in which these function pointers are called is described in more


detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer
parameters which will be passed to the supplied functions but which otherwise
have no special meaning. It returns an \fBindex\fR which should be stored
(typically in a static variable) and passed used in the \fBidx\fR parameter in


the remaining functions. Each successful call to \fB\f(BIRSA_get_ex_new_index()\fB\fR

will return an index greater than any previously returned, this is important

because the optional functions are called in order of increasing index value.

.PP

\&\fB\f(BIRSA_set_ex_data()\fB\fR is used to set application specific data, the data is


supplied in the \fBarg\fR parameter and its precise meaning is up to the
application.
.PP

\&\fB\f(BIRSA_get_ex_data()\fB\fR is used to retrieve application specific data. The data
is returned to the application, this will be the same value as supplied to

a previous \fB\f(BIRSA_set_ex_data()\fB\fR call.

.PP

\&\fB\f(BInew_func()\fB\fR is called when a structure is initially allocated (for example

with \fB\f(BIRSA_new()\fB\fR. The parent structure members will not have any meaningful

values at this point. This function will typically be used to allocate any
application specific structure.










.PP
\&\fB\f(BIfree_func()\fB\fR is called when a structure is being freed up. The dynamic parent

structure members should not be accessed because they will be freed up when
this function is called.
.PP
\&\fB\f(BInew_func()\fB\fR and \fB\f(BIfree_func()\fB\fR take the same parameters. \fBparent\fR is a
pointer to the parent \s-1RSA\s0 structure. \fBptr\fR is a the application specific data


(this wont be of much use in \fB\f(BInew_func()\fB\fR. \fBad\fR is a pointer to the

\&\fB\s-1CRYPTO_EX_DATA\s0\fR structure from the parent \s-1RSA\s0 structure: the functions





\&\fB\f(BICRYPTO_get_ex_data()\fB\fR and \fB\f(BICRYPTO_set_ex_data()\fB\fR can be called to manipulate


it. The \fBidx\fR parameter is the index: this will be the same value returned by

\&\fB\f(BIRSA_get_ex_new_index()\fB\fR when the functions were initially registered. Finally




the \fBargl\fR and \fBargp\fR parameters are the values originally passed to the same

corresponding parameters when \fB\f(BIRSA_get_ex_new_index()\fB\fR was called.







.PP
\&\fB\f(BIdup_func()\fB\fR is called when a structure is being copied. Pointers to the
destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures are passed in the \fBto\fR and



\&\fBfrom\fR parameters respectively. The \fBfrom_d\fR parameter is passed a pointer to
the source application data when the function is called, when the function
returns the value is copied to the destination: the application can thus modify


the data pointed to by \fBfrom_d\fR and have different values in the source and





destination.  The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are the same as those


in \fB\f(BInew_func()\fB\fR and \fB\f(BIfree_func()\fB\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fB\f(BIRSA_get_ex_new_index()\fB\fR returns a new index or \-1 on failure (note 0 is a
valid index value).
.PP

\&\fB\f(BIRSA_set_ex_data()\fB\fR returns 1 on success or 0 on failure.
.PP

\&\fB\f(BIRSA_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also




be valid application data but currently it can only fail if given an invalid

\&\fBidx\fR parameter.
.PP



\&\fB\f(BInew_func()\fB\fR and \fB\f(BIdup_func()\fB\fR should return 0 for failure and 1 for success.
.PP
On failure an error code can be obtained from
\&\fIERR_get_error\fR\|(3).







.SH "BUGS"





.IX Header "BUGS"

\&\fB\f(BIdup_func()\fB\fR is currently never called.
.PP
The return value of \fB\f(BInew_func()\fB\fR is ignored.


.PP


The \fB\f(BInew_func()\fB\fR function isn't very useful because no meaningful values are
present in the parent \s-1RSA\s0 structure when it is called.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsa\fR\|(3), \fICRYPTO_set_ex_data\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR are
available since SSLeay 0.9.0.
|
>

|
<
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
>
>
>
|
>
>
|
>
>
|
<
<
|
<
<
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
>
>
>
|
<
<

>
>
|
>
|
<
|
>
>
>
>
|
>
>
|
>
>
|
|
<
<
<
|
<
|
>
>
>
|
<
<
<
|
|
|
|
<
|
>
|
|
|
|
>
>
|
|
>
>
|
<
<
|
>
|
|
<
<
|
>
>
|
|
|
<
>
>
>
|
<
<
<
<
<
<
<
<
<
|
|
<
|
>
|
|
|
>
|
|
>
|
>
|
>
>
|
>
|
|
|
|
>
>
|
>
>
|
|
|
|
>
>
|
>
|
>
|
>
|
>
|
>
>
|
<
|
>
|
|
>
|
>
|
>
|
>
|
>
|
|
>
>
>
>
>
>
>
>
>
>
|
|
>
|
<
|
<
|
>
>
|
>
|
>
>
>
>
>
|
>
>
|
>
|
>
>
>
>
|
>
|
>
>
>
>
>
>
>
|
|
|
>
>
>
|
|
|
>
>
|
>
>
>
>
>
|
>
>
|
|
<
>
|
|
|
>
|
|
>
|
>
>
>
>
|
>
|
|
>
>
>
|
|

|
>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
|
|
|
>
>
|
>
>
|
|
<
<
<
<
<
<
<
1
2
3
4

5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35


36









37


38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54
55
56

57
58
59
60
61
62
63
64
65
66
67
68
69



70

71
72
73
74
75



76
77
78
79

80
81
82
83
84
85
86
87
88
89
90
91
92


93
94
95
96


97
98
99
100
101
102

103
104
105
106









107
108

109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

181

182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234

235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283







.\"	$OpenBSD: RSA_get_ex_new_index.3,v 1.6 2017/01/06 20:35:23 schwarze Exp $
.\"	OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2006 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:


.\"    "This product includes software developed by the OpenSSL Project









.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: January 6 2017 $
.Dt RSA_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm RSA_get_ex_new_index ,

.Nm RSA_set_ex_data ,
.Nm RSA_get_ex_data
.Nd add application specific data to RSA structures
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int
.Fo RSA_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc



.Ft int

.Fo RSA_set_ex_data
.Fa "RSA *r"
.Fa "int idx"
.Fa "void *arg"
.Fc



.Ft void *
.Fo RSA_get_ex_data
.Fa "RSA *r"
.Fa "int idx"

.Fc
.Ft typedef int
.Fo CRYPTO_EX_new
.Fa "void *parent"
.Fa "void *ptr"
.Fa "CRYPTO_EX_DATA *ad"
.Fa "int idx"
.Fa "long argl"
.Fa "void *argp"
.Fc
.Ft typedef void
.Fo CRYPTO_EX_free
.Fa "void *parent"


.Fa "void *ptr"
.Fa "CRYPTO_EX_DATA *ad"
.Fa "int idx"
.Fa "long argl"


.Fa "void *argp"
.Fc
.Ft typedef int
.Fo CRYPTO_EX_dup
.Fa "CRYPTO_EX_DATA *to"
.Fa "CRYPTO_EX_DATA *from"

.Fa "void *from_d"
.Fa "int idx"
.Fa "long argl"
.Fa "void *argp"









.Fc
.Sh DESCRIPTION

Several OpenSSL structures can have application specific data attached
to them.
This has several potential uses: it can be used to cache data associated
with a structure (for example the hash of some part of the structure) or
some additional data (for example a handle to the data in an external
library).
.Pp
Since the application data can be anything at all it is passed and
retrieved as a
.Vt void *
type.
.Pp
The
.Fn RSA_get_ex_new_index
function is initially called to "register" some new application specific
data.
It takes three optional function pointers which are called when the
parent structure (in this case an RSA structure) is initially created,
when it is copied and when it is freed up.
If any or all of these function pointer arguments are not used, they
should be set to
.Dv NULL .
The precise manner in which these function pointers are called is
described in more detail below.
.Fn RSA_get_ex_new_index
also takes additional long and pointer parameters which will be passed
to the supplied functions but which otherwise have no special meaning.
It returns an index which should be stored (typically in a static
variable) and passed as the
.Fa idx
parameter in the remaining functions.
Each successful call to
.Fn RSA_get_ex_new_index
will return an index greater than any previously returned.
This is
important because the optional functions are called in order of
increasing index value.
.Pp
.Fn RSA_set_ex_data
is used to set application specific data.
The data is supplied in the
.Fa arg
parameter and its precise meaning is up to the application.

.Pp
.Fn RSA_get_ex_data
is used to retrieve application specific data.
The data is returned to the application, which will be the same value as
supplied to a previous
.Fn RSA_set_ex_data
call.
.Pp
.Fa new_func
is called when a structure is initially allocated (for example with
.Xr RSA_new 3 .
The parent structure members will not have any meaningful values at this
point.
This function will typically be used to allocate any application
specific structure.
.Pp
.Fa free_func
is called when a structure is being freed up.
The dynamic parent structure members should not be accessed because they
will be freed up when this function is called.
.Pp
.Fa new_func
and
.Fa free_func
take the same parameters.
.Fa parent
is a pointer to the parent
.Vt RSA
structure.

.Fa ptr

is the application specific data (this won't be of much use in
.Fa new_func ) .
.Fa ad
is a pointer to the
.Vt CRYPTO_EX_DATA
structure from the parent
.Vt RSA
structure: the functions
.Fn CRYPTO_get_ex_data
and
.Fn CRYPTO_set_ex_data
can be called to manipulate it.
The
.Fa idx
parameter is the index: this will be the same value returned by
.Fn RSA_get_ex_new_index
when the functions were initially registered.
Finally the
.Fa argl
and
.Fa argp
parameters are the values originally passed to the same corresponding
parameters when
.Fn RSA_get_ex_new_index
was called.
.Pp
.Fa dup_func
is called when a structure is being copied.
Pointers to the destination and source
.Vt CRYPTO_EX_DATA
structures are passed in the
.Fa to
and
.Fa from
parameters, respectively.
The
.Fa from_d
parameter is passed a pointer to the source application data when the
function is called.
When the function returns, the value is copied to the destination:
the application can thus modify the data pointed to by
.Fa from_d
and have different values in the source and destination.
The
.Fa idx ,
.Fa argl ,
and
.Fa argp
parameters are the same as those in
.Fa new_func
and
.Fa free_func .
.Sh RETURN VALUES

.Fn RSA_get_ex_new_index
returns a new index or -1 on failure.
Note that 0 is a valid index value.
.Pp
.Fn RSA_set_ex_data
returns 1 on success or 0 on failure.
.Pp
.Fn RSA_get_ex_data
returns the application data or
.Dv NULL
on failure.
.Dv NULL
may also be valid application data, but currently it can only fail if
given an invalid
.Fa idx
parameter.
.Pp
.Fa new_func
and
.Fa dup_func
should return 0 for failure and 1 for success.
.Pp
On failure an error code can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BIO_set_ex_data 3 ,
.Xr CRYPTO_set_ex_data 3 ,
.Xr DH_set_ex_data 3 ,
.Xr DSA_set_ex_data 3 ,
.Xr RSA_new 3 ,
.Xr X509_STORE_CTX_set_ex_data 3
.Sh HISTORY
.Fn RSA_get_ex_new_index ,
.Fn RSA_set_ex_data ,
and
.Fn RSA_get_ex_data
are available since SSLeay 0.9.0.
.Sh BUGS
.Fa dup_func
is currently never called.
.Pp
The return value of
.Fa new_func
is ignored.
.Pp
The
.Fa new_func
function isn't very useful because no meaningful values are present in
the parent RSA structure when it is called.







Changes to jni/libressl/man/RSA_new.3.
1


2
3
4
5
6
7
8

9
10
11
12

13



14
15




16




17
18
19
20
21
22


23
24
25
26

27










28
29
30


31

32
33
34

35



36
37




38



39
40
41
42
43


44
45

46





47
48
49
50
51
52
53
54


55
56
57
58
59
60
61
62






63
64
65
66
67
68
69






70
71

72
73
74
75
76
77



78





79

80
81





82
83
84
85
86
87

88
89
90
91
92
93
94
95
96

97
98
99



100

101
102
103




104



105





106



107



108



109
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)


.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R




.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-










.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch


.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""

'br\}



.el\{\
.    ds -- \|\(em\|




.    ds PI \(*p



.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}


.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.

.ie \n(.g .ds Aq \(aq





.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.


.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"






..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}






.rr rF
.\" ========================================================================

.\"
.IX Title "RSA_new 3"
.TH RSA_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l



.nh





.SH "NAME"

RSA_new, RSA_free \- allocate and free RSA objects
.SH "SYNOPSIS"





.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& RSA * RSA_new(void);
\&

\& void RSA_free(RSA *rsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to
calling RSA_new_method(\s-1NULL\s0).
.PP
\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is
erased before the memory is returned to the system.

.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that



can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns a

pointer to the newly allocated structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"




\&\fIERR_get_error\fR\|(3), \fIrsa\fR\|(3),



\&\fIRSA_generate_key\fR\|(3),





\&\fIRSA_new_method\fR\|(3)



.SH "HISTORY"



.IX Header "HISTORY"



\&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL.
|
>
>

|
<
<
|
<
|
>
|
|
|
|
>
|
>
>
>
|
|
>
>
>
>
|
>
>
>
>
|
<
<
<
<
<
>
>
|
|
<
<
>
|
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
|
>
|
|
|
>
|
>
>
>
|
<
>
>
>
>
|
>
>
>
|
|
|
|
|
>
>
|
<
>
|
>
>
>
>
>
|
|
<
|
<
<
|
<
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
<
<
<
|
|
|
>
>
>
>
>
>
|
<
>
|
<
<
<
<
|
>
>
>
|
>
>
>
>
>
|
>
|
<
>
>
>
>
>
|
|
|
<
<
<
>
|
|
<
<
<
<
<
|
<
>
|
<
|
>
>
>
|
>
|
|
|
>
>
>
>
|
>
>
>
|
>
>
>
>
>
|
>
>
>
|
>
>
>
|
>
>
>
|
1
2
3
4
5


6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29





30
31
32
33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86

87


88

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105



106
107
108
109
110
111
112
113
114
115

116
117




118
119
120
121
122
123
124
125
126
127
128
129
130

131
132
133
134
135
136
137
138



139
140
141





142

143
144

145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
.\"	$OpenBSD: RSA_new.3,v 1.4 2016/12/11 12:52:28 schwarze Exp $
.\"	OpenSSL doc/man3/RSA_new.pod 99d63d46 Oct 26 13:56:48 2016 -0400
.\"	OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.


.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"





.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt RSA_NEW 3
.Os
.Sh NAME
.Nm RSA_new ,
.Nm RSA_free
.Nd allocate and free RSA objects
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft RSA *

.Fn RSA_new void
.Ft void
.Fo RSA_free
.Fa "RSA *rsa"
.Fc
.Sh DESCRIPTION
The RSA functions implement RSA public key encryption and signatures
as defined in PKCS #1 v2.0 (RFC 2437).
.Pp
.Fn RSA_new
allocates and initializes an
.Vt RSA
structure.
It is equivalent to calling
.Fn RSA_new_method NULL .
.Pp

.Fn RSA_free
frees the
.Vt RSA
structure and its components.
The key is erased before the memory is returned to the system.
If
.Fa rsa
is a
.Dv NULL

pointer, no action occurs.


.Pp

The
.Vt RSA
structure consists of several
.Vt BIGNUM
components.
It can contain public as well as private RSA keys:
.Bd -literal
typdef struct {
	BIGNUM *n;		// public modulus
	BIGNUM *e;		// public exponent
	BIGNUM *d;		// private exponent
	BIGNUM *p;		// secret prime factor
	BIGNUM *q;		// secret prime factor
	BIGNUM *dmp1;		// d mod (p-1)
	BIGNUM *dmq1;		// d mod (q-1)
	BIGNUM *iqmp;		// q^-1 mod p
	// ...



} RSA;
.Ed
.Pp
In public keys, the private exponent
.Fa d
and the related secret values
.Fa p , q , dmp1 , dmp2 ,
and
.Fa iqmp
are

.Dv NULL .
.Pp




.Fa p ,
.Fa q ,
.Fa dmp1 ,
.Fa dmq1 ,
and
.Fa iqmp
may be
.Dv NULL
in private keys, but the RSA operations are much faster when these
values are available.
.Pp
Note that RSA keys may use non-standard
.Vt RSA_METHOD

implementations, either directly or by the use of
.Vt ENGINE
modules.
In some cases (e.g. an
.Vt ENGINE
providing support for hardware-embedded keys), these
.Vt BIGNUM
values will not be used by the implementation or may be used for



alternative data storage.
For this reason, applications should generally avoid using
.Vt RSA





structure elements directly and instead use API functions to query

or modify keys.
.Sh RETURN VALUES

If the allocation fails,
.Fn RSA_new
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr BN_new 3 ,
.Xr d2i_RSAPublicKey 3 ,
.Xr DH_new 3 ,
.Xr DSA_new 3 ,
.Xr engine 3 ,
.Xr ERR_get_error 3 ,
.Xr EVP_PKEY_set1_RSA 3 ,
.Xr RSA_blinding_on 3 ,
.Xr RSA_check_key 3 ,
.Xr RSA_generate_key 3 ,
.Xr RSA_get_ex_new_index 3 ,
.Xr RSA_padding_add_PKCS1_type_1 3 ,
.Xr RSA_print 3 ,
.Xr RSA_private_encrypt 3 ,
.Xr RSA_public_encrypt 3 ,
.Xr RSA_set_method 3 ,
.Xr RSA_sign 3 ,
.Xr RSA_sign_ASN1_OCTET_STRING 3 ,
.Xr RSA_size 3
.Sh STANDARDS
SSL, PKCS #1 v2.0
.Pp
RSA was covered by a US patent which expired in September 2000.
.Sh HISTORY
.Fn RSA_new
and
.Fn RSA_free
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/RSA_padding_add_PKCS1_type_1.3.








1






















2

3
4
5
6
7
8

9
10
11
12







13
14

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

45
46
47
48
49
50
51
52
53


54


55

56






57
58
59
60



61
62

63
64

65

66
67
68

69
70
71
72
73
74
75
76

77




78
79
80
81
82






83
84
85
86
87
88
89
90
91

92
93
94
95
96


97
98
99
100
101
102
103

104
105
106
107
108
109
110
111
112
113
114








115
116

117
118
119
120
121
122
123
124
125


126
127
128
129
130

131
132
133

134



135
136
137

138
139

140
141
142
143
144
145
146
147
148
149
150
151
152

153
154




155

156



157


158

159



160


161




162
163

164


165
166
167
168
169

170
171
172
173
174

175

176

177


178
179
180


181
182








.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)






















.\"

.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1







..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"


.\" Avoid warning from groff about undefined register 'F'.


.de IX

..






.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{



.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{

.            nr % 0

.            nr F 2
.        \}
.    \}

.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RSA_padding_add_PKCS1_type_1 3"
.TH RSA_padding_add_PKCS1_type_1 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l




.nh
.SH "NAME"
RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,






RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption
padding
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,

\&    unsigned char *f, int fl);
\&
\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
\&    unsigned char *f, int fl, int rsa_len);
\&


\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
\&    unsigned char *f, int fl);
\&
\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
\&    unsigned char *f, int fl, int rsa_len);
\&
\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,

\&    unsigned char *f, int fl, unsigned char *p, int pl);
\&
\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
\&    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
\&
\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
\&    unsigned char *f, int fl);
\&
\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
\&    unsigned char *f, int fl, int rsa_len);
\&








\& int RSA_padding_add_none(unsigned char *to, int tlen,
\&    unsigned char *f, int fl);

\&
\& int RSA_padding_check_none(unsigned char *to, int tlen,
\&    unsigned char *f, int fl, int rsa_len);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt,
decrypt, sign and verify functions. Normally they should not be called
from application programs.


.PP
However, they can also be called directly to implement padding for other
asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and
\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined
with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding

parameter.
.PP
\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into

\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR



does not meet the size requirements of the encoding method.
.PP
The following encoding methods are implemented:

.IP "PKCS1_type_1" 4
.IX Item "PKCS1_type_1"

\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures
.IP "PKCS1_type_2" 4
.IX Item "PKCS1_type_2"
\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2)
.IP "\s-1PKCS1_OAEP\s0" 4
.IX Item "PKCS1_OAEP"
\&\s-1PKCS\s0 #1 v2.0 EME-OAEP
.IP "SSLv23" 4
.IX Item "SSLv23"
\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification
.IP "none" 4
.IX Item "none"
simply copy the data

.PP
\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain




a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective

encoding method and stores the recovered data of at most \fBtlen\fR bytes



(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR)


at \fBto\fR.

.PP



For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter


of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0.




.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error.


The \fIRSA_padding_check_xxx()\fR functions return the length of the
recovered data, \-1 on error. Error codes can be obtained by calling
\&\fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fIRSA_public_encrypt\fR\|(3),
\&\fIRSA_private_decrypt\fR\|(3),
\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIRSA_padding_add_PKCS1_type_1()\fR, \fIRSA_padding_check_PKCS1_type_1()\fR,

\&\fIRSA_padding_add_PKCS1_type_2()\fR, \fIRSA_padding_check_PKCS1_type_2()\fR,

\&\fIRSA_padding_add_SSLv23()\fR, \fIRSA_padding_check_SSLv23()\fR,


\&\fIRSA_padding_add_none()\fR and \fIRSA_padding_check_none()\fR appeared in
SSLeay 0.9.0.
.PP


\&\fIRSA_padding_add_PKCS1_OAEP()\fR and \fIRSA_padding_check_PKCS1_OAEP()\fR were
added in OpenSSL 0.9.2b.
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>
|
<
|
|
<
|
>
|
|
|
|
>
>
>
>
>
>
>
|
<
>
|
<
|
<
<
<
<
<
<
|
|
|
|
|
|
|
|
|
<
<
<
<
<
<
<
|
|
|
<
|
>
|
|
|
|
|
|
<
<
|
>
>
|
>
>
|
>
|
>
>
>
>
>
>
|
<
<
|
>
>
>
|
|
>
|
|
>
|
>
|
<
|
>
|
|
<
|
|
<
<
|
>
|
>
>
>
>
|
|
<
<
|
>
>
>
>
>
>
|
<
<
<
<
<
<
<
|
>
|
<
|
|
<
>
>
|
|
<
|
|
<
|
>
|
<
|
|
<
|
|
<
|
|
<
>
>
>
>
>
>
>
>
|
<
>
<
|
<
<
<
<
<
<
|
>
>
|
<
|
<
|
>
|
|
|
>
|
>
>
>

|

>
|
|
>
|
|
<
|
<
|
|
|
<
|
|
<

>
|
|
>
>
>
>
|
>
|
>
>
>
|
>
>
|
>
|
>
>
>
|
>
>
|
>
>
>
>
|
|
>
|
>
>
|
|
|
|
|
>
|
|
|
|
<
>
|
>
|
>
|
>
>
|
|
|
>
>
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

35
36

37
38
39
40
41
42
43
44
45
46
47
48
49
50

51
52

53






54
55
56
57
58
59
60
61
62







63
64
65

66
67
68
69
70
71
72
73


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89


90
91
92
93
94
95
96
97
98
99
100
101
102

103
104
105
106

107
108


109
110
111
112
113
114
115
116
117


118
119
120
121
122
123
124
125







126
127
128

129
130

131
132
133
134

135
136

137
138
139

140
141

142
143

144
145

146
147
148
149
150
151
152
153
154

155

156






157
158
159
160

161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

181

182
183
184

185
186

187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233

234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
.\"	$OpenBSD: RSA_padding_add_PKCS1_type_1.3,v 1.4 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:

.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 11 2016 $
.Dt RSA_PADDING_ADD_PKCS1_TYPE_1 3

.Os






.Sh NAME
.Nm RSA_padding_add_PKCS1_type_1 ,
.Nm RSA_padding_check_PKCS1_type_1 ,
.Nm RSA_padding_add_PKCS1_type_2 ,
.Nm RSA_padding_check_PKCS1_type_2 ,
.Nm RSA_padding_add_PKCS1_OAEP ,
.Nm RSA_padding_check_PKCS1_OAEP ,
.Nm RSA_padding_add_SSLv23 ,
.Nm RSA_padding_check_SSLv23 ,







.Nm RSA_padding_add_none ,
.Nm RSA_padding_check_none
.Nd asymmetric encryption padding

.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int
.Fo RSA_padding_add_PKCS1_type_1
.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"
.Fa "int fl"


.Fc
.Ft int
.Fo RSA_padding_check_PKCS1_type_1
.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"
.Fa "int fl"
.Fa "int rsa_len"
.Fc
.Ft int
.Fo RSA_padding_add_PKCS1_type_2
.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"
.Fa "int fl"
.Fc


.Ft int
.Fo RSA_padding_check_PKCS1_type_2
.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"
.Fa "int fl"
.Fa "int rsa_len"
.Fc
.Ft int
.Fo RSA_padding_add_PKCS1_OAEP
.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"

.Fa "int fl"
.Fa "unsigned char *p"
.Fa "int pl"
.Fc

.Ft int
.Fo RSA_padding_check_PKCS1_OAEP


.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"
.Fa "int fl"
.Fa "int rsa_len"
.Fa "unsigned char *p"
.Fa "int pl"
.Fc
.Ft int


.Fo RSA_padding_add_SSLv23
.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"
.Fa "int fl"
.Fc
.Ft int
.Fo RSA_padding_check_SSLv23







.Fa "unsigned char *to"
.Fa "int tlen"
.Fa "unsigned char *f"

.Fa "int fl"
.Fa "int rsa_len"

.Fc
.Ft int
.Fo RSA_padding_add_none
.Fa "unsigned char *to"

.Fa "int tlen"
.Fa "unsigned char *f"

.Fa "int fl"
.Fc
.Ft int

.Fo RSA_padding_check_none
.Fa "unsigned char *to"

.Fa "int tlen"
.Fa "unsigned char *f"

.Fa "int fl"
.Fa "int rsa_len"

.Fc
.Sh DESCRIPTION
These functions are called from the RSA encrypt, decrypt, sign, and
verify functions.
Normally they should not be called from application programs.
.Pp
However, they can also be called directly to implement padding for other
asymmetric ciphers.
.Fn RSA_padding_add_PKCS1_OAEP

and

.Fn RSA_padding_check_PKCS1_OAEP






may be used in an application combined with
.Dv RSA_NO_PADDING
in order to implement OAEP with an encoding parameter.
.Pp

.Fn RSA_padding_add_*

encodes
.Fa fl
bytes from
.Fa f
so as to fit into
.Fa tlen
bytes and stores the result at
.Fa to .
An error occurs if
.Fa fl
does not meet the size requirements of the encoding method.
.Pp
The following encoding methods are implemented:
.Pp
.Bl -tag -width PKCS1_type_2 -compact
.It PKCS1_type_1
PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1);
used for signatures
.It PKCS1_type_2

PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)

.It PKCS1_OAEP
PKCS #1 v2.0 EME-OAEP
.It SSLv23

PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
.It none

simply copy the data
.El
.Pp
.Fn RSA_padding_check_*
verifies that the
.Fa fl
bytes at
.Fa f
contain a valid encoding for a
.Fa rsa_len
byte RSA key in the respective encoding method and stores the recovered
data of at most
.Fa tlen
bytes (for
.Dv RSA_NO_PADDING :
of size
.Fa tlen )
at
.Fa to .
.Pp
For
.Fn RSA_padding_*_OAEP ,
.Fa p
points to the encoding parameter of length
.Fa pl .
.Fa p
may be
.Dv NULL
if
.Fa pl
is 0.
.Sh RETURN VALUES
The
.Fn RSA_padding_add_*
functions return 1 on success or 0 on error.
The
.Fn RSA_padding_check_*
functions return the length of the recovered data or -1 on error.
Error codes can be obtained by calling
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr RSA_new 3 ,
.Xr RSA_private_decrypt 3 ,
.Xr RSA_public_encrypt 3 ,
.Xr RSA_sign 3 ,
.Xr RSA_verify 3
.Sh HISTORY

.Fn RSA_padding_add_PKCS1_type_1 ,
.Fn RSA_padding_check_PKCS1_type_1 ,
.Fn RSA_padding_add_PKCS1_type_2 ,
.Fn RSA_padding_check_PKCS1_type_2 ,
.Fn RSA_padding_add_SSLv23 ,
.Fn RSA_padding_check_SSLv23 ,
.Fn RSA_padding_add_none ,
and
.Fn RSA_padding_check_none
appeared in SSLeay 0.9.0.
.Pp
.Fn RSA_padding_add_PKCS1_OAEP
and
.Fn RSA_padding_check_PKCS1_OAEP
were added in OpenSSL 0.9.2b.
Changes to jni/libressl/man/RSA_print.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25


26


27


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47







48
49
50
51



52
53
54

55
56
57







58
59






60
61
62
63
64


65
66
67

68



69
70
71



72

73


74
75
76
77
78
79
80
81
82
83
84

85
86
87


88
89
90
91
92

93
94
95
96
97
98
99
100
101
102
103
104
105
106



107
108


109
110
111
112
113
114

115
116

117





118



119
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'


.ie n \{\


.    ds -- \(*W-


.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '







.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the



.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..
.nr rF 0







.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{






.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{


.            nr % 0
.            nr F 2
.        \}

.    \}



.\}
.rr rF
.\" ========================================================================



.\"

.IX Title "RSA_print 3"


.TH RSA_print 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RSA_print, RSA_print_fp,
DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
DHparams_print, DHparams_print_fp \- print cryptographic parameters
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/rsa.h>
\&


\& int RSA_print(BIO *bp, RSA *x, int offset);
\& int RSA_print_fp(FILE *fp, RSA *x, int offset);
\&
\& #include <openssl/dsa.h>
\&

\& int DSAparams_print(BIO *bp, DSA *x);
\& int DSAparams_print_fp(FILE *fp, DSA *x);
\& int DSA_print(BIO *bp, DSA *x, int offset);
\& int DSA_print_fp(FILE *fp, DSA *x, int offset);
\&
\& #include <openssl/dh.h>
\&
\& int DHparams_print(BIO *bp, DH *x);
\& int DHparams_print_fp(FILE *fp, DH *x);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A human-readable hexadecimal output of the components of the \s-1RSA\s0
key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR.



.PP
The output lines are indented by \fBoffset\fR spaces.


.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
These functions return 1 on success, 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIrsa\fR\|(3), \fIBN_bn2bin\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"

\&\fIRSA_print()\fR, \fIRSA_print_fp()\fR, \fIDSA_print()\fR, \fIDSA_print_fp()\fR, \fIDH_print()\fR,





\&\fIDH_print_fp()\fR are available in all versions of SSLeay and OpenSSL.



\&\fIDSAparams_print()\fR and \fIDSAparams_print_fp()\fR were added in SSLeay 0.8.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
>
>
|
>
>
|
>
>
|
<
<
|
<
<
<
<
<
<
<
<
<
|
<
<

<
<
<
>
>
>
>
>
>
>
|
<
<
<
>
>
>
|

<
>
|
|
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
|
<
<
|
|
>
>
|
|
|
>
|
>
>
>
|
|
<
>
>
>
|
>
|
>
>
|
<
<
<
|
|
|
<
<
|
|
>
|
|
<
>
>
|
|
<
<
<
>
|
|
<
|
<
<
<
|
<
|
|
<
|
|
>
>
>
|
|
>
>
|
<
|
|
<
|
>
|
<
>
|
>
>
>
>
>
|
>
>
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34


35









36


37



38
39
40
41
42
43
44
45



46
47
48
49
50

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70


71
72
73
74
75
76
77
78
79
80
81
82
83
84

85
86
87
88
89
90
91
92
93



94
95
96


97
98
99
100
101

102
103
104
105



106
107
108

109



110

111
112

113
114
115
116
117
118
119
120
121
122

123
124

125
126
127

128
129
130
131
132
133
134
135
136
137
138
139
.\"	$OpenBSD: RSA_print.3,v 1.5 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002, 2003 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:


.\"    "This product includes software developed by the OpenSSL Project









.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)



.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 11 2016 $
.Dt RSA_PRINT 3
.Os
.Sh NAME
.Nm RSA_print ,
.Nm RSA_print_fp ,
.Nm DSAparams_print ,
.Nm DSAparams_print_fp ,
.Nm DSA_print ,
.Nm DSA_print_fp ,
.Nm DHparams_print ,
.Nm DHparams_print_fp
.Nd print cryptographic parameters
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int
.Fo RSA_print
.Fa "BIO *bp"
.Fa "RSA *x"
.Fa "int offset"


.Fc
.Ft int
.Fo RSA_print_fp
.Fa "FILE *fp"
.Fa "RSA *x"
.Fa "int offset"
.Fc
.In openssl/dsa.h
.Ft int
.Fo DSAparams_print
.Fa "BIO *bp"
.Fa "DSA *x"
.Fc
.Ft int

.Fo DSAparams_print_fp
.Fa "FILE *fp"
.Fa "DSA *x"
.Fc
.Ft int
.Fo DSA_print
.Fa "BIO *bp"
.Fa "DSA *x"
.Fa "int offset"



.Fc
.Ft int
.Fo DSA_print_fp


.Fa "FILE *fp"
.Fa "DSA *x"
.Fa "int offset"
.Fc
.In openssl/dh.h

.Ft int
.Fo DHparams_print
.Fa "BIO *bp"
.Fa "DH *x"



.Fc
.Ft int
.Fo DHparams_print_fp

.Fa "FILE *fp"



.Fa "DH *x"

.Fc
.Sh DESCRIPTION

A human-readable hexadecimal output of the components of the RSA key,
DSA parameters or key or DH parameters is printed to
.Fa bp
or
.Fa fp .
.Pp
The output lines are indented by
.Fa offset
spaces.
.Sh RETURN VALUES

These functions return 1 on success or 0 on error.
.Sh SEE ALSO

.Xr BN_bn2bin 3 ,
.Xr RSA_new 3
.Sh HISTORY

.Fn RSA_print ,
.Fn RSA_print_fp ,
.Fn DSA_print ,
.Fn DSA_print_fp ,
.Fn DHparams_print ,
and
.Fn DHparams_print_fp
are available in all versions of SSLeay and OpenSSL.
.Fn DSAparams_print
and
.Fn DSAparams_print_fp
were added in SSLeay 0.8.
Changes to jni/libressl/man/RSA_private_encrypt.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16
17
18
19
20
21
22



23
24
25
26

27
28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51




52
53
54
55


56
57
58
59





60
61
62






63
64



65
66

67
68
69
70
71

72
73

74
75
76
77
78


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

101

102
103
104


105



106
107
108
109
110
111

112

113

114




115
116



117
118
119

120

121
122
123
124
125
126
127
128


129
130

131
132

133
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,



.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the




.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{





.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"






..
.        if !\nF==2 \{



.            nr % 0
.            nr F 2

.        \}
.    \}
.\}
.rr rF
.\" ========================================================================

.\"
.IX Title "RSA_private_encrypt 3"

.TH RSA_private_encrypt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh


.SH "NAME"
RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_private_encrypt(int flen, unsigned char *from,
\&    unsigned char *to, RSA *rsa, int padding);
\&
\& int RSA_public_decrypt(int flen, unsigned char *from,
\&    unsigned char *to, RSA *rsa, int padding);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions handle \s-1RSA\s0 signatures at a low level.
.PP
\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a
message digest with an algorithm identifier) using the private key
\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to
\&\fBRSA_size(rsa)\fR bytes of memory.
.PP

\&\fBpadding\fR denotes one of the following modes:

.IP "\s-1RSA_PKCS1_PADDING\s0" 4
.IX Item "RSA_PKCS1_PADDING"
\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the \fBalgorithmIdentifier\fR


specified in \s-1PKCS\s0 #1. When generating or verifying \s-1PKCS\s0 #1 signatures,



\&\fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be used.
.IP "\s-1RSA_NO_PADDING\s0" 4
.IX Item "RSA_NO_PADDING"
Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement
cryptographically sound padding modes in the application code.
Signing user data directly with \s-1RSA\s0 is insecure.

.PP

\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR

bytes long signature at \fBfrom\fR using the signer's public key




\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the
message digest (which is smaller than \fBRSA_size(rsa) \-



11\fR). \fBpadding\fR is the padding mode that was used to sign the data.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e.,

RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the
recovered message digest.
.PP
On error, \-1 is returned; the error codes can be
obtained by \fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIrsa\fR\|(3),


\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
.SH "HISTORY"

.IX Header "HISTORY"
The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is

available since SSLeay 0.9.0.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
|
<
<
<
<
|
>
>
>
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
|
<
|
|
|
<
<

|
|
|
|
|
|
|
>
>
>
>
|

<
<
>
>
|
|
<
<
>
>
>
>
>
|
<
<
>
>
>
>
>
>
|
|
>
>
>
|
<
>
|
<
|
|
<
>
|
|
>
|
<
|
<
|
>
>
|
|
|
<
|
<
<
<
|
<
|
<
<
<
<
<
<
<
<
<
|
|
>
|
>
|
|
|
>
>
|
>
>
>
|
|
|
|
|
|
>
|
>
|
>
|
>
>
>
>
|
|
>
>
>
|
|
<
>
|
>
|
|
|
|
|
|
<
|
>
>
|
|
>
|
|
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17




18
19
20
21
22
23


24
25
26


27
28
29
30
31
32

33

34
35
36


37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54


55
56
57
58
59
60


61
62
63
64
65
66
67
68
69
70
71
72

73
74

75
76

77
78
79
80
81

82

83
84
85
86
87
88

89



90

91









92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

129
130
131
132
133
134
135
136
137

138
139
140
141
142
143
144
145
146
147
.\"	$OpenBSD: RSA_private_encrypt.3,v 1.6 2017/03/25 18:14:17 schwarze Exp $
.\"	OpenSSL RSA_private_encrypt.pod b41f6b64 Mar 10 15:49:04 2017 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.




.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following

.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: March 25 2017 $
.Dt RSA_PRIVATE_ENCRYPT 3
.Os
.Sh NAME


.Nm RSA_private_encrypt ,
.Nm RSA_public_decrypt
.Nd low level signature operations
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int


.Fo RSA_private_encrypt
.Fa "int flen"
.Fa "const unsigned char *from"
.Fa "unsigned char *to"
.Fa "RSA *rsa"
.Fa "int padding"
.Fc
.Ft int
.Fo RSA_public_decrypt
.Fa "int flen"
.Fa "const unsigned char *from"
.Fa "unsigned char *to"

.Fa "RSA *rsa"
.Fa "int padding"

.Fc
.Sh DESCRIPTION

These functions handle RSA signatures at a low level.
.Pp
.Fn RSA_private_encrypt
signs the
.Fa flen

bytes at

.Fa from
(usually a message digest with an algorithm identifier) using the
private key
.Fa rsa
and stores the signature in
.Fa to .

.Fa to



must point to

.Fn RSA_size rsa









bytes of memory.
.Pp
.Fa padding
denotes one of the following modes:
.Bl -tag -width Ds
.It Dv RSA_PKCS1_PADDING
PKCS #1 v1.5 padding.
This function does not handle the
.Sy algorithmIdentifier
specified in PKCS #1.
When generating or verifying PKCS #1 signatures,
.Xr RSA_sign 3
and
.Xr RSA_verify 3
should be used.
.It Dv RSA_NO_PADDING
Raw RSA signature.
This mode should only be used to implement cryptographically sound
padding modes in the application code.
Signing user data directly with RSA is insecure.
.El
.Pp
.Fn RSA_public_decrypt
recovers the message digest from the
.Fa flen
bytes long signature at
.Fa from
using the signer's public key
.Fa rsa .
.Fa to
must point to a memory section large enough to hold the message digest
(which is smaller than
.Fn RSA_size rsa
- 11).
.Fa padding
is the padding mode that was used to sign the data.
.Sh RETURN VALUES

.Fn RSA_private_encrypt
returns the size of the signature (i.e.\&
.Fn RSA_size rsa ) .
.Fn RSA_public_decrypt
returns the size of the recovered message digest.
.Pp
On error, -1 is returned; the error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr RSA_new 3 ,
.Xr RSA_sign 3 ,
.Xr RSA_verify 3
.Sh HISTORY
The
.Fa padding
argument was added in SSLeay 0.8.
.Dv RSA_NO_PADDING
is available since SSLeay 0.9.0.
Changes to jni/libressl/man/RSA_public_encrypt.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17

18
19
20
21
22
23
24
25
26

27
28
29
30

31
32
33
34


35
36
37
38
39
40
41
42
43

44
45
46
47
48
49
50
51
52


53
54
55




56
57
58
59
60
61
62





63
64
65
66
67


68
69



70
71


72

73
74
75
76
77
78
79
80
81
82
83
84
85


86




87
88


89

90

91
92
93
94
95
96
97
98
99
100
101
102

103
104


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120



121


122
123


124
125
126

127

128
129
130
131
132
133
134
135
136
137
138

139


140

141
142


143
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..

.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""


'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}

.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.


.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX




..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"





..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}


.    \}
.\}



.rr rF
.\" ========================================================================


.\"

.IX Title "RSA_public_encrypt 3"
.TH RSA_public_encrypt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&


\& int RSA_public_encrypt(int flen, unsigned char *from,




\&    unsigned char *to, RSA *rsa, int padding);
\&


\& int RSA_private_decrypt(int flen, unsigned char *from,

\&     unsigned char *to, RSA *rsa, int padding);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a
session key) using the public key \fBrsa\fR and stores the ciphertext in
\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory.
.PP
\&\fBpadding\fR denotes one of the following modes:
.IP "\s-1RSA_PKCS1_PADDING\s0" 4
.IX Item "RSA_PKCS1_PADDING"
\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode.
.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4

.IX Item "RSA_PKCS1_OAEP_PADDING"
EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty


encoding parameter. This mode is recommended for all new applications.
.IP "\s-1RSA_SSLV23_PADDING\s0" 4
.IX Item "RSA_SSLV23_PADDING"
\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes
that the server is \s-1SSL3\s0 capable.
.IP "\s-1RSA_NO_PADDING\s0" 4
.IX Item "RSA_NO_PADDING"
Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement
cryptographically sound padding modes in the application code.
Encrypting user data directly with \s-1RSA\s0 is insecure.
.PP
\&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5
based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for
\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0
.PP
\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the



private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBto\fR must point


to a memory section large enough to hold the decrypted data (which is
smaller than RSA_size(\fBrsa\fR)). \fBpadding\fR is the padding mode that


was used to encrypt the data.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e.,

RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the
recovered plaintext.
.PP
On error, \-1 is returned; the error codes can be
obtained by \fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),

\&\fIRSA_size\fR\|(3)


.SH "HISTORY"

.IX Header "HISTORY"
The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is


available since SSLeay 0.9.0, \s-1OAEP\s0 was added in OpenSSL 0.9.2b.
|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
>
|
|
|
|
|
|
|
|
|
>
|
|
<
|
>
|
|
|
|
>
>
|
|
|
|
|
|
|
|
|
>

<
|
|
|
|
|
|
|
>
>
|
|
|
>
>
>
>
|
<
<
<
|
|
<
>
>
>
>
>
|
<
<
<
<
>
>
|
|
>
>
>
|
<
>
>
|
>
|
<
<
<
|
|
|
<
<
|
|
|
<
>
>
|
>
>
>
>
|
<
>
>
|
>
|
>
|
<
<
<
<
<
|
|
|
|
|
|
>
|
<
>
>
|
<
<
<
<
<
|
<
<
<
|
|
|
<
|
|
>
>
>
|
>
>
|
|
>
>
|
|
<
>
|
>
|
|
|
|
|
<
<
<
|
<
|
>
|
>
>
|
>
|
|
>
>
|
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67



68
69

70
71
72
73
74
75




76
77
78
79
80
81
82
83

84
85
86
87
88



89
90
91


92
93
94

95
96
97
98
99
100
101
102

103
104
105
106
107
108
109





110
111
112
113
114
115
116
117

118
119
120





121



122
123
124

125
126
127
128
129
130
131
132
133
134
135
136
137
138

139
140
141
142
143
144
145
146



147

148
149
150
151
152
153
154
155
156
157
158
159
.\"	$OpenBSD: RSA_public_encrypt.3,v 1.6 2017/03/25 18:17:45 schwarze Exp $
.\"	OpenSSL RSA_public_encrypt.pod b41f6b64 Mar 10 15:49:04 2017 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2004 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.

.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: March 25 2017 $
.Dt RSA_PUBLIC_ENCRYPT 3
.Os
.Sh NAME
.Nm RSA_public_encrypt ,
.Nm RSA_private_decrypt
.Nd RSA public key cryptography
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int
.Fo RSA_public_encrypt
.Fa "int flen"
.Fa "const unsigned char *from"
.Fa "unsigned char *to"
.Fa "RSA *rsa"
.Fa "int padding"
.Fc



.Ft int
.Fo RSA_private_decrypt

.Fa "int flen"
.Fa "const unsigned char *from"
.Fa "unsigned char *to"
.Fa "RSA *rsa"
.Fa "int padding"
.Fc




.Sh DESCRIPTION
.Fn RSA_public_encrypt
encrypts the
.Fa flen
bytes at
.Fa from
(usually a session key) using the public key
.Fa rsa

and stores the ciphertext in
.Fa to .
.Fa to
must point to
.Fn RSA_size rsa



bytes of memory.
.Pp
.Fa padding


denotes one of the following modes:
.Bl -tag -width Ds
.It Dv RSA_PKCS1_PADDING

PKCS #1 v1.5 padding.
This currently is the most widely used mode.
.It Dv RSA_PKCS1_OAEP_PADDING
EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
encoding parameter.
This mode is recommended for all new applications.
.It Dv RSA_SSLV23_PADDING
PKCS #1 v1.5 padding with an SSL-specific modification that denotes that

the server is SSL3 capable.
.It Dv RSA_NO_PADDING
Raw RSA encryption.
This mode should only be used to implement cryptographically sound
padding modes in the application code.
Encrypting user data directly with RSA is insecure.
.El





.Pp
.Fa flen
must be less than
.Fn RSA_size rsa
- 11 for the PKCS #1 v1.5 based padding modes, less than
.Fn RSA_size rsa
- 41 for
.Dv RSA_PKCS1_OAEP_PADDING

and exactly
.Fn RSA_size rsa
for





.Dv RSA_NO_PADDING .



.Pp
.Fn RSA_private_decrypt
decrypts the

.Fa flen
bytes at
.Fa from
using the private key
.Fa rsa
and stores the plaintext in
.Fa to .
.Fa to
must point to a memory section large enough to hold the decrypted data
(which is smaller than
.Fn RSA_size rsa ) .
.Fa padding
is the padding mode that was used to encrypt the data.
.Sh RETURN VALUES

.Fn RSA_public_encrypt
returns the size of the encrypted data (i.e.\&
.Fn RSA_size rsa ) .
.Fn RSA_private_decrypt
returns the size of the recovered plaintext.
.Pp
On error, -1 is returned; the error codes can be obtained by
.Xr ERR_get_error 3 .



.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr RSA_new 3 ,
.Xr RSA_size 3
.Sh STANDARDS
SSL, PKCS #1 v2.0
.Sh HISTORY
The
.Fa padding
argument was added in SSLeay 0.8.
.Dv RSA_NO_PADDING
is available since SSLeay 0.9.0.
OAEP was added in OpenSSL 0.9.2b.
Changes to jni/libressl/man/RSA_set_method.3.
1

2
3
4
5
6
7
8
9
10
11
12
13

14
15
16




17
18
19
20
21
22

23
24
25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48









49
50
51
52
53

54
55
56
57

58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

84
85
86
87
88

89
90



91
92



93
94













95
96
97
98
99
100
101
102
103
104
105
106


107
108
109


110

111
112
113


114
115



116

117
118
119
120
121


122
123
124











125

126

127



128


129

130
131

132
133

134



135

136

137
138
139
140

141





142

143



144


145

146

147



148


149

150



151




152
153
154
155
156
157

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212





213
214
215
216

217
218

219

220


221


222


223

224

225

226
227



228

229
230
231

232













233
234


235

236

237

238




239

240


241





242
243

244


245
246









247

248

249
250
251
252
253
254
255

256
257
258
259
260
261
262
263
264
265
266



267


268



269







270



.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..

.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"









.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0

.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RSA_set_method 3"
.TH RSA_set_method 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RSA_set_default_method, RSA_get_default_method, RSA_set_method,
RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
RSA_new_method, RSA_get_default_openssl_method,
RSA_set_default_openssl_method \- select RSA method

.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&

\& void RSA_set_default_method(const RSA_METHOD *meth);
\&



\& RSA_METHOD *RSA_get_default_method(void);
\&



\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
\&













\& RSA_METHOD *RSA_get_method(const RSA *rsa);
\&
\& RSA_METHOD *RSA_PKCS1_SSLeay(void);
\&
\& RSA_METHOD *RSA_null_method(void);
\&
\& int RSA_flags(const RSA *rsa);
\&
\& RSA *RSA_new_method(RSA_METHOD *method);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"


An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0
operations. By modifying the method, alternative implementations such as
hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for


important information about how these \s-1RSA API\s0 functions are affected by the

use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,


as returned by \fIRSA_PKCS1_SSLeay()\fR.
.PP



\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0

structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
been set as a default for \s-1RSA,\s0 so this function is no longer recommended.
.PP
\&\fIRSA_get_default_method()\fR returns a pointer to the current default
\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on


whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP











\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key

\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the

previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will



be released during the change. It is possible to have \s-1RSA\s0 keys that only


work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module

that supports embedded hardware-protected keys), and in such cases
attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected

results.
.PP

\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR.



This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if

it is, the return value can only be guaranteed to be valid as long as the

\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by
\&\fIRSA_set_method()\fR.
.PP
\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current

\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section.





.PP

\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that



\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the


default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,

the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.

.PP



\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method.


.PP

\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that



\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,




the default method is used.
.SH "THE RSA_METHOD STRUCTURE"
.IX Header "THE RSA_METHOD STRUCTURE"
.Vb 4
\& typedef struct rsa_meth_st
\& {

\&     /* name of the implementation */
\&        const char *name;
\&
\&     /* encrypt */
\&        int (*rsa_pub_enc)(int flen, unsigned char *from,
\&          unsigned char *to, RSA *rsa, int padding);
\&
\&     /* verify arbitrary data */
\&        int (*rsa_pub_dec)(int flen, unsigned char *from,
\&          unsigned char *to, RSA *rsa, int padding);
\&
\&     /* sign arbitrary data */
\&        int (*rsa_priv_enc)(int flen, unsigned char *from,
\&          unsigned char *to, RSA *rsa, int padding);
\&
\&     /* decrypt */
\&        int (*rsa_priv_dec)(int flen, unsigned char *from,
\&          unsigned char *to, RSA *rsa, int padding);
\&
\&     /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some
\&                                        implementations) */
\&        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
\&
\&     /* compute r = a ^ p mod m (May be NULL for some implementations) */
\&        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
\&          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
\&
\&     /* called at RSA_new */
\&        int (*init)(RSA *rsa);
\&
\&     /* called at RSA_free */
\&        int (*finish)(RSA *rsa);
\&
\&     /* RSA_FLAG_EXT_PKEY        \- rsa_mod_exp is called for private key
\&      *                            operations, even if p,q,dmp1,dmq1,iqmp
\&      *                            are NULL
\&      * RSA_FLAG_SIGN_VER        \- enable rsa_sign and rsa_verify
\&      * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match
\&      */
\&        int flags;
\&
\&        char *app_data; /* ?? */
\&
\&     /* sign. For backward compatibility, this is used only
\&      * if (flags & RSA_FLAG_SIGN_VER)
\&      */
\&        int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
\&           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
\&
\&     /* verify. For backward compatibility, this is used only
\&      * if (flags & RSA_FLAG_SIGN_VER)
\&      */
\&        int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
\&           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
\&





\& } RSA_METHOD;
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR
and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs.

.PP

\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation


that was replaced. However, this return value should probably be ignored


because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated


at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a

result of the \fIRSA_set_method()\fR function releasing its handle to the

\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR

declaration in a future release.
.PP



\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained

by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise
it returns a pointer to the newly allocated structure.
.SH "NOTES"

.IX Header "NOTES"













As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR


modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an

\&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA

API \s0(ie.  \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the

recommended way to control default implementations for use in \s-1RSA\s0 and other




cryptographic algorithms.

.SH "BUGS"


.IX Header "BUGS"





The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now
to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the

encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key


itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key
(which is what this function returns). If the flags element of an \s-1RSA\s0 key









is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not

be reflected in the return value of the \fIRSA_flags()\fR function \- in effect

\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does
not currently exist).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsa\fR\|(3), \fIRSA_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIRSA_new_method()\fR and \fIRSA_set_default_method()\fR appeared in SSLeay 0.8.
\&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as
well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were
added in OpenSSL 0.9.4.
.PP
\&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR
replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR
respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use
\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine
version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE
API\s0 was restructured so that this change was reversed, and behaviour of the



other functions resembled more closely the previous behaviour. The


behaviour of defaults in the \s-1ENGINE API\s0 now transparently overrides the



behaviour of defaults in the \s-1RSA API\s0 without requiring changing these







function prototypes.



|
>

|
<
|
|
|
|
|
|
<
|
|
>
|
<
|
>
>
>
>
|
<
<
<
|
|
>
|
|
<
|
|
>
|
<
|
|
|
<
<
<
<
<
<
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
|
|
<
|

>
|
<
|
|
>
|
|
|
|
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
|
|
|
>
|
<
<
|
<
>
|
<
>
>
>
|
<
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
|
<
|
|
|
<
>
>
|
|
|
>
>
|
>
|
|
|
>
>
|
|
>
>
>
|
>
|
<
|
<
<
>
>
|

|
>
>
>
>
>
>
>
>
>
>
>
|
>
|
>
|
>
>
>
|
>
>
|
>
|
|
>
|
|
>
|
>
>
>
|
>
|
>
|
|
|
|
>
|
>
>
>
>
>
|
>
|
>
>
>
|
>
>
|
>
|
>
|
>
>
>
|
>
>
|
>
|
>
>
>
|
>
>
>
>

|
<
|
|
<
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
>
|
<
<
<
>
|
|
>
|
>
|
>
>
|
>
>
|
>
>
|
>
|
>
|
>

|
>
>
>
|
>
|
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
|
>
|
>
|
>
|
>
>
>
>
|
>
|
>
>
|
>
>
>
>
>
|
|
>
|
>
>
|
<
>
>
>
>
>
>
>
>
>
|
>
|
>
|
|
<
|
<
<
<
>
<
<
<
|
|
<
<
<
<
<
|
>
>
>
|
>
>
|
>
>
>
|
>
>
>
>
>
>
>
|
>
>
>
1
2
3
4

5
6
7
8
9
10

11
12
13
14

15
16
17
18
19
20



21
22
23
24
25

26
27
28
29

30
31
32








33


34


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53
54

55
56
57
58
59
60
61











62
63






64
65
66
67
68


69

70
71

72
73
74
75

76
77
78
79

80
81
82
83
84
85
86
87
88
89
90
91
92
93





94

95
96
97

98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120


121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

208
209

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271



272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349

350
351
352
353
354
355
356
357
358
359
360
361
362
363
364

365



366



367
368





369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
.\"	$OpenBSD: RSA_set_method.3,v 1.5 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>

.\" and Geoff Thorpe <geoff@openssl.org>.
.\" Copyright (c) 2000, 2002, 2007, 2014 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions

.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.

.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"



.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"

.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written








.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2016 $
.Dt RSA_SET_METHOD 3

.Os
.Sh NAME
.Nm RSA_set_default_method ,
.Nm RSA_get_default_method ,
.Nm RSA_set_method ,
.Nm RSA_get_method ,
.Nm RSA_PKCS1_SSLeay ,











.Nm RSA_null_method ,
.Nm RSA_flags ,






.Nm RSA_new_method ,
.Nm RSA_get_default_openssl_method ,
.Nm RSA_set_default_openssl_method
.Nd select RSA method
.Sh SYNOPSIS


.In openssl/rsa.h

.Ft void
.Fo RSA_set_default_method

.Fa "const RSA_METHOD *meth"
.Fc
.Ft RSA_METHOD *
.Fn RSA_get_default_method void

.Ft int
.Fo RSA_set_method
.Fa "RSA *rsa"
.Fa "const RSA_METHOD *meth"

.Fc
.Ft RSA_METHOD *
.Fo RSA_get_method
.Fa "const RSA *rsa"
.Fc
.Ft RSA_METHOD *
.Fn RSA_PKCS1_SSLeay void
.Ft RSA_METHOD *
.Fn RSA_null_method void
.Ft int
.Fo RSA_flags
.Fa "const RSA *rsa"
.Fc
.Ft RSA *





.Fo RSA_new_method

.Fa "RSA_METHOD *meth"
.Fc
.Sh DESCRIPTION

An
.Vt RSA_METHOD
specifies the functions that OpenSSL uses for RSA operations.
By modifying the method, alternative implementations such as hardware
accelerators may be used.
See the
.Sx CAVEATS
section for how these RSA API functions are affected by the use of
.Xr engine 3
API calls.
.Pp
Initially, the default
.Vt RSA_METHOD
is the OpenSSL internal implementation, as returned by
.Fn RSA_PKCS1_SSLeay .
.Pp
.Fn RSA_set_default_method
makes
.Fa meth
the default method for all
.Vt RSA
structures created later.

.Sy NB :


This is true only whilst no
.Vt ENGINE
has been set as a default for RSA, so this function is no longer
recommended.
.Pp
.Fn RSA_get_default_method
returns a pointer to the current default
.Vt RSA_METHOD .
However, the meaningfulness of this result is dependent on whether
the
.Xr engine 3
API is being used, so this function is no longer recommended.
.Pp
.Fn RSA_set_method
selects
.Fa meth
to perform all operations using the key
.Fa rsa .
This will replace the
.Vt RSA_METHOD
used by the RSA key, and if the previous method was supplied by an
.Vt ENGINE ,
the handle to that
.Vt ENGINE
will be released during the change.
It is possible to have RSA keys that only work with certain
.Vt RSA_METHOD
implementations (e.g. from an
.Vt ENGINE
module that supports embedded hardware-protected keys),
and in such cases attempting to change the
.Vt RSA_METHOD
for the key can have unexpected results.
.Pp
.Fn RSA_get_method
returns a pointer to the
.Vt RSA_METHOD
being used by
.Fa rsa .
This method may or may not be supplied by an
.Vt ENGINE
implementation but if it is, the return value can only be guaranteed
to be valid as long as the RSA key itself is valid and does not
have its implementation changed by
.Fn RSA_set_method .
.Pp
.Fn RSA_flags
returns the flags that are set for the current
.Vt RSA_METHOD
of
.Fa rsa .
See the
.Sx BUGS
section.
.Pp
.Fn RSA_new_method
allocates and initializes an
.Vt RSA
structure so that
.Fa meth
will be used for the RSA operations.
If
.Sy engine
is NULL, the default ENGINE for RSA operations is used and, if no
default ENGINE is set, the RSA_METHOD controlled by
.Fn RSA_set_default_method
is used.
.Pp
.Fn RSA_flags
returns the
.Sy flags
that are set for
.Fa rsa Ns 's
current method.
.Pp
.Fn RSA_new_method
allocates and initializes an
.Vt RSA
structure so that
.Fa meth
will be used for the RSA operations.
If
.Fa meth
is
.Dv NULL ,
the default method is used.
.Sh THE RSA_METHOD STRUCTURE

.Bd -literal
typedef struct rsa_meth_st

{
     /* name of the implementation */
	const char *name;

     /* encrypt */
	int (*rsa_pub_enc)(int flen, unsigned char *from,
          unsigned char *to, RSA *rsa, int padding);

     /* verify arbitrary data */
	int (*rsa_pub_dec)(int flen, unsigned char *from,
          unsigned char *to, RSA *rsa, int padding);

     /* sign arbitrary data */
	int (*rsa_priv_enc)(int flen, unsigned char *from,
          unsigned char *to, RSA *rsa, int padding);

     /* decrypt */
	int (*rsa_priv_dec)(int flen, unsigned char *from,
          unsigned char *to, RSA *rsa, int padding);

     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
                                        implementations) */
	int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
	int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

     /* called at RSA_new */
	int (*init)(RSA *rsa);

     /* called at RSA_free */
	int (*finish)(RSA *rsa);

     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
      *                            operations, even if p,q,dmp1,dmq1,iqmp
      *                            are NULL
      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
      */
	int flags;

	char *app_data; /* ?? */

     /* sign. For backward compatibility, this is used only
      * if (flags & RSA_FLAG_SIGN_VER)
      */
	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
           unsigned char *sigret, unsigned int *siglen, RSA *rsa);

     /* verify. For backward compatibility, this is used only
      * if (flags & RSA_FLAG_SIGN_VER)
      */
	int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

} RSA_METHOD;
.Ed
.Sh RETURN VALUES
.Fn RSA_PKCS1_SSLeay ,
.Fn RSA_null_method ,
.Fn RSA_get_default_method



and
.Fn RSA_get_method
return pointers to the respective
.Vt RSA_METHOD .
.Pp
.Fn RSA_set_method
returns a pointer to the old
.Vt RSA_METHOD
implementation that was replaced.
However, this return value should probably be ignored because if it was
supplied by an
.Vt ENGINE ,
the pointer could be invalidated at any time if the
.Vt ENGINE
is unloaded.
In fact, it could be unloaded as a result of the
.Fn RSA_set_method
function releasing its handle to the
.Vt ENGINE .
For this reason, the return type may be replaced with a
.Vt void
declaration in a future release.
.Pp
.Fn RSA_new_method
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3
if the allocation fails.
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr RSA_new 3
.Sh HISTORY
.Fn RSA_new_method
and
.Fn RSA_set_default_method
appeared in SSLeay 0.8.
.Fn RSA_get_default_method ,
.Fn RSA_set_method ,
and
.Fn RSA_get_method
as well as the
.Fa rsa_sign
and
.Fa rsa_verify
components of
.Vt RSA_METHOD

were added in OpenSSL 0.9.4.
.Pp
.Fn RSA_set_default_openssl_method
and
.Fn RSA_get_default_openssl_method
replaced
.Fn RSA_set_default_method
and
.Fn RSA_get_default_method
respectively, and
.Fn RSA_set_method
and
.Fn RSA_new_method
were altered to use
.Vt ENGINE Ns s
rather than
.Vt RSA_METHOD Ns s
during development of the
.Xr engine 3
version of OpenSSL 0.9.6.
For 0.9.7, the handling of defaults in the
.Xr engine 3
API was restructured so that this change was reversed, and behaviour
of the other functions resembled more closely the previous behaviour.
The behaviour of defaults in the
.Xr engine 3
API now transparently overrides the behaviour of defaults in the
RSA API without requiring changing these function prototypes.
.Sh CAVEATS
As of version 0.9.7,
.Vt RSA_METHOD

implementations are grouped together with other algorithmic APIs (e.g.\&
.Vt DSA_METHOD
or
.Vt EVP_CIPHER )
into
.Vt ENGINE
modules.
If a default
.Vt ENGINE
is specified for RSA functionality using an
.Xr engine 3
API function, that will override any RSA defaults set using the RSA
API, i.e.\&
.Fn RSA_set_default_method .
For this reason, the

.Xr engine 3



API is the recommended way to control default implementations for



use in RSA and other cryptographic algorithms.
.Sh BUGS





The behaviour of
.Fn RSA_flags
is a misfeature that is left as-is for now to avoid creating
compatibility problems.
RSA functionality, such as the encryption functions, are controlled by
the
.Fa flags
value in the
.Vt RSA
key itself, not by the
.Fa flags
value in the
.Vt RSA_METHOD
attached to the RSA key (which is what this function returns).
If the flags element of an
.Vt RSA
key is changed, the changes will be honoured by RSA functionality
but will not be reflected in the return value of the
.Fn RSA_flags
function - in effect
.Fn RSA_flags
behaves more like a RSA_default_flags() function, which does not
currently exist.
Changes to jni/libressl/man/RSA_sign.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

31


32

33
34
35
36
37
38
39
40
41
42
43
44










45
46
47
48
49
50
51
52
53
54

55
56
57

58
59



60



61
62


63
64
65


66
67
68
69
70
71
72

73
74
75
76
77
78

79

80
81
82
83

84
85
86
87
88
89
90



91
92
93








94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

109



110




111




112
113
114
115

116
117
118
119
120
121

122
123
124

125
126


127


128
129
130
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""


.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"










.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..
.nr rF 0

.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{



.    if \nF \{



.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"


..
.        if !\nF==2 \{
.            nr % 0


.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "RSA_sign 3"
.TH RSA_sign 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh

.SH "NAME"

RSA_sign, RSA_verify \- RSA signatures
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1

\& #include <openssl/rsa.h>
\&
\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
\&    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
\&
\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
\&    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);



.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"








\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the
private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the
signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR
must point to RSA_size(\fBrsa\fR) bytes of memory.
Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the
key that can be used.
See \fIRSA_private_encrypt\fR\|(3) for lower-level
operations.
.PP
\&\fBtype\fR denotes the message digest algorithm that was used to generate
\&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR;
see \fIobjects\fR\|(3) for details. If \fBtype\fR is \fBNID_md5_sha1\fR,
an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding
and no algorithm identifier) is created.
.PP

\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR



matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes




the message digest algorithm that was used to generate the signature.




\&\fBrsa\fR is the signer's public key.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIRSA_sign()\fR returns 1 on success, 0 otherwise.  \fIRSA_verify()\fR returns 1

on successful verification, 0 otherwise.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1SSL, PKCS\s0 #1 v2.0

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3),

\&\fIrsa\fR\|(3), \fIRSA_private_encrypt\fR\|(3),
\&\fIRSA_public_decrypt\fR\|(3)


.SH "HISTORY"


.IX Header "HISTORY"
\&\fIRSA_sign()\fR and \fIRSA_verify()\fR are available in all versions of SSLeay
and OpenSSL.
|
>

|
<
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
|
|
|
|
|
>
|
>
>
|
>
<
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
>
>
|
<
<
|
<
<
<
<

<
>
|
|
|
>
|
<
>
>
>
|
>
>
>
|
|
>
>
|
|
<
>
>
|
|
|
|
|
<
|
>
|
|
|
<
|
|
>
|
>
|
<
<
|
>
|
<
<
|
<
|
|
>
>
>
|
|
|
>
>
>
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
>
|
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
<
|
>
|
|
|
<
<
<
>
|
<
|
>
|
|
>
>
|
>
>
|
|
<
1
2
3
4

5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36








37


38
39
40
41
42
43
44
45
46
47
48
49


50




51

52
53
54
55
56
57

58
59
60
61
62
63
64
65
66
67
68
69
70

71
72
73
74
75
76
77

78
79
80
81
82

83
84
85
86
87
88


89
90
91


92

93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108












109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127


128
129
130
131
132



133
134

135
136
137
138
139
140
141
142
143
144
145

.\"	$OpenBSD: RSA_sign.3,v 1.4 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2005, 2014, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project








.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED


.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"

.Dd $Mdocdate: December 11 2016 $
.Dt RSA_SIGN 3
.Os
.Sh NAME
.Nm RSA_sign ,
.Nm RSA_verify

.Nd RSA signatures
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int
.Fo RSA_sign
.Fa "int type"
.Fa "const unsigned char *m"
.Fa "unsigned int m_len"
.Fa "unsigned char *sigret"
.Fa "unsigned int *siglen"
.Fa "RSA *rsa"
.Fc
.Ft int

.Fo RSA_verify
.Fa "int type"
.Fa "const unsigned char *m"
.Fa "unsigned int m_len"
.Fa "unsigned char *sigbuf"
.Fa "unsigned int siglen"
.Fa "RSA *rsa"

.Fc
.Sh DESCRIPTION
.Fn RSA_sign
signs the message digest
.Fa m

of size
.Fa m_len
using the private key
.Fa rsa
using RSASSA-PKCS1-v1_5 as specified in RFC 3447.
It stores the signature in


.Fa sigret
and the signature size in
.Fa siglen .


.Fa sigret

must point to
.Fn RSA_size rsa
bytes of memory.
Note that PKCS #1 adds meta-data, placing limits on the size of the key
that can be used.
See
.Xr RSA_private_encrypt 3
for lower-level operations.
.Pp
.Fa type
denotes the message digest algorithm that was used to generate
.Fa m .
If
.Fa type
is
.Sy NID_md5_sha1 ,












an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and
no algorithm identifier) is created.
.Pp
.Fn RSA_verify
verifies that the signature
.Fa sigbuf
of size
.Fa siglen
matches a given message digest
.Fa m
of size
.Fa m_len .
.Fa type
denotes the message digest algorithm that was used to generate the
signature.
.Fa rsa
is the signer's public key.
.Sh RETURN VALUES
.Fn RSA_sign


returns 1 on success.
.Fn RSA_verify
returns 1 on successful verification.
.Pp
The error codes can be obtained by



.Xr ERR_get_error 3 .
.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr RSA_new 3 ,
.Xr RSA_private_encrypt 3 ,
.Xr RSA_public_decrypt 3
.Sh STANDARDS
SSL, PKCS #1 v2.0
.Sh HISTORY
.Fn RSA_sign
and
.Fn RSA_verify
are available in all versions of SSLeay and OpenSSL.

Changes to jni/libressl/man/RSA_sign_ASN1_OCTET_STRING.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43
44








45
46
47
48
49
50
51
52
53
54
55


56
57




58
59
60

61
62
63

64
65
66
67
68
69
70
71
72
73
74
75
76

77




78
79
80

81
82
83


84
85


86


87

88
89





90
91
92
93
94
95
96

97

98
99
100
101
102
103
104
105
106
107
108
109
110

111
112
113
114
115
116
117
118
119
120

121
122
123
124


125
126


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"








.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0




.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{

.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
.TH RSA_sign_ASN1_OCTET_STRING 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l




.nh
.SH "NAME"
RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures

.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1


\& #include <openssl/rsa.h>
\&


\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,


\&    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,

\&    RSA *rsa);
\&





\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
\&    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
\&    RSA *rsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size

\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1

padding. It stores the signature in \fBsigret\fR and the signature size
in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of
memory.
.PP
\&\fBdummy\fR is ignored.
.PP
\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR
of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string
\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's
public key.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise.

\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0
otherwise.
.PP
The error codes can be obtained by \fIERR_get_error\fR\|(3).
.SH "BUGS"
.IX Header "BUGS"
These functions serve no recognizable purpose.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3),

\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIRSA_sign\fR\|(3),
\&\fIRSA_verify\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"


\&\fIRSA_sign_ASN1_OCTET_STRING()\fR and \fIRSA_verify_ASN1_OCTET_STRING()\fR were
added in SSLeay 0.8.


|
>

|
<
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
|
>
|
|
|
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
|
|
|
|
<
<
<
<

<
<
>
>
|
|
>
>
>
>
|
<
|
>
|
|
|
>
|
<
<
<
|
|
<
<
|
|
<
<
<
>
|
>
>
>
>
|
|
|
>
|
<
|
>
>
|
<
>
>
|
>
>
|
>
|
<
>
>
>
>
>
|
|
<
|
<
<
|
>
|
>
|
<
|
|
|
|
<
<
<
|
|
<
|
>
|
|
|
|
<
|
<
|
<
|
>
|
|
|
<
>
>
|
|
>
>
1
2
3
4

5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35






36


37
38
39
40
41
42
43
44
45
46
47
48
49




50


51
52
53
54
55
56
57
58
59

60
61
62
63
64
65
66



67
68


69
70



71
72
73
74
75
76
77
78
79
80
81

82
83
84
85

86
87
88
89
90
91
92
93

94
95
96
97
98
99
100

101


102
103
104
105
106

107
108
109
110



111
112

113
114
115
116
117
118

119

120

121
122
123
124
125

126
127
128
129
130
131
.\"	$OpenBSD: RSA_sign_ASN1_OCTET_STRING.3,v 1.4 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project






.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"


.Dd $Mdocdate: December 11 2016 $
.Dt RSA_SIGN_ASN1_OCTET_STRING 3
.Os
.Sh NAME
.Nm RSA_sign_ASN1_OCTET_STRING ,
.Nm RSA_verify_ASN1_OCTET_STRING
.Nd RSA signatures
.Sh SYNOPSIS
.In openssl/rsa.h

.Ft int
.Fo RSA_sign_ASN1_OCTET_STRING
.Fa "int dummy"
.Fa "unsigned char *m"
.Fa "unsigned int m_len"
.Fa "unsigned char *sigret"
.Fa "unsigned int *siglen"



.Fa "RSA *rsa"
.Fc


.Ft int
.Fo RSA_verify_ASN1_OCTET_STRING



.Fa "int dummy"
.Fa "unsigned char *m"
.Fa "unsigned int m_len"
.Fa "unsigned char *sigbuf"
.Fa "unsigned int siglen"
.Fa "RSA *rsa"
.Fc
.Sh DESCRIPTION
.Fn RSA_sign_ASN1_OCTET_STRING
signs the octet string
.Fa m

of size
.Fa m_len
using the private key
.Fa rsa

represented in DER using PKCS #1 padding.
It stores the signature in
.Fa sigret
and the signature size in
.Fa siglen .
.Fa sigret
must point to
.Fn RSA_size rsa

bytes of memory.
.Pp
.Fa dummy
is ignored.
.Pp
.Fn RSA_verify_ASN1_OCTET_STRING
verifies that the signature

.Fa sigbuf


of size
.Fa siglen
is the DER representation of a given octet string
.Fa m
of size

.Fa m_len .
.Fa dummy
is ignored.
.Fa rsa



is the signer's public key.
.Sh RETURN VALUES

.Fn RSA_sign_ASN1_OCTET_STRING
returns 1 on success or 0 otherwise.
.Fn RSA_verify_ASN1_OCTET_STRING
returns 1 on successful verification or 0 otherwise.
.Pp
The error codes can be obtained by

.Xr ERR_get_error 3 .

.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr RSA_new 3 ,
.Xr RSA_sign 3 ,
.Xr RSA_verify 3
.Sh HISTORY

.Fn RSA_sign_ASN1_OCTET_STRING
and
.Fn RSA_verify_ASN1_OCTET_STRING
were added in SSLeay 0.8.
.Sh BUGS
These functions serve no recognizable purpose.
Changes to jni/libressl/man/RSA_size.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22


23
24
25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

47


48
49
50
51











52
53
54

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93



94

95
96
97
98
99
100
101
102

103
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,


.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the











.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "RSA_size 3"
.TH RSA_size 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
RSA_size \- get RSA modulus size
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/rsa.h>
\&
\& int RSA_size(const RSA *rsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This function returns the \s-1RSA\s0 modulus size in bytes. It can be used to
determine how much memory must be allocated for an \s-1RSA\s0 encrypted
value.
.PP



\&\fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR.

.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
The size in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsa\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIRSA_size()\fR is available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
>
>
|
|
<
|
|
|
|
|
|
>
|
|
|
|
<
|
|
<
<
|
<
<

<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
|

<
>
|
|
<
<
<
<
<
<
|
<
<
<
|
|
|
|
<
|
|
|
<
<
<
|
<
<
<
<
<
<
<
<
<
|
<
|
|
|
|
>
>
>
|
>
|
<

|
|
<
|
<
>
|
1
2
3
4

5


6



7
8
9
10



11
12
13





14
15
16
17

18
19
20
21
22
23
24
25
26
27
28

29
30


31


32


33
34
35
36
37



38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53






54



55
56
57
58

59
60
61



62









63

64
65
66
67
68
69
70
71
72
73

74
75
76

77

78
79
.\"	$OpenBSD: RSA_size.3,v 1.4 2016/12/11 12:21:48 schwarze Exp $
.\"	OpenSSL 5bf73873 Aug 5 16:27:01 2002 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.

.\" Copyright (c) 2000, 2002, 2015 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"





.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 11 2016 $
.Dt RSA_SIZE 3
.Os






.Sh NAME



.Nm RSA_size
.Nd get RSA modulus size
.Sh SYNOPSIS
.In openssl/rsa.h

.Ft int
.Fo RSA_size
.Fa "const RSA *rsa"



.Fc









.Sh DESCRIPTION

This function returns the RSA modulus size in bytes.
It can be used to determine how much memory must be allocated for an RSA
encrypted value.
.Pp
.Fa rsa
and
.Fa rsa->n
must not be
.Dv NULL .
.Sh RETURN VALUES

The size in bytes.
.Sh SEE ALSO
.Xr RSA_new 3

.Sh HISTORY

.Fn RSA_size
is available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/SHA1.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16




17
18
19
20
21
22

23
24
25
26

27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43




44
45





46
47
























48
49
50
51





















52


53



54

55




56
57
58
59




60
61
62



63
64
65
66




67
68



69
70
71




72


73
74
75
76
77
78
79
80
81

82
83
84
85






86

87
88



89




90
91
92
93

94



95
96
97
98

99





100

101




102
103
104
105
106

107


108

109
110
111

112



113

114


















115
116
117
118
119
120
121
122





123
124
125
126

127


128
129
130
131
132
133
134
135
136
137
138


139


140
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}




.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.





.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
























.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the





















.\" output yourself in some meaningful fashion.


.\"



.\" Avoid warning from groff about undefined register 'F'.

.de IX




..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{




.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2




.        \}
.    \}



.\}
.rr rF
.\" ========================================================================




.\"


.IX Title "SHA1 3"
.TH SHA1 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
.SH "SYNOPSIS"

.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/sha.h>
\&






\& unsigned char *SHA1(const unsigned char *d, unsigned long n,

\&                  unsigned char *md);
\&



\& int SHA1_Init(SHA_CTX *c);




\& int SHA1_Update(SHA_CTX *c, const void *data,
\&                  unsigned long len);
\& int SHA1_Final(unsigned char *md, SHA_CTX *c);
.Ve

.SH "DESCRIPTION"



.IX Header "DESCRIPTION"
\&\s-1SHA\-1 \s0(Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
.PP

\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR





bytes at \fBd\fR and places it in \fBmd\fR (which must have space for

\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest




is placed in a static array.
.PP
The following functions may be used if the message is not completely
stored in memory:
.PP

\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure.


.PP

\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to
be hashed (\fBlen\fR bytes at \fBdata\fR).
.PP

\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space



for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR.

.PP


















Applications should use the higher level functions
\&\fIEVP_DigestInit\fR\|(3)
etc. instead of calling the hash functions directly.
.PP
The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be
used only when backward compatibility is required.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"





\&\s-1\fISHA1\s0()\fR returns a pointer to the hash value.
.PP
\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR return 1 for success, 0 otherwise.
.SH "CONFORMING TO"

.IX Header "CONFORMING TO"


\&\s-1SHA: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180 \s0(Secure Hash
Standard),
\&\s-1SHA\-1: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-1 \s0(Secure Hash
Standard),
\&\s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIripemd\fR\|(3), \fIhmac\fR\|(3),
\&\fIEVP_DigestInit\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"


\&\s-1\fISHA1\s0()\fR, \fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR are available in all


versions of SSLeay and OpenSSL.
|
>

|
<
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
|
>
>
>
>
|
<
<
<
<
<
>
|
|
|
|
>
|
|
<
<
|
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>

|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
>
>
>
|
>
|
>
>
>
>
|
|
<
<
>
>
>
>
|
<
<
>
>
>
|
|
<
<
>
>
>
>
|
|
>
>
>
|
|
<
>
>
>
>
|
>
>
|
<
<
<
|
|
<
|
|
>
|
|
|
<
>
>
>
>
>
>
|
>
|
<
>
>
>
|
>
>
>
>
|
|
<
|
>
|
>
>
>
|
|
|
|
>
|
>
>
>
>
>
|
>
|
>
>
>
>
|
|


|
>
|
>
>
|
>
|
|
|
>
|
>
>
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|

|
|
>
>
>
>
>
|
<
|
|
>
|
>
>
|
<
|
|
<
<
<
<
<
|
<
>
>
|
>
>
|
1
2
3
4

5
6

7
8
9
10
11
12
13
14
15
16
17
18

19
20
21
22
23
24





25
26
27
28
29
30
31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121


122
123
124
125
126


127
128
129
130
131


132
133
134
135
136
137
138
139
140
141
142

143
144
145
146
147
148
149
150



151
152

153
154
155
156
157
158

159
160
161
162
163
164
165
166
167

168
169
170
171
172
173
174
175
176
177

178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

256
257
258
259
260
261
262

263
264





265

266
267
268
269
270
271
.\"	$OpenBSD: SHA1.3,v 1.4 2016/12/02 19:28:41 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2006, 2015 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"





.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 2 2016 $
.Dt SHA1 3
.Os
.Sh NAME
.Nm SHA1 ,
.Nm SHA1_Init ,
.Nm SHA1_Update ,
.Nm SHA1_Final ,
.Nm SHA224 ,
.Nm SHA224_Init ,
.Nm SHA224_Update ,
.Nm SHA224_Final ,
.Nm SHA256 ,
.Nm SHA256_Init ,
.Nm SHA256_Update ,
.Nm SHA256_Final ,
.Nm SHA384 ,
.Nm SHA384_Init ,
.Nm SHA384_Update ,
.Nm SHA384_Final ,
.Nm SHA512 ,
.Nm SHA512_Init ,
.Nm SHA512_Update ,
.Nm SHA512_Final
.Nd Secure Hash Algorithm
.Sh SYNOPSIS
.In openssl/sha.h
.Ft unsigned char *
.Fo SHA1
.Fa "const unsigned char *d"
.Fa "size_t n"
.Fa "unsigned char *md"
.Fc



.Ft int
.Fo SHA1_Init
.Fa "SHA_CTX *c"
.Fc
.Ft int
.Fo SHA1_Update
.Fa "SHA_CTX *c"
.Fa "const void *data"
.Fa "size_t len"
.Fc
.Ft int
.Fo SHA1_Final
.Fa "unsigned char *md"
.Fa "SHA_CTX *c"
.Fc
.Ft unsigned char *
.Fo SHA224
.Fa "const unsigned char *d"
.Fa "size_t n"
.Fa "unsigned char *md"
.Fc
.Ft int
.Fo SHA224_Init
.Fa "SHA256_CTX *c"
.Fc
.Ft int
.Fo SHA224_Update
.Fa "SHA256_CTX *c"
.Fa "const void *data"
.Fa "size_t len"
.Fc
.Ft int
.Fo SHA224_Final
.Fa "unsigned char *md"
.Fa "SHA256_CTX *c"
.Fc
.Ft unsigned char *


.Fo SHA256
.Fa "const unsigned char *d"
.Fa "size_t n"
.Fa "unsigned char *md"
.Fc


.Ft int
.Fo SHA256_Init
.Fa "SHA256_CTX *c"
.Fc
.Ft int


.Fo SHA256_Update
.Fa "SHA256_CTX *c"
.Fa "const void *data"
.Fa "size_t len"
.Fc
.Ft int
.Fo SHA256_Final
.Fa "unsigned char *md"
.Fa "SHA256_CTX *c"
.Fc
.Ft unsigned char *

.Fo SHA384
.Fa "const unsigned char *d"
.Fa "size_t n"
.Fa "unsigned char *md"
.Fc
.Ft int
.Fo SHA384_Init
.Fa "SHA512_CTX *c"



.Fc
.Ft int

.Fo SHA384_Update
.Fa "SHA512_CTX *c"
.Fa "const void *data"
.Fa "size_t len"
.Fc
.Ft int

.Fo SHA384_Final
.Fa "unsigned char *md"
.Fa "SHA512_CTX *c"
.Fc
.Ft unsigned char *
.Fo SHA512
.Fa "const unsigned char *d"
.Fa "size_t n"
.Fa "unsigned char *md"

.Fc
.Ft int
.Fo SHA512_Init
.Fa "SHA512_CTX *c"
.Fc
.Ft int
.Fo SHA512_Update
.Fa "SHA512_CTX *c"
.Fa "const void *data"
.Fa "size_t len"

.Fc
.Ft int
.Fo SHA512_Final
.Fa "unsigned char *md"
.Fa "SHA512_CTX *c"
.Fc
.Sh DESCRIPTION
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160-bit output.
.Pp
.Fn SHA1
computes the SHA-1 message digest of the
.Fa n
bytes at
.Fa d
and places it in
.Fa md ,
which must have space for
.Dv SHA_DIGEST_LENGTH
== 20 bytes of output.
If
.Fa md
is
.Dv NULL ,
the digest is placed in a static array, which is not thread safe.
.Pp
The following functions may be used if the message is not completely
stored in memory:
.Pp
.Fn SHA1_Init
initializes a
.Vt SHA_CTX
structure.
.Pp
.Fn SHA1_Update
can be called repeatedly with chunks of the message to be hashed
.Pq Fa len No bytes at Fa data .
.Pp
.Fn SHA1_Final
places the message digest in
.Fa md ,
which must have space for
.Dv SHA_DIGEST_LENGTH
== 20 bytes of output, and erases the
.Vt SHA_CTX .
.Pp
The SHA224, SHA256, SHA384, and SHA512 families of functions operate
in the same way as the SHA1 functions.
Note that SHA224 and SHA256 use a
.Vt SHA256_CTX
object instead of
.Vt SHA_CTX ,
and SHA384 and SHA512 use
.Vt SHA512_CTX .
The buffer
.Fa md
must have space for the output from the SHA variant being used:
.Dv SHA224_DIGEST_LENGTH ,
.Dv SHA256_DIGEST_LENGTH ,
.Dv SHA384_DIGEST_LENGTH ,
or
.Dv SHA512_DIGEST_LENGTH
bytes.
.Pp
Applications should use the higher level functions
.Xr EVP_DigestInit 3
etc.  instead of calling the hash functions directly.
.Pp
The predecessor of SHA-1, SHA, is also implemented, but it should be
used only when backward compatibility is required.
.Sh RETURN VALUES
.Fn SHA1 ,
.Fn SHA224 ,
.Fn SHA256 ,
.Fn SHA384 ,
and
.Fn SHA512
return a pointer to the hash value.

The other functions return 1 for success or 0 otherwise.
.Sh SEE ALSO
.Xr EVP_DigestInit 3 ,
.Xr HMAC 3 ,
.Xr RIPEMD160 3
.Sh STANDARDS
SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure

Hash Standard), SHA-1: US Federal Information Processing Standard FIPS
PUB 180-1 (Secure Hash Standard), ANSI X9.30





.Sh HISTORY

.Fn SHA1 ,
.Fn SHA1_Init ,
.Fn SHA1_Update ,
and
.Fn SHA1_Final
are available in all versions of SSLeay and OpenSSL.
Deleted jni/libressl/man/SMIME_read_CMS.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "SMIME_read_CMS 3"
.TH SMIME_read_CMS 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
.Vb 1
\& SMIME_read_CMS \- parse S/MIME message.
.Ve
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/cms.h>
\&
\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISMIME_read_CMS()\fR parses a message in S/MIME format.
.PP
\&\fBin\fR is a \s-1BIO\s0 to read the message from.
.PP
If cleartext signing is used then the content is saved in a memory bio which is
written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0
.PP
The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an
error occurred.
.SH "NOTES"
.IX Header "NOTES"
If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can
then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set.
.PP
Otherwise the type of the returned structure can be determined
using \fICMS_get0_type()\fR.
.PP
To support future functionality if \fBbcont\fR is not \s-1NULL \s0\fB*bcont\fR should be
initialized to \s-1NULL.\s0 For example:
.PP
.Vb 2
\& BIO *cont = NULL;
\& CMS_ContentInfo *cms;
\&
\& cms = SMIME_read_CMS(in, &cont);
.Ve
.SH "BUGS"
.IX Header "BUGS"
The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive.  While it will
handle most S/MIME messages more complex compound formats may not work.
.PP
The parser assumes that the CMS_ContentInfo structure is always base64 encoded
and will not handle the case where it is in binary format or uses quoted
printable format.
.PP
The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message
which can be processed due to memory restraints: a streaming single pass option
should be available.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR
if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fICMS_type\fR\|(3)
\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3),
\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
\&\fICMS_decrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fISMIME_read_CMS()\fR was added to OpenSSL 0.9.8
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































































































Changes to jni/libressl/man/SMIME_read_PKCS7.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32

33
34

35
36
37
38
39
40
41
42
43
44
45
46
47

48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72


73
74
75

76
77
78
79
80
81
82
83
84
85

86

87
88
89
90
91


92


93
94
95
96
97
98
99
100
101
102
103
104
105
106
107


108
109




110
111
112

113
114
115
116
117
















118

119
120
121
122
123
124

125
126
127
128


129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""

'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '

.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"


.IX Title "SMIME_read_PKCS7 3"
.TH SMIME_read_PKCS7 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes

.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SMIME_read_PKCS7 \- parse S/MIME message.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&

\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format.
.PP


\&\fBin\fR is a \s-1BIO\s0 to read the message from.


.PP
If cleartext signing is used then the content is saved in
a memory bio which is written to \fB*bcont\fR, otherwise
\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR.
.PP
The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an
error occurred.
.SH "NOTES"
.IX Header "NOTES"
If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text
signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with
the \fB\s-1PKCS7_DETACHED\s0\fR flag set.
.PP
Otherwise the type of the returned structure can be determined
using \fIPKCS7_type()\fR.


.PP
To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR




\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example:
.PP
.Vb 2

\& BIO *cont = NULL;
\& PKCS7 *p7;
\&
\& p7 = SMIME_read_PKCS7(in, &cont);
.Ve
















.SH "BUGS"

.IX Header "BUGS"
The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive.
While it will handle most S/MIME messages more complex compound
formats may not work.
.PP
The parser assumes that the \s-1PKCS7\s0 structure is always base64

encoded and will not handle the case where it is in binary format
or uses quoted printable format.
.PP
The use of a memory \s-1BIO\s0 to hold the signed content limits the size


of message which can be processed due to memory restraints: a
streaming single pass option should be available.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR
is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_type\fR\|(3)
\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3),
\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
\&\fIPKCS7_decrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
|
|
>
|
|
>
|
<
|
|
|
|
|
|
|
|
|
|
|
>

<
|
|
<
|
>
|
|
|
|
|
|
|
|
<
|
>
|
|
|
|
|
|
|
<
|
>
>
|
|
|
>
|
|
|
<
|
|
|
|
<
<
>
|
>
|
<
<
|
|
>
>
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
|
|
>
>
|
|
>
>
>
>
|
|
|
>
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|

|
|
>
|
|
|
|
>
>
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46
47
48
49
50

51
52

53
54
55
56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71

72
73
74
75
76
77
78
79
80
81

82
83
84
85


86
87
88
89


90
91
92
93
94
95
96
97












98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149













.\"	$OpenBSD: SMIME_read_PKCS7.3,v 1.5 2017/01/06 02:37:05 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: January 6 2017 $
.Dt SMIME_READ_PKCS7 3

.Os
.Sh NAME
.Nm SMIME_read_PKCS7
.Nd parse S/MIME message
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft PKCS7 *
.Fo SMIME_read_PKCS7
.Fa "BIO *in"
.Fa "BIO **bcont"

.Fc
.Sh DESCRIPTION
.Fn SMIME_read_PKCS7
parses a message in S/MIME format.
.Pp
.Fa in
is a
.Vt BIO
to read the message from.

.Pp
If cleartext signing is used, then the content is saved in a memory
.Vt BIO
which is written to
.Pf * Fa bcont ,
otherwise
.Pf * Fa bcont
is set to
.Dv NULL .
.Pp

The parsed PKCS#7 structure is returned, or
.Dv NULL
if an error occurred.
.Pp


If
.Pf * Fa bcont
is not
.Dv NULL ,


then the message is clear text signed.
.Pf * Fa bcont
can then be passed to
.Xr PKCS7_verify 3
with the
.Dv PKCS7_DETACHED
flag set.
.Pp












Otherwise the type of the returned structure can be determined using the
.Fn PKCS7_type_is_*
macros defined in
.In openssl/pkcs7.h .
.Pp
To support future functionality, if
.Fa bcont
is not
.Dv NULL ,
.Pf * Fa bcont
should be initialized to
.Dv NULL .
For example:
.Bd -literal -offset indent
BIO *cont = NULL;
PKCS7 *p7;

p7 = SMIME_read_PKCS7(in, &cont);
.Ed
.Sh RETURN VALUES
.Fn SMIME_read_PKCS7
returns a valid
.Vt PKCS7
structure or
.Dv NULL
if an error occurred.
The error can be obtained from
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr PKCS7_new 3 ,
.Xr SMIME_write_PKCS7 3
.Sh HISTORY
.Fn SMIME_read_PKCS7
was added to OpenSSL 0.9.5.
.Sh BUGS
The MIME parser used by
.Fn SMIME_read_PKCS7
is somewhat primitive.
While it will handle most S/MIME messages, more complex compound
formats may not work.
.Pp
The parser assumes that the
.Vt PKCS7
structure is always base64 encoded, and it will not handle the case
where it is in binary format or uses quoted printable format.
.Pp
The use of a memory
.Vt BIO
to hold the signed content limits the size of the message which can
be processed due to memory restraints: a streaming single pass
option should be available.













Deleted jni/libressl/man/SMIME_write_CMS.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "SMIME_write_CMS 3"
.TH SMIME_write_CMS 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
.Vb 1
\& SMIME_write_CMS \- convert CMS structure to S/MIME format.
.Ve
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/cms.h>
\&
\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0
structure to produce an S/MIME message.
.PP
\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate
\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be
supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
The following flags can be passed in the \fBflags\fR parameter.
.PP
If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only
makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is
called.
.PP
If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to
the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set.
.PP
If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only
be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo
creation function.
.PP
If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must
be read twice: once to compute the signature in \fICMS_sign()\fR and once to output
the S/MIME message.
.PP
If streaming is performed the content is output in \s-1BER\s0 format using indefinite
length constructed encoding except in the case of signed data with detached
content where the content is absent and \s-1DER\s0 format is used.
.SH "BUGS"
.IX Header "BUGS"
\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an
option to disable this.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
\&\fICMS_decrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fISMIME_write_CMS()\fR was added to OpenSSL 0.9.8
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












































































































































































































































































Changes to jni/libressl/man/SMIME_write_PKCS7.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

31
32

33

34
35
36
37
38
39
40
41
42
43
44









45
46
47
48
49
50
51
52
53
54
55


56

57
58
59
60
61
62
63
64
65
66

67

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91
92
93
94



95
96
97
98


99


100
101















102
103
104
105
106
107
108
109


110
111
112

113


114
115
116
117
118
119
120
121
122
123
124

125
126
127
128
129

130

131
132
133




.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""

.    ds C` ""

.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"









.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..

.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2

.        \}

.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "SMIME_write_PKCS7 3"
.TH SMIME_write_PKCS7 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&
\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7

structure to produce an S/MIME message.
.PP
\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR
structure. If streaming is enabled then the content must be supplied in the



\&\fBdata\fR argument. \fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
The following flags can be passed in the \fBflags\fR parameter.


.PP


If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used,
this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR















is also set when \fIPKCS7_sign()\fR is also called.
.PP
If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR
are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR
is also set.
.PP
If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should
only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to


\&\fIPKCS7_sign()\fR or \fB\f(BIPKCS7_encrypt()\fB\fR.
.PP
If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then

the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR


and once to output the S/MIME message.
.PP
If streaming is performed the content is output in \s-1BER\s0 format using indefinite
length constructed encoding except in the case of signed data with detached
content where the content is absent and \s-1DER\s0 format is used.
.SH "BUGS"
.IX Header "BUGS"
\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there
should be an option to disable this.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)

\&\fIPKCS7_decrypt\fR\|(3)

.SH "HISTORY"
.IX Header "HISTORY"
\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5




|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
|
|
|
|
|
>
|
|
>
|
>
<
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
>
|
|
|

|
|
<
<
|
<
|
>
>
|
>
|
|
|
|
|
|
|
|
|
|
>
|
>
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
|
<
<
|
|
<
<
|
>
|
<
<
|
>
>
>
|
|
<
|
>
>
|
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
<
|
<
|
|
>
>
|
|
|
>
|
>
>

|
|
|
|
<
<
|
<
|
<
>
|
|
<
|
|
>
|
>
|
|
|
>
>
>
>
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36







37


38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53


54

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72










73




74


75
76


77
78
79


80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

110

111

112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127


128

129

130
131
132

133
134
135
136
137
138
139
140
141
142
143
144
.\"	$OpenBSD: SMIME_write_PKCS7.3,v 1.4 2016/12/13 15:00:22 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2003, 2006, 2007, 2015 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project







.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 13 2016 $
.Dt SMIME_WRITE_PKCS7 3


.Os

.Sh NAME
.Nm SMIME_write_PKCS7
.Nd convert PKCS#7 structure to S/MIME format
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft int
.Fo SMIME_write_PKCS7
.Fa "BIO *out"
.Fa "PKCS7 *p7"
.Fa "BIO *data"
.Fa "int flags"
.Fc
.Sh DESCRIPTION
.Fn SMIME_write_PKCS7
adds the appropriate MIME headers to a PKCS#7 structure to produce an
S/MIME message.
.Pp
.Fa out










is the




.Vt BIO


to write the data to.
.Fa p7


is the appropriate
.Vt PKCS7
structure.


If streaming is enabled, then the content must be supplied in the
.Fa data
argument.
.Fa flags
is an optional set of flags.
.Pp

The following flags can be passed in the
.Fa flags
parameter.
.Pp
If
.Dv PKCS7_DETACHED
is set, then cleartext signing will be used.
This option only makes sense for signedData where
.Dv PKCS7_DETACHED
is also set when
.Xr PKCS7_sign 3
is also called.
.Pp
If the
.Dv PKCS7_TEXT
flag is set, MIME headers for type
.Sy text/plain
are added to the content.
This only makes sense if
.Dv PKCS7_DETACHED
is also set.
.Pp
If the
.Dv PKCS7_STREAM

flag is set, streaming is performed.

This flag should only be set if

.Dv PKCS7_STREAM
was also set in the previous call to
.Xr PKCS7_sign 3
or
.Xr PKCS7_encrypt 3 .
.Pp
If cleartext signing is being used and
.Dv PKCS7_STREAM
is not set, then the data must be read twice: once to compute the
signature in
.Xr PKCS7_sign 3
and once to output the S/MIME message.
.Pp
If streaming is performed, the content is output in BER format using
indefinite length constructed encoding except in the case of signed
data with detached content where the content is absent and DER


format is used.

.Sh RETURN VALUES

.Fn SMIME_write_PKCS7
returns 1 for success or 0 for failure.
.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
.Xr PEM_write_PKCS7 3 ,
.Xr PKCS7_new 3 ,
.Xr SMIME_read_PKCS7 3
.Sh HISTORY
.Fn SMIME_write_PKCS7
was added to OpenSSL 0.9.5.
.Sh BUGS
.Fn SMIME_write_PKCS7
always base64 encodes PKCS#7 structures.
There should be an option to disable this.
Changes to jni/libressl/man/SSL_CIPHER_get_name.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CIPHER_GET_NAME 3
.Os
.Sh NAME
.Nm SSL_CIPHER_get_name ,
.Nm SSL_CIPHER_get_bits ,
.Nm SSL_CIPHER_get_version ,
.Nm SSL_CIPHER_description
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2016/11/29 19:18:52 schwarze Exp $
.\"	OpenSSL 45f55f6a Nov 30 15:35:22 2014 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2005, 2009, 2013, 2014 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 29 2016 $
.Dt SSL_CIPHER_GET_NAME 3
.Os
.Sh NAME
.Nm SSL_CIPHER_get_name ,
.Nm SSL_CIPHER_get_bits ,
.Nm SSL_CIPHER_get_version ,
.Nm SSL_CIPHER_description
21
22
23
24
25
26
27

28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
.Ft char *
.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
.Sh DESCRIPTION
.Fn SSL_CIPHER_get_name
returns a pointer to the name of
.Fa cipher .
If the

argument is the
.Dv NULL
pointer, a pointer to the constant value
.Qq NONE
is returned.

.Pp
.Fn SSL_CIPHER_get_bits
returns the number of secret bits used for
.Fa cipher .
If
.Fa alg_bits
is not
.Dv NULL ,
it contains the number of bits processed by the
chosen algorithm.
If
.Fa cipher
is
.Dv NULL ,
0 is returned.
.Pp
.Fn SSL_CIPHER_get_version
returns a string which indicates the SSL/TLS protocol version that first
defined the cipher.
This is currently
.Qq SSLv2
or
.Qq TLSv1/SSLv3 .
In some cases it should possibly return
.Qq TLSv1.2
but the function does not; use
.Xr SSL_CIPHER_description 3
instead.
If







>
|
|
<
<
|
>




















<
<







69
70
71
72
73
74
75
76
77
78


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100


101
102
103
104
105
106
107
.Ft char *
.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
.Sh DESCRIPTION
.Fn SSL_CIPHER_get_name
returns a pointer to the name of
.Fa cipher .
If the
.Fa cipher
is
.Dv NULL ,


it returns
.Qq (NONE) .
.Pp
.Fn SSL_CIPHER_get_bits
returns the number of secret bits used for
.Fa cipher .
If
.Fa alg_bits
is not
.Dv NULL ,
it contains the number of bits processed by the
chosen algorithm.
If
.Fa cipher
is
.Dv NULL ,
0 is returned.
.Pp
.Fn SSL_CIPHER_get_version
returns a string which indicates the SSL/TLS protocol version that first
defined the cipher.
This is currently


.Qq TLSv1/SSLv3 .
In some cases it should possibly return
.Qq TLSv1.2
but the function does not; use
.Xr SSL_CIPHER_description 3
instead.
If
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

112
113
114
115
116
117
118
119
120
121
122
123
124

125
126
127
128
129
130
131
132
133


134

135
136
137
138
139
140
141
142
143
144
145
146

147
148
149

150




151
152
153
154
155
156
157
158
159
160
161


162
163
164
165
166
167
168

169
170
171
172
173
174
175
176
177
178
179
is too small, or if
.Fa buf
is
.Dv NULL
and the allocation fails, a pointer to the string
.Qq Buffer too small
is returned.
.Sh NOTES
The number of bits processed can be different from the secret bits.
For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
The algorithm does use the full 128 bits (which would be returned for
.Fa alg_bits ) ,
but 88 bits are fixed.
The search space is hence only 40 bits.
.Pp
The string returned by
.Fn SSL_CIPHER_description
in case of success consists
of cleartext information separated by one or more blanks in the following
sequence:
.Bl -tag -width Ds
.It Aq Ar ciphername
Textual representation of the cipher name.
.It Aq Ar protocol version
Protocol version:
.Em SSLv2 ,
.Em SSLv3 ,

.Em TLSv1.2 .
The TLSv1.0 ciphers are flagged with SSLv3.
No new ciphers were added by TLSv1.1.
.It Kx= Ns Aq Ar key exchange
Key exchange method:
.Em RSA
(for export ciphers as
.Em RSA(512)
or
.Em RSA(1024) ) ,
.Em DH
(for export ciphers as
.Em DH(512)

or
.Em DH(1024) ) ,
.Em DH/RSA ,
.Em DH/DSS ,
.Em Fortezza .
.It Au= Ns Aq Ar authentication
Authentication method:
.Em RSA ,
.Em DSS ,


.Em DH ,

.Em None .
.Em None
is the representation of anonymous ciphers.
.It Enc= Ns Aq Ar symmetric encryption method
Encryption method with number of secret bits:
.Em DES(40) ,
.Em DES(56) ,
.Em 3DES(168) ,
.Em RC4(40) ,
.Em RC4(56) ,
.Em RC4(64) ,
.Em RC4(128) ,

.Em RC2(40) ,
.Em RC2(56) ,
.Em RC2(128) ,

.Em IDEA(128) ,




.Em Fortezza ,
.Em None .
.It Mac= Ns Aq Ar message authentication code
Message digest:
.Em MD5 ,
.Em SHA1 .
.It Aq Ar export flag
If the cipher is flagged exportable with respect to old US crypto
regulations, the word
.Dq export
is printed.


.El
.Sh RETURN VALUES
See
.Sx DESCRIPTION
.Sh EXAMPLES
Some examples for the output of
.Fn SSL_CIPHER_description :

.D1 "EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1"
.D1 "EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1"
.D1 "RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5"
.D1 "EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export"
.Pp
A complete list can be retrieved by invoking the following command:
.Pp
.Dl $ openssl ciphers -v ALL
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,







<
<
<
<
<
<
<



|
<
<





<
|
>
|




<
<
<
<
<
|
<
|
>

<
|
<
<


<
|
>
>
|
>
|
|



<
|
|
<
<
|
|
>
|
|
|
>
|
>
>
>
>
|
|


|
|
|
|
|
|
|
>
>

<
<
<

|

>
|
|
<
<







131
132
133
134
135
136
137







138
139
140
141


142
143
144
145
146

147
148
149
150
151
152
153





154

155
156
157

158


159
160

161
162
163
164
165
166
167
168
169
170

171
172


173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198



199
200
201
202
203
204


205
206
207
208
209
210
211
is too small, or if
.Fa buf
is
.Dv NULL
and the allocation fails, a pointer to the string
.Qq Buffer too small
is returned.







.Pp
The string returned by
.Fn SSL_CIPHER_description
consists of several fields separated by whitespace:


.Bl -tag -width Ds
.It Aq Ar ciphername
Textual representation of the cipher name.
.It Aq Ar protocol version
Protocol version:

.Sy SSLv3
or
.Sy TLSv1.2 .
The TLSv1.0 ciphers are flagged with SSLv3.
No new ciphers were added by TLSv1.1.
.It Kx= Ns Aq Ar key exchange
Key exchange method:





.Sy DH ,

.Sy ECDH ,
.Sy GOST ,
or

.Sy RSA .


.It Au= Ns Aq Ar authentication
Authentication method:

.Sy DSS ,
.Sy ECDSA ,
.Sy GOST01 ,
.Sy RSA ,
or
.Sy None .
.Sy None
is the representation of anonymous ciphers.
.It Enc= Ns Aq Ar symmetric encryption method
Encryption method with number of secret bits:

.Sy DES(56) ,
.Sy 3DES(168) ,


.Sy RC4(64) ,
.Sy RC4(128) ,
.Sy IDEA(128) ,
.Sy AES(128) ,
.Sy AES(256) ,
.Sy AESCGM(128) ,
.Sy AESCGM(256) ,
.Sy Camellia(128) ,
.Sy Camellia(256) ,
.Sy ChaCha20-Poly1305 ,
.Sy ChaCha20-Poly1305-Old ,
.Sy GOST-28178-89-CNT ,
or
.Sy None .
.It Mac= Ns Aq Ar message authentication code
Message digest:
.Sy MD5 ,
.Sy SHA1 ,
.Sy SHA256 ,
.Sy SHA384 ,
.Sy AEAD ,
.Sy GOST94 ,
.Sy GOST89IMIT ,
.Sy STREEBOG256 ,
.Sy STREEBOG512 .
.El



.Sh EXAMPLES
An example for the output of
.Fn SSL_CIPHER_description :
.Bd -literal
ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
.Ed


.Pp
A complete list can be retrieved by invoking the following command:
.Pp
.Dl $ openssl ciphers -v ALL
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,
Changes to jni/libressl/man/SSL_COMP_add_compression_method.3.

1

2



3








4
5
6
7
8

9
10
11
12
13


14



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

.\"

.\"	$OpenBSD$



.\"








.Dd $Mdocdate: October 12 2014 $
.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3
.Os
.Sh NAME
.Nm SSL_COMP_add_compression_method

.Nd handle SSL/TLS integrated compression methods
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm"


.Sh DESCRIPTION



.Fn SSL_COMP_add_compression_method
adds the compression method
.Fa cm
with the identifier
.Fa id
to the list of available compression methods.
This list is globally maintained for all SSL operations within this application.
It cannot be set for specific SSL_CTX or SSL objects.
.Sh NOTES
The TLS standard (or SSLv3) allows the integration of compression methods
into the communication.
The TLS RFC does however not specify compression methods or their corresponding
identifiers, so there is currently no compatible way to integrate compression
with unknown peers.
It is therefore currently not recommended to integrate compression into
applications.
Applications for non-public use may agree on certain compression methods.
Using different compression methods with the same identifier will lead to
connection failure.
.Pp
An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
will unconditionally send the list of all compression methods enabled with
.Fn SSL_COMP_add_compression_method
to the server during the handshake.
Unlike the mechanisms to set a cipher list, there is no method available to
restrict the list of compression method on a per connection basis.
.Pp
An OpenSSL server will match the identifiers listed by a client against
its own compression methods and will unconditionally activate compression
when a matching identifier is found.
There is no way to restrict the list of compression methods supported on a per
connection basis.
.Pp
The OpenSSL library has the compression methods
.Fn COMP_rle
and (when especially enabled during compilation)
.Fn COMP_zlib
available.
.Sh WARNINGS
Once the identities of the compression methods for the TLS protocol have
been standardized, the compression API will most likely be changed.
Using it in the current state is not recommended.
.Sh RETURN VALUES
.Fn SSL_COMP_add_compression_method
may return the following values:
.Bl -tag -width Ds
.It 0
The operation succeeded.
.It 1
The operation failed.
Check the error queue to find out the reason.
.El
.Sh SEE ALSO
.Xr ssl 3
>

>
|
>
>
>

>
>
>
>
>
>
>
>
|



|
>





>
>

>
>
>

|




<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
|
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<


|
<
<
|
|
<
<
|
<
<
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39













40


41










42








43
44
45


46
47


48


.\"	$OpenBSD: SSL_COMP_add_compression_method.3,v 1.2 2016/11/29 19:52:17 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 29 2016 $
.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3
.Os
.Sh NAME
.Nm SSL_COMP_add_compression_method ,
.Nm SSL_COMP_get_compression_methods
.Nd handle SSL/TLS integrated compression methods
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm"
.Ft STACK_OF(SSL_COMP) *
.Fn SSL_COMP_get_compression_methods void
.Sh DESCRIPTION
These functions are deprecated and have no effect.
They are provided purely for compatibility with legacy application code.
.Pp
.Fn SSL_COMP_add_compression_method
used to add the compression method
.Fa cm
with the identifier
.Fa id
to the list of available compression methods.













.Pp


.Fn SSL_COMP_get_compression_methods










used to return a stack of available compression methods.








.Sh RETURN VALUES
.Fn SSL_COMP_add_compression_method
always returns 1.


.Fn SSL_COMP_get_compression_methods
always returns


.Dv NULL .


Changes to jni/libressl/man/SSL_CTX_add_extra_chain_cert.3.


1




2



3








































4
5
6
7
8

9
10
11
12
13


14
15
16
17
18

19
20






21
22

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38


39
40
41
42
43
44
45











.\"




.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
.Os
.Sh NAME
.Nm SSL_CTX_add_extra_chain_cert

.Nd add certificate to chain
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX ctx" "X509 *x509"


.Sh DESCRIPTION
.Fn SSL_CTX_add_extra_chain_cert
adds the certificate
.Fa x509
to the certificate chain presented together with the certificate.

Several certificates can be added one after the other.
.Sh NOTES






When constructing the certificate chain, the chain will be formed from
these certificates explicitly specified.

If no chain is specified, the library will try to complete the chain from the
available CA certificates in the trusted CA storage, see
.Xr SSL_CTX_load_verify_locations 3 .
.Pp
The x509 certificate provided to
.Fn SSL_CTX_add_extra_chain_cert
will be freed by the library when the
.Vt SSL_CTX
is destroyed.
An application
.Em should not
free the
.Fa x509
object.
.Sh RETURN VALUES
.Fn SSL_CTX_add_extra_chain_cert


returns 1 on success.
Check out the error stack to find out the reason for failure otherwise.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_use_certificate 3









>
>

>
>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
>
|



|
>
>




|
>
|
|
>
>
>
>
>
>
|
|
>









|
<
<




>
>
|
|





>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92


93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
.\"	$OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.2 2016/11/30 12:55:25 schwarze Exp $
.\"	OpenSSL f0d6ee6be Feb 15 07:41:42 2002 +0000
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2002, 2013, 2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
.Os
.Sh NAME
.Nm SSL_CTX_add_extra_chain_cert ,
.Nm SSL_CTX_clear_extra_chain_certs
.Nd add or clear extra chain certificates
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
.Ft long
.Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_CTX_add_extra_chain_cert
adds the certificate
.Fa x509
to the extra chain certificates associated with
.Fa ctx .
Several certificates can be added one after another.
.Pp
.Fn SSL_CTX_clear_extra_chain_certs
clears all extra chain certificates associated with
.Fa ctx .
.Pp
These functions are implemented as macros.
.Pp
When sending a certificate chain, extra chain certificates are sent
in order following the end entity certificate.
.Pp
If no chain is specified, the library will try to complete the chain from the
available CA certificates in the trusted CA storage, see
.Xr SSL_CTX_load_verify_locations 3 .
.Pp
The x509 certificate provided to
.Fn SSL_CTX_add_extra_chain_cert
will be freed by the library when the
.Vt SSL_CTX
is destroyed.
An application should not free the


.Fa x509
object.
.Sh RETURN VALUES
.Fn SSL_CTX_add_extra_chain_cert
and
.Fn SSL_CTX_clear_extra_chain_certs
return 1 on success or 0 for failure.
Check out the error stack to find out the reason for failure.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_use_certificate 3
.Sh CAVEATS
Only one set of extra chain certificates can be specified per
.Vt SSL_CTX
structure.
Different chains for different certificates (for example if both
RSA and DSA certificates are specified by the same server) or
different SSL structures with the same parent
.Vt SSL_CTX
cannot be specified using this function.
Changes to jni/libressl/man/SSL_CTX_add_session.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_ADD_SESSION 3
.Os
.Sh NAME
.Nm SSL_CTX_add_session ,
.Nm SSL_add_session ,
.Nm SSL_CTX_remove_session ,
.Nm SSL_remove_session
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CTX_add_session.3,v 1.2 2016/11/30 13:21:23 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
.\" Geoff Thorpe <geoff@openssl.org>.
.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_ADD_SESSION 3
.Os
.Sh NAME
.Nm SSL_CTX_add_session ,
.Nm SSL_add_session ,
.Nm SSL_CTX_remove_session ,
.Nm SSL_remove_session
Changes to jni/libressl/man/SSL_CTX_ctrl.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_CTRL 3
.Os
.Sh NAME
.Nm SSL_CTX_ctrl ,
.Nm SSL_CTX_callback_ctrl ,
.Nm SSL_ctrl ,
.Nm SSL_callback_ctrl
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_ctrl.3,v 1.2 2016/11/30 13:21:23 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_CTRL 3
.Os
.Sh NAME
.Nm SSL_CTX_ctrl ,
.Nm SSL_CTX_callback_ctrl ,
.Nm SSL_ctrl ,
.Nm SSL_callback_ctrl
Changes to jni/libressl/man/SSL_CTX_flush_sessions.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_FLUSH_SESSIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_flush_sessions ,
.Nm SSL_flush_sessions
.Nd remove expired sessions
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_flush_sessions.3,v 1.2 2016/11/30 13:19:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_FLUSH_SESSIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_flush_sessions ,
.Nm SSL_flush_sessions
.Nd remove expired sessions
.Sh SYNOPSIS
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
.Pp
.Fn SSL_flush_sessions
is a synonym for
.Fn SSL_CTX_flush_sessions .
.Sh NOTES
If enabled, the internal session cache will collect all sessions established
up to the specified maximum number (see
.Fn SSL_CTX_sess_set_cache_size ) .
As sessions will not be reused ones they are expired, they should be
removed from the cache to save resources.
This can either be done automatically whenever 255 new sessions were
established (see
.Xr SSL_CTX_set_session_cache_mode 3 )
or manually by calling
.Fn SSL_CTX_flush_sessions .
.Pp







|
|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
.Pp
.Fn SSL_flush_sessions
is a synonym for
.Fn SSL_CTX_flush_sessions .
.Sh NOTES
If enabled, the internal session cache will collect all sessions established
up to the specified maximum number (see
.Xr SSL_CTX_sess_set_cache_size 3 ) .
As sessions will not be reused once they are expired, they should be
removed from the cache to save resources.
This can either be done automatically whenever 255 new sessions were
established (see
.Xr SSL_CTX_set_session_cache_mode 3 )
or manually by calling
.Fn SSL_CTX_flush_sessions .
.Pp
Changes to jni/libressl/man/SSL_CTX_free.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_FREE 3
.Os
.Sh NAME
.Nm SSL_CTX_free
.Nd free an allocated SSL_CTX object
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_free.3,v 1.2 2016/11/30 13:20:45 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2003 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_FREE 3
.Os
.Sh NAME
.Nm SSL_CTX_free
.Nd free an allocated SSL_CTX object
.Sh SYNOPSIS
.In openssl/ssl.h
40
41
42
43
44
45
46
47
48
49
50
51
52
53
This implies that all corresponding sessions from an external session cache are
removed as well.
If this is not desired, the user should explicitly unset the callback by
calling
.Fn SSL_CTX_sess_set_remove_cb ctx NULL
prior to calling
.Fn SSL_CTX_free .
.Sh RETURN VALUES
.Fn SSL_CTX_free
does not provide diagnostic information.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_sess_set_get_cb 3







<
<
<




87
88
89
90
91
92
93



94
95
96
97
This implies that all corresponding sessions from an external session cache are
removed as well.
If this is not desired, the user should explicitly unset the callback by
calling
.Fn SSL_CTX_sess_set_remove_cb ctx NULL
prior to calling
.Fn SSL_CTX_free .



.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_sess_set_get_cb 3
Changes to jni/libressl/man/SSL_CTX_get_ex_new_index.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm SSL_CTX_get_ex_new_index ,
.Nm SSL_CTX_set_ex_data ,
.Nm SSL_CTX_get_ex_data
.Nd internal application specific data functions
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.2 2016/12/06 22:41:16 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_CTX_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm SSL_CTX_get_ex_new_index ,
.Nm SSL_CTX_set_ex_data ,
.Nm SSL_CTX_get_ex_data
.Nd internal application specific data functions
Changes to jni/libressl/man/SSL_CTX_get_verify_mode.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_GET_VERIFY_MODE 3
.Os
.Sh NAME
.Nm SSL_CTX_get_verify_mode ,
.Nm SSL_get_verify_mode ,
.Nm SSL_CTX_get_verify_depth ,
.Nm SSL_get_verify_depth ,
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_get_verify_mode.3,v 1.2 2016/11/30 13:46:26 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_GET_VERIFY_MODE 3
.Os
.Sh NAME
.Nm SSL_CTX_get_verify_mode ,
.Nm SSL_get_verify_mode ,
.Nm SSL_CTX_get_verify_depth ,
.Nm SSL_get_verify_depth ,
61
62
63
64
65
66
67
68
69
70
71
72
73
.Pp
.Fn SSL_get_verify_callback
returns a function pointer to the verification callback currently set in
.Fa ssl .
If no callback was explicitly set, the
.Dv NULL
pointer is returned and the default callback will be used.
.Sh RETURN VALUES
See
.Sx DESCRIPTION
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_verify 3







<
<
<



108
109
110
111
112
113
114



115
116
117
.Pp
.Fn SSL_get_verify_callback
returns a function pointer to the verification callback currently set in
.Fa ssl .
If no callback was explicitly set, the
.Dv NULL
pointer is returned and the default callback will be used.



.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_verify 3
Changes to jni/libressl/man/SSL_CTX_load_verify_locations.3.


1



2



3








































4
5
6
7
8

9
10
11
12
13
14
15




16
17
18
19
20
21
22
23
24
25
26











27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_load_verify_locations

.Nd set default locations for trusted CA certificates
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_CTX_load_verify_locations
.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath"
.Fc




.Sh DESCRIPTION
.Fn SSL_CTX_load_verify_locations
specifies the locations for
.Fa ctx ,
at which CA certificates for verification purposes are located.
The certificates available via
.Fa CAfile
and
.Fa CApath
are trusted.
.Sh NOTES











If
.Fa CAfile
is not
.Dv NULL ,
it points to a file of CA certificates in PEM format.
The file can contain several CA certificates identified by sequences of:
.Bd -literal
 -----BEGIN CERTIFICATE-----
 ... (CA certificate in base64 encoding) ...
 -----END CERTIFICATE-----
.Ed

Before, between, and after the certificates arbitrary text is allowed which can
be used, e.g., for descriptions of the certificates.
.Pp
The
.Fa CAfile
is processed on execution of the
.Fn SSL_CTX_load_verify_locations
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
>







>
>
>
>










|
>
>
>
>
>
>
>
>
>
>
>











>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
.\"	$OpenBSD: SSL_CTX_load_verify_locations.3,v 1.2 2016/11/30 14:16:38 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_load_verify_locations ,
.Nm SSL_CTX_set_default_verify_paths
.Nd set default locations for trusted CA certificates
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_CTX_load_verify_locations
.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath"
.Fc
.Ft int
.Fo SSL_CTX_set_default_verify_paths
.Fa "SSL_CTX *ctx"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_load_verify_locations
specifies the locations for
.Fa ctx ,
at which CA certificates for verification purposes are located.
The certificates available via
.Fa CAfile
and
.Fa CApath
are trusted.
.Pp
.Fn SSL_CTX_set_default_verify_paths
specifies that the default locations from which CA certificates are
loaded should be used.
There is one default directory and one default file.
The default CA certificates directory is called
.Pa certs
in the default OpenSSL directory.
The default CA certificates file is called
.Pa cert.pem
in the default OpenSSL directory.
.Pp
If
.Fa CAfile
is not
.Dv NULL ,
it points to a file of CA certificates in PEM format.
The file can contain several CA certificates identified by sequences of:
.Bd -literal
 -----BEGIN CERTIFICATE-----
 ... (CA certificate in base64 encoding) ...
 -----END CERTIFICATE-----
.Ed
.Pp
Before, between, and after the certificates arbitrary text is allowed which can
be used, e.g., for descriptions of the certificates.
.Pp
The
.Fa CAfile
is processed on execution of the
.Fn SSL_CTX_load_verify_locations
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106


107
108
109
110
111
112
113
114
115
116
117
118
119
120




121
122
123
124
125
126
127
fill in missing certificates from
.Fa CAfile Ns / Fa CApath ,
if the
certificate chain was not explicitly specified (see
.Xr SSL_CTX_add_extra_chain_cert 3
and
.Xr SSL_CTX_use_certificate 3 ) .
.Sh WARNINGS
If several CA certificates matching the name, key identifier, and serial
number condition are available, only the first one will be examined.
This may lead to unexpected results if the same CA certificate is available
with different expiration dates.
If a
.Dq certificate expired
verification error occurs, no other certificate will be searched.
Make sure to not have expired certificates mixed with valid ones.
.Sh RETURN VALUES


The following return values can occur:
.Bl -tag -width Ds
.It 0
The operation failed because
.Fa CAfile
and
.Fa CApath
are
.Dv NULL
or the processing at one of the locations specified failed.
Check the error stack to find out the reason.
.It 1
The operation succeeded.
.El




.Sh EXAMPLES
Generate a CA certificate file with descriptive text from the CA certificates
.Pa ca1.pem
.Pa ca2.pem
.Pa ca3.pem :
.Bd -literal
#!/bin/sh







<
<
<
<
<
<
<
<
<

>
>
|













>
>
>
>







155
156
157
158
159
160
161









162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
fill in missing certificates from
.Fa CAfile Ns / Fa CApath ,
if the
certificate chain was not explicitly specified (see
.Xr SSL_CTX_add_extra_chain_cert 3
and
.Xr SSL_CTX_use_certificate 3 ) .









.Sh RETURN VALUES
For
.Fn SSL_CTX_load_verify_locations ,
the following return values can occur:
.Bl -tag -width Ds
.It 0
The operation failed because
.Fa CAfile
and
.Fa CApath
are
.Dv NULL
or the processing at one of the locations specified failed.
Check the error stack to find out the reason.
.It 1
The operation succeeded.
.El
.Pp
.Fn SSL_CTX_set_default_verify_paths
returns 1 on success or 0 on failure.
A missing default location is still treated as a success.
.Sh EXAMPLES
Generate a CA certificate file with descriptive text from the CA certificates
.Pa ca1.pem
.Pa ca2.pem
.Pa ca3.pem :
.Bd -literal
#!/bin/sh
155
156
157
158
159
160
161









.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_add_extra_chain_cert 3 ,
.Xr SSL_CTX_set_cert_store 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_use_certificate 3 ,
.Xr SSL_get_client_CA_list 3
















>
>
>
>
>
>
>
>
>
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_add_extra_chain_cert 3 ,
.Xr SSL_CTX_set_cert_store 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_use_certificate 3 ,
.Xr SSL_get_client_CA_list 3
.Sh CAVEATS
If several CA certificates matching the name, key identifier, and serial
number condition are available, only the first one will be examined.
This may lead to unexpected results if the same CA certificate is available
with different expiration dates.
If a
.Dq certificate expired
verification error occurs, no other certificate will be searched.
Make sure to not have expired certificates mixed with valid ones.
Changes to jni/libressl/man/SSL_CTX_new.3.


1



2



3








































4
5
6
7
8



9
10
11
12
13
14
15
16
17



18
19
20
21
22
23
24
25




































26
27
28
29
30



31
32
33
34
35
36
37
38
39
40
41


42
43

44
45
46




47
48
49
50
51




52







53

54
55

56

57

58
59
60

61
62
63
64

65
66
67
68
69

70
71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

88

89
90
91
92
93
94
95
96
97
98
99
100


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_NEW 3
.Os
.Sh NAME
.Nm SSL_CTX_new ,



.Nm SSLv3_method ,
.Nm SSLv3_server_method ,
.Nm SSLv3_client_method ,
.Nm TLSv1_method ,
.Nm TLSv1_server_method ,
.Nm TLSv1_client_method ,
.Nm TLSv1_1_method ,
.Nm TLSv1_1_server_method ,
.Nm TLSv1_1_client_method ,



.Nm SSLv23_method ,
.Nm SSLv23_server_method ,
.Nm SSLv23_client_method
.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL_CTX *
.Fn SSL_CTX_new "const SSL_METHOD *method"




































.Sh DESCRIPTION
.Fn SSL_CTX_new
creates a new
.Vt SSL_CTX
object as framework to establish TLS/SSL enabled connections.



.Sh NOTES
The
.Vt SSL_CTX
object uses
.Fa method
as its connection method.
The methods exist in a generic type (for client and server use),
a server only type, and a client only type.
.Fa method
can be of the following types:
.Bl -tag -width Ds


.It Fn SSLv3_method void , Fn SSLv3_server_method void , \
Fn SSLv3_client_method void

A TLS/SSL connection established with these methods will only understand the
SSLv3 protocol.
A client will send out SSLv3 client hello messages and will indicate that it




only understands SSLv3.
A server will only understand SSLv3 client hello messages.
Importantly, this means that it will not understand SSLv2 client hello messages
which are widely used for compatibility reasons; see
.Fn SSLv23_*_method .




.It Fn TLSv1_method void , Fn TLSv1_server_method void , \







Fn TLSv1_client_method void

A TLS/SSL connection established with these methods will only understand the
TLSv1 protocol.

A client will send out TLSv1 client hello messages and will indicate that it

only understands TLSv1.

A server will only understand TLSv1 client hello messages.
Importantly, this means that it will not understand SSLv2 client hello messages
which are widely used for compatibility reasons; see

.Fn SSLv23_*_method .
It will also not understand SSLv3 client hello messages.
.It Fn SSLv23_method void , Fn SSLv23_server_method void , \
Fn SSLv23_client_method void

A TLS/SSL connection established with these methods may understand the SSLv3,
TLSv1, TLSv1.1 and TLSv1.2 protocols.
.Pp
A client will send out TLSv1 client hello messages including extensions and
will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback

to SSLv3.
A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
This is the best choice when compatibility is a concern.

.El
.Pp
The list of protocols available can later be limited using the
.Dv SSL_OP_NO_SSLv3 ,
.Dv SSL_OP_NO_TLSv1 ,
.Dv SSL_OP_NO_TLSv1_1 ,
and
.Dv SSL_OP_NO_TLSv1_2
options of the
.Fn SSL_CTX_set_options
or
.Fn SSL_set_options
functions.
Using these options it is possible to choose, for example,
.Fn SSLv23_server_method

and be able to negotiate with all possible clients,

but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2.
.Pp
.Fn SSL_CTX_new
initializes the list of ciphers, the session cache setting, the callbacks,
the keys and certificates, and the options to its default values.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
The creation of a new
.Vt SSL_CTX
object failed.
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




>
>
>
|
|
|






>
>
>
|
|
|





>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




|
>
>
>
|










>
>
|
|
>
|
|
|
>
>
>
>
|
|
<
<
|
>
>
>
>
|
>
>
>
>
>
>
>
|
>
|
|
>
|
>
|
>
|
|
<
>
|
<
|
|
>
|
|
|
|
|
>
|
<
<
>


|
<





|

|
|
|
|
>
|
>
|
<
<
<
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148


149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

173
174

175
176
177
178
179
180
181
182
183
184


185
186
187
188

189
190
191
192
193
194
195
196
197
198
199
200
201
202
203




204
205
206
207
208
209
210
.\"	$OpenBSD: SSL_CTX_new.3,v 1.2 2016/11/30 15:48:53 schwarze Exp $
.\"	OpenSSL 21cd6e00 Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2005, 2012, 2013, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_NEW 3
.Os
.Sh NAME
.Nm SSL_CTX_new ,
.Nm TLS_method ,
.Nm TLS_server_method ,
.Nm TLS_client_method ,
.Nm SSLv23_method ,
.Nm SSLv23_server_method ,
.Nm SSLv23_client_method ,
.Nm TLSv1_method ,
.Nm TLSv1_server_method ,
.Nm TLSv1_client_method ,
.Nm TLSv1_1_method ,
.Nm TLSv1_1_server_method ,
.Nm TLSv1_1_client_method ,
.Nm TLSv1_2_method ,
.Nm TLSv1_2_server_method ,
.Nm TLSv1_2_client_method ,
.Nm DTLSv1_method ,
.Nm DTLSv1_server_method ,
.Nm DTLSv1_client_method
.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL_CTX *
.Fn SSL_CTX_new "const SSL_METHOD *method"
.Ft const SSL_METHOD *
.Fn TLS_method void
.Ft const SSL_METHOD *
.Fn TLS_server_method void
.Ft const SSL_METHOD *
.Fn TLS_client_method void
.Ft const SSL_METHOD *
.Fn SSLv23_method void
.Ft const SSL_METHOD *
.Fn SSLv23_server_method void
.Ft const SSL_METHOD *
.Fn SSLv23_client_method void
.Ft const SSL_METHOD *
.Fn TLSv1_method void
.Ft const SSL_METHOD *
.Fn TLSv1_server_method void
.Ft const SSL_METHOD *
.Fn TLSv1_client_method void
.Ft const SSL_METHOD *
.Fn TLSv1_1_method void
.Ft const SSL_METHOD *
.Fn TLSv1_1_server_method void
.Ft const SSL_METHOD *
.Fn TLSv1_1_client_method void
.Ft const SSL_METHOD *
.Fn TLSv1_2_method void
.Ft const SSL_METHOD *
.Fn TLSv1_2_server_method void
.Ft const SSL_METHOD *
.Fn TLSv1_2_client_method void
.Ft const SSL_METHOD *
.Fn DTLSv1_method void
.Ft const SSL_METHOD *
.Fn DTLSv1_server_method void
.Ft const SSL_METHOD *
.Fn DTLSv1_client_method void
.Sh DESCRIPTION
.Fn SSL_CTX_new
creates a new
.Vt SSL_CTX
object as framework to establish TLS/SSL or DTLS enabled connections.
It initializes the list of ciphers, the session cache setting, the
callbacks, the keys and certificates, and the options to its default
values.
.Pp
The
.Vt SSL_CTX
object uses
.Fa method
as its connection method.
The methods exist in a generic type (for client and server use),
a server only type, and a client only type.
.Fa method
can be of the following types:
.Bl -tag -width Ds
.It Xo
.Fn TLS_method ,
.Fn TLS_server_method ,
.Fn TLS_client_method
.Xc
These are the general-purpose version-flexible SSL/TLS methods.
The actual protocol version used will be negotiated to the highest
version mutually supported by the client and the server.
The supported protocols are TLSv1, TLSv1.1 and TLSv1.2.
Applications should use these methods and avoid the version-specific
methods described below.
.It Xo
.Fn SSLv23_method ,
.Fn SSLv23_server_method ,


.Fn SSLv23_client_method
.Xc
Use of these functions is deprecated.
They have been replaced with the above
.Fn TLS_method ,
.Fn TLS_server_method ,
and
.Fn TLS_client_method ,
respectively.
New code should use those functions instead.
.It Xo
.Fn TLSv1_method ,
.Fn TLSv1_server_method ,
.Fn TLSv1_client_method
.Xc
A TLS/SSL connection established with these methods will only
understand the TLSv1 protocol.
.It Xo
.Fn TLSv1_1_method ,
.Fn TLSv1_1_server_method ,
.Fn TLSv1_1_client_method
.Xc
A TLS/SSL connection established with these methods will only
understand the TLSv1.1 protocol.

.It Xo
.Fn TLSv1_2_method ,

.Fn TLSv1_2_server_method ,
.Fn TLSv1_2_client_method
.Xc
A TLS/SSL connection established with these methods will only
understand the TLSv1.2 protocol.
.It Xo
.Fn DTLSv1_method ,
.Fn DTLSv1_server_method ,
.Fn DTLSv1_client_method
.Xc


These are the version-specific methods for DTLSv1.
.El
.Pp
The list of protocols available can also be limited using the

.Dv SSL_OP_NO_TLSv1 ,
.Dv SSL_OP_NO_TLSv1_1 ,
and
.Dv SSL_OP_NO_TLSv1_2
options of the
.Xr SSL_CTX_set_options 3
or
.Xr SSL_set_options 3
functions, but this approach is not recommended.
Clients should avoid creating "holes" in the set of protocols they support.
When disabling a protocol, make sure that you also disable either
all previous or all subsequent protocol versions.
In clients, when a protocol version is disabled without disabling
all previous protocol versions, the effect is to also disable all
subsequent protocol versions.




.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
The creation of a new
.Vt SSL_CTX
object failed.
Changes to jni/libressl/man/SSL_CTX_sess_number.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SESS_NUMBER 3
.Os
.Sh NAME
.Nm SSL_CTX_sess_number ,
.Nm SSL_CTX_sess_connect ,
.Nm SSL_CTX_sess_connect_good ,
.Nm SSL_CTX_sess_connect_renegotiate ,
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_sess_number.3,v 1.2 2016/11/30 16:23:10 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SESS_NUMBER 3
.Os
.Sh NAME
.Nm SSL_CTX_sess_number ,
.Nm SSL_CTX_sess_connect ,
.Nm SSL_CTX_sess_connect_good ,
.Nm SSL_CTX_sess_connect_renegotiate ,
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
These sessions are not included in the
.Fn SSL_CTX_sess_hits
count.
.Pp
.Fn SSL_CTX_sess_cache_full
returns the number of sessions that were removed because the maximum session
cache size was exceeded.
.Sh RETURN VALUES
The functions return the values indicated in the
.Sx DESCRIPTION
section.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_sess_set_cache_size 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_set_session 3







<
<
<
<





136
137
138
139
140
141
142




143
144
145
146
147
These sessions are not included in the
.Fn SSL_CTX_sess_hits
count.
.Pp
.Fn SSL_CTX_sess_cache_full
returns the number of sessions that were removed because the maximum session
cache size was exceeded.




.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_sess_set_cache_size 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_set_session 3
Changes to jni/libressl/man/SSL_CTX_sess_set_cache_size.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3
.Os
.Sh NAME
.Nm SSL_CTX_sess_set_cache_size ,
.Nm SSL_CTX_sess_get_cache_size
.Nd manipulate session cache size
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.2 2016/11/30 16:24:56 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3
.Os
.Sh NAME
.Nm SSL_CTX_sess_set_cache_size ,
.Nm SSL_CTX_sess_get_cache_size
.Nd manipulate session cache size
.Sh SYNOPSIS
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
sets the size of the internal session cache of context
.Fa ctx
to
.Fa t .
.Pp
.Fn SSL_CTX_sess_get_cache_size
returns the currently valid session cache size.
.Sh NOTES
The internal session cache size is
.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT ,
currently 1024\(mu20, so that up to 20000 sessions can be held.
This size can be modified using the
.Fn SSL_CTX_sess_set_cache_size
call.
A special case is the size 0, which is used for unlimited size.
.Pp
When the maximum number of sessions is reached,
no more new sessions are added to the cache.
New space may be added by calling
.Xr SSL_CTX_flush_sessions 3
to remove expired sessions.
.Pp
If the size of the session cache is reduced and more sessions are already in
the session cache,
old session will be removed the next time a session shall be added.
This removal is not synchronized with the expiration of sessions.







|








|
|
|







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
sets the size of the internal session cache of context
.Fa ctx
to
.Fa t .
.Pp
.Fn SSL_CTX_sess_get_cache_size
returns the currently valid session cache size.
.Pp
The internal session cache size is
.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT ,
currently 1024\(mu20, so that up to 20000 sessions can be held.
This size can be modified using the
.Fn SSL_CTX_sess_set_cache_size
call.
A special case is the size 0, which is used for unlimited size.
.Pp
If adding the session makes the cache exceed its size, then unused
sessions are dropped from the end of the cache.
Cache space may also be reclaimed by calling
.Xr SSL_CTX_flush_sessions 3
to remove expired sessions.
.Pp
If the size of the session cache is reduced and more sessions are already in
the session cache,
old session will be removed the next time a session shall be added.
This removal is not synchronized with the expiration of sessions.
Changes to jni/libressl/man/SSL_CTX_sess_set_get_cb.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SESS_SET_GET_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_sess_set_new_cb ,
.Nm SSL_CTX_sess_set_remove_cb ,
.Nm SSL_CTX_sess_set_get_cb ,
.Nm SSL_CTX_sess_get_new_cb ,
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.2 2016/11/30 16:25:29 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2002, 2003, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SESS_SET_GET_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_sess_set_new_cb ,
.Nm SSL_CTX_sess_set_remove_cb ,
.Nm SSL_CTX_sess_set_get_cb ,
.Nm SSL_CTX_sess_get_new_cb ,
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
.Fn SSL_CTX_sess_get_remove_cb ,
and
.Fn SSL_CTX_sess_get_get_cb
retrieve the function pointers of the provided callback functions.
If a callback function has not been set, the
.Dv NULL
pointer is returned.
.Sh NOTES
In order to allow external session caching, synchronization with the internal
session cache is realized via callback functions.
Inside these callback functions, session can be saved to disk or put into a
database using the
.Xr d2i_SSL_SESSION 3
interface.
.Pp







|







132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
.Fn SSL_CTX_sess_get_remove_cb ,
and
.Fn SSL_CTX_sess_get_get_cb
retrieve the function pointers of the provided callback functions.
If a callback function has not been set, the
.Dv NULL
pointer is returned.
.Pp
In order to allow external session caching, synchronization with the internal
session cache is realized via callback functions.
Inside these callback functions, session can be saved to disk or put into a
database using the
.Xr d2i_SSL_SESSION 3
interface.
.Pp
Changes to jni/libressl/man/SSL_CTX_sessions.3.


1
2


3












































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26


.\"
.\"	$OpenBSD: SSL_CTX_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_SESSIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_sessions
.Nd access internal session cache
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft struct lhash_st *
.Fn SSL_CTX_sessions "SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_CTX_sessions
returns a pointer to the lhash databases containing the internal session cache
for
.Fa ctx .
.Sh NOTES
The sessions in the internal session cache are kept in an
lhash-type database
(see
.Xr lh_new 3 ) .
It is possible to directly access this database, e.g., for searching.
In parallel,
the sessions form a linked list which is maintained separately from the
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|














|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
.\"	$OpenBSD: SSL_CTX_sessions.3,v 1.2 2016/11/30 16:25:29 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SESSIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_sessions
.Nd access internal session cache
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft struct lhash_st *
.Fn SSL_CTX_sessions "SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_CTX_sessions
returns a pointer to the lhash databases containing the internal session cache
for
.Fa ctx .
.Pp
The sessions in the internal session cache are kept in an
lhash-type database
(see
.Xr lh_new 3 ) .
It is possible to directly access this database, e.g., for searching.
In parallel,
the sessions form a linked list which is maintained separately from the
Added jni/libressl/man/SSL_CTX_set_alpn_select_cb.3.
















































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
.\"	$OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.1 2016/11/30 16:46:56 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Todd Short <tshort@akamai.com>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_ALPN_SELECT_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_alpn_protos ,
.Nm SSL_set_alpn_protos ,
.Nm SSL_CTX_set_alpn_select_cb ,
.Nm SSL_select_next_proto ,
.Nm SSL_get0_alpn_selected
.Nd handle application layer protocol negotiation (ALPN)
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_CTX_set_alpn_protos
.Fa "SSL_CTX *ctx"
.Fa "const unsigned char *protos"
.Fa "unsigned int protos_len"
.Fc
.Ft int
.Fo SSL_set_alpn_protos
.Fa "SSL *ssl"
.Fa "const unsigned char *protos"
.Fa "unsigned int protos_len"
.Fc
.Ft void
.Fo SSL_CTX_set_alpn_select_cb
.Fa "SSL_CTX *ctx"
.Fa "int (*cb) (SSL *ssl"
.Fa "const unsigned char **out"
.Fa "unsigned char *outlen"
.Fa "const unsigned char *in"
.Fa "unsigned int inlen"
.Fa "void *arg)"
.Fa "void *arg"
.Fc
.Ft int
.Fo SSL_select_next_proto
.Fa "unsigned char **out"
.Fa "unsigned char *outlen"
.Fa "const unsigned char *server"
.Fa "unsigned int server_len"
.Fa "const unsigned char *client"
.Fa "unsigned int client_len"
.Fc
.Ft void
.Fo SSL_get0_alpn_selected
.Fa "const SSL *ssl"
.Fa "const unsigned char **data"
.Fa "unsigned int *len"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_set_alpn_protos
and
.Fn SSL_set_alpn_protos
are used by the client to set the list of protocols available to be
negotiated.
The
.Fa protos
must be in protocol-list format, described below.
The length of
.Fa protos
is specified in
.Fa protos_len .
.Pp
.Fn SSL_CTX_set_alpn_select_cb
sets the application callback
.Fa cb
used by a server to select which protocol to use for the incoming
connection.
When
.Fa cb
is
.Dv NULL ,
ALPN is not used.
The
.Fa arg
value is a pointer which is passed to the application callback.
.Pp
.Fa cb
is the application defined callback.
The
.Fa in ,
.Fa inlen
parameters are a vector in protocol-list format.
The value of the
.Fa out ,
.Fa outlen
vector should be set to the value of a single protocol selected from the
.Fa in ,
.Fa inlen
vector.
The
.Fa out
buffer may point directly into
.Fa in ,
or to a buffer that outlives the handshake.
The
.Fa arg
parameter is the pointer set via
.Fn SSL_CTX_set_alpn_select_cb .
.Pp
.Fn SSL_select_next_proto
is a helper function used to select protocols.
It implements the standard protocol selection.
It is expected that this function is called from the application
callback
.Fa cb .
The protocol data in
.Fa server ,
.Fa server_len
and
.Fa client ,
.Fa client_len
must be in the protocol-list format described below.
The first item in the
.Fa server ,
.Fa server_len
list that matches an item in the
.Fa client ,
.Fa client_len
list is selected, and returned in
.Fa out ,
.Fa outlen .
The
.Fa out
value will point into either
.Fa server
or
.Fa client ,
so it should be copied immediately.
If no match is found, the first item in
.Fa client ,
.Fa client_len
is returned in
.Fa out ,
.Fa outlen .
This function can also be used in the NPN callback.
.Pp
.Fn SSL_get0_alpn_selected
returns a pointer to the selected protocol in
.Fa data
with length
.Fa len .
It is not NUL-terminated.
.Fa data
is set to
.Dv NULL
and
.Fa len
is set to 0 if no protocol has been selected.
.Fa data
must not be freed.
.Pp
The protocol-lists must be in wire-format, which is defined as a vector
of non-empty, 8-bit length-prefixed byte strings.
The length-prefix byte is not included in the length.
Each string is limited to 255 bytes.
A byte-string length of 0 is invalid.
A truncated byte-string is invalid.
The length of the vector is not in the vector itself, but in a separate
variable.
.Pp
For example:
.Bd -literal
unsigned char vector[] = {
	6, 's', 'p', 'd', 'y', '/', '1',
	8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int length = sizeof(vector);
.Ed
.Pp
The ALPN callback is executed after the servername callback; as that
servername callback may update the SSL_CTX, and subsequently, the ALPN
callback.
.Pp
If there is no ALPN proposed in the ClientHello, the ALPN callback is
not invoked.
.Sh RETURN VALUES
.Fn SSL_CTX_set_alpn_protos
and
.Fn SSL_set_alpn_protos
return 0 on success or non-zero on failure.
WARNING: these functions reverse the return value convention.
.Pp
.Fn SSL_select_next_proto
returns one of the following:
.Bl -tag -width Ds
.It OPENSSL_NPN_NEGOTIATED
A match was found and is returned in
.Fa out ,
.Fa outlen .
.It OPENSSL_NPN_NO_OVERLAP
No match was found.
The first item in
.Fa client ,
.Fa client_len
is returned in
.Fa out ,
.Fa outlen .
.El
.Pp
The ALPN select callback
.Fa cb
must return one of the following:
.Bl -tag -width Ds
.It SSL_TLSEXT_ERR_OK
ALPN protocol selected.
.It SSL_TLSEXT_ERR_NOACK
ALPN protocol not selected.
.El
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_tlsext_servername_arg 3 ,
.Xr SSL_CTX_set_tlsext_servername_callback 3
Changes to jni/libressl/man/SSL_CTX_set_cert_store.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_CERT_STORE 3
.Os
.Sh NAME
.Nm SSL_CTX_set_cert_store ,
.Nm SSL_CTX_get_cert_store
.Nd manipulate X509 certificate verification storage
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
.Ft X509_STORE *
.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_CTX_set_cert_store
setsthe verification storage of
.Fa ctx
to or replaces it with
.Fa store .
If another
.Vt X509_STORE
object is currently set in
.Fa ctx ,
it will be
.Xr X509_STORE_free 3 Ns ed.
.Pp
.Fn SSL_CTX_get_cert_store
returns a pointer to the current certificate verification storage.
.Sh NOTES
In order to verify the certificates presented by the peer, trusted CA
certificates must be accessed.
These CA certificates are made available via lookup methods, handled inside the
.Vt X509_STORE .
From the
.Vt X509_STORE
the
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|














|








|



|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
.\"	$OpenBSD: SSL_CTX_set_cert_store.3,v 1.3 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2002, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_CTX_SET_CERT_STORE 3
.Os
.Sh NAME
.Nm SSL_CTX_set_cert_store ,
.Nm SSL_CTX_get_cert_store
.Nd manipulate X509 certificate verification storage
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
.Ft X509_STORE *
.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_CTX_set_cert_store
sets the verification storage of
.Fa ctx
to or replaces it with
.Fa store .
If another
.Vt X509_STORE
object is currently set in
.Fa ctx ,
it will be
.Xr X509_STORE_free 3 Ns ed .
.Pp
.Fn SSL_CTX_get_cert_store
returns a pointer to the current certificate verification storage.
.Pp
In order to verify the certificates presented by the peer, trusted CA
certificates must be accessed.
These CA certificates are made available via lookup methods, handled inside the
.Vt X509_STORE .
From the
.Vt X509_STORE
the
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
set via the
.Xr SSL_CTX_set_verify 3
family of functions.
This document must therefore be updated when documentation about the
.Vt X509_STORE
object and its handling becomes available.
.Sh RETURN VALUES
.Fn SSL_CTX_set_cert_store
does not return diagnostic output.
.Pp
.Fn SSL_CTX_get_cert_store
returns the current setting.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_verify 3







<
<
<






112
113
114
115
116
117
118



119
120
121
122
123
124
set via the
.Xr SSL_CTX_set_verify 3
family of functions.
This document must therefore be updated when documentation about the
.Vt X509_STORE
object and its handling becomes available.
.Sh RETURN VALUES



.Fn SSL_CTX_get_cert_store
returns the current setting.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_verify 3
Changes to jni/libressl/man/SSL_CTX_set_cert_verify_callback.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_cert_verify_callback
.Nd set peer certificate verification procedure
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.2 2016/11/30 17:23:53 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_cert_verify_callback
.Nd set peer certificate verification procedure
.Sh SYNOPSIS
.In openssl/ssl.h
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

















Within
.Fa x509_store_ctx ,
.Fa callback
has access to the
.Fa verify_callback
function set using
.Xr SSL_CTX_set_verify 3 .
.Sh WARNINGS
Do not mix the verification callback described in this function with the
.Fa verify_callback
function called during the verification process.
The latter is set using the
.Xr SSL_CTX_set_verify 3
family of functions.
.Pp
Providing a complete verification procedure including certificate purpose
settings, etc., is a complex task.
The built-in procedure is quite powerful and in most cases it should be
sufficient to modify its behaviour using the
.Fa verify_callback
function.
.Sh RETURN VALUES
.Fn SSL_CTX_set_cert_verify_callback
does not provide diagnostic information.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_get_verify_result 3
.Sh HISTORY
Previous to OpenSSL 0.9.7, the
.Fa arg
argument to
.Fn SSL_CTX_set_cert_verify_callback
was ignored, and
.Fa callback
was called
simply as
.Ft int
.Fn (*callback) "X509_STORE_CTX *" .
To compile software written for previous versions of OpenSSL,
a dummy argument will have to be added to
.Fa callback .
























<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



















>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
117
118
119
120
121
122
123

















124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
Within
.Fa x509_store_ctx ,
.Fa callback
has access to the
.Fa verify_callback
function set using
.Xr SSL_CTX_set_verify 3 .

















.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_get_verify_result 3
.Sh HISTORY
Previous to OpenSSL 0.9.7, the
.Fa arg
argument to
.Fn SSL_CTX_set_cert_verify_callback
was ignored, and
.Fa callback
was called
simply as
.Ft int
.Fn (*callback) "X509_STORE_CTX *" .
To compile software written for previous versions of OpenSSL,
a dummy argument will have to be added to
.Fa callback .
.Sh CAVEATS
Do not mix the verification callback described in this function with the
.Fa verify_callback
function called during the verification process.
The latter is set using the
.Xr SSL_CTX_set_verify 3
family of functions.
.Pp
Providing a complete verification procedure including certificate purpose
settings, etc., is a complex task.
The built-in procedure is quite powerful and in most cases it should be
sufficient to modify its behaviour using the
.Fa verify_callback
function.
.Sh BUGS
.Fn SSL_CTX_set_cert_verify_callback
does not provide diagnostic information.
Changes to jni/libressl/man/SSL_CTX_set_cipher_list.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_CIPHER_LIST 3
.Os
.Sh NAME
.Nm SSL_CTX_set_cipher_list ,
.Nm SSL_set_cipher_list
.Nd choose list of available SSL_CIPHERs
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_cipher_list.3,v 1.2 2016/11/30 17:25:20 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_CIPHER_LIST 3
.Os
.Sh NAME
.Nm SSL_CTX_set_cipher_list ,
.Nm SSL_set_cipher_list
.Nd choose list of available SSL_CIPHERs
.Sh SYNOPSIS
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
.Fa ssl
objects created from
.Fa ctx .
.Pp
.Fn SSL_set_cipher_list
sets the list of ciphers only for
.Fa ssl .
.Sh NOTES
The control string
.Fa str
should be universally usable and not depend on details of the library
configuration (ciphers compiled in).
Thus no syntax checking takes place.
Items that are not recognized, because the corresponding ciphers are not
compiled in or because they are mistyped, are simply ignored.
Failure is only flagged if no ciphers could be collected at all.
.Pp
It should be noted that inclusion of a cipher to be used into the list is a
necessary condition.
On the client side, the inclusion into the list is also sufficient.
On the server side, additional restrictions apply.
All ciphers have additional requirements.
ADH ciphers don't need a certificate, but DH-parameters must have been set.
All other ciphers need a corresponding certificate and key.
.Pp
A RSA cipher can only be chosen when a RSA certificate is available.
RSA export ciphers with a keylength of 512 bits for the RSA key require a
temporary 512 bit RSA key, as typically the supplied key has a length of 1024
bits (see
.Xr SSL_CTX_set_tmp_rsa_callback 3 ) .
RSA ciphers using EDH need a certificate and key and additional DH-parameters
(see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
.Pp
A DSA cipher can only be chosen when a DSA certificate is available.
DSA ciphers always use DH key exchange and therefore need DH-parameters (see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
.Pp
When these conditions are not met for any cipher in the list (for example, a
client only supports export RSA ciphers with an asymmetric key length of 512
bits and the server is not configured to use temporary RSA keys), the
.Dq no shared cipher
.Pq Dv SSL_R_NO_SHARED_CIPHER
error is generated and the handshake will fail.
.Sh RETURN VALUES
.Fn SSL_CTX_set_cipher_list
and
.Fn SSL_set_cipher_list
return 1 if any cipher could be selected and 0 on complete failure.
.Sh SEE ALSO
.Xr ciphers 1 ,
.Xr ssl 3 ,
.Xr SSL_CTX_set_tmp_dh_callback 3 ,
.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
.Xr SSL_CTX_use_certificate 3 ,
.Xr SSL_get_ciphers 3







|


















<
<
<
<
|



















<


<


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99




100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120
121

122
123
.Fa ssl
objects created from
.Fa ctx .
.Pp
.Fn SSL_set_cipher_list
sets the list of ciphers only for
.Fa ssl .
.Pp
The control string
.Fa str
should be universally usable and not depend on details of the library
configuration (ciphers compiled in).
Thus no syntax checking takes place.
Items that are not recognized, because the corresponding ciphers are not
compiled in or because they are mistyped, are simply ignored.
Failure is only flagged if no ciphers could be collected at all.
.Pp
It should be noted that inclusion of a cipher to be used into the list is a
necessary condition.
On the client side, the inclusion into the list is also sufficient.
On the server side, additional restrictions apply.
All ciphers have additional requirements.
ADH ciphers don't need a certificate, but DH-parameters must have been set.
All other ciphers need a corresponding certificate and key.
.Pp
A RSA cipher can only be chosen when a RSA certificate is available.




RSA ciphers using DHE need a certificate and key and additional DH-parameters
(see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
.Pp
A DSA cipher can only be chosen when a DSA certificate is available.
DSA ciphers always use DH key exchange and therefore need DH-parameters (see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
.Pp
When these conditions are not met for any cipher in the list (for example, a
client only supports export RSA ciphers with an asymmetric key length of 512
bits and the server is not configured to use temporary RSA keys), the
.Dq no shared cipher
.Pq Dv SSL_R_NO_SHARED_CIPHER
error is generated and the handshake will fail.
.Sh RETURN VALUES
.Fn SSL_CTX_set_cipher_list
and
.Fn SSL_set_cipher_list
return 1 if any cipher could be selected and 0 on complete failure.
.Sh SEE ALSO

.Xr ssl 3 ,
.Xr SSL_CTX_set_tmp_dh_callback 3 ,

.Xr SSL_CTX_use_certificate 3 ,
.Xr SSL_get_ciphers 3
Changes to jni/libressl/man/SSL_CTX_set_client_CA_list.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_CLIENT_CA_LIST 3
.Os
.Sh NAME
.Nm SSL_CTX_set_client_CA_list ,
.Nm SSL_set_client_CA_list ,
.Nm SSL_CTX_add_client_CA ,
.Nm  SSL_add_client_CA
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.3 2016/12/14 16:20:28 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 14 2016 $
.Dt SSL_CTX_SET_CLIENT_CA_LIST 3
.Os
.Sh NAME
.Nm SSL_CTX_set_client_CA_list ,
.Nm SSL_set_client_CA_list ,
.Nm SSL_CTX_add_client_CA ,
.Nm  SSL_add_client_CA
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
to the list of CAs sent to the client when requesting a client certificate for
the chosen
.Fa ssl ,
overriding the setting valid for
.Fa ssl Ns 's
.Va SSL_CTX
object.
.Sh NOTES
When a TLS/SSL server requests a client certificate (see
.Fn SSL_CTX_set_verify ) ,
it sends a list of CAs for which it will accept certificates to the client.
.Pp
This list must explicitly be set using
.Fn SSL_CTX_set_client_CA_list
for







|







96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
to the list of CAs sent to the client when requesting a client certificate for
the chosen
.Fa ssl ,
overriding the setting valid for
.Fa ssl Ns 's
.Va SSL_CTX
object.
.Pp
When a TLS/SSL server requests a client certificate (see
.Fn SSL_CTX_set_verify ) ,
it sends a list of CAs for which it will accept certificates to the client.
.Pp
This list must explicitly be set using
.Fn SSL_CTX_set_client_CA_list
for
125
126
127
128
129
130
131
132

.Bd -literal
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
.Ed
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_get_client_CA_list 3 ,
.Xr SSL_load_client_CA_file 3








|
>
172
173
174
175
176
177
178
179
180
.Bd -literal
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
.Ed
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_get_client_CA_list 3 ,
.Xr SSL_load_client_CA_file 3 ,
.Xr X509_NAME_new 3
Changes to jni/libressl/man/SSL_CTX_set_client_cert_cb.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_CLIENT_CERT_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_client_cert_cb ,
.Nm SSL_CTX_get_client_cert_cb
.Nd handle client certificate callback function
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.2 2016/11/30 17:26:09 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_CLIENT_CERT_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_client_cert_cb ,
.Nm SSL_CTX_get_client_cert_cb
.Nd handle client certificate callback function
.Sh SYNOPSIS
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
If it wants to set a certificate,
a certificate/private key combination must be set using the
.Fa x509
and
.Fa pkey
arguments and 1 must be returned.
The certificate will be installed into
.Fa ssl ;
see the
.Sx NOTES
and
.Sx BUGS
sections.
If no certificate should be set,
0 has to be returned and no certificate will be sent.
A negative return value will suspend the handshake and the handshake function
will return immediately.
.Xr SSL_get_error 3
will return
.Dv SSL_ERROR_WANT_X509_LOOKUP
to indicate that the handshake was suspended.
The next call to the handshake function will again lead to the call of
.Fa client_cert_cb() .
It is the job of the
.Fa client_cert_cb()
to store information
about the state of the last call, if required to continue.
.Sh NOTES
During a handshake (or renegotiation)
a server may request a certificate from the client.
A client certificate must only be sent when the server did send the request.
.Pp
When a certificate has been set using the
.Xr SSL_CTX_use_certificate 3
family of functions,







|
<
<
<
<
<














|







89
90
91
92
93
94
95
96





97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
If it wants to set a certificate,
a certificate/private key combination must be set using the
.Fa x509
and
.Fa pkey
arguments and 1 must be returned.
The certificate will be installed into
.Fa ssl .





If no certificate should be set,
0 has to be returned and no certificate will be sent.
A negative return value will suspend the handshake and the handshake function
will return immediately.
.Xr SSL_get_error 3
will return
.Dv SSL_ERROR_WANT_X509_LOOKUP
to indicate that the handshake was suspended.
The next call to the handshake function will again lead to the call of
.Fa client_cert_cb() .
It is the job of the
.Fa client_cert_cb()
to store information
about the state of the last call, if required to continue.
.Pp
During a handshake (or renegotiation)
a server may request a certificate from the client.
A client certificate must only be sent when the server did send the request.
.Pp
When a certificate has been set using the
.Xr SSL_CTX_use_certificate 3
family of functions,
Changes to jni/libressl/man/SSL_CTX_set_default_passwd_cb.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_default_passwd_cb ,
.Nm SSL_CTX_set_default_passwd_cb_userdata
.Nd set passwd callback for encrypted PEM file handling
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
.Ft void
.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *u"

.Ft int
.Fn pem_passwd_cb "char *buf" "int size" "int rwflag" "void *userdata"
.Sh DESCRIPTION
.Fn SSL_CTX_set_default_passwd_cb
sets the default password callback called when loading/storing a PEM
certificate with encryption.
.Pp
.Fn SSL_CTX_set_default_passwd_cb_userdata
sets a pointer to userdata
.Fa u
which will be provided to the password callback on invocation.
.Pp
The

.Fn pem_passwd_cb ,
which must be provided by the application,
hands back the password to be used during decryption.
On invocation a pointer to
.Fa userdata
is provided.
The pem_passwd_cb must write the password into the provided buffer
.Fa buf
which is of size
.Fa size .
The actual length of the password must be returned to the calling function.
.Fa rwflag
indicates whether the callback is used for reading/decryption
.Pq Fa rwflag No = 0
or writing/encryption
.Pq Fa rwflag No = 1 .
.Sh NOTES
When loading or storing private keys, a password might be supplied to protect
the private key.
The way this password can be supplied may depend on the application.
If only one private key is handled, it can be practical to have
.Fn pem_passwd_cb
handle the password dialog interactively.
If several keys have to be handled, it can be practical to ask for the password
once, then keep it in memory and use it several times.
In the last case, the password could be stored into the
.Fa userdata
storage and the
.Fn pem_passwd_cb
only returns the password already stored.
.Pp
When asking for the password interactively,
.Fn pem_passwd_cb
can use
.Fa rwflag
to check whether an item shall be encrypted
.Pq Fa rwflag No = 1 .
In this case the password dialog may ask for the same password twice for
comparison in order to catch typos which would make decryption impossible.
.Pp
Other items in PEM formatting (certificates) can also be encrypted; it is
however atypical, as certificate information is considered public.
.Sh RETURN VALUES
.Fn SSL_CTX_set_default_passwd_cb
and
.Fn SSL_CTX_set_default_passwd_cb_userdata
do not provide diagnostic information.
.Sh EXAMPLES
The following example returns the password provided as
.Fa userdata
to the calling function.
The password is considered to be a
.Sq \e0
terminated string.
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|












>
|
|











>
|





|









|



|
<
|




<
<
|

|
<
<








<
<
<
<
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

100
101
102
103
104


105
106
107


108
109
110
111
112
113
114
115





116
117
118
119
120
121
122
.\"	$OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.2 2016/11/30 18:05:18 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_default_passwd_cb ,
.Nm SSL_CTX_set_default_passwd_cb_userdata
.Nd set passwd callback for encrypted PEM file handling
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
.Ft void
.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *u"
.In openssl/pem.h
.Ft typedef int
.Fn pem_password_cb "char *buf" "int size" "int rwflag" "void *userdata"
.Sh DESCRIPTION
.Fn SSL_CTX_set_default_passwd_cb
sets the default password callback called when loading/storing a PEM
certificate with encryption.
.Pp
.Fn SSL_CTX_set_default_passwd_cb_userdata
sets a pointer to userdata
.Fa u
which will be provided to the password callback on invocation.
.Pp
The
password callback
.Fa cb ,
which must be provided by the application,
hands back the password to be used during decryption.
On invocation a pointer to
.Fa userdata
is provided.
The password callback must write the password into the provided buffer
.Fa buf
which is of size
.Fa size .
The actual length of the password must be returned to the calling function.
.Fa rwflag
indicates whether the callback is used for reading/decryption
.Pq Fa rwflag No = 0
or writing/encryption
.Pq Fa rwflag No = 1 .
.Pp
When loading or storing private keys, a password might be supplied to protect
the private key.
The way this password can be supplied may depend on the application.
If only one private key is handled, it can be practical to have the

callback handle the password dialog interactively.
If several keys have to be handled, it can be practical to ask for the password
once, then keep it in memory and use it several times.
In the last case, the password could be stored into the
.Fa userdata


storage and the callback only returns the password already stored.
.Pp
When asking for the password interactively, the callback can use


.Fa rwflag
to check whether an item shall be encrypted
.Pq Fa rwflag No = 1 .
In this case the password dialog may ask for the same password twice for
comparison in order to catch typos which would make decryption impossible.
.Pp
Other items in PEM formatting (certificates) can also be encrypted; it is
however atypical, as certificate information is considered public.





.Sh EXAMPLES
The following example returns the password provided as
.Fa userdata
to the calling function.
The password is considered to be a
.Sq \e0
terminated string.
Changes to jni/libressl/man/SSL_CTX_set_generate_session_id.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15


16
17
18
19
20
21
22
23
24


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3
.Os
.Sh NAME
.Nm SSL_CTX_set_generate_session_id ,
.Nm SSL_set_generate_session_id ,
.Nm SSL_has_matching_session_id
.Nd manipulate generation of SSL session IDs (server only)
.Sh SYNOPSIS
.In openssl/ssl.h
.Bd -literal
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,


                               unsigned int *id_len);
.Ed
.Ft int
.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb"
.Ft int
.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB" "cb);"
.Ft int
.Fo SSL_has_matching_session_id
.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len"
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|









|
|
>
>
|
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
.\"	$OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.2 2016/11/30 18:07:12 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3
.Os
.Sh NAME
.Nm SSL_CTX_set_generate_session_id ,
.Nm SSL_set_generate_session_id ,
.Nm SSL_has_matching_session_id
.Nd manipulate generation of SSL session IDs (server only)
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft typedef int
.Fo (*GEN_SESSION_CB)
.Fa "const SSL *ssl"
.Fa "unsigned char *id"
.Fa "unsigned int *id_len"
.Fc
.Ft int
.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb"
.Ft int
.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB" "cb);"
.Ft int
.Fo SSL_has_matching_session_id
.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len"
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
checks, whether a session with id
.Fa id
(of length
.Fa id_len )
is already contained in the internal session cache
of the parent context of
.Fa ssl .
.Sh NOTES
When a new session is established between client and server,
the server generates a session id.
The session id is an arbitrary sequence of bytes.
The length of the session id is 16 bytes for SSLv2 sessions and between 1 and
32 bytes for SSLv3/TLSv1.
The session id is not security critical but must be unique for the server.
Additionally, the session id is transmitted in the clear when reusing the
session so it must not contain sensitive information.
.Pp
Without a callback being set, an OpenSSL server will generate a unique session
id from pseudo random numbers of the maximum possible length.
Using the callback function, the session id can be changed to contain







|



|
<







91
92
93
94
95
96
97
98
99
100
101
102

103
104
105
106
107
108
109
checks, whether a session with id
.Fa id
(of length
.Fa id_len )
is already contained in the internal session cache
of the parent context of
.Fa ssl .
.Pp
When a new session is established between client and server,
the server generates a session id.
The session id is an arbitrary sequence of bytes.
The length of the session id is between 1 and 32 bytes.

The session id is not security critical but must be unique for the server.
Additionally, the session id is transmitted in the clear when reusing the
session so it must not contain sensitive information.
.Pp
Without a callback being set, an OpenSSL server will generate a unique session
id from pseudo random numbers of the maximum possible length.
Using the callback function, the session id can be changed to contain
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
.Em must never
increase
.Fa id_len
or write to the location
.Fa id
exceeding the given limit.
.Pp
If a SSLv2 session id is generated and
.Fa id_len
is reduced, it will be restored after the callback has finished and the session
id will be padded with 0x00.
It is not recommended to change the
.Fa id_len
for SSLv2 sessions.
The callback can use the
.Xr SSL_get_version 3
function to check whether the session is of type SSLv2.
.Pp
The location
.Fa id
is filled with 0x00 before the callback is called,
so the callback may only fill part of the possible length and leave
.Fa id_len
untouched while maintaining reproducibility.
.Pp
Since the sessions must be distinguished, session ids must be unique.
Without the callback a random number is used,
so that the probability of generating the same session id is extremely small
(2^128 possible ids for an SSLv2 session, 2^256 for SSLv3/TLSv1).
In order to ensure the uniqueness of the generated session id,
the callback must call
.Fn SSL_has_matching_session_id
and generate another id if a conflict occurs.
If an id conflict is not resolved, the handshake will fail.
If the application codes, e.g., a unique host id, a unique process number, and
a unique sequence number into the session id, uniqueness could easily be







<
<
<
<
<
<
<
<
<
<
<










|







124
125
126
127
128
129
130











131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
.Em must never
increase
.Fa id_len
or write to the location
.Fa id
exceeding the given limit.
.Pp











The location
.Fa id
is filled with 0x00 before the callback is called,
so the callback may only fill part of the possible length and leave
.Fa id_len
untouched while maintaining reproducibility.
.Pp
Since the sessions must be distinguished, session ids must be unique.
Without the callback a random number is used,
so that the probability of generating the same session id is extremely small
(2^256 for TLSv1).
In order to ensure the uniqueness of the generated session id,
the callback must call
.Fn SSL_has_matching_session_id
and generate another id if a conflict occurs.
If an id conflict is not resolved, the handshake will fail.
If the application codes, e.g., a unique host id, a unique process number, and
a unique sequence number into the session id, uniqueness could easily be
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
If another thread is using the same internal session cache,
a race condition can occur in that another thread generates the same session id.
Collisions can also occur when using an external session cache,
since the external cache is not tested with
.Fn SSL_has_matching_session_id
and the same race condition applies.
.Pp
When calling
.Fn SSL_has_matching_session_id
for an SSLv2 session with reduced
.Fa id_len Ns  ,
the match operation will be performed using the fixed length required and with
a 0x00 padded id.
.Pp
The callback must return 0 if it cannot generate a session id for whatever
reason and return 1 on success.
.Sh RETURN VALUES
.Fn SSL_CTX_set_generate_session_id
and
.Fn SSL_set_generate_session_id
always return 1.







<
<
<
<
<
<
<







161
162
163
164
165
166
167







168
169
170
171
172
173
174
If another thread is using the same internal session cache,
a race condition can occur in that another thread generates the same session id.
Collisions can also occur when using an external session cache,
since the external cache is not tested with
.Fn SSL_has_matching_session_id
and the same race condition applies.
.Pp







The callback must return 0 if it cannot generate a session id for whatever
reason and return 1 on success.
.Sh RETURN VALUES
.Fn SSL_CTX_set_generate_session_id
and
.Fn SSL_set_generate_session_id
always return 1.
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

#define MAX_SESSION_ID_ATTEMPTS 10
static int
generate_session_id(const SSL *ssl, unsigned char *id,
    unsigned int *id_len)
{
	unsigned int count = 0;
	const char *version;

	version = SSL_get_version(ssl);
	if (!strcmp(version, "SSLv2")) {
		/* we must not change id_len */
		;
	}

	do {
		RAND_pseudo_bytes(id, *id_len);
		/*
		 * Prefix the session_id with the required prefix. NB: If
		 * our prefix is too long, clip it \(en but there will be
		 * worse effects anyway, e.g., the server could only







<
<
<
<
<
<
<







183
184
185
186
187
188
189







190
191
192
193
194
195
196

#define MAX_SESSION_ID_ATTEMPTS 10
static int
generate_session_id(const SSL *ssl, unsigned char *id,
    unsigned int *id_len)
{
	unsigned int count = 0;








	do {
		RAND_pseudo_bytes(id, *id_len);
		/*
		 * Prefix the session_id with the required prefix. NB: If
		 * our prefix is too long, clip it \(en but there will be
		 * worse effects anyway, e.g., the server could only
Changes to jni/libressl/man/SSL_CTX_set_info_callback.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16



17
18




19
20



21
22




23
24
25
26
27
28
29


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_INFO_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_info_callback ,
.Nm SSL_CTX_get_info_callback ,
.Nm SSL_set_info_callback ,
.Nm SSL_get_info_callback
.Nd handle information callback for SSL connections
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_CTX_set_info_callback "SSL_CTX *ctx" "void (*callback)()"



.Ft void
.Fn "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"




.Ft void
.Fn SSL_set_info_callback "SSL *ssl" "void (*callback)()"



.Ft void
.Fn "(*SSL_get_info_callback(const SSL *ssl))"




.Sh DESCRIPTION
.Fn SSL_CTX_set_info_callback
sets the
.Fa callback
function that can be used to obtain state information for SSL objects created
from
.Fa ctx
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|











|
>
>
>

|
>
>
>
>

|
>
>
>

|
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.\"	$OpenBSD: SSL_CTX_set_info_callback.3,v 1.2 2016/11/30 18:29:14 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_CTX_SET_INFO_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_info_callback ,
.Nm SSL_CTX_get_info_callback ,
.Nm SSL_set_info_callback ,
.Nm SSL_get_info_callback
.Nd handle information callback for SSL connections
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_CTX_set_info_callback
.Fa "SSL_CTX *ctx"
.Fa "void (*callback)(const SSL *ssl, int where, int ret)"
.Fc
.Ft void
.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
.Fa "const SSL *ssl"
.Fa "int where"
.Fa "int ret"
.Fc
.Ft void
.Fo SSL_set_info_callback
.Fa "SSL *ssl"
.Fa "void (*callback)(const SSL *ssl, int where, int ret)"
.Fc
.Ft void
.Fo "(*SSL_get_info_callback(const SSL *ssl))"
.Fa "const SSL *ssl"
.Fa "int where"
.Fa "int ret"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_set_info_callback
sets the
.Fa callback
function that can be used to obtain state information for SSL objects created
from
.Fa ctx
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.Fn SSL_CTX_get_info_callback
returns a pointer to the currently set information callback function for
.Fa ctx .
.Pp
.Fn SSL_get_info_callback
returns a pointer to the currently set information callback function for
.Fa ssl .
.Sh NOTES
When setting up a connection and during use,
it is possible to obtain state information from the SSL/TLS engine.
When set, an information callback function is called whenever the state changes,
an alert appears, or an error occurs.
.Pp
The callback function is called as
.Fn callback "SSL *ssl" "int where" "int ret" .







|







116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
.Fn SSL_CTX_get_info_callback
returns a pointer to the currently set information callback function for
.Fa ctx .
.Pp
.Fn SSL_get_info_callback
returns a pointer to the currently set information callback function for
.Fa ssl .
.Pp
When setting up a connection and during use,
it is possible to obtain state information from the SSL/TLS engine.
When set, an information callback function is called whenever the state changes,
an alert appears, or an error occurs.
.Pp
The callback function is called as
.Fn callback "SSL *ssl" "int where" "int ret" .
112
113
114
115
116
117
118
119
120
121
122
123


124
125
126
127
128
129
130
.Pp
The
.Fa ret
information can be evaluated using the
.Xr SSL_alert_type_string 3
family of functions.
.Sh RETURN VALUES
.Fn SSL_set_info_callback
does not provide diagnostic information.
.Pp
.Fn SSL_get_info_callback
returns the current setting.


.Sh EXAMPLES
The following example callback function prints state strings,
information about alerts being handled and error messages to the
.Va bio_err
.Vt BIO .
.Bd -literal
void







|
|
<

|
>
>







173
174
175
176
177
178
179
180
181

182
183
184
185
186
187
188
189
190
191
192
.Pp
The
.Fa ret
information can be evaluated using the
.Xr SSL_alert_type_string 3
family of functions.
.Sh RETURN VALUES
.Fn SSL_CTX_get_info_callback
and

.Fn SSL_get_info_callback
return a pointer to the current callback or
.Dv NULL
if none is set.
.Sh EXAMPLES
The following example callback function prints state strings,
information about alerts being handled and error messages to the
.Va bio_err
.Vt BIO .
.Bd -literal
void
Changes to jni/libressl/man/SSL_CTX_set_max_cert_list.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_SET_MAX_CERT_LIST 3
.Os
.Sh NAME
.Nm SSL_CTX_set_max_cert_list ,
.Nm SSL_CTX_get_max_cert_list ,
.Nm SSL_set_max_cert_list ,
.Nm SSL_get_max_cert_list
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.2 2016/12/01 15:26:11 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_MAX_CERT_LIST 3
.Os
.Sh NAME
.Nm SSL_CTX_set_max_cert_list ,
.Nm SSL_CTX_get_max_cert_list ,
.Nm SSL_set_max_cert_list ,
.Nm SSL_get_max_cert_list
Changes to jni/libressl/man/SSL_CTX_set_mode.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_MODE 3
.Os
.Sh NAME
.Nm SSL_CTX_set_mode ,
.Nm SSL_set_mode ,
.Nm SSL_CTX_get_mode ,
.Nm SSL_get_mode
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CTX_set_mode.3,v 1.2 2016/12/01 15:30:23 schwarze Exp $
.\"	OpenSSL 8671b898 Jun 3 02:48:34 2008 +0000
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
.\" Ben Laurie <ben@openssl.org>.
.\" Copyright (c) 2001, 2008 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_MODE 3
.Os
.Sh NAME
.Nm SSL_CTX_set_mode ,
.Nm SSL_set_mode ,
.Nm SSL_CTX_get_mode ,
.Nm SSL_get_mode
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
.Dv SSL_MODE_AUTO_RETRY
will cause read/write operations to only return after the handshake and
successful completion.
.It Dv SSL_MODE_RELEASE_BUFFERS
When we no longer need a read buffer or a write buffer for a given
.Vt SSL ,
then release the memory we were using to hold it.
Released memory is either appended to a list of unused RAM chunks on the
.Vt SSL_CTX ,
or simply freed if the list of unused chunks would become longer than
.Va "SSL_CTX->freelist_max_len" ,
which defaults to 32.
Using this flag can save around 34k per idle SSL connection.
This flag has no effect on SSL v2 connections, or on DTLS connections.
.El
.Sh RETURN VALUES
.Fn SSL_CTX_set_mode
and
.Fn SSL_set_mode







<
<
<
<
<







142
143
144
145
146
147
148





149
150
151
152
153
154
155
.Dv SSL_MODE_AUTO_RETRY
will cause read/write operations to only return after the handshake and
successful completion.
.It Dv SSL_MODE_RELEASE_BUFFERS
When we no longer need a read buffer or a write buffer for a given
.Vt SSL ,
then release the memory we were using to hold it.





Using this flag can save around 34k per idle SSL connection.
This flag has no effect on SSL v2 connections, or on DTLS connections.
.El
.Sh RETURN VALUES
.Fn SSL_CTX_set_mode
and
.Fn SSL_set_mode
Changes to jni/libressl/man/SSL_CTX_set_msg_callback.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_set_msg_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_SET_MSG_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_msg_callback ,
.Nm SSL_CTX_set_msg_callback_arg ,
.Nm SSL_set_msg_callback ,
.Nm SSL_set_msg_callback_arg
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_msg_callback.3,v 1.2 2016/12/01 15:26:11 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Bodo Moeller <bodo@openssl.org>.
.\" Copyright (c) 2001, 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_MSG_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_msg_callback ,
.Nm SSL_CTX_set_msg_callback_arg ,
.Nm SSL_set_msg_callback ,
.Nm SSL_set_msg_callback_arg
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
object that received or sent the message.
.It Fa arg
The user-defined argument optionally defined by
.Fn SSL_CTX_set_msg_callback_arg
or
.Fn SSL_set_msg_callback_arg .
.El
.Sh NOTES
Protocol messages are passed to the callback function after decryption
and fragment collection where applicable.
(Thus record boundaries are not visible.)
.Pp
If processing a received protocol message results in an error,
the callback function may not be called.
For example, the callback function will never see messages that are considered







|







149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
object that received or sent the message.
.It Fa arg
The user-defined argument optionally defined by
.Fn SSL_CTX_set_msg_callback_arg
or
.Fn SSL_set_msg_callback_arg .
.El
.Pp
Protocol messages are passed to the callback function after decryption
and fragment collection where applicable.
(Thus record boundaries are not visible.)
.Pp
If processing a received protocol message results in an error,
the callback function may not be called.
For example, the callback function will never see messages that are considered
Changes to jni/libressl/man/SSL_CTX_set_options.3.


1
2





3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.9 2015/07/18 01:42:26 doug Exp $





.\"












































.Dd $Mdocdate: July 18 2015 $
.Dt SSL_CTX_SET_OPTIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_set_options ,
.Nm SSL_set_options ,
.Nm SSL_CTX_clear_options ,
.Nm SSL_clear_options ,
>
>

<
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.2 2016/12/01 15:40:14 schwarze Exp $
.\"	OpenSSL 361a1191 Dec 6 17:56:41 2015 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
.\" Bodo Moeller <bodo@openssl.org>, and
.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2001-2003, 2005, 2007, 2009, 2010, 2013-2015
.\" The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_OPTIONS 3
.Os
.Sh NAME
.Nm SSL_CTX_set_options ,
.Nm SSL_set_options ,
.Nm SSL_CTX_clear_options ,
.Nm SSL_clear_options ,
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
.Ft long
.Fn SSL_CTX_get_options "SSL_CTX *ctx"
.Ft long
.Fn SSL_get_options "SSL *ssl"
.Ft long
.Fn SSL_get_secure_renegotiation_support "SSL *ssl"
.Sh DESCRIPTION
Note: all these functions are implemented using macros.
.Pp
.Fn SSL_CTX_set_options
adds the options set via bitmask in
.Fa options
to
.Fa ctx .
Options already set before are not cleared!
.Pp







<
<







76
77
78
79
80
81
82


83
84
85
86
87
88
89
.Ft long
.Fn SSL_CTX_get_options "SSL_CTX *ctx"
.Ft long
.Fn SSL_get_options "SSL *ssl"
.Ft long
.Fn SSL_get_secure_renegotiation_support "SSL *ssl"
.Sh DESCRIPTION


.Fn SSL_CTX_set_options
adds the options set via bitmask in
.Fa options
to
.Fa ctx .
Options already set before are not cleared!
.Pp
64
65
66
67
68
69
70
71


72
73
74
75
76
77
78
.Pp
.Fn SSL_get_options
returns the options set for
.Fa ssl .
.Pp
.Fn SSL_get_secure_renegotiation_support
indicates whether the peer supports secure renegotiation.
.Sh NOTES


The behaviour of the SSL library can be changed by setting several options.
The options are coded as bitmasks and can be combined by a bitwise OR
operation (|).
.Pp
.Fn SSL_CTX_set_options
and
.Fn SSL_set_options







|
>
>







112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
.Pp
.Fn SSL_get_options
returns the options set for
.Fa ssl .
.Pp
.Fn SSL_get_secure_renegotiation_support
indicates whether the peer supports secure renegotiation.
.Pp
All these functions are implemented using macros.
.Pp
The behaviour of the SSL library can be changed by setting several options.
The options are coded as bitmasks and can be combined by a bitwise OR
operation (|).
.Pp
.Fn SSL_CTX_set_options
and
.Fn SSL_set_options
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
.Fn SSL_clear
does not affect the settings.
.Pp
The following
.Em bug workaround
options are available:
.Bl -tag -width Ds
.It Dv SSL_OP_MICROSOFT_SESS_ID_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
.It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_TLS_D5_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability
affecting CBC ciphers, which cannot be handled by some broken SSL
implementations.
This option has no effect for connections using other ciphers.
.It Dv SSL_OP_TLSEXT_PADDING
Adds a padding extension to ensure the ClientHello size is never between 256
and 511 bytes in length.
This is needed as a workaround for some implementations.







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|







145
146
147
148
149
150
151


































152
153
154
155
156
157
158
159
160
.Fn SSL_clear
does not affect the settings.
.Pp
The following
.Em bug workaround
options are available:
.Bl -tag -width Ds


































.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Disables a countermeasure against a TLS 1.0 protocol vulnerability
affecting CBC ciphers, which cannot be handled by some broken SSL
implementations.
This option has no effect for connections using other ciphers.
.It Dv SSL_OP_TLSEXT_PADDING
Adds a padding extension to ensure the ClientHello size is never between 256
and 511 bytes in length.
This is needed as a workaround for some implementations.
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248





















249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
about acceptable SSL/TLS protocol levels as during the first hello.
Some clients violate this rule by adapting to the server's answer.
(Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1,
the server only understands up to SSLv3.
In this case the client must still use the same SSLv3.1=TLSv1 announcement.
Some clients step down to SSLv3 with respect to the server's answer and violate
the version rollback protection.)
.It Dv SSL_OP_SINGLE_DH_USE
Always create a new key when using temporary/ephemeral DH parameters
(see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
This option must be used to prevent small subgroup attacks, when the DH
parameters were not generated using
.Dq strong
primes (e.g., when using DSA-parameters, see
.Xr openssl 1 ) .
If
.Dq strong
primes were used, it is not strictly necessary to generate a new DH key during
each handshake but it is also recommended.
.Dv SSL_OP_SINGLE_DH_USE
should therefore be enabled whenever temporary/ephemeral DH parameters are used.
.It SSL_OP_EPHEMERAL_RSA
Always use ephemeral (temporary) RSA key when doing RSA operations (see
.Xr SSL_CTX_set_tmp_rsa_callback 3 ) .
According to the specifications, this is only done when a RSA key can only be
used for signature operations (namely under export ciphers with restricted RSA
keylength).
By setting this option, ephemeral RSA keys are always used.
This option breaks compatibility with the SSL/TLS specifications and may lead
to interoperability problems with clients and should therefore never be used.
Ciphers with EDH (ephemeral Diffie-Hellman) key exchange should be used instead.
.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE
When choosing a cipher, use the server's preferences instead of the client
preferences.
When not set, the SSL server will always follow the client's preferences.
When set, the SSLv3/TLSv1 server will choose following its own preferences.
Because of the different protocol, for SSLv2 the server will send its list of
preferences to the client and the client chooses.
.It Dv SSL_OP_NETSCAPE_CA_DN_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
As of
.Ox 5.8 ,
this option has no effect.
.It Dv SSL_OP_NO_SSLv2
As of
.Ox 5.6 ,
this option has no effect as SSLv2 support has been removed.
In previous versions it disabled use of the SSLv2 protocol.
.It Dv SSL_OP_NO_SSLv3
Do not use the SSLv3 protocol.
.It Dv SSL_OP_NO_TLSv1
Do not use the TLSv1.0 protocol.
.It Dv SSL_OP_NO_TLSv1_1
Do not use the TLSv1.1 protocol.
.It Dv SSL_OP_NO_TLSv1_2
Do not use the TLSv1.2 protocol.
.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
When performing renegotiation as a server, always start a new session (i.e.,
session resumption requests are only accepted in the initial handshake).
This option is not needed for clients.
.It Dv SSL_OP_NO_TICKET
Normally clients and servers will, where possible, transparently make use of
RFC4507bis tickets for stateless session resumption.
.Pp
If this option is set this functionality is disabled and tickets will not be
used by clients or servers.
.It Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
As of
.Ox 5.6 ,
this option has no effect.
In previous versions it allowed legacy insecure renegotiation between OpenSSL
and unpatched clients or servers.
See the
.Sx SECURE RENEGOTIATION
section for more details.
.It Dv SSL_OP_LEGACY_SERVER_CONNECT
Allow legacy insecure renegotiation between OpenSSL and unpatched servers
.Em only :
this option is currently set by default.
See the
.Sx SECURE RENEGOTIATION
section for more details.
.El





















.Sh SECURE RENEGOTIATION
OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
described in RFC5746.
This counters the prefix attack described in CVE-2009-3555 and elsewhere.
.Pp
The deprecated and highly broken SSLv2 protocol does not support renegotiation
at all; its use is
.Em strongly
discouraged.
.Pp
This attack has far-reaching consequences which application writers should be
aware of.
In the description below an implementation supporting secure renegotiation is
referred to as
.Dq patched .
A server not supporting secure
renegotiation is referred to as
.Dq unpatched .
.Pp
The following sections describe the operations permitted by OpenSSL's secure
renegotiation implementation.
.Ss Patched client and server
Connections and renegotiation are always permitted by OpenSSL implementations.
.Ss Unpatched client and patched OpenSSL server
The initial connection succeeds but client renegotiation is denied by the
server with a
.Em no_renegotiation
warning alert if TLS v1.0 is used or a fatal
.Em handshake_failure
alert in SSL v3.0.
.Pp
If the patched OpenSSL server attempts to renegotiate a fatal
.Em handshake_failure
alert is sent.
This is because the server code may be unaware of the unpatched nature of the
client.
.Pp







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















<
<
<
<
<
<
<
<
<








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





<
<
<
<
<

















|
<
<







178
179
180
181
182
183
184

























185
186
187
188
189

















190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205









206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239





240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257


258
259
260
261
262
263
264
about acceptable SSL/TLS protocol levels as during the first hello.
Some clients violate this rule by adapting to the server's answer.
(Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1,
the server only understands up to SSLv3.
In this case the client must still use the same SSLv3.1=TLSv1 announcement.
Some clients step down to SSLv3 with respect to the server's answer and violate
the version rollback protection.)

























.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE
When choosing a cipher, use the server's preferences instead of the client
preferences.
When not set, the server will always follow the client's preferences.
When set, the server will choose following its own preferences.

















.It Dv SSL_OP_NO_TLSv1
Do not use the TLSv1.0 protocol.
.It Dv SSL_OP_NO_TLSv1_1
Do not use the TLSv1.1 protocol.
.It Dv SSL_OP_NO_TLSv1_2
Do not use the TLSv1.2 protocol.
.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
When performing renegotiation as a server, always start a new session (i.e.,
session resumption requests are only accepted in the initial handshake).
This option is not needed for clients.
.It Dv SSL_OP_NO_TICKET
Normally clients and servers will, where possible, transparently make use of
RFC4507bis tickets for stateless session resumption.
.Pp
If this option is set this functionality is disabled and tickets will not be
used by clients or servers.









.It Dv SSL_OP_LEGACY_SERVER_CONNECT
Allow legacy insecure renegotiation between OpenSSL and unpatched servers
.Em only :
this option is currently set by default.
See the
.Sx SECURE RENEGOTIATION
section for more details.
.El
.Pp
The following options used to be supported at some point in the past
and no longer have any effect:
.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ,
.Dv SSL_OP_EPHEMERAL_RSA ,
.Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER ,
.Dv SSL_OP_MICROSOFT_SESS_ID_BUG ,
.Dv SSL_OP_NETSCAPE_CA_DN_BUG ,
.Dv SSL_OP_NETSCAPE_CHALLENGE_BUG ,
.Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG ,
.Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG ,
.Dv SSL_OP_NO_SSLv2 ,
.Dv SSL_OP_NO_SSLv3 ,
.Dv SSL_OP_PKCS1_CHECK_1 ,
.Dv SSL_OP_PKCS1_CHECK_2 ,
.Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG ,
.Dv SSL_OP_SINGLE_DH_USE ,
.Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG ,
.Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ,
.Dv SSL_OP_TLS_BLOCK_PADDING_BUG ,
.Dv SSL_OP_TLS_D5_BUG .
.Sh SECURE RENEGOTIATION
OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
described in RFC5746.
This counters the prefix attack described in CVE-2009-3555 and elsewhere.
.Pp





This attack has far-reaching consequences which application writers should be
aware of.
In the description below an implementation supporting secure renegotiation is
referred to as
.Dq patched .
A server not supporting secure
renegotiation is referred to as
.Dq unpatched .
.Pp
The following sections describe the operations permitted by OpenSSL's secure
renegotiation implementation.
.Ss Patched client and server
Connections and renegotiation are always permitted by OpenSSL implementations.
.Ss Unpatched client and patched OpenSSL server
The initial connection succeeds but client renegotiation is denied by the
server with a
.Em no_renegotiation
warning alert.


.Pp
If the patched OpenSSL server attempts to renegotiate a fatal
.Em handshake_failure
alert is sent.
This is because the server code may be unaware of the unpatched nature of the
client.
.Pp
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
will
.Em not
be set by default in a future version of OpenSSL.
.Pp
OpenSSL client applications wishing to ensure they can connect to unpatched
servers should always
.Em set
.Dv SSL_OP_LEGACY_SERVER_CONNECT
.Pp
OpenSSL client applications that want to ensure they can
.Em not
connect to unpatched servers (and thus avoid any security issues) should always
.Em clear
.Dv SSL_OP_LEGACY_SERVER_CONNECT
using







|







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
will
.Em not
be set by default in a future version of OpenSSL.
.Pp
OpenSSL client applications wishing to ensure they can connect to unpatched
servers should always
.Em set
.Dv SSL_OP_LEGACY_SERVER_CONNECT .
.Pp
OpenSSL client applications that want to ensure they can
.Em not
connect to unpatched servers (and thus avoid any security issues) should always
.Em clear
.Dv SSL_OP_LEGACY_SERVER_CONNECT
using
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
.Pp
.Fn SSL_get_secure_renegotiation_support
returns 1 is the peer supports secure renegotiation and 0 if it does not.
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_CTX_set_tmp_dh_callback 3 ,
.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
.Xr SSL_new 3
.Sh HISTORY
.Dv SSL_OP_CIPHER_SERVER_PREFERENCE
and
.Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
have been added in
OpenSSL 0.9.7.
.Pp
.Dv SSL_OP_TLS_ROLLBACK_BUG
has been added in OpenSSL 0.9.6 and was automatically enabled with
.Dv SSL_OP_ALL .
As of 0.9.7, it is no longer included in
.Dv SSL_OP_ALL
and must be explicitly set.
.Pp
.Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
has been added in OpenSSL 0.9.6e.
Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be
disabled with this option (in OpenSSL 0.9.6d, it was always enabled).
.Pp
.Fn SSL_CTX_clear_options
and
.Fn SSL_clear_options
were first added in OpenSSL 0.9.8m.
.Pp
.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ,
.Dv SSL_OP_LEGACY_SERVER_CONNECT
and the function
.Fn SSL_get_secure_renegotiation_support
were first added in OpenSSL 0.9.8m.
.Pp
.Dv SSL_OP_NO_SSLv2
and
.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
were changed to have no effect in
.Ox 5.6 .







<
<


<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




<
<
<
<
<
<
<
<
<
<
<
<
330
331
332
333
334
335
336


337
338


















339
340
341
342












.Pp
.Fn SSL_get_secure_renegotiation_support
returns 1 is the peer supports secure renegotiation and 0 if it does not.
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,
.Xr SSL_clear 3 ,


.Xr SSL_new 3
.Sh HISTORY


















.Fn SSL_CTX_clear_options
and
.Fn SSL_clear_options
were first added in OpenSSL 0.9.8m.












Deleted jni/libressl/man/SSL_CTX_set_psk_client_callback.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.\"
.\"	$OpenBSD$
.\"
.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_PSK_CLIENT_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_psk_client_callback ,
.Nm SSL_set_psk_client_callback
.Nd set PSK client callback
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_CTX_set_psk_client_callback
.Fa "SSL_CTX *ctx"
.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
.Fc
.Ft void
.Fo SSL_set_psk_client_callback
.Fa "SSL *ssl"
.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
.Fc
.Sh DESCRIPTION
A client application must provide a callback function which is called
when the client is sending the ClientKeyExchange message to the server.
.Pp
The purpose of the callback function is to select the PSK identity and
the pre-shared key to use during the connection setup phase.
.Pp
The callback is set using functions
.Fn SSL_CTX_set_psk_client_callback
or
.Fn SSL_set_psk_client_callback .
The callback function is given the connection in parameter
.Fa ssl ,
a
.Dv NULL Ns
-terminated PSK identity hint sent by the server in parameter
.Fa hint ,
a buffer
.Fa identity
of length
.Fa max_identity_len
bytes where the resulting
.Dv NULL Ns
-terminated identity is to be stored, and a buffer
.Fa psk
of
length
.Fa max_psk_len
bytes where the resulting pre-shared key is to be stored.
.Sh NOTES
Note that parameter
.Fa hint
given to the callback may be
.Dv NULL .
.Sh RETURN VALUES
Return values from the client callback are interpreted as follows:
.Pp
On success (callback found a PSK identity and a pre-shared key to use)
the length (> 0) of
.Fa psk
in bytes is returned.
.Pp
Otherwise or on errors callback should return 0.
In this case the connection setup fails.
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








































































































































Changes to jni/libressl/man/SSL_CTX_set_quiet_shutdown.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: November 30 2014 $
.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3
.Os
.Sh NAME
.Nm SSL_CTX_set_quiet_shutdown ,
.Nm SSL_CTX_get_quiet_shutdown ,
.Nm SSL_set_quiet_shutdown ,
.Nm SSL_get_quiet_shutdown
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.2 2016/12/01 16:46:59 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3
.Os
.Sh NAME
.Nm SSL_CTX_set_quiet_shutdown ,
.Nm SSL_CTX_get_quiet_shutdown ,
.Nm SSL_set_quiet_shutdown ,
.Nm SSL_get_quiet_shutdown
Added jni/libressl/man/SSL_CTX_set_read_ahead.3.






































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
.\"	$OpenBSD: SSL_CTX_set_read_ahead.3,v 1.1 2016/12/01 16:48:36 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_READ_AHEAD 3
.Os
.Sh NAME
.Nm SSL_CTX_set_read_ahead ,
.Nm SSL_CTX_get_read_ahead ,
.Nm SSL_set_read_ahead ,
.Nm SSL_get_read_ahead ,
.Nm SSL_CTX_get_default_read_ahead
.Nd manage whether to read as many input bytes as possible
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_CTX_set_read_ahead
.Fa "SSL_CTX *ctx"
.Fa "int yes"
.Fc
.Ft long
.Fo SSL_CTX_get_read_ahead
.Fa "SSL_CTX *ctx"
.Fc
.Ft void
.Fo SSL_set_read_ahead
.Fa "SSL *s"
.Fa "int yes"
.Fc
.Ft long
.Fo SSL_get_read_ahead
.Fa "const SSL *s"
.Fc
.Ft long
.Fo SSL_CTX_get_default_read_ahead
.Fa "SSL_CTX *ctx"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_set_read_ahead
and
.Fn SSL_set_read_ahead
set whether as many input bytes as possible are read for non-blocking
reads.
For example if
.Ar x
bytes are currently required by OpenSSL, but
.Ar y
bytes are available from the underlying BIO (where
.Ar y No > Ar x ) ,
then OpenSSL will read all
.Ar y
bytes into its buffer (provided that the buffer is large enough) if
reading ahead is on, or
.Ar x
bytes otherwise.
The parameter
.Fa yes
should be 0 to ensure reading ahead is off, or non zero otherwise.
.Pp
.Fn SSL_CTX_get_read_ahead
and
.Fn SSL_get_read_ahead
indicate whether reading ahead is set or not.
.Pp
.Fn SSL_CTX_get_default_read_ahead
is identical to
.Fn SSL_CTX_get_read_ahead .
.Pp
These functions are implemented as macros.
.Pp
These functions have no effect when used with DTLS.
.Sh RETURN VALUES
.Fn SSL_CTX_get_read_ahead
and
.Fn SSL_get_read_ahead
return 0 if reading ahead is off or non-zero otherwise,
except that the return values are undefined for DTLS.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_pending 3
.Sh CAVEATS
Switching read ahead on can impact the behaviour of the
.Xr SSL_pending 3
function.
Changes to jni/libressl/man/SSL_CTX_set_session_cache_mode.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3
.Os
.Sh NAME
.Nm SSL_CTX_set_session_cache_mode ,
.Nm SSL_CTX_get_session_cache_mode
.Nd enable/disable session caching
.Sh SYNOPSIS
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.3 2016/12/29 14:03:55 schwarze Exp $
.\"	OpenSSL 67adf0a7 Dec 25 19:58:38 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
.\" Geoff Thorpe <geoff@openssl.org>.
.\" Copyright (c) 2001, 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 29 2016 $
.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3
.Os
.Sh NAME
.Nm SSL_CTX_set_session_cache_mode ,
.Nm SSL_CTX_get_session_cache_mode
.Nd enable/disable session caching
.Sh SYNOPSIS
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
enables/disables session caching by setting the operational mode for
.Ar ctx
to
.Ar mode .
.Pp
.Fn SSL_CTX_get_session_cache_mode
returns the currently used cache mode.
.Sh NOTES
The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
The sessions can be held in memory for each
.Fa ctx ,
if more than one
.Vt SSL_CTX
object is being maintained, the sessions are unique for each
.Vt SSL_CTX
object.
.Pp
In order to reuse a session, a client must send the session's id to the server.
It can only send exactly one id.
The server then either agrees to reuse the session or it starts a full
handshake (to create a new session).
.Pp
A server will lookup up the session in its internal session storage.
If the session is not found in internal storage or lookups for the internal
storage have been deactivated
.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ,
the server will try the external storage if available.
.Pp
Since a client may try to reuse a session intended for use in a different
context, the session id context must be set by the server (see







|














|







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
enables/disables session caching by setting the operational mode for
.Ar ctx
to
.Ar mode .
.Pp
.Fn SSL_CTX_get_session_cache_mode
returns the currently used cache mode.
.Pp
The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
The sessions can be held in memory for each
.Fa ctx ,
if more than one
.Vt SSL_CTX
object is being maintained, the sessions are unique for each
.Vt SSL_CTX
object.
.Pp
In order to reuse a session, a client must send the session's id to the server.
It can only send exactly one id.
The server then either agrees to reuse the session or it starts a full
handshake (to create a new session).
.Pp
A server will look up the session in its internal session storage.
If the session is not found in internal storage or lookups for the internal
storage have been deactivated
.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ,
the server will try the external storage if available.
.Pp
Since a client may try to reuse a session intended for use in a different
context, the session id context must be set by the server (see
Changes to jni/libressl/man/SSL_CTX_set_session_id_context.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_set_session_id_context.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
.Os
.Sh NAME
.Nm SSL_CTX_set_session_id_context ,
.Nm SSL_set_session_id_context
.Nd set context within which session can be reused (server side only)
.Sh SYNOPSIS
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_session_id_context.3,v 1.2 2016/12/01 19:50:12 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2004 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
.Os
.Sh NAME
.Nm SSL_CTX_set_session_id_context ,
.Nm SSL_set_session_id_context
.Nd set context within which session can be reused (server side only)
.Sh SYNOPSIS
Changes to jni/libressl/man/SSL_CTX_set_ssl_version.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_SSL_VERSION 3
.Os
.Sh NAME
.Nm SSL_CTX_set_ssl_version ,
.Nm SSL_set_ssl_method ,
.Nm SSL_get_ssl_method
.Nd choose a new TLS/SSL method
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_ssl_version.3,v 1.2 2016/12/01 19:50:12 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_SSL_VERSION 3
.Os
.Sh NAME
.Nm SSL_CTX_set_ssl_version ,
.Nm SSL_set_ssl_method ,
.Nm SSL_get_ssl_method
.Nd choose a new TLS/SSL method
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
It may be reset when
.Xr SSL_clear 3
is called.
.Pp
.Fn SSL_get_ssl_method
returns a function pointer to the TLS/SSL method set in
.Fa ssl .
.Sh NOTES
The available
.Fa method
choices are described in
.Xr SSL_CTX_new 3 .
.Pp
When
.Xr SSL_clear 3







|







89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
It may be reset when
.Xr SSL_clear 3
is called.
.Pp
.Fn SSL_get_ssl_method
returns a function pointer to the TLS/SSL method set in
.Fa ssl .
.Pp
The available
.Fa method
choices are described in
.Xr SSL_CTX_new 3 .
.Pp
When
.Xr SSL_clear 3
Changes to jni/libressl/man/SSL_CTX_set_timeout.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_TIMEOUT 3
.Os
.Sh NAME
.Nm SSL_CTX_set_timeout ,
.Nm SSL_CTX_get_timeout
.Nd manipulate timeout values for session caching
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_timeout.3,v 1.2 2016/12/01 19:50:12 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_TIMEOUT 3
.Os
.Sh NAME
.Nm SSL_CTX_set_timeout ,
.Nm SSL_CTX_get_timeout
.Nd manipulate timeout values for session caching
.Sh SYNOPSIS
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
The timeout value
.Fa t
must be given in seconds.
.Pp
.Fn SSL_CTX_get_timeout
returns the currently set timeout value for
.Fa ctx .
.Sh NOTES
Whenever a new session is created, it is assigned a maximum lifetime.
This lifetime is specified by storing the creation time of the session and the
timeout value valid at this time.
If the actual time is later than creation time plus timeout,
the session is not reused.
.Pp
Due to this realization, all sessions behave according to the timeout value







|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
The timeout value
.Fa t
must be given in seconds.
.Pp
.Fn SSL_CTX_get_timeout
returns the currently set timeout value for
.Fa ctx .
.Pp
Whenever a new session is created, it is assigned a maximum lifetime.
This lifetime is specified by storing the creation time of the session and the
timeout value valid at this time.
If the actual time is later than creation time plus timeout,
the session is not reused.
.Pp
Due to this realization, all sessions behave according to the timeout value
Added jni/libressl/man/SSL_CTX_set_tlsext_status_cb.3.












































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
.\"	$OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.1 2016/12/01 21:12:49 schwarze Exp $
.\"	OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_tlsext_status_cb ,
.Nm SSL_CTX_set_tlsext_status_arg ,
.Nm SSL_set_tlsext_status_type ,
.Nm SSL_get_tlsext_status_ocsp_resp ,
.Nm SSL_set_tlsext_status_ocsp_resp
.Nd OCSP Certificate Status Request functions
.Sh SYNOPSIS
.In openssl/tls1.h
.Ft long
.Fo SSL_CTX_set_tlsext_status_cb
.Fa "SSL_CTX *ctx"
.Fa "int (*callback)(SSL *, void *)"
.Fc
.Ft long
.Fo SSL_CTX_set_tlsext_status_arg
.Fa "SSL_CTX *ctx"
.Fa "void *arg"
.Fc
.Ft long
.Fo SSL_set_tlsext_status_type
.Fa "SSL *s"
.Fa "int type"
.Fc
.Ft long
.Fo SSL_get_tlsext_status_ocsp_resp
.Fa ssl
.Fa "unsigned char **resp"
.Fc
.Ft long
.Fo SSL_set_tlsext_status_ocsp_resp
.Fa ssl
.Fa "unsigned char *resp"
.Fa "int len"
.Fc
.Sh DESCRIPTION
A client application may request that a server send back an OCSP status
response (also known as OCSP stapling).
To do so the client should call the
.Fn SSL_set_tlsext_status_type
function on an individual
.Vt SSL
object prior to the start of the handshake.
Currently the only supported type is
.Dv TLSEXT_STATUSTYPE_ocsp .
This value should be passed in the
.Fa type
argument.
.Pp
The client should additionally provide a callback function to decide
what to do with the returned OCSP response by calling
.Fn SSL_CTX_set_tlsext_status_cb .
The callback function should determine whether the returned OCSP
response is acceptable or not.
The callback will be passed as an argument the value previously set via
a call to
.Fn SSL_CTX_set_tlsext_status_arg .
Note that the callback will not be called in the event of a handshake
where session resumption occurs (because there are no Certificates
exchanged in such a handshake).
.Pp
The response returned by the server can be obtained via a call to
.Fn SSL_get_tlsext_status_ocsp_resp .
The value
.Pf * Fa resp
will be updated to point to the OCSP response data and the return value
will be the length of that data.
If the server has not provided any response data, then
.Pf * Fa resp
will be
.Dv NULL
and the return value from
.Fn SSL_get_tlsext_status_ocsp_resp
will be -1.
.Pp
A server application must also call the
.Fn SSL_CTX_set_tlsext_status_cb
function if it wants to be able to provide clients with OCSP Certificate
Status responses.
Typically the server callback would obtain the server certificate that
is being sent back to the client via a call to
.Xr SSL_get_certificate 3 ,
obtain the OCSP response to be sent back, and then set that response
data by calling
.Fn SSL_set_tlsext_status_ocsp_resp .
A pointer to the response data should be provided in the
.Fa resp
argument, and the length of that data should be in the
.Fa len
argument.
.Sh RETURN VALUES
The callback when used on the client side should return a negative
value on error, 0 if the response is not acceptable (in which case
the handshake will fail), or a positive value if it is acceptable.
.Pp
The callback when used on the server side should return with either
.Dv SSL_TLSEXT_ERR_OK
(meaning that the OCSP response that has been set should be returned),
.Dv SSL_TLSEXT_ERR_NOACK
(meaning that an OCSP response should not be returned), or
.Dv SSL_TLSEXT_ERR_ALERT_FATAL
(meaning that a fatal error has occurred).
.Pp
.Fn SSL_CTX_set_tlsext_status_cb ,
.Fn SSL_CTX_set_tlsext_status_arg ,
.Fn SSL_set_tlsext_status_type ,
and
.Fn SSL_set_tlsext_status_ocsp_resp
return 0 on error or 1 on success.
.Pp
.Fn SSL_get_tlsext_status_ocsp_resp
returns the length of the OCSP response data or -1 if there is no OCSP
response data.
Added jni/libressl/man/SSL_CTX_set_tlsext_ticket_key_cb.3.














































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
.\"	$OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.2 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Rich Salz <rsalz@akamai.com>
.\" Copyright (c) 2014, 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3
.Os
.Sh NAME
.Nm SSL_CTX_set_tlsext_ticket_key_cb
.Nd set a callback for session ticket processing
.Sh SYNOPSIS
.In openssl/tls1.h
.Ft long
.Fo SSL_CTX_set_tlsext_ticket_key_cb
.Fa "SSL_CTX sslctx"
.Fa "int (*cb)(SSL *s, unsigned char key_name[16],\
 unsigned char iv[EVP_MAX_IV_LENGTH],\
 EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_set_tlsext_ticket_key_cb
sets a callback function
.Fa cb
for handling session tickets for the ssl context
.Fa sslctx .
Session tickets, defined in RFC5077, provide an enhanced session
resumption capability where the server implementation is not required to
maintain per session state.
.Pp
The callback function
.Fa cb
will be called for every client instigated TLS session when session
ticket extension is presented in the TLS hello message.
It is the responsibility of this function to create or retrieve the
cryptographic parameters and to maintain their state.
.Pp
The OpenSSL library uses the callback function to help implement a
common TLS ticket construction state according to RFC5077 Section 4 such
that per session state is unnecessary and a small set of cryptographic
variables needs to be maintained by the callback function
implementation.
.Pp
In order to reuse a session, a TLS client must send a session ticket
extension to the server.
The client can only send exactly one session ticket.
The server, through the callback function, either agrees to reuse the
session ticket information or it starts a full TLS handshake to create a
new session ticket.
.Pp
Before the callback function is started,
.Fa ctx
and
.Fa hctx
have been initialised with
.Xr EVP_CIPHER_CTX_init 3
and
.Xr HMAC_CTX_init 3 ,
respectively.
.Pp
For new sessions tickets, when the client doesn't present a session
ticket, or an attempted retrieval of the ticket failed, or a renew
option was indicated, the callback function will be called with
.Fa enc
equal to 1.
The OpenSSL library expects that the function will set an arbitrary
.Fa key_name ,
initialize
.Fa iv ,
and set the cipher context
.Fa ctx
and the hash context
.Fa hctx .
.Pp
The
.Fa key_name
is 16 characters long and is used as a key identifier.
.Pp
The
.Fa iv
length is the length of the IV of the corresponding cipher.
The maximum IV length is
.Dv EVP_MAX_IV_LENGTH
bytes defined in
.In opsenssl/evp.h .
.Pp
The initialization vector
.Fa iv
should be a random value.
The cipher context
.Fa ctx
should use the initialisation vector
.Fa iv .
The cipher context can be set using
.Xr EVP_EncryptInit_ex 3 .
The hmac context can be set using
.Xr HMAC_Init_ex 3 .
.Pp
When the client presents a session ticket, the callback function
with be called with
.Fa enc
set to 0 indicating that the
.Fa cb
function should retrieve a set of parameters.
In this case
.Fa key_name
and
.Fa iv
have already been parsed out of the session ticket.
The OpenSSL library expects that the
.Em key_name
will be used to retrieve a cryptographic parameters and that the
cryptographic context
.Fa ctx
will be set with the retrieved parameters and the initialization vector
.Fa iv
using a function like
.Xr EVP_DecryptInit_ex 3 .
The
.Fa hctx
needs to be set using
.Xr HMAC_Init_ex 3 .
.Pp
If the
.Fa key_name
is still valid but a renewal of the ticket is required, the callback
function should return 2.
The library will call the callback again with an argument of
.Fa enc
equal to 1 to set the new ticket.
.Pp
The return value of the
.Fa cb
function is used by OpenSSL to determine what further processing will
occur.
The following return values have meaning:
.Bl -tag -width Ds
.It 2
This indicates that the
.Fa ctx
and
.Fa hctx
have been set and the session can continue on those parameters.
Additionally it indicates that the session ticket is in a renewal period
and should be replaced.
The OpenSSL library will call
.Fa cb
again with an
.Fa enc
argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2).
.It 1
This indicates that the
.Fa ctx
and
.Fa hctx
have been set and the session can continue on those parameters.
.It 0
This indicates that it was not possible to set/retrieve a session ticket
and the SSL/TLS session will continue by negotiating a set of
cryptographic parameters or using the alternate SSL/TLS resumption
mechanism, session ids.
.Pp
If called with
.Fa enc
equal to 0, the library will call the
.Fa cb
again to get a new set of parameters.
.It less than 0
This indicates an error.
.El
.Pp
Session resumption shortcuts the TLS so that the client certificate
negotiation don't occur.
It makes up for this by storing client certificate and all other
negotiated state information encrypted within the ticket.
In a resumed session the applications will have all this state
information available exactly as if a full negotiation had occurred.
.Pp
If an attacker can obtain the key used to encrypt a session ticket, they
can obtain the master secret for any ticket using that key and decrypt
any traffic using that session: even if the ciphersuite supports forward
secrecy.
As a result applications may wish to use multiple keys and avoid using
long term keys stored in files.
.Pp
Applications can use longer keys to maintain a consistent level of
security.
For example if a ciphersuite uses 256 bit ciphers but only a 128 bit
ticket key the overall security is only 128 bits because breaking the
ticket key will enable an attacker to obtain the session keys.
.Sh RETURN VALUES
This function returns 0 to indicate that the callback function was set.
.Sh EXAMPLES
Reference Implementation:
.Bd -literal
SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
\&....
static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
    unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
{
	if (enc) { /* create new session */
		if (RAND_bytes(iv, EVP_MAX_IV_LENGTH))
			return -1; /* insufficient random */

		key = currentkey(); /* something you need to implement */
		if (!key) {
			/* current key doesn't exist or isn't valid */
			key = createkey();
			    /* something that you need to implement.
			     * createkey needs to initialise a name,
			     * an aes_key, a hmac_key, and optionally
			     * an expire time. */
			if (!key) /* key couldn't be created */
				return 0;
		}
		memcpy(key_name, key->name, 16);

		EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
		    key->aes_key, iv);
		HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);

		return 1;

	} else { /* retrieve session */
		key = findkey(name);

		if  (!key || key->expire < now())
			return 0;

		HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
		EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
		    key->aes_key, iv );

		if (key->expire < (now() - RENEW_TIME))
		    /* this session will get a new ticket
		     * even though the current is still valid */
		    return 2;

		return 1;
	}
}
.Ed
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_add_session 3 ,
.Xr SSL_CTX_sess_number 3 ,
.Xr SSL_CTX_sess_set_get_cb 3 ,
.Xr SSL_CTX_set_session_id_context 3 ,
.Xr SSL_session_reused 3 ,
.Xr SSL_set_session 3
Changes to jni/libressl/man/SSL_CTX_set_tmp_dh_callback.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_tmp_dh_callback ,
.Nm SSL_CTX_set_tmp_dh ,
.Nm SSL_set_tmp_dh_callback ,
.Nm SSL_set_tmp_dh
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.2 2016/12/01 21:53:42 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2014, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
.Os
.Sh NAME
.Nm SSL_CTX_set_tmp_dh_callback ,
.Nm SSL_CTX_set_tmp_dh ,
.Nm SSL_set_tmp_dh_callback ,
.Nm SSL_set_tmp_dh
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

139
140



141
142
143
144
145
146
147
148
149
150
151
152
153



154


155
156
157
158
159
160

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

210
211
212
213

214
215
216
217
218
219
220
221
222
223
224
225


226
227

228
229
230
231
232
233
234
235
.Fa ssl .
.Pp
.Fn SSL_set_tmp_dh
sets the parameters only for
.Fa ssl .
.Pp
These functions apply to SSL/TLS servers only.
.Sh NOTES
When using a cipher with RSA authentication,
an ephemeral DH key exchange can take place.
Ciphers with DSA keys always use ephemeral DH keys as well.
In these cases, the session data are negotiated using the ephemeral/temporary
DH key and the key supplied and certified by the certificate chain is only used
for signing.
Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
.Pp
Using ephemeral DH key exchange yields forward secrecy,
as the connection can only be decrypted when the DH key is known.
By generating a temporary DH key inside the server application that is lost
when the application is left, it becomes impossible for an attacker to decrypt
past sessions, even if he gets hold of the normal (certified) key,
as this key was only used for signing.
.Pp
In order to perform a DH key exchange the server must use a DH group
(DH parameters) and generate a DH key.
The server will always generate a new DH key during the negotiation,
when the DH parameters are supplied via callback and/or when the
.Dv SSL_OP_SINGLE_DH_USE
option of
.Xr SSL_CTX_set_options 3
is set.
It will immediately create a DH key, when DH parameters are supplied via
.Fn SSL_CTX_set_tmp_dh
and
.Dv SSL_OP_SINGLE_DH_USE
is not set.
In this case, it may happen that a key is generated on initialization without
later being needed, while on the other hand the computer time during the
negotiation is being saved.
.Pp
If
.Dq strong
primes were used to generate the DH parameters, it is not strictly necessary to
generate a new key for each handshake but it does improve forward secrecy.
If it is not assured that
.Dq strong
primes were used (see especially the section about DSA parameters below),
.Dv SSL_OP_SINGLE_DH_USE
must be used in order to prevent small subgroup attacks.
Always using
.Dv SSL_OP_SINGLE_DH_USE
has an impact on the computer time needed during negotiation,
but it is not very large,
so application authors/users should consider always enabling this option.
.Pp
As generating DH parameters is extremely time consuming, an application should
not generate the parameters on the fly but supply the parameters.
DH parameters can be reused,
as the actual key is newly generated during the negotiation.
The risk in reusing DH parameters is that an attacker may specialize on a very
often used DH group.
Applications should therefore generate their own DH parameters during the
installation process using the openssl
.Xr openssl 1

application.
In order to reduce the computer time needed for this generation,
it is possible to use DSA parameters instead (see
.Xr openssl 1 ) ,
but in this case
.Dv SSL_OP_SINGLE_DH_USE
is mandatory.
.Pp
Application authors may compile in DH parameters.
Files
.Pa dh512.pem ,
.Pa dh1024.pem ,
.Pa dh2048.pem ,
and
.Pa dh4096.pem
in the
.Pa apps
directory of the current version of the OpenSSL distribution contain the
.Sq SKIP
DH parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the
.Fl C
option of the
.Xr openssl 1

application.
Authors may also generate their own set of parameters using



.Xr openssl 1 ,
but a user may not be sure how the parameters were generated.
The generation of DH parameters during installation is therefore recommended.
.Pp
An application may either directly specify the DH parameters or can supply the
DH parameters via a callback function.
The callback approach has the advantage that the callback may supply DH
parameters for different key lengths.
.Pp
The
.Fa tmp_dh_callback
is called with the
.Fa keylength



needed and the


.Fa is_export
information.
The
.Fa is_export
flag is set when the ephemeral DH key exchange is performed with an export
cipher.

.Sh RETURN VALUES
.Fn SSL_CTX_set_tmp_dh_callback
and
.Fn SSL_set_tmp_dh_callback
do not return diagnostic output.
.Pp
.Fn SSL_CTX_set_tmp_dh
and
.Fn SSL_set_tmp_dh
do return 1 on success and 0 on failure.
Check the error queue to find out the reason of failure.
.Sh EXAMPLES
Handle DH parameters for key lengths of 512 and 1024 bits.
(Error handling partly left out.)
.Bd -literal
\&...
/* Set up ephemeral DH stuff */
DH *dh_512 = NULL;
DH *dh_1024 = NULL;
FILE *paramfile;

\&...

/* "openssl dhparam -out dh_param_512.pem -2 512" */
paramfile = fopen("dh_param_512.pem", "r");

if (paramfile) {
	dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
	fclose(paramfile);
}
/* "openssl dhparam -out dh_param_1024.pem -2 1024" */
paramfile = fopen("dh_param_1024.pem", "r");
if (paramfile) {
	dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
	fclose(paramfile);
}

\&...

/* "openssl dhparam -C -2 512" etc... */
DH *get_dh512() { ... }
DH *get_dh1024() { ... }

DH *
tmp_dh_callback(SSL *s, int is_export, int keylength)
{
	DH *dh_tmp=NULL;

	switch (keylength) {
	case 512:

		if (!dh_512)
			dh_512 = get_dh512();
		dh_tmp = dh_512;
		break;

	case 1024:
		if (!dh_1024)
			dh_1024 = get_dh1024();
		dh_tmp = dh_1024;
		break;
	default:
		/*
		 * Generating a key on the fly is very costly,
		 * so use what is there
		 */
		setup_dh_parameters_like_above();
	}



	return(dh_tmp);

}
.Ed
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
.Xr SSL_CTX_set_options 3 ,
.Xr SSL_CTX_set_tmp_rsa_callback 3







|

















|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








|

>

<
<
<
|
<
<

<

<
<
|












>

|
>
>
>
|
|
<



<
<

|
|
|

>
>
>
|
>
>
|
|
<

<
<
>












|
|
<
|
<
<
<
<
|
<
|
|
<
>
|
<
<
<
<
<
|
<
<
<
|

<
<
<
<

|
<
<
|
|
<
<
>
|
<
<
|
>
|
<
<
<
<
<
|
<
<
<
<
|
>
>
|
|
>






|
<
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122




























123
124
125
126
127
128
129
130
131
132
133
134



135


136

137


138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

159
160
161


162
163
164
165
166
167
168
169
170
171
172
173
174

175


176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

191




192

193
194

195
196





197



198
199




200
201


202
203


204
205


206
207
208





209




210
211
212
213
214
215
216
217
218
219
220
221
222

.Fa ssl .
.Pp
.Fn SSL_set_tmp_dh
sets the parameters only for
.Fa ssl .
.Pp
These functions apply to SSL/TLS servers only.
.Pp
When using a cipher with RSA authentication,
an ephemeral DH key exchange can take place.
Ciphers with DSA keys always use ephemeral DH keys as well.
In these cases, the session data are negotiated using the ephemeral/temporary
DH key and the key supplied and certified by the certificate chain is only used
for signing.
Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
.Pp
Using ephemeral DH key exchange yields forward secrecy,
as the connection can only be decrypted when the DH key is known.
By generating a temporary DH key inside the server application that is lost
when the application is left, it becomes impossible for an attacker to decrypt
past sessions, even if he gets hold of the normal (certified) key,
as this key was only used for signing.
.Pp
In order to perform a DH key exchange the server must use a DH group
(DH parameters) and generate a DH key.
The server will always generate a new DH key during the negotiation.




























.Pp
As generating DH parameters is extremely time consuming, an application should
not generate the parameters on the fly but supply the parameters.
DH parameters can be reused,
as the actual key is newly generated during the negotiation.
The risk in reusing DH parameters is that an attacker may specialize on a very
often used DH group.
Applications should therefore generate their own DH parameters during the
installation process using the
.Xr openssl 1
.Cm dhparam
application.



This application guarantees that "strong" primes are used.


.Pp

Files


.Pa dh2048.pem
and
.Pa dh4096.pem
in the
.Pa apps
directory of the current version of the OpenSSL distribution contain the
.Sq SKIP
DH parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the
.Fl C
option of the
.Xr openssl 1
.Cm dhparam
application.
Generation of custom DH parameters during installation should still
be preferred to stop an attacker from specializing on a commonly
used group.
The file
.Pa dh1024.pem
contains old parameters that must not be used by applications.

.Pp
An application may either directly specify the DH parameters or can supply the
DH parameters via a callback function.


.Pp
Previous versions of the callback used
.Fa is_export
and
.Fa keylength
parameters to control parameter generation for export and non-export
cipher suites.
Modern servers that do not support export ciphersuites are advised
to either use
.Fn SSL_CTX_set_tmp_dh
or alternatively, use the callback but ignore
.Fa keylength
and

.Fa is_export


and simply supply at least 2048-bit parameters in the callback.
.Sh RETURN VALUES
.Fn SSL_CTX_set_tmp_dh_callback
and
.Fn SSL_set_tmp_dh_callback
do not return diagnostic output.
.Pp
.Fn SSL_CTX_set_tmp_dh
and
.Fn SSL_set_tmp_dh
do return 1 on success and 0 on failure.
Check the error queue to find out the reason of failure.
.Sh EXAMPLES
Set up DH parameters with a key length of 2048 bits.
Error handling is partly left out.

.Pp




Command-line parameter generation:

.Pp
.Dl openssl dhparam -out dh_param_2048.pem 2048

.Pp
Code for setting up parameters during server initialization:





.Bd -literal



SSL_CTX ctx = SSL_CTX_new();
\&...





/* Set up ephemeral DH parameters. */


DH *dh_2048 = NULL;
FILE *paramfile;


paramfile = fopen("dh_param_2048.pem", "r");
if (paramfile) {


	dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
	fclose(paramfile);
} else {





	/* Error. */




}
if (dh_2048 == NULL) {
	/* Error. */
}
if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
	/* Error. */
}
.Ed
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
.Xr SSL_CTX_set_options 3

Changes to jni/libressl/man/SSL_CTX_set_tmp_rsa_callback.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_TMP_RSA_CALLBACK.POD 3
.Os
.Sh NAME
.Nm SSL_CTX_set_tmp_rsa_callback ,
.Nm SSL_CTX_set_tmp_rsa ,
.Nm SSL_CTX_need_tmp_rsa ,
.Nm SSL_set_tmp_rsa_callback ,
.Nm SSL_set_tmp_rsa ,
.Nm SSL_need_tmp_rsa
.Nd handle RSA keys for ephemeral key exchange
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_CTX_set_tmp_rsa_callback
.Fa "SSL_CTX *ctx"
.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
.Fc
.Ft long
.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
.Ft long
.Fn SSL_CTX_need_tmp_rsa "SSL_CTX *ctx"
.Ft void
.Fo SSL_set_tmp_rsa_callback
.Fa "SSL_CTX *ctx"
.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
.Fc
.Ft long
.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa"
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|





|














|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
.\"	$OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.3 2016/12/06 22:55:35 schwarze Exp $
.\"	OpenSSL 0b30fc90 Dec 19 15:23:05 2013 -0500
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2006, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_CTX_SET_TMP_RSA_CALLBACK.POD 3
.Os
.Sh NAME
.Nm SSL_CTX_set_tmp_rsa_callback ,
.Nm SSL_CTX_set_tmp_rsa ,
.Nm SSL_CTX_need_tmp_RSA ,
.Nm SSL_set_tmp_rsa_callback ,
.Nm SSL_set_tmp_rsa ,
.Nm SSL_need_tmp_rsa
.Nd handle RSA keys for ephemeral key exchange
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_CTX_set_tmp_rsa_callback
.Fa "SSL_CTX *ctx"
.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
.Fc
.Ft long
.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
.Ft long
.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
.Ft void
.Fo SSL_set_tmp_rsa_callback
.Fa "SSL_CTX *ctx"
.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
.Fc
.Ft long
.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa"
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.Vt SSL
objects newly created from
.Fa ctx
with
.Xr SSL_new 3 .
Already created SSL objects are not affected.
.Pp
.Fn SSL_CTX_need_tmp_rsa
returns 1,
if a temporary/ephemeral RSA key is needed for RSA-based strength-limited
.Sq exportable
ciphersuites because a RSA key with a keysize larger than 512 bits is installed.
.Pp
.Fn SSL_set_tmp_rsa_callback
sets the callback only for







|







102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
.Vt SSL
objects newly created from
.Fa ctx
with
.Xr SSL_new 3 .
Already created SSL objects are not affected.
.Pp
.Fn SSL_CTX_need_tmp_RSA
returns 1,
if a temporary/ephemeral RSA key is needed for RSA-based strength-limited
.Sq exportable
ciphersuites because a RSA key with a keysize larger than 512 bits is installed.
.Pp
.Fn SSL_set_tmp_rsa_callback
sets the callback only for
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
.Pp
Additionally, the use of ephemeral RSA key exchange is only allowed in the TLS
standard when the RSA key can be used for signing only, that is,
for export ciphers.
Using ephemeral RSA key exchange for other purposes violates the standard and
can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral RSA key exchange and
use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve
forward secrecy (see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
.Pp
On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
and must be explicitly enabled using the
.Dv SSL_OP_EPHEMERAL_RSA
option of







|







149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
.Pp
Additionally, the use of ephemeral RSA key exchange is only allowed in the TLS
standard when the RSA key can be used for signing only, that is,
for export ciphers.
Using ephemeral RSA key exchange for other purposes violates the standard and
can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral RSA key exchange and
use DHE (Ephemeral Diffie-Hellman) key exchange instead in order to achieve
forward secrecy (see
.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
.Pp
On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
and must be explicitly enabled using the
.Dv SSL_OP_EPHEMERAL_RSA
option of
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
.Pp
.Fn SSL_CTX_set_tmp_rsa
and
.Fn SSL_set_tmp_rsa
return 1 on success and 0 on failure.
Check the error queue to find out the reason of failure.
.Pp
.Fn SSL_CTX_need_tmp_rsa
and
.Fn SSL_need_tmp_rsa
return 1 if a temporary RSA key is needed and 0 otherwise.
.Sh EXAMPLES
Generate temporary RSA keys to prepare ephemeral RSA key exchange.
As the generation of a RSA key costs a lot of computer time,
they are saved for later reuse.







|







199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
.Pp
.Fn SSL_CTX_set_tmp_rsa
and
.Fn SSL_set_tmp_rsa
return 1 on success and 0 on failure.
Check the error queue to find out the reason of failure.
.Pp
.Fn SSL_CTX_need_tmp_RSA
and
.Fn SSL_need_tmp_rsa
return 1 if a temporary RSA key is needed and 0 otherwise.
.Sh EXAMPLES
Generate temporary RSA keys to prepare ephemeral RSA key exchange.
As the generation of a RSA key costs a lot of computer time,
they are saved for later reuse.
Changes to jni/libressl/man/SSL_CTX_set_verify.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_SET_VERIFY 3
.Os
.Sh NAME
.Nm SSL_CTX_set_verify ,
.Nm SSL_set_verify ,
.Nm SSL_CTX_set_verify_depth ,
.Nm SSL_set_verify_depth
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CTX_set_verify.3,v 1.3 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_CTX_SET_VERIFY 3
.Os
.Sh NAME
.Nm SSL_CTX_set_verify ,
.Nm SSL_set_verify ,
.Nm SSL_CTX_set_verify_depth ,
.Nm SSL_set_verify_depth
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
sets the maximum
.Fa depth
for the certificate chain verification that shall be allowed for
.Fa ssl .
(See the
.Sx BUGS
section.)
.Sh NOTES
The verification of certificates can be controlled by a set of bitwise ORed
.Fa mode
flags:
.Bl -tag -width Ds
.It Dv SSL_VERIFY_NONE
.Em Server mode:
the server will not send a client certificate request to the client,







|







130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
sets the maximum
.Fa depth
for the certificate chain verification that shall be allowed for
.Fa ssl .
(See the
.Sx BUGS
section.)
.Pp
The verification of certificates can be controlled by a set of bitwise ORed
.Fa mode
flags:
.Bl -tag -width Ds
.It Dv SSL_VERIFY_NONE
.Em Server mode:
the server will not send a client certificate request to the client,
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
.Em Server mode:
if the client did not return a certificate, the TLS/SSL
handshake is immediately terminated with a
.Dq handshake failure
alert.
This flag must be used together with
.Dv SSL_VERIFY_PEER.
.Pp
.Em Client mode:
ignored
.It Dv SSL_VERIFY_CLIENT_ONCE
.Em Server mode:
only request a client certificate on the initial TLS/SSL handshake.
Do not ask for a client certificate again in case of a renegotiation.







|







176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
.Em Server mode:
if the client did not return a certificate, the TLS/SSL
handshake is immediately terminated with a
.Dq handshake failure
alert.
This flag must be used together with
.Dv SSL_VERIFY_PEER .
.Pp
.Em Client mode:
ignored
.It Dv SSL_VERIFY_CLIENT_ONCE
.Em Server mode:
only request a client certificate on the initial TLS/SSL handshake.
Do not ask for a client certificate again in case of a renegotiation.
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
Its return value is identical to
.Fa preverify_ok ,
so that any verification
failure will lead to a termination of the TLS/SSL handshake with an
alert message, if
.Dv SSL_VERIFY_PEER
is set.
.Sh RETURN VALUES
The
.Fn SSL*_set_verify*
functions do not provide diagnostic information.
.Sh EXAMPLES
The following code sequence realizes an example
.Fa verify_callback
function that will always continue the TLS/SSL handshake regardless of
verification failure, if wished.
The callback realizes a verification depth limit with more informational output.
.Pp







<
<
<
<







300
301
302
303
304
305
306




307
308
309
310
311
312
313
Its return value is identical to
.Fa preverify_ok ,
so that any verification
failure will lead to a termination of the TLS/SSL handshake with an
alert message, if
.Dv SSL_VERIFY_PEER
is set.




.Sh EXAMPLES
The following code sequence realizes an example
.Fa verify_callback
function that will always continue the TLS/SSL handshake regardless of
verification failure, if wished.
The callback realizes a verification depth limit with more informational output.
.Pp
Changes to jni/libressl/man/SSL_CTX_use_certificate.3.


1
2



3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_CTX_use_certificate.3,v 1.2 2014/12/02 14:11:01 jmc Exp $



.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CTX_USE_CERTIFICATE 3
.Os
.Sh NAME
.Nm SSL_CTX_use_certificate ,
.Nm SSL_CTX_use_certificate_ASN1 ,
.Nm SSL_CTX_use_certificate_file ,
.Nm SSL_use_certificate ,
>
>

<
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_CTX_use_certificate.3,v 1.2 2016/12/01 22:17:32 schwarze Exp $
.\"	OpenSSL e248596b Apr 8 22:49:57 2005 +0000
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CTX_USE_CERTIFICATE 3
.Os
.Sh NAME
.Nm SSL_CTX_use_certificate ,
.Nm SSL_CTX_use_certificate_ASN1 ,
.Nm SSL_CTX_use_certificate_file ,
.Nm SSL_use_certificate ,
Deleted jni/libressl/man/SSL_CTX_use_psk_identity_hint.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
.\"
.\"	$OpenBSD$
.\"
.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CTX_USE_PSK_IDENTITY_HINT 3
.Os
.Sh NAME
.Nm SSL_CTX_use_psk_identity_hint ,
.Nm SSL_use_psk_identity_hint ,
.Nm  SSL_CTX_set_psk_server_callback ,
.Nm SSL_set_psk_server_callback
.Nd set PSK identity hint to use
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
.Ft int
.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
.Ft void
.Fo SSL_CTX_set_psk_server_callback
.Fa "SSL_CTX *ctx"
.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
.Fc
.Ft void
.Fo SSL_set_psk_server_callback
.Fa "SSL *ssl"
.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_use_psk_identity_hint
sets the given
.Dv NULL Ns
-terminated PSK identity hint
.Fa hint
to SSL context object
.Fa ctx .
.Fn SSL_use_psk_identity_hint
sets the given
.Dv NULL Ns
-terminated
PSK identity hint
.Fa hint
to SSL connection object
.Fa ssl .
If
.Fa hint
is
.Dv NULL
the current hint from
.Fa ctx
or
.Fa ssl
is deleted.
.Pp
In the case where PSK identity hint is
.Dv NULL ,
the server does not send the
.Em ServerKeyExchange
message to the client.
.Pp
A server application must provide a callback function which is called when the
server receives the
.Em ClientKeyExchange
message from the client.
The purpose of the callback function is to validate the received PSK identity
and to fetch the pre-shared key used during the connection setup phase.
The callback is set using functions
.Fn SSL_CTX_set_psk_server_callback
or
.Fn SSL_set_psk_server_callback .
The callback function is given the connection in parameter
.Fa ssl ,
.Dv NULL Ns
-terminated PSK identity sent by the client in parameter
.Fa identity ,
and a buffer
.Fa psk
of length
.Fa max_psk_len
bytes where the pre-shared key is to be stored.
.Sh RETURN VALUES
.Fn SSL_CTX_use_psk_identity_hint
and
.Fn SSL_use_psk_identity_hint
return 1 on success, 0 otherwise.
.Pp
Return values from the server callback are interpreted as follows:
.Bl -tag -width Ds
.It >0
PSK identity was found and the server callback has provided the PSK
successfully in parameter
.Fa psk .
Return value is the length of
.Fa psk
in bytes.
It is an error to return a value greater than
.Fa max_psk_len .
.Pp
If the PSK identity was not found but the callback instructs the protocol to
continue anyway, the callback must provide some random data to
.Fa psk
and return the length of the random data, so the connection will fail with
.Dq decryption_error
before it will be finished completely.
.It 0
PSK identity was not found.
An
.Dq unknown_psk_identity
alert message will be sent and the connection setup fails.
.El
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




























































































































































































































Changes to jni/libressl/man/SSL_SESSION_free.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_SESSION_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_SESSION_FREE 3
.Os
.Sh NAME
.Nm SSL_SESSION_free
.Nd free an allocated SSL_SESSION structure
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_SESSION_free.3,v 1.2 2016/12/06 18:53:55 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2009 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SESSION_FREE 3
.Os
.Sh NAME
.Nm SSL_SESSION_free
.Nd free an allocated SSL_SESSION structure
.Sh SYNOPSIS
.In openssl/ssl.h
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
.Fa session
and frees up the allocated memory, if the reference count has reached 0.
If
.Fa session
is a
.Dv NULL
pointer, no action occurs.
.Sh NOTES
.Vt SSL_SESSION
objects are allocated when a TLS/SSL handshake operation is successfully
completed.
Depending on the settings, see
.Xr SSL_CTX_set_session_cache_mode 3 ,
the
.Vt SSL_SESSION







|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
.Fa session
and frees up the allocated memory, if the reference count has reached 0.
If
.Fa session
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Vt SSL_SESSION
objects are allocated when a TLS/SSL handshake operation is successfully
completed.
Depending on the settings, see
.Xr SSL_CTX_set_session_cache_mode 3 ,
the
.Vt SSL_SESSION
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

.Vt SSL_SESSION
object was generated outside a TLS handshake operation, e.g., by using
.Xr d2i_SSL_SESSION 3 .
It must not be called on other
.Vt SSL_SESSION
objects, as this would cause incorrect reference counts and therefore program
failures.
.Sh RETURN VALUES
.Fn SSL_SESSION_free
does not provide diagnostic information.
.Sh SEE ALSO
.Xr d2i_SSL_SESSION 3 ,
.Xr ssl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_get_session 3








<
<
<


<


|
>
116
117
118
119
120
121
122



123
124

125
126
127
128
.Vt SSL_SESSION
object was generated outside a TLS handshake operation, e.g., by using
.Xr d2i_SSL_SESSION 3 .
It must not be called on other
.Vt SSL_SESSION
objects, as this would cause incorrect reference counts and therefore program
failures.



.Sh SEE ALSO
.Xr d2i_SSL_SESSION 3 ,

.Xr SSL_CTX_flush_sessions 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_get_session 3 ,
.Xr SSL_SESSION_new 3
Changes to jni/libressl/man/SSL_SESSION_get_ex_new_index.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SESSION_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm SSL_SESSION_get_ex_new_index ,
.Nm SSL_SESSION_set_ex_data ,
.Nm SSL_SESSION_get_ex_data
.Nd internal application specific data functions
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.2 2016/12/06 22:41:16 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SESSION_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm SSL_SESSION_get_ex_new_index ,
.Nm SSL_SESSION_set_ex_data ,
.Nm SSL_SESSION_get_ex_data
.Nd internal application specific data functions
Changes to jni/libressl/man/SSL_SESSION_get_time.3.


1
2



3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_SESSION_get_time.3,v 1.2 2014/12/02 14:11:01 jmc Exp $



.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_SESSION_GET_TIME 3
.Os
.Sh NAME
.Nm SSL_SESSION_get_time ,
.Nm SSL_SESSION_set_time ,
.Nm SSL_SESSION_get_timeout ,
.Nm SSL_SESSION_set_timeout ,
>
>

<
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_SESSION_get_time.3,v 1.2 2016/12/06 22:41:16 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005, 2006, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SESSION_GET_TIME 3
.Os
.Sh NAME
.Nm SSL_SESSION_get_time ,
.Nm SSL_SESSION_set_time ,
.Nm SSL_SESSION_get_timeout ,
.Nm SSL_SESSION_set_timeout ,
Added jni/libressl/man/SSL_SESSION_new.3.




























































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
.\"	$OpenBSD: SSL_SESSION_new.3,v 1.1 2016/12/06 18:40:31 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SESSION_NEW 3
.Os
.Sh NAME
.Nm SSL_SESSION_new
.Nd construct a new SSL_SESSION object
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL_SESSION *
.Fn SSL_SESSION_new void
.Sh DESCRIPTION
.Fn SSL_SESSION_new
allocates and initializes an new
.Vt SSL_SESSION
object.
The reference count is set to 1, the time to the current time, and
the timeout to five minutes.
.Pp
When the object is no longer needed, it can be destructed with
.Xr SSL_SESSION_free 3 .
.Pp
.Fn SSL_SESSION_new
is used internally, for example by
.Xr SSL_connect 3 .
.Sh RETURN VALUES
.Fn SSL_SESSION_new
returns the new
.Vt SSL_SESSION
object or
.Dv NULL
if insufficient memory is available.
.Pp
After failure,
.Xr ERR_get_error 3
returns
.Dv ERR_R_MALLOC_FAILURE .
.Sh SEE ALSO
.Xr d2i_SSL_SESSION 3 ,
.Xr PEM_read_SSL_SESSION 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_add_session 3 ,
.Xr SSL_get_session 3 ,
.Xr SSL_SESSION_free 3 ,
.Xr SSL_SESSION_get_ex_new_index 3 ,
.Xr SSL_SESSION_get_time 3 ,
.Xr SSL_set_session 3
Added jni/libressl/man/SSL_SESSION_print.3.




































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
.\"	$OpenBSD: SSL_SESSION_print.3,v 1.1 2016/12/06 23:45:34 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SESSION_PRINT 3
.Os
.Sh NAME
.Nm SSL_SESSION_print ,
.Nm SSL_SESSION_print_fp
.Nd print some properties of an SSL_SESSION object
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_SESSION_print
.Fa "BIO *bp"
.Fa "const SSL_SESSION *session"
.Fc
.Ft int
.Fo SSL_SESSION_print_fp
.Fa "FILE *fp"
.Fa "const SSL_SESSION *session"
.Fc
.Sh DESCRIPTION
.Fn SSL_SESSION_print
prints some properties of
.Fa session
in a human-readable format to the
.Fa "BIO *bp" ,
including protocol version, cipher name, session ID,
session ID context, master key, session ticket lifetime hint,
session ticket, start time, timeout, and verify return code.
.Pp
.Fn SSL_SESSION_print_fp
does the same as
.Fn SSL_SESSION_print
except that it prints to the
.Fa "FILE *fp" .
.Sh RETURN VALUES
.Fn SSL_SESSION_print
and
.Fn SSL_SESSION_print_fp
return 1 for success or 0 for failure.
.Pp
In some cases, the reason for failure can be determined with
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_SSL_SESSION 3 ,
.Xr PEM_read_SSL_SESSION 3 ,
.Xr SSL_get_session 3 ,
.Xr SSL_SESSION_free 3 ,
.Xr SSL_SESSION_get_ex_new_index 3 ,
.Xr SSL_SESSION_get_time 3 ,
.Xr SSL_SESSION_new 3
Changes to jni/libressl/man/SSL_accept.3.


1
2



3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_accept.3,v 1.2 2014/12/02 14:11:01 jmc Exp $



.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_ACCEPT 3
.Os
.Sh NAME
.Nm SSL_accept
.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

<
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_accept.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_ACCEPT 3
.Os
.Sh NAME
.Nm SSL_accept
.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake
.Sh SYNOPSIS
.In openssl/ssl.h
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_do_handshake 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_shutdown 3







|







137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_do_handshake 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_shutdown 3
Changes to jni/libressl/man/SSL_alert_type_string.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_alert_type_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_ALERT_TYPE_STRING.POD 3
.Os
.Sh NAME
.Nm SSL_alert_type_string ,
.Nm SSL_alert_type_string_long ,
.Nm SSL_alert_desc_string ,
.Nm SSL_alert_desc_string_long
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_alert_type_string.3,v 1.2 2016/12/01 22:46:21 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2011 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_ALERT_TYPE_STRING.POD 3
.Os
.Sh NAME
.Nm SSL_alert_type_string ,
.Nm SSL_alert_type_string_long ,
.Nm SSL_alert_desc_string ,
.Nm SSL_alert_desc_string_long
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
returns a two letter string as a short form describing the reason of the alert
specified by
.Fa value .
.Pp
.Fn SSL_alert_desc_string_long
returns a string describing the reason of the alert specified by
.Fa value .
.Sh NOTES
When one side of an SSL/TLS communication wants to inform the peer about
a special situation, it sends an alert.
The alert is sent as a special message and does not influence the normal data
stream (unless its contents results in the communication being canceled).
.Pp
A warning alert is sent, when a non-fatal error condition occurs.
The







|







80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
returns a two letter string as a short form describing the reason of the alert
specified by
.Fa value .
.Pp
.Fn SSL_alert_desc_string_long
returns a string describing the reason of the alert specified by
.Fa value .
.Pp
When one side of an SSL/TLS communication wants to inform the peer about
a special situation, it sends an alert.
The alert is sent as a special message and does not influence the normal data
stream (unless its contents results in the communication being canceled).
.Pp
A warning alert is sent, when a non-fatal error condition occurs.
The
Changes to jni/libressl/man/SSL_clear.3.


1



2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_CLEAR 3
.Os
.Sh NAME
.Nm SSL_clear
.Nd reset SSL object to allow another connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_clear "SSL *ssl"
.Sh DESCRIPTION
Reset
.Fa ssl
to allow another connection.
All settings (method, ciphers, BIOs) are kept.
.Sh NOTES
.Fn SSL_clear
is used to prepare an
.Vt SSL
object for a new connection.
While all settings are kept,
a side effect is the handling of the current SSL session.
If a session is still
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|














|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
.\"	$OpenBSD: SSL_clear.3,v 1.2 2016/12/01 22:45:28 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_CLEAR 3
.Os
.Sh NAME
.Nm SSL_clear
.Nd reset SSL object to allow another connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_clear "SSL *ssl"
.Sh DESCRIPTION
Reset
.Fa ssl
to allow another connection.
All settings (method, ciphers, BIOs) are kept.
.Pp
.Fn SSL_clear
is used to prepare an
.Vt SSL
object for a new connection.
While all settings are kept,
a side effect is the handling of the current SSL session.
If a session is still
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
This explicitly means that for example the special method used during the
session will be kept for the next handshake.
So if the session was a TLSv1 session, a
.Vt SSL
client object will use a TLSv1 client method for the next handshake and a
.Vt SSL
server object will use a TLSv1 server method, even if
.Fn SSLv23_*_method Ns s
were chosen on startup.
This might lead to connection failures (see
.Xr SSL_new 3 )
for a description of the method's properties.
.Sh WARNINGS
.Fn SSL_clear
resets the
.Vt SSL
object to allow for another connection.
The reset operation however keeps several settings of the last sessions
(some of these settings were made automatically during the last handshake).
It only makes sense for a new connection with the exact same peer that shares
these settings,
and may fail if that peer changes its settings between connections.
Use the sequence
.Xr SSL_get_session 3 ;
.Xr SSL_new 3 ;
.Xr SSL_set_session 3 ;
.Xr SSL_free 3
instead to avoid such failures (or simply
.Xr SSL_free 3 ;
.Xr SSL_new 3
if session reuse is not desired).
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It 0
The
.Fn SSL_clear
operation could not be performed.







|




<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







89
90
91
92
93
94
95
96
97
98
99
100



















101
102
103
104
105
106
107
This explicitly means that for example the special method used during the
session will be kept for the next handshake.
So if the session was a TLSv1 session, a
.Vt SSL
client object will use a TLSv1 client method for the next handshake and a
.Vt SSL
server object will use a TLSv1 server method, even if
.Fn TLS_*_method Ns s
were chosen on startup.
This might lead to connection failures (see
.Xr SSL_new 3 )
for a description of the method's properties.



















.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It 0
The
.Fn SSL_clear
operation could not be performed.
86
87
88
89
90
91
92



















.Xr ssl 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_set_options 3 ,
.Xr SSL_free 3 ,
.Xr SSL_new 3 ,
.Xr SSL_set_shutdown 3 ,
.Xr SSL_shutdown 3


























>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
.Xr ssl 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_set_options 3 ,
.Xr SSL_free 3 ,
.Xr SSL_new 3 ,
.Xr SSL_set_shutdown 3 ,
.Xr SSL_shutdown 3
.Sh CAVEATS
.Fn SSL_clear
resets the
.Vt SSL
object to allow for another connection.
The reset operation however keeps several settings of the last sessions
(some of these settings were made automatically during the last handshake).
It only makes sense for a new connection with the exact same peer that shares
these settings,
and may fail if that peer changes its settings between connections.
Use the sequence
.Xr SSL_get_session 3 ;
.Xr SSL_new 3 ;
.Xr SSL_set_session 3 ;
.Xr SSL_free 3
instead to avoid such failures (or simply
.Xr SSL_free 3 ;
.Xr SSL_new 3
if session reuse is not desired).
Changes to jni/libressl/man/SSL_connect.3.


1
2



3












































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


.\"
.\"	$OpenBSD: SSL_connect.3,v 1.2 2014/12/02 14:11:01 jmc Exp $



.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_CONNECT 3
.Os
.Sh NAME
.Nm SSL_connect
.Nd initiate the TLS/SSL handshake with a TLS/SSL server
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_connect "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_connect
initiates the TLS/SSL handshake with a server.
The communication channel must already have been set and assigned to the
.Fa ssl
by setting an underlying
.Vt BIO .
.Sh NOTES
The behaviour of
.Fn SSL_connect
depends on the underlying
.Vt BIO .
.Pp
If the underlying
.Vt BIO
>
>

<
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
















|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
.\"	$OpenBSD: SSL_connect.3,v 1.4 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_CONNECT 3
.Os
.Sh NAME
.Nm SSL_connect
.Nd initiate the TLS/SSL handshake with a TLS/SSL server
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_connect "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_connect
initiates the TLS/SSL handshake with a server.
The communication channel must already have been set and assigned to the
.Fa ssl
by setting an underlying
.Vt BIO .
.Pp
The behaviour of
.Fn SSL_connect
depends on the underlying
.Vt BIO .
.Pp
If the underlying
.Vt BIO
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
and a TLS/SSL connection has been established.
.It <0
The TLS/SSL handshake was not successful, because either a fatal error occurred
at the protocol level or a connection failure occurred.
The shutdown was not clean.
It can also occur if action is needed to continue the operation for
non-blocking
.Vt BIO Ns s.
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_do_handshake 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_shutdown 3







|







|







128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
and a TLS/SSL connection has been established.
.It <0
The TLS/SSL handshake was not successful, because either a fatal error occurred
at the protocol level or a connection failure occurred.
The shutdown was not clean.
It can also occur if action is needed to continue the operation for
non-blocking
.Vt BIO Ns s .
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_do_handshake 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_shutdown 3
Added jni/libressl/man/SSL_copy_session_id.3.
























































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
.\"	$OpenBSD: SSL_copy_session_id.3,v 1.1 2016/12/07 18:09:31 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 7 2016 $
.Dt SSL_COPY_SESSION_ID 3
.Os
.Sh NAME
.Nm SSL_copy_session_id
.Nd copy session details between SSL objects
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fo SSL_copy_session_id
.Fa "SSL *to"
.Fa "const SSL *from"
.Fc
.Sh DESCRIPTION
.Fn SSL_copy_session_id
copies the following data from
.Fa from
to
.Fa to :
.Bl -dash
.It
the pointer to the
.Vt SSL_SESSION
object, incrementing its reference count by 1
.It
the pointer to the
.Vt SSL_METHOD
object; if that changes the method, protocol-specific data is
reinitialized
.It
the pointer to the
.Vt CERT
object, incrementing its reference count by 1
.It
the session ID context
.El
.Pp
This function is used internally by
.Xr SSL_dup 3
and by
.Xr BIO_ssl_copy_session_id 3 .
.Sh SEE ALSO
.Xr BIO_ssl_copy_session_id 3 ,
.Xr SSL_dup 3 ,
.Xr SSL_get_session 3 ,
.Xr SSL_set_session 3 ,
.Xr SSL_set_session_id_context 3
.Sh HISTORY
.Fn SSL_copy_session_id
is available in all versions of OpenSSL.
.Sh BUGS
Failures of
.Xr SSL_set_session 3 ,
.Xr SSL_set_session_id_context 3 ,
.Xr CRYPTO_add 3 ,
and reinitialization of protocol-specific data are silently ignored
and may leave
.Fa to
in an invalid or inconsistent state.
An improved version reporting failure is available in OpenSSL 1.1.0.
Changes to jni/libressl/man/SSL_do_handshake.3.


1
2


3












































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29


.\"
.\"	$OpenBSD: SSL_do_handshake.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_DO_HANDSHAKE 3
.Os
.Sh NAME
.Nm SSL_do_handshake
.Nd perform a TLS/SSL handshake
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_do_handshake "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_do_handshake
will wait for a SSL/TLS handshake to take place.
If the connection is in client mode, the handshake will be started.
The handshake routines may have to be explicitly set in advance using either
.Xr SSL_set_connect_state 3
or
.Xr SSL_set_accept_state 3 .
.Sh NOTES
The behaviour of
.Fn SSL_do_handshake
depends on the underlying
.Vt BIO .
.Pp
If the underlying
.Vt BIO
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

















|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
.\"	$OpenBSD: SSL_do_handshake.3,v 1.4 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Martin Sjoegren <martin@strakt.com>.
.\" Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_DO_HANDSHAKE 3
.Os
.Sh NAME
.Nm SSL_do_handshake
.Nd perform a TLS/SSL handshake
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_do_handshake "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_do_handshake
will wait for a SSL/TLS handshake to take place.
If the connection is in client mode, the handshake will be started.
The handshake routines may have to be explicitly set in advance using either
.Xr SSL_set_connect_state 3
or
.Xr SSL_set_accept_state 3 .
.Pp
The behaviour of
.Fn SSL_do_handshake
depends on the underlying
.Vt BIO .
.Pp
If the underlying
.Vt BIO
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
and a TLS/SSL connection has been established.
.It <0
The TLS/SSL handshake was not successful because either a fatal error occurred
at the protocol level or a connection failure occurred.
The shutdown was not clean.
It can also occur if action is needed to continue the operation for
non-blocking
.Vt BIO Ns s.
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3







|







|





128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
and a TLS/SSL connection has been established.
.It <0
The TLS/SSL handshake was not successful because either a fatal error occurred
at the protocol level or a connection failure occurred.
The shutdown was not clean.
It can also occur if action is needed to continue the operation for
non-blocking
.Vt BIO Ns s .
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3
Added jni/libressl/man/SSL_dup.3.






















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_dup.3,v 1.1 2016/12/07 17:09:07 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 7 2016 $
.Dt SSL_DUP 3
.Os
.Sh NAME
.Nm SSL_dup
.Nd deep copy of an SSL object
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL *
.Fo SSL_dup
.Fa "SSL *ssl"
.Fc
.Sh DESCRIPTION
.Fn SSL_dup
constructs a new
.Vt SSL
object in the same context as
.Fa ssl
and copies much of the contained data from
.Fa ssl
to the new
.Vt SSL
object, but many fields, for example tlsext data, are not copied.
.Pp
As an exception from deep copying, if a session is already established,
the new object shares
.Fa ssl->cert
with the original object.
.Sh RETURN VALUES
.Fn SSL_dup
returns the new
.Vt SSL
object or
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr SSL_clear 3 ,
.Xr SSL_copy_session_id 3 ,
.Xr SSL_free 3 ,
.Xr SSL_new 3
.Sh HISTORY
.Fn SSL_dup
is available in all versions of OpenSSL.
Added jni/libressl/man/SSL_dup_CA_list.3.








































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
.\"	$OpenBSD: SSL_dup_CA_list.3,v 1.2 2016/12/14 16:20:28 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 14 2016 $
.Dt SSL_DUP_CA_LIST 3
.Os
.Sh NAME
.Nm SSL_dup_CA_list
.Nd deep copy of a stack of X.509 Name objects
.\" The capital "N" in "Name" is intentional (X.509 syntax).
.Sh SYNOPSIS
.Ft STACK_OF(X509_NAME) *
.Fo SSL_dup_CA_list
.Fa "STACK_OF(X509_NAME) *sk"
.Fc
.Sh DESCRIPTION
.Fn SSL_dup_CA_list
constructs a new
.Vt STACK_OF(X509_NAME)
object and places copies of all the
.Vt X509_NAME
objects found on
.Fa sk
on it.
.Sh RETURN VALUES
.Fn SSL_dup_CA_list
returns the new
.Vt STACK_OF(X509_NAME)
or
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_get_client_CA_list 3 ,
.Xr SSL_load_client_CA_file 3 ,
.Xr X509_NAME_new 3
.Sh HISTORY
.Fn SSL_dup_CA_list
is available in all versions of OpenSSL.
Changes to jni/libressl/man/SSL_free.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD: SSL_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $



.\"








































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_FREE 3
.Os
.Sh NAME
.Nm SSL_free
.Nd free an allocated SSL structure
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_free.3,v 1.2 2016/12/01 22:46:21 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2016 $
.Dt SSL_FREE 3
.Os
.Sh NAME
.Nm SSL_free
.Nd free an allocated SSL structure
.Sh SYNOPSIS
.In openssl/ssl.h
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
.Fa ssl
and frees up the allocated memory if the reference count has reached 0.
If
.Fa ssl
is a
.Dv NULL
pointer, no action occurs.
.Sh NOTES
.Fn SSL_free
also calls the
.Xr free 3 Ns
ing procedures for indirectly affected items, if applicable: the buffering
.Vt BIO ,
the read and write
.Vt BIOs ,







|







68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
.Fa ssl
and frees up the allocated memory if the reference count has reached 0.
If
.Fa ssl
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn SSL_free
also calls the
.Xr free 3 Ns
ing procedures for indirectly affected items, if applicable: the buffering
.Vt BIO ,
the read and write
.Vt BIOs ,
Changes to jni/libressl/man/SSL_get_SSL_CTX.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_SSL_CTX 3
.Os
.Sh NAME
.Nm SSL_get_SSL_CTX
.Nd get the SSL_CTX from which an SSL is created
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_SSL_CTX.3,v 1.2 2016/12/03 08:54:21 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_SSL_CTX 3
.Os
.Sh NAME
.Nm SSL_get_SSL_CTX
.Nd get the SSL_CTX from which an SSL is created
.Sh SYNOPSIS
.In openssl/ssl.h
Added jni/libressl/man/SSL_get_certificate.3.


























































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
.\"	$OpenBSD: SSL_get_certificate.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt SSL_GET_CERTIFICATE 3
.Os
.Sh NAME
.Nm SSL_get_certificate ,
.Nm SSL_get_privatekey
.Nd get SSL certificate and private key
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft X509 *
.Fo SSL_get_certificate
.Fa "const SSL *ssl"
.Fc
.Ft EVP_PKEY *
.Fo SSL_get_privatekey
.Fa "SSL *ssl"
.Fc
.Sh DESCRIPTION
These functions retrieve certificate and key data from an
.Vt SSL
object.
They return internal pointers that must not be freed by the application
program.
.Sh RETURN VALUES
.Fn SSL_get_certificate
returns the active X.509 certificate currently used by
.Fa ssl
or
.Dv NULL
if none is active.
.Pp
.Fn SSL_get_privatekey
returns the active private key currently used by
.Fa ssl
or
.Dv NULL
if none is active.
.Sh SEE ALSO
.Xr SSL_check_private_key 3 ,
.Xr SSL_use_certificate 3
.Sh HISTORY
.Fn SSL_get_certificate
and
.Fn SSL_get_privatekey
are available in all versions of OpenSSL.
Changes to jni/libressl/man/SSL_get_ciphers.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_CIPHERS 3
.Os
.Sh NAME
.Nm SSL_get_ciphers ,
.Nm SSL_get_cipher_list
.Nd get list of available SSL_CIPHERs
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_ciphers.3,v 1.2 2016/12/03 09:00:46 schwarze Exp $
.\"	OpenSSL c3e64028 Mar 30 11:50:14 2005 +0000
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2005, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_CIPHERS 3
.Os
.Sh NAME
.Nm SSL_get_ciphers ,
.Nm SSL_get_cipher_list
.Nd get list of available SSL_CIPHERs
.Sh SYNOPSIS
25
26
27
28
29
30
31













32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.Fa ssl
is
.Dv NULL
or no ciphers are available,
.Dv NULL
is returned.
.Pp













.Fn SSL_get_cipher_list
returns a pointer to the name of the
.Vt SSL_CIPHER
listed for
.Fa ssl
with
.Fa priority .
If
.Fa ssl
is
.Dv NULL ,
no ciphers are available, or there are fewer ciphers than
.Fa priority
available,
.Dv NULL
is returned.
.Sh NOTES
The details of the ciphers obtained by
.Fn SSL_get_ciphers
can be obtained using the
.Xr SSL_CIPHER_get_name 3
family of functions.
.Pp
Call
.Fn SSL_get_cipher_list
with
.Fa priority
starting from 0 to obtain the sorted list of available ciphers, until
.Dv NULL
is returned.
.Sh RETURN VALUES
See
.Sx DESCRIPTION .
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CIPHER_get_name 3 ,
.Xr SSL_CTX_set_cipher_list 3







>
>
>
>
>
>
>
>
>
>
>
>
>
















<
<
<
<
<
<








<
<
<




72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107






108
109
110
111
112
113
114
115



116
117
118
119
.Fa ssl
is
.Dv NULL
or no ciphers are available,
.Dv NULL
is returned.
.Pp
.Fn SSL_get_ciphers
returns a pointer to an internal cipher stack, which will be freed
later on when the
.Vt SSL
object is freed.
Therefore, the calling code must not free the return value itself.
.Pp
The details of the ciphers obtained by
.Fn SSL_get_ciphers
can be obtained using the
.Xr SSL_CIPHER_get_name 3
family of functions.
.Pp
.Fn SSL_get_cipher_list
returns a pointer to the name of the
.Vt SSL_CIPHER
listed for
.Fa ssl
with
.Fa priority .
If
.Fa ssl
is
.Dv NULL ,
no ciphers are available, or there are fewer ciphers than
.Fa priority
available,
.Dv NULL
is returned.






.Pp
Call
.Fn SSL_get_cipher_list
with
.Fa priority
starting from 0 to obtain the sorted list of available ciphers, until
.Dv NULL
is returned.



.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CIPHER_get_name 3 ,
.Xr SSL_CTX_set_cipher_list 3
Changes to jni/libressl/man/SSL_get_client_CA_list.3.


1



2



3








































4
5
6
7
8
9
10
11


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_CLIENT_CA_LIST 3
.Os
.Sh NAME
.Nm SSL_get_client_CA_list ,
.Nm SSL_CTX_get_client_CA_list
.Nd get list of client CAs
.Sh SYNOPSIS
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_get_client_CA_list.3,v 1.3 2016/12/14 16:20:28 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 14 2016 $
.Dt SSL_GET_CLIENT_CA_LIST 3
.Os
.Sh NAME
.Nm SSL_get_client_CA_list ,
.Nm SSL_CTX_get_client_CA_list
.Nd get list of client CAs
.Sh SYNOPSIS
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

.Vt SSL_CTX
object with
.Xr SSL_CTX_set_client_CA_list 3 ,
when in server mode.
In client mode,
.Fn SSL_get_client_CA_list
returns the list of client CAs sent from the server, if any.
.Sh RETURN VALUES
.Fn SSL_CTX_set_client_CA_list
and
.Fn SSL_set_client_CA_list
do not return diagnostic information.
.Pp
.Fn SSL_CTX_add_client_CA
and
.Fn SSL_add_client_CA
have the following return values:
.Bl -tag -width Ds
.It Dv STACK_OF Ns Po Vt X509_NAMES Pc
List of CA names explicitly set (for
.Fa ctx
or in server mode) or sent by the server (client mode).
.It Dv NULL
No client CA list was explicitly set (for
.Fa ctx
or in server mode) or the server did not send a list of CAs (client mode).
.El
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_set_client_cert_cb 3








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



|
>
79
80
81
82
83
84
85




















86
87
88
89
90
.Vt SSL_CTX
object with
.Xr SSL_CTX_set_client_CA_list 3 ,
when in server mode.
In client mode,
.Fn SSL_get_client_CA_list
returns the list of client CAs sent from the server, if any.




















.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr X509_NAME_new 3
Changes to jni/libressl/man/SSL_get_current_cipher.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17

18

19
20

21
22

23
24
25
26
27
28
29
30
31
32



33


34
35
36
37

38
39
40
41
42

43




44
45
46
47
48
49
50
51
52


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_CURRENT_CIPHER 3
.Os
.Sh NAME
.Nm SSL_get_current_cipher ,
.Nm SSL_get_cipher ,
.Nm SSL_get_cipher_name ,
.Nm  SSL_get_cipher_bits ,
.Nm SSL_get_cipher_version
.Nd get SSL_CIPHER of a connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL_CIPHER *
.Fn SSL_get_current_cipher "const SSL *ssl"

.Fd #define SSL_get_cipher(s) SSL_CIPHER_get_name(SSL_get_current_cipher(s))

.Fd #define SSL_get_cipher_name(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))

.Fd #define SSL_get_cipher_bits(s,np) \
SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)

.Fd #define SSL_get_cipher_version(s) \
SSL_CIPHER_get_version(SSL_get_current_cipher(s))
.Sh DESCRIPTION
.Fn SSL_get_current_cipher
returns a pointer to an
.Vt SSL_CIPHER
object containing the description of the actually used cipher of a connection
established with the
.Fa ssl
object.



.Pp


.Fn SSL_get_cipher
and
.Fn SSL_get_cipher_name
are identical macros to obtain the name of the currently used cipher.

.Fn SSL_get_cipher_bits
is a macro to obtain the number of secret/algorithm bits used and
.Fn SSL_get_cipher_version
returns the protocol name.
See

.Xr SSL_CIPHER_get_name 3




for more details.
.Sh RETURN VALUES
.Fn SSL_get_current_cipher
returns the cipher actually used or
.Dv NULL ,
when no session has been established.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CIPHER_get_name 3
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|











|

>
|
>
|
<
>
|
<
>
|
<








>
>
>

>
>

|
|
<
>

|


<
>
|
>
>
>
>
|


|
|
|



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

69
70

71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

90
91
92
93
94

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
.\"	$OpenBSD: SSL_get_current_cipher.3,v 1.2 2016/12/03 09:07:56 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2005, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_CURRENT_CIPHER 3
.Os
.Sh NAME
.Nm SSL_get_current_cipher ,
.Nm SSL_get_cipher ,
.Nm SSL_get_cipher_name ,
.Nm  SSL_get_cipher_bits ,
.Nm SSL_get_cipher_version
.Nd get SSL_CIPHER of a connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft const SSL_CIPHER *
.Fn SSL_get_current_cipher "const SSL *ssl"
.Ft const char *
.Fn SSL_get_cipher "const SSL *ssl"
.Ft const char *
.Fn SSL_get_cipher_name "const SSL *ssl"

.Ft int
.Fn SSL_get_cipher_bits "const SSL *ssl" "int *np"

.Ft char *
.Fn SSL_get_cipher_version "const SSL *ssl"

.Sh DESCRIPTION
.Fn SSL_get_current_cipher
returns a pointer to an
.Vt SSL_CIPHER
object containing the description of the actually used cipher of a connection
established with the
.Fa ssl
object.
See
.Xr SSL_CIPHER_get_name 3
for more details.
.Pp
.Fn SSL_get_cipher_name
obtains the name of the currently used cipher.
.Fn SSL_get_cipher
is identical to
.Fn SSL_get_cipher_name .

.Pp
.Fn SSL_get_cipher_bits
obtains the number of secret/algorithm bits used and
.Fn SSL_get_cipher_version
returns the protocol name.

.Pp
.Fn SSL_get_cipher ,
.Fn SSL_get_cipher_name ,
.Fn SSL_get_cipher_bits ,
and
.Fn SSL_get_cipher_version
are implemented as macros.
.Sh RETURN VALUES
.Fn SSL_get_current_cipher
returns the cipher actually used, or
.Dv NULL
if no session has been established.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CIPHER_get_name 3
Changes to jni/libressl/man/SSL_get_default_timeout.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_DEFAULT_TIMEOUT 3
.Os
.Sh NAME
.Nm SSL_get_default_timeout
.Nd get default session timeout value
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_get_default_timeout "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_default_timeout
returns the default timeout value assigned to
.Vt SSL_SESSION
objects negotiated for the protocol valid for
.Fa ssl .
.Sh NOTES
Whenever a new session is negotiated, it is assigned a timeout value,
after which it will not be accepted for session reuse.
If the timeout value was not explicitly set using
.Xr SSL_CTX_set_timeout 3 ,
the hardcoded default timeout for the protocol will be used.
.Pp
.Fn SSL_get_default_timeout
return this hardcoded value, which is 300 seconds for all currently supported
protocols (SSLv2, SSLv3, and TLSv1).
.Sh RETURN VALUES
See description.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_SESSION_get_time 3
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|















|









<
<





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76


77
78
79
80
81
.\"	$OpenBSD: SSL_get_default_timeout.3,v 1.2 2016/12/03 09:10:29 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_DEFAULT_TIMEOUT 3
.Os
.Sh NAME
.Nm SSL_get_default_timeout
.Nd get default session timeout value
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_get_default_timeout "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_default_timeout
returns the default timeout value assigned to
.Vt SSL_SESSION
objects negotiated for the protocol valid for
.Fa ssl .
.Pp
Whenever a new session is negotiated, it is assigned a timeout value,
after which it will not be accepted for session reuse.
If the timeout value was not explicitly set using
.Xr SSL_CTX_set_timeout 3 ,
the hardcoded default timeout for the protocol will be used.
.Pp
.Fn SSL_get_default_timeout
return this hardcoded value, which is 300 seconds for all currently supported
protocols (SSLv2, SSLv3, and TLSv1).


.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_SESSION_get_time 3
Changes to jni/libressl/man/SSL_get_error.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_get_error.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_GET_ERROR 3
.Os
.Sh NAME
.Nm SSL_get_error
.Nd obtain result code for TLS/SSL I/O operation
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_error.3,v 1.2 2016/12/03 08:54:21 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"

.\" This file was written by Bodo Moeller <bodo@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_ERROR 3
.Os
.Sh NAME
.Nm SSL_get_error
.Nd obtain result code for TLS/SSL I/O operation
.Sh SYNOPSIS
.In openssl/ssl.h
Changes to jni/libressl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: November 22 2014 $
.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3
.Os
.Sh NAME
.Nm SSL_get_ex_data_X509_STORE_CTX_idx
.Nd get ex_data index to access SSL structure from X509_STORE_CTX
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.2 2016/12/06 22:41:16 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3
.Os
.Sh NAME
.Nm SSL_get_ex_data_X509_STORE_CTX_idx
.Nd get ex_data index to access SSL structure from X509_STORE_CTX
.Sh SYNOPSIS
.In openssl/ssl.h
Changes to jni/libressl/man/SSL_get_ex_new_index.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm SSL_get_ex_new_index ,
.Nm SSL_set_ex_data ,
.Nm SSL_get_ex_data
.Nd internal application specific data functions
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_ex_new_index.3,v 1.2 2016/12/06 22:41:16 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
.Nm SSL_get_ex_new_index ,
.Nm SSL_set_ex_data ,
.Nm SSL_get_ex_data
.Nd internal application specific data functions
Changes to jni/libressl/man/SSL_get_fd.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_FD 3
.Os
.Sh NAME
.Nm SSL_get_fd ,
.Nm SSL_get_rfd ,
.Nm SSL_get_wfd
.Nd get file descriptor linked to an SSL object
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_fd.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2005, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_GET_FD 3
.Os
.Sh NAME
.Nm SSL_get_fd ,
.Nm SSL_get_rfd ,
.Nm SSL_get_wfd
.Nd get file descriptor linked to an SSL object
37
38
39
40
41
42
43
44
45
46
.Vt BIO
is not of the correct type (suitable for file descriptors).
.It \(>=0
The file descriptor linked to
.Fa ssl .
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_set_fd 3







|


84
85
86
87
88
89
90
91
92
93
.Vt BIO
is not of the correct type (suitable for file descriptors).
.It \(>=0
The file descriptor linked to
.Fa ssl .
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_set_fd 3
Changes to jni/libressl/man/SSL_get_peer_cert_chain.3.



1



2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26


27


28
29
30



31
32
33
34
35
36
37



.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_PEER_CERT_CHAIN 3
.Os
.Sh NAME
.Nm SSL_get_peer_cert_chain
.Nd get the X509 certificate chain of the peer
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft STACK_OF(X509) *
.Fn SSL_get_peer_cert_chain "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_peer_cert_chain
returns a pointer to
.Dv STACK_OF Ns Po Vt X509 Pc
certificates forming the certificate chain of the peer.
If called on the client side, the stack also contains the peer's certificate;
if called on the server side, the peer's certificate must be obtained
separately using
.Xr SSL_get_peer_certificate 3 .
If the peer did not present a certificate,
.Dv NULL
is returned.
.Sh NOTES


The peer certificate chain is not necessarily available after reusing a


session, in which case a
.Dv NULL
pointer is returned.



.Pp
The reference count of the
.Dv STACK_OF Ns Po Vt X509 Pc
object is not incremented.
If the corresponding session is freed, the pointer must not be used any longer.
.Sh RETURN VALUES
The following return values can occur:
>
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|




|
















|
>
>
|
>
>
|


>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
.\"	$OpenBSD: SSL_get_peer_cert_chain.3,v 1.3 2017/03/28 18:21:55 schwarze Exp $
.\"	OpenSSL SSL_get_peer_cert_chain.pod 1f164c6f Jan 18 01:40:36 2017 +0100
.\"	OpenSSL SSL_get_peer_cert_chain.pod 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2005, 2014, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 28 2017 $
.Dt SSL_GET_PEER_CERT_CHAIN 3
.Os
.Sh NAME
.Nm SSL_get_peer_cert_chain
.Nd get the X509 certificate chain sent by the peer
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft STACK_OF(X509) *
.Fn SSL_get_peer_cert_chain "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_peer_cert_chain
returns a pointer to
.Dv STACK_OF Ns Po Vt X509 Pc
certificates forming the certificate chain of the peer.
If called on the client side, the stack also contains the peer's certificate;
if called on the server side, the peer's certificate must be obtained
separately using
.Xr SSL_get_peer_certificate 3 .
If the peer did not present a certificate,
.Dv NULL
is returned.
.Pp
.Fn SSL_get_peer_cert_chain
returns the peer chain as sent by the peer: it only consists of
certificates the peer has sent (in the order the peer has sent them)
and it is not a verified chain.
.Pp
If the session is resumed, peers do not send certificates, so a
.Dv NULL
pointer is returned.
Applications can call
.Fn SSL_session_reused
to determine whether a session is resumed.
.Pp
The reference count of the
.Dv STACK_OF Ns Po Vt X509 Pc
object is not incremented.
If the corresponding session is freed, the pointer must not be used any longer.
.Sh RETURN VALUES
The following return values can occur:
Changes to jni/libressl/man/SSL_get_peer_certificate.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_PEER_CERTIFICATE 3
.Os
.Sh NAME
.Nm SSL_get_peer_certificate
.Nd get the X509 certificate of the peer
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft X509 *
.Fn SSL_get_peer_certificate "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_peer_certificate
returns a pointer to the X509 certificate the peer presented.
If the peer did not present a certificate,
.Dv NULL
is returned.
.Sh NOTES
Due to the protocol definition, a TLS/SSL server will always send a
certificate, if present.
A client will only send a certificate when explicitly requested to do so by the
server (see
.Xr SSL_CTX_set_verify 3 ) .
If an anonymous cipher is used, no certificates are sent.
.Pp
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
.\"	$OpenBSD: SSL_get_peer_certificate.3,v 1.2 2016/12/03 08:54:21 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_PEER_CERTIFICATE 3
.Os
.Sh NAME
.Nm SSL_get_peer_certificate
.Nd get the X509 certificate of the peer
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft X509 *
.Fn SSL_get_peer_certificate "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_peer_certificate
returns a pointer to the X509 certificate the peer presented.
If the peer did not present a certificate,
.Dv NULL
is returned.
.Pp
Due to the protocol definition, a TLS/SSL server will always send a
certificate, if present.
A client will only send a certificate when explicitly requested to do so by the
server (see
.Xr SSL_CTX_set_verify 3 ) .
If an anonymous cipher is used, no certificates are sent.
.Pp
Deleted jni/libressl/man/SSL_get_psk_identity.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
.\"
.\"	$OpenBSD$
.\"
.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_PSK_IDENTITY 3
.Os
.Sh NAME
.Nm SSL_get_psk_identity ,
.Nm SSL_get_psk_identity_hint
.Nd get PSK client identity and hint
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft const char *
.Fn SSL_get_psk_identity_hint "const SSL *ssl"
.Ft const char *
.Fn SSL_get_psk_identity "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_psk_identity_hint
is used to retrieve the PSK identity hint used during the connection setup
related to
.Vt SSL
object
.Fa ssl .
Similarly,
.Fn SSL_get_psk_identity
is used to retrieve the PSK identity used during the connection setup.
.Sh RETURN VALUES
If
.Pf non- Dv NULL ,
.Fn SSL_get_psk_identity_hint
returns the PSK identity hint and
.Fn SSL_get_psk_identity
returns the PSK identity.
Both are
.Dv NULL Ns -terminated.
.Fn SSL_get_psk_identity_hint
may return
.Dv NULL
if no PSK identity hint was used during the connection setup.
.Pp
Note that the return value is valid only during the lifetime of the
.Vt SSL
object
.Fa ssl .
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
























































































Changes to jni/libressl/man/SSL_get_rbio.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_RBIO 3
.Os
.Sh NAME
.Nm SSL_get_rbio ,
.Nm SSL_get_wbio
.Nd get BIO linked to an SSL object
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_get_rbio.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_GET_RBIO 3
.Os
.Sh NAME
.Nm SSL_get_rbio ,
.Nm SSL_get_wbio
.Nd get BIO linked to an SSL object
.Sh SYNOPSIS
36
37
38
39
40
41
42
43
44
45
.It Any other pointer
The
.Vt BIO
linked to
.Fa ssl .
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_set_bio 3







|


83
84
85
86
87
88
89
90
91
92
.It Any other pointer
The
.Vt BIO
linked to
.Fa ssl .
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_set_bio 3
Changes to jni/libressl/man/SSL_get_session.3.


1
2



3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_get_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $



.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_GET_SESSION 3
.Os
.Sh NAME
.Nm SSL_get_session ,
.Nm SSL_get0_session ,
.Nm SSL_get1_session
.Nd retrieve TLS/SSL session data
>
>

<
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: SSL_get_session.3,v 1.2 2016/12/03 09:13:56 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2005, 2013, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_SESSION 3
.Os
.Sh NAME
.Nm SSL_get_session ,
.Nm SSL_get0_session ,
.Nm SSL_get1_session
.Nd retrieve TLS/SSL session data
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
.Pp
.Fn SSL_get1_session
is the same as
.Fn SSL_get_session ,
but the reference count of the
.Vt SSL_SESSION
is incremented by one.
.Sh NOTES
The
Fa ssl
session contains all information required to re-establish the connection
without a new handshake.
.Pp
.Fn SSL_get0_session
returns a pointer to the actual session.
As the reference counter is not incremented,
the pointer is only valid while the connection is in use.







|

|







81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
.Pp
.Fn SSL_get1_session
is the same as
.Fn SSL_get_session ,
but the reference count of the
.Vt SSL_SESSION
is incremented by one.
.Pp
The
.Fa ssl
session contains all information required to re-establish the connection
without a new handshake.
.Pp
.Fn SSL_get0_session
returns a pointer to the actual session.
As the reference counter is not incremented,
the pointer is only valid while the connection is in use.
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
object).
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
There is no session available in
.Fa ssl .
.It Pointer to an Vt SSL
The return value points to the data of an
.Vt SSL
session.
.El
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_free 3 ,
.Xr SSL_SESSION_free 3







|









129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
object).
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
There is no session available in
.Fa ssl .
.It Pointer to an Vt SSL_SESSION
The return value points to the data of an
.Vt SSL
session.
.El
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_free 3 ,
.Xr SSL_SESSION_free 3
Added jni/libressl/man/SSL_get_shared_ciphers.3.












































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
.\"	$OpenBSD: SSL_get_shared_ciphers.3,v 1.1 2016/12/10 14:56:56 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt SSL_GET_SHARED_CIPHERS 3
.Os
.Sh NAME
.Nm SSL_get_shared_ciphers
.Nd ciphers supported by both client and server
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft char *
.Fo SSL_get_shared_ciphers
.Fa "const SSL *ssl"
.Fa "char *buf"
.Fa "int len"
.Fc
.Sh DESCRIPTION
.Fn SSL_get_shared_ciphers
puts the names of the ciphers that are supported by both the client
and the server of
.Fa ssl
into the buffer
.Fa buf .
Names are separated by colons.
At most
.Fa len
bytes are written to
.Fa buf
including the terminating NUL character.
.Sh RETURN VALUES
If
.Fa ssl
contains no session, if the session contains no shared ciphers,
or if
.Fa len
is less than 2,
.Fn SSL_get_shared_ciphers
returns
.Dv NULL .
Otherwise, it returns
.Fa buf .
.Sh HISTORY
.Fn SSL_get_shared_ciphers
is available in all versions of OpenSSL.
.Sh BUGS
If the list is too long to fit into
.Fa len
bytes, it is silently truncated after the last cipher name that fits,
and all following ciphers are skipped.
If the buffer is very short such that even the first cipher name
does not fit, an empty string is returned even when some shared
ciphers are actually available.
.Pp
There is no easy way to find out how much space is required for
.Fa buf
or whether the supplied space was sufficient.
Added jni/libressl/man/SSL_get_state.3.




































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
.\"	$OpenBSD: SSL_get_state.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt SSL_GET_STATE 3
.Os
.Sh NAME
.Nm SSL_get_state ,
.Nm SSL_state ,
.Nm SSL_in_accept_init ,
.Nm SSL_in_before ,
.Nm SSL_in_connect_init ,
.Nm SSL_in_init ,
.Nm SSL_is_init_finished
.Nd inspect the state of the SSL state machine
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_get_state
.Fa "const SSL *ssl"
.Fc
.Ft int
.Fo SSL_state
.Fa "const SSL *ssl"
.Fc
.Ft int
.Fo SSL_in_accept_init
.Fa "const SSL *ssl"
.Fc
.Ft int
.Fo SSL_in_before
.Fa "const SSL *ssl"
.Fc
.Ft int
.Fo SSL_in_connect_init
.Fa "const SSL *ssl"
.Fc
.Ft int
.Fo SSL_in_init
.Fa "const SSL *ssl"
.Fc
.Ft int
.Fo SSL_is_init_finished
.Fa "const SSL *ssl"
.Fc
.Sh DESCRIPTION
.Fn SSL_get_state
returns an encoded representation of the current state of the SSL
state machine.
.Fn SSL_state
is a deprecated alias for
.Fn SSL_get_state .
.Pp
The following bits may be set:
.Bl -tag -width Ds
.It Dv SSL_ST_ACCEPT
This bit is set by
.Xr SSL_accept 3
and by
.Xr SSL_set_accept_state 3 .
It indicates that
.Fa ssl
is set up for server mode and no client initiated the TLS handshake yet.
The function
.Fn SSL_in_accept_init
returns non-zero if this bit is set or 0 otherwise.
.It Dv SSL_ST_BEFORE
This bit is set by the
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_set_accept_state 3 ,
and
.Xr SSL_set_connect_state 3
functions.
It indicates that the TLS handshake was not initiated yet.
The function
.Fn SSL_in_before
returns non-zero if this bit is set or 0 otherwise.
.It Dv SSL_ST_CONNECT
This bit is set by
.Xr SSL_connect 3
and by
.Xr SSL_set_connect_state 3 .
It indicates that
.Fa ssl
is set up for client mode and no TLS handshake was initiated yet.
The function
.Fn SSL_in_connect_init
returns non-zero if this bit is set or 0 otherwise.
.El
.Pp
The following masks can be used:
.Bl -tag -width Ds
.It Dv SSL_ST_INIT
Set if
.Dv SSL_ST_ACCEPT
or
.Dv SSL_ST_CONNECT
is set.
The function
.Fn SSL_in_init
returns a non-zero value if one of these is set or 0 otherwise.
.It Dv SSL_ST_MASK
This mask includes all bits except
.Dv SSL_ST_ACCEPT ,
.Dv SSL_ST_BEFORE ,
and
.Dv SSL_ST_CONNECT .
.It Dv SSL_ST_OK
The state is set to this value when a connection is established.
The function
.Fn SSL_is_init_finished
returns a non-zero value if the state equals this constant, or 0 otherwise.
.It Dv SSL_ST_RENEGOTIATE
The program is about to renegotiate, for example when entering
.Xr SSL_read 3
or
.Xr SSL_write 3
right after
.Xr SSL_renegotiate 3
was called.
.El
.Pp
The meaning of other bits is protocol-dependent.
Application programs usually do not need to inspect any of those
other bits.
.Pp
All these functions may be implemented as macros.
.Sh SEE ALSO
.Xr SSL_renegotiate 3 ,
.Xr SSL_set_connect_state 3
.Sh HISTORY
These functions are available in all versions of OpenSSL.
Changes to jni/libressl/man/SSL_get_verify_result.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_VERIFY_RESULT 3
.Os
.Sh NAME
.Nm SSL_get_verify_result
.Nd get result of peer certificate verification
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_get_verify_result "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_verify_result
returns the result of the verification of the X509 certificate presented by the
peer, if any.
.Sh NOTES
.Fn SSL_get_verify_result
can only return one error code while the verification of a certificate can fail
because of many reasons at the same time.
Only the last verification error that occurred during the processing is
available from
.Fn SSL_get_verify_result .
.Pp
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|













|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
.\"	$OpenBSD: SSL_get_verify_result.3,v 1.2 2016/12/03 08:54:21 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 3 2016 $
.Dt SSL_GET_VERIFY_RESULT 3
.Os
.Sh NAME
.Nm SSL_get_verify_result
.Nd get result of peer certificate verification
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_get_verify_result "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_verify_result
returns the result of the verification of the X509 certificate presented by the
peer, if any.
.Pp
.Fn SSL_get_verify_result
can only return one error code while the verification of a certificate can fail
because of many reasons at the same time.
Only the last verification error that occurred during the processing is
available from
.Fn SSL_get_verify_result .
.Pp
Changes to jni/libressl/man/SSL_get_version.3.


1


2



3








































4
5
6
7
8

9
10
11
12
13


14
15
16
17



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35







.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_GET_VERSION 3
.Os
.Sh NAME
.Nm SSL_get_version

.Nd get the protocol version of a connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft const char *
.Fn SSL_get_version "const SSL *ssl"


.Sh DESCRIPTION
.Fn SSL_get_version
returns the name of the protocol used for the connection
.Fa ssl .



.Sh RETURN VALUES
The following strings can be returned:
.Bl -tag -width Ds
.It Qq SSLv2
The connection uses the SSLv2 protocol.
.It Qq SSLv3
The connection uses the SSLv3 protocol.
.It Qq TLSv1
The connection uses the TLSv1.0 protocol.
.It Qq TLSv1.1
The connection uses the TLSv1.1 protocol.
.It Qq TLSv1.2
The connection uses the TLSv1.2 protocol.
.It Qq unknown
This indicates that no version has been set (no connection established).
.El
.Sh SEE ALSO
.Xr ssl 3





>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
>





>
>




>
>
>

|

|
|
|
<
<
|
|
|
|
|





>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76


77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
.\"	$OpenBSD: SSL_get_version.3,v 1.3 2016/12/10 13:12:08 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt SSL_GET_VERSION 3
.Os
.Sh NAME
.Nm SSL_get_version ,
.Nm SSL_version
.Nd get the protocol version of a connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft const char *
.Fn SSL_get_version "const SSL *ssl"
.Ft int
.Fn SSL_version "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_version
returns the name of the protocol used for the connection
.Fa ssl .
.Pp
.Fn SSL_version
returns an integer constant representing that protocol.
.Sh RETURN VALUES
The following strings or integers can be returned:
.Bl -tag -width Ds
.It Qo TLSv1 Qc No or Dv TLS1_VERSION
The connection uses the TLSv1.0 protocol.
.It Qo TLSv1.1 Qc No or Dv TLS1_1_VERSION


The connection uses the TLSv1.1 protocol.
.It Qo TLSv1.2 Qc No or Dv TLS1_2_VERSION
The connection uses the TLSv1.2 protocol.
.It Qo DTLSv1 Qc No or Dv DTLS1_VERSION
The connection uses the Datagram Transport Layer Security 1.0 protocol.
.It Qq unknown
This indicates that no version has been set (no connection established).
.El
.Sh SEE ALSO
.Xr ssl 3
.Sh HISTORY
.Fn SSL_get_version
and
.Fn SSL_version
are available in all versions of OpenSSL.
Changes to jni/libressl/man/SSL_library_init.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15

16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_LIBRARY_INIT 3
.Os
.Sh NAME
.Nm SSL_library_init ,
.Nm OpenSSL_add_ssl_algorithms ,
.Nm SSLeay_add_ssl_algorithms
.Nd initialize SSL library by registering algorithms
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_library_init void

.Fd #define OpenSSL_add_ssl_algorithms() SSL_library_init()

.Fd #define SSLeay_add_ssl_algorithms() SSL_library_init()
.Sh DESCRIPTION
.Fn SSL_library_init
registers the available SSL/TLS ciphers and digests.
.Pp
.Fn OpenSSL_add_ssl_algorithms
and
.Fn SSLeay_add_ssl_algorithms
are synonyms for
.Fn SSL_library_init .

.Sh NOTES
.Fn SSL_library_init
must be called before any other action takes place.
.Fn SSL_library_init
is not reentrant.
.Sh WARNING
.Fn SSL_library_init
adds ciphers and digests used directly and indirectly by SSL/TLS.
.Sh RETURN VALUES
.Fn SSL_library_init
always returns 1, so it is safe to discard the return value.
.Sh EXAMPLES
A typical TLS/SSL application will start with the library initialization, and
provide readable error messages.
.Bd -literal
SSL_load_error_strings();                /* readable error messages */
SSL_library_init();                      /* initialize library */
.Ed
.Sh NOTES
OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to
.Fn SSL_library_init .
Applications which need to use SHA2 in earlier versions of OpenSSL should call
.Fn OpenSSL_add_all_algorithms
as well.
.Sh SEE ALSO
.Xr RAND_add 3 ,
.Xr ssl 3 ,
.Xr SSL_load_error_strings 3
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|











>
|
>
|








|
>
|




|












<
<
<
<
<
<




1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94






95
96
97
98
.\"	$OpenBSD: SSL_library_init.3,v 1.2 2016/12/04 12:13:43 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2006, 2010 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_LIBRARY_INIT 3
.Os
.Sh NAME
.Nm SSL_library_init ,
.Nm OpenSSL_add_ssl_algorithms ,
.Nm SSLeay_add_ssl_algorithms
.Nd initialize SSL library by registering algorithms
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_library_init void
.Ft int
.Fn OpenSSL_add_ssl_algorithms void
.Ft int
.Fn SSLeay_add_ssl_algorithms void
.Sh DESCRIPTION
.Fn SSL_library_init
registers the available SSL/TLS ciphers and digests.
.Pp
.Fn OpenSSL_add_ssl_algorithms
and
.Fn SSLeay_add_ssl_algorithms
are synonyms for
.Fn SSL_library_init
and are implemented as macros.
.Pp
.Fn SSL_library_init
must be called before any other action takes place.
.Fn SSL_library_init
is not reentrant.
.Pp
.Fn SSL_library_init
adds ciphers and digests used directly and indirectly by SSL/TLS.
.Sh RETURN VALUES
.Fn SSL_library_init
always returns 1, so it is safe to discard the return value.
.Sh EXAMPLES
A typical TLS/SSL application will start with the library initialization, and
provide readable error messages.
.Bd -literal
SSL_load_error_strings();                /* readable error messages */
SSL_library_init();                      /* initialize library */
.Ed






.Sh SEE ALSO
.Xr RAND_add 3 ,
.Xr ssl 3 ,
.Xr SSL_load_error_strings 3
Changes to jni/libressl/man/SSL_load_client_CA_file.3.


1


2

3



























































4
5
6
7
8


9
10
11
12
13










14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29













30

31
32


33
34
35

36



37




38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53





































.\"


.\"	$OpenBSD$

.\"



























































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_LOAD_CLIENT_CA_FILE 3
.Os
.Sh NAME
.Nm SSL_load_client_CA_file


.Nd load certificate names from file
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft STACK_OF(X509_NAME) *
.Fn SSL_load_client_CA_file "const char *file"










.Sh DESCRIPTION
.Fn SSL_load_client_CA_file
reads certificates from
.Fa file
and returns a
.Dv STACK_OF Ns
.Pq Vt X509_NAME
with the subject names found.
.Sh NOTES
.Fn SSL_load_client_CA_file
reads a file of PEM formatted certificates and extracts the
.Vt X509_NAME Ns s
of the certificates found.
While the name suggests the specific usage as support function for
.Xr SSL_CTX_set_client_CA_list 3 ,
it is not limited to CA certificates.













.Sh RETURN VALUES

The following return values can occur:
.Bl -tag -width Ds


.It Dv NULL
The operation failed, check out the error stack for the reason.
.It Pointer to Dv STACK_OF Ns Po Vt X509_NAME Pc

Pointer to the subject names of the successfully read certificates.



.El




.Sh EXAMPLES
Load names of CAs from file and use it as a client CA list:
.Bd -literal
SSL_CTX *ctx;
STACK_OF(X509_NAME) *cert_names;
\&...
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
if (cert_names != NULL)
	SSL_CTX_set_client_CA_list(ctx, cert_names);
else
	error_handling();
\&...
.Ed
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_client_CA_list 3



































>
>

>
>
|
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
>
>
|




>
>
>
>
>
>
>
>
>
>


|

|
|
<

<
<
<
<
<
|


>
>
>
>
>
>
>
>
>
>
>
>
>

>
|
<
>
>
|
<
<
>
|
>
>
>
|
>
>
>
>

|












|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

96





97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118


119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
.\"	$OpenBSD: SSL_load_client_CA_file.3,v 1.5 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_LOAD_CLIENT_CA_FILE 3
.Os
.Sh NAME
.Nm SSL_load_client_CA_file ,
.Nm SSL_add_file_cert_subjects_to_stack ,
.Nm SSL_add_dir_cert_subjects_to_stack
.Nd load certificate names from files
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft STACK_OF(X509_NAME) *
.Fn SSL_load_client_CA_file "const char *file"
.Ft int
.Fo SSL_add_file_cert_subjects_to_stack
.Fa "STACK_OF(X509_NAME) *stack"
.Fa "const char *file"
.Fc
.Ft int
.Fo SSL_add_dir_cert_subjects_to_stack
.Fa "STACK_OF(X509_NAME) *stack"
.Fa "const char *dir"
.Fc
.Sh DESCRIPTION
.Fn SSL_load_client_CA_file
reads PEM formatted certificates from
.Fa file
and returns a new
.Vt STACK_OF(X509_NAME)

with the subject names found.





While the name suggests the specific usage as a support function for
.Xr SSL_CTX_set_client_CA_list 3 ,
it is not limited to CA certificates.
.Pp
.Fn SSL_add_file_cert_subjects_to_stack
is similar except that the names are added to the existing
.Fa stack .
.Pp
.Fn SSL_add_dir_cert_subjects_to_stack
calls
.Fn SSL_add_file_cert_subjects_to_stack
on every file in the directory
.Fa dir .
.Pp
If a name is already on the stack, all these functions skip it and
do not add it again.
.Sh RETURN VALUES
.Fn SSL_load_client_CA_file
returns a pointer to the new

.Vt STACK_OF(X509_NAME)
or
.Dv NULL on failure .


.Pp
.Fn SSL_add_file_cert_subjects_to_stack
and
.Fn SSL_add_dir_cert_subjects_to_stack
return 1 for success or 0 for failure.
.Pp
All these functions treat empty files and directories as failures.
.Pp
In some cases of failure, the reason can be determined with
.Xr ERR_get_error 3 .
.Sh EXAMPLES
Load names of CAs from a file and use it as a client CA list:
.Bd -literal
SSL_CTX *ctx;
STACK_OF(X509_NAME) *cert_names;
\&...
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
if (cert_names != NULL)
	SSL_CTX_set_client_CA_list(ctx, cert_names);
else
	error_handling();
\&...
.Ed
.Sh SEE ALSO
.Xr PEM_read_bio_X509 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr X509_get_subject_name 3 ,
.Xr X509_NAME_new 3
.Sh HISTORY
.Fn SSL_add_file_cert_subjects_to_stack
and
.Fn SSL_add_dir_cert_subjects_to_stack
first appeared in OpenSSL 0.9.2b.
.Sh AUTHORS
.Fn SSL_add_file_cert_subjects_to_stack
and
.Fn SSL_add_dir_cert_subjects_to_stack
were written by
.An Ben Laurie Aq Mt ben@openssl.org
in 1999.
.Sh BUGS
In some cases of failure, for example for empty files and directories,
these functions fail to report an error, in the sense that
.Xr ERR_get_error 3
does not work.
.Pp
Even in case of failure, for example when parsing one of the
files or certificates fails,
.Fn SSL_add_file_cert_subjects_to_stack
and
.Fn SSL_add_dir_cert_subjects_to_stack
may still have added some certificates to the stack.
.Pp
The behaviour of
.Fn SSL_add_dir_cert_subjects_to_stack
is non-deterministic.
If parsing one file fails, parsing of the whole directory is aborted.
Files in the directory are not parsed in any specific order.
For example, adding an empty file to
.Fa dir
may or may not cause some of the other files to be ignored.
Changes to jni/libressl/man/SSL_new.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_NEW 3
.Os
.Sh NAME
.Nm SSL_new
.Nd create a new SSL structure for a connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL *
.Fn SSL_new "SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_new
creates a new
.Vt SSL
structure which is needed to hold the data for a TLS/SSL connection.
The new structure inherits the settings of the underlying context
.Fa ctx :
connection method (SSLv2/v3/TLSv1), options, verification settings,
timeout settings.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
The creation of a new
.Vt SSL
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
.\"	$OpenBSD: SSL_new.3,v 1.2 2016/12/04 12:22:48 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_NEW 3
.Os
.Sh NAME
.Nm SSL_new
.Nd create a new SSL structure for a connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft SSL *
.Fn SSL_new "SSL_CTX *ctx"
.Sh DESCRIPTION
.Fn SSL_new
creates a new
.Vt SSL
structure which is needed to hold the data for a TLS/SSL connection.
The new structure inherits the settings of the underlying context
.Fa ctx :
connection method, options, verification settings,
timeout settings.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
The creation of a new
.Vt SSL
Added jni/libressl/man/SSL_num_renegotiations.3.














































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
.\"	$OpenBSD: SSL_num_renegotiations.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt SSL_NUM_RENEGOTIATIONS 3
.Os
.Sh NAME
.Nm SSL_num_renegotiations ,
.Nm SSL_clear_num_renegotiations ,
.Nm SSL_total_renegotiations
.Nd renegotiation counters
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fo SSL_num_renegotiations
.Fa "SSL *ssl"
.Fc
.Ft long
.Fo SSL_clear_num_renegotiations
.Fa "SSL *ssl"
.Fc
.Ft long
.Fo SSL_total_renegotiations
.Fa "SSL *ssl"
.Fc
.Sh DESCRIPTION
.Fn SSL_num_renegotiations
reports the number of renegotiations initiated in
.Fa ssl
since
.Xr SSL_new 3 ,
.Xr SSL_clear 3 ,
or
.Xr SSL_clear_num_renegotiations 3
was last called on that object.
.Pp
.Fn SSL_clear_num_renegotiations
does the same and additionally resets the renegotiation counter to 0.
.Pp
.Fn SSL_total_renegotiations
reports the number of renegotiations initiated in
.Fa ssl
since
.Xr SSL_new 3
or
.Xr SSL_clear 3
was last called on that object.
.Pp
These functions are implemented as macros.
.Sh RETURN VALUES
All these functions return a number of renegotiations.
.Sh SEE ALSO
.Xr BIO_set_ssl_renegotiate_bytes 3 ,
.Xr SSL_read 3 ,
.Xr SSL_renegotiate 3 ,
.Xr SSL_write 3
.Sh HISTORY
These functions are available in all versions of OpenSSL.
Changes to jni/libressl/man/SSL_pending.3.


1




2



3








































4
5
6
7
8
9
10
11
12
13
14





15
16
17
18
19

20

21
22






23

24






25

26

27
28

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44


.\"




.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_PENDING 3
.Os
.Sh NAME
.Nm SSL_pending
.Nd obtain number of readable bytes buffered in an SSL object
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_pending "const SSL *ssl"
.Sh DESCRIPTION





.Fn SSL_pending
returns the number of bytes which are available inside
.Fa ssl
for immediate read.
.Sh NOTES

Data are received in blocks from the peer.

Therefore data can be buffered inside
.Fa ssl






and are ready for immediate retrieval with

.Xr SSL_read 3 .






.Sh RETURN VALUES

The number of bytes pending is returned.

.Sh SEE ALSO
.Xr ssl 3 ,

.Xr SSL_read 3
.Sh BUGS
.Fn SSL_pending
takes into account only bytes from the TLS/SSL record that is currently being
processed (if any).
If the
.Vt SSL
object's
.Em read_ahead
flag is set, additional protocol bytes may have been read containing more
TLS/SSL records; these are ignored by
.Fn SSL_pending .
.Pp
Up to OpenSSL 0.9.6,
.Fn SSL_pending
does not check if the record type of pending data is application data.
>
>

>
>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|










>
>
>
>
>




|
>
|
>
|
|
>
>
>
>
>
>
|
>
|
>
>
>
>
>
>

>
|
>


>


<
<
<
<
<
<
<
<
<
<
<


|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102











103
104
105
.\"	$OpenBSD: SSL_pending.3,v 1.2 2016/12/04 12:26:05 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
.\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_PENDING 3
.Os
.Sh NAME
.Nm SSL_pending
.Nd obtain number of readable bytes buffered in an SSL object
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_pending "const SSL *ssl"
.Sh DESCRIPTION
Data is received in whole blocks known as records from the peer.
A whole record is processed, for example decrypted, in one go and
is buffered until it is read by the application via a call to
.Xr SSL_read 3 .
.Pp
.Fn SSL_pending
returns the number of bytes which are available inside
.Fa ssl
for immediate read.
.Pp
.Fn SSL_pending
takes into account only bytes from the TLS/SSL record that is
currently being processed (if any).
If the
.Fa ssl->read_ahead
flag is set (see
.Xr SSL_CTX_set_read_ahead 3 ) ,
additional protocol bytes beyond the current record may have been
read containing more TLS/SSL records.
This also applies to DTLS.
These additional bytes will be buffered but will remain unprocessed
until they are needed.
As these bytes are still in an unprocessed state,
.Fn SSL_pending
will ignore them.
Therefore it is possible for no more bytes to be readable from the
underlying BIO (because the library has already read them) and for
.Fn SSL_pending
to return 0, even though readable application data bytes are available
(because the data is in unprocessed buffered records).
.Sh RETURN VALUES
.Fn SSL_pending
returns the number of buffered and processed application data
bytes that are pending and are available for immediate read.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_CTX_set_read_ahead 3 ,
.Xr SSL_read 3
.Sh BUGS











Up to OpenSSL 0.9.6,
.Fn SSL_pending
did not check if the record type of pending data is application data.
Changes to jni/libressl/man/SSL_read.3.


1



2



3








































4
5
6
7
8

9
10
11
12
13


14
15
16
17
18
19
20
21
22
23

24













25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_READ 3
.Os
.Sh NAME
.Nm SSL_read

.Nd read bytes from a TLS/SSL connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_read "SSL *ssl" "void *buf" "int num"


.Sh DESCRIPTION
.Fn SSL_read
tries to read
.Fa num
bytes from the specified
.Fa ssl
into the buffer
.Fa buf .
.Sh NOTES
If necessary,

.Fn SSL_read













will negotiate a TLS/SSL session, if not already explicitly performed by
.Xr SSL_connect 3
or
.Xr SSL_accept 3 .
If the peer requests a re-negotiation,
it will be performed transparently during the
.Fn SSL_read
operation.
The behaviour of
.Fn SSL_read
depends on the underlying
.Vt BIO .
.Pp
For the transparent negotiation to succeed, the
.Fa ssl
must have been initialized to client or server mode.
This is being done by calling
.Xr SSL_set_connect_state 3
or
.Xr SSL_set_accept_state 3
before the first call to
.Fn SSL_read
or
.Xr SSL_write 3 .
.Pp
.Fn SSL_read
works based on the SSL/TLS records.
The data are received in records (with a maximum record size of 16kB for
SSLv3/TLSv1).
Only after a record has been completely received can it be processed
(decrypted and checked for integrity).
Therefore data not retrieved at the last call of
.Fn SSL_read
can still be buffered inside the SSL layer and will be retrieved on the next
call to
.Fn SSL_read .
If
.Fa num
is higher than the number of bytes buffered,
.Fn SSL_read
will return with the bytes buffered.
If no more bytes are in the buffer,
.Fn SSL_read
will trigger the processing of the next record.
Only when the record has been received and processed completely will
.Fn SSL_read
return reporting success.
At most the contents of the record will be returned.
As the size of an SSL/TLS record may exceed the maximum packet size of the
underlying transport (e.g., TCP), it may be necessary to read several packets
from the transport layer before the record is complete and
.Fn SSL_read
can succeed.
.Pp
If the underlying
.Vt BIO
is
.Em blocking ,
.Fn SSL_read
will only return once the read operation has been finished or an error
has occurred, except when a renegotiation take place, in which case a

.Dv SSL_ERROR_WANT_READ
may occur.
This behavior can be controlled with the
.Dv SSL_MODE_AUTO_RETRY
flag of the
.Xr SSL_CTX_set_mode 3
call.
.Pp
If the underlying
.Vt BIO
is
.Em non-blocking ,
.Fn SSL_read
will also return when the underlying
.Vt BIO
could not satisfy the needs of
.Fn SSL_read
to continue the operation.
In this case a call to
.Xr SSL_get_error 3
with the return value of
.Fn SSL_read
will yield
.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE .
As at any time a re-negotiation is possible, a call to
.Fn SSL_read
can also cause write operations!
The calling process then must repeat the call after taking appropriate action
to satisfy the needs of
.Fn SSL_read .
The action depends on the underlying
.Vt BIO .
When using a non-blocking socket, nothing is to be done, but
.Xr select 2
can be used to check for the required condition.
When using a buffering
.Vt BIO ,
like a
.Vt BIO
pair, data must be written into or retrieved out of the
.Vt BIO
before being able to continue.
.Pp
.Xr SSL_pending 3
can be used to find out whether there are buffered bytes available for
immediate retrieval.
In this case
.Fn SSL_read
can be called without blocking or actually receiving new data from the
underlying socket.
.Sh WARNING
When an
.Fn SSL_read
operation has to be repeated because of
.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE ,
it must be repeated with the same arguments.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It >0
The read operation was successful; the return value is the number of bytes

actually read from the TLS/SSL connection.
.It 0
The read operation was not successful.
The reason may either be a clean shutdown due to a
.Dq close notify
alert sent by the peer (in which case the
.Dv SSL_RECEIVED_SHUTDOWN
flag in the ssl shutdown state is set (see
.Xr SSL_shutdown 3
and
.Xr SSL_set_shutdown 3 ) .
It is also possible that the peer simply shut down the underlying transport and
the shutdown is incomplete.
Call
.Fn SSL_get_error
with the return value to find out whether an error occurred or the connection
was shut down cleanly
.Pq Dv SSL_ERROR_ZERO_RETURN .
.Pp
SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only
be detected whether the underlying connection was closed.
It cannot be checked whether the closure was initiated by the peer or by
something else.
.It <0
The read operation was not successful, because either an error occurred or
action must be taken by the calling process.
Call
.Fn SSL_get_error
with the return value to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_set_mode 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_pending 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_set_shutdown 3 ,
.Xr SSL_shutdown 3 ,
.Xr SSL_write 3
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
>





>
>








|
|
>

>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
|
<
<
|
<
<





|



|
<
<
<

<
|
|
<
|

|
<
|
|
<


|
<

|
<
|
|
<
|

|
|
|
<
|



<
|
<
|
|
>










<
<
<
|

|
<
<


|
<
<



|
<
|
|
|
<
















|
<
|
<
|
<
<
|








|
>
|

















<
<
<
<
<








|











1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95


96


97
98
99
100
101
102
103
104
105
106



107

108
109

110
111
112

113
114

115
116
117

118
119

120
121

122
123
124
125
126

127
128
129
130

131

132
133
134
135
136
137
138
139
140
141
142
143
144



145
146
147


148
149
150


151
152
153
154

155
156
157

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

175

176


177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205





206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
.\"	$OpenBSD: SSL_read.3,v 1.4 2016/12/07 18:47:23 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
.\" Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2000, 2001, 2008, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 7 2016 $
.Dt SSL_READ 3
.Os
.Sh NAME
.Nm SSL_read ,
.Nm SSL_peek
.Nd read bytes from a TLS/SSL connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_read "SSL *ssl" "void *buf" "int num"
.Ft int
.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
.Sh DESCRIPTION
.Fn SSL_read
tries to read
.Fa num
bytes from the specified
.Fa ssl
into the buffer
.Fa buf .
.Pp
.Fn SSL_peek
is identical to
.Fn SSL_read
except that no bytes are removed from the underlying BIO during
the read, such that a subsequent call to
.Fn SSL_read
will yield at least the same bytes once again.
.Pp
In the following,
.Fn SSL_read
and
.Fn SSL_peek
are called
.Dq read functions .
.Pp
If necessary, a read function will negotiate a TLS/SSL session, if
not already explicitly performed by
.Xr SSL_connect 3
or
.Xr SSL_accept 3 .
If the peer requests a re-negotiation, it will be performed
transparently during the read function operation.


The behaviour of the read functions depends on the underlying


.Vt BIO .
.Pp
For the transparent negotiation to succeed, the
.Fa ssl
must have been initialized to client or server mode.
This is done by calling
.Xr SSL_set_connect_state 3
or
.Xr SSL_set_accept_state 3
before the first call to a read function.



.Pp

The read functions works based on the SSL/TLS records.
The data are received in records (with a maximum record size of 16kB).

Only when a record has been completely received, it can be processed
(decrypted and checked for integrity).
Therefore data that was not retrieved at the last read call can

still be buffered inside the SSL layer and will be retrieved on the
next read call.

If
.Fa num
is higher than the number of bytes buffered, the read functions

will return with the bytes buffered.
If no more bytes are in the buffer, the read functions will trigger

the processing of the next record.
Only when the record has been received and processed completely

will the read functions return reporting success.
At most the contents of the record will be returned.
As the size of an SSL/TLS record may exceed the maximum packet size
of the underlying transport (e.g., TCP), it may be necessary to
read several packets from the transport layer before the record is

complete and the read call can succeed.
.Pp
If the underlying
.Vt BIO

is blocking,

a read function will only return once the read operation has been
finished or an error occurred, except when a renegotiation takes
place, in which case an
.Dv SSL_ERROR_WANT_READ
may occur.
This behavior can be controlled with the
.Dv SSL_MODE_AUTO_RETRY
flag of the
.Xr SSL_CTX_set_mode 3
call.
.Pp
If the underlying
.Vt BIO



is non-blocking, a read function will also return when the underlying
.Vt BIO
could not satisfy the needs of the function to continue the operation.


In this case a call to
.Xr SSL_get_error 3
with the return value of the read function will yield


.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE .
As at any time a re-negotiation is possible, a read function may

also cause write operations.
The calling process must then repeat the call after taking appropriate
action to satisfy the needs of the read function.

The action depends on the underlying
.Vt BIO .
When using a non-blocking socket, nothing is to be done, but
.Xr select 2
can be used to check for the required condition.
When using a buffering
.Vt BIO ,
like a
.Vt BIO
pair, data must be written into or retrieved out of the
.Vt BIO
before being able to continue.
.Pp
.Xr SSL_pending 3
can be used to find out whether there are buffered bytes available for
immediate retrieval.
In this case a read function can be called without blocking or

actually receiving new data from the underlying socket.

.Pp


When a read function operation has to be repeated because of
.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE ,
it must be repeated with the same arguments.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It >0
The read operation was successful.
The return value is the number of bytes actually read from the
TLS/SSL connection.
.It 0
The read operation was not successful.
The reason may either be a clean shutdown due to a
.Dq close notify
alert sent by the peer (in which case the
.Dv SSL_RECEIVED_SHUTDOWN
flag in the ssl shutdown state is set (see
.Xr SSL_shutdown 3
and
.Xr SSL_set_shutdown 3 ) .
It is also possible that the peer simply shut down the underlying transport and
the shutdown is incomplete.
Call
.Fn SSL_get_error
with the return value to find out whether an error occurred or the connection
was shut down cleanly
.Pq Dv SSL_ERROR_ZERO_RETURN .





.It <0
The read operation was not successful, because either an error occurred or
action must be taken by the calling process.
Call
.Fn SSL_get_error
with the return value to find out the reason.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_set_mode 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_pending 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_set_shutdown 3 ,
.Xr SSL_shutdown 3 ,
.Xr SSL_write 3
Added jni/libressl/man/SSL_renegotiate.3.
























































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
.\"	$OpenBSD: SSL_renegotiate.3,v 1.4 2017/03/29 00:24:42 jmc Exp $
.\"	OpenSSL SSL_key_update.pod 4fbfe86a Feb 16 17:04:40 2017 +0000
.\"
.\" This file is a derived work.
.\" Some parts are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016, 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Other parts were written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 29 2017 $
.Dt SSL_RENEGOTIATE 3
.Os
.Sh NAME
.Nm SSL_renegotiate ,
.Nm SSL_renegotiate_abbreviated ,
.Nm SSL_renegotiate_pending
.Nd initiate a new TLS handshake
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_renegotiate
.Fa "SSL *ssl"
.Fc
.Ft int
.Fo SSL_renegotiate_abbreviated
.Fa "SSL *ssl"
.Fc
.Ft int
.Fo SSL_renegotiate_pending
.Fa "SSL *ssl"
.Fc
.Sh DESCRIPTION
When called from the client side,
.Fn SSL_renegotiate
schedules a completely new handshake over an existing TLS connection.
The next time an I/O operation such as
.Fn SSL_read
or
.Fn SSL_write
takes place on the connection, a check is performed to confirm
that it is a suitable time to start a renegotiation.
If so, a new handshake is initiated immediately.
An existing session associated with the connection is not resumed.
.Pp
This function is automatically called by
.Xr SSL_read 3
and
.Xr SSL_write 3
whenever the renegotiation byte count set by
.Xr BIO_set_ssl_renegotiate_bytes 3
or the timeout set by
.Xr BIO_set_ssl_renegotiate_timeout 3
are exceeded.
.Pp
When called from the client side,
.Fn SSL_renegotiate_abbreviated
is similar to
.Fn SSL_renegotiate
except that resuming the session associated with the current
connection is attempted in the new handshake.
.Pp
When called from the server side,
.Fn SSL_renegotiate
and
.Fn SSL_renegotiate_abbreviated
behave identically.
They both schedule a request for a new handshake to be sent to the client.
The next time an I/O operation is performed, the same checks as on
the client side are performed and then, if appropriate, the request
is sent.
The client may or may not respond with a new handshake and it may
or may not attempt to resume an existing session.
If a new handshake is started, it is handled transparently during
any I/O function.
.Pp
If a LibreSSL client receives a renegotiation request from a server,
it is also handled transparently during any I/O function.
The client attempts to resume the current session in the new
handshake.
For historical reasons, DTLS clients do not attempt to resume
the session in the new handshake.
.Sh RETURN VALUES
.Fn SSL_renegotiate
and
.Fn SSL_renegotiate_abbreviated
return 1 on success or 0 on error.
.Pp
.Fn SSL_renegotiate_pending
returns 1 if a renegotiation or renegotiation request has been
scheduled but not yet acted on, or 0 otherwise.
.Sh SEE ALSO
.Xr SSL_do_handshake 3 ,
.Xr SSL_num_renegotiations 3 ,
.Xr SSL_read 3 ,
.Xr SSL_write 3
.Sh HISTORY
.Fn SSL_renegotiate
is available in all versions of OpenSSL.
Changes to jni/libressl/man/SSL_rstate_string.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_RSTATE_STRING 3
.Os
.Sh NAME
.Nm SSL_rstate_string ,
.Nm SSL_rstate_string_long
.Nd get textual description of state of an SSL object during read operation
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_rstate_string.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_RSTATE_STRING 3
.Os
.Sh NAME
.Nm SSL_rstate_string ,
.Nm SSL_rstate_string_long
.Nd get textual description of state of an SSL object during read operation
.Sh SYNOPSIS
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
.Fa ssl .
.Pp
.Fn SSL_rstate_string_long
returns a string indicating the current read state of the
.Vt SSL
object
.Fa ssl .
.Sh NOTES
When performing a read operation, the SSL/TLS engine must parse the record,
consisting of header and body.
When working in a blocking environment,
.Fn SSL_rstate_string[_long]
should always return
.Qo RD Qc Ns / Ns Qo read done Qc .
.Pp







|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
.Fa ssl .
.Pp
.Fn SSL_rstate_string_long
returns a string indicating the current read state of the
.Vt SSL
object
.Fa ssl .
.Pp
When performing a read operation, the SSL/TLS engine must parse the record,
consisting of header and body.
When working in a blocking environment,
.Fn SSL_rstate_string[_long]
should always return
.Qo RD Qc Ns / Ns Qo read done Qc .
.Pp
Changes to jni/libressl/man/SSL_session_reused.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SESSION_REUSED 3
.Os
.Sh NAME
.Nm SSL_session_reused
.Nd query whether a reused session was negotiated during handshake
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_session_reused "SSL *ssl"
.Sh DESCRIPTION
Query whether a reused session was negotiated during the handshake.
.Sh NOTES
During the negotiation, a client can propose to reuse a session.
The server then looks up the session in its cache.
If both client and server agree on the session,
it will be reused and a flag is set that can be queried by the application.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|











|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
.\"	$OpenBSD: SSL_session_reused.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_SESSION_REUSED 3
.Os
.Sh NAME
.Nm SSL_session_reused
.Nd query whether a reused session was negotiated during handshake
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_session_reused "SSL *ssl"
.Sh DESCRIPTION
Query whether a reused session was negotiated during the handshake.
.Pp
During the negotiation, a client can propose to reuse a session.
The server then looks up the session in its cache.
If both client and server agree on the session,
it will be reused and a flag is set that can be queried by the application.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
Added jni/libressl/man/SSL_set1_param.3.
















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
.\"	$OpenBSD: SSL_set1_param.3,v 1.1 2016/11/30 13:39:38 schwarze Exp $
.\"	OpenSSL SSL_CTX_get0_param.pod 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2016 $
.Dt SSL_SET1_PARAM 3
.Os
.Sh NAME
.Nm SSL_CTX_set1_param ,
.Nm SSL_set1_param
.Nd set verification parameters
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fo SSL_CTX_set1_param
.Fa "SSL_CTX *ctx"
.Fa "X509_VERIFY_PARAM *vpm"
.Fc
.Ft int
.Fo SSL_set1_param
.Fa "SSL *ssl"
.Fa "X509_VERIFY_PARAM *vpm"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_set1_param
and
.Fn SSL_set1_param
set the verification parameters to
.Fa vpm
for
.Fa ctx
or
.Fa ssl .
.Sh RETURN VALUES
.Fn SSL_CTX_set1_param
and
.Fn SSL_set1_param
return 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr X509_VERIFY_PARAM_set_flags 3
.Sh HISTORY
These functions were first added to OpenSSL 1.0.2.
Changes to jni/libressl/man/SSL_set_bio.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SET_BIO 3
.Os
.Sh NAME
.Nm SSL_set_bio
.Nd connect the SSL object with a BIO
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_set_bio.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL acb5b343 Sep 16 16:00:38 2000 +0000
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SET_BIO 3
.Os
.Sh NAME
.Nm SSL_set_bio
.Nd connect the SSL object with a BIO
.Sh SYNOPSIS
.In openssl/ssl.h
39
40
41
42
43
44
45
46
47
48
49
50
51
.Fa ssl ,
.Xr BIO_free 3
will be called (for both the reading and writing side, if different).
.Sh RETURN VALUES
.Fn SSL_set_bio
cannot fail.
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_get_rbio 3 ,
.Xr SSL_shutdown 3







|





86
87
88
89
90
91
92
93
94
95
96
97
98
.Fa ssl ,
.Xr BIO_free 3
will be called (for both the reading and writing side, if different).
.Sh RETURN VALUES
.Fn SSL_set_bio
cannot fail.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_get_rbio 3 ,
.Xr SSL_shutdown 3
Changes to jni/libressl/man/SSL_set_connect_state.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_set_connect_state.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_SET_CONNECT_STATE 3
.Os
.Sh NAME
.Nm SSL_set_connect_state ,
.Nm SSL_set_accept_state
.Nd prepare SSL object to work in client or server mode
.Sh SYNOPSIS
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_set_connect_state.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_SET_CONNECT_STATE 3
.Os
.Sh NAME
.Nm SSL_set_connect_state ,
.Nm SSL_set_accept_state
.Nd prepare SSL object to work in client or server mode
.Sh SYNOPSIS
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
.Fa ssl
to work in client mode.
.Pp
.Fn SSL_set_accept_state
sets
.Fa ssl
to work in server mode.
.Sh NOTES
When the
.Vt SSL_CTX
object was created with
.Xr SSL_CTX_new 3 ,
it was either assigned a dedicated client method, a dedicated server method, or
a generic method, that can be used for both client and server connections.
(The method might have been changed with







|







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
.Fa ssl
to work in client mode.
.Pp
.Fn SSL_set_accept_state
sets
.Fa ssl
to work in server mode.
.Pp
When the
.Vt SSL_CTX
object was created with
.Xr SSL_CTX_new 3 ,
it was either assigned a dedicated client method, a dedicated server method, or
a generic method, that can be used for both client and server connections.
(The method might have been changed with
Changes to jni/libressl/man/SSL_set_fd.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SET_FD 3
.Os
.Sh NAME
.Nm SSL_set_fd ,
.Nm SSL_set_rfd ,
.Nm SSL_set_wfd
.Nd connect the SSL object with a file descriptor
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_set_fd.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SET_FD 3
.Os
.Sh NAME
.Nm SSL_set_fd ,
.Nm SSL_set_rfd ,
.Nm SSL_set_wfd
.Nd connect the SSL object with a file descriptor
60
61
62
63
64
65
66
67
68
69
70
71
72
73
.It 0
The operation failed.
Check the error stack to find out why.
.It 1
The operation succeeded.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_get_fd 3 ,
.Xr SSL_set_bio 3 ,
.Xr SSL_shutdown 3







|






107
108
109
110
111
112
113
114
115
116
117
118
119
120
.It 0
The operation failed.
Check the error stack to find out why.
.It 1
The operation succeeded.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_get_fd 3 ,
.Xr SSL_set_bio 3 ,
.Xr SSL_shutdown 3
Added jni/libressl/man/SSL_set_max_send_fragment.3.


















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
.\"	$OpenBSD: SSL_set_max_send_fragment.3,v 1.2 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL doc/man3/SSL_CTX_set_split_send_fragment.pod
.\"	OpenSSL 6782e5fd Oct 21 16:16:20 2016 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_SET_MAX_SEND_FRAGMENT 3
.Os
.Sh NAME
.Nm SSL_CTX_set_max_send_fragment ,
.Nm SSL_set_max_send_fragment
.Nd control fragment sizes
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fo SSL_CTX_set_max_send_fragment
.Fa "SSL_CTX *ctx"
.Fa "long m"
.Fc
.Ft long
.Fo SSL_set_max_send_fragment
.Fa "SSL *ssl"
.Fa "long m"
.Fc
.Sh DESCRIPTION
.Fn SSL_CTX_set_max_send_fragment
and
.Fn SSL_set_max_send_fragment
set the
.Sy max_send_fragment
parameter for SSL_CTX and SSL objects respectively.
This value restricts the amount of plaintext bytes that will be sent in
any one SSL/TLS record.
By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384).
These functions will only accept a value in the range 512 -
SSL3_RT_MAX_PLAIN_LENGTH.
.Pp
These functions are implemented using macros.
.Sh RETURN VALUES
These functions return 1 on success or 0 on failure.
.Sh SEE ALSO
.Xr SSL_CTX_set_read_ahead 3 ,
.Xr SSL_pending 3
Changes to jni/libressl/man/SSL_set_session.3.


1
2


3












































4
5
6
7
8
9
10
11


.\"
.\"	$OpenBSD: SSL_set_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $


.\"












































.Dd $Mdocdate: December 2 2014 $
.Dt SSL_SET_SESSION 3
.Os
.Sh NAME
.Nm SSL_set_session
.Nd set a TLS/SSL session to be used during TLS/SSL connect
.Sh SYNOPSIS
.In openssl/ssl.h
>
>

<
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_set_session.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"

.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_SET_SESSION 3
.Os
.Sh NAME
.Nm SSL_set_session
.Nd set a TLS/SSL session to be used during TLS/SSL connect
.Sh SYNOPSIS
.In openssl/ssl.h
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
(because it was set with
.Fn SSL_set_session
before or because the same
.Fa ssl
was already used for a connection),
.Xr SSL_SESSION_free 3
will be called for that session.
.Sh NOTES
.Vt SSL_SESSION
objects keep internal link information about the session cache list when being
inserted into one
.Vt SSL_CTX
object's session cache.
One
.Vt SSL_SESSION







|







80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
(because it was set with
.Fn SSL_set_session
before or because the same
.Fa ssl
was already used for a connection),
.Xr SSL_SESSION_free 3
will be called for that session.
.Pp
.Vt SSL_SESSION
objects keep internal link information about the session cache list when being
inserted into one
.Vt SSL_CTX
object's session cache.
One
.Vt SSL_SESSION
Changes to jni/libressl/man/SSL_set_shutdown.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SET_SHUTDOWN 3
.Os
.Sh NAME
.Nm SSL_set_shutdown ,
.Nm SSL_get_shutdown
.Nd manipulate shutdown state of an SSL connection
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_set_shutdown.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_SET_SHUTDOWN 3
.Os
.Sh NAME
.Nm SSL_set_shutdown ,
.Nm SSL_get_shutdown
.Nd manipulate shutdown state of an SSL connection
.Sh SYNOPSIS
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
.Fa ssl
to
.Fa mode .
.Pp
.Fn SSL_get_shutdown
returns the shutdown mode of
.Fa ssl .
.Sh NOTES
The shutdown state of an ssl connection is a bitmask of:
.Bl -tag -width Ds
.It 0
No shutdown setting, yet.
.It Dv SSL_SENT_SHUTDOWN
A
.Dq close notify







|







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
.Fa ssl
to
.Fa mode .
.Pp
.Fn SSL_get_shutdown
returns the shutdown mode of
.Fa ssl .
.Pp
The shutdown state of an ssl connection is a bitmask of:
.Bl -tag -width Ds
.It 0
No shutdown setting, yet.
.It Dv SSL_SENT_SHUTDOWN
A
.Dq close notify
Changes to jni/libressl/man/SSL_set_verify_result.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SET_VERIFY_RESULT 3
.Os
.Sh NAME
.Nm SSL_set_verify_result
.Nd override result of peer certificate verification
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_set_verify_result "SSL *ssl" "long verify_result"
.Sh DESCRIPTION
.Fn SSL_set_verify_result
sets
.Fa verify_result
of the object
.Fa ssl
to be the result of the verification of the X509 certificate presented by the
peer, if any.
.Sh NOTES
.Fn SSL_set_verify_result
overrides the verification result.
It only changes the verification result of the
.Fa ssl
object.
It does not become part of the established session, so if the session is to be
reused later, the original value will reappear.
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
.\"	$OpenBSD: SSL_set_verify_result.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_SET_VERIFY_RESULT 3
.Os
.Sh NAME
.Nm SSL_set_verify_result
.Nd override result of peer certificate verification
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_set_verify_result "SSL *ssl" "long verify_result"
.Sh DESCRIPTION
.Fn SSL_set_verify_result
sets
.Fa verify_result
of the object
.Fa ssl
to be the result of the verification of the X509 certificate presented by the
peer, if any.
.Pp
.Fn SSL_set_verify_result
overrides the verification result.
It only changes the verification result of the
.Fa ssl
object.
It does not become part of the established session, so if the session is to be
reused later, the original value will reappear.
Changes to jni/libressl/man/SSL_shutdown.3.


1



2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27


.\"



.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_SHUTDOWN 3
.Os
.Sh NAME
.Nm SSL_shutdown
.Nd shut down a TLS/SSL connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_shutdown "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_shutdown
shuts down an active TLS/SSL connection.
It sends the
.Dq close notify
shutdown alert to the peer.
.Sh NOTES
.Fn SSL_shutdown
tries to send the
.Dq close notify
shutdown alert to the peer.
Whether the operation succeeds or not, the
.Dv SSL_SENT_SHUTDOWN
flag is set and a currently open session is considered closed and good and will
>
>

>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
.\"	$OpenBSD: SSL_shutdown.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2004, 2014 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_SHUTDOWN 3
.Os
.Sh NAME
.Nm SSL_shutdown
.Nd shut down a TLS/SSL connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_shutdown "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_shutdown
shuts down an active TLS/SSL connection.
It sends the
.Dq close notify
shutdown alert to the peer.
.Pp
.Fn SSL_shutdown
tries to send the
.Dq close notify
shutdown alert to the peer.
Whether the operation succeeds or not, the
.Dv SSL_SENT_SHUTDOWN
flag is set and a currently open session is considered closed and good and will
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
.Pp
It is therefore recommended to check the return value of
.Fn SSL_shutdown
and call
.Fn SSL_shutdown
again, if the bidirectional shutdown is not yet complete (return value of the
first call is 0).
As the shutdown is not specially handled in the SSLv2 protocol,
.Fn SSL_shutdown
will succeed on the first call.
.Pp
The behaviour of
.Fn SSL_shutdown
additionally depends on the underlying
.Vt BIO .
.Pp
If the underlying







<
<
<







140
141
142
143
144
145
146



147
148
149
150
151
152
153
.Pp
It is therefore recommended to check the return value of
.Fn SSL_shutdown
and call
.Fn SSL_shutdown
again, if the bidirectional shutdown is not yet complete (return value of the
first call is 0).



.Pp
The behaviour of
.Fn SSL_shutdown
additionally depends on the underlying
.Vt BIO .
.Pp
If the underlying
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_set_quiet_shutdown 3 ,
.Xr SSL_free 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_shutdown 3







|








234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_set_quiet_shutdown 3 ,
.Xr SSL_free 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_shutdown 3
Changes to jni/libressl/man/SSL_state_string.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_STATE_STRING 3
.Os
.Sh NAME
.Nm SSL_state_string ,
.Nm SSL_state_string_long
.Nd get textual description of state of an SSL object
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_state_string.3,v 1.2 2016/12/04 12:20:54 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2016 $
.Dt SSL_STATE_STRING 3
.Os
.Sh NAME
.Nm SSL_state_string ,
.Nm SSL_state_string_long
.Nd get textual description of state of an SSL object
.Sh SYNOPSIS
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
.Fa ssl .
.Pp
.Fn SSL_state_string_long
returns a string indicating the current state of the
.Vt SSL
object
.Fa ssl .
.Sh NOTES
During its use, an
.Vt SSL
object passes several states.
The state is internally maintained.
Querying the state information is not very informative before or when a
connection has been established.
It however can be of significant interest during the handshake.







|







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
.Fa ssl .
.Pp
.Fn SSL_state_string_long
returns a string indicating the current state of the
.Vt SSL
object
.Fa ssl .
.Pp
During its use, an
.Vt SSL
object passes several states.
The state is internally maintained.
Querying the state information is not very informative before or when a
connection has been established.
It however can be of significant interest during the handshake.
Changes to jni/libressl/man/SSL_want.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_WANT 3
.Os
.Sh NAME
.Nm SSL_want ,
.Nm SSL_want_nothing ,
.Nm SSL_want_read ,
.Nm SSL_want_write ,
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: SSL_want.3,v 1.3 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL_WANT 3
.Os
.Sh NAME
.Nm SSL_want ,
.Nm SSL_want_nothing ,
.Nm SSL_want_read ,
.Nm SSL_want_write ,
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
object
.Fa ssl .
.Pp
The other
.Fn SSL_want_*
calls are shortcuts for the possible states returned by
.Fn SSL_want .
.Sh NOTES
.Fn SSL_want
examines the internal state information of the
.Vt SSL
object.
Its return values are similar to those of
.Xr SSL_get_error 3 .
Unlike







|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
object
.Fa ssl .
.Pp
The other
.Fn SSL_want_*
calls are shortcuts for the possible states returned by
.Fn SSL_want .
.Pp
.Fn SSL_want
examines the internal state information of the
.Vt SSL
object.
Its return values are similar to those of
.Xr SSL_get_error 3 .
Unlike
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.Fn SSL_want
should always be consistent with the result of
.Xr SSL_get_error 3 .
.Sh RETURN VALUES
The following return values can currently occur for
.Fn SSL_want :
.Bl -tag -width Ds
.It .Dv SSL_NOTHING
There is no data to be written or to be read.
.It .Dv SSL_WRITING
There are data in the SSL buffer that must be written to the underlying
.Vt BIO
layer in order to complete the actual
.Fn SSL_*
operation.
A call to
.Xr SSL_get_error 3
should return
.Dv SSL_ERROR_WANT_WRITE .
.It Dv SSL_READING
More data must be read from the underlying
.Vt BIO
layer in order to
complete the actual
.Fn SSL_*
operation.
A call to
.Xr SSL_get_error 3
should return
.Dv SSL_ERROR_WANT_READ.
.It Dv SSL_X509_LOOKUP
The operation did not complete because an application callback set by
.Xr SSL_CTX_set_client_cert_cb 3
has asked to be called again.
A call to
.Xr SSL_get_error 3
should return







|

|



















|







101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
.Fn SSL_want
should always be consistent with the result of
.Xr SSL_get_error 3 .
.Sh RETURN VALUES
The following return values can currently occur for
.Fn SSL_want :
.Bl -tag -width Ds
.It Dv SSL_NOTHING
There is no data to be written or to be read.
.It Dv SSL_WRITING
There are data in the SSL buffer that must be written to the underlying
.Vt BIO
layer in order to complete the actual
.Fn SSL_*
operation.
A call to
.Xr SSL_get_error 3
should return
.Dv SSL_ERROR_WANT_WRITE .
.It Dv SSL_READING
More data must be read from the underlying
.Vt BIO
layer in order to
complete the actual
.Fn SSL_*
operation.
A call to
.Xr SSL_get_error 3
should return
.Dv SSL_ERROR_WANT_READ .
.It Dv SSL_X509_LOOKUP
The operation did not complete because an application callback set by
.Xr SSL_CTX_set_client_cert_cb 3
has asked to be called again.
A call to
.Xr SSL_get_error 3
should return
Changes to jni/libressl/man/SSL_write.3.


1


2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt SSL_WRITE 3
.Os
.Sh NAME
.Nm SSL_write
.Nd write bytes to a TLS/SSL connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
.Sh DESCRIPTION
.Fn SSL_write
writes
.Fa num
bytes from the buffer
.Fa buf
into the specified
.Fa ssl
connection.
.Sh NOTES
If necessary,
.Fn SSL_write
will negotiate a TLS/SSL session, if not already explicitly performed by
.Xr SSL_connect 3
or
.Xr SSL_accept 3 .
If the peer requests a re-negotiation,
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|


















|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
.\"	$OpenBSD: SSL_write.3,v 1.3 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2016 $
.Dt SSL_WRITE 3
.Os
.Sh NAME
.Nm SSL_write
.Nd write bytes to a TLS/SSL connection
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
.Sh DESCRIPTION
.Fn SSL_write
writes
.Fa num
bytes from the buffer
.Fa buf
into the specified
.Fa ssl
connection.
.Pp
If necessary,
.Fn SSL_write
will negotiate a TLS/SSL session, if not already explicitly performed by
.Xr SSL_connect 3
or
.Xr SSL_accept 3 .
If the peer requests a re-negotiation,
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129


130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
.Vt BIO ,
like a
.Vt BIO
pair, data must be written into or retrieved out of the BIO before being able
to continue.
.Pp
.Fn SSL_write
will only return with success, when the complete contents of
.Fa buf
of length
.Fa num
have been written.
This default behaviour can be changed with the
.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
option of
.Xr SSL_CTX_set_mode 3 .
When this flag is set,
.Fn SSL_write
will also return with success when a partial write has been successfully
completed.
In this case the
.Fn SSL_write
operation is considered completed.
The bytes are sent and a new
.Fn SSL_write
operation with a new buffer (with the already sent bytes removed) must be
started.
A partial write is performed with the size of a message block, which is 16kB
for SSLv3/TLSv1.
.Sh WARNING
When an
.Fn SSL_write
operation has to be repeated because of


.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE ,
it must be repeated with the same arguments.
.Pp
When calling
.Fn SSL_write
with
.Fa num Ns
=0 bytes to be sent the behaviour is undefined.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It >0
The write operation was successful.
The return value is the number of bytes actually written to the TLS/SSL
connection.
.It 0
The write operation was not successful.
Probably the underlying connection was closed.
Call
.Xr SSL_get_error 3
with the return value to find out whether an error occurred or the connection
was shut down cleanly
.Pq Dv SSL_ERROR_ZERO_RETURN .
.Pp
SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only
be detected whether the underlying connection was closed.
It cannot be checked why the closure happened.
.It <0
The write operation was not successful, because either an error occurred or
action must be taken by the calling process.
Call
.Xr SSL_get_error 3
with the return value to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_set_mode 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_read 3 ,
.Xr SSL_set_connect_state 3







|



















|
|
|


|
>
>








|
|















<
<
<
<








|








144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203




204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
.Vt BIO ,
like a
.Vt BIO
pair, data must be written into or retrieved out of the BIO before being able
to continue.
.Pp
.Fn SSL_write
will only return with success when the complete contents of
.Fa buf
of length
.Fa num
have been written.
This default behaviour can be changed with the
.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
option of
.Xr SSL_CTX_set_mode 3 .
When this flag is set,
.Fn SSL_write
will also return with success when a partial write has been successfully
completed.
In this case the
.Fn SSL_write
operation is considered completed.
The bytes are sent and a new
.Fn SSL_write
operation with a new buffer (with the already sent bytes removed) must be
started.
A partial write is performed with the size of a message block,
which is 16kB.
.Pp
When an
.Fn SSL_write
operation has to be repeated because
.Xr SSL_get_error 3
returned
.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE ,
it must be repeated with the same arguments.
.Pp
When calling
.Fn SSL_write
with
.Fa num Ns =0
bytes to be sent, the behaviour is undefined.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It >0
The write operation was successful.
The return value is the number of bytes actually written to the TLS/SSL
connection.
.It 0
The write operation was not successful.
Probably the underlying connection was closed.
Call
.Xr SSL_get_error 3
with the return value to find out whether an error occurred or the connection
was shut down cleanly
.Pq Dv SSL_ERROR_ZERO_RETURN .




.It <0
The write operation was not successful, because either an error occurred or
action must be taken by the calling process.
Call
.Xr SSL_get_error 3
with the return value to find out the reason.
.El
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ssl 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_set_mode 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_read 3 ,
.Xr SSL_set_connect_state 3
Added jni/libressl/man/SXNET_new.3.














































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
.\"	$OpenBSD: SXNET_new.3,v 1.2 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt SXNET_NEW 3
.Os
.Sh NAME
.Nm SXNET_new ,
.Nm SXNET_free ,
.Nm SXNETID_new ,
.Nm SXNETID_free ,
.Nm d2i_SXNET ,
.Nm i2d_SXNET ,
.Nm d2i_SXNETID ,
.Nm i2d_SXNETID
.Nd Thawte strong extranet X.509 extension
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft SXNET *
.Fn SXNET_new void
.Ft void
.Fn SXNET_free "SXNET *sxnet"
.Ft SXNETID *
.Fn SXNETID_new void
.Ft void
.Fn SXNETID_free "SXNETID *sxnetid"
.Ft SXNET *
.Fo d2i_SXNET
.Fa "SXNET **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_SXNET
.Fa "SXNET *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft SXNETID *
.Fo d2i_SXNETID
.Fa "SXNETID **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_SXNETID
.Fa "SXNETID *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
.Fn SXNET_new
allocates and initializes an empty
.Vt SXNET
object representing a non-standard proprietary Thawte strong extranet
X.509 extension.
.Fn SXNET_free
frees
.Fa sxnet .
.Pp
.Fn SXNETID_new
allocates and initializes an empty
.Vt SXNETID
object.
It is used inside
.Vt SXNET .
.Fn SXNETID_free
frees
.Fa sxnetid .
.Pp
The remaining functions decode and encode these objects
using DER format.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Sh RETURN VALUES
.Fn SXNET_new
and
.Fn d2i_SXNET
return an
.Vt SXNET
object or
.Dv NULL
if an error occurs.
.Pp
.Fn SXNETID_new
and
.Fn d2i_SXNETID
return an
.Vt SXNETID
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_SXNET
and
.Fn i2d_SXNETID
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3
.Rs
.%A M. Shuttleworth
.%R The Strong Extranet: real-world personal certification
.%Q Thawte Consulting
.%C South Africa
.%D 1998
.Re
.Sh BUGS
This manual page does not explain what the extension actually does
because no authoritative information was found online so far.
.Pp
The only hint was found in an ancient white paper "Securing IBM
Applications with Public Key Infrastructure" on the IBM website,
dated June 13, 2001: "Thawte also has a technology called Strong
Extranet that allows institutions to encode customer information
in the extensions to their customer's certificates.
Because multiple institutions can add information, the user needs
only one certificate, making renewal and revocation simpler, although
the issue of modifying an extension to an existing certificate is
not addressed."
.Pp
It is unclear whether that explanation is accurate, but in any case,
it is not very specific.
Added jni/libressl/man/TS_REQ_new.3.


































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
.\"	$OpenBSD: TS_REQ_new.3,v 1.4 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt TS_REQ_NEW 3
.Os
.Sh NAME
.Nm TS_REQ_new ,
.Nm TS_REQ_free ,
.Nm TS_RESP_new ,
.Nm TS_RESP_free ,
.Nm TS_STATUS_INFO_new ,
.Nm TS_STATUS_INFO_free ,
.Nm TS_TST_INFO_new ,
.Nm TS_TST_INFO_free ,
.Nm TS_ACCURACY_new ,
.Nm TS_ACCURACY_free ,
.Nm TS_MSG_IMPRINT_new ,
.Nm TS_MSG_IMPRINT_free
.Nd X.509 time-stamp protocol
.Sh SYNOPSIS
.In openssl/ts.h
.Ft TS_REQ *
.Fn TS_REQ_new void
.Ft void
.Fn TS_REQ_free "TS_REQ *req"
.Ft TS_RESP *
.Fn TS_RESP_new void
.Ft void
.Fn TS_RESP_free "TS_RESP *resp"
.Ft TS_STATUS_INFO *
.Fn TS_STATUS_INFO_new void
.Ft void
.Fn TS_STATUS_INFO_free "TS_STATUS_INFO *status"
.Ft TS_TST_INFO *
.Fn TS_TST_INFO_new void
.Ft void
.Fn TS_TST_INFO_free "TS_TST_INFO *token"
.Ft TS_ACCURACY *
.Fn TS_ACCURACY_new void
.Ft void
.Fn TS_ACCURACY_free "TS_ACCURACY *accuracy"
.Ft TS_MSG_IMPRINT *
.Fn TS_MSG_IMPRINT_new void
.Ft void
.Fn TS_MSG_IMPRINT_free "TS_MSG_IMPRINT *imprint"
.Sh DESCRIPTION
A time-stamping authority is a trusted third party which allows its
clients to prove that specific data existed at a particular point
in time.
Clients send time-stamping requests to the time-stamping server,
which returns time-stamp tokens to the clients.
.Pp
.Fn TS_REQ_new
allocates and initializes an empty
.Vt TS_REQ
object, representing an ASN.1
.Vt TimeStampReq
structure defined in RFC 3161 section 2.4.1.
It can hold a hash of the datum to be time-stamped and some
auxiliary, optional information.
.Fn TS_REQ_free
frees
.Fa req .
.Pp
.Fn TS_RESP_new
allocates and initializes an empty
.Vt TS_RESP
object, representing an ASN.1
.Vt TimeStampResp
structure defined in RFC 3161 section 2.4.2.
It can hold status information and a time-stamp token.
.Fn TS_RESP_free
frees
.Fa resp .
.Pp
.Fn TS_STATUS_INFO_new
allocates and initializes an empty
.Vt TS_STATUS_INFO
object, representing an ASN.1
.Vt PKIStatusInfo
structure defined in RFC 3161 section 2.4.2.
It is used inside
.Vt TS_RESP
and describes the outcome of one time-stamp request.
.Fn TS_STATUS_INFO_free
frees
.Fa status .
.Pp
.Fn TS_TST_INFO_new
allocates and initializes an empty
.Vt TS_TST_INFO
object, representing an ASN.1
.Vt TSTInfo
structure defined in RFC 3161 section 2.4.2.
It is the time-stamp token included in a
.Vt TS_RESP
object in case of success, and it can hold the hash of the datum
copied from a request, the time of generation, and some auxiliary
information.
.Fn TS_TST_INFO_free
frees
.Fa token .
.Pp
.Fn TS_ACCURACY_new
allocates and initializes an empty
.Vt TS_ACCURACY
object, representing an ASN.1
.Vt Accuracy
structure defined in RFC 3161 section 2.4.2.
It can be used inside a
.Vt TS_TST_INFO
object and indicates the maximum error of the time stated in the token.
.Fn TS_ACCURACY_free
frees
.Fa accuracy .
.Pp
.Fn TS_MSG_IMPRINT_new
allocates and initializes an empty
.Vt TS_MSG_IMPRINT
object, representing an ASN.1
.Vt MessageImprint
structure defined in RFC 3161 section 2.4.1.
It is used inside
.Vt TS_REQ
and
.Vt TS_RESP
objects.
It specifies a hash algorithm and stores the hash value of the datum.
.Fn TS_MSG_IMPRINT_free
frees
.Fa imprint .
.Sh RETURN VALUES
.Fn TS_REQ_new ,
.Fn TS_RESP_new ,
.Fn TS_STATUS_INFO_new ,
.Fn TS_TST_INFO_new ,
.Fn TS_ACCURACY_new ,
and
.Fn TS_MSG_IMPRINT_new
return the new
.Vt TS_REQ ,
.Vt TS_RESP ,
.Vt TS_STATUS_INFO ,
.Vt TS_TST_INFO ,
.Vt TS_ACCURACY ,
or
.Vt TS_MSG_IMPRINT
object, respectively, or
.Dv NULL
if an error occurred.
.Sh SEE ALSO
.Xr ACCESS_DESCRIPTION_new 3 ,
.Xr ESS_SIGNING_CERT_new 3
.Sh STANDARDS
RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol
.Pp
Note that RFC 3161 has been updated
by RFC 5816: ESSCertIDv2 Update for RFC 3161.
That update allows using the Signing Certificate Attribute Definition
Version 2 according to RFC 5035, but the current implementation
only supports the Signing Certificate Attribute Definition Version
1 according to RFC 2634, and hence only supports RFC 3161, but not
RFC 5816 functionality.
Added jni/libressl/man/UI_UTIL_read_pw.3.






























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
.\"	$OpenBSD: UI_UTIL_read_pw.3,v 1.1 2017/03/26 00:06:10 schwarze Exp $
.\"	OpenSSL UI_UTIL_read_pw.pod 23103a52 Jan 12 15:17:42 2017 +0100
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 26 2017 $
.Dt UI_UTIL_READ_PW 3
.Os
.Sh NAME
.Nm UI_UTIL_read_pw ,
.Nm UI_UTIL_read_pw_string
.Nd get a password from the user
.Sh SYNOPSIS
.In openssl/ui.h
.Ft int
.Fo UI_UTIL_read_pw_string
.Fa "char *buf"
.Fa "int length"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Ft int
.Fo UI_UTIL_read_pw
.Fa "char *buf"
.Fa "char *buff"
.Fa "int size"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Sh DESCRIPTION
.Fn UI_UTIL_read_pw_string
asks for a passphrase, using
.Fa prompt
as a prompt, and stores it in
.Fa buf .
The maximum allowed size is given with
.Fa length ,
including the terminating NUL byte.
If
.Fa verify
is non-zero, the password will be verified as well.
.Pp
.Fn UI_UTIL_read_pw
does the same as
.Fn UI_UTIL_read_pw_string ,
but takes an external buffer
.Fa buff
for the verification passphrase.
.Sh SEE ALSO
.Xr UI_new 3
Added jni/libressl/man/UI_create_method.3.












































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
.\"	$OpenBSD: UI_create_method.3,v 1.2 2017/03/26 12:31:27 jmc Exp $
.\"	OpenSSL UI_create_method.pod 8e3d46e5 Mar 11 10:51:04 2017 +0100
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 26 2017 $
.Dt UI_CREATE_METHOD 3
.Os
.Sh NAME
.Nm UI_create_method ,
.Nm UI_destroy_method ,
.Nm UI_method_set_opener ,
.Nm UI_method_set_writer ,
.Nm UI_method_set_flusher ,
.Nm UI_method_set_reader ,
.Nm UI_method_set_closer ,
.Nm UI_method_set_prompt_constructor ,
.Nm UI_method_get_opener ,
.Nm UI_method_get_writer ,
.Nm UI_method_get_flusher ,
.Nm UI_method_get_reader ,
.Nm UI_method_get_closer ,
.Nm UI_method_get_prompt_constructor
.Nd user interface method creation and destruction
.Sh SYNOPSIS
.In openssl/ui.h
.Ft UI_METHOD *
.Fo UI_create_method
.Fa "char *name"
.Fc
.Ft void
.Fo UI_destroy_method
.Fa "UI_METHOD *ui_method"
.Fc
.Ft int
.Fo UI_method_set_opener
.Fa "UI_METHOD *method"
.Fa "int (*opener)(UI *ui)"
.Fc
.Ft int
.Fo UI_method_set_writer
.Fa "UI_METHOD *method"
.Fa "int (*writer)(UI *ui, UI_STRING *uis)"
.Fc
.Ft int
.Fo UI_method_set_flusher
.Fa "UI_METHOD *method"
.Fa "int (*flusher)(UI *ui)"
.Fc
.Ft int
.Fo UI_method_set_reader
.Fa "UI_METHOD *method"
.Fa "int (*reader)(UI *ui, UI_STRING *uis)"
.Fc
.Ft int
.Fo UI_method_set_closer
.Fa "UI_METHOD *method"
.Fa "int (*closer)(UI *ui)"
.Fc
.Ft int
.Fo UI_method_set_prompt_constructor
.Fa "UI_METHOD *method"
.Fa "char *(*prompt_constructor)(UI *ui, const char *object_desc,\
 const char *object_name)"
.Fc
.Ft int
.Fo "(*UI_method_get_opener(const UI_METHOD *method))"
.Fa "UI *";
.Fc
.Ft int
.Fo "(*UI_method_get_writer(const UI_METHOD *method))"
.Fa "UI *"
.Fa "UI_STRING *"
.Fc
.Ft int
.Fo "(*UI_method_get_flusher(const UI_METHOD *method))"
.Fa "UI *"
.Fc
.Ft int
.Fo "(*UI_method_get_reader(const UI_METHOD *method))"
.Fa "UI *"
.Fa "UI_STRING *"
.Fc
.Ft int
.Fo "(*UI_method_get_closer(const UI_METHOD *method))"
.Fa "UI *"
.Fc
.Ft char *
.Fo "(*UI_method_get_prompt_constructor(UI_METHOD *method))"
.Fa "UI *"
.Fa "const char *"
.Fa "const char *"
.Fc
.Sh DESCRIPTION
A method contains a few functions that implement the low level of the
User Interface.
These functions are:
.Bl -tag -width Ds
.It an opener
This function takes a reference to a UI and starts a session, for
example by opening a channel to a tty, or by creating a dialog box.
.It a writer
This function takes a reference to a UI and a UI String, and writes the
string where appropriate, maybe to the tty, maybe added as a field label
in a dialog box.
Note that this gets fed all strings associated with a UI, one after the
other, so care must be taken which ones it actually uses.
.It a flusher
This function takes a reference to a UI, and flushes everything that has
been output so far.
For example, if the method builds up a dialog box, this can be used to
actually display it and accepting input ended with a pressed button.
.It a reader
This function takes a reference to a UI and a UI string and reads off
the given prompt, maybe from the tty, maybe from a field in a dialog
box.
Note that this gets fed all strings associated with a UI, one after the
other, so care must be taken which ones it actually uses.
.It a closer
This function takes a reference to a UI, and closes the session, maybe
by closing the channel to the tty, maybe by destroying a dialog box.
.El
.Pp
All of these functions are expected to return 0 on error, 1 on success,
or -1 on out-off-band events, for example if some prompting has been
cancelled (by pressing Ctrl-C, for example).
Only the flusher or the reader are expected to return -1.
If returned by another of the functions, it's treated as if 0 was returned.
.Pp
Regarding the writer and the reader, don't assume the former should only
write and don't assume the latter should only read.
This depends on the needs of the method.
.Pp
For example, a typical tty reader wouldn't write the prompts in the
write, but would rather do so in the reader, because of the sequential
nature of prompting on a tty.
This is how the
.Xr UI_OpenSSL 3
method does it.
.Pp
In contrast, a method that builds up a dialog box would add all prompt
text in the writer, have all input read in the flusher and store the
results in some temporary buffer, and finally have the reader just fetch
those results.
.Pp
The central function that uses these method functions is
.Xr UI_process 3 ,
and it does it in five steps:
.Bl -enum
.It
Open the session using the opener function if that one is defined.
If an error occurs, jump to 5.
.It
For every UI String associated with the UI, call the writer function if
that one is defined.
If an error occurs, jump to 5.
.It
Flush everything using the flusher function if that one is defined.
If an error occurs, jump to 5.
.It
For every UI String associated with the UI, call the reader function if
that one is defined.
If an error occurs, jump to 5.
.It
Close the session using the closer function if that one is defined.
.El
.Pp
.Fn UI_create_method
creates a new UI method with a given
.Fa name .
.Pp
.Fn UI_destroy_method
destroys the given
.Fa ui_method .
.Pp
.Fn UI_method_set_opener ,
.Fn UI_method_set_writer ,
.Fn UI_method_set_flusher ,
.Fn UI_method_set_reader
and
.Fn UI_method_set_closer
set one of the five main methods to the given function pointer.
.Pp
.Fn UI_method_set_prompt_constructor
sets the prompt constructor, see
.Xr UI_construct_prompt 3 .
.Sh RETURN VALUES
.Fn UI_create_method
returns a
.Vt UI_METHOD
pointer on success or
.Dv NULL
on error.
.Pp
.Fn UI_method_set_opener ,
.Fn UI_method_set_writer ,
.Fn UI_method_set_flusher ,
.Fn UI_method_set_reader ,
.Fn UI_method_set_closer ,
and
.Fn UI_method_set_prompt_constructor
return 0 on success or -1 if the given method is
.Dv NULL .
.Pp
.Fn UI_method_get_opener ,
.Fn UI_method_get_writer ,
.Fn UI_method_get_flusher ,
.Fn UI_method_get_reader ,
.Fn UI_method_get_closer ,
and
.Fn UI_method_get_prompt_constructor
return the requested function pointer if it is set in the method,
or otherwise
.Dv NULL .
.Sh SEE ALSO
.Xr UI_get_string_type 3 ,
.Xr UI_new 3
Added jni/libressl/man/UI_get_string_type.3.










































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
.\"	$OpenBSD: UI_get_string_type.3,v 1.2 2017/03/26 12:31:27 jmc Exp $
.\"	OpenSSL UI_STRING.pod 2ca2e917 Mar 20 16:25:22 2017 -0400
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>
.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 26 2017 $
.Dt UI_GET_STRING_TYPE 3
.Os
.Sh NAME
.Nm UI_get_string_type ,
.Nm UI_get_input_flags ,
.Nm UI_get0_output_string ,
.Nm UI_get0_action_string ,
.Nm UI_get0_result_string ,
.Nm UI_get0_test_string ,
.Nm UI_get_result_minsize ,
.Nm UI_get_result_maxsize ,
.Nm UI_set_result
.Nd OpenSSL user interface string parsing
.Sh SYNOPSIS
.In openssl/ui.h
.Bd -literal
enum UI_string_types {
	UIT_NONE = 0,
	UIT_PROMPT,	/* Prompt for a string */
	UIT_VERIFY,	/* Prompt for a string and verify */
	UIT_BOOLEAN,	/* Prompt for a yes/no response */
	UIT_INFO,	/* Send info to the user */
	UIT_ERROR	/* Send an error message to the user */
};
.Ed
.Pp
.Ft enum UI_string_types
.Fo UI_get_string_type
.Fa "UI_STRING *uis"
.Fc
.Ft int
.Fo UI_get_input_flags
.Fa "UI_STRING *uis"
.Fc
.Ft const char *
.Fo UI_get0_output_string
.Fa "UI_STRING *uis"
.Fc
.Ft const char *
.Fo UI_get0_action_string
.Fa "UI_STRING *uis"
.Fc
.Ft const char *
.Fo UI_get0_result_string
.Fa "UI_STRING *uis"
.Fc
.Ft const char *
.Fo UI_get0_test_string
.Fa "UI_STRING *uis"
.Fc
.Ft int
.Fo UI_get_result_minsize
.Fa "UI_STRING *uis"
.Fc
.Ft int
.Fo UI_get_result_maxsize
.Fa "UI_STRING *uis"
.Fc
.Ft int
.Fo UI_set_result
.Fa "UI *ui"
.Fa "UI_STRING *uis"
.Fa "const char *result"
.Fc
.Sh DESCRIPTION
A
.Vt UI_STRING
gets created internally and added to a
.Vt UI
object whenever one of the functions
.Xr UI_add_input_string 3 ,
.Xr UI_dup_input_string 3 ,
.Xr UI_add_verify_string 3 ,
.Xr UI_dup_verify_string 3 ,
.Xr UI_add_input_boolean 3 ,
.Xr UI_dup_input_boolean 3 ,
.Xr UI_add_info_string 3 ,
.Xr UI_dup_info_string 3 ,
.Xr UI_add_error_string 3
or
.Xr UI_dup_error_string 3
is called.
For a
.Vt UI_METHOD
user, there's no need to know more.
For a
.Vt UI_METHOD
creator, it is of interest to fetch text from these
.Vt UI_STRING
objects as well as adding results to some of them.
.Pp
.Fn UI_get_string_type
is used to retrieve the type of the given
.Vt UI_STRING .
.Pp
.Fn UI_get_input_flags
is used to retrieve the flags associated with the given
.Vt UI_STRING .
.Pp
.Fn UI_get0_output_string
is used to retrieve the actual string to output (prompt, info, error, ...).
.Pp
.Fn UI_get0_action_string
is used to retrieve the action description associated with a
.Dv UIT_BOOLEAN
type
.Vt UI_STRING .
See
.Xr UI_add_input_boolean 3 .
.Pp
.Fn UI_get0_result_string
is used to retrieve the result of a prompt.
This is only useful for
.Dv UIT_PROMPT
and
.Dv UIT_VERIFY
type strings.
.Pp
.Fn UI_get0_test_string
is used to retrieve the string to compare the prompt result with.
This is only useful for
.Dv UIT_VERIFY
type strings.
.Pp
.Fn UI_get_result_minsize
and
.Fn UI_get_result_maxsize
are used to retrieve the minimum and maximum required size of the
result.
This is only useful for
.Dv UIT_PROMPT
and
.Dv UIT_VERIFY
type strings.
.Pp
.Fn UI_set_result
is used to set the result value of a prompt.
For
.Sy UIT_PROMPT
and
.Sy UIT_VERIFY
type UI strings, this sets the result retrievable with
.Fn UI_get0_result_string
by copying the contents of
.Fa result
if its length fits the minimum and maximum size requirements.
For
.Dv UIT_BOOLEAN
type UI strings, this sets the first character of the result retrievable
with
.Fn UI_get0_result_string
to the first of the
.Fa ok_chars
given with
.Xr UI_add_input_boolean 3
or
.Xr UI_dup_input_boolean 3
if the
.Fa result
matched any of them, or the first of the
.Fa cancel_chars
if the
.Fa result
matched any of them, otherwise it's set to the NUL char.
See
.Xr UI_add_input_boolean 3
for more information on
.Fa ok_chars
and
.Fa cancel_chars .
.Sh RETURN VALUES
.Fn UI_get_string_type
returns the UI string type.
.Pp
.Fn UI_get_input_flags
returns the UI string flags.
.Pp
.Fn UI_get0_output_string
returns the UI string output string.
.Pp
.Fn UI_get0_action_string
returns the UI string action description string for
.Dv UIT_BOOLEAN
type UI strings, or
.Dv NULL
for any other type.
.Pp
.Fn UI_get0_result_string
returns the UI string action description string for
.Dv UIT_PROMPT
and
.Dv UIT_VERIFY
type UI strings, or
.Dv NULL
for any other type.
.Pp
.Fn UI_get0_test_string
returns the UI string action description string for
.Dv UIT_VERIFY
type UI strings, or
.Dv NULL
for any other type.
.Pp
.Fn UI_get_result_minsize
returns the minimum allowed result size for the UI string for
.Dv UIT_PROMPT
and
.Dv UIT_VERIFY
type strings, or -1 for any other type.
.Pp
.Fn UI_get_result_maxsize
returns the minimum allowed result size for the UI string for
.Dv UIT_PROMPT
and
.Dv UIT_VERIFY
type strings, or -1 for any other type.
.Pp
.Fn UI_set_result
returns 0 on success or when the UI string is of any type other than
.Dv UIT_PROMPT ,
.Dv UIT_VERIFY ,
or
.Dv UIT_BOOLEAN ,
or -1 on error.
.Sh SEE ALSO
.Xr UI_new 3
Changes to jni/libressl/man/UI_new.3.



















































1
2
3
4
5
6
7
8



















































.Dd $Mdocdate: November 12 2015 $
.Dt UI_NEW 3
.Os
.Sh NAME
.Nm UI_new ,
.Nm UI_new_method ,
.Nm UI_free ,
.Nm UI_add_input_string ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: UI_new.3,v 1.6 2017/03/26 00:06:10 schwarze Exp $
.\"	OpenSSL UI_new.pod 5469600e Mar 11 00:51:53 2017 +0100
.\"	OpenSSL UI_new.pod 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2001, 2016, 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 26 2017 $
.Dt UI_NEW 3
.Os
.Sh NAME
.Nm UI_new ,
.Nm UI_new_method ,
.Nm UI_free ,
.Nm UI_add_input_string ,
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
.Nm UI_get0_result ,
.Nm UI_process ,
.Nm UI_ctrl ,
.Nm UI_set_default_method ,
.Nm UI_get_default_method ,
.Nm UI_get_method ,
.Nm UI_set_method ,
.Nm UI_OpenSSL ,
.Nm ERR_load_UI_strings
.Nd New User Interface
.Sh SYNOPSIS
.In openssl/ui.h
.Fd typedef struct ui_st UI;
.Fd typedef struct ui_method_st UI_METHOD;
.Ft UI *
.Fn UI_new void
.Ft UI *
.Fo UI_new_method
.Fa "const UI_METHOD *method"
.Fc
.Ft void







|
<



<
<







72
73
74
75
76
77
78
79

80
81
82


83
84
85
86
87
88
89
.Nm UI_get0_result ,
.Nm UI_process ,
.Nm UI_ctrl ,
.Nm UI_set_default_method ,
.Nm UI_get_default_method ,
.Nm UI_get_method ,
.Nm UI_set_method ,
.Nm UI_OpenSSL

.Nd New User Interface
.Sh SYNOPSIS
.In openssl/ui.h


.Ft UI *
.Fn UI_new void
.Ft UI *
.Fo UI_new_method
.Fa "const UI_METHOD *method"
.Fc
.Ft void
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
.Fa "const UI_METHOD *meth"
.Fc
.Ft UI_METHOD *
.Fo UI_OpenSSL
.Fa void
.Fc
.Sh DESCRIPTION
UI stands for User Interface, and is general purpose set of routines
to prompt the user for text-based information.
Through user-written methods (see
.Xr ui_create 3 Ns ),
prompting can be done in any way imaginable, be it plain text prompting,
through dialog boxes or from a cell phone.
.Pp
All the functions work through a context of the type
.Vt UI .
This context contains all the information needed to prompt correctly
as well as a reference to a







|


|







223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
.Fa "const UI_METHOD *meth"
.Fc
.Ft UI_METHOD *
.Fo UI_OpenSSL
.Fa void
.Fc
.Sh DESCRIPTION
UI stands for User Interface, and is a general purpose set of routines
to prompt the user for text-based information.
Through user-written methods (see
.Xr UI_create_method 3 ) ,
prompting can be done in any way imaginable, be it plain text prompting,
through dialog boxes or from a cell phone.
.Pp
All the functions work through a context of the type
.Vt UI .
This context contains all the information needed to prompt correctly
as well as a reference to a
251
252
253
254
255
256
257





258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
normally generates the most problems when porting.
.Pp
.Fn UI_free
removes
.Fa ui
from memory, along with all other pieces of memory that are connected
to it, like duplicated input strings, results and others.





.Pp
.Fn UI_add_input_string
and
.Fn UI_add_verify_string
add a prompt to
.Fa ui ,
as well as flags and a result buffer and the desired minimum and
maximum sizes of the result.
The given information is used to prompt for information, for example
a password, and to verify a password (i.e. having the user enter
it twice and check that the same string was entered twice).
.Fn UI_add_verify_string
takes and extra argument that should be a pointer to the result buffer
of the input string that it's supposed to verify, or verification will
fail.
.Pp
.Fn UI_add_input_boolean
adds a prompt to
.Fa ui
that's supposed to be answered in a boolean way, with a single







>
>
>
>
>







|




|







299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
normally generates the most problems when porting.
.Pp
.Fn UI_free
removes
.Fa ui
from memory, along with all other pieces of memory that are connected
to it, like duplicated input strings, results and others.
If
.Fa ui
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn UI_add_input_string
and
.Fn UI_add_verify_string
add a prompt to
.Fa ui ,
as well as flags and a result buffer and the desired minimum and
maximum sizes of the result, not counting the final NUL character.
The given information is used to prompt for information, for example
a password, and to verify a password (i.e. having the user enter
it twice and check that the same string was entered twice).
.Fn UI_add_verify_string
takes an extra argument that should be a pointer to the result buffer
of the input string that it's supposed to verify, or verification will
fail.
.Pp
.Fn UI_add_input_boolean
adds a prompt to
.Fa ui
that's supposed to be answered in a boolean way, with a single
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349

350
351
352
353
354
355
356
add strings that are shown at the same time as the prompt for extra
information or to show an error string.
The difference between the two is only conceptual.
With the builtin method, there's no technical difference between them.
Other methods may make a difference between them, however.
.Pp
The flags currently supported are
.Dv UI_INPUT_FLAG_ECHO,
which is relevant for
.Fn UI_add_input_string
and will have the users response be echoed (when prompting for a
password, this flag should obviously not be used), and
.Dv UI_INPUT_FLAG_DEFAULT_PWD ,
which means that a default password of some sort will be used
(completely depending on the application and the UI method).
.Pp
.Fn UI_dup_input_string ,
.Fn UI_dup_verify_string ,
.Fn UI_dup_input_boolean ,
.Fn UI_dup_info_string ,
and
.Fn UI_dup_error_string
are basically the same as their
.Fn UI_add_*
counterparts, except that they make their own copies of all strings.
.Pp
.Fn UI_construct_prompt
is a helper function that can be used to create a prompt from two pieces
of information: an description and a name.
The default constructor (if there is none provided by the method used)
creates a string "Enter
.Em description
for
.Em name Ns :".
With the description "pass phrase" and the file name "foo.key", that
becomes "Enter pass phrase for foo.key:". Other methods may create
whatever string and may include encodings that will be processed by the
other method functions.
.Pp
.Fn UI_add_user_data
adds a piece of memory for the method to use at any time.
The builtin UI method doesn't care about this info.
Note that several calls to this function doesn't add data, it replaces
the previous blob with the one given as argument.
.Pp
.Fn UI_get0_user_data
retrieves the data that has last been given to the
.Fa ui
with
.Fn UI_add_user_data .
.Pp
.Fn UI_get0_result
returns a pointer to the result buffer associated with the information
indexed by
.Fa i .
.Pp
.Fn UI_process
goes through the information given so far, does all the printing and
prompting and returns.

.Pp
.Fn UI_ctrl
adds extra control for the application author.
For now, it understands two commands:
.Dv UI_CTRL_PRINT_ERRORS ,
which makes
.Fn UI_process







|




















|













|
|














|
>







344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
add strings that are shown at the same time as the prompt for extra
information or to show an error string.
The difference between the two is only conceptual.
With the builtin method, there's no technical difference between them.
Other methods may make a difference between them, however.
.Pp
The flags currently supported are
.Dv UI_INPUT_FLAG_ECHO ,
which is relevant for
.Fn UI_add_input_string
and will have the users response be echoed (when prompting for a
password, this flag should obviously not be used), and
.Dv UI_INPUT_FLAG_DEFAULT_PWD ,
which means that a default password of some sort will be used
(completely depending on the application and the UI method).
.Pp
.Fn UI_dup_input_string ,
.Fn UI_dup_verify_string ,
.Fn UI_dup_input_boolean ,
.Fn UI_dup_info_string ,
and
.Fn UI_dup_error_string
are basically the same as their
.Fn UI_add_*
counterparts, except that they make their own copies of all strings.
.Pp
.Fn UI_construct_prompt
is a helper function that can be used to create a prompt from two pieces
of information: a description and a name.
The default constructor (if there is none provided by the method used)
creates a string "Enter
.Em description
for
.Em name Ns :".
With the description "pass phrase" and the file name "foo.key", that
becomes "Enter pass phrase for foo.key:". Other methods may create
whatever string and may include encodings that will be processed by the
other method functions.
.Pp
.Fn UI_add_user_data
adds a piece of memory for the method to use at any time.
The builtin UI method doesn't care about this info.
Note that several calls to this function doesn't add data -
the previous blob is replaced with the one given as argument.
.Pp
.Fn UI_get0_user_data
retrieves the data that has last been given to the
.Fa ui
with
.Fn UI_add_user_data .
.Pp
.Fn UI_get0_result
returns a pointer to the result buffer associated with the information
indexed by
.Fa i .
.Pp
.Fn UI_process
goes through the information given so far, does all the printing and
prompting and returns the final status, which is -2 on out-of-band
events (Interrupt, Cancel, ...), -1 on error, or 0 on success.
.Pp
.Fn UI_ctrl
adds extra control for the application author.
For now, it understands two commands:
.Dv UI_CTRL_PRINT_ERRORS ,
which makes
.Fn UI_process
372
373
374
375
376
377
378
379



380
381
382
383
384
returns the UI method associated with a given
.Fa ui .
.Pp
.Fn UI_set_method
changes the UI method associated with a given
.Fa ui .
.Sh SEE ALSO
.Xr des_read_pw 3



.Sh HISTORY
The UI section was first introduced in OpenSSL 0.9.7.
.Sh AUTHORS
.An Richard Levitte Aq Mt richard@levitte.org
for the OpenSSL project.







|
>
>
>





426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
returns the UI method associated with a given
.Fa ui .
.Pp
.Fn UI_set_method
changes the UI method associated with a given
.Fa ui .
.Sh SEE ALSO
.Xr des_read_pw 3 ,
.Xr UI_create_method 3 ,
.Xr UI_get_string_type 3 ,
.Xr UI_UTIL_read_pw 3
.Sh HISTORY
The UI section was first introduced in OpenSSL 0.9.7.
.Sh AUTHORS
.An Richard Levitte Aq Mt richard@levitte.org
for the OpenSSL project.
Added jni/libressl/man/X509V3_get_d2i.3.
















































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
.\"	$OpenBSD: X509V3_get_d2i.3,v 1.5 2016/12/28 13:45:30 schwarze Exp $
.\"	OpenSSL 047dd81e Jul 4 23:03:17 2014 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt X509V3_GET_D2I 3
.Os
.Sh NAME
.Nm X509V3_get_d2i ,
.Nm X509V3_add1_i2d ,
.Nm X509V3_EXT_d2i ,
.Nm X509V3_EXT_i2d ,
.Nm X509_get_ext_d2i ,
.Nm X509_add1_ext_i2d ,
.Nm X509_CRL_get_ext_d2i ,
.Nm X509_CRL_add1_ext_i2d ,
.Nm X509_REVOKED_get_ext_d2i ,
.Nm X509_REVOKED_add1_ext_i2d
.Nd X509 extension decode and encode functions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft void *
.Fo X509V3_get_d2i
.Fa "const STACK_OF(X509_EXTENSION) *x"
.Fa "int nid"
.Fa "int *crit"
.Fa "int *idx"
.Fc
.Ft int
.Fo X509V3_add1_i2d
.Fa "STACK_OF(X509_EXTENSION) **x"
.Fa "int nid"
.Fa "void *value"
.Fa "int crit"
.Fa "unsigned long flags"
.Fc
.Ft void *
.Fo X509V3_EXT_d2i
.Fa "X509_EXTENSION *ext"
.Fc
.Ft X509_EXTENSION *
.Fo X509V3_EXT_i2d
.Fa "int ext_nid"
.Fa "int crit"
.Fa "void *ext"
.Fc
.Ft void *
.Fo X509_get_ext_d2i
.Fa "const X509 *x"
.Fa "int nid"
.Fa "int *crit"
.Fa "int *idx"
.Fc
.Ft int
.Fo X509_add1_ext_i2d
.Fa "X509 *x"
.Fa "int nid"
.Fa "void *value"
.Fa "int crit"
.Fa "unsigned long flags"
.Fc
.Ft void *
.Fo X509_CRL_get_ext_d2i
.Fa "const X509_CRL *crl"
.Fa "int nid"
.Fa "int *crit"
.Fa "int *idx"
.Fc
.Ft int
.Fo X509_CRL_add1_ext_i2d
.Fa "X509_CRL *crl"
.Fa "int nid"
.Fa "void *value"
.Fa "int crit"
.Fa "unsigned long flags"
.Fc
.Ft void *
.Fo X509_REVOKED_get_ext_d2i
.Fa "const X509_REVOKED *r"
.Fa "int nid"
.Fa "int *crit"
.Fa "int *idx"
.Fc
.Ft int
.Fo X509_REVOKED_add1_ext_i2d
.Fa "X509_REVOKED *r"
.Fa "int nid"
.Fa "void *value"
.Fa "int crit"
.Fa "unsigned long flags"
.Fc
.Sh DESCRIPTION
.Fn X509V3_get_d2i
looks for an extension with OID
.Fa nid
in the extensions
.Fa x
and, if found, decodes it.
If
.Fa idx
is
.Dv NULL ,
then only one occurrence of an extension is permissible.
Otherwise the first extension after index
.Pf * Fa idx
is returned and
.Pf * Fa idx
is updated to the location of the extension.
If
.Fa crit
is not
.Dv NULL ,
then
.Pf * Fa crit
is set to a status value: -2 if the extension occurs multiple times
(this is only returned if
.Fa idx
is
.Dv NULL ) ,
-1 if the extension could not be found, 0 if the extension is found
and is not critical, and 1 if it is critical.
A pointer to an extension specific structure or
.Dv NULL
is returned.
.Pp
.Fn X509V3_add1_i2d
adds extension
.Fa value
to STACK
.Pf * Fa x
(allocating a new STACK if necessary) using OID
.Fa nid
and criticality
.Fa crit
according to
.Fa flags .
.Pp
.Fn X509V3_EXT_d2i
attempts to decode the ASN.1 data contained in extension
.Fa ext
and returns a pointer to an extension specific structure or
.Dv NULL
if the extension could not be decoded (invalid syntax or not supported).
.Pp
.Fn X509V3_EXT_i2d
encodes the extension specific structure
.Fa ext
with OID
.Fa ext_nid
and criticality
.Fa crit .
.Pp
.Fn X509_get_ext_d2i
and
.Fn X509_add1_ext_i2d
operate on the extensions of certificate
.Fa x ,
and are otherwise identical to
.Fn X509V3_get_d2i
and
.Fn X509V3_add1_i2d 3 .
.Pp
.Fn X509_CRL_get_ext_d2i
and
.Fn X509_CRL_add1_ext_i2d
operate on the extensions of CRL
.Fa crl ,
and are otherwise identical to
.Fn X509V3_get_d2i
and
.Fn X509V3_add1_i2d 3 .
.Pp
.Fn X509_REVOKED_get_ext_d2i
and
.Fn X509_REVOKED_add1_ext_i2d
operate on the extensions of the
.Vt X509_REVOKED
structure
.Fa r
(i.e. for CRL entry extensions), and are otherwise identical to
.Fn X509V3_get_d2i
and
.Fn X509V3_add1_i2d 3 .
.Pp
In almost all cases an extension can occur at most once and multiple
occurrences is an error.
Therefore the
.Fa idx
parameter is usually
.Dv NULL .
.Pp
The
.Fa flags
parameter may be one of the following values.
.Pp
.Dv X509V3_ADD_DEFAULT
appends a new extension only if the extension does not already exist.
An error is returned if the extension does already exist.
.Pp
.Dv X509V3_ADD_APPEND
appends a new extension, ignoring whether the extension already exists.
.Pp
.Dv X509V3_ADD_REPLACE
replaces an extension if it exists otherwise appends a new extension.
.Pp
.Dv X509V3_ADD_REPLACE_EXISTING
replaces an existing extension if it exists otherwise returns an error.
.Pp
.Dv X509V3_ADD_KEEP_EXISTING
appends a new extension only if the extension does not already exist.
An error
.Sy is not
returned if the extension does already exist.
.Pp
.Dv X509V3_ADD_DELETE
deletes extension
.Fa nid .
No new extension is added.
.Pp
If
.Dv X509V3_ADD_SILENT
is OR'd with
.Fa flags ,
any error returned will not be added to the error queue.
.Pp
The function
.Fn X509V3_get_d2i
will return
.Dv NULL
if the extension is not found, occurs multiple times or cannot be
decoded.
It is possible to determine the precise reason by checking the value of
.Pf * Fa crit .
.Sh SUPPORTED EXTENSIONS
The following sections contain a list of all supported extensions
including their name and NID.
.Ss PKIX Certificate Extensions
The following certificate extensions are defined in PKIX standards such
as RFC 5280.
.Bl -column 30n 30n
.It Basic Constraints             Ta Dv NID_basic_constraints
.It Key Usage                     Ta Dv NID_key_usage
.It Extended Key Usage            Ta Dv NID_ext_key_usage
.It Subject Key Identifier        Ta Dv NID_subject_key_identifier
.It Authority Key Identifier      Ta Dv NID_authority_key_identifier
.It Private Key Usage Period      Ta Dv NID_private_key_usage_period
.It Subject Alternative Name      Ta Dv NID_subject_alt_name
.It Issuer Alternative Name       Ta Dv NID_issuer_alt_name
.It Authority Information Access  Ta Dv NID_info_access
.It Subject Information Access    Ta Dv NID_sinfo_access
.It Name Constraints              Ta Dv NID_name_constraints
.It Certificate Policies          Ta Dv NID_certificate_policies
.It Policy Mappings               Ta Dv NID_policy_mappings
.It Policy Constraints            Ta Dv NID_policy_constraints
.It Inhibit Any Policy            Ta Dv NID_inhibit_any_policy
.El
.Ss Netscape Certificate Extensions
The following are (largely obsolete) Netscape certificate extensions.
.Bl -column 30n 30n
.It Netscape Cert Type            Ta Dv NID_netscape_cert_type
.It Netscape Base Url             Ta Dv NID_netscape_base_url
.It Netscape Revocation Url       Ta Dv NID_netscape_revocation_url
.It Netscape CA Revocation Url    Ta Dv NID_netscape_ca_revocation_url
.It Netscape Renewal Url          Ta Dv NID_netscape_renewal_url
.It Netscape CA Policy Url        Ta Dv NID_netscape_ca_policy_url
.It Netscape SSL Server Name      Ta Dv NID_netscape_ssl_server_name
.It Netscape Comment              Ta Dv NID_netscape_comment
.El
.Ss Miscellaneous Certificate Extensions
.Bl -column 30n 30n
.It Strong Extranet ID            Ta Dv NID_sxnet
.It Proxy Certificate Information Ta Dv NID_proxyCertInfo
.El
.Ss PKIX CRL Extensions
The following are CRL extensions from PKIX standards such as RFC 5280.
.Bl -column 30n 30n
.It CRL Number                    Ta Dv NID_crl_number
.It CRL Distribution Points       Ta Dv NID_crl_distribution_points
.It Delta CRL Indicator           Ta Dv NID_delta_crl
.It Freshest CRL                  Ta Dv NID_freshest_crl
.It Invalidity Date               Ta Dv NID_invalidity_date
.It Issuing Distribution Point    Ta Dv NID_issuing_distribution_point
.El
.Pp
The following are CRL entry extensions from PKIX standards such as
RFC 5280.
.Bl -column 30n 30n
.It CRL Reason Code               Ta Dv NID_crl_reason
.It Certificate Issuer            Ta Dv NID_certificate_issuer
.El
.Ss OCSP Extensions
.Bl -column 30n 30n
.It OCSP Nonce                    Ta Dv NID_id_pkix_OCSP_Nonce
.It OCSP CRL ID                   Ta Dv NID_id_pkix_OCSP_CrlID
.It Acceptable OCSP Responses     Ta Dv NID_id_pkix_OCSP_acceptableResponses
.It OCSP No Check                 Ta Dv NID_id_pkix_OCSP_noCheck
.It OCSP Archive Cutoff           Ta Dv NID_id_pkix_OCSP_archiveCutoff
.It OCSP Service Locator          Ta Dv NID_id_pkix_OCSP_serviceLocator
.It Hold Instruction Code         Ta Dv NID_hold_instruction_code
.El
.Sh RETURN VALUES
.Fn X509V3_get_d2i
and
.Fn X509V3_EXT_d2i
return a pointer to an extension specific structure or
.Dv NULL
if an error occurs.
.Pp
.Fn X509V3_EXT_i2d
returns a pointer to an
.Vt X509_EXTENSION
structure or
.Dv NULL
if an error occurs.
.Pp
.Fn X509V3_add1_i2d
returns 1 if the operation is successful, 0 if it fails due to a
non-fatal error (extension not found, already exists, cannot be encoded),
or -1 due to a fatal error such as a memory allocation failure.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr d2i_X509_EXTENSION 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_get_ext_d2i 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_get_subject_name 3 ,
.Xr X509_get_version 3 ,
.Xr X509_new 3
Added jni/libressl/man/X509_ALGOR_dup.3.










































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
.\"	$OpenBSD: X509_ALGOR_dup.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 4692340e Jun 7 15:49:08 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_ALGOR_DUP 3
.Os
.Sh NAME
.Nm X509_ALGOR_new ,
.Nm X509_ALGOR_free ,
.Nm X509_ALGOR_dup ,
.Nm X509_ALGOR_set0 ,
.Nm X509_ALGOR_get0 ,
.Nm X509_ALGOR_set_md ,
.Nm X509_ALGOR_cmp
.Nd create, change, and inspect algorithm identifiers
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_ALGOR *
.Fn X509_ALGOR_new void
.Ft void
.Fn X509_ALGOR_free "X509_ALGOR *alg"
.Ft X509_ALGOR *
.Fo X509_ALGOR_dup
.Fa "X509_ALGOR *alg"
.Fc
.Ft int
.Fo X509_ALGOR_set0
.Fa "X509_ALGOR *alg"
.Fa "ASN1_OBJECT *aobj"
.Fa "int ptype"
.Fa "void *pval"
.Fc
.Ft void
.Fo X509_ALGOR_get0
.Fa "ASN1_OBJECT **paobj"
.Fa "int *pptype"
.Fa "const void **ppval"
.Fa "const X509_ALGOR *alg"
.Fc
.Ft void
.Fo X509_ALGOR_set_md
.Fa "X509_ALGOR *alg"
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo X509_ALGOR_cmp
.Fa "const X509_ALGOR *a"
.Fa "const X509_ALGOR *b"
.Fc
.Sh DESCRIPTION
.Fn X509_ALGOR_new
allocates and initializes an empty
.Vt X509_ALGOR
object, representing an ASN.1
.Vt AlgorithmIdentifier
structure defined in RFC 5280 section 4.1.1.2.
Such objects can specify a cryptographic algorithm together
with algorithm-specific parameters.
They are used by many other objects, for example certificates,
certificate revocation lists, and certificate requests.
.Pp
.Fn X509_ALGOR_free
frees
.Fa alg .
.Pp
.Fn X509_ALGOR_dup
copies
.Fa alg
by calling
.Xr i2d_X509_ALGOR 3
and
.Xr d2i_X509_ALGOR 3 .
.Pp
.Fn X509_ALGOR_set0
sets the algorithm OID of
.Fa alg
to
.Fa aobj
and the associated parameter type to
.Fa ptype
with value
.Fa pval .
If
.Fa ptype
is
.Dv V_ASN1_UNDEF
the parameter is omitted, otherwise
.Fa ptype
and
.Fa pval
have the same meaning as the
.Fa type
and
.Fa value
parameters to
.Xr ASN1_TYPE_set 3 .
All the supplied parameters are used internally so must
.Sy NOT
be freed after this call.
.Pp
.Fn X509_ALGOR_get0
is the inverse of
.Fn X509_ALGOR_set0 :
it returns the algorithm OID in
.Pf * Fa paobj
and the associated parameter in
.Pf * Fa pptype
and
.Pf * Fa ppval
from
.Fa alg .
.Pp
.Fn X509_ALGOR_set_md
sets
.Fa alg
to appropriate values for the message digest
.Fa md .
.Pp
.Fn X509_ALGOR_cmp
compares
.Fa a
and
.Fa b .
.Sh RETURN VALUES
.Fn X509_ALGOR_new
and
.Fn X509_ALGOR_dup
return a new
.Vt X509_ALGOR
object or
.Dv NULL
if an error occurs.
.Pp
.Fn X509_ALGOR_set0
returns 1 for success or 0 for failure.
.Pp
.Fn X509_ALGOR_cmp
returns 0 if
.Fa a
and
.Fa b
have identical encodings or non-zero otherwise.
.Sh SEE ALSO
.Xr ASN1_TYPE_set 3 ,
.Xr d2i_X509_ALGOR 3 ,
.Xr X509_PUBKEY_get0_param 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Added jni/libressl/man/X509_ATTRIBUTE_new.3.




































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
.\"	$OpenBSD: X509_ATTRIBUTE_new.3,v 1.4 2016/12/28 20:29:15 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt X509_ATTRIBUTE_NEW 3
.Os
.Sh NAME
.Nm X509_ATTRIBUTE_new ,
.Nm X509_ATTRIBUTE_free
.\" In the following line, "X.501" and "Attribute" are not typos.
.\" The "Attribute" type is defined in X.501, not in X.509.
.\" The type in called "Attribute" with capital "A", not "attribute".
.Nd generic X.501 Attribute
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_ATTRIBUTE *
.Fn X509_ATTRIBUTE_new void
.Ft void
.Fn X509_ATTRIBUTE_free "X509_ATTRIBUTE *attr"
.Sh DESCRIPTION
In the X.501 standard, an
.Vt Attribute
is the fundamental ASN.1 data type used to represent any kind of
property of any kind of directory entry.
In OpenSSL, very few objects use it directly, most notably the
.Vt X509_REQ_INFO
object used for PKCS#10 certification requests described in
.Xr X509_REQ_new 3 ,
the
.Vt PKCS8_PRIV_KEY_INFO
object used for PKCS#8 private key information described in
.Xr PKCS8_PRIV_KEY_INFO_new 3 ,
and the
.Vt PKCS12_SAFEBAG
container object described in
.Xr PKCS12_SAFEBAG_new 3 .
.Pp
.Fn X509_ATTRIBUTE_new
allocates and initializes an empty
.Vt X509_ATTRIBUTE
object.
.Fn X509_ATTRIBUTE_free
frees
.Fa attr .
.Sh RETURN VALUES
.Fn X509_ATTRIBUTE_new
returns the new
.Vt X509_ATTRIBUTE
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr d2i_X509_ATTRIBUTE 3 ,
.Xr PKCS12_SAFEBAG_new 3 ,
.Xr PKCS8_PRIV_KEY_INFO_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_REQ_new 3
.Sh STANDARDS
.Bl -ohang
.It Xo
For the general definition of the
.Vt Attribute
data type:
.Xc
ITU-T Recommendation X.501, also known as ISO/IEC 9594-2:
Information Technology \(en Open Systems Interconnection \(en
The Directory: Models, section 8.2: Overall structure
.It For the specific definition in the context of certification requests:
RFC 2986: PKCS #10: Certification Request Syntax Specification,
section 4.1: CertificationRequestInfo
.It For the specific use in the context of private key information:
RFC 5208: Public-Key Cryptography Standards (PKCS) #8:
Private-Key Information Syntax Specification
.It For the specific definition in the context of PFX:
RFC 7292: PKCS #12: Personal Information Exchange Syntax,
section 4.2: The SafeBag Type
.El
.Sh BUGS
A data type designed to hold arbitrary data is an oxymoron.
.Pp
While it may occasionally be useful for abstract syntax specification
or for generic container objects, using it for the representation
of specific data in a specific data structure feels like dubious
design.
.Pp
Having two distinct data types to hold arbitrary data \(en
in this case,
.Vt X509_ATTRIBUTE
on the X.501 language level and
.Vt X509_EXTENSION
as described in
.Xr X509_EXTENSION_new 3
on the X.509 language level \(en feels even more questionable,
in particular considering that Attributes in certification requests
can be used to ask for Extensions in certificates.
.Pp
At the very least, the direct use of the low-level generic
.Vt X509_ATTRIBUTE
type in specific data types like certification requests or private
key information looks like a layering violation and appears to put
type safety into jeopardy.
Added jni/libressl/man/X509_CINF_new.3.






































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
.\"	$OpenBSD: X509_CINF_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_CINF_NEW 3
.Os
.Sh NAME
.Nm X509_CINF_new ,
.Nm X509_CINF_free ,
.Nm X509_VAL_new ,
.Nm X509_VAL_free ,
.Nm X509_CERT_AUX_new ,
.Nm X509_CERT_AUX_free
.Nd X.509 certificate information objects
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_CINF *
.Fn X509_CINF_new void
.Ft void
.Fn X509_CINF_free "X509_CINF *inf"
.Ft X509_VAL *
.Fn X509_VAL_new void
.Ft void
.Fn X509_VAL_free "X509_VAL *val"
.Ft X509_CERT_AUX *
.Fn X509_CERT_AUX_new void
.Ft void
.Fn X509_CERT_AUX_free "X509_CERT_AUX *aux"
.Sh DESCRIPTION
.Fn X509_CINF_new
allocates and initializes an empty
.Vt X509_CINF
object, representing an ASN.1
.Vt TBSCertificate
structure defined in RFC 5280 section 4.1.
It is used inside the
.Vt X509
object and holds the main information contained in the X.509
certificate including subject, public key, issuer, serial number,
validity period, and extensions.
.Fn X509_CINF_free
frees
.Fa inf .
.Pp
.Fn X509_VAL_new
allocates and initializes an empty
.Vt X509_VAL
object, representing an ASN.1
.Vt Validity
structure defined in RFC 5280 section 4.1.
It is used inside the
.Vt X509_CINF
object and holds the validity period of the certificate.
.Fn X509_VAL_free
frees
.Fa val .
.Pp
.Fn X509_CERT_AUX_new
allocates and initializes an empty
.Vt X509_CERT_AUX
structure.
It can be used inside an
.Vt X509
object to hold optional non-standard auxiliary data appended to a
certificate, for example friendly alias names and trust data.
.Fn X509_CERT_AUX_free
frees
.Fa aux .
.Sh RETURN VALUES
.Fn X509_CINF_new ,
.Fn X509_VAL_new ,
and
.Fn X509_CERT_AUX_new
return the new
.Vt X509_CINF ,
.Vt X509_VAL ,
or
.Vt X509_CERT_AUX
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Added jni/libressl/man/X509_CRL_get0_by_serial.3.






























































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
.\"	$OpenBSD: X509_CRL_get0_by_serial.3,v 1.5 2017/03/25 18:35:33 schwarze Exp $
.\"	OpenSSL X509_CRL_get0_by_serial.pod cdd6c8c5 Mar 20 12:29:37 2017 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015, 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 25 2017 $
.Dt X509_CRL_GET0_BY_SERIAL 3
.Os
.Sh NAME
.Nm X509_CRL_get0_by_serial ,
.Nm X509_CRL_get0_by_cert ,
.Nm X509_CRL_get_REVOKED ,
.Nm X509_CRL_add0_revoked ,
.Nm X509_CRL_sort
.Nd add, sort, and retrieve CRL entries
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_CRL_get0_by_serial
.Fa "X509_CRL *crl"
.Fa "X509_REVOKED **ret"
.Fa "ASN1_INTEGER *serial"
.Fc
.Ft int
.Fo X509_CRL_get0_by_cert
.Fa "X509_CRL *crl"
.Fa "X509_REVOKED **ret"
.Fa "X509 *x"
.Fc
.Ft STACK_OF(X509_REVOKED) *
.Fo X509_CRL_get_REVOKED
.Fa "X509_CRL *crl"
.Fc
.Ft int
.Fo X509_CRL_add0_revoked
.Fa "X509_CRL *crl"
.Fa "X509_REVOKED *rev"
.Fc
.Ft int
.Fo X509_CRL_sort
.Fa "X509_CRL *crl"
.Fc
.Sh DESCRIPTION
.Fn X509_CRL_get0_by_serial
attempts to find a revoked entry in
.Fa crl
for serial number
.Fa serial .
If it is successful, it sets
.Pf * Fa ret
to the internal pointer of the matching entry.
Consequently,
.Pf * Fa ret
must not be freed up after the call.
.Pp
.Fn X509_CRL_get0_by_cert
is similar to
.Fn X509_CRL_get0_by_serial
except that it looks for a revoked entry using the serial number
of certificate
.Fa x .
.Pp
.Fn X509_CRL_get_REVOKED
returns an internal pointer to a stack of all revoked entries for
.Fa crl .
It is implemented as a macro.
.Pp
.Fn X509_CRL_add0_revoked
appends revoked entry
.Fa rev
to CRL
.Fa crl .
The pointer
.Fa rev
is used internally so it must not be freed up after the call: it is
freed when the parent CRL is freed.
.Pp
.Fn X509_CRL_sort
sorts the revoked entries of
.Fa crl
into ascending serial number order.
.Pp
Applications can determine the number of revoked entries returned by
.Fn X509_CRL_get_revoked
using
.Fn sk_X509_REVOKED_num
and examine each one in turn using
.Fn sk_X509_REVOKED_value ,
both defined in
.In openssl/safestack.h .
.Sh RETURN VALUES
.Fn X509_CRL_get0_by_serial
and
.Fn X509_CRL_get0_by_cert
return 0 for failure or 1 for success, except if the revoked entry
has the reason
.Qq removeFromCRL ,
in which case 2 is returned.
.Pp
.Fn X509_CRL_add0_revoked
and
.Fn X509_CRL_sort
return 1 for success or 0 for failure.
.Pp
.Fn X509_CRL_get_REVOKED
returns a STACK of revoked entries.
.Sh SEE ALSO
.Xr d2i_X509_CRL 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get_ext 3 ,
.Xr X509_CRL_get_issuer 3 ,
.Xr X509_CRL_get_version 3 ,
.Xr X509_REVOKED_new 3 ,
.Xr X509V3_get_d2i 3
Added jni/libressl/man/X509_CRL_new.3.
































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
.\"	$OpenBSD: X509_CRL_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_CRL_NEW 3
.Os
.Sh NAME
.Nm X509_CRL_new ,
.Nm X509_CRL_free ,
.Nm X509_CRL_INFO_new ,
.Nm X509_CRL_INFO_free
.Nd X.509 certificate revocation lists
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_CRL *
.Fn X509_CRL_new void
.Ft void
.Fn X509_CRL_free "X509_CRL *crl"
.Ft X509_CRL_INFO *
.Fn X509_CRL_INFO_new void
.Ft void
.Fn X509_CRL_INFO_free "X509_CRL_INFO *crl_info"
.Sh DESCRIPTION
.Fn X509_CRL_new
allocates and initializes an empty
.Vt X509_CRL
object, representing an ASN.1
.Vt CertificateList
structure defined in RFC 5280 section 5.1.
It can hold a pointer to an
.Vt X509_CRL_INFO
object discussed below together with a cryptographic signature
and information about the signature algorithm used.
.Fn X509_CRL_free
frees
.Fa crl .
.Pp
.Fn X509_CRL_INFO_new
allocates and initializes an empty
.Vt X509_CRL_INFO
object, representing an ASN.1
.Vt TBSCertList
structure defined in RFC 5280 section 5.1.
It is used inside the
.Vt X509_CRL
object and can hold a list of revoked certificates, an issuer name,
the time the list was issued, the time when the next update of the
list is due, and optional extensions.
.Fn X509_CRL_INFO_free
frees
.Fa crl_info .
.Sh RETURN VALUES
.Fn X509_CRL_new
and
.Fn X509_CRL_INFO_new
return the new
.Vt X509_CRL
or
.Vt X509_CRL_INFO
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr ACCESS_DESCRIPTION_new 3 ,
.Xr AUTHORITY_KEYID_new 3 ,
.Xr d2i_X509_CRL 3 ,
.Xr DIST_POINT_new 3 ,
.Xr PEM_read_X509_CRL 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_get_ext 3 ,
.Xr X509_CRL_get_ext_d2i 3 ,
.Xr X509_CRL_get_issuer 3 ,
.Xr X509_CRL_get_version 3 ,
.Xr X509_CRL_sign 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_load_crl_file 3 ,
.Xr X509_new 3 ,
.Xr X509_REVOKED_new 3 ,
.Xr X509_STORE_CTX_set0_crls 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile, section 5: CRL and CRL
Extensions Profile
Added jni/libressl/man/X509_EXTENSION_set_object.3.
































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
.\"	$OpenBSD: X509_EXTENSION_set_object.3,v 1.6 2016/12/28 13:45:30 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt X509_EXTENSION_SET_OBJECT 3
.Os
.Sh NAME
.Nm X509_EXTENSION_new ,
.Nm X509_EXTENSION_free ,
.Nm X509_EXTENSION_create_by_NID ,
.Nm X509_EXTENSION_create_by_OBJ ,
.Nm X509_EXTENSION_set_object ,
.Nm X509_EXTENSION_set_critical ,
.Nm X509_EXTENSION_set_data ,
.Nm X509_EXTENSION_get_object ,
.Nm X509_EXTENSION_get_critical ,
.Nm X509_EXTENSION_get_data
.\" In the next line, the capital "E" is not a typo.
.\" The ASN.1 structure is called "Extension", not "extension".
.Nd create, change, and inspect X.509 Extension objects
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_EXTENSION *
.Fn X509_EXTENSION_new void
.Ft void
.Fn X509_EXTENSION_free "X509_EXTENSION *ex"
.Ft X509_EXTENSION *
.Fo X509_EXTENSION_create_by_NID
.Fa "X509_EXTENSION **ex"
.Fa "int nid"
.Fa "int crit"
.Fa "ASN1_OCTET_STRING *data"
.Fc
.Ft X509_EXTENSION *
.Fo X509_EXTENSION_create_by_OBJ
.Fa "X509_EXTENSION **ex"
.Fa "ASN1_OBJECT *obj"
.Fa "int crit"
.Fa "ASN1_OCTET_STRING *data"
.Fc
.Ft int
.Fo X509_EXTENSION_set_object
.Fa "X509_EXTENSION *ex"
.Fa "ASN1_OBJECT *obj"
.Fc
.Ft int
.Fo X509_EXTENSION_set_critical
.Fa "X509_EXTENSION *ex"
.Fa "int crit"
.Fc
.Ft int
.Fo X509_EXTENSION_set_data
.Fa "X509_EXTENSION *ex"
.Fa "ASN1_OCTET_STRING *data"
.Fc
.Ft ASN1_OBJECT *
.Fo X509_EXTENSION_get_object
.Fa "X509_EXTENSION *ex"
.Fc
.Ft int
.Fo X509_EXTENSION_get_critical
.Fa "X509_EXTENSION *ex"
.Fc
.Ft ASN1_OCTET_STRING *
.Fo X509_EXTENSION_get_data
.Fa "X509_EXTENSION *ne"
.Fc
.Sh DESCRIPTION
.Fn X509_EXTENSION_new
allocates and initializes an empty
.Vt X509_EXTENSION
object, representing an ASN.1
.Vt Extension
structure defined in RFC 5280 section 4.1.
It is a wrapper object around specific extension objects of different
types and stores an extension type identifier and a criticality
flag in addition to the DER-encoded form of the wrapped object.
.Vt X509_EXTENSION
objects can be used for X.509 v3 certificates inside
.Vt X509_CINF
objects and for X.509 v2 certificate revocation lists inside
.Vt X509_CRL_INFO
and
.Vt X509_REVOKED
objects.
.Pp
.Fn X509_EXTENSION_free
frees
.Fa ex
and all objects it is using.
.Pp
.Fn X509_EXTENSION_create_by_NID
creates an extension of type
.Fa nid
and criticality
.Fa crit
using data
.Fa data .
The created extension is returned and written to
.Pf * Fa ex
reusing or allocating a new extension if necessary, so
.Pf * Fa ex
should either be
.Dv NULL
or a valid
.Vt X509_EXTENSION
structure.
It must not be an uninitialised pointer.
.Pp
.Fn X509_EXTENSION_create_by_OBJ
is identical to
.Fn X509_EXTENSION_create_by_NID
except that it creates an extension using
.Fa obj
instead of a NID.
.Pp
.Fn X509_EXTENSION_set_object
sets the extension type of
.Fa ex
to
.Fa obj .
The
.Fa obj
pointer is duplicated internally so
.Fa obj
should be freed up after use.
.Pp
.Fn X509_EXTENSION_set_critical
sets the criticality of
.Fa ex
to
.Fa crit .
If
.Fa crit
is zero, the extension in non-critical, otherwise it is critical.
.Pp
.Fn X509_EXTENSION_set_data
sets the data in extension
.Fa ex
to
.Fa data .
The
.Fa data
pointer is duplicated internally.
.Pp
.Fn X509_EXTENSION_get_object
returns the extension type of
.Fa ex
as an
.Vt ASN1_OBJECT
pointer.
The returned pointer is an internal value which must not be freed up.
.Pp
.Fn X509_EXTENSION_get_critical
returns the criticality of extension
.Fa ex
it returns 1 for critical and 0 for non-critical.
.Pp
.Fn X509_EXTENSION_get_data
returns the data of extension
.Fa ex .
The returned pointer is an internal value which must not be freed up.
.Pp
These functions manipulate the contents of an extension directly.
Most applications will want to parse or encode and add an extension:
they should use the extension encode and decode functions instead
such as
.Xr X509_add1_ext_i2d 3
and
.Xr X509_get_ext_d2i 3 .
.Pp
The
.Fa data
associated with an extension is the extension encoding in an
.Vt ASN1_OCTET_STRING
structure.
.Sh RETURN VALUES
.Fn X509_EXTENSION_new ,
.Fn X509_EXTENSION_create_by_NID ,
and
.Fn X509_EXTENSION_create_by_OBJ
return an
.Vt X509_EXTENSION
pointer or
.Dv NULL
if an error occurs.
.Pp
.Fn X509_EXTENSION_set_object ,
.Fn X509_EXTENSION_set_critical ,
and
.Fn X509_EXTENSION_set_data
return 1 for success or 0 for failure.
.Pp
.Fn X509_EXTENSION_get_object
returns an
.Vt ASN1_OBJECT
pointer.
.Pp
.Fn X509_EXTENSION_get_critical
returns 0 for non-critical or 1 for critical.
.Pp
.Fn X509_EXTENSION_get_data
returns an
.Vt ASN1_OCTET_STRING
pointer.
.Sh SEE ALSO
.Xr ACCESS_DESCRIPTION_new 3 ,
.Xr AUTHORITY_KEYID_new 3 ,
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr d2i_X509_EXTENSION 3 ,
.Xr DIST_POINT_new 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr NAME_CONSTRAINTS_new 3 ,
.Xr OCSP_CRLID_new 3 ,
.Xr OCSP_SERVICELOC_new 3 ,
.Xr PKEY_USAGE_PERIOD_new 3 ,
.Xr POLICYINFO_new 3 ,
.Xr PROXY_POLICY_new 3 ,
.Xr SXNET_new 3 ,
.Xr X509V3_get_d2i 3 ,
.Xr X509v3_get_ext_by_NID 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Added jni/libressl/man/X509_LOOKUP_hash_dir.3.




















































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
.\"	$OpenBSD: X509_LOOKUP_hash_dir.3,v 1.3 2017/01/06 22:46:06 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>
.\" and Claus Assmann.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt X509_LOOKUP_HASH_DIR 3
.Os
.Sh NAME
.Nm X509_LOOKUP_hash_dir ,
.Nm X509_LOOKUP_file ,
.Nm X509_load_cert_file ,
.Nm X509_load_crl_file ,
.Nm X509_load_cert_crl_file
.Nd default OpenSSL certificate lookup methods
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft X509_LOOKUP_METHOD *
.Fn X509_LOOKUP_hash_dir void
.Ft X509_LOOKUP_METHOD *
.Fn X509_LOOKUP_file void
.Ft int
.Fo X509_load_cert_file
.Fa "X509_LOOKUP *ctx"
.Fa "const char *file"
.Fa "int type"
.Fc
.Ft int
.Fo X509_load_crl_file
.Fa "X509_LOOKUP *ctx"
.Fa "const char *file"
.Fa "int type"
.Fc
.Ft int
.Fo X509_load_cert_crl_file
.Fa "X509_LOOKUP *ctx"
.Fa "const char *file"
.Fa "int type"
.Fc
.Sh DESCRIPTION
.Fn X509_LOOKUP_hash_dir
and
.Fn X509_LOOKUP_file
are two certificate lookup methods to use with
.Vt X509_STORE ,
provided by the OpenSSL library.
.Pp
Users of the library typically do not need to create instances of these
methods manually.
They are created automatically by the
.Xr X509_STORE_load_locations 3
or
.Xr SSL_CTX_load_verify_locations 3
functions.
.Pp
Internally, loading of certificates and CRLs is implemented via the functions
.Fn X509_load_cert_crl_file ,
.Fn X509_load_cert_file
and
.Fn X509_load_crl_file .
These functions support a parameter
.Fa type ,
which can be one of the constants
.Dv FILETYPE_PEM ,
.Dv FILETYPE_ASN1 ,
and
.Dv FILETYPE_DEFAULT .
They load certificates and/or CRLs from the specified file into a
memory cache of
.Vt X509_STORE
objects which the given
.Fa ctx
parameter is associated with.
.Pp
The functions
.Fn X509_load_cert_file
and
.Fn X509_load_crl_file
can load both PEM and DER formats depending on the
.Fa type
value.
Because DER format cannot contain more than one certificate or CRL
object (while PEM can contain several concatenated PEM objects),
.Fn X509_load_cert_crl_file
with
.Dv FILETYPE_ASN1
is equivalent to
.Fn X509_load_cert_file .
.Pp
The constant
.Dv FILETYPE_DEFAULT
with
.Dv NULL
filename causes these functions to load the default certificate
store file (see
.Xr X509_STORE_set_default_paths 3 ) .
.Pp
These functions return the number of objects loaded from file or 0
in case of error.
.Pp
Both methods support adding several certificate locations into one
.Sy X509_STORE .
.Pp
This page documents certificate store formats used by these methods and
caching policy.
.Ss File Method
The
.Fn X509_LOOKUP_file
method loads all the certificates or CRLs present in a file into memory
at the time the file is added as a lookup source.
.Pp
The file format is ASCII text which contains concatenated PEM
certificates and CRLs.
.Pp
This method should be used by applications which work with a small set
of CAs.
.Ss Hashed Directory Method
.Fa X509_LOOKUP_hash_dir
is a more advanced method which loads certificates and CRLs on demand,
and caches them in memory once they are loaded.
As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so
that newer CRLs are used as soon as they appear in the directory.
.Pp
The directory should contain one certificate or CRL per file in PEM
format, with a file name of the form
.Ar hash . Ns Ar N
for a certificate, or
.Ar hash . Ns Sy r Ns Ar N
for a CRL.
The
.Ar hash
is the value returned by the
.Xr X509_NAME_hash 3
function applied to the subject name for certificates or issuer
name for CRLs.
The hash can also be obtained via the
.Fl hash
option of the
.Xr openssl 1
.Cm x509
or
.Cm crl
commands.
.Pp
The
.Ar N
suffix is a sequence number that starts at zero and is incremented
consecutively for each certificate or CRL with the same
.Ar hash
value.
Gaps in the sequence numbers are not supported.
It is assumed that there are no more objects with the same hash
beyond the first missing number in the sequence.
.Pp
Sequence numbers make it possible for the directory to contain multiple
certificates with the same subject name hash value.
For example, it is possible to have in the store several certificates
with the same subject or several CRLs with the same issuer (and, for
example, a different validity period).
.Pp
When checking for new CRLs, once one CRL for a given hash value is
loaded, hash_dir lookup method checks only for certificates with
sequence number greater than that of the already cached CRL.
.Pp
Note that the hash algorithm used for subject name hashing changed in
OpenSSL 1.0.0, and all certificate stores have to be rehashed when
moving from OpenSSL 0.9.8 to 1.0.0.
.Sh SEE ALSO
.Xr d2i_X509_bio 3 ,
.Xr PEM_read_PrivateKey 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr X509_STORE_load_locations 3
Changes to jni/libressl/man/X509_NAME_ENTRY_get_object.3.

























1



2
3
4
5
6
7
8

9
10
11
12
13

14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35




36
37
38
39
40
41
42
43
44
45
46
47
48

49
50
51
52












53
54
55
56
57
58
59
60
61
62

63
64
65
66


67
68





69



70
71



72
73
74
75
76
77



78
79
80
81
82
83

84

85






86


87
88


89

90
91
92



93
94
95
96
97
98
99
100
101




102
103

104



105




106

107



108

109



110



111
112
113
114
115
116
117
118
119
120
121
122


123

124

125

126
127
128


129
130
131
132
133




134

135
136
137

138
139
140
141



































.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)



.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..

.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}




.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.












.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2


.        \}
.    \}





.\}



.rr rF
.\" ========================================================================



.\"
.IX Title "X509_NAME_ENTRY_get_object 3"
.TH X509_NAME_ENTRY_get_object 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l



.nh
.SH "NAME"
X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions

.SH "SYNOPSIS"

.IX Header "SYNOPSIS"






.Vb 1


\& #include <openssl/x509.h>
\&


\& ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);

\& ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
\&
\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);



\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
\&
\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in




and \fB\s-1ASN1_OBJECT\s0\fR structure.
.PP

\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in



and \fB\s-1ASN1_STRING\s0\fR structure.




.PP

\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR.



.PP

\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type



\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR.



.PP
\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR
and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an
\&\fBX509_NAME_ENTRY\fR structure.
.SH "NOTES"
.IX Header "NOTES"
\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be
used to examine an \fBX509_NAME_ENTRY\fR function as returned by
\&\fIX509_NAME_get_entry()\fR for example.
.PP
\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR,
and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an


.PP

\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR,

\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR

are seldom used in practice because \fBX509_NAME_ENTRY\fR structures
are almost always part of \fBX509_NAME\fR structures and the
corresponding \fBX509_NAME\fR functions are typically used to


create and add new entries in a single operation.
.PP
The arguments of these functions support similar options to the similarly
named ones of the corresponding \fBX509_NAME\fR functions such as
\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to




\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be

set first so the relevant field information can be looked up internally.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3),
\&\fIOBJ_nid2obj\fR\|(3)










>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>

|
|
|
|
<
|
>
|
|
|
<
|
>
|
|
|
|
|
<
<
<
<
<
<
<
<
|
|
<
<
|
>
|
|
|
|
>
>
>
>
|
|
|
|
|
|
|
|

|
|
<
|
>
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
>
|
|
<
|
>
>
|
|
>
>
>
>
>
|
>
>
>
|
<
>
>
>
|
|
|
<
|
|
>
>
>
|
<
|
<
|
|
>
|
>
|
>
>
>
>
>
>
|
>
>
|
<
>
>
|
>
|
<
|
>
>
>
|
<
<
<
|
|
|
|
|
>
>
>
>
|
<
>
|
>
>
>
|
>
>
>
>
|
>
|
>
>
>
|
>
|
>
>
>
|
>
>
>
|
|
|
<
<
|
<
<
<
<
|
|
>
>
|
>
|
>
|
>
|
|
|
>
>
|
|
|
|
|
>
>
>
>
|
>
|
<
<
>
|
<
|
|
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

35
36
37
38
39

40
41
42
43
44
45
46








47
48


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119
120
121

122
123
124
125
126
127

128

129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

145
146
147
148
149

150
151
152
153
154



155
156
157
158
159
160
161
162
163
164

165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193


194




195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221


222
223

224
225
226
227
228
229
230
231
232
233
234
235
.\"	$OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2005, 2006 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"








.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_NAME_ENTRY_GET_OBJECT 3

.Os
.Sh NAME
.Nm X509_NAME_ENTRY_new ,
.Nm X509_NAME_ENTRY_free ,
.Nm X509_NAME_ENTRY_get_object ,
.Nm X509_NAME_ENTRY_get_data ,
.Nm X509_NAME_ENTRY_set_object ,
.Nm X509_NAME_ENTRY_set_data ,
.Nm X509_NAME_ENTRY_create_by_txt ,
.Nm X509_NAME_ENTRY_create_by_NID ,
.Nm X509_NAME_ENTRY_create_by_OBJ
.\" In the following line, "X.501" is not a typo.
.\" This object defined in X.501, not in X.509.
.Nd X.501 relative distinguished name
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_NAME_ENTRY *
.Fn X509_NAME_ENTRY_new void
.Ft void
.Fo X509_NAME_ENTRY_free
.Fa "X509_NAME_ENTRY* ne"
.Fc
.Ft ASN1_OBJECT *
.Fo X509_NAME_ENTRY_get_object
.Fa "X509_NAME_ENTRY *ne"
.Fc
.Ft ASN1_STRING *
.Fo X509_NAME_ENTRY_get_data
.Fa "X509_NAME_ENTRY *ne"
.Fc
.Ft int

.Fo X509_NAME_ENTRY_set_object
.Fa "X509_NAME_ENTRY *ne"
.Fa "ASN1_OBJECT *obj"
.Fc
.Ft int
.Fo X509_NAME_ENTRY_set_data
.Fa "X509_NAME_ENTRY *ne"
.Fa "int type"
.Fa "const unsigned char *bytes"
.Fa "int len"
.Fc
.Ft X509_NAME_ENTRY *
.Fo X509_NAME_ENTRY_create_by_txt
.Fa "X509_NAME_ENTRY **ne"
.Fa "const char *field"

.Fa "int type"
.Fa "const unsigned char *bytes"
.Fa "int len"
.Fc
.Ft X509_NAME_ENTRY *
.Fo X509_NAME_ENTRY_create_by_NID

.Fa "X509_NAME_ENTRY **ne"
.Fa "int nid"
.Fa "int type"
.Fa "unsigned char *bytes"
.Fa "int len"
.Fc

.Ft X509_NAME_ENTRY *

.Fo X509_NAME_ENTRY_create_by_OBJ
.Fa "X509_NAME_ENTRY **ne"
.Fa "ASN1_OBJECT *obj"
.Fa "int type"
.Fa "const unsigned char *bytes"
.Fa "int len"
.Fc
.Sh DESCRIPTION
An X.501
.Vt RelativeDistinguishedName
is a set of field type and value pairs.
It is the building block for constructing X.501
.Vt Name
objects.
This implementation only supports sets with one element, so an
.Vt X509_NAME_ENTRY

object contains only one field type and one value.
.Pp
.Fn X509_NAME_ENTRY_new
allocates and initializes an empty
.Vt X509_NAME_ENTRY

object, representing an ASN.1
.Vt RelativeDistinguishedName
structure defined in RFC 5280 section 4.1.2.4.
.Pp
.Fn X509_NAME_ENTRY_free



frees
.Fa ne
and the type and value contained in it.
.Pp
.Fn X509_NAME_ENTRY_get_object
retrieves the field type of
.Fa ne
in an
.Vt ASN1_OBJECT
structure.

.Fn X509_NAME_ENTRY_get_data
retrieves the field value of
.Fa ne
in an
.Vt ASN1_STRING
structure.
These two functions can be used to examine an
.Vt X509_NAME_ENTRY
object as returned by
.Xr X509_NAME_get_entry 3 .
.Pp
.Fn X509_NAME_ENTRY_set_object
sets the field type of
.Fa ne
to
.Fa obj .
.Pp
.Fn X509_NAME_ENTRY_set_data
sets the field value of
.Fa ne
to string type
.Fa type
and the value determined by
.Fa bytes
and
.Fa len .
.Pp
.Fn X509_NAME_ENTRY_create_by_txt ,
.Fn X509_NAME_ENTRY_create_by_NID ,


and




.Fn X509_NAME_ENTRY_create_by_OBJ
create and return an
.Vt X509_NAME_ENTRY
structure.
.Pp
Except for
.Fn X509_NAME_ENTRY_get_object
and
.Fn X509_NAME_ENTRY_get_data ,
these functions are rarely used because
.Vt X509_NAME_ENTRY
structures are almost always part of
.Vt X509_NAME
structures and the functions described in
.Xr X509_NAME_add_entry_by_txt 3
are typically used to create and add new entries in a single operation.
.Pp
The arguments of these functions support similar options to the
similarly named ones described in
.Xr X509_NAME_add_entry_by_txt 3 .
So for example
.Fa type
can be set to
.Dv MBSTRING_ASC ,
but in the case of
.Fn X509_NAME_ENTRY_set_data
the field type must be set first so the relevant field information


can be looked up internally.
.Sh SEE ALSO

.Xr ERR_get_error 3 ,
.Xr OBJ_nid2obj 3 ,
.Xr X509_NAME_add_entry 3 ,
.Xr X509_NAME_get_entry 3 ,
.Xr X509_NAME_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
.Pp
ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information
Technology  Open Systems Interconnection  The Directory: Models,
section 9.3: Relative distinguished name
Changes to jni/libressl/man/X509_NAME_add_entry_by_txt.3.
1

2


3
4
5
6
7
8


9
10


11




12




13



14
15
16



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35








36
37
38
39
40
41
42
43
44




45
46









47
48
49
50
51
52
53
54





55


56









57
58
59
60
61
62





63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

82

83
84
85



86
87




88
89

90
91

92
93



94
95


96


97
98
99
100

101
102
103
104
105
106

107
108
109
110








111
112


113





114
115
116
117
118
119
120
121
122


123
124
125
126
127


128
129

130


131

132




133
134




135


136

137

138
139
140

141
142
143


144

145
146

147














148
149
150
151


152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

175
176
177
178

179

180
181

182
183
184
185
186
187
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R
.fi



..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}








.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"




.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq









.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.





.de IX


..









.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"





..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_NAME_add_entry_by_txt 3"
.TH X509_NAME_add_entry_by_txt 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ,
X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \-

X509_NAME modification functions

.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1



\& #include <openssl/x509.h>
\&




\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
\&

\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
\&

\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
\&



\& int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
\&


\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and

\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID \s0\fBnid\fR respectively.
The field value to be added is in \fBbytes\fR of length \fBlen\fR. If
\&\fBlen\fR is \-1 then the field length is calculated internally using
strlen(bytes).
.PP

The type of field is determined by \fBtype\fR which can either be a
definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a
standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is
added to a position determined by \fBloc\fR and \fBset\fR.








.PP
\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR


to \fBname\fR. The new entry is added to a position determined by \fBloc\fR





and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after
the call.
.PP
\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position
\&\fBloc\fR. The deleted entry is returned and must be freed up.
.SH "NOTES"
.IX Header "NOTES"
The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR
is strongly recommended for the \fBtype\fR parameter. This allows the


internal code to correctly determine the type of the field and to
apply length checks according to the relevant standards. This is
done using \fIASN1_STRING_set_by_NID()\fR.
.PP
If instead an \s-1ASN1\s0 type is used no checks are performed and the


supplied data in \fBbytes\fR is used directly.
.PP

In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents


the field name using OBJ_txt2obj(field, 0).

.PP




The \fBloc\fR and \fBset\fR parameters determine where a new entry should
be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR




to 0. This adds a new entry to the end of \fBname\fR as a single valued


RelativeDistinguishedName (\s-1RDN\s0).

.PP

\&\fBloc\fR actually determines the index where the new entry is inserted:
if it is \-1 it is appended.
.PP

\&\fBset\fR determines how the new type is added. If it is zero a
new \s-1RDN\s0 is created.
.PP


If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0

structure respectively. This will then be a multivalued \s-1RDN:\s0
since multivalues RDNs are very seldom used \fBset\fR is almost

always set to zero.














.SH "EXAMPLES"
.IX Header "EXAMPLES"
Create an \fBX509_NAME\fR structure:
.PP


\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R"
.PP
.Vb 10
\& X509_NAME *nm;
\& nm = X509_NAME_new();
\& if (nm == NULL)
\&        /* Some error */
\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
\&                        "C", "UK", \-1, \-1, 0))
\&        /* Error */
\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
\&                        "O", "Disorganized Organization", \-1, \-1, 0))
\&        /* Error */
\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
\&                        "CN", "Joe Bloggs", \-1, \-1, 0))
\&        /* Error */
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR,
\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for
success of 0 if an error occurred.
.PP

\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR
structure of \fB\s-1NULL\s0\fR if an error occurred.
.SH "BUGS"
.IX Header "BUGS"

\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a

different algorithm to determine field types. Since this form does
not understand multicharacter types, performs no length checks and

can result in invalid field types its use is strongly discouraged.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
|
>

>
>
|
<
<
<
<
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
<
|
>
>
>
|
<
<
<
<
<
|
<
<
<
<
|
<
<
|
|
<
<
|
>
>
>
>
>
>
>
>
|
|
|
|
<
<
<
<

>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
>
>
|
<
<
|
<
<
>
>
>
>
>
|
|
|
|
<
|
|
<
<
|
|
|
<
<
<
|
<
|
<
>
|
>
|
|
|
>
>
>
|
<
>
>
>
>
|
<
>
|
<
>
|
<
>
>
>
|
<
>
>
|
>
>
|
<
<
|
>
|
<
<
<
|
|
>
|
<
<
|
>
>
>
>
>
>
>
>
|
|
>
>
|
>
>
>
>
>
|
<
<
<
<
<
<
|
|
>
>
|
|
<
|
|
>
>
|
|
>
|
>
>
|
>
|
>
>
>
>
|
|
>
>
>
>
|
>
>
|
>
|
>
|
|
|
>
|
|
|
>
>
|
>
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
|
>
>
|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
<
|
<
>
|
<
|
<
>
|
>
|
|
>
|
<
<
<
<
<
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33





34




35


36
37


38
39
40
41
42
43
44
45
46
47
48
49
50




51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93


94


95
96
97
98
99
100
101
102
103

104
105


106
107
108



109

110

111
112
113
114
115
116
117
118
119
120

121
122
123
124
125

126
127

128
129

130
131
132
133

134
135
136
137
138
139


140
141
142



143
144
145
146


147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166






167
168
169
170
171
172

173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232

233
234
235
236
237
238

239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

254

255

256
257

258

259
260
261
262
263
264
265





.\"	$OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.7 2017/01/06 03:00:56 schwarze Exp $
.\"	OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2005, 2006, 2013, 2014 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"





.\" 6. Redistributions of any form whatsoever must retain the following




.\"    acknowledgment:


.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"
.Dd $Mdocdate: January 6 2017 $
.Dt X509_NAME_ADD_ENTRY_BY_TXT 3
.Os
.Sh NAME
.Nm X509_NAME_add_entry_by_txt ,
.Nm X509_NAME_add_entry_by_OBJ ,
.Nm X509_NAME_add_entry_by_NID ,
.Nm X509_NAME_add_entry ,
.Nm X509_NAME_delete_entry
.Nd X509_NAME modification functions
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_NAME_add_entry_by_txt
.Fa "X509_NAME *name"
.Fa "const char *field"
.Fa "int type"
.Fa "const unsigned char *bytes"
.Fa "int len"
.Fa "int loc"
.Fa "int set"
.Fc
.Ft int
.Fo X509_NAME_add_entry_by_OBJ
.Fa "X509_NAME *name"
.Fa "ASN1_OBJECT *obj"
.Fa "int type"
.Fa "unsigned char *bytes"
.Fa "int len"
.Fa "int loc"
.Fa "int set"
.Fc
.Ft int
.Fo X509_NAME_add_entry_by_NID
.Fa "X509_NAME *name"
.Fa "int nid"
.Fa "int type"
.Fa "unsigned char *bytes"
.Fa "int len"
.Fa "int loc"
.Fa "int set"
.Fc


.Ft int


.Fo X509_NAME_add_entry
.Fa "X509_NAME *name"
.Fa "X509_NAME_ENTRY *ne"
.Fa "int loc"
.Fa "int set"
.Fc
.Ft X509_NAME_ENTRY *
.Fo X509_NAME_delete_entry
.Fa "X509_NAME *name"

.Fa "int loc"
.Fc


.Sh DESCRIPTION
.Fn X509_NAME_add_entry_by_txt ,
.Fn X509_NAME_add_entry_by_OBJ ,



and

.Fn X509_NAME_add_entry_by_NID

add a field whose name is defined by a string
.Fa field ,
an object
.Fa obj
or a NID
.Fa nid ,
respectively.
The field value to be added is in
.Fa bytes
of length

.Fa len .
If
.Fa len
is -1 then the field length is calculated internally using
.Fn strlen bytes .

.Pp
The type of field is determined by

.Fa type
which can either be a definition of the type of

.Fa bytes
(such as
.Dv MBSTRING_ASC )
or a standard ASN.1 type (such as

.Dv V_ASN1_IA5STRING ) .
The new entry is added to a position determined by
.Fa loc
and
.Fa set .
.Pp


.Fn X509_NAME_add_entry
adds a copy of an
.Vt X509_NAME_ENTRY



structure
.Fa ne
to
.Fa name .


The new entry is added to a position determined by
.Fa loc
and
.Fa set .
Since a copy of
.Fa ne
is added,
.Fa ne
must be freed up after the call.
.Pp
.Fn X509_NAME_delete_entry
deletes an entry from
.Fa name
at position
.Fa loc .
The deleted entry is returned and must be freed up.
.Pp
The use of string types such as
.Dv MBSTRING_ASC
or






.Dv MBSTRING_UTF8
is strongly recommended for the
.Fa type
parameter.
This allows the internal code to correctly determine the type of the
field and to apply length checks according to the relevant standards.

.Pp
If instead an ASN.1 type is used, no checks are performed and the supplied
data in
.Fa bytes
is used directly.
.Pp
In
.Fn X509_NAME_add_entry_by_txt
the
.Fa field
string represents the field name using
.Fn OBJ_txt2obj field 0 .
.Pp
The
.Fa loc
and
.Fa set
parameters determine where a new entry should be added.
For almost all applications,
.Fa loc
can be set to -1 and
.Fa set
to 0.
This adds a new entry to the end of
.Fa name
as a single valued
.Vt RelativeDistinguishedName
(RDN).
.Pp
.Fa loc
actually determines the index where the new entry is inserted:
if it is -1 it is appended.
.Pp
.Fa set
determines how the new type is added.
If it is zero a new RDN is created.
.Pp
If
.Fa set
is -1 or 1 it is added to the previous or next RDN structure
respectively.
This will then be a multivalued RDN: since multivalue RDNs are very
seldom used,
.Fa set
is almost always set to zero.
.Sh RETURN VALUES
.Fn X509_NAME_add_entry_by_txt ,
.Fn X509_NAME_add_entry_by_OBJ ,
.Fn X509_NAME_add_entry_by_NID ,
and
.Fn X509_NAME_add_entry
return 1 for success or 0 if an error occurred.
.Pp
.Fn X509_NAME_delete_entry
returns either the deleted
.Vt X509_NAME_ENTRY
structure or
.Dv NULL
if an error occurred.
.Sh EXAMPLES

Create an
.Vt X509_NAME
structure:
.Bd -literal -offset indent
C=UK, O=Disorganized Organization, CN=Joe Bloggs


X509_NAME *nm;
nm = X509_NAME_new();
if (nm == NULL)
	/* Some error */
if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
		"UK", -1, -1, 0))
	/* Error */
if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
		"Disorganized Organization", -1, -1, 0))
	/* Error */
if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
		"Joe Bloggs", -1, -1, 0))
	/* Error */
.Ed
.Sh SEE ALSO

.Xr d2i_X509_NAME 3 ,

.Xr ERR_get_error 3 ,

.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_new 3

.Sh BUGS

.Fa type
can still be set to
.Dv V_ASN1_APP_CHOOSE
to use a different algorithm to determine field types.
Since this form does not understand multicharacter types, performs
no length checks, and can result in invalid field types, its use
is strongly discouraged.





Changes to jni/libressl/man/X509_NAME_get_index_by_NID.3.
1

2


3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25



26


27
28
29
30
31
32
33
34
35
36
37
38

39
40
41
42
43
44











45
46
47
48


49
50
51
52





53
54
55




56
57
58
59
60
61
62



63
64
65
66
67
68

69



70
71
72

73
74
75
76
77


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99




100

101
102
















103
104
105
106
107
108

109
110




111




112

113
114
115


116





117


118


119





120

121
122




123
124
125
126
127
128
129



130

131








132





133

134



135
136
137
138
139
140
141
142
143
144
145
146

147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

163
164
165



166




167





168

169
170



171
172
173
174

175

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'



.ie n \{\


.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p

.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"











.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.





.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX




..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}

.\}



.rr rF
.\" ========================================================================
.\"

.IX Title "X509_NAME_get_index_by_NID 3"
.TH X509_NAME_get_index_by_NID 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l


.nh
.SH "NAME"
X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \-
X509_NAME lookup and enumeration functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
\& int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
\&
\& int X509_NAME_entry_count(X509_NAME *name);
\& X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
\&
\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions allow an \fBX509_NAME\fR structure to be examined. The




\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in

\&\s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject
and issuer names.
















.PP
\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve
the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR
should initially be set to \-1. If there are no more entries \-1 is returned.
.PP
\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR.

.PP
\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR




corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from




0 to (X509_NAME_entry_count(name) \- 1). The value returned is an

internal pointer which must not be freed.
.PP
\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve


the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or





\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes


will be written and the text written to \fBbuf\fR will be null


terminated. The length of the output string written is returned





excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount

of space needed in \fBbuf\fR (excluding the final null) is returned.
.SH "NOTES"




.IX Header "NOTES"
\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR are
legacy functions which have various limitations which make them
of minimal use in practice. They can only find the first matching
entry and will copy the contents of the field verbatim: this can
be highly confusing if the target is a multicharacter string type
like a BMPString or a UTF8String.



.PP

For a more general solution \fIX509_NAME_get_index_by_NID()\fR or








\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by





\&\fIX509_NAME_get_entry()\fR on any matching indices and then the

various \fBX509_NAME_ENTRY\fR utility functions on the result.



.SH "EXAMPLES"
.IX Header "EXAMPLES"
Process all entries:
.PP
.Vb 2
\& int i;
\& X509_NAME_ENTRY *e;
\&
\& for (i = 0; i < X509_NAME_entry_count(nm); i++) {
\&        e = X509_NAME_get_entry(nm, i);
\&        /* Do something with e */
\& }

.Ve
.PP
Process all commonName entries:
.PP
.Vb 2
\& int loc;
\& X509_NAME_ENTRY *e;
\&
\& loc = \-1;
\& for (;;) {
\&        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
\&        if (lastpos == \-1)
\&                break;
\&        e = X509_NAME_get_entry(nm, lastpos);
\&        /* Do something with e */
\& }

.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"



\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR




return the index of the next matching entry or \-1 if not found.





.PP

\&\fIX509_NAME_entry_count()\fR returns the total number of entries.
.PP



\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the
requested entry or \fB\s-1NULL\s0\fR if the index is invalid.
.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3)

|
>

>
>
|
<
<
<
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
>
>
>
|
>
>
<
|
<
<
<
<
<
<
|
<
<
<
>
|
|
|
<
<

>
>
>
>
>
>
>
>
>
>
>
|
<
<

>
>
|
|
|
|
>
>
>
>
>
|
|
|
>
>
>
>
|
<
<
<
|
<
|
>
>
>
|
|
<
<
<
|
>
|
>
>
>
|
<
|
>
|
|
<
<
|
>
>
|
|
<
|
|
<
<
<
<
<
<
|
<
<
<
<
|
|
|
|
<
|
>
>
>
>
|
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
<
<
<
|
>
|
|
>
>
>
>
|
>
>
>
>
|
>
|
|
|
>
>
|
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
>
>
|
>
|
|
>
>
>
>
|
<
<
<
<
<
<
>
>
>
|
>
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
|
>
>
>
|
<

|
<
|
|
|
|
|
|
<
>
|
|

|
<
|
|
|
<
|
|
|
|
|
|
<
>
|
|
|
>
>
>
|
>
>
>
>
|
>
>
>
>
>
|
>
|
<
>
>
>
|
<
<
<
>
|
>
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25
26
27
28
29
30
31

32






33



34
35
36
37


38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70



71

72
73
74
75
76
77



78
79
80
81
82
83
84

85
86
87
88


89
90
91
92
93

94
95






96




97
98
99
100

101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127



128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174






175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

202
203

204
205
206
207
208
209

210
211
212
213
214

215
216
217

218
219
220
221
222
223

224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

245
246
247
248



249
250
251
.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006, 2014, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written

.\"    permission of the OpenSSL Project.






.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_NAME_GET_INDEX_BY_NID 3
.Os
.Sh NAME
.Nm X509_NAME_get_index_by_NID ,
.Nm X509_NAME_get_index_by_OBJ ,
.Nm X509_NAME_entry_count ,
.Nm X509_NAME_get_entry ,
.Nm X509_NAME_get_text_by_NID ,
.Nm X509_NAME_get_text_by_OBJ
.Nd X509_NAME lookup and enumeration functions
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_NAME_get_index_by_NID
.Fa "X509_NAME *name"
.Fa "int nid"
.Fa "int lastpos"
.Fc



.Ft int

.Fo X509_NAME_get_index_by_OBJ
.Fa "X509_NAME *name"
.Fa "ASN1_OBJECT *obj"
.Fa "int lastpos"
.Fc
.Ft int



.Fo X509_NAME_entry_count
.Fa "X509_NAME *name"
.Fc
.Ft X509_NAME_ENTRY *
.Fo X509_NAME_get_entry
.Fa "X509_NAME *name"
.Fa "int loc"

.Fc
.Ft int
.Fo X509_NAME_get_text_by_NID
.Fa "X509_NAME *name"


.Fa "int nid"
.Fa "char *buf"
.Fa "int len"
.Fc
.Ft int

.Fo X509_NAME_get_text_by_OBJ
.Fa "X509_NAME *name"






.Fa "ASN1_OBJECT *obj"




.Fa "char *buf"
.Fa "int len"
.Fc
.Sh DESCRIPTION

These functions allow an
.Vt X509_NAME
structure to be examined.
The
.Vt X509_NAME
structure is the same as the ASN.1
.Vt Name
type defined in RFC 2459 (and elsewhere) and used, for example,
in certificate subject and issuer names.
.Pp
.Fn X509_NAME_get_index_by_NID
and
.Fn X509_NAME_get_index_by_OBJ
retrieve the next index matching
.Fa nid
or
.Fa obj
after
.Fa lastpos .
.Fa lastpos
should initially be set to -1.
If there are no more entries, -1 is returned.
If
.Fa nid
is invalid (doesn't correspond to a valid OID), -2 is returned.
.Pp
.Fn X509_NAME_entry_count



returns the total number of entries in
.Fa name .
.Pp
.Fn X509_NAME_get_entry
retrieves the
.Vt X509_NAME_ENTRY
from
.Fa name
corresponding to index
.Fa loc .
Acceptable values for
.Fa loc
run from 0 to
.Fn X509_NAME_entry_count name
- 1.
The value returned is an internal pointer which must not be freed.
.Pp
.Fn X509_NAME_get_text_by_NID
and
.Fn X509_NAME_get_text_by_OBJ
retrieve the "text" from the first entry in
.Fa name
which matches
.Fa nid
or
.Fa obj .
If no such entry exists, -1 is returned.
At most
.Fa len
bytes will be written and the text written to
.Fa buf
will be NUL terminated.
The length of the output string written is returned excluding the
terminating NUL.
If
.Fa buf
is
.Dv NULL
then the amount of space needed in
.Fa buf
(excluding the final NUL) is returned.
.Pp
All relevant
.Dv NID_*
and
.Dv OBJ_*
codes can be found in the header files






.In openssl/obj_mac.h
and
.In openssl/objects.h .
.Pp
Applications which could pass invalid NIDs to
.Fn X509_NAME_get_index_by_NID
should check for the return value of -2.
Alternatively the NID validity can be determined first by checking that
.Fn OBJ_nid2obj nid
is not
.Dv NULL .
.Sh RETURN VALUES
.Fn X509_NAME_get_index_by_NID
and
.Fn X509_NAME_get_index_by_OBJ
return the index of the next matching entry or -1 if not found.
.Pp
.Fn X509_NAME_entry_count
returns the total number of entries.
.Pp
.Fn X509_NAME_get_entry
returns an
.Vt X509_NAME
pointer to the requested entry or
.Dv NULL
if the index is invalid.
.Sh EXAMPLES

Process all entries:
.Bd -literal

int i;
X509_NAME_ENTRY *e;

for (i = 0; i < X509_NAME_entry_count(nm); i++) {
	e = X509_NAME_get_entry(nm, i);
	/* Do something with e */

}
.Ed
.Pp
Process all commonName entries:
.Bd -literal

int lastpos = -1;
X509_NAME_ENTRY *e;


for (;;) {
	lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
	if (lastpos == -1)
		break;
	e = X509_NAME_get_entry(nm, lastpos);
	/* Do something with e */

}
.Ed
.Sh SEE ALSO
.Xr d2i_X509_NAME 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_NAME_new 3
.Sh CAVEATS
.Fn X509_NAME_get_text_by_NID
and
.Fn X509_NAME_get_text_by_OBJ
are legacy functions which have various limitations which make them of
minimal use in practice.
They can only find the first matching entry and will copy the contents
of the field verbatim: this can be highly confusing if the target is a
multicharacter string type like a
.Vt BMPString
or a
.Vt UTF8String .
.Pp
For a more general solution,
.Fn X509_NAME_get_index_by_NID

or
.Fn X509_NAME_get_index_by_OBJ
should be used, followed by
.Fn X509_NAME_get_entry



on any matching indices and then the various
.Vt X509_NAME_ENTRY
utility functions on the result.
Added jni/libressl/man/X509_NAME_new.3.
















































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
.\"	$OpenBSD: X509_NAME_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_NAME_NEW 3
.Os
.Sh NAME
.Nm X509_NAME_new ,
.Nm X509_NAME_free
.\" In the following line, "X.501" and "Name" are not typos.
.\" The "Name" type is defined in X.501, not in X.509.
.\" The type in called "Name" with capital "N", not "name".
.Nd X.501 Name object
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_NAME *
.Fn X509_NAME_new void
.Ft void
.Fn X509_NAME_free "X509_NAME *name"
.Sh DESCRIPTION
An X.501
.Vt Name
is an ordered sequence of relative distinguished names.
A relative distinguished name is a set of key-value pairs; see
.Xr X509_NAME_ENTRY_new 3
for details.
.Pp
Various X.509 structures contain X.501
.Vt Name
substructures.
They are for example used for the issuers of certificates and
certificate revocation lists and for the subjects of certificates
and certificate requests.
.Pp
.Fn X509_NAME_new
allocates and initializes an empty
.Vt X509_NAME
object, representing an ASN.1
.Vt Name
structure defined in RFC 5280 section 4.1.2.4.
Data can be added to such objects with the functions described in
.Xr X509_NAME_add_entry_by_txt 3 ,
and they can be inspected with the functions described in
.Xr X509_NAME_get_index_by_NID 3 .
.Pp
.Fn X509_NAME_free
frees
.Fa name
and all the
.Vt X509_NAME_ENTRY
objects contained in it.
.Sh RETURN VALUES
.Fn X509_NAME_new
returns a new
.Vt X509_NAME
object or
.Dv NULL
if an error occurred.
.Sh SEE ALSO
.Xr d2i_X509_NAME 3 ,
.Xr GENERAL_NAME_new 3 ,
.Xr NAME_CONSTRAINTS_new 3 ,
.Xr SSL_load_client_CA_file 3 ,
.Xr X509_get_subject_name 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_new 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_print_ex 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
.Pp
ITU-T Recommendation X.501, also known as ISO/IEC 9594-2:
Information Technology \(en Open Systems Interconnection \(en
The Directory: Models, section 9: Names
Changes to jni/libressl/man/X509_NAME_print_ex.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36


37
38
39
40
41
42
43
44
45
46

47


48





49
50
51



52
53
54
55


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

74
75
76
77
78
79
80






81

82
83
84
85
86
87
88

89
90
91
92
93

94




95


96




























97
98
99
100
101
102
103
104
105


106
107
108
109
110




111
112
113
114
115

116



117



118

119
120
121


122
123
124

125



126

127

128
129
130
131

132

133


134




135
136
137
138
139





140
141
142
143
144


145

146
147

148
149

150


151
152
153

154
155
156
157
158

159
160
161

162

163
164

165

166
167

168

169


170

171
172
173



.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\


.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"





.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the



.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_NAME_print_ex 3"

.TH X509_NAME_print_ex 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,






X509_NAME_oneline \- X509_NAME printing routines.

.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
\& int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);

\& char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
\& int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO \s0\fBout\fR.




Each line (for multiline formats) is indented by \fBindent\fR spaces. The output


format can be extensively customised by use of the \fBflags\fR parameter.




























.PP
\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output
is written to \s-1FILE\s0 pointer \fBfp\fR.
.PP
\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. At most \fBsize\fR
bytes will be written. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically
allocated and returned, otherwise \fBbuf\fR is returned.
.PP
\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR


characters. Multiple lines are used if the output (including indent) exceeds
80 characters.
.SH "NOTES"
.IX Header "NOTES"
The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR are legacy functions




which produce a non standard output form, they don't handle multi character
fields and have various quirks and inconsistencies. Their use is strongly
discouraged in new applications.
.PP
Although there are a large number of possible flags for most purposes

\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice.



As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page



for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example

\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used.
.PP
The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below.


.PP
Several options can be ored together.
.PP

The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR,



\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field

separators to use. Two distinct separators are used between distinct

RelativeDistinguishedName components and separate values in the same \s-1RDN\s0 for a
multi-valued \s-1RDN.\s0 Multi-valued RDNs are currently very rare so the second
separator will hardly ever be used.
.PP

\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators.

\&\fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR uses comma and plus with spaces: this is more readable


that plain comma and plus.  \fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and




plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses spaced newline and plus respectively.
.PP
If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order.
.PP
The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR,





\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will
use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always
use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not
recognised) and no field name respectively.
.PP


If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character

separating field names and values.
.PP

If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is
printed instead of the values.

.PP


If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this
is only of use for multiline format.
.PP

Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to
control how each field value is displayed.
.PP
In addition a number options can be set for commonly used formats.
.PP

\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it
is equivalent to:
 \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR

.PP

\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as:
 \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR

.PP

\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as:
 \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR

.PP

\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it


calls \fIX509_NAME_print()\fR internally.

.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIASN1_STRING_print_ex\fR\|(3)



|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
<
|
|
<
<
|
<
<
<
|
<
>
>
<
<
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
|
|
|
>
>
>
|

<
<
>
>
|
|
<
<
<
|
|
|
|
|
<
<
|
|
<
<
|
|
>
|
<
|
|
|
|
|
>
>
>
>
>
>
|
>
|
|
|
|
<
|
<
>
|
|
|
|
<
>
|
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
<
<
|
|
>
>
|
|
|
<
|
>
>
>
>
|
|
|
|
|
>
|
>
>
>
|
>
>
>
|
>
|
|
|
>
>
|
|
|
>
|
>
>
>
|
>
|
>
|
|
|
|
>
|
>
|
>
>
|
>
>
>
>
|
<
|
|
|
>
>
>
>
>
|
|
|
|
|
>
>
|
>
|
|
>
|
|
>
|
>
>
|
|
|
>
|
|
|
|
|
>
|
|
|
>
|
>
|
|
>
|
>
|
|
>
|
>
|
>
>
|
>
|
<
|
>
>
>
1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25

26
27


28



29

30
31




32


33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51


52
53
54
55



56
57
58
59
60


61
62


63
64
65
66

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

84

85
86
87
88
89

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132


133
134
135
136
137
138
139

140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251

252
253
254
255
.\"	$OpenBSD: X509_NAME_print_ex.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2004, 2007, 2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written




.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"


.Dd $Mdocdate: December 25 2016 $
.Dt X509_NAME_PRINT_EX 3
.Os
.Sh NAME



.Nm X509_NAME_print_ex ,
.Nm X509_NAME_print_ex_fp ,
.Nm X509_NAME_oneline ,
.Nm X509_NAME_print
.Nd X509_NAME printing routines


.Sh SYNOPSIS
.In openssl/x509.h


.Ft int
.Fo X509_NAME_print_ex
.Fa "BIO *out"
.Fa "X509_NAME *nm"

.Fa "int indent"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo X509_NAME_print_ex_fp
.Fa "FILE *fp"
.Fa "X509_NAME *nm"
.Fa "int indent"
.Fa "unsigned long flags"
.Fc
.Ft char *
.Fo X509_NAME_oneline
.Fa "X509_NAME *a"
.Fa "char *buf"
.Fa "int size"
.Fc
.Ft int

.Fo X509_NAME_print

.Fa "BIO *bp"
.Fa "X509_NAME *name"
.Fa "int obase"
.Fc
.Sh DESCRIPTION

.Fn X509_NAME_print_ex
prints a human readable version of
.Fa nm
to
.Vt BIO
.Fa out .
Each line (for multiline formats) is indented by
.Fa indent
spaces.
The output format can be extensively customised by use of the
.Fa flags
parameter.
.Pp
.Fn X509_NAME_print_ex_fp
is identical to
.Fn X509_NAME_print_ex
except the output is written to the
.Vt FILE
pointer
.Fa fp .
.Pp
.Fn X509_NAME_oneline
prints an ASCII version of
.Fa a
to
.Fa buf .
If
.Fa buf
is
.Dv NULL ,
then a buffer is dynamically allocated and returned, and
.Fa size
is ignored.
Otherwise, at most
.Fa size
bytes will be written, including the ending NUL, and
.Fa buf
is returned.
.Pp
.Fn X509_NAME_print
prints out
.Fa name
to


.Fa bp
indenting each line by
.Fa obase
characters.
Multiple lines are used if the output (including indent) exceeds 80
characters.
.Pp

The functions
.Fn X509_NAME_oneline
and
.Fn X509_NAME_print
are legacy functions which produce a non-standard output form.
They don't handle multi-character fields and have various quirks
and inconsistencies.
Their use is strongly discouraged in new applications.
.Pp
Although there are a large number of possible flags, for most purposes
.Dv XN_FLAG_ONELINE ,
.Dv XN_FLAG_MULTILINE ,
or
.Dv XN_FLAG_RFC2253
will suffice.
As noted on the
.Xr ASN1_STRING_print_ex 3
manual page, for UTF-8 terminals the
.Dv ASN1_STRFLGS_ESC_MSB
should be unset: so for example
.Dv XN_FLAG_ONELINE No & Pf ~ Dv ASN1_STRFLGS_ESC_MSB
would be used.
.Pp
The complete set of the flags supported by
.Dv X509_NAME_print_ex
is listed below.
.Pp
Several options can be OR'ed together.
.Pp
The options
.Dv XN_FLAG_SEP_COMMA_PLUS ,
.Dv XN_FLAG_SEP_CPLUS_SPC ,
.Dv XN_FLAG_SEP_SPLUS_SPC ,
and
.Dv XN_FLAG_SEP_MULTILINE
determine the field separators to use.
Two distinct separators are used between distinct
.Vt RelativeDistinguishedName
components and separate values in the same RDN for a multi-valued RDN.
Multi-valued RDNs are currently very rare so the second separator
will hardly ever be used.
.Pp
.Dv XN_FLAG_SEP_COMMA_PLUS
uses comma and plus as separators.
.Dv XN_FLAG_SEP_CPLUS_SPC
uses comma and plus with spaces:
this is more readable that plain comma and plus.
.Dv XN_FLAG_SEP_SPLUS_SPC
uses spaced semicolon and plus.
.Dv XN_FLAG_SEP_MULTILINE
uses spaced newline and plus respectively.
.Pp
If
.Dv XN_FLAG_DN_REV

is set, the whole DN is printed in reversed order.
.Pp
The fields
.Dv XN_FLAG_FN_SN ,
.Dv XN_FLAG_FN_LN ,
.Dv XN_FLAG_FN_OID ,
and
.Dv XN_FLAG_FN_NONE
determine how a field name is displayed.
It will use the short name (e.g. CN), the long name (e.g. commonName),
always use OID numerical form (normally OIDs are only used if the
field name is not recognised) and no field name, respectively.
.Pp
If
.Dv XN_FLAG_SPC_EQ
is set, then spaces will be placed around the
.Ql =
character separating field names and values.
.Pp
If
.Dv XN_FLAG_DUMP_UNKNOWN_FIELDS
is set, then the encoding of unknown fields is printed instead of the
values.
.Pp
If
.Dv XN_FLAG_FN_ALIGN
is set, then field names are padded to 20 characters:
this is only of use for multiline format.
.Pp
Additionally, all the options supported by
.Xr ASN1_STRING_print_ex 3
can be used to control how each field value is displayed.
.Pp
In addition a number of options can be set for commonly used formats.
.Pp
.Dv XN_FLAG_RFC2253
sets options which produce an output compatible with RFC 2253.
It is equivalent to
.Dv ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV |
.Dv XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS .
.Pp
.Dv XN_FLAG_ONELINE
is a more readable one line format which is the same as:
.Dv ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC |
.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_SN .
.Pp
.Dv XN_FLAG_MULTILINE
is a multiline format which is the same as:
.Dv ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE |
.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN .
.Pp
.Dv XN_FLAG_COMPAT
uses a format identical to
.Fn X509_NAME_print :
in fact it calls
.Fn X509_NAME_print
internally.
.Sh SEE ALSO

.Xr ASN1_STRING_print_ex 3 ,
.Xr d2i_X509_NAME 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_new 3
Added jni/libressl/man/X509_PUBKEY_new.3.
































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
.\"	$OpenBSD: X509_PUBKEY_new.3,v 1.5 2016/12/28 14:06:06 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt X509_PUBKEY_NEW 3
.Os
.Sh NAME
.Nm X509_PUBKEY_new ,
.Nm X509_PUBKEY_free ,
.Nm X509_PUBKEY_set ,
.Nm X509_PUBKEY_get ,
.Nm d2i_PUBKEY ,
.Nm i2d_PUBKEY ,
.Nm d2i_PUBKEY_bio ,
.Nm d2i_PUBKEY_fp ,
.Nm i2d_PUBKEY_fp ,
.Nm i2d_PUBKEY_bio ,
.Nm X509_PUBKEY_set0_param ,
.Nm X509_PUBKEY_get0_param
.Nd X.509 SubjectPublicKeyInfo structure
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_PUBKEY *
.Fn X509_PUBKEY_new void
.Ft void
.Fo X509_PUBKEY_free
.Fa "X509_PUBKEY *a"
.Fc
.Ft int
.Fo X509_PUBKEY_set
.Fa "X509_PUBKEY **x"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft EVP_PKEY *
.Fo X509_PUBKEY_get
.Fa "X509_PUBKEY *key"
.Fc
.Ft EVP_PKEY *
.Fo d2i_PUBKEY
.Fa "EVP_PKEY **a"
.Fa "const unsigned char **pp"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PUBKEY
.Fa "EVP_PKEY *a"
.Fa "unsigned char **pp"
.Fc
.Ft EVP_PKEY *
.Fo d2i_PUBKEY_bio
.Fa "BIO *bp"
.Fa "EVP_PKEY **a"
.Fc
.Ft EVP_PKEY *
.Fo d2i_PUBKEY_fp
.Fa "FILE *fp"
.Fa "EVP_PKEY **a"
.Fc
.Ft int
.Fo i2d_PUBKEY_fp
.Fa "FILE *fp"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo i2d_PUBKEY_bio
.Fa "BIO *bp"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
.Fo X509_PUBKEY_set0_param
.Fa "X509_PUBKEY *pub"
.Fa "ASN1_OBJECT *aobj"
.Fa "int ptype"
.Fa "void *pval"
.Fa "unsigned char *penc"
.Fa "int penclen"
.Fc
.Ft int
.Fo X509_PUBKEY_get0_param
.Fa "ASN1_OBJECT **ppkalg"
.Fa "const unsigned char **pk"
.Fa "int *ppklen"
.Fa "X509_ALGOR **pa"
.Fa "X509_PUBKEY *pub"
.Fc
.Sh DESCRIPTION
The
.Vt X509_PUBKEY
structure represents the ASN.1
.Vt SubjectPublicKeyInfo
structure defined in RFC 5280 section 4.1 and used in certificates
and certificate requests.
.Pp
.Fn X509_PUBKEY_new
allocates and initializes an
.Vt X509_PUBKEY
structure.
.Pp
.Fn X509_PUBKEY_free
frees up the
.Vt X509_PUBKEY
structure
.Fa a .
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn X509_PUBKEY_set
sets the public key in
.Pf * Fa x
to the public key contained in the
.Vt EVP_PKEY
structure
.Fa pkey .
If
.Pf * Fa x
is not
.Dv NULL ,
any existing public key structure will be freed.
.Pp
.Fn X509_PUBKEY_get
returns the public key contained in
.Fa key .
The reference
count on the returned key is incremented so it must be freed using
.Xr EVP_PKEY_free 3
after use.
.Pp
.Fn d2i_PUBKEY
and
.Fn i2d_PUBKEY
decode and encode an
.Vt EVP_PKEY
structure using
.Vt SubjectPublicKeyInfo
format.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Fn d2i_PUBKEY_bio ,
.Fn d2i_PUBKEY_fp ,
.Fn i2d_PUBKEY_bio
and
.Fn i2d_PUBKEY_fp
are similar except they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn X509_PUBKEY_set0_param
sets the public key parameters of
.Fa pub .
The OID associated with the algorithm is set to
.Fa aobj .
The type of the algorithm parameters is set to
.Fa ptype
using the structure
.Fa pval .
The encoding of the public key itself is set to the
.Fa penclen
bytes contained in buffer
.Fa penc .
On success ownership of all the supplied parameters is passed to
.Fa pub
so they must not be freed after the call.
.Pp
.Fn X509_PUBKEY_get0_param
retrieves the public key parameters from
.Fa pub ,
.Pf * Fa ppkalg
is set to the associated OID and the encoding consists of
.Pf * Fa ppklen
bytes at
.Pf * Fa pk ,
and
.Pf * Fa pa
is set to the associated
.Vt AlgorithmIdentifier
for the public key.
If the value of any of these parameters is not required,
it can be set to
.Dv NULL .
All of the retrieved pointers are internal and must not be freed after
the call.
.Sh RETURN VALUES
If the allocation fails,
.Fn X509_PUBKEY_new
returns
.Dv NULL
and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Pp
.Fn X509_PUBKEY_get ,
.Fn d2i_PUBKEY ,
.Fn d2i_PUBKEY_bio ,
and
.Fn d2i_PUBKEY_fp
return a pointer to an
.Vt EVP_PKEY
structure or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PUBKEY
returns the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp
.Fn X509_PUBKEY_set ,
.Fn X509_PUBKEY_set0_param ,
.Fn X509_PUBKEY_get0_param ,
.Fn i2d_PUBKEY_fp ,
and
.Fn i2d_PUBKEY_bio
return 1 for success and 0 if an error occurred.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_ALGOR_new 3 ,
.Xr X509_get_pubkey 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Added jni/libressl/man/X509_REQ_new.3.








































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
.\"	$OpenBSD: X509_REQ_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_REQ_NEW 3
.Os
.Sh NAME
.Nm X509_REQ_new ,
.Nm X509_REQ_free ,
.Nm X509_REQ_INFO_new ,
.Nm X509_REQ_INFO_free
.Nd PKCS#10 certification requests
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_REQ *
.Fn X509_REQ_new void
.Ft void
.Fn X509_REQ_free "X509_REQ *req"
.Ft X509_REQ_INFO *
.Fn X509_REQ_INFO_new void
.Ft void
.Fn X509_REQ_INFO_free "X509_REQ_INFO *req_info"
.Sh DESCRIPTION
.Fn X509_REQ_new
allocates and initializes an empty
.Vt X509_REQ
object, representing an ASN.1
.Vt CertificationRequest
structure defined in RFC 2986 section 4.2.
It can hold a pointer to an
.Vt X509_REQ_INFO
object discussed below together with a cryptographic signature and
information about the signature algorithm used.
.Fn X509_REQ_free
frees
.Fa req .
.Pp
.Fn X509_REQ_INFO_new
allocates and initializes an empty
.Vt X509_REQ_INFO
object, representing an ASN.1
.Vt CertificationRequestInfo
structure defined in RFC 2986 section 4.1.
It is used inside the
.Vt X509_REQ
object and can hold the subject and the public key of the requested
certificate and additional attributes.
.Fn X509_REQ_INFO_free
frees
.Fa req_info .
.Sh RETURN VALUES
.Fn X509_REQ_new
and
.Fn X509_REQ_INFO_new
return the new
.Vt X509_REQ
or
.Vt X509_REQ_INFO
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr d2i_X509_REQ 3 ,
.Xr PEM_read_X509_REQ 3 ,
.Xr X509_new 3 ,
.Xr X509_REQ_get_pubkey 3 ,
.Xr X509_REQ_get_subject_name 3 ,
.Xr X509_REQ_get_version 3 ,
.Xr X509_REQ_sign 3
.Sh STANDARDS
RFC 2986: PKCS #10: Certification Request Syntax Specification
Added jni/libressl/man/X509_REVOKED_new.3.






































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
.\"	$OpenBSD: X509_REVOKED_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL X509_CRL_get0_by_serial.pod 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_REVOKED_NEW 3
.Os
.Sh NAME
.Nm X509_REVOKED_new ,
.Nm X509_REVOKED_free ,
.Nm X509_REVOKED_set_serialNumber ,
.Nm X509_REVOKED_set_revocationDate
.Nd create and change an X.509 CRL revoked entry
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_REVOKED *
.Fn X509_REVOKED_new void
.Ft void
.Fn X509_REVOKED_free "X509_REVOKED *r"
.Ft int
.Fo X509_REVOKED_set_serialNumber
.Fa "X509_REVOKED *r"
.Fa "ASN1_INTEGER *serial"
.Fc
.Ft int
.Fo X509_REVOKED_set_revocationDate
.Fa "X509_REVOKED *r"
.Fa "ASN1_TIME *tm"
.Fc
.Sh DESCRIPTION
.Fn X509_REVOKED_new
allocates and initializes an empty
.Vt X509_REVOKED
object, representing one of the elements of
the revokedCertificates field of the ASN.1
.Vt TBSCertList
structure defined in RFC 5280 section 5.1.
It is used by
.Vt X509_CRL
objects and can hold information about one revoked certificate
including issuer names, serial number, revocation date, and revocation
reason.
.Pp
.Fn X509_REVOKED_free
frees
.Fa r .
.Pp
.Fn X509_REVOKED_set_serialNumber
sets the serial number of
.Fa r
to
.Fa serial .
The supplied
.Fa serial
pointer is not used internally so it should be freed up after use.
.Pp
.Fn X509_REVOKED_set_revocationDate
sets the revocation date of
.Fa r
to
.Fa tm .
The supplied
.Fa tm
pointer is not used internally so it should be freed up after use.
.Sh RETURN VALUES
.Fn X509_REVOKED_new
returns the new
.Vt X509_REVOKED
object or
.Dv NULL
if an error occurs.
.Pp
.Fn X509_REVOKED_set_serialNumber
and
.Fn X509_REVOKED_set_revocationDate
return 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr d2i_X509_CRL 3 ,
.Xr ERR_get_error 3 ,
.Xr PEM_read_X509_CRL 3 ,
.Xr X509_CRL_get0_by_serial 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile, section 5.1: CRL Fields
Added jni/libressl/man/X509_SIG_new.3.


























































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
.\"	$OpenBSD: X509_SIG_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_SIG_NEW 3
.Os
.Sh NAME
.Nm X509_SIG_new ,
.Nm X509_SIG_free
.Nd PKCS#7 digest information
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_SIG *
.Fn X509_SIG_new void
.Ft void
.Fn X509_SIG_free "X509_SIG *sig"
.Sh DESCRIPTION
.Fn X509_SIG_new
allocates and initializes an empty
.Vt X509_SIG
object, representing an ASN.1
.Vt DigestInfo
structure defined in RFC 2315 section 9.4
and equivalently in RFC 8017 section 9.2.
It can hold a message digest together with information about
the algorithm used.
.Pp
.Fn X509_SIG_free
frees
.Fa sig .
.Sh RETURN VALUES
.Fn X509_SIG_new
returns the new
.Vt X509_SIG
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr d2i_X509_SIG 3 ,
.Xr PEM_read_PKCS8 3 ,
.Xr RSA_sign 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 2315: PKCS #7: Cryptographic Message Syntax,
section 9: Signed-data content type
.Pp
RFC 8017: PKCS #1: RSA Cryptography Specifications,
section 9: Encoding Methods for Signatures
Changes to jni/libressl/man/X509_STORE_CTX_get_error.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16




17
18
19
20
21
22

23
24
25
26
27
28
29
30
31

32
33
34
35

36
37
38
39






40
41
42
43
44
45
46
47


48




49
50
51
52
53
54
55


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73







74









75
76
77
78




79


80







81


82

83
84
85
86
87
88
89
90
91
92
93
94






95
96

97
98
99
100
101
102

103

104
105



106
107
108
109
110
111

112
113
114


115

116
117
118
119
120
121
122
123

124
125
126
127
128

129
130



131
132
133



134

135
136

137

138
139
140
141

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159






160
161
162
163
164
165
166
167
168
169
170

171
172
173
174
175
176
177
178

179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203

204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246


247
248
249
250
251

252
253


254
255
256
257

258
259


260
261
262
263

264

265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281

282
283
284

285
286
287
288
289
290
291
292
293
294
295
296
297
298

299
300
301
302
303
304

305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}

.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``






.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '


.\"




.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_error 3"







.TH X509_STORE_CTX_get_error 3 "2017-01-09" "LibreSSL " "LibreSSL"









.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh




.SH "NAME"


X509_STORE_CTX_get_error, X509_STORE_CTX_set_error,







X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert,


X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set

certificate verification status information
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/x509.h>
\& #include <openssl/x509_vfy.h>
\&
\& int    X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
\& void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
\& int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
\& X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
\&






\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
\&

\& const char *X509_verify_cert_error_string(long n);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions are typically called after \fIX509_verify_cert()\fR has indicated
an error or in a verification callback to determine the nature of an error.

.PP

\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see
the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes.



.PP
\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example
it might be used in a verification callback to set an error based on additional
checks.
.PP
\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a

non-negative integer representing where in the certificate chain the error
occurred. If it is zero it occurred in the end entity certificate, one if
it is the certificate which signed the end entity certificate and so on.


.PP

\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which
caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant.
.PP
\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous
call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR
is \fBnot\fR successful the returned chain may be incomplete or invalid. The
returned chain persists after the \fBctx\fR structure is freed, when it is
no longer needed it should be free up using:

.PP
.Vb 1
\&  sk_X509_pop_free(chain, X509_free);
.Ve
.PP

\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for
verification error \fBn\fR.



.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code.



.PP

\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth.
.PP

\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the

error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error.
.PP
\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for
verification error \fBn\fR.

.SH "ERROR CODES"
.IX Header "ERROR CODES"
A list of error codes and messages is shown below.  Some of the
error codes are defined but currently never returned: these are described as
\&\*(L"unused\*(R".
.IP "\fBX509_V_OK: ok\fR" 4
.IX Item "X509_V_OK: ok"
the operation was successful.
.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate"
the issuer certificate could not be found: this occurs if the issuer certificate
of an untrusted certificate cannot be found.
.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL"
the \s-1CRL\s0 of a certificate could not be found.
.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature"
the certificate signature could not be decrypted. This means that the actual






signature value could not be determined rather than it not matching the
expected value, this is only meaningful for \s-1RSA\s0 keys.
.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature"
the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature
value could not be determined rather than it not matching the expected value.
Unused.
.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key"
the public key in the certificate SubjectPublicKeyInfo could not be read.
.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4

.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure"
the signature of the certificate is invalid.
.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4
.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure"
the signature of the certificate is invalid.
.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4
.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid"
the certificate is not yet valid: the notBefore date is after the current time.

.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4
.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired"
the certificate has expired: that is the notAfter date is before the current
time.
.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4
.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid"
the \s-1CRL\s0 is not yet valid.
.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4
.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired"
the \s-1CRL\s0 has expired.
.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4
.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field"
the certificate notBefore field contains an invalid time.
.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4
.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field"
the certificate notAfter field contains an invalid time.
.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4
.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field"
the \s-1CRL\s0 lastUpdate field contains an invalid time.
.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4
.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field"
the \s-1CRL\s0 nextUpdate field contains an invalid time.
.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4
.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory"
an error occurred trying to allocate memory. This should never happen.

.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4
.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate"
the passed certificate is self signed and the same certificate cannot be found
in the list of trusted certificates.
.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4
.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain"
the certificate chain could be built up using the untrusted certificates but
the root could not be found locally.
.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate"
the issuer certificate of a locally looked up certificate could not be found.
This normally means the list of trusted certificates is not complete.
.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4
.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate"
no signatures could be verified because the chain contains only one certificate
and it is not self signed.
.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4
.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long"
the certificate chain length is greater than the supplied maximum depth. Unused.

.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4
.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked"
the certificate has been revoked.
.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4
.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate"
a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not
consistent with the supplied purpose.
.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4
.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded"
the basicConstraints pathlength parameter has been exceeded.
.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4
.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose"
the supplied certificate cannot be used for the specified purpose.
.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4
.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted"
the root \s-1CA\s0 is not marked as trusted for the specified purpose.
.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4
.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected"
the root \s-1CA\s0 is marked to reject the specified purpose.
.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4
.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch"
the current candidate issuer certificate was rejected because its subject name
did not match the issuer name of the current certificate. This is only set
if issuer check debugging is enabled it is used for status notification and


is \fBnot\fR in itself an error.
.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4
.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch"
the current candidate issuer certificate was rejected because its subject key
identifier was present and did not match the authority key identifier current

certificate. This is only set if issuer check debugging is enabled it is used
for status notification and is \fBnot\fR in itself an error.


.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4
.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch"
the current candidate issuer certificate was rejected because its issuer name
and serial number was present and did not match the authority key identifier of

the current certificate. This is only set if issuer check debugging is enabled
it is used for status notification and is \fBnot\fR in itself an error.


.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4
.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing"
the current candidate issuer certificate was rejected because its keyUsage
extension does not permit certificate signing. This is only set if issuer check

debugging is enabled it is used for status notification and is \fBnot\fR in itself

an error.
.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4
.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension"
A certificate extension had an invalid value (for example an incorrect
encoding) or some value inconsistent with other extensions.
.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4
.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension"
A certificate policies extension had an invalid value (for example an incorrect
encoding) or some value inconsistent with other extensions. This error only
occurs if policy processing is enabled.
.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4
.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy"
The verification flags were set to require and explicit policy but none was
present.
.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4
.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope"
The only CRLs that could be found did not match the scope of the certificate.

.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4
.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature"
Some feature of a certificate extension is not supported. Unused.

.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4
.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation"
A name constraint violation occurred in the permitted subtrees.
.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4
.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation"
A name constraint violation occurred in the excluded subtrees.
.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4
.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported"
A certificate name constraints extension included a minimum or maximum field:
this is not supported.
.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4
.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type"
An unsupported name constraint type was encountered. OpenSSL currently only
supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types.

.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4
.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax"
The format of the name constraint is not recognised: for example an email
address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by
a garbage extension or some new feature not currently supported.
.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4

.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error"
An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only
happen if extended \s-1CRL\s0 checking is enabled.
.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4
.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure"
an application specific error. This will never be returned unless explicitly
set by an application.
.SH "NOTES"
.IX Header "NOTES"
The above functions should be used instead of directly referencing the fields
in the \fBX509_VERIFY_CTX\fR structure.
.PP
In versions of OpenSSL before 1.0 the current certificate returned by
\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should
check the return value before printing out any debugging information relating
to the current certificate.
.PP
If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the
numerical value of the unknown code is returned in a static buffer. This is not
thread safe but will never happen unless an invalid code is passed.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_verify_cert\fR\|(3)
|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
|
>
>
>
>
|
<
<
<
|
|
>
|
|
<
|
|
|
<
<
|
>
|
|
|
|
>
|
|
|
|
>
>
>
>
>
>
|
<
<
<

<
<
<
>
>
|
>
>
>
>
|
|
|
|
|
|
|
>
>
|
|
<
<
|
|
|
|
<
<
<
<
<
|
<
<
<
|
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
<
|
|
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
|
>
>
|
>
|
<
<
|
<
<
<
<
<
<
|
<
>
>
>
>
>
>
|
<
>
|
|
|
<
|
<
>
|
>
|
|
>
>
>
|
|
|
|
|
<
>
|
<
<
>
>
|
>
|
|
|
<
<
<
<
|
>
|
<
<
<
<
>
|
<
>
>
>
|
<
|
>
>
>
|
>
|
|
>
|
>
|
|
|
|
>
|
<
|
|
|
|
|
|
|
|
|
|
<
|
|
|
|
|
>
>
>
>
>
>

|
<
<
<
<

|
|
|
|
>
|
|
<
|
|
<
|
|
>
|
<
|
|
<
|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
|
>
|
<
|
|
|
|
|
|
|
|
|

|
|
|
|
<
|
|
>
|
<
|
|
|
|
|
<
|
|
<
|
|
|
<
|
|
<
|
<
|
|
|
|
>
>
|
|
|
|
|
>
|
|
>
>
|
|
|
|
>
|
|
>
>
|
|
|
|
>
|
>
|
|
|


|
|
|
|
|
|
<
|
|
<
|
|
>
|
|
|
>
|
<

<
|

|
|
|
|
|
|
|
|
>
|
|
|
|
|
<
>
|
|
|
|
|
|
|
<
<
<
<
|
<
<
<
<
<
<
<
<
|
<
|
1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18

19
20
21
22
23
24



25
26
27
28
29

30
31
32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50



51



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69


70
71
72
73





74



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116


117






118

119
120
121
122
123
124
125

126
127
128
129

130

131
132
133
134
135
136
137
138
139
140
141
142
143

144
145


146
147
148
149
150
151
152




153
154
155




156
157

158
159
160
161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

179
180
181
182
183
184
185
186
187
188

189
190
191
192
193
194
195
196
197
198
199
200
201




202
203
204
205
206
207
208
209

210
211

212
213
214
215

216
217

218
219

220
221
222
223
224
225
226
227
228
229
230
231
232
233

234
235
236
237

238
239
240
241
242
243
244
245
246
247
248
249
250
251

252
253
254
255

256
257
258
259
260

261
262

263
264
265

266
267

268

269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311

312
313

314
315
316
317
318
319
320
321

322

323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338

339
340
341
342
343
344
345
346




347








348

349
.\"	$OpenBSD: X509_STORE_CTX_get_error.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2013, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.

.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"



.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"

.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.



.\"



.Dd $Mdocdate: December 25 2016 $
.Dt X509_STORE_CTX_GET_ERROR 3
.Os
.Sh NAME
.Nm X509_STORE_CTX_get_error ,
.Nm X509_STORE_CTX_set_error ,
.Nm X509_STORE_CTX_get_error_depth ,
.Nm X509_STORE_CTX_get_current_cert ,
.Nm X509_STORE_CTX_get1_chain ,
.Nm X509_verify_cert_error_string
.Nd get or set certificate verification status information
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_STORE_CTX_get_error
.Fa "X509_STORE_CTX *ctx"
.Fc
.Ft void


.Fo X509_STORE_CTX_set_error
.Fa "X509_STORE_CTX *ctx"
.Fa "int s"
.Fc





.Ft int



.Fo X509_STORE_CTX_get_error_depth
.Fa "X509_STORE_CTX *ctx"
.Fc
.Ft X509 *
.Fo X509_STORE_CTX_get_current_cert
.Fa "X509_STORE_CTX *ctx"
.Fc
.Ft STACK_OF(X509) *
.Fo X509_STORE_CTX_get1_chain
.Fa "X509_STORE_CTX *ctx"
.Fc
.Ft const char *
.Fo X509_verify_cert_error_string
.Fa "long n"
.Fc
.Sh DESCRIPTION
These functions are typically called after
.Xr X509_verify_cert 3
has indicated an error or in a verification callback to determine the

nature of an error.
.Pp
.Fn X509_STORE_CTX_get_error
returns the error code of
.Fa ctx .
See the
.Sy ERROR CODES
section for a full description of all error codes.
.Pp
.Fn X509_STORE_CTX_set_error
sets the error code of
.Fa ctx
to
.Fa s .
For example it might be used in a verification callback to set an error
based on additional checks.
.Pp
.Fn X509_STORE_CTX_get_error_depth
returns the depth of the error.
This is a non-negative integer representing where in the certificate
chain the error occurred.
If it is zero, it occurred in the end entity certificate, one if it is
the certificate which signed the end entity certificate, and so on.


.Pp






.Fn X509_STORE_CTX_get_current_cert

returns the certificate in
.Fa ctx
which caused the error or
.Dv NULL
if no certificate is relevant.
.Pp
.Fn X509_STORE_CTX_get1_chain

returns a complete validate chain if a previous call to
.Xr X509_verify_cert 3
is successful.
If the call to

.Xr X509_verify_cert 3

is
.Sy not
successful, the returned chain may be incomplete or invalid.
The returned chain persists after the
.Fa ctx
structure is freed.
When it is no longer needed, it should be freed up using
.Fn sk_X509_pop_free chain X509_free .
.Pp
.Fn X509_verify_cert_error_string
returns a human readable error string for verification error
.Fa n .
.Pp

The above functions should be used instead of directly referencing the
fields in the


.Sy X509_VERIFY_CTX
structure.
.Pp
In versions of OpenSSL before 1.0, the current certificate returned by
.Fn X509_STORE_CTX_get_current_cert
was never
.Dv NULL .




Applications should check the return value before printing out any
debugging information relating to the current certificate.
.Pp




If an unrecognised error code is passed to
.Fn X509_verify_cert_error_string ,

the numerical value of the unknown code is returned in a static buffer.
This is not thread safe but will never happen unless an invalid code is
passed.
.Sh RETURN VALUES

.Fn X509_STORE_CTX_get_error
returns
.Dv X509_V_OK
or an error code.
.Pp
.Fn X509_STORE_CTX_get_error_depth
returns a non-negative error depth.
.Pp
.Fn X509_STORE_CTX_get_current_cert
returns the certificate which caused the error or
.Dv NULL
if no certificate is relevant to the error.
.Pp
.Fn X509_verify_cert_error_string
returns a human readable error string for verification error
.Fa n .
.Sh ERROR CODES

A list of error codes and messages is shown below.
Some of the error codes are defined but currently never returned:
these are described as "unused".
.Bl -tag -width Ds
.It Dv X509_V_OK : No ok
The operation was successful.
.It Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT : \
 No unable to get issuer certificate
The issuer certificate could not be found: this occurs if the issuer
certificate of an untrusted certificate cannot be found.

.It Dv X509_V_ERR_UNABLE_TO_GET_CRL : No unable to get certificate CRL
The CRL of a certificate could not be found.
.It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE : \
 No unable to decrypt certificate's signature
The certificate signature could not be decrypted.
This means that the actual signature value could not be determined
rather than it not matching the expected value.
This is only meaningful for RSA keys.
.It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE : \
 No unable to decrypt CRL's signature
The CRL signature could not be decrypted: this means that the actual
signature value could not be determined rather than it not matching the
expected value.




Unused.
.It Dv X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY : \
 No unable to decode issuer public key
The public key in the certificate
.Vt SubjectPublicKeyInfo
could not be read.
.It Dv X509_V_ERR_CERT_SIGNATURE_FAILURE : No certificate signature failure
The signature of the certificate is invalid.

.It Dv X509_V_ERR_CRL_SIGNATURE_FAILURE : No CRL signature failure
The signature of the certificate is invalid.

.It Dv X509_V_ERR_CERT_NOT_YET_VALID : No certificate is not yet valid
The certificate is not yet valid: the notBefore date is after the
current time.
.It Dv X509_V_ERR_CERT_HAS_EXPIRED : No certificate has expired

The certificate has expired: that is the notAfter date is before the
current time.

.It Dv X509_V_ERR_CRL_NOT_YET_VALID : No CRL is not yet valid
The CRL is not yet valid.

.It Dv X509_V_ERR_CRL_HAS_EXPIRED : No CRL has expired
The CRL has expired.
.It Dv X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD : \
 No format error in certificate's notBefore field
The certificate notBefore field contains an invalid time.
.It Dv X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD : \
 No format error in certificate's notAfter field
The certificate notAfter field contains an invalid time.
.It Dv X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD : \
 No format error in CRL's lastUpdate field
The CRL lastUpdate field contains an invalid time.
.It Dv X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD : \
 No format error in CRL's nextUpdate field
The CRL nextUpdate field contains an invalid time.

.It Dv X509_V_ERR_OUT_OF_MEM : No out of memory
An error occurred trying to allocate memory.
This should never happen.
.It Dv X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT : No self signed certificate

The passed certificate is self signed and the same certificate cannot be
found in the list of trusted certificates.
.It Dv X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN : \
 No self signed certificate in certificate chain
The certificate chain could be built up using the untrusted certificates
but the root could not be found locally.
.It Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY : \
 No unable to get local issuer certificate
The issuer certificate of a locally looked up certificate could not be found.
This normally means the list of trusted certificates is not complete.
.It Dv X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE : \
 No unable to verify the first certificate
No signatures could be verified because the chain contains only one
certificate and it is not self signed.

.It Dv X509_V_ERR_CERT_CHAIN_TOO_LONG : No certificate chain too long
The certificate chain length is greater than the supplied maximum depth.
Unused.
.It Dv X509_V_ERR_CERT_REVOKED : No certificate revoked

The certificate has been revoked.
.It Dv X509_V_ERR_INVALID_CA : No invalid CA certificate
A CA certificate is invalid.
Either it is not a CA or its extensions are not consistent with the
supplied purpose.

.It Dv X509_V_ERR_PATH_LENGTH_EXCEEDED : No path length constraint exceeded
The basicConstraints path-length parameter has been exceeded.

.It Dv X509_V_ERR_INVALID_PURPOSE : No unsupported certificate purpose
The supplied certificate cannot be used for the specified purpose.
.It Dv X509_V_ERR_CERT_UNTRUSTED : No certificate not trusted

The root CA is not marked as trusted for the specified purpose.
.It Dv X509_V_ERR_CERT_REJECTED : No certificate rejected

The root CA is marked to reject the specified purpose.

.It Dv X509_V_ERR_SUBJECT_ISSUER_MISMATCH : No subject issuer mismatch
The current candidate issuer certificate was rejected because its
subject name did not match the issuer name of the current certificate.
This is only set if issuer check debugging is enabled; it is used for
status notification and is
.Sy not
in itself an error.
.It Dv X509_V_ERR_AKID_SKID_MISMATCH : \
 No authority and subject key identifier mismatch
The current candidate issuer certificate was rejected because its
subject key identifier was present and did not match the authority key
identifier current certificate.
This is only set if issuer check debugging is enabled; it is used for
status notification and is
.Sy not
in itself an error.
.It Dv X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH : \
 Noauthority and issuer serial number mismatch
The current candidate issuer certificate was rejected because its issuer
name and serial number was present and did not match the authority key
identifier of the current certificate.
This is only set if issuer check debugging is enabled; it is used for
status notification and is
.Sy not
in itself an error.
.It Dv X509_V_ERR_KEYUSAGE_NO_CERTSIGN : \
 No key usage does not include certificate signing
The current candidate issuer certificate was rejected because its
keyUsage extension does not permit certificate signing.
This is only set if issuer check debugging is enabled it is used for
status notification and is
.Sy not
in itself an error.
.It Dv X509_V_ERR_INVALID_EXTENSION : \
 No invalid or inconsistent certificate extension
A certificate extension had an invalid value (for example an incorrect
encoding) or some value inconsistent with other extensions.
.It Dv X509_V_ERR_INVALID_POLICY_EXTENSION : \
 No invalid or inconsistent certificate policy extension
A certificate policies extension had an invalid value (for example an
incorrect encoding) or some value inconsistent with other extensions.
This error only occurs if policy processing is enabled.
.It Dv X509_V_ERR_NO_EXPLICIT_POLICY : No no explicit policy

The verification flags were set to require an explicit policy but none
was present.

.It Dv X509_V_ERR_DIFFERENT_CRL_SCOPE : No different CRL scope
The only CRLs that could be found did not match the scope of the
certificate.
.It Dv X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE : \
 No unsupported extension feature
Some feature of a certificate extension is not supported.
Unused.
.It Dv X509_V_ERR_PERMITTED_VIOLATION : No permitted subtree violation

A name constraint violation occurred in the permitted subtrees.

.It Dv X509_V_ERR_EXCLUDED_VIOLATION : No excluded subtree violation
A name constraint violation occurred in the excluded subtrees.
.It Dv X509_V_ERR_SUBTREE_MINMAX : \
 No name constraints minimum and maximum not supported
A certificate name constraints extension included a minimum or maximum
field: this is not supported.
.It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE : \
 No unsupported name constraint type
An unsupported name constraint type was encountered.
OpenSSL currently only supports directory name, DNS name, email and URI
types.
.It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX : \
 No unsupported or invalid name constraint syntax
The format of the name constraint is not recognised: for example an
email address format of a form not mentioned in RFC 3280.
This could be caused by a garbage extension or some new feature not

currently supported.
.It Dv X509_V_ERR_CRL_PATH_VALIDATION_ERROR : No CRL path validation error
An error occurred when attempting to verify the CRL path.
This error can only happen if extended CRL checking is enabled.
.It Dv X509_V_ERR_APPLICATION_VERIFICATION : \
 No application verification failure
An application specific error.
This will never be returned unless explicitly set by an application.




.El








.Sh SEE ALSO

.Xr X509_verify_cert 3
Changes to jni/libressl/man/X509_STORE_CTX_get_ex_new_index.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48









49
50
51
52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

74
75


76


77



78
79
80





81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99


100
101



102
103
104



105

106
107
108
109
110
111
112


113
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"









.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_ex_new_index 3"

.TH X509_STORE_CTX_get_ex_new_index 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes


.\" way too many mistakes in technical documents.


.if n .ad l



.nh
.SH "NAME"
X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data,





X509_STORE_CTX_get_ex_data \- add application specific data to X509_STORE_CTX
structures
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509_vfy.h>
\&
\& int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
\&                CRYPTO_EX_new *new_func,
\&                CRYPTO_EX_dup *dup_func,
\&                CRYPTO_EX_free *free_func);
\&
\& int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
\&
\& void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions handle application specific data in X509_STORE_CTX structures.


Their usage is identical to that of \fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR
and \fIRSA_get_ex_data()\fR as described in \fIRSA_get_ex_new_index\fR\|(3).



.SH "NOTES"
.IX Header "NOTES"
This mechanism is used internally by the \fBssl\fR library to store the \fB\s-1SSL\s0\fR



structure associated with a verification operation in an \fBX509_STORE_CTX\fR

structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIRSA_get_ex_new_index\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIX509_STORE_CTX_get_ex_new_index()\fR, \fIX509_STORE_CTX_set_ex_data()\fR and


\&\fIX509_STORE_CTX_get_ex_data()\fR are available since OpenSSL 0.9.5.
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
<
<
<
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
|
|
<
|

>
|
<
<
<
<
<
<
<
<
|
<
<
<
<
<
|
<
<
<
|
>
|
|
>
>
|
>
>
|
>
>
>
|
|
|
>
>
>
>
>
|
<
|
|
<
<
<
<
<
<
<
<
<
<
<
|
|
<
|
>
>
|
|
>
>
>
|
<
|
>
>
>
|
>

|
<
|
|
|
|
>
>
|
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27



28


29
30


31


32


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

49
50
51
52








53





54



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

77
78











79
80

81
82
83
84
85
86
87
88
89

90
91
92
93
94
95
96
97

98
99
100
101
102
103
104
.\"	$OpenBSD: X509_STORE_CTX_get_ex_new_index.3,v 1.3 2016/12/10 20:13:59 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2014 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.



.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt X509_STORE_CTX_GET_EX_NEW_INDEX 3








.Os





.Sh NAME



.Nm X509_STORE_CTX_get_ex_new_index ,
.Nm X509_STORE_CTX_set_ex_data ,
.Nm X509_STORE_CTX_get_ex_data
.Nd add application specific data to X509_STORE_CTX structures
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fo X509_STORE_CTX_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc
.Ft int
.Fo X509_STORE_CTX_set_ex_data
.Fa "X509_STORE_CTX *d"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft void *
.Fo X509_STORE_CTX_get_ex_data

.Fa "X509_STORE_CTX *d"
.Fa "int idx"











.Fc
.Sh DESCRIPTION

These functions handle application specific data in
.Vt X509_STORE_CTX
structures.
Their usage is identical to that of
.Xr RSA_get_ex_new_index 3 ,
.Xr RSA_set_ex_data 3 ,
and
.Xr RSA_get_ex_data 3 .
.Pp

This mechanism is used internally by the
.Xr ssl 3
library to store the
.Vt SSL
structure associated with a verification operation in an
.Vt X509_STORE_CTX
structure.
.Sh SEE ALSO

.Xr RSA_get_ex_new_index 3
.Sh HISTORY
.Fn X509_STORE_CTX_get_ex_new_index ,
.Fn X509_STORE_CTX_set_ex_data ,
and
.Fn X509_STORE_CTX_get_ex_data
are available since OpenSSL 0.9.5.
Changes to jni/libressl/man/X509_STORE_CTX_new.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32

33
34
35
36

37
38
39
40
41
42
43
44




45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

62
63
64
65
66
67
68
69
70
71


72
73
74
75
76
77



78
79
80






81
82



83
84
85
86
87

88
89
90




91



92
93
94
95
96

97
98
99
100
101
102
103


104
105

106
107
108
109


110
111

112


113

114


115

116

117



118





119



120
121



122
123






124

125

126



127

128
129

130
131


132

133

134

135

136

137

138

139
140
141
142
143


144

145

146
147
148
149
150
151
152
153
154
155
156
157
158
159

160




161





162






163
164




165
166
167
168
169
170
171
172
173
174
175
176
177
178


179
180

181
182
183




184
185


186

187


188
189
190

191
192
193
194
195
196
197
198







.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\

.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"




.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX

.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================


.\"
.IX Title "X509_STORE_CTX_new 3"
.TH X509_STORE_CTX_new 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l



.nh
.SH "NAME"
X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free,






X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert,
X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param,



X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX
initialisation
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1

\& #include <openssl/x509_vfy.h>
\&
\& X509_STORE_CTX *X509_STORE_CTX_new(void);




\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);



\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
\&
\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
\&                         X509 *x509, STACK_OF(X509) *chain);
\&

\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
\&
\& void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
\& void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
\& void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
\&
\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);


\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use


by \fIX509_verify_cert()\fR.
.PP

\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.


.PP

\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.


The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR.

.PP

\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR



is no longer valid.





.PP



\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
The trusted certificate store is set to \fBstore\fR, the end entity certificate



to be verified is set to \fBx509\fR and a set of additional certificates (which
will be untrusted but may be used to build the chain) in \fBchain\fR. Any or






all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \fB\s-1NULL\s0\fR.

.PP

\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR



to \fBsk\fR. This is an alternative way of specifying trusted certificates

instead of using an \fBX509_STORE\fR.
.PP

\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to
\&\fBx\fR.


.PP

\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR

to \fBsk\fR.

.PP

\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate

verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is

enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be

used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol,
for example in a PKCS#7 structure.
.PP
X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an internal pointer
to the verification parameters associated with \fBctx\fR.


.PP

\&\fIX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer

to \fBparam\fR. After this call \fBparam\fR should not be used.
.PP
\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification
method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to
find an appropriate set of parameters from \fBname\fR.
.SH "NOTES"
.IX Header "NOTES"
The certificates and CRLs in a store are used internally and should \fBnot\fR
be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy
applications might implicitly use an \fBX509_STORE_CTX\fR like this:
.PP
.Vb 2
\&  X509_STORE_CTX ctx;
\&  X509_STORE_CTX_init(&ctx, store, cert, chain);

.Ve




.PP





this is \fBnot\fR recommended in new applications they should instead do:






.PP
.Vb 5




\&  X509_STORE_CTX *ctx;
\&  ctx = X509_STORE_CTX_new();
\&  if (ctx == NULL)
\&        /* Bad error */
\&  X509_STORE_CTX_init(ctx, store, cert, chain);
.Ve
.SH "BUGS"
.IX Header "BUGS"
The certificates and CRLs in a context are used internally and should \fBnot\fR
be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
should be made or reference counts increased instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an


error occurred.
.PP

\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
.PP
\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR




structure or \fB\s-1NULL\s0\fR if an error occurred.
.PP


\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR,

\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR,


\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return
values.
.PP

\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_verify_cert\fR\|(3)
\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0







|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
>
<
<
|
|
|
<
<

>
>
>
>
|
|
|
|
|
|
|
|

|
|
|
|
|
|
<
|
>
|
|
|
|
|
|
|
|
|
|
>
>
|
|
|
<
<
|
>
>
>
|
|
|
>
>
>
>
>
>
|
|
>
>
>
|
<
|
|
|
>
|
<
|
>
>
>
>
|
>
>
>
|
<
|
<
<
>
|
<
|
|
<
<
|
>
>
|
|
>
|
|
<
|
>
>
|
|
>
|
>
>
|
>
|
>
>
|
>
|
>
|
>
>
>

>
>
>
>
>
|
>
>
>
|
|
>
>
>
|
|
>
>
>
>
>
>
|
>
|
>
|
>
>
>
|
>
|
|
>
|
|
>
>
|
>
|
>
|
>
|
>
|
>
|
>
|
>
|
|
|
|
|
>
>
|
>
|
>
|
<
<
<
|
<
<
|
<
<
|
<
|
<
>
|
>
>
>
>
|
>
>
>
>
>
|
>
>
>
>
>
>
|
|
>
>
>
>
|
|
|
|
|
|
<
<
<
<
<
|
<
|
>
>
|
|
>
|
|
|
>
>
>
>
|
|
>
>
|
>
|
>
>
|
|
|
>
|
|
<
|
|
|
|
|
>
>
>
>
>
>
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23


24
25
26


27
28
29
30
31
32

33


34
35
36


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

93
94
95
96
97

98
99
100
101
102
103
104
105
106
107

108


109
110

111
112


113
114
115
116
117
118
119
120

121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208



209


210


211

212

213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243





244

245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272

273
274
275
276
277
278
279
280
281
282
283
284
.\"	$OpenBSD: X509_STORE_CTX_new.3,v 1.5 2017/01/07 03:01:44 schwarze Exp $
.\"	OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2015 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following


.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt X509_STORE_CTX_NEW 3
.Os
.Sh NAME
.Nm X509_STORE_CTX_new ,
.Nm X509_STORE_CTX_cleanup ,

.Nm X509_STORE_CTX_free ,
.Nm X509_STORE_CTX_init ,
.Nm X509_STORE_CTX_trusted_stack ,
.Nm X509_STORE_CTX_set_cert ,
.Nm X509_STORE_CTX_set_chain ,
.Nm X509_STORE_CTX_set0_crls ,
.Nm X509_STORE_CTX_get0_param ,
.Nm X509_STORE_CTX_set0_param ,
.Nm X509_STORE_CTX_set_default
.Nd X509_STORE_CTX initialisation
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft X509_STORE_CTX *
.Fn X509_STORE_CTX_new void
.Ft void
.Fo X509_STORE_CTX_cleanup
.Fa "X509_STORE_CTX *ctx"


.Fc
.Ft void
.Fo X509_STORE_CTX_free
.Fa "X509_STORE_CTX *ctx"
.Fc
.Ft int
.Fo X509_STORE_CTX_init
.Fa "X509_STORE_CTX *ctx"
.Fa "X509_STORE *store"
.Fa "X509 *x509"
.Fa "STACK_OF(X509) *chain"
.Fc
.Ft void
.Fo X509_STORE_CTX_trusted_stack
.Fa "X509_STORE_CTX *ctx"
.Fa "STACK_OF(X509) *sk"
.Fc
.Ft void
.Fo X509_STORE_CTX_set_cert

.Fa "X509_STORE_CTX *ctx"
.Fa "X509 *x"
.Fc
.Ft void
.Fo X509_STORE_CTX_set_chain

.Fa "X509_STORE_CTX *ctx"
.Fa "STACK_OF(X509) *sk"
.Fc
.Ft void
.Fo X509_STORE_CTX_set0_crls
.Fa "X509_STORE_CTX *ctx"
.Fa "STACK_OF(X509_CRL) *sk"
.Fc
.Ft X509_VERIFY_PARAM *
.Fo X509_STORE_CTX_get0_param

.Fa "X509_STORE_CTX *ctx"


.Fc
.Ft void

.Fo X509_STORE_CTX_set0_param
.Fa "X509_STORE_CTX *ctx"


.Fa "X509_VERIFY_PARAM *param"
.Fc
.Ft int
.Fo X509_STORE_CTX_set_default
.Fa "X509_STORE_CTX *ctx"
.Fa "const char *name"
.Fc
.Sh DESCRIPTION

These functions initialise an
.Vt X509_STORE_CTX
structure for subsequent use by
.Xr X509_verify_cert 3 .
.Pp
.Fn X509_STORE_CTX_new
returns a newly initialised
.Vt X509_STORE_CTX
structure.
.Pp
.Fn X509_STORE_CTX_cleanup
internally cleans up an
.Vt X509_STORE_CTX
structure.
The context can then be reused with a new call to
.Fn X509_STORE_CTX_init .
.Pp
.Fn X509_STORE_CTX_free
completely frees up
.Fa ctx .
After this call
.Fa ctx
is no longer valid.
If
.Fa ctx
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn X509_STORE_CTX_init
sets up
.Fa ctx
for a subsequent verification operation.
The trusted certificate store is set to
.Fa store ,
the end entity certificate to be verified is set to
.Fa x509
and a set of additional certificates (which will be untrusted but may be
used to build the chain) in
.Fa chain .
Any or all of the
.Fa store ,
.Fa x509 ,
and
.Fa chain
parameters can be
.Dv NULL .
.Pp
.Fn X509_STORE_CTX_trusted_stack
sets the set of trusted certificates of
.Fa ctx
to
.Fa sk .
This is an alternative way of specifying trusted certificates instead of
using an
.Vt X509_STORE .
.Pp
.Fn X509_STORE_CTX_set_cert
sets the certificate to be verified in
.Fa ctx
to
.Fa x .
.Pp
.Fn X509_STORE_CTX_set_chain
sets the additional certificate chain used by
.Fa ctx
to
.Fa sk .
.Pp
.Fn X509_STORE_CTX_set0_crls
sets a set of CRLs to use to aid certificate verification to
.Fa sk .
These CRLs will only be used if CRL verification is enabled in the
associated
.Vt X509_VERIFY_PARAM
structure.
This might be used where additional "useful" CRLs are supplied as part
of a protocol, for example in a PKCS#7 structure.
.Pp
.Fn X509_STORE_CTX_get0_param
retrieves an internal pointer to the verification parameters associated
with
.Fa ctx .
.Pp
.Fn X509_STORE_CTX_set0_param
sets the internal verification parameter pointer to
.Fa param .
After this call



.Fa param


should not be used.


.Pp

.Fn X509_STORE_CTX_set_default

looks up and sets the default verification method to
.Fa name .
This uses the function
.Fn X509_VERIFY_PARAM_lookup
to find an appropriate set of parameters from
.Fa name .
.Pp
The certificates and CRLs in a store are used internally and should
.Sy not
be freed up until after the associated
.Vt X509_STORE_CTX
is freed.
Legacy applications might implicitly use an
.Vt X509_STORE_CTX
like this:
.Bd -literal -offset indent
X509_STORE_CTX ctx;
X509_STORE_CTX_init(&ctx, store, cert, chain);
.Ed
.Pp
This is
.Sy not
recommended in new applications.
They should instead do:
.Bd -literal -offset indent
X509_STORE_CTX *ctx;
ctx = X509_STORE_CTX_new();
if (ctx == NULL)
	/* Bad error */
X509_STORE_CTX_init(ctx, store, cert, chain);
.Ed





.Sh RETURN VALUES

.Fn X509_STORE_CTX_new
returns a newly allocated context or
.Dv NULL
if an error occurred.
.Pp
.Fn X509_STORE_CTX_init
returns 1 for success or 0 if an error occurred.
.Pp
.Fn X509_STORE_CTX_get0_param
returns a pointer to an
.Vt X509_VERIFY_PARAM
structure or
.Dv NULL
if an error occurred.
.Pp
.Fn X509_STORE_CTX_cleanup ,
.Fn X509_STORE_CTX_free ,
.Fn X509_STORE_CTX_trusted_stack ,
.Fn X509_STORE_CTX_set_cert ,
.Fn X509_STORE_CTX_set_chain ,
.Fn X509_STORE_CTX_set0_crls ,
and
.Fn X509_STORE_CTX_set0_param
do not return values.
.Pp
.Fn X509_STORE_CTX_set_default
returns 1 for success or 0 if an error occurred.
.Sh SEE ALSO

.Xr X509_verify_cert 3 ,
.Xr X509_VERIFY_PARAM_set_flags 3
.Sh HISTORY
.Fn X509_STORE_CTX_set0_crls
was first added to OpenSSL 1.0.0.
.Sh BUGS
The certificates and CRLs in a context are used internally and should
.Sy not
be freed up until after the associated
.Vt X509_STORE_CTX
is freed.
Copies should be made or reference counts increased instead.
Changes to jni/libressl/man/X509_STORE_CTX_set_verify_cb.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44








45
46
47
48
49
50
51
52
53
54
55


56
57
58
59

60
61
62
63
64
65

66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91



92
93
94
95
96
97
98

99
100


101
102

103

104


105
106


107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125





126









127
128

129
130
131
132
133
134
135
136

137
138

139
140
141
142
143
144
145
146
147

148
149
150
151
152
153

154
155
156

157
158
159
160
161
162

163
164
165
166
167
168
169

170
171

172
173
174




175




176
177
178
179
180
181

182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

225
226
227
228
229
230

231
232
233
234

235
236
237
238
239


240





.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"








.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{

.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0

.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_set_verify_cb 3"
.TH X509_STORE_CTX_set_verify_cb 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
X509_STORE_CTX_set_verify_cb \- set verification callback
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509_vfy.h>
\&
\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
\&                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to



\&\fBverify_cb\fR overwriting any existing callback.
.PP
The verification callback can be used to customise the operation of certificate
verification, either by overriding error conditions or logging errors for
debugging purposes.
.PP
However a verification callback is \fBnot\fR essential and the default operation

is often sufficient.
.PP


The \fBok\fR parameter to the callback indicates the value the callback should
return to retain the default behaviour. If it is zero then and error condition

is indicated. If it is 1 then no error occurred. If the flag

\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the


policy checking is complete.
.PP


The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that
is performing the verification operation. A callback can examine this
structure and receive additional information about the error, for example
by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can
be passed to the callback via the \fBex_data\fR mechanism.
.SH "WARNING"
.IX Header "WARNING"
In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in
all circumstances because this will allow verification to succeed no matter
what the error. This effectively removes all security from the application
because \fBany\fR certificate (including untrusted generated ones) will be
accepted.
.SH "NOTES"
.IX Header "NOTES"
The verification callback can be set and inherited from the parent structure
performing the operation. In some cases (such as S/MIME verification) the
\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the
only way to set a custom verification callback is by inheriting it from the
associated \fBX509_STORE\fR.





.SH "RETURN VALUES"









.IX Header "RETURN VALUES"
\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value.

.SH "EXAMPLES"
.IX Header "EXAMPLES"
Default callback operation:
.PP
.Vb 5
\& int
\& verify_callback(int ok, X509_STORE_CTX *ctx)
\& {

\&        return ok;
\& }

.Ve
.PP
Simple example, suppose a certificate in the chain is expired and we wish
to continue after this error:
.PP
.Vb 9
\& int
\& verify_callback(int ok, X509_STORE_CTX *ctx)
\& {

\&        /* Tolerate certificate expiration */
\&        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
\&                return 1;
\&        /* Otherwise don\*(Aqt override */
\&        return ok;
\& }

.Ve
.PP
More complex example, we don't wish to continue after \fBany\fR certificate has

expired just one specific case:
.PP
.Vb 5
\& int
\& verify_callback(int ok, X509_STORE_CTX *ctx)
\& {

\&        int err = X509_STORE_CTX_get_error(ctx);
\&        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
\&
\&        if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
\&                if (check_is_acceptable_expired_cert(err_cert)
\&                        return 1;
\&        }

\&        return ok;
\& }

.Ve
.PP
Full featured logging callback. In this case the \fBbio_err\fR is assumed to be




a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using




\&\fBex_data\fR.
.PP
.Vb 5
\& int
\& verify_callback(int ok, X509_STORE_CTX *ctx)
\& {

\&        X509 *err_cert;
\&        int err,depth;
\&
\&        err_cert = X509_STORE_CTX_get_current_cert(ctx);
\&        err =   X509_STORE_CTX_get_error(ctx);
\&        depth = X509_STORE_CTX_get_error_depth(ctx);
\&
\&        BIO_printf(bio_err,"depth=%d ",depth);
\&        if (err_cert) {
\&                X509_NAME_print_ex(bio_err,
\&                    X509_get_subject_name(err_cert), 0,
\&                    XN_FLAG_ONELINE);
\&                BIO_puts(bio_err, "\en");
\&        } else
\&                BIO_puts(bio_err, "<no cert>\en");
\&        if (!ok)
\&                BIO_printf(bio_err, "verify error:num=%d:%s\en",
\&                    err, X509_verify_cert_error_string(err));
\&        switch (err) {
\&        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
\&                BIO_puts(bio_err, "issuer= ");
\&                X509_NAME_print_ex(bio_err,
\&                    X509_get_issuer_name(err_cert), 0,
\&                    XN_FLAG_ONELINE);
\&                BIO_puts(bio_err, "\en");
\&                break;
\&        case X509_V_ERR_CERT_NOT_YET_VALID:
\&        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
\&                BIO_printf(bio_err, "notBefore=");
\&                ASN1_TIME_print(bio_err,
\&                    X509_get_notBefore(err_cert));
\&                BIO_printf(bio_err, "\en");
\&                break;
\&        case X509_V_ERR_CERT_HAS_EXPIRED:
\&        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
\&                BIO_printf(bio_err, "notAfter=");
\&                ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
\&                BIO_printf(bio_err, "\en");
\&                break;
\&        case X509_V_ERR_NO_EXPLICIT_POLICY:
\&                policies_print(bio_err, ctx);
\&                break;
\&        }

\&        if (err == X509_V_OK && ok == 2)
\&                /* print out policies */
\&
\&        BIO_printf(bio_err,"verify return:%d\en",ok);
\&        return(ok);
\& }

.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_STORE_CTX_get_error\fR\|(3)

\&\fIX509_STORE_set_verify_cb_func\fR\|(3)
\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIX509_STORE_CTX_set_verify_cb()\fR is available in all versions of SSLeay and


OpenSSL.





|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
|
|
|
|
|
|
>
|
|
<
<
<
<
<
<
|
<
<

>
>
>
>
>
>
>
>
|
|
|
|
<
<
<
<

<
<
>
>
|
|
<
<
>
|
<
<
|
<
<
>
<
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
<
>
|
>
>
>
|
|
|
|
|
|
|
>
|
|
>
>
|
|
>
|
>
|
>
>
|
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
>
|
<

|
<
|
|
<
>
|
<
>
|
|
|
|
|
<
|
|
<
>
|
|
|
|
|
<
>
|
|
|
>
|
|
<
|
|
<
>
|
|
|
|
|
|
<
>
|
<
>
|
|
|
>
>
>
>
|
>
>
>
>
|
|
<
|
|
<
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
>
|
|
|
|
|
<
>
|
|
<
|
>
|
<
|
|
|
>
>
|
>
>
>
>
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35






36


37
38
39
40
41
42
43
44
45
46
47
48
49




50


51
52
53
54


55
56


57


58



59



60












61
62
63
64

65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

















95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

115
116

117
118

119
120

121
122
123
124
125
126

127
128

129
130
131
132
133
134

135
136
137
138
139
140
141

142
143

144
145
146
147
148
149
150

151
152

153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

168
169

170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

213
214
215
216
217
218

219
220
221

222
223
224

225
226
227
228
229
230
231
232
233
234
235
.\"	$OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.3 2016/12/05 13:39:33 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2016 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project






.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.




.\"


.Dd $Mdocdate: December 5 2016 $
.Dt X509_STORE_CTX_SET_VERIFY_CB 3
.Os
.Sh NAME


.Nm X509_STORE_CTX_set_verify_cb
.Nd set verification callback


.Sh SYNOPSIS


.In openssl/x509_vfy.h



.Ft void



.Fo X509_STORE_CTX_set_verify_cb












.Fa "X509_STORE_CTX *ctx"
.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)"
.Fc
.Sh DESCRIPTION

.Fn X509_STORE_CTX_set_verify_cb
sets the verification callback of
.Fa ctx
to
.Fa verify_cb
overwriting any existing callback.
.Pp
The verification callback can be used to customise the operation of
certificate verification, either by overriding error conditions or
logging errors for debugging purposes.
.Pp
However a verification callback is
.Sy not
essential and the default operation is often sufficient.
.Pp
The
.Fa ok
parameter to the callback indicates the value the callback should return
to retain the default behaviour.
If it is zero then an error condition is indicated.
If it is 1 then no error occurred.
If the flag
.Dv X509_V_FLAG_NOTIFY_POLICY
is set, then
.Fa ok
is set to 2 to indicate the policy checking is complete.
.Pp
The
.Fa ctx
parameter to the callback is the

















.Vt X509_STORE_CTX
structure that is performing the verification operation.
A callback can examine this structure and receive additional information
about the error, for example by calling
.Xr X509_STORE_CTX_get_current_cert 3 .
Additional application data can be passed to the callback via the
.Sy ex_data
mechanism.
.Pp
The verification callback can be set and inherited from the parent
structure performing the operation.
In some cases (such as S/MIME verification) the
.Vt X509_STORE_CTX
structure is created and destroyed internally and the only way to set a
custom verification callback is by inheriting it from the associated
.Vt X509_STORE .
.Sh RETURN VALUES
.Fn X509_STORE_CTX_set_verify_cb
does not return a value.
.Sh EXAMPLES

Default callback operation:
.Bd -literal

int
verify_callback(int ok, X509_STORE_CTX *ctx)

 {
	return ok;

}
.Ed
.Pp
Simple example, suppose a certificate in the chain is expired and we
wish to continue after this error:
.Bd -literal

int
verify_callback(int ok, X509_STORE_CTX *ctx)

{
	/* Tolerate certificate expiration */
	if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
		return 1;
	/* Otherwise don't override */
	return ok;

}
.Ed
.Pp
More complex example, we don't wish to continue after
.Sy any
certificate has expired just one specific case:
.Bd -literal

int
verify_callback(int ok, X509_STORE_CTX *ctx)

{
	int err = X509_STORE_CTX_get_error(ctx);
	X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);

	if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
		if (check_is_acceptable_expired_cert(err_cert)
			return 1;

	}
	return ok;

}
.Ed
.Pp
Full featured logging callback.
In this case the
.Fa bio_err
is assumed to be a global logging
.Vt BIO ,
an alternative would to store a
.Vt BIO
in
.Fa ctx
using
.Sy ex_data .
.Bd -literal

int
verify_callback(int ok, X509_STORE_CTX *ctx)

{
	X509 *err_cert;
	int err,depth;

	err_cert = X509_STORE_CTX_get_current_cert(ctx);
	err =	X509_STORE_CTX_get_error(ctx);
	depth =	X509_STORE_CTX_get_error_depth(ctx);

	BIO_printf(bio_err,"depth=%d ",depth);
	if (err_cert) {
		X509_NAME_print_ex(bio_err,
		    X509_get_subject_name(err_cert), 0,
		    XN_FLAG_ONELINE);
		BIO_puts(bio_err, "\en");
	} else
		BIO_puts(bio_err, "<no cert>\en");
	if (!ok)
		BIO_printf(bio_err, "verify error:num=%d:%s\en",
		    err, X509_verify_cert_error_string(err));
	switch (err) {
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
		BIO_puts(bio_err, "issuer= ");
		X509_NAME_print_ex(bio_err,
		    X509_get_issuer_name(err_cert), 0,
		    XN_FLAG_ONELINE);
		BIO_puts(bio_err, "\en");
		break;
	case X509_V_ERR_CERT_NOT_YET_VALID:
	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
		BIO_printf(bio_err, "notBefore=");
		ASN1_TIME_print(bio_err,
		    X509_get_notBefore(err_cert));
		BIO_printf(bio_err, "\en");
		break;
	case X509_V_ERR_CERT_HAS_EXPIRED:
	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
		BIO_printf(bio_err, "notAfter=");
		ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
		BIO_printf(bio_err, "\en");
		break;
	case X509_V_ERR_NO_EXPLICIT_POLICY:
		policies_print(bio_err, ctx);
		break;

	}
	if (err == X509_V_OK && ok == 2)
		/* print out policies */

	BIO_printf(bio_err,"verify return:%d\en",ok);
	return(ok);

}
.Ed
.Sh SEE ALSO

.Xr X509_STORE_CTX_get_error 3 ,
.Xr X509_STORE_CTX_get_ex_new_index 3 ,
.Xr X509_STORE_set_verify_cb_func 3

.Sh HISTORY
.Fn X509_STORE_CTX_set_verify_cb
is available in all versions of SSLeay and OpenSSL.
.Sh CAVEATS
In general a verification callback should
.Sy NOT
unconditionally return 1 in all circumstances because this will allow
verification to succeed no matter what the error.
This effectively removes all security from the application because
.Sy any
certificate (including untrusted generated ones) will be accepted.
Added jni/libressl/man/X509_STORE_load_locations.3.










































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
.\"	$OpenBSD: X509_STORE_load_locations.3,v 1.2 2017/01/07 08:46:13 jmc Exp $
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt X509_STORE_LOAD_LOCATIONS 3
.Os
.Sh NAME
.Nm X509_STORE_load_locations ,
.Nm X509_STORE_set_default_paths
.Nd configure files and directories used by a certificate store
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fo X509_STORE_load_locations
.Fa "X509_STORE *store"
.Fa "const char *file"
.Fa "const char *dirs"
.Fc
.Ft int
.Fo X509_STORE_set_default_paths
.Fa "X509_STORE *store"
.Fc
.Sh DESCRIPTION
.Fn X509_STORE_load_locations
instructs the
.Fa store
to use the PEM file
.Fa file
and all the PEM files in the directories
contained in the colon-separated list
.Fa dirs
for looking up certificates, in addition to files and directories
that are already configured.
Directories already in use are not added again.
If
.Dv NULL
is passed for
.Fa file
or
.Fa dirs ,
no new file or no new directories are added, respectively.
.Pp
.Fn X509_STORE_load_locations
is identical to
.Xr SSL_CTX_load_verify_locations 3
except that it operates directly on an
.Vt X509_STORE
object, rather than on the store used by an SSL context.
See that manual page for more information.
.Pp
.Fn X509_STORE_set_default_paths
is similar except that it instructs the
.Fa store
to use the default PEM file and directory
(as documented in
.Sx FILES )
in addition to what is already configured.
It ignores errors that occur while trying to load the file or to
add the directory, but it may still fail for other reasons, for
example when out of memory while trying to allocate the required
.Vt X509_LOOKUP
objects.
.Pp
.Fn X509_STORE_set_default_paths
is identical to
.Xr SSL_CTX_set_default_verify_paths 3
except that it operates directly on an
.Vt X509_STORE
object, rather than on the store used by an SSL context.
See that manual page for more information.
.Sh RETURN VALUES
.Fn X509_STORE_load_locations
returns 1 if all files and directories specified were successfully
added.
It returns 0 for failure.
That can happen if adding the file failed, if adding any of the
directories failed, or if both arguments were
.Dv NULL .
.Pp
.Fn X509_STORE_set_default_paths
returns 0 for some error conditions and 1 otherwise, not just for
success, but also for various cases of failure.
.Sh FILES
.Bl -tag -width Ds
.It Pa /etc/ssl/cert.pem
default PEM file for
.Fn X509_STORE_set_default_paths
.It Pa /etc/ssl/certs/
default directory for
.Fn X509_STORE_set_default_paths
.El
.Sh SEE ALSO
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr X509_LOOKUP_hash_dir 3 ,
.Xr X509_STORE_set1_param 3 ,
.Xr X509_STORE_set_verify_cb 3
.Sh BUGS
By the time that adding a directory is found to have failed,
the file and some other directories may already have been successfully loaded,
so these functions may change the state of the store even when they fail.
.Pp
.Fn X509_STORE_set_default_paths
clears the error queue, deleting even error information that was
already present when it was called.
Added jni/libressl/man/X509_STORE_set1_param.3.
















































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
.\"	$OpenBSD: X509_STORE_set1_param.3,v 1.3 2017/01/06 22:46:06 schwarze Exp $
.\"	OpenSSL 99d63d46
.\"
.\" This file was written by Christian Heimes <cheimes@redhat.com>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt X509_STORE_SET1_PARAM 3
.Os
.Sh NAME
.Nm X509_STORE_set1_param
.Nd set X509_STORE verification parameters
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fo X509_STORE_set1_param
.Fa "X509_STORE *ctx"
.Fa "X509_VERIFY_PARAM *pm"
.Fc
.Sh DESCRIPTION
.Fn X509_STORE_set1_param
sets the verification parameters to
.Fa pm
for
.Fa ctx .
.Sh RETURN VALUES
.Fn X509_STORE_set1_param
returns 1 for success and 0 for failure.
Changes to jni/libressl/man/X509_STORE_set_verify_cb_func.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53












54
55


56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78
79
80




81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102



103
104

105







106





107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-

.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"












.\" Avoid warning from groff about undefined register 'F'.
.de IX


..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_STORE_set_verify_cb_func 3"
.TH X509_STORE_set_verify_cb_func 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"
X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb \- set verification




callback
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509_vfy.h>
\&
\& void X509_STORE_set_verify_cb(X509_STORE *st,
\&                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
\&
\& void X509_STORE_set_verify_cb_func(X509_STORE *st,
\&                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
\&\fBverify_cb\fR overwriting any existing callback.
.PP
\&\fIX509_STORE_set_verify_cb_func()\fR also sets the verification callback but it
is implemented as a macro.
.SH "NOTES"
.IX Header "NOTES"
The verification callback from an \fBX509_STORE\fR is inherited by



the corresponding \fBX509_STORE_CTX\fR structure when it is initialized. This can
be used to set the verification callback when the \fBX509_STORE_CTX\fR is

otherwise inaccessible (for example during S/MIME verification).







.SH "BUGS"





.IX Header "BUGS"
The macro version of this function was the only one available before
OpenSSL 1.0.0.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIX509_STORE_set_verify_cb()\fR and \fIX509_STORE_set_verify_cb_func()\fR do not return
a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3)
\&\fICMS_verify\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIX509_STORE_set_verify_cb_func()\fR is available in all versions of SSLeay and
OpenSSL.
.PP
\&\fIX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0.
|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
|
|
|
<
|
|
>
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
>
>
>
>
>
>
>
>
>
>
<
|
>
>
|
|
<
|
|
|
|
>
|
<
|
|
|
<
|
<
<
|
|
|
<
<
<
>
|
|
|
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
|
<
|
>
>
>
|
|
>
|
>
>
>
>
>
>
>
|
>
>
>
>
>
|


<
<
<
<
<
<
<
<
<
<
<
<
<
<
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21

22
23
24
25
26














27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52
53
54

55
56
57
58
59
60

61
62
63

64


65
66
67



68
69
70
71
72
73
74
75















76
77
78
79
80

81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104














.\"	$OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.4 2016/12/10 20:34:57 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact














.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: December 10 2016 $
.Dt X509_STORE_SET_VERIFY_CB_FUNC 3
.Os
.Sh NAME

.Nm X509_STORE_set_verify_cb ,
.Nm X509_STORE_set_verify_cb_func
.Nd set verification callback
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft void

.Fo X509_STORE_set_verify_cb
.Fa "X509_STORE *st"
.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)"

.Fc


.Ft void
.Fo X509_STORE_set_verify_cb_func
.Fa "X509_STORE *st"



.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)"
.Fc
.Sh DESCRIPTION
.Fn X509_STORE_set_verify_cb
sets the verification callback of
.Sy ctx
to
.Sy verify_cb ,















overwriting any existing callback.
.Pp
.Fn X509_STORE_set_verify_cb_func
also sets the verification callback but it is implemented as a macro.
.Pp

The verification callback from an
.Vt X509_STORE
is inherited by the corresponding
.Vt X509_STORE_CTX
structure when it is initialized.
This can be used to set the verification callback when the
.Vt X509_STORE_CTX
is otherwise inaccessible (for example during S/MIME verification).
.Sh RETURN VALUES
.Fn X509_STORE_set_verify_cb
and
.Fn X509_STORE_set_verify_cb_func
do not return a value.
.Sh SEE ALSO
.Xr X509_STORE_CTX_set_verify_cb 3
.Sh HISTORY
.Fn X509_STORE_set_verify_cb_func
is available in all versions of SSLeay and OpenSSL.
.Pp
.Fn X509_STORE_set_verify_cb
was added to OpenSSL 1.0.0.
.Sh BUGS
The macro version of this function was the only one available before
OpenSSL 1.0.0.














Changes to jni/libressl/man/X509_VERIFY_PARAM_set_flags.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16

17
18

19
20
21
22
23
24
25
26

27
28
29
30
31
32

33
34
35




36


37
38
39
40
41
42
43
44
45
46
47
48

49
50
51
52
53



54


55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70


71
72


73
74
75
76
77
78
79
80
81



82
83



84
85
86
87
88
89
90
91
92
93
94
95

96
97
98



99
100
101
102
103
104
105

106
107
108
109
110
111

112
113


114




115


116
117
118


119
120





















121
122
123
124
125
126
127
128
129
130
131

132

133
134

135
136

137




138
139

140

141
142
143
144

145
146



147
148
149

150
151


152
153
154

155
156
157
158
159
160

161
162
163

164
165
166

167
168

169

170

171
172
173


174
175
176

177
178
179
180

181

182
183


184




185

186
187
188


189
190
191
192
193
194


195
196
197


198

199
200
201

202
203

204
205
206
207


208


209
210
211

212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

232

233
234
235
236
237
238
239
240
241












.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi

..
.\" Set up some character translations and predefined strings.  \*(-- will

.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}




.el\{\


.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"

.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"



.\" Avoid warning from groff about undefined register 'F'.


.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF


.\" ========================================================================
.\"


.IX Title "X509_VERIFY_PARAM_set_flags 3"
.TH X509_VERIFY_PARAM_set_flags 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,
X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose,



X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time,



X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies \- X509
verification parameters
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509_vfy.h>
\&
\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
\&                                                        unsigned long flags);
\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
\&

\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
\&



\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
\&
\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
\&                                                ASN1_OBJECT *policy);
\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
\&                                        STACK_OF(ASN1_OBJECT) *policies);
\&

\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with

a certificate verification operation.
.PP


The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring




it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete


description of values the \fBflags\fR parameter can take.
.PP
\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR.


.PP
\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR.





















.PP
\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR
to \fBpurpose\fR. This determines the acceptable purpose of the certificate
chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server.
.PP
\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to
\&\fBtrust\fR.
.PP
\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to
\&\fBt\fR. Normally the current time is used.
.PP

\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled

by default) and adds \fBpolicy\fR to the acceptable policy set.
.PP

\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled
by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing

policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear




an existing policy set.
.PP

\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR.

That is the maximum number of untrusted \s-1CA\s0 certificates that can appear in a
chain.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR,
\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR,



\&\fIX509_VERIFY_PARAM_add0_policy()\fR and \fIX509_VERIFY_PARAM_set1_policies()\fR return 1
for success and 0 for failure.
.PP

\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags.
.PP


\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return
values.
.PP

\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth.
.SH "VERIFICATION FLAGS"
.IX Header "VERIFICATION FLAGS"
The verification flags consists of zero or more of the following flags
ored together.
.PP

\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf
certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found.
.PP

\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate
chain.
.PP

\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default
any unhandled critical extensions in certificates or (if checked) CRLs results

in a fatal error. If this flag is set unhandled critical extensions are

ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging

purposes can be a security risk. Finer control over which extensions are
supported can be performed in the verification callback.
.PP


THe \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken
certificates and makes the verification strictly apply \fBX509\fR rules.
.PP

\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification.
.PP
\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default
no policy checking is performed. Additional information is sent to the

verification callback relating to policy checking.

.PP
\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and


\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any




policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in

\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags
are set.
.PP


If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful
a special status code is set to the verification callback. This permits it
to examine the valid policy tree and perform additional checks or simply
log it for debugging purposes.
.PP
By default some additional features such as indirect CRLs and CRLs signed by


different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set
they are enabled.
.PP


If \fBX509_V_FLAG_USE_DELTAS\fR ise set delta CRLs (if present) are used to

determine certificate status. If not set deltas are ignored.
.PP
\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed

certificate signature. By default this check is disabled because it doesn't
add any additional security but in some cases applications might want to

check the signature anyway. A side effect of not checking the root \s-1CA\s0
signature is that disabled or unsupported message digests on the root \s-1CA\s0
are not treated as fatal errors.
.PP


The \fBX509_V_FLAG_CB_ISSUER_CHECK\fR flag enables debugging of certificate


issuer checks. It is \fBnot\fR needed unless you are logging certificate
verification. If this flag is set then additional status codes will be sent
to the verification callback and it \fBmust\fR be prepared to handle such cases

without assuming they are hard errors.
.SH "NOTES"
.IX Header "NOTES"
The above functions should be used to manipulate verification parameters
instead of legacy functions which work in specific structures such as
\&\fIX509_STORE_CTX_set_flags()\fR.
.SH "BUGS"
.IX Header "BUGS"
Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and
(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not
maintained.
.PP
If CRLs checking is enable CRLs are expected to be available in the
corresponding \fBX509_STORE\fR structure. No attempt is made to download
CRLs from the \s-1CRL\s0 distribution points extension.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0
connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR:
.PP

.Vb 5

\&  X509_VERIFY_PARAM *param;
\&  param = X509_VERIFY_PARAM_new();
\&  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
\&  SSL_CTX_set1_param(ctx, param);
\&  X509_VERIFY_PARAM_free(param);
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_verify_cert\fR\|(3)












|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
>
|
<
>
|
|
<
<
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
>
>
>
>
|
>
>
|
|
|
|
|
|
|
|
|
|
<

>
|
<
<
<
|
>
>
>
|
>
>
|
|
|
|
|
|
|
|
|
|
|
|
<
<
|
|
>
>
|
|
>
>
|
<
<
<
<
|
|
|
|
>
>
>
|
|
>
>
>
|
|
|
<
|
|
<
|
|
|
|
<
>
|
|
<
>
>
>
|
<
|
<
|
|
<
>
|
|
|
|
<
|
>
|
|
>
>
|
>
>
>
>
|
>
>
|
|
|
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
<
<
|
|
<
|
|
>
|
>
|
|
>
|
|
>
|
>
>
>
>
|
|
>
|
>
|
|
|
<
>
|
|
>
>
>
|
|
|
>
|
|
>
>
|
|
|
>
|
|
<
|
|
|
>
|
|
|
>
|
<
|
>
|
|
>
|
>
|
>
|
|
|
>
>
|
|
|
>
|
|
|
|
>
|
>
|
|
>
>
|
>
>
>
>
|
>
|
<
|
>
>
|
|
|
|
|
|
>
>
|
|
|
>
>
|
>
|
|
|
>
|
|
>
|
|
|
|
>
>
|
>
>
|
|
|
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
|
|
|
>
|
>
|
|
|
|
|
|
|
<
|
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17
18

19
20
21


22
23


24
25
26


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71


72
73
74
75
76
77
78
79
80




81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

96
97

98
99
100
101

102
103
104

105
106
107
108

109

110
111

112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159





160
161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

206
207
208
209
210
211
212
213
214

215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251

252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290














291

292
293
294
295
296
297
298
299
300
301
302
303
304

305
306
307
308
309
310
311
312
313
314
315
316
317
.\"	$OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.5 2017/01/06 21:30:27 schwarze Exp $
.\"	OpenSSL 2b4ffc65 Dec 23 19:28:30 2013 +0100
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2013 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"

.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project


.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.

.\"
.Dd $Mdocdate: January 6 2017 $
.Dt X509_VERIFY_PARAM_SET_FLAGS 3



.Os
.Sh NAME
.Nm X509_VERIFY_PARAM_set_flags ,
.Nm X509_VERIFY_PARAM_clear_flags ,
.Nm X509_VERIFY_PARAM_get_flags ,
.Nm X509_VERIFY_PARAM_set_purpose ,
.Nm X509_VERIFY_PARAM_set_trust ,
.Nm X509_VERIFY_PARAM_set_time ,
.Nm X509_VERIFY_PARAM_add0_policy ,
.Nm X509_VERIFY_PARAM_set1_policies ,
.Nm X509_VERIFY_PARAM_set_depth ,
.Nm X509_VERIFY_PARAM_get_depth
.Nd X509 verification parameters
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fo X509_VERIFY_PARAM_set_flags
.Fa "X509_VERIFY_PARAM *param"
.Fa "unsigned long flags"


.Fc
.Ft int
.Fo X509_VERIFY_PARAM_clear_flags
.Fa "X509_VERIFY_PARAM *param"
.Fa "unsigned long flags"
.Fc
.Ft unsigned long
.Fo X509_VERIFY_PARAM_get_flags
.Fa "X509_VERIFY_PARAM *param"




.Fc
.Ft int
.Fo X509_VERIFY_PARAM_set_purpose
.Fa "X509_VERIFY_PARAM *param"
.Fa "int purpose"
.Fc
.Ft int
.Fo X509_VERIFY_PARAM_set_trust
.Fa "X509_VERIFY_PARAM *param"
.Fa "int trust"
.Fc
.Ft void
.Fo X509_VERIFY_PARAM_set_time
.Fa "X509_VERIFY_PARAM *param"
.Fa "time_t t"

.Fc
.Ft int

.Fo X509_VERIFY_PARAM_add0_policy
.Fa "X509_VERIFY_PARAM *param"
.Fa "ASN1_OBJECT *policy"
.Fc

.Ft int
.Fo X509_VERIFY_PARAM_set1_policies
.Fa "X509_VERIFY_PARAM *param"

.Fa "STACK_OF(ASN1_OBJECT) *policies"
.Fc
.Ft void
.Fo X509_VERIFY_PARAM_set_depth

.Fa "X509_VERIFY_PARAM *param"

.Fa "int depth"
.Fc

.Ft int
.Fo X509_VERIFY_PARAM_get_depth
.Fa "const X509_VERIFY_PARAM *param"
.Fc
.Sh DESCRIPTION

These functions manipulate the
.Vt X509_VERIFY_PARAM
structure associated with a certificate verification operation.
.Pp
The
.Fn X509_VERIFY_PARAM_set_flags
function sets the flags in
.Fa param
by OR'ing it with
.Fa flags .
See the
.Sx VERIFICATION FLAGS
section for a complete description of values the
.Fa flags
parameter can take.
.Pp
.Fn X509_VERIFY_PARAM_get_flags
returns the flags in
.Fa param .
.Pp
.Fn X509_VERIFY_PARAM_clear_flags
clears the flags
.Fa flags
in
.Fa param .
.Pp
.Fn X509_VERIFY_PARAM_set_purpose
sets the verification purpose in
.Fa param
to
.Fa purpose .
This determines the acceptable purpose of the certificate chain, for
example SSL client or SSL server.
.Pp
.Fn X509_VERIFY_PARAM_set_trust
sets the trust setting in
.Fa param
to
.Fa trust .
.Pp
.Fn X509_VERIFY_PARAM_set_time
sets the verification time in
.Fa param





to
.Fa t .

Normally the current time is used.
.Pp
.Fn X509_VERIFY_PARAM_add0_policy
enables policy checking (it is disabled by default) and adds
.Fa policy
to the acceptable policy set.
.Pp
.Fn X509_VERIFY_PARAM_set1_policies
enables policy checking (it is disabled by default) and sets the
acceptable policy set to
.Fa policies .
Any existing policy set is cleared.
The
.Fa policies
parameter can be
.Dv NULL
to clear an existing policy set.
.Pp
.Fn X509_VERIFY_PARAM_set_depth
sets the maximum verification depth to
.Fa depth .
That is the maximum number of untrusted CA certificates that can appear
in a chain.
.Sh RETURN VALUES

.Fn X509_VERIFY_PARAM_set_flags ,
.Fn X509_VERIFY_PARAM_clear_flags ,
.Fn X509_VERIFY_PARAM_set_purpose ,
.Fn X509_VERIFY_PARAM_set_trust ,
.Fn X509_VERIFY_PARAM_add0_policy ,
and
.Fn X509_VERIFY_PARAM_set1_policies
return 1 for success or 0 for failure.
.Pp
.Fn X509_VERIFY_PARAM_get_flags
returns the current verification flags.
.Pp
.Fn X509_VERIFY_PARAM_set_time
and
.Fn X509_VERIFY_PARAM_set_depth
do not return values.
.Pp
.Fn X509_VERIFY_PARAM_get_depth
returns the current verification depth.
.Sh VERIFICATION FLAGS

The verification flags consists of zero or more of the following
flags OR'ed together.
.Pp
.Dv X509_V_FLAG_CRL_CHECK
enables CRL checking for the certificate chain leaf certificate.
An error occurs if a suitable CRL cannot be found.
.Pp
.Dv X509_V_FLAG_CRL_CHECK_ALL
enables CRL checking for the entire certificate chain.

.Pp
.Dv X509_V_FLAG_IGNORE_CRITICAL
disables critical extension checking.
By default any unhandled critical extensions in certificates or (if
checked) CRLs results in a fatal error.
If this flag is set unhandled critical extensions are ignored.
.Sy WARNING :
setting this option for anything other than debugging purposes can be a
security risk.
Finer control over which extensions are supported can be performed in
the verification callback.
.Pp
The
.Dv X509_V_FLAG_X509_STRICT
flag disables workarounds for some broken certificates and makes the
verification strictly apply X509 rules.
.Pp
.Dv X509_V_FLAG_ALLOW_PROXY_CERTS
enables proxy certificate verification.
.Pp
.Dv X509_V_FLAG_POLICY_CHECK
enables certificate policy checking; by default no policy checking is
performed.
Additional information is sent to the verification callback relating to
policy checking.
.Pp
.Dv X509_V_FLAG_EXPLICIT_POLICY ,
.Dv X509_V_FLAG_INHIBIT_ANY ,
and
.Dv X509_V_FLAG_INHIBIT_MAP
set the
.Dq require explicit policy ,
.Dq inhibit any policy ,
and
.Dq inhibit policy mapping
flags, respectively, as defined in RFC 3280.
Policy checking is automatically enabled if any of these flags are set.

.Pp
If
.Dv X509_V_FLAG_NOTIFY_POLICY
is set and the policy checking is successful a special status code is
set to the verification callback.
This permits it to examine the valid policy tree and perform additional
checks or simply log it for debugging purposes.
.Pp
By default some additional features such as indirect CRLs and CRLs
signed by different keys are disabled.
If
.Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT
is set they are enabled.
.Pp
If
.Dv X509_V_FLAG_USE_DELTAS
is set, delta CRLs (if present) are used to determine certificate
status.
If not set, deltas are ignored.
.Pp
.Dv X509_V_FLAG_CHECK_SS_SIGNATURE
enables checking of the root CA self signed certificate signature.
By default this check is disabled because it doesn't add any additional
security but in some cases applications might want to check the
signature anyway.
A side effect of not checking the root CA signature is that disabled or
unsupported message digests on the root CA are not treated as fatal
errors.
.Pp
The
.Dv X509_V_FLAG_CB_ISSUER_CHECK
flag enables debugging of certificate issuer checks.
It is
.Sy not
needed unless you are logging certificate verification.
If this flag is set then additional status codes will be sent to the
verification callback and it
.Sy must
be prepared to handle such cases without assuming they are hard errors.














.Sh EXAMPLES

Enable CRL checking when performing certificate verification during
SSL connections associated with an
.Vt SSL_CTX
structure
.Fa ctx :
.Bd -literal -offset indent
X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_new();
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
SSL_CTX_set1_param(ctx, param);
X509_VERIFY_PARAM_free(param);
.Ed
.Sh SEE ALSO

.Xr X509_verify_cert 3
.Sh BUGS
Delta CRL checking is currently primitive.
Only a single delta can be used and (partly due to limitations of
.Vt X509_STORE )
constructed CRLs are not maintained.
.Pp
If CRLs checking is enabled, CRLs are expected to be available in
the corresponding
.Vt X509_STORE
structure.
No attempt is made to download CRLs from the CRL distribution points
extension.
Added jni/libressl/man/X509_check_ca.3.
























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
.\"	$OpenBSD: X509_check_ca.3,v 1.3 2017/01/06 19:19:54 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt X509_CHECK_CA 3
.Os
.Sh NAME
.Nm X509_check_ca
.Nd check whether a certificate is a CA certificate
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft int
.Fo X509_check_ca
.Fa "X509 *cert"
.Fc
.Sh DESCRIPTION
This function checks whether the given certificate is a CA certificate,
that is, whether it can be used to sign other certificates.
.Sh RETURN VALUES
This functions returns non-zero if
.Fa cert
is a CA certificate or 0 otherwise.
.Pp
The following return values identify specific kinds of CA certificates:
.Bl -tag -width 2n
.It 1
an X.509 v3 CA certificate with
.Sy basicConstraints
extension CA:TRUE
.It 3
a self-signed X.509 v1 certificate
.It 4
a certificate with
.Sy keyUsage
extension with bit
.Sy keyCertSign
set, but without
.Sy basicConstraints
.It 5
a certificate with an outdated Netscape Certificate Type extension telling
that it is a CA certificate
.El
.Sh SEE ALSO
.Xr X509_check_issued 3 ,
.Xr X509_verify_cert 3
Added jni/libressl/man/X509_check_host.3.
























































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
.\"	$OpenBSD: X509_check_host.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Florian Weimer <fweimer@redhat.com> and
.\" Viktor Dukhovni <openssl-users@dukhovni.org>.
.\" Copyright (c) 2012, 2014, 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt X509_CHECK_HOST 3
.Os
.Sh NAME
.Nm X509_check_host ,
.Nm X509_check_email ,
.Nm X509_check_ip ,
.Nm X509_check_ip_asc
.Nd X.509 certificate matching
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft int
.Fo X509_check_host
.Fa "X509 *x"
.Fa "const char *name"
.Fa "size_t namelen"
.Fa "unsigned int flags"
.Fa "char **peername"
.Fc
.Ft int
.Fo X509_check_email
.Fa "X509 *x"
.Fa "const char *address"
.Fa "size_t addresslen"
.Fa "unsigned int flags"
.Fc
.Ft int
.Fo X509_check_ip
.Fa "X509 *x"
.Fa "const unsigned char *address"
.Fa "size_t addresslen"
.Fa "unsigned int flags"
.Fc
.Ft int
.Fo X509_check_ip_asc
.Fa "X509 *x"
.Fa "const char *address"
.Fa "unsigned int flags"
.Fc
.Sh DESCRIPTION
The certificate matching functions are used to check whether a
certificate matches a given host name, email address, or IP address.
The validity of the certificate and its trust level has to be checked by
other means.
.Pp
.Fn X509_check_host
checks if the certificate Subject Alternative Name (SAN) or Subject
CommonName (CN) matches the specified host name, which must be encoded
in the preferred name syntax described in section 3.5 of RFC 1034.
By default, wildcards are supported and they match only in the
left-most label; they may match part of that label with an
explicit prefix or suffix.
For example, by default, the host
.Fa name
.Qq www.example.com
would match a certificate with a SAN or CN value of
.Qq *.example.com ,
.Qq w*.example.com
or
.Qq *w.example.com .
.Pp
Per section 6.4.2 of RFC 6125,
.Fa name
values representing international domain names must be given in A-label
form.
The
.Fa namelen
argument must be the number of characters in the name string or zero, in
which case the length is calculated with
.Fn strlen name .
When
.Fa name
starts with a dot (e.g.\&
.Qq .example.com ) ,
it will be matched by a certificate valid for any sub-domain of
.Fa name ;
see also
.Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
below.
.Pp
When the certificate is matched and
.Fa peername
is not
.Dv NULL ,
a pointer to a copy of the matching SAN or CN from the peer
certificate is stored at the address passed in
.Fa peername .
The application is responsible for freeing the peername via
.Xr free 3
when it is no longer needed.
.Pp
.Fn X509_check_email
checks if the certificate matches the specified email
.Fa address .
Only the mailbox syntax of RFC 822 is supported.
Comments are not allowed,
and no attempt is made to normalize quoted characters.
The
.Fa addresslen
argument must be the number of characters in the address string or zero,
in which case the length is calculated with
.Fn strlen address .
.Pp
.Fn X509_check_ip
checks if the certificate matches a specified IPv4 or IPv6 address.
The
.Fa address
array is in binary format, in network byte order.
The length is either 4 (IPv4) or 16 (IPv6).
Only explicitly marked addresses in the certificates are considered;
IP addresses stored in DNS names and Common Names are ignored.
.Pp
.Fn X509_check_ip_asc
is similar, except that the NUL-terminated string
.Fa address
is first converted to the internal representation.
.Pp
The
.Fa flags
argument is usually 0, but it can be the bitwise OR of the following
flags.
.Pp
The
.Dv X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
flag causes the function to consider the subject DN even if the
certificate contains at least one subject alternative name of the right
type (DNS name or email address as appropriate); the default is to
ignore the subject DN when at least one corresponding subject
alternative names is present.
.Pp
The remaining flags are only meaningful for
.Fn X509_check_host .
.Pp
The
.Dv X509_CHECK_FLAG_NO_WILDCARDS
flag disables wildcard expansion.
.Pp
The
.Dv X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
flag suppresses support for
.Qq *
as a wildcard pattern in labels that have a
prefix or suffix, such as
.Qq www*
or
.Qq *www .
.Pp
The
.Dv X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
flag allows a
.Qq *
that constitutes the complete label of a DNS name (e.g.\&
.Qq *.example.com )
to match more than one label in
.Fa name .
.Pp
The
.Dv X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
flag restricts
.Fa name
values which start with
.Qq \&. ,
that would otherwise match any sub-domain in the peer certificate,
to only match direct child sub-domains.
Thus, for instance, with this flag set a
.Fa name
of
.Qq .example.com
would match a peer certificate with a DNS name of
.Qq www.example.com ,
but would not match a peer certificate with a DNS name of
.Qq www.sub.example.com .
.Sh RETURN VALUES
The functions return 1 for a successful match, 0 for a failed match and
-1 for an internal error: typically a memory allocation failure or an
ASN.1 decoding error.
.Pp
All functions can also return -2 if the input is malformed.
For example,
.Fn X509_check_host
returns -2 if the provided
.Fa name
contains embedded NUL bytes.
.Sh HISTORY
These functions were added in OpenSSL 1.0.2.
Added jni/libressl/man/X509_check_issued.3.
















































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
.\"	$OpenBSD: X509_check_issued.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt X509_CHECK_ISSUED 3
.Os
.Sh NAME
.Nm X509_check_issued
.Nd check whether a certificate was issued using a given CA certificate
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft int
.Fo X509_check_issued
.Fa "X509 *issuer"
.Fa "X509 *subject"
.Fc
.Sh DESCRIPTION
This function checks whether the certificate
.Fa subject
was issued using the CA certificate
.Fa issuer .
It does the following checks:
.Bl -bullet
.It
match the issuer field of
.Fa subject
against the subject field of
.Fa issuer
.It
if
.Sy authorityKeyIdentifier
is present in the
.Fa subject
certificate,
compare it to the
.Sy subjectKeyIdentifier
of
.Fa issuer
.It
check the
.Sy keyUsage
field of
.Fa issuer .
.El
.Sh RETURN VALUES
This function returns
.Dv X509_V_OK
if the certificate
.Fa subject
is issued by
.Fa issuer ,
or some
.Dv X509_V_ERR*
constant to indicate an error.
.Sh SEE ALSO
.Xr X509_check_ca 3 ,
.Xr X509_verify_cert 3
Added jni/libressl/man/X509_cmp_time.3.












































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
.\"	$OpenBSD: X509_cmp_time.3,v 1.3 2017/03/27 17:00:54 jmc Exp $
.\"	OpenSSL X509_cmp_time.pod 80770da3 Feb 17 19:00:15 2017 +0100
.\"
.\" This file was written by Emilia Kasper <emilia@openssl.org>
.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 27 2017 $
.Dt X509_CMP_TIME 3
.Os
.Sh NAME
.Nm X509_cmp_time
.Nd compare an ASN.1 Time to a time in seconds since the Epoch
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_cmp_time
.Fa "const ASN1_TIME *asn1_time"
.Fa "time_t *cmp_time"
.Fc
.Sh DESCRIPTION
.Fn X509_cmp_time
parses
.Fa asn1_time
with
.Xr ASN1_time_parse 3
and compares it to
.Fa cmp_time .
If
.Fa cmp_time
is
.Dv NULL ,
the current time is used.
.Sh RETURN VALUES
.Fn X509_cmp_time
returns -1 if
.Fa asn1_time
is earlier than or equal to
.Fa cmp_time ,
1 if it is later, or 0 on error.
.Sh SEE ALSO
.Xr ASN1_time_parse 3 ,
.Xr time 3
Added jni/libressl/man/X509_digest.3.










































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
.\"	$OpenBSD: X509_digest.3,v 1.1 2017/03/25 22:21:21 schwarze Exp $
.\"	OpenSSL X509_digest.pod 3ba4dac6 Mar 23 13:04:52 2017 -0400
.\"
.\" This file was written by Rich Salz <rsalz@openssl.org>
.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 25 2017 $
.Dt X509_DIGEST 3
.Os
.Sh NAME
.Nm X509_digest ,
.Nm X509_CRL_digest ,
.Nm X509_pubkey_digest ,
.Nm X509_NAME_digest ,
.Nm X509_REQ_digest ,
.Nm PKCS7_ISSUER_AND_SERIAL_digest
.Nd get digests of various objects
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_digest
.Fa "const X509 *data"
.Fa "const EVP_MD *type"
.Fa "unsigned char *md"
.Fa "unsigned int *len"
.Fc
.Ft int
.Fo X509_CRL_digest
.Fa "const X509_CRL *data"
.Fa "const EVP_MD *type"
.Fa "unsigned char *md"
.Fa "unsigned int *len"
.Fc
.Ft int
.Fo X509_pubkey_digest
.Fa "const X509 *data"
.Fa "const EVP_MD *type"
.Fa "unsigned char *md"
.Fa "unsigned int *len"
.Fc
.Ft int
.Fo X509_REQ_digest
.Fa "const X509_REQ *data"
.Fa "const EVP_MD *type"
.Fa "unsigned char *md"
.Fa "unsigned int *len"
.Fc
.Ft int
.Fo X509_NAME_digest
.Fa "const X509_NAME *data"
.Fa "const EVP_MD *type"
.Fa "unsigned char *md"
.Fa "unsigned int *len"
.Fc
.In openssl/pkcs7.h
.Ft int
.Fo PKCS7_ISSUER_AND_SERIAL_digest
.Fa "PKCS7_ISSUER_AND_SERIAL *data"
.Fa "const EVP_MD *type"
.Fa "unsigned char *md"
.Fa "unsigned int *len"
.Fc
.Sh DESCRIPTION
.Fn X509_pubkey_digest
returns a digest of the DER representation of the public key contained in
.Fa data .
All other functions described here return a digest of the DER
representation of their entire
.Fa data
object.
.Pp
The
.Fa type
parameter specifies the digest to be used, such as
.Xr EVP_sha1 3 .
.Fa md
is a pointer to the buffer where the digest will be copied and is
assumed to be large enough; a size of at least
.Dv EVP_MAX_MD_SIZE
bytes is suggested.
The
.Fa len
parameter, if not
.Dv NULL ,
points to a place where the digest size will be stored.
.Sh RETURN VALUES
These functions return 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr EVP_get_digestbyname 3
Added jni/libressl/man/X509_get_pubkey.3.






































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
.\"	$OpenBSD: X509_get_pubkey.3,v 1.1 2016/12/05 18:24:08 schwarze Exp $
.\"	OpenSSL e7fabc5e Sep 7 13:41:20 2015 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt X509_GET_PUBKEY 3
.Os
.Sh NAME
.Nm X509_get_pubkey ,
.Nm X509_set_pubkey ,
.Nm X509_get_X509_PUBKEY ,
.Nm X509_REQ_get_pubkey ,
.Nm X509_REQ_set_pubkey
.Nd get or set certificate or certificate request public key
.Sh SYNOPSIS
.In openssl/x509.h
.Ft EVP_PKEY *
.Fo X509_get_pubkey
.Fa "X509 *x"
.Fc
.Ft int
.Fo X509_set_pubkey
.Fa "X509 *x"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft X509_PUBKEY *
.Fo X509_get_X509_PUBKEY
.Fa "X509 *x"
.Fc
.Ft EVP_PKEY *
.Fo X509_REQ_get_pubkey
.Fa "X509_REQ *req"
.Fc
.Ft int
.Fo X509_REQ_set_pubkey
.Fa "X509_REQ *x"
.Fa "EVP_PKEY *pkey"
.Fc
.Sh DESCRIPTION
.Fn X509_get_pubkey
attempts to decode the public key for certificate
.Fa x .
If successful it returns the public key as an
.Vt EVP_PKEY
pointer with its reference count incremented: this means the returned
key must be freed up after use.
.Pp
.Fn X509_get_X509_PUBKEY
returns an internal pointer to the
.Vt X509_PUBKEY
structure which encodes the certificate of
.Fa x .
The returned value must not be freed up after use.
.Fn X509_get_X509_PUBKEY
is implemented as a macro.
.Pp
.Fn X509_set_pubkey
attempts to set the public key for certificate
.Fa x
to
.Fa pkey .
The key
.Fa pkey
should be freed up after use.
.Pp
.Fn X509_REQ_get_pubkey
and
.Fn X509_REQ_set_pubkey
are similar but operate on certificate request
.Fa req .
.Pp
The first time a public key is decoded, the
.Vt EVP_PKEY
structure is cached in the certificate or certificate request itself.
Subsequent calls return the cached structure with its reference count
incremented to improve performance.
.Sh RETURN VALUES
.Fn X509_get_pubkey ,
.Fn X509_get_X509_PUBKEY ,
and
.Fn X509_REQ_get_pubkey
return a public key or
.Dv NULL
if an error occurred.
.Pp
.Fn X509_set_pubkey
and
.Fn X509_REQ_set_pubkey
return 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_print_ex 3 ,
.Xr X509_new 3 ,
.Xr X509_sign 3 ,
.Xr X509_verify_cert 3 ,
.Xr X509V3_get_d2i 3
Added jni/libressl/man/X509_get_serialNumber.3.
































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
.\"	$OpenBSD: X509_get_serialNumber.3,v 1.1 2016/12/05 18:24:08 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt X509_GET_SERIALNUMBER 3
.Os
.Sh NAME
.Nm X509_get_serialNumber ,
.Nm X509_set_serialNumber
.Nd get or set certificate serial number
.Sh SYNOPSIS
.In openssl/x509.h
.Ft ASN1_INTEGER *
.Fo X509_get_serialNumber
.Fa "X509 *x"
.Fc
.Ft int
.Fo X509_set_serialNumber
.Fa "X509 *x"
.Fa "ASN1_INTEGER *serial"
.Fc
.Sh DESCRIPTION
.Fn X509_get_serialNumber
returns the serial number of certificate
.Fa x
as an
.Vt ASN1_INTEGER
structure which can be examined or initialised.
The value returned is an internal pointer which must not be freed
up after the call.
.Pp
.Fn X509_set_serialNumber
sets the serial number of certificate
.Fa x
to
.Fa serial .
A copy of the serial number is used internally so
.Fa serial
should be freed up after use.
.Sh RETURN VALUES
.Fn X509_get_serialNumber
returns an
.Vt ASN1_INTEGER
structure.
.Pp
.Fn X509_set_serialNumber
returns 1 for success and 0 for failure.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_print_ex 3 ,
.Xr X509_new 3 ,
.Xr X509_sign 3 ,
.Xr X509_verify_cert 3 ,
.Xr X509V3_get_d2i 3
.Sh HISTORY
.Fn X509_get_serialNumber
and
.Fn X509_set_serialNumber
are available in all versions of OpenSSL.
Added jni/libressl/man/X509_get_subject_name.3.




















































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
.\"	$OpenBSD: X509_get_subject_name.3,v 1.2 2016/12/14 16:20:28 schwarze Exp $
.\"	OpenSSL 0ad69cd6 Jun 14 23:02:16 2016 +0200
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 14 2016 $
.Dt X509_GET_SUBJECT_NAME 3
.Os
.Sh NAME
.Nm X509_get_subject_name ,
.Nm X509_set_subject_name ,
.Nm X509_get_issuer_name ,
.Nm X509_set_issuer_name ,
.Nm X509_REQ_get_subject_name ,
.Nm X509_REQ_set_subject_name ,
.Nm X509_CRL_get_issuer ,
.Nm X509_CRL_set_issuer_name
.Nd get and set issuer or subject names
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_NAME *
.Fo X509_get_subject_name
.Fa "X509 *x"
.Fc
.Ft int
.Fo X509_set_subject_name
.Fa "X509 *x"
.Fa "X509_NAME *name"
.Fc
.Ft X509_NAME *
.Fo X509_get_issuer_name
.Fa "X509 *x"
.Fc
.Ft int
.Fo X509_set_issuer_name
.Fa "X509 *x"
.Fa "X509_NAME *name"
.Fc
.Ft X509_NAME *
.Fo X509_REQ_get_subject_name
.Fa "const X509_REQ *req"
.Fc
.Ft int
.Fo X509_REQ_set_subject_name
.Fa "X509_REQ *req"
.Fa "X509_NAME *name"
.Fc
.Ft X509_NAME *
.Fo X509_CRL_get_issuer
.Fa "const X509_CRL *crl"
.Fc
.Ft int
.Fo X509_CRL_set_issuer_name
.Fa "X509_CRL *x"
.Fa "X509_NAME *name"
.Fc
.Sh DESCRIPTION
.Fn X509_get_subject_name
returns the subject name of certificate
.Fa x .
The returned value is an internal pointer which must not be freed.
.Pp
.Fn X509_set_subject_name
sets the issuer name of certificate
.Fa x
to
.Fa name .
The
.Fa name
parameter is copied internally and should be freed up when it is no
longer needed.
.Pp
.Fn X509_get_issuer_name
and
.Fn X509_set_issuer_name
are identical to
.Fn X509_get_subject_name
and
.Fn X509_set_subject_name
except that they get and set the issuer name of
.Fa x .
.Pp
Similarly
.Fn X509_REQ_get_subject_name ,
.Fn X509_REQ_set_subject_name ,
.Fn X509_CRL_get_issuer ,
and
.Fn X509_CRL_set_issuer_name
get or set the subject or issuer names of certificate requests
of CRLs, respectively.
.Pp
.Fn X509_REQ_get_subject_name
and
.Fn X509_CRL_get_issuer
are implemented as macros.
.Sh RETURN VALUES
.Fn X509_get_subject_name ,
.Fn X509_get_issuer_name ,
.Fn X509_REQ_get_subject_name ,
and
.Fn X509_CRL_get_issuer
return a pointer to an
.Vt X509_NAME
object.
.Pp
.Fn X509_set_subject_name ,
.Fn X509_set_issuer_name ,
.Fn X509_REQ_set_subject_name ,
and
.Fn X509_CRL_set_issuer_name
return 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr d2i_X509_NAME 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_new 3 ,
.Xr X509_NAME_print_ex 3 ,
.Xr X509_new 3 ,
.Xr X509_sign 3 ,
.Xr X509_verify_cert 3 ,
.Xr X509V3_get_d2i 3
Added jni/libressl/man/X509_get_version.3.










































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
.\"	$OpenBSD: X509_get_version.3,v 1.1 2016/12/05 18:24:08 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt X509_GET_VERSION 3
.Os
.Sh NAME
.Nm X509_get_version ,
.Nm X509_set_version ,
.Nm X509_REQ_get_version ,
.Nm X509_REQ_set_version ,
.Nm X509_CRL_get_version ,
.Nm X509_CRL_set_version
.Nd get or set certificate, certificate request, or CRL version
.Sh SYNOPSIS
.In openssl/x509.h
.Ft long
.Fo X509_get_version
.Fa "const X509 *x"
.Fc
.Ft int
.Fo X509_set_version
.Fa "X509 *x"
.Fa "long version"
.Fc
.Ft long
.Fo X509_REQ_get_version
.Fa "const X509_REQ *req"
.Fc
.Ft int
.Fo X509_REQ_set_version
.Fa "X509_REQ *x"
.Fa "long version"
.Fc
.Ft long
.Fo X509_CRL_get_version
.Fa "const X509_CRL *crl"
.Fc
.Ft int
.Fo X509_CRL_set_version
.Fa "X509_CRL *x"
.Fa "long version"
.Fc
.Sh DESCRIPTION
.Fn X509_get_version
returns the numerical value of the version field of certificate
.Fa x .
Note: this is defined by standards (X.509 et al.) to be one less
than the certificate version.
So a version 3 certificate will return 2 and a version 1 certificate
will return 0.
.Pp
.Fn X509_set_version
sets the numerical value of the version field of certificate
.Fa x
to
.Fa version .
.Pp
Similarly
.Fn X509_REQ_get_version ,
.Fn X509_REQ_set_version ,
.Fn X509_CRL_get_version ,
and
.Fn X509_CRL_set_version
get and set the version number of certificate requests and CRLs.
.Pp
The version field of certificates, certificate requests, and CRLs
has a DEFAULT value of v1(0) meaning the field should be omitted
for version 1.
This is handled transparently by these functions.
.Pp
.Fn X509_get_version ,
.Fn X509_REQ_get_version
and
.Fn X509_CRL_get_version
are implemented as macros.
.Sh RETURN VALUES
.Fn X509_get_version ,
.Fn X509_REQ_get_version ,
and
.Fn X509_CRL_get_version
return the numerical value of the version field.
.Pp
.Fn X509_set_version ,
.Fn X509_REQ_set_version ,
and
.Fn X509_CRL_set_version
return 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_get_subject_name 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_print_ex 3 ,
.Xr X509_new 3 ,
.Xr X509_sign 3 ,
.Xr X509_verify_cert 3 ,
.Xr X509V3_get_d2i 3
Changes to jni/libressl/man/X509_new.3.
1

2
3
4
5
6
7
8


9
10
11

12
13
14
15
16
17
18
19
20
21
22



23
24
25
26

27
28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51




52
53












54









55
56
57
58
59
60
61

62
63
64
65
66

67



68


69


70
71




72
73
74



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102



103


104

105






106


107



108









.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW
.nf

.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,



.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the




.\" output yourself in some meaningful fashion.
.\"












.\" Avoid warning from groff about undefined register 'F'.









.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX

.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2

.        \}



.    \}


.\}


.rr rF
.\" ========================================================================




.\"
.IX Title "X509_new 3"
.TH X509_new 3 "2017-01-09" "LibreSSL " "LibreSSL"



.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
X509_new, X509_free \- X509 certificate ASN1 allocation functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& X509 *X509_new(void);
\& void X509_free(X509 *a);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The X509 \s-1ASN1\s0 allocation routines, allocate and free an
X509 structure, which represents an X509 certificate.
.PP
\&\fIX509_new()\fR allocates and initializes a X509 structure.
.PP
\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR.
If \fBa\fR is a \fB\s-1NULL\s0\fR pointer, no action occurs.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
code that can be obtained by \fIERR_get_error\fR\|(3).
Otherwise it returns a pointer to the newly allocated structure.



.SH "SEE ALSO"


.IX Header "SEE ALSO"

\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3)






.SH "HISTORY"


.IX Header "HISTORY"



\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL.









|
>

<
|
|
<
<
|
>
>
|
<
|
>
|
|
|
|
|
|
<
<
<
<
|
>
>
>
|
|
<
<
>
|
|
<
<
|
|
>
|
|
|
<
|
<
|
|
|
<
<

|
|
|
|
|
|
|
>
>
>
>
|

>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
<
|
|
>
|
|
|
|
|
>
|
>
>
>
|
>
>
|
>
>
|
<
>
>
>
>
|
|
|
>
>
>
|
<
|
|
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
|
|

>
>
>
|
>
>
|
>
|
>
>
>
>
>
>
|
>
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
1
2
3

4
5


6
7
8
9

10
11
12
13
14
15
16
17




18
19
20
21
22
23


24
25
26


27
28
29
30
31
32

33

34
35
36


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

97
98
99
100
101
102
103
104
105
106
107

108
109









110











111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
.\"	$OpenBSD: X509_new.3,v 1.10 2016/12/25 22:15:10 schwarze Exp $
.\"	OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006, 2015 The OpenSSL Project.  All rights reserved.


.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.




.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact


.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following

.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"


.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 25 2016 $
.Dt X509_NEW 3
.Os
.Sh NAME
.Nm X509_new ,
.Nm X509_free ,
.Nm X509_up_ref
.Nd X.509 certificate object
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509 *
.Fn X509_new void
.Ft void
.Fo X509_free
.Fa "X509 *a"
.Fc
.Ft int
.Fo X509_up_ref
.Fa "X509 *a"
.Fc
.Sh DESCRIPTION
.Fn X509_new
allocates and initializes an empty
.Vt X509
object with reference count 1.
It represents an ASN.1

.Vt Certificate
structure defined in RFC 5280 section 4.1.
It can hold a public key together with information about the person,
organization, device, or function the associated private key belongs to.
.Pp
.Fn X509_free
decrements the reference count of the
.Vt X509
structure
.Fa a
and frees it up if the reference count reaches 0.
If
.Fa a
is a
.Dv NULL
pointer, no action occurs.
.Pp
.Fn X509_up_ref
increments the reference count of
.Fa a .

This function is useful if a certificate structure is being used
by several different operations each of which will free it up after
use: this avoids the need to duplicate the entire certificate
structure.
.Pp
The object
.Vt X509_INFO ,
which can hold a certificate, the corresponding private key,
and a certificate revocation list, is not yet documented.
.Sh RETURN VALUES
If the allocation fails,

.Fn X509_new
returns









.Dv NULL











and sets an error code that can be obtained by
.Xr ERR_get_error 3 .
Otherwise it returns a pointer to the newly allocated structure.
.Pp
.Fn X509_up_ref
returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr AUTHORITY_KEYID_new 3 ,
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr crypto 3 ,
.Xr d2i_X509 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_ALGOR_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_NAME_new 3 ,
.Xr X509_REQ_new 3 ,
.Xr X509_SIG_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
.Sh HISTORY
.Fn X509_new
and
.Fn X509_free
are available in all versions of SSLeay and OpenSSL.
.Sh BUGS
The X.509 public key infrastructure and its data types contain too
many design bugs to list them.
For lots of examples, see the classic
.Lk https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt\
 "X.509 Style Guide"
that
.An Peter Gutmann
published in 2000.
Added jni/libressl/man/X509_sign.3.




















































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
.\"	$OpenBSD: X509_sign.3,v 1.1 2016/12/05 18:24:08 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt X509_SIGN 3
.Os
.Sh NAME
.Nm X509_sign ,
.Nm X509_sign_ctx ,
.Nm X509_verify ,
.Nm X509_REQ_sign ,
.Nm X509_REQ_sign_ctx ,
.Nm X509_REQ_verify ,
.Nm X509_CRL_sign ,
.Nm X509_CRL_sign_ctx ,
.Nm X509_CRL_verify
.Nd sign or verify certificate, certificate request, or CRL signature
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_sign
.Fa "X509 *x"
.Fa "EVP_PKEY *pkey"
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo X509_sign_ctx
.Fa "X509 *x"
.Fa "EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo X509_verify
.Fa "X509 *a"
.Fa "EVP_PKEY *r"
.Fc
.Ft int
.Fo X509_REQ_sign
.Fa "X509_REQ *x"
.Fa "EVP_PKEY *pkey"
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo X509_REQ_sign_ctx
.Fa "X509_REQ *x"
.Fa "EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo X509_REQ_verify
.Fa "X509_REQ *a"
.Fa "EVP_PKEY *r"
.Fc
.Ft int
.Fo X509_CRL_sign
.Fa "X509_CRL *x"
.Fa "EVP_PKEY *pkey"
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo X509_CRL_sign_ctx
.Fa "X509_CRL *x"
.Fa "EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo X509_CRL_verify
.Fa "X509_CRL *a"
.Fa "EVP_PKEY *r"
.Fc
.Sh DESCRIPTION
.Fn X509_sign
signs the certificate
.Fa x
using the private key
.Fa pkey
and the message digest
.Fa md
and sets the signature in
.Fa x .
.Fn X509_sign_ctx
also signs the certificate
.Fa x
but uses the parameters contained in digest context
.Fa ctx .
.Pp
.Fn X509_verify
verifies the signature of certificate
.Fa x
using the public key
.Fa pkey .
Only the signature is checked: no other checks (such as certificate
chain validity) are performed.
.Pp
.Fn X509_REQ_sign ,
.Fn X509_REQ_sign_ctx ,
.Fn X509_REQ_verify ,
.Fn X509_CRL_sign ,
.Fn X509_CRL_sign_ctx ,
and
.Fn X509_CRL_verify
sign and verify certificate requests and CRLs, respectively.
.Pp
.Fn X509_sign_ctx
is used where the default parameters for the corresponding public key
and digest are not suitable.
It can be used to sign keys using RSA-PSS for example.
.Pp
For efficiency reasons and to work around ASN.1 encoding issues, the
encoding of the signed portion of a certificate, certificate request,
and CRL is cached internally.
If the signed portion of the structure is modified, the encoding is not
always updated, meaning a stale version is sometimes used.
This is not normally a problem because modifying the signed portion will
invalidate the signature and signing will always update the encoding.
.Sh RETURN VALUES
.Fn X509_sign ,
.Fn X509_sign_ctx ,
.Fn X509_REQ_sign ,
.Fn X509_REQ_sign_ctx ,
.Fn X509_CRL_sign ,
and
.Fn X509_CRL_sign_ctx
return the size of the signature in bytes for success or 0 for failure.
.Pp
.Fn X509_verify ,
.Fn X509_REQ_verify ,
and
.Fn X509_CRL_verify
return 1 if the signature is valid or 0 if the signature check fails.
If the signature could not be checked at all because it was invalid or
some other error occurred, then -1 is returned.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_get_subject_name 3 ,
.Xr X509_get_version 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_print_ex 3 ,
.Xr X509_new 3 ,
.Xr X509_verify_cert 3 ,
.Xr X509V3_get_d2i 3
.Sh HISTORY
.Fn X509_sign ,
.Fn X509_REQ_sign ,
and
.Fn X509_CRL_sign
are available in all versions of OpenSSL.
.Pp
.Fn X509_sign_ctx ,
.Fn X509_REQ_sign_ctx ,
and
.Fn X509_CRL_sign_ctx
were first added to OpenSSL 1.0.1.
Changes to jni/libressl/man/X509_verify_cert.3.
1

2
3
4
5
6
7
8
9
10
11


12
13
14
15
16


17
18
19
20
21
22
23
24
25
26
27

28
29
30

31
32

33
34

35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79

80
81
82
83
84
85


86
87
88
89

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105



106
107
108
109
110
111
112
113
114

115
116
117
118
119
120
121





.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf


.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi


..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""

'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"


.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"

.IX Title "X509_verify_cert 3"
.TH X509_verify_cert 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"

X509_verify_cert \- discover and verify X509 certificate chain
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&


\& int X509_verify_cert(X509_STORE_CTX *ctx);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"

The \fIX509_verify_cert()\fR function attempts to discover and validate a
certificate chain based on parameters in \fBctx\fR. A complete description of
the process is contained in the \fIverify\fR\|(1) manual page.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If a complete chain can be built and validated this function returns 1,
otherwise it return zero, in exceptional circumstances it can also
return a negative code.
.PP
If the function fails additional error information can be obtained by
examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR.
.SH "NOTES"
.IX Header "NOTES"
Applications rarely call this function directly but it is used by
OpenSSL internally for certificate validation, in both the S/MIME and
\&\s-1SSL/TLS\s0 code.



.PP
The negative return value from \fIX509_verify_cert()\fR can only occur if no
certificate is set in \fBctx\fR (due to a programming error) or if a retry
operation is requested during internal lookups (which never happens with
standard lookup methods). It is however recommended that application check
for <= 0 return value on error.
.SH "BUGS"
.IX Header "BUGS"
This function uses the header \fBx509.h\fR as opposed to most chain verification

functions which use \fBx509_vfy.h\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_STORE_CTX_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIX509_verify_cert()\fR is available in all versions of SSLeay and OpenSSL.





|
>

<
|
|
<
<
|
<
<
<
>
>
|
|
<
<
<
>
>
|
<
<
<
<
<
<
<
<
<
<
>
|
<
<
>
|
|
>
|
|
>
|
<
<
|
|
|
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

>
>
|
|
|
|
|
|
<
|
|
|
<
<
<
<
<
|
<
<

>
|
<
<
<
<
|
|
>
|
|
<
<
|
<
>
>
|
|
|
<
>
|
|
<
<
|
<
<
|
|
<
<
<
<
|

|
>
>
>
|
<
<
<
<
|
|
<
<
>
|
|
|
|
|
|
|
>
>
>
>
>
1
2
3

4
5


6



7
8
9
10



11
12
13










14
15


16
17
18
19
20
21
22
23


24
25
26
27


28


29
30
31
32



33
34
35
36
37
38
39
40
41
42
43
44
45

46
47
48





49


50
51
52




53
54
55
56
57


58

59
60
61
62
63

64
65
66


67


68
69




70
71
72
73
74
75
76




77
78


79
80
81
82
83
84
85
86
87
88
89
90
91
.\"	$OpenBSD: X509_verify_cert.3,v 1.5 2017/01/03 06:29:04 beck Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2015 The OpenSSL Project.  All rights reserved.


.\"



.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"



.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"










.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in


.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"


.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED





.\" OF THE POSSIBILITY OF SUCH DAMAGE.


.\"
.Dd $Mdocdate: January 3 2017 $
.Dt X509_VERIFY_CERT 3




.Os
.Sh NAME
.Nm X509_verify_cert
.Nd discover and verify X509 certificate chain
.Sh SYNOPSIS


.In openssl/x509.h

.Ft int
.Fo X509_verify_cert
.Fa "X509_STORE_CTX *ctx"
.Fc
.Sh DESCRIPTION

The
.Fn X509_verify_cert
function attempts to discover and validate a certificate chain based on


parameters in


.Fa ctx .
.Pp




Applications rarely call this function directly, but it is used by
OpenSSL internally for certificate validation, in both the S/MIME and
SSL/TLS code.
.Sh RETURN VALUES
If a complete chain can be built and validated this function returns 1,
otherwise it returns a value <= 0 indicating failure.
.Pp




Additional error information can be obtained by examining
.Fa ctx ,


using
.Xr X509_STORE_CTX_get_error 3 .
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr X509_STORE_CTX_get_error 3
.Sh HISTORY
.Fn X509_verify_cert
is available in all versions of SSLeay and OpenSSL.
.Sh BUGS
This function uses the header
.In openssl/x509.h
as opposed to most chain verification functions which use
.In openssl/x509_vfy.h .
Added jni/libressl/man/X509v3_get_ext_by_NID.3.








































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
.\"	$OpenBSD: X509v3_get_ext_by_NID.3,v 1.3 2016/12/15 15:22:17 schwarze Exp $
.\"	OpenSSL c952780c Jun 21 07:03:34 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 15 2016 $
.Dt X509V3_GET_EXT_BY_NID 3
.Os
.Sh NAME
.Nm X509v3_get_ext_count ,
.Nm X509v3_get_ext ,
.Nm X509v3_get_ext_by_NID ,
.Nm X509v3_get_ext_by_OBJ ,
.Nm X509v3_get_ext_by_critical ,
.Nm X509v3_delete_ext ,
.Nm X509v3_add_ext ,
.Nm X509_get_ext_count ,
.Nm X509_get_ext ,
.Nm X509_get_ext_by_NID ,
.Nm X509_get_ext_by_OBJ ,
.Nm X509_get_ext_by_critical ,
.Nm X509_delete_ext ,
.Nm X509_add_ext ,
.Nm X509_CRL_get_ext_count ,
.Nm X509_CRL_get_ext ,
.Nm X509_CRL_get_ext_by_NID ,
.Nm X509_CRL_get_ext_by_OBJ ,
.Nm X509_CRL_get_ext_by_critical ,
.Nm X509_CRL_delete_ext ,
.Nm X509_CRL_add_ext ,
.Nm X509_REVOKED_get_ext_count ,
.Nm X509_REVOKED_get_ext ,
.Nm X509_REVOKED_get_ext_by_NID ,
.Nm X509_REVOKED_get_ext_by_OBJ ,
.Nm X509_REVOKED_get_ext_by_critical ,
.Nm X509_REVOKED_delete_ext ,
.Nm X509_REVOKED_add_ext
.Nd extension stack utility functions
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509v3_get_ext_count
.Fa "const STACK_OF(X509_EXTENSION) *x"
.Fc
.Ft X509_EXTENSION *
.Fo X509v3_get_ext
.Fa "const STACK_OF(X509_EXTENSION) *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509v3_get_ext_by_NID
.Fa "const STACK_OF(X509_EXTENSION) *x"
.Fa "int nid"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509v3_get_ext_by_OBJ
.Fa "const STACK_OF(X509_EXTENSION) *x"
.Fa "ASN1_OBJECT *obj"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509v3_get_ext_by_critical
.Fa "const STACK_OF(X509_EXTENSION) *x"
.Fa "int crit"
.Fa "int lastpos"
.Fc
.Ft X509_EXTENSION *
.Fo X509v3_delete_ext
.Fa "STACK_OF(X509_EXTENSION) *x"
.Fa "int loc"
.Fc
.Ft STACK_OF(X509_EXTENSION) *
.Fo X509v3_add_ext
.Fa "STACK_OF(X509_EXTENSION) **x"
.Fa "X509_EXTENSION *ex"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_get_ext_count
.Fa "X509 *x"
.Fc
.Ft X509_EXTENSION *
.Fo X509_get_ext
.Fa "X509 *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_get_ext_by_NID
.Fa "X509 *x"
.Fa "int nid"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509_get_ext_by_OBJ
.Fa "X509 *x"
.Fa "ASN1_OBJECT *obj"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509_get_ext_by_critical
.Fa "X509 *x"
.Fa "int crit"
.Fa "int lastpos"
.Fc
.Ft X509_EXTENSION *
.Fo X509_delete_ext
.Fa "X509 *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_add_ext
.Fa "X509 *x"
.Fa "X509_EXTENSION *ex"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_CRL_get_ext_count
.Fa "X509_CRL *x"
.Fc
.Ft X509_EXTENSION *
.Fo X509_CRL_get_ext
.Fa "X509_CRL *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_CRL_get_ext_by_NID
.Fa "X509_CRL *x"
.Fa "int nid"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509_CRL_get_ext_by_OBJ
.Fa "X509_CRL *x"
.Fa "ASN1_OBJECT *obj"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509_CRL_get_ext_by_critical
.Fa "X509_CRL *x"
.Fa "int crit"
.Fa "int lastpos"
.Fc
.Ft X509_EXTENSION *
.Fo X509_CRL_delete_ext
.Fa "X509_CRL *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_CRL_add_ext
.Fa "X509_CRL *x"
.Fa "X509_EXTENSION *ex"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_REVOKED_get_ext_count
.Fa "X509_REVOKED *x"
.Fc
.Ft X509_EXTENSION *
.Fo X509_REVOKED_get_ext
.Fa "X509_REVOKED *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_REVOKED_get_ext_by_NID
.Fa "X509_REVOKED *x"
.Fa "int nid"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509_REVOKED_get_ext_by_OBJ
.Fa "X509_REVOKED *x"
.Fa "ASN1_OBJECT *obj"
.Fa "int lastpos"
.Fc
.Ft int
.Fo X509_REVOKED_get_ext_by_critical
.Fa "X509_REVOKED *x"
.Fa "int crit"
.Fa "int lastpos"
.Fc
.Ft X509_EXTENSION *
.Fo X509_REVOKED_delete_ext
.Fa "X509_REVOKED *x"
.Fa "int loc"
.Fc
.Ft int
.Fo X509_REVOKED_add_ext
.Fa "X509_REVOKED *x"
.Fa "X509_EXTENSION *ex"
.Fa "int loc"
.Fc
.Sh DESCRIPTION
.Fn X509v3_get_ext_count
retrieves the number of extensions in
.Fa x .
.Pp
.Fn X509v3_get_ext
retrieves extension
.Fa loc
from
.Fa x .
The index
.Fa loc
can take any value from 0 to
.Fn X509_get_ext_count x No - 1 .
The returned extension is an internal pointer which must not be
freed up by the application.
.Pp
.Fn X509v3_get_ext_by_NID
and
.Fn X509v3_get_ext_by_OBJ
look for an extension with
.Fa nid
or
.Fa obj
from extension stack
.Fa x .
The search starts from the extension after
.Fa lastpos
or from the beginning if
.Fa lastpos
is -1.
If the extension is found, its index is returned; otherwise, -1 is
returned.
.Pp
.Fn X509v3_get_ext_by_critical
is similar to
.Fn X509v3_get_ext_by_NID
except that it looks for an extension of criticality
.Fa crit .
A zero value for
.Fa crit
looks for a non-critical extension; a non-zero value looks for a
critical extension.
.Pp
.Fn X509v3_delete_ext
deletes the extension with index
.Fa loc
from
.Fa x .
The deleted extension is returned and must be freed by the caller.
If
.Fa loc
is an invalid index value,
.Dv NULL
is returned.
.Pp
.Xr X509v3_add_ext 3
adds the extension
.Fa ex
to the stack
.Pf * Fa x
at position
.Fa loc .
If
.Fa loc
is -1, the new extension is added to the end.
If
.Pf * Fa x
is
.Dv NULL ,
a new stack will be allocated.
The passed extension
.Fa ex
is duplicated internally so it must be freed after use.
.Pp
.Fn X509_get_ext_count ,
.Fn X509_get_ext ,
.Fn X509_get_ext_by_NID ,
.Fn X509_get_ext_by_OBJ ,
.Fn X509_get_ext_by_critical ,
.Fn X509_delete_ext ,
and
.Fn X509_add_ext
operate on the extensions of certificate
.Fa x .
They are otherwise identical to the X509v3 functions.
.Pp
.Fn X509_CRL_get_ext_count ,
.Fn X509_CRL_get_ext ,
.Fn X509_CRL_get_ext_by_NID ,
.Fn X509_CRL_get_ext_by_OBJ ,
.Fn X509_CRL_get_ext_by_critical ,
.Fn X509_CRL_delete_ext ,
and
.Fn X509_CRL_add_ext
operate on the extensions of the CRL
.Fa x .
They are otherwise identical to the X509v3 functions.
.Pp
.Fn X509_REVOKED_get_ext_count ,
.Fn X509_REVOKED_get_ext ,
.Fn X509_REVOKED_get_ext_by_NID ,
.Fn X509_REVOKED_get_ext_by_OBJ ,
.Fn X509_REVOKED_get_ext_by_critical ,
.Fn X509_REVOKED_delete_ext ,
and
.Fn X509_REVOKED_add_ext
operate on the extensions of the CRL entry
.Fa x .
They are otherwise identical to the X509v3 functions.
.Pp
These functions are used to examine stacks of extensions directly.
Many applications will want to parse or encode and add an extension:
they should use the extension encode and decode functions instead
such as
.Xr X509_get_ext_d2i 3 .
.Pp
Extension indices start from zero, so a zero index return value is
not an error.
These search functions start from the extension
.Em after
the
.Fa lastpos
parameter, so it should initially be set to -1.
If it is set to 0, the initial extension will not be checked.
.Sh RETURN VALUES
.Fn X509v3_get_ext_count
returns the extension count.
.Pp
.Fn X509v3_get_ext
and
.Fn X509v3_delete_ext
return an
.Vt X509_EXTENSION
pointer or
.Dv NULL
if an error occurs.
.Pp
.Fn X509v3_get_ext_by_NID ,
.Fn X509v3_get_ext_by_OBJ ,
and
.Fn X509v3_get_ext_by_critical
return the extension index or -1 if an error occurs.
.Pp
.Xr X509v3_add_ext 3
returns a stack of extensions or
.Dv NULL
on error.
.Sh SEE ALSO
.Xr X509_EXTENSION_new 3 ,
.Xr X509V3_get_d2i 3
Deleted jni/libressl/man/bn.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "bn 3"
.TH bn 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
bn \- multiprecision integer arithmetics
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/bn.h>
\&
\& BIGNUM *BN_new(void);
\& void BN_free(BIGNUM *a);
\& void BN_init(BIGNUM *);
\& void BN_clear(BIGNUM *a);
\& void BN_clear_free(BIGNUM *a);
\&
\& BN_CTX *BN_CTX_new(void);
\& void BN_CTX_init(BN_CTX *c);
\& void BN_CTX_free(BN_CTX *c);
\&
\& BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
\& BIGNUM *BN_dup(const BIGNUM *a);
\&
\& BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
\&
\& int BN_num_bytes(const BIGNUM *a);
\& int BN_num_bits(const BIGNUM *a);
\& int BN_num_bits_word(BN_ULONG w);
\&
\& void BN_set_negative(BIGNUM *a, int n);
\& int  BN_is_negative(const BIGNUM *a);
\&
\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
\&         BN_CTX *ctx);
\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
\& int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
\& int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\&         BN_CTX *ctx);
\& int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\&         BN_CTX *ctx);
\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\&         BN_CTX *ctx);
\& int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
\&         const BIGNUM *m, BN_CTX *ctx);
\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\&
\& int BN_add_word(BIGNUM *a, BN_ULONG w);
\& int BN_sub_word(BIGNUM *a, BN_ULONG w);
\& int BN_mul_word(BIGNUM *a, BN_ULONG w);
\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
\&
\& int BN_cmp(BIGNUM *a, BIGNUM *b);
\& int BN_ucmp(BIGNUM *a, BIGNUM *b);
\& int BN_is_zero(BIGNUM *a);
\& int BN_is_one(BIGNUM *a);
\& int BN_is_word(BIGNUM *a, BN_ULONG w);
\& int BN_is_odd(BIGNUM *a);
\&
\& int BN_zero(BIGNUM *a);
\& int BN_one(BIGNUM *a);
\& const BIGNUM *BN_value_one(void);
\& int BN_set_word(BIGNUM *a, unsigned long w);
\& unsigned long BN_get_word(BIGNUM *a);
\&
\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
\&
\& BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
\&         BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
\& int BN_is_prime(const BIGNUM *p, int nchecks,
\&         void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
\&
\& int BN_set_bit(BIGNUM *a, int n);
\& int BN_clear_bit(BIGNUM *a, int n);
\& int BN_is_bit_set(const BIGNUM *a, int n);
\& int BN_mask_bits(BIGNUM *a, int n);
\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
\& int BN_lshift1(BIGNUM *r, BIGNUM *a);
\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
\& int BN_rshift1(BIGNUM *r, BIGNUM *a);
\&
\& int BN_bn2bin(const BIGNUM *a, unsigned char *to);
\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
\& char *BN_bn2hex(const BIGNUM *a);
\& char *BN_bn2dec(const BIGNUM *a);
\& int BN_hex2bn(BIGNUM **a, const char *str);
\& int BN_dec2bn(BIGNUM **a, const char *str);
\& int BN_print(BIO *fp, const BIGNUM *a);
\& int BN_print_fp(FILE *fp, const BIGNUM *a);
\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
\&
\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
\&     BN_CTX *ctx);
\&
\& BN_RECP_CTX *BN_RECP_CTX_new(void);
\& void BN_RECP_CTX_init(BN_RECP_CTX *recp);
\& void BN_RECP_CTX_free(BN_RECP_CTX *recp);
\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
\&        BN_RECP_CTX *recp, BN_CTX *ctx);
\&
\& BN_MONT_CTX *BN_MONT_CTX_new(void);
\& void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
\& void BN_MONT_CTX_free(BN_MONT_CTX *mont);
\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
\&         BN_MONT_CTX *mont, BN_CTX *ctx);
\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
\&         BN_CTX *ctx);
\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
\&         BN_CTX *ctx);
\&
\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
\&        BIGNUM *mod);
\& void BN_BLINDING_free(BN_BLINDING *b);
\& int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
\&        BN_CTX *ctx);
\& int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
\&        BN_CTX *ctx);
\& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
\& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
\&        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
\&        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
\&                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
\&        BN_MONT_CTX *m_ctx);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This library performs arithmetic operations on integers of arbitrary
size. It was written for use in public key cryptography, such as \s-1RSA\s0
and Diffie-Hellman.
.PP
It uses dynamic memory allocation for storing its data structures.
That means that there is no limit on the size of the numbers
manipulated by these functions, but return values must always be
checked in case a memory allocation error has occurred.
.PP
The basic object in this library is a \fB\s-1BIGNUM\s0\fR. It is used to hold a
single large integer. This type should be considered opaque and fields
should not be modified or accessed directly.
.PP
The creation of \fB\s-1BIGNUM\s0\fR objects is described in \fIBN_new\fR\|(3);
\&\fIBN_add\fR\|(3) describes most of the arithmetic operations.
Comparison is described in \fIBN_cmp\fR\|(3); \fIBN_zero\fR\|(3)
describes certain assignments, \fIBN_rand\fR\|(3) the generation of
random numbers, \fIBN_generate_prime\fR\|(3) deals with prime
numbers and \fIBN_set_bit\fR\|(3) with bit operations. The conversion
of \fB\s-1BIGNUM\s0\fRs to external formats is described in \fIBN_bn2bin\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIbn_dump\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3),
\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIBN_new\fR\|(3),
\&\fIBN_CTX_new\fR\|(3), \fIBN_copy\fR\|(3),
\&\fIBN_swap\fR\|(3), \fIBN_num_bytes\fR\|(3),
\&\fIBN_add\fR\|(3), \fIBN_add_word\fR\|(3),
\&\fIBN_cmp\fR\|(3), \fIBN_zero\fR\|(3), \fIBN_rand\fR\|(3),
\&\fIBN_generate_prime\fR\|(3), \fIBN_set_bit\fR\|(3),
\&\fIBN_bn2bin\fR\|(3), \fIBN_mod_inverse\fR\|(3),
\&\fIBN_mod_mul_reciprocal\fR\|(3),
\&\fIBN_mod_mul_montgomery\fR\|(3),
\&\fIBN_BLINDING_new\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


























































































































































































































































































































































































































































































































Changes to jni/libressl/man/bn_dump.3.
1

2
















































3
4
5
6
7
8
9
10
.\"	$OpenBSD$

.\"
















































.Dd $Mdocdate: November 12 2015 $
.Dt BN_DUMP 3
.Os
.Sh NAME
.Nm bn_mul_words ,
.Nm bn_mul_add_words ,
.Nm bn_sqr_words ,
.Nm bn_div_words ,
|
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.\"	$OpenBSD: bn_dump.3,v 1.6 2016/12/10 21:32:14 schwarze Exp $
.\"	OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 2000, 2003, 2006, 2009 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 10 2016 $
.Dt BN_DUMP 3
.Os
.Sh NAME
.Nm bn_mul_words ,
.Nm bn_mul_add_words ,
.Nm bn_sqr_words ,
.Nm bn_div_words ,
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
Since dynamic memory allocation to create
.Vt BIGNUM Ns s
is rather expensive when used in conjunction with repeated subroutine
calls, the
.Vt BN_CTX
structure is used.
This structure contains BN_CTX_NUM
.Vt BIGNUM Ns s,
see
.Xr BN_CTX_start 3 .
.Ss Low-level arithmetic operations
These functions are implemented in C and for several platforms in
assembly language:
.Pp
.Fn bn_mul_words rp ap num w
operates on the
.Fa num
word arrays







|


|







369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
Since dynamic memory allocation to create
.Vt BIGNUM Ns s
is rather expensive when used in conjunction with repeated subroutine
calls, the
.Vt BN_CTX
structure is used.
This structure contains BN_CTX_NUM
.Vt BIGNUM Ns s ;
see
.Xr BN_CTX_start 3 .
.Ss Low level arithmetic operations
These functions are implemented in C and for several platforms in
assembly language:
.Pp
.Fn bn_mul_words rp ap num w
operates on the
.Fa num
word arrays
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
0 otherwise).
.Pp
.Fn bn_mul_comba4 r a b
operates on the 4 word arrays
.Fa a
and
.Fa b
and the 8 word array
.Fa r .
It computes
.Fa a Ns * Ns Fa b
and places the result in
.Fa r .
.Pp
.Fn bn_mul_comba8 r a b
operates on the 8 word arrays
.Fa a
and
.Fa b
and the 16 word array
.Fa r .
It computes
.Fa a Ns * Ns Fa b
and places the result in
.Fa r .
.Pp
.Fn bn_sqr_comba4 r a b
operates on the 4 word arrays
.Fa a
and
.Fa b
and the 8 word array
.Fa r .
.Pp
.Fn bn_sqr_comba8 r a b
operates on the 8 word arrays
.Fa a
and
.Fa b
and the 16 word array
.Fa r .
.Pp
The following functions are implemented in C:







|







|



|







|



|



|







472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
0 otherwise).
.Pp
.Fn bn_mul_comba4 r a b
operates on the 4 word arrays
.Fa a
and
.Fa b
and the 8-word array
.Fa r .
It computes
.Fa a Ns * Ns Fa b
and places the result in
.Fa r .
.Pp
.Fn bn_mul_comba8 r a b
operates on the 8-word arrays
.Fa a
and
.Fa b
and the 16-word array
.Fa r .
It computes
.Fa a Ns * Ns Fa b
and places the result in
.Fa r .
.Pp
.Fn bn_sqr_comba4 r a b
operates on the 4-word arrays
.Fa a
and
.Fa b
and the 8-word array
.Fa r .
.Pp
.Fn bn_sqr_comba8 r a b
operates on the 8-word arrays
.Fa a
and
.Fa b
and the 16 word array
.Fa r .
.Pp
The following functions are implemented in C:
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
to
.Dv stderr .
.Fn bn_dump
prints
.Fa n
words at
.Fa d
(in reverse order, i.e.
most significant word first) to
.Dv stderr .
.Pp
.Fn bn_set_max
makes
.Fa a
a static number with a







|







726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
to
.Dv stderr .
.Fn bn_dump
prints
.Fa n
words at
.Fa d
(in reverse order, i.e.\&
most significant word first) to
.Dv stderr .
.Pp
.Fn bn_set_max
makes
.Fa a
a static number with a
710
711
712
713
714
715
716
717
.Fn bn_check_top ,
.Fn bn_print ,
.Fn bn_dump
and
.Fn bn_set_max
are defined as empty macros.
.Sh SEE ALSO
.Xr bn 3







|
759
760
761
762
763
764
765
766
.Fn bn_check_top ,
.Fn bn_print ,
.Fn bn_dump
and
.Fn bn_set_max
are defined as empty macros.
.Sh SEE ALSO
.Xr BN_new 3
Changes to jni/libressl/man/crypto.3.



















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19


20
21
22

23

24
25


26
27
28
29
30
31
32

33

34

35

36
37


38
39
40
41

42

43



44
45
46



47






48
49
50

51
52

53
54
55
56
57




58
59

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77



















































.Dd $Mdocdate: November 11 2015 $
.Dt CRYPTO 3
.Os
.Sh NAME
.Nm crypto
.Nd OpenSSL cryptographic library
.Sh DESCRIPTION
The OpenSSL crypto library implements a wide range of cryptographic
algorithms used in various Internet standards.
The services provided by this library are used by the OpenSSL
implementations of SSL, TLS and S/MIME, and they have also been used to
implement SSH, OpenPGP, and other cryptographic standards.
.Sh OVERVIEW
.Sy libcrypto
consists of a number of sub-libraries that implement the individual
algorithms.
.Pp
The functionality includes symmetric encryption, public key cryptography
and key agreement, certificate handling, cryptographic hash functions


and a cryptographic pseudo-random number generator.
.Bl -tag -width Ds
.It SYMMETRIC CIPHERS

.Xr blowfish 3 ,

cast,
.Xr des 3 ,


idea,
rc2,
.Xr rc4 3 ,
rc5
.It PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
.Xr dsa 3 ,
.Xr dh 3 ,

.Xr rsa 3

.It CERTIFICATES

.Xr x509 3 ,

x509v3
.It AUTHENTICATION CODES, HASH FUNCTIONS


.Xr hmac 3 ,
.Xr MD2 3 ,
.Xr MD4 3 ,
.Xr MD5 3 ,

.Xr ripemd 3 ,

.Xr sha 3



.It AUXILIARY FUNCTIONS
.Xr ERR 3 ,
.Xr threads 3 ,



.Xr rand 3 ,






.Xr OPENSSL_VERSION_NUMBER 3
.It INPUT/OUTPUT, DATA ENCODING
asn1,

.Xr bio 3 ,
.Xr evp 3 ,

.Xr pem 3 ,
pkcs7,
pkcs12
.It INTERNAL FUNCTIONS
.Xr bn 3 ,




.Xr buffer 3 ,
.Xr ec 3 ,

.Xr lh_new 3 ,
objects,
stack,
txt_db
.El
.Sh NOTES
Some of the newer functions follow a naming convention using the numbers
.Sq 0
and
.Sq 1 .
For example the functions:
.Pp
.Ft int
.Fo X509_CRL_add0_revoked
.Fa "X509_CRL *crl"
.Fa "X509_REVOKED *rev"
.Fc
.br
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|









|

<
<
<
<

|
<
>
>
|
<
<
>
|
>
|
|
>
>
|
<
|
<
<
|
|
>
|
>
|
>
|
>
|
|
>
>
|



>
|
>
|
>
>
>
|
|
|
>
>
>
|
>
>
>
>
>
>
|
|
<
>
|
|
>
|
<
<
|
|
>
>
>
>
|
|
>
|
<
<
<
|
<




|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63




64
65

66
67
68


69
70
71
72
73
74
75
76

77


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120
121


122
123
124
125
126
127
128
129
130
131



132

133
134
135
136
137
138
139
140
141
142
143
144
.\"	$OpenBSD: crypto.3,v 1.16 2017/01/07 08:46:13 jmc Exp $
.\"	OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and
.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2002 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt CRYPTO 3
.Os
.Sh NAME
.Nm crypto
.Nd OpenSSL cryptographic library
.Sh DESCRIPTION
The OpenSSL crypto library implements a wide range of cryptographic
algorithms used in various Internet standards.
The services provided by this library are used by the OpenSSL
implementations of TLS and S/MIME, and they have also been used to
implement SSH, OpenPGP, and other cryptographic standards.




.Pp
.Sy Symmetric ciphers

including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, RC4, and
RC5 are provided by the generic interface
.Xr EVP_EncryptInit 3 .


Low-level stand-alone interfaces include
.Xr BF_set_key 3 ,
.Xr DES_set_key 3 ,
and
.Xr RC4 3 .
.Pp
.Sy Public key cryptography and key agreement
are provided by

.Xr DH_new 3 ,


.Xr DSA_new 3 ,
.Xr ECDSA_SIG_new 3 ,
and
.Xr RSA_new 3 .
.Pp
.Sy Certificates
are handled by
.Xr X509_new 3
and
.Xr X509v3_add_ext 3 .
.Pp
.Sy Authentication codes and hash functions
offered include
.Xr HMAC 3 ,
.Xr MD2 3 ,
.Xr MD4 3 ,
.Xr MD5 3 ,
.Xr RIPEMD160 3 ,
.Xr SHA1 3 ,
and
.Xr SHA256 3 .
.Pp
.Sy Input, output, and data encoding
facilities include ASN.1,
.Xr BIO_new 3 ,
.Xr evp 3 ,
.Xr PEM_read 3 ,
.Xr PKCS7_encrypt 3 ,
.Xr PKCS7_sign 3 ,
.Xr PKCS12_create 3 ,
and
.Xr SMIME_write_PKCS7 3 .
.Pp
.Sy Auxiliary features include:
.Bl -dash -compact
.It
configuration file handling: see
.Xr OPENSSL_config 3
.It

error reporting: see
.Xr ERR 3
.It
thread support: see
.Xr CRYPTO_set_locking_callback 3


.It
.Xr OCSP_REQUEST_new 3
.El
.Pp
.Sy Internal utilities
include
.Xr BIO_f_buffer 3 ,
.Xr BN_new 3 ,
.Xr EC_GROUP_new 3 ,
.Xr lh_new 3 .



.Pp

Some of the newer functions follow a naming convention using the numbers
.Sq 0
and
.Sq 1 .
For example consider the names of these functions:
.Pp
.Ft int
.Fo X509_CRL_add0_revoked
.Fa "X509_CRL *crl"
.Fa "X509_REVOKED *rev"
.Fc
.br
Added jni/libressl/man/d2i_ASN1_NULL.3.








































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
.\"	$OpenBSD: d2i_ASN1_NULL.3,v 1.1 2016/12/29 17:42:54 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 29 2016 $
.Dt D2I_ASN1_NULL 3
.Os
.Sh NAME
.Nm d2i_ASN1_NULL ,
.Nm i2d_ASN1_NULL
.Nd decode and encode an ASN.1 NULL type
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_NULL *
.Fo d2i_ASN1_NULL
.Fa "ASN1_NULL **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_NULL
.Fa "ASN1_NULL *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode the ASN.1 value NULL of type NULL.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_ASN1_NULL
verifies that the BER-encoded value at
.Pf * Fa der_in
is NULL and of type NULL.
It fails if
.Fa length
is less than 2 or if the first two bytes of
.Pf * Fa der_in
differ from 0x05 and 0x00.
In case of success,
.Pf * Fa der_in
is advanced by two bytes and
.Pf * Fa val_out
is set to a specific invalid pointer representing the unique
.Vt ASN1_NULL
object.
.Pp
.Fn i2d_ASN1_NULL
ignores
.Fa val_in
and encodes the ASN.1 value NULL of type NULL using DER.
Specifically, it writes the identifier octet for the type NULL,
0x05, followed by the length octet 0x00, and no content or
end-of-content octets.
.Sh RETURN VALUES
.Fn d2i_ASN1_NULL
returns a specific invalid pointer representing the unique
.Vt ASN1_NULL
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_ASN1_NULL
returns 2 if successful or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ASN1_item_new 3
.Sh STANDARDS
ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical Encoding
Rules (CER) and Distinguished Encoding Rules (DER),
section 8.8: Encoding of null value
Changes to jni/libressl/man/d2i_ASN1_OBJECT.3.
1

2
3
4
5
6
7
8
9
10



11


12




13
14

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36



37
38
39
40
41
42
43
44

45
46
47
48
49
50
51
52
53
54
55
56
57

58



59
60
61
62
63

64



65
66
67
68
69
70
71
72
73




74
75
76
77
78
79
80
81
82


83
84
85
86
87
88
89
90
91

92
93
94
95


96
97
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW



.nf


.ne \\$1




..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\



.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0

.if \n(.g .if rF .nr rF 1



.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..

.        if !\nF==2 \{



.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "d2i_ASN1_OBJECT 3"




.TH d2i_ASN1_OBJECT 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT IDENTIFIER functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"


.Vb 1
\& #include <openssl/objects.h>
\&
\& ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
\& int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an \s-1ASN1 OBJECT IDENTIFIER.\s0

.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
described in the \fId2i_X509\fR\|(3) manual page.
.SH "SEE ALSO"


.IX Header "SEE ALSO"
\&\fId2i_X509\fR\|(3)
|
>

|
<
<
<
<
|
<
<
>
>
>
|
>
>
|
>
>
>
>
|
<
>
|
|
|
<
<
<
<
|
|
<
|
|
|
|
<
<
|
|
|
|
<
|
>
>
>
|
|
|
|
|
|
<
|
>
|
|
|
|
<
<
<
<
<
<
|
|
<
>
|
>
>
>
|
|
|
<
|
>
|
>
>
>
|
|
<
|
|
|
<
|
|
>
>
>
>
|
<
<
<
|
|
|
<
|
>
>
|
|
<
<
|
|
<
<
<
>
|
<
|
|
>
>
|
<
1
2
3
4




5


6
7
8
9
10
11
12
13
14
15
16
17

18
19
20
21




22
23

24
25
26
27


28
29
30
31

32
33
34
35
36
37
38
39
40
41

42
43
44
45
46
47






48
49

50
51
52
53
54
55
56
57

58
59
60
61
62
63
64
65

66
67
68

69
70
71
72
73
74
75



76
77
78

79
80
81
82
83


84
85



86
87

88
89
90
91
92

.\"	$OpenBSD: d2i_ASN1_OBJECT.3,v 1.6 2017/01/05 08:24:38 jmc Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>




.\"


.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: January 5 2017 $
.Dt D2I_ASN1_OBJECT 3
.Os
.Sh NAME




.Nm d2i_ASN1_OBJECT ,
.Nm i2d_ASN1_OBJECT

.Nd decode and encode ASN.1 object identifiers
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_OBJECT *


.Fo d2i_ASN1_OBJECT
.Fa "ASN1_OBJECT **val_out"
.Fa "unsigned char **der_in"
.Fa "long length"

.Fc
.Ft int
.Fo i2d_ASN1_OBJECT
.Fa "ASN1_OBJECT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode ASN.1 object identifiers.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .

.Pp
The objects returned from
.Fn d2i_ASN1_OBJECT
and the data contained in them are always marked as dynamically
allocated, so when they are no longer needed,
.Xr ASN1_OBJECT_free 3






can be called on them.
.Pp

If reusing an existing object is attempted but the
.Pf * Fa val_out
passed in points to an object that is not marked as dynamically
allocated, then the existing object is left untouched and
.Fn d2i_ASN1_OBJECT
behaves as if
.Pf * Fa val_out
would have been

.Dv NULL :
A new object is allocated and a pointer to it is both stored in
.Pf * Fa val_out
and returned.
.Sh RETURN VALUES
.Fn d2i_ASN1_OBJECT
returns an
.Vt ASN1_OBJECT

object or
.Dv NULL
if an error occurs.

.Pp
.Fn i2d_ASN1_OBJECT
returns the number of bytes successfully encoded
or a value <= 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ASN1_OBJECT_new 3 ,



.Xr OBJ_nid2obj 3
.Sh CAVEATS
.Fn d2i_ASN1_OBJECT

never sets the long and short names of the object, not even if the
object identifier matches one that is built into the library.
To find the names of an object identifier parsed from DER or BER
input, call
.Xr OBJ_obj2nid 3


on the returned object, and then
.Xr OBJ_nid2sn 3



and
.Xr OBJ_nid2ln 3

on the result.
.Sh BUGS
When reusing a dynamically allocated object that contains dynamically
allocated names, the old names are not freed and the memory containing
them is leaked.

Added jni/libressl/man/d2i_ASN1_OCTET_STRING.3.




































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
.\"	$OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.4 2017/01/07 08:46:13 jmc Exp $
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt D2I_ASN1_OCTET_STRING 3
.Os
.Sh NAME
.Nm d2i_ASN1_OCTET_STRING ,
.Nm i2d_ASN1_OCTET_STRING ,
.Nm d2i_ASN1_BIT_STRING ,
.Nm i2d_ASN1_BIT_STRING ,
.Nm d2i_ASN1_INTEGER ,
.Nm i2d_ASN1_INTEGER ,
.Nm d2i_ASN1_UINTEGER ,
.Nm d2i_ASN1_ENUMERATED ,
.Nm i2d_ASN1_ENUMERATED ,
.Nm d2i_ASN1_UTF8STRING ,
.Nm i2d_ASN1_UTF8STRING ,
.Nm d2i_ASN1_IA5STRING ,
.Nm i2d_ASN1_IA5STRING ,
.Nm d2i_ASN1_UNIVERSALSTRING ,
.Nm i2d_ASN1_UNIVERSALSTRING ,
.Nm d2i_ASN1_BMPSTRING ,
.Nm i2d_ASN1_BMPSTRING ,
.Nm d2i_ASN1_GENERALSTRING ,
.Nm i2d_ASN1_GENERALSTRING ,
.Nm d2i_ASN1_T61STRING ,
.Nm i2d_ASN1_T61STRING ,
.Nm d2i_ASN1_VISIBLESTRING ,
.Nm i2d_ASN1_VISIBLESTRING ,
.Nm d2i_ASN1_PRINTABLESTRING ,
.Nm i2d_ASN1_PRINTABLESTRING ,
.Nm d2i_ASN1_PRINTABLE ,
.Nm i2d_ASN1_PRINTABLE ,
.Nm d2i_DIRECTORYSTRING ,
.Nm i2d_DIRECTORYSTRING ,
.Nm d2i_DISPLAYTEXT ,
.Nm i2d_DISPLAYTEXT ,
.Nm d2i_ASN1_GENERALIZEDTIME ,
.Nm i2d_ASN1_GENERALIZEDTIME ,
.Nm d2i_ASN1_UTCTIME ,
.Nm i2d_ASN1_UTCTIME ,
.Nm d2i_ASN1_TIME_new ,
.Nm i2d_ASN1_TIME_new
.Nd decode and encode ASN1_STRING objects
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_OCTET_STRING *
.Fo d2i_ASN1_OCTET_STRING
.Fa "ASN1_OCTET_STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_OCTET_STRING
.Fa "ASN1_OCTET_STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_BIT_STRING *
.Fo d2i_ASN1_BIT_STRING
.Fa "ASN1_BIT_STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_BIT_STRING
.Fa "ASN1_BIT_STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_INTEGER *
.Fo d2i_ASN1_INTEGER
.Fa "ASN1_INTEGER **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_INTEGER
.Fa "ASN1_INTEGER *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_INTEGER *
.Fo d2i_ASN1_UINTEGER
.Fa "ASN1_INTEGER **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft ASN1_ENUMERATED *
.Fo d2i_ASN1_ENUMERATED
.Fa "ASN1_ENUMERATED **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_ENUMERATED
.Fa "ASN1_ENUMERATED *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_UTF8STRING *
.Fo d2i_ASN1_UTF8STRING
.Fa "ASN1_UTF8STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_UTF8STRING
.Fa "ASN1_UTF8STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_IA5STRING *
.Fo d2i_ASN1_IA5STRING
.Fa "ASN1_IA5STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_IA5STRING
.Fa "ASN1_IA5STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_UNIVERSALSTRING *
.Fo d2i_ASN1_UNIVERSALSTRING
.Fa "ASN1_UNIVERSALSTRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_UNIVERSALSTRING
.Fa "ASN1_UNIVERSALSTRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_BMPSTRING *
.Fo d2i_ASN1_BMPSTRING
.Fa "ASN1_BMPSTRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_BMPSTRING
.Fa "ASN1_BMPSTRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_GENERALSTRING *
.Fo d2i_ASN1_GENERALSTRING
.Fa "ASN1_GENERALSTRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_GENERALSTRING
.Fa "ASN1_GENERALSTRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_T61STRING *
.Fo d2i_ASN1_T61STRING
.Fa "ASN1_T61STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_T61STRING
.Fa "ASN1_T61STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_VISIBLESTRING *
.Fo d2i_ASN1_VISIBLESTRING
.Fa "ASN1_VISIBLESTRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_VISIBLESTRING
.Fa "ASN1_VISIBLESTRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_PRINTABLESTRING *
.Fo d2i_ASN1_PRINTABLESTRING
.Fa "ASN1_PRINTABLESTRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_PRINTABLESTRING
.Fa "ASN1_PRINTABLESTRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_STRING *
.Fo d2i_ASN1_PRINTABLE
.Fa "ASN1_STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_PRINTABLE
.Fa "ASN1_STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_STRING *
.Fo d2i_DIRECTORYSTRING
.Fa "ASN1_STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DIRECTORYSTRING
.Fa "ASN1_STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_STRING *
.Fo d2i_DISPLAYTEXT
.Fa "ASN1_STRING **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DISPLAYTEXT
.Fa "ASN1_STRING *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_GENERALIZEDTIME *
.Fo d2i_ASN1_GENERALIZEDTIME
.Fa "ASN1_GENERALIZEDTIME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_GENERALIZEDTIME
.Fa "ASN1_GENERALIZEDTIME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_UTCTIME *
.Fo d2i_ASN1_UTCTIME
.Fa "ASN1_UTCTIME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_UTCTIME
.Fa "ASN1_UTCTIME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_TIME *
.Fo d2i_ASN1_TIME
.Fa "ASN1_TIME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_TIME
.Fa "ASN1_TIME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode various ASN.1 built-in types
that can be represented by
.Vt ASN1_STRING
objects.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
The format consists of one identifier octet,
one or more length octets,
and one or more content octets.
The identifier octets and corresponding ASN.1 types are as follows:
.Bl -column ASN1_GENERALIZEDTIME identifier
.It Em OpenSSL type Ta Em identifier Ta Em ASN.1 type
.It Ta
.It Vt ASN1_OCTET_STRING    Ta 0x04 Ta OCTET STRING
.It Vt ASN1_BIT_STRING      Ta 0x03 Ta BIT STRING
.It Vt ASN1_INTEGER         Ta 0x02 Ta INTEGER
.It Vt ASN1_ENUMERATED      Ta 0x0a Ta ENUMERATED
.It Vt ASN1_UTF8STRING      Ta 0x0c Ta UTF8String
.It Vt ASN1_IA5STRING       Ta 0x16 Ta IA5String
.It Vt ASN1_UNIVERSALSTRING Ta 0x1c Ta UniversalString
.It Vt ASN1_BMPSTRING       Ta 0x1e Ta BMPString
.It Vt ASN1_GENERALSTRING   Ta 0x1b Ta GeneralString
.It Vt ASN1_T61STRING       Ta 0x14 Ta T61String
.It Vt ASN1_VISIBLESTRING   Ta 0x1a Ta VisibleString
.It Vt ASN1_PRINTABLESTRING Ta 0x13 Ta PrintableString
.It Vt ASN1_GENERALIZEDTIME Ta 0x18 Ta GeneralizedTime
.It Vt ASN1_UTCTIME         Ta 0x17 Ta UTCTime
.El
.Pp
.Fn d2i_DIRECTORYSTRING
and
.Fn i2d_DIRECTORYSTRING
decode and encode an ASN.1
.Vt DirectoryString
structure defined in RFC 5280 section 4.1.2.4
and used for ASN.1
.Vt EDIPartyName
structures; see
.Xr EDIPARTYNAME_new 3 .
When decoding, it accepts any of the types UTF8String, UniversalString,
BMPString, T61String, or PrintableString.
When encoding,
it writes out the character string type that is actually passed in.
.Pp
.Fn d2i_ASN1_PRINTABLE
and
.Fn i2d_ASN1_PRINTABLE
are non-standard variants of
.Fn d2i_DIRECTORYSTRING
and
.Fn i2d_DIRECTORYSTRING
that also accept IA5String, NumericString, BIT STRING, and SEQUENCE
ASN.1 values as well as ASN.1 values with unknown identifier
octets (0x07, 0x08, 0x09, 0x0b, 0x0d, 0x0e, 0x0f, 0x1d, and 0x1f).
Even though the standard requires the use of
.Vt DirectoryString
in the relative distinguished names described in
.Xr X509_NAME_ENTRY_new 3 ,
the library accepts this wider range of choices.
.Pp
.Fn d2i_DISPLAYTEXT
and
.Fn i2d_DISPLAYTEXT
decode and encode an ASN.1
.Vt DisplayText
structure defined in RFC 5280 section 4.2.1.4
and used for ASN.1
.Vt UserNotice
structures in certificate policies; see
.Xr USERNOTICE_new 3 .
When decoding, it accepts any of the types UTF8String, IA5String,
BMPString, or VisibleString.
When encoding,
it writes out the character string type that is actually passed in.
.Pp
.Fn d2i_ASN1_TIME
and
.Fn i2d_ASN1_TIME
decode and encode an ASN.1
.Vt Time
structure defined in RFC 5280 section 4.1
and used for ASN.1
.Vt Validity
structures in certificates; see
.Xr X509_VAL_new 3 .
They are also used for certificate revocation lists; see
.Xr X509_CRL_INFO_new 3 .
When decoding, it accepts either GeneralizedTime or UTCTime.
When encoding, it writes out the time type that is actually passed in.
.Pp
.Fn d2i_ASN1_UINTEGER
is similar to
.Fn d2i_ASN1_INTEGER
except that it ignores the sign bit in the BER encoding and treats
all integers as positive.
It helps to process BER input produced by broken software
that neglects adding a leading NUL content byte where required.
.Sh RETURN VALUES
The
.Fn d2i_*
decoding functions return an
.Vt ASN1_STRING
object or
.Dv NULL
if an error occurs.
.Pp
The
.Fn i2d_*
encoding functions return the number of bytes successfully encoded
or a negative value if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ASN1_STRING_new 3
.Sh STANDARDS
ITU-T Recommendation X.680, also known as ISO/IEC 8824-1:
Information technology - Abstract Syntax Notation One (ASN.1):
Specification of basic notation
.Pp
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Added jni/libressl/man/d2i_ASN1_SEQUENCE_ANY.3.










































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
.\"	$OpenBSD: d2i_ASN1_SEQUENCE_ANY.3,v 1.1 2017/01/04 21:14:26 schwarze Exp $
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 4 2017 $
.Dt D2I_ASN1_SEQUENCE_ANY 3
.Os
.Sh NAME
.Nm d2i_ASN1_SEQUENCE_ANY ,
.Nm i2d_ASN1_SEQUENCE_ANY ,
.Nm d2i_ASN1_SET_ANY ,
.Nm i2d_ASN1_SET_ANY
.Nd decode and encode ASN.1 sequences and sets
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft ASN1_SEQUENCE_ANY *
.Fo d2i_ASN1_SEQUENCE_ANY
.Fa "ASN1_SEQUENCE_ANY **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_SEQUENCE_ANY
.Fa "const ASN1_SEQUENCE_ANY *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ASN1_SEQUENCE_ANY *
.Fo d2i_ASN1_SET_ANY
.Fa "ASN1_SEQUENCE_ANY **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ASN1_SET_ANY
.Fa "const ASN1_SEQUENCE_ANY *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode ASN.1 sequences and sets.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
The type
.Vt ASN1_SEQUENCE_ANY
is defined as
.Vt STACK_OF(ASN1_TYPE) .
Whether such an object represents a sequence or a set is not stored
in the object itself but needs to be remembered separately.
.Pp
Like for
.Xr d2i_ASN1_TYPE 3
and
.Xr i2d_ASN1_TYPE 3 ,
the type of the individual values contained in the sequence or set
is not specified when calling the functions.
It might vary among the members, and it is stored together with
each value in each
.Vt ASN1_TYPE
object contained in the sequence or set.
.Sh RETURN VALUES
.Fn d2i_ASN1_SEQUENCE_ANY
returns an
.Vt ASN1_SEQUENCE_ANY
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_ASN1_SEQUENCE_ANY
returns the number of bytes written or a negative value if an error
occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ASN1_TYPE_new 3
Added jni/libressl/man/d2i_AUTHORITY_KEYID.3.










































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.\"	$OpenBSD: d2i_AUTHORITY_KEYID.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_AUTHORITY_KEYID 3
.Os
.Sh NAME
.Nm d2i_AUTHORITY_KEYID ,
.Nm i2d_AUTHORITY_KEYID
.Nd decode and encode X.509 authority key identifiers
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft AUTHORITY_KEYID *
.Fo d2i_AUTHORITY_KEYID
.Fa "AUTHORITY_KEYID **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_AUTHORITY_KEYID
.Fa "AUTHORITY_KEYID *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
.Fn d2i_AUTHORITY_KEYID
and
.Fn i2d_AUTHORITY_KEYID
decode and encode an ASN.1
.Vt AuthorityKeyIdentifier
structure  defined in RFC 5280 section 4.2.1.1.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Sh RETURN VALUES
.Fn d2i_AUTHORITY_KEYID
returns an
.Vt AUTHORITY_KEYID
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_AUTHORITY_KEYID
returns the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr AUTHORITY_KEYID_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile:
.Bl -dash -compact
.It
section 4.2.1.1: Certificate Extensions: Authority Key Identifier
.It
section 5.2.1: CRL Extensions: Authority Key Identifier
.El
Added jni/libressl/man/d2i_BASIC_CONSTRAINTS.3.




























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
.\"	$OpenBSD: d2i_BASIC_CONSTRAINTS.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_BASIC_CONSTRAINTS 3
.Os
.Sh NAME
.Nm d2i_BASIC_CONSTRAINTS ,
.Nm i2d_BASIC_CONSTRAINTS ,
.Nm d2i_EXTENDED_KEY_USAGE ,
.Nm i2d_EXTENDED_KEY_USAGE
.Nd decode and encode X.509 key usage purposes
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft BASIC_CONSTRAINTS *
.Fo d2i_BASIC_CONSTRAINTS
.Fa "BASIC_CONSTRAINTS **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_BASIC_CONSTRAINTS
.Fa "BASIC_CONSTRAINTS *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft EXTENDED_KEY_USAGE *
.Fo d2i_EXTENDED_KEY_USAGE
.Fa "EXTENDED_KEY_USAGE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_EXTENDED_KEY_USAGE
.Fa "EXTENDED_KEY_USAGE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode data structures describing the
intended purposes that the key contained in an X.509 certificate
is to be used for.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_BASIC_CONSTRAINTS
and
.Fn i2d_BASIC_CONSTRAINTS
decode and encode an ASN.1
.Vt BasicConstraints
structure defined in RFC 5280 section 4.2.1.9.
.Pp
.Fn d2i_EXTENDED_KEY_USAGE
and
.Fn i2d_EXTENDED_KEY_USAGE
decode and encode an ASN.1
.Vt ExtKeyUsageSyntax
structure defined in RFC 5280 section 4.2.1.12.
.Sh RETURN VALUES
.Fn d2i_BASIC_CONSTRAINTS
and
.Fn d2i_EXTENDED_KEY_USAGE
return a
.Vt BASIC_CONSTRAINTS
or
.Vt EXTENDED_KEY_USAGE
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_BASIC_CONSTRAINTS
and
.Fn i2d_EXTENDED_KEY_USAGE
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Changes to jni/libressl/man/d2i_DHparams.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37

38
39
40
41
42
43
44
45
46

47


48
49


50
51







52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73





74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95


96
97
98

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq

.el       .ds Aq '


.\"
.\" If the F register is turned on, we'll generate index entries on stderr for


.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the







.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "d2i_DHparams 3"





.TH d2i_DHparams 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&
\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
\& int i2d_DHparams(DH *a, unsigned char **pp);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the
DHparameter structure described in PKCS#3.
.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
described in the \fId2i_X509\fR\|(3) manual page.


.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fId2i_X509\fR\|(3)

|
>

|
<
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
<
<
<
<
<
|
|
|
|
<
<
|
>
|
|
|
|
<
<
>
|
<
<
|
<
<

<
<
>
|
>
>

<
>
>
|
|
>
>
>
>
>
>
>
|

<
<
<
|
<
<
<
<
|
|
<
<
<
<
<
|
<
<
<
|
>
>
>
>
>
|
|
|
|
|
|
|
|
<
<
<
<
<
|
|
|
<
|

<
|
|
>
>
|
<
|
>
1
2
3
4

5
6

7
8
9
10
11
12
13
14
15
16
17
18


19







20
21
22
23


24
25
26
27
28
29


30
31


32


33


34
35
36
37
38

39
40
41
42
43
44
45
46
47
48
49
50
51



52




53
54





55



56
57
58
59
60
61
62
63
64
65
66
67
68
69





70
71
72

73
74

75
76
77
78
79

80
81
.\"	$OpenBSD: d2i_DHparams.3,v 1.5 2016/12/10 22:22:59 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and

.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2002, 2015 The OpenSSL Project.  All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"







.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"


.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written


.\"    permission of the OpenSSL Project.


.\"


.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"

.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"



.Dd $Mdocdate: December 10 2016 $




.Dt D2I_DHPARAMS 3
.Os





.Sh NAME



.Nm d2i_DHparams ,
.Nm i2d_DHparams
.Nd PKCS#3 DH parameter functions
.Sh SYNOPSIS
.In openssl/dh.h
.Ft DH *
.Fo d2i_DHparams
.Fa "DH **a"
.Fa "unsigned char **pp"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DHparams
.Fa "DH *a"





.Fa "unsigned char **pp"
.Fc
.Sh DESCRIPTION

These functions decode and encode PKCS#3 DH parameters using the
DHparameter structure described in PKCS#3.

They otherwise behave in a way similar to
.Xr d2i_X509 3
and
.Xr i2d_X509 3 .
.Sh SEE ALSO

.Xr d2i_X509 3 ,
.Xr DH_new 3
Added jni/libressl/man/d2i_DIST_POINT.3.


































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
.\"	$OpenBSD: d2i_DIST_POINT.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_DIST_POINT 3
.Os
.Sh NAME
.Nm d2i_DIST_POINT ,
.Nm i2d_DIST_POINT ,
.Nm d2i_CRL_DIST_POINTS ,
.Nm i2d_CRL_DIST_POINTS ,
.Nm d2i_DIST_POINT_NAME ,
.Nm i2d_DIST_POINT_NAME ,
.Nm d2i_ISSUING_DIST_POINT ,
.Nm i2d_ISSUING_DIST_POINT ,
.Nm d2i_ACCESS_DESCRIPTION ,
.Nm i2d_ACCESS_DESCRIPTION ,
.Nm d2i_AUTHORITY_INFO_ACCESS ,
.Nm i2d_AUTHORITY_INFO_ACCESS
.Nd decode and encode X.509 data access extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft DIST_POINT *
.Fo d2i_DIST_POINT
.Fa "DIST_POINT_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DIST_POINT
.Fa "DIST_POINT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft CRL_DIST_POINTS *
.Fo d2i_CRL_DIST_POINTS
.Fa "CRL_DIST_POINTS_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_CRL_DIST_POINTS
.Fa "CRL_DIST_POINTS *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft DIST_POINT_NAME *
.Fo d2i_DIST_POINT_NAME
.Fa "DIST_POINT_NAME_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DIST_POINT_NAME
.Fa "DIST_POINT_NAME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ISSUING_DIST_POINT *
.Fo d2i_ISSUING_DIST_POINT
.Fa "ISSUING_DIST_POINT_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ISSUING_DIST_POINT
.Fa "ISSUING_DIST_POINT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ACCESS_DESCRIPTION *
.Fo d2i_ACCESS_DESCRIPTION
.Fa "ACCESS_DESCRIPTION_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ACCESS_DESCRIPTION
.Fa "ACCESS_DESCRIPTION *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft AUTHORITY_INFO_ACCESS *
.Fo d2i_AUTHORITY_INFO_ACCESS
.Fa "AUTHORITY_INFO_ACCESS_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_AUTHORITY_INFO_ACCESS
.Fa "AUTHORITY_INFO_ACCESS *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode X.509 extensions that communicate
where to retrieve additional information online.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_DIST_POINT
and
.Fn i2d_DIST_POINT
decode and encode an ASN.1
.Vt DistributionPoint
structure defined in RFC 5280 section 4.2.1.13.
.Pp
.Fn d2i_CRL_DIST_POINTS
and
.Fn i2d_CRL_DIST_POINTS
decode and encode an ASN.1
.Vt CRLDistributionPoints
structure defined in RFC 5280 section 4.2.1.13.
.Pp
.Fn d2i_DIST_POINT_NAME
and
.Fn i2d_DIST_POINT_NAME
decode and encode an ASN.1
.Vt DistributionPointName
structure defined in RFC 5280 section 4.2.1.13.
.Pp
.Fn d2i_ISSUING_DIST_POINT
and
.Fn i2d_ISSUING_DIST_POINT
decode and encode an ASN.1
.Vt IssuingDistributionPoint
structure defined in RFC 5280 section 5.2.5.
.Pp
.Fn d2i_ACCESS_DESCRIPTION
and
.Fn i2d_ACCESS_DESCRIPTION
decode and encode an ASN.1
.Vt AccessDescription
structure defined in RFC 5280 section 4.2.2.1.
.Pp
.Fn d2i_AUTHORITY_INFO_ACCESS
and
.Fn i2d_AUTHORITY_INFO_ACCESS
decode and encode an ASN.1
.Vt AuthorityInfoAccessSyntax
structure defined in RFC 5280 section 4.2.2.1.
.Sh RETURN VALUES
.Fn d2i_DIST_POINT ,
.Fn d2i_CRL_DIST_POINTS ,
.Fn d2i_DIST_POINT_NAME ,
.Fn d2i_ISSUING_DIST_POINT ,
.Fn d2i_ACCESS_DESCRIPTION ,
and
.Fn d2i_AUTHORITY_INFO_ACCESS
return an object of the respective type or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_DIST_POINT ,
.Fn i2d_CRL_DIST_POINTS ,
.Fn i2d_DIST_POINT_NAME ,
.Fn i2d_ISSUING_DIST_POINT ,
.Fn i2d_ACCESS_DESCRIPTION ,
and
.Fn i2d_AUTHORITY_INFO_ACCESS
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ACCESS_DESCRIPTION_new 3 ,
.Xr ASN1_item_d2i 3 ,
.Xr DIST_POINT_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Changes to jni/libressl/man/d2i_DSAPublicKey.3.
1

2


3
4
5
6
7
8


9
10


11




12




13



14
15



16




17
18
19
20
21




22






23
24
25


26

27

28
29
30

31
32


33

34
35
36



37
38

39



40

41



42
43




44
45




46
47
48
49
50
51
52



53
54




55




56




57
58
59
60



61
62





63

64
65
66
67
68
69
70


71
72
73
74
75
76
77




78
79
80




81


82
83



84
85
86
87
88







89
90














91
92


93
94

95
96


















97
98

99
100
101
102





103
104
105
106
107



108
109
110
111


112
113



114
115

116


















117







118
119
120
121

122
123

124



125
126
127


128




129
130

131
132
133
134
135











136
137
138
139
140
141
142
143






144
145
146



147


148

149



150














.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..


.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R



.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and




.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,






.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'


.ie n \{\

.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""
.    ds R" ""


.    ds C` ""

.    ds C' ""
'br\}
.el\{\



.    ds -- \|\(em\|
.    ds PI \(*p

.    ds L" ``



.    ds R" ''

.    ds C`



.    ds C'
'br\}




.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.




.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.



.\"
.\" Avoid warning from groff about undefined register 'F'.




.de IX




..




.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{



.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"





..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF


.\" ========================================================================
.\"
.IX Title "d2i_DSAPublicKey 3"
.TH d2i_DSAPublicKey 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l




.nh
.SH "NAME"
d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,




d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSAparams, i2d_DSAparams, d2i_DSA_SIG, i2d_DSA_SIG \- DSA key encoding


and parsing functions.
.SH "SYNOPSIS"



.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/dsa.h>
\& #include <openssl/x509.h>
\&







\& DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
\&














\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
\&


\& DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
\&

\& int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
\&


















\& DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
\&

\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
\&
\& DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
\&





\& int i2d_DSAparams(const DSA *a, unsigned char **pp);
\&
\& DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
\&
\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);



.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fId2i_DSAPublicKey()\fR and \fIi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key


components structure.
.PP



\&\fId2i_DSA_PUBKEY()\fR and \fIi2d_DSA_PUBKEY()\fR decode and encode an \s-1DSA\s0 public key using
a SubjectPublicKeyInfo (certificate public key) structure.

.PP


















\&\fId2i_DSAPrivateKey()\fR, \fIi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key







components.
.PP
\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using
a \fBDss-Parms\fR structure as defined in \s-1RFC2459.\s0

.PP
\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a

\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459.\s0



.PP
The usage of all of these functions is similar to the \fId2i_X509()\fR and
\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page.


.SH "NOTES"




.IX Header "NOTES"
The \fB\s-1DSA\s0\fR structure passed to the private key encoding functions should have

all the private key components present.
.PP
The data encoded by the private key functions is unencrypted and therefore
offers no private key security.
.PP











The \fB\s-1DSA_PUBKEY\s0\fR functions should be used in preference to the \fBDSAPublicKey\fR
functions when encoding public keys because they use a standard format.
.PP
The \fBDSAPublicKey\fR functions use an non standard format the actual data encoded
depends on the value of the \fBwrite_params\fR field of the \fBa\fR key parameter.
If \fBwrite_params\fR is zero then only the \fBpub_key\fR field is encoded as an
\&\fB\s-1INTEGER\s0\fR. If \fBwrite_params\fR is 1 then a \fB\s-1SEQUENCE\s0\fR consisting of the
\&\fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR respectively fields are encoded.






.PP
The \fBDSAPrivateKey\fR functions also use a non standard structure consisting
consisting of a \s-1SEQUENCE\s0 containing the \fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR and



\&\fBpriv_key\fR fields respectively.


.SH "SEE ALSO"

.IX Header "SEE ALSO"



\&\fId2i_X509\fR\|(3)














|
>

>
>
|
<
<
<
<
|
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
|
>
>
>
|
>
>
>
>
|
<
<
<
<
>
>
>
>
|
>
>
>
>
>
>
|
|
<
>
>
|
>
|
>
|
<
<
>
|
|
>
>
|
>
|
<
<
>
>
>
|
|
>
|
>
>
>
|
>
|
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
<
|
<
<
<
|
>
>
>
|
<
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
<
|
>
>
>
|
<
>
>
>
>
>
|
>
|
|
|
<
<
|
|
>
>
|
|
|
|
|
|
|
>
>
>
>
|
|
|
>
>
>
>
|
>
>
|
|
>
>
>
|
|
<
<
<
>
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
|
<
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
|
<
<
<
>
>
>
>
>
|
<
|
<
|
>
>
>
|
<
<
<
>
>
|
|
>
>
>
|
<
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
|
|
<
>
|
|
>
|
>
>
>
|
<
<
>
>
|
>
>
>
>
|
<
>
|
|
<
|
|
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
>
>
>
>
>
|
<
<
>
>
>
|
>
>
|
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6




7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38




39
40
41
42
43
44
45
46
47
48
49
50
51

52
53
54
55
56
57
58


59
60
61
62
63
64
65
66


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

84
85
86
87
88

89
90
91
92
93

94



95
96
97
98
99

100
101
102
103
104
105
106
107
108
109
110
111
112
113
114


115
116
117
118
119

120
121
122
123
124
125
126
127
128
129


130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161



162
163
164
165
166
167
168
169

170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

185
186
187

188
189

190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

209
210



211
212
213
214
215
216

217

218
219
220
221
222



223
224
225
226
227
228
229
230

231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261

262
263
264
265
266
267
268
269
270


271
272
273
274
275
276
277
278

279
280
281

282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309


310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
.\"	$OpenBSD: d2i_DSAPublicKey.3,v 1.8 2016/12/25 14:38:55 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2003, 2013, 2015, 2016 The OpenSSL Project.
.\" All rights reserved.




.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"




.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 25 2016 $
.Dt D2I_DSAPUBLICKEY 3
.Os
.Sh NAME
.Nm d2i_DSAPublicKey ,
.Nm i2d_DSAPublicKey ,
.Nm d2i_DSA_PUBKEY ,


.Nm i2d_DSA_PUBKEY ,
.Nm d2i_DSA_PUBKEY_bio ,
.Nm d2i_DSA_PUBKEY_fp ,
.Nm i2d_DSA_PUBKEY_bio ,
.Nm i2d_DSA_PUBKEY_fp ,
.Nm d2i_DSAPrivateKey ,
.Nm i2d_DSAPrivateKey ,
.Nm d2i_DSAPrivateKey_bio ,


.Nm d2i_DSAPrivateKey_fp ,
.Nm i2d_DSAPrivateKey_bio ,
.Nm i2d_DSAPrivateKey_fp ,
.Nm d2i_DSAparams ,
.Nm i2d_DSAparams ,
.Nm DSAparams_dup ,
.Nm d2i_DSA_SIG ,
.Nm i2d_DSA_SIG
.Nd decode and encode DSA keys
.Sh SYNOPSIS
.In openssl/dsa.h
.Ft DSA *
.Fo d2i_DSAPublicKey
.Fa "DSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc

.Ft int
.Fo i2d_DSAPublicKey
.Fa "const DSA *val_in"
.Fa "unsigned char **der_out"
.Fc

.Ft DSA *
.Fo d2i_DSA_PUBKEY
.Fa "DSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"

.Fc



.Ft int
.Fo i2d_DSA_PUBKEY
.Fa "const DSA *val_in"
.Fa "unsigned char **der_out"
.Fc

.Ft DSA *
.Fo d2i_DSA_PUBKEY_bio
.Fa "BIO *in_bio"
.Fa "DSA **val_out"
.Fc
.Ft DSA *
.Fo d2i_DSA_PUBKEY_fp
.Fa "FILE *in_fp"
.Fa "DSA **val_out"
.Fc
.Ft int
.Fo i2d_DSA_PUBKEY_bio
.Fa "BIO *out_bio"
.Fa "DSA *val_in"
.Fc


.Ft int
.Fo i2d_DSA_PUBKEY_fp
.Fa "FILE *out_fp"
.Fa "DSA *val_in"
.Fc

.Ft DSA *
.Fo d2i_DSAPrivateKey
.Fa "DSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DSAPrivateKey
.Fa "const DSA *val_in"
.Fa "unsigned char **der_out"


.Fc
.Ft DSA *
.Fo d2i_DSAPrivateKey_bio
.Fa "BIO *in_bio"
.Fa "DSA **val_out"
.Fc
.Ft DSA *
.Fo d2i_DSAPrivateKey_fp
.Fa "FILE *in_fp"
.Fa "DSA **val_out"
.Fc
.Ft int
.Fo i2d_DSAPrivateKey_bio
.Fa "BIO *out_bio"
.Fa "DSA *val_in"
.Fc
.Ft int
.Fo i2d_DSAPrivateKey_fp
.Fa "FILE *out_fp"
.Fa "DSA *val_in"
.Fc
.Ft DSA *
.Fo d2i_DSAparams
.Fa "DSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_DSAparams
.Fa "const DSA *val_in"
.Fa "unsigned char **der_out"
.Fc



.Ft DSA *
.Fo DSAparams_dup
.Fa "DSA *val_in"
.Fc
.Ft DSA_SIG *
.Fo d2i_DSA_SIG
.Fa "DSA_SIG **val_out"
.Fa "const unsigned char **der_in"

.Fa "long length"
.Fc
.Ft int
.Fo i2d_DSA_SIG
.Fa "const DSA_SIG *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode DSA keys and parameters.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_DSAPublicKey
and
.Fn i2d_DSAPublicKey

decode and encode the DSA public key components using a non-standard
format, so consider using
.Fn d2i_DSA_PUBKEY

and
.Fn i2d_DSA_PUBKEY

instead.
The actual data encoded depends on the value of
.Fa val_in->write_params .
If
.Fa val_in->write_params
is zero, only the
.Fa val_in->pub_key
field is encoded as an ASN.1 INTEGER.
If
.Fa val_in->write_params
is 1, then a SEQUENCE consisting of the
.Fa val_in->p ,
.Fa val_in->q ,
.Fa val_in->g ,
and
.Fa val_in->pub_key
fields is encoded.
.Pp
.Fn d2i_DSA_PUBKEY

and
.Fn i2d_DSA_PUBKEY



decode and encode a DSA public key using an ASN.1
.Vt SubjectPublicKeyInfo
structure defined in RFC 5280 section 4.1
and documented in
.Xr X509_PUBKEY_new 3 .
.Fn d2i_DSA_PUBKEY_bio ,

.Fn d2i_DSA_PUBKEY_fp ,

.Fn i2d_DSA_PUBKEY_bio ,
and
.Fn i2d_DSA_PUBKEY_fp
are similar except that they decode or encode using a
.Vt BIO



or
.Vt FILE
pointer.
.Pp
.Fn d2i_DSAPrivateKey
and
.Fn i2d_DSAPrivateKey
decode and encode the DSA private key components.

The
.Vt DSA
object passed to the private key encoding functions should have all
the private key components present.
These functions use a non-standard structure consisting of a
SEQUENCE containing the
.Fa val_in->p ,
.Fa val_in->q ,
.Fa val_in->g ,
.Fa val_in->pub_key ,
and
.Fa val_in->priv_key
fields.
This data format is unencrypted.
For private key security when writing private keys to files,
consider using
.Xr PEM_write_DSAPrivateKey 3
instead.
The
.Fn d2i_DSAPrivateKey_bio ,
.Fn d2i_DSAPrivateKey_fp ,
.Fn i2d_DSAPrivateKey_bio ,
and
.Fn i2d_DSAPrivateKey_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_DSAparams

and
.Fn i2d_DSAparams
decode and encode the DSA parameters using an ASN.1
.Vt Dss-Parms
structure defined in RFC 3279 section 2.3.2
and used for the parameters field of the ASN.1
.Vt AlgorithmIdentifier
structure defined in RFC 5280 section 4.1.1.2.
.Pp


.Fn DSAparams_dup
allocates and initializes an empty
.Vt DSA
object and copies the DSA parameters from
.Fa val_in
to it by calling
.Fn i2d_DSAparams
and

.Fn d2i_DSAparams .
If a private or public key are present in
.Fa val_in ,

they are not copied.
.Pp
.Fn d2i_DSA_SIG
and
.Fn i2d_DSA_SIG
decode and encode a DSA signature using an ASN.1
.Vt Dss-Sig-Value
structure as defined in RFC 3279 section 2.2.2
and used for the signatureValue field of the ASN.1
.Vt Certificate
structure described in RFC 5280 sections 4.1.1.3 and 5.1.1.3.
.Sh RETURN VALUES
.Fn d2i_DSAPublicKey ,
.Fn d2i_DSA_PUBKEY ,
.Fn d2i_DSA_PUBKEY_bio ,
.Fn d2i_DSA_PUBKEY_fp ,
.Fn d2i_DSAPrivateKey ,
.Fn d2i_DSAPrivateKey_bio ,
.Fn d2i_DSAPrivateKey_fp ,
.Fn d2i_DSAparams ,
and
.Fn DSAparams_dup
return a valid
.Vt DSA
object or
.Dv NULL
if an error occurs.
.Pp


.Fn d2i_DSA_SIG
returns a valid
.Vt DSA_SIG
object or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr DSA_new 3 ,
.Xr DSA_SIG_new 3 ,
.Xr EVP_PKEY_set1_DSA 3 ,
.Xr PEM_write_DSAPrivateKey 3 ,
.Xr X509_PUBKEY_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.1: Basic Certificate Fields
.Pp
RFC 3279: Algorithms and Identifiers for the Internet X.509 Public
Key Infrastructure Certificate and Certificate Revocation List (CRL)
Profile:
.Bl -dash -compact
.It
section 2.2.2: DSA Signature Algorithm
.It
section 2.3.2: DSA Signature Keys
.El
Changes to jni/libressl/man/d2i_ECPKParameters.3.
1

2


3
4
5

6



7







8





9
10


11




12




13



14
15



16




17
18
19
20
21
22








23
24
25


26

27





28
29
30
31

32











33



34
35


36


37



38




39




40




41




42
43




44
45




46
47




48
49
50
51










52



53
54




55




56




57
58
59
60



61
62





63
64
65
66



67
68




69





70
71




72

73





74
75
76


77





78




79
80







81
82
83
84
85
86




87
88



89

90

91
92
93
94

95

96
97


98




99




100
101
102
103
104
105
106
107
108
109
110
111
112
113


114














115













116












117
118
119
120
121




122






123
124


125





126


127


128




129


130







131
132
133
134
135
136


137
138
139
140
141






142



143
144






145
146
147





148





149
150
151
152

153



154









.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"


.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)

.if t .sp .5v



.if n .sp







..





.de Vb \" Begin verbatim text
.ft CW


.nf




.ne \\$1




..



.de Ve \" End verbatim text
.ft R



.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,








.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'


.ie n \{\

.    ds -- \(*W-





.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""

.    ds R" ""











.    ds C` ""



.    ds C' ""
'br\}


.el\{\


.    ds -- \|\(em\|



.    ds PI \(*p




.    ds L" ``




.    ds R" ''




.    ds C`




.    ds C'
'br\}




.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.




.ie \n(.g .ds Aq \(aq
.el       .ds Aq '




.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the










.\" output yourself in some meaningful fashion.



.\"
.\" Avoid warning from groff about undefined register 'F'.




.de IX




..




.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{



.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"





..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2



.        \}
.    \}




.\}





.rr rF
.\" ========================================================================




.\"

.IX Title "d2i_ECPKParameters 3"





.TH d2i_ECPKParameters 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.


.if n .ad l





.nh




.SH "NAME"
d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp, ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities







.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ec.h>
\&
\& EC_GROUP *d2i_ECPKParameters(EC_GROUP **px, const unsigned char **in, long len);




\& int i2d_ECPKParameters(const EC_GROUP *x, unsigned char **out);
\& #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)



\& #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)

\& #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \e

\&                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
\& #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \e
\&                (unsigned char *)(x))
\& int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);

\& int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);

.Ve
.SH "DESCRIPTION"


.IX Header "DESCRIPTION"




The ECPKParameters encode and decode routines encode and parse the public parameters for an




\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve.
.PP
\&\fId2i_ECPKParameters()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If 
successful a pointer to the \fB\s-1EC_GROUP\s0\fR structure is returned. If an error
occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the
returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR
then it is assumed that \fB*px\fR contains a valid \fB\s-1EC_GROUP\s0\fR
structure and an attempt is made to reuse it. If the call is
successful \fB*in\fR is incremented to the byte following the
parsed data.
.PP
\&\fIi2d_ECPKParameters()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format.
If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer
at \fB*out\fR, and increments it to point after the data just written.


If the return value is negative an error occurred, otherwise it














returns the length of the encoded data.













.PP












If \fB*out\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded
data written to it. In this case \fB*out\fR is not incremented and it points to
the start of the data just written.
.PP
\&\fId2i_ECPKParameters_bio()\fR is similar to \fId2i_ECPKParameters()\fR except it attempts




to parse data from \s-1BIO \s0\fBbp\fR.






.PP
\&\fId2i_ECPKParameters_fp()\fR is similar to \fId2i_ECPKParameters()\fR except it attempts


to parse data from \s-1FILE\s0 pointer \fBfp\fR.





.PP


\&\fIi2d_ECPKParameters_bio()\fR is similar to \fIi2d_ECPKParameters()\fR except it writes


the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it




returns 1 for success and 0 for failure.


.PP







\&\fIi2d_ECPKParameters_fp()\fR is similar to \fIi2d_ECPKParameters()\fR except it writes
the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
These functions are very similar to the X509 functions described in \fId2i_X509\fR\|(3),
where further notes and examples are available.


.PP
The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output
of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR or \fBfp\fR. The output lines are indented by \fBoff\fR spaces.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"






\&\fId2i_ECPKParameters()\fR, \fId2i_ECPKParameters_bio()\fR and \fId2i_ECPKParameters_fp()\fR return a valid \fB\s-1EC_GROUP\s0\fR structure



or \fB\s-1NULL\s0\fR if an error occurs.
.PP






\&\fIi2d_ECPKParameters()\fR returns the number of bytes successfully encoded or a negative
value if an error occurs.
.PP





\&\fIi2d_ECPKParameters_bio()\fR, \fIi2d_ECPKParameters_fp()\fR, ECPKParameters_print and ECPKParameters_print_fp





return 1 for success and 0 if an error occurs.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),

\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),



\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_X509\fR\|(3)









|
>

>
>
|
<
<
>
|
>
>
>
|
>
>
>
>
>
>
>
|
>
>
>
>
>
|
|
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
|
|
>
>
>
|
>
>
>
>
|
<
<
|
|
|
>
>
>
>
>
>
>
>
|
|
<
>
>
|
>
|
>
>
>
>
>
|
<
<
|
>
|
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
|
<
>
>
|
>
>
|
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
>
>
>
>
|
<
>
>
>
>
|
|
>
>
>
>
|
<
<
<
>
>
>
>
>
>
>
>
>
>
|
>
>
>
|
<
>
>
>
>
|
>
>
>
>
|
>
>
>
>
|
<
<
|
>
>
>
|
<
>
>
>
>
>
|
|
<
<
>
>
>
|
|
>
>
>
>
|
>
>
>
>
>
|
<
>
>
>
>
|
>
|
>
>
>
>
>
|
<
<
>
>
|
>
>
>
>
>
|
>
>
>
>
|
<
>
>
>
>
>
>
>
|
|
|
|
<
|
>
>
>
>
|
<
>
>
>
|
>
|
>
|
|
<
|
>
|
>
|
<
>
>
|
>
>
>
>
|
>
>
>
>
|
|
|
|
|
|
|
|
|
<
|
|
<
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
<
|
|
>
>
>
>
|
>
>
>
>
>
>
|
|
>
>
|
>
>
>
>
>
|
>
>
|
>
>
|
>
>
>
>
|
>
>
|
>
>
>
>
>
>
>
|
<
|
|
<
|
>
>
|
|
|
|
|
>
>
>
>
>
>
|
>
>
>
|
|
>
>
>
>
>
>
|
|
|
>
>
>
>
>
|
>
>
>
>
>
|
|
|
|
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54


55
56
57
58
59
60
61
62
63
64
65
66
67

68
69
70
71
72
73
74
75
76
77
78


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

128
129
130
131
132

133
134
135
136
137
138
139
140
141
142
143



144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

159
160
161
162
163
164
165
166
167
168
169
170
171
172
173


174
175
176
177
178

179
180
181
182
183
184
185


186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

202
203
204
205
206
207
208
209
210
211
212
213
214


215
216
217
218
219
220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237
238
239

240
241
242
243
244
245

246
247
248
249
250
251
252
253
254

255
256
257
258
259

260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280

281
282

283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329

330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375

376
377

378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
.\"	$OpenBSD: d2i_ECPKParameters.3,v 1.9 2016/12/25 18:39:35 schwarze Exp $
.\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"


.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2013, 2015 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"


.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 25 2016 $
.Dt D2I_ECPKPARAMETERS 3
.Os
.Sh NAME
.Nm d2i_ECPKParameters ,
.Nm i2d_ECPKParameters ,
.Nm d2i_ECPKParameters_bio ,
.Nm i2d_ECPKParameters_bio ,
.Nm d2i_ECPKParameters_fp ,
.Nm i2d_ECPKParameters_fp ,
.Nm d2i_ECParameters ,


.Nm i2d_ECParameters ,
.Nm ECParameters_dup ,
.Nm d2i_ECPrivateKey ,
.Nm i2d_ECPrivateKey ,
.Nm d2i_ECPrivateKey_bio ,
.Nm i2d_ECPrivateKey_bio ,
.Nm d2i_ECPrivateKey_fp ,
.Nm i2d_ECPrivateKey_fp ,
.Nm o2i_ECPublicKey ,
.Nm i2o_ECPublicKey ,
.Nm ECPKParameters_print ,
.Nm ECPKParameters_print_fp ,
.Nm ECParameters_print ,
.Nm ECParameters_print_fp ,
.Nm d2i_EC_PUBKEY ,
.Nm i2d_EC_PUBKEY ,
.Nm d2i_EC_PUBKEY_bio ,
.Nm i2d_EC_PUBKEY_bio ,
.Nm d2i_EC_PUBKEY_fp ,

.Nm i2d_EC_PUBKEY_fp
.Nd decode and encode ASN.1 representations of elliptic curve entities
.Sh SYNOPSIS
.In openssl/ec.h
.Ft EC_GROUP *
.Fo d2i_ECPKParameters
.Fa "EC_GROUP **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ECPKParameters
.Fa "const EC_GROUP *val_in"
.Fa "unsigned char **des_out"
.Fc
.Ft EC_GROUP *
.Fo d2i_ECPKParameters_bio
.Fa "BIO *in_bio"
.Fa "EC_GROUP **val_out"
.Fc
.Ft int
.Fo i2d_ECPKParameters_bio
.Fa "BIO *out_bio"
.Fa "EC_GROUP *val_in"
.Fc
.Ft EC_GROUP *
.Fo d2i_ECPKParameters_fp
.Fa "FILE *in_fp"
.Fa "EC_GROUP **val_out"
.Fc

.Ft int
.Fo i2d_ECPKParameters_fp
.Fa "FILE *out_fp"
.Fa "EC_GROUP *val_in"
.Fc

.Ft EC_KEY *
.Fo d2i_ECParameters
.Fa "EC_KEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ECParameters
.Fa "EC_KEY *val_in"
.Fa "unsigned char **des_out"
.Fc



.Ft EC_KEY *
.Fo ECParameters_dup
.Fa "EC_KEY *val_in"
.Fc
.Ft EC_KEY *
.Fo d2i_ECPrivateKey
.Fa "EC_KEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ECPrivateKey
.Fa "EC_KEY *val_in"
.Fa "unsigned char **des_out"
.Fc

.Ft EC_KEY *
.Fo d2i_ECPrivateKey_bio
.Fa "BIO *in_bio"
.Fa "EC_KEY **val_out"
.Fc
.Ft int
.Fo i2d_ECPrivateKey_bio
.Fa "BIO *out_bio"
.Fa "EC_KEY *val_in"
.Fc
.Ft EC_KEY *
.Fo d2i_ECPrivateKey_fp
.Fa "FILE *in_fp"
.Fa "EC_KEY **val_out"
.Fc


.Ft int
.Fo i2d_ECPKPrivateKey_fp
.Fa "FILE *out_fp"
.Fa "EC_KEY *val_in"
.Fc

.Ft EC_KEY *
.Fo o2i_ECPublicKey
.Fa "EC_KEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int


.Fo i2o_ECPublicKey
.Fa "EC_KEY *val_in"
.Fa "unsigned char **des_out"
.Fc
.Ft int
.Fo ECPKParameters_print
.Fa "BIO *out_bio"
.Fa "const EC_GROUP *val_in"
.Fa "int indent"
.Fc
.Ft int
.Fo ECPKParameters_print_fp
.Fa "FILE *out_fp"
.Fa "const EC_GROUP *val_in"
.Fa "int indent"
.Fc

.Ft int
.Fo ECParameters_print
.Fa "BIO *out_bio"
.Fa "const EC_KEY *val_in"
.Fc
.Ft int
.Fo ECParameters_print_fp
.Fa "FILE *out_fp"
.Fa "const EC_KEY *val_in"
.Fc
.In openssl/x509.h
.Ft EC_KEY *
.Fo d2i_EC_PUBKEY


.Fa "EC_KEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_EC_PUBKEY
.Fa "EC_KEY *val_in"
.Fa "unsigned char **des_out"
.Fc
.Ft EC_KEY *
.Fo d2i_EC_PUBKEY_bio
.Fa "BIO *in_bio"
.Fa "EC_KEY **val_out"
.Fc

.Ft int
.Fo i2d_EC_PUBKEY_bio
.Fa "BIO *out_bio"
.Fa "EC_KEY *val_in"
.Fc
.Ft EC_KEY *
.Fo d2i_EC_PUBKEY_fp
.Fa "FILE *in_fp"
.Fa "EC_KEY **val_out"
.Fc
.Ft int

.Fo i2d_ECPK_PUBKEY_fp
.Fa "FILE *out_fp"
.Fa "EC_KEY *val_in"
.Fc
.Sh DESCRIPTION
These functions decode and encode elliptic curve keys and parameters.

For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_ECPKParameters
and
.Fn i2d_ECPKParameters
decode and encode the parameters of an elliptic curve.
.Fn d2i_ECPKParameters_bio ,
.Fn i2d_ECPKParameters_bio ,

.Fn d2i_ECPKParameters_fp ,
and
.Fn i2d_ECPKParameters_fp
are similar except that they decode or encode using a
.Vt BIO

or
.Vt FILE
pointer.
These four functions are currently implemented as macros.
.Pp
.Fn d2i_ECParameters
does the same parsing as
.Fn d2i_ECPKParameters
but saves the result in the
.Fa group
field of an
.Vt EC_KEY
structure.
.Pp
.Fn i2d_ECParameters
produces the same output as
.Fn i2d_ECPKParameters
but uses
.Fa val_in->group
for input instead of
.Fa val_in .

.Pp
.Fn ECParameters_dup

allocates and initializes an empty
.Vt EC_KEY
object and copies the EC parameters from
.Fa val_in
to it by calling
.Fn i2d_ECParameters
and
.Fn d2i_ECParameters .
If a private or public key or any flags are present in
.Fa val_in ,
they are not copied.
.Pp
.Fn d2i_ECPrivateKey
and
.Fn i2d_ECPrivateKey
decode and encode an EC private key using an ASN.1
.Vt ECPrivateKey
structure defined in RFC 5915 section 3 and used for the privateKey
field of the ASN.1
.Vt PrivateKeyInfo
structure defined in RFC 5208 section 5, see
.Xr PKCS8_PRIV_KEY_INFO_new 3 .
.Fn d2i_ECPrivateKey_bio ,
.Fn i2d_ECPrivateKey_bio ,
.Fn d2i_ECPrivateKey_fp ,
and
.Fn i2d_ECPrivateKey_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn o2i_ECPublicKey
and
.Fn i2o_ECPublicKey
decode and encode an EC public key.
In contrast to
.Xr ASN1_item_d2i 3 ,
.Fn o2i_ECPublicKey
requires
.Fa val_out ,
.Pf * Fa val_out ,
and
.Po Pf * Fa val_out Pc Ns -> Ns Fa group
to be
.Pf non- Dv NULL .

.Pp
.Fn ECPKParameters_print
and
.Fn ECPKParameters_print_fp
print human-readable output of the public parameters of the
.Vt EC_GROUP
to
.Fa out_bio
or
.Fa out_fp .
The output lines are indented by
.Fa indent
spaces.
.Pp
.Fn ECParameters_print
and
.Fn ECParameters_print_fp
print the parameter components of
.Fa val_in
to
.Fa out_bio
or
.Fa out_fp .
.Pp
.Fn d2i_EC_PUBKEY
and
.Fn i2d_EC_PUBKEY
decode and encode an EC public key using an ASN.1
.Vt SubjectPublicKeyInfo
structure defined in RFC 5280 section 4.1 and documented in
.Xr X509_PUBKEY_new 3 .
.Fn d2i_EC_PUBKEY_bio ,
.Fn i2d_EC_PUBKEY_bio ,
.Fn d2i_EC_PUBKEY_fp ,
and
.Fn i2d_EC_PUBKEY_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Sh RETURN VALUES
.Fn d2i_ECPKParameters ,
.Fn d2i_ECPKParameters_bio ,
and
.Fn d2i_ECPKParameters_fp

return a valid
.Vt EC_GROUP

structure or
.Dv NULL
if an error occurs.
.Pp
.Fn d2i_ECParameters ,
.Fn ECParameters_dup ,
.Fn d2i_ECPrivateKey ,
.Fn d2i_ECPrivateKey_bio ,
.Fn d2i_ECPrivateKey_fp ,
.Fn o2i_ECPublicKey ,
.Fn d2i_EC_PUBKEY ,
.Fn d2i_EC_PUBKEY_bio ,
and
.Fn d2i_EC_PUBKEY_fp
return a valid
.Vt EC_KEY
structure or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_ECPKParameters ,
.Fn i2d_ECParameters ,
.Fn i2d_ECPrivateKey ,
.Fn i2o_ECPublicKey ,
and
.Fn i2d_EC_PUBKEY
return the number of bytes successfully encoded or a negative value if
an error occurs.
.Pp
.Fn i2d_ECPKParameters_bio ,
.Fn i2d_ECPKParameters_fp ,
.Fn i2d_ECPrivateKey_bio ,
.Fn i2d_ECPKPrivateKey_fp ,
.Fn ECPKParameters_print ,
.Fn ECPKParameters_print_fp ,
.Fn ECParameters_print ,
.Fn ECParameters_print_fp ,
.Fn i2d_EC_PUBKEY_bio ,
and
.Fn i2d_ECPK_PUBKEY_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr EC_GROUP_copy 3 ,
.Xr EC_GROUP_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr EVP_PKEY_set1_EC_KEY 3 ,
.Xr PEM_write_ECPrivateKey 3 ,
.Xr PKCS8_PRIV_KEY_INFO_new 3 ,
.Xr X509_PUBKEY_new 3
.Sh STANDARDS
RFC 5915: Elliptic Curve Private Key Structure
.Pp
RFC 5208: Public-Key Cryptography Standards (PKCS) #8:
Private-Key Information Syntax Specification
.Pp
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.1: Basic Certificate Fields
Added jni/libressl/man/d2i_ESS_SIGNING_CERT.3.




































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
.\"	$OpenBSD: d2i_ESS_SIGNING_CERT.3,v 1.1 2016/12/27 20:56:18 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 27 2016 $
.Dt D2I_ESS_SIGNING_CERT 3
.Os
.Sh NAME
.Nm d2i_ESS_SIGNING_CERT ,
.Nm i2d_ESS_SIGNING_CERT ,
.Nm d2i_ESS_CERT_ID ,
.Nm i2d_ESS_CERT_ID ,
.Nm d2i_ESS_ISSUER_SERIAL ,
.Nm i2d_ESS_ISSUER_SERIAL
.Nd decode and encode signing certificates for S/MIME
.Sh SYNOPSIS
.In openssl/ts.h
.Ft ESS_SIGNING_CERT *
.Fo d2i_ESS_SIGNING_CERT
.Fa "ESS_SIGNING_CERT **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ESS_SIGNING_CERT
.Fa "const ESS_SIGNING_CERT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ESS_CERT_ID *
.Fo d2i_ESS_CERT_ID
.Fa "ESS_CERT_ID **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ESS_CERT_ID
.Fa "const ESS_CERT_ID *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft ESS_ISSUER_SERIAL *
.Fo d2i_ESS_ISSUER_SERIAL
.Fa "ESS_ISSUER_SERIAL **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_ESS_ISSUER_SERIAL
.Fa "const ESS_ISSUER_SERIAL *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode signing certificate attribute
structures.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_ESS_SIGNING_CERT
and
.Fn i2d_ESS_SIGNING_CERT
decode and encode an ASN.1
.Vt SigningCertificate
structure defined in RFC 2634 section 5.4.
.Pp
.Fn d2i_ESS_CERT_ID
and
.Fn i2d_ESS_CERT_ID
decode and encode an ASN.1
.Vt ESSCertID
structure defined in RFC 2634 section 5.4.1.
.Pp
.Fn d2i_ESS_ISSUER_SERIAL
and
.Fn i2d_ESS_ISSUER_SERIAL
decode and encode an ASN.1
.Vt IssuerSerial
structure defined in RFC 2634 section 5.4.1.
.Sh RETURN VALUES
.Fn d2i_ESS_SIGNING_CERT ,
.Fn d2i_ESS_CERT_ID ,
and
.Fn d2i_ESS_ISSUER_SERIAL
return an
.Vt ESS_SIGNING_CERT ,
.Vt ESS_CERT_ID ,
or
.Vt ESS_ISSUER_SERIAL
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_ESS_SIGNING_CERT ,
.Fn i2d_ESS_CERT_ID ,
and
.Fn i2d_ESS_ISSUER_SERIAL
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ESS_SIGNING_CERT_new 3
.Sh STANDARDS
RFC 2634: Enhanced Security Services for S/MIME,
section 5: Signing Certificate Attribute
Added jni/libressl/man/d2i_GENERAL_NAME.3.
























































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
.\"	$OpenBSD: d2i_GENERAL_NAME.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_GENERAL_NAME 3
.Os
.Sh NAME
.Nm d2i_GENERAL_NAME ,
.Nm i2d_GENERAL_NAME ,
.Nm d2i_GENERAL_NAMES ,
.Nm i2d_GENERAL_NAMES ,
.Nm d2i_EDIPARTYNAME ,
.Nm i2d_EDIPARTYNAME ,
.Nm d2i_OTHERNAME ,
.Nm i2d_OTHERNAME
.Nd decode and encode names for use in X.509 extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft GENERAL_NAME *
.Fo d2i_GENERAL_NAME
.Fa "GENERAL_NAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_GENERAL_NAME
.Fa "GENERAL_NAME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft GENERAL_NAMES *
.Fo d2i_GENERAL_NAMES
.Fa "GENERAL_NAMES **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_GENERAL_NAMES
.Fa "GENERAL_NAMES *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft EDIPARTYNAME *
.Fo d2i_EDIPARTYNAME
.Fa "EDIPARTYNAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_EDIPARTYNAME
.Fa "EDIPARTYNAME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OTHERNAME *
.Fo d2i_OTHERNAME
.Fa "OTHERNAME **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OTHERNAME
.Fa "OTHERNAME *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode names that can be used in X.509
extensions.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_GENERAL_NAME
and
.Fn i2d_GENERAL_NAME
decode and encode an ASN.1
.Vt GeneralName
structure defined in RFC 5280 section 4.2.1.6.
.Pp
.Fn d2i_GENERAL_NAMES
and
.Fn i2d_GENERAL_NAMES
decode and encode an ASN.1
.Vt GeneralNames
structure defined in RFC 5280 section 4.2.1.6.
.Pp
.Fn d2i_EDIPARTYNAME
and
.Fn i2d_EDIPARTYNAME
decode and encode an ASN.1
.Vt EDIPartyName
structure defined in RFC 5280 section 4.2.1.6.
.Pp
.Fn d2i_OTHERNAME
and
.Fn i2d_OTHERNAME
decode and encode an ASN.1
.Vt OtherName
structure defined in RFC 5280 section 4.2.1.6.
.Sh RETURN VALUES
.Fn d2i_GENERAL_NAME ,
.Fn d2i_GENERAL_NAMES ,
.Fn d2i_EDIPARTYNAME ,
and
.Fn d2i_OTHERNAME
return a
.Vt GENERAL_NAME ,
.Vt GENERAL_NAMES ,
.Vt EDIPARTYNAME ,
or
.Vt OTHERNAME
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_GENERAL_NAME ,
.Fn i2d_GENERAL_NAMES ,
.Fn i2d_EDIPARTYNAME ,
and
.Fn i2d_OTHERNAME
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr d2i_X509_NAME 3 ,
.Xr GENERAL_NAME_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.2: Certificate Extensions
Added jni/libressl/man/d2i_OCSP_REQUEST.3.


































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
.\"	$OpenBSD: d2i_OCSP_REQUEST.3,v 1.1 2016/12/27 22:06:55 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 27 2016 $
.Dt D2I_OCSP_REQUEST 3
.Os
.Sh NAME
.Nm d2i_OCSP_REQUEST ,
.Nm i2d_OCSP_REQUEST ,
.Nm d2i_OCSP_SIGNATURE ,
.Nm i2d_OCSP_SIGNATURE ,
.Nm d2i_OCSP_REQINFO ,
.Nm i2d_OCSP_REQINFO ,
.Nm d2i_OCSP_ONEREQ ,
.Nm i2d_OCSP_ONEREQ ,
.Nm d2i_OCSP_CERTID ,
.Nm i2d_OCSP_CERTID ,
.Nm d2i_OCSP_SERVICELOC ,
.Nm i2d_OCSP_SERVICELOC
.Nd decode and encode OCSP requests
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_REQUEST *
.Fo d2i_OCSP_REQUEST
.Fa "OCSP_REQUEST **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_REQUEST
.Fa "OCSP_REQUEST *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_SIGNATURE *
.Fo d2i_OCSP_SIGNATURE
.Fa "OCSP_SIGNATURE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_SIGNATURE
.Fa "OCSP_SIGNATURE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_REQINFO *
.Fo d2i_OCSP_REQINFO
.Fa "OCSP_REQINFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_REQINFO
.Fa "OCSP_REQINFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_ONEREQ *
.Fo d2i_OCSP_ONEREQ
.Fa "OCSP_ONEREQ **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_ONEREQ
.Fa "OCSP_ONEREQ *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_CERTID *
.Fo d2i_OCSP_CERTID
.Fa "OCSP_CERTID **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_CERTID
.Fa "OCSP_CERTID *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_SERVICELOC *
.Fo d2i_OCSP_SERVICELOC
.Fa "OCSP_SERVICELOC **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_SERVICELOC
.Fa "OCSP_SERVICELOC *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
Theses functions decode and encode ASN.1 structures used for OCSP
requests.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_OCSP_REQUEST
and
.Fn i2d_OCSP_REQUEST
decode and encode an ASN.1
.Vt OCSPRequest
structure defined in RFC 6960 section 4.1.1.
.Pp
.Fn d2i_OCSP_SIGNATURE
and
.Fn i2d_OCSP_SIGNATURE
decode and encode an ASN.1
.Vt Signature
structure defined in RFC 6960 section 4.1.1.
.Pp
.Fn d2i_OCSP_REQINFO
and
.Fn i2d_OCSP_REQINFO
decode and encode an ASN.1
.Vt TBSRequest
structure defined in RFC 6960 section 4.1.1.
.Pp
.Fn d2i_OCSP_ONEREQ
and
.Fn i2d_OCSP_ONEREQ
decode and encode an ASN.1
.Vt Request
structure defined in RFC 6960 section 4.1.1.
.Pp
.Fn d2i_OCSP_CERTID
and
.Fn i2d_OCSP_CERTID
decode and encode an ASN.1
.Vt CertID
structure defined in RFC 6960 section 4.1.1.
.Pp
.Fn d2i_OCSP_SERVICELOC
and
.Fn i2d_OCSP_SERVICELOC
decode and encode an ASN.1
.Vt ServiceLocator
structure defined in RFC 6960 section 4.4.6.
.Sh RETURN VALUES
.Fn d2i_OCSP_REQUEST ,
.Fn d2i_OCSP_SIGNATURE ,
.Fn d2i_OCSP_REQINFO ,
.Fn d2i_OCSP_ONEREQ ,
.Fn d2i_OCSP_CERTID ,
and
.Fn d2i_OCSP_SERVICELOC
return an object of the respective type or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_OCSP_REQUEST ,
.Fn i2d_OCSP_SIGNATURE ,
.Fn i2d_OCSP_REQINFO ,
.Fn i2d_OCSP_ONEREQ ,
.Fn i2d_OCSP_CERTID ,
and
.Fn i2d_OCSP_SERVICELOC
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr OCSP_CERTID_new 3 ,
.Xr OCSP_REQUEST_new 3 ,
.Xr OCSP_SERVICELOC_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.1: Request Syntax
Added jni/libressl/man/d2i_OCSP_RESPONSE.3.






































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
.\"	$OpenBSD: d2i_OCSP_RESPONSE.3,v 1.1 2016/12/27 22:06:55 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 27 2016 $
.Dt D2I_OCSP_RESPONSE 3
.Os
.Sh NAME
.Nm d2i_OCSP_RESPONSE ,
.Nm i2d_OCSP_RESPONSE ,
.Nm d2i_OCSP_RESPBYTES ,
.Nm i2d_OCSP_RESPBYTES ,
.Nm d2i_OCSP_BASICRESP ,
.Nm i2d_OCSP_BASICRESP ,
.Nm d2i_OCSP_RESPDATA ,
.Nm i2d_OCSP_RESPDATA ,
.Nm d2i_OCSP_RESPID ,
.Nm i2d_OCSP_RESPID ,
.Nm d2i_OCSP_SINGLERESP ,
.Nm i2d_OCSP_SINGLERESP ,
.Nm d2i_OCSP_CERTSTATUS ,
.Nm i2d_OCSP_CERTSTATUS ,
.Nm d2i_OCSP_REVOKEDINFO ,
.Nm i2d_OCSP_REVOKEDINFO ,
.Nm d2i_OCSP_CRLID ,
.Nm i2d_OCSP_CRLID
.Nd decode and encode OCSP responses
.Sh SYNOPSIS
.In openssl/ocsp.h
.Ft OCSP_RESPONSE *
.Fo d2i_OCSP_RESPONSE
.Fa "OCSP_RESPONSE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_RESPONSE
.Fa "OCSP_RESPONSE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_RESPBYTES *
.Fo d2i_OCSP_RESPBYTES
.Fa "OCSP_RESPBYTES **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_RESPBYTES
.Fa "OCSP_RESPBYTES *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_BASICRESP *
.Fo d2i_OCSP_BASICRESP
.Fa "OCSP_BASICRESP **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_BASICRESP
.Fa "OCSP_BASICRESP *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_RESPDATA *
.Fo d2i_OCSP_RESPDATA
.Fa "OCSP_RESPDATA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_RESPDATA
.Fa "OCSP_RESPDATA *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_RESPID *
.Fo d2i_OCSP_RESPID
.Fa "OCSP_RESPID **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_RESPID
.Fa "OCSP_RESPID *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_SINGLERESP *
.Fo d2i_OCSP_SINGLERESP
.Fa "OCSP_SINGLERESP **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_SINGLERESP
.Fa "OCSP_SINGLERESP *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_CERTSTATUS *
.Fo d2i_OCSP_CERTSTATUS
.Fa "OCSP_CERTSTATUS **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_CERTSTATUS
.Fa "OCSP_CERTSTATUS *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_REVOKEDINFO *
.Fo d2i_OCSP_REVOKEDINFO
.Fa "OCSP_REVOKEDINFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_REVOKEDINFO
.Fa "OCSP_REVOKEDINFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft OCSP_CRLID *
.Fo d2i_OCSP_CRLID
.Fa "OCSP_CRLID **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_OCSP_CRLID
.Fa "OCSP_CRLID *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
Theses functions decode and encode ASN.1 structures used for OCSP
responses.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_OCSP_RESPONSE
and
.Fn i2d_OCSP_RESPONSE
decode and encode an ASN.1
.Vt OCSPResponse
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_RESPBYTES
and
.Fn i2d_OCSP_RESPBYTES
decode and encode an ASN.1
.Vt ResponseBytes
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_BASICRESP
and
.Fn i2d_OCSP_BASICRESP
decode and encode an ASN.1
.Vt BasicOCSPResponse
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_RESPDATA
and
.Fn i2d_OCSP_RESPDATA
decode and encode an ASN.1
.Vt ResponseData
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_RESPID
and
.Fn i2d_OCSP_RESPID
decode and encode an ASN.1
.Vt ResponderID
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_SINGLERESP
and
.Fn i2d_OCSP_SINGLERESP
decode and encode an ASN.1
.Vt SingleResponse
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_CERTSTATUS
and
.Fn i2d_OCSP_CERTSTATUS
decode and encode an ASN.1
.Vt CertStatus
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_REVOKEDINFO
and
.Fn i2d_OCSP_REVOKEDINFO
decode and encode an ASN.1
.Vt RevokedInfo
structure defined in RFC 6960 section 4.2.1.
.Pp
.Fn d2i_OCSP_CRLID
and
.Fn i2d_OCSP_CRLID
decode and encode an ASN.1
.Vt CrlID
structure defined in RFC 6960 section 4.4.2.
.Sh RETURN VALUES
.Fn d2i_OCSP_RESPONSE ,
.Fn d2i_OCSP_RESPBYTES ,
.Fn d2i_OCSP_BASICRESP ,
.Fn d2i_OCSP_RESPDATA ,
.Fn d2i_OCSP_RESPID ,
.Fn d2i_OCSP_SINGLERESP ,
.Fn d2i_OCSP_CERTSTATUS ,
.Fn d2i_OCSP_REVOKEDINFO ,
and
.Fn d2i_OCSP_CRLID
return an object of the respective type or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_OCSP_RESPONSE ,
.Fn i2d_OCSP_RESPBYTES ,
.Fn i2d_OCSP_BASICRESP ,
.Fn i2d_OCSP_RESPDATA ,
.Fn i2d_OCSP_RESPID ,
.Fn i2d_OCSP_SINGLERESP ,
.Fn i2d_OCSP_CERTSTATUS ,
.Fn i2d_OCSP_REVOKEDINFO ,
and
.Fn i2d_OCSP_CRLID
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr OCSP_CRLID_new 3 ,
.Xr OCSP_RESPONSE_new 3 ,
.Xr OCSP_SINGLERESP_new 3
.Sh STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.2: Response Syntax
Added jni/libressl/man/d2i_PKCS12.3.




















































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
.\"	$OpenBSD: d2i_PKCS12.3,v 1.1 2016/12/26 18:04:45 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 26 2016 $
.Dt D2I_PKCS12 3
.Os
.Sh NAME
.Nm d2i_PKCS12 ,
.Nm i2d_PKCS12 ,
.Nm d2i_PKCS12_bio ,
.Nm i2d_PKCS12_bio ,
.Nm d2i_PKCS12_fp ,
.Nm i2d_PKCS12_fp ,
.Nm d2i_PKCS12_MAC_DATA ,
.Nm i2d_PKCS12_MAC_DATA ,
.Nm d2i_PKCS12_SAFEBAG ,
.Nm i2d_PKCS12_SAFEBAG ,
.Nm d2i_PKCS12_BAGS ,
.Nm i2d_PKCS12_BAGS
.Nd decode and encode PKCS#12 structures
.Sh SYNOPSIS
.In openssl/pkcs12.h
.Ft PKCS12 *
.Fo d2i_PKCS12
.Fa "PKCS12 **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS12
.Fa "PKCS12 *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS12 *
.Fo d2i_PKCS12_bio
.Fa "BIO *in_bio"
.Fa "PKCS12 **val_out"
.Fc
.Ft int
.Fo i2d_PKCS12_bio
.Fa "BIO *out_bio"
.Fa "PKCS12 *val_in"
.Fc
.Ft PKCS12 *
.Fo d2i_PKCS12_fp
.Fa "FILE *in_fp"
.Fa "PKCS12 **val_out"
.Fc
.Ft int
.Fo i2d_PKCS12_fp
.Fa "FILE *out_fp"
.Fa "PKCS12 *val_in"
.Fc
.Ft PKCS12_MAC_DATA *
.Fo d2i_PKCS12_MAC_DATA
.Fa "PKCS12_MAC_DATA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS12_MAC_DATA
.Fa "PKCS12_MAC_DATA *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS12_SAFEBAG *
.Fo d2i_PKCS12_SAFEBAG
.Fa "PKCS12_SAFEBAG **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS12_SAFEBAG
.Fa "PKCS12_SAFEBAG *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS12_BAGS *
.Fo d2i_PKCS12_BAGS
.Fa "PKCS12_BAGS **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS12_BAGS
.Fa "PKCS12_BAGS *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode PKCS#12 structures.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_PKCS12
and
.Fn i2d_PKCS12
decode and encode an ASN.1
.Vt PFX
.Pq personal information exchange
structure defined in RFC 7292 section 4.
.Fn d2i_PKCS12_bio ,
.Fn i2d_PKCS12_bio ,
.Fn d2i_PKCS12_fp ,
and
.Fn i2d_PKCS12_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_PKCS12_MAC_DATA
and
.Fn i2d_PKCS12_MAC_DATA
decode and encode an ASN.1
.Vt MacData
structure defined in RFC 7292 section 4.
.Pp
.Fn d2i_PKCS12_SAFEBAG
and
.Fn i2d_PKCS12_SAFEBAG
decode and encode an ASN.1
.Vt SafeBag
structure defined in RFC 7292 section 4.2.
.Pp
.Fn d2i_PKCS12_BAGS
and
.Fn i2d_PKCS12_BAGS
decode and encode the bagValue field of an ASN.1
.Vt SafeBag
structure.
.Sh RETURN VALUES
.Fn d2i_PKCS12 ,
.Fn d2i_PKCS12_bio ,
and
.Fn d2i_PKCS12_fp
return a
.Vt PKCS12
object or
.Dv NULL
if an error occurs.
.Pp
.Fn d2i_PKCS12_MAC_DATA ,
.Fn d2i_PKCS12_SAFEBAG ,
and
.Fn d2i_PKCS12_BAGS
return a
.Vt PKCS12_MAC_DATA ,
.Vt PKCS12_SAFEBAG ,
or
.Vt PKCS12_BAGS
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PKCS12 ,
.Fn i2d_PKCS12_MAC_DATA ,
.Fn i2d_PKCS12_SAFEBAG ,
and
.Fn i2d_PKCS12_BAGS
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp
.Fn i2d_PKCS12_bio
and
.Fn i2d_PKCS12_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr PKCS12_create 3 ,
.Xr PKCS12_new 3 ,
.Xr PKCS12_parse 3 ,
.Xr PKCS12_SAFEBAG_new 3
.Sh STANDARDS
RFC 7292: PKCS #12: Personal Information Exchange Syntax
Added jni/libressl/man/d2i_PKCS7.3.












































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
.\"	$OpenBSD: d2i_PKCS7.3,v 1.4 2016/12/27 13:10:26 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 27 2016 $
.Dt D2I_PKCS7 3
.Os
.Sh NAME
.Nm d2i_PKCS7 ,
.Nm i2d_PKCS7 ,
.Nm d2i_PKCS7_bio ,
.Nm i2d_PKCS7_bio ,
.Nm d2i_PKCS7_fp ,
.Nm i2d_PKCS7_fp ,
.Nm i2d_PKCS7_NDEF ,
.Nm d2i_PKCS7_DIGEST ,
.Nm i2d_PKCS7_DIGEST ,
.Nm d2i_PKCS7_ENCRYPT ,
.Nm i2d_PKCS7_ENCRYPT ,
.Nm d2i_PKCS7_ENC_CONTENT ,
.Nm i2d_PKCS7_ENC_CONTENT ,
.Nm d2i_PKCS7_ENVELOPE ,
.Nm i2d_PKCS7_ENVELOPE ,
.Nm d2i_PKCS7_ISSUER_AND_SERIAL ,
.Nm i2d_PKCS7_ISSUER_AND_SERIAL ,
.Nm d2i_PKCS7_RECIP_INFO ,
.Nm i2d_PKCS7_RECIP_INFO ,
.Nm d2i_PKCS7_SIGNED ,
.Nm i2d_PKCS7_SIGNED ,
.Nm d2i_PKCS7_SIGNER_INFO ,
.Nm i2d_PKCS7_SIGNER_INFO ,
.Nm d2i_PKCS7_SIGN_ENVELOPE ,
.Nm i2d_PKCS7_SIGN_ENVELOPE
.Nd decode and encode PKCS#7 data structures
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft PKCS7 *
.Fo d2i_PKCS7
.Fa "PKCS7 **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7
.Fa "PKCS7 *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7 *
.Fo d2i_PKCS7_bio
.Fa "BIO *in_bio"
.Fa "PKCS7 **val_out"
.Fc
.Ft int
.Fo i2d_PKCS7_bio
.Fa "BIO *out_bio"
.Fa "PKCS7 *val_in"
.Fc
.Ft PKCS7 *
.Fo d2i_PKCS7_fp
.Fa "FILE *in_fp"
.Fa "PKCS7 **val_out"
.Fc
.Ft int
.Fo i2d_PKCS7_fp
.Fa "FILE *out_fp"
.Fa "PKCS7 *val_in"
.Fc
.Ft int
.Fo i2d_PKCS7_NDEF
.Fa "PKCS7 *val_in"
.Fa "unsigned char **ber_out"
.Fc
.Ft PKCS7_DIGEST *
.Fo d2i_PKCS7_DIGEST
.Fa "PKCS7_DIGEST **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_DIGEST
.Fa "PKCS7_DIGEST *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_ENCRYPT *
.Fo d2i_PKCS7_ENCRYPT
.Fa "PKCS7_ENCRYPT **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_ENCRYPT
.Fa "PKCS7_ENCRYPT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_ENC_CONTENT *
.Fo d2i_PKCS7_ENC_CONTENT
.Fa "PKCS7_ENC_CONTENT **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_ENC_CONTENT
.Fa "PKCS7_ENC_CONTENT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_ENVELOPE *
.Fo d2i_PKCS7_ENVELOPE
.Fa "PKCS7_ENVELOPE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_ENVELOPE
.Fa "PKCS7_ENVELOPE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_ISSUER_AND_SERIAL *
.Fo d2i_PKCS7_ISSUER_AND_SERIAL
.Fa "PKCS7_ISSUER_AND_SERIAL **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_ISSUER_AND_SERIAL
.Fa "PKCS7_ISSUER_AND_SERIAL *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_RECIP_INFO *
.Fo d2i_PKCS7_RECIP_INFO
.Fa "PKCS7_RECIP_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_RECIP_INFO
.Fa "PKCS7_RECIP_INFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_SIGNED *
.Fo d2i_PKCS7_SIGNED
.Fa "PKCS7_SIGNED **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_SIGNED
.Fa "PKCS7_SIGNED *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_SIGNER_INFO *
.Fo d2i_PKCS7_SIGNER_INFO
.Fa "PKCS7_SIGNER_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_SIGNER_INFO
.Fa "PKCS7_SIGNER_INFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS7_SIGN_ENVELOPE *
.Fo d2i_PKCS7_SIGN_ENVELOPE
.Fa "PKCS7_SIGN_ENVELOPE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS7_SIGN_ENVELOPE
.Fa "PKCS7_SIGN_ENVELOPE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode PKCS#7 data structures.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_PKCS7
and
.Fn i2d_PKCS7
decode and encode an ASN.1
.Vt ContentInfo
structure defined in RFC 2315 section 7.
.Fn d2i_PKCS7_bio ,
.Fn i2d_PKCS7_bio ,
.Fn d2i_PKCS7_fp ,
and
.Fn i2d_PKCS7_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn i2d_PKCS7_NDEF
is similar to
.Fn i2d_PKCS7
except that it encodes using BER rather than DER, using the indefinite
length form where appropriate.
.Pp
.Fn d2i_PKCS7_DIGEST
and
.Fn i2d_PKCS7_DIGEST
decode and encode an ASN.1
.Vt DigestedData
structure defined in RFC 2315 section 12.
.Pp
.Fn d2i_PKCS7_ENCRYPT
and
.Fn i2d_PKCS7_ENCRYPT
decode and encode an ASN.1
.Vt EncryptedData
structure defined in RFC 2315 section 13.
.Pp
.Fn d2i_PKCS7_ENC_CONTENT
and
.Fn i2d_PKCS7_ENC_CONTENT
decode and encode an ASN.1
.Vt EncryptedContentInfo
structure defined in RFC 2315 section 10.1.
.Pp
.Fn d2i_PKCS7_ENVELOPE
and
.Fn i2d_PKCS7_ENVELOPE
decode and encode an ASN.1
.Vt EnvelopedData
structure defined in RFC 2315 section 10.
.Pp
.Fn d2i_PKCS7_ISSUER_AND_SERIAL
and
.Fn i2d_PKCS7_ISSUER_AND_SERIAL
decode and encode an ASN.1
.Vt IssuerAndSerialNumber
structure defined in RFC 2315 section 6.7.
.Pp
.Fn d2i_PKCS7_RECIP_INFO
and
.Fn i2d_PKCS7_RECIP_INFO
decode and encode an ASN.1
.Vt RecipientInfo
structure defined in RFC 2315 section 10.2.
.Pp
.Fn d2i_PKCS7_SIGNED
and
.Fn i2d_PKCS7_SIGNED
decode and encode an ASN.1
.Vt SignedData
structure defined in RFC 2315 section 9.
.Pp
.Fn d2i_PKCS7_SIGNER_INFO
and
.Fn i2d_PKCS7_SIGNER_INFO
decode and encode an ASN.1
.Vt SignerInfo
structure defined in RFC 2315 section 9.2.
.Pp
.Fn d2i_PKCS7_SIGN_ENVELOPE
and
.Fn i2d_PKCS7_SIGN_ENVELOPE
decode and encode an ASN.1
.Vt SignedAndEnvelopedData
structure defined in RFC 2315 section 11.
.Sh RETURN VALUES
.Fn d2i_PKCS7 ,
.Fn d2i_PKCS7_bio ,
and
.Fn d2i_PKCS7_fp
return a
.Vt PKCS7
object or
.Dv NULL
if an error occurs.
.Pp
.Fn d2i_PKCS7_DIGEST ,
.Fn d2i_PKCS7_ENCRYPT ,
.Fn d2i_PKCS7_ENC_CONTENT ,
.Fn d2i_PKCS7_ENVELOPE ,
.Fn d2i_PKCS7_ISSUER_AND_SERIAL ,
.Fn d2i_PKCS7_RECIP_INFO ,
.Fn d2i_PKCS7_SIGNED ,
.Fn d2i_PKCS7_SIGNER_INFO ,
and
.Fn d2i_PKCS7_SIGN_ENVELOPE
return an object of the respective type or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PKCS7 ,
.Fn i2d_PKCS7_NDEF ,
.Fn i2d_PKCS7_DIGEST ,
.Fn i2d_PKCS7_ENCRYPT ,
.Fn i2d_PKCS7_ENC_CONTENT ,
.Fn i2d_PKCS7_ENVELOPE ,
.Fn i2d_PKCS7_ISSUER_AND_SERIAL ,
.Fn i2d_PKCS7_RECIP_INFO ,
.Fn i2d_PKCS7_SIGNED ,
.Fn i2d_PKCS7_SIGNER_INFO ,
and
.Fn i2d_PKCS7_SIGN_ENVELOPE
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp
.Fn i2d_PKCS7_bio
and
.Fn i2d_PKCS7_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
.Xr PEM_write_bio_PKCS7_stream 3 ,
.Xr PEM_write_PKCS7 3 ,
.Xr PKCS7_new 3 ,
.Xr SMIME_write_PKCS7 3
.Sh STANDARDS
RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5
Changes to jni/libressl/man/d2i_PKCS8PrivateKey_bio.3.


















































1
2
3
4
5
6
7
8


















































.Dd $Mdocdate: June 16 2014 $
.Dt D2I_PKCS8PRIVATEKEY_BIO 3
.Os
.Sh NAME
.Nm d2i_PKCS8PrivateKey_bio ,
.Nm d2i_PKCS8PrivateKey_fp ,
.Nm i2d_PKCS8PrivateKey_bio ,
.Nm i2d_PKCS8PrivateKey_fp ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: d2i_PKCS8PrivateKey_bio.3,v 1.8 2017/01/07 17:27:15 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 7 2017 $
.Dt D2I_PKCS8PRIVATEKEY_BIO 3
.Os
.Sh NAME
.Nm d2i_PKCS8PrivateKey_bio ,
.Nm d2i_PKCS8PrivateKey_fp ,
.Nm i2d_PKCS8PrivateKey_bio ,
.Nm i2d_PKCS8PrivateKey_fp ,
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91
92
93

94
95
96
97










.Fc
.Sh DESCRIPTION
The PKCS#8 functions encode and decode private keys in PKCS#8 format
using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption
algorithms.
.Pp
Other than the use of DER as opposed to PEM these functions are
identical to the corresponding
.Xr pem 3
functions.
.Sh NOTES
Before using these functions,
.Xr OpenSSL_add_all_algorithms 3
should be called to initialize the internal algorithm lookup tables.
Otherwise errors about unknown algorithms will occur if an attempt is
made to decrypt a private key.
.Pp
These functions are currently the only way to store encrypted private
keys using DER format.
.Pp
Currently all the functions use
.Vt BIO
or
.Vt FILE

pointers, there are no functions which work directly on memory:
this can be readily worked around by converting the buffers to
memory BIOs, see

.Xr BIO_s_mem 3
for details.
.Sh SEE ALSO
.Xr pem 3

















|
|
|
<













>
|
|
|
>



|
>
>
>
>
>
>
>
>
>
>
117
118
119
120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
.Fc
.Sh DESCRIPTION
The PKCS#8 functions encode and decode private keys in PKCS#8 format
using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption
algorithms.
.Pp
Other than the use of DER as opposed to PEM these functions are
identical to the corresponding functions described in
.Xr PEM_read_PrivateKey 3 .
.Pp

Before using these functions,
.Xr OpenSSL_add_all_algorithms 3
should be called to initialize the internal algorithm lookup tables.
Otherwise errors about unknown algorithms will occur if an attempt is
made to decrypt a private key.
.Pp
These functions are currently the only way to store encrypted private
keys using DER format.
.Pp
Currently all the functions use
.Vt BIO
or
.Vt FILE
pointers.
There are no functions which work directly on memory,
though this can be readily worked around
by converting the buffers to memory BIOs;
see
.Xr BIO_s_mem 3
for details.
.Sh SEE ALSO
.Xr d2i_X509_SIG 3 ,
.Xr PEM_write_PKCS8PrivateKey 3 ,
.Xr PKCS8_PRIV_KEY_INFO_new 3
.Sh CAVEATS
Do not confuse these functions with
.Xr i2d_PKCS8PrivateKeyInfo_bio 3
and
.Xr i2d_PKCS8PrivateKeyInfo_fp 3 ,
which write out private keys in
.Sy unencrypted
DER format.
Added jni/libressl/man/d2i_PKCS8_PRIV_KEY_INFO.3.




































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
.\"	$OpenBSD: d2i_PKCS8_PRIV_KEY_INFO.3,v 1.1 2016/12/28 00:55:05 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_PKCS8_PRIV_KEY_INFO 3
.Os
.Sh NAME
.Nm d2i_PKCS8_PRIV_KEY_INFO ,
.Nm i2d_PKCS8_PRIV_KEY_INFO ,
.Nm d2i_PKCS8_PRIV_KEY_INFO_bio ,
.Nm i2d_PKCS8_PRIV_KEY_INFO_bio ,
.Nm d2i_PKCS8_PRIV_KEY_INFO_fp ,
.Nm i2d_PKCS8_PRIV_KEY_INFO_fp
.Nd decode and encode PKCS#8 private key
.Sh SYNOPSIS
.In openssl/x509.h
.Ft PKCS8_PRIV_KEY_INFO *
.Fo d2i_PKCS8_PRIV_KEY_INFO
.Fa "PKCS8_PRIV_KEY_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKCS8_PRIV_KEY_INFO
.Fa "PKCS8_PRIV_KEY_INFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PKCS8_PRIV_KEY_INFO *
.Fo d2i_PKCS8_PRIV_KEY_INFO_bio
.Fa "BIO *in_bio"
.Fa "PKCS8_PRIV_KEY_INFO **val_out"
.Fc
.Ft int
.Fo i2d_PKCS8_PRIV_KEY_INFO_bio
.Fa "BIO *out_bio"
.Fa "PKCS8_PRIV_KEY_INFO *val_in"
.Fc
.Ft PKCS8_PRIV_KEY_INFO *
.Fo d2i_PKCS8_PRIV_KEY_INFO_fp
.Fa "FILE *in_fp"
.Fa "PKCS8_PRIV_KEY_INFO **val_out"
.Fc
.Ft int
.Fo i2d_PKCS8_PRIV_KEY_INFO_fp
.Fa "BIO *out_fp"
.Fa "PKCS8_PRIV_KEY_INFO *val_in"
.Fc
.Sh DESCRIPTION
.Fn d2i_PKCS8_PRIV_KEY_INFO
and
.Fn i2d_PKCS8_PRIV_KEY_INFO
decode and encode an ASN.1
.Vt PrivateKeyInfo
structure defined in RFC 5208 section 5.
.Pp
.Fn d2i_PKCS8_PRIV_KEY_INFO_bio ,
.Fn i2d_PKCS8_PRIV_KEY_INFO_bio ,
.Fn d2i_PKCS8_PRIV_KEY_INFO_fp ,
and
.Fn i2d_PKCS8_PRIV_KEY_INFO_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
These functions all use unencrypted DER format.
To store private keys in encrypted form, consider
.Xr d2i_PKCS8PrivateKey_bio 3
or
.Xr PEM_write_PKCS8PrivateKey 3 .
.Sh RETURN VALUES
.Fn d2i_PKCS8_PRIV_KEY_INFO ,
.Fn d2i_PKCS8_PRIV_KEY_INFO_bio ,
and
.Fn d2i_PKCS8_PRIV_KEY_INFO_fp
return a
.Vt PKCS8_PRIV_KEY_INFO
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PKCS8_PRIV_KEY_INFO
returns the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp
.Fn i2d_PKCS8_PRIV_KEY_INFO_bio
and
.Fn i2d_PKCS8_PRIV_KEY_INFO_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr d2i_PKCS8PrivateKey_bio 3 ,
.Xr d2i_PrivateKey 3 ,
.Xr PEM_write_PKCS8_PRIV_KEY_INFO 3 ,
.Xr PKCS8_PRIV_KEY_INFO_new 3
.Sh STANDARDS
RFC 5208: PKCS#8: Private-Key Information Syntax Specification
Added jni/libressl/man/d2i_PKEY_USAGE_PERIOD.3.








































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.\"	$OpenBSD: d2i_PKEY_USAGE_PERIOD.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_PKEY_USAGE_PERIOD 3
.Os
.Sh NAME
.Nm d2i_PKEY_USAGE_PERIOD ,
.Nm i2d_PKEY_USAGE_PERIOD
.Nd decode and encode X.509 key usage period extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft PKEY_USAGE_PERIOD *
.Fo d2i_PKEY_USAGE_PERIOD
.Fa "PKEY_USAGE_PERIOD **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PKEY_USAGE_PERIOD
.Fa "PKEY_USAGE_PERIOD *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
.Fn d2i_PKEY_USAGE_PERIOD
and
.Fn i2d_PKEY_USAGE_PERIOD
decode and encode an ASN.1
.Vt PrivateKeyUsagePeriod
structure defined in RFC 3280 section 4.2.1.4.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Sh RETURN VALUES
.Fn d2i_PKEY_USAGE_PERIOD
returns a
.Vt PKEY_USAGE_PERIOD
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PKEY_USAGE_PERIOD
returns the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr PKEY_USAGE_PERIOD_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 3280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.2.1.4: Private Key Usage Period
.Pp
RFC 3280 was obsoleted by RFC 5280; see
.Xr PKEY_USAGE_PERIOD_new 3
for details.
Added jni/libressl/man/d2i_POLICYINFO.3.


































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
.\"	$OpenBSD: d2i_POLICYINFO.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_POLICYINFO 3
.Os
.Sh NAME
.Nm d2i_POLICYINFO ,
.Nm i2d_POLICYINFO ,
.Nm d2i_CERTIFICATEPOLICIES ,
.Nm i2d_CERTIFICATEPOLICIES ,
.Nm d2i_POLICYQUALINFO ,
.Nm i2d_POLICYQUALINFO ,
.Nm d2i_USERNOTICE ,
.Nm i2d_USERNOTICE ,
.Nm d2i_NOTICEREF ,
.Nm i2d_NOTICEREF
.Nd decode and encode X.509 certificate policies
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft POLICYINFO *
.Fo d2i_POLICYINFO
.Fa "POLICYINFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_POLICYINFO
.Fa "POLICYINFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft CERTIFICATEPOLICIES *
.Fo d2i_CERTIFICATEPOLICIES
.Fa "CERTIFICATEPOLICIES **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_CERTIFICATEPOLICIES
.Fa "CERTIFICATEPOLICIES *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft POLICYQUALINFO *
.Fo d2i_POLICYQUALINFO
.Fa "POLICYQUALINFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_POLICYQUALINFO
.Fa "POLICYQUALINFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft USERNOTICE *
.Fo d2i_USERNOTICE
.Fa "USERNOTICE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_USERNOTICE
.Fa "USERNOTICE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft NOTICEREF *
.Fo d2i_NOTICEREF
.Fa "NOTICEREF **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_NOTICEREF
.Fa "NOTICEREF *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode X.509 certificate policies.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_POLICYINFO
and
.Fn i2d_POLICYINFO
decode and encode an ASN.1
.Vt PolicyInformation
structure defined in RFC 5280 section 4.2.1.4.
.Pp
.Fn d2i_CERTIFICATEPOLICIES
and
.Fn i2d_CERTIFICATEPOLICIES
decode and encode an ASN.1
.Vt CertificatePolicies
structure defined in RFC 5280 section 4.2.1.4.
.Pp
.Fn d2i_POLICYQUALINFO
and
.Fn i2d_POLICYQUALINFO
decode and encode an ASN.1
.Vt PolicyQualifierInfo
structure defined in RFC 5280 section 4.2.1.4.
.Pp
.Fn d2i_USERNOTICE
and
.Fn i2d_USERNOTICE
decode and encode an ASN.1
.Vt UserNotice
structure defined in RFC 5280 section 4.2.1.4.
.Pp
.Fn d2i_NOTICEREF
and
.Fn i2d_NOTICEREF
decode and encode an ASN.1
.Vt NoticeReference
structure defined in RFC 5280 section 4.2.1.4.
.Sh RETURN VALUES
.Fn d2i_POLICYINFO ,
.Fn d2i_CERTIFICATEPOLICIES ,
.Fn d2i_POLICYQUALINFO ,
.Fn d2i_USERNOTICE ,
and
.Fn d2i_NOTICEREF
return a
.Vt POLICYINFO ,
.Vt CERTIFICATEPOLICIES ,
.Vt POLICYQUALINFO ,
.Vt USERNOTICE ,
or
.Vt NOTICEREF
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_POLICYINFO ,
.Fn i2d_CERTIFICATEPOLICIES ,
.Fn i2d_POLICYQUALINFO ,
.Fn i2d_USERNOTICE ,
and
.Fn i2d_NOTICEREF
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr POLICYINFO_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.2.1.4: Certificate Policies
Added jni/libressl/man/d2i_PROXY_POLICY.3.


























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
.\"	$OpenBSD: d2i_PROXY_POLICY.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_PROXY_POLICY 3
.Os
.Sh NAME
.Nm d2i_PROXY_POLICY ,
.Nm i2d_PROXY_POLICY ,
.Nm d2i_PROXY_CERT_INFO_EXTENSION ,
.Nm i2d_PROXY_CERT_INFO_EXTENSION
.Nd decode and encode X.509 proxy certificate extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft PROXY_POLICY *
.Fo d2i_PROXY_POLICY
.Fa "PROXY_POLICY **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PROXY_POLICY
.Fa "PROXY_POLICY *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PROXY_CERT_INFO_EXTENSION *
.Fo d2i_PROXY_CERT_INFO_EXTENSION
.Fa "PROXY_CERT_INFO_EXTENSION **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PROXY_CERT_INFO_EXTENSION
.Fa "PROXY_CERT_INFO_EXTENSION *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions encode and decode X.509 extensions that decide
whether a certificate is a proxy certificate, and which policies
apply to it.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_PROXY_POLICY
and
.Fn i2d_PROXY_POLICY
decode and encode an ASN.1
.Vt ProxyPolicy
structure defined in RFC 3820 section 3.8.
.Pp
.Fn d2i_PROXY_CERT_INFO_EXTENSION
and
.Fn i2d_PROXY_CERT_INFO_EXTENSION
decode and encode an ASN.1
.Vt ProxyCertInfo
structure defined in RFC 3820 section 3.8.
.Sh RETURN VALUES
.Fn d2i_PROXY_POLICY
and
.Fn d2i_PROXY_CERT_INFO_EXTENSION
return a
.Vt PROXY_POLICY
or
.Vt PROXY_CERT_INFO_EXTENSION
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PROXY_POLICY
and
.Fn i2d_PROXY_CERT_INFO_EXTENSION
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr PROXY_POLICY_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile
Added jni/libressl/man/d2i_PrivateKey.3.






















































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
.\"	$OpenBSD: d2i_PrivateKey.3,v 1.5 2016/12/28 01:38:16 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_PRIVATEKEY 3
.Os
.Sh NAME
.Nm d2i_PrivateKey ,
.Nm d2i_AutoPrivateKey ,
.Nm i2d_PrivateKey ,
.Nm d2i_PrivateKey_bio ,
.Nm d2i_PrivateKey_fp ,
.Nm i2d_PKCS8PrivateKeyInfo_bio ,
.Nm i2d_PKCS8PrivateKeyInfo_fp ,
.Nm d2i_PublicKey ,
.Nm i2d_PublicKey
.Nd decode and encode EVP_PKEY objects
.Sh SYNOPSIS
.In openssl/evp.h
.Ft EVP_PKEY *
.Fo d2i_PrivateKey
.Fa "int type"
.Fa "EVP_PKEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft EVP_PKEY *
.Fo d2i_AutoPrivateKey
.Fa "EVP_PKEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PrivateKey
.Fa "EVP_PKEY *val_in"
.Fa "unsigned char **des_out"
.Fc
.Ft EVP_PKEY *
.Fo d2i_PrivateKey_bio
.Fa "BIO *in_bio"
.Fa "EVP_PKEY **val_out"
.Fc
.Ft EVP_PKEY *
.Fo d2i_PrivateKey_fp
.Fa "FILE *in_fp"
.Fa "EVP_PKEY **val_out"
.Fc
.Ft int
.Fo i2d_PKCS8PrivateKeyInfo_bio
.Fa "BIO *out_bio"
.Fa "EVP_PKEY *val_in"
.Fc
.Ft int
.Fo i2d_PKCS8PrivateKeyInfo_fp
.Fa "FILE *out_fp"
.Fa "EVP_PKEY *val_in"
.Fc
.Ft EVP_PKEY *
.Fo d2i_PublicKey
.Fa "int type"
.Fa "EVP_PKEY **val_out"
.Fa "const unsigned char **des_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PublicKey
.Fa "EVP_PKEY *val_in"
.Fa "unsigned char **des_out"
.Fc
.Sh DESCRIPTION
These are algorithm-independent interfaces to decode and encode
private and public keys.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_PrivateKey
decodes a private key using algorithm
.Fa type .
It attempts to use any algorithm specific format or the PKCS#8 unencrypted
.Vt PrivateKeyInfo
format defined in RFC 5208 section 5.
The
.Fa type
parameter should be a public key algorithm constant such as
.Dv EVP_PKEY_RSA .
An error occurs if the decoded key does not match
.Fa type .
.Pp
.Fn d2i_AutoPrivateKey
is similar to
.Fn d2i_PrivateKey
except that it attempts to automatically detect the algorithm.
.Pp
.Fn d2i_PrivateKey_bio
and
.Fn d2i_PrivateKey_fp
are similar to
.Fn d2i_PrivateKey
except that they read from a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn i2d_PrivateKey
encodes
.Fa val_in .
It uses an algorithm specific format or, if none is defined for
that key type, the PKCS#8 unencrypted
.Vt PrivateKeyInfo
format.
.Pp
.Fn i2d_PKCS8PrivateKeyInfo_bio
and
.Fn i2d_PKCS8PrivateKeyInfo_fp
encode
.Fa val_in
in PKCS#8 unencrypted
.Vt PrivateKeyInfo
format.
They are similar to
.Fn i2d_PrivateKey
except that they don't use any algorithm-specific formats
and that they write to a
.Vt BIO
or
.Vt FILE
pointer rather than to a buffer.
.Pp
All these functions use DER format and unencrypted keys.
Applications wishing to encrypt or decrypt private keys should use other
functions such as
.Xr d2i_PKCS8PrivateKey_bio 3
instead.
.Pp
If
.Pf * Fa val_out
is not
.Dv NULL
when calling
.Fn d2i_PrivateKey
or
.Fn d2i_AutoPrivateKey
(i.e. an existing structure is being reused) and the key format is
PKCS#8, then
.Pf * Fa val_out
will be freed and replaced on a successful call.
.Pp
.Fn d2i_PublicKey
calls
.Xr d2i_DSAPublicKey 3 ,
.Xr o2i_ECPublicKey 3 ,
or
.Xr d2i_RSAPublicKey 3
depending on
.Fa type
and stores the result in the returned
.Vt EVP_PKEY
object.
.Pp
.Fn i2d_PublicKey
calls
.Xr i2d_DSAPublicKey 3 ,
.Xr i2o_ECPublicKey 3 ,
or
.Xr i2d_RSAPublicKey 3
depending on the algorithm used by
.Fa val_in .
.Sh RETURN VALUES
.Fn d2i_PrivateKey ,
.Fn d2i_AutoPrivateKey ,
.Fn d2i_PrivateKey_bio ,
.Fn d2i_PrivateKey_fp ,
and
.Fn d2i_PublicKey
return a valid
.Vt EVP_PKEY
structure or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PrivateKey
and
.Fn i2d_PublicKey
return the number of bytes successfully encoded or a negative value if
an error occurs.
.Pp
.Fn i2d_PKCS8PrivateKeyInfo_bio
and
.Fn i2d_PKCS8PrivateKeyInfo_fp
return 1 for success or 0 if an error occurs.
.Pp
For all functions, the error code can be obtained by calling
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_PKCS8_PRIV_KEY_INFO 3 ,
.Xr d2i_PKCS8PrivateKey_bio 3 ,
.Xr EVP_PKEY_type 3 ,
.Xr PEM_write_PrivateKey 3 ,
.Xr PKCS8_PRIV_KEY_INFO_new 3
.Sh STANDARDS
RFC 5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key
Information Syntax Specification
Changes to jni/libressl/man/d2i_RSAPublicKey.3.
1

2
3
4
5
6

7



8
9







10




11


12
13
14


15




16




17

18
19
20
21
22

23
24
25
26
27
28
29
30












31


32

33



34









35










36
37



38




39
40
41



42
43




44

45


46
47

48
49
50
51
52




53
54





55




56





57
58
59




60
61
62



63
64
65
66



67




68









69
70
71



72
73
74
75




76



77




78




79

80




81

82

83


84
85



86
87
88


89
90



91
92






93
94

95
96










97
98


99
100








101
102
103




104
105
106



107

108

109



110
111








112







113
114
115

116
117









118
119
120




121
122
123
124
125
126

127






128
129
130







131
132



133

134






.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v

.if n .sp



..
.de Vb \" Begin verbatim text







.ft CW




.nf


.ne \\$1
..
.de Ve \" End verbatim text


.ft R




.fi




..

.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch












.    ds L" ""


.    ds R" ""

.    ds C` ""



.    ds C' ""









'br\}










.el\{\
.    ds -- \|\(em\|



.    ds PI \(*p




.    ds L" ``
.    ds R" ''
.    ds C`



.    ds C'
'br\}




.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.


.ie \n(.g .ds Aq \(aq
.el       .ds Aq '

.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.




.\"
.\" Avoid warning from groff about undefined register 'F'.





.de IX




..





.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{




.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"



..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2



.        \}




.    \}









.\}
.rr rF
.\" ========================================================================



.\"
.IX Title "d2i_RSAPublicKey 3"
.TH d2i_RSAPublicKey 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes




.\" way too many mistakes in technical documents.



.if n .ad l




.nh




.SH "NAME"

d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,




d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,

d2i_Netscape_RSA \- RSA public and private key encoding functions.

.SH "SYNOPSIS"


.IX Header "SYNOPSIS"
.Vb 2



\& #include <openssl/rsa.h>
\& #include <openssl/x509.h>
\&


\& RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
\&



\& int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
\&






\& RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
\&

\& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
\&










\& RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
\&


\& int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
\&








\& int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
\&
\& RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());




.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"



\&\fId2i_RSAPublicKey()\fR and \fIi2d_RSAPublicKey()\fR decode and encode a PKCS#1

RSAPublicKey structure.

.PP



\&\fId2i_RSA_PUBKEY()\fR and \fIi2d_RSA_PUBKEY()\fR decode and encode an \s-1RSA\s0 public key using
a SubjectPublicKeyInfo (certificate public key) structure.








.PP







\&\fId2i_RSAPrivateKey()\fR, \fIi2d_RSAPrivateKey()\fR decode and encode a PKCS#1
RSAPrivateKey structure.
.PP

\&\fId2i_Netscape_RSA()\fR, \fIi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in
\&\s-1NET\s0 format.









.PP
The usage of all of these functions is similar to the \fId2i_X509()\fR and
\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page.




.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1RSA\s0\fR structure passed to the private key encoding functions should have
all the PKCS#1 private key components present.
.PP
The data encoded by the private key functions is unencrypted and therefore

offers no private key security.






.PP
The \s-1NET\s0 format functions are present to provide compatibility with certain very
old software. This format has some severe security weaknesses and should be







avoided if possible.
.SH "SEE ALSO"



.IX Header "SEE ALSO"

\&\fId2i_X509\fR\|(3)






|
>

|
<
|
|
>
|
>
>
>
|
<
>
>
>
>
>
>
>
|
>
>
>
>
|
>
>
|
|
<
>
>
|
>
>
>
>
|
>
>
>
>
|
>
|
|
|
|
|
>
|
|
<
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
>
|
>
>
>
|
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
|
>
>
>
>
|
|
|
>
>
>
|
<
>
>
>
>
|
>
|
>
>
|
<
>
|
<
<
<
|
>
>
>
>
|
<
>
>
>
>
>
|
>
>
>
>
|
>
>
>
>
>
|
<
<
>
>
>
>
|
|
<
>
>
>
|
|
<
<
>
>
>
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
<
>
>
>
|
|
|
<
>
>
>
>
|
>
>
>
|
>
>
>
>
|
>
>
>
>
|
>
|
>
>
>
>
|
>
|
>
|
>
>
|
|
>
>
>
|
<
<
>
>
|
<
>
>
>
|
<
>
>
>
>
>
>
|
<
>
|
<
>
>
>
>
>
>
>
>
>
>
|
<
>
>
|
<
>
>
>
>
>
>
>
>
|
<
|
>
>
>
>
|
<
<
>
>
>
|
>
|
>
|
>
>
>
|
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
|
|
<
>
|
<
>
>
>
>
>
>
>
>
>
|
<
<
>
>
>
>
|
|
<
<
|
<
>
|
>
>
>
>
>
>
|
<
<
>
>
>
>
>
>
>
|
|
>
>
>
|
>
|
>
>
>
>
>
>
1
2
3
4

5
6
7
8
9
10
11
12

13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119
120
121
122
123
124
125

126
127



128
129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150


151
152
153
154
155
156

157
158
159
160
161


162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

182
183
184
185
186
187

188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225


226
227
228

229
230
231
232

233
234
235
236
237
238
239

240
241

242
243
244
245
246
247
248
249
250
251
252

253
254
255

256
257
258
259
260
261
262
263
264

265
266
267
268
269
270


271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

302
303

304
305
306
307
308
309
310
311
312
313


314
315
316
317
318
319


320

321
322
323
324
325
326
327
328
329


330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
.\"	$OpenBSD: d2i_RSAPublicKey.3,v 1.9 2016/12/26 17:19:23 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file is a derived work.

.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"

.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Ulf Moeller <ulf@openssl.org> and
.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2002, 2003, 2009, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"

.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 26 2016 $
.Dt D2I_RSAPUBLICKEY 3
.Os
.Sh NAME
.Nm d2i_RSAPublicKey ,
.Nm i2d_RSAPublicKey ,
.Nm d2i_RSAPrivateKey ,
.Nm i2d_RSAPrivateKey ,
.Nm d2i_Netscape_RSA ,
.Nm i2d_Netscape_RSA ,
.Nm d2i_RSA_PSS_PARAMS ,
.Nm i2d_RSA_PSS_PARAMS ,
.Nm d2i_RSAPublicKey_bio ,
.Nm d2i_RSAPublicKey_fp ,
.Nm i2d_RSAPublicKey_bio ,
.Nm i2d_RSAPublicKey_fp ,
.Nm d2i_RSAPrivateKey_bio ,
.Nm d2i_RSAPrivateKey_fp ,
.Nm i2d_RSAPrivateKey_bio ,
.Nm i2d_RSAPrivateKey_fp ,
.Nm d2i_RSA_PUBKEY ,
.Nm i2d_RSA_PUBKEY ,
.Nm d2i_RSA_PUBKEY_bio ,
.Nm d2i_RSA_PUBKEY_fp ,
.Nm i2d_RSA_PUBKEY_bio ,
.Nm i2d_RSA_PUBKEY_fp
.Nd decode and encode RSA keys and parameters
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft RSA *
.Fo d2i_RSAPublicKey
.Fa "RSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_RSAPublicKey
.Fa "RSA *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft RSA *
.Fo d2i_RSAPrivateKey
.Fa "RSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc

.Ft int
.Fo i2d_RSAPrivateKey
.Fa "RSA *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft RSA *
.Fo d2i_Netscape_RSA
.Fa "RSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"

.Fa "int (*cb)()"
.Fc



.Ft int
.Fo i2d_Netscape_RSA
.Fa "RSA *val_in"
.Fa "unsigned char **der_out"
.Fa "int (*cb)()"
.Fc

.Ft RSA_PSS_PARAMS *
.Fo d2i_RSA_PSS_PARAMS
.Fa "RSA_PSS_PARAMS **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_RSA_PSS_PARAMS
.Fa "RSA_PSS_PARAMS *val_in"
.Fa "unsigned char **der_out"
.Fc
.In openssl/x509.h
.Ft RSA *
.Fo d2i_RSAPublicKey_bio
.Fa "BIO *in_bio"
.Fa "RSA **val_out"
.Fc


.Ft RSA *
.Fo d2i_RSAPublicKey_fp
.Fa "FILE *in_fp"
.Fa "RSA **val_out"
.Fc
.Ft int

.Fo i2d_RSAPublicKey_bio
.Fa "BIO *out_bio"
.Fa "RSA *val_in"
.Fc
.Ft int


.Fo i2d_RSAPublicKey_fp
.Fa "FILE *out_fp"
.Fa "RSA *val_in"
.Fc
.Ft RSA *
.Fo d2i_RSAPrivateKey_bio
.Fa "BIO *in_bio"
.Fa "RSA **val_out"
.Fc
.Ft RSA *
.Fo d2i_RSAPrivateKey_fp
.Fa "FILE *in_fp"
.Fa "RSA **val_out"
.Fc
.Ft int
.Fo i2d_RSAPrivateKey_bio
.Fa "BIO *out_bio"
.Fa "RSA *val_in"
.Fc
.Ft int

.Fo i2d_RSAPrivateKey_fp
.Fa "FILE *out_fp"
.Fa "RSA *val_in"
.Fc
.Ft RSA *
.Fo d2i_RSA_PUBKEY

.Fa "RSA **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_RSA_PUBKEY
.Fa "RSA *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft RSA *
.Fo d2i_RSA_PUBKEY_bio
.Fa "BIO *in_bio"
.Fa "RSA **val_out"
.Fc
.Ft RSA *
.Fo d2i_RSA_PUBKEY_fp
.Fa "FILE *in_fp"
.Fa "RSA **val_out"
.Fc
.Ft int
.Fo i2d_RSA_PUBKEY_bio
.Fa "BIO *out_bio"
.Fa "RSA *val_in"
.Fc
.Ft int
.Fo i2d_RSA_PUBKEY_fp
.Fa "FILE *out_fp"
.Fa "RSA *val_in"
.Fc
.Sh DESCRIPTION
These functions decode and encode RSA private and public keys.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_RSAPublicKey
and
.Fn i2d_RSAPublicKey
decode and encode a PKCS#1


.Vt RSAPublicKey
structure defined in RFC 8017 appendix A.1.1.
.Fn d2i_RSAPublicKey_bio ,

.Fn d2i_RSAPublicKey_fp ,
.Fn i2d_RSAPublicKey_bio ,
and
.Fn i2d_RSAPublicKey_fp

are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_RSAPrivateKey

and
.Fn i2d_RSAPrivateKey

decode and encode a PKCS#1
.Vt RSAPrivateKey
structure defined in RFC 8017 appendix A.1.2.
The
.Vt RSA
structure passed to the private key encoding functions should have
all the PKCS#1 private key components present.
The data encoded by the private key functions is unencrypted and
therefore offers no private key security.
.Fn d2i_RSAPrivateKey_bio ,
.Fn d2i_RSAPrivateKey_fp ,

.Fn i2d_RSAPrivateKey_bio ,
and
.Fn i2d_RSAPrivateKey_fp

are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_Netscape_RSA
and
.Fn i2d_Netscape_RSA

decode and encode an RSA private key in NET format.
These functions are present to provide compatibility with
certain very old software.
The NET format has some severe security weaknesses and should be
avoided if possible.
.Pp


.Fn d2i_RSA_PSS_PARAMS
and
.Fn i2d_RSA_PSS_PARAMS
decode and encode a PKCS#1
.Vt RSASSA-PSS-params
structure defined in RFC 8017 appendix A.2.3 and documented in
.Xr RSA_PSS_PARAMS_new 3 .
.Pp
.Fn d2i_RSA_PUBKEY
and
.Fn i2d_RSA_PUBKEY
decode and encode an RSA public key using an ASN.1
.Vt SubjectPublicKeyInfo
structure defined in RFC 5280 section 4.1 and documented in
.Xr X509_PUBKEY_new 3 .
.Fn d2i_RSA_PUBKEY_bio ,
.Fn d2i_RSA_PUBKEY_fp ,
.Fn i2d_RSA_PUBKEY_bio ,
and
.Fn i2d_RSA_PUBKEY_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Sh RETURN VALUES
.Fn d2i_RSAPublicKey ,
.Fn d2i_RSAPublicKey_bio ,
.Fn d2i_RSAPublicKey_fp ,
.Fn d2i_RSAPrivateKey ,
.Fn d2i_RSAPrivateKey_bio ,

.Fn d2i_RSAPrivateKey_fp ,
.Fn d2i_Netscape_RSA ,

.Fn d2i_RSA_PUBKEY ,
.Fn d2i_RSA_PUBKEY_bio ,
and
.Fn d2i_RSA_PUBKEY_fp
return a valid
.Vt RSA
object or
.Dv NULL
if an error occurs.
.Pp


.Fn d2i_RSA_PSS_PARAMS
returns a valid
.Vt RSA_PSS_PARAMS
object or
.Dv NULL
if an error occurs.


.Pp

.Fn i2d_RSAPublicKey ,
.Fn i2d_RSAPrivateKey ,
.Fn i2d_Netscape_RSA ,
.Fn i2d_RSA_PSS_PARAMS ,
and
.Fn i2d_RSA_PUBKEY
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp


.Fn i2d_RSAPublicKey_bio ,
.Fn i2d_RSAPublicKey_fp ,
.Fn i2d_RSAPrivateKey_bio ,
.Fn i2d_RSAPrivateKey_fp ,
.Fn i2d_RSA_PUBKEY_bio ,
and
.Fn i2d_RSA_PUBKEY_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr EVP_PKEY_set1_RSA 3 ,
.Xr PEM_write_RSAPrivateKey 3 ,
.Xr RSA_new 3 ,
.Xr RSA_PSS_PARAMS_new 3 ,
.Xr X509_PUBKEY_new 3
.Sh STANDARDS
RFC 8017: PKCS #1: RSA Cryptography Specifications
.Pp
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 4.1: Basic Certificate Fields
Changes to jni/libressl/man/d2i_SSL_SESSION.3.


1


2



3








































4
5
6
7
8
9
10
11


.\"


.\"	$OpenBSD$



.\"








































.Dd $Mdocdate: October 12 2014 $
.Dt D2I_SSL_SESSION 3
.Os
.Sh NAME
.Nm d2i_SSL_SESSION ,
.Nm i2d_SSL_SESSION
.Nd convert SSL_SESSION object from/to ASN1 representation
.Sh SYNOPSIS
>
>

>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.\"	$OpenBSD: d2i_SSL_SESSION.3,v 1.2 2016/12/05 19:13:30 schwarze Exp $
.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 5 2016 $
.Dt D2I_SSL_SESSION 3
.Os
.Sh NAME
.Nm d2i_SSL_SESSION ,
.Nm i2d_SSL_SESSION
.Nd convert SSL_SESSION object from/to ASN1 representation
.Sh SYNOPSIS
120
121
122
123
124
125
126

127
128
129
pointer is returned and the error message can be retrieved from the error
stack.
.Pp
.Fn i2d_SSL_SESSION
returns the size of the ASN1 representation in bytes.
When the session is not valid, 0 is returned and no operation is performed.
.Sh SEE ALSO

.Xr ssl 3 ,
.Xr SSL_CTX_sess_set_get_cb 3 ,
.Xr SSL_SESSION_free 3







>



167
168
169
170
171
172
173
174
175
176
177
pointer is returned and the error message can be retrieved from the error
stack.
.Pp
.Fn i2d_SSL_SESSION
returns the size of the ASN1 representation in bytes.
When the session is not valid, 0 is returned and no operation is performed.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr ssl 3 ,
.Xr SSL_CTX_sess_set_get_cb 3 ,
.Xr SSL_SESSION_free 3
Added jni/libressl/man/d2i_TS_REQ.3.


















































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
.\"	$OpenBSD: d2i_TS_REQ.3,v 1.1 2016/12/27 20:56:18 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 27 2016 $
.Dt D2I_TS_REQ 3
.Os
.Sh NAME
.Nm d2i_TS_REQ ,
.Nm i2d_TS_REQ ,
.Nm d2i_TS_REQ_bio ,
.Nm i2d_TS_REQ_bio ,
.Nm d2i_TS_REQ_fp ,
.Nm i2d_TS_REQ_fp ,
.Nm d2i_TS_RESP ,
.Nm i2d_TS_RESP ,
.Nm d2i_TS_RESP_bio ,
.Nm i2d_TS_RESP_bio ,
.Nm d2i_TS_RESP_fp ,
.Nm i2d_TS_RESP_fp ,
.Nm d2i_TS_STATUS_INFO ,
.Nm i2d_TS_STATUS_INFO ,
.Nm d2i_TS_TST_INFO ,
.Nm i2d_TS_TST_INFO ,
.Nm d2i_TS_TST_INFO_bio ,
.Nm i2d_TS_TST_INFO_bio ,
.Nm d2i_TS_TST_INFO_fp ,
.Nm i2d_TS_TST_INFO_fp ,
.Nm d2i_TS_ACCURACY ,
.Nm i2d_TS_ACCURACY ,
.Nm d2i_TS_MSG_IMPRINT ,
.Nm i2d_TS_MSG_IMPRINT ,
.Nm d2i_TS_MSG_IMPRINT_bio ,
.Nm i2d_TS_MSG_IMPRINT_bio ,
.Nm d2i_TS_MSG_IMPRINT_fp ,
.Nm i2d_TS_MSG_IMPRINT_fp
.Nd decode and encode X.509 time-stamp protocol structures
.Sh SYNOPSIS
.In openssl/ts.h
.Ft TS_REQ *
.Fo d2i_TS_REQ
.Fa "TS_REQ **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_TS_REQ
.Fa "const TS_REQ *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft TS_REQ *
.Fo d2i_TS_REQ_bio
.Fa "BIO *in_bio"
.Fa "TS_REQ **val_out"
.Fc
.Ft int
.Fo i2d_TS_REQ_bio
.Fa "BIO *out_bio"
.Fa "TS_REQ *val_in"
.Fc
.Ft TS_REQ *
.Fo d2i_TS_REQ_fp
.Fa "FILE *in_fp"
.Fa "TS_REQ **val_out"
.Fc
.Ft int
.Fo i2d_TS_REQ_fp
.Fa "FILE *out_fp"
.Fa "TS_REQ *val_in"
.Fc
.Ft TS_RESP *
.Fo d2i_TS_RESP
.Fa "TS_RESP **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_TS_RESP
.Fa "const TS_RESP *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft TS_RESP *
.Fo d2i_TS_RESP_bio
.Fa "BIO *in_bio"
.Fa "TS_RESP **val_out"
.Fc
.Ft int
.Fo i2d_TS_RESP_bio
.Fa "BIO *out_bio"
.Fa "TS_RESP *val_in"
.Fc
.Ft TS_RESP *
.Fo d2i_TS_RESP_fp
.Fa "FILE *in_fp"
.Fa "TS_RESP **val_out"
.Fc
.Ft int
.Fo i2d_TS_RESP_fp
.Fa "FILE *out_fp"
.Fa "TS_RESP *val_in"
.Fc
.Ft TS_STATUS_INFO *
.Fo d2i_TS_STATUS_INFO
.Fa "TS_STATUS_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_TS_STATUS_INFO
.Fa "const TS_STATUS_INFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft TS_TST_INFO *
.Fo d2i_TS_TST_INFO
.Fa "TS_TST_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_TS_TST_INFO
.Fa "const TS_TST_INFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft TS_TST_INFO *
.Fo d2i_TS_TST_INFO_bio
.Fa "BIO *in_bio"
.Fa "TS_TST_INFO **val_out"
.Fc
.Ft int
.Fo i2d_TS_TST_INFO_bio
.Fa "BIO *out_bio"
.Fa "TS_TST_INFO *val_in"
.Fc
.Ft TS_TST_INFO *
.Fo d2i_TS_TST_INFO_fp
.Fa "FILE *in_fp"
.Fa "TS_TST_INFO **val_out"
.Fc
.Ft int
.Fo i2d_TS_TST_INFO_fp
.Fa "FILE *out_fp"
.Fa "TS_TST_INFO *val_in"
.Fc
.Ft TS_ACCURACY *
.Fo d2i_TS_ACCURACY
.Fa "TS_ACCURACY **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_TS_ACCURACY
.Fa "const TS_ACCURACY *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft TS_MSG_IMPRINT *
.Fo d2i_TS_MSG_IMPRINT
.Fa "TS_MSG_IMPRINT **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_TS_MSG_IMPRINT
.Fa "const TS_MSG_IMPRINT *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft TS_MSG_IMPRINT *
.Fo d2i_TS_MSG_IMPRINT_bio
.Fa "BIO *in_bio"
.Fa "TS_MSG_IMPRINT **val_out"
.Fc
.Ft int
.Fo i2d_TS_MSG_IMPRINT_bio
.Fa "BIO *out_bio"
.Fa "TS_MSG_IMPRINT *val_in"
.Fc
.Ft TS_MSG_IMPRINT *
.Fo d2i_TS_MSG_IMPRINT_fp
.Fa "FILE *in_fp"
.Fa "TS_MSG_IMPRINT **val_out"
.Fc
.Ft int
.Fo i2d_TS_MSG_IMPRINT_fp
.Fa "FILE *out_fp"
.Fa "TS_MSG_IMPRINT *val_in"
.Fc
.Sh DESCRIPTION
These functions decode and encode X.509 structures used for the
time-stamp protocol.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_TS_REQ
and
.Fn i2d_TS_REQ
decode and encode an ASN.1
.Vt TimeStampReq
structure defined in RFC 3161 section 2.4.1.
.Fn d2i_TS_REQ_bio ,
.Fn i2d_TS_REQ_bio ,
.Fn d2i_TS_REQ_fp ,
and
.Fn i2d_TS_REQ_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_TS_RESP
and
.Fn i2d_TS_RESP
decode and encode an ASN.1
.Vt TimeStampResp
structure defined in RFC 3161 section 2.4.2.
.Fn d2i_TS_RESP_bio ,
.Fn i2d_TS_RESP_bio ,
.Fn d2i_TS_RESP_fp ,
and
.Fn i2d_TS_RESP_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_TS_STATUS_INFO
and
.Fn i2d_TS_STATUS_INFO
decode and encode an ASN.1
.Vt PKIStatusInfo
structure defined in RFC 3161 section 2.4.2.
.Pp
.Fn d2i_TS_TST_INFO
and
.Fn i2d_TS_TST_INFO
decode and encode an ASN.1
.Vt TSTInfo
structure defined in RFC 3161 section 2.4.2.
.Fn d2i_TS_TST_INFO_bio ,
.Fn i2d_TS_TST_INFO_bio ,
.Fn d2i_TS_TST_INFO_fp ,
and
.Fn i2d_TS_TST_INFO_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_TS_ACCURACY
and
.Fn i2d_TS_ACCURACY
decode and encode an ASN.1
.Vt Accuracy
structure defined in RFC 3161 section 2.4.2.
.Pp
.Fn d2i_TS_MSG_IMPRINT
and
.Fn i2d_TS_MSG_IMPRINT
decode and encode an ASN.1
.Vt MessageImprint
structure defined in RFC 3161 section 2.4.1.
.Fn d2i_TS_MSG_IMPRINT_bio ,
.Fn i2d_TS_MSG_IMPRINT_bio ,
.Fn d2i_TS_MSG_IMPRINT_fp ,
and
.Fn i2d_TS_MSG_IMPRINT_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Sh RETURN VALUES
.Fn d2i_TS_REQ ,
.Fn d2i_TS_REQ_bio ,
.Fn d2i_TS_REQ_fp ,
.Fn d2i_TS_RESP ,
.Fn d2i_TS_RESP_bio ,
.Fn d2i_TS_RESP_fp ,
.Fn d2i_TS_STATUS_INFO ,
.Fn d2i_TS_TST_INFO ,
.Fn d2i_TS_TST_INFO_bio ,
.Fn d2i_TS_TST_INFO_fp ,
.Fn d2i_TS_ACCURACY ,
.Fn d2i_TS_MSG_IMPRINT ,
.Fn d2i_TS_MSG_IMPRINT_bio ,
and
.Fn d2i_TS_MSG_IMPRINT_fp
return an object of the respective type or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_TS_REQ ,
.Fn i2d_TS_RESP ,
.Fn i2d_TS_STATUS_INFO ,
.Fn i2d_TS_TST_INFO ,
.Fn i2d_TS_ACCURACY ,
and
.Fn i2d_TS_MSG_IMPRINT
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp
.Fn i2d_TS_REQ_bio ,
.Fn i2d_TS_REQ_fp ,
.Fn i2d_TS_RESP_bio ,
.Fn i2d_TS_RESP_fp ,
.Fn i2d_TS_TST_INFO_bio ,
.Fn i2d_TS_TST_INFO_fp ,
.Fn i2d_TS_MSG_IMPRINT_bio ,
and
.Fn i2d_TS_MSG_IMPRINT_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr TS_REQ_new 3
.Sh STANDARDS
RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol
Changes to jni/libressl/man/d2i_X509.3.
1

2
3
4
5
6
7
8
9
10
11
12

13
14
15
16



17
18
19





20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35


36
37

38

39
40

41

42
43
44
45
46


47
48
49
50
51
52

53
54
55
56
57
58
59
60
61
62

63


64
65
66
67
68
69
70
71


72

73
74
75
76
77
78
79


80
81
82
83
84
85
86
87
88
89
90

91
92
93

94
95

96
97
98

99


100

101
102
103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118
119
120

121
122

123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

145



146
147
148
149
150


151
152
153
154
155
156
157
158
159
160
161
162
163


164
165


166
167
168
169
170
171
172


173
174
175


176
177
178
179



180
181
182
183
184
185
186
187
188
189
190
191

192





193




194
195
196
197
198
199
200
201
202
203
204
205
206
207

208
209
210
211




212


213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228


229
230
231
232
233


234
235
236
237
238
239
240

241
242

243
244
245
246
247
248


249

250
251

252
253
254
255
256
257
258
259
260
261
262


263

264
265
266

267


268
269
270
271

272
273
274
275
276
277
278
279
280
281

282
283
284
285
286

287
288
289
290
291
292
293
294
295
296
297
298
299
300
301


302
303



304





305
306
307
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..
.de Ve \" End verbatim text
.ft R
.fi



..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left





.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}


.el\{\
.    ds -- \|\(em\|

.    ds PI \(*p

.    ds L" ``
.    ds R" ''

.    ds C`

.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.

.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..


.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================


.\"

.IX Title "d2i_X509 3"
.TH d2i_X509 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"


d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
i2d_X509_fp \- X509 encode and decode functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
\& int i2d_X509(X509 *x, unsigned char **out);
\&
\& X509 *d2i_X509_bio(BIO *bp, X509 **x);

\& X509 *d2i_X509_fp(FILE *fp, X509 **x);
\&
\& int i2d_X509_bio(BIO *bp, X509 *x);

\& int i2d_X509_fp(FILE *fp, X509 *x);
.Ve

.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The X509 encode and decode routines encode and parse an

\&\fBX509\fR structure, which represents an X509 certificate.


.PP

\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If
successful a pointer to the \fBX509\fR structure is returned. If an error
occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the
returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR
then it is assumed that \fB*px\fR contains a valid \fBX509\fR
structure and an attempt is made to reuse it. If the call is
successful \fB*in\fR is incremented to the byte following the
parsed data.
.PP

\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format.
If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer
at \fB*out\fR, and increments it to point after the data just written.
If the return value is negative an error occurred, otherwise it
returns the length of the encoded data.
.PP
For OpenSSL 0.9.7 and later if \fB*out\fR is \fB\s-1NULL\s0\fR memory will be
allocated for a buffer and the encoded data written to it. In this
case \fB*out\fR is not incremented and it points to the start of the
data just written.
.PP

\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts
to parse data from \s-1BIO \s0\fBbp\fR.

.PP
\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts
to parse data from \s-1FILE\s0 pointer \fBfp\fR.
.PP
\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes
the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes
the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.SH "NOTES"
.IX Header "NOTES"
The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for
\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that
\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0
.PP
The functions can also understand \fB\s-1BER\s0\fR forms.
.PP
The actual X509 structure passed to \fIi2d_X509()\fR must be a valid
populated \fBX509\fR structure it can \fBnot\fR simply be fed with an
empty structure such as that returned by \fIX509_new()\fR.

.PP



The encoded data is in binary form and may contain embedded zeroes.
Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode.
Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length
of the encoded structure.
.PP


The ways that \fB*in\fR and \fB*out\fR are incremented after the operation
can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common
errors.
.PP
The reason for the auto increment behaviour is to reflect a typical
usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded
another will processed after it.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Allocate and encode the \s-1DER\s0 encoding of an X509 structure:
.PP
.Vb 2
\& int len;


\& unsigned char *buf, *p;
\&


\& len = i2d_X509(x, NULL);
\&
\& buf = malloc(len);
\&
\& if (buf == NULL)
\&        /* error */
\&


\& p = buf;
\&
\& i2d_X509(x, &p);


.Ve
.PP
If you are using OpenSSL 0.9.7 or later then this can be
simplified to:



.PP
.Vb 2
\& int len;
\& unsigned char *buf;
\&
\& buf = NULL;
\&
\& len = i2d_X509(x, &buf);
\&
\& if (len < 0)
\&        /* error */
.Ve

.PP





Attempt to decode a buffer:




.PP
.Vb 1
\& X509 *x;
\&
\& unsigned char *buf, *p;
\&
\& int len;
\&
\& /* Something to setup buf and len */
\&
\& p = buf;
\&
\& x = d2i_X509(NULL, &p, len);
\&

\& if (x == NULL)
\&    /* Some error */
.Ve
.PP




Alternative technique:


.PP
.Vb 1
\& X509 *x;
\&
\& unsigned char *buf, *p;
\&
\& int len;
\&
\& /* Something to setup buf and len */
\&
\& p = buf;
\&
\& x = NULL;
\&
\& if(!d2i_X509(&x, &p, len))
\&    /* Some error */


.Ve
.SH "WARNINGS"
.IX Header "WARNINGS"
The use of temporary variable is mandatory. A common
mistake is to attempt to use a buffer directly as follows:


.PP
.Vb 2
\& int len;
\& unsigned char *buf;
\&
\& len = i2d_X509(x, NULL);
\&

\& buf = malloc(len);
\&

\& if (buf == NULL)
\&        /* error */
\&
\& i2d_X509(x, &buf);
\&
\& /* Other stuff ... */


\&

\& free(buf);
.Ve

.PP
This code will result in \fBbuf\fR apparently containing garbage because
it was incremented after the call to point after the data just written.
Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BImalloc()\fB\fR
and the subsequent call to \fB\f(BIfree()\fB\fR may well crash.
.PP
The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL
0.9.7 and later. Attempts to use it on earlier versions will typically
cause a segmentation violation.
.PP
Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR:


.PP

.Vb 1
\& X509 *x;
\&

\& if (!d2i_X509(&x, &p, len))


\&        /* Some error */
.Ve
.PP
This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this

is that the variable \fBx\fR is uninitialized and an attempt will be made to
interpret its (invalid) value as an \fBX509\fR structure, typically causing
a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not
happen.
.SH "BUGS"
.IX Header "BUGS"
In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when
\&\fB*px\fR is valid is broken and some parts of the reused structure may
persist if they are not present in the new one. As a result the use
of this \*(L"reuse\*(R" behaviour is strongly discouraged.

.PP
\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL,
if mandatory fields are not initialized due to a programming error
then the encoded structure may contain invalid data or omit the
fields entirely and will not be parsed by \fId2i_X509()\fR. This may be

fixed in future so code should not assume that \fIi2d_X509()\fR will
always succeed.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure
or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by
\&\fIERR_get_error\fR\|(3).
.PP
\&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative
value if an error occurs. The error code can be obtained by
\&\fIERR_get_error\fR\|(3).
.PP
\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return 1 for success and 0 if an error
occurs The error code can be obtained by \fIERR_get_error\fR\|(3).
.SH "SEE ALSO"


.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3)



.SH "HISTORY"





.IX Header "HISTORY"
d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
are available in all versions of SSLeay and OpenSSL.
|
>

|
<
|
<
<
|
<
<
<
<
>
|
<
<
<
>
>
>
|
<
<
>
>
>
>
>
|
|
|
|
|
|
|
|
|
<
<
|
<
<
<
|
>
>
|
<
>
|
>
|
|
>
|
>
|
<

<
|
>
>
|

<
<
|
|
>

<
|
<
<
<
<
|
|
<
>
|
>
>
|
|
|
|
|
|
|
|
>
>

>
|
<
<
<
<
|
|
>
>
|
|
<
|
<
|
<
|
|
<
|
>
|
<
|
>
|
<
>
|
|
|
>
|
>
>
|
>
|
<
<
<
|
<
<
|
|
>
|
|
|
<
<
|
|
|
|
|
|
>
|
|
>
|
<
<
|
|
|
|
|
|
|
<
|
|
|
<
<
|
<
|
|
<
|
>
|
>
>
>
|
<
|
<
|
>
>
|
<
|
|
|
|
<
|
|
<
|
|
|
>
>
|
<
>
>
|
<
|
<
<
|
<
>
>
|
<
|
>
>
|
|
<
|
>
>
>
|
|
|
<
<
<
<
|
<
|
<
|
>
|
>
>
>
>
>
|
>
>
>
>
|
<
|
<
|
<
<
<
<
<
<
<
|
<
>
|
|
|
|
>
>
>
>
|
>
>
|
<
|
<
<
<
|
<
<
<
<
<
<
<
|
<
>
>
|
|
|
|
|
>
>
|
|
|
<
<
|
<
>
|
<
>
|
|
<
|
<
<
>
>
<
>
|
|
>
|
<
|
<
<
|
<
<
<
<
|
>
>
|
>
|
|
<
>
|
>
>
|
<
|
|
>
|
|
<
|
<
<
|
<
|
<
>
|
|
<
<
<
>
|
<
<
<
<
|
<
|
<
|
|
<
<
<
|
>
>
|
<
>
>
>
|
>
>
>
>
>
|
|

1
2
3
4

5


6




7
8



9
10
11
12


13
14
15
16
17
18
19
20
21
22
23
24
25
26


27



28
29
30
31

32
33
34
35
36
37
38
39
40

41

42
43
44
45
46


47
48
49
50

51




52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70




71
72
73
74
75
76

77

78

79
80

81
82
83

84
85
86

87
88
89
90
91
92
93
94
95
96
97



98


99
100
101
102
103
104


105
106
107
108
109
110
111
112
113
114
115


116
117
118
119
120
121
122

123
124
125


126

127
128

129
130
131
132
133
134
135

136

137
138
139
140

141
142
143
144

145
146

147
148
149
150
151
152

153
154
155

156


157

158
159
160

161
162
163
164
165

166
167
168
169
170
171
172




173

174

175
176
177
178
179
180
181
182
183
184
185
186
187
188

189

190







191

192
193
194
195
196
197
198
199
200
201
202
203
204

205



206







207

208
209
210
211
212
213
214
215
216
217
218
219


220

221
222

223
224
225

226


227
228

229
230
231
232
233

234


235




236
237
238
239
240
241
242

243
244
245
246
247

248
249
250
251
252

253


254

255

256
257
258



259
260




261

262

263
264



265
266
267
268

269
270
271
272
273
274
275
276
277
278
279
280
.\"	$OpenBSD: d2i_X509.3,v 1.6 2016/12/28 03:56:35 schwarze Exp $
.\"	OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000
.\"
.\" This file is a derived work.

.\" The changes are covered by the following Copyright and license:


.\"




.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"



.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"


.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions


.\" are met:



.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"

.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

.\"

.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"

.\" 6. Redistributions of any form whatsoever must retain the following




.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project

.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509 3




.Os
.Sh NAME
.Nm d2i_X509 ,
.Nm i2d_X509 ,
.Nm d2i_X509_bio ,
.Nm d2i_X509_fp ,

.Nm i2d_X509_bio ,

.Nm i2d_X509_fp ,

.Nm d2i_X509_AUX ,
.Nm i2d_X509_AUX ,

.Nm d2i_X509_CERT_AUX ,
.Nm i2d_X509_CERT_AUX ,
.Nm d2i_X509_CINF ,

.Nm i2d_X509_CINF ,
.Nm d2i_X509_VAL ,
.Nm i2d_X509_VAL

.Nd decode and encode X.509 certificates
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509 *
.Fo d2i_X509
.Fa "X509 **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509



.Fa "X509 *val_in"


.Fa "unsigned char **der_out"
.Fc
.Ft X509 *
.Fo d2i_X509_bio
.Fa "BIO *in_bio"
.Fa "X509 **val_out"


.Fc
.Ft X509 *
.Fo d2i_X509_fp
.Fa "FILE *in_fp"
.Fa "X509 **val_out"
.Fc
.Ft int
.Fo i2d_X509_bio
.Fa "BIO *out_bio"
.Fa "X509 *val_in"
.Fc


.Ft int
.Fo i2d_X509_fp
.Fa "FILE *out_fp"
.Fa "X509 *val_in"
.Fc
.Ft X509 *
.Fo d2i_X509_AUX

.Fa "X509 **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"


.Fc

.Ft int
.Fo i2d_X509_AUX

.Fa "X509 *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft X509_CERT_AUX *
.Fo d2i_X509_CERT_AUX
.Fa "X509_CERT_AUX **val_out"
.Fa "const unsigned char **der_in"

.Fa "long length"

.Fc
.Ft int
.Fo i2d_X509_CERT_AUX
.Fa "X509_CERT_AUX *val_in"

.Fa "unsigned char **der_out"
.Fc
.Ft X509_CINF *
.Fo d2i_X509_CINF

.Fa "X509_CINF **val_out"
.Fa "const unsigned char **der_in"

.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509_CINF
.Fa "X509_CINF *val_in"
.Fa "unsigned char **der_out"

.Fc
.Ft X509_VAL *
.Fo d2i_X509_VAL

.Fa "X509_VAL **val_out"


.Fa "const unsigned char **der_in"

.Fa "long length"
.Fc
.Ft int

.Fo i2d_X509_VAL
.Fa "X509_VAL *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION

These functions decode and encode X.509 certificates
and some of their substructures.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_X509
and




.Fn i2d_X509

decode and encode an ASN.1

.Vt Certificate
structure defined in RFC 5280 section 4.1.
.Pp
.Fn d2i_X509_bio ,
.Fn d2i_X509_fp ,
.Fn i2d_X509_bio ,
and
.Fn i2d_X509_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp

.Fn d2i_X509_AUX

is similar to







.Fn d2i_X509 ,

but the input is expected to consist of an X.509 certificate followed
by auxiliary trust information.
This is used by the PEM routines to read TRUSTED CERTIFICATE objects.
This function should not be called on untrusted input.
.Pp
.Fn i2d_X509_AUX
is similar to
.Fn i2d_X509 ,
but the encoded output contains both the certificate and any auxiliary
trust information.
This is used by the PEM routines to write TRUSTED CERTIFICATE objects.
Note that this is a non-standard OpenSSL-specific data format.
.Pp

.Fn d2i_X509_CERT_AUX



and







.Fn i2d_X509_CERT_AUX

decode and encode optional non-standard auxiliary data appended to
a certificate, for example friendly alias names and trust data.
.Pp
.Fn d2i_X509_CINF
and
.Fn i2d_X509_CINF
decode and encode an ASN.1
.Vt TBSCertificate
structure defined in RFC 5280 section 4.1.
.Pp
.Fn d2i_X509_VAL
and


.Fn i2d_X509_VAL

decode and encode an ASN.1
.Vt Validity

structure defined in RFC 5280 section 4.1.
.Sh RETURN VALUES
.Fn d2i_X509 ,

.Fn d2i_X509_bio ,


.Fn d2i_X509_fp ,
and

.Fn d2i_X509_AUX
return a valid
.Vt X509
structure or
.Dv NULL

if an error occurs.


.Pp




.Fn d2i_X509_CERT_AUX ,
.Fn d2i_X509_CINF ,
and
.Fn d2i_X509_VAL
return an
.Vt X509_CERT_AUX ,
.Vt X509_CINF ,

or
.Vt X509_VAL
object, respectively, or
.Dv NULL
if an error occurs.

.Pp
.Fn i2d_X509 ,
.Fn i2d_X509_AUX ,
.Fn i2d_X509_CERT_AUX ,
.Fn i2d_X509_CINF ,

and


.Fn i2d_X509_VAL

return the number of bytes successfully encoded or a negative value

if an error occurs.
.Pp
.Fn i2d_X509_bio



and
.Fn i2d_X509_fp




return 1 for success or 0 if an error occurs.

.Pp

For all functions, the error code can be obtained by
.Xr ERR_get_error 3 .



.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr X509_CINF_new 3 ,
.Xr X509_new 3

.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
.Sh HISTORY
.Fn d2i_X509 ,
.Fn i2d_X509 ,
.Fn d2i_X509_bio ,
.Fn d2i_X509_fp ,
.Fn i2d_X509_bio ,
and
.Fn i2d_X509_fp
are available in all versions of SSLeay and OpenSSL.
Changes to jni/libressl/man/d2i_X509_ALGOR.3.
1

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

44
45
46
47







48
49








50
51
52
53

54
55
56
57
58
59
60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95



96
97
98



.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,

.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}

.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '







.\"
.\" If the F register is turned on, we'll generate index entries on stderr for








.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{

.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "d2i_X509_ALGOR 3"
.TH d2i_X509_ALGOR 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
\& int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an \fBX509_ALGOR\fR structure which is
equivalent to the \fBAlgorithmIdentifier\fR structure.
.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
described in the \fId2i_X509\fR\|(3) manual page.



.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fId2i_X509\fR\|(3)



|
>

|
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
>

<
<
<
>
>
>
>
>
>
>

<
>
>
>
>
>
>
>
>
|
|
<
|
>
|
|
|
|
<
<
|
>
|
<
|
<
<
<
<
<
|
<
<
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
|
<
<
<
|
|
<
<
<
>
>
>
|
|
|
>
>
>
1
2
3
4




5














6
7




















8
9



10
11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33


34
35
36

37





38




39



40








41



42
43



44
45
46
47
48
49
50
51
52
.\"	$OpenBSD: d2i_X509_ALGOR.3,v 1.7 2016/12/28 14:17:47 schwarze Exp $
.\"	OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>




.\"














.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above




















.\" copyright notice and this permission notice appear in all copies.
.\"



.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509_ALGOR 3
.Os
.Sh NAME
.Nm d2i_X509_ALGOR ,
.Nm i2d_X509_ALGOR
.Nd decode and encode algorithm identifiers
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_ALGOR *

.Fo d2i_X509_ALGOR
.Fa "X509_ALGOR **val_out"
.Fa "unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int


.Fo i2d_X509_ALGOR
.Fa "X509_ALGOR *val_in"
.Fa "unsigned char **der_out"

.Fc





.Sh DESCRIPTION




.Fn d2i_X509_ALGOR



and








.Fn i2d_X509_ALGOR



decode and encode an ASN.1
.Vt AlgorithmIdentifier



structure defined in RFC 5280 section 4.1.1.2.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr X509_ALGOR_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Added jni/libressl/man/d2i_X509_ATTRIBUTE.3.












































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
.\"	$OpenBSD: d2i_X509_ATTRIBUTE.3,v 1.1 2016/12/28 13:45:30 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509_ATTRIBUTE 3
.Os
.Sh NAME
.Nm d2i_X509_ATTRIBUTE ,
.Nm i2d_X509_ATTRIBUTE
.\" In the following line, "X.501" and "Attribute" are not typos.
.\" The "Attribute" type is defined in X.501, not in X.509.
.\" The type in called "Attribute" with capital "A", not "attribute".
.Nd decode and encode generic X.501 Attribute
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_ATTRIBUTE *
.Fo d2i_X509_ATTRIBUTE
.Fa "X509_ATTRIBUTE **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509_ATTRIBUTE
.Fa "X509_ATTRIBUTE *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
.Fn d2i_X509_ATTRIBUTE
and
.Fn i2d_X509_ATTRIBUTE
decode and encode a generic ASN.1
.Vt Attribute
structure defined in X.501 section 8.2.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Sh RETURN VALUES
.Fn d2i_X509_ATTRIBUTE
returns an
.Vt X509_ATTRIBUTE
object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_X509_ATTRIBUTE
returns the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr d2i_PKCS12 3 ,
.Xr d2i_PKCS8_PRIV_KEY_INFO 3 ,
.Xr d2i_X509_EXTENSION 3 ,
.Xr d2i_X509_REQ 3 ,
.Xr X509_ATTRIBUTE_new 3
.Sh STANDARDS
ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information
Technology  Open Systems Interconnection  The Directory: Models,
section 8.2: Overall structure
Changes to jni/libressl/man/d2i_X509_CRL.3.
1

2
3
4
5
6
7
8
9
10



11


12




13
14

15
16
17
18
19
20
21
22
23
24
25







26
27
28
29
30
31
32

33
34
35
36


37
38
39
40
41
42
43
44

45
46
47
48
49
50
51


52




53
54

55

56
57
58
59
60
61
62
63
64
65
66


67
68



69



70
71
72
73

74

75
76
77
78
79

80
81
82
83
84
85
86
87
88
89
90
91
92
93

94

95
96


97




98
99

100
101

102




103
104
105





.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW



.nf


.ne \\$1




..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'







.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\


.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"

.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the


.\" output yourself in some meaningful fashion.




.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX

..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2


.        \}
.    \}



.\}



.rr rF
.\" ========================================================================
.\"
.IX Title "d2i_X509_CRL 3"

.TH d2i_X509_CRL 3 "2017-01-09" "LibreSSL " "LibreSSL"

.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"

d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_X509_CRL_fp,
i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
\& int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
\&
\& X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
\& X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
\&
\& int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);

\& int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);

.Ve
.SH "DESCRIPTION"


.IX Header "DESCRIPTION"




These functions decode and encode an X509 \s-1CRL \s0(certificate revocation
list).

.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR

described in the \fId2i_X509\fR\|(3) manual page.




.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fId2i_X509\fR\|(3)





|
>

|
<
<
<
<
|
<
<
>
>
>
|
>
>
|
>
>
>
>
|
<
>
|
|
|
<
<
<
<
|
|
|
|
>
>
>
>
>
>
>
|
|
|
<
<
|
|
>
|
|
<
|
>
>
|
|
|
|
|
|
<
|
>
|
|
|
|
|
|
|
>
>
|
>
>
>
>
|
|
>
|
>
|
|
<
<
|
|
|
|
|
|
|
>
>
|
|
>
>
>
|
>
>
>
|
<
|
|
>
|
>
|
<
<
<
<
>
<
<
<
<
<
<
<
<
<
<
|
|
<
|
>
|
>
|
<
>
>
|
>
>
>
>
|
|
>
|
|
>
|
>
>
>
>
|
|
|
>
>
>
>
>
1
2
3
4




5


6
7
8
9
10
11
12
13
14
15
16
17

18
19
20
21




22
23
24
25
26
27
28
29
30
31
32
33
34
35


36
37
38
39
40

41
42
43
44
45
46
47
48
49

50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72


73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

92
93
94
95
96
97




98










99
100

101
102
103
104
105

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
.\"	$OpenBSD: d2i_X509_CRL.3,v 1.5 2016/12/28 14:59:39 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>




.\"


.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509_CRL 3
.Os
.Sh NAME




.Nm d2i_X509_CRL ,
.Nm i2d_X509_CRL ,
.Nm d2i_X509_CRL_bio ,
.Nm d2i_X509_CRL_fp ,
.Nm i2d_X509_CRL_bio ,
.Nm i2d_X509_CRL_fp ,
.Nm d2i_X509_CRL_INFO ,
.Nm i2d_X509_CRL_INFO ,
.Nm d2i_X509_REVOKED ,
.Nm i2d_X509_REVOKED
.Nd decode and encode X.509 certificate revocation lists
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_CRL *


.Fo d2i_X509_CRL
.Fa "X509_CRL **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc

.Ft int
.Fo i2d_X509_CRL
.Fa "X509_CRL *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft X509_CRL *
.Fo d2i_X509_CRL_bio
.Fa "BIO *in_bio"
.Fa "X509_CRL **der_out"

.Fc
.Ft X509_CRL *
.Fo d2i_X509_CRL_fp
.Fa "FILE *in_fp"
.Fa "X509_CRL **der_out"
.Fc
.Ft int
.Fo i2d_X509_CRL_bio
.Fa "BIO *out_bio"
.Fa "X509_CRL *der_in"
.Fc
.Ft int
.Fo i2d_X509_CRL_fp
.Fa "FILE *out_fp"
.Fa "X509_CRL *der_in"
.Fc
.Ft X509_CRL_INFO *
.Fo d2i_X509_CRL_INFO
.Fa "X509_CRL_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int


.Fo i2d_X509_CRL_INFO
.Fa "X509_CRL_INFO *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft X509_REVOKED *
.Fo d2i_X509_REVOKED
.Fa "X509_REVOKED **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509_REVOKED
.Fa "X509_REVOKED *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions decode and encode X.509 certificate revocation lists.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .

.Pp
.Fn d2i_X509_CRL
and
.Fn i2d_X509_CRL
decode and encode an ASN.1
.Vt CertificateList




structure defined in RFC 5280 section 5.1.










.Fn d2i_X509_CRL_bio ,
.Fn d2i_X509_CRL_fp ,

.Fn i2d_X509_CRL_bio ,
and
.Fn i2d_X509_CRL_fp
are similar except that they decode or encode using a
.Vt BIO

or
.Vt FILE
pointer.
.Pp
.Fn d2i_X509_CRL_INFO
and
.Fn i2d_X509_CRL_INFO
decode and encode an ASN.1
.Vt TBSCertList
structure defined in RFC 5280 section 5.1.
.Pp
.Fn d2i_X509_REVOKED
and
.Fn i2d_X509_REVOKED
decode and encode an ASN.1 structure representing one element of
the revokedCertificates field of the ASN.1
.Vt TBSCertList
structure.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_REVOKED_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile,
section 5: CRL and CRL Extensions Profile
Added jni/libressl/man/d2i_X509_EXTENSION.3.
























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
.\"	$OpenBSD: d2i_X509_EXTENSION.3,v 1.1 2016/12/28 13:45:30 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509_EXTENSION 3
.Os
.Sh NAME
.Nm d2i_X509_EXTENSION ,
.Nm i2d_X509_EXTENSION ,
.Nm d2i_X509_EXTENSIONS ,
.Nm i2d_X509_EXTENSIONS
.\" In the next line, the capital "E" is not a typo.
.\" The ASN.1 structure is called "Extensions", not "extensions".
.Nd decode and encode X.509 Extensions
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_EXTENSION *
.Fo d2i_X509_EXTENSION
.Fa "X509_EXTENSION **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509_EXTENSION
.Fa "X509_EXTENSION *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft X509_EXTENSIONS *
.Fo d2i_X509_EXTENSIONS
.Fa "X509_EXTENSIONS **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509_EXTENSIONS
.Fa "X509_EXTENSIONS *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
.Fn d2i_X509_EXTENSION
and
.Fn i2d_X509_EXTENSION
decode and encode an ASN.1
.Vt Extension
structure defined in RFC 5280 section 4.1.
.Pp
.Fn d2i_X509_EXTENSIONS
and
.Fn i2d_X509_EXTENSIONS
decode and encode an ASN.1
.Vt Extensions
structure defined in RFC 5280 section 4.1,
which is a SEQUENCE OF
.Vt Extension .
.Sh RETURN VALUES
.Fn d2i_X509_EXTENSION
and
.Fn d2i_X509_EXTENSIONS
return an
.Vt X509_EXTENSION
or
.Vt X509_EXTENSIONS
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_X509_EXTENSION
and
.Fn i2d_X509_EXTENSIONS
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509V3_get_d2i 3 ,
.Xr X509v3_get_ext_by_NID 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Changes to jni/libressl/man/d2i_X509_NAME.3.
1

2
3
4
5
6
7
8
9
10



11


12




13
14

15
16
17








18
19
20
21
22
23

24
25
26

27


28
29
30
31
32

33
34
35
36


37
38
39
40
41
42
43
44


45

46
47
48
49
50
51
52
53







54






55


56


57
58
59

60

61
62
63
64


65

66
67



68






69


70
71




72
73

74
75
76



77
78
79
80
81
82

83
84
85
86

87
88
89
90
91
92
93


94
95

96


97
98

99









.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW



.nf


.ne \\$1




..
.de Ve \" End verbatim text

.ft R
.fi
..








.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.

.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-


.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""

.    ds C` ""
.    ds C' ""
'br\}
.el\{\


.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"


.\" Escape single quotes in literal strings from groff's Unicode transform.

.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"







.\" Avoid warning from groff about undefined register 'F'.






.de IX


..


.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{

.    if \nF \{

.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{


.            nr % 0

.            nr F 2
.        \}



.    \}






.\}


.rr rF
.\" ========================================================================




.\"
.IX Title "d2i_X509_NAME 3"

.TH d2i_X509_NAME 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.



.if n .ad l
.nh
.SH "NAME"
d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"

.Vb 1
\& #include <openssl/x509.h>
\&
\& X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);

\& int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an \fBX509_NAME\fR structure which is the
same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used
for example in certificate subject and issuer names.


.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR

described in the \fId2i_X509\fR\|(3) manual page.


.SH "SEE ALSO"
.IX Header "SEE ALSO"

\&\fId2i_X509\fR\|(3)









|
>

<
|
<
<
<
|
<
<
>
>
>
|
>
>
|
>
>
>
>
|
<
>
|
|
|
>
>
>
>
>
>
>
>
|
<
<
<
<
|
>
|
<
|
>
|
>
>
|
<
<
|
|
>
|
|
<
|
>
>
|
|
|
|
|
<
<
|
>
>
|
>
|
<
|
|
|
|
|
|
>
>
>
>
>
>
>
|
>
>
>
>
>
>
|
>
>
|
>
>
|
<
<
>
|
>
|
<
|
<
>
>
|
>
|
<
>
>
>
|
>
>
>
>
>
>
|
>
>
|
<
>
>
>
>
|
|
>
|
|
<
>
>
>
|
|
|
<
<
<
>
|
<
<
|
>
|
|
<
<
|
<
|
>
>
|
|
>
|
>
>
|
|
>
|
>
>
>
>
>
>
>
>
>
1
2
3

4



5


6
7
8
9
10
11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30




31
32
33

34
35
36
37
38
39


40
41
42
43
44

45
46
47
48
49
50
51
52


53
54
55
56
57
58

59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85


86
87
88
89

90

91
92
93
94
95

96
97
98
99
100
101
102
103
104
105
106
107
108
109

110
111
112
113
114
115
116
117
118

119
120
121
122
123
124



125
126


127
128
129
130


131

132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
.\"	$OpenBSD: d2i_X509_NAME.3,v 1.10 2017/01/07 08:46:13 jmc Exp $
.\"	OpenSSL d900a015 Oct 8 14:40:42 2015 +0200
.\"

.\" Copyright (c) 2016, 2017 Ingo Schwarze <schwarze@openbsd.org>



.\"


.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: January 7 2017 $
.Dt D2I_X509_NAME 3
.Os
.Sh NAME
.Nm d2i_X509_NAME ,
.Nm i2d_X509_NAME ,
.Nm X509_NAME_dup ,
.Nm X509_NAME_hash ,
.Nm d2i_X509_NAME_ENTRY ,
.Nm i2d_X509_NAME_ENTRY ,
.Nm X509_NAME_ENTRY_dup
.\" In the following line, "X.501" and "Name" are not typos.
.\" The "Name" type is defined in X.501, not in X.509.




.\" The type in called "Name" with capital "N", not "name".
.Nd decode and encode X.501 Name objects
.Sh SYNOPSIS

.In openssl/x509.h
.Ft X509_NAME *
.Fo d2i_X509_NAME
.Fa "X509_NAME **val_out"
.Fa "unsigned char **der_in"
.Fa "long length"


.Fc
.Ft int
.Fo i2d_X509_NAME
.Fa "X509_NAME *val_in"
.Fa "unsigned char **der_out"

.Fc
.Ft X509_NAME *
.Fo X509_NAME_dup
.Fa "X509_NAME *val_in"
.Fc
.Ft unsigned long
.Fo X509_NAME_hash
.Fa "X509_NAME *val_in"


.Fc
.Ft X509_NAME_ENTRY *
.Fo d2i_X509_NAME_ENTRY
.Fa "X509_NAME_ENTRY **val_out"
.Fa "unsigned char **der_in"
.Fa "long length"

.Fc
.Ft int
.Fo i2d_X509_NAME_ENTRY
.Fa "X509_NAME_ENTRY *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft X509_NAME_ENTRY *
.Fo X509_NAME_ENTRY_dup
.Fa "X509_NAME_ENTRY *val_in"
.Fc
.Sh DESCRIPTION
These functions decode and encode X.501
.Vt Name
objects using DER format.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_X509_NAME
and
.Fn i2d_X509_NAME
decode and encode an ASN.1
.Vt Name
structure defined in RFC 5280 section 4.1.2.4.
.Pp
.Fn X509_NAME_dup
copies
.Fa val_in


by calling
.Fn i2d_X509_NAME
and
.Fn d2i_X509_NAME .

.Pp

.Fn X509_NAME_hash
calculates a
.Xr SHA1 3
hash of the DER-encoded form of the name
.Pf * Fa val_in .

It is for example used by
.Xr X509_LOOKUP_hash_dir 3
to locate certificate files in the file system.
.Pp
.Fn d2i_X509_NAME_ENTRY
and
.Fn i2d_X509_NAME_ENTRY
decode and encode an ASN.1
.Vt RelativeDistinguishedName
structure defined in RFC 5280 section 4.1.2.4.
.Pp
.Fn X509_NAME_ENTRY_dup
copies
.Fa val_in

by calling
.Fn i2d_X509_NAME_ENTRY
and
.Fn d2i_X509_NAME_ENTRY .
.Sh RETURN VALUES
.Fn d2i_X509_NAME
and
.Fn X509_NAME_dup
return the new

.Vt X509_NAME
object or
.Dv NULL
if an error occurs.
.Pp
.Fn X509_NAME_hash



returns the hash value or 0 if an error occurs.
.Pp


.Fn d2i_X509_NAME_ENTRY
and
.Fn X509_NAME_ENTRY_dup
return the new


.Vt X509_NAME_ENTRY

object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_X509_NAME
and
.Fn i2d_X509_NAME_ENTRY
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr X509_NAME_ENTRY_new 3 ,
.Xr X509_NAME_new 3 ,
.Xr X509_NAME_print_ex 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
.Pp
ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical Encoding
Rules (CER) and Distinguished Encoding Rules (DER).
Changes to jni/libressl/man/d2i_X509_REQ.3.
1

2
3
4
5
6
7
8
9
10



11


12




13
14

15
16
17
18
19
20
21
22
23
24
25






26

27
28
29
30
31
32
33

34
35
36
37
38
39
40
41

42
43


44
45
46
47



48
49
50
51
52



53
54



55

56
57
58
59
60

61
62
63
64
65
66
67
68
69


70
71
72
73

74

75




76






77

78




79
80
81
82
83
84
85
86

87

88
89




90

91
92




93

94
95
96

97
98
99
100

101

102

103
104


.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW



.nf


.ne \\$1




..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'






.ie n \{\

.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""

.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`

.    ds C'
'br\}


.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '



.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.



.\"
.\" Avoid warning from groff about undefined register 'F'.



.de IX

..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{

.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}


.rr rF
.\" ========================================================================
.\"
.IX Title "d2i_X509_REQ 3"

.TH d2i_X509_REQ 3 "2017-01-09" "LibreSSL " "LibreSSL"

.\" For nroff, turn off justification.  Always turn off hyphenation; it makes




.\" way too many mistakes in technical documents.






.if n .ad l

.nh




.SH "NAME"
d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&

\& X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);

\& int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
\&




\& X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);

\& X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
\&




\& int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);

\& int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
.Ve
.SH "DESCRIPTION"

.IX Header "DESCRIPTION"
These functions decode and encode a PKCS#10 certificate request.
.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR

described in the \fId2i_X509\fR\|(3) manual page.

.SH "SEE ALSO"

.IX Header "SEE ALSO"
\&\fId2i_X509\fR\|(3)


|
>

|
<
<
<
<
|
<
<
>
>
>
|
>
>
|
>
>
>
>
|
<
>
|
|
|
<
<
<
<
|
|
|
|
>
>
>
>
>
>
|
>
|
|
|
<
|
|
|
>
|
|
|
|
|
|
|
|
>
|
<
>
>
|
<
<
|
>
>
>
|
<
<
<
|
>
>
>
|
<
>
>
>
|
>
|
|
<
<
|
>
|
<
|
<
<
<
<
<
|
>
>
|
<
|
|
>
|
>
|
>
>
>
>
|
>
>
>
>
>
>
|
>
|
>
>
>
>
|
|
|
<
<
<
<
<
>
|
>
|
<
>
>
>
>
|
>
|
<
>
>
>
>
|
>
|
<
<
>
|
<
|
|
>
|
>
|
>
|
|
>
>
1
2
3
4




5


6
7
8
9
10
11
12
13
14
15
16
17

18
19
20
21




22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

37
38
39
40
41
42
43
44
45
46
47
48
49
50

51
52
53


54
55
56
57
58



59
60
61
62
63

64
65
66
67
68
69
70


71
72
73

74





75
76
77
78

79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105





106
107
108
109

110
111
112
113
114
115
116

117
118
119
120
121
122
123


124
125

126
127
128
129
130
131
132
133
134
135
136
.\"	$OpenBSD: d2i_X509_REQ.3,v 1.5 2016/12/28 15:18:05 schwarze Exp $
.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>




.\"


.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509_REQ 3
.Os
.Sh NAME




.Nm d2i_X509_REQ ,
.Nm i2d_X509_REQ ,
.Nm d2i_X509_REQ_bio ,
.Nm d2i_X509_REQ_fp ,
.Nm i2d_X509_REQ_bio ,
.Nm i2d_X509_REQ_fp ,
.Nm d2i_X509_REQ_INFO ,
.Nm i2d_X509_REQ_INFO
.Nd decode and encode PKCS#10 certification requests
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_REQ *
.Fo d2i_X509_REQ
.Fa "X509_REQ **val_out"
.Fa "const unsigned char **der_in"

.Fa "long length"
.Fc
.Ft int
.Fo i2d_X509_REQ
.Fa "X509_REQ *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft X509_REQ *
.Fo d2i_X509_REQ_bio
.Fa "BIO *in_bio"
.Fa "X509_REQ **val_out"
.Fc
.Ft X509_REQ *
.Fo d2i_X509_REQ_fp

.Fa "FILE *in_fp"
.Fa "X509_REQ **val_out"
.Fc


.Ft int
.Fo i2d_X509_REQ_bio
.Fa "BIO *out_bio"
.Fa "X509_REQ *val_in"
.Fc



.Ft int
.Fo i2d_X509_REQ_fp
.Fa "FILE *out_fp"
.Fa "X509_REQ *val_in"
.Fc

.Ft X509_REQ_INFO *
.Fo d2i_X509_REQ_INFO
.Fa "X509_REQ_INFO **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int


.Fo i2d_X509_REQ_INFO
.Fa "X509_REQ_INFO *val_in"
.Fa "unsigned char **der_out"

.Fc





.Sh DESCRIPTION
These functions decode and encode PKCS#10 certification requests.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .

.Pp
.Fn d2i_X509_REQ
and
.Fn i2d_X509_REQ
decode and encode an ASN.1
.Vt CertificationRequest
structure defined in RFC 2986 section 4.2.
.Fn d2i_X509_REQ_bio ,
.Fn d2i_X509_REQ_fp ,
.Fn i2d_X509_REQ_bio ,
and
.Fn i2d_X509_REQ_fp
are similar except that they decode or encode using a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn d2i_X509_REQ_INFO
and
.Fn i2d_X509_REQ_INFO
decode and encode an ASN.1
.Vt CertificationRequestInfo
structure defined in RFC 2986 section 4.1.
.Sh RETURN VALUES
.Fn d2i_X509_REQ ,
.Fn d2i_X509_REQ_bio ,





and
.Fn d2i_X509_REQ_fp
return an
.Vt X509_REQ

object or
.Dv NULL
if an error occurs.
.Pp
.Fn d2i_X509_REQ_INFO
returns an
.Vt X509_REQ_INFO

object or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_X509_REQ
and
.Fn i2d_X509_REQ_INFO


return the number of bytes successfully encoded or a negative value
if an error occurs.

.Pp
.Fn i2d_X509_REQ_bio
and
.Fn i2d_X509_REQ_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr PEM_read_X509_REQ 3 ,
.Xr X509_REQ_new 3
.Sh STANDARDS
RFC 2986: PKCS #10: Certification Request Syntax Specification
Changes to jni/libressl/man/d2i_X509_SIG.3.
1

2
3
4
5
6
7
8
9
10



11


12




13
14

15
16
17







18
19
20
21
22







23
24
25
26

27

28
29
30
31
32
33
34
35
36

37
38
39
40
41
42
43

44
45
46
47

48
49









50
51
52
53





54
55



56

57

58
59
60
61
62
63
64
65

66






67

68
69
70
71
72
73
74
75
76

77
78




79



80
81
82


83
84
85









86
87

88
89
90
91

92




93
94
95
96
97
98
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW



.nf


.ne \\$1




..
.de Ve \" End verbatim text

.ft R
.fi
..







.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,







.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\

.    ds -- \(*W-

.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\

.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}

.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '

.\"
.\" If the F register is turned on, we'll generate index entries on stderr for









.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"





.\" Avoid warning from groff about undefined register 'F'.
.de IX



..

.nr rF 0

.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0

.            nr F 2






.        \}

.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "d2i_X509_SIG 3"
.TH d2i_X509_SIG 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.

.if n .ad l
.nh




.SH "NAME"



d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"


.Vb 1
\& #include <openssl/x509.h>
\&









\& X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
\& int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an X509_SIG structure which is

equivalent to the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7.




.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
described in the \fId2i_X509\fR\|(3) manual page.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fId2i_X509\fR\|(3)
|
>

|
<
<
<
<
|
<
<
>
>
>
|
>
>
|
>
>
>
>
|
<
>
|
|
|
>
>
>
>
>
>
>
|
<
<
<
<
>
>
>
>
>
>
>
|
|
<
|
>
|
>
|
<
|
|
|
|
|
<
|
>
|
|
|
|
|
|
<
>
|
|
|
|
>
|
<
>
>
>
>
>
>
>
>
>
|
<
<
|
>
>
>
>
>
|
|
>
>
>
|
>
|
>
|
<
|
|
<
|
<
<
>
|
>
>
>
>
>
>
|
>
|
|
|
<
|
|
<
<
<
>
|
|
>
>
>
>
|
>
>
>
|
|
<
>
>
|
<
<
>
>
>
>
>
>
>
>
>
|
<
>
|
<
|
|
>
|
>
>
>
>
|
|
<
<
<
<
1
2
3
4




5


6
7
8
9
10
11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27
28
29




30
31
32
33
34
35
36
37
38

39
40
41
42
43

44
45
46
47
48

49
50
51
52
53
54
55
56

57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72
73


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

90
91

92


93
94
95
96
97
98
99
100
101
102
103
104
105

106
107



108
109
110
111
112
113
114
115
116
117
118
119
120

121
122
123


124
125
126
127
128
129
130
131
132
133

134
135

136
137
138
139
140
141
142
143
144
145




.\"	$OpenBSD: d2i_X509_SIG.3,v 1.6 2016/12/28 02:48:59 schwarze Exp $
.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>




.\"


.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"

.Dd $Mdocdate: December 28 2016 $
.Dt D2I_X509_SIG 3
.Os
.Sh NAME
.Nm d2i_X509_SIG ,
.Nm i2d_X509_SIG ,
.Nm d2i_PKCS8_bio ,
.Nm i2d_PKCS8_bio ,
.Nm d2i_PKCS8_fp ,
.Nm i2d_PKCS8_fp
.\" In the next line, the number "7" is not a typo.
.\" These functions are misnamed.




.Nd decode and encode PKCS#7 digest information
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_SIG *
.Fo d2i_X509_SIG
.Fa "X509_SIG **val_out"
.Fa "unsigned char **der_in"
.Fa "long length"
.Fc

.Ft int
.Fo i2d_X509_SIG
.Fa "X509_SIG *val_in"
.Fa "unsigned char **der_out"
.Fc

.Ft X509_SIG *
.Fo d2i_PKCS8_bio
.Fa "BIO *in_bio"
.Fa "X509_SIG **val_out"
.Fc

.Ft int
.Fo i2d_PKCS8_bio
.Fa "BIO *out_bio"
.Fa "X509_SIG *val_in"
.Fc
.Ft X509_SIG *
.Fo d2i_PKCS8_fp
.Fa "FILE *in_fp"

.Fa "X509_SIG **val_out"
.Fc
.Ft int
.Fo i2d_PKCS8_fp
.Fa "FILE *out_fp"
.Fa "X509_SIG *val_in"
.Fc

.Sh DESCRIPTION
.Fn d2i_X509_SIG
and
.Fn i2d_X509_SIG
decode and encode an ASN.1
.Vt DigestInfo
structure defined in RFC 2315 section 9.4
and equivalently in RFC 8017 section 9.2.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .


.Pp
.Fn d2i_PKCS8_bio
and
.Fn d2i_PKCS8_fp
are similar to
.Fn d2i_X509_SIG
except that they read from a
.Vt BIO
or
.Vt FILE
pointer.
.Pp
.Fn i2d_PKCS8_bio
and
.Fn i2d_PKCS8_fp
are similar to

.Fn i2d_X509_SIG
except that they write to a

.Vt BIO


or
.Vt FILE
pointer.
.Sh RETURN VALUES
.Fn d2i_X509_SIG ,
.Fn d2i_PKCS8_bio ,
and
.Fn d2i_PKCS8_fp
return a
.Vt X509_SIG
object or
.Dv NULL
if an error occurs.

.Pp
.Fn i2d_X509_SIG



returns the number of bytes successfully encoded or a negative value
if an error occurs.
.Pp
.Fn i2d_PKCS8_bio
and
.Fn i2d_PKCS8_fp
return 1 for success or 0 if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr PKCS7_new 3 ,
.Xr RSA_sign 3 ,
.Xr X509_SIG_new 3
.Sh STANDARDS

RFC 2315: PKCS #7: Cryptographic Message Syntax,
section 9: Signed-data content type
.Pp


RFC 8017: PKCS #1: RSA Cryptography Specifications,
section 9: Encoding Methods for Signatures
.Sh BUGS
.Fn d2i_PKCS8_bio ,
.Fn i2d_PKCS8_bio ,
.Fn d2i_PKCS8_fp ,
and
.Fn i2d_PKCS8_fp
are severely misnamed and should have been called
.Dq d2i_X509_SIG_bio

and so on.
.Pp

Or arguably, the
.Vt X509_SIG
object is misnamed itself, considering that it represents
.Vt DigestInfo
from PKCS#7 and PKCS#1.
Then again, calling it
.Dq PKCS8
instead clearly isn't an improvement.
.Pp
Either way, these names just don't fit.




Changes to jni/libressl/man/des_read_pw.3.




















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75


76
77
78

79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97




















































.Dd $Mdocdate: November 12 2015 $
.Dt DES_READ_PW 3
.Os
.Sh NAME
.Nm des_read_password ,
.Nm des_read_2passwords ,
.Nm des_read_pw_string ,
.Nm des_read_pw
.Nd Compatibility user interface functions
.Sh SYNOPSIS
.In openssl/des_old.h
.Ft int
.Fo des_read_password
.Fa "DES_cblock *key"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Ft int
.Fo des_read_2passwords
.Fa "DES_cblock *key1"
.Fa "DES_cblock *key2"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Ft int
.Fo des_read_pw_string
.Fa "char *buf"
.Fa "int length"
.Fa "const char *prompt"
.Fa "int verify"
.Fc

.Ft int
.Fo des_read_pw
.Fa "char *buf"
.Fa "char *buff"
.Fa "int size"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Sh DESCRIPTION
The DES library contained a few routines to prompt for passwords.
These aren't necessarily dependent on DES, and have therefore become
part of the UI compatibility library.
.Pp
.Fn des_read_pw
writes the string specified by
.Fa prompt
to standard output turns echo off and reads an input string from the
terminal.
The string is returned in
.Fa buf ,
which must have space for at least
.Fa size
bytes.
If
.Fa verify
is set, the user is asked for the password twice and unless the two
copies match, an error is returned.
The second password is stored in
.Fa buff ,
which must therefore also be at least
.Fa size
bytes.
A return code of -1 indicates a system error, 1 failure due to use
interaction, and 0 is success.
All other functions described here use
.Fn des_read_pw
to do the work.
.Pp
.Fn des_read_pw_string
is a variant of
.Fn des_read_pw
that provides a buffer for you if
.Fa verify
is set.


.Pp
.Fn des_read_password
calls

.Fn des_read_pw
and converts the password to a DES key by calling
.Xr DES_string_to_key 3 ;
.Fn des_read_2passwords
operates in the same way as
.Fn des_read_password
except that it generates two keys by using the
.Xr DES_string_to_2key 3
function.
.Sh NOTES
.Fn des_read_pw_string
is available in the MIT Kerberos library as well, and is also available
under the name
.Xr EVP_read_pw_string 3 .
.Sh SEE ALSO
.Xr UI_new 3
.Sh AUTHORS
.An Richard Levitte Aq Mt richard@levitte.org
for the OpenSSL project.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|



|
<

|
|

|

|
|
|
|
<
<
<
<
<










>

|

<
|











|




|








|



<
<
<




|


>
>
|
<
|
>
|
<
<
|
|
|
<
|
|
<
|
<
<
<





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

58
59
60
61
62
63
64
65
66
67





68
69
70
71
72
73
74
75
76
77
78
79
80
81

82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111



112
113
114
115
116
117
118
119
120
121

122
123
124


125
126
127

128
129

130



131
132
133
134
135
.\"	$OpenBSD: des_read_pw.3,v 1.6 2017/01/06 17:17:29 schwarze Exp $
.\"	OpenSSL doc/crypto/ui_compat.pod May 14 11:28:00 2006 +0000
.\"	OpenSSL doc/crypto/des.pod 2a9aca32 Oct 25 08:44:10 2001 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and
.\" Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 6 2017 $
.Dt DES_READ_PW 3
.Os
.Sh NAME
.Nm des_read_pw ,

.Nm des_read_pw_string ,
.Nm EVP_read_pw_string
.Nd compatibility user interface functions
.Sh SYNOPSIS
.In openssl/ui_compat.h
.Ft int
.Fo des_read_pw
.Fa "char *buf"
.Fa "char *buff"
.Fa "int length"





.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Ft int
.Fo des_read_pw_string
.Fa "char *buf"
.Fa "int length"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.In openssl/evp.h
.Ft int
.Fo EVP_read_pw_string
.Fa "char *buf"

.Fa "int length"
.Fa "const char *prompt"
.Fa "int verify"
.Fc
.Sh DESCRIPTION
The DES library contained a few routines to prompt for passwords.
These aren't necessarily dependent on DES, and have therefore become
part of the UI compatibility library.
.Pp
.Fn des_read_pw
writes the string specified by
.Fa prompt
to standard output, turns echo off, and reads an input string from the
terminal.
The string is returned in
.Fa buf ,
which must have space for at least
.Fa length
bytes.
If
.Fa verify
is set, the user is asked for the password twice and unless the two
copies match, an error is returned.
The second password is stored in
.Fa buff ,
which must therefore also be at least
.Fa length
bytes.
A return code of -1 indicates a system error, 1 failure due to use
interaction, and 0 is success.



.Pp
.Fn des_read_pw_string
is a variant of
.Fn des_read_pw
that provides a buffer if
.Fa verify
is set.
It is available in the MIT Kerberos library as well.
If
.Fa length

exceeds
.Dv BUFSIZ ,
.Fn des_read_pw_string


uses
.Dv BUFSIZ .
.Pp

.Fn EVP_read_pw_string
is functionally similar to

.Fn des_read_pw_string .



.Sh SEE ALSO
.Xr UI_new 3
.Sh AUTHORS
.An Richard Levitte Aq Mt richard@levitte.org
for the OpenSSL project.
Deleted jni/libressl/man/dh.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "dh 3"
.TH dh 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
dh \- Diffie\-Hellman key agreement
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/dh.h>
\& #include <openssl/engine.h>
\&
\& DH *   DH_new(void);
\& void   DH_free(DH *dh);
\&
\& int    DH_size(const DH *dh);
\&
\& DH *   DH_generate_parameters(int prime_len, int generator,
\&                void (*callback)(int, int, void *), void *cb_arg);
\& int    DH_check(const DH *dh, int *codes);
\&
\& int    DH_generate_key(DH *dh);
\& int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
\&
\& void DH_set_default_method(const DH_METHOD *meth);
\& const DH_METHOD *DH_get_default_method(void);
\& int DH_set_method(DH *dh, const DH_METHOD *meth);
\& DH *DH_new_method(ENGINE *engine);
\& const DH_METHOD *DH_OpenSSL(void);
\&
\& int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
\&             int (*dup_func)(), void (*free_func)());
\& int DH_set_ex_data(DH *d, int idx, char *arg);
\& char *DH_get_ex_data(DH *d, int idx);
\&
\& DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
\& int    i2d_DHparams(const DH *a, unsigned char **pp);
\&
\& int    DHparams_print_fp(FILE *fp, const DH *x);
\& int    DHparams_print(BIO *bp, const DH *x);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions implement the Diffie-Hellman key agreement protocol.  The
generation of shared \s-1DH\s0 parameters is described in
\&\fIDH_generate_parameters\fR\|(3);
\&\fIDH_generate_key\fR\|(3) describes how to perform a key
agreement.
.PP
The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components.
.PP
.Vb 9
\& struct
\&        {
\&        BIGNUM *p;              // prime number (shared)
\&        BIGNUM *g;              // generator of Z_p (shared)
\&        BIGNUM *priv_key;       // private DH value x
\&        BIGNUM *pub_key;        // public DH value g^x
\&        // ...
\&        };
\& DH
.Ve
.PP
Note that \s-1DH\s0 keys may use non-standard \fB\s-1DH_METHOD\s0\fR implementations,
either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values
will not be used by the implementation or may be used for alternative data
storage. For this reason, applications should generally avoid using \s-1DH\s0
structure elements directly and instead use \s-1API\s0 functions to query or
modify keys.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdhparam\fR\|(1), \fIbn\fR\|(3), \fIdsa\fR\|(3), \fIerr\fR\|(3),
\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIengine\fR\|(3),
\&\fIDH_set_method\fR\|(3), \fIDH_new\fR\|(3),
\&\fIDH_get_ex_new_index\fR\|(3),
\&\fIDH_generate_parameters\fR\|(3),
\&\fIDH_compute_key\fR\|(3), \fId2i_DHparams\fR\|(3),
\&\fIRSA_print\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


















































































































































































































































































































Deleted jni/libressl/man/dsa.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "dsa 3"
.TH dsa 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
dsa \- Digital Signature Algorithm
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/dsa.h>
\& #include <openssl/engine.h>
\&
\& DSA *  DSA_new(void);
\& void   DSA_free(DSA *dsa);
\&
\& int    DSA_size(const DSA *dsa);
\&
\& DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
\&                int seed_len, int *counter_ret, unsigned long *h_ret,
\&                void (*callback)(int, int, void *), void *cb_arg);
\&
\& DH *   DSA_dup_DH(const DSA *r);
\&
\& int    DSA_generate_key(DSA *dsa);
\&
\& int    DSA_sign(int dummy, const unsigned char *dgst, int len,
\&                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
\& int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
\&                BIGNUM **rp);
\& int    DSA_verify(int dummy, const unsigned char *dgst, int len,
\&                const unsigned char *sigbuf, int siglen, DSA *dsa);
\&
\& void DSA_set_default_method(const DSA_METHOD *meth);
\& const DSA_METHOD *DSA_get_default_method(void);
\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
\& DSA *DSA_new_method(ENGINE *engine);
\& const DSA_METHOD *DSA_OpenSSL(void);
\&
\& int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
\&             int (*dup_func)(), void (*free_func)());
\& int DSA_set_ex_data(DSA *d, int idx, char *arg);
\& char *DSA_get_ex_data(DSA *d, int idx);
\&
\& DSA_SIG *DSA_SIG_new(void);
\& void   DSA_SIG_free(DSA_SIG *a);
\& int    i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
\& DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
\&
\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
\& int    DSA_do_verify(const unsigned char *dgst, int dgst_len,
\&             DSA_SIG *sig, DSA *dsa);
\&
\& DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
\& DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
\& DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
\& int    i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
\& int    i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
\& int    i2d_DSAparams(const DSA *a,unsigned char **pp);
\&
\& int    DSAparams_print(BIO *bp, const DSA *x);
\& int    DSAparams_print_fp(FILE *fp, const DSA *x);
\& int    DSA_print(BIO *bp, const DSA *x, int off);
\& int    DSA_print_fp(FILE *bp, const DSA *x, int off);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions implement the Digital Signature Algorithm (\s-1DSA\s0).  The
generation of shared \s-1DSA\s0 parameters is described in
\&\fIDSA_generate_parameters\fR\|(3);
\&\fIDSA_generate_key\fR\|(3) describes how to
generate a signature key. Signature generation and verification are
described in \fIDSA_sign\fR\|(3).
.PP
The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components.
.PP
.Vb 10
\& struct
\&        {
\&        BIGNUM *p;              // prime number (public)
\&        BIGNUM *q;              // 160\-bit subprime, q | p\-1 (public)
\&        BIGNUM *g;              // generator of subgroup (public)
\&        BIGNUM *priv_key;       // private key x
\&        BIGNUM *pub_key;        // public key y = g^x
\&        // ...
\&        }
\& DSA;
.Ve
.PP
In public keys, \fBpriv_key\fR is \s-1NULL.\s0
.PP
Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations,
either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values
will not be used by the implementation or may be used for alternative data
storage. For this reason, applications should generally avoid using \s-1DSA\s0
structure elements directly and instead use \s-1API\s0 functions to query or
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3),
\&\fIrsa\fR\|(3), \fIsha\fR\|(3), \fIengine\fR\|(3),
\&\fIDSA_new\fR\|(3),
\&\fIDSA_size\fR\|(3),
\&\fIDSA_generate_parameters\fR\|(3),
\&\fIDSA_dup_DH\fR\|(3),
\&\fIDSA_generate_key\fR\|(3),
\&\fIDSA_sign\fR\|(3), \fIDSA_set_method\fR\|(3),
\&\fIDSA_get_ex_new_index\fR\|(3),
\&\fIRSA_print\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






















































































































































































































































































































































































Deleted jni/libressl/man/ec.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "ec 3"
.TH ec 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
ec \- Elliptic Curve functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/ec.h>
\& #include <openssl/bn.h>
\&
\& const EC_METHOD *EC_GFp_simple_method(void);
\& const EC_METHOD *EC_GFp_mont_method(void);
\& const EC_METHOD *EC_GFp_nist_method(void);
\& const EC_METHOD *EC_GFp_nistp224_method(void);
\& const EC_METHOD *EC_GFp_nistp256_method(void);
\& const EC_METHOD *EC_GFp_nistp521_method(void);
\&
\& const EC_METHOD *EC_GF2m_simple_method(void);
\&
\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
\& void EC_GROUP_free(EC_GROUP *group);
\& void EC_GROUP_clear_free(EC_GROUP *group);
\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
\& int EC_METHOD_get_field_type(const EC_METHOD *meth);
\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
\& int EC_GROUP_get_curve_name(const EC_GROUP *group);
\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
\& size_t EC_GROUP_get_seed_len(const EC_GROUP *);
\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_degree(const EC_GROUP *group);
\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
\&
\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
\&
\& EC_POINT *EC_POINT_new(const EC_GROUP *group);
\& void EC_POINT_free(EC_POINT *point);
\& void EC_POINT_clear_free(EC_POINT *point);
\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
\&        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
\&        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, int y_bit, BN_CTX *ctx);
\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
\&        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
\&        const BIGNUM *x, int y_bit, BN_CTX *ctx);
\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
\&        point_conversion_form_t form,
\&        unsigned char *buf, size_t len, BN_CTX *ctx);
\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
\&        const unsigned char *buf, size_t len, BN_CTX *ctx);
\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
\&        point_conversion_form_t form, BIGNUM *, BN_CTX *);
\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
\&        EC_POINT *, BN_CTX *);
\& char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
\&        point_conversion_form_t form, BN_CTX *);
\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
\&        EC_POINT *, BN_CTX *);
\&
\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
\&
\& int EC_GROUP_get_basis_type(const EC_GROUP *);
\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
\&        unsigned int *k2, unsigned int *k3);
\& EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
\& int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
\& #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
\& #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
\& #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \e
\&                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
\& #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \e
\&                (unsigned char *)(x))
\& int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
\& int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
\&
\& EC_KEY *EC_KEY_new(void);
\& int EC_KEY_get_flags(const EC_KEY *key);
\& void EC_KEY_set_flags(EC_KEY *key, int flags);
\& void EC_KEY_clear_flags(EC_KEY *key, int flags);
\& EC_KEY *EC_KEY_new_by_curve_name(int nid);
\& void EC_KEY_free(EC_KEY *key);
\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
\& EC_KEY *EC_KEY_dup(const EC_KEY *src);
\& int EC_KEY_up_ref(EC_KEY *key);
\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
\& unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
\& void *EC_KEY_get_key_method_data(EC_KEY *key, 
\&        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
\& void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
\&        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
\& int EC_KEY_generate_key(EC_KEY *key);
\& int EC_KEY_check_key(const EC_KEY *key);
\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
\&
\& EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
\& int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
\&
\& EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
\& int i2d_ECParameters(EC_KEY *key, unsigned char **out);
\&
\& EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
\& int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
\& int    ECParameters_print(BIO *bp, const EC_KEY *key);
\& int    EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
\& int    ECParameters_print_fp(FILE *fp, const EC_KEY *key);
\& int    EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
\& EC_KEY *ECParameters_dup(EC_KEY *key);
\& #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \e
\&        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \e
\&                                EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This library provides an extensive set of functions for performing operations on elliptic curves over finite fields.
In general an elliptic curve is one with an equation of the form:
.PP
y^2 = x^3 + ax + b
.PP
An \fB\s-1EC_GROUP\s0\fR structure is used to represent the definition of an elliptic curve. Points on a curve are stored using an
\&\fB\s-1EC_POINT\s0\fR structure. An \fB\s-1EC_KEY\s0\fR is used to hold a private/public key pair, where a private key is simply a \s-1BIGNUM\s0 and a
public key is a point on a curve (represented by an \fB\s-1EC_POINT\s0\fR).
.PP
The library contains a number of alternative implementations of the different functions. Each implementation is optimised
for different scenarios. No matter which implementation is being used, the interface remains the same. The library
handles calling the correct implementation when an interface function is invoked. An implementation is represented by
an \fB\s-1EC_METHOD\s0\fR structure.
.PP
The creation and destruction of \fB\s-1EC_GROUP\s0\fR objects is described in \fIEC_GROUP_new\fR\|(3). Functions for
manipulating \fB\s-1EC_GROUP\s0\fR objects are described in \fIEC_GROUP_copy\fR\|(3).
.PP
Functions for creating, destroying and manipulating \fB\s-1EC_POINT\s0\fR objects are explained in \fIEC_POINT_new\fR\|(3),
whilst functions for performing mathematical operations and tests on \fBEC_POINTs\fR are coverd in \fIEC_POINT_add\fR\|(3).
.PP
For working with private and public keys refer to \fIEC_KEY_new\fR\|(3). Implementations are covered in
\&\fIEC_GFp_simple_method\fR\|(3).
.PP
For information on encoding and decoding curve parameters to and from \s-1ASN1\s0 see \fId2i_ECPKParameters\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































































































































































































































































































































































































































































Changes to jni/libressl/man/engine.3.





1































2
3
4
5
6
7
8
9
10
11
12


13
14

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

37
38
39
40
41
42
43

44
45
46
47
48
49
50
51
52
53

54

55



56



57
58
59
60


61
62

























63
64


65
66
67
68


69
70
71


72
73
74
75
76
77


78
79
80
81


82
83
84
85
86
87
88
89


90
91



92
93


94
95
96
97
98


99
100
101



102

103



104



105
106





107
108
109


110
111




112
113


114
115


116
117

118
119


120
121




122
123


124
125
126
127
128
129

130
131
132

133



134



135

136



137



138

139
140

141
142
143


144

145



146
147
148

149
150

151
152


153

154
155


156


157
158
159
160

161
162
163
164
165



166


167



168
169

170
171
172
173
174
175
176

177
178
179



180




181






182


183
184
185


186
187
188
189

190
191
192
193


194
195


196
197
198
199
200


201
202
203


204
205
206


207
208
209



210
211




212


213




214






215




216


217
218




219
220
221

222
223



224
225
226
227

228
229
230
231
232
233

234
235

236

237
238

239



240
241



242



243
244
245
246


247
248

249
250
251

252

253
254
255
256
257
258
259
260
261
262
263
264
265

266
267



268
269
270
271
272
273
274
275
276


277












278
279

280
281
282
283

284
285





286
287





288

289


290

291
292
293
294
295
296
297
298
299



















300



301
302

303
304

305

306
307

308
309
310

311




312
313
314
315
316
317
318

319





320
321






322
323
324

325


326

327
328
329
330
331
332
333
334

335
336
337
338
339
340
341



342
343
344













345
346
347

348
349
350
351

352

353
354
355
356
357
358
359


360
361
362

363
364








365

366
367
368
369
370
371
372

373
374

375
376
377


378
379
380
381
382
383
384
385
386









387








388

389
390


391



392

393

394
395



396
397
398
399
400
401
402
403

404






405

406
407

408

409
410
411
412
413
414
415
416

417

418
419

420
421
422








423

424
425



426
427
428
429






430
431
432
433

434
435
436
437
438
439
440
441
442
443
444

445

446





447
448


449










450


451
452


453
454
455


456
457




458

459

460

461

462
463
464

465
466

467

468

469

470
471

472
473

474
475





476


477




478



479

480





481
482
483
484



485
486
487
488

489

490
491
492
493

494
495
496
497
498
499
500
501
502
503
504
505
506
507


508




509
510
511

512






513
514








515
516
517
518




519
520

521
522

523



524
525
526



527
528
529
530



531








532



533
534
535
536






537


538
539



540
541
542
543
544
545









546









547





















548


549


550
551



552



553
554
555
556
557








558








559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574

575
576

577
578
579
580

581
582


583
584

585

586
587
588


589
590
591
592
593
594


595
596



597



598

599
600
601
602
603
604
605

606
607
608
609
610
611
612
613
614
615
616
617
618
619




620

621


622



623
624


625
626
627
628
629
630
631








632
633
634
635
636
637
638
639
640


641

642


643
644

645

646

647
648


649
650

651
652
653
654
655
656
657
658
659
660


661
662


663
664
665


666

667
668

669


670

671
672
673
674
675
676
677
678
679
680
681
682
683



684





.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)































.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1


..
.de Ve \" End verbatim text

.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\

.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}

.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"

.\" Avoid warning from groff about undefined register 'F'.

.de IX



..



.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{


.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

























..
.        if !\nF==2 \{


.            nr % 0
.            nr F 2
.        \}
.    \}


.\}
.rr rF
.\" ========================================================================


.\"
.IX Title "engine 3"
.TH engine 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l


.nh
.SH "NAME"
ENGINE_add, ENGINE_by_id, ENGINE_finish, ENGINE_get_first,
ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev,


ENGINE_init, ENGINE_load_builtin_engines, ENGINE_remove
\&\- ENGINE cryptographic module support
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/engine.h>
\&
\& ENGINE *ENGINE_get_first(void);


\& ENGINE *ENGINE_get_last(void);
\& ENGINE *ENGINE_get_next(ENGINE *e);



\& ENGINE *ENGINE_get_prev(ENGINE *e);
\&


\& int ENGINE_add(ENGINE *e);
\& int ENGINE_remove(ENGINE *e);
\&
\& ENGINE *ENGINE_by_id(const char *id);
\&


\& int ENGINE_init(ENGINE *e);
\& int ENGINE_finish(ENGINE *e);
\&



\& void ENGINE_load_openssl(void);

\& void ENGINE_load_dynamic(void);



\& void ENGINE_load_cryptodev(void);



\& void ENGINE_load_builtin_engines(void);
\&





\& void ENGINE_cleanup(void);
\&
\& ENGINE *ENGINE_get_default_RSA(void);


\& ENGINE *ENGINE_get_default_DSA(void);
\& ENGINE *ENGINE_get_default_ECDH(void);




\& ENGINE *ENGINE_get_default_ECDSA(void);
\& ENGINE *ENGINE_get_default_DH(void);


\& ENGINE *ENGINE_get_default_RAND(void);
\& ENGINE *ENGINE_get_cipher_engine(int nid);


\& ENGINE *ENGINE_get_digest_engine(int nid);
\&

\& int ENGINE_set_default_RSA(ENGINE *e);
\& int ENGINE_set_default_DSA(ENGINE *e);


\& int ENGINE_set_default_ECDH(ENGINE *e);
\& int ENGINE_set_default_ECDSA(ENGINE *e);




\& int ENGINE_set_default_DH(ENGINE *e);
\& int ENGINE_set_default_RAND(ENGINE *e);


\& int ENGINE_set_default_ciphers(ENGINE *e);
\& int ENGINE_set_default_digests(ENGINE *e);
\& int ENGINE_set_default_string(ENGINE *e, const char *list);
\&
\& int ENGINE_set_default(ENGINE *e, unsigned int flags);
\&

\& unsigned int ENGINE_get_table_flags(void);
\& void ENGINE_set_table_flags(unsigned int flags);
\&

\& int ENGINE_register_RSA(ENGINE *e);



\& void ENGINE_unregister_RSA(ENGINE *e);



\& void ENGINE_register_all_RSA(void);

\& int ENGINE_register_DSA(ENGINE *e);



\& void ENGINE_unregister_DSA(ENGINE *e);



\& void ENGINE_register_all_DSA(void);

\& int ENGINE_register_ECDH(ENGINE *e);
\& void ENGINE_unregister_ECDH(ENGINE *e);

\& void ENGINE_register_all_ECDH(void);
\& int ENGINE_register_ECDSA(ENGINE *e);
\& void ENGINE_unregister_ECDSA(ENGINE *e);


\& void ENGINE_register_all_ECDSA(void);

\& int ENGINE_register_DH(ENGINE *e);



\& void ENGINE_unregister_DH(ENGINE *e);
\& void ENGINE_register_all_DH(void);
\& int ENGINE_register_RAND(ENGINE *e);

\& void ENGINE_unregister_RAND(ENGINE *e);
\& void ENGINE_register_all_RAND(void);

\& int ENGINE_register_STORE(ENGINE *e);
\& void ENGINE_unregister_STORE(ENGINE *e);


\& void ENGINE_register_all_STORE(void);

\& int ENGINE_register_ciphers(ENGINE *e);
\& void ENGINE_unregister_ciphers(ENGINE *e);


\& void ENGINE_register_all_ciphers(void);


\& int ENGINE_register_digests(ENGINE *e);
\& void ENGINE_unregister_digests(ENGINE *e);
\& void ENGINE_register_all_digests(void);
\& int ENGINE_register_complete(ENGINE *e);

\& int ENGINE_register_all_complete(void);
\&
\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,



\&         long i, void *p, void (*f)(void), int cmd_optional);


\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,



\&         int cmd_optional);
\&

\& int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
\& void *ENGINE_get_ex_data(const ENGINE *e, int idx);
\&
\& int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
\&         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
\&
\& ENGINE *ENGINE_new(void);

\& int ENGINE_free(ENGINE *e);
\& int ENGINE_up_ref(ENGINE *e);
\&



\& int ENGINE_set_id(ENGINE *e, const char *id);




\& int ENGINE_set_name(ENGINE *e, const char *name);






\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);


\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
\& int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
\& int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);


\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
\& int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *rand_meth);
\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);

\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);


\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);


\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
\& int ENGINE_set_flags(ENGINE *e, int flags);
\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
\&
\& const char *ENGINE_get_id(const ENGINE *e);


\& const char *ENGINE_get_name(const ENGINE *e);
\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);


\& const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
\& const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e);


\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
\& const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);



\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);




\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);


\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);




\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);






\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);




\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);


\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);




\& int ENGINE_get_flags(const ENGINE *e);
\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
\&

\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
\&     UI_METHOD *ui_method, void *callback_data);



\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
\&     UI_METHOD *ui_method, void *callback_data);
\&
\& void ENGINE_add_conf_module(void);

.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions create, manipulate, and use cryptographic modules in the
form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for
implementations of cryptographic algorithms, and support a

reference-counted mechanism to allow them to be dynamically loaded in and
out of the running application.

.PP

The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR
implementation includes the following abstractions;

.PP



.Vb 6
\& RSA_METHOD \- for providing alternative RSA implementations



\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,



\&       STORE_METHOD \- similarly for other OpenSSL APIs
\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq)
\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq)
\& key\-loading \- loading public and/or private EVP_PKEY keys


.Ve
.SS "Reference counting and handles"

.IX Subsection "Reference counting and handles"
Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be
treated as handles \- ie. not only as pointers, but also as references to

the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when

making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and
released) independently.
.PP
\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in
which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is
inherently a \fBstructural\fR reference \- a structural reference is required
to use the pointer value at all, as this kind of reference is a guarantee
that the structure can not be deallocated until the reference is released.
.PP
However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is
initialised and able to use any of its cryptographic
implementations. Indeed it's quite possible that most ENGINEs will not
initialise at all in typical environments, as ENGINEs are typically used to

support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a
\&\fBfunctional\fR reference. This kind of reference can be considered a



specialised form of structural reference, because each functional reference
implicitly contains a structural reference as well \- however to avoid
difficult-to-find programming bugs, it is recommended to treat the two
kinds of reference independently. If you have a functional reference to an
\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to
perform cryptographic operations and will remain uninitialised
until after you have released your reference.
.PP
\&\fIStructural references\fR


.PP












This basic type of reference is used for instantiating new ENGINEs,
iterating across OpenSSL's internal linked-list of loaded

ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural
reference is sufficient if you only need to query or manipulate the data of
an \s-1ENGINE\s0 implementation rather than use its functionality.
.PP

The \fIENGINE_new()\fR function returns a structural reference to a new (empty)
\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural





references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR,
\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be





released by a corresponding to call to the \fIENGINE_free()\fR function \- the

\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when


the last structural reference is released.

.PP
It should also be noted that many \s-1ENGINE API\s0 function calls that accept a
structural reference will internally obtain another reference \- typically
this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after
the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to
OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success,
then OpenSSL will have stored a new structural reference internally so the
caller is still responsible for freeing their own reference with
\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some



















functions will automatically release the structural reference passed to it



if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and
\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal

\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or
previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the

list, but in either case the structural reference passed to the function is

released on behalf of the caller.
.PP

To clarify a particular function's handling of references, one should
always consult that function's documentation \*(L"man\*(R" page, or failing that
the openssl/engine.h header file includes some hints.

.PP




\&\fIFunctional references\fR
.PP
As mentioned, functional references exist when the cryptographic
functionality of an \s-1ENGINE\s0 is required to be available. A functional
reference can be obtained in one of two ways; from an existing structural
reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default
operational \s-1ENGINE\s0 for a given cryptographic purpose.

.PP





To obtain a functional reference from an existing structural reference,
call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not






already operational and couldn't be successfully initialised (eg. lack of
system drivers, no special hardware attached, etc), otherwise it will
return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will

have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional


references are released by calling \fIENGINE_finish()\fR (which removes the

implicit structural reference as well).
.PP
The second way to get a functional reference is by asking OpenSSL for a
default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR,
\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next
section, though they are not usually required by application programmers as
they are used automatically when creating and using the relevant
algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc.

.SS "Default implementations"
.IX Subsection "Default implementations"
For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table
of state to control which implementations are available for a given
abstraction and which should be used by default. These implementations are
registered in the tables and indexed by an 'nid' value, because
abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct



algorithms and modes, and ENGINEs can support arbitrarily many of them.
In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one
\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid'













index.
.PP
When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg.

when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the
\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a
functional reference to an initialised \s-1ENGINE\s0 whose implementation should be
used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller

will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the

conventional software implementation. In the latter case, OpenSSL will from
then on behave the way it used to before the \s-1ENGINE API\s0 existed.
.PP
Each state table has a flag to note whether it has processed this
\&\*(L"get_default\*(R" query since the table was last modified, because to process
this question it must iterate across all the registered ENGINEs in the
table trying to initialise each of them in turn, in case one of them is


operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will
also cache another reference to speed up processing future queries (without
needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0

response if no \s-1ENGINE\s0 was available so that future queries won't repeat the
same iteration unless the state table changes. This behaviour can also be








changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using

\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place,
instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the
\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg.
\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except
that it also sets the state table's cached response for the \*(L"get_default\*(R"
query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are
indexed by 'nid', these flags and cached-responses are distinct for each 'nid'

value.
.SS "Application requirements"

.IX Subsection "Application requirements"
This section will explain the basic things an application programmer should
support to make the most useful elements of the \s-1ENGINE\s0 functionality


available to the user. The first thing to consider is whether the
programmer wishes to make alternative \s-1ENGINE\s0 modules available to the
application and user. OpenSSL maintains an internal linked list of
\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is
empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and
it uses static linking against openssl, then the resulting application
binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first
consideration is whether any/all available \s-1ENGINE\s0 implementations should be
made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R"









functions, eg.








.PP

.Vb 2
\& /* Make ALL ENGINE implementations bundled with OpenSSL available */


\& ENGINE_load_builtin_engines();



.Ve

.PP

Note that ENGINE_load_dynamic(void) is a placeholder and does not enable
dynamic engine loading support.



.PP
Having called any of these functions, \s-1ENGINE\s0 objects would have been
dynamically allocated and populated with these implementations and linked
into OpenSSL's internal linked list. At this point it is important to
mention an important \s-1API\s0 function;
.PP
.Vb 1
\& void ENGINE_cleanup(void);

.Ve






.PP

If no \s-1ENGINE API\s0 functions are called at all in an application, then there
are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality,

however if any ENGINEs are loaded, even if they are never registered or

used, it is necessary to use the \fIENGINE_cleanup()\fR function to
correspondingly cleanup before program exit, if the caller wishes to avoid
memory leaks. This mechanism uses an internal callback registration table
so that any \s-1ENGINE API\s0 functionality that knows it requires cleanup can
register its cleanup details to be called during \fIENGINE_cleanup()\fR. This
approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality
at all that your program uses, yet doesn't automatically create linker
dependencies to all possible \s-1ENGINE\s0 functionality \- only the cleanup

callbacks required by the functionality you do use will be required by the

linker.
.PP

The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
the program and loaded into memory at run-time) does not mean they are
\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour








is something for the application to control. Some applications

will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used
if any is to be used at all. Others may prefer to load all support and have



OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to
successfully initialise \- ie. to assume that this corresponds to
acceleration hardware attached to the machine or some such thing. There are
probably numerous other ways in which applications may prefer to handle






things, so we will simply illustrate the consequences as they apply to a
couple of simple cases and leave developers to consider these and the
source code to openssl's builtin utilities as guides.
.PP

\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR
.PP
Here we'll assume an application has been configured by its user or admin
to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of
OpenSSL the application was compiled with. If it is available, it should be
used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operation, otherwise
OpenSSL should use its builtin software as per usual. The following code
illustrates how to approach this;
.PP
.Vb 10
\& ENGINE *e;

\& const char *engine_id = "ACME";

\& ENGINE_load_builtin_engines();





\& e = ENGINE_by_id(engine_id);
\& if (!e)


\&     /* the engine isn\*(Aqt available */










\&     return;


\& if (!ENGINE_init(e)) {
\&     /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */


\&     ENGINE_free(e);
\&     return;
\& }


\& if (!ENGINE_set_default_RSA(e))
\&     /* This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous




\&      * statement suggests it did. */

\&     abort();

\& ENGINE_set_default_DSA(e);

\& ENGINE_set_default_ciphers(e);

\& /* Release the functional reference from ENGINE_init() */
\& ENGINE_finish(e);
\& /* Release the structural reference from ENGINE_by_id() */

\& ENGINE_free(e);
.Ve

.PP

\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR

.PP

Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations
bundled with OpenSSL, such that for any cryptographic algorithm required by

OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialise,
it should be used. The following code illustrates how this can work;

.PP
.Vb 4





\& /* Load all bundled ENGINEs into memory and make them visible */


\& ENGINE_load_builtin_engines();




\& /* Register all of them for every algorithm they collectively implement */



\& ENGINE_register_all_complete();

.Ve





.PP
That's all that's required. Eg. the next time OpenSSL tries to set up an
\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to
\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the



default for \s-1RSA\s0 use from then on.
.SS "Advanced configuration support"
.IX Subsection "Advanced configuration support"
There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each

\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration

\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on
OpenSSL. This mechanism is entirely based on the use of name-value pairs
and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if
applications want to provide a transparent way for users to provide

arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also
possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0
implementations for the names, descriptions, and input flags of their
available \*(L"control commands\*(R", providing a more flexible configuration
scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she
is using (in the case of specialised hardware, this goes without saying)
then applications may not need to concern themselves with discovering the
supported control commands and simply prefer to pass settings into ENGINEs
exactly as they are provided by the user.
.PP
Before illustrating how control commands work, it is worth mentioning what
they are typically used for. Broadly speaking there are two uses for
control commands; the first is to provide the necessary details to the
implementation (which may know nothing at all specific to the host system)


so that it can be initialised for use. This could include the path to any




driver or config files it needs to load, required network addresses,
smart-card identifiers, passwords to initialise protected devices,
logging information, etc etc. This class of commands typically needs to be

passed to an \s-1ENGINE \s0\fBbefore\fR attempting to initialise it, ie. before






calling \fIENGINE_init()\fR. The other class of commands consist of settings or
operations that tweak certain behaviour or cause certain operations to take








place, and these commands may work either before or after \fIENGINE_init()\fR, or
in some cases both. \s-1ENGINE\s0 implementations should provide indications of
this in the descriptions attached to builtin control commands and/or in
external product documentation.




.PP
\&\fIIssuing control commands to an \s-1ENGINE\s0\fR

.PP
Let's illustrate by example; a function for which the caller supplies the

name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before



initialisation, and another table for use after initialisation. Note that
the string-pairs used for control commands consist of a command \*(L"name\*(R"
followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some



cases but the name can not. This function should initialise the \s-1ENGINE
\&\s0(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
and set it as the default for everything except \s-1RAND\s0 and then return a
boolean success or failure.



.PP








.Vb 6



\& int
\& generic_load_engine_fn(const char *engine_id,
\&     const char **pre_cmds, int pre_num,
\&     const char **post_cmds, int post_num)






\& {


\&        ENGINE *e = ENGINE_by_id(engine_id);
\&



\&        if (!e)
\&                return 0;
\&        while (pre_num\-\-) {
\&                if (!ENGINE_ctrl_cmd_string(e,
\&                    pre_cmds[0], pre_cmds[1], 0)) {
\&                        fprintf(stderr,









\&                            "Failed command (%s \- %s:%s)\en",









\&                            engine_id, pre_cmds[0],





















\&                            pre_cmds[1] ? pre_cmds[1] : "(NULL)");


\&                        ENGINE_free(e);


\&                        return 0;
\&                }



\&                pre_cmds += 2;



\&        }
\&        if (!ENGINE_init(e)) {
\&                fprintf(stderr, "Failed initialisation\en");
\&                ENGINE_free(e);
\&                return 0;








\&        }








\&        /*
\&         * ENGINE_init() returned a functional reference,
\&         * so free the structural reference from
\&         * ENGINE_by_id().
\&         */
\&        ENGINE_free(e);
\&        while (post_num\-\-) {
\&                if (!ENGINE_ctrl_cmd_string(e,
\&                    post_cmds[0], post_cmds[1], 0)) {
\&                        fprintf(stderr,
\&                            "Failed command (%s \- %s:%s)\en",
\&                            engine_id, post_cmds[0],
\&                            post_cmds[1] ? post_cmds[1] : "(NULL)");
\&                        ENGINE_finish(e);
\&                        return 0;
\&                }

\&                post_cmds += 2;
\&        }

\&        ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
\&        /* Success */
\&        return 1;
\&}

.Ve
.PP


Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can
relax the semantics of the function \- if set non-zero it will only return

failure if the \s-1ENGINE\s0 supported the given command name but failed while

executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply
return success without doing anything. In this case we assume the user is
only supplying commands specific to the given \s-1ENGINE\s0 so we set this to


\&\s-1FALSE.\s0
.PP
\&\fIDiscovering supported control commands\fR
.PP
It is possible to discover at run-time the names, numerical-ids, descriptions
and input parameters of the control commands supported by an \s-1ENGINE\s0 using a


structural reference. Note that some control commands are defined by OpenSSL
itself and it will intercept and handle these control commands on behalf of the



\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.



openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands

implemented by ENGINEs should be numbered from. Any command value lower than
this symbol is considered a \*(L"generic\*(R" command is handled directly by the
OpenSSL core routines.
.PP
It is using these \*(L"core\*(R" control commands that one can discover the control
commands implemented by a given \s-1ENGINE,\s0 specifically the commands;
.PP

.Vb 9
\& #define ENGINE_HAS_CTRL_FUNCTION               10
\& #define ENGINE_CTRL_GET_FIRST_CMD_TYPE         11
\& #define ENGINE_CTRL_GET_NEXT_CMD_TYPE          12
\& #define ENGINE_CTRL_GET_CMD_FROM_NAME          13
\& #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD      14
\& #define ENGINE_CTRL_GET_NAME_FROM_CMD          15
\& #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD      16
\& #define ENGINE_CTRL_GET_DESC_FROM_CMD          17
\& #define ENGINE_CTRL_GET_CMD_FLAGS              18
.Ve
.PP
Whilst these commands are automatically processed by the OpenSSL framework code,
they use various properties exposed by each \s-1ENGINE\s0 to process these




queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves;

it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in


the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions.



If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will
simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR


handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to
reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the
OpenSSL framework code will work with the following rules;
.PP
.Vb 9
\& if no ctrl() handler supplied;
\&     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),








\&     all other commands fail.
\& if a ctrl() handler was supplied but no array of control commands;
\&     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
\&     all other commands fail.
\& if a ctrl() handler and array of control commands was supplied;
\&     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
\&     all other commands proceed processing ...
.Ve
.PP


If the \s-1ENGINE\s0's array of control commands is empty then all other commands will

fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of


the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the
identifier of a command supported by the \s-1ENGINE\s0 and returns the next command

identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string

name for a command and returns the corresponding identifier or fails if no such

command name exists, and the remaining commands take a command identifier and
return properties of the corresponding commands. All except


\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description,
or populate a supplied character buffer with a copy of the command name or

description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following
possible values;
.PP
.Vb 4
\& #define ENGINE_CMD_FLAG_NUMERIC                (unsigned int)0x0001
\& #define ENGINE_CMD_FLAG_STRING                 (unsigned int)0x0002
\& #define ENGINE_CMD_FLAG_NO_INPUT               (unsigned int)0x0004
\& #define ENGINE_CMD_FLAG_INTERNAL               (unsigned int)0x0008
.Ve
.PP


If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely
informational to the caller \- this flag will prevent the command being usable


for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR.
\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration
by applications, administrations, users, etc. These can support arbitrary


operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control

commands data of any arbitrary type. These commands are supported in the
discovery mechanisms simply allow applications to determine if an \s-1ENGINE\s0

supports certain specific commands it might want to use (eg. application \*(L"foo\*(R"


might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R" \-\s0

and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific
extension).
.SS "Future developments"
.IX Subsection "Future developments"
The \s-1ENGINE API\s0 and internal architecture is currently being reviewed. Slated for
possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R"
ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0
implementations to be provided independently of OpenSSL libraries and/or
OpenSSL-based applications, and would also remove any requirement for
applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to shared-library
implementations.
.SH "SEE ALSO"
.IX Header "SEE ALSO"



\&\fIrsa\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrand\fR\|(3)
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
|
|
|
|
|
|
>
>
|
<
>
|
<
|
<
<
<
<
<
|
|
|
|
|
|
|
|
|
|
|
|
<
|
>
|
|
|
|
|
|
<
>
|
|
|
|
|
|
|
|
<
|
>
|
>
|
>
>
>
|
>
>
>
|
<
<
|
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
|
<
|
|
>
>
|
|
<
>
>
|
|
<
<
<
<
>
>
|
|
|
|
>
>
|
|
|
<
|
|
<
|
>
>
|
|
>
>
>
|
<
>
>
|
|
<
|
<
>
>
|
|
<
>
>
>
|
>
|
>
>
>
|
>
>
>
|
<
>
>
>
>
>
|
<
|
>
>
|
|
>
>
>
>
|
|
>
>
|
|
>
>
|
<
>
|
|
>
>
|
|
>
>
>
>
|
|
>
>
|
|
<
<
<
<
>
|
|
<
>
|
>
>
>
|
>
>
>
|
>
|
>
>
>
|
>
>
>
|
>
|
|
>
|
|
|
>
>
|
>
|
>
>
>
|
<
|
>
|
|
>
|
|
>
>
|
>
|
|
>
>
|
>
>
|
|
|
|
>
|
<
|
|
|
>
>
>
|
>
>
|
>
>
>
|
<
>
|
|
<
|
|
<
|
>
|
|
<
>
>
>
|
>
>
>
>
|
>
>
>
>
>
>
|
>
>
|
|
|
>
>
|
|
|
<
>
|
|
|
|
>
>
|
|
>
>
|
|
|
<
|
>
>
|
|
|
>
>
|
|
|
>
>
|
|
|
>
>
>
|
|
>
>
>
>
|
>
>
|
>
>
>
>
|
>
>
>
>
>
>
|
>
>
>
>
|
>
>
|
|
>
>
>
>
|
|
<
>
|
<
>
>
>
|
<
<
|
>
|
<
|
|
|
<
>
|
|
>
|
>
|
<
>
|
>
>
>
|
|
>
>
>
|
>
>
>
|
<
<
<
>
>
|
<
>
|
|
<
>
|
>
|
<
|
|
|
|
<
<
|
|
<
|
|
>
|
|
>
>
>
|
<
|
|
|
|
|
|
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
|
|
|
|
>
|
|
>
>
>
>
>
|
|
>
>
>
>
>
|
>
|
>
>
|
>
|
|
<
<
|
<
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
|
<
>
|
|
>
|
>
|
|
>
|
<
|
>
|
>
>
>
>
|
|
|
|
<
<
|
>
|
>
>
>
>
>
|
|
>
>
>
>
>
>
|
<
|
>
|
>
>
|
>
|
|
|
|
<
<
|
<
>
|
<
|
<
<
<
<
>
>
>
|
<
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
>
|
|
|
<
>
|
>
|
<
|
<
<
<
<
>
>
|
|
<
>
|
<
>
>
>
>
>
>
>
>
|
>
|
<
|
|
<
<
|
>
|
<
>
|
<
|
>
>
|
|
|
|
|
<
|
<
|
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
>
|
|
>
>
|
>
>
>
|
>
|
>
|
<
>
>
>
|
|
|
<
<
<
|
|
>
|
>
>
>
>
>
>
|
>
|
<
>
|
>
|
|
|
|
|
|
|
|
>
|
>
|
|
>
|
<
<
>
>
>
>
>
>
>
>
|
>
|
|
>
>
>
|
<
<
|
>
>
>
>
>
>
|
|
|
|
>
|
<
|
|
|
|
<
|
|
|
|
>
|
>
|
>
>
>
>
>
|
|
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
|
|
>
>
|
<
<
>
>
|
<
>
>
>
>
|
>
|
>
|
>
|
>
|
|
<
>
|
<
>
|
>
|
>
|
>
|
<
>
|
<
>
|
|
>
>
>
>
>
|
>
>
|
>
>
>
>
|
>
>
>
|
>
|
>
>
>
>
>
|
<
|
|
>
>
>
|
<
<
<
>
|
>
|
|
|
|
>
|
<
|
|
|
<
<
<
|
|
<
<
<
|
>
>
|
>
>
>
>
|
|
|
>
|
>
>
>
>
>
>
|
<
>
>
>
>
>
>
>
>
|
|
<
|
>
>
>
>
|
<
>
|
<
>
|
>
>
>
|
<
<
>
>
>
|
<
<
<
>
>
>
|
>
>
>
>
>
>
>
>
|
>
>
>
|
|
|
|
>
>
>
>
>
>
|
>
>
|
<
>
>
>
|
<
<
|
<
<
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
|
>
>
|
<
>
>
>
|
>
>
>
|
|
<
<
|
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
>
|
<
>
|
|
|
<
>
|
|
>
>
|
|
>
|
>
|
|
|
>
>
|
|
|
|
|
|
>
>
|
|
>
>
>
|
>
>
>
|
>
|
|
|
|
|
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>
|
>
|
>
>
|
>
>
>
|
|
>
>
|
<
<
<
<
<
<
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
>
>
|
>
|
>
>
|
|
>
|
>
|
>
|
|
>
>
|
|
>
|
|
|
<
|
|
|
|
|
|
>
>
|
|
>
>
|
|
|
>
>
|
>
|
|
>
|
>
>
|
>
|

<
<
<
<
<
<
<
<
<
|
|
>
>
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

52
53

54





55
56
57
58
59
60
61
62
63
64
65
66

67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
83

84
85
86
87
88
89
90
91
92
93
94
95
96


97
98
99
100

101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

127
128
129

130
131
132
133
134
135

136
137
138
139




140
141
142
143
144
145
146
147
148
149
150

151
152

153
154
155
156
157
158
159
160
161

162
163
164
165

166

167
168
169
170

171
172
173
174
175
176
177
178
179
180
181
182
183
184

185
186
187
188
189
190

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225




226
227
228

229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264

265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

289
290
291
292
293
294
295
296
297
298
299
300
301
302

303
304
305

306
307

308
309
310
311

312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337

338
339
340
341
342
343
344
345
346
347
348
349
350
351

352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407

408
409

410
411
412
413


414
415
416

417
418
419

420
421
422
423
424
425
426

427
428
429
430
431
432
433
434
435
436
437
438
439
440
441



442
443
444

445
446
447

448
449
450
451

452
453
454
455


456
457

458
459
460
461
462
463
464
465
466

467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489

490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518


519




520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543

544
545
546
547
548
549
550
551
552
553

554
555
556
557
558
559
560
561
562
563
564


565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581

582
583
584
585
586
587
588
589
590
591
592


593

594
595

596




597
598
599
600

601
602
603
604
605
606
607
608
609
610
611
612
613
614
615

616
617
618
619
620

621
622
623
624

625




626
627
628
629

630
631

632
633
634
635
636
637
638
639
640
641
642

643
644


645
646
647

648
649

650
651
652
653
654
655
656
657

658

659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692

693
694
695
696
697
698



699
700
701
702
703
704
705
706
707
708
709
710
711

712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729


730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745


746
747
748
749
750
751
752
753
754
755
756
757
758

759
760
761
762

763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798


799
800
801

802
803
804
805
806
807
808
809
810
811
812
813
814
815

816
817

818
819
820
821
822
823
824
825

826
827

828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856

857
858
859
860
861
862



863
864
865
866
867
868
869
870
871

872
873
874



875
876



877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896

897
898
899
900
901
902
903
904
905
906

907
908
909
910
911
912

913
914

915
916
917
918
919
920


921
922
923
924



925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954

955
956
957
958


959


960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007

1008
1009
1010
1011
1012
1013
1014
1015
1016


1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049

1050
1051

1052
1053
1054
1055

1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129






1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170

1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199









1200
1201
1202
1203
1204
1205
.\"	$OpenBSD: engine.3,v 1.10 2017/01/06 20:35:23 schwarze Exp $
.\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\"
.\" This file was written by Geoff Thorpe <geoff@openssl.org>.
.\" Copyright (c) 2002, 2004, 2007, 2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: January 6 2017 $
.Dt ENGINE 3

.Os





.Sh NAME
.Nm ENGINE_add ,
.Nm ENGINE_by_id ,
.Nm ENGINE_finish ,
.Nm ENGINE_get_first ,
.Nm ENGINE_get_last ,
.Nm ENGINE_get_next ,
.Nm ENGINE_get_prev ,
.Nm ENGINE_init ,
.Nm ENGINE_load_builtin_engines ,
.Nm ENGINE_remove
.Nd ENGINE cryptographic module support

.Sh SYNOPSIS
.In openssl/engine.h
.Ft ENGINE *
.Fn ENGINE_get_first void
.Ft ENGINE *
.Fn ENGINE_get_last void
.Ft ENGINE *
.Fo ENGINE_get_next

.Fa "ENGINE *e"
.Fc
.Ft ENGINE *
.Fo ENGINE_get_prev
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_add
.Fa "ENGINE *e"

.Fc
.Ft int
.Fo ENGINE_remove
.Fa "ENGINE *e"
.Fc
.Ft ENGINE *
.Fo ENGINE_by_id
.Fa "const char *id"
.Fc
.Ft int
.Fo ENGINE_init
.Fa "ENGINE *e"
.Fc


.Ft int
.Fo ENGINE_finish
.Fa "ENGINE *e"
.Fc

.Ft void
.Fn ENGINE_load_openssl void
.Ft void
.Fn ENGINE_load_dynamic void
.Ft void
.Fn ENGINE_load_cryptodev void
.Ft void
.Fn ENGINE_load_builtin_engines void
.Ft void
.Fn ENGINE_cleanup void
.Ft ENGINE *
.Fn ENGINE_get_default_RSA void
.Ft ENGINE *
.Fn ENGINE_get_default_DSA void
.Ft ENGINE *
.Fn ENGINE_get_default_ECDH void
.Ft ENGINE *
.Fn ENGINE_get_default_ECDSA void
.Ft ENGINE *
.Fn ENGINE_get_default_DH void
.Ft ENGINE *
.Fn ENGINE_get_default_RAND void
.Ft ENGINE *
.Fo ENGINE_get_cipher_engine
.Fa "int nid"
.Fc

.Ft ENGINE *
.Fo ENGINE_get_digest_engine
.Fa "int nid"

.Fc
.Ft int
.Fo ENGINE_set_default_RSA
.Fa "ENGINE *e"
.Fc
.Ft int

.Fo ENGINE_set_default_DSA
.Fa "ENGINE *e"
.Fc
.Ft int




.Fo ENGINE_set_default_ECDH
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_ECDSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_DH
.Fa "ENGINE *e"
.Fc

.Ft int
.Fo ENGINE_set_default_RAND

.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_ciphers
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_digests
.Fa "ENGINE *e"

.Fc
.Ft int
.Fo ENGINE_set_default_string
.Fa "ENGINE *e"

.Fa "const char *list"

.Fc
.Ft int
.Fo ENGINE_set_default
.Fa "ENGINE *e"

.Fa "unsigned int flags"
.Fc
.Ft unsigned int
.Fn ENGINE_get_table_flags void
.Ft void
.Fo ENGINE_set_table_flags
.Fa "unsigned int flags"
.Fc
.Ft int
.Fo ENGINE_register_RSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_RSA

.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_RSA void
.Ft int
.Fo ENGINE_register_DSA

.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_DSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_DSA void
.Ft int
.Fo ENGINE_register_ECDH
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_ECDH
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_ECDH void

.Ft int
.Fo ENGINE_register_ECDSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_ECDSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_ECDSA void
.Ft int
.Fo ENGINE_register_DH
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_DH
.Fa "ENGINE *e"




.Fc
.Ft void
.Fn ENGINE_register_all_DH void

.Ft int
.Fo ENGINE_register_RAND
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_RAND
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_RAND void
.Ft int
.Fo ENGINE_register_STORE
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_STORE
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_STORE void
.Ft int
.Fo ENGINE_register_ciphers
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_ciphers
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_ciphers void
.Ft int
.Fo ENGINE_register_digests
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_digests

.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_register_all_digests void
.Ft int
.Fo ENGINE_register_complete
.Fa "ENGINE *e"
.Fc
.Ft int
.Fn ENGINE_register_all_complete void
.Ft int
.Fo ENGINE_ctrl
.Fa "ENGINE *e"
.Fa "int cmd"
.Fa "long i"
.Fa "void *p"
.Fa "void (*f)(void)"
.Fc
.Ft int
.Fo ENGINE_cmd_is_executable
.Fa "ENGINE *e"
.Fa "int cmd"
.Fc
.Ft int

.Fo ENGINE_ctrl_cmd
.Fa "ENGINE *e"
.Fa "const char *cmd_name"
.Fa "long i"
.Fa "void *p"
.Fa "void (*f)(void)"
.Fa "int cmd_optional"
.Fc
.Ft int
.Fo ENGINE_ctrl_cmd_string
.Fa "ENGINE *e"
.Fa "const char *cmd_name"
.Fa "const char *arg"
.Fa "int cmd_optional"

.Fc
.Ft ENGINE *
.Fn ENGINE_new void

.Ft int
.Fo ENGINE_free

.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_up_ref

.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_id
.Fa "ENGINE *e"
.Fa "const char *id"
.Fc
.Ft int
.Fo ENGINE_set_name
.Fa "ENGINE *e"
.Fa "const char *name"
.Fc
.Ft int
.Fo ENGINE_set_RSA
.Fa "ENGINE *e"
.Fa "const RSA_METHOD *rsa_meth"
.Fc
.Ft int
.Fo ENGINE_set_DSA
.Fa "ENGINE *e"
.Fa "const DSA_METHOD *dsa_meth"
.Fc
.Ft int
.Fo ENGINE_set_ECDH
.Fa "ENGINE *e"
.Fa "const ECDH_METHOD *dh_meth"

.Fc
.Ft int
.Fo ENGINE_set_ECDSA
.Fa "ENGINE *e"
.Fa "const ECDSA_METHOD *dh_meth"
.Fc
.Ft int
.Fo ENGINE_set_DH
.Fa "ENGINE *e"
.Fa "const DH_METHOD *dh_meth"
.Fc
.Ft int
.Fo ENGINE_set_RAND
.Fa "ENGINE *e"

.Fa "const RAND_METHOD *rand_meth"
.Fc
.Ft int
.Fo ENGINE_set_STORE
.Fa "ENGINE *e"
.Fa "const STORE_METHOD *rand_meth"
.Fc
.Ft int
.Fo ENGINE_set_destroy_function
.Fa "ENGINE *e"
.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f"
.Fc
.Ft int
.Fo ENGINE_set_init_function
.Fa "ENGINE *e"
.Fa "ENGINE_GEN_INT_FUNC_PTR init_f"
.Fc
.Ft int
.Fo ENGINE_set_finish_function
.Fa "ENGINE *e"
.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f"
.Fc
.Ft int
.Fo ENGINE_set_ctrl_function
.Fa "ENGINE *e"
.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f"
.Fc
.Ft int
.Fo ENGINE_set_load_privkey_function
.Fa "ENGINE *e"
.Fa "ENGINE_LOAD_KEY_PTR loadpriv_f"
.Fc
.Ft int
.Fo ENGINE_set_load_pubkey_function
.Fa "ENGINE *e"
.Fa "ENGINE_LOAD_KEY_PTR loadpub_f"
.Fc
.Ft int
.Fo ENGINE_set_ciphers
.Fa "ENGINE *e"
.Fa "ENGINE_CIPHERS_PTR f"
.Fc
.Ft int
.Fo ENGINE_set_digests
.Fa "ENGINE *e"
.Fa "ENGINE_DIGESTS_PTR f"
.Fc
.Ft int
.Fo ENGINE_set_flags
.Fa "ENGINE *e"
.Fa "int flags"
.Fc
.Ft int
.Fo ENGINE_set_cmd_defns
.Fa "ENGINE *e"
.Fa "const ENGINE_CMD_DEFN *defns"

.Fc
.Ft const char *

.Fo ENGINE_get_id
.Fa "const ENGINE *e"
.Fc
.Ft const char *


.Fo ENGINE_get_name
.Fa "const ENGINE *e"
.Fc

.Ft const RSA_METHOD *
.Fo ENGINE_get_RSA
.Fa "const ENGINE *e"

.Fc
.Ft const DSA_METHOD *
.Fo ENGINE_get_DSA
.Fa "const ENGINE *e"
.Fc
.Ft const ECDH_METHOD *
.Fo ENGINE_get_ECDH

.Fa "const ENGINE *e"
.Fc
.Ft const ECDSA_METHOD *
.Fo ENGINE_get_ECDSA
.Fa "const ENGINE *e"
.Fc
.Ft const DH_METHOD *
.Fo ENGINE_get_DH
.Fa "const ENGINE *e"
.Fc
.Ft const RAND_METHOD *
.Fo ENGINE_get_RAND
.Fa "const ENGINE *e"
.Fc
.Ft const STORE_METHOD *



.Fo ENGINE_get_STORE
.Fa "const ENGINE *e"
.Fc

.Ft ENGINE_GEN_INT_FUNC_PTR
.Fo ENGINE_get_destroy_function
.Fa "const ENGINE *e"

.Fc
.Ft ENGINE_GEN_INT_FUNC_PTR
.Fo ENGINE_get_init_function
.Fa "const ENGINE *e"

.Fc
.Ft ENGINE_GEN_INT_FUNC_PTR
.Fo ENGINE_get_finish_function
.Fa "const ENGINE *e"


.Fc
.Ft ENGINE_CTRL_FUNC_PTR

.Fo ENGINE_get_ctrl_function
.Fa "const ENGINE *e"
.Fc
.Ft ENGINE_LOAD_KEY_PTR
.Fo ENGINE_get_load_privkey_function
.Fa "const ENGINE *e"
.Fc
.Ft ENGINE_LOAD_KEY_PTR
.Fo ENGINE_get_load_pubkey_function

.Fa "const ENGINE *e"
.Fc
.Ft ENGINE_CIPHERS_PTR
.Fo ENGINE_get_ciphers
.Fa "const ENGINE *e"
.Fc
.Ft ENGINE_DIGESTS_PTR
.Fo ENGINE_get_digests
.Fa "const ENGINE *e"
.Fc
.Ft const EVP_CIPHER *
.Fo ENGINE_get_cipher
.Fa "ENGINE *e"
.Fa "int nid"
.Fc
.Ft const EVP_MD *
.Fo ENGINE_get_digest
.Fa "ENGINE *e"
.Fa "int nid"
.Fc
.Ft int
.Fo ENGINE_get_flags
.Fa "const ENGINE *e"

.Fc
.Ft const ENGINE_CMD_DEFN *
.Fo ENGINE_get_cmd_defns
.Fa "const ENGINE *e"
.Fc
.Ft EVP_PKEY *
.Fo ENGINE_load_private_key
.Fa "ENGINE *e"
.Fa "const char *key_id"
.Fa "UI_METHOD *ui_method"
.Fa "void *callback_data"
.Fc
.Ft EVP_PKEY *
.Fo ENGINE_load_public_key
.Fa "ENGINE *e"
.Fa "const char *key_id"
.Fa "UI_METHOD *ui_method"
.Fa "void *callback_data"
.Fc
.Sh DESCRIPTION
These functions create, manipulate, and use cryptographic modules
in the form of
.Vt ENGINE
objects.
These objects act as containers for implementations of cryptographic
algorithms, and support a reference-counted mechanism to allow them to
be dynamically loaded in and out of the running application.
.Pp
The cryptographic functionality that can be provided by an


.Vt ENGINE




implementation includes the following abstractions:
.Pp
.Bl -bullet -compact
.It
.Vt RSA_METHOD :
for providing alternative RSA implementations
.It
.Vt DSA_METHOD , DH_METHOD , RAND_METHOD , ECDH_METHOD ,
.Vt ECDSA_METHOD , STORE_METHOD :
similarly for other OpenSSL APIs
.It
.Vt EVP_CIPHER :
potentially multiple cipher algorithms (indexed by 'nid')
.It
.Vt EVP_DIGEST :
potentially multiple hash algorithms (indexed by 'nid')
.It
key-loading: loading public and/or private EVP_PKEY keys
.El
.Ss Reference counting and handles
Due to the modular nature of the
.Nm engine
API, pointers to
.Vt ENGINE Ns s

need to be treated as handles - i.e. not only as pointers, but also
as references to the underlying
.Vt ENGINE
object.
One should obtain a new reference when making copies of an
.Vt ENGINE
pointer if the copies will be used (and released) independently.
.Pp
.Vt ENGINE
objects have two levels of reference-counting to match the way in

which the objects are used.
At the most basic level, each
.Vt ENGINE
pointer is inherently a
.Sy structural
reference - a structural reference is required to use the pointer value
at all, as this kind of reference is a guarantee that the structure cannot
be deallocated until the reference is released.
.Pp
However, a structural reference provides no guarantee that the
.Vt ENGINE


is initialised and able to use any of its cryptographic implementations.
Indeed it's quite possible that most
.Vt ENGINE Ns s
will not initialise at all in typical environments, as
.Vt ENGINE Ns s
are typically used to support specialised hardware.
To use an
.Vt ENGINE Ap s
functionality, you need a
.Sy functional
reference.
This kind of reference can be considered a specialised form of
structural reference, because each functional reference implicitly
contains a structural reference as well - however to avoid
difficult-to-find programming bugs, it is recommended to treat the two
kinds of reference independently.
If you have a functional reference to an

.Vt ENGINE ,
you have a guarantee that the
.Vt ENGINE
has been initialised and is ready to perform cryptographic operations and
will remain uninitialised until after you have released your
reference.
.Pp
.Em Structural references
.Pp
This basic type of reference is used for instantiating new
.Vt ENGINE Ns s ,


iterating across OpenSSL's internal linked-list of loaded

.Vt ENGINE Ns s ,
reading information about an

.Vt ENGINE ,




etc.
Essentially a structural reference is sufficient if you only need to
query or manipulate the data of an
.Vt ENGINE

implementation rather than use its functionality.
.Pp
The
.Fn ENGINE_new
function returns a structural reference to a new (empty)
.Vt ENGINE
object.
There are other
.Nm engine
API functions that return structural references such as
.Fn ENGINE_by_id ,
.Fn ENGINE_get_first ,
.Fn ENGINE_get_last ,
.Fn ENGINE_get_next ,
and

.Fn ENGINE_get_prev .
All structural references should be released by a corresponding call
to the
.Fn ENGINE_free
function.

The
.Vt ENGINE
object itself will only actually be cleaned up and deallocated when
the last structural reference is released.

.Pp




It should also be noted that many
.Nm engine
API function calls that accept a structural reference will internally
obtain another reference.

Typically this happens whenever the supplied
.Vt ENGINE

will be needed by OpenSSL after the function has returned.
For example, the function to add a new
.Vt ENGINE
to OpenSSL's internal list is
.Fn ENGINE_add .
If this function returns success, OpenSSL will have stored a new
structural reference internally so the caller is still responsible for
freeing their own reference with
.Fn ENGINE_free
when they are finished with it.
In a similar way, some functions will automatically release the

structural reference passed to it if part of the function's job is
to do so.


For example, the
.Fn ENGINE_get_next
and

.Fn ENGINE_get_prev
functions are used for iterating across the internal

.Vt ENGINE
list.
They
will return a new structural reference to the next (or previous)
.Vt ENGINE
in the list or
.Dv NULL
if at the end (or beginning) of the list, but in either case the

structural reference passed to the function is released on behalf

of the caller.
.Pp
To clarify a particular function's handling of references, one should
always consult that function's manual page, or failing that the
.In openssl/engine.h
header file includes some hints.
.Pp
.Em Functional references
.Pp
As mentioned, functional references exist when the cryptographic
functionality of an
.Vt ENGINE
is required to be available.
A functional reference can be obtained in one of two ways; from an
existing structural reference to the required
.Vt ENGINE ,
or by asking OpenSSL for the default operational
.Vt ENGINE
for a given cryptographic purpose.
.Pp
To obtain a functional reference from an existing structural reference,
call the
.Fn ENGINE_init
function.
This returns zero if the
.Vt ENGINE
was not already operational and couldn't be successfully initialised
(e.g. lack of system drivers, no special hardware attached),
otherwise it will return non-zero to indicate that the
.Vt ENGINE
is now operational and will have allocated a new
.Sy functional
reference to the
.Vt ENGINE .

All functional references are released by calling
.Fn ENGINE_finish ,
which removes the implicit structural reference as well.
.Pp
The second way to get a functional reference is by asking OpenSSL for a
default implementation for a given task, e.g.



by
.Fn ENGINE_get_default_RSA ,
.Fn ENGINE_get_default_cipher_engine ,
etc.
These are discussed in the next section, though they are not usually
required by application programmers as they are used automatically when
creating and using the relevant algorithm-specific types in OpenSSL,
such as RSA, DSA, EVP_CIPHER_CTX, etc.
.Ss Default implementations
For each supported abstraction, the
.Nm engine
code maintains an internal table of state to control which
implementations are available for a given abstraction and which

should be used by default.
These implementations are registered in the tables and indexed by an
.Fa nid
value, because abstractions like
.Vt EVP_CIPHER
and
.Vt EVP_DIGEST
support many distinct algorithms and modes, and
.Vt ENGINE Ns s
can support arbitrarily many of them.
In the case of other abstractions like RSA, DSA, etc., there is
only one "algorithm" so all implementations implicitly register
using the same
.Fa nid
index.
.Pp
When a default
.Vt ENGINE


is requested for a given abstraction/algorithm/mode, (e.g. when
calling
.Fn RSA_new_method NULL ) ,
a "get_default" call will be made to the
.Nm engine
subsystem to process the corresponding state table and return
a functional reference to an initialised
.Vt ENGINE
whose implementation should be used.
If no
.Vt ENGINE
should (or can) be used, it will return
.Dv NULL
and the caller will operate with a
.Dv NULL
.Vt ENGINE


handle.
This usually equates to using the conventional software implementation.
In the latter case, OpenSSL will from then on behave the way it used to
before the
.Nm engine
API existed.
.Pp
Each state table has a flag to note whether it has processed this
"get_default" query since the table was last modified, because to
process this question it must iterate across all the registered
.Vt ENGINE Ns s
in the table trying to initialise each of them in turn, in case one of
them is operational.

If it returns a functional reference to an
.Vt ENGINE ,
it will also cache another reference to speed up processing future
queries (without needing to iterate across the table).

Likewise, it will cache a
.Dv NULL
response if no
.Vt ENGINE
was available so that future queries won't repeat the same iteration
unless the state table changes.
This behaviour can also be changed; if the
.Dv ENGINE_TABLE_FLAG_NOINIT
flag is set (using
.Fn ENGINE_set_table_flags ) ,
no attempted initialisations will take place, instead the only way for
the state table to return a
.Pf non- Dv NULL
.Vt ENGINE
to the "get_default" query will be if one is expressly set in the table.
For example,
.Fn ENGINE_set_default_RSA
does the same job as
.Fn ENGINE_register_RSA
except that it also sets the state table's cached response for the
"get_default" query.
In the case of abstractions like
.Vt EVP_CIPHER ,
where implementations are indexed by
.Fa nid ,
these flags and cached-responses are distinct for each
.Fa nid
value.
.Ss Application requirements
This section will explain the basic things an application programmer
should support to make the most useful elements of the
.Nm engine
functionality available to the user.
The first thing to consider is whether the programmer wishes to make
alternative
.Vt ENGINE


modules available to the application and user.
OpenSSL maintains an internal linked list of "visible"
.Vt ENGINE Ns s

from which it has to operate.
At start-up, this list is empty, and in fact if an application does
not call any
.Nm engine
API calls and it uses static
linking against openssl, then the resulting application binary will
not contain any alternative
.Nm engine
code at all.
So the first consideration is whether any/all available
.Vt ENGINE
implementations should be made visible to OpenSSL.
This is controlled by calling the various "load" functions, e.g.
.Fn ENGINE_load_builtin_engines

to make all
.Vt ENGINE

implementations bundled with OpenSSL available.
.Pp
Note that
.Fn ENGINE_load_dynamic
is a placeholder and does not enable dynamic engine loading support.
.Pp
Having called any of these functions,
.Vt ENGINE

objects would have been dynamically allocated and populated with
these implementations and linked into OpenSSL's internal linked

list.
.Pp
If no
.Nm engine
API functions are called at all in an application, then there are
no inherent memory leaks to worry about from the
.Nm engine
functionality, however if any
.Vt ENGINE Ns s
are loaded, even if they are never registered or used, it is necessary
to use the
.Fn ENGINE_cleanup
function to correspondingly cleanup before program exit, if the caller
wishes to avoid memory leaks.
This mechanism uses an internal callback registration table so that any
.Nm engine
API functionality that knows it requires cleanup can register its
cleanup details to be called during
.Fn ENGINE_cleanup .
This approach allows
.Fn ENGINE_cleanup
to clean up after any
.Nm engine
functionality at all that your program uses, yet doesn't automatically
create linker dependencies to all possible
.Nm engine
functionality - only the cleanup callbacks required by the functionality
you do use will be required by the linker.
.Pp

The fact that
.Vt ENGINE Ns s
are made visible to OpenSSL (and thus are linked into the program
and loaded into memory at run-time) does not mean they are "registered"
or called into use by OpenSSL automatically - that behaviour is
something for the application to control.



Some applications will want to allow the user to specify exactly which
.Vt ENGINE
they want used if any is to be used at all.
Others may prefer to load all support and have OpenSSL automatically use
at run-time any
.Vt ENGINE
that is able to successfully initialised - i.e. to assume that this
corresponds to acceleration hardware attached to the machine or
some such thing.

There are probably numerous other ways in which applications may prefer
to handle things, so we will simply illustrate the consequences as they
apply to a couple of simple cases and leave developers to consider these



and the source code to openssl's builtin utilities as guides.
.Pp



.Em Using a specific ENGINE implementation
.Pp
Here we'll assume an application has been configured by its user or
admin to want to use the "ACME"
.Vt ENGINE
if it is available in the version of OpenSSL the application was
compiled with.
If it is available, it should be used by default for all RSA, DSA, and
symmetric cipher operations, otherwise OpenSSL should use its builtin
software as usual.
The following code illustrates how to approach this:
.Bd -literal
ENGINE *e;
const char *engine_id = "ACME";
ENGINE_load_builtin_engines();
e = ENGINE_by_id(engine_id);
if (!e)
	/* the engine isn't available */
	return;
if (!ENGINE_init(e)) {

	/* the engine couldn't initialise, release 'e' */
	ENGINE_free(e);
	return;
}
if (!ENGINE_set_default_RSA(e))
	/* This should only happen when 'e' can't initialise, but the previous
	 * statement suggests it did. */
	abort();
ENGINE_set_default_DSA(e);
ENGINE_set_default_ciphers(e);

/* Release the functional reference from ENGINE_init() */
ENGINE_finish(e);
/* Release the structural reference from ENGINE_by_id() */
ENGINE_free(e);
.Ed
.Pp

.Em Automatically using builtin ENGINE implementations
.Pp

Here we'll assume we want to load and register all
.Vt ENGINE
implementations bundled with OpenSSL, such that for any cryptographic
algorithm required by OpenSSL - if there is an
.Vt ENGINE
that implements it and can be initialised, it should be used.


The following code illustrates how this can work;
.Bd -literal
/* Load all bundled ENGINEs into memory and make them visible */
ENGINE_load_builtin_engines();



/* Register all of them for every algorithm they collectively implement */
ENGINE_register_all_complete();
.Ed
.Pp
That's all that's required.
For example, the next time OpenSSL tries to set up an RSA key, any bundled
.Vt ENGINE Ns s
that implement
.Vt RSA_METHOD
will be passed to
.Fn ENGINE_init
and if any of those succeed, that
.Vt ENGINE
will be set as the default for RSA use from then on.
.Ss Advanced configuration support
There is a mechanism supported by the
.Nm engine
framework that allows each
.Vt ENGINE
implementation to define an arbitrary set of configuration
"commands" and expose them to OpenSSL and any applications based on
OpenSSL.
This mechanism is entirely based on the use of name-value pairs
and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
applications want to provide a transparent way for users to provide
arbitrary configuration "directives" directly to such
.Vt ENGINE Ns s .
It is also possible for the application to dynamically interrogate the
loaded
.Vt ENGINE

implementations for the names, descriptions, and input flags of
their available "control commands", providing a more flexible
configuration scheme.
However, if the user is expected to know which


.Vt ENGINE


device he/she is using (in the case of specialised hardware, this
goes without saying) then applications may not need to concern
themselves with discovering the supported control commands and
simply prefer to pass settings into
.Vt ENGINE s
exactly as they are provided by the user.
.Pp
Before illustrating how control commands work, it is worth mentioning
what they are typically used for.
Broadly speaking there are two uses for control commands; the first is
to provide the necessary details to the implementation (which may know
nothing at all specific to the host system) so that it can be
initialised for use.
This could include the path to any driver or config files it needs to
load, required network addresses, smart-card identifiers, passwords to
initialise protected devices, logging information, etc.
This class of commands typically needs to be passed to an
.Vt ENGINE
.Sy before
attempting to initialise it, i.e. before calling
.Fn ENGINE_init .
The other class of commands consist of settings or operations that tweak
certain behaviour or cause certain operations to take place, and these
commands may work either before or after
.Fn ENGINE_init ,
or in some cases both.
.Vt ENGINE
implementations should provide indications of this in the descriptions
attached to builtin control commands and/or in external product
documentation.
.Pp
.Em Issuing control commands to an ENGINE
.Pp
Let's illustrate by example; a function for which the caller supplies
the name of the
.Vt ENGINE
it wishes to use, a table of string-pairs for use before initialisation,
and another table for use after initialisation.
Note that the string-pairs used for control commands consist of a
command "name" followed by the command "parameter" - the parameter
could be
.Dv NULL
in some cases but the name cannot.
This function should initialise the
.Vt ENGINE
(issuing the "pre" commands beforehand and the "post" commands
afterwards) and set it as the default for everything except RAND
and then return a boolean success or failure.

.Bd -literal
int
generic_load_engine_fn(const char *engine_id,
    const char **pre_cmds, int pre_num,
    const char **post_cmds, int post_num)
{
	ENGINE *e = ENGINE_by_id(engine_id);

	if (!e)


		return 0;
	while (pre_num--) {
		if (!ENGINE_ctrl_cmd_string(e,
		    pre_cmds[0], pre_cmds[1], 0)) {
			fprintf(stderr,
			    "Failed command (%s - %s:%s)\en",
			    engine_id, pre_cmds[0],
			    pre_cmds[1] ? pre_cmds[1] : "(NULL)");
			ENGINE_free(e);
			return 0;
		}
		pre_cmds += 2;
	}
	if (!ENGINE_init(e)) {
		fprintf(stderr, "Failed initialisation\en");
		ENGINE_free(e);
		return 0;
	}
	/*
	 * ENGINE_init() returned a functional reference,
	 * so free the structural reference from
	 * ENGINE_by_id().
	 */
	ENGINE_free(e);
	while (post_num--) {
		if (!ENGINE_ctrl_cmd_string(e,
		    post_cmds[0], post_cmds[1], 0)) {
			fprintf(stderr,
			    "Failed command (%s - %s:%s)\en",
			    engine_id, post_cmds[0],
			    post_cmds[1] ? post_cmds[1] : "(NULL)");
			ENGINE_finish(e);
			return 0;

		}
		post_cmds += 2;

	}
	ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
	/* Success */
	return 1;

}
.Ed
.Pp
Note that
.Fn ENGINE_ctrl_cmd_string
accepts a boolean argument that can relax the semantics of the function.
If set to non-zero it will only return failure if the
.Vt ENGINE
supported the given command name but failed while executing it, if the
.Vt ENGINE
doesn't support the command name it will simply return success without
doing anything.
In this case we assume the user is only supplying commands specific to
the given
.Vt ENGINE
so we set this to FALSE.
.Pp
.Em Discovering supported control commands
.Pp
It is possible to discover at run-time the names, numerical-ids,
descriptions and input parameters of the control commands supported by an
.Vt ENGINE
using a structural reference.
Note that some control commands are defined by OpenSSL itself and it
will intercept and handle these control commands on behalf of the
.Vt ENGINE ,
i.e. the
.Vt ENGINE Ap s
ctrl() handler is not used for the control command.
.In openssl/engine.h
defines an index,
.Dv ENGINE_CMD_BASE ,
that all control commands implemented by
.Vt ENGINE Ns s
should be numbered from.
Any command value lower than this symbol is considered a "generic"
command is handled directly by the OpenSSL core routines.
.Pp
It is using these "core" control commands that one can discover the
control commands implemented by a given
.Vt ENGINE ,
specifically the commands:
.Bd -literal
#define ENGINE_HAS_CTRL_FUNCTION		10
#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
#define ENGINE_CTRL_GET_CMD_FROM_NAME		13
#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
#define ENGINE_CTRL_GET_NAME_FROM_CMD		15
#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
#define ENGINE_CTRL_GET_DESC_FROM_CMD		17
#define ENGINE_CTRL_GET_CMD_FLAGS		18
.Ed
.Pp
Whilst these commands are automatically processed by the OpenSSL
framework code, they use various properties exposed by each
.Vt ENGINE
to process these queries.
An
.Vt ENGINE
has 3 properties it exposes that can affect how this behaves;
it can supply a ctrl() handler, it can specify
.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
in the
.Vt ENGINE Ap s
flags, and it can expose an array of control command descriptions.
If an
.Vt ENGINE
specifies the
.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
flag, then it will simply pass all these "core" control commands
directly to the
.Vt ENGINE Ap s
ctrl() handler (and thus, it must have supplied one), so it is up






to the
.Vt ENGINE
to reply to these "discovery" commands itself.
If that flag is not set, then the OpenSSL framework code will work with
the following rules;
.Bl -tag -width Ds
.It If no ctrl() handler is supplied:
.Dv ENGINE_HAS_CTRL_FUNCTION
returns FALSE (zero), all other commands fail.
.It If a ctrl() handler was supplied but no array of control commands:
.Dv ENGINE_HAS_CTRL_FUNCTION
returns TRUE, all other commands fail.
.It If a ctrl() handler and array of control commands was supplied:
.Dv ENGINE_HAS_CTRL_FUNCTION
returns TRUE, all other commands proceed processing...
.El
.Pp
If the
.Vt ENGINE Ns s
array of control commands is empty, then all other commands will fail.
Otherwise
.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE
returns the identifier of the first command supported by the
.Vt ENGINE ,
.Dv ENGINE_GET_NEXT_CMD_TYPE
takes the identifier of a command supported by the
.Vt ENGINE
and returns the next command identifier or fails if there are no more,
.Dv ENGINE_CMD_FROM_NAME
takes a string name for a command and returns the corresponding
identifier or fails if no such command name exists, and the remaining
commands take a command identifier and return properties of the
corresponding commands.
All except
.Dv ENGINE_CTRL_GET_FLAGS
return the string length of a command name or description, or
populate a supplied character buffer with a copy of the command
name or description.
.Dv ENGINE_CTRL_GET_FLAGS
returns a bitwise-OR'd mask of the following possible values:
.Bd -literal

#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002
#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004
#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008
.Ed
.Pp
If the
.Dv ENGINE_CMD_FLAG_INTERNAL
flag is set, then any other flags are purely informational to the caller.
This flag will prevent the command being usable for any higher-level
.Vt ENGINE
functions such as
.Fn ENGINE_ctrl_cmd_string .
"INTERNAL" commands are not intended to be exposed to text-based
configuration by applications, administrations, users, etc.
These can support arbitrary operations via
.Fn ENGINE_ctrl ,
including passing to and/or from the control commands data of any
arbitrary type.
These commands are supported in the discovery mechanisms simply allow
applications to determine if an
.Vt ENGINE
supports certain specific commands it might want to use (e.g.
application "foo" might query various
.Vt ENGINE Ns s
to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and
.Vt ENGINE
could therefore decide whether or not to support this "foo"-specific
extension).









.Sh SEE ALSO
.Xr DH_new 3 ,
.Xr DSA_new 3 ,
.Xr ENGINE_add_conf_module 3 ,
.Xr ENGINE_set_ex_data 3 ,
.Xr RSA_new 3
Changes to jni/libressl/man/evp.3.







1

















2
3
4
5
6
7
8

9
10
11
12
13

14

15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

44
45
46
47
48
49
50
51




52
53
54




55
56


57
58
59
60
61
62

63

64
65
66
67
68

69

70
71




72
73
74
75
76
77
78
79
80
81



82
83
84


85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

110
111


112


113
114


115


116
117
118





119

120



121




122
123





124
125


126
127

128
129
130
131

132
133
134




135
136
137
138


139
140

141



142
143
144
145
146
147
148
149





150
151
152
153

154
155
156
157
158

159
160
161
162
163
164
165
166

167
168







.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

















.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..

.de Ve \" End verbatim text

.ft R
.fi
..

.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}

.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the




.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.




.de IX
..


.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"

..

.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}

.\}

.rr rF
.\" ========================================================================




.\"
.IX Title "evp 3"
.TH evp 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
evp \- high\-level cryptographic functions
.SH "SYNOPSIS"



.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>


.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 library provides a high-level interface to cryptographic
functions.
.PP
\&\fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR
provide public key encryption and decryption to implement digital \*(L"envelopes\*(R".
.PP
The \fBEVP_DigestSign\fR\fI...\fR and
\&\fBEVP_DigestVerify\fR\fI...\fR functions implement
digital signatures and Message Authentication Codes (MACs). Also see the older
\&\fBEVP_Sign\fR\fI...\fR and \fBEVP_Verify\fR\fI...\fR
functions.
.PP
Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR
functions.  The \fBEVP_Digest\fR\fI...\fR functions provide message digests.
.PP
Authenticated encryption with additional data (\s-1AEAD\s0) is available with
the \fB\s-1EVP_AEAD\s0\fR\fI...\fR functions.
.PP
The \fB\s-1EVP_PKEY\s0\fR\fI...\fR functions provide a high level interface to
asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see
\&\fIEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated
with a private key of a particular algorithm by using the functions

described on the \fIEVP_PKEY_set1_RSA\fR\|(3) page, or
new keys can be generated using \fIEVP_PKEY_keygen\fR\|(3).


EVP_PKEYs can be compared using \fIEVP_PKEY_cmp\fR\|(3), or printed using


\&\fIEVP_PKEY_print_private\fR\|(3).
.PP


The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations:


.IP "For key agreement see \fIEVP_PKEY_derive\fR\|(3)" 4
.IX Item "For key agreement see EVP_PKEY_derive"
.PD 0





.IP "For signing and verifying see \fIEVP_PKEY_sign\fR\|(3), \fIEVP_PKEY_verify\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSign\fR\fI...\fR functions for this purpose." 4

.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSign... functions for this purpose."



.ie n .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR functions." 4




.el .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR functions." 4
.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_Seal... and EVP_Open... functions."





.PD
.PP


The \fIEVP_BytesToKey\fR\|(3) function provides some limited support for password
based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible

implementation. However, new applications should not typically use this (preferring, for example,
\&\s-1PBKDF2\s0 from PCKS#5).
.PP
Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3).

.PP
All the symmetric algorithms (ciphers), digests and asymmetric algorithms
(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative




implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered
as defaults, then the various \s-1EVP\s0 functions will automatically use those
implementations automatically in preference to built in software
implementations. For more information, consult the \fIengine\fR\|(3) man page.


.PP
Although low level algorithm specific functions exist for many algorithms

their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0



versions of new algorithms cannot be accessed using the low level functions.
Also makes code harder to adapt to new algorithms and some options are not
cleanly supported at the low level and some operations are more efficient
using the high level interface.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_DigestInit\fR\|(3),
\&\fIEVP_EncryptInit\fR\|(3),





\&\fIEVP_AEAD_CTX_init\fR\|(3),
\&\fIEVP_OpenInit\fR\|(3),
\&\fIEVP_SealInit\fR\|(3),
\&\fIEVP_DigestSignInit\fR\|(3),

\&\fIEVP_SignInit\fR\|(3),
\&\fIEVP_VerifyInit\fR\|(3),
\&\fIEVP_PKEY_new\fR\|(3),
\&\fIEVP_PKEY_set1_RSA\fR\|(3),
\&\fIEVP_PKEY_keygen\fR\|(3),

\&\fIEVP_PKEY_print_private\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),
\&\fIEVP_PKEY_encrypt\fR\|(3),
\&\fIEVP_PKEY_sign\fR\|(3),
\&\fIEVP_PKEY_verify\fR\|(3),
\&\fIEVP_PKEY_verify_recover\fR\|(3),
\&\fIEVP_PKEY_derive\fR\|(3),
\&\fIEVP_BytesToKey\fR\|(3),

\&\fIOpenSSL_add_all_algorithms\fR\|(3),
\&\fIengine\fR\|(3)
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|
|
|
|
<
|
>
|
|
<
<
|
>
|
>
|
<
|
>
|
|
|
|
|
|
|
|
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
>

<
|
|
|
|
|
|
>
>
>
>
|
|
<
>
>
>
>
|
|
>
>
|
<
<
|
<
<
>
<
>
|
|
|
|
<
>
|
>
|
<
>
>
>
>
|
<
<
<
<
|
|
|
|
|
>
>
>
|
|
<
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
>
|
|
>
>
|
>
>
|
|
>
>
|
>
>
|
|
|
>
>
>
>
>
|
>
|
>
>
>
|
>
>
>
>
|
|
>
>
>
>
>
|
|
>
>
|
|
>
|
|
|
|
>
|
|
|
>
>
>
>
|
|
|
|
>
>
|
|
>
|
>
>
>
|
<
<
<
<
<
<
|
>
>
>
>
>
|
|
|
|
>
|
|
|
|
|
>
|
|
<
|
|
|
|
|
>
|
<
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

31
32
33
34


35
36
37
38
39

40
41
42
43
44
45
46
47
48
49
50
51
















52
53

54
55
56
57
58
59
60
61
62
63
64
65

66
67
68
69
70
71
72
73
74


75


76

77
78
79
80
81

82
83
84
85

86
87
88
89
90




91
92
93
94
95
96
97
98
99
100

101
102























103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178






179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197

198
199
200
201
202
203
204

.\"	$OpenBSD: evp.3,v 1.4 2016/12/06 15:15:26 schwarze Exp $
.\"	OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,
.\" Matt Caswell <matt@openssl.org>, Geoff Thorpe <geoff@openssl.org>,
.\" and Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2002, 2006, 2013, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.

.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.


.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
















.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"

.Dd $Mdocdate: December 6 2016 $
.Dt EVP 3
.Os
.Sh NAME
.Nm evp
.Nd high level cryptographic functions
.Sh SYNOPSIS
.In openssl/evp.h
.Sh DESCRIPTION
The EVP library provides a high level interface to cryptographic
functions.
.Pp

.Xr EVP_SealInit 3
and
.Xr EVP_OpenInit 3
provide public key encryption and decryption to implement digital
"envelopes".
.Pp
The
.Xr EVP_DigestSignInit 3
and


.Xr EVP_DigestVerifyInit 3


functions implement digital signatures and Message Authentication Codes

(MACs).
Also see the older
.Xr EVP_SignInit 3
and
.Xr EVP_VerifyInit 3

functions.
.Pp
Symmetric encryption is available with the
.Xr EVP_EncryptInit 3

functions.
The
.Xr EVP_DigestInit 3
functions provide message digests.
.Pp




Authenticated encryption with additional data (AEAD) is available with
the
.Xr EVP_AEAD_CTX_init 3
functions.
.Pp
The
.Fn EVP_PKEY_*
functions provide a high level interface to asymmetric algorithms.
To create a new
.Vt EVP_PKEY ,

see
.Xr EVP_PKEY_new 3 .























.Vt EVP_PKEY Ns s
can be associated with a private key of a particular algorithm
by using the functions described in the
.Xr EVP_PKEY_set1_RSA 3
page, or new keys can be generated using
.Xr EVP_PKEY_keygen 3 .
.Vt EVP_PKEY Ns s
can be compared using
.Xr EVP_PKEY_cmp 3
or printed using
.Xr EVP_PKEY_print_private 3 .
.Pp
The
.Fn EVP_PKEY_*
functions support the full range of asymmetric algorithm operations:
.Bl -bullet
.It
For key agreement, see
.Xr EVP_PKEY_derive 3 .
.It
For signing and verifying, see
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
and
.Xr EVP_PKEY_verify_recover 3 .
However, note that these functions do not perform a digest of the
data to be signed.
Therefore normally you would use the
.Xr EVP_DigestSignInit 3
functions for this purpose.
.It
For encryption and decryption see
.Xr EVP_PKEY_encrypt 3
and
.Xr EVP_PKEY_decrypt 3 ,
respectively.
However, note that these functions perform encryption and decryption only.
As public key encryption is an expensive operation, normally you
would wrap an encrypted message in a digital envelope using the
.Xr EVP_SealInit 3
and
.Xr EVP_OpenInit 3
functions.
.El
.Pp
The
.Xr EVP_BytesToKey 3
function provides some limited support for password based encryption.
Careful selection of the parameters will provide a PKCS#5 PBKDF1
compatible implementation.
However, new applications should typically not use this (preferring, for
example, PBKDF2 from PCKS#5).
.Pp
Algorithms are loaded with
.Xr OpenSSL_add_all_algorithms 3 .
.Pp
All the symmetric algorithms (ciphers), digests and asymmetric
algorithms (public key algorithms) can be replaced by
.Xr engine 3
modules providing alternative implementations.
If
.Vt ENGINE
implementations of ciphers or digests are registered as defaults,
then the various EVP functions will automatically use those
implementations in preference to built in software implementations.
For more information, consult the
.Xr engine 3
manual page.
.Pp
Although low level algorithm specific functions exist for many
algorithms, their use is discouraged.
They cannot be used with an
.Vt ENGINE ,
and
.Vt ENGINE
versions of new algorithms cannot be accessed using the low level






functions.
Using them also makes code harder to adapt to new algorithms, some
options are not cleanly supported at the low level, and some
operations are more efficient using the high level interfaces.
.Sh SEE ALSO
.Xr engine 3 ,
.Xr EVP_AEAD_CTX_init 3 ,
.Xr EVP_BytesToKey 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_DigestSignInit 3 ,
.Xr EVP_EncryptInit 3 ,
.Xr EVP_OpenInit 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_keygen 3 ,
.Xr EVP_PKEY_new 3 ,
.Xr EVP_PKEY_print_private 3 ,
.Xr EVP_PKEY_set1_RSA 3 ,

.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3 ,
.Xr EVP_SealInit 3 ,
.Xr EVP_SignInit 3 ,
.Xr EVP_VerifyInit 3 ,
.Xr OpenSSL_add_all_algorithms 3

Added jni/libressl/man/get_rfc3526_prime_8192.3.












































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
.\"	$OpenBSD: get_rfc3526_prime_8192.3,v 1.1 2017/01/31 05:40:26 schwarze Exp $
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 31 2017 $
.Dt GET_RFC3526_PRIME_8192 3
.Os
.Sh NAME
.Nm get_rfc2409_prime_768 ,
.Nm get_rfc2409_prime_1024 ,
.Nm get_rfc3526_prime_1536 ,
.Nm get_rfc3526_prime_2048 ,
.Nm get_rfc3526_prime_3072 ,
.Nm get_rfc3526_prime_4096 ,
.Nm get_rfc3526_prime_6144 ,
.Nm get_rfc3526_prime_8192
.Nd standard moduli for Diffie-Hellmann key exchange
.Sh SYNOPSIS
.In openssl/bn.h
.Ft BIGNUM *
.Fn get_rfc2409_prime_768 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc2409_prime_1024 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc3526_prime_1536 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc3526_prime_2048 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc3526_prime_3072 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc3526_prime_4096 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc3526_prime_6144 "BIGNUM *bn"
.Ft BIGNUM *
.Fn get_rfc3526_prime_8192 "BIGNUM *bn"
.Sh DESCRIPTION
Each of these functions returns one specific constant Sophie Germain
prime number
.Fa p .
.Pp
If
.Fa bn
is
.Dv NULL ,
a new
.Vt BIGNUM
object is created and returned.
Otherwise, the number is stored in
.Pf * Fa bn
and
.Fa bn
is returned.
.Pp
All these numbers are of the form
.Pp
.EQ
p = 2 sup s - 2 sup left ( s - 64 right ) - 1 + 2 sup 64 *
left { left [ 2 sup left ( s - 130 right ) pi right ] + offset right }
delim $$
.EN
.Pp
where
.Ar s
is the size of the binary representation of the number in bits
and appears at the end of the function names.
As long as the offset is sufficiently small, the above form assures
that the top and bottom 64 bits of each number are all 1.
.Pp
The offsets are defined in the standards as follows:
.Bl -column 16n 8n -offset indent
.It size Ar s Ta Ar offset
.It Ta
.It \ 768 = 3 * 2^8  Ta  149686
.It 1024 = 2 * 2^9  Ta  129093
.It 1536 = 3 * 2^9  Ta  741804
.It 2048 = 2 * 2^10 Ta  124476
.It 3072 = 3 * 2^10 Ta 1690314
.It 4096 = 2 * 2^11 Ta  240904
.It 6144 = 3 * 2^11 Ta  929484
.It 8192 = 2 * 2^12 Ta 4743158
.El
.Pp
For each of these prime numbers, the finite group of natural numbers
smaller than
.Fa p ,
where the group operation is defined as multiplication modulo
.Fa p ,
is used for Diffie-Hellmann key exchange.
The first two of these groups are called the First Oakley Group and
the Second Oakley Group.
Obiviously, all these groups are cyclic groups of order
.Fa p ,
respectively, and the numbers returned by these functions are not
secrets.
.Sh RETURN VALUES
If memory allocation fails, these functions return
.Dv NULL .
That can happen even if
.Fa bn
is not
.Dv NULL .
.Sh SEE ALSO
.Xr BN_mod_exp 3 ,
.Xr BN_new 3 ,
.Xr BN_set_flags 3 ,
.Xr DH_new 3
.Sh STANDARDS
RFC 2409, "The Internet Key Exchange (IKE)", defines the Oakley Groups.
.Pp
RFC 2412, "The OAKLEY Key Determination Protocol", contains additional
information about these numbers.
.Pp
RFC 3526, "More Modular Exponential (MODP) Diffie-Hellman groups
for Internet Key Exchange (IKE)", defines the other six numbers.
.Sh CAVEATS
As all the memory needed for storing the numbers is dynamically
allocated, the
.Dv BN_FLG_STATIC_DATA
flag is not set on the returned
.Vt BIGNUM
objects.
So be careful to not change the returned numbers.
Deleted jni/libressl/man/i2d_CMS_bio_stream.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "i2d_CMS_bio_stream 3"
.TH i2d_CMS_bio_stream 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
.Vb 1
\& i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format.
.Ve
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/cms.h>
\&
\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format.
.PP
It is otherwise identical to the function \fISMIME_write_CMS()\fR.
.SH "NOTES"
.IX Header "NOTES"
This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting
streaming.
.SH "BUGS"
.IX Header "BUGS"
The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
\&\fICMS_decrypt\fR\|(3),
\&\fISMIME_write_CMS\fR\|(3),
\&\fIPEM_write_bio_CMS_stream\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




































































































































































































































Changes to jni/libressl/man/i2d_PKCS7_bio_stream.3.
1

2
3
4
5
6
7
8

9
10
11
12

13



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46


47
48
49
50
51

52


53
54
55
56












57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85




86









87
88
89
90

91

92
93
94
95

96
97
98
99
100
101

102
103
104
105
106

107
108
109
110
111

112



.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..

.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1

..



.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq


.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the

.\" output yourself in some meaningful fashion.


.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..












.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "i2d_PKCS7_bio_stream 3"
.TH i2d_PKCS7_bio_stream 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs7.h>
\&




\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);









.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format.

.PP

It is otherwise identical to the function \fISMIME_write_PKCS7()\fR.
.SH "NOTES"
.IX Header "NOTES"
This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting

streaming.
.SH "BUGS"
.IX Header "BUGS"
The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"

\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)

\&\fIPKCS7_decrypt\fR\|(3),
\&\fISMIME_write_PKCS7\fR\|(3),
\&\fIPEM_write_bio_PKCS7_stream\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"

\&\fIi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0



|
>

<
|
|
|
<
|
>
|
|
|
|
>
|
>
>
>
|
<
<
|
<
<
|
|
|
|
|
|
<
<
<
<
<
|
|
<
<
<
<
<
<
<
<
|
<
<

<
<
>
>
|

<
<
<
>
|
>
>

<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>
|
|
<
|
>
|
>
|
<
|
|
>
|
<
<
<
|
<
>
|
|
|
|
|
>
|
|
<
|
<
>
|
>
>
>
1
2
3

4
5
6

7
8
9
10
11
12
13
14
15
16
17
18


19


20
21
22
23
24
25





26
27








28


29


30
31
32
33



34
35
36
37
38



39
40
41
42
43
44
45
46
47
48
49
50




























51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68
69
70
71
72

73
74
75
76



77

78
79
80
81
82
83
84
85
86

87

88
89
90
91
92
.\"	$OpenBSD: i2d_PKCS7_bio_stream.3,v 1.6 2016/12/13 15:00:22 schwarze Exp $
.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"

.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2007, 2008, 2009, 2013 The OpenSSL Project.
.\" All rights reserved.

.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.


.\"


.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to





.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact








.\"    openssl-core@openssl.org.


.\"


.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"



.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"



.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.




























.\"
.Dd $Mdocdate: December 13 2016 $
.Dt I2D_PKCS7_BIO_STREAM 3
.Os
.Sh NAME
.Nm i2d_PKCS7_bio_stream
.Nd output PKCS7 structure in BER format
.Sh SYNOPSIS
.In openssl/pkcs7.h
.Ft int
.Fo i2d_PKCS7_bio_stream
.Fa "BIO *out"
.Fa "PKCS7 *p7"
.Fa "BIO *data"
.Fa "int flags"
.Fc
.Sh DESCRIPTION

.Fn i2d_PKCS7_bio_stream
outputs a
.Vt PKCS7
structure in BER format.
It is otherwise identical to the function

.Xr SMIME_write_PKCS7 3 .
This function is effectively a version of
.Xr d2i_PKCS7_bio 3
supporting streaming.



.Sh RETURN VALUES

.Fn i2d_PKCS7_bio_stream
returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr ERR_get_error 3 ,
.Xr PEM_write_bio_PKCS7_stream 3 ,
.Xr PEM_write_PKCS7 3 ,
.Xr PKCS7_new 3 ,
.Xr SMIME_write_PKCS7 3

.Sh HISTORY

.Fn i2d_PKCS7_bio_stream
was added to OpenSSL 1.0.0.
.Sh BUGS
The prefix "i2d" is arguably wrong because the function outputs BER
format.
Changes to jni/libressl/man/lh_new.3.





















































































































1
2
3
4
5
6
7
8





















































































































.Dd $Mdocdate: June 16 2014 $
.Dt LH_NEW 3
.Os
.Sh NAME
.Nm lh_new ,
.Nm lh_free ,
.Nm lh_insert ,
.Nm lh_delete ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
.\"	$OpenBSD: lh_new.3,v 1.3 2016/11/28 14:31:20 schwarze Exp $
.\"	OpenSSL 1bc74519 May 20 08:11:46 2016 -0400
.\"
.\" --------------------------------------------------------------------------
.\" Major patches to this file were contributed by
.\" Ulf Moeller <ulf@openssl.org>, Geoff Thorpe <geoff@openssl.org>,
.\" and Ben Laurie <ben@openssl.org>.
.\" --------------------------------------------------------------------------
.\" Copyright (c) 2000, 2001, 2002, 2008, 2009 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" --------------------------------------------------------------------------
.\" Parts of this file are derived from SSLeay documentation,
.\" which is covered by the following Copyright and license:
.\" --------------------------------------------------------------------------
.\"
.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com)
.\" All rights reserved.
.\"
.\" This package is an SSL implementation written
.\" by Eric Young (eay@cryptsoft.com).
.\" The implementation was written so as to conform with Netscapes SSL.
.\"
.\" This library is free for commercial and non-commercial use as long as
.\" the following conditions are aheared to.  The following conditions
.\" apply to all code found in this distribution, be it the RC4, RSA,
.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
.\" included with this distribution is covered by the same copyright terms
.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
.\"
.\" Copyright remains Eric Young's, and as such any Copyright notices in
.\" the code are not to be removed.
.\" If this package is used in a product, Eric Young should be given
.\" attribution as the author of the parts of the library used.
.\" This can be in the form of a textual message at program startup or
.\" in documentation (online or textual) provided with the package.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"    "This product includes cryptographic software written by
.\"     Eric Young (eay@cryptsoft.com)"
.\"    The word 'cryptographic' can be left out if the rouines from the
.\"    library being used are not cryptographic related :-).
.\" 4. If you include any Windows specific code (or a derivative thereof)
.\"    from the apps directory (application code) you must include an
.\"    acknowledgement: "This product includes software written by
.\"    Tim Hudson (tjh@cryptsoft.com)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" The licence and distribution terms for any publically available version or
.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
.Dd $Mdocdate: November 28 2016 $
.Dt LH_NEW 3
.Os
.Sh NAME
.Nm lh_new ,
.Nm lh_free ,
.Nm lh_insert ,
.Nm lh_delete ,
Changes to jni/libressl/man/lh_stats.3.
1

2

3
4
5
6
7

8


9
10


11
12




13



14
15
16




17
18
19
20
21
22
23
24
25
26
27
28
29
30

31









32
33
34
35
36
37
38
39
40
41
42
43



44
45
46
47






48


49
50
51
52
53
54

55
56
57
58
59



60

61





62
63
64
65

66
67
68







69
70
71




72
73
74
75
76
77

78
79


80


81
82
83
84
85
86


87



88




89
90




91
92
93
94
95
96
97
98
99
100















101

102
103
104
105

106
107
108

109
110
111

112
113
114
115
116
117



118
119

120
121
122
123
124
125
126
127
128
129
130

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

.\"

.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp

..


.de Vb \" Begin verbatim text
.ft CW


.nf
.ne \\$1




..



.de Ve \" End verbatim text
.ft R
.fi




..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch

.    ds L" ""









.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}



.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '






.\"


.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.

.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{



.    if \nF \{

.        de IX





.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0

.            nr F 2
.        \}
.    \}







.\}
.rr rF
.\" ========================================================================




.\"
.IX Title "lh_stats 3"
.TH lh_stats 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

.nh
.SH "NAME"


lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,


lh_node_stats_bio, lh_node_usage_stats_bio \- LHASH statistics
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/lhash.h>
\&


\& void lh_stats(LHASH *table, FILE *out);



\& void lh_node_stats(LHASH *table, FILE *out);




\& void lh_node_usage_stats(LHASH *table, FILE *out);
\&




\& void lh_stats_bio(LHASH *table, BIO *out);
\& void lh_node_stats_bio(LHASH *table, BIO *out);
\& void lh_node_usage_stats_bio(LHASH *table, BIO *out);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of
accessing the hash table.  This is mostly a legacy of Eric Young
writing this library for the reasons of implementing what looked like
a nice algorithm rather than for a particular software product.















.PP

\&\fIlh_stats()\fR prints out statistics on the size of the hash table, how
many entries are in it, and the number and result of calls to the
routines in this library.
.PP

\&\fIlh_node_stats()\fR prints the number of entries for each 'bucket' in the
hash table.
.PP

\&\fIlh_node_usage_stats()\fR prints out a short summary of the state of the
hash table.  It prints the 'load' and the 'actual load'.  The load is
the average number of data items per 'bucket' in the hash table.  The

\&'actual load' is the average number of items per 'bucket', but only
for buckets which contain entries.  So the 'actual load' is the
average number of searches that will need to find an item in the hash
table, while the 'load' is the average number that will be done to
record a miss.
.PP



\&\fIlh_stats_bio()\fR, \fIlh_node_stats_bio()\fR and \fIlh_node_usage_stats_bio()\fR
are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR.

.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
These functions do not return values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIbio\fR\|(3), \fIlh_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions are available in all versions of SSLeay and OpenSSL.
.PP
This manpage is derived from the SSLeay documentation.

|
>

>
|
<
<
|
|
>
|
>
>
|
|
>
>
|
<
>
>
>
>
|
>
>
>
|
<
|
>
>
>
>
|
<
<
<
|
|
|
|
|
<
|
|
<
<
>
|
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>

<
<
<
>
>
>
>
>
>

>
>
|
|
|
|

|
>
|
<
|
|
|
>
>
>
|
>
|
>
>
>
>
>
|
|
<
<
>
|
|
|
>
>
>
>
>
>
>
|
<
<
>
>
>
>

<
<
<
<
|
>
|
|
>
>
|
>
>
|
|
|
<
|
<
>
>
|
>
>
>
|
>
>
>
>
|
<
>
>
>
>
|
|
|
|
<
<
<
<
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
|
|
|
|
>
|
<
|
>
|
|
|
>
|
|
|
|
|
|
>
>
>
|
|
>
|
<

|
|
|
|
<

|
<
>
1
2
3
4
5


6
7
8
9
10
11
12
13
14
15
16

17
18
19
20
21
22
23
24
25

26
27
28
29
30
31



32
33
34
35
36

37
38


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98


99
100
101
102
103
104
105
106
107
108
109
110


111
112
113
114
115




116
117
118
119
120
121
122
123
124
125
126
127

128

129
130
131
132
133
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148






149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

191
192
193
194
195

196
197

198
.\"	$OpenBSD: lh_stats.3,v 1.5 2016/12/06 12:24:33 schwarze Exp $
.\"	OpenSSL e2f92610 May 18 11:44:05 2016 -0400
.\"
.\" --------------------------------------------------------------------------
.\" Major patches to this file were contributed by


.\" Ulf Moeller <ulf@openssl.org>.
.\" --------------------------------------------------------------------------
.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"

.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"



.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following

.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project


.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" --------------------------------------------------------------------------
.\" Parts of this file are derived from SSLeay documentation,
.\" which is covered by the following Copyright and license:
.\" --------------------------------------------------------------------------
.\"
.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com)
.\" All rights reserved.
.\"
.\" This package is an SSL implementation written
.\" by Eric Young (eay@cryptsoft.com).
.\" The implementation was written so as to conform with Netscapes SSL.
.\"



.\" This library is free for commercial and non-commercial use as long as
.\" the following conditions are aheared to.  The following conditions
.\" apply to all code found in this distribution, be it the RC4, RSA,
.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
.\" included with this distribution is covered by the same copyright terms
.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
.\"
.\" Copyright remains Eric Young's, and as such any Copyright notices in
.\" the code are not to be removed.
.\" If this package is used in a product, Eric Young should be given
.\" attribution as the author of the parts of the library used.
.\" This can be in the form of a textual message at program startup or
.\" in documentation (online or textual) provided with the package.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:

.\" 1. Redistributions of source code must retain the copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"    "This product includes cryptographic software written by
.\"     Eric Young (eay@cryptsoft.com)"
.\"    The word 'cryptographic' can be left out if the rouines from the
.\"    library being used are not cryptographic related :-).
.\" 4. If you include any Windows specific code (or a derivative thereof)
.\"    from the apps directory (application code) you must include an
.\"    acknowledgement: "This product includes software written by
.\"    Tim Hudson (tjh@cryptsoft.com)"
.\"


.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"


.\" The licence and distribution terms for any publically available version or
.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"




.Dd $Mdocdate: December 6 2016 $
.Dt LH_STATS 3
.Os
.Sh NAME
.Nm lh_stats ,
.Nm lh_node_stats ,
.Nm lh_node_usage_stats ,
.Nm lh_stats_bio ,
.Nm lh_node_stats_bio ,
.Nm lh_node_usage_stats_bio
.Nd LHASH statistics
.Sh SYNOPSIS

.In openssl/lhash.h

.Ft void
.Fo lh_stats
.Fa "LHASH *table"
.Fa "FILE *out"
.Fc
.Ft void
.Fo lh_node_stats
.Fa "LHASH *table"
.Fa "FILE *out"
.Fc
.Ft void
.Fo lh_node_usage_stats

.Fa "LHASH *table"
.Fa "FILE *out"
.Fc
.Ft void
.Fo lh_stats_bio
.Fa "LHASH *table"
.Fa "BIO *out"
.Fc






.Ft void
.Fo lh_node_stats_bio
.Fa "LHASH *table"
.Fa "BIO *out"
.Fc
.Ft void
.Fo lh_node_usage_stats_bio
.Fa "LHASH *table"
.Fa "BIO *out"
.Fc
.Sh DESCRIPTION
The
.Vt LHASH
structure records statistics about most aspects of accessing the hash
table.
.Pp
.Fn lh_stats
prints out statistics on the size of the hash table, how many entries
are in it, and the number and result of calls to the routines in this
library.
.Pp
.Fn lh_node_stats
prints the number of entries for each 'bucket' in the hash table.

.Pp
.Fn lh_node_usage_stats
prints out a short summary of the state of the hash table.
It prints the 'load' and the 'actual load'.
The load is the average number of data items per 'bucket' in the hash
table.
The 'actual load' is the average number of items per 'bucket', but only
for buckets which contain entries.
So the 'actual load' is the average number of searches that will need to
find an item in the hash table, while the 'load' is the average number
that will be done to record a miss.
.Pp
.Fn lh_stats_bio ,
.Fn lh_node_stats_bio ,
and
.Fn lh_node_usage_stats_bio
are the same as the above, except that the output goes to a
.Vt BIO .
.Sh RETURN VALUES

These functions do not return values.
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr lh_new 3
.Sh HISTORY

These functions are available in all versions of SSLeay and OpenSSL.
.Sh AUTHORS

.An Eric Young
Deleted jni/libressl/man/rsa.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "rsa 3"
.TH rsa 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
rsa \- RSA public key cryptosystem
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& #include <openssl/rsa.h>
\& #include <openssl/engine.h>
\&
\& RSA * RSA_new(void);
\& void RSA_free(RSA *rsa);
\&
\& int RSA_public_encrypt(int flen, unsigned char *from,
\&    unsigned char *to, RSA *rsa, int padding);
\& int RSA_private_decrypt(int flen, unsigned char *from,
\&    unsigned char *to, RSA *rsa, int padding);
\& int RSA_private_encrypt(int flen, unsigned char *from,
\&    unsigned char *to, RSA *rsa,int padding);
\& int RSA_public_decrypt(int flen, unsigned char *from,
\&    unsigned char *to, RSA *rsa,int padding);
\&
\& int RSA_sign(int type, unsigned char *m, unsigned int m_len,
\&    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
\& int RSA_verify(int type, unsigned char *m, unsigned int m_len,
\&    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
\&
\& int RSA_size(const RSA *rsa);
\&
\& RSA *RSA_generate_key(int num, unsigned long e,
\&    void (*callback)(int,int,void *), void *cb_arg);
\&
\& int RSA_check_key(RSA *rsa);
\&
\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
\& void RSA_blinding_off(RSA *rsa);
\&
\& void RSA_set_default_method(const RSA_METHOD *meth);
\& const RSA_METHOD *RSA_get_default_method(void);
\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
\& const RSA_METHOD *RSA_get_method(const RSA *rsa);
\& RSA_METHOD *RSA_PKCS1_SSLeay(void);
\& RSA_METHOD *RSA_null_method(void);
\& int RSA_flags(const RSA *rsa);
\& RSA *RSA_new_method(ENGINE *engine);
\&
\& int RSA_print(BIO *bp, RSA *x, int offset);
\& int RSA_print_fp(FILE *fp, RSA *x, int offset);
\&
\& int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
\&    int (*dup_func)(), void (*free_func)());
\& int RSA_set_ex_data(RSA *r,int idx,char *arg);
\& char *RSA_get_ex_data(RSA *r, int idx);
\&
\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
\&    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
\&    RSA *rsa);
\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
\&    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
\&    RSA *rsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions implement \s-1RSA\s0 public key encryption and signatures
as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC 2437\s0].
.PP
The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can
contain public as well as private \s-1RSA\s0 keys:
.PP
.Vb 10
\& struct
\&        {
\&        BIGNUM *n;              // public modulus
\&        BIGNUM *e;              // public exponent
\&        BIGNUM *d;              // private exponent
\&        BIGNUM *p;              // secret prime factor
\&        BIGNUM *q;              // secret prime factor
\&        BIGNUM *dmp1;           // d mod (p\-1)
\&        BIGNUM *dmq1;           // d mod (q\-1)
\&        BIGNUM *iqmp;           // q^\-1 mod p
\&        // ...
\&        };
\& RSA
.Ve
.PP
In public keys, the private exponent and the related secret values are
\&\fB\s-1NULL\s0\fR.
.PP
\&\fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR may be \fB\s-1NULL\s0\fR in private
keys, but the \s-1RSA\s0 operations are much faster when these values are
available.
.PP
Note that \s-1RSA\s0 keys may use non-standard \fB\s-1RSA_METHOD\s0\fR implementations,
either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values
will not be used by the implementation or may be used for alternative data
storage. For this reason, applications should generally avoid using \s-1RSA\s0
structure elements directly and instead use \s-1API\s0 functions to query or
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "PATENTS"
.IX Header "PATENTS"
\&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsa\fR\|(1), \fIbn\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3),
\&\fIrand\fR\|(3), \fIengine\fR\|(3), \fIRSA_new\fR\|(3),
\&\fIRSA_public_encrypt\fR\|(3),
\&\fIRSA_sign\fR\|(3), \fIRSA_size\fR\|(3),
\&\fIRSA_generate_key\fR\|(3),
\&\fIRSA_check_key\fR\|(3),
\&\fIRSA_blinding_on\fR\|(3),
\&\fIRSA_set_method\fR\|(3), \fIRSA_print\fR\|(3),
\&\fIRSA_get_ex_new_index\fR\|(3),
\&\fIRSA_private_encrypt\fR\|(3),
\&\fIRSA_sign_ASN1_OCTET_STRING\fR\|(3),
\&\fIRSA_padding_add_PKCS1_type_1\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






































































































































































































































































































































































































Changes to jni/libressl/man/ssl.3.


1




2



3








































4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22


.\"




.\"	$OpenBSD: ssl.3,v 1.3 2015/09/10 18:04:50 schwarze Exp $



.\"








































.Dd $Mdocdate: September 10 2015 $
.Dt SSL 3
.Os
.Sh NAME
.Nm ssl
.Nd OpenSSL SSL/TLS library
.Sh DESCRIPTION
The OpenSSL
.Nm ssl
library implements the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols.
It provides a rich API which is documented here.
.Pp
At first the library must be initialized; see
.Xr SSL_library_init 3 .
.Pp
Then an
.Vt SSL_CTX
object is created as a framework to establish TLS/SSL enabled connections (see
>
>

>
>
>
>
|
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|








<
|
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

62

63
64
65
66
67
68
69
.\"	$OpenBSD: ssl.3,v 1.5 2016/12/16 15:39:08 jmc Exp $
.\"	OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
.\"
.\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
.\" Ben Laurie <ben@openssl.org>, and Ulf Moeller <ulf@openssl.org>.
.\" Copyright (c) 1998-2002, 2005, 2013, 2015 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 16 2016 $
.Dt SSL 3
.Os
.Sh NAME
.Nm ssl
.Nd OpenSSL SSL/TLS library
.Sh DESCRIPTION
The OpenSSL
.Nm ssl

library implements the Transport Layer Security (TLS v1) protocols.

.Pp
At first the library must be initialized; see
.Xr SSL_library_init 3 .
.Pp
Then an
.Vt SSL_CTX
object is created as a framework to establish TLS/SSL enabled connections (see
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

77
78
79
80
81
82
83
84
.Xr SSL_write 3
are used to read and write data on the TLS/SSL connection.
.Xr SSL_shutdown 3
can be used to shut down the TLS/SSL connection.
.Sh DATA STRUCTURES
Currently the OpenSSL
.Nm ssl
library functions deals with the following data structures:
.Bl -tag -width Ds
.It Vt SSL_METHOD No (SSL Method)
That's a dispatch structure describing the internal
.Nm ssl
library methods/functions which implement the various protocol versions
(SSLv1, SSLv2 and TLSv1).
It's needed to create an
.Vt SSL_CTX .



.It Vt SSL_CIPHER No (SSL Cipher)
This structure holds the algorithm information for a particular cipher which
is a core part of the SSL/TLS protocol.
The available ciphers are configured on an
.Vt SSL_CTX
basis and the actually used ones are then part of the
.Vt SSL_SESSION .
.It Vt SSL_CTX No (SSL Context)
That's the global context structure which is created by a server or client
once per program lifetime and which holds mainly default values for the
.Vt SSL
structures which are later created for the connections.
.It Vt SSL_SESSION No (SSL Session)
This is a structure containing the current TLS/SSL session details for a
connection:

.Vt SSL_CIPHER Ns s, client and server certificates, keys, etc.
.It Vt SSL No (SSL Connection)
That's the main SSL/TLS structure which is created by a server or client per
established connection.
This actually is the core structure in the SSL API.
Under run-time the application usually deals with this structure which has
links to mostly all other structures.
.El







|




|
<


>
>
>















>
|







93
94
95
96
97
98
99
100
101
102
103
104
105

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
.Xr SSL_write 3
are used to read and write data on the TLS/SSL connection.
.Xr SSL_shutdown 3
can be used to shut down the TLS/SSL connection.
.Sh DATA STRUCTURES
Currently the OpenSSL
.Nm ssl
library functions deal with the following data structures:
.Bl -tag -width Ds
.It Vt SSL_METHOD No (SSL Method)
That's a dispatch structure describing the internal
.Nm ssl
library methods/functions which implement the various protocol versions.

It's needed to create an
.Vt SSL_CTX .
See
.Xr TLS_method 3
for constructors.
.It Vt SSL_CIPHER No (SSL Cipher)
This structure holds the algorithm information for a particular cipher which
is a core part of the SSL/TLS protocol.
The available ciphers are configured on an
.Vt SSL_CTX
basis and the actually used ones are then part of the
.Vt SSL_SESSION .
.It Vt SSL_CTX No (SSL Context)
That's the global context structure which is created by a server or client
once per program lifetime and which holds mainly default values for the
.Vt SSL
structures which are later created for the connections.
.It Vt SSL_SESSION No (SSL Session)
This is a structure containing the current TLS/SSL session details for a
connection:
.Vt SSL_CIPHER Ns s ,
client and server certificates, keys, etc.
.It Vt SSL No (SSL Connection)
That's the main SSL/TLS structure which is created by a server or client per
established connection.
This actually is the core structure in the SSL API.
Under run-time the application usually deals with this structure which has
links to mostly all other structures.
.El
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260

261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276

1277
1278
1279
1280











































1281





1282



1283



1284

1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311


1312
1313
1314



1315
1316
1317
1318
1319
.Bf Em
Usually you don't have to include it explicitly because it's already included
by
.Pa ssl.h .
.Ef
.El
.Sh API FUNCTIONS
The functions that the OpenSSL
.Nm ssl
library exports are documented below:
.Ss DEALING WITH PROTOCOL METHODS
Here we document the various API functions which deal with the SSL/TLS protocol
methods defined in
.Vt SSL_METHOD
structures.
.Bl -tag -width Ds
.It Xo
.Ft const SSL_METHOD *
.Fn SSLv2_client_method void
.Xc
Constructor for the SSLv2
.Vt SSL_METHOD
structure for a dedicated client.
.It Xo
.Ft const SSL_METHOD *
.Fn SSLv2_server_method void
.Xc
Constructor for the SSLv2
.Vt SSL_METHOD
structure for a dedicated server.
.It Xo
.Ft const SSL_METHOD *
.Fn SSLv2_method void
.Xc
Constructor for the SSLv2
.Vt SSL_METHOD
structure for combined client and server.
.It Xo
.Ft const SSL_METHOD *
.Fn SSLv3_client_method void
.Xc
Constructor for the SSLv3
.Vt SSL_METHOD
structure for a dedicated client.
.It Xo
.Ft const SSL_METHOD *
.Fn SSLv3_server_method void
.Xc
Constructor for the SSLv3
.Vt SSL_METHOD
structure for a dedicated server.
.It Xo
.Ft const SSL_METHOD *
.Fn SSLv3_method void
.Xc
Constructor for the SSLv3
.Vt SSL_METHOD
structure for combined client and server.
.It Xo
.Ft const SSL_METHOD *
.Fn TLSv1_client_method void
.Xc
Constructor for the TLSv1
.Vt SSL_METHOD
structure for a dedicated client.
.It Xo
.Ft const SSL_METHOD *
.Fn TLSv1_server_method void
.Xc
Constructor for the TLSv1
.Vt SSL_METHOD
structure for a dedicated server.
.It Xo
.Ft const SSL_METHOD *
.Fn TLSv1_method void
.Xc
Constructor for the TLSv1
.Vt SSL_METHOD
structure for combined client and server.
.El
.Ss DEALING WITH CIPHERS
Here we document the various API functions which deal with the SSL/TLS ciphers
defined in
.Vt SSL_CIPHER
structures.
.Bl -tag -width Ds
.It Xo
.Ft char *
.Fn SSL_CIPHER_description "SSL_CIPHER *cipher" "char *buf" "int len"
.Xc
Write a string to
.Fa buf
(with a maximum size of
.Fa len )
containing a human readable description of
.Fa cipher .
Returns
.Fa buf .
.It Xo
.Ft int
.Fn SSL_CIPHER_get_bits "SSL_CIPHER *cipher" "int *alg_bits"
.Xc
Determine the number of bits in
.Fa cipher .
Because of export crippled ciphers there are two bits:
the bits the algorithm supports in general (stored to
.Fa alg_bits )
and the bits which are actually used (the return value).
.It Xo
.Ft const char *
.Fn SSL_CIPHER_get_name "SSL_CIPHER *cipher"
.Xc
Return the internal name of
.Fa cipher
as a string.
These are the various strings defined by the
.Dv SSL2_TXT_xxx ,
.Dv SSL3_TXT_xxx
and
.Dv TLS1_TXT_xxx
definitions in the header files.
.It Xo
.Ft char *
.Fn SSL_CIPHER_get_version "SSL_CIPHER *cipher"
.Xc
Returns a string like
Qq TLSv1/SSLv3
or
Qq SSLv2
which indicates the SSL/TLS protocol version to which
.Fa cipher
belongs (i.e., where it was defined in the specification the first time).
.El
.Ss DEALING WITH PROTOCOL CONTEXTS
Here we document the various API functions which deal with the SSL/TLS
protocol context defined in the

.Vt SSL_CTX
structure.
.Bl -tag -width Ds
.It Xo
.Ft int
.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *x"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "char *parg"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_flush_sessions "SSL_CTX *s" "long t"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_free "SSL_CTX *a"
.Xc
.It Xo
.Ft char *
.Fn SSL_CTX_get_app_data "SSL_CTX *ctx"
.Xc
.It Xo
.Ft X509_STORE *
.Fn SSL_CTX_get_cert_store "SSL_CTX *ctx"
.Xc
.It Xo
.Ft STACK *
.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
.Xc
.It Xo
.Ft char *
.Fn SSL_CTX_get_ex_data "const SSL_CTX *s" "int idx"
.Xc
.It Xo
.Ft int
.Fo SSL_CTX_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc
.Xc
.It Xo
.Ft void
.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
.Fa "SSL *ssl"
.Fa "int cb"
.Fa "int ret"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_get_session_cache_mode "SSL_CTX *ctx"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_get_timeout "const SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
.Fa "int ok"
.Fa "X509_STORE_CTX *ctx"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_get_verify_mode "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_load_verify_locations "SSL_CTX *ctx" "char *CAfile" "char *CApath"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
.Xc
.It Xo
.Ft SSL_CTX *
.Fn SSL_CTX_new "const SSL_METHOD *meth"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
.Xc
.It Xo
.Ft SSL_SESSION *
.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
.Fa "SSL *ssl"
.Fa "unsigned char *data"
.Fa "int len"
.Fa "int *copy"
.Fc
.Xc
.It Xo
.Ft int
.Fn "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" "SSL *ssl" "SSL_SESSION *sess"
.Xc
.It Xo
.Ft void
.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
.Fa "SSL_CTX *ctx"
.Fa "SSL_SESSION *sess"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_sess_set_get_cb
.Fa "SSL_CTX *ctx"
.Fa "SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)"
.Fc
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_sess_set_new_cb
.Fa "SSL_CTX *ctx"
.Fa "int (*cb)(SSL *ssl, SSL_SESSION *sess)"
.Fc
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_sess_set_remove_cb
.Fa "SSL_CTX *ctx"
.Fa "void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
.Xc
.It Xo
.Ft LHASH *
.Fn SSL_CTX_sessions "SSL_CTX *ctx"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_app_data "SSL_CTX *ctx" "void *arg"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *cs"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_cert_verify_cb "SSL_CTX *ctx" "int (*cb)()" "char *arg"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "char *str"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK *list"
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_set_client_cert_cb
.Fa "SSL_CTX *ctx"
.Fa "int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
.Fc
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_default_read_ahead "SSL_CTX *ctx" "int m"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_set_default_verify_paths "SSL_CTX *ctx"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_set_ex_data "SSL_CTX *s" "int idx" "char *arg"
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_set_info_callback
.Fa "SSL_CTX *ctx"
.Fa "void (*cb)(SSL *ssl, int cb, int ret)"
.Fc
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_set_msg_callback
.Fa "SSL_CTX *ctx"
.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
size_t len, SSL *ssl, void *arg)"
.Fc
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_options "SSL_CTX *ctx" "unsigned long op"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_session_cache_mode "SSL_CTX *ctx" "int mode"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *meth"
.Xc
.It Xo
.Ft void
.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_set_tmp_dh "SSL_CTX* ctx" "DH *dh"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_set_tmp_dh_callback "SSL_CTX *ctx" "DH *(*cb)(void)"
.Xc
.It Xo
.Ft long
.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
.Xc
.It Xo
.Fn SSL_CTX_set_tmp_rsa_callback
.Xc
.Ft long
.Fo SSL_CTX_set_tmp_rsa_callback
.Fa "SSL_CTX *ctx"
.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
.Fc
.Pp
Sets the callback which will be called when a temporary private key is
required.
The
.Fa export
flag will be set if the reason for needing a temp key is that an export
ciphersuite is in use, in which case,
.Fa keylength
will contain the required keylength in bits.
.\" XXX using what?
Generate a key of appropriate size (using ???) and return it.
.It Xo
.Fn SSL_set_tmp_rsa_callback
.Xc
.Ft long
.Fo SSL_set_tmp_rsa_callback
.Fa "SSL *ssl"
.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
.Fc
.Pp
The same as
.Fn SSL_CTX_set_tmp_rsa_callback ,
except it operates on an
.Vt SSL
session instead of a context.
.It Xo
.Ft void
.Fn SSL_CTX_set_verify "SSL_CTX *ctx" "int mode" "int (*cb)(void)"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
.Xc
.It Xo
.Ft int
.Fo SSL_CTX_use_PrivateKey_ASN1
.Fa "int type"
.Fa "SSL_CTX *ctx"
.Fa "unsigned char *d"
.Fa "long len"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type"
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_set_psk_client_callback
.Fa "SSL_CTX *ctx"
.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
.Xc
.It Xo
.Ft void
.Fo SSL_CTX_set_psk_server_callback
.Fa "SSL_CTX *ctx"
.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
unsigned char *psk, int max_psk_len)"
.Fc
.Xc
.El
.Ss DEALING WITH SESSIONS
Here we document the various API functions which deal with the SSL/TLS sessions
defined in the
.Vt SSL_SESSION
structures.
.Bl -tag -width Ds
.It Xo
.Ft int
.Fn SSL_SESSION_cmp "const SSL_SESSION *a" "const SSL_SESSION *b"
.Xc
.It Xo
.Ft void
.Fn SSL_SESSION_free "SSL_SESSION *ss"
.Xc
.It Xo
.Ft char *
.Fn SSL_SESSION_get_app_data "SSL_SESSION *s"
.Xc
.It Xo
.Ft char *
.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *s" "int idx"
.Xc
.It Xo
.Ft int
.Fo SSL_SESSION_get_ex_new_index
.Fa "long argl"
.Fa "char *argp"
.Fa "int (*new_func)(void)"
.Fa "int (*dup_func)(void), void (*free_func)(void)"
.Fc
.Xc
.It Xo
.Ft long
.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
.Xc
.It Xo
.Ft long
.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
.Xc
.It Xo
.Ft unsigned long
.Fn SSL_SESSION_hash "const SSL_SESSION *a"
.Xc
.It Xo
.Ft SSL_SESSION *
.Fn SSL_SESSION_new void
.Xc
.It Xo
.Ft int
.Fn SSL_SESSION_print "BIO *bp" "const SSL_SESSION *x"
.Xc
.It Xo
.Ft int
.Fn SSL_SESSION_print_fp "FILE *fp" "const SSL_SESSION *x"
.Xc
.It Xo
.Ft void
.Fn SSL_SESSION_set_app_data "SSL_SESSION *s" "char *a"
.Xc
.It Xo
.Ft int
.Fn SSL_SESSION_set_ex_data "SSL_SESSION *s" "int idx" "char *arg"
.Xc
.It Xo
.Ft long
.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long t"
.Xc
.It Xo
.Ft long
.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long t"
.Xc
.El
.Ss DEALING WITH CONNECTIONS
Here we document the various API functions which deal with the SSL/TLS
connection defined in the
.Vt SSL
structure.
.Bl -tag -width Ds
.It Xo
.Ft int
.Fn SSL_accept "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_add_dir_cert_subjects_to_stack "STACK *stack" "const char *dir"
.Xc
.It Xo
.Ft int
.Fn SSL_add_file_cert_subjects_to_stack "STACK *stack" "const char *file"
.Xc
.It Xo
.Ft int
.Fn SSL_add_client_CA "SSL *ssl" "X509 *x"
.Xc
.It Xo
.Ft char *
.Fn SSL_alert_desc_string "int value"
.Xc
.It Xo
.Ft char *
.Fn SSL_alert_desc_string_long "int value"
.Xc
.It Xo
.Ft char *
.Fn SSL_alert_type_string "int value"
.Xc
.It Xo
.Ft char *
.Fn SSL_alert_type_string_long "int value"
.Xc
.It Xo
.Ft int
.Fn SSL_check_private_key "const SSL *ssl"
.Xc
.It Xo
.Ft void
.Fn SSL_clear "SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_clear_num_renegotiations "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_connect "SSL *ssl"
.Xc
.It Xo
.Ft void
.Fn SSL_copy_session_id "SSL *t" "const SSL *f"
.Xc
.It Xo
.Ft long
.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "char *parg"
.Xc
.It Xo
.Ft int
.Fn SSL_do_handshake "SSL *ssl"
.Xc
.It Xo
.Ft SSL *
.Fn SSL_dup "SSL *ssl"
.Xc
.It Xo
.Ft STACK *
.Fn SSL_dup_CA_list "STACK *sk"
.Xc
.It Xo
.Ft void
.Fn SSL_free "SSL *ssl"
.Xc
.It Xo
.Ft SSL_CTX *
.Fn SSL_get_SSL_CTX "const SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_app_data "SSL *ssl"
.Xc
.It Xo
.Ft X509 *
.Fn SSL_get_certificate "const SSL *ssl"
.Xc
.It Xo
.Ft const char *
.Fn SSL_get_cipher "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_get_cipher_bits "const SSL *ssl" "int *alg_bits"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_cipher_list "const SSL *ssl" "int n"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_cipher_name "const SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_cipher_version "const SSL *ssl"
.Xc
.It Xo
.Ft STACK *
.Fn SSL_get_ciphers "const SSL *ssl"
.Xc
.It Xo
.Ft STACK *
.Fn SSL_get_client_CA_list "const SSL *ssl"
.Xc
.It Xo
.Ft SSL_CIPHER *
.Fn SSL_get_current_cipher "SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_get_default_timeout "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_get_error "const SSL *ssl" "int i"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
.Xc
.It Xo
.Ft int
.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
.Xc
.It Xo
.Ft int
.Fo SSL_get_ex_new_index
.Fa "long argl"
.Fa "char *argp"
.Fa "int (*new_func)(void)"
.Fa "int (*dup_func)(void)"
.Fa "void (*free_func)(void)"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_get_fd "const SSL *ssl"
.Xc
.It Xo
.Ft void
.Fn "(*SSL_get_info_callback(const SSL *ssl))"
.Xc
.It Xo
.Ft STACK *
.Fn SSL_get_peer_cert_chain "const SSL *ssl"
.Xc
.It Xo
.Ft X509 *
.Fn SSL_get_peer_certificate "const SSL *ssl"
.Xc
.It Xo
.Ft EVP_PKEY *
.Fn SSL_get_privatekey "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_get_quiet_shutdown "const SSL *ssl"
.Xc
.It Xo
.Ft BIO *
.Fn SSL_get_rbio "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_get_read_ahead "const SSL *ssl"
.Xc
.It Xo
.Ft SSL_SESSION *
.Fn SSL_get_session "const SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_shared_ciphers "const SSL *ssl" "char *buf" "int len"
.Xc
.It Xo
.Ft int
.Fn SSL_get_shutdown "const SSL *ssl"
.Xc
.It Xo
.Ft const SSL_METHOD *
.Fn SSL_get_ssl_method "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_get_state "const SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_get_time "const SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_get_timeout "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn "(*SSL_get_verify_callback(const SSL *ssl))" int "X509_STORE_CTX *"
.Xc
.It Xo
.Ft int
.Fn SSL_get_verify_mode "const SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_get_verify_result "const SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_get_version "const SSL *ssl"
.Xc
.It Xo
.Ft BIO *
.Fn SSL_get_wbio "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_in_accept_init "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_in_before "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_in_connect_init "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_in_init "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_is_init_finished "SSL *ssl"
.Xc
.It Xo
.Ft STACK *
.Fn SSL_load_client_CA_file "char *file"
.Xc
.It Xo
.Ft void
.Fn SSL_load_error_strings "void"
.Xc
.It Xo
.Ft SSL *
.Fn SSL_new "SSL_CTX *ctx"
.Xc
.It Xo
.Ft long
.Fn SSL_num_renegotiations "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
.Xc
.It Xo
.Ft int
.Fn SSL_pending "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_read "SSL *ssl" "void *buf" "int num"
.Xc
.It Xo
.Ft int
.Fn SSL_renegotiate "SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_rstate_string "SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_rstate_string_long "SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_session_reused "SSL *ssl"
.Xc
.It Xo
.Ft void
.Fn SSL_set_accept_state "SSL *ssl"
.Xc
.It Xo
.Ft void
.Fn SSL_set_app_data "SSL *ssl" "char *arg"
.Xc
.It Xo
.Ft void
.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
.Xc
.It Xo
.Ft int
.Fn SSL_set_cipher_list "SSL *ssl" "char *str"
.Xc
.It Xo
.Ft void
.Fn SSL_set_client_CA_list "SSL *ssl" "STACK *list"
.Xc
.It Xo
.Ft void
.Fn SSL_set_connect_state "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_set_ex_data "SSL *ssl" "int idx" "char *arg"
.Xc
.It Xo
.Ft int
.Fn SSL_set_fd "SSL *ssl" "int fd"
.Xc
.It Xo
.Ft void
.Fn SSL_set_info_callback "SSL *ssl" "void (*cb)(void)"
.Xc
.It Xo
.Ft void
.Fo SSL_set_msg_callback
.Fa "SSL *ctx"
.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
size_t len, SSL *ssl, void *arg)"
.Fc
.Xc
.It Xo
.Ft void
.Fn SSL_set_msg_callback_arg "SSL *ctx" "void *arg"
.Xc
.It Xo
.Ft void
.Fn SSL_set_options "SSL *ssl" "unsigned long op"
.Xc
.It Xo
.Ft void
.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
.Xc
.It Xo
.Ft void
.Fn SSL_set_read_ahead "SSL *ssl" "int yes"
.Xc
.It Xo
.Ft int
.Fn SSL_set_rfd "SSL *ssl" "int fd"
.Xc
.It Xo
.Ft int
.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
.Xc
.It Xo
.Ft void
.Fn SSL_set_shutdown "SSL *ssl" "int mode"
.Xc
.It Xo
.Ft int
.Fn SSL_set_ssl_method "SSL *ssl" "const SSL_METHOD *meth"
.Xc
.It Xo
.Ft void
.Fn SSL_set_time "SSL *ssl" "long t"
.Xc
.It Xo
.Ft void
.Fn SSL_set_timeout "SSL *ssl" "long t"
.Xc
.It Xo
.Ft void
.Fn SSL_set_verify "SSL *ssl" "int mode" "int (*callback)(void)"
.Xc
.It Xo
.Ft void
.Fn SSL_set_verify_result "SSL *ssl" "long arg"
.Xc
.It Xo
.Ft int
.Fn SSL_set_wfd "SSL *ssl" "int fd"
.Xc
.It Xo
.Ft int
.Fn SSL_shutdown "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_state "const SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_state_string "const SSL *ssl"
.Xc
.It Xo
.Ft char *
.Fn SSL_state_string_long "const SSL *ssl"
.Xc
.It Xo
.Ft long
.Fn SSL_total_renegotiations "SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
.Xc
.It Xo
.Ft int
.Fn SSL_use_PrivateKey_ASN1 "int type" "SSL *ssl" "unsigned char *d" "long len"
.Xc
.It Xo
.Ft int
.Fn SSL_use_PrivateKey_file "SSL *ssl" "char *file" "int type"
.Xc
.It Xo
.Ft int
.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
.Xc
.It Xo
.Ft int
.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
.Xc
.It Xo
.Ft int
.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "char *file" "int type"
.Xc
.It Xo
.Ft int
.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
.Xc
.It Xo
.Ft int
.Fn SSL_use_certificate_ASN1 "SSL *ssl" "int len" "unsigned char *d"
.Xc
.It Xo
.Ft int
.Fn SSL_use_certificate_file "SSL *ssl" "char *file" "int type"
.Xc
.It Xo
.Ft int
.Fn SSL_version "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_want "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_want_nothing "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_want_read "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_want_write "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_want_x509_lookup "const SSL *ssl"
.Xc
.It Xo
.Ft int
.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
.Xc
.It Xo
.Ft void
.Fo SSL_set_psk_client_callback
.Fa "SSL *ssl"
.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
.Fc
.Xc
.It Xo
.Ft int
.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
.Xc
.It Xo
.Ft void
.Fo SSL_set_psk_server_callback
.Fa "SSL *ssl"
.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
unsigned char *psk, int max_psk_len)"
.Fc
.Xc
.It Xo
.Ft const char *
.Fn SSL_get_psk_identity_hint "SSL *ssl"
.Xc
.It Xo
.Ft const char *
.Fn SSL_get_psk_identity "SSL *ssl"
.Xc
.El
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr crypto 3 ,
.Xr d2i_SSL_SESSION 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_alert_type_string 3 ,
.Xr SSL_CIPHER_get_name 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_COMP_add_compression_method 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_add_extra_chain_cert 3 ,
.Xr SSL_CTX_add_session 3 ,
.Xr SSL_CTX_ctrl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,
.Xr SSL_CTX_get_ex_new_index 3 ,
.Xr SSL_CTX_get_verify_mode 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_CTX_sess_number 3 ,
.Xr SSL_CTX_sess_set_cache_size 3 ,
.Xr SSL_CTX_sess_set_get_cb 3 ,
.Xr SSL_CTX_sessions 3 ,
.Xr SSL_CTX_set_cert_store 3 ,
.Xr SSL_CTX_set_cert_verify_callback 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_set_default_passwd_cb 3 ,
.Xr SSL_CTX_set_generate_session_id 3 ,
.Xr SSL_CTX_set_info_callback 3 ,
.Xr SSL_CTX_set_max_cert_list 3 ,
.Xr SSL_CTX_set_mode 3 ,
.Xr SSL_CTX_set_msg_callback 3 ,
.Xr SSL_CTX_set_options 3 ,
.Xr SSL_CTX_set_psk_client_callback 3 ,
.Xr SSL_CTX_set_quiet_shutdown 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_CTX_set_session_id_context 3 ,
.Xr SSL_CTX_set_ssl_version 3 ,
.Xr SSL_CTX_set_timeout 3 ,

.Xr SSL_CTX_set_tmp_dh_callback 3 ,
.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_CTX_use_certificate 3 ,











































.Xr SSL_CTX_use_psk_identity_hint 3 ,





.Xr SSL_do_handshake 3 ,



.Xr SSL_get_ciphers 3 ,



.Xr SSL_get_client_CA_list 3 ,

.Xr SSL_get_default_timeout 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
.Xr SSL_get_ex_new_index 3 ,
.Xr SSL_get_fd 3 ,
.Xr SSL_get_peer_cert_chain 3 ,
.Xr SSL_get_psk_identity 3 ,
.Xr SSL_get_rbio 3 ,
.Xr SSL_get_session 3 ,
.Xr SSL_get_SSL_CTX 3 ,
.Xr SSL_get_verify_result 3 ,
.Xr SSL_get_version 3 ,
.Xr SSL_library_init 3 ,
.Xr SSL_load_client_CA_file 3 ,
.Xr SSL_new 3 ,
.Xr SSL_pending 3 ,
.Xr SSL_read 3 ,
.Xr SSL_rstate_string 3 ,
.Xr SSL_SESSION_free 3 ,
.Xr SSL_SESSION_get_ex_new_index 3 ,
.Xr SSL_SESSION_get_time 3 ,
.Xr SSL_session_reused 3 ,
.Xr SSL_set_bio 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_set_fd 3 ,
.Xr SSL_set_session 3 ,
.Xr SSL_set_shutdown 3 ,


.Xr SSL_shutdown 3 ,
.Xr SSL_state_string 3 ,
.Xr SSL_want 3 ,



.Xr SSL_write 3
.Sh HISTORY
The
.Nm
document appeared in OpenSSL 0.9.2.







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<

|
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
|
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
>

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<


<


<
<


|












|
|


|
|
>




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>

>
>
>
|
>
>
>
|
>






|

|
|


<
<
|

<

<
<
<

|
<
|
|
|
>
>
|
|
|
>
>
>
|




175
176
177
178
179
180
181









































































182
183

184
185










186







187






188
























189
190
191






















































































































































































































































































































































































































192




































































193
194


















195


















196






































197







































198


















































































































































































































199



200







































































201








































































































202

203
204

205
206


207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303


304
305

306



307
308

309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
.Bf Em
Usually you don't have to include it explicitly because it's already included
by
.Pa ssl.h .
.Ef
.El
.Sh API FUNCTIONS









































































.Ss Ciphers
The following pages describe functions acting on

.Vt SSL_CIPHER
objects:










.Xr SSL_get_ciphers 3 ,







.Xr SSL_get_current_cipher 3 ,






.Xr SSL_CIPHER_get_name 3
























.Ss Protocol contexts
The following pages describe functions acting on
.Vt SSL_CTX






















































































































































































































































































































































































































objects.




































































Many of these pages also document variants providing similar
functionality for individual connection objects.


















.Pp


















Constructors and destructors:






































.Xr SSL_CTX_new 3 ,







































.Xr SSL_CTX_set_ssl_version 3 ,


















































































































































































































.Xr SSL_CTX_free 3



.Pp







































































Configuration functions:








































































































.Xr SSL_CTX_add_extra_chain_cert 3 ,

.Xr SSL_CTX_ctrl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,

.Xr SSL_CTX_get_verify_mode 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,


.Xr SSL_CTX_sess_set_cache_size 3 ,
.Xr SSL_CTX_sess_set_get_cb 3 ,
.Xr SSL_CTX_set_alpn_select_cb 3 ,
.Xr SSL_CTX_set_cert_store 3 ,
.Xr SSL_CTX_set_cert_verify_callback 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_set_default_passwd_cb 3 ,
.Xr SSL_CTX_set_generate_session_id 3 ,
.Xr SSL_CTX_set_info_callback 3 ,
.Xr SSL_CTX_set_max_cert_list 3 ,
.Xr SSL_CTX_set_mode 3 ,
.Xr SSL_CTX_set_msg_callback 3 ,
.Xr SSL_CTX_set_options 3 ,
.Xr SSL_CTX_set_quiet_shutdown 3 ,
.Xr SSL_CTX_set_read_ahead 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_CTX_set_session_id_context 3 ,
.Xr SSL_CTX_set_timeout 3 ,
.Xr SSL_CTX_set_tlsext_status_cb 3 ,
.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
.Xr SSL_CTX_set_tmp_dh_callback 3 ,
.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_CTX_use_certificate 3 ,
.Xr SSL_set1_param 3 ,
.Xr SSL_set_max_send_fragment 3
.Pp
Accessors:
.Xr SSL_CTX_get_ex_new_index 3 ,
.Xr SSL_CTX_sess_number 3 ,
.Xr SSL_CTX_sessions 3 ,
.Xr SSL_get_client_CA_list 3
.Ss Sessions
The following pages describe functions acting on
.Vt SSL_SESSION
objects.
.Pp
Constructors and destructors:
.Xr SSL_SESSION_new 3 ,
.Xr SSL_SESSION_free 3
.Pp
Accessors:
.Xr SSL_SESSION_get_ex_new_index 3 ,
.Xr SSL_SESSION_get_time 3
.Pp
Encoding and decoding:
.Xr d2i_SSL_SESSION 3 ,
.Xr PEM_read_SSL_SESSION 3 ,
.Xr SSL_SESSION_print 3
.Pp
Use by other objects:
.Xr SSL_CTX_add_session 3 ,
.Xr SSL_set_session 3 ,
.Xr SSL_get_session 3
.Ss Connections
The following pages describe functions acting on
.Vt SSL
connection objects:
.Pp
Constructors and destructors:
.Xr SSL_new 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_dup 3 ,
.Xr SSL_set_bio 3 ,
.Xr SSL_set_fd 3 ,
.Xr BIO_f_ssl 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_free 3
.Pp
I/O:
.Xr DTLSv1_listen 3 ,
.Xr SSL_accept 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_do_handshake 3 ,
.Xr SSL_read 3 ,
.Xr SSL_renegotiate 3 ,
.Xr SSL_shutdown 3 ,
.Xr SSL_write 3
.Pp
Accessors:
.Xr SSL_copy_session_id 3 ,
.Xr SSL_get_SSL_CTX 3 ,
.Xr SSL_get_certificate 3 ,
.Xr SSL_get_default_timeout 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
.Xr SSL_get_ex_new_index 3 ,
.Xr SSL_get_fd 3 ,
.Xr SSL_get_peer_cert_chain 3 ,
.Xr SSL_get_peer_certificate 3 ,
.Xr SSL_get_rbio 3 ,
.Xr SSL_get_shared_ciphers 3 ,
.Xr SSL_get_state 3 ,
.Xr SSL_get_verify_result 3 ,
.Xr SSL_get_version 3 ,


.Xr SSL_num_renegotiations 3 ,
.Xr SSL_pending 3 ,

.Xr SSL_rstate_string 3 ,



.Xr SSL_session_reused 3 ,
.Xr SSL_set_shutdown 3 ,

.Xr SSL_set_verify_result 3 ,
.Xr SSL_state_string 3 ,
.Xr SSL_want 3
.Pp
Utility functions:
.Xr SSL_alert_type_string 3 ,
.Xr SSL_dup_CA_list 3 ,
.Xr SSL_load_client_CA_file 3
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr crypto 3 ,
.Xr SSL_load_error_strings 3
.Sh HISTORY
The
.Nm
document appeared in OpenSSL 0.9.2.
Added jni/libressl/man/tls_accept_socket.3.






















































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
.\" $OpenBSD: tls_accept_socket.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $
.\"
.\" Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 28 2017 $
.Dt TLS_ACCEPT_SOCKET 3
.Os
.Sh NAME
.Nm tls_accept_socket ,
.Nm tls_accept_fds ,
.Nm tls_accept_cbs
.Nd accept an incoming client connection in a TLS server
.Sh SYNOPSIS
.In tls.h
.Ft int
.Fo tls_accept_socket
.Fa "struct tls *tls"
.Fa "struct tls **cctx"
.Fa "int socket"
.Fc
.Ft int
.Fo tls_accept_fds
.Fa "struct tls *tls"
.Fa "struct tls **cctx"
.Fa "int fd_read"
.Fa "int fd_write"
.Fc
.Ft int
.Fo tls_accept_cbs
.Fa "struct tls *tls"
.Fa "struct tls **cctx"
.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
 void *buf, size_t buflen, void *cb_arg)"
.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
 const void *buf, size_t buflen, void *cb_arg)"
.Fa "void *cb_arg"
.Fc
.Sh DESCRIPTION
After creating a TLS server context
.Fa tls
with
.Xr tls_server 3
and configuring it with
.Xr tls_configure 3 ,
a server can accept a new client connection by calling
.Fn tls_accept_socket
on an already established socket connection.
.Pp
Alternatively, a new client connection can be accepted over a pair of existing
file descriptors by calling
.Fn tls_accept_fds .
.Pp
Calling
.Fn tls_accept_cbs
allows read and write callback functions to handle data transfers.
The specified
.Fa cb_arg
parameter is passed back to the functions,
and can contain a pointer to any caller-specified data.
.Pp
All these functions create a new context suitable for reading and writing
and return it in
.Fa *cctx .
.Sh RETURN VALUES
These functions return 0 on success or -1 on error.
.Sh SEE ALSO
.Xr tls_close 3 ,
.Xr tls_config_set_session_id 3 ,
.Xr tls_configure 3 ,
.Xr tls_connect 3 ,
.Xr tls_init 3 ,
.Xr tls_server 3
.Sh HISTORY
.Fn tls_accept_socket
appeared in
.Ox 5.6
and got its final name in
.Ox 5.7 .
.Pp
.Fn tls_accept_fds
appeared in
.Ox 5.8
and
.Fn tls_accept_cbs
in
.Ox 6.1 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
.Pp
.An -nosplit
.Fn tls_accept_cbs
was written by
.An Tobias Pape Aq Mt tobias@netshed.de .
Added jni/libressl/man/tls_client.3.




























































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
.\" $OpenBSD: tls_client.3,v 1.2 2017/01/28 00:59:36 schwarze Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 28 2017 $
.Dt TLS_CLIENT 3
.Os
.Sh NAME
.Nm tls_client ,
.Nm tls_server ,
.Nm tls_configure ,
.Nm tls_free
.Nd configure a TLS connection
.Sh SYNOPSIS
.In tls.h
.Ft struct tls *
.Fn tls_client void
.Ft struct tls *
.Fn tls_server void
.Ft int
.Fo tls_configure
.Fa "struct tls *ctx"
.Fa "struct tls_config *config"
.Fc
.Ft void
.Fn tls_free "struct tls *ctx"
.Sh DESCRIPTION
A TLS connection is represented as a
.Vt struct tls
object called a
.Dq context .
A new context is created by either the
.Fn tls_client
or
.Fn tls_server
functions.
.Fn tls_client
is used in TLS client programs,
.Fn tls_server
in TLS server programs.
.Pp
The context can then be configured with the function
.Fn tls_configure .
The same
.Vt tls_config
object can be used to configure multiple contexts.
.Pp
After configuration,
.Xr tls_connect 3
can be called on objects created with
.Fn tls_client ,
and
.Xr tls_accept_socket 3
on objects created with
.Fn tls_server .
.Pp
After use, a TLS context should be closed with
.Xr tls_close 3 ,
and then freed by calling
.Fn tls_free .
.Sh RETURN VALUES
.Fn tls_client
and
.Fn tls_server
return
.Dv NULL
on error or an out of memory condition.
.Pp
.Fn tls_configure
returns 0 on success or -1 on error.
.Sh SEE ALSO
.Xr tls_accept_socket 3 ,
.Xr tls_config_new 3 ,
.Xr tls_connect 3 ,
.Xr tls_init 3
.Sh HISTORY
These functions appeared in
.Ox 5.6
and got their final names in
.Ox 5.7 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
Added jni/libressl/man/tls_config_ocsp_require_stapling.3.
















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.5 2017/01/31 20:53:50 jmc Exp $
.\"
.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 31 2017 $
.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3
.Os
.Sh NAME
.Nm tls_config_ocsp_require_stapling
.Nd OCSP configuration for libtls
.Sh SYNOPSIS
.In tls.h
.Ft void
.Fn tls_config_ocsp_require_stapling "struct tls_config *config"
.Sh DESCRIPTION
.Fn tls_config_ocsp_require_stapling
requires that a valid stapled OCSP response be provided
during the TLS handshake.
.Sh SEE ALSO
.Xr tls_config_add_keypair_file 3 ,
.Xr tls_handshake 3 ,
.Xr tls_init 3 ,
.Xr tls_ocsp_process_response 3
.Sh HISTORY
These functions appeared in
.Ox 6.1 .
.Sh AUTHORS
.An Bob Beck Aq Mt beck@openbsd.org
Added jni/libressl/man/tls_config_set_protocols.3.






































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
.\" $OpenBSD: tls_config_set_protocols.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org>
.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 28 2017 $
.Dt TLS_CONFIG_SET_PROTOCOLS 3
.Os
.Sh NAME
.Nm tls_config_set_protocols ,
.Nm tls_config_parse_protocols ,
.Nm tls_config_set_alpn ,
.Nm tls_config_set_ciphers ,
.Nm tls_config_set_dheparams ,
.Nm tls_config_set_ecdhecurve ,
.Nm tls_config_prefer_ciphers_client ,
.Nm tls_config_prefer_ciphers_server
.Nd TLS protocol and cipher selection
.Sh SYNOPSIS
.In tls.h
.Ft int
.Fo tls_config_set_protocols
.Fa "struct tls_config *config"
.Fa "uint32_t protocols"
.Fc
.Ft int
.Fo tls_config_parse_protocols
.Fa "uint32_t *protocols"
.Fa "const char *protostr"
.Fc
.Ft int
.Fo tls_config_set_alpn
.Fa "struct tls_config *config"
.Fa "const char *alpn"
.Fc
.Ft int
.Fo tls_config_set_ciphers
.Fa "struct tls_config *config"
.Fa "const char *ciphers"
.Fc
.Ft int
.Fo tls_config_set_dheparams
.Fa "struct tls_config *config"
.Fa "const char *params"
.Fc
.Ft int
.Fo tls_config_set_ecdhecurve
.Fa "struct tls_config *config"
.Fa "const char *name"
.Fc
.Ft void
.Fn tls_config_prefer_ciphers_client "struct tls_config *config"
.Ft void
.Fn tls_config_prefer_ciphers_server "struct tls_config *config"
.Sh DESCRIPTION
These functions modify a configuration by setting parameters.
The configuration options apply to both clients and servers, unless noted
otherwise.
.Pp
.Fn tls_config_set_protocols
specifies which versions of the TLS protocol may be used.
Possible values are the bitwise OR of:
.Pp
.Bl -tag -width "TLS_PROTOCOL_TLSv1_2" -offset indent -compact
.It Dv TLS_PROTOCOL_TLSv1_0
.It Dv TLS_PROTOCOL_TLSv1_1
.It Dv TLS_PROTOCOL_TLSv1_2
.El
.Pp
Additionally, the values
.Dv TLS_PROTOCOL_TLSv1
(TLSv1.0, TLSv1.1 and TLSv1.2),
.Dv TLS_PROTOCOLS_ALL
(all supported protocols) and
.Dv TLS_PROTOCOLS_DEFAULT
(TLSv1.2 only) may be used.
.Pp
The
.Fn tls_config_parse_protocols
utility function parses a protocol string and returns the corresponding
value via the
.Ar protocols
argument.
This value can then be passed to the
.Fn tls_config_set_protocols
function.
The protocol string is a comma or colon separated list of keywords.
Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, all (all supported protocols),
default (an alias for secure), legacy (an alias for all) and secure (currently
TLSv1.2 only).
If a value has a negative prefix (in the form of a leading exclamation mark)
then it is removed from the list of available protocols, rather than being
added to it.
.Pp
.Fn tls_config_set_alpn
sets the ALPN protocols that are supported.
The alpn string is a comma separated list of protocols, in order of preference.
.Pp
.Fn tls_config_set_ciphers
sets the list of ciphers that may be used.
Lists of ciphers are specified by name, and the
permitted names are:
.Pp
.Bl -tag -width "insecure" -offset indent -compact
.It Dv "secure" (or alias "default")
.It Dv "compat"
.It Dv "legacy"
.It Dv "insecure" (or alias "all")
.El
.Pp
Alternatively, libssl cipher strings can be specified.
See the CIPHERS section of
.Xr openssl 1
for further information.
.\" XXX tls_config_set_dheparams does what?
.\" XXX tls_config_set_ecdhecurve does what?
.Pp
.Fn tls_config_prefer_ciphers_client
prefers ciphers in the client's cipher list when selecting a cipher suite
(server only).
This is considered to be less secure than preferring the server's list.
.Pp
.Fn tls_config_prefer_ciphers_server
prefers ciphers in the server's cipher list when selecting a cipher suite
(server only).
This is considered to be more secure than preferring the client's list and is
the default.
.Sh RETURN VALUES
These functions return 0 on success or -1 on error.
.Sh SEE ALSO
.Xr tls_config_ocsp_require_stapling 3 ,
.Xr tls_config_set_session_id 3 ,
.Xr tls_config_verify 3 ,
.Xr tls_init 3 ,
.Xr tls_load_file 3
.Sh HISTORY
.Fn tls_config_set_ciphers
appeared in
.Ox 5.6
and got its final name in
.Ox 5.7 .
.Pp
.Fn tls_config_set_protocols ,
.Fn tls_config_parse_protocols ,
.Fn tls_config_set_dheparams ,
and
.Fn tls_config_set_ecdhecurve
appeared in
.Ox 5.7 ,
.Fn tls_config_prefer_ciphers_client
and
.Fn tls_config_prefer_ciphers_server
in
.Ox 5.9 ,
and
.Fn tls_config_set_alpn
in
.Ox 6.1 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
with contributions from
.An Ted Unangst Aq Mt tedu@openbsd.org
.Pq Fn tls_config_set_ciphers
and
.An Reyk Floeter Aq Mt reyk@openbsd.org
.Pq Fn tls_config_set_ecdhecurve
Added jni/libressl/man/tls_config_set_session_id.3.






















































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
.\" $OpenBSD: tls_config_set_session_id.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $
.\"
.\" Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 28 2017 $
.Dt TLS_CONFIG_SET_SESSION_ID 3
.Os
.Sh NAME
.Nm tls_config_set_session_id ,
.Nm tls_config_set_session_lifetime ,
.Nm tls_config_add_ticket_key
.Nd configure resuming of TLS handshakes
.Sh SYNOPSIS
.In tls.h
.Ft int
.Fo tls_config_set_session_id
.Fa "struct tls_config *config"
.Fa "const unsigned char *session_id"
.Fa "size_t len"
.Fc
.Ft int
.Fo tls_config_set_session_lifetime
.Fa "struct tls_config *config"
.Fa "int lifetime"
.Fc
.Ft int
.Fo tls_config_add_ticket_key
.Fa "struct tls_config *config"
.Fa "uint32_t keyrev"
.Fa "unsigned char *key"
.Fa "size_t keylen"
.Fc
.Sh DESCRIPTION
.Fn tls_config_set_session_id
sets the session identifier that will be used by the TLS server when
sessions are enabled.
By default a random value is used.
.Pp
.Fn tls_config_set_session_lifetime
sets the lifetime to be used for TLS sessions.
Session support is disabled if a lifetime of zero is specified, which is the
default.
.Pp
.Fn tls_config_add_ticket_key
adds a key used for the encryption and authentication of TLS tickets.
By default keys are generated and rotated automatically based on their lifetime.
This function should only be used to synchronise ticket encryption key across
multiple processes.
Re-adding a known key will result in an error, unless it is the most recently
added key.
.Sh RETURN VALUES
These functions return 0 on success or -1 on error.
.Sh SEE ALSO
.Xr tls_accept_socket 3 ,
.Xr tls_config_set_protocols 3 ,
.Xr tls_init 3 ,
.Xr tls_load_file 3 ,
.Xr tls_server 3
.Sh HISTORY
These functions appeared in
.Ox 6.1 .
.Sh AUTHORS
.An Claudio Jeker Aq Mt claudio@openbsd.org
Added jni/libressl/man/tls_config_verify.3.






























































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
.\" $OpenBSD: tls_config_verify.3,v 1.4 2017/03/02 11:05:50 jmc Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: March 2 2017 $
.Dt TLS_CONFIG_VERIFY 3
.Os
.Sh NAME
.Nm tls_config_verify ,
.Nm tls_config_insecure_noverifycert ,
.Nm tls_config_insecure_noverifyname ,
.Nm tls_config_insecure_noverifytime
.Nd insecure TLS configuration
.Sh SYNOPSIS
.In tls.h
.Ft void
.Fn tls_config_verify "struct tls_config *config"
.Ft void
.Fn tls_config_insecure_noverifycert "struct tls_config *config"
.Ft void
.Fn tls_config_insecure_noverifyname "struct tls_config *config"
.Ft void
.Fn tls_config_insecure_noverifytime "struct tls_config *config"
.Sh DESCRIPTION
These functions disable parts of the normal certificate verification
process, resulting in insecure configurations.
Be very careful when using them.
.Pp
.Fn tls_config_insecure_noverifycert
disables certificate verification and OCSP validation.
.Pp
.Fn tls_config_insecure_noverifyname
disables server name verification (client only).
.Pp
.Fn tls_config_insecure_noverifytime
disables validity checking of certificates and OCSP validation.
.Pp
.Fn tls_config_verify
reenables server name and certificate verification.
.Sh SEE ALSO
.Xr tls_client 3 ,
.Xr tls_config_ocsp_require_stapling 3 ,
.Xr tls_config_set_protocols 3 ,
.Xr tls_conn_version 3 ,
.Xr tls_connect 3 ,
.Xr tls_handshake 3 ,
.Xr tls_init 3
.Sh HISTORY
.Fn tls_config_verify
appeared in
.Ox 5.6
and got its final name in
.Ox 5.7 .
.Pp
.Fn tls_config_insecure_noverifycert
and
.Fn tls_config_insecure_noverifyname
appeared in
.Ox 5.7
and
.Nm tls_config_insecure_noverifytime
in
.Ox 5.9 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
.An Ted Unangst Aq Mt tedu@openbsd.org
Added jni/libressl/man/tls_conn_version.3.


































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
.\" $OpenBSD: tls_conn_version.3,v 1.4 2017/01/28 00:59:36 schwarze Exp $
.\"
.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
.\" Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 28 2017 $
.Dt TLS_CONN_VERSION 3
.Os
.Sh NAME
.Nm tls_conn_version ,
.Nm tls_conn_cipher ,
.Nm tls_conn_alpn_selected ,
.Nm tls_conn_servername ,
.Nm tls_peer_cert_provided ,
.Nm tls_peer_cert_contains_name ,
.Nm tls_peer_cert_issuer ,
.Nm tls_peer_cert_subject ,
.Nm tls_peer_cert_hash ,
.Nm tls_peer_cert_notbefore ,
.Nm tls_peer_cert_notafter
.Nd inspect an established TLS connection
.Sh SYNOPSIS
.In tls.h
.Ft const char *
.Fn tls_conn_version "struct tls *ctx"
.Ft const char *
.Fn tls_conn_cipher "struct tls *ctx"
.Ft const char *
.Fn tls_conn_alpn_selected "struct tls *ctx"
.Ft const char *
.Fn tls_conn_servername "struct tls *ctx"
.Ft int
.Fn tls_peer_cert_provided "struct tls *ctx"
.Ft int
.Fo tls_peer_cert_contains_name
.Fa "struct tls *ctx"
.Fa "const char *name"
.Fc
.Ft const char *
.Fn tls_peer_cert_issuer "struct tls *ctx"
.Ft const char *
.Fn tls_peer_cert_subject "struct tls *ctx"
.Ft const char *
.Fn tls_peer_cert_hash "struct tls *ctx"
.Ft time_t
.Fn tls_peer_cert_notbefore "struct tls *ctx"
.Ft time_t
.Fn tls_peer_cert_notafter "struct tls *ctx"
.Sh DESCRIPTION
These functions return information about a TLS connection and will only
succeed after the handshake is complete (the connection information applies
to both clients and servers, unless noted otherwise):
.Pp
.Fn tls_conn_version
returns a string corresponding to a TLS version negotiated with the peer
connected to
.Ar ctx .
.Pp
.Fn tls_conn_cipher
returns a string corresponding to the cipher suite negotiated with the peer
connected to
.Ar ctx .
.Pp
.Fn tls_conn_alpn_selected
returns a string that specifies the ALPN protocol selected for use with the peer
connected to
.Ar ctx .
If no protocol was selected then NULL is returned.
.Pp
.Fn tls_conn_servername
returns a string corresponding to the servername that the client connected to
.Ar ctx
requested by sending a TLS Server Name Indication extension (server only).
.Pp
.Fn tls_peer_cert_provided
checks if the peer of
.Ar ctx
has provided a certificate.
.Pp
.Fn tls_peer_cert_contains_name
checks if the peer of a TLS
.Ar ctx
has provided a certificate that contains a
SAN or CN that matches
.Ar name .
.Pp
.Fn tls_peer_cert_subject
returns a string
corresponding to the subject of the peer certificate from
.Ar ctx .
.Pp
.Fn tls_peer_cert_issuer
returns a string
corresponding to the issuer of the peer certificate from
.Ar ctx .
.Pp
.Fn tls_peer_cert_hash
returns a string
corresponding to a hash of the raw peer certificate from
.Ar ctx
prefixed by a hash name followed by a colon.
The hash currently used is SHA256, though this
could change in the future.
The hash string for a certificate in file
.Ar mycert.crt
can be generated using the commands:
.Bd -literal -offset indent
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\\n"
.Ed
.Pp
.Fn tls_peer_cert_notbefore
returns the time corresponding to the start of the validity period of
the peer certificate from
.Ar ctx .
.Pp
.Fn tls_peer_cert_notafter
returns the time corresponding to the end of the validity period of
the peer certificate from
.Ar ctx .
.Pp
POINTER TO
.Xr tls_ocsp_process_response 3
.Sh RETURN VALUES
The
.Fn tls_peer_cert_provided
and
.Fn tls_peer_cert_contains_name
functions return 1 if the check succeeds or 0 if it does not.
.Pp
.Fn tls_peer_cert_notbefore
and
.Fn tls_peer_cert_notafter
return a time in epoch-seconds on success or -1 on error.
.Pp
The functions that return a pointer return
.Dv NULL
on error or an out of memory condition.
.Sh SEE ALSO
.Xr tls_configure 3 ,
.Xr tls_handshake 3 ,
.Xr tls_init 3 ,
.Xr tls_ocsp_process_response 3
.Sh HISTORY
.Fn tls_conn_version ,
.Fn tls_conn_cipher ,
.Fn tls_peer_cert_provided ,
.Fn tls_peer_cert_contains_name ,
.Fn tls_peer_cert_issuer ,
.Fn tls_peer_cert_subject ,
.Fn tls_peer_cert_hash ,
.Fn tls_peer_cert_notbefore ,
and
.Fn tls_peer_cert_notafter
appeared in
.Ox 5.9 .
.Pp
.Fn tls_conn_servername
and
.Fn tls_conn_alpn_selected
appeared in
.Ox 6.1 .
.Sh AUTHORS
.An Bob Beck Aq Mt beck@openbsd.org
.An Joel Sing Aq Mt jsing@openbsd.org
Added jni/libressl/man/tls_connect.3.




























































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
.\" $OpenBSD: tls_connect.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 28 2017 $
.Dt TLS_CONNECT 3
.Os
.Sh NAME
.Nm tls_connect ,
.Nm tls_connect_fds ,
.Nm tls_connect_servername ,
.Nm tls_connect_socket ,
.Nm tls_connect_cbs
.Nd instruct a TLS client to establish a connection
.Sh SYNOPSIS
.In tls.h
.Ft int
.Fo tls_connect
.Fa "struct tls *ctx"
.Fa "const char *host"
.Fa "const char *port"
.Fc
.Ft int
.Fo tls_connect_fds
.Fa "struct tls *ctx"
.Fa "int fd_read"
.Fa "int fd_write"
.Fa "const char *servername"
.Fc
.Ft int
.Fo tls_connect_servername
.Fa "struct tls *ctx"
.Fa "const char *host"
.Fa "const char *port"
.Fa "const char *servername"
.Fc
.Ft int
.Fo tls_connect_socket
.Fa "struct tls *ctx"
.Fa "int s"
.Fa "const char *servername"
.Fc
.Ft int
.Fo tls_connect_cbs
.Fa "struct tls *ctx"
.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
 void *buf, size_t buflen, void *cb_arg)"
.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
 const void *buf, size_t buflen, void *cb_arg)"
.Fa "void *cb_arg"
.Fa "const char *servername"
.Fc
.Sh DESCRIPTION
After creating a TLS client context with
.Xr tls_client 3
and configuring it with
.Xr tls_configure 3 ,
a client connection is initiated by calling
.Fn tls_connect .
This function will create a new socket, connect to the specified
.Fa host
and
.Fa port ,
and then establish a secure connection.
The
.Fa port
may be numeric or a service name.
If it is
.Dv NULL ,
then a
.Fa host
of the format "hostname:port" is permitted.
.Pp
The
.Fn tls_connect_servername
function has the same behaviour, however the name to use for verification is
explicitly provided, rather than being inferred from the
.Ar host
value.
.Pp
An already existing socket can be upgraded to a secure connection by calling
.Fn tls_connect_socket .
.Pp
Alternatively, a secure connection can be established over a pair of existing
file descriptors by calling
.Fn tls_connect_fds .
.Pp
Calling
.Fn tls_connect_cbs
allows read and write callback functions to handle data transfers.
The specified cb_arg parameter is passed back to the functions,
and can contain a pointer to any caller-specified data.
.Sh RETURN VALUES
These functions return 0 on success or -1 on error.
.Sh SEE ALSO
.Xr tls_accept_socket 3 ,
.Xr tls_client 3 ,
.Xr tls_close 3 ,
.Xr tls_config_ocsp_require_stapling 3 ,
.Xr tls_configure 3 ,
.Xr tls_handshake 3 ,
.Xr tls_init 3
.Sh HISTORY
.Fn tls_connect
and
.Fn tls_connect_socket
appeared in
.Ox 5.6
and got their final names in
.Ox 5.7 .
.Pp
.Fn tls_connect_fds
and
.Fn tls_connect_servername
appeared in
.Ox 5.7
and
.Fn tls_connect_cbs
in
.Ox 6.1 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
.An Reyk Floeter Aq Mt reyk@openbsd.org
.Pp
.An -nosplit
.Fn tls_connect_cbs
was written by
.An Tobias Pape Aq Mt tobias@netshed.de .
Changes to jni/libressl/man/tls_init.3.
1
2
3


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194

195
196
197
198
199
200
201
202
203





204

205
206
207

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407


408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527

528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580

581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
































.\" $OpenBSD: tls_init.3,v 1.61 2016/05/27 11:25:57 sthen Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>


.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: May 27 2016 $
.Dt TLS_INIT 3
.Os
.Sh NAME
.Nm tls_init ,
.Nm tls_config_error ,
.Nm tls_error ,
.Nm tls_config_new ,
.Nm tls_config_free ,
.Nm tls_config_parse_protocols ,
.Nm tls_config_set_ca_file ,
.Nm tls_config_set_ca_path ,
.Nm tls_config_set_ca_mem ,
.Nm tls_config_set_cert_file ,
.Nm tls_config_set_cert_mem ,
.Nm tls_config_set_ciphers ,
.Nm tls_config_set_dheparams ,
.Nm tls_config_set_ecdhecurve ,
.Nm tls_config_set_key_file ,
.Nm tls_config_set_key_mem ,
.Nm tls_config_set_keypair_file ,
.Nm tls_config_set_keypair_mem ,
.Nm tls_config_set_protocols ,
.Nm tls_config_set_verify_depth ,
.Nm tls_config_prefer_ciphers_client ,
.Nm tls_config_prefer_ciphers_server ,
.Nm tls_config_clear_keys ,
.Nm tls_config_insecure_noverifycert ,
.Nm tls_config_insecure_noverifyname ,
.Nm tls_config_insecure_noverifytime ,
.Nm tls_config_verify ,
.Nm tls_config_verify_client ,
.Nm tls_config_verify_client_optional ,
.Nm tls_peer_cert_provided ,
.Nm tls_peer_cert_contains_name ,
.Nm tls_peer_cert_issuer ,
.Nm tls_peer_cert_subject ,
.Nm tls_peer_cert_hash ,
.Nm tls_peer_cert_notbefore ,
.Nm tls_peer_cert_notafter ,
.Nm tls_conn_version ,
.Nm tls_conn_cipher ,
.Nm tls_load_file ,
.Nm tls_client ,
.Nm tls_server ,
.Nm tls_configure ,
.Nm tls_reset ,
.Nm tls_free ,
.Nm tls_connect ,
.Nm tls_connect_fds ,
.Nm tls_connect_servername ,
.Nm tls_connect_socket ,
.Nm tls_accept_fds ,
.Nm tls_accept_socket ,
.Nm tls_handshake ,
.Nm tls_read ,
.Nm tls_write ,
.Nm tls_close
.Nd TLS client and server API
.Sh SYNOPSIS
.In tls.h
.Ft "int"
.Fn tls_init "void"
.Ft "const char *"
.Fn tls_config_error "struct tls_config *config"
.Ft "const char *"
.Fn tls_error "struct tls *ctx"
.Ft "struct tls_config *"
.Fn tls_config_new "void"
.Ft "void"
.Fn tls_config_free "struct tls_config *config"
.Ft "int"
.Fn tls_config_parse_protocols "uint32_t *protocols" "const char *protostr"
.Ft "int"
.Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file"
.Ft "int"
.Fn tls_config_set_ca_path "struct tls_config *config" "const char *ca_path"
.Ft "int"
.Fn tls_config_set_ca_mem "struct tls_config *config" "const uint8_t *cert" "size_t len"
.Ft "int"
.Fn tls_config_set_cert_file "struct tls_config *config" "const char *cert_file"
.Ft "int"
.Fn tls_config_set_cert_mem "struct tls_config *config" "const uint8_t *cert" "size_t len"
.Ft "int"
.Fn tls_config_set_ciphers "struct tls_config *config" "const char *ciphers"
.Ft "int"
.Fn tls_config_set_dheparams "struct tls_config *config" "const char *params"
.Ft "int"
.Fn tls_config_set_ecdhecurve "struct tls_config *config" "const char *name"
.Ft "int"
.Fn tls_config_set_key_file "struct tls_config *config" "const char *key_file"
.Ft "int"
.Fn tls_config_set_key_mem "struct tls_config *config" "const uint8_t *key" "size_t len"
.Ft "int"
.Fn tls_config_set_keypair_file "struct tls_config *config" "const char *cert_file" "const char *key_file"
.Ft "int"
.Fn tls_config_set_keypair_mem "struct tls_config *config" "const uint8_t *cert" "size_t cert_len" "const uint8_t *key" "size_t key_len"
.Ft "void"
.Fn tls_config_set_protocols "struct tls_config *config" "uint32_t protocols"
.Ft "void"
.Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth"
.Ft "void"
.Fn tls_config_prefer_ciphers_client "struct tls_config *config"
.Ft "void"
.Fn tls_config_prefer_ciphers_server "struct tls_config *config"
.Ft "void"
.Fn tls_config_clear_keys "struct tls_config *config"
.Ft "void"
.Fn tls_config_insecure_noverifycert "struct tls_config *config"
.Ft "void"
.Fn tls_config_insecure_noverifyname "struct tls_config *config"
.Ft "void"
.Fn tls_config_insecure_noverifytime "struct tls_config *config"
.Ft "void"
.Fn tls_config_verify "struct tls_config *config"
.Ft "void"
.Fn tls_config_verify_client "struct tls_config *config"
.Ft "void"
.Fn tls_config_verify_client_optional "struct tls_config *config"
.Ft "int"
.Fn tls_peer_cert_provided "struct tls *ctx"
.Ft "int"
.Fn tls_peer_cert_contains_name "struct tls *ctx" "const char *name"
.Ft "const char *"
.Fn tls_peer_cert_issuer "struct tls *ctx"
.Ft "const char *"
.Fn tls_peer_cert_subject "struct tls *ctx"
.Ft "const char *"
.Fn tls_peer_cert_hash "struct tls *ctx"
.Ft "time_t"
.Fn tls_peer_cert_notbefore "struct tls *ctx"
.Ft "time_t"
.Fn tls_peer_cert_notafter "struct tls *ctx"
.Ft "const char *"
.Fn tls_conn_version "struct tls *ctx"
.Ft "const char *"
.Fn tls_conn_cipher "struct tls *ctx"
.Ft "uint8_t *"
.Fn tls_load_file "const char *file" "size_t *len" "char *password"
.Ft "struct tls *"
.Fn tls_client void
.Ft "struct tls *"
.Fn tls_server void
.Ft "int"
.Fn tls_configure "struct tls *ctx" "struct tls_config *config"
.Ft "void"
.Fn tls_reset "struct tls *ctx"
.Ft "void"
.Fn tls_free "struct tls *ctx"
.Ft "int"
.Fn tls_connect "struct tls *ctx" "const char *host" "const char *port"
.Ft "int"
.Fn tls_connect_fds "struct tls *ctx" "int fd_read" "int fd_write" "const char *servername"
.Ft "int"
.Fn tls_connect_servername "struct tls *ctx" "const char *host" "const char *port" "const char *servername"
.Ft "int"
.Fn tls_connect_socket "struct tls *ctx" "int s" "const char *servername"
.Ft "int"
.Fn tls_accept_fds "struct tls *tls" "struct tls **cctx" "int fd_read" "int fd_write"
.Ft "int"
.Fn tls_accept_socket "struct tls *tls" "struct tls **cctx" "int socket"
.Ft "int"
.Fn tls_handshake "struct tls *ctx"
.Ft "ssize_t"
.Fn tls_read "struct tls *ctx" "void *buf" "size_t buflen"
.Ft "ssize_t"
.Fn tls_write "struct tls *ctx" "const void *buf" "size_t buflen"
.Ft "int"
.Fn tls_close "struct tls *ctx"
.Sh DESCRIPTION
The
.Nm tls
family of functions establishes a secure communications channel
using the TLS socket protocol.
Both clients and servers are supported.
.Pp
The
.Fn tls_init

function should be called once before any function is used.
It may be called more than once, but not concurrently.
.Pp
Before a connection is created, a configuration must be created.
The
.Fn tls_config_new
function returns a new default configuration that can be used for future
connections.
Several functions exist to change the options of the configuration; see below.





.Pp

A TLS connection is represented as a
.Em context .
A new

.Em context
is created by either the
.Fn tls_client
or
.Fn tls_server
functions.
The context can then be configured with the function
.Fn tls_configure .
The same
.Em tls_config
object can be used to configure multiple contexts.
.Pp
A client connection is initiated after configuration by calling
.Fn tls_connect .
This function will create a new socket, connect to the specified host and
port, and then establish a secure connection.
The
.Fn tls_connect_servername
function has the same behaviour, however the name to use for verification is
explicitly provided, rather than being inferred from the
.Ar host
value.
An already existing socket can be upgraded to a secure connection by calling
.Fn tls_connect_socket .
Alternatively, a secure connection can be established over a pair of existing
file descriptors by calling
.Fn tls_connect_fds .
.Pp
A server can accept a new client connection by calling
.Fn tls_accept_socket
on an already established socket connection.
Alternatively, a new client connection can be accepted over a pair of existing
file descriptors by calling
.Fn tls_accept_fds .
.Pp
The TLS handshake can be completed by calling
.Fn tls_handshake .
Two functions are provided for input and output,
.Fn tls_read
and
.Fn tls_write .
Both of these functions will result in the TLS handshake being performed if it
has not already completed.
.Pp
After use, a TLS
.Em context
should be closed with
.Fn tls_close ,
and then freed by calling
.Fn tls_free .
When no more contexts are to be created, the
.Em tls_config
object should be freed by calling
.Fn tls_config_free .
.Sh FUNCTIONS
The
.Fn tls_init
function initializes global data structures.
It should be called once before any other functions.
.Pp
The following functions create and free configuration objects.
.Bl -bullet -offset four
.It
.Fn tls_config_new
allocates a new default configuration object.
.It
.Fn tls_config_free
frees a configuration object.
.El
.Pp
The
.Fn tls_config_parse_protocols
function parses a protocol string and returns the corresponding value via the
.Ar protocols
argument.
This value can then be passed to the
.Fn tls_config_set_protocols
function.
The protocol string is a comma or colon separated list of keywords.
Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, all (all supported protocols),
default (an alias for secure), legacy (an alias for all) and secure (currently
TLSv1.2 only).
If a value has a negative prefix (in the form of a leading exclamation mark)
then it is removed from the list of available protocols, rather than being
added to it.
.Pp
The following functions modify a configuration by setting parameters.
Configuration options may apply to only clients or only servers or both.
.Bl -bullet -offset four
.It
.Fn tls_config_set_ca_file
sets the filename used to load a file
containing the root certificates.
.Em (Client and Server)
.It
.Fn tls_config_set_ca_path
sets the path (directory) which should be searched for root
certificates.
.Em (Client and Server)
.It
.Fn tls_config_set_ca_mem
sets the root certificates directly from memory.
.Em (Client and Server)
.It
.Fn tls_config_set_cert_file
sets file from which the public certificate will be read.
.Em (Client and server)
.It
.Fn tls_config_set_cert_mem
sets the public certificate directly from memory.
.Em (Client and server)
.It
.Fn tls_config_set_ciphers
sets the list of ciphers that may be used.
Lists of ciphers are specified by name, and the
permitted names are:
.Pp
.Bl -tag -width "insecure" -offset indent -compact
.It Dv "secure" (or alias "default")
.It Dv "compat"
.It Dv "legacy"
.It Dv "insecure" (or alias "all")
.El
.Pp
Alternatively, libssl cipher strings can be specified.
See the CIPHERS section of
.Xr openssl 1
for further information.
.Pp
.Em (Client and server)
.It
.Fn tls_config_set_key_file
sets the file from which the private key will be read.
.Em (Client and server)
.It
.Fn tls_config_set_key_mem
directly sets the private key from memory.
.Em (Client and server)
.It
.Fn tls_config_set_keypair_file
sets the files from which the public certificate and private key will be read.
.Em (Client and server)
.It
.Fn tls_config_set_keypair_mem
directly sets the public certificate and private key from memory.
.Em (Client and server)
.It
.Fn tls_config_set_protocols
sets which versions of the protocol may be used.
Possible values are the bitwise OR of:
.Pp
.Bl -tag -width "TLS_PROTOCOL_TLSv1_2" -offset indent -compact
.It Dv TLS_PROTOCOL_TLSv1_0
.It Dv TLS_PROTOCOL_TLSv1_1
.It Dv TLS_PROTOCOL_TLSv1_2
.El
.Pp
Additionally, the values
.Dv TLS_PROTOCOL_TLSv1
(TLSv1.0, TLSv1.1 and TLSv1.2),
.Dv TLS_PROTOCOLS_ALL
(all supported protocols) and
.Dv TLS_PROTOCOLS_DEFAULT
(TLSv1.2 only) may be used.
.Em (Client and server)
.It
.Fn tls_config_prefer_ciphers_client
prefers ciphers in the client's cipher list when selecting a cipher suite.
This is considered to be less secure than preferring the server's list.
.Em (Server)
.It
.Fn tls_config_prefer_ciphers_server
prefers ciphers in the server's cipher list when selecting a cipher suite.
This is considered to be more secure than preferring the client's list and is
the default.
.Em (Server)
.It
.Fn tls_config_clear_keys
clears any secret keys from memory.
.Em (Server)
.It
.Fn tls_config_insecure_noverifycert
disables certificate verification.
Be extremely careful when using this option.
.Em (Client and server)
.It
.Fn tls_config_insecure_noverifyname
disables server name verification.
Be careful when using this option.
.Em (Client)
.It
.Fn tls_config_insecure_noverifytime
disables validity checking of certificates.
Be careful when using this option.
.Em (Client and server)
.It
.Fn tls_config_verify
reenables server name and certificate verification.
.Em (Client)
.It


.Fn tls_config_verify_client
enables client certificate verification, requiring the client to send
a certificate.
.Em (Server)
.It
.Fn tls_config_verify_client_optional
enables client certificate verification, without requiring the client
to send a certificate.
.Em (Server)
.It
.Fn tls_peer_cert_provided
checks if the peer of
.Ar ctx
has provided a certificate.
.Fn tls_peer_cert_provided
can only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_peer_cert_contains_name
checks if the peer of a TLS
.Ar ctx
has provided a certificate that contains a
SAN or CN that matches
.Ar name .
.Fn tls_peer_cert_contains_name
can only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_peer_cert_subject
returns a string
corresponding to the subject of the peer certificate from
.Ar ctx .
.Fn tls_peer_cert_subject
will only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_peer_cert_issuer
returns a string
corresponding to the issuer of the peer certificate from
.Ar ctx .
.Fn tls_peer_cert_issuer
will only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_peer_cert_hash
returns a string
corresponding to a hash of the raw peer certificate from
.Ar ctx
prefixed by a hash name followed by a colon.
The hash currently used is SHA256, though this
could change in the future.
The hash string for a certificate in file
.Ar mycert.crt
can be generated using the commands:
.Bd -literal -offset indent
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\\n"
.Ed
.It
.Fn tls_peer_cert_notbefore
returns the time corresponding to the start of the validity period of
the peer certificate from
.Ar ctx .
.Fn tls_peer_cert_notbefore
will only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_peer_cert_notafter
returns the time corresponding to the end of the validity period of
the peer certificate from
.Ar ctx .
.Fn tls_peer_cert_notafter
will only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_conn_version
returns a string
corresponding to a TLS version negotiated with the peer
connected to
.Ar ctx .
.Fn tls_conn_version
will only succeed after the handshake is complete.
.It
.Fn tls_conn_cipher
returns a string
corresponding to the cipher suite negotiated with the peer
connected to
.Ar ctx .
.Fn tls_conn_cipher
will only succeed after the handshake is complete.
.Em (Server and client)
.It
.Fn tls_load_file
loads a certificate or key from disk into memory to be loaded with
.Fn tls_config_set_ca_mem ,
.Fn tls_config_set_cert_mem
or
.Fn tls_config_set_key_mem .
A private key will be decrypted if the optional
.Ar password
argument is specified.
.Em (Client and server)
.El
.Pp
The following functions create, prepare, and free a connection context.
.Bl -bullet -offset four
.It
.Fn tls_client
creates a new TLS context for client connections.
.It
.Fn tls_server
creates a new TLS context for server connections.
.It
.Fn tls_configure
readies a TLS context for use by applying the configuration
options.
.It
.Fn tls_free
frees a TLS context after use.
.El

.Pp
The following functions initiate a connection and perform input and output
operations.
.Bl -bullet -offset four
.It
.Fn tls_connect
connects a client context to the server named by
.Fa host .
The
.Fa port
may be numeric or a service name.
If it is NULL then a host of the format "hostname:port" is permitted.
.It
.Fn tls_connect_fds
connects a client context to a pair of existing file descriptors.
.It
.Fn tls_connect_socket
connects a client context to an already established socket connection.
.It
.Fn tls_accept_fds
creates a new context suitable for reading and writing on an existing pair of
file descriptors and returns it in
.Fa *cctx .
A configured server context should be passed in
.Fa ctx .
.It
.Fn tls_accept_socket
creates a new context suitable for reading and writing on an already
established socket connection and returns it in
.Fa *cctx .
A configured server context should be passed in
.Fa ctx .
.It
.Fn tls_handshake
performs the TLS handshake.
It is only necessary to call this function if you need to guarantee that the
handshake has completed, as both
.Fn tls_read
and
.Fn tls_write
will perform the TLS handshake if necessary.
.It
.Fn tls_read
reads
.Fa buflen
bytes of data from the socket into
.Fa buf .
It returns the amount of data read.
.It
.Fn tls_write
writes
.Fa buflen
bytes of data from

.Fa buf
to the socket.
It returns the amount of data written.
.It
.Fn tls_close
closes a connection after use.
Only the TLS layer will be shut down and the caller is responsible for closing
the file descriptors, unless the connection was established using
.Fn tls_connect
or
.Fn tls_connect_servername .
.El
.Sh RETURN VALUES
The
.Fn tls_peer_cert_provided
and
.Fn tls_peer_cert_contains_name
functions return 1 if the check succeeds, and 0 if it does not.
Functions that return a
.Vt time_t
will return a time in epoch-seconds on success, and -1 on error.
Functions that return a
.Vt ssize_t
will return a size on success, and -1 on error.
All other functions that return
.Vt int
will return 0 on success and -1 on error.
Functions that return a pointer will return NULL on error, which indicates an
out of memory condition.
.Pp
The
.Fn tls_handshake ,
.Fn tls_read ,
.Fn tls_write ,
and
.Fn tls_close
functions have two special return values:
.Pp
.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact
.It Dv TLS_WANT_POLLIN
The underlying read file descriptor needs to be readable in order to continue.
.It Dv TLS_WANT_POLLOUT
The underlying write file descriptor needs to be writeable in order to continue.
.El
.Pp
In the case of blocking file descriptors, the same function call should be
repeated immediately.
In the case of non-blocking file descriptors, the same function call should be
repeated when the required condition has been met.
.Pp
Callers of these functions cannot rely on the value of the global
.Ar errno .
To prevent mishandling of error conditions,
.Fn tls_handshake ,
.Fn tls_read ,
.Fn tls_write ,
and
.Fn tls_close
all explicitly clear
.Ar errno .
.Sh EXAMPLES
The following example demonstrates how to handle TLS writes on a blocking
file descriptor:
.Bd -literal -offset indent
\&...
while (len > 0) {
	ssize_t ret;

	ret = tls_write(ctx, buf, len);
	if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
		continue;
	if (ret < 0)
		err(1, "tls_write: %s", tls_error(ctx));
	buf += ret;
	len -= ret;
}
\&...
.Ed
.Pp
The following example demonstrates how to handle TLS writes on a
non-blocking file descriptor using
.Xr poll 2 :
.Bd -literal -offset indent
\&...
pfd[0].fd = fd;
pfd[0].events = POLLIN|POLLOUT;
while (len > 0) {
	nready = poll(pfd, 1, 0);
	if (nready == -1)
		err(1, "poll");
	if ((pfd[0].revents & (POLLERR|POLLNVAL)))
		errx(1, "bad fd %d", pfd[0].fd);
	if ((pfd[0].revents & (pfd[0].events|POLLHUP))) {
		ssize_t ret;

		ret = tls_write(ctx, buf, len);
		if (ret == TLS_WANT_POLLIN)
			pfd[0].events = POLLIN;
		else if (ret == TLS_WANT_POLLOUT)
			pfd[0].events = POLLOUT;
		else if (ret < 0)
			err(1, "tls_write: %s", tls_error(ctx));
		else {
			buf += ret;
			len -= ret;
		}
	}
}
\&...
.Ed
.Sh ERRORS
The
.Fn tls_config_error
and
.Fn tls_error
functions may be used to retrieve a string containing more information
about the most recent error relating to a configuration or context.
.\" .Sh SEE ALSO
.Sh HISTORY
The
.Nm tls
API first appeared in
.Ox 5.6
as a response to the unnecessary challenges other APIs present in
order to use them safely.
































|


>
>













|




<
<


<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|


|
|
<
<
<
<
|
|
|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<









>
|





|
|
|
>
>
>
>
>

>
|
|
<
>
|
|
|

|
<
|
|
<
<
<


|
<
<
<
<
<
<
<
<
<
<
<
<
<
<

|

<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
|
<
|
<
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<

<
<
<
<
<
<
<
|
<
<
<
|
<
<
|
<
|
<
|
<
<

<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
|
<
<
|
>
>
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
<
<
<
<
<
<
<
<
|
<
<
<
|
<
|
>

<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
|
|
>
|
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
|
<
|
<
<
<
<
<
<
<
<
|
<
<
<
<
|
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23


24
25

26















































27
28
29
30
31




32
33
34
35




















































36




















37
























38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

66
67
68
69
70
71

72
73



74
75
76














77
78
79



80










































81












82


83

84

85


86

























87

88







89



90


91

92

93


94







95


















96
















97

98


99
100
101
102
























































103

























104
105


















106









107



108

109
110
111




112















113



114

















115







116
117
118
119











120



















121


122































123
124

125

126








127




128







129



















130



131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
.\" $OpenBSD: tls_init.3,v 1.5 2017/02/20 16:01:15 jmc Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: February 20 2017 $
.Dt TLS_INIT 3
.Os
.Sh NAME
.Nm tls_init ,


.Nm tls_config_new ,
.Nm tls_config_free ,

.Nm tls_config_error















































.Nd initialize TLS client and server API
.Sh SYNOPSIS
.In tls.h
.Ft int
.Fn tls_init void




.Ft struct tls_config *
.Fn tls_config_new void
.Ft void
.Fn tls_config_free "struct tls_config *config"




















































.Ft const char *




















.Fn tls_config_error "struct tls_config *config"
























.Sh DESCRIPTION
The
.Nm tls
family of functions establishes a secure communications channel
using the TLS socket protocol.
Both clients and servers are supported.
.Pp
The
.Fn tls_init
function initializes global data structures.
It should be called once before any other functions.
It may be called more than once, but not concurrently.
.Pp
Before a connection is created, a configuration must be created.
The
.Fn tls_config_new
function allocates, initializes, and returns a new default configuration
object that can be used for future connections.
Several functions exist to change the options of the configuration; see
.Xr tls_config_set_protocols 3 ,
.Xr tls_load_file 3 ,
.Xr tls_config_ocsp_require_stapling 3 ,
and
.Xr tls_config_verify 3 .
.Pp
The
.Fn tls_config_error
function may be used to retrieve a string containing more information

about the most recent error relating to a configuration.
.Pp
A TLS connection object is created by
.Xr tls_client 3
or
.Xr tls_server 3

and configured with
.Xr tls_configure 3 .



.Pp
A client connection is initiated after configuration by calling
.Xr tls_connect 3 .














A server can accept a new client connection by calling
.Xr tls_accept_socket 3
on an already established socket connection.



.Pp










































Two functions are provided for input and output,












.Xr tls_read 3


and

.Xr tls_write 3 .

Both automatically perform the


.Xr tls_handshake 3

























when needed.

.Pp







The properties of established TLS connections



can be inspected with the functions described in


.Xr tls_conn_version 3

and

.Xr tls_ocsp_process_response 3 .


.Pp







After use, a TLS connection should be closed with


















.Xr tls_close 3
















and then freed by calling

.Xr tls_free 3 .


.Pp
When no more contexts are to be created,
the configuration object should be freed by calling
.Fn tls_config_free .
























































.Sh RETURN VALUES

























.Fn tls_init
returns 0 on success or -1 on error.


















.Pp









.Fn tls_config_new



returns

.Dv NULL
on error or an out of memory condition.
.Pp




.Fn tls_config_error















returns



.Dv NULL

















if no error occurred with







.Fa config
at all, or if memory allocation failed while trying to assemble the
string describing the most recent error related to
.Fa config .











.Sh SEE ALSO



















.Xr tls_accept_socket 3 ,


.Xr tls_client 3 ,































.Xr tls_config_ocsp_require_stapling 3 ,
.Xr tls_config_set_protocols 3 ,

.Xr tls_config_verify 3 ,

.Xr tls_conn_version 3 ,








.Xr tls_connect 3 ,




.Xr tls_load_file 3 ,







.Xr tls_ocsp_process_response 3 ,



















.Xr tls_read 3



.Sh HISTORY
The
.Nm tls
API first appeared in
.Ox 5.6
as a response to the unnecessary challenges other APIs present in
order to use them safely.
.Pp
All functions were renamed from
.Fn ressl_*
to
.Fn tls_*
for
.Ox 5.7 .
.Pp
.Fn tls_config_error
appeared in
.Ox 6.0 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
.An Ted Unangst Aq Mt tedu@openbsd.org
.Pp
Many others contributed to various parts of the library; see the
individual manual pages for more information.
.Sh CAVEATS
The function
.Fn tls_config_error
returns an internal pointer.
It must not be freed by the application, or a double free error
will occur.
The pointer will become invalid when the next error occurs with
.Fa config .
Consequently, if the application may need the message at a later
time, it has to copy the string before calling the next
.Sy libtls
function involving
.Fa config ,
or a segmentation fault or read access to unintended data is the
likely result.
Added jni/libressl/man/tls_load_file.3.














































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
.\" $OpenBSD: tls_load_file.3,v 1.5 2017/01/31 20:53:50 jmc Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
.\" Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 31 2017 $
.Dt TLS_LOAD_FILE 3
.Os
.Sh NAME
.Nm tls_load_file ,
.Nm tls_config_set_ca_file ,
.Nm tls_config_set_ca_path ,
.Nm tls_config_set_ca_mem ,
.Nm tls_config_set_cert_file ,
.Nm tls_config_set_cert_mem ,
.Nm tls_config_set_key_file ,
.Nm tls_config_set_key_mem ,
.Nm tls_config_set_ocsp_staple_mem ,
.Nm tls_config_set_ocsp_staple_file ,
.Nm tls_config_set_keypair_file ,
.Nm tls_config_set_keypair_mem ,
.Nm tls_config_set_keypair_ocsp_file ,
.Nm tls_config_set_keypair_ocsp_mem ,
.Nm tls_config_add_keypair_file ,
.Nm tls_config_add_keypair_ocsp_mem ,
.Nm tls_config_add_keypair_ocsp_file ,
.Nm tls_config_add_keypair_mem ,
.Nm tls_config_clear_keys ,
.Nm tls_config_set_verify_depth ,
.Nm tls_config_verify_client ,
.Nm tls_config_verify_client_optional
.Nd TLS certificate and key configuration
.Sh SYNOPSIS
.In tls.h
.Ft uint8_t *
.Fo tls_load_file
.Fa "const char *file"
.Fa "size_t *len"
.Fa "char *password"
.Fc
.Ft int
.Fo tls_config_set_ca_file
.Fa "struct tls_config *config"
.Fa "const char *ca_file"
.Fc
.Ft int
.Fo tls_config_set_ca_path
.Fa "struct tls_config *config"
.Fa "const char *ca_path"
.Fc
.Ft int
.Fo tls_config_set_ca_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *cert"
.Fa "size_t len"
.Fc
.Ft int
.Fo tls_config_set_cert_file
.Fa "struct tls_config *config"
.Fa "const char *cert_file"
.Fc
.Ft int
.Fo tls_config_set_cert_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *cert"
.Fa "size_t len"
.Fc
.Ft int
.Fo tls_config_set_key_file
.Fa "struct tls_config *config"
.Fa "const char *key_file"
.Fc
.Ft int
.Fo tls_config_set_key_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *key"
.Fa "size_t len"
.Fc
.Ft int
.Fo tls_config_set_ocsp_staple_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *staple"
.Fa "size_t len"
.Fc
.Ft int
.Fo tls_config_set_ocsp_staple_file
.Fa "struct tls_config *config"
.Fa "const uint8_t *staple_file"
.Fc
.Ft int
.Fo tls_config_set_keypair_file
.Fa "struct tls_config *config"
.Fa "const char *cert_file"
.Fa "const char *key_file"
.Fc
.Ft int
.Fo tls_config_set_keypair_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *cert"
.Fa "size_t cert_len"
.Fa "const uint8_t *key"
.Fa "size_t key_len"
.Fc
.Ft int
.Fo tls_config_set_keypair_ocsp_file
.Fa "struct tls_config *config"
.Fa "const char *cert_file"
.Fa "const char *key_file"
.Fa "const char *staple_file"
.Fc
.Ft int
.Fo tls_config_set_keypair_ocsp_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *cert"
.Fa "size_t cert_len"
.Fa "const uint8_t *key"
.Fa "size_t key_len"
.Fa "const uint8_t *staple"
.Fa "size_t staple_len"
.Fc
.Ft int
.Fo tls_config_add_keypair_file
.Fa "struct tls_config *config"
.Fa "const char *cert_file"
.Fa "const char *key_file"
.Fc
.Ft int
.Fo tls_config_add_keypair_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *cert"
.Fa "size_t cert_len"
.Fa "const uint8_t *key"
.Fa "size_t key_len"
.Fc
.Ft int
.Fo tls_config_add_keypair_ocsp_file
.Fa "struct tls_config *config"
.Fa "const char *cert_file"
.Fa "const char *key_file"
.Fa "const char *staple_file"
.Fc
.Ft int
.Fo tls_config_add_keypair_ocsp_mem
.Fa "struct tls_config *config"
.Fa "const uint8_t *cert"
.Fa "size_t cert_len"
.Fa "const uint8_t *key"
.Fa "size_t key_len"
.Fa "const uint8_t *staple"
.Fa "size_t staple_len"
.Fc
.Ft void
.Fn tls_config_clear_keys "struct tls_config *config"
.Ft int
.Fo tls_config_set_verify_depth
.Fa "struct tls_config *config"
.Fa "int verify_depth"
.Fc
.Ft void
.Fn tls_config_verify_client "struct tls_config *config"
.Ft void
.Fn tls_config_verify_client_optional "struct tls_config *config"
.Sh DESCRIPTION
.Fn tls_load_file
loads a certificate or key from disk into memory to be loaded with
.Fn tls_config_set_ca_mem ,
.Fn tls_config_set_cert_mem
or
.Fn tls_config_set_key_mem .
A private key will be decrypted if the optional
.Ar password
argument is specified.
.Pp
.Fn tls_config_set_ca_file
sets the filename used to load a file
containing the root certificates.
.Pp
.Fn tls_config_set_ca_path
sets the path (directory) which should be searched for root
certificates.
.Pp
.Fn tls_config_set_ca_mem
sets the root certificates directly from memory.
.Pp
.Fn tls_config_set_cert_file
sets file from which the public certificate will be read.
.Pp
.Fn tls_config_set_cert_mem
sets the public certificate directly from memory.
.Pp
.Fn tls_config_set_key_file
sets the file from which the private key will be read.
.Pp
.Fn tls_config_set_key_mem
directly sets the private key from memory.
.Pp
.Fn tls_config_set_ocsp_staple_file
sets a DER-encoded OCSP response to be stapled during the TLS handshake from
the specified file.
.Pp
.Fn tls_config_set_ocsp_staple_mem
sets a DER-encoded OCSP response to be stapled during the TLS handshake from
memory.
.Pp
.Fn tls_config_set_keypair_file
sets the files from which the public certificate, and private key will be read.
.Pp
.Fn tls_config_set_keypair_mem
directly sets the public certificate, and private key from memory.
.Pp
.Fn tls_config_set_keypair_file
sets the files from which the public certificate, private key, and DER encoded
OCSP staple will be read.
.Pp
.Fn tls_config_set_keypair_ocsp_mem
directly sets the public certificate, private key, and DER encoded OCSP staple
from memory.
.Pp
.Fn tls_config_add_keypair_file
adds an additional public certificate, and private key from the specified files,
used as an alternative certificate for Server Name Indication (server only).
.Pp
.Fn tls_config_add_keypair_mem
adds an additional public certificate, and private key from memory, used as an
alternative certificate for Server Name Indication (server only).
.Pp
.Fn tls_config_add_keypair_ocsp_file
adds an additional public certificate, private key, and DER encoded OCSP staple
from the specified files, used as an alternative certificate for Server Name
Indication (server only).
.Pp
.Fn tls_config_add_keypair_ocsp_mem
adds an additional public certificate, private key, and DER encoded OCSP staple
from memory, used as an alternative certificate for Server Name Indication
(server only).
.Pp
.Fn tls_config_clear_keys
clears any secret keys from memory.
.Pp
.Fn tls_config_set_verify_depth
limits the number of intermediate certificates that will be followed during
certificate validation.
.Pp
.Fn tls_config_verify_client
enables client certificate verification, requiring the client to send
a certificate (server only).
.Pp
.Fn tls_config_verify_client_optional
enables client certificate verification, without requiring the client
to send a certificate (server only).
.Sh RETURN VALUES
.Fn tls_load_file
returns
.Dv NULL
on error or an out of memory condition.
.Pp
The other functions return 0 on success or -1 on error.
.Sh SEE ALSO
.Xr tls_config_ocsp_require_stapling 3 ,
.Xr tls_config_set_protocols 3 ,
.Xr tls_config_set_session_id 3 ,
.Xr tls_configure 3 ,
.Xr tls_init 3
.Sh HISTORY
.Fn tls_config_set_ca_file ,
.Fn tls_config_set_ca_path ,
.Fn tls_config_set_cert_file ,
.Fn tls_config_set_cert_mem ,
.Fn tls_config_set_key_file ,
.Fn tls_config_set_key_mem ,
and
.Fn tls_config_set_verify_depth
appeared in
.Ox 5.6
and got their final names in
.Ox 5.7 .
.Pp
.Fn tls_load_file ,
.Fn tls_config_set_ca_mem ,
and
.Fn tls_config_clear_keys
appeared in
.Ox 5.7 .
.Pp
.Fn tls_config_verify_client
and
.Fn tls_config_verify_client_optional
appeared in
.Ox 5.9 .
.Pp
.Fn tls_config_set_keypair_file
and
.Fn tls_config_set_keypair_mem
appeared in
.Ox 6.0 ,
and
.Fn tls_config_add_keypair_file
and
.Fn tls_config_add_keypair_mem
in
.Ox 6.1 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
with contibutions from
.An Ted Unangst Aq Mt tedu@openbsd.org
and
.An Bob Beck Aq Mt beck@openbsd.org .
.Pp
.Fn tls_load_file
and
.Fn tls_config_set_ca_mem
were written by
.An Reyk Floeter Aq Mt reyk@openbsd.org .
Added jni/libressl/man/tls_ocsp_process_response.3.
































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
.\" $OpenBSD: tls_ocsp_process_response.3,v 1.4 2017/01/29 18:00:21 beck Exp $
.\"
.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 29 2017 $
.Dt TLS_OCSP_PROCESS_RESPONSE 3
.Os
.Sh NAME
.Nm tls_ocsp_process_response ,
.Nm tls_peer_ocsp_cert_status ,
.Nm tls_peer_ocsp_crl_reason ,
.Nm tls_peer_ocsp_next_update ,
.Nm tls_peer_ocsp_response_status ,
.Nm tls_peer_ocsp_result_msg ,
.Nm tls_peer_ocsp_revocation_time ,
.Nm tls_peer_ocsp_this_update ,
.Nm tls_peer_ocsp_url
.Nd inspect an OCSP response
.Sh SYNOPSIS
.In tls.h
.Ft int
.Fo tls_ocsp_process_response
.Fa "struct tls *ctx"
.Fa "const unsigned char *response"
.Fa "size_t size"
.Fc
.Ft int
.Fn tls_peer_ocsp_cert_status "struct tls *ctx"
.Ft int
.Fn tls_peer_ocsp_crl_reason "struct tls *ctx"
.Ft time_t
.Fn tls_peer_ocsp_next_update "struct tls *ctx"
.Ft int
.Fn tls_peer_ocsp_response_status "struct tls *ctx"
.Ft const char *
.Fn tls_peer_ocsp_result_msg "struct tls *ctx"
.Ft time_t
.Fn tls_peer_ocsp_revocation_time "struct tls *ctx"
.Ft time_t
.Fn tls_peer_ocsp_this_update "struct tls *ctx"
.Ft const char *
.Fn tls_peer_ocsp_url "struct tls *ctx"
.Sh DESCRIPTION
.Fn tls_ocsp_process_response
processes a raw OCSP response in
.Ar response
of size
.Ar size
to check the revocation status of the peer certificate from
.Ar ctx .
A successful return code of 0 indicates that the certificate
has not been revoked.
.Pp
.Fn tls_peer_ocsp_url
returns the URL for OCSP validation of the peer certificate from
.Ar ctx .
.Pp
The following functions return information about the peer certificate from
.Ar ctx
that was obtained by validating a stapled OCSP response during the handshake,
or via a previous call to
.Fn tls_ocsp_process_response .
.Pp
.Fn tls_peer_ocsp_cert_status
returns the OCSP certificate status code as per RFC 6960 section 2.2.
.Pp
.Fn tls_peer_ocsp_crl_reason
returns the OCSP certificate revocation reason status code as per RFC 5280
section 5.3.1.
.Pp
.Fn tls_peer_ocsp_next_update
returns the OCSP next update time.
.Pp
.Fn tls_peer_ocsp_response_status
returns the OCSP response status as per RFC 6960 section 2.3.
.Pp
.\" XXX Fn tls_peer_ocsp_result_msg does what?
.Fn tls_peer_ocsp_revocation_time
returns the OCSP revocation time.
.Pp
.Fn tls_peer_ocsp_this_update
returns the OCSP this update time.
.Sh RETURN VALUES
.Fn tls_ocsp_process_response
returns 0 on success or -1 on error.
.Pp
The
.Fn tls_peer_ocsp_response_status
function returns one of
.Dv TLS_OCSP_RESPONSE_SUCCESSFUL ,
.Dv TLS_OCSP_RESPONSE_MALFORMED ,
.Dv TLS_OCSP_RESPONSE_INTERNALERROR ,
.Dv TLS_OCSP_RESPONSE_TRYLATER ,
.Dv TLS_OCSP_RESPONSE_SIGREQUIRED ,
or
.Dv TLS_OCSP_RESPONSE_UNAUTHORIZED
on success or -1 on error.
.Pp
The
.Fn tls_peer_ocsp_cert_status
function returns one of
.Dv TLS_OCSP_CERT_GOOD ,
.Dv TLS_OCSP_CERT_REVOKED ,
or
.Dv TLS_OCSP_CERT_UNKNOWN
on success, and -1 on error.
.Pp
The
.Fn tls_peer_ocsp_crl_reason
function returns one of
.Dv TLS_CRL_REASON_UNSPECIFIED ,
.Dv TLS_CRL_REASON_KEY_COMPROMISE ,
.Dv TLS_CRL_REASON_CA_COMPROMISE ,
.Dv TLS_CRL_REASON_AFFILIATION_CHANGED ,
.Dv TLS_CRL_REASON_SUPERSEDED ,
.Dv TLS_CRL_REASON_CESSATION_OF_OPERATION ,
.Dv TLS_CRL_REASON_CERTIFICATE_HOLD ,
.Dv TLS_CRL_REASON_REMOVE_FROM_CRL ,
.Dv TLS_CRL_REASON_PRIVILEGE_WITHDRAWN ,
or
.Dv  TLS_CRL_REASON_AA_COMPROMISE
on success or -1 on error.
.Pp
.Fn tls_peer_ocsp_next_update ,
.Fn tls_peer_ocsp_revocation_time ,
and
.Fn tls_peer_ocsp_this_update
return a time in epoch-seconds on success or -1 on error.
.Pp
.Fn tls_peer_ocsp_result_msg
and
.Fn tls_peer_ocsp_url
return
.Dv NULL
on error or an out of memory condition.
.Sh SEE ALSO
.Xr tls_client 3 ,
.Xr tls_config_ocsp_require_stapling 3 ,
.Xr tls_conn_version 3 ,
.Xr tls_connect 3 ,
.Xr tls_handshake 3 ,
.Xr tls_init 3
.Sh HISTORY
These functions appeared in
.Ox 6.1 .
.Sh AUTHORS
.An Bob Beck Aq Mt beck@openbsd.org
.An Marko Kreen Aq Mt markokr@gmail.com
Added jni/libressl/man/tls_read.3.










































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
.\" $OpenBSD: tls_read.3,v 1.4 2017/02/20 13:09:15 schwarze Exp $
.\"
.\" Copyright (c) 2014, 2015 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: February 20 2017 $
.Dt TLS_READ 3
.Os
.Sh NAME
.Nm tls_read ,
.Nm tls_write ,
.Nm tls_handshake ,
.Nm tls_error ,
.Nm tls_close ,
.Nm tls_reset
.Nd use a TLS connection
.Sh SYNOPSIS
.In tls.h
.Ft ssize_t
.Fo tls_read
.Fa "struct tls *ctx"
.Fa "void *buf"
.Fa "size_t buflen"
.Fc
.Ft ssize_t
.Fo tls_write
.Fa "struct tls *ctx"
.Fa "const void *buf"
.Fa "size_t buflen"
.Fc
.Ft int
.Fn tls_handshake "struct tls *ctx"
.Ft const char *
.Fn tls_error "struct tls *ctx"
.Ft int
.Fn tls_close "struct tls *ctx"
.Ft void
.Fn tls_reset "struct tls *ctx"
.Sh DESCRIPTION
.Fn tls_read
reads
.Fa buflen
bytes of data from the socket into
.Fa buf .
It returns the amount of data read.
.Pp
.Fn tls_write
writes
.Fa buflen
bytes of data from
.Fa buf
to the socket.
It returns the amount of data written.
.Pp
.Fn tls_handshake
explicitly performs the TLS handshake.
It is only necessary to call this function if you need to guarantee that the
handshake has completed, as both
.Fn tls_read
and
.Fn tls_write
automatically perform the TLS handshake when necessary.
.Pp
The
.Fn tls_error
function may be used to retrieve a string containing more information
about the most recent error relating to a context.
.Pp
.Fn tls_close
closes a connection after use.
Only the TLS layer will be shut down and the caller is responsible for closing
the file descriptors, unless the connection was established using
.Xr tls_connect 3
or
.Xr tls_connect_servername 3 .
After closing the connection,
.Fa ctx
can be passed to
.Xr tls_free 3 .
.\" XXX Fn tls_reset does what?
.Sh RETURN VALUES
.Fn tls_read
and
.Fn tls_write
return a size on success or -1 on error.
.Pp
.Fn tls_handshake
and
.Fn tls_close
return 0 on success or -1 on error.
.Pp
.Fn tls_error
returns
.Dv NULL
if no error occurred with
.Fa ctx
during or since the last call to
.Fn tls_handshake ,
.Fn tls_read ,
.Fn tls_write ,
.Fn tls_close ,
or
.Fn tls_reset
involving
.Fa ctx ,
or if memory allocation failed while trying to assemble the string
describing the most recent error related to
.Fa ctx .
.Pp
The
.Fn tls_read ,
.Fn tls_write ,
.Fn tls_handshake ,
and
.Fn tls_close
functions have two special return values:
.Pp
.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact
.It Dv TLS_WANT_POLLIN
The underlying read file descriptor needs to be readable in order to continue.
.It Dv TLS_WANT_POLLOUT
The underlying write file descriptor needs to be writeable in order to continue.
.El
.Pp
In the case of blocking file descriptors, the same function call should be
repeated immediately.
In the case of non-blocking file descriptors, the same function call should be
repeated when the required condition has been met.
.Pp
Callers of these functions cannot rely on the value of the global
.Ar errno .
To prevent mishandling of error conditions,
.Fn tls_read ,
.Fn tls_write ,
.Fn tls_handshake ,
and
.Fn tls_close
all explicitly clear
.Ar errno .
.Sh EXAMPLES
The following example demonstrates how to handle TLS writes on a blocking
file descriptor:
.Bd -literal -offset indent
\&...
while (len > 0) {
	ssize_t ret;

	ret = tls_write(ctx, buf, len);
	if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
		continue;
	if (ret < 0)
		err(1, "tls_write: %s", tls_error(ctx));
	buf += ret;
	len -= ret;
}
\&...
.Ed
.Pp
The following example demonstrates how to handle TLS writes on a
non-blocking file descriptor using
.Xr poll 2 :
.Bd -literal -offset indent
\&...
pfd[0].fd = fd;
pfd[0].events = POLLIN|POLLOUT;
while (len > 0) {
	nready = poll(pfd, 1, 0);
	if (nready == -1)
		err(1, "poll");
	if ((pfd[0].revents & (POLLERR|POLLNVAL)))
		errx(1, "bad fd %d", pfd[0].fd);
	if ((pfd[0].revents & (pfd[0].events|POLLHUP))) {
		ssize_t ret;

		ret = tls_write(ctx, buf, len);
		if (ret == TLS_WANT_POLLIN)
			pfd[0].events = POLLIN;
		else if (ret == TLS_WANT_POLLOUT)
			pfd[0].events = POLLOUT;
		else if (ret < 0)
			err(1, "tls_write: %s", tls_error(ctx));
		else {
			buf += ret;
			len -= ret;
		}
	}
}
\&...
.Ed
.Sh SEE ALSO
.Xr tls_accept_socket 3 ,
.Xr tls_configure 3 ,
.Xr tls_conn_version 3 ,
.Xr tls_connect 3 ,
.Xr tls_init 3 ,
.Xr tls_ocsp_process_response 3
.Sh HISTORY
.Fn tls_read ,
.Fn tls_write ,
.Fn tls_error ,
.Fn tls_close ,
and
.Fn tls_reset
appeared in
.Ox 5.6
and got their final names in
.Ox 5.7 .
.Pp
.Fn tls_handshake
appeared in
.Ox 5.9 .
.Sh AUTHORS
.An Joel Sing Aq Mt jsing@openbsd.org
with contributions from
.An Bob Beck Aq Mt beck@openbsd.org
.Sh CAVEATS
The function
.Fn tls_error
returns an internal pointer.
It must not be freed by the application, or a double free error
will occur.
The pointer will become invalid when the next error occurs with
.Fa ctx .
Consequently, if the application may need the message at a later
time, it has to copy the string before calling the next
.Sy libtls
function involving
.Fa ctx ,
or a segmentation fault or read access to unintended data is the
likely result.
Deleted jni/libressl/man/x509.3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "x509 3"
.TH x509 3 "2017-01-09" "LibreSSL " "LibreSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
x509 \- X.509 certificate handling
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A X.509 certificate is a structured grouping of information about
an individual, a device, or anything one can imagine.  A X.509 \s-1CRL
\&\s0(certificate revocation list) is a tool to help determine if a
certificate is still valid.  The exact definition of those can be
found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0
In OpenSSL, the type X509 is used to express such a certificate, and
the type X509_CRL is used to express a \s-1CRL.\s0
.PP
A related structure is a certificate request, defined in PKCS#10 from
\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896. \s0 In OpenSSL, the type
X509_REQ is used to express such a certificate request.
.PP
To handle some complex parts of a certificate, there are the types
X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
a certificate attributes), X509_EXTENSION (to express a certificate
extension) and a few more.
.PP
Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a
certificate and a corresponding private key.
.PP
\&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509
certificates, with some exceptions, shown below.
.PP
\&\fBX509_CRL_\fR\fI...\fR, \fBd2i_X509_CRL_\fR\fI...\fR and \fBi2d_X509_CRL_\fR\fI...\fR
handle X.509 CRLs.
.PP
\&\fBX509_REQ_\fR\fI...\fR, \fBd2i_X509_REQ_\fR\fI...\fR and \fBi2d_X509_REQ_\fR\fI...\fR
handle PKCS#10 certificate requests.
.PP
\&\fBX509_NAME_\fR\fI...\fR handle certificate names.
.PP
\&\fBX509_ATTRIBUTE_\fR\fI...\fR handle certificate attributes.
.PP
\&\fBX509_EXTENSION_\fR\fI...\fR handle certificate extensions.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
\&\fIX509_NAME_add_entry_by_NID\fR\|(3),
\&\fIX509_NAME_print_ex\fR\|(3),
\&\fIX509_NAME_new\fR\|(3),
\&\fId2i_X509\fR\|(3),
\&\fId2i_X509_ALGOR\fR\|(3),
\&\fId2i_X509_CRL\fR\|(3),
\&\fId2i_X509_NAME\fR\|(3),
\&\fId2i_X509_REQ\fR\|(3),
\&\fId2i_X509_SIG\fR\|(3),
\&\fIcrypto\fR\|(3),
\&\fIx509v3\fR\|(3)
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















































































































































































































































































Changes to jni/libressl/scripts/travis.
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
	# test cmake and ninja
	if [ `uname` = "Darwin" ]; then
		cmake ..
		make
		make test
	else
		sudo apt-get update
		sudo apt-get install -y python-software-properties
		sudo apt-add-repository -y ppa:kalakris/cmake
		sudo apt-get update
		sudo apt-get install -y cmake ninja-build
		cmake -GNinja ..
		ninja
		ninja test
	fi
else
	CPU=i686
	if [ "x$ARCH" = "xmingw64" ]; then
		CPU=x86_64
	fi
	export CC=$CPU-w64-mingw32-gcc

	if [ -z $(which $CC) ]; then
		# Update Ubuntu 12.04 with current mingw toolchain
		sudo apt-get update
		sudo apt-get install -y python-software-properties
		sudo apt-add-repository -y ppa:tobydox/mingw-x-precise
		sudo apt-get update
		sudo apt-get install -y $ARCH-x-gcc make
		export PATH=$PATH:/opt/$ARCH/bin
	fi

	./configure --host=$CPU-w64-mingw32
	make -j
fi







<
<
<













<

<
<
<
|






18
19
20
21
22
23
24



25
26
27
28
29
30
31
32
33
34
35
36
37

38



39
40
41
42
43
44
45
	# test cmake and ninja
	if [ `uname` = "Darwin" ]; then
		cmake ..
		make
		make test
	else
		sudo apt-get update



		sudo apt-get install -y cmake ninja-build
		cmake -GNinja ..
		ninja
		ninja test
	fi
else
	CPU=i686
	if [ "x$ARCH" = "xmingw64" ]; then
		CPU=x86_64
	fi
	export CC=$CPU-w64-mingw32-gcc

	if [ -z $(which $CC) ]; then

		sudo apt-get update



		sudo apt-get install -y mingw-w64 make
		export PATH=$PATH:/opt/$ARCH/bin
	fi

	./configure --host=$CPU-w64-mingw32
	make -j
fi
Changes to jni/libressl/ssl/CMakeLists.txt.
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

34
35
36
37
38


39
40

41
42

43
44

45
46
47
48
49
50
51
52

53
54

55
56

57
58


59
60
61
62
63
64
65
	d1_enc.c
	d1_lib.c
	d1_meth.c
	d1_pkt.c
	d1_srtp.c
	d1_srvr.c
	pqueue.c
	s23_clnt.c
	s23_lib.c
	s23_pkt.c
	s23_srvr.c
	s3_both.c
	s3_cbc.c
	s3_clnt.c
	s3_lib.c
	s3_pkt.c
	s3_srvr.c
	ssl_algs.c
	ssl_asn1.c

	ssl_cert.c
	ssl_ciph.c
	ssl_err.c
	ssl_err2.c
	ssl_lib.c


	ssl_rsa.c
	ssl_sess.c

	ssl_stat.c
	ssl_txt.c

	t1_clnt.c
	t1_enc.c

	t1_lib.c
	t1_meth.c
	t1_reneg.c
	t1_srvr.c
)

if (BUILD_SHARED)
	add_library(ssl-objects OBJECT ${SSL_SRC})

	add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
	add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)

	if (MSVC)
		target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)

	endif()
	set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)


	set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
		SOVERSION ${SSL_MAJOR_VERSION})
	install(TARGETS ssl ssl-shared DESTINATION lib)
else()
	add_library(ssl STATIC ${SSL_SRC})
	install(TARGETS ssl DESTINATION lib)
endif()







<
<
<
<
<

<

<
<


>


|
|

>
>


>


>


>






<
|
>


>
|

>

|
>
>


|


|

15
16
17
18
19
20
21





22

23


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
	d1_enc.c
	d1_lib.c
	d1_meth.c
	d1_pkt.c
	d1_srtp.c
	d1_srvr.c
	pqueue.c





	s3_cbc.c

	s3_lib.c


	ssl_algs.c
	ssl_asn1.c
	ssl_both.c
	ssl_cert.c
	ssl_ciph.c
	ssl_clnt.c
	ssl_err.c
	ssl_lib.c
	ssl_packet.c
	ssl_pkt.c
	ssl_rsa.c
	ssl_sess.c
	ssl_srvr.c
	ssl_stat.c
	ssl_txt.c
	ssl_versions.c
	t1_clnt.c
	t1_enc.c
	t1_hash.c
	t1_lib.c
	t1_meth.c
	t1_reneg.c
	t1_srvr.c
)


add_library(ssl-objects OBJECT ${SSL_SRC})
if (BUILD_SHARED)
	add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
	add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
	export_symbol(ssl-shared ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
	if (WIN32)
		target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
		set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
	endif()
	set_target_properties(ssl-shared PROPERTIES
		OUTPUT_NAME ssl${SSL_POSTFIX}
		ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
	set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
		SOVERSION ${SSL_MAJOR_VERSION})
	install(TARGETS ssl ssl-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
else()
	add_library(ssl STATIC ${SSL_SRC})
	install(TARGETS ssl DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()
Changes to jni/libressl/ssl/Makefile.am.
1
2
3
4
5
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
include $(top_srcdir)/Makefile.am.common

lib_LTLIBRARIES = libssl.la

EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt


libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la

libssl_la_SOURCES = bio_ssl.c
libssl_la_SOURCES += bs_ber.c
libssl_la_SOURCES += bs_cbb.c
libssl_la_SOURCES += bs_cbs.c
libssl_la_SOURCES += d1_both.c
libssl_la_SOURCES += d1_clnt.c
libssl_la_SOURCES += d1_enc.c
libssl_la_SOURCES += d1_lib.c
libssl_la_SOURCES += d1_meth.c
libssl_la_SOURCES += d1_pkt.c
libssl_la_SOURCES += d1_srtp.c
libssl_la_SOURCES += d1_srvr.c
libssl_la_SOURCES += pqueue.c
libssl_la_SOURCES += s23_clnt.c
libssl_la_SOURCES += s23_lib.c
libssl_la_SOURCES += s23_pkt.c
libssl_la_SOURCES += s23_srvr.c
libssl_la_SOURCES += s3_both.c
libssl_la_SOURCES += s3_cbc.c
libssl_la_SOURCES += s3_clnt.c
libssl_la_SOURCES += s3_lib.c
libssl_la_SOURCES += s3_pkt.c
libssl_la_SOURCES += s3_srvr.c
libssl_la_SOURCES += ssl_algs.c
libssl_la_SOURCES += ssl_asn1.c
libssl_la_SOURCES += ssl_cert.c
libssl_la_SOURCES += ssl_ciph.c
libssl_la_SOURCES += ssl_err.c
libssl_la_SOURCES += ssl_err2.c
libssl_la_SOURCES += ssl_lib.c
libssl_la_SOURCES += ssl_rsa.c
libssl_la_SOURCES += ssl_sess.c
libssl_la_SOURCES += ssl_stat.c
libssl_la_SOURCES += ssl_txt.c
libssl_la_SOURCES += t1_clnt.c
libssl_la_SOURCES += t1_enc.c
libssl_la_SOURCES += t1_lib.c
libssl_la_SOURCES += t1_meth.c
libssl_la_SOURCES += t1_reneg.c
libssl_la_SOURCES += t1_srvr.c

noinst_HEADERS = srtp.h
noinst_HEADERS += ssl_locl.h
noinst_HEADERS += bytestring.h






>

|















|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
<








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45


46
47
48
49
50
51
52
53
include $(top_srcdir)/Makefile.am.common

lib_LTLIBRARIES = libssl.la

EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += ssl.sym

libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la

libssl_la_SOURCES = bio_ssl.c
libssl_la_SOURCES += bs_ber.c
libssl_la_SOURCES += bs_cbb.c
libssl_la_SOURCES += bs_cbs.c
libssl_la_SOURCES += d1_both.c
libssl_la_SOURCES += d1_clnt.c
libssl_la_SOURCES += d1_enc.c
libssl_la_SOURCES += d1_lib.c
libssl_la_SOURCES += d1_meth.c
libssl_la_SOURCES += d1_pkt.c
libssl_la_SOURCES += d1_srtp.c
libssl_la_SOURCES += d1_srvr.c
libssl_la_SOURCES += pqueue.c
libssl_la_SOURCES += s3_cbc.c
libssl_la_SOURCES += s3_lib.c
libssl_la_SOURCES += ssl_algs.c
libssl_la_SOURCES += ssl_asn1.c
libssl_la_SOURCES += ssl_both.c
libssl_la_SOURCES += ssl_cert.c
libssl_la_SOURCES += ssl_ciph.c
libssl_la_SOURCES += ssl_clnt.c
libssl_la_SOURCES += ssl_err.c
libssl_la_SOURCES += ssl_lib.c
libssl_la_SOURCES += ssl_packet.c
libssl_la_SOURCES += ssl_pkt.c
libssl_la_SOURCES += ssl_rsa.c
libssl_la_SOURCES += ssl_sess.c
libssl_la_SOURCES += ssl_srvr.c
libssl_la_SOURCES += ssl_stat.c
libssl_la_SOURCES += ssl_txt.c
libssl_la_SOURCES += ssl_versions.c
libssl_la_SOURCES += t1_clnt.c
libssl_la_SOURCES += t1_enc.c
libssl_la_SOURCES += t1_hash.c


libssl_la_SOURCES += t1_lib.c
libssl_la_SOURCES += t1_meth.c
libssl_la_SOURCES += t1_reneg.c
libssl_la_SOURCES += t1_srvr.c

noinst_HEADERS = srtp.h
noinst_HEADERS += ssl_locl.h
noinst_HEADERS += bytestring.h
Changes to jni/libressl/ssl/Makefile.in.
133
134
135
136
137
138
139
140
141
142
143
144

145
146
147
148
149
150
151
152
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
libssl_la_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la
am_libssl_la_OBJECTS = bio_ssl.lo bs_ber.lo bs_cbb.lo bs_cbs.lo \
	d1_both.lo d1_clnt.lo d1_enc.lo d1_lib.lo d1_meth.lo d1_pkt.lo \
	d1_srtp.lo d1_srvr.lo pqueue.lo s23_clnt.lo s23_lib.lo \
	s23_pkt.lo s23_srvr.lo s3_both.lo s3_cbc.lo s3_clnt.lo \
	s3_lib.lo s3_pkt.lo s3_srvr.lo ssl_algs.lo ssl_asn1.lo \
	ssl_cert.lo ssl_ciph.lo ssl_err.lo ssl_err2.lo ssl_lib.lo \
	ssl_rsa.lo ssl_sess.lo ssl_stat.lo ssl_txt.lo t1_clnt.lo \

	t1_enc.lo t1_lib.lo t1_meth.lo t1_reneg.lo t1_srvr.lo
libssl_la_OBJECTS = $(am_libssl_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
libssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \







|
<
|
|
|
>
|







133
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148
149
150
151
152
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
libssl_la_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la
am_libssl_la_OBJECTS = bio_ssl.lo bs_ber.lo bs_cbb.lo bs_cbs.lo \
	d1_both.lo d1_clnt.lo d1_enc.lo d1_lib.lo d1_meth.lo d1_pkt.lo \
	d1_srtp.lo d1_srvr.lo pqueue.lo s3_cbc.lo s3_lib.lo \

	ssl_algs.lo ssl_asn1.lo ssl_both.lo ssl_cert.lo ssl_ciph.lo \
	ssl_clnt.lo ssl_err.lo ssl_lib.lo ssl_packet.lo ssl_pkt.lo \
	ssl_rsa.lo ssl_sess.lo ssl_srvr.lo ssl_stat.lo ssl_txt.lo \
	ssl_versions.lo t1_clnt.lo t1_enc.lo t1_hash.lo t1_lib.lo \
	t1_meth.lo t1_reneg.lo t1_srvr.lo
libssl_la_OBJECTS = $(am_libssl_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
libssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
240
241
242
243
244
245
246

247
248
249
250
251
252
253
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
335
336
337
338
339
340
341
342


343
344
345
346
347
348
349
350
351

352
353
354
355
356
357
358
359
360
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL


lib_LTLIBRARIES = libssl.la
EXTRA_DIST = VERSION CMakeLists.txt
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c bs_ber.c bs_cbb.c bs_cbs.c d1_both.c \
	d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c d1_srtp.c \
	d1_srvr.c pqueue.c s23_clnt.c s23_lib.c s23_pkt.c s23_srvr.c \
	s3_both.c s3_cbc.c s3_clnt.c s3_lib.c s3_pkt.c s3_srvr.c \
	ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \

	ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \
	t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
noinst_HEADERS = srtp.h ssl_locl.h bytestring.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \







|
>
>

|
|



|
<
|
>
|
|







336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

353
354
355
356
357
358
359
360
361
362
363
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
lib_LTLIBRARIES = libssl.la
EXTRA_DIST = VERSION CMakeLists.txt ssl.sym
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c bs_ber.c bs_cbb.c bs_cbs.c d1_both.c \
	d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c d1_srtp.c \
	d1_srvr.c pqueue.c s3_cbc.c s3_lib.c ssl_algs.c ssl_asn1.c \

	ssl_both.c ssl_cert.c ssl_ciph.c ssl_clnt.c ssl_err.c \
	ssl_lib.c ssl_packet.c ssl_pkt.c ssl_rsa.c ssl_sess.c \
	ssl_srvr.c ssl_stat.c ssl_txt.c ssl_versions.c t1_clnt.c \
	t1_enc.c t1_hash.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
noinst_HEADERS = srtp.h ssl_locl.h bytestring.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_meth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_pkt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_srtp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_srvr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pqueue.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s23_clnt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s23_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s23_pkt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s23_srvr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_both.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_clnt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_pkt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_srvr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_algs.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_cert.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_ciph.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_err2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_rsa.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_sess.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_stat.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_txt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_clnt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_meth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_reneg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_srvr.Plo@am__quote@

.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\







|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
<







443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470


471
472
473
474
475
476
477
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_meth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_pkt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_srtp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_srvr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pqueue.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_algs.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_both.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_cert.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_ciph.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_clnt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_err.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_packet.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_pkt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_rsa.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_sess.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_srvr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_stat.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_txt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_versions.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_clnt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_enc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_hash.Plo@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_lib.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_meth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_reneg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_srvr.Plo@am__quote@

.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
Changes to jni/libressl/ssl/VERSION.
1
39:0:0
|
1
43:2:0
Changes to jni/libressl/ssl/bio_ssl.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: bio_ssl.c,v 1.21 2014/11/16 14:12:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: bio_ssl.c,v 1.27 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
61
62
63
64
65
66
67


68
69
70
71
72
73
74
#include <stdlib.h>
#include <string.h>

#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/ssl.h>



static int ssl_write(BIO *h, const char *buf, int num);
static int ssl_read(BIO *h, char *buf, int size);
static int ssl_puts(BIO *h, const char *str);
static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int ssl_new(BIO *h);
static int ssl_free(BIO *data);







>
>







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#include <stdlib.h>
#include <string.h>

#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/ssl.h>

#include "ssl_locl.h"

static int ssl_write(BIO *h, const char *buf, int num);
static int ssl_read(BIO *h, char *buf, int size);
static int ssl_puts(BIO *h, const char *str);
static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int ssl_new(BIO *h);
static int ssl_free(BIO *data);
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
static int
ssl_new(BIO *bi)
{
	BIO_SSL *bs;

	bs = calloc(1, sizeof(BIO_SSL));
	if (bs == NULL) {
		BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	bi->init = 0;
	bi->ptr = (char *)bs;
	bi->flags = 0;
	return (1);
}







|







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
static int
ssl_new(BIO *bi)
{
	BIO_SSL *bs;

	bs = calloc(1, sizeof(BIO_SSL));
	if (bs == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	bi->init = 0;
	bi->ptr = (char *)bs;
	bi->flags = 0;
	return (1);
}
287
288
289
290
291
292
293
294

295
296

297
298
299
300
301
302
303
	ssl = bs->ssl;
	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
		return (0);
	switch (cmd) {
	case BIO_CTRL_RESET:
		SSL_shutdown(ssl);

		if (ssl->handshake_func == ssl->method->ssl_connect)

			SSL_set_connect_state(ssl);
		else if (ssl->handshake_func == ssl->method->ssl_accept)

			SSL_set_accept_state(ssl);

		SSL_clear(ssl);

		if (b->next_bio != NULL)
			ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
		else if (ssl->rbio != NULL)







|
>

|
>







289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
	ssl = bs->ssl;
	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
		return (0);
	switch (cmd) {
	case BIO_CTRL_RESET:
		SSL_shutdown(ssl);

		if (ssl->internal->handshake_func ==
		    ssl->method->internal->ssl_connect)
			SSL_set_connect_state(ssl);
		else if (ssl->internal->handshake_func ==
		    ssl->method->internal->ssl_accept)
			SSL_set_accept_state(ssl);

		SSL_clear(ssl);

		if (b->next_bio != NULL)
			ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
		else if (ssl->rbio != NULL)
372
373
374
375
376
377
378
379

380
381
382
383
384
385
386
		BIO_clear_retry_flags(b);
		ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
		BIO_copy_next_retry(b);
		break;
	case BIO_CTRL_PUSH:
		if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
			SSL_set_bio(ssl, b->next_bio, b->next_bio);
			CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);

		}
		break;
	case BIO_CTRL_POP:
		/* Only detach if we are the BIO explicitly being popped */
		if (b == ptr) {
			/* Shouldn't happen in practice because the
			 * rbio and wbio are the same when pushed.







|
>







376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
		BIO_clear_retry_flags(b);
		ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
		BIO_copy_next_retry(b);
		break;
	case BIO_CTRL_PUSH:
		if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
			SSL_set_bio(ssl, b->next_bio, b->next_bio);
			CRYPTO_add(&b->next_bio->references, 1,
			    CRYPTO_LOCK_BIO);
		}
		break;
	case BIO_CTRL_POP:
		/* Only detach if we are the BIO explicitly being popped */
		if (b == ptr) {
			/* Shouldn't happen in practice because the
			 * rbio and wbio are the same when pushed.
440
441
442
443
444
445
446
447

448
449
450
451
452
453
454
			ret = 0;
		}
		break;
	case BIO_CTRL_GET_CALLBACK:
		{
			void (**fptr)(const SSL *xssl, int type, int val);

			fptr = (void (**)(const SSL *xssl, int type, int val))ptr;

			*fptr = SSL_get_info_callback(ssl);
		}
		break;
	default:
		ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
		break;
	}







|
>







445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
			ret = 0;
		}
		break;
	case BIO_CTRL_GET_CALLBACK:
		{
			void (**fptr)(const SSL *xssl, int type, int val);

			fptr = (void (**)(const SSL *xssl, int type, int val))
			    ptr;
			*fptr = SSL_get_info_callback(ssl);
		}
		break;
	default:
		ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
		break;
	}
465
466
467
468
469
470
471
472

473
474
475
476
477
478
479
	bs = (BIO_SSL *)b->ptr;
	ssl = bs->ssl;
	switch (cmd) {
	case BIO_CTRL_SET_CALLBACK:
		{
		/* FIXME: setting this via a completely different prototype
		   seems like a crap idea */
			SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);

		}
		break;
	default:
		ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
		break;
	}
	return (ret);







|
>







471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
	bs = (BIO_SSL *)b->ptr;
	ssl = bs->ssl;
	switch (cmd) {
	case BIO_CTRL_SET_CALLBACK:
		{
		/* FIXME: setting this via a completely different prototype
		   seems like a crap idea */
			SSL_set_info_callback(ssl,
			    (void (*)(const SSL *, int, int))fp);
		}
		break;
	default:
		ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
		break;
	}
	return (ret);
Changes to jni/libressl/ssl/bs_ber.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: bs_ber.c,v 1.7 2015/06/17 07:20:39 doug Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: bs_ber.c,v 1.9 2016/12/03 12:34:35 jsing Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
99
100
101
102
103
104
105


106
107
108
109
110
111
112
113
 * is_eoc returns true if |header_len| and |contents|, as returned by
 * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
 * value.
 */
static char
is_eoc(size_t header_len, CBS *contents)
{


	return header_len == 2 && CBS_mem_equal(contents, "\x00\x00", 2);
}

/*
 * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
 * indefinite form) from |in| and writes definite form DER data to |out|. If
 * |squash_header| is set then the top-level of elements from |in| will not
 * have their headers written. This is used when concatenating the fragments of







>
>
|







99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 * is_eoc returns true if |header_len| and |contents|, as returned by
 * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
 * value.
 */
static char
is_eoc(size_t header_len, CBS *contents)
{
	const unsigned char eoc[] = {0x0, 0x0};

	return header_len == 2 && CBS_mem_equal(contents, eoc, 2);
}

/*
 * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
 * indefinite form) from |in| and writes definite form DER data to |out|. If
 * |squash_header| is set then the top-level of elements from |in| will not
 * have their headers written. This is used when concatenating the fragments of
Changes to jni/libressl/ssl/bs_cbb.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: bs_cbb.c,v 1.12 2015/06/18 23:25:07 doug Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: bs_cbb.c,v 1.14 2017/03/10 15:16:20 jsing Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

		if (!base->can_resize)
			return 0;

		if (newcap < base->cap || newcap < newlen)
			newcap = newlen;

		newbuf = realloc(base->buf, newcap);
		if (newbuf == NULL)
			return 0;

		base->buf = newbuf;
		base->cap = newcap;
	}








|







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

		if (!base->can_resize)
			return 0;

		if (newcap < base->cap || newcap < newlen)
			newcap = newlen;

		newbuf = recallocarray(base->buf, base->cap, newcap, 1);
		if (newbuf == NULL)
			return 0;

		base->buf = newbuf;
		base->cap = newcap;
	}

Changes to jni/libressl/ssl/bs_cbs.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: bs_cbs.c,v 1.16 2015/06/23 05:58:28 doug Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: bs_cbs.c,v 1.17 2015/06/24 09:44:18 jsing Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/ssl/bytestring.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27


28
29
30
31
32
33
34
/*	$OpenBSD: bytestring.h,v 1.13 2015/06/18 23:25:07 doug Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

#ifndef OPENSSL_HEADER_BYTESTRING_H
#define OPENSSL_HEADER_BYTESTRING_H

#if defined(__cplusplus)
extern "C" {
#endif

#include <sys/types.h>
#include <stdint.h>

#include <openssl/opensslconf.h>



/*
 * Bytestrings are used for parsing and building TLS and ASN.1 messages.
 *
 * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
 * provides utility functions for safely parsing length-prefixed structures
 * like TLS and ASN.1 from it.
|


















<
<
<
<




>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19




20
21
22
23
24
25
26
27
28
29
30
31
32
/*	$OpenBSD: bytestring.h,v 1.15 2016/11/04 18:28:58 guenther Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

#ifndef OPENSSL_HEADER_BYTESTRING_H
#define OPENSSL_HEADER_BYTESTRING_H





#include <sys/types.h>
#include <stdint.h>

#include <openssl/opensslconf.h>

__BEGIN_HIDDEN_DECLS

/*
 * Bytestrings are used for parsing and building TLS and ASN.1 messages.
 *
 * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
 * provides utility functions for safely parsing length-prefixed structures
 * like TLS and ASN.1 from it.
500
501
502
503
504
505
506
507
508
509
510
511
 * from NSS.
 *
 * It returns one on success and zero otherwise.
 */
int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
#endif /* LIBRESSL_INTERNAL */

#if defined(__cplusplus)
}  /* extern C */
#endif

#endif  /* OPENSSL_HEADER_BYTESTRING_H */







|
<
<


498
499
500
501
502
503
504
505


506
507
 * from NSS.
 *
 * It returns one on success and zero otherwise.
 */
int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
#endif /* LIBRESSL_INTERNAL */

__END_HIDDEN_DECLS 



#endif  /* OPENSSL_HEADER_BYTESTRING_H */
Changes to jni/libressl/ssl/d1_both.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_both.c,v 1.38 2015/09/11 18:08:21 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_both.c,v 1.50 2017/03/04 16:32:00 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
		    frag->msg_header.saved_retransmit_state.write_hash);
	}
	free(frag->fragment);
	free(frag->reassembly);
	free(frag);
}

/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
int
dtls1_do_write(SSL *s, int type)
{
	int ret;
	int curr_mtu;
	unsigned int len, frag_off, mac_size, blocksize;

	/* AHA!  Figure out the MTU, and stick to the right size */
	if (s->d1->mtu < dtls1_min_mtu() &&
	    !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
		    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

		/*
		 * I've seen the kernel return bogus numbers when it
		 * doesn't know the MTU (ie., the initial write), so just
		 * make sure we have a reasonable number
		 */
		if (s->d1->mtu < dtls1_min_mtu()) {
			s->d1->mtu = 0;
			s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
			    s->d1->mtu, NULL);
		}
	}

	OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
	/* should have something reasonable now */

	if (s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
		OPENSSL_assert(s->init_num ==
		    (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);

	if (s->write_hash)
		mac_size = EVP_MD_CTX_size(s->write_hash);
	else
		mac_size = 0;

	if (s->enc_write_ctx &&
	    (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
		blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
	else
		blocksize = 0;

	frag_off = 0;
	while (s->init_num) {
		curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
		    DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;

		if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
			/* grr.. we could get an error if MTU picked was wrong */
			ret = BIO_flush(SSL_get_wbio(s));
			if (ret <= 0)
				return ret;
			curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
			    mac_size - blocksize;
		}

		if (s->init_num > curr_mtu)
			len = curr_mtu;
		else
			len = s->init_num;


		/* XDTLS: this function is too long.  split out the CCS part */
		if (type == SSL3_RT_HANDSHAKE) {
			if (s->init_off != 0) {
				OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
				s->init_off -= DTLS1_HM_HEADER_LENGTH;
				s->init_num += DTLS1_HM_HEADER_LENGTH;

				if (s->init_num > curr_mtu)
					len = curr_mtu;
				else
					len = s->init_num;
			}

			dtls1_fix_message_header(s, frag_off,
			    len - DTLS1_HM_HEADER_LENGTH);

			dtls1_write_message_header(s,
			    (unsigned char *)&s->init_buf->data[s->init_off]);

			OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
		}

		ret = dtls1_write_bytes(s, type,
		    &s->init_buf->data[s->init_off], len);
		if (ret < 0) {
			/*
			 * Might need to update MTU here, but we don't know
			 * which previous packet caused the failure -- so
			 * can't really retransmit anything.  continue as
			 * if everything is fine and wait for an alert to
			 * handle the retransmit
			 */
			if (BIO_ctrl(SSL_get_wbio(s),
			    BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
				s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
				    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
			else
				return (-1);
		} else {

			/*
			 * Bad if this assert fails, only part of the
			 * handshake message got sent.  but why would
			 * this happen?
			 */
			OPENSSL_assert(len == (unsigned int)ret);

			if (type == SSL3_RT_HANDSHAKE &&
			    !s->d1->retransmitting) {
				/*
				 * Should not be done for 'Hello Request's,
				 * but in that case we'll ignore the result
				 * anyway
				 */
				unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
				const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
				int xlen;

				if (frag_off == 0) {
					/*
					 * Reconstruct message header is if it
					 * is being sent in single fragment
					 */







|








|

|







|
|
|

|



|


|
|
|

|
|



|
|
|




|
|







|



|


|




|
|
|
|

|


|






|





|










|













|





|
|







219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
		    frag->msg_header.saved_retransmit_state.write_hash);
	}
	free(frag->fragment);
	free(frag->reassembly);
	free(frag);
}

/* send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
int
dtls1_do_write(SSL *s, int type)
{
	int ret;
	int curr_mtu;
	unsigned int len, frag_off, mac_size, blocksize;

	/* AHA!  Figure out the MTU, and stick to the right size */
	if (D1I(s)->mtu < dtls1_min_mtu() &&
	    !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
		D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
		    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

		/*
		 * I've seen the kernel return bogus numbers when it
		 * doesn't know the MTU (ie., the initial write), so just
		 * make sure we have a reasonable number
		 */
		if (D1I(s)->mtu < dtls1_min_mtu()) {
			D1I(s)->mtu = 0;
			D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu);
			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
			    D1I(s)->mtu, NULL);
		}
	}

	OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu());
	/* should have something reasonable now */

	if (s->internal->init_off == 0  && type == SSL3_RT_HANDSHAKE)
		OPENSSL_assert(s->internal->init_num ==
		    (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);

	if (s->internal->write_hash)
		mac_size = EVP_MD_CTX_size(s->internal->write_hash);
	else
		mac_size = 0;

	if (s->internal->enc_write_ctx &&
	    (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
		blocksize = 2 * EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher);
	else
		blocksize = 0;

	frag_off = 0;
	while (s->internal->init_num) {
		curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
		    DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;

		if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
			/* grr.. we could get an error if MTU picked was wrong */
			ret = BIO_flush(SSL_get_wbio(s));
			if (ret <= 0)
				return ret;
			curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
			    mac_size - blocksize;
		}

		if (s->internal->init_num > curr_mtu)
			len = curr_mtu;
		else
			len = s->internal->init_num;


		/* XDTLS: this function is too long.  split out the CCS part */
		if (type == SSL3_RT_HANDSHAKE) {
			if (s->internal->init_off != 0) {
				OPENSSL_assert(s->internal->init_off > DTLS1_HM_HEADER_LENGTH);
				s->internal->init_off -= DTLS1_HM_HEADER_LENGTH;
				s->internal->init_num += DTLS1_HM_HEADER_LENGTH;

				if (s->internal->init_num > curr_mtu)
					len = curr_mtu;
				else
					len = s->internal->init_num;
			}

			dtls1_fix_message_header(s, frag_off,
			    len - DTLS1_HM_HEADER_LENGTH);

			dtls1_write_message_header(s,
			    (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]);

			OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
		}

		ret = dtls1_write_bytes(s, type,
		    &s->internal->init_buf->data[s->internal->init_off], len);
		if (ret < 0) {
			/*
			 * Might need to update MTU here, but we don't know
			 * which previous packet caused the failure -- so
			 * can't really retransmit anything.  continue as
			 * if everything is fine and wait for an alert to
			 * handle the retransmit
			 */
			if (BIO_ctrl(SSL_get_wbio(s),
			    BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
				D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
				    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
			else
				return (-1);
		} else {

			/*
			 * Bad if this assert fails, only part of the
			 * handshake message got sent.  but why would
			 * this happen?
			 */
			OPENSSL_assert(len == (unsigned int)ret);

			if (type == SSL3_RT_HANDSHAKE &&
			    !D1I(s)->retransmitting) {
				/*
				 * Should not be done for 'Hello Request's,
				 * but in that case we'll ignore the result
				 * anyway
				 */
				unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off];
				const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
				int xlen;

				if (frag_off == 0) {
					/*
					 * Reconstruct message header is if it
					 * is being sent in single fragment
					 */
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
					p += DTLS1_HM_HEADER_LENGTH;
					xlen = ret - DTLS1_HM_HEADER_LENGTH;
				}

				tls1_finish_mac(s, p, xlen);
			}

			if (ret == s->init_num) {
				if (s->msg_callback)
					s->msg_callback(1, s->version, type,
					    s->init_buf->data,
					    (size_t)(s->init_off + s->init_num),
					    s, s->msg_callback_arg);

				s->init_off = 0;
				/* done writing this message */
				s->init_num = 0;

				return (1);
			}
			s->init_off += ret;
			s->init_num -= ret;
			frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
		}
	}
	return (0);
}









|
|
|
|
|
|

|

|



|
|







362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
					p += DTLS1_HM_HEADER_LENGTH;
					xlen = ret - DTLS1_HM_HEADER_LENGTH;
				}

				tls1_finish_mac(s, p, xlen);
			}

			if (ret == s->internal->init_num) {
				if (s->internal->msg_callback)
					s->internal->msg_callback(1, s->version, type,
					    s->internal->init_buf->data,
					    (size_t)(s->internal->init_off + s->internal->init_num),
					    s, s->internal->msg_callback_arg);

				s->internal->init_off = 0;
				/* done writing this message */
				s->internal->init_num = 0;

				return (1);
			}
			s->internal->init_off += ret;
			s->internal->init_num -= ret;
			frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
		}
	}
	return (0);
}


399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
{
	int i, al;
	struct hm_header_st *msg_hdr;
	unsigned char *p;
	unsigned long msg_len;

	/*
	 * s3->tmp is used to store messages that are unexpected, caused
	 * by the absence of an optional handshake message
	 */
	if (s->s3->tmp.reuse_message) {
		s->s3->tmp.reuse_message = 0;
		if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_DTLS1_GET_MESSAGE,
			    SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}
		*ok = 1;
		s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
		s->init_num = (int)s->s3->tmp.message_size;
		return s->init_num;
	}

	msg_hdr = &s->d1->r_msg_hdr;
	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

again:
	i = dtls1_get_message_fragment(s, st1, stn, max, ok);
	if (i == DTLS1_HM_BAD_FRAGMENT ||
	    i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
		goto again;
	else if (i <= 0 && !*ok)
		return i;

	p = (unsigned char *)s->init_buf->data;
	msg_len = msg_hdr->msg_len;

	/* reconstruct message header */
	*(p++) = msg_hdr->type;
	l2n3(msg_len, p);
	s2n (msg_hdr->seq, p);
	l2n3(0, p);
	l2n3(msg_len, p);

	p -= DTLS1_HM_HEADER_LENGTH;
	msg_len += DTLS1_HM_HEADER_LENGTH;

	tls1_finish_mac(s, p, msg_len);
	if (s->msg_callback)
		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
		    s, s->msg_callback_arg);

	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

	/* Don't change sequence numbers while listening */
	if (!s->d1->listen)
		s->d1->handshake_read_seq++;

	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
	return s->init_num;

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	*ok = 0;
	return -1;
}


static int
dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
{
	size_t frag_off, frag_len, msg_len;

	msg_len = msg_hdr->msg_len;
	frag_off = msg_hdr->frag_off;
	frag_len = msg_hdr->frag_len;

	/* sanity checking */
	if ((frag_off + frag_len) > msg_len) {
		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
		    SSL_R_EXCESSIVE_MESSAGE_SIZE);
		return SSL_AD_ILLEGAL_PARAMETER;
	}

	if ((frag_off + frag_len) > (unsigned long)max) {
		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
		    SSL_R_EXCESSIVE_MESSAGE_SIZE);
		return SSL_AD_ILLEGAL_PARAMETER;
	}

	if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
	{
		/*
		 * msg_len is limited to 2^24, but is effectively checked
		 * against max above
		 */
		if (!BUF_MEM_grow_clean(s->init_buf,
		    msg_len + DTLS1_HM_HEADER_LENGTH)) {
			SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
			return SSL_AD_INTERNAL_ERROR;
		}

		s->s3->tmp.message_size = msg_len;
		s->d1->r_msg_hdr.msg_len = msg_len;
		s->s3->tmp.message_type = msg_hdr->type;
		s->d1->r_msg_hdr.type = msg_hdr->type;
		s->d1->r_msg_hdr.seq = msg_hdr->seq;
	} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
		/*
		 * They must be playing with us! BTW, failure to enforce
		 * upper limit would open possibility for buffer overrun.
		 */
		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
		    SSL_R_EXCESSIVE_MESSAGE_SIZE);
		return SSL_AD_ILLEGAL_PARAMETER;
	}

	return 0; /* no error */
}

static int
dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
{
	/*
	 * (0) check whether the desired fragment is available
	 * if so:
	 * (1) copy over the fragment to s->init_buf->data[]
	 * (2) update s->init_num
	 */
	pitem *item;
	hm_fragment *frag;
	int al;

	*ok = 0;
	item = pqueue_peek(s->d1->buffered_messages);
	if (item == NULL)
		return 0;

	frag = (hm_fragment *)item->data;

	/* Don't return if reassembly still in progress */
	if (frag->reassembly != NULL)
		return 0;

	if (s->d1->handshake_read_seq == frag->msg_header.seq) {
		unsigned long frag_len = frag->msg_header.frag_len;
		pqueue_pop(s->d1->buffered_messages);

		al = dtls1_preprocess_fragment(s, &frag->msg_header, max);

		if (al == 0) /* no alert */
		{
			unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
			memcpy(&p[frag->msg_header.frag_off],
			    frag->fragment, frag->msg_header.frag_len);
		}

		dtls1_hm_fragment_free(frag);
		pitem_free(item);

		if (al == 0) {
			*ok = 1;
			return frag_len;
		}

		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		s->init_num = 0;
		*ok = 0;
		return -1;
	} else
		return 0;
}

/*
 * dtls1_max_handshake_message_len returns the maximum number of bytes
 * permitted in a DTLS handshake message for |s|. The minimum is 16KB,
 * but may be greater if the maximum certificate list size requires it.
 */
static unsigned long
dtls1_max_handshake_message_len(const SSL *s)
{
	unsigned long max_len;

	max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
	if (max_len < (unsigned long)s->max_cert_list)
		return s->max_cert_list;
	return max_len;
}

static int
dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
{
	hm_fragment *frag = NULL;







|


|
|
|

<
|



|
|
|


|










|













|
|
|




|
|

|
|



















<
|




<
|



|





|

|



|
|
|
|
|
|




<
|












|
|






|









|

|





|













|

















|
|







399
400
401
402
403
404
405
406
407
408
409
410
411
412

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477

478
479
480
481
482

483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508

509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
{
	int i, al;
	struct hm_header_st *msg_hdr;
	unsigned char *p;
	unsigned long msg_len;

	/*
	 * s3->internal->tmp is used to store messages that are unexpected, caused
	 * by the absence of an optional handshake message
	 */
	if (S3I(s)->tmp.reuse_message) {
		S3I(s)->tmp.reuse_message = 0;
		if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;

			SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}
		*ok = 1;
		s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
		s->internal->init_num = (int)S3I(s)->tmp.message_size;
		return s->internal->init_num;
	}

	msg_hdr = &D1I(s)->r_msg_hdr;
	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

again:
	i = dtls1_get_message_fragment(s, st1, stn, max, ok);
	if (i == DTLS1_HM_BAD_FRAGMENT ||
	    i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
		goto again;
	else if (i <= 0 && !*ok)
		return i;

	p = (unsigned char *)s->internal->init_buf->data;
	msg_len = msg_hdr->msg_len;

	/* reconstruct message header */
	*(p++) = msg_hdr->type;
	l2n3(msg_len, p);
	s2n (msg_hdr->seq, p);
	l2n3(0, p);
	l2n3(msg_len, p);

	p -= DTLS1_HM_HEADER_LENGTH;
	msg_len += DTLS1_HM_HEADER_LENGTH;

	tls1_finish_mac(s, p, msg_len);
	if (s->internal->msg_callback)
		s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
		    s, s->internal->msg_callback_arg);

	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

	/* Don't change sequence numbers while listening */
	if (!D1I(s)->listen)
		D1I(s)->handshake_read_seq++;

	s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
	return s->internal->init_num;

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	*ok = 0;
	return -1;
}


static int
dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
{
	size_t frag_off, frag_len, msg_len;

	msg_len = msg_hdr->msg_len;
	frag_off = msg_hdr->frag_off;
	frag_len = msg_hdr->frag_len;

	/* sanity checking */
	if ((frag_off + frag_len) > msg_len) {

		SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
		return SSL_AD_ILLEGAL_PARAMETER;
	}

	if ((frag_off + frag_len) > (unsigned long)max) {

		SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
		return SSL_AD_ILLEGAL_PARAMETER;
	}

	if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */
	{
		/*
		 * msg_len is limited to 2^24, but is effectively checked
		 * against max above
		 */
		if (!BUF_MEM_grow_clean(s->internal->init_buf,
		    msg_len + DTLS1_HM_HEADER_LENGTH)) {
			SSLerror(s, ERR_R_BUF_LIB);
			return SSL_AD_INTERNAL_ERROR;
		}

		S3I(s)->tmp.message_size = msg_len;
		D1I(s)->r_msg_hdr.msg_len = msg_len;
		S3I(s)->tmp.message_type = msg_hdr->type;
		D1I(s)->r_msg_hdr.type = msg_hdr->type;
		D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
	} else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
		/*
		 * They must be playing with us! BTW, failure to enforce
		 * upper limit would open possibility for buffer overrun.
		 */

		SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
		return SSL_AD_ILLEGAL_PARAMETER;
	}

	return 0; /* no error */
}

static int
dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
{
	/*
	 * (0) check whether the desired fragment is available
	 * if so:
	 * (1) copy over the fragment to s->internal->init_buf->data[]
	 * (2) update s->internal->init_num
	 */
	pitem *item;
	hm_fragment *frag;
	int al;

	*ok = 0;
	item = pqueue_peek(D1I(s)->buffered_messages);
	if (item == NULL)
		return 0;

	frag = (hm_fragment *)item->data;

	/* Don't return if reassembly still in progress */
	if (frag->reassembly != NULL)
		return 0;

	if (D1I(s)->handshake_read_seq == frag->msg_header.seq) {
		unsigned long frag_len = frag->msg_header.frag_len;
		pqueue_pop(D1I(s)->buffered_messages);

		al = dtls1_preprocess_fragment(s, &frag->msg_header, max);

		if (al == 0) /* no alert */
		{
			unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
			memcpy(&p[frag->msg_header.frag_off],
			    frag->fragment, frag->msg_header.frag_len);
		}

		dtls1_hm_fragment_free(frag);
		pitem_free(item);

		if (al == 0) {
			*ok = 1;
			return frag_len;
		}

		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		s->internal->init_num = 0;
		*ok = 0;
		return -1;
	} else
		return 0;
}

/*
 * dtls1_max_handshake_message_len returns the maximum number of bytes
 * permitted in a DTLS handshake message for |s|. The minimum is 16KB,
 * but may be greater if the maximum certificate list size requires it.
 */
static unsigned long
dtls1_max_handshake_message_len(const SSL *s)
{
	unsigned long max_len;

	max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
	if (max_len < (unsigned long)s->internal->max_cert_list)
		return s->internal->max_cert_list;
	return max_len;
}

static int
dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
{
	hm_fragment *frag = NULL;
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
		goto err;
	}

	/* Try to find item in queue */
	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
	seq64be[7] = (unsigned char)msg_hdr->seq;
	item = pqueue_find(s->d1->buffered_messages, seq64be);

	if (item == NULL) {
		frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
		if (frag == NULL)
			goto err;
		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
		frag->msg_header.frag_len = frag->msg_header.msg_len;







|







600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
		goto err;
	}

	/* Try to find item in queue */
	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
	seq64be[7] = (unsigned char)msg_hdr->seq;
	item = pqueue_find(D1I(s)->buffered_messages, seq64be);

	if (item == NULL) {
		frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
		if (frag == NULL)
			goto err;
		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
		frag->msg_header.frag_len = frag->msg_header.msg_len;
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
	 * If message is already reassembled, this must be a
	 * retransmit and can be dropped.
	 */
	if (frag->reassembly == NULL) {
		unsigned char devnull [256];

		while (frag_len) {
			i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
			    devnull, frag_len > sizeof(devnull) ?
			    sizeof(devnull) : frag_len, 0);
			if (i <= 0)
				goto err;
			frag_len -= i;
		}
		i = DTLS1_HM_FRAGMENT_RETRY;
		goto err;
	}

	/* read the body of the fragment (header has already been read */
	i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
	    frag->fragment + msg_hdr->frag_off, frag_len, 0);
	if (i <= 0 || (unsigned long)i != frag_len)
		goto err;

	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
	    (long)(msg_hdr->frag_off + frag_len));








|











|







626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
	 * If message is already reassembled, this must be a
	 * retransmit and can be dropped.
	 */
	if (frag->reassembly == NULL) {
		unsigned char devnull [256];

		while (frag_len) {
			i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
			    devnull, frag_len > sizeof(devnull) ?
			    sizeof(devnull) : frag_len, 0);
			if (i <= 0)
				goto err;
			frag_len -= i;
		}
		i = DTLS1_HM_FRAGMENT_RETRY;
		goto err;
	}

	/* read the body of the fragment (header has already been read */
	i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
	    frag->fragment + msg_hdr->frag_off, frag_len, 0);
	if (i <= 0 || (unsigned long)i != frag_len)
		goto err;

	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
	    (long)(msg_hdr->frag_off + frag_len));

669
670
671
672
673
674
675
676
677
678
679
680
681
682
683

		item = pitem_new(seq64be, frag);
		if (item == NULL) {
			i = -1;
			goto err;
		}

		pqueue_insert(s->d1->buffered_messages, item);
	}

	return DTLS1_HM_FRAGMENT_RETRY;

err:
	if (item == NULL && frag != NULL)
		dtls1_hm_fragment_free(frag);







|







665
666
667
668
669
670
671
672
673
674
675
676
677
678
679

		item = pitem_new(seq64be, frag);
		if (item == NULL) {
			i = -1;
			goto err;
		}

		pqueue_insert(D1I(s)->buffered_messages, item);
	}

	return DTLS1_HM_FRAGMENT_RETRY;

err:
	if (item == NULL && frag != NULL)
		dtls1_hm_fragment_free(frag);
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
	if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
		goto err;

	/* Try to find item in queue, to prevent duplicate entries */
	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
	seq64be[7] = (unsigned char) msg_hdr->seq;
	item = pqueue_find(s->d1->buffered_messages, seq64be);

	/*
	 * If we already have an entry and this one is a fragment,
	 * don't discard it and rather try to reassemble it.
	 */
	if (item != NULL && frag_len < msg_hdr->msg_len)
		item = NULL;

	/*
	 * Discard the message if sequence number was already there, is
	 * too far in the future, already in the queue or if we received
	 * a FINISHED before the SERVER_HELLO, which then must be a stale
	 * retransmit.
	 */
	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
	    msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
	    (s->d1->handshake_read_seq == 0 &&
	    msg_hdr->type == SSL3_MT_FINISHED)) {
		unsigned char devnull [256];

		while (frag_len) {
			i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
			    devnull, frag_len > sizeof(devnull) ?
			    sizeof(devnull) : frag_len, 0);
			if (i <= 0)
				goto err;
			frag_len -= i;
		}
	} else {







|














|
|
|




|







694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
	if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
		goto err;

	/* Try to find item in queue, to prevent duplicate entries */
	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
	seq64be[7] = (unsigned char) msg_hdr->seq;
	item = pqueue_find(D1I(s)->buffered_messages, seq64be);

	/*
	 * If we already have an entry and this one is a fragment,
	 * don't discard it and rather try to reassemble it.
	 */
	if (item != NULL && frag_len < msg_hdr->msg_len)
		item = NULL;

	/*
	 * Discard the message if sequence number was already there, is
	 * too far in the future, already in the queue or if we received
	 * a FINISHED before the SERVER_HELLO, which then must be a stale
	 * retransmit.
	 */
	if (msg_hdr->seq <= D1I(s)->handshake_read_seq ||
	    msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL ||
	    (D1I(s)->handshake_read_seq == 0 &&
	    msg_hdr->type == SSL3_MT_FINISHED)) {
		unsigned char devnull [256];

		while (frag_len) {
			i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
			    devnull, frag_len > sizeof(devnull) ?
			    sizeof(devnull) : frag_len, 0);
			if (i <= 0)
				goto err;
			frag_len -= i;
		}
	} else {
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
		if (frag == NULL)
			goto err;

		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));

		if (frag_len) {
			/* read the body of the fragment (header has already been read */
			i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
			    frag->fragment, frag_len, 0);
			if (i <= 0 || (unsigned long)i != frag_len)
				goto err;
		}

		memset(seq64be, 0, sizeof(seq64be));
		seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
		seq64be[7] = (unsigned char)(msg_hdr->seq);

		item = pitem_new(seq64be, frag);
		if (item == NULL)
			goto err;

		pqueue_insert(s->d1->buffered_messages, item);
	}

	return DTLS1_HM_FRAGMENT_RETRY;

err:
	if (item == NULL && frag != NULL)
		dtls1_hm_fragment_free(frag);







|













|







738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
		if (frag == NULL)
			goto err;

		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));

		if (frag_len) {
			/* read the body of the fragment (header has already been read */
			i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
			    frag->fragment, frag_len, 0);
			if (i <= 0 || (unsigned long)i != frag_len)
				goto err;
		}

		memset(seq64be, 0, sizeof(seq64be));
		seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
		seq64be[7] = (unsigned char)(msg_hdr->seq);

		item = pitem_new(seq64be, frag);
		if (item == NULL)
			goto err;

		pqueue_insert(D1I(s)->buffered_messages, item);
	}

	return DTLS1_HM_FRAGMENT_RETRY;

err:
	if (item == NULL && frag != NULL)
		dtls1_hm_fragment_free(frag);
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
	int i, al;
	struct hm_header_st msg_hdr;

again:
	/* see if we have the required fragment already */
	if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
		if (*ok)
			s->init_num = frag_len;
		return frag_len;
	}

	/* read handshake message header */
	i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
	    DTLS1_HM_HEADER_LENGTH, 0);
	if (i <= 0) 	/* nbio, or an error */
	{
		s->rwstate = SSL_READING;
		*ok = 0;
		return i;
	}
	/* Handshake fails if message header is incomplete */
	if (i != DTLS1_HM_HEADER_LENGTH ||
	    /* parse the message fragment header */
	    dtls1_get_message_header(wire, &msg_hdr) == 0) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
		    SSL_R_UNEXPECTED_MESSAGE);
		goto f_err;
	}

	/*
	 * if this is a future (or stale) message it gets buffered
	 * (or dropped)--no further processing at this time
	 * While listening, we accept seq 1 (ClientHello with cookie)
	 * although we're still expecting seq 0 (ClientHello)
	 */
	if (msg_hdr.seq != s->d1->handshake_read_seq &&
	    !(s->d1->listen && msg_hdr.seq == 1))
		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);

	len = msg_hdr.msg_len;
	frag_off = msg_hdr.frag_off;
	frag_len = msg_hdr.frag_len;

	if (frag_len && frag_len < len)
		return dtls1_reassemble_fragment(s, &msg_hdr, ok);

	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
	    wire[0] == SSL3_MT_HELLO_REQUEST) {
		/*
		 * The server may always send 'Hello Request' messages --
		 * we are doing a handshake anyway now, so ignore them
		 * if their format is correct. Does not count for
		 * 'Finished' MAC.
		 */
		if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
			if (s->msg_callback)
				s->msg_callback(0, s->version,
				    SSL3_RT_HANDSHAKE, wire,
				    DTLS1_HM_HEADER_LENGTH, s,
				    s->msg_callback_arg);

			s->init_num = 0;
			goto again;
		}
		else /* Incorrectly formated Hello request */
		{
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
			    SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}
	}

	if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
		goto f_err;

	/* XDTLS:  ressurect this when restart is in place */
	s->state = stn;

	if (frag_len > 0) {
		unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;

		i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
		    &p[frag_off], frag_len, 0);
		/* XDTLS:  fix this--message fragments cannot span multiple packets */
		if (i <= 0) {
			s->rwstate = SSL_READING;
			*ok = 0;
			return i;
		}
	} else
		i = 0;

	/*
	 * XDTLS:  an incorrectly formatted fragment should cause the
	 * handshake to fail
	 */
	if (i != (int)frag_len) {
		al = SSL3_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
		    SSL3_AD_ILLEGAL_PARAMETER);
		goto f_err;
	}

	*ok = 1;

	/*
	 * Note that s->init_num is *not* used as current offset in
	 * s->init_buf->data, but as a counter summing up fragments'
	 * lengths: as soon as they sum up to handshake packet
	 * length, we assume we have got all the fragments.
	 */
	s->init_num = frag_len;
	return frag_len;

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	s->init_num = 0;

	*ok = 0;
	return (-1);
}

/*
 * for these 2 messages, we need to
 * ssl->enc_read_ctx			re-init
 * ssl->s3->read_sequence		zero
 * ssl->s3->read_mac_secret		re-init
 * ssl->session->read_sym_enc		assign
 * ssl->session->read_hash		assign
 */
int
dtls1_send_change_cipher_spec(SSL *s, int a, int b)
{
	unsigned char *p;

	if (s->state == a) {
		p = (unsigned char *)s->init_buf->data;
		*p++=SSL3_MT_CCS;
		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
		s->init_num = DTLS1_CCS_HEADER_LENGTH;

		s->init_off = 0;

		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
		    s->d1->handshake_write_seq, 0, 0);

		/* buffer the message to handle re-xmits */
		dtls1_buffer_message(s, 1);

		s->state = b;
	}

	/* SSL3_ST_CW_CHANGE_B */
	return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
}

static int
dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
{
	int n;
	unsigned char *p;

	n = i2d_X509(x, NULL);
	if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
		SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
		return 0;
	}
	p = (unsigned char *)&(buf->data[*l]);
	l2n3(n, p);
	i2d_X509(x, &p);
	*l += n + 3;

	return 1;
}

unsigned long
dtls1_output_cert_chain(SSL *s, X509 *x)
{
	unsigned char *p;
	int i;
	unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
	BUF_MEM *buf;

	/* TLSv1 sends a chain with nothing in it, instead of an alert */
	buf = s->init_buf;
	if (!BUF_MEM_grow_clean(buf, 10)) {
		SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
		return (0);
	}
	if (x != NULL) {
		X509_STORE_CTX xs_ctx;

		if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
		    x, NULL)) {
			SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
			return (0);
		}

		X509_verify_cert(&xs_ctx);
		/* Don't leave errors in the queue */
		ERR_clear_error();
		for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
			x = sk_X509_value(xs_ctx.chain, i);

			if (!dtls1_add_cert_to_buf(buf, &l, x)) {
				X509_STORE_CTX_cleanup(&xs_ctx);
				return 0;
			}
		}
		X509_STORE_CTX_cleanup(&xs_ctx);
	}
	/* Thawte special :-) */
	for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
		x = sk_X509_value(s->ctx->extra_certs, i);
		if (!dtls1_add_cert_to_buf(buf, &l, x))
			return 0;
	}

	l -= (3 + DTLS1_HM_HEADER_LENGTH);

	p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
	l2n3(l, p);
	l += 3;
	p = (unsigned char *)&(buf->data[0]);
	p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);

	l += DTLS1_HM_HEADER_LENGTH;
	return (l);
}

int
dtls1_read_failed(SSL *s, int code)
{
	if (code > 0) {
#ifdef DEBUG
		fprintf(stderr, "invalid state reached %s:%d",
		    __FILE__, __LINE__);







|




|



|








<
|









|
|









|








|
|


|

|





<
|








|


|

|



|












<
|






|
|



|




|








|
|








|
|

|
|

|


|




|






<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801

802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843

844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874

875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931










































































932
933
934
935
936
937
938
	int i, al;
	struct hm_header_st msg_hdr;

again:
	/* see if we have the required fragment already */
	if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
		if (*ok)
			s->internal->init_num = frag_len;
		return frag_len;
	}

	/* read handshake message header */
	i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
	    DTLS1_HM_HEADER_LENGTH, 0);
	if (i <= 0) 	/* nbio, or an error */
	{
		s->internal->rwstate = SSL_READING;
		*ok = 0;
		return i;
	}
	/* Handshake fails if message header is incomplete */
	if (i != DTLS1_HM_HEADER_LENGTH ||
	    /* parse the message fragment header */
	    dtls1_get_message_header(wire, &msg_hdr) == 0) {
		al = SSL_AD_UNEXPECTED_MESSAGE;

		SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
		goto f_err;
	}

	/*
	 * if this is a future (or stale) message it gets buffered
	 * (or dropped)--no further processing at this time
	 * While listening, we accept seq 1 (ClientHello with cookie)
	 * although we're still expecting seq 0 (ClientHello)
	 */
	if (msg_hdr.seq != D1I(s)->handshake_read_seq &&
	    !(D1I(s)->listen && msg_hdr.seq == 1))
		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);

	len = msg_hdr.msg_len;
	frag_off = msg_hdr.frag_off;
	frag_len = msg_hdr.frag_len;

	if (frag_len && frag_len < len)
		return dtls1_reassemble_fragment(s, &msg_hdr, ok);

	if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 &&
	    wire[0] == SSL3_MT_HELLO_REQUEST) {
		/*
		 * The server may always send 'Hello Request' messages --
		 * we are doing a handshake anyway now, so ignore them
		 * if their format is correct. Does not count for
		 * 'Finished' MAC.
		 */
		if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
			if (s->internal->msg_callback)
				s->internal->msg_callback(0, s->version,
				    SSL3_RT_HANDSHAKE, wire,
				    DTLS1_HM_HEADER_LENGTH, s,
				    s->internal->msg_callback_arg);

			s->internal->init_num = 0;
			goto again;
		}
		else /* Incorrectly formated Hello request */
		{
			al = SSL_AD_UNEXPECTED_MESSAGE;

			SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}
	}

	if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
		goto f_err;

	/* XDTLS:  ressurect this when restart is in place */
	s->internal->state = stn;

	if (frag_len > 0) {
		unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;

		i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
		    &p[frag_off], frag_len, 0);
		/* XDTLS:  fix this--message fragments cannot span multiple packets */
		if (i <= 0) {
			s->internal->rwstate = SSL_READING;
			*ok = 0;
			return i;
		}
	} else
		i = 0;

	/*
	 * XDTLS:  an incorrectly formatted fragment should cause the
	 * handshake to fail
	 */
	if (i != (int)frag_len) {
		al = SSL3_AD_ILLEGAL_PARAMETER;

		SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER);
		goto f_err;
	}

	*ok = 1;

	/*
	 * Note that s->internal->init_num is *not* used as current offset in
	 * s->internal->init_buf->data, but as a counter summing up fragments'
	 * lengths: as soon as they sum up to handshake packet
	 * length, we assume we have got all the fragments.
	 */
	s->internal->init_num = frag_len;
	return frag_len;

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	s->internal->init_num = 0;

	*ok = 0;
	return (-1);
}

/*
 * for these 2 messages, we need to
 * ssl->enc_read_ctx			re-init
 * ssl->s3->internal->read_sequence		zero
 * ssl->s3->internal->read_mac_secret		re-init
 * ssl->session->read_sym_enc		assign
 * ssl->session->read_hash		assign
 */
int
dtls1_send_change_cipher_spec(SSL *s, int a, int b)
{
	unsigned char *p;

	if (s->internal->state == a) {
		p = (unsigned char *)s->internal->init_buf->data;
		*p++=SSL3_MT_CCS;
		D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
		s->internal->init_num = DTLS1_CCS_HEADER_LENGTH;

		s->internal->init_off = 0;

		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
		    D1I(s)->handshake_write_seq, 0, 0);

		/* buffer the message to handle re-xmits */
		dtls1_buffer_message(s, 1);

		s->internal->state = b;
	}

	/* SSL3_ST_CW_CHANGE_B */
	return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
}











































































int
dtls1_read_failed(SSL *s, int code)
{
	if (code > 0) {
#ifdef DEBUG
		fprintf(stderr, "invalid state reached %s:%d",
		    __FILE__, __LINE__);
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134

	/* Buffer the messsage in order to handle DTLS retransmissions. */

	/*
	 * This function is called immediately after a message has
	 * been serialized
	 */
	OPENSSL_assert(s->init_off == 0);

	frag = dtls1_hm_fragment_new(s->init_num, 0);
	if (frag == NULL)
		return 0;

	memcpy(frag->fragment, s->init_buf->data, s->init_num);

	if (is_ccs) {
		OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
		    ((s->version == DTLS1_VERSION) ?
		    DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
	} else {
		OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
		    DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
	}

	frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
	frag->msg_header.seq = s->d1->w_msg_hdr.seq;
	frag->msg_header.type = s->d1->w_msg_hdr.type;
	frag->msg_header.frag_off = 0;
	frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
	frag->msg_header.is_ccs = is_ccs;

	/* save current state*/
	frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
	frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
	frag->msg_header.saved_retransmit_state.session = s->session;
	frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;

	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
	    frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
	seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
	    frag->msg_header.seq, frag->msg_header.is_ccs));








|

|



|


|

|

|
|


|
|
|

|



|
|

|







1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053

	/* Buffer the messsage in order to handle DTLS retransmissions. */

	/*
	 * This function is called immediately after a message has
	 * been serialized
	 */
	OPENSSL_assert(s->internal->init_off == 0);

	frag = dtls1_hm_fragment_new(s->internal->init_num, 0);
	if (frag == NULL)
		return 0;

	memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num);

	if (is_ccs) {
		OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
		    ((s->version == DTLS1_VERSION) ?
		    DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->internal->init_num);
	} else {
		OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
		    DTLS1_HM_HEADER_LENGTH == (unsigned int)s->internal->init_num);
	}

	frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len;
	frag->msg_header.seq = D1I(s)->w_msg_hdr.seq;
	frag->msg_header.type = D1I(s)->w_msg_hdr.type;
	frag->msg_header.frag_off = 0;
	frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len;
	frag->msg_header.is_ccs = is_ccs;

	/* save current state*/
	frag->msg_header.saved_retransmit_state.enc_write_ctx = s->internal->enc_write_ctx;
	frag->msg_header.saved_retransmit_state.write_hash = s->internal->write_hash;
	frag->msg_header.saved_retransmit_state.session = s->session;
	frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch;

	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
	    frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
	seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
	    frag->msg_header.seq, frag->msg_header.is_ccs));

1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
	hm_fragment *frag;
	unsigned long header_length;
	unsigned char seq64be[8];
	struct dtls1_retransmit_state saved_state;
	unsigned char save_write_sequence[8];

	/*
	  OPENSSL_assert(s->init_num == 0);
	  OPENSSL_assert(s->init_off == 0);
	 */

	/* XDTLS:  the requested message ought to be found, otherwise error */
	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char)(seq >> 8);
	seq64be[7] = (unsigned char)seq;








|
|







1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
	hm_fragment *frag;
	unsigned long header_length;
	unsigned char seq64be[8];
	struct dtls1_retransmit_state saved_state;
	unsigned char save_write_sequence[8];

	/*
	  OPENSSL_assert(s->internal->init_num == 0);
	  OPENSSL_assert(s->internal->init_off == 0);
	 */

	/* XDTLS:  the requested message ought to be found, otherwise error */
	memset(seq64be, 0, sizeof(seq64be));
	seq64be[6] = (unsigned char)(seq >> 8);
	seq64be[7] = (unsigned char)seq;

1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
	frag = (hm_fragment *)item->data;

	if (frag->msg_header.is_ccs)
		header_length = DTLS1_CCS_HEADER_LENGTH;
	else
		header_length = DTLS1_HM_HEADER_LENGTH;

	memcpy(s->init_buf->data, frag->fragment,
	    frag->msg_header.msg_len + header_length);
	s->init_num = frag->msg_header.msg_len + header_length;

	dtls1_set_message_header_int(s, frag->msg_header.type,
	    frag->msg_header.msg_len, frag->msg_header.seq, 0,
	    frag->msg_header.frag_len);

	/* save current state */
	saved_state.enc_write_ctx = s->enc_write_ctx;
	saved_state.write_hash = s->write_hash;
	saved_state.session = s->session;
	saved_state.epoch = s->d1->w_epoch;

	s->d1->retransmitting = 1;

	/* restore state in which the message was originally sent */
	s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
	s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
	s->session = frag->msg_header.saved_retransmit_state.session;
	s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;

	if (frag->msg_header.saved_retransmit_state.epoch ==
	    saved_state.epoch - 1) {
		memcpy(save_write_sequence, s->s3->write_sequence,
		    sizeof(s->s3->write_sequence));
		memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
		    sizeof(s->s3->write_sequence));
	}

	ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
	    SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);

	/* restore current state */
	s->enc_write_ctx = saved_state.enc_write_ctx;
	s->write_hash = saved_state.write_hash;
	s->session = saved_state.session;
	s->d1->w_epoch = saved_state.epoch;

	if (frag->msg_header.saved_retransmit_state.epoch ==
	    saved_state.epoch - 1) {
		memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
		    sizeof(s->s3->write_sequence));
		memcpy(s->s3->write_sequence, save_write_sequence,
		    sizeof(s->s3->write_sequence));
	}

	s->d1->retransmitting = 0;

	(void)BIO_flush(SSL_get_wbio(s));
	return ret;
}

/* call this function when the buffered messages are no longer needed */
void
dtls1_clear_record_buffer(SSL *s)
{
	pitem *item;

	for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
	    item = pqueue_pop(s->d1->sent_messages)) {
		dtls1_hm_fragment_free((hm_fragment *)item->data);
		pitem_free(item);
	}
}

unsigned char *
dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
    unsigned long len, unsigned long frag_off, unsigned long frag_len)
{
	/* Don't change sequence numbers while listening */
	if (frag_off == 0 && !s->d1->listen) {
		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
		s->d1->next_handshake_write_seq++;
	}

	dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
	    frag_off, frag_len);

	return p += DTLS1_HM_HEADER_LENGTH;
}

/* don't actually do the writing, wait till the MTU has been retrieved */
static void
dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
    unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
{
	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

	msg_hdr->type = mt;
	msg_hdr->msg_len = len;
	msg_hdr->seq = seq_num;
	msg_hdr->frag_off = frag_off;
	msg_hdr->frag_len = frag_len;
}

static void
dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

	msg_hdr->frag_off = frag_off;
	msg_hdr->frag_len = frag_len;
}

static unsigned char *
dtls1_write_message_header(SSL *s, unsigned char *p)
{
	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

	*p++ = msg_hdr->type;
	l2n3(msg_hdr->msg_len, p);

	s2n(msg_hdr->seq, p);
	l2n3(msg_hdr->frag_off, p);
	l2n3(msg_hdr->frag_len, p);







|

|






|
|

|

|


|
|

|



|
|
|
|






|
|

|



|
|
|
|


|


















|
|
|


|
|
|


|

<
<







|











|








|







1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181


1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
	frag = (hm_fragment *)item->data;

	if (frag->msg_header.is_ccs)
		header_length = DTLS1_CCS_HEADER_LENGTH;
	else
		header_length = DTLS1_HM_HEADER_LENGTH;

	memcpy(s->internal->init_buf->data, frag->fragment,
	    frag->msg_header.msg_len + header_length);
	s->internal->init_num = frag->msg_header.msg_len + header_length;

	dtls1_set_message_header_int(s, frag->msg_header.type,
	    frag->msg_header.msg_len, frag->msg_header.seq, 0,
	    frag->msg_header.frag_len);

	/* save current state */
	saved_state.enc_write_ctx = s->internal->enc_write_ctx;
	saved_state.write_hash = s->internal->write_hash;
	saved_state.session = s->session;
	saved_state.epoch = D1I(s)->w_epoch;

	D1I(s)->retransmitting = 1;

	/* restore state in which the message was originally sent */
	s->internal->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
	s->internal->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
	s->session = frag->msg_header.saved_retransmit_state.session;
	D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch;

	if (frag->msg_header.saved_retransmit_state.epoch ==
	    saved_state.epoch - 1) {
		memcpy(save_write_sequence, S3I(s)->write_sequence,
		    sizeof(S3I(s)->write_sequence));
		memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence,
		    sizeof(S3I(s)->write_sequence));
	}

	ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
	    SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);

	/* restore current state */
	s->internal->enc_write_ctx = saved_state.enc_write_ctx;
	s->internal->write_hash = saved_state.write_hash;
	s->session = saved_state.session;
	D1I(s)->w_epoch = saved_state.epoch;

	if (frag->msg_header.saved_retransmit_state.epoch ==
	    saved_state.epoch - 1) {
		memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence,
		    sizeof(S3I(s)->write_sequence));
		memcpy(S3I(s)->write_sequence, save_write_sequence,
		    sizeof(S3I(s)->write_sequence));
	}

	D1I(s)->retransmitting = 0;

	(void)BIO_flush(SSL_get_wbio(s));
	return ret;
}

/* call this function when the buffered messages are no longer needed */
void
dtls1_clear_record_buffer(SSL *s)
{
	pitem *item;

	for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
	    item = pqueue_pop(s->d1->sent_messages)) {
		dtls1_hm_fragment_free((hm_fragment *)item->data);
		pitem_free(item);
	}
}

void
dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
    unsigned long frag_off, unsigned long frag_len)
{
	/* Don't change sequence numbers while listening */
	if (frag_off == 0 && !D1I(s)->listen) {
		D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
		D1I(s)->next_handshake_write_seq++;
	}

	dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq,
	    frag_off, frag_len);


}

/* don't actually do the writing, wait till the MTU has been retrieved */
static void
dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
    unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
{
	struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;

	msg_hdr->type = mt;
	msg_hdr->msg_len = len;
	msg_hdr->seq = seq_num;
	msg_hdr->frag_off = frag_off;
	msg_hdr->frag_len = frag_len;
}

static void
dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
	struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;

	msg_hdr->frag_off = frag_off;
	msg_hdr->frag_len = frag_len;
}

static unsigned char *
dtls1_write_message_header(SSL *s, unsigned char *p)
{
	struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;

	*p++ = msg_hdr->type;
	l2n3(msg_hdr->msg_len, p);

	s2n(msg_hdr->seq, p);
	l2n3(msg_hdr->frag_off, p);
	l2n3(msg_hdr->frag_len, p);
Changes to jni/libressl/ssl/d1_clnt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_clnt.c,v 1.74 2017/02/07 02:08:38 beck Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
123
124
125
126
127
128
129
130
131
132
133
134


135
136
137
138
139
140
141
142
143




144
145
146
147
148




149

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>

#include "bytestring.h"

static const SSL_METHOD *dtls1_get_client_method(int ver);
static int dtls1_get_hello_verify(SSL *s);

const SSL_METHOD DTLSv1_client_method_data = {
	.version = DTLS1_VERSION,


	.ssl_new = dtls1_new,
	.ssl_clear = dtls1_clear,
	.ssl_free = dtls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = dtls1_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = dtls1_shutdown,




	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = dtls1_get_message,
	.ssl_read_bytes = dtls1_read_bytes,
	.ssl_write_bytes = dtls1_write_app_data_bytes,




	.ssl_dispatch_alert = dtls1_dispatch_alert,

	.ssl_ctrl = dtls1_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = dtls1_get_cipher,
	.get_ssl_method = dtls1_get_client_method,
	.get_timeout = dtls1_default_timeout,
	.ssl3_enc = &DTLSv1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD *
DTLSv1_client_method(void)
{
	return &DTLSv1_client_method_data;
}

static const SSL_METHOD *
dtls1_get_client_method(int ver)
{
	if (ver == DTLS1_VERSION)
		return (DTLSv1_client_method());
	return (NULL);
}

int
dtls1_connect(SSL *s)
{
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	int ret = -1;
	int new_state, state, skip = 0;

	ERR_clear_error();
	errno = 0;

	if (s->info_callback != NULL)
		cb = s->info_callback;
	else if (s->ctx->info_callback != NULL)
		cb = s->ctx->info_callback;

	s->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);


	for (;;) {
		state = s->state;

		switch (s->state) {
		case SSL_ST_RENEGOTIATE:
			s->renegotiate = 1;
			s->state = SSL_ST_CONNECT;
			s->ctx->stats.sess_connect_renegotiate++;
			/* break */
		case SSL_ST_BEFORE:
		case SSL_ST_CONNECT:
		case SSL_ST_BEFORE|SSL_ST_CONNECT:
		case SSL_ST_OK|SSL_ST_CONNECT:

			s->server = 0;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) {
				SSLerr(SSL_F_DTLS1_CONNECT,
				    ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}

			/* s->version=SSL3_VERSION; */
			s->type = SSL_ST_CONNECT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl_init_wbio_buffer(s, 0)) {
				ret = -1;
				goto end;
			}

			/* don't push the buffering BIO quite yet */

			s->state = SSL3_ST_CW_CLNT_HELLO_A;
			s->ctx->stats.sess_connect++;
			s->init_num = 0;
			/* mark client_random uninitialized */
			memset(s->s3->client_random, 0,
			    sizeof(s->s3->client_random));
			s->d1->send_cookie = 0;
			s->hit = 0;
			break;


		case SSL3_ST_CW_CLNT_HELLO_A:
		case SSL3_ST_CW_CLNT_HELLO_B:

			s->shutdown = 0;

			/* every DTLS ClientHello resets Finished MAC */
			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}

			dtls1_start_timer(s);
			ret = ssl3_client_hello(s);
			if (ret <= 0)
				goto end;

			if (s->d1->send_cookie) {
				s->state = SSL3_ST_CW_FLUSH;
				s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
			} else
				s->state = SSL3_ST_CR_SRVR_HELLO_A;

			s->init_num = 0;

			/* turn on buffering for the next lot of output */
			if (s->bbio != s->wbio)
				s->wbio = BIO_push(s->bbio, s->wbio);

			break;

		case SSL3_ST_CR_SRVR_HELLO_A:
		case SSL3_ST_CR_SRVR_HELLO_B:
			ret = ssl3_get_server_hello(s);
			if (ret <= 0)
				goto end;
			else {
				if (s->hit) {

					s->state = SSL3_ST_CR_FINISHED_A;
				} else
					s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
			}
			s->init_num = 0;
			break;

		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:

			ret = dtls1_get_hello_verify(s);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);
			if ( s->d1->send_cookie) /* start again, with a cookie */
				s->state = SSL3_ST_CW_CLNT_HELLO_A;
			else
				s->state = SSL3_ST_CR_CERT_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_A:
		case SSL3_ST_CR_CERT_B:
			ret = ssl3_check_finished(s);
			if (ret <= 0)
				goto end;
			if (ret == 2) {
				s->hit = 1;
				if (s->tlsext_ticket_expected)
					s->state = SSL3_ST_CR_SESSION_TICKET_A;
				else
					s->state = SSL3_ST_CR_FINISHED_A;
				s->init_num = 0;
				break;
			}
			/* Check if it is anon DH. */
			if (!(s->s3->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				ret = ssl3_get_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->tlsext_status_expected)
					s->state = SSL3_ST_CR_CERT_STATUS_A;
				else
					s->state = SSL3_ST_CR_KEY_EXCH_A;
			} else {
				skip = 1;
				s->state = SSL3_ST_CR_KEY_EXCH_A;
			}
			s->init_num = 0;
			break;

		case SSL3_ST_CR_KEY_EXCH_A:
		case SSL3_ST_CR_KEY_EXCH_B:
			ret = ssl3_get_key_exchange(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_CERT_REQ_A;
			s->init_num = 0;

			/* at this point we check that we have the
			 * required stuff from the server */
			if (!ssl3_check_cert_and_algorithm(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_CR_CERT_REQ_A:
		case SSL3_ST_CR_CERT_REQ_B:
			ret = ssl3_get_certificate_request(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_SRVR_DONE_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_SRVR_DONE_A:
		case SSL3_ST_CR_SRVR_DONE_B:
			ret = ssl3_get_server_done(s);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);
			if (s->s3->tmp.cert_req)
				s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
			else
				s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
			s->init_num = 0;
			s->state = s->s3->tmp.next_state;
			break;

		case SSL3_ST_CW_CERT_A:
		case SSL3_ST_CW_CERT_B:
		case SSL3_ST_CW_CERT_C:
		case SSL3_ST_CW_CERT_D:
			dtls1_start_timer(s);
			ret = dtls1_send_client_certificate(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CW_KEY_EXCH_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CW_KEY_EXCH_A:
		case SSL3_ST_CW_KEY_EXCH_B:
			dtls1_start_timer(s);
			ret = ssl3_send_client_key_exchange(s);
			if (ret <= 0)
				goto end;

			/* EAY EAY EAY need to check for DH fix cert
			 * sent back */
			/* For TLS, cert_req is set to 2, so a cert chain
			 * of nothing is sent, but no verify packet is sent */
			if (s->s3->tmp.cert_req == 1) {
				s->state = SSL3_ST_CW_CERT_VRFY_A;
			} else {
				s->state = SSL3_ST_CW_CHANGE_A;
				s->s3->change_cipher_spec = 0;
			}

			s->init_num = 0;
			break;

		case SSL3_ST_CW_CERT_VRFY_A:
		case SSL3_ST_CW_CERT_VRFY_B:
			dtls1_start_timer(s);
			ret = ssl3_send_client_verify(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CW_CHANGE_A;
			s->init_num = 0;
			s->s3->change_cipher_spec = 0;
			break;

		case SSL3_ST_CW_CHANGE_A:
		case SSL3_ST_CW_CHANGE_B:
			if (!s->hit)
				dtls1_start_timer(s);
			ret = dtls1_send_change_cipher_spec(s,
			    SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
			if (ret <= 0)
				goto end;

			s->state = SSL3_ST_CW_FINISHED_A;
			s->init_num = 0;

			s->session->cipher = s->s3->tmp.new_cipher;
			if (!s->method->ssl3_enc->setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			if (!s->method->ssl3_enc->change_cipher_state(s,
			    SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
				ret = -1;
				goto end;
			}


			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
			break;

		case SSL3_ST_CW_FINISHED_A:
		case SSL3_ST_CW_FINISHED_B:
			if (!s->hit)
				dtls1_start_timer(s);
			ret = ssl3_send_finished(s,
			    SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
			    s->method->ssl3_enc->client_finished_label,
			    s->method->ssl3_enc->client_finished_label_len);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CW_FLUSH;

			/* clear flags */
			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
			if (s->hit) {
				s->s3->tmp.next_state = SSL_ST_OK;
				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
					s->state = SSL_ST_OK;
					s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
					s->s3->delay_buf_pop_ret = 0;
				}
			} else {

				/* Allow NewSessionTicket if ticket expected */
				if (s->tlsext_ticket_expected)
					s->s3->tmp.next_state =
					    SSL3_ST_CR_SESSION_TICKET_A;
				else
					s->s3->tmp.next_state =
					    SSL3_ST_CR_FINISHED_A;
			}
			s->init_num = 0;
			break;

		case SSL3_ST_CR_SESSION_TICKET_A:
		case SSL3_ST_CR_SESSION_TICKET_B:
			ret = ssl3_get_new_session_ticket(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_FINISHED_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_STATUS_A:
		case SSL3_ST_CR_CERT_STATUS_B:
			ret = ssl3_get_cert_status(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_KEY_EXCH_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_FINISHED_A:
		case SSL3_ST_CR_FINISHED_B:
			s->d1->change_cipher_spec_ok = 1;
			ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
			    SSL3_ST_CR_FINISHED_B);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);

			if (s->hit)
				s->state = SSL3_ST_CW_CHANGE_A;
			else
				s->state = SSL_ST_OK;


			s->init_num = 0;
			break;

		case SSL3_ST_CW_FLUSH:
			s->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				/* If the write error was fatal, stop trying */
				if (!BIO_should_retry(s->wbio)) {
					s->rwstate = SSL_NOTHING;
					s->state = s->s3->tmp.next_state;
				}

				ret = -1;
				goto end;
			}
			s->rwstate = SSL_NOTHING;
			s->state = s->s3->tmp.next_state;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			/* If we are not 'joining' the last two packets,
			 * remove the buffering now */
			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
				ssl_free_wbio_buffer(s);
			/* else do it later in ssl3_write */

			s->init_num = 0;
			s->renegotiate = 0;
			s->new_session = 0;

			ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
			if (s->hit)
				s->ctx->stats.sess_hit++;

			ret = 1;
			/* s->server=0; */
			s->handshake_func = dtls1_connect;
			s->ctx->stats.sess_connect_good++;

			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_DONE, 1);

			/* done with handshaking */
			s->d1->handshake_read_seq = 0;
			s->d1->next_handshake_write_seq = 0;
			goto end;
			/* break; */

		default:
			SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		/* did we do anything */
		if (!s->s3->tmp.reuse_message && !skip) {
			if (s->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}

			if ((cb != NULL) && (s->state != state)) {
				new_state = s->state;
				s->state = state;
				cb(s, SSL_CB_CONNECT_LOOP, 1);
				s->state = new_state;
			}
		}
		skip = 0;
	}

end:
	s->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_CONNECT_EXIT, ret);

	return (ret);
}

static int
dtls1_get_hello_verify(SSL *s)
{
	long n;
	int al, ok = 0;
	size_t cookie_len;
	uint16_t ssl_version;
	CBS hello_verify_request, cookie;

	n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
	    DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
		s->d1->send_cookie = 0;
		s->s3->tmp.reuse_message = 1;
		return (1);
	}

	if (n < 0)
		goto truncated;

	CBS_init(&hello_verify_request, s->init_msg, n);

	if (!CBS_get_u16(&hello_verify_request, &ssl_version))
		goto truncated;

	if (ssl_version != s->version) {
		SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
		s->version = (s->version & 0xff00) | (ssl_version & 0xff);
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
	}

	if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
		goto truncated;

	if (!CBS_write_bytes(&cookie, s->d1->cookie,
	    sizeof(s->d1->cookie), &cookie_len)) {
		s->d1->cookie_len = 0;
		al = SSL_AD_ILLEGAL_PARAMETER;
		goto f_err;
	}
	s->d1->cookie_len = cookie_len;
	s->d1->send_cookie = 1;

	return 1;

truncated:
	al = SSL_AD_DECODE_ERROR;
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	return -1;
}

int
dtls1_send_client_certificate(SSL *s)
{
	X509 *x509 = NULL;
	EVP_PKEY *pkey = NULL;
	int i;
	unsigned long l;

	if (s->state ==	SSL3_ST_CW_CERT_A) {
		if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
		    (s->cert->key->privatekey == NULL))
			s->state = SSL3_ST_CW_CERT_B;
		else
			s->state = SSL3_ST_CW_CERT_C;
	}

	/* We need to get a client cert */
	if (s->state == SSL3_ST_CW_CERT_B) {
		/* If we get an error, we need to
		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
		 * We then get retied later */
		i = 0;
		i = ssl_do_client_cert_cb(s, &x509, &pkey);
		if (i < 0) {
			s->rwstate = SSL_X509_LOOKUP;
			return (-1);
		}
		s->rwstate = SSL_NOTHING;
		if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
			s->state = SSL3_ST_CW_CERT_B;
			if (!SSL_use_certificate(s, x509) ||
			    !SSL_use_PrivateKey(s, pkey))
				i = 0;
		} else if (i == 1) {
			i = 0;
			SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
			    SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
		}

		X509_free(x509);
		EVP_PKEY_free(pkey);
		if (i == 0)
			s->s3->tmp.cert_req = 2;

		/* Ok, we have a cert */
		s->state = SSL3_ST_CW_CERT_C;
	}

	if (s->state == SSL3_ST_CW_CERT_C) {
		s->state = SSL3_ST_CW_CERT_D;
		l = dtls1_output_cert_chain(s,
		    (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
		s->init_num = (int)l;
		s->init_off = 0;

		/* set header called by dtls1_output_cert_chain() */

		/* buffer the message to handle re-xmits */
		dtls1_buffer_message(s, 0);
	}

	/* SSL3_ST_CW_CERT_D */
	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
}







<


|

>
>









>
>
>
>





>
>
>
>

>
|
<


<
<
<
|
<
<
<
<
<








|

















|
|
|
|

|





|

|

|
|
|











<
|





|
















|
|
|



|
|






|












|
|
|

|

|













|

|

|

|









|
|

|
|








|
|
|

|
|



|




|
|

|


|

|




|


|
|














|
|








|
|

|
|
|







|


|
|













|
|

|
|


|








|
|
|




|






|
|

|
|




|











|



|
|


|



|
|

|

|




|
|


|


|







|
|







|
|




|






|
|

|


|



|



|
|





|
|












|
|
|


|
|



|
|





|
|




|






|
|




|
|
|

|






|















|
|




|
|
|






|





|








|
|
|



|
|









<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
123
124
125
126
127
128
129

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

161
162



163





164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218

219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659

































































#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>

#include "bytestring.h"


static int dtls1_get_hello_verify(SSL *s);

static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
	.version = DTLS1_VERSION,
	.min_version = DTLS1_VERSION,
	.max_version = DTLS1_VERSION,
	.ssl_new = dtls1_new,
	.ssl_clear = dtls1_clear,
	.ssl_free = dtls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = dtls1_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = dtls1_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = dtls1_get_client_method,
	.get_timeout = dtls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = dtls1_get_message,
	.ssl_read_bytes = dtls1_read_bytes,
	.ssl_write_bytes = dtls1_write_app_data_bytes,
	.ssl3_enc = &DTLSv1_enc_data,
};

static const SSL_METHOD DTLSv1_client_method_data = {
	.ssl_dispatch_alert = dtls1_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = dtls1_get_cipher,

	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,



	.internal = &DTLSv1_client_method_internal_data,





};

const SSL_METHOD *
DTLSv1_client_method(void)
{
	return &DTLSv1_client_method_data;
}

const SSL_METHOD *
dtls1_get_client_method(int ver)
{
	if (ver == DTLS1_VERSION)
		return (DTLSv1_client_method());
	return (NULL);
}

int
dtls1_connect(SSL *s)
{
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	int ret = -1;
	int new_state, state, skip = 0;

	ERR_clear_error();
	errno = 0;

	if (s->internal->info_callback != NULL)
		cb = s->internal->info_callback;
	else if (s->ctx->internal->info_callback != NULL)
		cb = s->ctx->internal->info_callback;

	s->internal->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);


	for (;;) {
		state = s->internal->state;

		switch (s->internal->state) {
		case SSL_ST_RENEGOTIATE:
			s->internal->renegotiate = 1;
			s->internal->state = SSL_ST_CONNECT;
			s->ctx->internal->stats.sess_connect_renegotiate++;
			/* break */
		case SSL_ST_BEFORE:
		case SSL_ST_CONNECT:
		case SSL_ST_BEFORE|SSL_ST_CONNECT:
		case SSL_ST_OK|SSL_ST_CONNECT:

			s->server = 0;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) {

				SSLerror(s, ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}

			/* s->version=SSL3_VERSION; */
			s->internal->type = SSL_ST_CONNECT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl_init_wbio_buffer(s, 0)) {
				ret = -1;
				goto end;
			}

			/* don't push the buffering BIO quite yet */

			s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
			s->ctx->internal->stats.sess_connect++;
			s->internal->init_num = 0;
			/* mark client_random uninitialized */
			memset(s->s3->client_random, 0,
			    sizeof(s->s3->client_random));
			D1I(s)->send_cookie = 0;
			s->internal->hit = 0;
			break;


		case SSL3_ST_CW_CLNT_HELLO_A:
		case SSL3_ST_CW_CLNT_HELLO_B:

			s->internal->shutdown = 0;

			/* every DTLS ClientHello resets Finished MAC */
			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}

			dtls1_start_timer(s);
			ret = ssl3_client_hello(s);
			if (ret <= 0)
				goto end;

			if (D1I(s)->send_cookie) {
				s->internal->state = SSL3_ST_CW_FLUSH;
				S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
			} else
				s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;

			s->internal->init_num = 0;

			/* turn on buffering for the next lot of output */
			if (s->bbio != s->wbio)
				s->wbio = BIO_push(s->bbio, s->wbio);

			break;

		case SSL3_ST_CR_SRVR_HELLO_A:
		case SSL3_ST_CR_SRVR_HELLO_B:
			ret = ssl3_get_server_hello(s);
			if (ret <= 0)
				goto end;
			else {
				if (s->internal->hit) {

					s->internal->state = SSL3_ST_CR_FINISHED_A;
				} else
					s->internal->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
			}
			s->internal->init_num = 0;
			break;

		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:

			ret = dtls1_get_hello_verify(s);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);
			if ( D1I(s)->send_cookie) /* start again, with a cookie */
				s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
			else
				s->internal->state = SSL3_ST_CR_CERT_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_A:
		case SSL3_ST_CR_CERT_B:
			ret = ssl3_check_finished(s);
			if (ret <= 0)
				goto end;
			if (ret == 2) {
				s->internal->hit = 1;
				if (s->internal->tlsext_ticket_expected)
					s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
				else
					s->internal->state = SSL3_ST_CR_FINISHED_A;
				s->internal->init_num = 0;
				break;
			}
			/* Check if it is anon DH. */
			if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				ret = ssl3_get_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->internal->tlsext_status_expected)
					s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
				else
					s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
			} else {
				skip = 1;
				s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
			}
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_KEY_EXCH_A:
		case SSL3_ST_CR_KEY_EXCH_B:
			ret = ssl3_get_server_key_exchange(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_CERT_REQ_A;
			s->internal->init_num = 0;

			/* at this point we check that we have the
			 * required stuff from the server */
			if (!ssl3_check_cert_and_algorithm(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_CR_CERT_REQ_A:
		case SSL3_ST_CR_CERT_REQ_B:
			ret = ssl3_get_certificate_request(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_SRVR_DONE_A:
		case SSL3_ST_CR_SRVR_DONE_B:
			ret = ssl3_get_server_done(s);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);
			if (S3I(s)->tmp.cert_req)
				S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A;
			else
				S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
			s->internal->init_num = 0;
			s->internal->state = S3I(s)->tmp.next_state;
			break;

		case SSL3_ST_CW_CERT_A:
		case SSL3_ST_CW_CERT_B:
		case SSL3_ST_CW_CERT_C:
		case SSL3_ST_CW_CERT_D:
			dtls1_start_timer(s);
			ret = ssl3_send_client_certificate(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_KEY_EXCH_A:
		case SSL3_ST_CW_KEY_EXCH_B:
			dtls1_start_timer(s);
			ret = ssl3_send_client_key_exchange(s);
			if (ret <= 0)
				goto end;

			/* EAY EAY EAY need to check for DH fix cert
			 * sent back */
			/* For TLS, cert_req is set to 2, so a cert chain
			 * of nothing is sent, but no verify packet is sent */
			if (S3I(s)->tmp.cert_req == 1) {
				s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
			} else {
				s->internal->state = SSL3_ST_CW_CHANGE_A;
				S3I(s)->change_cipher_spec = 0;
			}

			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_CERT_VRFY_A:
		case SSL3_ST_CW_CERT_VRFY_B:
			dtls1_start_timer(s);
			ret = ssl3_send_client_verify(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CW_CHANGE_A;
			s->internal->init_num = 0;
			S3I(s)->change_cipher_spec = 0;
			break;

		case SSL3_ST_CW_CHANGE_A:
		case SSL3_ST_CW_CHANGE_B:
			if (!s->internal->hit)
				dtls1_start_timer(s);
			ret = dtls1_send_change_cipher_spec(s,
			    SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
			if (ret <= 0)
				goto end;

			s->internal->state = SSL3_ST_CW_FINISHED_A;
			s->internal->init_num = 0;

			s->session->cipher = S3I(s)->tmp.new_cipher;
			if (!tls1_setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			if (!tls1_change_cipher_state(s,
			    SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
				ret = -1;
				goto end;
			}


			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
			break;

		case SSL3_ST_CW_FINISHED_A:
		case SSL3_ST_CW_FINISHED_B:
			if (!s->internal->hit)
				dtls1_start_timer(s);
			ret = ssl3_send_finished(s,
			    SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
			    TLS_MD_CLIENT_FINISH_CONST,
			    TLS_MD_CLIENT_FINISH_CONST_SIZE);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CW_FLUSH;

			/* clear flags */
			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
			if (s->internal->hit) {
				S3I(s)->tmp.next_state = SSL_ST_OK;
				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
					s->internal->state = SSL_ST_OK;
					s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
					S3I(s)->delay_buf_pop_ret = 0;
				}
			} else {

				/* Allow NewSessionTicket if ticket expected */
				if (s->internal->tlsext_ticket_expected)
					S3I(s)->tmp.next_state =
					    SSL3_ST_CR_SESSION_TICKET_A;
				else
					S3I(s)->tmp.next_state =
					    SSL3_ST_CR_FINISHED_A;
			}
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_SESSION_TICKET_A:
		case SSL3_ST_CR_SESSION_TICKET_B:
			ret = ssl3_get_new_session_ticket(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_FINISHED_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_STATUS_A:
		case SSL3_ST_CR_CERT_STATUS_B:
			ret = ssl3_get_cert_status(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_FINISHED_A:
		case SSL3_ST_CR_FINISHED_B:
			D1I(s)->change_cipher_spec_ok = 1;
			ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
			    SSL3_ST_CR_FINISHED_B);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);

			if (s->internal->hit)
				s->internal->state = SSL3_ST_CW_CHANGE_A;
			else
				s->internal->state = SSL_ST_OK;


			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_FLUSH:
			s->internal->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				/* If the write error was fatal, stop trying */
				if (!BIO_should_retry(s->wbio)) {
					s->internal->rwstate = SSL_NOTHING;
					s->internal->state = S3I(s)->tmp.next_state;
				}

				ret = -1;
				goto end;
			}
			s->internal->rwstate = SSL_NOTHING;
			s->internal->state = S3I(s)->tmp.next_state;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			/* If we are not 'joining' the last two packets,
			 * remove the buffering now */
			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
				ssl_free_wbio_buffer(s);
			/* else do it later in ssl3_write */

			s->internal->init_num = 0;
			s->internal->renegotiate = 0;
			s->internal->new_session = 0;

			ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
			if (s->internal->hit)
				s->ctx->internal->stats.sess_hit++;

			ret = 1;
			/* s->server=0; */
			s->internal->handshake_func = dtls1_connect;
			s->ctx->internal->stats.sess_connect_good++;

			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_DONE, 1);

			/* done with handshaking */
			D1I(s)->handshake_read_seq = 0;
			D1I(s)->next_handshake_write_seq = 0;
			goto end;
			/* break; */

		default:
			SSLerror(s, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		/* did we do anything */
		if (!S3I(s)->tmp.reuse_message && !skip) {
			if (s->internal->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}

			if ((cb != NULL) && (s->internal->state != state)) {
				new_state = s->internal->state;
				s->internal->state = state;
				cb(s, SSL_CB_CONNECT_LOOP, 1);
				s->internal->state = new_state;
			}
		}
		skip = 0;
	}

end:
	s->internal->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_CONNECT_EXIT, ret);

	return (ret);
}

static int
dtls1_get_hello_verify(SSL *s)
{
	long n;
	int al, ok = 0;
	size_t cookie_len;
	uint16_t ssl_version;
	CBS hello_verify_request, cookie;

	n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
	    DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
		D1I(s)->send_cookie = 0;
		S3I(s)->tmp.reuse_message = 1;
		return (1);
	}

	if (n < 0)
		goto truncated;

	CBS_init(&hello_verify_request, s->internal->init_msg, n);

	if (!CBS_get_u16(&hello_verify_request, &ssl_version))
		goto truncated;

	if (ssl_version != s->version) {
		SSLerror(s, SSL_R_WRONG_SSL_VERSION);
		s->version = (s->version & 0xff00) | (ssl_version & 0xff);
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
	}

	if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
		goto truncated;

	if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
	    sizeof(D1I(s)->cookie), &cookie_len)) {
		D1I(s)->cookie_len = 0;
		al = SSL_AD_ILLEGAL_PARAMETER;
		goto f_err;
	}
	D1I(s)->cookie_len = cookie_len;
	D1I(s)->send_cookie = 1;

	return 1;

truncated:
	al = SSL_AD_DECODE_ERROR;
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	return -1;
}

































































Changes to jni/libressl/ssl/d1_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
	SSL3_RECORD *rec;
	EVP_CIPHER_CTX *ds;
	unsigned long l;
	int bs, i, j, k, mac_size = 0;
	const EVP_CIPHER *enc;

	if (send) {
		if (EVP_MD_CTX_md(s->write_hash)) {
			mac_size = EVP_MD_CTX_size(s->write_hash);
			if (mac_size < 0)
				return -1;
		}
		ds = s->enc_write_ctx;
		rec = &(s->s3->wrec);
		if (s->enc_write_ctx == NULL)
			enc = NULL;
		else {
			enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
			if (rec->data != rec->input) {
#ifdef DEBUG
				/* we can't write into the input stream */
				fprintf(stderr, "%s:%d: rec->data != rec->input\n",
				    __FILE__, __LINE__);
#endif
			} else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
				arc4random_buf(rec->input,
				    EVP_CIPHER_block_size(ds->cipher));
			}
		}
	} else {
		if (EVP_MD_CTX_md(s->read_hash)) {
			mac_size = EVP_MD_CTX_size(s->read_hash);
			OPENSSL_assert(mac_size >= 0);
		}
		ds = s->enc_read_ctx;
		rec = &(s->s3->rrec);
		if (s->enc_read_ctx == NULL)
			enc = NULL;
		else
			enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
	}









|
|



|
|
|


|

















|







135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
	SSL3_RECORD *rec;
	EVP_CIPHER_CTX *ds;
	unsigned long l;
	int bs, i, j, k, mac_size = 0;
	const EVP_CIPHER *enc;

	if (send) {
		if (EVP_MD_CTX_md(s->internal->write_hash)) {
			mac_size = EVP_MD_CTX_size(s->internal->write_hash);
			if (mac_size < 0)
				return -1;
		}
		ds = s->internal->enc_write_ctx;
		rec = &(S3I(s)->wrec);
		if (s->internal->enc_write_ctx == NULL)
			enc = NULL;
		else {
			enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
			if (rec->data != rec->input) {
#ifdef DEBUG
				/* we can't write into the input stream */
				fprintf(stderr, "%s:%d: rec->data != rec->input\n",
				    __FILE__, __LINE__);
#endif
			} else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
				arc4random_buf(rec->input,
				    EVP_CIPHER_block_size(ds->cipher));
			}
		}
	} else {
		if (EVP_MD_CTX_md(s->read_hash)) {
			mac_size = EVP_MD_CTX_size(s->read_hash);
			OPENSSL_assert(mac_size >= 0);
		}
		ds = s->enc_read_ctx;
		rec = &(S3I(s)->rrec);
		if (s->enc_read_ctx == NULL)
			enc = NULL;
		else
			enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
	}


Changes to jni/libressl/ssl/d1_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_lib.c,v 1.32 2015/10/07 13:20:48 bcook Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_lib.c,v 1.41 2017/02/07 02:08:38 beck Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108





109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201



202
203

204
205
206
207
208
209

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226


227

228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
#include <stdio.h>

#include <openssl/objects.h>

#include "pqueue.h"
#include "ssl_locl.h"

int dtls1_listen(SSL *s, struct sockaddr *client);

SSL3_ENC_METHOD DTLSv1_enc_data = {
	.enc = dtls1_enc,
	.mac = tls1_mac,
	.setup_key_block = tls1_setup_key_block,
	.generate_master_secret = tls1_generate_master_secret,
	.change_cipher_state = tls1_change_cipher_state,
	.final_finish_mac = tls1_final_finish_mac,
	.finish_mac_length = TLS1_FINISH_MAC_LENGTH,
	.cert_verify_mac = tls1_cert_verify_mac,
	.client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
	.client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
	.server_finished_label = TLS_MD_SERVER_FINISH_CONST,
	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
	.alert_value = tls1_alert_code,
	.export_keying_material = tls1_export_keying_material,
	.enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
};

long
dtls1_default_timeout(void)
{
	/* 2 hours, the 24 hours mentioned in the DTLSv1 spec
	 * is way too long for http, the cache would over fill */
	return (60*60*2);
}

int
dtls1_new(SSL *s)
{
	DTLS1_STATE *d1;

	if (!ssl3_new(s))
		return (0);
	if ((d1 = calloc(1, sizeof *d1)) == NULL) {





		ssl3_free(s);
		return (0);
	}

	/* d1->handshake_epoch=0; */

	d1->unprocessed_rcds.q = pqueue_new();
	d1->processed_rcds.q = pqueue_new();
	d1->buffered_messages = pqueue_new();
	d1->sent_messages = pqueue_new();
	d1->buffered_app_data.q = pqueue_new();

	if (s->server) {
		d1->cookie_len = sizeof(s->d1->cookie);
	}

	if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
	    !d1->buffered_messages || !d1->sent_messages ||
	    !d1->buffered_app_data.q) {
		pqueue_free(d1->unprocessed_rcds.q);
		pqueue_free(d1->processed_rcds.q);
		pqueue_free(d1->buffered_messages);
		pqueue_free(d1->sent_messages);
		pqueue_free(d1->buffered_app_data.q);
		free(d1);
		ssl3_free(s);
		return (0);
	}

	s->d1 = d1;
	s->method->ssl_clear(s);
	return (1);
}

static void
dtls1_clear_queues(SSL *s)
{
	pitem *item = NULL;
	hm_fragment *frag = NULL;
	DTLS1_RECORD_DATA *rdata;

	while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
		rdata = (DTLS1_RECORD_DATA *) item->data;
		free(rdata->rbuf.buf);
		free(item->data);
		pitem_free(item);
	}

	while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
		rdata = (DTLS1_RECORD_DATA *) item->data;
		free(rdata->rbuf.buf);
		free(item->data);
		pitem_free(item);
	}

	while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
		frag = (hm_fragment *)item->data;
		free(frag->fragment);
		free(frag);
		pitem_free(item);
	}

	while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
		frag = (hm_fragment *)item->data;
		free(frag->fragment);
		free(frag);
		pitem_free(item);
	}

	while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
		rdata = (DTLS1_RECORD_DATA *) item->data;
		free(rdata->rbuf.buf);
		free(item->data);
		pitem_free(item);
	}
}

void
dtls1_free(SSL *s)
{
	if (s == NULL)
		return;

	ssl3_free(s);

	dtls1_clear_queues(s);

	pqueue_free(s->d1->unprocessed_rcds.q);
	pqueue_free(s->d1->processed_rcds.q);
	pqueue_free(s->d1->buffered_messages);
	pqueue_free(s->d1->sent_messages);
	pqueue_free(s->d1->buffered_app_data.q);




	explicit_bzero(s->d1, sizeof *s->d1);
	free(s->d1);

	s->d1 = NULL;
}

void
dtls1_clear(SSL *s)
{

	pqueue unprocessed_rcds;
	pqueue processed_rcds;
	pqueue buffered_messages;
	pqueue sent_messages;
	pqueue buffered_app_data;
	unsigned int mtu;

	if (s->d1) {
		unprocessed_rcds = s->d1->unprocessed_rcds.q;
		processed_rcds = s->d1->processed_rcds.q;
		buffered_messages = s->d1->buffered_messages;
		sent_messages = s->d1->sent_messages;
		buffered_app_data = s->d1->buffered_app_data.q;
		mtu = s->d1->mtu;

		dtls1_clear_queues(s);



		memset(s->d1, 0, sizeof(*(s->d1)));


		if (s->server) {
			s->d1->cookie_len = sizeof(s->d1->cookie);
		}

		if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
			s->d1->mtu = mtu;
		}

		s->d1->unprocessed_rcds.q = unprocessed_rcds;
		s->d1->processed_rcds.q = processed_rcds;
		s->d1->buffered_messages = buffered_messages;
		s->d1->sent_messages = sent_messages;
		s->d1->buffered_app_data.q = buffered_app_data;
	}

	ssl3_clear(s);

	s->version = DTLS1_VERSION;
}








|



<
<
<
<
<
<
<
<
<
<
<
<
<
|

















|
>
>
>
>
>






|
|
|

|


|


|
|
|
|
|
|

|






|










|






|






|













|

















|
|
|

|

>
>
>
|

>






>








|
|
|

|
|



>
>
|
>


|



|


|
|
|

|







66
67
68
69
70
71
72
73
74
75
76













77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
#include <stdio.h>

#include <openssl/objects.h>

#include "pqueue.h"
#include "ssl_locl.h"

static int dtls1_listen(SSL *s, struct sockaddr *client);

SSL3_ENC_METHOD DTLSv1_enc_data = {
	.enc = dtls1_enc,













	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
};

long
dtls1_default_timeout(void)
{
	/* 2 hours, the 24 hours mentioned in the DTLSv1 spec
	 * is way too long for http, the cache would over fill */
	return (60*60*2);
}

int
dtls1_new(SSL *s)
{
	DTLS1_STATE *d1;

	if (!ssl3_new(s))
		return (0);
	if ((d1 = calloc(1, sizeof(*d1))) == NULL) {
		ssl3_free(s);
		return (0);
	}
	if ((d1->internal = calloc(1, sizeof(*d1->internal))) == NULL) {
		free(d1);
		ssl3_free(s);
		return (0);
	}

	/* d1->handshake_epoch=0; */

	d1->internal->unprocessed_rcds.q = pqueue_new();
	d1->internal->processed_rcds.q = pqueue_new();
	d1->internal->buffered_messages = pqueue_new();
	d1->sent_messages = pqueue_new();
	d1->internal->buffered_app_data.q = pqueue_new();

	if (s->server) {
		d1->internal->cookie_len = sizeof(D1I(s)->cookie);
	}

	if (!d1->internal->unprocessed_rcds.q || !d1->internal->processed_rcds.q ||
	    !d1->internal->buffered_messages || !d1->sent_messages ||
	    !d1->internal->buffered_app_data.q) {
		pqueue_free(d1->internal->unprocessed_rcds.q);
		pqueue_free(d1->internal->processed_rcds.q);
		pqueue_free(d1->internal->buffered_messages);
		pqueue_free(d1->sent_messages);
		pqueue_free(d1->internal->buffered_app_data.q);
		free(d1);
		ssl3_free(s);
		return (0);
	}

	s->d1 = d1;
	s->method->internal->ssl_clear(s);
	return (1);
}

static void
dtls1_clear_queues(SSL *s)
{
	pitem *item = NULL;
	hm_fragment *frag = NULL;
	DTLS1_RECORD_DATA *rdata;

	while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) {
		rdata = (DTLS1_RECORD_DATA *) item->data;
		free(rdata->rbuf.buf);
		free(item->data);
		pitem_free(item);
	}

	while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) {
		rdata = (DTLS1_RECORD_DATA *) item->data;
		free(rdata->rbuf.buf);
		free(item->data);
		pitem_free(item);
	}

	while ((item = pqueue_pop(D1I(s)->buffered_messages)) != NULL) {
		frag = (hm_fragment *)item->data;
		free(frag->fragment);
		free(frag);
		pitem_free(item);
	}

	while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
		frag = (hm_fragment *)item->data;
		free(frag->fragment);
		free(frag);
		pitem_free(item);
	}

	while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) {
		rdata = (DTLS1_RECORD_DATA *) item->data;
		free(rdata->rbuf.buf);
		free(item->data);
		pitem_free(item);
	}
}

void
dtls1_free(SSL *s)
{
	if (s == NULL)
		return;

	ssl3_free(s);

	dtls1_clear_queues(s);

	pqueue_free(D1I(s)->unprocessed_rcds.q);
	pqueue_free(D1I(s)->processed_rcds.q);
	pqueue_free(D1I(s)->buffered_messages);
	pqueue_free(s->d1->sent_messages);
	pqueue_free(D1I(s)->buffered_app_data.q);

	explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
	free(s->d1->internal);

	explicit_bzero(s->d1, sizeof(*s->d1));
	free(s->d1);

	s->d1 = NULL;
}

void
dtls1_clear(SSL *s)
{
	struct dtls1_state_internal_st *internal;
	pqueue unprocessed_rcds;
	pqueue processed_rcds;
	pqueue buffered_messages;
	pqueue sent_messages;
	pqueue buffered_app_data;
	unsigned int mtu;

	if (s->d1) {
		unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
		processed_rcds = D1I(s)->processed_rcds.q;
		buffered_messages = D1I(s)->buffered_messages;
		sent_messages = s->d1->sent_messages;
		buffered_app_data = D1I(s)->buffered_app_data.q;
		mtu = D1I(s)->mtu;

		dtls1_clear_queues(s);

		memset(s->d1->internal, 0, sizeof(*s->d1->internal));
		internal = s->d1->internal;
		memset(s->d1, 0, sizeof(*s->d1));
		s->d1->internal = internal;

		if (s->server) {
			D1I(s)->cookie_len = sizeof(D1I(s)->cookie);
		}

		if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
			D1I(s)->mtu = mtu;
		}

		D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
		D1I(s)->processed_rcds.q = processed_rcds;
		D1I(s)->buffered_messages = buffered_messages;
		s->d1->sent_messages = sent_messages;
		D1I(s)->buffered_app_data.q = buffered_app_data;
	}

	ssl3_clear(s);

	s->version = DTLS1_VERSION;
}

302
303
304
305
306
307
308
309
310
311
312
313
314
315
316

	/* Set timeout to current time */
	gettimeofday(&(s->d1->next_timeout), NULL);

	/* Add duration to current time */
	s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
	    &(s->d1->next_timeout));
}

struct timeval*
dtls1_get_timeout(SSL *s, struct timeval* timeleft)
{
	struct timeval timenow;








|







302
303
304
305
306
307
308
309
310
311
312
313
314
315
316

	/* Set timeout to current time */
	gettimeofday(&(s->d1->next_timeout), NULL);

	/* Add duration to current time */
	s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
	    &s->d1->next_timeout);
}

struct timeval*
dtls1_get_timeout(SSL *s, struct timeval* timeleft)
{
	struct timeval timenow;

379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
	dtls1_start_timer(s);
}

void
dtls1_stop_timer(SSL *s)
{
	/* Reset everything */
	memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
	s->d1->timeout_duration = 1;
	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
	    &(s->d1->next_timeout));
	/* Clear retransmission buffer */
	dtls1_clear_record_buffer(s);
}

int
dtls1_check_timeout_num(SSL *s)
{
	s->d1->timeout.num_alerts++;

	/* Reduce MTU after 2 unsuccessful retransmissions */
	if (s->d1->timeout.num_alerts > 2) {
		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
		    BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);

	}

	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
		/* fail the connection, enough alerts have been sent */
		SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
		return -1;
	}

	return 0;
}

int
dtls1_handle_timeout(SSL *s)
{
	/* if no timer is expired, don't do anything */
	if (!dtls1_is_timer_expired(s)) {
		return 0;
	}

	dtls1_double_timeout(s);

	if (dtls1_check_timeout_num(s) < 0)
		return -1;

	s->d1->timeout.read_timeouts++;
	if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
		s->d1->timeout.read_timeouts = 1;
	}

	dtls1_start_timer(s);
	return dtls1_retransmit_buffered_messages(s);
}

int
dtls1_listen(SSL *s, struct sockaddr *client)
{
	int ret;

	/* Ensure there is no state left over from a previous invocation */
	SSL_clear(s);

	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
	s->d1->listen = 1;

	ret = SSL_accept(s);
	if (ret <= 0)
		return ret;

	(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
	return 1;







|











|


|
|




|

|



















|
|
|















|







379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
	dtls1_start_timer(s);
}

void
dtls1_stop_timer(SSL *s)
{
	/* Reset everything */
	memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st));
	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
	s->d1->timeout_duration = 1;
	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
	    &(s->d1->next_timeout));
	/* Clear retransmission buffer */
	dtls1_clear_record_buffer(s);
}

int
dtls1_check_timeout_num(SSL *s)
{
	D1I(s)->timeout.num_alerts++;

	/* Reduce MTU after 2 unsuccessful retransmissions */
	if (D1I(s)->timeout.num_alerts > 2) {
		D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
		    BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);

	}

	if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
		/* fail the connection, enough alerts have been sent */
		SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED);
		return -1;
	}

	return 0;
}

int
dtls1_handle_timeout(SSL *s)
{
	/* if no timer is expired, don't do anything */
	if (!dtls1_is_timer_expired(s)) {
		return 0;
	}

	dtls1_double_timeout(s);

	if (dtls1_check_timeout_num(s) < 0)
		return -1;

	D1I(s)->timeout.read_timeouts++;
	if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
		D1I(s)->timeout.read_timeouts = 1;
	}

	dtls1_start_timer(s);
	return dtls1_retransmit_buffered_messages(s);
}

int
dtls1_listen(SSL *s, struct sockaddr *client)
{
	int ret;

	/* Ensure there is no state left over from a previous invocation */
	SSL_clear(s);

	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
	D1I(s)->listen = 1;

	ret = SSL_accept(s);
	if (ret <= 0)
		return ret;

	(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
	return 1;
Changes to jni/libressl/ssl/d1_meth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_meth.c,v 1.8 2014/12/14 15:30:50 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_meth.c,v 1.13 2017/01/23 13:36:13 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
61
62
63
64
65
66
67
68
69


70
71
72
73
74
75
76
77
78




79
80
81
82
83




84

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

#include <openssl/objects.h>

#include "ssl_locl.h"

static const SSL_METHOD *dtls1_get_method(int ver);

const SSL_METHOD DTLSv1_method_data = {
	.version = DTLS1_VERSION,


	.ssl_new = dtls1_new,
	.ssl_clear = dtls1_clear,
	.ssl_free = dtls1_free,
	.ssl_accept = dtls1_accept,
	.ssl_connect = dtls1_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = dtls1_shutdown,




	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = dtls1_get_message,
	.ssl_read_bytes = dtls1_read_bytes,
	.ssl_write_bytes = dtls1_write_app_data_bytes,




	.ssl_dispatch_alert = dtls1_dispatch_alert,

	.ssl_ctrl = dtls1_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = dtls1_get_cipher,
	.get_ssl_method = dtls1_get_method,
	.get_timeout = dtls1_default_timeout,
	.ssl3_enc = &DTLSv1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD *
DTLSv1_method(void)
{
	return &DTLSv1_method_data;
}







|

>
>









>
>
>
>





>
>
>
>

>
|
<


<
<
<
<
<
|
<
<
<







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

97
98





99



100
101
102
103
104
105
106

#include <openssl/objects.h>

#include "ssl_locl.h"

static const SSL_METHOD *dtls1_get_method(int ver);

static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
	.version = DTLS1_VERSION,
	.min_version = DTLS1_VERSION,
	.max_version = DTLS1_VERSION,
	.ssl_new = dtls1_new,
	.ssl_clear = dtls1_clear,
	.ssl_free = dtls1_free,
	.ssl_accept = dtls1_accept,
	.ssl_connect = dtls1_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = dtls1_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = dtls1_get_method,
	.get_timeout = dtls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = dtls1_get_message,
	.ssl_read_bytes = dtls1_read_bytes,
	.ssl_write_bytes = dtls1_write_app_data_bytes,
	.ssl3_enc = &DTLSv1_enc_data,
};

static const SSL_METHOD DTLSv1_method_data = {
	.ssl_dispatch_alert = dtls1_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = dtls1_get_cipher,

	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,





	.internal = &DTLSv1_method_internal_data,



};

const SSL_METHOD *
DTLSv1_method(void)
{
	return &DTLSv1_method_data;
}
Changes to jni/libressl/ssl/d1_pkt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_pkt.c,v 1.47 2015/09/10 17:57:50 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_pkt.c,v 1.62 2017/02/07 02:08:38 beck Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
121
122
123
124
125
126
127




128
129
130
131
132
133
134
#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>

#include "pqueue.h"
#include "bytestring.h"





/* mod 128 saturating subtract of two 64-bit values in big-endian order */
static int
satsub64be(const unsigned char *v1, const unsigned char *v2)
{
	int ret, sat, brw, i;








>
>
>
>







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>

#include "pqueue.h"
#include "bytestring.h"

static int	do_dtls1_write(SSL *s, int type, const unsigned char *buf,
		    unsigned int len);


/* mod 128 saturating subtract of two 64-bit values in big-endian order */
static int
satsub64be(const unsigned char *v1, const unsigned char *v2)
{
	int ret, sat, brw, i;

194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
{
	DTLS1_RECORD_DATA *rdata;

	rdata = (DTLS1_RECORD_DATA *)item->data;

	free(s->s3->rbuf.buf);

	s->packet = rdata->packet;
	s->packet_length = rdata->packet_length;
	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
	memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));

	/* Set proper sequence number for mac calculation */
	memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);

	return (1);
}


static int
dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
{
	DTLS1_RECORD_DATA *rdata;
	pitem *item;

	/* Limit the size of the queue to prevent DOS attacks */
	if (pqueue_size(queue->q) >= 100)
		return 0;

	rdata = malloc(sizeof(DTLS1_RECORD_DATA));
	item = pitem_new(priority, rdata);
	if (rdata == NULL || item == NULL)
		goto init_err;

	rdata->packet = s->packet;
	rdata->packet_length = s->packet_length;
	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
	memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));

	item->data = rdata;


	s->packet = NULL;
	s->packet_length = 0;
	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
	memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));

	if (!ssl3_setup_buffers(s))
		goto err;

	/* insert should not fail, since duplicates are dropped */
	if (pqueue_insert(queue->q, item) == NULL)
		goto err;

	return (1);

err:
	free(rdata->rbuf.buf);

init_err:
	SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
	free(rdata);
	pitem_free(item);
	return (-1);
}


static int







|
|

|


|




















|
|

|




|
|

|














|







198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
{
	DTLS1_RECORD_DATA *rdata;

	rdata = (DTLS1_RECORD_DATA *)item->data;

	free(s->s3->rbuf.buf);

	s->internal->packet = rdata->packet;
	s->internal->packet_length = rdata->packet_length;
	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));

	/* Set proper sequence number for mac calculation */
	memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);

	return (1);
}


static int
dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
{
	DTLS1_RECORD_DATA *rdata;
	pitem *item;

	/* Limit the size of the queue to prevent DOS attacks */
	if (pqueue_size(queue->q) >= 100)
		return 0;

	rdata = malloc(sizeof(DTLS1_RECORD_DATA));
	item = pitem_new(priority, rdata);
	if (rdata == NULL || item == NULL)
		goto init_err;

	rdata->packet = s->internal->packet;
	rdata->packet_length = s->internal->packet_length;
	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
	memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));

	item->data = rdata;


	s->internal->packet = NULL;
	s->internal->packet_length = 0;
	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
	memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));

	if (!ssl3_setup_buffers(s))
		goto err;

	/* insert should not fail, since duplicates are dropped */
	if (pqueue_insert(queue->q, item) == NULL)
		goto err;

	return (1);

err:
	free(rdata->rbuf.buf);

init_err:
	SSLerror(s, ERR_R_INTERNAL_ERROR);
	free(rdata);
	pitem_free(item);
	return (-1);
}


static int
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
}


/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
 * yet */
#define dtls1_get_unprocessed_record(s) \
                   dtls1_retrieve_buffered_record((s), \
                   &((s)->d1->unprocessed_rcds))

/* retrieve a buffered record that belongs to the current epoch, ie, processed */
#define dtls1_get_processed_record(s) \
                   dtls1_retrieve_buffered_record((s), \
                   &((s)->d1->processed_rcds))

static int
dtls1_process_buffered_records(SSL *s)
{
	pitem *item;

	item = pqueue_peek(s->d1->unprocessed_rcds.q);
	if (item) {
		/* Check if epoch is current. */
		if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
			return (1);
		/* Nothing to do. */

		/* Process all the records. */
		while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
			dtls1_get_unprocessed_record(s);
			if (! dtls1_process_record(s))
				return (0);
			if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
			    s->s3->rrec.seq_num) < 0)
				return (-1);
		}
	}

    /* sync epoch numbers once all the unprocessed records
     * have been processed */
	s->d1->processed_rcds.epoch = s->d1->r_epoch;
	s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;

	return (1);
}

static int
dtls1_process_record(SSL *s)
{
	int i, al;
	int enc_err;
	SSL_SESSION *sess;
	SSL3_RECORD *rr;
	unsigned int mac_size, orig_len;
	unsigned char md[EVP_MAX_MD_SIZE];

	rr = &(s->s3->rrec);
	sess = s->session;

	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
	 * and we have that many bytes in s->packet
	 */
	rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);

	/* ok, we can now read from 's->packet' data into 'rr'
	 * rr->input points at rr->length bytes, which
	 * need to be copied into rr->data by either
	 * the decryption or by the decompression
	 * When the data is 'copied' into the rr->data buffer,
	 * rr->input will be pointed at the new buffer */

	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
	 * rr->length bytes of encrypted compressed stuff. */

	/* check is not needed I believe */
	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
		goto f_err;
	}

	/* decrypt in place in 'rr->input' */
	rr->data = rr->input;

	enc_err = s->method->ssl3_enc->enc(s, 0);
	/* enc_err is:
	 *    0: (in non-constant time) if the record is publically invalid.
	 *    1: if the padding is valid
	 *    -1: if the padding is invalid */
	if (enc_err == 0) {
		/* For DTLS we simply ignore bad packets. */
		rr->length = 0;
		s->packet_length = 0;
		goto err;
	}


	/* r->length is now the compressed data plus mac */
	if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
	    (EVP_MD_CTX_md(s->read_hash) != NULL)) {







|




|






|


|




|



|
|






|
|














|


|
|

|

|












|






|







|







281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
}


/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
 * yet */
#define dtls1_get_unprocessed_record(s) \
                   dtls1_retrieve_buffered_record((s), \
		       &((D1I(s))->unprocessed_rcds))

/* retrieve a buffered record that belongs to the current epoch, ie, processed */
#define dtls1_get_processed_record(s) \
                   dtls1_retrieve_buffered_record((s), \
		       &((D1I(s))->processed_rcds))

static int
dtls1_process_buffered_records(SSL *s)
{
	pitem *item;

	item = pqueue_peek(D1I(s)->unprocessed_rcds.q);
	if (item) {
		/* Check if epoch is current. */
		if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
			return (1);
		/* Nothing to do. */

		/* Process all the records. */
		while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
			dtls1_get_unprocessed_record(s);
			if (! dtls1_process_record(s))
				return (0);
			if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
			    S3I(s)->rrec.seq_num) < 0)
				return (-1);
		}
	}

    /* sync epoch numbers once all the unprocessed records
     * have been processed */
	D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
	D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;

	return (1);
}

static int
dtls1_process_record(SSL *s)
{
	int i, al;
	int enc_err;
	SSL_SESSION *sess;
	SSL3_RECORD *rr;
	unsigned int mac_size, orig_len;
	unsigned char md[EVP_MAX_MD_SIZE];

	rr = &(S3I(s)->rrec);
	sess = s->session;

	/* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
	 * and we have that many bytes in s->internal->packet
	 */
	rr->input = &(s->internal->packet[DTLS1_RT_HEADER_LENGTH]);

	/* ok, we can now read from 's->internal->packet' data into 'rr'
	 * rr->input points at rr->length bytes, which
	 * need to be copied into rr->data by either
	 * the decryption or by the decompression
	 * When the data is 'copied' into the rr->data buffer,
	 * rr->input will be pointed at the new buffer */

	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
	 * rr->length bytes of encrypted compressed stuff. */

	/* check is not needed I believe */
	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
		goto f_err;
	}

	/* decrypt in place in 'rr->input' */
	rr->data = rr->input;

	enc_err = s->method->internal->ssl3_enc->enc(s, 0);
	/* enc_err is:
	 *    0: (in non-constant time) if the record is publically invalid.
	 *    1: if the padding is valid
	 *    -1: if the padding is invalid */
	if (enc_err == 0) {
		/* For DTLS we simply ignore bad packets. */
		rr->length = 0;
		s->internal->packet_length = 0;
		goto err;
	}


	/* r->length is now the compressed data plus mac */
	if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
	    (EVP_MD_CTX_md(s->read_hash) != NULL)) {
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472

473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
		 * amount of time if it's too short to possibly contain a MAC.
		 */
		if (orig_len < mac_size ||
			/* CBC records must have a padding length byte too. */
		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
		    orig_len < mac_size + 1)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
			goto f_err;
		}

		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
			/* We update the length so that the TLS header bytes
			 * can be constructed correctly but we need to extract
			 * the MAC in constant time from within the record,
			 * without leaking the contents of the padding bytes.
			 * */
			mac = mac_tmp;
			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
			rr->length -= mac_size;
		} else {
			/* In this case there's no padding, so |orig_len|
			 * equals |rec->length| and we checked that there's
			 * enough bytes for |mac_size| above. */
			rr->length -= mac_size;
			mac = &rr->data[rr->length];
		}

		i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
		if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
			enc_err = -1;
		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
			enc_err = -1;
	}

	if (enc_err < 0) {
		/* decryption failed, silently discard message */
		rr->length = 0;
		s->packet_length = 0;
		goto err;
	}

	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
		goto f_err;
	}

	rr->off = 0;
	/* So at this point the following is true
	 * ssl->s3->rrec.type 	is the type of record
	 * ssl->s3->rrec.length	== number of bytes in record
	 * ssl->s3->rrec.off	== offset to first valid byte
	 * ssl->s3->rrec.data	== where to take bytes from, increment
	 *			   after use :-).
	 */

	/* we have pulled in a full packet so zero things */
	s->packet_length = 0;
	return (1);

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (0);
}


/* Call this to get a new input record.
 * It will return <= 0 if more data is needed, normally due to an error
 * or non-blocking IO.
 * When it finishes, one packet has been decoded and can be found in
 * ssl->s3->rrec.type    - is the type of record
 * ssl->s3->rrec.data, 	 - data
 * ssl->s3->rrec.length, - number of bytes
 */
/* used only by dtls1_read_bytes */
int
dtls1_get_record(SSL *s)
{
	int i, n;
	SSL3_RECORD *rr;
	unsigned char *p = NULL;
	DTLS1_BITMAP *bitmap;
	unsigned int is_next_epoch;


	rr = &(s->s3->rrec);

	/* The epoch may have changed.  If so, process all the
	 * pending records.  This is a non-blocking operation. */
	if (dtls1_process_buffered_records(s) < 0)
		return (-1);

	/* if we're renegotiating, then there may be buffered records */
	if (dtls1_get_processed_record(s))
		return 1;

	/* get something from the wire */
	if (0) {
again:
		/* dump this record on all retries */
		rr->length = 0;
		s->packet_length = 0;
	}

	/* check if we have the header */
	if ((s->rstate != SSL_ST_READ_BODY) ||
	    (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
		CBS header, seq_no;
		uint16_t epoch, len, ssl_version;
		uint8_t type;

		n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
		/* read timeout is handled by dtls1_read_bytes */
		if (n <= 0)
			return(n); /* error or non-blocking */

		/* this packet contained a partial record, dump it */
		if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
			goto again;

		s->rstate = SSL_ST_READ_BODY;

		CBS_init(&header, s->packet, s->packet_length);

		/* Pull apart the header into the DTLS1_RECORD */
		if (!CBS_get_u8(&header, &type))
			goto again;
		if (!CBS_get_u16(&header, &ssl_version))
			goto again;

		/* sequence number is 64 bits, with top 2 bytes = epoch */
		if (!CBS_get_u16(&header, &epoch) ||
		    !CBS_get_bytes(&header, &seq_no, 6))
			goto again;

		if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]),
		    sizeof(s->s3->read_sequence) - 2, NULL))
			goto again;
		if (!CBS_get_u16(&header, &len))
			goto again;

		rr->type = type;
		rr->epoch = epoch;
		rr->length = len;

		/* unexpected version, silently discard */
		if (!s->first_packet && ssl_version != s->version)
			goto again;

		/* wrong version, silently discard record */
		if ((ssl_version & 0xff00) != (s->version & 0xff00))
			goto again;

		/* record too long, silently discard it */
		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
			goto again;

		/* now s->rstate == SSL_ST_READ_BODY */
		p = (unsigned char *)CBS_data(&header);
	}

	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */

	if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
		/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
		i = rr->length;
		n = ssl3_read_n(s, i, i, 1);
		if (n <= 0)
			return(n); /* error or non-blocking io */

		/* this packet contained a partial record, dump it */
		if (n != i)
			goto again;

		/* now n == rr->length,
		 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
	}
	s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */

	/* match epochs.  NULL means the packet is dropped on the floor */
	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
	if (bitmap == NULL)
		goto again;

	/*
	 * Check whether this is a repeat, or aged record.
	 * Don't check if we're listening and this message is
	 * a ClientHello. They can look as if they're replayed,
	 * since they arrive from different connections and
	 * would be dropped unnecessarily.
	 */
	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
	    p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
	    !dtls1_record_replay_check(s, bitmap))
		goto again;

	/* just read a 0 length packet */
	if (rr->length == 0)
		goto again;

	/* If this record is from the next epoch (either HM or ALERT),
	 * and a handshake is currently in progress, buffer it since it
	 * cannot be processed at this time. However, do not buffer
	 * anything while listening.
	 */
	if (is_next_epoch) {
		if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
			if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
			    rr->seq_num) < 0)
				return (-1);
			/* Mark receipt of record. */
			dtls1_record_bitmap_update(s, bitmap);
		}
		goto again;
	}







|




















|









|





|





|
|
|
|




|













|
|
|





<




>

|















|



|
|




|
<

|

|
|


|

|












|
|









|










|



|

<
|
<
<
|
|

|
|
|

<
<
<
|













|














|
|







392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471

472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504

505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554

555


556
557
558
559
560
561
562



563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
		 * amount of time if it's too short to possibly contain a MAC.
		 */
		if (orig_len < mac_size ||
			/* CBC records must have a padding length byte too. */
		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
		    orig_len < mac_size + 1)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
			goto f_err;
		}

		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
			/* We update the length so that the TLS header bytes
			 * can be constructed correctly but we need to extract
			 * the MAC in constant time from within the record,
			 * without leaking the contents of the padding bytes.
			 * */
			mac = mac_tmp;
			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
			rr->length -= mac_size;
		} else {
			/* In this case there's no padding, so |orig_len|
			 * equals |rec->length| and we checked that there's
			 * enough bytes for |mac_size| above. */
			rr->length -= mac_size;
			mac = &rr->data[rr->length];
		}

		i = tls1_mac(s, md, 0 /* not send */);
		if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
			enc_err = -1;
		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
			enc_err = -1;
	}

	if (enc_err < 0) {
		/* decryption failed, silently discard message */
		rr->length = 0;
		s->internal->packet_length = 0;
		goto err;
	}

	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
		goto f_err;
	}

	rr->off = 0;
	/* So at this point the following is true
	 * ssl->s3->internal->rrec.type 	is the type of record
	 * ssl->s3->internal->rrec.length	== number of bytes in record
	 * ssl->s3->internal->rrec.off	== offset to first valid byte
	 * ssl->s3->internal->rrec.data	== where to take bytes from, increment
	 *			   after use :-).
	 */

	/* we have pulled in a full packet so zero things */
	s->internal->packet_length = 0;
	return (1);

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (0);
}


/* Call this to get a new input record.
 * It will return <= 0 if more data is needed, normally due to an error
 * or non-blocking IO.
 * When it finishes, one packet has been decoded and can be found in
 * ssl->s3->internal->rrec.type    - is the type of record
 * ssl->s3->internal->rrec.data, 	 - data
 * ssl->s3->internal->rrec.length, - number of bytes
 */
/* used only by dtls1_read_bytes */
int
dtls1_get_record(SSL *s)
{

	SSL3_RECORD *rr;
	unsigned char *p = NULL;
	DTLS1_BITMAP *bitmap;
	unsigned int is_next_epoch;
	int n;

	rr = &(S3I(s)->rrec);

	/* The epoch may have changed.  If so, process all the
	 * pending records.  This is a non-blocking operation. */
	if (dtls1_process_buffered_records(s) < 0)
		return (-1);

	/* if we're renegotiating, then there may be buffered records */
	if (dtls1_get_processed_record(s))
		return 1;

	/* get something from the wire */
	if (0) {
again:
		/* dump this record on all retries */
		rr->length = 0;
		s->internal->packet_length = 0;
	}

	/* check if we have the header */
	if ((s->internal->rstate != SSL_ST_READ_BODY) ||
	    (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) {
		CBS header, seq_no;
		uint16_t epoch, len, ssl_version;
		uint8_t type;

		n = ssl3_packet_read(s, DTLS1_RT_HEADER_LENGTH);

		if (n <= 0)
			return (n);

		/* If this packet contained a partial record, dump it. */
		if (n != DTLS1_RT_HEADER_LENGTH)
			goto again;

		s->internal->rstate = SSL_ST_READ_BODY;

		CBS_init(&header, s->internal->packet, s->internal->packet_length);

		/* Pull apart the header into the DTLS1_RECORD */
		if (!CBS_get_u8(&header, &type))
			goto again;
		if (!CBS_get_u16(&header, &ssl_version))
			goto again;

		/* sequence number is 64 bits, with top 2 bytes = epoch */
		if (!CBS_get_u16(&header, &epoch) ||
		    !CBS_get_bytes(&header, &seq_no, 6))
			goto again;

		if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
		    sizeof(S3I(s)->read_sequence) - 2, NULL))
			goto again;
		if (!CBS_get_u16(&header, &len))
			goto again;

		rr->type = type;
		rr->epoch = epoch;
		rr->length = len;

		/* unexpected version, silently discard */
		if (!s->internal->first_packet && ssl_version != s->version)
			goto again;

		/* wrong version, silently discard record */
		if ((ssl_version & 0xff00) != (s->version & 0xff00))
			goto again;

		/* record too long, silently discard it */
		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
			goto again;

		/* now s->internal->rstate == SSL_ST_READ_BODY */
		p = (unsigned char *)CBS_data(&header);
	}

	/* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */


	n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);


	if (n <= 0)
		return (n);

	/* If this packet contained a partial record, dump it. */
	if (n != DTLS1_RT_HEADER_LENGTH + rr->length)
		goto again;




	s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */

	/* match epochs.  NULL means the packet is dropped on the floor */
	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
	if (bitmap == NULL)
		goto again;

	/*
	 * Check whether this is a repeat, or aged record.
	 * Don't check if we're listening and this message is
	 * a ClientHello. They can look as if they're replayed,
	 * since they arrive from different connections and
	 * would be dropped unnecessarily.
	 */
	if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
	    p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
	    !dtls1_record_replay_check(s, bitmap))
		goto again;

	/* just read a 0 length packet */
	if (rr->length == 0)
		goto again;

	/* If this record is from the next epoch (either HM or ALERT),
	 * and a handshake is currently in progress, buffer it since it
	 * cannot be processed at this time. However, do not buffer
	 * anything while listening.
	 */
	if (is_next_epoch) {
		if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) {
			if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds),
			    rr->seq_num) < 0)
				return (-1);
			/* Mark receipt of record. */
			dtls1_record_bitmap_update(s, bitmap);
		}
		goto again;
	}
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
		if (!ssl3_setup_buffers(s))
			return (-1);

	if ((type &&
	     type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
	    (peek && (type != SSL3_RT_APPLICATION_DATA))) {
		SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	/* check whether there's a handshake message (client hello?) waiting */
	if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
		return ret;

	/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */

	if (!s->in_handshake && SSL_in_init(s))
	{
		/* type == SSL3_RT_APPLICATION_DATA */
		i = s->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
	}

start:
	s->rwstate = SSL_NOTHING;

	/* s->s3->rrec.type	    - is the type of record
	 * s->s3->rrec.data,    - data
	 * s->s3->rrec.off,     - offset into 'data' for next read
	 * s->s3->rrec.length,  - number of bytes. */
	rr = &(s->s3->rrec);

	/* We are not handshaking and have no data yet,
	 * so process data buffered during the last handshake
	 * in advance, if any.
	 */
	if (s->state == SSL_ST_OK && rr->length == 0) {
		pitem *item;
		item = pqueue_pop(s->d1->buffered_app_data.q);
		if (item) {

			dtls1_copy_record(s, item);

			free(item->data);
			pitem_free(item);
		}
	}

	/* Check for timeout */
	if (dtls1_handle_timeout(s) > 0)
		goto start;

	/* get new packet if necessary */
	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
		ret = dtls1_get_record(s);
		if (ret <= 0) {
			ret = dtls1_read_failed(s, ret);
			/* anything other than a timeout is an error */
			if (ret <= 0)
				return (ret);
			else
				goto start;
		}
	}

	if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
		rr->length = 0;
		goto start;
	}

	/* we now have a packet which can be read and processed */

	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
	                               * reset by ssl3_get_finished */
	    && (rr->type != SSL3_RT_HANDSHAKE)) {
		/* We now have application data between CCS and Finished.
		 * Most likely the packets were reordered on their way, so
		 * buffer the application data for later processing rather
		 * than dropping the connection.
		 */
		if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
		    rr->seq_num) < 0) {
			SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
			return (-1);
		}
		rr->length = 0;
		goto start;
	}

	/* If the other end has shut down, throw anything we read away
	 * (even in 'peek' mode) */
	if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
		rr->length = 0;
		s->rwstate = SSL_NOTHING;
		return (0);
	}


	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
	{
		/* make sure that we are not getting application data when we
		 * are doing a handshake for the first time */
		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
			(s->enc_read_ctx == NULL)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
			goto f_err;
		}

		if (len <= 0)
			return (len);

		if ((unsigned int)len > rr->length)
			n = rr->length;
		else
			n = (unsigned int)len;

		memcpy(buf, &(rr->data[rr->off]), n);
		if (!peek) {
			rr->length -= n;
			rr->off += n;
			if (rr->length == 0) {
				s->rstate = SSL_ST_READ_HEADER;
				rr->off = 0;
			}
		}

		return (n);
	}


	/* If we get here, then type != rr->type; if we have a handshake
	 * message, then it was unexpected (Hello Request or Client Hello). */

	/* In case of record types for which we have 'fragment' storage,
	 * fill that so that we can process the data at a fixed place.
	 */
	{
		unsigned int k, dest_maxlen = 0;
		unsigned char *dest = NULL;
		unsigned int *dest_len = NULL;

		if (rr->type == SSL3_RT_HANDSHAKE) {
			dest_maxlen = sizeof s->d1->handshake_fragment;
			dest = s->d1->handshake_fragment;
			dest_len = &s->d1->handshake_fragment_len;
		} else if (rr->type == SSL3_RT_ALERT) {
			dest_maxlen = sizeof(s->d1->alert_fragment);
			dest = s->d1->alert_fragment;
			dest_len = &s->d1->alert_fragment_len;
		}
		/* else it's a CCS message, or application data or wrong */
		else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
			/* Application data while renegotiating
			 * is allowed. Try again reading.
			 */
			if (rr->type == SSL3_RT_APPLICATION_DATA) {
				BIO *bio;
				s->s3->in_read_app_data = 2;
				bio = SSL_get_rbio(s);
				s->rwstate = SSL_READING;
				BIO_clear_retry_flags(bio);
				BIO_set_retry_read(bio);
				return (-1);
			}

			/* Not certain if this is the right error handling */
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
			goto f_err;
		}

		if (dest_maxlen > 0) {
            /* XDTLS:  In a pathalogical case, the Client Hello
             *  may be fragmented--don't always expect dest_maxlen bytes */
			if (rr->length < dest_maxlen) {
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
				/*
				 * for normal alerts rr->length is 2, while
				 * dest_maxlen is 7 if we were to handle this
				 * non-existing alert...
				 */
				FIX ME
#endif
				s->rstate = SSL_ST_READ_HEADER;
				rr->length = 0;
				goto start;
			}

			/* now move 'n' bytes: */
			for ( k = 0; k < dest_maxlen; k++) {
				dest[k] = rr->data[rr->off++];
				rr->length--;
			}
			*dest_len = dest_maxlen;
		}
	}

	/* s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
	 * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */

	/* If we are a client, check for an incoming 'Hello Request': */
	if ((!s->server) &&
	    (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
	    (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
	    (s->session != NULL) && (s->session->cipher != NULL)) {
		s->d1->handshake_fragment_len = 0;

		if ((s->d1->handshake_fragment[1] != 0) ||
		    (s->d1->handshake_fragment[2] != 0) ||
		    (s->d1->handshake_fragment[3] != 0)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
			goto err;
		}

		/* no need to check sequence number on HELLO REQUEST messages */

		if (s->msg_callback)
			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
		s->d1->handshake_fragment, 4, s, s->msg_callback_arg);

		if (SSL_is_init_finished(s) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
		    !s->s3->renegotiate) {
			s->d1->handshake_read_seq++;
			s->new_session = 1;
			ssl3_renegotiate(s);
			if (ssl3_renegotiate_check(s)) {
				i = s->handshake_func(s);
				if (i < 0)
					return (i);
				if (i == 0) {
					SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
					return (-1);
				}

				if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
					{
						BIO *bio;
						/* In the case where we try to read application data,
						 * but we trigger an SSL handshake, we return -1 with
						 * the retry option set.  Otherwise renegotiation may
						 * cause nasty problems in the blocking world */
						s->rwstate = SSL_READING;
						bio = SSL_get_rbio(s);
						BIO_clear_retry_flags(bio);
						BIO_set_retry_read(bio);
						return (-1);
					}
				}
			}
		}
		/* we either finished a handshake or ignored the request,
		 * now try again to obtain the (application) data we were asked for */
		goto start;
	}

	if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
		int alert_level = s->d1->alert_fragment[0];
		int alert_descr = s->d1->alert_fragment[1];

		s->d1->alert_fragment_len = 0;

		if (s->msg_callback)
			s->msg_callback(0, s->version, SSL3_RT_ALERT,
		s->d1->alert_fragment, 2, s, s->msg_callback_arg);

		if (s->info_callback != NULL)
			cb = s->info_callback;
		else if (s->ctx->info_callback != NULL)
			cb = s->ctx->info_callback;

		if (cb != NULL) {
			j = (alert_level << 8) | alert_descr;
			cb(s, SSL_CB_READ_ALERT, j);
		}

		if (alert_level == 1) /* warning */
		{
			s->s3->warn_alert = alert_descr;
			if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
				return (0);
			}
		} else if (alert_level == 2) /* fatal */
		{
			s->rwstate = SSL_NOTHING;
			s->s3->fatal_alert = alert_descr;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
			ERR_asprintf_error_data("SSL alert number %d",
			    alert_descr);
			s->shutdown|=SSL_RECEIVED_SHUTDOWN;
			SSL_CTX_remove_session(s->ctx, s->session);
			return (0);
		} else {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
			goto f_err;
		}

		goto start;
	}

	if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
	{
		s->rwstate = SSL_NOTHING;
		rr->length = 0;
		return (0);
	}

	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
		struct ccs_header_st ccs_hdr;
		unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

		dtls1_get_ccs_header(rr->data, &ccs_hdr);

		/* 'Change Cipher Spec' is just a single byte, so we know
		 * exactly what the record payload has to look like */
		/* XDTLS: check that epoch is consistent */
		if ((rr->length != ccs_hdr_len) ||
		    (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
			i = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
			goto err;
		}

		rr->length = 0;

		if (s->msg_callback)
			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
		rr->data, 1, s, s->msg_callback_arg);

		/* We can't process a CCS now, because previous handshake
		 * messages are still missing, so just drop it.
		 */
		if (!s->d1->change_cipher_spec_ok) {
			goto start;
		}

		s->d1->change_cipher_spec_ok = 0;

		s->s3->change_cipher_spec = 1;
		if (!ssl3_do_change_cipher_spec(s))
			goto err;

		/* do this whenever CCS is processed */
		dtls1_reset_seq_numbers(s, SSL3_CC_READ);

		goto start;
	}

	/* Unexpected handshake message (Client Hello, or protocol violation) */
	if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
	    !s->in_handshake) {
		struct hm_header_st msg_hdr;

		/* this may just be a stale retransmit */
		if (!dtls1_get_message_header(rr->data, &msg_hdr))
			return -1;
		if (rr->epoch != s->d1->r_epoch) {
			rr->length = 0;
			goto start;
		}

		/* If we are server, we may have a repeated FINISHED of the
		 * client here, then retransmit our CCS and FINISHED.
		 */
		if (msg_hdr.type == SSL3_MT_FINISHED) {
			if (dtls1_check_timeout_num(s) < 0)
				return -1;

			dtls1_retransmit_buffered_messages(s);
			rr->length = 0;
			goto start;
		}

		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
			s->renegotiate = 1;
			s->new_session = 1;
		}
		i = s->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}

		if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
			if (s->s3->rbuf.left == 0) /* no read-ahead left? */
			{
				BIO *bio;
				/* In the case where we try to read application data,
				 * but we trigger an SSL handshake, we return -1 with
				 * the retry option set.  Otherwise renegotiation may
				 * cause nasty problems in the blocking world */
				s->rwstate = SSL_READING;
				bio = SSL_get_rbio(s);
				BIO_clear_retry_flags(bio);
				BIO_set_retry_read(bio);
				return (-1);
			}
		}
		goto start;
	}

	switch (rr->type) {
	default:
		/* TLS just ignores unknown message types */
		if (s->version == TLS1_VERSION) {
			rr->length = 0;
			goto start;
		}
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
		goto f_err;
	case SSL3_RT_CHANGE_CIPHER_SPEC:
	case SSL3_RT_ALERT:
	case SSL3_RT_HANDSHAKE:
		/* we already handled all of these, with the possible exception
		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
		 * should not happen when type != rr->type */
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
		goto f_err;
	case SSL3_RT_APPLICATION_DATA:
		/* At this point, we were expecting handshake data,
		 * but have application data.  If the library was
		 * running inside ssl3_read() (i.e. in_read_app_data
		 * is set) and it makes sense to read application data
		 * at this point (session renegotiation not yet started),
		 * we will indulge it.
		 */
		if (s->s3->in_read_app_data &&
		    (s->s3->total_renegotiations != 0) &&
		    (((s->state & SSL_ST_CONNECT) &&
		    (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
		    (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
		    (s->state & SSL_ST_ACCEPT) &&
		    (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
		    (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
			s->s3->in_read_app_data = 2;
			return (-1);
		} else {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
			goto f_err;
		}
	}
	/* not reached */

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
{
	int i;

	if (SSL_in_init(s) && !s->in_handshake)
	{
		i = s->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
			return -1;
		}
	}

	if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
		SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
		return -1;
	}

	i = dtls1_write_bytes(s, type, buf_, len);
	return i;
}


	/* this only happens when a client hello is received and a handshake
	 * is started. */
static int
have_handshake_fragment(SSL *s, int type, unsigned char *buf,
    int len, int peek)
{

	if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
		/* (partially) satisfy request from storage */
	{
		unsigned char *src = s->d1->handshake_fragment;
		unsigned char *dst = buf;
		unsigned int k, n;

		/* peek == 0 */
		n = 0;
		while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
			*dst++ = *src++;
			len--;
			s->d1->handshake_fragment_len--;
			n++;
		}
		/* move any remaining fragment bytes: */
		for (k = 0; k < s->d1->handshake_fragment_len; k++)
			s->d1->handshake_fragment[k] = *src++;
		return n;
	}

	return 0;
}


/* Call this to write data in records of type 'type'
 * It will return <= 0 if not all data has been sent or non-blocking IO.
 */
int
dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
{
	int i;

	OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
	s->rwstate = SSL_NOTHING;
	i = do_dtls1_write(s, type, buf, len);
	return i;
}

int
do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{







|







|

|


|



|





|

|
|
|
|
|





|

|














|











|






|







|

|








|

|











|
















|




















|
|
|

|
|
|








|

|







|















|













|
|




|
|

|

|
|
|

|





|
|
|



|
|
|


|



|



|







|













|
|
|

|

|
|
|

|
|
|
|








|

|




|
|
|


|




|






|

|
















|





|
|
|




|



|

|










|
|





|
















|

|
|
|

|



|



|







|

















|





|


|









|
|
|
|
|
|
|
|
|



|
















|

|



|





|















|


|





|


|



|
|
















|







646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
		if (!ssl3_setup_buffers(s))
			return (-1);

	if ((type &&
	     type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
	    (peek && (type != SSL3_RT_APPLICATION_DATA))) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	/* check whether there's a handshake message (client hello?) waiting */
	if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
		return ret;

	/* Now D1I(s)->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */

	if (!s->internal->in_handshake && SSL_in_init(s))
	{
		/* type == SSL3_RT_APPLICATION_DATA */
		i = s->internal->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
	}

start:
	s->internal->rwstate = SSL_NOTHING;

	/* S3I(s)->rrec.type	    - is the type of record
	 * S3I(s)->rrec.data,    - data
	 * S3I(s)->rrec.off,     - offset into 'data' for next read
	 * S3I(s)->rrec.length,  - number of bytes. */
	rr = &(S3I(s)->rrec);

	/* We are not handshaking and have no data yet,
	 * so process data buffered during the last handshake
	 * in advance, if any.
	 */
	if (s->internal->state == SSL_ST_OK && rr->length == 0) {
		pitem *item;
		item = pqueue_pop(D1I(s)->buffered_app_data.q);
		if (item) {

			dtls1_copy_record(s, item);

			free(item->data);
			pitem_free(item);
		}
	}

	/* Check for timeout */
	if (dtls1_handle_timeout(s) > 0)
		goto start;

	/* get new packet if necessary */
	if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
		ret = dtls1_get_record(s);
		if (ret <= 0) {
			ret = dtls1_read_failed(s, ret);
			/* anything other than a timeout is an error */
			if (ret <= 0)
				return (ret);
			else
				goto start;
		}
	}

	if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) {
		rr->length = 0;
		goto start;
	}

	/* we now have a packet which can be read and processed */

	if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
	                               * reset by ssl3_get_finished */
	    && (rr->type != SSL3_RT_HANDSHAKE)) {
		/* We now have application data between CCS and Finished.
		 * Most likely the packets were reordered on their way, so
		 * buffer the application data for later processing rather
		 * than dropping the connection.
		 */
		if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
		    rr->seq_num) < 0) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return (-1);
		}
		rr->length = 0;
		goto start;
	}

	/* If the other end has shut down, throw anything we read away
	 * (even in 'peek' mode) */
	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
		rr->length = 0;
		s->internal->rwstate = SSL_NOTHING;
		return (0);
	}


	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
	{
		/* make sure that we are not getting application data when we
		 * are doing a handshake for the first time */
		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
			(s->enc_read_ctx == NULL)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
			goto f_err;
		}

		if (len <= 0)
			return (len);

		if ((unsigned int)len > rr->length)
			n = rr->length;
		else
			n = (unsigned int)len;

		memcpy(buf, &(rr->data[rr->off]), n);
		if (!peek) {
			rr->length -= n;
			rr->off += n;
			if (rr->length == 0) {
				s->internal->rstate = SSL_ST_READ_HEADER;
				rr->off = 0;
			}
		}

		return (n);
	}


	/* If we get here, then type != rr->type; if we have a handshake
	 * message, then it was unexpected (Hello Request or Client Hello). */

	/* In case of record types for which we have 'fragment' storage,
	 * fill that so that we can process the data at a fixed place.
	 */
	{
		unsigned int k, dest_maxlen = 0;
		unsigned char *dest = NULL;
		unsigned int *dest_len = NULL;

		if (rr->type == SSL3_RT_HANDSHAKE) {
			dest_maxlen = sizeof D1I(s)->handshake_fragment;
			dest = D1I(s)->handshake_fragment;
			dest_len = &D1I(s)->handshake_fragment_len;
		} else if (rr->type == SSL3_RT_ALERT) {
			dest_maxlen = sizeof(D1I(s)->alert_fragment);
			dest = D1I(s)->alert_fragment;
			dest_len = &D1I(s)->alert_fragment_len;
		}
		/* else it's a CCS message, or application data or wrong */
		else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
			/* Application data while renegotiating
			 * is allowed. Try again reading.
			 */
			if (rr->type == SSL3_RT_APPLICATION_DATA) {
				BIO *bio;
				S3I(s)->in_read_app_data = 2;
				bio = SSL_get_rbio(s);
				s->internal->rwstate = SSL_READING;
				BIO_clear_retry_flags(bio);
				BIO_set_retry_read(bio);
				return (-1);
			}

			/* Not certain if this is the right error handling */
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_UNEXPECTED_RECORD);
			goto f_err;
		}

		if (dest_maxlen > 0) {
            /* XDTLS:  In a pathalogical case, the Client Hello
             *  may be fragmented--don't always expect dest_maxlen bytes */
			if (rr->length < dest_maxlen) {
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
				/*
				 * for normal alerts rr->length is 2, while
				 * dest_maxlen is 7 if we were to handle this
				 * non-existing alert...
				 */
				FIX ME
#endif
				s->internal->rstate = SSL_ST_READ_HEADER;
				rr->length = 0;
				goto start;
			}

			/* now move 'n' bytes: */
			for ( k = 0; k < dest_maxlen; k++) {
				dest[k] = rr->data[rr->off++];
				rr->length--;
			}
			*dest_len = dest_maxlen;
		}
	}

	/* D1I(s)->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
	 * D1I(s)->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */

	/* If we are a client, check for an incoming 'Hello Request': */
	if ((!s->server) &&
	    (D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
	    (D1I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
	    (s->session != NULL) && (s->session->cipher != NULL)) {
		D1I(s)->handshake_fragment_len = 0;

		if ((D1I(s)->handshake_fragment[1] != 0) ||
		    (D1I(s)->handshake_fragment[2] != 0) ||
		    (D1I(s)->handshake_fragment[3] != 0)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
			goto err;
		}

		/* no need to check sequence number on HELLO REQUEST messages */

		if (s->internal->msg_callback)
			s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
		D1I(s)->handshake_fragment, 4, s, s->internal->msg_callback_arg);

		if (SSL_is_init_finished(s) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
		    !S3I(s)->renegotiate) {
			D1I(s)->handshake_read_seq++;
			s->internal->new_session = 1;
			ssl3_renegotiate(s);
			if (ssl3_renegotiate_check(s)) {
				i = s->internal->handshake_func(s);
				if (i < 0)
					return (i);
				if (i == 0) {
					SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
					return (-1);
				}

				if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
					{
						BIO *bio;
						/* In the case where we try to read application data,
						 * but we trigger an SSL handshake, we return -1 with
						 * the retry option set.  Otherwise renegotiation may
						 * cause nasty problems in the blocking world */
						s->internal->rwstate = SSL_READING;
						bio = SSL_get_rbio(s);
						BIO_clear_retry_flags(bio);
						BIO_set_retry_read(bio);
						return (-1);
					}
				}
			}
		}
		/* we either finished a handshake or ignored the request,
		 * now try again to obtain the (application) data we were asked for */
		goto start;
	}

	if (D1I(s)->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
		int alert_level = D1I(s)->alert_fragment[0];
		int alert_descr = D1I(s)->alert_fragment[1];

		D1I(s)->alert_fragment_len = 0;

		if (s->internal->msg_callback)
			s->internal->msg_callback(0, s->version, SSL3_RT_ALERT,
		D1I(s)->alert_fragment, 2, s, s->internal->msg_callback_arg);

		if (s->internal->info_callback != NULL)
			cb = s->internal->info_callback;
		else if (s->ctx->internal->info_callback != NULL)
			cb = s->ctx->internal->info_callback;

		if (cb != NULL) {
			j = (alert_level << 8) | alert_descr;
			cb(s, SSL_CB_READ_ALERT, j);
		}

		if (alert_level == 1) /* warning */
		{
			S3I(s)->warn_alert = alert_descr;
			if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
				s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
				return (0);
			}
		} else if (alert_level == 2) /* fatal */
		{
			s->internal->rwstate = SSL_NOTHING;
			S3I(s)->fatal_alert = alert_descr;
			SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
			ERR_asprintf_error_data("SSL alert number %d",
			    alert_descr);
			s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN;
			SSL_CTX_remove_session(s->ctx, s->session);
			return (0);
		} else {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
			goto f_err;
		}

		goto start;
	}

	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
	{
		s->internal->rwstate = SSL_NOTHING;
		rr->length = 0;
		return (0);
	}

	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
		struct ccs_header_st ccs_hdr;
		unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

		dtls1_get_ccs_header(rr->data, &ccs_hdr);

		/* 'Change Cipher Spec' is just a single byte, so we know
		 * exactly what the record payload has to look like */
		/* XDTLS: check that epoch is consistent */
		if ((rr->length != ccs_hdr_len) ||
		    (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
			i = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
			goto err;
		}

		rr->length = 0;

		if (s->internal->msg_callback)
			s->internal->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
		rr->data, 1, s, s->internal->msg_callback_arg);

		/* We can't process a CCS now, because previous handshake
		 * messages are still missing, so just drop it.
		 */
		if (!D1I(s)->change_cipher_spec_ok) {
			goto start;
		}

		D1I(s)->change_cipher_spec_ok = 0;

		S3I(s)->change_cipher_spec = 1;
		if (!ssl3_do_change_cipher_spec(s))
			goto err;

		/* do this whenever CCS is processed */
		dtls1_reset_seq_numbers(s, SSL3_CC_READ);

		goto start;
	}

	/* Unexpected handshake message (Client Hello, or protocol violation) */
	if ((D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
	    !s->internal->in_handshake) {
		struct hm_header_st msg_hdr;

		/* this may just be a stale retransmit */
		if (!dtls1_get_message_header(rr->data, &msg_hdr))
			return -1;
		if (rr->epoch != D1I(s)->r_epoch) {
			rr->length = 0;
			goto start;
		}

		/* If we are server, we may have a repeated FINISHED of the
		 * client here, then retransmit our CCS and FINISHED.
		 */
		if (msg_hdr.type == SSL3_MT_FINISHED) {
			if (dtls1_check_timeout_num(s) < 0)
				return -1;

			dtls1_retransmit_buffered_messages(s);
			rr->length = 0;
			goto start;
		}

		if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
			s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
			s->internal->renegotiate = 1;
			s->internal->new_session = 1;
		}
		i = s->internal->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}

		if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
			if (s->s3->rbuf.left == 0) /* no read-ahead left? */
			{
				BIO *bio;
				/* In the case where we try to read application data,
				 * but we trigger an SSL handshake, we return -1 with
				 * the retry option set.  Otherwise renegotiation may
				 * cause nasty problems in the blocking world */
				s->internal->rwstate = SSL_READING;
				bio = SSL_get_rbio(s);
				BIO_clear_retry_flags(bio);
				BIO_set_retry_read(bio);
				return (-1);
			}
		}
		goto start;
	}

	switch (rr->type) {
	default:
		/* TLS just ignores unknown message types */
		if (s->version == TLS1_VERSION) {
			rr->length = 0;
			goto start;
		}
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_UNEXPECTED_RECORD);
		goto f_err;
	case SSL3_RT_CHANGE_CIPHER_SPEC:
	case SSL3_RT_ALERT:
	case SSL3_RT_HANDSHAKE:
		/* we already handled all of these, with the possible exception
		 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
		 * should not happen when type != rr->type */
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto f_err;
	case SSL3_RT_APPLICATION_DATA:
		/* At this point, we were expecting handshake data,
		 * but have application data.  If the library was
		 * running inside ssl3_read() (i.e. in_read_app_data
		 * is set) and it makes sense to read application data
		 * at this point (session renegotiation not yet started),
		 * we will indulge it.
		 */
		if (S3I(s)->in_read_app_data &&
		    (S3I(s)->total_renegotiations != 0) &&
		    (((s->internal->state & SSL_ST_CONNECT) &&
		    (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
		    (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
		    (s->internal->state & SSL_ST_ACCEPT) &&
		    (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
		    (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
			S3I(s)->in_read_app_data = 2;
			return (-1);
		} else {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_UNEXPECTED_RECORD);
			goto f_err;
		}
	}
	/* not reached */

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
{
	int i;

	if (SSL_in_init(s) && !s->internal->in_handshake)
	{
		i = s->internal->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
			return -1;
		}
	}

	if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
		SSLerror(s, SSL_R_DTLS_MESSAGE_TOO_BIG);
		return -1;
	}

	i = dtls1_write_bytes(s, type, buf_, len);
	return i;
}


	/* this only happens when a client hello is received and a handshake
	 * is started. */
static int
have_handshake_fragment(SSL *s, int type, unsigned char *buf,
    int len, int peek)
{

	if ((type == SSL3_RT_HANDSHAKE) && (D1I(s)->handshake_fragment_len > 0))
		/* (partially) satisfy request from storage */
	{
		unsigned char *src = D1I(s)->handshake_fragment;
		unsigned char *dst = buf;
		unsigned int k, n;

		/* peek == 0 */
		n = 0;
		while ((len > 0) && (D1I(s)->handshake_fragment_len > 0)) {
			*dst++ = *src++;
			len--;
			D1I(s)->handshake_fragment_len--;
			n++;
		}
		/* move any remaining fragment bytes: */
		for (k = 0; k < D1I(s)->handshake_fragment_len; k++)
			D1I(s)->handshake_fragment[k] = *src++;
		return n;
	}

	return 0;
}


/* Call this to write data in records of type 'type'
 * It will return <= 0 if not all data has been sent or non-blocking IO.
 */
int
dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
{
	int i;

	OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
	s->internal->rwstate = SSL_NOTHING;
	i = do_dtls1_write(s, type, buf, len);
	return i;
}

int
do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
			return (i);
		/* if it went, fall through and send more stuff */
	}

	if (len == 0)
		return 0;

	wr = &(s->s3->wrec);
	wb = &(s->s3->wbuf);
	sess = s->session;

	if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
	    (EVP_MD_CTX_md(s->write_hash) == NULL))
		clear = 1;

	if (clear)
		mac_size = 0;
	else {
		mac_size = EVP_MD_CTX_size(s->write_hash);
		if (mac_size < 0)
			goto err;
	}

	/* DTLS implements explicit IV, so no need for empty fragments. */

	p = wb->buf + prefix_len;







|



|
|





|







1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
			return (i);
		/* if it went, fall through and send more stuff */
	}

	if (len == 0)
		return 0;

	wr = &(S3I(s)->wrec);
	wb = &(s->s3->wbuf);
	sess = s->session;

	if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
	    (EVP_MD_CTX_md(s->internal->write_hash) == NULL))
		clear = 1;

	if (clear)
		mac_size = 0;
	else {
		mac_size = EVP_MD_CTX_size(s->internal->write_hash);
		if (mac_size < 0)
			goto err;
	}

	/* DTLS implements explicit IV, so no need for empty fragments. */

	p = wb->buf + prefix_len;
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
	p += 10;

	/* lets setup the record stuff. */

	/* Make space for the explicit IV in case of CBC.
	 * (this is a bit of a boundary violation, but what the heck).
	 */
	if (s->enc_write_ctx &&
	    (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
		bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
	else
		bs = 0;

	wr->data = p + bs;
	/* make room for IV in case of CBC */
	wr->length = (int)len;
	wr->input = (unsigned char *)buf;

	/* we now 'read' from wr->input, wr->length bytes into
	 * wr->data */

	memcpy(wr->data, wr->input, wr->length);
	wr->input = wr->data;

	/* we should still have the output to wr->data and the input
	 * from wr->input.  Length should be wr->length.
	 * wr->data still points in the wb->buf */

	if (mac_size != 0) {
		if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
			goto err;
		wr->length += mac_size;
	}

	/* this is true regardless of mac size */
	wr->input = p;
	wr->data = p;


	/* ssl3_enc can only have an error on read */
	if (bs)	/* bs != 0 in case of CBC */
	{
		arc4random_buf(p, bs);
		/* master IV and last CBC residue stand for
		 * the rest of randomness */
		wr->length += bs;
	}

	s->method->ssl3_enc->enc(s, 1);

	/* record length after mac and block padding */
/*	if (type == SSL3_RT_APPLICATION_DATA ||
	(type == SSL3_RT_ALERT && ! SSL_in_init(s))) */

	/* there's only one epoch between handshake and app data */

	s2n(s->d1->w_epoch, pseq);

	/* XDTLS: ?? */
/*	else
	s2n(s->d1->handshake_epoch, pseq);
*/

	memcpy(pseq, &(s->s3->write_sequence[2]), 6);
	pseq += 6;
	s2n(wr->length, pseq);

	/* we should now have
	 * wr->data pointing to the encrypted data, which is
	 * wr->length long */
	wr->type=type; /* not needed but helps for debugging */
	wr->length += DTLS1_RT_HEADER_LENGTH;

	tls1_record_sequence_increment(s->s3->write_sequence);

	/* now let's set up wb */
	wb->left = prefix_len + wr->length;
	wb->offset = 0;

	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
	s->s3->wpend_tot = len;
	s->s3->wpend_buf = buf;
	s->s3->wpend_type = type;
	s->s3->wpend_ret = len;

	/* we now just need to write the buffer */
	return ssl3_write_pending(s, type, buf, len);
err:
	return -1;
}



static int
dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
{
	int cmp;
	unsigned int shift;
	const unsigned char *seq = s->s3->read_sequence;

	cmp = satsub64be(seq, bitmap->max_seq_num);
	if (cmp > 0) {
		memcpy (s->s3->rrec.seq_num, seq, 8);
		return 1; /* this record in new */
	}
	shift = -cmp;
	if (shift >= sizeof(bitmap->map)*8)
		return 0; /* stale, outside the window */
	else if (bitmap->map & (1UL << shift))
		return 0; /* record previously received */

	memcpy(s->s3->rrec.seq_num, seq, 8);
	return 1;
}


static void
dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
{
	int cmp;
	unsigned int shift;
	const unsigned char *seq = s->s3->read_sequence;

	cmp = satsub64be(seq, bitmap->max_seq_num);
	if (cmp > 0) {
		shift = cmp;
		if (shift < sizeof(bitmap->map)*8)
			bitmap->map <<= shift, bitmap->map |= 1UL;
		else







|
|
|



















|


















|







|



|


|









|






|
|
|
|














|



|








|









|







1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
	p += 10;

	/* lets setup the record stuff. */

	/* Make space for the explicit IV in case of CBC.
	 * (this is a bit of a boundary violation, but what the heck).
	 */
	if (s->internal->enc_write_ctx &&
	    (EVP_CIPHER_mode(s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
		bs = EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher);
	else
		bs = 0;

	wr->data = p + bs;
	/* make room for IV in case of CBC */
	wr->length = (int)len;
	wr->input = (unsigned char *)buf;

	/* we now 'read' from wr->input, wr->length bytes into
	 * wr->data */

	memcpy(wr->data, wr->input, wr->length);
	wr->input = wr->data;

	/* we should still have the output to wr->data and the input
	 * from wr->input.  Length should be wr->length.
	 * wr->data still points in the wb->buf */

	if (mac_size != 0) {
		if (tls1_mac(s, &(p[wr->length + bs]), 1) < 0)
			goto err;
		wr->length += mac_size;
	}

	/* this is true regardless of mac size */
	wr->input = p;
	wr->data = p;


	/* ssl3_enc can only have an error on read */
	if (bs)	/* bs != 0 in case of CBC */
	{
		arc4random_buf(p, bs);
		/* master IV and last CBC residue stand for
		 * the rest of randomness */
		wr->length += bs;
	}

	s->method->internal->ssl3_enc->enc(s, 1);

	/* record length after mac and block padding */
/*	if (type == SSL3_RT_APPLICATION_DATA ||
	(type == SSL3_RT_ALERT && ! SSL_in_init(s))) */

	/* there's only one epoch between handshake and app data */

	s2n(D1I(s)->w_epoch, pseq);

	/* XDTLS: ?? */
/*	else
	s2n(D1I(s)->handshake_epoch, pseq);
*/

	memcpy(pseq, &(S3I(s)->write_sequence[2]), 6);
	pseq += 6;
	s2n(wr->length, pseq);

	/* we should now have
	 * wr->data pointing to the encrypted data, which is
	 * wr->length long */
	wr->type=type; /* not needed but helps for debugging */
	wr->length += DTLS1_RT_HEADER_LENGTH;

	tls1_record_sequence_increment(S3I(s)->write_sequence);

	/* now let's set up wb */
	wb->left = prefix_len + wr->length;
	wb->offset = 0;

	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
	S3I(s)->wpend_tot = len;
	S3I(s)->wpend_buf = buf;
	S3I(s)->wpend_type = type;
	S3I(s)->wpend_ret = len;

	/* we now just need to write the buffer */
	return ssl3_write_pending(s, type, buf, len);
err:
	return -1;
}



static int
dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
{
	int cmp;
	unsigned int shift;
	const unsigned char *seq = S3I(s)->read_sequence;

	cmp = satsub64be(seq, bitmap->max_seq_num);
	if (cmp > 0) {
		memcpy (S3I(s)->rrec.seq_num, seq, 8);
		return 1; /* this record in new */
	}
	shift = -cmp;
	if (shift >= sizeof(bitmap->map)*8)
		return 0; /* stale, outside the window */
	else if (bitmap->map & (1UL << shift))
		return 0; /* record previously received */

	memcpy(S3I(s)->rrec.seq_num, seq, 8);
	return 1;
}


static void
dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
{
	int cmp;
	unsigned int shift;
	const unsigned char *seq = S3I(s)->read_sequence;

	cmp = satsub64be(seq, bitmap->max_seq_num);
	if (cmp > 0) {
		shift = cmp;
		if (shift < sizeof(bitmap->map)*8)
			bitmap->map <<= shift, bitmap->map |= 1UL;
		else
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477

	memset(buf, 0x00, sizeof(buf));
	*ptr++ = s->s3->send_alert[0];
	*ptr++ = s->s3->send_alert[1];

#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
	if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
		s2n(s->d1->handshake_read_seq, ptr);
		l2n3(s->d1->r_msg_hdr.frag_off, ptr);
	}
#endif

	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
	if (i <= 0) {
		s->s3->alert_dispatch = 1;
		/* fprintf( stderr, "not done with alert\n" ); */
	} else {
		if (s->s3->send_alert[0] == SSL3_AL_FATAL
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
		|| s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
#endif
		)
			(void)BIO_flush(s->wbio);

		if (s->msg_callback)
			s->msg_callback(1, s->version, SSL3_RT_ALERT,
			    s->s3->send_alert, 2, s, s->msg_callback_arg);

		if (s->info_callback != NULL)
			cb = s->info_callback;
		else if (s->ctx->info_callback != NULL)
			cb = s->ctx->info_callback;

		if (cb != NULL) {
			j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
			cb(s, SSL_CB_WRITE_ALERT, j);
		}
	}
	return (i);
}


static DTLS1_BITMAP *
dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
{

	*is_next_epoch = 0;

	/* In current epoch, accept HM, CCS, DATA, & ALERT */
	if (rr->epoch == s->d1->r_epoch)
		return &s->d1->bitmap;

	/* Only HM and ALERT messages can be from the next epoch */
	else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
		(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
		*is_next_epoch = 1;
		return &s->d1->next_bitmap;
	}

	return NULL;
}

void
dtls1_reset_seq_numbers(SSL *s, int rw)
{
	unsigned char *seq;
	unsigned int seq_bytes = sizeof(s->s3->read_sequence);

	if (rw & SSL3_CC_READ) {
		seq = s->s3->read_sequence;
		s->d1->r_epoch++;
		memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
		memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
	} else {
		seq = s->s3->write_sequence;
		memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
		s->d1->w_epoch++;
	}

	memset(seq, 0x00, seq_bytes);
}







|
|















|
|
|

|
|
|
|

















|
|


|


|









|


|
|
|
|

|
|
|




1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474

	memset(buf, 0x00, sizeof(buf));
	*ptr++ = s->s3->send_alert[0];
	*ptr++ = s->s3->send_alert[1];

#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
	if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
		s2n(D1I(s)->handshake_read_seq, ptr);
		l2n3(D1I(s)->r_msg_hdr.frag_off, ptr);
	}
#endif

	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
	if (i <= 0) {
		s->s3->alert_dispatch = 1;
		/* fprintf( stderr, "not done with alert\n" ); */
	} else {
		if (s->s3->send_alert[0] == SSL3_AL_FATAL
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
		|| s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
#endif
		)
			(void)BIO_flush(s->wbio);

		if (s->internal->msg_callback)
			s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
			    s->s3->send_alert, 2, s, s->internal->msg_callback_arg);

		if (s->internal->info_callback != NULL)
			cb = s->internal->info_callback;
		else if (s->ctx->internal->info_callback != NULL)
			cb = s->ctx->internal->info_callback;

		if (cb != NULL) {
			j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
			cb(s, SSL_CB_WRITE_ALERT, j);
		}
	}
	return (i);
}


static DTLS1_BITMAP *
dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
{

	*is_next_epoch = 0;

	/* In current epoch, accept HM, CCS, DATA, & ALERT */
	if (rr->epoch == D1I(s)->r_epoch)
		return &D1I(s)->bitmap;

	/* Only HM and ALERT messages can be from the next epoch */
	else if (rr->epoch == (unsigned long)(D1I(s)->r_epoch + 1) &&
		(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
		*is_next_epoch = 1;
		return &D1I(s)->next_bitmap;
	}

	return NULL;
}

void
dtls1_reset_seq_numbers(SSL *s, int rw)
{
	unsigned char *seq;
	unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);

	if (rw & SSL3_CC_READ) {
		seq = S3I(s)->read_sequence;
		D1I(s)->r_epoch++;
		memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
		memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
	} else {
		seq = S3I(s)->write_sequence;
		memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));
		D1I(s)->w_epoch++;
	}

	memset(seq, 0x00, seq_bytes);
}
Changes to jni/libressl/ssl/d1_srtp.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_srtp.c,v 1.14 2015/07/17 17:36:24 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_srtp.c,v 1.21 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281

	char *col;
	char *ptr = (char *)profiles_string;

	SRTP_PROTECTION_PROFILE *p;

	if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
		SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
		    SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
		return 1;
	}

	do {
		col = strchr(ptr, ':');

		if (!find_profile_by_name(ptr, &p,
		    col ? col - ptr : (int)strlen(ptr))) {
			sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
		} else {
			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
			    SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
			sk_SRTP_PROTECTION_PROFILE_free(profiles);
			return 1;
		}

		if (col)
			ptr = col + 1;
	} while (col);

	*out = profiles;

	return 0;
}

int
SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
{
	return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
}

int
SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
{
	return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
}


STACK_OF(SRTP_PROTECTION_PROFILE) *
SSL_get_srtp_profiles(SSL *s)
{
	if (s != NULL) {
		if (s->srtp_profiles != NULL) {
			return s->srtp_profiles;
		} else if ((s->ctx != NULL) &&
		    (s->ctx->srtp_profiles != NULL)) {
			return s->ctx->srtp_profiles;
		}
	}

	return NULL;
}

SRTP_PROTECTION_PROFILE *
SSL_get_selected_srtp_profile(SSL *s)
{
	return s->srtp_profile;
}

/* Note: this function returns 0 length if there are no
   profiles specified */
int
ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
{
	int ct = 0;
	int i;
	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
	SRTP_PROTECTION_PROFILE *prof;

	clnt = SSL_get_srtp_profiles(s);

	ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */

	if (p) {
		if (ct == 0) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
			    SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
			return 1;
		}

		if ((2 + ct * 2 + 1) > maxlen) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
			    SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
			return 1;
		}

		/* Add the length */
		s2n(ct * 2, p);
		for (i = 0; i < ct; i++) {
			prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);







<
|










<
|
















|





|







|
|

|
|









|


















<
|




<
|







183
184
185
186
187
188
189

190
191
192
193
194
195
196
197
198
199
200

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264

265
266
267
268
269

270
271
272
273
274
275
276
277

	char *col;
	char *ptr = (char *)profiles_string;

	SRTP_PROTECTION_PROFILE *p;

	if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {

		SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
		return 1;
	}

	do {
		col = strchr(ptr, ':');

		if (!find_profile_by_name(ptr, &p,
		    col ? col - ptr : (int)strlen(ptr))) {
			sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
		} else {

			SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
			sk_SRTP_PROTECTION_PROFILE_free(profiles);
			return 1;
		}

		if (col)
			ptr = col + 1;
	} while (col);

	*out = profiles;

	return 0;
}

int
SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
{
	return ssl_ctx_make_profiles(profiles, &ctx->internal->srtp_profiles);
}

int
SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
{
	return ssl_ctx_make_profiles(profiles, &s->internal->srtp_profiles);
}


STACK_OF(SRTP_PROTECTION_PROFILE) *
SSL_get_srtp_profiles(SSL *s)
{
	if (s != NULL) {
		if (s->internal->srtp_profiles != NULL) {
			return s->internal->srtp_profiles;
		} else if ((s->ctx != NULL) &&
		    (s->ctx->internal->srtp_profiles != NULL)) {
			return s->ctx->internal->srtp_profiles;
		}
	}

	return NULL;
}

SRTP_PROTECTION_PROFILE *
SSL_get_selected_srtp_profile(SSL *s)
{
	return s->internal->srtp_profile;
}

/* Note: this function returns 0 length if there are no
   profiles specified */
int
ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
{
	int ct = 0;
	int i;
	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
	SRTP_PROTECTION_PROFILE *prof;

	clnt = SSL_get_srtp_profiles(s);

	ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */

	if (p) {
		if (ct == 0) {

			SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
			return 1;
		}

		if ((2 + ct * 2 + 1) > maxlen) {

			SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
			return 1;
		}

		/* Add the length */
		s2n(ct * 2, p);
		for (i = 0; i < ct; i++) {
			prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
	int i, j;
	int ret = 1;
	uint16_t id;
	CBS cbs, ciphers, mki;

	if (len < 0) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		goto done;
	}

	CBS_init(&cbs, d, len);
	/* Pull off the cipher suite list */
	if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
	    CBS_len(&ciphers) % 2) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		goto done;
	}

	clnt = sk_SRTP_PROTECTION_PROFILE_new_null();

	while (CBS_len(&ciphers) > 0) {
		if (!CBS_get_u16(&ciphers, &id)) {
			SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
			    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
			*al = SSL_AD_DECODE_ERROR;
			goto done;
		}

		if (!find_profile_by_num(id, &cprof))
			sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
		else
			; /* Ignore */
	}

	/* Extract the MKI value as a sanity check, but discard it for now. */
	if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
	    CBS_len(&cbs) != 0) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
		    SSL_R_BAD_SRTP_MKI_VALUE);
		*al = SSL_AD_DECODE_ERROR;
		goto done;
	}

	srvr = SSL_get_srtp_profiles(s);

	/*
	 * Pick our most preferred profile. If no profiles have been
	 * configured then the outer loop doesn't run
	 * (sk_SRTP_PROTECTION_PROFILE_num() = -1)
	 * and so we just return without doing anything.
	 */
	for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
		sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);

		for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
			cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j);

			if (cprof->id == sprof->id) {
				s->srtp_profile = sprof;
				*al = 0;
				ret = 0;
				goto done;
			}
		}
	}

	ret = 0;

done:
	if (clnt)
		sk_SRTP_PROTECTION_PROFILE_free(clnt);

	return ret;
}

int
ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
{
	if (p) {
		if (maxlen < 5) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
			    SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
			return 1;
		}

		if (s->srtp_profile == 0) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
			    SSL_R_USE_SRTP_NOT_NEGOTIATED);
			return 1;
		}
		s2n(2, p);
		s2n(s->srtp_profile->id, p);
		*p++ = 0;
	}
	*len = 5;

	return 0;
}


int
ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al)
{
	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
	SRTP_PROTECTION_PROFILE *prof;
	int i;
	uint16_t id;
	CBS cbs, profile_ids, mki;

	if (len < 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		return 1;
	}

	CBS_init(&cbs, d, len);

	/*
	 * As per RFC 5764 section 4.1.1, server response MUST be a single
	 * profile id.
	 */
	if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
	    !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		return 1;
	}

	/* Must be no MKI, since we never offer one. */
	if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
		    SSL_R_BAD_SRTP_MKI_VALUE);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 1;
	}

	clnt = SSL_get_srtp_profiles(s);

	/* Throw an error if the server gave us an unsolicited extension. */
	if (clnt == NULL) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
		    SSL_R_NO_SRTP_PROFILES);
		*al = SSL_AD_DECODE_ERROR;
		return 1;
	}

	/*
	 * Check to see if the server gave us something we support
	 * (and presumably offered).
	 */
	for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
		prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);

		if (prof->id == id) {
			s->srtp_profile = prof;
			*al = 0;
			return 0;
		}
	}

	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
	    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
	*al = SSL_AD_DECODE_ERROR;
	return 1;
}

#endif







<
|








<
|








<
|













<
|



















|










<
|









<
|



|
<
|



|


















<
|












<
|






<
|








<
|












|





<
|





296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311

312
313
314
315
316
317
318
319
320

321
322
323
324
325
326
327
328
329
330
331
332
333
334

335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365

366
367
368
369
370
371
372
373
374
375

376
377
378
379
380

381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403

404
405
406
407
408
409
410
411
412
413
414
415
416

417
418
419
420
421
422
423

424
425
426
427
428
429
430
431
432

433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451

452
453
454
455
456
457
	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
	int i, j;
	int ret = 1;
	uint16_t id;
	CBS cbs, ciphers, mki;

	if (len < 0) {

		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		goto done;
	}

	CBS_init(&cbs, d, len);
	/* Pull off the cipher suite list */
	if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
	    CBS_len(&ciphers) % 2) {

		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		goto done;
	}

	clnt = sk_SRTP_PROTECTION_PROFILE_new_null();

	while (CBS_len(&ciphers) > 0) {
		if (!CBS_get_u16(&ciphers, &id)) {

			SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
			*al = SSL_AD_DECODE_ERROR;
			goto done;
		}

		if (!find_profile_by_num(id, &cprof))
			sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
		else
			; /* Ignore */
	}

	/* Extract the MKI value as a sanity check, but discard it for now. */
	if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
	    CBS_len(&cbs) != 0) {

		SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
		*al = SSL_AD_DECODE_ERROR;
		goto done;
	}

	srvr = SSL_get_srtp_profiles(s);

	/*
	 * Pick our most preferred profile. If no profiles have been
	 * configured then the outer loop doesn't run
	 * (sk_SRTP_PROTECTION_PROFILE_num() = -1)
	 * and so we just return without doing anything.
	 */
	for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
		sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);

		for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
			cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j);

			if (cprof->id == sprof->id) {
				s->internal->srtp_profile = sprof;
				*al = 0;
				ret = 0;
				goto done;
			}
		}
	}

	ret = 0;

done:

	sk_SRTP_PROTECTION_PROFILE_free(clnt);

	return ret;
}

int
ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
{
	if (p) {
		if (maxlen < 5) {

			SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
			return 1;
		}

		if (s->internal->srtp_profile == 0) {

			SSLerror(s, SSL_R_USE_SRTP_NOT_NEGOTIATED);
			return 1;
		}
		s2n(2, p);
		s2n(s->internal->srtp_profile->id, p);
		*p++ = 0;
	}
	*len = 5;

	return 0;
}


int
ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al)
{
	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
	SRTP_PROTECTION_PROFILE *prof;
	int i;
	uint16_t id;
	CBS cbs, profile_ids, mki;

	if (len < 0) {

		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		return 1;
	}

	CBS_init(&cbs, d, len);

	/*
	 * As per RFC 5764 section 4.1.1, server response MUST be a single
	 * profile id.
	 */
	if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
	    !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {

		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		return 1;
	}

	/* Must be no MKI, since we never offer one. */
	if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {

		SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 1;
	}

	clnt = SSL_get_srtp_profiles(s);

	/* Throw an error if the server gave us an unsolicited extension. */
	if (clnt == NULL) {

		SSLerror(s, SSL_R_NO_SRTP_PROFILES);
		*al = SSL_AD_DECODE_ERROR;
		return 1;
	}

	/*
	 * Check to see if the server gave us something we support
	 * (and presumably offered).
	 */
	for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
		prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);

		if (prof->id == id) {
			s->internal->srtp_profile = prof;
			*al = 0;
			return 0;
		}
	}


	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
	*al = SSL_AD_DECODE_ERROR;
	return 1;
}

#endif
Changes to jni/libressl/ssl/d1_srvr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: d1_srvr.c,v 1.66 2015/09/12 20:51:33 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
121
122
123
124
125
126
127
128
129
130
131
132


133
134
135
136
137
138
139
140
141




142
143
144
145
146




147

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
#include <openssl/buffer.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

static const SSL_METHOD *dtls1_get_server_method(int ver);
static int dtls1_send_hello_verify_request(SSL *s);

const SSL_METHOD DTLSv1_server_method_data = {
	.version = DTLS1_VERSION,


	.ssl_new = dtls1_new,
	.ssl_clear = dtls1_clear,
	.ssl_free = dtls1_free,
	.ssl_accept = dtls1_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = dtls1_shutdown,




	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = dtls1_get_message,
	.ssl_read_bytes = dtls1_read_bytes,
	.ssl_write_bytes = dtls1_write_app_data_bytes,




	.ssl_dispatch_alert = dtls1_dispatch_alert,

	.ssl_ctrl = dtls1_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = dtls1_get_cipher,
	.get_ssl_method = dtls1_get_server_method,
	.get_timeout = dtls1_default_timeout,
	.ssl3_enc = &DTLSv1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD *
DTLSv1_server_method(void)
{
	return &DTLSv1_server_method_data;
}

static const SSL_METHOD *
dtls1_get_server_method(int ver)
{
	if (ver == DTLS1_VERSION)
		return (DTLSv1_server_method());
	return (NULL);
}

int
dtls1_accept(SSL *s)
{
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	unsigned long alg_k;
	int ret = -1;
	int new_state, state, skip = 0;
	int listen;

	ERR_clear_error();
	errno = 0;

	if (s->info_callback != NULL)
		cb = s->info_callback;
	else if (s->ctx->info_callback != NULL)
		cb = s->ctx->info_callback;

	listen = s->d1->listen;

	/* init things to blank */
	s->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	s->d1->listen = listen;

	if (s->cert == NULL) {
		SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
		ret = -1;
		goto end;
	}

	for (;;) {
		state = s->state;

		switch (s->state) {
		case SSL_ST_RENEGOTIATE:
			s->renegotiate = 1;
			/* s->state=SSL_ST_ACCEPT; */

		case SSL_ST_BEFORE:
		case SSL_ST_ACCEPT:
		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
		case SSL_ST_OK|SSL_ST_ACCEPT:

			s->server = 1;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}
			s->type = SSL_ST_ACCEPT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}

			s->init_num = 0;

			if (s->state != SSL_ST_RENEGOTIATE) {
				/* Ok, we now need to push on a buffering BIO so that
				 * the output is sent in a way that TCP likes :-)
				 * ...but not with SCTP :-)
				 */
				if (!ssl_init_wbio_buffer(s, 1)) {
					ret = -1;
					goto end;
				}

				if (!tls1_init_finished_mac(s)) {
					ret = -1;
					goto end;
				}

				s->state = SSL3_ST_SR_CLNT_HELLO_A;
				s->ctx->stats.sess_accept++;
			} else {
				/* s->state == SSL_ST_RENEGOTIATE,
				 * we will just send a HelloRequest */
				s->ctx->stats.sess_accept_renegotiate++;
				s->state = SSL3_ST_SW_HELLO_REQ_A;
			}

			break;

		case SSL3_ST_SW_HELLO_REQ_A:
		case SSL3_ST_SW_HELLO_REQ_B:

			s->shutdown = 0;
			dtls1_clear_record_buffer(s);
			dtls1_start_timer(s);
			ret = ssl3_send_hello_request(s);
			if (ret <= 0)
				goto end;
			s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
			s->state = SSL3_ST_SW_FLUSH;
			s->init_num = 0;

			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_SW_HELLO_REQ_C:
			s->state = SSL_ST_OK;
			break;

		case SSL3_ST_SR_CLNT_HELLO_A:
		case SSL3_ST_SR_CLNT_HELLO_B:
		case SSL3_ST_SR_CLNT_HELLO_C:

			s->shutdown = 0;
			ret = ssl3_get_client_hello(s);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);

			if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
				s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
			else
				s->state = SSL3_ST_SW_SRVR_HELLO_A;

			s->init_num = 0;

			/* Reflect ClientHello sequence to remain stateless while listening */
			if (listen) {
				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
			}

			/* If we're just listening, stop here */
			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
				ret = 2;
				s->d1->listen = 0;
				/* Set expected sequence numbers
				 * to continue the handshake.
				 */
				s->d1->handshake_read_seq = 2;
				s->d1->handshake_write_seq = 1;
				s->d1->next_handshake_write_seq = 1;
				goto end;
			}

			break;

		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:

			ret = dtls1_send_hello_verify_request(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_FLUSH;
			s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;

			/* HelloVerifyRequest resets Finished MAC */
			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}
			break;


		case SSL3_ST_SW_SRVR_HELLO_A:
		case SSL3_ST_SW_SRVR_HELLO_B:
			s->renegotiate = 2;
			dtls1_start_timer(s);
			ret = ssl3_send_server_hello(s);
			if (ret <= 0)
				goto end;

			if (s->hit) {
				if (s->tlsext_ticket_expected)
					s->state = SSL3_ST_SW_SESSION_TICKET_A;
				else
					s->state = SSL3_ST_SW_CHANGE_A;
			} else
				s->state = SSL3_ST_SW_CERT_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_A:
		case SSL3_ST_SW_CERT_B:
			/* Check if it is anon DH. */
			if (!(s->s3->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				dtls1_start_timer(s);
				ret = dtls1_send_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->tlsext_status_expected)
					s->state = SSL3_ST_SW_CERT_STATUS_A;
				else
					s->state = SSL3_ST_SW_KEY_EXCH_A;
			} else {
				skip = 1;
				s->state = SSL3_ST_SW_KEY_EXCH_A;
			}
			s->init_num = 0;
			break;

		case SSL3_ST_SW_KEY_EXCH_A:
		case SSL3_ST_SW_KEY_EXCH_B:
			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

			/* Only send if using a DH key exchange. */
			if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
				dtls1_start_timer(s);
				ret = ssl3_send_server_key_exchange(s);
				if (ret <= 0)
					goto end;
			} else
				skip = 1;

			s->state = SSL3_ST_SW_CERT_REQ_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_REQ_A:
		case SSL3_ST_SW_CERT_REQ_B:
			/*
			 * Determine whether or not we need to request a
			 * certificate.







<


|

>
>









>
>
>
>





>
>
>
>

>
|
<


<
<
<
|
<
<
<
<
<








|



















|
|
|
|

|


|



|


|





|

|

|
|











|



|










|

|














|
|

|

|
|







|





|
|
|








|






|






|

|

|



|



|

|



|
|
|











|
|











|





|
|
|

|

|
|





|


|


|
|

|


|

|




|










|
|







121
122
123
124
125
126
127

128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

159
160



161





162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
#include <openssl/buffer.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>
#include <openssl/x509.h>


static int dtls1_send_hello_verify_request(SSL *s);

static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
	.version = DTLS1_VERSION,
	.min_version = DTLS1_VERSION,
	.max_version = DTLS1_VERSION,
	.ssl_new = dtls1_new,
	.ssl_clear = dtls1_clear,
	.ssl_free = dtls1_free,
	.ssl_accept = dtls1_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = dtls1_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = dtls1_get_server_method,
	.get_timeout = dtls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = dtls1_get_message,
	.ssl_read_bytes = dtls1_read_bytes,
	.ssl_write_bytes = dtls1_write_app_data_bytes,
	.ssl3_enc = &DTLSv1_enc_data,
};

static const SSL_METHOD DTLSv1_server_method_data = {
	.ssl_dispatch_alert = dtls1_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = dtls1_get_cipher,

	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,



	.internal = &DTLSv1_server_method_internal_data,





};

const SSL_METHOD *
DTLSv1_server_method(void)
{
	return &DTLSv1_server_method_data;
}

const SSL_METHOD *
dtls1_get_server_method(int ver)
{
	if (ver == DTLS1_VERSION)
		return (DTLSv1_server_method());
	return (NULL);
}

int
dtls1_accept(SSL *s)
{
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	unsigned long alg_k;
	int ret = -1;
	int new_state, state, skip = 0;
	int listen;

	ERR_clear_error();
	errno = 0;

	if (s->internal->info_callback != NULL)
		cb = s->internal->info_callback;
	else if (s->ctx->internal->info_callback != NULL)
		cb = s->ctx->internal->info_callback;

	listen = D1I(s)->listen;

	/* init things to blank */
	s->internal->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	D1I(s)->listen = listen;

	if (s->cert == NULL) {
		SSLerror(s, SSL_R_NO_CERTIFICATE_SET);
		ret = -1;
		goto end;
	}

	for (;;) {
		state = s->internal->state;

		switch (s->internal->state) {
		case SSL_ST_RENEGOTIATE:
			s->internal->renegotiate = 1;
			/* s->internal->state=SSL_ST_ACCEPT; */

		case SSL_ST_BEFORE:
		case SSL_ST_ACCEPT:
		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
		case SSL_ST_OK|SSL_ST_ACCEPT:

			s->server = 1;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}
			s->internal->type = SSL_ST_ACCEPT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}

			s->internal->init_num = 0;

			if (s->internal->state != SSL_ST_RENEGOTIATE) {
				/* Ok, we now need to push on a buffering BIO so that
				 * the output is sent in a way that TCP likes :-)
				 * ...but not with SCTP :-)
				 */
				if (!ssl_init_wbio_buffer(s, 1)) {
					ret = -1;
					goto end;
				}

				if (!tls1_init_finished_mac(s)) {
					ret = -1;
					goto end;
				}

				s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
				s->ctx->internal->stats.sess_accept++;
			} else {
				/* s->internal->state == SSL_ST_RENEGOTIATE,
				 * we will just send a HelloRequest */
				s->ctx->internal->stats.sess_accept_renegotiate++;
				s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
			}

			break;

		case SSL3_ST_SW_HELLO_REQ_A:
		case SSL3_ST_SW_HELLO_REQ_B:

			s->internal->shutdown = 0;
			dtls1_clear_record_buffer(s);
			dtls1_start_timer(s);
			ret = ssl3_send_hello_request(s);
			if (ret <= 0)
				goto end;
			S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
			s->internal->state = SSL3_ST_SW_FLUSH;
			s->internal->init_num = 0;

			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_SW_HELLO_REQ_C:
			s->internal->state = SSL_ST_OK;
			break;

		case SSL3_ST_SR_CLNT_HELLO_A:
		case SSL3_ST_SR_CLNT_HELLO_B:
		case SSL3_ST_SR_CLNT_HELLO_C:

			s->internal->shutdown = 0;
			ret = ssl3_get_client_hello(s);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);

			if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
				s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
			else
				s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;

			s->internal->init_num = 0;

			/* Reflect ClientHello sequence to remain stateless while listening */
			if (listen) {
				memcpy(S3I(s)->write_sequence, S3I(s)->read_sequence, sizeof(S3I(s)->write_sequence));
			}

			/* If we're just listening, stop here */
			if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
				ret = 2;
				D1I(s)->listen = 0;
				/* Set expected sequence numbers
				 * to continue the handshake.
				 */
				D1I(s)->handshake_read_seq = 2;
				D1I(s)->handshake_write_seq = 1;
				D1I(s)->next_handshake_write_seq = 1;
				goto end;
			}

			break;

		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:

			ret = dtls1_send_hello_verify_request(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_FLUSH;
			S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;

			/* HelloVerifyRequest resets Finished MAC */
			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}
			break;


		case SSL3_ST_SW_SRVR_HELLO_A:
		case SSL3_ST_SW_SRVR_HELLO_B:
			s->internal->renegotiate = 2;
			dtls1_start_timer(s);
			ret = ssl3_send_server_hello(s);
			if (ret <= 0)
				goto end;

			if (s->internal->hit) {
				if (s->internal->tlsext_ticket_expected)
					s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
				else
					s->internal->state = SSL3_ST_SW_CHANGE_A;
			} else
				s->internal->state = SSL3_ST_SW_CERT_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_A:
		case SSL3_ST_SW_CERT_B:
			/* Check if it is anon DH. */
			if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				dtls1_start_timer(s);
				ret = ssl3_send_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->internal->tlsext_status_expected)
					s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
				else
					s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
			} else {
				skip = 1;
				s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
			}
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_KEY_EXCH_A:
		case SSL3_ST_SW_KEY_EXCH_B:
			alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;

			/* Only send if using a DH key exchange. */
			if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
				dtls1_start_timer(s);
				ret = ssl3_send_server_key_exchange(s);
				if (ret <= 0)
					goto end;
			} else
				skip = 1;

			s->internal->state = SSL3_ST_SW_CERT_REQ_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_REQ_A:
		case SSL3_ST_SW_CERT_REQ_B:
			/*
			 * Determine whether or not we need to request a
			 * certificate.
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521

522
523
524








525
526
527
528




529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713




714

715
716
717

718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
			 *   and in RFC 2246) ... except when the application
			 *   insists on verification (against the specs, but
			 *   s3_clnt.c accepts this for SSL 3).
			 */
			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
			    ((s->session->peer != NULL) &&
			     (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
			    ((s->s3->tmp.new_cipher->algorithm_auth &
			     SSL_aNULL) && !(s->verify_mode &
			     SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
				/* no cert request */
				skip = 1;
				s->s3->tmp.cert_request = 0;
				s->state = SSL3_ST_SW_SRVR_DONE_A;
			} else {
				s->s3->tmp.cert_request = 1;
				dtls1_start_timer(s);
				ret = ssl3_send_certificate_request(s);
				if (ret <= 0)
					goto end;
				s->state = SSL3_ST_SW_SRVR_DONE_A;
				s->init_num = 0;
			}
			break;

		case SSL3_ST_SW_SRVR_DONE_A:
		case SSL3_ST_SW_SRVR_DONE_B:
			dtls1_start_timer(s);
			ret = ssl3_send_server_done(s);
			if (ret <= 0)
				goto end;
			s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
			s->state = SSL3_ST_SW_FLUSH;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_FLUSH:
			s->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				/* If the write error was fatal, stop trying */
				if (!BIO_should_retry(s->wbio)) {
					s->rwstate = SSL_NOTHING;
					s->state = s->s3->tmp.next_state;
				}

				ret = -1;
				goto end;
			}
			s->rwstate = SSL_NOTHING;
			s->state = s->s3->tmp.next_state;
			break;

		case SSL3_ST_SR_CERT_A:
		case SSL3_ST_SR_CERT_B:
			if (s->s3->tmp.cert_request) {
				ret = ssl3_get_client_certificate(s);
				if (ret <= 0)
					goto end;
			}
			s->init_num = 0;
			s->state = SSL3_ST_SR_KEY_EXCH_A;
			break;

		case SSL3_ST_SR_KEY_EXCH_A:
		case SSL3_ST_SR_KEY_EXCH_B:
			ret = ssl3_get_client_key_exchange(s);
			if (ret <= 0)
				goto end;

			s->state = SSL3_ST_SR_CERT_VRFY_A;
			s->init_num = 0;

			if (ret == 2) {
				/* For the ECDH ciphersuites when
				 * the client sends its ECDH pub key in
				 * a certificate, the CertificateVerify
				 * message is not sent.
				 */
				s->state = SSL3_ST_SR_FINISHED_A;
				s->init_num = 0;
			} else if (SSL_USE_SIGALGS(s)) {
				s->state = SSL3_ST_SR_CERT_VRFY_A;
				s->init_num = 0;
				if (!s->session->peer)
					break;

				/*
				 * For sigalgs freeze the handshake buffer
				 * at this point and digest cached records.
				 */
				if (!s->s3->handshake_buffer) {
					SSLerr(SSL_F_SSL3_ACCEPT,
					    ERR_R_INTERNAL_ERROR);
					ret = -1;
					goto end;
				}
				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
				if (!tls1_digest_cached_records(s)) {
					ret = -1;
					goto end;
				}
			} else {
				s->state = SSL3_ST_SR_CERT_VRFY_A;
				s->init_num = 0;


				/* We need to get hashes here so if there is
				 * a client cert, it can be verified */
				s->method->ssl3_enc->cert_verify_mac(s,








				    NID_md5, &(s->s3->tmp.cert_verify_md[0]));
				s->method->ssl3_enc->cert_verify_mac(s,
				    NID_sha1,
				    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));




			}
			break;

		case SSL3_ST_SR_CERT_VRFY_A:
		case SSL3_ST_SR_CERT_VRFY_B:

			s->d1->change_cipher_spec_ok = 1;
			/* we should decide if we expected this one */
			ret = ssl3_get_cert_verify(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SR_FINISHED_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SR_FINISHED_A:
		case SSL3_ST_SR_FINISHED_B:
			s->d1->change_cipher_spec_ok = 1;
			ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
			SSL3_ST_SR_FINISHED_B);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);
			if (s->hit)
				s->state = SSL_ST_OK;
			else if (s->tlsext_ticket_expected)
				s->state = SSL3_ST_SW_SESSION_TICKET_A;
			else
				s->state = SSL3_ST_SW_CHANGE_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_SESSION_TICKET_A:
		case SSL3_ST_SW_SESSION_TICKET_B:
			ret = ssl3_send_newsession_ticket(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_CHANGE_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_STATUS_A:
		case SSL3_ST_SW_CERT_STATUS_B:
			ret = ssl3_send_cert_status(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_KEY_EXCH_A;
			s->init_num = 0;
			break;


		case SSL3_ST_SW_CHANGE_A:
		case SSL3_ST_SW_CHANGE_B:

			s->session->cipher = s->s3->tmp.new_cipher;
			if (!s->method->ssl3_enc->setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			ret = dtls1_send_change_cipher_spec(s,
			SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);

			if (ret <= 0)
				goto end;


			s->state = SSL3_ST_SW_FINISHED_A;
			s->init_num = 0;

			if (!s->method->ssl3_enc->change_cipher_state(s,
				SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
				ret = -1;
				goto end;
			}

			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
			break;

		case SSL3_ST_SW_FINISHED_A:
		case SSL3_ST_SW_FINISHED_B:
			ret = ssl3_send_finished(s,
			    SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
			    s->method->ssl3_enc->server_finished_label,
			    s->method->ssl3_enc->server_finished_label_len);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_FLUSH;
			if (s->hit) {
				s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;

			} else {
				s->s3->tmp.next_state = SSL_ST_OK;
			}
			s->init_num = 0;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			/* remove buffering on output */
			ssl_free_wbio_buffer(s);

			s->init_num = 0;

			if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
			{
				s->renegotiate = 0;
				s->new_session = 0;

				ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

				s->ctx->stats.sess_accept_good++;
				/* s->server=1; */
				s->handshake_func = dtls1_accept;

				if (cb != NULL)
					cb(s, SSL_CB_HANDSHAKE_DONE, 1);
			}

			ret = 1;

			/* done handshaking, next message is client hello */
			s->d1->handshake_read_seq = 0;
			/* next message is server hello */
			s->d1->handshake_write_seq = 0;
			s->d1->next_handshake_write_seq = 0;
			goto end;
			/* break; */

		default:
			SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		if (!s->s3->tmp.reuse_message && !skip) {
			if (s->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}

			if ((cb != NULL) && (s->state != state)) {
				new_state = s->state;
				s->state = state;
				cb(s, SSL_CB_ACCEPT_LOOP, 1);
				s->state = new_state;
			}
		}
		skip = 0;
	}
end:
	/* BIO_flush(s->wbio); */

	s->in_handshake--;

	if (cb != NULL)
		cb(s, SSL_CB_ACCEPT_EXIT, ret);

	return (ret);
}

int
dtls1_send_hello_verify_request(SSL *s)
{
	unsigned char *d, *p;

	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
		d = p = ssl3_handshake_msg_start(s,
		    DTLS1_MT_HELLO_VERIFY_REQUEST);

		*(p++) = s->version >> 8;
		*(p++) = s->version & 0xFF;

		if (s->ctx->app_gen_cookie_cb == NULL ||
		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
			&(s->d1->cookie_len)) == 0) {
			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
			    ERR_R_INTERNAL_ERROR);
			return 0;
		}

		*(p++) = (unsigned char) s->d1->cookie_len;




		memcpy(p, s->d1->cookie, s->d1->cookie_len);

		p += s->d1->cookie_len;

		ssl3_handshake_msg_finish(s, p - d);


		s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
	}

	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
	return (ssl3_handshake_write(s));
}

int
dtls1_send_server_certificate(SSL *s)
{
	unsigned long l;
	X509 *x;

	if (s->state == SSL3_ST_SW_CERT_A) {
		x = ssl_get_server_send_cert(s);
		if (x == NULL) {
			SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,
			    ERR_R_INTERNAL_ERROR);
			return (0);
		}

		l = dtls1_output_cert_chain(s, x);
		s->state = SSL3_ST_SW_CERT_B;
		s->init_num = (int)l;
		s->init_off = 0;

		/* buffer the message to handle re-xmits */
		dtls1_buffer_message(s, 0);
	}

	/* SSL3_ST_SW_CERT_B */
	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
}







|




|
|

|




|
|









|
|
|



|



|
|





|
|




|




|
|








|
|







|
|

|
|







|
<
|









|
|

>
|
|
<
>
>
>
>
>
>
>
>
|
<
<
|
>
>
>
>






|




|
|




|





|
|
|
|

|
|







|
|







|
|






|
|











|
|

|












|
|


|
|
|


|

|









|

|

|
|



|

|








|

|
|




|





|
|




|
|
|

|







|










|

|
<
<

<
<
|
|
|
|
<
|



|
>
>
>
>
|
>
|
|
|
>

|


|

|
|
|
<
|
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508

509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524

525
526
527
528
529
530
531
532
533


534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708


709


710
711
712
713

714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737

738








739
740













			 *   and in RFC 2246) ... except when the application
			 *   insists on verification (against the specs, but
			 *   s3_clnt.c accepts this for SSL 3).
			 */
			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
			    ((s->session->peer != NULL) &&
			     (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
			    ((S3I(s)->tmp.new_cipher->algorithm_auth &
			     SSL_aNULL) && !(s->verify_mode &
			     SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
				/* no cert request */
				skip = 1;
				S3I(s)->tmp.cert_request = 0;
				s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
			} else {
				S3I(s)->tmp.cert_request = 1;
				dtls1_start_timer(s);
				ret = ssl3_send_certificate_request(s);
				if (ret <= 0)
					goto end;
				s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
				s->internal->init_num = 0;
			}
			break;

		case SSL3_ST_SW_SRVR_DONE_A:
		case SSL3_ST_SW_SRVR_DONE_B:
			dtls1_start_timer(s);
			ret = ssl3_send_server_done(s);
			if (ret <= 0)
				goto end;
			S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
			s->internal->state = SSL3_ST_SW_FLUSH;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_FLUSH:
			s->internal->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				/* If the write error was fatal, stop trying */
				if (!BIO_should_retry(s->wbio)) {
					s->internal->rwstate = SSL_NOTHING;
					s->internal->state = S3I(s)->tmp.next_state;
				}

				ret = -1;
				goto end;
			}
			s->internal->rwstate = SSL_NOTHING;
			s->internal->state = S3I(s)->tmp.next_state;
			break;

		case SSL3_ST_SR_CERT_A:
		case SSL3_ST_SR_CERT_B:
			if (S3I(s)->tmp.cert_request) {
				ret = ssl3_get_client_certificate(s);
				if (ret <= 0)
					goto end;
			}
			s->internal->init_num = 0;
			s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
			break;

		case SSL3_ST_SR_KEY_EXCH_A:
		case SSL3_ST_SR_KEY_EXCH_B:
			ret = ssl3_get_client_key_exchange(s);
			if (ret <= 0)
				goto end;

			s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
			s->internal->init_num = 0;

			if (ret == 2) {
				/* For the ECDH ciphersuites when
				 * the client sends its ECDH pub key in
				 * a certificate, the CertificateVerify
				 * message is not sent.
				 */
				s->internal->state = SSL3_ST_SR_FINISHED_A;
				s->internal->init_num = 0;
			} else if (SSL_USE_SIGALGS(s)) {
				s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
				s->internal->init_num = 0;
				if (!s->session->peer)
					break;

				/*
				 * For sigalgs freeze the handshake buffer
				 * at this point and digest cached records.
				 */
				if (!S3I(s)->handshake_buffer) {

					SSLerror(s, ERR_R_INTERNAL_ERROR);
					ret = -1;
					goto end;
				}
				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
				if (!tls1_digest_cached_records(s)) {
					ret = -1;
					goto end;
				}
			} else {
				s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
				s->internal->init_num = 0;

				/*
				 * We need to get hashes here so if there is
				 * a client cert, it can be verified.

				 */
				if (S3I(s)->handshake_buffer) {
					if (!tls1_digest_cached_records(s)) {
						ret = -1;
						goto end;
					}
				}
				if (!tls1_handshake_hash_value(s,
				    S3I(s)->tmp.cert_verify_md,


				    sizeof(S3I(s)->tmp.cert_verify_md),
				    NULL)) {
					ret = -1;
					goto end;
				}
			}
			break;

		case SSL3_ST_SR_CERT_VRFY_A:
		case SSL3_ST_SR_CERT_VRFY_B:

			D1I(s)->change_cipher_spec_ok = 1;
			/* we should decide if we expected this one */
			ret = ssl3_get_cert_verify(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SR_FINISHED_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SR_FINISHED_A:
		case SSL3_ST_SR_FINISHED_B:
			D1I(s)->change_cipher_spec_ok = 1;
			ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
			SSL3_ST_SR_FINISHED_B);
			if (ret <= 0)
				goto end;
			dtls1_stop_timer(s);
			if (s->internal->hit)
				s->internal->state = SSL_ST_OK;
			else if (s->internal->tlsext_ticket_expected)
				s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
			else
				s->internal->state = SSL3_ST_SW_CHANGE_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_SESSION_TICKET_A:
		case SSL3_ST_SW_SESSION_TICKET_B:
			ret = ssl3_send_newsession_ticket(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_CHANGE_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_STATUS_A:
		case SSL3_ST_SW_CERT_STATUS_B:
			ret = ssl3_send_cert_status(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
			s->internal->init_num = 0;
			break;


		case SSL3_ST_SW_CHANGE_A:
		case SSL3_ST_SW_CHANGE_B:

			s->session->cipher = S3I(s)->tmp.new_cipher;
			if (!tls1_setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			ret = dtls1_send_change_cipher_spec(s,
			SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);

			if (ret <= 0)
				goto end;


			s->internal->state = SSL3_ST_SW_FINISHED_A;
			s->internal->init_num = 0;

			if (!tls1_change_cipher_state(s,
				SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
				ret = -1;
				goto end;
			}

			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
			break;

		case SSL3_ST_SW_FINISHED_A:
		case SSL3_ST_SW_FINISHED_B:
			ret = ssl3_send_finished(s,
			    SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
			    TLS_MD_SERVER_FINISH_CONST,
			    TLS_MD_SERVER_FINISH_CONST_SIZE);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_FLUSH;
			if (s->internal->hit) {
				S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A;

			} else {
				S3I(s)->tmp.next_state = SSL_ST_OK;
			}
			s->internal->init_num = 0;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			/* remove buffering on output */
			ssl_free_wbio_buffer(s);

			s->internal->init_num = 0;

			if (s->internal->renegotiate == 2) /* skipped if we just sent a HelloRequest */
			{
				s->internal->renegotiate = 0;
				s->internal->new_session = 0;

				ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

				s->ctx->internal->stats.sess_accept_good++;
				/* s->server=1; */
				s->internal->handshake_func = dtls1_accept;

				if (cb != NULL)
					cb(s, SSL_CB_HANDSHAKE_DONE, 1);
			}

			ret = 1;

			/* done handshaking, next message is client hello */
			D1I(s)->handshake_read_seq = 0;
			/* next message is server hello */
			D1I(s)->handshake_write_seq = 0;
			D1I(s)->next_handshake_write_seq = 0;
			goto end;
			/* break; */

		default:
			SSLerror(s, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		if (!S3I(s)->tmp.reuse_message && !skip) {
			if (s->internal->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}

			if ((cb != NULL) && (s->internal->state != state)) {
				new_state = s->internal->state;
				s->internal->state = state;
				cb(s, SSL_CB_ACCEPT_LOOP, 1);
				s->internal->state = new_state;
			}
		}
		skip = 0;
	}
end:
	/* BIO_flush(s->wbio); */

	s->internal->in_handshake--;

	if (cb != NULL)
		cb(s, SSL_CB_ACCEPT_EXIT, ret);

	return (ret);
}

int
dtls1_send_hello_verify_request(SSL *s)
{
	CBB cbb, verify, cookie;

	memset(&cbb, 0, sizeof(cbb));





	if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
		if (s->ctx->internal->app_gen_cookie_cb == NULL ||
		    s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
			&(D1I(s)->cookie_len)) == 0) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return 0;
		}

		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &verify,
		    DTLS1_MT_HELLO_VERIFY_REQUEST))
			goto err;
		if (!CBB_add_u16(&verify, s->version))
			goto err;
		if (!CBB_add_u8_length_prefixed(&verify, &cookie))
			goto err;
		if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
	}

	/* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);










	return (-1);
}













Changes to jni/libressl/ssl/pqueue.c.
1
2
3
4
5
6
7
8
/* $OpenBSD$ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
/*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
 */
/* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
Deleted jni/libressl/ssl/s23_clnt.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
/* $OpenBSD: s23_clnt.c,v 1.45 2015/09/11 14:39:05 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>

static int ssl23_client_hello(SSL *s);
static int ssl23_get_server_hello(SSL *s);

int
ssl23_connect(SSL *s)
{
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	int ret = -1;
	int new_state, state;

	ERR_clear_error();
	errno = 0;

	if (s->info_callback != NULL)
		cb = s->info_callback;
	else if (s->ctx->info_callback != NULL)
		cb = s->ctx->info_callback;

	s->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	for (;;) {
		state = s->state;

		switch (s->state) {
		case SSL_ST_BEFORE:
		case SSL_ST_CONNECT:
		case SSL_ST_BEFORE|SSL_ST_CONNECT:
		case SSL_ST_OK|SSL_ST_CONNECT:

			if (s->session != NULL) {
				SSLerr(SSL_F_SSL23_CONNECT, SSL_R_SSL23_DOING_SESSION_ID_REUSE);
				ret = -1;
				goto end;
			}
			s->server = 0;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			/* s->version=TLS1_VERSION; */
			s->type = SSL_ST_CONNECT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}
			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}

			s->state = SSL23_ST_CW_CLNT_HELLO_A;
			s->ctx->stats.sess_connect++;
			s->init_num = 0;
			break;

		case SSL23_ST_CW_CLNT_HELLO_A:
		case SSL23_ST_CW_CLNT_HELLO_B:

			s->shutdown = 0;
			ret = ssl23_client_hello(s);
			if (ret <= 0)
				goto end;
			s->state = SSL23_ST_CR_SRVR_HELLO_A;
			s->init_num = 0;

			break;

		case SSL23_ST_CR_SRVR_HELLO_A:
		case SSL23_ST_CR_SRVR_HELLO_B:
			ret = ssl23_get_server_hello(s);
			if (ret >= 0)
				cb = NULL;
			goto end;
			/* break; */

		default:
			SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		if (s->debug) {
			(void)BIO_flush(s->wbio);
		}

		if ((cb != NULL) && (s->state != state)) {
			new_state = s->state;
			s->state = state;
			cb(s, SSL_CB_CONNECT_LOOP, 1);
			s->state = new_state;
		}
	}

end:
	s->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_CONNECT_EXIT, ret);

	return (ret);
}

static int
ssl23_client_hello(SSL *s)
{
	unsigned char *buf;
	unsigned char *p, *d;
	int i;
	unsigned long l;
	int version = 0, version_major, version_minor;
	int ret;
	unsigned long mask, options = s->options;

	/*
	 * SSL_OP_NO_X disables all protocols above X *if* there are
	 * some protocols below X enabled. This is required in order
	 * to maintain "version capability" vector contiguous. So
	 * that if application wants to disable TLS1.0 in favour of
	 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
	 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
	 */
	mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1;
	version = TLS1_2_VERSION;

	if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
		version = TLS1_1_VERSION;
	mask &= ~SSL_OP_NO_TLSv1_1;
	if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
		version = TLS1_VERSION;
	mask &= ~SSL_OP_NO_TLSv1;

	buf = (unsigned char *)s->init_buf->data;
	if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
		arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);

		if (version == TLS1_2_VERSION) {
			version_major = TLS1_2_VERSION_MAJOR;
			version_minor = TLS1_2_VERSION_MINOR;
		} else if (version == TLS1_1_VERSION) {
			version_major = TLS1_1_VERSION_MAJOR;
			version_minor = TLS1_1_VERSION_MINOR;
		} else if (version == TLS1_VERSION) {
			version_major = TLS1_VERSION_MAJOR;
			version_minor = TLS1_VERSION_MINOR;
		} else {
			SSLerr(SSL_F_SSL23_CLIENT_HELLO,
			    SSL_R_NO_PROTOCOLS_AVAILABLE);
			return (-1);
		}

		s->client_version = version;

		/* create Client Hello in SSL 3.0/TLS 1.0 format */

		/*
		 * Do the record header (5 bytes) and handshake
		 * message header (4 bytes) last
		 */
		d = p = &(buf[SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH]);

		*(p++) = version_major;
		*(p++) = version_minor;

		/* Random stuff */
		memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
		p += SSL3_RANDOM_SIZE;

		/* Session ID (zero since there is no reuse) */
		*(p++) = 0;

		/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
		i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
		if (i == 0) {
			SSLerr(SSL_F_SSL23_CLIENT_HELLO,
			    SSL_R_NO_CIPHERS_AVAILABLE);
			return -1;
		}
		s2n(i, p);
		p += i;

		/* add in (no) COMPRESSION */
		*(p++) = 1;
		/* Add the NULL method */
		*(p++) = 0;

		/* TLS extensions*/
		if ((p = ssl_add_clienthello_tlsext(s, p,
		    buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
			SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
			return -1;
		}

		l = p - d;

		/* fill in 4-byte handshake header */
		d = &(buf[SSL3_RT_HEADER_LENGTH]);
		*(d++) = SSL3_MT_CLIENT_HELLO;
		l2n3(l, d);

		l += 4;

		if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
			SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
			return -1;
		}

		/* fill in 5-byte record header */
		d = buf;
		*(d++) = SSL3_RT_HANDSHAKE;
		*(d++) = version_major;

		/*
		 * Some servers hang if we use long client hellos
		 * and a record number > TLS 1.0.
		 */
		if (TLS1_get_client_version(s) > TLS1_VERSION)
			*(d++) = 1;
		else
			*(d++) = version_minor;
		s2n((int)l, d);

		/* number of bytes to write */
		s->init_num = p - buf;
		s->init_off = 0;

		tls1_finish_mac(s, &(buf[SSL3_RT_HEADER_LENGTH]),
		    s->init_num - SSL3_RT_HEADER_LENGTH);

		s->state = SSL23_ST_CW_CLNT_HELLO_B;
		s->init_off = 0;
	}

	/* SSL3_ST_CW_CLNT_HELLO_B */
	ret = ssl23_write_bytes(s);

	if ((ret >= 2) && s->msg_callback) {
		/* Client Hello has been sent; tell msg_callback */

		s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
		    s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
	}

	return ret;
}

static int
ssl23_get_server_hello(SSL *s)
{
	char buf[8];
	unsigned char *p;
	int i;
	int n;

	n = ssl23_read_bytes(s, 7);

	if (n != 7)
		return (n);
	p = s->packet;

	memcpy(buf, p, n);

	/* Old unsupported sslv2 handshake */
	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
	    (p[5] == 0x00) && (p[6] == 0x02)) {
		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
		    SSL_R_UNSUPPORTED_PROTOCOL);
		goto err;
	}

	if (p[1] == SSL3_VERSION_MAJOR &&
	    p[2] <= TLS1_2_VERSION_MINOR &&
	    ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
	    (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
		/* we have sslv3 or tls1 (server hello or alert) */

		if ((p[2] == TLS1_VERSION_MINOR) &&
		    !(s->options & SSL_OP_NO_TLSv1)) {
			s->version = TLS1_VERSION;
			s->method = TLSv1_client_method();
		} else if ((p[2] == TLS1_1_VERSION_MINOR) &&
		    !(s->options & SSL_OP_NO_TLSv1_1)) {
			s->version = TLS1_1_VERSION;
			s->method = TLSv1_1_client_method();
		} else if ((p[2] == TLS1_2_VERSION_MINOR) &&
		    !(s->options & SSL_OP_NO_TLSv1_2)) {
			s->version = TLS1_2_VERSION;
			s->method = TLSv1_2_client_method();
		} else {
			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
			    SSL_R_UNSUPPORTED_PROTOCOL);
			goto err;
		}

		if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
			/* fatal alert */
			void (*cb)(const SSL *ssl, int type, int val) = NULL;
			int j;

			if (s->info_callback != NULL)
				cb = s->info_callback;
			else if (s->ctx->info_callback != NULL)
				cb = s->ctx->info_callback;

			i = p[5];
			if (cb != NULL) {
				j = (i << 8) | p[6];
				cb(s, SSL_CB_READ_ALERT, j);
			}

			if (s->msg_callback)
				s->msg_callback(0, s->version, SSL3_RT_ALERT,
				    p + 5, 2, s, s->msg_callback_arg);

			s->rwstate = SSL_NOTHING;
			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
			    SSL_AD_REASON_OFFSET + p[6]);
			goto err;
		}

		if (!ssl_init_wbio_buffer(s, 1))
			goto err;

		/* we are in this state */
		s->state = SSL3_ST_CR_SRVR_HELLO_A;

		/* put the 7 bytes we have read into the input buffer
		 * for SSLv3 */
		s->rstate = SSL_ST_READ_HEADER;
		s->packet_length = n;
		if (s->s3->rbuf.buf == NULL)
			if (!ssl3_setup_read_buffer(s))
				goto err;
		s->packet = &(s->s3->rbuf.buf[0]);
		memcpy(s->packet, buf, n);
		s->s3->rbuf.left = n;
		s->s3->rbuf.offset = 0;

		s->handshake_func = s->method->ssl_connect;
	} else {
		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
		goto err;
	}
	s->init_num = 0;

	/*
	 * Since, if we are sending a ssl23 client hello, we are not
	 * reusing a session-id
	 */
	if (!ssl_get_new_session(s, 0))
		goto err;

	return (SSL_connect(s));
err:
	return (-1);
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Deleted jni/libressl/ssl/s23_lib.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/* $OpenBSD: s23_lib.c,v 1.17 2014/08/10 14:42:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>

#include <openssl/objects.h>

#include "ssl_locl.h"

long
ssl23_default_timeout(void)
{
	return (300);
}

int
ssl23_read(SSL *s, void *buf, int len)
{
	int n;

	errno = 0;
	if (SSL_in_init(s) && (!s->in_handshake)) {
		n = s->handshake_func(s);
		if (n < 0)
			return (n);
		if (n == 0) {
			SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
		return (SSL_read(s, buf, len));
	} else {
		ssl_undefined_function(s);
		return (-1);
	}
}

int
ssl23_peek(SSL *s, void *buf, int len)
{
	int n;

	errno = 0;
	if (SSL_in_init(s) && (!s->in_handshake)) {
		n = s->handshake_func(s);
		if (n < 0)
			return (n);
		if (n == 0) {
			SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
		return (SSL_peek(s, buf, len));
	} else {
		ssl_undefined_function(s);
		return (-1);
	}
}

int
ssl23_write(SSL *s, const void *buf, int len)
{
	int n;

	errno = 0;
	if (SSL_in_init(s) && (!s->in_handshake)) {
		n = s->handshake_func(s);
		if (n < 0)
			return (n);
		if (n == 0) {
			SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
		return (SSL_write(s, buf, len));
	} else {
		ssl_undefined_function(s);
		return (-1);
	}
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








































































































































































































































































Deleted jni/libressl/ssl/s23_pkt.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/* $OpenBSD: s23_pkt.c,v 1.8 2014/06/12 15:49:31 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <errno.h>
#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>

int
ssl23_write_bytes(SSL *s)
{
	int i, num, tot;
	char *buf;

	buf = s->init_buf->data;
	tot = s->init_off;
	num = s->init_num;
	for (;;) {
		s->rwstate = SSL_WRITING;
		i = BIO_write(s->wbio, &(buf[tot]), num);
		if (i <= 0) {
			s->init_off = tot;
			s->init_num = num;
			return (i);
		}
		s->rwstate = SSL_NOTHING;
		if (i == num)
			return (tot + i);

		num -= i;
		tot += i;
	}
}

/* return regularly only when we have read (at least) 'n' bytes */
int
ssl23_read_bytes(SSL *s, int n)
{
	unsigned char *p;
	int j;

	if (s->packet_length < (unsigned int)n) {
		p = s->packet;

		for (;;) {
			s->rwstate = SSL_READING;
			j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
			    n - s->packet_length);
			if (j <= 0)
				return (j);
			s->rwstate = SSL_NOTHING;
			s->packet_length += j;
			if (s->packet_length >= (unsigned int)n)
				return (s->packet_length);
		}
	}
	return (n);
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








































































































































































































































Deleted jni/libressl/ssl/s23_srvr.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
/* $OpenBSD: s23_srvr.c,v 1.46 2015/10/25 15:49:04 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>

int ssl23_get_client_hello(SSL *s);

int
ssl23_accept(SSL *s)
{
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	int ret = -1;
	int new_state, state;

	ERR_clear_error();
	errno = 0;

	if (s->info_callback != NULL)
		cb = s->info_callback;
	else if (s->ctx->info_callback != NULL)
		cb = s->ctx->info_callback;

	s->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	for (;;) {
		state = s->state;

		switch (s->state) {
		case SSL_ST_BEFORE:
		case SSL_ST_ACCEPT:
		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
		case SSL_ST_OK|SSL_ST_ACCEPT:

			s->server = 1;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			/* s->version=SSL3_VERSION; */
			s->type = SSL_ST_ACCEPT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}

			s->state = SSL23_ST_SR_CLNT_HELLO_A;
			s->ctx->stats.sess_accept++;
			s->init_num = 0;
			break;

		case SSL23_ST_SR_CLNT_HELLO_A:
		case SSL23_ST_SR_CLNT_HELLO_B:

			s->shutdown = 0;
			ret = ssl23_get_client_hello(s);
			if (ret >= 0)
				cb = NULL;
			goto end;
			/* break; */

		default:
			SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		if ((cb != NULL) && (s->state != state)) {
			new_state = s->state;
			s->state = state;
			cb(s, SSL_CB_ACCEPT_LOOP, 1);
			s->state = new_state;
		}
	}

end:
	s->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_ACCEPT_EXIT, ret);

	return (ret);
}


int
ssl23_get_client_hello(SSL *s)
{
	char buf[11];
	/*
	 * sizeof(buf) == 11, because we'll need to request this many bytes in
	 * the initial read.
	 * We can detect SSL 3.0/TLS 1.0 Client Hellos ('type == 3') correctly
	 * only when the following is in a single record, which is not
	 * guaranteed by the protocol specification:
	 * Byte  Content
	 *  0     type            \
	 *  1/2   version          > record header
	 *  3/4   length          /
	 *  5     msg_type        \
	 *  6-8   length           > Client Hello message
	 *  9/10  client_version  /
	 */
	unsigned char *p, *d, *d_len, *dd;
	unsigned int i;
	unsigned int csl, sil, cl;
	int n = 0, j;
	int type = 0;
	int v[2];

	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A) {
		/* read the initial header */
		v[0] = v[1] = 0;

		if (!ssl3_setup_buffers(s))
			return -1;

		n = ssl23_read_bytes(s, sizeof buf);
		if (n != sizeof buf)
			return(n);

		p = s->packet;

		memcpy(buf, p, n);

		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
			/*
			 * SSLv2 header
			 */
			if ((p[3] == 0x00) && (p[4] == 0x02)) {
				/* SSLv2 support has been removed */
				goto unsupported;

			} else if (p[3] == SSL3_VERSION_MAJOR) {
				v[0] = p[3];
				v[1] = p[4];
				/* SSLv3/TLS */

				if (p[4] >= TLS1_VERSION_MINOR) {
					if (p[4] >= TLS1_2_VERSION_MINOR &&
					    !(s->options & SSL_OP_NO_TLSv1_2)) {
						s->version = TLS1_2_VERSION;
						s->state = SSL23_ST_SR_CLNT_HELLO_B;
					} else if (p[4] >= TLS1_1_VERSION_MINOR &&
					    !(s->options & SSL_OP_NO_TLSv1_1)) {
						s->version = TLS1_1_VERSION;
						/* type=2; */ /* done later to survive restarts */
						s->state = SSL23_ST_SR_CLNT_HELLO_B;
					} else if (!(s->options & SSL_OP_NO_TLSv1)) {
						s->version = TLS1_VERSION;
						/* type=2; */ /* done later to survive restarts */
						s->state = SSL23_ST_SR_CLNT_HELLO_B;
					} else {
						goto unsupported;
					}
				} else {
					/* SSLv3 support has been removed */
					goto unsupported;
				}
			}
		} else if ((p[0] == SSL3_RT_HANDSHAKE) &&
		    (p[1] == SSL3_VERSION_MAJOR) &&
		    (p[5] == SSL3_MT_CLIENT_HELLO) &&
		    ((p[3] == 0 && p[4] < 5 /* silly record length? */) ||
		    (p[9] >= p[1]))) {
			/*
			 * SSLv3 or tls1 header
			 */

			v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
			/* We must look at client_version inside the Client Hello message
			 * to get the correct minor version.
			 * However if we have only a pathologically small fragment of the
			 * Client Hello message, this would be difficult, and we'd have
			 * to read more records to find out.
			 * No known SSL 3.0 client fragments ClientHello like this,
			 * so we simply reject such connections to avoid
			 * protocol version downgrade attacks. */
			if (p[3] == 0 && p[4] < 6) {
				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
				    SSL_R_RECORD_TOO_SMALL);
				return -1;
			}
			/* if major version number > 3 set minor to a value
			 * which will use the highest version 3 we support.
			 * If TLS 2.0 ever appears we will need to revise
			 * this....
			 */
			if (p[9] > SSL3_VERSION_MAJOR)
				v[1] = 0xff;
			else
				v[1] = p[10]; /* minor version according to client_version */
			if (v[1] >= TLS1_VERSION_MINOR) {
				if (v[1] >= TLS1_2_VERSION_MINOR &&
				    !(s->options & SSL_OP_NO_TLSv1_2)) {
					s->version = TLS1_2_VERSION;
					type = 3;
				} else if (v[1] >= TLS1_1_VERSION_MINOR &&
				    !(s->options & SSL_OP_NO_TLSv1_1)) {
					s->version = TLS1_1_VERSION;
					type = 3;
				} else if (!(s->options & SSL_OP_NO_TLSv1)) {
					s->version = TLS1_VERSION;
					type = 3;
				} else {
					goto unsupported;
				}
			} else {
				/* SSLv3 */
				if (!(s->options & SSL_OP_NO_TLSv1)) {
					/* we won't be able to use TLS of course,
					 * but this will send an appropriate alert */
					s->version = TLS1_VERSION;
					type = 3;
				} else {
					goto unsupported;
				}
			}
		}
		else if ((strncmp("GET ", (char *)p, 4) == 0) ||
		    (strncmp("POST ",(char *)p, 5) == 0) ||
		    (strncmp("HEAD ",(char *)p, 5) == 0) ||
		    (strncmp("PUT ", (char *)p, 4) == 0)) {
			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
			return -1;
		} else if (strncmp("CONNECT", (char *)p, 7) == 0) {
			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
			return -1;
		}
	}

	if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
		/* we have SSLv3/TLSv1 in an SSLv2 header
		 * (other cases skip this state) */

		/*
		 * Limit the support of "backward compatible" headers
		 * only to "backward" versions of TLS. If we have moved
		 * on to modernity, just say no.
		 */
		if (s->options & SSL_OP_NO_TLSv1)
			goto unsupported;

		type = 2;
		p = s->packet;
		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
		v[1] = p[4];

		/* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
		 * header is sent directly on the wire, not wrapped as a TLS
		 * record. It's format is:
		 * Byte  Content
		 * 0-1   msg_length
		 * 2     msg_type
		 * 3-4   version
		 * 5-6   cipher_spec_length
		 * 7-8   session_id_length
		 * 9-10  challenge_length
		 * ...   ...
		 */
		n = ((p[0] & 0x7f) << 8) | p[1];
		if (n > (1024 * 4)) {
			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
			return -1;
		}
		if (n < 9) {
			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
			    SSL_R_RECORD_LENGTH_MISMATCH);
			return -1;
		}

		j = ssl23_read_bytes(s, n + 2);
		if (j != n + 2)
			return -1;

		tls1_finish_mac(s, s->packet + 2, s->packet_length - 2);
		if (s->msg_callback)
			s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
			    s->packet_length - 2, s, s->msg_callback_arg);

		p = s->packet;
		p += 5;
		n2s(p, csl);
		n2s(p, sil);
		n2s(p, cl);
		d = (unsigned char *)s->init_buf->data;
		if ((csl + sil + cl + 11) != s->packet_length) {
			/*
			 * We can't have TLS extensions in SSL 2.0 format
			 * Client Hello, can we ? Error condition should be
			 * '>' otherwise
			 */
			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
			    SSL_R_RECORD_LENGTH_MISMATCH);
			return -1;
		}

		/* record header: msg_type ... */
		*(d++) = SSL3_MT_CLIENT_HELLO;
		/* ... and length (actual value will be written later) */
		d_len = d;
		d += 3;

		/* client_version */
		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
		*(d++) = v[1];

		/* lets populate the random area */
		/* get the challenge_length */
		i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
		memset(d, 0, SSL3_RANDOM_SIZE);
		memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
		d += SSL3_RANDOM_SIZE;

		/* no session-id reuse */
		*(d++) = 0;

		/* ciphers */
		j = 0;
		dd = d;
		d += 2;
		for (i = 0; i < csl; i += 3) {
			if (p[i] != 0)
				continue;
			*(d++) = p[i + 1];
			*(d++) = p[i + 2];
			j += 2;
		}
		s2n(j, dd);

		/* add in (no) COMPRESSION */
		*(d++) = 1;
		*(d++) = 0;

		i = (d - (unsigned char *)s->init_buf->data) - 4;
		l2n3((long)i, d_len);

		/* get the data reused from the init_buf */
		s->s3->tmp.reuse_message = 1;
		s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
		s->s3->tmp.message_size = i;
	}

	/* imaginary new state (for program structure): */
	/* s->state = SSL23_SR_CLNT_HELLO_C */

	if (type == 2 || type == 3) {
		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */

		if (!ssl_init_wbio_buffer(s, 1))
			return -1;

		/* we are in this state */
		s->state = SSL3_ST_SR_CLNT_HELLO_A;

		if (type == 3) {
			/* put the 'n' bytes we have read into the input buffer
			 * for SSLv3 */
			s->rstate = SSL_ST_READ_HEADER;
			s->packet_length = n;
			if (s->s3->rbuf.buf == NULL)
				if (!ssl3_setup_read_buffer(s))
					return -1;

			s->packet = &(s->s3->rbuf.buf[0]);
			memcpy(s->packet, buf, n);
			s->s3->rbuf.left = n;
			s->s3->rbuf.offset = 0;
		} else {
			s->packet_length = 0;
			s->s3->rbuf.left = 0;
			s->s3->rbuf.offset = 0;
		}
		if (s->version == TLS1_2_VERSION)
			s->method = TLSv1_2_server_method();
		else if (s->version == TLS1_1_VERSION)
			s->method = TLSv1_1_server_method();
		else if (s->version == TLS1_VERSION)
			s->method = TLSv1_server_method();
		else
			goto unsupported;
		s->handshake_func = s->method->ssl_accept;
	} else {
		/* bad, very bad */
		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
		return -1;
	}
	s->init_num = 0;

	return (SSL_accept(s));

 unsupported:
	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
	return -1;
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Deleted jni/libressl/ssl/s3_both.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
/* $OpenBSD: s3_both.c,v 1.47 2015/09/11 18:08:21 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */

#include <limits.h>
#include <stdio.h>
#include <string.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

#include "bytestring.h"

/*
 * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
 * SSL3_RT_CHANGE_CIPHER_SPEC).
 */
int
ssl3_do_write(SSL *s, int type)
{
	int ret;

	ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
	    s->init_num);
	if (ret < 0)
		return (-1);

	if (type == SSL3_RT_HANDSHAKE)
		/*
		 * Should not be done for 'Hello Request's, but in that case
		 * we'll ignore the result anyway.
		 */
		tls1_finish_mac(s,
		    (unsigned char *)&s->init_buf->data[s->init_off], ret);

	if (ret == s->init_num) {
		if (s->msg_callback)
			s->msg_callback(1, s->version, type, s->init_buf->data,
			    (size_t)(s->init_off + s->init_num), s,
			    s->msg_callback_arg);
		return (1);
	}

	s->init_off += ret;
	s->init_num -= ret;

	return (0);
}

int
ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
	unsigned char *p;
	int md_len;

	if (s->state == a) {
		md_len = s->method->ssl3_enc->finish_mac_length;
		OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);

		if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
		    s->s3->tmp.finish_md) != md_len)
			return (0);
		s->s3->tmp.finish_md_len = md_len;

		/* Copy finished so we can use it for renegotiation checks. */
		if (s->type == SSL_ST_CONNECT) {
			memcpy(s->s3->previous_client_finished,
			    s->s3->tmp.finish_md, md_len);
			s->s3->previous_client_finished_len = md_len;
		} else {
			memcpy(s->s3->previous_server_finished,
			    s->s3->tmp.finish_md, md_len);
			s->s3->previous_server_finished_len = md_len;
		}

		p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);
		memcpy(p, s->s3->tmp.finish_md, md_len);
		ssl3_handshake_msg_finish(s, md_len);

		s->state = b;
	}

	return (ssl3_handshake_write(s));
}

/*
 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
 * so far.
 */
static void
ssl3_take_mac(SSL *s)
{
	const char *sender;
	int slen;

	/*
	 * If no new cipher setup return immediately: other functions will
	 * set the appropriate error.
	 */
	if (s->s3->tmp.new_cipher == NULL)
		return;

	if (s->state & SSL_ST_CONNECT) {
		sender = s->method->ssl3_enc->server_finished_label;
		slen = s->method->ssl3_enc->server_finished_label_len;
	} else {
		sender = s->method->ssl3_enc->client_finished_label;
		slen = s->method->ssl3_enc->client_finished_label_len;
	}

	s->s3->tmp.peer_finish_md_len =
	    s->method->ssl3_enc->final_finish_mac(s, sender, slen,
		s->s3->tmp.peer_finish_md);
}

int
ssl3_get_finished(SSL *s, int a, int b)
{
	int al, ok, md_len;
	long n;
	CBS cbs;

	/* should actually be 36+4 :-) */
	n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
	if (!ok)
		return ((int)n);

	/* If this occurs, we have missed a message */
	if (!s->s3->change_cipher_spec) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
		goto f_err;
	}
	s->s3->change_cipher_spec = 0;

	md_len = s->method->ssl3_enc->finish_mac_length;

	if (n < 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
		goto f_err;
	}

	CBS_init(&cbs, s->init_msg, n);

	if (s->s3->tmp.peer_finish_md_len != md_len ||
	    CBS_len(&cbs) != md_len) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
		goto f_err;
	}

	if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) {
		al = SSL_AD_DECRYPT_ERROR;
		SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
		goto f_err;
	}

	/* Copy finished so we can use it for renegotiation checks. */
	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
	if (s->type == SSL_ST_ACCEPT) {
		memcpy(s->s3->previous_client_finished,
		    s->s3->tmp.peer_finish_md, md_len);
		s->s3->previous_client_finished_len = md_len;
	} else {
		memcpy(s->s3->previous_server_finished,
		    s->s3->tmp.peer_finish_md, md_len);
		s->s3->previous_server_finished_len = md_len;
	}

	return (1);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	return (0);
}

/* for these 2 messages, we need to
 * ssl->enc_read_ctx			re-init
 * ssl->s3->read_sequence		zero
 * ssl->s3->read_mac_secret		re-init
 * ssl->session->read_sym_enc		assign
 * ssl->session->read_hash		assign
 */
int
ssl3_send_change_cipher_spec(SSL *s, int a, int b)
{
	unsigned char *p;

	if (s->state == a) {
		p = (unsigned char *)s->init_buf->data;
		*p = SSL3_MT_CCS;
		s->init_num = 1;
		s->init_off = 0;

		s->state = b;
	}

	/* SSL3_ST_CW_CHANGE_B */
	return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
}

static int
ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
{
	int n;
	unsigned char *p;

	n = i2d_X509(x, NULL);
	if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
		SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
		return (-1);
	}
	/* XXX */
	p = (unsigned char *)&(buf->data[*l]);
	l2n3(n, p);
	i2d_X509(x, &p);
	*l += n + 3;

	return (0);
}

unsigned long
ssl3_output_cert_chain(SSL *s, X509 *x)
{
	unsigned char *p;
	unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3;
	BUF_MEM *buf;
	int no_chain;
	int i;

	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
		no_chain = 1;
	else
		no_chain = 0;

	/* TLSv1 sends a chain with nothing in it, instead of an alert */
	buf = s->init_buf;
	if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) {
		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
		return (0);
	}
	if (x != NULL) {
		if (no_chain) {
			if (ssl3_add_cert_to_buf(buf, &l, x))
				return (0);
		} else {
			X509_STORE_CTX xs_ctx;

			if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
			    x, NULL)) {
				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
				    ERR_R_X509_LIB);
				return (0);
			}
			X509_verify_cert(&xs_ctx);

			/* Don't leave errors in the queue. */
			ERR_clear_error();
			for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
				x = sk_X509_value(xs_ctx.chain, i);
				if (ssl3_add_cert_to_buf(buf, &l, x)) {
					X509_STORE_CTX_cleanup(&xs_ctx);
					return 0;
				}
			}
			X509_STORE_CTX_cleanup(&xs_ctx);
		}
	}
	/* Thawte special :-) */
	for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
		x = sk_X509_value(s->ctx->extra_certs, i);
		if (ssl3_add_cert_to_buf(buf, &l, x))
			return (0);
	}

	l -= ssl3_handshake_msg_hdr_len(s) + 3;
	p = (unsigned char *)&(buf->data[4]);
	l2n3(l, p);
	l += 3;
	p = (unsigned char *)&(buf->data[0]);
	*(p++) = SSL3_MT_CERTIFICATE;
	l2n3(l, p);
	l += 4; /* XXX */
	return (l);
}

/*
 * Obtain handshake message of message type 'mt' (any if mt == -1),
 * maximum acceptable body length 'max'.
 * The first four bytes (msg_type and length) are read in state 'st1',
 * the body is read in state 'stn'.
 */
long
ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
	unsigned char *p;
	uint32_t l;
	long n;
	int i, al;
	CBS cbs;
	uint8_t u8;

	if (s->s3->tmp.reuse_message) {
		s->s3->tmp.reuse_message = 0;
		if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_GET_MESSAGE,
			    SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}
		*ok = 1;
		s->init_msg = s->init_buf->data + 4;
		s->init_num = (int)s->s3->tmp.message_size;
		return s->init_num;
	}

	p = (unsigned char *)s->init_buf->data;

	/* s->init_num < 4 */
	if (s->state == st1) {
		int skip_message;

		do {
			while (s->init_num < 4) {
				i = s->method->ssl_read_bytes(s,
				    SSL3_RT_HANDSHAKE, &p[s->init_num],
				    4 - s->init_num, 0);
				if (i <= 0) {
					s->rwstate = SSL_READING;
					*ok = 0;
					return i;
				}
				s->init_num += i;
			}

			skip_message = 0;
			if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) {
				/*
				 * The server may always send 'Hello Request'
				 * messages -- we are doing a handshake anyway
				 * now, so ignore them if their format is
				 * correct.  Does not count for 'Finished' MAC.
				 */
				if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
					s->init_num = 0;
					skip_message = 1;

					if (s->msg_callback)
						s->msg_callback(0, s->version,
						    SSL3_RT_HANDSHAKE, p, 4, s,
						    s->msg_callback_arg);
				}
			}
		} while (skip_message);

		/* s->init_num == 4 */

		if ((mt >= 0) && (*p != mt)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_GET_MESSAGE,
			    SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}

		/* XXX remove call to n2l3 */
		CBS_init(&cbs, p, 4);
		if (!CBS_get_u8(&cbs, &u8) ||
		    !CBS_get_u24(&cbs, &l)) {
			SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
			goto err;
		}
		s->s3->tmp.message_type = u8;

		if (l > (unsigned long)max) {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_SSL3_GET_MESSAGE,
			    SSL_R_EXCESSIVE_MESSAGE_SIZE);
			goto f_err;
		}
		if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
			SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
			goto err;
		}
		s->s3->tmp.message_size = l;
		s->state = stn;

		s->init_msg = s->init_buf->data + 4;
		s->init_num = 0;
	}

	/* next state (stn) */
	p = s->init_msg;
	n = s->s3->tmp.message_size - s->init_num;
	while (n > 0) {
		i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
		    &p[s->init_num], n, 0);
		if (i <= 0) {
			s->rwstate = SSL_READING;
			*ok = 0;
			return i;
		}
		s->init_num += i;
		n -= i;
	}

	/* If receiving Finished, record MAC of prior handshake messages for
	 * Finished verification. */
	if (*s->init_buf->data == SSL3_MT_FINISHED)
		ssl3_take_mac(s);

	/* Feed this message into MAC computation. */
	tls1_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
	if (s->msg_callback)
		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
		    s->init_buf->data, (size_t)s->init_num + 4, s,
		    s->msg_callback_arg);

	*ok = 1;
	return (s->init_num);

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	*ok = 0;
	return (-1);
}

int
ssl_cert_type(X509 *x, EVP_PKEY *pkey)
{
	EVP_PKEY *pk;
	int ret = -1, i;

	if (pkey == NULL)
		pk = X509_get_pubkey(x);
	else
		pk = pkey;
	if (pk == NULL)
		goto err;

	i = pk->type;
	if (i == EVP_PKEY_RSA) {
		ret = SSL_PKEY_RSA_ENC;
	} else if (i == EVP_PKEY_DSA) {
		ret = SSL_PKEY_DSA_SIGN;
	} else if (i == EVP_PKEY_EC) {
		ret = SSL_PKEY_ECC;
	} else if (i == NID_id_GostR3410_2001 ||
	    i == NID_id_GostR3410_2001_cc) {
		ret = SSL_PKEY_GOST01;
	}

err:
	if (!pkey)
		EVP_PKEY_free(pk);
	return (ret);
}

int
ssl_verify_alarm_type(long type)
{
	int al;

	switch (type) {
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
	case X509_V_ERR_UNABLE_TO_GET_CRL:
	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
		al = SSL_AD_UNKNOWN_CA;
		break;
	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
	case X509_V_ERR_CERT_NOT_YET_VALID:
	case X509_V_ERR_CRL_NOT_YET_VALID:
	case X509_V_ERR_CERT_UNTRUSTED:
	case X509_V_ERR_CERT_REJECTED:
		al = SSL_AD_BAD_CERTIFICATE;
		break;
	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
		al = SSL_AD_DECRYPT_ERROR;
		break;
	case X509_V_ERR_CERT_HAS_EXPIRED:
	case X509_V_ERR_CRL_HAS_EXPIRED:
		al = SSL_AD_CERTIFICATE_EXPIRED;
		break;
	case X509_V_ERR_CERT_REVOKED:
		al = SSL_AD_CERTIFICATE_REVOKED;
		break;
	case X509_V_ERR_OUT_OF_MEM:
		al = SSL_AD_INTERNAL_ERROR;
		break;
	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
	case X509_V_ERR_INVALID_CA:
		al = SSL_AD_UNKNOWN_CA;
		break;
	case X509_V_ERR_APPLICATION_VERIFICATION:
		al = SSL_AD_HANDSHAKE_FAILURE;
		break;
	case X509_V_ERR_INVALID_PURPOSE:
		al = SSL_AD_UNSUPPORTED_CERTIFICATE;
		break;
	default:
		al = SSL_AD_CERTIFICATE_UNKNOWN;
		break;
	}
	return (al);
}

int
ssl3_setup_init_buffer(SSL *s)
{
	BUF_MEM *buf = NULL;

	if (s->init_buf != NULL)
		return (1);

	if ((buf = BUF_MEM_new()) == NULL)
		goto err;
	if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH))
		goto err;

	s->init_buf = buf;
	return (1);

err:
	BUF_MEM_free(buf);
	return (0);
}

int
ssl3_setup_read_buffer(SSL *s)
{
	unsigned char *p;
	size_t len, align, headerlen;

	if (SSL_IS_DTLS(s))
		headerlen = DTLS1_RT_HEADER_LENGTH;
	else
		headerlen = SSL3_RT_HEADER_LENGTH;

	align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);

	if (s->s3->rbuf.buf == NULL) {
		len = SSL3_RT_MAX_PLAIN_LENGTH +
		    SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
		if ((p = malloc(len)) == NULL)
			goto err;
		s->s3->rbuf.buf = p;
		s->s3->rbuf.len = len;
	}

	s->packet = &(s->s3->rbuf.buf[0]);
	return 1;

err:
	SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
	return 0;
}

int
ssl3_setup_write_buffer(SSL *s)
{
	unsigned char *p;
	size_t len, align, headerlen;

	if (SSL_IS_DTLS(s))
		headerlen = DTLS1_RT_HEADER_LENGTH + 1;
	else
		headerlen = SSL3_RT_HEADER_LENGTH;

	align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);

	if (s->s3->wbuf.buf == NULL) {
		len = s->max_send_fragment +
		    SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
		if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
			len += headerlen + align +
			    SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;

		if ((p = malloc(len)) == NULL)
			goto err;
		s->s3->wbuf.buf = p;
		s->s3->wbuf.len = len;
	}

	return 1;

err:
	SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
	return 0;
}

int
ssl3_setup_buffers(SSL *s)
{
	if (!ssl3_setup_read_buffer(s))
		return 0;
	if (!ssl3_setup_write_buffer(s))
		return 0;
	return 1;
}

int
ssl3_release_write_buffer(SSL *s)
{
	free(s->s3->wbuf.buf);
	s->s3->wbuf.buf = NULL;
	return 1;
}

int
ssl3_release_read_buffer(SSL *s)
{
	free(s->s3->rbuf.buf);
	s->s3->rbuf.buf = NULL;
	return 1;
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<














































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/ssl/s3_cbc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s3_cbc.c,v 1.11 2015/09/11 17:17:44 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s3_cbc.c,v 1.16 2017/01/23 08:08:06 beck Exp $ */
/* ====================================================================
 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330


331


332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370

371
372
373
374
375
376
377
378






379
380
381
382
383
384
385
386
387
388
389
390
391
	SHA_CTX *sha1 = ctx;
	l2n(sha1->h0, md_out);
	l2n(sha1->h1, md_out);
	l2n(sha1->h2, md_out);
	l2n(sha1->h3, md_out);
	l2n(sha1->h4, md_out);
}
#define LARGEST_DIGEST_CTX SHA_CTX

static void
tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
{
	SHA256_CTX *sha256 = ctx;
	unsigned i;

	for (i = 0; i < 8; i++) {
		l2n(sha256->h[i], md_out);
	}
}
#undef  LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA256_CTX

static void
tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
{
	SHA512_CTX *sha512 = ctx;
	unsigned i;

	for (i = 0; i < 8; i++) {
		l2n8(sha512->h[i], md_out);
	}
}


#undef  LARGEST_DIGEST_CTX


#define LARGEST_DIGEST_CTX SHA512_CTX

/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
 * which ssl3_cbc_digest_record supports. */
char
ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
{
	switch (EVP_MD_CTX_type(ctx)) {
	case NID_md5:
	case NID_sha1:
	case NID_sha224:
	case NID_sha256:
	case NID_sha384:
	case NID_sha512:
		return 1;
	default:
		return 0;
	}
}

/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
 * record.
 *
 *   ctx: the EVP_MD_CTX from which we take the hash function.
 *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
 *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
 *   md_out_size: if non-NULL, the number of output bytes is written here.
 *   header: the 13-byte, TLS record header.
 *   data: the record data itself, less any preceeding explicit IV.
 *   data_plus_mac_size: the secret, reported length of the data and MAC
 *     once the padding has been removed.
 *   data_plus_mac_plus_padding_size: the public length of the whole
 *     record, including padding.
 *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
 *
 * On entry: by virtue of having been through one of the remove_padding
 * functions, above, we know that data_plus_mac_size is large enough to contain
 * a padding byte and MAC. (If the padding was invalid, it might contain the
 * padding too. ) */

int
ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
    size_t* md_out_size, const unsigned char header[13],
    const unsigned char *data, size_t data_plus_mac_size,
    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
    unsigned mac_secret_length, char is_sslv3)
{
	union {	double align;






		unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
	} md_state;
	void (*md_final_raw)(void *ctx, unsigned char *md_out);
	void (*md_transform)(void *ctx, const unsigned char *block);
	unsigned md_size, md_block_size = 64;
	unsigned sslv3_pad_length = 40, header_length, variance_blocks,
	len, max_mac_bytes, num_blocks,
	num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
	unsigned int bits;	/* at most 18 bits */
	unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
	/* hmac_pad is the masked HMAC key. */
	unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
	unsigned char first_block[MAX_HASH_BLOCK_SIZE];







<











<
<











>
>
|
>
>
|



















|












<




|
>





|

|
>
>
>
>
>
>





|







299
300
301
302
303
304
305

306
307
308
309
310
311
312
313
314
315
316


317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365

366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
	SHA_CTX *sha1 = ctx;
	l2n(sha1->h0, md_out);
	l2n(sha1->h1, md_out);
	l2n(sha1->h2, md_out);
	l2n(sha1->h3, md_out);
	l2n(sha1->h4, md_out);
}


static void
tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
{
	SHA256_CTX *sha256 = ctx;
	unsigned i;

	for (i = 0; i < 8; i++) {
		l2n(sha256->h[i], md_out);
	}
}



static void
tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
{
	SHA512_CTX *sha512 = ctx;
	unsigned i;

	for (i = 0; i < 8; i++) {
		l2n8(sha512->h[i], md_out);
	}
}

/* Largest hash context ever used by the functions above. */
#define LARGEST_DIGEST_CTX SHA512_CTX

/* Type giving the alignment needed by the above */
#define LARGEST_DIGEST_CTX_ALIGNMENT SHA_LONG64

/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
 * which ssl3_cbc_digest_record supports. */
char
ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
{
	switch (EVP_MD_CTX_type(ctx)) {
	case NID_md5:
	case NID_sha1:
	case NID_sha224:
	case NID_sha256:
	case NID_sha384:
	case NID_sha512:
		return 1;
	default:
		return 0;
	}
}

/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded TLS
 * record.
 *
 *   ctx: the EVP_MD_CTX from which we take the hash function.
 *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
 *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
 *   md_out_size: if non-NULL, the number of output bytes is written here.
 *   header: the 13-byte, TLS record header.
 *   data: the record data itself, less any preceeding explicit IV.
 *   data_plus_mac_size: the secret, reported length of the data and MAC
 *     once the padding has been removed.
 *   data_plus_mac_plus_padding_size: the public length of the whole
 *     record, including padding.

 *
 * On entry: by virtue of having been through one of the remove_padding
 * functions, above, we know that data_plus_mac_size is large enough to contain
 * a padding byte and MAC. (If the padding was invalid, it might contain the
 * padding too. )
 */
int
ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
    size_t* md_out_size, const unsigned char header[13],
    const unsigned char *data, size_t data_plus_mac_size,
    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
    unsigned mac_secret_length)
{
	union {
		/*
		 * Alignment here is to allow this to be cast as SHA512_CTX
		 * without losing alignment required by the 64-bit SHA_LONG64
		 * integer it contains.
		 */
		LARGEST_DIGEST_CTX_ALIGNMENT align;
		unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
	} md_state;
	void (*md_final_raw)(void *ctx, unsigned char *md_out);
	void (*md_transform)(void *ctx, const unsigned char *block);
	unsigned md_size, md_block_size = 64;
	unsigned header_length, variance_blocks,
	len, max_mac_bytes, num_blocks,
	num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
	unsigned int bits;	/* at most 18 bits */
	unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
	/* hmac_pad is the masked HMAC key. */
	unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
	unsigned char first_block[MAX_HASH_BLOCK_SIZE];
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417

	switch (EVP_MD_CTX_type(ctx)) {
	case NID_md5:
		MD5_Init((MD5_CTX*)md_state.c);
		md_final_raw = tls1_md5_final_raw;
		md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
		md_size = 16;
		sslv3_pad_length = 48;
		length_is_big_endian = 0;
		break;
	case NID_sha1:
		SHA1_Init((SHA_CTX*)md_state.c);
		md_final_raw = tls1_sha1_final_raw;
		md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
		md_size = 20;







<







410
411
412
413
414
415
416

417
418
419
420
421
422
423

	switch (EVP_MD_CTX_type(ctx)) {
	case NID_md5:
		MD5_Init((MD5_CTX*)md_state.c);
		md_final_raw = tls1_md5_final_raw;
		md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
		md_size = 16;

		length_is_big_endian = 0;
		break;
	case NID_sha1:
		SHA1_Init((SHA_CTX*)md_state.c);
		md_final_raw = tls1_sha1_final_raw;
		md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
		md_size = 20;
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
	}

	OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
	OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);

	header_length = 13;
	if (is_sslv3) {
		header_length = mac_secret_length + sslv3_pad_length +
		    8 /* sequence number */ +
		    1 /* record type */ +
		    2 /* record length */;
	}

	/* variance_blocks is the number of blocks of the hash that we have to
	 * calculate in constant time because they could be altered by the
	 * padding value.
	 *
	 * In SSLv3, the padding must be minimal so the end of the plaintext
	 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
	 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
	 * termination (0x80 + 64-bit length) don't fit in the final block, we
	 * say that the final two blocks can vary based on the padding.
	 *
	 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
	 * required to be minimal. Therefore we say that the final six blocks
	 * can vary based on the padding.
	 *
	 * Later in the function, if the message is short and there obviously
	 * cannot be this many blocks then variance_blocks can be reduced. */
	variance_blocks = is_sslv3 ? 2 : 6;
	/* From now on we're dealing with the MAC, which conceptually has 13
	 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
	 * (SSLv3) */
	len = data_plus_mac_plus_padding_size + header_length;
	/* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
	* |header|, assuming that there's no padding. */
	max_mac_bytes = len - md_size - 1;
	/* num_blocks is the maximum number of hash blocks. */
	num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
	/* In order to calculate the MAC in constant time we have to handle







<
<
<
<
<
<





<
<
<
<
<
<






|

|
<







461
462
463
464
465
466
467






468
469
470
471
472






473
474
475
476
477
478
479
480
481

482
483
484
485
486
487
488
	}

	OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
	OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);

	header_length = 13;







	/* variance_blocks is the number of blocks of the hash that we have to
	 * calculate in constant time because they could be altered by the
	 * padding value.
	 *






	 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
	 * required to be minimal. Therefore we say that the final six blocks
	 * can vary based on the padding.
	 *
	 * Later in the function, if the message is short and there obviously
	 * cannot be this many blocks then variance_blocks can be reduced. */
	variance_blocks = 6;
	/* From now on we're dealing with the MAC, which conceptually has 13
	 * bytes of `header' before the start of the data (TLS) */

	len = data_plus_mac_plus_padding_size + header_length;
	/* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
	* |header|, assuming that there's no padding. */
	max_mac_bytes = len - md_size - 1;
	/* num_blocks is the maximum number of hash blocks. */
	num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
	/* In order to calculate the MAC in constant time we have to handle
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
	/* index_a is the hash block number that contains the 0x80 terminating
	 * value. */
	index_a = mac_end_offset / md_block_size;
	/* index_b is the hash block number that contains the 64-bit hash
	 * length, in bits. */
	index_b = (mac_end_offset + md_length_size) / md_block_size;
	/* bits is the hash-length in bits. It includes the additional hash
	 * block for the masked HMAC key, or whole of |header| in the case of
	 * SSLv3. */

	/* For SSLv3, if we're going to have any starting blocks then we need
	 * at least two because the header is larger than a single block. */
	if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
		num_starting_blocks = num_blocks - variance_blocks;
		k = md_block_size*num_starting_blocks;
	}

	bits = 8*mac_end_offset;
	if (!is_sslv3) {
		/* Compute the initial HMAC block. For SSLv3, the padding and
		 * secret bytes are included in |header| because they take more
		 * than a single block. */
		bits += 8*md_block_size;
		memset(hmac_pad, 0, md_block_size);
		OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
		memcpy(hmac_pad, mac_secret, mac_secret_length);
		for (i = 0; i < md_block_size; i++)
			hmac_pad[i] ^= 0x36;

		md_transform(md_state.c, hmac_pad);
	}

	if (length_is_big_endian) {
		memset(length_bytes, 0, md_length_size - 4);
		length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
		length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
		length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
		length_bytes[md_length_size - 1] = (unsigned char)bits;
	} else {
		memset(length_bytes, 0, md_length_size);
		length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
		length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
		length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
		length_bytes[md_length_size - 8] = (unsigned char)bits;
	}

	if (k > 0) {
		if (is_sslv3) {
			/* The SSLv3 header is larger than a single block.
			 * overhang is the number of bytes beyond a single
			 * block that the header consumes: either 7 bytes
			 * (SHA1) or 11 bytes (MD5). */
			unsigned overhang = header_length - md_block_size;
			md_transform(md_state.c, header);
			memcpy(first_block, header + md_block_size, overhang);
			memcpy(first_block + overhang, data, md_block_size - overhang);
			md_transform(md_state.c, first_block);
			for (i = 1; i < k/md_block_size - 1; i++)
				md_transform(md_state.c, data + md_block_size*i - overhang);
		} else {
			/* k is a multiple of md_block_size. */
			memcpy(first_block, header, 13);
			memcpy(first_block + 13, data, md_block_size - 13);
			md_transform(md_state.c, first_block);
			for (i = 1; i < k/md_block_size; i++)
				md_transform(md_state.c, data + md_block_size*i - 13);
		}
	}

	memset(mac_out, 0, sizeof(mac_out));

	/* We now process the final hash blocks. For each block, we construct
	 * it in constant time. If the |i==index_a| then we'll include the 0x80
	 * bytes and zero pad etc. For each block we selectively copy it, in







|
<

<
<
|





<
|
<
<
|
|
|
|
|
|

|
<
















<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
|
|
|
|
<







504
505
506
507
508
509
510
511

512


513
514
515
516
517
518

519


520
521
522
523
524
525
526
527

528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543













544
545
546
547
548
549

550
551
552
553
554
555
556
	/* index_a is the hash block number that contains the 0x80 terminating
	 * value. */
	index_a = mac_end_offset / md_block_size;
	/* index_b is the hash block number that contains the 64-bit hash
	 * length, in bits. */
	index_b = (mac_end_offset + md_length_size) / md_block_size;
	/* bits is the hash-length in bits. It includes the additional hash
	 * block for the masked HMAC key. */




	if (num_blocks > variance_blocks) {
		num_starting_blocks = num_blocks - variance_blocks;
		k = md_block_size*num_starting_blocks;
	}

	bits = 8*mac_end_offset;

	/* Compute the initial HMAC block. */


	bits += 8*md_block_size;
	memset(hmac_pad, 0, md_block_size);
	OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
	memcpy(hmac_pad, mac_secret, mac_secret_length);
	for (i = 0; i < md_block_size; i++)
		hmac_pad[i] ^= 0x36;

	md_transform(md_state.c, hmac_pad);


	if (length_is_big_endian) {
		memset(length_bytes, 0, md_length_size - 4);
		length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
		length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
		length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
		length_bytes[md_length_size - 1] = (unsigned char)bits;
	} else {
		memset(length_bytes, 0, md_length_size);
		length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
		length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
		length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
		length_bytes[md_length_size - 8] = (unsigned char)bits;
	}

	if (k > 0) {













		/* k is a multiple of md_block_size. */
		memcpy(first_block, header, 13);
		memcpy(first_block + 13, data, md_block_size - 13);
		md_transform(md_state.c, first_block);
		for (i = 1; i < k/md_block_size; i++)
			md_transform(md_state.c, data + md_block_size*i - 13);

	}

	memset(mac_out, 0, sizeof(mac_out));

	/* We now process the final hash blocks. For each block, we construct
	 * it in constant time. If the |i==index_a| then we'll include the 0x80
	 * bytes and zero pad etc. For each block we selectively copy it, in
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
	}

	EVP_MD_CTX_init(&md_ctx);
	if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) {
		EVP_MD_CTX_cleanup(&md_ctx);
		return 0;
	}
	if (is_sslv3) {
		/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
		memset(hmac_pad, 0x5c, sslv3_pad_length);

		EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
		EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
	} else {
		/* Complete the HMAC in the standard manner. */
		for (i = 0; i < md_block_size; i++)
			hmac_pad[i] ^= 0x6a;

		EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
	}
	EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
	if (md_out_size)
		*md_out_size = md_out_size_u;
	EVP_MD_CTX_cleanup(&md_ctx);

	return 1;
}







<
<
<

<
<
<
<
|
|
|

|
|
|







600
601
602
603
604
605
606



607




608
609
610
611
612
613
614
615
616
617
618
619
620
621
	}

	EVP_MD_CTX_init(&md_ctx);
	if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) {
		EVP_MD_CTX_cleanup(&md_ctx);
		return 0;
	}








	/* Complete the HMAC in the standard manner. */
	for (i = 0; i < md_block_size; i++)
		hmac_pad[i] ^= 0x6a;

	EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
	EVP_DigestUpdate(&md_ctx, mac_out, md_size);

	EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
	if (md_out_size)
		*md_out_size = md_out_size_u;
	EVP_MD_CTX_cleanup(&md_ctx);

	return 1;
}
Deleted jni/libressl/ssl/s3_clnt.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
/* $OpenBSD: s3_clnt.c,v 1.137 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * ECC cipher suite support in OpenSSL originally written by
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */

#include <limits.h>
#include <stdint.h>
#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/bn.h>
#include <openssl/buffer.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>

#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_GOST
#include <openssl/gost.h>
#endif

#include "bytestring.h"

static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);

int
ssl3_connect(SSL *s)
{
	void   (*cb)(const SSL *ssl, int type, int val) = NULL;
	int	 ret = -1;
	int	 new_state, state, skip = 0;

	ERR_clear_error();
	errno = 0;

	if (s->info_callback != NULL)
		cb = s->info_callback;
	else if (s->ctx->info_callback != NULL)
		cb = s->ctx->info_callback;

	s->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	for (;;) {
		state = s->state;

		switch (s->state) {
		case SSL_ST_RENEGOTIATE:
			s->renegotiate = 1;
			s->state = SSL_ST_CONNECT;
			s->ctx->stats.sess_connect_renegotiate++;
			/* break */
		case SSL_ST_BEFORE:
		case SSL_ST_CONNECT:
		case SSL_ST_BEFORE|SSL_ST_CONNECT:
		case SSL_ST_OK|SSL_ST_CONNECT:

			s->server = 0;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version & 0xff00 ) != 0x0300) {
				SSLerr(SSL_F_SSL3_CONNECT,
				    ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}

			/* s->version=SSL3_VERSION; */
			s->type = SSL_ST_CONNECT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl_init_wbio_buffer(s, 0)) {
				ret = -1;
				goto end;
			}

			/* don't push the buffering BIO quite yet */

			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}

			s->state = SSL3_ST_CW_CLNT_HELLO_A;
			s->ctx->stats.sess_connect++;
			s->init_num = 0;
			break;

		case SSL3_ST_CW_CLNT_HELLO_A:
		case SSL3_ST_CW_CLNT_HELLO_B:

			s->shutdown = 0;
			ret = ssl3_client_hello(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_SRVR_HELLO_A;
			s->init_num = 0;

			/* turn on buffering for the next lot of output */
			if (s->bbio != s->wbio)
				s->wbio = BIO_push(s->bbio, s->wbio);

			break;

		case SSL3_ST_CR_SRVR_HELLO_A:
		case SSL3_ST_CR_SRVR_HELLO_B:
			ret = ssl3_get_server_hello(s);
			if (ret <= 0)
				goto end;

			if (s->hit) {
				s->state = SSL3_ST_CR_FINISHED_A;
				if (s->tlsext_ticket_expected) {
					/* receive renewed session ticket */
					s->state = SSL3_ST_CR_SESSION_TICKET_A;
				}
			} else
				s->state = SSL3_ST_CR_CERT_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_A:
		case SSL3_ST_CR_CERT_B:
			ret = ssl3_check_finished(s);
			if (ret <= 0)
				goto end;
			if (ret == 2) {
				s->hit = 1;
				if (s->tlsext_ticket_expected)
					s->state = SSL3_ST_CR_SESSION_TICKET_A;
				else
					s->state = SSL3_ST_CR_FINISHED_A;
				s->init_num = 0;
				break;
			}
			/* Check if it is anon DH/ECDH. */
			if (!(s->s3->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				ret = ssl3_get_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->tlsext_status_expected)
					s->state = SSL3_ST_CR_CERT_STATUS_A;
				else
					s->state = SSL3_ST_CR_KEY_EXCH_A;
			} else {
				skip = 1;
				s->state = SSL3_ST_CR_KEY_EXCH_A;
			}
			s->init_num = 0;
			break;

		case SSL3_ST_CR_KEY_EXCH_A:
		case SSL3_ST_CR_KEY_EXCH_B:
			ret = ssl3_get_key_exchange(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_CERT_REQ_A;
			s->init_num = 0;

			/*
			 * At this point we check that we have the
			 * required stuff from the server.
			 */
			if (!ssl3_check_cert_and_algorithm(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_CR_CERT_REQ_A:
		case SSL3_ST_CR_CERT_REQ_B:
			ret = ssl3_get_certificate_request(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_SRVR_DONE_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_SRVR_DONE_A:
		case SSL3_ST_CR_SRVR_DONE_B:
			ret = ssl3_get_server_done(s);
			if (ret <= 0)
				goto end;
			if (s->s3->tmp.cert_req)
				s->state = SSL3_ST_CW_CERT_A;
			else
				s->state = SSL3_ST_CW_KEY_EXCH_A;
			s->init_num = 0;

			break;

		case SSL3_ST_CW_CERT_A:
		case SSL3_ST_CW_CERT_B:
		case SSL3_ST_CW_CERT_C:
		case SSL3_ST_CW_CERT_D:
			ret = ssl3_send_client_certificate(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CW_KEY_EXCH_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CW_KEY_EXCH_A:
		case SSL3_ST_CW_KEY_EXCH_B:
			ret = ssl3_send_client_key_exchange(s);
			if (ret <= 0)
				goto end;
			/*
			 * EAY EAY EAY need to check for DH fix cert
			 * sent back
			 */
			/*
			 * For TLS, cert_req is set to 2, so a cert chain
			 * of nothing is sent, but no verify packet is sent
			 */
			/*
			 * XXX: For now, we do not support client
			 * authentication in ECDH cipher suites with
			 * ECDH (rather than ECDSA) certificates.
			 * We need to skip the certificate verify
			 * message when client's ECDH public key is sent
			 * inside the client certificate.
			 */
			if (s->s3->tmp.cert_req == 1) {
				s->state = SSL3_ST_CW_CERT_VRFY_A;
			} else {
				s->state = SSL3_ST_CW_CHANGE_A;
				s->s3->change_cipher_spec = 0;
			}
			if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
				s->state = SSL3_ST_CW_CHANGE_A;
				s->s3->change_cipher_spec = 0;
			}

			s->init_num = 0;
			break;

		case SSL3_ST_CW_CERT_VRFY_A:
		case SSL3_ST_CW_CERT_VRFY_B:
			ret = ssl3_send_client_verify(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CW_CHANGE_A;
			s->init_num = 0;
			s->s3->change_cipher_spec = 0;
			break;

		case SSL3_ST_CW_CHANGE_A:
		case SSL3_ST_CW_CHANGE_B:
			ret = ssl3_send_change_cipher_spec(s,
			SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
			if (ret <= 0)
				goto end;

			if (s->s3->next_proto_neg_seen)
				s->state = SSL3_ST_CW_NEXT_PROTO_A;
			else
				s->state = SSL3_ST_CW_FINISHED_A;
			s->init_num = 0;

			s->session->cipher = s->s3->tmp.new_cipher;
			if (!s->method->ssl3_enc->setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			if (!s->method->ssl3_enc->change_cipher_state(s,
			    SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
				ret = -1;
				goto end;
			}

			break;

		case SSL3_ST_CW_NEXT_PROTO_A:
		case SSL3_ST_CW_NEXT_PROTO_B:
			ret = ssl3_send_next_proto(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CW_FINISHED_A;
			break;

		case SSL3_ST_CW_FINISHED_A:
		case SSL3_ST_CW_FINISHED_B:
			ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
			    SSL3_ST_CW_FINISHED_B,
			    s->method->ssl3_enc->client_finished_label,
			    s->method->ssl3_enc->client_finished_label_len);
			if (ret <= 0)
				goto end;
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
			s->state = SSL3_ST_CW_FLUSH;

			/* clear flags */
			s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
			if (s->hit) {
				s->s3->tmp.next_state = SSL_ST_OK;
				if (s->s3->flags &
				    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
					s->state = SSL_ST_OK;
					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
					s->s3->delay_buf_pop_ret = 0;
				}
			} else {
				/* Allow NewSessionTicket if ticket expected */
				if (s->tlsext_ticket_expected)
					s->s3->tmp.next_state =
					    SSL3_ST_CR_SESSION_TICKET_A;
				else

				s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
			}
			s->init_num = 0;
			break;

		case SSL3_ST_CR_SESSION_TICKET_A:
		case SSL3_ST_CR_SESSION_TICKET_B:
			ret = ssl3_get_new_session_ticket(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_FINISHED_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_STATUS_A:
		case SSL3_ST_CR_CERT_STATUS_B:
			ret = ssl3_get_cert_status(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_CR_KEY_EXCH_A;
			s->init_num = 0;
			break;

		case SSL3_ST_CR_FINISHED_A:
		case SSL3_ST_CR_FINISHED_B:
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
			ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
			    SSL3_ST_CR_FINISHED_B);
			if (ret <= 0)
				goto end;

			if (s->hit)
				s->state = SSL3_ST_CW_CHANGE_A;
			else
				s->state = SSL_ST_OK;
			s->init_num = 0;
			break;

		case SSL3_ST_CW_FLUSH:
			s->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				ret = -1;
				goto end;
			}
			s->rwstate = SSL_NOTHING;
			s->state = s->s3->tmp.next_state;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			if (s->init_buf != NULL) {
				BUF_MEM_free(s->init_buf);
				s->init_buf = NULL;
			}

			/*
			 * If we are not 'joining' the last two packets,
			 * remove the buffering now
			 */
			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
				ssl_free_wbio_buffer(s);
			/* else do it later in ssl3_write */

			s->init_num = 0;
			s->renegotiate = 0;
			s->new_session = 0;

			ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
			if (s->hit)
				s->ctx->stats.sess_hit++;

			ret = 1;
			/* s->server=0; */
			s->handshake_func = ssl3_connect;
			s->ctx->stats.sess_connect_good++;

			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_DONE, 1);

			goto end;
			/* break; */

		default:
			SSLerr(SSL_F_SSL3_CONNECT,
			    SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		/* did we do anything */
		if (!s->s3->tmp.reuse_message && !skip) {
			if (s->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}

			if ((cb != NULL) && (s->state != state)) {
				new_state = s->state;
				s->state = state;
				cb(s, SSL_CB_CONNECT_LOOP, 1);
				s->state = new_state;
			}
		}
		skip = 0;
	}

end:
	s->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_CONNECT_EXIT, ret);

	return (ret);
}

int
ssl3_client_hello(SSL *s)
{
	unsigned char	*bufend, *p, *d;
	int		 i;

	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
		SSL_SESSION *sess = s->session;

		if ((sess == NULL) ||
		    (sess->ssl_version != s->version) ||
		    (!sess->session_id_length && !sess->tlsext_tick) ||
		    (sess->not_resumable)) {
			if (!ssl_get_new_session(s, 0))
				goto err;
		}
		/* else use the pre-loaded session */

		/*
		 * If a DTLS ClientHello message is being resent after a
		 * HelloVerifyRequest, we must retain the original client
		 * random value.
		 */
		if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0)
			arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);

		d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);

		/*
		 * Version indicates the negotiated version: for example from
		 * an SSLv2/v3 compatible client hello). The client_version
		 * field is the maximum version we permit and it is also
		 * used in RSA encrypted premaster secrets. Some servers can
		 * choke if we initially report a higher version then
		 * renegotiate to a lower one in the premaster secret. This
		 * didn't happen with TLS 1.0 as most servers supported it
		 * but it can with TLS 1.1 or later if the server only supports
		 * 1.0.
		 *
		 * Possible scenario with previous logic:
		 * 	1. Client hello indicates TLS 1.2
		 * 	2. Server hello says TLS 1.0
		 *	3. RSA encrypted premaster secret uses 1.2.
		 * 	4. Handhaked proceeds using TLS 1.0.
		 *	5. Server sends hello request to renegotiate.
		 *	6. Client hello indicates TLS v1.0 as we now
		 *	   know that is maximum server supports.
		 *	7. Server chokes on RSA encrypted premaster secret
		 *	   containing version 1.0.
		 *
		 * For interoperability it should be OK to always use the
		 * maximum version we support in client hello and then rely
		 * on the checking of version to ensure the servers isn't
		 * being inconsistent: for example initially negotiating with
		 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
		 * client_version in client hello and not resetting it to
		 * the negotiated version.
		 */
		*(p++) = s->client_version >> 8;
		*(p++) = s->client_version & 0xff;

		/* Random stuff */
		memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
		p += SSL3_RANDOM_SIZE;

		/* Session ID */
		if (s->new_session)
			i = 0;
		else
			i = s->session->session_id_length;
		*(p++) = i;
		if (i != 0) {
			if (i > (int)sizeof(s->session->session_id)) {
				SSLerr(SSL_F_SSL3_CLIENT_HELLO,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}
			memcpy(p, s->session->session_id, i);
			p += i;
		}

		/* DTLS Cookie. */
		if (SSL_IS_DTLS(s)) {
			if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
				SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}
			*(p++) = s->d1->cookie_len;
			memcpy(p, s->d1->cookie, s->d1->cookie_len);
			p += s->d1->cookie_len;
		}

		/* Ciphers supported */
		i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
		if (i == 0) {
			SSLerr(SSL_F_SSL3_CLIENT_HELLO,
			    SSL_R_NO_CIPHERS_AVAILABLE);
			goto err;
		}
		s2n(i, p);
		p += i;

		/* add in (no) COMPRESSION */
		*(p++) = 1;
		*(p++) = 0; /* Add the NULL method */

		/* TLS extensions*/
		bufend = (unsigned char *)s->init_buf->data +
		    SSL3_RT_MAX_PLAIN_LENGTH;
		if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
			SSLerr(SSL_F_SSL3_CLIENT_HELLO,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}

		ssl3_handshake_msg_finish(s, p - d);

		s->state = SSL3_ST_CW_CLNT_HELLO_B;
	}

	/* SSL3_ST_CW_CLNT_HELLO_B */
	return (ssl3_handshake_write(s));

err:
	return (-1);
}

int
ssl3_get_server_hello(SSL *s)
{
	STACK_OF(SSL_CIPHER)	*sk;
	const SSL_CIPHER	*c;
	unsigned char		*p, *q, *d;
	int			 i, al, ok;
	unsigned int		 j;
	uint16_t		 cipher_value;
	long			 n;
	unsigned long		 alg_k;

	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
	    SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);

	if (!ok)
		return ((int)n);

	if (SSL_IS_DTLS(s)) {
		if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
			if (s->d1->send_cookie == 0) {
				s->s3->tmp.reuse_message = 1;
				return (1);
			} else {
				/* Already sent a cookie. */
				al = SSL_AD_UNEXPECTED_MESSAGE;
				SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
				    SSL_R_BAD_MESSAGE_TYPE);
				goto f_err;
			}
		}
	}

	if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_BAD_MESSAGE_TYPE);
		goto f_err;
	}

	d = p = (unsigned char *)s->init_msg;

	if (2 > n)
		goto truncated;
	if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
		s->version = (s->version&0xff00) | p[1];
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
	}
	p += 2;

	/* load the server hello data */

	if (p + SSL3_RANDOM_SIZE + 1 - d > n)
		goto truncated;

	/* load the server random */
	memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
	p += SSL3_RANDOM_SIZE;

	/* get the session-id */
	j = *(p++);

	if ((j > sizeof s->session->session_id) ||
	    (j > SSL3_SESSION_ID_SIZE)) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_SSL3_SESSION_ID_TOO_LONG);
		goto f_err;
	}

	if (p + j + 2 - d > n)
		goto truncated;

	/* Get the cipher value. */
	q = p + j;
	n2s(q, cipher_value);

	/*
	 * Check if we want to resume the session based on external
	 * pre-shared secret
	 */
	if (s->tls_session_secret_cb) {
		SSL_CIPHER *pref_cipher = NULL;
		s->session->master_key_length = sizeof(s->session->master_key);
		if (s->tls_session_secret_cb(s, s->session->master_key,
		    &s->session->master_key_length, NULL, &pref_cipher,
		    s->tls_session_secret_cb_arg)) {
			s->session->cipher = pref_cipher ? pref_cipher :
			    ssl3_get_cipher_by_value(cipher_value);
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
		}
	}

	if (j != 0 && j == s->session->session_id_length &&
	    timingsafe_memcmp(p, s->session->session_id, j) == 0) {
		if (s->sid_ctx_length != s->session->sid_ctx_length ||
		    timingsafe_memcmp(s->session->sid_ctx,
		    s->sid_ctx, s->sid_ctx_length) != 0) {
			/* actually a client application bug */
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
			    SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
			goto f_err;
		}
		s->s3->flags |= SSL3_FLAGS_CCS_OK;
		s->hit = 1;
	} else {
		/* a miss or crap from the other end */

		/* If we were trying for session-id reuse, make a new
		 * SSL_SESSION so we don't stuff up other people */
		s->hit = 0;
		if (s->session->session_id_length > 0) {
			if (!ssl_get_new_session(s, 0)) {
				al = SSL_AD_INTERNAL_ERROR;
				goto f_err;
			}
		}
		s->session->session_id_length = j;
		memcpy(s->session->session_id, p, j); /* j could be 0 */
	}
	p += j;

	if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) {
		/* unknown cipher */
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_UNKNOWN_CIPHER_RETURNED);
		goto f_err;
	}

	/* TLS v1.2 only ciphersuites require v1.2 or later */
	if ((c->algorithm_ssl & SSL_TLSV1_2) &&
	    (TLS1_get_version(s) < TLS1_2_VERSION)) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_WRONG_CIPHER_RETURNED);
		goto f_err;
	}
	p += SSL3_CIPHER_VALUE_SIZE;

	sk = ssl_get_ciphers_by_id(s);
	i = sk_SSL_CIPHER_find(sk, c);
	if (i < 0) {
		/* we did not say we would use this cipher */
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_WRONG_CIPHER_RETURNED);
		goto f_err;
	}

	/*
	 * Depending on the session caching (internal/external), the cipher
	 * and/or cipher_id values may not be set. Make sure that
	 * cipher_id is set and use it for comparison.
	 */
	if (s->session->cipher)
		s->session->cipher_id = s->session->cipher->id;
	if (s->hit && (s->session->cipher_id != c->id)) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
		goto f_err;
	}
	s->s3->tmp.new_cipher = c;
	/*
	 * Don't digest cached records if no sigalgs: we may need them for
	 * client authentication.
	 */
	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
	    !tls1_digest_cached_records(s)) {
		al = SSL_AD_INTERNAL_ERROR;
		goto f_err;
	}
	/* lets get the compression algorithm */
	/* COMPRESSION */
	if (p + 1 - d > n)
		goto truncated;
	if (*(p++) != 0) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
		    SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
		goto f_err;
	}

	/* TLS extensions*/
	if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
		/* 'al' set by ssl_parse_serverhello_tlsext */
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
		goto f_err;
	}
	if (ssl_check_serverhello_tlsext(s) <= 0) {
		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
		goto err;
	}

	if (p != d + n)
		goto truncated;

	return (1);

truncated:
	/* wrong packet length */
	al = SSL_AD_DECODE_ERROR;
	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
ssl3_get_server_certificate(SSL *s)
{
	int			 al, i, ok, ret = -1;
	long			 n;
	CBS			 cbs, cert_list;
	X509			*x = NULL;
	const unsigned char	*q;
	STACK_OF(X509)		*sk = NULL;
	SESS_CERT		*sc;
	EVP_PKEY		*pkey = NULL;

	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
	    SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
		s->s3->tmp.reuse_message = 1;
		return (1);
	}

	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    SSL_R_BAD_MESSAGE_TYPE);
		goto f_err;
	}


	if ((sk = sk_X509_new_null()) == NULL) {
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (n < 0)
		goto truncated;

	CBS_init(&cbs, s->init_msg, n);
	if (CBS_len(&cbs) < 3)
		goto truncated;

	if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
	    CBS_len(&cbs) != 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	while (CBS_len(&cert_list) > 0) {
		CBS cert;

		if (CBS_len(&cert_list) < 3)
			goto truncated;
		if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
			    SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}

		q = CBS_data(&cert);
		x = d2i_X509(NULL, &q, CBS_len(&cert));
		if (x == NULL) {
			al = SSL_AD_BAD_CERTIFICATE;
			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
			    ERR_R_ASN1_LIB);
			goto f_err;
		}
		if (q != CBS_data(&cert) + CBS_len(&cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
			    SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}
		if (!sk_X509_push(sk, x)) {
			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		x = NULL;
	}

	i = ssl_verify_cert_chain(s, sk);
	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
		al = ssl_verify_alarm_type(s->verify_result);
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    SSL_R_CERTIFICATE_VERIFY_FAILED);
		goto f_err;

	}
	ERR_clear_error(); /* but we keep s->verify_result */

	sc = ssl_sess_cert_new();
	if (sc == NULL)
		goto err;
	if (s->session->sess_cert)
		ssl_sess_cert_free(s->session->sess_cert);
	s->session->sess_cert = sc;

	sc->cert_chain = sk;
	/*
	 * Inconsistency alert: cert_chain does include the peer's
	 * certificate, which we don't include in s3_srvr.c
	 */
	x = sk_X509_value(sk, 0);
	sk = NULL;
	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/

	pkey = X509_get_pubkey(x);

	if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
		x = NULL;
		al = SSL3_AL_FATAL;
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
		goto f_err;
	}

	i = ssl_cert_type(x, pkey);
	if (i < 0) {
		x = NULL;
		al = SSL3_AL_FATAL;
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		goto f_err;
	}

	sc->peer_cert_type = i;
	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	/*
	 * Why would the following ever happen?
	 * We just created sc a couple of lines ago.
	 */
	X509_free(sc->peer_pkeys[i].x509);
	sc->peer_pkeys[i].x509 = x;
	sc->peer_key = &(sc->peer_pkeys[i]);

	X509_free(s->session->peer);
	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	s->session->peer = x;
	s->session->verify_result = s->verify_result;

	x = NULL;
	ret = 1;

	if (0) {
truncated:
		/* wrong packet length */
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
		    SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
err:
	EVP_PKEY_free(pkey);
	X509_free(x);
	sk_X509_pop_free(sk, X509_free);
	return (ret);
}

int
ssl3_get_key_exchange(SSL *s)
{
	unsigned char	*q, md_buf[EVP_MAX_MD_SIZE*2];
	EVP_MD_CTX	 md_ctx;
	unsigned char	*param, *p;
	int		 al, i, j, param_len, ok;
	long		 n, alg_k, alg_a;
	EVP_PKEY	*pkey = NULL;
	const		 EVP_MD *md = NULL;
	RSA		*rsa = NULL;
	DH		*dh = NULL;
	EC_KEY		*ecdh = NULL;
	BN_CTX		*bn_ctx = NULL;
	EC_POINT	*srvr_ecpoint = NULL;
	int		 curve_nid = 0;
	int		 encoded_pt_len = 0;

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	alg_a = s->s3->tmp.new_cipher->algorithm_auth;

	/*
	 * Use same message size as in ssl3_get_certificate_request()
	 * as ServerKeyExchange message may be skipped.
	 */
	n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
	    SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
	if (!ok)
		return ((int)n);
	
	EVP_MD_CTX_init(&md_ctx);

	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
		/*
		 * Do not skip server key exchange if this cipher suite uses
		 * ephemeral keys.
		 */
		if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_UNEXPECTED_MESSAGE);
			al = SSL_AD_UNEXPECTED_MESSAGE;
			goto f_err;
		}

		s->s3->tmp.reuse_message = 1;
		EVP_MD_CTX_cleanup(&md_ctx);
		return (1);
	}

	if (s->session->sess_cert != NULL) {
		DH_free(s->session->sess_cert->peer_dh_tmp);
		s->session->sess_cert->peer_dh_tmp = NULL;

		EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
		s->session->sess_cert->peer_ecdh_tmp = NULL;
	} else {
		s->session->sess_cert = ssl_sess_cert_new();
		if (s->session->sess_cert == NULL)
			goto err;
	}

	param = p = (unsigned char *)s->init_msg;
	param_len = 0;

	if (alg_k & SSL_kDHE) {
		if ((dh = DH_new()) == NULL) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_DH_LIB);
			goto err;
		}
		if (2 > n)
			goto truncated;
		n2s(p, i);
		param_len = i + 2;
		if (param_len > n) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_BAD_DH_P_LENGTH);
			goto f_err;
		}
		if (!(dh->p = BN_bin2bn(p, i, NULL))) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_BN_LIB);
			goto err;
		}
		p += i;

		if (param_len + 2 > n)
			goto truncated;
		n2s(p, i);
		param_len += i + 2;
		if (param_len > n) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_BAD_DH_G_LENGTH);
			goto f_err;
		}
		if (!(dh->g = BN_bin2bn(p, i, NULL))) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_BN_LIB);
			goto err;
		}
		p += i;

		if (param_len + 2 > n)
			goto truncated;
		n2s(p, i);
		param_len += i + 2;
		if (param_len > n) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_BAD_DH_PUB_KEY_LENGTH);
			goto f_err;
		}
		if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_BN_LIB);
			goto err;
		}
		p += i;
		n -= param_len;

		/*
		 * Check the strength of the DH key just constructed.
		 * Discard keys weaker than 1024 bits.
		 */

		if (DH_size(dh) < 1024 / 8) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_BAD_DH_P_LENGTH);
			goto err;
		}

		if (alg_a & SSL_aRSA)
			pkey = X509_get_pubkey(
			    s->session->sess_cert->peer_pkeys[
			    SSL_PKEY_RSA_ENC].x509);
		else if (alg_a & SSL_aDSS)
			pkey = X509_get_pubkey(
			    s->session->sess_cert->peer_pkeys[
			    SSL_PKEY_DSA_SIGN].x509);
		/* else anonymous DH, so no certificate or pkey. */

		s->session->sess_cert->peer_dh_tmp = dh;
		dh = NULL;
	} else if (alg_k & SSL_kECDHE) {
		const EC_GROUP *group;
		EC_GROUP *ngroup;

		if ((ecdh = EC_KEY_new()) == NULL) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}

		/*
		 * Extract elliptic curve parameters and the
		 * server's ephemeral ECDH public key.
		 * Keep accumulating lengths of various components in
		 * param_len and make sure it never exceeds n.
		 */

		/*
		 * XXX: For now we only support named (not generic) curves
		 * and the ECParameters in this case is just three bytes.
		 */
		param_len = 3;
		if (param_len > n) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_LENGTH_TOO_SHORT);
			goto f_err;
		}

		/*
		 * Check curve is one of our preferences, if not server has
		 * sent an invalid curve.
		 */
		if (tls1_check_curve(s, p, param_len) != 1) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
			goto f_err;
		}

		if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
			al = SSL_AD_INTERNAL_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
			goto f_err;
		}

		ngroup = EC_GROUP_new_by_curve_name(curve_nid);
		if (ngroup == NULL) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_EC_LIB);
			goto err;
		}
		if (EC_KEY_set_group(ecdh, ngroup) == 0) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_EC_LIB);
			goto err;
		}
		EC_GROUP_free(ngroup);

		group = EC_KEY_get0_group(ecdh);

		p += 3;

		/* Next, get the encoded ECPoint */
		if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
		    ((bn_ctx = BN_CTX_new()) == NULL)) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (param_len + 1 > n)
			goto truncated;
		encoded_pt_len = *p;
		/* length of encoded point */
		p += 1;
		param_len += (1 + encoded_pt_len);
		if ((param_len > n) || (EC_POINT_oct2point(group, srvr_ecpoint,
		    p, encoded_pt_len, bn_ctx) == 0)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_BAD_ECPOINT);
			goto f_err;
		}

		n -= param_len;
		p += encoded_pt_len;

		/*
		 * The ECC/TLS specification does not mention the use
		 * of DSA to sign ECParameters in the server key
		 * exchange message. We do support RSA and ECDSA.
		 */
		if (alg_a & SSL_aRSA)
			pkey = X509_get_pubkey(
			    s->session->sess_cert->peer_pkeys[
			    SSL_PKEY_RSA_ENC].x509);
		else if (alg_a & SSL_aECDSA)
			pkey = X509_get_pubkey(
			    s->session->sess_cert->peer_pkeys[
			    SSL_PKEY_ECC].x509);
		/* Else anonymous ECDH, so no certificate or pkey. */
		EC_KEY_set_public_key(ecdh, srvr_ecpoint);
		s->session->sess_cert->peer_ecdh_tmp = ecdh;
		ecdh = NULL;
		BN_CTX_free(bn_ctx);
		bn_ctx = NULL;
		EC_POINT_free(srvr_ecpoint);
		srvr_ecpoint = NULL;
	} else if (alg_k) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
		    SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
	}

	/* p points to the next byte, there are 'n' bytes left */

	/* if it was signed, check the signature */
	if (pkey != NULL) {
		if (SSL_USE_SIGALGS(s)) {
			int sigalg = tls12_get_sigid(pkey);
			/* Should never happen */
			if (sigalg == -1) {
				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}
			/*
			 * Check key type is consistent
			 * with signature
			 */
			if (2 > n)
				goto truncated;
			if (sigalg != (int)p[1]) {
				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				    SSL_R_WRONG_SIGNATURE_TYPE);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			md = tls12_get_hash(p[0]);
			if (md == NULL) {
				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				    SSL_R_UNKNOWN_DIGEST);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			p += 2;
			n -= 2;
		} else
			md = EVP_sha1();

		if (2 > n)
			goto truncated;
		n2s(p, i);
		n -= 2;
		j = EVP_PKEY_size(pkey);

		if (i != n || n > j) {
			/* wrong packet length */
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_WRONG_SIGNATURE_LENGTH);
			goto f_err;
		}

		if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
			int num;

			j = 0;
			q = md_buf;
			for (num = 2; num > 0; num--) {
				if (!EVP_DigestInit_ex(&md_ctx,
				    (num == 2) ?  s->ctx->md5 : s->ctx->sha1,
				    NULL)) {
					al = SSL_AD_INTERNAL_ERROR;
					goto f_err;
				}
				EVP_DigestUpdate(&md_ctx,
				    s->s3->client_random,
				    SSL3_RANDOM_SIZE);
				EVP_DigestUpdate(&md_ctx,
				    s->s3->server_random,
				    SSL3_RANDOM_SIZE);
				EVP_DigestUpdate(&md_ctx, param, param_len);
				EVP_DigestFinal_ex(&md_ctx, q,
				    (unsigned int *)&i);
				q += i;
				j += i;
			}
			i = RSA_verify(NID_md5_sha1, md_buf, j,
			    p, n, pkey->pkey.rsa);
			if (i < 0) {
				al = SSL_AD_DECRYPT_ERROR;
				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				    SSL_R_BAD_RSA_DECRYPT);
				goto f_err;
			}
			if (i == 0) {
				/* bad signature */
				al = SSL_AD_DECRYPT_ERROR;
				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				    SSL_R_BAD_SIGNATURE);
				goto f_err;
			}
		} else {
			EVP_VerifyInit_ex(&md_ctx, md, NULL);
			EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
			    SSL3_RANDOM_SIZE);
			EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
			    SSL3_RANDOM_SIZE);
			EVP_VerifyUpdate(&md_ctx, param, param_len);
			if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
				/* bad signature */
				al = SSL_AD_DECRYPT_ERROR;
				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				    SSL_R_BAD_SIGNATURE);
				goto f_err;
			}
		}
	} else {
		/* aNULL does not need public keys. */
		if (!(alg_a & SSL_aNULL)) {
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}
		/* still data left over */
		if (n != 0) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
			    SSL_R_EXTRA_DATA_IN_MESSAGE);
			goto f_err;
		}
	}
	EVP_PKEY_free(pkey);
	EVP_MD_CTX_cleanup(&md_ctx);
	return (1);
truncated:
	/* wrong packet length */
	al = SSL_AD_DECODE_ERROR;
	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	EVP_PKEY_free(pkey);
	RSA_free(rsa);
	DH_free(dh);
	BN_CTX_free(bn_ctx);
	EC_POINT_free(srvr_ecpoint);
	EC_KEY_free(ecdh);
	EVP_MD_CTX_cleanup(&md_ctx);
	return (-1);
}

int
ssl3_get_certificate_request(SSL *s)
{
	int			 ok, ret = 0;
	long		 	 n;
	uint8_t			 ctype_num;
	CBS			 cert_request, ctypes, rdn_list;
	X509_NAME		*xn = NULL;
	const unsigned char	*q;
	STACK_OF(X509_NAME)	*ca_sk = NULL;

	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
	    SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	s->s3->tmp.cert_req = 0;

	if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
		s->s3->tmp.reuse_message = 1;
		/*
		 * If we get here we don't need any cached handshake records
		 * as we wont be doing client auth.
		 */
		if (s->s3->handshake_buffer) {
			if (!tls1_digest_cached_records(s))
				goto err;
		}
		return (1);
	}

	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    SSL_R_WRONG_MESSAGE_TYPE);
		goto err;
	}

	/* TLS does not like anon-DH with client cert */
	if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
		goto err;
	}

	if (n < 0)
		goto truncated;
	CBS_init(&cert_request, s->init_msg, n);

	if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* get the certificate types */
	if (!CBS_get_u8(&cert_request, &ctype_num))
		goto truncated;

	if (ctype_num > SSL3_CT_NUMBER)
		ctype_num = SSL3_CT_NUMBER;
	if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
	    !CBS_write_bytes(&ctypes, s->s3->tmp.ctype,
	    sizeof(s->s3->tmp.ctype), NULL)) {
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    SSL_R_DATA_LENGTH_TOO_LONG);
		goto err;
	}

	if (SSL_USE_SIGALGS(s)) {
		CBS sigalgs;

		if (CBS_len(&cert_request) < 2) {
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    SSL_R_DATA_LENGTH_TOO_LONG);
			goto err;
		}

		/* Check we have enough room for signature algorithms and
		 * following length value.
		 */
		if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    SSL_R_DATA_LENGTH_TOO_LONG);
			goto err;
		}
		if ((CBS_len(&sigalgs) & 1) ||
		    !tls1_process_sigalgs(s, CBS_data(&sigalgs),
		    CBS_len(&sigalgs))) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    SSL_R_SIGNATURE_ALGORITHMS_ERROR);
			goto err;
		}
	}

	/* get the CA RDNs */
	if (CBS_len(&cert_request) < 2) {
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    SSL_R_DATA_LENGTH_TOO_LONG);
		goto err;
	}

	if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
	    CBS_len(&cert_request) != 0) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    SSL_R_LENGTH_MISMATCH);
		goto err;
	}

	while (CBS_len(&rdn_list) > 0) {
		CBS rdn;

		if (CBS_len(&rdn_list) < 2) {
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    SSL_R_DATA_LENGTH_TOO_LONG);
			goto err;
		}

		if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    SSL_R_CA_DN_TOO_LONG);
			goto err;
		}

		q = CBS_data(&rdn);
		if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
			ssl3_send_alert(s, SSL3_AL_FATAL,
			    SSL_AD_DECODE_ERROR);
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    ERR_R_ASN1_LIB);
			goto err;
		}

		if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    SSL_R_CA_DN_LENGTH_MISMATCH);
			goto err;
		}
		if (!sk_X509_NAME_push(ca_sk, xn)) {
			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		xn = NULL;	/* avoid free in err block */
	}

	/* we should setup a certificate to return.... */
	s->s3->tmp.cert_req = 1;
	s->s3->tmp.ctype_num = ctype_num;
	if (s->s3->tmp.ca_names != NULL)
		sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
	s->s3->tmp.ca_names = ca_sk;
	ca_sk = NULL;

	ret = 1;
	if (0) {
truncated:
		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
		    SSL_R_BAD_PACKET_LENGTH);
	}
err:
	X509_NAME_free(xn);
	if (ca_sk != NULL)
		sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
	return (ret);
}

static int
ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
	return (X509_NAME_cmp(*a, *b));
}

int
ssl3_get_new_session_ticket(SSL *s)
{
	int			 ok, al, ret = 0;
	uint32_t		 lifetime_hint;
	long			 n;
	CBS			 cbs, session_ticket;

	n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
	    SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
	if (!ok)
		return ((int)n);

	if (s->s3->tmp.message_type == SSL3_MT_FINISHED) {
		s->s3->tmp.reuse_message = 1;
		return (1);
	}
	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
		    SSL_R_BAD_MESSAGE_TYPE);
		goto f_err;
	}

	if (n < 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
		    SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	CBS_init(&cbs, s->init_msg, n);
	if (!CBS_get_u32(&cbs, &lifetime_hint) ||
#if UINT32_MAX > LONG_MAX
	    lifetime_hint > LONG_MAX ||
#endif
	    !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
	    CBS_len(&cbs) != 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
		    SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}
	s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;

	if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
	    &s->session->tlsext_ticklen)) {
		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/*
	 * There are two ways to detect a resumed ticket sesion.
	 * One is to set an appropriate session ID and then the server
	 * must return a match in ServerHello. This allows the normal
	 * client session ID matching to work and we know much
	 * earlier that the ticket has been accepted.
	 *
	 * The other way is to set zero length session ID when the
	 * ticket is presented and rely on the handshake to determine
	 * session resumption.
	 *
	 * We choose the former approach because this fits in with
	 * assumptions elsewhere in OpenSSL. The session ID is set
	 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
	 * ticket.
	 */
	EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket),
	    s->session->session_id, &s->session->session_id_length,
	    EVP_sha256(), NULL);
	ret = 1;
	return (ret);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
ssl3_get_cert_status(SSL *s)
{
	CBS			 cert_status, response;
	size_t			 stow_len;
	int			 ok, al;
	long			 n;
	uint8_t			 status_type;

	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
	    SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
	    16384, &ok);

	if (!ok)
		return ((int)n);

	if (n < 0) {
		/* need at least status type + length */
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
		    SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	CBS_init(&cert_status, s->init_msg, n);
	if (!CBS_get_u8(&cert_status, &status_type) ||
	    CBS_len(&cert_status) < 3) {
		/* need at least status type + length */
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
		    SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	if (status_type != TLSEXT_STATUSTYPE_ocsp) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
		    SSL_R_UNSUPPORTED_STATUS_TYPE);
		goto f_err;
	}

	if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
	    CBS_len(&cert_status) != 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
		    SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
	    &stow_len) || stow_len > INT_MAX) {
		s->tlsext_ocsp_resplen = 0;
 		al = SSL_AD_INTERNAL_ERROR;
 		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
 		    ERR_R_MALLOC_FAILURE);
 		goto f_err;
 	}
	s->tlsext_ocsp_resplen = (int)stow_len;

	if (s->ctx->tlsext_status_cb) {
		int ret;
		ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
		if (ret == 0) {
			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
			SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
			    SSL_R_INVALID_STATUS_RESPONSE);
			goto f_err;
		}
		if (ret < 0) {
			al = SSL_AD_INTERNAL_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
			    ERR_R_MALLOC_FAILURE);
			goto f_err;
		}
	}
	return (1);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	return (-1);
}

int
ssl3_get_server_done(SSL *s)
{
	int	ok, ret = 0;
	long	n;

	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
	    SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
	    30, /* should be very small, like 0 :-) */ &ok);

	if (!ok)
		return ((int)n);
	if (n > 0) {
		/* should contain no data */
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
		return (-1);
	}
	ret = 1;
	return (ret);
}

static int
ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
    int *outlen)
{
	unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
	EVP_PKEY *pkey = NULL;
	unsigned char *q;
	int ret = -1;
	int n;

	pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
	if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
	    pkey->pkey.rsa == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_INTERNAL_ERROR);
		goto err;
	}

	tmp_buf[0] = s->client_version >> 8;
	tmp_buf[1] = s->client_version & 0xff;
	arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2);

	s->session->master_key_length = sizeof(tmp_buf);

	q = p;
	p += 2;

	n = RSA_public_encrypt(sizeof(tmp_buf), tmp_buf, p, pkey->pkey.rsa,
	    RSA_PKCS1_PADDING);
	if (n <= 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    SSL_R_BAD_RSA_ENCRYPT);
		goto err;
	}

	s2n(n, q);
	n += 2;

	s->session->master_key_length =
	    s->method->ssl3_enc->generate_master_secret(s,
		s->session->master_key, tmp_buf, sizeof(tmp_buf));

	*outlen = n;
	ret = 1;

err:
	explicit_bzero(tmp_buf, sizeof(tmp_buf));
	EVP_PKEY_free(pkey);

	return (ret);
}

static int
ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
    int *outlen)
{
	DH *dh_srvr = NULL, *dh_clnt = NULL;
	unsigned char *key = NULL;
	int key_size, n;
	int ret = -1;

	/* Ensure that we have an ephemeral key for DHE. */
	if (sess_cert->peer_dh_tmp == NULL) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
		goto err;
	}
	dh_srvr = sess_cert->peer_dh_tmp;

	/* Generate a new random key. */
	if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
		goto err;
	}
	if (!DH_generate_key(dh_clnt)) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
		goto err;
	}
	key_size = DH_size(dh_clnt);
	if ((key = malloc(key_size)) == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}
	n = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
	if (n <= 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
		goto err;
	}

	/* Generate master key from the result. */
	s->session->master_key_length =
	    s->method->ssl3_enc->generate_master_secret(s,
		s->session->master_key, key, n);

	/* Send off the data. */
	n = BN_num_bytes(dh_clnt->pub_key);
	s2n(n, p);
	BN_bn2bin(dh_clnt->pub_key, p);
	n += 2;

	*outlen = n;
	ret = 1;

err:
	DH_free(dh_clnt);
	if (key != NULL)
		explicit_bzero(key, key_size);
	free(key);

	return (ret);
}

static int
ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
    int *outlen)
{
	EC_KEY *tkey, *clnt_ecdh = NULL;
	const EC_GROUP *srvr_group = NULL;
	const EC_POINT *srvr_ecpoint = NULL;
	EVP_PKEY *srvr_pub_pkey = NULL;
	BN_CTX *bn_ctx = NULL;
	unsigned char *encodedPoint = NULL;
	unsigned char *key = NULL;
	unsigned long alg_k;
	int encoded_pt_len = 0;
	int key_size, n;
	int ret = -1;

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

	/* Ensure that we have an ephemeral key for ECDHE. */
	if ((alg_k & SSL_kECDHE) && sess_cert->peer_ecdh_tmp == NULL) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_INTERNAL_ERROR);
		goto err;
	}
	tkey = sess_cert->peer_ecdh_tmp;

	if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
		/* Get the Server Public Key from certificate. */
		srvr_pub_pkey = X509_get_pubkey(
		    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
		if (srvr_pub_pkey != NULL && srvr_pub_pkey->type == EVP_PKEY_EC)
			tkey = srvr_pub_pkey->pkey.ec;
	}

	if (tkey == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_INTERNAL_ERROR);
		goto err;
	}

	srvr_group = EC_KEY_get0_group(tkey);
	srvr_ecpoint = EC_KEY_get0_public_key(tkey);

	if (srvr_group == NULL || srvr_ecpoint == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_INTERNAL_ERROR);
		goto err;
	}

	if ((clnt_ecdh = EC_KEY_new()) == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
		goto err;
	}

	/* Generate a new ECDH key pair. */
	if (!(EC_KEY_generate_key(clnt_ecdh))) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
		goto err;
	}
	key_size = ECDH_size(clnt_ecdh);
	if (key_size <= 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
		goto err;
	}
	if ((key = malloc(key_size)) == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_MALLOC_FAILURE);
	}
	n = ECDH_compute_key(key, key_size, srvr_ecpoint, clnt_ecdh, NULL);
	if (n <= 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
		goto err;
	}

	/* Generate master key from the result. */
	s->session->master_key_length =
	    s->method->ssl3_enc->generate_master_secret(s,
		s->session->master_key, key, n);

	/*
	 * First check the size of encoding and allocate memory accordingly.
	 */
	encoded_pt_len = EC_POINT_point2oct(srvr_group,
	    EC_KEY_get0_public_key(clnt_ecdh),
	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);

	bn_ctx = BN_CTX_new();
	encodedPoint = malloc(encoded_pt_len);
	if (encodedPoint == NULL || bn_ctx == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* Encode the public key */
	n = EC_POINT_point2oct(srvr_group, EC_KEY_get0_public_key(clnt_ecdh),
	    POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encoded_pt_len,
	    bn_ctx);

	*p = n; /* length of encoded point */
	/* Encoded point will be copied here */
	p += 1;

	/* copy the point */
	memcpy((unsigned char *)p, encodedPoint, n);
	/* increment n to account for length field */
	n += 1;

	*outlen = n;
	ret = 1;

err:
	if (key != NULL)
		explicit_bzero(key, key_size);
	free(key);

	BN_CTX_free(bn_ctx);
	free(encodedPoint);
	EC_KEY_free(clnt_ecdh);
	EVP_PKEY_free(srvr_pub_pkey);

	return (ret);
}

static int
ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
    int *outlen)
{
	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
	EVP_PKEY *pub_key = NULL;
	EVP_PKEY_CTX *pkey_ctx;
	X509 *peer_cert;
	size_t msglen;
	unsigned int md_len;
	EVP_MD_CTX *ukm_hash;
	int ret = -1;
	int nid;
	int n;

	/* Get server sertificate PKEY and create ctx from it */
	peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
	if (peer_cert == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
		goto err;
	}

	pub_key = X509_get_pubkey(peer_cert);
	pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL);

	/*
	 * If we have send a certificate, and certificate key parameters match
	 * those of server certificate, use certificate key for key exchange.
	 * Otherwise, generate ephemeral key pair.
	 */
	EVP_PKEY_encrypt_init(pkey_ctx);

	/* Generate session key. */
	arc4random_buf(premaster_secret, 32);

	/*
	 * If we have client certificate, use its secret as peer key.
	 */
	if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
		if (EVP_PKEY_derive_set_peer(pkey_ctx,
		    s->cert->key->privatekey) <=0) {
			/*
			 * If there was an error - just ignore it.
			 * Ephemeral key would be used.
			 */
			ERR_clear_error();
		}
	}

	/*
	 * Compute shared IV and store it in algorithm-specific context data.
	 */
	ukm_hash = EVP_MD_CTX_create();
	if (ukm_hash == NULL) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
		nid = NID_id_GostR3411_94;
	else
		nid = NID_id_tc26_gost3411_2012_256;
	if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
		goto err;
	EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);
	EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);
	EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
	EVP_MD_CTX_destroy(ukm_hash);
	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
	    EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG);
		goto err;
	}

	/*
	 * Make GOST keytransport blob message, encapsulate it into sequence.
	 */
	*(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
	msglen = 255;
	if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
	    32) < 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG);
		goto err;
	}
	if (msglen >= 0x80) {
		*(p++) = 0x81;
		*(p++) = msglen & 0xff;
		n = msglen + 3;
	} else {
		*(p++) = msglen & 0xff;
		n = msglen + 2;
	}
	memcpy(p, tmp, msglen);

	/* Check if pubkey from client certificate was used. */
	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
	    NULL) > 0) {
		/* Set flag "skip certificate verify". */
		s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
	}
	EVP_PKEY_CTX_free(pkey_ctx);
	s->session->master_key_length =
	    s->method->ssl3_enc->generate_master_secret(s,
		s->session->master_key, premaster_secret, 32);

	*outlen = n;
	ret = 1;

err:
	explicit_bzero(premaster_secret, sizeof(premaster_secret));
	EVP_PKEY_free(pub_key);

	return (ret);
}

int
ssl3_send_client_key_exchange(SSL *s)
{
	SESS_CERT *sess_cert;
	unsigned long alg_k;
	unsigned char *p;
	int n = 0;

	if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
		p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);

		alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

		if ((sess_cert = s->session->sess_cert) == NULL) {
			ssl3_send_alert(s, SSL3_AL_FATAL,
			    SSL_AD_UNEXPECTED_MESSAGE);
			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}

		if (alg_k & SSL_kRSA) {
			if (ssl3_send_client_kex_rsa(s, sess_cert, p, &n) != 1)
				goto err;
		} else if (alg_k & SSL_kDHE) {
			if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1)
				goto err;
		} else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
			if (ssl3_send_client_kex_ecdh(s, sess_cert, p, &n) != 1)
				goto err;
		} else if (alg_k & SSL_kGOST) {
			if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)
				goto err;
		} else {
			ssl3_send_alert(s, SSL3_AL_FATAL,
			    SSL_AD_HANDSHAKE_FAILURE);
			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}

		ssl3_handshake_msg_finish(s, n);

		s->state = SSL3_ST_CW_KEY_EXCH_B;
	}

	/* SSL3_ST_CW_KEY_EXCH_B */
	return (ssl3_handshake_write(s));

err:
	return (-1);
}

int
ssl3_send_client_verify(SSL *s)
{
	unsigned char	*p;
	unsigned char	 data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
	EVP_PKEY	*pkey;
	EVP_PKEY_CTX	*pctx = NULL;
	EVP_MD_CTX	 mctx;
	unsigned	 u = 0;
	unsigned long	 n;
	int		 j;

	EVP_MD_CTX_init(&mctx);

	if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
		p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);

		/*
		 * Create context from key and test if sha1 is allowed as
		 * digest.
		 */
		pkey = s->cert->key->privatekey;
		pctx = EVP_PKEY_CTX_new(pkey, NULL);
		EVP_PKEY_sign_init(pctx);
		if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
			if (!SSL_USE_SIGALGS(s))
				s->method->ssl3_enc->cert_verify_mac(s,
				    NID_sha1, &(data[MD5_DIGEST_LENGTH]));
		} else {
			ERR_clear_error();
		}
		/*
		 * For TLS v1.2 send signature algorithm and signature
		 * using agreed digest and cached handshake records.
		 */
		if (SSL_USE_SIGALGS(s)) {
			long hdatalen = 0;
			void *hdata;
			const EVP_MD *md = s->cert->key->digest;
			hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
			    &hdata);
			if (hdatalen <= 0 ||
			    !tls12_get_sigandhash(p, pkey, md)) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}
			p += 2;
			if (!EVP_SignInit_ex(&mctx, md, NULL) ||
			    !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
			    !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_EVP_LIB);
				goto err;
			}
			s2n(u, p);
			n = u + 4;
			if (!tls1_digest_cached_records(s))
				goto err;
		} else if (pkey->type == EVP_PKEY_RSA) {
			s->method->ssl3_enc->cert_verify_mac(
			    s, NID_md5, &(data[0]));
			if (RSA_sign(NID_md5_sha1, data,
			    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
			    &u, pkey->pkey.rsa) <= 0 ) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_RSA_LIB);
				goto err;
			}
			s2n(u, p);
			n = u + 2;
		} else if (pkey->type == EVP_PKEY_DSA) {
			if (!DSA_sign(pkey->save_type,
			    &(data[MD5_DIGEST_LENGTH]),
			    SHA_DIGEST_LENGTH, &(p[2]),
			    (unsigned int *)&j, pkey->pkey.dsa)) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_DSA_LIB);
				goto err;
			}
			s2n(j, p);
			n = j + 2;
		} else if (pkey->type == EVP_PKEY_EC) {
			if (!ECDSA_sign(pkey->save_type,
			    &(data[MD5_DIGEST_LENGTH]),
			    SHA_DIGEST_LENGTH, &(p[2]),
			    (unsigned int *)&j, pkey->pkey.ec)) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_ECDSA_LIB);
				goto err;
			}
			s2n(j, p);
			n = j + 2;
#ifndef OPENSSL_NO_GOST
		} else if (pkey->type == NID_id_GostR3410_94 ||
			   pkey->type == NID_id_GostR3410_2001) {
			unsigned char signbuf[128];
			long hdatalen = 0;
			void *hdata;
			const EVP_MD *md;
			int nid;
			size_t sigsize;

			hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
			if (hdatalen <= 0) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}
			if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
			    !(md = EVP_get_digestbynid(nid))) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
						ERR_R_EVP_LIB);
				goto err;
			}
			if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
			    !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
			    !EVP_DigestFinal(&mctx, signbuf, &u) ||
			    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
			    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
					       EVP_PKEY_CTRL_GOST_SIG_FORMAT,
					       GOST_SIG_FORMAT_RS_LE,
					       NULL) <= 0) ||
			    (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
					   signbuf, u) <= 0)) {
				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				    ERR_R_EVP_LIB);
				goto err;
			}
			if (!tls1_digest_cached_records(s))
				goto err;
			j = sigsize;
			s2n(j, p);
			n = j + 2;
#endif
		} else {
			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
			    ERR_R_INTERNAL_ERROR);
			goto err;
		}

		s->state = SSL3_ST_CW_CERT_VRFY_B;

		ssl3_handshake_msg_finish(s, n);
	}

	EVP_MD_CTX_cleanup(&mctx);
	EVP_PKEY_CTX_free(pctx);

	return (ssl3_handshake_write(s));

err:
	EVP_MD_CTX_cleanup(&mctx);
	EVP_PKEY_CTX_free(pctx);
	return (-1);
}

int
ssl3_send_client_certificate(SSL *s)
{
	X509		*x509 = NULL;
	EVP_PKEY	*pkey = NULL;
	int		 i;
	unsigned long	 l;

	if (s->state ==	SSL3_ST_CW_CERT_A) {
		if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
		    (s->cert->key->privatekey == NULL))
			s->state = SSL3_ST_CW_CERT_B;
		else
			s->state = SSL3_ST_CW_CERT_C;
	}

	/* We need to get a client cert */
	if (s->state == SSL3_ST_CW_CERT_B) {
		/*
		 * If we get an error, we need to
		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
		 * We then get retied later
		 */
		i = ssl_do_client_cert_cb(s, &x509, &pkey);
		if (i < 0) {
			s->rwstate = SSL_X509_LOOKUP;
			return (-1);
		}
		s->rwstate = SSL_NOTHING;
		if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
			s->state = SSL3_ST_CW_CERT_B;
			if (!SSL_use_certificate(s, x509) ||
			    !SSL_use_PrivateKey(s, pkey))
				i = 0;
		} else if (i == 1) {
			i = 0;
			SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
			    SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
		}

		X509_free(x509);
		EVP_PKEY_free(pkey);
		if (i == 0)
			s->s3->tmp.cert_req = 2;

		/* Ok, we have a cert */
		s->state = SSL3_ST_CW_CERT_C;
	}

	if (s->state == SSL3_ST_CW_CERT_C) {
		s->state = SSL3_ST_CW_CERT_D;
		l = ssl3_output_cert_chain(s,
		    (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
		s->init_num = (int)l;
		s->init_off = 0;
	}
	/* SSL3_ST_CW_CERT_D */
	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}

#define has_bits(i,m)	(((i)&(m)) == (m))

int
ssl3_check_cert_and_algorithm(SSL *s)
{
	int		 i, idx;
	long		 alg_k, alg_a;
	EVP_PKEY	*pkey = NULL;
	SESS_CERT	*sc;
	DH		*dh;

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	alg_a = s->s3->tmp.new_cipher->algorithm_auth;

	/* We don't have a certificate. */
	if (alg_a & SSL_aNULL)
		return (1);

	sc = s->session->sess_cert;
	if (sc == NULL) {
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
		    ERR_R_INTERNAL_ERROR);
		goto err;
	}
	dh = s->session->sess_cert->peer_dh_tmp;

	/* This is the passed certificate. */

	idx = sc->peer_cert_type;
	if (idx == SSL_PKEY_ECC) {
		if (ssl_check_srvr_ecc_cert_and_alg(
		    sc->peer_pkeys[idx].x509, s) == 0) {
			/* check failed */
			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
			    SSL_R_BAD_ECC_CERT);
			goto f_err;
		} else {
			return (1);
		}
	}
	pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
	i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
	EVP_PKEY_free(pkey);

	/* Check that we have a certificate if we require one. */
	if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
		    SSL_R_MISSING_RSA_SIGNING_CERT);
		goto f_err;
	} else if ((alg_a & SSL_aDSS) &&
	    !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
		    SSL_R_MISSING_DSA_SIGNING_CERT);
		goto f_err;
	}
	if ((alg_k & SSL_kRSA) &&
	    !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
		    SSL_R_MISSING_RSA_ENCRYPTING_CERT);
		goto f_err;
	}
	if ((alg_k & SSL_kDHE) &&
	    !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
		    SSL_R_MISSING_DH_KEY);
		goto f_err;
	}

	return (1);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
err:
	return (0);
}

int
ssl3_send_next_proto(SSL *s)
{
	unsigned int	 len, padding_len;
	unsigned char	*d, *p;

	if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
		d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);

		len = s->next_proto_negotiated_len;
		padding_len = 32 - ((len + 2) % 32);
		*(p++) = len;
		memcpy(p, s->next_proto_negotiated, len);
		p += len;
		*(p++) = padding_len;
		memset(p, 0, padding_len);
		p += padding_len;

		ssl3_handshake_msg_finish(s, p - d);

		s->state = SSL3_ST_CW_NEXT_PROTO_B;
	}

	return (ssl3_handshake_write(s));
}

/*
 * Check to see if handshake is full or resumed. Usually this is just a
 * case of checking to see if a cache hit has occurred. In the case of
 * session tickets we have to check the next message to be sure.
 */

int
ssl3_check_finished(SSL *s)
{
	int	ok;
	long	n;

	/* If we have no ticket it cannot be a resumed session. */
	if (!s->session->tlsext_tick)
		return (1);
	/* this function is called when we really expect a Certificate
	 * message, so permit appropriate message length */
	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
	    SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
	if (!ok)
		return ((int)n);
	s->s3->tmp.reuse_message = 1;
	if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
	    (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
		return (2);

	return (1);
}

int
ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{
	int	i = 0;

#ifndef OPENSSL_NO_ENGINE
	if (s->ctx->client_cert_engine) {
		i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
		SSL_get_client_CA_list(s),
		px509, ppkey, NULL, NULL, NULL);
		if (i != 0)
			return (i);
	}
#endif
	if (s->ctx->client_cert_cb)
		i = s->ctx->client_cert_cb(s, px509, ppkey);
	return (i);
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/ssl/s3_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: s3_lib.c,v 1.138 2017/03/10 16:03:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
144
145
146
147
148
149
150

151
152


153
154
155
156
157
158
159
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */


#include <stdio.h>



#include <openssl/dh.h>
#include <openssl/md5.h>
#include <openssl/objects.h>

#include "ssl_locl.h"
#include "bytestring.h"








>


>
>







144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */

#include <limits.h>
#include <stdio.h>

#include <openssl/bn.h>
#include <openssl/curve25519.h>
#include <openssl/dh.h>
#include <openssl/md5.h>
#include <openssl/objects.h>

#include "ssl_locl.h"
#include "bytestring.h"

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
		.name = SSL3_TXT_RSA_RC4_128_MD5,
		.id = SSL3_CK_RSA_RC4_128_MD5,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_MD5,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher 05 */
	{
		.valid = 1,
		.name = SSL3_TXT_RSA_RC4_128_SHA,
		.id = SSL3_CK_RSA_RC4_128_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
	{
		.valid = 1,
		.name = SSL3_TXT_RSA_IDEA_128_SHA,
		.id = SSL3_CK_RSA_IDEA_128_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_IDEA,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},
#endif

	/* Cipher 09 */
	{
		.valid = 1,
		.name = SSL3_TXT_RSA_DES_64_CBC_SHA,
		.id = SSL3_CK_RSA_DES_64_CBC_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,







|















|





<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239


















240
241
242
243
244
245
246
		.name = SSL3_TXT_RSA_RC4_128_MD5,
		.id = SSL3_CK_RSA_RC4_128_MD5,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_MD5,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_LOW,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher 05 */
	{
		.valid = 1,
		.name = SSL3_TXT_RSA_RC4_128_SHA,
		.id = SSL3_CK_RSA_RC4_128_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_LOW,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},



















	/* Cipher 09 */
	{
		.valid = 1,
		.name = SSL3_TXT_RSA_DES_64_CBC_SHA,
		.id = SSL3_CK_RSA_DES_64_CBC_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
		.name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
		.id = SSL3_CK_RSA_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/*
	 * Ephemeral DH (DHE) ciphers.







|







259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
		.name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
		.id = SSL3_CK_RSA_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kRSA,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/*
	 * Ephemeral DH (DHE) ciphers.
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
		.name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
		.id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aDSS,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher 15 */
	{







|







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
		.name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
		.id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aDSS,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher 15 */
	{
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
		.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
		.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher 18 */
	{
		.valid = 1,
		.name = SSL3_TXT_ADH_RC4_128_MD5,
		.id = SSL3_CK_ADH_RC4_128_MD5,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_MD5,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher 1A */
	{







|















|







327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
		.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
		.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher 18 */
	{
		.valid = 1,
		.name = SSL3_TXT_ADH_RC4_128_MD5,
		.id = SSL3_CK_ADH_RC4_128_MD5,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_MD5,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_LOW,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher 1A */
	{
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
		.name = SSL3_TXT_ADH_DES_192_CBC_SHA,
		.id = SSL3_CK_ADH_DES_192_CBC_SHA,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/*
	 * AES ciphersuites.







|







375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
		.name = SSL3_TXT_ADH_DES_192_CBC_SHA,
		.id = SSL3_CK_ADH_DES_192_CBC_SHA,
		.algorithm_mkey = SSL_kDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_SSLV3,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/*
	 * AES ciphersuites.
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
		.strength_bits = 256,
		.alg_bits = 256,
	},
#endif /* OPENSSL_NO_CAMELLIA */

	/* Cipher C001 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
		.id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_eNULL,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_STRONG_NONE,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 0,
		.alg_bits = 0,
	},

	/* Cipher C002 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C003 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
		.id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher C004 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES128,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C005 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES256,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C006 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
		.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aECDSA,







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1110
1111
1112
1113
1114
1115
1116
















































































1117
1118
1119
1120
1121
1122
1123
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
		.strength_bits = 256,
		.alg_bits = 256,
	},
#endif /* OPENSSL_NO_CAMELLIA */

















































































	/* Cipher C006 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
		.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aECDSA,
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
		.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aECDSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C008 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
		.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aECDSA,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher C009 */
	{







|















|







1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
		.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aECDSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_LOW,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C008 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
		.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aECDSA,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher C009 */
	{
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C00B */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
		.id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_eNULL,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_STRONG_NONE,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 0,
		.alg_bits = 0,
	},

	/* Cipher C00C */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C00D */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
		.id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher C00E */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
		.id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES128,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C00F */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
		.id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES256,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C010 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
		.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1190
1191
1192
1193
1194
1195
1196
















































































1197
1198
1199
1200
1201
1202
1203
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 256,
		.alg_bits = 256,
	},

















































































	/* Cipher C010 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
		.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
		.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C012 */
	{







|







1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
		.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_LOW,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C012 */
	{
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
		.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C017 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
		.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher C018 */
	{







|















|







1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
		.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
		.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_RC4,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_LOW,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C017 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
		.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aNULL,
		.algorithm_enc = SSL_3DES,
		.algorithm_mac = SSL_SHA1,
		.algorithm_ssl = SSL_TLSV1,
		.algo_strength = SSL_MEDIUM,
		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
		.strength_bits = 112,
		.alg_bits = 168,
	},

	/* Cipher C018 */
	{
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C025 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES128,
		.algorithm_mac = SSL_SHA256,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C026 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES256,
		.algorithm_mac = SSL_SHA384,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C027 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
		.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1385
1386
1387
1388
1389
1390
1391
































1392
1393
1394
1395
1396
1397
1398
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
		.strength_bits = 256,
		.alg_bits = 256,
	},

































	/* Cipher C027 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
		.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
	/* Cipher C028 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
		.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
		.algorithm_enc = SSL_AES256,
		.algorithm_mac = SSL_SHA384,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C029 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
		.id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES128,
		.algorithm_mac = SSL_SHA256,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C02A */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
		.id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES256,
		.algorithm_mac = SSL_SHA384,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
		.strength_bits = 256,
		.alg_bits = 256,







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1408
1409
1410
1411
1412
1413
1414
































1415
1416
1417
1418
1419
1420
1421
	/* Cipher C028 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
		.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
































		.algorithm_enc = SSL_AES256,
		.algorithm_mac = SSL_SHA384,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
		.strength_bits = 256,
		.alg_bits = 256,
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C02D */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES128GCM,
		.algorithm_mac = SSL_AEAD,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C02E */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
		.algorithm_mkey = SSL_kECDHe,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES256GCM,
		.algorithm_mac = SSL_AEAD,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C02F */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1455
1456
1457
1458
1459
1460
1461




































1462
1463
1464
1465
1466
1467
1468
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 256,
		.alg_bits = 256,
	},





































	/* Cipher C02F */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 256,
		.alg_bits = 256,
	},

	/* Cipher C031 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
		.id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES128GCM,
		.algorithm_mac = SSL_AEAD,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 128,
		.alg_bits = 128,
	},

	/* Cipher C032 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
		.id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
		.algorithm_mkey = SSL_kECDHr,
		.algorithm_auth = SSL_aECDH,
		.algorithm_enc = SSL_AES256GCM,
		.algorithm_mac = SSL_AEAD,
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 256,
		.alg_bits = 256,
	},

#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
	/* Cipher CC13 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
		.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1491
1492
1493
1494
1495
1496
1497





































1498
1499
1500
1501
1502
1503
1504
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
		.strength_bits = 256,
		.alg_bits = 256,
	},






































	/* Cipher CC13 */
	{
		.valid = 1,
		.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
		.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
		.algorithm_mkey = SSL_kECDHE,
		.algorithm_auth = SSL_aRSA,
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
		.strength_bits = 256,
		.alg_bits = 256,
	},
#endif

	/* Cipher FF85 FIXME IANA */
	{
		.valid = 1,
		.name = "GOST2012256-GOST89-GOST89",
		.id = 0x300ff85, /* FIXME IANA */
		.algorithm_mkey = SSL_kGOST,







<







1592
1593
1594
1595
1596
1597
1598

1599
1600
1601
1602
1603
1604
1605
		.algorithm_ssl = SSL_TLSV1_2,
		.algo_strength = SSL_HIGH,
		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
		.strength_bits = 256,
		.alg_bits = 256,
	},


	/* Cipher FF85 FIXME IANA */
	{
		.valid = 1,
		.name = "GOST2012256-GOST89-GOST89",
		.id = 0x300ff85, /* FIXME IANA */
		.algorithm_mkey = SSL_kGOST,
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040






































































2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082



2083
2084

2085
2086


2087
2088



2089
2090

2091
2092
2093
2094
2095
2096

2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107





2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121


2122


2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134


2135
2136
2137
2138
2139
2140
2141





























































2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313










2314
2315
2316
2317

2318
2319














2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482

2483


2484


2485
2486
2487
2488
2489
2490














2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
{
	return (c->id & SSL3_CK_VALUE_MASK);
}

int
ssl3_pending(const SSL *s)
{
	if (s->rstate == SSL_ST_READ_BODY)
		return 0;

	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
	    s->s3->rrec.length : 0;
}

int
ssl3_handshake_msg_hdr_len(SSL *s)
{
	return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
            SSL3_HM_HEADER_LENGTH);
}

unsigned char *
ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
{
	unsigned char *d, *p;

	d = p = (unsigned char *)s->init_buf->data;

	/* Handshake message type and length. */
	*(p++) = msg_type;
	l2n3(0, p);

	return (d + ssl3_handshake_msg_hdr_len(s));
}

void
ssl3_handshake_msg_finish(SSL *s, unsigned int len)
{
	unsigned char *d, *p;
	uint8_t msg_type;

	d = p = (unsigned char *)s->init_buf->data;

	/* Handshake message length. */
	msg_type = *(p++);
	l2n3(len, p);

	s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len;
	s->init_off = 0;

	if (SSL_IS_DTLS(s)) {
		dtls1_set_message_header(s, d, msg_type, len, 0, len);
		dtls1_buffer_message(s, 0);
	}






































































}

int
ssl3_handshake_write(SSL *s)
{
	if (SSL_IS_DTLS(s))
		return dtls1_do_write(s, SSL3_RT_HANDSHAKE);

	return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}

int
ssl3_new(SSL *s)
{
	SSL3_STATE	*s3;

	if ((s3 = calloc(1, sizeof *s3)) == NULL)
		goto err;
	memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
	memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));

	s->s3 = s3;

	s->method->ssl_clear(s);
	return (1);
err:
	return (0);
}

void
ssl3_free(SSL *s)
{
	if (s == NULL)
		return;

	tls1_cleanup_key_block(s);
	ssl3_release_read_buffer(s);
	ssl3_release_write_buffer(s);

	DH_free(s->s3->tmp.dh);
	EC_KEY_free(s->s3->tmp.ecdh);




	if (s->s3->tmp.ca_names != NULL)
		sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

	BIO_free(s->s3->handshake_buffer);
	tls1_free_digest_list(s);


	free(s->s3->alpn_selected);




	explicit_bzero(s->s3, sizeof *s->s3);
	free(s->s3);

	s->s3 = NULL;
}

void
ssl3_clear(SSL *s)
{

	unsigned char	*rp, *wp;
	size_t		 rlen, wlen;

	tls1_cleanup_key_block(s);
	if (s->s3->tmp.ca_names != NULL)
		sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

	DH_free(s->s3->tmp.dh);
	s->s3->tmp.dh = NULL;
	EC_KEY_free(s->s3->tmp.ecdh);
	s->s3->tmp.ecdh = NULL;






	rp = s->s3->rbuf.buf;
	wp = s->s3->wbuf.buf;
	rlen = s->s3->rbuf.len;
	wlen = s->s3->wbuf.len;

	BIO_free(s->s3->handshake_buffer);
	s->s3->handshake_buffer = NULL;

	tls1_free_digest_list(s);

	free(s->s3->alpn_selected);
	s->s3->alpn_selected = NULL;



	memset(s->s3, 0, sizeof *s->s3);


	s->s3->rbuf.buf = rp;
	s->s3->wbuf.buf = wp;
	s->s3->rbuf.len = rlen;
	s->s3->wbuf.len = wlen;

	ssl_free_wbio_buffer(s);

	s->packet_length = 0;
	s->s3->renegotiate = 0;
	s->s3->total_renegotiations = 0;
	s->s3->num_renegotiations = 0;
	s->s3->in_read_app_data = 0;


	s->version = TLS1_VERSION;

	free(s->next_proto_negotiated);
	s->next_proto_negotiated = NULL;
	s->next_proto_negotiated_len = 0;
}































































long
ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
	int ret = 0;

	if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
		if (!ssl_cert_inst(&s->cert)) {
			SSLerr(SSL_F_SSL3_CTRL,
			    ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}

	switch (cmd) {
	case SSL_CTRL_GET_SESSION_REUSED:
		ret = s->hit;
		break;
	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
		break;
	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
		ret = s->s3->num_renegotiations;
		break;
	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
		ret = s->s3->num_renegotiations;
		s->s3->num_renegotiations = 0;
		break;
	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
		ret = s->s3->total_renegotiations;
		break;
	case SSL_CTRL_GET_FLAGS:
		ret = (int)(s->s3->flags);
		break;
	case SSL_CTRL_NEED_TMP_RSA:
		ret = 0;
		break;
	case SSL_CTRL_SET_TMP_RSA:
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		break;
	case SSL_CTRL_SET_TMP_DH:
		{
			DH *dh = (DH *)parg;
			if (dh == NULL) {
				SSLerr(SSL_F_SSL3_CTRL,
				    ERR_R_PASSED_NULL_PARAMETER);
				return (ret);
			}
			if ((dh = DHparams_dup(dh)) == NULL) {
				SSLerr(SSL_F_SSL3_CTRL,
				    ERR_R_DH_LIB);
				return (ret);
			}
			DH_free(s->cert->dh_tmp);
			s->cert->dh_tmp = dh;
			ret = 1;
		}
		break;

	case SSL_CTRL_SET_TMP_DH_CB:
		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (ret);

	case SSL_CTRL_SET_DH_AUTO:
		s->cert->dh_tmp_auto = larg;
		return 1;

	case SSL_CTRL_SET_TMP_ECDH:
		{
			EC_KEY *ecdh = NULL;

			if (parg == NULL) {
				SSLerr(SSL_F_SSL3_CTRL,
				    ERR_R_PASSED_NULL_PARAMETER);
				return (ret);
			}
			if (!EC_KEY_up_ref((EC_KEY *)parg)) {
				SSLerr(SSL_F_SSL3_CTRL,
				    ERR_R_ECDH_LIB);
				return (ret);
			}
			ecdh = (EC_KEY *)parg;
			if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
				if (!EC_KEY_generate_key(ecdh)) {
					EC_KEY_free(ecdh);
					SSLerr(SSL_F_SSL3_CTRL,
					    ERR_R_ECDH_LIB);
					return (ret);
				}
			}
			EC_KEY_free(s->cert->ecdh_tmp);
			s->cert->ecdh_tmp = ecdh;
			ret = 1;
		}
		break;
	case SSL_CTRL_SET_TMP_ECDH_CB:
		{
			SSLerr(SSL_F_SSL3_CTRL,
			    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			return (ret);
		}
		break;
	case SSL_CTRL_SET_TLSEXT_HOSTNAME:
		if (larg == TLSEXT_NAMETYPE_host_name) {
			free(s->tlsext_hostname);
			s->tlsext_hostname = NULL;

			ret = 1;
			if (parg == NULL)
				break;
			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
				SSLerr(SSL_F_SSL3_CTRL,
				    SSL_R_SSL3_EXT_INVALID_SERVERNAME);
				return 0;
			}
			if ((s->tlsext_hostname = strdup((char *)parg))
			    == NULL) {
				SSLerr(SSL_F_SSL3_CTRL,
				    ERR_R_INTERNAL_ERROR);
				return 0;
			}
		} else {
			SSLerr(SSL_F_SSL3_CTRL,
			    SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
			return 0;
		}
		break;
	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
		s->tlsext_debug_arg = parg;
		ret = 1;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
		s->tlsext_status_type = larg;
		ret = 1;
		break;

	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
		*(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
		ret = 1;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
		s->tlsext_ocsp_exts = parg;
		ret = 1;
		break;

	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
		*(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
		ret = 1;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
		s->tlsext_ocsp_ids = parg;
		ret = 1;
		break;

	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
		*(unsigned char **)parg = s->tlsext_ocsp_resp;
		return s->tlsext_ocsp_resplen;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
		free(s->tlsext_ocsp_resp);
		s->tlsext_ocsp_resp = parg;
		s->tlsext_ocsp_resplen = larg;
		ret = 1;
		break;

	case SSL_CTRL_SET_ECDH_AUTO:
		s->cert->ecdh_tmp_auto = larg;
		ret = 1;
		break;











	default:
		break;
	}

	return (ret);
}















long
ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
	int	ret = 0;

	if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
		if (!ssl_cert_inst(&s->cert)) {
			SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
			    ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}

	switch (cmd) {
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		break;
	case SSL_CTRL_SET_TMP_DH_CB:
		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TMP_ECDH_CB:
		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
		s->tlsext_debug_cb = (void (*)(SSL *, int , int,
		    unsigned char *, int, void *))fp;
		break;
	default:
		break;
	}
	return (ret);
}

long
ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
	CERT	*cert;

	cert = ctx->cert;

	switch (cmd) {
	case SSL_CTRL_NEED_TMP_RSA:
		return (0);
	case SSL_CTRL_SET_TMP_RSA:
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (0);
	case SSL_CTRL_SET_TMP_DH:
		{
			DH *new = NULL, *dh;

			dh = (DH *)parg;
			if ((new = DHparams_dup(dh)) == NULL) {
				SSLerr(SSL_F_SSL3_CTX_CTRL,
				    ERR_R_DH_LIB);
				return 0;
			}
			DH_free(cert->dh_tmp);
			cert->dh_tmp = new;
			return 1;
		}
		/*break; */

	case SSL_CTRL_SET_TMP_DH_CB:
		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (0);

	case SSL_CTRL_SET_DH_AUTO:
		ctx->cert->dh_tmp_auto = larg;
		return (1);

	case SSL_CTRL_SET_TMP_ECDH:
		{
			EC_KEY *ecdh = NULL;

			if (parg == NULL) {
				SSLerr(SSL_F_SSL3_CTX_CTRL,
				    ERR_R_ECDH_LIB);
				return 0;
			}
			ecdh = EC_KEY_dup((EC_KEY *)parg);
			if (ecdh == NULL) {
				SSLerr(SSL_F_SSL3_CTX_CTRL,
				    ERR_R_EC_LIB);
				return 0;
			}
			if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
				if (!EC_KEY_generate_key(ecdh)) {
					EC_KEY_free(ecdh);
					SSLerr(SSL_F_SSL3_CTX_CTRL,
					    ERR_R_ECDH_LIB);
					return 0;
				}
			}

			EC_KEY_free(cert->ecdh_tmp);
			cert->ecdh_tmp = ecdh;
			return 1;
		}
		/* break; */
	case SSL_CTRL_SET_TMP_ECDH_CB:
		{
			SSLerr(SSL_F_SSL3_CTX_CTRL,
			    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			return (0);
		}
		break;
	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
		ctx->tlsext_servername_arg = parg;
		break;
	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
		{
			unsigned char *keys = parg;
			if (!keys)
				return 48;
			if (larg != 48) {
				SSLerr(SSL_F_SSL3_CTX_CTRL,
				    SSL_R_INVALID_TICKET_KEYS_LENGTH);
				return 0;
			}
			if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
				memcpy(ctx->tlsext_tick_key_name, keys, 16);
				memcpy(ctx->tlsext_tick_hmac_key,
				    keys + 16, 16);
				memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
			} else {
				memcpy(keys, ctx->tlsext_tick_key_name, 16);
				memcpy(keys + 16,
				    ctx->tlsext_tick_hmac_key, 16);
				memcpy(keys + 32,
				    ctx->tlsext_tick_aes_key, 16);
			}
			return 1;
		}

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
		ctx->tlsext_status_arg = parg;
		return 1;
		break;

	case SSL_CTRL_SET_ECDH_AUTO:
		ctx->cert->ecdh_tmp_auto = larg;
		return 1;

		/* A Thawte special :-) */
	case SSL_CTRL_EXTRA_CHAIN_CERT:
		if (ctx->extra_certs == NULL) {
			if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
				return (0);
		}
		sk_X509_push(ctx->extra_certs,(X509 *)parg);
		break;

	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
		*(STACK_OF(X509) **)parg = ctx->extra_certs;
		break;

	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
		if (ctx->extra_certs) {
			sk_X509_pop_free(ctx->extra_certs, X509_free);
			ctx->extra_certs = NULL;

		}


		break;



	default:
		return (0);
	}
	return (1);
}















long
ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
	CERT	*cert;

	cert = ctx->cert;

	switch (cmd) {
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (0);
	case SSL_CTRL_SET_TMP_DH_CB:
		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TMP_ECDH_CB:
		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
		ctx->tlsext_servername_callback =
		    (int (*)(SSL *, int *, void *))fp;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
		ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
		break;

	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
		ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
		    unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
		break;

	default:
		return (0);
	}
	return (1);







|


|
|














|














|





|
|


|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>














|
|
|
|
|
<
|
<

|
|
<
|












|
|

>
>
>
|
|
>
|
|
>
>
|

>
>
>
|

>






>




<
|

|
|
|
|
>
>
>
>
>






|
|

|

|
|

>
>
|
>
>







|
|
|
|
|
>
>


|
|
|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








<
|






|




|


|
|


|









|





<
|



<
|









|











<
|



<
|



|


<
|










<
|












<
|




<
|



<
|




|









|




|




|




|




|
|


|
|
|







>
>
>
>
>
>
>
>
>
>




>


>
>
>
>
>
>
>
>
>
>
>
>
>
>








<
|






|








|













|






|







<
|









|



|







<
|




<
|


|


<
|











<
|




|








<
|



|
|

|

|

|

|





|

<


|
















<
|
|
>
|
>
>
|
>
>






>
>
>
>
>
>
>
>
>
>
>
>
>
>






|



|








|




|



|







1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816

1817

1818
1819
1820

1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865

1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985

1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020

2021
2022
2023
2024

2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046

2047
2048
2049
2050

2051
2052
2053
2054
2055
2056
2057

2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068

2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081

2082
2083
2084
2085
2086

2087
2088
2089
2090

2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178

2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223

2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245

2246
2247
2248
2249
2250

2251
2252
2253
2254
2255
2256

2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268

2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282

2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303

2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322

2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
{
	return (c->id & SSL3_CK_VALUE_MASK);
}

int
ssl3_pending(const SSL *s)
{
	if (s->internal->rstate == SSL_ST_READ_BODY)
		return 0;

	return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
	    S3I(s)->rrec.length : 0;
}

int
ssl3_handshake_msg_hdr_len(SSL *s)
{
	return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
            SSL3_HM_HEADER_LENGTH);
}

unsigned char *
ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
{
	unsigned char *d, *p;

	d = p = (unsigned char *)s->internal->init_buf->data;

	/* Handshake message type and length. */
	*(p++) = msg_type;
	l2n3(0, p);

	return (d + ssl3_handshake_msg_hdr_len(s));
}

void
ssl3_handshake_msg_finish(SSL *s, unsigned int len)
{
	unsigned char *d, *p;
	uint8_t msg_type;

	d = p = (unsigned char *)s->internal->init_buf->data;

	/* Handshake message length. */
	msg_type = *(p++);
	l2n3(len, p);

	s->internal->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len;
	s->internal->init_off = 0;

	if (SSL_IS_DTLS(s)) {
		dtls1_set_message_header(s, msg_type, len, 0, len);
		dtls1_buffer_message(s, 0);
	}
}

int
ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body,
    uint8_t msg_type)
{
	int ret = 0;

	if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH))
		goto err;
	if (!CBB_add_u8(handshake, msg_type))
		goto err;
	if (SSL_IS_DTLS(s)) {
		unsigned char *data;

		if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
		    SSL3_HM_HEADER_LENGTH))
			goto err;
	}
	if (!CBB_add_u24_length_prefixed(handshake, body))
		goto err;

	ret = 1;

 err:
	return (ret);
}

int
ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake)
{
	unsigned char *data = NULL;
	size_t outlen;
	int ret = 0;

	if (!CBB_finish(handshake, &data, &outlen))
		goto err;

	if (outlen > INT_MAX)
		goto err;

	if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen))
		goto err;

	memcpy(s->internal->init_buf->data, data, outlen);

	s->internal->init_num = (int)outlen;
	s->internal->init_off = 0;

	if (SSL_IS_DTLS(s)) {
		unsigned long len;
		uint8_t msg_type;
		CBS cbs;

		CBS_init(&cbs, data, outlen);
		if (!CBS_get_u8(&cbs, &msg_type))
			goto err;

		len = outlen - ssl3_handshake_msg_hdr_len(s);

		dtls1_set_message_header(s, msg_type, len, 0, len);
		dtls1_buffer_message(s, 0);
	}

	ret = 1;

 err:
	free(data);

	return (ret);
}

int
ssl3_handshake_write(SSL *s)
{
	if (SSL_IS_DTLS(s))
		return dtls1_do_write(s, SSL3_RT_HANDSHAKE);

	return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}

int
ssl3_new(SSL *s)
{
	if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
		return (0);
	if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
		free(s->s3);
		return (0);

	}


	s->method->internal->ssl_clear(s);


	return (1);
}

void
ssl3_free(SSL *s)
{
	if (s == NULL)
		return;

	tls1_cleanup_key_block(s);
	ssl3_release_read_buffer(s);
	ssl3_release_write_buffer(s);

	DH_free(S3I(s)->tmp.dh);
	EC_KEY_free(S3I(s)->tmp.ecdh);

	if (S3I(s)->tmp.x25519 != NULL)
		explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
	free(S3I(s)->tmp.x25519);

	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);

	BIO_free(S3I(s)->handshake_buffer);

	tls1_handshake_hash_free(s);

	free(S3I(s)->alpn_selected);

	explicit_bzero(S3I(s), sizeof(*S3I(s)));
	free(S3I(s));

	explicit_bzero(s->s3, sizeof(*s->s3));
	free(s->s3);

	s->s3 = NULL;
}

void
ssl3_clear(SSL *s)
{
	struct ssl3_state_internal_st *internal;
	unsigned char	*rp, *wp;
	size_t		 rlen, wlen;

	tls1_cleanup_key_block(s);

	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);

	DH_free(S3I(s)->tmp.dh);
	S3I(s)->tmp.dh = NULL;
	EC_KEY_free(S3I(s)->tmp.ecdh);
	S3I(s)->tmp.ecdh = NULL;

	if (S3I(s)->tmp.x25519 != NULL)
		explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
	free(S3I(s)->tmp.x25519);
	S3I(s)->tmp.x25519 = NULL;

	rp = s->s3->rbuf.buf;
	wp = s->s3->wbuf.buf;
	rlen = s->s3->rbuf.len;
	wlen = s->s3->wbuf.len;

	BIO_free(S3I(s)->handshake_buffer);
	S3I(s)->handshake_buffer = NULL;

	tls1_handshake_hash_free(s);

	free(S3I(s)->alpn_selected);
	S3I(s)->alpn_selected = NULL;

	memset(S3I(s), 0, sizeof(*S3I(s)));
	internal = S3I(s);
	memset(s->s3, 0, sizeof(*s->s3));
	S3I(s) = internal;

	s->s3->rbuf.buf = rp;
	s->s3->wbuf.buf = wp;
	s->s3->rbuf.len = rlen;
	s->s3->wbuf.len = wlen;

	ssl_free_wbio_buffer(s);

	/* Not needed... */
	S3I(s)->renegotiate = 0;
	S3I(s)->total_renegotiations = 0;
	S3I(s)->num_renegotiations = 0;
	S3I(s)->in_read_app_data = 0;

	s->internal->packet_length = 0;
	s->version = TLS1_VERSION;

	free(s->internal->next_proto_negotiated);
	s->internal->next_proto_negotiated = NULL;
	s->internal->next_proto_negotiated_len = 0;
}

static long
ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
{
	EVP_PKEY *pkey = NULL;
	EC_GROUP *group = NULL;
	EC_POINT *point = NULL;
	EC_KEY *ec_key = NULL;
	BIGNUM *order = NULL;
	SESS_CERT *sc;
	int ret = 0;

	*pkey_tmp = NULL;

	if (s->server != 0)
		return 0;
	if (s->session == NULL || SSI(s)->sess_cert == NULL)
		return 0;

	sc = SSI(s)->sess_cert;

	if ((pkey = EVP_PKEY_new()) == NULL)
		return 0;

	if (sc->peer_dh_tmp != NULL) {
		ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp);
	} else if (sc->peer_ecdh_tmp) {
		ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp);
	} else if (sc->peer_x25519_tmp != NULL) {
		/* Fudge up an EC_KEY that looks like X25519... */
		if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL)
			goto err;
		if ((point = EC_POINT_new(group)) == NULL)
			goto err;
		if ((order = BN_new()) == NULL)
			goto err;
		if (!BN_set_bit(order, 252))
			goto err;
		if (!EC_GROUP_set_generator(group, point, order, NULL))
			goto err;
		EC_GROUP_set_curve_name(group, NID_X25519);
		if ((ec_key = EC_KEY_new()) == NULL)
			goto err;
		if (!EC_KEY_set_group(ec_key, group))
			goto err;
		ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key);
	}

	if (ret == 1) {
		*pkey_tmp = pkey;
		pkey = NULL;
	}

  err:
	EVP_PKEY_free(pkey);
	EC_GROUP_free(group);
	EC_POINT_free(point);
	EC_KEY_free(ec_key);
	BN_free(order);

	return (ret);
}

long
ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
	int ret = 0;

	if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
		if (!ssl_cert_inst(&s->cert)) {

			SSLerror(s, ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}

	switch (cmd) {
	case SSL_CTRL_GET_SESSION_REUSED:
		ret = s->internal->hit;
		break;
	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
		break;
	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
		ret = S3I(s)->num_renegotiations;
		break;
	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
		ret = S3I(s)->num_renegotiations;
		S3I(s)->num_renegotiations = 0;
		break;
	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
		ret = S3I(s)->total_renegotiations;
		break;
	case SSL_CTRL_GET_FLAGS:
		ret = (int)(s->s3->flags);
		break;
	case SSL_CTRL_NEED_TMP_RSA:
		ret = 0;
		break;
	case SSL_CTRL_SET_TMP_RSA:
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		break;
	case SSL_CTRL_SET_TMP_DH:
		{
			DH *dh = (DH *)parg;
			if (dh == NULL) {

				SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
				return (ret);
			}
			if ((dh = DHparams_dup(dh)) == NULL) {

				SSLerror(s, ERR_R_DH_LIB);
				return (ret);
			}
			DH_free(s->cert->dh_tmp);
			s->cert->dh_tmp = dh;
			ret = 1;
		}
		break;

	case SSL_CTRL_SET_TMP_DH_CB:
		SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (ret);

	case SSL_CTRL_SET_DH_AUTO:
		s->cert->dh_tmp_auto = larg;
		return 1;

	case SSL_CTRL_SET_TMP_ECDH:
		{
			EC_KEY *ecdh = NULL;

			if (parg == NULL) {

				SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
				return (ret);
			}
			if (!EC_KEY_up_ref((EC_KEY *)parg)) {

				SSLerror(s, ERR_R_ECDH_LIB);
				return (ret);
			}
			ecdh = (EC_KEY *)parg;
			if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
				if (!EC_KEY_generate_key(ecdh)) {
					EC_KEY_free(ecdh);

					SSLerror(s, ERR_R_ECDH_LIB);
					return (ret);
				}
			}
			EC_KEY_free(s->cert->ecdh_tmp);
			s->cert->ecdh_tmp = ecdh;
			ret = 1;
		}
		break;
	case SSL_CTRL_SET_TMP_ECDH_CB:
		{

			SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			return (ret);
		}
		break;
	case SSL_CTRL_SET_TLSEXT_HOSTNAME:
		if (larg == TLSEXT_NAMETYPE_host_name) {
			free(s->tlsext_hostname);
			s->tlsext_hostname = NULL;

			ret = 1;
			if (parg == NULL)
				break;
			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {

				SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
				return 0;
			}
			if ((s->tlsext_hostname = strdup((char *)parg))
			    == NULL) {

				SSLerror(s, ERR_R_INTERNAL_ERROR);
				return 0;
			}
		} else {

			SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
			return 0;
		}
		break;
	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
		s->internal->tlsext_debug_arg = parg;
		ret = 1;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
		s->tlsext_status_type = larg;
		ret = 1;
		break;

	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
		*(STACK_OF(X509_EXTENSION) **)parg = s->internal->tlsext_ocsp_exts;
		ret = 1;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
		s->internal->tlsext_ocsp_exts = parg;
		ret = 1;
		break;

	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
		*(STACK_OF(OCSP_RESPID) **)parg = s->internal->tlsext_ocsp_ids;
		ret = 1;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
		s->internal->tlsext_ocsp_ids = parg;
		ret = 1;
		break;

	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
		*(unsigned char **)parg = s->internal->tlsext_ocsp_resp;
		return s->internal->tlsext_ocsp_resplen;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
		free(s->internal->tlsext_ocsp_resp);
		s->internal->tlsext_ocsp_resp = parg;
		s->internal->tlsext_ocsp_resplen = larg;
		ret = 1;
		break;

	case SSL_CTRL_SET_ECDH_AUTO:
		s->cert->ecdh_tmp_auto = larg;
		ret = 1;
		break;

	case SSL_CTRL_SET_GROUPS:
		return SSL_set1_groups(s, parg, larg);

	case SSL_CTRL_SET_GROUPS_LIST:
		return SSL_set1_groups_list(s, parg);

	case SSL_CTRL_GET_SERVER_TMP_KEY:
		ret = ssl_ctrl_get_server_tmp_key(s, parg);
		break;

	default:
		break;
	}

	return (ret);
}

int
SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
{
	return tls1_set_groups(&s->internal->tlsext_supportedgroups,
	    &s->internal->tlsext_supportedgroups_length, groups, groups_len);
}

int
SSL_set1_groups_list(SSL *s, const char *groups)
{
	return tls1_set_groups_list(&s->internal->tlsext_supportedgroups,
	    &s->internal->tlsext_supportedgroups_length, groups);
}

long
ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
	int	ret = 0;

	if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
		if (!ssl_cert_inst(&s->cert)) {

			SSLerror(s, ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}

	switch (cmd) {
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		break;
	case SSL_CTRL_SET_TMP_DH_CB:
		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TMP_ECDH_CB:
		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
		s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int,
		    unsigned char *, int, void *))fp;
		break;
	default:
		break;
	}
	return (ret);
}

long
ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
	CERT	*cert;

	cert = ctx->internal->cert;

	switch (cmd) {
	case SSL_CTRL_NEED_TMP_RSA:
		return (0);
	case SSL_CTRL_SET_TMP_RSA:
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (0);
	case SSL_CTRL_SET_TMP_DH:
		{
			DH *new = NULL, *dh;

			dh = (DH *)parg;
			if ((new = DHparams_dup(dh)) == NULL) {

				SSLerrorx(ERR_R_DH_LIB);
				return 0;
			}
			DH_free(cert->dh_tmp);
			cert->dh_tmp = new;
			return 1;
		}
		/*break; */

	case SSL_CTRL_SET_TMP_DH_CB:
		SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (0);

	case SSL_CTRL_SET_DH_AUTO:
		ctx->internal->cert->dh_tmp_auto = larg;
		return (1);

	case SSL_CTRL_SET_TMP_ECDH:
		{
			EC_KEY *ecdh = NULL;

			if (parg == NULL) {

				SSLerrorx(ERR_R_ECDH_LIB);
				return 0;
			}
			ecdh = EC_KEY_dup((EC_KEY *)parg);
			if (ecdh == NULL) {

				SSLerrorx(ERR_R_EC_LIB);
				return 0;
			}
			if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
				if (!EC_KEY_generate_key(ecdh)) {
					EC_KEY_free(ecdh);

					SSLerrorx(ERR_R_ECDH_LIB);
					return 0;
				}
			}

			EC_KEY_free(cert->ecdh_tmp);
			cert->ecdh_tmp = ecdh;
			return 1;
		}
		/* break; */
	case SSL_CTRL_SET_TMP_ECDH_CB:
		{

			SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			return (0);
		}
		break;
	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
		ctx->internal->tlsext_servername_arg = parg;
		break;
	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
		{
			unsigned char *keys = parg;
			if (!keys)
				return 48;
			if (larg != 48) {

				SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
				return 0;
			}
			if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
				memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
				memcpy(ctx->internal->tlsext_tick_hmac_key,
				    keys + 16, 16);
				memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
			} else {
				memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
				memcpy(keys + 16,
				    ctx->internal->tlsext_tick_hmac_key, 16);
				memcpy(keys + 32,
				    ctx->internal->tlsext_tick_aes_key, 16);
			}
			return 1;
		}

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
		ctx->internal->tlsext_status_arg = parg;
		return 1;


	case SSL_CTRL_SET_ECDH_AUTO:
		ctx->internal->cert->ecdh_tmp_auto = larg;
		return 1;

		/* A Thawte special :-) */
	case SSL_CTRL_EXTRA_CHAIN_CERT:
		if (ctx->extra_certs == NULL) {
			if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
				return (0);
		}
		sk_X509_push(ctx->extra_certs,(X509 *)parg);
		break;

	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
		*(STACK_OF(X509) **)parg = ctx->extra_certs;
		break;

	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:

		sk_X509_pop_free(ctx->extra_certs, X509_free);
		ctx->extra_certs = NULL;
		break;

	case SSL_CTRL_SET_GROUPS:
		return SSL_CTX_set1_groups(ctx, parg, larg);

	case SSL_CTRL_SET_GROUPS_LIST:
		return SSL_CTX_set1_groups_list(ctx, parg);

	default:
		return (0);
	}
	return (1);
}

int
SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
{
	return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
	    &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
}

int
SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
{
	return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
	    &ctx->internal->tlsext_supportedgroups_length, groups);
}

long
ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
	CERT	*cert;

	cert = ctx->internal->cert;

	switch (cmd) {
	case SSL_CTRL_SET_TMP_RSA_CB:
		SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return (0);
	case SSL_CTRL_SET_TMP_DH_CB:
		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TMP_ECDH_CB:
		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
		break;
	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
		ctx->internal->tlsext_servername_callback =
		    (int (*)(SSL *, int *, void *))fp;
		break;

	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
		ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp;
		break;

	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
		ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
		    unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
		break;

	default:
		return (0);
	}
	return (1);
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
	/*
	 * Do not set the compare functions, because this may lead to a
	 * reordering by "id". We want to keep the original ordering.
	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
	 */

	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
		prio = srvr;
		allow = clnt;
	} else {
		prio = clnt;
		allow = srvr;
	}








|







2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
	/*
	 * Do not set the compare functions, because this may lead to a
	 * reordering by "id". We want to keep the original ordering.
	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
	 */

	if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
		prio = srvr;
		allow = clnt;
	} else {
		prio = clnt;
		allow = srvr;
	}

2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614

		ok = (alg_k & mask_k) && (alg_a & mask_a);

		/*
		 * If we are considering an ECC cipher suite that uses our
		 * certificate check it.
		 */
		if (alg_a & (SSL_aECDSA|SSL_aECDH))
			ok = ok && tls1_check_ec_server_key(s);
		/*
		 * If we are considering an ECC cipher suite that uses
		 * an ephemeral EC key check it.
		 */
		if (alg_k & SSL_kECDHE)
			ok = ok && tls1_check_ec_tmp_key(s);







|







2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475

		ok = (alg_k & mask_k) && (alg_a & mask_a);

		/*
		 * If we are considering an ECC cipher suite that uses our
		 * certificate check it.
		 */
		if (alg_a & SSL_aECDSA)
			ok = ok && tls1_check_ec_server_key(s);
		/*
		 * If we are considering an ECC cipher suite that uses
		 * an ephemeral EC key check it.
		 */
		if (alg_k & SSL_kECDHE)
			ok = ok && tls1_check_ec_tmp_key(s);
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859

int
ssl3_get_req_cert_type(SSL *s, unsigned char *p)
{
	int		ret = 0;
	unsigned long	alg_k;

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

#ifndef OPENSSL_NO_GOST
	if ((alg_k & SSL_kGOST)) {
		p[ret++] = TLS_CT_GOST94_SIGN;
		p[ret++] = TLS_CT_GOST01_SIGN;
		p[ret++] = TLS_CT_GOST12_256_SIGN;
		p[ret++] = TLS_CT_GOST12_512_SIGN;
	}
#endif

	if (alg_k & SSL_kDHE) {
		p[ret++] = SSL3_CT_RSA_FIXED_DH;
		p[ret++] = SSL3_CT_DSS_FIXED_DH;
	}
	p[ret++] = SSL3_CT_RSA_SIGN;
	p[ret++] = SSL3_CT_DSS_SIGN;
	if ((alg_k & (SSL_kECDHr|SSL_kECDHe))) {
		p[ret++] = TLS_CT_RSA_FIXED_ECDH;
		p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
	}

	/*
	 * ECDSA certs can be used with RSA cipher suites as well
	 * so we don't need to check for SSL_kECDH or SSL_kECDHE
	 */
	p[ret++] = TLS_CT_ECDSA_SIGN;

	return (ret);
}

int
ssl3_shutdown(SSL *s)
{
	int	ret;

	/*
	 * Don't do anything much if we have not done the handshake or
	 * we don't want to send messages :-)
	 */
	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
		s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
		return (1);
	}

	if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
		s->shutdown|=SSL_SENT_SHUTDOWN;
		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
		/*
		 * Our shutdown alert has been sent now, and if it still needs
	 	 * to be written, s->s3->alert_dispatch will be true
		 */
		if (s->s3->alert_dispatch)
			return(-1);	/* return WANT_WRITE */
	} else if (s->s3->alert_dispatch) {
		/* resend it if not sent */
		ret = s->method->ssl_dispatch_alert(s);
		if (ret == -1) {
			/*
			 * We only get to return -1 here the 2nd/Nth
			 * invocation, we must  have already signalled
			 * return 0 upon a previous invoation,
			 * return WANT_WRITE
			 */
			return (ret);
		}
	} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
		/* If we are waiting for a close from our peer, we are closed */
		s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
		if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
			return(-1);	/* return WANT_READ */
		}
	}

	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
	    !s->s3->alert_dispatch)
		return (1);
	else
		return (0);
}

int
ssl3_write(SSL *s, const void *buf, int len)
{
	int	ret, n;

#if 0
	if (s->shutdown & SSL_SEND_SHUTDOWN) {
		s->rwstate = SSL_NOTHING;
		return (0);
	}
#endif
	errno = 0;
	if (s->s3->renegotiate)
		ssl3_renegotiate_check(s);

	/*
	 * This is an experimental flag that sends the
	 * last handshake message in the same packet as the first
	 * use data - used to see if it helps the TCP protocol during
	 * session-id reuse
	 */
	/* The second test is because the buffer may have been removed */
	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
		/* First time through, we write into the buffer */
		if (s->s3->delay_buf_pop_ret == 0) {
			ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
			    buf, len);
			if (ret <= 0)
				return (ret);

			s->s3->delay_buf_pop_ret = ret;
		}

		s->rwstate = SSL_WRITING;
		n = BIO_flush(s->wbio);
		if (n <= 0)
			return (n);
		s->rwstate = SSL_NOTHING;

		/* We have flushed the buffer, so remove it */
		ssl_free_wbio_buffer(s);
		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;

		ret = s->s3->delay_buf_pop_ret;
		s->s3->delay_buf_pop_ret = 0;
	} else {
		ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
		    buf, len);
		if (ret <= 0)
			return (ret);
	}

	return (ret);
}

static int
ssl3_read_internal(SSL *s, void *buf, int len, int peek)
{
	int	ret;

	errno = 0;
	if (s->s3->renegotiate)
		ssl3_renegotiate_check(s);
	s->s3->in_read_app_data = 1;
	ret = s->method->ssl_read_bytes(s,
	    SSL3_RT_APPLICATION_DATA, buf, len, peek);
	if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
		/*
		 * ssl3_read_bytes decided to call s->handshake_func, which
		 * called ssl3_read_bytes to read handshake data.
		 * However, ssl3_read_bytes actually found application data
		 * and thinks that application data makes sense here; so disable
		 * handshake processing and try to read application data again.
		 */
		s->in_handshake++;
		ret = s->method->ssl_read_bytes(s,
		    SSL3_RT_APPLICATION_DATA, buf, len, peek);
		s->in_handshake--;
	} else
		s->s3->in_read_app_data = 0;

	return (ret);
}

int
ssl3_read(SSL *s, void *buf, int len)
{
	return ssl3_read_internal(s, buf, len, 0);
}

int
ssl3_peek(SSL *s, void *buf, int len)
{
	return ssl3_read_internal(s, buf, len, 1);
}

int
ssl3_renegotiate(SSL *s)
{
	if (s->handshake_func == NULL)
		return (1);

	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
		return (0);

	s->s3->renegotiate = 1;
	return (1);
}

int
ssl3_renegotiate_check(SSL *s)
{
	int	ret = 0;

	if (s->s3->renegotiate) {
		if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
		    !SSL_in_init(s)) {
			/*
			 * If we are the server, and we have sent
			 * a 'RENEGOTIATE' message, we need to go
			 * to SSL_ST_ACCEPT.
			 */
			/* SSL_ST_ACCEPT */
			s->state = SSL_ST_RENEGOTIATE;
			s->s3->renegotiate = 0;
			s->s3->num_renegotiations++;
			s->s3->total_renegotiations++;
			ret = 1;
		}
	}
	return (ret);
}
/*
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
 * and handshake macs if required.
 */
long
ssl_get_algorithm2(SSL *s)
{
	long	alg2 = s->s3->tmp.new_cipher->algorithm2;

	if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
	return alg2;
}







|
















<
<
<
<



|















|
|



|
|



















|

|
|




|












|
|




|











|





|


|



|





|
|

|
|













|

|
|

|

|





|
|

|

|



















|





|








|








|
|
|
|












|

|




2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510




2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716

int
ssl3_get_req_cert_type(SSL *s, unsigned char *p)
{
	int		ret = 0;
	unsigned long	alg_k;

	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;

#ifndef OPENSSL_NO_GOST
	if ((alg_k & SSL_kGOST)) {
		p[ret++] = TLS_CT_GOST94_SIGN;
		p[ret++] = TLS_CT_GOST01_SIGN;
		p[ret++] = TLS_CT_GOST12_256_SIGN;
		p[ret++] = TLS_CT_GOST12_512_SIGN;
	}
#endif

	if (alg_k & SSL_kDHE) {
		p[ret++] = SSL3_CT_RSA_FIXED_DH;
		p[ret++] = SSL3_CT_DSS_FIXED_DH;
	}
	p[ret++] = SSL3_CT_RSA_SIGN;
	p[ret++] = SSL3_CT_DSS_SIGN;





	/*
	 * ECDSA certs can be used with RSA cipher suites as well
	 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
	 */
	p[ret++] = TLS_CT_ECDSA_SIGN;

	return (ret);
}

int
ssl3_shutdown(SSL *s)
{
	int	ret;

	/*
	 * Don't do anything much if we have not done the handshake or
	 * we don't want to send messages :-)
	 */
	if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) {
		s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
		return (1);
	}

	if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) {
		s->internal->shutdown|=SSL_SENT_SHUTDOWN;
		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
		/*
		 * Our shutdown alert has been sent now, and if it still needs
	 	 * to be written, s->s3->alert_dispatch will be true
		 */
		if (s->s3->alert_dispatch)
			return(-1);	/* return WANT_WRITE */
	} else if (s->s3->alert_dispatch) {
		/* resend it if not sent */
		ret = s->method->ssl_dispatch_alert(s);
		if (ret == -1) {
			/*
			 * We only get to return -1 here the 2nd/Nth
			 * invocation, we must  have already signalled
			 * return 0 upon a previous invoation,
			 * return WANT_WRITE
			 */
			return (ret);
		}
	} else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
		/* If we are waiting for a close from our peer, we are closed */
		s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0);
		if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
			return(-1);	/* return WANT_READ */
		}
	}

	if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
	    !s->s3->alert_dispatch)
		return (1);
	else
		return (0);
}

int
ssl3_write(SSL *s, const void *buf, int len)
{
	int	ret, n;

#if 0
	if (s->internal->shutdown & SSL_SEND_SHUTDOWN) {
		s->internal->rwstate = SSL_NOTHING;
		return (0);
	}
#endif
	errno = 0;
	if (S3I(s)->renegotiate)
		ssl3_renegotiate_check(s);

	/*
	 * This is an experimental flag that sends the
	 * last handshake message in the same packet as the first
	 * use data - used to see if it helps the TCP protocol during
	 * session-id reuse
	 */
	/* The second test is because the buffer may have been removed */
	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
		/* First time through, we write into the buffer */
		if (S3I(s)->delay_buf_pop_ret == 0) {
			ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
			    buf, len);
			if (ret <= 0)
				return (ret);

			S3I(s)->delay_buf_pop_ret = ret;
		}

		s->internal->rwstate = SSL_WRITING;
		n = BIO_flush(s->wbio);
		if (n <= 0)
			return (n);
		s->internal->rwstate = SSL_NOTHING;

		/* We have flushed the buffer, so remove it */
		ssl_free_wbio_buffer(s);
		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;

		ret = S3I(s)->delay_buf_pop_ret;
		S3I(s)->delay_buf_pop_ret = 0;
	} else {
		ret = s->method->internal->ssl_write_bytes(s,
		    SSL3_RT_APPLICATION_DATA, buf, len);
		if (ret <= 0)
			return (ret);
	}

	return (ret);
}

static int
ssl3_read_internal(SSL *s, void *buf, int len, int peek)
{
	int	ret;

	errno = 0;
	if (S3I(s)->renegotiate)
		ssl3_renegotiate_check(s);
	S3I(s)->in_read_app_data = 1;
	ret = s->method->internal->ssl_read_bytes(s,
	    SSL3_RT_APPLICATION_DATA, buf, len, peek);
	if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
		/*
		 * ssl3_read_bytes decided to call s->internal->handshake_func, which
		 * called ssl3_read_bytes to read handshake data.
		 * However, ssl3_read_bytes actually found application data
		 * and thinks that application data makes sense here; so disable
		 * handshake processing and try to read application data again.
		 */
		s->internal->in_handshake++;
		ret = s->method->internal->ssl_read_bytes(s,
		    SSL3_RT_APPLICATION_DATA, buf, len, peek);
		s->internal->in_handshake--;
	} else
		S3I(s)->in_read_app_data = 0;

	return (ret);
}

int
ssl3_read(SSL *s, void *buf, int len)
{
	return ssl3_read_internal(s, buf, len, 0);
}

int
ssl3_peek(SSL *s, void *buf, int len)
{
	return ssl3_read_internal(s, buf, len, 1);
}

int
ssl3_renegotiate(SSL *s)
{
	if (s->internal->handshake_func == NULL)
		return (1);

	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
		return (0);

	S3I(s)->renegotiate = 1;
	return (1);
}

int
ssl3_renegotiate_check(SSL *s)
{
	int	ret = 0;

	if (S3I(s)->renegotiate) {
		if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
		    !SSL_in_init(s)) {
			/*
			 * If we are the server, and we have sent
			 * a 'RENEGOTIATE' message, we need to go
			 * to SSL_ST_ACCEPT.
			 */
			/* SSL_ST_ACCEPT */
			s->internal->state = SSL_ST_RENEGOTIATE;
			S3I(s)->renegotiate = 0;
			S3I(s)->num_renegotiations++;
			S3I(s)->total_renegotiations++;
			ret = 1;
		}
	}
	return (ret);
}
/*
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
 * and handshake macs if required.
 */
long
ssl_get_algorithm2(SSL *s)
{
	long	alg2 = S3I(s)->tmp.new_cipher->algorithm2;

	if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
	return alg2;
}
Deleted jni/libressl/ssl/s3_pkt.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
/* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <errno.h>
#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>

#include "bytestring.h"

static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
    unsigned int len, int create_empty_fragment);
static int ssl3_get_record(SSL *s);

/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
 * packet by another n bytes.
 * The packet will be in the sub-array of s->s3->rbuf.buf specified
 * by s->packet and s->packet_length.
 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
 * [plus s->packet_length bytes if extend == 1].)
 */
int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
	int i, len, left;
	size_t align;
	unsigned char *pkt;
	SSL3_BUFFER *rb;

	if (n <= 0)
		return n;

	rb = &(s->s3->rbuf);
	if (rb->buf == NULL)
		if (!ssl3_setup_read_buffer(s))
			return -1;

	left = rb->left;
	align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);

	if (!extend) {
		/* start with empty packet ... */
		if (left == 0)
			rb->offset = align;
		else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
			/* check if next packet length is large
			 * enough to justify payload alignment... */
			pkt = rb->buf + rb->offset;
			if (pkt[0] == SSL3_RT_APPLICATION_DATA &&
			    (pkt[3]<<8|pkt[4]) >= 128) {
				/* Note that even if packet is corrupted
				 * and its length field is insane, we can
				 * only be led to wrong decision about
				 * whether memmove will occur or not.
				 * Header values has no effect on memmove
				 * arguments and therefore no buffer
				 * overrun can be triggered. */
				memmove(rb->buf + align, pkt, left);
				rb->offset = align;
			}
		}
		s->packet = rb->buf + rb->offset;
		s->packet_length = 0;
		/* ... now we can act as if 'extend' was set */
	}

	/* For DTLS/UDP reads should not span multiple packets
	 * because the read operation returns the whole packet
	 * at once (as long as it fits into the buffer). */
	if (SSL_IS_DTLS(s)) {
		if (left > 0 && n > left)
			n = left;
	}

	/* if there is enough in the buffer from a previous read, take some */
	if (left >= n) {
		s->packet_length += n;
		rb->left = left - n;
		rb->offset += n;
		return (n);
	}

	/* else we need to read more data */

	len = s->packet_length;
	pkt = rb->buf + align;
	/* Move any available bytes to front of buffer:
	 * 'len' bytes already pointed to by 'packet',
	 * 'left' extra ones at the end */
	if (s->packet != pkt)  {
		/* len > 0 */
		memmove(pkt, s->packet, len + left);
		s->packet = pkt;
		rb->offset = len + align;
	}

	if (n > (int)(rb->len - rb->offset)) {
		/* does not happen */
		SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	if (!s->read_ahead) {
		/* ignore max parameter */
		max = n;
	} else {
		if (max < n)
			max = n;
		if (max > (int)(rb->len - rb->offset))
			max = rb->len - rb->offset;
	}

	while (left < n) {
		/* Now we have len+left bytes at the front of s->s3->rbuf.buf
		 * and need to read in more until we have len+n (up to
		 * len+max if possible) */

		errno = 0;
		if (s->rbio != NULL) {
			s->rwstate = SSL_READING;
			i = BIO_read(s->rbio, pkt + len + left, max - left);
		} else {
			SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
			i = -1;
		}

		if (i <= 0) {
			rb->left = left;
			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
			    !SSL_IS_DTLS(s)) {
				if (len + left == 0)
					ssl3_release_read_buffer(s);
			}
			return (i);
		}
		left += i;

		/*
		 * reads should *never* span multiple packets for DTLS because
		 * the underlying transport protocol is message oriented as
		 * opposed to byte oriented as in the TLS case.
		 */
		if (SSL_IS_DTLS(s)) {
			if (n > left)
				n = left; /* makes the while condition false */
		}
	}

	/* done reading, now the book-keeping */
	rb->offset += n;
	rb->left = left - n;
	s->packet_length += n;
	s->rwstate = SSL_NOTHING;
	return (n);
}

/* Call this to get a new input record.
 * It will return <= 0 if more data is needed, normally due to an error
 * or non-blocking IO.
 * When it finishes, one packet has been decoded and can be found in
 * ssl->s3->rrec.type    - is the type of record
 * ssl->s3->rrec.data, 	 - data
 * ssl->s3->rrec.length, - number of bytes
 */
/* used only by ssl3_read_bytes */
static int
ssl3_get_record(SSL *s)
{
	int al;
	int enc_err, n, i, ret = -1;
	SSL3_RECORD *rr;
	SSL_SESSION *sess;
	unsigned char md[EVP_MAX_MD_SIZE];
	unsigned mac_size, orig_len;

	rr = &(s->s3->rrec);
	sess = s->session;

again:
	/* check if we have the header */
	if ((s->rstate != SSL_ST_READ_BODY) ||
	    (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
		CBS header;
		uint16_t len, ssl_version;
		uint8_t type;

		n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
		if (n <= 0)
			return(n); /* error or non-blocking */
		s->rstate = SSL_ST_READ_BODY;

		CBS_init(&header, s->packet, n);

		/* Pull apart the header into the SSL3_RECORD */
		if (!CBS_get_u8(&header, &type) ||
		    !CBS_get_u16(&header, &ssl_version) ||
		    !CBS_get_u16(&header, &len)) {
			SSLerr(SSL_F_SSL3_GET_RECORD,
			    SSL_R_BAD_PACKET_LENGTH);
			goto err;
		}

		rr->type = type;
		rr->length = len;

		/* Lets check version */
		if (!s->first_packet && ssl_version != s->version) {
			SSLerr(SSL_F_SSL3_GET_RECORD,
			    SSL_R_WRONG_VERSION_NUMBER);
			if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
			    !s->enc_write_ctx && !s->write_hash)
				/* Send back error using their minor version number :-) */
				s->version = ssl_version;
			al = SSL_AD_PROTOCOL_VERSION;
			goto f_err;
		}

		if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
			SSLerr(SSL_F_SSL3_GET_RECORD,
			    SSL_R_WRONG_VERSION_NUMBER);
			goto err;
		}

		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
			al = SSL_AD_RECORD_OVERFLOW;
			SSLerr(SSL_F_SSL3_GET_RECORD,
			    SSL_R_PACKET_LENGTH_TOO_LONG);
			goto f_err;
		}

		/* now s->rstate == SSL_ST_READ_BODY */
	}

	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */

	if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
		i = rr->length;
		n = ssl3_read_n(s, i, i, 1);
		if (n <= 0)
			return(n); /* error or non-blocking io */
		/* now n == rr->length,
		 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
	}

	s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */

	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
	 * and we have that many bytes in s->packet
	 */
	rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);

	/* ok, we can now read from 's->packet' data into 'rr'
	 * rr->input points at rr->length bytes, which
	 * need to be copied into rr->data by either
	 * the decryption or by the decompression
	 * When the data is 'copied' into the rr->data buffer,
	 * rr->input will be pointed at the new buffer */

	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
	 * rr->length bytes of encrypted compressed stuff. */

	/* check is not needed I believe */
	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
		goto f_err;
	}

	/* decrypt in place in 'rr->input' */
	rr->data = rr->input;

	enc_err = s->method->ssl3_enc->enc(s, 0);
	/* enc_err is:
	 *    0: (in non-constant time) if the record is publically invalid.
	 *    1: if the padding is valid
	 *    -1: if the padding is invalid */
	if (enc_err == 0) {
		al = SSL_AD_DECRYPTION_FAILED;
		SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
		goto f_err;
	}


	/* r->length is now the compressed data plus mac */
	if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
	    (EVP_MD_CTX_md(s->read_hash) != NULL)) {
		/* s->read_hash != NULL => mac_size != -1 */
		unsigned char *mac = NULL;
		unsigned char mac_tmp[EVP_MAX_MD_SIZE];

		mac_size = EVP_MD_CTX_size(s->read_hash);
		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);

		/* kludge: *_cbc_remove_padding passes padding length in rr->type */
		orig_len = rr->length + ((unsigned int)rr->type >> 8);

		/* orig_len is the length of the record before any padding was
		 * removed. This is public information, as is the MAC in use,
		 * therefore we can safely process the record in a different
		 * amount of time if it's too short to possibly contain a MAC.
		 */
		if (orig_len < mac_size ||
			/* CBC records must have a padding length byte too. */
		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
		    orig_len < mac_size + 1)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
			goto f_err;
		}

		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
			/* We update the length so that the TLS header bytes
			 * can be constructed correctly but we need to extract
			 * the MAC in constant time from within the record,
			 * without leaking the contents of the padding bytes.
			 * */
			mac = mac_tmp;
			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
			rr->length -= mac_size;
		} else {
			/* In this case there's no padding, so |orig_len|
			 * equals |rec->length| and we checked that there's
			 * enough bytes for |mac_size| above. */
			rr->length -= mac_size;
			mac = &rr->data[rr->length];
		}

		i = s->method->ssl3_enc->mac(s,md,0 /* not send */);
		if (i < 0 || mac == NULL ||
		    timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
			enc_err = -1;
		if (rr->length >
		    SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
			enc_err = -1;
	}

	if (enc_err < 0) {
		/*
		 * A separate 'decryption_failed' alert was introduced with
		 * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a
		 * decryption failure is directly visible from the ciphertext
		 * anyway, we should not reveal which kind of error
		 * occurred -- this might become visible to an attacker
		 * (e.g. via a logfile)
		 */
		al = SSL_AD_BAD_RECORD_MAC;
		SSLerr(SSL_F_SSL3_GET_RECORD,
		    SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
		goto f_err;
	}

	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
		goto f_err;
	}

	rr->off = 0;
	/*
	 * So at this point the following is true
	 *
	 * ssl->s3->rrec.type 	is the type of record
	 * ssl->s3->rrec.length	== number of bytes in record
	 * ssl->s3->rrec.off	== offset to first valid byte
	 * ssl->s3->rrec.data	== where to take bytes from, increment
	 *			   after use :-).
	 */

	/* we have pulled in a full packet so zero things */
	s->packet_length = 0;

	/* just read a 0 length packet */
	if (rr->length == 0)
		goto again;

	return (1);

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (ret);
}

/* Call this to write data in records of type 'type'
 * It will return <= 0 if not all data has been sent or non-blocking IO.
 */
int
ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
{
	const unsigned char *buf = buf_;
	unsigned int tot, n, nw;
	int i;

	if (len < 0) {
		SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	s->rwstate = SSL_NOTHING;
	tot = s->s3->wnum;
	s->s3->wnum = 0;

	if (SSL_in_init(s) && !s->in_handshake) {
		i = s->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerr(SSL_F_SSL3_WRITE_BYTES,
			    SSL_R_SSL_HANDSHAKE_FAILURE);
			return -1;
		}
	}

	if (len < tot)
		len = tot;
	n = (len - tot);
	for (;;) {
		if (n > s->max_send_fragment)
			nw = s->max_send_fragment;
		else
			nw = n;

		i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
		if (i <= 0) {
			s->s3->wnum = tot;
			return i;
		}

		if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
		    (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
			/*
			 * Next chunk of data should get another prepended
			 * empty fragment in ciphersuites with known-IV
			 * weakness.
			 */
			s->s3->empty_fragment_done = 0;

			return tot + i;
		}

		n -= i;
		tot += i;
	}
}

static int
do_ssl3_write(SSL *s, int type, const unsigned char *buf,
    unsigned int len, int create_empty_fragment)
{
	unsigned char *p, *plen;
	int i, mac_size, clear = 0;
	int prefix_len = 0;
	int eivlen;
	size_t align;
	SSL3_RECORD *wr;
	SSL3_BUFFER *wb = &(s->s3->wbuf);
	SSL_SESSION *sess;

	if (wb->buf == NULL)
		if (!ssl3_setup_write_buffer(s))
			return -1;

	/* first check if there is a SSL3_BUFFER still being written
	 * out.  This will happen with non blocking IO */
	if (wb->left != 0)
		return (ssl3_write_pending(s, type, buf, len));

	/* If we have an alert to send, lets send it */
	if (s->s3->alert_dispatch) {
		i = s->method->ssl_dispatch_alert(s);
		if (i <= 0)
			return (i);
		/* if it went, fall through and send more stuff */
		/* we may have released our buffer, so get it again */
		if (wb->buf == NULL)
			if (!ssl3_setup_write_buffer(s))
				return -1;
	}

	if (len == 0 && !create_empty_fragment)
		return 0;

	wr = &(s->s3->wrec);
	sess = s->session;

	if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
	    (EVP_MD_CTX_md(s->write_hash) == NULL)) {
		clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
		mac_size = 0;
	} else {
		mac_size = EVP_MD_CTX_size(s->write_hash);
		if (mac_size < 0)
			goto err;
	}

	/*
	 * 'create_empty_fragment' is true only when this function calls
	 * itself.
	 */
	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
		/*
		 * Countermeasure against known-IV weakness in CBC ciphersuites
		 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
		 */
		if (s->s3->need_empty_fragments &&
		    type == SSL3_RT_APPLICATION_DATA) {
			/* recursive function call with 'create_empty_fragment' set;
			 * this prepares and buffers the data for an empty fragment
			 * (these 'prefix_len' bytes are sent out later
			 * together with the actual payload) */
			prefix_len = do_ssl3_write(s, type, buf, 0, 1);
			if (prefix_len <= 0)
				goto err;

			if (prefix_len >
				(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
				/* insufficient space */
				SSLerr(SSL_F_DO_SSL3_WRITE,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}
		}

		s->s3->empty_fragment_done = 1;
	}

	if (create_empty_fragment) {
		/* extra fragment would be couple of cipher blocks,
		 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
		 * if we want to align the real payload, then we can
		 * just pretent we simply have two headers. */
		align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
		align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);

		p = wb->buf + align;
		wb->offset = align;
	} else if (prefix_len) {
		p = wb->buf + wb->offset + prefix_len;
	} else {
		align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
		align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);

		p = wb->buf + align;
		wb->offset = align;
	}

	/* write the header */

	*(p++) = type&0xff;
	wr->type = type;

	*(p++) = (s->version >> 8);
	/* Some servers hang if iniatial client hello is larger than 256
	 * bytes and record version number > TLS 1.0
	 */
	if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate &&
	    TLS1_get_version(s) > TLS1_VERSION)
		*(p++) = 0x1;
	else
		*(p++) = s->version&0xff;

	/* field where we are to write out packet length */
	plen = p;
	p += 2;

	/* Explicit IV length. */
	if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
		int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
		if (mode == EVP_CIPH_CBC_MODE) {
			eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
			if (eivlen <= 1)
				eivlen = 0;
		}
		/* Need explicit part of IV for GCM mode */
		else if (mode == EVP_CIPH_GCM_MODE)
			eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
		else
			eivlen = 0;
	} else if (s->aead_write_ctx != NULL &&
	    s->aead_write_ctx->variable_nonce_in_record) {
		eivlen = s->aead_write_ctx->variable_nonce_len;
	} else
		eivlen = 0;

	/* lets setup the record stuff. */
	wr->data = p + eivlen;
	wr->length = (int)len;
	wr->input = (unsigned char *)buf;

	/* we now 'read' from wr->input, wr->length bytes into wr->data */

	memcpy(wr->data, wr->input, wr->length);
	wr->input = wr->data;

	/* we should still have the output to wr->data and the input
	 * from wr->input.  Length should be wr->length.
	 * wr->data still points in the wb->buf */

	if (mac_size != 0) {
		if (s->method->ssl3_enc->mac(s,
		    &(p[wr->length + eivlen]), 1) < 0)
			goto err;
		wr->length += mac_size;
	}

	wr->input = p;
	wr->data = p;

	if (eivlen) {
		/* if (RAND_pseudo_bytes(p, eivlen) <= 0)
			goto err;
		*/
		wr->length += eivlen;
	}

	/* ssl3_enc can only have an error on read */
	s->method->ssl3_enc->enc(s, 1);

	/* record length after mac and block padding */
	s2n(wr->length, plen);

	/* we should now have
	 * wr->data pointing to the encrypted data, which is
	 * wr->length long */
	wr->type=type; /* not needed but helps for debugging */
	wr->length += SSL3_RT_HEADER_LENGTH;

	if (create_empty_fragment) {
		/* we are in a recursive call;
		 * just return the length, don't write out anything here
		 */
		return wr->length;
	}

	/* now let's set up wb */
	wb->left = prefix_len + wr->length;

	/* memorize arguments so that ssl3_write_pending can detect
	 * bad write retries later */
	s->s3->wpend_tot = len;
	s->s3->wpend_buf = buf;
	s->s3->wpend_type = type;
	s->s3->wpend_ret = len;

	/* we now just need to write the buffer */
	return ssl3_write_pending(s, type, buf, len);
err:
	return -1;
}

/* if s->s3->wbuf.left != 0, we need to call this */
int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
	int i;
	SSL3_BUFFER *wb = &(s->s3->wbuf);

	/* XXXX */
	if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
	    !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
	    (s->s3->wpend_type != type)) {
		SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
		return (-1);
	}

	for (;;) {
		errno = 0;
		if (s->wbio != NULL) {
			s->rwstate = SSL_WRITING;
			i = BIO_write(s->wbio,
			(char *)&(wb->buf[wb->offset]),
			(unsigned int)wb->left);
		} else {
			SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
			i = -1;
		}
		if (i == wb->left) {
			wb->left = 0;
			wb->offset += i;
			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
			    !SSL_IS_DTLS(s))
				ssl3_release_write_buffer(s);
			s->rwstate = SSL_NOTHING;
			return (s->s3->wpend_ret);
		} else if (i <= 0) {
			/*
			 * For DTLS, just drop it. That's kind of the
			 * whole point in using a datagram service.
			 */
			if (SSL_IS_DTLS(s))
				wb->left = 0;
			return (i);
		}
		wb->offset += i;
		wb->left -= i;
	}
}

/* Return up to 'len' payload bytes received in 'type' records.
 * 'type' is one of the following:
 *
 *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
 *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
 *   -  0 (during a shutdown, no data has to be returned)
 *
 * If we don't have stored data to work from, read a SSL/TLS record first
 * (possibly multiple records if we still don't have anything to return).
 *
 * This function must handle any surprises the peer may have for us, such as
 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
 * a surprise, but handled as if it were), or renegotiation requests.
 * Also if record payloads contain fragments too small to process, we store
 * them until there is enough for the respective protocol (the record protocol
 * may use arbitrary fragmentation and even interleaving):
 *     Change cipher spec protocol
 *             just 1 byte needed, no need for keeping anything stored
 *     Alert protocol
 *             2 bytes needed (AlertLevel, AlertDescription)
 *     Handshake protocol
 *             4 bytes needed (HandshakeType, uint24 length) -- we just have
 *             to detect unexpected Client Hello and Hello Request messages
 *             here, anything else is handled by higher layers
 *     Application data protocol
 *             none of our business
 */
int
ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
	void (*cb)(const SSL *ssl, int type2, int val) = NULL;
	int al, i, j, ret, rrcount = 0;
	unsigned int n;
	SSL3_RECORD *rr;
	BIO *bio;

	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
		if (!ssl3_setup_read_buffer(s))
			return (-1);

	if (len < 0) {
		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	if ((type && type != SSL3_RT_APPLICATION_DATA &&
	    type != SSL3_RT_HANDSHAKE) ||
	    (peek && (type != SSL3_RT_APPLICATION_DATA))) {
		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	if ((type == SSL3_RT_HANDSHAKE) &&
	    (s->s3->handshake_fragment_len > 0)) {
		/* (partially) satisfy request from storage */
		unsigned char *src = s->s3->handshake_fragment;
		unsigned char *dst = buf;
		unsigned int k;

		/* peek == 0 */
		n = 0;
		while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
			*dst++ = *src++;
			len--;
			s->s3->handshake_fragment_len--;
			n++;
		}
		/* move any remaining fragment bytes: */
		for (k = 0; k < s->s3->handshake_fragment_len; k++)
			s->s3->handshake_fragment[k] = *src++;
		return n;
	}

	/*
	 * Now s->s3->handshake_fragment_len == 0 if
	 * type == SSL3_RT_HANDSHAKE.
	 */
	if (!s->in_handshake && SSL_in_init(s)) {
		/* type == SSL3_RT_APPLICATION_DATA */
		i = s->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
	}

start:
	/*
	 * Do not process more than three consecutive records, otherwise the
	 * peer can cause us to loop indefinitely. Instead, return with an
	 * SSL_ERROR_WANT_READ so the caller can choose when to handle further
	 * processing. In the future, the total number of non-handshake and
	 * non-application data records per connection should probably also be
	 * limited...
	 */
	if (rrcount++ >= 3) {
		if ((bio = SSL_get_rbio(s)) == NULL) {
			SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
			return -1;
		}
		BIO_clear_retry_flags(bio);
		BIO_set_retry_read(bio);
		s->rwstate = SSL_READING;
		return -1;
	}

	s->rwstate = SSL_NOTHING;

	/*
	 * s->s3->rrec.type	    - is the type of record
	 * s->s3->rrec.data,    - data
	 * s->s3->rrec.off,     - offset into 'data' for next read
	 * s->s3->rrec.length,  - number of bytes.
	 */
	rr = &(s->s3->rrec);

	/* get new packet if necessary */
	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
		ret = ssl3_get_record(s);
		if (ret <= 0)
			return (ret);
	}

	/* we now have a packet which can be read and processed */

	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
	                               * reset by ssl3_get_finished */
	    && (rr->type != SSL3_RT_HANDSHAKE)) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_READ_BYTES,
		    SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
		goto f_err;
	}

	/* If the other end has shut down, throw anything we read away
	 * (even in 'peek' mode) */
	if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
		rr->length = 0;
		s->rwstate = SSL_NOTHING;
		return (0);
	}


	/* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
	if (type == rr->type) {
		/* make sure that we are not getting application data when we
		 * are doing a handshake for the first time */
		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
			(s->enc_read_ctx == NULL)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_R_APP_DATA_IN_HANDSHAKE);
			goto f_err;
		}

		if (len <= 0)
			return (len);

		if ((unsigned int)len > rr->length)
			n = rr->length;
		else
			n = (unsigned int)len;

		memcpy(buf, &(rr->data[rr->off]), n);
		if (!peek) {
			memset(&(rr->data[rr->off]), 0, n);
			rr->length -= n;
			rr->off += n;
			if (rr->length == 0) {
				s->rstate = SSL_ST_READ_HEADER;
				rr->off = 0;
				if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
				    s->s3->rbuf.left == 0)
					ssl3_release_read_buffer(s);
			}
		}
		return (n);
	}


	/* If we get here, then type != rr->type; if we have a handshake
	 * message, then it was unexpected (Hello Request or Client Hello). */

	{
		/*
		 * In case of record types for which we have 'fragment'
		 * storage, * fill that so that we can process the data
		 * at a fixed place.
		 */
		unsigned int dest_maxlen = 0;
		unsigned char *dest = NULL;
		unsigned int *dest_len = NULL;

		if (rr->type == SSL3_RT_HANDSHAKE) {
			dest_maxlen = sizeof s->s3->handshake_fragment;
			dest = s->s3->handshake_fragment;
			dest_len = &s->s3->handshake_fragment_len;
		} else if (rr->type == SSL3_RT_ALERT) {
			dest_maxlen = sizeof s->s3->alert_fragment;
			dest = s->s3->alert_fragment;
			dest_len = &s->s3->alert_fragment_len;
		}
		if (dest_maxlen > 0) {
			/* available space in 'dest' */
			n = dest_maxlen - *dest_len;
			if (rr->length < n)
				n = rr->length; /* available bytes */

			/* now move 'n' bytes: */
			while (n-- > 0) {
				dest[(*dest_len)++] = rr->data[rr->off++];
				rr->length--;
			}

			if (*dest_len < dest_maxlen)
				goto start; /* fragment was too small */
		}
	}

	/* s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
	 * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */

	/* If we are a client, check for an incoming 'Hello Request': */
	if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
	    (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
	    (s->session != NULL) && (s->session->cipher != NULL)) {
		s->s3->handshake_fragment_len = 0;

		if ((s->s3->handshake_fragment[1] != 0) ||
		    (s->s3->handshake_fragment[2] != 0) ||
		    (s->s3->handshake_fragment[3] != 0)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
			goto f_err;
		}

		if (s->msg_callback)
			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
			    s->s3->handshake_fragment, 4, s,
			    s->msg_callback_arg);

		if (SSL_is_init_finished(s) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
		    !s->s3->renegotiate) {
			ssl3_renegotiate(s);
			if (ssl3_renegotiate_check(s)) {
				i = s->handshake_func(s);
				if (i < 0)
					return (i);
				if (i == 0) {
					SSLerr(SSL_F_SSL3_READ_BYTES,
					    SSL_R_SSL_HANDSHAKE_FAILURE);
					return (-1);
				}

				if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
					if (s->s3->rbuf.left == 0) {
						/* no read-ahead left? */
			/* In the case where we try to read application data,
			 * but we trigger an SSL handshake, we return -1 with
			 * the retry option set.  Otherwise renegotiation may
			 * cause nasty problems in the blocking world */
						s->rwstate = SSL_READING;
						bio = SSL_get_rbio(s);
						BIO_clear_retry_flags(bio);
						BIO_set_retry_read(bio);
						return (-1);
					}
				}
			}
		}
		/* we either finished a handshake or ignored the request,
		 * now try again to obtain the (application) data we were asked for */
		goto start;
	}
	/* If we are a server and get a client hello when renegotiation isn't
	 * allowed send back a no renegotiation alert and carry on.
	 * WARNING: experimental code, needs reviewing (steve)
	 */
	if (s->server &&
	    SSL_is_init_finished(s) &&
	    !s->s3->send_connection_binding &&
	    (s->s3->handshake_fragment_len >= 4) &&
	    (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
	    (s->session != NULL) && (s->session->cipher != NULL)) {
		/*s->s3->handshake_fragment_len = 0;*/
		rr->length = 0;
		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
		goto start;
	}
	if (s->s3->alert_fragment_len >= 2) {
		int alert_level = s->s3->alert_fragment[0];
		int alert_descr = s->s3->alert_fragment[1];

		s->s3->alert_fragment_len = 0;

		if (s->msg_callback)
			s->msg_callback(0, s->version, SSL3_RT_ALERT,
			    s->s3->alert_fragment, 2, s, s->msg_callback_arg);

		if (s->info_callback != NULL)
			cb = s->info_callback;
		else if (s->ctx->info_callback != NULL)
			cb = s->ctx->info_callback;

		if (cb != NULL) {
			j = (alert_level << 8) | alert_descr;
			cb(s, SSL_CB_READ_ALERT, j);
		}

		if (alert_level == 1) {
			/* warning */
			s->s3->warn_alert = alert_descr;
			if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
				return (0);
			}
			/* This is a warning but we receive it if we requested
			 * renegotiation and the peer denied it. Terminate with
			 * a fatal alert because if application tried to
			 * renegotiatie it presumably had a good reason and
			 * expects it to succeed.
			 *
			 * In future we might have a renegotiation where we
			 * don't care if the peer refused it where we carry on.
			 */
			else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_READ_BYTES,
				    SSL_R_NO_RENEGOTIATION);
				goto f_err;
			}
		} else if (alert_level == 2) {
			/* fatal */
			s->rwstate = SSL_NOTHING;
			s->s3->fatal_alert = alert_descr;
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_AD_REASON_OFFSET + alert_descr);
			ERR_asprintf_error_data("SSL alert number %d",
			    alert_descr);
			s->shutdown |= SSL_RECEIVED_SHUTDOWN;
			SSL_CTX_remove_session(s->ctx, s->session);
			return (0);
		} else {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
			goto f_err;
		}

		goto start;
	}

	if (s->shutdown & SSL_SENT_SHUTDOWN) {
		/* but we have not received a shutdown */
		s->rwstate = SSL_NOTHING;
		rr->length = 0;
		return (0);
	}

	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
		/* 'Change Cipher Spec' is just a single byte, so we know
		 * exactly what the record payload has to look like */
		if ((rr->length != 1) || (rr->off != 0) ||
			(rr->data[0] != SSL3_MT_CCS)) {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_R_BAD_CHANGE_CIPHER_SPEC);
			goto f_err;
		}

		/* Check we have a cipher to change to */
		if (s->s3->tmp.new_cipher == NULL) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_R_CCS_RECEIVED_EARLY);
			goto f_err;
		}

		/* Check that we should be receiving a Change Cipher Spec. */
		if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_R_CCS_RECEIVED_EARLY);
			goto f_err;
		}
		s->s3->flags &= ~SSL3_FLAGS_CCS_OK;

		rr->length = 0;

		if (s->msg_callback) {
			s->msg_callback(0, s->version,
			    SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s,
			    s->msg_callback_arg);
		}

		s->s3->change_cipher_spec = 1;
		if (!ssl3_do_change_cipher_spec(s))
			goto err;
		else
			goto start;
	}

	/* Unexpected handshake message (Client Hello, or protocol violation) */
	if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
			s->renegotiate = 1;
			s->new_session = 1;
		}
		i = s->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerr(SSL_F_SSL3_READ_BYTES,
			    SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}

		if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
			if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
				BIO *bio;
				/* In the case where we try to read application data,
				 * but we trigger an SSL handshake, we return -1 with
				 * the retry option set.  Otherwise renegotiation may
				 * cause nasty problems in the blocking world */
				s->rwstate = SSL_READING;
				bio = SSL_get_rbio(s);
				BIO_clear_retry_flags(bio);
				BIO_set_retry_read(bio);
				return (-1);
			}
		}
		goto start;
	}

	switch (rr->type) {
	default:
		/*
		 * TLS up to v1.1 just ignores unknown message types:
		 * TLS v1.2 give an unexpected message alert.
		 */
		if (s->version >= TLS1_VERSION &&
		    s->version <= TLS1_1_VERSION) {
			rr->length = 0;
			goto start;
		}
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
		goto f_err;
	case SSL3_RT_CHANGE_CIPHER_SPEC:
	case SSL3_RT_ALERT:
	case SSL3_RT_HANDSHAKE:
		/* we already handled all of these, with the possible exception
		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
		 * should not happen when type != rr->type */
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
		goto f_err;
	case SSL3_RT_APPLICATION_DATA:
		/* At this point, we were expecting handshake data,
		 * but have application data.  If the library was
		 * running inside ssl3_read() (i.e. in_read_app_data
		 * is set) and it makes sense to read application data
		 * at this point (session renegotiation not yet started),
		 * we will indulge it.
		 */
		if (s->s3->in_read_app_data &&
		    (s->s3->total_renegotiations != 0) &&
		    (((s->state & SSL_ST_CONNECT) &&
		    (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
		    (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
		    ((s->state & SSL_ST_ACCEPT) &&
		    (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
		    (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
			s->s3->in_read_app_data = 2;
			return (-1);
		} else {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
			goto f_err;
		}
	}
	/* not reached */

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
ssl3_do_change_cipher_spec(SSL *s)
{
	int i;
	const char *sender;
	int slen;

	if (s->state & SSL_ST_ACCEPT)
		i = SSL3_CHANGE_CIPHER_SERVER_READ;
	else
		i = SSL3_CHANGE_CIPHER_CLIENT_READ;

	if (s->s3->tmp.key_block == NULL) {
		if (s->session == NULL || s->session->master_key_length == 0) {
			/* might happen if dtls1_read_bytes() calls this */
			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
			    SSL_R_CCS_RECEIVED_EARLY);
			return (0);
		}

		s->session->cipher = s->s3->tmp.new_cipher;
		if (!s->method->ssl3_enc->setup_key_block(s))
			return (0);
	}

	if (!s->method->ssl3_enc->change_cipher_state(s, i))
		return (0);

	/* we have to record the message digest at
	 * this point so we can get it before we read
	 * the finished message */
	if (s->state & SSL_ST_CONNECT) {
		sender = s->method->ssl3_enc->server_finished_label;
		slen = s->method->ssl3_enc->server_finished_label_len;
	} else {
		sender = s->method->ssl3_enc->client_finished_label;
		slen = s->method->ssl3_enc->client_finished_label_len;
	}

	i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
	    s->s3->tmp.peer_finish_md);
	if (i == 0) {
		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
		return 0;
	}
	s->s3->tmp.peer_finish_md_len = i;

	return (1);
}

int
ssl3_send_alert(SSL *s, int level, int desc)
{
	/* Map tls/ssl alert value to correct one */
	desc = s->method->ssl3_enc->alert_value(desc);
	if (desc < 0)
		return -1;
	/* If a fatal one, remove from cache */
	if ((level == 2) && (s->session != NULL))
		SSL_CTX_remove_session(s->ctx, s->session);

	s->s3->alert_dispatch = 1;
	s->s3->send_alert[0] = level;
	s->s3->send_alert[1] = desc;
	if (s->s3->wbuf.left == 0) /* data still being written out? */
		return s->method->ssl_dispatch_alert(s);

	/* else data is still being written out, we will get written
	 * some time in the future */
	return -1;
}

int
ssl3_dispatch_alert(SSL *s)
{
	int i, j;
	void (*cb)(const SSL *ssl, int type, int val) = NULL;

	s->s3->alert_dispatch = 0;
	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
	if (i <= 0) {
		s->s3->alert_dispatch = 1;
	} else {
		/* Alert sent to BIO.  If it is important, flush it now.
		 * If the message does not get sent due to non-blocking IO,
		 * we will not worry too much. */
		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
			(void)BIO_flush(s->wbio);

		if (s->msg_callback)
			s->msg_callback(1, s->version, SSL3_RT_ALERT,
			    s->s3->send_alert, 2, s, s->msg_callback_arg);

		if (s->info_callback != NULL)
			cb = s->info_callback;
		else if (s->ctx->info_callback != NULL)
			cb = s->ctx->info_callback;

		if (cb != NULL) {
			j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
			cb(s, SSL_CB_WRITE_ALERT, j);
		}
	}
	return (i);
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Deleted jni/libressl/ssl/s3_srvr.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
/* $OpenBSD: s3_srvr.c,v 1.126 2016/05/30 13:42:54 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * ECC cipher suite support in OpenSSL originally written by
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */

#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/bn.h>
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_GOST
#include <openssl/gost.h>
#endif
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

#include "bytestring.h"

int
ssl3_accept(SSL *s)
{
	unsigned long alg_k;
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	int ret = -1;
	int new_state, state, skip = 0;

	ERR_clear_error();
	errno = 0;

	if (s->info_callback != NULL)
		cb = s->info_callback;
	else if (s->ctx->info_callback != NULL)
		cb = s->ctx->info_callback;

	/* init things to blank */
	s->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	if (s->cert == NULL) {
		SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
		ret = -1;
		goto end;
	}

	for (;;) {
		state = s->state;

		switch (s->state) {
		case SSL_ST_RENEGOTIATE:
			s->renegotiate = 1;
			/* s->state=SSL_ST_ACCEPT; */

		case SSL_ST_BEFORE:
		case SSL_ST_ACCEPT:
		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
		case SSL_ST_OK|SSL_ST_ACCEPT:

			s->server = 1;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version >> 8) != 3) {
				SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}
			s->type = SSL_ST_ACCEPT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}

			s->init_num = 0;

			if (s->state != SSL_ST_RENEGOTIATE) {
				/*
				 * Ok, we now need to push on a buffering BIO
				 * so that the output is sent in a way that
				 * TCP likes :-)
				 */
				if (!ssl_init_wbio_buffer(s, 1)) {
					ret = -1;
					goto end;
				}

				if (!tls1_init_finished_mac(s)) {
					ret = -1;
					goto end;
				}

				s->state = SSL3_ST_SR_CLNT_HELLO_A;
				s->ctx->stats.sess_accept++;
			} else if (!s->s3->send_connection_binding) {
				/*
				 * Server attempting to renegotiate with
				 * client that doesn't support secure
				 * renegotiation.
				 */
				SSLerr(SSL_F_SSL3_ACCEPT,
				    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
				ssl3_send_alert(s, SSL3_AL_FATAL,
				    SSL_AD_HANDSHAKE_FAILURE);
				ret = -1;
				goto end;
			} else {
				/*
				 * s->state == SSL_ST_RENEGOTIATE,
				 * we will just send a HelloRequest
				 */
				s->ctx->stats.sess_accept_renegotiate++;
				s->state = SSL3_ST_SW_HELLO_REQ_A;
			}
			break;

		case SSL3_ST_SW_HELLO_REQ_A:
		case SSL3_ST_SW_HELLO_REQ_B:

			s->shutdown = 0;
			ret = ssl3_send_hello_request(s);
			if (ret <= 0)
				goto end;
			s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
			s->state = SSL3_ST_SW_FLUSH;
			s->init_num = 0;

			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_SW_HELLO_REQ_C:
			s->state = SSL_ST_OK;
			break;

		case SSL3_ST_SR_CLNT_HELLO_A:
		case SSL3_ST_SR_CLNT_HELLO_B:
		case SSL3_ST_SR_CLNT_HELLO_C:

			s->shutdown = 0;
			if (s->rwstate != SSL_X509_LOOKUP) {
				ret = ssl3_get_client_hello(s);
				if (ret <= 0)
					goto end;
			}

			s->renegotiate = 2;
			s->state = SSL3_ST_SW_SRVR_HELLO_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_SRVR_HELLO_A:
		case SSL3_ST_SW_SRVR_HELLO_B:
			ret = ssl3_send_server_hello(s);
			if (ret <= 0)
				goto end;
			if (s->hit) {
				if (s->tlsext_ticket_expected)
					s->state = SSL3_ST_SW_SESSION_TICKET_A;
				else
					s->state = SSL3_ST_SW_CHANGE_A;
			}
			else
				s->state = SSL3_ST_SW_CERT_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_A:
		case SSL3_ST_SW_CERT_B:
			/* Check if it is anon DH or anon ECDH. */
			if (!(s->s3->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				ret = ssl3_send_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->tlsext_status_expected)
					s->state = SSL3_ST_SW_CERT_STATUS_A;
				else
					s->state = SSL3_ST_SW_KEY_EXCH_A;
			} else {
				skip = 1;
				s->state = SSL3_ST_SW_KEY_EXCH_A;
			}
			s->init_num = 0;
			break;

		case SSL3_ST_SW_KEY_EXCH_A:
		case SSL3_ST_SW_KEY_EXCH_B:
			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

			/*
			 * Only send if using a DH key exchange.
			 *
			 * For ECC ciphersuites, we send a ServerKeyExchange
			 * message only if the cipher suite is ECDHE. In other
			 * cases, the server certificate contains the server's
			 * public key for key exchange.
			 */
			if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
				ret = ssl3_send_server_key_exchange(s);
				if (ret <= 0)
					goto end;
			} else
				skip = 1;

			s->state = SSL3_ST_SW_CERT_REQ_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_REQ_A:
		case SSL3_ST_SW_CERT_REQ_B:
			/*
			 * Determine whether or not we need to request a
			 * certificate.
			 *
			 * Do not request a certificate if:
			 *
			 * - We did not ask for it (SSL_VERIFY_PEER is unset).
			 *
			 * - SSL_VERIFY_CLIENT_ONCE is set and we are
			 *   renegotiating.
			 *
			 * - We are using an anonymous ciphersuites
			 *   (see section "Certificate request" in SSL 3 drafts
			 *   and in RFC 2246) ... except when the application
			 *   insists on verification (against the specs, but
			 *   s3_clnt.c accepts this for SSL 3).
			 */
			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
			    ((s->session->peer != NULL) &&
			     (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
			    ((s->s3->tmp.new_cipher->algorithm_auth &
			     SSL_aNULL) && !(s->verify_mode &
			     SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
				/* No cert request */
				skip = 1;
				s->s3->tmp.cert_request = 0;
				s->state = SSL3_ST_SW_SRVR_DONE_A;
				if (s->s3->handshake_buffer) {
					if (!tls1_digest_cached_records(s)) {
						ret = -1;
						goto end;
					}
				}
			} else {
				s->s3->tmp.cert_request = 1;
				ret = ssl3_send_certificate_request(s);
				if (ret <= 0)
					goto end;
				s->state = SSL3_ST_SW_SRVR_DONE_A;
				s->init_num = 0;
			}
			break;

		case SSL3_ST_SW_SRVR_DONE_A:
		case SSL3_ST_SW_SRVR_DONE_B:
			ret = ssl3_send_server_done(s);
			if (ret <= 0)
				goto end;
			s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
			s->state = SSL3_ST_SW_FLUSH;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_FLUSH:

			/*
			 * This code originally checked to see if
			 * any data was pending using BIO_CTRL_INFO
			 * and then flushed. This caused problems
			 * as documented in PR#1939. The proposed
			 * fix doesn't completely resolve this issue
			 * as buggy implementations of BIO_CTRL_PENDING
			 * still exist. So instead we just flush
			 * unconditionally.
			 */

			s->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				ret = -1;
				goto end;
			}
			s->rwstate = SSL_NOTHING;

			s->state = s->s3->tmp.next_state;
			break;

		case SSL3_ST_SR_CERT_A:
		case SSL3_ST_SR_CERT_B:
			if (s->s3->tmp.cert_request) {
				ret = ssl3_get_client_certificate(s);
				if (ret <= 0)
					goto end;
			}
			s->init_num = 0;
			s->state = SSL3_ST_SR_KEY_EXCH_A;
			break;

		case SSL3_ST_SR_KEY_EXCH_A:
		case SSL3_ST_SR_KEY_EXCH_B:
			ret = ssl3_get_client_key_exchange(s);
			if (ret <= 0)
				goto end;
			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
			if (ret == 2) {
				/*
				 * For the ECDH ciphersuites when
				 * the client sends its ECDH pub key in
				 * a certificate, the CertificateVerify
				 * message is not sent.
				 * Also for GOST ciphersuites when
				 * the client uses its key from the certificate
				 * for key exchange.
				 */
				if (s->s3->next_proto_neg_seen)
					s->state = SSL3_ST_SR_NEXT_PROTO_A;
				else
					s->state = SSL3_ST_SR_FINISHED_A;
				s->init_num = 0;
			} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
				s->state = SSL3_ST_SR_CERT_VRFY_A;
				s->init_num = 0;
				if (!s->session->peer)
					break;
				/*
				 * For sigalgs freeze the handshake buffer
				 * at this point and digest cached records.
				 */
				if (!s->s3->handshake_buffer) {
					SSLerr(SSL_F_SSL3_ACCEPT,
					    ERR_R_INTERNAL_ERROR);
					ret = -1;
					goto end;
				}
				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
				if (!tls1_digest_cached_records(s)) {
					ret = -1;
					goto end;
				}
			} else {
				int offset = 0;
				int dgst_num;

				s->state = SSL3_ST_SR_CERT_VRFY_A;
				s->init_num = 0;

				/*
				 * We need to get hashes here so if there is
				 * a client cert, it can be verified
				 * FIXME - digest processing for
				 * CertificateVerify should be generalized.
				 * But it is next step
				 */
				if (s->s3->handshake_buffer) {
					if (!tls1_digest_cached_records(s)) {
						ret = -1;
						goto end;
					}
				}
				for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
				    dgst_num++)
					if (s->s3->handshake_dgst[dgst_num]) {
					int dgst_size;

					s->method->ssl3_enc->cert_verify_mac(s,
					    EVP_MD_CTX_type(
					    s->s3->handshake_dgst[dgst_num]),
					    &(s->s3->tmp.cert_verify_md[offset]));
					dgst_size = EVP_MD_CTX_size(
					    s->s3->handshake_dgst[dgst_num]);
					if (dgst_size < 0) {
						ret = -1;
						goto end;
					}
					offset += dgst_size;
				}
			}
			break;

		case SSL3_ST_SR_CERT_VRFY_A:
		case SSL3_ST_SR_CERT_VRFY_B:
			s->s3->flags |= SSL3_FLAGS_CCS_OK;

			/* we should decide if we expected this one */
			ret = ssl3_get_cert_verify(s);
			if (ret <= 0)
				goto end;

			if (s->s3->next_proto_neg_seen)
				s->state = SSL3_ST_SR_NEXT_PROTO_A;
			else
				s->state = SSL3_ST_SR_FINISHED_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SR_NEXT_PROTO_A:
		case SSL3_ST_SR_NEXT_PROTO_B:
			ret = ssl3_get_next_proto(s);
			if (ret <= 0)
				goto end;
			s->init_num = 0;
			s->state = SSL3_ST_SR_FINISHED_A;
			break;

		case SSL3_ST_SR_FINISHED_A:
		case SSL3_ST_SR_FINISHED_B:
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
			ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
			    SSL3_ST_SR_FINISHED_B);
			if (ret <= 0)
				goto end;
			if (s->hit)
				s->state = SSL_ST_OK;
			else if (s->tlsext_ticket_expected)
				s->state = SSL3_ST_SW_SESSION_TICKET_A;
			else
				s->state = SSL3_ST_SW_CHANGE_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_SESSION_TICKET_A:
		case SSL3_ST_SW_SESSION_TICKET_B:
			ret = ssl3_send_newsession_ticket(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_CHANGE_A;
			s->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_STATUS_A:
		case SSL3_ST_SW_CERT_STATUS_B:
			ret = ssl3_send_cert_status(s);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_KEY_EXCH_A;
			s->init_num = 0;
			break;


		case SSL3_ST_SW_CHANGE_A:
		case SSL3_ST_SW_CHANGE_B:

			s->session->cipher = s->s3->tmp.new_cipher;
			if (!s->method->ssl3_enc->setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			ret = ssl3_send_change_cipher_spec(s,
			    SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);

			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_FINISHED_A;
			s->init_num = 0;

			if (!s->method->ssl3_enc->change_cipher_state(
			    s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
				ret = -1;
				goto end;
			}

			break;

		case SSL3_ST_SW_FINISHED_A:
		case SSL3_ST_SW_FINISHED_B:
			ret = ssl3_send_finished(s,
			SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
			s->method->ssl3_enc->server_finished_label,
			s->method->ssl3_enc->server_finished_label_len);
			if (ret <= 0)
				goto end;
			s->state = SSL3_ST_SW_FLUSH;
			if (s->hit) {
				if (s->s3->next_proto_neg_seen) {
					s->s3->flags |= SSL3_FLAGS_CCS_OK;
					s->s3->tmp.next_state =
					    SSL3_ST_SR_NEXT_PROTO_A;
				} else
					s->s3->tmp.next_state =
					    SSL3_ST_SR_FINISHED_A;
			} else
				s->s3->tmp.next_state = SSL_ST_OK;
			s->init_num = 0;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			BUF_MEM_free(s->init_buf);
			s->init_buf = NULL;

			/* remove buffering on output */
			ssl_free_wbio_buffer(s);

			s->init_num = 0;

			/* skipped if we just sent a HelloRequest */
			if (s->renegotiate == 2) {
				s->renegotiate = 0;
				s->new_session = 0;

				ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

				s->ctx->stats.sess_accept_good++;
				/* s->server=1; */
				s->handshake_func = ssl3_accept;

				if (cb != NULL)
					cb(s, SSL_CB_HANDSHAKE_DONE, 1);
			}

			ret = 1;
			goto end;
			/* break; */

		default:
			SSLerr(SSL_F_SSL3_ACCEPT,
			    SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		if (!s->s3->tmp.reuse_message && !skip) {
			if (s->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}


			if ((cb != NULL) && (s->state != state)) {
				new_state = s->state;
				s->state = state;
				cb(s, SSL_CB_ACCEPT_LOOP, 1);
				s->state = new_state;
			}
		}
		skip = 0;
	}
end:
	/* BIO_flush(s->wbio); */

	s->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_ACCEPT_EXIT, ret);
	return (ret);
}

int
ssl3_send_hello_request(SSL *s)
{
	if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
		ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
		ssl3_handshake_msg_finish(s, 0);

		s->state = SSL3_ST_SW_HELLO_REQ_B;
	}

	/* SSL3_ST_SW_HELLO_REQ_B */
	return (ssl3_handshake_write(s));
}

int
ssl3_get_client_hello(SSL *s)
{
	int i, j, ok, al, ret = -1;
	unsigned int cookie_len;
	long n;
	unsigned long id;
	unsigned char *p, *d;
	SSL_CIPHER *c;
	STACK_OF(SSL_CIPHER) *ciphers = NULL;
	unsigned long alg_k;

	/*
	 * We do this so that we will respond with our native type.
	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
	 * This down switching should be handled by a different method.
	 * If we are SSLv3, we will respond with SSLv3, even if prompted with
	 * TLSv1.
	 */
	if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
		s->state = SSL3_ST_SR_CLNT_HELLO_B;
	}
	s->first_packet = 1;
	n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
	    SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
	    SSL3_RT_MAX_PLAIN_LENGTH, &ok);

	if (!ok)
		return ((int)n);
	s->first_packet = 0;
	d = p = (unsigned char *)s->init_msg;

	if (2 > n)
		goto truncated;
	/*
	 * Use version from inside client hello, not from record header.
	 * (may differ: see RFC 2246, Appendix E, second paragraph)
	 */
	s->client_version = (((int)p[0]) << 8)|(int)p[1];
	p += 2;

	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
	    (s->version != DTLS1_VERSION && s->client_version < s->version)) {
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
		    SSL_R_WRONG_VERSION_NUMBER);
		if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
			!s->enc_write_ctx && !s->write_hash) {
			/*
			 * Similar to ssl3_get_record, send alert using remote
			 * version number
			 */
			s->version = s->client_version;
		}
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
	}

	/*
	 * If we require cookies (DTLS) and this ClientHello doesn't
	 * contain one, just return since we do not want to
	 * allocate any memory yet. So check cookie length...
	 */
	if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
		unsigned int session_length, cookie_length;

		if (p - d + SSL3_RANDOM_SIZE + 1 >= n)
			goto truncated;
		session_length = *(p + SSL3_RANDOM_SIZE);

		if (p - d + SSL3_RANDOM_SIZE + session_length + 1 >= n)
			goto truncated;
		cookie_length = p[SSL3_RANDOM_SIZE + session_length + 1];

		if (cookie_length == 0)
			return (1);
	}

	if (p - d + SSL3_RANDOM_SIZE + 1 > n)
		goto truncated;

	/* load the client random */
	memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
	p += SSL3_RANDOM_SIZE;

	/* get the session-id */
	j= *(p++);
	if (p - d + j > n)
		goto truncated;

	s->hit = 0;
	/*
	 * Versions before 0.9.7 always allow clients to resume sessions in
	 * renegotiation. 0.9.7 and later allow this by default, but optionally
	 * ignore resumption requests with flag
	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
	 * rather than a change to default behavior so that applications
	 * relying on this for security won't even compile against older
	 * library versions).
	 *
	 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
	 * to request renegotiation but not a new session (s->new_session
	 * remains unset): for servers, this essentially just means that the
	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
	 * ignored.
	 */
	if ((s->new_session && (s->options &
	    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
		if (!ssl_get_new_session(s, 1))
			goto err;
	} else {
		i = ssl_get_prev_session(s, p, j, d + n);
		if (i == 1) { /* previous session */
			s->hit = 1;
		} else if (i == -1)
			goto err;
		else {
			/* i == 0 */
			if (!ssl_get_new_session(s, 1))
				goto err;
		}
	}

	p += j;

	if (SSL_IS_DTLS(s)) {
		/* cookie stuff */
		if (p - d + 1 > n)
			goto truncated;
		cookie_len = *(p++);

		/*
		 * The ClientHello may contain a cookie even if the
		 * HelloVerify message has not been sent--make sure that it
		 * does not cause an overflow.
		 */
		if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
			/* too much data */
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
			    SSL_R_COOKIE_MISMATCH);
			goto f_err;
		}

		if (p - d + cookie_len > n)
			goto truncated;

		/* verify the cookie if appropriate option is set. */
		if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
		    cookie_len > 0) {
			memcpy(s->d1->rcvd_cookie, p, cookie_len);

			if (s->ctx->app_verify_cookie_cb != NULL) {
				if (s->ctx->app_verify_cookie_cb(s,
				    s->d1->rcvd_cookie, cookie_len) == 0) {
					al = SSL_AD_HANDSHAKE_FAILURE;
					SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
					    SSL_R_COOKIE_MISMATCH);
					goto f_err;
				}
				/* else cookie verification succeeded */
			} else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
			    s->d1->cookie_len) != 0) {
				/* default verification */
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
				    SSL_R_COOKIE_MISMATCH);
				goto f_err;
			}

			ret = 2;
		}

		p += cookie_len;
	}

	if (p - d + 2 > n)
		goto truncated;
	n2s(p, i);
	if ((i == 0) && (j != 0)) {
		/* we need a cipher if we are not resuming a session */
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
		    SSL_R_NO_CIPHERS_SPECIFIED);
		goto f_err;
	}
	if (p - d + i > n)
		goto truncated;
	if (i > 0) {
		if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
			goto err;
	}
	p += i;

	/* If it is a hit, check that the cipher is in the list */
	if ((s->hit) && (i > 0)) {
		j = 0;
		id = s->session->cipher->id;

		for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
			c = sk_SSL_CIPHER_value(ciphers, i);
			if (c->id == id) {
				j = 1;
				break;
			}
		}
		if (j == 0) {
			/*
			 * We need to have the cipher in the cipher
			 * list if we are asked to reuse it
			 */
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
			    SSL_R_REQUIRED_CIPHER_MISSING);
			goto f_err;
		}
	}

	/* compression */
	if (p - d + 1 > n)
		goto truncated;
	i= *(p++);
	if (p - d + i > n)
		goto truncated;
	for (j = 0; j < i; j++) {
		if (p[j] == 0)
			break;
	}

	p += i;
	if (j >= i) {
		/* no compress */
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
		    SSL_R_NO_COMPRESSION_SPECIFIED);
		goto f_err;
	}

	/* TLS extensions*/
	if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
		/* 'al' set by ssl_parse_clienthello_tlsext */
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
		goto f_err;
	}
	if (ssl_check_clienthello_tlsext_early(s) <= 0) {
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
		    SSL_R_CLIENTHELLO_TLSEXT);
		goto err;
	}

	/*
	 * Check if we want to use external pre-shared secret for this
	 * handshake for not reused session only. We need to generate
	 * server_random before calling tls_session_secret_cb in order to allow
	 * SessionTicket processing to use it in key derivation.
	 */
	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);

	if (!s->hit && s->tls_session_secret_cb) {
		SSL_CIPHER *pref_cipher = NULL;

		s->session->master_key_length = sizeof(s->session->master_key);
		if (s->tls_session_secret_cb(s, s->session->master_key,
		    &s->session->master_key_length, ciphers, &pref_cipher,
		    s->tls_session_secret_cb_arg)) {
			s->hit = 1;
			s->session->ciphers = ciphers;
			s->session->verify_result = X509_V_OK;

			ciphers = NULL;

			/* check if some cipher was preferred by call back */
			pref_cipher = pref_cipher ? pref_cipher :
			    ssl3_choose_cipher(s, s->session->ciphers,
			    SSL_get_ciphers(s));
			if (pref_cipher == NULL) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
				    SSL_R_NO_SHARED_CIPHER);
				goto f_err;
			}

			s->session->cipher = pref_cipher;

			if (s->cipher_list)
				sk_SSL_CIPHER_free(s->cipher_list);

			if (s->cipher_list_by_id)
				sk_SSL_CIPHER_free(s->cipher_list_by_id);

			s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
			s->cipher_list_by_id =
			    sk_SSL_CIPHER_dup(s->session->ciphers);
		}
	}

	/*
	 * Given s->session->ciphers and SSL_get_ciphers, we must
	 * pick a cipher
	 */

	if (!s->hit) {
		if (s->session->ciphers != NULL)
			sk_SSL_CIPHER_free(s->session->ciphers);
		s->session->ciphers = ciphers;
		if (ciphers == NULL) {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
			    SSL_R_NO_CIPHERS_PASSED);
			goto f_err;
		}
		ciphers = NULL;
		c = ssl3_choose_cipher(s, s->session->ciphers,
		SSL_get_ciphers(s));

		if (c == NULL) {
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
			    SSL_R_NO_SHARED_CIPHER);
			goto f_err;
		}
		s->s3->tmp.new_cipher = c;
	} else {
		s->s3->tmp.new_cipher = s->session->cipher;
	}

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
	    !(s->verify_mode & SSL_VERIFY_PEER)) {
		if (!tls1_digest_cached_records(s)) {
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
	}

	/*
	 * We now have the following setup.
	 * client_random
	 * cipher_list 		- our prefered list of ciphers
	 * ciphers 		- the clients prefered list of ciphers
	 * compression		- basically ignored right now
	 * ssl version is set	- sslv3
	 * s->session		- The ssl session has been setup.
	 * s->hit		- session reuse flag
	 * s->tmp.new_cipher	- the new cipher to use.
	 */

	/* Handles TLS extensions that we couldn't check earlier */
	if (ssl_check_clienthello_tlsext_late(s) <= 0) {
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
		goto err;
	}

	if (ret < 0)
		ret = 1;
	if (0) {
truncated:
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
err:
	if (ciphers != NULL)
		sk_SSL_CIPHER_free(ciphers);
	return (ret);
}

int
ssl3_send_server_hello(SSL *s)
{
	unsigned char *bufend;
	unsigned char *p, *d;
	int sl;

	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
		d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);

		*(p++) = s->version >> 8;
		*(p++) = s->version & 0xff;

		/* Random stuff */
		memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
		p += SSL3_RANDOM_SIZE;

		/*
		 * There are several cases for the session ID to send
		 * back in the server hello:
		 *
		 * - For session reuse from the session cache,
		 *   we send back the old session ID.
		 * - If stateless session reuse (using a session ticket)
		 *   is successful, we send back the client's "session ID"
		 *   (which doesn't actually identify the session).
		 * - If it is a new session, we send back the new
		 *   session ID.
		 * - However, if we want the new session to be single-use,
		 *   we send back a 0-length session ID.
		 *
		 * s->hit is non-zero in either case of session reuse,
		 * so the following won't overwrite an ID that we're supposed
		 * to send back.
		 */
		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
		    && !s->hit)
			s->session->session_id_length = 0;

		sl = s->session->session_id_length;
		if (sl > (int)sizeof(s->session->session_id)) {
			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
			    ERR_R_INTERNAL_ERROR);
			return (-1);
		}
		*(p++) = sl;
		memcpy(p, s->session->session_id, sl);
		p += sl;

		/* put the cipher */
		s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p);

		/* put the compression method */
		*(p++) = 0;

		bufend = (unsigned char *)s->init_buf->data +
		    SSL3_RT_MAX_PLAIN_LENGTH;
		if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
			    ERR_R_INTERNAL_ERROR);
			return (-1);
		}

		ssl3_handshake_msg_finish(s, p - d);
	}

	/* SSL3_ST_SW_SRVR_HELLO_B */
	return (ssl3_handshake_write(s));
}

int
ssl3_send_server_done(SSL *s)
{
	if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
		ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
		ssl3_handshake_msg_finish(s, 0);

		s->state = SSL3_ST_SW_SRVR_DONE_B;
	}

	/* SSL3_ST_SW_SRVR_DONE_B */
	return (ssl3_handshake_write(s));
}

int
ssl3_send_server_key_exchange(SSL *s)
{
	unsigned char *q;
	int j, num;
	unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
	unsigned int u;
	DH *dh = NULL, *dhp;
	EC_KEY *ecdh = NULL, *ecdhp;
	unsigned char *encodedPoint = NULL;
	int encodedlen = 0;
	int curve_id = 0;
	BN_CTX *bn_ctx = NULL;

	EVP_PKEY *pkey;
	const EVP_MD *md = NULL;
	unsigned char *p, *d;
	int al, i;
	unsigned long type;
	int n;
	CERT *cert;
	BIGNUM *r[4];
	int nr[4], kn;
	BUF_MEM *buf;
	EVP_MD_CTX md_ctx;

	EVP_MD_CTX_init(&md_ctx);
	if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
		type = s->s3->tmp.new_cipher->algorithm_mkey;
		cert = s->cert;

		buf = s->init_buf;

		r[0] = r[1] = r[2] = r[3] = NULL;
		n = 0;
		if (type & SSL_kDHE) {
			if (s->cert->dh_tmp_auto != 0) {
				if ((dhp = ssl_get_auto_dh(s)) == NULL) {
					al = SSL_AD_INTERNAL_ERROR;
					SSLerr(
					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
					    ERR_R_INTERNAL_ERROR);
					goto f_err;
				}
			} else
				dhp = cert->dh_tmp;

			if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
				dhp = s->cert->dh_tmp_cb(s, 0,
				    SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));

			if (dhp == NULL) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    SSL_R_MISSING_TMP_DH_KEY);
				goto f_err;
			}

			if (s->s3->tmp.dh != NULL) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}

			if (s->cert->dh_tmp_auto != 0) {
				dh = dhp;
			} else if ((dh = DHparams_dup(dhp)) == NULL) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_DH_LIB);
				goto err;
			}
			s->s3->tmp.dh = dh;
			if (!DH_generate_key(dh)) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_DH_LIB);
				goto err;
			}
			r[0] = dh->p;
			r[1] = dh->g;
			r[2] = dh->pub_key;
		} else if (type & SSL_kECDHE) {
			const EC_GROUP *group;

			ecdhp = cert->ecdh_tmp;
			if (s->cert->ecdh_tmp_auto != 0) {
				int nid = tls1_get_shared_curve(s);
				if (nid != NID_undef)
					ecdhp = EC_KEY_new_by_curve_name(nid);
			} else if (ecdhp == NULL &&
			    s->cert->ecdh_tmp_cb != NULL) {
				ecdhp = s->cert->ecdh_tmp_cb(s, 0,
				    SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
			}
			if (ecdhp == NULL) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    SSL_R_MISSING_TMP_ECDH_KEY);
				goto f_err;
			}

			if (s->s3->tmp.ecdh != NULL) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_INTERNAL_ERROR);
				goto err;
			}

			/* Duplicate the ECDH structure. */
			if (s->cert->ecdh_tmp_auto != 0) {
				ecdh = ecdhp;
			} else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_ECDH_LIB);
				goto err;
			}
			s->s3->tmp.ecdh = ecdh;

			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
			    (EC_KEY_get0_private_key(ecdh) == NULL) ||
			    (s->options & SSL_OP_SINGLE_ECDH_USE)) {
				if (!EC_KEY_generate_key(ecdh)) {
					SSLerr(
					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
					    ERR_R_ECDH_LIB);
					goto err;
				}
			}

			if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
			    (EC_KEY_get0_public_key(ecdh)  == NULL) ||
			    (EC_KEY_get0_private_key(ecdh) == NULL)) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_ECDH_LIB);
				goto err;
			}

			/*
			 * XXX: For now, we only support ephemeral ECDH
			 * keys over named (not generic) curves. For
			 * supported named curves, curve_id is non-zero.
			 */
			if ((curve_id = tls1_ec_nid2curve_id(
			    EC_GROUP_get_curve_name(group))) == 0) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
				goto err;
			}

			/*
			 * Encode the public key.
			 * First check the size of encoding and
			 * allocate memory accordingly.
			 */
			encodedlen = EC_POINT_point2oct(group,
			    EC_KEY_get0_public_key(ecdh),
			    POINT_CONVERSION_UNCOMPRESSED,
			    NULL, 0, NULL);

			encodedPoint = malloc(encodedlen);

			bn_ctx = BN_CTX_new();
			if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}


			encodedlen = EC_POINT_point2oct(group,
			    EC_KEY_get0_public_key(ecdh),
			    POINT_CONVERSION_UNCOMPRESSED,
			    encodedPoint, encodedlen, bn_ctx);

			if (encodedlen == 0) {
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    ERR_R_ECDH_LIB);
				goto err;
			}

			BN_CTX_free(bn_ctx);
			bn_ctx = NULL;

			/*
			 * XXX: For now, we only support named (not
			 * generic) curves in ECDH ephemeral key exchanges.
			 * In this situation, we need four additional bytes
			 * to encode the entire ServerECDHParams
			 * structure.
			 */
			n = 4 + encodedlen;

			/*
			 * We'll generate the serverKeyExchange message
			 * explicitly so we can set these to NULLs
			 */
			r[0] = NULL;
			r[1] = NULL;
			r[2] = NULL;
			r[3] = NULL;
		} else
		{
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
			    SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
			goto f_err;
		}
		for (i = 0; i < 4 && r[i] != NULL; i++) {
			nr[i] = BN_num_bytes(r[i]);
			n += 2 + nr[i];
		}

		if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
			if ((pkey = ssl_get_sign_pkey(
			    s, s->s3->tmp.new_cipher, &md)) == NULL) {
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			kn = EVP_PKEY_size(pkey);
		} else {
			pkey = NULL;
			kn = 0;
		}

		if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
		    n + kn)) {
			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
			    ERR_LIB_BUF);
			goto err;
		}

		d = p = ssl3_handshake_msg_start(s,
		    SSL3_MT_SERVER_KEY_EXCHANGE);

		for (i = 0; i < 4 && r[i] != NULL; i++) {
			s2n(nr[i], p);
			BN_bn2bin(r[i], p);
			p += nr[i];
		}

		if (type & SSL_kECDHE) {
			/*
			 * XXX: For now, we only support named (not generic)
			 * curves.
			 * In this situation, the serverKeyExchange message has:
			 * [1 byte CurveType], [2 byte CurveName]
			 * [1 byte length of encoded point], followed by
			 * the actual encoded point itself
			 */
			*p = NAMED_CURVE_TYPE;
			p += 1;
			*p = 0;
			p += 1;
			*p = curve_id;
			p += 1;
			*p = encodedlen;
			p += 1;
			memcpy((unsigned char*)p,
			    (unsigned char *)encodedPoint, encodedlen);
			free(encodedPoint);
			encodedPoint = NULL;
			p += encodedlen;
		}


		/* not anonymous */
		if (pkey != NULL) {
			/*
			 * n is the length of the params, they start at &(d[4])
			 * and p points to the space at the end.
			 */
			if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
				q = md_buf;
				j = 0;
				for (num = 2; num > 0; num--) {
					if (!EVP_DigestInit_ex(&md_ctx,
					    (num == 2) ? s->ctx->md5 :
					    s->ctx->sha1, NULL))
						goto err;
					EVP_DigestUpdate(&md_ctx,
					    s->s3->client_random,
					    SSL3_RANDOM_SIZE);
					EVP_DigestUpdate(&md_ctx,
					    s->s3->server_random,
					    SSL3_RANDOM_SIZE);
					EVP_DigestUpdate(&md_ctx, d, n);
					EVP_DigestFinal_ex(&md_ctx, q,
					    (unsigned int *)&i);
					q += i;
					j += i;
				}
				if (RSA_sign(NID_md5_sha1, md_buf, j,
				    &(p[2]), &u, pkey->pkey.rsa) <= 0) {
					SSLerr(
					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
					    ERR_LIB_RSA);
					goto err;
				}
				s2n(u, p);
				n += u + 2;
			} else if (md) {
				/* Send signature algorithm. */
				if (SSL_USE_SIGALGS(s)) {
					if (!tls12_get_sigandhash(p, pkey, md)) {
						/* Should never happen */
						al = SSL_AD_INTERNAL_ERROR;
						SSLerr(
						    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
						    ERR_R_INTERNAL_ERROR);
						goto f_err;
					}
					p += 2;
				}
				EVP_SignInit_ex(&md_ctx, md, NULL);
				EVP_SignUpdate(&md_ctx,
				    s->s3->client_random,
				    SSL3_RANDOM_SIZE);
				EVP_SignUpdate(&md_ctx,
				    s->s3->server_random,
				    SSL3_RANDOM_SIZE);
				EVP_SignUpdate(&md_ctx, d, n);
				if (!EVP_SignFinal(&md_ctx, &p[2],
					(unsigned int *)&i, pkey)) {
					SSLerr(
					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
					    ERR_LIB_EVP);
					goto err;
				}
				s2n(i, p);
				n += i + 2;
				if (SSL_USE_SIGALGS(s))
					n += 2;
			} else {
				/* Is this error check actually needed? */
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
				    SSL_R_UNKNOWN_PKEY_TYPE);
				goto f_err;
			}
		}

		ssl3_handshake_msg_finish(s, n);
	}

	s->state = SSL3_ST_SW_KEY_EXCH_B;
	EVP_MD_CTX_cleanup(&md_ctx);

	return (ssl3_handshake_write(s));
	
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	free(encodedPoint);
	BN_CTX_free(bn_ctx);
	EVP_MD_CTX_cleanup(&md_ctx);
	return (-1);
}

int
ssl3_send_certificate_request(SSL *s)
{
	unsigned char *p, *d;
	int i, j, nl, off, n;
	STACK_OF(X509_NAME) *sk = NULL;
	X509_NAME *name;
	BUF_MEM *buf;

	if (s->state == SSL3_ST_SW_CERT_REQ_A) {
		buf = s->init_buf;

		d = p = ssl3_handshake_msg_start(s,
		    SSL3_MT_CERTIFICATE_REQUEST);

		/* get the list of acceptable cert types */
		p++;
		n = ssl3_get_req_cert_type(s, p);
		d[0] = n;
		p += n;
		n++;

		if (SSL_USE_SIGALGS(s)) {
			nl = tls12_get_req_sig_algs(s, p + 2);
			s2n(nl, p);
			p += nl + 2;
			n += nl + 2;
		}

		off = n;
		p += 2;
		n += 2;

		sk = SSL_get_client_CA_list(s);
		nl = 0;
		if (sk != NULL) {
			for (i = 0; i < sk_X509_NAME_num(sk); i++) {
				name = sk_X509_NAME_value(sk, i);
				j = i2d_X509_NAME(name, NULL);
				if (!BUF_MEM_grow_clean(buf,
				    ssl3_handshake_msg_hdr_len(s) + n + j
				    + 2)) {
					SSLerr(
					    SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
					    ERR_R_BUF_LIB);
					goto err;
				}
				p = ssl3_handshake_msg_start(s,
				    SSL3_MT_CERTIFICATE_REQUEST) + n;
				s2n(j, p);
				i2d_X509_NAME(name, &p);
				n += 2 + j;
				nl += 2 + j;
			}
		}
		/* else no CA names */
		p = ssl3_handshake_msg_start(s,
		    SSL3_MT_CERTIFICATE_REQUEST) + off;
		s2n(nl, p);

		ssl3_handshake_msg_finish(s, n);

		s->state = SSL3_ST_SW_CERT_REQ_B;
	}

	/* SSL3_ST_SW_CERT_REQ_B */
	return (ssl3_handshake_write(s));
err:
	return (-1);
}

int
ssl3_get_client_key_exchange(SSL *s)
{
	int i, al, ok;
	long n;
	unsigned long alg_k;
	unsigned char *d, *p;
	RSA *rsa = NULL;
	EVP_PKEY *pkey = NULL;
	BIGNUM *pub = NULL;
	DH *dh_srvr;

	EC_KEY *srvr_ecdh = NULL;
	EVP_PKEY *clnt_pub_pkey = NULL;
	EC_POINT *clnt_ecpoint = NULL;
	BN_CTX *bn_ctx = NULL;

	/* 2048 maxlen is a guess.  How long a key does that permit? */
	n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
	    SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
	if (!ok)
		return ((int)n);
	d = p = (unsigned char *)s->init_msg;

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

	if (alg_k & SSL_kRSA) {
		char fakekey[SSL_MAX_MASTER_KEY_LENGTH];

		arc4random_buf(fakekey, sizeof(fakekey));
		fakekey[0] = s->client_version >> 8;
		fakekey[1] = s->client_version & 0xff;

		pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
		if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
		    (pkey->pkey.rsa == NULL)) {
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_MISSING_RSA_CERTIFICATE);
			goto f_err;
		}
		rsa = pkey->pkey.rsa;

		if (2 > n)
			goto truncated;
		n2s(p, i);
		if (n != i + 2) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
			goto err;
		} else
			n = i;

		i = RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);

		ERR_clear_error();

		al = -1;

		if (i != SSL_MAX_MASTER_KEY_LENGTH) {
			al = SSL_AD_DECODE_ERROR;
			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
		}

		if (p - d + 2 > n)	/* needed in the SSL3 case */
			goto truncated;
		if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
		    (p[1] == (s->client_version & 0xff)))) {
			/*
			 * The premaster secret must contain the same version
			 * number as the ClientHello to detect version rollback
			 * attacks (strangely, the protocol does not offer such
			 * protection for DH ciphersuites).
			 * However, buggy clients exist that send the negotiated
			 * protocol version instead if the server does not
			 * support the requested protocol version.
			 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
			 * clients.
			 */
			if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
			    (p[0] == (s->version >> 8)) &&
			    (p[1] == (s->version & 0xff)))) {
				al = SSL_AD_DECODE_ERROR;
				/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */

				/*
				 * The Klima-Pokorny-Rosa extension of
				 * Bleichenbacher's attack
				 * (http://eprint.iacr.org/2003/052/) exploits
				 * the version number check as a "bad version
				 * oracle" -- an alert would reveal that the
				 * plaintext corresponding to some ciphertext
				 * made up by the adversary is properly
				 * formatted except that the version number is
				 * wrong.
				 * To avoid such attacks, we should treat this
				 * just like any other decryption error.
				 */
			}
		}

		if (al != -1) {
			/*
			 * Some decryption failure -- use random value instead
			 * as countermeasure against Bleichenbacher's attack
			 * on PKCS #1 v1.5 RSA padding (see RFC 2246,
			 * section 7.4.7.1).
			 */
			i = SSL_MAX_MASTER_KEY_LENGTH;
			p = fakekey;
		}

		s->session->master_key_length =
		    s->method->ssl3_enc->generate_master_secret(s,
		    s->session->master_key,
		    p, i);
		explicit_bzero(p, i);
	} else if (alg_k & SSL_kDHE) {
		if (2 > n)
			goto truncated;
		n2s(p, i);
		if (n != i + 2) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
			goto err;
		}

		if (n == 0L) {
			/* the parameters are in the cert */
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_UNABLE_TO_DECODE_DH_CERTS);
			goto f_err;
		} else {
			if (s->s3->tmp.dh == NULL) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    SSL_R_MISSING_TMP_DH_KEY);
				goto f_err;
			} else
				dh_srvr = s->s3->tmp.dh;
		}

		pub = BN_bin2bn(p, i, NULL);
		if (pub == NULL) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_BN_LIB);
			goto err;
		}

		i = DH_compute_key(p, pub, dh_srvr);

		if (i <= 0) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    ERR_R_DH_LIB);
			BN_clear_free(pub);
			goto err;
		}

		DH_free(s->s3->tmp.dh);
		s->s3->tmp.dh = NULL;

		BN_clear_free(pub);
		pub = NULL;
		s->session->master_key_length =
		    s->method->ssl3_enc->generate_master_secret(
		        s, s->session->master_key, p, i);
		explicit_bzero(p, i);
	} else

	if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
		int ret = 1;
		int key_size;
		const EC_KEY   *tkey;
		const EC_GROUP *group;
		const BIGNUM *priv_key;

		/* Initialize structures for server's ECDH key pair. */
		if ((srvr_ecdh = EC_KEY_new()) == NULL) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}

		/* Let's get server private key and group information. */
		if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
			/* Use the certificate */
			tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
		} else {
			/*
			 * Use the ephermeral values we saved when
			 * generating the ServerKeyExchange msg.
			 */
			tkey = s->s3->tmp.ecdh;
		}

		group = EC_KEY_get0_group(tkey);
		priv_key = EC_KEY_get0_private_key(tkey);

		if (!EC_KEY_set_group(srvr_ecdh, group) ||
		    !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    ERR_R_EC_LIB);
			goto err;
		}

		/* Let's get client's public key */
		if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (n == 0L) {
			/* Client Publickey was in Client Certificate */

			if (alg_k & SSL_kECDHE) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    SSL_R_MISSING_TMP_ECDH_KEY);
				goto f_err;
			}
			if (((clnt_pub_pkey = X509_get_pubkey(
			    s->session->peer)) == NULL) ||
			    (clnt_pub_pkey->type != EVP_PKEY_EC)) {
				/*
				 * XXX: For now, we do not support client
				 * authentication using ECDH certificates
				 * so this branch (n == 0L) of the code is
				 * never executed. When that support is
				 * added, we ought to ensure the key
				 * received in the certificate is
				 * authorized for key agreement.
				 * ECDH_compute_key implicitly checks that
				 * the two ECDH shares are for the same
				 * group.
				 */
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
				goto f_err;
			}

			if (EC_POINT_copy(clnt_ecpoint,
			    EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
			    == 0) {
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    ERR_R_EC_LIB);
				goto err;
			}
			ret = 2; /* Skip certificate verify processing */
		} else {
			/*
			 * Get client's public key from encoded point
			 * in the ClientKeyExchange message.
			 */
			if ((bn_ctx = BN_CTX_new()) == NULL) {
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}

			/* Get encoded point length */
			i = *p;

			p += 1;
			if (n != 1 + i) {
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    ERR_R_EC_LIB);
				goto err;
			}
			if (EC_POINT_oct2point(group,
				clnt_ecpoint, p, i, bn_ctx) == 0) {
				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
				    ERR_R_EC_LIB);
				goto err;
			}
			/*
			 * p is pointing to somewhere in the buffer
			 * currently, so set it to the start.
			 */
			p = (unsigned char *)s->init_buf->data;
		}

		/* Compute the shared pre-master secret */
		key_size = ECDH_size(srvr_ecdh);
		if (key_size <= 0) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    ERR_R_ECDH_LIB);
			goto err;
		}
		i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,
		    NULL);
		if (i <= 0) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    ERR_R_ECDH_LIB);
			goto err;
		}

		EVP_PKEY_free(clnt_pub_pkey);
		EC_POINT_free(clnt_ecpoint);
		EC_KEY_free(srvr_ecdh);
		BN_CTX_free(bn_ctx);
		EC_KEY_free(s->s3->tmp.ecdh);
		s->s3->tmp.ecdh = NULL;


		/* Compute the master secret */
		s->session->master_key_length = s->method->ssl3_enc-> \
		    generate_master_secret(s, s->session->master_key, p, i);

		explicit_bzero(p, i);
		return (ret);
	} else
	if (alg_k & SSL_kGOST) {
		int ret = 0;
		EVP_PKEY_CTX *pkey_ctx;
		EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
		unsigned char premaster_secret[32], *start;
		size_t outlen = 32, inlen;
		unsigned long alg_a;
		int Ttag, Tclass;
		long Tlen;

		/* Get our certificate private key*/
		alg_a = s->s3->tmp.new_cipher->algorithm_auth;
		if (alg_a & SSL_aGOST01)
			pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;

		pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
		EVP_PKEY_decrypt_init(pkey_ctx);
		/*
		 * If client certificate is present and is of the same type,
		 * maybe use it for key exchange.
		 * Don't mind errors from EVP_PKEY_derive_set_peer, because
		 * it is completely valid to use a client certificate for
		 * authorization only.
		 */
		client_pub_pkey = X509_get_pubkey(s->session->peer);
		if (client_pub_pkey) {
			if (EVP_PKEY_derive_set_peer(pkey_ctx,
			    client_pub_pkey) <= 0)
				ERR_clear_error();
		}
		if (2 > n)
			goto truncated;
		/* Decrypt session key */
		if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
		    &Tclass, n) != V_ASN1_CONSTRUCTED ||
		    Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_DECRYPTION_FAILED);
			goto gerr;
		}
		start = p;
		inlen = Tlen;
		if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
		    start, inlen) <=0) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
			    SSL_R_DECRYPTION_FAILED);
			goto gerr;
		}
		/* Generate master secret */
		s->session->master_key_length =
		    s->method->ssl3_enc->generate_master_secret(
		    s, s->session->master_key, premaster_secret, 32);
		/* Check if pubkey from client certificate was used */
		if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
		    EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
			ret = 2;
		else
			ret = 1;
gerr:
		EVP_PKEY_free(client_pub_pkey);
		EVP_PKEY_CTX_free(pkey_ctx);
		if (ret)
			return (ret);
		else
			goto err;
	} else {
		al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		    SSL_R_UNKNOWN_CIPHER_TYPE);
		goto f_err;
	}

	return (1);
truncated:
	al = SSL_AD_DECODE_ERROR;
	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	EVP_PKEY_free(clnt_pub_pkey);
	EC_POINT_free(clnt_ecpoint);
	EC_KEY_free(srvr_ecdh);
	BN_CTX_free(bn_ctx);
	return (-1);
}

int
ssl3_get_cert_verify(SSL *s)
{
	EVP_PKEY *pkey = NULL;
	unsigned char *p;
	int al, ok, ret = 0;
	long n;
	int type = 0, i, j;
	X509 *peer;
	const EVP_MD *md = NULL;
	EVP_MD_CTX mctx;
	EVP_MD_CTX_init(&mctx);

	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
	    SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
	if (!ok)
		return ((int)n);

	if (s->session->peer != NULL) {
		peer = s->session->peer;
		pkey = X509_get_pubkey(peer);
		type = X509_certificate_type(peer, pkey);
	} else {
		peer = NULL;
		pkey = NULL;
	}

	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
		s->s3->tmp.reuse_message = 1;
		if (peer != NULL) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_MISSING_VERIFY_MESSAGE);
			goto f_err;
		}
		ret = 1;
		goto end;
	}

	if (peer == NULL) {
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		    SSL_R_NO_CLIENT_CERT_RECEIVED);
		al = SSL_AD_UNEXPECTED_MESSAGE;
		goto f_err;
	}

	if (!(type & EVP_PKT_SIGN)) {
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		    SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
		al = SSL_AD_ILLEGAL_PARAMETER;
		goto f_err;
	}

	if (s->s3->change_cipher_spec) {
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		    SSL_R_CCS_RECEIVED_EARLY);
		al = SSL_AD_UNEXPECTED_MESSAGE;
		goto f_err;
	}

	/* we now have a signature that we need to verify */
	p = (unsigned char *)s->init_msg;
	/*
	 * Check for broken implementations of GOST ciphersuites.
	 *
	 * If key is GOST and n is exactly 64, it is a bare
	 * signature without length field.
	 */
	if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
	    pkey->type == NID_id_GostR3410_2001) ) {
		i = 64;
	} else {
		if (SSL_USE_SIGALGS(s)) {
			int sigalg = tls12_get_sigid(pkey);
			/* Should never happen */
			if (sigalg == -1) {
				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
				    ERR_R_INTERNAL_ERROR);
				al = SSL_AD_INTERNAL_ERROR;
				goto f_err;
			}
			if (2 > n)
				goto truncated;
			/* Check key type is consistent with signature */
			if (sigalg != (int)p[1]) {
				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
				    SSL_R_WRONG_SIGNATURE_TYPE);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			md = tls12_get_hash(p[0]);
			if (md == NULL) {
				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
				    SSL_R_UNKNOWN_DIGEST);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			p += 2;
			n -= 2;
		}
		if (2 > n)
			goto truncated;
		n2s(p, i);
		n -= 2;
		if (i > n)
			goto truncated;
	}
	j = EVP_PKEY_size(pkey);
	if ((i > j) || (n > j) || (n <= 0)) {
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		    SSL_R_WRONG_SIGNATURE_SIZE);
		al = SSL_AD_DECODE_ERROR;
		goto f_err;
	}

	if (SSL_USE_SIGALGS(s)) {
		long hdatalen = 0;
		void *hdata;
		hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
		if (hdatalen <= 0) {
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    ERR_R_INTERNAL_ERROR);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
		    !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}

		if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_BAD_SIGNATURE);
			goto f_err;
		}
	} else
	if (pkey->type == EVP_PKEY_RSA) {
		i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
		    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
		    pkey->pkey.rsa);
		if (i < 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_BAD_RSA_DECRYPT);
			goto f_err;
		}
		if (i == 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_BAD_RSA_SIGNATURE);
			goto f_err;
		}
	} else
	if (pkey->type == EVP_PKEY_DSA) {
		j = DSA_verify(pkey->save_type,
		    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
		    SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
		if (j <= 0) {
			/* bad signature */
			al = SSL_AD_DECRYPT_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_BAD_DSA_SIGNATURE);
			goto f_err;
		}
	} else
	if (pkey->type == EVP_PKEY_EC) {
		j = ECDSA_verify(pkey->save_type,
		    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
		    SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
		if (j <= 0) {
			/* bad signature */
			al = SSL_AD_DECRYPT_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_BAD_ECDSA_SIGNATURE);
			goto f_err;
		}
	} else
#ifndef OPENSSL_NO_GOST
	if (pkey->type == NID_id_GostR3410_94 ||
	    pkey->type == NID_id_GostR3410_2001) {
		long hdatalen = 0;
		void *hdata;
		unsigned char signature[128];
		unsigned int siglen = sizeof(signature);
		int nid;
		EVP_PKEY_CTX *pctx;

		hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
		if (hdatalen <= 0) {
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    ERR_R_INTERNAL_ERROR);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
				!(md = EVP_get_digestbynid(nid))) {
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
					ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		pctx = EVP_PKEY_CTX_new(pkey, NULL);
		if (!pctx) {
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
		    !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
		    !EVP_DigestFinal(&mctx, signature, &siglen) ||
		    (EVP_PKEY_verify_init(pctx) <= 0) ||
		    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
		    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
				       EVP_PKEY_CTRL_GOST_SIG_FORMAT,
				       GOST_SIG_FORMAT_RS_LE,
				       NULL) <= 0)) {
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			EVP_PKEY_CTX_free(pctx);
			goto f_err;
		}

		if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
			    SSL_R_BAD_SIGNATURE);
			EVP_PKEY_CTX_free(pctx);
			goto f_err;
		}

		EVP_PKEY_CTX_free(pctx);
	} else
#endif
	{
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		    ERR_R_INTERNAL_ERROR);
		al = SSL_AD_UNSUPPORTED_CERTIFICATE;
		goto f_err;
	}


	ret = 1;
	if (0) {
truncated:
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
end:
	if (s->s3->handshake_buffer) {
		BIO_free(s->s3->handshake_buffer);
		s->s3->handshake_buffer = NULL;
		s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
	}
	EVP_MD_CTX_cleanup(&mctx);
	EVP_PKEY_free(pkey);
	return (ret);
}

int
ssl3_get_client_certificate(SSL *s)
{
	CBS cbs, client_certs;
	int i, ok, al, ret = -1;
	X509 *x = NULL;
	long n;
	const unsigned char *q;
	STACK_OF(X509) *sk = NULL;

	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
	    -1, s->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
		if ((s->verify_mode & SSL_VERIFY_PEER) &&
		    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
		    	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
			al = SSL_AD_HANDSHAKE_FAILURE;
			goto f_err;
		}
		/*
		 * If tls asked for a client cert,
		 * the client must return a 0 list.
		 */
		if (s->s3->tmp.cert_request) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
			    );
			al = SSL_AD_UNEXPECTED_MESSAGE;
			goto f_err;
		}
		s->s3->tmp.reuse_message = 1;
		return (1);
	}

	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
		    SSL_R_WRONG_MESSAGE_TYPE);
		goto f_err;
	}

	if (n < 0)
		goto truncated;

	CBS_init(&cbs, s->init_msg, n);

	if ((sk = sk_X509_new_null()) == NULL) {
		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
	    CBS_len(&cbs) != 0)
		goto truncated;

	while (CBS_len(&client_certs) > 0) {
		CBS cert;

		if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}

		q = CBS_data(&cert);
		x = d2i_X509(NULL, &q, CBS_len(&cert));
		if (x == NULL) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    ERR_R_ASN1_LIB);
			goto err;
		}
		if (q != CBS_data(&cert) + CBS_len(&cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}
		if (!sk_X509_push(sk, x)) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
		x = NULL;
	}

	if (sk_X509_num(sk) <= 0) {
		/*
		 * TLS does not mind 0 certs returned.
		 * Fail for TLS only if we required a certificate.
		 */
		if ((s->verify_mode & SSL_VERIFY_PEER) &&
		    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
			al = SSL_AD_HANDSHAKE_FAILURE;
			goto f_err;
		}
		/* No client certificate so digest cached records */
		if (s->s3->handshake_buffer && !tls1_digest_cached_records(s)) {
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
	} else {
		i = ssl_verify_cert_chain(s, sk);
		if (i <= 0) {
			al = ssl_verify_alarm_type(s->verify_result);
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    SSL_R_NO_CERTIFICATE_RETURNED);
			goto f_err;
		}
	}

	X509_free(s->session->peer);
	s->session->peer = sk_X509_shift(sk);
	s->session->verify_result = s->verify_result;

	/*
	 * With the current implementation, sess_cert will always be NULL
	 * when we arrive here
	 */
	if (s->session->sess_cert == NULL) {
		s->session->sess_cert = ssl_sess_cert_new();
		if (s->session->sess_cert == NULL) {
			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
			    ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	if (s->session->sess_cert->cert_chain != NULL)
		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
	s->session->sess_cert->cert_chain = sk;

	/*
	 * Inconsistency alert: cert_chain does *not* include the
	 * peer's own certificate, while we do include it in s3_clnt.c
	 */

	sk = NULL;

	ret = 1;
	if (0) {
truncated:
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
		    SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
err:
	X509_free(x);
	if (sk != NULL)
		sk_X509_pop_free(sk, X509_free);
	return (ret);
}

int
ssl3_send_server_certificate(SSL *s)
{
	unsigned long l;
	X509 *x;

	if (s->state == SSL3_ST_SW_CERT_A) {
		x = ssl_get_server_send_cert(s);
		if (x == NULL) {
			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
			    ERR_R_INTERNAL_ERROR);
			return (0);
		}

		l = ssl3_output_cert_chain(s, x);
		s->state = SSL3_ST_SW_CERT_B;
		s->init_num = (int)l;
		s->init_off = 0;
	}

	/* SSL3_ST_SW_CERT_B */
	return (ssl3_handshake_write(s));
}

/* send a new session ticket (not necessarily for a new session) */
int
ssl3_send_newsession_ticket(SSL *s)
{
	if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
		unsigned char *d, *p, *senc, *macstart;
		const unsigned char *const_p;
		int len, slen_full, slen;
		SSL_SESSION *sess;
		unsigned int hlen;
		EVP_CIPHER_CTX ctx;
		HMAC_CTX hctx;
		SSL_CTX *tctx = s->initial_ctx;
		unsigned char iv[EVP_MAX_IV_LENGTH];
		unsigned char key_name[16];

		/* get session encoding length */
		slen_full = i2d_SSL_SESSION(s->session, NULL);
		/*
		 * Some length values are 16 bits, so forget it if session is
 		 * too long
 		 */
		if (slen_full > 0xFF00)
			return (-1);
		senc = malloc(slen_full);
		if (!senc)
			return (-1);
		p = senc;
		i2d_SSL_SESSION(s->session, &p);

		/*
		 * Create a fresh copy (not shared with other threads) to
		 * clean up
		 */
		const_p = senc;
		sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
		if (sess == NULL) {
			free(senc);
			return (-1);
		}

		/* ID is irrelevant for the ticket */
		sess->session_id_length = 0;

		slen = i2d_SSL_SESSION(sess, NULL);
		if (slen > slen_full) {
			/* shouldn't ever happen */
			free(senc);
			return (-1);
		}
		p = senc;
		i2d_SSL_SESSION(sess, &p);
		SSL_SESSION_free(sess);

		/*
		 * Grow buffer if need be: the length calculation is as
 		 * follows 1 (size of message name) + 3 (message length
 		 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
 		 * 16 (key name) + max_iv_len (iv length) +
 		 * session_length + max_enc_block_size (max encrypted session
 		 * length) + max_md_size (HMAC).
 		 */
		if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) +
		    22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
		    EVP_MAX_MD_SIZE + slen)) {
			free(senc);
			return (-1);
		}

		d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEWSESSION_TICKET);

		EVP_CIPHER_CTX_init(&ctx);
		HMAC_CTX_init(&hctx);

		/*
		 * Initialize HMAC and cipher contexts. If callback present
		 * it does all the work otherwise use generated values
		 * from parent ctx.
		 */
		if (tctx->tlsext_ticket_key_cb) {
			if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
			    &hctx, 1) < 0) {
				free(senc);
				EVP_CIPHER_CTX_cleanup(&ctx);
				return (-1);
			}
		} else {
			arc4random_buf(iv, 16);
			EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
			    tctx->tlsext_tick_aes_key, iv);
			HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
			    tlsext_tick_md(), NULL);
			memcpy(key_name, tctx->tlsext_tick_key_name, 16);
		}

		/*
		 * Ticket lifetime hint (advisory only):
		 * We leave this unspecified for resumed session
		 * (for simplicity), and guess that tickets for new
		 * sessions will live as long as their sessions.
		 */
		l2n(s->hit ? 0 : s->session->timeout, p);

		/* Skip ticket length for now */
		p += 2;
		/* Output key name */
		macstart = p;
		memcpy(p, key_name, 16);
		p += 16;
		/* output IV */
		memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
		p += EVP_CIPHER_CTX_iv_length(&ctx);
		/* Encrypt session data */
		EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
		p += len;
		EVP_EncryptFinal_ex(&ctx, p, &len);
		p += len;
		EVP_CIPHER_CTX_cleanup(&ctx);

		HMAC_Update(&hctx, macstart, p - macstart);
		HMAC_Final(&hctx, p, &hlen);
		HMAC_CTX_cleanup(&hctx);
		p += hlen;

		/* Now write out lengths: p points to end of data written */
		/* Total length */
		len = p - d;

		/* Skip ticket lifetime hint. */
		p = d + 4;
		s2n(len - 6, p); /* Message length */

		ssl3_handshake_msg_finish(s, len);

		s->state = SSL3_ST_SW_SESSION_TICKET_B;

		free(senc);
	}

	/* SSL3_ST_SW_SESSION_TICKET_B */
	return (ssl3_handshake_write(s));
}

int
ssl3_send_cert_status(SSL *s)
{
	unsigned char *p;

	if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
		/*
		 * Grow buffer if need be: the length calculation is as
 		 * follows 1 (message type) + 3 (message length) +
 		 * 1 (ocsp response type) + 3 (ocsp response length)
 		 * + (ocsp response)
 		 */
		if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
		    s->tlsext_ocsp_resplen))
			return (-1);

		p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);

		*(p++) = s->tlsext_status_type;
		l2n3(s->tlsext_ocsp_resplen, p);
		memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);

		ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4);

		s->state = SSL3_ST_SW_CERT_STATUS_B;
	}

	/* SSL3_ST_SW_CERT_STATUS_B */
	return (ssl3_handshake_write(s));
}

/*
 * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
 * It sets the next_proto member in s if found
 */
int
ssl3_get_next_proto(SSL *s)
{
	CBS cbs, proto, padding;
	int ok;
	long n;
	size_t len;

	/*
	 * Clients cannot send a NextProtocol message if we didn't see the
	 * extension in their ClientHello
	 */
	if (!s->s3->next_proto_neg_seen) {
		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
		    SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
		return (-1);
	}

	/* 514 maxlen is enough for the payload format below */
	n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
	    SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
	if (!ok)
		return ((int)n);

	/*
	 * s->state doesn't reflect whether ChangeCipherSpec has been received
	 * in this handshake, but s->s3->change_cipher_spec does (will be reset
	 * by ssl3_get_finished).
	 */
	if (!s->s3->change_cipher_spec) {
		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
		    SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
		return (-1);
	}

	if (n < 2)
		return (0);
	/* The body must be > 1 bytes long */

	CBS_init(&cbs, s->init_msg, s->init_num);

	/*
	 * The payload looks like:
	 *   uint8 proto_len;
	 *   uint8 proto[proto_len];
	 *   uint8 padding_len;
	 *   uint8 padding[padding_len];
	 */
	if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
	    !CBS_get_u8_length_prefixed(&cbs, &padding) ||
	    CBS_len(&cbs) != 0)
		return 0;

	/*
	 * XXX We should not NULL it, but this matches old behavior of not
	 * freeing before malloc.
	 */
	s->next_proto_negotiated = NULL;
	s->next_proto_negotiated_len = 0;

	if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) {
		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
		    ERR_R_MALLOC_FAILURE);
		return (0);
	}
	s->next_proto_negotiated_len = (uint8_t)len;

	return (1);
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Changes to jni/libressl/ssl/srtp.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: srtp.h,v 1.5 2014/12/14 15:30:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
Added jni/libressl/ssl/ssl.sym.










































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
SSLv23_client_method
SSLv23_method
SSLv23_server_method
TLS_client_method
TLS_method
TLS_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
d2i_SSL_SESSION
i2d_SSL_SESSION
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_by_id
SSL_CIPHER_get_by_value
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_value
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_load_verify_mem
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_groups
SSL_CTX_set1_groups_list
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_chain_mem
SSL_CTX_use_certificate_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_groups
SSL_set1_groups_list
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_version_str
SSL_want
SSL_write
Changes to jni/libressl/ssl/ssl_algs.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_algs.c,v 1.21 2014/11/18 05:33:43 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_algs.c,v 1.24 2017/03/01 14:01:24 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
SSL_library_init(void)
{

#ifndef OPENSSL_NO_DES
	EVP_add_cipher(EVP_des_cbc());
	EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
	EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
	EVP_add_cipher(EVP_rc4());
#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
	EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif
#ifndef OPENSSL_NO_RC2







<
<
<







67
68
69
70
71
72
73



74
75
76
77
78
79
80
SSL_library_init(void)
{

#ifndef OPENSSL_NO_DES
	EVP_add_cipher(EVP_des_cbc());
	EVP_add_cipher(EVP_des_ede3_cbc());
#endif



#ifndef OPENSSL_NO_RC4
	EVP_add_cipher(EVP_rc4());
#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
	EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif
#ifndef OPENSSL_NO_RC2
100
101
102
103
104
105
106

107
108

109
110
111
112
113
114
115
#endif
#ifndef OPENSSL_NO_GOST
	EVP_add_cipher(EVP_gost2814789_cfb64());
	EVP_add_cipher(EVP_gost2814789_cnt());
#endif

	EVP_add_digest(EVP_md5());

	EVP_add_digest_alias(SN_md5, "ssl2-md5");
	EVP_add_digest_alias(SN_md5, "ssl3-md5");

	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
	EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
	EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
	EVP_add_digest(EVP_sha224());
	EVP_add_digest(EVP_sha256());
	EVP_add_digest(EVP_sha384());
	EVP_add_digest(EVP_sha512());







>


>







97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#endif
#ifndef OPENSSL_NO_GOST
	EVP_add_cipher(EVP_gost2814789_cfb64());
	EVP_add_cipher(EVP_gost2814789_cnt());
#endif

	EVP_add_digest(EVP_md5());
	EVP_add_digest(EVP_md5_sha1());
	EVP_add_digest_alias(SN_md5, "ssl2-md5");
	EVP_add_digest_alias(SN_md5, "ssl3-md5");

	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
	EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
	EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
	EVP_add_digest(EVP_sha224());
	EVP_add_digest(EVP_sha256());
	EVP_add_digest(EVP_sha384());
	EVP_add_digest(EVP_sha512());
Changes to jni/libressl/ssl/ssl_asn1.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

16
17
18
19
20
21
22

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

57
58
59

60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

78

79
80
81
82
83
84


85
86
87
88
89
90
91
92
93
94
95
96


97


98
99
100
101
102
103
104
105
106

107
108

109
110
111
112
113

114
115
116
117
118
119
120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135

136
137

138

139

140

141
142
143
144

145



146
147

148
149
150

151

152
153
154
155
156
157
158
159
160
161
162
163
164
165

166
167
168
169
170
171
172
173
174
175
176
177
178



179



180
181
182
183









184
185
186
187

188
189


190

191
192
193
194
195

196
197
198
199
200
201
202
203
204
205
206
207
208
209
210




211
212

213
214
215
216
217
218
219


220

221

222
223
224

225
226


227


228


229
230
231
232




233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

250
251
252

253
254
255


256
257
258
259
260
261
262
263





264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326

327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378

379
380
381
382
383
384
385

386
387
388
389
390
391
392
393
394
395
396

397
398
399
400
401
402
403
404
405
406
407
408
409

410
411
412
413
414
415
416

417
418
419
420
421
422
423
424
425
426
427
428

429
430


431
432
433
434
435
436
437
438
439
440

441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484



485
486
487
488
489
490
491
492
493

494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510

511

512
513
514
515
516
517

518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535

536

537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567

568
569
570
571
572
573
574
575
576
577
578
579
580
581
582


583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601

602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620

621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650

651
652
653
654
655
656
657
658
659
660
661


662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686

687
688
689
690
691
/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *

 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *

 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]

 */

#include <stdio.h>

#include <stdlib.h>


#include "ssl_locl.h"

#include <openssl/objects.h>
#include <openssl/x509.h>

/* XXX - these are here to avoid including asn1_mac.h */
int asn1_GetSequence(ASN1_const_CTX *c, long *length);
void asn1_add_error(const unsigned char *address, int offset);

typedef struct ssl_session_asn1_st {
	ASN1_INTEGER version;
	ASN1_INTEGER ssl_version;
	ASN1_OCTET_STRING cipher;
	ASN1_OCTET_STRING master_key;
	ASN1_OCTET_STRING session_id;
	ASN1_OCTET_STRING session_id_context;

	ASN1_INTEGER time;

	ASN1_INTEGER timeout;
	ASN1_INTEGER verify_result;
	ASN1_OCTET_STRING tlsext_hostname;
	ASN1_INTEGER tlsext_tick_lifetime;
	ASN1_OCTET_STRING tlsext_tick;
} SSL_SESSION_ASN1;



int
i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
	int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
	unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
	unsigned char ibuf6[LSIZE2];
	SSL_SESSION_ASN1 a;
	unsigned char *p;
	int len = 0, ret;


	long l;



	if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
		return (0);

	/*
	 * Note that I cheat in the following 2 assignments.
	 * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
	 * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
	 * This is a bit evil but makes things simple, no dynamic allocation

	 * to clean up :-)
	 */

	a.version.length = LSIZE2;
	a.version.type = V_ASN1_INTEGER;
	a.version.data = ibuf1;
	ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
	len += i2d_ASN1_INTEGER(&(a.version), NULL);


	a.ssl_version.length = LSIZE2;
	a.ssl_version.type = V_ASN1_INTEGER;
	a.ssl_version.data = ibuf2;
	ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
	len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);

	a.cipher.length = 2;
	a.cipher.type = V_ASN1_OCTET_STRING;
	l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
	buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
	buf[1] = ((unsigned char)(l)) & 0xff;
	a.cipher.data = buf;

	len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);

	a.master_key.length = in->master_key_length;
	a.master_key.type = V_ASN1_OCTET_STRING;
	a.master_key.data = in->master_key;
	len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);

	a.session_id.length = in->session_id_length;
	a.session_id.type = V_ASN1_OCTET_STRING;

	a.session_id.data = in->session_id;
	len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);



	if (in->time != 0L) {

		a.time.length = LSIZE2;

		a.time.type = V_ASN1_INTEGER;
		a.time.data = ibuf3;
		ASN1_INTEGER_set(&(a.time), in->time);	/* XXX 2038 */
		v1 = i2d_ASN1_INTEGER(&(a.time), NULL);

		len += ASN1_object_size(1, v1, 1);



	}


	if (in->timeout != 0L) {
		a.timeout.length = LSIZE2;
		a.timeout.type = V_ASN1_INTEGER;

		a.timeout.data = ibuf4;

		ASN1_INTEGER_set(&(a.timeout), in->timeout);
		v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL);
		len += ASN1_object_size(1, v2, 2);
	}

	if (in->peer != NULL) {
		v3 = i2d_X509(in->peer, NULL);
		len += ASN1_object_size(1, v3, 3);
	}

	a.session_id_context.length = in->sid_ctx_length;
	a.session_id_context.type = V_ASN1_OCTET_STRING;
	a.session_id_context.data = in->sid_ctx;
	v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL);

	len += ASN1_object_size(1, v4, 4);

	if (in->verify_result != X509_V_OK) {
		a.verify_result.length = LSIZE2;
		a.verify_result.type = V_ASN1_INTEGER;
		a.verify_result.data = ibuf5;
		ASN1_INTEGER_set(&a.verify_result, in->verify_result);
		v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL);
		len += ASN1_object_size(1, v5, 5);
	}

	if (in->tlsext_hostname) {
		a.tlsext_hostname.length = strlen(in->tlsext_hostname);



		a.tlsext_hostname.type = V_ASN1_OCTET_STRING;



		a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
		v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL);
		len += ASN1_object_size(1, v6, 6);
	}










	/* 7 - PSK identity hint. */
	/* 8 - PSK identity. */


	if (in->tlsext_tick_lifetime_hint > 0) {
		a.tlsext_tick_lifetime.length = LSIZE2;


		a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;

		a.tlsext_tick_lifetime.data = ibuf6;
		ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
		    in->tlsext_tick_lifetime_hint);
		v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL);
		len += ASN1_object_size(1, v9, 9);

	}

	if (in->tlsext_tick) {
		a.tlsext_tick.length = in->tlsext_ticklen;
		a.tlsext_tick.type = V_ASN1_OCTET_STRING;
		a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
		v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL);
		len += ASN1_object_size(1, v10, 10);
	}

	/* 11 - Compression method. */
	/* 12 - SRP username. */

	/* If given a NULL pointer, return the length only. */
	ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));




	if (pp == NULL)
		return (ret);


	/* Burp out the ASN1. */
	p = *pp;
	ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
	i2d_ASN1_INTEGER(&(a.version), &p);
	i2d_ASN1_INTEGER(&(a.ssl_version), &p);
	i2d_ASN1_OCTET_STRING(&(a.cipher), &p);


	i2d_ASN1_OCTET_STRING(&(a.session_id), &p);

	i2d_ASN1_OCTET_STRING(&(a.master_key), &p);

	if (in->time != 0L) {
		ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
		i2d_ASN1_INTEGER(&(a.time), &p);

	}
	if (in->timeout != 0L) {


		ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);


		i2d_ASN1_INTEGER(&(a.timeout), &p);


	}
	if (in->peer != NULL) {
		ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
		i2d_X509(in->peer, &p);




	}
	ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
	i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
	if (in->verify_result != X509_V_OK) {
		ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
		i2d_ASN1_INTEGER(&(a.verify_result), &p);
	}
	if (in->tlsext_hostname) {
		ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
		i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
	}
	/* 7 - PSK identity hint. */
	/* 8 - PSK identity. */
	if (in->tlsext_tick_lifetime_hint > 0) {
		ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
		i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
	}

	if (in->tlsext_tick) {
		ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
		i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);

	}
	/* 11 - Compression method. */
	/* 12 - SRP username. */



	*pp = p;
	return (ret);
}

SSL_SESSION *
d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
{





	SSL_SESSION *ret = NULL;
	ASN1_const_CTX c;
	ASN1_INTEGER ai, *aip;
	ASN1_OCTET_STRING os, *osp;
	int ssl_version = 0, i;
	int Tinf, Ttag, Tclass;
	long Tlen;
	long id;

	c.pp = pp;
	c.p = *pp;
	c.q = *pp;
	c.max = (length == 0) ? 0 : (c.p + length);
	c.slen = length;

	if (a == NULL || *a == NULL) {
		if ((ret = SSL_SESSION_new()) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
	} else
		ret = *a;

	aip = &ai;
	osp = &os;

	if (!asn1_GetSequence(&c, &length)) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}

	ai.data = NULL;
	ai.length = 0;
	c.q = c.p;
	if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	c.slen -= (c.p - c.q);

	if (ai.data != NULL) {
		free(ai.data);
		ai.data = NULL;
		ai.length = 0;
	}

	/* we don't care about the version right now :-) */
	c.q = c.p;
	if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	c.slen -= (c.p - c.q);
	ssl_version = (int)ASN1_INTEGER_get(aip);
	ret->ssl_version = ssl_version;
	if (ai.data != NULL) {
		free(ai.data);
		ai.data = NULL;
		ai.length = 0;
	}

	os.data = NULL;
	os.length = 0;

	c.q = c.p;
	if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	c.slen -= (c.p - c.q);
	if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
		if (os.length != 2) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    SSL_R_CIPHER_CODE_WRONG_LENGTH);
			goto err;
		}
		id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
		    (unsigned long)os.data[1];
	} else {
		SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
		goto err;

	}

	ret->cipher = NULL;
	ret->cipher_id = id;

	c.q = c.p;
	if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	c.slen -= (c.p - c.q);

	i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
	if (os.length > i)
		os.length = i;
	if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
		os.length = sizeof(ret->session_id);

	ret->session_id_length = os.length;
	OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
	memcpy(ret->session_id, os.data, os.length);

	c.q = c.p;
	if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}
	c.slen -= (c.p - c.q);
	if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
		ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
	else
		ret->master_key_length = os.length;
	memcpy(ret->master_key, os.data, ret->master_key_length);

	os.length = 0;


	/* 1 - Time (INTEGER). */
	/* XXX 2038 */
	ai.length = 0;
	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 1)) {
		c.q = c.p;

		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;
		if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;

		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;
			}
		}
		c.slen -= (c.p - c.q);
	}
	if (ai.data != NULL) {
		ret->time = ASN1_INTEGER_get(aip);

		free(ai.data);
		ai.data = NULL;
		ai.length = 0;
	} else
		ret->time = time(NULL);

	/* 2 - Timeout (INTEGER). */

	ai.length = 0;
	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 2)) {
		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;

		if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);


			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;
			}
		}

		c.slen -= (c.p - c.q);
	}
	if (ai.data != NULL) {
		ret->timeout = ASN1_INTEGER_get(aip);
		free(ai.data);
		ai.data = NULL;
		ai.length = 0;
	} else
		ret->timeout = 3;

	/* 3 - Peer (X509). */
	X509_free(ret->peer);
	ret->peer = NULL;

	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;
		if (d2i_X509(&ret->peer, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;
			}
		}
		c.slen -= (c.p - c.q);
	}

	/* 4 - Session ID (OCTET STRING). */
	os.length = 0;
	free(os.data);
	os.data = NULL;



	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 4)) {
		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}

		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;
		if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;
			}
		}
		c.slen -= (c.p - c.q);
	}
	if (os.data != NULL) {

		if (os.length > SSL_MAX_SID_CTX_LENGTH) {

			SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
			goto err;
		} else {
			ret->sid_ctx_length = os.length;
			memcpy(ret->sid_ctx, os.data, os.length);
		}

		free(os.data);
		os.data = NULL;
		os.length = 0;
	} else
		ret->sid_ctx_length = 0;

	/* 5 - Verify_result. */
	ai.length = 0;
	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 5)) {
		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))

			Tlen = c.slen - (c.p - c.q) - 2;

		if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;
			}
		}
		c.slen -= (c.p - c.q);
	}
	if (ai.data != NULL) {
		ret->verify_result = ASN1_INTEGER_get(aip);
		free(ai.data);
		ai.data = NULL;
		ai.length = 0;
	} else
		ret->verify_result = X509_V_OK;

	/* 6 - HostName (OCTET STRING). */
	os.length = 0;
	os.data = NULL;
	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 6)) {
		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,

			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;
		if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;


			}
		}
		c.slen -= (c.p - c.q);
	}
	if (os.data) {
		ret->tlsext_hostname = strndup((char *)os.data, os.length);
		free(os.data);
		os.data = NULL;
		os.length = 0;
	} else
		ret->tlsext_hostname = NULL;

	/* 7 - PSK identity hint (OCTET STRING). */
	/* 8 - PSK identity (OCTET STRING). */

	/* 9 - Ticket lifetime. */
	ai.length = 0;
	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 9)) {

		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;
		if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;

			}
		}
		c.slen -= (c.p - c.q);
	}
	if (ai.data != NULL) {
		ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
		free(ai.data);
		ai.data = NULL;
		ai.length = 0;
	} else if (ret->tlsext_ticklen && ret->session_id_length)
		ret->tlsext_tick_lifetime_hint = -1;
	else
		ret->tlsext_tick_lifetime_hint = 0;
	os.length = 0;
	os.data = NULL;

	/* 10 - Ticket (OCTET STRING). */
	if (c.slen != 0L &&
	    *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 10)) {
		c.q = c.p;
		Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
		if (Tinf & 0x80) {
			SSLerr(SSL_F_D2I_SSL_SESSION,
			    ERR_R_BAD_ASN1_OBJECT_HEADER);
			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1))
			Tlen = c.slen - (c.p - c.q) - 2;
		if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
			SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);

			goto err;
		}
		if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
			Tlen = c.slen - (c.p - c.q);
			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
				SSLerr(SSL_F_D2I_SSL_SESSION,
				    ERR_R_MISSING_ASN1_EOS);
				goto err;
			}
		}
		c.slen -= (c.p - c.q);


	}
	if (os.data) {
		ret->tlsext_tick = os.data;
		ret->tlsext_ticklen = os.length;
		os.data = NULL;
		os.length = 0;
	} else
		ret->tlsext_tick = NULL;

	/* 11 - Compression method (OCTET STRING). */
	/* 12 - SRP username (OCTET STRING). */

	if (!asn1_const_Finish(&c)) {
		SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
		goto err;
	}

	*pp = c.p;
	if (a != NULL)
		*a = ret;

	return (ret);

err:
	ERR_asprintf_error_data("offset=%d", (int)(c.q - *pp));

	if (ret != NULL && (a == NULL || *a != ret))
		SSL_SESSION_free(ret);

	return (NULL);
}
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
>
|
<
<
<
<
<

>
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<

|
|
|
<
|
<
|
<
|
<
<
<
<
<
<
<
>


|
>
|
>



<
|

<
|
|
|
|
|
|
|
|
|
|
>
|
>
|
|
<
|
<
|
>
>


|

|
|
|
<
<
<
|
|
>
>
|
>
>

|


<
<
<
<
<
>
|
|
>
|
|
|
|
<
>

|
|
|
|
<
|
|
|
|
<
|
|
>
|
|
|
|
<
<

|
|
>
|
<
>

>
|
>
|
>
|
|
|
|
>
|
>
>
>


>
|
|
<
>
|
>
|
<
<
<
|
<
<
<


|
|
<
|
>
|
|
|
|
<
<
<
<
<


|
<
>
>
>
|
>
>
>
<
<
<
|
>
>
>
>
>
>
>
>
>
|
<
<

>
|
<
>
>
|
>
|
<
|
<
<
>

<
<
<
<
<
<
<
|
|
<
|

<
<
>
>
>
>
|
|
>
|
<
<
<
<
<
|
>
>
|
>
|
>
|
<
<
>

|
>
>
|
>
>
|
>
>
|
|
|
|
>
>
>
>
|
<
<
<
<
<

<
<
<
|
<
<
|
<
<
|
>
|
<
<
>
|
|
<
>
>

<
|





>
>
>
>
>
|
<
<
<
<
<
|
|

|
|
<
<
<

|
|
<
<
<
<
<
|
<
<
|
<
<
<
|
|
<
<
<
<
<
<
|
<
|
<
<
<
<
|
|
<
<
<
<

<
<
<
<
<
<
<
<
|
|
<
<
>
|
<
|

|
<
|
|
<
<
|
<
<
<
|
<

>
|
|
<
<
|
<
<
<

<
<
|
<
<
<
<
<
|
<
<
<
|
<
<
<

|
<
<
<
<
<
<
|
|
>

<
|
<
|
<
|
>
|
<
<
<
|
<
<
|
<
<
|
>
|
<
|
<
<
|
|
<
<
<
<
<
<
>
|
<
<
|
<
|
<
>
|
<
<
<
<
<
<
<
<
|
<
<
>
|
<
>
>
|
<
|
<
<
<
<
|
<
<
>
|
|
<
|
<
<
<
<
|
|
<
<
<
|
<
<
<
<
<
<
<
|
<
|
<
<
<
|
<
|
|
<
<
<
<
|
<
<
<
|
<
<
|
|
>
>
>
|
<
|
<
|
<
<

<
>
|
<
|
<

|
<
<
<
<
<
<
|
<
<
<
<
>
|
>
|
|
|
|
|
<
>
|
<
<
|
|
|
<
<
<
<
<
<
<
<
<
<
|
<
>
|
>
|
<
|
<
|
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
|

|
|
|
<
<
<
<
<
<
>
|
|
<
|
<
<
<
<
<
|
<
<
<
<
|
>
>
|
|
<
<
<
<
<
<
<
<
<
<
|
|

|
|
|
<
>
|
<
|
<
|
|
<
|
<
<
<
|
<
|
<
<
<
<
<
>
|
<
<
<
<
<
<
<
<
<
|
<
|
<
|
|
<
<
<
<
<
<
<
|
|
<
|
<
<
<
>

|
<
<
<
<
<
<
|
<
<
>
>
|
<
<
<
<
<
<
<
|
<
<

<
<
<
<
<
<

|

|


|
>
|
|



1


2











3
4





5
6
7


8













9
10
11
12

13

14

15







16
17
18
19
20
21
22
23
24
25

26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

43

44
45
46
47
48
49
50
51
52
53



54
55
56
57
58
59
60
61
62
63
64





65
66
67
68
69
70
71
72

73
74
75
76
77
78

79
80
81
82

83
84
85
86
87
88
89


90
91
92
93
94

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119



120



121
122
123
124

125
126
127
128
129
130





131
132
133

134
135
136
137
138
139
140



141
142
143
144
145
146
147
148
149
150
151


152
153
154

155
156
157
158
159

160


161
162







163
164

165
166


167
168
169
170
171
172
173
174





175
176
177
178
179
180
181
182


183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202





203



204


205


206
207
208


209
210
211

212
213
214

215
216
217
218
219
220
221
222
223
224
225
226





227
228
229
230
231



232
233
234





235


236



237
238






239

240




241
242




243








244
245


246
247

248
249
250

251
252


253



254

255
256
257
258


259



260


261





262



263



264
265






266
267
268
269

270

271

272
273
274



275


276


277
278
279

280


281
282






283
284


285

286

287
288








289


290
291

292
293
294

295




296


297
298
299

300




301
302



303







304

305



306

307
308




309



310


311
312
313
314
315
316

317

318


319

320
321

322

323
324






325




326
327
328
329
330
331
332
333

334
335


336
337
338










339

340
341
342
343

344

345




346










347
348
349
350
351






352
353
354

355





356




357
358
359
360
361










362
363
364
365
366
367

368
369

370

371
372

373



374

375





376
377









378

379

380
381







382
383

384



385
386
387






388


389
390
391







392


393






394
395
396
397
398
399
400
401
402
403
404
405
406
/* $OpenBSD: ssl_asn1.c,v 1.49 2017/02/07 02:08:38 beck Exp $ */














/*
 * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>





 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above


 * copyright notice and this permission notice appear in all copies.













 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF







 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <limits.h>

#include <openssl/ssl.h>
#include <openssl/x509.h>

#include "ssl_locl.h"


#include "bytestring.h"


#define SSLASN1_TAG	(CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC)
#define SSLASN1_TIME_TAG		(SSLASN1_TAG | 1)
#define SSLASN1_TIMEOUT_TAG		(SSLASN1_TAG | 2)
#define SSLASN1_PEER_CERT_TAG		(SSLASN1_TAG | 3)
#define SSLASN1_SESSION_ID_CTX_TAG	(SSLASN1_TAG | 4)
#define SSLASN1_VERIFY_RESULT_TAG	(SSLASN1_TAG | 5)
#define SSLASN1_HOSTNAME_TAG		(SSLASN1_TAG | 6)
#define SSLASN1_LIFETIME_TAG		(SSLASN1_TAG | 9)
#define SSLASN1_TICKET_TAG		(SSLASN1_TAG | 10)

static uint64_t
time_max(void)
{
	if (sizeof(time_t) == sizeof(int32_t))
		return INT32_MAX;

	if (sizeof(time_t) == sizeof(int64_t))

		return INT64_MAX;
	return 0;
}

int
i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp)
{
	CBB cbb, session, cipher_suite, session_id, master_key, time, timeout;
	CBB peer_cert, sidctx, verify_result, hostname, lifetime, ticket;
	CBB value;



	unsigned char *data = NULL, *peer_cert_bytes = NULL;
	int len, rv = -1;
	size_t data_len;
	uint16_t cid;

	if (s == NULL)
		return (0);

	if (s->cipher == NULL && s->cipher_id == 0)
		return (0);






	if (!CBB_init(&cbb, 0))
		goto err;

	if (!CBB_add_asn1(&cbb, &session, CBS_ASN1_SEQUENCE))
		goto err;

	/* Session ASN1 version. */
	if (!CBB_add_asn1_uint64(&session, SSL_SESSION_ASN1_VERSION))

		goto err;

	/* TLS/SSL protocol version. */
	if (s->ssl_version < 0)
		goto err;
	if (!CBB_add_asn1_uint64(&session, s->ssl_version))

		goto err;

	/* Cipher suite ID. */
	/* XXX - require cipher to be non-NULL or always/only use cipher_id. */

	cid = (uint16_t)(s->cipher_id & 0xffff);
	if (s->cipher != NULL)
		cid = ssl3_cipher_get_value(s->cipher);
	if (!CBB_add_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))
		goto err;
	if (!CBB_add_u16(&cipher_suite, cid))
		goto err;



	/* Session ID. */
	if (!CBB_add_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING))
		goto err;
	if (!CBB_add_bytes(&session_id, s->session_id, s->session_id_length))

		goto err;

	/* Master key. */
	if (!CBB_add_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING))
		goto err;
	if (!CBB_add_bytes(&master_key, s->master_key, s->master_key_length))
		goto err;

	/* Time [1]. */
	if (s->time != 0) {
		if (s->time < 0)
			goto err;
		if (!CBB_add_asn1(&session, &time, SSLASN1_TIME_TAG))
			goto err;
		if (!CBB_add_asn1_uint64(&time, s->time))
			goto err;
	}

	/* Timeout [2]. */
	if (s->timeout != 0) {
		if (s->timeout < 0)

			goto err;
		if (!CBB_add_asn1(&session, &timeout, SSLASN1_TIMEOUT_TAG))
			goto err;
		if (!CBB_add_asn1_uint64(&timeout, s->timeout))



			goto err;



	}

	/* Peer certificate [3]. */
	if (s->peer != NULL) {

		if ((len = i2d_X509(s->peer, &peer_cert_bytes)) <= 0)
			goto err;
		if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG))
			goto err;
		if (!CBB_add_bytes(&peer_cert, peer_cert_bytes, len))
			goto err;





	}

	/* Session ID context [4]. */

	/* XXX - Actually handle this as optional? */
	if (!CBB_add_asn1(&session, &sidctx, SSLASN1_SESSION_ID_CTX_TAG))
		goto err;
	if (!CBB_add_asn1(&sidctx, &value, CBS_ASN1_OCTETSTRING))
		goto err;
	if (!CBB_add_bytes(&value, s->sid_ctx, s->sid_ctx_length))
		goto err;




	/* Verify result [5]. */
	if (s->verify_result != X509_V_OK) {
		if (s->verify_result < 0)
			goto err;
		if (!CBB_add_asn1(&session, &verify_result,
		    SSLASN1_VERIFY_RESULT_TAG))
			goto err;
		if (!CBB_add_asn1_uint64(&verify_result, s->verify_result))
			goto err;
	}



	/* Hostname [6]. */
	if (s->tlsext_hostname != NULL) {

		if (!CBB_add_asn1(&session, &hostname, SSLASN1_HOSTNAME_TAG))
			goto err;
		if (!CBB_add_asn1(&hostname, &value, CBS_ASN1_OCTETSTRING))
			goto err;
		if (!CBB_add_bytes(&value, (const uint8_t *)s->tlsext_hostname,

		    strlen(s->tlsext_hostname)))


			goto err;
	}








	/* PSK identity hint [7]. */

	/* PSK identity [8]. */



	/* Ticket lifetime hint [9]. */
	if (s->tlsext_tick_lifetime_hint > 0) {
		if (!CBB_add_asn1(&session, &lifetime, SSLASN1_LIFETIME_TAG))
			goto err;
		if (!CBB_add_asn1_uint64(&lifetime,
		    s->tlsext_tick_lifetime_hint))
			goto err;
	}






	/* Ticket [10]. */
	if (s->tlsext_tick) {
		if (!CBB_add_asn1(&session, &ticket, SSLASN1_TICKET_TAG))
			goto err;
		if (!CBB_add_asn1(&ticket, &value, CBS_ASN1_OCTETSTRING))
			goto err;
		if (!CBB_add_bytes(&value, s->tlsext_tick, s->tlsext_ticklen))


			goto err;
	}

	/* Compression method [11]. */
	/* SRP username [12]. */

	if (!CBB_finish(&cbb, &data, &data_len))
		goto err;

	if (data_len > INT_MAX)
		goto err;

	if (pp != NULL) {
		if (*pp == NULL) {
			*pp = data;
			data = NULL;
		} else {
			memcpy(*pp, data, data_len);
			*pp += data_len;
		}





	}






	rv = (int)data_len;



 err:
	if (data != NULL)


		explicit_bzero(data, data_len);

	CBB_cleanup(&session);

	free(peer_cert_bytes);
	free(data);


	return rv;
}

SSL_SESSION *
d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
{
	CBS cbs, session, cipher_suite, session_id, master_key, peer_cert;
	CBS hostname, ticket;
	uint64_t version, tls_version, stime, timeout, verify_result, lifetime;
	const unsigned char *peer_cert_bytes;
	uint16_t cipher_value;
	SSL_SESSION *s = NULL;





	size_t data_len;
	int present;

	if (a != NULL)
		s = *a;




	if (s == NULL) {
		if ((s = SSL_SESSION_new()) == NULL) {





			SSLerrorx(ERR_R_MALLOC_FAILURE);


			return (NULL);



		}
	}








	CBS_init(&cbs, *pp, length);





	if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE))




		goto err;









	/* Session ASN1 version. */


	if (!CBS_get_asn1_uint64(&session, &version))
		goto err;

	if (version != SSL_SESSION_ASN1_VERSION)
		goto err;


	/* TLS/SSL Protocol Version. */
	if (!CBS_get_asn1_uint64(&session, &tls_version))


		goto err;



	if (tls_version > INT_MAX)

		goto err;
	s->ssl_version = (int)tls_version;

	/* Cipher suite. */


	if (!CBS_get_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))



		goto err;


	if (!CBS_get_u16(&cipher_suite, &cipher_value))





		goto err;



	if (CBS_len(&cipher_suite) != 0)



		goto err;







	/* XXX - populate cipher instead? */
	s->cipher = NULL;
	s->cipher_id = SSL3_CK_ID | cipher_value;


	/* Session ID. */

	if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING))

		goto err;
	if (!CBS_write_bytes(&session_id, s->session_id, sizeof(s->session_id),
	    &data_len))



		goto err;


	if (data_len > UINT_MAX)


		goto err;
	s->session_id_length = (unsigned int)data_len;


	/* Master key. */


	if (!CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING))
		goto err;






	if (!CBS_write_bytes(&master_key, s->master_key, sizeof(s->master_key),
	    &data_len))


		goto err;

	if (data_len > INT_MAX)

		goto err;
	s->master_key_length = (int)data_len;











	/* Time [1]. */
	s->time = time(NULL);

	if (!CBS_get_optional_asn1_uint64(&session, &stime, SSLASN1_TIME_TAG,
	    0))
		goto err;

	if (stime > time_max())




		goto err;


	if (stime != 0)
		s->time = (time_t)stime;


	/* Timeout [2]. */




	s->timeout = 3;
	if (!CBS_get_optional_asn1_uint64(&session, &timeout,



	    SSLASN1_TIMEOUT_TAG, 0))







		goto err;

	if (timeout > LONG_MAX)



		goto err;

	if (timeout != 0)
		s->timeout = (long)timeout;




	



	/* Peer certificate [3]. */


	X509_free(s->peer);
	s->peer = NULL;
	if (!CBS_get_optional_asn1(&session, &peer_cert, &present,
	    SSLASN1_PEER_CERT_TAG))
		goto err;
	if (present) {

		data_len = CBS_len(&peer_cert);

		if (data_len > LONG_MAX)


			goto err;

		peer_cert_bytes = CBS_data(&peer_cert);
		if (d2i_X509(&s->peer, &peer_cert_bytes,

		    (long)data_len) == NULL)

			goto err;
	}











	/* Session ID context [4]. */
	s->sid_ctx_length = 0;
	if (!CBS_get_optional_asn1_octet_string(&session, &session_id, &present,
	    SSLASN1_SESSION_ID_CTX_TAG))
		goto err;
	if (present) {
		if (!CBS_write_bytes(&session_id, (uint8_t *)&s->sid_ctx,
		    sizeof(s->sid_ctx), &data_len))

			goto err;
		if (data_len > UINT_MAX)


			goto err;
		s->sid_ctx_length = (unsigned int)data_len;
	}












	/* Verify result [5]. */
	s->verify_result = X509_V_OK;
	if (!CBS_get_optional_asn1_uint64(&session, &verify_result,
	    SSLASN1_VERIFY_RESULT_TAG, X509_V_OK))

		goto err;

	if (verify_result > LONG_MAX)




		goto err;










	s->verify_result = (long)verify_result;

	/* Hostname [6]. */
	free(s->tlsext_hostname);
	s->tlsext_hostname = NULL;






	if (!CBS_get_optional_asn1_octet_string(&session, &hostname, &present,
	    SSLASN1_HOSTNAME_TAG))
		goto err;

	if (present) {





		if (CBS_contains_zero_byte(&hostname))




			goto err;
		if (!CBS_strdup(&hostname, &s->tlsext_hostname))
			goto err;
	}
	










	/* PSK identity hint [7]. */
	/* PSK identity [8]. */

	/* Ticket lifetime [9]. */
	s->tlsext_tick_lifetime_hint = 0;
	/* XXX - tlsext_ticklen is not yet set... */

	if (s->tlsext_ticklen > 0 && s->session_id_length > 0)
		s->tlsext_tick_lifetime_hint = -1;

	if (!CBS_get_optional_asn1_uint64(&session, &lifetime,

	    SSLASN1_LIFETIME_TAG, 0))
		goto err;

	if (lifetime > LONG_MAX)



		goto err;

	if (lifetime > 0)





		s->tlsext_tick_lifetime_hint = (long)lifetime;










	/* Ticket [10]. */

	free(s->tlsext_tick);

	s->tlsext_tick = NULL;
	if (!CBS_get_optional_asn1_octet_string(&session, &ticket, &present,







	    SSLASN1_TICKET_TAG))
		goto err;

	if (present) {



		if (!CBS_stow(&ticket, &s->tlsext_tick, &s->tlsext_ticklen))
			goto err;
	}









	/* Compression method [11]. */
	/* SRP username [12]. */








	*pp = CBS_data(&cbs);









	if (a != NULL)
		*a = s;

	return (s);

err:
	ERR_asprintf_error_data("offset=%d", (int)(CBS_data(&cbs) - *pp));

	if (s != NULL && (a == NULL || *a != s))
		SSL_SESSION_free(s);

	return (NULL);
}
Added jni/libressl/ssl/ssl_both.c.




































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
/* $OpenBSD: ssl_both.c,v 1.7 2017/03/05 14:24:12 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */

#include <limits.h>
#include <stdio.h>
#include <string.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

#include "bytestring.h"

/*
 * Send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
 * SSL3_RT_CHANGE_CIPHER_SPEC).
 */
int
ssl3_do_write(SSL *s, int type)
{
	int ret;

	ret = ssl3_write_bytes(s, type, &s->internal->init_buf->data[s->internal->init_off],
	    s->internal->init_num);
	if (ret < 0)
		return (-1);

	if (type == SSL3_RT_HANDSHAKE)
		/*
		 * Should not be done for 'Hello Request's, but in that case
		 * we'll ignore the result anyway.
		 */
		tls1_finish_mac(s,
		    (unsigned char *)&s->internal->init_buf->data[s->internal->init_off], ret);

	if (ret == s->internal->init_num) {
		if (s->internal->msg_callback)
			s->internal->msg_callback(1, s->version, type, s->internal->init_buf->data,
			    (size_t)(s->internal->init_off + s->internal->init_num), s,
			    s->internal->msg_callback_arg);
		return (1);
	}

	s->internal->init_off += ret;
	s->internal->init_num -= ret;

	return (0);
}

int
ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
	CBB cbb, finished;
	int md_len;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == a) {
		md_len = TLS1_FINISH_MAC_LENGTH;
		OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);

		if (tls1_final_finish_mac(s, sender, slen,
		    S3I(s)->tmp.finish_md) != md_len)
			return (0);
		S3I(s)->tmp.finish_md_len = md_len;

		/* Copy finished so we can use it for renegotiation checks. */
		if (s->internal->type == SSL_ST_CONNECT) {
			memcpy(S3I(s)->previous_client_finished,
			    S3I(s)->tmp.finish_md, md_len);
			S3I(s)->previous_client_finished_len = md_len;
		} else {
			memcpy(S3I(s)->previous_server_finished,
			    S3I(s)->tmp.finish_md, md_len);
			S3I(s)->previous_server_finished_len = md_len;
		}

		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &finished,
		    SSL3_MT_FINISHED))
                        goto err;
		if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = b;
	}

	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (-1);
}

/*
 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
 * so far.
 */
static void
ssl3_take_mac(SSL *s)
{
	const char *sender;
	int slen;

	/*
	 * If no new cipher setup return immediately: other functions will
	 * set the appropriate error.
	 */
	if (S3I(s)->tmp.new_cipher == NULL)
		return;

	if (s->internal->state & SSL_ST_CONNECT) {
		sender = TLS_MD_SERVER_FINISH_CONST;
		slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
	} else {
		sender = TLS_MD_CLIENT_FINISH_CONST;
		slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
	}

	S3I(s)->tmp.peer_finish_md_len =
	    tls1_final_finish_mac(s, sender, slen,
		S3I(s)->tmp.peer_finish_md);
}

int
ssl3_get_finished(SSL *s, int a, int b)
{
	int al, ok, md_len;
	long n;
	CBS cbs;

	/* should actually be 36+4 :-) */
	n = s->method->internal->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
	if (!ok)
		return ((int)n);

	/* If this occurs, we have missed a message */
	if (!S3I(s)->change_cipher_spec) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
		goto f_err;
	}
	S3I(s)->change_cipher_spec = 0;

	md_len = TLS1_FINISH_MAC_LENGTH;

	if (n < 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
		goto f_err;
	}

	CBS_init(&cbs, s->internal->init_msg, n);

	if (S3I(s)->tmp.peer_finish_md_len != md_len ||
	    CBS_len(&cbs) != md_len) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
		goto f_err;
	}

	if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
		al = SSL_AD_DECRYPT_ERROR;
		SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
		goto f_err;
	}

	/* Copy finished so we can use it for renegotiation checks. */
	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
	if (s->internal->type == SSL_ST_ACCEPT) {
		memcpy(S3I(s)->previous_client_finished,
		    S3I(s)->tmp.peer_finish_md, md_len);
		S3I(s)->previous_client_finished_len = md_len;
	} else {
		memcpy(S3I(s)->previous_server_finished,
		    S3I(s)->tmp.peer_finish_md, md_len);
		S3I(s)->previous_server_finished_len = md_len;
	}

	return (1);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	return (0);
}

/* for these 2 messages, we need to
 * ssl->enc_read_ctx			re-init
 * ssl->s3->internal->read_sequence		zero
 * ssl->s3->internal->read_mac_secret		re-init
 * ssl->session->read_sym_enc		assign
 * ssl->session->read_hash		assign
 */
int
ssl3_send_change_cipher_spec(SSL *s, int a, int b)
{
	unsigned char *p;

	if (s->internal->state == a) {
		p = (unsigned char *)s->internal->init_buf->data;
		*p = SSL3_MT_CCS;
		s->internal->init_num = 1;
		s->internal->init_off = 0;

		s->internal->state = b;
	}

	/* SSL3_ST_CW_CHANGE_B */
	return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
}

static int
ssl3_add_cert(CBB *cbb, X509 *x)
{
	unsigned char *data;
	int cert_len;
	int ret = 0;
	CBB cert;

	if ((cert_len = i2d_X509(x, NULL)) < 0)
		goto err;

	if (!CBB_add_u24_length_prefixed(cbb, &cert))
		goto err;
	if (!CBB_add_space(&cert, &data, cert_len))
		goto err;
	if (i2d_X509(x, &data) < 0)
		goto err;
	if (!CBB_flush(cbb))
		goto err;

	ret = 1;

 err:
	return (ret);
}

int
ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x)
{
	int no_chain = 0;
	CBB cert_list;
	int ret = 0;
	int i;

	if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
		goto err;

	if ((s->internal->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
		no_chain = 1;

	/* TLSv1 sends a chain with nothing in it, instead of an alert. */
	if (x != NULL) {
		if (no_chain) {
			if (!ssl3_add_cert(&cert_list, x))
				goto err;
		} else {
			X509_STORE_CTX xs_ctx;

			if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
			    x, NULL)) {
				SSLerror(s, ERR_R_X509_LIB);
				goto err;
			}
			X509_verify_cert(&xs_ctx);

			/* Don't leave errors in the queue. */
			ERR_clear_error();
			for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
				x = sk_X509_value(xs_ctx.chain, i);
				if (!ssl3_add_cert(&cert_list, x)) {
					X509_STORE_CTX_cleanup(&xs_ctx);
					goto err;
				}
			}
			X509_STORE_CTX_cleanup(&xs_ctx);
		}
	}

	/* Thawte special :-) */
	for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
		x = sk_X509_value(s->ctx->extra_certs, i);
		if (!ssl3_add_cert(&cert_list, x))
			goto err;
	}

	if (!CBB_flush(cbb))
		goto err;

	ret = 1;

 err:
	return (ret);
}

/*
 * Obtain handshake message of message type 'mt' (any if mt == -1),
 * maximum acceptable body length 'max'.
 * The first four bytes (msg_type and length) are read in state 'st1',
 * the body is read in state 'stn'.
 */
long
ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
	unsigned char *p;
	uint32_t l;
	long n;
	int i, al;
	CBS cbs;
	uint8_t u8;

	if (S3I(s)->tmp.reuse_message) {
		S3I(s)->tmp.reuse_message = 0;
		if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}
		*ok = 1;
		s->internal->init_msg = s->internal->init_buf->data + 4;
		s->internal->init_num = (int)S3I(s)->tmp.message_size;
		return s->internal->init_num;
	}

	p = (unsigned char *)s->internal->init_buf->data;

	/* s->internal->init_num < 4 */
	if (s->internal->state == st1) {
		int skip_message;

		do {
			while (s->internal->init_num < 4) {
				i = s->method->internal->ssl_read_bytes(s,
				    SSL3_RT_HANDSHAKE, &p[s->internal->init_num],
				    4 - s->internal->init_num, 0);
				if (i <= 0) {
					s->internal->rwstate = SSL_READING;
					*ok = 0;
					return i;
				}
				s->internal->init_num += i;
			}

			skip_message = 0;
			if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) {
				/*
				 * The server may always send 'Hello Request'
				 * messages -- we are doing a handshake anyway
				 * now, so ignore them if their format is
				 * correct.  Does not count for 'Finished' MAC.
				 */
				if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
					s->internal->init_num = 0;
					skip_message = 1;

					if (s->internal->msg_callback)
						s->internal->msg_callback(0, s->version,
						    SSL3_RT_HANDSHAKE, p, 4, s,
						    s->internal->msg_callback_arg);
				}
			}
		} while (skip_message);

		/* s->internal->init_num == 4 */

		if ((mt >= 0) && (*p != mt)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
		}

		CBS_init(&cbs, p, 4);
		if (!CBS_get_u8(&cbs, &u8) ||
		    !CBS_get_u24(&cbs, &l)) {
			SSLerror(s, ERR_R_BUF_LIB);
			goto err;
		}
		S3I(s)->tmp.message_type = u8;

		if (l > (unsigned long)max) {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
			goto f_err;
		}
		if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) {
			SSLerror(s, ERR_R_BUF_LIB);
			goto err;
		}
		S3I(s)->tmp.message_size = l;
		s->internal->state = stn;

		s->internal->init_msg = s->internal->init_buf->data + 4;
		s->internal->init_num = 0;
	}

	/* next state (stn) */
	p = s->internal->init_msg;
	n = S3I(s)->tmp.message_size - s->internal->init_num;
	while (n > 0) {
		i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
		    &p[s->internal->init_num], n, 0);
		if (i <= 0) {
			s->internal->rwstate = SSL_READING;
			*ok = 0;
			return i;
		}
		s->internal->init_num += i;
		n -= i;
	}

	/* If receiving Finished, record MAC of prior handshake messages for
	 * Finished verification. */
	if (*s->internal->init_buf->data == SSL3_MT_FINISHED)
		ssl3_take_mac(s);

	/* Feed this message into MAC computation. */
	if (s->internal->mac_packet) {
		tls1_finish_mac(s, (unsigned char *)s->internal->init_buf->data,
		    s->internal->init_num + 4);

		if (s->internal->msg_callback)
			s->internal->msg_callback(0, s->version,
			    SSL3_RT_HANDSHAKE, s->internal->init_buf->data,
			    (size_t)s->internal->init_num + 4, s,
			    s->internal->msg_callback_arg);
	}

	*ok = 1;
	return (s->internal->init_num);

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	*ok = 0;
	return (-1);
}

int
ssl_cert_type(X509 *x, EVP_PKEY *pkey)
{
	EVP_PKEY *pk;
	int ret = -1, i;

	if (pkey == NULL)
		pk = X509_get_pubkey(x);
	else
		pk = pkey;
	if (pk == NULL)
		goto err;

	i = pk->type;
	if (i == EVP_PKEY_RSA) {
		ret = SSL_PKEY_RSA_ENC;
	} else if (i == EVP_PKEY_DSA) {
		ret = SSL_PKEY_DSA_SIGN;
	} else if (i == EVP_PKEY_EC) {
		ret = SSL_PKEY_ECC;
	} else if (i == NID_id_GostR3410_2001 ||
	    i == NID_id_GostR3410_2001_cc) {
		ret = SSL_PKEY_GOST01;
	}

err:
	if (!pkey)
		EVP_PKEY_free(pk);
	return (ret);
}

int
ssl_verify_alarm_type(long type)
{
	int al;

	switch (type) {
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
	case X509_V_ERR_UNABLE_TO_GET_CRL:
	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
		al = SSL_AD_UNKNOWN_CA;
		break;
	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
	case X509_V_ERR_CERT_NOT_YET_VALID:
	case X509_V_ERR_CRL_NOT_YET_VALID:
	case X509_V_ERR_CERT_UNTRUSTED:
	case X509_V_ERR_CERT_REJECTED:
		al = SSL_AD_BAD_CERTIFICATE;
		break;
	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
		al = SSL_AD_DECRYPT_ERROR;
		break;
	case X509_V_ERR_CERT_HAS_EXPIRED:
	case X509_V_ERR_CRL_HAS_EXPIRED:
		al = SSL_AD_CERTIFICATE_EXPIRED;
		break;
	case X509_V_ERR_CERT_REVOKED:
		al = SSL_AD_CERTIFICATE_REVOKED;
		break;
	case X509_V_ERR_OUT_OF_MEM:
		al = SSL_AD_INTERNAL_ERROR;
		break;
	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
	case X509_V_ERR_INVALID_CA:
		al = SSL_AD_UNKNOWN_CA;
		break;
	case X509_V_ERR_APPLICATION_VERIFICATION:
		al = SSL_AD_HANDSHAKE_FAILURE;
		break;
	case X509_V_ERR_INVALID_PURPOSE:
		al = SSL_AD_UNSUPPORTED_CERTIFICATE;
		break;
	default:
		al = SSL_AD_CERTIFICATE_UNKNOWN;
		break;
	}
	return (al);
}

int
ssl3_setup_init_buffer(SSL *s)
{
	BUF_MEM *buf = NULL;

	if (s->internal->init_buf != NULL)
		return (1);

	if ((buf = BUF_MEM_new()) == NULL)
		goto err;
	if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH))
		goto err;

	s->internal->init_buf = buf;
	return (1);

err:
	BUF_MEM_free(buf);
	return (0);
}

int
ssl3_setup_read_buffer(SSL *s)
{
	unsigned char *p;
	size_t len, align, headerlen;

	if (SSL_IS_DTLS(s))
		headerlen = DTLS1_RT_HEADER_LENGTH;
	else
		headerlen = SSL3_RT_HEADER_LENGTH;

	align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);

	if (s->s3->rbuf.buf == NULL) {
		len = SSL3_RT_MAX_PLAIN_LENGTH +
		    SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
		if ((p = malloc(len)) == NULL)
			goto err;
		s->s3->rbuf.buf = p;
		s->s3->rbuf.len = len;
	}

	s->internal->packet = &(s->s3->rbuf.buf[0]);
	return 1;

err:
	SSLerror(s, ERR_R_MALLOC_FAILURE);
	return 0;
}

int
ssl3_setup_write_buffer(SSL *s)
{
	unsigned char *p;
	size_t len, align, headerlen;

	if (SSL_IS_DTLS(s))
		headerlen = DTLS1_RT_HEADER_LENGTH + 1;
	else
		headerlen = SSL3_RT_HEADER_LENGTH;

	align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);

	if (s->s3->wbuf.buf == NULL) {
		len = s->max_send_fragment +
		    SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
		if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
			len += headerlen + align +
			    SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;

		if ((p = malloc(len)) == NULL)
			goto err;
		s->s3->wbuf.buf = p;
		s->s3->wbuf.len = len;
	}

	return 1;

err:
	SSLerror(s, ERR_R_MALLOC_FAILURE);
	return 0;
}

int
ssl3_setup_buffers(SSL *s)
{
	if (!ssl3_setup_read_buffer(s))
		return 0;
	if (!ssl3_setup_write_buffer(s))
		return 0;
	return 1;
}

int
ssl3_release_write_buffer(SSL *s)
{
	free(s->s3->wbuf.buf);
	s->s3->wbuf.buf = NULL;
	return 1;
}

int
ssl3_release_read_buffer(SSL *s)
{
	free(s->s3->rbuf.buf);
	s->s3->rbuf.buf = NULL;
	return 1;
}
Changes to jni/libressl/ssl/ssl_cert.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_cert.c,v 1.51 2015/09/11 17:37:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_cert.c,v 1.64 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
CERT *
ssl_cert_new(void)
{
	CERT *ret;

	ret = calloc(1, sizeof(CERT));
	if (ret == NULL) {
		SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
	ret->references = 1;
	ssl_cert_set_default_md(ret);
	return (ret);
}

CERT *
ssl_cert_dup(CERT *cert)
{
	CERT *ret;
	int i;

	ret = calloc(1, sizeof(CERT));
	if (ret == NULL) {
		SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	/*
	 * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
	 * if you find that more readable
	 */
	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];

	ret->valid = cert->valid;
	ret->mask_k = cert->mask_k;
	ret->mask_a = cert->mask_a;

	if (cert->dh_tmp != NULL) {
		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
		if (ret->dh_tmp == NULL) {
			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
			goto err;
		}
		if (cert->dh_tmp->priv_key) {
			BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
			if (!b) {
				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
				goto err;
			}
			ret->dh_tmp->priv_key = b;
		}
		if (cert->dh_tmp->pub_key) {
			BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
			if (!b) {
				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
				goto err;
			}
			ret->dh_tmp->pub_key = b;
		}
	}
	ret->dh_tmp_cb = cert->dh_tmp_cb;
	ret->dh_tmp_auto = cert->dh_tmp_auto;

	if (cert->ecdh_tmp) {
		ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
		if (ret->ecdh_tmp == NULL) {
			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
			goto err;
		}
	}
	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
	ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;

	for (i = 0; i < SSL_PKEY_NUM; i++) {







|
















|
















|





|







|











|







174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
CERT *
ssl_cert_new(void)
{
	CERT *ret;

	ret = calloc(1, sizeof(CERT));
	if (ret == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
	ret->references = 1;
	ssl_cert_set_default_md(ret);
	return (ret);
}

CERT *
ssl_cert_dup(CERT *cert)
{
	CERT *ret;
	int i;

	ret = calloc(1, sizeof(CERT));
	if (ret == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	/*
	 * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
	 * if you find that more readable
	 */
	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];

	ret->valid = cert->valid;
	ret->mask_k = cert->mask_k;
	ret->mask_a = cert->mask_a;

	if (cert->dh_tmp != NULL) {
		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
		if (ret->dh_tmp == NULL) {
			SSLerrorx(ERR_R_DH_LIB);
			goto err;
		}
		if (cert->dh_tmp->priv_key) {
			BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
			if (!b) {
				SSLerrorx(ERR_R_BN_LIB);
				goto err;
			}
			ret->dh_tmp->priv_key = b;
		}
		if (cert->dh_tmp->pub_key) {
			BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
			if (!b) {
				SSLerrorx(ERR_R_BN_LIB);
				goto err;
			}
			ret->dh_tmp->pub_key = b;
		}
	}
	ret->dh_tmp_cb = cert->dh_tmp_cb;
	ret->dh_tmp_auto = cert->dh_tmp_auto;

	if (cert->ecdh_tmp) {
		ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
		if (ret->ecdh_tmp == NULL) {
			SSLerrorx(ERR_R_EC_LIB);
			goto err;
		}
	}
	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
	ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;

	for (i = 0; i < SSL_PKEY_NUM; i++) {
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

			case SSL_PKEY_ECC:
				/* We have an ECC key */
				break;

			default:
				/* Can't happen. */
				SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
			}
		}
	}

	/*
	 * ret->extra_certs *should* exist, but currently the own certificate
	 * chain is held inside SSL_CTX







|







280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

			case SSL_PKEY_ECC:
				/* We have an ECC key */
				break;

			default:
				/* Can't happen. */
				SSLerrorx(SSL_R_LIBRARY_BUG);
			}
		}
	}

	/*
	 * ret->extra_certs *should* exist, but currently the own certificate
	 * chain is held inside SSL_CTX
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405

406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446

447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
	 * turn out that there actually is a reason for it -- but I'm
	 * not sure that *all* of the existing code could cope with
	 * s->cert being NULL, otherwise we could do without the
	 * initialization in SSL_CTX_new).
	 */

	if (o == NULL) {
		SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (*o == NULL) {
		if ((*o = ssl_cert_new()) == NULL) {
			SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}
	return (1);
}


SESS_CERT *
ssl_sess_cert_new(void)
{
	SESS_CERT *ret;

	ret = calloc(1, sizeof *ret);
	if (ret == NULL) {
		SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
	ret->references = 1;

	return ret;
}

void
ssl_sess_cert_free(SESS_CERT *sc)
{
	int i;

	if (sc == NULL)
		return;

	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
	if (i > 0)
		return;

	/* i == 0 */
	if (sc->cert_chain != NULL)
		sk_X509_pop_free(sc->cert_chain, X509_free);
	for (i = 0; i < SSL_PKEY_NUM; i++)
		X509_free(sc->peer_pkeys[i].x509);

	DH_free(sc->peer_dh_tmp);
	EC_KEY_free(sc->peer_ecdh_tmp);


	free(sc);
}

int
ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
{
	X509_STORE_CTX ctx;
	X509 *x;
	int ret;

	if ((sk == NULL) || (sk_X509_num(sk) == 0))
		return (0);

	x = sk_X509_value(sk, 0);
	if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) {
		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
		return (0);
	}
	X509_STORE_CTX_set_ex_data(&ctx,
	    SSL_get_ex_data_X509_STORE_CTX_idx(), s);

	/*
	 * We need to inherit the verify parameters. These can be
	 * determined by the context: if its a server it will verify
	 * SSL client certificates or vice versa.
	 */
	X509_STORE_CTX_set_default(&ctx,
	    s->server ? "ssl_client" : "ssl_server");

	/*
	 * Anything non-default in "param" should overwrite anything
	 * in the ctx.
	 */
	X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);

	if (s->verify_callback)
		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);

	if (s->ctx->app_verify_callback != NULL)
		ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);

	else
		ret = X509_verify_cert(&ctx);

	s->verify_result = ctx.error;
	X509_STORE_CTX_cleanup(&ctx);

	return (ret);
}

static void
set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
    STACK_OF(X509_NAME) *name_list)
{
	if (*ca_list != NULL)
		sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);

	*ca_list = name_list;
}

STACK_OF(X509_NAME) *
SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
{
	int i;







|




|














|




















<
<
|





>
















|



















|
|

|
|
>













<
|
<







350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397


398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459

460

461
462
463
464
465
466
467
	 * turn out that there actually is a reason for it -- but I'm
	 * not sure that *all* of the existing code could cope with
	 * s->cert being NULL, otherwise we could do without the
	 * initialization in SSL_CTX_new).
	 */

	if (o == NULL) {
		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (*o == NULL) {
		if ((*o = ssl_cert_new()) == NULL) {
			SSLerrorx(ERR_R_MALLOC_FAILURE);
			return (0);
		}
	}
	return (1);
}


SESS_CERT *
ssl_sess_cert_new(void)
{
	SESS_CERT *ret;

	ret = calloc(1, sizeof *ret);
	if (ret == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
	ret->references = 1;

	return ret;
}

void
ssl_sess_cert_free(SESS_CERT *sc)
{
	int i;

	if (sc == NULL)
		return;

	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
	if (i > 0)
		return;



	sk_X509_pop_free(sc->cert_chain, X509_free);
	for (i = 0; i < SSL_PKEY_NUM; i++)
		X509_free(sc->peer_pkeys[i].x509);

	DH_free(sc->peer_dh_tmp);
	EC_KEY_free(sc->peer_ecdh_tmp);
	free(sc->peer_x25519_tmp);

	free(sc);
}

int
ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
{
	X509_STORE_CTX ctx;
	X509 *x;
	int ret;

	if ((sk == NULL) || (sk_X509_num(sk) == 0))
		return (0);

	x = sk_X509_value(sk, 0);
	if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) {
		SSLerror(s, ERR_R_X509_LIB);
		return (0);
	}
	X509_STORE_CTX_set_ex_data(&ctx,
	    SSL_get_ex_data_X509_STORE_CTX_idx(), s);

	/*
	 * We need to inherit the verify parameters. These can be
	 * determined by the context: if its a server it will verify
	 * SSL client certificates or vice versa.
	 */
	X509_STORE_CTX_set_default(&ctx,
	    s->server ? "ssl_client" : "ssl_server");

	/*
	 * Anything non-default in "param" should overwrite anything
	 * in the ctx.
	 */
	X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);

	if (s->internal->verify_callback)
		X509_STORE_CTX_set_verify_cb(&ctx, s->internal->verify_callback);

	if (s->ctx->internal->app_verify_callback != NULL)
		ret = s->ctx->internal->app_verify_callback(&ctx,
		    s->ctx->internal->app_verify_arg);
	else
		ret = X509_verify_cert(&ctx);

	s->verify_result = ctx.error;
	X509_STORE_CTX_cleanup(&ctx);

	return (ret);
}

static void
set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
    STACK_OF(X509_NAME) *name_list)
{

	sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);

	*ca_list = name_list;
}

STACK_OF(X509_NAME) *
SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
{
	int i;
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
	}
	return (ret);
}

void
SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{
	set_client_CA_list(&(s->client_CA), name_list);
}

void
SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
{
	set_client_CA_list(&(ctx->client_CA), name_list);
}

STACK_OF(X509_NAME) *
SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
{
	return (ctx->client_CA);
}

STACK_OF(X509_NAME) *
SSL_get_client_CA_list(const SSL *s)
{
	if (s->type == SSL_ST_CONNECT) {
		/* We are in the client. */
		if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
		    (s->s3 != NULL))
			return (s->s3->tmp.ca_names);
		else
			return (NULL);
	} else {
		if (s->client_CA != NULL)
			return (s->client_CA);
		else
			return (s->ctx->client_CA);
	}
}

static int
add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
{
	X509_NAME *name;







|





|





|





|



|



|
|

|







478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
	}
	return (ret);
}

void
SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{
	set_client_CA_list(&(s->internal->client_CA), name_list);
}

void
SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
{
	set_client_CA_list(&(ctx->internal->client_CA), name_list);
}

STACK_OF(X509_NAME) *
SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
{
	return (ctx->internal->client_CA);
}

STACK_OF(X509_NAME) *
SSL_get_client_CA_list(const SSL *s)
{
	if (s->internal->type == SSL_ST_CONNECT) {
		/* We are in the client. */
		if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
		    (s->s3 != NULL))
			return (S3I(s)->tmp.ca_names);
		else
			return (NULL);
	} else {
		if (s->internal->client_CA != NULL)
			return (s->internal->client_CA);
		else
			return (s->ctx->internal->client_CA);
	}
}

static int
add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
{
	X509_NAME *name;
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
	}
	return (1);
}

int
SSL_add_client_CA(SSL *ssl, X509 *x)
{
	return (add_client_CA(&(ssl->client_CA), x));
}

int
SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
	return (add_client_CA(&(ctx->client_CA), x));
}

static int
xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
	return (X509_NAME_cmp(*a, *b));
}







|





|







534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
	}
	return (1);
}

int
SSL_add_client_CA(SSL *ssl, X509 *x)
{
	return (add_client_CA(&(ssl->internal->client_CA), x));
}

int
SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
	return (add_client_CA(&(ctx->internal->client_CA), x));
}

static int
xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
	return (X509_NAME_cmp(*a, *b));
}
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621

622
623
624
625
626
627
628
	STACK_OF(X509_NAME) *ret = NULL, *sk;

	sk = sk_X509_NAME_new(xname_cmp);

	in = BIO_new(BIO_s_file_internal());

	if ((sk == NULL) || (in == NULL)) {
		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!BIO_read_filename(in, file))
		goto err;

	for (;;) {
		if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
			break;
		if (ret == NULL) {
			ret = sk_X509_NAME_new_null();
			if (ret == NULL) {
				SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
		if ((xn = X509_get_subject_name(x)) == NULL) goto err;
			/* check for duplicates */
		xn = X509_NAME_dup(xn);
		if (xn == NULL)
			goto err;
		if (sk_X509_NAME_find(sk, xn) >= 0)
			X509_NAME_free(xn);
		else {
			sk_X509_NAME_push(sk, xn);
			sk_X509_NAME_push(ret, xn);
		}
	}

	if (0) {
err:
		if (ret != NULL)
			sk_X509_NAME_pop_free(ret, X509_NAME_free);
		ret = NULL;
	}
	if (sk != NULL)
		sk_X509_NAME_free(sk);
	BIO_free(in);
	X509_free(x);
	if (ret != NULL)
		ERR_clear_error();

	return (ret);
}

/*!
 * Add a file of certs to a stack.
 * \param stack the stack to add to.
 * \param file the file to add from. All certs in this file that are not







|












<
|


















<
|


<
|




>







570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589

590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608

609
610
611

612
613
614
615
616
617
618
619
620
621
622
623
624
	STACK_OF(X509_NAME) *ret = NULL, *sk;

	sk = sk_X509_NAME_new(xname_cmp);

	in = BIO_new(BIO_s_file_internal());

	if ((sk == NULL) || (in == NULL)) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!BIO_read_filename(in, file))
		goto err;

	for (;;) {
		if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
			break;
		if (ret == NULL) {
			ret = sk_X509_NAME_new_null();
			if (ret == NULL) {

				SSLerrorx(ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
		if ((xn = X509_get_subject_name(x)) == NULL) goto err;
			/* check for duplicates */
		xn = X509_NAME_dup(xn);
		if (xn == NULL)
			goto err;
		if (sk_X509_NAME_find(sk, xn) >= 0)
			X509_NAME_free(xn);
		else {
			sk_X509_NAME_push(sk, xn);
			sk_X509_NAME_push(ret, xn);
		}
	}

	if (0) {
err:

		sk_X509_NAME_pop_free(ret, X509_NAME_free);
		ret = NULL;
	}

	sk_X509_NAME_free(sk);
	BIO_free(in);
	X509_free(x);
	if (ret != NULL)
		ERR_clear_error();

	return (ret);
}

/*!
 * Add a file of certs to a stack.
 * \param stack the stack to add to.
 * \param file the file to add from. All certs in this file that are not
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
	int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);

	oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);

	in = BIO_new(BIO_s_file_internal());

	if (in == NULL) {
		SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,
		    ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!BIO_read_filename(in, file))
		goto err;

	for (;;) {







<
|







638
639
640
641
642
643
644

645
646
647
648
649
650
651
652
	int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);

	oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);

	in = BIO_new(BIO_s_file_internal());

	if (in == NULL) {

		SSLerrorx(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!BIO_read_filename(in, file))
		goto err;

	for (;;) {
710
711
712
713
714
715
716
717
718
719
720
721
722
			}
			if (!ret)
				break;
		}
		(void) closedir(dirp);
	}
	if (!ret) {
 		SYSerr(SYS_F_OPENDIR, errno);
		ERR_asprintf_error_data("opendir ('%s')", dir);
		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
	}
	return ret;
}







|

|



705
706
707
708
709
710
711
712
713
714
715
716
717
			}
			if (!ret)
				break;
		}
		(void) closedir(dirp);
	}
	if (!ret) {
 		SYSerror(errno);
		ERR_asprintf_error_data("opendir ('%s')", dir);
		SSLerrorx(ERR_R_SYS_LIB);
	}
	return ret;
}
Changes to jni/libressl/ssl/ssl_ciph.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_ciph.c,v 1.96 2017/03/10 16:03:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
#define SSL_MD_MD5_IDX	0
#define SSL_MD_SHA1_IDX	1
#define SSL_MD_GOST94_IDX 2
#define SSL_MD_GOST89MAC_IDX 3
#define SSL_MD_SHA256_IDX 4
#define SSL_MD_SHA384_IDX 5
#define SSL_MD_STREEBOG256_IDX 6
#define SSL_MD_STREEBOG512_IDX 7
/*Constant SSL_MAX_DIGEST equal to size of digests array should be
 * defined in the
 * ssl_locl.h */
#define SSL_MD_NUM_IDX	SSL_MAX_DIGEST
static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};

static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
	EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT,
	EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
};

static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
	0, 0, 0, 0, 0, 0, 0, 0
};

static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
	SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
	SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
	SSL_HANDSHAKE_MAC_STREEBOG512
};

#define CIPHER_ADD	1
#define CIPHER_KILL	2
#define CIPHER_DEL	3
#define CIPHER_ORD	4
#define CIPHER_SPECIAL	5







<





|




|



|
<
<
<
<
<
<
<







172
173
174
175
176
177
178

179
180
181
182
183
184
185
186
187
188
189
190
191
192
193







194
195
196
197
198
199
200
#define SSL_MD_MD5_IDX	0
#define SSL_MD_SHA1_IDX	1
#define SSL_MD_GOST94_IDX 2
#define SSL_MD_GOST89MAC_IDX 3
#define SSL_MD_SHA256_IDX 4
#define SSL_MD_SHA384_IDX 5
#define SSL_MD_STREEBOG256_IDX 6

/*Constant SSL_MAX_DIGEST equal to size of digests array should be
 * defined in the
 * ssl_locl.h */
#define SSL_MD_NUM_IDX	SSL_MAX_DIGEST
static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
	NULL, NULL, NULL, NULL, NULL, NULL, NULL,
};

static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
	EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT,
	EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
};

static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
	0, 0, 0, 0, 0, 0, 0,







};

#define CIPHER_ADD	1
#define CIPHER_KILL	2
#define CIPHER_DEL	3
#define CIPHER_ORD	4
#define CIPHER_SPECIAL	5
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
		.name = SSL_TXT_kEDH,
		.algorithm_mkey = SSL_kDHE,
	},
	{
		.name = SSL_TXT_DH,
		.algorithm_mkey = SSL_kDHE,
	},

	{
		.name = SSL_TXT_kECDHr,
		.algorithm_mkey = SSL_kECDHr,
	},
	{
		.name = SSL_TXT_kECDHe,
		.algorithm_mkey = SSL_kECDHe,
	},
	{
		.name = SSL_TXT_kECDH,
		.algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
	},
	{
		.name = SSL_TXT_kEECDH,
		.algorithm_mkey = SSL_kECDHE,
	},
	{
		.name = SSL_TXT_ECDH,
		.algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
	},

	{
		.name = SSL_TXT_kGOST,
		.algorithm_mkey = SSL_kGOST,
	},

	/* server authentication aliases */
	{







<
<
<
<
<
<
<
<
<
<
<
<
<






|

<







245
246
247
248
249
250
251













252
253
254
255
256
257
258
259

260
261
262
263
264
265
266
		.name = SSL_TXT_kEDH,
		.algorithm_mkey = SSL_kDHE,
	},
	{
		.name = SSL_TXT_DH,
		.algorithm_mkey = SSL_kDHE,
	},













	{
		.name = SSL_TXT_kEECDH,
		.algorithm_mkey = SSL_kECDHE,
	},
	{
		.name = SSL_TXT_ECDH,
		.algorithm_mkey = SSL_kECDHE,
	},

	{
		.name = SSL_TXT_kGOST,
		.algorithm_mkey = SSL_kGOST,
	},

	/* server authentication aliases */
	{
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
		.algorithm_auth = SSL_aDSS,
	},
	{
		.name = SSL_TXT_aNULL,
		.algorithm_auth = SSL_aNULL,
	},
	{
		.name = SSL_TXT_aECDH,
		.algorithm_auth = SSL_aECDH,
	},
	{
		.name = SSL_TXT_aECDSA,
		.algorithm_auth = SSL_aECDSA,
	},
	{
		.name = SSL_TXT_ECDSA,
		.algorithm_auth = SSL_aECDSA,
	},







<
<
<
<







276
277
278
279
280
281
282




283
284
285
286
287
288
289
		.algorithm_auth = SSL_aDSS,
	},
	{
		.name = SSL_TXT_aNULL,
		.algorithm_auth = SSL_aNULL,
	},
	{




		.name = SSL_TXT_aECDSA,
		.algorithm_auth = SSL_aECDSA,
	},
	{
		.name = SSL_TXT_ECDSA,
		.algorithm_auth = SSL_aECDSA,
	},
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
		.name = SSL_TXT_SHA384,
		.algorithm_mac = SSL_SHA384,
	},
	{
		.name = SSL_TXT_STREEBOG256,
		.algorithm_mac = SSL_STREEBOG256,
	},
	{
		.name = SSL_TXT_STREEBOG512,
		.algorithm_mac = SSL_STREEBOG512,
	},

	/* protocol version aliases */
	{
		.name = SSL_TXT_SSLV3,
		.algorithm_ssl = SSL_SSLV3,
	},
	{







<
<
<
<







424
425
426
427
428
429
430




431
432
433
434
435
436
437
		.name = SSL_TXT_SHA384,
		.algorithm_mac = SSL_SHA384,
	},
	{
		.name = SSL_TXT_STREEBOG256,
		.algorithm_mac = SSL_STREEBOG256,
	},





	/* protocol version aliases */
	{
		.name = SSL_TXT_SSLV3,
		.algorithm_ssl = SSL_SSLV3,
	},
	{
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
{
	ssl_cipher_methods[SSL_ENC_DES_IDX] =
	    EVP_get_cipherbyname(SN_des_cbc);
	ssl_cipher_methods[SSL_ENC_3DES_IDX] =
	    EVP_get_cipherbyname(SN_des_ede3_cbc);
	ssl_cipher_methods[SSL_ENC_RC4_IDX] =
	    EVP_get_cipherbyname(SN_rc4);
#ifndef OPENSSL_NO_IDEA
	ssl_cipher_methods[SSL_ENC_IDEA_IDX] =
	    EVP_get_cipherbyname(SN_idea_cbc);
#else
	ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
#endif
	ssl_cipher_methods[SSL_ENC_AES128_IDX] =
	    EVP_get_cipherbyname(SN_aes_128_cbc);
	ssl_cipher_methods[SSL_ENC_AES256_IDX] =
	    EVP_get_cipherbyname(SN_aes_256_cbc);
	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
	    EVP_get_cipherbyname(SN_camellia_128_cbc);
	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =







<
<
<
<

<







463
464
465
466
467
468
469




470

471
472
473
474
475
476
477
{
	ssl_cipher_methods[SSL_ENC_DES_IDX] =
	    EVP_get_cipherbyname(SN_des_cbc);
	ssl_cipher_methods[SSL_ENC_3DES_IDX] =
	    EVP_get_cipherbyname(SN_des_ede3_cbc);
	ssl_cipher_methods[SSL_ENC_RC4_IDX] =
	    EVP_get_cipherbyname(SN_rc4);




	ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;

	ssl_cipher_methods[SSL_ENC_AES128_IDX] =
	    EVP_get_cipherbyname(SN_aes_128_cbc);
	ssl_cipher_methods[SSL_ENC_AES256_IDX] =
	    EVP_get_cipherbyname(SN_aes_256_cbc);
	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
	    EVP_get_cipherbyname(SN_camellia_128_cbc);
	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
	    EVP_get_digestbyname(SN_sha384);
	ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
	    EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
	ssl_digest_methods[SSL_MD_STREEBOG256_IDX] =
	    EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256);
	ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] =
	    EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]);
	ssl_digest_methods[SSL_MD_STREEBOG512_IDX] =
	    EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512);
	ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] =
	    EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]);
}

int
ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
{
	const SSL_CIPHER *c;







<
<
<
<







515
516
517
518
519
520
521




522
523
524
525
526
527
528
	    EVP_get_digestbyname(SN_sha384);
	ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
	    EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
	ssl_digest_methods[SSL_MD_STREEBOG256_IDX] =
	    EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256);
	ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] =
	    EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]);




}

int
ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
{
	const SSL_CIPHER *c;
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
		break;
	case SSL_GOST89MAC:
		i = SSL_MD_GOST89MAC_IDX;
		break;
	case SSL_STREEBOG256:
		i = SSL_MD_STREEBOG256_IDX;
		break;
	case SSL_STREEBOG512:
		i = SSL_MD_STREEBOG512_IDX;
		break;
	default:
		i = -1;
		break;
	}
	if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
		*md = NULL;








<
<
<







611
612
613
614
615
616
617



618
619
620
621
622
623
624
		break;
	case SSL_GOST89MAC:
		i = SSL_MD_GOST89MAC_IDX;
		break;
	case SSL_STREEBOG256:
		i = SSL_MD_STREEBOG256_IDX;
		break;



	default:
		i = -1;
		break;
	}
	if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
		*md = NULL;

725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751


752


753


754
755

756
757








758
759
760
761
762
763
764
	case SSL_AES128GCM:
		*aead = EVP_aead_aes_128_gcm();
		return 1;
	case SSL_AES256GCM:
		*aead = EVP_aead_aes_256_gcm();
		return 1;
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
	case SSL_CHACHA20POLY1305:
		*aead = EVP_aead_chacha20_poly1305();
		return 1;
	case SSL_CHACHA20POLY1305_OLD:
		*aead = EVP_aead_chacha20_poly1305_old();
		return 1;
#endif
	default:
		break;
	}
	return 0;
}

int
ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
{
	if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
		return 0;
	}


	*mask = ssl_handshake_digest_flag[idx];


	if (*mask)


		*md = ssl_digest_methods[idx];
	else

		*md = NULL;
	return 1;








}

#define ITEM_SEP(a) \
	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))

static void
ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,







<






<







|

<
|
|
>
>
|
>
>
|
>
>
|
|
>
|
|
>
>
>
>
>
>
>
>







683
684
685
686
687
688
689

690
691
692
693
694
695

696
697
698
699
700
701
702
703
704

705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
	case SSL_AES128GCM:
		*aead = EVP_aead_aes_128_gcm();
		return 1;
	case SSL_AES256GCM:
		*aead = EVP_aead_aes_256_gcm();
		return 1;
#endif

	case SSL_CHACHA20POLY1305:
		*aead = EVP_aead_chacha20_poly1305();
		return 1;
	case SSL_CHACHA20POLY1305_OLD:
		*aead = EVP_aead_chacha20_poly1305_old();
		return 1;

	default:
		break;
	}
	return 0;
}

int
ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
{

	*md = NULL;

	switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) {
	case SSL_HANDSHAKE_MAC_DEFAULT:
		*md = EVP_md5_sha1();
		return 1;
	case SSL_HANDSHAKE_MAC_GOST94:
		*md = EVP_gostr341194();
		return 1;
	case SSL_HANDSHAKE_MAC_SHA256:
		*md = EVP_sha256();
		return 1;
	case SSL_HANDSHAKE_MAC_SHA384:
		*md = EVP_sha384();
		return 1;
	case SSL_HANDSHAKE_MAC_STREEBOG256:
		*md = EVP_streebog256();
		return 1;
	default:
		break;
	}

	return 0;
}

#define ITEM_SEP(a) \
	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))

static void
ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
	*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0;
	*mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0;

}

static void
ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
    unsigned long disabled_mkey, unsigned long disabled_auth,
    unsigned long disabled_enc, unsigned long disabled_mac,
    unsigned long disabled_ssl, CIPHER_ORDER *co_list,







<
<







805
806
807
808
809
810
811


812
813
814
815
816
817
818
	*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
	*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0;
	*mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0;


}

static void
ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
    unsigned long disabled_mkey, unsigned long disabled_auth,
    unsigned long disabled_enc, unsigned long disabled_mac,
    unsigned long disabled_ssl, CIPHER_ORDER *co_list,
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
		    (curr->cipher->strength_bits > max_strength_bits))
			max_strength_bits = curr->cipher->strength_bits;
		curr = curr->next;
	}

	number_uses = calloc((max_strength_bits + 1), sizeof(int));
	if (!number_uses) {
		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
		return (0);
	}

	/*
	 * Now find the strength_bits values actually used
	 */
	curr = *head_p;







|







1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
		    (curr->cipher->strength_bits > max_strength_bits))
			max_strength_bits = curr->cipher->strength_bits;
		curr = curr->next;
	}

	number_uses = calloc((max_strength_bits + 1), sizeof(int));
	if (!number_uses) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (0);
	}

	/*
	 * Now find the strength_bits values actually used
	 */
	curr = *head_p;
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198

			if (buflen == 0) {
				/*
				 * We hit something we cannot deal with,
				 * it is no command or separator nor
				 * alphanumeric, so we call this an error.
				 */
				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
				    SSL_R_INVALID_COMMAND);
				retval = found = 0;
				l++;
				break;
			}

			if (rule == CIPHER_SPECIAL) {
				 /* unused -- avoid compiler warning */







<
|







1151
1152
1153
1154
1155
1156
1157

1158
1159
1160
1161
1162
1163
1164
1165

			if (buflen == 0) {
				/*
				 * We hit something we cannot deal with,
				 * it is no command or separator nor
				 * alphanumeric, so we call this an error.
				 */

				SSLerrorx(SSL_R_INVALID_COMMAND);
				retval = found = 0;
				l++;
				break;
			}

			if (rule == CIPHER_SPECIAL) {
				 /* unused -- avoid compiler warning */
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
		 */
		if (rule == CIPHER_SPECIAL) {
			/* special command */
			ok = 0;
			if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
				ok = ssl_cipher_strength_sort(head_p, tail_p);
			else
				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
				    SSL_R_INVALID_COMMAND);
			if (ok == 0)
				retval = 0;
			/*
			 * We do not support any "multi" options
			 * together with "@", so throw away the
			 * rest of the command, if any left, until
			 * end or ':' is found.







<
|







1297
1298
1299
1300
1301
1302
1303

1304
1305
1306
1307
1308
1309
1310
1311
		 */
		if (rule == CIPHER_SPECIAL) {
			/* special command */
			ok = 0;
			if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
				ok = ssl_cipher_strength_sort(head_p, tail_p);
			else

				SSLerrorx(SSL_R_INVALID_COMMAND);
			if (ok == 0)
				retval = 0;
			/*
			 * We do not support any "multi" options
			 * together with "@", so throw away the
			 * rest of the command, if any left, until
			 * end or ':' is found.
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
	 * Now we have to collect the available ciphers from the compiled
	 * in ciphers. We cannot get more than the number compiled in, so
	 * it is used for allocation.
	 */
	num_of_ciphers = ssl_method->num_ciphers();
	co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
	if (co_list == NULL) {
		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
		return(NULL);	/* Failure */
	}

	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
	disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
	co_list, &head, &tail);








|







1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
	 * Now we have to collect the available ciphers from the compiled
	 * in ciphers. We cannot get more than the number compiled in, so
	 * it is used for allocation.
	 */
	num_of_ciphers = ssl_method->num_ciphers();
	co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
	if (co_list == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return(NULL);	/* Failure */
	}

	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
	disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
	co_list, &head, &tail);

1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465

	/* Move anonymous ciphers to the end.  Usually, these will remain disabled.
	 * (For applications that allow them, they aren't too bad, but we prefer
	 * authenticated ciphers.) */
	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);

	/* Move ciphers without forward secrecy to the end */
	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);

	/* RC4 is sort of broken - move it to the end */
	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);

	/* Now sort by symmetric encryption strength.  The above ordering remains
	 * in force within each class */







<







1417
1418
1419
1420
1421
1422
1423

1424
1425
1426
1427
1428
1429
1430

	/* Move anonymous ciphers to the end.  Usually, these will remain disabled.
	 * (For applications that allow them, they aren't too bad, but we prefer
	 * authenticated ciphers.) */
	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);

	/* Move ciphers without forward secrecy to the end */

	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);

	/* RC4 is sort of broken - move it to the end */
	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);

	/* Now sort by symmetric encryption strength.  The above ordering remains
	 * in force within each class */
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
	 * we would be happy with just the cipher_aliases table).
	 */
	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
	ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
	if (ca_list == NULL) {
		free(co_list);
		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
		return(NULL);	/* Failure */
	}
	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
	disabled_mkey, disabled_auth, disabled_enc,
	disabled_mac, disabled_ssl, head);

	/*







|







1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
	 * we would be happy with just the cipher_aliases table).
	 */
	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
	ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
	if (ca_list == NULL) {
		free(co_list);
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return(NULL);	/* Failure */
	}
	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
	disabled_mkey, disabled_auth, disabled_enc,
	disabled_mac, disabled_ssl, head);

	/*
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
	free(co_list);	/* Not needed any longer */

	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
	if (tmp_cipher_list == NULL) {
		sk_SSL_CIPHER_free(cipherstack);
		return NULL;
	}
	if (*cipher_list != NULL)
		sk_SSL_CIPHER_free(*cipher_list);
	*cipher_list = cipherstack;
	if (*cipher_list_by_id != NULL)
		sk_SSL_CIPHER_free(*cipher_list_by_id);
	*cipher_list_by_id = tmp_cipher_list;
	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
	    ssl_cipher_ptr_id_cmp);

	sk_SSL_CIPHER_sort(*cipher_list_by_id);
	return (cipherstack);
}







<
|

<
|







1503
1504
1505
1506
1507
1508
1509

1510
1511

1512
1513
1514
1515
1516
1517
1518
1519
	free(co_list);	/* Not needed any longer */

	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
	if (tmp_cipher_list == NULL) {
		sk_SSL_CIPHER_free(cipherstack);
		return NULL;
	}

	sk_SSL_CIPHER_free(*cipher_list);
	*cipher_list = cipherstack;

	sk_SSL_CIPHER_free(*cipher_list_by_id);
	*cipher_list_by_id = tmp_cipher_list;
	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
	    ssl_cipher_ptr_id_cmp);

	sk_SSL_CIPHER_sort(*cipher_list_by_id);
	return (cipherstack);
}
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
	switch (alg_mkey) {
	case SSL_kRSA:
		kx = "RSA";
		break;
	case SSL_kDHE:
		kx = "DH";
		break;
	case SSL_kECDHr:
		kx = "ECDH/RSA";
		break;
	case SSL_kECDHe:
		kx = "ECDH/ECDSA";
		break;
	case SSL_kECDHE:
		kx = "ECDH";
		break;
	case SSL_kGOST:
		kx = "GOST";
		break;
	default:
		kx = "unknown";
	}

	switch (alg_auth) {
	case SSL_aRSA:
		au = "RSA";
		break;
	case SSL_aDSS:
		au = "DSS";
		break;
	case SSL_aECDH:
		au = "ECDH";
		break;
	case SSL_aNULL:
		au = "None";
		break;
	case SSL_aECDSA:
		au = "ECDSA";
		break;
	case SSL_aGOST01:







<
<
<
<
<
<

















<
<
<







1556
1557
1558
1559
1560
1561
1562






1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579



1580
1581
1582
1583
1584
1585
1586
	switch (alg_mkey) {
	case SSL_kRSA:
		kx = "RSA";
		break;
	case SSL_kDHE:
		kx = "DH";
		break;






	case SSL_kECDHE:
		kx = "ECDH";
		break;
	case SSL_kGOST:
		kx = "GOST";
		break;
	default:
		kx = "unknown";
	}

	switch (alg_auth) {
	case SSL_aRSA:
		au = "RSA";
		break;
	case SSL_aDSS:
		au = "DSS";
		break;



	case SSL_aNULL:
		au = "None";
		break;
	case SSL_aECDSA:
		au = "ECDSA";
		break;
	case SSL_aGOST01:
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
		break;
	case SSL_GOST89MAC:
		mac = "GOST89IMIT";
		break;
	case SSL_STREEBOG256:
		mac = "STREEBOG256";
		break;
	case SSL_STREEBOG512:
		mac = "STREEBOG512";
		break;
	default:
		mac = "unknown";
		break;
	}

	if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
	    cipher->name, ver, kx, au, enc, mac) == -1)







<
<
<







1660
1661
1662
1663
1664
1665
1666



1667
1668
1669
1670
1671
1672
1673
		break;
	case SSL_GOST89MAC:
		mac = "GOST89IMIT";
		break;
	case SSL_STREEBOG256:
		mac = "STREEBOG256";
		break;



	default:
		mac = "unknown";
		break;
	}

	if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
	    cipher->name, ver, kx, au, enc, mac) == -1)
Added jni/libressl/ssl/ssl_clnt.c.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
/* $OpenBSD: ssl_clnt.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * ECC cipher suite support in OpenSSL originally written by
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */

#include <limits.h>
#include <stdint.h>
#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/bn.h>
#include <openssl/buffer.h>
#include <openssl/curve25519.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/objects.h>

#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_GOST
#include <openssl/gost.h>
#endif

#include "bytestring.h"

static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);

int
ssl3_connect(SSL *s)
{
	void   (*cb)(const SSL *ssl, int type, int val) = NULL;
	int	 ret = -1;
	int	 new_state, state, skip = 0;

	ERR_clear_error();
	errno = 0;

	if (s->internal->info_callback != NULL)
		cb = s->internal->info_callback;
	else if (s->ctx->internal->info_callback != NULL)
		cb = s->ctx->internal->info_callback;

	s->internal->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	for (;;) {
		state = s->internal->state;

		switch (s->internal->state) {
		case SSL_ST_RENEGOTIATE:
			s->internal->renegotiate = 1;
			s->internal->state = SSL_ST_CONNECT;
			s->ctx->internal->stats.sess_connect_renegotiate++;
			/* break */
		case SSL_ST_BEFORE:
		case SSL_ST_CONNECT:
		case SSL_ST_BEFORE|SSL_ST_CONNECT:
		case SSL_ST_OK|SSL_ST_CONNECT:

			s->server = 0;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version & 0xff00 ) != 0x0300) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}

			/* s->version=SSL3_VERSION; */
			s->internal->type = SSL_ST_CONNECT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl_init_wbio_buffer(s, 0)) {
				ret = -1;
				goto end;
			}

			/* don't push the buffering BIO quite yet */

			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}

			s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
			s->ctx->internal->stats.sess_connect++;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_CLNT_HELLO_A:
		case SSL3_ST_CW_CLNT_HELLO_B:

			s->internal->shutdown = 0;
			ret = ssl3_client_hello(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
			s->internal->init_num = 0;

			/* turn on buffering for the next lot of output */
			if (s->bbio != s->wbio)
				s->wbio = BIO_push(s->bbio, s->wbio);

			break;

		case SSL3_ST_CR_SRVR_HELLO_A:
		case SSL3_ST_CR_SRVR_HELLO_B:
			ret = ssl3_get_server_hello(s);
			if (ret <= 0)
				goto end;

			if (s->internal->hit) {
				s->internal->state = SSL3_ST_CR_FINISHED_A;
				if (s->internal->tlsext_ticket_expected) {
					/* receive renewed session ticket */
					s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
				}
			} else
				s->internal->state = SSL3_ST_CR_CERT_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_A:
		case SSL3_ST_CR_CERT_B:
			ret = ssl3_check_finished(s);
			if (ret <= 0)
				goto end;
			if (ret == 2) {
				s->internal->hit = 1;
				if (s->internal->tlsext_ticket_expected)
					s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
				else
					s->internal->state = SSL3_ST_CR_FINISHED_A;
				s->internal->init_num = 0;
				break;
			}
			/* Check if it is anon DH/ECDH. */
			if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				ret = ssl3_get_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->internal->tlsext_status_expected)
					s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
				else
					s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
			} else {
				skip = 1;
				s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
			}
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_KEY_EXCH_A:
		case SSL3_ST_CR_KEY_EXCH_B:
			ret = ssl3_get_server_key_exchange(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_CERT_REQ_A;
			s->internal->init_num = 0;

			/*
			 * At this point we check that we have the
			 * required stuff from the server.
			 */
			if (!ssl3_check_cert_and_algorithm(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_CR_CERT_REQ_A:
		case SSL3_ST_CR_CERT_REQ_B:
			ret = ssl3_get_certificate_request(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_SRVR_DONE_A:
		case SSL3_ST_CR_SRVR_DONE_B:
			ret = ssl3_get_server_done(s);
			if (ret <= 0)
				goto end;
			if (S3I(s)->tmp.cert_req)
				s->internal->state = SSL3_ST_CW_CERT_A;
			else
				s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
			s->internal->init_num = 0;

			break;

		case SSL3_ST_CW_CERT_A:
		case SSL3_ST_CW_CERT_B:
		case SSL3_ST_CW_CERT_C:
		case SSL3_ST_CW_CERT_D:
			ret = ssl3_send_client_certificate(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_KEY_EXCH_A:
		case SSL3_ST_CW_KEY_EXCH_B:
			ret = ssl3_send_client_key_exchange(s);
			if (ret <= 0)
				goto end;
			/*
			 * EAY EAY EAY need to check for DH fix cert
			 * sent back
			 */
			/*
			 * For TLS, cert_req is set to 2, so a cert chain
			 * of nothing is sent, but no verify packet is sent
			 */
			/*
			 * XXX: For now, we do not support client
			 * authentication in ECDH cipher suites with
			 * ECDH (rather than ECDSA) certificates.
			 * We need to skip the certificate verify
			 * message when client's ECDH public key is sent
			 * inside the client certificate.
			 */
			if (S3I(s)->tmp.cert_req == 1) {
				s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
			} else {
				s->internal->state = SSL3_ST_CW_CHANGE_A;
				S3I(s)->change_cipher_spec = 0;
			}
			if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
				s->internal->state = SSL3_ST_CW_CHANGE_A;
				S3I(s)->change_cipher_spec = 0;
			}

			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_CERT_VRFY_A:
		case SSL3_ST_CW_CERT_VRFY_B:
			ret = ssl3_send_client_verify(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CW_CHANGE_A;
			s->internal->init_num = 0;
			S3I(s)->change_cipher_spec = 0;
			break;

		case SSL3_ST_CW_CHANGE_A:
		case SSL3_ST_CW_CHANGE_B:
			ret = ssl3_send_change_cipher_spec(s,
			SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
			if (ret <= 0)
				goto end;

			if (S3I(s)->next_proto_neg_seen)
				s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;
			else
				s->internal->state = SSL3_ST_CW_FINISHED_A;
			s->internal->init_num = 0;

			s->session->cipher = S3I(s)->tmp.new_cipher;
			if (!tls1_setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			if (!tls1_change_cipher_state(s,
			    SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
				ret = -1;
				goto end;
			}

			break;

		case SSL3_ST_CW_NEXT_PROTO_A:
		case SSL3_ST_CW_NEXT_PROTO_B:
			ret = ssl3_send_next_proto(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CW_FINISHED_A;
			break;

		case SSL3_ST_CW_FINISHED_A:
		case SSL3_ST_CW_FINISHED_B:
			ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
			    SSL3_ST_CW_FINISHED_B,
			    TLS_MD_CLIENT_FINISH_CONST,
			    TLS_MD_CLIENT_FINISH_CONST_SIZE);
			if (ret <= 0)
				goto end;
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
			s->internal->state = SSL3_ST_CW_FLUSH;

			/* clear flags */
			s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
			if (s->internal->hit) {
				S3I(s)->tmp.next_state = SSL_ST_OK;
				if (s->s3->flags &
				    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
					s->internal->state = SSL_ST_OK;
					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
					S3I(s)->delay_buf_pop_ret = 0;
				}
			} else {
				/* Allow NewSessionTicket if ticket expected */
				if (s->internal->tlsext_ticket_expected)
					S3I(s)->tmp.next_state =
					    SSL3_ST_CR_SESSION_TICKET_A;
				else

				S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A;
			}
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_SESSION_TICKET_A:
		case SSL3_ST_CR_SESSION_TICKET_B:
			ret = ssl3_get_new_session_ticket(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_FINISHED_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_CERT_STATUS_A:
		case SSL3_ST_CR_CERT_STATUS_B:
			ret = ssl3_get_cert_status(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CR_FINISHED_A:
		case SSL3_ST_CR_FINISHED_B:
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
			ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
			    SSL3_ST_CR_FINISHED_B);
			if (ret <= 0)
				goto end;

			if (s->internal->hit)
				s->internal->state = SSL3_ST_CW_CHANGE_A;
			else
				s->internal->state = SSL_ST_OK;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_CW_FLUSH:
			s->internal->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				ret = -1;
				goto end;
			}
			s->internal->rwstate = SSL_NOTHING;
			s->internal->state = S3I(s)->tmp.next_state;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			BUF_MEM_free(s->internal->init_buf);
			s->internal->init_buf = NULL;

			/*
			 * If we are not 'joining' the last two packets,
			 * remove the buffering now
			 */
			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
				ssl_free_wbio_buffer(s);
			/* else do it later in ssl3_write */

			s->internal->init_num = 0;
			s->internal->renegotiate = 0;
			s->internal->new_session = 0;

			ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
			if (s->internal->hit)
				s->ctx->internal->stats.sess_hit++;

			ret = 1;
			/* s->server=0; */
			s->internal->handshake_func = ssl3_connect;
			s->ctx->internal->stats.sess_connect_good++;

			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_DONE, 1);

			goto end;
			/* break; */

		default:
			SSLerror(s, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		/* did we do anything */
		if (!S3I(s)->tmp.reuse_message && !skip) {
			if (s->internal->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}

			if ((cb != NULL) && (s->internal->state != state)) {
				new_state = s->internal->state;
				s->internal->state = state;
				cb(s, SSL_CB_CONNECT_LOOP, 1);
				s->internal->state = new_state;
			}
		}
		skip = 0;
	}

end:
	s->internal->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_CONNECT_EXIT, ret);

	return (ret);
}

int
ssl3_client_hello(SSL *s)
{
	unsigned char	*bufend, *p, *d;
	uint16_t	 max_version;
	size_t		 outlen;
	int		 i;

	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;

	if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {
		SSL_SESSION *sess = s->session;

		if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
			SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
			return (-1);
		}
		s->client_version = s->version = max_version;

		if ((sess == NULL) ||
		    (sess->ssl_version != s->version) ||
		    (!sess->session_id_length && !sess->tlsext_tick) ||
		    (sess->internal->not_resumable)) {
			if (!ssl_get_new_session(s, 0))
				goto err;
		}
		/* else use the pre-loaded session */

		/*
		 * If a DTLS ClientHello message is being resent after a
		 * HelloVerifyRequest, we must retain the original client
		 * random value.
		 */
		if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0)
			arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);

		d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);

		/*
		 * Version indicates the negotiated version: for example from
		 * an SSLv2/v3 compatible client hello). The client_version
		 * field is the maximum version we permit and it is also
		 * used in RSA encrypted premaster secrets. Some servers can
		 * choke if we initially report a higher version then
		 * renegotiate to a lower one in the premaster secret. This
		 * didn't happen with TLS 1.0 as most servers supported it
		 * but it can with TLS 1.1 or later if the server only supports
		 * 1.0.
		 *
		 * Possible scenario with previous logic:
		 * 	1. Client hello indicates TLS 1.2
		 * 	2. Server hello says TLS 1.0
		 *	3. RSA encrypted premaster secret uses 1.2.
		 * 	4. Handhaked proceeds using TLS 1.0.
		 *	5. Server sends hello request to renegotiate.
		 *	6. Client hello indicates TLS v1.0 as we now
		 *	   know that is maximum server supports.
		 *	7. Server chokes on RSA encrypted premaster secret
		 *	   containing version 1.0.
		 *
		 * For interoperability it should be OK to always use the
		 * maximum version we support in client hello and then rely
		 * on the checking of version to ensure the servers isn't
		 * being inconsistent: for example initially negotiating with
		 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
		 * client_version in client hello and not resetting it to
		 * the negotiated version.
		 */

		*(p++) = s->client_version >> 8;
		*(p++) = s->client_version & 0xff;

		/* Random stuff */
		memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
		p += SSL3_RANDOM_SIZE;

		/* Session ID */
		if (s->internal->new_session)
			i = 0;
		else
			i = s->session->session_id_length;
		*(p++) = i;
		if (i != 0) {
			if (i > (int)sizeof(s->session->session_id)) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			memcpy(p, s->session->session_id, i);
			p += i;
		}

		/* DTLS Cookie. */
		if (SSL_IS_DTLS(s)) {
			if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			*(p++) = D1I(s)->cookie_len;
			memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);
			p += D1I(s)->cookie_len;
		}

		/* Ciphers supported */
		if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],
		    bufend - &p[2], &outlen))
			goto err;
		if (outlen == 0) {
			SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);
			goto err;
		}
		s2n(outlen, p);
		p += outlen;

		/* add in (no) COMPRESSION */
		*(p++) = 1;
		*(p++) = 0; /* Add the NULL method */

		/* TLS extensions*/
		if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}

		ssl3_handshake_msg_finish(s, p - d);

		s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;
	}

	/* SSL3_ST_CW_CLNT_HELLO_B */
	return (ssl3_handshake_write(s));

err:
	return (-1);
}

int
ssl3_get_server_hello(SSL *s)
{
	CBS cbs, server_random, session_id;
	uint16_t server_version, cipher_suite;
	uint16_t min_version, max_version;
	uint8_t compression_method;
	STACK_OF(SSL_CIPHER) *sk;
	const SSL_CIPHER *cipher;
	const SSL_METHOD *method;
	unsigned char *p;
	unsigned long alg_k;
	size_t outlen;
	int i, al, ok;
	long n;

	s->internal->first_packet = 1;
	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
	    SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
	if (!ok)
		return ((int)n);
	s->internal->first_packet = 0;

	if (n < 0)
		goto truncated;

	CBS_init(&cbs, s->internal->init_msg, n);

	if (SSL_IS_DTLS(s)) {
		if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
			if (D1I(s)->send_cookie == 0) {
				S3I(s)->tmp.reuse_message = 1;
				return (1);
			} else {
				/* Already sent a cookie. */
				al = SSL_AD_UNEXPECTED_MESSAGE;
				SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
				goto f_err;
			}
		}
	}

	if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
		goto f_err;
	}

	if (!CBS_get_u16(&cbs, &server_version))
		goto truncated;

	if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
		SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
		goto err;
	}

	if (server_version < min_version || server_version > max_version) {
		SSLerror(s, SSL_R_WRONG_SSL_VERSION);
		s->version = (s->version & 0xff00) | (server_version & 0xff);
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
	}
	s->version = server_version;

	if ((method = tls1_get_client_method(server_version)) == NULL)
		method = dtls1_get_client_method(server_version);
	if (method == NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	s->method = method;

	/* Server random. */
	if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
		goto truncated;
	if (!CBS_write_bytes(&server_random, s->s3->server_random,
	    sizeof(s->s3->server_random), NULL))
		goto err;

	/* Session ID. */
	if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
		goto truncated;

	if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
	    (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
		goto f_err;
	}

	/* Cipher suite. */
	if (!CBS_get_u16(&cbs, &cipher_suite))
		goto truncated;

	/*
	 * Check if we want to resume the session based on external
	 * pre-shared secret.
	 */
	if (s->internal->tls_session_secret_cb) {
		SSL_CIPHER *pref_cipher = NULL;
		s->session->master_key_length = sizeof(s->session->master_key);
		if (s->internal->tls_session_secret_cb(s, s->session->master_key,
		    &s->session->master_key_length, NULL, &pref_cipher,
		    s->internal->tls_session_secret_cb_arg)) {
			s->session->cipher = pref_cipher ? pref_cipher :
			    ssl3_get_cipher_by_value(cipher_suite);
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
		}
	}

	if (s->session->session_id_length != 0 &&
	    CBS_mem_equal(&session_id, s->session->session_id,
		s->session->session_id_length)) {
		if (s->sid_ctx_length != s->session->sid_ctx_length ||
		    timingsafe_memcmp(s->session->sid_ctx,
		    s->sid_ctx, s->sid_ctx_length) != 0) {
			/* actually a client application bug */
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
			goto f_err;
		}
		s->s3->flags |= SSL3_FLAGS_CCS_OK;
		s->internal->hit = 1;
	} else {
		/* a miss or crap from the other end */

		/* If we were trying for session-id reuse, make a new
		 * SSL_SESSION so we don't stuff up other people */
		s->internal->hit = 0;
		if (s->session->session_id_length > 0) {
			if (!ssl_get_new_session(s, 0)) {
				al = SSL_AD_INTERNAL_ERROR;
				goto f_err;
			}
		}

		/*
		 * XXX - improve the handling for the case where there is a
		 * zero length session identifier.
		 */
		if (!CBS_write_bytes(&session_id, s->session->session_id,
		    sizeof(s->session->session_id), &outlen))
			goto err;
		s->session->session_id_length = outlen;

		s->session->ssl_version = s->version;
	}

	if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED);
		goto f_err;
	}

	/* TLS v1.2 only ciphersuites require v1.2 or later. */
	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
	    (TLS1_get_version(s) < TLS1_2_VERSION)) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
		goto f_err;
	}

	sk = ssl_get_ciphers_by_id(s);
	i = sk_SSL_CIPHER_find(sk, cipher);
	if (i < 0) {
		/* we did not say we would use this cipher */
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
		goto f_err;
	}

	/*
	 * Depending on the session caching (internal/external), the cipher
	 * and/or cipher_id values may not be set. Make sure that
	 * cipher_id is set and use it for comparison.
	 */
	if (s->session->cipher)
		s->session->cipher_id = s->session->cipher->id;
	if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
		goto f_err;
	}
	S3I(s)->tmp.new_cipher = cipher;

	if (!tls1_handshake_hash_init(s))
		goto err;

	/*
	 * Don't digest cached records if no sigalgs: we may need them for
	 * client authentication.
	 */
	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
	    !tls1_digest_cached_records(s)) {
		al = SSL_AD_INTERNAL_ERROR;
		goto f_err;
	}

	if (!CBS_get_u8(&cbs, &compression_method))
		goto truncated;

	if (compression_method != 0) {
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
		goto f_err;
	}

	/* TLS extensions. */
	p = (unsigned char *)CBS_data(&cbs);
	if (!ssl_parse_serverhello_tlsext(s, &p, CBS_len(&cbs), &al)) {
		/* 'al' set by ssl_parse_serverhello_tlsext */
		SSLerror(s, SSL_R_PARSE_TLSEXT);
		goto f_err;
	}
	if (ssl_check_serverhello_tlsext(s) <= 0) {
		SSLerror(s, SSL_R_SERVERHELLO_TLSEXT);
		goto err;
	}

	/* See if any data remains... */
	if (p - CBS_data(&cbs) != CBS_len(&cbs))
		goto truncated;

	return (1);

truncated:
	/* wrong packet length */
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
ssl3_get_server_certificate(SSL *s)
{
	int			 al, i, ok, ret = -1;
	long			 n;
	CBS			 cbs, cert_list;
	X509			*x = NULL;
	const unsigned char	*q;
	STACK_OF(X509)		*sk = NULL;
	SESS_CERT		*sc;
	EVP_PKEY		*pkey = NULL;

	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
	    SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
		S3I(s)->tmp.reuse_message = 1;
		return (1);
	}

	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
		goto f_err;
	}


	if ((sk = sk_X509_new_null()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (n < 0)
		goto truncated;

	CBS_init(&cbs, s->internal->init_msg, n);
	if (CBS_len(&cbs) < 3)
		goto truncated;

	if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
	    CBS_len(&cbs) != 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	while (CBS_len(&cert_list) > 0) {
		CBS cert;

		if (CBS_len(&cert_list) < 3)
			goto truncated;
		if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}

		q = CBS_data(&cert);
		x = d2i_X509(NULL, &q, CBS_len(&cert));
		if (x == NULL) {
			al = SSL_AD_BAD_CERTIFICATE;
			SSLerror(s, ERR_R_ASN1_LIB);
			goto f_err;
		}
		if (q != CBS_data(&cert) + CBS_len(&cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}
		if (!sk_X509_push(sk, x)) {
			SSLerror(s, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		x = NULL;
	}

	i = ssl_verify_cert_chain(s, sk);
	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
		al = ssl_verify_alarm_type(s->verify_result);
		SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
		goto f_err;

	}
	ERR_clear_error(); /* but we keep s->verify_result */

	sc = ssl_sess_cert_new();
	if (sc == NULL)
		goto err;
	ssl_sess_cert_free(SSI(s)->sess_cert);
	SSI(s)->sess_cert = sc;

	sc->cert_chain = sk;
	/*
	 * Inconsistency alert: cert_chain does include the peer's
	 * certificate, which we don't include in s3_srvr.c
	 */
	x = sk_X509_value(sk, 0);
	sk = NULL;
	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/

	pkey = X509_get_pubkey(x);

	if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
		x = NULL;
		al = SSL3_AL_FATAL;
		SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
		goto f_err;
	}

	i = ssl_cert_type(x, pkey);
	if (i < 0) {
		x = NULL;
		al = SSL3_AL_FATAL;
		SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		goto f_err;
	}

	sc->peer_cert_type = i;
	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	/*
	 * Why would the following ever happen?
	 * We just created sc a couple of lines ago.
	 */
	X509_free(sc->peer_pkeys[i].x509);
	sc->peer_pkeys[i].x509 = x;
	sc->peer_key = &(sc->peer_pkeys[i]);

	X509_free(s->session->peer);
	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	s->session->peer = x;
	s->session->verify_result = s->verify_result;

	x = NULL;
	ret = 1;

	if (0) {
truncated:
		/* wrong packet length */
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
err:
	EVP_PKEY_free(pkey);
	X509_free(x);
	sk_X509_pop_free(sk, X509_free);

	return (ret);
}

static int
ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
{
	CBS cbs, dhp, dhg, dhpk;
	BN_CTX *bn_ctx = NULL;
	SESS_CERT *sc = NULL;
	DH *dh = NULL;
	long alg_a;
	int al;

	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
	sc = SSI(s)->sess_cert;

	if (*nn < 0)
		goto err;

	CBS_init(&cbs, *pp, *nn);

	if ((dh = DH_new()) == NULL) {
		SSLerror(s, ERR_R_DH_LIB);
		goto err;
	}

	if (!CBS_get_u16_length_prefixed(&cbs, &dhp))
		goto truncated;
	if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) {
		SSLerror(s, ERR_R_BN_LIB);
		goto err;
	}

	if (!CBS_get_u16_length_prefixed(&cbs, &dhg))
		goto truncated;
	if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) {
		SSLerror(s, ERR_R_BN_LIB);
		goto err;
	}

	if (!CBS_get_u16_length_prefixed(&cbs, &dhpk))
		goto truncated;
	if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk),
	    NULL)) == NULL) {
		SSLerror(s, ERR_R_BN_LIB);
		goto err;
	}

	/*
	 * Check the strength of the DH key just constructed.
	 * Discard keys weaker than 1024 bits.
	 */
	if (DH_size(dh) < 1024 / 8) {
		SSLerror(s, SSL_R_BAD_DH_P_LENGTH);
		goto err;
	}

	if (alg_a & SSL_aRSA)
		*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
	else if (alg_a & SSL_aDSS)
		*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
	else
		/* XXX - Anonymous DH, so no certificate or pkey. */
		*pkey = NULL;

	sc->peer_dh_tmp = dh;

	*nn = CBS_len(&cbs);
	*pp = (unsigned char *)CBS_data(&cbs);

	return (1);

 truncated:
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
	ssl3_send_alert(s, SSL3_AL_FATAL, al);

 err:
	DH_free(dh);
	BN_CTX_free(bn_ctx);

	return (-1);
}

static int
ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
{
	const EC_GROUP *group;
	EC_GROUP *ngroup = NULL;
	EC_POINT *point = NULL;
	BN_CTX *bn_ctx = NULL;
	EC_KEY *ecdh = NULL;
	int ret = -1;

	/*
	 * Extract the server's ephemeral ECDH public key.
	 */

	if ((ecdh = EC_KEY_new()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if ((ngroup = EC_GROUP_new_by_curve_name(nid)) == NULL) {
		SSLerror(s, ERR_R_EC_LIB);
		goto err;
	}
	if (EC_KEY_set_group(ecdh, ngroup) == 0) {
		SSLerror(s, ERR_R_EC_LIB);
		goto err;
	}

	group = EC_KEY_get0_group(ecdh);

	if ((point = EC_POINT_new(group)) == NULL ||
	    (bn_ctx = BN_CTX_new()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (EC_POINT_oct2point(group, point, CBS_data(public),
	    CBS_len(public), bn_ctx) == 0) {
		SSLerror(s, SSL_R_BAD_ECPOINT);
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		goto err;
	}

	EC_KEY_set_public_key(ecdh, point);
	sc->peer_ecdh_tmp = ecdh;
	ecdh = NULL;

	ret = 1;

 err:
	BN_CTX_free(bn_ctx);
	EC_GROUP_free(ngroup);
	EC_POINT_free(point);
	EC_KEY_free(ecdh);

	return (ret);
}

static int
ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public)
{
	size_t outlen;

	if (nid != NID_X25519) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	if (CBS_len(public) != X25519_KEY_LENGTH) {
		SSLerror(s, SSL_R_BAD_ECPOINT);
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		goto err;
	}

	if (!CBS_stow(public, &sc->peer_x25519_tmp, &outlen)) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	return (1);

 err:
	return (-1);
}

static int
ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
{
	CBS cbs, public;
	uint8_t curve_type;
	uint16_t curve_id;
	SESS_CERT *sc;
	long alg_a;
	int nid;
	int al;

	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
	sc = SSI(s)->sess_cert;

	if (*nn < 0)
		goto err;

	CBS_init(&cbs, *pp, *nn);

	/* Only named curves are supported. */
	if (!CBS_get_u8(&cbs, &curve_type) ||
	    curve_type != NAMED_CURVE_TYPE ||
	    !CBS_get_u16(&cbs, &curve_id)) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
		goto f_err;
	}

	/*
	 * Check that the curve is one of our preferences - if it is not,
	 * the server has sent us an invalid curve.
	 */
	if (tls1_check_curve(s, curve_id) != 1) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_WRONG_CURVE);
		goto f_err;
	}

	if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
		al = SSL_AD_INTERNAL_ERROR;
		SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
		goto f_err;
	}

	if (!CBS_get_u8_length_prefixed(&cbs, &public))
		goto truncated;

	if (nid == NID_X25519) {
		if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)
			goto err;
	} else {
		if (ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public) != 1)
			goto err;
	}

	/*
	 * The ECC/TLS specification does not mention the use of DSA to sign
	 * ECParameters in the server key exchange message. We do support RSA
	 * and ECDSA.
	 */
	if (alg_a & SSL_aRSA)
		*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
	else if (alg_a & SSL_aECDSA)
		*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509);
	else
		/* XXX - Anonymous ECDH, so no certificate or pkey. */
		*pkey = NULL;

	*nn = CBS_len(&cbs);
	*pp = (unsigned char *)CBS_data(&cbs);

	return (1);

 truncated:
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);

 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);

 err:
	return (-1);
}

int
ssl3_get_server_key_exchange(SSL *s)
{
	unsigned char	*q, md_buf[EVP_MAX_MD_SIZE*2];
	EVP_MD_CTX	 md_ctx;
	unsigned char	*param, *p;
	int		 al, i, j, param_len, ok;
	long		 n, alg_k, alg_a;
	EVP_PKEY	*pkey = NULL;
	const		 EVP_MD *md = NULL;
	RSA		*rsa = NULL;

	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;

	/*
	 * Use same message size as in ssl3_get_certificate_request()
	 * as ServerKeyExchange message may be skipped.
	 */
	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
	    SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
	if (!ok)
		return ((int)n);

	EVP_MD_CTX_init(&md_ctx);

	if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
		/*
		 * Do not skip server key exchange if this cipher suite uses
		 * ephemeral keys.
		 */
		if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
			SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
			al = SSL_AD_UNEXPECTED_MESSAGE;
			goto f_err;
		}

		S3I(s)->tmp.reuse_message = 1;
		EVP_MD_CTX_cleanup(&md_ctx);
		return (1);
	}

	if (SSI(s)->sess_cert != NULL) {
		DH_free(SSI(s)->sess_cert->peer_dh_tmp);
		SSI(s)->sess_cert->peer_dh_tmp = NULL;

		EC_KEY_free(SSI(s)->sess_cert->peer_ecdh_tmp);
		SSI(s)->sess_cert->peer_ecdh_tmp = NULL;

		free(SSI(s)->sess_cert->peer_x25519_tmp);
		SSI(s)->sess_cert->peer_x25519_tmp = NULL;
	} else {
		SSI(s)->sess_cert = ssl_sess_cert_new();
		if (SSI(s)->sess_cert == NULL)
			goto err;
	}

	param = p = (unsigned char *)s->internal->init_msg;
	param_len = n;

	if (alg_k & SSL_kDHE) {
		if (ssl3_get_server_kex_dhe(s, &pkey, &p, &n) != 1)
			goto err;
	} else if (alg_k & SSL_kECDHE) {
		if (ssl3_get_server_kex_ecdhe(s, &pkey, &p, &n) != 1)
			goto err;
	} else if (alg_k != 0) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
			goto f_err;
	}

	param_len = param_len - n;

	/* if it was signed, check the signature */
	if (pkey != NULL) {
		if (SSL_USE_SIGALGS(s)) {
			int sigalg = tls12_get_sigid(pkey);
			/* Should never happen */
			if (sigalg == -1) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			/*
			 * Check key type is consistent
			 * with signature
			 */
			if (2 > n)
				goto truncated;
			if (sigalg != (int)p[1]) {
				SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			md = tls12_get_hash(p[0]);
			if (md == NULL) {
				SSLerror(s, SSL_R_UNKNOWN_DIGEST);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			p += 2;
			n -= 2;
		} else
			md = EVP_sha1();

		if (2 > n)
			goto truncated;
		n2s(p, i);
		n -= 2;
		j = EVP_PKEY_size(pkey);

		if (i != n || n > j) {
			/* wrong packet length */
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
			goto f_err;
		}

		if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
			j = 0;
			q = md_buf;
			if (!EVP_DigestInit_ex(&md_ctx, EVP_md5_sha1(), NULL)) {
				al = SSL_AD_INTERNAL_ERROR;
				goto f_err;
			}
			EVP_DigestUpdate(&md_ctx, s->s3->client_random,
			    SSL3_RANDOM_SIZE);
			EVP_DigestUpdate(&md_ctx, s->s3->server_random,
			    SSL3_RANDOM_SIZE);
			EVP_DigestUpdate(&md_ctx, param, param_len);
			EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
			q += i;
			j += i;
			i = RSA_verify(NID_md5_sha1, md_buf, j,
			    p, n, pkey->pkey.rsa);
			if (i < 0) {
				al = SSL_AD_DECRYPT_ERROR;
				SSLerror(s, SSL_R_BAD_RSA_DECRYPT);
				goto f_err;
			}
			if (i == 0) {
				/* bad signature */
				al = SSL_AD_DECRYPT_ERROR;
				SSLerror(s, SSL_R_BAD_SIGNATURE);
				goto f_err;
			}
		} else {
			EVP_VerifyInit_ex(&md_ctx, md, NULL);
			EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
			    SSL3_RANDOM_SIZE);
			EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
			    SSL3_RANDOM_SIZE);
			EVP_VerifyUpdate(&md_ctx, param, param_len);
			if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
				/* bad signature */
				al = SSL_AD_DECRYPT_ERROR;
				SSLerror(s, SSL_R_BAD_SIGNATURE);
				goto f_err;
			}
		}
	} else {
		/* aNULL does not need public keys. */
		if (!(alg_a & SSL_aNULL)) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}
		/* still data left over */
		if (n != 0) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
			goto f_err;
		}
	}

	EVP_PKEY_free(pkey);
	EVP_MD_CTX_cleanup(&md_ctx);

	return (1);

 truncated:
	/* wrong packet length */
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);

 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);

 err:
	EVP_PKEY_free(pkey);
	RSA_free(rsa);
	EVP_MD_CTX_cleanup(&md_ctx);

	return (-1);
}

int
ssl3_get_certificate_request(SSL *s)
{
	int			 ok, ret = 0;
	long		 	 n;
	uint8_t			 ctype_num;
	CBS			 cert_request, ctypes, rdn_list;
	X509_NAME		*xn = NULL;
	const unsigned char	*q;
	STACK_OF(X509_NAME)	*ca_sk = NULL;

	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
	    SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	S3I(s)->tmp.cert_req = 0;

	if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
		S3I(s)->tmp.reuse_message = 1;
		/*
		 * If we get here we don't need any cached handshake records
		 * as we wont be doing client auth.
		 */
		if (S3I(s)->handshake_buffer) {
			if (!tls1_digest_cached_records(s))
				goto err;
		}
		return (1);
	}

	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
		SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
		goto err;
	}

	/* TLS does not like anon-DH with client cert */
	if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
		SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
		goto err;
	}

	if (n < 0)
		goto truncated;
	CBS_init(&cert_request, s->internal->init_msg, n);

	if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* get the certificate types */
	if (!CBS_get_u8(&cert_request, &ctype_num))
		goto truncated;

	if (ctype_num > SSL3_CT_NUMBER)
		ctype_num = SSL3_CT_NUMBER;
	if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
	    !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
	    sizeof(S3I(s)->tmp.ctype), NULL)) {
		SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
		goto err;
	}

	if (SSL_USE_SIGALGS(s)) {
		CBS sigalgs;

		if (CBS_len(&cert_request) < 2) {
			SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
			goto err;
		}

		/* Check we have enough room for signature algorithms and
		 * following length value.
		 */
		if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
			goto err;
		}
		if ((CBS_len(&sigalgs) & 1) ||
		    !tls1_process_sigalgs(s, CBS_data(&sigalgs),
		    CBS_len(&sigalgs))) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
			goto err;
		}
	}

	/* get the CA RDNs */
	if (CBS_len(&cert_request) < 2) {
		SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
		goto err;
	}

	if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
	    CBS_len(&cert_request) != 0) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto err;
	}

	while (CBS_len(&rdn_list) > 0) {
		CBS rdn;

		if (CBS_len(&rdn_list) < 2) {
			SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
			goto err;
		}

		if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerror(s, SSL_R_CA_DN_TOO_LONG);
			goto err;
		}

		q = CBS_data(&rdn);
		if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
			ssl3_send_alert(s, SSL3_AL_FATAL,
			    SSL_AD_DECODE_ERROR);
			SSLerror(s, ERR_R_ASN1_LIB);
			goto err;
		}

		if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
			SSLerror(s, SSL_R_CA_DN_LENGTH_MISMATCH);
			goto err;
		}
		if (!sk_X509_NAME_push(ca_sk, xn)) {
			SSLerror(s, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		xn = NULL;	/* avoid free in err block */
	}

	/* we should setup a certificate to return.... */
	S3I(s)->tmp.cert_req = 1;
	S3I(s)->tmp.ctype_num = ctype_num;
	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
	S3I(s)->tmp.ca_names = ca_sk;
	ca_sk = NULL;

	ret = 1;
	if (0) {
truncated:
		SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
	}
err:
	X509_NAME_free(xn);
	sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
	return (ret);
}

static int
ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
	return (X509_NAME_cmp(*a, *b));
}

int
ssl3_get_new_session_ticket(SSL *s)
{
	int			 ok, al, ret = 0;
	uint32_t		 lifetime_hint;
	long			 n;
	CBS			 cbs, session_ticket;

	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
	    SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
	if (!ok)
		return ((int)n);

	if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
		S3I(s)->tmp.reuse_message = 1;
		return (1);
	}
	if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
		goto f_err;
	}

	if (n < 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	CBS_init(&cbs, s->internal->init_msg, n);
	if (!CBS_get_u32(&cbs, &lifetime_hint) ||
#if UINT32_MAX > LONG_MAX
	    lifetime_hint > LONG_MAX ||
#endif
	    !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
	    CBS_len(&cbs) != 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}
	s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;

	if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
	    &s->session->tlsext_ticklen)) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/*
	 * There are two ways to detect a resumed ticket sesion.
	 * One is to set an appropriate session ID and then the server
	 * must return a match in ServerHello. This allows the normal
	 * client session ID matching to work and we know much
	 * earlier that the ticket has been accepted.
	 *
	 * The other way is to set zero length session ID when the
	 * ticket is presented and rely on the handshake to determine
	 * session resumption.
	 *
	 * We choose the former approach because this fits in with
	 * assumptions elsewhere in OpenSSL. The session ID is set
	 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
	 * ticket.
	 */
	EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket),
	    s->session->session_id, &s->session->session_id_length,
	    EVP_sha256(), NULL);
	ret = 1;
	return (ret);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
ssl3_get_cert_status(SSL *s)
{
	CBS			 cert_status, response;
	size_t			 stow_len;
	int			 ok, al;
	long			 n;
	uint8_t			 status_type;

	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
	    SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
	    16384, &ok);

	if (!ok)
		return ((int)n);

	if (n < 0) {
		/* need at least status type + length */
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	CBS_init(&cert_status, s->internal->init_msg, n);
	if (!CBS_get_u8(&cert_status, &status_type) ||
	    CBS_len(&cert_status) < 3) {
		/* need at least status type + length */
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	if (status_type != TLSEXT_STATUSTYPE_ocsp) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
		goto f_err;
	}

	if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
	    CBS_len(&cert_status) != 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		goto f_err;
	}

	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
	    &stow_len) || stow_len > INT_MAX) {
		s->internal->tlsext_ocsp_resplen = 0;
 		al = SSL_AD_INTERNAL_ERROR;
 		SSLerror(s, ERR_R_MALLOC_FAILURE);
 		goto f_err;
 	}
	s->internal->tlsext_ocsp_resplen = (int)stow_len;

	if (s->ctx->internal->tlsext_status_cb) {
		int ret;
		ret = s->ctx->internal->tlsext_status_cb(s,
		    s->ctx->internal->tlsext_status_arg);
		if (ret == 0) {
			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
			SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
			goto f_err;
		}
		if (ret < 0) {
			al = SSL_AD_INTERNAL_ERROR;
			SSLerror(s, ERR_R_MALLOC_FAILURE);
			goto f_err;
		}
	}
	return (1);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
	return (-1);
}

int
ssl3_get_server_done(SSL *s)
{
	int	ok, ret = 0;
	long	n;

	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
	    SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
	    30, /* should be very small, like 0 :-) */ &ok);

	if (!ok)
		return ((int)n);
	if (n > 0) {
		/* should contain no data */
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		SSLerror(s, SSL_R_LENGTH_MISMATCH);
		return (-1);
	}
	ret = 1;
	return (ret);
}

static int
ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
{
	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
	unsigned char *enc_pms = NULL;
	EVP_PKEY *pkey = NULL;
	int ret = -1;
	int enc_len;
	CBB epms;

	/*
	 * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
	 */

	pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
	if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
	    pkey->pkey.rsa == NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	pms[0] = s->client_version >> 8;
	pms[1] = s->client_version & 0xff;
	arc4random_buf(&pms[2], sizeof(pms) - 2);

	if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa,
	    RSA_PKCS1_PADDING);
	if (enc_len <= 0) {
		SSLerror(s, SSL_R_BAD_RSA_ENCRYPT);
		goto err;
	}

	if (!CBB_add_u16_length_prefixed(cbb, &epms))
		goto err;
	if (!CBB_add_bytes(&epms, enc_pms, enc_len))
		goto err;
	if (!CBB_flush(cbb))
		goto err;

	s->session->master_key_length =
	    tls1_generate_master_secret(s,
		s->session->master_key, pms, sizeof(pms));

	ret = 1;

err:
	explicit_bzero(pms, sizeof(pms));
	EVP_PKEY_free(pkey);
	free(enc_pms);

	return (ret);
}

static int
ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
{
	DH *dh_srvr = NULL, *dh_clnt = NULL;
	unsigned char *key = NULL;
	int key_size = 0, key_len;
	unsigned char *data;
	int ret = -1;
	CBB dh_Yc;

	/* Ensure that we have an ephemeral key for DHE. */
	if (sess_cert->peer_dh_tmp == NULL) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
		SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
		goto err;
	}
	dh_srvr = sess_cert->peer_dh_tmp;

	/* Generate a new random key. */
	if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
		SSLerror(s, ERR_R_DH_LIB);
		goto err;
	}
	if (!DH_generate_key(dh_clnt)) {
		SSLerror(s, ERR_R_DH_LIB);
		goto err;
	}
	key_size = DH_size(dh_clnt);
	if ((key = malloc(key_size)) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
	if (key_len <= 0) {
		SSLerror(s, ERR_R_DH_LIB);
		goto err;
	}

	/* Generate master key from the result. */
	s->session->master_key_length =
	    tls1_generate_master_secret(s,
		s->session->master_key, key, key_len);

	if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc))
		goto err;
	if (!CBB_add_space(&dh_Yc, &data, BN_num_bytes(dh_clnt->pub_key)))
		goto err;
	BN_bn2bin(dh_clnt->pub_key, data);
	if (!CBB_flush(cbb))
		goto err;

	ret = 1;

err:
	DH_free(dh_clnt);
	if (key != NULL)
		explicit_bzero(key, key_size);
	free(key);

	return (ret);
}

static int
ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
{
	const EC_GROUP *group = NULL;
	const EC_POINT *point = NULL;
	EC_KEY *ecdh = NULL;
	BN_CTX *bn_ctx = NULL;
	unsigned char *key = NULL;
	unsigned char *data;
	size_t encoded_len;
	int key_size = 0, key_len;
	int ret = -1;
	CBB ecpoint;

	if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL ||
	    (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	if ((ecdh = EC_KEY_new()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EC_KEY_set_group(ecdh, group)) {
		SSLerror(s, ERR_R_EC_LIB);
		goto err;
	}

	/* Generate a new ECDH key pair. */
	if (!(EC_KEY_generate_key(ecdh))) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}
	if ((key_size = ECDH_size(ecdh)) <= 0) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}
	if ((key = malloc(key_size)) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
	}
	key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL);
	if (key_len <= 0) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}

	/* Generate master key from the result. */
	s->session->master_key_length =
	    tls1_generate_master_secret(s,
		s->session->master_key, key, key_len);

	encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
	if (encoded_len == 0) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}

	if ((bn_ctx = BN_CTX_new()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/* Encode the public key. */
	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
		goto err;
	if (!CBB_add_space(&ecpoint, &data, encoded_len))
		goto err;
	if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
	    POINT_CONVERSION_UNCOMPRESSED, data, encoded_len,
	    bn_ctx) == 0)
		goto err;
	if (!CBB_flush(cbb))
		goto err;

	ret = 1;

 err:
	if (key != NULL)
		explicit_bzero(key, key_size);
	free(key);

	BN_CTX_free(bn_ctx);
	EC_KEY_free(ecdh);

	return (ret);
}

static int
ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
{
	uint8_t *public_key = NULL, *private_key = NULL, *shared_key = NULL;
	int ret = -1;
	CBB ecpoint;

	/* Generate X25519 key pair and derive shared key. */
	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
		goto err;
	if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
		goto err;
	if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL)
		goto err;
	X25519_keypair(public_key, private_key);
	if (!X25519(shared_key, private_key, sc->peer_x25519_tmp))
		goto err;

	/* Serialize the public key. */
	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
		goto err;
	if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH))
		goto err;
	if (!CBB_flush(cbb))
		goto err;

	/* Generate master key from the result. */
	s->session->master_key_length =
	    tls1_generate_master_secret(s,
		s->session->master_key, shared_key, X25519_KEY_LENGTH);

	ret = 1;

 err:
	if (private_key != NULL)
		explicit_bzero(private_key, X25519_KEY_LENGTH);
	if (shared_key != NULL)
		explicit_bzero(shared_key, X25519_KEY_LENGTH);

	free(public_key);
	free(private_key);
	free(shared_key);

	return (ret);
}

static int
ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
{
	if (sc->peer_x25519_tmp != NULL) {
		if (ssl3_send_client_kex_ecdhe_ecx(s, sc, cbb) != 1)
			goto err;
	} else if (sc->peer_ecdh_tmp != NULL) {
		if (ssl3_send_client_kex_ecdhe_ecp(s, sc, cbb) != 1)
			goto err;
	} else {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	return (1);

 err:
	return (-1);
}

static int
ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
{
	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
	EVP_PKEY *pub_key = NULL;
	EVP_PKEY_CTX *pkey_ctx;
	X509 *peer_cert;
	size_t msglen;
	unsigned int md_len;
	EVP_MD_CTX *ukm_hash;
	int ret = -1;
	int nid;
	CBB gostblob;

	/* Get server sertificate PKEY and create ctx from it */
	peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
	if (peer_cert == NULL) {
		SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
		goto err;
	}

	pub_key = X509_get_pubkey(peer_cert);
	pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL);

	/*
	 * If we have send a certificate, and certificate key parameters match
	 * those of server certificate, use certificate key for key exchange.
	 * Otherwise, generate ephemeral key pair.
	 */
	EVP_PKEY_encrypt_init(pkey_ctx);

	/* Generate session key. */
	arc4random_buf(premaster_secret, 32);

	/*
	 * If we have client certificate, use its secret as peer key.
	 */
	if (S3I(s)->tmp.cert_req && s->cert->key->privatekey) {
		if (EVP_PKEY_derive_set_peer(pkey_ctx,
		    s->cert->key->privatekey) <=0) {
			/*
			 * If there was an error - just ignore it.
			 * Ephemeral key would be used.
			 */
			ERR_clear_error();
		}
	}

	/*
	 * Compute shared IV and store it in algorithm-specific context data.
	 */
	ukm_hash = EVP_MD_CTX_create();
	if (ukm_hash == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
		nid = NID_id_GostR3411_94;
	else
		nid = NID_id_tc26_gost3411_2012_256;
	if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
		goto err;
	EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);
	EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);
	EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
	EVP_MD_CTX_destroy(ukm_hash);
	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
	    EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
		SSLerror(s, SSL_R_LIBRARY_BUG);
		goto err;
	}

	/*
	 * Make GOST keytransport blob message, encapsulate it into sequence.
	 */
	msglen = 255;
	if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
	    32) < 0) {
		SSLerror(s, SSL_R_LIBRARY_BUG);
		goto err;
	}

	if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
		goto err;
	if (!CBB_add_bytes(&gostblob, tmp, msglen))
		goto err;
	if (!CBB_flush(cbb))
		goto err;

	/* Check if pubkey from client certificate was used. */
	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
	    NULL) > 0) {
		/* Set flag "skip certificate verify". */
		s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
	}
	EVP_PKEY_CTX_free(pkey_ctx);
	s->session->master_key_length =
	    tls1_generate_master_secret(s,
		s->session->master_key, premaster_secret, 32);

	ret = 1;

 err:
	explicit_bzero(premaster_secret, sizeof(premaster_secret));
	EVP_PKEY_free(pub_key);

	return (ret);
}

int
ssl3_send_client_key_exchange(SSL *s)
{
	SESS_CERT *sess_cert;
	unsigned long alg_k;
	CBB cbb, kex;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
		alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;

		if ((sess_cert = SSI(s)->sess_cert) == NULL) {
			ssl3_send_alert(s, SSL3_AL_FATAL,
			    SSL_AD_UNEXPECTED_MESSAGE);
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}

		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &kex,
		    SSL3_MT_CLIENT_KEY_EXCHANGE))
			goto err;

		if (alg_k & SSL_kRSA) {
			if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1)
				goto err;
		} else if (alg_k & SSL_kDHE) {
			if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1)
				goto err;
		} else if (alg_k & SSL_kECDHE) {
			if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1)
				goto err;
		} else if (alg_k & SSL_kGOST) {
			if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)
				goto err;
		} else {
			ssl3_send_alert(s, SSL3_AL_FATAL,
			    SSL_AD_HANDSHAKE_FAILURE);
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}

		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_CW_KEY_EXCH_B;
	}

	/* SSL3_ST_CW_KEY_EXCH_B */
	return (ssl3_handshake_write(s));

err:
	CBB_cleanup(&cbb);

	return (-1);
}

int
ssl3_send_client_verify(SSL *s)
{
	unsigned char	*p;
	unsigned char	 data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
	EVP_PKEY	*pkey;
	EVP_PKEY_CTX	*pctx = NULL;
	EVP_MD_CTX	 mctx;
	unsigned	 u = 0;
	unsigned long	 n;
	int		 j;

	EVP_MD_CTX_init(&mctx);

	if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {
		p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);

		/*
		 * Create context from key and test if sha1 is allowed as
		 * digest.
		 */
		pkey = s->cert->key->privatekey;
		pctx = EVP_PKEY_CTX_new(pkey, NULL);
		EVP_PKEY_sign_init(pctx);

		/* XXX - is this needed? */
		if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
			ERR_clear_error();

		if (!SSL_USE_SIGALGS(s)) {
			if (S3I(s)->handshake_buffer) {
				if (!tls1_digest_cached_records(s))
					goto err;
			}
			if (!tls1_handshake_hash_value(s, data, sizeof(data),
			    NULL))
				goto err;
		}

		/*
		 * For TLS v1.2 send signature algorithm and signature
		 * using agreed digest and cached handshake records.
		 */
		if (SSL_USE_SIGALGS(s)) {
			long hdatalen = 0;
			void *hdata;
			const EVP_MD *md = s->cert->key->digest;
			hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer,
			    &hdata);
			if (hdatalen <= 0 ||
			    !tls12_get_sigandhash(p, pkey, md)) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			p += 2;
			if (!EVP_SignInit_ex(&mctx, md, NULL) ||
			    !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
			    !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
				SSLerror(s, ERR_R_EVP_LIB);
				goto err;
			}
			s2n(u, p);
			n = u + 4;
			if (!tls1_digest_cached_records(s))
				goto err;
		} else if (pkey->type == EVP_PKEY_RSA) {
			if (RSA_sign(NID_md5_sha1, data,
			    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
			    &u, pkey->pkey.rsa) <= 0 ) {
				SSLerror(s, ERR_R_RSA_LIB);
				goto err;
			}
			s2n(u, p);
			n = u + 2;
		} else if (pkey->type == EVP_PKEY_DSA) {
			if (!DSA_sign(pkey->save_type,
			    &(data[MD5_DIGEST_LENGTH]),
			    SHA_DIGEST_LENGTH, &(p[2]),
			    (unsigned int *)&j, pkey->pkey.dsa)) {
				SSLerror(s, ERR_R_DSA_LIB);
				goto err;
			}
			s2n(j, p);
			n = j + 2;
		} else if (pkey->type == EVP_PKEY_EC) {
			if (!ECDSA_sign(pkey->save_type,
			    &(data[MD5_DIGEST_LENGTH]),
			    SHA_DIGEST_LENGTH, &(p[2]),
			    (unsigned int *)&j, pkey->pkey.ec)) {
				SSLerror(s, ERR_R_ECDSA_LIB);
				goto err;
			}
			s2n(j, p);
			n = j + 2;
#ifndef OPENSSL_NO_GOST
		} else if (pkey->type == NID_id_GostR3410_94 ||
			   pkey->type == NID_id_GostR3410_2001) {
			unsigned char signbuf[128];
			long hdatalen = 0;
			void *hdata;
			const EVP_MD *md;
			int nid;
			size_t sigsize;

			hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
			if (hdatalen <= 0) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				goto err;
			}
			if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
			    !(md = EVP_get_digestbynid(nid))) {
				SSLerror(s, ERR_R_EVP_LIB);
				goto err;
			}
			if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
			    !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
			    !EVP_DigestFinal(&mctx, signbuf, &u) ||
			    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
			    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
					       EVP_PKEY_CTRL_GOST_SIG_FORMAT,
					       GOST_SIG_FORMAT_RS_LE,
					       NULL) <= 0) ||
			    (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
					   signbuf, u) <= 0)) {
				SSLerror(s, ERR_R_EVP_LIB);
				goto err;
			}
			if (!tls1_digest_cached_records(s))
				goto err;
			j = sigsize;
			s2n(j, p);
			n = j + 2;
#endif
		} else {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}

		s->internal->state = SSL3_ST_CW_CERT_VRFY_B;

		ssl3_handshake_msg_finish(s, n);
	}

	EVP_MD_CTX_cleanup(&mctx);
	EVP_PKEY_CTX_free(pctx);

	return (ssl3_handshake_write(s));

err:
	EVP_MD_CTX_cleanup(&mctx);
	EVP_PKEY_CTX_free(pctx);
	return (-1);
}

int
ssl3_send_client_certificate(SSL *s)
{
	EVP_PKEY *pkey = NULL;
	X509 *x509 = NULL;
	CBB cbb, client_cert;
	int i;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_CW_CERT_A) {
		if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
		    (s->cert->key->privatekey == NULL))
			s->internal->state = SSL3_ST_CW_CERT_B;
		else
			s->internal->state = SSL3_ST_CW_CERT_C;
	}

	/* We need to get a client cert */
	if (s->internal->state == SSL3_ST_CW_CERT_B) {
		/*
		 * If we get an error, we need to
		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
		 * We then get retied later
		 */
		i = ssl_do_client_cert_cb(s, &x509, &pkey);
		if (i < 0) {
			s->internal->rwstate = SSL_X509_LOOKUP;
			return (-1);
		}
		s->internal->rwstate = SSL_NOTHING;
		if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
			s->internal->state = SSL3_ST_CW_CERT_B;
			if (!SSL_use_certificate(s, x509) ||
			    !SSL_use_PrivateKey(s, pkey))
				i = 0;
		} else if (i == 1) {
			i = 0;
			SSLerror(s, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
		}

		X509_free(x509);
		EVP_PKEY_free(pkey);
		if (i == 0)
			S3I(s)->tmp.cert_req = 2;

		/* Ok, we have a cert */
		s->internal->state = SSL3_ST_CW_CERT_C;
	}

	if (s->internal->state == SSL3_ST_CW_CERT_C) {
		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
		    SSL3_MT_CERTIFICATE))
			goto err;
		if (!ssl3_output_cert_chain(s, &client_cert,
		    (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_CW_CERT_D;
	}

	/* SSL3_ST_CW_CERT_D */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (0);
}

#define has_bits(i,m)	(((i)&(m)) == (m))

int
ssl3_check_cert_and_algorithm(SSL *s)
{
	int		 i, idx;
	long		 alg_k, alg_a;
	EVP_PKEY	*pkey = NULL;
	SESS_CERT	*sc;
	DH		*dh;

	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;

	/* We don't have a certificate. */
	if (alg_a & SSL_aNULL)
		return (1);

	sc = SSI(s)->sess_cert;
	if (sc == NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	dh = SSI(s)->sess_cert->peer_dh_tmp;

	/* This is the passed certificate. */

	idx = sc->peer_cert_type;
	if (idx == SSL_PKEY_ECC) {
		if (ssl_check_srvr_ecc_cert_and_alg(
		    sc->peer_pkeys[idx].x509, s) == 0) {
			/* check failed */
			SSLerror(s, SSL_R_BAD_ECC_CERT);
			goto f_err;
		} else {
			return (1);
		}
	}
	pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
	i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
	EVP_PKEY_free(pkey);

	/* Check that we have a certificate if we require one. */
	if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
		SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT);
		goto f_err;
	} else if ((alg_a & SSL_aDSS) &&
	    !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
		SSLerror(s, SSL_R_MISSING_DSA_SIGNING_CERT);
		goto f_err;
	}
	if ((alg_k & SSL_kRSA) &&
	    !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
		SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
		goto f_err;
	}
	if ((alg_k & SSL_kDHE) &&
	    !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
		SSLerror(s, SSL_R_MISSING_DH_KEY);
		goto f_err;
	}

	return (1);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
err:
	return (0);
}

int
ssl3_send_next_proto(SSL *s)
{
	CBB cbb, nextproto, npn, padding;
	size_t pad_len;
	uint8_t *pad;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {
		pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);

		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,
		    SSL3_MT_NEXT_PROTO))
			goto err;
		if (!CBB_add_u8_length_prefixed(&nextproto, &npn))
			goto err;
		if (!CBB_add_bytes(&npn, s->internal->next_proto_negotiated,
		    s->internal->next_proto_negotiated_len))
			goto err;
		if (!CBB_add_u8_length_prefixed(&nextproto, &padding))
			goto err;
		if (!CBB_add_space(&padding, &pad, pad_len))
			goto err;
		memset(pad, 0, pad_len);
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;
	}

	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (-1);
}

/*
 * Check to see if handshake is full or resumed. Usually this is just a
 * case of checking to see if a cache hit has occurred. In the case of
 * session tickets we have to check the next message to be sure.
 */

int
ssl3_check_finished(SSL *s)
{
	int	ok;
	long	n;

	/* If we have no ticket it cannot be a resumed session. */
	if (!s->session->tlsext_tick)
		return (1);
	/* this function is called when we really expect a Certificate
	 * message, so permit appropriate message length */
	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
	    SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
	if (!ok)
		return ((int)n);
	S3I(s)->tmp.reuse_message = 1;
	if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
	    (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
		return (2);

	return (1);
}

int
ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{
	int	i = 0;

#ifndef OPENSSL_NO_ENGINE
	if (s->ctx->internal->client_cert_engine) {
		i = ENGINE_load_ssl_client_cert(
		    s->ctx->internal->client_cert_engine, s,
		    SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL);
		if (i != 0)
			return (i);
	}
#endif
	if (s->ctx->internal->client_cert_cb)
		i = s->ctx->internal->client_cert_cb(s, px509, ppkey);
	return (i);
}
Changes to jni/libressl/ssl/ssl_err.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_err.c,v 1.28 2014/12/14 15:30:50 jsing Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_err.c,v 1.33 2017/02/07 02:08:38 beck Exp $ */
/* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
65
66
67
68
69
70
71

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)


static ERR_STRING_DATA SSL_str_functs[]= {
	{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE),	"CLIENT_CERTIFICATE"},
	{ERR_FUNC(SSL_F_CLIENT_FINISHED),	"CLIENT_FINISHED"},
	{ERR_FUNC(SSL_F_CLIENT_HELLO),	"CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),	"CLIENT_MASTER_KEY"},
	{ERR_FUNC(SSL_F_D2I_SSL_SESSION),	"d2i_SSL_SESSION"},
	{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),	"DO_DTLS1_WRITE"},
	{ERR_FUNC(SSL_F_DO_SSL3_WRITE),	"DO_SSL3_WRITE"},
	{ERR_FUNC(SSL_F_DTLS1_ACCEPT),	"DTLS1_ACCEPT"},
	{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF),	"DTLS1_ADD_CERT_TO_BUF"},
	{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),	"DTLS1_BUFFER_RECORD"},
	{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM),	"DTLS1_CHECK_TIMEOUT_NUM"},
	{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),	"DTLS1_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_DTLS1_CONNECT),	"DTLS1_CONNECT"},
	{ERR_FUNC(SSL_F_DTLS1_ENC),	"DTLS1_ENC"},
	{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY),	"DTLS1_GET_HELLO_VERIFY"},
	{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),	"DTLS1_GET_MESSAGE"},
	{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),	"DTLS1_GET_MESSAGE_FRAGMENT"},
	{ERR_FUNC(SSL_F_DTLS1_GET_RECORD),	"DTLS1_GET_RECORD"},
	{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT),	"DTLS1_HANDLE_TIMEOUT"},
	{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT),	"DTLS1_HEARTBEAT"},
	{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),	"DTLS1_OUTPUT_CERT_CHAIN"},
	{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT),	"DTLS1_PREPROCESS_FRAGMENT"},
	{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),	"DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
	{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD),	"DTLS1_PROCESS_RECORD"},
	{ERR_FUNC(SSL_F_DTLS1_READ_BYTES),	"DTLS1_READ_BYTES"},
	{ERR_FUNC(SSL_F_DTLS1_READ_FAILED),	"DTLS1_READ_FAILED"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),	"DTLS1_SEND_CERTIFICATE_REQUEST"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),	"DTLS1_SEND_CLIENT_CERTIFICATE"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),	"DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY),	"DTLS1_SEND_CLIENT_VERIFY"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),	"DTLS1_SEND_HELLO_VERIFY_REQUEST"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),	"DTLS1_SEND_SERVER_CERTIFICATE"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO),	"DTLS1_SEND_SERVER_HELLO"},
	{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),	"DTLS1_SEND_SERVER_KEY_EXCHANGE"},
	{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),	"DTLS1_WRITE_APP_DATA_BYTES"},
	{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),	"GET_CLIENT_FINISHED"},
	{ERR_FUNC(SSL_F_GET_CLIENT_HELLO),	"GET_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY),	"GET_CLIENT_MASTER_KEY"},
	{ERR_FUNC(SSL_F_GET_SERVER_FINISHED),	"GET_SERVER_FINISHED"},
	{ERR_FUNC(SSL_F_GET_SERVER_HELLO),	"GET_SERVER_HELLO"},
	{ERR_FUNC(SSL_F_GET_SERVER_VERIFY),	"GET_SERVER_VERIFY"},
	{ERR_FUNC(SSL_F_I2D_SSL_SESSION),	"i2d_SSL_SESSION"},
	{ERR_FUNC(SSL_F_READ_N),	"READ_N"},
	{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE),	"REQUEST_CERTIFICATE"},
	{ERR_FUNC(SSL_F_SERVER_FINISH),	"SERVER_FINISH"},
	{ERR_FUNC(SSL_F_SERVER_HELLO),	"SERVER_HELLO"},
	{ERR_FUNC(SSL_F_SERVER_VERIFY),	"SERVER_VERIFY"},
	{ERR_FUNC(SSL_F_SSL23_ACCEPT),	"SSL23_ACCEPT"},
	{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO),	"SSL23_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_SSL23_CONNECT),	"SSL23_CONNECT"},
	{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO),	"SSL23_GET_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO),	"SSL23_GET_SERVER_HELLO"},
	{ERR_FUNC(SSL_F_SSL23_PEEK),	"SSL23_PEEK"},
	{ERR_FUNC(SSL_F_SSL23_READ),	"SSL23_READ"},
	{ERR_FUNC(SSL_F_SSL23_WRITE),	"SSL23_WRITE"},
	{ERR_FUNC(SSL_F_SSL2_ACCEPT),	"SSL2_ACCEPT"},
	{ERR_FUNC(SSL_F_SSL2_CONNECT),	"SSL2_CONNECT"},
	{ERR_FUNC(SSL_F_SSL2_ENC_INIT),	"SSL2_ENC_INIT"},
	{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),	"SSL2_GENERATE_KEY_MATERIAL"},
	{ERR_FUNC(SSL_F_SSL2_PEEK),	"SSL2_PEEK"},
	{ERR_FUNC(SSL_F_SSL2_READ),	"SSL2_READ"},
	{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL),	"SSL2_READ_INTERNAL"},
	{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE),	"SSL2_SET_CERTIFICATE"},
	{ERR_FUNC(SSL_F_SSL2_WRITE),	"SSL2_WRITE"},
	{ERR_FUNC(SSL_F_SSL3_ACCEPT),	"SSL3_ACCEPT"},
	{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF),	"SSL3_ADD_CERT_TO_BUF"},
	{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),	"SSL3_CALLBACK_CTRL"},
	{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),	"SSL3_CHANGE_CIPHER_STATE"},
	{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
	{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO),	"SSL3_CHECK_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),	"SSL3_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},
	{ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},
	{ERR_FUNC(SSL_F_SSL3_CTX_CTRL),	"SSL3_CTX_CTRL"},
	{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),	"SSL3_DIGEST_CACHED_RECORDS"},
	{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),	"SSL3_DO_CHANGE_CIPHER_SPEC"},
	{ERR_FUNC(SSL_F_SSL3_ENC),	"SSL3_ENC"},
	{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),	"SSL3_GENERATE_KEY_BLOCK"},
	{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),	"SSL3_GET_CERTIFICATE_REQUEST"},
	{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS),	"SSL3_GET_CERT_STATUS"},
	{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY),	"SSL3_GET_CERT_VERIFY"},
	{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),	"SSL3_GET_CLIENT_CERTIFICATE"},
	{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO),	"SSL3_GET_CLIENT_HELLO"},
	{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),	"SSL3_GET_CLIENT_KEY_EXCHANGE"},
	{ERR_FUNC(SSL_F_SSL3_GET_FINISHED),	"SSL3_GET_FINISHED"},
	{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE),	"SSL3_GET_KEY_EXCHANGE"},
	{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE),	"SSL3_GET_MESSAGE"},
	{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),	"SSL3_GET_NEW_SESSION_TICKET"},
	{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO),	"SSL3_GET_NEXT_PROTO"},
	{ERR_FUNC(SSL_F_SSL3_GET_RECORD),	"SSL3_GET_RECORD"},
	{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),	"SSL3_GET_SERVER_CERTIFICATE"},
	{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),	"SSL3_GET_SERVER_DONE"},
	{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO),	"SSL3_GET_SERVER_HELLO"},
	{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC),	"ssl3_handshake_mac"},
	{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET),	"SSL3_NEW_SESSION_TICKET"},
	{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN),	"SSL3_OUTPUT_CERT_CHAIN"},
	{ERR_FUNC(SSL_F_SSL3_PEEK),	"SSL3_PEEK"},
	{ERR_FUNC(SSL_F_SSL3_READ_BYTES),	"SSL3_READ_BYTES"},
	{ERR_FUNC(SSL_F_SSL3_READ_N),	"SSL3_READ_N"},
	{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),	"SSL3_SEND_CERTIFICATE_REQUEST"},
	{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),	"SSL3_SEND_CLIENT_CERTIFICATE"},
	{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
	{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY),	"SSL3_SEND_CLIENT_VERIFY"},
	{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),	"SSL3_SEND_SERVER_CERTIFICATE"},
	{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO),	"SSL3_SEND_SERVER_HELLO"},
	{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},
	{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),	"SSL3_SETUP_KEY_BLOCK"},
	{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER),	"SSL3_SETUP_READ_BUFFER"},
	{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER),	"SSL3_SETUP_WRITE_BUFFER"},
	{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),	"SSL3_WRITE_BYTES"},
	{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),	"SSL3_WRITE_PENDING"},
	{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),	"SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
	{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),	"SSL_ADD_CLIENTHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),	"SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
	{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),	"SSL_add_dir_cert_subjects_to_stack"},
	{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),	"SSL_add_file_cert_subjects_to_stack"},
	{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),	"SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
	{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),	"SSL_ADD_SERVERHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),	"SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
	{ERR_FUNC(SSL_F_SSL_BAD_METHOD),	"SSL_BAD_METHOD"},
	{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),	"SSL_BYTES_TO_CIPHER_LIST"},
	{ERR_FUNC(SSL_F_SSL_CERT_DUP),	"SSL_CERT_DUP"},
	{ERR_FUNC(SSL_F_SSL_CERT_INST),	"SSL_CERT_INST"},
	{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),	"SSL_CERT_INSTANTIATE"},
	{ERR_FUNC(SSL_F_SSL_CERT_NEW),	"SSL_CERT_NEW"},
	{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY),	"SSL_check_private_key"},
	{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),	"SSL_CHECK_SERVERHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),	"SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
	{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),	"SSL_CIPHER_PROCESS_RULESTR"},
	{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),	"SSL_CIPHER_STRENGTH_SORT"},
	{ERR_FUNC(SSL_F_SSL_CLEAR),	"SSL_clear"},
	{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),	"SSL_COMP_add_compression_method"},
	{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST),	"SSL_CREATE_CIPHER_LIST"},
	{ERR_FUNC(SSL_F_SSL_CTRL),	"SSL_ctrl"},
	{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),	"SSL_CTX_check_private_key"},
	{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES),	"SSL_CTX_MAKE_PROFILES"},
	{ERR_FUNC(SSL_F_SSL_CTX_NEW),	"SSL_CTX_new"},
	{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),	"SSL_CTX_set_cipher_list"},
	{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),	"SSL_CTX_set_client_cert_engine"},
	{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE),	"SSL_CTX_set_purpose"},
	{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),	"SSL_CTX_set_session_id_context"},
	{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION),	"SSL_CTX_set_ssl_version"},
	{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST),	"SSL_CTX_set_trust"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE),	"SSL_CTX_use_certificate"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),	"SSL_CTX_use_certificate_ASN1"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),	"SSL_CTX_use_certificate_chain_file"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),	"SSL_CTX_use_certificate_file"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY),	"SSL_CTX_use_PrivateKey"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),	"SSL_CTX_use_PrivateKey_ASN1"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),	"SSL_CTX_use_PrivateKey_file"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT),	"SSL_CTX_use_psk_identity_hint"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY),	"SSL_CTX_use_RSAPrivateKey"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),	"SSL_CTX_use_RSAPrivateKey_ASN1"},
	{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),	"SSL_CTX_use_RSAPrivateKey_file"},
	{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE),	"SSL_do_handshake"},
	{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),	"SSL_GET_NEW_SESSION"},
	{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),	"SSL_GET_PREV_SESSION"},
	{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),	"SSL_GET_SERVER_SEND_CERT"},
	{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),	"SSL_GET_SERVER_SEND_PKEY"},
	{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),	"SSL_GET_SIGN_PKEY"},
	{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),	"SSL_INIT_WBIO_BUFFER"},
	{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},
	{ERR_FUNC(SSL_F_SSL_NEW),	"SSL_new"},
	{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
	{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),	"SSL_PARSE_CLIENTHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),	"SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
	{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
	{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),	"SSL_PARSE_SERVERHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),	"SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
	{ERR_FUNC(SSL_F_SSL_PEEK),	"SSL_peek"},
	{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),	"SSL_PREPARE_CLIENTHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),	"SSL_PREPARE_SERVERHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_SSL_READ),	"SSL_read"},
	{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),	"SSL_RSA_PRIVATE_DECRYPT"},
	{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),	"SSL_RSA_PUBLIC_ENCRYPT"},
	{ERR_FUNC(SSL_F_SSL_SESSION_NEW),	"SSL_SESSION_new"},
	{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},
	{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),	"SSL_SESSION_set1_id_context"},
	{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),	"SSL_SESS_CERT_NEW"},
	{ERR_FUNC(SSL_F_SSL_SET_CERT),	"SSL_SET_CERT"},
	{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST),	"SSL_set_cipher_list"},
	{ERR_FUNC(SSL_F_SSL_SET_FD),	"SSL_set_fd"},
	{ERR_FUNC(SSL_F_SSL_SET_PKEY),	"SSL_SET_PKEY"},
	{ERR_FUNC(SSL_F_SSL_SET_PURPOSE),	"SSL_set_purpose"},
	{ERR_FUNC(SSL_F_SSL_SET_RFD),	"SSL_set_rfd"},
	{ERR_FUNC(SSL_F_SSL_SET_SESSION),	"SSL_set_session"},
	{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),	"SSL_set_session_id_context"},
	{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),	"SSL_set_session_ticket_ext"},
	{ERR_FUNC(SSL_F_SSL_SET_TRUST),	"SSL_set_trust"},
	{ERR_FUNC(SSL_F_SSL_SET_WFD),	"SSL_set_wfd"},
	{ERR_FUNC(SSL_F_SSL_SHUTDOWN),	"SSL_shutdown"},
	{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT),	"SSL_SRP_CTX_init"},
	{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),	"SSL_UNDEFINED_CONST_FUNCTION"},
	{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION),	"SSL_UNDEFINED_FUNCTION"},
	{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),	"SSL_UNDEFINED_VOID_FUNCTION"},
	{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE),	"SSL_use_certificate"},
	{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1),	"SSL_use_certificate_ASN1"},
	{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE),	"SSL_use_certificate_file"},
	{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY),	"SSL_use_PrivateKey"},
	{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1),	"SSL_use_PrivateKey_ASN1"},
	{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE),	"SSL_use_PrivateKey_file"},
	{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT),	"SSL_use_psk_identity_hint"},
	{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY),	"SSL_use_RSAPrivateKey"},
	{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),	"SSL_use_RSAPrivateKey_ASN1"},
	{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),	"SSL_use_RSAPrivateKey_file"},
	{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN),	"SSL_VERIFY_CERT_CHAIN"},
	{ERR_FUNC(SSL_F_SSL_WRITE),	"SSL_write"},
	{ERR_FUNC(SSL_F_TLS1_AEAD_CTX_INIT), "TLS1_AEAD_CTX_INIT"},
	{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC),	"tls1_cert_verify_mac"},
	{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
	{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD),	"TLS1_CHANGE_CIPHER_STATE_AEAD"},
	{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER), "TLS1_CHANGE_CIPHER_STATE_CIPHER"},
	{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),	"TLS1_CHECK_SERVERHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_TLS1_ENC),	"TLS1_ENC"},
	{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),	"TLS1_EXPORT_KEYING_MATERIAL"},
	{ERR_FUNC(SSL_F_TLS1_HEARTBEAT),	"SSL_F_TLS1_HEARTBEAT"},
	{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),	"TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),	"TLS1_PREPARE_SERVERHELLO_TLSEXT"},
	{ERR_FUNC(SSL_F_TLS1_PRF),	"tls1_prf"},
	{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),	"TLS1_SETUP_KEY_BLOCK"},
	{ERR_FUNC(SSL_F_WRITE_PENDING),	"WRITE_PENDING"},
	{0, NULL}
};

static ERR_STRING_DATA SSL_str_reasons[]= {
	{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"},
	{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"},
	{ERR_REASON(SSL_R_BAD_ALERT_RECORD)      , "bad alert record"},







>

<
|
|
<
|
|
|
|
<
<
<
<
|
|
<
<
<
<
<
|
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
|
<
<
|
<
|
|
<
|
|
|
|
<
<
<
<
|
|
|
|
|
|
<
|
|
<
<
|
|
<
<
<
<
<
<
|
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
|
|
|
|
|
<
<
<
|
<
|
<
|
|
|
|
|
<
<
<
<
<
<
<
<
|
|
|
|
|
|
|
<
<
<
|
|
<
<
|
<
|
|
|
<
|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
|
|
|
<
<
|
<
<
|
<
<
<
<
<
<
|
<
<
|
<
<
|
<
<
<
|
<
|
|
|
|
<
<
<
|
|
|
<
<
<
<
|
<
<
|
<
<
<
|
<
<
<
|
|
|
<
<
<
<
|
<
|
<
<
|
|
|







65
66
67
68
69
70
71
72
73

74
75

76
77
78
79




80
81





82




83











84


85

86
87

88
89
90
91




92
93
94
95
96
97

98
99


100
101






102
103



104










105






106
107
108
109
110



111

112

113
114
115
116
117








118
119
120
121
122
123
124



125
126


127

128
129
130

131


132











133
134
135


136


137






138


139


140



141

142
143
144
145



146
147
148




149


150



151



152
153
154




155

156


157
158
159
160
161
162
163
164
165
166

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR

#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)

/* See SSL_state_func_code below */
static ERR_STRING_DATA SSL_str_functs[]= {

	{ERR_FUNC(1),  "CONNECT_CW_FLUSH"},
	{ERR_FUNC(2),  "CONNECT_CW_CLNT_HELLO"},

	{ERR_FUNC(3),  "CONNECT_CW_CLNT_HELLO"},
	{ERR_FUNC(4),  "CONNECT_CR_SRVR_HELLO"},
	{ERR_FUNC(5),  "CONNECT_CR_SRVR_HELLO"},
	{ERR_FUNC(6),  "CONNECT_CR_CERT"},




	{ERR_FUNC(7),  "CONNECT_CR_CERT"},
	{ERR_FUNC(8),  "CONNECT_CR_KEY_EXCH"},





	{ERR_FUNC(9),  "CONNECT_CR_KEY_EXCH"},




	{ERR_FUNC(10),  "CONNECT_CR_CERT_REQ"},











	{ERR_FUNC(11),  "CONNECT_CR_CERT_REQ"},


	{ERR_FUNC(12),  "CONNECT_CR_SRVR_DONE"},

	{ERR_FUNC(13),  "CONNECT_CR_SRVR_DONE"},
	{ERR_FUNC(14),  "CONNECT_CW_CERT"},

	{ERR_FUNC(15),  "CONNECT_CW_CERT"},
	{ERR_FUNC(16),  "CONNECT_CW_CERT_C"},
	{ERR_FUNC(17),  "CONNECT_CW_CERT_D"},
	{ERR_FUNC(18),  "CONNECT_CW_KEY_EXCH"},




	{ERR_FUNC(19),  "CONNECT_CW_KEY_EXCH"},
	{ERR_FUNC(20),  "CONNECT_CW_CERT_VRFY"},
	{ERR_FUNC(21),  "CONNECT_CW_CERT_VRFY"},
	{ERR_FUNC(22),  "CONNECT_CW_CHANGE"},
	{ERR_FUNC(23),  "CONNECT_CW_CHANGE"},
	{ERR_FUNC(24),  "CONNECT_CW_NEXT_PROTO"},

	{ERR_FUNC(25),  "CONNECT_CW_NEXT_PROTO"},
	{ERR_FUNC(26),  "CONNECT_CW_FINISHED"},


	{ERR_FUNC(27),  "CONNECT_CW_FINISHED"},
	{ERR_FUNC(28),  "CONNECT_CR_CHANGE"},






	{ERR_FUNC(29),  "CONNECT_CR_CHANGE"},
	{ERR_FUNC(30),  "CONNECT_CR_FINISHED"},



	{ERR_FUNC(31),  "CONNECT_CR_FINISHED"},










	{ERR_FUNC(32),  "CONNECT_CR_SESSION_TICKET"},






	{ERR_FUNC(33),  "CONNECT_CR_SESSION_TICKET"},
	{ERR_FUNC(34),  "CONNECT_CR_CERT_STATUS"},
	{ERR_FUNC(35),  "CONNECT_CR_CERT_STATUS"},
	{ERR_FUNC(36),  "ACCEPT_SW_FLUSH"},
	{ERR_FUNC(37),  "ACCEPT_SR_CLNT_HELLO"},



	{ERR_FUNC(38),  "ACCEPT_SR_CLNT_HELLO"},

	{ERR_FUNC(39),  "ACCEPT_SR_CLNT_HELLO_C"},

	{ERR_FUNC(40),  "ACCEPT_SW_HELLO_REQ"},
	{ERR_FUNC(41),  "ACCEPT_SW_HELLO_REQ"},
	{ERR_FUNC(42),  "ACCEPT_SW_HELLO_REQ_C"},
	{ERR_FUNC(43),  "ACCEPT_SW_SRVR_HELLO"},
	{ERR_FUNC(44),  "ACCEPT_SW_SRVR_HELLO"},








	{ERR_FUNC(45),  "ACCEPT_SW_CERT"},
	{ERR_FUNC(46),  "ACCEPT_SW_CERT"},
	{ERR_FUNC(47),  "ACCEPT_SW_KEY_EXCH"},
	{ERR_FUNC(48),  "ACCEPT_SW_KEY_EXCH"},
	{ERR_FUNC(49),  "ACCEPT_SW_CERT_REQ"},
	{ERR_FUNC(50),  "ACCEPT_SW_CERT_REQ"},
	{ERR_FUNC(51),  "ACCEPT_SW_SRVR_DONE"},



	{ERR_FUNC(52),  "ACCEPT_SW_SRVR_DONE"},
	{ERR_FUNC(53),  "ACCEPT_SR_CERT"},


	{ERR_FUNC(54),  "ACCEPT_SR_CERT"},

	{ERR_FUNC(55),  "ACCEPT_SR_KEY_EXCH"},
	{ERR_FUNC(56),  "ACCEPT_SR_KEY_EXCH"},
	{ERR_FUNC(57),  "ACCEPT_SR_CERT_VRFY"},

	{ERR_FUNC(58),  "ACCEPT_SR_CERT_VRFY"},


	{ERR_FUNC(59),  "ACCEPT_SR_CHANGE"},











	{ERR_FUNC(60),  "ACCEPT_SR_CHANGE"},
	{ERR_FUNC(61),  "ACCEPT_SR_NEXT_PROTO"},
	{ERR_FUNC(62),  "ACCEPT_SR_NEXT_PROTO"},


	{ERR_FUNC(63),  "ACCEPT_SR_FINISHED"},


	{ERR_FUNC(64),  "ACCEPT_SR_FINISHED"},






	{ERR_FUNC(65),  "ACCEPT_SW_CHANGE"},


	{ERR_FUNC(66),  "ACCEPT_SW_CHANGE"},


	{ERR_FUNC(67),  "ACCEPT_SW_FINISHED"},



	{ERR_FUNC(68),  "ACCEPT_SW_FINISHED"},

	{ERR_FUNC(69),  "ACCEPT_SW_SESSION_TICKET"},
	{ERR_FUNC(70),  "ACCEPT_SW_SESSION_TICKET"},
	{ERR_FUNC(71),  "ACCEPT_SW_CERT_STATUS"},
	{ERR_FUNC(72),  "ACCEPT_SW_CERT_STATUS"},



	{ERR_FUNC(73), 	"ST_BEFORE"},
	{ERR_FUNC(74), 	"ST_ACCEPT"},
	{ERR_FUNC(75), 	"ST_CONNECT"},




	{ERR_FUNC(76), 	"ST_OK"},


	{ERR_FUNC(77), 	"ST_RENEGOTIATE"},



	{ERR_FUNC(78), 	"ST_BEFORE_CONNECT"},



	{ERR_FUNC(79), 	"ST_OK_CONNECT"},
	{ERR_FUNC(80), 	"ST_BEFORE_ACCEPT"},
	{ERR_FUNC(81), 	"ST_OK_ACCEPT"},




	{ERR_FUNC(83),  "DTLS1_ST_CR_HELLO_VERIFY_REQUEST"},

	{ERR_FUNC(84), 	"DTLS1_ST_CR_HELLO_VERIFY_REQUEST"},


	{ERR_FUNC(85), 	"DTLS1_ST_SW_HELLO_VERIFY_REQUEST"},
	{ERR_FUNC(86), 	"DTLS1_ST_SW_HELLO_VERIFY_REQUEST"},
	{ERR_FUNC(0xfff),   "(UNKNOWN)SSL_internal"},
	{0, NULL}
};

static ERR_STRING_DATA SSL_str_reasons[]= {
	{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"},
	{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"},
	{ERR_REASON(SSL_R_BAD_ALERT_RECORD)      , "bad alert record"},
593
594
595
596
597
598
599

600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615




























































































































































































	{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
	{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  , "wrong signature size"},
	{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE)  , "wrong signature type"},
	{ERR_REASON(SSL_R_WRONG_SSL_VERSION)     , "wrong ssl version"},
	{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
	{ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
	{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},

	{0, NULL}
};

#endif

void
ERR_load_SSL_strings(void)
{
#ifndef OPENSSL_NO_ERR

	if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
		ERR_load_strings(0, SSL_str_functs);
		ERR_load_strings(0, SSL_str_reasons);
	}
#endif
}



































































































































































































>









<






>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475

476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
	{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
	{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  , "wrong signature size"},
	{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE)  , "wrong signature type"},
	{ERR_REASON(SSL_R_WRONG_SSL_VERSION)     , "wrong ssl version"},
	{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
	{ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
	{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
	{ERR_REASON(SSL_R_PEER_BEHAVING_BADLY)   ,"peer is doing strange or hostile things"},
	{0, NULL}
};

#endif

void
ERR_load_SSL_strings(void)
{
#ifndef OPENSSL_NO_ERR

	if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
		ERR_load_strings(0, SSL_str_functs);
		ERR_load_strings(0, SSL_str_reasons);
	}
#endif
}

void
SSL_load_error_strings(void)
{
#ifndef OPENSSL_NO_ERR
	ERR_load_crypto_strings();
	ERR_load_SSL_strings();
#endif
}

int
SSL_state_func_code(int state) {
	switch (state) {
	case SSL3_ST_CW_FLUSH:
		return 1;
	case SSL3_ST_CW_CLNT_HELLO_A:
		return 2;
	case SSL3_ST_CW_CLNT_HELLO_B:
		return 3;
	case SSL3_ST_CR_SRVR_HELLO_A:
		return 4;
	case SSL3_ST_CR_SRVR_HELLO_B:
		return 5;
	case SSL3_ST_CR_CERT_A:
		return 6;
	case SSL3_ST_CR_CERT_B:
		return 7;
	case SSL3_ST_CR_KEY_EXCH_A:
		return 8;
	case SSL3_ST_CR_KEY_EXCH_B:
		return 9;
	case SSL3_ST_CR_CERT_REQ_A:
		return 10;
	case SSL3_ST_CR_CERT_REQ_B:
		return 11;
	case SSL3_ST_CR_SRVR_DONE_A:
		return 12;
	case SSL3_ST_CR_SRVR_DONE_B:
		return 13;
	case SSL3_ST_CW_CERT_A:
		return 14;
	case SSL3_ST_CW_CERT_B:
		return 15;
	case SSL3_ST_CW_CERT_C:
		return 16;
	case SSL3_ST_CW_CERT_D:
		return 17;
	case SSL3_ST_CW_KEY_EXCH_A:
		return 18;
	case SSL3_ST_CW_KEY_EXCH_B:
		return 19;
	case SSL3_ST_CW_CERT_VRFY_A:
		return 20;
	case SSL3_ST_CW_CERT_VRFY_B:
		return 21;
	case SSL3_ST_CW_CHANGE_A:
		return 22;
	case SSL3_ST_CW_CHANGE_B:
		return 23;
	case SSL3_ST_CW_NEXT_PROTO_A:
		return 24;
	case SSL3_ST_CW_NEXT_PROTO_B:
		return 25;
	case SSL3_ST_CW_FINISHED_A:
		return 26;
	case SSL3_ST_CW_FINISHED_B:
		return 27;
	case SSL3_ST_CR_CHANGE_A:
		return 28;
	case SSL3_ST_CR_CHANGE_B:
		return 29;
	case SSL3_ST_CR_FINISHED_A:
		return 30;
	case SSL3_ST_CR_FINISHED_B:
		return 31;
	case SSL3_ST_CR_SESSION_TICKET_A:
		return 32;
	case SSL3_ST_CR_SESSION_TICKET_B:
		return 33;
	case SSL3_ST_CR_CERT_STATUS_A:
		return 34;
	case SSL3_ST_CR_CERT_STATUS_B:
		return 35;
	case SSL3_ST_SW_FLUSH:
		return 36;
	case SSL3_ST_SR_CLNT_HELLO_A:
		return 37;
	case SSL3_ST_SR_CLNT_HELLO_B:
		return 38;
	case SSL3_ST_SR_CLNT_HELLO_C:
		return 39;
	case SSL3_ST_SW_HELLO_REQ_A:
		return 40;
	case SSL3_ST_SW_HELLO_REQ_B:
		return 41;
	case SSL3_ST_SW_HELLO_REQ_C:
		return 42;
	case SSL3_ST_SW_SRVR_HELLO_A:
		return 43;
	case SSL3_ST_SW_SRVR_HELLO_B:
		return 44;
	case SSL3_ST_SW_CERT_A:
		return 45;
	case SSL3_ST_SW_CERT_B:
		return 46;
	case SSL3_ST_SW_KEY_EXCH_A:
		return 47;
	case SSL3_ST_SW_KEY_EXCH_B:
		return 48;
	case SSL3_ST_SW_CERT_REQ_A:
		return 49;
	case SSL3_ST_SW_CERT_REQ_B:
		return 50;
	case SSL3_ST_SW_SRVR_DONE_A:
		return 51;
	case SSL3_ST_SW_SRVR_DONE_B:
		return 52;
	case SSL3_ST_SR_CERT_A:
		return 53;
	case SSL3_ST_SR_CERT_B:
		return 54;
	case SSL3_ST_SR_KEY_EXCH_A:
		return 55;
	case SSL3_ST_SR_KEY_EXCH_B:
		return 56;
	case SSL3_ST_SR_CERT_VRFY_A:
		return 57;
	case SSL3_ST_SR_CERT_VRFY_B:
		return 58;
	case SSL3_ST_SR_CHANGE_A:
		return 59;
	case SSL3_ST_SR_CHANGE_B:
		return 60;
	case SSL3_ST_SR_NEXT_PROTO_A:
		return 61;
	case SSL3_ST_SR_NEXT_PROTO_B:
		return 62;
	case SSL3_ST_SR_FINISHED_A:
		return 63;
	case SSL3_ST_SR_FINISHED_B:
		return 64;
	case SSL3_ST_SW_CHANGE_A:
		return 65;
	case SSL3_ST_SW_CHANGE_B:
		return 66;
	case SSL3_ST_SW_FINISHED_A:
		return 67;
	case SSL3_ST_SW_FINISHED_B:
		return 68;
	case SSL3_ST_SW_SESSION_TICKET_A:
		return 69;
	case SSL3_ST_SW_SESSION_TICKET_B:
		return 70;
	case SSL3_ST_SW_CERT_STATUS_A:
		return 71;
	case SSL3_ST_SW_CERT_STATUS_B:
		return 72;
	case SSL_ST_BEFORE:
		return 73;
	case SSL_ST_ACCEPT:
		return 74;
	case SSL_ST_CONNECT:
		return 75;
	case SSL_ST_OK:
		return 76;
	case SSL_ST_RENEGOTIATE:
		return 77;
	case SSL_ST_BEFORE|SSL_ST_CONNECT:
		return 78;
	case SSL_ST_OK|SSL_ST_CONNECT:
		return 79;
	case SSL_ST_BEFORE|SSL_ST_ACCEPT:
		return 80;
	case SSL_ST_OK|SSL_ST_ACCEPT:
		return 81;
	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
		return 83;
	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
		return 84;
	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
		return 85;
	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
		return 86;
	default:
		break;
	}
	return 0xfff;
}
Deleted jni/libressl/ssl/ssl_err2.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/* $OpenBSD: ssl_err2.c,v 1.6 2014/11/16 14:12:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>

#include <openssl/err.h>
#include <openssl/ssl.h>

void
SSL_load_error_strings(void)
{
#ifndef OPENSSL_NO_ERR
	ERR_load_crypto_strings();
	ERR_load_SSL_strings();
#endif
}

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















































































































































Changes to jni/libressl/ssl/ssl_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_lib.c,v 1.116 2015/10/25 15:52:49 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_lib.c,v 1.158 2017/02/28 14:08:49 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

278



279

280
281



282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333




























334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
#include <openssl/engine.h>
#endif

#include "bytestring.h"

const char *SSL_version_str = OPENSSL_VERSION_TEXT;

SSL3_ENC_METHOD ssl3_undef_enc_method = {
	/*
	 * Evil casts, but these functions are only called if there's a
	 * library bug.
	 */
	.enc = (int (*)(SSL *, int))ssl_undefined_function,
	.mac = (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
	.setup_key_block = ssl_undefined_function,
	.generate_master_secret = (int (*)(SSL *, unsigned char *,
	    unsigned char *, int))ssl_undefined_function,
	.change_cipher_state = (int (*)(SSL*, int))ssl_undefined_function,
	.final_finish_mac = (int (*)(SSL *,  const char*, int,
	    unsigned char *))ssl_undefined_function,
	.finish_mac_length = 0,
	.cert_verify_mac = (int (*)(SSL *, int,
	    unsigned char *))ssl_undefined_function,
	.client_finished_label = NULL,
	.client_finished_label_len = 0,
	.server_finished_label = NULL,
	.server_finished_label_len = 0,
	.alert_value = (int (*)(int))ssl_undefined_function,
	.export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
	    const char *, size_t, const unsigned char *, size_t,
	    int use_context))ssl_undefined_function,
	.enc_flags = 0,
};

int
SSL_clear(SSL *s)
{
	if (s->method == NULL) {
		SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
		return (0);
	}

	if (ssl_clear_bad_session(s)) {
		SSL_SESSION_free(s->session);
		s->session = NULL;
	}

	s->error = 0;
	s->hit = 0;
	s->shutdown = 0;

	if (s->renegotiate) {
		SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
		return (0);
	}

	s->type = 0;

	s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);

	s->version = s->method->version;
	s->client_version = s->version;
	s->rwstate = SSL_NOTHING;
	s->rstate = SSL_ST_READ_HEADER;

	BUF_MEM_free(s->init_buf);
	s->init_buf = NULL;

	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->write_hash);

	s->first_packet = 0;

	/*
	 * Check to see if we were changed into a different method, if
	 * so, revert back if we are not doing session-id reuse.
	 */
	if (!s->in_handshake && (s->session == NULL) &&
	    (s->method != s->ctx->method)) {
		s->method->ssl_free(s);
		s->method = s->ctx->method;
		if (!s->method->ssl_new(s))
			return (0);
	} else
		s->method->ssl_clear(s);

	return (1);
}

/* Used to change an SSL_CTXs default SSL method type */
int
SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
	STACK_OF(SSL_CIPHER)	*sk;

	ctx->method = meth;

	sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
	    &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
		    SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
		return (0);
	}
	return (1);
}

SSL *
SSL_new(SSL_CTX *ctx)
{
	SSL	*s;

	if (ctx == NULL) {
		SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
		return (NULL);
	}
	if (ctx->method == NULL) {
		SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
		return (NULL);
	}

	s = calloc(1, sizeof(SSL));

	if (s == NULL)



		goto err;






	s->options = ctx->options;
	s->mode = ctx->mode;
	s->max_cert_list = ctx->max_cert_list;

	if (ctx->cert != NULL) {
		/*
		 * Earlier library versions used to copy the pointer to
		 * the CERT, not its contents; only when setting new
		 * parameters for the per-SSL copy, ssl_cert_new would be
		 * called (and the direct reference to the per-SSL_CTX
		 * settings would be lost, but those still were indirectly
		 * accessed for various purposes, and for that reason they
		 * used to be known as s->ctx->default_cert).
		 * Now we don't look at the SSL_CTX's CERT after having
		 * duplicated it once.
		*/
		s->cert = ssl_cert_dup(ctx->cert);
		if (s->cert == NULL)
			goto err;
	} else
		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */

	s->read_ahead = ctx->read_ahead;
	s->msg_callback = ctx->msg_callback;
	s->msg_callback_arg = ctx->msg_callback_arg;
	s->verify_mode = ctx->verify_mode;
	s->sid_ctx_length = ctx->sid_ctx_length;
	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
	memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
	s->verify_callback = ctx->default_verify_callback;
	s->generate_session_id = ctx->generate_session_id;

	s->param = X509_VERIFY_PARAM_new();
	if (!s->param)
		goto err;
	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
	s->quiet_shutdown = ctx->quiet_shutdown;
	s->max_send_fragment = ctx->max_send_fragment;

	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
	s->ctx = ctx;
	s->tlsext_debug_cb = 0;
	s->tlsext_debug_arg = NULL;
	s->tlsext_ticket_expected = 0;
	s->tlsext_status_type = -1;
	s->tlsext_status_expected = 0;
	s->tlsext_ocsp_ids = NULL;
	s->tlsext_ocsp_exts = NULL;
	s->tlsext_ocsp_resp = NULL;
	s->tlsext_ocsp_resplen = -1;
	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
	s->initial_ctx = ctx;




























	s->next_proto_negotiated = NULL;

	if (s->ctx->alpn_client_proto_list != NULL) {
		s->alpn_client_proto_list =
		    malloc(s->ctx->alpn_client_proto_list_len);
		if (s->alpn_client_proto_list == NULL)
			goto err;
		memcpy(s->alpn_client_proto_list,
		    s->ctx->alpn_client_proto_list,
		    s->ctx->alpn_client_proto_list_len);
		s->alpn_client_proto_list_len =
		    s->ctx->alpn_client_proto_list_len;
	}

	s->verify_result = X509_V_OK;

	s->method = ctx->method;

	if (!s->method->ssl_new(s))
		goto err;

	s->references = 1;
	s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;

	SSL_clear(s);

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

	return (s);

err:
	SSL_free(s);
	SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
	return (NULL);
}

int
SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
{
	if (sid_ctx_len > sizeof ctx->sid_ctx) {
		SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
		    SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
		return (0);
	}
	ctx->sid_ctx_length = sid_ctx_len;
	memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);

	return (1);
}

int
SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
{
	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
		SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
		    SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
		return (0);
	}
	ssl->sid_ctx_length = sid_ctx_len;
	memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);

	return (1);
}

int
SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
{
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	ctx->generate_session_id = cb;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
	return (1);
}

int
SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
{
	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
	ssl->generate_session_id = cb;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
	return (1);
}

int
SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
    unsigned int id_len)







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<




|









|
|

|
|



|

|

|

|
|

|
|



|

|





|

|

|


|













|

<
|











|



|



|
>
|
>
>
>
|
>
|

>
>
>
|
|
|

|











|





|
|
|




|
|





|
|



|
|
|

|
|
|
|
|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

|
|
|
|

|
|
|
|
|






|



|



|



|

|








<
|













<
|












|








|







155
156
157
158
159
160
161



























162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382

383
384
385
386
387
388
389
390
391
392
393
394
395
396

397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
#include <openssl/engine.h>
#endif

#include "bytestring.h"

const char *SSL_version_str = OPENSSL_VERSION_TEXT;




























int
SSL_clear(SSL *s)
{
	if (s->method == NULL) {
		SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
		return (0);
	}

	if (ssl_clear_bad_session(s)) {
		SSL_SESSION_free(s->session);
		s->session = NULL;
	}

	s->error = 0;
	s->internal->hit = 0;
	s->internal->shutdown = 0;

	if (s->internal->renegotiate) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return (0);
	}

	s->internal->type = 0;

	s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);

	s->version = s->method->internal->version;
	s->client_version = s->version;
	s->internal->rwstate = SSL_NOTHING;
	s->internal->rstate = SSL_ST_READ_HEADER;

	BUF_MEM_free(s->internal->init_buf);
	s->internal->init_buf = NULL;

	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->internal->write_hash);

	s->internal->first_packet = 0;

	/*
	 * Check to see if we were changed into a different method, if
	 * so, revert back if we are not doing session-id reuse.
	 */
	if (!s->internal->in_handshake && (s->session == NULL) &&
	    (s->method != s->ctx->method)) {
		s->method->internal->ssl_free(s);
		s->method = s->ctx->method;
		if (!s->method->internal->ssl_new(s))
			return (0);
	} else
		s->method->internal->ssl_clear(s);

	return (1);
}

/* Used to change an SSL_CTXs default SSL method type */
int
SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
	STACK_OF(SSL_CIPHER)	*sk;

	ctx->method = meth;

	sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
	    &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {

		SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
		return (0);
	}
	return (1);
}

SSL *
SSL_new(SSL_CTX *ctx)
{
	SSL	*s;

	if (ctx == NULL) {
		SSLerrorx(SSL_R_NULL_SSL_CTX);
		return (NULL);
	}
	if (ctx->method == NULL) {
		SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
		return (NULL);
	}

	if ((s = calloc(1, sizeof(*s))) == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) {
		free(s);
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	s->internal->min_version = ctx->internal->min_version;
	s->internal->max_version = ctx->internal->max_version;

	s->internal->options = ctx->internal->options;
	s->internal->mode = ctx->internal->mode;
	s->internal->max_cert_list = ctx->internal->max_cert_list;

	if (ctx->internal->cert != NULL) {
		/*
		 * Earlier library versions used to copy the pointer to
		 * the CERT, not its contents; only when setting new
		 * parameters for the per-SSL copy, ssl_cert_new would be
		 * called (and the direct reference to the per-SSL_CTX
		 * settings would be lost, but those still were indirectly
		 * accessed for various purposes, and for that reason they
		 * used to be known as s->ctx->default_cert).
		 * Now we don't look at the SSL_CTX's CERT after having
		 * duplicated it once.
		*/
		s->cert = ssl_cert_dup(ctx->internal->cert);
		if (s->cert == NULL)
			goto err;
	} else
		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */

	s->internal->read_ahead = ctx->internal->read_ahead;
	s->internal->msg_callback = ctx->internal->msg_callback;
	s->internal->msg_callback_arg = ctx->internal->msg_callback_arg;
	s->verify_mode = ctx->verify_mode;
	s->sid_ctx_length = ctx->sid_ctx_length;
	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
	memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
	s->internal->verify_callback = ctx->internal->default_verify_callback;
	s->internal->generate_session_id = ctx->internal->generate_session_id;

	s->param = X509_VERIFY_PARAM_new();
	if (!s->param)
		goto err;
	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
	s->internal->quiet_shutdown = ctx->internal->quiet_shutdown;
	s->max_send_fragment = ctx->internal->max_send_fragment;

	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
	s->ctx = ctx;
	s->internal->tlsext_debug_cb = 0;
	s->internal->tlsext_debug_arg = NULL;
	s->internal->tlsext_ticket_expected = 0;
	s->tlsext_status_type = -1;
	s->internal->tlsext_status_expected = 0;
	s->internal->tlsext_ocsp_ids = NULL;
	s->internal->tlsext_ocsp_exts = NULL;
	s->internal->tlsext_ocsp_resp = NULL;
	s->internal->tlsext_ocsp_resplen = -1;
	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
	s->initial_ctx = ctx;

	if (ctx->internal->tlsext_ecpointformatlist != NULL) {
		s->internal->tlsext_ecpointformatlist =
		    calloc(ctx->internal->tlsext_ecpointformatlist_length,
			sizeof(ctx->internal->tlsext_ecpointformatlist[0]));
		if (s->internal->tlsext_ecpointformatlist == NULL)
			goto err;
		memcpy(s->internal->tlsext_ecpointformatlist,
		    ctx->internal->tlsext_ecpointformatlist,
		    ctx->internal->tlsext_ecpointformatlist_length *
		    sizeof(ctx->internal->tlsext_ecpointformatlist[0]));
		s->internal->tlsext_ecpointformatlist_length =
		    ctx->internal->tlsext_ecpointformatlist_length;
	}
	if (ctx->internal->tlsext_supportedgroups != NULL) {
		s->internal->tlsext_supportedgroups =
		    calloc(ctx->internal->tlsext_supportedgroups_length,
			sizeof(ctx->internal->tlsext_supportedgroups));
		if (s->internal->tlsext_supportedgroups == NULL)
			goto err;
		memcpy(s->internal->tlsext_supportedgroups,
		    ctx->internal->tlsext_supportedgroups,
		    ctx->internal->tlsext_supportedgroups_length *
		    sizeof(ctx->internal->tlsext_supportedgroups[0]));
		s->internal->tlsext_supportedgroups_length =
		    ctx->internal->tlsext_supportedgroups_length;
	}

	s->internal->next_proto_negotiated = NULL;

	if (s->ctx->internal->alpn_client_proto_list != NULL) {
		s->internal->alpn_client_proto_list =
		    malloc(s->ctx->internal->alpn_client_proto_list_len);
		if (s->internal->alpn_client_proto_list == NULL)
			goto err;
		memcpy(s->internal->alpn_client_proto_list,
		    s->ctx->internal->alpn_client_proto_list,
		    s->ctx->internal->alpn_client_proto_list_len);
		s->internal->alpn_client_proto_list_len =
		    s->ctx->internal->alpn_client_proto_list_len;
	}

	s->verify_result = X509_V_OK;

	s->method = ctx->method;

	if (!s->method->internal->ssl_new(s))
		goto err;

	s->references = 1;
	s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;

	SSL_clear(s);

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data);

	return (s);

 err:
	SSL_free(s);
	SSLerrorx(ERR_R_MALLOC_FAILURE);
	return (NULL);
}

int
SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
{
	if (sid_ctx_len > sizeof ctx->sid_ctx) {

		SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
		return (0);
	}
	ctx->sid_ctx_length = sid_ctx_len;
	memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);

	return (1);
}

int
SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
{
	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {

		SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
		return (0);
	}
	ssl->sid_ctx_length = sid_ctx_len;
	memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);

	return (1);
}

int
SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
{
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	ctx->internal->generate_session_id = cb;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
	return (1);
}

int
SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
{
	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
	ssl->internal->generate_session_id = cb;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
	return (1);
}

int
SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
    unsigned int id_len)
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
		return (0);

	r.ssl_version = ssl->version;
	r.session_id_length = id_len;
	memcpy(r.session_id, id, id_len);

	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
	return (p != NULL);
}

int
SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{







|







438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
		return (0);

	r.ssl_version = ssl->version;
	r.session_id_length = id_len;
	memcpy(r.session_id, id, id_len);

	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
	p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r);
	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
	return (p != NULL);
}

int
SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534

535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560

561
562
563
564
565
566
567
	if (s == NULL)
		return;

	i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
	if (i > 0)
		return;

	if (s->param)
		X509_VERIFY_PARAM_free(s->param);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

	if (s->bbio != NULL) {
		/* If the buffering BIO is in place, pop it off */
		if (s->bbio == s->wbio) {
			s->wbio = BIO_pop(s->wbio);
		}
		BIO_free(s->bbio);
		s->bbio = NULL;
	}

	if (s->rbio != s->wbio)
		BIO_free_all(s->rbio);
	BIO_free_all(s->wbio);

	if (s->init_buf != NULL)
		BUF_MEM_free(s->init_buf);

	/* add extra stuff */
	if (s->cipher_list != NULL)
		sk_SSL_CIPHER_free(s->cipher_list);
	if (s->cipher_list_by_id != NULL)
		sk_SSL_CIPHER_free(s->cipher_list_by_id);

	/* Make the next call work :-) */
	if (s->session != NULL) {
		ssl_clear_bad_session(s);
		SSL_SESSION_free(s->session);
	}

	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->write_hash);

	if (s->cert != NULL)
		ssl_cert_free(s->cert);
	/* Free up if allocated */

	free(s->tlsext_hostname);
	SSL_CTX_free(s->initial_ctx);

	free(s->tlsext_ecpointformatlist);
	free(s->tlsext_ellipticcurvelist);
	if (s->tlsext_ocsp_exts)
		sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
		    X509_EXTENSION_free);
	if (s->tlsext_ocsp_ids)
		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
	free(s->tlsext_ocsp_resp);

	if (s->client_CA != NULL)
		sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);

	if (s->method != NULL)
		s->method->ssl_free(s);

	SSL_CTX_free(s->ctx);


	free(s->next_proto_negotiated);
	free(s->alpn_client_proto_list);

#ifndef OPENSSL_NO_SRTP
	if (s->srtp_profiles)
		sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
#endif


	free(s);
}

void
SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
{
	/* If the output buffering BIO is still in place, remove it */







<
|

|














<
|


<
|
<
|









|

<
|
<



>
|
|
|
|
|
<
|
|

<
|


|



<
|
|


<
|


>







491
492
493
494
495
496
497

498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514

515
516
517

518

519
520
521
522
523
524
525
526
527
528
529
530

531

532
533
534
535
536
537
538
539
540

541
542
543

544
545
546
547
548
549
550

551
552
553
554

555
556
557
558
559
560
561
562
563
564
565
	if (s == NULL)
		return;

	i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
	if (i > 0)
		return;


	X509_VERIFY_PARAM_free(s->param);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data);

	if (s->bbio != NULL) {
		/* If the buffering BIO is in place, pop it off */
		if (s->bbio == s->wbio) {
			s->wbio = BIO_pop(s->wbio);
		}
		BIO_free(s->bbio);
		s->bbio = NULL;
	}

	if (s->rbio != s->wbio)
		BIO_free_all(s->rbio);
	BIO_free_all(s->wbio);


	BUF_MEM_free(s->internal->init_buf);

	/* add extra stuff */

	sk_SSL_CIPHER_free(s->cipher_list);

	sk_SSL_CIPHER_free(s->internal->cipher_list_by_id);

	/* Make the next call work :-) */
	if (s->session != NULL) {
		ssl_clear_bad_session(s);
		SSL_SESSION_free(s->session);
	}

	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->internal->write_hash);


	ssl_cert_free(s->cert);


	free(s->tlsext_hostname);
	SSL_CTX_free(s->initial_ctx);

	free(s->internal->tlsext_ecpointformatlist);
	free(s->internal->tlsext_supportedgroups);

	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
	    X509_EXTENSION_free);

	sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
	free(s->internal->tlsext_ocsp_resp);


	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);

	if (s->method != NULL)
		s->method->internal->ssl_free(s);

	SSL_CTX_free(s->ctx);


	free(s->internal->next_proto_negotiated);
	free(s->internal->alpn_client_proto_list);

#ifndef OPENSSL_NO_SRTP

	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
#endif

	free(s->internal);
	free(s);
}

void
SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
{
	/* If the output buffering BIO is still in place, remove it */
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
{
	int	 ret = 0;
	BIO	*bio = NULL;

	bio = BIO_new(BIO_s_socket());

	if (bio == NULL) {
		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
		goto err;
	}
	BIO_set_fd(bio, fd, BIO_NOCLOSE);
	SSL_set_bio(s, bio, bio);
	ret = 1;
err:
	return (ret);
}

int
SSL_set_wfd(SSL *s, int fd)
{
	int	 ret = 0;
	BIO	*bio = NULL;

	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
	    || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
		bio = BIO_new(BIO_s_socket());

		if (bio == NULL) {
			SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
			goto err;
		}
		BIO_set_fd(bio, fd, BIO_NOCLOSE);
		SSL_set_bio(s, SSL_get_rbio(s), bio);
	} else
		SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
	ret = 1;







|




















|







627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
{
	int	 ret = 0;
	BIO	*bio = NULL;

	bio = BIO_new(BIO_s_socket());

	if (bio == NULL) {
		SSLerror(s, ERR_R_BUF_LIB);
		goto err;
	}
	BIO_set_fd(bio, fd, BIO_NOCLOSE);
	SSL_set_bio(s, bio, bio);
	ret = 1;
err:
	return (ret);
}

int
SSL_set_wfd(SSL *s, int fd)
{
	int	 ret = 0;
	BIO	*bio = NULL;

	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
	    || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
		bio = BIO_new(BIO_s_socket());

		if (bio == NULL) {
			SSLerror(s, ERR_R_BUF_LIB);
			goto err;
		}
		BIO_set_fd(bio, fd, BIO_NOCLOSE);
		SSL_set_bio(s, SSL_get_rbio(s), bio);
	} else
		SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
	ret = 1;
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
	BIO	*bio = NULL;

	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
	    || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
		bio = BIO_new(BIO_s_socket());

		if (bio == NULL) {
			SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
			goto err;
		}
		BIO_set_fd(bio, fd, BIO_NOCLOSE);
		SSL_set_bio(s, bio, SSL_get_wbio(s));
	} else
		SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
	ret = 1;
err:
	return (ret);
}


/* return length of latest Finished message we sent, copy to 'buf' */
size_t
SSL_get_finished(const SSL *s, void *buf, size_t count)
{
	size_t	ret = 0;

	if (s->s3 != NULL) {
		ret = s->s3->tmp.finish_md_len;
		if (count > ret)
			count = ret;
		memcpy(buf, s->s3->tmp.finish_md, count);
	}
	return (ret);
}

/* return length of latest Finished message we expected, copy to 'buf' */
size_t
SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
{
	size_t	ret = 0;

	if (s->s3 != NULL) {
		ret = s->s3->tmp.peer_finish_md_len;
		if (count > ret)
			count = ret;
		memcpy(buf, s->s3->tmp.peer_finish_md, count);
	}
	return (ret);
}


int
SSL_get_verify_mode(const SSL *s)
{
	return (s->verify_mode);
}

int
SSL_get_verify_depth(const SSL *s)
{
	return (X509_VERIFY_PARAM_get_depth(s->param));
}

int
(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
{
	return (s->verify_callback);
}

int
SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
	return (ctx->verify_mode);
}

int
SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
	return (X509_VERIFY_PARAM_get_depth(ctx->param));
}

int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
{
	return (ctx->default_verify_callback);
}

void
SSL_set_verify(SSL *s, int mode,
    int (*callback)(int ok, X509_STORE_CTX *ctx))
{
	s->verify_mode = mode;
	if (callback != NULL)
		s->verify_callback = callback;
}

void
SSL_set_verify_depth(SSL *s, int depth)
{
	X509_VERIFY_PARAM_set_depth(s->param, depth);
}

void
SSL_set_read_ahead(SSL *s, int yes)
{
	s->read_ahead = yes;
}

int
SSL_get_read_ahead(const SSL *s)
{
	return (s->read_ahead);
}

int
SSL_pending(const SSL *s)
{
	/*
	 * SSL_pending cannot work properly if read-ahead is enabled
	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
	 * and it is impossible to fix since SSL_pending cannot report
	 * errors that may be observed while scanning the new data.
	 * (Note that SSL_pending() is often used as a boolean value,
	 * so we'd better not return -1.)
	 */
	return (s->method->ssl_pending(s));
}

X509 *
SSL_get_peer_certificate(const SSL *s)
{
	X509	*r;








|



















|


|











|


|




















|
















|








|











|





|













|







671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
	BIO	*bio = NULL;

	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
	    || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
		bio = BIO_new(BIO_s_socket());

		if (bio == NULL) {
			SSLerror(s, ERR_R_BUF_LIB);
			goto err;
		}
		BIO_set_fd(bio, fd, BIO_NOCLOSE);
		SSL_set_bio(s, bio, SSL_get_wbio(s));
	} else
		SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
	ret = 1;
err:
	return (ret);
}


/* return length of latest Finished message we sent, copy to 'buf' */
size_t
SSL_get_finished(const SSL *s, void *buf, size_t count)
{
	size_t	ret = 0;

	if (s->s3 != NULL) {
		ret = S3I(s)->tmp.finish_md_len;
		if (count > ret)
			count = ret;
		memcpy(buf, S3I(s)->tmp.finish_md, count);
	}
	return (ret);
}

/* return length of latest Finished message we expected, copy to 'buf' */
size_t
SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
{
	size_t	ret = 0;

	if (s->s3 != NULL) {
		ret = S3I(s)->tmp.peer_finish_md_len;
		if (count > ret)
			count = ret;
		memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
	}
	return (ret);
}


int
SSL_get_verify_mode(const SSL *s)
{
	return (s->verify_mode);
}

int
SSL_get_verify_depth(const SSL *s)
{
	return (X509_VERIFY_PARAM_get_depth(s->param));
}

int
(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
{
	return (s->internal->verify_callback);
}

int
SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
	return (ctx->verify_mode);
}

int
SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
	return (X509_VERIFY_PARAM_get_depth(ctx->param));
}

int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
{
	return (ctx->internal->default_verify_callback);
}

void
SSL_set_verify(SSL *s, int mode,
    int (*callback)(int ok, X509_STORE_CTX *ctx))
{
	s->verify_mode = mode;
	if (callback != NULL)
		s->internal->verify_callback = callback;
}

void
SSL_set_verify_depth(SSL *s, int depth)
{
	X509_VERIFY_PARAM_set_depth(s->param, depth);
}

void
SSL_set_read_ahead(SSL *s, int yes)
{
	s->internal->read_ahead = yes;
}

int
SSL_get_read_ahead(const SSL *s)
{
	return (s->internal->read_ahead);
}

int
SSL_pending(const SSL *s)
{
	/*
	 * SSL_pending cannot work properly if read-ahead is enabled
	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
	 * and it is impossible to fix since SSL_pending cannot report
	 * errors that may be observed while scanning the new data.
	 * (Note that SSL_pending() is often used as a boolean value,
	 * so we'd better not return -1.)
	 */
	return (s->method->internal->ssl_pending(s));
}

X509 *
SSL_get_peer_certificate(const SSL *s)
{
	X509	*r;

817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834

STACK_OF(X509) *
SSL_get_peer_cert_chain(const SSL *s)
{
	STACK_OF(X509)	*r;

	if ((s == NULL) || (s->session == NULL) ||
	    (s->session->sess_cert == NULL))
		r = NULL;
	else
		r = s->session->sess_cert->cert_chain;

	/*
	 * If we are a client, cert_chain includes the peer's own
	 * certificate;
	 * if we are a server, it does not.
	 */
	return (r);







|


|







815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832

STACK_OF(X509) *
SSL_get_peer_cert_chain(const SSL *s)
{
	STACK_OF(X509)	*r;

	if ((s == NULL) || (s->session == NULL) ||
	    (SSI(s)->sess_cert == NULL))
		r = NULL;
	else
		r = SSI(s)->sess_cert->cert_chain;

	/*
	 * If we are a client, cert_chain includes the peer's own
	 * certificate;
	 * if we are a server, it does not.
	 */
	return (r);
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089

1090

1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
	SSL_set_session(t, SSL_get_session(f));

	/*
	 * What if we are setup as SSLv2 but want to talk SSLv3 or
	 * vice-versa.
	 */
	if (t->method != f->method) {
		t->method->ssl_free(t);	/* cleanup current */
		t->method=f->method;	/* change method */
		t->method->ssl_new(t);	/* setup new */
	}

	tmp = t->cert;
	if (f->cert != NULL) {
		CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
		t->cert = f->cert;
	} else
		t->cert = NULL;
	if (tmp != NULL)
		ssl_cert_free(tmp);
	SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
}

/* Fix this so it checks all the valid key/cert options */
int
SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
	if ((ctx == NULL) || (ctx->cert == NULL) ||
	    (ctx->cert->key->x509 == NULL)) {
		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
		    SSL_R_NO_CERTIFICATE_ASSIGNED);
		return (0);
	}
	if (ctx->cert->key->privatekey == NULL) {
		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
		    SSL_R_NO_PRIVATE_KEY_ASSIGNED);
		return (0);
	}
	return (X509_check_private_key(ctx->cert->key->x509,
	    ctx->cert->key->privatekey));
}

/* Fix this function so that it takes an optional type parameter */
int
SSL_check_private_key(const SSL *ssl)
{
	if (ssl == NULL) {
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
		    ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (ssl->cert == NULL) {
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
		    SSL_R_NO_CERTIFICATE_ASSIGNED);
		return (0);
	}
	if (ssl->cert->key->x509 == NULL) {
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
		    SSL_R_NO_CERTIFICATE_ASSIGNED);
		return (0);
	}
	if (ssl->cert->key->privatekey == NULL) {
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
		    SSL_R_NO_PRIVATE_KEY_ASSIGNED);
		return (0);
	}
	return (X509_check_private_key(ssl->cert->key->x509,
	    ssl->cert->key->privatekey));
}

int
SSL_accept(SSL *s)
{
	if (s->handshake_func == NULL)
		SSL_set_accept_state(s); /* Not properly initialized yet */

	return (s->method->ssl_accept(s));
}

int
SSL_connect(SSL *s)
{
	if (s->handshake_func == NULL)
		SSL_set_connect_state(s); /* Not properly initialized yet */

	return (s->method->ssl_connect(s));
}

long
SSL_get_default_timeout(const SSL *s)
{
	return (s->method->get_timeout());
}

int
SSL_read(SSL *s, void *buf, int num)
{
	if (s->handshake_func == NULL) {
		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
		s->rwstate = SSL_NOTHING;
		return (0);
	}
	return (s->method->ssl_read(s, buf, num));
}

int
SSL_peek(SSL *s, void *buf, int num)
{
	if (s->handshake_func == NULL) {
		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
		return (0);
	}
	return (s->method->ssl_peek(s, buf, num));
}

int
SSL_write(SSL *s, const void *buf, int num)
{
	if (s->handshake_func == NULL) {
		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if (s->shutdown & SSL_SENT_SHUTDOWN) {
		s->rwstate = SSL_NOTHING;
		SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
		return (-1);
	}
	return (s->method->ssl_write(s, buf, num));
}

int
SSL_shutdown(SSL *s)
{
	/*
	 * Note that this function behaves differently from what one might
	 * expect.  Return values are 0 for no success (yet),
	 * 1 for success; but calling it once is usually not enough,
	 * even if blocking I/O is used (see ssl3_shutdown).
	 */

	if (s->handshake_func == NULL) {
		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if ((s != NULL) && !SSL_in_init(s))
		return (s->method->ssl_shutdown(s));
	else
		return (1);
}

int
SSL_renegotiate(SSL *s)
{
	if (s->renegotiate == 0)
		s->renegotiate = 1;

	s->new_session = 1;

	return (s->method->ssl_renegotiate(s));
}

int
SSL_renegotiate_abbreviated(SSL *s)
{
	if (s->renegotiate == 0)
		s->renegotiate = 1;

	s->new_session = 0;

	return (s->method->ssl_renegotiate(s));
}

int
SSL_renegotiate_pending(SSL *s)
{
	/*
	 * Becomes true when negotiation is requested;
	 * false again once a handshake has finished.
	 */
	return (s->renegotiate != 0);
}

long
SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
{
	long	l;

	switch (cmd) {
	case SSL_CTRL_GET_READ_AHEAD:
		return (s->read_ahead);
	case SSL_CTRL_SET_READ_AHEAD:
		l = s->read_ahead;
		s->read_ahead = larg;
		return (l);

	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
		s->msg_callback_arg = parg;
		return (1);

	case SSL_CTRL_OPTIONS:
		return (s->options|=larg);
	case SSL_CTRL_CLEAR_OPTIONS:
		return (s->options&=~larg);
	case SSL_CTRL_MODE:
		return (s->mode|=larg);
	case SSL_CTRL_CLEAR_MODE:
		return (s->mode &=~larg);
	case SSL_CTRL_GET_MAX_CERT_LIST:
		return (s->max_cert_list);
	case SSL_CTRL_SET_MAX_CERT_LIST:
		l = s->max_cert_list;
		s->max_cert_list = larg;
		return (l);
	case SSL_CTRL_SET_MTU:
#ifndef OPENSSL_NO_DTLS1
		if (larg < (long)dtls1_min_mtu())
			return (0);
#endif
		if (SSL_IS_DTLS(s)) {
			s->d1->mtu = larg;
			return (larg);
		}
		return (0);
	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
			return (0);
		s->max_send_fragment = larg;
		return (1);
	case SSL_CTRL_GET_RI_SUPPORT:
		if (s->s3)
			return (s->s3->send_connection_binding);
		else return (0);
	default:

		return (s->method->ssl_ctrl(s, cmd, larg, parg));

	}
}

long
SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
	switch (cmd) {
	case SSL_CTRL_SET_MSG_CALLBACK:
		s->msg_callback = (void (*)(int write_p, int version,
		    int content_type, const void *buf, size_t len,
		    SSL *ssl, void *arg))(fp);
		return (1);

	default:
		return (s->method->ssl_callback_ctrl(s, cmd, fp));
	}
}

LHASH_OF(SSL_SESSION) *
SSL_CTX_sessions(SSL_CTX *ctx)
{
	return (ctx->sessions);
}

long
SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
	long	l;

	switch (cmd) {
	case SSL_CTRL_GET_READ_AHEAD:
		return (ctx->read_ahead);
	case SSL_CTRL_SET_READ_AHEAD:
		l = ctx->read_ahead;
		ctx->read_ahead = larg;
		return (l);

	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
		ctx->msg_callback_arg = parg;
		return (1);

	case SSL_CTRL_GET_MAX_CERT_LIST:
		return (ctx->max_cert_list);
	case SSL_CTRL_SET_MAX_CERT_LIST:
		l = ctx->max_cert_list;
		ctx->max_cert_list = larg;
		return (l);

	case SSL_CTRL_SET_SESS_CACHE_SIZE:
		l = ctx->session_cache_size;
		ctx->session_cache_size = larg;
		return (l);
	case SSL_CTRL_GET_SESS_CACHE_SIZE:
		return (ctx->session_cache_size);
	case SSL_CTRL_SET_SESS_CACHE_MODE:
		l = ctx->session_cache_mode;
		ctx->session_cache_mode = larg;
		return (l);
	case SSL_CTRL_GET_SESS_CACHE_MODE:
		return (ctx->session_cache_mode);

	case SSL_CTRL_SESS_NUMBER:
		return (lh_SSL_SESSION_num_items(ctx->sessions));
	case SSL_CTRL_SESS_CONNECT:
		return (ctx->stats.sess_connect);
	case SSL_CTRL_SESS_CONNECT_GOOD:
		return (ctx->stats.sess_connect_good);
	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
		return (ctx->stats.sess_connect_renegotiate);
	case SSL_CTRL_SESS_ACCEPT:
		return (ctx->stats.sess_accept);
	case SSL_CTRL_SESS_ACCEPT_GOOD:
		return (ctx->stats.sess_accept_good);
	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
		return (ctx->stats.sess_accept_renegotiate);
	case SSL_CTRL_SESS_HIT:
		return (ctx->stats.sess_hit);
	case SSL_CTRL_SESS_CB_HIT:
		return (ctx->stats.sess_cb_hit);
	case SSL_CTRL_SESS_MISSES:
		return (ctx->stats.sess_miss);
	case SSL_CTRL_SESS_TIMEOUTS:
		return (ctx->stats.sess_timeout);
	case SSL_CTRL_SESS_CACHE_FULL:
		return (ctx->stats.sess_cache_full);
	case SSL_CTRL_OPTIONS:
		return (ctx->options|=larg);
	case SSL_CTRL_CLEAR_OPTIONS:
		return (ctx->options&=~larg);
	case SSL_CTRL_MODE:
		return (ctx->mode|=larg);
	case SSL_CTRL_CLEAR_MODE:
		return (ctx->mode&=~larg);
	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
			return (0);
		ctx->max_send_fragment = larg;
		return (1);
	default:
		return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
	}
}

long
SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
	switch (cmd) {
	case SSL_CTRL_SET_MSG_CALLBACK:
		ctx->msg_callback = (void (*)(int write_p, int version,
		    int content_type, const void *buf, size_t len, SSL *ssl,
		    void *arg))(fp);
		return (1);

	default:
		return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
	}
}

int
ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
	long	l;







|
|
|








<
|







|
|
<
|


|
<
|


|
|







<
|



<
|



<
|



<
|









|


|





|


|





|





|
|



|
|


|





|
|



|


|





|
|



|
|
|


|












|
|




|







|
|

|

|





|
|

|

|









|









|

|
|



|



|

|

|

|

|

|
|







|










|


>
|
>








|





|



|


|









|

|
|



|



|

|
|



|
|


|

|
|


|


|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|



|


|








|





|







845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862

863
864
865
866
867
868
869
870
871
872

873
874
875
876

877
878
879
880
881
882
883
884
885
886
887
888

889
890
891
892

893
894
895
896

897
898
899
900

901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
	SSL_set_session(t, SSL_get_session(f));

	/*
	 * What if we are setup as SSLv2 but want to talk SSLv3 or
	 * vice-versa.
	 */
	if (t->method != f->method) {
		t->method->internal->ssl_free(t);	/* cleanup current */
		t->method = f->method;	/* change method */
		t->method->internal->ssl_new(t);	/* setup new */
	}

	tmp = t->cert;
	if (f->cert != NULL) {
		CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
		t->cert = f->cert;
	} else
		t->cert = NULL;

	ssl_cert_free(tmp);
	SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
}

/* Fix this so it checks all the valid key/cert options */
int
SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
	if ((ctx == NULL) || (ctx->internal->cert == NULL) ||
	    (ctx->internal->cert->key->x509 == NULL)) {

		SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
		return (0);
	}
	if (ctx->internal->cert->key->privatekey == NULL) {

		SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
		return (0);
	}
	return (X509_check_private_key(ctx->internal->cert->key->x509,
	    ctx->internal->cert->key->privatekey));
}

/* Fix this function so that it takes an optional type parameter */
int
SSL_check_private_key(const SSL *ssl)
{
	if (ssl == NULL) {

		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (ssl->cert == NULL) {

		SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
		return (0);
	}
	if (ssl->cert->key->x509 == NULL) {

		SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
		return (0);
	}
	if (ssl->cert->key->privatekey == NULL) {

		SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
		return (0);
	}
	return (X509_check_private_key(ssl->cert->key->x509,
	    ssl->cert->key->privatekey));
}

int
SSL_accept(SSL *s)
{
	if (s->internal->handshake_func == NULL)
		SSL_set_accept_state(s); /* Not properly initialized yet */

	return (s->method->internal->ssl_accept(s));
}

int
SSL_connect(SSL *s)
{
	if (s->internal->handshake_func == NULL)
		SSL_set_connect_state(s); /* Not properly initialized yet */

	return (s->method->internal->ssl_connect(s));
}

long
SSL_get_default_timeout(const SSL *s)
{
	return (s->method->internal->get_timeout());
}

int
SSL_read(SSL *s, void *buf, int num)
{
	if (s->internal->handshake_func == NULL) {
		SSLerror(s, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
		s->internal->rwstate = SSL_NOTHING;
		return (0);
	}
	return (s->method->internal->ssl_read(s, buf, num));
}

int
SSL_peek(SSL *s, void *buf, int num)
{
	if (s->internal->handshake_func == NULL) {
		SSLerror(s, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
		return (0);
	}
	return (s->method->internal->ssl_peek(s, buf, num));
}

int
SSL_write(SSL *s, const void *buf, int num)
{
	if (s->internal->handshake_func == NULL) {
		SSLerror(s, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
		s->internal->rwstate = SSL_NOTHING;
		SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
		return (-1);
	}
	return (s->method->internal->ssl_write(s, buf, num));
}

int
SSL_shutdown(SSL *s)
{
	/*
	 * Note that this function behaves differently from what one might
	 * expect.  Return values are 0 for no success (yet),
	 * 1 for success; but calling it once is usually not enough,
	 * even if blocking I/O is used (see ssl3_shutdown).
	 */

	if (s->internal->handshake_func == NULL) {
		SSLerror(s, SSL_R_UNINITIALIZED);
		return (-1);
	}

	if ((s != NULL) && !SSL_in_init(s))
		return (s->method->internal->ssl_shutdown(s));
	else
		return (1);
}

int
SSL_renegotiate(SSL *s)
{
	if (s->internal->renegotiate == 0)
		s->internal->renegotiate = 1;

	s->internal->new_session = 1;

	return (s->method->internal->ssl_renegotiate(s));
}

int
SSL_renegotiate_abbreviated(SSL *s)
{
	if (s->internal->renegotiate == 0)
		s->internal->renegotiate = 1;

	s->internal->new_session = 0;

	return (s->method->internal->ssl_renegotiate(s));
}

int
SSL_renegotiate_pending(SSL *s)
{
	/*
	 * Becomes true when negotiation is requested;
	 * false again once a handshake has finished.
	 */
	return (s->internal->renegotiate != 0);
}

long
SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
{
	long	l;

	switch (cmd) {
	case SSL_CTRL_GET_READ_AHEAD:
		return (s->internal->read_ahead);
	case SSL_CTRL_SET_READ_AHEAD:
		l = s->internal->read_ahead;
		s->internal->read_ahead = larg;
		return (l);

	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
		s->internal->msg_callback_arg = parg;
		return (1);

	case SSL_CTRL_OPTIONS:
		return (s->internal->options|=larg);
	case SSL_CTRL_CLEAR_OPTIONS:
		return (s->internal->options&=~larg);
	case SSL_CTRL_MODE:
		return (s->internal->mode|=larg);
	case SSL_CTRL_CLEAR_MODE:
		return (s->internal->mode &=~larg);
	case SSL_CTRL_GET_MAX_CERT_LIST:
		return (s->internal->max_cert_list);
	case SSL_CTRL_SET_MAX_CERT_LIST:
		l = s->internal->max_cert_list;
		s->internal->max_cert_list = larg;
		return (l);
	case SSL_CTRL_SET_MTU:
#ifndef OPENSSL_NO_DTLS1
		if (larg < (long)dtls1_min_mtu())
			return (0);
#endif
		if (SSL_IS_DTLS(s)) {
			D1I(s)->mtu = larg;
			return (larg);
		}
		return (0);
	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
			return (0);
		s->max_send_fragment = larg;
		return (1);
	case SSL_CTRL_GET_RI_SUPPORT:
		if (s->s3)
			return (S3I(s)->send_connection_binding);
		else return (0);
	default:
		if (SSL_IS_DTLS(s))
			return dtls1_ctrl(s, cmd, larg, parg);
		return ssl3_ctrl(s, cmd, larg, parg);
	}
}

long
SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
	switch (cmd) {
	case SSL_CTRL_SET_MSG_CALLBACK:
		s->internal->msg_callback = (void (*)(int write_p, int version,
		    int content_type, const void *buf, size_t len,
		    SSL *ssl, void *arg))(fp);
		return (1);

	default:
		return (ssl3_callback_ctrl(s, cmd, fp));
	}
}

struct lhash_st_SSL_SESSION *
SSL_CTX_sessions(SSL_CTX *ctx)
{
	return (ctx->internal->sessions);
}

long
SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
	long	l;

	switch (cmd) {
	case SSL_CTRL_GET_READ_AHEAD:
		return (ctx->internal->read_ahead);
	case SSL_CTRL_SET_READ_AHEAD:
		l = ctx->internal->read_ahead;
		ctx->internal->read_ahead = larg;
		return (l);

	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
		ctx->internal->msg_callback_arg = parg;
		return (1);

	case SSL_CTRL_GET_MAX_CERT_LIST:
		return (ctx->internal->max_cert_list);
	case SSL_CTRL_SET_MAX_CERT_LIST:
		l = ctx->internal->max_cert_list;
		ctx->internal->max_cert_list = larg;
		return (l);

	case SSL_CTRL_SET_SESS_CACHE_SIZE:
		l = ctx->internal->session_cache_size;
		ctx->internal->session_cache_size = larg;
		return (l);
	case SSL_CTRL_GET_SESS_CACHE_SIZE:
		return (ctx->internal->session_cache_size);
	case SSL_CTRL_SET_SESS_CACHE_MODE:
		l = ctx->internal->session_cache_mode;
		ctx->internal->session_cache_mode = larg;
		return (l);
	case SSL_CTRL_GET_SESS_CACHE_MODE:
		return (ctx->internal->session_cache_mode);

	case SSL_CTRL_SESS_NUMBER:
		return (lh_SSL_SESSION_num_items(ctx->internal->sessions));
	case SSL_CTRL_SESS_CONNECT:
		return (ctx->internal->stats.sess_connect);
	case SSL_CTRL_SESS_CONNECT_GOOD:
		return (ctx->internal->stats.sess_connect_good);
	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
		return (ctx->internal->stats.sess_connect_renegotiate);
	case SSL_CTRL_SESS_ACCEPT:
		return (ctx->internal->stats.sess_accept);
	case SSL_CTRL_SESS_ACCEPT_GOOD:
		return (ctx->internal->stats.sess_accept_good);
	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
		return (ctx->internal->stats.sess_accept_renegotiate);
	case SSL_CTRL_SESS_HIT:
		return (ctx->internal->stats.sess_hit);
	case SSL_CTRL_SESS_CB_HIT:
		return (ctx->internal->stats.sess_cb_hit);
	case SSL_CTRL_SESS_MISSES:
		return (ctx->internal->stats.sess_miss);
	case SSL_CTRL_SESS_TIMEOUTS:
		return (ctx->internal->stats.sess_timeout);
	case SSL_CTRL_SESS_CACHE_FULL:
		return (ctx->internal->stats.sess_cache_full);
	case SSL_CTRL_OPTIONS:
		return (ctx->internal->options|=larg);
	case SSL_CTRL_CLEAR_OPTIONS:
		return (ctx->internal->options&=~larg);
	case SSL_CTRL_MODE:
		return (ctx->internal->mode|=larg);
	case SSL_CTRL_CLEAR_MODE:
		return (ctx->internal->mode&=~larg);
	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
			return (0);
		ctx->internal->max_send_fragment = larg;
		return (1);
	default:
		return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
	}
}

long
SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
	switch (cmd) {
	case SSL_CTRL_SET_MSG_CALLBACK:
		ctx->internal->msg_callback = (void (*)(int write_p, int version,
		    int content_type, const void *buf, size_t len, SSL *ssl,
		    void *arg))(fp);
		return (1);

	default:
		return (ssl3_ctx_callback_ctrl(ctx, cmd, fp));
	}
}

int
ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
	long	l;
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
 * Return a STACK of the ciphers available for the SSL and in order of
 * algorithm id.
 */
STACK_OF(SSL_CIPHER) *
ssl_get_ciphers_by_id(SSL *s)
{
	if (s != NULL) {
		if (s->cipher_list_by_id != NULL) {
			return (s->cipher_list_by_id);
		} else if ((s->ctx != NULL) &&
		    (s->ctx->cipher_list_by_id != NULL)) {
			return (s->ctx->cipher_list_by_id);
		}
	}
	return (NULL);
}

/* The old interface to get the same thing as SSL_get_ciphers(). */
const char *







|
|

|
|







1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
 * Return a STACK of the ciphers available for the SSL and in order of
 * algorithm id.
 */
STACK_OF(SSL_CIPHER) *
ssl_get_ciphers_by_id(SSL *s)
{
	if (s != NULL) {
		if (s->internal->cipher_list_by_id != NULL) {
			return (s->internal->cipher_list_by_id);
		} else if ((s->ctx != NULL) &&
		    (s->ctx->internal->cipher_list_by_id != NULL)) {
			return (s->ctx->internal->cipher_list_by_id);
		}
	}
	return (NULL);
}

/* The old interface to get the same thing as SSL_get_ciphers(). */
const char *
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
/* Specify the ciphers to be used by default by the SSL_CTX. */
int
SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
{
	STACK_OF(SSL_CIPHER)	*sk;

	sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
	    &ctx->cipher_list_by_id, str);
	/*
	 * ssl_create_cipher_list may return an empty stack if it
	 * was unable to find a cipher matching the given rule string
	 * (for example if the rule string specifies a cipher which
	 * has been disabled). This is not an error as far as
	 * ssl_create_cipher_list is concerned, and hence
	 * ctx->cipher_list and ctx->cipher_list_by_id has been
	 * updated.
	 */
	if (sk == NULL)
		return (0);
	else if (sk_SSL_CIPHER_num(sk) == 0) {
		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
		return (0);
	}
	return (1);
}

/* Specify the ciphers to be used by the SSL. */
int
SSL_set_cipher_list(SSL *s, const char *str)
{
	STACK_OF(SSL_CIPHER)	*sk;

	sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
	&s->cipher_list_by_id, str);
	/* see comment in SSL_CTX_set_cipher_list */
	if (sk == NULL)
		return (0);
	else if (sk_SSL_CIPHER_num(sk) == 0) {
		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
		return (0);
	}
	return (1);
}

/* works well for SSLv2, not so good for SSLv3 */
char *







|






|





|












|




|







1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
/* Specify the ciphers to be used by default by the SSL_CTX. */
int
SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
{
	STACK_OF(SSL_CIPHER)	*sk;

	sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
	    &ctx->internal->cipher_list_by_id, str);
	/*
	 * ssl_create_cipher_list may return an empty stack if it
	 * was unable to find a cipher matching the given rule string
	 * (for example if the rule string specifies a cipher which
	 * has been disabled). This is not an error as far as
	 * ssl_create_cipher_list is concerned, and hence
	 * ctx->cipher_list and ctx->internal->cipher_list_by_id has been
	 * updated.
	 */
	if (sk == NULL)
		return (0);
	else if (sk_SSL_CIPHER_num(sk) == 0) {
		SSLerrorx(SSL_R_NO_CIPHER_MATCH);
		return (0);
	}
	return (1);
}

/* Specify the ciphers to be used by the SSL. */
int
SSL_set_cipher_list(SSL *s, const char *str)
{
	STACK_OF(SSL_CIPHER)	*sk;

	sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
	&s->internal->cipher_list_by_id, str);
	/* see comment in SSL_CTX_set_cipher_list */
	if (sk == NULL)
		return (0);
	else if (sk_SSL_CIPHER_num(sk) == 0) {
		SSLerror(s, SSL_R_NO_CIPHER_MATCH);
		return (0);
	}
	return (1);
}

/* works well for SSLv2, not so good for SSLv3 */
char *
1359
1360
1361
1362
1363
1364
1365
1366

1367
1368
1369



1370

1371
1372
1373
1374


1375
1376
1377
1378
1379
1380
1381
1382
1383
1384

1385

1386
1387
1388
1389



1390


1391

1392


1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
	/* remove trailing colon */
	if ((end = strrchr(buf, ':')) != NULL)
		*end = '\0';
	return (buf);
}

int
ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)

{
	int		 i;
	SSL_CIPHER	*c;



	unsigned char	*q;


	if (sk == NULL)
		return (0);
	q = p;



	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		c = sk_SSL_CIPHER_value(sk, i);

		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
		if ((c->algorithm_ssl & SSL_TLSV1_2) &&
		    (TLS1_get_client_version(s) < TLS1_2_VERSION))
			continue;

		s2n(ssl3_cipher_get_value(c), p);

	}


	/*
	 * If p == q, no ciphers and caller indicates an error. Otherwise
	 * add SCSV if not renegotiating.



	 */


	if (p != q && !s->renegotiate)

		s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);



	return (p - q);
}

STACK_OF(SSL_CIPHER) *
ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
{
	CBS			 cbs;
	const SSL_CIPHER	*c;
	STACK_OF(SSL_CIPHER)	*sk = NULL;
	unsigned long		 cipher_id;
	uint16_t		 cipher_value, max_version;

	if (s->s3)
		s->s3->send_connection_binding = 0;

	/*
	 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
	 */
	if (num < 2 || num > 0x10000 - 2) {
		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
		return (NULL);
	}

	if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	CBS_init(&cbs, p, num);
	while (CBS_len(&cbs) > 0) {
		if (!CBS_get_u16(&cbs, &cipher_value)) {
			SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
			    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
			goto err;
		}

		cipher_id = SSL3_CK_ID | cipher_value;

		if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
			/*
			 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
			 * renegotiating.
			 */
			if (s->renegotiate) {
				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
				    SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
				ssl3_send_alert(s, SSL3_AL_FATAL,
				    SSL_AD_HANDSHAKE_FAILURE);

				goto err;
			}
			s->s3->send_connection_binding = 1;
			continue;
		}

		if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
			/*
			 * TLS_FALLBACK_SCSV indicates that the client
			 * previously tried a higher protocol version.
			 * Fail if the current version is an unexpected
			 * downgrade.
			 */
			max_version = ssl_max_server_version(s);
			if (max_version == 0 || s->version < max_version) {
				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
				    SSL_R_INAPPROPRIATE_FALLBACK);
				if (s->s3 != NULL)
					ssl3_send_alert(s, SSL3_AL_FATAL,
					    SSL_AD_INAPPROPRIATE_FALLBACK);
				goto err;
			}
			continue;
		}

		if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
			if (!sk_SSL_CIPHER_push(sk, c)) {
				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
				    ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
	}

	return (sk);








|
>

<
|
>
>
>
|
>



|
>
>


|


|



|
>
|
>
|
|
|
|
>
>
>
|
>
>
|
>
|
>
>

|












|





<
|




|






<
|










|
<
|





|












<
|










<
|







1352
1353
1354
1355
1356
1357
1358
1359
1360
1361

1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421

1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433

1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445

1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464

1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475

1476
1477
1478
1479
1480
1481
1482
1483
	/* remove trailing colon */
	if ((end = strrchr(buf, ':')) != NULL)
		*end = '\0';
	return (buf);
}

int
ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
    size_t maxlen, size_t *outlen)
{

	SSL_CIPHER *cipher;
	int ciphers = 0;
	CBB cbb;
	int i;

	*outlen = 0;

	if (sk == NULL)
		return (0);

	if (!CBB_init_fixed(&cbb, p, maxlen))
		goto err;

	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		cipher = sk_SSL_CIPHER_value(sk, i);

		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
		if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
		    (TLS1_get_client_version(s) < TLS1_2_VERSION))
			continue;

		if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher)))
			goto err;

		ciphers++;
	}

	/* Add SCSV if there are other ciphers and we're not renegotiating. */
	if (ciphers > 0 && !s->internal->renegotiate) {
		if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
			goto err;
	}

	if (!CBB_finish(&cbb, NULL, outlen))
		goto err;

	return 1;

 err:
	CBB_cleanup(&cbb);

	return 0;
}

STACK_OF(SSL_CIPHER) *
ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
{
	CBS			 cbs;
	const SSL_CIPHER	*c;
	STACK_OF(SSL_CIPHER)	*sk = NULL;
	unsigned long		 cipher_id;
	uint16_t		 cipher_value, max_version;

	if (s->s3)
		S3I(s)->send_connection_binding = 0;

	/*
	 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
	 */
	if (num < 2 || num > 0x10000 - 2) {

		SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
		return (NULL);
	}

	if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	CBS_init(&cbs, p, num);
	while (CBS_len(&cbs) > 0) {
		if (!CBS_get_u16(&cbs, &cipher_value)) {

			SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
			goto err;
		}

		cipher_id = SSL3_CK_ID | cipher_value;

		if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
			/*
			 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
			 * renegotiating.
			 */
			if (s->internal->renegotiate) {

				SSLerror(s, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
				ssl3_send_alert(s, SSL3_AL_FATAL,
				    SSL_AD_HANDSHAKE_FAILURE);

				goto err;
			}
			S3I(s)->send_connection_binding = 1;
			continue;
		}

		if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
			/*
			 * TLS_FALLBACK_SCSV indicates that the client
			 * previously tried a higher protocol version.
			 * Fail if the current version is an unexpected
			 * downgrade.
			 */
			max_version = ssl_max_server_version(s);
			if (max_version == 0 || s->version < max_version) {

				SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
				if (s->s3 != NULL)
					ssl3_send_alert(s, SSL3_AL_FATAL,
					    SSL_AD_INAPPROPRIATE_FALLBACK);
				goto err;
			}
			continue;
		}

		if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
			if (!sk_SSL_CIPHER_push(sk, c)) {

				SSLerror(s, ERR_R_MALLOC_FAILURE);
				goto err;
			}
		}
	}

	return (sk);

1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
 * from this function need not be a member of the list of supported protocols
 * provided by the callback.
 */
void
SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
    unsigned *len)
{
	*data = s->next_proto_negotiated;
	if (!*data) {
		*len = 0;
	} else {
		*len = s->next_proto_negotiated_len;
	}
}

/*
 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
 * TLS server needs a list of supported protocols for Next Protocol
 * Negotiation. The returned list must be in wire format.  The list is returned
 * by setting |out| to point to it and |outlen| to its length. This memory will
 * not be modified, but one should assume that the SSL* keeps a reference to
 * it.
 *
 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
 * Otherwise, no such extension will be included in the ServerHello.
 */
void
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
    const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
{
	ctx->next_protos_advertised_cb = cb;
	ctx->next_protos_advertised_cb_arg = arg;
}

/*
 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
 * client needs to select a protocol from the server's provided list. |out|
 * must be set to point to the selected protocol (which may be within |in|).
 * The length of the protocol name must be written into |outlen|. The server's
 * advertised protocols are provided in |in| and |inlen|. The callback can
 * assume that |in| is syntactically valid.
 *
 * The client must select a protocol. It is fatal to the connection if this
 * callback returns a value other than SSL_TLSEXT_ERR_OK.
 */
void
SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
    unsigned char **out, unsigned char *outlen, const unsigned char *in,
    unsigned int inlen, void *arg), void *arg)
{
	ctx->next_proto_select_cb = cb;
	ctx->next_proto_select_cb_arg = arg;
}

/*
 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
 * protocols, which must be in wire-format (i.e. a series of non-empty,
 * 8-bit length-prefixed strings). Returns 0 on success.
 */
int
SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
    unsigned int protos_len)
{
	free(ctx->alpn_client_proto_list);
	if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
		return (1);
	memcpy(ctx->alpn_client_proto_list, protos, protos_len);
	ctx->alpn_client_proto_list_len = protos_len;

	return (0);
}

/*
 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
 * protocols, which must be in wire-format (i.e. a series of non-empty,
 * 8-bit length-prefixed strings). Returns 0 on success.
 */
int
SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
    unsigned int protos_len)
{
	free(ssl->alpn_client_proto_list);
	if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
		return (1);
	memcpy(ssl->alpn_client_proto_list, protos, protos_len);
	ssl->alpn_client_proto_list_len = protos_len;

	return (0);
}

/*
 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
 * ClientHello processing in order to select an ALPN protocol from the
 * client's list of offered protocols.
 */
void
SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
    int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, void *arg), void *arg)
{
	ctx->alpn_select_cb = cb;
	ctx->alpn_select_cb_arg = arg;
}

/*
 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
 * it sets data to point to len bytes of protocol name (not including the
 * leading length-prefix byte). If the server didn't respond with* a negotiated
 * protocol then len will be zero.
 */
void
SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
    unsigned *len)
{
	*data = NULL;
	*len = 0;

	if (ssl->s3 != NULL) {
		*data = ssl->s3->alpn_selected;
		*len = ssl->s3->alpn_selected_len;
	}
}

int
SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *p, size_t plen,
    int use_context)
{
	return (s->method->ssl3_enc->export_keying_material(s, out, olen,
	    label, llen, p, plen, use_context));
}

static unsigned long
ssl_session_hash(const SSL_SESSION *a)
{
	unsigned long	l;







|



|


















|
|


















|
|











|
|

|
|













|
|

|
|














|
|
















|
|








|







1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
 * from this function need not be a member of the list of supported protocols
 * provided by the callback.
 */
void
SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
    unsigned *len)
{
	*data = s->internal->next_proto_negotiated;
	if (!*data) {
		*len = 0;
	} else {
		*len = s->internal->next_proto_negotiated_len;
	}
}

/*
 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
 * TLS server needs a list of supported protocols for Next Protocol
 * Negotiation. The returned list must be in wire format.  The list is returned
 * by setting |out| to point to it and |outlen| to its length. This memory will
 * not be modified, but one should assume that the SSL* keeps a reference to
 * it.
 *
 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
 * Otherwise, no such extension will be included in the ServerHello.
 */
void
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
    const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
{
	ctx->internal->next_protos_advertised_cb = cb;
	ctx->internal->next_protos_advertised_cb_arg = arg;
}

/*
 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
 * client needs to select a protocol from the server's provided list. |out|
 * must be set to point to the selected protocol (which may be within |in|).
 * The length of the protocol name must be written into |outlen|. The server's
 * advertised protocols are provided in |in| and |inlen|. The callback can
 * assume that |in| is syntactically valid.
 *
 * The client must select a protocol. It is fatal to the connection if this
 * callback returns a value other than SSL_TLSEXT_ERR_OK.
 */
void
SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
    unsigned char **out, unsigned char *outlen, const unsigned char *in,
    unsigned int inlen, void *arg), void *arg)
{
	ctx->internal->next_proto_select_cb = cb;
	ctx->internal->next_proto_select_cb_arg = arg;
}

/*
 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
 * protocols, which must be in wire-format (i.e. a series of non-empty,
 * 8-bit length-prefixed strings). Returns 0 on success.
 */
int
SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
    unsigned int protos_len)
{
	free(ctx->internal->alpn_client_proto_list);
	if ((ctx->internal->alpn_client_proto_list = malloc(protos_len)) == NULL)
		return (1);
	memcpy(ctx->internal->alpn_client_proto_list, protos, protos_len);
	ctx->internal->alpn_client_proto_list_len = protos_len;

	return (0);
}

/*
 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
 * protocols, which must be in wire-format (i.e. a series of non-empty,
 * 8-bit length-prefixed strings). Returns 0 on success.
 */
int
SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
    unsigned int protos_len)
{
	free(ssl->internal->alpn_client_proto_list);
	if ((ssl->internal->alpn_client_proto_list = malloc(protos_len)) == NULL)
		return (1);
	memcpy(ssl->internal->alpn_client_proto_list, protos, protos_len);
	ssl->internal->alpn_client_proto_list_len = protos_len;

	return (0);
}

/*
 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
 * ClientHello processing in order to select an ALPN protocol from the
 * client's list of offered protocols.
 */
void
SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
    int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, void *arg), void *arg)
{
	ctx->internal->alpn_select_cb = cb;
	ctx->internal->alpn_select_cb_arg = arg;
}

/*
 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
 * it sets data to point to len bytes of protocol name (not including the
 * leading length-prefix byte). If the server didn't respond with* a negotiated
 * protocol then len will be zero.
 */
void
SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
    unsigned *len)
{
	*data = NULL;
	*len = 0;

	if (ssl->s3 != NULL) {
		*data = ssl->s3->internal->alpn_selected;
		*len = ssl->s3->internal->alpn_selected_len;
	}
}

int
SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *p, size_t plen,
    int use_context)
{
	return (tls1_export_keying_material(s, out, olen,
	    label, llen, p, plen, use_context));
}

static unsigned long
ssl_session_hash(const SSL_SESSION *a)
{
	unsigned long	l;
1752
1753
1754
1755
1756
1757
1758
1759



1760



1761




1762


1763
1764
1765
1766
1767
1768
1769
1770










1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783


1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876

1877
1878
1879
1880
1881
1882
1883
1884
1885

/*
 * These wrapper functions should remain rather than redeclaring
 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
 * variable. The reason is that the functions aren't static, they're exposed via
 * ssl.h.
 */
static



IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)



static




IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)



SSL_CTX *
SSL_CTX_new(const SSL_METHOD *meth)
{
	SSL_CTX	*ret = NULL;

	if (meth == NULL) {
		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);










		return (NULL);
	}

	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
		SSLerr(SSL_F_SSL_CTX_NEW,
		    SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
		goto err;
	}
	ret = calloc(1, sizeof(SSL_CTX));
	if (ret == NULL)
		goto err;

	ret->method = meth;



	ret->cert_store = NULL;
	ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
	ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
	ret->session_cache_head = NULL;
	ret->session_cache_tail = NULL;

	/* We take the system default */
	ret->session_timeout = meth->get_timeout();

	ret->new_session_cb = 0;
	ret->remove_session_cb = 0;
	ret->get_session_cb = 0;
	ret->generate_session_id = 0;

	memset((char *)&ret->stats, 0, sizeof(ret->stats));

	ret->references = 1;
	ret->quiet_shutdown = 0;

	ret->info_callback = NULL;

	ret->app_verify_callback = 0;
	ret->app_verify_arg = NULL;

	ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
	ret->read_ahead = 0;
	ret->msg_callback = 0;
	ret->msg_callback_arg = NULL;
	ret->verify_mode = SSL_VERIFY_NONE;
	ret->sid_ctx_length = 0;
	ret->default_verify_callback = NULL;
	if ((ret->cert = ssl_cert_new()) == NULL)
		goto err;

	ret->default_passwd_callback = 0;
	ret->default_passwd_callback_userdata = NULL;
	ret->client_cert_cb = 0;
	ret->app_gen_cookie_cb = 0;
	ret->app_verify_cookie_cb = 0;

	ret->sessions = lh_SSL_SESSION_new();
	if (ret->sessions == NULL)
		goto err;
	ret->cert_store = X509_STORE_new();
	if (ret->cert_store == NULL)
		goto err;

	ssl_create_cipher_list(ret->method, &ret->cipher_list,
	    &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
	if (ret->cipher_list == NULL ||
	    sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
		goto err2;
	}

	ret->param = X509_VERIFY_PARAM_new();
	if (!ret->param)
		goto err;

	if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
		SSLerr(SSL_F_SSL_CTX_NEW,
		    SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
		goto err2;
	}
	if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
		SSLerr(SSL_F_SSL_CTX_NEW,
		    SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
		goto err2;
	}

	if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
		goto err;

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);

	ret->extra_certs = NULL;

	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;

	ret->tlsext_servername_callback = 0;
	ret->tlsext_servername_arg = NULL;

	/* Setup RFC4507 ticket keys */
	arc4random_buf(ret->tlsext_tick_key_name, 16);
	arc4random_buf(ret->tlsext_tick_hmac_key, 16);
	arc4random_buf(ret->tlsext_tick_aes_key, 16);

	ret->tlsext_status_cb = 0;
	ret->tlsext_status_arg = NULL;

	ret->next_protos_advertised_cb = 0;
	ret->next_proto_select_cb = 0;

#ifndef OPENSSL_NO_ENGINE
	ret->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
#define eng_strx(x)	#x
#define eng_str(x)	eng_strx(x)
	/* Use specific client engine automatically... ignore errors */
	{
		ENGINE *eng;
		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));







|
>
>
>
|
>
>
>
|
>
>
>
>
|
>
>




|


|
>
>
>
>
>
>
>
>
>
>




<
|


<
<
<


>
>


|
|
|
|


|

|
|
|
|

|


|

|

|
|

|
|
|
|


|
|




|
|
|

|
|






|


|







<
<
<
<
<
<
<
<
<
<
<
|


|



|

|
|


|
|
|

|
|

|
|
>

|







1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800

1801
1802
1803



1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867











1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899

/*
 * These wrapper functions should remain rather than redeclaring
 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
 * variable. The reason is that the functions aren't static, they're exposed via
 * ssl.h.
 */
static unsigned long
ssl_session_LHASH_HASH(const void *arg)
{
	const SSL_SESSION *a = arg;

	return ssl_session_hash(a);
}

static int
ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
{
	const SSL_SESSION *a = arg1;
	const SSL_SESSION *b = arg2;

	return ssl_session_cmp(a, b);
}

SSL_CTX *
SSL_CTX_new(const SSL_METHOD *meth)
{
	SSL_CTX	*ret;

	if (meth == NULL) {
		SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
		return (NULL);
	}

	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
		free(ret);
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {

		SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
		goto err;
	}




	ret->method = meth;
	ret->internal->min_version = meth->internal->min_version;
	ret->internal->max_version = meth->internal->max_version;

	ret->cert_store = NULL;
	ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER;
	ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
	ret->internal->session_cache_head = NULL;
	ret->internal->session_cache_tail = NULL;

	/* We take the system default */
	ret->session_timeout = meth->internal->get_timeout();

	ret->internal->new_session_cb = 0;
	ret->internal->remove_session_cb = 0;
	ret->internal->get_session_cb = 0;
	ret->internal->generate_session_id = 0;

	memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats));

	ret->references = 1;
	ret->internal->quiet_shutdown = 0;

	ret->internal->info_callback = NULL;

	ret->internal->app_verify_callback = 0;
	ret->internal->app_verify_arg = NULL;

	ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
	ret->internal->read_ahead = 0;
	ret->internal->msg_callback = 0;
	ret->internal->msg_callback_arg = NULL;
	ret->verify_mode = SSL_VERIFY_NONE;
	ret->sid_ctx_length = 0;
	ret->internal->default_verify_callback = NULL;
	if ((ret->internal->cert = ssl_cert_new()) == NULL)
		goto err;

	ret->default_passwd_callback = 0;
	ret->default_passwd_callback_userdata = NULL;
	ret->internal->client_cert_cb = 0;
	ret->internal->app_gen_cookie_cb = 0;
	ret->internal->app_verify_cookie_cb = 0;

	ret->internal->sessions = lh_SSL_SESSION_new();
	if (ret->internal->sessions == NULL)
		goto err;
	ret->cert_store = X509_STORE_new();
	if (ret->cert_store == NULL)
		goto err;

	ssl_create_cipher_list(ret->method, &ret->cipher_list,
	    &ret->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
	if (ret->cipher_list == NULL ||
	    sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
		SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
		goto err2;
	}

	ret->param = X509_VERIFY_PARAM_new();
	if (!ret->param)
		goto err;












	if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL)
		goto err;

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data);

	ret->extra_certs = NULL;

	ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;

	ret->internal->tlsext_servername_callback = 0;
	ret->internal->tlsext_servername_arg = NULL;

	/* Setup RFC4507 ticket keys */
	arc4random_buf(ret->internal->tlsext_tick_key_name, 16);
	arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16);
	arc4random_buf(ret->internal->tlsext_tick_aes_key, 16);

	ret->internal->tlsext_status_cb = 0;
	ret->internal->tlsext_status_arg = NULL;

	ret->internal->next_protos_advertised_cb = 0;
	ret->internal->next_proto_select_cb = 0;

#ifndef OPENSSL_NO_ENGINE
	ret->internal->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
#define eng_strx(x)	#x
#define eng_str(x)	eng_strx(x)
	/* Use specific client engine automatically... ignore errors */
	{
		ENGINE *eng;
		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965



1966
1967

1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008

2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023

2024
2025
2026
2027
2028
2029
2030
	}
#endif
#endif
	/*
	 * Default is to connect to non-RI servers. When RI is more widely
	 * deployed might change this.
	 */
	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;

	return (ret);
err:
	SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
err2:
	SSL_CTX_free(ret);
	return (NULL);
}

void
SSL_CTX_free(SSL_CTX *a)
{
	int	i;

	if (a == NULL)
		return;

	i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
	if (i > 0)
		return;

	if (a->param)
		X509_VERIFY_PARAM_free(a->param);

	/*
	 * Free internal session cache. However: the remove_cb() may reference
	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
	 * after the sessions were flushed.
	 * As the ex_data handling routines might also touch the session cache,
	 * the most secure solution seems to be: empty (flush) the cache, then
	 * free ex_data, then finally free the cache.
	 * (See ticket [openssl.org #212].)
	 */
	if (a->sessions != NULL)
		SSL_CTX_flush_sessions(a, 0);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);

	if (a->sessions != NULL)
		lh_SSL_SESSION_free(a->sessions);

	if (a->cert_store != NULL)
		X509_STORE_free(a->cert_store);
	if (a->cipher_list != NULL)
		sk_SSL_CIPHER_free(a->cipher_list);
	if (a->cipher_list_by_id != NULL)
		sk_SSL_CIPHER_free(a->cipher_list_by_id);
	if (a->cert != NULL)
		ssl_cert_free(a->cert);
	if (a->client_CA != NULL)
		sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
	if (a->extra_certs != NULL)
		sk_X509_pop_free(a->extra_certs, X509_free);

#ifndef OPENSSL_NO_SRTP
	if (a->srtp_profiles)
		sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
#endif

#ifndef OPENSSL_NO_ENGINE
	if (a->client_cert_engine)
		ENGINE_finish(a->client_cert_engine);
#endif




	free(a->alpn_client_proto_list);


	free(a);
}

void
SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
{
	ctx->default_passwd_callback = cb;
}

void
SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
{
	ctx->default_passwd_callback_userdata = u;
}

void
SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
    void *), void *arg)
{
	ctx->app_verify_callback = cb;
	ctx->app_verify_arg = arg;
}

void
SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
{
	ctx->verify_mode = mode;
	ctx->default_verify_callback = cb;
}

void
SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
{
	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}

void
ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
	CERT_PKEY	*cpk;
	int		 rsa_enc, rsa_sign, dh_tmp, dsa_sign;

	unsigned long	 mask_k, mask_a;
	int		 have_ecc_cert, ecdh_ok, ecdsa_ok;
	int		 have_ecdh_tmp;
	X509		*x = NULL;
	EVP_PKEY	*ecc_pkey = NULL;
	int		 signature_nid = 0, pk_nid = 0, md_nid = 0;

	if (c == NULL)
		return;

	dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
	    c->dh_tmp_auto != 0);

	have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
	    c->ecdh_tmp_auto != 0);

	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
	cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
	rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
	cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
	dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
/* FIX THIS EAY EAY EAY */







|



|






|



|


|



<
|










|
|

|

<
|

<
|
<
|
|
<
<
|
<
|
<
|


|
|



|
|


>
>
>
|

>
|


















|
|






|











<

>

<
<

|
<









>







1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936

1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952

1953
1954

1955

1956
1957


1958

1959

1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016

2017
2018
2019


2020
2021

2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
	}
#endif
#endif
	/*
	 * Default is to connect to non-RI servers. When RI is more widely
	 * deployed might change this.
	 */
	ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT;

	return (ret);
err:
	SSLerrorx(ERR_R_MALLOC_FAILURE);
err2:
	SSL_CTX_free(ret);
	return (NULL);
}

void
SSL_CTX_free(SSL_CTX *ctx)
{
	int	i;

	if (ctx == NULL)
		return;

	i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX);
	if (i > 0)
		return;


	X509_VERIFY_PARAM_free(ctx->param);

	/*
	 * Free internal session cache. However: the remove_cb() may reference
	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
	 * after the sessions were flushed.
	 * As the ex_data handling routines might also touch the session cache,
	 * the most secure solution seems to be: empty (flush) the cache, then
	 * free ex_data, then finally free the cache.
	 * (See ticket [openssl.org #212].)
	 */
	if (ctx->internal->sessions != NULL)
		SSL_CTX_flush_sessions(ctx, 0);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->internal->ex_data);


	lh_SSL_SESSION_free(ctx->internal->sessions);


	X509_STORE_free(ctx->cert_store);

	sk_SSL_CIPHER_free(ctx->cipher_list);
	sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id);


	ssl_cert_free(ctx->internal->cert);

	sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);

	sk_X509_pop_free(ctx->extra_certs, X509_free);

#ifndef OPENSSL_NO_SRTP
	if (ctx->internal->srtp_profiles)
		sk_SRTP_PROTECTION_PROFILE_free(ctx->internal->srtp_profiles);
#endif

#ifndef OPENSSL_NO_ENGINE
	if (ctx->internal->client_cert_engine)
		ENGINE_finish(ctx->internal->client_cert_engine);
#endif

	free(ctx->internal->tlsext_ecpointformatlist);
	free(ctx->internal->tlsext_supportedgroups);

	free(ctx->internal->alpn_client_proto_list);

	free(ctx->internal);
	free(ctx);
}

void
SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
{
	ctx->default_passwd_callback = cb;
}

void
SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
{
	ctx->default_passwd_callback_userdata = u;
}

void
SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
    void *), void *arg)
{
	ctx->internal->app_verify_callback = cb;
	ctx->internal->app_verify_arg = arg;
}

void
SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
{
	ctx->verify_mode = mode;
	ctx->internal->default_verify_callback = cb;
}

void
SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
{
	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}

void
ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{

	int		 rsa_enc, rsa_sign, dh_tmp, dsa_sign;
	int		 have_ecc_cert, have_ecdh_tmp;
	unsigned long	 mask_k, mask_a;


	X509		*x = NULL;
	CERT_PKEY	*cpk;


	if (c == NULL)
		return;

	dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
	    c->dh_tmp_auto != 0);

	have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
	    c->ecdh_tmp_auto != 0);

	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
	cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
	rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
	cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
	dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
/* FIX THIS EAY EAY EAY */
2054
2055
2056
2057
2058
2059
2060
2061
2062


2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105

2106
2107
2108
2109
2110
2111
2112

2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146

2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
	mask_a|=SSL_aNULL;

	/*
	 * An ECC certificate may be usable for ECDH and/or
	 * ECDSA cipher suites depending on the key usage extension.
	 */
	if (have_ecc_cert) {
		/* This call populates extension flags (ex_flags) */
		x = (c->pkeys[SSL_PKEY_ECC]).x509;


		X509_check_purpose(x, -1, 0);
		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
		(x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
		(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
		ecc_pkey = X509_get_pubkey(x);
		EVP_PKEY_free(ecc_pkey);
		if ((x->sig_alg) && (x->sig_alg->algorithm)) {
			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
		}
		if (ecdh_ok) {
			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
				mask_k|=SSL_kECDHr;
				mask_a|=SSL_aECDH;
			}
			if (pk_nid == NID_X9_62_id_ecPublicKey) {
				mask_k|=SSL_kECDHe;
				mask_a|=SSL_aECDH;
			}
		}
		if (ecdsa_ok)
			mask_a|=SSL_aECDSA;
	}

	if (have_ecdh_tmp) {
		mask_k|=SSL_kECDHE;
	}


	c->mask_k = mask_k;
	c->mask_a = mask_a;
	c->valid = 1;
}

/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
#define ku_reject(x, usage) \
	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))


int
ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{

	unsigned long		 alg_k, alg_a;
	int			 signature_nid = 0, md_nid = 0, pk_nid = 0;
	const SSL_CIPHER	*cs = s->s3->tmp.new_cipher;

	alg_k = cs->algorithm_mkey;
	alg_a = cs->algorithm_auth;


	/* This call populates the ex_flags field correctly */
	X509_check_purpose(x, -1, 0);
	if ((x->sig_alg) && (x->sig_alg->algorithm)) {
		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
	}
	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
		/* key usage, if present, must allow key agreement */
		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
			    SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
			return (0);
		}
		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
		    TLS1_2_VERSION) {
			/* signature alg must be ECDSA */
			if (pk_nid != NID_X9_62_id_ecPublicKey) {
				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
				    SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
				return (0);
			}
		}
		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
		    TLS1_2_VERSION) {
			/* signature alg must be RSA */
			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
				    SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
				return (0);
			}
		}
	}
	if (alg_a & SSL_aECDSA) {
		/* key usage, if present, must allow signing */

		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
			    SSL_R_ECC_CERT_NOT_FOR_SIGNING);
			return (0);
		}
	}

	return (1);
	/* all checks are ok */
}


/* THIS NEEDS CLEANING UP */
CERT_PKEY *
ssl_get_server_send_pkey(const SSL *s)
{
	unsigned long	 alg_k, alg_a;
	CERT		*c;
	int		 i;

	c = s->cert;
	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);

	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	alg_a = s->s3->tmp.new_cipher->algorithm_auth;

	if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
		/*
		 * We don't need to look at SSL_kECDHE
		 * since no certificate is needed for
		 * anon ECDH and for authenticated
		 * ECDHE, the check for the auth
		 * algorithm will set i correctly
		 * NOTE: For ECDH-RSA, we need an ECC
		 * not an RSA cert but for EECDH-RSA
		 * we need an RSA cert. Placing the
		 * checks for SSL_kECDH before RSA
		 * checks ensures the correct cert is chosen.
		 */
		i = SSL_PKEY_ECC;
	} else if (alg_a & SSL_aECDSA) {
		i = SSL_PKEY_ECC;
	} else if (alg_a & SSL_aDSS) {
		i = SSL_PKEY_DSA_SIGN;
	} else if (alg_a & SSL_aRSA) {
		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
			i = SSL_PKEY_RSA_SIGN;
		else
			i = SSL_PKEY_RSA_ENC;
	} else if (alg_a & SSL_aGOST01) {
		i = SSL_PKEY_GOST01;
	} else { /* if (alg_a & SSL_aNULL) */
		SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
		return (NULL);
	}

	return (c->pkeys + i);
}

X509 *







<

>
>

|
|
|
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<



|

<
<





<
<
<
<
<




>
|
<
<

<


>
|
|
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
>
|
<
|





<


<
<



|




|

<
|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
|











|







2062
2063
2064
2065
2066
2067
2068

2069
2070
2071
2072
2073
2074
2075
2076

















2077
2078
2079
2080
2081


2082
2083
2084
2085
2086





2087
2088
2089
2090
2091
2092


2093

2094
2095
2096
2097
2098



2099



























2100
2101
2102

2103
2104
2105
2106
2107
2108

2109
2110


2111
2112
2113
2114
2115
2116
2117
2118
2119
2120

2121
2122














2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
	mask_a|=SSL_aNULL;

	/*
	 * An ECC certificate may be usable for ECDH and/or
	 * ECDSA cipher suites depending on the key usage extension.
	 */
	if (have_ecc_cert) {

		x = (c->pkeys[SSL_PKEY_ECC]).x509;

		/* This call populates extension flags (ex_flags). */
		X509_check_purpose(x, -1, 0);

		/* Key usage, if present, must allow signing. */
		if ((x->ex_flags & EXFLAG_KUSAGE) == 0 ||
		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE))

















			mask_a|=SSL_aECDSA;
	}

	if (have_ecdh_tmp)
		mask_k|=SSL_kECDHE;



	c->mask_k = mask_k;
	c->mask_a = mask_a;
	c->valid = 1;
}






int
ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
	const SSL_CIPHER	*cs = S3I(s)->tmp.new_cipher;
	unsigned long		 alg_a;




	alg_a = cs->algorithm_auth;

	if (alg_a & SSL_aECDSA) {
		/* This call populates extension flags (ex_flags). */
		X509_check_purpose(x, -1, 0);































		/* Key usage, if present, must allow signing. */
		if ((x->ex_flags & EXFLAG_KUSAGE) &&
		    ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {

			SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
			return (0);
		}
	}

	return (1);

}



CERT_PKEY *
ssl_get_server_send_pkey(const SSL *s)
{
	unsigned long	 alg_a;
	CERT		*c;
	int		 i;

	c = s->cert;
	ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher);


	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;















	if (alg_a & SSL_aECDSA) {
		i = SSL_PKEY_ECC;
	} else if (alg_a & SSL_aDSS) {
		i = SSL_PKEY_DSA_SIGN;
	} else if (alg_a & SSL_aRSA) {
		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
			i = SSL_PKEY_RSA_SIGN;
		else
			i = SSL_PKEY_RSA_ENC;
	} else if (alg_a & SSL_aGOST01) {
		i = SSL_PKEY_GOST01;
	} else { /* if (alg_a & SSL_aNULL) */
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return (NULL);
	}

	return (c->pkeys + i);
}

X509 *
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
			idx = SSL_PKEY_RSA_SIGN;
		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
			idx = SSL_PKEY_RSA_ENC;
	} else if ((alg_a & SSL_aECDSA) &&
	    (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
		idx = SSL_PKEY_ECC;
	if (idx == -1) {
		SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
		return (NULL);
	}
	if (pmd)
		*pmd = c->pkeys[idx].digest;
	return (c->pkeys[idx].privatekey);
}

DH *
ssl_get_auto_dh(SSL *s)
{
	CERT_PKEY *cpk;
	int keylen;
	DH *dhp;

	if (s->cert->dh_tmp_auto == 2) {
		keylen = 1024;
	} else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
		keylen = 1024;
		if (s->s3->tmp.new_cipher->strength_bits == 256)
			keylen = 3072;
	} else {
		if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
			return (NULL);
		if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
			return (NULL);
		keylen = EVP_PKEY_bits(cpk->privatekey);







|
















|

|







2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
			idx = SSL_PKEY_RSA_SIGN;
		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
			idx = SSL_PKEY_RSA_ENC;
	} else if ((alg_a & SSL_aECDSA) &&
	    (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
		idx = SSL_PKEY_ECC;
	if (idx == -1) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return (NULL);
	}
	if (pmd)
		*pmd = c->pkeys[idx].digest;
	return (c->pkeys[idx].privatekey);
}

DH *
ssl_get_auto_dh(SSL *s)
{
	CERT_PKEY *cpk;
	int keylen;
	DH *dhp;

	if (s->cert->dh_tmp_auto == 2) {
		keylen = 1024;
	} else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
		keylen = 1024;
		if (S3I(s)->tmp.new_cipher->strength_bits == 256)
			keylen = 3072;
	} else {
		if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
			return (NULL);
		if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
			return (NULL);
		keylen = EVP_PKEY_bits(cpk->privatekey);
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
	/*
	 * If the session_id_length is 0, we are not supposed to cache it,
	 * and it would be rather hard to do anyway :-)
	 */
	if (s->session->session_id_length == 0)
		return;

	i = s->session_ctx->session_cache_mode;
	if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
	    || SSL_CTX_add_session(s->session_ctx, s->session))
	    && (s->session_ctx->new_session_cb != NULL)) {
		CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
		if (!s->session_ctx->new_session_cb(s, s->session))
			SSL_SESSION_free(s->session);
	}

	/* auto flush every 255 connections */
	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
	    ((i & mode) == mode)) {
		if ((((mode & SSL_SESS_CACHE_CLIENT) ?
		    s->session_ctx->stats.sess_connect_good :
		    s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
			SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
		}
	}
}

const SSL_METHOD *
SSL_get_ssl_method(SSL *s)
{
	return (s->method);
}

int
SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
{
	int	conn = -1;
	int	ret = 1;

	if (s->method != meth) {
		if (s->handshake_func != NULL)
			conn = (s->handshake_func == s->method->ssl_connect);

		if (s->method->version == meth->version)
			s->method = meth;
		else {
			s->method->ssl_free(s);
			s->method = meth;
			ret = s->method->ssl_new(s);
		}

		if (conn == 1)
			s->handshake_func = meth->ssl_connect;
		else if (conn == 0)
			s->handshake_func = meth->ssl_accept;
	}
	return (ret);
}

int
SSL_get_error(const SSL *s, int i)
{







|
|

|

|







|
|


















|
|

|


|

|



|

|







2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
	/*
	 * If the session_id_length is 0, we are not supposed to cache it,
	 * and it would be rather hard to do anyway :-)
	 */
	if (s->session->session_id_length == 0)
		return;

	i = s->session_ctx->internal->session_cache_mode;
	if ((i & mode) && (!s->internal->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
	    || SSL_CTX_add_session(s->session_ctx, s->session))
	    && (s->session_ctx->internal->new_session_cb != NULL)) {
		CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
		if (!s->session_ctx->internal->new_session_cb(s, s->session))
			SSL_SESSION_free(s->session);
	}

	/* auto flush every 255 connections */
	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
	    ((i & mode) == mode)) {
		if ((((mode & SSL_SESS_CACHE_CLIENT) ?
		    s->session_ctx->internal->stats.sess_connect_good :
		    s->session_ctx->internal->stats.sess_accept_good) & 0xff) == 0xff) {
			SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
		}
	}
}

const SSL_METHOD *
SSL_get_ssl_method(SSL *s)
{
	return (s->method);
}

int
SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
{
	int	conn = -1;
	int	ret = 1;

	if (s->method != meth) {
		if (s->internal->handshake_func != NULL)
			conn = (s->internal->handshake_func == s->method->internal->ssl_connect);

		if (s->method->internal->version == meth->internal->version)
			s->method = meth;
		else {
			s->method->internal->ssl_free(s);
			s->method = meth;
			ret = s->method->internal->ssl_new(s);
		}

		if (conn == 1)
			s->internal->handshake_func = meth->internal->ssl_connect;
		else if (conn == 0)
			s->internal->handshake_func = meth->internal->ssl_accept;
	}
	return (ret);
}

int
SSL_get_error(const SSL *s, int i)
{
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
			return (SSL_ERROR_WANT_READ);
		} else if (BIO_should_write(bio)) {
			/*
			 * This one doesn't make too much sense...  We never
			 * try to write to the rbio, and an application
			 * program where rbio and wbio are separate couldn't
			 * even know what it should wait for.  However if we
			 * ever set s->rwstate incorrectly (so that we have
			 * SSL_want_read(s) instead of SSL_want_write(s))
			 * and rbio and wbio *are* the same, this test works
			 * around that bug; so it might be safer to keep it.
			 */
			return (SSL_ERROR_WANT_WRITE);
		} else if (BIO_should_io_special(bio)) {
			reason = BIO_get_retry_reason(bio);







|







2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
			return (SSL_ERROR_WANT_READ);
		} else if (BIO_should_write(bio)) {
			/*
			 * This one doesn't make too much sense...  We never
			 * try to write to the rbio, and an application
			 * program where rbio and wbio are separate couldn't
			 * even know what it should wait for.  However if we
			 * ever set s->internal->rwstate incorrectly (so that we have
			 * SSL_want_read(s) instead of SSL_want_write(s))
			 * and rbio and wbio *are* the same, this test works
			 * around that bug; so it might be safer to keep it.
			 */
			return (SSL_ERROR_WANT_WRITE);
		} else if (BIO_should_io_special(bio)) {
			reason = BIO_get_retry_reason(bio);
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
		}
	}
	if ((i < 0) && SSL_want_x509_lookup(s)) {
		return (SSL_ERROR_WANT_X509_LOOKUP);
	}

	if (i == 0) {
		if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
		    (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
		return (SSL_ERROR_ZERO_RETURN);
	}
	return (SSL_ERROR_SYSCALL);
}

int
SSL_do_handshake(SSL *s)
{
	int	ret = 1;

	if (s->handshake_func == NULL) {
		SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
		return (-1);
	}

	s->method->ssl_renegotiate_check(s);

	if (SSL_in_init(s) || SSL_in_before(s)) {
		ret = s->handshake_func(s);
	}
	return (ret);
}

/*
 * For the next 2 functions, SSL_clear() sets shutdown and so
 * one of these calls will reset it
 */
void
SSL_set_accept_state(SSL *s)
{
	s->server = 1;
	s->shutdown = 0;
	s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
	s->handshake_func = s->method->ssl_accept;
	/* clear the current cipher */
	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->write_hash);
}

void
SSL_set_connect_state(SSL *s)
{
	s->server = 0;
	s->shutdown = 0;
	s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
	s->handshake_func = s->method->ssl_connect;
	/* clear the current cipher */
	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->write_hash);
}

int
ssl_undefined_function(SSL *s)
{
	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
	    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	return (0);
}

int
ssl_undefined_void_function(void)
{
	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
	    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	return (0);
}

int
ssl_undefined_const_function(const SSL *s)
{
	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
	    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	return (0);
}

const char *
ssl_version_string(int ver)
{
	switch (ver) {







|
|










|
|



|


|












|
|
|



|






|
|
|



|





<
|






<
|






<
|







2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423

2424
2425
2426
2427
2428
2429
2430

2431
2432
2433
2434
2435
2436
2437

2438
2439
2440
2441
2442
2443
2444
2445
		}
	}
	if ((i < 0) && SSL_want_x509_lookup(s)) {
		return (SSL_ERROR_WANT_X509_LOOKUP);
	}

	if (i == 0) {
		if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
		    (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
		return (SSL_ERROR_ZERO_RETURN);
	}
	return (SSL_ERROR_SYSCALL);
}

int
SSL_do_handshake(SSL *s)
{
	int	ret = 1;

	if (s->internal->handshake_func == NULL) {
		SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
		return (-1);
	}

	s->method->internal->ssl_renegotiate_check(s);

	if (SSL_in_init(s) || SSL_in_before(s)) {
		ret = s->internal->handshake_func(s);
	}
	return (ret);
}

/*
 * For the next 2 functions, SSL_clear() sets shutdown and so
 * one of these calls will reset it
 */
void
SSL_set_accept_state(SSL *s)
{
	s->server = 1;
	s->internal->shutdown = 0;
	s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
	s->internal->handshake_func = s->method->internal->ssl_accept;
	/* clear the current cipher */
	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->internal->write_hash);
}

void
SSL_set_connect_state(SSL *s)
{
	s->server = 0;
	s->internal->shutdown = 0;
	s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
	s->internal->handshake_func = s->method->internal->ssl_connect;
	/* clear the current cipher */
	ssl_clear_cipher_ctx(s);
	ssl_clear_hash_ctx(&s->read_hash);
	ssl_clear_hash_ctx(&s->internal->write_hash);
}

int
ssl_undefined_function(SSL *s)
{

	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	return (0);
}

int
ssl_undefined_void_function(void)
{

	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	return (0);
}

int
ssl_undefined_const_function(const SSL *s)
{

	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	return (0);
}

const char *
ssl_version_string(int ver)
{
	switch (ver) {
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678

const char *
SSL_get_version(const SSL *s)
{
	return ssl_version_string(s->version);
}

uint16_t
ssl_max_server_version(SSL *s)
{
	uint16_t max_version;

	/*
	 * The SSL method will be changed during version negotiation, as such
	 * we want to use the SSL method from the context.
	 */
	max_version = s->ctx->method->version;

	if (SSL_IS_DTLS(s))
		return (DTLS1_VERSION);

	if ((s->options & SSL_OP_NO_TLSv1_2) == 0 &&
	    max_version >= TLS1_2_VERSION)
		return (TLS1_2_VERSION);
	if ((s->options & SSL_OP_NO_TLSv1_1) == 0 &&
	    max_version >= TLS1_1_VERSION)
		return (TLS1_1_VERSION);
	if ((s->options & SSL_OP_NO_TLSv1) == 0 &&
	    max_version >= TLS1_VERSION)
		return (TLS1_VERSION);

	return (0);
}

SSL *
SSL_dup(SSL *s)
{
	STACK_OF(X509_NAME) *sk;
	X509_NAME *xn;
	SSL *ret;
	int i;

	if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
		return (NULL);

	ret->version = s->version;
	ret->type = s->type;
	ret->method = s->method;

	if (s->session != NULL) {
		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
		SSL_copy_session_id(ret, s);
	} else {
		/*
		 * No session has been established yet, so we have to expect
		 * that s->cert or ret->cert will be changed later --
		 * they should not both point to the same object,
		 * and thus we can't use SSL_copy_session_id.
		 */

		ret->method->ssl_free(ret);
		ret->method = s->method;
		ret->method->ssl_new(ret);

		if (s->cert != NULL) {
			if (ret->cert != NULL) {
				ssl_cert_free(ret->cert);
			}
			ret->cert = ssl_cert_dup(s->cert);
			if (ret->cert == NULL)
				goto err;
		}

		SSL_set_session_id_context(ret,
		s->sid_ctx, s->sid_ctx_length);
	}

	ret->options = s->options;
	ret->mode = s->mode;
	SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
	SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
	ret->msg_callback = s->msg_callback;
	ret->msg_callback_arg = s->msg_callback_arg;
	SSL_set_verify(ret, SSL_get_verify_mode(s),
	SSL_get_verify_callback(s));
	SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
	ret->generate_session_id = s->generate_session_id;

	SSL_set_info_callback(ret, SSL_get_info_callback(s));

	ret->debug = s->debug;

	/* copy app data, a little dangerous perhaps */
	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
	    &ret->ex_data, &s->ex_data))
		goto err;

	/* setup rbio, and wbio */
	if (s->rbio != NULL) {
		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
			goto err;
	}
	if (s->wbio != NULL) {
		if (s->wbio != s->rbio) {
			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
				goto err;
		} else
			ret->wbio = ret->rbio;
	}
	ret->rwstate = s->rwstate;
	ret->in_handshake = s->in_handshake;
	ret->handshake_func = s->handshake_func;
	ret->server = s->server;
	ret->renegotiate = s->renegotiate;
	ret->new_session = s->new_session;
	ret->quiet_shutdown = s->quiet_shutdown;
	ret->shutdown = s->shutdown;
	/* SSL_dup does not really work at any state, though */
	ret->state=s->state;
	ret->rstate = s->rstate;

	/*
	 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
	 * ret->init_off
	 */
	ret->init_num = 0;

	ret->hit = s->hit;

	X509_VERIFY_PARAM_inherit(ret->param, s->param);

	/* dup the cipher_list and cipher_list_by_id stacks */
	if (s->cipher_list != NULL) {
		if ((ret->cipher_list =
		    sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
			goto err;
	}
	if (s->cipher_list_by_id != NULL) {
		if ((ret->cipher_list_by_id =
		    sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
			goto err;
	}

	/* Dup the client_CA list */
	if (s->client_CA != NULL) {
		if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
			ret->client_CA = sk;
		for (i = 0; i < sk_X509_NAME_num(sk); i++) {
			xn = sk_X509_NAME_value(sk, i);
			if (sk_X509_NAME_set(sk, i,
			    X509_NAME_dup(xn)) == NULL) {
				X509_NAME_free(xn);
				goto err;
			}







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












|













|

|


<
|
<









|
|


|
|



|



|



|














|
|
|

|
|
|
|

|
|





|

|









|
|
|




|
|
|







2458
2459
2460
2461
2462
2463
2464



























2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495

2496

2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582

const char *
SSL_get_version(const SSL *s)
{
	return ssl_version_string(s->version);
}




























SSL *
SSL_dup(SSL *s)
{
	STACK_OF(X509_NAME) *sk;
	X509_NAME *xn;
	SSL *ret;
	int i;

	if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
		return (NULL);

	ret->version = s->version;
	ret->internal->type = s->internal->type;
	ret->method = s->method;

	if (s->session != NULL) {
		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
		SSL_copy_session_id(ret, s);
	} else {
		/*
		 * No session has been established yet, so we have to expect
		 * that s->cert or ret->cert will be changed later --
		 * they should not both point to the same object,
		 * and thus we can't use SSL_copy_session_id.
		 */

		ret->method->internal->ssl_free(ret);
		ret->method = s->method;
		ret->method->internal->ssl_new(ret);

		if (s->cert != NULL) {

			ssl_cert_free(ret->cert);

			ret->cert = ssl_cert_dup(s->cert);
			if (ret->cert == NULL)
				goto err;
		}

		SSL_set_session_id_context(ret,
		s->sid_ctx, s->sid_ctx_length);
	}

	ret->internal->options = s->internal->options;
	ret->internal->mode = s->internal->mode;
	SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
	SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
	ret->internal->msg_callback = s->internal->msg_callback;
	ret->internal->msg_callback_arg = s->internal->msg_callback_arg;
	SSL_set_verify(ret, SSL_get_verify_mode(s),
	SSL_get_verify_callback(s));
	SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
	ret->internal->generate_session_id = s->internal->generate_session_id;

	SSL_set_info_callback(ret, SSL_get_info_callback(s));

	ret->internal->debug = s->internal->debug;

	/* copy app data, a little dangerous perhaps */
	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
	    &ret->internal->ex_data, &s->internal->ex_data))
		goto err;

	/* setup rbio, and wbio */
	if (s->rbio != NULL) {
		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
			goto err;
	}
	if (s->wbio != NULL) {
		if (s->wbio != s->rbio) {
			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
				goto err;
		} else
			ret->wbio = ret->rbio;
	}
	ret->internal->rwstate = s->internal->rwstate;
	ret->internal->in_handshake = s->internal->in_handshake;
	ret->internal->handshake_func = s->internal->handshake_func;
	ret->server = s->server;
	ret->internal->renegotiate = s->internal->renegotiate;
	ret->internal->new_session = s->internal->new_session;
	ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
	ret->internal->shutdown = s->internal->shutdown;
	/* SSL_dup does not really work at any state, though */
	ret->internal->state = s->internal->state;
	ret->internal->rstate = s->internal->rstate;

	/*
	 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
	 * ret->init_off
	 */
	ret->internal->init_num = 0;

	ret->internal->hit = s->internal->hit;

	X509_VERIFY_PARAM_inherit(ret->param, s->param);

	/* dup the cipher_list and cipher_list_by_id stacks */
	if (s->cipher_list != NULL) {
		if ((ret->cipher_list =
		    sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
			goto err;
	}
	if (s->internal->cipher_list_by_id != NULL) {
		if ((ret->internal->cipher_list_by_id =
		    sk_SSL_CIPHER_dup(s->internal->cipher_list_by_id)) == NULL)
			goto err;
	}

	/* Dup the client_CA list */
	if (s->internal->client_CA != NULL) {
		if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err;
			ret->internal->client_CA = sk;
		for (i = 0; i < sk_X509_NAME_num(sk); i++) {
			xn = sk_X509_NAME_value(sk, i);
			if (sk_X509_NAME_set(sk, i,
			    X509_NAME_dup(xn)) == NULL) {
				X509_NAME_free(xn);
				goto err;
			}
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
}

void
ssl_clear_cipher_ctx(SSL *s)
{
	EVP_CIPHER_CTX_free(s->enc_read_ctx);
	s->enc_read_ctx = NULL;
	EVP_CIPHER_CTX_free(s->enc_write_ctx);
	s->enc_write_ctx = NULL;

	if (s->aead_read_ctx != NULL) {
		EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
		free(s->aead_read_ctx);
		s->aead_read_ctx = NULL;
	}
	if (s->aead_write_ctx != NULL) {
		EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
		free(s->aead_write_ctx);
		s->aead_write_ctx = NULL;
	}

}

/* Fix this function so that it takes an optional type parameter */
X509 *
SSL_get_certificate(const SSL *s)







|
|

|
|
|
|

|
|
|
|







2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
}

void
ssl_clear_cipher_ctx(SSL *s)
{
	EVP_CIPHER_CTX_free(s->enc_read_ctx);
	s->enc_read_ctx = NULL;
	EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
	s->internal->enc_write_ctx = NULL;

	if (s->internal->aead_read_ctx != NULL) {
		EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx);
		free(s->internal->aead_read_ctx);
		s->internal->aead_read_ctx = NULL;
	}
	if (s->internal->aead_write_ctx != NULL) {
		EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx);
		free(s->internal->aead_write_ctx);
		s->internal->aead_write_ctx = NULL;
	}

}

/* Fix this function so that it takes an optional type parameter */
X509 *
SSL_get_certificate(const SSL *s)
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
		bbio = s->bbio;
		if (s->bbio == s->wbio)
			s->wbio = BIO_pop(s->wbio);
	}
	(void)BIO_reset(bbio);
/*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
	if (!BIO_set_read_buffer_size(bbio, 1)) {
		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
		return (0);
	}
	if (push) {
		if (s->wbio != bbio)
			s->wbio = BIO_push(bbio, s->wbio);
	} else {
		if (s->wbio == bbio)







|







2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
		bbio = s->bbio;
		if (s->bbio == s->wbio)
			s->wbio = BIO_pop(s->wbio);
	}
	(void)BIO_reset(bbio);
/*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
	if (!BIO_set_read_buffer_size(bbio, 1)) {
		SSLerror(s, ERR_R_BUF_LIB);
		return (0);
	}
	if (push) {
		if (s->wbio != bbio)
			s->wbio = BIO_push(bbio, s->wbio);
	} else {
		if (s->wbio == bbio)
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
	BIO_free(s->bbio);
	s->bbio = NULL;
}

void
SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
{
	ctx->quiet_shutdown = mode;
}

int
SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
{
	return (ctx->quiet_shutdown);
}

void
SSL_set_quiet_shutdown(SSL *s, int mode)
{
	s->quiet_shutdown = mode;
}

int
SSL_get_quiet_shutdown(const SSL *s)
{
	return (s->quiet_shutdown);
}

void
SSL_set_shutdown(SSL *s, int mode)
{
	s->shutdown = mode;
}

int
SSL_get_shutdown(const SSL *s)
{
	return (s->shutdown);
}

int
SSL_version(const SSL *s)
{
	return (s->version);
}







|





|





|





|





|





|







2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
	BIO_free(s->bbio);
	s->bbio = NULL;
}

void
SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
{
	ctx->internal->quiet_shutdown = mode;
}

int
SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
{
	return (ctx->internal->quiet_shutdown);
}

void
SSL_set_quiet_shutdown(SSL *s, int mode)
{
	s->internal->quiet_shutdown = mode;
}

int
SSL_get_quiet_shutdown(const SSL *s)
{
	return (s->internal->quiet_shutdown);
}

void
SSL_set_shutdown(SSL *s, int mode)
{
	s->internal->shutdown = mode;
}

int
SSL_get_shutdown(const SSL *s)
{
	return (s->internal->shutdown);
}

int
SSL_version(const SSL *s)
{
	return (s->version);
}
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
{
	CERT *ocert = ssl->cert;

	if (ssl->ctx == ctx)
		return (ssl->ctx);
	if (ctx == NULL)
		ctx = ssl->initial_ctx;
	ssl->cert = ssl_cert_dup(ctx->cert);
	if (ocert != NULL) {
		int i;
		/* Copy negotiated digests from original certificate. */
		for (i = 0; i < SSL_PKEY_NUM; i++)
			ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
		ssl_cert_free(ocert);
	}







|







2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
{
	CERT *ocert = ssl->cert;

	if (ssl->ctx == ctx)
		return (ssl->ctx);
	if (ctx == NULL)
		ctx = ssl->initial_ctx;
	ssl->cert = ssl_cert_dup(ctx->internal->cert);
	if (ocert != NULL) {
		int i;
		/* Copy negotiated digests from original certificate. */
		for (i = 0; i < SSL_PKEY_NUM; i++)
			ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
		ssl_cert_free(ocert);
	}
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
{
	return (X509_STORE_load_mem(ctx->cert_store, buf, len));
}

void
SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
{
	ssl->info_callback = cb;
}

void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
{
	return (ssl->info_callback);
}

int
SSL_state(const SSL *ssl)
{
	return (ssl->state);
}

void
SSL_set_state(SSL *ssl, int state)
{
	ssl->state = state;
}

void
SSL_set_verify_result(SSL *ssl, long arg)
{
	ssl->verify_result = arg;
}







|




|





|





|







2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
{
	return (X509_STORE_load_mem(ctx->cert_store, buf, len));
}

void
SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
{
	ssl->internal->info_callback = cb;
}

void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
{
	return (ssl->internal->info_callback);
}

int
SSL_state(const SSL *ssl)
{
	return (ssl->internal->state);
}

void
SSL_set_state(SSL *ssl, int state)
{
	ssl->internal->state = state;
}

void
SSL_set_verify_result(SSL *ssl, long arg)
{
	ssl->verify_result = arg;
}
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
	    new_func, dup_func, free_func));
}

int
SSL_set_ex_data(SSL *s, int idx, void *arg)
{
	return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
}

void *
SSL_get_ex_data(const SSL *s, int idx)
{
	return (CRYPTO_get_ex_data(&s->ex_data, idx));
}

int
SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
	    new_func, dup_func, free_func));
}

int
SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
{
	return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
}

void *
SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
{
	return (CRYPTO_get_ex_data(&s->ex_data, idx));
}

int
ssl_ok(SSL *s)
{
	return (1);
}

X509_STORE *
SSL_CTX_get_cert_store(const SSL_CTX *ctx)
{
	return (ctx->cert_store);
}

void
SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
{
	if (ctx->cert_store != NULL)
		X509_STORE_free(ctx->cert_store);
	ctx->cert_store = store;
}

int
SSL_want(const SSL *s)
{
	return (s->rwstate);
}

void
SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
    int keylength))
{
	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);







|





|













|





|

















<
|






|







2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882

2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
	    new_func, dup_func, free_func));
}

int
SSL_set_ex_data(SSL *s, int idx, void *arg)
{
	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
}

void *
SSL_get_ex_data(const SSL *s, int idx)
{
	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
}

int
SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
	    new_func, dup_func, free_func));
}

int
SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
{
	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
}

void *
SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
{
	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
}

int
ssl_ok(SSL *s)
{
	return (1);
}

X509_STORE *
SSL_CTX_get_cert_store(const SSL_CTX *ctx)
{
	return (ctx->cert_store);
}

void
SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
{

	X509_STORE_free(ctx->cert_store);
	ctx->cert_store = store;
}

int
SSL_want(const SSL *s)
{
	return (s->internal->rwstate);
}

void
SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
    int keylength))
{
	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069














		EVP_MD_CTX_destroy(*hash);
	*hash = NULL;
}

void
SSL_set_debug(SSL *s, int debug)
{
	s->debug = debug;
}

int
SSL_cache_hit(SSL *s)
{
	return (s->hit);
}

IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);





















|





|


|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
		EVP_MD_CTX_destroy(*hash);
	*hash = NULL;
}

void
SSL_set_debug(SSL *s, int debug)
{
	s->internal->debug = debug;
}

int
SSL_cache_hit(SSL *s)
{
	return (s->internal->hit);
}


static int
ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
	SSL_CIPHER const *a = a_;
	SSL_CIPHER const *b = b_;
	return ssl_cipher_id_cmp(a, b);
}

SSL_CIPHER *
OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
{
	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
	    ssl_cipher_id_cmp_BSEARCH_CMP_FN);
}
Changes to jni/libressl/ssl/ssl_locl.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_locl.h,v 1.128 2015/09/12 15:08:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_locl.h,v 1.178 2017/03/10 16:03:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242

#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>

#ifndef HAVE_REALLOCARRAY
#include <compat/stdlib.h>
#endif

#include <openssl/opensslconf.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/stack.h>

#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
			 l|=(((unsigned long)(*((c)++)))<< 8), \
			 l|=(((unsigned long)(*((c)++)))<<16), \
			 l|=(((unsigned long)(*((c)++)))<<24))

/* NOTE - c is not incremented as per c2l */
#define c2ln(c,l1,l2,n)	{ \
			c+=n; \
			l1=l2=0; \
			switch (n) { \
			case 8: l2 =((unsigned long)(*(--(c))))<<24; \
			case 7: l2|=((unsigned long)(*(--(c))))<<16; \
			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
			case 5: l2|=((unsigned long)(*(--(c))));     \
			case 4: l1 =((unsigned long)(*(--(c))))<<24; \
			case 3: l1|=((unsigned long)(*(--(c))))<<16; \
			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
			case 1: l1|=((unsigned long)(*(--(c))));     \
				} \
			}

#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24)&0xff))

#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24, \
			 l|=((unsigned long)(*((c)++)))<<16, \
			 l|=((unsigned long)(*((c)++)))<< 8, \
			 l|=((unsigned long)(*((c)++))))

#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))

#define l2n8(l,c)	(*((c)++)=(unsigned char)(((l)>>56)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))

/* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n)	{ \
			c+=n; \
			switch (n) { \
			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
				} \
			}

#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
			    (((unsigned int)(c[1]))    )),c+=2)
#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)

#define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \
			     (((unsigned long)(c[1]))<< 8)| \
			     (((unsigned long)(c[2]))    )),c+=3)

#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)

/* LOCAL STUFF */

#define SSL_DECRYPT	0







<
<
<
<









<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
<
<
<
<
<
<
<















<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





<
<
<
<







147
148
149
150
151
152
153




154
155
156
157
158
159
160
161
162




163














164
165









166
167
168
169
170
171
172
173
174
175
176
177
178
179
180















181
182
183
184
185




186
187
188
189
190
191
192

#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>





#include <openssl/opensslconf.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/stack.h>





#include "bytestring.h"















__BEGIN_HIDDEN_DECLS










#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))

#define l2n8(l,c)	(*((c)++)=(unsigned char)(((l)>>56)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))
















#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
			    (((unsigned int)(c[1]))    )),c+=2)
#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)





#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)

/* LOCAL STUFF */

#define SSL_DECRYPT	0
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
 * that the different entities within are mutually exclusive:
 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
 */

/* Bits for algorithm_mkey (key exchange algorithm) */
#define SSL_kRSA		0x00000001L /* RSA key exchange */
#define SSL_kDHE		0x00000008L /* tmp DH key no DH cert */
#define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
#define SSL_kECDHE		0x00000080L /* ephemeral ECDH */
#define SSL_kGOST		0x00000200L /* GOST key exchange */

/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA		0x00000001L /* RSA auth */
#define SSL_aDSS 		0x00000002L /* DSS auth */
#define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aECDH 		0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
#define SSL_aGOST01 		0x00000200L /* GOST R 34.10-2001 signature auth */


/* Bits for algorithm_enc (symmetric encryption) */
#define SSL_DES			0x00000001L
#define SSL_3DES		0x00000002L
#define SSL_RC4			0x00000004L
#define SSL_IDEA		0x00000008L
#define SSL_eNULL		0x00000010L







<
<







<


<







205
206
207
208
209
210
211


212
213
214
215
216
217
218

219
220

221
222
223
224
225
226
227
 * that the different entities within are mutually exclusive:
 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
 */

/* Bits for algorithm_mkey (key exchange algorithm) */
#define SSL_kRSA		0x00000001L /* RSA key exchange */
#define SSL_kDHE		0x00000008L /* tmp DH key no DH cert */


#define SSL_kECDHE		0x00000080L /* ephemeral ECDH */
#define SSL_kGOST		0x00000200L /* GOST key exchange */

/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA		0x00000001L /* RSA auth */
#define SSL_aDSS 		0x00000002L /* DSS auth */
#define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */

#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
#define SSL_aGOST01 		0x00000200L /* GOST R 34.10-2001 signature auth */


/* Bits for algorithm_enc (symmetric encryption) */
#define SSL_DES			0x00000001L
#define SSL_3DES		0x00000002L
#define SSL_RC4			0x00000004L
#define SSL_IDEA		0x00000008L
#define SSL_eNULL		0x00000010L
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
#define SSL_GOST94      0x00000004L
#define SSL_GOST89MAC   0x00000008L
#define SSL_SHA256		0x00000010L
#define SSL_SHA384		0x00000020L
/* Not a real MAC, just an indication it is part of cipher */
#define SSL_AEAD		0x00000040L
#define SSL_STREEBOG256		0x00000080L
#define SSL_STREEBOG512		0x00000100L

/* Bits for algorithm_ssl (protocol version) */
#define SSL_SSLV3		0x00000002L
#define SSL_TLSV1		SSL_SSLV3	/* for now */
#define SSL_TLSV1_2		0x00000004L


/* Bits for algorithm2 (handshake digests and other extra flags) */

#define SSL_HANDSHAKE_MAC_MD5 0x10
#define SSL_HANDSHAKE_MAC_SHA 0x20
#define SSL_HANDSHAKE_MAC_GOST94 0x40
#define SSL_HANDSHAKE_MAC_SHA256 0x80
#define SSL_HANDSHAKE_MAC_SHA384 0x100
#define SSL_HANDSHAKE_MAC_STREEBOG256 0x200
#define SSL_HANDSHAKE_MAC_STREEBOG512 0x400
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)

/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
 * make sure to update this constant too */
#define SSL_MAX_DIGEST 8

#define SSL3_CK_ID		0x03000000
#define SSL3_CK_VALUE_MASK	0x0000ffff

#define TLS1_PRF_DGST_MASK	(0xff << TLS1_PRF_DGST_SHIFT)

#define TLS1_PRF_DGST_SHIFT 10







<









|
|
|
|
|
|
|




|







246
247
248
249
250
251
252

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
#define SSL_GOST94      0x00000004L
#define SSL_GOST89MAC   0x00000008L
#define SSL_SHA256		0x00000010L
#define SSL_SHA384		0x00000020L
/* Not a real MAC, just an indication it is part of cipher */
#define SSL_AEAD		0x00000040L
#define SSL_STREEBOG256		0x00000080L


/* Bits for algorithm_ssl (protocol version) */
#define SSL_SSLV3		0x00000002L
#define SSL_TLSV1		SSL_SSLV3	/* for now */
#define SSL_TLSV1_2		0x00000004L


/* Bits for algorithm2 (handshake digests and other extra flags) */

#define SSL_HANDSHAKE_MAC_MASK		0xff0
#define SSL_HANDSHAKE_MAC_MD5		0x010
#define SSL_HANDSHAKE_MAC_SHA		0x020
#define SSL_HANDSHAKE_MAC_GOST94	0x040
#define SSL_HANDSHAKE_MAC_SHA256	0x080
#define SSL_HANDSHAKE_MAC_SHA384	0x100
#define SSL_HANDSHAKE_MAC_STREEBOG256	0x200
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)

/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
 * make sure to update this constant too */
#define SSL_MAX_DIGEST 7

#define SSL3_CK_ID		0x03000000
#define SSL3_CK_VALUE_MASK	0x0000ffff

#define TLS1_PRF_DGST_MASK	(0xff << TLS1_PRF_DGST_SHIFT)

#define TLS1_PRF_DGST_SHIFT 10
377
378
379
380
381
382
383
384

385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406


407
408
409
410
411
412
413
/*
 * The keylength (measured in RSA key bits, I guess)  for temporary keys.
 * Cipher argument is so that this can be variable in the future.
 */
#define SSL_C_PKEYLENGTH(c)	1024

/* Check if an SSL structure is using DTLS. */
#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)


/* See if we need explicit IV. */
#define SSL_USE_EXPLICIT_IV(s) \
	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)

/* See if we use signature algorithms extension. */
#define SSL_USE_SIGALGS(s) \
	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)

/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
#define SSL_USE_TLS1_2_CIPHERS(s) \
	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)

/* Mostly for SSLv3 */
#define SSL_PKEY_RSA_ENC	0
#define SSL_PKEY_RSA_SIGN	1
#define SSL_PKEY_DSA_SIGN	2
#define SSL_PKEY_DH_RSA		3
#define SSL_PKEY_DH_DSA		4
#define SSL_PKEY_ECC            5
#define SSL_PKEY_GOST01		6
#define SSL_PKEY_NUM		7



/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
 * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
 * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
 * SSL_aRSA <- RSA_ENC | RSA_SIGN
 * SSL_aDSS <- DSA_SIGN







|
>



|



|



|










>
>







322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
/*
 * The keylength (measured in RSA key bits, I guess)  for temporary keys.
 * Cipher argument is so that this can be variable in the future.
 */
#define SSL_C_PKEYLENGTH(c)	1024

/* Check if an SSL structure is using DTLS. */
#define SSL_IS_DTLS(s) \
	(s->method->internal->version == DTLS1_VERSION)

/* See if we need explicit IV. */
#define SSL_USE_EXPLICIT_IV(s) \
	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)

/* See if we use signature algorithms extension. */
#define SSL_USE_SIGALGS(s) \
	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)

/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
#define SSL_USE_TLS1_2_CIPHERS(s) \
	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)

/* Mostly for SSLv3 */
#define SSL_PKEY_RSA_ENC	0
#define SSL_PKEY_RSA_SIGN	1
#define SSL_PKEY_DSA_SIGN	2
#define SSL_PKEY_DH_RSA		3
#define SSL_PKEY_DH_DSA		4
#define SSL_PKEY_ECC            5
#define SSL_PKEY_GOST01		6
#define SSL_PKEY_NUM		7

#define SSL_MAX_EMPTY_RECORDS	32

/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
 * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
 * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
 * SSL_aRSA <- RSA_ENC | RSA_SIGN
 * SSL_aDSS <- DSA_SIGN
421
422
423
424
425
426
427








































































































































































































































































































































































































































































































































































































428
429
430
431
432
433
434

/* From ECC-TLS draft, used in encoding the curve type in
 * ECParameters
 */
#define EXPLICIT_PRIME_CURVE_TYPE  1
#define EXPLICIT_CHAR2_CURVE_TYPE  2
#define NAMED_CURVE_TYPE           3









































































































































































































































































































































































































































































































































































































typedef struct cert_pkey_st {
	X509 *x509;
	EVP_PKEY *privatekey;
	/* Digest to use when signing */
	const EVP_MD *digest;
} CERT_PKEY;







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966

/* From ECC-TLS draft, used in encoding the curve type in
 * ECParameters
 */
#define EXPLICIT_PRIME_CURVE_TYPE  1
#define EXPLICIT_CHAR2_CURVE_TYPE  2
#define NAMED_CURVE_TYPE           3

typedef struct ssl_method_internal_st {
	int version;

	uint16_t min_version;
	uint16_t max_version;

	int (*ssl_new)(SSL *s);
	void (*ssl_clear)(SSL *s);
	void (*ssl_free)(SSL *s);

	int (*ssl_accept)(SSL *s);
	int (*ssl_connect)(SSL *s);
	int (*ssl_read)(SSL *s, void *buf, int len);
	int (*ssl_peek)(SSL *s, void *buf, int len);
	int (*ssl_write)(SSL *s, const void *buf, int len);
	int (*ssl_shutdown)(SSL *s);

	int (*ssl_renegotiate)(SSL *s);
	int (*ssl_renegotiate_check)(SSL *s);

	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
	    long max, int *ok);
	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
	    int len, int peek);
	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);

	int (*ssl_pending)(const SSL *s);
	const struct ssl_method_st *(*get_ssl_method)(int version);

	long (*get_timeout)(void);
	int (*ssl_version)(void);

	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
} SSL_METHOD_INTERNAL;

typedef struct ssl_session_internal_st {
	CRYPTO_EX_DATA ex_data; /* application specific data */

	/* These are used to make removal of session-ids more
	 * efficient and to implement a maximum cache size. */
	struct ssl_session_st *prev, *next;

	/* Used to indicate that session resumption is not allowed.
	 * Applications can also set this bit for a new session via
	 * not_resumable_session_cb to disable session caching and tickets. */
	int not_resumable;

	/* The cert is the certificate used to establish this connection */
	struct sess_cert_st /* SESS_CERT */ *sess_cert;

	size_t tlsext_ecpointformatlist_length;
	uint8_t *tlsext_ecpointformatlist; /* peer's list */
	size_t tlsext_supportedgroups_length;
	uint16_t *tlsext_supportedgroups; /* peer's list */
} SSL_SESSION_INTERNAL;
#define SSI(s) (s->session->internal)

typedef struct ssl_ctx_internal_st {
	uint16_t min_version;
	uint16_t max_version;

	unsigned long options;
	unsigned long mode;

	/* If this callback is not null, it will be called each
	 * time a session id is added to the cache.  If this function
	 * returns 1, it means that the callback will do a
	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
	 * on 0, it means the callback has finished with it.
	 * If remove_session_cb is not null, it will be called when
	 * a session-id is removed from the cache.  After the call,
	 * OpenSSL will SSL_SESSION_free() it. */
	int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
	void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
	    unsigned char *data, int len, int *copy);

	/* if defined, these override the X509_verify_cert() calls */
	int (*app_verify_callback)(X509_STORE_CTX *, void *);
	    void *app_verify_arg;

	/* get client cert callback */
	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

	/* cookie generate callback */
	int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
	    unsigned int *cookie_len);

	/* verify cookie callback */
	int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
	    unsigned int cookie_len);

	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */

	/* callback that allows applications to peek at protocol messages */
	void (*msg_callback)(int write_p, int version, int content_type,
	    const void *buf, size_t len, SSL *ssl, void *arg);
	void *msg_callback_arg;

	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */

	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

	/* TLS extensions servername callback */
	int (*tlsext_servername_callback)(SSL*, int *, void *);
	void *tlsext_servername_arg;

	/* Callback to support customisation of ticket key setting */
	int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
	    unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);

	/* certificate status request info */
	/* Callback for status request */
	int (*tlsext_status_cb)(SSL *ssl, void *arg);
	void *tlsext_status_arg;

	struct lhash_st_SSL_SESSION *sessions;

	/* Most session-ids that will be cached, default is
	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
	unsigned long session_cache_size;
	struct ssl_session_st *session_cache_head;
	struct ssl_session_st *session_cache_tail;

	/* This can have one of 2 values, ored together,
	 * SSL_SESS_CACHE_CLIENT,
	 * SSL_SESS_CACHE_SERVER,
	 * Default is SSL_SESSION_CACHE_SERVER, which means only
	 * SSL_accept which cache SSL_SESSIONS. */
	int session_cache_mode;

	struct {
		int sess_connect;	/* SSL new conn - started */
		int sess_connect_renegotiate;/* SSL reneg - requested */
		int sess_connect_good;	/* SSL new conne/reneg - finished */
		int sess_accept;	/* SSL new accept - started */
		int sess_accept_renegotiate;/* SSL reneg - requested */
		int sess_accept_good;	/* SSL accept/reneg - finished */
		int sess_miss;		/* session lookup misses  */
		int sess_timeout;	/* reuse attempt on timeouted session */
		int sess_cache_full;	/* session removed due to full cache */
		int sess_hit;		/* session reuse actually done */
		int sess_cb_hit;	/* session-id that was not
					 * in the cache was
					 * passed back via the callback.  This
					 * indicates that the application is
					 * supplying session-id's from other
					 * processes - spooky :-) */
	} stats;

	CRYPTO_EX_DATA ex_data;

	/* same cipher_list but sorted for lookup */
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

	struct cert_st /* CERT */ *cert;

	/* Default values used when no per-SSL value is defined follow */

	/* what we put in client cert requests */
	STACK_OF(X509_NAME) *client_CA;

	long max_cert_list;

	int read_ahead;

	int quiet_shutdown;

	/* Maximum amount of data to send in one fragment.
	 * actual record size can be more than this due to
	 * padding and MAC overheads.
	 */
	unsigned int max_send_fragment;

#ifndef OPENSSL_NO_ENGINE
	/* Engine to pass requests for client certs to
	 */
	ENGINE *client_cert_engine;
#endif

	/* RFC 4507 session ticket keys */
	unsigned char tlsext_tick_key_name[16];
	unsigned char tlsext_tick_hmac_key[16];
	unsigned char tlsext_tick_aes_key[16];

	/* SRTP profiles we are willing to do from RFC 5764 */
	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;

	/* Next protocol negotiation information */
	/* (for experimental NPN extension). */

	/* For a server, this contains a callback function by which the set of
	 * advertised protocols can be provided. */
	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
	    unsigned int *len, void *arg);
	void *next_protos_advertised_cb_arg;
	/* For a client, this contains a callback function that selects the
	 * next protocol from the list provided by the server. */
	int (*next_proto_select_cb)(SSL *s, unsigned char **out,
	    unsigned char *outlen, const unsigned char *in,
	    unsigned int inlen, void *arg);
	void *next_proto_select_cb_arg;

	/*
	 * ALPN information
	 * (we are in the process of transitioning from NPN to ALPN).
	 */

	/*
	 * Server callback function that allows the server to select the
	 * protocol for the connection.
	 *   out: on successful return, this must point to the raw protocol
	 *       name (without the length prefix).
	 *   outlen: on successful return, this contains the length of out.
	 *   in: points to the client's list of supported protocols in
	 *       wire-format.
	 *   inlen: the length of in.
	 */
	int (*alpn_select_cb)(SSL *s, const unsigned char **out,
	    unsigned char *outlen, const unsigned char *in, unsigned int inlen,
	    void *arg);
	void *alpn_select_cb_arg;

	/* Client list of supported protocols in wire format. */
	unsigned char *alpn_client_proto_list;
	unsigned int alpn_client_proto_list_len;

	size_t tlsext_ecpointformatlist_length;
	uint8_t *tlsext_ecpointformatlist; /* our list */
	size_t tlsext_supportedgroups_length;
	uint16_t *tlsext_supportedgroups; /* our list */
} SSL_CTX_INTERNAL;

typedef struct ssl_internal_st {
	uint16_t min_version;
	uint16_t max_version;

	unsigned long options; /* protocol behaviour */
	unsigned long mode; /* API behaviour */

	/* Next protocol negotiation. For the client, this is the protocol that
	 * we sent in NextProtocol and is set when handling ServerHello
	 * extensions.
	 *
	 * For a server, this is the client's selected_protocol from
	 * NextProtocol and is set when handling the NextProtocol message,
	 * before the Finished message. */
	unsigned char *next_proto_negotiated;
	unsigned char next_proto_negotiated_len;

	/* Client list of supported protocols in wire format. */
	unsigned char *alpn_client_proto_list;
	unsigned int alpn_client_proto_list_len;

	/* XXX Callbacks */

	/* true when we are actually in SSL_accept() or SSL_connect() */
	int in_handshake;
	int (*handshake_func)(SSL *);
	/* callback that allows applications to peek at protocol messages */
	void (*msg_callback)(int write_p, int version, int content_type,
	    const void *buf, size_t len, SSL *ssl, void *arg);
	void *msg_callback_arg;

	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */

	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */

	/* TLS extension debug callback */
	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
	    unsigned char *data, int len, void *arg);
	void *tlsext_debug_arg;

	/* TLS Session Ticket extension callback */
	tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
	void *tls_session_ticket_ext_cb_arg;

	/* TLS pre-shared secret session resumption */
	tls_session_secret_cb_fn tls_session_secret_cb;
	void *tls_session_secret_cb_arg;

	/* XXX non-callback */

	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

	/* This holds a variable that indicates what we were doing
	 * when a 0 or -1 is returned.  This is needed for
	 * non-blocking IO so we know what request needs re-doing when
	 * in SSL_accept or SSL_connect */
	int rwstate;

	/* Imagine that here's a boolean member "init" that is
	 * switched as soon as SSL_set_{accept/connect}_state
	 * is called for the first time, so that "state" and
	 * "handshake_func" are properly initialized.  But as
	 * handshake_func is == 0 until then, we use this
	 * test instead of an "init" member.
	 */

	int new_session;/* Generate a new session or reuse an old one.
			 * NB: For servers, the 'new' session may actually be a previously
			 * cached session or even the previous session unless
			 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
	int quiet_shutdown;/* don't send shutdown packets */
	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
			 * for received */
	BUF_MEM *init_buf;	/* buffer used during init */
	void *init_msg;		/* pointer to handshake message body, set by ssl3_get_message() */
	int init_num;		/* amount read/written */
	int init_off;		/* amount read/written */

	/* used internally to point at a raw packet */
	unsigned char *packet;
	unsigned int packet_length;

	int read_ahead;		/* Read as many input bytes as possible
				 * (for non-blocking reads) */

	int hit;		/* reusing a previous session */

	/* crypto */
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

	/* These are the ones being used, the ones in SSL_SESSION are
	 * the ones to be 'copied' into these ones */
	int mac_flags;

	SSL_AEAD_CTX *aead_read_ctx;	/* AEAD context. If non-NULL, then
					   enc_read_ctx and read_hash are
					   ignored. */

	SSL_AEAD_CTX *aead_write_ctx;	/* AEAD context. If non-NULL, then
					   enc_write_ctx and write_hash are
					   ignored. */

	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
	EVP_MD_CTX *write_hash;			/* used for mac generation */

	/* session info */

	/* extra application data */
	CRYPTO_EX_DATA ex_data;

	/* client cert? */
	/* for server side, keep the list of CA_dn we can use */
	STACK_OF(X509_NAME) *client_CA;

	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
	 * and SSL_write() calls, good for nbio debuging :-) */
	int debug;
	long max_cert_list;
	int first_packet;

	int servername_done;	/* no further mod of servername
				   0 : call the servername extension callback.
				   1 : prepare 2, allow last ack just after in server callback.
				   2 : don't call servername callback, no ack in server hello
				   */

	/* Expect OCSP CertificateStatus message */
	int tlsext_status_expected;
	/* OCSP status request only */
	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
	X509_EXTENSIONS *tlsext_ocsp_exts;
	/* OCSP response received or to be sent */
	unsigned char *tlsext_ocsp_resp;
	int tlsext_ocsp_resplen;

	/* RFC4507 session ticket expected to be received or sent */
	int tlsext_ticket_expected;

	size_t tlsext_ecpointformatlist_length;
	uint8_t *tlsext_ecpointformatlist; /* our list */
	size_t tlsext_supportedgroups_length;
	uint16_t *tlsext_supportedgroups; /* our list */

	/* TLS Session Ticket extension override */
	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;

	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;	/* What we'll do */
	SRTP_PROTECTION_PROFILE *srtp_profile;			/* What's been chosen */

	int renegotiate;/* 1 if we are renegotiating.
		 	 * 2 if we are a server and are inside a handshake
	                 * (i.e. not just sending a HelloRequest) */

	int state;	/* where we are */
	int rstate;	/* where we are when reading */

	int mac_packet;

	int empty_record_count;
} SSL_INTERNAL;

typedef struct ssl3_state_internal_st {
	int delay_buf_pop_ret;

	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
	int read_mac_secret_size;
	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
	int write_mac_secret_size;
	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];

	/* flags for countermeasure against known-IV weakness */
	int need_empty_fragments;
	int empty_fragment_done;

	SSL3_RECORD rrec;	/* each decoded record goes in here */
	SSL3_RECORD wrec;	/* goes out from here */

	/* storage for Alert/Handshake protocol data received but not
	 * yet processed by ssl3_read_bytes: */
	unsigned char alert_fragment[2];
	unsigned int alert_fragment_len;
	unsigned char handshake_fragment[4];
	unsigned int handshake_fragment_len;

	/* partial write - check the numbers match */
	unsigned int wnum;	/* number of bytes sent so far */
	int wpend_tot;		/* number bytes written */
	int wpend_type;
	int wpend_ret;		/* number of bytes submitted */
	const unsigned char *wpend_buf;

	/* used during startup, digest all incoming/outgoing packets */
	BIO *handshake_buffer;

	/* Rolling hash of handshake messages. */
	EVP_MD_CTX *handshake_hash;

	/* this is set whenerver we see a change_cipher_spec message
	 * come in when we are not looking for one */
	int change_cipher_spec;

	int warn_alert;
	int fatal_alert;

	/* This flag is set when we should renegotiate ASAP, basically when
	 * there is no more data in the read or write buffers */
	int renegotiate;
	int total_renegotiations;
	int num_renegotiations;

	int in_read_app_data;

	struct	{
		/* actually only needs to be 16+20 */
		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
		int finish_md_len;
		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
		int peer_finish_md_len;

		unsigned long message_size;
		int message_type;

		/* used to hold the new cipher we are going to use */
		const SSL_CIPHER *new_cipher;
		DH *dh;

		EC_KEY *ecdh; /* holds short lived ECDH key */

		uint8_t *x25519;

		/* used when SSL_ST_FLUSH_DATA is entered */
		int next_state;

		int reuse_message;

		/* used for certificate requests */
		int cert_req;
		int ctype_num;
		char ctype[SSL3_CT_NUMBER];
		STACK_OF(X509_NAME) *ca_names;

		int key_block_length;
		unsigned char *key_block;

		const EVP_CIPHER *new_sym_enc;
		const EVP_AEAD *new_aead;
		const EVP_MD *new_hash;
		int new_mac_pkey_type;
		int cert_request;
	} tmp;

	/* Connection binding to prevent renegotiation attacks */
	unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
	unsigned char previous_client_finished_len;
	unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
	unsigned char previous_server_finished_len;
	int send_connection_binding; /* TODOEKR */

	/* Set if we saw the Next Protocol Negotiation extension from our peer.
	 */
	int next_proto_neg_seen;

	/*
	 * ALPN information
	 * (we are in the process of transitioning from NPN to ALPN).
	 */

	/*
	 * In a server these point to the selected ALPN protocol after the
	 * ClientHello has been processed. In a client these contain the
	 * protocol that the server selected once the ServerHello has been
	 * processed.
	 */
	unsigned char *alpn_selected;
	unsigned int alpn_selected_len;
} SSL3_STATE_INTERNAL;
#define S3I(s) (s->s3->internal)

typedef struct dtls1_state_internal_st {
	unsigned int send_cookie;
	unsigned char cookie[DTLS1_COOKIE_LENGTH];
	unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
	unsigned int cookie_len;

	/*
	 * The current data and handshake epoch.  This is initially
	 * undefined, and starts at zero once the initial handshake is
	 * completed
	 */
	unsigned short r_epoch;
	unsigned short w_epoch;

	/* records being received in the current epoch */
	DTLS1_BITMAP bitmap;

	/* renegotiation starts a new set of sequence numbers */
	DTLS1_BITMAP next_bitmap;

	/* handshake message numbers */
	unsigned short handshake_write_seq;
	unsigned short next_handshake_write_seq;

	unsigned short handshake_read_seq;

	/* save last sequence number for retransmissions */
	unsigned char last_write_sequence[8];

	/* Received handshake records (processed and unprocessed) */
	record_pqueue unprocessed_rcds;
	record_pqueue processed_rcds;

	/* Buffered handshake messages */
	struct _pqueue *buffered_messages;

	/* Buffered application records.
	 * Only for records between CCS and Finished
	 * to prevent either protocol violation or
	 * unnecessary message loss.
	 */
	record_pqueue buffered_app_data;

	/* Is set when listening for new connections with dtls1_listen() */
	unsigned int listen;

	unsigned int mtu; /* max DTLS packet size */

	struct hm_header_st w_msg_hdr;
	struct hm_header_st r_msg_hdr;

	struct dtls1_timeout_st timeout;

	/* storage for Alert/Handshake protocol data received but not
	 * yet processed by ssl3_read_bytes: */
	unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
	unsigned int alert_fragment_len;
	unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
	unsigned int handshake_fragment_len;

	unsigned int retransmitting;
	unsigned int change_cipher_spec_ok;
} DTLS1_STATE_INTERNAL;
#define D1I(s) (s->d1->internal)

typedef struct cert_pkey_st {
	X509 *x509;
	EVP_PKEY *privatekey;
	/* Digest to use when signing */
	const EVP_MD *digest;
} CERT_PKEY;
468
469
470
471
472
473
474

475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
	/* Obviously we don't have the private keys of these,
	 * so maybe we shouldn't even use the CERT_PKEY type here. */

	DH *peer_dh_tmp;
	EC_KEY *peer_ecdh_tmp;


	int references; /* actually always 1 at the moment */
} SESS_CERT;


/*#define SSL_DEBUG	*/
/*#define RSA_DEBUG	*/

/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
 * It is a bit of a mess of functions, but hell, think of it as
 * an opaque structure :-) */
typedef struct ssl3_enc_method {
	int (*enc)(SSL *, int);
	int (*mac)(SSL *, unsigned char *, int);
	int (*setup_key_block)(SSL *);
	int (*generate_master_secret)(SSL *, unsigned char *,
	    unsigned char *, int);
	int (*change_cipher_state)(SSL *, int);
	int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
	int finish_mac_length;
	int (*cert_verify_mac)(SSL *, int, unsigned char *);
	const char *client_finished_label;
	int client_finished_label_len;
	const char *server_finished_label;
	int server_finished_label_len;
	int (*alert_value)(int);
	int (*export_keying_material)(SSL *, unsigned char *, size_t,
	    const char *, size_t, const unsigned char *, size_t,
	    int use_context);
	/* Flags indicating protocol version requirements. */
	unsigned int enc_flags;
} SSL3_ENC_METHOD;

/*
 * Flag values for enc_flags.
 */

/* Uses explicit IV. */
#define SSL_ENC_FLAG_EXPLICIT_IV        (1 << 0)

/* Uses signature algorithms extension. */
#define SSL_ENC_FLAG_SIGALGS            (1 << 1)

/* Uses SHA256 default PRF. */
#define SSL_ENC_FLAG_SHA256_PRF         (1 << 2)

/* Is DTLS. */
#define SSL_ENC_FLAG_DTLS               (1 << 3)

/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
#define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)

/*
 * ssl_aead_ctx_st contains information about an AEAD that is being used to
 * encrypt an SSL connection.
 */







>



<




<
<
<


<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















<
<
<







1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010

1011
1012
1013
1014



1015
1016

















1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032



1033
1034
1035
1036
1037
1038
1039
	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
	/* Obviously we don't have the private keys of these,
	 * so maybe we shouldn't even use the CERT_PKEY type here. */

	DH *peer_dh_tmp;
	EC_KEY *peer_ecdh_tmp;
	uint8_t *peer_x25519_tmp;

	int references; /* actually always 1 at the moment */
} SESS_CERT;


/*#define SSL_DEBUG	*/
/*#define RSA_DEBUG	*/




typedef struct ssl3_enc_method {
	int (*enc)(SSL *, int);

















	unsigned int enc_flags;
} SSL3_ENC_METHOD;

/*
 * Flag values for enc_flags.
 */

/* Uses explicit IV. */
#define SSL_ENC_FLAG_EXPLICIT_IV        (1 << 0)

/* Uses signature algorithms extension. */
#define SSL_ENC_FLAG_SIGALGS            (1 << 1)

/* Uses SHA256 default PRF. */
#define SSL_ENC_FLAG_SHA256_PRF         (1 << 2)




/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
#define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)

/*
 * ssl_aead_ctx_st contains information about an AEAD that is being used to
 * encrypt an SSL connection.
 */
542
543
544
545
546
547
548
549
550
551
552



553





554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
	/*
	 * variable_nonce_in_record is non-zero if the variable nonce
	 * for a record is included as a prefix before the ciphertext.
	 */
	char variable_nonce_in_record;
};

extern SSL3_ENC_METHOD ssl3_undef_enc_method;
extern SSL_CIPHER ssl3_ciphers[];

const char *ssl_version_string(int ver);



uint16_t ssl_max_server_version(SSL *s);






extern SSL3_ENC_METHOD DTLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_1_enc_data;
extern SSL3_ENC_METHOD TLSv1_2_enc_data;

void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
int ssl_cert_inst(CERT **o);
void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
    const unsigned char *limit);
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
    const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
    int num);
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
    unsigned char *p);
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
    const char *rule_str);
void ssl_update_cache(SSL *s, int mode);
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);

int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
X509 *ssl_get_server_send_cert(const SSL *);







<



>
>
>

>
>
>
>
>


















|





|







|







1051
1052
1053
1054
1055
1056
1057

1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
	/*
	 * variable_nonce_in_record is non-zero if the variable nonce
	 * for a record is included as a prefix before the ciphertext.
	 */
	char variable_nonce_in_record;
};


extern SSL_CIPHER ssl3_ciphers[];

const char *ssl_version_string(int ver);
int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
uint16_t ssl_max_server_version(SSL *s);

const SSL_METHOD *dtls1_get_client_method(int ver);
const SSL_METHOD *dtls1_get_server_method(int ver);
const SSL_METHOD *tls1_get_client_method(int ver);
const SSL_METHOD *tls1_get_server_method(int ver);

extern SSL3_ENC_METHOD DTLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_1_enc_data;
extern SSL3_ENC_METHOD TLSv1_2_enc_data;

void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
int ssl_cert_inst(CERT **o);
void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
    const unsigned char *limit);
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
    const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
    int num);
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
    unsigned char *p, size_t maxlen, size_t *outlen);
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
    const char *rule_str);
void ssl_update_cache(SSL *s, int mode);
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md);

int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
X509 *ssl_get_server_send_cert(const SSL *);
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
int ssl3_renegotiate(SSL *ssl);

int ssl3_renegotiate_check(SSL *ssl);

int ssl3_dispatch_alert(SSL *s);
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
    STACK_OF(SSL_CIPHER) *srvr);
int	ssl3_setup_buffers(SSL *s);
int	ssl3_setup_init_buffer(SSL *s);
int	ssl3_setup_read_buffer(SSL *s);
int	ssl3_setup_write_buffer(SSL *s);
int	ssl3_release_read_buffer(SSL *s);







|







1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
int ssl3_renegotiate(SSL *ssl);

int ssl3_renegotiate_check(SSL *ssl);

int ssl3_dispatch_alert(SSL *s);
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
int ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x);
SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
    STACK_OF(SSL_CIPHER) *srvr);
int	ssl3_setup_buffers(SSL *s);
int	ssl3_setup_init_buffer(SSL *s);
int	ssl3_setup_read_buffer(SSL *s);
int	ssl3_setup_write_buffer(SSL *s);
int	ssl3_release_read_buffer(SSL *s);
646
647
648
649
650
651
652



653
654
655
656
657
658
659
660
661
662
663
664
665


666
667
668
669
670
671
672
673
674
675
676
677
678
long	ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
long	ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
int	ssl3_pending(const SSL *s);

int ssl3_handshake_msg_hdr_len(SSL *s);
unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
void ssl3_handshake_msg_finish(SSL *s, unsigned int len);



int ssl3_handshake_write(SSL *s);

void tls1_record_sequence_increment(unsigned char *seq);
int ssl3_do_change_cipher_spec(SSL *ssl);

int ssl23_read(SSL *s, void *buf, int len);
int ssl23_peek(SSL *s, void *buf, int len);
int ssl23_write(SSL *s, const void *buf, int len);
long ssl23_default_timeout(void);

long tls1_default_timeout(void);
int dtls1_do_write(SSL *s, int type);
int ssl3_read_n(SSL *s, int n, int max, int extend);


int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
    unsigned int len);
unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
    unsigned char mt, unsigned long len, unsigned long frag_off,
    unsigned long frag_len);

int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);

int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
int dtls1_read_failed(SSL *s, int code);







>
>
>












|
>
>



|
<
|







1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190

1191
1192
1193
1194
1195
1196
1197
1198
long	ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
long	ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
int	ssl3_pending(const SSL *s);

int ssl3_handshake_msg_hdr_len(SSL *s);
unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
int ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body,
    uint8_t msg_type);
int ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake);
int ssl3_handshake_write(SSL *s);

void tls1_record_sequence_increment(unsigned char *seq);
int ssl3_do_change_cipher_spec(SSL *ssl);

int ssl23_read(SSL *s, void *buf, int len);
int ssl23_peek(SSL *s, void *buf, int len);
int ssl23_write(SSL *s, const void *buf, int len);
long ssl23_default_timeout(void);

long tls1_default_timeout(void);
int dtls1_do_write(SSL *s, int type);
int ssl3_packet_read(SSL *s, int plen);
int ssl3_packet_extend(SSL *s, int plen);
int ssl_server_legacy_first_packet(SSL *s);
int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
    unsigned int len);
void dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,

    unsigned long frag_off, unsigned long frag_len);

int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);

int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
int dtls1_read_failed(SSL *s, int code);
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763






764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784

785


786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
int ssl3_get_new_session_ticket(SSL *s);
int ssl3_get_cert_status(SSL *s);
int ssl3_get_server_done(SSL *s);
int ssl3_send_client_verify(SSL *s);
int ssl3_send_client_certificate(SSL *s);
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
int ssl3_send_client_key_exchange(SSL *s);
int ssl3_get_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
int ssl3_check_finished(SSL *s);
int ssl3_send_next_proto(SSL *s);

int dtls1_send_client_certificate(SSL *s);

/* some server-only functions */
int ssl3_get_client_hello(SSL *s);
int ssl3_send_server_hello(SSL *s);
int ssl3_send_hello_request(SSL *s);
int ssl3_send_server_key_exchange(SSL *s);
int ssl3_send_certificate_request(SSL *s);
int ssl3_send_server_done(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
int ssl3_get_next_proto(SSL *s);

int dtls1_send_server_certificate(SSL *s);

int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
int ssl23_read_bytes(SSL *s, int n);
int ssl23_write_bytes(SSL *s);

int tls1_new(SSL *s);
void tls1_free(SSL *s);
void tls1_clear(SSL *s);
long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));

int dtls1_new(SSL *s);
int dtls1_accept(SSL *s);
int dtls1_connect(SSL *s);
void dtls1_free(SSL *s);
void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
int dtls1_shutdown(SSL *s);

long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int dtls1_get_record(SSL *s);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
    unsigned int len);
int dtls1_dispatch_alert(SSL *s);
int dtls1_enc(SSL *s, int snd);

int ssl_init_wbio_buffer(SSL *s, int push);
void ssl_free_wbio_buffer(SSL *s);







int tls1_init_finished_mac(SSL *s);
void tls1_finish_mac(SSL *s, const unsigned char *buf, int len);
void tls1_free_digest_list(SSL *s);
void tls1_cleanup_key_block(SSL *s);
int tls1_digest_cached_records(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
int tls1_mac(SSL *ssl, unsigned char *md, int snd);
int tls1_generate_master_secret(SSL *s, unsigned char *out,
    unsigned char *p, int len);
int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *p, size_t plen,
    int use_context);
int tls1_alert_code(int code);
int ssl_ok(SSL *s);

int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);


SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);



int tls1_ec_curve_id2nid(uint16_t curve_id);
uint16_t tls1_ec_nid2curve_id(int nid);
int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
int tls1_get_shared_curve(SSL *s);

unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
    unsigned char *limit);

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
    unsigned char *limit);

int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
    unsigned char *d, int n, int *al);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
    unsigned char *d, int n, int *al);
int ssl_check_clienthello_tlsext_early(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);

#define tlsext_tick_md	EVP_sha256
int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
    const unsigned char *limit, SSL_SESSION **ret);







|





<
<












<
<








<
<











<
<






>
>
>
>
>
>

|







<











>
|
>
>

|
|
|











|







1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238


1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250


1251
1252
1253
1254
1255
1256
1257
1258


1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269


1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290

1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
int ssl3_get_new_session_ticket(SSL *s);
int ssl3_get_cert_status(SSL *s);
int ssl3_get_server_done(SSL *s);
int ssl3_send_client_verify(SSL *s);
int ssl3_send_client_certificate(SSL *s);
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
int ssl3_send_client_key_exchange(SSL *s);
int ssl3_get_server_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
int ssl3_check_finished(SSL *s);
int ssl3_send_next_proto(SSL *s);



/* some server-only functions */
int ssl3_get_client_hello(SSL *s);
int ssl3_send_server_hello(SSL *s);
int ssl3_send_hello_request(SSL *s);
int ssl3_send_server_key_exchange(SSL *s);
int ssl3_send_certificate_request(SSL *s);
int ssl3_send_server_done(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
int ssl3_get_next_proto(SSL *s);



int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
int ssl23_read_bytes(SSL *s, int n);
int ssl23_write_bytes(SSL *s);

int tls1_new(SSL *s);
void tls1_free(SSL *s);
void tls1_clear(SSL *s);



int dtls1_new(SSL *s);
int dtls1_accept(SSL *s);
int dtls1_connect(SSL *s);
void dtls1_free(SSL *s);
void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
int dtls1_shutdown(SSL *s);

long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int dtls1_get_record(SSL *s);


int dtls1_dispatch_alert(SSL *s);
int dtls1_enc(SSL *s, int snd);

int ssl_init_wbio_buffer(SSL *s, int push);
void ssl_free_wbio_buffer(SSL *s);

int tls1_handshake_hash_init(SSL *s);
int tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len);
int tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len,
    size_t *outlen);
void tls1_handshake_hash_free(SSL *s);

int tls1_init_finished_mac(SSL *s);
int tls1_finish_mac(SSL *s, const unsigned char *buf, int len);
void tls1_free_digest_list(SSL *s);
void tls1_cleanup_key_block(SSL *s);
int tls1_digest_cached_records(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);

int tls1_mac(SSL *ssl, unsigned char *md, int snd);
int tls1_generate_master_secret(SSL *s, unsigned char *out,
    unsigned char *p, int len);
int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *p, size_t plen,
    int use_context);
int tls1_alert_code(int code);
int ssl_ok(SSL *s);

int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);

int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const int *groups, size_t ngroups);
int tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const char *groups);

int tls1_ec_curve_id2nid(const uint16_t curve_id);
uint16_t tls1_ec_nid2curve_id(const int nid);
int tls1_check_curve(SSL *s, const uint16_t curve_id);
int tls1_get_shared_curve(SSL *s);

unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
    unsigned char *limit);

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
    unsigned char *limit);

int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
    unsigned char *d, int n, int *al);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
    size_t n, int *al);
int ssl_check_clienthello_tlsext_early(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);

#define tlsext_tick_md	EVP_sha256
int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
    const unsigned char *limit, SSL_SESSION **ret);
842
843
844
845
846
847
848
849

850






851
int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
    unsigned block_size, unsigned mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
    size_t *md_out_size, const unsigned char header[13],
    const unsigned char *data, size_t data_plus_mac_size,
    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
    unsigned mac_secret_length, char is_sslv3);








#endif







|
>

>
>
>
>
>
>

1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
    unsigned block_size, unsigned mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
    size_t *md_out_size, const unsigned char header[13],
    const unsigned char *data, size_t data_plus_mac_size,
    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
    unsigned mac_secret_length);
int SSL_state_func_code(int _state);

#define SSLerror(s, r)  ERR_PUT_error(ERR_LIB_SSL,			\
    (SSL_state_func_code(s->internal->state)),(r),__FILE__,__LINE__)
#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)

__END_HIDDEN_DECLS

#endif
Added jni/libressl/ssl/ssl_packet.c.








































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
/*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "ssl_locl.h"

#include "bytestring.h"

static int
ssl_is_sslv2_client_hello(CBS *header)
{
	uint16_t record_length;
	uint8_t message_type;
	CBS cbs;

	CBS_dup(header, &cbs);

	if (!CBS_get_u16(&cbs, &record_length) ||
	    !CBS_get_u8(&cbs, &message_type))
		return 0;

	/*
	 * The SSLv2 record length field uses variable length (2 or 3 byte)
	 * encoding. Given the size of a client hello, we expect/require the
	 * 2-byte form which is indicated by a one in the most significant bit.
	 */
	if ((record_length & 0x8000) == 0)
		return 0;
	if ((record_length & ~0x8000) < 3)
		return 0;
	if (message_type != SSL2_MT_CLIENT_HELLO)
		return 0;

	return 1;
}

static int
ssl_is_sslv3_handshake(CBS *header)
{
	uint16_t record_version;
	uint8_t record_type;
	CBS cbs;

	CBS_dup(header, &cbs);

	if (!CBS_get_u8(&cbs, &record_type) ||
	    !CBS_get_u16(&cbs, &record_version))
		return 0;

	if (record_type != SSL3_RT_HANDSHAKE)
		return 0;
	if ((record_version >> 8) != SSL3_VERSION_MAJOR)
		return 0;

	return 1;
}

static int
ssl_convert_sslv2_client_hello(SSL *s)
{
	CBB cbb, handshake, client_hello, cipher_suites, compression, session_id;
	CBS cbs, challenge, cipher_specs, session;
	uint16_t record_length, client_version, cipher_specs_length;
	uint16_t session_id_length, challenge_length;
	unsigned char *client_random = NULL, *data = NULL;
	size_t data_len, pad_len, len;
	uint32_t cipher_spec;
	uint8_t message_type;
	unsigned char *pad;
	int ret = -1;
	int n;

	memset(&cbb, 0, sizeof(cbb));

	CBS_init(&cbs, s->internal->packet, SSL3_RT_HEADER_LENGTH);

	if (!CBS_get_u16(&cbs, &record_length) ||
	    !CBS_get_u8(&cbs, &message_type) ||
	    !CBS_get_u16(&cbs, &client_version))
		return -1;

	/*
	 * The SSLv2 record length field uses variable length (2 or 3 byte)
	 * encoding. Given the size of a client hello, we expect/require the
	 * 2-byte form which is indicated by a one in the most significant bit.
	 * Also note that the record length value does not include the bytes
	 * used for the record length field.
	 */
	if ((record_length & 0x8000) == 0)
		return -1;
	record_length &= ~0x8000;
	if (record_length < SSL3_RT_HEADER_LENGTH - 2)
		return -1;
	if (message_type != SSL2_MT_CLIENT_HELLO)
		return -1;

	if (record_length < 9) {
		SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH);
		return -1;
	}
	if (record_length > 4096) {
		SSLerror(s, SSL_R_RECORD_TOO_LARGE);
		return -1;
	}

	n = ssl3_packet_extend(s, record_length + 2);
	if (n != record_length + 2)
		return n;

	tls1_finish_mac(s, s->internal->packet + 2,
	    s->internal->packet_length - 2);
	s->internal->mac_packet = 0;

	if (s->internal->msg_callback)
		s->internal->msg_callback(0, SSL2_VERSION, 0,
		    s->internal->packet + 2, s->internal->packet_length - 2, s,
		    s->internal->msg_callback_arg);

	/* Decode the SSLv2 record containing the client hello. */
	CBS_init(&cbs, s->internal->packet, s->internal->packet_length);

	if (!CBS_get_u16(&cbs, &record_length))
		return -1;
	if (!CBS_get_u8(&cbs, &message_type))
		return -1;
	if (!CBS_get_u16(&cbs, &client_version))
		return -1;
	if (!CBS_get_u16(&cbs, &cipher_specs_length))
		return -1;
	if (!CBS_get_u16(&cbs, &session_id_length))
		return -1;
	if (!CBS_get_u16(&cbs, &challenge_length))
		return -1;
	if (!CBS_get_bytes(&cbs, &cipher_specs, cipher_specs_length))
		return -1;
	if (!CBS_get_bytes(&cbs, &session, session_id_length))
		return -1;
	if (!CBS_get_bytes(&cbs, &challenge, challenge_length))
		return -1;
	if (CBS_len(&cbs) != 0) {
		SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH);
		return -1;
	}

	/*
	 * Convert SSLv2 challenge to SSLv3/TLS client random, by truncating or
	 * left-padding with zero bytes.
	 */
	if ((client_random = malloc(SSL3_RANDOM_SIZE)) == NULL)
		goto err;
	if (!CBB_init_fixed(&cbb, client_random, SSL3_RANDOM_SIZE))
		goto err;
	if ((len = CBS_len(&challenge)) > SSL3_RANDOM_SIZE)
		len = SSL3_RANDOM_SIZE;
	pad_len = SSL3_RANDOM_SIZE - len;
	if (!CBB_add_space(&cbb, &pad, pad_len))
		goto err;
	memset(pad, 0, pad_len);
	if (!CBB_add_bytes(&cbb, CBS_data(&challenge), len))
		goto err;
	if (!CBB_finish(&cbb, NULL, NULL))
		goto err;

	/* Build SSLv3/TLS record with client hello. */
	if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH))
		goto err;
	if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
		goto err;
	if (!CBB_add_u16(&cbb, 0x0301))
		goto err;
	if (!CBB_add_u16_length_prefixed(&cbb, &handshake))
		goto err;
	if (!CBB_add_u8(&handshake, SSL3_MT_CLIENT_HELLO))
		goto err;
	if (!CBB_add_u24_length_prefixed(&handshake, &client_hello))
		goto err;
	if (!CBB_add_u16(&client_hello, client_version))
		goto err;
	if (!CBB_add_bytes(&client_hello, client_random, SSL3_RANDOM_SIZE))
		goto err;
	if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
		goto err;
	if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites))
		goto err;
	while (CBS_len(&cipher_specs) > 0) {
		if (!CBS_get_u24(&cipher_specs, &cipher_spec))
			goto err;
		if ((cipher_spec & 0xff0000) != 0)
			continue;
		if (!CBB_add_u16(&cipher_suites, cipher_spec & 0xffff))
			goto err;
	}
	if (!CBB_add_u8_length_prefixed(&client_hello, &compression))
		goto err;
	if (!CBB_add_u8(&compression, 0))
		goto err;
	if (!CBB_finish(&cbb, &data, &data_len))
		goto err;

	if (data_len > s->s3->rbuf.len)
		goto err;

	s->internal->packet = s->s3->rbuf.buf;
	s->internal->packet_length = data_len;
	memcpy(s->internal->packet, data, data_len);
	ret = 1;

 err:
	CBB_cleanup(&cbb);
	free(client_random);
	free(data);

	return (ret);
}

/*
 * Potentially do legacy processing on the first packet received by a TLS
 * server. We return 1 if we want SSLv3/TLS record processing to continue
 * normally, otherwise we must set an SSLerr and return -1.
 */
int
ssl_server_legacy_first_packet(SSL *s)
{
	uint16_t min_version;
	const char *data;
	CBS header;

	if (SSL_IS_DTLS(s))
		return 1;

	CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH);

	if (ssl_is_sslv3_handshake(&header) == 1)
		return 1;

	/* Only continue if this is not a version locked method. */
	if (s->method->internal->min_version == s->method->internal->max_version)
		return 1;

	if (ssl_is_sslv2_client_hello(&header) == 1) {
		/* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */
		if (ssl_enabled_version_range(s, &min_version, NULL) != 1) {
			SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
			return -1;
		}
		if (min_version > TLS1_VERSION)
			return 1;

		if (ssl_convert_sslv2_client_hello(s) != 1) {
			SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
			return -1;
		}

		return 1;
	}

	/* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
	if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return -1;
	}
	data = (const char *)CBS_data(&header);

	/* Is this a cleartext protocol? */
	if (strncmp("GET ", data, 4) == 0 ||
	    strncmp("POST ", data, 5) == 0 ||
	    strncmp("HEAD ", data, 5) == 0 ||
	    strncmp("PUT ", data, 4) == 0) {
		SSLerror(s, SSL_R_HTTP_REQUEST);
		return -1;
	}
	if (strncmp("CONNE", data, 5) == 0) {
		SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST);
		return -1;
	}

	SSLerror(s, SSL_R_UNKNOWN_PROTOCOL);

	return -1;
}
Added jni/libressl/ssl/ssl_pkt.c.




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <errno.h>
#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>

#include "bytestring.h"

static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
    unsigned int len, int create_empty_fragment);
static int ssl3_get_record(SSL *s);

/*
 * Force a WANT_READ return for certain error conditions where
 * we don't want to spin internally.
 */
static void
ssl_force_want_read(SSL *s)
{
	BIO * bio;

	bio = SSL_get_rbio(s);
	BIO_clear_retry_flags(bio);
	BIO_set_retry_read(bio);
	s->internal->rwstate = SSL_READING;
}

/*
 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
 * packet by another n bytes.
 * The packet will be in the sub-array of s->s3->rbuf.buf specified
 * by s->internal->packet and s->internal->packet_length.
 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
 * [plus s->internal->packet_length bytes if extend == 1].)
 */
static int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
	int i, len, left;
	size_t align;
	unsigned char *pkt;
	SSL3_BUFFER *rb;

	if (n <= 0)
		return n;

	rb = &(s->s3->rbuf);
	if (rb->buf == NULL)
		if (!ssl3_setup_read_buffer(s))
			return -1;

	left = rb->left;
	align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);

	if (!extend) {
		/* start with empty packet ... */
		if (left == 0)
			rb->offset = align;
		else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
			/* check if next packet length is large
			 * enough to justify payload alignment... */
			pkt = rb->buf + rb->offset;
			if (pkt[0] == SSL3_RT_APPLICATION_DATA &&
			    (pkt[3]<<8|pkt[4]) >= 128) {
				/* Note that even if packet is corrupted
				 * and its length field is insane, we can
				 * only be led to wrong decision about
				 * whether memmove will occur or not.
				 * Header values has no effect on memmove
				 * arguments and therefore no buffer
				 * overrun can be triggered. */
				memmove(rb->buf + align, pkt, left);
				rb->offset = align;
			}
		}
		s->internal->packet = rb->buf + rb->offset;
		s->internal->packet_length = 0;
		/* ... now we can act as if 'extend' was set */
	}

	/* For DTLS/UDP reads should not span multiple packets
	 * because the read operation returns the whole packet
	 * at once (as long as it fits into the buffer). */
	if (SSL_IS_DTLS(s)) {
		if (left > 0 && n > left)
			n = left;
	}

	/* if there is enough in the buffer from a previous read, take some */
	if (left >= n) {
		s->internal->packet_length += n;
		rb->left = left - n;
		rb->offset += n;
		return (n);
	}

	/* else we need to read more data */

	len = s->internal->packet_length;
	pkt = rb->buf + align;
	/* Move any available bytes to front of buffer:
	 * 'len' bytes already pointed to by 'packet',
	 * 'left' extra ones at the end */
	if (s->internal->packet != pkt)  {
		/* len > 0 */
		memmove(pkt, s->internal->packet, len + left);
		s->internal->packet = pkt;
		rb->offset = len + align;
	}

	if (n > (int)(rb->len - rb->offset)) {
		/* does not happen */
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	if (!s->internal->read_ahead) {
		/* ignore max parameter */
		max = n;
	} else {
		if (max < n)
			max = n;
		if (max > (int)(rb->len - rb->offset))
			max = rb->len - rb->offset;
	}

	while (left < n) {
		/* Now we have len+left bytes at the front of s->s3->rbuf.buf
		 * and need to read in more until we have len+n (up to
		 * len+max if possible) */

		errno = 0;
		if (s->rbio != NULL) {
			s->internal->rwstate = SSL_READING;
			i = BIO_read(s->rbio, pkt + len + left, max - left);
		} else {
			SSLerror(s, SSL_R_READ_BIO_NOT_SET);
			i = -1;
		}

		if (i <= 0) {
			rb->left = left;
			if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
			    !SSL_IS_DTLS(s)) {
				if (len + left == 0)
					ssl3_release_read_buffer(s);
			}
			return (i);
		}
		left += i;

		/*
		 * reads should *never* span multiple packets for DTLS because
		 * the underlying transport protocol is message oriented as
		 * opposed to byte oriented as in the TLS case.
		 */
		if (SSL_IS_DTLS(s)) {
			if (n > left)
				n = left; /* makes the while condition false */
		}
	}

	/* done reading, now the book-keeping */
	rb->offset += n;
	rb->left = left - n;
	s->internal->packet_length += n;
	s->internal->rwstate = SSL_NOTHING;

	return (n);
}

int
ssl3_packet_read(SSL *s, int plen)
{
	int n;

	n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
	if (n <= 0)
		return n;
	if (s->internal->packet_length < plen)
		return s->internal->packet_length;

	return plen;
}

int
ssl3_packet_extend(SSL *s, int plen)
{
	int rlen, n;

	if (s->internal->packet_length >= plen)
		return plen;
	rlen = plen - s->internal->packet_length;

	n = ssl3_read_n(s, rlen, rlen, 1);
	if (n <= 0)
		return n;
	if (s->internal->packet_length < plen)
		return s->internal->packet_length;

	return plen;
}

/* Call this to get a new input record.
 * It will return <= 0 if more data is needed, normally due to an error
 * or non-blocking IO.
 * When it finishes, one packet has been decoded and can be found in
 * ssl->s3->internal->rrec.type    - is the type of record
 * ssl->s3->internal->rrec.data, 	 - data
 * ssl->s3->internal->rrec.length, - number of bytes
 */
/* used only by ssl3_read_bytes */
static int
ssl3_get_record(SSL *s)
{
	int al;
	int enc_err, n, i, ret = -1;
	SSL3_RECORD *rr;
	SSL_SESSION *sess;
	unsigned char md[EVP_MAX_MD_SIZE];
	unsigned mac_size, orig_len;

	rr = &(S3I(s)->rrec);
	sess = s->session;

 again:
	/* check if we have the header */
	if ((s->internal->rstate != SSL_ST_READ_BODY) ||
	    (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) {
		CBS header;
		uint16_t len, ssl_version;
		uint8_t type;

		n = ssl3_packet_read(s, SSL3_RT_HEADER_LENGTH);
		if (n <= 0)
			return (n);

		s->internal->mac_packet = 1;
		s->internal->rstate = SSL_ST_READ_BODY;

		if (s->server && s->internal->first_packet) {
			if ((ret = ssl_server_legacy_first_packet(s)) != 1)
				return (ret);
			ret = -1;
		}

		CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH);

		/* Pull apart the header into the SSL3_RECORD */
		if (!CBS_get_u8(&header, &type) ||
		    !CBS_get_u16(&header, &ssl_version) ||
		    !CBS_get_u16(&header, &len)) {
			SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
			goto err;
		}

		rr->type = type;
		rr->length = len;

		/* Lets check version */
		if (!s->internal->first_packet && ssl_version != s->version) {
			SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
			if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
			    !s->internal->enc_write_ctx && !s->internal->write_hash)
				/* Send back error using their minor version number :-) */
				s->version = ssl_version;
			al = SSL_AD_PROTOCOL_VERSION;
			goto f_err;
		}

		if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
			SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
			goto err;
		}

		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
			al = SSL_AD_RECORD_OVERFLOW;
			SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
			goto f_err;
		}

		/* now s->internal->rstate == SSL_ST_READ_BODY */
	}

	/* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */

	n = ssl3_packet_extend(s, SSL3_RT_HEADER_LENGTH + rr->length);
	if (n <= 0)
		return (n);
	if (n != SSL3_RT_HEADER_LENGTH + rr->length)
		return (n);

	s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */

	/* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
	 * and we have that many bytes in s->internal->packet
	 */
	rr->input = &(s->internal->packet[SSL3_RT_HEADER_LENGTH]);

	/* ok, we can now read from 's->internal->packet' data into 'rr'
	 * rr->input points at rr->length bytes, which
	 * need to be copied into rr->data by either
	 * the decryption or by the decompression
	 * When the data is 'copied' into the rr->data buffer,
	 * rr->input will be pointed at the new buffer */

	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
	 * rr->length bytes of encrypted compressed stuff. */

	/* check is not needed I believe */
	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
		goto f_err;
	}

	/* decrypt in place in 'rr->input' */
	rr->data = rr->input;

	enc_err = s->method->internal->ssl3_enc->enc(s, 0);
	/* enc_err is:
	 *    0: (in non-constant time) if the record is publically invalid.
	 *    1: if the padding is valid
	 *    -1: if the padding is invalid */
	if (enc_err == 0) {
		al = SSL_AD_DECRYPTION_FAILED;
		SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
		goto f_err;
	}


	/* r->length is now the compressed data plus mac */
	if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
	    (EVP_MD_CTX_md(s->read_hash) != NULL)) {
		/* s->read_hash != NULL => mac_size != -1 */
		unsigned char *mac = NULL;
		unsigned char mac_tmp[EVP_MAX_MD_SIZE];

		mac_size = EVP_MD_CTX_size(s->read_hash);
		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);

		/* kludge: *_cbc_remove_padding passes padding length in rr->type */
		orig_len = rr->length + ((unsigned int)rr->type >> 8);

		/* orig_len is the length of the record before any padding was
		 * removed. This is public information, as is the MAC in use,
		 * therefore we can safely process the record in a different
		 * amount of time if it's too short to possibly contain a MAC.
		 */
		if (orig_len < mac_size ||
			/* CBC records must have a padding length byte too. */
		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
		    orig_len < mac_size + 1)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
			goto f_err;
		}

		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
			/* We update the length so that the TLS header bytes
			 * can be constructed correctly but we need to extract
			 * the MAC in constant time from within the record,
			 * without leaking the contents of the padding bytes.
			 * */
			mac = mac_tmp;
			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
			rr->length -= mac_size;
		} else {
			/* In this case there's no padding, so |orig_len|
			 * equals |rec->length| and we checked that there's
			 * enough bytes for |mac_size| above. */
			rr->length -= mac_size;
			mac = &rr->data[rr->length];
		}

		i = tls1_mac(s,md,0 /* not send */);
		if (i < 0 || mac == NULL ||
		    timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
			enc_err = -1;
		if (rr->length >
		    SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
			enc_err = -1;
	}

	if (enc_err < 0) {
		/*
		 * A separate 'decryption_failed' alert was introduced with
		 * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a
		 * decryption failure is directly visible from the ciphertext
		 * anyway, we should not reveal which kind of error
		 * occurred -- this might become visible to an attacker
		 * (e.g. via a logfile)
		 */
		al = SSL_AD_BAD_RECORD_MAC;
		SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
		goto f_err;
	}

	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
		al = SSL_AD_RECORD_OVERFLOW;
		SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
		goto f_err;
	}

	rr->off = 0;
	/*
	 * So at this point the following is true
	 *
	 * ssl->s3->internal->rrec.type 	is the type of record
	 * ssl->s3->internal->rrec.length	== number of bytes in record
	 * ssl->s3->internal->rrec.off	== offset to first valid byte
	 * ssl->s3->internal->rrec.data	== where to take bytes from, increment
	 *			   after use :-).
	 */

	/* we have pulled in a full packet so zero things */
	s->internal->packet_length = 0;

	if (rr->length == 0) {
		/*
		 * CBC countermeasures for known IV weaknesses
		 * can legitimately insert a single empty record,
		 * so we allow ourselves to read once past a single
		 * empty record without forcing want_read.
		 */
		if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
			SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
			return -1;
		}
		if (s->internal->empty_record_count > 1) {
			ssl_force_want_read(s);
			return -1;
		}
		goto again;
	} else {
		s->internal->empty_record_count = 0;
	}

	return (1);

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (ret);
}

/* Call this to write data in records of type 'type'
 * It will return <= 0 if not all data has been sent or non-blocking IO.
 */
int
ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
{
	const unsigned char *buf = buf_;
	unsigned int tot, n, nw;
	int i;

	if (len < 0) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	s->internal->rwstate = SSL_NOTHING;
	tot = S3I(s)->wnum;
	S3I(s)->wnum = 0;

	if (SSL_in_init(s) && !s->internal->in_handshake) {
		i = s->internal->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
			return -1;
		}
	}

	if (len < tot)
		len = tot;
	n = (len - tot);
	for (;;) {
		if (n > s->max_send_fragment)
			nw = s->max_send_fragment;
		else
			nw = n;

		i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
		if (i <= 0) {
			S3I(s)->wnum = tot;
			return i;
		}

		if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
		    (s->internal->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
			/*
			 * Next chunk of data should get another prepended
			 * empty fragment in ciphersuites with known-IV
			 * weakness.
			 */
			S3I(s)->empty_fragment_done = 0;

			return tot + i;
		}

		n -= i;
		tot += i;
	}
}

static int
do_ssl3_write(SSL *s, int type, const unsigned char *buf,
    unsigned int len, int create_empty_fragment)
{
	unsigned char *p, *plen;
	int i, mac_size, clear = 0;
	int prefix_len = 0;
	int eivlen;
	size_t align;
	SSL3_RECORD *wr;
	SSL3_BUFFER *wb = &(s->s3->wbuf);
	SSL_SESSION *sess;

	if (wb->buf == NULL)
		if (!ssl3_setup_write_buffer(s))
			return -1;

	/* first check if there is a SSL3_BUFFER still being written
	 * out.  This will happen with non blocking IO */
	if (wb->left != 0)
		return (ssl3_write_pending(s, type, buf, len));

	/* If we have an alert to send, lets send it */
	if (s->s3->alert_dispatch) {
		i = s->method->ssl_dispatch_alert(s);
		if (i <= 0)
			return (i);
		/* if it went, fall through and send more stuff */
		/* we may have released our buffer, so get it again */
		if (wb->buf == NULL)
			if (!ssl3_setup_write_buffer(s))
				return -1;
	}

	if (len == 0 && !create_empty_fragment)
		return 0;

	wr = &(S3I(s)->wrec);
	sess = s->session;

	if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
	    (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) {
		clear = s->internal->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
		mac_size = 0;
	} else {
		mac_size = EVP_MD_CTX_size(s->internal->write_hash);
		if (mac_size < 0)
			goto err;
	}

	/*
	 * 'create_empty_fragment' is true only when this function calls
	 * itself.
	 */
	if (!clear && !create_empty_fragment && !S3I(s)->empty_fragment_done) {
		/*
		 * Countermeasure against known-IV weakness in CBC ciphersuites
		 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
		 */
		if (S3I(s)->need_empty_fragments &&
		    type == SSL3_RT_APPLICATION_DATA) {
			/* recursive function call with 'create_empty_fragment' set;
			 * this prepares and buffers the data for an empty fragment
			 * (these 'prefix_len' bytes are sent out later
			 * together with the actual payload) */
			prefix_len = do_ssl3_write(s, type, buf, 0, 1);
			if (prefix_len <= 0)
				goto err;

			if (prefix_len >
				(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
				/* insufficient space */
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				goto err;
			}
		}

		S3I(s)->empty_fragment_done = 1;
	}

	if (create_empty_fragment) {
		/* extra fragment would be couple of cipher blocks,
		 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
		 * if we want to align the real payload, then we can
		 * just pretent we simply have two headers. */
		align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
		align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);

		p = wb->buf + align;
		wb->offset = align;
	} else if (prefix_len) {
		p = wb->buf + wb->offset + prefix_len;
	} else {
		align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
		align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);

		p = wb->buf + align;
		wb->offset = align;
	}

	/* write the header */

	*(p++) = type&0xff;
	wr->type = type;

	*(p++) = (s->version >> 8);
	/* Some servers hang if iniatial client hello is larger than 256
	 * bytes and record version number > TLS 1.0
	 */
	if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
	    TLS1_get_version(s) > TLS1_VERSION)
		*(p++) = 0x1;
	else
		*(p++) = s->version&0xff;

	/* field where we are to write out packet length */
	plen = p;
	p += 2;

	/* Explicit IV length. */
	if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
		int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
		if (mode == EVP_CIPH_CBC_MODE) {
			eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx);
			if (eivlen <= 1)
				eivlen = 0;
		}
		/* Need explicit part of IV for GCM mode */
		else if (mode == EVP_CIPH_GCM_MODE)
			eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
		else
			eivlen = 0;
	} else if (s->internal->aead_write_ctx != NULL &&
	    s->internal->aead_write_ctx->variable_nonce_in_record) {
		eivlen = s->internal->aead_write_ctx->variable_nonce_len;
	} else
		eivlen = 0;

	/* lets setup the record stuff. */
	wr->data = p + eivlen;
	wr->length = (int)len;
	wr->input = (unsigned char *)buf;

	/* we now 'read' from wr->input, wr->length bytes into wr->data */

	memcpy(wr->data, wr->input, wr->length);
	wr->input = wr->data;

	/* we should still have the output to wr->data and the input
	 * from wr->input.  Length should be wr->length.
	 * wr->data still points in the wb->buf */

	if (mac_size != 0) {
		if (tls1_mac(s,
		    &(p[wr->length + eivlen]), 1) < 0)
			goto err;
		wr->length += mac_size;
	}

	wr->input = p;
	wr->data = p;

	if (eivlen) {
		/* if (RAND_pseudo_bytes(p, eivlen) <= 0)
			goto err;
		*/
		wr->length += eivlen;
	}

	/* ssl3_enc can only have an error on read */
	s->method->internal->ssl3_enc->enc(s, 1);

	/* record length after mac and block padding */
	s2n(wr->length, plen);

	/* we should now have
	 * wr->data pointing to the encrypted data, which is
	 * wr->length long */
	wr->type=type; /* not needed but helps for debugging */
	wr->length += SSL3_RT_HEADER_LENGTH;

	if (create_empty_fragment) {
		/* we are in a recursive call;
		 * just return the length, don't write out anything here
		 */
		return wr->length;
	}

	/* now let's set up wb */
	wb->left = prefix_len + wr->length;

	/* memorize arguments so that ssl3_write_pending can detect
	 * bad write retries later */
	S3I(s)->wpend_tot = len;
	S3I(s)->wpend_buf = buf;
	S3I(s)->wpend_type = type;
	S3I(s)->wpend_ret = len;

	/* we now just need to write the buffer */
	return ssl3_write_pending(s, type, buf, len);
err:
	return -1;
}

/* if s->s3->wbuf.left != 0, we need to call this */
int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
	int i;
	SSL3_BUFFER *wb = &(s->s3->wbuf);

	/* XXXX */
	if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
	    !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
	    (S3I(s)->wpend_type != type)) {
		SSLerror(s, SSL_R_BAD_WRITE_RETRY);
		return (-1);
	}

	for (;;) {
		errno = 0;
		if (s->wbio != NULL) {
			s->internal->rwstate = SSL_WRITING;
			i = BIO_write(s->wbio,
			(char *)&(wb->buf[wb->offset]),
			(unsigned int)wb->left);
		} else {
			SSLerror(s, SSL_R_BIO_NOT_SET);
			i = -1;
		}
		if (i == wb->left) {
			wb->left = 0;
			wb->offset += i;
			if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
			    !SSL_IS_DTLS(s))
				ssl3_release_write_buffer(s);
			s->internal->rwstate = SSL_NOTHING;
			return (S3I(s)->wpend_ret);
		} else if (i <= 0) {
			/*
			 * For DTLS, just drop it. That's kind of the
			 * whole point in using a datagram service.
			 */
			if (SSL_IS_DTLS(s))
				wb->left = 0;
			return (i);
		}
		wb->offset += i;
		wb->left -= i;
	}
}

/* Return up to 'len' payload bytes received in 'type' records.
 * 'type' is one of the following:
 *
 *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
 *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
 *   -  0 (during a shutdown, no data has to be returned)
 *
 * If we don't have stored data to work from, read a SSL/TLS record first
 * (possibly multiple records if we still don't have anything to return).
 *
 * This function must handle any surprises the peer may have for us, such as
 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
 * a surprise, but handled as if it were), or renegotiation requests.
 * Also if record payloads contain fragments too small to process, we store
 * them until there is enough for the respective protocol (the record protocol
 * may use arbitrary fragmentation and even interleaving):
 *     Change cipher spec protocol
 *             just 1 byte needed, no need for keeping anything stored
 *     Alert protocol
 *             2 bytes needed (AlertLevel, AlertDescription)
 *     Handshake protocol
 *             4 bytes needed (HandshakeType, uint24 length) -- we just have
 *             to detect unexpected Client Hello and Hello Request messages
 *             here, anything else is handled by higher layers
 *     Application data protocol
 *             none of our business
 */
int
ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
	void (*cb)(const SSL *ssl, int type2, int val) = NULL;
	int al, i, j, ret, rrcount = 0;
	unsigned int n;
	SSL3_RECORD *rr;

	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
		if (!ssl3_setup_read_buffer(s))
			return (-1);

	if (len < 0) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	if ((type && type != SSL3_RT_APPLICATION_DATA &&
	    type != SSL3_RT_HANDSHAKE) ||
	    (peek && (type != SSL3_RT_APPLICATION_DATA))) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return -1;
	}

	if ((type == SSL3_RT_HANDSHAKE) &&
	    (S3I(s)->handshake_fragment_len > 0)) {
		/* (partially) satisfy request from storage */
		unsigned char *src = S3I(s)->handshake_fragment;
		unsigned char *dst = buf;
		unsigned int k;

		/* peek == 0 */
		n = 0;
		while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) {
			*dst++ = *src++;
			len--;
			S3I(s)->handshake_fragment_len--;
			n++;
		}
		/* move any remaining fragment bytes: */
		for (k = 0; k < S3I(s)->handshake_fragment_len; k++)
			S3I(s)->handshake_fragment[k] = *src++;
		return n;
	}

	/*
	 * Now S3I(s)->handshake_fragment_len == 0 if
	 * type == SSL3_RT_HANDSHAKE.
	 */
	if (!s->internal->in_handshake && SSL_in_init(s)) {
		/* type == SSL3_RT_APPLICATION_DATA */
		i = s->internal->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}
	}

start:
	/*
	 * Do not process more than three consecutive records, otherwise the
	 * peer can cause us to loop indefinitely. Instead, return with an
	 * SSL_ERROR_WANT_READ so the caller can choose when to handle further
	 * processing. In the future, the total number of non-handshake and
	 * non-application data records per connection should probably also be
	 * limited...
	 */
	if (rrcount++ >= 3) {
		ssl_force_want_read(s);
		return -1;
	}

	s->internal->rwstate = SSL_NOTHING;

	/*
	 * S3I(s)->rrec.type	    - is the type of record
	 * S3I(s)->rrec.data,    - data
	 * S3I(s)->rrec.off,     - offset into 'data' for next read
	 * S3I(s)->rrec.length,  - number of bytes.
	 */
	rr = &(S3I(s)->rrec);

	/* get new packet if necessary */
	if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
		ret = ssl3_get_record(s);
		if (ret <= 0)
			return (ret);
	}

	/* we now have a packet which can be read and processed */

	if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
	                               * reset by ssl3_get_finished */
	    && (rr->type != SSL3_RT_HANDSHAKE)) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
		goto f_err;
	}

	/* If the other end has shut down, throw anything we read away
	 * (even in 'peek' mode) */
	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
		rr->length = 0;
		s->internal->rwstate = SSL_NOTHING;
		return (0);
	}


	/* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
	if (type == rr->type) {
		/* make sure that we are not getting application data when we
		 * are doing a handshake for the first time */
		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
			(s->enc_read_ctx == NULL)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
			goto f_err;
		}

		if (len <= 0)
			return (len);

		if ((unsigned int)len > rr->length)
			n = rr->length;
		else
			n = (unsigned int)len;

		memcpy(buf, &(rr->data[rr->off]), n);
		if (!peek) {
			memset(&(rr->data[rr->off]), 0, n);
			rr->length -= n;
			rr->off += n;
			if (rr->length == 0) {
				s->internal->rstate = SSL_ST_READ_HEADER;
				rr->off = 0;
				if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
				    s->s3->rbuf.left == 0)
					ssl3_release_read_buffer(s);
			}
		}
		return (n);
	}


	/* If we get here, then type != rr->type; if we have a handshake
	 * message, then it was unexpected (Hello Request or Client Hello). */

	{
		/*
		 * In case of record types for which we have 'fragment'
		 * storage, * fill that so that we can process the data
		 * at a fixed place.
		 */
		unsigned int dest_maxlen = 0;
		unsigned char *dest = NULL;
		unsigned int *dest_len = NULL;

		if (rr->type == SSL3_RT_HANDSHAKE) {
			dest_maxlen = sizeof S3I(s)->handshake_fragment;
			dest = S3I(s)->handshake_fragment;
			dest_len = &S3I(s)->handshake_fragment_len;
		} else if (rr->type == SSL3_RT_ALERT) {
			dest_maxlen = sizeof S3I(s)->alert_fragment;
			dest = S3I(s)->alert_fragment;
			dest_len = &S3I(s)->alert_fragment_len;
		}
		if (dest_maxlen > 0) {
			/* available space in 'dest' */
			n = dest_maxlen - *dest_len;
			if (rr->length < n)
				n = rr->length; /* available bytes */

			/* now move 'n' bytes: */
			while (n-- > 0) {
				dest[(*dest_len)++] = rr->data[rr->off++];
				rr->length--;
			}

			if (*dest_len < dest_maxlen)
				goto start; /* fragment was too small */
		}
	}

	/* S3I(s)->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
	 * S3I(s)->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */

	/* If we are a client, check for an incoming 'Hello Request': */
	if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) &&
	    (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
	    (s->session != NULL) && (s->session->cipher != NULL)) {
		S3I(s)->handshake_fragment_len = 0;

		if ((S3I(s)->handshake_fragment[1] != 0) ||
		    (S3I(s)->handshake_fragment[2] != 0) ||
		    (S3I(s)->handshake_fragment[3] != 0)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
			goto f_err;
		}

		if (s->internal->msg_callback)
			s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
			    S3I(s)->handshake_fragment, 4, s,
			    s->internal->msg_callback_arg);

		if (SSL_is_init_finished(s) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
		    !S3I(s)->renegotiate) {
			ssl3_renegotiate(s);
			if (ssl3_renegotiate_check(s)) {
				i = s->internal->handshake_func(s);
				if (i < 0)
					return (i);
				if (i == 0) {
					SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
					return (-1);
				}

				if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
					if (s->s3->rbuf.left == 0) {
						/* no read-ahead left? */
			/* In the case where we try to read application data,
			 * but we trigger an SSL handshake, we return -1 with
			 * the retry option set.  Otherwise renegotiation may
			 * cause nasty problems in the blocking world */
						ssl_force_want_read(s);
						return (-1);
					}
				}
			}
		}
		/* we either finished a handshake or ignored the request,
		 * now try again to obtain the (application) data we were asked for */
		goto start;
	}
	/* Disallow client initiated renegotiation if configured. */
	if (s->server && SSL_is_init_finished(s) &&
	    S3I(s)->handshake_fragment_len >= 4 &&
	    S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
	    (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
		al = SSL_AD_NO_RENEGOTIATION;
		goto f_err;
	}
	/* If we are a server and get a client hello when renegotiation isn't
	 * allowed send back a no renegotiation alert and carry on.
	 * WARNING: experimental code, needs reviewing (steve)
	 */
	if (s->server &&
	    SSL_is_init_finished(s) &&
	    !S3I(s)->send_connection_binding &&
	    (S3I(s)->handshake_fragment_len >= 4) &&
	    (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
	    (s->session != NULL) && (s->session->cipher != NULL)) {
		/*S3I(s)->handshake_fragment_len = 0;*/
		rr->length = 0;
		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
		goto start;
	}
	if (S3I(s)->alert_fragment_len >= 2) {
		int alert_level = S3I(s)->alert_fragment[0];
		int alert_descr = S3I(s)->alert_fragment[1];

		S3I(s)->alert_fragment_len = 0;

		if (s->internal->msg_callback)
			s->internal->msg_callback(0, s->version, SSL3_RT_ALERT,
			    S3I(s)->alert_fragment, 2, s, s->internal->msg_callback_arg);

		if (s->internal->info_callback != NULL)
			cb = s->internal->info_callback;
		else if (s->ctx->internal->info_callback != NULL)
			cb = s->ctx->internal->info_callback;

		if (cb != NULL) {
			j = (alert_level << 8) | alert_descr;
			cb(s, SSL_CB_READ_ALERT, j);
		}

		if (alert_level == SSL3_AL_WARNING) {
			S3I(s)->warn_alert = alert_descr;
			if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
				s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
				return (0);
			}
			/* This is a warning but we receive it if we requested
			 * renegotiation and the peer denied it. Terminate with
			 * a fatal alert because if application tried to
			 * renegotiatie it presumably had a good reason and
			 * expects it to succeed.
			 *
			 * In future we might have a renegotiation where we
			 * don't care if the peer refused it where we carry on.
			 */
			else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerror(s, SSL_R_NO_RENEGOTIATION);
				goto f_err;
			}
		} else if (alert_level == SSL3_AL_FATAL) {
			s->internal->rwstate = SSL_NOTHING;
			S3I(s)->fatal_alert = alert_descr;
			SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
			ERR_asprintf_error_data("SSL alert number %d",
			    alert_descr);
			s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
			SSL_CTX_remove_session(s->ctx, s->session);
			return (0);
		} else {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
			goto f_err;
		}

		goto start;
	}

	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
		/* but we have not received a shutdown */
		s->internal->rwstate = SSL_NOTHING;
		rr->length = 0;
		return (0);
	}

	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
		/* 'Change Cipher Spec' is just a single byte, so we know
		 * exactly what the record payload has to look like */
		if ((rr->length != 1) || (rr->off != 0) ||
			(rr->data[0] != SSL3_MT_CCS)) {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
			goto f_err;
		}

		/* Check we have a cipher to change to */
		if (S3I(s)->tmp.new_cipher == NULL) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
			goto f_err;
		}

		/* Check that we should be receiving a Change Cipher Spec. */
		if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
			goto f_err;
		}
		s->s3->flags &= ~SSL3_FLAGS_CCS_OK;

		rr->length = 0;

		if (s->internal->msg_callback) {
			s->internal->msg_callback(0, s->version,
			    SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s,
			    s->internal->msg_callback_arg);
		}

		S3I(s)->change_cipher_spec = 1;
		if (!ssl3_do_change_cipher_spec(s))
			goto err;
		else
			goto start;
	}

	/* Unexpected handshake message (Client Hello, or protocol violation) */
	if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
		if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
		    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
			s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
			s->internal->renegotiate = 1;
			s->internal->new_session = 1;
		}
		i = s->internal->handshake_func(s);
		if (i < 0)
			return (i);
		if (i == 0) {
			SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
			return (-1);
		}

		if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
			if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
				/* In the case where we try to read application data,
				 * but we trigger an SSL handshake, we return -1 with
				 * the retry option set.  Otherwise renegotiation may
				 * cause nasty problems in the blocking world */
				ssl_force_want_read(s);
				return (-1);
			}
		}
		goto start;
	}

	switch (rr->type) {
	default:
		/*
		 * TLS up to v1.1 just ignores unknown message types:
		 * TLS v1.2 give an unexpected message alert.
		 */
		if (s->version >= TLS1_VERSION &&
		    s->version <= TLS1_1_VERSION) {
			rr->length = 0;
			goto start;
		}
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_UNEXPECTED_RECORD);
		goto f_err;
	case SSL3_RT_CHANGE_CIPHER_SPEC:
	case SSL3_RT_ALERT:
	case SSL3_RT_HANDSHAKE:
		/* we already handled all of these, with the possible exception
		 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
		 * should not happen when type != rr->type */
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto f_err;
	case SSL3_RT_APPLICATION_DATA:
		/* At this point, we were expecting handshake data,
		 * but have application data.  If the library was
		 * running inside ssl3_read() (i.e. in_read_app_data
		 * is set) and it makes sense to read application data
		 * at this point (session renegotiation not yet started),
		 * we will indulge it.
		 */
		if (S3I(s)->in_read_app_data &&
		    (S3I(s)->total_renegotiations != 0) &&
		    (((s->internal->state & SSL_ST_CONNECT) &&
		    (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
		    (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
		    ((s->internal->state & SSL_ST_ACCEPT) &&
		    (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
		    (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
			S3I(s)->in_read_app_data = 2;
			return (-1);
		} else {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_UNEXPECTED_RECORD);
			goto f_err;
		}
	}
	/* not reached */

f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

int
ssl3_do_change_cipher_spec(SSL *s)
{
	int i;
	const char *sender;
	int slen;

	if (s->internal->state & SSL_ST_ACCEPT)
		i = SSL3_CHANGE_CIPHER_SERVER_READ;
	else
		i = SSL3_CHANGE_CIPHER_CLIENT_READ;

	if (S3I(s)->tmp.key_block == NULL) {
		if (s->session == NULL || s->session->master_key_length == 0) {
			/* might happen if dtls1_read_bytes() calls this */
			SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
			return (0);
		}

		s->session->cipher = S3I(s)->tmp.new_cipher;
		if (!tls1_setup_key_block(s))
			return (0);
	}

	if (!tls1_change_cipher_state(s, i))
		return (0);

	/* we have to record the message digest at
	 * this point so we can get it before we read
	 * the finished message */
	if (s->internal->state & SSL_ST_CONNECT) {
		sender = TLS_MD_SERVER_FINISH_CONST;
		slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
	} else {
		sender = TLS_MD_CLIENT_FINISH_CONST;
		slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
	}

	i = tls1_final_finish_mac(s, sender, slen,
	    S3I(s)->tmp.peer_finish_md);
	if (i == 0) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		return 0;
	}
	S3I(s)->tmp.peer_finish_md_len = i;

	return (1);
}

int
ssl3_send_alert(SSL *s, int level, int desc)
{
	/* Map tls/ssl alert value to correct one */
	desc = tls1_alert_code(desc);
	if (desc < 0)
		return -1;
	/* If a fatal one, remove from cache */
	if ((level == 2) && (s->session != NULL))
		SSL_CTX_remove_session(s->ctx, s->session);

	s->s3->alert_dispatch = 1;
	s->s3->send_alert[0] = level;
	s->s3->send_alert[1] = desc;
	if (s->s3->wbuf.left == 0) /* data still being written out? */
		return s->method->ssl_dispatch_alert(s);

	/* else data is still being written out, we will get written
	 * some time in the future */
	return -1;
}

int
ssl3_dispatch_alert(SSL *s)
{
	int i, j;
	void (*cb)(const SSL *ssl, int type, int val) = NULL;

	s->s3->alert_dispatch = 0;
	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
	if (i <= 0) {
		s->s3->alert_dispatch = 1;
	} else {
		/* Alert sent to BIO.  If it is important, flush it now.
		 * If the message does not get sent due to non-blocking IO,
		 * we will not worry too much. */
		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
			(void)BIO_flush(s->wbio);

		if (s->internal->msg_callback)
			s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
			    s->s3->send_alert, 2, s, s->internal->msg_callback_arg);

		if (s->internal->info_callback != NULL)
			cb = s->internal->info_callback;
		else if (s->ctx->internal->info_callback != NULL)
			cb = s->ctx->internal->info_callback;

		if (cb != NULL) {
			j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
			cb(s, SSL_CB_WRITE_ALERT, j);
		}
	}
	return (i);
}
Changes to jni/libressl/ssl/ssl_rsa.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_rsa.c,v 1.28 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *);

int
SSL_use_certificate(SSL *ssl, X509 *x)
{
	if (x == NULL) {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ssl->cert)) {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	return (ssl_set_cert(ssl->cert, x));
}

int
SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
	int j;
	BIO *in;
	int ret = 0;
	X509 *x = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		x = d2i_X509_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		x = PEM_read_bio_X509(in, NULL,
		    ssl->ctx->default_passwd_callback,
		    ssl->ctx->default_passwd_callback_userdata);
	} else {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}

	if (x == NULL) {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
		goto end;
	}

	ret = SSL_use_certificate(ssl, x);
end:
	X509_free(x);
	BIO_free(in);
	return (ret);
}

int
SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
{
	X509 *x;
	int ret;

	x = d2i_X509(NULL, &d,(long)len);
	if (x == NULL) {
		SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_certificate(ssl, x);
	X509_free(x);
	return (ret);
}

int
SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
{
	EVP_PKEY *pkey;
	int ret;

	if (rsa == NULL) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ssl->cert)) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	if ((pkey = EVP_PKEY_new()) == NULL) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
		return (0);
	}

	RSA_up_ref(rsa);
	EVP_PKEY_assign_RSA(pkey, rsa);

	ret = ssl_set_pkey(ssl->cert, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}

static int
ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
	int i;

	i = ssl_cert_type(NULL, pkey);
	if (i < 0) {
		SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		return (0);
	}

	if (c->pkeys[i].x509 != NULL) {
		EVP_PKEY *pktmp;
		pktmp = X509_get_pubkey(c->pkeys[i].x509);
		EVP_PKEY_copy_parameters(pktmp, pkey);







|



|















|




|











|




|


















|















|



|



|


















|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *);

int
SSL_use_certificate(SSL *ssl, X509 *x)
{
	if (x == NULL) {
		SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ssl->cert)) {
		SSLerror(ssl, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	return (ssl_set_cert(ssl->cert, x));
}

int
SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
	int j;
	BIO *in;
	int ret = 0;
	X509 *x = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerror(ssl, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerror(ssl, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		x = d2i_X509_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		x = PEM_read_bio_X509(in, NULL,
		    ssl->ctx->default_passwd_callback,
		    ssl->ctx->default_passwd_callback_userdata);
	} else {
		SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}

	if (x == NULL) {
		SSLerror(ssl, j);
		goto end;
	}

	ret = SSL_use_certificate(ssl, x);
end:
	X509_free(x);
	BIO_free(in);
	return (ret);
}

int
SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
{
	X509 *x;
	int ret;

	x = d2i_X509(NULL, &d,(long)len);
	if (x == NULL) {
		SSLerror(ssl, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_certificate(ssl, x);
	X509_free(x);
	return (ret);
}

int
SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
{
	EVP_PKEY *pkey;
	int ret;

	if (rsa == NULL) {
		SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ssl->cert)) {
		SSLerror(ssl, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	if ((pkey = EVP_PKEY_new()) == NULL) {
		SSLerror(ssl, ERR_R_EVP_LIB);
		return (0);
	}

	RSA_up_ref(rsa);
	EVP_PKEY_assign_RSA(pkey, rsa);

	ret = ssl_set_pkey(ssl->cert, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}

static int
ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
	int i;

	i = ssl_cert_type(NULL, pkey);
	if (i < 0) {
		SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		return (0);
	}

	if (c->pkeys[i].x509 != NULL) {
		EVP_PKEY *pktmp;
		pktmp = X509_get_pubkey(c->pkeys[i].x509);
		EVP_PKEY_copy_parameters(pktmp, pkey);
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
{
	int j, ret = 0;
	BIO *in;
	RSA *rsa = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		rsa = d2i_RSAPrivateKey_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
		    ssl->ctx->default_passwd_callback,
		    ssl->ctx->default_passwd_callback_userdata);
	} else {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (rsa == NULL) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
		goto end;
	}
	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	RSA_free(rsa);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
{
	int ret;
	const unsigned char *p;
	RSA *rsa;

	p = d;
	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	RSA_free(rsa);
	return (ret);
}

int
SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
	int ret;

	if (pkey == NULL) {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ssl->cert)) {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	ret = ssl_set_pkey(ssl->cert, pkey);
	return (ret);
}

int
SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
{
	int j, ret = 0;
	BIO *in;
	EVP_PKEY *pkey = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		pkey = PEM_read_bio_PrivateKey(in, NULL,
		    ssl->ctx->default_passwd_callback,
		    ssl->ctx->default_passwd_callback_userdata);
	} else if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		pkey = d2i_PrivateKey_bio(in, NULL);
	} else {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (pkey == NULL) {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
		goto end;
	}
	ret = SSL_use_PrivateKey(ssl, pkey);
	EVP_PKEY_free(pkey);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
{
	int ret;
	const unsigned char *p;
	EVP_PKEY *pkey;

	p = d;
	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_PrivateKey(ssl, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}

int
SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
	if (x == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ctx->cert)) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	return (ssl_set_cert(ctx->cert, x));
}

static int
ssl_set_cert(CERT *c, X509 *x)
{
	EVP_PKEY *pkey;
	int i;

	pkey = X509_get_pubkey(x);
	if (pkey == NULL) {
		SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
		return (0);
	}

	i = ssl_cert_type(x, pkey);
	if (i < 0) {
		SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		EVP_PKEY_free(pkey);
		return (0);
	}

	if (c->pkeys[i].privatekey != NULL) {
		EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
		ERR_clear_error();







|




|











|



|


















|














|



|















|




|











|



|


















|












|


|
|


|










|





|







218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
{
	int j, ret = 0;
	BIO *in;
	RSA *rsa = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerror(ssl, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerror(ssl, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		rsa = d2i_RSAPrivateKey_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
		    ssl->ctx->default_passwd_callback,
		    ssl->ctx->default_passwd_callback_userdata);
	} else {
		SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (rsa == NULL) {
		SSLerror(ssl, j);
		goto end;
	}
	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	RSA_free(rsa);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
{
	int ret;
	const unsigned char *p;
	RSA *rsa;

	p = d;
	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
		SSLerror(ssl, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	RSA_free(rsa);
	return (ret);
}

int
SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
	int ret;

	if (pkey == NULL) {
		SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ssl->cert)) {
		SSLerror(ssl, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	ret = ssl_set_pkey(ssl->cert, pkey);
	return (ret);
}

int
SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
{
	int j, ret = 0;
	BIO *in;
	EVP_PKEY *pkey = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerror(ssl, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerror(ssl, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		pkey = PEM_read_bio_PrivateKey(in, NULL,
		    ssl->ctx->default_passwd_callback,
		    ssl->ctx->default_passwd_callback_userdata);
	} else if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		pkey = d2i_PrivateKey_bio(in, NULL);
	} else {
		SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (pkey == NULL) {
		SSLerror(ssl, j);
		goto end;
	}
	ret = SSL_use_PrivateKey(ssl, pkey);
	EVP_PKEY_free(pkey);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
{
	int ret;
	const unsigned char *p;
	EVP_PKEY *pkey;

	p = d;
	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
		SSLerror(ssl, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_PrivateKey(ssl, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}

int
SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
	if (x == NULL) {
		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ctx->internal->cert)) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	return (ssl_set_cert(ctx->internal->cert, x));
}

static int
ssl_set_cert(CERT *c, X509 *x)
{
	EVP_PKEY *pkey;
	int i;

	pkey = X509_get_pubkey(x);
	if (pkey == NULL) {
		SSLerrorx(SSL_R_X509_LIB);
		return (0);
	}

	i = ssl_cert_type(x, pkey);
	if (i < 0) {
		SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		EVP_PKEY_free(pkey);
		return (0);
	}

	if (c->pkeys[i].privatekey != NULL) {
		EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
		ERR_clear_error();
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
	int j;
	BIO *in;
	int ret = 0;
	X509 *x = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		x = d2i_X509_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata);
	} else {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}

	if (x == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
		goto end;
	}

	ret = SSL_CTX_use_certificate(ctx, x);
end:
	X509_free(x);
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
{
	X509 *x;
	int ret;

	x = d2i_X509(NULL, &d,(long)len);
	if (x == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_CTX_use_certificate(ctx, x);
	X509_free(x);
	return (ret);
}

int
SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
{
	int ret;
	EVP_PKEY *pkey;

	if (rsa == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ctx->cert)) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	if ((pkey = EVP_PKEY_new()) == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
		return (0);
	}

	RSA_up_ref(rsa);
	EVP_PKEY_assign_RSA(pkey, rsa);

	ret = ssl_set_pkey(ctx->cert, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}

int
SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
	int j, ret = 0;
	BIO *in;
	RSA *rsa = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		rsa = d2i_RSAPrivateKey_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
		    ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata);
	} else {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (rsa == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
		goto end;
	}
	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	RSA_free(rsa);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
{
	int ret;
	const unsigned char *p;
	RSA *rsa;

	p = d;
	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	RSA_free(rsa);
	return (ret);
}

int
SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
	if (pkey == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
		    ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ctx->cert)) {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	return (ssl_set_pkey(ctx->cert, pkey));
}

int
SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
	int j, ret = 0;
	BIO *in;
	EVP_PKEY *pkey = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		pkey = PEM_read_bio_PrivateKey(in, NULL,
		    ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata);
	} else if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		pkey = d2i_PrivateKey_bio(in, NULL);
	} else {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
		    SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (pkey == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
		goto end;
	}
	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	EVP_PKEY_free(pkey);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
    long len)
{
	int ret;
	const unsigned char *p;
	EVP_PKEY *pkey;

	p = d;
	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}







|




|










|




|


















|















|


|
|



|






|













|




|











|



|


















|












<
|


|
|


|











|




|











<
|



|



















|







423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567

568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603

604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
	int j;
	BIO *in;
	int ret = 0;
	X509 *x = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerrorx(ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerrorx(ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		x = d2i_X509_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata);
	} else {
		SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}

	if (x == NULL) {
		SSLerrorx(j);
		goto end;
	}

	ret = SSL_CTX_use_certificate(ctx, x);
end:
	X509_free(x);
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
{
	X509 *x;
	int ret;

	x = d2i_X509(NULL, &d,(long)len);
	if (x == NULL) {
		SSLerrorx(ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_CTX_use_certificate(ctx, x);
	X509_free(x);
	return (ret);
}

int
SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
{
	int ret;
	EVP_PKEY *pkey;

	if (rsa == NULL) {
		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ctx->internal->cert)) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	if ((pkey = EVP_PKEY_new()) == NULL) {
		SSLerrorx(ERR_R_EVP_LIB);
		return (0);
	}

	RSA_up_ref(rsa);
	EVP_PKEY_assign_RSA(pkey, rsa);

	ret = ssl_set_pkey(ctx->internal->cert, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}

int
SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
	int j, ret = 0;
	BIO *in;
	RSA *rsa = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerrorx(ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerrorx(ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		rsa = d2i_RSAPrivateKey_bio(in, NULL);
	} else if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
		    ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata);
	} else {
		SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (rsa == NULL) {
		SSLerrorx(j);
		goto end;
	}
	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	RSA_free(rsa);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
{
	int ret;
	const unsigned char *p;
	RSA *rsa;

	p = d;
	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
		SSLerrorx(ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	RSA_free(rsa);
	return (ret);
}

int
SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
	if (pkey == NULL) {

		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
		return (0);
	}
	if (!ssl_cert_inst(&ctx->internal->cert)) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (0);
	}
	return (ssl_set_pkey(ctx->internal->cert, pkey));
}

int
SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
	int j, ret = 0;
	BIO *in;
	EVP_PKEY *pkey = NULL;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerrorx(ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerrorx(ERR_R_SYS_LIB);
		goto end;
	}
	if (type == SSL_FILETYPE_PEM) {
		j = ERR_R_PEM_LIB;
		pkey = PEM_read_bio_PrivateKey(in, NULL,
		    ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata);
	} else if (type == SSL_FILETYPE_ASN1) {
		j = ERR_R_ASN1_LIB;
		pkey = d2i_PrivateKey_bio(in, NULL);
	} else {

		SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
		goto end;
	}
	if (pkey == NULL) {
		SSLerrorx(j);
		goto end;
	}
	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	EVP_PKEY_free(pkey);
end:
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
    long len)
{
	int ret;
	const unsigned char *p;
	EVP_PKEY *pkey;

	p = d;
	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
		SSLerrorx(ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
	X509 *x = NULL;

	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */

	x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
	    ctx->default_passwd_callback_userdata);
	if (x == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
		goto end;
	}

	ret = SSL_CTX_use_certificate(ctx, x);

	if (ERR_peek_error() != 0)
		ret = 0;
	/* Key/certificate mismatch doesn't imply ret==0 ... */
	if (ret) {
		/*
		 * If we could set up our certificate, now proceed to
		 * the CA certificates.
		 */
		X509 *ca;
		int r;
		unsigned long err;

		if (ctx->extra_certs != NULL) {
			sk_X509_pop_free(ctx->extra_certs, X509_free);
			ctx->extra_certs = NULL;
		}

		while ((ca = PEM_read_bio_X509(in, NULL,
		    ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata)) != NULL) {
			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
			if (!r) {
				X509_free(ca);







|

















<
|
|
<







647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671

672
673

674
675
676
677
678
679
680
	X509 *x = NULL;

	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */

	x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
	    ctx->default_passwd_callback_userdata);
	if (x == NULL) {
		SSLerrorx(ERR_R_PEM_LIB);
		goto end;
	}

	ret = SSL_CTX_use_certificate(ctx, x);

	if (ERR_peek_error() != 0)
		ret = 0;
	/* Key/certificate mismatch doesn't imply ret==0 ... */
	if (ret) {
		/*
		 * If we could set up our certificate, now proceed to
		 * the CA certificates.
		 */
		X509 *ca;
		int r;
		unsigned long err;


		sk_X509_pop_free(ctx->extra_certs, X509_free);
		ctx->extra_certs = NULL;


		while ((ca = PEM_read_bio_X509(in, NULL,
		    ctx->default_passwd_callback,
		    ctx->default_passwd_callback_userdata)) != NULL) {
			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
			if (!r) {
				X509_free(ca);
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
{
	BIO *in;
	int ret = 0;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
		goto end;
	}

	ret = ssl_ctx_use_certificate_chain_bio(ctx, in);

end:
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
{
	BIO *in;
	int ret = 0;

	in = BIO_new_mem_buf(buf, len);
	if (in == NULL) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
		goto end;
	}

	ret = ssl_ctx_use_certificate_chain_bio(ctx, in);

end:
	BIO_free(in);
	return (ret);
}







|




|


















|









707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
{
	BIO *in;
	int ret = 0;

	in = BIO_new(BIO_s_file_internal());
	if (in == NULL) {
		SSLerrorx(ERR_R_BUF_LIB);
		goto end;
	}

	if (BIO_read_filename(in, file) <= 0) {
		SSLerrorx(ERR_R_SYS_LIB);
		goto end;
	}

	ret = ssl_ctx_use_certificate_chain_bio(ctx, in);

end:
	BIO_free(in);
	return (ret);
}

int
SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
{
	BIO *in;
	int ret = 0;

	in = BIO_new_mem_buf(buf, len);
	if (in == NULL) {
		SSLerrorx(ERR_R_BUF_LIB);
		goto end;
	}

	ret = ssl_ctx_use_certificate_chain_bio(ctx, in);

end:
	BIO_free(in);
	return (ret);
}
Changes to jni/libressl/ssl/ssl_sess.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_sess.c,v 1.70 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202

203



204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
	    argl, argp, new_func, dup_func, free_func);
}

int
SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
{
	return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
}

void *
SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
{
	return (CRYPTO_get_ex_data(&s->ex_data, idx));
}

SSL_SESSION *
SSL_SESSION_new(void)
{
	SSL_SESSION *ss;

	ss = calloc(1, sizeof(SSL_SESSION));

	if (ss == NULL) {



		SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
		return (0);
	}

	ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
	ss->references = 1;
	ss->timeout=60*5+4; /* 5 minute timeout by default */
	ss->time = time(NULL);
	ss->prev = NULL;
	ss->next = NULL;
	ss->tlsext_hostname = NULL;

	ss->tlsext_ecpointformatlist_length = 0;
	ss->tlsext_ecpointformatlist = NULL;
	ss->tlsext_ellipticcurvelist_length = 0;
	ss->tlsext_ellipticcurvelist = NULL;

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);

	return (ss);
}

const unsigned char *
SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{







|





|







|
>
|
>
>
>
|
|






|
|


|
|
|
|

|







181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
	    argl, argp, new_func, dup_func, free_func);
}

int
SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
{
	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
}

void *
SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
{
	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
}

SSL_SESSION *
SSL_SESSION_new(void)
{
	SSL_SESSION *ss;

	if ((ss = calloc(1, sizeof(*ss))) == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}
	if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
		free(ss);
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (NULL);
	}

	ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
	ss->references = 1;
	ss->timeout=60*5+4; /* 5 minute timeout by default */
	ss->time = time(NULL);
	ss->internal->prev = NULL;
	ss->internal->next = NULL;
	ss->tlsext_hostname = NULL;

	ss->internal->tlsext_ecpointformatlist_length = 0;
	ss->internal->tlsext_ecpointformatlist = NULL;
	ss->internal->tlsext_supportedgroups_length = 0;
	ss->internal->tlsext_supportedgroups = NULL;

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);

	return (ss);
}

const unsigned char *
SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
		case TLS1_1_VERSION:
		case TLS1_2_VERSION:
		case DTLS1_VERSION:
			ss->ssl_version = s->version;
			ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
			break;
		default:
			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
			    SSL_R_UNSUPPORTED_SSL_VERSION);
			SSL_SESSION_free(ss);
			return (0);
		}

		/* If RFC4507 ticket use empty session ID. */
		if (s->tlsext_ticket_expected) {
			ss->session_id_length = 0;
			goto sess_id_done;
		}

		/* Choose which callback will set the session ID. */
		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
		if (s->generate_session_id)
			cb = s->generate_session_id;
		else if (s->session_ctx->generate_session_id)
			cb = s->session_ctx->generate_session_id;
		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

		/* Choose a session ID. */
		tmp = ss->session_id_length;
		if (!cb(s, ss->session_id, &tmp)) {
			/* The callback failed */
			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
			SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
			SSL_SESSION_free(ss);
			return (0);
		}

		/*
		 * Don't allow the callback to set the session length to zero.
		 * nor set it higher than it was.
		 */
		if (!tmp || (tmp > ss->session_id_length)) {
			/* The callback set an illegal length */
			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
			SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
			SSL_SESSION_free(ss);
			return (0);
		}
		ss->session_id_length = tmp;

		/* Finally, check for a conflict. */
		if (SSL_has_matching_session_id(s, ss->session_id,
			ss->session_id_length)) {
			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
			SSL_R_SSL_SESSION_ID_CONFLICT);
			SSL_SESSION_free(ss);
			return (0);
		}

sess_id_done:
		if (s->tlsext_hostname) {
			ss->tlsext_hostname = strdup(s->tlsext_hostname);
			if (ss->tlsext_hostname == NULL) {
				SSLerr(SSL_F_SSL_GET_NEW_SESSION,
				    ERR_R_INTERNAL_ERROR);
				SSL_SESSION_free(ss);
				return 0;
			}
		}
	} else {
		ss->session_id_length = 0;
	}

	if (s->sid_ctx_length > sizeof ss->sid_ctx) {
		SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
		SSL_SESSION_free(ss);
		return 0;
	}

	memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
	ss->sid_ctx_length = s->sid_ctx_length;
	s->session = ss;







<
|





|






|
|
|
|






<
|










<
|








<
|








<
|









|







308
309
310
311
312
313
314

315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337

338
339
340
341
342
343
344
345
346
347
348

349
350
351
352
353
354
355
356
357

358
359
360
361
362
363
364
365
366

367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
		case TLS1_1_VERSION:
		case TLS1_2_VERSION:
		case DTLS1_VERSION:
			ss->ssl_version = s->version;
			ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
			break;
		default:

			SSLerror(s, SSL_R_UNSUPPORTED_SSL_VERSION);
			SSL_SESSION_free(ss);
			return (0);
		}

		/* If RFC4507 ticket use empty session ID. */
		if (s->internal->tlsext_ticket_expected) {
			ss->session_id_length = 0;
			goto sess_id_done;
		}

		/* Choose which callback will set the session ID. */
		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
		if (s->internal->generate_session_id)
			cb = s->internal->generate_session_id;
		else if (s->session_ctx->internal->generate_session_id)
			cb = s->session_ctx->internal->generate_session_id;
		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

		/* Choose a session ID. */
		tmp = ss->session_id_length;
		if (!cb(s, ss->session_id, &tmp)) {
			/* The callback failed */

			SSLerror(s, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
			SSL_SESSION_free(ss);
			return (0);
		}

		/*
		 * Don't allow the callback to set the session length to zero.
		 * nor set it higher than it was.
		 */
		if (!tmp || (tmp > ss->session_id_length)) {
			/* The callback set an illegal length */

			SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
			SSL_SESSION_free(ss);
			return (0);
		}
		ss->session_id_length = tmp;

		/* Finally, check for a conflict. */
		if (SSL_has_matching_session_id(s, ss->session_id,
			ss->session_id_length)) {

			SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT);
			SSL_SESSION_free(ss);
			return (0);
		}

sess_id_done:
		if (s->tlsext_hostname) {
			ss->tlsext_hostname = strdup(s->tlsext_hostname);
			if (ss->tlsext_hostname == NULL) {

				SSLerror(s, ERR_R_INTERNAL_ERROR);
				SSL_SESSION_free(ss);
				return 0;
			}
		}
	} else {
		ss->session_id_length = 0;
	}

	if (s->sid_ctx_length > sizeof ss->sid_ctx) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		SSL_SESSION_free(ss);
		return 0;
	}

	memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
	ss->sid_ctx_length = s->sid_ctx_length;
	s->session = ss;
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
 *   -1: error
 *    0: a session may have been found.
 *
 * Side effects:
 *   - If a session is found then s->session is pointed at it (after freeing
 *     an existing session if need be) and s->verify_result is set from the
 *     session.
 *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set
 *     to 1 if the server should issue a new session ticket (to 0 otherwise).
 */
int
ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
    const unsigned char *limit)
{
	SSL_SESSION *ret = NULL;
	int fatal = 0;
	int try_session_cache = 1;
	int r;

	/* This is used only by servers. */

	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
		goto err;

	if (len == 0)
		try_session_cache = 0;

	/* Sets s->tlsext_ticket_expected. */
	r = tls1_process_ticket(s, session_id, len, limit, &ret);
	switch (r) {
	case -1: /* Error during processing */
		fatal = 1;
		goto err;
	case 0: /* No ticket found */
	case 1: /* Zero length ticket found */
		break; /* Ok to carry on processing session id. */
	case 2: /* Ticket found but not decrypted. */
	case 3: /* Ticket decrypted, *ret has been set. */
		try_session_cache = 0;
		break;
	default:
		abort();
	}

	if (try_session_cache && ret == NULL &&
	    !(s->session_ctx->session_cache_mode &
	     SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
		SSL_SESSION data;
		data.ssl_version = s->version;
		data.session_id_length = len;
		memcpy(data.session_id, session_id, len);

		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
		ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
		if (ret != NULL) {
			/* Don't allow other threads to steal it. */
			CRYPTO_add(&ret->references, 1,
			    CRYPTO_LOCK_SSL_SESSION);
		}
		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

		if (ret == NULL)
			s->session_ctx->stats.sess_miss++;
	}

	if (try_session_cache && ret == NULL &&
	    s->session_ctx->get_session_cb != NULL) {
		int copy = 1;

		if ((ret = s->session_ctx->get_session_cb(s, session_id,
		    len, &copy))) {
			s->session_ctx->stats.sess_cb_hit++;

			/*
			 * Increment reference count now if the session
			 * callback asks us to do so (note that if the session
			 * structures returned by the callback are shared
			 * between threads, it must handle the reference count
			 * itself [i.e. copy == 0], or things won't be
			 * thread-safe).
			 */
			if (copy)
				CRYPTO_add(&ret->references, 1,
				    CRYPTO_LOCK_SSL_SESSION);

			/*
			 * Add the externally cached session to the internal
			 * cache as well if and only if we are supposed to.
			 */
			if (!(s->session_ctx->session_cache_mode &
			    SSL_SESS_CACHE_NO_INTERNAL_STORE))
				/*
				 * The following should not return 1,
				 * otherwise, things are very strange.
				 */
				SSL_CTX_add_session(s->session_ctx, ret);
		}







|



















|

















|







|








|



|


|
|
|

















|







402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
 *   -1: error
 *    0: a session may have been found.
 *
 * Side effects:
 *   - If a session is found then s->session is pointed at it (after freeing
 *     an existing session if need be) and s->verify_result is set from the
 *     session.
 *   - Both for new and resumed sessions, s->internal->tlsext_ticket_expected is set
 *     to 1 if the server should issue a new session ticket (to 0 otherwise).
 */
int
ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
    const unsigned char *limit)
{
	SSL_SESSION *ret = NULL;
	int fatal = 0;
	int try_session_cache = 1;
	int r;

	/* This is used only by servers. */

	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
		goto err;

	if (len == 0)
		try_session_cache = 0;

	/* Sets s->internal->tlsext_ticket_expected. */
	r = tls1_process_ticket(s, session_id, len, limit, &ret);
	switch (r) {
	case -1: /* Error during processing */
		fatal = 1;
		goto err;
	case 0: /* No ticket found */
	case 1: /* Zero length ticket found */
		break; /* Ok to carry on processing session id. */
	case 2: /* Ticket found but not decrypted. */
	case 3: /* Ticket decrypted, *ret has been set. */
		try_session_cache = 0;
		break;
	default:
		abort();
	}

	if (try_session_cache && ret == NULL &&
	    !(s->session_ctx->internal->session_cache_mode &
	     SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
		SSL_SESSION data;
		data.ssl_version = s->version;
		data.session_id_length = len;
		memcpy(data.session_id, session_id, len);

		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
		ret = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data);
		if (ret != NULL) {
			/* Don't allow other threads to steal it. */
			CRYPTO_add(&ret->references, 1,
			    CRYPTO_LOCK_SSL_SESSION);
		}
		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

		if (ret == NULL)
			s->session_ctx->internal->stats.sess_miss++;
	}

	if (try_session_cache && ret == NULL &&
	    s->session_ctx->internal->get_session_cb != NULL) {
		int copy = 1;

		if ((ret = s->session_ctx->internal->get_session_cb(s,
		    session_id, len, &copy))) {
			s->session_ctx->internal->stats.sess_cb_hit++;

			/*
			 * Increment reference count now if the session
			 * callback asks us to do so (note that if the session
			 * structures returned by the callback are shared
			 * between threads, it must handle the reference count
			 * itself [i.e. copy == 0], or things won't be
			 * thread-safe).
			 */
			if (copy)
				CRYPTO_add(&ret->references, 1,
				    CRYPTO_LOCK_SSL_SESSION);

			/*
			 * Add the externally cached session to the internal
			 * cache as well if and only if we are supposed to.
			 */
			if (!(s->session_ctx->internal->session_cache_mode &
			    SSL_SESS_CACHE_NO_INTERNAL_STORE))
				/*
				 * The following should not return 1,
				 * otherwise, things are very strange.
				 */
				SSL_CTX_add_session(s->session_ctx, ret);
		}
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
		 * SSL[_CTX]_set_session_id_context.
		 *
		 * For this error case, we generate an error instead of treating
		 * the event like a cache miss (otherwise it would be easy for
		 * applications to effectively disable the session cache by
		 * accident without anyone noticing).
		 */
		SSLerr(SSL_F_SSL_GET_PREV_SESSION,
		    SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
		fatal = 1;
		goto err;
	}

	if (ret->cipher == NULL) {
		ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
		if (ret->cipher == NULL)
			goto err;
	}

	if (ret->timeout < (time(NULL) - ret->time)) {
		/* timeout */
		s->session_ctx->stats.sess_timeout++;
		if (try_session_cache) {
			/* session was from the cache, so remove it */
			SSL_CTX_remove_session(s->session_ctx, ret);
		}
		goto err;
	}

	s->session_ctx->stats.sess_hit++;

	if (s->session != NULL)
		SSL_SESSION_free(s->session);
	s->session = ret;
	s->verify_result = s->session->verify_result;
	return 1;

err:
	if (ret != NULL) {
		SSL_SESSION_free(ret);
		if (!try_session_cache) {
			/*
			 * The session was from a ticket, so we should
			 * issue a ticket for the new session.
			 */
			s->tlsext_ticket_expected = 1;
		}
	}
	if (fatal)
		return -1;
	else
		return 0;
}







<
|












|







|















|







519
520
521
522
523
524
525

526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
		 * SSL[_CTX]_set_session_id_context.
		 *
		 * For this error case, we generate an error instead of treating
		 * the event like a cache miss (otherwise it would be easy for
		 * applications to effectively disable the session cache by
		 * accident without anyone noticing).
		 */

		SSLerror(s, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
		fatal = 1;
		goto err;
	}

	if (ret->cipher == NULL) {
		ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
		if (ret->cipher == NULL)
			goto err;
	}

	if (ret->timeout < (time(NULL) - ret->time)) {
		/* timeout */
		s->session_ctx->internal->stats.sess_timeout++;
		if (try_session_cache) {
			/* session was from the cache, so remove it */
			SSL_CTX_remove_session(s->session_ctx, ret);
		}
		goto err;
	}

	s->session_ctx->internal->stats.sess_hit++;

	if (s->session != NULL)
		SSL_SESSION_free(s->session);
	s->session = ret;
	s->verify_result = s->session->verify_result;
	return 1;

err:
	if (ret != NULL) {
		SSL_SESSION_free(ret);
		if (!try_session_cache) {
			/*
			 * The session was from a ticket, so we should
			 * issue a ticket for the new session.
			 */
			s->internal->tlsext_ticket_expected = 1;
		}
	}
	if (fatal)
		return -1;
	else
		return 0;
}
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
	CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);

	/*
	 * If session c is in already in cache, we take back the increment
	 * later.
	 */
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	s = lh_SSL_SESSION_insert(ctx->sessions, c);

	/*
	 * s != NULL iff we already had a session with the given PID.
	 * In this case, s == c should hold (then we did not really modify
	 * ctx->sessions), or we're in trouble.
	 */
	if (s != NULL && s != c) {
		/* We *are* in trouble ... */
		SSL_SESSION_list_remove(ctx, s);
		SSL_SESSION_free(s);
		/*
		 * ... so pretend the other session did not exist in cache







|




|







583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
	CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);

	/*
	 * If session c is in already in cache, we take back the increment
	 * later.
	 */
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	s = lh_SSL_SESSION_insert(ctx->internal->sessions, c);

	/*
	 * s != NULL iff we already had a session with the given PID.
	 * In this case, s == c should hold (then we did not really modify
	 * ctx->internal->sessions), or we're in trouble.
	 */
	if (s != NULL && s != c) {
		/* We *are* in trouble ... */
		SSL_SESSION_list_remove(ctx, s);
		SSL_SESSION_free(s);
		/*
		 * ... so pretend the other session did not exist in cache
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647

		ret = 1;

		if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
			while (SSL_CTX_sess_number(ctx) >
			    SSL_CTX_sess_get_cache_size(ctx)) {
				if (!remove_session_lock(ctx,
				    ctx->session_cache_tail, 0))
					break;
				else
					ctx->stats.sess_cache_full++;
			}
		}
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
	return (ret);
}








|


|







628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645

		ret = 1;

		if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
			while (SSL_CTX_sess_number(ctx) >
			    SSL_CTX_sess_get_cache_size(ctx)) {
				if (!remove_session_lock(ctx,
				    ctx->internal->session_cache_tail, 0))
					break;
				else
					ctx->internal->stats.sess_cache_full++;
			}
		}
	}
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
	return (ret);
}

656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699

700
701
702

703
704
705
706
707

708

709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
{
	SSL_SESSION *r;
	int ret = 0;

	if ((c != NULL) && (c->session_id_length != 0)) {
		if (lck)
			CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
		if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
			ret = 1;
			r = lh_SSL_SESSION_delete(ctx->sessions, c);
			SSL_SESSION_list_remove(ctx, c);
		}
		if (lck)
			CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

		if (ret) {
			r->not_resumable = 1;
			if (ctx->remove_session_cb != NULL)
				ctx->remove_session_cb(ctx, r);
			SSL_SESSION_free(r);
		}
	} else
		ret = 0;
	return (ret);
}

void
SSL_SESSION_free(SSL_SESSION *ss)
{
	int i;

	if (ss == NULL)
		return;

	i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
	if (i > 0)
		return;

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);

	explicit_bzero(ss->master_key, sizeof ss->master_key);
	explicit_bzero(ss->session_id, sizeof ss->session_id);
	if (ss->sess_cert != NULL)
		ssl_sess_cert_free(ss->sess_cert);

	X509_free(ss->peer);
	if (ss->ciphers != NULL)
		sk_SSL_CIPHER_free(ss->ciphers);

	free(ss->tlsext_hostname);
	free(ss->tlsext_tick);
	ss->tlsext_ecpointformatlist_length = 0;
	free(ss->tlsext_ecpointformatlist);
	ss->tlsext_ellipticcurvelist_length = 0;

	free(ss->tlsext_ellipticcurvelist);

	explicit_bzero(ss, sizeof(*ss));
	free(ss);
}

int
SSL_set_session(SSL *s, SSL_SESSION *session)
{
	int ret = 0;
	const SSL_METHOD *meth;

	if (session != NULL) {
		meth = s->ctx->method->get_ssl_method(session->ssl_version);
		if (meth == NULL)
			meth = s->method->get_ssl_method(session->ssl_version);
		if (meth == NULL) {
			SSLerr(SSL_F_SSL_SET_SESSION,
			    SSL_R_UNABLE_TO_FIND_SSL_METHOD);
			return (0);
		}

		if (meth != s->method) {
			if (!SSL_set_ssl_method(s, meth))
				return (0);
		}


		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
		CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
		if (s->session != NULL)
			SSL_SESSION_free(s->session);
		s->session = session;
		s->verify_result = s->session->verify_result;







|

|






|
|
|



















|



|
|
>

|
|
>


|
|
|
>
|
>











|

|

<
|







<







654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725

726
727
728
729
730
731
732
733

734
735
736
737
738
739
740
{
	SSL_SESSION *r;
	int ret = 0;

	if ((c != NULL) && (c->session_id_length != 0)) {
		if (lck)
			CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
		if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) {
			ret = 1;
			r = lh_SSL_SESSION_delete(ctx->internal->sessions, c);
			SSL_SESSION_list_remove(ctx, c);
		}
		if (lck)
			CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

		if (ret) {
			r->internal->not_resumable = 1;
			if (ctx->internal->remove_session_cb != NULL)
				ctx->internal->remove_session_cb(ctx, r);
			SSL_SESSION_free(r);
		}
	} else
		ret = 0;
	return (ret);
}

void
SSL_SESSION_free(SSL_SESSION *ss)
{
	int i;

	if (ss == NULL)
		return;

	i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
	if (i > 0)
		return;

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);

	explicit_bzero(ss->master_key, sizeof ss->master_key);
	explicit_bzero(ss->session_id, sizeof ss->session_id);

	ssl_sess_cert_free(ss->internal->sess_cert);

	X509_free(ss->peer);

	sk_SSL_CIPHER_free(ss->ciphers);

	free(ss->tlsext_hostname);
	free(ss->tlsext_tick);
	free(ss->internal->tlsext_ecpointformatlist);
	free(ss->internal->tlsext_supportedgroups);

	explicit_bzero(ss->internal, sizeof(*ss->internal));
	free(ss->internal);

	explicit_bzero(ss, sizeof(*ss));
	free(ss);
}

int
SSL_set_session(SSL *s, SSL_SESSION *session)
{
	int ret = 0;
	const SSL_METHOD *meth;

	if (session != NULL) {
		meth = s->ctx->method->internal->get_ssl_method(session->ssl_version);
		if (meth == NULL)
			meth = s->method->internal->get_ssl_method(session->ssl_version);
		if (meth == NULL) {

			SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
			return (0);
		}

		if (meth != s->method) {
			if (!SSL_set_ssl_method(s, meth))
				return (0);
		}


		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
		CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
		if (s->session != NULL)
			SSL_SESSION_free(s->session);
		s->session = session;
		s->verify_result = s->session->verify_result;
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
}

int
SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
{
	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
		SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
		    SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
		return 0;
	}
	s->sid_ctx_length = sid_ctx_len;
	memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);

	return 1;
}







<
|







799
800
801
802
803
804
805

806
807
808
809
810
811
812
813
}

int
SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
{
	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {

		SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
		return 0;
	}
	s->sid_ctx_length = sid_ctx_len;
	memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);

	return 1;
}
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912




913


914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098











1099















int
SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
    void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
    SSL_CIPHER **cipher, void *arg), void *arg)
{
	if (s == NULL)
		return (0);
	s->tls_session_secret_cb = tls_session_secret_cb;
	s->tls_session_secret_cb_arg = arg;
	return (1);
}

int
SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
    void *arg)
{
	if (s == NULL)
		return (0);
	s->tls_session_ticket_ext_cb = cb;
	s->tls_session_ticket_ext_cb_arg = arg;
	return (1);
}

int
SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
{
	if (s->version >= TLS1_VERSION) {
		free(s->tlsext_session_ticket);
		s->tlsext_session_ticket =
		    malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
		if (!s->tlsext_session_ticket) {
			SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT,
			    ERR_R_MALLOC_FAILURE);
			return 0;
		}

		if (ext_data) {
			s->tlsext_session_ticket->length = ext_len;
			s->tlsext_session_ticket->data =
			    s->tlsext_session_ticket + 1;
			memcpy(s->tlsext_session_ticket->data,
			    ext_data, ext_len);
		} else {
			s->tlsext_session_ticket->length = 0;
			s->tlsext_session_ticket->data = NULL;
		}

		return 1;
	}

	return 0;
}

typedef struct timeout_param_st {
	SSL_CTX *ctx;
	long time;
	LHASH_OF(SSL_SESSION) *cache;
} TIMEOUT_PARAM;

static void
timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
{
	if ((p->time == 0) || (p->time > (s->time + s->timeout))) {
		/* timeout */
		/* The reason we don't call SSL_CTX_remove_session() is to
		 * save on locking overhead */
		(void)lh_SSL_SESSION_delete(p->cache, s);
		SSL_SESSION_list_remove(p->ctx, s);
		s->not_resumable = 1;
		if (p->ctx->remove_session_cb != NULL)
			p->ctx->remove_session_cb(p->ctx, s);
		SSL_SESSION_free(s);
	}
}

static




IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)



/* XXX 2038 */
void
SSL_CTX_flush_sessions(SSL_CTX *s, long t)
{
	unsigned long i;
	TIMEOUT_PARAM tp;

	tp.ctx = s;
	tp.cache = s->sessions;
	if (tp.cache == NULL)
		return;
	tp.time = t;
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
	CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
	lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
	TIMEOUT_PARAM, &tp);
	CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
}

int
ssl_clear_bad_session(SSL *s)
{
	if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
	    !(SSL_in_init(s) || SSL_in_before(s))) {
		SSL_CTX_remove_session(s->ctx, s->session);
		return (1);
	} else
		return (0);
}

/* locked by SSL_CTX in the calling function */
static void
SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
{
	if ((s->next == NULL) || (s->prev == NULL))
		return;

	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
		/* last element in list */
		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
			/* only one element in list */
			ctx->session_cache_head = NULL;
			ctx->session_cache_tail = NULL;
		} else {
			ctx->session_cache_tail = s->prev;
			s->prev->next =
			    (SSL_SESSION *)&(ctx->session_cache_tail);
		}
	} else {
		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
			/* first element in list */
			ctx->session_cache_head = s->next;
			s->next->prev =
			    (SSL_SESSION *)&(ctx->session_cache_head);
		} else {
			/* middle of list */
			s->next->prev = s->prev;
			s->prev->next = s->next;
		}
	}
	s->prev = s->next = NULL;
}

static void
SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
{
	if ((s->next != NULL) && (s->prev != NULL))
		SSL_SESSION_list_remove(ctx, s);

	if (ctx->session_cache_head == NULL) {
		ctx->session_cache_head = s;
		ctx->session_cache_tail = s;
		s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
		s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
	} else {
		s->next = ctx->session_cache_head;
		s->next->prev = s;
		s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
		ctx->session_cache_head = s;
	}
}

void
SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
    int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
	ctx->new_session_cb = cb;
}

int
(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
{
	return ctx->new_session_cb;
}

void
SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
    void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
{
	ctx->remove_session_cb = cb;
}

void
(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
{
	return ctx->remove_session_cb;
}

void
SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
    unsigned char *data, int len, int *copy))
{
	ctx->get_session_cb = cb;
}

SSL_SESSION *
(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
    int len, int *copy)
{
	return ctx->get_session_cb;
}

void
SSL_CTX_set_info_callback(SSL_CTX *ctx,
    void (*cb)(const SSL *ssl, int type, int val))
{
	ctx->info_callback = cb;
}

void
(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
{
	return ctx->info_callback;
}

void
SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
{
	ctx->client_cert_cb = cb;
}

int
(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
    EVP_PKEY **pkey)
{
	return ctx->client_cert_cb;
}

#ifndef OPENSSL_NO_ENGINE
int
SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
	if (!ENGINE_init(e)) {
		SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
		    ERR_R_ENGINE_LIB);
		return 0;
	}
	if (!ENGINE_get_ssl_client_cert_function(e)) {
		SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
		    SSL_R_NO_CLIENT_CERT_METHOD);
		ENGINE_finish(e);
		return 0;
	}
	ctx->client_cert_engine = e;
	return 1;
}
#endif

void
SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
{
	ctx->app_gen_cookie_cb = cb;
}

void
SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
{
	ctx->app_verify_cookie_cb = cb;
}












IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)






















|
|









|
|







|
|

|
<
|




|
|
|
|


|
|











|











|
|
|




|
>
>
>
>
|
>
>









|






|








|











|


|

|

|
|

|
|
|


|

|
|
|


|
|


|





|


|
|
|
|
|

|
|
|
|






|





|






|





|






|






|






|





|






|






|







<
|



<
|



|








|






|


>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866

867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073

1074
1075
1076
1077

1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
int
SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
    void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
    SSL_CIPHER **cipher, void *arg), void *arg)
{
	if (s == NULL)
		return (0);
	s->internal->tls_session_secret_cb = tls_session_secret_cb;
	s->internal->tls_session_secret_cb_arg = arg;
	return (1);
}

int
SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
    void *arg)
{
	if (s == NULL)
		return (0);
	s->internal->tls_session_ticket_ext_cb = cb;
	s->internal->tls_session_ticket_ext_cb_arg = arg;
	return (1);
}

int
SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
{
	if (s->version >= TLS1_VERSION) {
		free(s->internal->tlsext_session_ticket);
		s->internal->tlsext_session_ticket =
		    malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
		if (!s->internal->tlsext_session_ticket) {

			SSLerror(s, ERR_R_MALLOC_FAILURE);
			return 0;
		}

		if (ext_data) {
			s->internal->tlsext_session_ticket->length = ext_len;
			s->internal->tlsext_session_ticket->data =
			    s->internal->tlsext_session_ticket + 1;
			memcpy(s->internal->tlsext_session_ticket->data,
			    ext_data, ext_len);
		} else {
			s->internal->tlsext_session_ticket->length = 0;
			s->internal->tlsext_session_ticket->data = NULL;
		}

		return 1;
	}

	return 0;
}

typedef struct timeout_param_st {
	SSL_CTX *ctx;
	long time;
	struct lhash_st_SSL_SESSION *cache;
} TIMEOUT_PARAM;

static void
timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
{
	if ((p->time == 0) || (p->time > (s->time + s->timeout))) {
		/* timeout */
		/* The reason we don't call SSL_CTX_remove_session() is to
		 * save on locking overhead */
		(void)lh_SSL_SESSION_delete(p->cache, s);
		SSL_SESSION_list_remove(p->ctx, s);
		s->internal->not_resumable = 1;
		if (p->ctx->internal->remove_session_cb != NULL)
			p->ctx->internal->remove_session_cb(p->ctx, s);
		SSL_SESSION_free(s);
	}
}

static void
timeout_LHASH_DOALL_ARG(void *arg1, void *arg2)
{
	SSL_SESSION *a = arg1;
	TIMEOUT_PARAM *b = arg2;

	timeout_doall_arg(a, b);
}

/* XXX 2038 */
void
SSL_CTX_flush_sessions(SSL_CTX *s, long t)
{
	unsigned long i;
	TIMEOUT_PARAM tp;

	tp.ctx = s;
	tp.cache = s->internal->sessions;
	if (tp.cache == NULL)
		return;
	tp.time = t;
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
	CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
	lh_SSL_SESSION_doall_arg(tp.cache, timeout_LHASH_DOALL_ARG,
	TIMEOUT_PARAM, &tp);
	CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
}

int
ssl_clear_bad_session(SSL *s)
{
	if ((s->session != NULL) && !(s->internal->shutdown & SSL_SENT_SHUTDOWN) &&
	    !(SSL_in_init(s) || SSL_in_before(s))) {
		SSL_CTX_remove_session(s->ctx, s->session);
		return (1);
	} else
		return (0);
}

/* locked by SSL_CTX in the calling function */
static void
SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
{
	if ((s->internal->next == NULL) || (s->internal->prev == NULL))
		return;

	if (s->internal->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) {
		/* last element in list */
		if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {
			/* only one element in list */
			ctx->internal->session_cache_head = NULL;
			ctx->internal->session_cache_tail = NULL;
		} else {
			ctx->internal->session_cache_tail = s->internal->prev;
			s->internal->prev->internal->next =
			    (SSL_SESSION *)&(ctx->internal->session_cache_tail);
		}
	} else {
		if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {
			/* first element in list */
			ctx->internal->session_cache_head = s->internal->next;
			s->internal->next->internal->prev =
			    (SSL_SESSION *)&(ctx->internal->session_cache_head);
		} else {
			/* middle of list */
			s->internal->next->internal->prev = s->internal->prev;
			s->internal->prev->internal->next = s->internal->next;
		}
	}
	s->internal->prev = s->internal->next = NULL;
}

static void
SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
{
	if ((s->internal->next != NULL) && (s->internal->prev != NULL))
		SSL_SESSION_list_remove(ctx, s);

	if (ctx->internal->session_cache_head == NULL) {
		ctx->internal->session_cache_head = s;
		ctx->internal->session_cache_tail = s;
		s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);
		s->internal->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail);
	} else {
		s->internal->next = ctx->internal->session_cache_head;
		s->internal->next->internal->prev = s;
		s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);
		ctx->internal->session_cache_head = s;
	}
}

void
SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
    int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
	ctx->internal->new_session_cb = cb;
}

int
(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
{
	return ctx->internal->new_session_cb;
}

void
SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
    void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
{
	ctx->internal->remove_session_cb = cb;
}

void
(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
{
	return ctx->internal->remove_session_cb;
}

void
SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
    unsigned char *data, int len, int *copy))
{
	ctx->internal->get_session_cb = cb;
}

SSL_SESSION *
(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
    int len, int *copy)
{
	return ctx->internal->get_session_cb;
}

void
SSL_CTX_set_info_callback(SSL_CTX *ctx,
    void (*cb)(const SSL *ssl, int type, int val))
{
	ctx->internal->info_callback = cb;
}

void
(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
{
	return ctx->internal->info_callback;
}

void
SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
{
	ctx->internal->client_cert_cb = cb;
}

int
(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
    EVP_PKEY **pkey)
{
	return ctx->internal->client_cert_cb;
}

#ifndef OPENSSL_NO_ENGINE
int
SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
	if (!ENGINE_init(e)) {

		SSLerrorx(ERR_R_ENGINE_LIB);
		return 0;
	}
	if (!ENGINE_get_ssl_client_cert_function(e)) {

		SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD);
		ENGINE_finish(e);
		return 0;
	}
	ctx->internal->client_cert_engine = e;
	return 1;
}
#endif

void
SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
{
	ctx->internal->app_gen_cookie_cb = cb;
}

void
SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
{
	ctx->internal->app_verify_cookie_cb = cb;
}

int
PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x)
{
	return PEM_ASN1_write((i2d_of_void *)i2d_SSL_SESSION,
	    PEM_STRING_SSL_SESSION, fp, x, NULL, NULL, 0, NULL, NULL);
}

SSL_SESSION *
PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read((d2i_of_void *)d2i_SSL_SESSION,
	    PEM_STRING_SSL_SESSION, fp, (void **)x, cb, u);
}

SSL_SESSION *
PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, pem_password_cb *cb, void *u)
{
	return PEM_ASN1_read_bio((d2i_of_void *)d2i_SSL_SESSION,
	    PEM_STRING_SSL_SESSION, bp, (void **)x, cb, u);
}

int
PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x)
{
	return PEM_ASN1_write_bio((i2d_of_void *)i2d_SSL_SESSION,
	    PEM_STRING_SSL_SESSION, bp, x, NULL, NULL, 0, NULL, NULL);
}
Added jni/libressl/ssl/ssl_srvr.c.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
/* $OpenBSD: ssl_srvr.c,v 1.11.4.1 2017/04/29 23:41:32 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * ECC cipher suite support in OpenSSL originally written by
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */

#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/bn.h>
#include <openssl/buffer.h>
#include <openssl/curve25519.h>
#include <openssl/evp.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_GOST
#include <openssl/gost.h>
#endif
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

#include "bytestring.h"

int
ssl3_accept(SSL *s)
{
	unsigned long alg_k;
	void (*cb)(const SSL *ssl, int type, int val) = NULL;
	int ret = -1;
	int new_state, state, skip = 0;

	ERR_clear_error();
	errno = 0;

	if (s->internal->info_callback != NULL)
		cb = s->internal->info_callback;
	else if (s->ctx->internal->info_callback != NULL)
		cb = s->ctx->internal->info_callback;

	/* init things to blank */
	s->internal->in_handshake++;
	if (!SSL_in_init(s) || SSL_in_before(s))
		SSL_clear(s);

	if (s->cert == NULL) {
		SSLerror(s, SSL_R_NO_CERTIFICATE_SET);
		ret = -1;
		goto end;
	}

	for (;;) {
		state = s->internal->state;

		switch (s->internal->state) {
		case SSL_ST_RENEGOTIATE:
			s->internal->renegotiate = 1;
			/* s->internal->state=SSL_ST_ACCEPT; */

		case SSL_ST_BEFORE:
		case SSL_ST_ACCEPT:
		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
		case SSL_ST_OK|SSL_ST_ACCEPT:

			s->server = 1;
			if (cb != NULL)
				cb(s, SSL_CB_HANDSHAKE_START, 1);

			if ((s->version >> 8) != 3) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				ret = -1;
				goto end;
			}
			s->internal->type = SSL_ST_ACCEPT;

			if (!ssl3_setup_init_buffer(s)) {
				ret = -1;
				goto end;
			}
			if (!ssl3_setup_buffers(s)) {
				ret = -1;
				goto end;
			}

			s->internal->init_num = 0;

			if (s->internal->state != SSL_ST_RENEGOTIATE) {
				/*
				 * Ok, we now need to push on a buffering BIO
				 * so that the output is sent in a way that
				 * TCP likes :-)
				 */
				if (!ssl_init_wbio_buffer(s, 1)) {
					ret = -1;
					goto end;
				}

				if (!tls1_init_finished_mac(s)) {
					ret = -1;
					goto end;
				}

				s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
				s->ctx->internal->stats.sess_accept++;
			} else if (!S3I(s)->send_connection_binding) {
				/*
				 * Server attempting to renegotiate with
				 * client that doesn't support secure
				 * renegotiation.
				 */
				SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
				ssl3_send_alert(s, SSL3_AL_FATAL,
				    SSL_AD_HANDSHAKE_FAILURE);
				ret = -1;
				goto end;
			} else {
				/*
				 * s->internal->state == SSL_ST_RENEGOTIATE,
				 * we will just send a HelloRequest
				 */
				s->ctx->internal->stats.sess_accept_renegotiate++;
				s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
			}
			break;

		case SSL3_ST_SW_HELLO_REQ_A:
		case SSL3_ST_SW_HELLO_REQ_B:

			s->internal->shutdown = 0;
			ret = ssl3_send_hello_request(s);
			if (ret <= 0)
				goto end;
			S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
			s->internal->state = SSL3_ST_SW_FLUSH;
			s->internal->init_num = 0;

			if (!tls1_init_finished_mac(s)) {
				ret = -1;
				goto end;
			}
			break;

		case SSL3_ST_SW_HELLO_REQ_C:
			s->internal->state = SSL_ST_OK;
			break;

		case SSL3_ST_SR_CLNT_HELLO_A:
		case SSL3_ST_SR_CLNT_HELLO_B:
		case SSL3_ST_SR_CLNT_HELLO_C:

			s->internal->shutdown = 0;
			if (s->internal->rwstate != SSL_X509_LOOKUP) {
				ret = ssl3_get_client_hello(s);
				if (ret <= 0)
					goto end;
			}

			s->internal->renegotiate = 2;
			s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_SRVR_HELLO_A:
		case SSL3_ST_SW_SRVR_HELLO_B:
			ret = ssl3_send_server_hello(s);
			if (ret <= 0)
				goto end;
			if (s->internal->hit) {
				if (s->internal->tlsext_ticket_expected)
					s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
				else
					s->internal->state = SSL3_ST_SW_CHANGE_A;
			}
			else
				s->internal->state = SSL3_ST_SW_CERT_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_A:
		case SSL3_ST_SW_CERT_B:
			/* Check if it is anon DH or anon ECDH. */
			if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
			    SSL_aNULL)) {
				ret = ssl3_send_server_certificate(s);
				if (ret <= 0)
					goto end;
				if (s->internal->tlsext_status_expected)
					s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
				else
					s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
			} else {
				skip = 1;
				s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
			}
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_KEY_EXCH_A:
		case SSL3_ST_SW_KEY_EXCH_B:
			alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;

			/*
			 * Only send if using a DH key exchange.
			 *
			 * For ECC ciphersuites, we send a ServerKeyExchange
			 * message only if the cipher suite is ECDHE. In other
			 * cases, the server certificate contains the server's
			 * public key for key exchange.
			 */
			if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
				ret = ssl3_send_server_key_exchange(s);
				if (ret <= 0)
					goto end;
			} else
				skip = 1;

			s->internal->state = SSL3_ST_SW_CERT_REQ_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_REQ_A:
		case SSL3_ST_SW_CERT_REQ_B:
			/*
			 * Determine whether or not we need to request a
			 * certificate.
			 *
			 * Do not request a certificate if:
			 *
			 * - We did not ask for it (SSL_VERIFY_PEER is unset).
			 *
			 * - SSL_VERIFY_CLIENT_ONCE is set and we are
			 *   renegotiating.
			 *
			 * - We are using an anonymous ciphersuites
			 *   (see section "Certificate request" in SSL 3 drafts
			 *   and in RFC 2246) ... except when the application
			 *   insists on verification (against the specs, but
			 *   s3_clnt.c accepts this for SSL 3).
			 */
			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
			    ((s->session->peer != NULL) &&
			     (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
			    ((S3I(s)->tmp.new_cipher->algorithm_auth &
			     SSL_aNULL) && !(s->verify_mode &
			     SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
				/* No cert request */
				skip = 1;
				S3I(s)->tmp.cert_request = 0;
				s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
				if (S3I(s)->handshake_buffer) {
					if (!tls1_digest_cached_records(s)) {
						ret = -1;
						goto end;
					}
				}
			} else {
				S3I(s)->tmp.cert_request = 1;
				ret = ssl3_send_certificate_request(s);
				if (ret <= 0)
					goto end;
				s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
				s->internal->init_num = 0;
			}
			break;

		case SSL3_ST_SW_SRVR_DONE_A:
		case SSL3_ST_SW_SRVR_DONE_B:
			ret = ssl3_send_server_done(s);
			if (ret <= 0)
				goto end;
			S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
			s->internal->state = SSL3_ST_SW_FLUSH;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_FLUSH:

			/*
			 * This code originally checked to see if
			 * any data was pending using BIO_CTRL_INFO
			 * and then flushed. This caused problems
			 * as documented in PR#1939. The proposed
			 * fix doesn't completely resolve this issue
			 * as buggy implementations of BIO_CTRL_PENDING
			 * still exist. So instead we just flush
			 * unconditionally.
			 */

			s->internal->rwstate = SSL_WRITING;
			if (BIO_flush(s->wbio) <= 0) {
				ret = -1;
				goto end;
			}
			s->internal->rwstate = SSL_NOTHING;

			s->internal->state = S3I(s)->tmp.next_state;
			break;

		case SSL3_ST_SR_CERT_A:
		case SSL3_ST_SR_CERT_B:
			if (S3I(s)->tmp.cert_request) {
				ret = ssl3_get_client_certificate(s);
				if (ret <= 0)
					goto end;
			}
			s->internal->init_num = 0;
			s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
			break;

		case SSL3_ST_SR_KEY_EXCH_A:
		case SSL3_ST_SR_KEY_EXCH_B:
			ret = ssl3_get_client_key_exchange(s);
			if (ret <= 0)
				goto end;
			alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
			if (ret == 2) {
				/*
				 * For the ECDH ciphersuites when
				 * the client sends its ECDH pub key in
				 * a certificate, the CertificateVerify
				 * message is not sent.
				 * Also for GOST ciphersuites when
				 * the client uses its key from the certificate
				 * for key exchange.
				 */
				if (S3I(s)->next_proto_neg_seen)
					s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
				else
					s->internal->state = SSL3_ST_SR_FINISHED_A;
				s->internal->init_num = 0;
			} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
				s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
				s->internal->init_num = 0;
				if (!s->session->peer)
					break;
				/*
				 * For sigalgs freeze the handshake buffer
				 * at this point and digest cached records.
				 */
				if (!S3I(s)->handshake_buffer) {
					SSLerror(s, ERR_R_INTERNAL_ERROR);
					ret = -1;
					goto end;
				}
				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
				if (!tls1_digest_cached_records(s)) {
					ret = -1;
					goto end;
				}
			} else {
				s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
				s->internal->init_num = 0;

				/*
				 * We need to get hashes here so if there is
				 * a client cert, it can be verified.
				 */
				if (S3I(s)->handshake_buffer) {
					if (!tls1_digest_cached_records(s)) {
						ret = -1;
						goto end;
					}
				}
				if (!tls1_handshake_hash_value(s,
				    S3I(s)->tmp.cert_verify_md,
				    sizeof(S3I(s)->tmp.cert_verify_md),
				    NULL)) {
				        ret = -1;
					goto end;
				}
			}
			break;

		case SSL3_ST_SR_CERT_VRFY_A:
		case SSL3_ST_SR_CERT_VRFY_B:
			s->s3->flags |= SSL3_FLAGS_CCS_OK;

			/* we should decide if we expected this one */
			ret = ssl3_get_cert_verify(s);
			if (ret <= 0)
				goto end;

			if (S3I(s)->next_proto_neg_seen)
				s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
			else
				s->internal->state = SSL3_ST_SR_FINISHED_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SR_NEXT_PROTO_A:
		case SSL3_ST_SR_NEXT_PROTO_B:
			ret = ssl3_get_next_proto(s);
			if (ret <= 0)
				goto end;
			s->internal->init_num = 0;
			s->internal->state = SSL3_ST_SR_FINISHED_A;
			break;

		case SSL3_ST_SR_FINISHED_A:
		case SSL3_ST_SR_FINISHED_B:
			s->s3->flags |= SSL3_FLAGS_CCS_OK;
			ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
			    SSL3_ST_SR_FINISHED_B);
			if (ret <= 0)
				goto end;
			if (s->internal->hit)
				s->internal->state = SSL_ST_OK;
			else if (s->internal->tlsext_ticket_expected)
				s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
			else
				s->internal->state = SSL3_ST_SW_CHANGE_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_SESSION_TICKET_A:
		case SSL3_ST_SW_SESSION_TICKET_B:
			ret = ssl3_send_newsession_ticket(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_CHANGE_A;
			s->internal->init_num = 0;
			break;

		case SSL3_ST_SW_CERT_STATUS_A:
		case SSL3_ST_SW_CERT_STATUS_B:
			ret = ssl3_send_cert_status(s);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
			s->internal->init_num = 0;
			break;


		case SSL3_ST_SW_CHANGE_A:
		case SSL3_ST_SW_CHANGE_B:

			s->session->cipher = S3I(s)->tmp.new_cipher;
			if (!tls1_setup_key_block(s)) {
				ret = -1;
				goto end;
			}

			ret = ssl3_send_change_cipher_spec(s,
			    SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);

			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_FINISHED_A;
			s->internal->init_num = 0;

			if (!tls1_change_cipher_state(
			    s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
				ret = -1;
				goto end;
			}

			break;

		case SSL3_ST_SW_FINISHED_A:
		case SSL3_ST_SW_FINISHED_B:
			ret = ssl3_send_finished(s,
			SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
			TLS_MD_SERVER_FINISH_CONST,
			TLS_MD_SERVER_FINISH_CONST_SIZE);
			if (ret <= 0)
				goto end;
			s->internal->state = SSL3_ST_SW_FLUSH;
			if (s->internal->hit) {
				if (S3I(s)->next_proto_neg_seen) {
					s->s3->flags |= SSL3_FLAGS_CCS_OK;
					S3I(s)->tmp.next_state =
					    SSL3_ST_SR_NEXT_PROTO_A;
				} else
					S3I(s)->tmp.next_state =
					    SSL3_ST_SR_FINISHED_A;
			} else
				S3I(s)->tmp.next_state = SSL_ST_OK;
			s->internal->init_num = 0;
			break;

		case SSL_ST_OK:
			/* clean a few things up */
			tls1_cleanup_key_block(s);

			BUF_MEM_free(s->internal->init_buf);
			s->internal->init_buf = NULL;

			/* remove buffering on output */
			ssl_free_wbio_buffer(s);

			s->internal->init_num = 0;

			/* skipped if we just sent a HelloRequest */
			if (s->internal->renegotiate == 2) {
				s->internal->renegotiate = 0;
				s->internal->new_session = 0;

				ssl_update_cache(s, SSL_SESS_CACHE_SERVER);

				s->ctx->internal->stats.sess_accept_good++;
				/* s->server=1; */
				s->internal->handshake_func = ssl3_accept;

				if (cb != NULL)
					cb(s, SSL_CB_HANDSHAKE_DONE, 1);
			}

			ret = 1;
			goto end;
			/* break; */

		default:
			SSLerror(s, SSL_R_UNKNOWN_STATE);
			ret = -1;
			goto end;
			/* break; */
		}

		if (!S3I(s)->tmp.reuse_message && !skip) {
			if (s->internal->debug) {
				if ((ret = BIO_flush(s->wbio)) <= 0)
					goto end;
			}


			if ((cb != NULL) && (s->internal->state != state)) {
				new_state = s->internal->state;
				s->internal->state = state;
				cb(s, SSL_CB_ACCEPT_LOOP, 1);
				s->internal->state = new_state;
			}
		}
		skip = 0;
	}
end:
	/* BIO_flush(s->wbio); */

	s->internal->in_handshake--;
	if (cb != NULL)
		cb(s, SSL_CB_ACCEPT_EXIT, ret);
	return (ret);
}

int
ssl3_send_hello_request(SSL *s)
{
	CBB cbb, hello;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,
		    SSL3_MT_HELLO_REQUEST))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
	}

	/* SSL3_ST_SW_HELLO_REQ_B */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (-1);
}

int
ssl3_get_client_hello(SSL *s)
{
	CBS cbs, client_random, session_id, cookie, cipher_suites;
	CBS compression_methods;
	uint16_t client_version;
	uint8_t comp_method;
	int comp_null;
	int i, j, ok, al, ret = -1, cookie_valid = 0;
	long n;
	unsigned long id;
	unsigned char *p, *d;
	SSL_CIPHER *c;
	STACK_OF(SSL_CIPHER) *ciphers = NULL;
	unsigned long alg_k;
	const SSL_METHOD *method;
	uint16_t shared_version;
	unsigned char *end;

	/*
	 * We do this so that we will respond with our native type.
	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
	 * This down switching should be handled by a different method.
	 * If we are SSLv3, we will respond with SSLv3, even if prompted with
	 * TLSv1.
	 */
	if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
		s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
	}

	s->internal->first_packet = 1;
	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
	    SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
	    SSL3_RT_MAX_PLAIN_LENGTH, &ok);
	if (!ok)
		return ((int)n);
	s->internal->first_packet = 0;

	if (n < 0)
		goto err;

	d = p = (unsigned char *)s->internal->init_msg;
	end = d + n;

	CBS_init(&cbs, s->internal->init_msg, n);

	/*
	 * Use version from inside client hello, not from record header.
	 * (may differ: see RFC 2246, Appendix E, second paragraph)
	 */
	if (!CBS_get_u16(&cbs, &client_version))
		goto truncated;

	if (ssl_max_shared_version(s, client_version, &shared_version) != 1) {
		SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
		if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
		    !s->internal->enc_write_ctx && !s->internal->write_hash) {
			/*
			 * Similar to ssl3_get_record, send alert using remote
			 * version number.
			 */
			s->version = s->client_version;
		}
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
	}
	s->client_version = client_version;
	s->version = shared_version;

	if ((method = tls1_get_server_method(shared_version)) == NULL)
		method = dtls1_get_server_method(shared_version);
	if (method == NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	s->method = method;

	if (!CBS_get_bytes(&cbs, &client_random, SSL3_RANDOM_SIZE))
		goto truncated;
	if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
		goto truncated;

	/*
	 * If we require cookies (DTLS) and this ClientHello doesn't
	 * contain one, just return since we do not want to
	 * allocate any memory yet. So check cookie length...
	 */
	if (SSL_IS_DTLS(s)) {
		if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
			goto truncated;
		if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
			if (CBS_len(&cookie) == 0)
				return (1);
		}
	}

	if (!CBS_write_bytes(&client_random, s->s3->client_random,
	    sizeof(s->s3->client_random), NULL))
		goto err;

	s->internal->hit = 0;

	/*
	 * Versions before 0.9.7 always allow clients to resume sessions in
	 * renegotiation. 0.9.7 and later allow this by default, but optionally
	 * ignore resumption requests with flag
	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
	 * rather than a change to default behavior so that applications
	 * relying on this for security won't even compile against older
	 * library versions).
	 *
	 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
	 * to request renegotiation but not a new session (s->internal->new_session
	 * remains unset): for servers, this essentially just means that the
	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
	 * ignored.
	 */
	if ((s->internal->new_session && (s->internal->options &
	    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
		if (!ssl_get_new_session(s, 1))
			goto err;
	} else {
		/* XXX - pass CBS through instead... */
		i = ssl_get_prev_session(s,
		    (unsigned char *)CBS_data(&session_id),
		    CBS_len(&session_id), end);
		if (i == 1) { /* previous session */
			s->internal->hit = 1;
		} else if (i == -1)
			goto err;
		else {
			/* i == 0 */
			if (!ssl_get_new_session(s, 1))
				goto err;
		}
	}

	if (SSL_IS_DTLS(s)) {
		/*
		 * The ClientHello may contain a cookie even if the HelloVerify
		 * message has not been sent - make sure that it does not cause
		 * an overflow.
		 */
		if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_COOKIE_MISMATCH);
			goto f_err;
		}

		/* Verify the cookie if appropriate option is set. */
		if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
		    CBS_len(&cookie) > 0) {
			size_t cookie_len;

			/* XXX - rcvd_cookie seems to only be used here... */
			if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie,
			    sizeof(D1I(s)->rcvd_cookie), &cookie_len))
				goto err;

			if (s->ctx->internal->app_verify_cookie_cb != NULL) {
				if (s->ctx->internal->app_verify_cookie_cb(s,
				    D1I(s)->rcvd_cookie, cookie_len) == 0) {
					al = SSL_AD_HANDSHAKE_FAILURE;
					SSLerror(s, SSL_R_COOKIE_MISMATCH);
					goto f_err;
				}
				/* else cookie verification succeeded */
			/* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
			} else if (timingsafe_memcmp(D1I(s)->rcvd_cookie,
			    D1I(s)->cookie, D1I(s)->cookie_len) != 0) {
				/* default verification */
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerror(s, SSL_R_COOKIE_MISMATCH);
				goto f_err;
			}
			cookie_valid = 1;
		}
	}

	if (!CBS_get_u16_length_prefixed(&cbs, &cipher_suites))
		goto truncated;

	/* XXX - This logic seems wrong... */
	if (CBS_len(&cipher_suites) == 0 && CBS_len(&session_id) != 0) {
		/* we need a cipher if we are not resuming a session */
		al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED);
		goto f_err;
	}

	if (CBS_len(&cipher_suites) > 0) {
		if ((ciphers = ssl_bytes_to_cipher_list(s,
		    CBS_data(&cipher_suites), CBS_len(&cipher_suites))) == NULL)
			goto err;
	}

	/* If it is a hit, check that the cipher is in the list */
	if (s->internal->hit && CBS_len(&cipher_suites) > 0) {
		j = 0;
		id = s->session->cipher->id;

		for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
			c = sk_SSL_CIPHER_value(ciphers, i);
			if (c->id == id) {
				j = 1;
				break;
			}
		}
		if (j == 0) {
			/*
			 * We need to have the cipher in the cipher
			 * list if we are asked to reuse it
			 */
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING);
			goto f_err;
		}
	}

	if (!CBS_get_u8_length_prefixed(&cbs, &compression_methods))
		goto truncated;

	comp_null = 0;
	while (CBS_len(&compression_methods) > 0) {
		if (!CBS_get_u8(&compression_methods, &comp_method))
			goto truncated;
		if (comp_method == 0)
			comp_null = 1;
	}
	if (comp_null == 0) {
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED);
		goto f_err;
	}

	p = (unsigned char *)CBS_data(&cbs);

	/* TLS extensions*/
	if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
		/* 'al' set by ssl_parse_clienthello_tlsext */
		SSLerror(s, SSL_R_PARSE_TLSEXT);
		goto f_err;
	}
	if (ssl_check_clienthello_tlsext_early(s) <= 0) {
		SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT);
		goto err;
	}

	/*
	 * Check if we want to use external pre-shared secret for this
	 * handshake for not reused session only. We need to generate
	 * server_random before calling tls_session_secret_cb in order to allow
	 * SessionTicket processing to use it in key derivation.
	 */
	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);

	if (!s->internal->hit && s->internal->tls_session_secret_cb) {
		SSL_CIPHER *pref_cipher = NULL;

		s->session->master_key_length = sizeof(s->session->master_key);
		if (s->internal->tls_session_secret_cb(s, s->session->master_key,
		    &s->session->master_key_length, ciphers, &pref_cipher,
		    s->internal->tls_session_secret_cb_arg)) {
			s->internal->hit = 1;
			s->session->ciphers = ciphers;
			s->session->verify_result = X509_V_OK;

			ciphers = NULL;

			/* check if some cipher was preferred by call back */
			pref_cipher = pref_cipher ? pref_cipher :
			    ssl3_choose_cipher(s, s->session->ciphers,
			    SSL_get_ciphers(s));
			if (pref_cipher == NULL) {
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerror(s, SSL_R_NO_SHARED_CIPHER);
				goto f_err;
			}

			s->session->cipher = pref_cipher;

			sk_SSL_CIPHER_free(s->cipher_list);
			sk_SSL_CIPHER_free(s->internal->cipher_list_by_id);

			s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
			s->internal->cipher_list_by_id =
			    sk_SSL_CIPHER_dup(s->session->ciphers);
		}
	}

	/*
	 * Given s->session->ciphers and SSL_get_ciphers, we must
	 * pick a cipher
	 */

	if (!s->internal->hit) {
		sk_SSL_CIPHER_free(s->session->ciphers);
		s->session->ciphers = ciphers;
		if (ciphers == NULL) {
			al = SSL_AD_ILLEGAL_PARAMETER;
			SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
			goto f_err;
		}
		ciphers = NULL;
		c = ssl3_choose_cipher(s, s->session->ciphers,
		SSL_get_ciphers(s));

		if (c == NULL) {
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerror(s, SSL_R_NO_SHARED_CIPHER);
			goto f_err;
		}
		S3I(s)->tmp.new_cipher = c;
	} else {
		S3I(s)->tmp.new_cipher = s->session->cipher;
	}

	if (!tls1_handshake_hash_init(s))
		goto err;

	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
	    !(s->verify_mode & SSL_VERIFY_PEER)) {
		if (!tls1_digest_cached_records(s)) {
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
	}

	/*
	 * We now have the following setup.
	 * client_random
	 * cipher_list 		- our prefered list of ciphers
	 * ciphers 		- the clients prefered list of ciphers
	 * compression		- basically ignored right now
	 * ssl version is set	- sslv3
	 * s->session		- The ssl session has been setup.
	 * s->internal->hit		- session reuse flag
	 * s->tmp.new_cipher	- the new cipher to use.
	 */

	/* Handles TLS extensions that we couldn't check earlier */
	if (ssl_check_clienthello_tlsext_late(s) <= 0) {
		SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT);
		goto err;
	}

	ret = cookie_valid ? 2 : 1;

	if (0) {
truncated:
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
err:
	sk_SSL_CIPHER_free(ciphers);

	return (ret);
}

int
ssl3_send_server_hello(SSL *s)
{
	unsigned char *bufend;
	unsigned char *p, *d;
	CBB cbb, session_id;
	size_t outlen;
	int sl;

	memset(&cbb, 0, sizeof(cbb));

	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;

	if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
		d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);

		if (!CBB_init_fixed(&cbb, p, bufend - p))
			goto err;

		if (!CBB_add_u16(&cbb, s->version))
			goto err;
		if (!CBB_add_bytes(&cbb, s->s3->server_random,
		    sizeof(s->s3->server_random)))
			goto err;

		/*
		 * There are several cases for the session ID to send
		 * back in the server hello:
		 *
		 * - For session reuse from the session cache,
		 *   we send back the old session ID.
		 * - If stateless session reuse (using a session ticket)
		 *   is successful, we send back the client's "session ID"
		 *   (which doesn't actually identify the session).
		 * - If it is a new session, we send back the new
		 *   session ID.
		 * - However, if we want the new session to be single-use,
		 *   we send back a 0-length session ID.
		 *
		 * s->internal->hit is non-zero in either case of session reuse,
		 * so the following won't overwrite an ID that we're supposed
		 * to send back.
		 */
		if (!(s->ctx->internal->session_cache_mode & SSL_SESS_CACHE_SERVER)
		    && !s->internal->hit)
			s->session->session_id_length = 0;

		sl = s->session->session_id_length;
		if (sl > (int)sizeof(s->session->session_id)) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}

		if (!CBB_add_u8_length_prefixed(&cbb, &session_id))
			goto err;
		if (!CBB_add_bytes(&session_id, s->session->session_id, sl))
			goto err;

		/* Cipher suite. */
		if (!CBB_add_u16(&cbb,
		    ssl3_cipher_get_value(S3I(s)->tmp.new_cipher)))
			goto err;

		/* Compression method. */
		if (!CBB_add_u8(&cbb, 0))
			goto err;

		if (!CBB_finish(&cbb, NULL, &outlen))
			goto err;

		if ((p = ssl_add_serverhello_tlsext(s, p + outlen,
		    bufend)) == NULL) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto err;
		}

		ssl3_handshake_msg_finish(s, p - d);
	}

	/* SSL3_ST_SW_SRVR_HELLO_B */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (-1);
}

int
ssl3_send_server_done(SSL *s)
{
	CBB cbb, done;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,
		    SSL3_MT_SERVER_DONE))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
	}

	/* SSL3_ST_SW_SRVR_DONE_B */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (-1);
}

int
ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
{
	CBB dh_p, dh_g, dh_Ys;
	DH *dh = NULL, *dhp;
	unsigned char *data;
	int al;

	if (s->cert->dh_tmp_auto != 0) {
		if ((dhp = ssl_get_auto_dh(s)) == NULL) {
			al = SSL_AD_INTERNAL_ERROR;
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			goto f_err;
		}
	} else
		dhp = s->cert->dh_tmp;

	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
		dhp = s->cert->dh_tmp_cb(s, 0,
		    SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));

	if (dhp == NULL) {
		al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
		goto f_err;
	}

	if (S3I(s)->tmp.dh != NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	if (s->cert->dh_tmp_auto != 0) {
		dh = dhp;
	} else if ((dh = DHparams_dup(dhp)) == NULL) {
		SSLerror(s, ERR_R_DH_LIB);
		goto err;
	}
	S3I(s)->tmp.dh = dh;
	if (!DH_generate_key(dh)) {
		SSLerror(s, ERR_R_DH_LIB);
		goto err;
	}

	/*
	 * Serialize the DH parameters and public key.
	 */
	if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
		goto err;
	if (!CBB_add_space(&dh_p, &data, BN_num_bytes(dh->p)))
		goto err;
	BN_bn2bin(dh->p, data);

	if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
		goto err;
	if (!CBB_add_space(&dh_g, &data, BN_num_bytes(dh->g)))
		goto err;
	BN_bn2bin(dh->g, data);

	if (!CBB_add_u16_length_prefixed(cbb, &dh_Ys))
		goto err;
	if (!CBB_add_space(&dh_Ys, &data, BN_num_bytes(dh->pub_key)))
		goto err;
	BN_bn2bin(dh->pub_key, data);

	if (!CBB_flush(cbb))
		goto err;

	return (1);

 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	return (-1);
}

static int
ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
{
	CBB ecpoint;
	unsigned char *data;
	EC_KEY *ecdh = NULL, *ecdhp;
	const EC_GROUP *group;
	unsigned char *encodedPoint = NULL;
	int encodedlen = 0;
	int curve_id = 0;
	BN_CTX *bn_ctx = NULL;
	int al;

	ecdhp = s->cert->ecdh_tmp;
	if (s->cert->ecdh_tmp_auto != 0) {
		if (nid != NID_undef)
			ecdhp = EC_KEY_new_by_curve_name(nid);
	} else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {
		ecdhp = s->cert->ecdh_tmp_cb(s, 0,
		    SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));
	}
	if (ecdhp == NULL) {
		al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
		goto f_err;
	}

	if (S3I(s)->tmp.ecdh != NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}

	/* Duplicate the ECDH structure. */
	if (s->cert->ecdh_tmp_auto != 0) {
		ecdh = ecdhp;
	} else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}
	S3I(s)->tmp.ecdh = ecdh;

	if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
	    (EC_KEY_get0_private_key(ecdh) == NULL) ||
	    (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
		if (!EC_KEY_generate_key(ecdh)) {
			SSLerror(s, ERR_R_ECDH_LIB);
			goto err;
		}
	}

	if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
	    (EC_KEY_get0_public_key(ecdh)  == NULL) ||
	    (EC_KEY_get0_private_key(ecdh) == NULL)) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}

	/*
	 * Only named curves are supported in ECDH ephemeral key exchanges.
	 * For supported named curves, curve_id is non-zero.
	 */
	if ((curve_id = tls1_ec_nid2curve_id(
	    EC_GROUP_get_curve_name(group))) == 0) {
		SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
		goto err;
	}

	/*
	 * Encode the public key. First check the size of encoding and
	 * allocate memory accordingly.
	 */
	encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);

	encodedPoint = malloc(encodedlen);

	bn_ctx = BN_CTX_new();
	if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
	    POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx);

	if (encodedlen == 0) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}

	BN_CTX_free(bn_ctx);
	bn_ctx = NULL;

	/*
	 * Only named curves are supported in ECDH ephemeral key exchanges.
	 * In this case the ServerKeyExchange message has:
	 * [1 byte CurveType], [2 byte CurveName]
	 * [1 byte length of encoded point], followed by
	 * the actual encoded point itself.
	 */
	if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
		goto err;
	if (!CBB_add_u16(cbb, curve_id))
		goto err;
	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
		goto err;
	if (!CBB_add_space(&ecpoint, &data, encodedlen))
		goto err;

	memcpy(data, encodedPoint, encodedlen);

	free(encodedPoint);
	encodedPoint = NULL;

	if (!CBB_flush(cbb))
		goto err;

	return (1);
	
 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	free(encodedPoint);
	BN_CTX_free(bn_ctx);

	return (-1);
}

static int
ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
{
	uint8_t *public_key = NULL;
	int curve_id;
	CBB ecpoint;
	int ret = -1;

	/* Generate an X25519 key pair. */
	if (S3I(s)->tmp.x25519 != NULL) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err;
	}
	if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL)
		goto err;
	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
		goto err;
	X25519_keypair(public_key, S3I(s)->tmp.x25519);

	/* Serialize public key. */
	if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
		SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
		goto err;
	}

	if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
		goto err;
	if (!CBB_add_u16(cbb, curve_id))
		goto err;
	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
		goto err;
	if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH))
		goto err;
	if (!CBB_flush(cbb))
		goto err;

	ret = 1;

 err:
	free(public_key);

	return (ret);
}

static int
ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
{
	int nid;

	nid = tls1_get_shared_curve(s);

	if (s->cert->ecdh_tmp_auto != 0 && nid == NID_X25519)
		return ssl3_send_server_kex_ecdhe_ecx(s, nid, cbb);

	return ssl3_send_server_kex_ecdhe_ecp(s, nid, cbb);
}

int
ssl3_send_server_key_exchange(SSL *s)
{
	CBB cbb;
	unsigned char *params = NULL;
	size_t params_len;
	unsigned char *q;
	unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
	unsigned int u;
	EVP_PKEY *pkey;
	const EVP_MD *md = NULL;
	unsigned char *p, *d;
	int al, i, j, n, kn;
	unsigned long type;
	BUF_MEM *buf;
	EVP_MD_CTX md_ctx;

	memset(&cbb, 0, sizeof(cbb));

	EVP_MD_CTX_init(&md_ctx);
	if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
		type = S3I(s)->tmp.new_cipher->algorithm_mkey;

		buf = s->internal->init_buf;

		if (!CBB_init(&cbb, 0))
			goto err;

		if (type & SSL_kDHE) {
			if (ssl3_send_server_kex_dhe(s, &cbb) != 1)
				goto err;
		} else if (type & SSL_kECDHE) {
			if (ssl3_send_server_kex_ecdhe(s, &cbb) != 1)
				goto err;
		} else {
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
			goto f_err;
		}

		if (!CBB_finish(&cbb, &params, &params_len))
			goto err;

		if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
			if ((pkey = ssl_get_sign_pkey(
			    s, S3I(s)->tmp.new_cipher, &md)) == NULL) {
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			kn = EVP_PKEY_size(pkey);
		} else {
			pkey = NULL;
			kn = 0;
		}

		if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
		    params_len + kn)) {
			SSLerror(s, ERR_LIB_BUF);
			goto err;
		}

		d = p = ssl3_handshake_msg_start(s,
		    SSL3_MT_SERVER_KEY_EXCHANGE);

		memcpy(p, params, params_len);

		free(params);
		params = NULL;

		n = params_len;
		p += params_len;

		/* not anonymous */
		if (pkey != NULL) {
			/*
			 * n is the length of the params, they start at &(d[4])
			 * and p points to the space at the end.
			 */
			if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
				q = md_buf;
				j = 0;
				if (!EVP_DigestInit_ex(&md_ctx, EVP_md5_sha1(),
				    NULL))
					goto err;
				EVP_DigestUpdate(&md_ctx, s->s3->client_random,
				    SSL3_RANDOM_SIZE);
				EVP_DigestUpdate(&md_ctx, s->s3->server_random,
				    SSL3_RANDOM_SIZE);
				EVP_DigestUpdate(&md_ctx, d, n);
				EVP_DigestFinal_ex(&md_ctx, q,
				    (unsigned int *)&i);
				q += i;
				j += i;
				if (RSA_sign(NID_md5_sha1, md_buf, j,
				    &(p[2]), &u, pkey->pkey.rsa) <= 0) {
					SSLerror(s, ERR_R_RSA_LIB);
					goto err;
				}
				s2n(u, p);
				n += u + 2;
			} else if (md) {
				/* Send signature algorithm. */
				if (SSL_USE_SIGALGS(s)) {
					if (!tls12_get_sigandhash(p, pkey, md)) {
						/* Should never happen */
						al = SSL_AD_INTERNAL_ERROR;
						SSLerror(s, ERR_R_INTERNAL_ERROR);
						goto f_err;
					}
					p += 2;
				}
				EVP_SignInit_ex(&md_ctx, md, NULL);
				EVP_SignUpdate(&md_ctx,
				    s->s3->client_random,
				    SSL3_RANDOM_SIZE);
				EVP_SignUpdate(&md_ctx,
				    s->s3->server_random,
				    SSL3_RANDOM_SIZE);
				EVP_SignUpdate(&md_ctx, d, n);
				if (!EVP_SignFinal(&md_ctx, &p[2],
					(unsigned int *)&i, pkey)) {
					SSLerror(s, ERR_R_EVP_LIB);
					goto err;
				}
				s2n(i, p);
				n += i + 2;
				if (SSL_USE_SIGALGS(s))
					n += 2;
			} else {
				/* Is this error check actually needed? */
				al = SSL_AD_HANDSHAKE_FAILURE;
				SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
				goto f_err;
			}
		}

		ssl3_handshake_msg_finish(s, n);
	}

	s->internal->state = SSL3_ST_SW_KEY_EXCH_B;

	EVP_MD_CTX_cleanup(&md_ctx);

	return (ssl3_handshake_write(s));
	
 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	free(params);
	EVP_MD_CTX_cleanup(&md_ctx);
	CBB_cleanup(&cbb);

	return (-1);
}

int
ssl3_send_certificate_request(SSL *s)
{
	unsigned char *p, *d;
	int i, j, nl, off, n;
	STACK_OF(X509_NAME) *sk = NULL;
	X509_NAME *name;
	BUF_MEM *buf;

	if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {
		buf = s->internal->init_buf;

		d = p = ssl3_handshake_msg_start(s,
		    SSL3_MT_CERTIFICATE_REQUEST);

		/* get the list of acceptable cert types */
		p++;
		n = ssl3_get_req_cert_type(s, p);
		d[0] = n;
		p += n;
		n++;

		if (SSL_USE_SIGALGS(s)) {
			nl = tls12_get_req_sig_algs(s, p + 2);
			s2n(nl, p);
			p += nl + 2;
			n += nl + 2;
		}

		off = n;
		p += 2;
		n += 2;

		sk = SSL_get_client_CA_list(s);
		nl = 0;
		if (sk != NULL) {
			for (i = 0; i < sk_X509_NAME_num(sk); i++) {
				name = sk_X509_NAME_value(sk, i);
				j = i2d_X509_NAME(name, NULL);
				if (!BUF_MEM_grow_clean(buf,
				    ssl3_handshake_msg_hdr_len(s) + n + j
				    + 2)) {
					SSLerror(s, ERR_R_BUF_LIB);
					goto err;
				}
				p = ssl3_handshake_msg_start(s,
				    SSL3_MT_CERTIFICATE_REQUEST) + n;
				s2n(j, p);
				i2d_X509_NAME(name, &p);
				n += 2 + j;
				nl += 2 + j;
			}
		}
		/* else no CA names */
		p = ssl3_handshake_msg_start(s,
		    SSL3_MT_CERTIFICATE_REQUEST) + off;
		s2n(nl, p);

		ssl3_handshake_msg_finish(s, n);

		s->internal->state = SSL3_ST_SW_CERT_REQ_B;
	}

	/* SSL3_ST_SW_CERT_REQ_B */
	return (ssl3_handshake_write(s));
err:
	return (-1);
}

static int
ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
{
	unsigned char fakekey[SSL_MAX_MASTER_KEY_LENGTH];
	unsigned char *d;
	RSA *rsa = NULL;
	EVP_PKEY *pkey = NULL;
	int i, al;

	d = p;

	arc4random_buf(fakekey, sizeof(fakekey));
	fakekey[0] = s->client_version >> 8;
	fakekey[1] = s->client_version & 0xff;

	pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
	if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
	    (pkey->pkey.rsa == NULL)) {
		al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE);
		goto f_err;
	}
	rsa = pkey->pkey.rsa;

	if (2 > n)
		goto truncated;
	n2s(p, i);
	if (n != i + 2) {
		SSLerror(s, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
		goto err;
	} else
		n = i;

	i = RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);

	ERR_clear_error();

	al = -1;

	if (i != SSL_MAX_MASTER_KEY_LENGTH) {
		al = SSL_AD_DECODE_ERROR;
		/* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */
	}

	if (p - d + 2 > n)	/* needed in the SSL3 case */
		goto truncated;
	if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
	    (p[1] == (s->client_version & 0xff)))) {
		/*
		 * The premaster secret must contain the same version
		 * number as the ClientHello to detect version rollback
		 * attacks (strangely, the protocol does not offer such
		 * protection for DH ciphersuites).
		 * However, buggy clients exist that send the negotiated
		 * protocol version instead if the server does not
		 * support the requested protocol version.
		 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
		 * clients.
		 */
		if (!((s->internal->options & SSL_OP_TLS_ROLLBACK_BUG) &&
		    (p[0] == (s->version >> 8)) &&
		    (p[1] == (s->version & 0xff)))) {
			al = SSL_AD_DECODE_ERROR;
			/* SSLerror(s, SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */

			/*
			 * The Klima-Pokorny-Rosa extension of
			 * Bleichenbacher's attack
			 * (http://eprint.iacr.org/2003/052/) exploits
			 * the version number check as a "bad version
			 * oracle" -- an alert would reveal that the
			 * plaintext corresponding to some ciphertext
			 * made up by the adversary is properly
			 * formatted except that the version number is
			 * wrong.
			 * To avoid such attacks, we should treat this
			 * just like any other decryption error.
			 */
		}
	}

	if (al != -1) {
		/*
		 * Some decryption failure -- use random value instead
		 * as countermeasure against Bleichenbacher's attack
		 * on PKCS #1 v1.5 RSA padding (see RFC 2246,
		 * section 7.4.7.1).
		 */
		i = SSL_MAX_MASTER_KEY_LENGTH;
		p = fakekey;
	}

	s->session->master_key_length =
	    tls1_generate_master_secret(s,
	        s->session->master_key, p, i);

	explicit_bzero(p, i);

	return (1);
truncated:
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
	return (-1);
}

static int
ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
{
	BIGNUM *bn = NULL;
	int key_size, al;
	CBS cbs, dh_Yc;
	DH *dh;

	if (n < 0)
		goto err;

	CBS_init(&cbs, p, n);

	if (!CBS_get_u16_length_prefixed(&cbs, &dh_Yc))
		goto truncated;

	if (CBS_len(&cbs) != 0)
		goto truncated;

	if (S3I(s)->tmp.dh == NULL) {
		al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
		goto f_err;
	}
	dh = S3I(s)->tmp.dh;

	if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) {
		SSLerror(s, SSL_R_BN_LIB);
		goto err;
	}

	key_size = DH_compute_key(p, bn, dh);
	if (key_size <= 0) {
		SSLerror(s, ERR_R_DH_LIB);
		BN_clear_free(bn);
		goto err;
	}

	s->session->master_key_length =
	    tls1_generate_master_secret(
	        s, s->session->master_key, p, key_size);

	explicit_bzero(p, key_size);

	DH_free(S3I(s)->tmp.dh);
	S3I(s)->tmp.dh = NULL;

	BN_clear_free(bn);

	return (1);

 truncated:
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	return (-1);
}

static int
ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
{
	EC_KEY *srvr_ecdh = NULL;
	EVP_PKEY *clnt_pub_pkey = NULL;
	EC_POINT *clnt_ecpoint = NULL;
	BN_CTX *bn_ctx = NULL;
	int i, al;

	int ret = 1;
	int key_size;
	const EC_KEY   *tkey;
	const EC_GROUP *group;
	const BIGNUM *priv_key;

	/* Initialize structures for server's ECDH key pair. */
	if ((srvr_ecdh = EC_KEY_new()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	/*
	 * Use the ephemeral values we saved when
	 * generating the ServerKeyExchange message.
	 */
	tkey = S3I(s)->tmp.ecdh;

	group = EC_KEY_get0_group(tkey);
	priv_key = EC_KEY_get0_private_key(tkey);

	if (!EC_KEY_set_group(srvr_ecdh, group) ||
	    !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
		SSLerror(s, ERR_R_EC_LIB);
		goto err;
	}

	/* Let's get client's public key */
	if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (n == 0L) {
		/* Client Publickey was in Client Certificate */
		if (((clnt_pub_pkey = X509_get_pubkey(
		    s->session->peer)) == NULL) ||
		    (clnt_pub_pkey->type != EVP_PKEY_EC)) {
			/*
			 * XXX: For now, we do not support client
			 * authentication using ECDH certificates
			 * so this branch (n == 0L) of the code is
			 * never executed. When that support is
			 * added, we ought to ensure the key
			 * received in the certificate is
			 * authorized for key agreement.
			 * ECDH_compute_key implicitly checks that
			 * the two ECDH shares are for the same
			 * group.
			 */
			al = SSL_AD_HANDSHAKE_FAILURE;
			SSLerror(s, SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
			goto f_err;
		}

		if (EC_POINT_copy(clnt_ecpoint,
		    EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
		    == 0) {
			SSLerror(s, ERR_R_EC_LIB);
			goto err;
		}
		ret = 2; /* Skip certificate verify processing */
	} else {
		/*
		 * Get client's public key from encoded point
		 * in the ClientKeyExchange message.
		 */
		if ((bn_ctx = BN_CTX_new()) == NULL) {
			SSLerror(s, ERR_R_MALLOC_FAILURE);
			goto err;
		}

		/* Get encoded point length */
		i = *p;

		p += 1;
		if (n != 1 + i) {
			SSLerror(s, ERR_R_EC_LIB);
			goto err;
		}
		if (EC_POINT_oct2point(group,
			clnt_ecpoint, p, i, bn_ctx) == 0) {
			SSLerror(s, ERR_R_EC_LIB);
			goto err;
		}
		/*
		 * p is pointing to somewhere in the buffer
		 * currently, so set it to the start.
		 */
		p = (unsigned char *)s->internal->init_buf->data;
	}

	/* Compute the shared pre-master secret */
	key_size = ECDH_size(srvr_ecdh);
	if (key_size <= 0) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}
	i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,
	    NULL);
	if (i <= 0) {
		SSLerror(s, ERR_R_ECDH_LIB);
		goto err;
	}

	EVP_PKEY_free(clnt_pub_pkey);
	EC_POINT_free(clnt_ecpoint);
	EC_KEY_free(srvr_ecdh);
	BN_CTX_free(bn_ctx);
	EC_KEY_free(S3I(s)->tmp.ecdh);
	S3I(s)->tmp.ecdh = NULL;

	/* Compute the master secret */
	s->session->master_key_length =
	    tls1_generate_master_secret(
		s, s->session->master_key, p, i);

	explicit_bzero(p, i);
	return (ret);

 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	EVP_PKEY_free(clnt_pub_pkey);
	EC_POINT_free(clnt_ecpoint);
	EC_KEY_free(srvr_ecdh);
	BN_CTX_free(bn_ctx);
	return (-1);
}

static int
ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
{
	uint8_t *shared_key = NULL;
	CBS cbs, ecpoint;
	int ret = -1;

	if (n < 0)
		goto err;

	CBS_init(&cbs, p, n);
	if (!CBS_get_u8_length_prefixed(&cbs, &ecpoint))
		goto err;
	if (CBS_len(&ecpoint) != X25519_KEY_LENGTH)
		goto err;

	if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL)
		goto err;
	if (!X25519(shared_key, S3I(s)->tmp.x25519, CBS_data(&ecpoint)))
		goto err;

	explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
	free(S3I(s)->tmp.x25519);
	S3I(s)->tmp.x25519 = NULL;

	s->session->master_key_length =
	    tls1_generate_master_secret(
		s, s->session->master_key, shared_key, X25519_KEY_LENGTH);

	ret = 1;

 err:
	if (shared_key != NULL)
		explicit_bzero(shared_key, X25519_KEY_LENGTH);
	free(shared_key);

	return (ret);
}

static int
ssl3_get_client_kex_ecdhe(SSL *s, unsigned char *p, long n)
{
        if (S3I(s)->tmp.x25519 != NULL)
		return ssl3_get_client_kex_ecdhe_ecx(s, p, n);

	return ssl3_get_client_kex_ecdhe_ecp(s, p, n);
}

static int
ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
{

	EVP_PKEY_CTX *pkey_ctx;
	EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
	unsigned char premaster_secret[32], *start;
	size_t outlen = 32, inlen;
	unsigned long alg_a;
	int Ttag, Tclass;
	long Tlen;
	int al;
	int ret = 0;

	/* Get our certificate private key*/
	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
	if (alg_a & SSL_aGOST01)
		pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;

	pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
	EVP_PKEY_decrypt_init(pkey_ctx);
	/*
	 * If client certificate is present and is of the same type,
	 * maybe use it for key exchange.
	 * Don't mind errors from EVP_PKEY_derive_set_peer, because
	 * it is completely valid to use a client certificate for
	 * authorization only.
	 */
	client_pub_pkey = X509_get_pubkey(s->session->peer);
	if (client_pub_pkey) {
		if (EVP_PKEY_derive_set_peer(pkey_ctx,
		    client_pub_pkey) <= 0)
			ERR_clear_error();
	}
	if (2 > n)
		goto truncated;
	/* Decrypt session key */
	if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
	    &Tclass, n) != V_ASN1_CONSTRUCTED ||
	    Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
		SSLerror(s, SSL_R_DECRYPTION_FAILED);
		goto gerr;
	}
	start = p;
	inlen = Tlen;
	if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
	    start, inlen) <=0) {
		SSLerror(s, SSL_R_DECRYPTION_FAILED);
		goto gerr;
	}
	/* Generate master secret */
	s->session->master_key_length =
	    tls1_generate_master_secret(
		s, s->session->master_key, premaster_secret, 32);
	/* Check if pubkey from client certificate was used */
	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
	    EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
		ret = 2;
	else
		ret = 1;
 gerr:
	EVP_PKEY_free(client_pub_pkey);
	EVP_PKEY_CTX_free(pkey_ctx);
	if (ret)
		return (ret);
	else
		goto err;

 truncated:
	al = SSL_AD_DECODE_ERROR;
	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	return (-1);
}

int
ssl3_get_client_key_exchange(SSL *s)
{
	unsigned long alg_k;
	unsigned char *p;
	int al, ok;
	long n;

	/* 2048 maxlen is a guess.  How long a key does that permit? */
	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
	    SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
	if (!ok)
		return ((int)n);

	p = (unsigned char *)s->internal->init_msg;

	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;

	if (alg_k & SSL_kRSA) {
		if (ssl3_get_client_kex_rsa(s, p, n) != 1)
			goto err;
	} else if (alg_k & SSL_kDHE) {
		if (ssl3_get_client_kex_dhe(s, p, n) != 1)
			goto err;
	} else if (alg_k & SSL_kECDHE) {
		if (ssl3_get_client_kex_ecdhe(s, p, n) != 1)
			goto err;
	} else if (alg_k & SSL_kGOST) {
		if (ssl3_get_client_kex_gost(s, p, n) != 1)
			goto err;
	} else {
		al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
		goto f_err;
	}

	return (1);

 f_err:
	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
	return (-1);
}

int
ssl3_get_cert_verify(SSL *s)
{
	EVP_PKEY *pkey = NULL;
	unsigned char *p;
	int al, ok, ret = 0;
	long n;
	int type = 0, i, j;
	X509 *peer;
	const EVP_MD *md = NULL;
	EVP_MD_CTX mctx;
	EVP_MD_CTX_init(&mctx);

	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
	    SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
	if (!ok)
		return ((int)n);

	if (s->session->peer != NULL) {
		peer = s->session->peer;
		pkey = X509_get_pubkey(peer);
		type = X509_certificate_type(peer, pkey);
	} else {
		peer = NULL;
		pkey = NULL;
	}

	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
		S3I(s)->tmp.reuse_message = 1;
		if (peer != NULL) {
			al = SSL_AD_UNEXPECTED_MESSAGE;
			SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
			goto f_err;
		}
		ret = 1;
		goto end;
	}

	if (peer == NULL) {
		SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED);
		al = SSL_AD_UNEXPECTED_MESSAGE;
		goto f_err;
	}

	if (!(type & EVP_PKT_SIGN)) {
		SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
		al = SSL_AD_ILLEGAL_PARAMETER;
		goto f_err;
	}

	if (S3I(s)->change_cipher_spec) {
		SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
		al = SSL_AD_UNEXPECTED_MESSAGE;
		goto f_err;
	}

	/* we now have a signature that we need to verify */
	p = (unsigned char *)s->internal->init_msg;
	/*
	 * Check for broken implementations of GOST ciphersuites.
	 *
	 * If key is GOST and n is exactly 64, it is a bare
	 * signature without length field.
	 */
	if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
	    pkey->type == NID_id_GostR3410_2001) ) {
		i = 64;
	} else {
		if (SSL_USE_SIGALGS(s)) {
			int sigalg = tls12_get_sigid(pkey);
			/* Should never happen */
			if (sigalg == -1) {
				SSLerror(s, ERR_R_INTERNAL_ERROR);
				al = SSL_AD_INTERNAL_ERROR;
				goto f_err;
			}
			if (2 > n)
				goto truncated;
			/* Check key type is consistent with signature */
			if (sigalg != (int)p[1]) {
				SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			md = tls12_get_hash(p[0]);
			if (md == NULL) {
				SSLerror(s, SSL_R_UNKNOWN_DIGEST);
				al = SSL_AD_DECODE_ERROR;
				goto f_err;
			}
			p += 2;
			n -= 2;
		}
		if (2 > n)
			goto truncated;
		n2s(p, i);
		n -= 2;
		if (i > n)
			goto truncated;
	}
	j = EVP_PKEY_size(pkey);
	if ((i > j) || (n > j) || (n <= 0)) {
		SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
		al = SSL_AD_DECODE_ERROR;
		goto f_err;
	}

	if (SSL_USE_SIGALGS(s)) {
		long hdatalen = 0;
		void *hdata;
		hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
		if (hdatalen <= 0) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
		    !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
			SSLerror(s, ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}

		if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerror(s, SSL_R_BAD_SIGNATURE);
			goto f_err;
		}
	} else
	if (pkey->type == EVP_PKEY_RSA) {
		i = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
		    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
		    pkey->pkey.rsa);
		if (i < 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerror(s, SSL_R_BAD_RSA_DECRYPT);
			goto f_err;
		}
		if (i == 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerror(s, SSL_R_BAD_RSA_SIGNATURE);
			goto f_err;
		}
	} else
	if (pkey->type == EVP_PKEY_DSA) {
		j = DSA_verify(pkey->save_type,
		    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
		    SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
		if (j <= 0) {
			/* bad signature */
			al = SSL_AD_DECRYPT_ERROR;
			SSLerror(s, SSL_R_BAD_DSA_SIGNATURE);
			goto f_err;
		}
	} else
	if (pkey->type == EVP_PKEY_EC) {
		j = ECDSA_verify(pkey->save_type,
		    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
		    SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
		if (j <= 0) {
			/* bad signature */
			al = SSL_AD_DECRYPT_ERROR;
			SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
			goto f_err;
		}
	} else
#ifndef OPENSSL_NO_GOST
	if (pkey->type == NID_id_GostR3410_94 ||
	    pkey->type == NID_id_GostR3410_2001) {
		long hdatalen = 0;
		void *hdata;
		unsigned char signature[128];
		unsigned int siglen = sizeof(signature);
		int nid;
		EVP_PKEY_CTX *pctx;

		hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
		if (hdatalen <= 0) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
				!(md = EVP_get_digestbynid(nid))) {
			SSLerror(s, ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		pctx = EVP_PKEY_CTX_new(pkey, NULL);
		if (!pctx) {
			SSLerror(s, ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
		if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
		    !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
		    !EVP_DigestFinal(&mctx, signature, &siglen) ||
		    (EVP_PKEY_verify_init(pctx) <= 0) ||
		    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
		    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
				       EVP_PKEY_CTRL_GOST_SIG_FORMAT,
				       GOST_SIG_FORMAT_RS_LE,
				       NULL) <= 0)) {
			SSLerror(s, ERR_R_EVP_LIB);
			al = SSL_AD_INTERNAL_ERROR;
			EVP_PKEY_CTX_free(pctx);
			goto f_err;
		}

		if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
			al = SSL_AD_DECRYPT_ERROR;
			SSLerror(s, SSL_R_BAD_SIGNATURE);
			EVP_PKEY_CTX_free(pctx);
			goto f_err;
		}

		EVP_PKEY_CTX_free(pctx);
	} else
#endif
	{
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		al = SSL_AD_UNSUPPORTED_CERTIFICATE;
		goto f_err;
	}


	ret = 1;
	if (0) {
truncated:
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
end:
	if (S3I(s)->handshake_buffer) {
		BIO_free(S3I(s)->handshake_buffer);
		S3I(s)->handshake_buffer = NULL;
		s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
	}
	EVP_MD_CTX_cleanup(&mctx);
	EVP_PKEY_free(pkey);
	return (ret);
}

int
ssl3_get_client_certificate(SSL *s)
{
	CBS cbs, client_certs;
	int i, ok, al, ret = -1;
	X509 *x = NULL;
	long n;
	const unsigned char *q;
	STACK_OF(X509) *sk = NULL;

	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
	    -1, s->internal->max_cert_list, &ok);

	if (!ok)
		return ((int)n);

	if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
		if ((s->verify_mode & SSL_VERIFY_PEER) &&
		    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
		    	SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
			al = SSL_AD_HANDSHAKE_FAILURE;
			goto f_err;
		}
		/*
		 * If tls asked for a client cert,
		 * the client must return a 0 list.
		 */
		if (S3I(s)->tmp.cert_request) {
			SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
			    );
			al = SSL_AD_UNEXPECTED_MESSAGE;
			goto f_err;
		}
		S3I(s)->tmp.reuse_message = 1;
		return (1);
	}

	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
		goto f_err;
	}

	if (n < 0)
		goto truncated;

	CBS_init(&cbs, s->internal->init_msg, n);

	if ((sk = sk_X509_new_null()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
	    CBS_len(&cbs) != 0)
		goto truncated;

	while (CBS_len(&client_certs) > 0) {
		CBS cert;

		if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}

		q = CBS_data(&cert);
		x = d2i_X509(NULL, &q, CBS_len(&cert));
		if (x == NULL) {
			SSLerror(s, ERR_R_ASN1_LIB);
			goto err;
		}
		if (q != CBS_data(&cert) + CBS_len(&cert)) {
			al = SSL_AD_DECODE_ERROR;
			SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
			goto f_err;
		}
		if (!sk_X509_push(sk, x)) {
			SSLerror(s, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		x = NULL;
	}

	if (sk_X509_num(sk) <= 0) {
		/*
		 * TLS does not mind 0 certs returned.
		 * Fail for TLS only if we required a certificate.
		 */
		if ((s->verify_mode & SSL_VERIFY_PEER) &&
		    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
			SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
			al = SSL_AD_HANDSHAKE_FAILURE;
			goto f_err;
		}
		/* No client certificate so digest cached records */
		if (S3I(s)->handshake_buffer && !tls1_digest_cached_records(s)) {
			al = SSL_AD_INTERNAL_ERROR;
			goto f_err;
		}
	} else {
		i = ssl_verify_cert_chain(s, sk);
		if (i <= 0) {
			al = ssl_verify_alarm_type(s->verify_result);
			SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED);
			goto f_err;
		}
	}

	X509_free(s->session->peer);
	s->session->peer = sk_X509_shift(sk);
	s->session->verify_result = s->verify_result;

	/*
	 * With the current implementation, sess_cert will always be NULL
	 * when we arrive here
	 */
	if (SSI(s)->sess_cert == NULL) {
		SSI(s)->sess_cert = ssl_sess_cert_new();
		if (SSI(s)->sess_cert == NULL) {
			SSLerror(s, ERR_R_MALLOC_FAILURE);
			goto err;
		}
	}
	sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
	SSI(s)->sess_cert->cert_chain = sk;

	/*
	 * Inconsistency alert: cert_chain does *not* include the
	 * peer's own certificate, while we do include it in s3_clnt.c
	 */

	sk = NULL;

	ret = 1;
	if (0) {
truncated:
		al = SSL_AD_DECODE_ERROR;
		SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
	}
err:
	X509_free(x);
	sk_X509_pop_free(sk, X509_free);

	return (ret);
}

int
ssl3_send_server_certificate(SSL *s)
{
	CBB cbb, server_cert;
	X509 *x;

	/*
	 * Server Certificate - RFC 5246, section 7.4.2.
	 */

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_SW_CERT_A) {
		if ((x = ssl_get_server_send_cert(s)) == NULL) {
			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return (0);
		}

		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_cert,
		    SSL3_MT_CERTIFICATE))
			goto err;
		if (!ssl3_output_cert_chain(s, &server_cert, x))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_SW_CERT_B;
	}

	/* SSL3_ST_SW_CERT_B */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (0);
}

/* send a new session ticket (not necessarily for a new session) */
int
ssl3_send_newsession_ticket(SSL *s)
{
	unsigned char *d, *p, *macstart;
	unsigned char *senc = NULL;
	const unsigned char *const_p;
	int len, slen_full, slen;
	SSL_SESSION *sess;
	unsigned int hlen;
	EVP_CIPHER_CTX ctx;
	HMAC_CTX hctx;
	SSL_CTX *tctx = s->initial_ctx;
	unsigned char iv[EVP_MAX_IV_LENGTH];
	unsigned char key_name[16];

	if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {
		/* get session encoding length */
		slen_full = i2d_SSL_SESSION(s->session, NULL);
		/*
		 * Some length values are 16 bits, so forget it if session is
 		 * too long
 		 */
		if (slen_full > 0xFF00)
			goto err;
		senc = malloc(slen_full);
		if (!senc)
			goto err;
		p = senc;
		i2d_SSL_SESSION(s->session, &p);

		/*
		 * Create a fresh copy (not shared with other threads) to
		 * clean up
		 */
		const_p = senc;
		sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
		if (sess == NULL)
			goto err;

		/* ID is irrelevant for the ticket */
		sess->session_id_length = 0;

		slen = i2d_SSL_SESSION(sess, NULL);
		if (slen > slen_full) {
			/* shouldn't ever happen */
			goto err;
		}
		p = senc;
		i2d_SSL_SESSION(sess, &p);
		SSL_SESSION_free(sess);

		/*
		 * Grow buffer if need be: the length calculation is as
 		 * follows 1 (size of message name) + 3 (message length
 		 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
 		 * 16 (key name) + max_iv_len (iv length) +
 		 * session_length + max_enc_block_size (max encrypted session
 		 * length) + max_md_size (HMAC).
 		 */
		if (!BUF_MEM_grow(s->internal->init_buf, ssl3_handshake_msg_hdr_len(s) +
		    22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
		    EVP_MAX_MD_SIZE + slen))
			goto err;

		d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEWSESSION_TICKET);

		EVP_CIPHER_CTX_init(&ctx);
		HMAC_CTX_init(&hctx);

		/*
		 * Initialize HMAC and cipher contexts. If callback present
		 * it does all the work otherwise use generated values
		 * from parent ctx.
		 */
		if (tctx->internal->tlsext_ticket_key_cb) {
			if (tctx->internal->tlsext_ticket_key_cb(s,
			    key_name, iv, &ctx, &hctx, 1) < 0) {
				EVP_CIPHER_CTX_cleanup(&ctx);
				goto err;
			}
		} else {
			arc4random_buf(iv, 16);
			EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
			    tctx->internal->tlsext_tick_aes_key, iv);
			HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key,
			    16, tlsext_tick_md(), NULL);
			memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16);
		}

		/*
		 * Ticket lifetime hint (advisory only):
		 * We leave this unspecified for resumed session
		 * (for simplicity), and guess that tickets for new
		 * sessions will live as long as their sessions.
		 */
		l2n(s->internal->hit ? 0 : s->session->timeout, p);

		/* Skip ticket length for now */
		p += 2;
		/* Output key name */
		macstart = p;
		memcpy(p, key_name, 16);
		p += 16;
		/* output IV */
		memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
		p += EVP_CIPHER_CTX_iv_length(&ctx);
		/* Encrypt session data */
		EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
		p += len;
		EVP_EncryptFinal_ex(&ctx, p, &len);
		p += len;
		EVP_CIPHER_CTX_cleanup(&ctx);

		HMAC_Update(&hctx, macstart, p - macstart);
		HMAC_Final(&hctx, p, &hlen);
		HMAC_CTX_cleanup(&hctx);
		p += hlen;

		/* Now write out lengths: p points to end of data written */
		/* Total length */
		len = p - d;

		/* Skip ticket lifetime hint. */
		p = d + 4;
		s2n(len - 6, p); /* Message length */

		ssl3_handshake_msg_finish(s, len);

		s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;

		explicit_bzero(senc, slen_full);
		free(senc);
	}

	/* SSL3_ST_SW_SESSION_TICKET_B */
	return (ssl3_handshake_write(s));

 err:
	if (senc != NULL)
		explicit_bzero(senc, slen_full);
	free(senc);

	return (-1);
}

int
ssl3_send_cert_status(SSL *s)
{
	CBB cbb, certstatus, ocspresp;

	memset(&cbb, 0, sizeof(cbb));

	if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
		if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,
		    SSL3_MT_CERTIFICATE_STATUS))
			goto err;
		if (!CBB_add_u8(&certstatus, s->tlsext_status_type))
			goto err;
		if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
			goto err;
		if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,
		    s->internal->tlsext_ocsp_resplen))
			goto err;
		if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
			goto err;

		s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
	}

	/* SSL3_ST_SW_CERT_STATUS_B */
	return (ssl3_handshake_write(s));

 err:
	CBB_cleanup(&cbb);

	return (-1);
}

/*
 * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
 * It sets the next_proto member in s if found
 */
int
ssl3_get_next_proto(SSL *s)
{
	CBS cbs, proto, padding;
	int ok;
	long n;
	size_t len;

	/*
	 * Clients cannot send a NextProtocol message if we didn't see the
	 * extension in their ClientHello
	 */
	if (!S3I(s)->next_proto_neg_seen) {
		SSLerror(s, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
		return (-1);
	}

	/* 514 maxlen is enough for the payload format below */
	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
	    SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
	if (!ok)
		return ((int)n);

	/*
	 * s->internal->state doesn't reflect whether ChangeCipherSpec has been received
	 * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
	 * by ssl3_get_finished).
	 */
	if (!S3I(s)->change_cipher_spec) {
		SSLerror(s, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
		return (-1);
	}

	if (n < 2)
		return (0);
	/* The body must be > 1 bytes long */

	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);

	/*
	 * The payload looks like:
	 *   uint8 proto_len;
	 *   uint8 proto[proto_len];
	 *   uint8 padding_len;
	 *   uint8 padding[padding_len];
	 */
	if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
	    !CBS_get_u8_length_prefixed(&cbs, &padding) ||
	    CBS_len(&cbs) != 0)
		return 0;

	/*
	 * XXX We should not NULL it, but this matches old behavior of not
	 * freeing before malloc.
	 */
	s->internal->next_proto_negotiated = NULL;
	s->internal->next_proto_negotiated_len = 0;

	if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		return (0);
	}
	s->internal->next_proto_negotiated_len = (uint8_t)len;

	return (1);
}
Changes to jni/libressl/ssl/ssl_stat.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_stat.c,v 1.11 2014/07/13 00:08:44 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_stat.c,v 1.13 2017/01/23 08:48:45 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#include "ssl_locl.h"

const char *
SSL_state_string_long(const SSL *s)
{
	const char *str;

	switch (s->state) {
	case SSL_ST_BEFORE:
		str = "before SSL initialization";
		break;
	case SSL_ST_ACCEPT:
		str = "before accept initialization";
		break;
	case SSL_ST_CONNECT:







|







87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#include "ssl_locl.h"

const char *
SSL_state_string_long(const SSL *s)
{
	const char *str;

	switch (s->internal->state) {
	case SSL_ST_BEFORE:
		str = "before SSL initialization";
		break;
	case SSL_ST_ACCEPT:
		str = "before accept initialization";
		break;
	case SSL_ST_CONNECT:
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
}

const char *
SSL_rstate_string_long(const SSL *s)
{
	const char *str;

	switch (s->rstate) {
	case SSL_ST_READ_HEADER:
		str = "read header";
		break;
	case SSL_ST_READ_BODY:
		str = "read body";
		break;
	case SSL_ST_READ_DONE:







|







321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
}

const char *
SSL_rstate_string_long(const SSL *s)
{
	const char *str;

	switch (s->internal->rstate) {
	case SSL_ST_READ_HEADER:
		str = "read header";
		break;
	case SSL_ST_READ_BODY:
		str = "read body";
		break;
	case SSL_ST_READ_DONE:
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
}

const char *
SSL_state_string(const SSL *s)
{
	const char *str;

	switch (s->state) {
	case SSL_ST_BEFORE:
		str = "PINIT ";
		break;
	case SSL_ST_ACCEPT:
		str = "AINIT ";
		break;
	case SSL_ST_CONNECT:







|







343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
}

const char *
SSL_state_string(const SSL *s)
{
	const char *str;

	switch (s->internal->state) {
	case SSL_ST_BEFORE:
		str = "PINIT ";
		break;
	case SSL_ST_ACCEPT:
		str = "AINIT ";
		break;
	case SSL_ST_CONNECT:
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
}

const char *
SSL_rstate_string(const SSL *s)
{
	const char *str;

	switch (s->rstate) {
	case SSL_ST_READ_HEADER:
		str = "RH";
		break;
	case SSL_ST_READ_BODY:
		str = "RB";
		break;
	case SSL_ST_READ_DONE:







|







779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
}

const char *
SSL_rstate_string(const SSL *s)
{
	const char *str;

	switch (s->internal->rstate) {
	case SSL_ST_READ_HEADER:
		str = "RH";
		break;
	case SSL_ST_READ_BODY:
		str = "RB";
		break;
	case SSL_ST_READ_DONE:
Changes to jni/libressl/ssl/ssl_txt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_txt.c,v 1.25 2014/11/16 14:12:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_txt.c,v 1.28 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
int
SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file_internal())) == NULL) {
		SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = SSL_SESSION_print(b, x);
	BIO_free(b);
	return (ret);
}







|







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
int
SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
{
	BIO *b;
	int ret;

	if ((b = BIO_new(BIO_s_file_internal())) == NULL) {
		SSLerrorx(ERR_R_BUF_LIB);
		return (0);
	}
	BIO_set_fp(b, fp, BIO_NOCLOSE);
	ret = SSL_SESSION_print(b, x);
	BIO_free(b);
	return (ret);
}
Added jni/libressl/ssl/ssl_versions.c.
























































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
/*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "ssl_locl.h"

static int
ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver,
    uint16_t clamp_min, uint16_t clamp_max)
{
	if (clamp_min > clamp_max || *min_ver > *max_ver)
		return 0;
	if (clamp_max < *min_ver || clamp_min > *max_ver)
		return 0;

	if (*min_ver < clamp_min)
		*min_ver = clamp_min;
	if (*max_ver > clamp_max)
		*max_ver = clamp_max;

	return 1;
}

int
ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
{
	uint16_t min_version, max_version;

	/*
	 * The enabled versions have to be a contiguous range, which means we
	 * cannot enable and disable single versions at our whim, even though
	 * this is what the OpenSSL flags allow. The historical way this has
	 * been handled is by making a flag mean that all higher versions
	 * are disabled, if any version lower than the flag is enabled.
	 */

	min_version = 0;
	max_version = TLS1_2_VERSION;

	if ((s->internal->options & SSL_OP_NO_TLSv1) == 0)
		min_version = TLS1_VERSION;
	else if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0)
		min_version = TLS1_1_VERSION;
	else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0)
		min_version = TLS1_2_VERSION;

	if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION)
		max_version = TLS1_1_VERSION;
	if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION)
		max_version = TLS1_VERSION;
	if ((s->internal->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION)
		max_version = 0;

	/* Everything has been disabled... */
	if (min_version == 0 || max_version == 0)
		return 0;

	/* Limit to configured version range. */
	if (!ssl_clamp_version_range(&min_version, &max_version,
	    s->internal->min_version, s->internal->max_version))
		return 0;

	if (min_ver != NULL)
		*min_ver = min_version;
	if (max_ver != NULL)
		*max_ver = max_version;

	return 1;
}

int
ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
{
	uint16_t min_version, max_version;

	/* DTLS cannot currently be disabled... */
	if (SSL_IS_DTLS(s)) {
		min_version = max_version = DTLS1_VERSION;
		goto done;
	}

	if (!ssl_enabled_version_range(s, &min_version, &max_version))
		return 0;

	/* Limit to the versions supported by this method. */
	if (!ssl_clamp_version_range(&min_version, &max_version,
	    s->method->internal->min_version,
	    s->method->internal->max_version))
		return 0;

 done:
	if (min_ver != NULL)
		*min_ver = min_version;
	if (max_ver != NULL)
		*max_ver = max_version;

	return 1;
}

int
ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
{
	uint16_t min_version, max_version, shared_version;

	*max_ver = 0;

	if (SSL_IS_DTLS(s)) {
		if (peer_ver >= DTLS1_VERSION) {
			*max_ver = DTLS1_VERSION;
			return 1;
		}
		return 0;
	}

	if (peer_ver >= TLS1_2_VERSION)
		shared_version = TLS1_2_VERSION;
	else if (peer_ver >= TLS1_1_VERSION)
		shared_version = TLS1_1_VERSION;
	else if (peer_ver >= TLS1_VERSION)
		shared_version = TLS1_VERSION;
	else
		return 0;

	if (!ssl_supported_version_range(s, &min_version, &max_version))
		return 0;

	if (shared_version < min_version)
		return 0;

	if (shared_version > max_version)
		shared_version = max_version;

	*max_ver = shared_version;

	return 1;
}

uint16_t
ssl_max_server_version(SSL *s)
{
	uint16_t max_version, min_version = 0;

	if (SSL_IS_DTLS(s))
		return (DTLS1_VERSION);

	if (!ssl_enabled_version_range(s, &min_version, &max_version))
		return 0;

	/*
	 * Limit to the versions supported by this method. The SSL method
	 * will be changed during version negotiation, as such we want to
	 * use the SSL method from the context.
	 */
	if (!ssl_clamp_version_range(&min_version, &max_version,
	    s->ctx->method->internal->min_version,
	    s->ctx->method->internal->max_version))
		return 0;

	return (max_version);
}
Changes to jni/libressl/ssl/t1_clnt.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t1_clnt.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t1_clnt.c,v 1.24 2017/01/26 05:31:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79




80
81
82
83
84




85
86
87
88
89










90

91
92



93
94
95
96



97
98

99
100
101









102


103
104
105
106
107
108
109
110
111




112
113
114
115
116




117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134


135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180




181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>

static const SSL_METHOD *tls1_get_client_method(int ver);

const SSL_METHOD TLS_client_method_data = {
	.version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl23_connect,
	.ssl_read = ssl23_read,
	.ssl_peek = ssl23_peek,
	.ssl_write = ssl23_write,
	.ssl_shutdown = ssl_undefined_function,




	.ssl_renegotiate = ssl_undefined_function,
	.ssl_renegotiate_check = ssl_ok,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,










	.ssl_pending = ssl_undefined_const_function,

	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,



	.get_ssl_method = tls1_get_client_method,
	.get_timeout = ssl23_default_timeout,
	.ssl3_enc = &ssl3_undef_enc_method,
	.ssl_version = ssl_undefined_void_function,



	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,

};

const SSL_METHOD TLSv1_client_method_data = {









	.version = TLS1_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,




	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD TLSv1_1_client_method_data = {
	.version = TLS1_1_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD TLSv1_2_client_method_data = {
	.version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_2_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

static const SSL_METHOD *
tls1_get_client_method(int ver)
{
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_client_method());
	if (ver == TLS1_1_VERSION)
		return (TLSv1_1_client_method());
	if (ver == TLS1_VERSION)







|
|
|
|




|
|
|
|
|
>
>
>
>





>
>
>
>

|
|


>
>
>
>
>
>
>
>
>
>
|
>
|
|
>
>
>

|
<

>
>
>
|
|
>


|
>
>
>
>
>
>
>
>
>
|
>
>









>
>
>
>





>
>
>
>

|
|


<
<
<
|
<
<
<
<
<


|
|
>
>









<
<
<
<
<
<
<
<
<
<

<
<


<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





>
>
>
>

|
|


<
<
<
<
<
|
<
<
<


|







60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165



166





167
168
169
170
171
172
173
174
175
176
177
178
179
180
181










182


183
184

185















186
187
188
189
190
191
192
193
194
195
196
197
198
199





200



201
202
203
204
205
206
207
208
209
210

#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>

static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
	.version = TLS1_2_VERSION,
	.min_version = TLS1_VERSION,
	.max_version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl_undefined_function,
	.ssl_renegotiate_check = ssl_ok,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_2_enc_data,
};

static const SSL_METHOD TLS_client_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.internal = &TLS_client_method_internal_data,
};

static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
	.version = TLS1_VERSION,
	.min_version = TLS1_VERSION,
	.max_version = TLS1_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_enc_data,
};

static const SSL_METHOD TLSv1_client_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.internal = &TLSv1_client_method_internal_data,
};

static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
	.version = TLS1_1_VERSION,
	.min_version = TLS1_1_VERSION,
	.max_version = TLS1_1_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_1_enc_data,
};

static const SSL_METHOD TLSv1_1_client_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,



	.internal = &TLSv1_1_client_method_internal_data,





};

static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
	.version = TLS1_2_VERSION,
	.min_version = TLS1_2_VERSION,
	.max_version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl_undefined_function,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,










	.ssl_pending = ssl3_pending,


	.get_ssl_method = tls1_get_client_method,
	.get_timeout = tls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,















	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_2_enc_data,
};

static const SSL_METHOD TLSv1_2_client_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,





	.internal = &TLSv1_2_client_method_internal_data,



};

const SSL_METHOD *
tls1_get_client_method(int ver)
{
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_client_method());
	if (ver == TLS1_1_VERSION)
		return (TLSv1_1_client_method());
	if (ver == TLS1_VERSION)
Changes to jni/libressl/ssl/t1_enc.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t1_enc.c,v 1.84 2016/03/06 14:52:15 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t1_enc.c,v 1.107 2017/03/25 13:42:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
131
132
133
134
135
136
137

138
139
140
141
142
143
144
145





146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203

204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254



255
256
257
258
259
260
261
262
263
264
265
266
267
268


269
270
271
272
273
274
275

276
277
278
279
280
281


282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327


328
329

330


331
332
333
334



335
336

337
338
339
340
341
342
343
344
345
346
347
348
349
350
351


352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378





379
380
381
382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398

399
400



401
402
403
404
405
406
407
408
409

410
411
412

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */


#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>






void
tls1_cleanup_key_block(SSL *s)
{
	if (s->s3->tmp.key_block != NULL) {
		explicit_bzero(s->s3->tmp.key_block,
		    s->s3->tmp.key_block_length);
		free(s->s3->tmp.key_block);
		s->s3->tmp.key_block = NULL;
	}
	s->s3->tmp.key_block_length = 0;
}

int
tls1_init_finished_mac(SSL *s)
{
	BIO_free(s->s3->handshake_buffer);
	tls1_free_digest_list(s);

	s->s3->handshake_buffer = BIO_new(BIO_s_mem());
	if (s->s3->handshake_buffer == NULL)
		return (0);

	(void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);

	return (1);
}

void
tls1_free_digest_list(SSL *s)
{
	int i;


	if (s == NULL)
		return;

	if (s->s3->handshake_dgst == NULL)
		return;
	for (i = 0; i < SSL_MAX_DIGEST; i++) {
		if (s->s3->handshake_dgst[i])
			EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
	}
	free(s->s3->handshake_dgst);
	s->s3->handshake_dgst = NULL;
}

void
tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
{
	if (s->s3->handshake_buffer &&
	    !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
		BIO_write(s->s3->handshake_buffer, (void *)buf, len);
	} else {
		int i;
		for (i = 0; i < SSL_MAX_DIGEST; i++) {
			if (s->s3->handshake_dgst[i]!= NULL)
				EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len);
		}
	}

}

int
tls1_digest_cached_records(SSL *s)
{
	int i;
	long mask;
	const EVP_MD *md;
	long hdatalen;
	void *hdata;

	tls1_free_digest_list(s);

	s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
	if (s->s3->handshake_dgst == NULL) {
		SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
	if (hdatalen <= 0) {
		SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
		    SSL_R_BAD_HANDSHAKE_LENGTH);
		return 0;
	}

	/* Loop through bits of the algorithm2 field and create MD contexts. */
	for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
		if ((mask & ssl_get_algorithm2(s)) && md) {
			s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
			if (s->s3->handshake_dgst[i] == NULL) {
				SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
				    ERR_R_MALLOC_FAILURE);
				return 0;
			}
			if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i],
			    md, NULL)) {
				EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
				return 0;
			}
			if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
			    hdatalen))
				return 0;
		}
	}

	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
		BIO_free(s->s3->handshake_buffer);
		s->s3->handshake_buffer = NULL;
	}

	return 1;



}

void
tls1_record_sequence_increment(unsigned char *seq)
{
	int i;

	for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
		if (++seq[i] != 0)
			break;
	}
}

/* seed1 through seed5 are virtually concatenated */


static int
tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
    const void *seed1, int seed1_len, const void *seed2, int seed2_len,
    const void *seed3, int seed3_len, const void *seed4, int seed4_len,
    const void *seed5, int seed5_len, unsigned char *out, int olen)
{
	int chunk;

	size_t j;
	EVP_MD_CTX ctx, ctx_tmp;
	EVP_PKEY *mac_key;
	unsigned char A1[EVP_MAX_MD_SIZE];
	size_t A1_len;
	int ret = 0;



	chunk = EVP_MD_size(md);
	OPENSSL_assert(chunk >= 0);

	EVP_MD_CTX_init(&ctx);
	EVP_MD_CTX_init(&ctx_tmp);
	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
	if (!mac_key)
		goto err;
	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
		goto err;
	if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
		goto err;
	if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
		goto err;
	if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
		goto err;
	if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
		goto err;
	if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
		goto err;
	if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
		goto err;
	if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
		goto err;

	for (;;) {
		/* Reinit mac contexts */
		if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
			goto err;
		if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
			goto err;
		if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
			goto err;
		if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
			goto err;
		if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
			goto err;
		if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
			goto err;
		if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
			goto err;
		if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
			goto err;
		if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
			goto err;



		if (olen > chunk) {

			if (!EVP_DigestSignFinal(&ctx, out, &j))


				goto err;
			out += j;
			olen -= j;
			/* calc the next A1 value */



			if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
				goto err;

		} else {
			/* last one */
			if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
				goto err;
			memcpy(out, A1, olen);
			break;
		}
	}
	ret = 1;

err:
	EVP_PKEY_free(mac_key);
	EVP_MD_CTX_cleanup(&ctx);
	EVP_MD_CTX_cleanup(&ctx_tmp);
	explicit_bzero(A1, sizeof(A1));


	return ret;
}

/* seed1 through seed5 are virtually concatenated */
static int
tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
    int seed2_len, const void *seed3, int seed3_len, const void *seed4,
    int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec,
    int slen, unsigned char *out1, unsigned char *out2, int olen)
{
	int len, i, idx, count;
	const unsigned char *S1;
	long m;
	const EVP_MD *md;
	int ret = 0;

	/* Count number of digests and partition sec evenly */
	count = 0;
	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
		if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
			count++;
	}
	if (count == 0) {
		SSLerr(SSL_F_TLS1_PRF,
		    SSL_R_SSL_HANDSHAKE_FAILURE);
		goto err;
	}





	len = slen / count;
	if (count == 1)
		slen = 0;
	S1 = sec;
	memset(out1, 0, olen);
	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
		if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
			if (!md) {
				SSLerr(SSL_F_TLS1_PRF,
				    SSL_R_UNSUPPORTED_DIGEST_TYPE);
				goto err;
			}

			if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
			    seed1_len, seed2, seed2_len, seed3, seed3_len,
			    seed4, seed4_len, seed5, seed5_len, out2, olen))
				goto err;
			S1 += len;
			for (i = 0; i < olen; i++) {
				out1[i] ^= out2[i];
			}

		}
	}



	ret = 1;

err:
	return ret;
}

static int
tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
{

	int ret;

	ret = tls1_PRF(ssl_get_algorithm2(s),

	    TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
	    s->s3->server_random, SSL3_RANDOM_SIZE,
	    s->s3->client_random, SSL3_RANDOM_SIZE,
	    NULL, 0, NULL, 0,
	    s->session->master_key, s->session->master_key_length,
	    km, tmp, num);
	return ret;
}

/*
 * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success
 * and 0 on failure.
 */
static int
tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
{
	if (*aead_ctx != NULL) {
		EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx);
		return (1);
	}

	*aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
	if (*aead_ctx == NULL) {
		SSLerr(SSL_F_TLS1_AEAD_CTX_INIT, ERR_R_MALLOC_FAILURE);
		return (0);
	}

	return (1);
}

static int
tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
    unsigned key_len, const unsigned char *iv, unsigned iv_len)
{
	const EVP_AEAD *aead = s->s3->tmp.new_aead;
	SSL_AEAD_CTX *aead_ctx;

	if (is_read) {
		if (!tls1_aead_ctx_init(&s->aead_read_ctx))
			return 0;
		aead_ctx = s->aead_read_ctx;
	} else {
		if (!tls1_aead_ctx_init(&s->aead_write_ctx))
			return 0;
		aead_ctx = s->aead_write_ctx;
	}

	if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
	    EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
		return (0);
	if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
		    ERR_R_INTERNAL_ERROR);
		return (0);
	}
	memcpy(aead_ctx->fixed_nonce, iv, iv_len);
	aead_ctx->fixed_nonce_len = iv_len;
	aead_ctx->variable_nonce_len = 8;  /* always the case, currently. */
	aead_ctx->variable_nonce_in_record =
	    (s->s3->tmp.new_cipher->algorithm2 &
	    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
	aead_ctx->xor_fixed_nonce =
	    s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
	aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);

	if (aead_ctx->xor_fixed_nonce) {
		if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) ||
		    aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
			SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
			    ERR_R_INTERNAL_ERROR);
			return (0);
		}
	} else {
		if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
		    EVP_AEAD_nonce_length(aead)) {
			SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
			    ERR_R_INTERNAL_ERROR);
			return (0);
		}
	}

	return (1);
}








>








>
>
>
>
>



|
|
|
|
|

|





|
<

|
|


|




<
<
<
|
>
|
|
|

|
|
<
<
<
|
<
<
<
<
<
<
<
|

|
<
|
<
<
<
|
|
>





<
<
<



<
<
<
<
<
<
<
|

<
|
<
<
|
<
<
<
<
<
<
<
<
|
<
<
<
<
|
<
<
<
<
<
<

|
|



>
>
>













|
>
>

|
|
|
|

<
>
|
|

<
<

>
>





|
|




<
<














<


<
<


<
<










>
>

|
>
|
>
>
|
|
|
|
>
>
>
|
|
>
|
<
|
|
<
<
<



|


|

>
>



<
|
|
|
|
|

<
<
<

|

<
|
<
<
<
|
|
<
|
<
|
>
>
>
>
>
|
|
|
|
|
<
<
<
<
<
<
|
>
|
|
|
|
<
<
<
|
>
|
|
>
>
>
|

<
|



|

>
|

|
>



|
<
<
<
















|










|



|

|

|

|






<
|






|


|





<
|





<
|







131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

168
169
170
171
172
173
174
175
176
177



178
179
180
181
182
183
184
185



186







187
188
189

190



191
192
193
194
195
196
197
198



199
200
201







202
203

204


205








206




207






208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238

239
240
241
242


243
244
245
246
247
248
249
250
251
252
253
254
255
256


257
258
259
260
261
262
263
264
265
266
267
268
269
270

271
272


273
274


275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303

304
305



306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322
323
324



325
326
327

328



329
330

331

332
333
334
335
336
337
338
339
340
341
342






343
344
345
346
347
348



349
350
351
352
353
354
355
356
357

358
359
360
361
362
363
364
365
366
367
368
369
370
371
372



373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416

417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432

433
434
435
436
437
438

439
440
441
442
443
444
445
446
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */

#include <limits.h>
#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>

int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);

void
tls1_cleanup_key_block(SSL *s)
{
	if (S3I(s)->tmp.key_block != NULL) {
		explicit_bzero(S3I(s)->tmp.key_block,
		    S3I(s)->tmp.key_block_length);
		free(S3I(s)->tmp.key_block);
		S3I(s)->tmp.key_block = NULL;
	}
	S3I(s)->tmp.key_block_length = 0;
}

int
tls1_init_finished_mac(SSL *s)
{
	BIO_free(S3I(s)->handshake_buffer);


	S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
	if (S3I(s)->handshake_buffer == NULL)
		return (0);

	(void)BIO_set_close(S3I(s)->handshake_buffer, BIO_CLOSE);

	return (1);
}




int
tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
{
	if (len < 0)
		return 0;

	if (!tls1_handshake_hash_update(s, buf, len))
		return 0;











	if (S3I(s)->handshake_buffer &&
	    !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
		BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);

		return 1;



	}

	return 1;
}

int
tls1_digest_cached_records(SSL *s)
{



	long hdatalen;
	void *hdata;








	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
	if (hdatalen <= 0) {

		SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);


		goto err;








	}











	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
		BIO_free(S3I(s)->handshake_buffer);
		S3I(s)->handshake_buffer = NULL;
	}

	return 1;

 err:
	return 0;
}

void
tls1_record_sequence_increment(unsigned char *seq)
{
	int i;

	for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
		if (++seq[i] != 0)
			break;
	}
}

/*
 * TLS P_hash() data expansion function - see RFC 5246, section 5.
 */
static int
tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len)
{

	unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE];
	size_t A1_len, hmac_len;
	EVP_MD_CTX ctx;
	EVP_PKEY *mac_key;


	int ret = 0;
	int chunk;
	size_t i;

	chunk = EVP_MD_size(md);
	OPENSSL_assert(chunk >= 0);

	EVP_MD_CTX_init(&ctx);

	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len);
	if (!mac_key)
		goto err;
	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
		goto err;


	if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
		goto err;
	if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
		goto err;
	if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
		goto err;
	if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
		goto err;
	if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
		goto err;
	if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
		goto err;

	for (;;) {

		if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
			goto err;


		if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
			goto err;


		if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
			goto err;
		if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
			goto err;
		if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
			goto err;
		if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
			goto err;
		if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
			goto err;
		if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len))
			goto err;

		if (hmac_len > out_len)
			hmac_len = out_len;

		for (i = 0; i < hmac_len; i++)
			out[i] ^= hmac[i];

		out += hmac_len;
		out_len -= hmac_len;

		if (out_len == 0)
			break;

		if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
			goto err;
		if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
			goto err;

		if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
			goto err;



	}
	ret = 1;

 err:
	EVP_PKEY_free(mac_key);
	EVP_MD_CTX_cleanup(&ctx);

	explicit_bzero(A1, sizeof(A1));
	explicit_bzero(hmac, sizeof(hmac));

	return ret;
}


int
tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len)
{



	const EVP_MD *md;
	size_t half_len;


	memset(out, 0, out_len);




	if (!ssl_get_handshake_evp_md(s, &md))

		return (0);


	if (md->type == NID_md5_sha1) {
		/*
		 * Partition secret between MD5 and SHA1, then XOR result.
		 * If the secret length is odd, a one byte overlap is used.
		 */
		half_len = secret_len - (secret_len / 2);
		if (!tls1_P_hash(EVP_md5(), secret, half_len, seed1, seed1_len,
		    seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
		    seed5, seed5_len, out, out_len))
			return (0);







		secret += secret_len - half_len;
		if (!tls1_P_hash(EVP_sha1(), secret, half_len, seed1, seed1_len,
		    seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
		    seed5, seed5_len, out, out_len))
			return (0);




		return (1);
	}

	if (!tls1_P_hash(md, secret, secret_len, seed1, seed1_len,
	    seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
	    seed5, seed5_len, out, out_len))
		return (0);


	return (1);
}

static int
tls1_generate_key_block(SSL *s, unsigned char *km, int num)
{
	if (num < 0)
		return (0);

	return tls1_PRF(s,
	    s->session->master_key, s->session->master_key_length,
	    TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
	    s->s3->server_random, SSL3_RANDOM_SIZE,
	    s->s3->client_random, SSL3_RANDOM_SIZE,
	    NULL, 0, NULL, 0, km, num);



}

/*
 * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success
 * and 0 on failure.
 */
static int
tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
{
	if (*aead_ctx != NULL) {
		EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx);
		return (1);
	}

	*aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
	if (*aead_ctx == NULL) {
		SSLerrorx(ERR_R_MALLOC_FAILURE);
		return (0);
	}

	return (1);
}

static int
tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
    unsigned key_len, const unsigned char *iv, unsigned iv_len)
{
	const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
	SSL_AEAD_CTX *aead_ctx;

	if (is_read) {
		if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))
			return 0;
		aead_ctx = s->internal->aead_read_ctx;
	} else {
		if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))
			return 0;
		aead_ctx = s->internal->aead_write_ctx;
	}

	if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
	    EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
		return (0);
	if (iv_len > sizeof(aead_ctx->fixed_nonce)) {

		SSLerrorx(ERR_R_INTERNAL_ERROR);
		return (0);
	}
	memcpy(aead_ctx->fixed_nonce, iv, iv_len);
	aead_ctx->fixed_nonce_len = iv_len;
	aead_ctx->variable_nonce_len = 8;  /* always the case, currently. */
	aead_ctx->variable_nonce_in_record =
	    (S3I(s)->tmp.new_cipher->algorithm2 &
	    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
	aead_ctx->xor_fixed_nonce =
	    S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
	aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);

	if (aead_ctx->xor_fixed_nonce) {
		if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) ||
		    aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {

			SSLerrorx(ERR_R_INTERNAL_ERROR);
			return (0);
		}
	} else {
		if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
		    EVP_AEAD_nonce_length(aead)) {

			SSLerrorx(ERR_R_INTERNAL_ERROR);
			return (0);
		}
	}

	return (1);
}

509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
{
	EVP_CIPHER_CTX *cipher_ctx;
	const EVP_CIPHER *cipher;
	EVP_MD_CTX *mac_ctx;
	const EVP_MD *mac;
	int mac_type;

	cipher = s->s3->tmp.new_sym_enc;
	mac = s->s3->tmp.new_hash;
	mac_type = s->s3->tmp.new_mac_pkey_type;

	if (is_read) {
		if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
			s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
		else
			s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;

		EVP_CIPHER_CTX_free(s->enc_read_ctx);
		s->enc_read_ctx = NULL;
		EVP_MD_CTX_destroy(s->read_hash);
		s->read_hash = NULL;

		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
			goto err;
		s->enc_read_ctx = cipher_ctx;
		if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
			goto err;
		s->read_hash = mac_ctx;
	} else {
		if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
		else
			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;

		/*
		 * DTLS fragments retain a pointer to the compression, cipher
		 * and hash contexts, so that it can restore state in order
		 * to perform retransmissions. As such, we cannot free write
		 * contexts that are used for DTLS - these are instead freed
		 * by DTLS when its frees a ChangeCipherSpec fragment.
		 */
		if (!SSL_IS_DTLS(s)) {
			EVP_CIPHER_CTX_free(s->enc_write_ctx);
			s->enc_write_ctx = NULL;
			EVP_MD_CTX_destroy(s->write_hash);
			s->write_hash = NULL;
		}
		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
			goto err;
		s->enc_write_ctx = cipher_ctx;
		if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
			goto err;
		s->write_hash = mac_ctx;
	}

	if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
		EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL,
		    !is_read);
		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
		    iv_len, (unsigned char *)iv);







|
|
|


|
|

|













|
|

|









|
|
|
|



|


|







459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
{
	EVP_CIPHER_CTX *cipher_ctx;
	const EVP_CIPHER *cipher;
	EVP_MD_CTX *mac_ctx;
	const EVP_MD *mac;
	int mac_type;

	cipher = S3I(s)->tmp.new_sym_enc;
	mac = S3I(s)->tmp.new_hash;
	mac_type = S3I(s)->tmp.new_mac_pkey_type;

	if (is_read) {
		if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
			s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
		else
			s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;

		EVP_CIPHER_CTX_free(s->enc_read_ctx);
		s->enc_read_ctx = NULL;
		EVP_MD_CTX_destroy(s->read_hash);
		s->read_hash = NULL;

		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
			goto err;
		s->enc_read_ctx = cipher_ctx;
		if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
			goto err;
		s->read_hash = mac_ctx;
	} else {
		if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
			s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
		else
			s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;

		/*
		 * DTLS fragments retain a pointer to the compression, cipher
		 * and hash contexts, so that it can restore state in order
		 * to perform retransmissions. As such, we cannot free write
		 * contexts that are used for DTLS - these are instead freed
		 * by DTLS when its frees a ChangeCipherSpec fragment.
		 */
		if (!SSL_IS_DTLS(s)) {
			EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
			s->internal->enc_write_ctx = NULL;
			EVP_MD_CTX_destroy(s->internal->write_hash);
			s->internal->write_hash = NULL;
		}
		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
			goto err;
		s->internal->enc_write_ctx = cipher_ctx;
		if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
			goto err;
		s->internal->write_hash = mac_ctx;
	}

	if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
		EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL,
		    !is_read);
		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
		    iv_len, (unsigned char *)iv);
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
		EVP_PKEY_free(mac_key);
	} else if (mac_secret_size > 0) {
		/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
		    mac_secret_size, (unsigned char *)mac_secret);
	}

	if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
		int nid;
		if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
			nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
		else
			nid = NID_id_tc26_gost_28147_param_Z;

		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
		if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
			EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
	}

	return (1);

err:
	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE);
	return (0);
}

int
tls1_change_cipher_state(SSL *s, int which)
{
	const unsigned char *client_write_mac_secret, *server_write_mac_secret;
	const unsigned char *client_write_key, *server_write_key;
	const unsigned char *client_write_iv, *server_write_iv;
	const unsigned char *mac_secret, *key, *iv;
	int mac_secret_size, key_len, iv_len;
	unsigned char *key_block, *seq;
	const EVP_CIPHER *cipher;
	const EVP_AEAD *aead;
	char is_read, use_client_keys;


	cipher = s->s3->tmp.new_sym_enc;
	aead = s->s3->tmp.new_aead;

	/*
	 * is_read is true if we have just read a ChangeCipherSpec message,
	 * that is we need to update the read cipherspec. Otherwise we have
	 * just written one.
	 */
	is_read = (which & SSL3_CC_READ) != 0;







|

|





|






|

















|
|







528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
		EVP_PKEY_free(mac_key);
	} else if (mac_secret_size > 0) {
		/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
		    mac_secret_size, (unsigned char *)mac_secret);
	}

	if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
		int nid;
		if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
			nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
		else
			nid = NID_id_tc26_gost_28147_param_Z;

		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
		if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
			EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
	}

	return (1);

err:
	SSLerrorx(ERR_R_MALLOC_FAILURE);
	return (0);
}

int
tls1_change_cipher_state(SSL *s, int which)
{
	const unsigned char *client_write_mac_secret, *server_write_mac_secret;
	const unsigned char *client_write_key, *server_write_key;
	const unsigned char *client_write_iv, *server_write_iv;
	const unsigned char *mac_secret, *key, *iv;
	int mac_secret_size, key_len, iv_len;
	unsigned char *key_block, *seq;
	const EVP_CIPHER *cipher;
	const EVP_AEAD *aead;
	char is_read, use_client_keys;


	cipher = S3I(s)->tmp.new_sym_enc;
	aead = S3I(s)->tmp.new_aead;

	/*
	 * is_read is true if we have just read a ChangeCipherSpec message,
	 * that is we need to update the read cipherspec. Otherwise we have
	 * just written one.
	 */
	is_read = (which & SSL3_CC_READ) != 0;
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667


	/*
	 * Reset sequence number to zero - for DTLS this is handled in
	 * dtls1_reset_seq_numbers().
	 */
	if (!SSL_IS_DTLS(s)) {
		seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
		memset(seq, 0, SSL3_SEQUENCE_SIZE);
	}

	if (aead != NULL) {
		key_len = EVP_AEAD_key_length(aead);
		iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher);
	} else {
		key_len = EVP_CIPHER_key_length(cipher);
		iv_len = EVP_CIPHER_iv_length(cipher);

		/* If GCM mode only part of IV comes from PRF. */
		if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
	}

	mac_secret_size = s->s3->tmp.new_mac_secret_size;

	key_block = s->s3->tmp.key_block;
	client_write_mac_secret = key_block;
	key_block += mac_secret_size;
	server_write_mac_secret = key_block;
	key_block += mac_secret_size;
	client_write_key = key_block;
	key_block += key_len;
	server_write_key = key_block;







|





|











|







585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617


	/*
	 * Reset sequence number to zero - for DTLS this is handled in
	 * dtls1_reset_seq_numbers().
	 */
	if (!SSL_IS_DTLS(s)) {
		seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
		memset(seq, 0, SSL3_SEQUENCE_SIZE);
	}

	if (aead != NULL) {
		key_len = EVP_AEAD_key_length(aead);
		iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);
	} else {
		key_len = EVP_CIPHER_key_length(cipher);
		iv_len = EVP_CIPHER_iv_length(cipher);

		/* If GCM mode only part of IV comes from PRF. */
		if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
	}

	mac_secret_size = s->s3->tmp.new_mac_secret_size;

	key_block = S3I(s)->tmp.key_block;
	client_write_mac_secret = key_block;
	key_block += mac_secret_size;
	server_write_mac_secret = key_block;
	key_block += mac_secret_size;
	client_write_key = key_block;
	key_block += key_len;
	server_write_key = key_block;
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
		iv = client_write_iv;
	} else {
		mac_secret = server_write_mac_secret;
		key = server_write_key;
		iv = server_write_iv;
	}

	if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {
		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
		goto err2;
	}

	if (is_read) {
		memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size);
		s->s3->read_mac_secret_size = mac_secret_size;
	} else {
		memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size);
		s->s3->write_mac_secret_size = mac_secret_size;
	}

	if (aead != NULL) {
		return tls1_change_cipher_state_aead(s, is_read, key, key_len,
		    iv, iv_len);
	}

	return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
	    mac_secret, mac_secret_size, key, key_len, iv, iv_len);

err2:
	return (0);
}

int
tls1_setup_key_block(SSL *s)
{
	unsigned char *key_block, *tmp_block = NULL;
	int mac_type = NID_undef, mac_secret_size = 0;
	int key_block_len, key_len, iv_len;
	const EVP_CIPHER *cipher = NULL;
	const EVP_AEAD *aead = NULL;
	const EVP_MD *mac = NULL;
	int ret = 0;

	if (s->s3->tmp.key_block_length != 0)
		return (1);

	if (s->session->cipher &&
	    (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
		if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
			SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
			    SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
			return (0);
		}
		key_len = EVP_AEAD_key_length(aead);
		iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher);
	} else {
		if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
		    &mac_secret_size)) {
			SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
			    SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
			return (0);
		}
		key_len = EVP_CIPHER_key_length(cipher);
		iv_len = EVP_CIPHER_iv_length(cipher);

		/* If GCM mode only part of IV comes from PRF. */
		if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
	}

	s->s3->tmp.new_aead = aead;
	s->s3->tmp.new_sym_enc = cipher;
	s->s3->tmp.new_hash = mac;
	s->s3->tmp.new_mac_pkey_type = mac_type;
	s->s3->tmp.new_mac_secret_size = mac_secret_size;

	tls1_cleanup_key_block(s);

	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
	    2)) == NULL) {
		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	key_block_len = (mac_secret_size + key_len + iv_len) * 2;

	s->s3->tmp.key_block_length = key_block_len;
	s->s3->tmp.key_block = key_block;

	if ((tmp_block = malloc(key_block_len)) == NULL) {
		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!tls1_generate_key_block(s, key_block, tmp_block, key_block_len))
		goto err;

	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
	    s->method->version <= TLS1_VERSION) {
		/*
		 * Enable vulnerability countermeasure for CBC ciphers with
		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
		 */
		s->s3->need_empty_fragments = 1;

		if (s->session->cipher != NULL) {
			if (s->session->cipher->algorithm_enc == SSL_eNULL)
				s->s3->need_empty_fragments = 0;

#ifndef OPENSSL_NO_RC4
			if (s->session->cipher->algorithm_enc == SSL_RC4)
				s->s3->need_empty_fragments = 0;
#endif
		}
	}

	ret = 1;

err:
	if (tmp_block) {
		explicit_bzero(tmp_block, key_block_len);
		free(tmp_block);
	}
	return (ret);
}

/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 *
 * Returns:
 *   0: (in non-constant time) if the record is publically invalid (i.e. too







|
|




|
|

|
|

















|







|





<
|







<
|










|
|
|
|






|




|
|

<
<
<
<
<
|


|
|




|



|



|






|
<
<
<
<







627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675

676
677
678
679
680
681
682
683

684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712





713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737




738
739
740
741
742
743
744
		iv = client_write_iv;
	} else {
		mac_secret = server_write_mac_secret;
		key = server_write_key;
		iv = server_write_iv;
	}

	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
		SSLerror(s, ERR_R_INTERNAL_ERROR);
		goto err2;
	}

	if (is_read) {
		memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
		S3I(s)->read_mac_secret_size = mac_secret_size;
	} else {
		memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
		S3I(s)->write_mac_secret_size = mac_secret_size;
	}

	if (aead != NULL) {
		return tls1_change_cipher_state_aead(s, is_read, key, key_len,
		    iv, iv_len);
	}

	return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
	    mac_secret, mac_secret_size, key, key_len, iv, iv_len);

err2:
	return (0);
}

int
tls1_setup_key_block(SSL *s)
{
	unsigned char *key_block;
	int mac_type = NID_undef, mac_secret_size = 0;
	int key_block_len, key_len, iv_len;
	const EVP_CIPHER *cipher = NULL;
	const EVP_AEAD *aead = NULL;
	const EVP_MD *mac = NULL;
	int ret = 0;

	if (S3I(s)->tmp.key_block_length != 0)
		return (1);

	if (s->session->cipher &&
	    (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
		if (!ssl_cipher_get_evp_aead(s->session, &aead)) {

			SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
			return (0);
		}
		key_len = EVP_AEAD_key_length(aead);
		iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher);
	} else {
		if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
		    &mac_secret_size)) {

			SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
			return (0);
		}
		key_len = EVP_CIPHER_key_length(cipher);
		iv_len = EVP_CIPHER_iv_length(cipher);

		/* If GCM mode only part of IV comes from PRF. */
		if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
	}

	S3I(s)->tmp.new_aead = aead;
	S3I(s)->tmp.new_sym_enc = cipher;
	S3I(s)->tmp.new_hash = mac;
	S3I(s)->tmp.new_mac_pkey_type = mac_type;
	s->s3->tmp.new_mac_secret_size = mac_secret_size;

	tls1_cleanup_key_block(s);

	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
	    2)) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	key_block_len = (mac_secret_size + key_len + iv_len) * 2;

	S3I(s)->tmp.key_block_length = key_block_len;
	S3I(s)->tmp.key_block = key_block;






	if (!tls1_generate_key_block(s, key_block, key_block_len))
		goto err;

	if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
	    s->method->internal->version <= TLS1_VERSION) {
		/*
		 * Enable vulnerability countermeasure for CBC ciphers with
		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
		 */
		S3I(s)->need_empty_fragments = 1;

		if (s->session->cipher != NULL) {
			if (s->session->cipher->algorithm_enc == SSL_eNULL)
				S3I(s)->need_empty_fragments = 0;

#ifndef OPENSSL_NO_RC4
			if (s->session->cipher->algorithm_enc == SSL_RC4)
				S3I(s)->need_empty_fragments = 0;
#endif
		}
	}

	ret = 1;

 err:




	return (ret);
}

/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 *
 * Returns:
 *   0: (in non-constant time) if the record is publically invalid (i.e. too
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
	EVP_CIPHER_CTX *ds;
	SSL3_RECORD *rec;
	unsigned char *seq;
	unsigned long l;
	int bs, i, j, k, pad = 0, ret, mac_size = 0;

	if (send) {
		aead = s->aead_write_ctx;
		rec = &s->s3->wrec;
		seq = s->s3->write_sequence;
	} else {
		aead = s->aead_read_ctx;
		rec = &s->s3->rrec;
		seq = s->s3->read_sequence;
	}

	if (aead) {
		unsigned char ad[13], *in, *out, nonce[16];
		size_t out_len, pad_len = 0;
		unsigned int nonce_used;

		if (SSL_IS_DTLS(s)) {
			dtls1_build_sequence_number(ad, seq,
			    send ? s->d1->w_epoch : s->d1->r_epoch);
		} else {
			memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
			tls1_record_sequence_increment(seq);
		}

		ad[8] = rec->type;
		ad[9] = (unsigned char)(s->version >> 8);







|
|
|

|
|
|









|







755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
	EVP_CIPHER_CTX *ds;
	SSL3_RECORD *rec;
	unsigned char *seq;
	unsigned long l;
	int bs, i, j, k, pad = 0, ret, mac_size = 0;

	if (send) {
		aead = s->internal->aead_write_ctx;
		rec = &S3I(s)->wrec;
		seq = S3I(s)->write_sequence;
	} else {
		aead = s->internal->aead_read_ctx;
		rec = &S3I(s)->rrec;
		seq = S3I(s)->read_sequence;
	}

	if (aead) {
		unsigned char ad[13], *in, *out, nonce[16];
		size_t out_len, pad_len = 0;
		unsigned int nonce_used;

		if (SSL_IS_DTLS(s)) {
			dtls1_build_sequence_number(ad, seq,
			    send ? D1I(s)->w_epoch : D1I(s)->r_epoch);
		} else {
			memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
			tls1_record_sequence_increment(seq);
		}

		ad[8] = rec->type;
		ad[9] = (unsigned char)(s->version >> 8);
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994

		rec->length = out_len;

		return 1;
	}

	if (send) {
		if (EVP_MD_CTX_md(s->write_hash)) {
			int n = EVP_MD_CTX_size(s->write_hash);
			OPENSSL_assert(n >= 0);
		}
		ds = s->enc_write_ctx;
		if (s->enc_write_ctx == NULL)
			enc = NULL;
		else {
			int ivlen = 0;
			enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
			if (SSL_USE_EXPLICIT_IV(s) &&
			    EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
				ivlen = EVP_CIPHER_iv_length(enc);
			if (ivlen > 1) {
				if (rec->data != rec->input) {
#ifdef DEBUG
					/* we can't write into the input stream:







|
|


|
|



|







910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933

		rec->length = out_len;

		return 1;
	}

	if (send) {
		if (EVP_MD_CTX_md(s->internal->write_hash)) {
			int n = EVP_MD_CTX_size(s->internal->write_hash);
			OPENSSL_assert(n >= 0);
		}
		ds = s->internal->enc_write_ctx;
		if (s->internal->enc_write_ctx == NULL)
			enc = NULL;
		else {
			int ivlen = 0;
			enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
			if (SSL_USE_EXPLICIT_IV(s) &&
			    EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
				ivlen = EVP_CIPHER_iv_length(enc);
			if (ivlen > 1) {
				if (rec->data != rec->input) {
#ifdef DEBUG
					/* we can't write into the input stream:
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
		bs = EVP_CIPHER_block_size(ds->cipher);

		if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
			unsigned char buf[13];

			if (SSL_IS_DTLS(s)) {
				dtls1_build_sequence_number(buf, seq,
				    send ? s->d1->w_epoch : s->d1->r_epoch);
			} else {
				memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
				tls1_record_sequence_increment(seq);
			}

			buf[8] = rec->type;
			buf[9] = (unsigned char)(s->version >> 8);







|







962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
		bs = EVP_CIPHER_block_size(ds->cipher);

		if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
			unsigned char buf[13];

			if (SSL_IS_DTLS(s)) {
				dtls1_build_sequence_number(buf, seq,
				    send ? D1I(s)->w_epoch : D1I(s)->r_epoch);
			} else {
				memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
				tls1_record_sequence_increment(seq);
			}

			buf[8] = rec->type;
			buf[9] = (unsigned char)(s->version >> 8);
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
		if (pad && !send)
			rec->length -= pad;
	}
	return ret;
}

int
tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
{
	EVP_MD_CTX ctx, *d = NULL;
	unsigned int ret;
	int i;

	if (s->s3->handshake_buffer)
		if (!tls1_digest_cached_records(s))
			return 0;

	for (i = 0; i < SSL_MAX_DIGEST; i++) {
		if (s->s3->handshake_dgst[i] &&
		    EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
			d = s->s3->handshake_dgst[i];
			break;
		}
	}
	if (d == NULL) {
		SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
		return 0;
	}

	EVP_MD_CTX_init(&ctx);
	if (!EVP_MD_CTX_copy_ex(&ctx, d))
		return 0;
	EVP_DigestFinal_ex(&ctx, out, &ret);
	EVP_MD_CTX_cleanup(&ctx);

	return ((int)ret);
}

int
tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
{
	unsigned int i;
	EVP_MD_CTX ctx;
	unsigned char buf[2*EVP_MAX_MD_SIZE];
	unsigned char *q, buf2[12];
	int idx;
	long mask;
	int err = 0;
	const EVP_MD *md;

	q = buf;

	if (s->s3->handshake_buffer)
		if (!tls1_digest_cached_records(s))
			return 0;

	EVP_MD_CTX_init(&ctx);

	for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
		if (ssl_get_algorithm2(s) & mask) {
			int hashsize = EVP_MD_size(md);
			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
			if (!hdgst || hashsize < 0 ||
			    hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
				/* internal error: 'buf' is too small for this cipersuite! */
				err = 1;
			} else {
				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
				    !EVP_DigestFinal_ex(&ctx, q, &i) ||
				    (i != (unsigned int)hashsize))
					err = 1;
				q += hashsize;
			}
		}
	}

	if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf),
	    NULL, 0, NULL, 0, NULL, 0,
	    s->session->master_key, s->session->master_key_length,
	    out, buf2, sizeof buf2))
		err = 1;
	EVP_MD_CTX_cleanup(&ctx);

	if (err)
		return 0;
	else
		return sizeof buf2;
}

int
tls1_mac(SSL *ssl, unsigned char *md, int send)
{
	SSL3_RECORD *rec;
	unsigned char *seq;
	EVP_MD_CTX *hash;
	size_t md_size, orig_len;
	EVP_MD_CTX hmac, *mac_ctx;
	unsigned char header[13];
	int stream_mac = (send ?
	    (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
	    (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
	int t;

	if (send) {
		rec = &(ssl->s3->wrec);
		seq = &(ssl->s3->write_sequence[0]);
		hash = ssl->write_hash;
	} else {
		rec = &(ssl->s3->rrec);
		seq = &(ssl->s3->read_sequence[0]);
		hash = ssl->read_hash;
	}

	t = EVP_MD_CTX_size(hash);
	OPENSSL_assert(t >= 0);
	md_size = t;

	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
	if (stream_mac) {
		mac_ctx = hash;
	} else {
		if (!EVP_MD_CTX_copy(&hmac, hash))
			return -1;
		mac_ctx = &hmac;
	}

	if (SSL_IS_DTLS(ssl))
		dtls1_build_sequence_number(header, seq,
		    send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
	else
		memcpy(header, seq, SSL3_SEQUENCE_SIZE);

	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
	rec->type &= 0xff;








|

<
|
<
|
<
<
<

<
<
<
<
<
<
<
<
<
<
<
|
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

<
|
<
<
|

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
|
<
<
|
<

|
|












|
|



|
|
|

|
|


















|







1018
1019
1020
1021
1022
1023
1024
1025
1026

1027

1028



1029











1030


1031

















1032

1033


1034
1035






















1036
1037


1038

1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
		if (pad && !send)
			rec->length -= pad;
	}
	return ret;
}

int
tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out)
{

	unsigned char buf[EVP_MAX_MD_SIZE];

	size_t hash_len;















	if (str_len < 0)


		return 0;



















	if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len))


		return 0;























	if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length,
	    str, str_len, buf, hash_len, NULL, 0, NULL, 0, NULL, 0,


	    out, TLS1_FINISH_MAC_LENGTH))

		return 0;

	return TLS1_FINISH_MAC_LENGTH;
}

int
tls1_mac(SSL *ssl, unsigned char *md, int send)
{
	SSL3_RECORD *rec;
	unsigned char *seq;
	EVP_MD_CTX *hash;
	size_t md_size, orig_len;
	EVP_MD_CTX hmac, *mac_ctx;
	unsigned char header[13];
	int stream_mac = (send ?
	    (ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
	    (ssl->internal->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
	int t;

	if (send) {
		rec = &(ssl->s3->internal->wrec);
		seq = &(ssl->s3->internal->write_sequence[0]);
		hash = ssl->internal->write_hash;
	} else {
		rec = &(ssl->s3->internal->rrec);
		seq = &(ssl->s3->internal->read_sequence[0]);
		hash = ssl->read_hash;
	}

	t = EVP_MD_CTX_size(hash);
	OPENSSL_assert(t >= 0);
	md_size = t;

	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
	if (stream_mac) {
		mac_ctx = hash;
	} else {
		if (!EVP_MD_CTX_copy(&hmac, hash))
			return -1;
		mac_ctx = &hmac;
	}

	if (SSL_IS_DTLS(ssl))
		dtls1_build_sequence_number(header, seq,
		    send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch);
	else
		memcpy(header, seq, SSL3_SEQUENCE_SIZE);

	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
	rec->type &= 0xff;

1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
		/* This is a CBC-encrypted record. We must avoid leaking any
		 * timing-side channel information about how many blocks of
		 * data we are hashing because that gives an attacker a
		 * timing-oracle. */
		if (!ssl3_cbc_digest_record(mac_ctx,
		    md, &md_size, header, rec->input,
		    rec->length + md_size, orig_len,
		    ssl->s3->read_mac_secret,
		    ssl->s3->read_mac_secret_size,
		    0 /* not SSLv3 */))
			return -1;
	} else {
		EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
		EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
		t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
		OPENSSL_assert(t > 0);
	}







|
|
<







1100
1101
1102
1103
1104
1105
1106
1107
1108

1109
1110
1111
1112
1113
1114
1115
		/* This is a CBC-encrypted record. We must avoid leaking any
		 * timing-side channel information about how many blocks of
		 * data we are hashing because that gives an attacker a
		 * timing-oracle. */
		if (!ssl3_cbc_digest_record(mac_ctx,
		    md, &md_size, header, rec->input,
		    rec->length + md_size, orig_len,
		    ssl->s3->internal->read_mac_secret,
		    ssl->s3->internal->read_mac_secret_size))

			return -1;
	} else {
		EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
		EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
		t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
		OPENSSL_assert(t > 0);
	}
1248
1249
1250
1251
1252
1253
1254
1255

1256
1257
1258
1259
1260
1261

1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
	return (md_size);
}

int
tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
    int len)
{
	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];


	tls1_PRF(ssl_get_algorithm2(s),
	    TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
	    s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
	    s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
	    p, len, s->session->master_key, buff, sizeof buff);


	return (SSL3_MASTER_SECRET_SIZE);
}

int
tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *context,
    size_t contextlen, int use_context)
{
	unsigned char *buff;
	unsigned char *val = NULL;
	size_t vallen, currentvalpos;
	int rv;

	buff = malloc(olen);
	if (buff == NULL)
		goto err2;

	/* construct PRF arguments
	 * we construct the PRF argument ourself rather than passing separate
	 * values into the TLS PRF to ensure that the concatenation of values
	 * does not create a prohibited label.
	 */
	vallen = llen + SSL3_RANDOM_SIZE * 2;
	if (use_context) {







|
>

|



|
>

|







<




<
<
<
<







1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147

1148
1149
1150
1151




1152
1153
1154
1155
1156
1157
1158
	return (md_size);
}

int
tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
    int len)
{
	if (len < 0)
		return 0;

	if (!tls1_PRF(s, p, len,
	    TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
	    s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
	    s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
	    s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH))
		return 0;

	return (SSL_MAX_MASTER_KEY_LENGTH);
}

int
tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *context,
    size_t contextlen, int use_context)
{

	unsigned char *val = NULL;
	size_t vallen, currentvalpos;
	int rv;





	/* construct PRF arguments
	 * we construct the PRF argument ourself rather than passing separate
	 * values into the TLS PRF to ensure that the concatenation of values
	 * does not create a prohibited label.
	 */
	vallen = llen + SSL3_RANDOM_SIZE * 2;
	if (use_context) {
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
	if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
	    TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
		goto err1;
	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
	    TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
		goto err1;

	rv = tls1_PRF(ssl_get_algorithm2(s),
	    val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
	    s->session->master_key, s->session->master_key_length,
	    out, buff, olen);

	goto ret;
err1:
	SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
	    SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
	rv = 0;
	goto ret;
err2:
	SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
	rv = 0;
ret:
	free(buff);
	free(val);

	return (rv);
}

int
tls1_alert_code(int code)







|
|
<
<



<
|



|


<







1194
1195
1196
1197
1198
1199
1200
1201
1202


1203
1204
1205

1206
1207
1208
1209
1210
1211
1212

1213
1214
1215
1216
1217
1218
1219
	if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
	    TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
		goto err1;
	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
	    TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
		goto err1;

	rv = tls1_PRF(s, s->session->master_key, s->session->master_key_length,
	    val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, out, olen);



	goto ret;
err1:

	SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
	rv = 0;
	goto ret;
err2:
	SSLerror(s, ERR_R_MALLOC_FAILURE);
	rv = 0;
ret:

	free(val);

	return (rv);
}

int
tls1_alert_code(int code)
Added jni/libressl/ssl/t1_hash.c.




























































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "ssl_locl.h"

#include <openssl/ssl.h>

int
tls1_handshake_hash_init(SSL *s)
{
	const EVP_MD *md;
	long dlen;
	void *data;

	tls1_handshake_hash_free(s);

	if (!ssl_get_handshake_evp_md(s, &md)) {
		SSLerrorx(ERR_R_INTERNAL_ERROR);
		goto err;
	}

	if ((S3I(s)->handshake_hash = EVP_MD_CTX_create()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EVP_DigestInit_ex(S3I(s)->handshake_hash, md, NULL)) {
		SSLerror(s, ERR_R_EVP_LIB);
		goto err;
	}

	dlen = BIO_get_mem_data(S3I(s)->handshake_buffer, &data);
	if (dlen <= 0) {
		SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
		goto err;
	}
	if (!tls1_handshake_hash_update(s, data, dlen)) {
		SSLerror(s, ERR_R_EVP_LIB);
		goto err;
	}
		
	return 1;

 err:
	tls1_handshake_hash_free(s);

	return 0;
}

int
tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len)
{
	if (S3I(s)->handshake_hash == NULL)
		return 1;

	return EVP_DigestUpdate(S3I(s)->handshake_hash, buf, len);
}

int
tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len,
    size_t *outlen)
{
	EVP_MD_CTX *mdctx = NULL;
	unsigned int mdlen;
	int ret = 0;

	if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len)
		goto err;

	if ((mdctx = EVP_MD_CTX_create()) == NULL) {
		SSLerror(s, ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!EVP_MD_CTX_copy_ex(mdctx, S3I(s)->handshake_hash)) {
		SSLerror(s, ERR_R_EVP_LIB);
		goto err;
	}
	if (!EVP_DigestFinal_ex(mdctx, (unsigned char *)out, &mdlen)) {
		SSLerror(s, ERR_R_EVP_LIB);
		goto err;
	}
	if (outlen != NULL)
		*outlen = mdlen;

	ret = 1;

 err:
	EVP_MD_CTX_destroy(mdctx);

	return (ret);
}

void
tls1_handshake_hash_free(SSL *s)
{
	EVP_MD_CTX_destroy(S3I(s)->handshake_hash);
	S3I(s)->handshake_hash = NULL;
}
Changes to jni/libressl/ssl/t1_lib.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t1_lib.c,v 1.91 2016/10/02 21:05:44 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t1_lib.c,v 1.115 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221

static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
    const unsigned char *sess_id, int sesslen,
    SSL_SESSION **psess);

SSL3_ENC_METHOD TLSv1_enc_data = {
	.enc = tls1_enc,
	.mac = tls1_mac,
	.setup_key_block = tls1_setup_key_block,
	.generate_master_secret = tls1_generate_master_secret,
	.change_cipher_state = tls1_change_cipher_state,
	.final_finish_mac = tls1_final_finish_mac,
	.finish_mac_length = TLS1_FINISH_MAC_LENGTH,
	.cert_verify_mac = tls1_cert_verify_mac,
	.client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
	.client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
	.server_finished_label = TLS_MD_SERVER_FINISH_CONST,
	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
	.alert_value = tls1_alert_code,
	.export_keying_material = tls1_export_keying_material,
	.enc_flags = 0,
};

SSL3_ENC_METHOD TLSv1_1_enc_data = {
	.enc = tls1_enc,
	.mac = tls1_mac,
	.setup_key_block = tls1_setup_key_block,
	.generate_master_secret = tls1_generate_master_secret,
	.change_cipher_state = tls1_change_cipher_state,
	.final_finish_mac = tls1_final_finish_mac,
	.finish_mac_length = TLS1_FINISH_MAC_LENGTH,
	.cert_verify_mac = tls1_cert_verify_mac,
	.client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
	.client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
	.server_finished_label = TLS_MD_SERVER_FINISH_CONST,
	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
	.alert_value = tls1_alert_code,
	.export_keying_material = tls1_export_keying_material,
	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
};

SSL3_ENC_METHOD TLSv1_2_enc_data = {
	.enc = tls1_enc,
	.mac = tls1_mac,
	.setup_key_block = tls1_setup_key_block,
	.generate_master_secret = tls1_generate_master_secret,
	.change_cipher_state = tls1_change_cipher_state,
	.final_finish_mac = tls1_final_finish_mac,
	.finish_mac_length = TLS1_FINISH_MAC_LENGTH,
	.cert_verify_mac = tls1_cert_verify_mac,
	.client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
	.client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
	.server_finished_label = TLS_MD_SERVER_FINISH_CONST,
	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
	.alert_value = tls1_alert_code,
	.export_keying_material = tls1_export_keying_material,
	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
	    SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
};

long
tls1_default_timeout(void)
{
	/* 2 hours, the 24 hours mentioned in the TLSv1 spec
	 * is way too long for http, the cache would over fill */
	return (60 * 60 * 2);
}

int
tls1_new(SSL *s)
{
	if (!ssl3_new(s))
		return (0);
	s->method->ssl_clear(s);
	return (1);
}

void
tls1_free(SSL *s)
{
	if (s == NULL)
		return;

	free(s->tlsext_session_ticket);
	ssl3_free(s);
}

void
tls1_clear(SSL *s)
{
	ssl3_clear(s);
	s->version = s->method->version;
}


static int nid_list[] = {
	NID_sect163k1,		/* sect163k1 (1) */
	NID_sect163r1,		/* sect163r1 (2) */
	NID_sect163r2,		/* sect163r2 (3) */
	NID_sect193r1,		/* sect193r1 (4) */
	NID_sect193r2,		/* sect193r2 (5) */







<
<
<
<
<
<
<
<
<
<
<
<
<





<
<
<
<
<
<
<
<
<
<
<
<
<





<
<
<
<
<
<
<
<
<
<
<
<
<

















|









|







|

<







121
122
123
124
125
126
127













128
129
130
131
132













133
134
135
136
137













138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

175
176
177
178
179
180
181

static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
    const unsigned char *sess_id, int sesslen,
    SSL_SESSION **psess);

SSL3_ENC_METHOD TLSv1_enc_data = {
	.enc = tls1_enc,













	.enc_flags = 0,
};

SSL3_ENC_METHOD TLSv1_1_enc_data = {
	.enc = tls1_enc,













	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
};

SSL3_ENC_METHOD TLSv1_2_enc_data = {
	.enc = tls1_enc,













	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
	    SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
};

long
tls1_default_timeout(void)
{
	/* 2 hours, the 24 hours mentioned in the TLSv1 spec
	 * is way too long for http, the cache would over fill */
	return (60 * 60 * 2);
}

int
tls1_new(SSL *s)
{
	if (!ssl3_new(s))
		return (0);
	s->method->internal->ssl_clear(s);
	return (1);
}

void
tls1_free(SSL *s)
{
	if (s == NULL)
		return;

	free(s->internal->tlsext_session_ticket);
	ssl3_free(s);
}

void
tls1_clear(SSL *s)
{
	ssl3_clear(s);
	s->version = s->method->internal->version;
}


static int nid_list[] = {
	NID_sect163k1,		/* sect163k1 (1) */
	NID_sect163r1,		/* sect163r1 (2) */
	NID_sect163r2,		/* sect163r2 (3) */
	NID_sect193r1,		/* sect193r1 (4) */
	NID_sect193r2,		/* sect193r2 (5) */
237
238
239
240
241
242
243
244

245
246

247
248
249
250
251

252





253

254
255
256
257
258
259
260
261
262
263
264
	NID_secp224r1,		/* secp224r1 (21) */
	NID_secp256k1,		/* secp256k1 (22) */
	NID_X9_62_prime256v1,	/* secp256r1 (23) */
	NID_secp384r1,		/* secp384r1 (24) */
	NID_secp521r1,		/* secp521r1 (25) */
	NID_brainpoolP256r1,	/* brainpoolP256r1 (26) */
	NID_brainpoolP384r1,	/* brainpoolP384r1 (27) */
	NID_brainpoolP512r1	/* brainpoolP512r1 (28) */

};


static const uint8_t ecformats_default[] = {
	TLSEXT_ECPOINTFORMAT_uncompressed,
	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
};







static const uint16_t eccurves_default[] = {

	14,			/* sect571r1 (14) */
	13,			/* sect571k1 (13) */
	25,			/* secp521r1 (25) */
	28,			/* brainpool512r1 (28) */
	11,			/* sect409k1 (11) */
	12,			/* sect409r1 (12) */
	27,			/* brainpoolP384r1 (27) */
	24,			/* secp384r1 (24) */
	9,			/* sect283k1 (9) */
	10,			/* sect283r1 (10) */
	26,			/* brainpoolP256r1 (26) */







|
>


>
|




>

>
>
>
>
>
|
>



|







197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
	NID_secp224r1,		/* secp224r1 (21) */
	NID_secp256k1,		/* secp256k1 (22) */
	NID_X9_62_prime256v1,	/* secp256r1 (23) */
	NID_secp384r1,		/* secp384r1 (24) */
	NID_secp521r1,		/* secp521r1 (25) */
	NID_brainpoolP256r1,	/* brainpoolP256r1 (26) */
	NID_brainpoolP384r1,	/* brainpoolP384r1 (27) */
	NID_brainpoolP512r1,	/* brainpoolP512r1 (28) */
	NID_X25519,		/* X25519 (29) */
};

#if 0
static const uint8_t ecformats_list[] = {
	TLSEXT_ECPOINTFORMAT_uncompressed,
	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
};
#endif

static const uint8_t ecformats_default[] = {
	TLSEXT_ECPOINTFORMAT_uncompressed,
};

#if 0
static const uint16_t eccurves_list[] = {
	29,			/* X25519 (29) */
	14,			/* sect571r1 (14) */
	13,			/* sect571k1 (13) */
	25,			/* secp521r1 (25) */
	28,			/* brainpoolP512r1 (28) */
	11,			/* sect409k1 (11) */
	12,			/* sect409r1 (12) */
	27,			/* brainpoolP384r1 (27) */
	24,			/* secp384r1 (24) */
	9,			/* sect283k1 (9) */
	10,			/* sect283r1 (10) */
	26,			/* brainpoolP256r1 (26) */
276
277
278
279
280
281
282

283






284
285
286
287
288
289
290
291
292
	1,			/* sect163k1 (1) */
	2,			/* sect163r1 (2) */
	3,			/* sect163r2 (3) */
	15,			/* secp160k1 (15) */
	16,			/* secp160r1 (16) */
	17,			/* secp160r2 (17) */
};








int
tls1_ec_curve_id2nid(uint16_t curve_id)
{
	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
	if ((curve_id < 1) ||
	    ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0])))
		return 0;
	return nid_list[curve_id - 1];
}







>

>
>
>
>
>
>

|







245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
	1,			/* sect163k1 (1) */
	2,			/* sect163r1 (2) */
	3,			/* sect163r2 (3) */
	15,			/* secp160k1 (15) */
	16,			/* secp160r1 (16) */
	17,			/* secp160r2 (17) */
};
#endif

static const uint16_t eccurves_default[] = {
	29,			/* X25519 (29) */
	23,			/* secp256r1 (23) */
	24,			/* secp384r1 (24) */
};

int
tls1_ec_curve_id2nid(const uint16_t curve_id)
{
	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
	if ((curve_id < 1) ||
	    ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0])))
		return 0;
	return nid_list[curve_id - 1];
}
348
349
350
351
352
353
354


355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405










































































406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
		return 25;
	case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
		return 26;
	case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
		return 27;
	case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */
		return 28;


	default:
		return 0;
	}
}

/*
 * Return the appropriate format list. If client_formats is non-zero, return
 * the client/session formats. Otherwise return the custom format list if one
 * exists, or the default formats if a custom list has not been specified.
 */
static void
tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
    size_t *pformatslen)
{
	if (client_formats != 0) {
		*pformats = s->session->tlsext_ecpointformatlist;
		*pformatslen = s->session->tlsext_ecpointformatlist_length;
		return;
	}

	*pformats = s->tlsext_ecpointformatlist;
	*pformatslen = s->tlsext_ecpointformatlist_length;
	if (*pformats == NULL) {
		*pformats = ecformats_default;
		*pformatslen = sizeof(ecformats_default);
	}
}

/*
 * Return the appropriate curve list. If client_curves is non-zero, return
 * the client/session curves. Otherwise return the custom curve list if one
 * exists, or the default curves if a custom list has not been specified.
 */
static void
tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
    size_t *pcurveslen)
{
	if (client_curves != 0) {
		*pcurves = s->session->tlsext_ellipticcurvelist;
		*pcurveslen = s->session->tlsext_ellipticcurvelist_length;
		return;
	}

	*pcurves = s->tlsext_ellipticcurvelist;
	*pcurveslen = s->tlsext_ellipticcurvelist_length;
	if (*pcurves == NULL) {
		*pcurves = eccurves_default;
		*pcurveslen = sizeof(eccurves_default) / 2;
	}
}











































































/* Check that a curve is one of our preferences. */
int
tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
{
	CBS cbs;
	const uint16_t *curves;
	size_t curveslen, i;
	uint8_t type;
	uint16_t cid;

	CBS_init(&cbs, p, len);

	/* Only named curves are supported. */
	if (CBS_len(&cbs) != 3 ||
	    !CBS_get_u8(&cbs, &type) ||
	    type != NAMED_CURVE_TYPE ||
	    !CBS_get_u16(&cbs, &cid))
		return (0);

	tls1_get_curvelist(s, 0, &curves, &curveslen);

	for (i = 0; i < curveslen; i++) {
		if (curves[i] == cid)
			return (1);
	}
	return (0);
}

int
tls1_get_shared_curve(SSL *s)
{
	size_t preflen, supplen, i, j;
	const uint16_t *pref, *supp;
	unsigned long server_pref;

	/* Cannot do anything on the client side. */
	if (s->server == 0)
		return (NID_undef);

	/* Return first preference shared curve. */
	server_pref = (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
	tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
	tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);

	for (i = 0; i < preflen; i++) {
		for (j = 0; j < supplen; j++) {
			if (pref[i] == supp[j])
				return (tls1_ec_curve_id2nid(pref[i]));







>
>















|
|



|
|
















|
|



|
|






>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|

<


<
<
<
<
<
<
<
<
<
<
<




|

















|







324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461

462
463











464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
		return 25;
	case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
		return 26;
	case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
		return 27;
	case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */
		return 28;
	case NID_X25519:		/* X25519 (29) */
		return 29;
	default:
		return 0;
	}
}

/*
 * Return the appropriate format list. If client_formats is non-zero, return
 * the client/session formats. Otherwise return the custom format list if one
 * exists, or the default formats if a custom list has not been specified.
 */
static void
tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
    size_t *pformatslen)
{
	if (client_formats != 0) {
		*pformats = SSI(s)->tlsext_ecpointformatlist;
		*pformatslen = SSI(s)->tlsext_ecpointformatlist_length;
		return;
	}

	*pformats = s->internal->tlsext_ecpointformatlist;
	*pformatslen = s->internal->tlsext_ecpointformatlist_length;
	if (*pformats == NULL) {
		*pformats = ecformats_default;
		*pformatslen = sizeof(ecformats_default);
	}
}

/*
 * Return the appropriate curve list. If client_curves is non-zero, return
 * the client/session curves. Otherwise return the custom curve list if one
 * exists, or the default curves if a custom list has not been specified.
 */
static void
tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
    size_t *pcurveslen)
{
	if (client_curves != 0) {
		*pcurves = SSI(s)->tlsext_supportedgroups;
		*pcurveslen = SSI(s)->tlsext_supportedgroups_length;
		return;
	}

	*pcurves = s->internal->tlsext_supportedgroups;
	*pcurveslen = s->internal->tlsext_supportedgroups_length;
	if (*pcurves == NULL) {
		*pcurves = eccurves_default;
		*pcurveslen = sizeof(eccurves_default) / 2;
	}
}

int
tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const int *groups, size_t ngroups)
{
	uint16_t *group_ids;
	size_t i;

	group_ids = calloc(ngroups, sizeof(uint16_t));
	if (group_ids == NULL)
		return 0;

	for (i = 0; i < ngroups; i++) {
		group_ids[i] = tls1_ec_nid2curve_id(groups[i]);
		if (group_ids[i] == 0) {
			free(group_ids);
			return 0;
		}
	}

	free(*out_group_ids);
	*out_group_ids = group_ids;
	*out_group_ids_len = ngroups;

	return 1;
}

int
tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const char *groups)
{
	uint16_t *new_group_ids, *group_ids = NULL;
	size_t ngroups = 0;
	char *gs, *p, *q;
	int nid;

	if ((gs = strdup(groups)) == NULL)
		return 0;

	q = gs;
	while ((p = strsep(&q, ":")) != NULL) {
		nid = OBJ_sn2nid(p);
		if (nid == NID_undef)
			nid = OBJ_ln2nid(p);
		if (nid == NID_undef)
			nid = EC_curve_nist2nid(p);
		if (nid == NID_undef)
			goto err;

		if ((new_group_ids = reallocarray(group_ids, ngroups + 1,
		    sizeof(uint16_t))) == NULL)
			goto err;
		group_ids = new_group_ids;

		group_ids[ngroups] = tls1_ec_nid2curve_id(nid);
		if (group_ids[ngroups] == 0)
			goto err;

		ngroups++;
	}

	free(gs);
	free(*out_group_ids);
	*out_group_ids = group_ids;
	*out_group_ids_len = ngroups;

	return 1;

 err:
	free(gs);
	free(group_ids);

	return 0;
}

/* Check that a curve is one of our preferences. */
int
tls1_check_curve(SSL *s, const uint16_t curve_id)
{

	const uint16_t *curves;
	size_t curveslen, i;












	tls1_get_curvelist(s, 0, &curves, &curveslen);

	for (i = 0; i < curveslen; i++) {
		if (curves[i] == curve_id)
			return (1);
	}
	return (0);
}

int
tls1_get_shared_curve(SSL *s)
{
	size_t preflen, supplen, i, j;
	const uint16_t *pref, *supp;
	unsigned long server_pref;

	/* Cannot do anything on the client side. */
	if (s->server == 0)
		return (NID_undef);

	/* Return first preference shared curve. */
	server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
	tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
	tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);

	for (i = 0; i < preflen; i++) {
		for (j = 0; j < supplen; j++) {
			if (pref[i] == supp[j])
				return (tls1_ec_curve_id2nid(pref[i]));
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662

		for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
			SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);

			alg_k = c->algorithm_mkey;
			alg_a = c->algorithm_auth;

			if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
			    (alg_a & SSL_aECDSA))) {
				using_ecc = 1;
				break;
			}
		}
	}

	ret += 2;







<
|







687
688
689
690
691
692
693

694
695
696
697
698
699
700
701

		for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
			SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);

			alg_k = c->algorithm_mkey;
			alg_a = c->algorithm_auth;


			if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
				using_ecc = 1;
				break;
			}
		}
	}

	ret += 2;
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
		*(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
		s2n(size_str, ret);
		memcpy(ret, s->tlsext_hostname, size_str);
		ret += size_str;
	}

	/* Add RI if renegotiating */
	if (s->renegotiate) {
		int el;

		if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_renegotiate, ret);
		s2n(el, ret);

		if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		ret += el;
	}

	if (using_ecc) {







|



<
|










<
|







734
735
736
737
738
739
740
741
742
743
744

745
746
747
748
749
750
751
752
753
754
755

756
757
758
759
760
761
762
763
		*(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
		s2n(size_str, ret);
		memcpy(ret, s->tlsext_hostname, size_str);
		ret += size_str;
	}

	/* Add RI if renegotiating */
	if (s->internal->renegotiate) {
		int el;

		if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_renegotiate, ret);
		s2n(el, ret);

		if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		ret += el;
	}

	if (using_ecc) {
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
		if ((size_t)(limit - ret) < 5)
			return NULL;

		lenmax = limit - ret - 5;
		if (formatslen > lenmax)
			return NULL;
		if (formatslen > 255) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		s2n(TLSEXT_TYPE_ec_point_formats, ret);
		s2n(formatslen + 1, ret);
		*(ret++) = (unsigned char)formatslen;
		memcpy(ret, formats, formatslen);
		ret += formatslen;

		/*
		 * Add TLS extension EllipticCurves to the ClientHello message.
		 */
		tls1_get_curvelist(s, 0, &curves, &curveslen);

		if ((size_t)(limit - ret) < 6)
			return NULL;

		lenmax = limit - ret - 6;
		if (curveslen > lenmax)
			return NULL;
		if (curveslen > 65532) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		s2n(TLSEXT_TYPE_elliptic_curves, ret);
		s2n((curveslen * 2) + 2, ret);

		/* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
		 * elliptic_curve_list, but the examples use two bytes.
		 * https://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
		 * resolves this to two bytes.
		 */
		s2n(curveslen * 2, ret);
		for (i = 0; i < curveslen; i++)
			s2n(curves[i], ret);
	}

	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
		int ticklen;
		if (!s->new_session && s->session && s->session->tlsext_tick)
			ticklen = s->session->tlsext_ticklen;
		else if (s->session && s->tlsext_session_ticket &&
		    s->tlsext_session_ticket->data) {
			ticklen = s->tlsext_session_ticket->length;
			s->session->tlsext_tick = malloc(ticklen);
			if (!s->session->tlsext_tick)
				return NULL;
			memcpy(s->session->tlsext_tick,
			    s->tlsext_session_ticket->data, ticklen);
			s->session->tlsext_ticklen = ticklen;
		} else
			ticklen = 0;
		if (ticklen == 0 && s->tlsext_session_ticket &&
		    s->tlsext_session_ticket->data == NULL)
			goto skip_ext;
		/* Check for enough room 2 for extension type, 2 for len
 		 * rest for ticket
  		 */
		if ((size_t)(limit - ret) < 4 + ticklen)
			return NULL;
		s2n(TLSEXT_TYPE_session_ticket, ret);







<
|


















|

|
<
|


















|

|
|
|




|



|
|







774
775
776
777
778
779
780

781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802

803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
		if ((size_t)(limit - ret) < 5)
			return NULL;

		lenmax = limit - ret - 5;
		if (formatslen > lenmax)
			return NULL;
		if (formatslen > 255) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		s2n(TLSEXT_TYPE_ec_point_formats, ret);
		s2n(formatslen + 1, ret);
		*(ret++) = (unsigned char)formatslen;
		memcpy(ret, formats, formatslen);
		ret += formatslen;

		/*
		 * Add TLS extension EllipticCurves to the ClientHello message.
		 */
		tls1_get_curvelist(s, 0, &curves, &curveslen);

		if ((size_t)(limit - ret) < 6)
			return NULL;

		lenmax = limit - ret - 6;
		if (curveslen * 2 > lenmax)
			return NULL;
		if (curveslen * 2 > 65532) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		s2n(TLSEXT_TYPE_elliptic_curves, ret);
		s2n((curveslen * 2) + 2, ret);

		/* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
		 * elliptic_curve_list, but the examples use two bytes.
		 * https://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
		 * resolves this to two bytes.
		 */
		s2n(curveslen * 2, ret);
		for (i = 0; i < curveslen; i++)
			s2n(curves[i], ret);
	}

	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
		int ticklen;
		if (!s->internal->new_session && s->session && s->session->tlsext_tick)
			ticklen = s->session->tlsext_ticklen;
		else if (s->session && s->internal->tlsext_session_ticket &&
		    s->internal->tlsext_session_ticket->data) {
			ticklen = s->internal->tlsext_session_ticket->length;
			s->session->tlsext_tick = malloc(ticklen);
			if (!s->session->tlsext_tick)
				return NULL;
			memcpy(s->session->tlsext_tick,
			    s->internal->tlsext_session_ticket->data, ticklen);
			s->session->tlsext_ticklen = ticklen;
		} else
			ticklen = 0;
		if (ticklen == 0 && s->internal->tlsext_session_ticket &&
		    s->internal->tlsext_session_ticket->data == NULL)
			goto skip_ext;
		/* Check for enough room 2 for extension type, 2 for len
 		 * rest for ticket
  		 */
		if ((size_t)(limit - ret) < 4 + ticklen)
			return NULL;
		s2n(TLSEXT_TYPE_session_ticket, ret);
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873

874
875
876
877
878
879
880
881
882
883
884
885

886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
	    s->version != DTLS1_VERSION) {
		int i;
		long extlen, idlen, itmp;
		OCSP_RESPID *id;

		idlen = 0;
		for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
			id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
			itmp = i2d_OCSP_RESPID(id, NULL);
			if (itmp <= 0)
				return NULL;
			idlen += itmp + 2;
		}

		if (s->tlsext_ocsp_exts) {
			extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
			if (extlen < 0)
				return NULL;
		} else
			extlen = 0;

		if ((size_t)(limit - ret) < 7 + extlen + idlen)
			return NULL;
		s2n(TLSEXT_TYPE_status_request, ret);
		if (extlen + idlen > 0xFFF0)
			return NULL;
		s2n(extlen + idlen + 5, ret);
		*(ret++) = TLSEXT_STATUSTYPE_ocsp;
		s2n(idlen, ret);
		for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
			/* save position of id len */
			unsigned char *q = ret;
			id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
			/* skip over id len */
			ret += 2;
			itmp = i2d_OCSP_RESPID(id, &ret);
			/* write id len */
			s2n(itmp, q);
		}
		s2n(extlen, ret);
		if (extlen > 0)
			i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
	}


	if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
		/* The client advertises an emtpy extension to indicate its
		 * support for Next Protocol Negotiation */
		if ((size_t)(limit - ret) < 4)
			return NULL;
		s2n(TLSEXT_TYPE_next_proto_neg, ret);
		s2n(0, ret);
	}

	if (s->alpn_client_proto_list != NULL &&
	    s->s3->tmp.finish_md_len == 0) {
		if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)

			return (NULL);
		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
		s2n(2 + s->alpn_client_proto_list_len, ret);
		s2n(s->alpn_client_proto_list_len, ret);
		memcpy(ret, s->alpn_client_proto_list,
		    s->alpn_client_proto_list_len);
		ret += s->alpn_client_proto_list_len;
	}

#ifndef OPENSSL_NO_SRTP
	if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
		int el;

		ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_use_srtp, ret);
		s2n(el, ret);

		if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}
		ret += el;
	}
#endif

	/*
	 * Add padding to workaround bugs in F5 terminators.
	 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
	 *
	 * Note that this seems to trigger issues with IronPort SMTP
	 * appliances.
	 *
	 * NB: because this code works out the length of all existing
	 * extensions it MUST always appear last.
	 */
	if (s->options & SSL_OP_TLSEXT_PADDING) {
		int hlen = ret - (unsigned char *)s->init_buf->data;

		/*
		 * The code in s23_clnt.c to build ClientHello messages
		 * includes the 5-byte record header in the buffer, while the
		 * code in s3_clnt.c does not.
		 */
		if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
			hlen -= 5;
		if (hlen > 0xff && hlen < 0x200) {
			hlen = 0x200 - hlen;
			if (hlen >= 4)
				hlen -= 4;
			else
				hlen = 0;







|
|






|
|













|


|








|


>
|








|
|
|
>


|
|
|
|
|















<
|
















|
|






|







864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944

945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
	    s->version != DTLS1_VERSION) {
		int i;
		long extlen, idlen, itmp;
		OCSP_RESPID *id;

		idlen = 0;
		for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
			id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, i);
			itmp = i2d_OCSP_RESPID(id, NULL);
			if (itmp <= 0)
				return NULL;
			idlen += itmp + 2;
		}

		if (s->internal->tlsext_ocsp_exts) {
			extlen = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, NULL);
			if (extlen < 0)
				return NULL;
		} else
			extlen = 0;

		if ((size_t)(limit - ret) < 7 + extlen + idlen)
			return NULL;
		s2n(TLSEXT_TYPE_status_request, ret);
		if (extlen + idlen > 0xFFF0)
			return NULL;
		s2n(extlen + idlen + 5, ret);
		*(ret++) = TLSEXT_STATUSTYPE_ocsp;
		s2n(idlen, ret);
		for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
			/* save position of id len */
			unsigned char *q = ret;
			id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, i);
			/* skip over id len */
			ret += 2;
			itmp = i2d_OCSP_RESPID(id, &ret);
			/* write id len */
			s2n(itmp, q);
		}
		s2n(extlen, ret);
		if (extlen > 0)
			i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ret);
	}

	if (s->ctx->internal->next_proto_select_cb &&
	    !S3I(s)->tmp.finish_md_len) {
		/* The client advertises an emtpy extension to indicate its
		 * support for Next Protocol Negotiation */
		if ((size_t)(limit - ret) < 4)
			return NULL;
		s2n(TLSEXT_TYPE_next_proto_neg, ret);
		s2n(0, ret);
	}

	if (s->internal->alpn_client_proto_list != NULL &&
	    S3I(s)->tmp.finish_md_len == 0) {
		if ((size_t)(limit - ret) <
		    6 + s->internal->alpn_client_proto_list_len)
			return (NULL);
		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
		s2n(2 + s->internal->alpn_client_proto_list_len, ret);
		s2n(s->internal->alpn_client_proto_list_len, ret);
		memcpy(ret, s->internal->alpn_client_proto_list,
		    s->internal->alpn_client_proto_list_len);
		ret += s->internal->alpn_client_proto_list_len;
	}

#ifndef OPENSSL_NO_SRTP
	if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
		int el;

		ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_use_srtp, ret);
		s2n(el, ret);

		if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}
		ret += el;
	}
#endif

	/*
	 * Add padding to workaround bugs in F5 terminators.
	 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
	 *
	 * Note that this seems to trigger issues with IronPort SMTP
	 * appliances.
	 *
	 * NB: because this code works out the length of all existing
	 * extensions it MUST always appear last.
	 */
	if (s->internal->options & SSL_OP_TLSEXT_PADDING) {
		int hlen = ret - (unsigned char *)s->internal->init_buf->data;

		/*
		 * The code in s23_clnt.c to build ClientHello messages
		 * includes the 5-byte record header in the buffer, while the
		 * code in s3_clnt.c does not.
		 */
		if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A)
			hlen -= 5;
		if (hlen > 0xff && hlen < 0x200) {
			hlen = 0x200 - hlen;
			if (hlen >= 4)
				hlen -= 4;
			else
				hlen = 0;
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
{
	int using_ecc, extdatalen = 0;
	unsigned long alg_a, alg_k;
	unsigned char *ret = p;
	int next_proto_neg_seen;

	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
	    alg_a & SSL_aECDSA) &&
	    s->session->tlsext_ecpointformatlist != NULL;

	ret += 2;
	if (ret >= limit)
		return NULL; /* this really never occurs, but ... */

	if (!s->hit && s->servername_done == 1 &&
	    s->session->tlsext_hostname != NULL) {
		if ((size_t)(limit - ret) < 4)
			return NULL;

		s2n(TLSEXT_TYPE_server_name, ret);
		s2n(0, ret);
	}

	if (s->s3->send_connection_binding) {
		int el;

		if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_renegotiate, ret);
		s2n(el, ret);

		if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		ret += el;
	}

	if (using_ecc && s->version != DTLS1_VERSION) {







|
|
<
|
|





|








|



<
|










<
|







994
995
996
997
998
999
1000
1001
1002

1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022

1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033

1034
1035
1036
1037
1038
1039
1040
1041
ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
{
	int using_ecc, extdatalen = 0;
	unsigned long alg_a, alg_k;
	unsigned char *ret = p;
	int next_proto_neg_seen;

	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;

	using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
	    SSI(s)->tlsext_ecpointformatlist != NULL;

	ret += 2;
	if (ret >= limit)
		return NULL; /* this really never occurs, but ... */

	if (!s->internal->hit && s->internal->servername_done == 1 &&
	    s->session->tlsext_hostname != NULL) {
		if ((size_t)(limit - ret) < 4)
			return NULL;

		s2n(TLSEXT_TYPE_server_name, ret);
		s2n(0, ret);
	}

	if (S3I(s)->send_connection_binding) {
		int el;

		if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_renegotiate, ret);
		s2n(el, ret);

		if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		ret += el;
	}

	if (using_ecc && s->version != DTLS1_VERSION) {
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
		if ((size_t)(limit - ret) < 5)
			return NULL;

		lenmax = limit - ret - 5;
		if (formatslen > lenmax)
			return NULL;
		if (formatslen > 255) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		s2n(TLSEXT_TYPE_ec_point_formats, ret);
		s2n(formatslen + 1, ret);
		*(ret++) = (unsigned char)formatslen;
		memcpy(ret, formats, formatslen);
		ret += formatslen;
	}

	/*
	 * Currently the server should not respond with a SupportedCurves
	 * extension.
	 */

	if (s->tlsext_ticket_expected &&
	    !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
		if ((size_t)(limit - ret) < 4)
			return NULL;

		s2n(TLSEXT_TYPE_session_ticket, ret);
		s2n(0, ret);
	}

	if (s->tlsext_status_expected) {
		if ((size_t)(limit - ret) < 4)
			return NULL;

		s2n(TLSEXT_TYPE_status_request, ret);
		s2n(0, ret);
	}

#ifndef OPENSSL_NO_SRTP
	if (SSL_IS_DTLS(s) && s->srtp_profile) {
		int el;

		ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_use_srtp, ret);
		s2n(el, ret);

		if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
			    ERR_R_INTERNAL_ERROR);
			return NULL;
		}
		ret += el;
	}
#endif

	if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
	    (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
	    (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
		static const unsigned char cryptopro_ext[36] = {
			0xfd, 0xe8, /*65000*/
			0x00, 0x20, /*32 bytes length*/
			0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
			0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
			0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
			0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
		};
		if ((size_t)(limit - ret) < sizeof(cryptopro_ext))
			return NULL;
		memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
		ret += sizeof(cryptopro_ext);
	}

	next_proto_neg_seen = s->s3->next_proto_neg_seen;
	s->s3->next_proto_neg_seen = 0;
	if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
		const unsigned char *npa;
		unsigned int npalen;
		int r;

		r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
		    s->ctx->next_protos_advertised_cb_arg);
		if (r == SSL_TLSEXT_ERR_OK) {
			if ((size_t)(limit - ret) < 4 + npalen)
				return NULL;
			s2n(TLSEXT_TYPE_next_proto_neg, ret);
			s2n(npalen, ret);
			memcpy(ret, npa, npalen);
			ret += npalen;
			s->s3->next_proto_neg_seen = 1;
		}
	}

	if (s->s3->alpn_selected != NULL) {
		const unsigned char *selected = s->s3->alpn_selected;
		unsigned int len = s->s3->alpn_selected_len;

		if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
			return (NULL);
		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
		s2n(3 + len, ret);
		s2n(1 + len, ret);
		*ret++ = len;







<
|















|








|








|











<
|






|
|















|
|
|




|
|







|



|
|
|







1050
1051
1052
1053
1054
1055
1056

1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102

1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
		if ((size_t)(limit - ret) < 5)
			return NULL;

		lenmax = limit - ret - 5;
		if (formatslen > lenmax)
			return NULL;
		if (formatslen > 255) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}

		s2n(TLSEXT_TYPE_ec_point_formats, ret);
		s2n(formatslen + 1, ret);
		*(ret++) = (unsigned char)formatslen;
		memcpy(ret, formats, formatslen);
		ret += formatslen;
	}

	/*
	 * Currently the server should not respond with a SupportedCurves
	 * extension.
	 */

	if (s->internal->tlsext_ticket_expected &&
	    !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
		if ((size_t)(limit - ret) < 4)
			return NULL;

		s2n(TLSEXT_TYPE_session_ticket, ret);
		s2n(0, ret);
	}

	if (s->internal->tlsext_status_expected) {
		if ((size_t)(limit - ret) < 4)
			return NULL;

		s2n(TLSEXT_TYPE_status_request, ret);
		s2n(0, ret);
	}

#ifndef OPENSSL_NO_SRTP
	if (SSL_IS_DTLS(s) && s->internal->srtp_profile) {
		int el;

		ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);

		if ((size_t)(limit - ret) < 4 + el)
			return NULL;

		s2n(TLSEXT_TYPE_use_srtp, ret);
		s2n(el, ret);

		if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {

			SSLerror(s, ERR_R_INTERNAL_ERROR);
			return NULL;
		}
		ret += el;
	}
#endif

	if (((S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
	    (S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
	    (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
		static const unsigned char cryptopro_ext[36] = {
			0xfd, 0xe8, /*65000*/
			0x00, 0x20, /*32 bytes length*/
			0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
			0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
			0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
			0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
		};
		if ((size_t)(limit - ret) < sizeof(cryptopro_ext))
			return NULL;
		memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
		ret += sizeof(cryptopro_ext);
	}

	next_proto_neg_seen = S3I(s)->next_proto_neg_seen;
	S3I(s)->next_proto_neg_seen = 0;
	if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) {
		const unsigned char *npa;
		unsigned int npalen;
		int r;

		r = s->ctx->internal->next_protos_advertised_cb(s, &npa, &npalen,
		    s->ctx->internal->next_protos_advertised_cb_arg);
		if (r == SSL_TLSEXT_ERR_OK) {
			if ((size_t)(limit - ret) < 4 + npalen)
				return NULL;
			s2n(TLSEXT_TYPE_next_proto_neg, ret);
			s2n(npalen, ret);
			memcpy(ret, npa, npalen);
			ret += npalen;
			S3I(s)->next_proto_neg_seen = 1;
		}
	}

	if (S3I(s)->alpn_selected != NULL) {
		const unsigned char *selected = S3I(s)->alpn_selected;
		unsigned int len = S3I(s)->alpn_selected_len;

		if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
			return (NULL);
		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
		s2n(3 + len, ret);
		s2n(1 + len, ret);
		*ret++ = len;
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
    unsigned int data_len, int *al)
{
	CBS cbs, proto_name_list, alpn;
	const unsigned char *selected;
	unsigned char selected_len;
	int r;

	if (s->ctx->alpn_select_cb == NULL)
		return (1);

	if (data_len < 2)
		goto parse_error;

	CBS_init(&cbs, data, data_len);








|







1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
    unsigned int data_len, int *al)
{
	CBS cbs, proto_name_list, alpn;
	const unsigned char *selected;
	unsigned char selected_len;
	int r;

	if (s->ctx->internal->alpn_select_cb == NULL)
		return (1);

	if (data_len < 2)
		goto parse_error;

	CBS_init(&cbs, data, data_len);

1175
1176
1177
1178
1179
1180
1181
1182
1183

1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208

1209
1210
1211
1212
1213
1214
1215
1216

1217
1218
1219



1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230

1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
		CBS proto_name;

		if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name) ||
		    CBS_len(&proto_name) == 0)
			goto parse_error;
	}

	r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
	    CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg);

	if (r == SSL_TLSEXT_ERR_OK) {
		free(s->s3->alpn_selected);
		if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
			*al = SSL_AD_INTERNAL_ERROR;
			return (-1);
		}
		memcpy(s->s3->alpn_selected, selected, selected_len);
		s->s3->alpn_selected_len = selected_len;
	}

	return (1);

parse_error:
	*al = SSL_AD_DECODE_ERROR;
	return (0);
}

int
ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
    int n, int *al)
{
	unsigned short type;
	unsigned short size;
	unsigned short len;
	unsigned char *data = *p;

	int renegotiate_seen = 0;
	int sigalg_seen = 0;

	s->servername_done = 0;
	s->tlsext_status_type = -1;
	s->s3->next_proto_neg_seen = 0;
	free(s->s3->alpn_selected);
	s->s3->alpn_selected = NULL;


	if (data >= (d + n - 2))
		goto ri_check;



	n2s(data, len);

	if (data > (d + n - len))
		goto ri_check;

	while (data <= (d + n - 4)) {
		n2s(data, type);
		n2s(data, size);

		if (data + size > (d + n))
			goto ri_check;

		if (s->tlsext_debug_cb)
			s->tlsext_debug_cb(s, 0, type, data, size,
			    s->tlsext_debug_arg);
/* The servername extension is treated as follows:

   - Only the hostname type is supported with a maximum length of 255.
   - The servername is rejected if too long or if it contains zeros,
     in which case an fatal alert is generated.
   - The servername field is maintained together with the session cache.
   - When a session is resumed, the servername call back invoked in order







|
|
>

|
|



|
|

















>



|

|
|
|
>

|

>
>
>


|
|

|



|
|
>
|
|
|







1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
		CBS proto_name;

		if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name) ||
		    CBS_len(&proto_name) == 0)
			goto parse_error;
	}

	r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len,
	    CBS_data(&alpn), CBS_len(&alpn),
	    s->ctx->internal->alpn_select_cb_arg);
	if (r == SSL_TLSEXT_ERR_OK) {
		free(S3I(s)->alpn_selected);
		if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
			*al = SSL_AD_INTERNAL_ERROR;
			return (-1);
		}
		memcpy(S3I(s)->alpn_selected, selected, selected_len);
		S3I(s)->alpn_selected_len = selected_len;
	}

	return (1);

parse_error:
	*al = SSL_AD_DECODE_ERROR;
	return (0);
}

int
ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
    int n, int *al)
{
	unsigned short type;
	unsigned short size;
	unsigned short len;
	unsigned char *data = *p;
	unsigned char *end = d + n;
	int renegotiate_seen = 0;
	int sigalg_seen = 0;

	s->internal->servername_done = 0;
	s->tlsext_status_type = -1;
	S3I(s)->next_proto_neg_seen = 0;
	free(S3I(s)->alpn_selected);
	S3I(s)->alpn_selected = NULL;
	s->internal->srtp_profile = NULL;

	if (data == end)
		goto ri_check;

	if (end - data < 2)
		goto err;
	n2s(data, len);

	if (end - data != len)
		goto err;

	while (end - data >= 4) {
		n2s(data, type);
		n2s(data, size);

		if (end - data < size)
			goto err;

		if (s->internal->tlsext_debug_cb)
			s->internal->tlsext_debug_cb(s, 0, type, data, size,
			    s->internal->tlsext_debug_arg);
/* The servername extension is treated as follows:

   - Only the hostname type is supported with a maximum length of 255.
   - The servername is rejected if too long or if it contains zeros,
     in which case an fatal alert is generated.
   - The servername field is maintained together with the session cache.
   - When a session is resumed, the servername call back invoked in order
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
				n2s(sdata, len);
				dsize -= 3;

				if (len > dsize) {
					*al = SSL_AD_DECODE_ERROR;
					return 0;
				}
				if (s->servername_done == 0)
					switch (servname_type) {
					case TLSEXT_NAMETYPE_host_name:
						if (!s->hit) {
							if (s->session->tlsext_hostname) {
								*al = SSL_AD_DECODE_ERROR;
								return 0;
							}
							if (len > TLSEXT_MAXLEN_host_name) {
								*al = TLS1_AD_UNRECOGNIZED_NAME;
								return 0;







|


|







1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
				n2s(sdata, len);
				dsize -= 3;

				if (len > dsize) {
					*al = SSL_AD_DECODE_ERROR;
					return 0;
				}
				if (s->internal->servername_done == 0)
					switch (servname_type) {
					case TLSEXT_NAMETYPE_host_name:
						if (!s->internal->hit) {
							if (s->session->tlsext_hostname) {
								*al = SSL_AD_DECODE_ERROR;
								return 0;
							}
							if (len > TLSEXT_MAXLEN_host_name) {
								*al = TLS1_AD_UNRECOGNIZED_NAME;
								return 0;
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
							s->session->tlsext_hostname[len] = '\0';
							if (strlen(s->session->tlsext_hostname) != len) {
								free(s->session->tlsext_hostname);
								s->session->tlsext_hostname = NULL;
								*al = TLS1_AD_UNRECOGNIZED_NAME;
								return 0;
							}
							s->servername_done = 1;


						} else {
							s->servername_done = s->session->tlsext_hostname &&
							    strlen(s->session->tlsext_hostname) == len &&
							    strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
						}
						break;

					default:
						break;







|



|







1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
							s->session->tlsext_hostname[len] = '\0';
							if (strlen(s->session->tlsext_hostname) != len) {
								free(s->session->tlsext_hostname);
								s->session->tlsext_hostname = NULL;
								*al = TLS1_AD_UNRECOGNIZED_NAME;
								return 0;
							}
							s->internal->servername_done = 1;


						} else {
							s->internal->servername_done = s->session->tlsext_hostname &&
							    strlen(s->session->tlsext_hostname) == len &&
							    strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
						}
						break;

					default:
						break;
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
			}
			formatslen = *(sdata++);
			if (formatslen != size - 1) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}

			if (!s->hit) {
				free(s->session->tlsext_ecpointformatlist);
				s->session->tlsext_ecpointformatlist = NULL;
				s->session->tlsext_ecpointformatlist_length = 0;

				if ((formats = reallocarray(NULL, formatslen,
				    sizeof(uint8_t))) == NULL) {
					*al = TLS1_AD_INTERNAL_ERROR;
					return 0;
				}
				memcpy(formats, sdata, formatslen);
				s->session->tlsext_ecpointformatlist = formats;
				s->session->tlsext_ecpointformatlist_length =
				    formatslen;
			}
		} else if (type == TLSEXT_TYPE_elliptic_curves &&
		    s->version != DTLS1_VERSION) {
			unsigned char *sdata = data;
			size_t curveslen, i;
			uint16_t *curves;

			if (size < 2) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}
			n2s(sdata, curveslen);
			if (curveslen != size - 2 || curveslen % 2 != 0) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}
			curveslen /= 2;

			if (!s->hit) {
				if (s->session->tlsext_ellipticcurvelist) {
					*al = TLS1_AD_DECODE_ERROR;
					return 0;
				}
				s->session->tlsext_ellipticcurvelist_length = 0;
				if ((curves = reallocarray(NULL, curveslen,
				    sizeof(uint16_t))) == NULL) {
					*al = TLS1_AD_INTERNAL_ERROR;
					return 0;
				}
				for (i = 0; i < curveslen; i++)
					n2s(sdata, curves[i]);
				s->session->tlsext_ellipticcurvelist = curves;
				s->session->tlsext_ellipticcurvelist_length = curveslen;
			}
		}
		else if (type == TLSEXT_TYPE_session_ticket) {
			if (s->tls_session_ticket_ext_cb &&
			    !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
		} else if (type == TLSEXT_TYPE_renegotiate) {
			if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
				return 0;
			renegotiate_seen = 1;







|
|
|
|







|
|



















|
|



|







|
|

<
|
|
|







1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434

1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
			}
			formatslen = *(sdata++);
			if (formatslen != size - 1) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}

			if (!s->internal->hit) {
				free(SSI(s)->tlsext_ecpointformatlist);
				SSI(s)->tlsext_ecpointformatlist = NULL;
				SSI(s)->tlsext_ecpointformatlist_length = 0;

				if ((formats = reallocarray(NULL, formatslen,
				    sizeof(uint8_t))) == NULL) {
					*al = TLS1_AD_INTERNAL_ERROR;
					return 0;
				}
				memcpy(formats, sdata, formatslen);
				SSI(s)->tlsext_ecpointformatlist = formats;
				SSI(s)->tlsext_ecpointformatlist_length =
				    formatslen;
			}
		} else if (type == TLSEXT_TYPE_elliptic_curves &&
		    s->version != DTLS1_VERSION) {
			unsigned char *sdata = data;
			size_t curveslen, i;
			uint16_t *curves;

			if (size < 2) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}
			n2s(sdata, curveslen);
			if (curveslen != size - 2 || curveslen % 2 != 0) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}
			curveslen /= 2;

			if (!s->internal->hit) {
				if (SSI(s)->tlsext_supportedgroups) {
					*al = TLS1_AD_DECODE_ERROR;
					return 0;
				}
				SSI(s)->tlsext_supportedgroups_length = 0;
				if ((curves = reallocarray(NULL, curveslen,
				    sizeof(uint16_t))) == NULL) {
					*al = TLS1_AD_INTERNAL_ERROR;
					return 0;
				}
				for (i = 0; i < curveslen; i++)
					n2s(sdata, curves[i]);
				SSI(s)->tlsext_supportedgroups = curves;
				SSI(s)->tlsext_supportedgroups_length = curveslen;
			}

		} else if (type == TLSEXT_TYPE_session_ticket) {
			if (s->internal->tls_session_ticket_ext_cb &&
			    !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
		} else if (type == TLSEXT_TYPE_renegotiate) {
			if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
				return 0;
			renegotiate_seen = 1;
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
				}

				/*
				 * We remove any OCSP_RESPIDs from a
				 * previous handshake to prevent
				 * unbounded memory growth.
				 */
				sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
				    OCSP_RESPID_free);
				s->tlsext_ocsp_ids = NULL;
				if (dsize > 0) {
					s->tlsext_ocsp_ids =
					    sk_OCSP_RESPID_new_null();
					if (s->tlsext_ocsp_ids == NULL) {
						*al = SSL_AD_INTERNAL_ERROR;
						return 0;
					}
				}

				while (dsize > 0) {
					OCSP_RESPID *id;







|

|

|

|







1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
				}

				/*
				 * We remove any OCSP_RESPIDs from a
				 * previous handshake to prevent
				 * unbounded memory growth.
				 */
				sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids,
				    OCSP_RESPID_free);
				s->internal->tlsext_ocsp_ids = NULL;
				if (dsize > 0) {
					s->internal->tlsext_ocsp_ids =
					    sk_OCSP_RESPID_new_null();
					if (s->internal->tlsext_ocsp_ids == NULL) {
						*al = SSL_AD_INTERNAL_ERROR;
						return 0;
					}
				}

				while (dsize > 0) {
					OCSP_RESPID *id;
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573




1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587




1588
1589
1590
1591
1592
1593
1594
					}
					if (data != sdata) {
						OCSP_RESPID_free(id);
						*al = SSL_AD_DECODE_ERROR;
						return 0;
					}
					if (!sk_OCSP_RESPID_push(
					    s->tlsext_ocsp_ids, id)) {
						OCSP_RESPID_free(id);
						*al = SSL_AD_INTERNAL_ERROR;
						return 0;
					}
				}

				/* Read in request_extensions */
				if (size < 2) {
					*al = SSL_AD_DECODE_ERROR;
					return 0;
				}
				n2s(data, dsize);
				size -= 2;
				if (dsize != size) {
					*al = SSL_AD_DECODE_ERROR;
					return 0;
				}
				sdata = data;
				if (dsize > 0) {
					if (s->tlsext_ocsp_exts) {
						sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
						    X509_EXTENSION_free);
					}

					s->tlsext_ocsp_exts =
					    d2i_X509_EXTENSIONS(NULL,
					    &sdata, dsize);
					if (!s->tlsext_ocsp_exts ||
						    (data + dsize != sdata)) {
						*al = SSL_AD_DECODE_ERROR;
						return 0;
					}
				}
			} else {
				/* We don't know what to do with any other type
 			 	* so ignore it.
 			 	*/
				s->tlsext_status_type = -1;
			}
		}
		else if (type == TLSEXT_TYPE_next_proto_neg &&
		    s->s3->tmp.finish_md_len == 0 &&
		    s->s3->alpn_selected == NULL) {
			/* We shouldn't accept this extension on a
			 * renegotiation.
			 *
			 * s->new_session will be set on renegotiation, but we
			 * probably shouldn't rely that it couldn't be set on
			 * the initial renegotation too in certain cases (when
			 * there's some other reason to disallow resuming an
			 * earlier session -- the current code won't be doing
			 * anything like that, but this might change).

			 * A valid sign that there's been a previous handshake
			 * in this connection is if s->s3->tmp.finish_md_len >
			 * 0.  (We are talking about a check that will happen
			 * in the Hello protocol round, well before a new
			 * Finished message could have been computed.) */
			s->s3->next_proto_neg_seen = 1;
		}
		else if (type ==
		    TLSEXT_TYPE_application_layer_protocol_negotiation &&
		    s->ctx->alpn_select_cb != NULL &&
		    s->s3->tmp.finish_md_len == 0) {
			if (tls1_alpn_handle_client_hello(s, data,
			    size, al) != 1)
				return (0);
			/* ALPN takes precedence over NPN. */
			s->s3->next_proto_neg_seen = 0;
		}

		/* session ticket processed earlier */
#ifndef OPENSSL_NO_SRTP
		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
			if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
				return 0;
		}
#endif

		data += size;
	}





	*p = data;

ri_check:

	/* Need RI if renegotiating */

	if (!renegotiate_seen && s->renegotiate) {
		*al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
		    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
		return 0;
	}

	return 1;




}

/*
 * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
 * elements of zero length are allowed and the set of elements must exactly fill
 * the length of the block.
 */







|



















<
|
|
|
<
|


|













|
|



|







|



|



|
|




|













>
>
>
>






|

<
|




>
>
>
>







1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547

1548
1549
1550

1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620

1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
					}
					if (data != sdata) {
						OCSP_RESPID_free(id);
						*al = SSL_AD_DECODE_ERROR;
						return 0;
					}
					if (!sk_OCSP_RESPID_push(
					    s->internal->tlsext_ocsp_ids, id)) {
						OCSP_RESPID_free(id);
						*al = SSL_AD_INTERNAL_ERROR;
						return 0;
					}
				}

				/* Read in request_extensions */
				if (size < 2) {
					*al = SSL_AD_DECODE_ERROR;
					return 0;
				}
				n2s(data, dsize);
				size -= 2;
				if (dsize != size) {
					*al = SSL_AD_DECODE_ERROR;
					return 0;
				}
				sdata = data;
				if (dsize > 0) {

					sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
					    X509_EXTENSION_free);


					s->internal->tlsext_ocsp_exts =
					    d2i_X509_EXTENSIONS(NULL,
					    &sdata, dsize);
					if (!s->internal->tlsext_ocsp_exts ||
						    (data + dsize != sdata)) {
						*al = SSL_AD_DECODE_ERROR;
						return 0;
					}
				}
			} else {
				/* We don't know what to do with any other type
 			 	* so ignore it.
 			 	*/
				s->tlsext_status_type = -1;
			}
		}
		else if (type == TLSEXT_TYPE_next_proto_neg &&
		    S3I(s)->tmp.finish_md_len == 0 &&
		    S3I(s)->alpn_selected == NULL) {
			/* We shouldn't accept this extension on a
			 * renegotiation.
			 *
			 * s->internal->new_session will be set on renegotiation, but we
			 * probably shouldn't rely that it couldn't be set on
			 * the initial renegotation too in certain cases (when
			 * there's some other reason to disallow resuming an
			 * earlier session -- the current code won't be doing
			 * anything like that, but this might change).

			 * A valid sign that there's been a previous handshake
			 * in this connection is if S3I(s)->tmp.finish_md_len >
			 * 0.  (We are talking about a check that will happen
			 * in the Hello protocol round, well before a new
			 * Finished message could have been computed.) */
			S3I(s)->next_proto_neg_seen = 1;
		}
		else if (type ==
		    TLSEXT_TYPE_application_layer_protocol_negotiation &&
		    s->ctx->internal->alpn_select_cb != NULL &&
		    S3I(s)->tmp.finish_md_len == 0) {
			if (tls1_alpn_handle_client_hello(s, data,
			    size, al) != 1)
				return (0);
			/* ALPN takes precedence over NPN. */
			S3I(s)->next_proto_neg_seen = 0;
		}

		/* session ticket processed earlier */
#ifndef OPENSSL_NO_SRTP
		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
			if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
				return 0;
		}
#endif

		data += size;
	}

	/* Spurious data on the end */
	if (data != end)
		goto err;

	*p = data;

ri_check:

	/* Need RI if renegotiating */

	if (!renegotiate_seen && s->internal->renegotiate) {
		*al = SSL_AD_HANDSHAKE_FAILURE;

		SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
		return 0;
	}

	return 1;

err:
	*al = SSL_AD_DECODE_ERROR;
	return 0;
}

/*
 * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
 * elements of zero length are allowed and the set of elements must exactly fill
 * the length of the block.
 */
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616

1617
1618
1619
1620
1621
1622
1623
1624
1625
1626


1627
1628
1629
1630
1631


1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
		    CBS_len(&value) == 0)
			return 0;
	}
	return 1;
}

int
ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
    int n, int *al)
{
	unsigned short length;
	unsigned short type;
	unsigned short size;
	unsigned char *data = *p;

	int tlsext_servername = 0;
	int renegotiate_seen = 0;

	s->s3->next_proto_neg_seen = 0;
	free(s->s3->alpn_selected);
	s->s3->alpn_selected = NULL;

	if (data >= (d + n - 2))
		goto ri_check;



	n2s(data, length);
	if (data + length != d + n) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
	}



	while (data <= (d + n - 4)) {
		n2s(data, type);
		n2s(data, size);

		if (data + size > (d + n))
			goto ri_check;

		if (s->tlsext_debug_cb)
			s->tlsext_debug_cb(s, 1, type, data, size,
			    s->tlsext_debug_arg);

		if (type == TLSEXT_TYPE_server_name) {
			if (s->tlsext_hostname == NULL || size > 0) {
				*al = TLS1_AD_UNRECOGNIZED_NAME;
				return 0;
			}
			tlsext_servername = 1;







|
<

|
|
|

>



|
|
|

|


>
>
|
<
<
<
|
>
>

|



|
|

|
|
|







1645
1646
1647
1648
1649
1650
1651
1652

1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671



1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
		    CBS_len(&value) == 0)
			return 0;
	}
	return 1;
}

int
ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)

{
	unsigned short type;
	unsigned short size;
	unsigned short len;
	unsigned char *data = *p;
	unsigned char *end = *p + n;
	int tlsext_servername = 0;
	int renegotiate_seen = 0;

	S3I(s)->next_proto_neg_seen = 0;
	free(S3I(s)->alpn_selected);
	S3I(s)->alpn_selected = NULL;

	if (data == end)
		goto ri_check;

	if (end - data < 2)
		goto err;
	n2s(data, len);




	if (end - data != len)
		goto err;

	while (end - data >= 4) {
		n2s(data, type);
		n2s(data, size);

		if (end - data < size)
			goto err;

		if (s->internal->tlsext_debug_cb)
			s->internal->tlsext_debug_cb(s, 1, type, data, size,
			    s->internal->tlsext_debug_arg);

		if (type == TLSEXT_TYPE_server_name) {
			if (s->tlsext_hostname == NULL || size > 0) {
				*al = TLS1_AD_UNRECOGNIZED_NAME;
				return 0;
			}
			tlsext_servername = 1;
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722

1723


1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
			}
			formatslen = *(sdata++);
			if (formatslen != size - 1) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}

			if (!s->hit) {
				free(s->session->tlsext_ecpointformatlist);
				s->session->tlsext_ecpointformatlist = NULL;
				s->session->tlsext_ecpointformatlist_length = 0;

				if ((formats = reallocarray(NULL, formatslen,
				    sizeof(uint8_t))) == NULL) {
					*al = TLS1_AD_INTERNAL_ERROR;
					return 0;
				}
				memcpy(formats, sdata, formatslen);
				s->session->tlsext_ecpointformatlist = formats;
				s->session->tlsext_ecpointformatlist_length =
				    formatslen;
			}
		}
		else if (type == TLSEXT_TYPE_session_ticket) {
			if (s->tls_session_ticket_ext_cb &&
			    !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
			if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			s->tlsext_ticket_expected = 1;
		}
		else if (type == TLSEXT_TYPE_status_request &&
		    s->version != DTLS1_VERSION) {
			/* MUST be empty and only sent if we've requested
			 * a status request message.
			 */
			if ((s->tlsext_status_type == -1) || (size > 0)) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			/* Set flag to expect CertificateStatus message */
			s->tlsext_status_expected = 1;
		}
		else if (type == TLSEXT_TYPE_next_proto_neg &&
		    s->s3->tmp.finish_md_len == 0) {
			unsigned char *selected;
			unsigned char selected_len;

			/* We must have requested it. */
			if (s->ctx->next_proto_select_cb == NULL) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			/* The data must be valid */
			if (!ssl_next_proto_validate(data, size)) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}

			if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) {


				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
			s->next_proto_negotiated = malloc(selected_len);
			if (!s->next_proto_negotiated) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
			memcpy(s->next_proto_negotiated, selected, selected_len);
			s->next_proto_negotiated_len = selected_len;
			s->s3->next_proto_neg_seen = 1;
		}
		else if (type ==
		    TLSEXT_TYPE_application_layer_protocol_negotiation) {
			unsigned int len;

			/* We must have requested it. */
			if (s->alpn_client_proto_list == NULL) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			if (size < 4) {
				*al = TLS1_AD_DECODE_ERROR;
				return (0);
			}







|
|
|
|







|
|




|
|







|











|


|




|








>
|
>
>



|
|



|
|
|






|







1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
			}
			formatslen = *(sdata++);
			if (formatslen != size - 1) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}

			if (!s->internal->hit) {
				free(SSI(s)->tlsext_ecpointformatlist);
				SSI(s)->tlsext_ecpointformatlist = NULL;
				SSI(s)->tlsext_ecpointformatlist_length = 0;

				if ((formats = reallocarray(NULL, formatslen,
				    sizeof(uint8_t))) == NULL) {
					*al = TLS1_AD_INTERNAL_ERROR;
					return 0;
				}
				memcpy(formats, sdata, formatslen);
				SSI(s)->tlsext_ecpointformatlist = formats;
				SSI(s)->tlsext_ecpointformatlist_length =
				    formatslen;
			}
		}
		else if (type == TLSEXT_TYPE_session_ticket) {
			if (s->internal->tls_session_ticket_ext_cb &&
			    !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
			if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			s->internal->tlsext_ticket_expected = 1;
		}
		else if (type == TLSEXT_TYPE_status_request &&
		    s->version != DTLS1_VERSION) {
			/* MUST be empty and only sent if we've requested
			 * a status request message.
			 */
			if ((s->tlsext_status_type == -1) || (size > 0)) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			/* Set flag to expect CertificateStatus message */
			s->internal->tlsext_status_expected = 1;
		}
		else if (type == TLSEXT_TYPE_next_proto_neg &&
		    S3I(s)->tmp.finish_md_len == 0) {
			unsigned char *selected;
			unsigned char selected_len;

			/* We must have requested it. */
			if (s->ctx->internal->next_proto_select_cb == NULL) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			/* The data must be valid */
			if (!ssl_next_proto_validate(data, size)) {
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
			}
			if (s->ctx->internal->next_proto_select_cb(s, &selected,
			    &selected_len, data, size,
			    s->ctx->internal->next_proto_select_cb_arg) !=
			    SSL_TLSEXT_ERR_OK) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
			s->internal->next_proto_negotiated = malloc(selected_len);
			if (!s->internal->next_proto_negotiated) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
			}
			memcpy(s->internal->next_proto_negotiated, selected, selected_len);
			s->internal->next_proto_negotiated_len = selected_len;
			S3I(s)->next_proto_neg_seen = 1;
		}
		else if (type ==
		    TLSEXT_TYPE_application_layer_protocol_negotiation) {
			unsigned int len;

			/* We must have requested it. */
			if (s->internal->alpn_client_proto_list == NULL) {
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
			}
			if (size < 4) {
				*al = TLS1_AD_DECODE_ERROR;
				return (0);
			}
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
				return (0);
			}
			len = data[2];
			if (len != (unsigned int)size - 3) {
				*al = TLS1_AD_DECODE_ERROR;
				return (0);
			}
			free(s->s3->alpn_selected);
			s->s3->alpn_selected = malloc(len);
			if (s->s3->alpn_selected == NULL) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return (0);
			}
			memcpy(s->s3->alpn_selected, data + 3, len);
			s->s3->alpn_selected_len = len;

		} else if (type == TLSEXT_TYPE_renegotiate) {
			if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
				return 0;
			renegotiate_seen = 1;
		}
#ifndef OPENSSL_NO_SRTP
		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
			if (ssl_parse_serverhello_use_srtp_ext(s, data,
			    size, al))
				return 0;
		}
#endif

		data += size;

	}

	if (data != d + n) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
	}

	if (!s->hit && tlsext_servername == 1) {
		if (s->tlsext_hostname) {
			if (s->session->tlsext_hostname == NULL) {
				s->session->tlsext_hostname =
				    strdup(s->tlsext_hostname);

				if (!s->session->tlsext_hostname) {
					*al = SSL_AD_UNRECOGNIZED_NAME;







|
|
|



|
|


















|




|







1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
				return (0);
			}
			len = data[2];
			if (len != (unsigned int)size - 3) {
				*al = TLS1_AD_DECODE_ERROR;
				return (0);
			}
			free(S3I(s)->alpn_selected);
			S3I(s)->alpn_selected = malloc(len);
			if (S3I(s)->alpn_selected == NULL) {
				*al = TLS1_AD_INTERNAL_ERROR;
				return (0);
			}
			memcpy(S3I(s)->alpn_selected, data + 3, len);
			S3I(s)->alpn_selected_len = len;

		} else if (type == TLSEXT_TYPE_renegotiate) {
			if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
				return 0;
			renegotiate_seen = 1;
		}
#ifndef OPENSSL_NO_SRTP
		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
			if (ssl_parse_serverhello_use_srtp_ext(s, data,
			    size, al))
				return 0;
		}
#endif

		data += size;

	}

	if (data != end) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
	}

	if (!s->internal->hit && tlsext_servername == 1) {
		if (s->tlsext_hostname) {
			if (s->session->tlsext_hostname == NULL) {
				s->session->tlsext_hostname =
				    strdup(s->tlsext_hostname);

				if (!s->session->tlsext_hostname) {
					*al = SSL_AD_UNRECOGNIZED_NAME;
1817
1818
1819
1820
1821
1822
1823
1824

1825
1826
1827
1828
1829
1830
1831




1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848

1849
1850

1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890

1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
	/* Determine if we need to see RI. Strictly speaking if we want to
	 * avoid an attack we should *always* see RI even on initial server
	 * hello because the client doesn't see any renegotiation during an
	 * attack. However this would mean we could not connect to any server
	 * which doesn't support RI so for the immediate future tolerate RI
	 * absence on initial connect only.
	 */
	if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {

		*al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
		    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
		return 0;
	}

	return 1;




}

int
ssl_check_clienthello_tlsext_early(SSL *s)
{
	int ret = SSL_TLSEXT_ERR_NOACK;
	int al = SSL_AD_UNRECOGNIZED_NAME;

	/* The handling of the ECPointFormats extension is done elsewhere, namely in
	 * ssl3_choose_cipher in s3_lib.c.
	 */
	/* The handling of the EllipticCurves extension is done elsewhere, namely in
	 * ssl3_choose_cipher in s3_lib.c.
	 */

	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);

	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);


	switch (ret) {
	case SSL_TLSEXT_ERR_ALERT_FATAL:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		return -1;
	case SSL_TLSEXT_ERR_ALERT_WARNING:
		ssl3_send_alert(s, SSL3_AL_WARNING, al);
		return 1;
	case SSL_TLSEXT_ERR_NOACK:
		s->servername_done = 0;
	default:
		return 1;
	}
}

int
ssl_check_clienthello_tlsext_late(SSL *s)
{
	int ret = SSL_TLSEXT_ERR_OK;
	int al = 0;	/* XXX gcc3 */

	/* If status request then ask callback what to do.
 	 * Note: this must be called after servername callbacks in case
 	 * the certificate has changed, and must be called after the cipher
	 * has been chosen because this may influence which certificate is sent
 	 */
	if ((s->tlsext_status_type != -1) &&
	    s->ctx && s->ctx->tlsext_status_cb) {
		int r;
		CERT_PKEY *certpkey;
		certpkey = ssl_get_server_send_pkey(s);
		/* If no certificate can't return certificate status */
		if (certpkey == NULL) {
			s->tlsext_status_expected = 0;
			return 1;
		}
		/* Set current certificate to one we will use so
		 * SSL_get_certificate et al can pick it up.
		 */
		s->cert->key = certpkey;

		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
		switch (r) {
			/* We don't want to send a status request response */
		case SSL_TLSEXT_ERR_NOACK:
			s->tlsext_status_expected = 0;
			break;
			/* status request response should be sent */
		case SSL_TLSEXT_ERR_OK:
			if (s->tlsext_ocsp_resp)
				s->tlsext_status_expected = 1;
			else
				s->tlsext_status_expected = 0;
			break;
			/* something bad happened */
		case SSL_TLSEXT_ERR_ALERT_FATAL:
			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
			al = SSL_AD_INTERNAL_ERROR;
			goto err;
		}
	} else
		s->tlsext_status_expected = 0;

err:
	switch (ret) {
	case SSL_TLSEXT_ERR_ALERT_FATAL:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		return -1;
	case SSL_TLSEXT_ERR_ALERT_WARNING:







|
>

<
|




>
>
>
>















|
|
>
|
|
>









|

















|





|






>
|



|



|
|

|








|







1863
1864
1865
1866
1867
1868
1869
1870
1871
1872

1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
	/* Determine if we need to see RI. Strictly speaking if we want to
	 * avoid an attack we should *always* see RI even on initial server
	 * hello because the client doesn't see any renegotiation during an
	 * attack. However this would mean we could not connect to any server
	 * which doesn't support RI so for the immediate future tolerate RI
	 * absence on initial connect only.
	 */
	if (!renegotiate_seen &&
	    !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
		*al = SSL_AD_HANDSHAKE_FAILURE;

		SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
		return 0;
	}

	return 1;

err:
	*al = SSL_AD_DECODE_ERROR;
	return 0;
}

int
ssl_check_clienthello_tlsext_early(SSL *s)
{
	int ret = SSL_TLSEXT_ERR_NOACK;
	int al = SSL_AD_UNRECOGNIZED_NAME;

	/* The handling of the ECPointFormats extension is done elsewhere, namely in
	 * ssl3_choose_cipher in s3_lib.c.
	 */
	/* The handling of the EllipticCurves extension is done elsewhere, namely in
	 * ssl3_choose_cipher in s3_lib.c.
	 */

	if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)
		ret = s->ctx->internal->tlsext_servername_callback(s, &al,
		    s->ctx->internal->tlsext_servername_arg);
	else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)
		ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,
		    s->initial_ctx->internal->tlsext_servername_arg);

	switch (ret) {
	case SSL_TLSEXT_ERR_ALERT_FATAL:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		return -1;
	case SSL_TLSEXT_ERR_ALERT_WARNING:
		ssl3_send_alert(s, SSL3_AL_WARNING, al);
		return 1;
	case SSL_TLSEXT_ERR_NOACK:
		s->internal->servername_done = 0;
	default:
		return 1;
	}
}

int
ssl_check_clienthello_tlsext_late(SSL *s)
{
	int ret = SSL_TLSEXT_ERR_OK;
	int al = 0;	/* XXX gcc3 */

	/* If status request then ask callback what to do.
 	 * Note: this must be called after servername callbacks in case
 	 * the certificate has changed, and must be called after the cipher
	 * has been chosen because this may influence which certificate is sent
 	 */
	if ((s->tlsext_status_type != -1) &&
	    s->ctx && s->ctx->internal->tlsext_status_cb) {
		int r;
		CERT_PKEY *certpkey;
		certpkey = ssl_get_server_send_pkey(s);
		/* If no certificate can't return certificate status */
		if (certpkey == NULL) {
			s->internal->tlsext_status_expected = 0;
			return 1;
		}
		/* Set current certificate to one we will use so
		 * SSL_get_certificate et al can pick it up.
		 */
		s->cert->key = certpkey;
		r = s->ctx->internal->tlsext_status_cb(s,
		    s->ctx->internal->tlsext_status_arg);
		switch (r) {
			/* We don't want to send a status request response */
		case SSL_TLSEXT_ERR_NOACK:
			s->internal->tlsext_status_expected = 0;
			break;
			/* status request response should be sent */
		case SSL_TLSEXT_ERR_OK:
			if (s->internal->tlsext_ocsp_resp)
				s->internal->tlsext_status_expected = 1;
			else
				s->internal->tlsext_status_expected = 0;
			break;
			/* something bad happened */
		case SSL_TLSEXT_ERR_ALERT_FATAL:
			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
			al = SSL_AD_INTERNAL_ERROR;
			goto err;
		}
	} else
		s->internal->tlsext_status_expected = 0;

err:
	switch (ret) {
	case SSL_TLSEXT_ERR_ALERT_FATAL:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		return -1;
	case SSL_TLSEXT_ERR_ALERT_WARNING:
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962

1963
1964

1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977

1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
	int ret = SSL_TLSEXT_ERR_NOACK;
	int al = SSL_AD_UNRECOGNIZED_NAME;

	/* If we are client and using an elliptic curve cryptography cipher
	 * suite, then if server returns an EC point formats lists extension
	 * it must contain uncompressed.
	 */
	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
	if ((s->tlsext_ecpointformatlist != NULL) &&
	    (s->tlsext_ecpointformatlist_length > 0) &&
	    (s->session->tlsext_ecpointformatlist != NULL) &&
	    (s->session->tlsext_ecpointformatlist_length > 0) &&
	    ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
		/* we are using an ECC cipher */
		size_t i;
		unsigned char *list;
		int found_uncompressed = 0;
		list = s->session->tlsext_ecpointformatlist;
		for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
			if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
				found_uncompressed = 1;
				break;
			}
		}
		if (!found_uncompressed) {
			SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
			return -1;
		}
	}
	ret = SSL_TLSEXT_ERR_OK;

	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);

	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);


	/* If we've requested certificate status and we wont get one
 	 * tell the callback
 	 */
	if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
	    s->ctx && s->ctx->tlsext_status_cb) {
		int r;
		/* Set resp to NULL, resplen to -1 so callback knows
 		 * there is no response.
 		 */
		free(s->tlsext_ocsp_resp);
		s->tlsext_ocsp_resp = NULL;
		s->tlsext_ocsp_resplen = -1;

		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
		if (r == 0) {
			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		}
		if (r < 0) {
			al = SSL_AD_INTERNAL_ERROR;
			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		}
	}

	switch (ret) {
	case SSL_TLSEXT_ERR_ALERT_FATAL:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);

		return -1;
	case SSL_TLSEXT_ERR_ALERT_WARNING:
		ssl3_send_alert(s, SSL3_AL_WARNING, al);

		return 1;
	case SSL_TLSEXT_ERR_NOACK:
		s->servername_done = 0;
	default:
		return 1;
	}
}

/* Since the server cache lookup is done early on in the processing of the
 * ClientHello, and other operations depend on the result, we need to handle
 * any TLS session ticket extension at the same time.
 *
 *   session_id: points at the session ID in the ClientHello. This code will
 *       read past the end of this in order to parse out the session ticket
 *       extension, if any.
 *   len: the length of the session ID.
 *   limit: a pointer to the first byte after the ClientHello.
 *   ret: (output) on return, if a ticket was decrypted, then this is set to
 *       point to the resulting session.
 *
 * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
 * ciphersuite, in which case we have no use for session tickets and one will
 * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
 *
 * Returns:
 *   -1: fatal error, either from parsing or decrypting the ticket.
 *    0: no ticket was found (or was ignored, based on settings).
 *    1: a zero length extension was found, indicating that the client supports
 *       session tickets but doesn't currently have one to offer.
 *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
 *       couldn't be decrypted because of a non-fatal error.
 *    3: a ticket was successfully decrypted and *ret was set.
 *
 * Side effects:
 *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
 *   a new session ticket to the client because the client indicated support
 *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
 *   a session ticket or we couldn't use the one it gave us, or if
 *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
 *   Otherwise, s->tlsext_ticket_expected is set to 0.
 */
int
tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
    const unsigned char *limit, SSL_SESSION **ret)
{
	/* Point after session ID in client hello */
	CBS session_id, cookie, cipher_list, compress_algo, extensions;

	*ret = NULL;
	s->tlsext_ticket_expected = 0;

	/* If tickets disabled behave as if no ticket present
	 * to permit stateful resumption.
	 */
	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
		return 0;
	if (!limit)







|
|
|
|
|
|
|




|
|






|





|
|
>
|
|
>




|
|




|
|
|
>
|




















|

















|

|






|




|

|


|









|







1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
	int ret = SSL_TLSEXT_ERR_NOACK;
	int al = SSL_AD_UNRECOGNIZED_NAME;

	/* If we are client and using an elliptic curve cryptography cipher
	 * suite, then if server returns an EC point formats lists extension
	 * it must contain uncompressed.
	 */
	unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
	unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
	if ((s->internal->tlsext_ecpointformatlist != NULL) &&
	    (s->internal->tlsext_ecpointformatlist_length > 0) &&
	    (SSI(s)->tlsext_ecpointformatlist != NULL) &&
	    (SSI(s)->tlsext_ecpointformatlist_length > 0) &&
	    ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
		/* we are using an ECC cipher */
		size_t i;
		unsigned char *list;
		int found_uncompressed = 0;
		list = SSI(s)->tlsext_ecpointformatlist;
		for (i = 0; i < SSI(s)->tlsext_ecpointformatlist_length; i++) {
			if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
				found_uncompressed = 1;
				break;
			}
		}
		if (!found_uncompressed) {
			SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
			return -1;
		}
	}
	ret = SSL_TLSEXT_ERR_OK;

	if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)
		ret = s->ctx->internal->tlsext_servername_callback(s, &al,
		    s->ctx->internal->tlsext_servername_arg);
	else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)
		ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,
		    s->initial_ctx->internal->tlsext_servername_arg);

	/* If we've requested certificate status and we wont get one
 	 * tell the callback
 	 */
	if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) &&
	    s->ctx && s->ctx->internal->tlsext_status_cb) {
		int r;
		/* Set resp to NULL, resplen to -1 so callback knows
 		 * there is no response.
 		 */
		free(s->internal->tlsext_ocsp_resp);
		s->internal->tlsext_ocsp_resp = NULL;
		s->internal->tlsext_ocsp_resplen = -1;
		r = s->ctx->internal->tlsext_status_cb(s,
		    s->ctx->internal->tlsext_status_arg);
		if (r == 0) {
			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		}
		if (r < 0) {
			al = SSL_AD_INTERNAL_ERROR;
			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		}
	}

	switch (ret) {
	case SSL_TLSEXT_ERR_ALERT_FATAL:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);

		return -1;
	case SSL_TLSEXT_ERR_ALERT_WARNING:
		ssl3_send_alert(s, SSL3_AL_WARNING, al);

		return 1;
	case SSL_TLSEXT_ERR_NOACK:
		s->internal->servername_done = 0;
	default:
		return 1;
	}
}

/* Since the server cache lookup is done early on in the processing of the
 * ClientHello, and other operations depend on the result, we need to handle
 * any TLS session ticket extension at the same time.
 *
 *   session_id: points at the session ID in the ClientHello. This code will
 *       read past the end of this in order to parse out the session ticket
 *       extension, if any.
 *   len: the length of the session ID.
 *   limit: a pointer to the first byte after the ClientHello.
 *   ret: (output) on return, if a ticket was decrypted, then this is set to
 *       point to the resulting session.
 *
 * If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key
 * ciphersuite, in which case we have no use for session tickets and one will
 * never be decrypted, nor will s->internal->tlsext_ticket_expected be set to 1.
 *
 * Returns:
 *   -1: fatal error, either from parsing or decrypting the ticket.
 *    0: no ticket was found (or was ignored, based on settings).
 *    1: a zero length extension was found, indicating that the client supports
 *       session tickets but doesn't currently have one to offer.
 *    2: either s->internal->tls_session_secret_cb was set, or a ticket was offered but
 *       couldn't be decrypted because of a non-fatal error.
 *    3: a ticket was successfully decrypted and *ret was set.
 *
 * Side effects:
 *   Sets s->internal->tlsext_ticket_expected to 1 if the server will have to issue
 *   a new session ticket to the client because the client indicated support
 *   (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have
 *   a session ticket or we couldn't use the one it gave us, or if
 *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
 *   Otherwise, s->internal->tlsext_ticket_expected is set to 0.
 */
int
tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
    const unsigned char *limit, SSL_SESSION **ret)
{
	/* Point after session ID in client hello */
	CBS session_id, cookie, cipher_list, compress_algo, extensions;

	*ret = NULL;
	s->internal->tlsext_ticket_expected = 0;

	/* If tickets disabled behave as if no ticket present
	 * to permit stateful resumption.
	 */
	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
		return 0;
	if (!limit)
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
			return -1;

		if (ext_type == TLSEXT_TYPE_session_ticket) {
			int r;
			if (CBS_len(&ext_data) == 0) {
				/* The client will accept a ticket but doesn't
				 * currently have one. */
				s->tlsext_ticket_expected = 1;
				return 1;
			}
			if (s->tls_session_secret_cb) {
				/* Indicate that the ticket couldn't be
				 * decrypted rather than generating the session
				 * from ticket now, trigger abbreviated
				 * handshake based on external mechanism to
				 * calculate the master secret later. */
				return 2;
			}

			r = tls_decrypt_ticket(s, CBS_data(&ext_data),
			    CBS_len(&ext_data), session, session_len, ret);

			switch (r) {
			case 2: /* ticket couldn't be decrypted */
				s->tlsext_ticket_expected = 1;
				return 2;
			case 3: /* ticket was decrypted */
				return r;
			case 4: /* ticket decrypted but need to renew */
				s->tlsext_ticket_expected = 1;
				return 3;
			default: /* fatal error */
				return -1;
			}
		}
	}
	return 0;







|


|













|




|







2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
			return -1;

		if (ext_type == TLSEXT_TYPE_session_ticket) {
			int r;
			if (CBS_len(&ext_data) == 0) {
				/* The client will accept a ticket but doesn't
				 * currently have one. */
				s->internal->tlsext_ticket_expected = 1;
				return 1;
			}
			if (s->internal->tls_session_secret_cb) {
				/* Indicate that the ticket couldn't be
				 * decrypted rather than generating the session
				 * from ticket now, trigger abbreviated
				 * handshake based on external mechanism to
				 * calculate the master secret later. */
				return 2;
			}

			r = tls_decrypt_ticket(s, CBS_data(&ext_data),
			    CBS_len(&ext_data), session, session_len, ret);

			switch (r) {
			case 2: /* ticket couldn't be decrypted */
				s->internal->tlsext_ticket_expected = 1;
				return 2;
			case 3: /* ticket was decrypted */
				return r;
			case 4: /* ticket decrypted but need to renew */
				s->internal->tlsext_ticket_expected = 1;
				return 3;
			default: /* fatal error */
				return -1;
			}
		}
	}
	return 0;
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188

2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
	 */
	if (eticklen < 16 + EVP_MAX_IV_LENGTH)
		return 2;

	/* Initialize session ticket encryption and HMAC contexts */
	HMAC_CTX_init(&hctx);
	EVP_CIPHER_CTX_init(&ctx);
	if (tctx->tlsext_ticket_key_cb) {
		unsigned char *nctick = (unsigned char *)etick;
		int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
		    &ctx, &hctx, 0);
		if (rv < 0) {
			HMAC_CTX_cleanup(&hctx);
			EVP_CIPHER_CTX_cleanup(&ctx);
			return -1;
		}
		if (rv == 0) {
			HMAC_CTX_cleanup(&hctx);
			EVP_CIPHER_CTX_cleanup(&ctx);
			return 2;
		}
		if (rv == 2)
			renew_ticket = 1;
	} else {
		/* Check key name matches */
		if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16))

			return 2;
		HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
		    tlsext_tick_md(), NULL);
		EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
		    tctx->tlsext_tick_aes_key, etick + 16);
	}

	/*
	 * Attempt to process session ticket, first conduct sanity and
	 * integrity checks on ticket.
	 */
	mlen = HMAC_size(&hctx);







|

|
|














|
>

|
|

|







2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
	 */
	if (eticklen < 16 + EVP_MAX_IV_LENGTH)
		return 2;

	/* Initialize session ticket encryption and HMAC contexts */
	HMAC_CTX_init(&hctx);
	EVP_CIPHER_CTX_init(&ctx);
	if (tctx->internal->tlsext_ticket_key_cb) {
		unsigned char *nctick = (unsigned char *)etick;
		int rv = tctx->internal->tlsext_ticket_key_cb(s,
		    nctick, nctick + 16, &ctx, &hctx, 0);
		if (rv < 0) {
			HMAC_CTX_cleanup(&hctx);
			EVP_CIPHER_CTX_cleanup(&ctx);
			return -1;
		}
		if (rv == 0) {
			HMAC_CTX_cleanup(&hctx);
			EVP_CIPHER_CTX_cleanup(&ctx);
			return 2;
		}
		if (rv == 2)
			renew_ticket = 1;
	} else {
		/* Check key name matches */
		if (timingsafe_memcmp(etick,
		    tctx->internal->tlsext_tick_key_name, 16))
			return 2;
		HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key,
		    16, tlsext_tick_md(), NULL);
		EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
		    tctx->internal->tlsext_tick_aes_key, etick + 16);
	}

	/*
	 * Attempt to process session ticket, first conduct sanity and
	 * integrity checks on ticket.
	 */
	mlen = HMAC_size(&hctx);
Changes to jni/libressl/ssl/t1_meth.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t1_meth.c,v 1.16 2015/02/06 08:30:23 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t1_meth.c,v 1.23 2017/01/26 05:31:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
60
61
62
63
64
65
66
67
68


69
70
71
72
73
74
75
76
77




78
79
80
81
82




83
84
85
86
87


88









89
90



91
92
93
94



95
96

97
98
99









100


101
102
103
104
105
106
107
108
109




110
111
112
113
114




115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132


133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178




179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

#include <openssl/objects.h>

#include "ssl_locl.h"

static const SSL_METHOD *tls1_get_method(int ver);

const SSL_METHOD TLS_method_data = {
	.version = TLS1_2_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl23_accept,
	.ssl_connect = ssl23_connect,
	.ssl_read = ssl23_read,
	.ssl_peek = ssl23_peek,
	.ssl_write = ssl23_write,
	.ssl_shutdown = ssl_undefined_function,




	.ssl_renegotiate = ssl_undefined_function,
	.ssl_renegotiate_check = ssl_ok,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,


	.ssl_pending = ssl_undefined_const_function,









	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,



	.get_ssl_method = tls1_get_method,
	.get_timeout = ssl23_default_timeout,
	.ssl3_enc = &ssl3_undef_enc_method,
	.ssl_version = ssl_undefined_void_function,



	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,

};

const SSL_METHOD TLSv1_method_data = {









	.version = TLS1_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,




	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD TLSv1_1_method_data = {
	.version = TLS1_1_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD TLSv1_2_method_data = {
	.version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_2_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

static const SSL_METHOD *
tls1_get_method(int ver)
{
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_method());







|

>
>



|
|
|
|
|
|
>
>
>
>





>
>
>
>

|
|


>
>
|
>
>
>
>
>
>
>
>
>
|
|
>
>
>

|
<

>
>
>
|
|
>


|
>
>
>
>
>
>
>
>
>
|
>
>









>
>
>
>





>
>
>
>

|
|


<
<
<
<
<
|
<
<
<


|
|
>
>









<
<
<
<
<
<
<
<
<
<

<
<


<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





>
>
>
>

|
|


<
<
<
<
<
|
<
<
<







60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165





166



167
168
169
170
171
172
173
174
175
176
177
178
179
180
181










182


183
184

185















186
187
188
189
190
191
192
193
194
195
196
197
198
199





200



201
202
203
204
205
206
207

#include <openssl/objects.h>

#include "ssl_locl.h"

static const SSL_METHOD *tls1_get_method(int ver);

static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
	.version = TLS1_2_VERSION,
	.min_version = TLS1_VERSION,
	.max_version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl_undefined_function,
	.ssl_renegotiate_check = ssl_ok,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_2_enc_data,
};

static const SSL_METHOD TLS_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.internal = &TLS_method_internal_data,
};

static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
	.version = TLS1_VERSION,
	.min_version = TLS1_VERSION,
	.max_version = TLS1_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_enc_data,
};

static const SSL_METHOD TLSv1_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.internal = &TLSv1_method_internal_data,
};

static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
	.version = TLS1_1_VERSION,
	.min_version = TLS1_1_VERSION,
	.max_version = TLS1_1_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_1_enc_data,
};

static const SSL_METHOD TLSv1_1_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,





	.internal = &TLSv1_1_method_internal_data,



};

static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
	.version = TLS1_2_VERSION,
	.min_version = TLS1_2_VERSION,
	.max_version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl3_connect,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,










	.ssl_pending = ssl3_pending,


	.get_ssl_method = tls1_get_method,
	.get_timeout = tls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,















	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_2_enc_data,
};

static const SSL_METHOD TLSv1_2_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,





	.internal = &TLSv1_2_method_internal_data,



};

static const SSL_METHOD *
tls1_get_method(int ver)
{
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_method());
Changes to jni/libressl/ssl/t1_reneg.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t1_reneg.c,v 1.10 2015/06/20 04:04:36 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t1_reneg.c,v 1.15 2017/02/07 02:08:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

/* Add the client's renegotiation binding */
int
ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    int maxlen)
{
	if (p) {
		if ((s->s3->previous_client_finished_len + 1) > maxlen) {
			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
			    SSL_R_RENEGOTIATE_EXT_TOO_LONG);
			return 0;
		}

		/* Length byte */
		*p = s->s3->previous_client_finished_len;
		p++;

		memcpy(p, s->s3->previous_client_finished,
		    s->s3->previous_client_finished_len);

	}

	*len = s->s3->previous_client_finished_len + 1;

	return 1;
}

/* Parse the client's renegotiation binding and abort if it's not
   right */
int
ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
    int *al)
{
	CBS cbs, reneg;

	if (len < 0) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	CBS_init(&cbs, d, len);
	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
	    /* Consistency check */
	    CBS_len(&cbs) != 0) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	/* Check that the extension matches */
	if (CBS_len(&reneg) != s->s3->previous_client_finished_len) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}

	if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
	    s->s3->previous_client_finished_len)) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}

	s->s3->send_connection_binding = 1;

	return 1;
}

/* Add the server's renegotiation binding */
int
ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    int maxlen)
{
	if (p) {
		if ((s->s3->previous_client_finished_len +
		    s->s3->previous_server_finished_len + 1) > maxlen) {
			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
			    SSL_R_RENEGOTIATE_EXT_TOO_LONG);
			return 0;
		}

		/* Length byte */
		*p = s->s3->previous_client_finished_len +
		    s->s3->previous_server_finished_len;
		p++;

		memcpy(p, s->s3->previous_client_finished,
		    s->s3->previous_client_finished_len);
		p += s->s3->previous_client_finished_len;

		memcpy(p, s->s3->previous_server_finished,
		    s->s3->previous_server_finished_len);

	}

	*len = s->s3->previous_client_finished_len +
	    s->s3->previous_server_finished_len + 1;

	return 1;
}

/* Parse the server's renegotiation binding and abort if it's not
   right */
int
ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
{
	CBS cbs, reneg, previous_client, previous_server;
	int expected_len = s->s3->previous_client_finished_len +
	    s->s3->previous_server_finished_len;

	/* Check for logic errors */
	OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
	OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);

	if (len < 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	CBS_init(&cbs, d, len);

	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
	    /* Consistency check */
	    CBS_len(&cbs) != 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	/* Check that the extension matches */
	if (CBS_len(&reneg) != expected_len ||
	    !CBS_get_bytes(&reneg, &previous_client,
	    s->s3->previous_client_finished_len) ||
	    !CBS_get_bytes(&reneg, &previous_server,
	    s->s3->previous_server_finished_len) ||
	    CBS_len(&reneg) != 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}

	if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
	    CBS_len(&previous_client))) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}
	if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
	    CBS_len(&previous_server))) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
		    SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	s->s3->send_connection_binding = 1;

	return 1;
}







|
<
|




|


|
|



|













<
|








<
|





|
<
|




|
|
<
|




|










|
|
<
|




|
|


|
|
|

|
|



|
|










|
|


|
|


<
|









<
|







|

|

<
|




|

<
|



|

<
|




|



118
119
120
121
122
123
124
125

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

153
154
155
156
157
158
159
160
161

162
163
164
165
166
167
168

169
170
171
172
173
174
175

176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

232
233
234
235
236
237
238
239
240
241

242
243
244
245
246
247
248
249
250
251
252
253

254
255
256
257
258
259
260

261
262
263
264
265
266

267
268
269
270
271
272
273
274
275

/* Add the client's renegotiation binding */
int
ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    int maxlen)
{
	if (p) {
		if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {

			SSLerror(s, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
			return 0;
		}

		/* Length byte */
		*p = S3I(s)->previous_client_finished_len;
		p++;

		memcpy(p, S3I(s)->previous_client_finished,
		    S3I(s)->previous_client_finished_len);

	}

	*len = S3I(s)->previous_client_finished_len + 1;

	return 1;
}

/* Parse the client's renegotiation binding and abort if it's not
   right */
int
ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
    int *al)
{
	CBS cbs, reneg;

	if (len < 0) {

		SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	CBS_init(&cbs, d, len);
	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
	    /* Consistency check */
	    CBS_len(&cbs) != 0) {

		SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	/* Check that the extension matches */
	if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {

		SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}

	if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
	    S3I(s)->previous_client_finished_len)) {

		SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}

	S3I(s)->send_connection_binding = 1;

	return 1;
}

/* Add the server's renegotiation binding */
int
ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    int maxlen)
{
	if (p) {
		if ((S3I(s)->previous_client_finished_len +
		    S3I(s)->previous_server_finished_len + 1) > maxlen) {

			SSLerror(s, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
			return 0;
		}

		/* Length byte */
		*p = S3I(s)->previous_client_finished_len +
		    S3I(s)->previous_server_finished_len;
		p++;

		memcpy(p, S3I(s)->previous_client_finished,
		    S3I(s)->previous_client_finished_len);
		p += S3I(s)->previous_client_finished_len;

		memcpy(p, S3I(s)->previous_server_finished,
		    S3I(s)->previous_server_finished_len);

	}

	*len = S3I(s)->previous_client_finished_len +
	    S3I(s)->previous_server_finished_len + 1;

	return 1;
}

/* Parse the server's renegotiation binding and abort if it's not
   right */
int
ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
{
	CBS cbs, reneg, previous_client, previous_server;
	int expected_len = S3I(s)->previous_client_finished_len +
	    S3I(s)->previous_server_finished_len;

	/* Check for logic errors */
	OPENSSL_assert(!expected_len || S3I(s)->previous_client_finished_len);
	OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len);

	if (len < 0) {

		SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	CBS_init(&cbs, d, len);

	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
	    /* Consistency check */
	    CBS_len(&cbs) != 0) {

		SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	/* Check that the extension matches */
	if (CBS_len(&reneg) != expected_len ||
	    !CBS_get_bytes(&reneg, &previous_client,
	    S3I(s)->previous_client_finished_len) ||
	    !CBS_get_bytes(&reneg, &previous_server,
	    S3I(s)->previous_server_finished_len) ||
	    CBS_len(&reneg) != 0) {

		SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}

	if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
	    CBS_len(&previous_client))) {

		SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_HANDSHAKE_FAILURE;
		return 0;
	}
	if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
	    CBS_len(&previous_server))) {

		SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
		*al = SSL_AD_ILLEGAL_PARAMETER;
		return 0;
	}

	S3I(s)->send_connection_binding = 1;

	return 1;
}
Changes to jni/libressl/ssl/t1_srvr.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: t1_srvr.c,v 1.18 2015/02/06 08:30:23 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: t1_srvr.c,v 1.25 2017/01/26 05:31:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80




81
82
83
84
85




86
87
88
89
90











91
92
93



94
95
96
97



98
99

100
101
102









103


104
105
106
107
108
109
110
111
112




113
114
115
116
117




118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135


136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181




182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

static const SSL_METHOD *tls1_get_server_method(int ver);

const SSL_METHOD TLS_server_method_data = {
	.version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl23_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl23_read,
	.ssl_peek = ssl23_peek,
	.ssl_write = ssl23_write,
	.ssl_shutdown = ssl_undefined_function,




	.ssl_renegotiate = ssl_undefined_function,
	.ssl_renegotiate_check = ssl_ok,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,











	.ssl_pending = ssl_undefined_const_function,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,



	.get_ssl_method = tls1_get_server_method,
	.get_timeout = ssl23_default_timeout,
	.ssl3_enc = &ssl3_undef_enc_method,
	.ssl_version = ssl_undefined_void_function,



	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,

};

const SSL_METHOD TLSv1_server_method_data = {









	.version = TLS1_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,




	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD TLSv1_1_server_method_data = {
	.version = TLS1_1_VERSION,


	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_1_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

const SSL_METHOD TLSv1_2_server_method_data = {
	.version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,




	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.ssl_ctrl = ssl3_ctrl,
	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.ssl_pending = ssl3_pending,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,
	.ssl3_enc = &TLSv1_2_enc_data,
	.ssl_version = ssl_undefined_void_function,
	.ssl_callback_ctrl = ssl3_callback_ctrl,
	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};

static const SSL_METHOD *
tls1_get_server_method(int ver)
{
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_server_method());
	if (ver == TLS1_1_VERSION)
		return (TLSv1_1_server_method());
	if (ver == TLS1_VERSION)







|
|
|
|



|

|
|
|
|
>
>
>
>





>
>
>
>

|
|


>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
>

|
<

>
>
>
|
|
>


|
>
>
>
>
>
>
>
>
>
|
>
>









>
>
>
>





>
>
>
>

|
|


<
<
<
|
<
<
<
<
<


|
|
>
>









<
<
<
<
<
<
<
<
<
<

<
<


<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





>
>
>
>

|
|


<
<
<
<
<
|
<
<
<


|







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166



167





168
169
170
171
172
173
174
175
176
177
178
179
180
181
182










183


184
185

186















187
188
189
190
191
192
193
194
195
196
197
198
199
200





201



202
203
204
205
206
207
208
209
210
211
#include "ssl_locl.h"

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
	.version = TLS1_2_VERSION,
	.min_version = TLS1_VERSION,
	.max_version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl_undefined_function,
	.ssl_renegotiate_check = ssl_ok,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_2_enc_data,
};

static const SSL_METHOD TLS_server_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.internal = &TLS_server_method_internal_data,
};

static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
	.version = TLS1_VERSION,
	.min_version = TLS1_VERSION,
	.max_version = TLS1_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_enc_data,
};

static const SSL_METHOD TLSv1_server_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,
	.internal = &TLSv1_server_method_internal_data,
};

static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
	.version = TLS1_1_VERSION,
	.min_version = TLS1_1_VERSION,
	.max_version = TLS1_1_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,
	.ssl_pending = ssl3_pending,
	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,
	.ssl_version = ssl_undefined_void_function,
	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_1_enc_data,
};

static const SSL_METHOD TLSv1_1_server_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,



	.internal = &TLSv1_1_server_method_internal_data,





};

static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
	.version = TLS1_2_VERSION,
	.min_version = TLS1_2_VERSION,
	.max_version = TLS1_2_VERSION,
	.ssl_new = tls1_new,
	.ssl_clear = tls1_clear,
	.ssl_free = tls1_free,
	.ssl_accept = ssl3_accept,
	.ssl_connect = ssl_undefined_function,
	.ssl_read = ssl3_read,
	.ssl_peek = ssl3_peek,
	.ssl_write = ssl3_write,
	.ssl_shutdown = ssl3_shutdown,










	.ssl_pending = ssl3_pending,


	.get_ssl_method = tls1_get_server_method,
	.get_timeout = tls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,















	.ssl_renegotiate = ssl3_renegotiate,
	.ssl_renegotiate_check = ssl3_renegotiate_check,
	.ssl_get_message = ssl3_get_message,
	.ssl_read_bytes = ssl3_read_bytes,
	.ssl_write_bytes = ssl3_write_bytes,
	.ssl3_enc = &TLSv1_2_enc_data,
};

static const SSL_METHOD TLSv1_2_server_method_data = {
	.ssl_dispatch_alert = ssl3_dispatch_alert,
	.num_ciphers = ssl3_num_ciphers,
	.get_cipher = ssl3_get_cipher,
	.get_cipher_by_char = ssl3_get_cipher_by_char,
	.put_cipher_by_char = ssl3_put_cipher_by_char,





	.internal = &TLSv1_2_server_method_internal_data,



};

const SSL_METHOD *
tls1_get_server_method(int ver)
{
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_server_method());
	if (ver == TLS1_1_VERSION)
		return (TLSv1_1_server_method());
	if (ver == TLS1_VERSION)
Changes to jni/libressl/tests/CMakeLists.txt.
1
2
3
4
5
6
7
8
9
10
11














12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

206

207

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241

242



243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273















274
275
276
277
278
279
280
281
282
283
284
285
286
287
288





289
290
291

292



293
294
295

296



297
298
299

300



301
302
303

304



305
306
307
308
309
310
311




























312
313
314
315
316
317
318
319
320
















include_directories(
	.
	../include
	../include/compat
	../crypto/modes
	../crypto/asn1
	../ssl
	../apps/openssl
	../apps/openssl/compat
)















# aeadtest
add_executable(aeadtest aeadtest.c)
target_link_libraries(aeadtest ${OPENSSL_LIBS})
add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh)
set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# aes_wrap
add_executable(aes_wrap aes_wrap.c)
target_link_libraries(aes_wrap ${OPENSSL_LIBS})
add_test(aes_wrap aes_wrap)

# arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does.
if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
add_executable(arc4randomforktest arc4randomforktest.c)
target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
endif()

# asn1test
add_executable(asn1test asn1test.c)
target_link_libraries(asn1test ${OPENSSL_LIBS})
add_test(asn1test asn1test)

# asn1time
add_executable(asn1time asn1time.c)
target_link_libraries(asn1time ${OPENSSL_LIBS})
add_test(asn1time asn1time)

# base64test
add_executable(base64test base64test.c)
target_link_libraries(base64test ${OPENSSL_LIBS})
add_test(base64test base64test)

# bftest
add_executable(bftest bftest.c)
target_link_libraries(bftest ${OPENSSL_LIBS})
add_test(bftest bftest)

# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
if(ENABLE_EXTRATESTS)
	add_executable(biotest biotest.c)
	target_link_libraries(biotest ${OPENSSL_LIBS})
	add_test(biotest biotest)
endif()

# bntest
add_executable(bntest bntest.c)

target_link_libraries(bntest ${OPENSSL_LIBS})
add_test(bntest bntest)

# bytestringtest
add_executable(bytestringtest bytestringtest.c)
target_link_libraries(bytestringtest ${OPENSSL_LIBS})
add_test(bytestringtest bytestringtest)

# casttest
add_executable(casttest casttest.c)
target_link_libraries(casttest ${OPENSSL_LIBS})
add_test(casttest casttest)

# chachatest
add_executable(chachatest chachatest.c)
target_link_libraries(chachatest ${OPENSSL_LIBS})
add_test(chachatest chachatest)

# cipher_list
add_executable(cipher_list cipher_list.c)
target_link_libraries(cipher_list ${OPENSSL_LIBS})
add_test(cipher_list cipher_list)

# cipherstest
add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${OPENSSL_LIBS})
add_test(cipherstest cipherstest)

# clienttest
add_executable(clienttest clienttest.c)
target_link_libraries(clienttest ${OPENSSL_LIBS})
add_test(clienttest clienttest)

# cts128test
add_executable(cts128test cts128test.c)
target_link_libraries(cts128test ${OPENSSL_LIBS})
add_test(cts128test cts128test)

# destest
add_executable(destest destest.c)
target_link_libraries(destest ${OPENSSL_LIBS})
add_test(destest destest)

# dhtest
add_executable(dhtest dhtest.c)
target_link_libraries(dhtest ${OPENSSL_LIBS})
add_test(dhtest dhtest)

# dsatest
add_executable(dsatest dsatest.c)
target_link_libraries(dsatest ${OPENSSL_LIBS})
add_test(dsatest dsatest)

# ecdhtest
add_executable(ecdhtest ecdhtest.c)
target_link_libraries(ecdhtest ${OPENSSL_LIBS})
add_test(ecdhtest ecdhtest)

# ecdsatest
add_executable(ecdsatest ecdsatest.c)
target_link_libraries(ecdsatest ${OPENSSL_LIBS})
add_test(ecdsatest ecdsatest)

# ectest
add_executable(ectest ectest.c)
target_link_libraries(ectest ${OPENSSL_LIBS})
add_test(ectest ectest)

# enginetest
add_executable(enginetest enginetest.c)
target_link_libraries(enginetest ${OPENSSL_LIBS})
add_test(enginetest enginetest)

# evptest
add_executable(evptest evptest.c)
target_link_libraries(evptest ${OPENSSL_LIBS})
add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if(NOT CMAKE_HOST_WIN32)
if(HAVE_MEMMEM)
	add_executable(explicit_bzero explicit_bzero.c)
else()
	add_executable(explicit_bzero explicit_bzero.c memmem.c)
endif()
target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
add_test(explicit_bzero explicit_bzero)
endif()

# exptest
add_executable(exptest exptest.c)

target_link_libraries(exptest ${OPENSSL_LIBS})
add_test(exptest exptest)

# gcm128test
add_executable(gcm128test gcm128test.c)
target_link_libraries(gcm128test ${OPENSSL_LIBS})
add_test(gcm128test gcm128test)

# gost2814789t
add_executable(gost2814789t gost2814789t.c)
target_link_libraries(gost2814789t ${OPENSSL_LIBS})
add_test(gost2814789t gost2814789t)

# hmactest
add_executable(hmactest hmactest.c)
target_link_libraries(hmactest ${OPENSSL_LIBS})
add_test(hmactest hmactest)

# ideatest
add_executable(ideatest ideatest.c)
target_link_libraries(ideatest ${OPENSSL_LIBS})
add_test(ideatest ideatest)

# igetest
add_executable(igetest igetest.c)
target_link_libraries(igetest ${OPENSSL_LIBS})
add_test(igetest igetest)

# md4test
add_executable(md4test md4test.c)
target_link_libraries(md4test ${OPENSSL_LIBS})
add_test(md4test md4test)

# md5test
add_executable(md5test md5test.c)
target_link_libraries(md5test ${OPENSSL_LIBS})
add_test(md5test md5test)

# mont
add_executable(mont mont.c)
target_link_libraries(mont ${OPENSSL_LIBS})
add_test(mont mont)

# ocsp_test
if(ENABLE_EXTRATESTS)
	if(NOT "${OPENSSLDIR}" STREQUAL "")
		add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
	else()
		add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
	endif()
	add_executable(ocsp_test ocsp_test.c)
	target_link_libraries(ocsp_test ${OPENSSL_LIBS})

	add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)

	set_tests_properties(ocsptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

endif()

# optionstest
add_executable(optionstest optionstest.c)
target_link_libraries(optionstest ${OPENSSL_LIBS})
add_test(optionstest optionstest)

# pbkdf2
add_executable(pbkdf2 pbkdf2.c)
target_link_libraries(pbkdf2 ${OPENSSL_LIBS})
add_test(pbkdf2 pbkdf2)

# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if(ENABLE_EXTRATESTS)
	add_executable(pidwraptest pidwraptest.c)
	target_link_libraries(pidwraptest ${OPENSSL_LIBS})
	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
endif()

# pkcs7test
add_executable(pkcs7test pkcs7test.c)
target_link_libraries(pkcs7test ${OPENSSL_LIBS})
add_test(pkcs7test pkcs7test)

# poly1305test
add_executable(poly1305test poly1305test.c)
target_link_libraries(poly1305test ${OPENSSL_LIBS})
add_test(poly1305test poly1305test)

# pq_test
add_executable(pq_test pq_test.c)
target_link_libraries(pq_test ${OPENSSL_LIBS})

add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)



set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# randtest
add_executable(randtest randtest.c)
target_link_libraries(randtest ${OPENSSL_LIBS})
add_test(randtest randtest)

# rc2test
add_executable(rc2test rc2test.c)
target_link_libraries(rc2test ${OPENSSL_LIBS})
add_test(rc2test rc2test)

# rc4test
add_executable(rc4test rc4test.c)
target_link_libraries(rc4test ${OPENSSL_LIBS})
add_test(rc4test rc4test)

# rfc5280time
add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${OPENSSL_LIBS})
if(SMALL_TIME_T)
	add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
else()
	add_test(rfc5280time rfc5280time)
endif()

# rmdtest
add_executable(rmdtest rmdtest.c)
target_link_libraries(rmdtest ${OPENSSL_LIBS})
add_test(rmdtest rmdtest)
















# sha1test
add_executable(sha1test sha1test.c)
target_link_libraries(sha1test ${OPENSSL_LIBS})
add_test(sha1test sha1test)

# sha256test
add_executable(sha256test sha256test.c)
target_link_libraries(sha256test ${OPENSSL_LIBS})
add_test(sha256test sha256test)

# sha512test
add_executable(sha512test sha512test.c)
target_link_libraries(sha512test ${OPENSSL_LIBS})
add_test(sha512test sha512test)






# ssltest
add_executable(ssltest ssltest.c)
target_link_libraries(ssltest ${OPENSSL_LIBS})

add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)



set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# testdsa

add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)



set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# testenc

add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)



set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# testrsa

add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)



set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# timingsafe
add_executable(timingsafe timingsafe.c)
target_link_libraries(timingsafe ${OPENSSL_LIBS})
add_test(timingsafe timingsafe)





























# utf8test
add_executable(utf8test utf8test.c)
target_link_libraries(utf8test ${OPENSSL_LIBS})
add_test(utf8test utf8test)

# verifytest
add_executable(verifytest verifytest.c)
target_link_libraries(verifytest tls ${OPENSSL_LIBS})
add_test(verifytest verifytest)



























>
>
>
>
>
>
>
>
>
>
>
>
>
>


|
|
<



|





|
|
|




|




|




|




|






|





>
|




|




|




|




|




|




|




|




|




|




|




|




|




|




|




|
|
<




|
|
|
|
|
|
|




>
|




|




|




|




|




|




|




|




|




<
<
<
<
<

|
>
|
>
|
>




|




|





|

|





|




|




|
>
|
>
>
>




|




|




|




|








|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|




|




|


>
>
>
>
>


|
>
|
>
>
>



>
|
>
>
>



>
|
>
>
>



>
|
>
>
>




|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|




|

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212





213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
include_directories(
	.
	../include
	../include/compat
	../crypto/modes
	../crypto/asn1
	../ssl
	../apps/openssl
	../apps/openssl/compat
)

add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../apps/openssl/cert.pem\")

foreach(lib IN LISTS OPENSSL_LIBS)
	if(${lib} STREQUAL "tls-shared")
		set(TESTS_LIBS ${TESTS_LIBS} tls)
	elseif(${lib} STREQUAL "ssl-shared")
		set(TESTS_LIBS ${TESTS_LIBS} ssl)
	elseif(${lib} STREQUAL "crypto-shared")
		set(TESTS_LIBS ${TESTS_LIBS} crypto)
	else()
		set(TESTS_LIBS ${TESTS_LIBS} ${lib})
	endif()
endforeach()

# aeadtest
add_executable(aeadtest aeadtest.c)
target_link_libraries(aeadtest ${TESTS_LIBS})
add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt)


# aes_wrap
add_executable(aes_wrap aes_wrap.c)
target_link_libraries(aes_wrap ${TESTS_LIBS})
add_test(aes_wrap aes_wrap)

# arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does.
if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
	add_executable(arc4randomforktest arc4randomforktest.c)
	target_link_libraries(arc4randomforktest ${TESTS_LIBS})
	add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
endif()

# asn1test
add_executable(asn1test asn1test.c)
target_link_libraries(asn1test ${TESTS_LIBS})
add_test(asn1test asn1test)

# asn1time
add_executable(asn1time asn1time.c)
target_link_libraries(asn1time ${TESTS_LIBS})
add_test(asn1time asn1time)

# base64test
add_executable(base64test base64test.c)
target_link_libraries(base64test ${TESTS_LIBS})
add_test(base64test base64test)

# bftest
add_executable(bftest bftest.c)
target_link_libraries(bftest ${TESTS_LIBS})
add_test(bftest bftest)

# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
if(ENABLE_EXTRATESTS)
	add_executable(biotest biotest.c)
	target_link_libraries(biotest ${TESTS_LIBS})
	add_test(biotest biotest)
endif()

# bntest
add_executable(bntest bntest.c)
set_source_files_properties(bntest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERNAL)
target_link_libraries(bntest ${TESTS_LIBS})
add_test(bntest bntest)

# bytestringtest
add_executable(bytestringtest bytestringtest.c)
target_link_libraries(bytestringtest ${TESTS_LIBS})
add_test(bytestringtest bytestringtest)

# casttest
add_executable(casttest casttest.c)
target_link_libraries(casttest ${TESTS_LIBS})
add_test(casttest casttest)

# chachatest
add_executable(chachatest chachatest.c)
target_link_libraries(chachatest ${TESTS_LIBS})
add_test(chachatest chachatest)

# cipher_list
add_executable(cipher_list cipher_list.c)
target_link_libraries(cipher_list ${TESTS_LIBS})
add_test(cipher_list cipher_list)

# cipherstest
add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${TESTS_LIBS})
add_test(cipherstest cipherstest)

# clienttest
add_executable(clienttest clienttest.c)
target_link_libraries(clienttest ${TESTS_LIBS})
add_test(clienttest clienttest)

# cts128test
add_executable(cts128test cts128test.c)
target_link_libraries(cts128test ${TESTS_LIBS})
add_test(cts128test cts128test)

# destest
add_executable(destest destest.c)
target_link_libraries(destest ${TESTS_LIBS})
add_test(destest destest)

# dhtest
add_executable(dhtest dhtest.c)
target_link_libraries(dhtest ${TESTS_LIBS})
add_test(dhtest dhtest)

# dsatest
add_executable(dsatest dsatest.c)
target_link_libraries(dsatest ${TESTS_LIBS})
add_test(dsatest dsatest)

# ecdhtest
add_executable(ecdhtest ecdhtest.c)
target_link_libraries(ecdhtest ${TESTS_LIBS})
add_test(ecdhtest ecdhtest)

# ecdsatest
add_executable(ecdsatest ecdsatest.c)
target_link_libraries(ecdsatest ${TESTS_LIBS})
add_test(ecdsatest ecdsatest)

# ectest
add_executable(ectest ectest.c)
target_link_libraries(ectest ${TESTS_LIBS})
add_test(ectest ectest)

# enginetest
add_executable(enginetest enginetest.c)
target_link_libraries(enginetest ${TESTS_LIBS})
add_test(enginetest enginetest)

# evptest
add_executable(evptest evptest.c)
target_link_libraries(evptest ${TESTS_LIBS})
add_test(evptest evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptests.txt)


# explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if(NOT CMAKE_HOST_WIN32)
	if(HAVE_MEMMEM)
		add_executable(explicit_bzero explicit_bzero.c)
	else()
		add_executable(explicit_bzero explicit_bzero.c compat/memmem.c)
	endif()
	target_link_libraries(explicit_bzero ${TESTS_LIBS})
	add_test(explicit_bzero explicit_bzero)
endif()

# exptest
add_executable(exptest exptest.c)
set_source_files_properties(exptest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERNAL)
target_link_libraries(exptest ${TESTS_LIBS})
add_test(exptest exptest)

# gcm128test
add_executable(gcm128test gcm128test.c)
target_link_libraries(gcm128test ${TESTS_LIBS})
add_test(gcm128test gcm128test)

# gost2814789t
add_executable(gost2814789t gost2814789t.c)
target_link_libraries(gost2814789t ${TESTS_LIBS})
add_test(gost2814789t gost2814789t)

# hmactest
add_executable(hmactest hmactest.c)
target_link_libraries(hmactest ${TESTS_LIBS})
add_test(hmactest hmactest)

# ideatest
add_executable(ideatest ideatest.c)
target_link_libraries(ideatest ${TESTS_LIBS})
add_test(ideatest ideatest)

# igetest
add_executable(igetest igetest.c)
target_link_libraries(igetest ${TESTS_LIBS})
add_test(igetest igetest)

# md4test
add_executable(md4test md4test.c)
target_link_libraries(md4test ${TESTS_LIBS})
add_test(md4test md4test)

# md5test
add_executable(md5test md5test.c)
target_link_libraries(md5test ${TESTS_LIBS})
add_test(md5test md5test)

# mont
add_executable(mont mont.c)
target_link_libraries(mont ${TESTS_LIBS})
add_test(mont mont)

# ocsp_test
if(ENABLE_EXTRATESTS)





	add_executable(ocsp_test ocsp_test.c)
	target_link_libraries(ocsp_test ${TESTS_LIBS})
	if(NOT MSVC)
		add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
	else()
		add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.bat)
	endif()
endif()

# optionstest
add_executable(optionstest optionstest.c)
target_link_libraries(optionstest ${TESTS_LIBS})
add_test(optionstest optionstest)

# pbkdf2
add_executable(pbkdf2 pbkdf2.c)
target_link_libraries(pbkdf2 ${TESTS_LIBS})
add_test(pbkdf2 pbkdf2)

# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if(ENABLE_EXTRATESTS AND NOT MSVC)
	add_executable(pidwraptest pidwraptest.c)
	target_link_libraries(pidwraptest ${TESTS_LIBS})
	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
endif()

# pkcs7test
add_executable(pkcs7test pkcs7test.c)
target_link_libraries(pkcs7test ${TESTS_LIBS})
add_test(pkcs7test pkcs7test)

# poly1305test
add_executable(poly1305test poly1305test.c)
target_link_libraries(poly1305test ${TESTS_LIBS})
add_test(poly1305test poly1305test)

# pq_test
add_executable(pq_test pq_test.c)
target_link_libraries(pq_test ${TESTS_LIBS})
if(NOT MSVC)
	add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
else()
	add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat)
endif()
set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# randtest
add_executable(randtest randtest.c)
target_link_libraries(randtest ${TESTS_LIBS})
add_test(randtest randtest)

# rc2test
add_executable(rc2test rc2test.c)
target_link_libraries(rc2test ${TESTS_LIBS})
add_test(rc2test rc2test)

# rc4test
add_executable(rc4test rc4test.c)
target_link_libraries(rc4test ${TESTS_LIBS})
add_test(rc4test rc4test)

# rfc5280time
add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${TESTS_LIBS})
if(SMALL_TIME_T)
	add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
else()
	add_test(rfc5280time rfc5280time)
endif()

# rmdtest
add_executable(rmdtest rmdtest.c)
target_link_libraries(rmdtest ${TESTS_LIBS})
add_test(rmdtest rmdtest)

# rsa_test
add_executable(rsa_test rsa_test.c)
target_link_libraries(rsa_test ${TESTS_LIBS})
add_test(rsa_test rsa_test)

# servertest
add_executable(servertest servertest.c)
target_link_libraries(servertest ${TESTS_LIBS})
if(NOT MSVC)
	add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.sh)
else()
	add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.bat)
endif()
set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# sha1test
add_executable(sha1test sha1test.c)
target_link_libraries(sha1test ${TESTS_LIBS})
add_test(sha1test sha1test)

# sha256test
add_executable(sha256test sha256test.c)
target_link_libraries(sha256test ${TESTS_LIBS})
add_test(sha256test sha256test)

# sha512test
add_executable(sha512test sha512test.c)
target_link_libraries(sha512test ${TESTS_LIBS})
add_test(sha512test sha512test)

# ssl_versions
add_executable(ssl_versions ssl_versions.c)
target_link_libraries(ssl_versions ${TESTS_LIBS})
add_test(ssl_versions ssl_versions)

# ssltest
add_executable(ssltest ssltest.c)
target_link_libraries(ssltest ${TESTS_LIBS})
if(NOT MSVC)
	add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
else()
	add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.bat)
endif()
set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# testdsa
if(NOT MSVC)
	add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
else()
	add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.bat)
endif()
set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# testenc
if(NOT MSVC)
	add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
else()
	add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.bat)
endif()
set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# testrsa
if(NOT MSVC)
	add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
else()
	add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.bat)
endif()
set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# timingsafe
add_executable(timingsafe timingsafe.c)
target_link_libraries(timingsafe ${TESTS_LIBS})
add_test(timingsafe timingsafe)

# tlstest
set(TLSTEST_SRC tlstest.c)
check_function_exists(pipe2 HAVE_PIPE2)
if(HAVE_PIPE2)
	add_definitions(-DHAVE_PIPE2)
else()
	set(TLSTEST_SRC ${TLSTEST_SRC} compat/pipe2.c)
endif()

add_executable(tlstest ${TLSTEST_SRC})
target_link_libraries(tlstest ${TESTS_LIBS})
if(NOT MSVC)
	add_test(tlstest ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.sh)
else()
	add_test(tlstest ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.bat)
endif()
set_tests_properties(tlstest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")

# tls_ext_alpn
add_executable(tls_ext_alpn tls_ext_alpn.c)
target_link_libraries(tls_ext_alpn ${TESTS_LIBS})
add_test(tls_ext_alpn tls_ext_alpn)

# tls_prf
add_executable(tls_prf tls_prf.c)
target_link_libraries(tls_prf ${TESTS_LIBS})
add_test(tls_prf tls_prf)

# utf8test
add_executable(utf8test utf8test.c)
target_link_libraries(utf8test ${TESTS_LIBS})
add_test(utf8test utf8test)

# verifytest
add_executable(verifytest verifytest.c)
target_link_libraries(verifytest tls ${TESTS_LIBS})
add_test(verifytest verifytest)

# x25519test
add_executable(x25519test x25519test.c)
target_link_libraries(x25519test ${TESTS_LIBS})
add_test(x25519test x25519test)

if(ENABLE_VSTEST AND USE_SHARED)
	add_custom_command(TARGET x25519test POST_BUILD
		COMMAND "${CMAKE_COMMAND}" -E copy
		"$<TARGET_FILE:tls-shared>"
		"$<TARGET_FILE:ssl-shared>"
		"$<TARGET_FILE:crypto-shared>"
		"${CMAKE_CURRENT_BINARY_DIR}"
		COMMENT "Copying DLLs for regression tests")
endif()

Changes to jni/libressl/tests/Makefile.am.
1
2
3
4
5
6
7

8
9
10
11


12

13
14
15
16
17
18
19
include $(top_srcdir)/Makefile.am.common

AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat


LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
LDADD += $(abs_top_builddir)/ssl/libssl.la
LDADD += $(abs_top_builddir)/crypto/libcrypto.la


LDADD += $(abs_top_builddir)/tls/libtls.la


TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh

TESTS =
check_PROGRAMS =
EXTRA_DIST = CMakeLists.txt
DISTCLEANFILES = pidwraptest.txt







>

|
|
|
>
>
|
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
include $(top_srcdir)/Makefile.am.common

AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat
AM_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/apps/openssl/cert.pem\"

LDADD = $(abs_top_builddir)/tls/.libs/libtls.a
LDADD += $(abs_top_builddir)/ssl/.libs/libssl.a
LDADD += $(abs_top_builddir)/crypto/.libs/libcrypto.a
LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
if HOST_ASM_MACOSX_X86_64
LDADD += $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o
endif

TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh

TESTS =
check_PROGRAMS =
EXTRA_DIST = CMakeLists.txt
DISTCLEANFILES = pidwraptest.txt
65
66
67
68
69
70
71

72
73
74
75
76
77
78
TESTS += biotest
check_PROGRAMS += biotest
biotest_SOURCES = biotest.c
endif

# bntest
TESTS += bntest

check_PROGRAMS += bntest
bntest_SOURCES = bntest.c

# bytestringtest
TESTS += bytestringtest
check_PROGRAMS += bytestringtest
bytestringtest_SOURCES = bytestringtest.c







>







69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
TESTS += biotest
check_PROGRAMS += biotest
biotest_SOURCES = biotest.c
endif

# bntest
TESTS += bntest
bntest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
check_PROGRAMS += bntest
bntest_SOURCES = bntest.c

# bytestringtest
TESTS += bytestringtest
check_PROGRAMS += bytestringtest
bytestringtest_SOURCES = bytestringtest.c
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

169
170
171
172
173
174
175
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if !HOST_WIN
if !HOST_CYGWIN
TESTS += explicit_bzero
check_PROGRAMS += explicit_bzero
explicit_bzero_SOURCES = explicit_bzero.c
if !HAVE_MEMMEM
explicit_bzero_SOURCES += memmem.c
endif
endif
endif

# exptest
TESTS += exptest
check_PROGRAMS += exptest

exptest_SOURCES = exptest.c

# gcm128test
TESTS += gcm128test
check_PROGRAMS += gcm128test
gcm128test_SOURCES = gcm128test.c








|







>







159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if !HOST_WIN
if !HOST_CYGWIN
TESTS += explicit_bzero
check_PROGRAMS += explicit_bzero
explicit_bzero_SOURCES = explicit_bzero.c
if !HAVE_MEMMEM
explicit_bzero_SOURCES += compat/memmem.c
endif
endif
endif

# exptest
TESTS += exptest
check_PROGRAMS += exptest
exptest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
exptest_SOURCES = exptest.c

# gcm128test
TESTS += gcm128test
check_PROGRAMS += gcm128test
gcm128test_SOURCES = gcm128test.c

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

# ocsp_test
if ENABLE_EXTRATESTS
TESTS += ocsptest.sh
check_PROGRAMS += ocsp_test
ocsp_test_SOURCES = ocsp_test.c
endif
EXTRA_DIST += ocsptest.sh

# optionstest
TESTS += optionstest
check_PROGRAMS += optionstest
optionstest_SOURCES = optionstest.c

# pbkdf2







|







216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

# ocsp_test
if ENABLE_EXTRATESTS
TESTS += ocsptest.sh
check_PROGRAMS += ocsp_test
ocsp_test_SOURCES = ocsp_test.c
endif
EXTRA_DIST += ocsptest.sh ocsptest.bat

# optionstest
TESTS += optionstest
check_PROGRAMS += optionstest
optionstest_SOURCES = optionstest.c

# pbkdf2
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
check_PROGRAMS += poly1305test
poly1305test_SOURCES = poly1305test.c

# pq_test
TESTS += pq_test.sh
check_PROGRAMS += pq_test
pq_test_SOURCES = pq_test.c
EXTRA_DIST += pq_test.sh
EXTRA_DIST += pq_expected.txt

# randtest
TESTS += randtest
check_PROGRAMS += randtest
randtest_SOURCES = randtest.c








|







252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
check_PROGRAMS += poly1305test
poly1305test_SOURCES = poly1305test.c

# pq_test
TESTS += pq_test.sh
check_PROGRAMS += pq_test
pq_test_SOURCES = pq_test.c
EXTRA_DIST += pq_test.sh pq_test.bat
EXTRA_DIST += pq_expected.txt

# randtest
TESTS += randtest
check_PROGRAMS += randtest
randtest_SOURCES = randtest.c

279
280
281
282
283
284
285











286
287
288
289
290
291
292
293
294
295
296
297
298
299
300





301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325



















326
327
328
329
330
331
332
333
334





EXTRA_DIST += rfc5280time_small.test

# rmdtest
TESTS += rmdtest
check_PROGRAMS += rmdtest
rmdtest_SOURCES = rmdtest.c












# sha1test
TESTS += sha1test
check_PROGRAMS += sha1test
sha1test_SOURCES = sha1test.c

# sha256test
TESTS += sha256test
check_PROGRAMS += sha256test
sha256test_SOURCES = sha256test.c

# sha512test
TESTS += sha512test
check_PROGRAMS += sha512test
sha512test_SOURCES = sha512test.c






# ssltest
TESTS += ssltest.sh
check_PROGRAMS += ssltest
ssltest_SOURCES = ssltest.c
EXTRA_DIST += ssltest.sh
EXTRA_DIST += testssl ca.pem server.pem

# testdsa
TESTS += testdsa.sh
EXTRA_DIST += testdsa.sh
EXTRA_DIST += openssl.cnf

# testenc
TESTS += testenc.sh
EXTRA_DIST += testenc.sh

# testrsa
TESTS += testrsa.sh
EXTRA_DIST += testrsa.sh

# timingsafe
TESTS += timingsafe
check_PROGRAMS += timingsafe
timingsafe_SOURCES = timingsafe.c




















# utf8test
TESTS += utf8test
check_PROGRAMS += utf8test
utf8test_SOURCES = utf8test.c

# verifytest
TESTS += verifytest
check_PROGRAMS += verifytest
verifytest_SOURCES = verifytest.c












>
>
>
>
>
>
>
>
>
>
>















>
>
>
>
>




|
|



|




|



|






>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>









>
>
>
>
>
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
EXTRA_DIST += rfc5280time_small.test

# rmdtest
TESTS += rmdtest
check_PROGRAMS += rmdtest
rmdtest_SOURCES = rmdtest.c

# rsa_test
TESTS += rsa_test
check_PROGRAMS += rsa_test
rsa_test_SOURCES = rsa_test.c

# servertest
TESTS += servertest.sh
check_PROGRAMS += servertest
servertest_SOURCES = servertest.c
EXTRA_DIST += servertest.sh servertest.bat

# sha1test
TESTS += sha1test
check_PROGRAMS += sha1test
sha1test_SOURCES = sha1test.c

# sha256test
TESTS += sha256test
check_PROGRAMS += sha256test
sha256test_SOURCES = sha256test.c

# sha512test
TESTS += sha512test
check_PROGRAMS += sha512test
sha512test_SOURCES = sha512test.c

# ssl_versions
TESTS += ssl_versions
check_PROGRAMS += ssl_versions
ssl_versions_SOURCES = ssl_versions.c

# ssltest
TESTS += ssltest.sh
check_PROGRAMS += ssltest
ssltest_SOURCES = ssltest.c
EXTRA_DIST += ssltest.sh ssltest.bat
EXTRA_DIST += testssl testssl.bat ca.pem server.pem

# testdsa
TESTS += testdsa.sh
EXTRA_DIST += testdsa.sh testdsa.bat
EXTRA_DIST += openssl.cnf

# testenc
TESTS += testenc.sh
EXTRA_DIST += testenc.sh testenc.bat

# testrsa
TESTS += testrsa.sh
EXTRA_DIST += testrsa.sh testrsa.bat

# timingsafe
TESTS += timingsafe
check_PROGRAMS += timingsafe
timingsafe_SOURCES = timingsafe.c

# tlstest
TESTS += tlstest.sh
check_PROGRAMS += tlstest
tlstest_SOURCES = tlstest.c
if !HAVE_PIPE2
tlstest_SOURCES += compat/pipe2.c
endif
EXTRA_DIST += tlstest.sh tlstest.bat

# tls_ext_alpn
TESTS += tls_ext_alpn
check_PROGRAMS += tls_ext_alpn
tls_ext_alpn_SOURCES = tls_ext_alpn.c

# tls_prf
TESTS += tls_prf
check_PROGRAMS += tls_prf
tls_prf_SOURCES = tls_prf.c

# utf8test
TESTS += utf8test
check_PROGRAMS += utf8test
utf8test_SOURCES = utf8test.c

# verifytest
TESTS += verifytest
check_PROGRAMS += verifytest
verifytest_SOURCES = verifytest.c

# x25519test
TESTS += x25519test
check_PROGRAMS += x25519test
x25519test_SOURCES = x25519test.c
Changes to jni/libressl/tests/Makefile.in.
84
85
86
87
88
89
90

91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

106
107

108

109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

124
125

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@

TESTS = aeadtest.sh aes_wrap$(EXEEXT) $(am__append_1) \
	asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \
	bftest$(EXEEXT) $(am__EXEEXT_2) bntest$(EXEEXT) \
	bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \
	cipher_list$(EXEEXT) cipherstest$(EXEEXT) clienttest$(EXEEXT) \
	cts128test$(EXEEXT) destest$(EXEEXT) dhtest$(EXEEXT) \
	dsatest$(EXEEXT) ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) \
	ectest$(EXEEXT) enginetest$(EXEEXT) evptest.sh $(am__EXEEXT_3) \
	exptest$(EXEEXT) gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \
	hmactest$(EXEEXT) ideatest$(EXEEXT) igetest$(EXEEXT) \
	md4test$(EXEEXT) md5test$(EXEEXT) mont$(EXEEXT) \
	$(am__append_8) optionstest$(EXEEXT) pbkdf2$(EXEEXT) \
	$(am__append_10) pkcs7test$(EXEEXT) poly1305test$(EXEEXT) \
	pq_test.sh randtest$(EXEEXT) rc2test$(EXEEXT) rc4test$(EXEEXT) \
	$(am__append_12) $(am__EXEEXT_6) rmdtest$(EXEEXT) \

	sha1test$(EXEEXT) sha256test$(EXEEXT) sha512test$(EXEEXT) \
	ssltest.sh testdsa.sh testenc.sh testrsa.sh \

	timingsafe$(EXEEXT) utf8test$(EXEEXT) verifytest$(EXEEXT)

check_PROGRAMS = aeadtest$(EXEEXT) aes_wrap$(EXEEXT) $(am__EXEEXT_1) \
	asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \
	bftest$(EXEEXT) $(am__EXEEXT_2) bntest$(EXEEXT) \
	bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \
	cipher_list$(EXEEXT) cipherstest$(EXEEXT) clienttest$(EXEEXT) \
	cts128test$(EXEEXT) destest$(EXEEXT) dhtest$(EXEEXT) \
	dsatest$(EXEEXT) ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) \
	ectest$(EXEEXT) enginetest$(EXEEXT) evptest$(EXEEXT) \
	$(am__EXEEXT_3) exptest$(EXEEXT) gcm128test$(EXEEXT) \
	gost2814789t$(EXEEXT) hmactest$(EXEEXT) ideatest$(EXEEXT) \
	igetest$(EXEEXT) md4test$(EXEEXT) md5test$(EXEEXT) \
	mont$(EXEEXT) $(am__EXEEXT_4) optionstest$(EXEEXT) \
	pbkdf2$(EXEEXT) $(am__EXEEXT_5) pkcs7test$(EXEEXT) \
	poly1305test$(EXEEXT) pq_test$(EXEEXT) randtest$(EXEEXT) \
	rc2test$(EXEEXT) rc4test$(EXEEXT) rfc5280time$(EXEEXT) \

	rmdtest$(EXEEXT) sha1test$(EXEEXT) sha256test$(EXEEXT) \
	sha512test$(EXEEXT) ssltest$(EXEEXT) timingsafe$(EXEEXT) \

	utf8test$(EXEEXT) verifytest$(EXEEXT)

# arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does.
@HOST_WIN_FALSE@am__append_1 = arc4randomforktest.sh
@HOST_WIN_FALSE@am__append_2 = arc4randomforktest

# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
@ENABLE_EXTRATESTS_TRUE@am__append_3 = biotest
@ENABLE_EXTRATESTS_TRUE@am__append_4 = biotest

# explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_5 = explicit_bzero
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_6 = explicit_bzero
@HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_7 = memmem.c

# ocsp_test
@ENABLE_EXTRATESTS_TRUE@am__append_8 = ocsptest.sh
@ENABLE_EXTRATESTS_TRUE@am__append_9 = ocsp_test

# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
@ENABLE_EXTRATESTS_TRUE@am__append_10 = pidwraptest.sh
@ENABLE_EXTRATESTS_TRUE@am__append_11 = pidwraptest
@SMALL_TIME_T_TRUE@am__append_12 = rfc5280time_small.test
@SMALL_TIME_T_FALSE@am__append_13 = rfc5280time

subdir = tests
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \







>
|










|
|

|
>
|

>
|
>















>
|
|
>
|



|
|



|
|



|
|
|


|
|




|
|
|
|
>







84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@HOST_ASM_MACOSX_X86_64_TRUE@am__append_1 = $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o
TESTS = aeadtest.sh aes_wrap$(EXEEXT) $(am__append_2) \
	asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \
	bftest$(EXEEXT) $(am__EXEEXT_2) bntest$(EXEEXT) \
	bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \
	cipher_list$(EXEEXT) cipherstest$(EXEEXT) clienttest$(EXEEXT) \
	cts128test$(EXEEXT) destest$(EXEEXT) dhtest$(EXEEXT) \
	dsatest$(EXEEXT) ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) \
	ectest$(EXEEXT) enginetest$(EXEEXT) evptest.sh $(am__EXEEXT_3) \
	exptest$(EXEEXT) gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \
	hmactest$(EXEEXT) ideatest$(EXEEXT) igetest$(EXEEXT) \
	md4test$(EXEEXT) md5test$(EXEEXT) mont$(EXEEXT) \
	$(am__append_9) optionstest$(EXEEXT) pbkdf2$(EXEEXT) \
	$(am__append_11) pkcs7test$(EXEEXT) poly1305test$(EXEEXT) \
	pq_test.sh randtest$(EXEEXT) rc2test$(EXEEXT) rc4test$(EXEEXT) \
	$(am__append_13) $(am__EXEEXT_6) rmdtest$(EXEEXT) \
	rsa_test$(EXEEXT) servertest.sh sha1test$(EXEEXT) \
	sha256test$(EXEEXT) sha512test$(EXEEXT) ssl_versions$(EXEEXT) \
	ssltest.sh testdsa.sh testenc.sh testrsa.sh \
	timingsafe$(EXEEXT) tlstest.sh tls_ext_alpn$(EXEEXT) \
	tls_prf$(EXEEXT) utf8test$(EXEEXT) verifytest$(EXEEXT) \
	x25519test$(EXEEXT)
check_PROGRAMS = aeadtest$(EXEEXT) aes_wrap$(EXEEXT) $(am__EXEEXT_1) \
	asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \
	bftest$(EXEEXT) $(am__EXEEXT_2) bntest$(EXEEXT) \
	bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \
	cipher_list$(EXEEXT) cipherstest$(EXEEXT) clienttest$(EXEEXT) \
	cts128test$(EXEEXT) destest$(EXEEXT) dhtest$(EXEEXT) \
	dsatest$(EXEEXT) ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) \
	ectest$(EXEEXT) enginetest$(EXEEXT) evptest$(EXEEXT) \
	$(am__EXEEXT_3) exptest$(EXEEXT) gcm128test$(EXEEXT) \
	gost2814789t$(EXEEXT) hmactest$(EXEEXT) ideatest$(EXEEXT) \
	igetest$(EXEEXT) md4test$(EXEEXT) md5test$(EXEEXT) \
	mont$(EXEEXT) $(am__EXEEXT_4) optionstest$(EXEEXT) \
	pbkdf2$(EXEEXT) $(am__EXEEXT_5) pkcs7test$(EXEEXT) \
	poly1305test$(EXEEXT) pq_test$(EXEEXT) randtest$(EXEEXT) \
	rc2test$(EXEEXT) rc4test$(EXEEXT) rfc5280time$(EXEEXT) \
	rmdtest$(EXEEXT) rsa_test$(EXEEXT) servertest$(EXEEXT) \
	sha1test$(EXEEXT) sha256test$(EXEEXT) sha512test$(EXEEXT) \
	ssl_versions$(EXEEXT) ssltest$(EXEEXT) timingsafe$(EXEEXT) \
	tlstest$(EXEEXT) tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) \
	utf8test$(EXEEXT) verifytest$(EXEEXT) x25519test$(EXEEXT)

# arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does.
@HOST_WIN_FALSE@am__append_2 = arc4randomforktest.sh
@HOST_WIN_FALSE@am__append_3 = arc4randomforktest

# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
@ENABLE_EXTRATESTS_TRUE@am__append_4 = biotest
@ENABLE_EXTRATESTS_TRUE@am__append_5 = biotest

# explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_6 = explicit_bzero
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_7 = explicit_bzero
@HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_8 = compat/memmem.c

# ocsp_test
@ENABLE_EXTRATESTS_TRUE@am__append_9 = ocsptest.sh
@ENABLE_EXTRATESTS_TRUE@am__append_10 = ocsp_test

# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
@ENABLE_EXTRATESTS_TRUE@am__append_11 = pidwraptest.sh
@ENABLE_EXTRATESTS_TRUE@am__append_12 = pidwraptest
@SMALL_TIME_T_TRUE@am__append_13 = rfc5280time_small.test
@SMALL_TIME_T_FALSE@am__append_14 = rfc5280time
@HAVE_PIPE2_FALSE@am__append_15 = compat/pipe2.c
subdir = tests
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353

354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509



510




511
512





513


514
515
516
517
518
519
520

521
522
523
524
525
526
527
528
529
530
531
532
533





534


535
536
537
538
539
540
541
542
543
544



545




546
547





548











549
550
551
552
553
554
555

556
557
558
559
560
561





562


563
564
565
566
567
568
569
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	explicit_bzero$(EXEEXT)
@ENABLE_EXTRATESTS_TRUE@am__EXEEXT_4 = ocsp_test$(EXEEXT)
@ENABLE_EXTRATESTS_TRUE@am__EXEEXT_5 = pidwraptest$(EXEEXT)
am_aeadtest_OBJECTS = aeadtest.$(OBJEXT)
aeadtest_OBJECTS = $(am_aeadtest_OBJECTS)
aeadtest_LDADD = $(LDADD)
am__DEPENDENCIES_1 =
aeadtest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
am_aes_wrap_OBJECTS = aes_wrap.$(OBJEXT)
aes_wrap_OBJECTS = $(am_aes_wrap_OBJECTS)
aes_wrap_LDADD = $(LDADD)
aes_wrap_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am__arc4randomforktest_SOURCES_DIST = arc4randomforktest.c
@HOST_WIN_FALSE@am_arc4randomforktest_OBJECTS =  \
@HOST_WIN_FALSE@	arc4randomforktest.$(OBJEXT)
arc4randomforktest_OBJECTS = $(am_arc4randomforktest_OBJECTS)
arc4randomforktest_LDADD = $(LDADD)
arc4randomforktest_DEPENDENCIES = $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1) $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la

am_asn1test_OBJECTS = asn1test.$(OBJEXT)
asn1test_OBJECTS = $(am_asn1test_OBJECTS)
asn1test_LDADD = $(LDADD)
asn1test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_asn1time_OBJECTS = asn1time.$(OBJEXT)
asn1time_OBJECTS = $(am_asn1time_OBJECTS)
asn1time_LDADD = $(LDADD)
asn1time_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_base64test_OBJECTS = base64test.$(OBJEXT)
base64test_OBJECTS = $(am_base64test_OBJECTS)
base64test_LDADD = $(LDADD)
base64test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_bftest_OBJECTS = bftest.$(OBJEXT)
bftest_OBJECTS = $(am_bftest_OBJECTS)
bftest_LDADD = $(LDADD)
bftest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am__biotest_SOURCES_DIST = biotest.c
@ENABLE_EXTRATESTS_TRUE@am_biotest_OBJECTS = biotest.$(OBJEXT)
biotest_OBJECTS = $(am_biotest_OBJECTS)
biotest_LDADD = $(LDADD)
biotest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_bntest_OBJECTS = bntest.$(OBJEXT)
bntest_OBJECTS = $(am_bntest_OBJECTS)
bntest_LDADD = $(LDADD)
bntest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_bytestringtest_OBJECTS = bytestringtest.$(OBJEXT)
bytestringtest_OBJECTS = $(am_bytestringtest_OBJECTS)
bytestringtest_LDADD = $(LDADD)
bytestringtest_DEPENDENCIES = $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1) $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_casttest_OBJECTS = casttest.$(OBJEXT)
casttest_OBJECTS = $(am_casttest_OBJECTS)
casttest_LDADD = $(LDADD)
casttest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_chachatest_OBJECTS = chachatest.$(OBJEXT)
chachatest_OBJECTS = $(am_chachatest_OBJECTS)
chachatest_LDADD = $(LDADD)
chachatest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_cipher_list_OBJECTS = cipher_list.$(OBJEXT)
cipher_list_OBJECTS = $(am_cipher_list_OBJECTS)
cipher_list_LDADD = $(LDADD)
cipher_list_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_cipherstest_OBJECTS = cipherstest.$(OBJEXT)
cipherstest_OBJECTS = $(am_cipherstest_OBJECTS)
cipherstest_LDADD = $(LDADD)
cipherstest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_clienttest_OBJECTS = clienttest.$(OBJEXT)
clienttest_OBJECTS = $(am_clienttest_OBJECTS)
clienttest_LDADD = $(LDADD)
clienttest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_cts128test_OBJECTS = cts128test.$(OBJEXT)
cts128test_OBJECTS = $(am_cts128test_OBJECTS)
cts128test_LDADD = $(LDADD)
cts128test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_destest_OBJECTS = destest.$(OBJEXT)
destest_OBJECTS = $(am_destest_OBJECTS)
destest_LDADD = $(LDADD)
destest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_dhtest_OBJECTS = dhtest.$(OBJEXT)
dhtest_OBJECTS = $(am_dhtest_OBJECTS)
dhtest_LDADD = $(LDADD)
dhtest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_dsatest_OBJECTS = dsatest.$(OBJEXT)
dsatest_OBJECTS = $(am_dsatest_OBJECTS)
dsatest_LDADD = $(LDADD)
dsatest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_ecdhtest_OBJECTS = ecdhtest.$(OBJEXT)
ecdhtest_OBJECTS = $(am_ecdhtest_OBJECTS)
ecdhtest_LDADD = $(LDADD)
ecdhtest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_ecdsatest_OBJECTS = ecdsatest.$(OBJEXT)
ecdsatest_OBJECTS = $(am_ecdsatest_OBJECTS)
ecdsatest_LDADD = $(LDADD)
ecdsatest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_ectest_OBJECTS = ectest.$(OBJEXT)
ectest_OBJECTS = $(am_ectest_OBJECTS)
ectest_LDADD = $(LDADD)
ectest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_enginetest_OBJECTS = enginetest.$(OBJEXT)
enginetest_OBJECTS = $(am_enginetest_OBJECTS)
enginetest_LDADD = $(LDADD)
enginetest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_evptest_OBJECTS = evptest.$(OBJEXT)
evptest_OBJECTS = $(am_evptest_OBJECTS)
evptest_LDADD = $(LDADD)
evptest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am__explicit_bzero_SOURCES_DIST = explicit_bzero.c memmem.c

@HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__objects_1 = memmem.$(OBJEXT)
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am_explicit_bzero_OBJECTS =  \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	explicit_bzero.$(OBJEXT) \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	$(am__objects_1)
explicit_bzero_OBJECTS = $(am_explicit_bzero_OBJECTS)
explicit_bzero_LDADD = $(LDADD)
explicit_bzero_DEPENDENCIES = $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1) $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_exptest_OBJECTS = exptest.$(OBJEXT)
exptest_OBJECTS = $(am_exptest_OBJECTS)
exptest_LDADD = $(LDADD)
exptest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_gcm128test_OBJECTS = gcm128test.$(OBJEXT)
gcm128test_OBJECTS = $(am_gcm128test_OBJECTS)
gcm128test_LDADD = $(LDADD)
gcm128test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_gost2814789t_OBJECTS = gost2814789t.$(OBJEXT)
gost2814789t_OBJECTS = $(am_gost2814789t_OBJECTS)
gost2814789t_LDADD = $(LDADD)
gost2814789t_DEPENDENCIES = $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1) $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_hmactest_OBJECTS = hmactest.$(OBJEXT)
hmactest_OBJECTS = $(am_hmactest_OBJECTS)
hmactest_LDADD = $(LDADD)
hmactest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_ideatest_OBJECTS = ideatest.$(OBJEXT)
ideatest_OBJECTS = $(am_ideatest_OBJECTS)
ideatest_LDADD = $(LDADD)
ideatest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_igetest_OBJECTS = igetest.$(OBJEXT)
igetest_OBJECTS = $(am_igetest_OBJECTS)
igetest_LDADD = $(LDADD)
igetest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_md4test_OBJECTS = md4test.$(OBJEXT)
md4test_OBJECTS = $(am_md4test_OBJECTS)
md4test_LDADD = $(LDADD)
md4test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_md5test_OBJECTS = md5test.$(OBJEXT)
md5test_OBJECTS = $(am_md5test_OBJECTS)
md5test_LDADD = $(LDADD)
md5test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_mont_OBJECTS = mont.$(OBJEXT)
mont_OBJECTS = $(am_mont_OBJECTS)
mont_LDADD = $(LDADD)
mont_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am__ocsp_test_SOURCES_DIST = ocsp_test.c
@ENABLE_EXTRATESTS_TRUE@am_ocsp_test_OBJECTS = ocsp_test.$(OBJEXT)
ocsp_test_OBJECTS = $(am_ocsp_test_OBJECTS)
ocsp_test_LDADD = $(LDADD)
ocsp_test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_optionstest_OBJECTS = optionstest.$(OBJEXT)
optionstest_OBJECTS = $(am_optionstest_OBJECTS)
optionstest_LDADD = $(LDADD)
optionstest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_pbkdf2_OBJECTS = pbkdf2.$(OBJEXT)
pbkdf2_OBJECTS = $(am_pbkdf2_OBJECTS)
pbkdf2_LDADD = $(LDADD)
pbkdf2_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am__pidwraptest_SOURCES_DIST = pidwraptest.c
@ENABLE_EXTRATESTS_TRUE@am_pidwraptest_OBJECTS =  \
@ENABLE_EXTRATESTS_TRUE@	pidwraptest.$(OBJEXT)
pidwraptest_OBJECTS = $(am_pidwraptest_OBJECTS)
pidwraptest_LDADD = $(LDADD)
pidwraptest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_pkcs7test_OBJECTS = pkcs7test.$(OBJEXT)
pkcs7test_OBJECTS = $(am_pkcs7test_OBJECTS)
pkcs7test_LDADD = $(LDADD)
pkcs7test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_poly1305test_OBJECTS = poly1305test.$(OBJEXT)
poly1305test_OBJECTS = $(am_poly1305test_OBJECTS)
poly1305test_LDADD = $(LDADD)
poly1305test_DEPENDENCIES = $(am__DEPENDENCIES_1) \
	$(am__DEPENDENCIES_1) $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_pq_test_OBJECTS = pq_test.$(OBJEXT)
pq_test_OBJECTS = $(am_pq_test_OBJECTS)
pq_test_LDADD = $(LDADD)
pq_test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_randtest_OBJECTS = randtest.$(OBJEXT)
randtest_OBJECTS = $(am_randtest_OBJECTS)
randtest_LDADD = $(LDADD)
randtest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_rc2test_OBJECTS = rc2test.$(OBJEXT)
rc2test_OBJECTS = $(am_rc2test_OBJECTS)
rc2test_LDADD = $(LDADD)
rc2test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_rc4test_OBJECTS = rc4test.$(OBJEXT)
rc4test_OBJECTS = $(am_rc4test_OBJECTS)
rc4test_LDADD = $(LDADD)
rc4test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_rfc5280time_OBJECTS = rfc5280time.$(OBJEXT)
rfc5280time_OBJECTS = $(am_rfc5280time_OBJECTS)
rfc5280time_LDADD = $(LDADD)
rfc5280time_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_rmdtest_OBJECTS = rmdtest.$(OBJEXT)
rmdtest_OBJECTS = $(am_rmdtest_OBJECTS)
rmdtest_LDADD = $(LDADD)



rmdtest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \




	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \





	$(abs_top_builddir)/tls/libtls.la


am_sha1test_OBJECTS = sha1test.$(OBJEXT)
sha1test_OBJECTS = $(am_sha1test_OBJECTS)
sha1test_LDADD = $(LDADD)
sha1test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la

am_sha256test_OBJECTS = sha256test.$(OBJEXT)
sha256test_OBJECTS = $(am_sha256test_OBJECTS)
sha256test_LDADD = $(LDADD)
sha256test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_sha512test_OBJECTS = sha512test.$(OBJEXT)
sha512test_OBJECTS = $(am_sha512test_OBJECTS)
sha512test_LDADD = $(LDADD)
sha512test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \





	$(abs_top_builddir)/tls/libtls.la


am_ssltest_OBJECTS = ssltest.$(OBJEXT)
ssltest_OBJECTS = $(am_ssltest_OBJECTS)
ssltest_LDADD = $(LDADD)
ssltest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
am_timingsafe_OBJECTS = timingsafe.$(OBJEXT)
timingsafe_OBJECTS = $(am_timingsafe_OBJECTS)
timingsafe_LDADD = $(LDADD)



timingsafe_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \




	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \





	$(abs_top_builddir)/tls/libtls.la











am_utf8test_OBJECTS = utf8test.$(OBJEXT)
utf8test_OBJECTS = $(am_utf8test_OBJECTS)
utf8test_LDADD = $(LDADD)
utf8test_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la

am_verifytest_OBJECTS = verifytest.$(OBJEXT)
verifytest_OBJECTS = $(am_verifytest_OBJECTS)
verifytest_LDADD = $(LDADD)
verifytest_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \





	$(abs_top_builddir)/tls/libtls.la


AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo "  GEN     " $@;







|
|
|
|







|
|
|
|





|
|
|
|
>



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|




|
|
|
|
|


|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|
|
>
|





|
|
|
|
|


|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|




|
|
|
|



|
|
|
|



|
|
|
|





|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



|
|
|
|



>
>
>
|
>
>
>
>
|
|
>
>
>
>
>
|
>
>



|
|
|
<
>



|
|
|
|



|
|
|
>
>
>
>
>
|
>
>



|
|
|
|



>
>
>
|
>
>
>
>
|
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>



|
|
|
<
>



|
|
|
>
>
>
>
>
|
>
>







181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542

543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607

608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	explicit_bzero$(EXEEXT)
@ENABLE_EXTRATESTS_TRUE@am__EXEEXT_4 = ocsp_test$(EXEEXT)
@ENABLE_EXTRATESTS_TRUE@am__EXEEXT_5 = pidwraptest$(EXEEXT)
am_aeadtest_OBJECTS = aeadtest.$(OBJEXT)
aeadtest_OBJECTS = $(am_aeadtest_OBJECTS)
aeadtest_LDADD = $(LDADD)
am__DEPENDENCIES_1 =
aeadtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
am_aes_wrap_OBJECTS = aes_wrap.$(OBJEXT)
aes_wrap_OBJECTS = $(am_aes_wrap_OBJECTS)
aes_wrap_LDADD = $(LDADD)
aes_wrap_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am__arc4randomforktest_SOURCES_DIST = arc4randomforktest.c
@HOST_WIN_FALSE@am_arc4randomforktest_OBJECTS =  \
@HOST_WIN_FALSE@	arc4randomforktest.$(OBJEXT)
arc4randomforktest_OBJECTS = $(am_arc4randomforktest_OBJECTS)
arc4randomforktest_LDADD = $(LDADD)
arc4randomforktest_DEPENDENCIES =  \
	$(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_asn1test_OBJECTS = asn1test.$(OBJEXT)
asn1test_OBJECTS = $(am_asn1test_OBJECTS)
asn1test_LDADD = $(LDADD)
asn1test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_asn1time_OBJECTS = asn1time.$(OBJEXT)
asn1time_OBJECTS = $(am_asn1time_OBJECTS)
asn1time_LDADD = $(LDADD)
asn1time_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_base64test_OBJECTS = base64test.$(OBJEXT)
base64test_OBJECTS = $(am_base64test_OBJECTS)
base64test_LDADD = $(LDADD)
base64test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_bftest_OBJECTS = bftest.$(OBJEXT)
bftest_OBJECTS = $(am_bftest_OBJECTS)
bftest_LDADD = $(LDADD)
bftest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am__biotest_SOURCES_DIST = biotest.c
@ENABLE_EXTRATESTS_TRUE@am_biotest_OBJECTS = biotest.$(OBJEXT)
biotest_OBJECTS = $(am_biotest_OBJECTS)
biotest_LDADD = $(LDADD)
biotest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_bntest_OBJECTS = bntest-bntest.$(OBJEXT)
bntest_OBJECTS = $(am_bntest_OBJECTS)
bntest_LDADD = $(LDADD)
bntest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_bytestringtest_OBJECTS = bytestringtest.$(OBJEXT)
bytestringtest_OBJECTS = $(am_bytestringtest_OBJECTS)
bytestringtest_LDADD = $(LDADD)
bytestringtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_casttest_OBJECTS = casttest.$(OBJEXT)
casttest_OBJECTS = $(am_casttest_OBJECTS)
casttest_LDADD = $(LDADD)
casttest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_chachatest_OBJECTS = chachatest.$(OBJEXT)
chachatest_OBJECTS = $(am_chachatest_OBJECTS)
chachatest_LDADD = $(LDADD)
chachatest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_cipher_list_OBJECTS = cipher_list.$(OBJEXT)
cipher_list_OBJECTS = $(am_cipher_list_OBJECTS)
cipher_list_LDADD = $(LDADD)
cipher_list_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_cipherstest_OBJECTS = cipherstest.$(OBJEXT)
cipherstest_OBJECTS = $(am_cipherstest_OBJECTS)
cipherstest_LDADD = $(LDADD)
cipherstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_clienttest_OBJECTS = clienttest.$(OBJEXT)
clienttest_OBJECTS = $(am_clienttest_OBJECTS)
clienttest_LDADD = $(LDADD)
clienttest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_cts128test_OBJECTS = cts128test.$(OBJEXT)
cts128test_OBJECTS = $(am_cts128test_OBJECTS)
cts128test_LDADD = $(LDADD)
cts128test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_destest_OBJECTS = destest.$(OBJEXT)
destest_OBJECTS = $(am_destest_OBJECTS)
destest_LDADD = $(LDADD)
destest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_dhtest_OBJECTS = dhtest.$(OBJEXT)
dhtest_OBJECTS = $(am_dhtest_OBJECTS)
dhtest_LDADD = $(LDADD)
dhtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_dsatest_OBJECTS = dsatest.$(OBJEXT)
dsatest_OBJECTS = $(am_dsatest_OBJECTS)
dsatest_LDADD = $(LDADD)
dsatest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_ecdhtest_OBJECTS = ecdhtest.$(OBJEXT)
ecdhtest_OBJECTS = $(am_ecdhtest_OBJECTS)
ecdhtest_LDADD = $(LDADD)
ecdhtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_ecdsatest_OBJECTS = ecdsatest.$(OBJEXT)
ecdsatest_OBJECTS = $(am_ecdsatest_OBJECTS)
ecdsatest_LDADD = $(LDADD)
ecdsatest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_ectest_OBJECTS = ectest.$(OBJEXT)
ectest_OBJECTS = $(am_ectest_OBJECTS)
ectest_LDADD = $(LDADD)
ectest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_enginetest_OBJECTS = enginetest.$(OBJEXT)
enginetest_OBJECTS = $(am_enginetest_OBJECTS)
enginetest_LDADD = $(LDADD)
enginetest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_evptest_OBJECTS = evptest.$(OBJEXT)
evptest_OBJECTS = $(am_evptest_OBJECTS)
evptest_LDADD = $(LDADD)
evptest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am__explicit_bzero_SOURCES_DIST = explicit_bzero.c compat/memmem.c
am__dirstamp = $(am__leading_dot)dirstamp
@HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__objects_1 = compat/memmem.$(OBJEXT)
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am_explicit_bzero_OBJECTS =  \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	explicit_bzero.$(OBJEXT) \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	$(am__objects_1)
explicit_bzero_OBJECTS = $(am_explicit_bzero_OBJECTS)
explicit_bzero_LDADD = $(LDADD)
explicit_bzero_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_exptest_OBJECTS = exptest-exptest.$(OBJEXT)
exptest_OBJECTS = $(am_exptest_OBJECTS)
exptest_LDADD = $(LDADD)
exptest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_gcm128test_OBJECTS = gcm128test.$(OBJEXT)
gcm128test_OBJECTS = $(am_gcm128test_OBJECTS)
gcm128test_LDADD = $(LDADD)
gcm128test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_gost2814789t_OBJECTS = gost2814789t.$(OBJEXT)
gost2814789t_OBJECTS = $(am_gost2814789t_OBJECTS)
gost2814789t_LDADD = $(LDADD)
gost2814789t_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_hmactest_OBJECTS = hmactest.$(OBJEXT)
hmactest_OBJECTS = $(am_hmactest_OBJECTS)
hmactest_LDADD = $(LDADD)
hmactest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_ideatest_OBJECTS = ideatest.$(OBJEXT)
ideatest_OBJECTS = $(am_ideatest_OBJECTS)
ideatest_LDADD = $(LDADD)
ideatest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_igetest_OBJECTS = igetest.$(OBJEXT)
igetest_OBJECTS = $(am_igetest_OBJECTS)
igetest_LDADD = $(LDADD)
igetest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_md4test_OBJECTS = md4test.$(OBJEXT)
md4test_OBJECTS = $(am_md4test_OBJECTS)
md4test_LDADD = $(LDADD)
md4test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_md5test_OBJECTS = md5test.$(OBJEXT)
md5test_OBJECTS = $(am_md5test_OBJECTS)
md5test_LDADD = $(LDADD)
md5test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_mont_OBJECTS = mont.$(OBJEXT)
mont_OBJECTS = $(am_mont_OBJECTS)
mont_LDADD = $(LDADD)
mont_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am__ocsp_test_SOURCES_DIST = ocsp_test.c
@ENABLE_EXTRATESTS_TRUE@am_ocsp_test_OBJECTS = ocsp_test.$(OBJEXT)
ocsp_test_OBJECTS = $(am_ocsp_test_OBJECTS)
ocsp_test_LDADD = $(LDADD)
ocsp_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_optionstest_OBJECTS = optionstest.$(OBJEXT)
optionstest_OBJECTS = $(am_optionstest_OBJECTS)
optionstest_LDADD = $(LDADD)
optionstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_pbkdf2_OBJECTS = pbkdf2.$(OBJEXT)
pbkdf2_OBJECTS = $(am_pbkdf2_OBJECTS)
pbkdf2_LDADD = $(LDADD)
pbkdf2_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am__pidwraptest_SOURCES_DIST = pidwraptest.c
@ENABLE_EXTRATESTS_TRUE@am_pidwraptest_OBJECTS =  \
@ENABLE_EXTRATESTS_TRUE@	pidwraptest.$(OBJEXT)
pidwraptest_OBJECTS = $(am_pidwraptest_OBJECTS)
pidwraptest_LDADD = $(LDADD)
pidwraptest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_pkcs7test_OBJECTS = pkcs7test.$(OBJEXT)
pkcs7test_OBJECTS = $(am_pkcs7test_OBJECTS)
pkcs7test_LDADD = $(LDADD)
pkcs7test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_poly1305test_OBJECTS = poly1305test.$(OBJEXT)
poly1305test_OBJECTS = $(am_poly1305test_OBJECTS)
poly1305test_LDADD = $(LDADD)
poly1305test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_pq_test_OBJECTS = pq_test.$(OBJEXT)
pq_test_OBJECTS = $(am_pq_test_OBJECTS)
pq_test_LDADD = $(LDADD)
pq_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_randtest_OBJECTS = randtest.$(OBJEXT)
randtest_OBJECTS = $(am_randtest_OBJECTS)
randtest_LDADD = $(LDADD)
randtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_rc2test_OBJECTS = rc2test.$(OBJEXT)
rc2test_OBJECTS = $(am_rc2test_OBJECTS)
rc2test_LDADD = $(LDADD)
rc2test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_rc4test_OBJECTS = rc4test.$(OBJEXT)
rc4test_OBJECTS = $(am_rc4test_OBJECTS)
rc4test_LDADD = $(LDADD)
rc4test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_rfc5280time_OBJECTS = rfc5280time.$(OBJEXT)
rfc5280time_OBJECTS = $(am_rfc5280time_OBJECTS)
rfc5280time_LDADD = $(LDADD)
rfc5280time_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_rmdtest_OBJECTS = rmdtest.$(OBJEXT)
rmdtest_OBJECTS = $(am_rmdtest_OBJECTS)
rmdtest_LDADD = $(LDADD)
rmdtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_rsa_test_OBJECTS = rsa_test.$(OBJEXT)
rsa_test_OBJECTS = $(am_rsa_test_OBJECTS)
rsa_test_LDADD = $(LDADD)
rsa_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_servertest_OBJECTS = servertest.$(OBJEXT)
servertest_OBJECTS = $(am_servertest_OBJECTS)
servertest_LDADD = $(LDADD)
servertest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_sha1test_OBJECTS = sha1test.$(OBJEXT)
sha1test_OBJECTS = $(am_sha1test_OBJECTS)
sha1test_LDADD = $(LDADD)
sha1test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \

	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_sha256test_OBJECTS = sha256test.$(OBJEXT)
sha256test_OBJECTS = $(am_sha256test_OBJECTS)
sha256test_LDADD = $(LDADD)
sha256test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_sha512test_OBJECTS = sha512test.$(OBJEXT)
sha512test_OBJECTS = $(am_sha512test_OBJECTS)
sha512test_LDADD = $(LDADD)
sha512test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_ssl_versions_OBJECTS = ssl_versions.$(OBJEXT)
ssl_versions_OBJECTS = $(am_ssl_versions_OBJECTS)
ssl_versions_LDADD = $(LDADD)
ssl_versions_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_ssltest_OBJECTS = ssltest.$(OBJEXT)
ssltest_OBJECTS = $(am_ssltest_OBJECTS)
ssltest_LDADD = $(LDADD)
ssltest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_timingsafe_OBJECTS = timingsafe.$(OBJEXT)
timingsafe_OBJECTS = $(am_timingsafe_OBJECTS)
timingsafe_LDADD = $(LDADD)
timingsafe_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_tls_ext_alpn_OBJECTS = tls_ext_alpn.$(OBJEXT)
tls_ext_alpn_OBJECTS = $(am_tls_ext_alpn_OBJECTS)
tls_ext_alpn_LDADD = $(LDADD)
tls_ext_alpn_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_tls_prf_OBJECTS = tls_prf.$(OBJEXT)
tls_prf_OBJECTS = $(am_tls_prf_OBJECTS)
tls_prf_LDADD = $(LDADD)
tls_prf_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am__tlstest_SOURCES_DIST = tlstest.c compat/pipe2.c
@HAVE_PIPE2_FALSE@am__objects_2 = compat/pipe2.$(OBJEXT)
am_tlstest_OBJECTS = tlstest.$(OBJEXT) $(am__objects_2)
tlstest_OBJECTS = $(am_tlstest_OBJECTS)
tlstest_LDADD = $(LDADD)
tlstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_utf8test_OBJECTS = utf8test.$(OBJEXT)
utf8test_OBJECTS = $(am_utf8test_OBJECTS)
utf8test_LDADD = $(LDADD)
utf8test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \

	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_verifytest_OBJECTS = verifytest.$(OBJEXT)
verifytest_OBJECTS = $(am_verifytest_OBJECTS)
verifytest_LDADD = $(LDADD)
verifytest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
am_x25519test_OBJECTS = x25519test.$(OBJEXT)
x25519test_OBJECTS = $(am_x25519test_OBJECTS)
x25519test_LDADD = $(LDADD)
x25519test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a \
	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo "  GEN     " $@;
608
609
610
611
612
613
614

615

616

617

618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636

637
638


639

640
641
642
643
644
645
646
	$(gost2814789t_SOURCES) $(hmactest_SOURCES) \
	$(ideatest_SOURCES) $(igetest_SOURCES) $(md4test_SOURCES) \
	$(md5test_SOURCES) $(mont_SOURCES) $(ocsp_test_SOURCES) \
	$(optionstest_SOURCES) $(pbkdf2_SOURCES) \
	$(pidwraptest_SOURCES) $(pkcs7test_SOURCES) \
	$(poly1305test_SOURCES) $(pq_test_SOURCES) $(randtest_SOURCES) \
	$(rc2test_SOURCES) $(rc4test_SOURCES) $(rfc5280time_SOURCES) \

	$(rmdtest_SOURCES) $(sha1test_SOURCES) $(sha256test_SOURCES) \

	$(sha512test_SOURCES) $(ssltest_SOURCES) $(timingsafe_SOURCES) \

	$(utf8test_SOURCES) $(verifytest_SOURCES)

DIST_SOURCES = $(aeadtest_SOURCES) $(aes_wrap_SOURCES) \
	$(am__arc4randomforktest_SOURCES_DIST) $(asn1test_SOURCES) \
	$(asn1time_SOURCES) $(base64test_SOURCES) $(bftest_SOURCES) \
	$(am__biotest_SOURCES_DIST) $(bntest_SOURCES) \
	$(bytestringtest_SOURCES) $(casttest_SOURCES) \
	$(chachatest_SOURCES) $(cipher_list_SOURCES) \
	$(cipherstest_SOURCES) $(clienttest_SOURCES) \
	$(cts128test_SOURCES) $(destest_SOURCES) $(dhtest_SOURCES) \
	$(dsatest_SOURCES) $(ecdhtest_SOURCES) $(ecdsatest_SOURCES) \
	$(ectest_SOURCES) $(enginetest_SOURCES) $(evptest_SOURCES) \
	$(am__explicit_bzero_SOURCES_DIST) $(exptest_SOURCES) \
	$(gcm128test_SOURCES) $(gost2814789t_SOURCES) \
	$(hmactest_SOURCES) $(ideatest_SOURCES) $(igetest_SOURCES) \
	$(md4test_SOURCES) $(md5test_SOURCES) $(mont_SOURCES) \
	$(am__ocsp_test_SOURCES_DIST) $(optionstest_SOURCES) \
	$(pbkdf2_SOURCES) $(am__pidwraptest_SOURCES_DIST) \
	$(pkcs7test_SOURCES) $(poly1305test_SOURCES) \
	$(pq_test_SOURCES) $(randtest_SOURCES) $(rc2test_SOURCES) \
	$(rc4test_SOURCES) $(rfc5280time_SOURCES) $(rmdtest_SOURCES) \

	$(sha1test_SOURCES) $(sha256test_SOURCES) \
	$(sha512test_SOURCES) $(ssltest_SOURCES) $(timingsafe_SOURCES) \


	$(utf8test_SOURCES) $(verifytest_SOURCES)

am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)







>
|
>
|
>
|
>



















>
|
|
>
>
|
>







668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
	$(gost2814789t_SOURCES) $(hmactest_SOURCES) \
	$(ideatest_SOURCES) $(igetest_SOURCES) $(md4test_SOURCES) \
	$(md5test_SOURCES) $(mont_SOURCES) $(ocsp_test_SOURCES) \
	$(optionstest_SOURCES) $(pbkdf2_SOURCES) \
	$(pidwraptest_SOURCES) $(pkcs7test_SOURCES) \
	$(poly1305test_SOURCES) $(pq_test_SOURCES) $(randtest_SOURCES) \
	$(rc2test_SOURCES) $(rc4test_SOURCES) $(rfc5280time_SOURCES) \
	$(rmdtest_SOURCES) $(rsa_test_SOURCES) $(servertest_SOURCES) \
	$(sha1test_SOURCES) $(sha256test_SOURCES) \
	$(sha512test_SOURCES) $(ssl_versions_SOURCES) \
	$(ssltest_SOURCES) $(timingsafe_SOURCES) \
	$(tls_ext_alpn_SOURCES) $(tls_prf_SOURCES) $(tlstest_SOURCES) \
	$(utf8test_SOURCES) $(verifytest_SOURCES) \
	$(x25519test_SOURCES)
DIST_SOURCES = $(aeadtest_SOURCES) $(aes_wrap_SOURCES) \
	$(am__arc4randomforktest_SOURCES_DIST) $(asn1test_SOURCES) \
	$(asn1time_SOURCES) $(base64test_SOURCES) $(bftest_SOURCES) \
	$(am__biotest_SOURCES_DIST) $(bntest_SOURCES) \
	$(bytestringtest_SOURCES) $(casttest_SOURCES) \
	$(chachatest_SOURCES) $(cipher_list_SOURCES) \
	$(cipherstest_SOURCES) $(clienttest_SOURCES) \
	$(cts128test_SOURCES) $(destest_SOURCES) $(dhtest_SOURCES) \
	$(dsatest_SOURCES) $(ecdhtest_SOURCES) $(ecdsatest_SOURCES) \
	$(ectest_SOURCES) $(enginetest_SOURCES) $(evptest_SOURCES) \
	$(am__explicit_bzero_SOURCES_DIST) $(exptest_SOURCES) \
	$(gcm128test_SOURCES) $(gost2814789t_SOURCES) \
	$(hmactest_SOURCES) $(ideatest_SOURCES) $(igetest_SOURCES) \
	$(md4test_SOURCES) $(md5test_SOURCES) $(mont_SOURCES) \
	$(am__ocsp_test_SOURCES_DIST) $(optionstest_SOURCES) \
	$(pbkdf2_SOURCES) $(am__pidwraptest_SOURCES_DIST) \
	$(pkcs7test_SOURCES) $(poly1305test_SOURCES) \
	$(pq_test_SOURCES) $(randtest_SOURCES) $(rc2test_SOURCES) \
	$(rc4test_SOURCES) $(rfc5280time_SOURCES) $(rmdtest_SOURCES) \
	$(rsa_test_SOURCES) $(servertest_SOURCES) $(sha1test_SOURCES) \
	$(sha256test_SOURCES) $(sha512test_SOURCES) \
	$(ssl_versions_SOURCES) $(ssltest_SOURCES) \
	$(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \
	$(tls_prf_SOURCES) $(am__tlstest_SOURCES_DIST) \
	$(utf8test_SOURCES) $(verifytest_SOURCES) \
	$(x25519test_SOURCES)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
	$(TEST_LOG_FLAGS)
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp \
	$(top_srcdir)/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
	$(TEST_LOG_FLAGS)
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp \
	$(top_srcdir)/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
895
896
897
898
899
900
901

902
903
904
905
906
907
908
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
991
992
993
994
995
996
997

998
999
1000
1001

1002
1003
1004
1005
1006
1007
1008
1009
1010


1011

1012
1013
1014
1015
1016
1017
1018
1019
1020

1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040

1041
1042
1043
1044
1045
1046
1047
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \

	-DLIBRESSL_INTERNAL -I $(top_srcdir)/crypto/modes -I \
	$(top_srcdir)/crypto/asn1 -I $(top_srcdir)/ssl -I \
	$(top_srcdir)/apps/openssl -I \
	$(top_srcdir)/apps/openssl/compat

LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) \
	$(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la \
	$(abs_top_builddir)/tls/libtls.la
TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
EXTRA_DIST = CMakeLists.txt aeadtest.sh aeadtests.txt \
	arc4randomforktest.sh evptest.sh evptests.txt ocsptest.sh \
	pidwraptest.sh pq_test.sh pq_expected.txt \
	rfc5280time_small.test ssltest.sh testssl ca.pem server.pem \


	testdsa.sh openssl.cnf testenc.sh testrsa.sh

DISTCLEANFILES = pidwraptest.txt
aeadtest_SOURCES = aeadtest.c
aes_wrap_SOURCES = aes_wrap.c
@HOST_WIN_FALSE@arc4randomforktest_SOURCES = arc4randomforktest.c
asn1test_SOURCES = asn1test.c
asn1time_SOURCES = asn1time.c
base64test_SOURCES = base64test.c
bftest_SOURCES = bftest.c
@ENABLE_EXTRATESTS_TRUE@biotest_SOURCES = biotest.c

bntest_SOURCES = bntest.c
bytestringtest_SOURCES = bytestringtest.c
casttest_SOURCES = casttest.c
chachatest_SOURCES = chachatest.c
cipher_list_SOURCES = cipher_list.c
noinst_HEADERS = tests.h
cipherstest_SOURCES = cipherstest.c
clienttest_SOURCES = clienttest.c
cts128test_SOURCES = cts128test.c
destest_SOURCES = destest.c
dhtest_SOURCES = dhtest.c
dsatest_SOURCES = dsatest.c
ecdhtest_SOURCES = ecdhtest.c
ecdsatest_SOURCES = ecdsatest.c
ectest_SOURCES = ectest.c
enginetest_SOURCES = enginetest.c
evptest_SOURCES = evptest.c
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@explicit_bzero_SOURCES =  \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	explicit_bzero.c \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	$(am__append_7)

exptest_SOURCES = exptest.c
gcm128test_SOURCES = gcm128test.c
gost2814789t_SOURCES = gost2814789t.c
hmactest_SOURCES = hmactest.c
ideatest_SOURCES = ideatest.c
igetest_SOURCES = igetest.c
md4test_SOURCES = md4test.c







>
|


|
>
|
|
|
|



|
|
>
>
|
>









>



















|
>







1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS= -I $(top_srcdir)/crypto/modes -I \
	$(top_srcdir)/crypto/asn1 -I $(top_srcdir)/ssl -I \
	$(top_srcdir)/apps/openssl -I \
	$(top_srcdir)/apps/openssl/compat \
	-D_PATH_SSL_CA_FILE=\"$(top_srcdir)/apps/openssl/cert.pem\"
LDADD = $(abs_top_builddir)/tls/.libs/libtls.a \
	$(abs_top_builddir)/ssl/.libs/libssl.a \
	$(abs_top_builddir)/crypto/.libs/libcrypto.a $(PLATFORM_LDADD) \
	$(PROG_LDADD) $(am__append_1)
TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
EXTRA_DIST = CMakeLists.txt aeadtest.sh aeadtests.txt \
	arc4randomforktest.sh evptest.sh evptests.txt ocsptest.sh \
	ocsptest.bat pidwraptest.sh pq_test.sh pq_test.bat \
	pq_expected.txt rfc5280time_small.test servertest.sh \
	servertest.bat ssltest.sh ssltest.bat testssl testssl.bat \
	ca.pem server.pem testdsa.sh testdsa.bat openssl.cnf \
	testenc.sh testenc.bat testrsa.sh testrsa.bat tlstest.sh \
	tlstest.bat
DISTCLEANFILES = pidwraptest.txt
aeadtest_SOURCES = aeadtest.c
aes_wrap_SOURCES = aes_wrap.c
@HOST_WIN_FALSE@arc4randomforktest_SOURCES = arc4randomforktest.c
asn1test_SOURCES = asn1test.c
asn1time_SOURCES = asn1time.c
base64test_SOURCES = base64test.c
bftest_SOURCES = bftest.c
@ENABLE_EXTRATESTS_TRUE@biotest_SOURCES = biotest.c
bntest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
bntest_SOURCES = bntest.c
bytestringtest_SOURCES = bytestringtest.c
casttest_SOURCES = casttest.c
chachatest_SOURCES = chachatest.c
cipher_list_SOURCES = cipher_list.c
noinst_HEADERS = tests.h
cipherstest_SOURCES = cipherstest.c
clienttest_SOURCES = clienttest.c
cts128test_SOURCES = cts128test.c
destest_SOURCES = destest.c
dhtest_SOURCES = dhtest.c
dsatest_SOURCES = dsatest.c
ecdhtest_SOURCES = ecdhtest.c
ecdsatest_SOURCES = ecdsatest.c
ectest_SOURCES = ectest.c
enginetest_SOURCES = enginetest.c
evptest_SOURCES = evptest.c
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@explicit_bzero_SOURCES =  \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	explicit_bzero.c \
@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@	$(am__append_8)
exptest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
exptest_SOURCES = exptest.c
gcm128test_SOURCES = gcm128test.c
gost2814789t_SOURCES = gost2814789t.c
hmactest_SOURCES = hmactest.c
ideatest_SOURCES = ideatest.c
igetest_SOURCES = igetest.c
md4test_SOURCES = md4test.c
1055
1056
1057
1058
1059
1060
1061


1062
1063
1064

1065
1066



1067
1068

1069
1070
1071
1072
1073
1074
1075
poly1305test_SOURCES = poly1305test.c
pq_test_SOURCES = pq_test.c
randtest_SOURCES = randtest.c
rc2test_SOURCES = rc2test.c
rc4test_SOURCES = rc4test.c
rfc5280time_SOURCES = rfc5280time.c
rmdtest_SOURCES = rmdtest.c


sha1test_SOURCES = sha1test.c
sha256test_SOURCES = sha256test.c
sha512test_SOURCES = sha512test.c

ssltest_SOURCES = ssltest.c
timingsafe_SOURCES = timingsafe.c



utf8test_SOURCES = utf8test.c
verifytest_SOURCES = verifytest.c

all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \







>
>



>


>
>
>


>







1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
poly1305test_SOURCES = poly1305test.c
pq_test_SOURCES = pq_test.c
randtest_SOURCES = randtest.c
rc2test_SOURCES = rc2test.c
rc4test_SOURCES = rc4test.c
rfc5280time_SOURCES = rfc5280time.c
rmdtest_SOURCES = rmdtest.c
rsa_test_SOURCES = rsa_test.c
servertest_SOURCES = servertest.c
sha1test_SOURCES = sha1test.c
sha256test_SOURCES = sha256test.c
sha512test_SOURCES = sha512test.c
ssl_versions_SOURCES = ssl_versions.c
ssltest_SOURCES = ssltest.c
timingsafe_SOURCES = timingsafe.c
tlstest_SOURCES = tlstest.c $(am__append_15)
tls_ext_alpn_SOURCES = tls_ext_alpn.c
tls_prf_SOURCES = tls_prf.c
utf8test_SOURCES = utf8test.c
verifytest_SOURCES = verifytest.c
x25519test_SOURCES = x25519test.c
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
	  case '$(am__configure_deps)' in \
1201
1202
1203
1204
1205
1206
1207








1208
1209
1210
1211
1212
1213
1214
enginetest$(EXEEXT): $(enginetest_OBJECTS) $(enginetest_DEPENDENCIES) $(EXTRA_enginetest_DEPENDENCIES) 
	@rm -f enginetest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(enginetest_OBJECTS) $(enginetest_LDADD) $(LIBS)

evptest$(EXEEXT): $(evptest_OBJECTS) $(evptest_DEPENDENCIES) $(EXTRA_evptest_DEPENDENCIES) 
	@rm -f evptest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(evptest_OBJECTS) $(evptest_LDADD) $(LIBS)









explicit_bzero$(EXEEXT): $(explicit_bzero_OBJECTS) $(explicit_bzero_DEPENDENCIES) $(EXTRA_explicit_bzero_DEPENDENCIES) 
	@rm -f explicit_bzero$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(explicit_bzero_OBJECTS) $(explicit_bzero_LDADD) $(LIBS)

exptest$(EXEEXT): $(exptest_OBJECTS) $(exptest_DEPENDENCIES) $(EXTRA_exptest_DEPENDENCIES) 
	@rm -f exptest$(EXEEXT)







>
>
>
>
>
>
>
>







1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
enginetest$(EXEEXT): $(enginetest_OBJECTS) $(enginetest_DEPENDENCIES) $(EXTRA_enginetest_DEPENDENCIES) 
	@rm -f enginetest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(enginetest_OBJECTS) $(enginetest_LDADD) $(LIBS)

evptest$(EXEEXT): $(evptest_OBJECTS) $(evptest_DEPENDENCIES) $(EXTRA_evptest_DEPENDENCIES) 
	@rm -f evptest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(evptest_OBJECTS) $(evptest_LDADD) $(LIBS)
compat/$(am__dirstamp):
	@$(MKDIR_P) compat
	@: > compat/$(am__dirstamp)
compat/$(DEPDIR)/$(am__dirstamp):
	@$(MKDIR_P) compat/$(DEPDIR)
	@: > compat/$(DEPDIR)/$(am__dirstamp)
compat/memmem.$(OBJEXT): compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)

explicit_bzero$(EXEEXT): $(explicit_bzero_OBJECTS) $(explicit_bzero_DEPENDENCIES) $(EXTRA_explicit_bzero_DEPENDENCIES) 
	@rm -f explicit_bzero$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(explicit_bzero_OBJECTS) $(explicit_bzero_LDADD) $(LIBS)

exptest$(EXEEXT): $(exptest_OBJECTS) $(exptest_DEPENDENCIES) $(EXTRA_exptest_DEPENDENCIES) 
	@rm -f exptest$(EXEEXT)
1289
1290
1291
1292
1293
1294
1295








1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307




1308
1309
1310
1311
1312
1313
1314
1315














1316
1317
1318
1319
1320
1321
1322
1323
1324




1325
1326

1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377


1378
1379
1380

1381
1382



1383
1384



1385
1386
1387
1388
1389
1390
1391
rfc5280time$(EXEEXT): $(rfc5280time_OBJECTS) $(rfc5280time_DEPENDENCIES) $(EXTRA_rfc5280time_DEPENDENCIES) 
	@rm -f rfc5280time$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(rfc5280time_OBJECTS) $(rfc5280time_LDADD) $(LIBS)

rmdtest$(EXEEXT): $(rmdtest_OBJECTS) $(rmdtest_DEPENDENCIES) $(EXTRA_rmdtest_DEPENDENCIES) 
	@rm -f rmdtest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(rmdtest_OBJECTS) $(rmdtest_LDADD) $(LIBS)









sha1test$(EXEEXT): $(sha1test_OBJECTS) $(sha1test_DEPENDENCIES) $(EXTRA_sha1test_DEPENDENCIES) 
	@rm -f sha1test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(sha1test_OBJECTS) $(sha1test_LDADD) $(LIBS)

sha256test$(EXEEXT): $(sha256test_OBJECTS) $(sha256test_DEPENDENCIES) $(EXTRA_sha256test_DEPENDENCIES) 
	@rm -f sha256test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(sha256test_OBJECTS) $(sha256test_LDADD) $(LIBS)

sha512test$(EXEEXT): $(sha512test_OBJECTS) $(sha512test_DEPENDENCIES) $(EXTRA_sha512test_DEPENDENCIES) 
	@rm -f sha512test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(sha512test_OBJECTS) $(sha512test_LDADD) $(LIBS)





ssltest$(EXEEXT): $(ssltest_OBJECTS) $(ssltest_DEPENDENCIES) $(EXTRA_ssltest_DEPENDENCIES) 
	@rm -f ssltest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(ssltest_OBJECTS) $(ssltest_LDADD) $(LIBS)

timingsafe$(EXEEXT): $(timingsafe_OBJECTS) $(timingsafe_DEPENDENCIES) $(EXTRA_timingsafe_DEPENDENCIES) 
	@rm -f timingsafe$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(timingsafe_OBJECTS) $(timingsafe_LDADD) $(LIBS)















utf8test$(EXEEXT): $(utf8test_OBJECTS) $(utf8test_DEPENDENCIES) $(EXTRA_utf8test_DEPENDENCIES) 
	@rm -f utf8test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(utf8test_OBJECTS) $(utf8test_LDADD) $(LIBS)

verifytest$(EXEEXT): $(verifytest_OBJECTS) $(verifytest_DEPENDENCIES) $(EXTRA_verifytest_DEPENDENCIES) 
	@rm -f verifytest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(verifytest_OBJECTS) $(verifytest_LDADD) $(LIBS)





mostlyclean-compile:
	-rm -f *.$(OBJEXT)


distclean-compile:
	-rm -f *.tab.c

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aeadtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_wrap.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arc4randomforktest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1time.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bftest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/biotest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bntest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bytestringtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/casttest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chachatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher_list.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipherstest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clienttest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cts128test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdhtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdsatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ectest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enginetest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evptest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/explicit_bzero.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exptest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm128test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gost2814789t.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmactest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ideatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igetest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/memmem.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mont.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionstest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pbkdf2.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pidwraptest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/poly1305test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pq_test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc2test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc4test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc5280time.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmdtest.Po@am__quote@


@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512test.Po@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssltest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timingsafe.Po@am__quote@



@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utf8test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verifytest.Po@am__quote@




.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@







>
>
>
>
>
>
>
>












>
>
>
>








>
>
>
>
>
>
>
>
>
>
>
>
>
>









>
>
>
>


>












|
















|







<













>
>



>


>
>
>


>
>
>







1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485

1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
rfc5280time$(EXEEXT): $(rfc5280time_OBJECTS) $(rfc5280time_DEPENDENCIES) $(EXTRA_rfc5280time_DEPENDENCIES) 
	@rm -f rfc5280time$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(rfc5280time_OBJECTS) $(rfc5280time_LDADD) $(LIBS)

rmdtest$(EXEEXT): $(rmdtest_OBJECTS) $(rmdtest_DEPENDENCIES) $(EXTRA_rmdtest_DEPENDENCIES) 
	@rm -f rmdtest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(rmdtest_OBJECTS) $(rmdtest_LDADD) $(LIBS)

rsa_test$(EXEEXT): $(rsa_test_OBJECTS) $(rsa_test_DEPENDENCIES) $(EXTRA_rsa_test_DEPENDENCIES) 
	@rm -f rsa_test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(rsa_test_OBJECTS) $(rsa_test_LDADD) $(LIBS)

servertest$(EXEEXT): $(servertest_OBJECTS) $(servertest_DEPENDENCIES) $(EXTRA_servertest_DEPENDENCIES) 
	@rm -f servertest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(servertest_OBJECTS) $(servertest_LDADD) $(LIBS)

sha1test$(EXEEXT): $(sha1test_OBJECTS) $(sha1test_DEPENDENCIES) $(EXTRA_sha1test_DEPENDENCIES) 
	@rm -f sha1test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(sha1test_OBJECTS) $(sha1test_LDADD) $(LIBS)

sha256test$(EXEEXT): $(sha256test_OBJECTS) $(sha256test_DEPENDENCIES) $(EXTRA_sha256test_DEPENDENCIES) 
	@rm -f sha256test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(sha256test_OBJECTS) $(sha256test_LDADD) $(LIBS)

sha512test$(EXEEXT): $(sha512test_OBJECTS) $(sha512test_DEPENDENCIES) $(EXTRA_sha512test_DEPENDENCIES) 
	@rm -f sha512test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(sha512test_OBJECTS) $(sha512test_LDADD) $(LIBS)

ssl_versions$(EXEEXT): $(ssl_versions_OBJECTS) $(ssl_versions_DEPENDENCIES) $(EXTRA_ssl_versions_DEPENDENCIES) 
	@rm -f ssl_versions$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(ssl_versions_OBJECTS) $(ssl_versions_LDADD) $(LIBS)

ssltest$(EXEEXT): $(ssltest_OBJECTS) $(ssltest_DEPENDENCIES) $(EXTRA_ssltest_DEPENDENCIES) 
	@rm -f ssltest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(ssltest_OBJECTS) $(ssltest_LDADD) $(LIBS)

timingsafe$(EXEEXT): $(timingsafe_OBJECTS) $(timingsafe_DEPENDENCIES) $(EXTRA_timingsafe_DEPENDENCIES) 
	@rm -f timingsafe$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(timingsafe_OBJECTS) $(timingsafe_LDADD) $(LIBS)

tls_ext_alpn$(EXEEXT): $(tls_ext_alpn_OBJECTS) $(tls_ext_alpn_DEPENDENCIES) $(EXTRA_tls_ext_alpn_DEPENDENCIES) 
	@rm -f tls_ext_alpn$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(tls_ext_alpn_OBJECTS) $(tls_ext_alpn_LDADD) $(LIBS)

tls_prf$(EXEEXT): $(tls_prf_OBJECTS) $(tls_prf_DEPENDENCIES) $(EXTRA_tls_prf_DEPENDENCIES) 
	@rm -f tls_prf$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(tls_prf_OBJECTS) $(tls_prf_LDADD) $(LIBS)
compat/pipe2.$(OBJEXT): compat/$(am__dirstamp) \
	compat/$(DEPDIR)/$(am__dirstamp)

tlstest$(EXEEXT): $(tlstest_OBJECTS) $(tlstest_DEPENDENCIES) $(EXTRA_tlstest_DEPENDENCIES) 
	@rm -f tlstest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(tlstest_OBJECTS) $(tlstest_LDADD) $(LIBS)

utf8test$(EXEEXT): $(utf8test_OBJECTS) $(utf8test_DEPENDENCIES) $(EXTRA_utf8test_DEPENDENCIES) 
	@rm -f utf8test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(utf8test_OBJECTS) $(utf8test_LDADD) $(LIBS)

verifytest$(EXEEXT): $(verifytest_OBJECTS) $(verifytest_DEPENDENCIES) $(EXTRA_verifytest_DEPENDENCIES) 
	@rm -f verifytest$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(verifytest_OBJECTS) $(verifytest_LDADD) $(LIBS)

x25519test$(EXEEXT): $(x25519test_OBJECTS) $(x25519test_DEPENDENCIES) $(EXTRA_x25519test_DEPENDENCIES) 
	@rm -f x25519test$(EXEEXT)
	$(AM_V_CCLD)$(LINK) $(x25519test_OBJECTS) $(x25519test_LDADD) $(LIBS)

mostlyclean-compile:
	-rm -f *.$(OBJEXT)
	-rm -f compat/*.$(OBJEXT)

distclean-compile:
	-rm -f *.tab.c

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aeadtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_wrap.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arc4randomforktest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1time.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bftest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/biotest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bntest-bntest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bytestringtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/casttest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chachatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher_list.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipherstest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clienttest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cts128test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdhtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdsatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ectest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enginetest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evptest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/explicit_bzero.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exptest-exptest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm128test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gost2814789t.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmactest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ideatest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igetest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5test.Po@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mont.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionstest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pbkdf2.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pidwraptest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/poly1305test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pq_test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc2test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc4test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc5280time.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmdtest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servertest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_versions.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssltest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timingsafe.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_ext_alpn.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_prf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tlstest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utf8test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verifytest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x25519test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/memmem.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/pipe2.Po@am__quote@

.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
1403
1404
1405
1406
1407
1408
1409




























1410
1411
1412
1413
1414
1415
1416
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<





























mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs

ID: $(am__tagged_files)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<

bntest-bntest.o: bntest.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(bntest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bntest-bntest.o -MD -MP -MF $(DEPDIR)/bntest-bntest.Tpo -c -o bntest-bntest.o `test -f 'bntest.c' || echo '$(srcdir)/'`bntest.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/bntest-bntest.Tpo $(DEPDIR)/bntest-bntest.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='bntest.c' object='bntest-bntest.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(bntest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bntest-bntest.o `test -f 'bntest.c' || echo '$(srcdir)/'`bntest.c

bntest-bntest.obj: bntest.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(bntest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bntest-bntest.obj -MD -MP -MF $(DEPDIR)/bntest-bntest.Tpo -c -o bntest-bntest.obj `if test -f 'bntest.c'; then $(CYGPATH_W) 'bntest.c'; else $(CYGPATH_W) '$(srcdir)/bntest.c'; fi`
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/bntest-bntest.Tpo $(DEPDIR)/bntest-bntest.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='bntest.c' object='bntest-bntest.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(bntest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bntest-bntest.obj `if test -f 'bntest.c'; then $(CYGPATH_W) 'bntest.c'; else $(CYGPATH_W) '$(srcdir)/bntest.c'; fi`

exptest-exptest.o: exptest.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(exptest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT exptest-exptest.o -MD -MP -MF $(DEPDIR)/exptest-exptest.Tpo -c -o exptest-exptest.o `test -f 'exptest.c' || echo '$(srcdir)/'`exptest.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/exptest-exptest.Tpo $(DEPDIR)/exptest-exptest.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exptest.c' object='exptest-exptest.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(exptest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o exptest-exptest.o `test -f 'exptest.c' || echo '$(srcdir)/'`exptest.c

exptest-exptest.obj: exptest.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(exptest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT exptest-exptest.obj -MD -MP -MF $(DEPDIR)/exptest-exptest.Tpo -c -o exptest-exptest.obj `if test -f 'exptest.c'; then $(CYGPATH_W) 'exptest.c'; else $(CYGPATH_W) '$(srcdir)/exptest.c'; fi`
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/exptest-exptest.Tpo $(DEPDIR)/exptest-exptest.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exptest.c' object='exptest-exptest.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(exptest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o exptest-exptest.obj `if test -f 'exptest.c'; then $(CYGPATH_W) 'exptest.c'; else $(CYGPATH_W) '$(srcdir)/exptest.c'; fi`

mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs

ID: $(am__tagged_files)
1924
1925
1926
1927
1928
1929
1930














1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947







1948
1949
1950
1951
1952
1953
1954
rmdtest.log: rmdtest$(EXEEXT)
	@p='rmdtest$(EXEEXT)'; \
	b='rmdtest'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)














sha1test.log: sha1test$(EXEEXT)
	@p='sha1test$(EXEEXT)'; \
	b='sha1test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
sha256test.log: sha256test$(EXEEXT)
	@p='sha256test$(EXEEXT)'; \
	b='sha256test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
sha512test.log: sha512test$(EXEEXT)
	@p='sha512test$(EXEEXT)'; \
	b='sha512test'; \







	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
ssltest.sh.log: ssltest.sh
	@p='ssltest.sh'; \
	b='ssltest.sh'; \







>
>
>
>
>
>
>
>
>
>
>
>
>
>

















>
>
>
>
>
>
>







2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
rmdtest.log: rmdtest$(EXEEXT)
	@p='rmdtest$(EXEEXT)'; \
	b='rmdtest'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
rsa_test.log: rsa_test$(EXEEXT)
	@p='rsa_test$(EXEEXT)'; \
	b='rsa_test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
servertest.sh.log: servertest.sh
	@p='servertest.sh'; \
	b='servertest.sh'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
sha1test.log: sha1test$(EXEEXT)
	@p='sha1test$(EXEEXT)'; \
	b='sha1test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
sha256test.log: sha256test$(EXEEXT)
	@p='sha256test$(EXEEXT)'; \
	b='sha256test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
sha512test.log: sha512test$(EXEEXT)
	@p='sha512test$(EXEEXT)'; \
	b='sha512test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
ssl_versions.log: ssl_versions$(EXEEXT)
	@p='ssl_versions$(EXEEXT)'; \
	b='ssl_versions'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
ssltest.sh.log: ssltest.sh
	@p='ssltest.sh'; \
	b='ssltest.sh'; \
1980
1981
1982
1983
1984
1985
1986





















1987
1988
1989
1990
1991
1992
1993
1994
1995
1996







1997
1998
1999
2000
2001
2002
2003
timingsafe.log: timingsafe$(EXEEXT)
	@p='timingsafe$(EXEEXT)'; \
	b='timingsafe'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)





















utf8test.log: utf8test$(EXEEXT)
	@p='utf8test$(EXEEXT)'; \
	b='utf8test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
verifytest.log: verifytest$(EXEEXT)
	@p='verifytest$(EXEEXT)'; \
	b='verifytest'; \







	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
	@p='$<'; \
	$(am__set_b); \







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>










>
>
>
>
>
>
>







2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
timingsafe.log: timingsafe$(EXEEXT)
	@p='timingsafe$(EXEEXT)'; \
	b='timingsafe'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
tlstest.sh.log: tlstest.sh
	@p='tlstest.sh'; \
	b='tlstest.sh'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
tls_ext_alpn.log: tls_ext_alpn$(EXEEXT)
	@p='tls_ext_alpn$(EXEEXT)'; \
	b='tls_ext_alpn'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
tls_prf.log: tls_prf$(EXEEXT)
	@p='tls_prf$(EXEEXT)'; \
	b='tls_prf'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
utf8test.log: utf8test$(EXEEXT)
	@p='utf8test$(EXEEXT)'; \
	b='utf8test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
verifytest.log: verifytest$(EXEEXT)
	@p='verifytest$(EXEEXT)'; \
	b='verifytest'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
x25519test.log: x25519test$(EXEEXT)
	@p='x25519test$(EXEEXT)'; \
	b='x25519test'; \
	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
	--log-file $$b.log --trs-file $$b.trs \
	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
	"$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
	@p='$<'; \
	$(am__set_b); \
2074
2075
2076
2077
2078
2079
2080


2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)

clean-generic:

distclean-generic:
	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)


	-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)

maintainer-clean-generic:
	@echo "This command is intended for maintainers to use"
	@echo "it deletes files that may require special tools to rebuild."
clean: clean-am

clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
	mostlyclean-am

distclean: distclean-am
	-rm -rf ./$(DEPDIR)
	-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
	distclean-tags

dvi: dvi-am

dvi-am:







>
>











|







2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)

clean-generic:

distclean-generic:
	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
	-rm -f compat/$(DEPDIR)/$(am__dirstamp)
	-rm -f compat/$(am__dirstamp)
	-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)

maintainer-clean-generic:
	@echo "This command is intended for maintainers to use"
	@echo "it deletes files that may require special tools to rebuild."
clean: clean-am

clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
	mostlyclean-am

distclean: distclean-am
	-rm -rf ./$(DEPDIR) compat/$(DEPDIR)
	-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
	distclean-tags

dvi: dvi-am

dvi-am:
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
install-ps: install-ps-am

install-ps-am:

installcheck-am:

maintainer-clean: maintainer-clean-am
	-rm -rf ./$(DEPDIR)
	-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic

mostlyclean: mostlyclean-am

mostlyclean-am: mostlyclean-compile mostlyclean-generic \
	mostlyclean-libtool







|







2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
install-ps: install-ps-am

install-ps-am:

installcheck-am:

maintainer-clean: maintainer-clean-am
	-rm -rf ./$(DEPDIR) compat/$(DEPDIR)
	-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic

mostlyclean: mostlyclean-am

mostlyclean-am: mostlyclean-compile mostlyclean-generic \
	mostlyclean-libtool
Changes to jni/libressl/tests/aeadtest.c.
70
71
72
73
74
75
76






77
78
79
80
81
82
83
 *   IN: 8c8419bc27
 *   AD: 34ab88c265
 *   CT: 1a7c2f33f5
 *   TAG: 2875c659d0f2808de3a40027feff91a4
 */

#define BUF_MAX 1024







/* These are the different types of line that are found in the input file. */
enum {
	AEAD = 0,	/* name of the AEAD algorithm. */
	KEY,		/* hex encoded key. */
	NONCE,		/* hex encoded nonce. */
	IN,		/* hex encoded plaintext. */







>
>
>
>
>
>







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 *   IN: 8c8419bc27
 *   AD: 34ab88c265
 *   CT: 1a7c2f33f5
 *   TAG: 2875c659d0f2808de3a40027feff91a4
 */

#define BUF_MAX 1024

#ifdef _MSC_VER
#ifdef IN
#undef IN
#endif
#endif

/* These are the different types of line that are found in the input file. */
enum {
	AEAD = 0,	/* name of the AEAD algorithm. */
	KEY,		/* hex encoded key. */
	NONCE,		/* hex encoded nonce. */
	IN,		/* hex encoded plaintext. */
Changes to jni/libressl/tests/asn1test.c.
1
2
3
4
5
6
7
8
9
10
/*	$OpenBSD: asn1test.c,v 1.2 2014/07/16 17:38:19 miod Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|

|







1
2
3
4
5
6
7
8
9
10
/*	$OpenBSD: asn1test.c,v 1.6 2016/12/26 15:31:38 jsing Exp $	*/
/*
 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
23
24
25
26
27
28
29














30
31

32
33
34
35
36
37
38
39
#include <openssl/ssl.h>
#include <openssl/tls1.h>

int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
    long length);















struct ssl_asn1_test {
	SSL_SESSION session;

	const unsigned char asn1[512];
	int asn1_len;
};

unsigned char tlsext_tick[] = {
	0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
	0x2d, 0x30, 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37,
	0x74, 0x68, 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c,







>
>
>
>
>
>
>
>
>
>
>
>
>
>


>
|







23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#include <openssl/ssl.h>
#include <openssl/tls1.h>

int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
    long length);

X509 *peer_cert;

unsigned char *peer_cert_pem =
    "-----BEGIN CERTIFICATE-----\n"
    "MIIBcTCCARugAwIBAgIJAPYhaZJAvUuUMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n"
    "BAoMCVRlc3QgUGVlcjAeFw0xNjEyMjYxNDQ3NDdaFw0yNjEyMjQxNDQ3NDdaMBQx\n"
    "EjAQBgNVBAoMCVRlc3QgUGVlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCyhAdJ\n"
    "wojHv/uKONh8MbmR2U2+VF1HQusnLfSfHPqkJfvDzLWJ41TG7QcXkx2rIJVtAFrO\n"
    "U9yNdFYJLA/hsrbjAgMBAAGjUDBOMB0GA1UdDgQWBBS3bZOw7fvaortdsdE2TPMq\n"
    "IRXFRzAfBgNVHSMEGDAWgBS3bZOw7fvaortdsdE2TPMqIRXFRzAMBgNVHRMEBTAD\n"
    "AQH/MA0GCSqGSIb3DQEBBQUAA0EAHsxNS+rNUZbopeDMhVIviOfUmelDjJrT56Rc\n"
    "VJoFN3Gc1cV8nQAHm9aJs71uksC+MN04Pzh0WqmYX9XXrnYPcg==\n"
    "-----END CERTIFICATE-----\n";

struct ssl_asn1_test {
	SSL_SESSION session;
	int peer_cert;
	const unsigned char asn1[1024];
	int asn1_len;
};

unsigned char tlsext_tick[] = {
	0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
	0x2d, 0x30, 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37,
	0x74, 0x68, 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c,
60
61
62
63
64
65
66
67

68
69
70
71

72
73
74
75
76
77
78
79

80
81
82
83
84
85
86
87
88

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120


121
122
123
124
125
126
127
128
129















































130
131
132
133
134
135
136
137
138
139
140
141
142
143
144




145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165




166


















167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
	0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a,
	0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
	0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
};

struct ssl_asn1_test ssl_asn1_tests[] = {
	{
		{

			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
		},
		{

			0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
			0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04,
			0x00, 0xa4, 0x02, 0x04, 0x00,
		},
		21,
	},
	{
		{

			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
			.master_key_length = 26,
			.session_id = "0123456789",
			.session_id_length = 10,
			.sid_ctx = "abcdefghijklmnopqrstuvwxyz",
			.sid_ctx_length = 26,
		},
		{

			0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
			0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30,
			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
			0x39, 0x04, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x1c, 0x04,
			0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
			0x78, 0x79, 0x7a,
		},
		83,
	},
	{
		{

			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
			.master_key_length = 26,
			.session_id = "0123456789",
			.session_id_length = 10,
			.sid_ctx = "abcdefghijklmnopqrstuvwxyz",
			.sid_ctx_length = 26,
			.time = 1405266069,
			.timeout = 5,
			.verify_result = 42,
			.tlsext_hostname = "libressl.openbsd.org",
			.tlsext_tick_lifetime_hint = 0x7abbccdd,
			.tlsext_tick = tlsext_tick,
			.tlsext_ticklen = 207,
		},
		{


			0x30, 0x82, 0x01, 0x58, 0x02, 0x01, 0x01, 0x02,
			0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04,
			0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
			0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1,
			0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2,
			0x03, 0x02, 0x01, 0x05, 0xa4, 0x1c, 0x04, 0x1a,















































			0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,
			0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
			0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
			0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a, 0xa6,
			0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72, 0x65,
			0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
			0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67, 0xa9,
			0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd, 0xaa,
			0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56, 0x45,
			0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31,
			0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68, 0x20,
			0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30,
			0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
			0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39, 0x38,
			0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41, 0x70,




			0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34,
			0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31,
			0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a, 0x20,
			0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70, 0x72,
			0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
			0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
			0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20, 0x33,
			0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79, 0x20,
			0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45,
			0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31,
			0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20,
			0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31,
			0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
			0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31, 0x3a,
			0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
			0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43,
			0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d,
			0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35, 0x74,
			0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32,
			0x30, 0x31, 0x34, 0x0a,
		},




		348,


















	},
};

#define N_SSL_ASN1_TESTS \
    (sizeof(ssl_asn1_tests) / sizeof(*ssl_asn1_tests))

static int
session_strcmp(const unsigned char *o1, const unsigned char *o2, size_t len)
{
	if (o1 == NULL && o2 == NULL)
		return (0);
	if (o1 == NULL || o2 == NULL)
		return (1);
	return memcmp(o1, o2, len);
}

static int
session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
{
	/* Compare two sessions, from the perspective of ASN1. */
	if (s1->ssl_version != s2->ssl_version) {
		fprintf(stderr, "ssl_version differs: %i != %i\n",
		    s1->ssl_version, s2->ssl_version);
		return (1);
	}
	if (s1->cipher_id != s2->cipher_id) {
		fprintf(stderr, "cipher_id differs: %li != %li\n",







<
>



<
>




|


<
>








<
>












|


<
>













|

<
>
>
|







|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
>
>
>


<
<
<
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|

>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



















|







75
76
77
78
79
80
81

82
83
84
85

86
87
88
89
90
91
92
93

94
95
96
97
98
99
100
101
102

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213




214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
	0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a,
	0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
	0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
};

struct ssl_asn1_test ssl_asn1_tests[] = {
	{

		.session = {
			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
		},

		.asn1 = {
			0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
			0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04,
			0x00, 0xa4, 0x02, 0x04, 0x00,
		},
		.asn1_len = 21,
	},
	{

		.session = {
			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
			.master_key_length = 26,
			.session_id = "0123456789",
			.session_id_length = 10,
			.sid_ctx = "abcdefghijklmnopqrstuvwxyz",
			.sid_ctx_length = 26,
		},

		.asn1 = {
			0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
			0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30,
			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
			0x39, 0x04, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x1c, 0x04,
			0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
			0x78, 0x79, 0x7a,
		},
		.asn1_len = 83,
	},
	{

		.session = {
			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
			.master_key_length = 26,
			.session_id = "0123456789",
			.session_id_length = 10,
			.sid_ctx = "abcdefghijklmnopqrstuvwxyz",
			.sid_ctx_length = 26,
			.time = 1405266069,
			.timeout = 5,
			.verify_result = 42,
			.tlsext_hostname = "libressl.openbsd.org",
			.tlsext_tick_lifetime_hint = 0x7abbccdd,
			.tlsext_tick = tlsext_tick,
			.tlsext_ticklen = sizeof(tlsext_tick),
		},

		.peer_cert = 1,
		.asn1 = {
			0x30, 0x82, 0x02, 0xd1, 0x02, 0x01, 0x01, 0x02,
			0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04,
			0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
			0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1,
			0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2,
			0x03, 0x02, 0x01, 0x05, 0xa3, 0x82, 0x01, 0x75,
			0x30, 0x82, 0x01, 0x71, 0x30, 0x82, 0x01, 0x1b,
			0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
			0xf6, 0x21, 0x69, 0x92, 0x40, 0xbd, 0x4b, 0x94,
			0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
			0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
			0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
			0x04, 0x0a, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74,
			0x20, 0x50, 0x65, 0x65, 0x72, 0x30, 0x1e, 0x17,
			0x0d, 0x31, 0x36, 0x31, 0x32, 0x32, 0x36, 0x31,
			0x34, 0x34, 0x37, 0x34, 0x37, 0x5a, 0x17, 0x0d,
			0x32, 0x36, 0x31, 0x32, 0x32, 0x34, 0x31, 0x34,
			0x34, 0x37, 0x34, 0x37, 0x5a, 0x30, 0x14, 0x31,
			0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
			0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50,
			0x65, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06,
			0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
			0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30,
			0x48, 0x02, 0x41, 0x00, 0xb2, 0x84, 0x07, 0x49,
			0xc2, 0x88, 0xc7, 0xbf, 0xfb, 0x8a, 0x38, 0xd8,
			0x7c, 0x31, 0xb9, 0x91, 0xd9, 0x4d, 0xbe, 0x54,
			0x5d, 0x47, 0x42, 0xeb, 0x27, 0x2d, 0xf4, 0x9f,
			0x1c, 0xfa, 0xa4, 0x25, 0xfb, 0xc3, 0xcc, 0xb5,
			0x89, 0xe3, 0x54, 0xc6, 0xed, 0x07, 0x17, 0x93,
			0x1d, 0xab, 0x20, 0x95, 0x6d, 0x00, 0x5a, 0xce,
			0x53, 0xdc, 0x8d, 0x74, 0x56, 0x09, 0x2c, 0x0f,
			0xe1, 0xb2, 0xb6, 0xe3, 0x02, 0x03, 0x01, 0x00,
			0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06,
			0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
			0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, 0xa2,
			0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, 0x2a,
			0x21, 0x15, 0xc5, 0x47, 0x30, 0x1f, 0x06, 0x03,
			0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
			0x14, 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda,
			0xa2, 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3,
			0x2a, 0x21, 0x15, 0xc5, 0x47, 0x30, 0x0c, 0x06,
			0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
			0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
			0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
			0x05, 0x00, 0x03, 0x41, 0x00, 0x1e, 0xcc, 0x4d,
			0x4b, 0xea, 0xcd, 0x51, 0x96, 0xe8, 0xa5, 0xe0,
			0xcc, 0x85, 0x52, 0x2f, 0x88, 0xe7, 0xd4, 0x99,
			0xe9, 0x43, 0x8c, 0x9a, 0xd3, 0xe7, 0xa4, 0x5c,
			0x54, 0x9a, 0x05, 0x37, 0x71, 0x9c, 0xd5, 0xc5,
			0x7c, 0x9d, 0x00, 0x07, 0x9b, 0xd6, 0x89, 0xb3,
			0xbd, 0x6e, 0x92, 0xc0, 0xbe, 0x30, 0xdd, 0x38,
			0x3f, 0x38, 0x74, 0x5a, 0xa9, 0x98, 0x5f, 0xd5,
			0xd7, 0xae, 0x76, 0x0f, 0x72, 0xa4, 0x1c, 0x04,
			0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
			0x78, 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a,
			0xa6, 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72,
			0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65,
			0x6e, 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67,
			0xa9, 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd,
			0xaa, 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56,
			0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
			0x31, 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68,
			0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
			0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
			0x32, 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39,
			0x38, 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41,
			0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31,
			0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
			0x31, 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a,
			0x20, 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70,
			0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34,
			0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31,




			0x34, 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20,
			0x33, 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79,
			0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
			0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
			0x31, 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68,
			0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30,
			0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
			0x30, 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31,
			0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75,
			0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
			0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
			0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35,
			0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
			0x32, 0x30, 0x31, 0x34, 0x0a,
		},
		.asn1_len = 725,
	},
	{
		.session = {
			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
			.timeout = -1,
		},
		.asn1 = {
			0x0,
		},
		.asn1_len = -1,
	},
	{
		.session = {
			.cipher_id = 0x03000000L | 1,
			.ssl_version = TLS1_2_VERSION,
			.time = -1,
		},
		.asn1 = {
			0x0,
		},
		.asn1_len = -1,
	},
};

#define N_SSL_ASN1_TESTS \
    (sizeof(ssl_asn1_tests) / sizeof(*ssl_asn1_tests))

static int
session_strcmp(const unsigned char *o1, const unsigned char *o2, size_t len)
{
	if (o1 == NULL && o2 == NULL)
		return (0);
	if (o1 == NULL || o2 == NULL)
		return (1);
	return memcmp(o1, o2, len);
}

static int
session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
{
	/* Compare the ASN.1 encoded values from two sessions. */
	if (s1->ssl_version != s2->ssl_version) {
		fprintf(stderr, "ssl_version differs: %i != %i\n",
		    s1->ssl_version, s2->ssl_version);
		return (1);
	}
	if (s1->cipher_id != s2->cipher_id) {
		fprintf(stderr, "cipher_id differs: %li != %li\n",
240
241
242
243
244
245
246
247

248
249
250
251
252
253
254
		fprintf(stderr, "timeout differs: %li != %li\n",
		    s1->timeout, s2->timeout);
		return (1);
	}

	/* Ensure that a certificate is or is not present in both. */
	if ((s1->peer != NULL || s2->peer != NULL) &&
	    (s1->peer == NULL || s2->peer == NULL)) {

		fprintf(stderr, "peer differs\n");
		return (1);
	}
	
	if (s1->verify_result != s2->verify_result) {
		fprintf(stderr, "verify_result differs: %li != %li\n",
		    s1->verify_result, s2->verify_result);







|
>







325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
		fprintf(stderr, "timeout differs: %li != %li\n",
		    s1->timeout, s2->timeout);
		return (1);
	}

	/* Ensure that a certificate is or is not present in both. */
	if ((s1->peer != NULL || s2->peer != NULL) &&
	    (s1->peer == NULL || s2->peer == NULL ||
	     X509_cmp(s1->peer, s2->peer) != 0)) {
		fprintf(stderr, "peer differs\n");
		return (1);
	}
	
	if (s1->verify_result != s2->verify_result) {
		fprintf(stderr, "verify_result differs: %li != %li\n",
		    s1->verify_result, s2->verify_result);
284
285
286
287
288
289
290



291
292
293
294
295
296




297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316






317
318
319
320
321
322
323
do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
{
	SSL_SESSION session, *sp = NULL;
	unsigned char *ap, *asn1 = NULL;
	const unsigned char *pp;
	int i, len, rv = 1;




	len = i2d_SSL_SESSION(&sat->session, NULL);
	if (len != sat->asn1_len) {
		fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
		    "want %i\n", test_no, len, sat->asn1_len);
		goto failed;
	}





	if ((asn1 = malloc(len)) == NULL)
		errx(1, "failed to allocate memory");

	ap = asn1;
	len = i2d_SSL_SESSION(&sat->session, &ap);
	if ((ap - asn1) > len) {
		fprintf(stderr, "FAIL: test %i overflowed ticket buffer "
		    "(%i > %i)\n", test_no, (int)(ap - asn1), len);
		goto failed;
	}

	/*
	 * Length *should* be the same, but check it again since the code
	 * path is different.
	 */
	if (len != sat->asn1_len) {
		fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
		    "want %i\n", test_no, len, sat->asn1_len);
		goto failed;






	}

	if (memcmp(asn1, &sat->asn1, len) != 0) {
		fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no);
		fprintf(stderr, "encoding:\n");
		for (i = 1; i <= len; i++) {
			fprintf(stderr, " 0x%02hhx,", asn1[i - 1]);







>
>
>






>
>
>
>






<
<
<
<
|
<
<
<
|
<




>
>
>
>
>
>







370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395




396



397

398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
{
	SSL_SESSION session, *sp = NULL;
	unsigned char *ap, *asn1 = NULL;
	const unsigned char *pp;
	int i, len, rv = 1;

	if (sat->peer_cert)
		sat->session.peer = peer_cert;

	len = i2d_SSL_SESSION(&sat->session, NULL);
	if (len != sat->asn1_len) {
		fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
		    "want %i\n", test_no, len, sat->asn1_len);
		goto failed;
	}

	/* See if the test is expected to fail... */
	if (sat->asn1_len == -1)
		return (0);

	if ((asn1 = malloc(len)) == NULL)
		errx(1, "failed to allocate memory");

	ap = asn1;
	len = i2d_SSL_SESSION(&sat->session, &ap);








	/* Check the length again since the code path is different. */

	if (len != sat->asn1_len) {
		fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
		    "want %i\n", test_no, len, sat->asn1_len);
		goto failed;
	}
	/* ap should now point at the end of the buffer. */
	if (ap - asn1 != len) {
		fprintf(stderr, "FAIL: test %i pointer increment does not "
		    "match length (%i != %i)\n", test_no, (int)(ap - asn1), len);
		goto failed;
	}

	if (memcmp(asn1, &sat->asn1, len) != 0) {
		fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no);
		fprintf(stderr, "encoding:\n");
		for (i = 1; i <= len; i++) {
			fprintf(stderr, " 0x%02hhx,", asn1[i - 1]);
358
359
360
361
362
363
364

365
366
367
368
369








370
371
372



373
374
375

	return (rv);
}

int
main(int argc, char **argv)
{

	int failed = 0;
	size_t i;

	SSL_library_init();
	SSL_load_error_strings();









	for (i = 0; i < N_SSL_ASN1_TESTS; i++)
		failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]);




	return (failed);
}







>





>
>
>
>
>
>
>
>



>
>
>



449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478

	return (rv);
}

int
main(int argc, char **argv)
{
	BIO *bio = NULL;
	int failed = 0;
	size_t i;

	SSL_library_init();
	SSL_load_error_strings();

	bio = BIO_new_mem_buf(peer_cert_pem, -1);
	if (bio == NULL)
		errx(1, "failed to create bio");

	peer_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
	if (peer_cert == NULL)
		errx(1, "failed to read peer cert");

	for (i = 0; i < N_SSL_ASN1_TESTS; i++)
		failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]);

	X509_free(peer_cert);
	BIO_free(bio);

	return (failed);
}
Changes to jni/libressl/tests/asn1time.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: asn1time.c,v 1.7 2015/10/25 11:59:37 miod Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: asn1time.c,v 1.8 2015/12/28 14:18:38 bcook Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/tests/biotest.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: biotest.c,v 1.4 2014/07/11 08:48:52 bcook Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: biotest.c,v 1.5 2015/05/08 21:30:37 miod Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/tests/bntest.c.
80
81
82
83
84
85
86











87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106


107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

123
124











125
126
127
128
129
130
131
#include <string.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/x509.h>
#include <openssl/err.h>












const int num0 = 100; /* number of tests */
const int num1 = 50;  /* additional tests for some functions */
const int num2 = 5;   /* number of tests for slow functions */

int test_add(BIO *bp);
int test_sub(BIO *bp);
int test_lshift1(BIO *bp);
int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
int test_rshift1(BIO *bp);
int test_rshift(BIO *bp, BN_CTX *ctx);
int test_div(BIO *bp, BN_CTX *ctx);
int test_div_word(BIO *bp);
int test_div_recp(BIO *bp, BN_CTX *ctx);
int test_mul(BIO *bp);
int test_sqr(BIO *bp, BN_CTX *ctx);
int test_mont(BIO *bp, BN_CTX *ctx);
int test_mod(BIO *bp, BN_CTX *ctx);
int test_mod_mul(BIO *bp, BN_CTX *ctx);
int test_mod_exp(BIO *bp, BN_CTX *ctx);
int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);


int test_exp(BIO *bp, BN_CTX *ctx);
int test_gf2m_add(BIO *bp);
int test_gf2m_mod(BIO *bp);
int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
int test_kron(BIO *bp, BN_CTX *ctx);
int test_sqrt(BIO *bp, BN_CTX *ctx);
int test_mod_exp_sizes(BIO *bp, BN_CTX *ctx);
int rand_neg(void);
static int results = 0;


static const unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";












static void
message(BIO *out, char *m)
{
	fprintf(stderr, "test %s\n", m);
	BIO_puts(out, "print \"test ");
	BIO_puts(out, m);







>
>
>
>
>
>
>
>
>
>
>




















>
>












<



>
|
|
>
>
>
>
>
>
>
>
>
>
>







80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#include <string.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/x509.h>
#include <openssl/err.h>

int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);

const int num0 = 100; /* number of tests */
const int num1 = 50;  /* additional tests for some functions */
const int num2 = 5;   /* number of tests for slow functions */

int test_add(BIO *bp);
int test_sub(BIO *bp);
int test_lshift1(BIO *bp);
int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
int test_rshift1(BIO *bp);
int test_rshift(BIO *bp, BN_CTX *ctx);
int test_div(BIO *bp, BN_CTX *ctx);
int test_div_word(BIO *bp);
int test_div_recp(BIO *bp, BN_CTX *ctx);
int test_mul(BIO *bp);
int test_sqr(BIO *bp, BN_CTX *ctx);
int test_mont(BIO *bp, BN_CTX *ctx);
int test_mod(BIO *bp, BN_CTX *ctx);
int test_mod_mul(BIO *bp, BN_CTX *ctx);
int test_mod_exp(BIO *bp, BN_CTX *ctx);
int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
int test_mod_exp_sizes(BIO *bp, BN_CTX *ctx);
int test_exp(BIO *bp, BN_CTX *ctx);
int test_gf2m_add(BIO *bp);
int test_gf2m_mod(BIO *bp);
int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
int test_kron(BIO *bp, BN_CTX *ctx);
int test_sqrt(BIO *bp, BN_CTX *ctx);

int rand_neg(void);
static int results = 0;

static unsigned char lst[] =
	"\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
	"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";

#define PRINT_ERROR printf("Error in %s [%s:%d]\n", __func__, __FILE__,	\
		__LINE__)

#define CHECK_GOTO(a) do {						\
	if (!(a)) {							\
		PRINT_ERROR;						\
		rc = 0;							\
		goto err;						\
	}								\
} while (0)

static void
message(BIO *out, char *m)
{
	fprintf(stderr, "test %s\n", m);
	BIO_puts(out, "print \"test ");
	BIO_puts(out, m);
255
256
257
258
259
260
261





262
263
264
265
266
267
268
		goto err;
	(void)BIO_flush(out);

	message(out, "BN_mod_exp_mont_consttime");
	if (!test_mod_exp_mont_consttime(out, ctx))
		goto err;
	(void)BIO_flush(out);






	message(out, "BN_exp");
	if (!test_exp(out, ctx))
		goto err;
	(void)BIO_flush(out);

	message(out, "BN_kronecker");







>
>
>
>
>







279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
		goto err;
	(void)BIO_flush(out);

	message(out, "BN_mod_exp_mont_consttime");
	if (!test_mod_exp_mont_consttime(out, ctx))
		goto err;
	(void)BIO_flush(out);

	message(out, "BN_mod_exp_mont5");
	if (!test_mod_exp_mont5(out, ctx))
		goto err;
	(void)BIO_flush(out);

	message(out, "BN_exp");
	if (!test_exp(out, ctx))
		goto err;
	(void)BIO_flush(out);

	message(out, "BN_kronecker");
325
326
327
328
329
330
331
332
333
334
335
336

337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429

430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447








448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487

488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
	if (!test_gf2m_mod_solve_quad(out, ctx))
		goto err;
	(void)BIO_flush(out);
#endif
	BN_CTX_free(ctx);
	BIO_free(out);


	exit(0);
err:
	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
	                      * the failure, see test_bn in test/Makefile.ssl*/

	(void)BIO_flush(out);
	ERR_load_crypto_strings();
	ERR_print_errors_fp(stderr);
	exit(1);
}

int
test_add(BIO *bp)
{
	BIGNUM a, b, c;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);

	BN_bntest_rand(&a, 512, 0, 0);
	for (i = 0; i < num0; i++) {
		BN_bntest_rand(&b, 450 + i, 0, 0);
		a.neg = rand_neg();
		b.neg = rand_neg();
		BN_add(&c, &a, &b);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " + ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &c);
			BIO_puts(bp, "\n");
		}
		a.neg=!a.neg;
		b.neg=!b.neg;
		BN_add(&c, &c, &b);
		BN_add(&c, &c, &a);
		if (!BN_is_zero(&c)) {
			fprintf(stderr, "Add test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	return (rc);
}

int
test_sub(BIO *bp)
{
	BIGNUM a, b, c;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);

	for (i = 0; i < num0 + num1; i++) {
		if (i < num1) {
			BN_bntest_rand(&a, 512, 0, 0);
			BN_copy(&b, &a);
			if (BN_set_bit(&a, i) == 0) {
				rc = 0;
				break;
			}
			BN_add_word(&b, i);
		} else {
			BN_bntest_rand(&b, 400 + i - num1, 0, 0);
			a.neg = rand_neg();
			b.neg = rand_neg();
		}
		BN_sub(&c, &a, &b);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " - ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &c);
			BIO_puts(bp, "\n");
		}
		BN_add(&c, &c, &b);
		BN_sub(&c, &c, &a);
		if (!BN_is_zero(&c)) {
			fprintf(stderr, "Subtract test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	return (rc);
}

int
test_div(BIO *bp, BN_CTX *ctx)
{
	BIGNUM a, b,c, d, e;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&e);









	for (i = 0; i < num0 + num1; i++) {
		if (i < num1) {
			BN_bntest_rand(&a, 400, 0, 0);
			BN_copy(&b, &a);
			BN_lshift(&a, &a, i);
			BN_add_word(&a, i);
		} else
			BN_bntest_rand(&b, 50 + 3*(i - num1), 0, 0);
		a.neg = rand_neg();
		b.neg = rand_neg();
		BN_div(&d, &c, &a, &b, ctx);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " / ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &d);
			BIO_puts(bp, "\n");

			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " % ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &c);
			BIO_puts(bp, "\n");
		}
		BN_mul(&e, &d, &b, ctx);
		BN_add(&d, &e, &c);
		BN_sub(&d, &d, &a);
		if (!BN_is_zero(&d)) {
			fprintf(stderr, "Division test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&e);
	return (rc);
}

static void
print_word(BIO *bp, BN_ULONG w)
{
#ifdef SIXTY_FOUR_BIT
	if (sizeof(w) > sizeof(unsigned long)) {
		unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);

		if (h)
			BIO_printf(bp, "%lX%08lX",h,l);
		else
			BIO_printf(bp, "%lX",l);
		return;
	}
#endif
	BIO_printf(bp, BN_HEX_FMT1, w);
}

int
test_div_word(BIO *bp)
{
	BIGNUM   a, b;
	BN_ULONG r, rmod, s = 0;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);








<


|
|
>

















|

|


|


|

|


|


|
|
|
|






>



















|
|




|

|



|


|

|


|


|
|






>









|








>
>
>
>
>
>
>
>



|
|
|
|

|


|


|

|


|



|

|


|


|
|
|






>
















|

|









|







354
355
356
357
358
359
360

361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
	if (!test_gf2m_mod_solve_quad(out, ctx))
		goto err;
	(void)BIO_flush(out);
#endif
	BN_CTX_free(ctx);
	BIO_free(out);


	exit(0);
err:
	BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc notices
	                       * the failure, see test_bn in test/Makefile.ssl*/

	(void)BIO_flush(out);
	ERR_load_crypto_strings();
	ERR_print_errors_fp(stderr);
	exit(1);
}

int
test_add(BIO *bp)
{
	BIGNUM a, b, c;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);

	CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0));
	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(&b, 450 + i, 0, 0));
		a.neg = rand_neg();
		b.neg = rand_neg();
		CHECK_GOTO(BN_add(&c, &a, &b));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " + ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &c));
			BIO_puts(bp, "\n");
		}
		a.neg = !a.neg;
		b.neg = !b.neg;
		CHECK_GOTO(BN_add(&c, &c, &b));
		CHECK_GOTO(BN_add(&c, &c, &a));
		if (!BN_is_zero(&c)) {
			fprintf(stderr, "Add test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	return (rc);
}

int
test_sub(BIO *bp)
{
	BIGNUM a, b, c;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);

	for (i = 0; i < num0 + num1; i++) {
		if (i < num1) {
			CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0));
			CHECK_GOTO(BN_copy(&b, &a));
			if (BN_set_bit(&a, i) == 0) {
				rc = 0;
				break;
			}
			CHECK_GOTO(BN_add_word(&b, i));
		} else {
			CHECK_GOTO(BN_bntest_rand(&b, 400 + i - num1, 0, 0));
			a.neg = rand_neg();
			b.neg = rand_neg();
		}
		CHECK_GOTO(BN_sub(&c, &a, &b));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " - ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &c));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_add(&c, &c, &b));
		CHECK_GOTO(BN_sub(&c, &c, &a));
		if (!BN_is_zero(&c)) {
			fprintf(stderr, "Subtract test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	return (rc);
}

int
test_div(BIO *bp, BN_CTX *ctx)
{
	BIGNUM a, b, c, d, e;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&e);

	CHECK_GOTO(BN_one(&a));
	CHECK_GOTO(BN_zero(&b));

	if (BN_div(&d, &c, &a, &b, ctx)) {
		fprintf(stderr, "Division by zero succeeded!\n");
		return (0);
	}

	for (i = 0; i < num0 + num1; i++) {
		if (i < num1) {
			CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0));
			CHECK_GOTO(BN_copy(&b, &a));
			CHECK_GOTO(BN_lshift(&a, &a, i));
			CHECK_GOTO(BN_add_word(&a, i));
		} else
			CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0));
		a.neg = rand_neg();
		b.neg = rand_neg();
		CHECK_GOTO(BN_div(&d, &c, &a, &b, ctx));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " / ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &d));
			BIO_puts(bp, "\n");

			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &c));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_mul(&e, &d, &b, ctx));
		CHECK_GOTO(BN_add(&d, &e, &c));
		CHECK_GOTO(BN_sub(&d, &d, &a));
		if (!BN_is_zero(&d)) {
			fprintf(stderr, "Division test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&e);
	return (rc);
}

static void
print_word(BIO *bp, BN_ULONG w)
{
#ifdef SIXTY_FOUR_BIT
	if (sizeof(w) > sizeof(unsigned long)) {
		unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);

		if (h)
			BIO_printf(bp, "%lX%08lX", h, l);
		else
			BIO_printf(bp, "%lX", l);
		return;
	}
#endif
	BIO_printf(bp, BN_HEX_FMT1, w);
}

int
test_div_word(BIO *bp)
{
	BIGNUM a, b;
	BN_ULONG r, rmod, s = 0;
	int i;
	int rc = 1;

	BN_init(&a);
	BN_init(&b);

548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580

581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645

646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699

700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819












820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857

858
859
860
861
862
863
864
			fprintf(stderr, "Mod (word) test failed!\n");
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " / ");
				print_word(bp, s);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &b);
			BIO_puts(bp, "\n");

			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " % ");
				print_word(bp, s);
				BIO_puts(bp, " - ");
			}
			print_word(bp, r);
			BIO_puts(bp, "\n");
		}
		BN_mul_word(&b, s);
		BN_add_word(&b, r);
		BN_sub(&b, &a, &b);
		if (!BN_is_zero(&b)) {
			fprintf(stderr, "Division (word) test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(&a);
	BN_free(&b);
	return (rc);
}

int
test_div_recp(BIO *bp, BN_CTX *ctx)
{
	BIGNUM a, b,c, d, e;
	BN_RECP_CTX recp;
	int i;
	int rc = 1;

	BN_RECP_CTX_init(&recp);
	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&e);

	for (i = 0; i < num0 + num1; i++) {
		if (i < num1) {
			BN_bntest_rand(&a, 400, 0, 0);
			BN_copy(&b, &a);
			BN_lshift(&a, &a, i);
			BN_add_word(&a, i);
		} else
			BN_bntest_rand(&b, 50 + 3*(i - num1), 0, 0);
		a.neg = rand_neg();
		b.neg = rand_neg();
		BN_RECP_CTX_set(&recp, &b, ctx);
		BN_div_recp(&d, &c, &a, &recp, ctx);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " / ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &d);
			BIO_puts(bp, "\n");

			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " % ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &c);
			BIO_puts(bp, "\n");
		}
		BN_mul(&e, &d, &b, ctx);
		BN_add(&d, &e, &c);
		BN_sub(&d, &d, &a);
		if (!BN_is_zero(&d)) {
			fprintf(stderr, "Reciprocal division test failed!\n");
			fprintf(stderr, "a=");
			BN_print_fp(stderr, &a);
			fprintf(stderr, "\nb=");
			BN_print_fp(stderr, &b);
			fprintf(stderr, "\n");
			rc = 0;
			break;
		}
	}

	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&e);
	BN_RECP_CTX_free(&recp);
	return (rc);
}

int
test_mul(BIO *bp)
{
	BIGNUM a, b,c, d, e;
	int i;
	int rc = 1;
	BN_CTX *ctx;

	ctx = BN_CTX_new();
	if (ctx == NULL)
		exit(1);

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&e);

	for (i = 0; i < num0 + num1; i++) {
		if (i <= num1) {
			BN_bntest_rand(&a, 100, 0, 0);
			BN_bntest_rand(&b, 100, 0, 0);
		} else
			BN_bntest_rand(&b, i - num1, 0, 0);
		a.neg = rand_neg();
		b.neg = rand_neg();
		BN_mul(&c, &a, &b, ctx);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " * ");
				BN_print(bp, &b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &c);
			BIO_puts(bp, "\n");
		}
		BN_div(&d, &e, &c, &a, ctx);
		BN_sub(&d, &d, &b);
		if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
			fprintf(stderr, "Multiplication test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&e);
	BN_CTX_free(ctx);
	return (rc);
}

int
test_sqr(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *c, *d, *e;
	int i, ret = 0;

	a = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 40 + i * 10, 0, 0);
		a->neg = rand_neg();
		BN_sqr(c, a, ctx);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " * ");
				BN_print(bp, a);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, c);
			BIO_puts(bp, "\n");
		}
		BN_div(d, e, c, a, ctx);
		BN_sub(d, d, a);
		if (!BN_is_zero(d) || !BN_is_zero(e)) {
			fprintf(stderr, "Square test failed!\n");
			goto err;
		}
	}

	/* Regression test for a BN_sqr overflow bug. */
	if (!BN_hex2bn(&a, "80000000000000008000000000000001"
	    "FFFFFFFFFFFFFFFE0000000000000000")) {
		fprintf(stderr, "BN_hex2bn failed\n");
		goto err;
	}
	BN_sqr(c, a, ctx);
	if (bp != NULL) {
		if (!results) {
			BN_print(bp, a);
			BIO_puts(bp, " * ");
			BN_print(bp, a);
			BIO_puts(bp, " - ");
		}
		BN_print(bp, c);
		BIO_puts(bp, "\n");
	}
	BN_mul(d, a, a, ctx);
	if (BN_cmp(c, d)) {
		fprintf(stderr,
		    "Square test failed: BN_sqr and BN_mul produce "
		    "different results!\n");
		goto err;
	}

	/* Regression test for a BN_sqr overflow bug. */
	if (!BN_hex2bn(&a, "80000000000000000000000080000001"
	    "FFFFFFFE000000000000000000000000")) {
		fprintf(stderr, "BN_hex2bn failed\n");
		goto err;
	}
	BN_sqr(c, a, ctx);
	if (bp != NULL) {
		if (!results) {
			BN_print(bp, a);
			BIO_puts(bp, " * ");
			BN_print(bp, a);
			BIO_puts(bp, " - ");
		}
		BN_print(bp, c);
		BIO_puts(bp, "\n");
	}
	BN_mul(d, a, a, ctx);
	if (BN_cmp(c, d)) {
		fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
				"different results!\n");
		goto err;
	}
	ret = 1;
 err:
	BN_free(a);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return ret;
}

int
test_mont(BIO *bp, BN_CTX *ctx)
{
	BIGNUM a, b,c, d,A, B;
	BIGNUM n;
	int i;
	int rc = 1;
	BN_MONT_CTX *mont;

	mont = BN_MONT_CTX_new();
	if (mont == NULL)
		return 0;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&A);
	BN_init(&B);
	BN_init(&n);













	BN_bntest_rand(&a,100,0,0);
	BN_bntest_rand(&b,100,0,0);
	for (i = 0; i < num2; i++) {
		int bits = (200*(i + 1))/num2;

		if (bits == 0)
			continue;
		BN_bntest_rand(&n, bits, 0, 1);
		(void)BN_MONT_CTX_set(mont, &n, ctx);

		BN_nnmod(&a, &a, &n, ctx);
		BN_nnmod(&b, &b, &n, ctx);

		BN_to_montgomery(&A, &a, mont, ctx);
		BN_to_montgomery(&B, &b, mont, ctx);

		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);
		BN_from_montgomery(&A,&c,mont,ctx);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " * ");
				BN_print(bp, &b);
				BIO_puts(bp, " % ");
				BN_print(bp, &(mont->N));
				BIO_puts(bp, " - ");
			}
			BN_print(bp, &A);
			BIO_puts(bp, "\n");
		}
		BN_mod_mul(&d, &a, &b, &n, ctx);
		BN_sub(&d, &d, &A);
		if (!BN_is_zero(&d)) {
			fprintf(stderr, "Montgomery multiplication test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_MONT_CTX_free(mont);
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&A);
	BN_free(&B);







|




|



|







|
|
|






>








|













|
|
|
|

|


|
|


|

|


|



|

|


|


|
|
|



|

|





>












|
















|
|

|


|


|

|


|


|
|






>













|







|

|


|

|


|


|
|












|


|

|


|


|













|


|

|


|


|





|
|




|





|

















>
>
>
>
>
>
>
>
>
>
>
>
|
|

|



|
|

|
|

|
|

|
|


|

|

|


|


|
|






>







588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
			fprintf(stderr, "Mod (word) test failed!\n");
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " / ");
				print_word(bp, s);
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &b));
			BIO_puts(bp, "\n");

			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " % ");
				print_word(bp, s);
				BIO_puts(bp, " - ");
			}
			print_word(bp, r);
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_mul_word(&b, s));
		CHECK_GOTO(BN_add_word(&b, r));
		CHECK_GOTO(BN_sub(&b, &a, &b));
		if (!BN_is_zero(&b)) {
			fprintf(stderr, "Division (word) test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(&a);
	BN_free(&b);
	return (rc);
}

int
test_div_recp(BIO *bp, BN_CTX *ctx)
{
	BIGNUM a, b, c, d, e;
	BN_RECP_CTX recp;
	int i;
	int rc = 1;

	BN_RECP_CTX_init(&recp);
	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&e);

	for (i = 0; i < num0 + num1; i++) {
		if (i < num1) {
			CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0));
			CHECK_GOTO(BN_copy(&b, &a));
			CHECK_GOTO(BN_lshift(&a, &a, i));
			CHECK_GOTO(BN_add_word(&a, i));
		} else
			CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0));
		a.neg = rand_neg();
		b.neg = rand_neg();
		CHECK_GOTO(BN_RECP_CTX_set(&recp, &b, ctx));
		CHECK_GOTO(BN_div_recp(&d, &c, &a, &recp, ctx));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " / ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &d));
			BIO_puts(bp, "\n");

			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &c));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_mul(&e, &d, &b, ctx));
		CHECK_GOTO(BN_add(&d, &e, &c));
		CHECK_GOTO(BN_sub(&d, &d, &a));
		if (!BN_is_zero(&d)) {
			fprintf(stderr, "Reciprocal division test failed!\n");
			fprintf(stderr, "a=");
			CHECK_GOTO(BN_print_fp(stderr, &a));
			fprintf(stderr, "\nb=");
			CHECK_GOTO(BN_print_fp(stderr, &b));
			fprintf(stderr, "\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&e);
	BN_RECP_CTX_free(&recp);
	return (rc);
}

int
test_mul(BIO *bp)
{
	BIGNUM a, b, c, d, e;
	int i;
	int rc = 1;
	BN_CTX *ctx;

	ctx = BN_CTX_new();
	if (ctx == NULL)
		exit(1);

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&e);

	for (i = 0; i < num0 + num1; i++) {
		if (i <= num1) {
			CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0));
			CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0));
		} else
			CHECK_GOTO(BN_bntest_rand(&b, i - num1, 0, 0));
		a.neg = rand_neg();
		b.neg = rand_neg();
		CHECK_GOTO(BN_mul(&c, &a, &b, ctx));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " * ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &c));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_div(&d, &e, &c, &a, ctx));
		CHECK_GOTO(BN_sub(&d, &d, &b));
		if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
			fprintf(stderr, "Multiplication test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&e);
	BN_CTX_free(ctx);
	return (rc);
}

int
test_sqr(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *c, *d, *e;
	int i, rc = 0;

	a = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 40 + i * 10, 0, 0));
		a->neg = rand_neg();
		CHECK_GOTO(BN_sqr(c, a, ctx));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " * ");
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, c));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_div(d, e, c, a, ctx));
		CHECK_GOTO(BN_sub(d, d, a));
		if (!BN_is_zero(d) || !BN_is_zero(e)) {
			fprintf(stderr, "Square test failed!\n");
			goto err;
		}
	}

	/* Regression test for a BN_sqr overflow bug. */
	if (!BN_hex2bn(&a, "80000000000000008000000000000001"
	    "FFFFFFFFFFFFFFFE0000000000000000")) {
		fprintf(stderr, "BN_hex2bn failed\n");
		goto err;
	}
	CHECK_GOTO(BN_sqr(c, a, ctx));
	if (bp != NULL) {
		if (!results) {
			CHECK_GOTO(BN_print(bp, a));
			BIO_puts(bp, " * ");
			CHECK_GOTO(BN_print(bp, a));
			BIO_puts(bp, " - ");
		}
		CHECK_GOTO(BN_print(bp, c));
		BIO_puts(bp, "\n");
	}
	CHECK_GOTO(BN_mul(d, a, a, ctx));
	if (BN_cmp(c, d)) {
		fprintf(stderr,
		    "Square test failed: BN_sqr and BN_mul produce "
		    "different results!\n");
		goto err;
	}

	/* Regression test for a BN_sqr overflow bug. */
	if (!BN_hex2bn(&a, "80000000000000000000000080000001"
	    "FFFFFFFE000000000000000000000000")) {
		fprintf(stderr, "BN_hex2bn failed\n");
		goto err;
	}
	CHECK_GOTO(BN_sqr(c, a, ctx));
	if (bp != NULL) {
		if (!results) {
			CHECK_GOTO(BN_print(bp, a));
			BIO_puts(bp, " * ");
			CHECK_GOTO(BN_print(bp, a));
			BIO_puts(bp, " - ");
		}
		CHECK_GOTO(BN_print(bp, c));
		BIO_puts(bp, "\n");
	}
	CHECK_GOTO(BN_mul(d, a, a, ctx));
	if (BN_cmp(c, d)) {
		fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
				"different results!\n");
		goto err;
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return rc;
}

int
test_mont(BIO *bp, BN_CTX *ctx)
{
	BIGNUM a, b, c, d, A, B;
	BIGNUM n;
	int i;
	int rc = 1;
	BN_MONT_CTX *mont;

	mont = BN_MONT_CTX_new();
	if (mont == NULL)
		return 0;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);
	BN_init(&d);
	BN_init(&A);
	BN_init(&B);
	BN_init(&n);

	CHECK_GOTO(BN_zero(&n));
	if (BN_MONT_CTX_set(mont, &n, ctx)) {
		fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
		return (0);
	}

	CHECK_GOTO(BN_set_word(&n, 16));
	if (BN_MONT_CTX_set(mont, &n, ctx)) {
		fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
		return (0);
	}

	CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0));
	CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0));
	for (i = 0; i < num2; i++) {
		int bits = (200 * (i + 1)) / num2;

		if (bits == 0)
			continue;
		CHECK_GOTO(BN_bntest_rand(&n, bits, 0, 1));
		CHECK_GOTO(BN_MONT_CTX_set(mont, &n, ctx));

		CHECK_GOTO(BN_nnmod(&a, &a, &n, ctx));
		CHECK_GOTO(BN_nnmod(&b, &b, &n, ctx));

		CHECK_GOTO(BN_to_montgomery(&A, &a, mont, ctx));
		CHECK_GOTO(BN_to_montgomery(&B, &b, mont, ctx));

		CHECK_GOTO(BN_mod_mul_montgomery(&c, &A, &B, mont, ctx));
		CHECK_GOTO(BN_from_montgomery(&A, &c, mont, ctx));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " * ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, &(mont->N)));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, &A));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_mod_mul(&d, &a, &b, &n, ctx));
		CHECK_GOTO(BN_sub(&d, &d, &A));
		if (!BN_is_zero(&d)) {
			fprintf(stderr, "Montgomery multiplication test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_MONT_CTX_free(mont);
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	BN_free(&d);
	BN_free(&A);
	BN_free(&B);
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905

906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926








927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	BN_bntest_rand(a,1024,0,0);
	for (i = 0; i < num0; i++) {
		BN_bntest_rand(b,450+i*10,0,0);
		a->neg = rand_neg();
		b->neg = rand_neg();
		BN_mod(c,a,b,ctx);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " % ");
				BN_print(bp, b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, c);
			BIO_puts(bp, "\n");
		}
		BN_div(d, e,a, b, ctx);
		BN_sub(e, e, c);
		if (!BN_is_zero(e)) {
			fprintf(stderr, "Modulo test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}

int
test_mod_mul(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b, *c, *d, *e;
	int i, j;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();









	for (j = 0; j < 3; j++) {
		BN_bntest_rand(c,1024,0,0);
		for (i = 0; i < num0; i++) {
			BN_bntest_rand(a,475+i*10,0,0);
			BN_bntest_rand(b,425+i*11,0,0);
			a->neg = rand_neg();
			b->neg = rand_neg();
			if (!BN_mod_mul(e, a,b, c, ctx)) {
				unsigned long l;

				while ((l = ERR_get_error()))
					fprintf(stderr, "ERROR:%s\n",
					    ERR_error_string(l, NULL));
				exit(1);
			}
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " * ");
					BN_print(bp, b);
					BIO_puts(bp, " % ");
					BN_print(bp, c);
					if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
						/* If  (a*b) % c  is negative,  c  must be added
						 * in order to obtain the normalized remainder
						 * (new with OpenSSL 0.9.7, previous versions of
						 * BN_mod_mul could generate negative results)
						 */
						BIO_puts(bp, " + ");
						BN_print(bp, c);
					}
					BIO_puts(bp, " - ");
				}
				BN_print(bp, e);
				BIO_puts(bp, "\n");
			}
			BN_mul(d, a,b, ctx);
			BN_sub(d, d, e);
			BN_div(a, b,d, c, ctx);
			if (!BN_is_zero(b)) {
				fprintf(stderr, "Modulo multiply test failed!\n");
				ERR_print_errors_fp(stderr);
				rc = 0;
				goto done;
			}
		}
	}
done:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}







|

|


|


|

|


|


|
|






>





















>
>
>
>
>
>
>
>

|

|
|


|









|

|

|







|



|


|
|
|




|



|







931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(b, 450 + i * 10, 0, 0));
		a->neg = rand_neg();
		b->neg = rand_neg();
		CHECK_GOTO(BN_mod(c, a, b, ctx));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, c));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_div(d, e, a, b, ctx));
		CHECK_GOTO(BN_sub(e, e, c));
		if (!BN_is_zero(e)) {
			fprintf(stderr, "Modulo test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}

int
test_mod_mul(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b, *c, *d, *e;
	int i, j;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	CHECK_GOTO(BN_one(a));
	CHECK_GOTO(BN_one(b));
	CHECK_GOTO(BN_zero(c));
	if (BN_mod_mul(e, a, b, c, ctx)) {
		fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
		return (0);
	}

	for (j = 0; j < 3; j++) {
		CHECK_GOTO(BN_bntest_rand(c, 1024, 0, 0));
		for (i = 0; i < num0; i++) {
			CHECK_GOTO(BN_bntest_rand(a, 475 + i * 10, 0, 0));
			CHECK_GOTO(BN_bntest_rand(b, 425 + i * 11, 0, 0));
			a->neg = rand_neg();
			b->neg = rand_neg();
			if (!BN_mod_mul(e, a, b, c, ctx)) {
				unsigned long l;

				while ((l = ERR_get_error()))
					fprintf(stderr, "ERROR:%s\n",
					    ERR_error_string(l, NULL));
				exit(1);
			}
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " * ");
					CHECK_GOTO(BN_print(bp, b));
					BIO_puts(bp, " % ");
					CHECK_GOTO(BN_print(bp, c));
					if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
						/* If  (a*b) % c  is negative,  c  must be added
						 * in order to obtain the normalized remainder
						 * (new with OpenSSL 0.9.7, previous versions of
						 * BN_mod_mul could generate negative results)
						 */
						BIO_puts(bp, " + ");
						CHECK_GOTO(BN_print(bp, c));
					}
					BIO_puts(bp, " - ");
				}
				CHECK_GOTO(BN_print(bp, e));
				BIO_puts(bp, "\n");
			}
			CHECK_GOTO(BN_mul(d, a, b, ctx));
			CHECK_GOTO(BN_sub(d, d, e));
			CHECK_GOTO(BN_div(a, b, d, c, ctx));
			if (!BN_is_zero(b)) {
				fprintf(stderr, "Modulo multiply test failed!\n");
				ERR_print_errors_fp(stderr);
				rc = 0;
				goto err;
			}
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}
989
990
991
992
993
994
995
















996
997
998
999
1000
1001
































































1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026

1027
1028
1029
1030
1031
1032
1033

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

















	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
	for (i = 0; i < num2; i++) {
		BN_bntest_rand(a,20+i*5,0,0);
		BN_bntest_rand(b,2+i,0,0);

		if (!BN_mod_exp(d, a,b, c, ctx)) {
































































			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " ^ ");
				BN_print(bp, b);
				BIO_puts(bp, " % ");
				BN_print(bp, c);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, d);
			BIO_puts(bp, "\n");
		}
		BN_exp(e, a,b, ctx);
		BN_sub(e, e, d);
		BN_div(a, b,e, c, ctx);
		if (!BN_is_zero(b)) {
			fprintf(stderr, "Modulo exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

|
|

|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>






|

|

|


|


|
|
|






>







1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	CHECK_GOTO(BN_one(a));
	CHECK_GOTO(BN_one(b));
	CHECK_GOTO(BN_zero(c));
	if (BN_mod_exp(d, a, b, c, ctx)) {
		fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
		return (0);
	}
	if (BN_mod_exp_ct(d, a, b, c, ctx)) {
		fprintf(stderr, "BN_mod_exp_ct with zero modulus succeeded!\n");
		return (0);
	}
	if (BN_mod_exp_nonct(d, a, b, c, ctx)) {
		fprintf(stderr, "BN_mod_exp_nonct with zero modulus succeeded!\n");
		return (0);
	}

	CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
	for (i = 0; i < num2; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
		CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));

		if (!BN_mod_exp(d, a, b, c, ctx)) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " ^ ");
				CHECK_GOTO(BN_print(bp, b));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, c));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, d));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_exp(e, a, b, ctx));
		CHECK_GOTO(BN_sub(e, e, d));
		CHECK_GOTO(BN_div(a, b, e, c, ctx));
		if (!BN_is_zero(b)) {
			fprintf(stderr, "Modulo exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}

	CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
	for (i = 0; i < num2; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
		CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));

		if (!BN_mod_exp_ct(d, a, b, c, ctx)) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " ^ ");
				CHECK_GOTO(BN_print(bp, b));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, c));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, d));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_exp(e, a, b, ctx));
		CHECK_GOTO(BN_sub(e, e, d));
		CHECK_GOTO(BN_div(a, b, e, c, ctx));
		if (!BN_is_zero(b)) {
			fprintf(stderr, "Modulo exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}

	CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
	for (i = 0; i < num2; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
		CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));

		if (!BN_mod_exp_nonct(d, a, b, c, ctx)) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " ^ ");
				CHECK_GOTO(BN_print(bp, b));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, c));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, d));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_exp(e, a, b, ctx));
		CHECK_GOTO(BN_sub(e, e, d));
		CHECK_GOTO(BN_div(a, b, e, c, ctx));
		if (!BN_is_zero(b)) {
			fprintf(stderr, "Modulo exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}
1041
1042
1043
1044
1045
1046
1047


















1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078

1079
1080
1081
1082
1083
1084
1085














































































































































































1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129

1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168

1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639

1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707

1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();



















	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
	for (i = 0; i < num2; i++) {
		BN_bntest_rand(a,20+i*5,0,0);
		BN_bntest_rand(b,2+i,0,0);

		if (!BN_mod_exp_mont_consttime(d, a,b, c,ctx, NULL)) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " ^ ");
				BN_print(bp, b);
				BIO_puts(bp, " % ");
				BN_print(bp, c);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, d);
			BIO_puts(bp, "\n");
		}
		BN_exp(e, a,b, ctx);
		BN_sub(e, e, d);
		BN_div(a, b,e, c, ctx);
		if (!BN_is_zero(b)) {
			fprintf(stderr, "Modulo exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}















































































































































































int
test_exp(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b, *d, *e, *one;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	d = BN_new();
	e = BN_new();
	one = BN_new();
	BN_one(one);

	for (i = 0; i < num2; i++) {
		BN_bntest_rand(a,20+i*5,0,0);
		BN_bntest_rand(b,2+i,0,0);

		if (BN_exp(d, a,b, ctx) <= 0) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " ^ ");
				BN_print(bp, b);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, d);
			BIO_puts(bp, "\n");
		}
		BN_one(e);
		for (; !BN_is_zero(b); BN_sub(b, b, one))
			BN_mul(e, e,a, ctx);
		BN_sub(e, e, d);
		if (!BN_is_zero(e)) {
			fprintf(stderr, "Exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(a);
	BN_free(b);
	BN_free(d);
	BN_free(e);
	BN_free(one);
	return (rc);
}

#ifndef OPENSSL_NO_EC2M
int
test_gf2m_add(BIO *bp)
{
	BIGNUM a, b, c;
	int i, ret = 0;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);

	for (i = 0; i < num0; i++) {
		BN_rand(&a, 512, 0, 0);
		BN_copy(&b, BN_value_one());
		a.neg = rand_neg();
		b.neg = rand_neg();
		BN_GF2m_add(&c, &a, &b);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, &a);
				BIO_puts(bp, " ^ ");
				BN_print(bp, &b);
				BIO_puts(bp, " = ");
			}
			BN_print(bp, &c);
			BIO_puts(bp, "\n");
		}
#endif
		/* Test that two added values have the correct parity. */
		if ((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c))) {

			fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
			goto err;
		}
		BN_GF2m_add(&c, &c, &c);
		/* Test that c + c = 0. */
		if (!BN_is_zero(&c)) {
			fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
			goto err;
		}
	}
	ret = 1;
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	return ret;
}

int
test_gf2m_mod(BIO *bp)
{
	BIGNUM *a, *b[2], *c, *d, *e;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 1024, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod(c, a, b[j]);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " % ");
					BN_print(bp, b[j]);
					BIO_puts(bp, " - ");
					BN_print(bp, c);
					BIO_puts(bp, "\n");
				}
			}
#endif
			BN_GF2m_add(d, a, c);
			BN_GF2m_mod(e, d, b[j]);
			/* Test that a + (a mod p) mod p == 0. */
			if (!BN_is_zero(e)) {
				fprintf(stderr, "GF(2^m) modulo test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return ret;
}

int
test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();
	g = BN_new();
	h = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 1024, 0, 0);
		BN_bntest_rand(c, 1024, 0, 0);
		BN_bntest_rand(d, 1024, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod_mul(e, a, c, b[j], ctx);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " * ");
					BN_print(bp, c);
					BIO_puts(bp, " % ");
					BN_print(bp, b[j]);
					BIO_puts(bp, " - ");
					BN_print(bp, e);
					BIO_puts(bp, "\n");
				}
			}
#endif
			BN_GF2m_add(f, a, d);
			BN_GF2m_mod_mul(g, f, c, b[j], ctx);
			BN_GF2m_mod_mul(h, d, c, b[j], ctx);
			BN_GF2m_add(f, e, g);
			BN_GF2m_add(f, f, h);
			/* Test that (a+d)*c = a*c + d*c. */
			if (!BN_is_zero(f)) {
				fprintf(stderr, "GF(2^m) modular multiplication test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	BN_free(g);
	BN_free(h);
	return ret;
}

int
test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 1024, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod_sqr(c, a, b[j], ctx);
			BN_copy(d, a);
			BN_GF2m_mod_mul(d, a, d, b[j], ctx);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " ^ 2 % ");
					BN_print(bp, b[j]);
					BIO_puts(bp, " = ");
					BN_print(bp, c);
					BIO_puts(bp, "; a * a = ");
					BN_print(bp, d);
					BIO_puts(bp, "\n");
				}
			}
#endif
			BN_GF2m_add(d, c, d);
			/* Test that a*a = a^2. */
			if (!BN_is_zero(d)) {
				fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	return ret;
}

int
test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod_inv(c, a, b[j], ctx);
			BN_GF2m_mod_mul(d, a, c, b[j], ctx);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " * ");
					BN_print(bp, c);
					BIO_puts(bp, " - 1 % ");
					BN_print(bp, b[j]);
					BIO_puts(bp, "\n");
				}
			}
#endif
			/* Test that ((1/a)*a) = 1. */
			if (!BN_is_one(d)) {
				fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	return ret;
}

int
test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		BN_bntest_rand(c, 512, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod_div(d, a, c, b[j], ctx);
			BN_GF2m_mod_mul(e, d, c, b[j], ctx);
			BN_GF2m_mod_div(f, a, e, b[j], ctx);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " = ");
					BN_print(bp, c);
					BIO_puts(bp, " * ");
					BN_print(bp, d);
					BIO_puts(bp, " % ");
					BN_print(bp, b[j]);
					BIO_puts(bp, "\n");
				}
			}
#endif
			/* Test that ((a/c)*c)/a = 1. */
			if (!BN_is_one(f)) {
				fprintf(stderr, "GF(2^m) modular division test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	return ret;
}

int
test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		BN_bntest_rand(c, 512, 0, 0);
		BN_bntest_rand(d, 512, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod_exp(e, a, c, b[j], ctx);
			BN_GF2m_mod_exp(f, a, d, b[j], ctx);
			BN_GF2m_mod_mul(e, e, f, b[j], ctx);
			BN_add(f, c, d);
			BN_GF2m_mod_exp(f, a, f, b[j], ctx);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, a);
					BIO_puts(bp, " ^ (");
					BN_print(bp, c);
					BIO_puts(bp, " + ");
					BN_print(bp, d);
					BIO_puts(bp, ") = ");
					BN_print(bp, e);
					BIO_puts(bp, "; - ");
					BN_print(bp, f);
					BIO_puts(bp, " % ");
					BN_print(bp, b[j]);
					BIO_puts(bp, "\n");
				}
			}
#endif
			BN_GF2m_add(f, e, f);
			/* Test that a^(c+d)=a^c*a^d. */
			if (!BN_is_zero(f)) {
				fprintf(stderr, "GF(2^m) modular exponentiation test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	return ret;
}

int
test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f;
	int i, j, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		for (j = 0; j < 2; j++) {
			BN_GF2m_mod(c, a, b[j]);
			BN_GF2m_mod_sqrt(d, a, b[j], ctx);
			BN_GF2m_mod_sqr(e, d, b[j], ctx);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					BN_print(bp, d);
					BIO_puts(bp, " ^ 2 - ");
					BN_print(bp, a);
					BIO_puts(bp, "\n");
				}
			}
#endif
			BN_GF2m_add(f, c, e);
			/* Test that d^2 = a, where d = sqrt(a). */
			if (!BN_is_zero(f)) {
				fprintf(stderr, "GF(2^m) modular square root test failed!\n");
				goto err;
			}
		}
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	return ret;
}

int
test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e;
	int i, j, s = 0, t, ret = 0;
	int p0[] = {163, 7,6, 3,0, -1};
	int p1[] = {193, 15, 0, -1};

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	BN_GF2m_arr2poly(p0, b[0]);
	BN_GF2m_arr2poly(p1, b[1]);

	for (i = 0; i < num0; i++) {
		BN_bntest_rand(a, 512, 0, 0);
		for (j = 0; j < 2; j++) {
			t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
			if (t) {
				s++;
				BN_GF2m_mod_sqr(d, c, b[j], ctx);
				BN_GF2m_add(d, c, d);
				BN_GF2m_mod(e, a, b[j]);
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
				if (bp != NULL) {
					if (!results) {
						BN_print(bp, c);
						BIO_puts(bp, " is root of z^2 + z = ");
						BN_print(bp, a);
						BIO_puts(bp, " % ");
						BN_print(bp, b[j]);
						BIO_puts(bp, "\n");
					}
				}
#endif
				BN_GF2m_add(e, e, d);
				/* Test that solution of quadratic c satisfies c^2 + c = a. */
				if (!BN_is_zero(e)) {
					fprintf(stderr, "GF(2^m) modular solve quadratic test failed!\n");
					goto err;
				}

			} else {
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
				if (bp != NULL) {
					if (!results) {
						BIO_puts(bp, "There are no roots of z^2 + z = ");
						BN_print(bp, a);
						BIO_puts(bp, " % ");
						BN_print(bp, b[j]);
						BIO_puts(bp, "\n");
					}
				}
#endif
			}
		}
	}
		if (s == 0) {
		fprintf(stderr, "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
		fprintf(stderr, "this is very unlikely and probably indicates an error.\n");
		goto err;
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return ret;
}
#endif

static int
genprime_cb(int p, int n, BN_GENCB *arg)
{
	char c='*';

	if (p == 0)
		c='.';
	if (p == 1)
		c='+';
	if (p == 2)
		c='*';
	if (p == 3)
		c='\n';
	putc(c, stderr);
	fflush(stderr);
	return 1;
}

int
test_kron(BIO *bp, BN_CTX *ctx)
{
	BN_GENCB cb;
	BIGNUM *a, *b, *r, *t;
	int i;
	int legendre, kronecker;
	int ret = 0;

	a = BN_new();
	b = BN_new();
	r = BN_new();
	t = BN_new();
	if (a == NULL || b == NULL || r == NULL || t == NULL)
		goto err;

	BN_GENCB_set(&cb, genprime_cb, NULL);


	/* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).
	 * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)
	 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
	 * So we generate a random prime  b  and compare these values
	 * for a number of random  a's.  (That is, we run the Solovay-Strassen
	 * primality test to confirm that  b  is prime, except that we
	 * don't want to test whether  b  is prime but whether BN_kronecker
	 * works.) */

	if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
		goto err;
	b->neg = rand_neg();
	putc('\n', stderr);

	for (i = 0; i < num0; i++) {







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|

|
|

|






|

|

|


|


|
|
|






>







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>













|


|
|

|






|

|


|


|

|
|






>













|






|
|


|



|

|


|




|
>



|






|




|






|
|
|








|
|


|

|



|

|

|




|
|







|







|






|
|
|











|
|


|
|
|

|



|

|

|

|




|
|
|
|
|







|










|






|
|
|







|
|


|

|
|
|



|

|

|

|




|







|






|






|
|
|







|
|


|

|
|



|

|

|











|






|






|
|
|









|
|


|
|

|
|
|



|

|

|

|











|








|






|
|
|









|
|


|
|
|

|
|
|
|
|



|

|

|

|

|

|




|







|








|






|
|
|









|
|


|

|
|
|



|

|




|







|








|






|
|
|








|
|


|




|
|
|



|

|

|




|





>





|

|







|




|







|


<



|


|

|

|

|


|









|










>
|
|
|
|
|
|
|
|







1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012

2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	CHECK_GOTO(BN_one(a));
	CHECK_GOTO(BN_one(b));
	CHECK_GOTO(BN_zero(c));
	if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
		fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
				"succeeded\n");
		rc = 0;
		goto err;
	}

	CHECK_GOTO(BN_set_word(c, 16));
	if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
		fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
				"succeeded\n");
		rc = 0;
		goto err;
	}

	CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
	for (i = 0; i < num2; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
		CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));

		if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " ^ ");
				CHECK_GOTO(BN_print(bp, b));
				BIO_puts(bp, " % ");
				CHECK_GOTO(BN_print(bp, c));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, d));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_exp(e, a, b, ctx));
		CHECK_GOTO(BN_sub(e, e, d));
		CHECK_GOTO(BN_div(a, b, e, c, ctx));
		if (!BN_is_zero(b)) {
			fprintf(stderr, "Modulo exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}

/*
 * Test constant-time modular exponentiation with 1024-bit inputs, which on
 * x86_64 cause a different code branch to be taken.
 */
int
test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *p, *m, *d, *e, *b, *n, *c;
	int len, rc = 1;
	BN_MONT_CTX *mont;

	a = BN_new();
	p = BN_new();
	m = BN_new();
	d = BN_new();
	e = BN_new();
	b = BN_new();
	n = BN_new();
	c = BN_new();

	CHECK_GOTO(mont = BN_MONT_CTX_new());

	CHECK_GOTO(BN_bntest_rand(m, 1024, 0, 1)); /* must be odd for montgomery */
	/* Zero exponent */
	CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
	CHECK_GOTO(BN_zero(p));
	if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
		rc = 0;
		goto err;
	}
	if (!BN_is_one(d)) {
		fprintf(stderr, "Modular exponentiation test failed!\n");
		rc = 0;
		goto err;
	}
	/* Regression test for carry bug in mulx4x_mont */
	len = BN_hex2bn(&a,
	    "7878787878787878787878787878787878787878787878787878787878787878"
	    "7878787878787878787878787878787878787878787878787878787878787878"
	    "7878787878787878787878787878787878787878787878787878787878787878"
	    "7878787878787878787878787878787878787878787878787878787878787878");
	CHECK_GOTO(len);
	len = BN_hex2bn(&b,
	    "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
	    "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
	    "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
	    "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
	CHECK_GOTO(len);
	len = BN_hex2bn(&n,
	    "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
	    "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
	    "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
	    "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
	CHECK_GOTO(len);
	CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx));
	CHECK_GOTO(BN_mod_mul_montgomery(c, a, b, mont, ctx));
	CHECK_GOTO(BN_mod_mul_montgomery(d, b, a, mont, ctx));
	if (BN_cmp(c, d)) {
		fprintf(stderr, "Montgomery multiplication test failed:"
		    " a*b != b*a.\n");
		rc = 0;
		goto err;
	}
	/* Regression test for carry bug in sqr[x]8x_mont */
	len = BN_hex2bn(&n,
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF00"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFF");
	CHECK_GOTO(len);
	len = BN_hex2bn(&a,
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF0000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "0000000000000000000000000000000000000000000000000000000000000000"
	    "000000000000000000000000000000000000000000FFFFFFFFFFFFFF00000000");
	CHECK_GOTO(len);
	BN_free(b);
	CHECK_GOTO(b = BN_dup(a));
	CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx));
	CHECK_GOTO(BN_mod_mul_montgomery(c, a, a, mont, ctx));
	CHECK_GOTO(BN_mod_mul_montgomery(d, a, b, mont, ctx));
	if (BN_cmp(c, d)) {
		fprintf(stderr, "Montgomery multiplication test failed:"
		    " a**2 != a*a.\n");
		rc = 0;
		goto err;
	}
	/* Zero input */
	CHECK_GOTO(BN_bntest_rand(p, 1024, 0, 0));
	CHECK_GOTO(BN_zero(a));
	if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
		rc = 0;
		goto err;
	}
	if (!BN_is_zero(d)) {
		fprintf(stderr, "Modular exponentiation test failed!\n");
		rc = 0;
		goto err;
	}
	/*
	 * Craft an input whose Montgomery representation is 1, i.e., shorter
	 * than the modulus m, in order to test the const time precomputation
	 * scattering/gathering.
	 */
	CHECK_GOTO(BN_one(a));
	CHECK_GOTO(BN_MONT_CTX_set(mont, m, ctx));
	if (!BN_from_montgomery(e, a, mont, ctx)) {
		rc = 0;
		goto err;
	}
	if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) {
		rc = 0;
		goto err;
	}
	if (!BN_mod_exp_simple(a, e, p, m, ctx)) {
		rc = 0;
		goto err;
	}
	if (BN_cmp(a, d) != 0) {
		fprintf(stderr, "Modular exponentiation test failed!\n");
		rc = 0;
		goto err;
	}
	/* Finally, some regular test vectors. */
	CHECK_GOTO(BN_bntest_rand(e, 1024, 0, 0));
	if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) {
		rc = 0;
		goto err;
	}
	if (!BN_mod_exp_simple(a, e, p, m, ctx)) {
		rc = 0;
		goto err;
	}
	if (BN_cmp(a, d) != 0) {
		fprintf(stderr, "Modular exponentiation test failed!\n");
		rc = 0;
		goto err;
	}
err:
	BN_free(a);
	BN_free(p);
	BN_free(m);
	BN_free(d);
	BN_free(e);
	BN_free(b);
	BN_free(n);
	BN_free(c);
	return (rc);
}

int
test_exp(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b, *d, *e, *one;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	d = BN_new();
	e = BN_new();
	one = BN_new();
	CHECK_GOTO(BN_one(one));

	for (i = 0; i < num2; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
		CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));

		if (BN_exp(d, a, b, ctx) <= 0) {
			rc = 0;
			break;
		}

		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " ^ ");
				CHECK_GOTO(BN_print(bp, b));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, d));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_one(e));
		for (; !BN_is_zero(b); BN_sub(b, b, one))
			CHECK_GOTO(BN_mul(e, e, a, ctx));
		CHECK_GOTO(BN_sub(e, e, d));
		if (!BN_is_zero(e)) {
			fprintf(stderr, "Exponentiation test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(d);
	BN_free(e);
	BN_free(one);
	return (rc);
}

#ifndef OPENSSL_NO_EC2M
int
test_gf2m_add(BIO *bp)
{
	BIGNUM a, b, c;
	int i, rc = 0;

	BN_init(&a);
	BN_init(&b);
	BN_init(&c);

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_rand(&a, 512, 0, 0));
		CHECK_GOTO(BN_copy(&b, BN_value_one()));
		a.neg = rand_neg();
		b.neg = rand_neg();
		CHECK_GOTO(BN_GF2m_add(&c, &a, &b));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, &a));
				BIO_puts(bp, " ^ ");
				CHECK_GOTO(BN_print(bp, &b));
				BIO_puts(bp, " = ");
			}
			CHECK_GOTO(BN_print(bp, &c));
			BIO_puts(bp, "\n");
		}
#endif
		/* Test that two added values have the correct parity. */
		if ((BN_is_odd(&a) && BN_is_odd(&c))
		    || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
			fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
			goto err;
		}
		CHECK_GOTO(BN_GF2m_add(&c, &c, &c));
		/* Test that c + c = 0. */
		if (!BN_is_zero(&c)) {
			fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
			goto err;
		}
	}
	rc = 1;
err:
	BN_free(&a);
	BN_free(&b);
	BN_free(&c);
	return rc;
}

int
test_gf2m_mod(BIO *bp)
{
	BIGNUM *a, *b[2], *c, *d, *e;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod(c, a, b[j]));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " % ");
					CHECK_GOTO(BN_print(bp, b[j]));
					BIO_puts(bp, " - ");
					CHECK_GOTO(BN_print(bp, c));
					BIO_puts(bp, "\n");
				}
			}
#endif
			CHECK_GOTO(BN_GF2m_add(d, a, c));
			CHECK_GOTO(BN_GF2m_mod(e, d, b[j]));
			/* Test that a + (a mod p) mod p == 0. */
			if (!BN_is_zero(e)) {
				fprintf(stderr, "GF(2^m) modulo test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return rc;
}

int
test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();
	g = BN_new();
	h = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
		CHECK_GOTO(BN_bntest_rand(c, 1024, 0, 0));
		CHECK_GOTO(BN_bntest_rand(d, 1024, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod_mul(e, a, c, b[j], ctx));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " * ");
					CHECK_GOTO(BN_print(bp, c));
					BIO_puts(bp, " % ");
					CHECK_GOTO(BN_print(bp, b[j]));
					BIO_puts(bp, " - ");
					CHECK_GOTO(BN_print(bp, e));
					BIO_puts(bp, "\n");
				}
			}
#endif
			CHECK_GOTO(BN_GF2m_add(f, a, d));
			CHECK_GOTO(BN_GF2m_mod_mul(g, f, c, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_mul(h, d, c, b[j], ctx));
			CHECK_GOTO(BN_GF2m_add(f, e, g));
			CHECK_GOTO(BN_GF2m_add(f, f, h));
			/* Test that (a+d)*c = a*c + d*c. */
			if (!BN_is_zero(f)) {
				fprintf(stderr, "GF(2^m) modular multiplication test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	BN_free(g);
	BN_free(h);
	return rc;
}

int
test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod_sqr(c, a, b[j], ctx));
			CHECK_GOTO(BN_copy(d, a));
			CHECK_GOTO(BN_GF2m_mod_mul(d, a, d, b[j], ctx));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " ^ 2 % ");
					CHECK_GOTO(BN_print(bp, b[j]));
					BIO_puts(bp, " = ");
					CHECK_GOTO(BN_print(bp, c));
					BIO_puts(bp, "; a * a = ");
					CHECK_GOTO(BN_print(bp, d));
					BIO_puts(bp, "\n");
				}
			}
#endif
			CHECK_GOTO(BN_GF2m_add(d, c, d));
			/* Test that a*a = a^2. */
			if (!BN_is_zero(d)) {
				fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	return rc;
}

int
test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod_inv(c, a, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_mul(d, a, c, b[j], ctx));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " * ");
					CHECK_GOTO(BN_print(bp, c));
					BIO_puts(bp, " - 1 % ");
					CHECK_GOTO(BN_print(bp, b[j]));
					BIO_puts(bp, "\n");
				}
			}
#endif
			/* Test that ((1/a)*a) = 1. */
			if (!BN_is_one(d)) {
				fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	return rc;
}

int
test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
		CHECK_GOTO(BN_bntest_rand(c, 512, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod_div(d, a, c, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_mul(e, d, c, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_div(f, a, e, b[j], ctx));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " = ");
					CHECK_GOTO(BN_print(bp, c));
					BIO_puts(bp, " * ");
					CHECK_GOTO(BN_print(bp, d));
					BIO_puts(bp, " % ");
					CHECK_GOTO(BN_print(bp, b[j]));
					BIO_puts(bp, "\n");
				}
			}
#endif
			/* Test that ((a/c)*c)/a = 1. */
			if (!BN_is_one(f)) {
				fprintf(stderr, "GF(2^m) modular division test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	return rc;
}

int
test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
		CHECK_GOTO(BN_bntest_rand(c, 512, 0, 0));
		CHECK_GOTO(BN_bntest_rand(d, 512, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod_exp(e, a, c, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_exp(f, a, d, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_mul(e, e, f, b[j], ctx));
			CHECK_GOTO(BN_add(f, c, d));
			CHECK_GOTO(BN_GF2m_mod_exp(f, a, f, b[j], ctx));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, " ^ (");
					CHECK_GOTO(BN_print(bp, c));
					BIO_puts(bp, " + ");
					CHECK_GOTO(BN_print(bp, d));
					BIO_puts(bp, ") = ");
					CHECK_GOTO(BN_print(bp, e));
					BIO_puts(bp, "; - ");
					CHECK_GOTO(BN_print(bp, f));
					BIO_puts(bp, " % ");
					CHECK_GOTO(BN_print(bp, b[j]));
					BIO_puts(bp, "\n");
				}
			}
#endif
			CHECK_GOTO(BN_GF2m_add(f, e, f));
			/* Test that a^(c+d)=a^c*a^d. */
			if (!BN_is_zero(f)) {
				fprintf(stderr, "GF(2^m) modular exponentiation test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	return rc;
}

int
test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e, *f;
	int i, j, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	f = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
		for (j = 0; j < 2; j++) {
			CHECK_GOTO(BN_GF2m_mod(c, a, b[j]));
			CHECK_GOTO(BN_GF2m_mod_sqrt(d, a, b[j], ctx));
			CHECK_GOTO(BN_GF2m_mod_sqr(e, d, b[j], ctx));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
			if (bp != NULL) {
				if (!results) {
					CHECK_GOTO(BN_print(bp, d));
					BIO_puts(bp, " ^ 2 - ");
					CHECK_GOTO(BN_print(bp, a));
					BIO_puts(bp, "\n");
				}
			}
#endif
			CHECK_GOTO(BN_GF2m_add(f, c, e));
			/* Test that d^2 = a, where d = sqrt(a). */
			if (!BN_is_zero(f)) {
				fprintf(stderr, "GF(2^m) modular square root test failed!\n");
				goto err;
			}
		}
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	BN_free(f);
	return rc;
}

int
test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b[2], *c, *d, *e;
	int i, j, s = 0, t, rc = 0;
	int p0[] = { 163, 7, 6, 3, 0, -1 };
	int p1[] = { 193, 15, 0, -1 };

	a = BN_new();
	b[0] = BN_new();
	b[1] = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();

	CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
	CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));

	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
		for (j = 0; j < 2; j++) {
			t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
			if (t) {
				s++;
				CHECK_GOTO(BN_GF2m_mod_sqr(d, c, b[j], ctx));
				CHECK_GOTO(BN_GF2m_add(d, c, d));
				CHECK_GOTO(BN_GF2m_mod(e, a, b[j]));
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
				if (bp != NULL) {
					if (!results) {
						CHECK_GOTO(BN_print(bp, c));
						BIO_puts(bp, " is root of z^2 + z = ");
						CHECK_GOTO(BN_print(bp, a));
						BIO_puts(bp, " % ");
						CHECK_GOTO(BN_print(bp, b[j]));
						BIO_puts(bp, "\n");
					}
				}
#endif
				CHECK_GOTO(BN_GF2m_add(e, e, d));
				/* Test that solution of quadratic c satisfies c^2 + c = a. */
				if (!BN_is_zero(e)) {
					fprintf(stderr, "GF(2^m) modular solve quadratic test failed!\n");
					goto err;
				}

			} else {
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
				if (bp != NULL) {
					if (!results) {
						BIO_puts(bp, "There are no roots of z^2 + z = ");
						CHECK_GOTO(BN_print(bp, a));
						BIO_puts(bp, " % ");
						CHECK_GOTO(BN_print(bp, b[j]));
						BIO_puts(bp, "\n");
					}
				}
#endif
			}
		}
	}
	if (s == 0) {
		fprintf(stderr, "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
		fprintf(stderr, "this is very unlikely and probably indicates an error.\n");
		goto err;
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(b[0]);
	BN_free(b[1]);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return rc;
}
#endif

static int
genprime_cb(int p, int n, BN_GENCB *arg)
{
	char c = '*';

	if (p == 0)
		c = '.';
	if (p == 1)
		c = '+';
	if (p == 2)
		c = '*';
	if (p == 3)
		c = '\n';
	putc(c, stderr);
	fflush(stderr);
	return (1);
}

int
test_kron(BIO *bp, BN_CTX *ctx)
{
	BN_GENCB cb;
	BIGNUM *a, *b, *r, *t;
	int i;
	int legendre, kronecker;
	int rc = 0;

	a = BN_new();
	b = BN_new();
	r = BN_new();
	t = BN_new();
	if (a == NULL || b == NULL || r == NULL || t == NULL)
		goto err;

	BN_GENCB_set(&cb, genprime_cb, NULL);

	/*
	 * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
	 * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
	 * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
	 * generate a random prime b and compare these values for a number of
	 * random a's.  (That is, we run the Solovay-Strassen primality test to
	 * confirm that b is prime, except that we don't want to test whether b
	 * is prime but whether BN_kronecker works.)
	 */

	if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
		goto err;
	b->neg = rand_neg();
	putc('\n', stderr);

	for (i = 0; i < num0; i++) {
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821

1822
1823

1824
1825
1826
1827
1828
1829
1830
			goto err;
		/* we actually need BN_kronecker(a, |b|) */
		if (a->neg && b->neg)
			kronecker = -kronecker;

		if (legendre != kronecker) {
			fprintf(stderr, "legendre != kronecker; a = ");
			BN_print_fp(stderr, a);
			fprintf(stderr, ", b = ");
			BN_print_fp(stderr, b);
			fprintf(stderr, "\n");
			goto err;
		}

		putc('.', stderr);
		fflush(stderr);
	}

	putc('\n', stderr);
	fflush(stderr);
	ret = 1;
err:
	BN_free(a);
	BN_free(b);
	BN_free(r);
	BN_free(t);
	return ret;
}

int
test_sqrt(BIO *bp, BN_CTX *ctx)
{
	BN_GENCB cb;
	BIGNUM *a, *p, *r;
	int i, j;
	int ret = 0;

	a = BN_new();
	p = BN_new();
	r = BN_new();
	if (a == NULL || p == NULL || r == NULL)
		goto err;

	BN_GENCB_set(&cb, genprime_cb, NULL);

	for (i = 0; i < 16; i++) {
		if (i < 8) {
			unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };

			if (!BN_set_word(p, primes[i]))
				goto err;
		} else {
			if (!BN_set_word(a, 32))
				goto err;
			if (!BN_set_word(r, 2*i + 1))
				goto err;

			if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
				goto err;
			putc('\n', stderr);
		}
		p->neg = rand_neg();

		for (j = 0; j < num2; j++) {

			/* construct 'a' such that it is a square modulo p,
			 * but in general not a proper square and not reduced modulo p */

			if (!BN_bntest_rand(r, 256, 0, 3))
				goto err;
			if (!BN_nnmod(r, r, p, ctx))
				goto err;
			if (!BN_mod_sqr(r, r, p, ctx))
				goto err;
			if (!BN_bntest_rand(a, 256, 0, 3))







|

|










|





|








|


















|









>
|
|
>







2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
			goto err;
		/* we actually need BN_kronecker(a, |b|) */
		if (a->neg && b->neg)
			kronecker = -kronecker;

		if (legendre != kronecker) {
			fprintf(stderr, "legendre != kronecker; a = ");
			CHECK_GOTO(BN_print_fp(stderr, a));
			fprintf(stderr, ", b = ");
			CHECK_GOTO(BN_print_fp(stderr, b));
			fprintf(stderr, "\n");
			goto err;
		}

		putc('.', stderr);
		fflush(stderr);
	}

	putc('\n', stderr);
	fflush(stderr);
	rc = 1;
err:
	BN_free(a);
	BN_free(b);
	BN_free(r);
	BN_free(t);
	return rc;
}

int
test_sqrt(BIO *bp, BN_CTX *ctx)
{
	BN_GENCB cb;
	BIGNUM *a, *p, *r;
	int i, j;
	int rc = 0;

	a = BN_new();
	p = BN_new();
	r = BN_new();
	if (a == NULL || p == NULL || r == NULL)
		goto err;

	BN_GENCB_set(&cb, genprime_cb, NULL);

	for (i = 0; i < 16; i++) {
		if (i < 8) {
			unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };

			if (!BN_set_word(p, primes[i]))
				goto err;
		} else {
			if (!BN_set_word(a, 32))
				goto err;
			if (!BN_set_word(r, 2 * i + 1))
				goto err;

			if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
				goto err;
			putc('\n', stderr);
		}
		p->neg = rand_neg();

		for (j = 0; j < num2; j++) {
			/*
			 * construct 'a' such that it is a square modulo p, but in
			 * general not a proper square and not reduced modulo p
			 */
			if (!BN_bntest_rand(r, 256, 0, 3))
				goto err;
			if (!BN_nnmod(r, r, p, ctx))
				goto err;
			if (!BN_mod_sqr(r, r, p, ctx))
				goto err;
			if (!BN_bntest_rand(a, 256, 0, 3))
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924

1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965

1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008

2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049

2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097


2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
				goto err;

			if (!BN_nnmod(a, a, p, ctx))
				goto err;

			if (BN_cmp(a, r) != 0) {
				fprintf(stderr, "BN_mod_sqrt failed: a = ");
				BN_print_fp(stderr, a);
				fprintf(stderr, ", r = ");
				BN_print_fp(stderr, r);
				fprintf(stderr, ", p = ");
				BN_print_fp(stderr, p);
				fprintf(stderr, "\n");
				goto err;
			}

			putc('.', stderr);
			fflush(stderr);
		}

		putc('\n', stderr);
		fflush(stderr);
	}
	ret = 1;
err:
	BN_free(a);
	BN_free(p);
	BN_free(r);
	return ret;
}

int
test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
{
	BIGNUM *a, *b, *c, *d;
	int i;
	int rc = 1;

	b = BN_new();
	c = BN_new();
	d = BN_new();
	BN_one(c);

	if (a_)
		a = a_;
	else {
		a = BN_new();
		BN_bntest_rand(a,200,0,0);
		a->neg = rand_neg();
	}
	for (i = 0; i < num0; i++) {
		(void)BN_lshift(b, a, i + 1);
		BN_add(c, c, c);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " * ");
				BN_print(bp, c);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, b);
			BIO_puts(bp, "\n");
		}
		BN_mul(d, a,c, ctx);
		BN_sub(d, d, b);
		if (!BN_is_zero(d)) {
			fprintf(stderr, "Left shift test failed!\n");
			fprintf(stderr, "a=");
			BN_print_fp(stderr, a);
			fprintf(stderr, "\nb=");
			BN_print_fp(stderr, b);
			fprintf(stderr, "\nc=");
			BN_print_fp(stderr, c);
			fprintf(stderr, "\nd=");
			BN_print_fp(stderr, d);
			fprintf(stderr, "\n");
			rc = 0;
			break;
		}
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	return (rc);
}

int
test_lshift1(BIO *bp)
{
	BIGNUM *a, *b, *c;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();

	BN_bntest_rand(a,200,0,0);
	a->neg = rand_neg();
	for (i = 0; i < num0; i++) {
		(void)BN_lshift1(b, a);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " * 2");
				BIO_puts(bp, " - ");
			}
			BN_print(bp, b);
			BIO_puts(bp, "\n");
		}
		BN_add(c, a, a);
		BN_sub(a, b, c);
		if (!BN_is_zero(a)) {
			fprintf(stderr, "Left shift one test failed!\n");
			rc = 0;
			break;
		}

		BN_copy(a, b);
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	return (rc);
}

int
test_rshift(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b, *c, *d, *e;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	BN_one(c);

	BN_bntest_rand(a,200,0,0);
	a->neg = rand_neg();
	for (i = 0; i < num0; i++) {
		(void)BN_rshift(b, a, i + 1);
		BN_add(c, c, c);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " / ");
				BN_print(bp, c);
				BIO_puts(bp, " - ");
			}
			BN_print(bp, b);
			BIO_puts(bp, "\n");
		}
		BN_div(d, e,a, c, ctx);
		BN_sub(d, d, b);
		if (!BN_is_zero(d)) {
			fprintf(stderr, "Right shift test failed!\n");
			rc = 0;
			break;
		}
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}

int
test_rshift1(BIO *bp)
{
	BIGNUM *a, *b, *c;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();

	BN_bntest_rand(a,200,0,0);
	a->neg = rand_neg();
	for (i = 0; i < num0; i++) {
		(void)BN_rshift1(b, a);
		if (bp != NULL) {
			if (!results) {
				BN_print(bp, a);
				BIO_puts(bp, " / 2");
				BIO_puts(bp, " - ");
			}
			BN_print(bp, b);
			BIO_puts(bp, "\n");
		}
		BN_sub(c, a, b);
		BN_sub(c, c, b);
		if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
			fprintf(stderr, "Right shift one test failed!\n");
			rc = 0;
			break;
		}
		BN_copy(a, b);
	}

	BN_free(a);
	BN_free(b);
	BN_free(c);
	return (rc);
}

int
rand_neg(void)
{
	static unsigned int neg = 0;
	static int sign[8] = {0, 0,0, 1,1, 0,1, 1};

	return (sign[(neg++) % 8]);
}

int
test_mod_exp_sizes(BIO *bp, BN_CTX *ctx)
{
	BN_MONT_CTX *mont_ctx;
	BIGNUM *p, *x, *y, *r, *r2;
	int size;
	int ok = 0;

	BN_CTX_start(ctx);
	p = BN_CTX_get(ctx);
	x = BN_CTX_get(ctx);
	y = BN_CTX_get(ctx);
	r = BN_CTX_get(ctx);
	r2 = BN_CTX_get(ctx);
	mont_ctx = BN_MONT_CTX_new();

	if (r2 == NULL || mont_ctx == NULL)
		goto err;

	if (!BN_generate_prime_ex(p, 32, 0, NULL, NULL, NULL) ||
	    !BN_MONT_CTX_set(mont_ctx, p, ctx))
		goto err;

	for (size = 32; size < 1024; size += 8) {
		if (!BN_rand(x, size, -1, 0) ||
		    !BN_rand(y, size, -1, 0) ||
		    !BN_mod_exp_mont_consttime(r, x, y, p, ctx, mont_ctx) ||
		    !BN_mod_exp(r2, x, y, p, ctx))
			goto err;

		if (BN_cmp(r, r2) != 0) {
			char *r_str = BN_bn2hex(r);
			char *r2_str = BN_bn2hex(r2);



			printf("Incorrect answer at size %d: %s vs %s\n",
			    size, r_str, r2_str);
			free(r_str);
			free(r2_str);
			goto err;
		}
	}

	ok = 1;

err:
	BN_MONT_CTX_free(mont_ctx);
	BN_CTX_end(ctx);
	return ok;
}







|

|

|











|




|





|






|





|



|
|


|

|


|


|
|



|

|

|

|





>


















|


|


|



|


|
|






|

>


















|

|


|
|


|

|


|


|
|






>



















|


|


|



|


|
|





|

>










|







|


|


|
|
|
|
|

















|
|
>
>









|




|

2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
				goto err;

			if (!BN_nnmod(a, a, p, ctx))
				goto err;

			if (BN_cmp(a, r) != 0) {
				fprintf(stderr, "BN_mod_sqrt failed: a = ");
				CHECK_GOTO(BN_print_fp(stderr, a));
				fprintf(stderr, ", r = ");
				CHECK_GOTO(BN_print_fp(stderr, r));
				fprintf(stderr, ", p = ");
				CHECK_GOTO(BN_print_fp(stderr, p));
				fprintf(stderr, "\n");
				goto err;
			}

			putc('.', stderr);
			fflush(stderr);
		}

		putc('\n', stderr);
		fflush(stderr);
	}
	rc = 1;
err:
	BN_free(a);
	BN_free(p);
	BN_free(r);
	return rc;
}

int
test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
{
	BIGNUM *a = NULL, *b, *c, *d;
	int i;
	int rc = 1;

	b = BN_new();
	c = BN_new();
	d = BN_new();
	CHECK_GOTO(BN_one(c));

	if (a_)
		a = a_;
	else {
		a = BN_new();
		CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
		a->neg = rand_neg();
	}
	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_lshift(b, a, i + 1));
		CHECK_GOTO(BN_add(c, c, c));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " * ");
				CHECK_GOTO(BN_print(bp, c));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, b));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_mul(d, a, c, ctx));
		CHECK_GOTO(BN_sub(d, d, b));
		if (!BN_is_zero(d)) {
			fprintf(stderr, "Left shift test failed!\n");
			fprintf(stderr, "a=");
			CHECK_GOTO(BN_print_fp(stderr, a));
			fprintf(stderr, "\nb=");
			CHECK_GOTO(BN_print_fp(stderr, b));
			fprintf(stderr, "\nc=");
			CHECK_GOTO(BN_print_fp(stderr, c));
			fprintf(stderr, "\nd=");
			CHECK_GOTO(BN_print_fp(stderr, d));
			fprintf(stderr, "\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	return (rc);
}

int
test_lshift1(BIO *bp)
{
	BIGNUM *a, *b, *c;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();

	CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
	a->neg = rand_neg();
	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_lshift1(b, a));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " * 2");
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, b));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_add(c, a, a));
		CHECK_GOTO(BN_sub(a, b, c));
		if (!BN_is_zero(a)) {
			fprintf(stderr, "Left shift one test failed!\n");
			rc = 0;
			break;
		}

		CHECK_GOTO(BN_copy(a, b));
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	return (rc);
}

int
test_rshift(BIO *bp, BN_CTX *ctx)
{
	BIGNUM *a, *b, *c, *d, *e;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();
	d = BN_new();
	e = BN_new();
	CHECK_GOTO(BN_one(c));

	CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
	a->neg = rand_neg();
	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_rshift(b, a, i + 1));
		CHECK_GOTO(BN_add(c, c, c));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " / ");
				CHECK_GOTO(BN_print(bp, c));
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, b));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_div(d, e, a, c, ctx));
		CHECK_GOTO(BN_sub(d, d, b));
		if (!BN_is_zero(d)) {
			fprintf(stderr, "Right shift test failed!\n");
			rc = 0;
			break;
		}
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	BN_free(d);
	BN_free(e);
	return (rc);
}

int
test_rshift1(BIO *bp)
{
	BIGNUM *a, *b, *c;
	int i;
	int rc = 1;

	a = BN_new();
	b = BN_new();
	c = BN_new();

	CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
	a->neg = rand_neg();
	for (i = 0; i < num0; i++) {
		CHECK_GOTO(BN_rshift1(b, a));
		if (bp != NULL) {
			if (!results) {
				CHECK_GOTO(BN_print(bp, a));
				BIO_puts(bp, " / 2");
				BIO_puts(bp, " - ");
			}
			CHECK_GOTO(BN_print(bp, b));
			BIO_puts(bp, "\n");
		}
		CHECK_GOTO(BN_sub(c, a, b));
		CHECK_GOTO(BN_sub(c, c, b));
		if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
			fprintf(stderr, "Right shift one test failed!\n");
			rc = 0;
			break;
		}
		CHECK_GOTO(BN_copy(a, b));
	}
err:
	BN_free(a);
	BN_free(b);
	BN_free(c);
	return (rc);
}

int
rand_neg(void)
{
	static unsigned int neg = 0;
	static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };

	return (sign[(neg++) % 8]);
}

int
test_mod_exp_sizes(BIO *bp, BN_CTX *ctx)
{
	BN_MONT_CTX *mont_ctx = NULL;
	BIGNUM *p, *x, *y, *r, *r2;
	int size;
	int rc = 0;

	BN_CTX_start(ctx);
	CHECK_GOTO(p = BN_CTX_get(ctx));
	CHECK_GOTO(x = BN_CTX_get(ctx));
	CHECK_GOTO(y = BN_CTX_get(ctx));
	CHECK_GOTO(r = BN_CTX_get(ctx));
	CHECK_GOTO(r2 = BN_CTX_get(ctx));
	mont_ctx = BN_MONT_CTX_new();

	if (r2 == NULL || mont_ctx == NULL)
		goto err;

	if (!BN_generate_prime_ex(p, 32, 0, NULL, NULL, NULL) ||
	    !BN_MONT_CTX_set(mont_ctx, p, ctx))
		goto err;

	for (size = 32; size < 1024; size += 8) {
		if (!BN_rand(x, size, -1, 0) ||
		    !BN_rand(y, size, -1, 0) ||
		    !BN_mod_exp_mont_consttime(r, x, y, p, ctx, mont_ctx) ||
		    !BN_mod_exp(r2, x, y, p, ctx))
			goto err;

		if (BN_cmp(r, r2) != 0) {
			char *r_str = NULL;
			char *r2_str = NULL;
			CHECK_GOTO(r_str = BN_bn2hex(r));
			CHECK_GOTO(r2_str = BN_bn2hex(r2));

			printf("Incorrect answer at size %d: %s vs %s\n",
			    size, r_str, r2_str);
			free(r_str);
			free(r2_str);
			goto err;
		}
	}

	rc = 1;

err:
	BN_MONT_CTX_free(mont_ctx);
	BN_CTX_end(ctx);
	return rc;
}
Changes to jni/libressl/tests/bytestringtest.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: bytestringtest.c,v 1.9 2015/07/18 21:57:00 bcook Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: bytestringtest.c,v 1.10 2015/10/25 20:15:06 doug Exp $	*/
/*
 * Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/tests/cipher_list.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: cipher_list.c,v 1.2 2015/06/28 00:08:27 doug Exp $	*/
/*
 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: cipher_list.c,v 1.5 2017/01/23 06:49:31 beck Exp $	*/
/*
 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
35
36
37
38
39
40
41


42
43
44
45
46
47
48
 */

#include <openssl/ssl.h>

#include <stdio.h>
#include <string.h>



#include "tests.h"

static uint8_t cipher_bytes[] = {
	0xcc, 0x14,	/* ECDHE-ECDSA-CHACHA20-POLY1305 */
	0xcc, 0x13,	/* ECDHE-RSA-CHACHA20-POLY1305 */
	0xcc, 0x15,	/* DHE-RSA-CHACHA20-POLY1305 */
	0x00, 0x9c,	/* AES128-GCM-SHA256 */







>
>







35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 */

#include <openssl/ssl.h>

#include <stdio.h>
#include <string.h>

#include "ssl_locl.h"

#include "tests.h"

static uint8_t cipher_bytes[] = {
	0xcc, 0x14,	/* ECDHE-ECDSA-CHACHA20-POLY1305 */
	0xcc, 0x13,	/* ECDHE-RSA-CHACHA20-POLY1305 */
	0xcc, 0x15,	/* DHE-RSA-CHACHA20-POLY1305 */
	0x00, 0x9c,	/* AES128-GCM-SHA256 */
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
};

#define N_CIPHERS (sizeof(cipher_bytes) / 2)

extern STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
    const unsigned char *p, int num);
extern int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
    unsigned char *p);

static int
ssl_bytes_to_list_alloc(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
{
	SSL_CIPHER *cipher;
	uint16_t value;
	int i;







|







62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
};

#define N_CIPHERS (sizeof(cipher_bytes) / 2)

extern STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
    const unsigned char *p, int num);
extern int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
    unsigned char *p, size_t len, size_t *outlen);

static int
ssl_bytes_to_list_alloc(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
{
	SSL_CIPHER *cipher;
	uint16_t value;
	int i;
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

136
137
138
139
140
141
142
	return 1;
}

static int
ssl_list_to_bytes_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
{
	unsigned char *buf = NULL;
	size_t buflen;
	int len;
	int ret = 0;

	/* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
	buflen = sizeof(cipher_bytes) + 2 + 2;
	CHECK((buf = calloc(1, buflen)) != NULL);

	len = ssl_cipher_list_to_bytes(s, *ciphers, buf);
	CHECK_GOTO(len > 0 && (size_t)len == buflen - 2);

	CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
	CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
	CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);

	ret = 1;

err:
	free(buf);
	return ret;
}

static int
ssl_list_to_bytes_no_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
{
	unsigned char *buf = NULL;
	size_t buflen;
	int len;
	int ret = 0;

	/* Space for cipher bytes and two spare bytes */
	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
	buflen = sizeof(cipher_bytes) + 2;
	CHECK((buf = calloc(1, buflen)) != NULL);
	buf[buflen - 2] = 0xfe;
	buf[buflen - 1] = 0xab;

	/* Set renegotiate so it doesn't add SCSV */
	s->renegotiate = 1;

	len = ssl_cipher_list_to_bytes(s, *ciphers, buf);
	CHECK_GOTO(len > 0 && (size_t)len == buflen - 2);

	CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
	CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);

	ret = 1;

err:
	free(buf);







|
<







|
|
>















|
<










|

|
|
>







89
90
91
92
93
94
95
96

97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
	return 1;
}

static int
ssl_list_to_bytes_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
{
	unsigned char *buf = NULL;
	size_t buflen, outlen;

	int ret = 0;

	/* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
	buflen = sizeof(cipher_bytes) + 2 + 2;
	CHECK((buf = calloc(1, buflen)) != NULL);

	CHECK(ssl_cipher_list_to_bytes(s, *ciphers, buf, buflen, &outlen));

	CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
	CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
	CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
	CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);

	ret = 1;

err:
	free(buf);
	return ret;
}

static int
ssl_list_to_bytes_no_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
{
	unsigned char *buf = NULL;
	size_t buflen, outlen;

	int ret = 0;

	/* Space for cipher bytes and two spare bytes */
	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
	buflen = sizeof(cipher_bytes) + 2;
	CHECK((buf = calloc(1, buflen)) != NULL);
	buf[buflen - 2] = 0xfe;
	buf[buflen - 1] = 0xab;

	/* Set renegotiate so it doesn't add SCSV */
	s->internal->renegotiate = 1;

	CHECK(ssl_cipher_list_to_bytes(s, *ciphers, buf, buflen, &outlen));

	CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
	CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
	CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);

	ret = 1;

err:
	free(buf);
199
200
201
202
203
204
205

206
207
err:
	sk_SSL_CIPHER_free(ciphers);
	SSL_CTX_free(ctx);
	SSL_free(s);

	if (!rv)
		printf("PASS %s\n", __FILE__);

	return rv;
}







>


201
202
203
204
205
206
207
208
209
210
err:
	sk_SSL_CIPHER_free(ciphers);
	SSL_CTX_free(ctx);
	SSL_free(s);

	if (!rv)
		printf("PASS %s\n", __FILE__);
	
	return rv;
}
Changes to jni/libressl/tests/clienttest.c.
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86


87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128


129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)

static unsigned char cipher_list_dtls1[] = {
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
	0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
	0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x12,
	0xc0, 0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d,
	0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
	0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_dtls1[] = {
	0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x7e, 0x01, 0x00, 0x00,
	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x72, 0xfe, 0xff, 0xc3, 0xd6, 0x19, 0xf8, 0x5d,
	0x6a, 0xe3, 0x6d, 0x16, 0x4a, 0xf7, 0x8f, 0x8e,
	0x4a, 0x12, 0x87, 0xcf, 0x07, 0x99, 0xa7, 0x92,
	0x40, 0xbd, 0x06, 0x9f, 0xe9, 0xd2, 0x68, 0x84,
	0xff, 0x6f, 0xe8, 0x00, 0x00, 0x00, 0x44, 0xc0,
	0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff,
	0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0,
	0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0,
	0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32, 0x00,
	0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00,
	0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x12, 0xc0,
	0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0,
	0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00,
	0x09, 0x00, 0xff, 0x01, 0x00, 0x00, 0x04, 0x00,
	0x23, 0x00, 0x00,
};

static unsigned char cipher_list_tls10[] = {
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
	0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
	0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_tls10[] = {
	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
	0xc3, 0x03, 0x01, 0x06, 0x6a, 0x3f, 0x0f, 0xf5,
	0x19, 0x64, 0x2d, 0xfd, 0xb1, 0x4a, 0x91, 0xcd,
	0x65, 0x37, 0xf8, 0x51, 0x92, 0xf9, 0xbf, 0xe9,
	0x46, 0x41, 0x2e, 0x0a, 0x4d, 0xb1, 0xa8, 0x0c,
	0x88, 0xec, 0x03, 0x00, 0x00, 0x50, 0xc0, 0x14,


	0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0, 0x0f,
	0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
	0xc0, 0x09, 0x00, 0x33, 0x00, 0x32, 0x00, 0x45,
	0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x2f,
	0x00, 0x41, 0x00, 0x07, 0xc0, 0x11, 0xc0, 0x07,
	0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04,
	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13,
	0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00,
	0x00, 0x4a, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00,
	0x01, 0x02, 0x00, 0x0a, 0x00, 0x3a, 0x00, 0x38,
	0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x1c,
	0x00, 0x0b, 0x00, 0x0c, 0x00, 0x1b, 0x00, 0x18,
	0x00, 0x09, 0x00, 0x0a, 0x00, 0x1a, 0x00, 0x16,
	0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,
	0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,
	0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,
	0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,
	0x00, 0x23, 0x00, 0x00,
};

static unsigned char cipher_list_tls11[] = {
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
	0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
	0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_tls11[] = {
	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
	0xc3, 0x03, 0x02, 0x2f, 0x93, 0x9c, 0x37, 0x16,
	0x88, 0x53, 0xa1, 0xba, 0xb2, 0x36, 0xc9, 0xdf,
	0xa4, 0x5f, 0x80, 0x6a, 0x8b, 0xfe, 0x00, 0x52,
	0xd3, 0xd2, 0x68, 0x2a, 0xae, 0xca, 0x72, 0xae,
	0x70, 0x77, 0x84, 0x00, 0x00, 0x50, 0xc0, 0x14,


	0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0, 0x0f,
	0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
	0xc0, 0x09, 0x00, 0x33, 0x00, 0x32, 0x00, 0x45,
	0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x2f,
	0x00, 0x41, 0x00, 0x07, 0xc0, 0x11, 0xc0, 0x07,
	0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04,
	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13,
	0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00,
	0x00, 0x4a, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00,
	0x01, 0x02, 0x00, 0x0a, 0x00, 0x3a, 0x00, 0x38,
	0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x1c,
	0x00, 0x0b, 0x00, 0x0c, 0x00, 0x1b, 0x00, 0x18,
	0x00, 0x09, 0x00, 0x0a, 0x00, 0x1a, 0x00, 0x16,
	0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,
	0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,
	0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,
	0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,
	0x00, 0x23, 0x00, 0x00,
};

static unsigned char cipher_list_tls12_aes[] = {
	0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f,
	0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38,
	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xcc, 0x14,
	0xcc, 0x13, 0xcc, 0x15, 0xff, 0x85, 0x00, 0xc4,
	0x00, 0xc3, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a, 0xc0, 0x26,
	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d, 0x00, 0x3d,
	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
	0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e, 0x00, 0x67,
	0x00, 0x40, 0x00, 0x33, 0x00, 0x32, 0x00, 0xbe,
	0x00, 0xbd, 0x00, 0x45, 0x00, 0x44, 0xc0, 0x31,
	0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25, 0xc0, 0x0e,
	0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
	0x00, 0xba, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char cipher_list_tls12_chacha[] = {
	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xcc, 0x14,
	0xcc, 0x13, 0xcc, 0x15, 0xc0, 0x30, 0xc0, 0x2c,
	0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
	0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x6a,
	0x00, 0x39, 0x00, 0x38, 0xff, 0x85, 0x00, 0xc4,
	0x00, 0xc3, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a, 0xc0, 0x26,
	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d, 0x00, 0x3d,
	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
	0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e, 0x00, 0x67,
	0x00, 0x40, 0x00, 0x33, 0x00, 0x32, 0x00, 0xbe,
	0x00, 0xbd, 0x00, 0x45, 0x00, 0x44, 0xc0, 0x31,
	0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25, 0xc0, 0x0e,
	0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
	0x00, 0xba, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_tls12[] = {
	0x16, 0x03, 0x01, 0x01, 0x41, 0x01, 0x00, 0x01,
	0x3d, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0xa0, 0xcc, 0xa9,
	0xcc, 0xa8, 0xcc, 0xaa, 0xcc, 0x14, 0xcc, 0x13,
	0xcc, 0x15, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
	0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3,
	0x00, 0x9f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39,
	0x00, 0x38, 0xff, 0x85, 0x00, 0xc4, 0x00, 0xc3,
	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0, 0x32,
	0xc0, 0x2e, 0xc0, 0x2a, 0xc0, 0x26, 0xc0, 0x0f,
	0xc0, 0x05, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
	0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
	0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
	0x00, 0xa2, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x40,
	0x00, 0x33, 0x00, 0x32, 0x00, 0xbe, 0x00, 0xbd,
	0x00, 0x45, 0x00, 0x44, 0xc0, 0x31, 0xc0, 0x2d,
	0xc0, 0x29, 0xc0, 0x25, 0xc0, 0x0e, 0xc0, 0x04,
	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
	0x00, 0x41, 0x00, 0x07, 0xc0, 0x11, 0xc0, 0x07,
	0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04,
	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13,
	0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00,
	0x00, 0x74, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00,
	0x01, 0x02, 0x00, 0x0a, 0x00, 0x3a, 0x00, 0x38,
	0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x1c,
	0x00, 0x0b, 0x00, 0x0c, 0x00, 0x1b, 0x00, 0x18,
	0x00, 0x09, 0x00, 0x0a, 0x00, 0x1a, 0x00, 0x16,
	0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,
	0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,
	0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,
	0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,
	0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x26,
	0x00, 0x24, 0x06, 0x01, 0x06, 0x02, 0x06, 0x03,
	0xef, 0xef, 0x05, 0x01, 0x05, 0x02, 0x05, 0x03,
	0x04, 0x01, 0x04, 0x02, 0x04, 0x03, 0xee, 0xee,
	0xed, 0xed, 0x03, 0x01, 0x03, 0x02, 0x03, 0x03,
	0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
};

struct client_hello_test {
	const unsigned char *desc;
	const int protocol;
	const size_t random_start;
	const SSL_METHOD *(*ssl_method)(void);







|
|
<
|
|
<
|




|
|
|



|

|
|
|
<
|
<
|
|
|





|
|
<
|
<
|
|
|



|
|
<
<
|
|
>
>

|
|
|
<
|
<
|
|
|
|
<
<
<
<
|
<
<
<
|





|
|
<
|
<
|
|
|



|
|
<
|
<
|
>
>

|
|
|
<
|
<
|
|
|
|
<
<
<
<
|
<
<
<
|









<
|
|
|
|
|
<
<
|
|
<
|
|
|









<
|
|
|
|
|
<
<
|
|
<
|
|
|



|
|



|





|
<
|
|
|
|
|
<
<

|
<
|
|
|
|
<
<
<
<
|
<
<
<
|
|
|
|
|
|







30
31
32
33
34
35
36
37
38

39
40

41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

57

58
59
60
61
62
63
64
65
66
67

68

69
70
71
72
73
74
75
76


77
78
79
80
81
82
83
84

85

86
87
88
89




90



91
92
93
94
95
96
97
98

99

100
101
102
103
104
105
106
107

108

109
110
111
112
113
114
115

116

117
118
119
120




121



122
123
124
125
126
127
128
129
130
131

132
133
134
135
136


137
138

139
140
141
142
143
144
145
146
147
148
149
150

151
152
153
154
155


156
157

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

176
177
178
179
180


181
182

183
184
185
186




187



188
189
190
191
192
193
194
195
196
197
198
199
200
#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)

static unsigned char cipher_list_dtls1[] = {
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09,
	0x00, 0x33, 0x00, 0x32, 0x00, 0x45, 0x00, 0x44,

	0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08,
	0x00, 0x16, 0x00, 0x13, 0x00, 0x0a, 0x00, 0x15,

	0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_dtls1[] = {
	0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x70, 0x01, 0x00, 0x00,
	0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x64, 0xfe, 0xff, 0xc3, 0xd6, 0x19, 0xf8, 0x5d,
	0x6a, 0xe3, 0x6d, 0x16, 0x4a, 0xf7, 0x8f, 0x8e,
	0x4a, 0x12, 0x87, 0xcf, 0x07, 0x99, 0xa7, 0x92,
	0x40, 0xbd, 0x06, 0x9f, 0xe9, 0xd2, 0x68, 0x84,
	0xff, 0x6f, 0xe8, 0x00, 0x00, 0x00, 0x36, 0xc0,
	0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff,
	0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0x00,
	0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00,
	0x33, 0x00, 0x32, 0x00, 0x45, 0x00, 0x44, 0x00,

	0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00,

	0x16, 0x00, 0x13, 0x00, 0x0a, 0x00, 0x15, 0x00,
	0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00, 0x00,
	0x04, 0x00, 0x23, 0x00, 0x00,
};

static unsigned char cipher_list_tls10[] = {
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09,
	0x00, 0x33, 0x00, 0x32, 0x00, 0x45, 0x00, 0x44,

	0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,

	0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
	0x00, 0x16, 0x00, 0x13, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_tls10[] = {
	0x16, 0x03, 0x01, 0x00, 0x81, 0x01, 0x00, 0x00,
	0x7d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,


	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0xc0, 0x14,
	0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0x00, 0x35,
	0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33,
	0x00, 0x32, 0x00, 0x45, 0x00, 0x44, 0x00, 0x2f,

	0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,

	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
	0x00, 0x09, 0x00, 0xff, 0x01, 0x00, 0x00, 0x16,
	0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,




	0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,



	0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
};

static unsigned char cipher_list_tls11[] = {
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
	0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09,
	0x00, 0x33, 0x00, 0x32, 0x00, 0x45, 0x00, 0x44,

	0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,

	0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
	0x00, 0x16, 0x00, 0x13, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_tls11[] = {
	0x16, 0x03, 0x01, 0x00, 0x81, 0x01, 0x00, 0x00,
	0x7d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,

	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0xc0, 0x14,
	0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0x00, 0x35,
	0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33,
	0x00, 0x32, 0x00, 0x45, 0x00, 0x44, 0x00, 0x2f,

	0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,

	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
	0x00, 0x09, 0x00, 0xff, 0x01, 0x00, 0x00, 0x16,
	0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,




	0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,



	0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
};

static unsigned char cipher_list_tls12_aes[] = {
	0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f,
	0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38,
	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xcc, 0x14,
	0xcc, 0x13, 0xcc, 0x15, 0xff, 0x85, 0x00, 0xc4,
	0x00, 0xc3, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,

	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2,
	0x00, 0x9e, 0x00, 0x67, 0x00, 0x40, 0x00, 0x33,
	0x00, 0x32, 0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45,


	0x00, 0x44, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
	0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,

	0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
	0x00, 0x16, 0x00, 0x13, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char cipher_list_tls12_chacha[] = {
	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xcc, 0x14,
	0xcc, 0x13, 0xcc, 0x15, 0xc0, 0x30, 0xc0, 0x2c,
	0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
	0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x6a,
	0x00, 0x39, 0x00, 0x38, 0xff, 0x85, 0x00, 0xc4,
	0x00, 0xc3, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,

	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2,
	0x00, 0x9e, 0x00, 0x67, 0x00, 0x40, 0x00, 0x33,
	0x00, 0x32, 0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45,


	0x00, 0x44, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
	0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,

	0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
	0x00, 0x16, 0x00, 0x13, 0x00, 0x0a, 0x00, 0x15,
	0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
};

static unsigned char client_hello_tls12[] = {
	0x16, 0x03, 0x01, 0x00, 0xeb, 0x01, 0x00, 0x00,
	0xe7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0xcc, 0xa9,
	0xcc, 0xa8, 0xcc, 0xaa, 0xcc, 0x14, 0xcc, 0x13,
	0xcc, 0x15, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
	0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3,
	0x00, 0x9f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39,
	0x00, 0x38, 0xff, 0x85, 0x00, 0xc4, 0x00, 0xc3,
	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0x00, 0x9d,

	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
	0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,
	0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,
	0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,


	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
	0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,

	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
	0x00, 0x13, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
	0x00, 0x09, 0x00, 0xff, 0x01, 0x00, 0x00, 0x40,
	0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,




	0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,



	0x00, 0x18, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d,
	0x00, 0x26, 0x00, 0x24, 0x06, 0x01, 0x06, 0x02,
	0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x02,
	0x05, 0x03, 0x04, 0x01, 0x04, 0x02, 0x04, 0x03,
	0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x02,
	0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
};

struct client_hello_test {
	const unsigned char *desc;
	const int protocol;
	const size_t random_start;
	const SSL_METHOD *(*ssl_method)(void);
Added jni/libressl/tests/compat/memmem.c.






























































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*	$OpenBSD: memmem.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
/*-
 * Copyright (c) 2005 Pascal Gloor <pascal.gloor@spale.com>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <string.h>

/*
 * Find the first occurrence of the byte string s in byte string l.
 */

void *
memmem(const void *l, size_t l_len, const void *s, size_t s_len)
{
	const char *cur, *last;
	const char *cl = l;
	const char *cs = s;

	/* a zero length needle should just return the haystack */
	if (s_len == 0)
		return (void *)cl;

	/* "s" must be smaller or equal to "l" */
	if (l_len < s_len)
		return NULL;

	/* special case where s_len == 1 */
	if (s_len == 1)
		return memchr(l, *cs, l_len);

	/* the last position where its possible to find "s" in "l" */
	last = cl + l_len - s_len;

	for (cur = cl; cur <= last; cur++)
		if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0)
			return (void *)cur;

	return NULL;
}
Added jni/libressl/tests/compat/pipe2.c.














































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/*
 * Public domain
 *
 * pipe2/pipe/socketpair emulation
 * Brent Cook <bcook@openbsd.org>
 */

#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/socket.h>

#undef socketpair

#ifdef _WIN32

static int setfd(int fd, int flag)
{
	int rc = -1;
	if (flag & FD_CLOEXEC) {
		HANDLE h = (HANDLE)_get_osfhandle(fd);
		if (h != NULL)
			rc = SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) == 0 ? -1 : 0;
	}
	return rc;
}

static int setfl(int fd, int flag)
{
	int rc = -1;
	if (flag & O_NONBLOCK) {
		long mode = 1;
		rc = ioctlsocket(fd, FIONBIO, &mode);
	}
	return rc;
}

int socketpair(int domain, int type, int protocol, int socket_vector[2])
{
	if (domain != AF_UNIX || !(type & SOCK_STREAM) || protocol != PF_UNSPEC)
		return -1;

	socket_vector[0] = -1;
	socket_vector[1] = -1;

	int listener = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
	if (listener == -1) {
		return -1;
	}

	struct sockaddr_in addr = {
		.sin_family = AF_INET,
		.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
		.sin_port = 0,
	};

	int yes = 1, e;
	if (setsockopt(listener, SOL_SOCKET, SO_REUSEADDR,
			(void *)&yes, sizeof yes) == -1)
		goto err;

	if (bind(listener, (struct sockaddr *)&addr, sizeof addr) != 0)
		goto err;

	memset(&addr, 0, sizeof addr);
	socklen_t addrlen = sizeof addr;
	if (getsockname(listener, (struct sockaddr *)&addr, &addrlen) != 0)
		goto err;

	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
	addr.sin_family = AF_INET;

	if (listen(listener, 1) != 0)
		goto err;

	socket_vector[0] = WSASocket(AF_INET, SOCK_STREAM, 0, NULL, 0, 0);
	if (socket_vector[0] == -1)
		goto err;

	if (connect(socket_vector[0], (struct sockaddr *)&addr, sizeof addr) != 0)
		goto err;

	socket_vector[1] = accept(listener, NULL, NULL);
	if (socket_vector[1] == -1)
		goto err;

	closesocket(listener);
	return 0;

err:
	e = WSAGetLastError();
	closesocket(listener);
	closesocket(socket_vector[0]);
	closesocket(socket_vector[1]);
	WSASetLastError(e);
	socket_vector[0] = -1;
	socket_vector[1] = -1;
	return -1;
}

int pipe(int fildes[2])
{
	return socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC, fildes);
}

#else

static int setfd(int fd, int flag)
{
	int flags = fcntl(fd, F_GETFD);
	flags |= flag;
	return fcntl(fd, F_SETFD, flags);
}

static int setfl(int fd, int flag)
{
	int flags = fcntl(fd, F_GETFL);
	flags |= flag;
	return fcntl(fd, F_SETFL, flags);
}
#endif

int pipe2(int fildes[2], int flags)
{
	int rc = pipe(fildes);
	if (rc == 0) {
		if (flags & O_NONBLOCK) {
			rc |= setfl(fildes[0], O_NONBLOCK);
			rc |= setfl(fildes[1], O_NONBLOCK);
		}
		if (flags & O_CLOEXEC) {
			rc |= setfd(fildes[0], FD_CLOEXEC);
			rc |= setfd(fildes[1], FD_CLOEXEC);
		}
		if (rc != 0) {
			int e = errno;
			close(fildes[0]);
			close(fildes[1]);
			errno = e;
		}
	}
	return rc;
}

int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2])
{
	int flags = type & ~0xf;
	type &= 0xf;
	int rc = socketpair(domain, type, protocol, socket_vector);
	if (rc == 0) {
		if (flags & SOCK_NONBLOCK) {
			rc |= setfl(socket_vector[0], O_NONBLOCK);
			rc |= setfl(socket_vector[1], O_NONBLOCK);
		}
		if (flags & SOCK_CLOEXEC) {
			rc |= setfd(socket_vector[0], FD_CLOEXEC);
			rc |= setfd(socket_vector[1], FD_CLOEXEC);
		}
		if (rc != 0) {
			int e = errno;
			close(socket_vector[0]);
			close(socket_vector[1]);
			errno = e;
		}
	}
	return rc;
}
Changes to jni/libressl/tests/evptests.txt.
9
10
11
12
13
14
15



16
17
18
19
20
21
22
MD5:::61:0cc175b9c0f1b6a831c399e269772661
MD5:::616263:900150983cd24fb0d6963f7d28e17f72
MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a




# GOST R 34.11 tests
md_gost94::::981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0
streebog512::::8e945da209aa869f0455928529bcae4679e9873ab707b55315f56ceb98bef0a7362f715528356ee83cda5f2aac4c6ad2ba3a715c1bcd81cb8e9f90bf4c1c1a8a
streebog256::::3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
streebog512:::303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132:1b54d01a4af5b9d5cc3d86d68d285462b19abc2475222f35c085122be4ba1ffa00ad30f8767b3a82384c6574f024c311e2a481332b08ef7f41797891c1646f48
streebog256:::303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132:9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
streebog512:::d1e520e2e5f2f0e82c20d1f2f0e8e1eee6e820e2edf3f6e82c20e2e5fef2fa20f120eceef0ff20f1f2f0e5ebe0ece820ede020f5f0e0e1f0fbff20efebfaeafb20c8e3eef0e5e2fb:1e88e62226bfca6f9994f1f2d51569e0daf8475a3b0fe61a5300eee46d961376035fe83549ada2b8620fcd7c496ce5b33f0cb9dddc2b6460143b03dabac9fb28







>
>
>







9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
MD5:::61:0cc175b9c0f1b6a831c399e269772661
MD5:::616263:900150983cd24fb0d6963f7d28e17f72
MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a

# MD5+SHA1 tests
MD5-SHA1:::616263:900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d

# GOST R 34.11 tests
md_gost94::::981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0
streebog512::::8e945da209aa869f0455928529bcae4679e9873ab707b55315f56ceb98bef0a7362f715528356ee83cda5f2aac4c6ad2ba3a715c1bcd81cb8e9f90bf4c1c1a8a
streebog256::::3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
streebog512:::303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132:1b54d01a4af5b9d5cc3d86d68d285462b19abc2475222f35c085122be4ba1ffa00ad30f8767b3a82384c6574f024c311e2a481332b08ef7f41797891c1646f48
streebog256:::303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132:9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
streebog512:::d1e520e2e5f2f0e82c20d1f2f0e8e1eee6e820e2edf3f6e82c20e2e5fef2fa20f120eceef0ff20f1f2f0e5ebe0ece820ede020f5f0e0e1f0fbff20efebfaeafb20c8e3eef0e5e2fb:1e88e62226bfca6f9994f1f2d51569e0daf8475a3b0fe61a5300eee46d961376035fe83549ada2b8620fcd7c496ce5b33f0cb9dddc2b6460143b03dabac9fb28
Changes to jni/libressl/tests/explicit_bzero.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: explicit_bzero.c,v 1.5 2014/07/11 00:38:17 matthew Exp $	*/
/*
 * Copyright (c) 2014 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: explicit_bzero.c,v 1.6 2014/07/11 01:10:35 matthew Exp $	*/
/*
 * Copyright (c) 2014 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Changes to jni/libressl/tests/exptest.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66









67
68































































































































69
70
71
72
73
74
75

76
77
78
79
80

81
82
83

84

85
86
87
88
89
90
91
92
93
94

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115




116


117
118
119
120







121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160




161
162

163

164

165

166

167

168

169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184






185
186
187
188
189
190
/* crypto/bn/exptest.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/err.h>










#define NUM_BITS	(BN_BITS*2)
































































































































int main(int argc, char *argv[])
	{
	BN_CTX *ctx;
	BIO *out=NULL;
	int i,ret;
	unsigned char c;
	BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;


	ERR_load_BN_strings();

	ctx=BN_CTX_new();
	if (ctx == NULL) exit(1);

	r_mont=BN_new();
	r_mont_const=BN_new();
	r_recp=BN_new();

	r_simple=BN_new();

	a=BN_new();
	b=BN_new();
	m=BN_new();
	if (	(r_mont == NULL) || (r_recp == NULL) ||
		(a == NULL) || (b == NULL))
		goto err;

	out=BIO_new(BIO_s_file());

	if (out == NULL) exit(1);

	BIO_set_fp(out,stdout,BIO_NOCLOSE);

	for (i=0; i<200; i++)
		{
		arc4random_buf(&c,1);
		c=(c%BN_BITS)-BN_BITS2;
		BN_rand(a,NUM_BITS+c,0,0);

		arc4random_buf(&c,1);
		c=(c%BN_BITS)-BN_BITS2;
		BN_rand(b,NUM_BITS+c,0,0);

		arc4random_buf(&c,1);
		c=(c%BN_BITS)-BN_BITS2;
		BN_rand(m,NUM_BITS+c,0,1);

		BN_mod(a,a,m,ctx);
		BN_mod(b,b,m,ctx);

		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
		if (ret <= 0)




			{


			printf("BN_mod_exp_mont() problems\n");
			ERR_print_errors(out);
			exit(1);
			}








		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
		if (ret <= 0)
			{
			printf("BN_mod_exp_recp() problems\n");
			ERR_print_errors(out);
			exit(1);
			}

		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
		if (ret <= 0)
			{
			printf("BN_mod_exp_simple() problems\n");
			ERR_print_errors(out);
			exit(1);
			}

		ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
		if (ret <= 0)
			{
			printf("BN_mod_exp_mont_consttime() problems\n");
			ERR_print_errors(out);
			exit(1);
			}

		if (BN_cmp(r_simple, r_mont) == 0
		    && BN_cmp(r_simple,r_recp) == 0
			&& BN_cmp(r_simple,r_mont_const) == 0)
			{
			printf(".");
			fflush(stdout);
			}
		else
		  	{
			if (BN_cmp(r_simple,r_mont) != 0)
				printf("\nsimple and mont results differ\n");
			if (BN_cmp(r_simple,r_mont_const) != 0)
				printf("\nsimple and mont const time results differ\n");
			if (BN_cmp(r_simple,r_recp) != 0)
				printf("\nsimple and recp results differ\n");





			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);

			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);

			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);

			printf("\nsimple   =");	BN_print(out,r_simple);

			printf("\nrecp     =");	BN_print(out,r_recp);

			printf("\nmont     ="); BN_print(out,r_mont);

			printf("\nmont_ct  ="); BN_print(out,r_mont_const);

			printf("\n");
			exit(1);
			}
		}
	BN_free(r_mont);
	BN_free(r_mont_const);
	BN_free(r_recp);
	BN_free(r_simple);
	BN_free(a);
	BN_free(b);
	BN_free(m);
	BN_CTX_free(ctx);
	ERR_remove_thread_state(NULL);
	CRYPTO_mem_leaks(out);
	BIO_free(out);
	printf(" done\n");






	exit(0);
err:
	ERR_load_crypto_strings();
	ERR_print_errors(out);
	exit(1);
	}







|






|






|














|


|











|














>
>
>
>
>
>
>
>
>


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|

|
|

|
>



|
|
>
|
|
|
>
|
>
|
|
|
|
<


|

|
>
|

|
<
|
|
|

|
|
|

|
|
|

|
|

|
|
>
>
>
>
|
>
>
|


|
>
>
>
>
>
>
>

|
|
<



|

|
|
<



|

|
|
<



|


|
|
<


<
|
<
|

|

|

>
>
>
>

|
>
|
>
|
>
|
>
|
>
|
>
|
>


|
|











|
>
>
>
>
>
>
|
|


|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237

238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275

276
277
278
279
280
281
282

283
284
285
286
287
288
289

290
291
292
293
294
295
296
297

298
299

300

301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
/* crypto/bn/exptest.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/err.h>

int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

#define NUM_BITS	(BN_BITS*2)

/*
 * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
 * returns zero and prints debug output otherwise.
 */
static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
							 const BIGNUM *a) {
	if (!BN_is_zero(r)) {
		fprintf(stderr, "%s failed:\n", method);
		fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
		fprintf(stderr, "a = ");
		BN_print_fp(stderr, a);
		fprintf(stderr, "\nr = ");
		BN_print_fp(stderr, r);
		fprintf(stderr, "\n");
		return 0;
	}
	return 1;
}

/*
 * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
 */
static int test_exp_mod_zero(void)
{
	BIGNUM a, p, m;
	BIGNUM r;
	BN_ULONG one_word = 1;
	BN_CTX *ctx = BN_CTX_new();
	int ret = 1, failed = 0;

	BN_init(&m);
	BN_one(&m);

	BN_init(&a);
	BN_one(&a);

	BN_init(&p);
	BN_zero(&p);

	BN_init(&r);

	if (!BN_rand(&a, 1024, 0, 0))
		goto err;

	if (!BN_mod_exp(&r, &a, &p, &m, ctx))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
		failed = 1;

	if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a))
		failed = 1;

	if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a))
		failed = 1;

	if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
		failed = 1;

	if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
		failed = 1;

	if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
		failed = 1;

	if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a))
		failed = 1;

	if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL))
		goto err;

	if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a))
		failed = 1;

	if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
		goto err;
	}

	if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
		failed = 1;

	/*
	 * A different codepath exists for single word multiplication
	 * in non-constant-time only.
	 */
	if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
		goto err;

	if (!BN_is_zero(&r)) {
		fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
		fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
		fprintf(stderr, "r = ");
		BN_print_fp(stderr, &r);
		fprintf(stderr, "\n");
		return 0;
	}

	ret = failed;

 err:
	BN_free(&r);
	BN_free(&a);
	BN_free(&p);
	BN_free(&m);
	BN_CTX_free(ctx);

	return ret;
}

int main(int argc, char *argv[])
{
	BN_CTX *ctx;
	BIO *out = NULL;
	int i, ret;
	unsigned char c;
	BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple,
	    *r_mont_ct, *r_mont_nonct, *a, *b, *m;

	ERR_load_BN_strings();

	ctx = BN_CTX_new();
	if (ctx == NULL)
		exit(1);
	r_mont = BN_new();
	r_mont_const = BN_new();
	r_mont_ct = BN_new();
	r_mont_nonct = BN_new();
	r_recp = BN_new();
	r_simple = BN_new();
	a = BN_new();
	b = BN_new();
	m = BN_new();
	if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))

		goto err;

	out = BIO_new(BIO_s_file());

	if (out == NULL)
		exit(1);
	BIO_set_fp(out, stdout, BIO_NOCLOSE);

	for (i = 0; i < 200; i++) {

		arc4random_buf(&c, 1);
		c = (c % BN_BITS) - BN_BITS2;
		BN_rand(a, NUM_BITS + c, 0, 0);

		arc4random_buf(&c, 1);
		c = (c % BN_BITS) - BN_BITS2;
		BN_rand(b, NUM_BITS + c, 0, 0);

		arc4random_buf(&c, 1);
		c = (c % BN_BITS) - BN_BITS2;
		BN_rand(m, NUM_BITS + c, 0, 1);

		BN_mod(a, a, m, ctx);
		BN_mod(b, b, m, ctx);

		ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
		if (ret <= 0) {
			printf("BN_mod_exp_mont() problems\n");
			ERR_print_errors(out);
			exit(1);
		}

		ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
		if (ret <= 0) {
			printf("BN_mod_exp_mont_ct() problems\n");
			ERR_print_errors(out);
			exit(1);
		}

		ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
		if (ret <= 0) {
			printf("BN_mod_exp_mont_nonct() problems\n");
			ERR_print_errors(out);
			exit(1);
		}

		ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
		if (ret <= 0) {

			printf("BN_mod_exp_recp() problems\n");
			ERR_print_errors(out);
			exit(1);
		}

		ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
		if (ret <= 0) {

			printf("BN_mod_exp_simple() problems\n");
			ERR_print_errors(out);
			exit(1);
		}

		ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
		if (ret <= 0) {

			printf("BN_mod_exp_mont_consttime() problems\n");
			ERR_print_errors(out);
			exit(1);
		}

		if (BN_cmp(r_simple, r_mont) == 0
			&& BN_cmp(r_simple, r_recp) == 0
			&& BN_cmp(r_simple, r_mont_const) == 0) {

			printf(".");
			fflush(stdout);

		} else {

			if (BN_cmp(r_simple, r_mont) != 0)
				printf("\nsimple and mont results differ\n");
			if (BN_cmp(r_simple, r_mont_const) != 0)
				printf("\nsimple and mont const time results differ\n");
			if (BN_cmp(r_simple, r_recp) != 0)
				printf("\nsimple and recp results differ\n");
			if (BN_cmp(r_mont, r_mont_ct) != 0)
				printf("\nmont_ct and mont results differ\n");
			if (BN_cmp(r_mont_ct, r_mont_nonct) != 0)
				printf("\nmont_ct and mont_nonct results differ\n");

			printf("a (%3d) = ", BN_num_bits(a));
			BN_print(out, a);
			printf("\nb (%3d) = ", BN_num_bits(b));
			BN_print(out, b);
			printf("\nm (%3d) = ", BN_num_bits(m));
			BN_print(out, m);
			printf("\nsimple   =");
			BN_print(out, r_simple);
			printf("\nrecp	 =");
			BN_print(out, r_recp);
			printf("\nmont	 =");
			BN_print(out, r_mont);
			printf("\nmont_ct  =");
			BN_print(out, r_mont_const);
			printf("\n");
			exit(1);
		}
	}
	BN_free(r_mont);
	BN_free(r_mont_const);
	BN_free(r_recp);
	BN_free(r_simple);
	BN_free(a);
	BN_free(b);
	BN_free(m);
	BN_CTX_free(ctx);
	ERR_remove_thread_state(NULL);
	CRYPTO_mem_leaks(out);
	BIO_free(out);
	printf("\n");

	if (test_exp_mod_zero() != 0)
		goto err;

	printf("done\n");

	return (0);
 err:
	ERR_load_crypto_strings();
	ERR_print_errors(out);
	return (1);
}
Changes to jni/libressl/tests/gost2814789t.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: gost2814789t.c,v 1.1 2014/11/09 19:45:26 miod Exp $	*/
/* vim: set fileencoding=ascii : Charset: ASCII */
/* test/gostr2814789t.c */
/* ====================================================================
 * Copyright (c) 2012 Crypto-Pro, Ltd., Serguei E. Leontiev,
 *                    lse@cryptopro.ru
 *
 * This file is distributed under the same license as OpenSSL
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: gost2814789t.c,v 1.2 2014/12/15 06:03:15 miod Exp $	*/
/* vim: set fileencoding=ascii : Charset: ASCII */
/* test/gostr2814789t.c */
/* ====================================================================
 * Copyright (c) 2012 Crypto-Pro, Ltd., Serguei E. Leontiev,
 *                    lse@cryptopro.ru
 *
 * This file is distributed under the same license as OpenSSL
Changes to jni/libressl/tests/hmactest.c.
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

82
83
84
85
86
87

88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
























107
108
109
110


111
112
113
114
115
116
117



118
119
120
121
122
123
124
125
126
127
128

129
130
131
132
133
134
135
136
137
138
139



















































































































































140
141
142
143
144
145

146
147
148
149
150
151
152
153
154

#include <openssl/hmac.h>
#ifndef OPENSSL_NO_MD5
#include <openssl/md5.h>
#endif

#ifndef OPENSSL_NO_MD5
static struct test_st
	{
	unsigned char key[16];
	int key_len;
	unsigned char data[64];
	int data_len;
	unsigned char *digest;
	} test[4]={
	{	"",
		0,
		"More text test vectors to stuff up EBCDIC machines :-)",
		54,
		(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",

	},{	{0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
		 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
		16,
		"Hi There",
		8,
		(unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",

	},{	"Jefe",
		4,
		"what do ya want for nothing?",
		28,
		(unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
	},{
		{0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
		 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
		16,
		{0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd},
		50,
		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
	},
























	};
#endif

static char *pt(unsigned char *md);


int main(int argc, char *argv[])
	{
#ifndef OPENSSL_NO_MD5
	int i;
	char *p;
#endif
	int err=0;




#ifdef OPENSSL_NO_MD5
	printf("test skipped: MD5 disabled\n");
#else

	for (i=0; i<4; i++)
		{
		p=pt(HMAC(EVP_md5(),
			test[i].key, test[i].key_len,
			test[i].data, test[i].data_len,
			NULL,NULL));


		if (strcmp(p,(char *)test[i].digest) != 0)
			{
			printf("error calculating HMAC on %d entry'\n",i);
			printf("got %s instead of %s\n",p,test[i].digest);
			err++;
			}
		else
			printf("test %d ok\n",i);
		}
#endif /* OPENSSL_NO_MD5 */



















































































































































	exit(err);
	return(0);
	}

#ifndef OPENSSL_NO_MD5
static char *pt(unsigned char *md)

	{
	int i;
	static char buf[80];

	for (i=0; i<MD5_DIGEST_LENGTH; i++)
		snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
	return(buf);
	}
#endif







|
<





|





>
|





>
|




|
|












>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|


|
>
>
|
|




|
>
>
>





|
<
|

|
<
>

|
<
|
|

<
|
|
|

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


|


|
>
|
|


|
|

|

62
63
64
65
66
67
68
69

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

154
155
156

157
158
159

160
161
162

163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329

#include <openssl/hmac.h>
#ifndef OPENSSL_NO_MD5
#include <openssl/md5.h>
#endif

#ifndef OPENSSL_NO_MD5
static struct test_st {

	unsigned char key[16];
	int key_len;
	unsigned char data[64];
	int data_len;
	unsigned char *digest;
} test[8] = {
	{	"",
		0,
		"More text test vectors to stuff up EBCDIC machines :-)",
		54,
		(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
	},
	{	{0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
		 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
		16,
		"Hi There",
		8,
		(unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
	},
	{	"Jefe",
		4,
		"what do ya want for nothing?",
		28,
		(unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
	},
	{	{0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
		 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
		16,
		{0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
		 0xdd,0xdd},
		50,
		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
	},
	{	"",
		0,
		"My test data",
		12,
		(unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
	},
	{	"",
		0,
		"My test data",
		12,
		(unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
	},
	{	"123456",
		6,
		"My test data",
		12,
		(unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
	},
	{	"12345",
		5,
		"My test data again",
		12,
		(unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
	}
};
#endif

static char *pt(unsigned char *md, unsigned int len);

int
main(int argc, char *argv[])
{
#ifndef OPENSSL_NO_MD5
	int i;
	char *p;
#endif
	int err = 0;
	HMAC_CTX ctx, ctx2;
	unsigned char buf[EVP_MAX_MD_SIZE];
	unsigned int len;

#ifdef OPENSSL_NO_MD5
	printf("test skipped: MD5 disabled\n");
#else

	for (i = 0; i < 4; i++) {

		p = pt(HMAC(EVP_md5(),
			test[i].key, test[i].key_len,
			test[i].data, test[i].data_len, NULL, NULL),

			MD5_DIGEST_LENGTH);

		if (strcmp(p, (char *)test[i].digest) != 0) {

			printf("error calculating HMAC on %d entry'\n", i);
			printf("got %s instead of %s\n", p, test[i].digest);
			err++;

		} else
			printf("test %d ok\n", i);
	}
#endif /* OPENSSL_NO_MD5 */

/* test4 */
	HMAC_CTX_init(&ctx);
	if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
		printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
		err++;
		goto test5;
	}
	if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
		printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
		err++;
		goto test5;
	}
	if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
		printf("Should fail to initialise HMAC with empty key (test 4)\n");
		err++;
		goto test5;
	}
	if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
		printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
		err++;
		goto test5;
	}
	printf("test 4 ok\n");
 test5:
	HMAC_CTX_cleanup(&ctx);
	HMAC_CTX_init(&ctx);
	if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
		printf("Should fail to initialise HMAC with empty MD (test 5)\n");
		err++;
		goto test6;
	}
	if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
		printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
		err++;
		goto test6;
	}
	if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
		printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
		printf("Failed to initialise HMAC (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
		printf("Error updating HMAC with data (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Final(&ctx, buf, &len)) {
		printf("Error finalising data (test 5)\n");
		err++;
		goto test6;
	}
	p = pt(buf, len);
	if (strcmp(p, (char *)test[4].digest) != 0) {
		printf("Error calculating interim HMAC on test 5\n");
		printf("got %s instead of %s\n", p, test[4].digest);
		err++;
		goto test6;
	}
	if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
		printf("Should disallow changing MD without a new key (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
		printf("Failed to reinitialise HMAC (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
		printf("Error updating HMAC with data (sha256) (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Final(&ctx, buf, &len)) {
		printf("Error finalising data (sha256) (test 5)\n");
		err++;
		goto test6;
	}
	p = pt(buf, len);
	if (strcmp(p, (char *)test[5].digest) != 0) {
		printf("Error calculating 2nd interim HMAC on test 5\n");
		printf("got %s instead of %s\n", p, test[5].digest);
		err++;
		goto test6;
	}
	if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
		printf("Failed to reinitialise HMAC with key (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
		printf("Error updating HMAC with data (new key) (test 5)\n");
		err++;
		goto test6;
	}
	if (!HMAC_Final(&ctx, buf, &len)) {
		printf("Error finalising data (new key) (test 5)\n");
		err++;
		goto test6;
	}
	p = pt(buf, len);
	if (strcmp(p, (char *)test[6].digest) != 0) {
		printf("error calculating HMAC on test 5\n");
		printf("got %s instead of %s\n", p, test[6].digest);
		err++;
	} else {
		printf("test 5 ok\n");
	}
 test6:
	HMAC_CTX_cleanup(&ctx);
	HMAC_CTX_init(&ctx);
	if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
		printf("Failed to initialise HMAC (test 6)\n");
		err++;
		goto end;
	}
	if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
		printf("Error updating HMAC with data (test 6)\n");
		err++;
		goto end;
	}
	if (!HMAC_CTX_copy(&ctx2, &ctx)) {
		printf("Failed to copy HMAC_CTX (test 6)\n");
		err++;
		goto end;
	}
	if (!HMAC_Final(&ctx2, buf, &len)) {
		printf("Error finalising data (test 6)\n");
		err++;
		goto end;
	}
	p = pt(buf, len);
	if (strcmp(p, (char *)test[7].digest) != 0) {
		printf("Error calculating HMAC on test 6\n");
		printf("got %s instead of %s\n", p, test[7].digest);
		err++;
	} else {
		printf("test 6 ok\n");
	}
end:
	HMAC_CTX_cleanup(&ctx);
	exit(err);
	return(0);
}

#ifndef OPENSSL_NO_MD5
static char *
pt(unsigned char *md, unsigned int len)
{
	unsigned int i;
	static char buf[80];

	for (i = 0; i < len; i++)
		snprintf(buf + i * 2, sizeof(buf) - i * 2, "%02x", md[i]);
	return(buf);
}
#endif
Deleted jni/libressl/tests/memmem.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*	$OpenBSD: memmem.c,v 1.3 2013/05/30 01:10:45 ajacoutot Exp $ */
/*-
 * Copyright (c) 2005 Pascal Gloor <pascal.gloor@spale.com>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <string.h>

/*
 * Find the first occurrence of the byte string s in byte string l.
 */

void *
memmem(const void *l, size_t l_len, const void *s, size_t s_len)
{
	const char *cur, *last;
	const char *cl = l;
	const char *cs = s;

	/* a zero length needle should just return the haystack */
	if (s_len == 0)
		return (void *)cl;

	/* "s" must be smaller or equal to "l" */
	if (l_len < s_len)
		return NULL;

	/* special case where s_len == 1 */
	if (s_len == 1)
		return memchr(l, *cs, l_len);

	/* the last position where its possible to find "s" in "l" */
	last = cl + l_len - s_len;

	for (cur = cl; cur <= last; cur++)
		if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0)
			return (void *)cur;

	return NULL;
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<






























































































































Changes to jni/libressl/tests/mont.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: mont.c,v 1.1 2014/06/20 10:38:22 miod Exp $	*/

/*
 * Copyright (c) 2014 Miodrag Vallat.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: mont.c,v 1.2 2014/10/22 13:23:05 jsing Exp $	*/

/*
 * Copyright (c) 2014 Miodrag Vallat.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Changes to jni/libressl/tests/ocsp_test.c.
11
12
13
14
15
16
17





18
19
20
21
22
23
24
static int tcp_connect(char *host, char *port) {
	int error, sd = -1;
	struct addrinfo hints, *res, *r;

	memset(&hints, 0, sizeof(struct addrinfo));
	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_STREAM;






	error = getaddrinfo(host, port, &hints, &res);
	if (error != 0) {
		perror("getaddrinfo()");
		exit(-1);
	}








>
>
>
>
>







11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
static int tcp_connect(char *host, char *port) {
	int error, sd = -1;
	struct addrinfo hints, *res, *r;

	memset(&hints, 0, sizeof(struct addrinfo));
	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_STREAM;

#ifdef _MSC_VER
	if (BIO_sock_init() != 1)
		exit(-1);
#endif

	error = getaddrinfo(host, port, &hints, &res);
	if (error != 0) {
		perror("getaddrinfo()");
		exit(-1);
	}

Added jni/libressl/tests/ocsptest.bat.






















>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
@echo off
setlocal enabledelayedexpansion
REM	ocsptest.bat

set TEST=Debug\ocsp_test.exe
if not exist %TEST% exit /b 1

%TEST% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1
%TEST% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1

endlocal
Changes to jni/libressl/tests/pkcs7test.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: pkcs7test.c,v 1.2 2014/07/09 06:42:01 bcook Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: pkcs7test.c,v 1.3 2014/11/26 05:48:00 bcook Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Added jni/libressl/tests/pq_test.bat.




























>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
@echo off
setlocal enabledelayedexpansion
REM	pq_test.bat

set TEST=Debug\pq_test.exe
if not exist %TEST% exit /b 1

set pq_output=pq_output.txt
if exist %pq_output% del %pq_output%

%TEST% > %pq_output%
fc /b %pq_output% %srcdir%\pq_expected.txt

endlocal
Changes to jni/libressl/tests/rfc5280time.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: rfc5280time.c,v 1.3 2015/10/22 14:01:19 jsing Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: rfc5280time.c,v 1.4 2015/10/30 15:52:55 miod Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
Added jni/libressl/tests/rsa_test.c.


















































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
/*
 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* test vectors from p1ovect1.txt */

#include <stdio.h>
#include <string.h>

#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#ifdef OPENSSL_NO_RSA
int main(int argc, char *argv[])
{
    printf("No RSA support\n");
    return (0);
}
#else
# include <openssl/rsa.h>

# define SetKey \
  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
  return (sizeof(ctext_ex) - 1);

static int key1(RSA *key, unsigned char *c)
{
    static unsigned char n[] =
        "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
        "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
        "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
        "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
        "\xF5";

    static unsigned char e[] = "\x11";

    static unsigned char d[] =
        "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
        "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
        "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
        "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";

    static unsigned char p[] =
        "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
        "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
        "\x0D";

    static unsigned char q[] =
        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
        "\x89";

    static unsigned char dmp1[] =
        "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
        "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";

    static unsigned char dmq1[] =
        "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
        "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
        "\x51";

    static unsigned char iqmp[] =
        "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
        "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";

    static unsigned char ctext_ex[] =
        "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
        "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
        "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
        "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";

    SetKey;
}

static int key2(RSA *key, unsigned char *c)
{
    static unsigned char n[] =
        "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
        "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
        "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
        "\x34\x77\xCF";

    static unsigned char e[] = "\x3";

    static unsigned char d[] =
        "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
        "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
        "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
        "\xE5\xEB";

    static unsigned char p[] =
        "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
        "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";

    static unsigned char q[] =
        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";

    static unsigned char dmp1[] =
        "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
        "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";

    static unsigned char dmq1[] =
        "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
        "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";

    static unsigned char iqmp[] =
        "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
        "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";

    static unsigned char ctext_ex[] =
        "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
        "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
        "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
        "\x62\x51";

    SetKey;
}

static int key3(RSA *key, unsigned char *c)
{
    static unsigned char n[] =
        "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
        "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
        "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
        "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
        "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
        "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
        "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
        "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
        "\xCB";

    static unsigned char e[] = "\x11";

    static unsigned char d[] =
        "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
        "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
        "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
        "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
        "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
        "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
        "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
        "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
        "\xC1";

    static unsigned char p[] =
        "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
        "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
        "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
        "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
        "\x99";

    static unsigned char q[] =
        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
        "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
        "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
        "\x03";

    static unsigned char dmp1[] =
        "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
        "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
        "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
        "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";

    static unsigned char dmq1[] =
        "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
        "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
        "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
        "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";

    static unsigned char iqmp[] =
        "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
        "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
        "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
        "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
        "\xF7";

    static unsigned char ctext_ex[] =
        "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
        "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
        "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
        "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
        "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
        "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
        "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
        "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";

    SetKey;
}

static int pad_unknown(void)
{
    unsigned long l;
    while ((l = ERR_get_error()) != 0)
        if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
            return (1);
    return (0);
}

static const char rnd_seed[] =
    "string to make the random number generator think it has entropy";

int main(int argc, char *argv[])
{
    int err = 0;
    int v;
    RSA *key;
    unsigned char ptext[256];
    unsigned char ctext[256];
    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
    unsigned char ctext_ex[256];
    int plen;
    int clen = 0;
    int num;
    int n;

    plen = sizeof(ptext_ex) - 1;

    for (v = 0; v < 3; v++) {
        key = RSA_new();
        switch (v) {
        case 0:
            clen = key1(key, ctext_ex);
            break;
        case 1:
            clen = key2(key, ctext_ex);
            break;
        case 2:
            clen = key3(key, ctext_ex);
            break;
        }

        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
                                 RSA_PKCS1_PADDING);
        if (num != clen) {
            printf("PKCS#1 v1.5 encryption failed!\n");
            err = 1;
            goto oaep;
        }

        num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
            printf("PKCS#1 v1.5 decryption failed!\n");
            err = 1;
        } else
            printf("PKCS #1 v1.5 encryption/decryption ok\n");

 oaep:
        ERR_clear_error();
        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
                                 RSA_PKCS1_OAEP_PADDING);
        if (num == -1 && pad_unknown()) {
            printf("No OAEP support\n");
            goto next;
        }
        if (num != clen) {
            printf("OAEP encryption failed!\n");
            err = 1;
            goto next;
        }

        num = RSA_private_decrypt(num, ctext, ptext, key,
                                  RSA_PKCS1_OAEP_PADDING);
        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
            printf("OAEP decryption (encrypted data) failed!\n");
            err = 1;
        } else if (memcmp(ctext, ctext_ex, num) == 0)
            printf("OAEP test vector %d passed!\n", v);

        /*
         * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try
         * decrypting ctext_ex
         */

        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
                                  RSA_PKCS1_OAEP_PADDING);

        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
            printf("OAEP decryption (test vector data) failed!\n");
            err = 1;
        } else
            printf("OAEP encryption/decryption ok\n");

        /* Try decrypting corrupted ciphertexts. */
        for (n = 0; n < clen; ++n) {
            ctext[n] ^= 1;
            num = RSA_private_decrypt(clen, ctext, ptext, key,
                                          RSA_PKCS1_OAEP_PADDING);
            if (num > 0) {
                printf("Corrupt data decrypted!\n");
                err = 1;
                break;
            }
            ctext[n] ^= 1;
        }

        /* Test truncated ciphertexts, as well as negative length. */
        for (n = -1; n < clen; ++n) {
            num = RSA_private_decrypt(n, ctext, ptext, key,
                                      RSA_PKCS1_OAEP_PADDING);
            if (num > 0) {
                printf("Truncated data decrypted!\n");
                err = 1;
                break;
            }
        }

 next:
        RSA_free(key);
    }

    return err;
}
#endif
Added jni/libressl/tests/servertest.bat.


































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
@echo off
setlocal enabledelayedexpansion
REM	servertest.bat

set servertest_bin=Debug\servertest.exe
if not exist %servertest_bin% exit /b 1

if "%srcdir%"=="" (
	set srcdir=.
)

%servertest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem
if !errorlevel! neq 0 (
	exit /b 1
)

endlocal
Added jni/libressl/tests/servertest.c.
















































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */
/*
 * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <openssl/ssl.h>

#include <openssl/err.h>
#include <openssl/dtls1.h>
#include <openssl/ssl3.h>

#include <err.h>
#include <stdio.h>
#include <string.h>

char *server_ca_file;
char *server_cert_file;
char *server_key_file;

static unsigned char sslv2_client_hello_tls10[] = {
	0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
	0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
	0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
	0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
	0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
	0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
	0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
	0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
	0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
	0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
	0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
	0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
	0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
	0xc8, 0x73, 0xad, 0x9c,
};

static unsigned char sslv2_client_hello_tls12[] = {
	0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
	0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
	0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
	0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
	0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
	0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
	0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
	0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
	0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
	0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
	0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
	0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
	0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
	0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
	0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
	0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
	0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
	0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
	0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
	0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
	0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
	0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
	0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
	0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
	0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
	0x4e, 0x7d, 0x9d, 0x9c, 0x52,
};

struct server_hello_test {
	const unsigned char *desc;
	unsigned char *client_hello;
	const size_t client_hello_len;
	const SSL_METHOD *(*ssl_method)(void);
	const long ssl_options;
};

static struct server_hello_test server_hello_tests[] = {
	{
		.desc = "TLSv1.0 in SSLv2 record",
		.client_hello = sslv2_client_hello_tls10,
		.client_hello_len = sizeof(sslv2_client_hello_tls10),
		.ssl_method = TLS_server_method,
		.ssl_options = 0,
	},
	{
		.desc = "TLSv1.2 in SSLv2 record",
		.client_hello = sslv2_client_hello_tls12,
		.client_hello_len = sizeof(sslv2_client_hello_tls12),
		.ssl_method = TLS_server_method,
		.ssl_options = 0,
	},
};

#define N_SERVER_HELLO_TESTS \
    (sizeof(server_hello_tests) / sizeof(*server_hello_tests))

static int
server_hello_test(int testno, struct server_hello_test *sht)
{
	BIO *rbio = NULL, *wbio = NULL;
	SSL_CTX *ssl_ctx = NULL;
	SSL *ssl = NULL;
	int ret = 1;

	fprintf(stderr, "Test %i - %s\n", testno, sht->desc);

	if ((rbio = BIO_new_mem_buf(sht->client_hello,
	    sht->client_hello_len)) == NULL) {
		fprintf(stderr, "Failed to setup rbio\n");
		goto failure;
	}
	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
		fprintf(stderr, "Failed to setup wbio\n");
		goto failure;
	}

	if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
		goto failure;
	}

	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
	    SSL_FILETYPE_PEM) != 1) {
		fprintf(stderr, "Failed to load server certificate");
		goto failure;
	}
	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
	    SSL_FILETYPE_PEM) != 1) {
		fprintf(stderr, "Failed to load server private key");
		goto failure;
	}

	SSL_CTX_set_dh_auto(ssl_ctx, 1);
	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
	SSL_CTX_set_options(ssl_ctx, sht->ssl_options);

	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
		fprintf(stderr, "SSL_new() returned NULL\n");
		goto failure;
	}

	rbio->references = 2;
	wbio->references = 2;

	SSL_set_bio(ssl, rbio, wbio);
	
	if (SSL_accept(ssl) != 0) {
		fprintf(stderr, "SSL_accept() returned non-zero\n");
		ERR_print_errors_fp(stderr);
		goto failure;
	}

	ret = 0;

 failure:
	SSL_CTX_free(ssl_ctx);
	SSL_free(ssl);

	rbio->references = 1;
	wbio->references = 1;

	BIO_free(rbio);
	BIO_free(wbio);

	return (ret);
}

int
main(int argc, char **argv)
{
	int failed = 0;
	size_t i;

	if (argc != 4) {
		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
		    argv[0]);
		exit(1);
	}

	server_key_file = argv[1];
	server_cert_file = argv[2];
	server_ca_file = argv[3];

	SSL_library_init();
	SSL_load_error_strings();

	for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
		failed |= server_hello_test(i, &server_hello_tests[i]);

	return (failed);
}
Added jni/libressl/tests/servertest.sh.


























>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/sh
set -e

servertest_bin=./servertest
if [ -e ./servertest.exe ]; then
	servertest_bin=./servertest.exe
fi

if [ -z $srcdir ]; then
	srcdir=.
fi

$servertest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem
Added jni/libressl/tests/ssl_versions.c.


























































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
/* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */
/*
 * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <openssl/ssl.h>

#include "ssl_locl.h"

struct version_range_test {
	const long options;
	const uint16_t minver;
	const uint16_t maxver;
	const uint16_t want_minver;
	const uint16_t want_maxver;
};

static struct version_range_test version_range_tests[] = {
	{
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_1_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1_1,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_2_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_1_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = 0,
		.want_maxver = 0,
	},
	{
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.options = 0,
		.minver = TLS1_1_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_1_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.options = 0,
		.minver = TLS1_2_VERSION,
		.maxver = TLS1_2_VERSION,
		.want_minver = TLS1_2_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_1_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_VERSION,
		.want_minver = TLS1_VERSION,
		.want_maxver = TLS1_VERSION,
	},
};

#define N_VERSION_RANGE_TESTS \
    (sizeof(version_range_tests) / sizeof(*version_range_tests))

static int
test_ssl_enabled_version_range(void)
{
	struct version_range_test *vrt;
	uint16_t minver, maxver;
	SSL_CTX *ssl_ctx = NULL;
	SSL *ssl = NULL;
	int failed = 1;
	size_t i;

	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 
		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
		goto failure;
	}
	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
		fprintf(stderr, "SSL_new() returned NULL\n");
		goto failure;
	}

	failed = 0;

	for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
		vrt = &version_range_tests[i];

		SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
		    SSL_OP_NO_TLSv1_2);
		SSL_set_options(ssl, vrt->options);

		minver = maxver = 0xffff;
		ssl->internal->min_version = vrt->minver;
		ssl->internal->max_version = vrt->maxver;

		if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
			if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
				fprintf(stderr, "FAIL: test %zu - failed but "
				    "wanted non-zero versions\n", i);
				failed++;
			}
			continue;
		}
		if (minver != vrt->want_minver) {
			fprintf(stderr, "FAIL: test %zu - got minver %x, "
			    "want %x\n", i, minver, vrt->want_minver);
			failed++;
		}
		if (maxver != vrt->want_maxver) {
			fprintf(stderr, "FAIL: test %zu - got maxver %x, "
			    "want %x\n", i, maxver, vrt->want_maxver);
			failed++;
		}
	}

 failure:
	SSL_CTX_free(ssl_ctx);
	SSL_free(ssl);

	return (failed);
}

struct shared_version_test {
	const SSL_METHOD *(*ssl_method)(void);
	const long options;
	const uint16_t minver;
	const uint16_t maxver;
	const uint16_t peerver;
	const uint16_t want_maxver;
};

static struct shared_version_test shared_version_tests[] = {
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = SSL2_VERSION,
		.want_maxver = 0,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = SSL3_VERSION,
		.want_maxver = 0,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_1_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = 0x7f12,
		.want_maxver = TLS1_2_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = 0,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_1_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_1_VERSION,
		.want_maxver = 0,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_1_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = SSL_OP_NO_TLSv1,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_VERSION,
		.want_maxver = 0,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_1_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.ssl_method = TLS_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.ssl_method = TLSv1_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_VERSION,
		.want_maxver = TLS1_VERSION,
	},
	{
		.ssl_method = TLSv1_method,
		.options = 0,
		.minver = TLS1_1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_VERSION,
		.want_maxver = 0,
	},
	{
		.ssl_method = TLSv1_1_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_1_VERSION,
		.want_maxver = TLS1_1_VERSION,
	},
	{
		.ssl_method = DTLSv1_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = DTLS1_VERSION,
		.want_maxver = DTLS1_VERSION,
	},
	{
		.ssl_method = DTLSv1_method,
		.options = 0,
		.minver = TLS1_VERSION,
		.maxver = TLS1_2_VERSION,
		.peerver = TLS1_2_VERSION,
		.want_maxver = 0,
	},
};

#define N_SHARED_VERSION_TESTS \
    (sizeof(shared_version_tests) / sizeof(*shared_version_tests))

static int
test_ssl_max_shared_version(void)
{
	struct shared_version_test *srt;
	SSL_CTX *ssl_ctx = NULL;
	SSL *ssl = NULL;
	uint16_t maxver;
	int failed = 0;
	size_t i;

	failed = 0;

	for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
		srt = &shared_version_tests[i];

		if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) { 
			fprintf(stderr, "SSL_CTX_new() returned NULL\n");
			return 1;
		}
		if ((ssl = SSL_new(ssl_ctx)) == NULL) {
			fprintf(stderr, "SSL_new() returned NULL\n");
			return 1;
		}

		SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
		    SSL_OP_NO_TLSv1_2);
		SSL_set_options(ssl, srt->options);

		maxver = 0;
		ssl->internal->min_version = srt->minver;
		ssl->internal->max_version = srt->maxver;

		if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
			if (srt->want_maxver != 0) {
				fprintf(stderr, "FAIL: test %zu - failed but "
				    "wanted non-zero shared version\n", i);
				failed++;
			}
			continue;
		}
		if (maxver != srt->want_maxver) {
			fprintf(stderr, "FAIL: test %zu - got shared "
			    "version %x, want %x\n", i, maxver,
			    srt->want_maxver);
			failed++;
		}

		SSL_CTX_free(ssl_ctx);
		SSL_free(ssl);
	}

	return (failed);
}

int
main(int argc, char **argv)
{
	int failed = 0;

	SSL_library_init();

	failed |= test_ssl_enabled_version_range();
	failed |= test_ssl_max_shared_version();

	if (failed == 0)
		printf("PASS %s\n", __FILE__);

        return (failed);
}
Added jni/libressl/tests/ssltest.bat.










































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
@echo off
setlocal enabledelayedexpansion
REM	ssltest.bat

set ssltest_bin=Debug\ssltest.exe
if not exist %ssltest_bin% exit /b 1

set openssl_bin=..\apps\openssl\Debug\openssl.exe
if not exist %openssl_bin% exit /b 1

if "%srcdir%"=="" (
	set srcdir=.
)

%srcdir%\testssl.bat %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem ^
    %ssltest_bin% %openssl_bin%
if !errorlevel! neq 0 (
	exit /b 1
)

endlocal
Changes to jni/libressl/tests/ssltest.c.
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
		if (named_curve != NULL) {
			nid = OBJ_sn2nid(named_curve);
			if (nid == 0) {
				BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
				goto end;
			}
		} else
#ifdef OPENSSL_NO_EC2M
			nid = NID_X9_62_prime256v1;
#else
		nid = NID_sect163r2;
#endif

		ecdh = EC_KEY_new_by_curve_name(nid);
		if (ecdh == NULL) {
			BIO_printf(bio_err, "unable to create curve\n");
			goto end;
		}








<

<
<
<







789
790
791
792
793
794
795

796



797
798
799
800
801
802
803
		if (named_curve != NULL) {
			nid = OBJ_sn2nid(named_curve);
			if (nid == 0) {
				BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
				goto end;
			}
		} else

			nid = NID_X9_62_prime256v1;




		ecdh = EC_KEY_new_by_curve_name(nid);
		if (ecdh == NULL) {
			BIO_printf(bio_err, "unable to create curve\n");
			goto end;
		}

1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
						printf((io2 == client_io) ?
						    "C->S relaying: %d bytes\n" :
						    "S->C relaying: %d bytes\n",
						    (int)num);
				}
			} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */

			if (!progress && !prev_progress)
				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
				fprintf(stderr, "ERROR: got stuck\n");
				if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) {
					fprintf(stderr, "This can happen for SSL2 because "
					    "CLIENT-FINISHED and SERVER-VERIFY are written \n"
					    "concurrently ...");
					if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 &&
						    strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) {
						fprintf(stderr, " ok.\n");
						goto end;
					}
				}
				fprintf(stderr, " ERROR.\n");
				goto err;
			}
			prev_progress = progress;
		}
	} while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);

	if (verbose)
		print_details(c_ssl, "DONE via BIO pair: ");

	if (verify_npn(c_ssl, s_ssl) < 0) {
		ret = 1;
		goto err;
	}
	if (verify_alpn(c_ssl, s_ssl) < 0) {
		ret = 1;
		goto err;
	}

end:
	ret = 0;

err:
	ERR_print_errors(bio_err);

	BIO_free(server);
	BIO_free(server_io);







|

|
<
<
<
<
<
<
<
|
|
<
<
<

















<







1258
1259
1260
1261
1262
1263
1264
1265
1266
1267







1268
1269



1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286

1287
1288
1289
1290
1291
1292
1293
						printf((io2 == client_io) ?
						    "C->S relaying: %d bytes\n" :
						    "S->C relaying: %d bytes\n",
						    (int)num);
				}
			} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */

			if (!progress && !prev_progress) {
				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
					fprintf(stderr, "ERROR: got stuck\n");







					goto err;
				}



			}
			prev_progress = progress;
		}
	} while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);

	if (verbose)
		print_details(c_ssl, "DONE via BIO pair: ");

	if (verify_npn(c_ssl, s_ssl) < 0) {
		ret = 1;
		goto err;
	}
	if (verify_alpn(c_ssl, s_ssl) < 0) {
		ret = 1;
		goto err;
	}


	ret = 0;

err:
	ERR_print_errors(bio_err);

	BIO_free(server);
	BIO_free(server_io);
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408

1409
1410
1411
1412
1413
1414
1415
		if ((i && c_r) || c_w)
			do_client = 1;

		if (do_server && debug) {
			if (SSL_in_init(s_ssl))
				printf("server waiting in SSL_accept - %s\n",
				    SSL_state_string_long(s_ssl));
/*			else if (s_write)
				printf("server:SSL_write()\n");
			else
				printf("server:SSL_read()\n"); */
			}

			if (do_client && debug) {
			if (SSL_in_init(c_ssl))
				printf("client waiting in SSL_connect - %s\n",
				    SSL_state_string_long(c_ssl));
/*			else if (c_write)
				printf("client:SSL_write()\n");
			else
				printf("client:SSL_read()\n"); */
			}

			if (!do_client && !do_server) {
			fprintf(stdout, "ERROR IN STARTUP\n");
			ERR_print_errors(bio_err);
			break;
		}

		if (do_client && !(done & C_DONE)) {
			if (c_write) {
				j = (cw_num > (long)sizeof(cbuf)) ?
				    (int)sizeof(cbuf) : (int)cw_num;
				i = BIO_write(c_bio, cbuf, j);
				if (i < 0) {
					c_r = 0;







<
<
<
<
|

|



<
<
<
<
|

|
|

|

>







1366
1367
1368
1369
1370
1371
1372




1373
1374
1375
1376
1377
1378




1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
		if ((i && c_r) || c_w)
			do_client = 1;

		if (do_server && debug) {
			if (SSL_in_init(s_ssl))
				printf("server waiting in SSL_accept - %s\n",
				    SSL_state_string_long(s_ssl));




		}

		if (do_client && debug) {
			if (SSL_in_init(c_ssl))
				printf("client waiting in SSL_connect - %s\n",
				    SSL_state_string_long(c_ssl));




		}

		if (!do_client && !do_server) {
			fprintf(stdout, "ERROR in STARTUP\n");
			ERR_print_errors(bio_err);
			goto err;
		}

		if (do_client && !(done & C_DONE)) {
			if (c_write) {
				j = (cw_num > (long)sizeof(cbuf)) ?
				    (int)sizeof(cbuf) : (int)cw_num;
				i = BIO_write(c_bio, cbuf, j);
				if (i < 0) {
					c_r = 0;
Added jni/libressl/tests/testdsa.bat.












































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
@echo off
setlocal enabledelayedexpansion
REM	testdsa.bat


REM # Test DSA certificate generation of openssl

set cmd=..\apps\openssl\Debug\openssl.exe
if not exist %cmd% exit /b 1

if "%srcdir%"=="" (
	set srcdir=.
)

REM # Generate DSA paramter set
%cmd% dsaparam 512 -out dsa512.pem
if !errorlevel! neq 0 (
	exit /b 1
)


REM # Generate a DSA certificate
%cmd% req -config %srcdir%\openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
if !errorlevel! neq 0 (
	exit /b 1
)


REM # Now check the certificate
%cmd% x509 -text -in testdsa.pem
if !errorlevel! neq 0 (
	exit /b 1
)

del testdsa.key dsa512.pem testdsa.pem

exit /b 0
endlocal
Added jni/libressl/tests/testenc.bat.










































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
@echo off
setlocal enabledelayedexpansion
REM	testenc.bat

set test=p
set cmd=..\apps\openssl\Debug\openssl.exe
if not exist %cmd% exit /b 1

set srcdir=..\..\tests

copy %srcdir%\openssl.cnf %test%

echo cat
%cmd% enc -in %test% -out %test%.cipher
%cmd% enc -in %test%.cipher -out %test%.clear
fc /b %test% %test%.clear
if !errorlevel! neq 0 (
	exit /b 1
) else (
	del %test%.cipher %test%.clear
)

echo base64
%cmd% enc -a -e -in %test% -out %test%.cipher
%cmd% enc -a -d -in %test%.cipher -out %test%.clear
fc /b %test% %test%.clear
if !errorlevel! neq 0 (
	exit /b 1
) else (
	del %test%.cipher %test%.clear
)

for %%i in (
	aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8
	aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb
	aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
	aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8
	aes-256-ecb aes-256-ofb
	bf-cbc bf-cfb bf-ecb bf-ofb
	cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
	des-cbc des-cfb des-cfb8 des-ecb des-ede
	des-ede-cbc des-ede-cfb des-ede-ofb des-ede3
	des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc
	rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
	rc4 rc4-40
) do (
	echo %%i
	%cmd% %%i -e -k test -in %test% -out %test%.%%i.cipher
	%cmd% %%i -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear
	fc /b %test% %test%.%%i.clear
	if !errorlevel! neq 0 (
		exit /b 1
	) else (
		del %test%.%%i.cipher %test%.%%i.clear
	)

	echo %%i base64
	%cmd% %%i -a -e -k test -in %test% -out %test%.%%i.cipher
	%cmd% %%i -a -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear
	fc /b %test% %test%.%%i.clear
	if !errorlevel! neq 0 (
		exit /b 1
	) else (
		del %test%.%%i.cipher %test%.%%i.clear
	)
)

del %test%
endlocal
Added jni/libressl/tests/testrsa.bat.












































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
@echo off
setlocal enabledelayedexpansion
REM	testrsa.bat


REM # Test RSA certificate generation of openssl

set cmd=..\apps\openssl\Debug\openssl.exe
if not exist %cmd% exit /b 1

if "%srcdir%"=="" (
	set srcdir=.
)

REM # Generate RSA private key
%cmd% genrsa -out rsakey.pem
if !errorlevel! neq 0 (
	exit /b 1
)


REM # Generate an RSA certificate
%cmd% req -config %srcdir%\openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
if !errorlevel! neq 0 (
	exit /b 1
)


REM # Now check the certificate
%cmd% x509 -text -in rsacert.pem
if !errorlevel! neq 0 (
	exit /b 1
)

del rsacert.pem rsakey.pem

exit /b 0
endlocal
Changes to jni/libressl/tests/tests.h.
1
2
3
4
5
6
7
8
/*	$OpenBSD$	*/
/*
 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: tests.h,v 1.1 2015/06/27 23:35:52 doug Exp $	*/
/*
 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Added jni/libressl/tests/testssl.bat.


























































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
@echo off
setlocal enabledelayedexpansion
REM	testssl.bat

set key=%1
set cert=%2
set CA=-CAfile %3
set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert%
set openssl=%5
set extra=%6

%openssl% version & if !errorlevel! neq 0 exit /b 1

for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find /c "DSA Public Key"`) do set lines=%%s
if %lines% gtr 0 (
  set dsa_cert=YES
) else (
  set dsa_cert=NO
)

REM #########################################################################

echo test sslv2/sslv3
%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with server authentication
%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with client authentication
%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with both client and server authentication
%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 via BIO pair
%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1

if %dsa_cert%==NO (
  echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair"
  %ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1
)

echo test sslv2/sslv3 with 1024bit DHE via BIO pair
%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with server authentication
%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with client authentication via BIO pair
%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair
%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo "Testing ciphersuites"
for %%p in ( TLSv1.2 ) do (
  echo "Testing ciphersuites for %%p"
  for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do (
    echo "Testing %%c"
    %ssltest% -cipher %%c
    if !errorlevel! neq 0 (
      echo "Failed %%c"
      exit /b 1
    )
  )
)

REM ##########################################################################

for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
if %nodh%==no-dh (
  echo skipping anonymous DH tests
) else (
  echo test tls1 with 1024bit anonymous DH, multiple handshakes
  %ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
)

REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
REM #if %norsa%==no-rsa (
REM #  echo skipping RSA tests
REM #) else (
REM #  echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes"
REM #  %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
REM #
REM #  for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
REM #  if %nodh%==no-dh (
REM #    echo skipping RSA+DHE tests
REM #  ) else (
REM #    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
REM #    %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
REM #  )
REM #)

REM #
REM # DTLS tests
REM #

echo test dtlsv1
%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1

echo test dtlsv1 with server authentication
%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test dtlsv1 with client authentication
%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test dtlsv1 with both client and server authentication
%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo "Testing DTLS ciphersuites"
for %%p in ( SSLv3 ) do (
  echo "Testing ciphersuites for %%p"
  for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do (
    echo "Testing %%c"
    %ssltest% -cipher %%c -dtls1
    if !errorlevel! neq 0 (
      echo "Failed %%c"
      exit /b 1
    )
  )
)

REM #
REM # Next Protocol Negotiation tests
REM #
echo "Testing NPN..."
%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1

REM #
REM # ALPN tests
REM #
echo "Testing ALPN..."
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1

endlocal
Changes to jni/libressl/tests/timingsafe.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: timingsafe.c,v 1.2 2014/06/13 02:12:17 matthew Exp $	*/
/*
 * Copyright (c) 2014 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: timingsafe.c,v 1.3 2014/06/21 22:57:15 tedu Exp $	*/
/*
 * Copyright (c) 2014 Google Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Added jni/libressl/tests/tls_ext_alpn.c.


















































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
/*	$OpenBSD: tls_ext_alpn.c,v 1.3 2017/01/22 08:19:36 jsing Exp $	*/
/*
 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * Test TLS extension Application-Layer Protocol Negotiation (RFC 7301).
 */
#include <stdio.h>
#include <openssl/ssl.h>

#include "ssl_locl.h"

#include "tests.h"

/*
 * In the ProtocolNameList, ProtocolNames must not include empty strings and
 * byte strings must not be truncated.
 *
 * This uses some of the IANA approved protocol names from:
 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
 */

/* Valid for client and server since it only has one name. */
static uint8_t proto_single[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0f, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x0b, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x09, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x08, /* len */
	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
};

/* Valid for client, but NOT server.  Server must have exactly one name. */
static uint8_t proto_multiple1[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x19, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x15, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x13, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x08, /* len */
	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
	/* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
	0x09, /* len */
	0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
};

/* Valid for client, but NOT server.  Server must have exactly one name. */
static uint8_t proto_multiple2[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x1c, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x18, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x16, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x08, /* len */
	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
	/* opaque ProtocolName<1..2^8-1> -- 'h2' */
	0x02, /* len */
	0x68, 0x32,
	/* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
	0x09, /* len */
	0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
};

/* Valid for client, but NOT server.  Server must have exactly one name. */
static uint8_t proto_multiple3[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x20, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x1c, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x1a, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x08, /* len */
	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
	/* opaque ProtocolName<1..2^8-1> -- 'h2' */
	0x02, /* len */
	0x68, 0x32,
	/* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
	0x09, /* len */
	0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e,
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};

static uint8_t proto_empty[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions. */
	0x00, 0x00, /* none present. */
};

/* Invalid for both client and server.  Length is wrong. */
static uint8_t proto_invalid_len1[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x04, /* XXX len too large */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len2[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x02, /* XXX len too small */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len3[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x03, /* XXX len too small */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len4[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x06, /* XXX len too large */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len5[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x01, 0x08, /* XXX len too large */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len6[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x05, /* XXX len too small */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len7[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x06, /* XXX len too small */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};
static uint8_t proto_invalid_len8[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0b, /* XXX len too large */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	0x03, /* len */
	0x68, 0x32, 0x63
};

/* Invalid for client and server since it is missing data. */
static uint8_t proto_invalid_missing1[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x06, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x04, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'h2c' */
	/* XXX missing */
};
static uint8_t proto_invalid_missing2[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x00, /* XXX missing name list */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
};
static uint8_t proto_invalid_missing3[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x02, /* XXX size is sufficient but missing data for name list */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
};
static uint8_t proto_invalid_missing4[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x0a, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	/* XXX missing */
};
static uint8_t proto_invalid_missing5[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x1c, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x18, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x16, /* len of all names */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x08, /* len */
	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
	/* opaque ProtocolName<1..2^8-1> -- 'h2' */
	0x02, /* len */
	0x68, 0x32,
	/* XXX missing name */
};
static uint8_t proto_invalid_missing6[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x07, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x03, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x01, /* XXX len must be at least 2 */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x00, /* XXX len cannot be 0 */
};
static uint8_t proto_invalid_missing7[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x07, /* len */
	/* ExtensionType extension_type */
	0x00, 0x10, /* ALPN */
	/* opaque extension_data<0..2^16-1> */
	0x00, 0x03, /* len */
	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
	0x00, 0x02, /* XXX len is at least 2 but not correct. */
	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
	0x00, /* XXX len cannot be 0 */
};
static uint8_t proto_invalid_missing8[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x00, 0x01, /* len */
	/* ExtensionType extension_type */
	0x00, /* XXX need a 2 byte type */
};
static uint8_t proto_invalid_missing9[] = {
	/* Extension extensions<0..2^16-1> -- All TLS extensions */
	0x0a, /* XXX need a 2 byte len */
};


#define CHECK_BOTH(c_val,s_val,proto) do {				\
	{								\
		unsigned char *p = proto;				\
		int al;							\
		CHECK(c_val == ssl_parse_clienthello_tlsext(s, &p,	\
		    proto, sizeof(proto), &al));			\
		p = proto;						\
		CHECK(s_val == ssl_parse_serverhello_tlsext(s, &p,	\
		    sizeof(proto), &al));				\
	}								\
} while (0)

static int dummy_alpn_cb(SSL *ssl, const unsigned char **out,
    unsigned char *outlen, const unsigned char *in, unsigned int inlen,
    void *arg);

static int
check_valid_alpn(SSL *s)
{
	const uint8_t str[] = {
		0x08, /* len */
		0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
	};

	/* Setup in order to test ALPN. */
	CHECK(! SSL_set_alpn_protos(s, str, 9));
	SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);

	/* Prerequisites to test these. */
	CHECK(s->internal->alpn_client_proto_list != NULL);
	CHECK(s->ctx->internal->alpn_select_cb != NULL);
	//CHECK(s->s3->tmp.finish_md_len == 0);

	CHECK_BOTH(1, 1, proto_single);
	CHECK_BOTH(1, 1, proto_empty);

	/* Multiple protocol names are only valid for client */
	CHECK_BOTH(1, 0, proto_multiple1);
	CHECK_BOTH(1, 0, proto_multiple2);
	CHECK_BOTH(1, 0, proto_multiple3);

	return 1;
}

/*
 * Some of the IANA approved IDs from:
 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
 */
static int
check_invalid_alpn(SSL *s)
{
	const uint8_t str[] = {
		0x08, /* len */
		0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
	};

	/* Setup in order to test ALPN. */
	CHECK(! SSL_set_alpn_protos(s, str, 9));
	SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);

	/* Prerequisites to test these. */
	CHECK(s->internal->alpn_client_proto_list != NULL);
	CHECK(s->ctx->internal->alpn_select_cb != NULL);
	//CHECK(s->s3->tmp.finish_md_len == 0);

	/* None of these are valid for client or server */
	CHECK_BOTH(0, 0, proto_invalid_len1);
	CHECK_BOTH(0, 0, proto_invalid_len2);
	CHECK_BOTH(0, 0, proto_invalid_len3);
	CHECK_BOTH(0, 0, proto_invalid_len4);
	CHECK_BOTH(0, 0, proto_invalid_len5);
	CHECK_BOTH(0, 0, proto_invalid_len6);
	CHECK_BOTH(0, 0, proto_invalid_len7);
	CHECK_BOTH(0, 0, proto_invalid_len8);
	CHECK_BOTH(0, 0, proto_invalid_missing1);
	CHECK_BOTH(0, 0, proto_invalid_missing2);
	CHECK_BOTH(0, 0, proto_invalid_missing3);
	CHECK_BOTH(0, 0, proto_invalid_missing4);
	CHECK_BOTH(0, 0, proto_invalid_missing5);
	CHECK_BOTH(0, 0, proto_invalid_missing6);
	CHECK_BOTH(0, 0, proto_invalid_missing7);
	CHECK_BOTH(0, 0, proto_invalid_missing8);
	CHECK_BOTH(0, 0, proto_invalid_missing9);

	return 1;
}

int
dummy_alpn_cb(SSL *ssl __attribute__((unused)), const unsigned char **out,
    unsigned char *outlen, const unsigned char *in, unsigned int inlen,
    void *arg __attribute__((unused)))
{
	*out = in;
	*outlen = (unsigned char)inlen;

	return 0;
}

int
main(void)
{
	SSL_CTX *ctx = NULL;
	SSL *s = NULL;
	int rv = 1;

	SSL_library_init();

	CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
	CHECK_GOTO((s = SSL_new(ctx)) != NULL);

	if (!check_valid_alpn(s))
		goto err;
	if (!check_invalid_alpn(s))
		goto err;

	rv = 0;

err:
	SSL_CTX_free(ctx);
	SSL_free(s);

	if (!rv)
		printf("PASS %s\n", __FILE__);
	return rv;
}
Added jni/libressl/tests/tls_prf.c.






















































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
/* $OpenBSD: tls_prf.c,v 1.3 2017/03/25 13:37:40 jsing Exp $ */
/*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <err.h>

#include "ssl_locl.h"

int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);

#define TLS_PRF_OUT_LEN 128

struct tls_prf_test {
	const unsigned char *desc;
	const SSL_METHOD *(*ssl_method)(void);
	const uint16_t cipher_value;
	const unsigned char out[TLS_PRF_OUT_LEN];
};

static struct tls_prf_test tls_prf_tests[] = {
	{
		.desc = "MD5+SHA1",
		.ssl_method = TLSv1_method,
		.cipher_value = 0x0033,
		.out = {
			0x03, 0xa1, 0xc1, 0x7d, 0x2c, 0xa5, 0x3d, 0xe8,
			0x9d, 0x59, 0x5e, 0x30, 0xf5, 0x71, 0xbb, 0x96,
			0xde, 0x5c, 0x8e, 0xdc, 0x25, 0x8a, 0x7c, 0x05,
			0x9f, 0x7d, 0x35, 0x29, 0x45, 0xae, 0x56, 0xad,
			0x9f, 0x57, 0x15, 0x5c, 0xdb, 0x83, 0x3a, 0xac,
			0x19, 0xa8, 0x2b, 0x40, 0x72, 0x38, 0x1e, 0xed,
			0xf3, 0x25, 0xde, 0x84, 0x84, 0xd8, 0xd1, 0xfc,
			0x31, 0x85, 0x81, 0x12, 0x55, 0x4d, 0x12, 0xb5,
			0xed, 0x78, 0x5e, 0xba, 0xc8, 0xec, 0x8d, 0x28,
			0xa1, 0x21, 0x1e, 0x6e, 0x07, 0xf1, 0xfc, 0xf5,
			0xbf, 0xe4, 0x8e, 0x8e, 0x97, 0x15, 0x93, 0x85,
			0x75, 0xdd, 0x87, 0x09, 0xd0, 0x4e, 0xe5, 0xd5,
			0x9e, 0x1f, 0xd6, 0x1c, 0x3b, 0xe9, 0xad, 0xba,
			0xe0, 0x16, 0x56, 0x62, 0x90, 0xd6, 0x82, 0x84,
			0xec, 0x8a, 0x22, 0xbe, 0xdc, 0x6a, 0x5e, 0x05,
			0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66,
		},
	},
	{
		.desc = "GOST94",
		.ssl_method = TLSv1_2_method,
		.cipher_value = 0x0081,
		.out = {
			 0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
			 0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
			 0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
			 0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
			 0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
			 0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
			 0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
			 0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
			 0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
			 0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
			 0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
			 0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
			 0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
			 0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
			 0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
			 0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
		},
	},
	{
		.desc = "SHA256 (via TLSv1.2)",
		.ssl_method = TLSv1_2_method,
		.cipher_value = 0x0033,
		.out = {
			 0x37, 0xa7, 0x06, 0x71, 0x6e, 0x19, 0x19, 0xda,
			 0x23, 0x8c, 0xcc, 0xb4, 0x2f, 0x31, 0x64, 0x9d,
			 0x05, 0x29, 0x1c, 0x33, 0x7e, 0x09, 0x1b, 0x0c,
			 0x0e, 0x23, 0xc1, 0xb0, 0x40, 0xcc, 0x31, 0xf7,
			 0x55, 0x66, 0x68, 0xd9, 0xa8, 0xae, 0x74, 0x75,
			 0xf3, 0x46, 0xe9, 0x3a, 0x54, 0x9d, 0xe0, 0x8b,
			 0x7e, 0x6c, 0x63, 0x1c, 0xfa, 0x2f, 0xfd, 0xc9,
			 0xd3, 0xf1, 0xd3, 0xfe, 0x7b, 0x9e, 0x14, 0x95,
			 0xb5, 0xd0, 0xad, 0x9b, 0xee, 0x78, 0x8c, 0x83,
			 0x18, 0x58, 0x7e, 0xa2, 0x23, 0xc1, 0x8b, 0x62,
			 0x94, 0x12, 0xcb, 0xb6, 0x60, 0x69, 0x32, 0xfe,
			 0x98, 0x0e, 0x93, 0xb0, 0x8e, 0x5c, 0xfb, 0x6e,
			 0xdb, 0x9a, 0xc2, 0x9f, 0x8c, 0x5c, 0x43, 0x19,
			 0xeb, 0x4a, 0x52, 0xad, 0x62, 0x2b, 0xdd, 0x9f,
			 0xa3, 0x74, 0xa6, 0x96, 0x61, 0x4d, 0x98, 0x40,
			 0x63, 0xa6, 0xd4, 0xbb, 0x17, 0x11, 0x75, 0xed,
		},
	},
	{
		.desc = "SHA384",
		.ssl_method = TLSv1_2_method,
		.cipher_value = 0x009d,
		.out = {
			 0x00, 0x93, 0xc3, 0xfd, 0xa7, 0xbb, 0xdc, 0x5b,
			 0x13, 0x3a, 0xe6, 0x8b, 0x1b, 0xac, 0xf3, 0xfb,
			 0x3c, 0x9a, 0x78, 0xf6, 0x19, 0xf0, 0x13, 0x0f,
			 0x0d, 0x01, 0x9d, 0xdf, 0x0a, 0x28, 0x38, 0xce,
			 0x1a, 0x9b, 0x43, 0xbe, 0x56, 0x12, 0xa7, 0x16,
			 0x58, 0xe1, 0x8a, 0xe4, 0xc5, 0xbb, 0x10, 0x4c,
			 0x3a, 0xf3, 0x7f, 0xd3, 0xdb, 0xe4, 0xe0, 0x3d,
			 0xcc, 0x83, 0xca, 0xf0, 0xf9, 0x69, 0xcc, 0x70,
			 0x83, 0x32, 0xf6, 0xfc, 0x81, 0x80, 0x02, 0xe8,
			 0x31, 0x1e, 0x7c, 0x3b, 0x34, 0xf7, 0x34, 0xd1,
			 0xcf, 0x2a, 0xc4, 0x36, 0x2f, 0xe9, 0xaa, 0x7f,
			 0x6d, 0x1f, 0x5e, 0x0e, 0x39, 0x05, 0x15, 0xe1,
			 0xa2, 0x9a, 0x4d, 0x97, 0x8c, 0x62, 0x46, 0xf1,
			 0x87, 0x65, 0xd8, 0xe9, 0x14, 0x11, 0xa6, 0x48,
			 0xd7, 0x0e, 0x6e, 0x70, 0xad, 0xfb, 0x3f, 0x36,
			 0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
		},
	},
	{
		.desc = "STREEBOG256",
		.ssl_method = TLSv1_2_method,
		.cipher_value = 0xff87,
		.out = {
			0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
			0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
			0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
			0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
			0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
			0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
			0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
			0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
			0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
			0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
			0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
			0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
			0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
			0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
			0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
			0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
		},
	},
};

#define N_TLS_PRF_TESTS \
    (sizeof(tls_prf_tests) / sizeof(*tls_prf_tests))

#define TLS_PRF_SEED1	"tls prf seed 1"
#define TLS_PRF_SEED2	"tls prf seed 2"
#define TLS_PRF_SEED3	"tls prf seed 3"
#define TLS_PRF_SEED4	"tls prf seed 4"
#define TLS_PRF_SEED5	"tls prf seed 5"
#define TLS_PRF_SECRET	"tls prf secretz"

static void
hexdump(const unsigned char *buf, size_t len)
{
	size_t i;

	for (i = 1; i <= len; i++)
		fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");

	fprintf(stderr, "\n");
}

static int
do_tls_prf_test(int test_no, struct tls_prf_test *tpt)
{
	unsigned char *out = NULL;
	const SSL_CIPHER *cipher;
	SSL_CTX *ssl_ctx = NULL;
	SSL *ssl = NULL;
	int failure = 1;
	int len;

	fprintf(stderr, "Test %i - %s\n", test_no, tpt->desc);

	if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL)
		errx(1, "failed to allocate out");

	if ((ssl_ctx = SSL_CTX_new(tpt->ssl_method())) == NULL)
		errx(1, "failed to create SSL context");
	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		errx(1, "failed to create SSL context");

	if ((cipher = ssl3_get_cipher_by_value(tpt->cipher_value)) == NULL) {
		fprintf(stderr, "FAIL: no cipher %hx\n", tpt->cipher_value);
		goto failure;
	}

	S3I(ssl)->tmp.new_cipher = cipher;

	for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
		memset(out, 'A', TLS_PRF_OUT_LEN);

		if (tls1_PRF(ssl, TLS_PRF_SECRET, sizeof(TLS_PRF_SECRET),
		    TLS_PRF_SEED1, sizeof(TLS_PRF_SEED1), TLS_PRF_SEED2,
		    sizeof(TLS_PRF_SEED2), TLS_PRF_SEED3, sizeof(TLS_PRF_SEED3),
		    TLS_PRF_SEED4, sizeof(TLS_PRF_SEED4), TLS_PRF_SEED5,
		    sizeof(TLS_PRF_SEED5), out, len) != 1) {
			fprintf(stderr, "FAIL: tls_PRF failed for len %i\n",
			    len);
			goto failure;
		}

		if (memcmp(out, tpt->out, len) != 0) {
			fprintf(stderr, "FAIL: tls_PRF output differs for "
			    "len %i\n", len);
			fprintf(stderr, "output:\n");
			hexdump(out, TLS_PRF_OUT_LEN);
			fprintf(stderr, "test data:\n");
			hexdump(tpt->out, TLS_PRF_OUT_LEN);
			fprintf(stderr, "\n");
			goto failure;
		}
	}

	failure = 0;

 failure:
	SSL_free(ssl);
	SSL_CTX_free(ssl_ctx);

	free(out);

	return failure;
}

int
main(int argc, char **argv)
{
	int failed = 0;
	size_t i;

	SSL_library_init();
	SSL_load_error_strings();

	for (i = 0; i < N_TLS_PRF_TESTS; i++)
		failed |= do_tls_prf_test(i, &tls_prf_tests[i]);

	return failed;
}
Added jni/libressl/tests/tlstest.bat.


































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
@echo off
setlocal enabledelayedexpansion
REM	tlstest.bat

set tlstest_bin=Debug\tlstest.exe
if not exist %tlstest_bin% exit /b 1

if "%srcdir%"=="" (
	set srcdir=.
)

%tlstest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem
if !errorlevel! neq 0 (
	exit /b 1
)

endlocal
Added jni/libressl/tests/tlstest.c.






























































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
/* $OpenBSD: tlstest.c,v 1.2 2017/01/17 13:19:36 jsing Exp $ */
/*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/socket.h>

#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

#include <tls.h>

#define CIRCULAR_BUFFER_SIZE 512

unsigned char client_buffer[CIRCULAR_BUFFER_SIZE];
unsigned char *client_readptr, *client_writeptr;

unsigned char server_buffer[CIRCULAR_BUFFER_SIZE];
unsigned char *server_readptr, *server_writeptr;

int debug = 0;

static void
circular_init(void)
{
	client_readptr = client_writeptr = client_buffer;
	server_readptr = server_writeptr = server_buffer;
}

static ssize_t
circular_read(char *name, unsigned char *buf, size_t bufsize,
    unsigned char **readptr, unsigned char *writeptr,
    unsigned char *outbuf, size_t outlen)
{
	unsigned char *nextptr = *readptr;
	size_t n = 0;

	while (n < outlen) {
		if (nextptr == writeptr)
			break;
		*outbuf++ = *nextptr++;
		if ((size_t)(nextptr - buf) >= bufsize)
			nextptr = buf;
		*readptr = nextptr;
		n++;
	}

	if (debug && n > 0)
		fprintf(stderr, "%s buffer: read %zi bytes\n", name, n);

	return (n > 0 ? (ssize_t)n : TLS_WANT_POLLIN);
}

static ssize_t
circular_write(char *name, unsigned char *buf, size_t bufsize,
    unsigned char *readptr, unsigned char **writeptr,
    const unsigned char *inbuf, size_t inlen)
{
	unsigned char *nextptr = *writeptr;
	unsigned char *prevptr;
	size_t n = 0;

	while (n < inlen) {
		prevptr = nextptr++;
		if ((size_t)(nextptr - buf) >= bufsize)
			nextptr = buf;
		if (nextptr == readptr)
			break;
		*prevptr = *inbuf++;
		*writeptr = nextptr;
		n++;
	}

	if (debug && n > 0)
		fprintf(stderr, "%s buffer: wrote %zi bytes\n", name, n);

	return (n > 0 ? (ssize_t)n : TLS_WANT_POLLOUT);
}

static ssize_t
client_read(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)
{
	return circular_read("client", client_buffer, sizeof(client_buffer),
	    &client_readptr, client_writeptr, buf, buflen);
}

static ssize_t
client_write(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)
{
	return circular_write("server", server_buffer, sizeof(server_buffer),
	    server_readptr, &server_writeptr, buf, buflen);
}

static ssize_t
server_read(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)
{
	return circular_read("server", server_buffer, sizeof(server_buffer),
	    &server_readptr, server_writeptr, buf, buflen);
}

static ssize_t
server_write(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)
{
	return circular_write("client", client_buffer, sizeof(client_buffer),
	    client_readptr, &client_writeptr, buf, buflen);
}

static int
do_tls_handshake(char *name, struct tls *ctx)
{
	int rv;

	rv = tls_handshake(ctx);
	if (rv == 0)
		return (1);
	if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
		return (0);

	errx(1, "%s handshake failed: %s", name, tls_error(ctx));
}

static int
do_tls_close(char *name, struct tls *ctx)
{
	int rv;

	rv = tls_close(ctx);
	if (rv == 0)
		return (1);
	if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
		return (0);

	errx(1, "%s close failed: %s", name, tls_error(ctx));
}

static int
do_client_server_test(char *desc, struct tls *client, struct tls *server_cctx)
{
	int i, client_done, server_done;

	i = client_done = server_done = 0;
	do {
		if (client_done == 0)
			client_done = do_tls_handshake("client", client);
		if (server_done == 0)
			server_done = do_tls_handshake("server", server_cctx);
	} while (i++ < 100 && (client_done == 0 || server_done == 0));

	if (client_done == 0 || server_done == 0) {
		printf("FAIL: %s TLS handshake did not complete\n", desc);
		return (1);
	}
	printf("INFO: %s TLS handshake completed successfully\n", desc);

	/* XXX - Do some reads and writes... */

	i = client_done = server_done = 0;
	do {
		if (client_done == 0)
			client_done = do_tls_close("client", client);
		if (server_done == 0)
			server_done = do_tls_close("server", server_cctx);
	} while (i++ < 100 && (client_done == 0 || server_done == 0));

	if (client_done == 0 || server_done == 0) {
		printf("FAIL: %s TLS close did not complete\n", desc);
		return (1);
	}
	printf("INFO: %s TLS close completed successfully\n", desc);

	return (0);
}

static int
test_tls_cbs(struct tls *client, struct tls *server)
{
	struct tls *server_cctx;
	int failure;

	circular_init();

	if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
	    NULL) == -1)
		errx(1, "failed to accept: %s", tls_error(server));

	if (tls_connect_cbs(client, client_read, client_write, NULL,
	    "test") == -1)
		errx(1, "failed to connect: %s", tls_error(client));

	failure = do_client_server_test("callback", client, server_cctx);

	tls_free(server_cctx);

	return (failure);
}

static int
test_tls_fds(struct tls *client, struct tls *server)
{
	struct tls *server_cctx;
	int cfds[2], sfds[2];
	int failure;

	if (pipe2(cfds, O_NONBLOCK) == -1)
		err(1, "failed to create pipe");
	if (pipe2(sfds, O_NONBLOCK) == -1)
		err(1, "failed to create pipe");

	if (tls_accept_fds(server, &server_cctx, sfds[0], cfds[1]) == -1)
		errx(1, "failed to accept: %s", tls_error(server));

	if (tls_connect_fds(client, cfds[0], sfds[1], "test") == -1)
		errx(1, "failed to connect: %s", tls_error(client));

	failure = do_client_server_test("file descriptor", client, server_cctx);

	tls_free(server_cctx);

	close(cfds[0]);
	close(cfds[1]);
	close(sfds[0]);
	close(sfds[1]);

	return (failure);
}

static int
test_tls_socket(struct tls *client, struct tls *server)
{
	struct tls *server_cctx;
	int failure;
	int sv[2];

	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC,
	    sv) == -1)
		err(1, "failed to create socketpair");

	if (tls_accept_socket(server, &server_cctx, sv[0]) == -1)
		errx(1, "failed to accept: %s", tls_error(server));

	if (tls_connect_socket(client, sv[1], "test") == -1)
		errx(1, "failed to connect: %s", tls_error(client));

	failure = do_client_server_test("socket", client, server_cctx);

	tls_free(server_cctx);

	close(sv[0]);
	close(sv[1]);

	return (failure);
}

int
main(int argc, char **argv)
{
	struct tls_config *client_cfg, *server_cfg;
	struct tls *client, *server;
	int failure = 0;

	if (argc != 4) {
		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
		    argv[0]);
		return (1);
	}

	if (tls_init() == -1)
		errx(1, "failed to initialise tls");

	if ((client = tls_client()) == NULL)
		errx(1, "failed to create tls client");
	if ((client_cfg = tls_config_new()) == NULL)
		errx(1, "failed to create tls client config");
	tls_config_insecure_noverifyname(client_cfg);
	if (tls_config_set_ca_file(client_cfg, argv[3]) == -1)
		errx(1, "failed to set ca: %s", tls_config_error(client_cfg));

	if ((server = tls_server()) == NULL)
		errx(1, "failed to create tls server");
	if ((server_cfg = tls_config_new()) == NULL)
		errx(1, "failed to create tls server config");
	if (tls_config_set_keypair_file(server_cfg, argv[1], argv[2]) == -1)
		errx(1, "failed to set keypair: %s",
		    tls_config_error(server_cfg));

	tls_reset(client);
	if (tls_configure(client, client_cfg) == -1)
		errx(1, "failed to configure client: %s", tls_error(client));
	tls_reset(server);
	if (tls_configure(server, server_cfg) == -1)
		errx(1, "failed to configure server: %s", tls_error(server));

	failure |= test_tls_cbs(client, server);

	tls_reset(client);
	if (tls_configure(client, client_cfg) == -1)
		errx(1, "failed to configure client: %s", tls_error(client));
	tls_reset(server);
	if (tls_configure(server, server_cfg) == -1)
		errx(1, "failed to configure server: %s", tls_error(server));

	failure |= test_tls_fds(client, server);

	tls_reset(client);
	if (tls_configure(client, client_cfg) == -1)
		errx(1, "failed to configure client: %s", tls_error(client));
	tls_reset(server);
	if (tls_configure(server, server_cfg) == -1)
		errx(1, "failed to configure server: %s", tls_error(server));

	failure |= test_tls_socket(client, server);

	tls_free(client);
	tls_free(server);

	tls_config_free(client_cfg);
	tls_config_free(server_cfg);

	return (failure);
}
Added jni/libressl/tests/tlstest.sh.


























>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/sh
set -e

tlstest_bin=./tlstest
if [ -e ./tlstest.exe ]; then
	tlstest_bin=./tlstest.exe
fi

if [ -z $srcdir ]; then
	srcdir=.
fi

$tlstest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem
Changes to jni/libressl/tests/verifytest.c.
1
2
3
4
5
6
7
8
/*	$OpenBSD: verifytest.c,v 1.4 2015/09/11 12:57:24 beck Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/*	$OpenBSD: verifytest.c,v 1.5 2015/09/11 13:10:42 beck Exp $	*/
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Added jni/libressl/tests/x25519test.c.






















































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
/*
 * Copyright (c) 2015, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <stdint.h>
#include <stdio.h>
#include <string.h>

#include <openssl/curve25519.h>

static int
x25519_test(void)
{
	/* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
	static const uint8_t kScalar1[32] = {
		0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
		0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
		0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
		0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4,
	};
	static const uint8_t kPoint1[32] = {
		0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
		0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
		0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
		0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c,
	};
	static const uint8_t kExpected1[32] = {
		0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
		0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
		0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
		0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52,
	};
	static const uint8_t kScalar2[32] = {
		0x4b, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c,
		0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5,
		0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4,
		0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x0d,
	};
	static const uint8_t kPoint2[32] = {
		0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3,
		0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c,
		0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e,
		0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x93,
	};
	static const uint8_t kExpected2[32] = {
		0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d,
		0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8,
		0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52,
		0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57,
	};

	uint8_t out[32];

	X25519(out, kScalar1, kPoint1);
	if (memcmp(kExpected1, out, sizeof(out)) != 0) {
		fprintf(stderr, "X25519 test one failed.\n");
		return 0;
	}

	X25519(out, kScalar2, kPoint2);
	if (memcmp(kExpected2, out, sizeof(out)) != 0) {
		fprintf(stderr, "X25519 test two failed.\n");
		return 0;
	}

	return 1;
}

static int
x25519_iterated_test(void)
{
	/* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
	static const uint8_t kExpected[32] = {
		0x68, 0x4c, 0xf5, 0x9b, 0xa8, 0x33, 0x09, 0x55,
		0x28, 0x00, 0xef, 0x56, 0x6f, 0x2f, 0x4d, 0x3c,
		0x1c, 0x38, 0x87, 0xc4, 0x93, 0x60, 0xe3, 0x87,
		0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51,
	};

	uint8_t scalar[32] = {9}, point[32] = {9}, out[32];
	unsigned i;

	for (i = 0; i < 1000; i++) {
		X25519(out, scalar, point);
		memcpy(point, scalar, sizeof(point));
		memcpy(scalar, out, sizeof(scalar));
	}

	if (memcmp(kExpected, scalar, sizeof(kExpected)) != 0) {
		fprintf(stderr, "Iterated X25519 test failed\n");
		return 0;
	}

	return 1;
}

static int
x25519_small_order_test(void)
{
	static const uint8_t kSmallOrderPoint[32] = {
		0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae,
		0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a,
		0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd,
		0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00,
	};

	uint8_t out[32], private_key[32];

	memset(private_key, 0x11, sizeof(private_key));
	if (X25519(out, private_key, kSmallOrderPoint)) {
		fprintf(stderr, "X25519 returned success with a small-order input.\n");
		return 0;
	}

	return 1;
}

int
main(int argc, char **argv) {
	if (!x25519_test() ||
	    !x25519_iterated_test() ||
	    !x25519_small_order_test())
		return 1;

	printf("PASS\n");
	return 0;
}
Changes to jni/libressl/tls/CMakeLists.txt.
1
2
3
4
5
6
7
8
9

10
11
12
13

14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

32
33

34
35

36
37


38
39
40
41
42
43
44
45
include_directories(
	.
	../include
	../include/compat
)

set(
	TLS_SRC
	tls.c

	tls_client.c
	tls_config.c
	tls_conninfo.c
	tls_server.c

	tls_peer.c
	tls_util.c
	tls_verify.c
)


if(NOT HAVE_STRSEP)
	set(TLS_SRC ${TLS_SRC} strsep.c)
endif()

if(NOT "${OPENSSLDIR}" STREQUAL "")
	add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
	add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()

if (BUILD_SHARED)
	add_library(tls-objects OBJECT ${TLS_SRC})

	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
	add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)

	if (MSVC)
		target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)

	endif()
	set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls)


	set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
		SOVERSION ${TLS_MAJOR_VERSION})
	install(TARGETS tls tls-shared DESTINATION lib)
else()
	add_library(tls STATIC ${TLS_SRC})
	install(TARGETS tls DESTINATION lib)
endif()










>




>






<
<
<
<






<
|
>


>
|

>

|
>
>


|


|


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21




22
23
24
25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
include_directories(
	.
	../include
	../include/compat
)

set(
	TLS_SRC
	tls.c
	tls_bio_cb.c
	tls_client.c
	tls_config.c
	tls_conninfo.c
	tls_server.c
	tls_ocsp.c
	tls_peer.c
	tls_util.c
	tls_verify.c
)






if(NOT "${OPENSSLDIR}" STREQUAL "")
	add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
	add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()


add_library(tls-objects OBJECT ${TLS_SRC})
if (BUILD_SHARED)
	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
	add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
	export_symbol(tls-shared ${CMAKE_CURRENT_SOURCE_DIR}/tls.sym)
	if (WIN32)
		target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)
		set(TLS_POSTFIX -${TLS_MAJOR_VERSION})
	endif()
	set_target_properties(tls-shared PROPERTIES
		OUTPUT_NAME tls${TLS_POSTFIX}
		ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX})
	set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
		SOVERSION ${TLS_MAJOR_VERSION})
	install(TARGETS tls tls-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
else()
	add_library(tls STATIC ${TLS_SRC})
	install(TARGETS tls DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()

Changes to jni/libressl/tls/Makefile.am.
1
2
3
4
5
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

22
23
24

25
26
27
28
29
30
31
32
include $(top_srcdir)/Makefile.am.common

lib_LTLIBRARIES = libtls.la

EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt


libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
libtls_la_LIBADD += $(PLATFORM_LDADD)

libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
if OPENSSLDIR_DEFINED
libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
else
libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
endif

libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c

libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_conninfo.c
libtls_la_SOURCES += tls_server.c

libtls_la_SOURCES += tls_peer.c
libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h

if !HAVE_STRSEP
libtls_la_SOURCES += strsep.c
endif






>

|













>



>




<
<
<
<
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31




include $(top_srcdir)/Makefile.am.common

lib_LTLIBRARIES = libtls.la

EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += tls.sym

libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
libtls_la_LIBADD += $(PLATFORM_LDADD)

libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
if OPENSSLDIR_DEFINED
libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
else
libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
endif

libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_bio_cb.c
libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_conninfo.c
libtls_la_SOURCES += tls_server.c
libtls_la_SOURCES += tls_ocsp.c
libtls_la_SOURCES += tls_peer.c
libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h




Changes to jni/libressl/tls/Makefile.in.
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@OPENSSLDIR_DEFINED_TRUE@am__append_1 = -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
@OPENSSLDIR_DEFINED_FALSE@am__append_2 = -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
@HAVE_STRSEP_FALSE@am__append_3 = strsep.c
subdir = tls
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \







<







87
88
89
90
91
92
93

94
95
96
97
98
99
100
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@OPENSSLDIR_DEFINED_TRUE@am__append_1 = -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
@OPENSSLDIR_DEFINED_FALSE@am__append_2 = -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"

subdir = tls
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \
	$(top_srcdir)/m4/check-libc.m4 \
	$(top_srcdir)/m4/check-os-options.m4 \
	$(top_srcdir)/m4/disable-compiler-warnings.m4 \
	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
136
137
138
139
140
141
142
143
144
145
146
147

148
149
150
151
152
153
154
155
156
157
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libtls_la_DEPENDENCIES = $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la $(am__DEPENDENCIES_1)
am__libtls_la_SOURCES_DIST = tls.c tls_client.c tls_config.c \
	tls_conninfo.c tls_server.c tls_peer.c tls_util.c tls_verify.c \
	strsep.c
@HAVE_STRSEP_FALSE@am__objects_1 = libtls_la-strsep.lo
am_libtls_la_OBJECTS = libtls_la-tls.lo libtls_la-tls_client.lo \

	libtls_la-tls_config.lo libtls_la-tls_conninfo.lo \
	libtls_la-tls_server.lo libtls_la-tls_peer.lo \
	libtls_la-tls_util.lo libtls_la-tls_verify.lo $(am__objects_1)
libtls_la_OBJECTS = $(am_libtls_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
libtls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \







<
<
<
<

>
|
|
|







135
136
137
138
139
140
141




142
143
144
145
146
147
148
149
150
151
152
153
         $(am__cd) "$$dir" && rm -f $$files; }; \
  }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libtls_la_DEPENDENCIES = $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la $(am__DEPENDENCIES_1)




am_libtls_la_OBJECTS = libtls_la-tls.lo libtls_la-tls_client.lo \
	libtls_la-tls_bio_cb.lo libtls_la-tls_config.lo \
	libtls_la-tls_conninfo.lo libtls_la-tls_server.lo \
	libtls_la-tls_ocsp.lo libtls_la-tls_peer.lo \
	libtls_la-tls_util.lo libtls_la-tls_verify.lo
libtls_la_OBJECTS = $(am_libtls_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 = 
libtls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
	$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo "  CCLD    " $@;
am__v_CCLD_1 = 
SOURCES = $(libtls_la_SOURCES)
DIST_SOURCES = $(am__libtls_la_SOURCES_DIST)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)







|







183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
	$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo "  CCLD    " $@;
am__v_CCLD_1 = 
SOURCES = $(libtls_la_SOURCES)
DIST_SOURCES = $(libtls_la_SOURCES)
am__can_run_installinfo = \
  case $$AM_UPDATE_INFO_DIR in \
    n|no|NO) false;; \
    *) (install-info --version) >/dev/null 2>&1;; \
  esac
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
AUTOHEADER = true
AUTOMAKE = true
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@







|



|
|
|







212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in \
	$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCAS = @CCAS@
CCASDEPMODE = @CCASDEPMODE@
CCASFLAGS = @CCASFLAGS@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
245
246
247
248
249
250
251

252
253
254
255
256
257
258
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@

INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@







>







241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
340
341
342
343
344
345
346
347


348
349
350
351
352
353
354

355
356
357
358
359
360
361
362
363
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL


lib_LTLIBRARIES = libtls.la
EXTRA_DIST = VERSION CMakeLists.txt
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
libtls_la_CPPFLAGS = $(AM_CPPFLAGS) $(am__append_1) $(am__append_2)
libtls_la_SOURCES = tls.c tls_client.c tls_config.c tls_conninfo.c \

	tls_server.c tls_peer.c tls_util.c tls_verify.c \
	$(am__append_3)
noinst_HEADERS = tls_internal.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \







|
>
>

|
|



|
>
|
<







337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355

356
357
358
359
360
361
362
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = 
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
	-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
	-D__END_HIDDEN_DECLS=
lib_LTLIBRARIES = libtls.la
EXTRA_DIST = VERSION CMakeLists.txt tls.sym
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la \
	$(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
libtls_la_CPPFLAGS = $(AM_CPPFLAGS) $(am__append_1) $(am__append_2)
libtls_la_SOURCES = tls.c tls_client.c tls_bio_cb.c tls_config.c \
	tls_conninfo.c tls_server.c tls_ocsp.c tls_peer.c tls_util.c \
	tls_verify.c

noinst_HEADERS = tls_internal.h
all: all-am

.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
	@for dep in $?; do \
430
431
432
433
434
435
436
437
438
439
440
441

442
443
444
445
446
447
448

mostlyclean-compile:
	-rm -f *.$(OBJEXT)

distclean-compile:
	-rm -f *.tab.c

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-strsep.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_client.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_config.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_conninfo.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_peer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_server.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_verify.Plo@am__quote@

.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\







|
|



>







429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448

mostlyclean-compile:
	-rm -f *.$(OBJEXT)

distclean-compile:
	-rm -f *.tab.c

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_bio_cb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_client.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_config.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_conninfo.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_ocsp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_peer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_server.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_verify.Plo@am__quote@

.c.o:
@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
478
479
480
481
482
483
484







485
486
487
488
489
490
491
libtls_la-tls_client.lo: tls_client.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_client.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_client.Tpo -c -o libtls_la-tls_client.lo `test -f 'tls_client.c' || echo '$(srcdir)/'`tls_client.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_client.Tpo $(DEPDIR)/libtls_la-tls_client.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_client.c' object='libtls_la-tls_client.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_client.lo `test -f 'tls_client.c' || echo '$(srcdir)/'`tls_client.c








libtls_la-tls_config.lo: tls_config.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_config.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_config.Tpo -c -o libtls_la-tls_config.lo `test -f 'tls_config.c' || echo '$(srcdir)/'`tls_config.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_config.Tpo $(DEPDIR)/libtls_la-tls_config.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_config.c' object='libtls_la-tls_config.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_config.lo `test -f 'tls_config.c' || echo '$(srcdir)/'`tls_config.c








>
>
>
>
>
>
>







478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
libtls_la-tls_client.lo: tls_client.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_client.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_client.Tpo -c -o libtls_la-tls_client.lo `test -f 'tls_client.c' || echo '$(srcdir)/'`tls_client.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_client.Tpo $(DEPDIR)/libtls_la-tls_client.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_client.c' object='libtls_la-tls_client.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_client.lo `test -f 'tls_client.c' || echo '$(srcdir)/'`tls_client.c

libtls_la-tls_bio_cb.lo: tls_bio_cb.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_bio_cb.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_bio_cb.Tpo -c -o libtls_la-tls_bio_cb.lo `test -f 'tls_bio_cb.c' || echo '$(srcdir)/'`tls_bio_cb.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_bio_cb.Tpo $(DEPDIR)/libtls_la-tls_bio_cb.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_bio_cb.c' object='libtls_la-tls_bio_cb.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_bio_cb.lo `test -f 'tls_bio_cb.c' || echo '$(srcdir)/'`tls_bio_cb.c

libtls_la-tls_config.lo: tls_config.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_config.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_config.Tpo -c -o libtls_la-tls_config.lo `test -f 'tls_config.c' || echo '$(srcdir)/'`tls_config.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_config.Tpo $(DEPDIR)/libtls_la-tls_config.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_config.c' object='libtls_la-tls_config.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_config.lo `test -f 'tls_config.c' || echo '$(srcdir)/'`tls_config.c

499
500
501
502
503
504
505







506
507
508
509
510
511
512
libtls_la-tls_server.lo: tls_server.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_server.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_server.Tpo -c -o libtls_la-tls_server.lo `test -f 'tls_server.c' || echo '$(srcdir)/'`tls_server.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_server.Tpo $(DEPDIR)/libtls_la-tls_server.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_server.c' object='libtls_la-tls_server.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_server.lo `test -f 'tls_server.c' || echo '$(srcdir)/'`tls_server.c








libtls_la-tls_peer.lo: tls_peer.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_peer.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_peer.Tpo -c -o libtls_la-tls_peer.lo `test -f 'tls_peer.c' || echo '$(srcdir)/'`tls_peer.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_peer.Tpo $(DEPDIR)/libtls_la-tls_peer.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_peer.c' object='libtls_la-tls_peer.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_peer.lo `test -f 'tls_peer.c' || echo '$(srcdir)/'`tls_peer.c








>
>
>
>
>
>
>







506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
libtls_la-tls_server.lo: tls_server.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_server.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_server.Tpo -c -o libtls_la-tls_server.lo `test -f 'tls_server.c' || echo '$(srcdir)/'`tls_server.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_server.Tpo $(DEPDIR)/libtls_la-tls_server.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_server.c' object='libtls_la-tls_server.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_server.lo `test -f 'tls_server.c' || echo '$(srcdir)/'`tls_server.c

libtls_la-tls_ocsp.lo: tls_ocsp.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_ocsp.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_ocsp.Tpo -c -o libtls_la-tls_ocsp.lo `test -f 'tls_ocsp.c' || echo '$(srcdir)/'`tls_ocsp.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_ocsp.Tpo $(DEPDIR)/libtls_la-tls_ocsp.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_ocsp.c' object='libtls_la-tls_ocsp.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_ocsp.lo `test -f 'tls_ocsp.c' || echo '$(srcdir)/'`tls_ocsp.c

libtls_la-tls_peer.lo: tls_peer.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_peer.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_peer.Tpo -c -o libtls_la-tls_peer.lo `test -f 'tls_peer.c' || echo '$(srcdir)/'`tls_peer.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_peer.Tpo $(DEPDIR)/libtls_la-tls_peer.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_peer.c' object='libtls_la-tls_peer.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_peer.lo `test -f 'tls_peer.c' || echo '$(srcdir)/'`tls_peer.c

520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
libtls_la-tls_verify.lo: tls_verify.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_verify.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_verify.Tpo -c -o libtls_la-tls_verify.lo `test -f 'tls_verify.c' || echo '$(srcdir)/'`tls_verify.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_verify.Tpo $(DEPDIR)/libtls_la-tls_verify.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_verify.c' object='libtls_la-tls_verify.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_verify.lo `test -f 'tls_verify.c' || echo '$(srcdir)/'`tls_verify.c

libtls_la-strsep.lo: strsep.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-strsep.lo -MD -MP -MF $(DEPDIR)/libtls_la-strsep.Tpo -c -o libtls_la-strsep.lo `test -f 'strsep.c' || echo '$(srcdir)/'`strsep.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-strsep.Tpo $(DEPDIR)/libtls_la-strsep.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strsep.c' object='libtls_la-strsep.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-strsep.lo `test -f 'strsep.c' || echo '$(srcdir)/'`strsep.c

mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs

ID: $(am__tagged_files)







<
<
<
<
<
<
<







534
535
536
537
538
539
540







541
542
543
544
545
546
547
libtls_la-tls_verify.lo: tls_verify.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_verify.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_verify.Tpo -c -o libtls_la-tls_verify.lo `test -f 'tls_verify.c' || echo '$(srcdir)/'`tls_verify.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_verify.Tpo $(DEPDIR)/libtls_la-tls_verify.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_verify.c' object='libtls_la-tls_verify.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_verify.lo `test -f 'tls_verify.c' || echo '$(srcdir)/'`tls_verify.c








mostlyclean-libtool:
	-rm -f *.lo

clean-libtool:
	-rm -rf .libs _libs

ID: $(am__tagged_files)
Changes to jni/libressl/tls/VERSION.
1
11:0:0
|
1
15:4:0
Deleted jni/libressl/tls/strsep.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/*	$OpenBSD: strsep.c,v 1.7 2014/02/05 20:42:32 stsp Exp $	*/

/*-
 * Copyright (c) 1990, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <string.h>

/*
 * Get next token from string *stringp, where tokens are possibly-empty
 * strings separated by characters from delim.  
 *
 * Writes NULs into the string at *stringp to end tokens.
 * delim need not remain constant from call to call.
 * On return, *stringp points past the last NUL written (if there might
 * be further tokens), or is NULL (if there are definitely no more tokens).
 *
 * If *stringp is NULL, strsep returns NULL.
 */
char *
strsep(char **stringp, const char *delim)
{
	char *s;
	const char *spanp;
	int c, sc;
	char *tok;

	if ((s = *stringp) == NULL)
		return (NULL);
	for (tok = s;;) {
		c = *s++;
		spanp = delim;
		do {
			if ((sc = *spanp++) == c) {
				if (c == 0)
					s = NULL;
				else
					s[-1] = 0;
				*stringp = s;
				return (tok);
			}
		} while (sc != 0);
	}
	/* NOTREACHED */
}
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<












































































































































Changes to jni/libressl/tls/tls.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls.c,v 1.40 2016/07/06 16:16:36 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls.c,v 1.59 2017/01/26 12:56:37 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
56
57
58
59
60
61
62









63
64
65
66
67
68
69
70
71
72

73
74
75
76
77
78
79
}

const char *
tls_error(struct tls *ctx)
{
	return ctx->error.msg;
}










static int
tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap)
{
	char *errmsg = NULL;
	int rv = -1;

	free(error->msg);
	error->msg = NULL;
	error->num = errnum;


	if (vasprintf(&errmsg, fmt, ap) == -1) {
		errmsg = NULL;
		goto err;
	}

	if (errnum == -1) {







>
>
>
>
>
>
>
>
>







|
|

>







56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
}

const char *
tls_error(struct tls *ctx)
{
	return ctx->error.msg;
}

void
tls_error_clear(struct tls_error *error)
{
	free(error->msg);
	error->msg = NULL;
	error->num = 0;
	error->tls = 0;
}

static int
tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap)
{
	char *errmsg = NULL;
	int rv = -1;

	tls_error_clear(error);

	error->num = errnum;
	error->tls = 1;

	if (vasprintf(&errmsg, fmt, ap) == -1) {
		errmsg = NULL;
		goto err;
	}

	if (errnum == -1) {
172
173
174
175
176
177
178



































179
180
181
182
183
184
185

	va_start(ap, fmt);
	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
	va_end(ap);

	return (rv);
}




































struct tls *
tls_new(void)
{
	struct tls *ctx;

	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

	va_start(ap, fmt);
	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
	va_end(ap);

	return (rv);
}

int
tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...)
{
	va_list ap;
	int rv;

	/* Only set an error if a more specific one does not already exist. */
	if (ctx->error.tls != 0)
		return (0);

	va_start(ap, fmt);
	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
	va_end(ap);

	return (rv);
}

struct tls_sni_ctx *
tls_sni_ctx_new(void)
{
	return (calloc(1, sizeof(struct tls_sni_ctx)));
}

void
tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx)
{
	if (sni_ctx == NULL)
		return;

	SSL_CTX_free(sni_ctx->ssl_ctx);
	X509_free(sni_ctx->ssl_cert);

	free(sni_ctx);
}

struct tls *
tls_new(void)
{
	struct tls *ctx;

	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
	if ((ctx->flags & TLS_SERVER) != 0)
		return (tls_configure_server(ctx));

	return (0);
}

int
tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
    struct tls_keypair *keypair, int required)
{
	EVP_PKEY *pkey = NULL;
	X509 *cert = NULL;
	BIO *bio = NULL;

	if (!required &&
	    keypair->cert_mem == NULL &&
	    keypair->key_mem == NULL &&
	    keypair->cert_file == NULL &&
	    keypair->key_file == NULL)
		return(0);

	if (keypair->cert_mem != NULL) {
		if (keypair->cert_len > INT_MAX) {
			tls_set_errorx(ctx, "certificate too long");
			goto err;
		}







|








|
<
<







248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264


265
266
267
268
269
270
271
	if ((ctx->flags & TLS_SERVER) != 0)
		return (tls_configure_server(ctx));

	return (0);
}

int
tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
    struct tls_keypair *keypair, int required)
{
	EVP_PKEY *pkey = NULL;
	X509 *cert = NULL;
	BIO *bio = NULL;

	if (!required &&
	    keypair->cert_mem == NULL &&
	    keypair->key_mem == NULL)


		return(0);

	if (keypair->cert_mem != NULL) {
		if (keypair->cert_len > INT_MAX) {
			tls_set_errorx(ctx, "certificate too long");
			goto err;
		}
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312








313
314
315
316
317
318
319
320
321
322
323
324
325




326
327
328
329
330
331
























332
333
334





335

336







337





338

339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357

358
359


360
361
362
363
364
365
366
367

368

369
370
371
372
373
374


375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395













396
397
398
399
400
401
402
		}
		BIO_free(bio);
		bio = NULL;
		EVP_PKEY_free(pkey);
		pkey = NULL;
	}

	if (keypair->cert_file != NULL) {
		if (SSL_CTX_use_certificate_chain_file(ssl_ctx,
		    keypair->cert_file) != 1) {
			tls_set_errorx(ctx, "failed to load certificate file");
			goto err;
		}
	}
	if (keypair->key_file != NULL) {
		if (SSL_CTX_use_PrivateKey_file(ssl_ctx,
		    keypair->key_file, SSL_FILETYPE_PEM) != 1) {
			tls_set_errorx(ctx, "failed to load private key file");
			goto err;
		}
	}

	if (SSL_CTX_check_private_key(ssl_ctx) != 1) {
		tls_set_errorx(ctx, "private/public key mismatch");
		goto err;
	}

	return (0);

 err:
	EVP_PKEY_free(pkey);
	X509_free(cert);
	BIO_free(bio);

	return (1);
}

int
tls_configure_ssl(struct tls *ctx)
{
	SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
	SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);

	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);

	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);

	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);









	if (ctx->config->ciphers != NULL) {
		if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
		    ctx->config->ciphers) != 1) {
			tls_set_errorx(ctx, "failed to set ciphers");
			goto err;
		}
	}

	if (ctx->config->verify_time == 0) {
		X509_VERIFY_PARAM_set_flags(ctx->ssl_ctx->param,
		    X509_V_FLAG_NO_CHECK_TIME);
	}





	return (0);

 err:
	return (-1);
}

























int
tls_configure_ssl_verify(struct tls *ctx, int verify)
{





	SSL_CTX_set_verify(ctx->ssl_ctx, verify, NULL);









	if (ctx->config->ca_mem != NULL) {





		/* XXX do this in set. */

		if (ctx->config->ca_len > INT_MAX) {
			tls_set_errorx(ctx, "ca too long");
			goto err;
		}
		if (SSL_CTX_load_verify_mem(ctx->ssl_ctx,
		    ctx->config->ca_mem, ctx->config->ca_len) != 1) {
			tls_set_errorx(ctx, "ssl verify memory setup failure");
			goto err;
		}
	} else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx,
	    ctx->config->ca_file, ctx->config->ca_path) != 1) {
		tls_set_errorx(ctx, "ssl verify setup failure");
		goto err;
	}
	if (ctx->config->verify_depth >= 0)
		SSL_CTX_set_verify_depth(ctx->ssl_ctx,
		    ctx->config->verify_depth);

	return (0);


 err:


	return (-1);
}

void
tls_free(struct tls *ctx)
{
	if (ctx == NULL)
		return;

	tls_reset(ctx);

	free(ctx);
}

void
tls_reset(struct tls *ctx)
{


	SSL_CTX_free(ctx->ssl_ctx);
	SSL_free(ctx->ssl_conn);
	X509_free(ctx->ssl_peer_cert);

	ctx->ssl_conn = NULL;
	ctx->ssl_ctx = NULL;
	ctx->ssl_peer_cert = NULL;

	ctx->socket = -1;
	ctx->state = 0;

	free(ctx->servername);
	ctx->servername = NULL;

	free(ctx->error.msg);
	ctx->error.msg = NULL;
	ctx->error.num = -1;

	tls_free_conninfo(ctx->conninfo);
	free(ctx->conninfo);
	ctx->conninfo = NULL;













}

int
tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
{
	const char *errstr = "unknown error";
	unsigned long err;







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
















|

|
|

|
|

|
|
|


|

|

|

>
>
>
>
>
>
>
>

|







|



>
>
>
>






>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|

>
>
>
>
>
|
>

>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
|



|
<



|
|
|


<
<
<

|
>


>
>
|







>

>






>
>


















<
|

>
>
>
>
>
>
>
>
>
>
>
>
>







299
300
301
302
303
304
305















306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426

427
428
429
430
431
432
433
434



435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478

479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
		}
		BIO_free(bio);
		bio = NULL;
		EVP_PKEY_free(pkey);
		pkey = NULL;
	}
















	if (SSL_CTX_check_private_key(ssl_ctx) != 1) {
		tls_set_errorx(ctx, "private/public key mismatch");
		goto err;
	}

	return (0);

 err:
	EVP_PKEY_free(pkey);
	X509_free(cert);
	BIO_free(bio);

	return (1);
}

int
tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
{
	SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
	SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);

	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);

	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1);
	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);

	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);

	if (ctx->config->alpn != NULL) {
		if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
		    ctx->config->alpn_len) != 0) {
			tls_set_errorx(ctx, "failed to set alpn");
			goto err;
		}
	}

	if (ctx->config->ciphers != NULL) {
		if (SSL_CTX_set_cipher_list(ssl_ctx,
		    ctx->config->ciphers) != 1) {
			tls_set_errorx(ctx, "failed to set ciphers");
			goto err;
		}
	}

	if (ctx->config->verify_time == 0) {
		X509_VERIFY_PARAM_set_flags(ssl_ctx->param,
		    X509_V_FLAG_NO_CHECK_TIME);
	}

	/* Disable any form of session caching by default */
	SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);

	return (0);

 err:
	return (-1);
}

static int
tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
{
	struct tls *ctx = arg;
	int x509_err;

	if (ctx->config->verify_cert == 0)
		return (1);

	if ((X509_verify_cert(x509_ctx)) < 0) {
		tls_set_errorx(ctx, "X509 verify cert failed");
		return (0);
	}

	x509_err = X509_STORE_CTX_get_error(x509_ctx);
	if (x509_err == X509_V_OK)
		return (1);

	tls_set_errorx(ctx, "certificate verification failed: %s",
	    X509_verify_cert_error_string(x509_err));

	return (0);
}

int
tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
{
	size_t ca_len = ctx->config->ca_len;
	char *ca_mem = ctx->config->ca_mem;
	char *ca_free = NULL;
	int rv = -1;

	SSL_CTX_set_verify(ssl_ctx, verify, NULL);
	SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx);

	if (ctx->config->verify_depth >= 0)
		SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth);

	if (ctx->config->verify_cert == 0)
		goto done;

	/* If no CA has been specified, attempt to load the default. */
	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
		if (tls_config_load_file(&ctx->error, "CA", _PATH_SSL_CA_FILE,
		    &ca_mem, &ca_len) != 0)
			goto err;
		ca_free = ca_mem;
	}

	if (ca_mem != NULL) {
		if (ca_len > INT_MAX) {
			tls_set_errorx(ctx, "ca too long");
			goto err;
		}
		if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {

			tls_set_errorx(ctx, "ssl verify memory setup failure");
			goto err;
		}
	} else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
	    ctx->config->ca_path) != 1) {
		tls_set_errorx(ctx, "ssl verify locations failure");
		goto err;
	}




 done:
	rv = 0;

 err:
	free(ca_free);

	return (rv);
}

void
tls_free(struct tls *ctx)
{
	if (ctx == NULL)
		return;

	tls_reset(ctx);

	free(ctx);
}

void
tls_reset(struct tls *ctx)
{
	struct tls_sni_ctx *sni, *nsni;

	SSL_CTX_free(ctx->ssl_ctx);
	SSL_free(ctx->ssl_conn);
	X509_free(ctx->ssl_peer_cert);

	ctx->ssl_conn = NULL;
	ctx->ssl_ctx = NULL;
	ctx->ssl_peer_cert = NULL;

	ctx->socket = -1;
	ctx->state = 0;

	free(ctx->servername);
	ctx->servername = NULL;

	free(ctx->error.msg);
	ctx->error.msg = NULL;
	ctx->error.num = -1;


	tls_conninfo_free(ctx->conninfo);
	ctx->conninfo = NULL;

	tls_ocsp_free(ctx->ocsp);
	ctx->ocsp = NULL;

	for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {
		nsni = sni->next;
		tls_sni_ctx_free(sni);
	}
	ctx->sni_ctx = NULL;

	ctx->read_cb = NULL;
	ctx->write_cb = NULL;
	ctx->cb_arg = NULL;
}

int
tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
{
	const char *errstr = "unknown error";
	unsigned long err;
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451


452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470


471
472
473
474
475
476
477
478
479
480
481
482


483
484
485
486
487
488
489
				ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
				return (0);
			}
			errstr = "unexpected EOF";
		} else if (ssl_ret == -1) {
			errstr = strerror(errno);
		}
		tls_set_errorx(ctx, "%s failed: %s", prefix, errstr);
		return (-1);

	case SSL_ERROR_SSL:
		if ((err = ERR_peek_error()) != 0) {
			errstr = ERR_error_string(err, NULL);
		}
		tls_set_errorx(ctx, "%s failed: %s", prefix, errstr);
		return (-1);

	case SSL_ERROR_WANT_CONNECT:
	case SSL_ERROR_WANT_ACCEPT:
	case SSL_ERROR_WANT_X509_LOOKUP:
	default:
		tls_set_errorx(ctx, "%s failed (%i)", prefix, ssl_err);
		return (-1);
	}
}

int
tls_handshake(struct tls *ctx)
{
	int rv = -1;



	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
		tls_set_errorx(ctx, "invalid operation for context");
		goto out;
	}

	if (ctx->conninfo == NULL &&
	    (ctx->conninfo = calloc(1, sizeof(*ctx->conninfo))) == NULL)
		goto out;

	if ((ctx->flags & TLS_CLIENT) != 0)
		rv = tls_handshake_client(ctx);
	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
		rv = tls_handshake_server(ctx);

	if (rv == 0) {
		ctx->ssl_peer_cert =  SSL_get_peer_certificate(ctx->ssl_conn);
		if (tls_get_conninfo(ctx) == -1)
		    rv = -1;


	}
 out:
	/* Prevent callers from performing incorrect error handling */
	errno = 0;
	return (rv);
}

ssize_t
tls_read(struct tls *ctx, void *buf, size_t buflen)
{
	ssize_t rv = -1;
	int ssl_ret;



	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
		if ((rv = tls_handshake(ctx)) != 0)
			goto out;
	}

	if (buflen > INT_MAX) {







|






|






|








>
>






<
<
<
<






|
|

>
>












>
>







520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557




558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
				ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
				return (0);
			}
			errstr = "unexpected EOF";
		} else if (ssl_ret == -1) {
			errstr = strerror(errno);
		}
		tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
		return (-1);

	case SSL_ERROR_SSL:
		if ((err = ERR_peek_error()) != 0) {
			errstr = ERR_error_string(err, NULL);
		}
		tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
		return (-1);

	case SSL_ERROR_WANT_CONNECT:
	case SSL_ERROR_WANT_ACCEPT:
	case SSL_ERROR_WANT_X509_LOOKUP:
	default:
		tls_set_ssl_errorx(ctx, "%s failed (%i)", prefix, ssl_err);
		return (-1);
	}
}

int
tls_handshake(struct tls *ctx)
{
	int rv = -1;

	tls_error_clear(&ctx->error);

	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
		tls_set_errorx(ctx, "invalid operation for context");
		goto out;
	}





	if ((ctx->flags & TLS_CLIENT) != 0)
		rv = tls_handshake_client(ctx);
	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
		rv = tls_handshake_server(ctx);

	if (rv == 0) {
		ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
		if (tls_conninfo_populate(ctx) == -1)
		    rv = -1;
		if (ctx->ocsp == NULL)
			ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
	}
 out:
	/* Prevent callers from performing incorrect error handling */
	errno = 0;
	return (rv);
}

ssize_t
tls_read(struct tls *ctx, void *buf, size_t buflen)
{
	ssize_t rv = -1;
	int ssl_ret;

	tls_error_clear(&ctx->error);

	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
		if ((rv = tls_handshake(ctx)) != 0)
			goto out;
	}

	if (buflen > INT_MAX) {
505
506
507
508
509
510
511


512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540


541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556

557
558
559
560
561
562
563
}

ssize_t
tls_write(struct tls *ctx, const void *buf, size_t buflen)
{
	ssize_t rv = -1;
	int ssl_ret;



	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
		if ((rv = tls_handshake(ctx)) != 0)
			goto out;
	}

	if (buflen > INT_MAX) {
		tls_set_errorx(ctx, "buflen too long");
		goto out;
	}

	ERR_clear_error();
	if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
		rv = (ssize_t)ssl_ret;
		goto out;
	}
	rv =  (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");

 out:
	/* Prevent callers from performing incorrect error handling */
	errno = 0;
	return (rv);
}

int
tls_close(struct tls *ctx)
{
	int ssl_ret;
	int rv = 0;



	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
		tls_set_errorx(ctx, "invalid operation for context");
		rv = -1;
		goto out;
	}

	if (ctx->ssl_conn != NULL) {
		ERR_clear_error();
		ssl_ret = SSL_shutdown(ctx->ssl_conn);
		if (ssl_ret < 0) {
			rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
			    "shutdown");
			if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
				goto out;
		}

	}

	if (ctx->socket != -1) {
		if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
			if (rv == 0 &&
			    errno != ENOTCONN && errno != ECONNRESET) {
				tls_set_error(ctx, "shutdown");







>
>
















|












>
>







|








>







605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
}

ssize_t
tls_write(struct tls *ctx, const void *buf, size_t buflen)
{
	ssize_t rv = -1;
	int ssl_ret;

	tls_error_clear(&ctx->error);

	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
		if ((rv = tls_handshake(ctx)) != 0)
			goto out;
	}

	if (buflen > INT_MAX) {
		tls_set_errorx(ctx, "buflen too long");
		goto out;
	}

	ERR_clear_error();
	if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
		rv = (ssize_t)ssl_ret;
		goto out;
	}
	rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");

 out:
	/* Prevent callers from performing incorrect error handling */
	errno = 0;
	return (rv);
}

int
tls_close(struct tls *ctx)
{
	int ssl_ret;
	int rv = 0;

	tls_error_clear(&ctx->error);

	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
		tls_set_errorx(ctx, "invalid operation for context");
		rv = -1;
		goto out;
	}

	if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) {
		ERR_clear_error();
		ssl_ret = SSL_shutdown(ctx->ssl_conn);
		if (ssl_ret < 0) {
			rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
			    "shutdown");
			if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
				goto out;
		}
		ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN;
	}

	if (ctx->socket != -1) {
		if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
			if (rv == 0 &&
			    errno != ENOTCONN && errno != ECONNRESET) {
				tls_set_error(ctx, "shutdown");
Added jni/libressl/tls/tls.sym.
































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
tls_accept_cbs
tls_accept_fds
tls_accept_socket
tls_client
tls_close
tls_config_add_keypair_file
tls_config_add_keypair_mem
tls_config_add_keypair_ocsp_file
tls_config_add_keypair_ocsp_mem
tls_config_add_ticket_key
tls_config_clear_keys
tls_config_error
tls_config_free
tls_config_insecure_noverifycert
tls_config_insecure_noverifyname
tls_config_insecure_noverifytime
tls_config_new
tls_config_ocsp_require_stapling
tls_config_parse_protocols
tls_config_prefer_ciphers_client
tls_config_prefer_ciphers_server
tls_config_set_alpn
tls_config_set_ca_file
tls_config_set_ca_mem
tls_config_set_ca_path
tls_config_set_cert_file
tls_config_set_cert_mem
tls_config_set_ciphers
tls_config_set_dheparams
tls_config_set_ecdhecurve
tls_config_set_key_file
tls_config_set_key_mem
tls_config_set_keypair_file
tls_config_set_keypair_mem
tls_config_set_keypair_ocsp_file
tls_config_set_keypair_ocsp_mem
tls_config_set_ocsp_staple_mem
tls_config_set_ocsp_staple_file
tls_config_set_protocols
tls_config_set_session_id
tls_config_set_session_lifetime
tls_config_set_verify_depth
tls_config_verify
tls_config_verify_client
tls_config_verify_client_optional
tls_configure
tls_conn_alpn_selected
tls_conn_cipher
tls_conn_servername
tls_conn_version
tls_connect
tls_connect_cbs
tls_connect_fds
tls_connect_servername
tls_connect_socket
tls_error
tls_free
tls_handshake
tls_init
tls_load_file
tls_ocsp_process_response
tls_peer_cert_contains_name
tls_peer_cert_hash
tls_peer_cert_issuer
tls_peer_cert_notafter
tls_peer_cert_notbefore
tls_peer_cert_provided
tls_peer_cert_subject
tls_peer_ocsp_cert_status
tls_peer_ocsp_crl_reason
tls_peer_ocsp_next_update
tls_peer_ocsp_response_status
tls_peer_ocsp_result
tls_peer_ocsp_revocation_time
tls_peer_ocsp_this_update
tls_peer_ocsp_url
tls_read
tls_reset
tls_server
tls_write
Added jni/libressl/tls/tls_bio_cb.c.






























































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
/* $OpenBSD: tls_bio_cb.c,v 1.19 2017/01/12 16:18:39 jsing Exp $ */
/*
 * Copyright (c) 2016 Tobias Pape <tobias@netshed.de>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>

#include <openssl/bio.h>

#include <tls.h>
#include "tls_internal.h"

static int bio_cb_write(BIO *bio, const char *buf, int num);
static int bio_cb_read(BIO *bio, char *buf, int size);
static int bio_cb_puts(BIO *bio, const char *str);
static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr);

static BIO_METHOD bio_cb_method = {
	.type = BIO_TYPE_MEM,
	.name = "libtls_callbacks",
	.bwrite = bio_cb_write,
	.bread = bio_cb_read,
	.bputs = bio_cb_puts,
	.ctrl = bio_cb_ctrl,
};

static BIO_METHOD *
bio_s_cb(void)
{
	return (&bio_cb_method);
}

static int
bio_cb_puts(BIO *bio, const char *str)
{
	return (bio_cb_write(bio, str, strlen(str)));
}

static long
bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr)
{
	long ret = 1;

	switch (cmd) {
	case BIO_CTRL_GET_CLOSE:
		ret = (long)bio->shutdown;
		break;
	case BIO_CTRL_SET_CLOSE:
		bio->shutdown = (int)num;
		break;
	case BIO_CTRL_DUP:
	case BIO_CTRL_FLUSH:
		break;
	case BIO_CTRL_INFO:
	case BIO_CTRL_GET:
	case BIO_CTRL_SET:
	default:
		ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
	}

	return (ret);
}

static int
bio_cb_write(BIO *bio, const char *buf, int num)
{
	struct tls *ctx = bio->ptr;
	int rv;

	BIO_clear_retry_flags(bio);
	rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
	if (rv == TLS_WANT_POLLIN) {
		BIO_set_retry_read(bio);
		rv = -1;
	} else if (rv == TLS_WANT_POLLOUT) {
		BIO_set_retry_write(bio);
		rv = -1;
	}
	return (rv);
}

static int
bio_cb_read(BIO *bio, char *buf, int size)
{
	struct tls *ctx = bio->ptr;
	int rv;

	BIO_clear_retry_flags(bio);
	rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
	if (rv == TLS_WANT_POLLIN) {
		BIO_set_retry_read(bio);
		rv = -1;
	} else if (rv == TLS_WANT_POLLOUT) {
		BIO_set_retry_write(bio);
		rv = -1;
	}
	return (rv);
}

int
tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb,
    void *cb_arg)
{
	int rv = -1;
	BIO *bio;

	if (read_cb == NULL || write_cb == NULL) {
		tls_set_errorx(ctx, "no callbacks provided");
		goto err;
	}

	ctx->read_cb = read_cb;
	ctx->write_cb = write_cb;
	ctx->cb_arg = cb_arg;

	if ((bio = BIO_new(bio_s_cb())) == NULL) {
		tls_set_errorx(ctx, "failed to create callback i/o");
		goto err;
	}
	bio->ptr = ctx;
	bio->init = 1;

	SSL_set_bio(ctx->ssl_conn, bio, bio);

	rv = 0;

 err:
	return (rv);
}
Changes to jni/libressl/tls/tls_client.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls_client.c,v 1.32 2015/10/09 04:13:34 deraadt Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls_client.c,v 1.40 2017/01/26 12:56:37 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197


198
199
200
201
202
203
204
205
206
207
208
209
210





211
212
213
214
215

216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
















































238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255


256
257
258
259
260
261
262
 err:
	free(hs);
	free(ps);

	return (rv);
}

int
tls_connect_socket(struct tls *ctx, int s, const char *servername)
{
	return tls_connect_fds(ctx, s, s, servername);
}

int
tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
    const char *servername)
{
	union tls_addr addrbuf;
	int rv = -1;

	if ((ctx->flags & TLS_CLIENT) == 0) {
		tls_set_errorx(ctx, "not a client context");
		goto err;
	}

	if (fd_read < 0 || fd_write < 0) {
		tls_set_errorx(ctx, "invalid file descriptors");
		goto err;
	}

	if (servername != NULL) {
		if ((ctx->servername = strdup(servername)) == NULL) {
			tls_set_errorx(ctx, "out of memory");
			goto err;
		}
	}

	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
		tls_set_errorx(ctx, "ssl context failure");
		goto err;
	}

	if (tls_configure_ssl(ctx) != 0)
		goto err;


	if (tls_configure_keypair(ctx, ctx->ssl_ctx, ctx->config->keypair, 0) != 0)
		goto err;

	if (ctx->config->verify_name) {
		if (servername == NULL) {
			tls_set_errorx(ctx, "server name not specified");
			goto err;
		}
	}

	if (ctx->config->verify_cert &&
	    (tls_configure_ssl_verify(ctx, SSL_VERIFY_PEER) == -1))
		goto err;






	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
		tls_set_errorx(ctx, "ssl connection failure");
		goto err;
	}

	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
		tls_set_errorx(ctx, "ssl application data failure");
		goto err;
	}
	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
	    SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
		tls_set_errorx(ctx, "ssl file descriptor failure");
		goto err;
	}

	/*
	 * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not
	 * permitted in "HostName".
	 */
	if (servername != NULL &&
	    inet_pton(AF_INET, servername, &addrbuf) != 1 &&
	    inet_pton(AF_INET6, servername, &addrbuf) != 1) {
		if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
			tls_set_errorx(ctx, "server name indication failure");
			goto err;
		}
	}

















































	rv = 0;

 err:
	return (rv);
}

int
tls_handshake_client(struct tls *ctx)
{
	X509 *cert = NULL;
	int ssl_ret;
	int rv = -1;

	if ((ctx->flags & TLS_CLIENT) == 0) {
		tls_set_errorx(ctx, "not a client context");
		goto err;
	}



	ERR_clear_error();
	if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
		goto err;
	}








|
|
<
<
<
<
<
<
<









<
<
<
<
<












|

>
>
|









<
|

>
>
>
>
>





>




|
|
|















>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


















>
>







154
155
156
157
158
159
160
161
162







163
164
165
166
167
168
169
170
171





172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
 err:
	free(hs);
	free(ps);

	return (rv);
}

static int
tls_connect_common(struct tls *ctx, const char *servername)







{
	union tls_addr addrbuf;
	int rv = -1;

	if ((ctx->flags & TLS_CLIENT) == 0) {
		tls_set_errorx(ctx, "not a client context");
		goto err;
	}






	if (servername != NULL) {
		if ((ctx->servername = strdup(servername)) == NULL) {
			tls_set_errorx(ctx, "out of memory");
			goto err;
		}
	}

	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
		tls_set_errorx(ctx, "ssl context failure");
		goto err;
	}

	if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0)
		goto err;

	if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx,
	    ctx->config->keypair, 0) != 0)
		goto err;

	if (ctx->config->verify_name) {
		if (servername == NULL) {
			tls_set_errorx(ctx, "server name not specified");
			goto err;
		}
	}


	if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1)
		goto err;

	if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) {
		tls_set_errorx(ctx, "ssl OCSP verification setup failure");
		goto err;
	}

	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
		tls_set_errorx(ctx, "ssl connection failure");
		goto err;
	}

	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
		tls_set_errorx(ctx, "ssl application data failure");
		goto err;
	}

	if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) {
		tls_set_errorx(ctx, "ssl OCSP extension setup failure");
		goto err;
	}

	/*
	 * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not
	 * permitted in "HostName".
	 */
	if (servername != NULL &&
	    inet_pton(AF_INET, servername, &addrbuf) != 1 &&
	    inet_pton(AF_INET6, servername, &addrbuf) != 1) {
		if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
			tls_set_errorx(ctx, "server name indication failure");
			goto err;
		}
	}
	rv = 0;

 err:
	return (rv);
}

int
tls_connect_socket(struct tls *ctx, int s, const char *servername)
{
	return tls_connect_fds(ctx, s, s, servername);
}

int
tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
    const char *servername)
{
	int rv = -1;

	if (fd_read < 0 || fd_write < 0) {
		tls_set_errorx(ctx, "invalid file descriptors");
		goto err;
	}

	if (tls_connect_common(ctx, servername) != 0)
		goto err;

	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
	    SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
		tls_set_errorx(ctx, "ssl file descriptor failure");
		goto err;
	}

	rv = 0;
 err:
	return (rv);
}

int
tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb,
    tls_write_cb write_cb, void *cb_arg, const char *servername)
{
	int rv = -1;

	if (tls_connect_common(ctx, servername) != 0)
		goto err;

	if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0)
		goto err;

	rv = 0;

 err:
	return (rv);
}

int
tls_handshake_client(struct tls *ctx)
{
	X509 *cert = NULL;
	int ssl_ret;
	int rv = -1;

	if ((ctx->flags & TLS_CLIENT) == 0) {
		tls_set_errorx(ctx, "not a client context");
		goto err;
	}

	ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;

	ERR_clear_error();
	if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
		goto err;
	}

Changes to jni/libressl/tls/tls_config.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17


18
19

20

21
22
23
24
25
26
27
/* $OpenBSD: tls_config.c,v 1.21 2016/07/07 14:09:03 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */



#include <ctype.h>
#include <errno.h>

#include <stdlib.h>


#include <tls.h>
#include "tls_internal.h"

static int
set_string(const char **dest, const char *src)
{
|
















>
>


>

>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/* $OpenBSD: tls_config.c,v 1.36 2017/01/31 16:18:57 beck Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/stat.h>

#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>

#include <tls.h>
#include "tls_internal.h"

static int
set_string(const char **dest, const char *src)
{
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68

69
70
71
72
73
74
75
76
77
78
79
80

81
82



83
84
85
86
87
88
89
90
91
92
















93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116



















































117
118
119
120

121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

141












142
143
144
145
146
147
148
		if ((*dest = memdup(src, srclen)) == NULL)
			return -1;
	*destlen = srclen;
	return 0;
}

static struct tls_keypair *
tls_keypair_new()
{
	return calloc(1, sizeof(struct tls_keypair));
}

static int
tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file)

{

	return set_string(&keypair->cert_file, cert_file);
}

static int
tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
    size_t len)
{
	return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
}

static int
tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file)

{
	return set_string(&keypair->key_file, key_file);



}

static int
tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
    size_t len)
{
	if (keypair->key_mem != NULL)
		explicit_bzero(keypair->key_mem, keypair->key_len);
	return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
}

















static void
tls_keypair_clear(struct tls_keypair *keypair)
{
	tls_keypair_set_cert_mem(keypair, NULL, 0);
	tls_keypair_set_key_mem(keypair, NULL, 0);
}

static void
tls_keypair_free(struct tls_keypair *keypair)
{
	if (keypair == NULL)
		return;

	tls_keypair_clear(keypair);

	free((char *)keypair->cert_file);
	free(keypair->cert_mem);
	free((char *)keypair->key_file);
	free(keypair->key_mem);

	free(keypair);
}




















































struct tls_config *
tls_config_new(void)
{
	struct tls_config *config;


	if ((config = calloc(1, sizeof(*config))) == NULL)
		return (NULL);

	if ((config->keypair = tls_keypair_new()) == NULL)
		goto err;

	/*
	 * Default configuration.
	 */
	if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0)
		goto err;
	if (tls_config_set_dheparams(config, "none") != 0)
		goto err;
	if (tls_config_set_ecdhecurve(config, "auto") != 0)
		goto err;
	if (tls_config_set_ciphers(config, "secure") != 0)
		goto err;

	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);

	tls_config_set_verify_depth(config, 6);













	tls_config_prefer_ciphers_server(config);

	tls_config_verify(config);

	return (config);








|





|
>

>
|










|
>

|
>
>
>










>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
















<

|
|




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




>










<
<







|
>
|
>
>
>
>
>
>
>
>
>
>
>
>







58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207


208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
		if ((*dest = memdup(src, srclen)) == NULL)
			return -1;
	*destlen = srclen;
	return 0;
}

static struct tls_keypair *
tls_keypair_new(void)
{
	return calloc(1, sizeof(struct tls_keypair));
}

static int
tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
    const char *cert_file)
{
	return tls_config_load_file(error, "certificate", cert_file,
	    &keypair->cert_mem, &keypair->cert_len);
}

static int
tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
    size_t len)
{
	return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
}

static int
tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
    const char *key_file)
{
	if (keypair->key_mem != NULL)
		explicit_bzero(keypair->key_mem, keypair->key_len);
	return tls_config_load_file(error, "key", key_file,
	    &keypair->key_mem, &keypair->key_len);
}

static int
tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
    size_t len)
{
	if (keypair->key_mem != NULL)
		explicit_bzero(keypair->key_mem, keypair->key_len);
	return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
}

static int
tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
    struct tls_error *error, const char *ocsp_file)
{
	return tls_config_load_file(error, "ocsp", ocsp_file,
	    &keypair->ocsp_staple, &keypair->ocsp_staple_len);
}

static int
tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
    const uint8_t *staple, size_t len)
{
	return set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len, staple,
	    len);
}

static void
tls_keypair_clear(struct tls_keypair *keypair)
{
	tls_keypair_set_cert_mem(keypair, NULL, 0);
	tls_keypair_set_key_mem(keypair, NULL, 0);
}

static void
tls_keypair_free(struct tls_keypair *keypair)
{
	if (keypair == NULL)
		return;

	tls_keypair_clear(keypair);


	free(keypair->cert_mem);
	free(keypair->key_mem);
	free(keypair->ocsp_staple);

	free(keypair);
}

int
tls_config_load_file(struct tls_error *error, const char *filetype,
    const char *filename, char **buf, size_t *len)
{
	struct stat st;
	int fd = -1;
	ssize_t n;

	free(*buf);
	*buf = NULL;
	*len = 0;

	if ((fd = open(filename, O_RDONLY)) == -1) {
		tls_error_set(error, "failed to open %s file '%s'",
		    filetype, filename);
		goto fail;
	}
	if (fstat(fd, &st) != 0) {
		tls_error_set(error, "failed to stat %s file '%s'",
		    filetype, filename);
		goto fail;
	}
	if (st.st_size < 0)
		goto fail;
	*len = (size_t)st.st_size;
	if ((*buf = malloc(*len)) == NULL) {
		tls_error_set(error, "failed to allocate buffer for "
		    "%s file", filetype);
		goto fail;
	}
	n = read(fd, *buf, *len);
	if (n < 0 || (size_t)n != *len) {
		tls_error_set(error, "failed to read %s file '%s'",
		    filetype, filename);
		goto fail;
	}
	close(fd);
	return 0;

 fail:
	if (fd != -1)
		close(fd);
	if (*buf != NULL)
		explicit_bzero(*buf, *len);
	free(*buf);
	*buf = NULL;
	*len = 0;

	return -1;
}

struct tls_config *
tls_config_new(void)
{
	struct tls_config *config;
	unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];

	if ((config = calloc(1, sizeof(*config))) == NULL)
		return (NULL);

	if ((config->keypair = tls_keypair_new()) == NULL)
		goto err;

	/*
	 * Default configuration.
	 */


	if (tls_config_set_dheparams(config, "none") != 0)
		goto err;
	if (tls_config_set_ecdhecurve(config, "auto") != 0)
		goto err;
	if (tls_config_set_ciphers(config, "secure") != 0)
		goto err;

	if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
		goto err;
	if (tls_config_set_verify_depth(config, 6) != 0)
		goto err;

	/*
	 * Set session ID context to a random value.  For the simple case
	 * of a single process server this is good enough. For multiprocess
	 * servers the session ID needs to be set by the caller.
	 */
	arc4random_buf(sid, sizeof(sid));
	if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
		goto err;
	config->ticket_keyrev = arc4random();
	config->ticket_autorekey = 1;

	tls_config_prefer_ciphers_server(config);

	tls_config_verify(config);

	return (config);

162
163
164
165
166
167
168
169
170
171
172
173
174
175












176
177
178
179
180
181
182
	for (kp = config->keypair; kp != NULL; kp = nkp) {
		nkp = kp->next;
		tls_keypair_free(kp);
	}

	free(config->error.msg);

	free((char *)config->ca_file);
	free((char *)config->ca_mem);
	free((char *)config->ca_path);
	free((char *)config->ciphers);

	free(config);
}













const char *
tls_config_error(struct tls_config *config)
{
	return config->error.msg;
}








|






>
>
>
>
>
>
>
>
>
>
>
>







250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
	for (kp = config->keypair; kp != NULL; kp = nkp) {
		nkp = kp->next;
		tls_keypair_free(kp);
	}

	free(config->error.msg);

	free(config->alpn);
	free((char *)config->ca_mem);
	free((char *)config->ca_path);
	free((char *)config->ciphers);

	free(config);
}

static void
tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
{
	struct tls_keypair *kp;

	kp = config->keypair;
	while (kp->next != NULL)
		kp = kp->next;

	kp->next = keypair;
}

const char *
tls_config_error(struct tls_config *config)
{
	return config->error.msg;
}

244
245
246
247
248
249
250
251




























































252




























































































253
254

255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273

274
275
276
277
278
279
280

	*protocols = protos;

	free(s);

	return (0);
}





























































int




























































































tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
{

	return set_string(&config->ca_file, ca_file);
}

int
tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
{
	return set_string(&config->ca_path, ca_path);
}

int
tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
{
	return set_mem(&config->ca_mem, &config->ca_len, ca, len);
}

int
tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
{
	return tls_keypair_set_cert_file(config->keypair, cert_file);

}

int
tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
    size_t len)
{
	return tls_keypair_set_cert_mem(config->keypair, cert, len);








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


>
|

















|
>







344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534

	*protocols = protos;

	free(s);

	return (0);
}

static int
tls_config_parse_alpn(struct tls_config *config, const char *alpn,
    char **alpn_data, size_t *alpn_len)
{
	size_t buf_len, i, len;
	char *buf = NULL;
	char *s = NULL;
	char *p, *q;

	free(*alpn_data);
	*alpn_data = NULL;
	*alpn_len = 0;

	if ((buf_len = strlen(alpn) + 1) > 65535) {
		tls_config_set_errorx(config, "alpn too large");
		goto err;
	}

	if ((buf = malloc(buf_len)) == NULL) {
		tls_config_set_errorx(config, "out of memory");
		goto err;
	}

	if ((s = strdup(alpn)) == NULL) {
		tls_config_set_errorx(config, "out of memory");
		goto err;
	}

	i = 0;
	q = s;
	while ((p = strsep(&q, ",")) != NULL) {
		if ((len = strlen(p)) == 0) {
			tls_config_set_errorx(config,
			    "alpn protocol with zero length");
			goto err;
		}
		if (len > 255) {
			tls_config_set_errorx(config,
			    "alpn protocol too long");
			goto err;
		}
		buf[i++] = len & 0xff;
		memcpy(&buf[i], p, len);
		i += len;
	}

	free(s);

	*alpn_data = buf;
	*alpn_len = buf_len;

	return (0);

 err:
	free(buf);
	free(s);

	return (-1);
}

int
tls_config_set_alpn(struct tls_config *config, const char *alpn)
{
	return tls_config_parse_alpn(config, alpn, &config->alpn,
	    &config->alpn_len);
}

static int
tls_config_add_keypair_file_internal(struct tls_config *config,
    const char *cert_file, const char *key_file, const char *ocsp_file)
{
	struct tls_keypair *keypair;

	if ((keypair = tls_keypair_new()) == NULL)
		return (-1);
	if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
		goto err;
	if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
		goto err;
	if (ocsp_file != NULL &&
	    tls_keypair_set_ocsp_staple_file(keypair, &config->error,
		ocsp_file) != 0)
		goto err;

	tls_config_keypair_add(config, keypair);

	return (0);

 err:
	tls_keypair_free(keypair);
	return (-1);
}

static int
tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len,
    const uint8_t *staple, size_t staple_len)
{
	struct tls_keypair *keypair;

	if ((keypair = tls_keypair_new()) == NULL)
		return (-1);
	if (tls_keypair_set_cert_mem(keypair, cert, cert_len) != 0)
		goto err;
	if (tls_keypair_set_key_mem(keypair, key, key_len) != 0)
		goto err;
	if (staple != NULL &&
	    tls_keypair_set_ocsp_staple_mem(keypair, staple, staple_len) != 0)
		goto err;

	tls_config_keypair_add(config, keypair);

	return (0);

 err:
	tls_keypair_free(keypair);
	return (-1);
}

int
tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len)
{
	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
	    key_len, NULL, 0);
}

int
tls_config_add_keypair_file(struct tls_config *config,
    const char *cert_file, const char *key_file)
{
	return tls_config_add_keypair_file_internal(config, cert_file,
	    key_file, NULL);
}

int
tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple,
    size_t staple_len)
{
	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
	    key_len, staple, staple_len);
}

int
tls_config_add_keypair_ocsp_file(struct tls_config *config,
    const char *cert_file, const char *key_file, const char *ocsp_file)
{
	return tls_config_add_keypair_file_internal(config, cert_file,
	    key_file, ocsp_file);
}

int
tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
{
	return tls_config_load_file(&config->error, "CA", ca_file,
	    &config->ca_mem, &config->ca_len);
}

int
tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
{
	return set_string(&config->ca_path, ca_path);
}

int
tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
{
	return set_mem(&config->ca_mem, &config->ca_len, ca, len);
}

int
tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
{
	return tls_keypair_set_cert_file(config->keypair, &config->error,
	    cert_file);
}

int
tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
    size_t len)
{
	return tls_keypair_set_cert_mem(config->keypair, cert, len);
353
354
355
356
357
358
359
360

361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377





378
379
380
























381
382
383
384
385
386


387

388





389




390
391

392
393
394

395
396
397
398

399
400

401
402
403


404
405
406
407
408
409
410

	return (0);
}

int
tls_config_set_key_file(struct tls_config *config, const char *key_file)
{
	return tls_keypair_set_key_file(config->keypair, key_file);

}

int
tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
    size_t len)
{
	return tls_keypair_set_key_mem(config->keypair, key, len);
}

int
tls_config_set_keypair_file(struct tls_config *config,
    const char *cert_file, const char *key_file)
{
	if (tls_config_set_cert_file(config, cert_file) != 0)
		return (-1);
	if (tls_config_set_key_file(config, key_file) != 0)
		return (-1);






	return (0);
}

























int
tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len)
{
	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)


		return (-1);

	if (tls_config_set_key_mem(config, key, key_len) != 0)





		return (-1);





	return (0);

}

void

tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
{
	config->protocols = protocols;
}


void

tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
{
	config->verify_depth = verify_depth;


}

void
tls_config_prefer_ciphers_client(struct tls_config *config)
{
	config->ciphers_server = 0;
}







|
>









|
|
|





>
>
>
>
>



>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





|
>
>
|
>
|
>
>
>
>
>
|
>
>
>
>
|
|
>


|
>



|
>
|
|
>



>
>







607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712

	return (0);
}

int
tls_config_set_key_file(struct tls_config *config, const char *key_file)
{
	return tls_keypair_set_key_file(config->keypair, &config->error,
	    key_file);
}

int
tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
    size_t len)
{
	return tls_keypair_set_key_mem(config->keypair, key, len);
}

static int
tls_config_set_keypair_file_internal(struct tls_config *config,
    const char *cert_file, const char *key_file, const char *ocsp_file)
{
	if (tls_config_set_cert_file(config, cert_file) != 0)
		return (-1);
	if (tls_config_set_key_file(config, key_file) != 0)
		return (-1);
	if (tls_config_set_key_file(config, key_file) != 0)
		return (-1);
	if (ocsp_file != NULL &&
	    tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
		return (-1);

	return (0);
}

static int
tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len,
    const uint8_t *staple, size_t staple_len)
{
	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
		return (-1);
	if (tls_config_set_key_mem(config, key, key_len) != 0)
		return (-1);
	if ((staple != NULL) &&
	    (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
		return (-1);

	return (0);
}

int
tls_config_set_keypair_file(struct tls_config *config,
    const char *cert_file, const char *key_file)
{
	return tls_config_set_keypair_file_internal(config, cert_file, key_file,
	    NULL);
}

int
tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len)
{
	return tls_config_set_keypair_mem_internal(config, cert, cert_len,
	    key, key_len, NULL, 0);
}

int
tls_config_set_keypair_ocsp_file(struct tls_config *config,
    const char *cert_file, const char *key_file, const char *ocsp_file)
{
	return tls_config_set_keypair_file_internal(config, cert_file, key_file,
	    ocsp_file);
}

int
tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
    size_t cert_len, const uint8_t *key, size_t key_len,
    const uint8_t *staple, size_t staple_len)
{
	return tls_config_set_keypair_mem_internal(config, cert, cert_len,
	    key, key_len, staple, staple_len);
}


int
tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
{
	config->protocols = protocols;

	return (0);
}

int
tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
{
	config->verify_depth = verify_depth;

	return (0);
}

void
tls_config_prefer_ciphers_client(struct tls_config *config)
{
	config->ciphers_server = 0;
}
436
437
438
439
440
441
442






443
444
445
446
447
448
449
450
451
452
453
454






































































































void
tls_config_verify(struct tls_config *config)
{
	config->verify_cert = 1;
	config->verify_name = 1;
	config->verify_time = 1;
}







void
tls_config_verify_client(struct tls_config *config)
{
	config->verify_client = 1;
}

void
tls_config_verify_client_optional(struct tls_config *config)
{
	config->verify_client = 2;
}













































































































>
>
>
>
>
>












>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
void
tls_config_verify(struct tls_config *config)
{
	config->verify_cert = 1;
	config->verify_name = 1;
	config->verify_time = 1;
}

void
tls_config_ocsp_require_stapling(struct tls_config *config)
{
	config->ocsp_require_stapling = 1;
}

void
tls_config_verify_client(struct tls_config *config)
{
	config->verify_client = 1;
}

void
tls_config_verify_client_optional(struct tls_config *config)
{
	config->verify_client = 2;
}

int
tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
{
	return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,
	    staple_file);
}

int
tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
    size_t len)
{
	return tls_keypair_set_ocsp_staple_mem(config->keypair, staple, len);
}

int
tls_config_set_session_id(struct tls_config *config,
    const unsigned char *session_id, size_t len)
{
	if (len > TLS_MAX_SESSION_ID_LENGTH) {
		tls_config_set_errorx(config, "session ID too large");
		return (-1);
	}
	memset(config->session_id, 0, sizeof(config->session_id));
	memcpy(config->session_id, session_id, len);
	return (0);
}

int
tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
{
	if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
		tls_config_set_errorx(config, "session lifetime too large");
		return (-1);
	}
	if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
		tls_config_set_errorx(config, "session lifetime too small");
		return (-1);
	}

	config->session_lifetime = lifetime;
	return (0);
}

int
tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
    unsigned char *key, size_t keylen)
{
	struct tls_ticket_key newkey;
	int i;

	if (TLS_TICKET_KEY_SIZE != keylen ||
	    sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) {
		tls_config_set_errorx(config,
		    "wrong amount of ticket key data");
		return (-1);
	}

	keyrev = htonl(keyrev);
	memset(&newkey, 0, sizeof(newkey));
	memcpy(newkey.key_name, &keyrev, sizeof(keyrev));
	memcpy(newkey.aes_key, key, sizeof(newkey.aes_key));
	memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key),
	    sizeof(newkey.hmac_key));
	newkey.time = time(NULL);

	for (i = 0; i < TLS_NUM_TICKETS; i++) {
		struct tls_ticket_key *tk = &config->ticket_keys[i];
		if (memcmp(newkey.key_name, tk->key_name,
		    sizeof(tk->key_name)) != 0)
			continue;

		/* allow re-entry of most recent key */
		if (i == 0 && memcmp(newkey.aes_key, tk->aes_key,
		    sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key,
		    tk->hmac_key, sizeof(tk->hmac_key)) == 0)
			return (0);
		tls_config_set_errorx(config, "ticket key already present");
		return (-1);
	}

	memmove(&config->ticket_keys[1], &config->ticket_keys[0],
	    sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));
	config->ticket_keys[0] = newkey;

	config->ticket_autorekey = 0;

	return (0);
}

int
tls_config_ticket_autorekey(struct tls_config *config)
{
	unsigned char key[TLS_TICKET_KEY_SIZE];
	int rv;

	arc4random_buf(key, sizeof(key));
	rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,
	    sizeof(key));
	config->ticket_autorekey = 1;
	return (rv);
}
Changes to jni/libressl/tls/tls_conninfo.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls_conninfo.c,v 1.4 2015/10/07 23:25:45 beck Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls_conninfo.c,v 1.13 2017/01/09 15:31:20 jsing Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
116
117
118
119
120
121
122
123

124
125
126
127


128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

148






















149
150
151
152
153
154

155

156
157

158


159
160



161


162




163

164
165

166
167
168

169
170
171
172
173
174
175
176
177
















178

179
180


181
182
183
184
185

186


187
188
189
190
191
192
193
194

195
196




197









198
199
200
201
202
203
204
205
206








207
208
209
210
211
212
213
214
	*subject = X509_NAME_oneline(name, 0, 0);
	if (*subject == NULL)
		return (-1);
	return (0);
}

static int
tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter)

{
	struct tm before_tm, after_tm;
	ASN1_TIME *before, *after;
	int rv = -1;



	memset(&before_tm, 0, sizeof(before_tm));
	memset(&after_tm, 0, sizeof(after_tm));

	if (ctx->ssl_peer_cert != NULL) {
		if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL)
			goto err;
		if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
			goto err;
		if (asn1_time_parse(before->data, before->length, &before_tm, 0)
		    == -1)
			goto err;
		if (asn1_time_parse(after->data, after->length, &after_tm, 0)
		    == -1)
			goto err;
		if ((*notbefore = timegm(&before_tm)) == -1)
			goto err;
		if ((*notafter = timegm(&after_tm)) == -1)
			goto err;
	}

	rv = 0;






















 err:
	return (rv);
}

int
tls_get_conninfo(struct tls *ctx) {

	const char * tmp;

	if (ctx->ssl_peer_cert != NULL) {
		if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)

			goto err;


		if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject)
		    == -1)



			goto err;


		if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)




			goto err;

		if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
		    &ctx->conninfo->notafter) == -1)

			goto err;
	}
	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)

		goto err;
	ctx->conninfo->version = strdup(tmp);
	if (ctx->conninfo->version == NULL)
		goto err;
	if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
		goto err;
	ctx->conninfo->cipher = strdup(tmp);
	if (ctx->conninfo->cipher == NULL)
		goto err;
















	return (0);

err:
	tls_free_conninfo(ctx->conninfo);


	return (-1);
}

void
tls_free_conninfo(struct tls_conninfo *conninfo) {

	if (conninfo != NULL) {


		free(conninfo->hash);
		conninfo->hash = NULL;
		free(conninfo->subject);
		conninfo->subject = NULL;
		free(conninfo->issuer);
		conninfo->issuer = NULL;
		free(conninfo->version);
		conninfo->version = NULL;

		free(conninfo->cipher);
		conninfo->cipher = NULL;




	}









}

const char *
tls_conn_cipher(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->cipher);
}









const char *
tls_conn_version(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->version);
}







|
>



|
>
>




<
|
|
|
|
|
<
|
|
<
|
|
|
|
|
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|


|
|
>
|
>
|
|
>
|
>
>
|
|
>
>
>
|
>
>
|
>
>
>
>
|
>
|
|
>
|

|
>

|
<
<





>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>
|
|
>
>




|
>
|
>
>
|
|
|
|
|
|
|
|
>
|
|
>
>
>
>
|
>
>
>
>
>
>
>
>
>









>
>
>
>
>
>
>
>








116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

135
136
137
138
139

140
141

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210


211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
	*subject = X509_NAME_oneline(name, 0, 0);
	if (*subject == NULL)
		return (-1);
	return (0);
}

static int
tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
    time_t *notafter)
{
	struct tm before_tm, after_tm;
	ASN1_TIME *before, *after;

	if (ctx->ssl_peer_cert == NULL)
		return (-1);

	memset(&before_tm, 0, sizeof(before_tm));
	memset(&after_tm, 0, sizeof(after_tm));


	if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL)
		goto err;
	if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
		goto err;
	if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1)

		goto err;
	if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)

		goto err;
	if ((*notbefore = timegm(&before_tm)) == -1)
		goto err;
	if ((*notafter = timegm(&after_tm)) == -1)
		goto err;

	return (0);

 err:
	return (-1);
}

static int
tls_get_peer_cert_info(struct tls *ctx)
{
	if (ctx->ssl_peer_cert == NULL)
		return (0);

	if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)
		goto err;
	if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject) == -1)
		goto err;
	if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
		goto err;
	if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
	    &ctx->conninfo->notafter) == -1)
		goto err;

	return (0);

 err:
	return (-1);
}

static int
tls_conninfo_alpn_proto(struct tls *ctx)
{
	const unsigned char *p;
	unsigned int len;

	free(ctx->conninfo->alpn);
	ctx->conninfo->alpn = NULL;

	SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len);
	if (len > 0) {
		if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL)
			return (-1);
		memcpy(ctx->conninfo->alpn, p, len);
		ctx->conninfo->alpn[len] = '\0';
	}

	return (0);
}

int
tls_conninfo_populate(struct tls *ctx)
{
	const char *tmp;

	tls_conninfo_free(ctx->conninfo);

	if ((ctx->conninfo = calloc(1, sizeof(struct tls_conninfo))) == NULL) {
		tls_set_errorx(ctx, "out of memory");
		goto err;
	}

	if (tls_conninfo_alpn_proto(ctx) == -1)
		goto err;



	if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
		goto err;
	ctx->conninfo->cipher = strdup(tmp);
	if (ctx->conninfo->cipher == NULL)
		goto err;

	if (ctx->servername != NULL) {
		if ((ctx->conninfo->servername =
		    strdup(ctx->servername)) == NULL)
			goto err;
	}

	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
		goto err;
	ctx->conninfo->version = strdup(tmp);
	if (ctx->conninfo->version == NULL)
		goto err;

	if (tls_get_peer_cert_info(ctx) == -1)
		goto err;

	return (0);

 err:
	tls_conninfo_free(ctx->conninfo);
	ctx->conninfo = NULL;

	return (-1);
}

void
tls_conninfo_free(struct tls_conninfo *conninfo)
{
	if (conninfo == NULL)
		return;

	free(conninfo->alpn);
	conninfo->alpn = NULL;
	free(conninfo->cipher);
	conninfo->cipher = NULL;
	free(conninfo->servername);
	conninfo->servername = NULL;
	free(conninfo->version);
	conninfo->version = NULL;

	free(conninfo->hash);
	conninfo->hash = NULL;
	free(conninfo->issuer);
	conninfo->issuer = NULL;
	free(conninfo->subject);
	conninfo->subject = NULL;

	free(conninfo);
}

const char *
tls_conn_alpn_selected(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->alpn);
}

const char *
tls_conn_cipher(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->cipher);
}

const char *
tls_conn_servername(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->servername);
}

const char *
tls_conn_version(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->version);
}
Changes to jni/libressl/tls/tls_internal.h.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls_internal.h,v 1.31 2016/07/07 14:09:03 jsing Exp $ */
/*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls_internal.h,v 1.53 2017/01/29 17:52:11 beck Exp $ */
/*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
19
20
21
22
23
24
25


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

44
45
46
47
48
49
50
51
52
53
54


















55
56
57
58
59
60

61
62
63
64
65
66
67
68

69





70
71
72
73
74
75
76
77
78
79
80
81
82
83

84



85
86
87
88
89
90
91
92
93
94





























95
96
97
98
99
100
101
102
103
104
105
106
107



108

109






110
111



112
113
114
115
116
117
118

119


120

121
122




123
124




125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142



143
144
145
146
147
148
149




150

151
152
#ifndef HEADER_TLS_INTERNAL_H
#define HEADER_TLS_INTERNAL_H

#include <arpa/inet.h>
#include <netinet/in.h>

#include <openssl/ssl.h>



#ifndef _PATH_SSL_CA_FILE
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
#endif

#define TLS_CIPHERS_DEFAULT	"TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
#define TLS_CIPHERS_COMPAT	"HIGH:!aNULL"
#define TLS_CIPHERS_LEGACY	"HIGH:MEDIUM:!aNULL"
#define TLS_CIPHERS_ALL		"ALL:!aNULL:!eNULL"

union tls_addr {
	struct in_addr ip4;
	struct in6_addr ip6;
};

struct tls_error {
	char *msg;
	int num;

};

struct tls_keypair {
	struct tls_keypair *next;

	const char *cert_file;
	char *cert_mem;
	size_t cert_len;
	const char *key_file;
	char *key_mem;
	size_t key_len;


















};

struct tls_config {
	struct tls_error error;

	const char *ca_file;

	const char *ca_path;
	char *ca_mem;
	size_t ca_len;
	const char *ciphers;
	int ciphers_server;
	int dheparams;
	int ecdhecurve;
	struct tls_keypair *keypair;

	uint32_t protocols;





	int verify_cert;
	int verify_client;
	int verify_depth;
	int verify_name;
	int verify_time;
};

struct tls_conninfo {
	char *issuer;
	char *subject;
	char *hash;
	char *serial;
	char *fingerprint;
	char *version;

	char *cipher;



	time_t notbefore;
	time_t notafter;
};

#define TLS_CLIENT		(1 << 0)
#define TLS_SERVER		(1 << 1)
#define TLS_SERVER_CONN		(1 << 2)

#define TLS_EOF_NO_CLOSE_NOTIFY	(1 << 0)
#define TLS_HANDSHAKE_COMPLETE	(1 << 1)






























struct tls {
	struct tls_config *config;
	struct tls_error error;

	uint32_t flags;
	uint32_t state;

	char *servername;
	int socket;

	SSL *ssl_conn;
	SSL_CTX *ssl_ctx;



	X509 *ssl_peer_cert;

	struct tls_conninfo *conninfo;






};




struct tls *tls_new(void);
struct tls *tls_server_conn(struct tls *ctx);

int tls_check_name(struct tls *ctx, X509 *cert, const char *servername);
int tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
    struct tls_keypair *keypair, int required);
int tls_configure_server(struct tls *ctx);

int tls_configure_ssl(struct tls *ctx);


int tls_configure_ssl_verify(struct tls *ctx, int verify);

int tls_handshake_client(struct tls *ctx);
int tls_handshake_server(struct tls *ctx);




int tls_host_port(const char *hostport, char **host, char **port);





int tls_error_set(struct tls_error *error, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_error_setx(struct tls_error *error, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_config_set_error(struct tls_config *cfg, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_config_set_errorx(struct tls_config *cfg, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_set_error(struct tls *ctx, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_set_errorx(struct tls *ctx, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));




int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret,
    const char *prefix);

int tls_get_conninfo(struct tls *ctx);
void tls_free_conninfo(struct tls_conninfo *conninfo);





int asn1_time_parse(const char *, size_t, struct tm *, int);


#endif /* HEADER_TLS_INTERNAL_H */







>
>


















>





<


<


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





|
>








>

>
>
>
>
>








|
<
|
|
<

>
|
>
>
>










>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>













>
>
>

>

>
>
>
>
>
>


>
>
>




<
<

>
|
>
>
|
>


>
>
>
>


>
>
>
>


















>
>
>




|
|

>
>
>
>
|
>


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

105
106

107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185


186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
#ifndef HEADER_TLS_INTERNAL_H
#define HEADER_TLS_INTERNAL_H

#include <arpa/inet.h>
#include <netinet/in.h>

#include <openssl/ssl.h>

__BEGIN_HIDDEN_DECLS

#ifndef _PATH_SSL_CA_FILE
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
#endif

#define TLS_CIPHERS_DEFAULT	"TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
#define TLS_CIPHERS_COMPAT	"HIGH:!aNULL"
#define TLS_CIPHERS_LEGACY	"HIGH:MEDIUM:!aNULL"
#define TLS_CIPHERS_ALL		"ALL:!aNULL:!eNULL"

union tls_addr {
	struct in_addr ip4;
	struct in6_addr ip6;
};

struct tls_error {
	char *msg;
	int num;
	int tls;
};

struct tls_keypair {
	struct tls_keypair *next;


	char *cert_mem;
	size_t cert_len;

	char *key_mem;
	size_t key_len;
	char *ocsp_staple;
	size_t ocsp_staple_len;
};

#define TLS_MIN_SESSION_TIMEOUT (4)
#define TLS_MAX_SESSION_TIMEOUT (24 * 60 * 60)

#define TLS_NUM_TICKETS				4
#define TLS_TICKET_NAME_SIZE			16
#define TLS_TICKET_AES_SIZE			32
#define TLS_TICKET_HMAC_SIZE			16

struct tls_ticket_key {
	/* The key_name must be 16 bytes according to -lssl */
	unsigned char	key_name[TLS_TICKET_NAME_SIZE];
	unsigned char	aes_key[TLS_TICKET_AES_SIZE];
	unsigned char	hmac_key[TLS_TICKET_HMAC_SIZE];
	time_t		time;
};

struct tls_config {
	struct tls_error error;

	char *alpn;
	size_t alpn_len;
	const char *ca_path;
	char *ca_mem;
	size_t ca_len;
	const char *ciphers;
	int ciphers_server;
	int dheparams;
	int ecdhecurve;
	struct tls_keypair *keypair;
	int ocsp_require_stapling;
	uint32_t protocols;
	unsigned char session_id[TLS_MAX_SESSION_ID_LENGTH];
	int session_lifetime;
	struct tls_ticket_key ticket_keys[TLS_NUM_TICKETS];
	uint32_t ticket_keyrev;
	int ticket_autorekey;
	int verify_cert;
	int verify_client;
	int verify_depth;
	int verify_name;
	int verify_time;
};

struct tls_conninfo {
	char *alpn;

	char *cipher;
	char *servername;

	char *version;

	char *hash;
	char *issuer;
	char *subject;

	time_t notbefore;
	time_t notafter;
};

#define TLS_CLIENT		(1 << 0)
#define TLS_SERVER		(1 << 1)
#define TLS_SERVER_CONN		(1 << 2)

#define TLS_EOF_NO_CLOSE_NOTIFY	(1 << 0)
#define TLS_HANDSHAKE_COMPLETE	(1 << 1)
#define TLS_SSL_NEEDS_SHUTDOWN  (1 << 2)

struct tls_ocsp_result {
	const char *result_msg;
	int response_status;
	int cert_status;
	int crl_reason;
	time_t this_update;
	time_t next_update;
	time_t revocation_time;
};

struct tls_ocsp {
	/* responder location */
	char *ocsp_url;

	/* cert data, this struct does not own these */
	X509 *main_cert;
	STACK_OF(X509) *extra_certs;

	struct tls_ocsp_result *ocsp_result;
};

struct tls_sni_ctx {
	struct tls_sni_ctx *next;

	SSL_CTX *ssl_ctx;
	X509 *ssl_cert;
};

struct tls {
	struct tls_config *config;
	struct tls_error error;

	uint32_t flags;
	uint32_t state;

	char *servername;
	int socket;

	SSL *ssl_conn;
	SSL_CTX *ssl_ctx;

	struct tls_sni_ctx *sni_ctx;

	X509 *ssl_peer_cert;

	struct tls_conninfo *conninfo;

	struct tls_ocsp *ocsp;

	tls_read_cb read_cb;
	tls_write_cb write_cb;
	void *cb_arg;
};

struct tls_sni_ctx *tls_sni_ctx_new(void);
void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);

struct tls *tls_new(void);
struct tls *tls_server_conn(struct tls *ctx);

int tls_check_name(struct tls *ctx, X509 *cert, const char *servername);


int tls_configure_server(struct tls *ctx);

int tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx);
int tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
    struct tls_keypair *keypair, int required);
int tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify);

int tls_handshake_client(struct tls *ctx);
int tls_handshake_server(struct tls *ctx);

int tls_config_load_file(struct tls_error *error, const char *filetype,
    const char *filename, char **buf, size_t *len);
int tls_config_ticket_autorekey(struct tls_config *config);
int tls_host_port(const char *hostport, char **host, char **port);

int tls_set_cbs(struct tls *ctx,
    tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg);

void tls_error_clear(struct tls_error *error);
int tls_error_set(struct tls_error *error, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_error_setx(struct tls_error *error, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_config_set_error(struct tls_config *cfg, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_config_set_errorx(struct tls_config *cfg, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_set_error(struct tls *ctx, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_set_errorx(struct tls *ctx, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));
int tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...)
    __attribute__((__format__ (printf, 2, 3)))
    __attribute__((__nonnull__ (2)));

int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret,
    const char *prefix);

int tls_conninfo_populate(struct tls *ctx);
void tls_conninfo_free(struct tls_conninfo *conninfo);

int tls_ocsp_verify_cb(SSL *ssl, void *arg);
int tls_ocsp_stapling_cb(SSL *ssl, void *arg);
void tls_ocsp_free(struct tls_ocsp *ctx);
struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx);

__END_HIDDEN_DECLS

#endif /* HEADER_TLS_INTERNAL_H */
Added jni/libressl/tls/tls_ocsp.c.






























































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
/*
 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>

#include <arpa/inet.h>
#include <netinet/in.h>

#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/x509.h>

#include <tls.h>
#include "tls_internal.h"

#define MAXAGE_SEC (14*24*60*60)
#define JITTER_SEC (60)

/*
 * State for request.
 */

static struct tls_ocsp *
tls_ocsp_new(void)
{
	return (calloc(1, sizeof(struct tls_ocsp)));
}

void
tls_ocsp_free(struct tls_ocsp *ocsp)
{
	if (ocsp == NULL)
		return;

	free(ocsp->ocsp_result);
	ocsp->ocsp_result = NULL;
	free(ocsp->ocsp_url);
	ocsp->ocsp_url = NULL;
	free(ocsp);
}

static int
tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_time)
{
	struct tm tm;

	if (gt == NULL)
		return -1;
	/* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
	if (ASN1_time_parse(gt->data, gt->length, &tm,
		V_ASN1_GENERALIZEDTIME) == -1)
		return -1;
	if ((*gt_time = timegm(&tm)) == -1)
		return -1;
	return 0;
}

static int
tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
    int crl_reason, ASN1_GENERALIZEDTIME *revtime,
    ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd)
{
	struct tls_ocsp_result *info = NULL;

	free(ctx->ocsp->ocsp_result);
	ctx->ocsp->ocsp_result = NULL;

	if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) {
		tls_set_error(ctx, "calloc");
		return -1;
	}
	info->response_status = response_status;
	info->cert_status = cert_status;
	info->crl_reason = crl_reason;
	if (info->response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
		info->result_msg =
		    OCSP_response_status_str(info->response_status);
	} else if (info->cert_status != V_OCSP_CERTSTATUS_REVOKED) {
		info->result_msg = OCSP_cert_status_str(info->cert_status);
	} else {
		info->result_msg = OCSP_crl_reason_str(info->crl_reason);
	}
	info->revocation_time = info->this_update = info->next_update = -1;
	if (revtime != NULL &&
	    tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) {
		tls_set_error(ctx,
		    "unable to parse revocation time in OCSP reply");
		goto error;
	}
	if (thisupd != NULL &&
	    tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) {
		tls_set_error(ctx,
		    "unable to parse this update time in OCSP reply");
		goto error;
	}
	if (nextupd != NULL &&
	    tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) {
		tls_set_error(ctx,
		    "unable to parse next update time in OCSP reply");
		goto error;
	}
	ctx->ocsp->ocsp_result = info;
	return 0;
 error:
	free(info);
	return -1;
}

static OCSP_CERTID *
tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,
    SSL_CTX *ssl_ctx)
{
	X509_NAME *issuer_name;
	X509 *issuer;
	X509_STORE_CTX storectx;
	X509_OBJECT tmpobj;
	OCSP_CERTID *cid = NULL;
	X509_STORE *store;

	if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL)
		return NULL;

	if (extra_certs != NULL) {
		issuer = X509_find_by_subject(extra_certs, issuer_name);
		if (issuer != NULL)
			return OCSP_cert_to_id(NULL, main_cert, issuer);
	}

	if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL)
		return NULL;
	if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1)
		return NULL;
	if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name,
		&tmpobj) == 1) {
		cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
		X509_OBJECT_free_contents(&tmpobj);
	}
	X509_STORE_CTX_cleanup(&storectx);
	return cid;
}

struct tls_ocsp *
tls_ocsp_setup_from_peer(struct tls *ctx)
{
	struct tls_ocsp *ocsp = NULL;
	STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL;

	if ((ocsp = tls_ocsp_new()) == NULL)
		goto failed;

	/* steal state from ctx struct */
	ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);
	ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);
	if (ocsp->main_cert == NULL) {
		tls_set_errorx(ctx, "no peer certificate for OCSP");
		goto failed;
	}

	ocsp_urls = X509_get1_ocsp(ocsp->main_cert);
	if (ocsp_urls == NULL)
		goto failed;
	ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));
	if (ocsp->ocsp_url == NULL) {
		tls_set_errorx(ctx, "out of memory");
		goto failed;
	}

	X509_email_free(ocsp_urls);
	return ocsp;

 failed:
	tls_ocsp_free(ocsp);
	X509_email_free(ocsp_urls);
	return NULL;
}

static int
tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
{
	OCSP_BASICRESP *br = NULL;
	ASN1_GENERALIZEDTIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
	OCSP_CERTID *cid = NULL;
	STACK_OF(X509) *combined = NULL;
	int response_status=0, cert_status=0, crl_reason=0;
	int ret = -1;
	unsigned long flags;

	if ((br = OCSP_response_get1_basic(resp)) == NULL) {
		tls_set_errorx(ctx, "cannot load ocsp reply");
		goto error;
	}

	/*
	 * Skip validation of 'extra_certs' as this should be done
	 * already as part of main handshake.
	 */
	flags = OCSP_TRUSTOTHER;

	/* now verify */
	if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,
		SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) {
		tls_set_error(ctx, "ocsp verify failed");
		goto error;
	}

	/* signature OK, look inside */
	response_status = OCSP_response_status(resp);
	if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
		tls_set_errorx(ctx, "ocsp verify failed: response - %s",
		    OCSP_response_status_str(response_status));
		goto error;
	}

	cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,
	    ctx->ocsp->extra_certs, ctx->ssl_ctx);
	if (cid == NULL) {
		tls_set_errorx(ctx, "ocsp verify failed: no issuer cert");
		goto error;
	}

	if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason,
	    &revtime, &thisupd, &nextupd) != 1) {
		tls_set_errorx(ctx, "ocsp verify failed: no result for cert");
		goto error;
	}

	if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC,
	    MAXAGE_SEC) != 1) {
		tls_set_errorx(ctx,
		    "ocsp verify failed: ocsp response not current");
		goto error;
	}

	if (tls_ocsp_fill_info(ctx, response_status, cert_status,
	    crl_reason, revtime, thisupd, nextupd) != 0)
		goto error;

	/* finally can look at status */
	if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status !=
	    V_OCSP_CERTSTATUS_UNKNOWN) {
		tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s",
			       OCSP_crl_reason_str(crl_reason));
		goto error;
	}
	ret = 0;

 error:
	sk_X509_free(combined);
	OCSP_CERTID_free(cid);
	OCSP_BASICRESP_free(br);
	return ret;
}

/*
 * Process a raw OCSP response from an OCSP server request.
 * OCSP details can then be retrieved with tls_peer_ocsp_* functions.
 * returns 0 if certificate ok, -1 otherwise.
 */
static int
tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *response,
    size_t size)
{
	int ret;
	OCSP_RESPONSE *resp;

	resp = d2i_OCSP_RESPONSE(NULL, &response, size);
	if (resp == NULL) {
		tls_ocsp_free(ctx->ocsp);
		ctx->ocsp = NULL;
		tls_set_error(ctx, "unable to parse OCSP response");
		return -1;
	}
	ret = tls_ocsp_verify_response(ctx, resp);
	OCSP_RESPONSE_free(resp);
	return ret;
}

/* TLS handshake verification callback for stapled requests */
int
tls_ocsp_verify_cb(SSL *ssl, void *arg)
{
	const unsigned char *raw = NULL;
	int size, res = -1;
	struct tls *ctx;

	if ((ctx = SSL_get_app_data(ssl)) == NULL)
		return -1;

	size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw);
	if (size <= 0) {
		if (ctx->config->ocsp_require_stapling) {
			tls_set_errorx(ctx, "no stapled OCSP response provided");
			return 0;
		}
		return 1;
	}

	tls_ocsp_free(ctx->ocsp);
	ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
	if (ctx->ocsp != NULL) {
		if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0)
			return 1;
		res = tls_ocsp_process_response_internal(ctx, raw, size);
	}

	return (res == 0) ? 1 : 0;
}


/* Staple the OCSP information in ctx->ocsp to the server handshake. */
int
tls_ocsp_stapling_cb(SSL *ssl, void *arg)
{
	struct tls *ctx;
	unsigned char *ocsp_staple = NULL;
	int ret = SSL_TLSEXT_ERR_ALERT_FATAL;

	if ((ctx = SSL_get_app_data(ssl)) == NULL)
		goto err;

	if (ctx->config->keypair == NULL ||
	    ctx->config->keypair->ocsp_staple == NULL ||
	    ctx->config->keypair->ocsp_staple_len == 0)
		return SSL_TLSEXT_ERR_NOACK;

	if ((ocsp_staple = malloc(ctx->config->keypair->ocsp_staple_len)) ==
	    NULL)
		goto err;

	memcpy(ocsp_staple, ctx->config->keypair->ocsp_staple,
	    ctx->config->keypair->ocsp_staple_len);
	if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
		ctx->config->keypair->ocsp_staple_len) != 1)
		goto err;

	ret = SSL_TLSEXT_ERR_OK;
 err:
	if (ret != SSL_TLSEXT_ERR_OK)
		free(ocsp_staple);
	return ret;
}

/*
 * Public API
 */

/* Retrieve OCSP URL from peer certificate, if present */
const char *
tls_peer_ocsp_url(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return NULL;
	return ctx->ocsp->ocsp_url;
}

const char *
tls_peer_ocsp_result(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return NULL;
	if (ctx->ocsp->ocsp_result == NULL)
		return NULL;
	return ctx->ocsp->ocsp_result->result_msg;
}

int
tls_peer_ocsp_response_status(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return -1;
	if (ctx->ocsp->ocsp_result == NULL)
		return -1;
	return ctx->ocsp->ocsp_result->response_status;
}

int
tls_peer_ocsp_cert_status(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return -1;
	if (ctx->ocsp->ocsp_result == NULL)
		return -1;
	return ctx->ocsp->ocsp_result->cert_status;
}

int
tls_peer_ocsp_crl_reason(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return -1;
	if (ctx->ocsp->ocsp_result == NULL)
		return -1;
	return ctx->ocsp->ocsp_result->crl_reason;
}

time_t
tls_peer_ocsp_this_update(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return -1;
	if (ctx->ocsp->ocsp_result == NULL)
		return -1;
	return ctx->ocsp->ocsp_result->this_update;
}

time_t
tls_peer_ocsp_next_update(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return -1;
	if (ctx->ocsp->ocsp_result == NULL)
		return -1;
	return ctx->ocsp->ocsp_result->next_update;
}

time_t
tls_peer_ocsp_revocation_time(struct tls *ctx)
{
	if (ctx->ocsp == NULL)
		return -1;
	if (ctx->ocsp->ocsp_result == NULL)
		return -1;
	return ctx->ocsp->ocsp_result->revocation_time;
}

int
tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,
    size_t size)
{
	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0)
		return -1;
	return tls_ocsp_process_response_internal(ctx, response, size);
}
Changes to jni/libressl/tls/tls_peer.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls_peer.c,v 1.6 2016/08/22 17:08:10 jsing Exp $ */
/*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

37
38
39
40
41
42
43
44

45
46
47
48
49
50
51
52
53

#include <tls.h>
#include "tls_internal.h"

const char *
tls_peer_cert_hash(struct tls *ctx)
{
	if (ctx->conninfo)
		return (ctx->conninfo->hash);
	return NULL;
}
const char *
tls_peer_cert_issuer(struct tls *ctx)
{
	if (ctx->conninfo)

		return (ctx->conninfo->issuer);
	return NULL;
}

const char *
tls_peer_cert_subject(struct tls *ctx)
{
	if (ctx->conninfo)

		return (ctx->conninfo->subject);
	return NULL;
}

int
tls_peer_cert_provided(struct tls *ctx)
{
	return (ctx->ssl_peer_cert != NULL);
}







|
|
|




|
>
|
<





|
>
|
<







22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

39
40
41
42
43
44
45
46

47
48
49
50
51
52
53

#include <tls.h>
#include "tls_internal.h"

const char *
tls_peer_cert_hash(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->hash);
}
const char *
tls_peer_cert_issuer(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->issuer);

}

const char *
tls_peer_cert_subject(struct tls *ctx)
{
	if (ctx->conninfo == NULL)
		return (NULL);
	return (ctx->conninfo->subject);

}

int
tls_peer_cert_provided(struct tls *ctx)
{
	return (ctx->ssl_peer_cert != NULL);
}
Changes to jni/libressl/tls/tls_server.c.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16




17
18
19
20
21
22
23
/* $OpenBSD: tls_server.c,v 1.18 2015/09/29 10:17:04 deraadt Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */





#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/ssl.h>

#include <tls.h>
#include "tls_internal.h"
|















>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/* $OpenBSD: tls_server.c,v 1.35 2017/01/31 15:57:43 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/socket.h>

#include <arpa/inet.h>

#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/ssl.h>

#include <tls.h>
#include "tls_internal.h"
40
41
42
43
44
45
46

47
48
49
50




































































51







































































































52

53
54
55

56
57
58
59
60
61












62
63
64
65
66
67
68
69
70
71
72
73




74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94



95
96











97





98

99



100


101





102







103
104
105







106
107
108
109
110
111
112
113
114
115






116
117


118
119

120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

138
139
140
141























142
143
144
145
146
147
148
149
150
151
152
153

154




















155
156
157
158
159
160
161
162
163
164
165
166
167
168
169


170
171
172
173
174
175
176
177
178
179
180
181
182
{
	struct tls *conn_ctx;

	if ((conn_ctx = tls_new()) == NULL)
		return (NULL);

	conn_ctx->flags |= TLS_SERVER_CONN;


	return (conn_ctx);
}





































































int







































































































tls_configure_server(struct tls *ctx)

{
	EC_KEY *ecdh_key;
	unsigned char sid[SSL_MAX_SSL_SESSION_ID_LENGTH];


	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
		tls_set_errorx(ctx, "ssl context failure");
		goto err;
	}













	if (tls_configure_ssl(ctx) != 0)
		goto err;
	if (tls_configure_keypair(ctx, ctx->ssl_ctx, ctx->config->keypair, 1) != 0)
		goto err;
	if (ctx->config->verify_client != 0) {
		int verify = SSL_VERIFY_PEER;
		if (ctx->config->verify_client == 1)
			verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
		if (tls_configure_ssl_verify(ctx, verify) == -1)
			goto err;
	}





	if (ctx->config->dheparams == -1)
		SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);
	else if (ctx->config->dheparams == 1024)
		SSL_CTX_set_dh_auto(ctx->ssl_ctx, 2);

	if (ctx->config->ecdhecurve == -1) {
		SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);
	} else if (ctx->config->ecdhecurve != NID_undef) {
		if ((ecdh_key = EC_KEY_new_by_curve_name(
		    ctx->config->ecdhecurve)) == NULL) {
			tls_set_errorx(ctx, "failed to set ECDHE curve");
			goto err;
		}
		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
		SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
		EC_KEY_free(ecdh_key);
	}

	if (ctx->config->ciphers_server == 1)
		SSL_CTX_set_options(ctx->ssl_ctx,
		    SSL_OP_CIPHER_SERVER_PREFERENCE);




	/*











	 * Set session ID context to a random value.  We don't support





	 * persistent caching of sessions so it is OK to set a temporary

	 * session ID context that is valid during run time.



	 */


	arc4random_buf(sid, sizeof(sid));





	if (!SSL_CTX_set_session_id_context(ctx->ssl_ctx, sid, sizeof(sid))) {







		tls_set_errorx(ctx, "failed to set session id context");
		goto err;
	}








	return (0);

 err:
	return (-1);
}

int
tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
{






	return (tls_accept_fds(ctx, cctx, socket, socket));
}



int

tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
{
	struct tls *conn_ctx = NULL;

	if ((ctx->flags & TLS_SERVER) == 0) {
		tls_set_errorx(ctx, "not a server context");
		goto err;
	}

	if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
		tls_set_errorx(ctx, "connection context failure");
		goto err;
	}

	if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
		tls_set_errorx(ctx, "ssl failure");
		goto err;
	}

	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
		tls_set_errorx(ctx, "ssl application data failure");
		goto err;
	}























	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
	    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
		tls_set_errorx(ctx, "ssl file descriptor failure");
		goto err;
	}

	*cctx = conn_ctx;

	return (0);

 err:
	tls_free(conn_ctx);






















	*cctx = NULL;

	return (-1);
}

int
tls_handshake_server(struct tls *ctx)
{
	int ssl_ret;
	int rv = -1;

	if ((ctx->flags & TLS_SERVER_CONN) == 0) {
		tls_set_errorx(ctx, "not a server connection context");
		goto err;
	}



	ERR_clear_error();
	if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
		goto err;
	}

	ctx->state |= TLS_HANDSHAKE_COMPLETE;
	rv = 0;

 err:
	return (rv);
}







>




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>


|
>

|




>
>
>
>
>
>
>
>
>
>
>
>
|

|





|



>
>
>
>

|

|


|






|
|




|
|
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
|
>
|
>
>
>
|
>
>
|
>
>
>
>
>
|
>
>
>
>
>
>
>
|
|
|
>
>
>
>
>
>
>








|

>
>
>
>
>
>
|
|
>
>
|
|
>
|

















>




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>









<


>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>















>
>













44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421

422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
{
	struct tls *conn_ctx;

	if ((conn_ctx = tls_new()) == NULL)
		return (NULL);

	conn_ctx->flags |= TLS_SERVER_CONN;
	conn_ctx->config = ctx->config;

	return (conn_ctx);
}

static int
tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, void *arg)
{
	struct tls *ctx = arg;

	if (SSL_select_next_proto((unsigned char**)out, outlen,
	    ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
	    OPENSSL_NPN_NEGOTIATED)
		return (SSL_TLSEXT_ERR_OK);

	return (SSL_TLSEXT_ERR_NOACK);
}

static int
tls_servername_cb(SSL *ssl, int *al, void *arg)
{
	struct tls *ctx = (struct tls *)arg;
	struct tls_sni_ctx *sni_ctx;
	union tls_addr addrbuf;
	struct tls *conn_ctx;
	const char *name;

	if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
		goto err;

	if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) == NULL) {
		/*
		 * The servername callback gets called even when there is no
		 * TLS servername extension provided by the client. Sigh!
		 */
		return (SSL_TLSEXT_ERR_NOACK);
	}

	/* Per RFC 6066 section 3: ensure that name is not an IP literal. */
	if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
            inet_pton(AF_INET6, name, &addrbuf) == 1)
		goto err;

	free((char *)conn_ctx->servername);
	if ((conn_ctx->servername = strdup(name)) == NULL)
		goto err;

	/* Find appropriate SSL context for requested servername. */
	for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
		if (tls_check_name(ctx, sni_ctx->ssl_cert, name) == 0) {
			SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
			return (SSL_TLSEXT_ERR_OK);
		}
	}

	/* No match, use the existing context/certificate. */
	return (SSL_TLSEXT_ERR_OK);

 err:
	/*
	 * There is no way to tell libssl that an internal failure occurred.
	 * The only option we have is to return a fatal alert.
	 */
	*al = TLS1_AD_INTERNAL_ERROR;
	return (SSL_TLSEXT_ERR_ALERT_FATAL);
}

static struct tls_ticket_key *
tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
{
	struct tls_ticket_key *key = NULL;
	time_t now;
	int i;

	now = time(NULL);
	if (config->ticket_autorekey == 1) {
		if (now - 3 * (config->session_lifetime / 4) >
		    config->ticket_keys[0].time) {
			if (tls_config_ticket_autorekey(config) == -1)
				return (NULL);
		}
	}
	for (i = 0; i < TLS_NUM_TICKETS; i++) {
		struct tls_ticket_key *tk = &config->ticket_keys[i];
		if (now - config->session_lifetime > tk->time)
			continue;
		if (keyname == NULL || timingsafe_memcmp(keyname,
		    tk->key_name, sizeof(tk->key_name)) == 0) {
			key = tk;
			break;
		}
	}
	return (key);
}

static int
tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
    EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)
{
	struct tls_ticket_key *key;
	struct tls *tls_ctx;

	if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
		return (-1);

	if (mode == 1) {
		/* create new session */
		key = tls_server_ticket_key(tls_ctx->config, NULL);
		if (key == NULL) {
			tls_set_errorx(tls_ctx, "no valid ticket key found");
			return (-1);
		}

		memcpy(keyname, key->key_name, sizeof(key->key_name));
		arc4random_buf(iv, EVP_MAX_IV_LENGTH);
		EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
		    key->aes_key, iv);
		HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
		    EVP_sha256(), NULL);
		return (0);
	} else {
		/* get key by name */
		key = tls_server_ticket_key(tls_ctx->config, keyname);
		if (key == NULL)
			return (0);

		EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
		    key->aes_key, iv);
		HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
		    EVP_sha256(), NULL);

		/* time to renew the ticket? is it the primary key? */
		if (key != &tls_ctx->config->ticket_keys[0])
			return (2);
		return (1);
	}
}

static int
tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
    X509 **cert)
{
	char *errstr = "unknown";
	BIO *cert_bio = NULL;
	int ssl_err;

	X509_free(*cert);
	*cert = NULL;

	if (keypair->cert_mem == NULL) {
		tls_error_set(error, "keypair has no certificate");
		goto err;
	}
	if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
	    keypair->cert_len)) == NULL) {
		tls_error_set(error, "failed to create certificate bio");
		goto err;
	}
	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL)) == NULL) {
		if ((ssl_err = ERR_peek_error()) != 0)
		    errstr = ERR_error_string(ssl_err, NULL);
		tls_error_set(error, "failed to load certificate: %s", errstr);
		goto err;
	}

	BIO_free(cert_bio);

	return (0);

 err:
	BIO_free(cert_bio);

	return (-1);
}

static int
tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
    struct tls_keypair *keypair)
{
	EC_KEY *ecdh_key;

	SSL_CTX_free(*ssl_ctx);

	if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
		tls_set_errorx(ctx, "ssl context failure");
		goto err;
	}

	SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);

	if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
	    tls_servername_cb) != 1) {
		tls_set_error(ctx, "failed to set servername callback");
		goto err;
	}
	if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
		tls_set_error(ctx, "failed to set servername callback arg");
		goto err;
	}

	if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
		goto err;
	if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
		goto err;
	if (ctx->config->verify_client != 0) {
		int verify = SSL_VERIFY_PEER;
		if (ctx->config->verify_client == 1)
			verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
		if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
			goto err;
	}

	if (ctx->config->alpn != NULL)
		SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
		    ctx);

	if (ctx->config->dheparams == -1)
		SSL_CTX_set_dh_auto(*ssl_ctx, 1);
	else if (ctx->config->dheparams == 1024)
		SSL_CTX_set_dh_auto(*ssl_ctx, 2);

	if (ctx->config->ecdhecurve == -1) {
		SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
	} else if (ctx->config->ecdhecurve != NID_undef) {
		if ((ecdh_key = EC_KEY_new_by_curve_name(
		    ctx->config->ecdhecurve)) == NULL) {
			tls_set_errorx(ctx, "failed to set ECDHE curve");
			goto err;
		}
		SSL_CTX_set_options(*ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
		SSL_CTX_set_tmp_ecdh(*ssl_ctx, ecdh_key);
		EC_KEY_free(ecdh_key);
	}

	if (ctx->config->ciphers_server == 1)
		SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);

	if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
		tls_set_errorx(ctx, "failed to add OCSP stapling callback");
		goto err;
	}

	if (ctx->config->session_lifetime > 0) {
		/* set the session lifetime and enable tickets */
		SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);
		SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
		if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
		    tls_server_ticket_cb)) {
			tls_set_error(ctx,
			    "failed to set the TLS ticket callback");
			goto err;
		}
	}

	if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
	    sizeof(ctx->config->session_id)) != 1) {
		tls_set_error(ctx, "failed to set session id context");
		goto err;
	}

	return (0);

  err:
	SSL_CTX_free(*ssl_ctx);
	*ssl_ctx = NULL;

	return (-1);
}

static int
tls_configure_server_sni(struct tls *ctx)
{
	struct tls_sni_ctx **sni_ctx;
	struct tls_keypair *kp;

	if (ctx->config->keypair->next == NULL)
		return (0);

	/* Set up additional SSL contexts for SNI. */
	sni_ctx = &ctx->sni_ctx;
	for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
		if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
			tls_set_errorx(ctx, "out of memory");
			goto err;
		}
		if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
			goto err;
		if (tls_keypair_load_cert(kp, &ctx->error,
		    &(*sni_ctx)->ssl_cert) == -1)
			goto err;
		sni_ctx = &(*sni_ctx)->next;
	}

	return (0);

 err:
	return (-1);
}

int
tls_configure_server(struct tls *ctx)
{
	if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
	    ctx->config->keypair) == -1)
		goto err;
	if (tls_configure_server_sni(ctx) == -1)
		goto err;

	return (0);

 err:
	return (-1);
}

static struct tls *
tls_accept_common(struct tls *ctx)
{
	struct tls *conn_ctx = NULL;

	if ((ctx->flags & TLS_SERVER) == 0) {
		tls_set_errorx(ctx, "not a server context");
		goto err;
	}

	if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
		tls_set_errorx(ctx, "connection context failure");
		goto err;
	}

	if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
		tls_set_errorx(ctx, "ssl failure");
		goto err;
	}

	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
		tls_set_errorx(ctx, "ssl application data failure");
		goto err;
	}

	return conn_ctx;

 err:
	tls_free(conn_ctx);

	return (NULL);
}

int
tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)
{
	return (tls_accept_fds(ctx, cctx, s, s));
}

int
tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
{
	struct tls *conn_ctx;

	if ((conn_ctx = tls_accept_common(ctx)) == NULL)
		goto err;

	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
	    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
		tls_set_errorx(ctx, "ssl file descriptor failure");
		goto err;
	}

	*cctx = conn_ctx;

	return (0);

 err:
	tls_free(conn_ctx);
	*cctx = NULL;

	return (-1);
}

int
tls_accept_cbs(struct tls *ctx, struct tls **cctx,
    tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
{
	struct tls *conn_ctx;

	if ((conn_ctx = tls_accept_common(ctx)) == NULL)
		goto err;

	if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
		goto err;

	*cctx = conn_ctx;

	return (0);
 err:
	tls_free(conn_ctx);
	*cctx = NULL;

	return (-1);
}

int
tls_handshake_server(struct tls *ctx)
{
	int ssl_ret;
	int rv = -1;

	if ((ctx->flags & TLS_SERVER_CONN) == 0) {
		tls_set_errorx(ctx, "not a server connection context");
		goto err;
	}

	ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;

	ERR_clear_error();
	if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
		goto err;
	}

	ctx->state |= TLS_HANDSHAKE_COMPLETE;
	rv = 0;

 err:
	return (rv);
}
Changes to jni/libressl/tls/tls_util.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls_util.c,v 1.2 2015/02/07 23:25:37 reyk Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls_util.c,v 1.5 2016/11/04 15:59:16 jsing Exp $ */
/*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
85
86
87
88
89
90
91
92




93
94
95
96

97
98

99
100
101
102
103
104
105
106
107
108

109
110
111

112
113
114
115
116
117
118
119
120
121


122
123
124
125

126
127
128
129
130
131
132

	return (rv);
}

static int
tls_password_cb(char *buf, int size, int rwflag, void *u)
{
	size_t	len;




	if (u == NULL) {
		memset(buf, 0, size);
		return (0);
	}

	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
		return (0);

	return (len);
}

uint8_t *
tls_load_file(const char *name, size_t *len, char *password)
{
	FILE *fp;
	EVP_PKEY *key = NULL;
	BIO *bio = NULL;
	char *data, *buf = NULL;

	struct stat st;
	size_t size;
	int fd = -1;


	*len = 0;

	if ((fd = open(name, O_RDONLY)) == -1)
		return (NULL);

	/* Just load the file into memory without decryption */
	if (password == NULL) {
		if (fstat(fd, &st) != 0)
			goto fail;


		size = (size_t)st.st_size;
		if ((buf = calloc(1, size + 1)) == NULL)
			goto fail;
		if (read(fd, buf, size) != size)

			goto fail;
		close(fd);
		goto done;
	}

	/* Or read the (possibly) encrypted key from file */
	if ((fp = fdopen(fd, "r")) == NULL)







|
>
>
>
>




>


>









|
>



>










>
>

|

|
>







85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

	return (rv);
}

static int
tls_password_cb(char *buf, int size, int rwflag, void *u)
{
	size_t len;

	if (size < 0)
		return (0);

	if (u == NULL) {
		memset(buf, 0, size);
		return (0);
	}

	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
		return (0);

	return (len);
}

uint8_t *
tls_load_file(const char *name, size_t *len, char *password)
{
	FILE *fp;
	EVP_PKEY *key = NULL;
	BIO *bio = NULL;
	char *data;
	uint8_t *buf = NULL;
	struct stat st;
	size_t size;
	int fd = -1;
	ssize_t n;

	*len = 0;

	if ((fd = open(name, O_RDONLY)) == -1)
		return (NULL);

	/* Just load the file into memory without decryption */
	if (password == NULL) {
		if (fstat(fd, &st) != 0)
			goto fail;
		if (st.st_size < 0)
			goto fail;
		size = (size_t)st.st_size;
		if ((buf = malloc(size)) == NULL)
			goto fail;
		n = read(fd, buf, size);
		if (n < 0 || (size_t)n != size)
			goto fail;
		close(fd);
		goto done;
	}

	/* Or read the (possibly) encrypted key from file */
	if ((fp = fdopen(fd, "r")) == NULL)
Changes to jni/libressl/tls/tls_verify.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: tls_verify.c,v 1.14 2015/09/29 10:17:04 deraadt Exp $ */
/*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
|







1
2
3
4
5
6
7
8
/* $OpenBSD: tls_verify.c,v 1.18 2016/11/04 15:32:40 jsing Exp $ */
/*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
20
21
22
23
24
25
26

27
28
29
30
31
32
33
#include <arpa/inet.h>
#include <netinet/in.h>

#include <string.h>

#include <openssl/x509v3.h>


#include "tls_internal.h"

static int tls_match_name(const char *cert_name, const char *name);
static int tls_check_subject_altname(struct tls *ctx, X509 *cert,
    const char *name);
static int tls_check_common_name(struct tls *ctx, X509 *cert, const char *name);








>







20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#include <arpa/inet.h>
#include <netinet/in.h>

#include <string.h>

#include <openssl/x509v3.h>

#include <tls.h>
#include "tls_internal.h"

static int tls_match_name(const char *cert_name, const char *name);
static int tls_check_subject_altname(struct tls *ctx, X509 *cert,
    const char *name);
static int tls_check_common_name(struct tls *ctx, X509 *cert, const char *name);

110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	}

	count = sk_GENERAL_NAME_num(altname_stack);
	for (i = 0; i < count; i++) {
		GENERAL_NAME	*altname;

		altname = sk_GENERAL_NAME_value(altname_stack, i);

		if (altname->type != type)
			continue;

		if (type == GEN_DNS) {
			unsigned char	*data;
			int		 format, len;

			format = ASN1_STRING_type(altname->d.dNSName);
			if (format == V_ASN1_IA5STRING) {
				data = ASN1_STRING_data(altname->d.dNSName);
				len = ASN1_STRING_length(altname->d.dNSName);

				if (len < 0 || len != strlen(data)) {
					tls_set_errorx(ctx,
					    "error verifying name '%s': "
					    "NUL byte in subjectAltName, "
					    "probably a malicious certificate",
					    name);
					rv = -2;
					break;







<












|







111
112
113
114
115
116
117

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
	}

	count = sk_GENERAL_NAME_num(altname_stack);
	for (i = 0; i < count; i++) {
		GENERAL_NAME	*altname;

		altname = sk_GENERAL_NAME_value(altname_stack, i);

		if (altname->type != type)
			continue;

		if (type == GEN_DNS) {
			unsigned char	*data;
			int		 format, len;

			format = ASN1_STRING_type(altname->d.dNSName);
			if (format == V_ASN1_IA5STRING) {
				data = ASN1_STRING_data(altname->d.dNSName);
				len = ASN1_STRING_length(altname->d.dNSName);

				if (len < 0 || (size_t)len != strlen(data)) {
					tls_set_errorx(ctx,
					    "error verifying name '%s': "
					    "NUL byte in subjectAltName, "
					    "probably a malicious certificate",
					    name);
					rv = -2;
					break;
216
217
218
219
220
221
222

223
224
225
226
227
228
229
230
	if (common_name == NULL)
		goto out;

	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
	    common_name_len + 1);

	/* NUL bytes in CN? */

	if (common_name_len != strlen(common_name)) {
		tls_set_errorx(ctx, "error verifying name '%s': "
		    "NUL byte in Common Name field, "
		    "probably a malicious certificate", name);
		rv = -2;
		goto out;
	}








>
|







216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
	if (common_name == NULL)
		goto out;

	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
	    common_name_len + 1);

	/* NUL bytes in CN? */
	if (common_name_len < 0 ||
	    (size_t)common_name_len != strlen(common_name)) {
		tls_set_errorx(ctx, "error verifying name '%s': "
		    "NUL byte in Common Name field, "
		    "probably a malicious certificate", name);
		rv = -2;
		goto out;
	}